xref: /linux/drivers/net/wireless/intel/ipw2x00/ipw2100.c (revision 4d5e3b06e1fc1428be14cd4ebe3b37c1bb34f95d)
1 // SPDX-License-Identifier: GPL-2.0-only
2 /******************************************************************************
3 
4   Copyright(c) 2003 - 2006 Intel Corporation. All rights reserved.
5 
6 
7   Contact Information:
8   Intel Linux Wireless <ilw@linux.intel.com>
9   Intel Corporation, 5200 N.E. Elam Young Parkway, Hillsboro, OR 97124-6497
10 
11   Portions of this file are based on the sample_* files provided by Wireless
12   Extensions 0.26 package and copyright (c) 1997-2003 Jean Tourrilhes
13   <jt@hpl.hp.com>
14 
15   Portions of this file are based on the Host AP project,
16   Copyright (c) 2001-2002, SSH Communications Security Corp and Jouni Malinen
17     <j@w1.fi>
18   Copyright (c) 2002-2003, Jouni Malinen <j@w1.fi>
19 
20   Portions of ipw2100_mod_firmware_load, ipw2100_do_mod_firmware_load, and
21   ipw2100_fw_load are loosely based on drivers/sound/sound_firmware.c
22   available in the 2.4.25 kernel sources, and are copyright (c) Alan Cox
23 
24 ******************************************************************************/
25 /*
26 
27  Initial driver on which this is based was developed by Janusz Gorycki,
28  Maciej Urbaniak, and Maciej Sosnowski.
29 
30  Promiscuous mode support added by Jacek Wysoczynski and Maciej Urbaniak.
31 
32 Theory of Operation
33 
34 Tx - Commands and Data
35 
36 Firmware and host share a circular queue of Transmit Buffer Descriptors (TBDs)
37 Each TBD contains a pointer to the physical (dma_addr_t) address of data being
38 sent to the firmware as well as the length of the data.
39 
40 The host writes to the TBD queue at the WRITE index.  The WRITE index points
41 to the _next_ packet to be written and is advanced when after the TBD has been
42 filled.
43 
44 The firmware pulls from the TBD queue at the READ index.  The READ index points
45 to the currently being read entry, and is advanced once the firmware is
46 done with a packet.
47 
48 When data is sent to the firmware, the first TBD is used to indicate to the
49 firmware if a Command or Data is being sent.  If it is Command, all of the
50 command information is contained within the physical address referred to by the
51 TBD.  If it is Data, the first TBD indicates the type of data packet, number
52 of fragments, etc.  The next TBD then refers to the actual packet location.
53 
54 The Tx flow cycle is as follows:
55 
56 1) ipw2100_tx() is called by kernel with SKB to transmit
57 2) Packet is move from the tx_free_list and appended to the transmit pending
58    list (tx_pend_list)
59 3) work is scheduled to move pending packets into the shared circular queue.
60 4) when placing packet in the circular queue, the incoming SKB is DMA mapped
61    to a physical address.  That address is entered into a TBD.  Two TBDs are
62    filled out.  The first indicating a data packet, the second referring to the
63    actual payload data.
64 5) the packet is removed from tx_pend_list and placed on the end of the
65    firmware pending list (fw_pend_list)
66 6) firmware is notified that the WRITE index has
67 7) Once the firmware has processed the TBD, INTA is triggered.
68 8) For each Tx interrupt received from the firmware, the READ index is checked
69    to see which TBDs are done being processed.
70 9) For each TBD that has been processed, the ISR pulls the oldest packet
71    from the fw_pend_list.
72 10)The packet structure contained in the fw_pend_list is then used
73    to unmap the DMA address and to free the SKB originally passed to the driver
74    from the kernel.
75 11)The packet structure is placed onto the tx_free_list
76 
77 The above steps are the same for commands, only the msg_free_list/msg_pend_list
78 are used instead of tx_free_list/tx_pend_list
79 
80 ...
81 
82 Critical Sections / Locking :
83 
84 There are two locks utilized.  The first is the low level lock (priv->low_lock)
85 that protects the following:
86 
87 - Access to the Tx/Rx queue lists via priv->low_lock. The lists are as follows:
88 
89   tx_free_list : Holds pre-allocated Tx buffers.
90     TAIL modified in __ipw2100_tx_process()
91     HEAD modified in ipw2100_tx()
92 
93   tx_pend_list : Holds used Tx buffers waiting to go into the TBD ring
94     TAIL modified ipw2100_tx()
95     HEAD modified by ipw2100_tx_send_data()
96 
97   msg_free_list : Holds pre-allocated Msg (Command) buffers
98     TAIL modified in __ipw2100_tx_process()
99     HEAD modified in ipw2100_hw_send_command()
100 
101   msg_pend_list : Holds used Msg buffers waiting to go into the TBD ring
102     TAIL modified in ipw2100_hw_send_command()
103     HEAD modified in ipw2100_tx_send_commands()
104 
105   The flow of data on the TX side is as follows:
106 
107   MSG_FREE_LIST + COMMAND => MSG_PEND_LIST => TBD => MSG_FREE_LIST
108   TX_FREE_LIST + DATA => TX_PEND_LIST => TBD => TX_FREE_LIST
109 
110   The methods that work on the TBD ring are protected via priv->low_lock.
111 
112 - The internal data state of the device itself
113 - Access to the firmware read/write indexes for the BD queues
114   and associated logic
115 
116 All external entry functions are locked with the priv->action_lock to ensure
117 that only one external action is invoked at a time.
118 
119 
120 */
121 
122 #include <linux/compiler.h>
123 #include <linux/errno.h>
124 #include <linux/if_arp.h>
125 #include <linux/in6.h>
126 #include <linux/in.h>
127 #include <linux/ip.h>
128 #include <linux/kernel.h>
129 #include <linux/kmod.h>
130 #include <linux/module.h>
131 #include <linux/netdevice.h>
132 #include <linux/ethtool.h>
133 #include <linux/pci.h>
134 #include <linux/dma-mapping.h>
135 #include <linux/proc_fs.h>
136 #include <linux/skbuff.h>
137 #include <linux/uaccess.h>
138 #include <asm/io.h>
139 #include <linux/fs.h>
140 #include <linux/mm.h>
141 #include <linux/slab.h>
142 #include <linux/unistd.h>
143 #include <linux/stringify.h>
144 #include <linux/tcp.h>
145 #include <linux/types.h>
146 #include <linux/time.h>
147 #include <linux/firmware.h>
148 #include <linux/acpi.h>
149 #include <linux/ctype.h>
150 #include <linux/pm_qos.h>
151 
152 #include <net/lib80211.h>
153 
154 #include "ipw2100.h"
155 #include "ipw.h"
156 
157 #define IPW2100_VERSION "git-1.2.2"
158 
159 #define DRV_NAME	"ipw2100"
160 #define DRV_VERSION	IPW2100_VERSION
161 #define DRV_DESCRIPTION	"Intel(R) PRO/Wireless 2100 Network Driver"
162 #define DRV_COPYRIGHT	"Copyright(c) 2003-2006 Intel Corporation"
163 
164 static struct pm_qos_request ipw2100_pm_qos_req;
165 
166 /* Debugging stuff */
167 #ifdef CONFIG_IPW2100_DEBUG
168 #define IPW2100_RX_DEBUG	/* Reception debugging */
169 #endif
170 
171 MODULE_DESCRIPTION(DRV_DESCRIPTION);
172 MODULE_VERSION(DRV_VERSION);
173 MODULE_AUTHOR(DRV_COPYRIGHT);
174 MODULE_LICENSE("GPL");
175 
176 static int debug = 0;
177 static int network_mode = 0;
178 static int channel = 0;
179 static int associate = 0;
180 static int disable = 0;
181 #ifdef CONFIG_PM
182 static struct ipw2100_fw ipw2100_firmware;
183 #endif
184 
185 #include <linux/moduleparam.h>
186 module_param(debug, int, 0444);
187 module_param_named(mode, network_mode, int, 0444);
188 module_param(channel, int, 0444);
189 module_param(associate, int, 0444);
190 module_param(disable, int, 0444);
191 
192 MODULE_PARM_DESC(debug, "debug level");
193 MODULE_PARM_DESC(mode, "network mode (0=BSS,1=IBSS,2=Monitor)");
194 MODULE_PARM_DESC(channel, "channel");
195 MODULE_PARM_DESC(associate, "auto associate when scanning (default off)");
196 MODULE_PARM_DESC(disable, "manually disable the radio (default 0 [radio on])");
197 
198 static u32 ipw2100_debug_level = IPW_DL_NONE;
199 
200 #ifdef CONFIG_IPW2100_DEBUG
201 #define IPW_DEBUG(level, message...) \
202 do { \
203 	if (ipw2100_debug_level & (level)) { \
204 		printk(KERN_DEBUG "ipw2100: %s ", __func__); \
205 		printk(message); \
206 	} \
207 } while (0)
208 #else
209 #define IPW_DEBUG(level, message...) do {} while (0)
210 #endif				/* CONFIG_IPW2100_DEBUG */
211 
212 #ifdef CONFIG_IPW2100_DEBUG
213 static const char *command_types[] = {
214 	"undefined",
215 	"unused",		/* HOST_ATTENTION */
216 	"HOST_COMPLETE",
217 	"unused",		/* SLEEP */
218 	"unused",		/* HOST_POWER_DOWN */
219 	"unused",
220 	"SYSTEM_CONFIG",
221 	"unused",		/* SET_IMR */
222 	"SSID",
223 	"MANDATORY_BSSID",
224 	"AUTHENTICATION_TYPE",
225 	"ADAPTER_ADDRESS",
226 	"PORT_TYPE",
227 	"INTERNATIONAL_MODE",
228 	"CHANNEL",
229 	"RTS_THRESHOLD",
230 	"FRAG_THRESHOLD",
231 	"POWER_MODE",
232 	"TX_RATES",
233 	"BASIC_TX_RATES",
234 	"WEP_KEY_INFO",
235 	"unused",
236 	"unused",
237 	"unused",
238 	"unused",
239 	"WEP_KEY_INDEX",
240 	"WEP_FLAGS",
241 	"ADD_MULTICAST",
242 	"CLEAR_ALL_MULTICAST",
243 	"BEACON_INTERVAL",
244 	"ATIM_WINDOW",
245 	"CLEAR_STATISTICS",
246 	"undefined",
247 	"undefined",
248 	"undefined",
249 	"undefined",
250 	"TX_POWER_INDEX",
251 	"undefined",
252 	"undefined",
253 	"undefined",
254 	"undefined",
255 	"undefined",
256 	"undefined",
257 	"BROADCAST_SCAN",
258 	"CARD_DISABLE",
259 	"PREFERRED_BSSID",
260 	"SET_SCAN_OPTIONS",
261 	"SCAN_DWELL_TIME",
262 	"SWEEP_TABLE",
263 	"AP_OR_STATION_TABLE",
264 	"GROUP_ORDINALS",
265 	"SHORT_RETRY_LIMIT",
266 	"LONG_RETRY_LIMIT",
267 	"unused",		/* SAVE_CALIBRATION */
268 	"unused",		/* RESTORE_CALIBRATION */
269 	"undefined",
270 	"undefined",
271 	"undefined",
272 	"HOST_PRE_POWER_DOWN",
273 	"unused",		/* HOST_INTERRUPT_COALESCING */
274 	"undefined",
275 	"CARD_DISABLE_PHY_OFF",
276 	"MSDU_TX_RATES",
277 	"undefined",
278 	"SET_STATION_STAT_BITS",
279 	"CLEAR_STATIONS_STAT_BITS",
280 	"LEAP_ROGUE_MODE",
281 	"SET_SECURITY_INFORMATION",
282 	"DISASSOCIATION_BSSID",
283 	"SET_WPA_ASS_IE"
284 };
285 #endif
286 
287 static const long ipw2100_frequencies[] = {
288 	2412, 2417, 2422, 2427,
289 	2432, 2437, 2442, 2447,
290 	2452, 2457, 2462, 2467,
291 	2472, 2484
292 };
293 
294 #define FREQ_COUNT	ARRAY_SIZE(ipw2100_frequencies)
295 
296 static struct ieee80211_rate ipw2100_bg_rates[] = {
297 	{ .bitrate = 10 },
298 	{ .bitrate = 20, .flags = IEEE80211_RATE_SHORT_PREAMBLE },
299 	{ .bitrate = 55, .flags = IEEE80211_RATE_SHORT_PREAMBLE },
300 	{ .bitrate = 110, .flags = IEEE80211_RATE_SHORT_PREAMBLE },
301 };
302 
303 #define RATE_COUNT ARRAY_SIZE(ipw2100_bg_rates)
304 
305 /* Pre-decl until we get the code solid and then we can clean it up */
306 static void ipw2100_tx_send_commands(struct ipw2100_priv *priv);
307 static void ipw2100_tx_send_data(struct ipw2100_priv *priv);
308 static int ipw2100_adapter_setup(struct ipw2100_priv *priv);
309 
310 static void ipw2100_queues_initialize(struct ipw2100_priv *priv);
311 static void ipw2100_queues_free(struct ipw2100_priv *priv);
312 static int ipw2100_queues_allocate(struct ipw2100_priv *priv);
313 
314 static int ipw2100_fw_download(struct ipw2100_priv *priv,
315 			       struct ipw2100_fw *fw);
316 static int ipw2100_get_firmware(struct ipw2100_priv *priv,
317 				struct ipw2100_fw *fw);
318 static int ipw2100_get_fwversion(struct ipw2100_priv *priv, char *buf,
319 				 size_t max);
320 static int ipw2100_get_ucodeversion(struct ipw2100_priv *priv, char *buf,
321 				    size_t max);
322 static void ipw2100_release_firmware(struct ipw2100_priv *priv,
323 				     struct ipw2100_fw *fw);
324 static int ipw2100_ucode_download(struct ipw2100_priv *priv,
325 				  struct ipw2100_fw *fw);
326 static void ipw2100_wx_event_work(struct work_struct *work);
327 static struct iw_statistics *ipw2100_wx_wireless_stats(struct net_device *dev);
328 static const struct iw_handler_def ipw2100_wx_handler_def;
329 
330 static inline void read_register(struct net_device *dev, u32 reg, u32 * val)
331 {
332 	struct ipw2100_priv *priv = libipw_priv(dev);
333 
334 	*val = ioread32(priv->ioaddr + reg);
335 	IPW_DEBUG_IO("r: 0x%08X => 0x%08X\n", reg, *val);
336 }
337 
338 static inline void write_register(struct net_device *dev, u32 reg, u32 val)
339 {
340 	struct ipw2100_priv *priv = libipw_priv(dev);
341 
342 	iowrite32(val, priv->ioaddr + reg);
343 	IPW_DEBUG_IO("w: 0x%08X <= 0x%08X\n", reg, val);
344 }
345 
346 static inline void read_register_word(struct net_device *dev, u32 reg,
347 				      u16 * val)
348 {
349 	struct ipw2100_priv *priv = libipw_priv(dev);
350 
351 	*val = ioread16(priv->ioaddr + reg);
352 	IPW_DEBUG_IO("r: 0x%08X => %04X\n", reg, *val);
353 }
354 
355 static inline void read_register_byte(struct net_device *dev, u32 reg, u8 * val)
356 {
357 	struct ipw2100_priv *priv = libipw_priv(dev);
358 
359 	*val = ioread8(priv->ioaddr + reg);
360 	IPW_DEBUG_IO("r: 0x%08X => %02X\n", reg, *val);
361 }
362 
363 static inline void write_register_word(struct net_device *dev, u32 reg, u16 val)
364 {
365 	struct ipw2100_priv *priv = libipw_priv(dev);
366 
367 	iowrite16(val, priv->ioaddr + reg);
368 	IPW_DEBUG_IO("w: 0x%08X <= %04X\n", reg, val);
369 }
370 
371 static inline void write_register_byte(struct net_device *dev, u32 reg, u8 val)
372 {
373 	struct ipw2100_priv *priv = libipw_priv(dev);
374 
375 	iowrite8(val, priv->ioaddr + reg);
376 	IPW_DEBUG_IO("w: 0x%08X =< %02X\n", reg, val);
377 }
378 
379 static inline void read_nic_dword(struct net_device *dev, u32 addr, u32 * val)
380 {
381 	write_register(dev, IPW_REG_INDIRECT_ACCESS_ADDRESS,
382 		       addr & IPW_REG_INDIRECT_ADDR_MASK);
383 	read_register(dev, IPW_REG_INDIRECT_ACCESS_DATA, val);
384 }
385 
386 static inline void write_nic_dword(struct net_device *dev, u32 addr, u32 val)
387 {
388 	write_register(dev, IPW_REG_INDIRECT_ACCESS_ADDRESS,
389 		       addr & IPW_REG_INDIRECT_ADDR_MASK);
390 	write_register(dev, IPW_REG_INDIRECT_ACCESS_DATA, val);
391 }
392 
393 static inline void read_nic_word(struct net_device *dev, u32 addr, u16 * val)
394 {
395 	write_register(dev, IPW_REG_INDIRECT_ACCESS_ADDRESS,
396 		       addr & IPW_REG_INDIRECT_ADDR_MASK);
397 	read_register_word(dev, IPW_REG_INDIRECT_ACCESS_DATA, val);
398 }
399 
400 static inline void write_nic_word(struct net_device *dev, u32 addr, u16 val)
401 {
402 	write_register(dev, IPW_REG_INDIRECT_ACCESS_ADDRESS,
403 		       addr & IPW_REG_INDIRECT_ADDR_MASK);
404 	write_register_word(dev, IPW_REG_INDIRECT_ACCESS_DATA, val);
405 }
406 
407 static inline void read_nic_byte(struct net_device *dev, u32 addr, u8 * val)
408 {
409 	write_register(dev, IPW_REG_INDIRECT_ACCESS_ADDRESS,
410 		       addr & IPW_REG_INDIRECT_ADDR_MASK);
411 	read_register_byte(dev, IPW_REG_INDIRECT_ACCESS_DATA, val);
412 }
413 
414 static inline void write_nic_byte(struct net_device *dev, u32 addr, u8 val)
415 {
416 	write_register(dev, IPW_REG_INDIRECT_ACCESS_ADDRESS,
417 		       addr & IPW_REG_INDIRECT_ADDR_MASK);
418 	write_register_byte(dev, IPW_REG_INDIRECT_ACCESS_DATA, val);
419 }
420 
421 static inline void write_nic_auto_inc_address(struct net_device *dev, u32 addr)
422 {
423 	write_register(dev, IPW_REG_AUTOINCREMENT_ADDRESS,
424 		       addr & IPW_REG_INDIRECT_ADDR_MASK);
425 }
426 
427 static inline void write_nic_dword_auto_inc(struct net_device *dev, u32 val)
428 {
429 	write_register(dev, IPW_REG_AUTOINCREMENT_DATA, val);
430 }
431 
432 static void write_nic_memory(struct net_device *dev, u32 addr, u32 len,
433 				    const u8 * buf)
434 {
435 	u32 aligned_addr;
436 	u32 aligned_len;
437 	u32 dif_len;
438 	u32 i;
439 
440 	/* read first nibble byte by byte */
441 	aligned_addr = addr & (~0x3);
442 	dif_len = addr - aligned_addr;
443 	if (dif_len) {
444 		/* Start reading at aligned_addr + dif_len */
445 		write_register(dev, IPW_REG_INDIRECT_ACCESS_ADDRESS,
446 			       aligned_addr);
447 		for (i = dif_len; i < 4; i++, buf++)
448 			write_register_byte(dev,
449 					    IPW_REG_INDIRECT_ACCESS_DATA + i,
450 					    *buf);
451 
452 		len -= dif_len;
453 		aligned_addr += 4;
454 	}
455 
456 	/* read DWs through autoincrement registers */
457 	write_register(dev, IPW_REG_AUTOINCREMENT_ADDRESS, aligned_addr);
458 	aligned_len = len & (~0x3);
459 	for (i = 0; i < aligned_len; i += 4, buf += 4, aligned_addr += 4)
460 		write_register(dev, IPW_REG_AUTOINCREMENT_DATA, *(u32 *) buf);
461 
462 	/* copy the last nibble */
463 	dif_len = len - aligned_len;
464 	write_register(dev, IPW_REG_INDIRECT_ACCESS_ADDRESS, aligned_addr);
465 	for (i = 0; i < dif_len; i++, buf++)
466 		write_register_byte(dev, IPW_REG_INDIRECT_ACCESS_DATA + i,
467 				    *buf);
468 }
469 
470 static void read_nic_memory(struct net_device *dev, u32 addr, u32 len,
471 				   u8 * buf)
472 {
473 	u32 aligned_addr;
474 	u32 aligned_len;
475 	u32 dif_len;
476 	u32 i;
477 
478 	/* read first nibble byte by byte */
479 	aligned_addr = addr & (~0x3);
480 	dif_len = addr - aligned_addr;
481 	if (dif_len) {
482 		/* Start reading at aligned_addr + dif_len */
483 		write_register(dev, IPW_REG_INDIRECT_ACCESS_ADDRESS,
484 			       aligned_addr);
485 		for (i = dif_len; i < 4; i++, buf++)
486 			read_register_byte(dev,
487 					   IPW_REG_INDIRECT_ACCESS_DATA + i,
488 					   buf);
489 
490 		len -= dif_len;
491 		aligned_addr += 4;
492 	}
493 
494 	/* read DWs through autoincrement registers */
495 	write_register(dev, IPW_REG_AUTOINCREMENT_ADDRESS, aligned_addr);
496 	aligned_len = len & (~0x3);
497 	for (i = 0; i < aligned_len; i += 4, buf += 4, aligned_addr += 4)
498 		read_register(dev, IPW_REG_AUTOINCREMENT_DATA, (u32 *) buf);
499 
500 	/* copy the last nibble */
501 	dif_len = len - aligned_len;
502 	write_register(dev, IPW_REG_INDIRECT_ACCESS_ADDRESS, aligned_addr);
503 	for (i = 0; i < dif_len; i++, buf++)
504 		read_register_byte(dev, IPW_REG_INDIRECT_ACCESS_DATA + i, buf);
505 }
506 
507 static bool ipw2100_hw_is_adapter_in_system(struct net_device *dev)
508 {
509 	u32 dbg;
510 
511 	read_register(dev, IPW_REG_DOA_DEBUG_AREA_START, &dbg);
512 
513 	return dbg == IPW_DATA_DOA_DEBUG_VALUE;
514 }
515 
516 static int ipw2100_get_ordinal(struct ipw2100_priv *priv, u32 ord,
517 			       void *val, u32 * len)
518 {
519 	struct ipw2100_ordinals *ordinals = &priv->ordinals;
520 	u32 addr;
521 	u32 field_info;
522 	u16 field_len;
523 	u16 field_count;
524 	u32 total_length;
525 
526 	if (ordinals->table1_addr == 0) {
527 		printk(KERN_WARNING DRV_NAME ": attempt to use fw ordinals "
528 		       "before they have been loaded.\n");
529 		return -EINVAL;
530 	}
531 
532 	if (IS_ORDINAL_TABLE_ONE(ordinals, ord)) {
533 		if (*len < IPW_ORD_TAB_1_ENTRY_SIZE) {
534 			*len = IPW_ORD_TAB_1_ENTRY_SIZE;
535 
536 			printk(KERN_WARNING DRV_NAME
537 			       ": ordinal buffer length too small, need %zd\n",
538 			       IPW_ORD_TAB_1_ENTRY_SIZE);
539 
540 			return -EINVAL;
541 		}
542 
543 		read_nic_dword(priv->net_dev,
544 			       ordinals->table1_addr + (ord << 2), &addr);
545 		read_nic_dword(priv->net_dev, addr, val);
546 
547 		*len = IPW_ORD_TAB_1_ENTRY_SIZE;
548 
549 		return 0;
550 	}
551 
552 	if (IS_ORDINAL_TABLE_TWO(ordinals, ord)) {
553 
554 		ord -= IPW_START_ORD_TAB_2;
555 
556 		/* get the address of statistic */
557 		read_nic_dword(priv->net_dev,
558 			       ordinals->table2_addr + (ord << 3), &addr);
559 
560 		/* get the second DW of statistics ;
561 		 * two 16-bit words - first is length, second is count */
562 		read_nic_dword(priv->net_dev,
563 			       ordinals->table2_addr + (ord << 3) + sizeof(u32),
564 			       &field_info);
565 
566 		/* get each entry length */
567 		field_len = *((u16 *) & field_info);
568 
569 		/* get number of entries */
570 		field_count = *(((u16 *) & field_info) + 1);
571 
572 		/* abort if no enough memory */
573 		total_length = field_len * field_count;
574 		if (total_length > *len) {
575 			*len = total_length;
576 			return -EINVAL;
577 		}
578 
579 		*len = total_length;
580 		if (!total_length)
581 			return 0;
582 
583 		/* read the ordinal data from the SRAM */
584 		read_nic_memory(priv->net_dev, addr, total_length, val);
585 
586 		return 0;
587 	}
588 
589 	printk(KERN_WARNING DRV_NAME ": ordinal %d neither in table 1 nor "
590 	       "in table 2\n", ord);
591 
592 	return -EINVAL;
593 }
594 
595 static int ipw2100_set_ordinal(struct ipw2100_priv *priv, u32 ord, u32 * val,
596 			       u32 * len)
597 {
598 	struct ipw2100_ordinals *ordinals = &priv->ordinals;
599 	u32 addr;
600 
601 	if (IS_ORDINAL_TABLE_ONE(ordinals, ord)) {
602 		if (*len != IPW_ORD_TAB_1_ENTRY_SIZE) {
603 			*len = IPW_ORD_TAB_1_ENTRY_SIZE;
604 			IPW_DEBUG_INFO("wrong size\n");
605 			return -EINVAL;
606 		}
607 
608 		read_nic_dword(priv->net_dev,
609 			       ordinals->table1_addr + (ord << 2), &addr);
610 
611 		write_nic_dword(priv->net_dev, addr, *val);
612 
613 		*len = IPW_ORD_TAB_1_ENTRY_SIZE;
614 
615 		return 0;
616 	}
617 
618 	IPW_DEBUG_INFO("wrong table\n");
619 	if (IS_ORDINAL_TABLE_TWO(ordinals, ord))
620 		return -EINVAL;
621 
622 	return -EINVAL;
623 }
624 
625 static char *snprint_line(char *buf, size_t count,
626 			  const u8 * data, u32 len, u32 ofs)
627 {
628 	int out, i, j, l;
629 	char c;
630 
631 	out = scnprintf(buf, count, "%08X", ofs);
632 
633 	for (l = 0, i = 0; i < 2; i++) {
634 		out += scnprintf(buf + out, count - out, " ");
635 		for (j = 0; j < 8 && l < len; j++, l++)
636 			out += scnprintf(buf + out, count - out, "%02X ",
637 					data[(i * 8 + j)]);
638 		for (; j < 8; j++)
639 			out += scnprintf(buf + out, count - out, "   ");
640 	}
641 
642 	out += scnprintf(buf + out, count - out, " ");
643 	for (l = 0, i = 0; i < 2; i++) {
644 		out += scnprintf(buf + out, count - out, " ");
645 		for (j = 0; j < 8 && l < len; j++, l++) {
646 			c = data[(i * 8 + j)];
647 			if (!isascii(c) || !isprint(c))
648 				c = '.';
649 
650 			out += scnprintf(buf + out, count - out, "%c", c);
651 		}
652 
653 		for (; j < 8; j++)
654 			out += scnprintf(buf + out, count - out, " ");
655 	}
656 
657 	return buf;
658 }
659 
660 static void printk_buf(int level, const u8 * data, u32 len)
661 {
662 	char line[81];
663 	u32 ofs = 0;
664 	if (!(ipw2100_debug_level & level))
665 		return;
666 
667 	while (len) {
668 		printk(KERN_DEBUG "%s\n",
669 		       snprint_line(line, sizeof(line), &data[ofs],
670 				    min(len, 16U), ofs));
671 		ofs += 16;
672 		len -= min(len, 16U);
673 	}
674 }
675 
676 #define MAX_RESET_BACKOFF 10
677 
678 static void schedule_reset(struct ipw2100_priv *priv)
679 {
680 	time64_t now = ktime_get_boottime_seconds();
681 
682 	/* If we haven't received a reset request within the backoff period,
683 	 * then we can reset the backoff interval so this reset occurs
684 	 * immediately */
685 	if (priv->reset_backoff &&
686 	    (now - priv->last_reset > priv->reset_backoff))
687 		priv->reset_backoff = 0;
688 
689 	priv->last_reset = now;
690 
691 	if (!(priv->status & STATUS_RESET_PENDING)) {
692 		IPW_DEBUG_INFO("%s: Scheduling firmware restart (%llds).\n",
693 			       priv->net_dev->name, priv->reset_backoff);
694 		netif_carrier_off(priv->net_dev);
695 		netif_stop_queue(priv->net_dev);
696 		priv->status |= STATUS_RESET_PENDING;
697 		if (priv->reset_backoff)
698 			schedule_delayed_work(&priv->reset_work,
699 					      priv->reset_backoff * HZ);
700 		else
701 			schedule_delayed_work(&priv->reset_work, 0);
702 
703 		if (priv->reset_backoff < MAX_RESET_BACKOFF)
704 			priv->reset_backoff++;
705 
706 		wake_up_interruptible(&priv->wait_command_queue);
707 	} else
708 		IPW_DEBUG_INFO("%s: Firmware restart already in progress.\n",
709 			       priv->net_dev->name);
710 
711 }
712 
713 #define HOST_COMPLETE_TIMEOUT (2 * HZ)
714 static int ipw2100_hw_send_command(struct ipw2100_priv *priv,
715 				   struct host_command *cmd)
716 {
717 	struct list_head *element;
718 	struct ipw2100_tx_packet *packet;
719 	unsigned long flags;
720 	int err = 0;
721 
722 	IPW_DEBUG_HC("Sending %s command (#%d), %d bytes\n",
723 		     command_types[cmd->host_command], cmd->host_command,
724 		     cmd->host_command_length);
725 	printk_buf(IPW_DL_HC, (u8 *) cmd->host_command_parameters,
726 		   cmd->host_command_length);
727 
728 	spin_lock_irqsave(&priv->low_lock, flags);
729 
730 	if (priv->fatal_error) {
731 		IPW_DEBUG_INFO
732 		    ("Attempt to send command while hardware in fatal error condition.\n");
733 		err = -EIO;
734 		goto fail_unlock;
735 	}
736 
737 	if (!(priv->status & STATUS_RUNNING)) {
738 		IPW_DEBUG_INFO
739 		    ("Attempt to send command while hardware is not running.\n");
740 		err = -EIO;
741 		goto fail_unlock;
742 	}
743 
744 	if (priv->status & STATUS_CMD_ACTIVE) {
745 		IPW_DEBUG_INFO
746 		    ("Attempt to send command while another command is pending.\n");
747 		err = -EBUSY;
748 		goto fail_unlock;
749 	}
750 
751 	if (list_empty(&priv->msg_free_list)) {
752 		IPW_DEBUG_INFO("no available msg buffers\n");
753 		goto fail_unlock;
754 	}
755 
756 	priv->status |= STATUS_CMD_ACTIVE;
757 	priv->messages_sent++;
758 
759 	element = priv->msg_free_list.next;
760 
761 	packet = list_entry(element, struct ipw2100_tx_packet, list);
762 	packet->jiffy_start = jiffies;
763 
764 	/* initialize the firmware command packet */
765 	packet->info.c_struct.cmd->host_command_reg = cmd->host_command;
766 	packet->info.c_struct.cmd->host_command_reg1 = cmd->host_command1;
767 	packet->info.c_struct.cmd->host_command_len_reg =
768 	    cmd->host_command_length;
769 	packet->info.c_struct.cmd->sequence = cmd->host_command_sequence;
770 
771 	memcpy(packet->info.c_struct.cmd->host_command_params_reg,
772 	       cmd->host_command_parameters,
773 	       sizeof(packet->info.c_struct.cmd->host_command_params_reg));
774 
775 	list_del(element);
776 	DEC_STAT(&priv->msg_free_stat);
777 
778 	list_add_tail(element, &priv->msg_pend_list);
779 	INC_STAT(&priv->msg_pend_stat);
780 
781 	ipw2100_tx_send_commands(priv);
782 	ipw2100_tx_send_data(priv);
783 
784 	spin_unlock_irqrestore(&priv->low_lock, flags);
785 
786 	/*
787 	 * We must wait for this command to complete before another
788 	 * command can be sent...  but if we wait more than 3 seconds
789 	 * then there is a problem.
790 	 */
791 
792 	err =
793 	    wait_event_interruptible_timeout(priv->wait_command_queue,
794 					     !(priv->
795 					       status & STATUS_CMD_ACTIVE),
796 					     HOST_COMPLETE_TIMEOUT);
797 
798 	if (err == 0) {
799 		IPW_DEBUG_INFO("Command completion failed out after %dms.\n",
800 			       1000 * (HOST_COMPLETE_TIMEOUT / HZ));
801 		priv->fatal_error = IPW2100_ERR_MSG_TIMEOUT;
802 		priv->status &= ~STATUS_CMD_ACTIVE;
803 		schedule_reset(priv);
804 		return -EIO;
805 	}
806 
807 	if (priv->fatal_error) {
808 		printk(KERN_WARNING DRV_NAME ": %s: firmware fatal error\n",
809 		       priv->net_dev->name);
810 		return -EIO;
811 	}
812 
813 	/* !!!!! HACK TEST !!!!!
814 	 * When lots of debug trace statements are enabled, the driver
815 	 * doesn't seem to have as many firmware restart cycles...
816 	 *
817 	 * As a test, we're sticking in a 1/100s delay here */
818 	schedule_timeout_uninterruptible(msecs_to_jiffies(10));
819 
820 	return 0;
821 
822       fail_unlock:
823 	spin_unlock_irqrestore(&priv->low_lock, flags);
824 
825 	return err;
826 }
827 
828 /*
829  * Verify the values and data access of the hardware
830  * No locks needed or used.  No functions called.
831  */
832 static int ipw2100_verify(struct ipw2100_priv *priv)
833 {
834 	u32 data1, data2;
835 	u32 address;
836 
837 	u32 val1 = 0x76543210;
838 	u32 val2 = 0xFEDCBA98;
839 
840 	/* Domain 0 check - all values should be DOA_DEBUG */
841 	for (address = IPW_REG_DOA_DEBUG_AREA_START;
842 	     address < IPW_REG_DOA_DEBUG_AREA_END; address += sizeof(u32)) {
843 		read_register(priv->net_dev, address, &data1);
844 		if (data1 != IPW_DATA_DOA_DEBUG_VALUE)
845 			return -EIO;
846 	}
847 
848 	/* Domain 1 check - use arbitrary read/write compare  */
849 	for (address = 0; address < 5; address++) {
850 		/* The memory area is not used now */
851 		write_register(priv->net_dev, IPW_REG_DOMAIN_1_OFFSET + 0x32,
852 			       val1);
853 		write_register(priv->net_dev, IPW_REG_DOMAIN_1_OFFSET + 0x36,
854 			       val2);
855 		read_register(priv->net_dev, IPW_REG_DOMAIN_1_OFFSET + 0x32,
856 			      &data1);
857 		read_register(priv->net_dev, IPW_REG_DOMAIN_1_OFFSET + 0x36,
858 			      &data2);
859 		if (val1 == data1 && val2 == data2)
860 			return 0;
861 	}
862 
863 	return -EIO;
864 }
865 
866 /*
867  *
868  * Loop until the CARD_DISABLED bit is the same value as the
869  * supplied parameter
870  *
871  * TODO: See if it would be more efficient to do a wait/wake
872  *       cycle and have the completion event trigger the wakeup
873  *
874  */
875 #define IPW_CARD_DISABLE_COMPLETE_WAIT		    100	// 100 milli
876 static int ipw2100_wait_for_card_state(struct ipw2100_priv *priv, int state)
877 {
878 	int i;
879 	u32 card_state;
880 	u32 len = sizeof(card_state);
881 	int err;
882 
883 	for (i = 0; i <= IPW_CARD_DISABLE_COMPLETE_WAIT * 1000; i += 50) {
884 		err = ipw2100_get_ordinal(priv, IPW_ORD_CARD_DISABLED,
885 					  &card_state, &len);
886 		if (err) {
887 			IPW_DEBUG_INFO("Query of CARD_DISABLED ordinal "
888 				       "failed.\n");
889 			return 0;
890 		}
891 
892 		/* We'll break out if either the HW state says it is
893 		 * in the state we want, or if HOST_COMPLETE command
894 		 * finishes */
895 		if ((card_state == state) ||
896 		    ((priv->status & STATUS_ENABLED) ?
897 		     IPW_HW_STATE_ENABLED : IPW_HW_STATE_DISABLED) == state) {
898 			if (state == IPW_HW_STATE_ENABLED)
899 				priv->status |= STATUS_ENABLED;
900 			else
901 				priv->status &= ~STATUS_ENABLED;
902 
903 			return 0;
904 		}
905 
906 		udelay(50);
907 	}
908 
909 	IPW_DEBUG_INFO("ipw2100_wait_for_card_state to %s state timed out\n",
910 		       state ? "DISABLED" : "ENABLED");
911 	return -EIO;
912 }
913 
914 /*********************************************************************
915     Procedure   :   sw_reset_and_clock
916     Purpose     :   Asserts s/w reset, asserts clock initialization
917                     and waits for clock stabilization
918  ********************************************************************/
919 static int sw_reset_and_clock(struct ipw2100_priv *priv)
920 {
921 	int i;
922 	u32 r;
923 
924 	// assert s/w reset
925 	write_register(priv->net_dev, IPW_REG_RESET_REG,
926 		       IPW_AUX_HOST_RESET_REG_SW_RESET);
927 
928 	// wait for clock stabilization
929 	for (i = 0; i < 1000; i++) {
930 		udelay(IPW_WAIT_RESET_ARC_COMPLETE_DELAY);
931 
932 		// check clock ready bit
933 		read_register(priv->net_dev, IPW_REG_RESET_REG, &r);
934 		if (r & IPW_AUX_HOST_RESET_REG_PRINCETON_RESET)
935 			break;
936 	}
937 
938 	if (i == 1000)
939 		return -EIO;	// TODO: better error value
940 
941 	/* set "initialization complete" bit to move adapter to
942 	 * D0 state */
943 	write_register(priv->net_dev, IPW_REG_GP_CNTRL,
944 		       IPW_AUX_HOST_GP_CNTRL_BIT_INIT_DONE);
945 
946 	/* wait for clock stabilization */
947 	for (i = 0; i < 10000; i++) {
948 		udelay(IPW_WAIT_CLOCK_STABILIZATION_DELAY * 4);
949 
950 		/* check clock ready bit */
951 		read_register(priv->net_dev, IPW_REG_GP_CNTRL, &r);
952 		if (r & IPW_AUX_HOST_GP_CNTRL_BIT_CLOCK_READY)
953 			break;
954 	}
955 
956 	if (i == 10000)
957 		return -EIO;	/* TODO: better error value */
958 
959 	/* set D0 standby bit */
960 	read_register(priv->net_dev, IPW_REG_GP_CNTRL, &r);
961 	write_register(priv->net_dev, IPW_REG_GP_CNTRL,
962 		       r | IPW_AUX_HOST_GP_CNTRL_BIT_HOST_ALLOWS_STANDBY);
963 
964 	return 0;
965 }
966 
967 /*********************************************************************
968     Procedure   :   ipw2100_download_firmware
969     Purpose     :   Initiaze adapter after power on.
970                     The sequence is:
971                     1. assert s/w reset first!
972                     2. awake clocks & wait for clock stabilization
973                     3. hold ARC (don't ask me why...)
974                     4. load Dino ucode and reset/clock init again
975                     5. zero-out shared mem
976                     6. download f/w
977  *******************************************************************/
978 static int ipw2100_download_firmware(struct ipw2100_priv *priv)
979 {
980 	u32 address;
981 	int err;
982 
983 #ifndef CONFIG_PM
984 	/* Fetch the firmware and microcode */
985 	struct ipw2100_fw ipw2100_firmware;
986 #endif
987 
988 	if (priv->fatal_error) {
989 		IPW_DEBUG_ERROR("%s: ipw2100_download_firmware called after "
990 				"fatal error %d.  Interface must be brought down.\n",
991 				priv->net_dev->name, priv->fatal_error);
992 		return -EINVAL;
993 	}
994 #ifdef CONFIG_PM
995 	if (!ipw2100_firmware.version) {
996 		err = ipw2100_get_firmware(priv, &ipw2100_firmware);
997 		if (err) {
998 			IPW_DEBUG_ERROR("%s: ipw2100_get_firmware failed: %d\n",
999 					priv->net_dev->name, err);
1000 			priv->fatal_error = IPW2100_ERR_FW_LOAD;
1001 			goto fail;
1002 		}
1003 	}
1004 #else
1005 	err = ipw2100_get_firmware(priv, &ipw2100_firmware);
1006 	if (err) {
1007 		IPW_DEBUG_ERROR("%s: ipw2100_get_firmware failed: %d\n",
1008 				priv->net_dev->name, err);
1009 		priv->fatal_error = IPW2100_ERR_FW_LOAD;
1010 		goto fail;
1011 	}
1012 #endif
1013 	priv->firmware_version = ipw2100_firmware.version;
1014 
1015 	/* s/w reset and clock stabilization */
1016 	err = sw_reset_and_clock(priv);
1017 	if (err) {
1018 		IPW_DEBUG_ERROR("%s: sw_reset_and_clock failed: %d\n",
1019 				priv->net_dev->name, err);
1020 		goto fail;
1021 	}
1022 
1023 	err = ipw2100_verify(priv);
1024 	if (err) {
1025 		IPW_DEBUG_ERROR("%s: ipw2100_verify failed: %d\n",
1026 				priv->net_dev->name, err);
1027 		goto fail;
1028 	}
1029 
1030 	/* Hold ARC */
1031 	write_nic_dword(priv->net_dev,
1032 			IPW_INTERNAL_REGISTER_HALT_AND_RESET, 0x80000000);
1033 
1034 	/* allow ARC to run */
1035 	write_register(priv->net_dev, IPW_REG_RESET_REG, 0);
1036 
1037 	/* load microcode */
1038 	err = ipw2100_ucode_download(priv, &ipw2100_firmware);
1039 	if (err) {
1040 		printk(KERN_ERR DRV_NAME ": %s: Error loading microcode: %d\n",
1041 		       priv->net_dev->name, err);
1042 		goto fail;
1043 	}
1044 
1045 	/* release ARC */
1046 	write_nic_dword(priv->net_dev,
1047 			IPW_INTERNAL_REGISTER_HALT_AND_RESET, 0x00000000);
1048 
1049 	/* s/w reset and clock stabilization (again!!!) */
1050 	err = sw_reset_and_clock(priv);
1051 	if (err) {
1052 		printk(KERN_ERR DRV_NAME
1053 		       ": %s: sw_reset_and_clock failed: %d\n",
1054 		       priv->net_dev->name, err);
1055 		goto fail;
1056 	}
1057 
1058 	/* load f/w */
1059 	err = ipw2100_fw_download(priv, &ipw2100_firmware);
1060 	if (err) {
1061 		IPW_DEBUG_ERROR("%s: Error loading firmware: %d\n",
1062 				priv->net_dev->name, err);
1063 		goto fail;
1064 	}
1065 #ifndef CONFIG_PM
1066 	/*
1067 	 * When the .resume method of the driver is called, the other
1068 	 * part of the system, i.e. the ide driver could still stay in
1069 	 * the suspend stage. This prevents us from loading the firmware
1070 	 * from the disk.  --YZ
1071 	 */
1072 
1073 	/* free any storage allocated for firmware image */
1074 	ipw2100_release_firmware(priv, &ipw2100_firmware);
1075 #endif
1076 
1077 	/* zero out Domain 1 area indirectly (Si requirement) */
1078 	for (address = IPW_HOST_FW_SHARED_AREA0;
1079 	     address < IPW_HOST_FW_SHARED_AREA0_END; address += 4)
1080 		write_nic_dword(priv->net_dev, address, 0);
1081 	for (address = IPW_HOST_FW_SHARED_AREA1;
1082 	     address < IPW_HOST_FW_SHARED_AREA1_END; address += 4)
1083 		write_nic_dword(priv->net_dev, address, 0);
1084 	for (address = IPW_HOST_FW_SHARED_AREA2;
1085 	     address < IPW_HOST_FW_SHARED_AREA2_END; address += 4)
1086 		write_nic_dword(priv->net_dev, address, 0);
1087 	for (address = IPW_HOST_FW_SHARED_AREA3;
1088 	     address < IPW_HOST_FW_SHARED_AREA3_END; address += 4)
1089 		write_nic_dword(priv->net_dev, address, 0);
1090 	for (address = IPW_HOST_FW_INTERRUPT_AREA;
1091 	     address < IPW_HOST_FW_INTERRUPT_AREA_END; address += 4)
1092 		write_nic_dword(priv->net_dev, address, 0);
1093 
1094 	return 0;
1095 
1096       fail:
1097 	ipw2100_release_firmware(priv, &ipw2100_firmware);
1098 	return err;
1099 }
1100 
1101 static inline void ipw2100_enable_interrupts(struct ipw2100_priv *priv)
1102 {
1103 	if (priv->status & STATUS_INT_ENABLED)
1104 		return;
1105 	priv->status |= STATUS_INT_ENABLED;
1106 	write_register(priv->net_dev, IPW_REG_INTA_MASK, IPW_INTERRUPT_MASK);
1107 }
1108 
1109 static inline void ipw2100_disable_interrupts(struct ipw2100_priv *priv)
1110 {
1111 	if (!(priv->status & STATUS_INT_ENABLED))
1112 		return;
1113 	priv->status &= ~STATUS_INT_ENABLED;
1114 	write_register(priv->net_dev, IPW_REG_INTA_MASK, 0x0);
1115 }
1116 
1117 static void ipw2100_initialize_ordinals(struct ipw2100_priv *priv)
1118 {
1119 	struct ipw2100_ordinals *ord = &priv->ordinals;
1120 
1121 	IPW_DEBUG_INFO("enter\n");
1122 
1123 	read_register(priv->net_dev, IPW_MEM_HOST_SHARED_ORDINALS_TABLE_1,
1124 		      &ord->table1_addr);
1125 
1126 	read_register(priv->net_dev, IPW_MEM_HOST_SHARED_ORDINALS_TABLE_2,
1127 		      &ord->table2_addr);
1128 
1129 	read_nic_dword(priv->net_dev, ord->table1_addr, &ord->table1_size);
1130 	read_nic_dword(priv->net_dev, ord->table2_addr, &ord->table2_size);
1131 
1132 	ord->table2_size &= 0x0000FFFF;
1133 
1134 	IPW_DEBUG_INFO("table 1 size: %d\n", ord->table1_size);
1135 	IPW_DEBUG_INFO("table 2 size: %d\n", ord->table2_size);
1136 	IPW_DEBUG_INFO("exit\n");
1137 }
1138 
1139 static inline void ipw2100_hw_set_gpio(struct ipw2100_priv *priv)
1140 {
1141 	u32 reg = 0;
1142 	/*
1143 	 * Set GPIO 3 writable by FW; GPIO 1 writable
1144 	 * by driver and enable clock
1145 	 */
1146 	reg = (IPW_BIT_GPIO_GPIO3_MASK | IPW_BIT_GPIO_GPIO1_ENABLE |
1147 	       IPW_BIT_GPIO_LED_OFF);
1148 	write_register(priv->net_dev, IPW_REG_GPIO, reg);
1149 }
1150 
1151 static int rf_kill_active(struct ipw2100_priv *priv)
1152 {
1153 #define MAX_RF_KILL_CHECKS 5
1154 #define RF_KILL_CHECK_DELAY 40
1155 
1156 	unsigned short value = 0;
1157 	u32 reg = 0;
1158 	int i;
1159 
1160 	if (!(priv->hw_features & HW_FEATURE_RFKILL)) {
1161 		wiphy_rfkill_set_hw_state(priv->ieee->wdev.wiphy, false);
1162 		priv->status &= ~STATUS_RF_KILL_HW;
1163 		return 0;
1164 	}
1165 
1166 	for (i = 0; i < MAX_RF_KILL_CHECKS; i++) {
1167 		udelay(RF_KILL_CHECK_DELAY);
1168 		read_register(priv->net_dev, IPW_REG_GPIO, &reg);
1169 		value = (value << 1) | ((reg & IPW_BIT_GPIO_RF_KILL) ? 0 : 1);
1170 	}
1171 
1172 	if (value == 0) {
1173 		wiphy_rfkill_set_hw_state(priv->ieee->wdev.wiphy, true);
1174 		priv->status |= STATUS_RF_KILL_HW;
1175 	} else {
1176 		wiphy_rfkill_set_hw_state(priv->ieee->wdev.wiphy, false);
1177 		priv->status &= ~STATUS_RF_KILL_HW;
1178 	}
1179 
1180 	return (value == 0);
1181 }
1182 
1183 static int ipw2100_get_hw_features(struct ipw2100_priv *priv)
1184 {
1185 	u32 addr, len;
1186 	u32 val;
1187 
1188 	/*
1189 	 * EEPROM_SRAM_DB_START_ADDRESS using ordinal in ordinal table 1
1190 	 */
1191 	len = sizeof(addr);
1192 	if (ipw2100_get_ordinal
1193 	    (priv, IPW_ORD_EEPROM_SRAM_DB_BLOCK_START_ADDRESS, &addr, &len)) {
1194 		IPW_DEBUG_INFO("failed querying ordinals at line %d\n",
1195 			       __LINE__);
1196 		return -EIO;
1197 	}
1198 
1199 	IPW_DEBUG_INFO("EEPROM address: %08X\n", addr);
1200 
1201 	/*
1202 	 * EEPROM version is the byte at offset 0xfd in firmware
1203 	 * We read 4 bytes, then shift out the byte we actually want */
1204 	read_nic_dword(priv->net_dev, addr + 0xFC, &val);
1205 	priv->eeprom_version = (val >> 24) & 0xFF;
1206 	IPW_DEBUG_INFO("EEPROM version: %d\n", priv->eeprom_version);
1207 
1208 	/*
1209 	 *  HW RF Kill enable is bit 0 in byte at offset 0x21 in firmware
1210 	 *
1211 	 *  notice that the EEPROM bit is reverse polarity, i.e.
