xref: /linux/drivers/net/wireless/intel/ipw2x00/ipw2100.c (revision e5c86679d5e864947a52fb31e45a425dea3e7fa9)
1 /******************************************************************************
2 
3   Copyright(c) 2003 - 2006 Intel Corporation. All rights reserved.
4 
5   This program is free software; you can redistribute it and/or modify it
6   under the terms of version 2 of the GNU General Public License as
7   published by the Free Software Foundation.
8 
9   This program is distributed in the hope that it will be useful, but WITHOUT
10   ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
11   FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License for
12   more details.
13 
14   You should have received a copy of the GNU General Public License along with
15   this program; if not, write to the Free Software Foundation, Inc., 59
16   Temple Place - Suite 330, Boston, MA  02111-1307, USA.
17 
18   The full GNU General Public License is included in this distribution in the
19   file called LICENSE.
20 
21   Contact Information:
22   Intel Linux Wireless <ilw@linux.intel.com>
23   Intel Corporation, 5200 N.E. Elam Young Parkway, Hillsboro, OR 97124-6497
24 
25   Portions of this file are based on the sample_* files provided by Wireless
26   Extensions 0.26 package and copyright (c) 1997-2003 Jean Tourrilhes
27   <jt@hpl.hp.com>
28 
29   Portions of this file are based on the Host AP project,
30   Copyright (c) 2001-2002, SSH Communications Security Corp and Jouni Malinen
31     <j@w1.fi>
32   Copyright (c) 2002-2003, Jouni Malinen <j@w1.fi>
33 
34   Portions of ipw2100_mod_firmware_load, ipw2100_do_mod_firmware_load, and
35   ipw2100_fw_load are loosely based on drivers/sound/sound_firmware.c
36   available in the 2.4.25 kernel sources, and are copyright (c) Alan Cox
37 
38 ******************************************************************************/
39 /*
40 
41  Initial driver on which this is based was developed by Janusz Gorycki,
42  Maciej Urbaniak, and Maciej Sosnowski.
43 
44  Promiscuous mode support added by Jacek Wysoczynski and Maciej Urbaniak.
45 
46 Theory of Operation
47 
48 Tx - Commands and Data
49 
50 Firmware and host share a circular queue of Transmit Buffer Descriptors (TBDs)
51 Each TBD contains a pointer to the physical (dma_addr_t) address of data being
52 sent to the firmware as well as the length of the data.
53 
54 The host writes to the TBD queue at the WRITE index.  The WRITE index points
55 to the _next_ packet to be written and is advanced when after the TBD has been
56 filled.
57 
58 The firmware pulls from the TBD queue at the READ index.  The READ index points
59 to the currently being read entry, and is advanced once the firmware is
60 done with a packet.
61 
62 When data is sent to the firmware, the first TBD is used to indicate to the
63 firmware if a Command or Data is being sent.  If it is Command, all of the
64 command information is contained within the physical address referred to by the
65 TBD.  If it is Data, the first TBD indicates the type of data packet, number
66 of fragments, etc.  The next TBD then refers to the actual packet location.
67 
68 The Tx flow cycle is as follows:
69 
70 1) ipw2100_tx() is called by kernel with SKB to transmit
71 2) Packet is move from the tx_free_list and appended to the transmit pending
72    list (tx_pend_list)
73 3) work is scheduled to move pending packets into the shared circular queue.
74 4) when placing packet in the circular queue, the incoming SKB is DMA mapped
75    to a physical address.  That address is entered into a TBD.  Two TBDs are
76    filled out.  The first indicating a data packet, the second referring to the
77    actual payload data.
78 5) the packet is removed from tx_pend_list and placed on the end of the
79    firmware pending list (fw_pend_list)
80 6) firmware is notified that the WRITE index has
81 7) Once the firmware has processed the TBD, INTA is triggered.
82 8) For each Tx interrupt received from the firmware, the READ index is checked
83    to see which TBDs are done being processed.
84 9) For each TBD that has been processed, the ISR pulls the oldest packet
85    from the fw_pend_list.
86 10)The packet structure contained in the fw_pend_list is then used
87    to unmap the DMA address and to free the SKB originally passed to the driver
88    from the kernel.
89 11)The packet structure is placed onto the tx_free_list
90 
91 The above steps are the same for commands, only the msg_free_list/msg_pend_list
92 are used instead of tx_free_list/tx_pend_list
93 
94 ...
95 
96 Critical Sections / Locking :
97 
98 There are two locks utilized.  The first is the low level lock (priv->low_lock)
99 that protects the following:
100 
101 - Access to the Tx/Rx queue lists via priv->low_lock. The lists are as follows:
102 
103   tx_free_list : Holds pre-allocated Tx buffers.
104     TAIL modified in __ipw2100_tx_process()
105     HEAD modified in ipw2100_tx()
106 
107   tx_pend_list : Holds used Tx buffers waiting to go into the TBD ring
108     TAIL modified ipw2100_tx()
109     HEAD modified by ipw2100_tx_send_data()
110 
111   msg_free_list : Holds pre-allocated Msg (Command) buffers
112     TAIL modified in __ipw2100_tx_process()
113     HEAD modified in ipw2100_hw_send_command()
114 
115   msg_pend_list : Holds used Msg buffers waiting to go into the TBD ring
116     TAIL modified in ipw2100_hw_send_command()
117     HEAD modified in ipw2100_tx_send_commands()
118 
119   The flow of data on the TX side is as follows:
120 
121   MSG_FREE_LIST + COMMAND => MSG_PEND_LIST => TBD => MSG_FREE_LIST
122   TX_FREE_LIST + DATA => TX_PEND_LIST => TBD => TX_FREE_LIST
123 
124   The methods that work on the TBD ring are protected via priv->low_lock.
125 
126 - The internal data state of the device itself
127 - Access to the firmware read/write indexes for the BD queues
128   and associated logic
129 
130 All external entry functions are locked with the priv->action_lock to ensure
131 that only one external action is invoked at a time.
132 
133 
134 */
135 
136 #include <linux/compiler.h>
137 #include <linux/errno.h>
138 #include <linux/if_arp.h>
139 #include <linux/in6.h>
140 #include <linux/in.h>
141 #include <linux/ip.h>
142 #include <linux/kernel.h>
143 #include <linux/kmod.h>
144 #include <linux/module.h>
145 #include <linux/netdevice.h>
146 #include <linux/ethtool.h>
147 #include <linux/pci.h>
148 #include <linux/dma-mapping.h>
149 #include <linux/proc_fs.h>
150 #include <linux/skbuff.h>
151 #include <linux/uaccess.h>
152 #include <asm/io.h>
153 #include <linux/fs.h>
154 #include <linux/mm.h>
155 #include <linux/slab.h>
156 #include <linux/unistd.h>
157 #include <linux/stringify.h>
158 #include <linux/tcp.h>
159 #include <linux/types.h>
160 #include <linux/time.h>
161 #include <linux/firmware.h>
162 #include <linux/acpi.h>
163 #include <linux/ctype.h>
164 #include <linux/pm_qos.h>
165 
166 #include <net/lib80211.h>
167 
168 #include "ipw2100.h"
169 #include "ipw.h"
170 
171 #define IPW2100_VERSION "git-1.2.2"
172 
173 #define DRV_NAME	"ipw2100"
174 #define DRV_VERSION	IPW2100_VERSION
175 #define DRV_DESCRIPTION	"Intel(R) PRO/Wireless 2100 Network Driver"
176 #define DRV_COPYRIGHT	"Copyright(c) 2003-2006 Intel Corporation"
177 
178 static struct pm_qos_request ipw2100_pm_qos_req;
179 
180 /* Debugging stuff */
181 #ifdef CONFIG_IPW2100_DEBUG
182 #define IPW2100_RX_DEBUG	/* Reception debugging */
183 #endif
184 
185 MODULE_DESCRIPTION(DRV_DESCRIPTION);
186 MODULE_VERSION(DRV_VERSION);
187 MODULE_AUTHOR(DRV_COPYRIGHT);
188 MODULE_LICENSE("GPL");
189 
190 static int debug = 0;
191 static int network_mode = 0;
192 static int channel = 0;
193 static int associate = 0;
194 static int disable = 0;
195 #ifdef CONFIG_PM
196 static struct ipw2100_fw ipw2100_firmware;
197 #endif
198 
199 #include <linux/moduleparam.h>
200 module_param(debug, int, 0444);
201 module_param_named(mode, network_mode, int, 0444);
202 module_param(channel, int, 0444);
203 module_param(associate, int, 0444);
204 module_param(disable, int, 0444);
205 
206 MODULE_PARM_DESC(debug, "debug level");
207 MODULE_PARM_DESC(mode, "network mode (0=BSS,1=IBSS,2=Monitor)");
208 MODULE_PARM_DESC(channel, "channel");
209 MODULE_PARM_DESC(associate, "auto associate when scanning (default off)");
210 MODULE_PARM_DESC(disable, "manually disable the radio (default 0 [radio on])");
211 
212 static u32 ipw2100_debug_level = IPW_DL_NONE;
213 
214 #ifdef CONFIG_IPW2100_DEBUG
215 #define IPW_DEBUG(level, message...) \
216 do { \
217 	if (ipw2100_debug_level & (level)) { \
218 		printk(KERN_DEBUG "ipw2100: %c %s ", \
219                        in_interrupt() ? 'I' : 'U',  __func__); \
220 		printk(message); \
221 	} \
222 } while (0)
223 #else
224 #define IPW_DEBUG(level, message...) do {} while (0)
225 #endif				/* CONFIG_IPW2100_DEBUG */
226 
227 #ifdef CONFIG_IPW2100_DEBUG
228 static const char *command_types[] = {
229 	"undefined",
230 	"unused",		/* HOST_ATTENTION */
231 	"HOST_COMPLETE",
232 	"unused",		/* SLEEP */
233 	"unused",		/* HOST_POWER_DOWN */
234 	"unused",
235 	"SYSTEM_CONFIG",
236 	"unused",		/* SET_IMR */
237 	"SSID",
238 	"MANDATORY_BSSID",
239 	"AUTHENTICATION_TYPE",
240 	"ADAPTER_ADDRESS",
241 	"PORT_TYPE",
242 	"INTERNATIONAL_MODE",
243 	"CHANNEL",
244 	"RTS_THRESHOLD",
245 	"FRAG_THRESHOLD",
246 	"POWER_MODE",
247 	"TX_RATES",
248 	"BASIC_TX_RATES",
249 	"WEP_KEY_INFO",
250 	"unused",
251 	"unused",
252 	"unused",
253 	"unused",
254 	"WEP_KEY_INDEX",
255 	"WEP_FLAGS",
256 	"ADD_MULTICAST",
257 	"CLEAR_ALL_MULTICAST",
258 	"BEACON_INTERVAL",
259 	"ATIM_WINDOW",
260 	"CLEAR_STATISTICS",
261 	"undefined",
262 	"undefined",
263 	"undefined",
264 	"undefined",
265 	"TX_POWER_INDEX",
266 	"undefined",
267 	"undefined",
268 	"undefined",
269 	"undefined",
270 	"undefined",
271 	"undefined",
272 	"BROADCAST_SCAN",
273 	"CARD_DISABLE",
274 	"PREFERRED_BSSID",
275 	"SET_SCAN_OPTIONS",
276 	"SCAN_DWELL_TIME",
277 	"SWEEP_TABLE",
278 	"AP_OR_STATION_TABLE",
279 	"GROUP_ORDINALS",
280 	"SHORT_RETRY_LIMIT",
281 	"LONG_RETRY_LIMIT",
282 	"unused",		/* SAVE_CALIBRATION */
283 	"unused",		/* RESTORE_CALIBRATION */
284 	"undefined",
285 	"undefined",
286 	"undefined",
287 	"HOST_PRE_POWER_DOWN",
288 	"unused",		/* HOST_INTERRUPT_COALESCING */
289 	"undefined",
290 	"CARD_DISABLE_PHY_OFF",
291 	"MSDU_TX_RATES",
292 	"undefined",
293 	"SET_STATION_STAT_BITS",
294 	"CLEAR_STATIONS_STAT_BITS",
295 	"LEAP_ROGUE_MODE",
296 	"SET_SECURITY_INFORMATION",
297 	"DISASSOCIATION_BSSID",
298 	"SET_WPA_ASS_IE"
299 };
300 #endif
301 
302 static const long ipw2100_frequencies[] = {
303 	2412, 2417, 2422, 2427,
304 	2432, 2437, 2442, 2447,
305 	2452, 2457, 2462, 2467,
306 	2472, 2484
307 };
308 
309 #define FREQ_COUNT	ARRAY_SIZE(ipw2100_frequencies)
310 
311 static struct ieee80211_rate ipw2100_bg_rates[] = {
312 	{ .bitrate = 10 },
313 	{ .bitrate = 20, .flags = IEEE80211_RATE_SHORT_PREAMBLE },
314 	{ .bitrate = 55, .flags = IEEE80211_RATE_SHORT_PREAMBLE },
315 	{ .bitrate = 110, .flags = IEEE80211_RATE_SHORT_PREAMBLE },
316 };
317 
318 #define RATE_COUNT ARRAY_SIZE(ipw2100_bg_rates)
319 
320 /* Pre-decl until we get the code solid and then we can clean it up */
321 static void ipw2100_tx_send_commands(struct ipw2100_priv *priv);
322 static void ipw2100_tx_send_data(struct ipw2100_priv *priv);
323 static int ipw2100_adapter_setup(struct ipw2100_priv *priv);
324 
325 static void ipw2100_queues_initialize(struct ipw2100_priv *priv);
326 static void ipw2100_queues_free(struct ipw2100_priv *priv);
327 static int ipw2100_queues_allocate(struct ipw2100_priv *priv);
328 
329 static int ipw2100_fw_download(struct ipw2100_priv *priv,
330 			       struct ipw2100_fw *fw);
331 static int ipw2100_get_firmware(struct ipw2100_priv *priv,
332 				struct ipw2100_fw *fw);
333 static int ipw2100_get_fwversion(struct ipw2100_priv *priv, char *buf,
334 				 size_t max);
335 static int ipw2100_get_ucodeversion(struct ipw2100_priv *priv, char *buf,
336 				    size_t max);
337 static void ipw2100_release_firmware(struct ipw2100_priv *priv,
338 				     struct ipw2100_fw *fw);
339 static int ipw2100_ucode_download(struct ipw2100_priv *priv,
340 				  struct ipw2100_fw *fw);
341 static void ipw2100_wx_event_work(struct work_struct *work);
342 static struct iw_statistics *ipw2100_wx_wireless_stats(struct net_device *dev);
343 static struct iw_handler_def ipw2100_wx_handler_def;
344 
345 static inline void read_register(struct net_device *dev, u32 reg, u32 * val)
346 {
347 	struct ipw2100_priv *priv = libipw_priv(dev);
348 
349 	*val = ioread32(priv->ioaddr + reg);
350 	IPW_DEBUG_IO("r: 0x%08X => 0x%08X\n", reg, *val);
351 }
352 
353 static inline void write_register(struct net_device *dev, u32 reg, u32 val)
354 {
355 	struct ipw2100_priv *priv = libipw_priv(dev);
356 
357 	iowrite32(val, priv->ioaddr + reg);
358 	IPW_DEBUG_IO("w: 0x%08X <= 0x%08X\n", reg, val);
359 }
360 
361 static inline void read_register_word(struct net_device *dev, u32 reg,
362 				      u16 * val)
363 {
364 	struct ipw2100_priv *priv = libipw_priv(dev);
365 
366 	*val = ioread16(priv->ioaddr + reg);
367 	IPW_DEBUG_IO("r: 0x%08X => %04X\n", reg, *val);
368 }
369 
370 static inline void read_register_byte(struct net_device *dev, u32 reg, u8 * val)
371 {
372 	struct ipw2100_priv *priv = libipw_priv(dev);
373 
374 	*val = ioread8(priv->ioaddr + reg);
375 	IPW_DEBUG_IO("r: 0x%08X => %02X\n", reg, *val);
376 }
377 
378 static inline void write_register_word(struct net_device *dev, u32 reg, u16 val)
379 {
380 	struct ipw2100_priv *priv = libipw_priv(dev);
381 
382 	iowrite16(val, priv->ioaddr + reg);
383 	IPW_DEBUG_IO("w: 0x%08X <= %04X\n", reg, val);
384 }
385 
386 static inline void write_register_byte(struct net_device *dev, u32 reg, u8 val)
387 {
388 	struct ipw2100_priv *priv = libipw_priv(dev);
389 
390 	iowrite8(val, priv->ioaddr + reg);
391 	IPW_DEBUG_IO("w: 0x%08X =< %02X\n", reg, val);
392 }
393 
394 static inline void read_nic_dword(struct net_device *dev, u32 addr, u32 * val)
395 {
396 	write_register(dev, IPW_REG_INDIRECT_ACCESS_ADDRESS,
397 		       addr & IPW_REG_INDIRECT_ADDR_MASK);
398 	read_register(dev, IPW_REG_INDIRECT_ACCESS_DATA, val);
399 }
400 
401 static inline void write_nic_dword(struct net_device *dev, u32 addr, u32 val)
402 {
403 	write_register(dev, IPW_REG_INDIRECT_ACCESS_ADDRESS,
404 		       addr & IPW_REG_INDIRECT_ADDR_MASK);
405 	write_register(dev, IPW_REG_INDIRECT_ACCESS_DATA, val);
406 }
407 
408 static inline void read_nic_word(struct net_device *dev, u32 addr, u16 * val)
409 {
410 	write_register(dev, IPW_REG_INDIRECT_ACCESS_ADDRESS,
411 		       addr & IPW_REG_INDIRECT_ADDR_MASK);
412 	read_register_word(dev, IPW_REG_INDIRECT_ACCESS_DATA, val);
413 }
414 
415 static inline void write_nic_word(struct net_device *dev, u32 addr, u16 val)
416 {
417 	write_register(dev, IPW_REG_INDIRECT_ACCESS_ADDRESS,
418 		       addr & IPW_REG_INDIRECT_ADDR_MASK);
419 	write_register_word(dev, IPW_REG_INDIRECT_ACCESS_DATA, val);
420 }
421 
422 static inline void read_nic_byte(struct net_device *dev, u32 addr, u8 * val)
423 {
424 	write_register(dev, IPW_REG_INDIRECT_ACCESS_ADDRESS,
425 		       addr & IPW_REG_INDIRECT_ADDR_MASK);
426 	read_register_byte(dev, IPW_REG_INDIRECT_ACCESS_DATA, val);
427 }
428 
429 static inline void write_nic_byte(struct net_device *dev, u32 addr, u8 val)
430 {
431 	write_register(dev, IPW_REG_INDIRECT_ACCESS_ADDRESS,
432 		       addr & IPW_REG_INDIRECT_ADDR_MASK);
433 	write_register_byte(dev, IPW_REG_INDIRECT_ACCESS_DATA, val);
434 }
435 
436 static inline void write_nic_auto_inc_address(struct net_device *dev, u32 addr)
437 {
438 	write_register(dev, IPW_REG_AUTOINCREMENT_ADDRESS,
439 		       addr & IPW_REG_INDIRECT_ADDR_MASK);
440 }
441 
442 static inline void write_nic_dword_auto_inc(struct net_device *dev, u32 val)
443 {
444 	write_register(dev, IPW_REG_AUTOINCREMENT_DATA, val);
445 }
446 
447 static void write_nic_memory(struct net_device *dev, u32 addr, u32 len,
448 				    const u8 * buf)
449 {
450 	u32 aligned_addr;
451 	u32 aligned_len;
452 	u32 dif_len;
453 	u32 i;
454 
455 	/* read first nibble byte by byte */
456 	aligned_addr = addr & (~0x3);
457 	dif_len = addr - aligned_addr;
458 	if (dif_len) {
459 		/* Start reading at aligned_addr + dif_len */
460 		write_register(dev, IPW_REG_INDIRECT_ACCESS_ADDRESS,
461 			       aligned_addr);
462 		for (i = dif_len; i < 4; i++, buf++)
463 			write_register_byte(dev,
464 					    IPW_REG_INDIRECT_ACCESS_DATA + i,
465 					    *buf);
466 
467 		len -= dif_len;
468 		aligned_addr += 4;
469 	}
470 
471 	/* read DWs through autoincrement registers */
472 	write_register(dev, IPW_REG_AUTOINCREMENT_ADDRESS, aligned_addr);
473 	aligned_len = len & (~0x3);
474 	for (i = 0; i < aligned_len; i += 4, buf += 4, aligned_addr += 4)
475 		write_register(dev, IPW_REG_AUTOINCREMENT_DATA, *(u32 *) buf);
476 
477 	/* copy the last nibble */
478 	dif_len = len - aligned_len;
479 	write_register(dev, IPW_REG_INDIRECT_ACCESS_ADDRESS, aligned_addr);
480 	for (i = 0; i < dif_len; i++, buf++)
481 		write_register_byte(dev, IPW_REG_INDIRECT_ACCESS_DATA + i,
482 				    *buf);
483 }
484 
485 static void read_nic_memory(struct net_device *dev, u32 addr, u32 len,
486 				   u8 * buf)
487 {
488 	u32 aligned_addr;
489 	u32 aligned_len;
490 	u32 dif_len;
491 	u32 i;
492 
493 	/* read first nibble byte by byte */
494 	aligned_addr = addr & (~0x3);
495 	dif_len = addr - aligned_addr;
496 	if (dif_len) {
497 		/* Start reading at aligned_addr + dif_len */
498 		write_register(dev, IPW_REG_INDIRECT_ACCESS_ADDRESS,
499 			       aligned_addr);
500 		for (i = dif_len; i < 4; i++, buf++)
501 			read_register_byte(dev,
502 					   IPW_REG_INDIRECT_ACCESS_DATA + i,
503 					   buf);
504 
505 		len -= dif_len;
506 		aligned_addr += 4;
507 	}
508 
509 	/* read DWs through autoincrement registers */
510 	write_register(dev, IPW_REG_AUTOINCREMENT_ADDRESS, aligned_addr);
511 	aligned_len = len & (~0x3);
512 	for (i = 0; i < aligned_len; i += 4, buf += 4, aligned_addr += 4)
513 		read_register(dev, IPW_REG_AUTOINCREMENT_DATA, (u32 *) buf);
514 
515 	/* copy the last nibble */
516 	dif_len = len - aligned_len;
517 	write_register(dev, IPW_REG_INDIRECT_ACCESS_ADDRESS, aligned_addr);
518 	for (i = 0; i < dif_len; i++, buf++)
519 		read_register_byte(dev, IPW_REG_INDIRECT_ACCESS_DATA + i, buf);
520 }
521 
522 static bool ipw2100_hw_is_adapter_in_system(struct net_device *dev)
523 {
524 	u32 dbg;
525 
526 	read_register(dev, IPW_REG_DOA_DEBUG_AREA_START, &dbg);
527 
528 	return dbg == IPW_DATA_DOA_DEBUG_VALUE;
529 }
530 
531 static int ipw2100_get_ordinal(struct ipw2100_priv *priv, u32 ord,
532 			       void *val, u32 * len)
533 {
534 	struct ipw2100_ordinals *ordinals = &priv->ordinals;
535 	u32 addr;
536 	u32 field_info;
537 	u16 field_len;
538 	u16 field_count;
539 	u32 total_length;
540 
541 	if (ordinals->table1_addr == 0) {
542 		printk(KERN_WARNING DRV_NAME ": attempt to use fw ordinals "
543 		       "before they have been loaded.\n");
544 		return -EINVAL;
545 	}
546 
547 	if (IS_ORDINAL_TABLE_ONE(ordinals, ord)) {
548 		if (*len < IPW_ORD_TAB_1_ENTRY_SIZE) {
549 			*len = IPW_ORD_TAB_1_ENTRY_SIZE;
550 
551 			printk(KERN_WARNING DRV_NAME
552 			       ": ordinal buffer length too small, need %zd\n",
553 			       IPW_ORD_TAB_1_ENTRY_SIZE);
554 
555 			return -EINVAL;
556 		}
557 
558 		read_nic_dword(priv->net_dev,
559 			       ordinals->table1_addr + (ord << 2), &addr);
560 		read_nic_dword(priv->net_dev, addr, val);
561 
562 		*len = IPW_ORD_TAB_1_ENTRY_SIZE;
563 
564 		return 0;
565 	}
566 
567 	if (IS_ORDINAL_TABLE_TWO(ordinals, ord)) {
568 
569 		ord -= IPW_START_ORD_TAB_2;
570 
571 		/* get the address of statistic */
572 		read_nic_dword(priv->net_dev,
573 			       ordinals->table2_addr + (ord << 3), &addr);
574 
575 		/* get the second DW of statistics ;
576 		 * two 16-bit words - first is length, second is count */
577 		read_nic_dword(priv->net_dev,
578 			       ordinals->table2_addr + (ord << 3) + sizeof(u32),
579 			       &field_info);
580 
581 		/* get each entry length */
582 		field_len = *((u16 *) & field_info);
583 
584 		/* get number of entries */
585 		field_count = *(((u16 *) & field_info) + 1);
586 
587 		/* abort if no enough memory */
588 		total_length = field_len * field_count;
589 		if (total_length > *len) {
590 			*len = total_length;
591 			return -EINVAL;
592 		}
593 
594 		*len = total_length;
595 		if (!total_length)
596 			return 0;
597 
598 		/* read the ordinal data from the SRAM */
599 		read_nic_memory(priv->net_dev, addr, total_length, val);
600 
601 		return 0;
602 	}
603 
604 	printk(KERN_WARNING DRV_NAME ": ordinal %d neither in table 1 nor "
605 	       "in table 2\n", ord);
606 
607 	return -EINVAL;
608 }
609 
610 static int ipw2100_set_ordinal(struct ipw2100_priv *priv, u32 ord, u32 * val,
611 			       u32 * len)
612 {
613 	struct ipw2100_ordinals *ordinals = &priv->ordinals;
614 	u32 addr;
615 
616 	if (IS_ORDINAL_TABLE_ONE(ordinals, ord)) {
617 		if (*len != IPW_ORD_TAB_1_ENTRY_SIZE) {
618 			*len = IPW_ORD_TAB_1_ENTRY_SIZE;
619 			IPW_DEBUG_INFO("wrong size\n");
620 			return -EINVAL;
621 		}
622 
623 		read_nic_dword(priv->net_dev,
624 			       ordinals->table1_addr + (ord << 2), &addr);
625 
626 		write_nic_dword(priv->net_dev, addr, *val);
627 
628 		*len = IPW_ORD_TAB_1_ENTRY_SIZE;
629 
630 		return 0;
631 	}
632 
633 	IPW_DEBUG_INFO("wrong table\n");
634 	if (IS_ORDINAL_TABLE_TWO(ordinals, ord))
635 		return -EINVAL;
636 
637 	return -EINVAL;
638 }
639 
640 static char *snprint_line(char *buf, size_t count,
641 			  const u8 * data, u32 len, u32 ofs)
642 {
643 	int out, i, j, l;
644 	char c;
645 
646 	out = snprintf(buf, count, "%08X", ofs);
647 
648 	for (l = 0, i = 0; i < 2; i++) {
649 		out += snprintf(buf + out, count - out, " ");
650 		for (j = 0; j < 8 && l < len; j++, l++)
651 			out += snprintf(buf + out, count - out, "%02X ",
652 					data[(i * 8 + j)]);
653 		for (; j < 8; j++)
654 			out += snprintf(buf + out, count - out, "   ");
655 	}
656 
657 	out += snprintf(buf + out, count - out, " ");
658 	for (l = 0, i = 0; i < 2; i++) {
659 		out += snprintf(buf + out, count - out, " ");
660 		for (j = 0; j < 8 && l < len; j++, l++) {
661 			c = data[(i * 8 + j)];
662 			if (!isascii(c) || !isprint(c))
663 				c = '.';
664 
665 			out += snprintf(buf + out, count - out, "%c", c);
666 		}
667 
668 		for (; j < 8; j++)
669 			out += snprintf(buf + out, count - out, " ");
670 	}
671 
672 	return buf;
673 }
674 
675 static void printk_buf(int level, const u8 * data, u32 len)
676 {
677 	char line[81];
678 	u32 ofs = 0;
679 	if (!(ipw2100_debug_level & level))
680 		return;
681 
682 	while (len) {
683 		printk(KERN_DEBUG "%s\n",
684 		       snprint_line(line, sizeof(line), &data[ofs],
685 				    min(len, 16U), ofs));
686 		ofs += 16;
687 		len -= min(len, 16U);
688 	}
689 }
690 
691 #define MAX_RESET_BACKOFF 10
692 
693 static void schedule_reset(struct ipw2100_priv *priv)
694 {
695 	unsigned long now = get_seconds();
696 
697 	/* If we haven't received a reset request within the backoff period,
698 	 * then we can reset the backoff interval so this reset occurs
699 	 * immediately */
700 	if (priv->reset_backoff &&
701 	    (now - priv->last_reset > priv->reset_backoff))
702 		priv->reset_backoff = 0;
703 
704 	priv->last_reset = get_seconds();
705 
706 	if (!(priv->status & STATUS_RESET_PENDING)) {
707 		IPW_DEBUG_INFO("%s: Scheduling firmware restart (%ds).\n",
708 			       priv->net_dev->name, priv->reset_backoff);
709 		netif_carrier_off(priv->net_dev);
710 		netif_stop_queue(priv->net_dev);
711 		priv->status |= STATUS_RESET_PENDING;
712 		if (priv->reset_backoff)
713 			schedule_delayed_work(&priv->reset_work,
714 					      priv->reset_backoff * HZ);
715 		else
716 			schedule_delayed_work(&priv->reset_work, 0);
717 
718 		if (priv->reset_backoff < MAX_RESET_BACKOFF)
719 			priv->reset_backoff++;
720 
721 		wake_up_interruptible(&priv->wait_command_queue);
722 	} else
723 		IPW_DEBUG_INFO("%s: Firmware restart already in progress.\n",
724 			       priv->net_dev->name);
725 
726 }
727 
728 #define HOST_COMPLETE_TIMEOUT (2 * HZ)
729 static int ipw2100_hw_send_command(struct ipw2100_priv *priv,
730 				   struct host_command *cmd)
731 {
732 	struct list_head *element;
733 	struct ipw2100_tx_packet *packet;
734 	unsigned long flags;
735 	int err = 0;
736 
737 	IPW_DEBUG_HC("Sending %s command (#%d), %d bytes\n",
738 		     command_types[cmd->host_command], cmd->host_command,
739 		     cmd->host_command_length);
740 	printk_buf(IPW_DL_HC, (u8 *) cmd->host_command_parameters,
741 		   cmd->host_command_length);
742 
743 	spin_lock_irqsave(&priv->low_lock, flags);
744 
745 	if (priv->fatal_error) {
746 		IPW_DEBUG_INFO
747 		    ("Attempt to send command while hardware in fatal error condition.\n");
748 		err = -EIO;
749 		goto fail_unlock;
750 	}
751 
752 	if (!(priv->status & STATUS_RUNNING)) {
753 		IPW_DEBUG_INFO
754 		    ("Attempt to send command while hardware is not running.\n");
755 		err = -EIO;
756 		goto fail_unlock;
757 	}
758 
759 	if (priv->status & STATUS_CMD_ACTIVE) {
760 		IPW_DEBUG_INFO
761 		    ("Attempt to send command while another command is pending.\n");
762 		err = -EBUSY;
763 		goto fail_unlock;
764 	}
765 
766 	if (list_empty(&priv->msg_free_list)) {
767 		IPW_DEBUG_INFO("no available msg buffers\n");
768 		goto fail_unlock;
769 	}
770 
771 	priv->status |= STATUS_CMD_ACTIVE;
772 	priv->messages_sent++;
773 
774 	element = priv->msg_free_list.next;
775 
776 	packet = list_entry(element, struct ipw2100_tx_packet, list);
777 	packet->jiffy_start = jiffies;
778 
779 	/* initialize the firmware command packet */
780 	packet->info.c_struct.cmd->host_command_reg = cmd->host_command;
781 	packet->info.c_struct.cmd->host_command_reg1 = cmd->host_command1;
782 	packet->info.c_struct.cmd->host_command_len_reg =
783 	    cmd->host_command_length;
784 	packet->info.c_struct.cmd->sequence = cmd->host_command_sequence;
785 
786 	memcpy(packet->info.c_struct.cmd->host_command_params_reg,
787 	       cmd->host_command_parameters,
788 	       sizeof(packet->info.c_struct.cmd->host_command_params_reg));
789 
790 	list_del(element);
791 	DEC_STAT(&priv->msg_free_stat);
792 
793 	list_add_tail(element, &priv->msg_pend_list);
794 	INC_STAT(&priv->msg_pend_stat);
795 
796 	ipw2100_tx_send_commands(priv);
797 	ipw2100_tx_send_data(priv);
798 
799 	spin_unlock_irqrestore(&priv->low_lock, flags);
800 
801 	/*
802 	 * We must wait for this command to complete before another
803 	 * command can be sent...  but if we wait more than 3 seconds
804 	 * then there is a problem.
805 	 */
806 
807 	err =
808 	    wait_event_interruptible_timeout(priv->wait_command_queue,
809 					     !(priv->
810 					       status & STATUS_CMD_ACTIVE),
811 					     HOST_COMPLETE_TIMEOUT);
812 
813 	if (err == 0) {
814 		IPW_DEBUG_INFO("Command completion failed out after %dms.\n",
815 			       1000 * (HOST_COMPLETE_TIMEOUT / HZ));
816 		priv->fatal_error = IPW2100_ERR_MSG_TIMEOUT;
817 		priv->status &= ~STATUS_CMD_ACTIVE;
818 		schedule_reset(priv);
819 		return -EIO;
820 	}
821 
822 	if (priv->fatal_error) {
823 		printk(KERN_WARNING DRV_NAME ": %s: firmware fatal error\n",
824 		       priv->net_dev->name);
825 		return -EIO;
826 	}
827 
828 	/* !!!!! HACK TEST !!!!!
829 	 * When lots of debug trace statements are enabled, the driver
830 	 * doesn't seem to have as many firmware restart cycles...
831 	 *
832 	 * As a test, we're sticking in a 1/100s delay here */
833 	schedule_timeout_uninterruptible(msecs_to_jiffies(10));
834 
835 	return 0;
836 
837       fail_unlock:
838 	spin_unlock_irqrestore(&priv->low_lock, flags);
839 
840 	return err;
841 }
842 
843 /*
844  * Verify the values and data access of the hardware
845  * No locks needed or used.  No functions called.
846  */
847 static int ipw2100_verify(struct ipw2100_priv *priv)
848 {
849 	u32 data1, data2;
850 	u32 address;
851 
852 	u32 val1 = 0x76543210;
853 	u32 val2 = 0xFEDCBA98;
854 
855 	/* Domain 0 check - all values should be DOA_DEBUG */
856 	for (address = IPW_REG_DOA_DEBUG_AREA_START;
857 	     address < IPW_REG_DOA_DEBUG_AREA_END; address += sizeof(u32)) {
858 		read_register(priv->net_dev, address, &data1);
859 		if (data1 != IPW_DATA_DOA_DEBUG_VALUE)
860 			return -EIO;
861 	}
862 
863 	/* Domain 1 check - use arbitrary read/write compare  */
864 	for (address = 0; address < 5; address++) {
865 		/* The memory area is not used now */
866 		write_register(priv->net_dev, IPW_REG_DOMAIN_1_OFFSET + 0x32,
867 			       val1);
868 		write_register(priv->net_dev, IPW_REG_DOMAIN_1_OFFSET + 0x36,
869 			       val2);
870 		read_register(priv->net_dev, IPW_REG_DOMAIN_1_OFFSET + 0x32,
871 			      &data1);
872 		read_register(priv->net_dev, IPW_REG_DOMAIN_1_OFFSET + 0x36,
873 			      &data2);
874 		if (val1 == data1 && val2 == data2)
875 			return 0;
876 	}
877 
878 	return -EIO;
879 }
880 
881 /*
882  *
883  * Loop until the CARD_DISABLED bit is the same value as the
884  * supplied parameter
885  *
886  * TODO: See if it would be more efficient to do a wait/wake
887  *       cycle and have the completion event trigger the wakeup
888  *
889  */
890 #define IPW_CARD_DISABLE_COMPLETE_WAIT		    100	// 100 milli
891 static int ipw2100_wait_for_card_state(struct ipw2100_priv *priv, int state)
892 {
893 	int i;
894 	u32 card_state;
895 	u32 len = sizeof(card_state);
896 	int err;
897 
898 	for (i = 0; i <= IPW_CARD_DISABLE_COMPLETE_WAIT * 1000; i += 50) {
899 		err = ipw2100_get_ordinal(priv, IPW_ORD_CARD_DISABLED,
900 					  &card_state, &len);
901 		if (err) {
902 			IPW_DEBUG_INFO("Query of CARD_DISABLED ordinal "
903 				       "failed.\n");
904 			return 0;
905 		}
906 
907 		/* We'll break out if either the HW state says it is
908 		 * in the state we want, or if HOST_COMPLETE command
909 		 * finishes */
910 		if ((card_state == state) ||
911 		    ((priv->status & STATUS_ENABLED) ?
912 		     IPW_HW_STATE_ENABLED : IPW_HW_STATE_DISABLED) == state) {
913 			if (state == IPW_HW_STATE_ENABLED)
914 				priv->status |= STATUS_ENABLED;
915 			else
916 				priv->status &= ~STATUS_ENABLED;
917 
918 			return 0;
919 		}
920 
921 		udelay(50);
922 	}
923 
924 	IPW_DEBUG_INFO("ipw2100_wait_for_card_state to %s state timed out\n",
925 		       state ? "DISABLED" : "ENABLED");
926 	return -EIO;
927 }
928 
929 /*********************************************************************
930     Procedure   :   sw_reset_and_clock
931     Purpose     :   Asserts s/w reset, asserts clock initialization
932                     and waits for clock stabilization
933  ********************************************************************/
934 static int sw_reset_and_clock(struct ipw2100_priv *priv)
935 {
936 	int i;
937 	u32 r;
938 
939 	// assert s/w reset
940 	write_register(priv->net_dev, IPW_REG_RESET_REG,
941 		       IPW_AUX_HOST_RESET_REG_SW_RESET);
942 
943 	// wait for clock stabilization
944 	for (i = 0; i < 1000; i++) {
945 		udelay(IPW_WAIT_RESET_ARC_COMPLETE_DELAY);
946 
947 		// check clock ready bit
948 		read_register(priv->net_dev, IPW_REG_RESET_REG, &r);
949 		if (r & IPW_AUX_HOST_RESET_REG_PRINCETON_RESET)
950 			break;
951 	}
952 
953 	if (i == 1000)
954 		return -EIO;	// TODO: better error value
955 
956 	/* set "initialization complete" bit to move adapter to
957 	 * D0 state */
958 	write_register(priv->net_dev, IPW_REG_GP_CNTRL,
959 		       IPW_AUX_HOST_GP_CNTRL_BIT_INIT_DONE);
960 
961 	/* wait for clock stabilization */
962 	for (i = 0; i < 10000; i++) {
963 		udelay(IPW_WAIT_CLOCK_STABILIZATION_DELAY * 4);
964 
965 		/* check clock ready bit */
966 		read_register(priv->net_dev, IPW_REG_GP_CNTRL, &r);
967 		if (r & IPW_AUX_HOST_GP_CNTRL_BIT_CLOCK_READY)
968 			break;
969 	}
970 
971 	if (i == 10000)
972 		return -EIO;	/* TODO: better error value */
973 
974 	/* set D0 standby bit */
975 	read_register(priv->net_dev, IPW_REG_GP_CNTRL, &r);
976 	write_register(priv->net_dev, IPW_REG_GP_CNTRL,
977 		       r | IPW_AUX_HOST_GP_CNTRL_BIT_HOST_ALLOWS_STANDBY);
978 
979 	return 0;
980 }
981 
982 /*********************************************************************
983     Procedure   :   ipw2100_download_firmware
984     Purpose     :   Initiaze adapter after power on.
985                     The sequence is:
986                     1. assert s/w reset first!