1212 	 *     bit = 0  signifies HW RF kill switch is supported
1213 	 *     bit = 1  signifies HW RF kill switch is NOT supported
1214 	 */
1215 	read_nic_dword(priv->net_dev, addr + 0x20, &val);
1216 	if (!((val >> 24) & 0x01))
1217 		priv->hw_features |= HW_FEATURE_RFKILL;
1218 
1219 	IPW_DEBUG_INFO("HW RF Kill: %ssupported.\n",
1220 		       (priv->hw_features & HW_FEATURE_RFKILL) ? "" : "not ");
1221 
1222 	return 0;
1223 }
1224 
1225 /*
1226  * Start firmware execution after power on and initialization
1227  * The sequence is:
1228  *  1. Release ARC
1229  *  2. Wait for f/w initialization completes;
1230  */
1231 static int ipw2100_start_adapter(struct ipw2100_priv *priv)
1232 {
1233 	int i;
1234 	u32 inta, inta_mask, gpio;
1235 
1236 	IPW_DEBUG_INFO("enter\n");
1237 
1238 	if (priv->status & STATUS_RUNNING)
1239 		return 0;
1240 
1241 	/*
1242 	 * Initialize the hw - drive adapter to DO state by setting
1243 	 * init_done bit. Wait for clk_ready bit and Download
1244 	 * fw & dino ucode
1245 	 */
1246 	if (ipw2100_download_firmware(priv)) {
1247 		printk(KERN_ERR DRV_NAME
1248 		       ": %s: Failed to power on the adapter.\n",
1249 		       priv->net_dev->name);
1250 		return -EIO;
1251 	}
1252 
1253 	/* Clear the Tx, Rx and Msg queues and the r/w indexes
1254 	 * in the firmware RBD and TBD ring queue */
1255 	ipw2100_queues_initialize(priv);
1256 
1257 	ipw2100_hw_set_gpio(priv);
1258 
1259 	/* TODO -- Look at disabling interrupts here to make sure none
1260 	 * get fired during FW initialization */
1261 
1262 	/* Release ARC - clear reset bit */
1263 	write_register(priv->net_dev, IPW_REG_RESET_REG, 0);
1264 
1265 	/* wait for f/w initialization complete */
1266 	IPW_DEBUG_FW("Waiting for f/w initialization to complete...\n");
1267 	i = 5000;
1268 	do {
1269 		schedule_timeout_uninterruptible(msecs_to_jiffies(40));
1270 		/* Todo... wait for sync command ... */
1271 
1272 		read_register(priv->net_dev, IPW_REG_INTA, &inta);
1273 
1274 		/* check "init done" bit */
1275 		if (inta & IPW2100_INTA_FW_INIT_DONE) {
1276 			/* reset "init done" bit */
1277 			write_register(priv->net_dev, IPW_REG_INTA,
1278 				       IPW2100_INTA_FW_INIT_DONE);
1279 			break;
1280 		}
1281 
1282 		/* check error conditions : we check these after the firmware
1283 		 * check so that if there is an error, the interrupt handler
1284 		 * will see it and the adapter will be reset */
1285 		if (inta &
1286 		    (IPW2100_INTA_FATAL_ERROR | IPW2100_INTA_PARITY_ERROR)) {
1287 			/* clear error conditions */
1288 			write_register(priv->net_dev, IPW_REG_INTA,
1289 				       IPW2100_INTA_FATAL_ERROR |
1290 				       IPW2100_INTA_PARITY_ERROR);
1291 		}
1292 	} while (--i);
1293 
1294 	/* Clear out any pending INTAs since we aren't supposed to have
1295 	 * interrupts enabled at this point... */
1296 	read_register(priv->net_dev, IPW_REG_INTA, &inta);
1297 	read_register(priv->net_dev, IPW_REG_INTA_MASK, &inta_mask);
1298 	inta &= IPW_INTERRUPT_MASK;
1299 	/* Clear out any pending interrupts */
1300 	if (inta & inta_mask)
1301 		write_register(priv->net_dev, IPW_REG_INTA, inta);
1302 
1303 	IPW_DEBUG_FW("f/w initialization complete: %s\n",
1304 		     i ? "SUCCESS" : "FAILED");
1305 
1306 	if (!i) {
1307 		printk(KERN_WARNING DRV_NAME
1308 		       ": %s: Firmware did not initialize.\n",
1309 		       priv->net_dev->name);
1310 		return -EIO;
1311 	}
1312 
1313 	/* allow firmware to write to GPIO1 & GPIO3 */
1314 	read_register(priv->net_dev, IPW_REG_GPIO, &gpio);
1315 
1316 	gpio |= (IPW_BIT_GPIO_GPIO1_MASK | IPW_BIT_GPIO_GPIO3_MASK);
1317 
1318 	write_register(priv->net_dev, IPW_REG_GPIO, gpio);
1319 
1320 	/* Ready to receive commands */
1321 	priv->status |= STATUS_RUNNING;
1322 
1323 	/* The adapter has been reset; we are not associated */
1324 	priv->status &= ~(STATUS_ASSOCIATING | STATUS_ASSOCIATED);
1325 
1326 	IPW_DEBUG_INFO("exit\n");
1327 
1328 	return 0;
1329 }
1330 
1331 static inline void ipw2100_reset_fatalerror(struct ipw2100_priv *priv)
1332 {
1333 	if (!priv->fatal_error)
1334 		return;
1335 
1336 	priv->fatal_errors[priv->fatal_index++] = priv->fatal_error;
1337 	priv->fatal_index %= IPW2100_ERROR_QUEUE;
1338 	priv->fatal_error = 0;
1339 }
1340 
1341 /* NOTE: Our interrupt is disabled when this method is called */
1342 static int ipw2100_power_cycle_adapter(struct ipw2100_priv *priv)
1343 {
1344 	u32 reg;
1345 	int i;
1346 
1347 	IPW_DEBUG_INFO("Power cycling the hardware.\n");
1348 
1349 	ipw2100_hw_set_gpio(priv);
1350 
1351 	/* Step 1. Stop Master Assert */
1352 	write_register(priv->net_dev, IPW_REG_RESET_REG,
1353 		       IPW_AUX_HOST_RESET_REG_STOP_MASTER);
1354 
1355 	/* Step 2. Wait for stop Master Assert
1356 	 *         (not more than 50us, otherwise ret error */
1357 	i = 5;
1358 	do {
1359 		udelay(IPW_WAIT_RESET_MASTER_ASSERT_COMPLETE_DELAY);
1360 		read_register(priv->net_dev, IPW_REG_RESET_REG, &reg);
1361 
1362 		if (reg & IPW_AUX_HOST_RESET_REG_MASTER_DISABLED)
1363 			break;
1364 	} while (--i);
1365 
1366 	priv->status &= ~STATUS_RESET_PENDING;
1367 
1368 	if (!i) {
1369 		IPW_DEBUG_INFO
1370 		    ("exit - waited too long for master assert stop\n");
1371 		return -EIO;
1372 	}
1373 
1374 	write_register(priv->net_dev, IPW_REG_RESET_REG,
1375 		       IPW_AUX_HOST_RESET_REG_SW_RESET);
1376 
1377 	/* Reset any fatal_error conditions */
1378 	ipw2100_reset_fatalerror(priv);
1379 
1380 	/* At this point, the adapter is now stopped and disabled */
1381 	priv->status &= ~(STATUS_RUNNING | STATUS_ASSOCIATING |
1382 			  STATUS_ASSOCIATED | STATUS_ENABLED);
1383 
1384 	return 0;
1385 }
1386 
1387 /*
1388  * Send the CARD_DISABLE_PHY_OFF command to the card to disable it
1389  *
1390  * After disabling, if the card was associated, a STATUS_ASSN_LOST will be sent.
1391  *
1392  * STATUS_CARD_DISABLE_NOTIFICATION will be sent regardless of
1393  * if STATUS_ASSN_LOST is sent.
1394  */
1395 static int ipw2100_hw_phy_off(struct ipw2100_priv *priv)
1396 {
1397 
1398 #define HW_PHY_OFF_LOOP_DELAY (msecs_to_jiffies(50))
1399 
1400 	struct host_command cmd = {
1401 		.host_command = CARD_DISABLE_PHY_OFF,
1402 		.host_command_sequence = 0,
1403 		.host_command_length = 0,
1404 	};
1405 	int err, i;
1406 	u32 val1, val2;
1407 
1408 	IPW_DEBUG_HC("CARD_DISABLE_PHY_OFF\n");
1409 
1410 	/* Turn off the radio */
1411 	err = ipw2100_hw_send_command(priv, &cmd);
1412 	if (err)
1413 		return err;
1414 
1415 	for (i = 0; i < 2500; i++) {
1416 		read_nic_dword(priv->net_dev, IPW2100_CONTROL_REG, &val1);
1417 		read_nic_dword(priv->net_dev, IPW2100_COMMAND, &val2);
1418 
1419 		if ((val1 & IPW2100_CONTROL_PHY_OFF) &&
1420 		    (val2 & IPW2100_COMMAND_PHY_OFF))
1421 			return 0;
1422 
1423 		schedule_timeout_uninterruptible(HW_PHY_OFF_LOOP_DELAY);
1424 	}
1425 
1426 	return -EIO;
1427 }
1428 
1429 static int ipw2100_enable_adapter(struct ipw2100_priv *priv)
1430 {
1431 	struct host_command cmd = {
1432 		.host_command = HOST_COMPLETE,
1433 		.host_command_sequence = 0,
1434 		.host_command_length = 0
1435 	};
1436 	int err = 0;
1437 
1438 	IPW_DEBUG_HC("HOST_COMPLETE\n");
1439 
1440 	if (priv->status & STATUS_ENABLED)
1441 		return 0;
1442 
1443 	mutex_lock(&priv->adapter_mutex);
1444 
1445 	if (rf_kill_active(priv)) {
1446 		IPW_DEBUG_HC("Command aborted due to RF kill active.\n");
1447 		goto fail_up;
1448 	}
1449 
1450 	err = ipw2100_hw_send_command(priv, &cmd);
1451 	if (err) {
1452 		IPW_DEBUG_INFO("Failed to send HOST_COMPLETE command\n");
1453 		goto fail_up;
1454 	}
1455 
1456 	err = ipw2100_wait_for_card_state(priv, IPW_HW_STATE_ENABLED);
1457 	if (err) {
1458 		IPW_DEBUG_INFO("%s: card not responding to init command.\n",
1459 			       priv->net_dev->name);
1460 		goto fail_up;
1461 	}
1462 
1463 	if (priv->stop_hang_check) {
1464 		priv->stop_hang_check = 0;
1465 		schedule_delayed_work(&priv->hang_check, HZ / 2);
1466 	}
1467 
1468       fail_up:
1469 	mutex_unlock(&priv->adapter_mutex);
1470 	return err;
1471 }
1472 
1473 static int ipw2100_hw_stop_adapter(struct ipw2100_priv *priv)
1474 {
1475 #define HW_POWER_DOWN_DELAY (msecs_to_jiffies(100))
1476 
1477 	struct host_command cmd = {
1478 		.host_command = HOST_PRE_POWER_DOWN,
1479 		.host_command_sequence = 0,
1480 		.host_command_length = 0,
1481 	};
1482 	int err, i;
1483 	u32 reg;
1484 
1485 	if (!(priv->status & STATUS_RUNNING))
1486 		return 0;
1487 
1488 	priv->status |= STATUS_STOPPING;
1489 
1490 	/* We can only shut down the card if the firmware is operational.  So,
1491 	 * if we haven't reset since a fatal_error, then we can not send the
1492 	 * shutdown commands. */
1493 	if (!priv->fatal_error) {
1494 		/* First, make sure the adapter is enabled so that the PHY_OFF
1495 		 * command can shut it down */
1496 		ipw2100_enable_adapter(priv);
1497 
1498 		err = ipw2100_hw_phy_off(priv);
1499 		if (err)
1500 			printk(KERN_WARNING DRV_NAME
1501 			       ": Error disabling radio %d\n", err);
1502 
1503 		/*
1504 		 * If in D0-standby mode going directly to D3 may cause a
1505 		 * PCI bus violation.  Therefore we must change out of the D0
1506 		 * state.
1507 		 *
1508 		 * Sending the PREPARE_FOR_POWER_DOWN will restrict the
1509 		 * hardware from going into standby mode and will transition
1510 		 * out of D0-standby if it is already in that state.
1511 		 *
1512 		 * STATUS_PREPARE_POWER_DOWN_COMPLETE will be sent by the
1513 		 * driver upon completion.  Once received, the driver can
1514 		 * proceed to the D3 state.
1515 		 *
1516 		 * Prepare for power down command to fw.  This command would
1517 		 * take HW out of D0-standby and prepare it for D3 state.
1518 		 *
1519 		 * Currently FW does not support event notification for this
1520 		 * event. Therefore, skip waiting for it.  Just wait a fixed
1521 		 * 100ms
1522 		 */
1523 		IPW_DEBUG_HC("HOST_PRE_POWER_DOWN\n");
1524 
1525 		err = ipw2100_hw_send_command(priv, &cmd);
1526 		if (err)
1527 			printk(KERN_WARNING DRV_NAME ": "
1528 			       "%s: Power down command failed: Error %d\n",
1529 			       priv->net_dev->name, err);
1530 		else
1531 			schedule_timeout_uninterruptible(HW_POWER_DOWN_DELAY);
1532 	}
1533 
1534 	priv->status &= ~STATUS_ENABLED;
1535 
1536 	/*
1537 	 * Set GPIO 3 writable by FW; GPIO 1 writable
1538 	 * by driver and enable clock
1539 	 */
1540 	ipw2100_hw_set_gpio(priv);
1541 
1542 	/*
1543 	 * Power down adapter.  Sequence:
1544 	 * 1. Stop master assert (RESET_REG[9]=1)
1545 	 * 2. Wait for stop master (RESET_REG[8]==1)
1546 	 * 3. S/w reset assert (RESET_REG[7] = 1)
1547 	 */
1548 
1549 	/* Stop master assert */
1550 	write_register(priv->net_dev, IPW_REG_RESET_REG,
1551 		       IPW_AUX_HOST_RESET_REG_STOP_MASTER);
1552 
1553 	/* wait stop master not more than 50 usec.
1554 	 * Otherwise return error. */
1555 	for (i = 5; i > 0; i--) {
1556 		udelay(10);
1557 
1558 		/* Check master stop bit */
1559 		read_register(priv->net_dev, IPW_REG_RESET_REG, &reg);
1560 
1561 		if (reg & IPW_AUX_HOST_RESET_REG_MASTER_DISABLED)
1562 			break;
1563 	}
1564 
1565 	if (i == 0)
1566 		printk(KERN_WARNING DRV_NAME
1567 		       ": %s: Could now power down adapter.\n",
1568 		       priv->net_dev->name);
1569 
1570 	/* assert s/w reset */
1571 	write_register(priv->net_dev, IPW_REG_RESET_REG,
1572 		       IPW_AUX_HOST_RESET_REG_SW_RESET);
1573 
1574 	priv->status &= ~(STATUS_RUNNING | STATUS_STOPPING);
1575 
1576 	return 0;
1577 }
1578 
1579 static int ipw2100_disable_adapter(struct ipw2100_priv *priv)
1580 {
1581 	struct host_command cmd = {
1582 		.host_command = CARD_DISABLE,
1583 		.host_command_sequence = 0,
1584 		.host_command_length = 0
1585 	};
1586 	int err = 0;
1587 
1588 	IPW_DEBUG_HC("CARD_DISABLE\n");
1589 
1590 	if (!(priv->status & STATUS_ENABLED))
1591 		return 0;
1592 
1593 	/* Make sure we clear the associated state */
1594 	priv->status &= ~(STATUS_ASSOCIATED | STATUS_ASSOCIATING);
1595 
1596 	if (!priv->stop_hang_check) {
1597 		priv->stop_hang_check = 1;
1598 		cancel_delayed_work(&priv->hang_check);
1599 	}
1600 
1601 	mutex_lock(&priv->adapter_mutex);
1602 
1603 	err = ipw2100_hw_send_command(priv, &cmd);
1604 	if (err) {
1605 		printk(KERN_WARNING DRV_NAME
1606 		       ": exit - failed to send CARD_DISABLE command\n");
1607 		goto fail_up;
1608 	}
1609 
1610 	err = ipw2100_wait_for_card_state(priv, IPW_HW_STATE_DISABLED);
1611 	if (err) {
1612 		printk(KERN_WARNING DRV_NAME
1613 		       ": exit - card failed to change to DISABLED\n");
1614 		goto fail_up;
1615 	}
1616 
1617 	IPW_DEBUG_INFO("TODO: implement scan state machine\n");
1618 
1619       fail_up:
1620 	mutex_unlock(&priv->adapter_mutex);
1621 	return err;
1622 }
1623 
1624 static int ipw2100_set_scan_options(struct ipw2100_priv *priv)
1625 {
1626 	struct host_command cmd = {
1627 		.host_command = SET_SCAN_OPTIONS,
1628 		.host_command_sequence = 0,
1629 		.host_command_length = 8
1630 	};
1631 	int err;
1632 
1633 	IPW_DEBUG_INFO("enter\n");
1634 
1635 	IPW_DEBUG_SCAN("setting scan options\n");
1636 
1637 	cmd.host_command_parameters[0] = 0;
1638 
1639 	if (!(priv->config & CFG_ASSOCIATE))
1640 		cmd.host_command_parameters[0] |= IPW_SCAN_NOASSOCIATE;
1641 	if ((priv->ieee->sec.flags & SEC_ENABLED) && priv->ieee->sec.enabled)
1642 		cmd.host_command_parameters[0] |= IPW_SCAN_MIXED_CELL;
1643 	if (priv->config & CFG_PASSIVE_SCAN)
1644 		cmd.host_command_parameters[0] |= IPW_SCAN_PASSIVE;
1645 
1646 	cmd.host_command_parameters[1] = priv->channel_mask;
1647 
1648 	err = ipw2100_hw_send_command(priv, &cmd);
1649 
1650 	IPW_DEBUG_HC("SET_SCAN_OPTIONS 0x%04X\n",
1651 		     cmd.host_command_parameters[0]);
1652 
1653 	return err;
1654 }
1655 
1656 static int ipw2100_start_scan(struct ipw2100_priv *priv)
1657 {
1658 	struct host_command cmd = {
1659 		.host_command = BROADCAST_SCAN,
1660 		.host_command_sequence = 0,
1661 		.host_command_length = 4
1662 	};
1663 	int err;
1664 
1665 	IPW_DEBUG_HC("START_SCAN\n");
1666 
1667 	cmd.host_command_parameters[0] = 0;
1668 
1669 	/* No scanning if in monitor mode */
1670 	if (priv->ieee->iw_mode == IW_MODE_MONITOR)
1671 		return 1;
1672 
1673 	if (priv->status & STATUS_SCANNING) {
1674 		IPW_DEBUG_SCAN("Scan requested while already in scan...\n");
1675 		return 0;
1676 	}
1677 
1678 	IPW_DEBUG_INFO("enter\n");
1679 
1680 	/* Not clearing here; doing so makes iwlist always return nothing...
1681 	 *
1682 	 * We should modify the table logic to use aging tables vs. clearing
1683 	 * the table on each scan start.
1684 	 */
1685 	IPW_DEBUG_SCAN("starting scan\n");
1686 
1687 	priv->status |= STATUS_SCANNING;
1688 	err = ipw2100_hw_send_command(priv, &cmd);
1689 	if (err)
1690 		priv->status &= ~STATUS_SCANNING;
1691 
1692 	IPW_DEBUG_INFO("exit\n");
1693 
1694 	return err;
1695 }
1696 
1697 static const struct libipw_geo ipw_geos[] = {
1698 	{			/* Restricted */
1699 	 "---",
1700 	 .bg_channels = 14,
1701 	 .bg = {{2412, 1}, {2417, 2}, {2422, 3},
1702 		{2427, 4}, {2432, 5}, {2437, 6},
1703 		{2442, 7}, {2447, 8}, {2452, 9},
1704 		{2457, 10}, {2462, 11}, {2467, 12},
1705 		{2472, 13}, {2484, 14}},
1706 	 },
1707 };
1708 
1709 static int ipw2100_up(struct ipw2100_priv *priv, int deferred)
1710 {
1711 	unsigned long flags;
1712 	int err = 0;
1713 	u32 lock;
1714 	u32 ord_len = sizeof(lock);
1715 
1716 	/* Age scan list entries found before suspend */
1717 	if (priv->suspend_time) {
1718 		libipw_networks_age(priv->ieee, priv->suspend_time);
1719 		priv->suspend_time = 0;
1720 	}
1721 
1722 	/* Quiet if manually disabled. */
1723 	if (priv->status & STATUS_RF_KILL_SW) {
1724 		IPW_DEBUG_INFO("%s: Radio is disabled by Manual Disable "
1725 			       "switch\n", priv->net_dev->name);
1726 		return 0;
1727 	}
1728 
1729 	/* the ipw2100 hardware really doesn't want power management delays
1730 	 * longer than 175usec
1731 	 */
1732 	cpu_latency_qos_update_request(&ipw2100_pm_qos_req, 175);
1733 
1734 	/* If the interrupt is enabled, turn it off... */
1735 	spin_lock_irqsave(&priv->low_lock, flags);
1736 	ipw2100_disable_interrupts(priv);
1737 
1738 	/* Reset any fatal_error conditions */
1739 	ipw2100_reset_fatalerror(priv);
1740 	spin_unlock_irqrestore(&priv->low_lock, flags);
1741 
1742 	if (priv->status & STATUS_POWERED ||
1743 	    (priv->status & STATUS_RESET_PENDING)) {
1744 		/* Power cycle the card ... */
1745 		err = ipw2100_power_cycle_adapter(priv);
1746 		if (err) {
1747 			printk(KERN_WARNING DRV_NAME
1748 			       ": %s: Could not cycle adapter.\n",
1749 			       priv->net_dev->name);
1750 			goto exit;
1751 		}
1752 	} else
1753 		priv->status |= STATUS_POWERED;
1754 
1755 	/* Load the firmware, start the clocks, etc. */
1756 	err = ipw2100_start_adapter(priv);
1757 	if (err) {
1758 		printk(KERN_ERR DRV_NAME
1759 		       ": %s: Failed to start the firmware.\n",
1760 		       priv->net_dev->name);
1761 		goto exit;
1762 	}
1763 
1764 	ipw2100_initialize_ordinals(priv);
1765 
1766 	/* Determine capabilities of this particular HW configuration */
1767 	err = ipw2100_get_hw_features(priv);
1768 	if (err) {
1769 		printk(KERN_ERR DRV_NAME
1770 		       ": %s: Failed to determine HW features.\n",
1771 		       priv->net_dev->name);
1772 		goto exit;
1773 	}
1774 
1775 	/* Initialize the geo */
1776 	libipw_set_geo(priv->ieee, &ipw_geos[0]);
1777 	priv->ieee->freq_band = LIBIPW_24GHZ_BAND;
1778 
1779 	lock = LOCK_NONE;
1780 	err = ipw2100_set_ordinal(priv, IPW_ORD_PERS_DB_LOCK, &lock, &ord_len);
1781 	if (err) {
1782 		printk(KERN_ERR DRV_NAME
1783 		       ": %s: Failed to clear ordinal lock.\n",
1784 		       priv->net_dev->name);
1785 		goto exit;
1786 	}
1787 
1788 	priv->status &= ~STATUS_SCANNING;
1789 
1790 	if (rf_kill_active(priv)) {
1791 		printk(KERN_INFO "%s: Radio is disabled by RF switch.\n",
1792 		       priv->net_dev->name);
1793 
1794 		if (priv->stop_rf_kill) {
1795 			priv->stop_rf_kill = 0;
1796 			schedule_delayed_work(&priv->rf_kill,
1797 					      round_jiffies_relative(HZ));
1798 		}
1799 
1800 		deferred = 1;
1801 	}
1802 
1803 	/* Turn on the interrupt so that commands can be processed */
1804 	ipw2100_enable_interrupts(priv);
1805 
1806 	/* Send all of the commands that must be sent prior to
1807 	 * HOST_COMPLETE */
1808 	err = ipw2100_adapter_setup(priv);
1809 	if (err) {
1810 		printk(KERN_ERR DRV_NAME ": %s: Failed to start the card.\n",
1811 		       priv->net_dev->name);
1812 		goto exit;
1813 	}
1814 
1815 	if (!deferred) {
1816 		/* Enable the adapter - sends HOST_COMPLETE */
1817 		err = ipw2100_enable_adapter(priv);
1818 		if (err) {
1819 			printk(KERN_ERR DRV_NAME ": "
1820 			       "%s: failed in call to enable adapter.\n",
1821 			       priv->net_dev->name);
1822 			ipw2100_hw_stop_adapter(priv);
1823 			goto exit;
1824 		}
1825 
1826 		/* Start a scan . . . */
1827 		ipw2100_set_scan_options(priv);
1828 		ipw2100_start_scan(priv);
1829 	}
1830 
1831       exit:
1832 	return err;
1833 }
1834 
1835 static void ipw2100_down(struct ipw2100_priv *priv)
1836 {
1837 	unsigned long flags;
1838 	union iwreq_data wrqu = {
1839 		.ap_addr = {
1840 			    .sa_family = ARPHRD_ETHER}
1841 	};
1842 	int associated = priv->status & STATUS_ASSOCIATED;
1843 
1844 	/* Kill the RF switch timer */
1845 	if (!priv->stop_rf_kill) {
1846 		priv->stop_rf_kill = 1;
1847 		cancel_delayed_work(&priv->rf_kill);
1848 	}
1849 
1850 	/* Kill the firmware hang check timer */
1851 	if (!priv->stop_hang_check) {
1852 		priv->stop_hang_check = 1;
1853 		cancel_delayed_work(&priv->hang_check);
1854 	}
1855 
1856 	/* Kill any pending resets */
1857 	if (priv->status & STATUS_RESET_PENDING)
1858 		cancel_delayed_work(&priv->reset_work);
1859 
1860 	/* Make sure the interrupt is on so that FW commands will be
1861 	 * processed correctly */
1862 	spin_lock_irqsave(&priv->low_lock, flags);
1863 	ipw2100_enable_interrupts(priv);
1864 	spin_unlock_irqrestore(&priv->low_lock, flags);
1865 
1866 	if (ipw2100_hw_stop_adapter(priv))
1867 		printk(KERN_ERR DRV_NAME ": %s: Error stopping adapter.\n",
1868 		       priv->net_dev->name);
1869 
1870 	/* Do not disable the interrupt until _after_ we disable
1871 	 * the adaptor.  Otherwise the CARD_DISABLE command will never
1872 	 * be ack'd by the firmware */
1873 	spin_lock_irqsave(&priv->low_lock, flags);
1874 	ipw2100_disable_interrupts(priv);
1875 	spin_unlock_irqrestore(&priv->low_lock, flags);
1876 
1877 	cpu_latency_qos_update_request(&ipw2100_pm_qos_req,
1878 				       PM_QOS_DEFAULT_VALUE);
1879 
1880 	/* We have to signal any supplicant if we are disassociating */
1881 	if (associated)
1882 		wireless_send_event(priv->net_dev, SIOCGIWAP, &wrqu, NULL);
1883 
1884 	priv->status &= ~(STATUS_ASSOCIATED | STATUS_ASSOCIATING);
1885 	netif_carrier_off(priv->net_dev);
1886 	netif_stop_queue(priv->net_dev);
1887 }
1888 
1889 static int ipw2100_wdev_init(struct net_device *dev)
1890 {
1891 	struct ipw2100_priv *priv = libipw_priv(dev);
1892 	const struct libipw_geo *geo = libipw_get_geo(priv->ieee);
1893 	struct wireless_dev *wdev = &priv->ieee->wdev;
1894 	int i;
1895 
1896 	memcpy(wdev->wiphy->perm_addr, priv->mac_addr, ETH_ALEN);
1897 
1898 	/* fill-out priv->ieee->bg_band */
1899 	if (geo->bg_channels) {
1900 		struct ieee80211_supported_band *bg_band = &priv->ieee->bg_band;
1901 
1902 		bg_band->band = NL80211_BAND_2GHZ;
1903 		bg_band->n_channels = geo->bg_channels;
1904 		bg_band->channels = kcalloc(geo->bg_channels,
1905 					    sizeof(struct ieee80211_channel),
1906 					    GFP_KERNEL);
1907 		if (!bg_band->channels) {
1908 			ipw2100_down(priv);
1909 			return -ENOMEM;
1910 		}
1911 		/* translate geo->bg to bg_band.channels */
1912 		for (i = 0; i < geo->bg_channels; i++) {
1913 			bg_band->channels[i].band = NL80211_BAND_2GHZ;
1914 			bg_band->channels[i].center_freq = geo->bg[i].freq;
1915 			bg_band->channels[i].hw_value = geo->bg[i].channel;
1916 			bg_band->channels[i].max_power = geo->bg[i].max_power;
1917 			if (geo->bg[i].flags & LIBIPW_CH_PASSIVE_ONLY)
1918 				bg_band->channels[i].flags |=
1919 					IEEE80211_CHAN_NO_IR;
1920 			if (geo->bg[i].flags & LIBIPW_CH_NO_IBSS)
1921 				bg_band->channels[i].flags |=
1922 					IEEE80211_CHAN_NO_IR;
1923 			if (geo->bg[i].flags & LIBIPW_CH_RADAR_DETECT)
1924 				bg_band->channels[i].flags |=
1925 					IEEE80211_CHAN_RADAR;
1926 			/* No equivalent for LIBIPW_CH_80211H_RULES,
1927 			   LIBIPW_CH_UNIFORM_SPREADING, or
1928 			   LIBIPW_CH_B_ONLY... */
1929 		}
1930 		/* point at bitrate info */
1931 		bg_band->bitrates = ipw2100_bg_rates;
1932 		bg_band->n_bitrates = RATE_COUNT;
1933 
1934 		wdev->wiphy->bands[NL80211_BAND_2GHZ] = bg_band;
1935 	}
1936 
1937 	wdev->wiphy->cipher_suites = ipw_cipher_suites;
1938 	wdev->wiphy->n_cipher_suites = ARRAY_SIZE(ipw_cipher_suites);
1939 
1940 	set_wiphy_dev(wdev->wiphy, &priv->pci_dev->dev);
1941 	if (wiphy_register(wdev->wiphy))
1942 		return -EIO;
1943 	return 0;
1944 }
1945 
1946 static void ipw2100_reset_adapter(struct work_struct *work)
1947 {
1948 	struct ipw2100_priv *priv =
1949 		container_of(work, struct ipw2100_priv, reset_work.work);
1950 	unsigned long flags;
1951 	union iwreq_data wrqu = {
1952 		.ap_addr = {
1953 			    .sa_family = ARPHRD_ETHER}
1954 	};
1955 	int associated = priv->status & STATUS_ASSOCIATED;
1956 
1957 	spin_lock_irqsave(&priv->low_lock, flags);
1958 	IPW_DEBUG_INFO(": %s: Restarting adapter.\n", priv->net_dev->name);
1959 	priv->resets++;
1960 	priv->status &= ~(STATUS_ASSOCIATED | STATUS_ASSOCIATING);
1961 	priv->status |= STATUS_SECURITY_UPDATED;
1962 
1963 	/* Force a power cycle even if interface hasn't been opened
1964 	 * yet */
1965 	cancel_delayed_work(&priv->reset_work);
1966 	priv->status |= STATUS_RESET_PENDING;
1967 	spin_unlock_irqrestore(&priv->low_lock, flags);
1968 
1969 	mutex_lock(&priv->action_mutex);
1970 	/* stop timed checks so that they don't interfere with reset */
1971 	priv->stop_hang_check = 1;
1972 	cancel_delayed_work(&priv->hang_check);
1973 
1974 	/* We have to signal any supplicant if we are disassociating */
1975 	if (associated)
1976 		wireless_send_event(priv->net_dev, SIOCGIWAP, &wrqu, NULL);
1977 
1978 	ipw2100_up(priv, 0);
1979 	mutex_unlock(&priv->action_mutex);
1980 
1981 }
1982 
1983 static void isr_indicate_associated(struct ipw2100_priv *priv, u32 status)
1984 {
1985 
1986 #define MAC_ASSOCIATION_READ_DELAY (HZ)
1987 	int ret;
1988 	unsigned int len, essid_len;
1989 	char essid[IW_ESSID_MAX_SIZE];
1990 	u32 txrate;
1991 	u32 chan;
1992 	char *txratename;
1993 	u8 bssid[ETH_ALEN];
1994 
1995 	/*
1996 	 * TBD: BSSID is usually 00:00:00:00:00:00 here and not
1997 	 *      an actual MAC of the AP. Seems like FW sets this
1998 	 *      address too late. Read it later and expose through
1999 	 *      /proc or schedule a later task to query and update
2000 	 */
2001 
2002 	essid_len = IW_ESSID_MAX_SIZE;
2003 	ret = ipw2100_get_ordinal(priv, IPW_ORD_STAT_ASSN_SSID,
2004 				  essid, &essid_len);
2005 	if (ret) {
2006 		IPW_DEBUG_INFO("failed querying ordinals at line %d\n",
2007 			       __LINE__);
2008 		return;
2009 	}
2010 
2011 	len = sizeof(u32);
2012 	ret = ipw2100_get_ordinal(priv, IPW_ORD_CURRENT_TX_RATE, &txrate, &len);
2013 	if (ret) {
2014 		IPW_DEBUG_INFO("failed querying ordinals at line %d\n",
2015 			       __LINE__);
2016 		return;
2017 	}
2018 
2019 	len = sizeof(u32);
2020 	ret = ipw2100_get_ordinal(priv, IPW_ORD_OUR_FREQ, &chan, &len);
2021 	if (ret) {
2022 		IPW_DEBUG_INFO("failed querying ordinals at line %d\n",
2023 			       __LINE__);
2024 		return;
2025 	}
2026 	len = ETH_ALEN;
2027 	ret = ipw2100_get_ordinal(priv, IPW_ORD_STAT_ASSN_AP_BSSID, bssid,
2028 				  &len);
2029 	if (ret) {
2030 		IPW_DEBUG_INFO("failed querying ordinals at line %d\n",
2031 			       __LINE__);
2032 		return;
2033 	}
2034 	memcpy(priv->ieee->bssid, bssid, ETH_ALEN);
2035 
2036 	switch (txrate) {
2037 	case TX_RATE_1_MBIT:
2038 		txratename = "1Mbps";
2039 		break;
2040 	case TX_RATE_2_MBIT:
2041 		txratename = "2Mbsp";
2042 		break;
2043 	case TX_RATE_5_5_MBIT:
2044 		txratename = "5.5Mbps";
2045 		break;
2046 	case TX_RATE_11_MBIT:
2047 		txratename = "11Mbps";
2048 		break;
2049 	default:
2050 		IPW_DEBUG_INFO("Unknown rate: %d\n", txrate);
2051 		txratename = "unknown rate";
2052 		break;
2053 	}
2054 
2055 	IPW_DEBUG_INFO("%s: Associated with '%*pE' at %s, channel %d (BSSID=%pM)\n",
2056 		       priv->net_dev->name, essid_len, essid,
2057 		       txratename, chan, bssid);
2058 
2059 	/* now we copy read ssid into dev */
2060 	if (!(priv->config & CFG_STATIC_ESSID)) {
2061 		priv->essid_len = min((u8) essid_len, (u8) IW_ESSID_MAX_SIZE);
2062 		memcpy(priv->essid, essid, priv->essid_len);
2063 	}
2064 	priv->channel = chan;
2065 	memcpy(priv->bssid, bssid, ETH_ALEN);
2066 
2067 	priv->status |= STATUS_ASSOCIATING;
2068 	priv->connect_start = ktime_get_boottime_seconds();
2069 
2070 	schedule_delayed_work(&priv->wx_event_work, HZ / 10);
2071 }
2072 
2073 static int ipw2100_set_essid(struct ipw2100_priv *priv, char *essid,
2074 			     int length, int batch_mode)
2075 {
2076 	int ssid_len = min(length, IW_ESSID_MAX_SIZE);
2077 	struct host_command cmd = {
2078 		.host_command = SSID,
2079 		.host_command_sequence = 0,
2080 		.host_command_length = ssid_len
2081 	};
2082 	int err;
2083 
2084 	IPW_DEBUG_HC("SSID: '%*pE'\n", ssid_len, essid);
2085 
2086 	if (ssid_len)
2087 		memcpy(cmd.host_command_parameters, essid, ssid_len);
2088 
2089 	if (!batch_mode) {
2090 		err = ipw2100_disable_adapter(priv);
2091 		if (err)
2092 			return err;
2093 	}
2094 
2095 	/* Bug in FW currently doesn't honor bit 0 in SET_SCAN_OPTIONS to
2096 	 * disable auto association -- so we cheat by setting a bogus SSID */
2097 	if (!ssid_len && !(priv->config & CFG_ASSOCIATE)) {
2098 		int i;
2099 		u8 *bogus = (u8 *) cmd.host_command_parameters;
2100 		for (i = 0; i < IW_ESSID_MAX_SIZE; i++)
2101 			bogus[i] = 0x18 + i;
2102 		cmd.host_command_length = IW_ESSID_MAX_SIZE;
2103 	}
2104 
2105 	/* NOTE:  We always send the SSID command even if the provided ESSID is
2106 	 * the same as what we currently think is set. */
2107 
2108 	err = ipw2100_hw_send_command(priv, &cmd);
2109 	if (!err) {
2110 		memset(priv->essid + ssid_len, 0, IW_ESSID_MAX_SIZE - ssid_len);
2111 		memcpy(priv->essid, essid, ssid_len);
2112 		priv->essid_len = ssid_len;
2113 	}
2114 
2115 	if (!batch_mode) {
2116 		if (ipw2100_enable_adapter(priv))
2117 			err = -EIO;
2118 	}
2119 
2120 	return err;
2121 }
2122 
2123 static void isr_indicate_association_lost(struct ipw2100_priv *priv, u32 status)
2124 {
2125 	IPW_DEBUG(IPW_DL_NOTIF | IPW_DL_STATE | IPW_DL_ASSOC,
2126 		  "disassociated: '%*pE' %pM\n", priv->essid_len, priv->essid,
2127 		  priv->bssid);
2128 
2129 	priv->status &= ~(STATUS_ASSOCIATED | STATUS_ASSOCIATING);
2130 
2131 	if (priv->status & STATUS_STOPPING) {
2132 		IPW_DEBUG_INFO("Card is stopping itself, discard ASSN_LOST.\n");
2133 		return;
2134 	}
2135 
2136 	eth_zero_addr(priv->bssid);
2137 	eth_zero_addr(priv->ieee->bssid);
2138 
2139 	netif_carrier_off(priv->net_dev);
2140 	netif_stop_queue(priv->net_dev);
2141 
2142 	if (!(priv->status & STATUS_RUNNING))
2143 		return;
2144 
2145 	if (priv->status & STATUS_SECURITY_UPDATED)
2146 		schedule_delayed_work(&priv->security_work, 0);
2147 
2148 	schedule_delayed_work(&priv->wx_event_work, 0);
2149 }
2150 
2151 static void isr_indicate_rf_kill(struct ipw2100_priv *priv, u32 status)
2152 {
2153 	IPW_DEBUG_INFO("%s: RF Kill state changed to radio OFF.\n",
2154 		       priv->net_dev->name);
2155 
2156 	/* RF_KILL is now enabled (else we wouldn't be here) */
2157 	wiphy_rfkill_set_hw_state(priv->ieee->wdev.wiphy, true);
2158 	priv->status |= STATUS_RF_KILL_HW;
2159 
2160 	/* Make sure the RF Kill check timer is running */
2161 	priv->stop_rf_kill = 0;
2162 	mod_delayed_work(system_wq, &priv->rf_kill, round_jiffies_relative(HZ));
2163 }
2164 
2165 static void ipw2100_scan_event(struct work_struct *work)
2166 {
2167 	struct ipw2100_priv *priv = container_of(work, struct ipw2100_priv,
2168 						 scan_event.work);
2169 	union iwreq_data wrqu;
2170 
2171 	wrqu.data.length = 0;
2172 	wrqu.data.flags = 0;
2173 	wireless_send_event(priv->net_dev, SIOCGIWSCAN, &wrqu, NULL);
2174 }
2175 
2176 static void isr_scan_complete(struct ipw2100_priv *priv, u32 status)
2177 {
2178 	IPW_DEBUG_SCAN("scan complete\n");
2179 	/* Age the scan results... */
2180 	priv->ieee->scans++;
2181 	priv->status &= ~STATUS_SCANNING;
2182 
2183 	/* Only userspace-requested scan completion events go out immediately */
2184 	if (!priv->user_requested_scan) {
2185 		schedule_delayed_work(&priv->scan_event,
2186 				      round_jiffies_relative(msecs_to_jiffies(4000)));
2187 	} else {
2188 		priv->user_requested_scan = 0;
2189 		mod_delayed_work(system_wq, &priv->scan_event, 0);
2190 	}
2191 }
2192 
2193 #ifdef CONFIG_IPW2100_DEBUG
2194 #define IPW2100_HANDLER(v, f) { v, f, # v }
2195 struct ipw2100_status_indicator {
2196 	int status;
2197 	void (*cb) (struct ipw2100_priv * priv, u32 status);
2198 	char *name;
2199 };
2200 #else
2201 #define IPW2100_HANDLER(v, f) { v, f }
2202 struct ipw2100_status_indicator {
2203 	int status;
2204 	void (*cb) (struct ipw2100_priv * priv, u32 status);
2205 };
2206 #endif				/* CONFIG_IPW2100_DEBUG */
2207 
2208 static void isr_indicate_scanning(struct ipw2100_priv *priv, u32 status)
2209 {
2210 	IPW_DEBUG_SCAN("Scanning...\n");
2211 	priv->status |= STATUS_SCANNING;
2212 }
2213 
2214 static const struct ipw2100_status_indicator status_handlers[] = {
2215 	IPW2100_HANDLER(IPW_STATE_INITIALIZED, NULL),
2216 	IPW2100_HANDLER(IPW_STATE_COUNTRY_FOUND, NULL),
2217 	IPW2100_HANDLER(IPW_STATE_ASSOCIATED, isr_indicate_associated),
2218 	IPW2100_HANDLER(IPW_STATE_ASSN_LOST, isr_indicate_association_lost),
2219 	IPW2100_HANDLER(IPW_STATE_ASSN_CHANGED, NULL),
2220 	IPW2100_HANDLER(IPW_STATE_SCAN_COMPLETE, isr_scan_complete),
2221 	IPW2100_HANDLER(IPW_STATE_ENTERED_PSP, NULL),
2222 	IPW2100_HANDLER(IPW_STATE_LEFT_PSP, NULL),
2223 	IPW2100_HANDLER(IPW_STATE_RF_KILL, isr_indicate_rf_kill),
2224 	IPW2100_HANDLER(IPW_STATE_DISABLED, NULL),
2225 	IPW2100_HANDLER(IPW_STATE_POWER_DOWN, NULL),
2226 	IPW2100_HANDLER(IPW_STATE_SCANNING, isr_indicate_scanning),
2227 	IPW2100_HANDLER(-1, NULL)
2228 };
2229 
2230 static void isr_status_change(struct ipw2100_priv *priv, int status)
2231 {
2232 	int i;
2233 
2234 	if (status == IPW_STATE_SCANNING &&
2235 	    priv->status & STATUS_ASSOCIATED &&
2236 	    !(priv->status & STATUS_SCANNING)) {
2237 		IPW_DEBUG_INFO("Scan detected while associated, with "
2238 			       "no scan request.  Restarting firmware.\n");
2239 
2240 		/* Wake up any sleeping jobs */
2241 		schedule_reset(priv);
2242 	}
2243 
2244 	for (i = 0; status_handlers[i].status != -1; i++) {
2245 		if (status == status_handlers[i].status) {
2246 			IPW_DEBUG_NOTIF("Status change: %s\n",
2247 					status_handlers[i].name);
2248 			if (status_handlers[i].cb)
2249 				status_handlers[i].cb(priv, status);
2250 			priv->wstats.status = status;
2251 			return;
2252 		}
2253 	}
2254 
2255 	IPW_DEBUG_NOTIF("unknown status received: %04x\n", status);
2256 }
2257 
2258 static void isr_rx_complete_command(struct ipw2100_priv *priv,
2259 				    struct ipw2100_cmd_header *cmd)
2260 {
2261 #ifdef CONFIG_IPW2100_DEBUG
2262 	if (cmd->host_command_reg < ARRAY_SIZE(command_types)) {
2263 		IPW_DEBUG_HC("Command completed '%s (%d)'\n",
2264 			     command_types[cmd->host_command_reg],
2265 			     cmd->host_command_reg);
2266 	}
2267 #endif
2268 	if (cmd->host_command_reg == HOST_COMPLETE)
2269 		priv->status |= STATUS_ENABLED;
2270 
2271 	if (cmd->host_command_reg == CARD_DISABLE)
2272 		priv->status &= ~STATUS_ENABLED;
2273 
2274 	priv->status &= ~STATUS_CMD_ACTIVE;
2275 
2276 	wake_up_interruptible(&priv->wait_command_queue);
2277 }
2278 
2279 #ifdef CONFIG_IPW2100_DEBUG
2280 static const char *frame_types[] = {
2281 	"COMMAND_STATUS_VAL",
2282 	"STATUS_CHANGE_VAL",
2283 	"P80211_DATA_VAL",
2284 	"P8023_DATA_VAL",
2285 	"HOST_NOTIFICATION_VAL"
2286 };
2287 #endif
2288 
2289 static int ipw2100_alloc_skb(struct ipw2100_priv *priv,
2290 				    struct ipw2100_rx_packet *packet)
2291 {
2292 	packet->skb = dev_alloc_skb(sizeof(struct ipw2100_rx));
2293 	if (!packet->skb)
2294 		return -ENOMEM;
2295 
2296 	packet->rxp = (struct ipw2100_rx *)packet->skb->data;
2297 	packet->dma_addr = dma_map_single(&priv->pci_dev->dev,
2298 					  packet->skb->data,
2299 					  sizeof(struct ipw2100_rx),
2300 					  DMA_FROM_DEVICE);
2301 	if (dma_mapping_error(&priv->pci_dev->dev, packet->dma_addr)) {
2302 		dev_kfree_skb(packet->skb);
2303 		return -ENOMEM;
2304 	}
2305 
2306 	return 0;
2307 }
2308 
2309 #define SEARCH_ERROR   0xffffffff
2310 #define SEARCH_FAIL    0xfffffffe
2311 #define SEARCH_SUCCESS 0xfffffff0
2312 #define SEARCH_DISCARD 0
2313 #define SEARCH_SNAPSHOT 1
2314 
2315 #define SNAPSHOT_ADDR(ofs) (priv->snapshot[((ofs) >> 12) & 0xff] + ((ofs) & 0xfff))
2316 static void ipw2100_snapshot_free(struct ipw2100_priv *priv)
2317 {
2318 	int i;
2319 	if (!priv->snapshot[0])
2320 		return;
2321 	for (i = 0; i < 0x30; i++)
2322 		kfree(priv->snapshot[i]);
2323 	priv->snapshot[0] = NULL;
2324 }
2325 
2326 #ifdef IPW2100_DEBUG_C3
2327 static int ipw2100_snapshot_alloc(struct ipw2100_priv *priv)
2328 {
2329 	int i;
2330 	if (priv->snapshot[0])
2331 		return 1;
2332 	for (i = 0; i < 0x30; i++) {
2333 		priv->snapshot[i] = kmalloc(0x1000, GFP_ATOMIC);
2334 		if (!priv->snapshot[i]) {
2335 			IPW_DEBUG_INFO("%s: Error allocating snapshot "
2336 				       "buffer %d\n", priv->net_dev->name, i);
2337 			while (i > 0)
2338 				kfree(priv->snapshot[--i]);
2339 			priv->snapshot[0] = NULL;
2340 			return 0;
2341 		}
2342 	}
2343 
2344 	return 1;
2345 }
2346 
2347 static u32 ipw2100_match_buf(struct ipw2100_priv *priv, u8 * in_buf,
2348 				    size_t len, int mode)
2349 {
2350 	u32 i, j;
2351 	u32 tmp;
2352 	u8 *s, *d;
2353 	u32 ret;
2354 
2355 	s = in_buf;
2356 	if (mode == SEARCH_SNAPSHOT) {
2357 		if (!ipw2100_snapshot_alloc(priv))
2358 			mode = SEARCH_DISCARD;
2359 	}
2360 
2361 	for (ret = SEARCH_FAIL, i = 0; i < 0x30000; i += 4) {
2362 		read_nic_dword(priv->net_dev, i, &tmp);
2363 		if (mode == SEARCH_SNAPSHOT)
2364 			*(u32 *) SNAPSHOT_ADDR(i) = tmp;
2365 		if (ret == SEARCH_FAIL) {
2366 			d = (u8 *) & tmp;
2367 			for (j = 0; j < 4; j++) {
2368 				if (*s != *d) {
2369 					s = in_buf;
2370 					continue;
2371 				}
2372 
2373 				s++;
2374 				d++;
2375 
2376 				if ((s - in_buf) == len)
2377 					ret = (i + j) - len + 1;
2378 			}
2379 		} else if (mode == SEARCH_DISCARD)
2380 			return ret;
2381 	}
2382 
2383 	return ret;
2384 }
2385 #endif
2386 
2387 /*
2388  *
2389  * 0) Disconnect the SKB from the firmware (just unmap)
2390  * 1) Pack the ETH header into the SKB
2391  * 2) Pass the SKB to the network stack
2392  *
2393  * When packet is provided by the firmware, it contains the following:
2394  *
2395  * .  libipw_hdr
2396  * .  libipw_snap_hdr
2397  *
2398  * The size of the constructed ethernet
2399  *
2400  */
2401 #ifdef IPW2100_RX_DEBUG
2402 static u8 packet_data[IPW_RX_NIC_BUFFER_LENGTH];
2403 #endif
2404 
2405 static void ipw2100_corruption_detected(struct ipw2100_priv *priv, int i)
2406 {
2407 #ifdef IPW2100_DEBUG_C3
2408 	struct ipw2100_status *status = &priv->status_queue.drv[i];
2409 	u32 match, reg;
2410 	int j;
2411 #endif
2412 
2413 	IPW_DEBUG_INFO(": PCI latency error detected at 0x%04zX.\n",
2414 		       i * sizeof(struct ipw2100_status));
2415 
2416 #ifdef IPW2100_DEBUG_C3
2417 	/* Halt the firmware so we can get a good image */
2418 	write_register(priv->net_dev, IPW_REG_RESET_REG,
2419 		       IPW_AUX_HOST_RESET_REG_STOP_MASTER);
2420 	j = 5;
2421 	do {
2422 		udelay(IPW_WAIT_RESET_MASTER_ASSERT_COMPLETE_DELAY);
2423 		read_register(priv->net_dev, IPW_REG_RESET_REG, &reg);
2424 
2425 		if (reg & IPW_AUX_HOST_RESET_REG_MASTER_DISABLED)
2426 			break;
2427 	} while (j--);
2428 
2429 	match = ipw2100_match_buf(priv, (u8 *) status,
2430 				  sizeof(struct ipw2100_status),
2431 				  SEARCH_SNAPSHOT);
2432 	if (match < SEARCH_SUCCESS)
2433 		IPW_DEBUG_INFO("%s: DMA status match in Firmware at "
2434 			       "offset 0x%06X, length %d:\n",
2435 			       priv->net_dev->name, match,
2436 			       sizeof(struct ipw2100_status));
2437 	else
2438 		IPW_DEBUG_INFO("%s: No DMA status match in "
2439 			       "Firmware.\n", priv->net_dev->name);
2440 
2441 	printk_buf((u8 *) priv->status_queue.drv,
2442 		   sizeof(struct ipw2100_status) * RX_QUEUE_LENGTH);
2443 #endif
2444 
2445 	priv->fatal_error = IPW2100_ERR_C3_CORRUPTION;
2446 	priv->net_dev->stats.rx_errors++;
2447 	schedule_reset(priv);
2448 }
2449 
2450 static void isr_rx(struct ipw2100_priv *priv, int i,
2451 			  struct libipw_rx_stats *stats)
2452 {
2453 	struct net_device *dev = priv->net_dev;
2454 	struct ipw2100_status *status = &priv->status_queue.drv[i];
2455 	struct ipw2100_rx_packet *packet = &priv->rx_buffers[i];