987                     2. awake clocks & wait for clock stabilization
988                     3. hold ARC (don't ask me why...)
989                     4. load Dino ucode and reset/clock init again
990                     5. zero-out shared mem
991                     6. download f/w
992  *******************************************************************/
993 static int ipw2100_download_firmware(struct ipw2100_priv *priv)
994 {
995 	u32 address;
996 	int err;
997 
998 #ifndef CONFIG_PM
999 	/* Fetch the firmware and microcode */
1000 	struct ipw2100_fw ipw2100_firmware;
1001 #endif
1002 
1003 	if (priv->fatal_error) {
1004 		IPW_DEBUG_ERROR("%s: ipw2100_download_firmware called after "
1005 				"fatal error %d.  Interface must be brought down.\n",
1006 				priv->net_dev->name, priv->fatal_error);
1007 		return -EINVAL;
1008 	}
1009 #ifdef CONFIG_PM
1010 	if (!ipw2100_firmware.version) {
1011 		err = ipw2100_get_firmware(priv, &ipw2100_firmware);
1012 		if (err) {
1013 			IPW_DEBUG_ERROR("%s: ipw2100_get_firmware failed: %d\n",
1014 					priv->net_dev->name, err);
1015 			priv->fatal_error = IPW2100_ERR_FW_LOAD;
1016 			goto fail;
1017 		}
1018 	}
1019 #else
1020 	err = ipw2100_get_firmware(priv, &ipw2100_firmware);
1021 	if (err) {
1022 		IPW_DEBUG_ERROR("%s: ipw2100_get_firmware failed: %d\n",
1023 				priv->net_dev->name, err);
1024 		priv->fatal_error = IPW2100_ERR_FW_LOAD;
1025 		goto fail;
1026 	}
1027 #endif
1028 	priv->firmware_version = ipw2100_firmware.version;
1029 
1030 	/* s/w reset and clock stabilization */
1031 	err = sw_reset_and_clock(priv);
1032 	if (err) {
1033 		IPW_DEBUG_ERROR("%s: sw_reset_and_clock failed: %d\n",
1034 				priv->net_dev->name, err);
1035 		goto fail;
1036 	}
1037 
1038 	err = ipw2100_verify(priv);
1039 	if (err) {
1040 		IPW_DEBUG_ERROR("%s: ipw2100_verify failed: %d\n",
1041 				priv->net_dev->name, err);
1042 		goto fail;
1043 	}
1044 
1045 	/* Hold ARC */
1046 	write_nic_dword(priv->net_dev,
1047 			IPW_INTERNAL_REGISTER_HALT_AND_RESET, 0x80000000);
1048 
1049 	/* allow ARC to run */
1050 	write_register(priv->net_dev, IPW_REG_RESET_REG, 0);
1051 
1052 	/* load microcode */
1053 	err = ipw2100_ucode_download(priv, &ipw2100_firmware);
1054 	if (err) {
1055 		printk(KERN_ERR DRV_NAME ": %s: Error loading microcode: %d\n",
1056 		       priv->net_dev->name, err);
1057 		goto fail;
1058 	}
1059 
1060 	/* release ARC */
1061 	write_nic_dword(priv->net_dev,
1062 			IPW_INTERNAL_REGISTER_HALT_AND_RESET, 0x00000000);
1063 
1064 	/* s/w reset and clock stabilization (again!!!) */
1065 	err = sw_reset_and_clock(priv);
1066 	if (err) {
1067 		printk(KERN_ERR DRV_NAME
1068 		       ": %s: sw_reset_and_clock failed: %d\n",
1069 		       priv->net_dev->name, err);
1070 		goto fail;
1071 	}
1072 
1073 	/* load f/w */
1074 	err = ipw2100_fw_download(priv, &ipw2100_firmware);
1075 	if (err) {
1076 		IPW_DEBUG_ERROR("%s: Error loading firmware: %d\n",
1077 				priv->net_dev->name, err);
1078 		goto fail;
1079 	}
1080 #ifndef CONFIG_PM
1081 	/*
1082 	 * When the .resume method of the driver is called, the other
1083 	 * part of the system, i.e. the ide driver could still stay in
1084 	 * the suspend stage. This prevents us from loading the firmware
1085 	 * from the disk.  --YZ
1086 	 */
1087 
1088 	/* free any storage allocated for firmware image */
1089 	ipw2100_release_firmware(priv, &ipw2100_firmware);
1090 #endif
1091 
1092 	/* zero out Domain 1 area indirectly (Si requirement) */
1093 	for (address = IPW_HOST_FW_SHARED_AREA0;
1094 	     address < IPW_HOST_FW_SHARED_AREA0_END; address += 4)
1095 		write_nic_dword(priv->net_dev, address, 0);
1096 	for (address = IPW_HOST_FW_SHARED_AREA1;
1097 	     address < IPW_HOST_FW_SHARED_AREA1_END; address += 4)
1098 		write_nic_dword(priv->net_dev, address, 0);
1099 	for (address = IPW_HOST_FW_SHARED_AREA2;
1100 	     address < IPW_HOST_FW_SHARED_AREA2_END; address += 4)
1101 		write_nic_dword(priv->net_dev, address, 0);
1102 	for (address = IPW_HOST_FW_SHARED_AREA3;
1103 	     address < IPW_HOST_FW_SHARED_AREA3_END; address += 4)
1104 		write_nic_dword(priv->net_dev, address, 0);
1105 	for (address = IPW_HOST_FW_INTERRUPT_AREA;
1106 	     address < IPW_HOST_FW_INTERRUPT_AREA_END; address += 4)
1107 		write_nic_dword(priv->net_dev, address, 0);
1108 
1109 	return 0;
1110 
1111       fail:
1112 	ipw2100_release_firmware(priv, &ipw2100_firmware);
1113 	return err;
1114 }
1115 
1116 static inline void ipw2100_enable_interrupts(struct ipw2100_priv *priv)
1117 {
1118 	if (priv->status & STATUS_INT_ENABLED)
1119 		return;
1120 	priv->status |= STATUS_INT_ENABLED;
1121 	write_register(priv->net_dev, IPW_REG_INTA_MASK, IPW_INTERRUPT_MASK);
1122 }
1123 
1124 static inline void ipw2100_disable_interrupts(struct ipw2100_priv *priv)
1125 {
1126 	if (!(priv->status & STATUS_INT_ENABLED))
1127 		return;
1128 	priv->status &= ~STATUS_INT_ENABLED;
1129 	write_register(priv->net_dev, IPW_REG_INTA_MASK, 0x0);
1130 }
1131 
1132 static void ipw2100_initialize_ordinals(struct ipw2100_priv *priv)
1133 {
1134 	struct ipw2100_ordinals *ord = &priv->ordinals;
1135 
1136 	IPW_DEBUG_INFO("enter\n");
1137 
1138 	read_register(priv->net_dev, IPW_MEM_HOST_SHARED_ORDINALS_TABLE_1,
1139 		      &ord->table1_addr);
1140 
1141 	read_register(priv->net_dev, IPW_MEM_HOST_SHARED_ORDINALS_TABLE_2,
1142 		      &ord->table2_addr);
1143 
1144 	read_nic_dword(priv->net_dev, ord->table1_addr, &ord->table1_size);
1145 	read_nic_dword(priv->net_dev, ord->table2_addr, &ord->table2_size);
1146 
1147 	ord->table2_size &= 0x0000FFFF;
1148 
1149 	IPW_DEBUG_INFO("table 1 size: %d\n", ord->table1_size);
1150 	IPW_DEBUG_INFO("table 2 size: %d\n", ord->table2_size);
1151 	IPW_DEBUG_INFO("exit\n");
1152 }
1153 
1154 static inline void ipw2100_hw_set_gpio(struct ipw2100_priv *priv)
1155 {
1156 	u32 reg = 0;
1157 	/*
1158 	 * Set GPIO 3 writable by FW; GPIO 1 writable
1159 	 * by driver and enable clock
1160 	 */
1161 	reg = (IPW_BIT_GPIO_GPIO3_MASK | IPW_BIT_GPIO_GPIO1_ENABLE |
1162 	       IPW_BIT_GPIO_LED_OFF);
1163 	write_register(priv->net_dev, IPW_REG_GPIO, reg);
1164 }
1165 
1166 static int rf_kill_active(struct ipw2100_priv *priv)
1167 {
1168 #define MAX_RF_KILL_CHECKS 5
1169 #define RF_KILL_CHECK_DELAY 40
1170 
1171 	unsigned short value = 0;
1172 	u32 reg = 0;
1173 	int i;
1174 
1175 	if (!(priv->hw_features & HW_FEATURE_RFKILL)) {
1176 		wiphy_rfkill_set_hw_state(priv->ieee->wdev.wiphy, false);
1177 		priv->status &= ~STATUS_RF_KILL_HW;
1178 		return 0;
1179 	}
1180 
1181 	for (i = 0; i < MAX_RF_KILL_CHECKS; i++) {
1182 		udelay(RF_KILL_CHECK_DELAY);
1183 		read_register(priv->net_dev, IPW_REG_GPIO, &reg);
1184 		value = (value << 1) | ((reg & IPW_BIT_GPIO_RF_KILL) ? 0 : 1);
1185 	}
1186 
1187 	if (value == 0) {
1188 		wiphy_rfkill_set_hw_state(priv->ieee->wdev.wiphy, true);
1189 		priv->status |= STATUS_RF_KILL_HW;
1190 	} else {
1191 		wiphy_rfkill_set_hw_state(priv->ieee->wdev.wiphy, false);
1192 		priv->status &= ~STATUS_RF_KILL_HW;
1193 	}
1194 
1195 	return (value == 0);
1196 }
1197 
1198 static int ipw2100_get_hw_features(struct ipw2100_priv *priv)
1199 {
1200 	u32 addr, len;
1201 	u32 val;
1202 
1203 	/*
1204 	 * EEPROM_SRAM_DB_START_ADDRESS using ordinal in ordinal table 1
1205 	 */
1206 	len = sizeof(addr);
1207 	if (ipw2100_get_ordinal
1208 	    (priv, IPW_ORD_EEPROM_SRAM_DB_BLOCK_START_ADDRESS, &addr, &len)) {
1209 		IPW_DEBUG_INFO("failed querying ordinals at line %d\n",
1210 			       __LINE__);
1211 		return -EIO;
1212 	}
1213 
1214 	IPW_DEBUG_INFO("EEPROM address: %08X\n", addr);
1215 
1216 	/*
1217 	 * EEPROM version is the byte at offset 0xfd in firmware
1218 	 * We read 4 bytes, then shift out the byte we actually want */
1219 	read_nic_dword(priv->net_dev, addr + 0xFC, &val);
1220 	priv->eeprom_version = (val >> 24) & 0xFF;
1221 	IPW_DEBUG_INFO("EEPROM version: %d\n", priv->eeprom_version);
1222 
1223 	/*
1224 	 *  HW RF Kill enable is bit 0 in byte at offset 0x21 in firmware
1225 	 *
1226 	 *  notice that the EEPROM bit is reverse polarity, i.e.
1227 	 *     bit = 0  signifies HW RF kill switch is supported
1228 	 *     bit = 1  signifies HW RF kill switch is NOT supported
1229 	 */
1230 	read_nic_dword(priv->net_dev, addr + 0x20, &val);
1231 	if (!((val >> 24) & 0x01))
1232 		priv->hw_features |= HW_FEATURE_RFKILL;
1233 
1234 	IPW_DEBUG_INFO("HW RF Kill: %ssupported.\n",
1235 		       (priv->hw_features & HW_FEATURE_RFKILL) ? "" : "not ");
1236 
1237 	return 0;
1238 }
1239 
1240 /*
1241  * Start firmware execution after power on and initialization
1242  * The sequence is:
1243  *  1. Release ARC
1244  *  2. Wait for f/w initialization completes;
1245  */
1246 static int ipw2100_start_adapter(struct ipw2100_priv *priv)
1247 {
1248 	int i;
1249 	u32 inta, inta_mask, gpio;
1250 
1251 	IPW_DEBUG_INFO("enter\n");
1252 
1253 	if (priv->status & STATUS_RUNNING)
1254 		return 0;
1255 
1256 	/*
1257 	 * Initialize the hw - drive adapter to DO state by setting
1258 	 * init_done bit. Wait for clk_ready bit and Download
1259 	 * fw & dino ucode
1260 	 */
1261 	if (ipw2100_download_firmware(priv)) {
1262 		printk(KERN_ERR DRV_NAME
1263 		       ": %s: Failed to power on the adapter.\n",
1264 		       priv->net_dev->name);
1265 		return -EIO;
1266 	}
1267 
1268 	/* Clear the Tx, Rx and Msg queues and the r/w indexes
1269 	 * in the firmware RBD and TBD ring queue */
1270 	ipw2100_queues_initialize(priv);
1271 
1272 	ipw2100_hw_set_gpio(priv);
1273 
1274 	/* TODO -- Look at disabling interrupts here to make sure none
1275 	 * get fired during FW initialization */
1276 
1277 	/* Release ARC - clear reset bit */
1278 	write_register(priv->net_dev, IPW_REG_RESET_REG, 0);
1279 
1280 	/* wait for f/w initialization complete */
1281 	IPW_DEBUG_FW("Waiting for f/w initialization to complete...\n");
1282 	i = 5000;
1283 	do {
1284 		schedule_timeout_uninterruptible(msecs_to_jiffies(40));
1285 		/* Todo... wait for sync command ... */
1286 
1287 		read_register(priv->net_dev, IPW_REG_INTA, &inta);
1288 
1289 		/* check "init done" bit */
1290 		if (inta & IPW2100_INTA_FW_INIT_DONE) {
1291 			/* reset "init done" bit */
1292 			write_register(priv->net_dev, IPW_REG_INTA,
1293 				       IPW2100_INTA_FW_INIT_DONE);
1294 			break;
1295 		}
1296 
1297 		/* check error conditions : we check these after the firmware
1298 		 * check so that if there is an error, the interrupt handler
1299 		 * will see it and the adapter will be reset */
1300 		if (inta &
1301 		    (IPW2100_INTA_FATAL_ERROR | IPW2100_INTA_PARITY_ERROR)) {
1302 			/* clear error conditions */
1303 			write_register(priv->net_dev, IPW_REG_INTA,
1304 				       IPW2100_INTA_FATAL_ERROR |
1305 				       IPW2100_INTA_PARITY_ERROR);
1306 		}
1307 	} while (--i);
1308 
1309 	/* Clear out any pending INTAs since we aren't supposed to have
1310 	 * interrupts enabled at this point... */
1311 	read_register(priv->net_dev, IPW_REG_INTA, &inta);
1312 	read_register(priv->net_dev, IPW_REG_INTA_MASK, &inta_mask);
1313 	inta &= IPW_INTERRUPT_MASK;
1314 	/* Clear out any pending interrupts */
1315 	if (inta & inta_mask)
1316 		write_register(priv->net_dev, IPW_REG_INTA, inta);
1317 
1318 	IPW_DEBUG_FW("f/w initialization complete: %s\n",
1319 		     i ? "SUCCESS" : "FAILED");
1320 
1321 	if (!i) {
1322 		printk(KERN_WARNING DRV_NAME
1323 		       ": %s: Firmware did not initialize.\n",
1324 		       priv->net_dev->name);
1325 		return -EIO;
1326 	}
1327 
1328 	/* allow firmware to write to GPIO1 & GPIO3 */
1329 	read_register(priv->net_dev, IPW_REG_GPIO, &gpio);
1330 
1331 	gpio |= (IPW_BIT_GPIO_GPIO1_MASK | IPW_BIT_GPIO_GPIO3_MASK);
1332 
1333 	write_register(priv->net_dev, IPW_REG_GPIO, gpio);
1334 
1335 	/* Ready to receive commands */
1336 	priv->status |= STATUS_RUNNING;
1337 
1338 	/* The adapter has been reset; we are not associated */
1339 	priv->status &= ~(STATUS_ASSOCIATING | STATUS_ASSOCIATED);
1340 
1341 	IPW_DEBUG_INFO("exit\n");
1342 
1343 	return 0;
1344 }
1345 
1346 static inline void ipw2100_reset_fatalerror(struct ipw2100_priv *priv)
1347 {
1348 	if (!priv->fatal_error)
1349 		return;
1350 
1351 	priv->fatal_errors[priv->fatal_index++] = priv->fatal_error;
1352 	priv->fatal_index %= IPW2100_ERROR_QUEUE;
1353 	priv->fatal_error = 0;
1354 }
1355 
1356 /* NOTE: Our interrupt is disabled when this method is called */
1357 static int ipw2100_power_cycle_adapter(struct ipw2100_priv *priv)
1358 {
1359 	u32 reg;
1360 	int i;
1361 
1362 	IPW_DEBUG_INFO("Power cycling the hardware.\n");
1363 
1364 	ipw2100_hw_set_gpio(priv);
1365 
1366 	/* Step 1. Stop Master Assert */
1367 	write_register(priv->net_dev, IPW_REG_RESET_REG,
1368 		       IPW_AUX_HOST_RESET_REG_STOP_MASTER);
1369 
1370 	/* Step 2. Wait for stop Master Assert
1371 	 *         (not more than 50us, otherwise ret error */
1372 	i = 5;
1373 	do {
1374 		udelay(IPW_WAIT_RESET_MASTER_ASSERT_COMPLETE_DELAY);
1375 		read_register(priv->net_dev, IPW_REG_RESET_REG, &reg);
1376 
1377 		if (reg & IPW_AUX_HOST_RESET_REG_MASTER_DISABLED)
1378 			break;
1379 	} while (--i);
1380 
1381 	priv->status &= ~STATUS_RESET_PENDING;
1382 
1383 	if (!i) {
1384 		IPW_DEBUG_INFO
1385 		    ("exit - waited too long for master assert stop\n");
1386 		return -EIO;
1387 	}
1388 
1389 	write_register(priv->net_dev, IPW_REG_RESET_REG,
1390 		       IPW_AUX_HOST_RESET_REG_SW_RESET);
1391 
1392 	/* Reset any fatal_error conditions */
1393 	ipw2100_reset_fatalerror(priv);
1394 
1395 	/* At this point, the adapter is now stopped and disabled */
1396 	priv->status &= ~(STATUS_RUNNING | STATUS_ASSOCIATING |
1397 			  STATUS_ASSOCIATED | STATUS_ENABLED);
1398 
1399 	return 0;
1400 }
1401 
1402 /*
1403  * Send the CARD_DISABLE_PHY_OFF command to the card to disable it
1404  *
1405  * After disabling, if the card was associated, a STATUS_ASSN_LOST will be sent.
1406  *
1407  * STATUS_CARD_DISABLE_NOTIFICATION will be sent regardless of
1408  * if STATUS_ASSN_LOST is sent.
1409  */
1410 static int ipw2100_hw_phy_off(struct ipw2100_priv *priv)
1411 {
1412 
1413 #define HW_PHY_OFF_LOOP_DELAY (msecs_to_jiffies(50))
1414 
1415 	struct host_command cmd = {
1416 		.host_command = CARD_DISABLE_PHY_OFF,
1417 		.host_command_sequence = 0,
1418 		.host_command_length = 0,
1419 	};
1420 	int err, i;
1421 	u32 val1, val2;
1422 
1423 	IPW_DEBUG_HC("CARD_DISABLE_PHY_OFF\n");
1424 
1425 	/* Turn off the radio */
1426 	err = ipw2100_hw_send_command(priv, &cmd);
1427 	if (err)
1428 		return err;
1429 
1430 	for (i = 0; i < 2500; i++) {
1431 		read_nic_dword(priv->net_dev, IPW2100_CONTROL_REG, &val1);
1432 		read_nic_dword(priv->net_dev, IPW2100_COMMAND, &val2);
1433 
1434 		if ((val1 & IPW2100_CONTROL_PHY_OFF) &&
1435 		    (val2 & IPW2100_COMMAND_PHY_OFF))
1436 			return 0;
1437 
1438 		schedule_timeout_uninterruptible(HW_PHY_OFF_LOOP_DELAY);
1439 	}
1440 
1441 	return -EIO;
1442 }
1443 
1444 static int ipw2100_enable_adapter(struct ipw2100_priv *priv)
1445 {
1446 	struct host_command cmd = {
1447 		.host_command = HOST_COMPLETE,
1448 		.host_command_sequence = 0,
1449 		.host_command_length = 0
1450 	};
1451 	int err = 0;
1452 
1453 	IPW_DEBUG_HC("HOST_COMPLETE\n");
1454 
1455 	if (priv->status & STATUS_ENABLED)
1456 		return 0;
1457 
1458 	mutex_lock(&priv->adapter_mutex);
1459 
1460 	if (rf_kill_active(priv)) {
1461 		IPW_DEBUG_HC("Command aborted due to RF kill active.\n");
1462 		goto fail_up;
1463 	}
1464 
1465 	err = ipw2100_hw_send_command(priv, &cmd);
1466 	if (err) {
1467 		IPW_DEBUG_INFO("Failed to send HOST_COMPLETE command\n");
1468 		goto fail_up;
1469 	}
1470 
1471 	err = ipw2100_wait_for_card_state(priv, IPW_HW_STATE_ENABLED);
1472 	if (err) {
1473 		IPW_DEBUG_INFO("%s: card not responding to init command.\n",
1474 			       priv->net_dev->name);
1475 		goto fail_up;
1476 	}
1477 
1478 	if (priv->stop_hang_check) {
1479 		priv->stop_hang_check = 0;
1480 		schedule_delayed_work(&priv->hang_check, HZ / 2);
1481 	}
1482 
1483       fail_up:
1484 	mutex_unlock(&priv->adapter_mutex);
1485 	return err;
1486 }
1487 
1488 static int ipw2100_hw_stop_adapter(struct ipw2100_priv *priv)
1489 {
1490 #define HW_POWER_DOWN_DELAY (msecs_to_jiffies(100))
1491 
1492 	struct host_command cmd = {
1493 		.host_command = HOST_PRE_POWER_DOWN,
1494 		.host_command_sequence = 0,
1495 		.host_command_length = 0,
1496 	};
1497 	int err, i;
1498 	u32 reg;
1499 
1500 	if (!(priv->status & STATUS_RUNNING))
1501 		return 0;
1502 
1503 	priv->status |= STATUS_STOPPING;
1504 
1505 	/* We can only shut down the card if the firmware is operational.  So,
1506 	 * if we haven't reset since a fatal_error, then we can not send the
1507 	 * shutdown commands. */
1508 	if (!priv->fatal_error) {
1509 		/* First, make sure the adapter is enabled so that the PHY_OFF
1510 		 * command can shut it down */
1511 		ipw2100_enable_adapter(priv);
1512 
1513 		err = ipw2100_hw_phy_off(priv);
1514 		if (err)
1515 			printk(KERN_WARNING DRV_NAME
1516 			       ": Error disabling radio %d\n", err);
1517 
1518 		/*
1519 		 * If in D0-standby mode going directly to D3 may cause a
1520 		 * PCI bus violation.  Therefore we must change out of the D0
1521 		 * state.
1522 		 *
1523 		 * Sending the PREPARE_FOR_POWER_DOWN will restrict the
1524 		 * hardware from going into standby mode and will transition
1525 		 * out of D0-standby if it is already in that state.
1526 		 *
1527 		 * STATUS_PREPARE_POWER_DOWN_COMPLETE will be sent by the
1528 		 * driver upon completion.  Once received, the driver can
1529 		 * proceed to the D3 state.
1530 		 *
1531 		 * Prepare for power down command to fw.  This command would
1532 		 * take HW out of D0-standby and prepare it for D3 state.
1533 		 *
1534 		 * Currently FW does not support event notification for this
1535 		 * event. Therefore, skip waiting for it.  Just wait a fixed
1536 		 * 100ms
1537 		 */
1538 		IPW_DEBUG_HC("HOST_PRE_POWER_DOWN\n");
1539 
1540 		err = ipw2100_hw_send_command(priv, &cmd);
1541 		if (err)
1542 			printk(KERN_WARNING DRV_NAME ": "
1543 			       "%s: Power down command failed: Error %d\n",
1544 			       priv->net_dev->name, err);
1545 		else
1546 			schedule_timeout_uninterruptible(HW_POWER_DOWN_DELAY);
1547 	}
1548 
1549 	priv->status &= ~STATUS_ENABLED;
1550 
1551 	/*
1552 	 * Set GPIO 3 writable by FW; GPIO 1 writable
1553 	 * by driver and enable clock
1554 	 */
1555 	ipw2100_hw_set_gpio(priv);
1556 
1557 	/*
1558 	 * Power down adapter.  Sequence:
1559 	 * 1. Stop master assert (RESET_REG[9]=1)
1560 	 * 2. Wait for stop master (RESET_REG[8]==1)
1561 	 * 3. S/w reset assert (RESET_REG[7] = 1)
1562 	 */
1563 
1564 	/* Stop master assert */
1565 	write_register(priv->net_dev, IPW_REG_RESET_REG,
1566 		       IPW_AUX_HOST_RESET_REG_STOP_MASTER);
1567 
1568 	/* wait stop master not more than 50 usec.
1569 	 * Otherwise return error. */
1570 	for (i = 5; i > 0; i--) {
1571 		udelay(10);
1572 
1573 		/* Check master stop bit */
1574 		read_register(priv->net_dev, IPW_REG_RESET_REG, &reg);
1575 
1576 		if (reg & IPW_AUX_HOST_RESET_REG_MASTER_DISABLED)
1577 			break;
1578 	}
1579 
1580 	if (i == 0)
1581 		printk(KERN_WARNING DRV_NAME
1582 		       ": %s: Could now power down adapter.\n",
1583 		       priv->net_dev->name);
1584 
1585 	/* assert s/w reset */
1586 	write_register(priv->net_dev, IPW_REG_RESET_REG,
1587 		       IPW_AUX_HOST_RESET_REG_SW_RESET);
1588 
1589 	priv->status &= ~(STATUS_RUNNING | STATUS_STOPPING);
1590 
1591 	return 0;
1592 }
1593 
1594 static int ipw2100_disable_adapter(struct ipw2100_priv *priv)
1595 {
1596 	struct host_command cmd = {
1597 		.host_command = CARD_DISABLE,
1598 		.host_command_sequence = 0,
1599 		.host_command_length = 0
1600 	};
1601 	int err = 0;
1602 
1603 	IPW_DEBUG_HC("CARD_DISABLE\n");
1604 
1605 	if (!(priv->status & STATUS_ENABLED))
1606 		return 0;
1607 
1608 	/* Make sure we clear the associated state */
1609 	priv->status &= ~(STATUS_ASSOCIATED | STATUS_ASSOCIATING);
1610 
1611 	if (!priv->stop_hang_check) {
1612 		priv->stop_hang_check = 1;
1613 		cancel_delayed_work(&priv->hang_check);
1614 	}
1615 
1616 	mutex_lock(&priv->adapter_mutex);
1617 
1618 	err = ipw2100_hw_send_command(priv, &cmd);
1619 	if (err) {
1620 		printk(KERN_WARNING DRV_NAME
1621 		       ": exit - failed to send CARD_DISABLE command\n");
1622 		goto fail_up;
1623 	}
1624 
1625 	err = ipw2100_wait_for_card_state(priv, IPW_HW_STATE_DISABLED);
1626 	if (err) {
1627 		printk(KERN_WARNING DRV_NAME
1628 		       ": exit - card failed to change to DISABLED\n");
1629 		goto fail_up;
1630 	}
1631 
1632 	IPW_DEBUG_INFO("TODO: implement scan state machine\n");
1633 
1634       fail_up:
1635 	mutex_unlock(&priv->adapter_mutex);
1636 	return err;
1637 }
1638 
1639 static int ipw2100_set_scan_options(struct ipw2100_priv *priv)
1640 {
1641 	struct host_command cmd = {
1642 		.host_command = SET_SCAN_OPTIONS,
1643 		.host_command_sequence = 0,
1644 		.host_command_length = 8
1645 	};
1646 	int err;
1647 
1648 	IPW_DEBUG_INFO("enter\n");
1649 
1650 	IPW_DEBUG_SCAN("setting scan options\n");
1651 
1652 	cmd.host_command_parameters[0] = 0;
1653 
1654 	if (!(priv->config & CFG_ASSOCIATE))
1655 		cmd.host_command_parameters[0] |= IPW_SCAN_NOASSOCIATE;
1656 	if ((priv->ieee->sec.flags & SEC_ENABLED) && priv->ieee->sec.enabled)
1657 		cmd.host_command_parameters[0] |= IPW_SCAN_MIXED_CELL;
1658 	if (priv->config & CFG_PASSIVE_SCAN)
1659 		cmd.host_command_parameters[0] |= IPW_SCAN_PASSIVE;
1660 
1661 	cmd.host_command_parameters[1] = priv->channel_mask;
1662 
1663 	err = ipw2100_hw_send_command(priv, &cmd);
1664 
1665 	IPW_DEBUG_HC("SET_SCAN_OPTIONS 0x%04X\n",
1666 		     cmd.host_command_parameters[0]);
1667 
1668 	return err;
1669 }
1670 
1671 static int ipw2100_start_scan(struct ipw2100_priv *priv)
1672 {
1673 	struct host_command cmd = {
1674 		.host_command = BROADCAST_SCAN,
1675 		.host_command_sequence = 0,
1676 		.host_command_length = 4
1677 	};
1678 	int err;
1679 
1680 	IPW_DEBUG_HC("START_SCAN\n");
1681 
1682 	cmd.host_command_parameters[0] = 0;
1683 
1684 	/* No scanning if in monitor mode */
1685 	if (priv->ieee->iw_mode == IW_MODE_MONITOR)
1686 		return 1;
1687 
1688 	if (priv->status & STATUS_SCANNING) {
1689 		IPW_DEBUG_SCAN("Scan requested while already in scan...\n");
1690 		return 0;
1691 	}
1692 
1693 	IPW_DEBUG_INFO("enter\n");
1694 
1695 	/* Not clearing here; doing so makes iwlist always return nothing...
1696 	 *
1697 	 * We should modify the table logic to use aging tables vs. clearing
1698 	 * the table on each scan start.