2456 
2457 	IPW_DEBUG_RX("Handler...\n");
2458 
2459 	if (unlikely(status->frame_size > skb_tailroom(packet->skb))) {
2460 		IPW_DEBUG_INFO("%s: frame_size (%u) > skb_tailroom (%u)!"
2461 			       "  Dropping.\n",
2462 			       dev->name,
2463 			       status->frame_size, skb_tailroom(packet->skb));
2464 		dev->stats.rx_errors++;
2465 		return;
2466 	}
2467 
2468 	if (unlikely(!netif_running(dev))) {
2469 		dev->stats.rx_errors++;
2470 		priv->wstats.discard.misc++;
2471 		IPW_DEBUG_DROP("Dropping packet while interface is not up.\n");
2472 		return;
2473 	}
2474 
2475 	if (unlikely(priv->ieee->iw_mode != IW_MODE_MONITOR &&
2476 		     !(priv->status & STATUS_ASSOCIATED))) {
2477 		IPW_DEBUG_DROP("Dropping packet while not associated.\n");
2478 		priv->wstats.discard.misc++;
2479 		return;
2480 	}
2481 
2482 	dma_unmap_single(&priv->pci_dev->dev, packet->dma_addr,
2483 			 sizeof(struct ipw2100_rx), DMA_FROM_DEVICE);
2484 
2485 	skb_put(packet->skb, status->frame_size);
2486 
2487 #ifdef IPW2100_RX_DEBUG
2488 	/* Make a copy of the frame so we can dump it to the logs if
2489 	 * libipw_rx fails */
2490 	skb_copy_from_linear_data(packet->skb, packet_data,
2491 				  min_t(u32, status->frame_size,
2492 					     IPW_RX_NIC_BUFFER_LENGTH));
2493 #endif
2494 
2495 	if (!libipw_rx(priv->ieee, packet->skb, stats)) {
2496 #ifdef IPW2100_RX_DEBUG
2497 		IPW_DEBUG_DROP("%s: Non consumed packet:\n",
2498 			       dev->name);
2499 		printk_buf(IPW_DL_DROP, packet_data, status->frame_size);
2500 #endif
2501 		dev->stats.rx_errors++;
2502 
2503 		/* libipw_rx failed, so it didn't free the SKB */
2504 		dev_kfree_skb_any(packet->skb);
2505 		packet->skb = NULL;
2506 	}
2507 
2508 	/* We need to allocate a new SKB and attach it to the RDB. */
2509 	if (unlikely(ipw2100_alloc_skb(priv, packet))) {
2510 		printk(KERN_WARNING DRV_NAME ": "
2511 		       "%s: Unable to allocate SKB onto RBD ring - disabling "
2512 		       "adapter.\n", dev->name);
2513 		/* TODO: schedule adapter shutdown */
2514 		IPW_DEBUG_INFO("TODO: Shutdown adapter...\n");
2515 	}
2516 
2517 	/* Update the RDB entry */
2518 	priv->rx_queue.drv[i].host_addr = packet->dma_addr;
2519 }
2520 
2521 #ifdef CONFIG_IPW2100_MONITOR
2522 
2523 static void isr_rx_monitor(struct ipw2100_priv *priv, int i,
2524 		   struct libipw_rx_stats *stats)
2525 {
2526 	struct net_device *dev = priv->net_dev;
2527 	struct ipw2100_status *status = &priv->status_queue.drv[i];
2528 	struct ipw2100_rx_packet *packet = &priv->rx_buffers[i];
2529 
2530 	/* Magic struct that slots into the radiotap header -- no reason
2531 	 * to build this manually element by element, we can write it much
2532 	 * more efficiently than we can parse it. ORDER MATTERS HERE */
2533 	struct ipw_rt_hdr {
2534 		struct ieee80211_radiotap_header rt_hdr;
2535 		s8 rt_dbmsignal; /* signal in dbM, kluged to signed */
2536 	} *ipw_rt;
2537 
2538 	IPW_DEBUG_RX("Handler...\n");
2539 
2540 	if (unlikely(status->frame_size > skb_tailroom(packet->skb) -
2541 				sizeof(struct ipw_rt_hdr))) {
2542 		IPW_DEBUG_INFO("%s: frame_size (%u) > skb_tailroom (%u)!"
2543 			       "  Dropping.\n",
2544 			       dev->name,
2545 			       status->frame_size,
2546 			       skb_tailroom(packet->skb));
2547 		dev->stats.rx_errors++;
2548 		return;
2549 	}
2550 
2551 	if (unlikely(!netif_running(dev))) {
2552 		dev->stats.rx_errors++;
2553 		priv->wstats.discard.misc++;
2554 		IPW_DEBUG_DROP("Dropping packet while interface is not up.\n");
2555 		return;
2556 	}
2557 
2558 	if (unlikely(priv->config & CFG_CRC_CHECK &&
2559 		     status->flags & IPW_STATUS_FLAG_CRC_ERROR)) {
2560 		IPW_DEBUG_RX("CRC error in packet.  Dropping.\n");
2561 		dev->stats.rx_errors++;
2562 		return;
2563 	}
2564 
2565 	dma_unmap_single(&priv->pci_dev->dev, packet->dma_addr,
2566 			 sizeof(struct ipw2100_rx), DMA_FROM_DEVICE);
2567 	memmove(packet->skb->data + sizeof(struct ipw_rt_hdr),
2568 		packet->skb->data, status->frame_size);
2569 
2570 	ipw_rt = (struct ipw_rt_hdr *) packet->skb->data;
2571 
2572 	ipw_rt->rt_hdr.it_version = PKTHDR_RADIOTAP_VERSION;
2573 	ipw_rt->rt_hdr.it_pad = 0; /* always good to zero */
2574 	ipw_rt->rt_hdr.it_len = cpu_to_le16(sizeof(struct ipw_rt_hdr)); /* total hdr+data */
2575 
2576 	ipw_rt->rt_hdr.it_present = cpu_to_le32(1 << IEEE80211_RADIOTAP_DBM_ANTSIGNAL);
2577 
2578 	ipw_rt->rt_dbmsignal = status->rssi + IPW2100_RSSI_TO_DBM;
2579 
2580 	skb_put(packet->skb, status->frame_size + sizeof(struct ipw_rt_hdr));
2581 
2582 	if (!libipw_rx(priv->ieee, packet->skb, stats)) {
2583 		dev->stats.rx_errors++;
2584 
2585 		/* libipw_rx failed, so it didn't free the SKB */
2586 		dev_kfree_skb_any(packet->skb);
2587 		packet->skb = NULL;
2588 	}
2589 
2590 	/* We need to allocate a new SKB and attach it to the RDB. */
2591 	if (unlikely(ipw2100_alloc_skb(priv, packet))) {
2592 		IPW_DEBUG_WARNING(
2593 			"%s: Unable to allocate SKB onto RBD ring - disabling "
2594 			"adapter.\n", dev->name);
2595 		/* TODO: schedule adapter shutdown */
2596 		IPW_DEBUG_INFO("TODO: Shutdown adapter...\n");
2597 	}
2598 
2599 	/* Update the RDB entry */
2600 	priv->rx_queue.drv[i].host_addr = packet->dma_addr;
2601 }
2602 
2603 #endif
2604 
2605 static int ipw2100_corruption_check(struct ipw2100_priv *priv, int i)
2606 {
2607 	struct ipw2100_status *status = &priv->status_queue.drv[i];
2608 	struct ipw2100_rx *u = priv->rx_buffers[i].rxp;
2609 	u16 frame_type = status->status_fields & STATUS_TYPE_MASK;
2610 
2611 	switch (frame_type) {
2612 	case COMMAND_STATUS_VAL:
2613 		return (status->frame_size != sizeof(u->rx_data.command));
2614 	case STATUS_CHANGE_VAL:
2615 		return (status->frame_size != sizeof(u->rx_data.status));
2616 	case HOST_NOTIFICATION_VAL:
2617 		return (status->frame_size < sizeof(u->rx_data.notification));
2618 	case P80211_DATA_VAL:
2619 	case P8023_DATA_VAL:
2620 #ifdef CONFIG_IPW2100_MONITOR
2621 		return 0;
2622 #else
2623 		switch (WLAN_FC_GET_TYPE(le16_to_cpu(u->rx_data.header.frame_ctl))) {
2624 		case IEEE80211_FTYPE_MGMT:
2625 		case IEEE80211_FTYPE_CTL:
2626 			return 0;
2627 		case IEEE80211_FTYPE_DATA:
2628 			return (status->frame_size >
2629 				IPW_MAX_802_11_PAYLOAD_LENGTH);
2630 		}
2631 #endif
2632 	}
2633 
2634 	return 1;
2635 }
2636 
2637 /*
2638  * ipw2100 interrupts are disabled at this point, and the ISR
2639  * is the only code that calls this method.  So, we do not need
2640  * to play with any locks.
2641  *
2642  * RX Queue works as follows:
2643  *
2644  * Read index - firmware places packet in entry identified by the
2645  *              Read index and advances Read index.  In this manner,
2646  *              Read index will always point to the next packet to
2647  *              be filled--but not yet valid.
2648  *
2649  * Write index - driver fills this entry with an unused RBD entry.
2650  *               This entry has not filled by the firmware yet.
2651  *
2652  * In between the W and R indexes are the RBDs that have been received
2653  * but not yet processed.
2654  *
2655  * The process of handling packets will start at WRITE + 1 and advance
2656  * until it reaches the READ index.
2657  *
2658  * The WRITE index is cached in the variable 'priv->rx_queue.next'.
2659  *
2660  */
2661 static void __ipw2100_rx_process(struct ipw2100_priv *priv)
2662 {
2663 	struct ipw2100_bd_queue *rxq = &priv->rx_queue;
2664 	struct ipw2100_status_queue *sq = &priv->status_queue;
2665 	struct ipw2100_rx_packet *packet;
2666 	u16 frame_type;
2667 	u32 r, w, i, s;
2668 	struct ipw2100_rx *u;
2669 	struct libipw_rx_stats stats = {
2670 		.mac_time = jiffies,
2671 	};
2672 
2673 	read_register(priv->net_dev, IPW_MEM_HOST_SHARED_RX_READ_INDEX, &r);
2674 	read_register(priv->net_dev, IPW_MEM_HOST_SHARED_RX_WRITE_INDEX, &w);
2675 
2676 	if (r >= rxq->entries) {
2677 		IPW_DEBUG_RX("exit - bad read index\n");
2678 		return;
2679 	}
2680 
2681 	i = (rxq->next + 1) % rxq->entries;
2682 	s = i;
2683 	while (i != r) {
2684 		/* IPW_DEBUG_RX("r = %d : w = %d : processing = %d\n",
2685 		   r, rxq->next, i); */
2686 
2687 		packet = &priv->rx_buffers[i];
2688 
2689 		/* Sync the DMA for the RX buffer so CPU is sure to get
2690 		 * the correct values */
2691 		dma_sync_single_for_cpu(&priv->pci_dev->dev, packet->dma_addr,
2692 					sizeof(struct ipw2100_rx),
2693 					DMA_FROM_DEVICE);
2694 
2695 		if (unlikely(ipw2100_corruption_check(priv, i))) {
2696 			ipw2100_corruption_detected(priv, i);
2697 			goto increment;
2698 		}
2699 
2700 		u = packet->rxp;
2701 		frame_type = sq->drv[i].status_fields & STATUS_TYPE_MASK;
2702 		stats.rssi = sq->drv[i].rssi + IPW2100_RSSI_TO_DBM;
2703 		stats.len = sq->drv[i].frame_size;
2704 
2705 		stats.mask = 0;
2706 		if (stats.rssi != 0)
2707 			stats.mask |= LIBIPW_STATMASK_RSSI;
2708 		stats.freq = LIBIPW_24GHZ_BAND;
2709 
2710 		IPW_DEBUG_RX("%s: '%s' frame type received (%d).\n",
2711 			     priv->net_dev->name, frame_types[frame_type],
2712 			     stats.len);
2713 
2714 		switch (frame_type) {
2715 		case COMMAND_STATUS_VAL:
2716 			/* Reset Rx watchdog */
2717 			isr_rx_complete_command(priv, &u->rx_data.command);
2718 			break;
2719 
2720 		case STATUS_CHANGE_VAL:
2721 			isr_status_change(priv, u->rx_data.status);
2722 			break;
2723 
2724 		case P80211_DATA_VAL:
2725 		case P8023_DATA_VAL:
2726 #ifdef CONFIG_IPW2100_MONITOR
2727 			if (priv->ieee->iw_mode == IW_MODE_MONITOR) {
2728 				isr_rx_monitor(priv, i, &stats);
2729 				break;
2730 			}
2731 #endif
2732 			if (stats.len < sizeof(struct libipw_hdr_3addr))
2733 				break;
2734 			switch (WLAN_FC_GET_TYPE(le16_to_cpu(u->rx_data.header.frame_ctl))) {
2735 			case IEEE80211_FTYPE_MGMT:
2736 				libipw_rx_mgt(priv->ieee,
2737 						 &u->rx_data.header, &stats);
2738 				break;
2739 
2740 			case IEEE80211_FTYPE_CTL:
2741 				break;
2742 
2743 			case IEEE80211_FTYPE_DATA:
2744 				isr_rx(priv, i, &stats);
2745 				break;
2746 
2747 			}
2748 			break;
2749 		}
2750 
2751 	      increment:
2752 		/* clear status field associated with this RBD */
2753 		rxq->drv[i].status.info.field = 0;
2754 
2755 		i = (i + 1) % rxq->entries;
2756 	}
2757 
2758 	if (i != s) {
2759 		/* backtrack one entry, wrapping to end if at 0 */
2760 		rxq->next = (i ? i : rxq->entries) - 1;
2761 
2762 		write_register(priv->net_dev,
2763 			       IPW_MEM_HOST_SHARED_RX_WRITE_INDEX, rxq->next);
2764 	}
2765 }
2766 
2767 /*
2768  * __ipw2100_tx_process
2769  *
2770  * This routine will determine whether the next packet on
2771  * the fw_pend_list has been processed by the firmware yet.
2772  *
2773  * If not, then it does nothing and returns.
2774  *
2775  * If so, then it removes the item from the fw_pend_list, frees
2776  * any associated storage, and places the item back on the
2777  * free list of its source (either msg_free_list or tx_free_list)
2778  *
2779  * TX Queue works as follows:
2780  *
2781  * Read index - points to the next TBD that the firmware will
2782  *              process.  The firmware will read the data, and once
2783  *              done processing, it will advance the Read index.
2784  *
2785  * Write index - driver fills this entry with an constructed TBD
2786  *               entry.  The Write index is not advanced until the
2787  *               packet has been configured.
2788  *
2789  * In between the W and R indexes are the TBDs that have NOT been
2790  * processed.  Lagging behind the R index are packets that have
2791  * been processed but have not been freed by the driver.
2792  *
2793  * In order to free old storage, an internal index will be maintained
2794  * that points to the next packet to be freed.  When all used
2795  * packets have been freed, the oldest index will be the same as the
2796  * firmware's read index.
2797  *
2798  * The OLDEST index is cached in the variable 'priv->tx_queue.oldest'
2799  *
2800  * Because the TBD structure can not contain arbitrary data, the
2801  * driver must keep an internal queue of cached allocations such that
2802  * it can put that data back into the tx_free_list and msg_free_list
2803  * for use by future command and data packets.
2804  *
2805  */
2806 static int __ipw2100_tx_process(struct ipw2100_priv *priv)
2807 {
2808 	struct ipw2100_bd_queue *txq = &priv->tx_queue;
2809 	struct ipw2100_bd *tbd;
2810 	struct list_head *element;
2811 	struct ipw2100_tx_packet *packet;
2812 	int descriptors_used;
2813 	int e, i;
2814 	u32 r, w, frag_num = 0;
2815 
2816 	if (list_empty(&priv->fw_pend_list))
2817 		return 0;
2818 
2819 	element = priv->fw_pend_list.next;
2820 
2821 	packet = list_entry(element, struct ipw2100_tx_packet, list);
2822 	tbd = &txq->drv[packet->index];
2823 
2824 	/* Determine how many TBD entries must be finished... */
2825 	switch (packet->type) {
2826 	case COMMAND:
2827 		/* COMMAND uses only one slot; don't advance */
2828 		descriptors_used = 1;
2829 		e = txq->oldest;
2830 		break;
2831 
2832 	case DATA:
2833 		/* DATA uses two slots; advance and loop position. */
2834 		descriptors_used = tbd->num_fragments;
2835 		frag_num = tbd->num_fragments - 1;
2836 		e = txq->oldest + frag_num;
2837 		e %= txq->entries;
2838 		break;
2839 
2840 	default:
2841 		printk(KERN_WARNING DRV_NAME ": %s: Bad fw_pend_list entry!\n",
2842 		       priv->net_dev->name);
2843 		return 0;
2844 	}
2845 
2846 	/* if the last TBD is not done by NIC yet, then packet is
2847 	 * not ready to be released.
2848 	 *
2849 	 */
2850 	read_register(priv->net_dev, IPW_MEM_HOST_SHARED_TX_QUEUE_READ_INDEX,
2851 		      &r);
2852 	read_register(priv->net_dev, IPW_MEM_HOST_SHARED_TX_QUEUE_WRITE_INDEX,
2853 		      &w);
2854 	if (w != txq->next)
2855 		printk(KERN_WARNING DRV_NAME ": %s: write index mismatch\n",
2856 		       priv->net_dev->name);
2857 
2858 	/*
2859 	 * txq->next is the index of the last packet written txq->oldest is
2860 	 * the index of the r is the index of the next packet to be read by
2861 	 * firmware
2862 	 */
2863 
2864 	/*
2865 	 * Quick graphic to help you visualize the following
2866 	 * if / else statement
2867 	 *
2868 	 * ===>|                     s---->|===============
2869 	 *                               e>|
2870 	 * | a | b | c | d | e | f | g | h | i | j | k | l
2871 	 *       r---->|
2872 	 *               w
2873 	 *
2874 	 * w - updated by driver
2875 	 * r - updated by firmware
2876 	 * s - start of oldest BD entry (txq->oldest)
2877 	 * e - end of oldest BD entry
2878 	 *
2879 	 */
2880 	if (!((r <= w && (e < r || e >= w)) || (e < r && e >= w))) {
2881 		IPW_DEBUG_TX("exit - no processed packets ready to release.\n");
2882 		return 0;
2883 	}
2884 
2885 	list_del(element);
2886 	DEC_STAT(&priv->fw_pend_stat);
2887 
2888 #ifdef CONFIG_IPW2100_DEBUG
2889 	{
2890 		i = txq->oldest;
2891 		IPW_DEBUG_TX("TX%d V=%p P=%04X T=%04X L=%d\n", i,
2892 			     &txq->drv[i],
2893 			     (u32) (txq->nic + i * sizeof(struct ipw2100_bd)),
2894 			     txq->drv[i].host_addr, txq->drv[i].buf_length);
2895 
2896 		if (packet->type == DATA) {
2897 			i = (i + 1) % txq->entries;
2898 
2899 			IPW_DEBUG_TX("TX%d V=%p P=%04X T=%04X L=%d\n", i,
2900 				     &txq->drv[i],
2901 				     (u32) (txq->nic + i *
2902 					    sizeof(struct ipw2100_bd)),
2903 				     (u32) txq->drv[i].host_addr,
2904 				     txq->drv[i].buf_length);
2905 		}
2906 	}
2907 #endif
2908 
2909 	switch (packet->type) {
2910 	case DATA:
2911 		if (txq->drv[txq->oldest].status.info.fields.txType != 0)
2912 			printk(KERN_WARNING DRV_NAME ": %s: Queue mismatch.  "
2913 			       "Expecting DATA TBD but pulled "
2914 			       "something else: ids %d=%d.\n",
2915 			       priv->net_dev->name, txq->oldest, packet->index);
2916 
2917 		/* DATA packet; we have to unmap and free the SKB */
2918 		for (i = 0; i < frag_num; i++) {
2919 			tbd = &txq->drv[(packet->index + 1 + i) % txq->entries];
2920 
2921 			IPW_DEBUG_TX("TX%d P=%08x L=%d\n",
2922 				     (packet->index + 1 + i) % txq->entries,
2923 				     tbd->host_addr, tbd->buf_length);
2924 
2925 			dma_unmap_single(&priv->pci_dev->dev, tbd->host_addr,
2926 					 tbd->buf_length, DMA_TO_DEVICE);
2927 		}
2928 
2929 		libipw_txb_free(packet->info.d_struct.txb);
2930 		packet->info.d_struct.txb = NULL;
2931 
2932 		list_add_tail(element, &priv->tx_free_list);
2933 		INC_STAT(&priv->tx_free_stat);
2934 
2935 		/* We have a free slot in the Tx queue, so wake up the
2936 		 * transmit layer if it is stopped. */
2937 		if (priv->status & STATUS_ASSOCIATED)
2938 			netif_wake_queue(priv->net_dev);
2939 
2940 		/* A packet was processed by the hardware, so update the
2941 		 * watchdog */
2942 		netif_trans_update(priv->net_dev);
2943 
2944 		break;
2945 
2946 	case COMMAND:
2947 		if (txq->drv[txq->oldest].status.info.fields.txType != 1)
2948 			printk(KERN_WARNING DRV_NAME ": %s: Queue mismatch.  "
2949 			       "Expecting COMMAND TBD but pulled "
2950 			       "something else: ids %d=%d.\n",
2951 			       priv->net_dev->name, txq->oldest, packet->index);
2952 
2953 #ifdef CONFIG_IPW2100_DEBUG
2954 		if (packet->info.c_struct.cmd->host_command_reg <
2955 		    ARRAY_SIZE(command_types))
2956 			IPW_DEBUG_TX("Command '%s (%d)' processed: %d.\n",
2957 				     command_types[packet->info.c_struct.cmd->
2958 						   host_command_reg],
2959 				     packet->info.c_struct.cmd->
2960 				     host_command_reg,
2961 				     packet->info.c_struct.cmd->cmd_status_reg);
2962 #endif
2963 
2964 		list_add_tail(element, &priv->msg_free_list);
2965 		INC_STAT(&priv->msg_free_stat);
2966 		break;
2967 	}
2968 
2969 	/* advance oldest used TBD pointer to start of next entry */
2970 	txq->oldest = (e + 1) % txq->entries;
2971 	/* increase available TBDs number */
2972 	txq->available += descriptors_used;
2973 	SET_STAT(&priv->txq_stat, txq->available);
2974 
2975 	IPW_DEBUG_TX("packet latency (send to process)  %ld jiffies\n",
2976 		     jiffies - packet->jiffy_start);
2977 
2978 	return (!list_empty(&priv->fw_pend_list));
2979 }
2980 
2981 static inline void __ipw2100_tx_complete(struct ipw2100_priv *priv)
2982 {
2983 	int i = 0;
2984 
2985 	while (__ipw2100_tx_process(priv) && i < 200)
2986 		i++;
2987 
2988 	if (i == 200) {
2989 		printk(KERN_WARNING DRV_NAME ": "
2990 		       "%s: Driver is running slow (%d iters).\n",
2991 		       priv->net_dev->name, i);
2992 	}
2993 }
2994 
2995 static void ipw2100_tx_send_commands(struct ipw2100_priv *priv)
2996 {
2997 	struct list_head *element;
2998 	struct ipw2100_tx_packet *packet;
2999 	struct ipw2100_bd_queue *txq = &priv->tx_queue;
3000 	struct ipw2100_bd *tbd;
3001 	int next = txq->next;
3002 
3003 	while (!list_empty(&priv->msg_pend_list)) {
3004 		/* if there isn't enough space in TBD queue, then
3005 		 * don't stuff a new one in.
3006 		 * NOTE: 3 are needed as a command will take one,
3007 		 *       and there is a minimum of 2 that must be
3008 		 *       maintained between the r and w indexes
3009 		 */
3010 		if (txq->available <= 3) {
3011 			IPW_DEBUG_TX("no room in tx_queue\n");
3012 			break;
3013 		}
3014 
3015 		element = priv->msg_pend_list.next;
3016 		list_del(element);
3017 		DEC_STAT(&priv->msg_pend_stat);
3018 
3019 		packet = list_entry(element, struct ipw2100_tx_packet, list);
3020 
3021 		IPW_DEBUG_TX("using TBD at virt=%p, phys=%04X\n",
3022 			     &txq->drv[txq->next],
3023 			     (u32) (txq->nic + txq->next *
3024 				      sizeof(struct ipw2100_bd)));
3025 
3026 		packet->index = txq->next;
3027 
3028 		tbd = &txq->drv[txq->next];
3029 
3030 		/* initialize TBD */
3031 		tbd->host_addr = packet->info.c_struct.cmd_phys;
3032 		tbd->buf_length = sizeof(struct ipw2100_cmd_header);
3033 		/* not marking number of fragments causes problems
3034 		 * with f/w debug version */
3035 		tbd->num_fragments = 1;
3036 		tbd->status.info.field =
3037 		    IPW_BD_STATUS_TX_FRAME_COMMAND |
3038 		    IPW_BD_STATUS_TX_INTERRUPT_ENABLE;
3039 
3040 		/* update TBD queue counters */
3041 		txq->next++;
3042 		txq->next %= txq->entries;
3043 		txq->available--;
3044 		DEC_STAT(&priv->txq_stat);
3045 
3046 		list_add_tail(element, &priv->fw_pend_list);
3047 		INC_STAT(&priv->fw_pend_stat);
3048 	}
3049 
3050 	if (txq->next != next) {
3051 		/* kick off the DMA by notifying firmware the
3052 		 * write index has moved; make sure TBD stores are sync'd */
3053 		wmb();
3054 		write_register(priv->net_dev,
3055 			       IPW_MEM_HOST_SHARED_TX_QUEUE_WRITE_INDEX,
3056 			       txq->next);
3057 	}
3058 }
3059 
3060 /*
3061  * ipw2100_tx_send_data
3062  *
3063  */
3064 static void ipw2100_tx_send_data(struct ipw2100_priv *priv)
3065 {
3066 	struct list_head *element;
3067 	struct ipw2100_tx_packet *packet;
3068 	struct ipw2100_bd_queue *txq = &priv->tx_queue;
3069 	struct ipw2100_bd *tbd;
3070 	int next = txq->next;
3071 	int i = 0;
3072 	struct ipw2100_data_header *ipw_hdr;
3073 	struct libipw_hdr_3addr *hdr;
3074 
3075 	while (!list_empty(&priv->tx_pend_list)) {
3076 		/* if there isn't enough space in TBD queue, then
3077 		 * don't stuff a new one in.
3078 		 * NOTE: 4 are needed as a data will take two,
3079 		 *       and there is a minimum of 2 that must be
3080 		 *       maintained between the r and w indexes
3081 		 */
3082 		element = priv->tx_pend_list.next;
3083 		packet = list_entry(element, struct ipw2100_tx_packet, list);
3084 
3085 		if (unlikely(1 + packet->info.d_struct.txb->nr_frags >
3086 			     IPW_MAX_BDS)) {
3087 			/* TODO: Support merging buffers if more than
3088 			 * IPW_MAX_BDS are used */
3089 			IPW_DEBUG_INFO("%s: Maximum BD threshold exceeded.  "
3090 				       "Increase fragmentation level.\n",
3091 				       priv->net_dev->name);
3092 		}
3093 
3094 		if (txq->available <= 3 + packet->info.d_struct.txb->nr_frags) {
3095 			IPW_DEBUG_TX("no room in tx_queue\n");
3096 			break;
3097 		}
3098 
3099 		list_del(element);
3100 		DEC_STAT(&priv->tx_pend_stat);
3101 
3102 		tbd = &txq->drv[txq->next];
3103 
3104 		packet->index = txq->next;
3105 
3106 		ipw_hdr = packet->info.d_struct.data;
3107 		hdr = (struct libipw_hdr_3addr *)packet->info.d_struct.txb->
3108 		    fragments[0]->data;
3109 
3110 		if (priv->ieee->iw_mode == IW_MODE_INFRA) {
3111 			/* To DS: Addr1 = BSSID, Addr2 = SA,
3112 			   Addr3 = DA */
3113 			memcpy(ipw_hdr->src_addr, hdr->addr2, ETH_ALEN);
3114 			memcpy(ipw_hdr->dst_addr, hdr->addr3, ETH_ALEN);
3115 		} else if (priv->ieee->iw_mode == IW_MODE_ADHOC) {
3116 			/* not From/To DS: Addr1 = DA, Addr2 = SA,
3117 			   Addr3 = BSSID */
3118 			memcpy(ipw_hdr->src_addr, hdr->addr2, ETH_ALEN);
3119 			memcpy(ipw_hdr->dst_addr, hdr->addr1, ETH_ALEN);
3120 		}
3121 
3122 		ipw_hdr->host_command_reg = SEND;
3123 		ipw_hdr->host_command_reg1 = 0;
3124 
3125 		/* For now we only support host based encryption */
3126 		ipw_hdr->needs_encryption = 0;
3127 		ipw_hdr->encrypted = packet->info.d_struct.txb->encrypted;
3128 		if (packet->info.d_struct.txb->nr_frags > 1)
3129 			ipw_hdr->fragment_size =
3130 			    packet->info.d_struct.txb->frag_size -
3131 			    LIBIPW_3ADDR_LEN;
3132 		else
3133 			ipw_hdr->fragment_size = 0;
3134 
3135 		tbd->host_addr = packet->info.d_struct.data_phys;
3136 		tbd->buf_length = sizeof(struct ipw2100_data_header);
3137 		tbd->num_fragments = 1 + packet->info.d_struct.txb->nr_frags;
3138 		tbd->status.info.field =
3139 		    IPW_BD_STATUS_TX_FRAME_802_3 |
3140 		    IPW_BD_STATUS_TX_FRAME_NOT_LAST_FRAGMENT;
3141 		txq->next++;
3142 		txq->next %= txq->entries;
3143 
3144 		IPW_DEBUG_TX("data header tbd TX%d P=%08x L=%d\n",
3145 			     packet->index, tbd->host_addr, tbd->buf_length);
3146 #ifdef CONFIG_IPW2100_DEBUG
3147 		if (packet->info.d_struct.txb->nr_frags > 1)
3148 			IPW_DEBUG_FRAG("fragment Tx: %d frames\n",
3149 				       packet->info.d_struct.txb->nr_frags);
3150 #endif
3151 
3152 		for (i = 0; i < packet->info.d_struct.txb->nr_frags; i++) {
3153 			tbd = &txq->drv[txq->next];
3154 			if (i == packet->info.d_struct.txb->nr_frags - 1)
3155 				tbd->status.info.field =
3156 				    IPW_BD_STATUS_TX_FRAME_802_3 |
3157 				    IPW_BD_STATUS_TX_INTERRUPT_ENABLE;
3158 			else
3159 				tbd->status.info.field =
3160 				    IPW_BD_STATUS_TX_FRAME_802_3 |
3161 				    IPW_BD_STATUS_TX_FRAME_NOT_LAST_FRAGMENT;
3162 
3163 			tbd->buf_length = packet->info.d_struct.txb->
3164 			    fragments[i]->len - LIBIPW_3ADDR_LEN;
3165 
3166 			tbd->host_addr = dma_map_single(&priv->pci_dev->dev,
3167 							packet->info.d_struct.
3168 							txb->fragments[i]->data +
3169 							LIBIPW_3ADDR_LEN,
3170 							tbd->buf_length,
3171 							DMA_TO_DEVICE);
3172 			if (dma_mapping_error(&priv->pci_dev->dev, tbd->host_addr)) {
3173 				IPW_DEBUG_TX("dma mapping error\n");
3174 				break;
3175 			}
3176 
3177 			IPW_DEBUG_TX("data frag tbd TX%d P=%08x L=%d\n",
3178 				     txq->next, tbd->host_addr,
3179 				     tbd->buf_length);
3180 
3181 			dma_sync_single_for_device(&priv->pci_dev->dev,
3182 						   tbd->host_addr,
3183 						   tbd->buf_length,
3184 						   DMA_TO_DEVICE);
3185 
3186 			txq->next++;
3187 			txq->next %= txq->entries;
3188 		}
3189 
3190 		txq->available -= 1 + packet->info.d_struct.txb->nr_frags;
3191 		SET_STAT(&priv->txq_stat, txq->available);
3192 
3193 		list_add_tail(element, &priv->fw_pend_list);
3194 		INC_STAT(&priv->fw_pend_stat);
3195 	}
3196 
3197 	if (txq->next != next) {
3198 		/* kick off the DMA by notifying firmware the
3199 		 * write index has moved; make sure TBD stores are sync'd */
3200 		write_register(priv->net_dev,
3201 			       IPW_MEM_HOST_SHARED_TX_QUEUE_WRITE_INDEX,
3202 			       txq->next);
3203 	}
3204 }
3205 
3206 static void ipw2100_irq_tasklet(struct tasklet_struct *t)
3207 {
3208 	struct ipw2100_priv *priv = from_tasklet(priv, t, irq_tasklet);
3209 	struct net_device *dev = priv->net_dev;
3210 	unsigned long flags;
3211 	u32 inta, tmp;
3212 
3213 	spin_lock_irqsave(&priv->low_lock, flags);
3214 	ipw2100_disable_interrupts(priv);
3215 
3216 	read_register(dev, IPW_REG_INTA, &inta);
3217 
3218 	IPW_DEBUG_ISR("enter - INTA: 0x%08lX\n",
3219 		      (unsigned long)inta & IPW_INTERRUPT_MASK);
3220 
3221 	priv->in_isr++;
3222 	priv->interrupts++;
3223 
3224 	/* We do not loop and keep polling for more interrupts as this
3225 	 * is frowned upon and doesn't play nicely with other potentially
3226 	 * chained IRQs */
3227 	IPW_DEBUG_ISR("INTA: 0x%08lX\n",
3228 		      (unsigned long)inta & IPW_INTERRUPT_MASK);
3229 
3230 	if (inta & IPW2100_INTA_FATAL_ERROR) {
3231 		printk(KERN_WARNING DRV_NAME
3232 		       ": Fatal interrupt. Scheduling firmware restart.\n");
3233 		priv->inta_other++;
3234 		write_register(dev, IPW_REG_INTA, IPW2100_INTA_FATAL_ERROR);
3235 
3236 		read_nic_dword(dev, IPW_NIC_FATAL_ERROR, &priv->fatal_error);
3237 		IPW_DEBUG_INFO("%s: Fatal error value: 0x%08X\n",
3238 			       priv->net_dev->name, priv->fatal_error);
3239 
3240 		read_nic_dword(dev, IPW_ERROR_ADDR(priv->fatal_error), &tmp);
3241 		IPW_DEBUG_INFO("%s: Fatal error address value: 0x%08X\n",
3242 			       priv->net_dev->name, tmp);
3243 
3244 		/* Wake up any sleeping jobs */
3245 		schedule_reset(priv);
3246 	}
3247 
3248 	if (inta & IPW2100_INTA_PARITY_ERROR) {
3249 		printk(KERN_ERR DRV_NAME
3250 		       ": ***** PARITY ERROR INTERRUPT !!!!\n");
3251 		priv->inta_other++;
3252 		write_register(dev, IPW_REG_INTA, IPW2100_INTA_PARITY_ERROR);
3253 	}
3254 
3255 	if (inta & IPW2100_INTA_RX_TRANSFER) {
3256 		IPW_DEBUG_ISR("RX interrupt\n");
3257 
3258 		priv->rx_interrupts++;
3259 
3260 		write_register(dev, IPW_REG_INTA, IPW2100_INTA_RX_TRANSFER);
3261 
3262 		__ipw2100_rx_process(priv);
3263 		__ipw2100_tx_complete(priv);
3264 	}
3265 
3266 	if (inta & IPW2100_INTA_TX_TRANSFER) {
3267 		IPW_DEBUG_ISR("TX interrupt\n");
3268 
3269 		priv->tx_interrupts++;
3270 
3271 		write_register(dev, IPW_REG_INTA, IPW2100_INTA_TX_TRANSFER);
3272 
3273 		__ipw2100_tx_complete(priv);
3274 		ipw2100_tx_send_commands(priv);
3275 		ipw2100_tx_send_data(priv);
3276 	}
3277 
3278 	if (inta & IPW2100_INTA_TX_COMPLETE) {
3279 		IPW_DEBUG_ISR("TX complete\n");
3280 		priv->inta_other++;
3281 		write_register(dev, IPW_REG_INTA, IPW2100_INTA_TX_COMPLETE);
3282 
3283 		__ipw2100_tx_complete(priv);
3284 	}
3285 
3286 	if (inta & IPW2100_INTA_EVENT_INTERRUPT) {
3287 		/* ipw2100_handle_event(dev); */
3288 		priv->inta_other++;
3289 		write_register(dev, IPW_REG_INTA, IPW2100_INTA_EVENT_INTERRUPT);
3290 	}
3291 
3292 	if (inta & IPW2100_INTA_FW_INIT_DONE) {
3293 		IPW_DEBUG_ISR("FW init done interrupt\n");
3294 		priv->inta_other++;
3295 
3296 		read_register(dev, IPW_REG_INTA, &tmp);
3297 		if (tmp & (IPW2100_INTA_FATAL_ERROR |
3298 			   IPW2100_INTA_PARITY_ERROR)) {
3299 			write_register(dev, IPW_REG_INTA,
3300 				       IPW2100_INTA_FATAL_ERROR |
3301 				       IPW2100_INTA_PARITY_ERROR);
3302 		}
3303 
3304 		write_register(dev, IPW_REG_INTA, IPW2100_INTA_FW_INIT_DONE);
3305 	}
3306 
3307 	if (inta & IPW2100_INTA_STATUS_CHANGE) {
3308 		IPW_DEBUG_ISR("Status change interrupt\n");
3309 		priv->inta_other++;
3310 		write_register(dev, IPW_REG_INTA, IPW2100_INTA_STATUS_CHANGE);
3311 	}
3312 
3313 	if (inta & IPW2100_INTA_SLAVE_MODE_HOST_COMMAND_DONE) {
3314 		IPW_DEBUG_ISR("slave host mode interrupt\n");
3315 		priv->inta_other++;
3316 		write_register(dev, IPW_REG_INTA,
3317 			       IPW2100_INTA_SLAVE_MODE_HOST_COMMAND_DONE);
3318 	}
3319 
3320 	priv->in_isr--;
3321 	ipw2100_enable_interrupts(priv);
3322 
3323 	spin_unlock_irqrestore(&priv->low_lock, flags);
3324 
3325 	IPW_DEBUG_ISR("exit\n");
3326 }
3327 
3328 static irqreturn_t ipw2100_interrupt(int irq, void *data)
3329 {
3330 	struct ipw2100_priv *priv = data;
3331 	u32 inta, inta_mask;
3332 
3333 	if (!data)
3334 		return IRQ_NONE;
3335 
3336 	spin_lock(&priv->low_lock);
3337 
3338 	/* We check to see if we should be ignoring interrupts before
3339 	 * we touch the hardware.  During ucode load if we try and handle
3340 	 * an interrupt we can cause keyboard problems as well as cause
3341 	 * the ucode to fail to initialize */
3342 	if (!(priv->status & STATUS_INT_ENABLED)) {
3343 		/* Shared IRQ */
3344 		goto none;
3345 	}
3346 
3347 	read_register(priv->net_dev, IPW_REG_INTA_MASK, &inta_mask);
3348 	read_register(priv->net_dev, IPW_REG_INTA, &inta);
3349 
3350 	if (inta == 0xFFFFFFFF) {
3351 		/* Hardware disappeared */
3352 		printk(KERN_WARNING DRV_NAME ": IRQ INTA == 0xFFFFFFFF\n");
3353 		goto none;
3354 	}
3355 
3356 	inta &= IPW_INTERRUPT_MASK;
3357 
3358 	if (!(inta & inta_mask)) {
3359 		/* Shared interrupt */
3360 		goto none;
3361 	}
3362 
3363 	/* We disable the hardware interrupt here just to prevent unneeded
3364 	 * calls to be made.  We disable this again within the actual
3365 	 * work tasklet, so if another part of the code re-enables the
3366 	 * interrupt, that is fine */
3367 	ipw2100_disable_interrupts(priv);
3368 
3369 	tasklet_schedule(&priv->irq_tasklet);
3370 	spin_unlock(&priv->low_lock);
3371 
3372 	return IRQ_HANDLED;
3373       none:
3374 	spin_unlock(&priv->low_lock);
3375 	return IRQ_NONE;
3376 }
3377 
3378 static netdev_tx_t ipw2100_tx(struct libipw_txb *txb,
3379 			      struct net_device *dev, int pri)
3380 {
3381 	struct ipw2100_priv *priv = libipw_priv(dev);
3382 	struct list_head *element;
3383 	struct ipw2100_tx_packet *packet;
3384 	unsigned long flags;
3385 
3386 	spin_lock_irqsave(&priv->low_lock, flags);
3387 
3388 	if (!(priv->status & STATUS_ASSOCIATED)) {
3389 		IPW_DEBUG_INFO("Can not transmit when not connected.\n");
3390 		priv->net_dev->stats.tx_carrier_errors++;
3391 		netif_stop_queue(dev);
3392 		goto fail_unlock;
3393 	}
3394 
3395 	if (list_empty(&priv->tx_free_list))
3396 		goto fail_unlock;
3397 
3398 	element = priv->tx_free_list.next;
3399 	packet = list_entry(element, struct ipw2100_tx_packet, list);
3400 
3401 	packet->info.d_struct.txb = txb;
3402 
3403 	IPW_DEBUG_TX("Sending fragment (%d bytes):\n", txb->fragments[0]->len);
3404 	printk_buf(IPW_DL_TX, txb->fragments[0]->data, txb->fragments[0]->len);
3405 
3406 	packet->jiffy_start = jiffies;
3407 
3408 	list_del(element);
3409 	DEC_STAT(&priv->tx_free_stat);
3410 
3411 	list_add_tail(element, &priv->tx_pend_list);
3412 	INC_STAT(&priv->tx_pend_stat);
3413 
3414 	ipw2100_tx_send_data(priv);
3415 
3416 	spin_unlock_irqrestore(&priv->low_lock, flags);
3417 	return NETDEV_TX_OK;
3418 
3419 fail_unlock:
3420 	netif_stop_queue(dev);
3421 	spin_unlock_irqrestore(&priv->low_lock, flags);
3422 	return NETDEV_TX_BUSY;
3423 }
3424 
3425 static int ipw2100_msg_allocate(struct ipw2100_priv *priv)
3426 {
3427 	int i, j, err = -EINVAL;
3428 	void *v;
3429 	dma_addr_t p;
3430 
3431 	priv->msg_buffers =
3432 	    kmalloc_array(IPW_COMMAND_POOL_SIZE,
3433 			  sizeof(struct ipw2100_tx_packet),
3434 			  GFP_KERNEL);
3435 	if (!priv->msg_buffers)
3436 		return -ENOMEM;
3437 
3438 	for (i = 0; i < IPW_COMMAND_POOL_SIZE; i++) {
3439 		v = dma_alloc_coherent(&priv->pci_dev->dev,
3440 				       sizeof(struct ipw2100_cmd_header), &p,
3441 				       GFP_KERNEL);
3442 		if (!v) {
3443 			printk(KERN_ERR DRV_NAME ": "
3444 			       "%s: PCI alloc failed for msg "
3445 			       "buffers.\n", priv->net_dev->name);
3446 			err = -ENOMEM;
3447 			break;
3448 		}
3449 
3450 		priv->msg_buffers[i].type = COMMAND;
3451 		priv->msg_buffers[i].info.c_struct.cmd =
3452 		    (struct ipw2100_cmd_header *)v;
3453 		priv->msg_buffers[i].info.c_struct.cmd_phys = p;
3454 	}
3455 
3456 	if (i == IPW_COMMAND_POOL_SIZE)
3457 		return 0;
3458 
3459 	for (j = 0; j < i; j++) {
3460 		dma_free_coherent(&priv->pci_dev->dev,
3461 				  sizeof(struct ipw2100_cmd_header),
3462 				  priv->msg_buffers[j].info.c_struct.cmd,
3463 				  priv->msg_buffers[j].info.c_struct.cmd_phys);
3464 	}
3465 
3466 	kfree(priv->msg_buffers);
3467 	priv->msg_buffers = NULL;
3468 
3469 	return err;
3470 }
3471 
3472 static int ipw2100_msg_initialize(struct ipw2100_priv *priv)
3473 {
3474 	int i;
3475 
3476 	INIT_LIST_HEAD(&priv->msg_free_list);
3477 	INIT_LIST_HEAD(&priv->msg_pend_list);
3478 
3479 	for (i = 0; i < IPW_COMMAND_POOL_SIZE; i++)
3480 		list_add_tail(&priv->msg_buffers[i].list, &priv->msg_free_list);
3481 	SET_STAT(&priv->msg_free_stat, i);
3482 
3483 	return 0;
3484 }
3485 
3486 static void ipw2100_msg_free(struct ipw2100_priv *priv)
3487 {
3488 	int i;
3489 
3490 	if (!priv->msg_buffers)
3491 		return;
3492 
3493 	for (i = 0; i < IPW_COMMAND_POOL_SIZE; i++) {
3494 		dma_free_coherent(&priv->pci_dev->dev,
3495 				  sizeof(struct ipw2100_cmd_header),
3496 				  priv->msg_buffers[i].info.c_struct.cmd,
3497 				  priv->msg_buffers[i].info.c_struct.cmd_phys);
3498 	}
3499 
3500 	kfree(priv->msg_buffers);
3501 	priv->msg_buffers = NULL;
3502 }
3503 
3504 static ssize_t pci_show(struct device *d, struct device_attribute *attr,
3505 			char *buf)
3506 {
3507 	struct pci_dev *pci_dev = to_pci_dev(d);
3508 	char *out = buf;
3509 	int i, j;
3510 	u32 val;
3511 
3512 	for (i = 0; i < 16; i++) {
3513 		out += sprintf(out, "[%08X] ", i * 16);
3514 		for (j = 0; j < 16; j += 4) {
3515 			pci_read_config_dword(pci_dev, i * 16 + j, &val);
3516 			out += sprintf(out, "%08X ", val);
3517 		}
3518 		out += sprintf(out, "\n");
3519 	}
3520 
3521 	return out - buf;
3522 }
3523 
3524 static DEVICE_ATTR_RO(pci);
3525 
3526 static ssize_t cfg_show(struct device *d, struct device_attribute *attr,
3527 			char *buf)
3528 {
3529 	struct ipw2100_priv *p = dev_get_drvdata(d);
3530 	return sprintf(buf, "0x%08x\n", (int)p->config);
3531 }
3532 
3533 static DEVICE_ATTR_RO(cfg);
3534 
3535 static ssize_t status_show(struct device *d, struct device_attribute *attr,
3536 			   char *buf)
3537 {
3538 	struct ipw2100_priv *p = dev_get_drvdata(d);
3539 	return sprintf(buf, "0x%08x\n", (int)p->status);
3540 }
3541 
3542 static DEVICE_ATTR_RO(status);
3543 
3544 static ssize_t capability_show(struct device *d, struct device_attribute *attr,
3545 			       char *buf)
3546 {
3547 	struct ipw2100_priv *p = dev_get_drvdata(d);
3548 	return sprintf(buf, "0x%08x\n", (int)p->capability);
3549 }
3550 
3551 static DEVICE_ATTR_RO(capability);
3552 
3553 #define IPW2100_REG(x) { IPW_ ##x, #x }
3554 static const struct {
3555 	u32 addr;
3556 	const char *name;
3557 } hw_data[] = {
3558 IPW2100_REG(REG_GP_CNTRL),
3559 	    IPW2100_REG(REG_GPIO),
3560 	    IPW2100_REG(REG_INTA),
3561 	    IPW2100_REG(REG_INTA_MASK), IPW2100_REG(REG_RESET_REG),};
3562 #define IPW2100_NIC(x, s) { x, #x, s }
3563 static const struct {
3564 	u32 addr;
3565 	const char *name;
3566 	size_t size;
3567 } nic_data[] = {
3568 IPW2100_NIC(IPW2100_CONTROL_REG, 2),
3569 	    IPW2100_NIC(0x210014, 1), IPW2100_NIC(0x210000, 1),};
3570 #define IPW2100_ORD(x, d) { IPW_ORD_ ##x, #x, d }
3571 static const struct {
3572 	u8 index;
3573 	const char *name;
3574 	const char *desc;
3575 } ord_data[] = {
3576 IPW2100_ORD(STAT_TX_HOST_REQUESTS, "requested Host Tx's (MSDU)"),
3577 	    IPW2100_ORD(STAT_TX_HOST_COMPLETE,
3578 				"successful Host Tx's (MSDU)"),
3579 	    IPW2100_ORD(STAT_TX_DIR_DATA,
3580 				"successful Directed Tx's (MSDU)"),
3581 	    IPW2100_ORD(STAT_TX_DIR_DATA1,
3582 				"successful Directed Tx's (MSDU) @ 1MB"),
3583 	    IPW2100_ORD(STAT_TX_DIR_DATA2,
3584 				"successful Directed Tx's (MSDU) @ 2MB"),
3585 	    IPW2100_ORD(STAT_TX_DIR_DATA5_5,
3586 				"successful Directed Tx's (MSDU) @ 5_5MB"),
3587 	    IPW2100_ORD(STAT_TX_DIR_DATA11,
3588 				"successful Directed Tx's (MSDU) @ 11MB"),
3589 	    IPW2100_ORD(STAT_TX_NODIR_DATA1,
3590 				"successful Non_Directed Tx's (MSDU) @ 1MB"),
3591 	    IPW2100_ORD(STAT_TX_NODIR_DATA2,
3592 				"successful Non_Directed Tx's (MSDU) @ 2MB"),
3593 	    IPW2100_ORD(STAT_TX_NODIR_DATA5_5,
3594 				"successful Non_Directed Tx's (MSDU) @ 5.5MB"),
3595 	    IPW2100_ORD(STAT_TX_NODIR_DATA11,
3596 				"successful Non_Directed Tx's (MSDU) @ 11MB"),
3597 	    IPW2100_ORD(STAT_NULL_DATA, "successful NULL data Tx's"),
3598 	    IPW2100_ORD(STAT_TX_RTS, "successful Tx RTS"),
3599 	    IPW2100_ORD(STAT_TX_CTS, "successful Tx CTS"),
3600 	    IPW2100_ORD(STAT_TX_ACK, "successful Tx ACK"),
3601 	    IPW2100_ORD(STAT_TX_ASSN, "successful Association Tx's"),
3602 	    IPW2100_ORD(STAT_TX_ASSN_RESP,
3603 				"successful Association response Tx's"),
3604 	    IPW2100_ORD(STAT_TX_REASSN,
3605 				"successful Reassociation Tx's"),
3606 	    IPW2100_ORD(STAT_TX_REASSN_RESP,
3607 				"successful Reassociation response Tx's"),
3608 	    IPW2100_ORD(STAT_TX_PROBE,
3609 				"probes successfully transmitted"),
3610 	    IPW2100_ORD(STAT_TX_PROBE_RESP,
3611 				"probe responses successfully transmitted"),
3612 	    IPW2100_ORD(STAT_TX_BEACON, "tx beacon"),
3613 	    IPW2100_ORD(STAT_TX_ATIM, "Tx ATIM"),
3614 	    IPW2100_ORD(STAT_TX_DISASSN,
3615 				"successful Disassociation TX"),
3616 	    IPW2100_ORD(STAT_TX_AUTH, "successful Authentication Tx"),
3617 	    IPW2100_ORD(STAT_TX_DEAUTH,
3618 				"successful Deauthentication TX"),
3619 	    IPW2100_ORD(STAT_TX_TOTAL_BYTES,
3620 				"Total successful Tx data bytes"),
3621 	    IPW2100_ORD(STAT_TX_RETRIES, "Tx retries"),
3622 	    IPW2100_ORD(STAT_TX_RETRY1, "Tx retries at 1MBPS"),
3623 	    IPW2100_ORD(STAT_TX_RETRY2, "Tx retries at 2MBPS"),
3624 	    IPW2100_ORD(STAT_TX_RETRY5_5, "Tx retries at 5.5MBPS"),
3625 	    IPW2100_ORD(STAT_TX_RETRY11, "Tx retries at 11MBPS"),
3626 	    IPW2100_ORD(STAT_TX_FAILURES, "Tx Failures"),
3627 	    IPW2100_ORD(STAT_TX_MAX_TRIES_IN_HOP,
3628 				"times max tries in a hop failed"),
3629 	    IPW2100_ORD(STAT_TX_DISASSN_FAIL,
3630 				"times disassociation failed"),
3631 	    IPW2100_ORD(STAT_TX_ERR_CTS, "missed/bad CTS frames"),
3632 	    IPW2100_ORD(STAT_TX_ERR_ACK, "tx err due to acks"),
3633 	    IPW2100_ORD(STAT_RX_HOST, "packets passed to host"),
3634 	    IPW2100_ORD(STAT_RX_DIR_DATA, "directed packets"),
3635 	    IPW2100_ORD(STAT_RX_DIR_DATA1, "directed packets at 1MB"),
3636 	    IPW2100_ORD(STAT_RX_DIR_DATA2, "directed packets at 2MB"),
3637 	    IPW2100_ORD(STAT_RX_DIR_DATA5_5,
3638 				"directed packets at 5.5MB"),
3639 	    IPW2100_ORD(STAT_RX_DIR_DATA11, "directed packets at 11MB"),
3640 	    IPW2100_ORD(STAT_RX_NODIR_DATA, "nondirected packets"),
3641 	    IPW2100_ORD(STAT_RX_NODIR_DATA1,
3642 				"nondirected packets at 1MB"),
3643 	    IPW2100_ORD(STAT_RX_NODIR_DATA2,
3644 				"nondirected packets at 2MB"),
3645 	    IPW2100_ORD(STAT_RX_NODIR_DATA5_5,
3646 				"nondirected packets at 5.5MB"),
3647 	    IPW2100_ORD(STAT_RX_NODIR_DATA11,
3648 				"nondirected packets at 11MB"),
3649 	    IPW2100_ORD(STAT_RX_NULL_DATA, "null data rx's"),
3650 	    IPW2100_ORD(STAT_RX_RTS, "Rx RTS"), IPW2100_ORD(STAT_RX_CTS,
3651 								    "Rx CTS"),
3652 	    IPW2100_ORD(STAT_RX_ACK, "Rx ACK"),
3653 	    IPW2100_ORD(STAT_RX_CFEND, "Rx CF End"),
3654 	    IPW2100_ORD(STAT_RX_CFEND_ACK, "Rx CF End + CF Ack"),
3655 	    IPW2100_ORD(STAT_RX_ASSN, "Association Rx's"),
3656 	    IPW2100_ORD(STAT_RX_ASSN_RESP, "Association response Rx's"),
3657 	    IPW2100_ORD(STAT_RX_REASSN, "Reassociation Rx's"),
3658 	    IPW2100_ORD(STAT_RX_REASSN_RESP,
3659 				"Reassociation response Rx's"),
3660 	    IPW2100_ORD(STAT_RX_PROBE, "probe Rx's"),
3661 	    IPW2100_ORD(STAT_RX_PROBE_RESP, "probe response Rx's"),
3662 	    IPW2100_ORD(STAT_RX_BEACON, "Rx beacon"),
3663 	    IPW2100_ORD(STAT_RX_ATIM, "Rx ATIM"),
3664 	    IPW2100_ORD(STAT_RX_DISASSN, "disassociation Rx"),
3665 	    IPW2100_ORD(STAT_RX_AUTH, "authentication Rx"),
3666 	    IPW2100_ORD(STAT_RX_DEAUTH, "deauthentication Rx"),
3667 	    IPW2100_ORD(STAT_RX_TOTAL_BYTES,
3668 				"Total rx data bytes received"),
3669 	    IPW2100_ORD(STAT_RX_ERR_CRC, "packets with Rx CRC error"),
3670 	    IPW2100_ORD(STAT_RX_ERR_CRC1, "Rx CRC errors at 1MB"),
3671 	    IPW2100_ORD(STAT_RX_ERR_CRC2, "Rx CRC errors at 2MB"),
3672 	    IPW2100_ORD(STAT_RX_ERR_CRC5_5, "Rx CRC errors at 5.5MB"),
3673 	    IPW2100_ORD(STAT_RX_ERR_CRC11, "Rx CRC errors at 11MB"),
3674 	    IPW2100_ORD(STAT_RX_DUPLICATE1,
3675 				"duplicate rx packets at 1MB"),
3676 	    IPW2100_ORD(STAT_RX_DUPLICATE2,
3677 				"duplicate rx packets at 2MB"),
3678 	    IPW2100_ORD(STAT_RX_DUPLICATE5_5,
3679 				"duplicate rx packets at 5.5MB"),
3680 	    IPW2100_ORD(STAT_RX_DUPLICATE11,
3681 				"duplicate rx packets at 11MB"),
3682 	    IPW2100_ORD(STAT_RX_DUPLICATE, "duplicate rx packets"),
3683 	    IPW2100_ORD(PERS_DB_LOCK, "locking fw permanent  db"),
3684 	    IPW2100_ORD(PERS_DB_SIZE, "size of fw permanent  db"),
3685 	    IPW2100_ORD(PERS_DB_ADDR, "address of fw permanent  db"),
3686 	    IPW2100_ORD(STAT_RX_INVALID_PROTOCOL,
3687 				"rx frames with invalid protocol"),
3688 	    IPW2100_ORD(SYS_BOOT_TIME, "Boot time"),
3689 	    IPW2100_ORD(STAT_RX_NO_BUFFER,
3690 				"rx frames rejected due to no buffer"),
3691 	    IPW2100_ORD(STAT_RX_MISSING_FRAG,
3692 				"rx frames dropped due to missing fragment"),
3693 	    IPW2100_ORD(STAT_RX_ORPHAN_FRAG,
3694 				"rx frames dropped due to non-sequential fragment"),
3695 	    IPW2100_ORD(STAT_RX_ORPHAN_FRAME,
3696 				"rx frames dropped due to unmatched 1st frame"),
3697 	    IPW2100_ORD(STAT_RX_FRAG_AGEOUT,
3698 				"rx frames dropped due to uncompleted frame"),
3699 	    IPW2100_ORD(STAT_RX_ICV_ERRORS,
3700 				"ICV errors during decryption"),
3701 	    IPW2100_ORD(STAT_PSP_SUSPENSION, "times adapter suspended"),
3702 	    IPW2100_ORD(STAT_PSP_BCN_TIMEOUT, "beacon timeout"),
3703 	    IPW2100_ORD(STAT_PSP_POLL_TIMEOUT,
3704 				"poll response timeouts"),
3705 	    IPW2100_ORD(STAT_PSP_NONDIR_TIMEOUT,
3706 				"timeouts waiting for last {broad,multi}cast pkt"),
3707 	    IPW2100_ORD(STAT_PSP_RX_DTIMS, "PSP DTIMs received"),
3708 	    IPW2100_ORD(STAT_PSP_RX_TIMS, "PSP TIMs received"),
3709 	    IPW2100_ORD(STAT_PSP_STATION_ID, "PSP Station ID"),
3710 	    IPW2100_ORD(LAST_ASSN_TIME, "RTC time of last association"),
3711 	    IPW2100_ORD(STAT_PERCENT_MISSED_BCNS,
3712 				"current calculation of % missed beacons"),
3713 	    IPW2100_ORD(STAT_PERCENT_RETRIES,
3714 				"current calculation of % missed tx retries"),
3715 	    IPW2100_ORD(ASSOCIATED_AP_PTR,
3716 				"0 if not associated, else pointer to AP table entry"),
3717 	    IPW2100_ORD(AVAILABLE_AP_CNT,
3718 				"AP's described in the AP table"),
3719 	    IPW2100_ORD(AP_LIST_PTR, "Ptr to list of available APs"),
3720 	    IPW2100_ORD(STAT_AP_ASSNS, "associations"),
3721 	    IPW2100_ORD(STAT_ASSN_FAIL, "association failures"),
3722 	    IPW2100_ORD(STAT_ASSN_RESP_FAIL,
3723 				"failures due to response fail"),
3724 	    IPW2100_ORD(STAT_FULL_SCANS, "full scans"),
3725 	    IPW2100_ORD(CARD_DISABLED, "Card Disabled"),
3726 	    IPW2100_ORD(STAT_ROAM_INHIBIT,
3727 				"times roaming was inhibited due to activity"),
3728 	    IPW2100_ORD(RSSI_AT_ASSN,
3729 				"RSSI of associated AP at time of association"),
3730 	    IPW2100_ORD(STAT_ASSN_CAUSE1,
3731 				"reassociation: no probe response or TX on hop"),
3732 	    IPW2100_ORD(STAT_ASSN_CAUSE2,
3733 				"reassociation: poor tx/rx quality"),
3734 	    IPW2100_ORD(STAT_ASSN_CAUSE3,
3735 				"reassociation: tx/rx quality (excessive AP load"),
3736 	    IPW2100_ORD(STAT_ASSN_CAUSE4,
3737 				"reassociation: AP RSSI level"),
3738 	    IPW2100_ORD(STAT_ASSN_CAUSE5,
3739 				"reassociations due to load leveling"),
3740 	    IPW2100_ORD(STAT_AUTH_FAIL, "times authentication failed"),
3741 	    IPW2100_ORD(STAT_AUTH_RESP_FAIL,
3742 				"times authentication response failed"),
3743 	    IPW2100_ORD(STATION_TABLE_CNT,
3744 				"entries in association table"),
3745 	    IPW2100_ORD(RSSI_AVG_CURR, "Current avg RSSI"),
3746 	    IPW2100_ORD(POWER_MGMT_MODE, "Power mode - 0=CAM, 1=PSP"),
3747 	    IPW2100_ORD(COUNTRY_CODE,
3748 				"IEEE country code as recv'd from beacon"),
3749 	    IPW2100_ORD(COUNTRY_CHANNELS,
3750 				"channels supported by country"),
3751 	    IPW2100_ORD(RESET_CNT, "adapter resets (warm)"),
3752 	    IPW2100_ORD(BEACON_INTERVAL, "Beacon interval"),
3753 	    IPW2100_ORD(ANTENNA_DIVERSITY,
3754 				"TRUE if antenna diversity is disabled"),
3755 	    IPW2100_ORD(DTIM_PERIOD, "beacon intervals between DTIMs"),
3756 	    IPW2100_ORD(OUR_FREQ,
3757 				"current radio freq lower digits - channel ID"),
3758 	    IPW2100_ORD(RTC_TIME, "current RTC time"),
3759 	    IPW2100_ORD(PORT_TYPE, "operating mode"),
3760 	    IPW2100_ORD(CURRENT_TX_RATE, "current tx rate"),
3761 	    IPW2100_ORD(SUPPORTED_RATES, "supported tx rates"),
3762 	    IPW2100_ORD(ATIM_WINDOW, "current ATIM Window"),
3763 	    IPW2100_ORD(BASIC_RATES, "basic tx rates"),
3764 	    IPW2100_ORD(NIC_HIGHEST_RATE, "NIC highest tx rate"),
3765 	    IPW2100_ORD(AP_HIGHEST_RATE, "AP highest tx rate"),
3766 	    IPW2100_ORD(CAPABILITIES,
3767 				"Management frame capability field"),
3768 	    IPW2100_ORD(AUTH_TYPE, "Type of authentication"),
3769 	    IPW2100_ORD(RADIO_TYPE, "Adapter card platform type"),
3770 	    IPW2100_ORD(RTS_THRESHOLD,
3771 				"Min packet length for RTS handshaking"),
3772 	    IPW2100_ORD(INT_MODE, "International mode"),
3773 	    IPW2100_ORD(FRAGMENTATION_THRESHOLD,
3774 				"protocol frag threshold"),
3775 	    IPW2100_ORD(EEPROM_SRAM_DB_BLOCK_START_ADDRESS,
3776 				"EEPROM offset in SRAM"),
3777 	    IPW2100_ORD(EEPROM_SRAM_DB_BLOCK_SIZE,
3778 				"EEPROM size in SRAM"),
3779 	    IPW2100_ORD(EEPROM_SKU_CAPABILITY, "EEPROM SKU Capability"),
3780 	    IPW2100_ORD(EEPROM_IBSS_11B_CHANNELS,
3781 				"EEPROM IBSS 11b channel set"),
3782 	    IPW2100_ORD(MAC_VERSION, "MAC Version"),
3783 	    IPW2100_ORD(MAC_REVISION, "MAC Revision"),
3784 	    IPW2100_ORD(RADIO_VERSION, "Radio Version"),
3785 	    IPW2100_ORD(NIC_MANF_DATE_TIME, "MANF Date/Time STAMP"),
3786 	    IPW2100_ORD(UCODE_VERSION, "Ucode Version"),};
3787 
3788 static ssize_t registers_show(struct device *d, struct device_attribute *attr,
3789 			      char *buf)
3790 {
3791 	int i;
3792 	struct ipw2100_priv *priv = dev_get_drvdata(d);
3793 	struct net_device *dev = priv->net_dev;
3794 	char *out = buf;
3795 	u32 val = 0;
3796 
3797 	out += sprintf(out, "%30s [Address ] : Hex\n", "Register");
3798 
3799 	for (i = 0; i < ARRAY_SIZE(hw_data); i++) {
3800 		read_register(dev, hw_data[i].addr, &val);
3801 		out += sprintf(out, "%30s [%08X] : %08X\n",
3802 			       hw_data[i].name, hw_data[i].addr, val);
3803 	}
3804 
3805 	return out - buf;
3806 }
3807 
3808 static DEVICE_ATTR_RO(registers);
3809 
3810 static ssize_t hardware_show(struct device *d, struct device_attribute *attr,
3811 			     char *buf)
3812 {
3813 	struct ipw2100_priv *priv = dev_get_drvdata(d);
3814 	struct net_device *dev = priv->net_dev;
3815 	char *out = buf;
3816 	int i;
3817 
3818 	out += sprintf(out, "%30s [Address ] : Hex\n", "NIC entry");
3819 
3820 	for (i = 0; i < ARRAY_SIZE(nic_data); i++) {
3821 		u8 tmp8;
3822 		u16 tmp16;
3823 		u32 tmp32;
3824 
3825 		switch (nic_data[i].size) {
3826 		case 1:
3827 			read_nic_byte(dev, nic_data[i].addr, &tmp8);
3828 			out += sprintf(out, "%30s [%08X] : %02X\n",
3829 				       nic_data[i].name, nic_data[i].addr,
3830 				       tmp8);
3831 			break;
3832 		case 2:
3833 			read_nic_word(dev, nic_data[i].addr, &tmp16);
3834 			out += sprintf(out, "%30s [%08X] : %04X\n",
3835 				       nic_data[i].name, nic_data[i].addr,
3836 				       tmp16);
3837 			break;
3838 		case 4:
3839 			read_nic_dword(dev, nic_data[i].addr, &tmp32);
3840 			out += sprintf(out, "%30s [%08X] : %08X\n",
3841 				       nic_data[i].name, nic_data[i].addr,
3842 				       tmp32);
3843 			break;
3844 		}
3845 	}
3846 	return out - buf;
3847 }
3848 
3849 static DEVICE_ATTR_RO(hardware);
3850 
3851 static ssize_t memory_show(struct device *d, struct device_attribute *attr,
3852 			   char *buf)
3853 {
3854 	struct ipw2100_priv *priv = dev_get_drvdata(d);
3855 	struct net_device *dev = priv->net_dev;
3856 	static unsigned long loop = 0;
3857 	int len = 0;
3858 	u32 buffer[4];
3859 	int i;
3860 	char line[81];
3861 
3862 	if (loop >= 0x30000)
3863 		loop = 0;
3864 
3865 	/* sysfs provides us PAGE_SIZE buffer */
3866 	while (len < PAGE_SIZE - 128 && loop < 0x30000) {
3867 
3868 		if (priv->snapshot[0])
3869 			for (i = 0; i < 4; i++)
3870 				buffer[i] =
3871 				    *(u32 *) SNAPSHOT_ADDR(loop + i * 4);
3872 		else
3873 			for (i = 0; i < 4; i++)
3874 				read_nic_dword(dev, loop + i * 4, &buffer[i]);
3875 
3876 		if (priv->dump_raw)
3877 			len += sprintf(buf + len,
3878 				       "%c%c%c%c"
3879 				       "%c%c%c%c"
3880 				       "%c%c%c%c"
3881 				       "%c%c%c%c",
3882 				       ((u8 *) buffer)[0x0],
3883 				       ((u8 *) buffer)[0x1],
3884 				       ((u8 *) buffer)[0x2],
3885 				       ((u8 *) buffer)[0x3],
3886 				       ((u8 *) buffer)[0x4],
3887 				       ((u8 *) buffer)[0x5],
3888 				       ((u8 *) buffer)[0x6],
3889 				       ((u8 *) buffer)[0x7],
3890 				       ((u8 *) buffer)[0x8],
3891 				       ((u8 *) buffer)[0x9],
3892 				       ((u8 *) buffer)[0xa],
3893 				       ((u8 *) buffer)[0xb],
3894 				       ((u8 *) buffer)[0xc],
3895 				       ((u8 *) buffer)[0xd],
3896 				       ((u8 *) buffer)[0xe],
3897 				       ((u8 *) buffer)[0xf]);
3898 		else
3899 			len += sprintf(buf + len, "%s\n",
3900 				       snprint_line(line, sizeof(line),
3901 						    (u8 *) buffer, 16, loop));
3902 		loop += 16;
3903 	}
3904 
3905 	return len;
3906 }
3907 
3908 static ssize_t memory_store(struct device *d, struct device_attribute *attr,
3909 			    const char *buf, size_t count)
3910 {
3911 	struct ipw2100_priv *priv = dev_get_drvdata(d);
3912 	struct net_device *dev = priv->net_dev;
3913 	const char *p = buf;
3914 
3915 	(void)dev;		/* kill unused-var warning for debug-only code */
3916 
3917 	if (count < 1)
3918 		return count;
3919 
3920 	if (p[0] == '1' ||
3921 	    (count >= 2 && tolower(p[0]) == 'o' && tolower(p[1]) == 'n')) {
3922 		IPW_DEBUG_INFO("%s: Setting memory dump to RAW mode.\n",
3923 			       dev->name);
3924 		priv->dump_raw = 1;
3925 
3926 	} else if (p[0] == '0' || (count >= 2 && tolower(p[0]) == 'o' &&
3927 				   tolower(p[1]) == 'f')) {
3928 		IPW_DEBUG_INFO("%s: Setting memory dump to HEX mode.\n",
3929 			       dev->name);
3930 		priv->dump_raw = 0;
3931 
3932 	} else if (tolower(p[0]) == 'r') {
3933 		IPW_DEBUG_INFO("%s: Resetting firmware snapshot.\n", dev->name);
3934 		ipw2100_snapshot_free(priv);
3935 
3936 	} else
3937 		IPW_DEBUG_INFO("%s: Usage: 0|on = HEX, 1|off = RAW, "
3938 			       "reset = clear memory snapshot\n", dev->name);
3939 
3940 	return count;
3941 }
3942 
3943 static DEVICE_ATTR_RW(memory);
3944 
3945 static ssize_t ordinals_show(struct device *d, struct device_attribute *attr,
3946 			     char *buf)
3947 {
3948 	struct ipw2100_priv *priv = dev_get_drvdata(d);
3949 	u32 val = 0;
3950 	int len = 0;
3951 	u32 val_len;
3952 	static int loop = 0;
3953 
3954 	if (priv->status & STATUS_RF_KILL_MASK)
3955 		return 0;
3956 
3957 	if (loop >= ARRAY_SIZE(ord_data))
3958 		loop = 0;
3959 
3960 	/* sysfs provides us PAGE_SIZE buffer */
3961 	while (len < PAGE_SIZE - 128 && loop < ARRAY_SIZE(ord_data)) {
3962 		val_len = sizeof(u32);
3963 
3964 		if (ipw2100_get_ordinal(priv, ord_data[loop].index, &val,
3965 					&val_len))
3966 			len += sprintf(buf + len, "[0x%02X] = ERROR    %s\n",
3967 				       ord_data[loop].index,
3968 				       ord_data[loop].desc);
3969 		else
3970 			len += sprintf(buf + len, "[0x%02X] = 0x%08X %s\n",
3971 				       ord_data[loop].index, val,
3972 				       ord_data[loop].desc);
3973 		loop++;
3974 	}
3975 
3976 	return len;
3977 }
3978 
3979 static DEVICE_ATTR_RO(ordinals);
3980 
3981 static ssize_t stats_show(struct device *d, struct device_attribute *attr,
3982 			  char *buf)
3983 {
3984 	struct ipw2100_priv *priv = dev_get_drvdata(d);
3985 	char *out = buf;
3986 
3987 	out += sprintf(out, "interrupts: %d {tx: %d, rx: %d, other: %d}\n",
3988 		       priv->interrupts, priv->tx_interrupts,
3989 		       priv->rx_interrupts, priv->inta_other);
3990 	out += sprintf(out, "firmware resets: %d\n", priv->resets);
3991 	out += sprintf(out, "firmware hangs: %d\n", priv->hangs);
3992 #ifdef CONFIG_IPW2100_DEBUG
3993 	out += sprintf(out, "packet mismatch image: %s\n",
3994 		       priv->snapshot[0] ? "YES" : "NO");
3995 #endif
3996 
3997 	return out - buf;
3998 }
3999 
4000 static DEVICE_ATTR_RO(stats);
4001 
4002 static int ipw2100_switch_mode(struct ipw2100_priv *priv, u32 mode)
4003 {
4004 	int err;
4005 
4006 	if (mode == priv->ieee->iw_mode)
4007 		return 0;
4008 
4009 	err = ipw2100_disable_adapter(priv);
4010 	if (err) {
4011 		printk(KERN_ERR DRV_NAME ": %s: Could not disable adapter %d\n",
4012 		       priv->net_dev->name, err);
4013 		return err;
4014 	}
4015 
4016 	switch (mode) {
4017 	case IW_MODE_INFRA:
4018 		priv->net_dev->type = ARPHRD_ETHER;
4019 		break;
4020 	case IW_MODE_ADHOC:
4021 		priv->net_dev->type = ARPHRD_ETHER;
4022 		break;
4023 #ifdef CONFIG_IPW2100_MONITOR
4024 	case IW_MODE_MONITOR:
4025 		priv->last_mode = priv->ieee->iw_mode;
4026 		priv->net_dev->type = ARPHRD_IEEE80211_RADIOTAP;
4027 		break;
4028 #endif				/* CONFIG_IPW2100_MONITOR */
4029 	}
4030 
4031 	priv->ieee->iw_mode = mode;
4032 
4033 #ifdef CONFIG_PM
4034 	/* Indicate ipw2100_download_firmware download firmware
4035 	 * from disk instead of memory. */
4036 	ipw2100_firmware.version = 0;
4037 #endif
4038 
4039 	printk(KERN_INFO "%s: Resetting on mode change.\n", priv->net_dev->name);
4040 	priv->reset_backoff = 0;
4041 	schedule_reset(priv);
4042 
4043 	return 0;
4044 }
4045 
4046 static ssize_t internals_show(struct device *d, struct device_attribute *attr,
4047 			      char *buf)
4048 {
4049 	struct ipw2100_priv *priv = dev_get_drvdata(d);
4050 	int len = 0;
4051 
4052 #define DUMP_VAR(x,y) len += sprintf(buf + len, # x ": %" y "\n", priv-> x)
4053 
4054 	if (priv->status & STATUS_ASSOCIATED)
4055 		len += sprintf(buf + len, "connected: %llu\n",
4056 			       ktime_get_boottime_seconds() - priv->connect_start);
4057 	else
4058 		len += sprintf(buf + len, "not connected\n");
4059 
4060 	DUMP_VAR(ieee->crypt_info.crypt[priv->ieee->crypt_info.tx_keyidx], "p");
4061 	DUMP_VAR(status, "08lx");
4062 	DUMP_VAR(config, "08lx");
4063 	DUMP_VAR(capability, "08lx");
4064 
4065 	len +=
4066 	    sprintf(buf + len, "last_rtc: %lu\n",
4067 		    (unsigned long)priv->last_rtc);
4068 
4069 	DUMP_VAR(fatal_error, "d");
4070 	DUMP_VAR(stop_hang_check, "d");
4071 	DUMP_VAR(stop_rf_kill, "d");
4072 	DUMP_VAR(messages_sent, "d");
4073 
4074 	DUMP_VAR(tx_pend_stat.value, "d");
4075 	DUMP_VAR(tx_pend_stat.hi, "d");
4076 
4077 	DUMP_VAR(tx_free_stat.value, "d");
4078 	DUMP_VAR(tx_free_stat.lo, "d");
4079 
4080 	DUMP_VAR(msg_free_stat.value, "d");
4081 	DUMP_VAR(msg_free_stat.lo, "d");
4082 
4083 	DUMP_VAR(msg_pend_stat.value, "d");
4084 	DUMP_VAR(msg_pend_stat.hi, "d");
4085 
4086 	DUMP_VAR(fw_pend_stat.value, "d");
4087 	DUMP_VAR(fw_pend_stat.hi, "d");
4088 
4089 	DUMP_VAR(txq_stat.value, "d");
4090 	DUMP_VAR(txq_stat.lo, "d");
4091 
4092 	DUMP_VAR(ieee->scans, "d");
4093 	DUMP_VAR(reset_backoff, "lld");
4094 
4095 	return len;
4096 }
4097 
4098 static DEVICE_ATTR_RO(internals);
4099 
4100 static ssize_t bssinfo_show(struct device *d, struct device_attribute *attr,
4101 			    char *buf)
4102 {
4103 	struct ipw2100_priv *priv = dev_get_drvdata(d);
4104 	char essid[IW_ESSID_MAX_SIZE + 1];
4105 	u8 bssid[ETH_ALEN];
4106 	u32 chan = 0;
4107 	char *out = buf;
4108 	unsigned int length;
4109 	int ret;
4110 
4111 	if (priv->status & STATUS_RF_KILL_MASK)
4112 		return 0;
4113 
4114 	memset(essid, 0, sizeof(essid));
4115 	memset(bssid, 0, sizeof(bssid));
4116 
4117 	length = IW_ESSID_MAX_SIZE;
4118 	ret = ipw2100_get_ordinal(priv, IPW_ORD_STAT_ASSN_SSID, essid, &length);
4119 	if (ret)
4120 		IPW_DEBUG_INFO("failed querying ordinals at line %d\n",
4121 			       __LINE__);
4122 
4123 	length = sizeof(bssid);
4124 	ret = ipw2100_get_ordinal(priv, IPW_ORD_STAT_ASSN_AP_BSSID,
4125 				  bssid, &length);
4126 	if (ret)
4127 		IPW_DEBUG_INFO("failed querying ordinals at line %d\n",
4128 			       __LINE__);
4129 
4130 	length = sizeof(u32);
4131 	ret = ipw2100_get_ordinal(priv, IPW_ORD_OUR_FREQ, &chan, &length);
4132 	if (ret)
4133 		IPW_DEBUG_INFO("failed querying ordinals at line %d\n",
4134 			       __LINE__);
4135 
4136 	out += sprintf(out, "ESSID: %s\n", essid);
4137 	out += sprintf(out, "BSSID:   %pM\n", bssid);
4138 	out += sprintf(out, "Channel: %d\n", chan);
4139 
4140 	return out - buf;
4141 }
4142 
4143 static DEVICE_ATTR_RO(bssinfo);
4144 
4145 #ifdef CONFIG_IPW2100_DEBUG
4146 static ssize_t debug_level_show(struct device_driver *d, char *buf)
4147 {
4148 	return sprintf(buf, "0x%08X\n", ipw2100_debug_level);