1699 	 */
1700 	IPW_DEBUG_SCAN("starting scan\n");
1701 
1702 	priv->status |= STATUS_SCANNING;
1703 	err = ipw2100_hw_send_command(priv, &cmd);
1704 	if (err)
1705 		priv->status &= ~STATUS_SCANNING;
1706 
1707 	IPW_DEBUG_INFO("exit\n");
1708 
1709 	return err;
1710 }
1711 
1712 static const struct libipw_geo ipw_geos[] = {
1713 	{			/* Restricted */
1714 	 "---",
1715 	 .bg_channels = 14,
1716 	 .bg = {{2412, 1}, {2417, 2}, {2422, 3},
1717 		{2427, 4}, {2432, 5}, {2437, 6},
1718 		{2442, 7}, {2447, 8}, {2452, 9},
1719 		{2457, 10}, {2462, 11}, {2467, 12},
1720 		{2472, 13}, {2484, 14}},
1721 	 },
1722 };
1723 
1724 static int ipw2100_up(struct ipw2100_priv *priv, int deferred)
1725 {
1726 	unsigned long flags;
1727 	int rc = 0;
1728 	u32 lock;
1729 	u32 ord_len = sizeof(lock);
1730 
1731 	/* Age scan list entries found before suspend */
1732 	if (priv->suspend_time) {
1733 		libipw_networks_age(priv->ieee, priv->suspend_time);
1734 		priv->suspend_time = 0;
1735 	}
1736 
1737 	/* Quiet if manually disabled. */
1738 	if (priv->status & STATUS_RF_KILL_SW) {
1739 		IPW_DEBUG_INFO("%s: Radio is disabled by Manual Disable "
1740 			       "switch\n", priv->net_dev->name);
1741 		return 0;
1742 	}
1743 
1744 	/* the ipw2100 hardware really doesn't want power management delays
1745 	 * longer than 175usec
1746 	 */
1747 	pm_qos_update_request(&ipw2100_pm_qos_req, 175);
1748 
1749 	/* If the interrupt is enabled, turn it off... */
1750 	spin_lock_irqsave(&priv->low_lock, flags);
1751 	ipw2100_disable_interrupts(priv);
1752 
1753 	/* Reset any fatal_error conditions */
1754 	ipw2100_reset_fatalerror(priv);
1755 	spin_unlock_irqrestore(&priv->low_lock, flags);
1756 
1757 	if (priv->status & STATUS_POWERED ||
1758 	    (priv->status & STATUS_RESET_PENDING)) {
1759 		/* Power cycle the card ... */
1760 		if (ipw2100_power_cycle_adapter(priv)) {
1761 			printk(KERN_WARNING DRV_NAME
1762 			       ": %s: Could not cycle adapter.\n",
1763 			       priv->net_dev->name);
1764 			rc = 1;
1765 			goto exit;
1766 		}
1767 	} else
1768 		priv->status |= STATUS_POWERED;
1769 
1770 	/* Load the firmware, start the clocks, etc. */
1771 	if (ipw2100_start_adapter(priv)) {
1772 		printk(KERN_ERR DRV_NAME
1773 		       ": %s: Failed to start the firmware.\n",
1774 		       priv->net_dev->name);
1775 		rc = 1;
1776 		goto exit;
1777 	}
1778 
1779 	ipw2100_initialize_ordinals(priv);
1780 
1781 	/* Determine capabilities of this particular HW configuration */
1782 	if (ipw2100_get_hw_features(priv)) {
1783 		printk(KERN_ERR DRV_NAME
1784 		       ": %s: Failed to determine HW features.\n",
1785 		       priv->net_dev->name);
1786 		rc = 1;
1787 		goto exit;
1788 	}
1789 
1790 	/* Initialize the geo */
1791 	libipw_set_geo(priv->ieee, &ipw_geos[0]);
1792 	priv->ieee->freq_band = LIBIPW_24GHZ_BAND;
1793 
1794 	lock = LOCK_NONE;
1795 	if (ipw2100_set_ordinal(priv, IPW_ORD_PERS_DB_LOCK, &lock, &ord_len)) {
1796 		printk(KERN_ERR DRV_NAME
1797 		       ": %s: Failed to clear ordinal lock.\n",
1798 		       priv->net_dev->name);
1799 		rc = 1;
1800 		goto exit;
1801 	}
1802 
1803 	priv->status &= ~STATUS_SCANNING;
1804 
1805 	if (rf_kill_active(priv)) {
1806 		printk(KERN_INFO "%s: Radio is disabled by RF switch.\n",
1807 		       priv->net_dev->name);
1808 
1809 		if (priv->stop_rf_kill) {
1810 			priv->stop_rf_kill = 0;
1811 			schedule_delayed_work(&priv->rf_kill,
1812 					      round_jiffies_relative(HZ));
1813 		}
1814 
1815 		deferred = 1;
1816 	}
1817 
1818 	/* Turn on the interrupt so that commands can be processed */
1819 	ipw2100_enable_interrupts(priv);
1820 
1821 	/* Send all of the commands that must be sent prior to
1822 	 * HOST_COMPLETE */
1823 	if (ipw2100_adapter_setup(priv)) {
1824 		printk(KERN_ERR DRV_NAME ": %s: Failed to start the card.\n",
1825 		       priv->net_dev->name);
1826 		rc = 1;
1827 		goto exit;
1828 	}
1829 
1830 	if (!deferred) {
1831 		/* Enable the adapter - sends HOST_COMPLETE */
1832 		if (ipw2100_enable_adapter(priv)) {
1833 			printk(KERN_ERR DRV_NAME ": "
1834 			       "%s: failed in call to enable adapter.\n",
1835 			       priv->net_dev->name);
1836 			ipw2100_hw_stop_adapter(priv);
1837 			rc = 1;
1838 			goto exit;
1839 		}
1840 
1841 		/* Start a scan . . . */
1842 		ipw2100_set_scan_options(priv);
1843 		ipw2100_start_scan(priv);
1844 	}
1845 
1846       exit:
1847 	return rc;
1848 }
1849 
1850 static void ipw2100_down(struct ipw2100_priv *priv)
1851 {
1852 	unsigned long flags;
1853 	union iwreq_data wrqu = {
1854 		.ap_addr = {
1855 			    .sa_family = ARPHRD_ETHER}
1856 	};
1857 	int associated = priv->status & STATUS_ASSOCIATED;
1858 
1859 	/* Kill the RF switch timer */
1860 	if (!priv->stop_rf_kill) {
1861 		priv->stop_rf_kill = 1;
1862 		cancel_delayed_work(&priv->rf_kill);
1863 	}
1864 
1865 	/* Kill the firmware hang check timer */
1866 	if (!priv->stop_hang_check) {
1867 		priv->stop_hang_check = 1;
1868 		cancel_delayed_work(&priv->hang_check);
1869 	}
1870 
1871 	/* Kill any pending resets */
1872 	if (priv->status & STATUS_RESET_PENDING)
1873 		cancel_delayed_work(&priv->reset_work);
1874 
1875 	/* Make sure the interrupt is on so that FW commands will be
1876 	 * processed correctly */
1877 	spin_lock_irqsave(&priv->low_lock, flags);
1878 	ipw2100_enable_interrupts(priv);
1879 	spin_unlock_irqrestore(&priv->low_lock, flags);
1880 
1881 	if (ipw2100_hw_stop_adapter(priv))
1882 		printk(KERN_ERR DRV_NAME ": %s: Error stopping adapter.\n",
1883 		       priv->net_dev->name);
1884 
1885 	/* Do not disable the interrupt until _after_ we disable
1886 	 * the adaptor.  Otherwise the CARD_DISABLE command will never
1887 	 * be ack'd by the firmware */
1888 	spin_lock_irqsave(&priv->low_lock, flags);
1889 	ipw2100_disable_interrupts(priv);
1890 	spin_unlock_irqrestore(&priv->low_lock, flags);
1891 
1892 	pm_qos_update_request(&ipw2100_pm_qos_req, PM_QOS_DEFAULT_VALUE);
1893 
1894 	/* We have to signal any supplicant if we are disassociating */
1895 	if (associated)
1896 		wireless_send_event(priv->net_dev, SIOCGIWAP, &wrqu, NULL);
1897 
1898 	priv->status &= ~(STATUS_ASSOCIATED | STATUS_ASSOCIATING);
1899 	netif_carrier_off(priv->net_dev);
1900 	netif_stop_queue(priv->net_dev);
1901 }
1902 
1903 static int ipw2100_wdev_init(struct net_device *dev)
1904 {
1905 	struct ipw2100_priv *priv = libipw_priv(dev);
1906 	const struct libipw_geo *geo = libipw_get_geo(priv->ieee);
1907 	struct wireless_dev *wdev = &priv->ieee->wdev;
1908 	int i;
1909 
1910 	memcpy(wdev->wiphy->perm_addr, priv->mac_addr, ETH_ALEN);
1911 
1912 	/* fill-out priv->ieee->bg_band */
1913 	if (geo->bg_channels) {
1914 		struct ieee80211_supported_band *bg_band = &priv->ieee->bg_band;
1915 
1916 		bg_band->band = NL80211_BAND_2GHZ;
1917 		bg_band->n_channels = geo->bg_channels;
1918 		bg_band->channels = kcalloc(geo->bg_channels,
1919 					    sizeof(struct ieee80211_channel),
1920 					    GFP_KERNEL);
1921 		if (!bg_band->channels) {
1922 			ipw2100_down(priv);
1923 			return -ENOMEM;
1924 		}
1925 		/* translate geo->bg to bg_band.channels */
1926 		for (i = 0; i < geo->bg_channels; i++) {
1927 			bg_band->channels[i].band = NL80211_BAND_2GHZ;
1928 			bg_band->channels[i].center_freq = geo->bg[i].freq;
1929 			bg_band->channels[i].hw_value = geo->bg[i].channel;
1930 			bg_band->channels[i].max_power = geo->bg[i].max_power;
1931 			if (geo->bg[i].flags & LIBIPW_CH_PASSIVE_ONLY)
1932 				bg_band->channels[i].flags |=
1933 					IEEE80211_CHAN_NO_IR;
1934 			if (geo->bg[i].flags & LIBIPW_CH_NO_IBSS)
1935 				bg_band->channels[i].flags |=
1936 					IEEE80211_CHAN_NO_IR;
1937 			if (geo->bg[i].flags & LIBIPW_CH_RADAR_DETECT)
1938 				bg_band->channels[i].flags |=
1939 					IEEE80211_CHAN_RADAR;
1940 			/* No equivalent for LIBIPW_CH_80211H_RULES,
1941 			   LIBIPW_CH_UNIFORM_SPREADING, or
1942 			   LIBIPW_CH_B_ONLY... */
1943 		}
1944 		/* point at bitrate info */
1945 		bg_band->bitrates = ipw2100_bg_rates;
1946 		bg_band->n_bitrates = RATE_COUNT;
1947 
1948 		wdev->wiphy->bands[NL80211_BAND_2GHZ] = bg_band;
1949 	}
1950 
1951 	wdev->wiphy->cipher_suites = ipw_cipher_suites;
1952 	wdev->wiphy->n_cipher_suites = ARRAY_SIZE(ipw_cipher_suites);
1953 
1954 	set_wiphy_dev(wdev->wiphy, &priv->pci_dev->dev);
1955 	if (wiphy_register(wdev->wiphy))
1956 		return -EIO;
1957 	return 0;
1958 }
1959 
1960 static void ipw2100_reset_adapter(struct work_struct *work)
1961 {
1962 	struct ipw2100_priv *priv =
1963 		container_of(work, struct ipw2100_priv, reset_work.work);
1964 	unsigned long flags;
1965 	union iwreq_data wrqu = {
1966 		.ap_addr = {
1967 			    .sa_family = ARPHRD_ETHER}
1968 	};
1969 	int associated = priv->status & STATUS_ASSOCIATED;
1970 
1971 	spin_lock_irqsave(&priv->low_lock, flags);
1972 	IPW_DEBUG_INFO(": %s: Restarting adapter.\n", priv->net_dev->name);
1973 	priv->resets++;
1974 	priv->status &= ~(STATUS_ASSOCIATED | STATUS_ASSOCIATING);
1975 	priv->status |= STATUS_SECURITY_UPDATED;
1976 
1977 	/* Force a power cycle even if interface hasn't been opened
1978 	 * yet */
1979 	cancel_delayed_work(&priv->reset_work);
1980 	priv->status |= STATUS_RESET_PENDING;
1981 	spin_unlock_irqrestore(&priv->low_lock, flags);
1982 
1983 	mutex_lock(&priv->action_mutex);
1984 	/* stop timed checks so that they don't interfere with reset */
1985 	priv->stop_hang_check = 1;
1986 	cancel_delayed_work(&priv->hang_check);
1987 
1988 	/* We have to signal any supplicant if we are disassociating */
1989 	if (associated)
1990 		wireless_send_event(priv->net_dev, SIOCGIWAP, &wrqu, NULL);
1991 
1992 	ipw2100_up(priv, 0);
1993 	mutex_unlock(&priv->action_mutex);
1994 
1995 }
1996 
1997 static void isr_indicate_associated(struct ipw2100_priv *priv, u32 status)
1998 {
1999 
2000 #define MAC_ASSOCIATION_READ_DELAY (HZ)
2001 	int ret;
2002 	unsigned int len, essid_len;
2003 	char essid[IW_ESSID_MAX_SIZE];
2004 	u32 txrate;
2005 	u32 chan;
2006 	char *txratename;
2007 	u8 bssid[ETH_ALEN];
2008 
2009 	/*
2010 	 * TBD: BSSID is usually 00:00:00:00:00:00 here and not
2011 	 *      an actual MAC of the AP. Seems like FW sets this
2012 	 *      address too late. Read it later and expose through
2013 	 *      /proc or schedule a later task to query and update
2014 	 */
2015 
2016 	essid_len = IW_ESSID_MAX_SIZE;
2017 	ret = ipw2100_get_ordinal(priv, IPW_ORD_STAT_ASSN_SSID,
2018 				  essid, &essid_len);
2019 	if (ret) {
2020 		IPW_DEBUG_INFO("failed querying ordinals at line %d\n",
2021 			       __LINE__);
2022 		return;
2023 	}
2024 
2025 	len = sizeof(u32);
2026 	ret = ipw2100_get_ordinal(priv, IPW_ORD_CURRENT_TX_RATE, &txrate, &len);
2027 	if (ret) {
2028 		IPW_DEBUG_INFO("failed querying ordinals at line %d\n",
2029 			       __LINE__);
2030 		return;
2031 	}
2032 
2033 	len = sizeof(u32);
2034 	ret = ipw2100_get_ordinal(priv, IPW_ORD_OUR_FREQ, &chan, &len);
2035 	if (ret) {
2036 		IPW_DEBUG_INFO("failed querying ordinals at line %d\n",
2037 			       __LINE__);
2038 		return;
2039 	}
2040 	len = ETH_ALEN;
2041 	ret = ipw2100_get_ordinal(priv, IPW_ORD_STAT_ASSN_AP_BSSID, bssid,
2042 				  &len);
2043 	if (ret) {
2044 		IPW_DEBUG_INFO("failed querying ordinals at line %d\n",
2045 			       __LINE__);
2046 		return;
2047 	}
2048 	memcpy(priv->ieee->bssid, bssid, ETH_ALEN);
2049 
2050 	switch (txrate) {
2051 	case TX_RATE_1_MBIT:
2052 		txratename = "1Mbps";
2053 		break;
2054 	case TX_RATE_2_MBIT:
2055 		txratename = "2Mbsp";
2056 		break;
2057 	case TX_RATE_5_5_MBIT:
2058 		txratename = "5.5Mbps";
2059 		break;
2060 	case TX_RATE_11_MBIT:
2061 		txratename = "11Mbps";
2062 		break;
2063 	default:
2064 		IPW_DEBUG_INFO("Unknown rate: %d\n", txrate);
2065 		txratename = "unknown rate";
2066 		break;
2067 	}
2068 
2069 	IPW_DEBUG_INFO("%s: Associated with '%*pE' at %s, channel %d (BSSID=%pM)\n",
2070 		       priv->net_dev->name, essid_len, essid,
2071 		       txratename, chan, bssid);
2072 
2073 	/* now we copy read ssid into dev */
2074 	if (!(priv->config & CFG_STATIC_ESSID)) {
2075 		priv->essid_len = min((u8) essid_len, (u8) IW_ESSID_MAX_SIZE);
2076 		memcpy(priv->essid, essid, priv->essid_len);
2077 	}
2078 	priv->channel = chan;
2079 	memcpy(priv->bssid, bssid, ETH_ALEN);
2080 
2081 	priv->status |= STATUS_ASSOCIATING;
2082 	priv->connect_start = get_seconds();
2083 
2084 	schedule_delayed_work(&priv->wx_event_work, HZ / 10);
2085 }
2086 
2087 static int ipw2100_set_essid(struct ipw2100_priv *priv, char *essid,
2088 			     int length, int batch_mode)
2089 {
2090 	int ssid_len = min(length, IW_ESSID_MAX_SIZE);
2091 	struct host_command cmd = {
2092 		.host_command = SSID,
2093 		.host_command_sequence = 0,
2094 		.host_command_length = ssid_len
2095 	};
2096 	int err;
2097 
2098 	IPW_DEBUG_HC("SSID: '%*pE'\n", ssid_len, essid);
2099 
2100 	if (ssid_len)
2101 		memcpy(cmd.host_command_parameters, essid, ssid_len);
2102 
2103 	if (!batch_mode) {
2104 		err = ipw2100_disable_adapter(priv);
2105 		if (err)
2106 			return err;
2107 	}
2108 
2109 	/* Bug in FW currently doesn't honor bit 0 in SET_SCAN_OPTIONS to
2110 	 * disable auto association -- so we cheat by setting a bogus SSID */
2111 	if (!ssid_len && !(priv->config & CFG_ASSOCIATE)) {
2112 		int i;
2113 		u8 *bogus = (u8 *) cmd.host_command_parameters;
2114 		for (i = 0; i < IW_ESSID_MAX_SIZE; i++)
2115 			bogus[i] = 0x18 + i;
2116 		cmd.host_command_length = IW_ESSID_MAX_SIZE;
2117 	}
2118 
2119 	/* NOTE:  We always send the SSID command even if the provided ESSID is
2120 	 * the same as what we currently think is set. */
2121 
2122 	err = ipw2100_hw_send_command(priv, &cmd);
2123 	if (!err) {
2124 		memset(priv->essid + ssid_len, 0, IW_ESSID_MAX_SIZE - ssid_len);
2125 		memcpy(priv->essid, essid, ssid_len);
2126 		priv->essid_len = ssid_len;
2127 	}
2128 
2129 	if (!batch_mode) {
2130 		if (ipw2100_enable_adapter(priv))
2131 			err = -EIO;
2132 	}
2133 
2134 	return err;
2135 }
2136 
2137 static void isr_indicate_association_lost(struct ipw2100_priv *priv, u32 status)
2138 {
2139 	IPW_DEBUG(IPW_DL_NOTIF | IPW_DL_STATE | IPW_DL_ASSOC,
2140 		  "disassociated: '%*pE' %pM\n", priv->essid_len, priv->essid,
2141 		  priv->bssid);
2142 
2143 	priv->status &= ~(STATUS_ASSOCIATED | STATUS_ASSOCIATING);
2144 
2145 	if (priv->status & STATUS_STOPPING) {
2146 		IPW_DEBUG_INFO("Card is stopping itself, discard ASSN_LOST.\n");
2147 		return;
2148 	}
2149 
2150 	eth_zero_addr(priv->bssid);
2151 	eth_zero_addr(priv->ieee->bssid);
2152 
2153 	netif_carrier_off(priv->net_dev);
2154 	netif_stop_queue(priv->net_dev);
2155 
2156 	if (!(priv->status & STATUS_RUNNING))
2157 		return;
2158 
2159 	if (priv->status & STATUS_SECURITY_UPDATED)
2160 		schedule_delayed_work(&priv->security_work, 0);
2161 
2162 	schedule_delayed_work(&priv->wx_event_work, 0);
2163 }
2164 
2165 static void isr_indicate_rf_kill(struct ipw2100_priv *priv, u32 status)
2166 {
2167 	IPW_DEBUG_INFO("%s: RF Kill state changed to radio OFF.\n",
2168 		       priv->net_dev->name);
2169 
2170 	/* RF_KILL is now enabled (else we wouldn't be here) */
2171 	wiphy_rfkill_set_hw_state(priv->ieee->wdev.wiphy, true);
2172 	priv->status |= STATUS_RF_KILL_HW;
2173 
2174 	/* Make sure the RF Kill check timer is running */
2175 	priv->stop_rf_kill = 0;
2176 	mod_delayed_work(system_wq, &priv->rf_kill, round_jiffies_relative(HZ));
2177 }
2178 
2179 static void ipw2100_scan_event(struct work_struct *work)
2180 {
2181 	struct ipw2100_priv *priv = container_of(work, struct ipw2100_priv,
2182 						 scan_event.work);
2183 	union iwreq_data wrqu;
2184 
2185 	wrqu.data.length = 0;
2186 	wrqu.data.flags = 0;
2187 	wireless_send_event(priv->net_dev, SIOCGIWSCAN, &wrqu, NULL);
2188 }
2189 
2190 static void isr_scan_complete(struct ipw2100_priv *priv, u32 status)
2191 {
2192 	IPW_DEBUG_SCAN("scan complete\n");
2193 	/* Age the scan results... */
2194 	priv->ieee->scans++;
2195 	priv->status &= ~STATUS_SCANNING;
2196 
2197 	/* Only userspace-requested scan completion events go out immediately */
2198 	if (!priv->user_requested_scan) {
2199 		schedule_delayed_work(&priv->scan_event,
2200 				      round_jiffies_relative(msecs_to_jiffies(4000)));
2201 	} else {
2202 		priv->user_requested_scan = 0;
2203 		mod_delayed_work(system_wq, &priv->scan_event, 0);
2204 	}
2205 }
2206 
2207 #ifdef CONFIG_IPW2100_DEBUG
2208 #define IPW2100_HANDLER(v, f) { v, f, # v }
2209 struct ipw2100_status_indicator {
2210 	int status;
2211 	void (*cb) (struct ipw2100_priv * priv, u32 status);
2212 	char *name;
2213 };
2214 #else
2215 #define IPW2100_HANDLER(v, f) { v, f }
2216 struct ipw2100_status_indicator {
2217 	int status;
2218 	void (*cb) (struct ipw2100_priv * priv, u32 status);
2219 };
2220 #endif				/* CONFIG_IPW2100_DEBUG */
2221 
2222 static void isr_indicate_scanning(struct ipw2100_priv *priv, u32 status)
2223 {
2224 	IPW_DEBUG_SCAN("Scanning...\n");
2225 	priv->status |= STATUS_SCANNING;
2226 }
2227 
2228 static const struct ipw2100_status_indicator status_handlers[] = {
2229 	IPW2100_HANDLER(IPW_STATE_INITIALIZED, NULL),
2230 	IPW2100_HANDLER(IPW_STATE_COUNTRY_FOUND, NULL),
2231 	IPW2100_HANDLER(IPW_STATE_ASSOCIATED, isr_indicate_associated),
2232 	IPW2100_HANDLER(IPW_STATE_ASSN_LOST, isr_indicate_association_lost),
2233 	IPW2100_HANDLER(IPW_STATE_ASSN_CHANGED, NULL),
2234 	IPW2100_HANDLER(IPW_STATE_SCAN_COMPLETE, isr_scan_complete),
2235 	IPW2100_HANDLER(IPW_STATE_ENTERED_PSP, NULL),
2236 	IPW2100_HANDLER(IPW_STATE_LEFT_PSP, NULL),
2237 	IPW2100_HANDLER(IPW_STATE_RF_KILL, isr_indicate_rf_kill),
2238 	IPW2100_HANDLER(IPW_STATE_DISABLED, NULL),
2239 	IPW2100_HANDLER(IPW_STATE_POWER_DOWN, NULL),
2240 	IPW2100_HANDLER(IPW_STATE_SCANNING, isr_indicate_scanning),
2241 	IPW2100_HANDLER(-1, NULL)
2242 };
2243 
2244 static void isr_status_change(struct ipw2100_priv *priv, int status)
2245 {
2246 	int i;
2247 
2248 	if (status == IPW_STATE_SCANNING &&
2249 	    priv->status & STATUS_ASSOCIATED &&
2250 	    !(priv->status & STATUS_SCANNING)) {
2251 		IPW_DEBUG_INFO("Scan detected while associated, with "
2252 			       "no scan request.  Restarting firmware.\n");
2253 
2254 		/* Wake up any sleeping jobs */
2255 		schedule_reset(priv);
2256 	}
2257 
2258 	for (i = 0; status_handlers[i].status != -1; i++) {
2259 		if (status == status_handlers[i].status) {
2260 			IPW_DEBUG_NOTIF("Status change: %s\n",
2261 					status_handlers[i].name);
2262 			if (status_handlers[i].cb)
2263 				status_handlers[i].cb(priv, status);
2264 			priv->wstats.status = status;
2265 			return;
2266 		}
2267 	}
2268 
2269 	IPW_DEBUG_NOTIF("unknown status received: %04x\n", status);
2270 }
2271 
2272 static void isr_rx_complete_command(struct ipw2100_priv *priv,
2273 				    struct ipw2100_cmd_header *cmd)
2274 {
2275 #ifdef CONFIG_IPW2100_DEBUG
2276 	if (cmd->host_command_reg < ARRAY_SIZE(command_types)) {
2277 		IPW_DEBUG_HC("Command completed '%s (%d)'\n",
2278 			     command_types[cmd->host_command_reg],
2279 			     cmd->host_command_reg);
2280 	}
2281 #endif
2282 	if (cmd->host_command_reg == HOST_COMPLETE)
2283 		priv->status |= STATUS_ENABLED;
2284 
2285 	if (cmd->host_command_reg == CARD_DISABLE)
2286 		priv->status &= ~STATUS_ENABLED;
2287 
2288 	priv->status &= ~STATUS_CMD_ACTIVE;
2289 
2290 	wake_up_interruptible(&priv->wait_command_queue);
2291 }
2292 
2293 #ifdef CONFIG_IPW2100_DEBUG
2294 static const char *frame_types[] = {
2295 	"COMMAND_STATUS_VAL",
2296 	"STATUS_CHANGE_VAL",
2297 	"P80211_DATA_VAL",
2298 	"P8023_DATA_VAL",
2299 	"HOST_NOTIFICATION_VAL"
2300 };
2301 #endif
2302 
2303 static int ipw2100_alloc_skb(struct ipw2100_priv *priv,
2304 				    struct ipw2100_rx_packet *packet)
2305 {
2306 	packet->skb = dev_alloc_skb(sizeof(struct ipw2100_rx));
2307 	if (!packet->skb)
2308 		return -ENOMEM;
2309 
2310 	packet->rxp = (struct ipw2100_rx *)packet->skb->data;
2311 	packet->dma_addr = pci_map_single(priv->pci_dev, packet->skb->data,
2312 					  sizeof(struct ipw2100_rx),
2313 					  PCI_DMA_FROMDEVICE);
2314 	if (pci_dma_mapping_error(priv->pci_dev, packet->dma_addr)) {
2315 		dev_kfree_skb(packet->skb);
2316 		return -ENOMEM;
2317 	}
2318 
2319 	return 0;
2320 }
2321 
2322 #define SEARCH_ERROR   0xffffffff
2323 #define SEARCH_FAIL    0xfffffffe
2324 #define SEARCH_SUCCESS 0xfffffff0
2325 #define SEARCH_DISCARD 0
2326 #define SEARCH_SNAPSHOT 1
2327 
2328 #define SNAPSHOT_ADDR(ofs) (priv->snapshot[((ofs) >> 12) & 0xff] + ((ofs) & 0xfff))
2329 static void ipw2100_snapshot_free(struct ipw2100_priv *priv)
2330 {
2331 	int i;
2332 	if (!priv->snapshot[0])
2333 		return;
2334 	for (i = 0; i < 0x30; i++)
2335 		kfree(priv->snapshot[i]);
2336 	priv->snapshot[0] = NULL;
2337 }
2338 
2339 #ifdef IPW2100_DEBUG_C3
2340 static int ipw2100_snapshot_alloc(struct ipw2100_priv *priv)
2341 {
2342 	int i;
2343 	if (priv->snapshot[0])
2344 		return 1;
2345 	for (i = 0; i < 0x30; i++) {
2346 		priv->snapshot[i] = kmalloc(0x1000, GFP_ATOMIC);
2347 		if (!priv->snapshot[i]) {
2348 			IPW_DEBUG_INFO("%s: Error allocating snapshot "
2349 				       "buffer %d\n", priv->net_dev->name, i);
2350 			while (i > 0)
2351 				kfree(priv->snapshot[--i]);
2352 			priv->snapshot[0] = NULL;
2353 			return 0;
2354 		}
2355 	}
2356 
2357 	return 1;
2358 }
2359 
2360 static u32 ipw2100_match_buf(struct ipw2100_priv *priv, u8 * in_buf,
2361 				    size_t len, int mode)
2362 {
2363 	u32 i, j;
2364 	u32 tmp;
2365 	u8 *s, *d;
2366 	u32 ret;
2367 
2368 	s = in_buf;
2369 	if (mode == SEARCH_SNAPSHOT) {
2370 		if (!ipw2100_snapshot_alloc(priv))
2371 			mode = SEARCH_DISCARD;
2372 	}
2373 
2374 	for (ret = SEARCH_FAIL, i = 0; i < 0x30000; i += 4) {
2375 		read_nic_dword(priv->net_dev, i, &tmp);
2376 		if (mode == SEARCH_SNAPSHOT)
2377 			*(u32 *) SNAPSHOT_ADDR(i) = tmp;
2378 		if (ret == SEARCH_FAIL) {
2379 			d = (u8 *) & tmp;
2380 			for (j = 0; j < 4; j++) {
2381 				if (*s != *d) {
2382 					s = in_buf;
2383 					continue;
2384 				}
2385 
2386 				s++;
2387 				d++;
2388 
2389 				if ((s - in_buf) == len)
2390 					ret = (i + j) - len + 1;
2391 			}
2392 		} else if (mode == SEARCH_DISCARD)
2393 			return ret;
2394 	}
2395 
2396 	return ret;
2397 }
2398 #endif
2399 
2400 /*
2401  *
2402  * 0) Disconnect the SKB from the firmware (just unmap)
2403  * 1) Pack the ETH header into the SKB
2404  * 2) Pass the SKB to the network stack
2405  *
2406  * When packet is provided by the firmware, it contains the following:
2407  *
2408  * .  libipw_hdr
2409  * .  libipw_snap_hdr
2410  *
2411  * The size of the constructed ethernet
2412  *
2413  */
2414 #ifdef IPW2100_RX_DEBUG
2415 static u8 packet_data[IPW_RX_NIC_BUFFER_LENGTH];
2416 #endif
2417 
2418 static void ipw2100_corruption_detected(struct ipw2100_priv *priv, int i)
2419 {
2420 #ifdef IPW2100_DEBUG_C3
2421 	struct ipw2100_status *status = &priv->status_queue.drv[i];
2422 	u32 match, reg;
2423 	int j;
2424 #endif
2425 
2426 	IPW_DEBUG_INFO(": PCI latency error detected at 0x%04zX.\n",
2427 		       i * sizeof(struct ipw2100_status));
2428 
2429 #ifdef IPW2100_DEBUG_C3
2430 	/* Halt the firmware so we can get a good image */
2431 	write_register(priv->net_dev, IPW_REG_RESET_REG,
2432 		       IPW_AUX_HOST_RESET_REG_STOP_MASTER);
2433 	j = 5;
2434 	do {
2435 		udelay(IPW_WAIT_RESET_MASTER_ASSERT_COMPLETE_DELAY);
2436 		read_register(priv->net_dev, IPW_REG_RESET_REG, &reg);
2437 
2438 		if (reg & IPW_AUX_HOST_RESET_REG_MASTER_DISABLED)
2439 			break;
2440 	} while (j--);
2441 
2442 	match = ipw2100_match_buf(priv, (u8 *) status,
2443 				  sizeof(struct ipw2100_status),
2444 				  SEARCH_SNAPSHOT);
2445 	if (match < SEARCH_SUCCESS)
2446 		IPW_DEBUG_INFO("%s: DMA status match in Firmware at "
2447 			       "offset 0x%06X, length %d:\n",
2448 			       priv->net_dev->name, match,
2449 			       sizeof(struct ipw2100_status));
2450 	else
2451 		IPW_DEBUG_INFO("%s: No DMA status match in "
2452 			       "Firmware.\n", priv->net_dev->name);
2453 
2454 	printk_buf((u8 *) priv->status_queue.drv,
2455 		   sizeof(struct ipw2100_status) * RX_QUEUE_LENGTH);
2456 #endif
2457 
2458 	priv->fatal_error = IPW2100_ERR_C3_CORRUPTION;
2459 	priv->net_dev->stats.rx_errors++;
2460 	schedule_reset(priv);
2461 }
2462 
2463 static void isr_rx(struct ipw2100_priv *priv, int i,
2464 			  struct libipw_rx_stats *stats)
2465 {
2466 	struct net_device *dev = priv->net_dev;
2467 	struct ipw2100_status *status = &priv->status_queue.drv[i];
2468 	struct ipw2100_rx_packet *packet = &priv->rx_buffers[i];
2469 
2470 	IPW_DEBUG_RX("Handler...\n");
2471 
2472 	if (unlikely(status->frame_size > skb_tailroom(packet->skb))) {
2473 		IPW_DEBUG_INFO("%s: frame_size (%u) > skb_tailroom (%u)!"
2474 			       "  Dropping.\n",
2475 			       dev->name,
2476 			       status->frame_size, skb_tailroom(packet->skb));
2477 		dev->stats.rx_errors++;
2478 		return;
2479 	}
2480 
2481 	if (unlikely(!netif_running(dev))) {
2482 		dev->stats.rx_errors++;
2483 		priv->wstats.discard.misc++;
2484 		IPW_DEBUG_DROP("Dropping packet while interface is not up.\n");
2485 		return;
2486 	}
2487 
2488 	if (unlikely(priv->ieee->iw_mode != IW_MODE_MONITOR &&
2489 		     !(priv->status & STATUS_ASSOCIATED))) {
2490 		IPW_DEBUG_DROP("Dropping packet while not associated.\n");
2491 		priv->wstats.discard.misc++;
2492 		return;
2493 	}
2494 
2495 	pci_unmap_single(priv->pci_dev,
2496 			 packet->dma_addr,
2497 			 sizeof(struct ipw2100_rx), PCI_DMA_FROMDEVICE);
2498 
2499 	skb_put(packet->skb, status->frame_size);
2500 
2501 #ifdef IPW2100_RX_DEBUG
2502 	/* Make a copy of the frame so we can dump it to the logs if
2503 	 * libipw_rx fails */
2504 	skb_copy_from_linear_data(packet->skb, packet_data,
2505 				  min_t(u32, status->frame_size,
2506 					     IPW_RX_NIC_BUFFER_LENGTH));
2507 #endif
2508 
2509 	if (!libipw_rx(priv->ieee, packet->skb, stats)) {
2510 #ifdef IPW2100_RX_DEBUG
2511 		IPW_DEBUG_DROP("%s: Non consumed packet:\n",
2512 			       dev->name);
2513 		printk_buf(IPW_DL_DROP, packet_data, status->frame_size);
2514 #endif
2515 		dev->stats.rx_errors++;
2516 
2517 		/* libipw_rx failed, so it didn't free the SKB */
2518 		dev_kfree_skb_any(packet->skb);
2519 		packet->skb = NULL;
2520 	}
2521 
2522 	/* We need to allocate a new SKB and attach it to the RDB. */
2523 	if (unlikely(ipw2100_alloc_skb(priv, packet))) {
2524 		printk(KERN_WARNING DRV_NAME ": "
2525 		       "%s: Unable to allocate SKB onto RBD ring - disabling "
2526 		       "adapter.\n", dev->name);
2527 		/* TODO: schedule adapter shutdown */
2528 		IPW_DEBUG_INFO("TODO: Shutdown adapter...\n");
2529 	}
2530 
2531 	/* Update the RDB entry */
2532 	priv->rx_queue.drv[i].host_addr = packet->dma_addr;
2533 }
2534 
2535 #ifdef CONFIG_IPW2100_MONITOR
2536 
2537 static void isr_rx_monitor(struct ipw2100_priv *priv, int i,
2538 		   struct libipw_rx_stats *stats)
2539 {
2540 	struct net_device *dev = priv->net_dev;
2541 	struct ipw2100_status *status = &priv->status_queue.drv[i];
2542 	struct ipw2100_rx_packet *packet = &priv->rx_buffers[i];
2543 
2544 	/* Magic struct that slots into the radiotap header -- no reason
2545 	 * to build this manually element by element, we can write it much
2546 	 * more efficiently than we can parse it. ORDER MATTERS HERE */
2547 	struct ipw_rt_hdr {
2548 		struct ieee80211_radiotap_header rt_hdr;
2549 		s8 rt_dbmsignal; /* signal in dbM, kluged to signed */
2550 	} *ipw_rt;
2551 
2552 	IPW_DEBUG_RX("Handler...\n");
2553 
2554 	if (unlikely(status->frame_size > skb_tailroom(packet->skb) -
2555 				sizeof(struct ipw_rt_hdr))) {
2556 		IPW_DEBUG_INFO("%s: frame_size (%u) > skb_tailroom (%u)!"
2557 			       "  Dropping.\n",
2558 			       dev->name,
2559 			       status->frame_size,
2560 			       skb_tailroom(packet->skb));
2561 		dev->stats.rx_errors++;
2562 		return;
2563 	}
2564 
2565 	if (unlikely(!netif_running(dev))) {
2566 		dev->stats.rx_errors++;
2567 		priv->wstats.discard.misc++;
2568 		IPW_DEBUG_DROP("Dropping packet while interface is not up.\n");
2569 		return;
2570 	}
2571 
2572 	if (unlikely(priv->config & CFG_CRC_CHECK &&
2573 		     status->flags & IPW_STATUS_FLAG_CRC_ERROR)) {
2574 		IPW_DEBUG_RX("CRC error in packet.  Dropping.\n");
2575 		dev->stats.rx_errors++;
2576 		return;
2577 	}
2578 
2579 	pci_unmap_single(priv->pci_dev, packet->dma_addr,
2580 			 sizeof(struct ipw2100_rx), PCI_DMA_FROMDEVICE);
2581 	memmove(packet->skb->data + sizeof(struct ipw_rt_hdr),
2582 		packet->skb->data, status->frame_size);
2583 
2584 	ipw_rt = (struct ipw_rt_hdr *) packet->skb->data;
2585 
2586 	ipw_rt->rt_hdr.it_version = PKTHDR_RADIOTAP_VERSION;
2587 	ipw_rt->rt_hdr.it_pad = 0; /* always good to zero */
2588 	ipw_rt->rt_hdr.it_len = cpu_to_le16(sizeof(struct ipw_rt_hdr)); /* total hdr+data */
2589 
2590 	ipw_rt->rt_hdr.it_present = cpu_to_le32(1 << IEEE80211_RADIOTAP_DBM_ANTSIGNAL);
2591 
2592 	ipw_rt->rt_dbmsignal = status->rssi + IPW2100_RSSI_TO_DBM;
2593 
2594 	skb_put(packet->skb, status->frame_size + sizeof(struct ipw_rt_hdr));
2595 
2596 	if (!libipw_rx(priv->ieee, packet->skb, stats)) {
2597 		dev->stats.rx_errors++;
2598 
2599 		/* libipw_rx failed, so it didn't free the SKB */
2600 		dev_kfree_skb_any(packet->skb);
2601 		packet->skb = NULL;
2602 	}
2603 
2604 	/* We need to allocate a new SKB and attach it to the RDB. */
2605 	if (unlikely(ipw2100_alloc_skb(priv, packet))) {
2606 		IPW_DEBUG_WARNING(
2607 			"%s: Unable to allocate SKB onto RBD ring - disabling "
2608 			"adapter.\n", dev->name);
2609 		/* TODO: schedule adapter shutdown */
2610 		IPW_DEBUG_INFO("TODO: Shutdown adapter...\n");
2611 	}
2612 
2613 	/* Update the RDB entry */
2614 	priv->rx_queue.drv[i].host_addr = packet->dma_addr;
2615 }
2616 
2617 #endif
2618 
2619 static int ipw2100_corruption_check(struct ipw2100_priv *priv, int i)
2620 {
2621 	struct ipw2100_status *status = &priv->status_queue.drv[i];
2622 	struct ipw2100_rx *u = priv->rx_buffers[i].rxp;
2623 	u16 frame_type = status->status_fields & STATUS_TYPE_MASK;
2624 
2625 	switch (frame_type) {
2626 	case COMMAND_STATUS_VAL:
2627 		return (status->frame_size != sizeof(u->rx_data.command));
2628 	case STATUS_CHANGE_VAL:
2629 		return (status->frame_size != sizeof(u->rx_data.status));
2630 	case HOST_NOTIFICATION_VAL:
2631 		return (status->frame_size < sizeof(u->rx_data.notification));
2632 	case P80211_DATA_VAL:
2633 	case P8023_DATA_VAL:
2634 #ifdef CONFIG_IPW2100_MONITOR
2635 		return 0;
2636 #else
2637 		switch (WLAN_FC_GET_TYPE(le16_to_cpu(u->rx_data.header.frame_ctl))) {
2638 		case IEEE80211_FTYPE_MGMT:
2639 		case IEEE80211_FTYPE_CTL:
2640 			return 0;
2641 		case IEEE80211_FTYPE_DATA:
2642 			return (status->frame_size >
2643 				IPW_MAX_802_11_PAYLOAD_LENGTH);
2644 		}
2645 #endif
2646 	}
2647 
2648 	return 1;
2649 }
2650 
2651 /*
2652  * ipw2100 interrupts are disabled at this point, and the ISR
2653  * is the only code that calls this method.  So, we do not need
2654  * to play with any locks.
2655  *
2656  * RX Queue works as follows:
2657  *
2658  * Read index - firmware places packet in entry identified by the
2659  *              Read index and advances Read index.  In this manner,
2660  *              Read index will always point to the next packet to
2661  *              be filled--but not yet valid.
2662  *
2663  * Write index - driver fills this entry with an unused RBD entry.
2664  *               This entry has not filled by the firmware yet.
2665  *
2666  * In between the W and R indexes are the RBDs that have been received
2667  * but not yet processed.
2668  *
2669  * The process of handling packets will start at WRITE + 1 and advance
2670  * until it reaches the READ index.
2671  *
2672  * The WRITE index is cached in the variable 'priv->rx_queue.next'.
2673  *
2674  */
2675 static void __ipw2100_rx_process(struct ipw2100_priv *priv)
2676 {
2677 	struct ipw2100_bd_queue *rxq = &priv->rx_queue;
2678 	struct ipw2100_status_queue *sq = &priv->status_queue;
2679 	struct ipw2100_rx_packet *packet;
2680 	u16 frame_type;
2681 	u32 r, w, i, s;
2682 	struct ipw2100_rx *u;
2683 	struct libipw_rx_stats stats = {
2684 		.mac_time = jiffies,
2685 	};
2686 
2687 	read_register(priv->net_dev, IPW_MEM_HOST_SHARED_RX_READ_INDEX, &r);
2688 	read_register(priv->net_dev, IPW_MEM_HOST_SHARED_RX_WRITE_INDEX, &w);
2689 
2690 	if (r >= rxq->entries) {
2691 		IPW_DEBUG_RX("exit - bad read index\n");
2692 		return;
2693 	}
2694 
2695 	i = (rxq->next + 1) % rxq->entries;
2696 	s = i;
2697 	while (i != r) {
2698 		/* IPW_DEBUG_RX("r = %d : w = %d : processing = %d\n",
2699 		   r, rxq->next, i); */
2700 
2701 		packet = &priv->rx_buffers[i];
2702 
2703 		/* Sync the DMA for the RX buffer so CPU is sure to get
2704 		 * the correct values */
2705 		pci_dma_sync_single_for_cpu(priv->pci_dev, packet->dma_addr,
2706 					    sizeof(struct ipw2100_rx),
2707 					    PCI_DMA_FROMDEVICE);
2708 
2709 		if (unlikely(ipw2100_corruption_check(priv, i))) {
2710 			ipw2100_corruption_detected(priv, i);
2711 			goto increment;
2712 		}
2713 
2714 		u = packet->rxp;
2715 		frame_type = sq->drv[i].status_fields & STATUS_TYPE_MASK;
2716 		stats.rssi = sq->drv[i].rssi + IPW2100_RSSI_TO_DBM;
2717 		stats.len = sq->drv[i].frame_size;
2718 
2719 		stats.mask = 0;
2720 		if (stats.rssi != 0)
2721 			stats.mask |= LIBIPW_STATMASK_RSSI;
2722 		stats.freq = LIBIPW_24GHZ_BAND;
2723 
2724 		IPW_DEBUG_RX("%s: '%s' frame type received (%d).\n",
2725 			     priv->net_dev->name, frame_types[frame_type],
2726 			     stats.len);
2727 
2728 		switch (frame_type) {
2729 		case COMMAND_STATUS_VAL:
2730 			/* Reset Rx watchdog */
2731 			isr_rx_complete_command(priv, &u->rx_data.command);
2732 			break;
2733 
2734 		case STATUS_CHANGE_VAL:
2735 			isr_status_change(priv, u->rx_data.status);
2736 			break;
2737 
2738 		case P80211_DATA_VAL:
2739 		case P8023_DATA_VAL:
2740 #ifdef CONFIG_IPW2100_MONITOR
2741 			if (priv->ieee->iw_mode == IW_MODE_MONITOR) {
2742 				isr_rx_monitor(priv, i, &stats);
2743 				break;
2744 			}
2745 #endif
2746 			if (stats.len < sizeof(struct libipw_hdr_3addr))
2747 				break;
2748 			switch (WLAN_FC_GET_TYPE(le16_to_cpu(u->rx_data.header.frame_ctl))) {
2749 			case IEEE80211_FTYPE_MGMT:
2750 				libipw_rx_mgt(priv->ieee,
2751 						 &u->rx_data.header, &stats);
2752 				break;
2753 
2754 			case IEEE80211_FTYPE_CTL:
2755 				break;
2756 
2757 			case IEEE80211_FTYPE_DATA:
2758 				isr_rx(priv, i, &stats);
2759 				break;
2760 
2761 			}
2762 			break;
2763 		}
2764 
2765 	      increment:
2766 		/* clear status field associated with this RBD */
2767 		rxq->drv[i].status.info.field = 0;
2768 
2769 		i = (i + 1) % rxq->entries;
2770 	}
2771 
2772 	if (i != s) {
2773 		/* backtrack one entry, wrapping to end if at 0 */
2774 		rxq->next = (i ? i : rxq->entries) - 1;
2775 
2776 		write_register(priv->net_dev,
2777 			       IPW_MEM_HOST_SHARED_RX_WRITE_INDEX, rxq->next);
2778 	}
2779 }
2780 
2781 /*
2782  * __ipw2100_tx_process
2783  *
2784  * This routine will determine whether the next packet on
2785  * the fw_pend_list has been processed by the firmware yet.