4149 }
4150 
4151 static ssize_t debug_level_store(struct device_driver *d,
4152 				 const char *buf, size_t count)
4153 {
4154 	u32 val;
4155 	int ret;
4156 
4157 	ret = kstrtou32(buf, 0, &val);
4158 	if (ret)
4159 		IPW_DEBUG_INFO(": %s is not in hex or decimal form.\n", buf);
4160 	else
4161 		ipw2100_debug_level = val;
4162 
4163 	return strnlen(buf, count);
4164 }
4165 static DRIVER_ATTR_RW(debug_level);
4166 #endif				/* CONFIG_IPW2100_DEBUG */
4167 
4168 static ssize_t fatal_error_show(struct device *d,
4169 				struct device_attribute *attr, char *buf)
4170 {
4171 	struct ipw2100_priv *priv = dev_get_drvdata(d);
4172 	char *out = buf;
4173 	int i;
4174 
4175 	if (priv->fatal_error)
4176 		out += sprintf(out, "0x%08X\n", priv->fatal_error);
4177 	else
4178 		out += sprintf(out, "0\n");
4179 
4180 	for (i = 1; i <= IPW2100_ERROR_QUEUE; i++) {
4181 		if (!priv->fatal_errors[(priv->fatal_index - i) %
4182 					IPW2100_ERROR_QUEUE])
4183 			continue;
4184 
4185 		out += sprintf(out, "%d. 0x%08X\n", i,
4186 			       priv->fatal_errors[(priv->fatal_index - i) %
4187 						  IPW2100_ERROR_QUEUE]);
4188 	}
4189 
4190 	return out - buf;
4191 }
4192 
4193 static ssize_t fatal_error_store(struct device *d,
4194 				 struct device_attribute *attr, const char *buf,
4195 				 size_t count)
4196 {
4197 	struct ipw2100_priv *priv = dev_get_drvdata(d);
4198 	schedule_reset(priv);
4199 	return count;
4200 }
4201 
4202 static DEVICE_ATTR_RW(fatal_error);
4203 
4204 static ssize_t scan_age_show(struct device *d, struct device_attribute *attr,
4205 			     char *buf)
4206 {
4207 	struct ipw2100_priv *priv = dev_get_drvdata(d);
4208 	return sprintf(buf, "%d\n", priv->ieee->scan_age);
4209 }
4210 
4211 static ssize_t scan_age_store(struct device *d, struct device_attribute *attr,
4212 			      const char *buf, size_t count)
4213 {
4214 	struct ipw2100_priv *priv = dev_get_drvdata(d);
4215 	struct net_device *dev = priv->net_dev;
4216 	unsigned long val;
4217 	int ret;
4218 
4219 	(void)dev;		/* kill unused-var warning for debug-only code */
4220 
4221 	IPW_DEBUG_INFO("enter\n");
4222 
4223 	ret = kstrtoul(buf, 0, &val);
4224 	if (ret) {
4225 		IPW_DEBUG_INFO("%s: user supplied invalid value.\n", dev->name);
4226 	} else {
4227 		priv->ieee->scan_age = val;
4228 		IPW_DEBUG_INFO("set scan_age = %u\n", priv->ieee->scan_age);
4229 	}
4230 
4231 	IPW_DEBUG_INFO("exit\n");
4232 	return strnlen(buf, count);
4233 }
4234 
4235 static DEVICE_ATTR_RW(scan_age);
4236 
4237 static ssize_t rf_kill_show(struct device *d, struct device_attribute *attr,
4238 			    char *buf)
4239 {
4240 	/* 0 - RF kill not enabled
4241 	   1 - SW based RF kill active (sysfs)
4242 	   2 - HW based RF kill active
4243 	   3 - Both HW and SW baed RF kill active */
4244 	struct ipw2100_priv *priv = dev_get_drvdata(d);
4245 	int val = ((priv->status & STATUS_RF_KILL_SW) ? 0x1 : 0x0) |
4246 	    (rf_kill_active(priv) ? 0x2 : 0x0);
4247 	return sprintf(buf, "%i\n", val);
4248 }
4249 
4250 static int ipw_radio_kill_sw(struct ipw2100_priv *priv, int disable_radio)
4251 {
4252 	if ((disable_radio ? 1 : 0) ==
4253 	    (priv->status & STATUS_RF_KILL_SW ? 1 : 0))
4254 		return 0;
4255 
4256 	IPW_DEBUG_RF_KILL("Manual SW RF Kill set to: RADIO  %s\n",
4257 			  disable_radio ? "OFF" : "ON");
4258 
4259 	mutex_lock(&priv->action_mutex);
4260 
4261 	if (disable_radio) {
4262 		priv->status |= STATUS_RF_KILL_SW;
4263 		ipw2100_down(priv);
4264 	} else {
4265 		priv->status &= ~STATUS_RF_KILL_SW;
4266 		if (rf_kill_active(priv)) {
4267 			IPW_DEBUG_RF_KILL("Can not turn radio back on - "
4268 					  "disabled by HW switch\n");
4269 			/* Make sure the RF_KILL check timer is running */
4270 			priv->stop_rf_kill = 0;
4271 			mod_delayed_work(system_wq, &priv->rf_kill,
4272 					 round_jiffies_relative(HZ));
4273 		} else
4274 			schedule_reset(priv);
4275 	}
4276 
4277 	mutex_unlock(&priv->action_mutex);
4278 	return 1;
4279 }
4280 
4281 static ssize_t rf_kill_store(struct device *d, struct device_attribute *attr,
4282 			     const char *buf, size_t count)
4283 {
4284 	struct ipw2100_priv *priv = dev_get_drvdata(d);
4285 	ipw_radio_kill_sw(priv, buf[0] == '1');
4286 	return count;
4287 }
4288 
4289 static DEVICE_ATTR_RW(rf_kill);
4290 
4291 static struct attribute *ipw2100_sysfs_entries[] = {
4292 	&dev_attr_hardware.attr,
4293 	&dev_attr_registers.attr,
4294 	&dev_attr_ordinals.attr,
4295 	&dev_attr_pci.attr,
4296 	&dev_attr_stats.attr,
4297 	&dev_attr_internals.attr,
4298 	&dev_attr_bssinfo.attr,
4299 	&dev_attr_memory.attr,
4300 	&dev_attr_scan_age.attr,
4301 	&dev_attr_fatal_error.attr,
4302 	&dev_attr_rf_kill.attr,
4303 	&dev_attr_cfg.attr,
4304 	&dev_attr_status.attr,
4305 	&dev_attr_capability.attr,
4306 	NULL,
4307 };
4308 
4309 static const struct attribute_group ipw2100_attribute_group = {
4310 	.attrs = ipw2100_sysfs_entries,
4311 };
4312 
4313 static int status_queue_allocate(struct ipw2100_priv *priv, int entries)
4314 {
4315 	struct ipw2100_status_queue *q = &priv->status_queue;
4316 
4317 	IPW_DEBUG_INFO("enter\n");
4318 
4319 	q->size = entries * sizeof(struct ipw2100_status);
4320 	q->drv = dma_alloc_coherent(&priv->pci_dev->dev, q->size, &q->nic,
4321 				    GFP_KERNEL);
4322 	if (!q->drv) {
4323 		IPW_DEBUG_WARNING("Can not allocate status queue.\n");
4324 		return -ENOMEM;
4325 	}
4326 
4327 	IPW_DEBUG_INFO("exit\n");
4328 
4329 	return 0;
4330 }
4331 
4332 static void status_queue_free(struct ipw2100_priv *priv)
4333 {
4334 	IPW_DEBUG_INFO("enter\n");
4335 
4336 	if (priv->status_queue.drv) {
4337 		dma_free_coherent(&priv->pci_dev->dev,
4338 				  priv->status_queue.size,
4339 				  priv->status_queue.drv,
4340 				  priv->status_queue.nic);
4341 		priv->status_queue.drv = NULL;
4342 	}
4343 
4344 	IPW_DEBUG_INFO("exit\n");
4345 }
4346 
4347 static int bd_queue_allocate(struct ipw2100_priv *priv,
4348 			     struct ipw2100_bd_queue *q, int entries)
4349 {
4350 	IPW_DEBUG_INFO("enter\n");
4351 
4352 	memset(q, 0, sizeof(struct ipw2100_bd_queue));
4353 
4354 	q->entries = entries;
4355 	q->size = entries * sizeof(struct ipw2100_bd);
4356 	q->drv = dma_alloc_coherent(&priv->pci_dev->dev, q->size, &q->nic,
4357 				    GFP_KERNEL);
4358 	if (!q->drv) {
4359 		IPW_DEBUG_INFO
4360 		    ("can't allocate shared memory for buffer descriptors\n");
4361 		return -ENOMEM;
4362 	}
4363 
4364 	IPW_DEBUG_INFO("exit\n");
4365 
4366 	return 0;
4367 }
4368 
4369 static void bd_queue_free(struct ipw2100_priv *priv, struct ipw2100_bd_queue *q)
4370 {
4371 	IPW_DEBUG_INFO("enter\n");
4372 
4373 	if (!q)
4374 		return;
4375 
4376 	if (q->drv) {
4377 		dma_free_coherent(&priv->pci_dev->dev, q->size, q->drv,
4378 				  q->nic);
4379 		q->drv = NULL;
4380 	}
4381 
4382 	IPW_DEBUG_INFO("exit\n");
4383 }
4384 
4385 static void bd_queue_initialize(struct ipw2100_priv *priv,
4386 				struct ipw2100_bd_queue *q, u32 base, u32 size,
4387 				u32 r, u32 w)
4388 {
4389 	IPW_DEBUG_INFO("enter\n");
4390 
4391 	IPW_DEBUG_INFO("initializing bd queue at virt=%p, phys=%08x\n", q->drv,
4392 		       (u32) q->nic);
4393 
4394 	write_register(priv->net_dev, base, q->nic);
4395 	write_register(priv->net_dev, size, q->entries);
4396 	write_register(priv->net_dev, r, q->oldest);
4397 	write_register(priv->net_dev, w, q->next);
4398 
4399 	IPW_DEBUG_INFO("exit\n");
4400 }
4401 
4402 static void ipw2100_kill_works(struct ipw2100_priv *priv)
4403 {
4404 	priv->stop_rf_kill = 1;
4405 	priv->stop_hang_check = 1;
4406 	cancel_delayed_work_sync(&priv->reset_work);
4407 	cancel_delayed_work_sync(&priv->security_work);
4408 	cancel_delayed_work_sync(&priv->wx_event_work);
4409 	cancel_delayed_work_sync(&priv->hang_check);
4410 	cancel_delayed_work_sync(&priv->rf_kill);
4411 	cancel_delayed_work_sync(&priv->scan_event);
4412 }
4413 
4414 static int ipw2100_tx_allocate(struct ipw2100_priv *priv)
4415 {
4416 	int i, j, err;
4417 	void *v;
4418 	dma_addr_t p;
4419 
4420 	IPW_DEBUG_INFO("enter\n");
4421 
4422 	err = bd_queue_allocate(priv, &priv->tx_queue, TX_QUEUE_LENGTH);
4423 	if (err) {
4424 		IPW_DEBUG_ERROR("%s: failed bd_queue_allocate\n",
4425 				priv->net_dev->name);
4426 		return err;
4427 	}
4428 
4429 	priv->tx_buffers = kmalloc_array(TX_PENDED_QUEUE_LENGTH,
4430 					 sizeof(struct ipw2100_tx_packet),
4431 					 GFP_KERNEL);
4432 	if (!priv->tx_buffers) {
4433 		bd_queue_free(priv, &priv->tx_queue);
4434 		return -ENOMEM;
4435 	}
4436 
4437 	for (i = 0; i < TX_PENDED_QUEUE_LENGTH; i++) {
4438 		v = dma_alloc_coherent(&priv->pci_dev->dev,
4439 				       sizeof(struct ipw2100_data_header), &p,
4440 				       GFP_KERNEL);
4441 		if (!v) {
4442 			printk(KERN_ERR DRV_NAME
4443 			       ": %s: PCI alloc failed for tx " "buffers.\n",
4444 			       priv->net_dev->name);
4445 			err = -ENOMEM;
4446 			break;
4447 		}
4448 
4449 		priv->tx_buffers[i].type = DATA;
4450 		priv->tx_buffers[i].info.d_struct.data =
4451 		    (struct ipw2100_data_header *)v;
4452 		priv->tx_buffers[i].info.d_struct.data_phys = p;
4453 		priv->tx_buffers[i].info.d_struct.txb = NULL;
4454 	}
4455 
4456 	if (i == TX_PENDED_QUEUE_LENGTH)
4457 		return 0;
4458 
4459 	for (j = 0; j < i; j++) {
4460 		dma_free_coherent(&priv->pci_dev->dev,
4461 				  sizeof(struct ipw2100_data_header),
4462 				  priv->tx_buffers[j].info.d_struct.data,
4463 				  priv->tx_buffers[j].info.d_struct.data_phys);
4464 	}
4465 
4466 	kfree(priv->tx_buffers);
4467 	priv->tx_buffers = NULL;
4468 
4469 	return err;
4470 }
4471 
4472 static void ipw2100_tx_initialize(struct ipw2100_priv *priv)
4473 {
4474 	int i;
4475 
4476 	IPW_DEBUG_INFO("enter\n");
4477 
4478 	/*
4479 	 * reinitialize packet info lists
4480 	 */
4481 	INIT_LIST_HEAD(&priv->fw_pend_list);
4482 	INIT_STAT(&priv->fw_pend_stat);
4483 
4484 	/*
4485 	 * reinitialize lists
4486 	 */
4487 	INIT_LIST_HEAD(&priv->tx_pend_list);
4488 	INIT_LIST_HEAD(&priv->tx_free_list);
4489 	INIT_STAT(&priv->tx_pend_stat);
4490 	INIT_STAT(&priv->tx_free_stat);
4491 
4492 	for (i = 0; i < TX_PENDED_QUEUE_LENGTH; i++) {
4493 		/* We simply drop any SKBs that have been queued for
4494 		 * transmit */
4495 		if (priv->tx_buffers[i].info.d_struct.txb) {
4496 			libipw_txb_free(priv->tx_buffers[i].info.d_struct.
4497 					   txb);
4498 			priv->tx_buffers[i].info.d_struct.txb = NULL;
4499 		}
4500 
4501 		list_add_tail(&priv->tx_buffers[i].list, &priv->tx_free_list);
4502 	}
4503 
4504 	SET_STAT(&priv->tx_free_stat, i);
4505 
4506 	priv->tx_queue.oldest = 0;
4507 	priv->tx_queue.available = priv->tx_queue.entries;
4508 	priv->tx_queue.next = 0;
4509 	INIT_STAT(&priv->txq_stat);
4510 	SET_STAT(&priv->txq_stat, priv->tx_queue.available);
4511 
4512 	bd_queue_initialize(priv, &priv->tx_queue,
4513 			    IPW_MEM_HOST_SHARED_TX_QUEUE_BD_BASE,
4514 			    IPW_MEM_HOST_SHARED_TX_QUEUE_BD_SIZE,
4515 			    IPW_MEM_HOST_SHARED_TX_QUEUE_READ_INDEX,
4516 			    IPW_MEM_HOST_SHARED_TX_QUEUE_WRITE_INDEX);
4517 
4518 	IPW_DEBUG_INFO("exit\n");
4519 
4520 }
4521 
4522 static void ipw2100_tx_free(struct ipw2100_priv *priv)
4523 {
4524 	int i;
4525 
4526 	IPW_DEBUG_INFO("enter\n");
4527 
4528 	bd_queue_free(priv, &priv->tx_queue);
4529 
4530 	if (!priv->tx_buffers)
4531 		return;
4532 
4533 	for (i = 0; i < TX_PENDED_QUEUE_LENGTH; i++) {
4534 		if (priv->tx_buffers[i].info.d_struct.txb) {
4535 			libipw_txb_free(priv->tx_buffers[i].info.d_struct.
4536 					   txb);
4537 			priv->tx_buffers[i].info.d_struct.txb = NULL;
4538 		}
4539 		if (priv->tx_buffers[i].info.d_struct.data)
4540 			dma_free_coherent(&priv->pci_dev->dev,
4541 					  sizeof(struct ipw2100_data_header),
4542 					  priv->tx_buffers[i].info.d_struct.data,
4543 					  priv->tx_buffers[i].info.d_struct.data_phys);
4544 	}
4545 
4546 	kfree(priv->tx_buffers);
4547 	priv->tx_buffers = NULL;
4548 
4549 	IPW_DEBUG_INFO("exit\n");
4550 }
4551 
4552 static int ipw2100_rx_allocate(struct ipw2100_priv *priv)
4553 {
4554 	int i, j, err = -EINVAL;
4555 
4556 	IPW_DEBUG_INFO("enter\n");
4557 
4558 	err = bd_queue_allocate(priv, &priv->rx_queue, RX_QUEUE_LENGTH);
4559 	if (err) {
4560 		IPW_DEBUG_INFO("failed bd_queue_allocate\n");
4561 		return err;
4562 	}
4563 
4564 	err = status_queue_allocate(priv, RX_QUEUE_LENGTH);
4565 	if (err) {
4566 		IPW_DEBUG_INFO("failed status_queue_allocate\n");
4567 		bd_queue_free(priv, &priv->rx_queue);
4568 		return err;
4569 	}
4570 
4571 	/*
4572 	 * allocate packets
4573 	 */
4574 	priv->rx_buffers = kmalloc_array(RX_QUEUE_LENGTH,
4575 					 sizeof(struct ipw2100_rx_packet),
4576 					 GFP_KERNEL);
4577 	if (!priv->rx_buffers) {
4578 		IPW_DEBUG_INFO("can't allocate rx packet buffer table\n");
4579 
4580 		bd_queue_free(priv, &priv->rx_queue);
4581 
4582 		status_queue_free(priv);
4583 
4584 		return -ENOMEM;
4585 	}
4586 
4587 	for (i = 0; i < RX_QUEUE_LENGTH; i++) {
4588 		struct ipw2100_rx_packet *packet = &priv->rx_buffers[i];
4589 
4590 		err = ipw2100_alloc_skb(priv, packet);
4591 		if (unlikely(err)) {
4592 			err = -ENOMEM;
4593 			break;
4594 		}
4595 
4596 		/* The BD holds the cache aligned address */
4597 		priv->rx_queue.drv[i].host_addr = packet->dma_addr;
4598 		priv->rx_queue.drv[i].buf_length = IPW_RX_NIC_BUFFER_LENGTH;
4599 		priv->status_queue.drv[i].status_fields = 0;
4600 	}
4601 
4602 	if (i == RX_QUEUE_LENGTH)
4603 		return 0;
4604 
4605 	for (j = 0; j < i; j++) {
4606 		dma_unmap_single(&priv->pci_dev->dev,
4607 				 priv->rx_buffers[j].dma_addr,
4608 				 sizeof(struct ipw2100_rx_packet),
4609 				 DMA_FROM_DEVICE);
4610 		dev_kfree_skb(priv->rx_buffers[j].skb);
4611 	}
4612 
4613 	kfree(priv->rx_buffers);
4614 	priv->rx_buffers = NULL;
4615 
4616 	bd_queue_free(priv, &priv->rx_queue);
4617 
4618 	status_queue_free(priv);
4619 
4620 	return err;
4621 }
4622 
4623 static void ipw2100_rx_initialize(struct ipw2100_priv *priv)
4624 {
4625 	IPW_DEBUG_INFO("enter\n");
4626 
4627 	priv->rx_queue.oldest = 0;
4628 	priv->rx_queue.available = priv->rx_queue.entries - 1;
4629 	priv->rx_queue.next = priv->rx_queue.entries - 1;
4630 
4631 	INIT_STAT(&priv->rxq_stat);
4632 	SET_STAT(&priv->rxq_stat, priv->rx_queue.available);
4633 
4634 	bd_queue_initialize(priv, &priv->rx_queue,
4635 			    IPW_MEM_HOST_SHARED_RX_BD_BASE,
4636 			    IPW_MEM_HOST_SHARED_RX_BD_SIZE,
4637 			    IPW_MEM_HOST_SHARED_RX_READ_INDEX,
4638 			    IPW_MEM_HOST_SHARED_RX_WRITE_INDEX);
4639 
4640 	/* set up the status queue */
4641 	write_register(priv->net_dev, IPW_MEM_HOST_SHARED_RX_STATUS_BASE,
4642 		       priv->status_queue.nic);
4643 
4644 	IPW_DEBUG_INFO("exit\n");
4645 }
4646 
4647 static void ipw2100_rx_free(struct ipw2100_priv *priv)
4648 {
4649 	int i;
4650 
4651 	IPW_DEBUG_INFO("enter\n");
4652 
4653 	bd_queue_free(priv, &priv->rx_queue);
4654 	status_queue_free(priv);
4655 
4656 	if (!priv->rx_buffers)
4657 		return;
4658 
4659 	for (i = 0; i < RX_QUEUE_LENGTH; i++) {
4660 		if (priv->rx_buffers[i].rxp) {
4661 			dma_unmap_single(&priv->pci_dev->dev,
4662 					 priv->rx_buffers[i].dma_addr,
4663 					 sizeof(struct ipw2100_rx),
4664 					 DMA_FROM_DEVICE);
4665 			dev_kfree_skb(priv->rx_buffers[i].skb);
4666 		}
4667 	}
4668 
4669 	kfree(priv->rx_buffers);
4670 	priv->rx_buffers = NULL;
4671 
4672 	IPW_DEBUG_INFO("exit\n");
4673 }
4674 
4675 static int ipw2100_read_mac_address(struct ipw2100_priv *priv)
4676 {
4677 	u32 length = ETH_ALEN;
4678 	u8 addr[ETH_ALEN];
4679 
4680 	int err;
4681 
4682 	err = ipw2100_get_ordinal(priv, IPW_ORD_STAT_ADAPTER_MAC, addr, &length);
4683 	if (err) {
4684 		IPW_DEBUG_INFO("MAC address read failed\n");
4685 		return -EIO;
4686 	}
4687 
4688 	eth_hw_addr_set(priv->net_dev, addr);
4689 	IPW_DEBUG_INFO("card MAC is %pM\n", priv->net_dev->dev_addr);
4690 
4691 	return 0;
4692 }
4693 
4694 /********************************************************************
4695  *
4696  * Firmware Commands
4697  *
4698  ********************************************************************/
4699 
4700 static int ipw2100_set_mac_address(struct ipw2100_priv *priv, int batch_mode)
4701 {
4702 	struct host_command cmd = {
4703 		.host_command = ADAPTER_ADDRESS,
4704 		.host_command_sequence = 0,
4705 		.host_command_length = ETH_ALEN
4706 	};
4707 	int err;
4708 
4709 	IPW_DEBUG_HC("SET_MAC_ADDRESS\n");
4710 
4711 	IPW_DEBUG_INFO("enter\n");
4712 
4713 	if (priv->config & CFG_CUSTOM_MAC) {
4714 		memcpy(cmd.host_command_parameters, priv->mac_addr, ETH_ALEN);
4715 		eth_hw_addr_set(priv->net_dev, priv->mac_addr);
4716 	} else
4717 		memcpy(cmd.host_command_parameters, priv->net_dev->dev_addr,
4718 		       ETH_ALEN);
4719 
4720 	err = ipw2100_hw_send_command(priv, &cmd);
4721 
4722 	IPW_DEBUG_INFO("exit\n");
4723 	return err;
4724 }
4725 
4726 static int ipw2100_set_port_type(struct ipw2100_priv *priv, u32 port_type,
4727 				 int batch_mode)
4728 {
4729 	struct host_command cmd = {
4730 		.host_command = PORT_TYPE,
4731 		.host_command_sequence = 0,
4732 		.host_command_length = sizeof(u32)
4733 	};
4734 	int err;
4735 
4736 	switch (port_type) {
4737 	case IW_MODE_INFRA:
4738 		cmd.host_command_parameters[0] = IPW_BSS;
4739 		break;
4740 	case IW_MODE_ADHOC:
4741 		cmd.host_command_parameters[0] = IPW_IBSS;
4742 		break;
4743 	}
4744 
4745 	IPW_DEBUG_HC("PORT_TYPE: %s\n",
4746 		     port_type == IPW_IBSS ? "Ad-Hoc" : "Managed");
4747 
4748 	if (!batch_mode) {
4749 		err = ipw2100_disable_adapter(priv);
4750 		if (err) {
4751 			printk(KERN_ERR DRV_NAME
4752 			       ": %s: Could not disable adapter %d\n",
4753 			       priv->net_dev->name, err);
4754 			return err;
4755 		}
4756 	}
4757 
4758 	/* send cmd to firmware */
4759 	err = ipw2100_hw_send_command(priv, &cmd);
4760 
4761 	if (!batch_mode)
4762 		ipw2100_enable_adapter(priv);
4763 
4764 	return err;
4765 }
4766 
4767 static int ipw2100_set_channel(struct ipw2100_priv *priv, u32 channel,
4768 			       int batch_mode)
4769 {
4770 	struct host_command cmd = {
4771 		.host_command = CHANNEL,
4772 		.host_command_sequence = 0,
4773 		.host_command_length = sizeof(u32)
4774 	};
4775 	int err;
4776 
4777 	cmd.host_command_parameters[0] = channel;
4778 
4779 	IPW_DEBUG_HC("CHANNEL: %d\n", channel);
4780 
4781 	/* If BSS then we don't support channel selection */
4782 	if (priv->ieee->iw_mode == IW_MODE_INFRA)
4783 		return 0;
4784 
4785 	if ((channel != 0) &&
4786 	    ((channel < REG_MIN_CHANNEL) || (channel > REG_MAX_CHANNEL)))
4787 		return -EINVAL;
4788 
4789 	if (!batch_mode) {
4790 		err = ipw2100_disable_adapter(priv);
4791 		if (err)
4792 			return err;
4793 	}
4794 
4795 	err = ipw2100_hw_send_command(priv, &cmd);
4796 	if (err) {
4797 		IPW_DEBUG_INFO("Failed to set channel to %d", channel);
4798 		return err;
4799 	}
4800 
4801 	if (channel)
4802 		priv->config |= CFG_STATIC_CHANNEL;
4803 	else
4804 		priv->config &= ~CFG_STATIC_CHANNEL;
4805 
4806 	priv->channel = channel;
4807 
4808 	if (!batch_mode) {
4809 		err = ipw2100_enable_adapter(priv);
4810 		if (err)
4811 			return err;
4812 	}
4813 
4814 	return 0;
4815 }
4816 
4817 static int ipw2100_system_config(struct ipw2100_priv *priv, int batch_mode)
4818 {
4819 	struct host_command cmd = {
4820 		.host_command = SYSTEM_CONFIG,
4821 		.host_command_sequence = 0,
4822 		.host_command_length = 12,
4823 	};
4824 	u32 ibss_mask, len = sizeof(u32);
4825 	int err;
4826 
4827 	/* Set system configuration */
4828 
4829 	if (!batch_mode) {
4830 		err = ipw2100_disable_adapter(priv);
4831 		if (err)
4832 			return err;
4833 	}
4834 
4835 	if (priv->ieee->iw_mode == IW_MODE_ADHOC)
4836 		cmd.host_command_parameters[0] |= IPW_CFG_IBSS_AUTO_START;
4837 
4838 	cmd.host_command_parameters[0] |= IPW_CFG_IBSS_MASK |
4839 	    IPW_CFG_BSS_MASK | IPW_CFG_802_1x_ENABLE;
4840 
4841 	if (!(priv->config & CFG_LONG_PREAMBLE))
4842 		cmd.host_command_parameters[0] |= IPW_CFG_PREAMBLE_AUTO;
4843 
4844 	err = ipw2100_get_ordinal(priv,
4845 				  IPW_ORD_EEPROM_IBSS_11B_CHANNELS,
4846 				  &ibss_mask, &len);
4847 	if (err)
4848 		ibss_mask = IPW_IBSS_11B_DEFAULT_MASK;
4849 
4850 	cmd.host_command_parameters[1] = REG_CHANNEL_MASK;
4851 	cmd.host_command_parameters[2] = REG_CHANNEL_MASK & ibss_mask;
4852 
4853 	/* 11b only */
4854 	/*cmd.host_command_parameters[0] |= DIVERSITY_ANTENNA_A; */
4855 
4856 	err = ipw2100_hw_send_command(priv, &cmd);
4857 	if (err)
4858 		return err;
4859 
4860 /* If IPv6 is configured in the kernel then we don't want to filter out all
4861  * of the multicast packets as IPv6 needs some. */
4862 #if !defined(CONFIG_IPV6) && !defined(CONFIG_IPV6_MODULE)
4863 	cmd.host_command = ADD_MULTICAST;
4864 	cmd.host_command_sequence = 0;
4865 	cmd.host_command_length = 0;
4866 
4867 	ipw2100_hw_send_command(priv, &cmd);
4868 #endif
4869 	if (!batch_mode) {
4870 		err = ipw2100_enable_adapter(priv);
4871 		if (err)
4872 			return err;
4873 	}
4874 
4875 	return 0;
4876 }
4877 
4878 static int ipw2100_set_tx_rates(struct ipw2100_priv *priv, u32 rate,
4879 				int batch_mode)
4880 {
4881 	struct host_command cmd = {
4882 		.host_command = BASIC_TX_RATES,
4883 		.host_command_sequence = 0,
4884 		.host_command_length = 4
4885 	};
4886 	int err;
4887 
4888 	cmd.host_command_parameters[0] = rate & TX_RATE_MASK;
4889 
4890 	if (!batch_mode) {
4891 		err = ipw2100_disable_adapter(priv);
4892 		if (err)
4893 			return err;
4894 	}
4895 
4896 	/* Set BASIC TX Rate first */
4897 	ipw2100_hw_send_command(priv, &cmd);
4898 
4899 	/* Set TX Rate */
4900 	cmd.host_command = TX_RATES;
4901 	ipw2100_hw_send_command(priv, &cmd);
4902 
4903 	/* Set MSDU TX Rate */
4904 	cmd.host_command = MSDU_TX_RATES;
4905 	ipw2100_hw_send_command(priv, &cmd);
4906 
4907 	if (!batch_mode) {
4908 		err = ipw2100_enable_adapter(priv);
4909 		if (err)
4910 			return err;
4911 	}
4912 
4913 	priv->tx_rates = rate;
4914 
4915 	return 0;
4916 }
4917 
4918 static int ipw2100_set_power_mode(struct ipw2100_priv *priv, int power_level)
4919 {
4920 	struct host_command cmd = {
4921 		.host_command = POWER_MODE,
4922 		.host_command_sequence = 0,
4923 		.host_command_length = 4
4924 	};
4925 	int err;
4926 
4927 	cmd.host_command_parameters[0] = power_level;
4928 
4929 	err = ipw2100_hw_send_command(priv, &cmd);
4930 	if (err)
4931 		return err;
4932 
4933 	if (power_level == IPW_POWER_MODE_CAM)
4934 		priv->power_mode = IPW_POWER_LEVEL(priv->power_mode);
4935 	else
4936 		priv->power_mode = IPW_POWER_ENABLED | power_level;
4937 
4938 #ifdef IPW2100_TX_POWER
4939 	if (priv->port_type == IBSS && priv->adhoc_power != DFTL_IBSS_TX_POWER) {
4940 		/* Set beacon interval */
4941 		cmd.host_command = TX_POWER_INDEX;
4942 		cmd.host_command_parameters[0] = (u32) priv->adhoc_power;
4943 
4944 		err = ipw2100_hw_send_command(priv, &cmd);
4945 		if (err)
4946 			return err;
4947 	}
4948 #endif
4949 
4950 	return 0;
4951 }
4952 
4953 static int ipw2100_set_rts_threshold(struct ipw2100_priv *priv, u32 threshold)
4954 {
4955 	struct host_command cmd = {
4956 		.host_command = RTS_THRESHOLD,
4957 		.host_command_sequence = 0,
4958 		.host_command_length = 4
4959 	};
4960 	int err;
4961 
4962 	if (threshold & RTS_DISABLED)
4963 		cmd.host_command_parameters[0] = MAX_RTS_THRESHOLD;
4964 	else
4965 		cmd.host_command_parameters[0] = threshold & ~RTS_DISABLED;
4966 
4967 	err = ipw2100_hw_send_command(priv, &cmd);
4968 	if (err)
4969 		return err;
4970 
4971 	priv->rts_threshold = threshold;
4972 
4973 	return 0;
4974 }
4975 
4976 #if 0
4977 int ipw2100_set_fragmentation_threshold(struct ipw2100_priv *priv,
4978 					u32 threshold, int batch_mode)
4979 {
4980 	struct host_command cmd = {
4981 		.host_command = FRAG_THRESHOLD,
4982 		.host_command_sequence = 0,
4983 		.host_command_length = 4,
4984 		.host_command_parameters[0] = 0,
4985 	};
4986 	int err;
4987 
4988 	if (!batch_mode) {
4989 		err = ipw2100_disable_adapter(priv);
4990 		if (err)
4991 			return err;
4992 	}
4993 
4994 	if (threshold == 0)
4995 		threshold = DEFAULT_FRAG_THRESHOLD;
4996 	else {
4997 		threshold = max(threshold, MIN_FRAG_THRESHOLD);
4998 		threshold = min(threshold, MAX_FRAG_THRESHOLD);
4999 	}
5000 
5001 	cmd.host_command_parameters[0] = threshold;
5002 
5003 	IPW_DEBUG_HC("FRAG_THRESHOLD: %u\n", threshold);
5004 
5005 	err = ipw2100_hw_send_command(priv, &cmd);
5006 
5007 	if (!batch_mode)
5008 		ipw2100_enable_adapter(priv);
5009 
5010 	if (!err)
5011 		priv->frag_threshold = threshold;
5012 
5013 	return err;
5014 }
5015 #endif
5016 
5017 static int ipw2100_set_short_retry(struct ipw2100_priv *priv, u32 retry)
5018 {
5019 	struct host_command cmd = {
5020 		.host_command = SHORT_RETRY_LIMIT,
5021 		.host_command_sequence = 0,
5022 		.host_command_length = 4
5023 	};
5024 	int err;
5025 
5026 	cmd.host_command_parameters[0] = retry;
5027 
5028 	err = ipw2100_hw_send_command(priv, &cmd);
5029 	if (err)
5030 		return err;
5031 
5032 	priv->short_retry_limit = retry;
5033 
5034 	return 0;
5035 }
5036 
5037 static int ipw2100_set_long_retry(struct ipw2100_priv *priv, u32 retry)
5038 {
5039 	struct host_command cmd = {
5040 		.host_command = LONG_RETRY_LIMIT,
5041 		.host_command_sequence = 0,
5042 		.host_command_length = 4
5043 	};
5044 	int err;
5045 
5046 	cmd.host_command_parameters[0] = retry;
5047 
5048 	err = ipw2100_hw_send_command(priv, &cmd);
5049 	if (err)
5050 		return err;
5051 
5052 	priv->long_retry_limit = retry;
5053 
5054 	return 0;
5055 }
5056 
5057 static int ipw2100_set_mandatory_bssid(struct ipw2100_priv *priv, u8 * bssid,
5058 				       int batch_mode)
5059 {
5060 	struct host_command cmd = {
5061 		.host_command = MANDATORY_BSSID,
5062 		.host_command_sequence = 0,
5063 		.host_command_length = (bssid == NULL) ? 0 : ETH_ALEN
5064 	};
5065 	int err;
5066 
5067 #ifdef CONFIG_IPW2100_DEBUG
5068 	if (bssid != NULL)
5069 		IPW_DEBUG_HC("MANDATORY_BSSID: %pM\n", bssid);
5070 	else
5071 		IPW_DEBUG_HC("MANDATORY_BSSID: <clear>\n");
5072 #endif
5073 	/* if BSSID is empty then we disable mandatory bssid mode */
5074 	if (bssid != NULL)
5075 		memcpy(cmd.host_command_parameters, bssid, ETH_ALEN);
5076 
5077 	if (!batch_mode) {
5078 		err = ipw2100_disable_adapter(priv);
5079 		if (err)
5080 			return err;
5081 	}
5082 
5083 	err = ipw2100_hw_send_command(priv, &cmd);
5084 
5085 	if (!batch_mode)
5086 		ipw2100_enable_adapter(priv);
5087 
5088 	return err;
5089 }
5090 
5091 static int ipw2100_disassociate_bssid(struct ipw2100_priv *priv)
5092 {
5093 	struct host_command cmd = {
5094 		.host_command = DISASSOCIATION_BSSID,
5095 		.host_command_sequence = 0,
5096 		.host_command_length = ETH_ALEN
5097 	};
5098 	int err;
5099 
5100 	IPW_DEBUG_HC("DISASSOCIATION_BSSID\n");
5101 
5102 	/* The Firmware currently ignores the BSSID and just disassociates from
5103 	 * the currently associated AP -- but in the off chance that a future
5104 	 * firmware does use the BSSID provided here, we go ahead and try and
5105 	 * set it to the currently associated AP's BSSID */
5106 	memcpy(cmd.host_command_parameters, priv->bssid, ETH_ALEN);
5107 
5108 	err = ipw2100_hw_send_command(priv, &cmd);
5109 
5110 	return err;
5111 }
5112 
5113 static int ipw2100_set_wpa_ie(struct ipw2100_priv *,
5114 			      struct ipw2100_wpa_assoc_frame *, int)
5115     __attribute__ ((unused));
5116 
5117 static int ipw2100_set_wpa_ie(struct ipw2100_priv *priv,
5118 			      struct ipw2100_wpa_assoc_frame *wpa_frame,
5119 			      int batch_mode)
5120 {
5121 	struct host_command cmd = {
5122 		.host_command = SET_WPA_IE,
5123 		.host_command_sequence = 0,
5124 		.host_command_length = sizeof(struct ipw2100_wpa_assoc_frame),
5125 	};
5126 	int err;
5127 
5128 	IPW_DEBUG_HC("SET_WPA_IE\n");
5129 
5130 	if (!batch_mode) {
5131 		err = ipw2100_disable_adapter(priv);
5132 		if (err)
5133 			return err;
5134 	}
5135 
5136 	memcpy(cmd.host_command_parameters, wpa_frame,
5137 	       sizeof(struct ipw2100_wpa_assoc_frame));
5138 
5139 	err = ipw2100_hw_send_command(priv, &cmd);
5140 
5141 	if (!batch_mode) {
5142 		if (ipw2100_enable_adapter(priv))
5143 			err = -EIO;
5144 	}
5145 
5146 	return err;
5147 }
5148 
5149 struct security_info_params {
5150 	u32 allowed_ciphers;
5151 	u16 version;
5152 	u8 auth_mode;
5153 	u8 replay_counters_number;
5154 	u8 unicast_using_group;
5155 } __packed;
5156 
5157 static int ipw2100_set_security_information(struct ipw2100_priv *priv,
5158 					    int auth_mode,
5159 					    int security_level,
5160 					    int unicast_using_group,
5161 					    int batch_mode)
5162 {
5163 	struct host_command cmd = {
5164 		.host_command = SET_SECURITY_INFORMATION,
5165 		.host_command_sequence = 0,
5166 		.host_command_length = sizeof(struct security_info_params)
5167 	};
5168 	struct security_info_params *security =
5169 	    (struct security_info_params *)&cmd.host_command_parameters;
5170 	int err;
5171 	memset(security, 0, sizeof(*security));
5172 
5173 	/* If shared key AP authentication is turned on, then we need to
5174 	 * configure the firmware to try and use it.
5175 	 *
5176 	 * Actual data encryption/decryption is handled by the host. */
5177 	security->auth_mode = auth_mode;
5178 	security->unicast_using_group = unicast_using_group;
5179 
5180 	switch (security_level) {
5181 	default:
5182 	case SEC_LEVEL_0:
5183 		security->allowed_ciphers = IPW_NONE_CIPHER;
5184 		break;
5185 	case SEC_LEVEL_1:
5186 		security->allowed_ciphers = IPW_WEP40_CIPHER |
5187 		    IPW_WEP104_CIPHER;
5188 		break;
5189 	case SEC_LEVEL_2:
5190 		security->allowed_ciphers = IPW_WEP40_CIPHER |
5191 		    IPW_WEP104_CIPHER | IPW_TKIP_CIPHER;
5192 		break;
5193 	case SEC_LEVEL_2_CKIP:
5194 		security->allowed_ciphers = IPW_WEP40_CIPHER |
5195 		    IPW_WEP104_CIPHER | IPW_CKIP_CIPHER;
5196 		break;
5197 	case SEC_LEVEL_3:
5198 		security->allowed_ciphers = IPW_WEP40_CIPHER |
5199 		    IPW_WEP104_CIPHER | IPW_TKIP_CIPHER | IPW_CCMP_CIPHER;
5200 		break;
5201 	}
5202 
5203 	IPW_DEBUG_HC
5204 	    ("SET_SECURITY_INFORMATION: auth:%d cipher:0x%02X (level %d)\n",
5205 	     security->auth_mode, security->allowed_ciphers, security_level);
5206 
5207 	security->replay_counters_number = 0;
5208 
5209 	if (!batch_mode) {
5210 		err = ipw2100_disable_adapter(priv);
5211 		if (err)
5212 			return err;
5213 	}
5214 
5215 	err = ipw2100_hw_send_command(priv, &cmd);
5216 
5217 	if (!batch_mode)
5218 		ipw2100_enable_adapter(priv);
5219 
5220 	return err;
5221 }
5222 
5223 static int ipw2100_set_tx_power(struct ipw2100_priv *priv, u32 tx_power)
5224 {
5225 	struct host_command cmd = {
5226 		.host_command = TX_POWER_INDEX,
5227 		.host_command_sequence = 0,
5228 		.host_command_length = 4
5229 	};
5230 	int err = 0;
5231 	u32 tmp = tx_power;
5232 
5233 	if (tx_power != IPW_TX_POWER_DEFAULT)
5234 		tmp = (tx_power - IPW_TX_POWER_MIN_DBM) * 16 /
5235 		      (IPW_TX_POWER_MAX_DBM - IPW_TX_POWER_MIN_DBM);
5236 
5237 	cmd.host_command_parameters[0] = tmp;
5238 
5239 	if (priv->ieee->iw_mode == IW_MODE_ADHOC)
5240 		err = ipw2100_hw_send_command(priv, &cmd);
5241 	if (!err)
5242 		priv->tx_power = tx_power;
5243 
5244 	return 0;
5245 }
5246 
5247 static int ipw2100_set_ibss_beacon_interval(struct ipw2100_priv *priv,
5248 					    u32 interval, int batch_mode)
5249 {
5250 	struct host_command cmd = {
5251 		.host_command = BEACON_INTERVAL,
5252 		.host_command_sequence = 0,
5253 		.host_command_length = 4
5254 	};
5255 	int err;
5256 
5257 	cmd.host_command_parameters[0] = interval;
5258 
5259 	IPW_DEBUG_INFO("enter\n");
5260 
5261 	if (priv->ieee->iw_mode == IW_MODE_ADHOC) {
5262 		if (!batch_mode) {
5263 			err = ipw2100_disable_adapter(priv);
5264 			if (err)
5265 				return err;
5266 		}
5267 
5268 		ipw2100_hw_send_command(priv, &cmd);
5269 
5270 		if (!batch_mode) {
5271 			err = ipw2100_enable_adapter(priv);
5272 			if (err)
5273 				return err;
5274 		}
5275 	}
5276 
5277 	IPW_DEBUG_INFO("exit\n");
5278 
5279 	return 0;
5280 }
5281 
5282 static void ipw2100_queues_initialize(struct ipw2100_priv *priv)
5283 {
5284 	ipw2100_tx_initialize(priv);
5285 	ipw2100_rx_initialize(priv);
5286 	ipw2100_msg_initialize(priv);
5287 }
5288 
5289 static void ipw2100_queues_free(struct ipw2100_priv *priv)
5290 {
5291 	ipw2100_tx_free(priv);
5292 	ipw2100_rx_free(priv);
5293 	ipw2100_msg_free(priv);
5294 }
5295 
5296 static int ipw2100_queues_allocate(struct ipw2100_priv *priv)
5297 {
5298 	if (ipw2100_tx_allocate(priv) ||
5299 	    ipw2100_rx_allocate(priv) || ipw2100_msg_allocate(priv))
5300 		goto fail;
5301 
5302 	return 0;
5303 
5304       fail:
5305 	ipw2100_tx_free(priv);
5306 	ipw2100_rx_free(priv);
5307 	ipw2100_msg_free(priv);
5308 	return -ENOMEM;
5309 }
5310 
5311 #define IPW_PRIVACY_CAPABLE 0x0008
5312 
5313 static int ipw2100_set_wep_flags(struct ipw2100_priv *priv, u32 flags,
5314 				 int batch_mode)
5315 {
5316 	struct host_command cmd = {
5317 		.host_command = WEP_FLAGS,
5318 		.host_command_sequence = 0,
5319 		.host_command_length = 4
5320 	};
5321 	int err;
5322 
5323 	cmd.host_command_parameters[0] = flags;
5324 
5325 	IPW_DEBUG_HC("WEP_FLAGS: flags = 0x%08X\n", flags);
5326 
5327 	if (!batch_mode) {
5328 		err = ipw2100_disable_adapter(priv);
5329 		if (err) {
5330 			printk(KERN_ERR DRV_NAME
5331 			       ": %s: Could not disable adapter %d\n",
5332 			       priv->net_dev->name, err);
5333 			return err;
5334 		}
5335 	}
5336 
5337 	/* send cmd to firmware */
5338 	err = ipw2100_hw_send_command(priv, &cmd);
5339 
5340 	if (!batch_mode)
5341 		ipw2100_enable_adapter(priv);
5342 
5343 	return err;
5344 }
5345 
5346 struct ipw2100_wep_key {
5347 	u8 idx;
5348 	u8 len;
5349 	u8 key[13];
5350 };
5351 
5352 /* Macros to ease up priting WEP keys */
5353 #define WEP_FMT_64  "%02X%02X%02X%02X-%02X"
5354 #define WEP_FMT_128 "%02X%02X%02X%02X-%02X%02X%02X%02X-%02X%02X%02X"
5355 #define WEP_STR_64(x) x[0],x[1],x[2],x[3],x[4]
5356 #define WEP_STR_128(x) x[0],x[1],x[2],x[3],x[4],x[5],x[6],x[7],x[8],x[9],x[10]
5357 
5358 /**
5359  * ipw2100_set_key() - Set a the wep key
5360  *
5361  * @priv: struct to work on
5362  * @idx: index of the key we want to set
5363  * @key: ptr to the key data to set
5364  * @len: length of the buffer at @key
5365  * @batch_mode: FIXME perform the operation in batch mode, not
5366  *              disabling the device.