2786  *
2787  * If not, then it does nothing and returns.
2788  *
2789  * If so, then it removes the item from the fw_pend_list, frees
2790  * any associated storage, and places the item back on the
2791  * free list of its source (either msg_free_list or tx_free_list)
2792  *
2793  * TX Queue works as follows:
2794  *
2795  * Read index - points to the next TBD that the firmware will
2796  *              process.  The firmware will read the data, and once
2797  *              done processing, it will advance the Read index.
2798  *
2799  * Write index - driver fills this entry with an constructed TBD
2800  *               entry.  The Write index is not advanced until the
2801  *               packet has been configured.
2802  *
2803  * In between the W and R indexes are the TBDs that have NOT been
2804  * processed.  Lagging behind the R index are packets that have
2805  * been processed but have not been freed by the driver.
2806  *
2807  * In order to free old storage, an internal index will be maintained
2808  * that points to the next packet to be freed.  When all used
2809  * packets have been freed, the oldest index will be the same as the
2810  * firmware's read index.
2811  *
2812  * The OLDEST index is cached in the variable 'priv->tx_queue.oldest'
2813  *
2814  * Because the TBD structure can not contain arbitrary data, the
2815  * driver must keep an internal queue of cached allocations such that
2816  * it can put that data back into the tx_free_list and msg_free_list
2817  * for use by future command and data packets.
2818  *
2819  */
2820 static int __ipw2100_tx_process(struct ipw2100_priv *priv)
2821 {
2822 	struct ipw2100_bd_queue *txq = &priv->tx_queue;
2823 	struct ipw2100_bd *tbd;
2824 	struct list_head *element;
2825 	struct ipw2100_tx_packet *packet;
2826 	int descriptors_used;
2827 	int e, i;
2828 	u32 r, w, frag_num = 0;
2829 
2830 	if (list_empty(&priv->fw_pend_list))
2831 		return 0;
2832 
2833 	element = priv->fw_pend_list.next;
2834 
2835 	packet = list_entry(element, struct ipw2100_tx_packet, list);
2836 	tbd = &txq->drv[packet->index];
2837 
2838 	/* Determine how many TBD entries must be finished... */
2839 	switch (packet->type) {
2840 	case COMMAND:
2841 		/* COMMAND uses only one slot; don't advance */
2842 		descriptors_used = 1;
2843 		e = txq->oldest;
2844 		break;
2845 
2846 	case DATA:
2847 		/* DATA uses two slots; advance and loop position. */
2848 		descriptors_used = tbd->num_fragments;
2849 		frag_num = tbd->num_fragments - 1;
2850 		e = txq->oldest + frag_num;
2851 		e %= txq->entries;
2852 		break;
2853 
2854 	default:
2855 		printk(KERN_WARNING DRV_NAME ": %s: Bad fw_pend_list entry!\n",
2856 		       priv->net_dev->name);
2857 		return 0;
2858 	}
2859 
2860 	/* if the last TBD is not done by NIC yet, then packet is
2861 	 * not ready to be released.
2862 	 *
2863 	 */
2864 	read_register(priv->net_dev, IPW_MEM_HOST_SHARED_TX_QUEUE_READ_INDEX,
2865 		      &r);
2866 	read_register(priv->net_dev, IPW_MEM_HOST_SHARED_TX_QUEUE_WRITE_INDEX,
2867 		      &w);
2868 	if (w != txq->next)
2869 		printk(KERN_WARNING DRV_NAME ": %s: write index mismatch\n",
2870 		       priv->net_dev->name);
2871 
2872 	/*
2873 	 * txq->next is the index of the last packet written txq->oldest is
2874 	 * the index of the r is the index of the next packet to be read by
2875 	 * firmware
2876 	 */
2877 
2878 	/*
2879 	 * Quick graphic to help you visualize the following
2880 	 * if / else statement
2881 	 *
2882 	 * ===>|                     s---->|===============
2883 	 *                               e>|
2884 	 * | a | b | c | d | e | f | g | h | i | j | k | l
2885 	 *       r---->|
2886 	 *               w
2887 	 *
2888 	 * w - updated by driver
2889 	 * r - updated by firmware
2890 	 * s - start of oldest BD entry (txq->oldest)
2891 	 * e - end of oldest BD entry
2892 	 *
2893 	 */
2894 	if (!((r <= w && (e < r || e >= w)) || (e < r && e >= w))) {
2895 		IPW_DEBUG_TX("exit - no processed packets ready to release.\n");
2896 		return 0;
2897 	}
2898 
2899 	list_del(element);
2900 	DEC_STAT(&priv->fw_pend_stat);
2901 
2902 #ifdef CONFIG_IPW2100_DEBUG
2903 	{
2904 		i = txq->oldest;
2905 		IPW_DEBUG_TX("TX%d V=%p P=%04X T=%04X L=%d\n", i,
2906 			     &txq->drv[i],
2907 			     (u32) (txq->nic + i * sizeof(struct ipw2100_bd)),
2908 			     txq->drv[i].host_addr, txq->drv[i].buf_length);
2909 
2910 		if (packet->type == DATA) {
2911 			i = (i + 1) % txq->entries;
2912 
2913 			IPW_DEBUG_TX("TX%d V=%p P=%04X T=%04X L=%d\n", i,
2914 				     &txq->drv[i],
2915 				     (u32) (txq->nic + i *
2916 					    sizeof(struct ipw2100_bd)),
2917 				     (u32) txq->drv[i].host_addr,
2918 				     txq->drv[i].buf_length);
2919 		}
2920 	}
2921 #endif
2922 
2923 	switch (packet->type) {
2924 	case DATA:
2925 		if (txq->drv[txq->oldest].status.info.fields.txType != 0)
2926 			printk(KERN_WARNING DRV_NAME ": %s: Queue mismatch.  "
2927 			       "Expecting DATA TBD but pulled "
2928 			       "something else: ids %d=%d.\n",
2929 			       priv->net_dev->name, txq->oldest, packet->index);
2930 
2931 		/* DATA packet; we have to unmap and free the SKB */
2932 		for (i = 0; i < frag_num; i++) {
2933 			tbd = &txq->drv[(packet->index + 1 + i) % txq->entries];
2934 
2935 			IPW_DEBUG_TX("TX%d P=%08x L=%d\n",
2936 				     (packet->index + 1 + i) % txq->entries,
2937 				     tbd->host_addr, tbd->buf_length);
2938 
2939 			pci_unmap_single(priv->pci_dev,
2940 					 tbd->host_addr,
2941 					 tbd->buf_length, PCI_DMA_TODEVICE);
2942 		}
2943 
2944 		libipw_txb_free(packet->info.d_struct.txb);
2945 		packet->info.d_struct.txb = NULL;
2946 
2947 		list_add_tail(element, &priv->tx_free_list);
2948 		INC_STAT(&priv->tx_free_stat);
2949 
2950 		/* We have a free slot in the Tx queue, so wake up the
2951 		 * transmit layer if it is stopped. */
2952 		if (priv->status & STATUS_ASSOCIATED)
2953 			netif_wake_queue(priv->net_dev);
2954 
2955 		/* A packet was processed by the hardware, so update the
2956 		 * watchdog */
2957 		netif_trans_update(priv->net_dev);
2958 
2959 		break;
2960 
2961 	case COMMAND:
2962 		if (txq->drv[txq->oldest].status.info.fields.txType != 1)
2963 			printk(KERN_WARNING DRV_NAME ": %s: Queue mismatch.  "
2964 			       "Expecting COMMAND TBD but pulled "
2965 			       "something else: ids %d=%d.\n",
2966 			       priv->net_dev->name, txq->oldest, packet->index);
2967 
2968 #ifdef CONFIG_IPW2100_DEBUG
2969 		if (packet->info.c_struct.cmd->host_command_reg <
2970 		    ARRAY_SIZE(command_types))
2971 			IPW_DEBUG_TX("Command '%s (%d)' processed: %d.\n",
2972 				     command_types[packet->info.c_struct.cmd->
2973 						   host_command_reg],
2974 				     packet->info.c_struct.cmd->
2975 				     host_command_reg,
2976 				     packet->info.c_struct.cmd->cmd_status_reg);
2977 #endif
2978 
2979 		list_add_tail(element, &priv->msg_free_list);
2980 		INC_STAT(&priv->msg_free_stat);
2981 		break;
2982 	}
2983 
2984 	/* advance oldest used TBD pointer to start of next entry */
2985 	txq->oldest = (e + 1) % txq->entries;
2986 	/* increase available TBDs number */
2987 	txq->available += descriptors_used;
2988 	SET_STAT(&priv->txq_stat, txq->available);
2989 
2990 	IPW_DEBUG_TX("packet latency (send to process)  %ld jiffies\n",
2991 		     jiffies - packet->jiffy_start);
2992 
2993 	return (!list_empty(&priv->fw_pend_list));
2994 }
2995 
2996 static inline void __ipw2100_tx_complete(struct ipw2100_priv *priv)
2997 {
2998 	int i = 0;
2999 
3000 	while (__ipw2100_tx_process(priv) && i < 200)
3001 		i++;
3002 
3003 	if (i == 200) {
3004 		printk(KERN_WARNING DRV_NAME ": "
3005 		       "%s: Driver is running slow (%d iters).\n",
3006 		       priv->net_dev->name, i);
3007 	}
3008 }
3009 
3010 static void ipw2100_tx_send_commands(struct ipw2100_priv *priv)
3011 {
3012 	struct list_head *element;
3013 	struct ipw2100_tx_packet *packet;
3014 	struct ipw2100_bd_queue *txq = &priv->tx_queue;
3015 	struct ipw2100_bd *tbd;
3016 	int next = txq->next;
3017 
3018 	while (!list_empty(&priv->msg_pend_list)) {
3019 		/* if there isn't enough space in TBD queue, then
3020 		 * don't stuff a new one in.
3021 		 * NOTE: 3 are needed as a command will take one,
3022 		 *       and there is a minimum of 2 that must be
3023 		 *       maintained between the r and w indexes
3024 		 */
3025 		if (txq->available <= 3) {
3026 			IPW_DEBUG_TX("no room in tx_queue\n");
3027 			break;
3028 		}
3029 
3030 		element = priv->msg_pend_list.next;
3031 		list_del(element);
3032 		DEC_STAT(&priv->msg_pend_stat);
3033 
3034 		packet = list_entry(element, struct ipw2100_tx_packet, list);
3035 
3036 		IPW_DEBUG_TX("using TBD at virt=%p, phys=%04X\n",
3037 			     &txq->drv[txq->next],
3038 			     (u32) (txq->nic + txq->next *
3039 				      sizeof(struct ipw2100_bd)));
3040 
3041 		packet->index = txq->next;
3042 
3043 		tbd = &txq->drv[txq->next];
3044 
3045 		/* initialize TBD */
3046 		tbd->host_addr = packet->info.c_struct.cmd_phys;
3047 		tbd->buf_length = sizeof(struct ipw2100_cmd_header);
3048 		/* not marking number of fragments causes problems
3049 		 * with f/w debug version */
3050 		tbd->num_fragments = 1;
3051 		tbd->status.info.field =
3052 		    IPW_BD_STATUS_TX_FRAME_COMMAND |
3053 		    IPW_BD_STATUS_TX_INTERRUPT_ENABLE;
3054 
3055 		/* update TBD queue counters */
3056 		txq->next++;
3057 		txq->next %= txq->entries;
3058 		txq->available--;
3059 		DEC_STAT(&priv->txq_stat);
3060 
3061 		list_add_tail(element, &priv->fw_pend_list);
3062 		INC_STAT(&priv->fw_pend_stat);
3063 	}
3064 
3065 	if (txq->next != next) {
3066 		/* kick off the DMA by notifying firmware the
3067 		 * write index has moved; make sure TBD stores are sync'd */
3068 		wmb();
3069 		write_register(priv->net_dev,
3070 			       IPW_MEM_HOST_SHARED_TX_QUEUE_WRITE_INDEX,
3071 			       txq->next);
3072 	}
3073 }
3074 
3075 /*
3076  * ipw2100_tx_send_data
3077  *
3078  */
3079 static void ipw2100_tx_send_data(struct ipw2100_priv *priv)
3080 {
3081 	struct list_head *element;
3082 	struct ipw2100_tx_packet *packet;
3083 	struct ipw2100_bd_queue *txq = &priv->tx_queue;
3084 	struct ipw2100_bd *tbd;
3085 	int next = txq->next;
3086 	int i = 0;
3087 	struct ipw2100_data_header *ipw_hdr;
3088 	struct libipw_hdr_3addr *hdr;
3089 
3090 	while (!list_empty(&priv->tx_pend_list)) {
3091 		/* if there isn't enough space in TBD queue, then
3092 		 * don't stuff a new one in.
3093 		 * NOTE: 4 are needed as a data will take two,
3094 		 *       and there is a minimum of 2 that must be
3095 		 *       maintained between the r and w indexes
3096 		 */
3097 		element = priv->tx_pend_list.next;
3098 		packet = list_entry(element, struct ipw2100_tx_packet, list);
3099 
3100 		if (unlikely(1 + packet->info.d_struct.txb->nr_frags >
3101 			     IPW_MAX_BDS)) {
3102 			/* TODO: Support merging buffers if more than
3103 			 * IPW_MAX_BDS are used */
3104 			IPW_DEBUG_INFO("%s: Maximum BD threshold exceeded.  "
3105 				       "Increase fragmentation level.\n",
3106 				       priv->net_dev->name);
3107 		}
3108 
3109 		if (txq->available <= 3 + packet->info.d_struct.txb->nr_frags) {
3110 			IPW_DEBUG_TX("no room in tx_queue\n");
3111 			break;
3112 		}
3113 
3114 		list_del(element);
3115 		DEC_STAT(&priv->tx_pend_stat);
3116 
3117 		tbd = &txq->drv[txq->next];
3118 
3119 		packet->index = txq->next;
3120 
3121 		ipw_hdr = packet->info.d_struct.data;
3122 		hdr = (struct libipw_hdr_3addr *)packet->info.d_struct.txb->
3123 		    fragments[0]->data;
3124 
3125 		if (priv->ieee->iw_mode == IW_MODE_INFRA) {
3126 			/* To DS: Addr1 = BSSID, Addr2 = SA,
3127 			   Addr3 = DA */
3128 			memcpy(ipw_hdr->src_addr, hdr->addr2, ETH_ALEN);
3129 			memcpy(ipw_hdr->dst_addr, hdr->addr3, ETH_ALEN);
3130 		} else if (priv->ieee->iw_mode == IW_MODE_ADHOC) {
3131 			/* not From/To DS: Addr1 = DA, Addr2 = SA,
3132 			   Addr3 = BSSID */
3133 			memcpy(ipw_hdr->src_addr, hdr->addr2, ETH_ALEN);
3134 			memcpy(ipw_hdr->dst_addr, hdr->addr1, ETH_ALEN);
3135 		}
3136 
3137 		ipw_hdr->host_command_reg = SEND;
3138 		ipw_hdr->host_command_reg1 = 0;
3139 
3140 		/* For now we only support host based encryption */
3141 		ipw_hdr->needs_encryption = 0;
3142 		ipw_hdr->encrypted = packet->info.d_struct.txb->encrypted;
3143 		if (packet->info.d_struct.txb->nr_frags > 1)
3144 			ipw_hdr->fragment_size =
3145 			    packet->info.d_struct.txb->frag_size -
3146 			    LIBIPW_3ADDR_LEN;
3147 		else
3148 			ipw_hdr->fragment_size = 0;
3149 
3150 		tbd->host_addr = packet->info.d_struct.data_phys;
3151 		tbd->buf_length = sizeof(struct ipw2100_data_header);
3152 		tbd->num_fragments = 1 + packet->info.d_struct.txb->nr_frags;
3153 		tbd->status.info.field =
3154 		    IPW_BD_STATUS_TX_FRAME_802_3 |
3155 		    IPW_BD_STATUS_TX_FRAME_NOT_LAST_FRAGMENT;
3156 		txq->next++;
3157 		txq->next %= txq->entries;
3158 
3159 		IPW_DEBUG_TX("data header tbd TX%d P=%08x L=%d\n",
3160 			     packet->index, tbd->host_addr, tbd->buf_length);
3161 #ifdef CONFIG_IPW2100_DEBUG
3162 		if (packet->info.d_struct.txb->nr_frags > 1)
3163 			IPW_DEBUG_FRAG("fragment Tx: %d frames\n",
3164 				       packet->info.d_struct.txb->nr_frags);
3165 #endif
3166 
3167 		for (i = 0; i < packet->info.d_struct.txb->nr_frags; i++) {
3168 			tbd = &txq->drv[txq->next];
3169 			if (i == packet->info.d_struct.txb->nr_frags - 1)
3170 				tbd->status.info.field =
3171 				    IPW_BD_STATUS_TX_FRAME_802_3 |
3172 				    IPW_BD_STATUS_TX_INTERRUPT_ENABLE;
3173 			else
3174 				tbd->status.info.field =
3175 				    IPW_BD_STATUS_TX_FRAME_802_3 |
3176 				    IPW_BD_STATUS_TX_FRAME_NOT_LAST_FRAGMENT;
3177 
3178 			tbd->buf_length = packet->info.d_struct.txb->
3179 			    fragments[i]->len - LIBIPW_3ADDR_LEN;
3180 
3181 			tbd->host_addr = pci_map_single(priv->pci_dev,
3182 							packet->info.d_struct.
3183 							txb->fragments[i]->
3184 							data +
3185 							LIBIPW_3ADDR_LEN,
3186 							tbd->buf_length,
3187 							PCI_DMA_TODEVICE);
3188 			if (pci_dma_mapping_error(priv->pci_dev,
3189 						  tbd->host_addr)) {
3190 				IPW_DEBUG_TX("dma mapping error\n");
3191 				break;
3192 			}
3193 
3194 			IPW_DEBUG_TX("data frag tbd TX%d P=%08x L=%d\n",
3195 				     txq->next, tbd->host_addr,
3196 				     tbd->buf_length);
3197 
3198 			pci_dma_sync_single_for_device(priv->pci_dev,
3199 						       tbd->host_addr,
3200 						       tbd->buf_length,
3201 						       PCI_DMA_TODEVICE);
3202 
3203 			txq->next++;
3204 			txq->next %= txq->entries;
3205 		}
3206 
3207 		txq->available -= 1 + packet->info.d_struct.txb->nr_frags;
3208 		SET_STAT(&priv->txq_stat, txq->available);
3209 
3210 		list_add_tail(element, &priv->fw_pend_list);
3211 		INC_STAT(&priv->fw_pend_stat);
3212 	}
3213 
3214 	if (txq->next != next) {
3215 		/* kick off the DMA by notifying firmware the
3216 		 * write index has moved; make sure TBD stores are sync'd */
3217 		write_register(priv->net_dev,
3218 			       IPW_MEM_HOST_SHARED_TX_QUEUE_WRITE_INDEX,
3219 			       txq->next);
3220 	}
3221 }
3222 
3223 static void ipw2100_irq_tasklet(struct ipw2100_priv *priv)
3224 {
3225 	struct net_device *dev = priv->net_dev;
3226 	unsigned long flags;
3227 	u32 inta, tmp;
3228 
3229 	spin_lock_irqsave(&priv->low_lock, flags);
3230 	ipw2100_disable_interrupts(priv);
3231 
3232 	read_register(dev, IPW_REG_INTA, &inta);
3233 
3234 	IPW_DEBUG_ISR("enter - INTA: 0x%08lX\n",
3235 		      (unsigned long)inta & IPW_INTERRUPT_MASK);
3236 
3237 	priv->in_isr++;
3238 	priv->interrupts++;
3239 
3240 	/* We do not loop and keep polling for more interrupts as this
3241 	 * is frowned upon and doesn't play nicely with other potentially
3242 	 * chained IRQs */
3243 	IPW_DEBUG_ISR("INTA: 0x%08lX\n",
3244 		      (unsigned long)inta & IPW_INTERRUPT_MASK);
3245 
3246 	if (inta & IPW2100_INTA_FATAL_ERROR) {
3247 		printk(KERN_WARNING DRV_NAME
3248 		       ": Fatal interrupt. Scheduling firmware restart.\n");
3249 		priv->inta_other++;
3250 		write_register(dev, IPW_REG_INTA, IPW2100_INTA_FATAL_ERROR);
3251 
3252 		read_nic_dword(dev, IPW_NIC_FATAL_ERROR, &priv->fatal_error);
3253 		IPW_DEBUG_INFO("%s: Fatal error value: 0x%08X\n",
3254 			       priv->net_dev->name, priv->fatal_error);
3255 
3256 		read_nic_dword(dev, IPW_ERROR_ADDR(priv->fatal_error), &tmp);
3257 		IPW_DEBUG_INFO("%s: Fatal error address value: 0x%08X\n",
3258 			       priv->net_dev->name, tmp);
3259 
3260 		/* Wake up any sleeping jobs */
3261 		schedule_reset(priv);
3262 	}
3263 
3264 	if (inta & IPW2100_INTA_PARITY_ERROR) {
3265 		printk(KERN_ERR DRV_NAME
3266 		       ": ***** PARITY ERROR INTERRUPT !!!!\n");
3267 		priv->inta_other++;
3268 		write_register(dev, IPW_REG_INTA, IPW2100_INTA_PARITY_ERROR);
3269 	}
3270 
3271 	if (inta & IPW2100_INTA_RX_TRANSFER) {
3272 		IPW_DEBUG_ISR("RX interrupt\n");
3273 
3274 		priv->rx_interrupts++;
3275 
3276 		write_register(dev, IPW_REG_INTA, IPW2100_INTA_RX_TRANSFER);
3277 
3278 		__ipw2100_rx_process(priv);
3279 		__ipw2100_tx_complete(priv);
3280 	}
3281 
3282 	if (inta & IPW2100_INTA_TX_TRANSFER) {
3283 		IPW_DEBUG_ISR("TX interrupt\n");
3284 
3285 		priv->tx_interrupts++;
3286 
3287 		write_register(dev, IPW_REG_INTA, IPW2100_INTA_TX_TRANSFER);
3288 
3289 		__ipw2100_tx_complete(priv);
3290 		ipw2100_tx_send_commands(priv);
3291 		ipw2100_tx_send_data(priv);
3292 	}
3293 
3294 	if (inta & IPW2100_INTA_TX_COMPLETE) {
3295 		IPW_DEBUG_ISR("TX complete\n");
3296 		priv->inta_other++;
3297 		write_register(dev, IPW_REG_INTA, IPW2100_INTA_TX_COMPLETE);
3298 
3299 		__ipw2100_tx_complete(priv);
3300 	}
3301 
3302 	if (inta & IPW2100_INTA_EVENT_INTERRUPT) {
3303 		/* ipw2100_handle_event(dev); */
3304 		priv->inta_other++;
3305 		write_register(dev, IPW_REG_INTA, IPW2100_INTA_EVENT_INTERRUPT);
3306 	}
3307 
3308 	if (inta & IPW2100_INTA_FW_INIT_DONE) {
3309 		IPW_DEBUG_ISR("FW init done interrupt\n");
3310 		priv->inta_other++;
3311 
3312 		read_register(dev, IPW_REG_INTA, &tmp);
3313 		if (tmp & (IPW2100_INTA_FATAL_ERROR |
3314 			   IPW2100_INTA_PARITY_ERROR)) {
3315 			write_register(dev, IPW_REG_INTA,
3316 				       IPW2100_INTA_FATAL_ERROR |
3317 				       IPW2100_INTA_PARITY_ERROR);
3318 		}
3319 
3320 		write_register(dev, IPW_REG_INTA, IPW2100_INTA_FW_INIT_DONE);
3321 	}
3322 
3323 	if (inta & IPW2100_INTA_STATUS_CHANGE) {
3324 		IPW_DEBUG_ISR("Status change interrupt\n");
3325 		priv->inta_other++;
3326 		write_register(dev, IPW_REG_INTA, IPW2100_INTA_STATUS_CHANGE);
3327 	}
3328 
3329 	if (inta & IPW2100_INTA_SLAVE_MODE_HOST_COMMAND_DONE) {
3330 		IPW_DEBUG_ISR("slave host mode interrupt\n");
3331 		priv->inta_other++;
3332 		write_register(dev, IPW_REG_INTA,
3333 			       IPW2100_INTA_SLAVE_MODE_HOST_COMMAND_DONE);
3334 	}
3335 
3336 	priv->in_isr--;
3337 	ipw2100_enable_interrupts(priv);
3338 
3339 	spin_unlock_irqrestore(&priv->low_lock, flags);
3340 
3341 	IPW_DEBUG_ISR("exit\n");
3342 }
3343 
3344 static irqreturn_t ipw2100_interrupt(int irq, void *data)
3345 {
3346 	struct ipw2100_priv *priv = data;
3347 	u32 inta, inta_mask;
3348 
3349 	if (!data)
3350 		return IRQ_NONE;
3351 
3352 	spin_lock(&priv->low_lock);
3353 
3354 	/* We check to see if we should be ignoring interrupts before
3355 	 * we touch the hardware.  During ucode load if we try and handle
3356 	 * an interrupt we can cause keyboard problems as well as cause
3357 	 * the ucode to fail to initialize */
3358 	if (!(priv->status & STATUS_INT_ENABLED)) {
3359 		/* Shared IRQ */
3360 		goto none;
3361 	}
3362 
3363 	read_register(priv->net_dev, IPW_REG_INTA_MASK, &inta_mask);
3364 	read_register(priv->net_dev, IPW_REG_INTA, &inta);
3365 
3366 	if (inta == 0xFFFFFFFF) {
3367 		/* Hardware disappeared */
3368 		printk(KERN_WARNING DRV_NAME ": IRQ INTA == 0xFFFFFFFF\n");
3369 		goto none;
3370 	}
3371 
3372 	inta &= IPW_INTERRUPT_MASK;
3373 
3374 	if (!(inta & inta_mask)) {
3375 		/* Shared interrupt */
3376 		goto none;
3377 	}
3378 
3379 	/* We disable the hardware interrupt here just to prevent unneeded
3380 	 * calls to be made.  We disable this again within the actual
3381 	 * work tasklet, so if another part of the code re-enables the
3382 	 * interrupt, that is fine */
3383 	ipw2100_disable_interrupts(priv);
3384 
3385 	tasklet_schedule(&priv->irq_tasklet);
3386 	spin_unlock(&priv->low_lock);
3387 
3388 	return IRQ_HANDLED;
3389       none:
3390 	spin_unlock(&priv->low_lock);
3391 	return IRQ_NONE;
3392 }
3393 
3394 static netdev_tx_t ipw2100_tx(struct libipw_txb *txb,
3395 			      struct net_device *dev, int pri)
3396 {
3397 	struct ipw2100_priv *priv = libipw_priv(dev);
3398 	struct list_head *element;
3399 	struct ipw2100_tx_packet *packet;
3400 	unsigned long flags;
3401 
3402 	spin_lock_irqsave(&priv->low_lock, flags);
3403 
3404 	if (!(priv->status & STATUS_ASSOCIATED)) {
3405 		IPW_DEBUG_INFO("Can not transmit when not connected.\n");
3406 		priv->net_dev->stats.tx_carrier_errors++;
3407 		netif_stop_queue(dev);
3408 		goto fail_unlock;
3409 	}
3410 
3411 	if (list_empty(&priv->tx_free_list))
3412 		goto fail_unlock;
3413 
3414 	element = priv->tx_free_list.next;
3415 	packet = list_entry(element, struct ipw2100_tx_packet, list);
3416 
3417 	packet->info.d_struct.txb = txb;
3418 
3419 	IPW_DEBUG_TX("Sending fragment (%d bytes):\n", txb->fragments[0]->len);
3420 	printk_buf(IPW_DL_TX, txb->fragments[0]->data, txb->fragments[0]->len);
3421 
3422 	packet->jiffy_start = jiffies;
3423 
3424 	list_del(element);
3425 	DEC_STAT(&priv->tx_free_stat);
3426 
3427 	list_add_tail(element, &priv->tx_pend_list);
3428 	INC_STAT(&priv->tx_pend_stat);
3429 
3430 	ipw2100_tx_send_data(priv);
3431 
3432 	spin_unlock_irqrestore(&priv->low_lock, flags);
3433 	return NETDEV_TX_OK;
3434 
3435 fail_unlock:
3436 	netif_stop_queue(dev);
3437 	spin_unlock_irqrestore(&priv->low_lock, flags);
3438 	return NETDEV_TX_BUSY;
3439 }
3440 
3441 static int ipw2100_msg_allocate(struct ipw2100_priv *priv)
3442 {
3443 	int i, j, err = -EINVAL;
3444 	void *v;
3445 	dma_addr_t p;
3446 
3447 	priv->msg_buffers =
3448 	    kmalloc(IPW_COMMAND_POOL_SIZE * sizeof(struct ipw2100_tx_packet),
3449 		    GFP_KERNEL);
3450 	if (!priv->msg_buffers)
3451 		return -ENOMEM;
3452 
3453 	for (i = 0; i < IPW_COMMAND_POOL_SIZE; i++) {
3454 		v = pci_zalloc_consistent(priv->pci_dev,
3455 					  sizeof(struct ipw2100_cmd_header),
3456 					  &p);
3457 		if (!v) {
3458 			printk(KERN_ERR DRV_NAME ": "
3459 			       "%s: PCI alloc failed for msg "
3460 			       "buffers.\n", priv->net_dev->name);
3461 			err = -ENOMEM;
3462 			break;
3463 		}
3464 
3465 		priv->msg_buffers[i].type = COMMAND;
3466 		priv->msg_buffers[i].info.c_struct.cmd =
3467 		    (struct ipw2100_cmd_header *)v;
3468 		priv->msg_buffers[i].info.c_struct.cmd_phys = p;
3469 	}
3470 
3471 	if (i == IPW_COMMAND_POOL_SIZE)
3472 		return 0;
3473 
3474 	for (j = 0; j < i; j++) {
3475 		pci_free_consistent(priv->pci_dev,
3476 				    sizeof(struct ipw2100_cmd_header),
3477 				    priv->msg_buffers[j].info.c_struct.cmd,
3478 				    priv->msg_buffers[j].info.c_struct.
3479 				    cmd_phys);
3480 	}
3481 
3482 	kfree(priv->msg_buffers);
3483 	priv->msg_buffers = NULL;
3484 
3485 	return err;
3486 }
3487 
3488 static int ipw2100_msg_initialize(struct ipw2100_priv *priv)
3489 {
3490 	int i;
3491 
3492 	INIT_LIST_HEAD(&priv->msg_free_list);
3493 	INIT_LIST_HEAD(&priv->msg_pend_list);
3494 
3495 	for (i = 0; i < IPW_COMMAND_POOL_SIZE; i++)
3496 		list_add_tail(&priv->msg_buffers[i].list, &priv->msg_free_list);
3497 	SET_STAT(&priv->msg_free_stat, i);
3498 
3499 	return 0;
3500 }
3501 
3502 static void ipw2100_msg_free(struct ipw2100_priv *priv)
3503 {
3504 	int i;
3505 
3506 	if (!priv->msg_buffers)
3507 		return;
3508 
3509 	for (i = 0; i < IPW_COMMAND_POOL_SIZE; i++) {
3510 		pci_free_consistent(priv->pci_dev,
3511 				    sizeof(struct ipw2100_cmd_header),
3512 				    priv->msg_buffers[i].info.c_struct.cmd,
3513 				    priv->msg_buffers[i].info.c_struct.
3514 				    cmd_phys);
3515 	}
3516 
3517 	kfree(priv->msg_buffers);
3518 	priv->msg_buffers = NULL;
3519 }
3520 
3521 static ssize_t show_pci(struct device *d, struct device_attribute *attr,
3522 			char *buf)
3523 {
3524 	struct pci_dev *pci_dev = to_pci_dev(d);
3525 	char *out = buf;
3526 	int i, j;
3527 	u32 val;
3528 
3529 	for (i = 0; i < 16; i++) {
3530 		out += sprintf(out, "[%08X] ", i * 16);
3531 		for (j = 0; j < 16; j += 4) {
3532 			pci_read_config_dword(pci_dev, i * 16 + j, &val);
3533 			out += sprintf(out, "%08X ", val);
3534 		}
3535 		out += sprintf(out, "\n");
3536 	}
3537 
3538 	return out - buf;
3539 }
3540 
3541 static DEVICE_ATTR(pci, S_IRUGO, show_pci, NULL);
3542 
3543 static ssize_t show_cfg(struct device *d, struct device_attribute *attr,
3544 			char *buf)
3545 {
3546 	struct ipw2100_priv *p = dev_get_drvdata(d);
3547 	return sprintf(buf, "0x%08x\n", (int)p->config);
3548 }
3549 
3550 static DEVICE_ATTR(cfg, S_IRUGO, show_cfg, NULL);
3551 
3552 static ssize_t show_status(struct device *d, struct device_attribute *attr,
3553 			   char *buf)
3554 {
3555 	struct ipw2100_priv *p = dev_get_drvdata(d);
3556 	return sprintf(buf, "0x%08x\n", (int)p->status);
3557 }
3558 
3559 static DEVICE_ATTR(status, S_IRUGO, show_status, NULL);
3560 
3561 static ssize_t show_capability(struct device *d, struct device_attribute *attr,
3562 			       char *buf)
3563 {
3564 	struct ipw2100_priv *p = dev_get_drvdata(d);
3565 	return sprintf(buf, "0x%08x\n", (int)p->capability);
3566 }
3567 
3568 static DEVICE_ATTR(capability, S_IRUGO, show_capability, NULL);
3569 
3570 #define IPW2100_REG(x) { IPW_ ##x, #x }
3571 static const struct {
3572 	u32 addr;
3573 	const char *name;
3574 } hw_data[] = {
3575 IPW2100_REG(REG_GP_CNTRL),
3576 	    IPW2100_REG(REG_GPIO),
3577 	    IPW2100_REG(REG_INTA),
3578 	    IPW2100_REG(REG_INTA_MASK), IPW2100_REG(REG_RESET_REG),};
3579 #define IPW2100_NIC(x, s) { x, #x, s }
3580 static const struct {
3581 	u32 addr;
3582 	const char *name;
3583 	size_t size;
3584 } nic_data[] = {
3585 IPW2100_NIC(IPW2100_CONTROL_REG, 2),
3586 	    IPW2100_NIC(0x210014, 1), IPW2100_NIC(0x210000, 1),};
3587 #define IPW2100_ORD(x, d) { IPW_ORD_ ##x, #x, d }
3588 static const struct {
3589 	u8 index;
3590 	const char *name;
3591 	const char *desc;
3592 } ord_data[] = {
3593 IPW2100_ORD(STAT_TX_HOST_REQUESTS, "requested Host Tx's (MSDU)"),
3594 	    IPW2100_ORD(STAT_TX_HOST_COMPLETE,
3595 				"successful Host Tx's (MSDU)"),
3596 	    IPW2100_ORD(STAT_TX_DIR_DATA,
3597 				"successful Directed Tx's (MSDU)"),
3598 	    IPW2100_ORD(STAT_TX_DIR_DATA1,
3599 				"successful Directed Tx's (MSDU) @ 1MB"),
3600 	    IPW2100_ORD(STAT_TX_DIR_DATA2,
3601 				"successful Directed Tx's (MSDU) @ 2MB"),
3602 	    IPW2100_ORD(STAT_TX_DIR_DATA5_5,
3603 				"successful Directed Tx's (MSDU) @ 5_5MB"),
3604 	    IPW2100_ORD(STAT_TX_DIR_DATA11,
3605 				"successful Directed Tx's (MSDU) @ 11MB"),
3606 	    IPW2100_ORD(STAT_TX_NODIR_DATA1,
3607 				"successful Non_Directed Tx's (MSDU) @ 1MB"),
3608 	    IPW2100_ORD(STAT_TX_NODIR_DATA2,
3609 				"successful Non_Directed Tx's (MSDU) @ 2MB"),
3610 	    IPW2100_ORD(STAT_TX_NODIR_DATA5_5,
3611 				"successful Non_Directed Tx's (MSDU) @ 5.5MB"),
3612 	    IPW2100_ORD(STAT_TX_NODIR_DATA11,
3613 				"successful Non_Directed Tx's (MSDU) @ 11MB"),
3614 	    IPW2100_ORD(STAT_NULL_DATA, "successful NULL data Tx's"),
3615 	    IPW2100_ORD(STAT_TX_RTS, "successful Tx RTS"),
3616 	    IPW2100_ORD(STAT_TX_CTS, "successful Tx CTS"),
3617 	    IPW2100_ORD(STAT_TX_ACK, "successful Tx ACK"),
3618 	    IPW2100_ORD(STAT_TX_ASSN, "successful Association Tx's"),
3619 	    IPW2100_ORD(STAT_TX_ASSN_RESP,
3620 				"successful Association response Tx's"),
3621 	    IPW2100_ORD(STAT_TX_REASSN,
3622 				"successful Reassociation Tx's"),
3623 	    IPW2100_ORD(STAT_TX_REASSN_RESP,
3624 				"successful Reassociation response Tx's"),
3625 	    IPW2100_ORD(STAT_TX_PROBE,
3626 				"probes successfully transmitted"),
3627 	    IPW2100_ORD(STAT_TX_PROBE_RESP,
3628 				"probe responses successfully transmitted"),
3629 	    IPW2100_ORD(STAT_TX_BEACON, "tx beacon"),
3630 	    IPW2100_ORD(STAT_TX_ATIM, "Tx ATIM"),
3631 	    IPW2100_ORD(STAT_TX_DISASSN,
3632 				"successful Disassociation TX"),
3633 	    IPW2100_ORD(STAT_TX_AUTH, "successful Authentication Tx"),
3634 	    IPW2100_ORD(STAT_TX_DEAUTH,
3635 				"successful Deauthentication TX"),
3636 	    IPW2100_ORD(STAT_TX_TOTAL_BYTES,
3637 				"Total successful Tx data bytes"),
3638 	    IPW2100_ORD(STAT_TX_RETRIES, "Tx retries"),
3639 	    IPW2100_ORD(STAT_TX_RETRY1, "Tx retries at 1MBPS"),
3640 	    IPW2100_ORD(STAT_TX_RETRY2, "Tx retries at 2MBPS"),
3641 	    IPW2100_ORD(STAT_TX_RETRY5_5, "Tx retries at 5.5MBPS"),
3642 	    IPW2100_ORD(STAT_TX_RETRY11, "Tx retries at 11MBPS"),
3643 	    IPW2100_ORD(STAT_TX_FAILURES, "Tx Failures"),
3644 	    IPW2100_ORD(STAT_TX_MAX_TRIES_IN_HOP,
3645 				"times max tries in a hop failed"),
3646 	    IPW2100_ORD(STAT_TX_DISASSN_FAIL,
3647 				"times disassociation failed"),
3648 	    IPW2100_ORD(STAT_TX_ERR_CTS, "missed/bad CTS frames"),
3649 	    IPW2100_ORD(STAT_TX_ERR_ACK, "tx err due to acks"),
3650 	    IPW2100_ORD(STAT_RX_HOST, "packets passed to host"),
3651 	    IPW2100_ORD(STAT_RX_DIR_DATA, "directed packets"),
3652 	    IPW2100_ORD(STAT_RX_DIR_DATA1, "directed packets at 1MB"),
3653 	    IPW2100_ORD(STAT_RX_DIR_DATA2, "directed packets at 2MB"),
3654 	    IPW2100_ORD(STAT_RX_DIR_DATA5_5,
3655 				"directed packets at 5.5MB"),
3656 	    IPW2100_ORD(STAT_RX_DIR_DATA11, "directed packets at 11MB"),
3657 	    IPW2100_ORD(STAT_RX_NODIR_DATA, "nondirected packets"),
3658 	    IPW2100_ORD(STAT_RX_NODIR_DATA1,
3659 				"nondirected packets at 1MB"),
3660 	    IPW2100_ORD(STAT_RX_NODIR_DATA2,
3661 				"nondirected packets at 2MB"),
3662 	    IPW2100_ORD(STAT_RX_NODIR_DATA5_5,
3663 				"nondirected packets at 5.5MB"),
3664 	    IPW2100_ORD(STAT_RX_NODIR_DATA11,
3665 				"nondirected packets at 11MB"),
3666 	    IPW2100_ORD(STAT_RX_NULL_DATA, "null data rx's"),
3667 	    IPW2100_ORD(STAT_RX_RTS, "Rx RTS"), IPW2100_ORD(STAT_RX_CTS,
3668 								    "Rx CTS"),
3669 	    IPW2100_ORD(STAT_RX_ACK, "Rx ACK"),
3670 	    IPW2100_ORD(STAT_RX_CFEND, "Rx CF End"),
3671 	    IPW2100_ORD(STAT_RX_CFEND_ACK, "Rx CF End + CF Ack"),
3672 	    IPW2100_ORD(STAT_RX_ASSN, "Association Rx's"),
3673 	    IPW2100_ORD(STAT_RX_ASSN_RESP, "Association response Rx's"),
3674 	    IPW2100_ORD(STAT_RX_REASSN, "Reassociation Rx's"),
3675 	    IPW2100_ORD(STAT_RX_REASSN_RESP,
3676 				"Reassociation response Rx's"),
3677 	    IPW2100_ORD(STAT_RX_PROBE, "probe Rx's"),
3678 	    IPW2100_ORD(STAT_RX_PROBE_RESP, "probe response Rx's"),
3679 	    IPW2100_ORD(STAT_RX_BEACON, "Rx beacon"),
3680 	    IPW2100_ORD(STAT_RX_ATIM, "Rx ATIM"),
3681 	    IPW2100_ORD(STAT_RX_DISASSN, "disassociation Rx"),
3682 	    IPW2100_ORD(STAT_RX_AUTH, "authentication Rx"),
3683 	    IPW2100_ORD(STAT_RX_DEAUTH, "deauthentication Rx"),
3684 	    IPW2100_ORD(STAT_RX_TOTAL_BYTES,
3685 				"Total rx data bytes received"),
3686 	    IPW2100_ORD(STAT_RX_ERR_CRC, "packets with Rx CRC error"),
3687 	    IPW2100_ORD(STAT_RX_ERR_CRC1, "Rx CRC errors at 1MB"),
3688 	    IPW2100_ORD(STAT_RX_ERR_CRC2, "Rx CRC errors at 2MB"),
3689 	    IPW2100_ORD(STAT_RX_ERR_CRC5_5, "Rx CRC errors at 5.5MB"),
3690 	    IPW2100_ORD(STAT_RX_ERR_CRC11, "Rx CRC errors at 11MB"),
3691 	    IPW2100_ORD(STAT_RX_DUPLICATE1,
3692 				"duplicate rx packets at 1MB"),
3693 	    IPW2100_ORD(STAT_RX_DUPLICATE2,
3694 				"duplicate rx packets at 2MB"),
3695 	    IPW2100_ORD(STAT_RX_DUPLICATE5_5,
3696 				"duplicate rx packets at 5.5MB"),
3697 	    IPW2100_ORD(STAT_RX_DUPLICATE11,
3698 				"duplicate rx packets at 11MB"),
3699 	    IPW2100_ORD(STAT_RX_DUPLICATE, "duplicate rx packets"),
3700 	    IPW2100_ORD(PERS_DB_LOCK, "locking fw permanent  db"),
3701 	    IPW2100_ORD(PERS_DB_SIZE, "size of fw permanent  db"),
3702 	    IPW2100_ORD(PERS_DB_ADDR, "address of fw permanent  db"),
3703 	    IPW2100_ORD(STAT_RX_INVALID_PROTOCOL,
3704 				"rx frames with invalid protocol"),
3705 	    IPW2100_ORD(SYS_BOOT_TIME, "Boot time"),
3706 	    IPW2100_ORD(STAT_RX_NO_BUFFER,
3707 				"rx frames rejected due to no buffer"),
3708 	    IPW2100_ORD(STAT_RX_MISSING_FRAG,
3709 				"rx frames dropped due to missing fragment"),
3710 	    IPW2100_ORD(STAT_RX_ORPHAN_FRAG,
3711 				"rx frames dropped due to non-sequential fragment"),
3712 	    IPW2100_ORD(STAT_RX_ORPHAN_FRAME,
3713 				"rx frames dropped due to unmatched 1st frame"),
3714 	    IPW2100_ORD(STAT_RX_FRAG_AGEOUT,
3715 				"rx frames dropped due to uncompleted frame"),
3716 	    IPW2100_ORD(STAT_RX_ICV_ERRORS,
3717 				"ICV errors during decryption"),
3718 	    IPW2100_ORD(STAT_PSP_SUSPENSION, "times adapter suspended"),
3719 	    IPW2100_ORD(STAT_PSP_BCN_TIMEOUT, "beacon timeout"),
3720 	    IPW2100_ORD(STAT_PSP_POLL_TIMEOUT,
3721 				"poll response timeouts"),
3722 	    IPW2100_ORD(STAT_PSP_NONDIR_TIMEOUT,
3723 				"timeouts waiting for last {broad,multi}cast pkt"),
3724 	    IPW2100_ORD(STAT_PSP_RX_DTIMS, "PSP DTIMs received"),
3725 	    IPW2100_ORD(STAT_PSP_RX_TIMS, "PSP TIMs received"),
3726 	    IPW2100_ORD(STAT_PSP_STATION_ID, "PSP Station ID"),
3727 	    IPW2100_ORD(LAST_ASSN_TIME, "RTC time of last association"),
3728 	    IPW2100_ORD(STAT_PERCENT_MISSED_BCNS,
3729 				"current calculation of % missed beacons"),
3730 	    IPW2100_ORD(STAT_PERCENT_RETRIES,
3731 				"current calculation of % missed tx retries"),
3732 	    IPW2100_ORD(ASSOCIATED_AP_PTR,
3733 				"0 if not associated, else pointer to AP table entry"),
3734 	    IPW2100_ORD(AVAILABLE_AP_CNT,
3735 				"AP's decsribed in the AP table"),
3736 	    IPW2100_ORD(AP_LIST_PTR, "Ptr to list of available APs"),
3737 	    IPW2100_ORD(STAT_AP_ASSNS, "associations"),
3738 	    IPW2100_ORD(STAT_ASSN_FAIL, "association failures"),
3739 	    IPW2100_ORD(STAT_ASSN_RESP_FAIL,
3740 				"failures due to response fail"),
3741 	    IPW2100_ORD(STAT_FULL_SCANS, "full scans"),
3742 	    IPW2100_ORD(CARD_DISABLED, "Card Disabled"),
3743 	    IPW2100_ORD(STAT_ROAM_INHIBIT,
3744 				"times roaming was inhibited due to activity"),
3745 	    IPW2100_ORD(RSSI_AT_ASSN,
3746 				"RSSI of associated AP at time of association"),
3747 	    IPW2100_ORD(STAT_ASSN_CAUSE1,
3748 				"reassociation: no probe response or TX on hop"),
3749 	    IPW2100_ORD(STAT_ASSN_CAUSE2,
3750 				"reassociation: poor tx/rx quality"),
3751 	    IPW2100_ORD(STAT_ASSN_CAUSE3,
3752 				"reassociation: tx/rx quality (excessive AP load"),
3753 	    IPW2100_ORD(STAT_ASSN_CAUSE4,
3754 				"reassociation: AP RSSI level"),
3755 	    IPW2100_ORD(STAT_ASSN_CAUSE5,
3756 				"reassociations due to load leveling"),
3757 	    IPW2100_ORD(STAT_AUTH_FAIL, "times authentication failed"),
3758 	    IPW2100_ORD(STAT_AUTH_RESP_FAIL,
3759 				"times authentication response failed"),
3760 	    IPW2100_ORD(STATION_TABLE_CNT,
3761 				"entries in association table"),
3762 	    IPW2100_ORD(RSSI_AVG_CURR, "Current avg RSSI"),
3763 	    IPW2100_ORD(POWER_MGMT_MODE, "Power mode - 0=CAM, 1=PSP"),
3764 	    IPW2100_ORD(COUNTRY_CODE,
3765 				"IEEE country code as recv'd from beacon"),
3766 	    IPW2100_ORD(COUNTRY_CHANNELS,
3767 				"channels supported by country"),
3768 	    IPW2100_ORD(RESET_CNT, "adapter resets (warm)"),
3769 	    IPW2100_ORD(BEACON_INTERVAL, "Beacon interval"),
3770 	    IPW2100_ORD(ANTENNA_DIVERSITY,
3771 				"TRUE if antenna diversity is disabled"),
3772 	    IPW2100_ORD(DTIM_PERIOD, "beacon intervals between DTIMs"),
3773 	    IPW2100_ORD(OUR_FREQ,
3774 				"current radio freq lower digits - channel ID"),
3775 	    IPW2100_ORD(RTC_TIME, "current RTC time"),
3776 	    IPW2100_ORD(PORT_TYPE, "operating mode"),
3777 	    IPW2100_ORD(CURRENT_TX_RATE, "current tx rate"),
3778 	    IPW2100_ORD(SUPPORTED_RATES, "supported tx rates"),
3779 	    IPW2100_ORD(ATIM_WINDOW, "current ATIM Window"),
3780 	    IPW2100_ORD(BASIC_RATES, "basic tx rates"),
3781 	    IPW2100_ORD(NIC_HIGHEST_RATE, "NIC highest tx rate"),
3782 	    IPW2100_ORD(AP_HIGHEST_RATE, "AP highest tx rate"),
3783 	    IPW2100_ORD(CAPABILITIES,
3784 				"Management frame capability field"),
3785 	    IPW2100_ORD(AUTH_TYPE, "Type of authentication"),
3786 	    IPW2100_ORD(RADIO_TYPE, "Adapter card platform type"),
3787 	    IPW2100_ORD(RTS_THRESHOLD,
3788 				"Min packet length for RTS handshaking"),
3789 	    IPW2100_ORD(INT_MODE, "International mode"),
3790 	    IPW2100_ORD(FRAGMENTATION_THRESHOLD,
3791 				"protocol frag threshold"),
3792 	    IPW2100_ORD(EEPROM_SRAM_DB_BLOCK_START_ADDRESS,
3793 				"EEPROM offset in SRAM"),
3794 	    IPW2100_ORD(EEPROM_SRAM_DB_BLOCK_SIZE,
3795 				"EEPROM size in SRAM"),
3796 	    IPW2100_ORD(EEPROM_SKU_CAPABILITY, "EEPROM SKU Capability"),
3797 	    IPW2100_ORD(EEPROM_IBSS_11B_CHANNELS,
3798 				"EEPROM IBSS 11b channel set"),
3799 	    IPW2100_ORD(MAC_VERSION, "MAC Version"),
3800 	    IPW2100_ORD(MAC_REVISION, "MAC Revision"),
3801 	    IPW2100_ORD(RADIO_VERSION, "Radio Version"),
3802 	    IPW2100_ORD(NIC_MANF_DATE_TIME, "MANF Date/Time STAMP"),
3803 	    IPW2100_ORD(UCODE_VERSION, "Ucode Version"),};
3804 
3805 static ssize_t show_registers(struct device *d, struct device_attribute *attr,
3806 			      char *buf)
3807 {
3808 	int i;
3809 	struct ipw2100_priv *priv = dev_get_drvdata(d);
3810 	struct net_device *dev = priv->net_dev;
3811 	char *out = buf;
3812 	u32 val = 0;
3813 
3814 	out += sprintf(out, "%30s [Address ] : Hex\n", "Register");
3815 
3816 	for (i = 0; i < ARRAY_SIZE(hw_data); i++) {
3817 		read_register(dev, hw_data[i].addr, &val);
3818 		out += sprintf(out, "%30s [%08X] : %08X\n",
3819 			       hw_data[i].name, hw_data[i].addr, val);
3820 	}
3821 
3822 	return out - buf;
3823 }
3824 
3825 static DEVICE_ATTR(registers, S_IRUGO, show_registers, NULL);
3826 
3827 static ssize_t show_hardware(struct device *d, struct device_attribute *attr,
3828 			     char *buf)
3829 {
3830 	struct ipw2100_priv *priv = dev_get_drvdata(d);
3831 	struct net_device *dev = priv->net_dev;
3832 	char *out = buf;
3833 	int i;
3834 
3835 	out += sprintf(out, "%30s [Address ] : Hex\n", "NIC entry");
3836 
3837 	for (i = 0; i < ARRAY_SIZE(nic_data); i++) {
3838 		u8 tmp8;
3839 		u16 tmp16;
3840 		u32 tmp32;
3841 
3842 		switch (nic_data[i].size) {
3843 		case 1:
3844 			read_nic_byte(dev, nic_data[i].addr, &tmp8);
3845 			out += sprintf(out, "%30s [%08X] : %02X\n",
3846 				       nic_data[i].name, nic_data[i].addr,
3847 				       tmp8);
3848 			break;
3849 		case 2:
3850 			read_nic_word(dev, nic_data[i].addr, &tmp16);
3851 			out += sprintf(out, "%30s [%08X] : %04X\n",
3852 				       nic_data[i].name, nic_data[i].addr,
3853 				       tmp16);
3854 			break;
3855 		case 4:
3856 			read_nic_dword(dev, nic_data[i].addr, &tmp32);
3857 			out += sprintf(out, "%30s [%08X] : %08X\n",
3858 				       nic_data[i].name, nic_data[i].addr,
3859 				       tmp32);
3860 			break;
3861 		}
3862 	}
3863 	return out - buf;
3864 }
3865 
3866 static DEVICE_ATTR(hardware, S_IRUGO, show_hardware, NULL);
3867 
3868 static ssize_t show_memory(struct device *d, struct device_attribute *attr,
3869 			   char *buf)
3870 {
3871 	struct ipw2100_priv *priv = dev_get_drvdata(d);
3872 	struct net_device *dev = priv->net_dev;
3873 	static unsigned long loop = 0;
3874 	int len = 0;
3875 	u32 buffer[4];
3876 	int i;
3877 	char line[81];
3878 
3879 	if (loop >= 0x30000)
3880 		loop = 0;
3881 
3882 	/* sysfs provides us PAGE_SIZE buffer */
3883 	while (len < PAGE_SIZE - 128 && loop < 0x30000) {
3884 
3885 		if (priv->snapshot[0])
3886 			for (i = 0; i < 4; i++)
3887 				buffer[i] =
3888 				    *(u32 *) SNAPSHOT_ADDR(loop + i * 4);
3889 		else
3890 			for (i = 0; i < 4; i++)
3891 				read_nic_dword(dev, loop + i * 4, &buffer[i]);
3892 
3893 		if (priv->dump_raw)
3894 			len += sprintf(buf + len,
3895 				       "%c%c%c%c"
3896 				       "%c%c%c%c"
3897 				       "%c%c%c%c"
3898 				       "%c%c%c%c",
3899 				       ((u8 *) buffer)[0x0],
3900 				       ((u8 *) buffer)[0x1],
3901 				       ((u8 *) buffer)[0x2],
3902 				       ((u8 *) buffer)[0x3],
3903 				       ((u8 *) buffer)[0x4],
3904 				       ((u8 *) buffer)[0x5],
3905 				       ((u8 *) buffer)[0x6],
3906 				       ((u8 *) buffer)[0x7],
3907 				       ((u8 *) buffer)[0x8],
3908 				       ((u8 *) buffer)[0x9],
3909 				       ((u8 *) buffer)[0xa],
3910 				       ((u8 *) buffer)[0xb],
3911 				       ((u8 *) buffer)[0xc],
3912 				       ((u8 *) buffer)[0xd],
3913 				       ((u8 *) buffer)[0xe],
3914 				       ((u8 *) buffer)[0xf]);
3915 		else
3916 			len += sprintf(buf + len, "%s\n",
3917 				       snprint_line(line, sizeof(line),
3918 						    (u8 *) buffer, 16, loop));
3919 		loop += 16;
3920 	}
3921 
3922 	return len;
3923 }
3924 
3925 static ssize_t store_memory(struct device *d, struct device_attribute *attr,
3926 			    const char *buf, size_t count)
3927 {
3928 	struct ipw2100_priv *priv = dev_get_drvdata(d);
3929 	struct net_device *dev = priv->net_dev;
3930 	const char *p = buf;
3931 
3932 	(void)dev;		/* kill unused-var warning for debug-only code */
3933 
3934 	if (count < 1)
3935 		return count;
3936 
3937 	if (p[0] == '1' ||
3938 	    (count >= 2 && tolower(p[0]) == 'o' && tolower(p[1]) == 'n')) {
3939 		IPW_DEBUG_INFO("%s: Setting memory dump to RAW mode.\n",
3940 			       dev->name);
3941 		priv->dump_raw = 1;
3942 
3943 	} else if (p[0] == '0' || (count >= 2 && tolower(p[0]) == 'o' &&
3944 				   tolower(p[1]) == 'f')) {
3945 		IPW_DEBUG_INFO("%s: Setting memory dump to HEX mode.\n",
3946 			       dev->name);
3947 		priv->dump_raw = 0;
3948 
3949 	} else if (tolower(p[0]) == 'r') {
3950 		IPW_DEBUG_INFO("%s: Resetting firmware snapshot.\n", dev->name);
3951 		ipw2100_snapshot_free(priv);
3952 
3953 	} else
3954 		IPW_DEBUG_INFO("%s: Usage: 0|on = HEX, 1|off = RAW, "
3955 			       "reset = clear memory snapshot\n", dev->name);
3956 
3957 	return count;
3958 }
3959 
3960 static DEVICE_ATTR(memory, S_IWUSR | S_IRUGO, show_memory, store_memory);
3961 
3962 static ssize_t show_ordinals(struct device *d, struct device_attribute *attr,
3963 			     char *buf)
3964 {
3965 	struct ipw2100_priv *priv = dev_get_drvdata(d);
3966 	u32 val = 0;
3967 	int len = 0;
3968 	u32 val_len;
3969 	static int loop = 0;
3970 
3971 	if (priv->status & STATUS_RF_KILL_MASK)
3972 		return 0;
3973 
3974 	if (loop >= ARRAY_SIZE(ord_data))
3975 		loop = 0;
3976 
3977 	/* sysfs provides us PAGE_SIZE buffer */
3978 	while (len < PAGE_SIZE - 128 && loop < ARRAY_SIZE(ord_data)) {
3979 		val_len = sizeof(u32);
3980 
3981 		if (ipw2100_get_ordinal(priv, ord_data[loop].index, &val,
3982 					&val_len))
3983 			len += sprintf(buf + len, "[0x%02X] = ERROR    %s\n",
3984 				       ord_data[loop].index,
3985 				       ord_data[loop].desc);
3986 		else
3987 			len += sprintf(buf + len, "[0x%02X] = 0x%08X %s\n",
3988 				       ord_data[loop].index, val,
3989 				       ord_data[loop].desc);
3990 		loop++;
3991 	}
3992 
3993 	return len;
3994 }
3995 
3996 static DEVICE_ATTR(ordinals, S_IRUGO, show_ordinals, NULL);
3997 
3998 static ssize_t show_stats(struct device *d, struct device_attribute *attr,
3999 			  char *buf)
4000 {
4001 	struct ipw2100_priv *priv = dev_get_drvdata(d);
4002 	char *out = buf;
4003 
4004 	out += sprintf(out, "interrupts: %d {tx: %d, rx: %d, other: %d}\n",
4005 		       priv->interrupts, priv->tx_interrupts,
4006 		       priv->rx_interrupts, priv->inta_other);
4007 	out += sprintf(out, "firmware resets: %d\n", priv->resets);
4008 	out += sprintf(out, "firmware hangs: %d\n", priv->hangs);
4009 #ifdef CONFIG_IPW2100_DEBUG
4010 	out += sprintf(out, "packet mismatch image: %s\n",
4011 		       priv->snapshot[0] ? "YES" : "NO");
4012 #endif
4013 
4014 	return out - buf;
4015 }
4016 
4017 static DEVICE_ATTR(stats, S_IRUGO, show_stats, NULL);
4018 
4019 static int ipw2100_switch_mode(struct ipw2100_priv *priv, u32 mode)
4020 {
4021 	int err;
4022 
4023 	if (mode == priv->ieee->iw_mode)
4024 		return 0;
4025 
4026 	err = ipw2100_disable_adapter(priv);
4027 	if (err) {
4028 		printk(KERN_ERR DRV_NAME ": %s: Could not disable adapter %d\n",
4029 		       priv->net_dev->name, err);
4030 		return err;
4031 	}
4032 
4033 	switch (mode) {
4034 	case IW_MODE_INFRA:
4035 		priv->net_dev->type = ARPHRD_ETHER;
4036 		break;
4037 	case IW_MODE_ADHOC:
4038 		priv->net_dev->type = ARPHRD_ETHER;
4039 		break;
4040 #ifdef CONFIG_IPW2100_MONITOR
4041 	case IW_MODE_MONITOR:
4042 		priv->last_mode = priv->ieee->iw_mode;
4043 		priv->net_dev->type = ARPHRD_IEEE80211_RADIOTAP;
4044 		break;
4045 #endif				/* CONFIG_IPW2100_MONITOR */
4046 	}
4047 
4048 	priv->ieee->iw_mode = mode;
4049 
4050 #ifdef CONFIG_PM
4051 	/* Indicate ipw2100_download_firmware download firmware
4052 	 * from disk instead of memory. */
4053 	ipw2100_firmware.version = 0;
4054 #endif
4055 
4056 	printk(KERN_INFO "%s: Resetting on mode change.\n", priv->net_dev->name);
4057 	priv->reset_backoff = 0;
4058 	schedule_reset(priv);
4059 
4060 	return 0;
4061 }
4062 
4063 static ssize_t show_internals(struct device *d, struct device_attribute *attr,
4064 			      char *buf)
4065 {
4066 	struct ipw2100_priv *priv = dev_get_drvdata(d);
4067 	int len = 0;
4068 
4069 #define DUMP_VAR(x,y) len += sprintf(buf + len, # x ": %" y "\n", priv-> x)
4070 
4071 	if (priv->status & STATUS_ASSOCIATED)
4072 		len += sprintf(buf + len, "connected: %lu\n",
4073 			       get_seconds() - priv->connect_start);
4074 	else
4075 		len += sprintf(buf + len, "not connected\n");
4076 
4077 	DUMP_VAR(ieee->crypt_info.crypt[priv->ieee->crypt_info.tx_keyidx], "p");
4078 	DUMP_VAR(status, "08lx");
4079 	DUMP_VAR(config, "08lx");
4080 	DUMP_VAR(capability, "08lx");
4081 
4082 	len +=
4083 	    sprintf(buf + len, "last_rtc: %lu\n",
4084 		    (unsigned long)priv->last_rtc);
4085 
4086 	DUMP_VAR(fatal_error, "d");
4087 	DUMP_VAR(stop_hang_check, "d");
4088 	DUMP_VAR(stop_rf_kill, "d");
4089 	DUMP_VAR(messages_sent, "d");
4090 
4091 	DUMP_VAR(tx_pend_stat.value, "d");
4092 	DUMP_VAR(tx_pend_stat.hi, "d");
4093 
4094 	DUMP_VAR(tx_free_stat.value, "d");
4095 	DUMP_VAR(tx_free_stat.lo, "d");
4096 
4097 	DUMP_VAR(msg_free_stat.value, "d");
4098 	DUMP_VAR(msg_free_stat.lo, "d");
4099 
4100 	DUMP_VAR(msg_pend_stat.value, "d");
4101 	DUMP_VAR(msg_pend_stat.hi, "d");
4102 
4103 	DUMP_VAR(fw_pend_stat.value, "d");
4104 	DUMP_VAR(fw_pend_stat.hi, "d");
4105 
4106 	DUMP_VAR(txq_stat.value, "d");
4107 	DUMP_VAR(txq_stat.lo, "d");
4108 
4109 	DUMP_VAR(ieee->scans, "d");
4110 	DUMP_VAR(reset_backoff, "d");
4111 
4112 	return len;
4113 }
4114 
4115 static DEVICE_ATTR(internals, S_IRUGO, show_internals, NULL);
4116 
4117 static ssize_t show_bssinfo(struct device *d, struct device_attribute *attr,
4118 			    char *buf)
4119 {
4120 	struct ipw2100_priv *priv = dev_get_drvdata(d);
4121 	char essid[IW_ESSID_MAX_SIZE + 1];
4122 	u8 bssid[ETH_ALEN];
4123 	u32 chan = 0;
4124 	char *out = buf;
4125 	unsigned int length;
4126 	int ret;
4127 
4128 	if (priv->status & STATUS_RF_KILL_MASK)
4129 		return 0;
4130 
4131 	memset(essid, 0, sizeof(essid));
4132 	memset(bssid, 0, sizeof(bssid));
4133 
4134 	length = IW_ESSID_MAX_SIZE;
4135 	ret = ipw2100_get_ordinal(priv, IPW_ORD_STAT_ASSN_SSID, essid, &length);
4136 	if (ret)
4137 		IPW_DEBUG_INFO("failed querying ordinals at line %d\n",
4138 			       __LINE__);
4139 
4140 	length = sizeof(bssid);
4141 	ret = ipw2100_get_ordinal(priv, IPW_ORD_STAT_ASSN_AP_BSSID,
4142 				  bssid, &length);
4143 	if (ret)
4144 		IPW_DEBUG_INFO("failed querying ordinals at line %d\n",
4145 			       __LINE__);
4146 
4147 	length = sizeof(u32);
4148 	ret = ipw2100_get_ordinal(priv, IPW_ORD_OUR_FREQ, &chan, &length);
4149 	if (ret)
4150 		IPW_DEBUG_INFO("failed querying ordinals at line %d\n",
4151 			       __LINE__);
4152 
4153 	out += sprintf(out, "ESSID: %s\n", essid);
4154 	out += sprintf(out, "BSSID:   %pM\n", bssid);
4155 	out += sprintf(out, "Channel: %d\n", chan);
4156 
4157 	return out - buf;
4158 }
4159 
4160 static DEVICE_ATTR(bssinfo, S_IRUGO, show_bssinfo, NULL);
4161 
4162 #ifdef CONFIG_IPW2100_DEBUG
4163 static ssize_t show_debug_level(struct device_driver *d, char *buf)
4164 {
4165 	return sprintf(buf, "0x%08X\n", ipw2100_debug_level);
4166 }
4167 
4168 static ssize_t store_debug_level(struct device_driver *d,
4169 				 const char *buf, size_t count)
4170 {
4171 	u32 val;
4172 	int ret;
4173 
4174 	ret = kstrtou32(buf, 0, &val);
4175 	if (ret)
4176 		IPW_DEBUG_INFO(": %s is not in hex or decimal form.\n", buf);
4177 	else
4178 		ipw2100_debug_level = val;
4179 
4180 	return strnlen(buf, count);
4181 }
4182 
4183 static DRIVER_ATTR(debug_level, S_IWUSR | S_IRUGO, show_debug_level,
4184 		   store_debug_level);
4185 #endif				/* CONFIG_IPW2100_DEBUG */
4186 
4187 static ssize_t show_fatal_error(struct device *d,
4188 				struct device_attribute *attr, char *buf)
4189 {
4190 	struct ipw2100_priv *priv = dev_get_drvdata(d);
4191 	char *out = buf;
4192 	int i;
4193 
4194 	if (priv->fatal_error)
4195 		out += sprintf(out, "0x%08X\n", priv->fatal_error);
4196 	else
4197 		out += sprintf(out, "0\n");
4198 
4199 	for (i = 1; i <= IPW2100_ERROR_QUEUE; i++) {
4200 		if (!priv->fatal_errors[(priv->fatal_index - i) %
4201 					IPW2100_ERROR_QUEUE])
4202 			continue;
4203 
4204 		out += sprintf(out, "%d. 0x%08X\n", i,
4205 			       priv->fatal_errors[(priv->fatal_index - i) %
4206 						  IPW2100_ERROR_QUEUE]);
4207 	}
4208 
4209 	return out - buf;
4210 }
4211 
4212 static ssize_t store_fatal_error(struct device *d,
4213 				 struct device_attribute *attr, const char *buf,
4214 				 size_t count)
4215 {
4216 	struct ipw2100_priv *priv = dev_get_drvdata(d);
4217 	schedule_reset(priv);
4218 	return count;
4219 }
4220 
4221 static DEVICE_ATTR(fatal_error, S_IWUSR | S_IRUGO, show_fatal_error,
4222 		   store_fatal_error);
4223 
4224 static ssize_t show_scan_age(struct device *d, struct device_attribute *attr,
4225 			     char *buf)
4226 {
4227 	struct ipw2100_priv *priv = dev_get_drvdata(d);
4228 	return sprintf(buf, "%d\n", priv->ieee->scan_age);
4229 }
4230 
4231 static ssize_t store_scan_age(struct device *d, struct device_attribute *attr,
4232 			      const char *buf, size_t count)
4233 {
4234 	struct ipw2100_priv *priv = dev_get_drvdata(d);
4235 	struct net_device *dev = priv->net_dev;
4236 	unsigned long val;
4237 	int ret;
4238 
4239 	(void)dev;		/* kill unused-var warning for debug-only code */
4240 
4241 	IPW_DEBUG_INFO("enter\n");
4242 
4243 	ret = kstrtoul(buf, 0, &val);
4244 	if (ret) {
4245 		IPW_DEBUG_INFO("%s: user supplied invalid value.\n", dev->name);
4246 	} else {
4247 		priv->ieee->scan_age = val;
4248 		IPW_DEBUG_INFO("set scan_age = %u\n", priv->ieee->scan_age);
4249 	}
4250 
4251 	IPW_DEBUG_INFO("exit\n");
4252 	return strnlen(buf, count);
4253 }
4254 
4255 static DEVICE_ATTR(scan_age, S_IWUSR | S_IRUGO, show_scan_age, store_scan_age);
4256 
4257 static ssize_t show_rf_kill(struct device *d, struct device_attribute *attr,
4258 			    char *buf)
4259 {
4260 	/* 0 - RF kill not enabled
4261 	   1 - SW based RF kill active (sysfs)
4262 	   2 - HW based RF kill active
4263 	   3 - Both HW and SW baed RF kill active */
4264 	struct ipw2100_priv *priv = dev_get_drvdata(d);
4265 	int val = ((priv->status & STATUS_RF_KILL_SW) ? 0x1 : 0x0) |
4266 	    (rf_kill_active(priv) ? 0x2 : 0x0);
4267 	return sprintf(buf, "%i\n", val);
4268 }
4269 
4270 static int ipw_radio_kill_sw(struct ipw2100_priv *priv, int disable_radio)
4271 {
4272 	if ((disable_radio ? 1 : 0) ==
4273 	    (priv->status & STATUS_RF_KILL_SW ? 1 : 0))
4274 		return 0;
4275 
4276 	IPW_DEBUG_RF_KILL("Manual SW RF Kill set to: RADIO  %s\n",
4277 			  disable_radio ? "OFF" : "ON");
4278 
4279 	mutex_lock(&priv->action_mutex);
4280 
4281 	if (disable_radio) {
4282 		priv->status |= STATUS_RF_KILL_SW;
4283 		ipw2100_down(priv);
4284 	} else {
4285 		priv->status &= ~STATUS_RF_KILL_SW;
4286 		if (rf_kill_active(priv)) {
4287 			IPW_DEBUG_RF_KILL("Can not turn radio back on - "
4288 					  "disabled by HW switch\n");
4289 			/* Make sure the RF_KILL check timer is running */
4290 			priv->stop_rf_kill = 0;
4291 			mod_delayed_work(system_wq, &priv->rf_kill,
4292 					 round_jiffies_relative(HZ));
4293 		} else
4294 			schedule_reset(priv);
4295 	}
4296 
4297 	mutex_unlock(&priv->action_mutex);
4298 	return 1;
4299 }
4300 
4301 static ssize_t store_rf_kill(struct device *d, struct device_attribute *attr,
4302 			     const char *buf, size_t count)
4303 {
4304 	struct ipw2100_priv *priv = dev_get_drvdata(d);
4305 	ipw_radio_kill_sw(priv, buf[0] == '1');
4306 	return count;
4307 }
4308 
4309 static DEVICE_ATTR(rf_kill, S_IWUSR | S_IRUGO, show_rf_kill, store_rf_kill);
4310 
4311 static struct attribute *ipw2100_sysfs_entries[] = {
4312 	&dev_attr_hardware.attr,
4313 	&dev_attr_registers.attr,
4314 	&dev_attr_ordinals.attr,
4315 	&dev_attr_pci.attr,
4316 	&dev_attr_stats.attr,
4317 	&dev_attr_internals.attr,
4318 	&dev_attr_bssinfo.attr,
4319 	&dev_attr_memory.attr,
4320 	&dev_attr_scan_age.attr,
4321 	&dev_attr_fatal_error.attr,
4322 	&dev_attr_rf_kill.attr,
4323 	&dev_attr_cfg.attr,
4324 	&dev_attr_status.attr,
4325 	&dev_attr_capability.attr,
4326 	NULL,
4327 };
4328 
4329 static struct attribute_group ipw2100_attribute_group = {
4330 	.attrs = ipw2100_sysfs_entries,
4331 };
4332 
4333 static int status_queue_allocate(struct ipw2100_priv *priv, int entries)
4334 {
4335 	struct ipw2100_status_queue *q = &priv->status_queue;
4336 
4337 	IPW_DEBUG_INFO("enter\n");
4338 
4339 	q->size = entries * sizeof(struct ipw2100_status);
4340 	q->drv = pci_zalloc_consistent(priv->pci_dev, q->size, &q->nic);
4341 	if (!q->drv) {
4342 		IPW_DEBUG_WARNING("Can not allocate status queue.\n");
4343 		return -ENOMEM;
4344 	}
4345 
4346 	IPW_DEBUG_INFO("exit\n");
4347 
4348 	return 0;
4349 }
4350 
4351 static void status_queue_free(struct ipw2100_priv *priv)
4352 {
4353 	IPW_DEBUG_INFO("enter\n");
4354 
4355 	if (priv->status_queue.drv) {
4356 		pci_free_consistent(priv->pci_dev, priv->status_queue.size,
4357 				    priv->status_queue.drv,
4358 				    priv->status_queue.nic);
4359 		priv->status_queue.drv = NULL;
4360 	}
4361 
4362 	IPW_DEBUG_INFO("exit\n");
4363 }
4364 
4365 static int bd_queue_allocate(struct ipw2100_priv *priv,
4366 			     struct ipw2100_bd_queue *q, int entries)
4367 {
4368 	IPW_DEBUG_INFO("enter\n");
4369 
4370 	memset(q, 0, sizeof(struct ipw2100_bd_queue));
4371 
4372 	q->entries = entries;
4373 	q->size = entries * sizeof(struct ipw2100_bd);
4374 	q->drv = pci_zalloc_consistent(priv->pci_dev, q->size, &q->nic);
4375 	if (!q->drv) {
4376 		IPW_DEBUG_INFO
4377 		    ("can't allocate shared memory for buffer descriptors\n");
4378 		return -ENOMEM;
4379 	}
4380 
4381 	IPW_DEBUG_INFO("exit\n");
4382 
4383 	return 0;
4384 }
4385 
4386 static void bd_queue_free(struct ipw2100_priv *priv, struct ipw2100_bd_queue *q)
4387 {
4388 	IPW_DEBUG_INFO("enter\n");
4389 
4390 	if (!q)
4391 		return;
4392 
4393 	if (q->drv) {
4394 		pci_free_consistent(priv->pci_dev, q->size, q->drv, q->nic);
4395 		q->drv = NULL;
4396 	}
4397 
4398 	IPW_DEBUG_INFO("exit\n");
4399 }
4400 
4401 static void bd_queue_initialize(struct ipw2100_priv *priv,
4402 				struct ipw2100_bd_queue *q, u32 base, u32 size,
4403 				u32 r, u32 w)
4404 {
4405 	IPW_DEBUG_INFO("enter\n");
4406 
4407 	IPW_DEBUG_INFO("initializing bd queue at virt=%p, phys=%08x\n", q->drv,
4408 		       (u32) q->nic);
4409 
4410 	write_register(priv->net_dev, base, q->nic);
4411 	write_register(priv->net_dev, size, q->entries);
4412 	write_register(priv->net_dev, r, q->oldest);
4413 	write_register(priv->net_dev, w, q->next);
4414 
4415 	IPW_DEBUG_INFO("exit\n");
4416 }
4417 
4418 static void ipw2100_kill_works(struct ipw2100_priv *priv)
4419 {
4420 	priv->stop_rf_kill = 1;
4421 	priv->stop_hang_check = 1;
4422 	cancel_delayed_work_sync(&priv->reset_work);
4423 	cancel_delayed_work_sync(&priv->security_work);
4424 	cancel_delayed_work_sync(&priv->wx_event_work);
4425 	cancel_delayed_work_sync(&priv->hang_check);
4426 	cancel_delayed_work_sync(&priv->rf_kill);
4427 	cancel_delayed_work_sync(&priv->scan_event);
4428 }
4429 
4430 static int ipw2100_tx_allocate(struct ipw2100_priv *priv)
4431 {
4432 	int i, j, err = -EINVAL;
4433 	void *v;
4434 	dma_addr_t p;
4435 
4436 	IPW_DEBUG_INFO("enter\n");
4437 
4438 	err = bd_queue_allocate(priv, &priv->tx_queue, TX_QUEUE_LENGTH);
4439 	if (err) {
4440 		IPW_DEBUG_ERROR("%s: failed bd_queue_allocate\n",
4441 				priv->net_dev->name);
4442 		return err;
4443 	}
4444 
4445 	priv->tx_buffers = kmalloc_array(TX_PENDED_QUEUE_LENGTH,
4446 					 sizeof(struct ipw2100_tx_packet),
4447 					 GFP_ATOMIC);
4448 	if (!priv->tx_buffers) {
4449 		bd_queue_free(priv, &priv->tx_queue);
4450 		return -ENOMEM;
4451 	}
4452 
4453 	for (i = 0; i < TX_PENDED_QUEUE_LENGTH; i++) {
4454 		v = pci_alloc_consistent(priv->pci_dev,
4455 					 sizeof(struct ipw2100_data_header),
4456 					 &p);
4457 		if (!v) {
4458 			printk(KERN_ERR DRV_NAME
4459 			       ": %s: PCI alloc failed for tx " "buffers.\n",
4460 			       priv->net_dev->name);
4461 			err = -ENOMEM;
4462 			break;
4463 		}
4464 
4465 		priv->tx_buffers[i].type = DATA;
4466 		priv->tx_buffers[i].info.d_struct.data =
4467 		    (struct ipw2100_data_header *)v;
4468 		priv->tx_buffers[i].info.d_struct.data_phys = p;
4469 		priv->tx_buffers[i].info.d_struct.txb = NULL;
4470 	}
4471 
4472 	if (i == TX_PENDED_QUEUE_LENGTH)
4473 		return 0;
4474 
4475 	for (j = 0; j < i; j++) {
4476 		pci_free_consistent(priv->pci_dev,
4477 				    sizeof(struct ipw2100_data_header),
4478 				    priv->tx_buffers[j].info.d_struct.data,
4479 				    priv->tx_buffers[j].info.d_struct.