5367  *
5368  * @returns 0 if OK, < 0 errno code on error.
5369  *
5370  * Fill out a command structure with the new wep key, length an
5371  * index and send it down the wire.
5372  */
5373 static int ipw2100_set_key(struct ipw2100_priv *priv,
5374 			   int idx, char *key, int len, int batch_mode)
5375 {
5376 	int keylen = len ? (len <= 5 ? 5 : 13) : 0;
5377 	struct host_command cmd = {
5378 		.host_command = WEP_KEY_INFO,
5379 		.host_command_sequence = 0,
5380 		.host_command_length = sizeof(struct ipw2100_wep_key),
5381 	};
5382 	struct ipw2100_wep_key *wep_key = (void *)cmd.host_command_parameters;
5383 	int err;
5384 
5385 	IPW_DEBUG_HC("WEP_KEY_INFO: index = %d, len = %d/%d\n",
5386 		     idx, keylen, len);
5387 
5388 	/* NOTE: We don't check cached values in case the firmware was reset
5389 	 * or some other problem is occurring.  If the user is setting the key,
5390 	 * then we push the change */
5391 
5392 	wep_key->idx = idx;
5393 	wep_key->len = keylen;
5394 
5395 	if (keylen) {
5396 		memcpy(wep_key->key, key, len);
5397 		memset(wep_key->key + len, 0, keylen - len);
5398 	}
5399 
5400 	/* Will be optimized out on debug not being configured in */
5401 	if (keylen == 0)
5402 		IPW_DEBUG_WEP("%s: Clearing key %d\n",
5403 			      priv->net_dev->name, wep_key->idx);
5404 	else if (keylen == 5)
5405 		IPW_DEBUG_WEP("%s: idx: %d, len: %d key: " WEP_FMT_64 "\n",
5406 			      priv->net_dev->name, wep_key->idx, wep_key->len,
5407 			      WEP_STR_64(wep_key->key));
5408 	else
5409 		IPW_DEBUG_WEP("%s: idx: %d, len: %d key: " WEP_FMT_128
5410 			      "\n",
5411 			      priv->net_dev->name, wep_key->idx, wep_key->len,
5412 			      WEP_STR_128(wep_key->key));
5413 
5414 	if (!batch_mode) {
5415 		err = ipw2100_disable_adapter(priv);
5416 		/* FIXME: IPG: shouldn't this prink be in _disable_adapter()? */
5417 		if (err) {
5418 			printk(KERN_ERR DRV_NAME
5419 			       ": %s: Could not disable adapter %d\n",
5420 			       priv->net_dev->name, err);
5421 			return err;
5422 		}
5423 	}
5424 
5425 	/* send cmd to firmware */
5426 	err = ipw2100_hw_send_command(priv, &cmd);
5427 
5428 	if (!batch_mode) {
5429 		int err2 = ipw2100_enable_adapter(priv);
5430 		if (err == 0)
5431 			err = err2;
5432 	}
5433 	return err;
5434 }
5435 
5436 static int ipw2100_set_key_index(struct ipw2100_priv *priv,
5437 				 int idx, int batch_mode)
5438 {
5439 	struct host_command cmd = {
5440 		.host_command = WEP_KEY_INDEX,
5441 		.host_command_sequence = 0,
5442 		.host_command_length = 4,
5443 		.host_command_parameters = {idx},
5444 	};
5445 	int err;
5446 
5447 	IPW_DEBUG_HC("WEP_KEY_INDEX: index = %d\n", idx);
5448 
5449 	if (idx < 0 || idx > 3)
5450 		return -EINVAL;
5451 
5452 	if (!batch_mode) {
5453 		err = ipw2100_disable_adapter(priv);
5454 		if (err) {
5455 			printk(KERN_ERR DRV_NAME
5456 			       ": %s: Could not disable adapter %d\n",
5457 			       priv->net_dev->name, err);
5458 			return err;
5459 		}
5460 	}
5461 
5462 	/* send cmd to firmware */
5463 	err = ipw2100_hw_send_command(priv, &cmd);
5464 
5465 	if (!batch_mode)
5466 		ipw2100_enable_adapter(priv);
5467 
5468 	return err;
5469 }
5470 
5471 static int ipw2100_configure_security(struct ipw2100_priv *priv, int batch_mode)
5472 {
5473 	int i, err, auth_mode, sec_level, use_group;
5474 
5475 	if (!(priv->status & STATUS_RUNNING))
5476 		return 0;
5477 
5478 	if (!batch_mode) {
5479 		err = ipw2100_disable_adapter(priv);
5480 		if (err)
5481 			return err;
5482 	}
5483 
5484 	if (!priv->ieee->sec.enabled) {
5485 		err =
5486 		    ipw2100_set_security_information(priv, IPW_AUTH_OPEN,
5487 						     SEC_LEVEL_0, 0, 1);
5488 	} else {
5489 		auth_mode = IPW_AUTH_OPEN;
5490 		if (priv->ieee->sec.flags & SEC_AUTH_MODE) {
5491 			if (priv->ieee->sec.auth_mode == WLAN_AUTH_SHARED_KEY)
5492 				auth_mode = IPW_AUTH_SHARED;
5493 			else if (priv->ieee->sec.auth_mode == WLAN_AUTH_LEAP)
5494 				auth_mode = IPW_AUTH_LEAP_CISCO_ID;
5495 		}
5496 
5497 		sec_level = SEC_LEVEL_0;
5498 		if (priv->ieee->sec.flags & SEC_LEVEL)
5499 			sec_level = priv->ieee->sec.level;
5500 
5501 		use_group = 0;
5502 		if (priv->ieee->sec.flags & SEC_UNICAST_GROUP)
5503 			use_group = priv->ieee->sec.unicast_uses_group;
5504 
5505 		err =
5506 		    ipw2100_set_security_information(priv, auth_mode, sec_level,
5507 						     use_group, 1);
5508 	}
5509 
5510 	if (err)
5511 		goto exit;
5512 
5513 	if (priv->ieee->sec.enabled) {
5514 		for (i = 0; i < 4; i++) {
5515 			if (!(priv->ieee->sec.flags & (1 << i))) {
5516 				memset(priv->ieee->sec.keys[i], 0, WEP_KEY_LEN);
5517 				priv->ieee->sec.key_sizes[i] = 0;
5518 			} else {
5519 				err = ipw2100_set_key(priv, i,
5520 						      priv->ieee->sec.keys[i],
5521 						      priv->ieee->sec.
5522 						      key_sizes[i], 1);
5523 				if (err)
5524 					goto exit;
5525 			}
5526 		}
5527 
5528 		ipw2100_set_key_index(priv, priv->ieee->crypt_info.tx_keyidx, 1);
5529 	}
5530 
5531 	/* Always enable privacy so the Host can filter WEP packets if
5532 	 * encrypted data is sent up */
5533 	err =
5534 	    ipw2100_set_wep_flags(priv,
5535 				  priv->ieee->sec.
5536 				  enabled ? IPW_PRIVACY_CAPABLE : 0, 1);
5537 	if (err)
5538 		goto exit;
5539 
5540 	priv->status &= ~STATUS_SECURITY_UPDATED;
5541 
5542       exit:
5543 	if (!batch_mode)
5544 		ipw2100_enable_adapter(priv);
5545 
5546 	return err;
5547 }
5548 
5549 static void ipw2100_security_work(struct work_struct *work)
5550 {
5551 	struct ipw2100_priv *priv =
5552 		container_of(work, struct ipw2100_priv, security_work.work);
5553 
5554 	/* If we happen to have reconnected before we get a chance to
5555 	 * process this, then update the security settings--which causes
5556 	 * a disassociation to occur */
5557 	if (!(priv->status & STATUS_ASSOCIATED) &&
5558 	    priv->status & STATUS_SECURITY_UPDATED)
5559 		ipw2100_configure_security(priv, 0);
5560 }
5561 
5562 static void shim__set_security(struct net_device *dev,
5563 			       struct libipw_security *sec)
5564 {
5565 	struct ipw2100_priv *priv = libipw_priv(dev);
5566 	int i;
5567 
5568 	mutex_lock(&priv->action_mutex);
5569 	if (!(priv->status & STATUS_INITIALIZED))
5570 		goto done;
5571 
5572 	for (i = 0; i < 4; i++) {
5573 		if (sec->flags & (1 << i)) {
5574 			priv->ieee->sec.key_sizes[i] = sec->key_sizes[i];
5575 			if (sec->key_sizes[i] == 0)
5576 				priv->ieee->sec.flags &= ~(1 << i);
5577 			else
5578 				memcpy(priv->ieee->sec.keys[i], sec->keys[i],
5579 				       sec->key_sizes[i]);
5580 			if (sec->level == SEC_LEVEL_1) {
5581 				priv->ieee->sec.flags |= (1 << i);
5582 				priv->status |= STATUS_SECURITY_UPDATED;
5583 			} else
5584 				priv->ieee->sec.flags &= ~(1 << i);
5585 		}
5586 	}
5587 
5588 	if ((sec->flags & SEC_ACTIVE_KEY) &&
5589 	    priv->ieee->sec.active_key != sec->active_key) {
5590 		priv->ieee->sec.active_key = sec->active_key;
5591 		priv->ieee->sec.flags |= SEC_ACTIVE_KEY;
5592 		priv->status |= STATUS_SECURITY_UPDATED;
5593 	}
5594 
5595 	if ((sec->flags & SEC_AUTH_MODE) &&
5596 	    (priv->ieee->sec.auth_mode != sec->auth_mode)) {
5597 		priv->ieee->sec.auth_mode = sec->auth_mode;
5598 		priv->ieee->sec.flags |= SEC_AUTH_MODE;
5599 		priv->status |= STATUS_SECURITY_UPDATED;
5600 	}
5601 
5602 	if (sec->flags & SEC_ENABLED && priv->ieee->sec.enabled != sec->enabled) {
5603 		priv->ieee->sec.flags |= SEC_ENABLED;
5604 		priv->ieee->sec.enabled = sec->enabled;
5605 		priv->status |= STATUS_SECURITY_UPDATED;
5606 	}
5607 
5608 	if (sec->flags & SEC_ENCRYPT)
5609 		priv->ieee->sec.encrypt = sec->encrypt;
5610 
5611 	if (sec->flags & SEC_LEVEL && priv->ieee->sec.level != sec->level) {
5612 		priv->ieee->sec.level = sec->level;
5613 		priv->ieee->sec.flags |= SEC_LEVEL;
5614 		priv->status |= STATUS_SECURITY_UPDATED;
5615 	}
5616 
5617 	IPW_DEBUG_WEP("Security flags: %c %c%c%c%c %c%c%c%c\n",
5618 		      priv->ieee->sec.flags & (1 << 8) ? '1' : '0',
5619 		      priv->ieee->sec.flags & (1 << 7) ? '1' : '0',
5620 		      priv->ieee->sec.flags & (1 << 6) ? '1' : '0',
5621 		      priv->ieee->sec.flags & (1 << 5) ? '1' : '0',
5622 		      priv->ieee->sec.flags & (1 << 4) ? '1' : '0',
5623 		      priv->ieee->sec.flags & (1 << 3) ? '1' : '0',
5624 		      priv->ieee->sec.flags & (1 << 2) ? '1' : '0',
5625 		      priv->ieee->sec.flags & (1 << 1) ? '1' : '0',
5626 		      priv->ieee->sec.flags & (1 << 0) ? '1' : '0');
5627 
5628 /* As a temporary work around to enable WPA until we figure out why
5629  * wpa_supplicant toggles the security capability of the driver, which
5630  * forces a disassociation with force_update...
5631  *
5632  *	if (force_update || !(priv->status & STATUS_ASSOCIATED))*/
5633 	if (!(priv->status & (STATUS_ASSOCIATED | STATUS_ASSOCIATING)))
5634 		ipw2100_configure_security(priv, 0);
5635       done:
5636 	mutex_unlock(&priv->action_mutex);
5637 }
5638 
5639 static int ipw2100_adapter_setup(struct ipw2100_priv *priv)
5640 {
5641 	int err;
5642 	int batch_mode = 1;
5643 	u8 *bssid;
5644 
5645 	IPW_DEBUG_INFO("enter\n");
5646 
5647 	err = ipw2100_disable_adapter(priv);
5648 	if (err)
5649 		return err;
5650 #ifdef CONFIG_IPW2100_MONITOR
5651 	if (priv->ieee->iw_mode == IW_MODE_MONITOR) {
5652 		err = ipw2100_set_channel(priv, priv->channel, batch_mode);
5653 		if (err)
5654 			return err;
5655 
5656 		IPW_DEBUG_INFO("exit\n");
5657 
5658 		return 0;
5659 	}
5660 #endif				/* CONFIG_IPW2100_MONITOR */
5661 
5662 	err = ipw2100_read_mac_address(priv);
5663 	if (err)
5664 		return -EIO;
5665 
5666 	err = ipw2100_set_mac_address(priv, batch_mode);
5667 	if (err)
5668 		return err;
5669 
5670 	err = ipw2100_set_port_type(priv, priv->ieee->iw_mode, batch_mode);
5671 	if (err)
5672 		return err;
5673 
5674 	if (priv->ieee->iw_mode == IW_MODE_ADHOC) {
5675 		err = ipw2100_set_channel(priv, priv->channel, batch_mode);
5676 		if (err)
5677 			return err;
5678 	}
5679 
5680 	err = ipw2100_system_config(priv, batch_mode);
5681 	if (err)
5682 		return err;
5683 
5684 	err = ipw2100_set_tx_rates(priv, priv->tx_rates, batch_mode);
5685 	if (err)
5686 		return err;
5687 
5688 	/* Default to power mode OFF */
5689 	err = ipw2100_set_power_mode(priv, IPW_POWER_MODE_CAM);
5690 	if (err)
5691 		return err;
5692 
5693 	err = ipw2100_set_rts_threshold(priv, priv->rts_threshold);
5694 	if (err)
5695 		return err;
5696 
5697 	if (priv->config & CFG_STATIC_BSSID)
5698 		bssid = priv->bssid;
5699 	else
5700 		bssid = NULL;
5701 	err = ipw2100_set_mandatory_bssid(priv, bssid, batch_mode);
5702 	if (err)
5703 		return err;
5704 
5705 	if (priv->config & CFG_STATIC_ESSID)
5706 		err = ipw2100_set_essid(priv, priv->essid, priv->essid_len,
5707 					batch_mode);
5708 	else
5709 		err = ipw2100_set_essid(priv, NULL, 0, batch_mode);
5710 	if (err)
5711 		return err;
5712 
5713 	err = ipw2100_configure_security(priv, batch_mode);
5714 	if (err)
5715 		return err;
5716 
5717 	if (priv->ieee->iw_mode == IW_MODE_ADHOC) {
5718 		err =
5719 		    ipw2100_set_ibss_beacon_interval(priv,
5720 						     priv->beacon_interval,
5721 						     batch_mode);
5722 		if (err)
5723 			return err;
5724 
5725 		err = ipw2100_set_tx_power(priv, priv->tx_power);
5726 		if (err)
5727 			return err;
5728 	}
5729 
5730 	/*
5731 	   err = ipw2100_set_fragmentation_threshold(
5732 	   priv, priv->frag_threshold, batch_mode);
5733 	   if (err)
5734 	   return err;
5735 	 */
5736 
5737 	IPW_DEBUG_INFO("exit\n");
5738 
5739 	return 0;
5740 }
5741 
5742 /*************************************************************************
5743  *
5744  * EXTERNALLY CALLED METHODS
5745  *
5746  *************************************************************************/
5747 
5748 /* This method is called by the network layer -- not to be confused with
5749  * ipw2100_set_mac_address() declared above called by this driver (and this
5750  * method as well) to talk to the firmware */
5751 static int ipw2100_set_address(struct net_device *dev, void *p)
5752 {
5753 	struct ipw2100_priv *priv = libipw_priv(dev);
5754 	struct sockaddr *addr = p;
5755 	int err = 0;
5756 
5757 	if (!is_valid_ether_addr(addr->sa_data))
5758 		return -EADDRNOTAVAIL;
5759 
5760 	mutex_lock(&priv->action_mutex);
5761 
5762 	priv->config |= CFG_CUSTOM_MAC;
5763 	memcpy(priv->mac_addr, addr->sa_data, ETH_ALEN);
5764 
5765 	err = ipw2100_set_mac_address(priv, 0);
5766 	if (err)
5767 		goto done;
5768 
5769 	priv->reset_backoff = 0;
5770 	mutex_unlock(&priv->action_mutex);
5771 	ipw2100_reset_adapter(&priv->reset_work.work);
5772 	return 0;
5773 
5774       done:
5775 	mutex_unlock(&priv->action_mutex);
5776 	return err;
5777 }
5778 
5779 static int ipw2100_open(struct net_device *dev)
5780 {
5781 	struct ipw2100_priv *priv = libipw_priv(dev);
5782 	unsigned long flags;
5783 	IPW_DEBUG_INFO("dev->open\n");
5784 
5785 	spin_lock_irqsave(&priv->low_lock, flags);
5786 	if (priv->status & STATUS_ASSOCIATED) {
5787 		netif_carrier_on(dev);
5788 		netif_start_queue(dev);
5789 	}
5790 	spin_unlock_irqrestore(&priv->low_lock, flags);
5791 
5792 	return 0;
5793 }
5794 
5795 static int ipw2100_close(struct net_device *dev)
5796 {
5797 	struct ipw2100_priv *priv = libipw_priv(dev);
5798 	unsigned long flags;
5799 	struct list_head *element;
5800 	struct ipw2100_tx_packet *packet;
5801 
5802 	IPW_DEBUG_INFO("enter\n");
5803 
5804 	spin_lock_irqsave(&priv->low_lock, flags);
5805 
5806 	if (priv->status & STATUS_ASSOCIATED)
5807 		netif_carrier_off(dev);
5808 	netif_stop_queue(dev);
5809 
5810 	/* Flush the TX queue ... */
5811 	while (!list_empty(&priv->tx_pend_list)) {
5812 		element = priv->tx_pend_list.next;
5813 		packet = list_entry(element, struct ipw2100_tx_packet, list);
5814 
5815 		list_del(element);
5816 		DEC_STAT(&priv->tx_pend_stat);
5817 
5818 		libipw_txb_free(packet->info.d_struct.txb);
5819 		packet->info.d_struct.txb = NULL;
5820 
5821 		list_add_tail(element, &priv->tx_free_list);
5822 		INC_STAT(&priv->tx_free_stat);
5823 	}
5824 	spin_unlock_irqrestore(&priv->low_lock, flags);
5825 
5826 	IPW_DEBUG_INFO("exit\n");
5827 
5828 	return 0;
5829 }
5830 
5831 /*
5832  * TODO:  Fix this function... its just wrong
5833  */
5834 static void ipw2100_tx_timeout(struct net_device *dev, unsigned int txqueue)
5835 {
5836 	struct ipw2100_priv *priv = libipw_priv(dev);
5837 
5838 	dev->stats.tx_errors++;
5839 
5840 #ifdef CONFIG_IPW2100_MONITOR
5841 	if (priv->ieee->iw_mode == IW_MODE_MONITOR)
5842 		return;
5843 #endif
5844 
5845 	IPW_DEBUG_INFO("%s: TX timed out.  Scheduling firmware restart.\n",
5846 		       dev->name);
5847 	schedule_reset(priv);
5848 }
5849 
5850 static int ipw2100_wpa_enable(struct ipw2100_priv *priv, int value)
5851 {
5852 	/* This is called when wpa_supplicant loads and closes the driver
5853 	 * interface. */
5854 	priv->ieee->wpa_enabled = value;
5855 	return 0;
5856 }
5857 
5858 static int ipw2100_wpa_set_auth_algs(struct ipw2100_priv *priv, int value)
5859 {
5860 
5861 	struct libipw_device *ieee = priv->ieee;
5862 	struct libipw_security sec = {
5863 		.flags = SEC_AUTH_MODE,
5864 	};
5865 	int ret = 0;
5866 
5867 	if (value & IW_AUTH_ALG_SHARED_KEY) {
5868 		sec.auth_mode = WLAN_AUTH_SHARED_KEY;
5869 		ieee->open_wep = 0;
5870 	} else if (value & IW_AUTH_ALG_OPEN_SYSTEM) {
5871 		sec.auth_mode = WLAN_AUTH_OPEN;
5872 		ieee->open_wep = 1;
5873 	} else if (value & IW_AUTH_ALG_LEAP) {
5874 		sec.auth_mode = WLAN_AUTH_LEAP;
5875 		ieee->open_wep = 1;
5876 	} else
5877 		return -EINVAL;
5878 
5879 	if (ieee->set_security)
5880 		ieee->set_security(ieee->dev, &sec);
5881 	else
5882 		ret = -EOPNOTSUPP;
5883 
5884 	return ret;
5885 }
5886 
5887 static void ipw2100_wpa_assoc_frame(struct ipw2100_priv *priv,
5888 				    char *wpa_ie, int wpa_ie_len)
5889 {
5890 
5891 	struct ipw2100_wpa_assoc_frame frame;
5892 
5893 	frame.fixed_ie_mask = 0;
5894 
5895 	/* copy WPA IE */
5896 	memcpy(frame.var_ie, wpa_ie, wpa_ie_len);
5897 	frame.var_ie_len = wpa_ie_len;
5898 
5899 	/* make sure WPA is enabled */
5900 	ipw2100_wpa_enable(priv, 1);
5901 	ipw2100_set_wpa_ie(priv, &frame, 0);
5902 }
5903 
5904 static void ipw_ethtool_get_drvinfo(struct net_device *dev,
5905 				    struct ethtool_drvinfo *info)
5906 {
5907 	struct ipw2100_priv *priv = libipw_priv(dev);
5908 	char fw_ver[64], ucode_ver[64];
5909 
5910 	strlcpy(info->driver, DRV_NAME, sizeof(info->driver));
5911 	strlcpy(info->version, DRV_VERSION, sizeof(info->version));
5912 
5913 	ipw2100_get_fwversion(priv, fw_ver, sizeof(fw_ver));
5914 	ipw2100_get_ucodeversion(priv, ucode_ver, sizeof(ucode_ver));
5915 
5916 	snprintf(info->fw_version, sizeof(info->fw_version), "%s:%d:%s",
5917 		 fw_ver, priv->eeprom_version, ucode_ver);
5918 
5919 	strlcpy(info->bus_info, pci_name(priv->pci_dev),
5920 		sizeof(info->bus_info));
5921 }
5922 
5923 static u32 ipw2100_ethtool_get_link(struct net_device *dev)
5924 {
5925 	struct ipw2100_priv *priv = libipw_priv(dev);
5926 	return (priv->status & STATUS_ASSOCIATED) ? 1 : 0;
5927 }
5928 
5929 static const struct ethtool_ops ipw2100_ethtool_ops = {
5930 	.get_link = ipw2100_ethtool_get_link,
5931 	.get_drvinfo = ipw_ethtool_get_drvinfo,
5932 };
5933 
5934 static void ipw2100_hang_check(struct work_struct *work)
5935 {
5936 	struct ipw2100_priv *priv =
5937 		container_of(work, struct ipw2100_priv, hang_check.work);
5938 	unsigned long flags;
5939 	u32 rtc = 0xa5a5a5a5;
5940 	u32 len = sizeof(rtc);
5941 	int restart = 0;
5942 
5943 	spin_lock_irqsave(&priv->low_lock, flags);
5944 
5945 	if (priv->fatal_error != 0) {
5946 		/* If fatal_error is set then we need to restart */
5947 		IPW_DEBUG_INFO("%s: Hardware fatal error detected.\n",
5948 			       priv->net_dev->name);
5949 
5950 		restart = 1;
5951 	} else if (ipw2100_get_ordinal(priv, IPW_ORD_RTC_TIME, &rtc, &len) ||
5952 		   (rtc == priv->last_rtc)) {
5953 		/* Check if firmware is hung */
5954 		IPW_DEBUG_INFO("%s: Firmware RTC stalled.\n",
5955 			       priv->net_dev->name);
5956 
5957 		restart = 1;
5958 	}
5959 
5960 	if (restart) {
5961 		/* Kill timer */
5962 		priv->stop_hang_check = 1;
5963 		priv->hangs++;
5964 
5965 		/* Restart the NIC */
5966 		schedule_reset(priv);
5967 	}
5968 
5969 	priv->last_rtc = rtc;
5970 
5971 	if (!priv->stop_hang_check)
5972 		schedule_delayed_work(&priv->hang_check, HZ / 2);
5973 
5974 	spin_unlock_irqrestore(&priv->low_lock, flags);
5975 }
5976 
5977 static void ipw2100_rf_kill(struct work_struct *work)
5978 {
5979 	struct ipw2100_priv *priv =
5980 		container_of(work, struct ipw2100_priv, rf_kill.work);
5981 	unsigned long flags;
5982 
5983 	spin_lock_irqsave(&priv->low_lock, flags);
5984 
5985 	if (rf_kill_active(priv)) {
5986 		IPW_DEBUG_RF_KILL("RF Kill active, rescheduling GPIO check\n");
5987 		if (!priv->stop_rf_kill)
5988 			schedule_delayed_work(&priv->rf_kill,
5989 					      round_jiffies_relative(HZ));
5990 		goto exit_unlock;
5991 	}
5992 
5993 	/* RF Kill is now disabled, so bring the device back up */
5994 
5995 	if (!(priv->status & STATUS_RF_KILL_MASK)) {
5996 		IPW_DEBUG_RF_KILL("HW RF Kill no longer active, restarting "
5997 				  "device\n");
5998 		schedule_reset(priv);
5999 	} else
6000 		IPW_DEBUG_RF_KILL("HW RF Kill deactivated.  SW RF Kill still "
6001 				  "enabled\n");
6002 
6003       exit_unlock:
6004 	spin_unlock_irqrestore(&priv->low_lock, flags);
6005 }
6006 
6007 static void ipw2100_irq_tasklet(struct tasklet_struct *t);
6008 
6009 static const struct net_device_ops ipw2100_netdev_ops = {
6010 	.ndo_open		= ipw2100_open,
6011 	.ndo_stop		= ipw2100_close,
6012 	.ndo_start_xmit		= libipw_xmit,
6013 	.ndo_tx_timeout		= ipw2100_tx_timeout,
6014 	.ndo_set_mac_address	= ipw2100_set_address,
6015 	.ndo_validate_addr	= eth_validate_addr,
6016 };
6017 
6018 /* Look into using netdev destructor to shutdown libipw? */
6019 
6020 static struct net_device *ipw2100_alloc_device(struct pci_dev *pci_dev,
6021 					       void __iomem * ioaddr)
6022 {
6023 	struct ipw2100_priv *priv;
6024 	struct net_device *dev;
6025 
6026 	dev = alloc_libipw(sizeof(struct ipw2100_priv), 0);
6027 	if (!dev)
6028 		return NULL;
6029 	priv = libipw_priv(dev);
6030 	priv->ieee = netdev_priv(dev);
6031 	priv->pci_dev = pci_dev;
6032 	priv->net_dev = dev;
6033 	priv->ioaddr = ioaddr;
6034 
6035 	priv->ieee->hard_start_xmit = ipw2100_tx;
6036 	priv->ieee->set_security = shim__set_security;
6037 
6038 	priv->ieee->perfect_rssi = -20;
6039 	priv->ieee->worst_rssi = -85;
6040 
6041 	dev->netdev_ops = &ipw2100_netdev_ops;
6042 	dev->ethtool_ops = &ipw2100_ethtool_ops;
6043 	dev->wireless_handlers = &ipw2100_wx_handler_def;
6044 	priv->wireless_data.libipw = priv->ieee;
6045 	dev->wireless_data = &priv->wireless_data;
6046 	dev->watchdog_timeo = 3 * HZ;
6047 	dev->irq = 0;
6048 	dev->min_mtu = 68;
6049 	dev->max_mtu = LIBIPW_DATA_LEN;
6050 
6051 	/* NOTE: We don't use the wireless_handlers hook
6052 	 * in dev as the system will start throwing WX requests
6053 	 * to us before we're actually initialized and it just
6054 	 * ends up causing problems.  So, we just handle
6055 	 * the WX extensions through the ipw2100_ioctl interface */
6056 
6057 	/* memset() puts everything to 0, so we only have explicitly set
6058 	 * those values that need to be something else */
6059 
6060 	/* If power management is turned on, default to AUTO mode */
6061 	priv->power_mode = IPW_POWER_AUTO;
6062 
6063 #ifdef CONFIG_IPW2100_MONITOR
6064 	priv->config |= CFG_CRC_CHECK;
6065 #endif
6066 	priv->ieee->wpa_enabled = 0;
6067 	priv->ieee->drop_unencrypted = 0;
6068 	priv->ieee->privacy_invoked = 0;
6069 	priv->ieee->ieee802_1x = 1;
6070 
6071 	/* Set module parameters */
6072 	switch (network_mode) {
6073 	case 1:
6074 		priv->ieee->iw_mode = IW_MODE_ADHOC;
6075 		break;
6076 #ifdef CONFIG_IPW2100_MONITOR
6077 	case 2:
6078 		priv->ieee->iw_mode = IW_MODE_MONITOR;
6079 		break;
6080 #endif
6081 	default:
6082 	case 0:
6083 		priv->ieee->iw_mode = IW_MODE_INFRA;
6084 		break;
6085 	}
6086 
6087 	if (disable == 1)
6088 		priv->status |= STATUS_RF_KILL_SW;
6089 
6090 	if (channel != 0 &&
6091 	    ((channel >= REG_MIN_CHANNEL) && (channel <= REG_MAX_CHANNEL))) {
6092 		priv->config |= CFG_STATIC_CHANNEL;
6093 		priv->channel = channel;
6094 	}
6095 
6096 	if (associate)
6097 		priv->config |= CFG_ASSOCIATE;
6098 
6099 	priv->beacon_interval = DEFAULT_BEACON_INTERVAL;
6100 	priv->short_retry_limit = DEFAULT_SHORT_RETRY_LIMIT;
6101 	priv->long_retry_limit = DEFAULT_LONG_RETRY_LIMIT;
6102 	priv->rts_threshold = DEFAULT_RTS_THRESHOLD | RTS_DISABLED;
6103 	priv->frag_threshold = DEFAULT_FTS | FRAG_DISABLED;
6104 	priv->tx_power = IPW_TX_POWER_DEFAULT;
6105 	priv->tx_rates = DEFAULT_TX_RATES;
6106 
6107 	strcpy(priv->nick, "ipw2100");
6108 
6109 	spin_lock_init(&priv->low_lock);
6110 	mutex_init(&priv->action_mutex);
6111 	mutex_init(&priv->adapter_mutex);
6112 
6113 	init_waitqueue_head(&priv->wait_command_queue);
6114 
6115 	netif_carrier_off(dev);
6116 
6117 	INIT_LIST_HEAD(&priv->msg_free_list);
6118 	INIT_LIST_HEAD(&priv->msg_pend_list);
6119 	INIT_STAT(&priv->msg_free_stat);
6120 	INIT_STAT(&priv->msg_pend_stat);
6121 
6122 	INIT_LIST_HEAD(&priv->tx_free_list);
6123 	INIT_LIST_HEAD(&priv->tx_pend_list);
6124 	INIT_STAT(&priv->tx_free_stat);
6125 	INIT_STAT(&priv->tx_pend_stat);
6126 
6127 	INIT_LIST_HEAD(&priv->fw_pend_list);
6128 	INIT_STAT(&priv->fw_pend_stat);
6129 
6130 	INIT_DELAYED_WORK(&priv->reset_work, ipw2100_reset_adapter);
6131 	INIT_DELAYED_WORK(&priv->security_work, ipw2100_security_work);
6132 	INIT_DELAYED_WORK(&priv->wx_event_work, ipw2100_wx_event_work);
6133 	INIT_DELAYED_WORK(&priv->hang_check, ipw2100_hang_check);
6134 	INIT_DELAYED_WORK(&priv->rf_kill, ipw2100_rf_kill);
6135 	INIT_DELAYED_WORK(&priv->scan_event, ipw2100_scan_event);
6136 
6137 	tasklet_setup(&priv->irq_tasklet, ipw2100_irq_tasklet);
6138 
6139 	/* NOTE:  We do not start the deferred work for status checks yet */
6140 	priv->stop_rf_kill = 1;
6141 	priv->stop_hang_check = 1;
6142 
6143 	return dev;
6144 }
6145 
6146 static int ipw2100_pci_init_one(struct pci_dev *pci_dev,
6147 				const struct pci_device_id *ent)
6148 {
6149 	void __iomem *ioaddr;
6150 	struct net_device *dev = NULL;
6151 	struct ipw2100_priv *priv = NULL;
6152 	int err = 0;
6153 	int registered = 0;
6154 	u32 val;
6155 
6156 	IPW_DEBUG_INFO("enter\n");
6157 
6158 	if (!(pci_resource_flags(pci_dev, 0) & IORESOURCE_MEM)) {
6159 		IPW_DEBUG_INFO("weird - resource type is not memory\n");
6160 		err = -ENODEV;
6161 		goto out;
6162 	}
6163 
6164 	ioaddr = pci_iomap(pci_dev, 0, 0);
6165 	if (!ioaddr) {
6166 		printk(KERN_WARNING DRV_NAME
6167 		       "Error calling ioremap.\n");
6168 		err = -EIO;
6169 		goto fail;
6170 	}
6171 
6172 	/* allocate and initialize our net_device */
6173 	dev = ipw2100_alloc_device(pci_dev, ioaddr);
6174 	if (!dev) {
6175 		printk(KERN_WARNING DRV_NAME
6176 		       "Error calling ipw2100_alloc_device.\n");
6177 		err = -ENOMEM;
6178 		goto fail;
6179 	}
6180 
6181 	/* set up PCI mappings for device */
6182 	err = pci_enable_device(pci_dev);
6183 	if (err) {
6184 		printk(KERN_WARNING DRV_NAME
6185 		       "Error calling pci_enable_device.\n");
6186 		return err;
6187 	}
6188 
6189 	priv = libipw_priv(dev);
6190 
6191 	pci_set_master(pci_dev);
6192 	pci_set_drvdata(pci_dev, priv);
6193 
6194 	err = dma_set_mask(&pci_dev->dev, DMA_BIT_MASK(32));
6195 	if (err) {
6196 		printk(KERN_WARNING DRV_NAME
6197 		       "Error calling pci_set_dma_mask.\n");
6198 		pci_disable_device(pci_dev);
6199 		return err;
6200 	}
6201 
6202 	err = pci_request_regions(pci_dev, DRV_NAME);
6203 	if (err) {
6204 		printk(KERN_WARNING DRV_NAME
6205 		       "Error calling pci_request_regions.\n");
6206 		pci_disable_device(pci_dev);
6207 		return err;
6208 	}
6209 
6210 	/* We disable the RETRY_TIMEOUT register (0x41) to keep
6211 	 * PCI Tx retries from interfering with C3 CPU state */
6212 	pci_read_config_dword(pci_dev, 0x40, &val);
6213 	if ((val & 0x0000ff00) != 0)
6214 		pci_write_config_dword(pci_dev, 0x40, val & 0xffff00ff);
6215 
6216 	if (!ipw2100_hw_is_adapter_in_system(dev)) {
6217 		printk(KERN_WARNING DRV_NAME
6218 		       "Device not found via register read.\n");
6219 		err = -ENODEV;
6220 		goto fail;
6221 	}
6222 
6223 	SET_NETDEV_DEV(dev, &pci_dev->dev);
6224 
6225 	/* Force interrupts to be shut off on the device */
6226 	priv->status |= STATUS_INT_ENABLED;
6227 	ipw2100_disable_interrupts(priv);
6228 
6229 	/* Allocate and initialize the Tx/Rx queues and lists */
6230 	if (ipw2100_queues_allocate(priv)) {
6231 		printk(KERN_WARNING DRV_NAME
6232 		       "Error calling ipw2100_queues_allocate.\n");
6233 		err = -ENOMEM;
6234 		goto fail;
6235 	}
6236 	ipw2100_queues_initialize(priv);
6237 
6238 	err = request_irq(pci_dev->irq,
6239 			  ipw2100_interrupt, IRQF_SHARED, dev->name, priv);
6240 	if (err) {
6241 		printk(KERN_WARNING DRV_NAME
6242 		       "Error calling request_irq: %d.\n", pci_dev->irq);
6243 		goto fail;
6244 	}
6245 	dev->irq = pci_dev->irq;
6246 
6247 	IPW_DEBUG_INFO("Attempting to register device...\n");
6248 
6249 	printk(KERN_INFO DRV_NAME
6250 	       ": Detected Intel PRO/Wireless 2100 Network Connection\n");
6251 
6252 	err = ipw2100_up(priv, 1);
6253 	if (err)
6254 		goto fail;
6255 
6256 	err = ipw2100_wdev_init(dev);
6257 	if (err)
6258 		goto fail;
6259 	registered = 1;
6260 
6261 	/* Bring up the interface.  Pre 0.46, after we registered the
6262 	 * network device we would call ipw2100_up.  This introduced a race
6263 	 * condition with newer hotplug configurations (network was coming
6264 	 * up and making calls before the device was initialized).
6265 	 */
6266 	err = register_netdev(dev);
6267 	if (err) {
6268 		printk(KERN_WARNING DRV_NAME
6269 		       "Error calling register_netdev.\n");
6270 		goto fail;
6271 	}
6272 	registered = 2;
6273 
6274 	mutex_lock(&priv->action_mutex);
6275 
6276 	IPW_DEBUG_INFO("%s: Bound to %s\n", dev->name, pci_name(pci_dev));
6277 
6278 	/* perform this after register_netdev so that dev->name is set */
6279 	err = sysfs_create_group(&pci_dev->dev.kobj, &ipw2100_attribute_group);
6280 	if (err)
6281 		goto fail_unlock;
6282 
6283 	/* If the RF Kill switch is disabled, go ahead and complete the
6284 	 * startup sequence */
6285 	if (!(priv->status & STATUS_RF_KILL_MASK)) {
6286 		/* Enable the adapter - sends HOST_COMPLETE */
6287 		if (ipw2100_enable_adapter(priv)) {
6288 			printk(KERN_WARNING DRV_NAME
6289 			       ": %s: failed in call to enable adapter.\n",
6290 			       priv->net_dev->name);
6291 			ipw2100_hw_stop_adapter(priv);
6292 			err = -EIO;
6293 			goto fail_unlock;
6294 		}
6295 
6296 		/* Start a scan . . . */
6297 		ipw2100_set_scan_options(priv);
6298 		ipw2100_start_scan(priv);
6299 	}
6300 
6301 	IPW_DEBUG_INFO("exit\n");
6302 
6303 	priv->status |= STATUS_INITIALIZED;
6304 
6305 	mutex_unlock(&priv->action_mutex);
6306 out:
6307 	return err;
6308 
6309       fail_unlock:
6310 	mutex_unlock(&priv->action_mutex);
6311       fail:
6312 	if (dev) {
6313 		if (registered >= 2)
6314 			unregister_netdev(dev);
6315 
6316 		if (registered) {
6317 			wiphy_unregister(priv->ieee->wdev.wiphy);
6318 			kfree(priv->ieee->bg_band.channels);
6319 		}
6320 
6321 		ipw2100_hw_stop_adapter(priv);
6322 
6323 		ipw2100_disable_interrupts(priv);
6324 
6325 		if (dev->irq)
6326 			free_irq(dev->irq, priv);
6327 
6328 		ipw2100_kill_works(priv);
6329 
6330 		/* These are safe to call even if they weren't allocated */
6331 		ipw2100_queues_free(priv);
6332 		sysfs_remove_group(&pci_dev->dev.kobj,
6333 				   &ipw2100_attribute_group);
6334 
6335 		free_libipw(dev, 0);
6336 	}
6337 
6338 	pci_iounmap(pci_dev, ioaddr);
6339 
6340 	pci_release_regions(pci_dev);
6341 	pci_disable_device(pci_dev);
6342 	goto out;
6343 }
6344 
6345 static void ipw2100_pci_remove_one(struct pci_dev *pci_dev)
6346 {
6347 	struct ipw2100_priv *priv = pci_get_drvdata(pci_dev);
6348 	struct net_device *dev = priv->net_dev;
6349 
6350 	mutex_lock(&priv->action_mutex);
6351 
6352 	priv->status &= ~STATUS_INITIALIZED;
6353 
6354 	sysfs_remove_group(&pci_dev->dev.kobj, &ipw2100_attribute_group);
6355 
6356 #ifdef CONFIG_PM
6357 	if (ipw2100_firmware.version)
6358 		ipw2100_release_firmware(priv, &ipw2100_firmware);
6359 #endif
6360 	/* Take down the hardware */
6361 	ipw2100_down(priv);
6362 
6363 	/* Release the mutex so that the network subsystem can
6364 	 * complete any needed calls into the driver... */
6365 	mutex_unlock(&priv->action_mutex);
6366 
6367 	/* Unregister the device first - this results in close()
6368 	 * being called if the device is open.  If we free storage
6369 	 * first, then close() will crash.
6370 	 * FIXME: remove the comment above. */
6371 	unregister_netdev(dev);
6372 
6373 	ipw2100_kill_works(priv);
6374 
6375 	ipw2100_queues_free(priv);
6376 
6377 	/* Free potential debugging firmware snapshot */
6378 	ipw2100_snapshot_free(priv);
6379 
6380 	free_irq(dev->irq, priv);
6381 
6382 	pci_iounmap(pci_dev, priv->ioaddr);
6383 
6384 	/* wiphy_unregister needs to be here, before free_libipw */
6385 	wiphy_unregister(priv->ieee->wdev.wiphy);
6386 	kfree(priv->ieee->bg_band.channels);
6387 	free_libipw(dev, 0);
6388 
6389 	pci_release_regions(pci_dev);
6390 	pci_disable_device(pci_dev);
6391 
6392 	IPW_DEBUG_INFO("exit\n");
6393 }
6394 
6395 static int __maybe_unused ipw2100_suspend(struct device *dev_d)
6396 {
6397 	struct ipw2100_priv *priv = dev_get_drvdata(dev_d);
6398 	struct net_device *dev = priv->net_dev;
6399 
6400 	IPW_DEBUG_INFO("%s: Going into suspend...\n", dev->name);
6401 
6402 	mutex_lock(&priv->action_mutex);
6403 	if (priv->status & STATUS_INITIALIZED) {
6404 		/* Take down the device; powers it off, etc. */
6405 		ipw2100_down(priv);
6406 	}
6407 
6408 	/* Remove the PRESENT state of the device */
6409 	netif_device_detach(dev);
6410 
6411 	priv->suspend_at = ktime_get_boottime_seconds();
6412 
6413 	mutex_unlock(&priv->action_mutex);
6414 
6415 	return 0;
6416 }
6417 
6418 static int __maybe_unused ipw2100_resume(struct device *dev_d)
6419 {
6420 	struct pci_dev *pci_dev = to_pci_dev(dev_d);
6421 	struct ipw2100_priv *priv = pci_get_drvdata(pci_dev);
6422 	struct net_device *dev = priv->net_dev;
6423 	u32 val;
6424 
6425 	if (IPW2100_PM_DISABLED)
6426 		return 0;
6427 
6428 	mutex_lock(&priv->action_mutex);
6429 
6430 	IPW_DEBUG_INFO("%s: Coming out of suspend...\n", dev->name);
6431 
6432 	/*
6433 	 * Suspend/Resume resets the PCI configuration space, so we have to
6434 	 * re-disable the RETRY_TIMEOUT register (0x41) to keep PCI Tx retries
6435 	 * from interfering with C3 CPU state. pci_restore_state won't help
6436 	 * here since it only restores the first 64 bytes pci config header.