4480 				    data_phys);
4481 	}
4482 
4483 	kfree(priv->tx_buffers);
4484 	priv->tx_buffers = NULL;
4485 
4486 	return err;
4487 }
4488 
4489 static void ipw2100_tx_initialize(struct ipw2100_priv *priv)
4490 {
4491 	int i;
4492 
4493 	IPW_DEBUG_INFO("enter\n");
4494 
4495 	/*
4496 	 * reinitialize packet info lists
4497 	 */
4498 	INIT_LIST_HEAD(&priv->fw_pend_list);
4499 	INIT_STAT(&priv->fw_pend_stat);
4500 
4501 	/*
4502 	 * reinitialize lists
4503 	 */
4504 	INIT_LIST_HEAD(&priv->tx_pend_list);
4505 	INIT_LIST_HEAD(&priv->tx_free_list);
4506 	INIT_STAT(&priv->tx_pend_stat);
4507 	INIT_STAT(&priv->tx_free_stat);
4508 
4509 	for (i = 0; i < TX_PENDED_QUEUE_LENGTH; i++) {
4510 		/* We simply drop any SKBs that have been queued for
4511 		 * transmit */
4512 		if (priv->tx_buffers[i].info.d_struct.txb) {
4513 			libipw_txb_free(priv->tx_buffers[i].info.d_struct.
4514 					   txb);
4515 			priv->tx_buffers[i].info.d_struct.txb = NULL;
4516 		}
4517 
4518 		list_add_tail(&priv->tx_buffers[i].list, &priv->tx_free_list);
4519 	}
4520 
4521 	SET_STAT(&priv->tx_free_stat, i);
4522 
4523 	priv->tx_queue.oldest = 0;
4524 	priv->tx_queue.available = priv->tx_queue.entries;
4525 	priv->tx_queue.next = 0;
4526 	INIT_STAT(&priv->txq_stat);
4527 	SET_STAT(&priv->txq_stat, priv->tx_queue.available);
4528 
4529 	bd_queue_initialize(priv, &priv->tx_queue,
4530 			    IPW_MEM_HOST_SHARED_TX_QUEUE_BD_BASE,
4531 			    IPW_MEM_HOST_SHARED_TX_QUEUE_BD_SIZE,
4532 			    IPW_MEM_HOST_SHARED_TX_QUEUE_READ_INDEX,
4533 			    IPW_MEM_HOST_SHARED_TX_QUEUE_WRITE_INDEX);
4534 
4535 	IPW_DEBUG_INFO("exit\n");
4536 
4537 }
4538 
4539 static void ipw2100_tx_free(struct ipw2100_priv *priv)
4540 {
4541 	int i;
4542 
4543 	IPW_DEBUG_INFO("enter\n");
4544 
4545 	bd_queue_free(priv, &priv->tx_queue);
4546 
4547 	if (!priv->tx_buffers)
4548 		return;
4549 
4550 	for (i = 0; i < TX_PENDED_QUEUE_LENGTH; i++) {
4551 		if (priv->tx_buffers[i].info.d_struct.txb) {
4552 			libipw_txb_free(priv->tx_buffers[i].info.d_struct.
4553 					   txb);
4554 			priv->tx_buffers[i].info.d_struct.txb = NULL;
4555 		}
4556 		if (priv->tx_buffers[i].info.d_struct.data)
4557 			pci_free_consistent(priv->pci_dev,
4558 					    sizeof(struct ipw2100_data_header),
4559 					    priv->tx_buffers[i].info.d_struct.
4560 					    data,
4561 					    priv->tx_buffers[i].info.d_struct.
4562 					    data_phys);
4563 	}
4564 
4565 	kfree(priv->tx_buffers);
4566 	priv->tx_buffers = NULL;
4567 
4568 	IPW_DEBUG_INFO("exit\n");
4569 }
4570 
4571 static int ipw2100_rx_allocate(struct ipw2100_priv *priv)
4572 {
4573 	int i, j, err = -EINVAL;
4574 
4575 	IPW_DEBUG_INFO("enter\n");
4576 
4577 	err = bd_queue_allocate(priv, &priv->rx_queue, RX_QUEUE_LENGTH);
4578 	if (err) {
4579 		IPW_DEBUG_INFO("failed bd_queue_allocate\n");
4580 		return err;
4581 	}
4582 
4583 	err = status_queue_allocate(priv, RX_QUEUE_LENGTH);
4584 	if (err) {
4585 		IPW_DEBUG_INFO("failed status_queue_allocate\n");
4586 		bd_queue_free(priv, &priv->rx_queue);
4587 		return err;
4588 	}
4589 
4590 	/*
4591 	 * allocate packets
4592 	 */
4593 	priv->rx_buffers = kmalloc(RX_QUEUE_LENGTH *
4594 				   sizeof(struct ipw2100_rx_packet),
4595 				   GFP_KERNEL);
4596 	if (!priv->rx_buffers) {
4597 		IPW_DEBUG_INFO("can't allocate rx packet buffer table\n");
4598 
4599 		bd_queue_free(priv, &priv->rx_queue);
4600 
4601 		status_queue_free(priv);
4602 
4603 		return -ENOMEM;
4604 	}
4605 
4606 	for (i = 0; i < RX_QUEUE_LENGTH; i++) {
4607 		struct ipw2100_rx_packet *packet = &priv->rx_buffers[i];
4608 
4609 		err = ipw2100_alloc_skb(priv, packet);
4610 		if (unlikely(err)) {
4611 			err = -ENOMEM;
4612 			break;
4613 		}
4614 
4615 		/* The BD holds the cache aligned address */
4616 		priv->rx_queue.drv[i].host_addr = packet->dma_addr;
4617 		priv->rx_queue.drv[i].buf_length = IPW_RX_NIC_BUFFER_LENGTH;
4618 		priv->status_queue.drv[i].status_fields = 0;
4619 	}
4620 
4621 	if (i == RX_QUEUE_LENGTH)
4622 		return 0;
4623 
4624 	for (j = 0; j < i; j++) {
4625 		pci_unmap_single(priv->pci_dev, priv->rx_buffers[j].dma_addr,
4626 				 sizeof(struct ipw2100_rx_packet),
4627 				 PCI_DMA_FROMDEVICE);
4628 		dev_kfree_skb(priv->rx_buffers[j].skb);
4629 	}
4630 
4631 	kfree(priv->rx_buffers);
4632 	priv->rx_buffers = NULL;
4633 
4634 	bd_queue_free(priv, &priv->rx_queue);
4635 
4636 	status_queue_free(priv);
4637 
4638 	return err;
4639 }
4640 
4641 static void ipw2100_rx_initialize(struct ipw2100_priv *priv)
4642 {
4643 	IPW_DEBUG_INFO("enter\n");
4644 
4645 	priv->rx_queue.oldest = 0;
4646 	priv->rx_queue.available = priv->rx_queue.entries - 1;
4647 	priv->rx_queue.next = priv->rx_queue.entries - 1;
4648 
4649 	INIT_STAT(&priv->rxq_stat);
4650 	SET_STAT(&priv->rxq_stat, priv->rx_queue.available);
4651 
4652 	bd_queue_initialize(priv, &priv->rx_queue,
4653 			    IPW_MEM_HOST_SHARED_RX_BD_BASE,
4654 			    IPW_MEM_HOST_SHARED_RX_BD_SIZE,
4655 			    IPW_MEM_HOST_SHARED_RX_READ_INDEX,
4656 			    IPW_MEM_HOST_SHARED_RX_WRITE_INDEX);
4657 
4658 	/* set up the status queue */
4659 	write_register(priv->net_dev, IPW_MEM_HOST_SHARED_RX_STATUS_BASE,
4660 		       priv->status_queue.nic);
4661 
4662 	IPW_DEBUG_INFO("exit\n");
4663 }
4664 
4665 static void ipw2100_rx_free(struct ipw2100_priv *priv)
4666 {
4667 	int i;
4668 
4669 	IPW_DEBUG_INFO("enter\n");
4670 
4671 	bd_queue_free(priv, &priv->rx_queue);
4672 	status_queue_free(priv);
4673 
4674 	if (!priv->rx_buffers)
4675 		return;
4676 
4677 	for (i = 0; i < RX_QUEUE_LENGTH; i++) {
4678 		if (priv->rx_buffers[i].rxp) {
4679 			pci_unmap_single(priv->pci_dev,
4680 					 priv->rx_buffers[i].dma_addr,
4681 					 sizeof(struct ipw2100_rx),
4682 					 PCI_DMA_FROMDEVICE);
4683 			dev_kfree_skb(priv->rx_buffers[i].skb);
4684 		}
4685 	}
4686 
4687 	kfree(priv->rx_buffers);
4688 	priv->rx_buffers = NULL;
4689 
4690 	IPW_DEBUG_INFO("exit\n");
4691 }
4692 
4693 static int ipw2100_read_mac_address(struct ipw2100_priv *priv)
4694 {
4695 	u32 length = ETH_ALEN;
4696 	u8 addr[ETH_ALEN];
4697 
4698 	int err;
4699 
4700 	err = ipw2100_get_ordinal(priv, IPW_ORD_STAT_ADAPTER_MAC, addr, &length);
4701 	if (err) {
4702 		IPW_DEBUG_INFO("MAC address read failed\n");
4703 		return -EIO;
4704 	}
4705 
4706 	memcpy(priv->net_dev->dev_addr, addr, ETH_ALEN);
4707 	IPW_DEBUG_INFO("card MAC is %pM\n", priv->net_dev->dev_addr);
4708 
4709 	return 0;
4710 }
4711 
4712 /********************************************************************
4713  *
4714  * Firmware Commands
4715  *
4716  ********************************************************************/
4717 
4718 static int ipw2100_set_mac_address(struct ipw2100_priv *priv, int batch_mode)
4719 {
4720 	struct host_command cmd = {
4721 		.host_command = ADAPTER_ADDRESS,
4722 		.host_command_sequence = 0,
4723 		.host_command_length = ETH_ALEN
4724 	};
4725 	int err;
4726 
4727 	IPW_DEBUG_HC("SET_MAC_ADDRESS\n");
4728 
4729 	IPW_DEBUG_INFO("enter\n");
4730 
4731 	if (priv->config & CFG_CUSTOM_MAC) {
4732 		memcpy(cmd.host_command_parameters, priv->mac_addr, ETH_ALEN);
4733 		memcpy(priv->net_dev->dev_addr, priv->mac_addr, ETH_ALEN);
4734 	} else
4735 		memcpy(cmd.host_command_parameters, priv->net_dev->dev_addr,
4736 		       ETH_ALEN);
4737 
4738 	err = ipw2100_hw_send_command(priv, &cmd);
4739 
4740 	IPW_DEBUG_INFO("exit\n");
4741 	return err;
4742 }
4743 
4744 static int ipw2100_set_port_type(struct ipw2100_priv *priv, u32 port_type,
4745 				 int batch_mode)
4746 {
4747 	struct host_command cmd = {
4748 		.host_command = PORT_TYPE,
4749 		.host_command_sequence = 0,
4750 		.host_command_length = sizeof(u32)
4751 	};
4752 	int err;
4753 
4754 	switch (port_type) {
4755 	case IW_MODE_INFRA:
4756 		cmd.host_command_parameters[0] = IPW_BSS;
4757 		break;
4758 	case IW_MODE_ADHOC:
4759 		cmd.host_command_parameters[0] = IPW_IBSS;
4760 		break;
4761 	}
4762 
4763 	IPW_DEBUG_HC("PORT_TYPE: %s\n",
4764 		     port_type == IPW_IBSS ? "Ad-Hoc" : "Managed");
4765 
4766 	if (!batch_mode) {
4767 		err = ipw2100_disable_adapter(priv);
4768 		if (err) {
4769 			printk(KERN_ERR DRV_NAME
4770 			       ": %s: Could not disable adapter %d\n",
4771 			       priv->net_dev->name, err);
4772 			return err;
4773 		}
4774 	}
4775 
4776 	/* send cmd to firmware */
4777 	err = ipw2100_hw_send_command(priv, &cmd);
4778 
4779 	if (!batch_mode)
4780 		ipw2100_enable_adapter(priv);
4781 
4782 	return err;
4783 }
4784 
4785 static int ipw2100_set_channel(struct ipw2100_priv *priv, u32 channel,
4786 			       int batch_mode)
4787 {
4788 	struct host_command cmd = {
4789 		.host_command = CHANNEL,
4790 		.host_command_sequence = 0,
4791 		.host_command_length = sizeof(u32)
4792 	};
4793 	int err;
4794 
4795 	cmd.host_command_parameters[0] = channel;
4796 
4797 	IPW_DEBUG_HC("CHANNEL: %d\n", channel);
4798 
4799 	/* If BSS then we don't support channel selection */
4800 	if (priv->ieee->iw_mode == IW_MODE_INFRA)
4801 		return 0;
4802 
4803 	if ((channel != 0) &&
4804 	    ((channel < REG_MIN_CHANNEL) || (channel > REG_MAX_CHANNEL)))
4805 		return -EINVAL;
4806 
4807 	if (!batch_mode) {
4808 		err = ipw2100_disable_adapter(priv);
4809 		if (err)
4810 			return err;
4811 	}
4812 
4813 	err = ipw2100_hw_send_command(priv, &cmd);
4814 	if (err) {
4815 		IPW_DEBUG_INFO("Failed to set channel to %d", channel);
4816 		return err;
4817 	}
4818 
4819 	if (channel)
4820 		priv->config |= CFG_STATIC_CHANNEL;
4821 	else
4822 		priv->config &= ~CFG_STATIC_CHANNEL;
4823 
4824 	priv->channel = channel;
4825 
4826 	if (!batch_mode) {
4827 		err = ipw2100_enable_adapter(priv);
4828 		if (err)
4829 			return err;
4830 	}
4831 
4832 	return 0;
4833 }
4834 
4835 static int ipw2100_system_config(struct ipw2100_priv *priv, int batch_mode)
4836 {
4837 	struct host_command cmd = {
4838 		.host_command = SYSTEM_CONFIG,
4839 		.host_command_sequence = 0,
4840 		.host_command_length = 12,
4841 	};
4842 	u32 ibss_mask, len = sizeof(u32);
4843 	int err;
4844 
4845 	/* Set system configuration */
4846 
4847 	if (!batch_mode) {
4848 		err = ipw2100_disable_adapter(priv);
4849 		if (err)
4850 			return err;
4851 	}
4852 
4853 	if (priv->ieee->iw_mode == IW_MODE_ADHOC)
4854 		cmd.host_command_parameters[0] |= IPW_CFG_IBSS_AUTO_START;
4855 
4856 	cmd.host_command_parameters[0] |= IPW_CFG_IBSS_MASK |
4857 	    IPW_CFG_BSS_MASK | IPW_CFG_802_1x_ENABLE;
4858 
4859 	if (!(priv->config & CFG_LONG_PREAMBLE))
4860 		cmd.host_command_parameters[0] |= IPW_CFG_PREAMBLE_AUTO;
4861 
4862 	err = ipw2100_get_ordinal(priv,
4863 				  IPW_ORD_EEPROM_IBSS_11B_CHANNELS,
4864 				  &ibss_mask, &len);
4865 	if (err)
4866 		ibss_mask = IPW_IBSS_11B_DEFAULT_MASK;
4867 
4868 	cmd.host_command_parameters[1] = REG_CHANNEL_MASK;
4869 	cmd.host_command_parameters[2] = REG_CHANNEL_MASK & ibss_mask;
4870 
4871 	/* 11b only */
4872 	/*cmd.host_command_parameters[0] |= DIVERSITY_ANTENNA_A; */
4873 
4874 	err = ipw2100_hw_send_command(priv, &cmd);
4875 	if (err)
4876 		return err;
4877 
4878 /* If IPv6 is configured in the kernel then we don't want to filter out all
4879  * of the multicast packets as IPv6 needs some. */
4880 #if !defined(CONFIG_IPV6) && !defined(CONFIG_IPV6_MODULE)
4881 	cmd.host_command = ADD_MULTICAST;
4882 	cmd.host_command_sequence = 0;
4883 	cmd.host_command_length = 0;
4884 
4885 	ipw2100_hw_send_command(priv, &cmd);
4886 #endif
4887 	if (!batch_mode) {
4888 		err = ipw2100_enable_adapter(priv);
4889 		if (err)
4890 			return err;
4891 	}
4892 
4893 	return 0;
4894 }
4895 
4896 static int ipw2100_set_tx_rates(struct ipw2100_priv *priv, u32 rate,
4897 				int batch_mode)
4898 {
4899 	struct host_command cmd = {
4900 		.host_command = BASIC_TX_RATES,
4901 		.host_command_sequence = 0,
4902 		.host_command_length = 4
4903 	};
4904 	int err;
4905 
4906 	cmd.host_command_parameters[0] = rate & TX_RATE_MASK;
4907 
4908 	if (!batch_mode) {
4909 		err = ipw2100_disable_adapter(priv);
4910 		if (err)
4911 			return err;
4912 	}
4913 
4914 	/* Set BASIC TX Rate first */
4915 	ipw2100_hw_send_command(priv, &cmd);
4916 
4917 	/* Set TX Rate */
4918 	cmd.host_command = TX_RATES;
4919 	ipw2100_hw_send_command(priv, &cmd);
4920 
4921 	/* Set MSDU TX Rate */
4922 	cmd.host_command = MSDU_TX_RATES;
4923 	ipw2100_hw_send_command(priv, &cmd);
4924 
4925 	if (!batch_mode) {
4926 		err = ipw2100_enable_adapter(priv);
4927 		if (err)
4928 			return err;
4929 	}
4930 
4931 	priv->tx_rates = rate;
4932 
4933 	return 0;
4934 }
4935 
4936 static int ipw2100_set_power_mode(struct ipw2100_priv *priv, int power_level)
4937 {
4938 	struct host_command cmd = {
4939 		.host_command = POWER_MODE,
4940 		.host_command_sequence = 0,
4941 		.host_command_length = 4
4942 	};
4943 	int err;
4944 
4945 	cmd.host_command_parameters[0] = power_level;
4946 
4947 	err = ipw2100_hw_send_command(priv, &cmd);
4948 	if (err)
4949 		return err;
4950 
4951 	if (power_level == IPW_POWER_MODE_CAM)
4952 		priv->power_mode = IPW_POWER_LEVEL(priv->power_mode);
4953 	else
4954 		priv->power_mode = IPW_POWER_ENABLED | power_level;
4955 
4956 #ifdef IPW2100_TX_POWER
4957 	if (priv->port_type == IBSS && priv->adhoc_power != DFTL_IBSS_TX_POWER) {
4958 		/* Set beacon interval */
4959 		cmd.host_command = TX_POWER_INDEX;
4960 		cmd.host_command_parameters[0] = (u32) priv->adhoc_power;
4961 
4962 		err = ipw2100_hw_send_command(priv, &cmd);
4963 		if (err)
4964 			return err;
4965 	}
4966 #endif
4967 
4968 	return 0;
4969 }
4970 
4971 static int ipw2100_set_rts_threshold(struct ipw2100_priv *priv, u32 threshold)
4972 {
4973 	struct host_command cmd = {
4974 		.host_command = RTS_THRESHOLD,
4975 		.host_command_sequence = 0,
4976 		.host_command_length = 4
4977 	};
4978 	int err;
4979 
4980 	if (threshold & RTS_DISABLED)
4981 		cmd.host_command_parameters[0] = MAX_RTS_THRESHOLD;
4982 	else
4983 		cmd.host_command_parameters[0] = threshold & ~RTS_DISABLED;
4984 
4985 	err = ipw2100_hw_send_command(priv, &cmd);
4986 	if (err)
4987 		return err;
4988 
4989 	priv->rts_threshold = threshold;
4990 
4991 	return 0;
4992 }
4993 
4994 #if 0
4995 int ipw2100_set_fragmentation_threshold(struct ipw2100_priv *priv,
4996 					u32 threshold, int batch_mode)
4997 {
4998 	struct host_command cmd = {
4999 		.host_command = FRAG_THRESHOLD,
5000 		.host_command_sequence = 0,
5001 		.host_command_length = 4,
5002 		.host_command_parameters[0] = 0,
5003 	};
5004 	int err;
5005 
5006 	if (!batch_mode) {
5007 		err = ipw2100_disable_adapter(priv);
5008 		if (err)
5009 			return err;
5010 	}
5011 
5012 	if (threshold == 0)
5013 		threshold = DEFAULT_FRAG_THRESHOLD;
5014 	else {
5015 		threshold = max(threshold, MIN_FRAG_THRESHOLD);
5016 		threshold = min(threshold, MAX_FRAG_THRESHOLD);
5017 	}
5018 
5019 	cmd.host_command_parameters[0] = threshold;
5020 
5021 	IPW_DEBUG_HC("FRAG_THRESHOLD: %u\n", threshold);
5022 
5023 	err = ipw2100_hw_send_command(priv, &cmd);
5024 
5025 	if (!batch_mode)
5026 		ipw2100_enable_adapter(priv);
5027 
5028 	if (!err)
5029 		priv->frag_threshold = threshold;
5030 
5031 	return err;
5032 }
5033 #endif
5034 
5035 static int ipw2100_set_short_retry(struct ipw2100_priv *priv, u32 retry)
5036 {
5037 	struct host_command cmd = {
5038 		.host_command = SHORT_RETRY_LIMIT,
5039 		.host_command_sequence = 0,
5040 		.host_command_length = 4
5041 	};
5042 	int err;
5043 
5044 	cmd.host_command_parameters[0] = retry;
5045 
5046 	err = ipw2100_hw_send_command(priv, &cmd);
5047 	if (err)
5048 		return err;
5049 
5050 	priv->short_retry_limit = retry;
5051 
5052 	return 0;
5053 }
5054 
5055 static int ipw2100_set_long_retry(struct ipw2100_priv *priv, u32 retry)
5056 {
5057 	struct host_command cmd = {
5058 		.host_command = LONG_RETRY_LIMIT,
5059 		.host_command_sequence = 0,
5060 		.host_command_length = 4
5061 	};
5062 	int err;
5063 
5064 	cmd.host_command_parameters[0] = retry;
5065 
5066 	err = ipw2100_hw_send_command(priv, &cmd);
5067 	if (err)
5068 		return err;
5069 
5070 	priv->long_retry_limit = retry;
5071 
5072 	return 0;
5073 }
5074 
5075 static int ipw2100_set_mandatory_bssid(struct ipw2100_priv *priv, u8 * bssid,
5076 				       int batch_mode)
5077 {
5078 	struct host_command cmd = {
5079 		.host_command = MANDATORY_BSSID,
5080 		.host_command_sequence = 0,
5081 		.host_command_length = (bssid == NULL) ? 0 : ETH_ALEN
5082 	};
5083 	int err;
5084 
5085 #ifdef CONFIG_IPW2100_DEBUG
5086 	if (bssid != NULL)
5087 		IPW_DEBUG_HC("MANDATORY_BSSID: %pM\n", bssid);
5088 	else
5089 		IPW_DEBUG_HC("MANDATORY_BSSID: <clear>\n");
5090 #endif
5091 	/* if BSSID is empty then we disable mandatory bssid mode */
5092 	if (bssid != NULL)
5093 		memcpy(cmd.host_command_parameters, bssid, ETH_ALEN);
5094 
5095 	if (!batch_mode) {
5096 		err = ipw2100_disable_adapter(priv);
5097 		if (err)
5098 			return err;
5099 	}
5100 
5101 	err = ipw2100_hw_send_command(priv, &cmd);
5102 
5103 	if (!batch_mode)
5104 		ipw2100_enable_adapter(priv);
5105 
5106 	return err;
5107 }
5108 
5109 static int ipw2100_disassociate_bssid(struct ipw2100_priv *priv)
5110 {
5111 	struct host_command cmd = {
5112 		.host_command = DISASSOCIATION_BSSID,
5113 		.host_command_sequence = 0,
5114 		.host_command_length = ETH_ALEN
5115 	};
5116 	int err;
5117 	int len;
5118 
5119 	IPW_DEBUG_HC("DISASSOCIATION_BSSID\n");
5120 
5121 	len = ETH_ALEN;
5122 	/* The Firmware currently ignores the BSSID and just disassociates from
5123 	 * the currently associated AP -- but in the off chance that a future
5124 	 * firmware does use the BSSID provided here, we go ahead and try and
5125 	 * set it to the currently associated AP's BSSID */
5126 	memcpy(cmd.host_command_parameters, priv->bssid, ETH_ALEN);
5127 
5128 	err = ipw2100_hw_send_command(priv, &cmd);
5129 
5130 	return err;
5131 }
5132 
5133 static int ipw2100_set_wpa_ie(struct ipw2100_priv *,
5134 			      struct ipw2100_wpa_assoc_frame *, int)
5135     __attribute__ ((unused));
5136 
5137 static int ipw2100_set_wpa_ie(struct ipw2100_priv *priv,
5138 			      struct ipw2100_wpa_assoc_frame *wpa_frame,
5139 			      int batch_mode)
5140 {
5141 	struct host_command cmd = {
5142 		.host_command = SET_WPA_IE,
5143 		.host_command_sequence = 0,
5144 		.host_command_length = sizeof(struct ipw2100_wpa_assoc_frame),
5145 	};
5146 	int err;
5147 
5148 	IPW_DEBUG_HC("SET_WPA_IE\n");
5149 
5150 	if (!batch_mode) {
5151 		err = ipw2100_disable_adapter(priv);
5152 		if (err)
5153 			return err;
5154 	}
5155 
5156 	memcpy(cmd.host_command_parameters, wpa_frame,
5157 	       sizeof(struct ipw2100_wpa_assoc_frame));
5158 
5159 	err = ipw2100_hw_send_command(priv, &cmd);
5160 
5161 	if (!batch_mode) {
5162 		if (ipw2100_enable_adapter(priv))
5163 			err = -EIO;
5164 	}
5165 
5166 	return err;
5167 }
5168 
5169 struct security_info_params {
5170 	u32 allowed_ciphers;
5171 	u16 version;
5172 	u8 auth_mode;
5173 	u8 replay_counters_number;
5174 	u8 unicast_using_group;
5175 } __packed;
5176 
5177 static int ipw2100_set_security_information(struct ipw2100_priv *priv,
5178 					    int auth_mode,
5179 					    int security_level,
5180 					    int unicast_using_group,
5181 					    int batch_mode)
5182 {
5183 	struct host_command cmd = {
5184 		.host_command = SET_SECURITY_INFORMATION,
5185 		.host_command_sequence = 0,
5186 		.host_command_length = sizeof(struct security_info_params)
5187 	};
5188 	struct security_info_params *security =
5189 	    (struct security_info_params *)&cmd.host_command_parameters;
5190 	int err;
5191 	memset(security, 0, sizeof(*security));
5192 
5193 	/* If shared key AP authentication is turned on, then we need to
5194 	 * configure the firmware to try and use it.
5195 	 *
5196 	 * Actual data encryption/decryption is handled by the host. */
5197 	security->auth_mode = auth_mode;
5198 	security->unicast_using_group = unicast_using_group;
5199 
5200 	switch (security_level) {
5201 	default:
5202 	case SEC_LEVEL_0:
5203 		security->allowed_ciphers = IPW_NONE_CIPHER;
5204 		break;
5205 	case SEC_LEVEL_1:
5206 		security->allowed_ciphers = IPW_WEP40_CIPHER |
5207 		    IPW_WEP104_CIPHER;
5208 		break;
5209 	case SEC_LEVEL_2:
5210 		security->allowed_ciphers = IPW_WEP40_CIPHER |
5211 		    IPW_WEP104_CIPHER | IPW_TKIP_CIPHER;
5212 		break;
5213 	case SEC_LEVEL_2_CKIP:
5214 		security->allowed_ciphers = IPW_WEP40_CIPHER |
5215 		    IPW_WEP104_CIPHER | IPW_CKIP_CIPHER;
5216 		break;
5217 	case SEC_LEVEL_3:
5218 		security->allowed_ciphers = IPW_WEP40_CIPHER |
5219 		    IPW_WEP104_CIPHER | IPW_TKIP_CIPHER | IPW_CCMP_CIPHER;
5220 		break;
5221 	}
5222 
5223 	IPW_DEBUG_HC
5224 	    ("SET_SECURITY_INFORMATION: auth:%d cipher:0x%02X (level %d)\n",
5225 	     security->auth_mode, security->allowed_ciphers, security_level);
5226 
5227 	security->replay_counters_number = 0;
5228 
5229 	if (!batch_mode) {
5230 		err = ipw2100_disable_adapter(priv);
5231 		if (err)
5232 			return err;
5233 	}
5234 
5235 	err = ipw2100_hw_send_command(priv, &cmd);
5236 
5237 	if (!batch_mode)
5238 		ipw2100_enable_adapter(priv);
5239 
5240 	return err;
5241 }
5242 
5243 static int ipw2100_set_tx_power(struct ipw2100_priv *priv, u32 tx_power)
5244 {
5245 	struct host_command cmd = {
5246 		.host_command = TX_POWER_INDEX,
5247 		.host_command_sequence = 0,
5248 		.host_command_length = 4
5249 	};
5250 	int err = 0;
5251 	u32 tmp = tx_power;
5252 
5253 	if (tx_power != IPW_TX_POWER_DEFAULT)
5254 		tmp = (tx_power - IPW_TX_POWER_MIN_DBM) * 16 /
5255 		      (IPW_TX_POWER_MAX_DBM - IPW_TX_POWER_MIN_DBM);
5256 
5257 	cmd.host_command_parameters[0] = tmp;
5258 
5259 	if (priv->ieee->iw_mode == IW_MODE_ADHOC)
5260 		err = ipw2100_hw_send_command(priv, &cmd);
5261 	if (!err)
5262 		priv->tx_power = tx_power;
5263 
5264 	return 0;
5265 }
5266 
5267 static int ipw2100_set_ibss_beacon_interval(struct ipw2100_priv *priv,
5268 					    u32 interval, int batch_mode)
5269 {
5270 	struct host_command cmd = {
5271 		.host_command = BEACON_INTERVAL,
5272 		.host_command_sequence = 0,
5273 		.host_command_length = 4
5274 	};
5275 	int err;
5276 
5277 	cmd.host_command_parameters[0] = interval;
5278 
5279 	IPW_DEBUG_INFO("enter\n");
5280 
5281 	if (priv->ieee->iw_mode == IW_MODE_ADHOC) {
5282 		if (!batch_mode) {
5283 			err = ipw2100_disable_adapter(priv);
5284 			if (err)
5285 				return err;
5286 		}
5287 
5288 		ipw2100_hw_send_command(priv, &cmd);
5289 
5290 		if (!batch_mode) {
5291 			err = ipw2100_enable_adapter(priv);
5292 			if (err)
5293 				return err;
5294 		}
5295 	}
5296 
5297 	IPW_DEBUG_INFO("exit\n");
5298 
5299 	return 0;
5300 }
5301 
5302 static void ipw2100_queues_initialize(struct ipw2100_priv *priv)
5303 {
5304 	ipw2100_tx_initialize(priv);
5305 	ipw2100_rx_initialize(priv);
5306 	ipw2100_msg_initialize(priv);
5307 }
5308 
5309 static void ipw2100_queues_free(struct ipw2100_priv *priv)
5310 {
5311 	ipw2100_tx_free(priv);
5312 	ipw2100_rx_free(priv);
5313 	ipw2100_msg_free(priv);
5314 }
5315 
5316 static int ipw2100_queues_allocate(struct ipw2100_priv *priv)
5317 {
5318 	if (ipw2100_tx_allocate(priv) ||
5319 	    ipw2100_rx_allocate(priv) || ipw2100_msg_allocate(priv))
5320 		goto fail;
5321 
5322 	return 0;
5323 
5324       fail:
5325 	ipw2100_tx_free(priv);
5326 	ipw2100_rx_free(priv);
5327 	ipw2100_msg_free(priv);
5328 	return -ENOMEM;
5329 }
5330 
5331 #define IPW_PRIVACY_CAPABLE 0x0008
5332 
5333 static int ipw2100_set_wep_flags(struct ipw2100_priv *priv, u32 flags,
5334 				 int batch_mode)
5335 {
5336 	struct host_command cmd = {
5337 		.host_command = WEP_FLAGS,
5338 		.host_command_sequence = 0,
5339 		.host_command_length = 4
5340 	};
5341 	int err;
5342 
5343 	cmd.host_command_parameters[0] = flags;
5344 
5345 	IPW_DEBUG_HC("WEP_FLAGS: flags = 0x%08X\n", flags);
5346 
5347 	if (!batch_mode) {
5348 		err = ipw2100_disable_adapter(priv);
5349 		if (err) {
5350 			printk(KERN_ERR DRV_NAME
5351 			       ": %s: Could not disable adapter %d\n",
5352 			       priv->net_dev->name, err);
5353 			return err;
5354 		}
5355 	}
5356 
5357 	/* send cmd to firmware */
5358 	err = ipw2100_hw_send_command(priv, &cmd);
5359 
5360 	if (!batch_mode)
5361 		ipw2100_enable_adapter(priv);
5362 
5363 	return err;
5364 }
5365 
5366 struct ipw2100_wep_key {
5367 	u8 idx;
5368 	u8 len;
5369 	u8 key[13];
5370 };
5371 
5372 /* Macros to ease up priting WEP keys */
5373 #define WEP_FMT_64  "%02X%02X%02X%02X-%02X"
5374 #define WEP_FMT_128 "%02X%02X%02X%02X-%02X%02X%02X%02X-%02X%02X%02X"
5375 #define WEP_STR_64(x) x[0],x[1],x[2],x[3],x[4]
5376 #define WEP_STR_128(x) x[0],x[1],x[2],x[3],x[4],x[5],x[6],x[7],x[8],x[9],x[10]
5377 
5378 /**
5379  * Set a the wep key
5380  *
5381  * @priv: struct to work on
5382  * @idx: index of the key we want to set
5383  * @key: ptr to the key data to set
5384  * @len: length of the buffer at @key
5385  * @batch_mode: FIXME perform the operation in batch mode, not
5386  *              disabling the device.
5387  *
5388  * @returns 0 if OK, < 0 errno code on error.
5389  *
5390  * Fill out a command structure with the new wep key, length an
5391  * index and send it down the wire.
5392  */
5393 static int ipw2100_set_key(struct ipw2100_priv *priv,
5394 			   int idx, char *key, int len, int batch_mode)
5395 {
5396 	int keylen = len ? (len <= 5 ? 5 : 13) : 0;
5397 	struct host_command cmd = {
5398 		.host_command = WEP_KEY_INFO,
5399 		.host_command_sequence = 0,
5400 		.host_command_length = sizeof(struct ipw2100_wep_key),
5401 	};
5402 	struct ipw2100_wep_key *wep_key = (void *)cmd.host_command_parameters;
5403 	int err;
5404 
5405 	IPW_DEBUG_HC("WEP_KEY_INFO: index = %d, len = %d/%d\n",
5406 		     idx, keylen, len);
5407 
5408 	/* NOTE: We don't check cached values in case the firmware was reset
5409 	 * or some other problem is occurring.  If the user is setting the key,
5410 	 * then we push the change */
5411 
5412 	wep_key->idx = idx;
5413 	wep_key->len = keylen;
5414 
5415 	if (keylen) {
5416 		memcpy(wep_key->key, key, len);
5417 		memset(wep_key->key + len, 0, keylen - len);
5418 	}
5419 
5420 	/* Will be optimized out on debug not being configured in */
5421 	if (keylen == 0)
5422 		IPW_DEBUG_WEP("%s: Clearing key %d\n",
5423 			      priv->net_dev->name, wep_key->idx);
5424 	else if (keylen == 5)
5425 		IPW_DEBUG_WEP("%s: idx: %d, len: %d key: " WEP_FMT_64 "\n",
5426 			      priv->net_dev->name, wep_key->idx, wep_key->len,
5427 			      WEP_STR_64(wep_key->key));
5428 	else
5429 		IPW_DEBUG_WEP("%s: idx: %d, len: %d key: " WEP_FMT_128
5430 			      "\n",
5431 			      priv->net_dev->name, wep_key->idx, wep_key->len,
5432 			      WEP_STR_128(wep_key->key));
5433 
5434 	if (!batch_mode) {
5435 		err = ipw2100_disable_adapter(priv);
5436 		/* FIXME: IPG: shouldn't this prink be in _disable_adapter()? */
5437 		if (err) {
5438 			printk(KERN_ERR DRV_NAME
5439 			       ": %s: Could not disable adapter %d\n",
5440 			       priv->net_dev->name, err);
5441 			return err;
5442 		}
5443 	}
5444 
5445 	/* send cmd to firmware */
5446 	err = ipw2100_hw_send_command(priv, &cmd);
5447 
5448 	if (!batch_mode) {
5449 		int err2 = ipw2100_enable_adapter(priv);
5450 		if (err == 0)
5451 			err = err2;
5452 	}
5453 	return err;
5454 }
5455 
5456 static int ipw2100_set_key_index(struct ipw2100_priv *priv,
5457 				 int idx, int batch_mode)
5458 {
5459 	struct host_command cmd = {
5460 		.host_command = WEP_KEY_INDEX,
5461 		.host_command_sequence = 0,
5462 		.host_command_length = 4,
5463 		.host_command_parameters = {idx},
5464 	};
5465 	int err;
5466 
5467 	IPW_DEBUG_HC("WEP_KEY_INDEX: index = %d\n", idx);
5468 
5469 	if (idx < 0 || idx > 3)
5470 		return -EINVAL;
5471 
5472 	if (!batch_mode) {
5473 		err = ipw2100_disable_adapter(priv);
5474 		if (err) {
5475 			printk(KERN_ERR DRV_NAME
5476 			       ": %s: Could not disable adapter %d\n",
5477 			       priv->net_dev->name, err);
5478 			return err;
5479 		}
5480 	}
5481 
5482 	/* send cmd to firmware */
5483 	err = ipw2100_hw_send_command(priv, &cmd);
5484 
5485 	if (!batch_mode)
5486 		ipw2100_enable_adapter(priv);
5487 
5488 	return err;
5489 }
5490 
5491 static int ipw2100_configure_security(struct ipw2100_priv *priv, int batch_mode)
5492 {
5493 	int i, err, auth_mode, sec_level, use_group;
5494 
5495 	if (!(priv->status & STATUS_RUNNING))
5496 		return 0;
5497 
5498 	if (!batch_mode) {
5499 		err = ipw2100_disable_adapter(priv);
5500 		if (err)
5501 			return err;
5502 	}
5503 
5504 	if (!priv->ieee->sec.enabled) {
5505 		err =
5506 		    ipw2100_set_security_information(priv, IPW_AUTH_OPEN,
5507 						     SEC_LEVEL_0, 0, 1);
5508 	} else {
5509 		auth_mode = IPW_AUTH_OPEN;
5510 		if (priv->ieee->sec.flags & SEC_AUTH_MODE) {
5511 			if (priv->ieee->sec.auth_mode == WLAN_AUTH_SHARED_KEY)
5512 				auth_mode = IPW_AUTH_SHARED;
5513 			else if (priv->ieee->sec.auth_mode == WLAN_AUTH_LEAP)
5514 				auth_mode = IPW_AUTH_LEAP_CISCO_ID;
5515 		}
5516 
5517 		sec_level = SEC_LEVEL_0;
5518 		if (priv->ieee->sec.flags & SEC_LEVEL)
5519 			sec_level = priv->ieee->sec.level;
5520 
5521 		use_group = 0;
5522 		if (priv->ieee->sec.flags & SEC_UNICAST_GROUP)
5523 			use_group = priv->ieee->sec.unicast_uses_group;
5524 
5525 		err =
5526 		    ipw2100_set_security_information(priv, auth_mode, sec_level,
5527 						     use_group, 1);
5528 	}
5529 
5530 	if (err)
5531 		goto exit;
5532 
5533 	if (priv->ieee->sec.enabled) {
5534 		for (i = 0; i < 4; i++) {
5535 			if (!(priv->ieee->sec.flags & (1 << i))) {
5536 				memset(priv->ieee->sec.keys[i], 0, WEP_KEY_LEN);
5537 				priv->ieee->sec.key_sizes[i] = 0;
5538 			} else {
5539 				err = ipw2100_set_key(priv, i,
5540 						      priv->ieee->sec.keys[i],
5541 						      priv->ieee->sec.
5542 						      key_sizes[i], 1);
5543 				if (err)
5544 					goto exit;
5545 			}
5546 		}
5547 
5548 		ipw2100_set_key_index(priv, priv->ieee->crypt_info.tx_keyidx, 1);
5549 	}
5550 
5551 	/* Always enable privacy so the Host can filter WEP packets if
5552 	 * encrypted data is sent up */
5553 	err =
5554 	    ipw2100_set_wep_flags(priv,
5555 				  priv->ieee->sec.
5556 				  enabled ? IPW_PRIVACY_CAPABLE : 0, 1);
5557 	if (err)
5558 		goto exit;
5559 
5560 	priv->status &= ~STATUS_SECURITY_UPDATED;
5561 
5562       exit:
5563 	if (!batch_mode)
5564 		ipw2100_enable_adapter(priv);
5565 
5566 	return err;
5567 }
5568 
5569 static void ipw2100_security_work(struct work_struct *work)
5570 {
5571 	struct ipw2100_priv *priv =
5572 		container_of(work, struct ipw2100_priv, security_work.work);
5573 
5574 	/* If we happen to have reconnected before we get a chance to
5575 	 * process this, then update the security settings--which causes
5576 	 * a disassociation to occur */
5577 	if (!(priv->status & STATUS_ASSOCIATED) &&
5578 	    priv->status & STATUS_SECURITY_UPDATED)
5579 		ipw2100_configure_security(priv, 0);
5580 }
5581 
5582 static void shim__set_security(struct net_device *dev,
5583 			       struct libipw_security *sec)
5584 {
5585 	struct ipw2100_priv *priv = libipw_priv(dev);
5586 	int i, force_update = 0;
5587 
5588 	mutex_lock(&priv->action_mutex);
5589 	if (!(priv->status & STATUS_INITIALIZED))
5590 		goto done;
5591 
5592 	for (i = 0; i < 4; i++) {
5593 		if (sec->flags & (1 << i)) {
5594 			priv->ieee->sec.key_sizes[i] = sec->key_sizes[i];
5595 			if (sec->key_sizes[i] == 0)
5596 				priv->ieee->sec.flags &= ~(1 << i);
5597 			else
5598 				memcpy(priv->ieee->sec.keys[i], sec->keys[i],
5599 				       sec->key_sizes[i]);
5600 			if (sec->level == SEC_LEVEL_1) {
5601 				priv->ieee->sec.flags |= (1 << i);
5602 				priv->status |= STATUS_SECURITY_UPDATED;
5603 			} else
5604 				priv->ieee->sec.flags &= ~(1 << i);
5605 		}
5606 	}
5607 
5608 	if ((sec->flags & SEC_ACTIVE_KEY) &&
5609 	    priv->ieee->sec.active_key != sec->active_key) {
5610 		if (sec->active_key <= 3) {
5611 			priv->ieee->sec.active_key = sec->active_key;
5612 			priv->ieee->sec.flags |= SEC_ACTIVE_KEY;
5613 		} else
5614 			priv->ieee->sec.flags &= ~SEC_ACTIVE_KEY;
5615 
5616 		priv->status |= STATUS_SECURITY_UPDATED;
5617 	}
5618 
5619 	if ((sec->flags & SEC_AUTH_MODE) &&
5620 	    (priv->ieee->sec.auth_mode != sec->auth_mode)) {
5621 		priv->ieee->sec.auth_mode = sec->auth_mode;
5622 		priv->ieee->sec.flags |= SEC_AUTH_MODE;
5623 		priv->status |= STATUS_SECURITY_UPDATED;
5624 	}
5625 
5626 	if (sec->flags & SEC_ENABLED && priv->ieee->sec.enabled != sec->enabled) {
5627 		priv->ieee->sec.flags |= SEC_ENABLED;
5628 		priv->ieee->sec.enabled = sec->enabled;
5629 		priv->status |= STATUS_SECURITY_UPDATED;
5630 		force_update = 1;
5631 	}
5632 
5633 	if (sec->flags & SEC_ENCRYPT)
5634 		priv->ieee->sec.encrypt = sec->encrypt;
5635 
5636 	if (sec->flags & SEC_LEVEL && priv->ieee->sec.level != sec->level) {
5637 		priv->ieee->sec.level = sec->level;
5638 		priv->ieee->sec.flags |= SEC_LEVEL;
5639 		priv->status |= STATUS_SECURITY_UPDATED;
5640 	}
5641 
5642 	IPW_DEBUG_WEP("Security flags: %c %c%c%c%c %c%c%c%c\n",
5643 		      priv->ieee->sec.flags & (1 << 8) ? '1' : '0',
5644 		      priv->ieee->sec.flags & (1 << 7) ? '1' : '0',
5645 		      priv->ieee->sec.flags & (1 << 6) ? '1' : '0',
5646 		      priv->ieee->sec.flags & (1 << 5) ? '1' : '0',
5647 		      priv->ieee->sec.flags & (1 << 4) ? '1' : '0',
5648 		      priv->ieee->sec.flags & (1 << 3) ? '1' : '0',
5649 		      priv->ieee->sec.flags & (1 << 2) ? '1' : '0',
5650 		      priv->ieee->sec.flags & (1 << 1) ? '1' : '0',
5651 		      priv->ieee->sec.flags & (1 << 0) ? '1' : '0');
5652 
5653 /* As a temporary work around to enable WPA until we figure out why
5654  * wpa_supplicant toggles the security capability of the driver, which
5655  * forces a disassociation with force_update...
5656  *
5657  *	if (force_update || !(priv->status & STATUS_ASSOCIATED))*/
5658 	if (!(priv->status & (STATUS_ASSOCIATED | STATUS_ASSOCIATING)))
5659 		ipw2100_configure_security(priv, 0);
5660       done:
5661 	mutex_unlock(&priv->action_mutex);
5662 }
5663 
5664 static int ipw2100_adapter_setup(struct ipw2100_priv *priv)
5665 {
5666 	int err;
5667 	int batch_mode = 1;
5668 	u8 *bssid;
5669 
5670 	IPW_DEBUG_INFO("enter\n");
5671 
5672 	err = ipw2100_disable_adapter(priv);
5673 	if (err)
5674 		return err;
5675 #ifdef CONFIG_IPW2100_MONITOR
5676 	if (priv->ieee->iw_mode == IW_MODE_MONITOR) {
5677 		err = ipw2100_set_channel(priv, priv->channel, batch_mode);
5678 		if (err)
5679 			return err;
5680 
5681 		IPW_DEBUG_INFO("exit\n");
5682 
5683 		return 0;
5684 	}
5685 #endif				/* CONFIG_IPW2100_MONITOR */
5686 
5687 	err = ipw2100_read_mac_address(priv);
5688 	if (err)
5689 		return -EIO;
5690 
5691 	err = ipw2100_set_mac_address(priv, batch_mode);
5692 	if (err)
5693 		return err;
5694 
5695 	err = ipw2100_set_port_type(priv, priv->ieee->iw_mode, batch_mode);
5696 	if (err)
5697 		return err;
5698 
5699 	if (priv->ieee->iw_mode == IW_MODE_ADHOC) {
5700 		err = ipw2100_set_channel(priv, priv->channel, batch_mode);
5701 		if (err)
5702 			return err;
5703 	}
5704 
5705 	err = ipw2100_system_config(priv, batch_mode);
5706 	if (err)
5707 		return err;
5708 
5709 	err = ipw2100_set_tx_rates(priv, priv->tx_rates, batch_mode);
5710 	if (err)
5711 		return err;
5712 
5713 	/* Default to power mode OFF */
5714 	err = ipw2100_set_power_mode(priv, IPW_POWER_MODE_CAM);
5715 	if (err)
5716 		return err;
5717 
5718 	err = ipw2100_set_rts_threshold(priv, priv->rts_threshold);
5719 	if (err)
5720 		return err;
5721 
5722 	if (priv->config & CFG_STATIC_BSSID)
5723 		bssid = priv->bssid;
5724 	else
5725 		bssid = NULL;
5726 	err = ipw2100_set_mandatory_bssid(priv, bssid, batch_mode);
5727 	if (err)
5728 		return err;
5729 
5730 	if (priv->config & CFG_STATIC_ESSID)
5731 		err = ipw2100_set_essid(priv, priv->essid, priv->essid_len,
5732 					batch_mode);
5733 	else
5734 		err = ipw2100_set_essid(priv, NULL, 0, batch_mode);
5735 	if (err)
5736 		return err;
5737 
5738 	err = ipw2100_configure_security(priv, batch_mode);
5739 	if (err)
5740 		return err;
5741 
5742 	if (priv->ieee->iw_mode == IW_MODE_ADHOC) {
5743 		err =
5744 		    ipw2100_set_ibss_beacon_interval(priv,
5745 						     priv->beacon_interval,
5746 						     batch_mode);
5747 		if (err)
5748 			return err;
5749 
5750 		err = ipw2100_set_tx_power(priv, priv->tx_power);
5751 		if (err)
5752 			return err;
5753 	}
5754 
5755 	/*
5756 	   err = ipw2100_set_fragmentation_threshold(
5757 	   priv, priv->frag_threshold, batch_mode);
5758 	   if (err)
5759 	   return err;
5760 	 */
5761 
5762 	IPW_DEBUG_INFO("exit\n");
5763 
5764 	return 0;
5765 }
5766 
5767 /*************************************************************************
5768  *
5769  * EXTERNALLY CALLED METHODS
5770  *
5771  *************************************************************************/
5772 
5773 /* This method is called by the network layer -- not to be confused with
5774  * ipw2100_set_mac_address() declared above called by this driver (and this
5775  * method as well) to talk to the firmware */
5776 static int ipw2100_set_address(struct net_device *dev, void *p)
5777 {
5778 	struct ipw2100_priv *priv = libipw_priv(dev);
5779 	struct sockaddr *addr = p;
5780 	int err = 0;
5781 
5782 	if (!is_valid_ether_addr(addr->sa_data))
5783 		return -EADDRNOTAVAIL;
5784 
5785 	mutex_lock(&priv->action_mutex);
5786 
5787 	priv->config |= CFG_CUSTOM_MAC;
5788 	memcpy(priv->mac_addr, addr->sa_data, ETH_ALEN);
5789 
5790 	err = ipw2100_set_mac_address(priv, 0);
5791 	if (err)
5792 		goto done;
5793 
5794 	priv->reset_backoff = 0;
5795 	mutex_unlock(&priv->action_mutex);
5796 	ipw2100_reset_adapter(&priv->reset_work.work);
5797 	return 0;
5798 
5799       done:
5800 	mutex_unlock(&priv->action_mutex);
5801 	return err;
5802 }
5803 
5804 static int ipw2100_open(struct net_device *dev)
5805 {
5806 	struct ipw2100_priv *priv = libipw_priv(dev);
5807 	unsigned long flags;
5808 	IPW_DEBUG_INFO("dev->open\n");
5809 
5810 	spin_lock_irqsave(&priv->low_lock, flags);
5811 	if (priv->status & STATUS_ASSOCIATED) {
5812 		netif_carrier_on(dev);
5813 		netif_start_queue(dev);
5814 	}
5815 	spin_unlock_irqrestore(&priv->low_lock, flags);
5816 
5817 	return 0;
5818 }
5819 
5820 static int ipw2100_close(struct net_device *dev)
5821 {
5822 	struct ipw2100_priv *priv = libipw_priv(dev);
5823 	unsigned long flags;
5824 	struct list_head *element;
5825 	struct ipw2100_tx_packet *packet;
5826 
5827 	IPW_DEBUG_INFO("enter\n");
5828 
5829 	spin_lock_irqsave(&priv->low_lock, flags);
5830 
5831 	if (priv->status & STATUS_ASSOCIATED)
5832 		netif_carrier_off(dev);
5833 	netif_stop_queue(dev);
5834 
5835 	/* Flush the TX queue ... */
5836 	while (!list_empty(&priv->tx_pend_list)) {
5837 		element = priv->tx_pend_list.next;
5838 		packet = list_entry(element, struct ipw2100_tx_packet, list);
5839 
5840 		list_del(element);
5841 		DEC_STAT(&priv->tx_pend_stat);
5842 
5843 		libipw_txb_free(packet->info.d_struct.txb);
5844 		packet->info.d_struct.txb = NULL;
5845 
5846 		list_add_tail(element, &priv->tx_free_list);
5847 		INC_STAT(&priv->tx_free_stat);
5848 	}
5849 	spin_unlock_irqrestore(&priv->low_lock, flags);
5850 
5851 	IPW_DEBUG_INFO("exit\n");
5852 
5853 	return 0;
5854 }
5855 
5856 /*
5857  * TODO:  Fix this function... its just wrong
5858  */
5859 static void ipw2100_tx_timeout(struct net_device *dev)
5860 {
5861 	struct ipw2100_priv *priv = libipw_priv(dev);
5862 
5863 	dev->stats.tx_errors++;
5864 
5865 #ifdef CONFIG_IPW2100_MONITOR
5866 	if (priv->ieee->iw_mode == IW_MODE_MONITOR)
5867 		return;
5868 #endif
5869 
5870 	IPW_DEBUG_INFO("%s: TX timed out.  Scheduling firmware restart.\n",
5871 		       dev->name);
5872 	schedule_reset(priv);
5873 }
5874 
5875 static int ipw2100_wpa_enable(struct ipw2100_priv *priv, int value)
5876 {
5877 	/* This is called when wpa_supplicant loads and closes the driver
5878 	 * interface. */
5879 	priv->ieee->wpa_enabled = value;
5880 	return 0;
5881 }
5882 
5883 static int ipw2100_wpa_set_auth_algs(struct ipw2100_priv *priv, int value)
5884 {
5885 
5886 	struct libipw_device *ieee = priv->ieee;
5887 	struct libipw_security sec = {
5888 		.flags = SEC_AUTH_MODE,
5889 	};
5890 	int ret = 0;
5891 
5892 	if (value & IW_AUTH_ALG_SHARED_KEY) {
5893 		sec.auth_mode = WLAN_AUTH_SHARED_KEY;
5894 		ieee->open_wep = 0;
5895 	} else if (value & IW_AUTH_ALG_OPEN_SYSTEM) {
5896 		sec.auth_mode = WLAN_AUTH_OPEN;
5897 		ieee->open_wep = 1;
5898 	} else if (value & IW_AUTH_ALG_LEAP) {
5899 		sec.auth_mode = WLAN_AUTH_LEAP;
5900 		ieee->open_wep = 1;
5901 	} else
5902 		return -EINVAL;
5903 
5904 	if (ieee->set_security)
5905 		ieee->set_security(ieee->dev, &sec);
5906 	else
5907 		ret = -EOPNOTSUPP;
5908 
5909 	return ret;
5910 }
5911 
5912 static void ipw2100_wpa_assoc_frame(struct ipw2100_priv *priv,
5913 				    char *wpa_ie, int wpa_ie_len)
5914 {
5915 
5916 	struct ipw2100_wpa_assoc_frame frame;
5917 
5918 	frame.fixed_ie_mask = 0;
5919 
5920 	/* copy WPA IE */
5921 	memcpy(frame.var_ie, wpa_ie, wpa_ie_len);
5922 	frame.var_ie_len = wpa_ie_len;
5923 
5924 	/* make sure WPA is enabled */
5925 	ipw2100_wpa_enable(priv, 1);
5926 	ipw2100_set_wpa_ie(priv, &frame, 0);
5927 }
5928 
5929 static void ipw_ethtool_get_drvinfo(struct net_device *dev,
5930 				    struct ethtool_drvinfo *info)
5931 {
5932 	struct ipw2100_priv *priv = libipw_priv(dev);
5933 	char fw_ver[64], ucode_ver[64];
5934 
5935 	strlcpy(info->driver, DRV_NAME, sizeof(info->driver));
5936 	strlcpy(info->version, DRV_VERSION, sizeof(info->version));
5937 
5938 	ipw2100_get_fwversion(priv, fw_ver, sizeof(fw_ver));
5939 	ipw2100_get_ucodeversion(priv, ucode_ver, sizeof(ucode_ver));
5940 
5941 	snprintf(info->fw_version, sizeof(info->fw_version), "%s:%d:%s",
5942 		 fw_ver, priv->eeprom_version, ucode_ver);
5943 
5944 	strlcpy(info->bus_info, pci_name(priv->pci_dev),
5945 		sizeof(info->bus_info));
5946 }
5947 
5948 static u32 ipw2100_ethtool_get_link(struct net_device *dev)
5949 {
5950 	struct ipw2100_priv *priv = libipw_priv(dev);
5951 	return (priv->status & STATUS_ASSOCIATED) ? 1 : 0;
5952 }
5953 
5954 static const struct ethtool_ops ipw2100_ethtool_ops = {
5955 	.get_link = ipw2100_ethtool_get_link,
5956 	.get_drvinfo = ipw_ethtool_get_drvinfo,
5957 };
5958 
5959 static void ipw2100_hang_check(struct work_struct *work)
5960 {
5961 	struct ipw2100_priv *priv =
5962 		container_of(work, struct ipw2100_priv, hang_check.work);
5963 	unsigned long flags;
5964 	u32 rtc = 0xa5a5a5a5;
5965 	u32 len = sizeof(rtc);
5966 	int restart = 0;
5967 
5968 	spin_lock_irqsave(&priv->low_lock, flags);
5969 
5970 	if (priv->fatal_error != 0) {
5971 		/* If fatal_error is set then we need to restart */
5972 		IPW_DEBUG_INFO("%s: Hardware fatal error detected.\n",
5973 			       priv->net_dev->name);
5974 
5975 		restart = 1;
5976 	} else if (ipw2100_get_ordinal(priv, IPW_ORD_RTC_TIME, &rtc, &len) ||
5977 		   (rtc == priv->last_rtc)) {
5978 		/* Check if firmware is hung */
5979 		IPW_DEBUG_INFO("%s: Firmware RTC stalled.\n",
5980 			       priv->net_dev->name);
5981 
5982 		restart = 1;
5983 	}
5984 
5985 	if (restart) {
5986 		/* Kill timer */
5987 		priv->stop_hang_check = 1;
5988 		priv->hangs++;
5989 
5990 		/* Restart the NIC */
5991 		schedule_reset(priv);
5992 	}
5993 
5994 	priv->last_rtc = rtc;
5995 
5996 	if (!priv->stop_hang_check)
5997 		schedule_delayed_work(&priv->hang_check, HZ / 2);
5998 
5999 	spin_unlock_irqrestore(&priv->low_lock, flags);
6000 }
6001 
6002 static void ipw2100_rf_kill(struct work_struct *work)
6003 {
6004 	struct ipw2100_priv *priv =
6005 		container_of(work, struct ipw2100_priv, rf_kill.work);
6006 	unsigned long flags;
6007 
6008 	spin_lock_irqsave(&priv->low_lock, flags);
6009 
6010 	if (rf_kill_active(priv)) {
6011 		IPW_DEBUG_RF_KILL("RF Kill active, rescheduling GPIO check\n");
6012 		if (!priv->stop_rf_kill)
6013 			schedule_delayed_work(&priv->rf_kill,
6014 					      round_jiffies_relative(HZ));
6015 		goto exit_unlock;
6016 	}
6017 
6018 	/* RF Kill is now disabled, so bring the device back up */
6019 
6020 	if (!(priv->status & STATUS_RF_KILL_MASK)) {
6021 		IPW_DEBUG_RF_KILL("HW RF Kill no longer active, restarting "
6022 				  "device\n");
6023 		schedule_reset(priv);
6024 	} else
6025 		IPW_DEBUG_RF_KILL("HW RF Kill deactivated.  SW RF Kill still "
6026 				  "enabled\n");
6027 
6028       exit_unlock:
6029 	spin_unlock_irqrestore(&priv->low_lock, flags);
6030 }
6031 
6032 static void ipw2100_irq_tasklet(struct ipw2100_priv *priv);
6033 
6034 static const struct net_device_ops ipw2100_netdev_ops = {
6035 	.ndo_open		= ipw2100_open,
6036 	.ndo_stop		= ipw2100_close,
6037 	.ndo_start_xmit		= libipw_xmit,
6038 	.ndo_tx_timeout		= ipw2100_tx_timeout,
6039 	.ndo_set_mac_address	= ipw2100_set_address,
6040 	.ndo_validate_addr	= eth_validate_addr,
6041 };
6042 
6043 /* Look into using netdev destructor to shutdown libipw? */
6044 
6045 static struct net_device *ipw2100_alloc_device(struct pci_dev *pci_dev,
6046 					       void __iomem * ioaddr)
6047 {
6048 	struct ipw2100_priv *priv;
6049 	struct net_device *dev;
6050 
6051 	dev = alloc_libipw(sizeof(struct ipw2100_priv), 0);
6052 	if (!dev)
6053 		return NULL;
6054 	priv = libipw_priv(dev);
6055 	priv->ieee = netdev_priv(dev);
6056 	priv->pci_dev = pci_dev;
6057 	priv->net_dev = dev;
6058 	priv->ioaddr = ioaddr;
6059 
6060 	priv->ieee->hard_start_xmit = ipw2100_tx;
6061 	priv->ieee->set_security = shim__set_security;
6062 
6063 	priv->ieee->perfect_rssi = -20;
6064 	priv->ieee->worst_rssi = -85;
6065 
6066 	dev->netdev_ops = &ipw2100_netdev_ops;
6067 	dev->ethtool_ops = &ipw2100_ethtool_ops;
6068 	dev->wireless_handlers = &ipw2100_wx_handler_def;
6069 	priv->wireless_data.libipw = priv->ieee;
6070 	dev->wireless_data = &priv->wireless_data;
6071 	dev->watchdog_timeo = 3 * HZ;
6072 	dev->irq = 0;
6073 	dev->min_mtu = 68;
6074 	dev->max_mtu = LIBIPW_DATA_LEN;
6075 
6076 	/* NOTE: We don't use the wireless_handlers hook
6077 	 * in dev as the system will start throwing WX requests
6078 	 * to us before we're actually initialized and it just
6079 	 * ends up causing problems.  So, we just handle
6080 	 * the WX extensions through the ipw2100_ioctl interface */
6081 
6082 	/* memset() puts everything to 0, so we only have explicitly set
6083 	 * those values that need to be something else */
6084 
6085 	/* If power management is turned on, default to AUTO mode */
6086 	priv->power_mode = IPW_POWER_AUTO;
6087 
6088 #ifdef CONFIG_IPW2100_MONITOR
6089 	priv->config |= CFG_CRC_CHECK;
6090 #endif
6091 	priv->ieee->wpa_enabled = 0;
6092 	priv->ieee->drop_unencrypted = 0;
6093 	priv->ieee->privacy_invoked = 0;
6094 	priv->ieee->ieee802_1x = 1;
6095 
6096 	/* Set module parameters */
6097 	switch (network_mode) {
6098 	case 1:
6099 		priv->ieee->iw_mode = IW_MODE_ADHOC;
6100 		break;
6101 #ifdef CONFIG_IPW2100_MONITOR
6102 	case 2:
6103 		priv->ieee->iw_mode = IW_MODE_MONITOR;
6104 		break;
6105 #endif
6106 	default:
6107 	case 0:
6108 		priv->ieee->iw_mode = IW_MODE_INFRA;
6109 		break;
6110 	}
6111 
6112 	if (disable == 1)
6113 		priv->status |= STATUS_RF_KILL_SW;
6114 
6115 	if (channel != 0 &&
6116 	    ((channel >= REG_MIN_CHANNEL) && (channel <= REG_MAX_CHANNEL))) {
6117 		priv->config |= CFG_STATIC_CHANNEL;
6118 		priv->channel = channel;
6119 	}
6120 
6121 	if (associate)
6122 		priv->config |= CFG_ASSOCIATE;
6123 
6124 	priv->beacon_interval = DEFAULT_BEACON_INTERVAL;
6125 	priv->short_retry_limit = DEFAULT_SHORT_RETRY_LIMIT;
6126 	priv->long_retry_limit = DEFAULT_LONG_RETRY_LIMIT;
6127 	priv->rts_threshold = DEFAULT_RTS_THRESHOLD | RTS_DISABLED;
6128 	priv->frag_threshold = DEFAULT_FTS | FRAG_DISABLED;
6129 	priv->tx_power = IPW_TX_POWER_DEFAULT;
6130 	priv->tx_rates = DEFAULT_TX_RATES;
6131 
6132 	strcpy(priv->nick, "ipw2100");
6133 
6134 	spin_lock_init(&priv->low_lock);
6135 	mutex_init(&priv->action_mutex);
6136 	mutex_init(&priv->adapter_mutex);
6137 
6138 	init_waitqueue_head(&priv->wait_command_queue);
6139 
6140 	netif_carrier_off(dev);
6141 
6142 	INIT_LIST_HEAD(&priv->msg_free_list);
6143 	INIT_LIST_HEAD(&priv->msg_pend_list);
6144 	INIT_STAT(&priv->msg_free_stat);
6145 	INIT_STAT(&priv->msg_pend_stat);
6146 
6147 	INIT_LIST_HEAD(&priv->tx_free_list);
6148 	INIT_LIST_HEAD(&priv->tx_pend_list);
6149 	INIT_STAT(&priv->tx_free_stat);
6150 	INIT_STAT(&priv->tx_pend_stat);
6151 
6152 	INIT_LIST_HEAD(&priv->fw_pend_list);
6153 	INIT_STAT(&priv->fw_pend_stat);
6154 
6155 	INIT_DELAYED_WORK(&priv->reset_work, ipw2100_reset_adapter);
6156 	INIT_DELAYED_WORK(&priv->security_work, ipw2100_security_work);
6157 	INIT_DELAYED_WORK(&priv->wx_event_work, ipw2100_wx_event_work);
6158 	INIT_DELAYED_WORK(&priv->hang_check, ipw2100_hang_check);
6159 	INIT_DELAYED_WORK(&priv->rf_kill, ipw2100_rf_kill);
6160 	INIT_DELAYED_WORK(&priv->scan_event, ipw2100_scan_event);
6161 
6162 	tasklet_init(&priv->irq_tasklet, (void (*)(unsigned long))
6163 		     ipw2100_irq_tasklet, (unsigned long)priv);
6164 
6165 	/* NOTE:  We do not start the deferred work for status checks yet */
6166 	priv->stop_rf_kill = 1;
6167 	priv->stop_hang_check = 1;
6168 
6169 	return dev;
6170 }
6171 
6172 static int ipw2100_pci_init_one(struct pci_dev *pci_dev,
6173 				const struct pci_device_id *ent)
6174 {
6175 	void __iomem *ioaddr;
6176 	struct net_device *dev = NULL;
6177 	struct ipw2100_priv *priv = NULL;
6178 	int err = 0;
6179 	int registered = 0;
6180 	u32 val;
6181 
6182 	IPW_DEBUG_INFO("enter\n");
6183 
6184 	if (!(pci_resource_flags(pci_dev, 0) & IORESOURCE_MEM)) {
6185 		IPW_DEBUG_INFO("weird - resource type is not memory\n");
6186 		err = -ENODEV;
6187 		goto out;
6188 	}
6189 
6190 	ioaddr = pci_iomap(pci_dev, 0, 0);
6191 	if (!ioaddr) {
6192 		printk(KERN_WARNING DRV_NAME
6193 		       "Error calling ioremap_nocache.\n");
6194 		err = -EIO;
6195 		goto fail;
6196 	}
6197 
6198 	/* allocate and initialize our net_device */
6199 	dev = ipw2100_alloc_device(pci_dev, ioaddr);
6200 	if (!dev) {
6201 		printk(KERN_WARNING DRV_NAME
6202 		       "Error calling ipw2100_alloc_device.\n");
6203 		err = -ENOMEM;
6204 		goto fail;
6205 	}
6206 
6207 	/* set up PCI mappings for device */
6208 	err = pci_enable_device(pci_dev);
6209 	if (err) {
6210 		printk(KERN_WARNING DRV_NAME
6211 		       "Error calling pci_enable_device.\n");
6212 		return err;
6213 	}
6214 
6215 	priv = libipw_priv(dev);
6216 
6217 	pci_set_master(pci_dev);
6218 	pci_set_drvdata(pci_dev, priv);
6219 
6220 	err = pci_set_dma_mask(pci_dev, DMA_BIT_MASK(32));
6221 	if (err) {
6222 		printk(KERN_WARNING DRV_NAME
6223 		       "Error calling pci_set_dma_mask.\n");
6224 		pci_disable_device(pci_dev);
6225 		return err;
6226 	}
6227 
6228 	err = pci_request_regions(pci_dev, DRV_NAME);
6229 	if (err) {
6230 		printk(KERN_WARNING DRV_NAME
6231 		       "Error calling pci_request_regions.\n");
6232 		pci_disable_device(pci_dev);
6233 		return err;
6234 	}
6235 
6236 	/* We disable the RETRY_TIMEOUT register (0x41) to keep
6237 	 * PCI Tx retries from interfering with C3 CPU state */
6238 	pci_read_config_dword(pci_dev, 0x40, &val);
6239 	if ((val & 0x0000ff00) != 0)
6240 		pci_write_config_dword(pci_dev, 0x40, val & 0xffff00ff);
6241 
6242 	if (!ipw2100_hw_is_adapter_in_system(dev)) {
6243 		printk(KERN_WARNING DRV_NAME
6244 		       "Device not found via register read.\n");
6245 		err = -ENODEV;
6246 		goto fail;
6247 	}
6248 
6249 	SET_NETDEV_DEV(dev, &pci_dev->dev);
6250 
6251 	/* Force interrupts to be shut off on the device */
6252 	priv->status |= STATUS_INT_ENABLED;
6253 	ipw2100_disable_interrupts(priv);
6254 
6255 	/* Allocate and initialize the Tx/Rx queues and lists */
6256 	if (ipw2100_queues_allocate(priv)) {
6257 		printk(KERN_WARNING DRV_NAME
6258 		       "Error calling ipw2100_queues_allocate.\n");
6259 		err = -ENOMEM;
6260 		goto fail;
6261 	}
6262 	ipw2100_queues_initialize(priv);
6263 
6264 	err = request_irq(pci_dev->irq,
6265 			  ipw2100_interrupt, IRQF_SHARED, dev->name, priv);
6266 	if (err) {
6267 		printk(KERN_WARNING DRV_NAME
6268 		       "Error calling request_irq: %d.\n", pci_dev->irq);
6269 		goto fail;
6270 	}
6271 	dev->irq = pci_dev->irq;
6272 
6273 	IPW_DEBUG_INFO("Attempting to register device...\n");
6274 
6275 	printk(KERN_INFO DRV_NAME
6276 	       ": Detected Intel PRO/Wireless 2100 Network Connection\n");
6277 
6278 	err = ipw2100_up(priv, 1);
6279 	if (err)
6280 		goto fail;
6281 
6282 	err = ipw2100_wdev_init(dev);
6283 	if (err)
6284 		goto fail;
6285 	registered = 1;
6286 
6287 	/* Bring up the interface.  Pre 0.46, after we registered the
6288 	 * network device we would call ipw2100_up.  This introduced a race
6289 	 * condition with newer hotplug configurations (network was coming
6290 	 * up and making calls before the device was initialized).
6291 	 */
6292 	err = register_netdev(dev);
6293 	if (err) {
6294 		printk(KERN_WARNING DRV_NAME
6295 		       "Error calling register_netdev.\n");
6296 		goto fail;
6297 	}
6298 	registered = 2;
6299 
6300 	mutex_lock(&priv->action_mutex);
6301 
6302 	IPW_DEBUG_INFO("%s: Bound to %s\n", dev->name, pci_name(pci_dev));
6303 
6304 	/* perform this after register_netdev so that dev->name is set */
6305 	err = sysfs_create_group(&pci_dev->dev.kobj, &ipw2100_attribute_group);
6306 	if (err)
6307 		goto fail_unlock;
6308 
6309 	/* If the RF Kill switch is disabled, go ahead and complete the
6310 	 * startup sequence */
6311 	if (!(priv->status & STATUS_RF_KILL_MASK)) {
6312 		/* Enable the adapter - sends HOST_COMPLETE */
6313 		if (ipw2100_enable_adapter(priv)) {
6314 			printk(KERN_WARNING DRV_NAME
6315 			       ": %s: failed in call to enable adapter.\n",
6316 			       priv->net_dev->name);
6317 			ipw2100_hw_stop_adapter(priv);
6318 			err = -EIO;
6319 			goto fail_unlock;
6320 		}
6321 
6322 		/* Start a scan . . . */
6323 		ipw2100_set_scan_options(priv);
6324 		ipw2100_start_scan(priv);
6325 	}
6326 
6327 	IPW_DEBUG_INFO("exit\n");
6328 
6329 	priv->status |= STATUS_INITIALIZED;
6330 
6331 	mutex_unlock(&priv->action_mutex);
6332 out:
6333 	return err;
6334 
6335       fail_unlock:
6336 	mutex_unlock(&priv->action_mutex);
6337       fail:
6338 	if (dev) {
6339 		if (registered >= 2)
6340 			unregister_netdev(dev);
6341 
6342 		if (registered) {
6343 			wiphy_unregister(priv->ieee->wdev.wiphy);
6344 			kfree(priv->ieee->bg_band.channels);
6345 		}
6346 
6347 		ipw2100_hw_stop_adapter(priv);
6348 
6349 		ipw2100_disable_interrupts(priv);
6350 
6351 		if (dev->irq)
6352 			free_irq(dev->irq, priv);
6353 
6354 		ipw2100_kill_works(priv);
6355 
6356 		/* These are safe to call even if they weren't allocated */
6357 		ipw2100_queues_free(priv);
6358 		sysfs_remove_group(&pci_dev->dev.kobj,
6359 				   &ipw2100_attribute_group);
6360 
6361 		free_libipw(dev, 0);
6362 	}
6363 
6364 	pci_iounmap(pci_dev, ioaddr);
6365 
6366 	pci_release_regions(pci_dev);
6367 	pci_disable_device(pci_dev);
6368 	goto out;
6369 }
6370 
6371 static void ipw2100_pci_remove_one(struct pci_dev *pci_dev)
6372 {
6373 	struct ipw2100_priv *priv = pci_get_drvdata(pci_dev);
6374 	struct net_device *dev = priv->net_dev;
6375 
6376 	mutex_lock(&priv->action_mutex);
6377 
6378 	priv->status &= ~STATUS_INITIALIZED;
6379 
6380 	sysfs_remove_group(&pci_dev->dev.kobj, &ipw2100_attribute_group);
6381 
6382 #ifdef CONFIG_PM
6383 	if (ipw2100_firmware.version)
6384 		ipw2100_release_firmware(priv, &ipw2100_firmware);
6385 #endif
6386 	/* Take down the hardware */
6387 	ipw2100_down(priv);
6388 
6389 	/* Release the mutex so that the network subsystem can
6390 	 * complete any needed calls into the driver... */
6391 	mutex_unlock(&priv->action_mutex);
6392 
6393 	/* Unregister the device first - this results in close()
6394 	 * being called if the device is open.  If we free storage
6395 	 * first, then close() will crash.