6437 	 */
6438 	pci_read_config_dword(pci_dev, 0x40, &val);
6439 	if ((val & 0x0000ff00) != 0)
6440 		pci_write_config_dword(pci_dev, 0x40, val & 0xffff00ff);
6441 
6442 	/* Set the device back into the PRESENT state; this will also wake
6443 	 * the queue of needed */
6444 	netif_device_attach(dev);
6445 
6446 	priv->suspend_time = ktime_get_boottime_seconds() - priv->suspend_at;
6447 
6448 	/* Bring the device back up */
6449 	if (!(priv->status & STATUS_RF_KILL_SW))
6450 		ipw2100_up(priv, 0);
6451 
6452 	mutex_unlock(&priv->action_mutex);
6453 
6454 	return 0;
6455 }
6456 
6457 static void ipw2100_shutdown(struct pci_dev *pci_dev)
6458 {
6459 	struct ipw2100_priv *priv = pci_get_drvdata(pci_dev);
6460 
6461 	/* Take down the device; powers it off, etc. */
6462 	ipw2100_down(priv);
6463 
6464 	pci_disable_device(pci_dev);
6465 }
6466 
6467 #define IPW2100_DEV_ID(x) { PCI_VENDOR_ID_INTEL, 0x1043, 0x8086, x }
6468 
6469 static const struct pci_device_id ipw2100_pci_id_table[] = {
6470 	IPW2100_DEV_ID(0x2520),	/* IN 2100A mPCI 3A */
6471 	IPW2100_DEV_ID(0x2521),	/* IN 2100A mPCI 3B */
6472 	IPW2100_DEV_ID(0x2524),	/* IN 2100A mPCI 3B */
6473 	IPW2100_DEV_ID(0x2525),	/* IN 2100A mPCI 3B */
6474 	IPW2100_DEV_ID(0x2526),	/* IN 2100A mPCI Gen A3 */
6475 	IPW2100_DEV_ID(0x2522),	/* IN 2100 mPCI 3B */
6476 	IPW2100_DEV_ID(0x2523),	/* IN 2100 mPCI 3A */
6477 	IPW2100_DEV_ID(0x2527),	/* IN 2100 mPCI 3B */
6478 	IPW2100_DEV_ID(0x2528),	/* IN 2100 mPCI 3B */
6479 	IPW2100_DEV_ID(0x2529),	/* IN 2100 mPCI 3B */
6480 	IPW2100_DEV_ID(0x252B),	/* IN 2100 mPCI 3A */
6481 	IPW2100_DEV_ID(0x252C),	/* IN 2100 mPCI 3A */
6482 	IPW2100_DEV_ID(0x252D),	/* IN 2100 mPCI 3A */
6483 
6484 	IPW2100_DEV_ID(0x2550),	/* IB 2100A mPCI 3B */
6485 	IPW2100_DEV_ID(0x2551),	/* IB 2100 mPCI 3B */
6486 	IPW2100_DEV_ID(0x2553),	/* IB 2100 mPCI 3B */
6487 	IPW2100_DEV_ID(0x2554),	/* IB 2100 mPCI 3B */
6488 	IPW2100_DEV_ID(0x2555),	/* IB 2100 mPCI 3B */
6489 
6490 	IPW2100_DEV_ID(0x2560),	/* DE 2100A mPCI 3A */
6491 	IPW2100_DEV_ID(0x2562),	/* DE 2100A mPCI 3A */
6492 	IPW2100_DEV_ID(0x2563),	/* DE 2100A mPCI 3A */
6493 	IPW2100_DEV_ID(0x2561),	/* DE 2100 mPCI 3A */
6494 	IPW2100_DEV_ID(0x2565),	/* DE 2100 mPCI 3A */
6495 	IPW2100_DEV_ID(0x2566),	/* DE 2100 mPCI 3A */
6496 	IPW2100_DEV_ID(0x2567),	/* DE 2100 mPCI 3A */
6497 
6498 	IPW2100_DEV_ID(0x2570),	/* GA 2100 mPCI 3B */
6499 
6500 	IPW2100_DEV_ID(0x2580),	/* TO 2100A mPCI 3B */
6501 	IPW2100_DEV_ID(0x2582),	/* TO 2100A mPCI 3B */
6502 	IPW2100_DEV_ID(0x2583),	/* TO 2100A mPCI 3B */
6503 	IPW2100_DEV_ID(0x2581),	/* TO 2100 mPCI 3B */
6504 	IPW2100_DEV_ID(0x2585),	/* TO 2100 mPCI 3B */
6505 	IPW2100_DEV_ID(0x2586),	/* TO 2100 mPCI 3B */
6506 	IPW2100_DEV_ID(0x2587),	/* TO 2100 mPCI 3B */
6507 
6508 	IPW2100_DEV_ID(0x2590),	/* SO 2100A mPCI 3B */
6509 	IPW2100_DEV_ID(0x2592),	/* SO 2100A mPCI 3B */
6510 	IPW2100_DEV_ID(0x2591),	/* SO 2100 mPCI 3B */
6511 	IPW2100_DEV_ID(0x2593),	/* SO 2100 mPCI 3B */
6512 	IPW2100_DEV_ID(0x2596),	/* SO 2100 mPCI 3B */
6513 	IPW2100_DEV_ID(0x2598),	/* SO 2100 mPCI 3B */
6514 
6515 	IPW2100_DEV_ID(0x25A0),	/* HP 2100 mPCI 3B */
6516 	{0,},
6517 };
6518 
6519 MODULE_DEVICE_TABLE(pci, ipw2100_pci_id_table);
6520 
6521 static SIMPLE_DEV_PM_OPS(ipw2100_pm_ops, ipw2100_suspend, ipw2100_resume);
6522 
6523 static struct pci_driver ipw2100_pci_driver = {
6524 	.name = DRV_NAME,
6525 	.id_table = ipw2100_pci_id_table,
6526 	.probe = ipw2100_pci_init_one,
6527 	.remove = ipw2100_pci_remove_one,
6528 	.driver.pm = &ipw2100_pm_ops,
6529 	.shutdown = ipw2100_shutdown,
6530 };
6531 
6532 /**
6533  * Initialize the ipw2100 driver/module
6534  *
6535  * @returns 0 if ok, < 0 errno node con error.
6536  *
6537  * Note: we cannot init the /proc stuff until the PCI driver is there,
6538  * or we risk an unlikely race condition on someone accessing
6539  * uninitialized data in the PCI dev struct through /proc.
6540  */
6541 static int __init ipw2100_init(void)
6542 {
6543 	int ret;
6544 
6545 	printk(KERN_INFO DRV_NAME ": %s, %s\n", DRV_DESCRIPTION, DRV_VERSION);
6546 	printk(KERN_INFO DRV_NAME ": %s\n", DRV_COPYRIGHT);
6547 
6548 	cpu_latency_qos_add_request(&ipw2100_pm_qos_req, PM_QOS_DEFAULT_VALUE);
6549 
6550 	ret = pci_register_driver(&ipw2100_pci_driver);
6551 	if (ret)
6552 		goto out;
6553 
6554 #ifdef CONFIG_IPW2100_DEBUG
6555 	ipw2100_debug_level = debug;
6556 	ret = driver_create_file(&ipw2100_pci_driver.driver,
6557 				 &driver_attr_debug_level);
6558 #endif
6559 
6560 out:
6561 	return ret;
6562 }
6563 
6564 /**
6565  * Cleanup ipw2100 driver registration
6566  */
6567 static void __exit ipw2100_exit(void)
6568 {
6569 	/* FIXME: IPG: check that we have no instances of the devices open */
6570 #ifdef CONFIG_IPW2100_DEBUG
6571 	driver_remove_file(&ipw2100_pci_driver.driver,
6572 			   &driver_attr_debug_level);
6573 #endif
6574 	pci_unregister_driver(&ipw2100_pci_driver);
6575 	cpu_latency_qos_remove_request(&ipw2100_pm_qos_req);
6576 }
6577 
6578 module_init(ipw2100_init);
6579 module_exit(ipw2100_exit);
6580 
6581 static int ipw2100_wx_get_name(struct net_device *dev,
6582 			       struct iw_request_info *info,
6583 			       union iwreq_data *wrqu, char *extra)
6584 {
6585 	/*
6586 	 * This can be called at any time.  No action lock required
6587 	 */
6588 
6589 	struct ipw2100_priv *priv = libipw_priv(dev);
6590 	if (!(priv->status & STATUS_ASSOCIATED))
6591 		strcpy(wrqu->name, "unassociated");
6592 	else
6593 		snprintf(wrqu->name, IFNAMSIZ, "IEEE 802.11b");
6594 
6595 	IPW_DEBUG_WX("Name: %s\n", wrqu->name);
6596 	return 0;
6597 }
6598 
6599 static int ipw2100_wx_set_freq(struct net_device *dev,
6600 			       struct iw_request_info *info,
6601 			       union iwreq_data *wrqu, char *extra)
6602 {
6603 	struct ipw2100_priv *priv = libipw_priv(dev);
6604 	struct iw_freq *fwrq = &wrqu->freq;
6605 	int err = 0;
6606 
6607 	if (priv->ieee->iw_mode == IW_MODE_INFRA)
6608 		return -EOPNOTSUPP;
6609 
6610 	mutex_lock(&priv->action_mutex);
6611 	if (!(priv->status & STATUS_INITIALIZED)) {
6612 		err = -EIO;
6613 		goto done;
6614 	}
6615 
6616 	/* if setting by freq convert to channel */
6617 	if (fwrq->e == 1) {
6618 		if ((fwrq->m >= (int)2.412e8 && fwrq->m <= (int)2.487e8)) {
6619 			int f = fwrq->m / 100000;
6620 			int c = 0;
6621 
6622 			while ((c < REG_MAX_CHANNEL) &&
6623 			       (f != ipw2100_frequencies[c]))
6624 				c++;
6625 
6626 			/* hack to fall through */
6627 			fwrq->e = 0;
6628 			fwrq->m = c + 1;
6629 		}
6630 	}
6631 
6632 	if (fwrq->e > 0 || fwrq->m > 1000) {
6633 		err = -EOPNOTSUPP;
6634 		goto done;
6635 	} else {		/* Set the channel */
6636 		IPW_DEBUG_WX("SET Freq/Channel -> %d\n", fwrq->m);
6637 		err = ipw2100_set_channel(priv, fwrq->m, 0);
6638 	}
6639 
6640       done:
6641 	mutex_unlock(&priv->action_mutex);
6642 	return err;
6643 }
6644 
6645 static int ipw2100_wx_get_freq(struct net_device *dev,
6646 			       struct iw_request_info *info,
6647 			       union iwreq_data *wrqu, char *extra)
6648 {
6649 	/*
6650 	 * This can be called at any time.  No action lock required
6651 	 */
6652 
6653 	struct ipw2100_priv *priv = libipw_priv(dev);
6654 
6655 	wrqu->freq.e = 0;
6656 
6657 	/* If we are associated, trying to associate, or have a statically
6658 	 * configured CHANNEL then return that; otherwise return ANY */
6659 	if (priv->config & CFG_STATIC_CHANNEL ||
6660 	    priv->status & STATUS_ASSOCIATED)
6661 		wrqu->freq.m = priv->channel;
6662 	else
6663 		wrqu->freq.m = 0;
6664 
6665 	IPW_DEBUG_WX("GET Freq/Channel -> %d\n", priv->channel);
6666 	return 0;
6667 
6668 }
6669 
6670 static int ipw2100_wx_set_mode(struct net_device *dev,
6671 			       struct iw_request_info *info,
6672 			       union iwreq_data *wrqu, char *extra)
6673 {
6674 	struct ipw2100_priv *priv = libipw_priv(dev);
6675 	int err = 0;
6676 
6677 	IPW_DEBUG_WX("SET Mode -> %d\n", wrqu->mode);
6678 
6679 	if (wrqu->mode == priv->ieee->iw_mode)
6680 		return 0;
6681 
6682 	mutex_lock(&priv->action_mutex);
6683 	if (!(priv->status & STATUS_INITIALIZED)) {
6684 		err = -EIO;
6685 		goto done;
6686 	}
6687 
6688 	switch (wrqu->mode) {
6689 #ifdef CONFIG_IPW2100_MONITOR
6690 	case IW_MODE_MONITOR:
6691 		err = ipw2100_switch_mode(priv, IW_MODE_MONITOR);
6692 		break;
6693 #endif				/* CONFIG_IPW2100_MONITOR */
6694 	case IW_MODE_ADHOC:
6695 		err = ipw2100_switch_mode(priv, IW_MODE_ADHOC);
6696 		break;
6697 	case IW_MODE_INFRA:
6698 	case IW_MODE_AUTO:
6699 	default:
6700 		err = ipw2100_switch_mode(priv, IW_MODE_INFRA);
6701 		break;
6702 	}
6703 
6704       done:
6705 	mutex_unlock(&priv->action_mutex);
6706 	return err;
6707 }
6708 
6709 static int ipw2100_wx_get_mode(struct net_device *dev,
6710 			       struct iw_request_info *info,
6711 			       union iwreq_data *wrqu, char *extra)
6712 {
6713 	/*
6714 	 * This can be called at any time.  No action lock required
6715 	 */
6716 
6717 	struct ipw2100_priv *priv = libipw_priv(dev);
6718 
6719 	wrqu->mode = priv->ieee->iw_mode;
6720 	IPW_DEBUG_WX("GET Mode -> %d\n", wrqu->mode);
6721 
6722 	return 0;
6723 }
6724 
6725 #define POWER_MODES 5
6726 
6727 /* Values are in microsecond */
6728 static const s32 timeout_duration[POWER_MODES] = {
6729 	350000,
6730 	250000,
6731 	75000,
6732 	37000,
6733 	25000,
6734 };
6735 
6736 static const s32 period_duration[POWER_MODES] = {
6737 	400000,
6738 	700000,
6739 	1000000,
6740 	1000000,
6741 	1000000
6742 };
6743 
6744 static int ipw2100_wx_get_range(struct net_device *dev,
6745 				struct iw_request_info *info,
6746 				union iwreq_data *wrqu, char *extra)
6747 {
6748 	/*
6749 	 * This can be called at any time.  No action lock required
6750 	 */
6751 
6752 	struct ipw2100_priv *priv = libipw_priv(dev);
6753 	struct iw_range *range = (struct iw_range *)extra;
6754 	u16 val;
6755 	int i, level;
6756 
6757 	wrqu->data.length = sizeof(*range);
6758 	memset(range, 0, sizeof(*range));
6759 
6760 	/* Let's try to keep this struct in the same order as in
6761 	 * linux/include/wireless.h
6762 	 */
6763 
6764 	/* TODO: See what values we can set, and remove the ones we can't
6765 	 * set, or fill them with some default data.
6766 	 */
6767 
6768 	/* ~5 Mb/s real (802.11b) */
6769 	range->throughput = 5 * 1000 * 1000;
6770 
6771 //      range->sensitivity;     /* signal level threshold range */
6772 
6773 	range->max_qual.qual = 100;
6774 	/* TODO: Find real max RSSI and stick here */
6775 	range->max_qual.level = 0;
6776 	range->max_qual.noise = 0;
6777 	range->max_qual.updated = 7;	/* Updated all three */
6778 
6779 	range->avg_qual.qual = 70;	/* > 8% missed beacons is 'bad' */
6780 	/* TODO: Find real 'good' to 'bad' threshold value for RSSI */
6781 	range->avg_qual.level = 20 + IPW2100_RSSI_TO_DBM;
6782 	range->avg_qual.noise = 0;
6783 	range->avg_qual.updated = 7;	/* Updated all three */
6784 
6785 	range->num_bitrates = RATE_COUNT;
6786 
6787 	for (i = 0; i < RATE_COUNT && i < IW_MAX_BITRATES; i++) {
6788 		range->bitrate[i] = ipw2100_bg_rates[i].bitrate * 100 * 1000;
6789 	}
6790 
6791 	range->min_rts = MIN_RTS_THRESHOLD;
6792 	range->max_rts = MAX_RTS_THRESHOLD;
6793 	range->min_frag = MIN_FRAG_THRESHOLD;
6794 	range->max_frag = MAX_FRAG_THRESHOLD;
6795 
6796 	range->min_pmp = period_duration[0];	/* Minimal PM period */
6797 	range->max_pmp = period_duration[POWER_MODES - 1];	/* Maximal PM period */
6798 	range->min_pmt = timeout_duration[POWER_MODES - 1];	/* Minimal PM timeout */
6799 	range->max_pmt = timeout_duration[0];	/* Maximal PM timeout */
6800 
6801 	/* How to decode max/min PM period */
6802 	range->pmp_flags = IW_POWER_PERIOD;
6803 	/* How to decode max/min PM period */
6804 	range->pmt_flags = IW_POWER_TIMEOUT;
6805 	/* What PM options are supported */
6806 	range->pm_capa = IW_POWER_TIMEOUT | IW_POWER_PERIOD;
6807 
6808 	range->encoding_size[0] = 5;
6809 	range->encoding_size[1] = 13;	/* Different token sizes */
6810 	range->num_encoding_sizes = 2;	/* Number of entry in the list */
6811 	range->max_encoding_tokens = WEP_KEYS;	/* Max number of tokens */
6812 //      range->encoding_login_index;            /* token index for login token */
6813 
6814 	if (priv->ieee->iw_mode == IW_MODE_ADHOC) {
6815 		range->txpower_capa = IW_TXPOW_DBM;
6816 		range->num_txpower = IW_MAX_TXPOWER;
6817 		for (i = 0, level = (IPW_TX_POWER_MAX_DBM * 16);
6818 		     i < IW_MAX_TXPOWER;
6819 		     i++, level -=
6820 		     ((IPW_TX_POWER_MAX_DBM -
6821 		       IPW_TX_POWER_MIN_DBM) * 16) / (IW_MAX_TXPOWER - 1))
6822 			range->txpower[i] = level / 16;
6823 	} else {
6824 		range->txpower_capa = 0;
6825 		range->num_txpower = 0;
6826 	}
6827 
6828 	/* Set the Wireless Extension versions */
6829 	range->we_version_compiled = WIRELESS_EXT;
6830 	range->we_version_source = 18;
6831 
6832 //      range->retry_capa;      /* What retry options are supported */
6833 //      range->retry_flags;     /* How to decode max/min retry limit */
6834 //      range->r_time_flags;    /* How to decode max/min retry life */
6835 //      range->min_retry;       /* Minimal number of retries */
6836 //      range->max_retry;       /* Maximal number of retries */
6837 //      range->min_r_time;      /* Minimal retry lifetime */
6838 //      range->max_r_time;      /* Maximal retry lifetime */
6839 
6840 	range->num_channels = FREQ_COUNT;
6841 
6842 	val = 0;
6843 	for (i = 0; i < FREQ_COUNT; i++) {
6844 		// TODO: Include only legal frequencies for some countries
6845 //              if (local->channel_mask & (1 << i)) {
6846 		range->freq[val].i = i + 1;
6847 		range->freq[val].m = ipw2100_frequencies[i] * 100000;
6848 		range->freq[val].e = 1;
6849 		val++;
6850 //              }
6851 		if (val == IW_MAX_FREQUENCIES)
6852 			break;
6853 	}
6854 	range->num_frequency = val;
6855 
6856 	/* Event capability (kernel + driver) */
6857 	range->event_capa[0] = (IW_EVENT_CAPA_K_0 |
6858 				IW_EVENT_CAPA_MASK(SIOCGIWAP));
6859 	range->event_capa[1] = IW_EVENT_CAPA_K_1;
6860 
6861 	range->enc_capa = IW_ENC_CAPA_WPA | IW_ENC_CAPA_WPA2 |
6862 		IW_ENC_CAPA_CIPHER_TKIP | IW_ENC_CAPA_CIPHER_CCMP;
6863 
6864 	IPW_DEBUG_WX("GET Range\n");
6865 
6866 	return 0;
6867 }
6868 
6869 static int ipw2100_wx_set_wap(struct net_device *dev,
6870 			      struct iw_request_info *info,
6871 			      union iwreq_data *wrqu, char *extra)
6872 {
6873 	struct ipw2100_priv *priv = libipw_priv(dev);
6874 	int err = 0;
6875 
6876 	// sanity checks
6877 	if (wrqu->ap_addr.sa_family != ARPHRD_ETHER)
6878 		return -EINVAL;
6879 
6880 	mutex_lock(&priv->action_mutex);
6881 	if (!(priv->status & STATUS_INITIALIZED)) {
6882 		err = -EIO;
6883 		goto done;
6884 	}
6885 
6886 	if (is_broadcast_ether_addr(wrqu->ap_addr.sa_data) ||
6887 	    is_zero_ether_addr(wrqu->ap_addr.sa_data)) {
6888 		/* we disable mandatory BSSID association */
6889 		IPW_DEBUG_WX("exit - disable mandatory BSSID\n");
6890 		priv->config &= ~CFG_STATIC_BSSID;
6891 		err = ipw2100_set_mandatory_bssid(priv, NULL, 0);
6892 		goto done;
6893 	}
6894 
6895 	priv->config |= CFG_STATIC_BSSID;
6896 	memcpy(priv->mandatory_bssid_mac, wrqu->ap_addr.sa_data, ETH_ALEN);
6897 
6898 	err = ipw2100_set_mandatory_bssid(priv, wrqu->ap_addr.sa_data, 0);
6899 
6900 	IPW_DEBUG_WX("SET BSSID -> %pM\n", wrqu->ap_addr.sa_data);
6901 
6902       done:
6903 	mutex_unlock(&priv->action_mutex);
6904 	return err;
6905 }
6906 
6907 static int ipw2100_wx_get_wap(struct net_device *dev,
6908 			      struct iw_request_info *info,
6909 			      union iwreq_data *wrqu, char *extra)
6910 {
6911 	/*
6912 	 * This can be called at any time.  No action lock required
6913 	 */
6914 
6915 	struct ipw2100_priv *priv = libipw_priv(dev);
6916 
6917 	/* If we are associated, trying to associate, or have a statically
6918 	 * configured BSSID then return that; otherwise return ANY */
6919 	if (priv->config & CFG_STATIC_BSSID || priv->status & STATUS_ASSOCIATED) {
6920 		wrqu->ap_addr.sa_family = ARPHRD_ETHER;
6921 		memcpy(wrqu->ap_addr.sa_data, priv->bssid, ETH_ALEN);
6922 	} else
6923 		eth_zero_addr(wrqu->ap_addr.sa_data);
6924 
6925 	IPW_DEBUG_WX("Getting WAP BSSID: %pM\n", wrqu->ap_addr.sa_data);
6926 	return 0;
6927 }
6928 
6929 static int ipw2100_wx_set_essid(struct net_device *dev,
6930 				struct iw_request_info *info,
6931 				union iwreq_data *wrqu, char *extra)
6932 {
6933 	struct ipw2100_priv *priv = libipw_priv(dev);
6934 	char *essid = "";	/* ANY */
6935 	int length = 0;
6936 	int err = 0;
6937 
6938 	mutex_lock(&priv->action_mutex);
6939 	if (!(priv->status & STATUS_INITIALIZED)) {
6940 		err = -EIO;
6941 		goto done;
6942 	}
6943 
6944 	if (wrqu->essid.flags && wrqu->essid.length) {
6945 		length = wrqu->essid.length;
6946 		essid = extra;
6947 	}
6948 
6949 	if (length == 0) {
6950 		IPW_DEBUG_WX("Setting ESSID to ANY\n");
6951 		priv->config &= ~CFG_STATIC_ESSID;
6952 		err = ipw2100_set_essid(priv, NULL, 0, 0);
6953 		goto done;
6954 	}
6955 
6956 	length = min(length, IW_ESSID_MAX_SIZE);
6957 
6958 	priv->config |= CFG_STATIC_ESSID;
6959 
6960 	if (priv->essid_len == length && !memcmp(priv->essid, extra, length)) {
6961 		IPW_DEBUG_WX("ESSID set to current ESSID.\n");
6962 		err = 0;
6963 		goto done;
6964 	}
6965 
6966 	IPW_DEBUG_WX("Setting ESSID: '%*pE' (%d)\n", length, essid, length);
6967 
6968 	priv->essid_len = length;
6969 	memcpy(priv->essid, essid, priv->essid_len);
6970 
6971 	err = ipw2100_set_essid(priv, essid, length, 0);
6972 
6973       done:
6974 	mutex_unlock(&priv->action_mutex);
6975 	return err;
6976 }
6977 
6978 static int ipw2100_wx_get_essid(struct net_device *dev,
6979 				struct iw_request_info *info,
6980 				union iwreq_data *wrqu, char *extra)
6981 {
6982 	/*
6983 	 * This can be called at any time.  No action lock required
6984 	 */
6985 
6986 	struct ipw2100_priv *priv = libipw_priv(dev);
6987 
6988 	/* If we are associated, trying to associate, or have a statically
6989 	 * configured ESSID then return that; otherwise return ANY */
6990 	if (priv->config & CFG_STATIC_ESSID || priv->status & STATUS_ASSOCIATED) {
6991 		IPW_DEBUG_WX("Getting essid: '%*pE'\n",
6992 			     priv->essid_len, priv->essid);
6993 		memcpy(extra, priv->essid, priv->essid_len);
6994 		wrqu->essid.length = priv->essid_len;
6995 		wrqu->essid.flags = 1;	/* active */
6996 	} else {
6997 		IPW_DEBUG_WX("Getting essid: ANY\n");
6998 		wrqu->essid.length = 0;
6999 		wrqu->essid.flags = 0;	/* active */
7000 	}
7001 
7002 	return 0;
7003 }
7004 
7005 static int ipw2100_wx_set_nick(struct net_device *dev,
7006 			       struct iw_request_info *info,
7007 			       union iwreq_data *wrqu, char *extra)
7008 {
7009 	/*
7010 	 * This can be called at any time.  No action lock required
7011 	 */
7012 
7013 	struct ipw2100_priv *priv = libipw_priv(dev);
7014 
7015 	if (wrqu->data.length > IW_ESSID_MAX_SIZE)
7016 		return -E2BIG;
7017 
7018 	wrqu->data.length = min_t(size_t, wrqu->data.length, sizeof(priv->nick));
7019 	memset(priv->nick, 0, sizeof(priv->nick));
7020 	memcpy(priv->nick, extra, wrqu->data.length);
7021 
7022 	IPW_DEBUG_WX("SET Nickname -> %s\n", priv->nick);
7023 
7024 	return 0;
7025 }
7026 
7027 static int ipw2100_wx_get_nick(struct net_device *dev,
7028 			       struct iw_request_info *info,
7029 			       union iwreq_data *wrqu, char *extra)
7030 {
7031 	/*
7032 	 * This can be called at any time.  No action lock required
7033 	 */
7034 
7035 	struct ipw2100_priv *priv = libipw_priv(dev);
7036 
7037 	wrqu->data.length = strlen(priv->nick);
7038 	memcpy(extra, priv->nick, wrqu->data.length);
7039 	wrqu->data.flags = 1;	/* active */
7040 
7041 	IPW_DEBUG_WX("GET Nickname -> %s\n", extra);
7042 
7043 	return 0;
7044 }
7045 
7046 static int ipw2100_wx_set_rate(struct net_device *dev,
7047 			       struct iw_request_info *info,
7048 			       union iwreq_data *wrqu, char *extra)
7049 {
7050 	struct ipw2100_priv *priv = libipw_priv(dev);
7051 	u32 target_rate = wrqu->bitrate.value;
7052 	u32 rate;
7053 	int err = 0;
7054 
7055 	mutex_lock(&priv->action_mutex);
7056 	if (!(priv->status & STATUS_INITIALIZED)) {
7057 		err = -EIO;
7058 		goto done;
7059 	}
7060 
7061 	rate = 0;
7062 
7063 	if (target_rate == 1000000 ||
7064 	    (!wrqu->bitrate.fixed && target_rate > 1000000))
7065 		rate |= TX_RATE_1_MBIT;
7066 	if (target_rate == 2000000 ||
7067 	    (!wrqu->bitrate.fixed && target_rate > 2000000))
7068 		rate |= TX_RATE_2_MBIT;
7069 	if (target_rate == 5500000 ||
7070 	    (!wrqu->bitrate.fixed && target_rate > 5500000))
7071 		rate |= TX_RATE_5_5_MBIT;
7072 	if (target_rate == 11000000 ||
7073 	    (!wrqu->bitrate.fixed && target_rate > 11000000))
7074 		rate |= TX_RATE_11_MBIT;
7075 	if (rate == 0)
7076 		rate = DEFAULT_TX_RATES;
7077 
7078 	err = ipw2100_set_tx_rates(priv, rate, 0);
7079 
7080 	IPW_DEBUG_WX("SET Rate -> %04X\n", rate);
7081       done:
7082 	mutex_unlock(&priv->action_mutex);
7083 	return err;
7084 }
7085 
7086 static int ipw2100_wx_get_rate(struct net_device *dev,
7087 			       struct iw_request_info *info,
7088 			       union iwreq_data *wrqu, char *extra)
7089 {
7090 	struct ipw2100_priv *priv = libipw_priv(dev);
7091 	int val;
7092 	unsigned int len = sizeof(val);
7093 	int err = 0;
7094 
7095 	if (!(priv->status & STATUS_ENABLED) ||
7096 	    priv->status & STATUS_RF_KILL_MASK ||
7097 	    !(priv->status & STATUS_ASSOCIATED)) {
7098 		wrqu->bitrate.value = 0;
7099 		return 0;
7100 	}
7101 
7102 	mutex_lock(&priv->action_mutex);
7103 	if (!(priv->status & STATUS_INITIALIZED)) {
7104 		err = -EIO;
7105 		goto done;
7106 	}
7107 
7108 	err = ipw2100_get_ordinal(priv, IPW_ORD_CURRENT_TX_RATE, &val, &len);
7109 	if (err) {
7110 		IPW_DEBUG_WX("failed querying ordinals.\n");
7111 		goto done;
7112 	}
7113 
7114 	switch (val & TX_RATE_MASK) {
7115 	case TX_RATE_1_MBIT:
7116 		wrqu->bitrate.value = 1000000;
7117 		break;
7118 	case TX_RATE_2_MBIT:
7119 		wrqu->bitrate.value = 2000000;
7120 		break;
7121 	case TX_RATE_5_5_MBIT:
7122 		wrqu->bitrate.value = 5500000;
7123 		break;
7124 	case TX_RATE_11_MBIT:
7125 		wrqu->bitrate.value = 11000000;
7126 		break;
7127 	default:
7128 		wrqu->bitrate.value = 0;
7129 	}
7130 
7131 	IPW_DEBUG_WX("GET Rate -> %d\n", wrqu->bitrate.value);
7132 
7133       done:
7134 	mutex_unlock(&priv->action_mutex);
7135 	return err;
7136 }
7137 
7138 static int ipw2100_wx_set_rts(struct net_device *dev,
7139 			      struct iw_request_info *info,
7140 			      union iwreq_data *wrqu, char *extra)
7141 {
7142 	struct ipw2100_priv *priv = libipw_priv(dev);
7143 	int value, err;
7144 
7145 	/* Auto RTS not yet supported */
7146 	if (wrqu->rts.fixed == 0)
7147 		return -EINVAL;
7148 
7149 	mutex_lock(&priv->action_mutex);
7150 	if (!(priv->status & STATUS_INITIALIZED)) {
7151 		err = -EIO;
7152 		goto done;
7153 	}
7154 
7155 	if (wrqu->rts.disabled)
7156 		value = priv->rts_threshold | RTS_DISABLED;
7157 	else {
7158 		if (wrqu->rts.value < 1 || wrqu->rts.value > 2304) {
7159 			err = -EINVAL;
7160 			goto done;
7161 		}
7162 		value = wrqu->rts.value;
7163 	}
7164 
7165 	err = ipw2100_set_rts_threshold(priv, value);
7166 
7167 	IPW_DEBUG_WX("SET RTS Threshold -> 0x%08X\n", value);
7168       done:
7169 	mutex_unlock(&priv->action_mutex);
7170 	return err;
7171 }
7172 
7173 static int ipw2100_wx_get_rts(struct net_device *dev,
7174 			      struct iw_request_info *info,
7175 			      union iwreq_data *wrqu, char *extra)
7176 {
7177 	/*
7178 	 * This can be called at any time.  No action lock required
7179 	 */
7180 
7181 	struct ipw2100_priv *priv = libipw_priv(dev);
7182 
7183 	wrqu->rts.value = priv->rts_threshold & ~RTS_DISABLED;
7184 	wrqu->rts.fixed = 1;	/* no auto select */
7185 
7186 	/* If RTS is set to the default value, then it is disabled */
7187 	wrqu->rts.disabled = (priv->rts_threshold & RTS_DISABLED) ? 1 : 0;
7188 
7189 	IPW_DEBUG_WX("GET RTS Threshold -> 0x%08X\n", wrqu->rts.value);
7190 
7191 	return 0;
7192 }
7193 
7194 static int ipw2100_wx_set_txpow(struct net_device *dev,
7195 				struct iw_request_info *info,
7196 				union iwreq_data *wrqu, char *extra)
7197 {
7198 	struct ipw2100_priv *priv = libipw_priv(dev);
7199 	int err = 0, value;
7200 
7201 	if (ipw_radio_kill_sw(priv, wrqu->txpower.disabled))
7202 		return -EINPROGRESS;
7203 
7204 	if (priv->ieee->iw_mode != IW_MODE_ADHOC)
7205 		return 0;
7206 
7207 	if ((wrqu->txpower.flags & IW_TXPOW_TYPE) != IW_TXPOW_DBM)
7208 		return -EINVAL;
7209 
7210 	if (wrqu->txpower.fixed == 0)
7211 		value = IPW_TX_POWER_DEFAULT;
7212 	else {
7213 		if (wrqu->txpower.value < IPW_TX_POWER_MIN_DBM ||
7214 		    wrqu->txpower.value > IPW_TX_POWER_MAX_DBM)
7215 			return -EINVAL;
7216 
7217 		value = wrqu->txpower.value;
7218 	}
7219 
7220 	mutex_lock(&priv->action_mutex);
7221 	if (!(priv->status & STATUS_INITIALIZED)) {
7222 		err = -EIO;
7223 		goto done;
7224 	}
7225 
7226 	err = ipw2100_set_tx_power(priv, value);
7227 
7228 	IPW_DEBUG_WX("SET TX Power -> %d\n", value);
7229 
7230       done:
7231 	mutex_unlock(&priv->action_mutex);
7232 	return err;
7233 }
7234 
7235 static int ipw2100_wx_get_txpow(struct net_device *dev,
7236 				struct iw_request_info *info,
7237 				union iwreq_data *wrqu, char *extra)
7238 {
7239 	/*
7240 	 * This can be called at any time.  No action lock required
7241 	 */
7242 
7243 	struct ipw2100_priv *priv = libipw_priv(dev);
7244 
7245 	wrqu->txpower.disabled = (priv->status & STATUS_RF_KILL_MASK) ? 1 : 0;
7246 
7247 	if (priv->tx_power == IPW_TX_POWER_DEFAULT) {
7248 		wrqu->txpower.fixed = 0;
7249 		wrqu->txpower.value = IPW_TX_POWER_MAX_DBM;
7250 	} else {
7251 		wrqu->txpower.fixed = 1;
7252 		wrqu->txpower.value = priv->tx_power;
7253 	}
7254 
7255 	wrqu->txpower.flags = IW_TXPOW_DBM;
7256 
7257 	IPW_DEBUG_WX("GET TX Power -> %d\n", wrqu->txpower.value);
7258 
7259 	return 0;
7260 }
7261 
7262 static int ipw2100_wx_set_frag(struct net_device *dev,
7263 			       struct iw_request_info *info,
7264 			       union iwreq_data *wrqu, char *extra)
7265 {
7266 	/*
7267 	 * This can be called at any time.  No action lock required
7268 	 */
7269 
7270 	struct ipw2100_priv *priv = libipw_priv(dev);
7271 
7272 	if (!wrqu->frag.fixed)
7273 		return -EINVAL;
7274 
7275 	if (wrqu->frag.disabled) {
7276 		priv->frag_threshold |= FRAG_DISABLED;
7277 		priv->ieee->fts = DEFAULT_FTS;
7278 	} else {
7279 		if (wrqu->frag.value < MIN_FRAG_THRESHOLD ||
7280 		    wrqu->frag.value > MAX_FRAG_THRESHOLD)
7281 			return -EINVAL;
7282 
7283 		priv->ieee->fts = wrqu->frag.value & ~0x1;
7284 		priv->frag_threshold = priv->ieee->fts;
7285 	}
7286 
7287 	IPW_DEBUG_WX("SET Frag Threshold -> %d\n", priv->ieee->fts);
7288 
7289 	return 0;
7290 }
7291 
7292 static int ipw2100_wx_get_frag(struct net_device *dev,
7293 			       struct iw_request_info *info,
7294 			       union iwreq_data *wrqu, char *extra)
7295 {
7296 	/*
7297 	 * This can be called at any time.  No action lock required
7298 	 */
7299 
7300 	struct ipw2100_priv *priv = libipw_priv(dev);
7301 	wrqu->frag.value = priv->frag_threshold & ~FRAG_DISABLED;
7302 	wrqu->frag.fixed = 0;	/* no auto select */
7303 	wrqu->frag.disabled = (priv->frag_threshold & FRAG_DISABLED) ? 1 : 0;
7304 
7305 	IPW_DEBUG_WX("GET Frag Threshold -> %d\n", wrqu->frag.value);
7306 
7307 	return 0;
7308 }
7309 
7310 static int ipw2100_wx_set_retry(struct net_device *dev,
7311 				struct iw_request_info *info,
7312 				union iwreq_data *wrqu, char *extra)
7313 {
7314 	struct ipw2100_priv *priv = libipw_priv(dev);
7315 	int err = 0;
7316 
7317 	if (wrqu->retry.flags & IW_RETRY_LIFETIME || wrqu->retry.disabled)
7318 		return -EINVAL;
7319 
7320 	if (!(wrqu->retry.flags & IW_RETRY_LIMIT))
7321 		return 0;
7322 
7323 	mutex_lock(&priv->action_mutex);
7324 	if (!(priv->status & STATUS_INITIALIZED)) {
7325 		err = -EIO;
7326 		goto done;
7327 	}
7328 
7329 	if (wrqu->retry.flags & IW_RETRY_SHORT) {
7330 		err = ipw2100_set_short_retry(priv, wrqu->retry.value);
7331 		IPW_DEBUG_WX("SET Short Retry Limit -> %d\n",
7332 			     wrqu->retry.value);
7333 		goto done;
7334 	}
7335 
7336 	if (wrqu->retry.flags & IW_RETRY_LONG) {
7337 		err = ipw2100_set_long_retry(priv, wrqu->retry.value);
7338 		IPW_DEBUG_WX("SET Long Retry Limit -> %d\n",
7339 			     wrqu->retry.value);
7340 		goto done;
7341 	}
7342 
7343 	err = ipw2100_set_short_retry(priv, wrqu->retry.value);
7344 	if (!err)
7345 		err = ipw2100_set_long_retry(priv, wrqu->retry.value);
7346 
7347 	IPW_DEBUG_WX("SET Both Retry Limits -> %d\n", wrqu->retry.value);
7348 
7349       done:
7350 	mutex_unlock(&priv->action_mutex);
7351 	return err;
7352 }
7353 
7354 static int ipw2100_wx_get_retry(struct net_device *dev,
7355 				struct iw_request_info *info,
7356 				union iwreq_data *wrqu, char *extra)
7357 {
7358 	/*
7359 	 * This can be called at any time.  No action lock required
7360 	 */
7361 
7362 	struct ipw2100_priv *priv = libipw_priv(dev);
7363 
7364 	wrqu->retry.disabled = 0;	/* can't be disabled */
7365 
7366 	if ((wrqu->retry.flags & IW_RETRY_TYPE) == IW_RETRY_LIFETIME)
7367 		return -EINVAL;
7368 
7369 	if (wrqu->retry.flags & IW_RETRY_LONG) {
7370 		wrqu->retry.flags = IW_RETRY_LIMIT | IW_RETRY_LONG;
7371 		wrqu->retry.value = priv->long_retry_limit;
7372 	} else {
7373 		wrqu->retry.flags =
7374 		    (priv->short_retry_limit !=
7375 		     priv->long_retry_limit) ?
7376 		    IW_RETRY_LIMIT | IW_RETRY_SHORT : IW_RETRY_LIMIT;
7377 
7378 		wrqu->retry.value = priv->short_retry_limit;
7379 	}
7380 
7381 	IPW_DEBUG_WX("GET Retry -> %d\n", wrqu->retry.value);
7382 
7383 	return 0;
7384 }
7385 
7386 static int ipw2100_wx_set_scan(struct net_device *dev,
7387 			       struct iw_request_info *info,
7388 			       union iwreq_data *wrqu, char *extra)
7389 {
7390 	struct ipw2100_priv *priv = libipw_priv(dev);
7391 	int err = 0;
7392 
7393 	mutex_lock(&priv->action_mutex);
7394 	if (!(priv->status & STATUS_INITIALIZED)) {
7395 		err = -EIO;
7396 		goto done;
7397 	}
7398 
7399 	IPW_DEBUG_WX("Initiating scan...\n");
7400 
7401 	priv->user_requested_scan = 1;
7402 	if (ipw2100_set_scan_options(priv) || ipw2100_start_scan(priv)) {
7403 		IPW_DEBUG_WX("Start scan failed.\n");
7404 
7405 		/* TODO: Mark a scan as pending so when hardware initialized
7406 		 *       a scan starts */
7407 	}
7408 
7409       done:
7410 	mutex_unlock(&priv->action_mutex);
7411 	return err;
7412 }
7413 
7414 static int ipw2100_wx_get_scan(struct net_device *dev,
7415 			       struct iw_request_info *info,
7416 			       union iwreq_data *wrqu, char *extra)
7417 {
7418 	/*
7419 	 * This can be called at any time.  No action lock required
7420 	 */
7421 
7422 	struct ipw2100_priv *priv = libipw_priv(dev);
7423 	return libipw_wx_get_scan(priv->ieee, info, wrqu, extra);
7424 }
7425 
7426 /*
7427  * Implementation based on code in hostap-driver v0.1.3 hostap_ioctl.c
7428  */
7429 static int ipw2100_wx_set_encode(struct net_device *dev,
7430 				 struct iw_request_info *info,
7431 				 union iwreq_data *wrqu, char *key)
7432 {
7433 	/*
7434 	 * No check of STATUS_INITIALIZED required
7435 	 */
7436 
7437 	struct ipw2100_priv *priv = libipw_priv(dev);
7438 	return libipw_wx_set_encode(priv->ieee, info, wrqu, key);
7439 }
7440 
7441 static int ipw2100_wx_get_encode(struct net_device *dev,
7442 				 struct iw_request_info *info,
7443 				 union iwreq_data *wrqu, char *key)
7444 {
7445 	/*
7446 	 * This can be called at any time.  No action lock required
7447 	 */
7448 
7449 	struct ipw2100_priv *priv = libipw_priv(dev);
7450 	return libipw_wx_get_encode(priv->ieee, info, wrqu, key);
7451 }
7452 
7453 static int ipw2100_wx_set_power(struct net_device *dev,
7454 				struct iw_request_info *info,
7455 				union iwreq_data *wrqu, char *extra)
7456 {
7457 	struct ipw2100_priv *priv = libipw_priv(dev);
7458 	int err = 0;
7459 
7460 	mutex_lock(&priv->action_mutex);
7461 	if (!(priv->status & STATUS_INITIALIZED)) {
7462 		err = -EIO;
7463 		goto done;
7464 	}
7465 
7466 	if (wrqu->power.disabled) {
7467 		priv->power_mode = IPW_POWER_LEVEL(priv->power_mode);
7468 		err = ipw2100_set_power_mode(priv, IPW_POWER_MODE_CAM);
7469 		IPW_DEBUG_WX("SET Power Management Mode -> off\n");
7470 		goto done;
7471 	}
7472 
7473 	switch (wrqu->power.flags & IW_POWER_MODE) {
7474 	case IW_POWER_ON:	/* If not specified */
7475 	case IW_POWER_MODE:	/* If set all mask */
7476 	case IW_POWER_ALL_R:	/* If explicitly state all */
7477 		break;
7478 	default:		/* Otherwise we don't support it */
7479 		IPW_DEBUG_WX("SET PM Mode: %X not supported.\n",
7480 			     wrqu->power.flags);
7481 		err = -EOPNOTSUPP;
7482 		goto done;
7483 	}
7484 
7485 	/* If the user hasn't specified a power management mode yet, default
7486 	 * to BATTERY */
7487 	priv->power_mode = IPW_POWER_ENABLED | priv->power_mode;
7488 	err = ipw2100_set_power_mode(priv, IPW_POWER_LEVEL(priv->power_mode));
7489 
7490 	IPW_DEBUG_WX("SET Power Management Mode -> 0x%02X\n", priv->power_mode);
7491 
7492       done:
7493 	mutex_unlock(&priv->action_mutex);
7494 	return err;
7495 
7496 }
7497 
7498 static int ipw2100_wx_get_power(struct net_device *dev,
7499 				struct iw_request_info *info,
7500 				union iwreq_data *wrqu, char *extra)
7501 {
7502 	/*
7503 	 * This can be called at any time.  No action lock required
7504 	 */
7505 
7506 	struct ipw2100_priv *priv = libipw_priv(dev);
7507 
7508 	if (!(priv->power_mode & IPW_POWER_ENABLED))
7509 		wrqu->power.disabled = 1;
7510 	else {
7511 		wrqu->power.disabled = 0;
7512 		wrqu->power.flags = 0;
7513 	}
7514 
7515 	IPW_DEBUG_WX("GET Power Management Mode -> %02X\n", priv->power_mode);
7516 
7517 	return 0;
7518 }
7519 
7520 /*
7521  * WE-18 WPA support
7522  */
7523 
7524 /* SIOCSIWGENIE */
7525 static int ipw2100_wx_set_genie(struct net_device *dev,
7526 				struct iw_request_info *info,
7527 				union iwreq_data *wrqu, char *extra)
7528 {
7529 
7530 	struct ipw2100_priv *priv = libipw_priv(dev);
7531 	struct libipw_device *ieee = priv->ieee;
7532 	u8 *buf;
7533 
7534 	if (!ieee->wpa_enabled)
7535 		return -EOPNOTSUPP;
7536 
7537 	if (wrqu->data.length > MAX_WPA_IE_LEN ||
7538 	    (wrqu->data.length && extra == NULL))
7539 		return -EINVAL;
7540 
7541 	if (wrqu->data.length) {
7542 		buf = kmemdup(extra, wrqu->data.length, GFP_KERNEL);
7543 		if (buf == NULL)
7544 			return -ENOMEM;
7545 
7546 		kfree(ieee->wpa_ie);
7547 		ieee->wpa_ie = buf;
7548 		ieee->wpa_ie_len = wrqu->data.length;
7549 	} else {
7550 		kfree(ieee->wpa_ie);
7551 		ieee->wpa_ie = NULL;
7552 		ieee->wpa_ie_len = 0;
7553 	}
7554 
7555 	ipw2100_wpa_assoc_frame(priv, ieee->wpa_ie, ieee->wpa_ie_len);
7556 
7557 	return 0;
7558 }
7559 
7560 /* SIOCGIWGENIE */
7561 static int ipw2100_wx_get_genie(struct net_device *dev,
7562 				struct iw_request_info *info,
7563 				union iwreq_data *wrqu, char *extra)
7564 {
7565 	struct ipw2100_priv *priv = libipw_priv(dev);
7566 	struct libipw_device *ieee = priv->ieee;
7567 
7568 	if (ieee->wpa_ie_len == 0 || ieee->wpa_ie == NULL) {
7569 		wrqu->data.length = 0;
7570 		return 0;
7571 	}
7572 
7573 	if (wrqu->data.length < ieee->wpa_ie_len)
7574 		return -E2BIG;
7575 
7576 	wrqu->data.length = ieee->wpa_ie_len;
7577 	memcpy(extra, ieee->wpa_ie, ieee->wpa_ie_len);
7578 
7579 	return 0;
7580 }
7581 
7582 /* SIOCSIWAUTH */
7583 static int ipw2100_wx_set_auth(struct net_device *dev,
7584 			       struct iw_request_info *info,
7585 			       union iwreq_data *wrqu, char *extra)
7586 {
7587 	struct ipw2100_priv *priv = libipw_priv(dev);
7588 	struct libipw_device *ieee = priv->ieee;
7589 	struct iw_param *param = &wrqu->param;
7590 	struct lib80211_crypt_data *crypt;
7591 	unsigned long flags;
7592 	int ret = 0;
7593 
7594 	switch (param->flags & IW_AUTH_INDEX) {
7595 	case IW_AUTH_WPA_VERSION:
7596 	case IW_AUTH_CIPHER_PAIRWISE:
7597 	case IW_AUTH_CIPHER_GROUP:
7598 	case IW_AUTH_KEY_MGMT:
7599 		/*
7600 		 * ipw2200 does not use these parameters
7601 		 */
7602 		break;
7603 
7604 	case IW_AUTH_TKIP_COUNTERMEASURES:
7605 		crypt = priv->ieee->crypt_info.crypt[priv->ieee->crypt_info.tx_keyidx];
7606 		if (!crypt || !crypt->ops->set_flags || !crypt->ops->get_flags)
7607 			break;
7608 
7609 		flags = crypt->ops->get_flags(crypt->priv);
7610 
7611 		if (param->value)
7612 			flags |= IEEE80211_CRYPTO_TKIP_COUNTERMEASURES;
7613 		else
7614 			flags &= ~IEEE80211_CRYPTO_TKIP_COUNTERMEASURES;
7615 
7616 		crypt->ops->set_flags(flags, crypt->priv);
7617 
7618 		break;
7619 
7620 	case IW_AUTH_DROP_UNENCRYPTED:{
7621 			/* HACK:
7622 			 *
7623 			 * wpa_supplicant calls set_wpa_enabled when the driver
7624 			 * is loaded and unloaded, regardless of if WPA is being
7625 			 * used.  No other calls are made which can be used to
7626 			 * determine if encryption will be used or not prior to
7627 			 * association being expected.  If encryption is not being
7628 			 * used, drop_unencrypted is set to false, else true -- we
7629 			 * can use this to determine if the CAP_PRIVACY_ON bit should
7630 			 * be set.
7631 			 */
7632 			struct libipw_security sec = {
7633 				.flags = SEC_ENABLED,
7634 				.enabled = param->value,
7635 			};
7636 			priv->ieee->drop_unencrypted = param->value;
7637 			/* We only change SEC_LEVEL for open mode. Others
7638 			 * are set by ipw_wpa_set_encryption.
7639 			 */
7640 			if (!param->value) {
7641 				sec.flags |= SEC_LEVEL;
7642 				sec.level = SEC_LEVEL_0;
7643 			} else {
7644 				sec.flags |= SEC_LEVEL;
7645 				sec.level = SEC_LEVEL_1;
7646 			}
7647 			if (priv->ieee->set_security)
7648 				priv->ieee->set_security(priv->ieee->dev, &sec);
7649 			break;
7650 		}
7651 
7652 	case IW_AUTH_80211_AUTH_ALG:
7653 		ret = ipw2100_wpa_set_auth_algs(priv, param->value);
7654 		break;
7655 
7656 	case IW_AUTH_WPA_ENABLED:
7657 		ret = ipw2100_wpa_enable(priv, param->value);
7658 		break;
7659 
7660 	case IW_AUTH_RX_UNENCRYPTED_EAPOL:
7661 		ieee->ieee802_1x = param->value;
7662 		break;
7663 
7664 		//case IW_AUTH_ROAMING_CONTROL:
7665 	case IW_AUTH_PRIVACY_INVOKED:
7666 		ieee->privacy_invoked = param->value;
7667 		break;
7668 
7669 	default:
7670 		return -EOPNOTSUPP;
7671 	}
7672 	return ret;
7673 }
7674 
7675 /* SIOCGIWAUTH */
7676 static int ipw2100_wx_get_auth(struct net_device *dev,
7677 			       struct iw_request_info *info,
7678 			       union iwreq_data *wrqu, char *extra)
7679 {
7680 	struct ipw2100_priv *priv = libipw_priv(dev);
7681 	struct libipw_device *ieee = priv->ieee;
7682 	struct lib80211_crypt_data *crypt;
7683 	struct iw_param *param = &wrqu->param;
7684 
7685 	switch (param->flags & IW_AUTH_INDEX) {
7686 	case IW_AUTH_WPA_VERSION:
7687 	case IW_AUTH_CIPHER_PAIRWISE:
7688 	case IW_AUTH_CIPHER_GROUP:
7689 	case IW_AUTH_KEY_MGMT:
7690 		/*
7691 		 * wpa_supplicant will control these internally
7692 		 */
7693 		break;
7694 
7695 	case IW_AUTH_TKIP_COUNTERMEASURES:
7696 		crypt = priv->ieee->crypt_info.crypt[priv->ieee->crypt_info.tx_keyidx];
7697 		if (!crypt || !crypt->ops->get_flags) {
7698 			IPW_DEBUG_WARNING("Can't get TKIP countermeasures: "
7699 					  "crypt not set!\n");
7700 			break;
7701 		}
7702 
7703 		param->value = (crypt->ops->get_flags(crypt->priv) &
7704 				IEEE80211_CRYPTO_TKIP_COUNTERMEASURES) ? 1 : 0;
7705 
7706 		break;
7707 
7708 	case IW_AUTH_DROP_UNENCRYPTED:
7709 		param->value = ieee->drop_unencrypted;
7710 		break;
7711 
7712 	case IW_AUTH_80211_AUTH_ALG:
7713 		param->value = priv->ieee->sec.auth_mode;
7714 		break;
7715 
7716 	case IW_AUTH_WPA_ENABLED:
7717 		param->value = ieee->wpa_enabled;
7718 		break;
7719 
7720 	case IW_AUTH_RX_UNENCRYPTED_EAPOL:
7721 		param->value = ieee->ieee802_1x;
7722 		break;
7723 
7724 	case IW_AUTH_ROAMING_CONTROL:
7725 	case IW_AUTH_PRIVACY_INVOKED:
7726 		param->value = ieee->privacy_invoked;
7727 		break;
7728 
7729 	default:
7730 		return -EOPNOTSUPP;
7731 	}
7732 	return 0;
7733 }
7734 
7735 /* SIOCSIWENCODEEXT */
7736 static int ipw2100_wx_set_encodeext(struct net_device *dev,
7737 				    struct iw_request_info *info,
7738 				    union iwreq_data *wrqu, char *extra)
7739 {
7740 	struct ipw2100_priv *priv = libipw_priv(dev);
7741 	return libipw_wx_set_encodeext(priv->ieee, info, wrqu, extra);
7742 }
7743 
7744 /* SIOCGIWENCODEEXT */
7745 static int ipw2100_wx_get_encodeext(struct net_device *dev,
7746 				    struct iw_request_info *info,
7747 				    union iwreq_data *wrqu, char *extra)
7748 {
7749 	struct ipw2100_priv *priv = libipw_priv(dev);
7750 	return libipw_wx_get_encodeext(priv->ieee, info, wrqu, extra);
7751 }
7752 
7753 /* SIOCSIWMLME */
7754 static int ipw2100_wx_set_mlme(struct net_device *dev,
7755 			       struct iw_request_info *info,
7756 			       union iwreq_data *wrqu, char *extra)
7757 {
7758 	struct ipw2100_priv *priv = libipw_priv(dev);
7759 	struct iw_mlme *mlme = (struct iw_mlme *)extra;
7760 
7761 	switch (mlme->cmd) {
7762 	case IW_MLME_DEAUTH:
7763 		// silently ignore
7764 		break;
7765 
7766 	case IW_MLME_DISASSOC:
7767 		ipw2100_disassociate_bssid(priv);
7768 		break;
7769 
7770 	default:
7771 		return -EOPNOTSUPP;
7772 	}
7773 	return 0;
7774 }
7775 
7776 /*
7777  *
7778  * IWPRIV handlers
7779  *
7780  */
7781 #ifdef CONFIG_IPW2100_MONITOR
7782 static int ipw2100_wx_set_promisc(struct net_device *dev,
7783 				  struct iw_request_info *info,
7784 				  union iwreq_data *wrqu, char *extra)
7785 {
7786 	struct ipw2100_priv *priv = libipw_priv(dev);
7787 	int *parms = (int *)extra;
7788 	int enable = (parms[0] > 0);
7789 	int err = 0;
7790 
7791 	mutex_lock(&priv->action_mutex);
7792 	if (!(priv->status & STATUS_INITIALIZED)) {
7793 		err = -EIO;
7794 		goto done;
7795 	}
7796 
7797 	if (enable) {
7798 		if (priv->ieee->iw_mode == IW_MODE_MONITOR) {
7799 			err = ipw2100_set_channel(priv, parms[1], 0);
7800 			goto done;
7801 		}
7802 		priv->channel = parms[1];
7803 		err = ipw2100_switch_mode(priv, IW_MODE_MONITOR);
7804 	} else {
7805 		if (priv->ieee->iw_mode == IW_MODE_MONITOR)
7806 			err = ipw2100_switch_mode(priv, priv->last_mode);
7807 	}
7808       done:
7809 	mutex_unlock(&priv->action_mutex);
7810 	return err;
7811 }
7812 
7813 static int ipw2100_wx_reset(struct net_device *dev,
7814 			    struct iw_request_info *info,
7815 			    union iwreq_data *wrqu, char *extra)
7816 {
7817 	struct ipw2100_priv *priv = libipw_priv(dev);
7818 	if (priv->status & STATUS_INITIALIZED)
7819 		schedule_reset(priv);
7820 	return 0;
7821 }
7822 
7823 #endif
7824 
7825 static int ipw2100_wx_set_powermode(struct net_device *dev,
7826 				    struct iw_request_info *info,
7827 				    union iwreq_data *wrqu, char *extra)
7828 {
7829 	struct ipw2100_priv *priv = libipw_priv(dev);
7830 	int err = 0, mode = *(int *)extra;
7831 
7832 	mutex_lock(&priv->action_mutex);
7833 	if (!(priv->status & STATUS_INITIALIZED)) {
7834 		err = -EIO;
7835 		goto done;
7836 	}
7837 
7838 	if ((mode < 0) || (mode > POWER_MODES))
7839 		mode = IPW_POWER_AUTO;
7840 
7841 	if (IPW_POWER_LEVEL(priv->power_mode) != mode)
7842 		err = ipw2100_set_power_mode(priv, mode);
7843       done:
7844 	mutex_unlock(&priv->action_mutex);
7845 	return err;
7846 }
7847 
7848 #define MAX_POWER_STRING 80
7849 static int ipw2100_wx_get_powermode(struct net_device *dev,
7850 				    struct iw_request_info *info,
7851 				    union iwreq_data *wrqu, char *extra)
7852 {
7853 	/*
7854 	 * This can be called at any time.  No action lock required
7855 	 */
7856 
7857 	struct ipw2100_priv *priv = libipw_priv(dev);
7858 	int level = IPW_POWER_LEVEL(priv->power_mode);
7859 	s32 timeout, period;
7860 
7861 	if (!(priv->power_mode & IPW_POWER_ENABLED)) {
7862 		snprintf(extra, MAX_POWER_STRING,
7863 			 "Power save level: %d (Off)", level);
7864 	} else {
7865 		switch (level) {
7866 		case IPW_POWER_MODE_CAM:
7867 			snprintf(extra, MAX_POWER_STRING,
7868 				 "Power save level: %d (None)", level);
7869 			break;
7870 		case IPW_POWER_AUTO:
7871 			snprintf(extra, MAX_POWER_STRING,
7872 				 "Power save level: %d (Auto)", level);
7873 			break;
7874 		default:
7875 			timeout = timeout_duration[level - 1] / 1000;
7876 			period = period_duration[level - 1] / 1000;
7877 			snprintf(extra, MAX_POWER_STRING,
7878 				 "Power save level: %d "
7879 				 "(Timeout %dms, Period %dms)",
7880 				 level, timeout, period);
7881 		}
7882 	}
7883 
7884 	wrqu->data.length = strlen(extra) + 1;
7885 
7886 	return 0;
7887 }
7888 
7889 static int ipw2100_wx_set_preamble(struct net_device *dev,
7890 				   struct iw_request_info *info,
7891 				   union iwreq_data *wrqu, char *extra)
7892 {
7893 	struct ipw2100_priv *priv = libipw_priv(dev);
7894 	int err, mode = *(int *)extra;
7895 
7896 	mutex_lock(&priv->action_mutex);
7897 	if (!(priv->status & STATUS_INITIALIZED)) {
7898 		err = -EIO;
7899 		goto done;
7900 	}
7901 
7902 	if (mode == 1)
7903 		priv->config |= CFG_LONG_PREAMBLE;
7904 	else if (mode == 0)
7905 		priv->config &= ~CFG_LONG_PREAMBLE;
7906 	else {
7907 		err = -EINVAL;
7908 		goto done;
7909 	}
7910 
7911 	err = ipw2100_system_config(priv, 0);
7912 
7913       done:
7914 	mutex_unlock(&priv->action_mutex);
7915 	return err;
7916 }
7917 
7918 static int ipw2100_wx_get_preamble(struct net_device *dev,
7919 				   struct iw_request_info *info,
7920 				   union iwreq_data *wrqu, char *extra)
7921 {
7922 	/*
7923 	 * This can be called at any time.  No action lock required
7924 	 */
7925 
7926 	struct ipw2100_priv *priv = libipw_priv(dev);
7927 
7928 	if (priv->config & CFG_LONG_PREAMBLE)
7929 		snprintf(wrqu->name, IFNAMSIZ, "long (1)");
7930 	else
7931 		snprintf(wrqu->name, IFNAMSIZ, "auto (0)");
7932 
7933 	return 0;
7934 }
7935 
7936 #ifdef CONFIG_IPW2100_MONITOR
7937 static int ipw2100_wx_set_crc_check(struct net_device *dev,
7938 				    struct iw_request_info *info,
7939 				    union iwreq_data *wrqu, char *extra)
7940 {
7941 	struct ipw2100_priv *priv = libipw_priv(dev);
7942 	int err, mode = *(int *)extra;
7943 
7944 	mutex_lock(&priv->action_mutex);
7945 	if (!(priv->status & STATUS_INITIALIZED)) {
7946 		err = -EIO;
7947 		goto done;
7948 	}
7949 
7950 	if (mode == 1)
7951 		priv->config |= CFG_CRC_CHECK;
7952 	else if (mode == 0)
7953 		priv->config &= ~CFG_CRC_CHECK;
7954 	else {
7955 		err = -EINVAL;
7956 		goto done;
7957 	}
7958 	err = 0;
7959 
7960       done:
7961 	mutex_unlock(&priv->action_mutex);
7962 	return err;
7963 }
7964 
7965 static int ipw2100_wx_get_crc_check(struct net_device *dev,
7966 				    struct iw_request_info *info,
7967 				    union iwreq_data *wrqu, char *extra)
7968 {
7969 	/*
7970 	 * This can be called at any time.  No action lock required
7971 	 */
7972 
7973 	struct ipw2100_priv *priv = libipw_priv(dev);
7974 
7975 	if (priv->config & CFG_CRC_CHECK)
7976 		snprintf(wrqu->name, IFNAMSIZ, "CRC checked (1)");
7977 	else
7978 		snprintf(wrqu->name, IFNAMSIZ, "CRC ignored (0)");
7979 
7980 	return 0;
7981 }
7982 #endif				/* CONFIG_IPW2100_MONITOR */
7983 
7984 static iw_handler ipw2100_wx_handlers[] = {
7985 	IW_HANDLER(SIOCGIWNAME, ipw2100_wx_get_name),
7986 	IW_HANDLER(SIOCSIWFREQ, ipw2100_wx_set_freq),
7987 	IW_HANDLER(SIOCGIWFREQ, ipw2100_wx_get_freq),
7988 	IW_HANDLER(SIOCSIWMODE, ipw2100_wx_set_mode),
7989 	IW_HANDLER(SIOCGIWMODE, ipw2100_wx_get_mode),
7990 	IW_HANDLER(SIOCGIWRANGE, ipw2100_wx_get_range),
7991 	IW_HANDLER(SIOCSIWAP, ipw2100_wx_set_wap),
7992 	IW_HANDLER(SIOCGIWAP, ipw2100_wx_get_wap),
7993 	IW_HANDLER(SIOCSIWMLME, ipw2100_wx_set_mlme),
7994 	IW_HANDLER(SIOCSIWSCAN, ipw2100_wx_set_scan),
7995 	IW_HANDLER(SIOCGIWSCAN, ipw2100_wx_get_scan),
7996 	IW_HANDLER(SIOCSIWESSID, ipw2100_wx_set_essid),
7997 	IW_HANDLER(SIOCGIWESSID, ipw2100_wx_get_essid),
7998 	IW_HANDLER(SIOCSIWNICKN, ipw2100_wx_set_nick),
7999 	IW_HANDLER(SIOCGIWNICKN, ipw2100_wx_get_nick),
8000 	IW_HANDLER(SIOCSIWRATE, ipw2100_wx_set_rate),
8001 	IW_HANDLER(SIOCGIWRATE, ipw2100_wx_get_rate),
8002 	IW_HANDLER(SIOCSIWRTS, ipw2100_wx_set_rts),
8003 	IW_HANDLER(SIOCGIWRTS, ipw2100_wx_get_rts),
8004 	IW_HANDLER(SIOCSIWFRAG, ipw2100_wx_set_frag),
8005 	IW_HANDLER(SIOCGIWFRAG, ipw2100_wx_get_frag),
8006 	IW_HANDLER(SIOCSIWTXPOW, ipw2100_wx_set_txpow),
8007 	IW_HANDLER(SIOCGIWTXPOW, ipw2100_wx_get_txpow),
8008 	IW_HANDLER(SIOCSIWRETRY, ipw2100_wx_set_retry),
8009 	IW_HANDLER(SIOCGIWRETRY, ipw2100_wx_get_retry),
8010 	IW_HANDLER(SIOCSIWENCODE, ipw2100_wx_set_encode),
8011 	IW_HANDLER(SIOCGIWENCODE, ipw2100_wx_get_encode),
8012 	IW_HANDLER(SIOCSIWPOWER, ipw2100_wx_set_power),
8013 	IW_HANDLER(SIOCGIWPOWER, ipw2100_wx_get_power),
8014 	IW_HANDLER(SIOCSIWGENIE, ipw2100_wx_set_genie),
8015 	IW_HANDLER(SIOCGIWGENIE, ipw2100_wx_get_genie),
8016 	IW_HANDLER(SIOCSIWAUTH, ipw2100_wx_set_auth),
8017 	IW_HANDLER(SIOCGIWAUTH, ipw2100_wx_get_auth),
8018 	IW_HANDLER(SIOCSIWENCODEEXT, ipw2100_wx_set_encodeext),
8019 	IW_HANDLER(SIOCGIWENCODEEXT, ipw2100_wx_get_encodeext),
8020 };
8021 
8022 #define IPW2100_PRIV_SET_MONITOR	SIOCIWFIRSTPRIV
8023 #define IPW2100_PRIV_RESET		SIOCIWFIRSTPRIV+1
8024 #define IPW2100_PRIV_SET_POWER		SIOCIWFIRSTPRIV+2
8025 #define IPW2100_PRIV_GET_POWER		SIOCIWFIRSTPRIV+3
8026 #define IPW2100_PRIV_SET_LONGPREAMBLE	SIOCIWFIRSTPRIV+4
8027 #define IPW2100_PRIV_GET_LONGPREAMBLE	SIOCIWFIRSTPRIV+5
8028 #define IPW2100_PRIV_SET_CRC_CHECK	SIOCIWFIRSTPRIV+6
8029 #define IPW2100_PRIV_GET_CRC_CHECK	SIOCIWFIRSTPRIV+7
8030 
8031 static const struct iw_priv_args ipw2100_private_args[] = {
8032 
8033 #ifdef CONFIG_IPW2100_MONITOR
8034 	{
8035 	 IPW2100_PRIV_SET_MONITOR,
8036 	 IW_PRIV_TYPE_INT | IW_PRIV_SIZE_FIXED | 2, 0, "monitor"},
8037 	{
8038 	 IPW2100_PRIV_RESET,
8039 	 IW_PRIV_TYPE_INT | IW_PRIV_SIZE_FIXED | 0, 0, "reset"},
8040 #endif				/* CONFIG_IPW2100_MONITOR */
8041 
8042 	{
8043 	 IPW2100_PRIV_SET_POWER,
8044 	 IW_PRIV_TYPE_INT | IW_PRIV_SIZE_FIXED | 1, 0, "set_power"},
8045 	{
8046 	 IPW2100_PRIV_GET_POWER,
8047 	 0, IW_PRIV_TYPE_CHAR | IW_PRIV_SIZE_FIXED | MAX_POWER_STRING,
8048 	 "get_power"},
8049 	{
8050 	 IPW2100_PRIV_SET_LONGPREAMBLE,
8051 	 IW_PRIV_TYPE_INT | IW_PRIV_SIZE_FIXED | 1, 0, "set_preamble"},
8052 	{
8053 	 IPW2100_PRIV_GET_LONGPREAMBLE,
8054 	 0, IW_PRIV_TYPE_CHAR | IW_PRIV_SIZE_FIXED | IFNAMSIZ, "get_preamble"},
8055 #ifdef CONFIG_IPW2100_MONITOR
8056 	{
8057 	 IPW2100_PRIV_SET_CRC_CHECK,
8058 	 IW_PRIV_TYPE_INT | IW_PRIV_SIZE_FIXED | 1, 0, "set_crc_check"},
8059 	{
8060 	 IPW2100_PRIV_GET_CRC_CHECK,
8061 	 0, IW_PRIV_TYPE_CHAR | IW_PRIV_SIZE_FIXED | IFNAMSIZ, "get_crc_check"},
8062 #endif				/* CONFIG_IPW2100_MONITOR */
8063 };
8064 
8065 static iw_handler ipw2100_private_handler[] = {
8066 #ifdef CONFIG_IPW2100_MONITOR
8067 	ipw2100_wx_set_promisc,
8068 	ipw2100_wx_reset,
8069 #else				/* CONFIG_IPW2100_MONITOR */
8070 	NULL,
8071 	NULL,
8072 #endif				/* CONFIG_IPW2100_MONITOR */
8073 	ipw2100_wx_set_powermode,
8074 	ipw2100_wx_get_powermode,
8075 	ipw2100_wx_set_preamble,
8076 	ipw2100_wx_get_preamble,
8077 #ifdef CONFIG_IPW2100_MONITOR
8078 	ipw2100_wx_set_crc_check,
8079 	ipw2100_wx_get_crc_check,
8080 #else				/* CONFIG_IPW2100_MONITOR */
8081 	NULL,
8082 	NULL,
8083 #endif				/* CONFIG_IPW2100_MONITOR */
8084 };
8085 
8086 /*
8087  * Get wireless statistics.
8088  * Called by /proc/net/wireless
8089  * Also called by SIOCGIWSTATS
8090  */
8091 static struct iw_statistics *ipw2100_wx_wireless_stats(struct net_device *dev)
8092 {
8093 	enum {
8094 		POOR = 30,
8095 		FAIR = 60,
8096 		GOOD = 80,
8097 		VERY_GOOD = 90,
8098 		EXCELLENT = 95,
8099 		PERFECT = 100
8100 	};
8101 	int rssi_qual;
8102 	int tx_qual;
8103 	int beacon_qual;
8104 	int quality;
8105 
8106 	struct ipw2100_priv *priv = libipw_priv(dev);
8107 	struct iw_statistics *wstats;
8108 	u32 rssi, tx_retries, missed_beacons, tx_failures;
8109 	u32 ord_len = sizeof(u32);
8110 
8111 	if (!priv)
8112 		return (struct iw_statistics *)NULL;
8113 
8114 	wstats = &priv->wstats;
8115 
8116 	/* if hw is disabled, then ipw2100_get_ordinal() can't be called.
8117 	 * ipw2100_wx_wireless_stats seems to be called before fw is
8118 	 * initialized.  STATUS_ASSOCIATED will only be set if the hw is up
8119 	 * and associated; if not associcated, the values are all meaningless
8120 	 * anyway, so set them all to NULL and INVALID */
8121 	if (!(priv->status & STATUS_ASSOCIATED)) {
8122 		wstats->miss.beacon = 0;
8123 		wstats->discard.retries = 0;
8124 		wstats->qual.qual = 0;
8125 		wstats->qual.level = 0;
8126 		wstats->qual.noise = 0;
8127 		wstats->qual.updated = 7;
8128 		wstats->qual.updated |= IW_QUAL_NOISE_INVALID |
8129 		    IW_QUAL_QUAL_INVALID | IW_QUAL_LEVEL_INVALID;
8130 		return wstats;
8131 	}
8132 
8133 	if (ipw2100_get_ordinal(priv, IPW_ORD_STAT_PERCENT_MISSED_BCNS,
8134 				&missed_beacons, &ord_len))
8135 		goto fail_get_ordinal;
8136 
8137 	/* If we don't have a connection the quality and level is 0 */
8138 	if (!(priv->status & STATUS_ASSOCIATED)) {
8139 		wstats->qual.qual = 0;
8140 		wstats->qual.level = 0;
8141 	} else {
8142 		if (ipw2100_get_ordinal(priv, IPW_ORD_RSSI_AVG_CURR,
8143 					&rssi, &ord_len))
8144 			goto fail_get_ordinal;
8145 		wstats->qual.level = rssi + IPW2100_RSSI_TO_DBM;
8146 		if (rssi < 10)
8147 			rssi_qual = rssi * POOR / 10;
8148 		else if (rssi < 15)
8149 			rssi_qual = (rssi - 10) * (FAIR - POOR) / 5 + POOR;
8150 		else if (rssi < 20)
8151 			rssi_qual = (rssi - 15) * (GOOD - FAIR) / 5 + FAIR;
8152 		else if (rssi < 30)
8153 			rssi_qual = (rssi - 20) * (VERY_GOOD - GOOD) /
8154 			    10 + GOOD;
8155 		else
8156 			rssi_qual = (rssi - 30) * (PERFECT - VERY_GOOD) /
8157 			    10 + VERY_GOOD;
8158 
8159 		if (ipw2100_get_ordinal(priv, IPW_ORD_STAT_PERCENT_RETRIES,
8160 					&tx_retries, &ord_len))
8161 			goto fail_get_ordinal;
8162 
8163 		if (tx_retries > 75)
8164 			tx_qual = (90 - tx_retries) * POOR / 15;
8165 		else if (tx_retries > 70)
8166 			tx_qual = (75 - tx_retries) * (FAIR - POOR) / 5 + POOR;
8167 		else if (tx_retries > 65)
8168 			tx_qual = (70 - tx_retries) * (GOOD - FAIR) / 5 + FAIR;
8169 		else if (tx_retries > 50)
8170 			tx_qual = (65 - tx_retries) * (VERY_GOOD - GOOD) /
8171 			    15 + GOOD;
8172 		else
8173 			tx_qual = (50 - tx_retries) *
8174 			    (PERFECT - VERY_GOOD) / 50 + VERY_GOOD;
8175 
8176 		if (missed_beacons > 50)
8177 			beacon_qual = (60 - missed_beacons) * POOR / 10;
8178 		else if (missed_beacons > 40)
8179 			beacon_qual = (50 - missed_beacons) * (FAIR - POOR) /
8180 			    10 + POOR;
8181 		else if (missed_beacons > 32)
8182 			beacon_qual = (40 - missed_beacons) * (GOOD - FAIR) /
8183 			    18 + FAIR;
8184 		else if (missed_beacons > 20)
8185 			beacon_qual = (32 - missed_beacons) *
8186 			    (VERY_GOOD - GOOD) / 20 + GOOD;
8187 		else
8188 			beacon_qual = (20 - missed_beacons) *
8189 			    (PERFECT - VERY_GOOD) / 20 + VERY_GOOD;
8190 
8191 		quality = min(tx_qual, rssi_qual);
8192 		quality = min(beacon_qual, quality);
8193 
8194 #ifdef CONFIG_IPW2100_DEBUG
8195 		if (beacon_qual == quality)
8196 			IPW_DEBUG_WX("Quality clamped by Missed Beacons\n");
8197 		else if (tx_qual == quality)
8198 			IPW_DEBUG_WX("Quality clamped by Tx Retries\n");
8199 		else if (quality != 100)
8200 			IPW_DEBUG_WX("Quality clamped by Signal Strength\n");
8201 		else
8202 			IPW_DEBUG_WX("Quality not clamped.\n");
8203 #endif
8204 
8205 		wstats->qual.qual = quality;
8206 		wstats->qual.level = rssi + IPW2100_RSSI_TO_DBM;
8207 	}
8208 
8209 	wstats->qual.noise = 0;
8210 	wstats->qual.updated = 7;
8211 	wstats->qual.updated |= IW_QUAL_NOISE_INVALID;
8212 
8213 	/* FIXME: this is percent and not a # */
8214 	wstats->miss.beacon = missed_beacons;
8215 
8216 	if (ipw2100_get_ordinal(priv, IPW_ORD_STAT_TX_FAILURES,
8217 				&tx_failures, &ord_len))
8218 		goto fail_get_ordinal;
8219 	wstats->discard.retries = tx_failures;
8220 
8221 	return wstats;
8222 
8223       fail_get_ordinal:
8224 	IPW_DEBUG_WX("failed querying ordinals.\n");
8225 
8226 	return (struct iw_statistics *)NULL;
8227 }
8228 
8229 static const struct iw_handler_def ipw2100_wx_handler_def = {
8230 	.standard = ipw2100_wx_handlers,
8231 	.num_standard = ARRAY_SIZE(ipw2100_wx_handlers),
8232 	.num_private = ARRAY_SIZE(ipw2100_private_handler),
8233 	.num_private_args = ARRAY_SIZE(ipw2100_private_args),
8234 	.private = (iw_handler *) ipw2100_private_handler,
8235 	.private_args = (struct iw_priv_args *)ipw2100_private_args,
8236 	.get_wireless_stats = ipw2100_wx_wireless_stats,
8237 };
8238 
8239 static void ipw2100_wx_event_work(struct work_struct *work)
8240 {
8241 	struct ipw2100_priv *priv =
8242 		container_of(work, struct ipw2100_priv, wx_event_work.work);
8243 	union iwreq_data wrqu;
8244 	unsigned int len = ETH_ALEN;
8245 
8246 	if (priv->status & STATUS_STOPPING)
8247 		return;
8248 
8249 	mutex_lock(&priv->action_mutex);
8250 
8251 	IPW_DEBUG_WX("enter\n");
8252 
8253 	mutex_unlock(&priv->action_mutex);
8254 
8255 	wrqu.ap_addr.sa_family = ARPHRD_ETHER;
8256 
8257 	/* Fetch BSSID from the hardware */
8258 	if (!(priv->status & (STATUS_ASSOCIATING | STATUS_ASSOCIATED)) ||
8259 	    priv->status & STATUS_RF_KILL_MASK ||
8260 	    ipw2100_get_ordinal(priv, IPW_ORD_STAT_ASSN_AP_BSSID,
8261 				&priv->bssid, &len)) {
8262 		eth_zero_addr(wrqu.ap_addr.sa_data);
8263 	} else {
8264 		/* We now have the BSSID, so can finish setting to the full
8265 		 * associated state */
8266 		memcpy(wrqu.ap_addr.sa_data, priv->bssid, ETH_ALEN);
8267 		memcpy(priv->ieee->bssid, priv->bssid, ETH_ALEN);
8268 		priv->status &= ~STATUS_ASSOCIATING;
8269 		priv->status |= STATUS_ASSOCIATED;
8270 		netif_carrier_on(priv->net_dev);
8271 		netif_wake_queue(priv->net_dev);
8272 	}
8273 
8274 	if (!(priv->status & STATUS_ASSOCIATED)) {
8275 		IPW_DEBUG_WX("Configuring ESSID\n");
8276 		mutex_lock(&priv->action_mutex);
8277 		/* This is a disassociation event, so kick the firmware to
8278 		 * look for another AP */
8279 		if (priv->config & CFG_STATIC_ESSID)
8280 			ipw2100_set_essid(priv, priv->essid, priv->essid_len,
8281 					  0);
8282 		else
8283 			ipw2100_set_essid(priv, NULL, 0, 0);
8284 		mutex_unlock(&priv->action_mutex);
8285 	}
8286 
8287 	wireless_send_event(priv->net_dev, SIOCGIWAP, &wrqu, NULL);
8288 }
8289 
8290 #define IPW2100_FW_MAJOR_VERSION 1
8291 #define IPW2100_FW_MINOR_VERSION 3
8292 
8293 #define IPW2100_FW_MINOR(x) ((x & 0xff) >> 8)
8294 #define IPW2100_FW_MAJOR(x) (x & 0xff)
8295 
8296 #define IPW2100_FW_VERSION ((IPW2100_FW_MINOR_VERSION << 8) | \
8297                              IPW2100_FW_MAJOR_VERSION)
8298 
8299 #define IPW2100_FW_PREFIX "ipw2100-" __stringify(IPW2100_FW_MAJOR_VERSION) \
8300 "." __stringify(IPW2100_FW_MINOR_VERSION)
8301 
8302 #define IPW2100_FW_NAME(x) IPW2100_FW_PREFIX "" x ".fw"
8303 
8304 /*
8305 
8306 BINARY FIRMWARE HEADER FORMAT
8307 
8308 offset      length   desc
8309 0           2        version
8310 2           2        mode == 0:BSS,1:IBSS,2:MONITOR
8311 4           4        fw_len
8312 8           4        uc_len
8313 C           fw_len   firmware data
8314 12 + fw_len uc_len   microcode data
8315 
8316 */
8317 
8318 struct ipw2100_fw_header {
8319 	short version;
8320 	short mode;
8321 	unsigned int fw_size;
8322 	unsigned int uc_size;
8323 } __packed;
8324 
8325 static int ipw2100_mod_firmware_load(struct ipw2100_fw *fw)
8326 {
8327 	struct ipw2100_fw_header *h =
8328 	    (struct ipw2100_fw_header *)fw->fw_entry->data;
8329 
8330 	if (IPW2100_FW_MAJOR(h->version) != IPW2100_FW_MAJOR_VERSION) {
8331 		printk(KERN_WARNING DRV_NAME ": Firmware image not compatible "
8332 		       "(detected version id of %u). "
8333 		       "See Documentation/networking/device_drivers/wifi/intel/ipw2100.rst\n",
8334 		       h->version);
8335 		return 1;
8336 	}
8337 
8338 	fw->version = h->version;
8339 	fw->fw.data = fw->fw_entry->data + sizeof(struct ipw2100_fw_header);
8340 	fw->fw.size = h->fw_size;
8341 	fw->uc.data = fw->fw.data + h->fw_size;
8342 	fw->uc.size = h->uc_size;
8343 
8344 	return 0;
8345 }
8346 
8347 static int ipw2100_get_firmware(struct ipw2100_priv *priv,
8348 				struct ipw2100_fw *fw)
8349 {
8350 	char *fw_name;
8351 	int rc;
8352 
8353 	IPW_DEBUG_INFO("%s: Using hotplug firmware load.\n",
8354 		       priv->net_dev->name);
8355 
8356 	switch (priv->ieee->iw_mode) {
8357 	case IW_MODE_ADHOC:
8358 		fw_name = IPW2100_FW_NAME("-i");
8359 		break;
8360 #ifdef CONFIG_IPW2100_MONITOR
8361 	case IW_MODE_MONITOR:
8362 		fw_name = IPW2100_FW_NAME("-p");
8363 		break;
8364 #endif
8365 	case IW_MODE_INFRA:
8366 	default:
8367 		fw_name = IPW2100_FW_NAME("");
8368 		break;
8369 	}
8370 
8371 	rc = request_firmware(&fw->fw_entry, fw_name, &priv->pci_dev->dev);
8372 
8373 	if (rc < 0) {
8374 		printk(KERN_ERR DRV_NAME ": "
8375 		       "%s: Firmware '%s' not available or load failed.\n",
8376 		       priv->net_dev->name, fw_name);
8377 		return rc;
8378 	}
8379 	IPW_DEBUG_INFO("firmware data %p size %zd\n", fw->fw_entry->data,
8380 		       fw->fw_entry->size);
8381 
8382 	ipw2100_mod_firmware_load(fw);
8383 
8384 	return 0;
8385 }
8386 
8387 MODULE_FIRMWARE(IPW2100_FW_NAME("-i"));
8388 #ifdef CONFIG_IPW2100_MONITOR
8389 MODULE_FIRMWARE(IPW2100_FW_NAME("-p"));
8390 #endif
8391 MODULE_FIRMWARE(IPW2100_FW_NAME(""));
8392 
8393 static void ipw2100_release_firmware(struct ipw2100_priv *priv,
8394 				     struct ipw2100_fw *fw)
8395 {
8396 	fw->version = 0;
8397 	release_firmware(fw->fw_entry);
8398 	fw->fw_entry = NULL;
8399 }
8400 
8401 static int ipw2100_get_fwversion(struct ipw2100_priv *priv, char *buf,
8402 				 size_t max)
8403 {
8404 	char ver[MAX_FW_VERSION_LEN];
8405 	u32 len = MAX_FW_VERSION_LEN;
8406 	u32 tmp;
8407 	int i;
8408 	/* firmware version is an ascii string (max len of 14) */
8409 	if (ipw2100_get_ordinal(priv, IPW_ORD_STAT_FW_VER_NUM, ver, &len))
8410 		return -EIO;
8411 	tmp = max;
8412 	if (len >= max)
8413 		len = max - 1;
8414 	for (i = 0; i < len; i++)
8415 		buf[i] = ver[i];
8416 	buf[i] = '\0';
8417 	return tmp;
8418 }
8419 
8420 static int ipw2100_get_ucodeversion(struct ipw2100_priv *priv, char *buf,
8421 				    size_t max)
8422 {
8423 	u32 ver;
8424 	u32 len = sizeof(ver);
8425 	/* microcode version is a 32 bit integer */
8426 	if (ipw2100_get_ordinal(priv, IPW_ORD_UCODE_VERSION, &ver, &len))
8427 		return -EIO;
8428 	return snprintf(buf, max, "%08X", ver);
8429 }
8430 
8431 /*
8432  * On exit, the firmware will have been freed from the fw list
8433  */
8434 static int ipw2100_fw_download(struct ipw2100_priv *priv, struct ipw2100_fw *fw)
8435 {
8436 	/* firmware is constructed of N contiguous entries, each entry is
8437 	 * structured as:
8438 	 *
8439 	 * offset    sie         desc
8440 	 * 0         4           address to write to
8441 	 * 4         2           length of data run
8442 	 * 6         length      data
8443 	 */
8444 	unsigned int addr;
8445 	unsigned short len;
8446 
8447 	const unsigned char *firmware_data = fw->fw.data;
8448 	unsigned int firmware_data_left = fw->fw.size;
8449 
8450 	while (firmware_data_left > 0) {
8451 		addr = *(u32 *) (firmware_data);
8452 		firmware_data += 4;
8453 		firmware_data_left -= 4;
8454 
8455 		len = *(u16 *) (firmware_data);
8456 		firmware_data += 2;
8457 		firmware_data_left -= 2;
8458 
8459 		if (len > 32) {
8460 			printk(KERN_ERR DRV_NAME ": "
8461 			       "Invalid firmware run-length of %d bytes\n",
8462 			       len);
8463 			return -EINVAL;
8464 		}
8465 
8466 		write_nic_memory(priv->net_dev, addr, len, firmware_data);
8467 		firmware_data += len;
8468 		firmware_data_left -= len;
8469 	}
8470 
8471 	return 0;
8472 }
8473 
8474 struct symbol_alive_response {
8475 	u8 cmd_id;
8476 	u8 seq_num;
8477 	u8 ucode_rev;
8478 	u8 eeprom_valid;
8479 	u16 valid_flags;
8480 	u8 IEEE_addr[6];
8481 	u16 flags;
8482 	u16 pcb_rev;
8483 	u16 clock_settle_time;	// 1us LSB
8484 	u16 powerup_settle_time;	// 1us LSB
8485 	u16 hop_settle_time;	// 1us LSB
8486 	u8 date[3];		// month, day, year
8487 	u8 time[2];		// hours, minutes
8488 	u8 ucode_valid;
8489 };
8490 
8491 static int ipw2100_ucode_download(struct ipw2100_priv *priv,
8492 				  struct ipw2100_fw *fw)
8493 {
8494 	struct net_device *dev = priv->net_dev;
8495 	const unsigned char *microcode_data = fw->uc.data;
8496 	unsigned int microcode_data_left = fw->uc.size;
8497 	void __iomem *reg = priv->ioaddr;
8498 
8499 	struct symbol_alive_response response;
8500 	int i, j;
8501 	u8 data;
8502 
8503 	/* Symbol control */
8504 	write_nic_word(dev, IPW2100_CONTROL_REG, 0x703);
8505 	readl(reg);
8506 	write_nic_word(dev, IPW2100_CONTROL_REG, 0x707);
8507 	readl(reg);
8508 
8509 	/* HW config */
8510 	write_nic_byte(dev, 0x210014, 0x72);	/* fifo width =16 */
8511 	readl(reg);
8512 	write_nic_byte(dev, 0x210014, 0x72);	/* fifo width =16 */
8513 	readl(reg);
8514 
8515 	/* EN_CS_ACCESS bit to reset control store pointer */
8516 	write_nic_byte(dev, 0x210000, 0x40);
8517 	readl(reg);
8518 	write_nic_byte(dev, 0x210000, 0x0);
8519 	readl(reg);
8520 	write_nic_byte(dev, 0x210000, 0x40);
8521 	readl(reg);
8522 
8523 	/* copy microcode from buffer into Symbol */
8524 
8525 	while (microcode_data_left > 0) {
8526 		write_nic_byte(dev, 0x210010, *microcode_data++);
8527 		write_nic_byte(dev, 0x210010, *microcode_data++);
8528 		microcode_data_left -= 2;
8529 	}
8530 
8531 	/* EN_CS_ACCESS bit to reset the control store pointer */
8532 	write_nic_byte(dev, 0x210000, 0x0);
8533 	readl(reg);
8534 
8535 	/* Enable System (Reg 0)
8536 	 * first enable causes garbage in RX FIFO */
8537 	write_nic_byte(dev, 0x210000, 0x0);
8538 	readl(reg);
8539 	write_nic_byte(dev, 0x210000, 0x80);
8540 	readl(reg);
8541 
8542 	/* Reset External Baseband Reg */
8543 	write_nic_word(dev, IPW2100_CONTROL_REG, 0x703);
8544 	readl(reg);
8545 	write_nic_word(dev, IPW2100_CONTROL_REG, 0x707);
8546 	readl(reg);
8547 
8548 	/* HW Config (Reg 5) */
8549 	write_nic_byte(dev, 0x210014, 0x72);	// fifo width =16
8550 	readl(reg);
8551 	write_nic_byte(dev, 0x210014, 0x72);	// fifo width =16
8552 	readl(reg);
8553 
8554 	/* Enable System (Reg 0)
8555 	 * second enable should be OK */
8556 	write_nic_byte(dev, 0x210000, 0x00);	// clear enable system
8557 	readl(reg);
8558 	write_nic_byte(dev, 0x210000, 0x80);	// set enable system
8559 
8560 	/* check Symbol is enabled - upped this from 5 as it wasn't always
8561 	 * catching the update */
8562 	for (i = 0; i < 10; i++) {
8563 		udelay(10);
8564 
8565 		/* check Dino is enabled bit */
8566 		read_nic_byte(dev, 0x210000, &data);
8567 		if (data & 0x1)
8568 			break;
8569 	}
8570 
8571 	if (i == 10) {
8572 		printk(KERN_ERR DRV_NAME ": %s: Error initializing Symbol\n",
8573 		       dev->name);
8574 		return -EIO;
8575 	}
8576 
8577 	/* Get Symbol alive response */
8578 	for (i = 0; i < 30; i++) {
8579 		/* Read alive response structure */
8580 		for (j = 0;
8581 		     j < (sizeof(struct symbol_alive_response) >> 1); j++)
8582 			read_nic_word(dev, 0x210004, ((u16 *) & response) + j);
8583 
8584 		if ((response.cmd_id == 1) && (response.ucode_valid == 0x1))
8585 			break;
8586 		udelay(10);
8587 	}
8588 
8589 	if (i == 30) {
8590 		printk(KERN_ERR DRV_NAME
8591 		       ": %s: No response from Symbol - hw not alive\n",
8592 		       dev->name);
8593 		printk_buf(IPW_DL_ERROR, (u8 *) & response, sizeof(response));
8594 		return -EIO;
8595 	}
8596 
8597 	return 0;
8598 }
8599