6396 	 * FIXME: remove the comment above. */
6397 	unregister_netdev(dev);
6398 
6399 	ipw2100_kill_works(priv);
6400 
6401 	ipw2100_queues_free(priv);
6402 
6403 	/* Free potential debugging firmware snapshot */
6404 	ipw2100_snapshot_free(priv);
6405 
6406 	free_irq(dev->irq, priv);
6407 
6408 	pci_iounmap(pci_dev, priv->ioaddr);
6409 
6410 	/* wiphy_unregister needs to be here, before free_libipw */
6411 	wiphy_unregister(priv->ieee->wdev.wiphy);
6412 	kfree(priv->ieee->bg_band.channels);
6413 	free_libipw(dev, 0);
6414 
6415 	pci_release_regions(pci_dev);
6416 	pci_disable_device(pci_dev);
6417 
6418 	IPW_DEBUG_INFO("exit\n");
6419 }
6420 
6421 #ifdef CONFIG_PM
6422 static int ipw2100_suspend(struct pci_dev *pci_dev, pm_message_t state)
6423 {
6424 	struct ipw2100_priv *priv = pci_get_drvdata(pci_dev);
6425 	struct net_device *dev = priv->net_dev;
6426 
6427 	IPW_DEBUG_INFO("%s: Going into suspend...\n", dev->name);
6428 
6429 	mutex_lock(&priv->action_mutex);
6430 	if (priv->status & STATUS_INITIALIZED) {
6431 		/* Take down the device; powers it off, etc. */
6432 		ipw2100_down(priv);
6433 	}
6434 
6435 	/* Remove the PRESENT state of the device */
6436 	netif_device_detach(dev);
6437 
6438 	pci_save_state(pci_dev);
6439 	pci_disable_device(pci_dev);
6440 	pci_set_power_state(pci_dev, PCI_D3hot);
6441 
6442 	priv->suspend_at = get_seconds();
6443 
6444 	mutex_unlock(&priv->action_mutex);
6445 
6446 	return 0;
6447 }
6448 
6449 static int ipw2100_resume(struct pci_dev *pci_dev)
6450 {
6451 	struct ipw2100_priv *priv = pci_get_drvdata(pci_dev);
6452 	struct net_device *dev = priv->net_dev;
6453 	int err;
6454 	u32 val;
6455 
6456 	if (IPW2100_PM_DISABLED)
6457 		return 0;
6458 
6459 	mutex_lock(&priv->action_mutex);
6460 
6461 	IPW_DEBUG_INFO("%s: Coming out of suspend...\n", dev->name);
6462 
6463 	pci_set_power_state(pci_dev, PCI_D0);
6464 	err = pci_enable_device(pci_dev);
6465 	if (err) {
6466 		printk(KERN_ERR "%s: pci_enable_device failed on resume\n",
6467 		       dev->name);
6468 		mutex_unlock(&priv->action_mutex);
6469 		return err;
6470 	}
6471 	pci_restore_state(pci_dev);
6472 
6473 	/*
6474 	 * Suspend/Resume resets the PCI configuration space, so we have to
6475 	 * re-disable the RETRY_TIMEOUT register (0x41) to keep PCI Tx retries
6476 	 * from interfering with C3 CPU state. pci_restore_state won't help
6477 	 * here since it only restores the first 64 bytes pci config header.
6478 	 */
6479 	pci_read_config_dword(pci_dev, 0x40, &val);
6480 	if ((val & 0x0000ff00) != 0)
6481 		pci_write_config_dword(pci_dev, 0x40, val & 0xffff00ff);
6482 
6483 	/* Set the device back into the PRESENT state; this will also wake
6484 	 * the queue of needed */
6485 	netif_device_attach(dev);
6486 
6487 	priv->suspend_time = get_seconds() - priv->suspend_at;
6488 
6489 	/* Bring the device back up */
6490 	if (!(priv->status & STATUS_RF_KILL_SW))
6491 		ipw2100_up(priv, 0);
6492 
6493 	mutex_unlock(&priv->action_mutex);
6494 
6495 	return 0;
6496 }
6497 #endif
6498 
6499 static void ipw2100_shutdown(struct pci_dev *pci_dev)
6500 {
6501 	struct ipw2100_priv *priv = pci_get_drvdata(pci_dev);
6502 
6503 	/* Take down the device; powers it off, etc. */
6504 	ipw2100_down(priv);
6505 
6506 	pci_disable_device(pci_dev);
6507 }
6508 
6509 #define IPW2100_DEV_ID(x) { PCI_VENDOR_ID_INTEL, 0x1043, 0x8086, x }
6510 
6511 static const struct pci_device_id ipw2100_pci_id_table[] = {
6512 	IPW2100_DEV_ID(0x2520),	/* IN 2100A mPCI 3A */
6513 	IPW2100_DEV_ID(0x2521),	/* IN 2100A mPCI 3B */
6514 	IPW2100_DEV_ID(0x2524),	/* IN 2100A mPCI 3B */
6515 	IPW2100_DEV_ID(0x2525),	/* IN 2100A mPCI 3B */
6516 	IPW2100_DEV_ID(0x2526),	/* IN 2100A mPCI Gen A3 */
6517 	IPW2100_DEV_ID(0x2522),	/* IN 2100 mPCI 3B */
6518 	IPW2100_DEV_ID(0x2523),	/* IN 2100 mPCI 3A */
6519 	IPW2100_DEV_ID(0x2527),	/* IN 2100 mPCI 3B */
6520 	IPW2100_DEV_ID(0x2528),	/* IN 2100 mPCI 3B */
6521 	IPW2100_DEV_ID(0x2529),	/* IN 2100 mPCI 3B */
6522 	IPW2100_DEV_ID(0x252B),	/* IN 2100 mPCI 3A */
6523 	IPW2100_DEV_ID(0x252C),	/* IN 2100 mPCI 3A */
6524 	IPW2100_DEV_ID(0x252D),	/* IN 2100 mPCI 3A */
6525 
6526 	IPW2100_DEV_ID(0x2550),	/* IB 2100A mPCI 3B */
6527 	IPW2100_DEV_ID(0x2551),	/* IB 2100 mPCI 3B */
6528 	IPW2100_DEV_ID(0x2553),	/* IB 2100 mPCI 3B */
6529 	IPW2100_DEV_ID(0x2554),	/* IB 2100 mPCI 3B */
6530 	IPW2100_DEV_ID(0x2555),	/* IB 2100 mPCI 3B */
6531 
6532 	IPW2100_DEV_ID(0x2560),	/* DE 2100A mPCI 3A */
6533 	IPW2100_DEV_ID(0x2562),	/* DE 2100A mPCI 3A */
6534 	IPW2100_DEV_ID(0x2563),	/* DE 2100A mPCI 3A */
6535 	IPW2100_DEV_ID(0x2561),	/* DE 2100 mPCI 3A */
6536 	IPW2100_DEV_ID(0x2565),	/* DE 2100 mPCI 3A */
6537 	IPW2100_DEV_ID(0x2566),	/* DE 2100 mPCI 3A */
6538 	IPW2100_DEV_ID(0x2567),	/* DE 2100 mPCI 3A */
6539 
6540 	IPW2100_DEV_ID(0x2570),	/* GA 2100 mPCI 3B */
6541 
6542 	IPW2100_DEV_ID(0x2580),	/* TO 2100A mPCI 3B */
6543 	IPW2100_DEV_ID(0x2582),	/* TO 2100A mPCI 3B */
6544 	IPW2100_DEV_ID(0x2583),	/* TO 2100A mPCI 3B */
6545 	IPW2100_DEV_ID(0x2581),	/* TO 2100 mPCI 3B */
6546 	IPW2100_DEV_ID(0x2585),	/* TO 2100 mPCI 3B */
6547 	IPW2100_DEV_ID(0x2586),	/* TO 2100 mPCI 3B */
6548 	IPW2100_DEV_ID(0x2587),	/* TO 2100 mPCI 3B */
6549 
6550 	IPW2100_DEV_ID(0x2590),	/* SO 2100A mPCI 3B */
6551 	IPW2100_DEV_ID(0x2592),	/* SO 2100A mPCI 3B */
6552 	IPW2100_DEV_ID(0x2591),	/* SO 2100 mPCI 3B */
6553 	IPW2100_DEV_ID(0x2593),	/* SO 2100 mPCI 3B */
6554 	IPW2100_DEV_ID(0x2596),	/* SO 2100 mPCI 3B */
6555 	IPW2100_DEV_ID(0x2598),	/* SO 2100 mPCI 3B */
6556 
6557 	IPW2100_DEV_ID(0x25A0),	/* HP 2100 mPCI 3B */
6558 	{0,},
6559 };
6560 
6561 MODULE_DEVICE_TABLE(pci, ipw2100_pci_id_table);
6562 
6563 static struct pci_driver ipw2100_pci_driver = {
6564 	.name = DRV_NAME,
6565 	.id_table = ipw2100_pci_id_table,
6566 	.probe = ipw2100_pci_init_one,
6567 	.remove = ipw2100_pci_remove_one,
6568 #ifdef CONFIG_PM
6569 	.suspend = ipw2100_suspend,
6570 	.resume = ipw2100_resume,
6571 #endif
6572 	.shutdown = ipw2100_shutdown,
6573 };
6574 
6575 /**
6576  * Initialize the ipw2100 driver/module
6577  *
6578  * @returns 0 if ok, < 0 errno node con error.
6579  *
6580  * Note: we cannot init the /proc stuff until the PCI driver is there,
6581  * or we risk an unlikely race condition on someone accessing
6582  * uninitialized data in the PCI dev struct through /proc.
6583  */
6584 static int __init ipw2100_init(void)
6585 {
6586 	int ret;
6587 
6588 	printk(KERN_INFO DRV_NAME ": %s, %s\n", DRV_DESCRIPTION, DRV_VERSION);
6589 	printk(KERN_INFO DRV_NAME ": %s\n", DRV_COPYRIGHT);
6590 
6591 	pm_qos_add_request(&ipw2100_pm_qos_req, PM_QOS_CPU_DMA_LATENCY,
6592 			   PM_QOS_DEFAULT_VALUE);
6593 
6594 	ret = pci_register_driver(&ipw2100_pci_driver);
6595 	if (ret)
6596 		goto out;
6597 
6598 #ifdef CONFIG_IPW2100_DEBUG
6599 	ipw2100_debug_level = debug;
6600 	ret = driver_create_file(&ipw2100_pci_driver.driver,
6601 				 &driver_attr_debug_level);
6602 #endif
6603 
6604 out:
6605 	return ret;
6606 }
6607 
6608 /**
6609  * Cleanup ipw2100 driver registration
6610  */
6611 static void __exit ipw2100_exit(void)
6612 {
6613 	/* FIXME: IPG: check that we have no instances of the devices open */
6614 #ifdef CONFIG_IPW2100_DEBUG
6615 	driver_remove_file(&ipw2100_pci_driver.driver,
6616 			   &driver_attr_debug_level);
6617 #endif
6618 	pci_unregister_driver(&ipw2100_pci_driver);
6619 	pm_qos_remove_request(&ipw2100_pm_qos_req);
6620 }
6621 
6622 module_init(ipw2100_init);
6623 module_exit(ipw2100_exit);
6624 
6625 static int ipw2100_wx_get_name(struct net_device *dev,
6626 			       struct iw_request_info *info,
6627 			       union iwreq_data *wrqu, char *extra)
6628 {
6629 	/*
6630 	 * This can be called at any time.  No action lock required
6631 	 */
6632 
6633 	struct ipw2100_priv *priv = libipw_priv(dev);
6634 	if (!(priv->status & STATUS_ASSOCIATED))
6635 		strcpy(wrqu->name, "unassociated");
6636 	else
6637 		snprintf(wrqu->name, IFNAMSIZ, "IEEE 802.11b");
6638 
6639 	IPW_DEBUG_WX("Name: %s\n", wrqu->name);
6640 	return 0;
6641 }
6642 
6643 static int ipw2100_wx_set_freq(struct net_device *dev,
6644 			       struct iw_request_info *info,
6645 			       union iwreq_data *wrqu, char *extra)
6646 {
6647 	struct ipw2100_priv *priv = libipw_priv(dev);
6648 	struct iw_freq *fwrq = &wrqu->freq;
6649 	int err = 0;
6650 
6651 	if (priv->ieee->iw_mode == IW_MODE_INFRA)
6652 		return -EOPNOTSUPP;
6653 
6654 	mutex_lock(&priv->action_mutex);
6655 	if (!(priv->status & STATUS_INITIALIZED)) {
6656 		err = -EIO;
6657 		goto done;
6658 	}
6659 
6660 	/* if setting by freq convert to channel */
6661 	if (fwrq->e == 1) {
6662 		if ((fwrq->m >= (int)2.412e8 && fwrq->m <= (int)2.487e8)) {
6663 			int f = fwrq->m / 100000;
6664 			int c = 0;
6665 
6666 			while ((c < REG_MAX_CHANNEL) &&
6667 			       (f != ipw2100_frequencies[c]))
6668 				c++;
6669 
6670 			/* hack to fall through */
6671 			fwrq->e = 0;
6672 			fwrq->m = c + 1;
6673 		}
6674 	}
6675 
6676 	if (fwrq->e > 0 || fwrq->m > 1000) {
6677 		err = -EOPNOTSUPP;
6678 		goto done;
6679 	} else {		/* Set the channel */
6680 		IPW_DEBUG_WX("SET Freq/Channel -> %d\n", fwrq->m);
6681 		err = ipw2100_set_channel(priv, fwrq->m, 0);
6682 	}
6683 
6684       done:
6685 	mutex_unlock(&priv->action_mutex);
6686 	return err;
6687 }
6688 
6689 static int ipw2100_wx_get_freq(struct net_device *dev,
6690 			       struct iw_request_info *info,
6691 			       union iwreq_data *wrqu, char *extra)
6692 {
6693 	/*
6694 	 * This can be called at any time.  No action lock required
6695 	 */
6696 
6697 	struct ipw2100_priv *priv = libipw_priv(dev);
6698 
6699 	wrqu->freq.e = 0;
6700 
6701 	/* If we are associated, trying to associate, or have a statically
6702 	 * configured CHANNEL then return that; otherwise return ANY */
6703 	if (priv->config & CFG_STATIC_CHANNEL ||
6704 	    priv->status & STATUS_ASSOCIATED)
6705 		wrqu->freq.m = priv->channel;
6706 	else
6707 		wrqu->freq.m = 0;
6708 
6709 	IPW_DEBUG_WX("GET Freq/Channel -> %d\n", priv->channel);
6710 	return 0;
6711 
6712 }
6713 
6714 static int ipw2100_wx_set_mode(struct net_device *dev,
6715 			       struct iw_request_info *info,
6716 			       union iwreq_data *wrqu, char *extra)
6717 {
6718 	struct ipw2100_priv *priv = libipw_priv(dev);
6719 	int err = 0;
6720 
6721 	IPW_DEBUG_WX("SET Mode -> %d\n", wrqu->mode);
6722 
6723 	if (wrqu->mode == priv->ieee->iw_mode)
6724 		return 0;
6725 
6726 	mutex_lock(&priv->action_mutex);
6727 	if (!(priv->status & STATUS_INITIALIZED)) {
6728 		err = -EIO;
6729 		goto done;
6730 	}
6731 
6732 	switch (wrqu->mode) {
6733 #ifdef CONFIG_IPW2100_MONITOR
6734 	case IW_MODE_MONITOR:
6735 		err = ipw2100_switch_mode(priv, IW_MODE_MONITOR);
6736 		break;
6737 #endif				/* CONFIG_IPW2100_MONITOR */
6738 	case IW_MODE_ADHOC:
6739 		err = ipw2100_switch_mode(priv, IW_MODE_ADHOC);
6740 		break;
6741 	case IW_MODE_INFRA:
6742 	case IW_MODE_AUTO:
6743 	default:
6744 		err = ipw2100_switch_mode(priv, IW_MODE_INFRA);
6745 		break;
6746 	}
6747 
6748       done:
6749 	mutex_unlock(&priv->action_mutex);
6750 	return err;
6751 }
6752 
6753 static int ipw2100_wx_get_mode(struct net_device *dev,
6754 			       struct iw_request_info *info,
6755 			       union iwreq_data *wrqu, char *extra)
6756 {
6757 	/*
6758 	 * This can be called at any time.  No action lock required
6759 	 */
6760 
6761 	struct ipw2100_priv *priv = libipw_priv(dev);
6762 
6763 	wrqu->mode = priv->ieee->iw_mode;
6764 	IPW_DEBUG_WX("GET Mode -> %d\n", wrqu->mode);
6765 
6766 	return 0;
6767 }
6768 
6769 #define POWER_MODES 5
6770 
6771 /* Values are in microsecond */
6772 static const s32 timeout_duration[POWER_MODES] = {
6773 	350000,
6774 	250000,
6775 	75000,
6776 	37000,
6777 	25000,
6778 };
6779 
6780 static const s32 period_duration[POWER_MODES] = {
6781 	400000,
6782 	700000,
6783 	1000000,
6784 	1000000,
6785 	1000000
6786 };
6787 
6788 static int ipw2100_wx_get_range(struct net_device *dev,
6789 				struct iw_request_info *info,
6790 				union iwreq_data *wrqu, char *extra)
6791 {
6792 	/*
6793 	 * This can be called at any time.  No action lock required
6794 	 */
6795 
6796 	struct ipw2100_priv *priv = libipw_priv(dev);
6797 	struct iw_range *range = (struct iw_range *)extra;
6798 	u16 val;
6799 	int i, level;
6800 
6801 	wrqu->data.length = sizeof(*range);
6802 	memset(range, 0, sizeof(*range));
6803 
6804 	/* Let's try to keep this struct in the same order as in
6805 	 * linux/include/wireless.h
6806 	 */
6807 
6808 	/* TODO: See what values we can set, and remove the ones we can't
6809 	 * set, or fill them with some default data.
6810 	 */
6811 
6812 	/* ~5 Mb/s real (802.11b) */
6813 	range->throughput = 5 * 1000 * 1000;
6814 
6815 //      range->sensitivity;     /* signal level threshold range */
6816 
6817 	range->max_qual.qual = 100;
6818 	/* TODO: Find real max RSSI and stick here */
6819 	range->max_qual.level = 0;
6820 	range->max_qual.noise = 0;
6821 	range->max_qual.updated = 7;	/* Updated all three */
6822 
6823 	range->avg_qual.qual = 70;	/* > 8% missed beacons is 'bad' */
6824 	/* TODO: Find real 'good' to 'bad' threshold value for RSSI */
6825 	range->avg_qual.level = 20 + IPW2100_RSSI_TO_DBM;
6826 	range->avg_qual.noise = 0;
6827 	range->avg_qual.updated = 7;	/* Updated all three */
6828 
6829 	range->num_bitrates = RATE_COUNT;
6830 
6831 	for (i = 0; i < RATE_COUNT && i < IW_MAX_BITRATES; i++) {
6832 		range->bitrate[i] = ipw2100_bg_rates[i].bitrate * 100 * 1000;
6833 	}
6834 
6835 	range->min_rts = MIN_RTS_THRESHOLD;
6836 	range->max_rts = MAX_RTS_THRESHOLD;
6837 	range->min_frag = MIN_FRAG_THRESHOLD;
6838 	range->max_frag = MAX_FRAG_THRESHOLD;
6839 
6840 	range->min_pmp = period_duration[0];	/* Minimal PM period */
6841 	range->max_pmp = period_duration[POWER_MODES - 1];	/* Maximal PM period */
6842 	range->min_pmt = timeout_duration[POWER_MODES - 1];	/* Minimal PM timeout */
6843 	range->max_pmt = timeout_duration[0];	/* Maximal PM timeout */
6844 
6845 	/* How to decode max/min PM period */
6846 	range->pmp_flags = IW_POWER_PERIOD;
6847 	/* How to decode max/min PM period */
6848 	range->pmt_flags = IW_POWER_TIMEOUT;
6849 	/* What PM options are supported */
6850 	range->pm_capa = IW_POWER_TIMEOUT | IW_POWER_PERIOD;
6851 
6852 	range->encoding_size[0] = 5;
6853 	range->encoding_size[1] = 13;	/* Different token sizes */
6854 	range->num_encoding_sizes = 2;	/* Number of entry in the list */
6855 	range->max_encoding_tokens = WEP_KEYS;	/* Max number of tokens */
6856 //      range->encoding_login_index;            /* token index for login token */
6857 
6858 	if (priv->ieee->iw_mode == IW_MODE_ADHOC) {
6859 		range->txpower_capa = IW_TXPOW_DBM;
6860 		range->num_txpower = IW_MAX_TXPOWER;
6861 		for (i = 0, level = (IPW_TX_POWER_MAX_DBM * 16);
6862 		     i < IW_MAX_TXPOWER;
6863 		     i++, level -=
6864 		     ((IPW_TX_POWER_MAX_DBM -
6865 		       IPW_TX_POWER_MIN_DBM) * 16) / (IW_MAX_TXPOWER - 1))
6866 			range->txpower[i] = level / 16;
6867 	} else {
6868 		range->txpower_capa = 0;
6869 		range->num_txpower = 0;
6870 	}
6871 
6872 	/* Set the Wireless Extension versions */
6873 	range->we_version_compiled = WIRELESS_EXT;
6874 	range->we_version_source = 18;
6875 
6876 //      range->retry_capa;      /* What retry options are supported */
6877 //      range->retry_flags;     /* How to decode max/min retry limit */
6878 //      range->r_time_flags;    /* How to decode max/min retry life */
6879 //      range->min_retry;       /* Minimal number of retries */
6880 //      range->max_retry;       /* Maximal number of retries */
6881 //      range->min_r_time;      /* Minimal retry lifetime */
6882 //      range->max_r_time;      /* Maximal retry lifetime */
6883 
6884 	range->num_channels = FREQ_COUNT;
6885 
6886 	val = 0;
6887 	for (i = 0; i < FREQ_COUNT; i++) {
6888 		// TODO: Include only legal frequencies for some countries
6889 //              if (local->channel_mask & (1 << i)) {
6890 		range->freq[val].i = i + 1;
6891 		range->freq[val].m = ipw2100_frequencies[i] * 100000;
6892 		range->freq[val].e = 1;
6893 		val++;
6894 //              }
6895 		if (val == IW_MAX_FREQUENCIES)
6896 			break;
6897 	}
6898 	range->num_frequency = val;
6899 
6900 	/* Event capability (kernel + driver) */
6901 	range->event_capa[0] = (IW_EVENT_CAPA_K_0 |
6902 				IW_EVENT_CAPA_MASK(SIOCGIWAP));
6903 	range->event_capa[1] = IW_EVENT_CAPA_K_1;
6904 
6905 	range->enc_capa = IW_ENC_CAPA_WPA | IW_ENC_CAPA_WPA2 |
6906 		IW_ENC_CAPA_CIPHER_TKIP | IW_ENC_CAPA_CIPHER_CCMP;
6907 
6908 	IPW_DEBUG_WX("GET Range\n");
6909 
6910 	return 0;
6911 }
6912 
6913 static int ipw2100_wx_set_wap(struct net_device *dev,
6914 			      struct iw_request_info *info,
6915 			      union iwreq_data *wrqu, char *extra)
6916 {
6917 	struct ipw2100_priv *priv = libipw_priv(dev);
6918 	int err = 0;
6919 
6920 	// sanity checks
6921 	if (wrqu->ap_addr.sa_family != ARPHRD_ETHER)
6922 		return -EINVAL;
6923 
6924 	mutex_lock(&priv->action_mutex);
6925 	if (!(priv->status & STATUS_INITIALIZED)) {
6926 		err = -EIO;
6927 		goto done;
6928 	}
6929 
6930 	if (is_broadcast_ether_addr(wrqu->ap_addr.sa_data) ||
6931 	    is_zero_ether_addr(wrqu->ap_addr.sa_data)) {
6932 		/* we disable mandatory BSSID association */
6933 		IPW_DEBUG_WX("exit - disable mandatory BSSID\n");
6934 		priv->config &= ~CFG_STATIC_BSSID;
6935 		err = ipw2100_set_mandatory_bssid(priv, NULL, 0);
6936 		goto done;
6937 	}
6938 
6939 	priv->config |= CFG_STATIC_BSSID;
6940 	memcpy(priv->mandatory_bssid_mac, wrqu->ap_addr.sa_data, ETH_ALEN);
6941 
6942 	err = ipw2100_set_mandatory_bssid(priv, wrqu->ap_addr.sa_data, 0);
6943 
6944 	IPW_DEBUG_WX("SET BSSID -> %pM\n", wrqu->ap_addr.sa_data);
6945 
6946       done:
6947 	mutex_unlock(&priv->action_mutex);
6948 	return err;
6949 }
6950 
6951 static int ipw2100_wx_get_wap(struct net_device *dev,
6952 			      struct iw_request_info *info,
6953 			      union iwreq_data *wrqu, char *extra)
6954 {
6955 	/*
6956 	 * This can be called at any time.  No action lock required
6957 	 */
6958 
6959 	struct ipw2100_priv *priv = libipw_priv(dev);
6960 
6961 	/* If we are associated, trying to associate, or have a statically
6962 	 * configured BSSID then return that; otherwise return ANY */
6963 	if (priv->config & CFG_STATIC_BSSID || priv->status & STATUS_ASSOCIATED) {
6964 		wrqu->ap_addr.sa_family = ARPHRD_ETHER;
6965 		memcpy(wrqu->ap_addr.sa_data, priv->bssid, ETH_ALEN);
6966 	} else
6967 		eth_zero_addr(wrqu->ap_addr.sa_data);
6968 
6969 	IPW_DEBUG_WX("Getting WAP BSSID: %pM\n", wrqu->ap_addr.sa_data);
6970 	return 0;
6971 }
6972 
6973 static int ipw2100_wx_set_essid(struct net_device *dev,
6974 				struct iw_request_info *info,
6975 				union iwreq_data *wrqu, char *extra)
6976 {
6977 	struct ipw2100_priv *priv = libipw_priv(dev);
6978 	char *essid = "";	/* ANY */
6979 	int length = 0;
6980 	int err = 0;
6981 
6982 	mutex_lock(&priv->action_mutex);
6983 	if (!(priv->status & STATUS_INITIALIZED)) {
6984 		err = -EIO;
6985 		goto done;
6986 	}
6987 
6988 	if (wrqu->essid.flags && wrqu->essid.length) {
6989 		length = wrqu->essid.length;
6990 		essid = extra;
6991 	}
6992 
6993 	if (length == 0) {
6994 		IPW_DEBUG_WX("Setting ESSID to ANY\n");
6995 		priv->config &= ~CFG_STATIC_ESSID;
6996 		err = ipw2100_set_essid(priv, NULL, 0, 0);
6997 		goto done;
6998 	}
6999 
7000 	length = min(length, IW_ESSID_MAX_SIZE);
7001 
7002 	priv->config |= CFG_STATIC_ESSID;
7003 
7004 	if (priv->essid_len == length && !memcmp(priv->essid, extra, length)) {
7005 		IPW_DEBUG_WX("ESSID set to current ESSID.\n");
7006 		err = 0;
7007 		goto done;
7008 	}
7009 
7010 	IPW_DEBUG_WX("Setting ESSID: '%*pE' (%d)\n", length, essid, length);
7011 
7012 	priv->essid_len = length;
7013 	memcpy(priv->essid, essid, priv->essid_len);
7014 
7015 	err = ipw2100_set_essid(priv, essid, length, 0);
7016 
7017       done:
7018 	mutex_unlock(&priv->action_mutex);
7019 	return err;
7020 }
7021 
7022 static int ipw2100_wx_get_essid(struct net_device *dev,
7023 				struct iw_request_info *info,
7024 				union iwreq_data *wrqu, char *extra)
7025 {
7026 	/*
7027 	 * This can be called at any time.  No action lock required
7028 	 */
7029 
7030 	struct ipw2100_priv *priv = libipw_priv(dev);
7031 
7032 	/* If we are associated, trying to associate, or have a statically
7033 	 * configured ESSID then return that; otherwise return ANY */
7034 	if (priv->config & CFG_STATIC_ESSID || priv->status & STATUS_ASSOCIATED) {
7035 		IPW_DEBUG_WX("Getting essid: '%*pE'\n",
7036 			     priv->essid_len, priv->essid);
7037 		memcpy(extra, priv->essid, priv->essid_len);
7038 		wrqu->essid.length = priv->essid_len;
7039 		wrqu->essid.flags = 1;	/* active */
7040 	} else {
7041 		IPW_DEBUG_WX("Getting essid: ANY\n");
7042 		wrqu->essid.length = 0;
7043 		wrqu->essid.flags = 0;	/* active */
7044 	}
7045 
7046 	return 0;
7047 }
7048 
7049 static int ipw2100_wx_set_nick(struct net_device *dev,
7050 			       struct iw_request_info *info,
7051 			       union iwreq_data *wrqu, char *extra)
7052 {
7053 	/*
7054 	 * This can be called at any time.  No action lock required
7055 	 */
7056 
7057 	struct ipw2100_priv *priv = libipw_priv(dev);
7058 
7059 	if (wrqu->data.length > IW_ESSID_MAX_SIZE)
7060 		return -E2BIG;
7061 
7062 	wrqu->data.length = min_t(size_t, wrqu->data.length, sizeof(priv->nick));
7063 	memset(priv->nick, 0, sizeof(priv->nick));
7064 	memcpy(priv->nick, extra, wrqu->data.length);
7065 
7066 	IPW_DEBUG_WX("SET Nickname -> %s\n", priv->nick);
7067 
7068 	return 0;
7069 }
7070 
7071 static int ipw2100_wx_get_nick(struct net_device *dev,
7072 			       struct iw_request_info *info,
7073 			       union iwreq_data *wrqu, char *extra)
7074 {
7075 	/*
7076 	 * This can be called at any time.  No action lock required
7077 	 */
7078 
7079 	struct ipw2100_priv *priv = libipw_priv(dev);
7080 
7081 	wrqu->data.length = strlen(priv->nick);
7082 	memcpy(extra, priv->nick, wrqu->data.length);
7083 	wrqu->data.flags = 1;	/* active */
7084 
7085 	IPW_DEBUG_WX("GET Nickname -> %s\n", extra);
7086 
7087 	return 0;
7088 }
7089 
7090 static int ipw2100_wx_set_rate(struct net_device *dev,
7091 			       struct iw_request_info *info,
7092 			       union iwreq_data *wrqu, char *extra)
7093 {
7094 	struct ipw2100_priv *priv = libipw_priv(dev);
7095 	u32 target_rate = wrqu->bitrate.value;
7096 	u32 rate;
7097 	int err = 0;
7098 
7099 	mutex_lock(&priv->action_mutex);
7100 	if (!(priv->status & STATUS_INITIALIZED)) {
7101 		err = -EIO;
7102 		goto done;
7103 	}
7104 
7105 	rate = 0;
7106 
7107 	if (target_rate == 1000000 ||
7108 	    (!wrqu->bitrate.fixed && target_rate > 1000000))
7109 		rate |= TX_RATE_1_MBIT;
7110 	if (target_rate == 2000000 ||
7111 	    (!wrqu->bitrate.fixed && target_rate > 2000000))
7112 		rate |= TX_RATE_2_MBIT;
7113 	if (target_rate == 5500000 ||
7114 	    (!wrqu->bitrate.fixed && target_rate > 5500000))
7115 		rate |= TX_RATE_5_5_MBIT;
7116 	if (target_rate == 11000000 ||
7117 	    (!wrqu->bitrate.fixed && target_rate > 11000000))
7118 		rate |= TX_RATE_11_MBIT;
7119 	if (rate == 0)
7120 		rate = DEFAULT_TX_RATES;
7121 
7122 	err = ipw2100_set_tx_rates(priv, rate, 0);
7123 
7124 	IPW_DEBUG_WX("SET Rate -> %04X\n", rate);
7125       done:
7126 	mutex_unlock(&priv->action_mutex);
7127 	return err;
7128 }
7129 
7130 static int ipw2100_wx_get_rate(struct net_device *dev,
7131 			       struct iw_request_info *info,
7132 			       union iwreq_data *wrqu, char *extra)
7133 {
7134 	struct ipw2100_priv *priv = libipw_priv(dev);
7135 	int val;
7136 	unsigned int len = sizeof(val);
7137 	int err = 0;
7138 
7139 	if (!(priv->status & STATUS_ENABLED) ||
7140 	    priv->status & STATUS_RF_KILL_MASK ||
7141 	    !(priv->status & STATUS_ASSOCIATED)) {
7142 		wrqu->bitrate.value = 0;
7143 		return 0;
7144 	}
7145 
7146 	mutex_lock(&priv->action_mutex);
7147 	if (!(priv->status & STATUS_INITIALIZED)) {
7148 		err = -EIO;
7149 		goto done;
7150 	}
7151 
7152 	err = ipw2100_get_ordinal(priv, IPW_ORD_CURRENT_TX_RATE, &val, &len);
7153 	if (err) {
7154 		IPW_DEBUG_WX("failed querying ordinals.\n");
7155 		goto done;
7156 	}
7157 
7158 	switch (val & TX_RATE_MASK) {
7159 	case TX_RATE_1_MBIT:
7160 		wrqu->bitrate.value = 1000000;
7161 		break;
7162 	case TX_RATE_2_MBIT:
7163 		wrqu->bitrate.value = 2000000;
7164 		break;
7165 	case TX_RATE_5_5_MBIT:
7166 		wrqu->bitrate.value = 5500000;
7167 		break;
7168 	case TX_RATE_11_MBIT:
7169 		wrqu->bitrate.value = 11000000;
7170 		break;
7171 	default:
7172 		wrqu->bitrate.value = 0;
7173 	}
7174 
7175 	IPW_DEBUG_WX("GET Rate -> %d\n", wrqu->bitrate.value);
7176 
7177       done:
7178 	mutex_unlock(&priv->action_mutex);
7179 	return err;
7180 }
7181 
7182 static int ipw2100_wx_set_rts(struct net_device *dev,
7183 			      struct iw_request_info *info,
7184 			      union iwreq_data *wrqu, char *extra)
7185 {
7186 	struct ipw2100_priv *priv = libipw_priv(dev);
7187 	int value, err;
7188 
7189 	/* Auto RTS not yet supported */
7190 	if (wrqu->rts.fixed == 0)
7191 		return -EINVAL;
7192 
7193 	mutex_lock(&priv->action_mutex);
7194 	if (!(priv->status & STATUS_INITIALIZED)) {
7195 		err = -EIO;
7196 		goto done;
7197 	}
7198 
7199 	if (wrqu->rts.disabled)
7200 		value = priv->rts_threshold | RTS_DISABLED;
7201 	else {
7202 		if (wrqu->rts.value < 1 || wrqu->rts.value > 2304) {
7203 			err = -EINVAL;
7204 			goto done;
7205 		}
7206 		value = wrqu->rts.value;
7207 	}
7208 
7209 	err = ipw2100_set_rts_threshold(priv, value);
7210 
7211 	IPW_DEBUG_WX("SET RTS Threshold -> 0x%08X\n", value);
7212       done:
7213 	mutex_unlock(&priv->action_mutex);
7214 	return err;
7215 }
7216 
7217 static int ipw2100_wx_get_rts(struct net_device *dev,
7218 			      struct iw_request_info *info,
7219 			      union iwreq_data *wrqu, char *extra)
7220 {
7221 	/*
7222 	 * This can be called at any time.  No action lock required
7223 	 */
7224 
7225 	struct ipw2100_priv *priv = libipw_priv(dev);
7226 
7227 	wrqu->rts.value = priv->rts_threshold & ~RTS_DISABLED;
7228 	wrqu->rts.fixed = 1;	/* no auto select */
7229 
7230 	/* If RTS is set to the default value, then it is disabled */
7231 	wrqu->rts.disabled = (priv->rts_threshold & RTS_DISABLED) ? 1 : 0;
7232 
7233 	IPW_DEBUG_WX("GET RTS Threshold -> 0x%08X\n", wrqu->rts.value);
7234 
7235 	return 0;
7236 }
7237 
7238 static int ipw2100_wx_set_txpow(struct net_device *dev,
7239 				struct iw_request_info *info,
7240 				union iwreq_data *wrqu, char *extra)
7241 {
7242 	struct ipw2100_priv *priv = libipw_priv(dev);
7243 	int err = 0, value;
7244 
7245 	if (ipw_radio_kill_sw(priv, wrqu->txpower.disabled))
7246 		return -EINPROGRESS;
7247 
7248 	if (priv->ieee->iw_mode != IW_MODE_ADHOC)
7249 		return 0;
7250 
7251 	if ((wrqu->txpower.flags & IW_TXPOW_TYPE) != IW_TXPOW_DBM)
7252 		return -EINVAL;
7253 
7254 	if (wrqu->txpower.fixed == 0)
7255 		value = IPW_TX_POWER_DEFAULT;
7256 	else {
7257 		if (wrqu->txpower.value < IPW_TX_POWER_MIN_DBM ||
7258 		    wrqu->txpower.value > IPW_TX_POWER_MAX_DBM)
7259 			return -EINVAL;
7260 
7261 		value = wrqu->txpower.value;
7262 	}
7263 
7264 	mutex_lock(&priv->action_mutex);
7265 	if (!(priv->status & STATUS_INITIALIZED)) {
7266 		err = -EIO;
7267 		goto done;
7268 	}
7269 
7270 	err = ipw2100_set_tx_power(priv, value);
7271 
7272 	IPW_DEBUG_WX("SET TX Power -> %d\n", value);
7273 
7274       done:
7275 	mutex_unlock(&priv->action_mutex);
7276 	return err;
7277 }
7278 
7279 static int ipw2100_wx_get_txpow(struct net_device *dev,
7280 				struct iw_request_info *info,
7281 				union iwreq_data *wrqu, char *extra)
7282 {
7283 	/*
7284 	 * This can be called at any time.  No action lock required
7285 	 */
7286 
7287 	struct ipw2100_priv *priv = libipw_priv(dev);
7288 
7289 	wrqu->txpower.disabled = (priv->status & STATUS_RF_KILL_MASK) ? 1 : 0;
7290 
7291 	if (priv->tx_power == IPW_TX_POWER_DEFAULT) {
7292 		wrqu->txpower.fixed = 0;
7293 		wrqu->txpower.value = IPW_TX_POWER_MAX_DBM;
7294 	} else {
7295 		wrqu->txpower.fixed = 1;
7296 		wrqu->txpower.value = priv->tx_power;
7297 	}
7298 
7299 	wrqu->txpower.flags = IW_TXPOW_DBM;
7300 
7301 	IPW_DEBUG_WX("GET TX Power -> %d\n", wrqu->txpower.value);
7302 
7303 	return 0;
7304 }
7305 
7306 static int ipw2100_wx_set_frag(struct net_device *dev,
7307 			       struct iw_request_info *info,
7308 			       union iwreq_data *wrqu, char *extra)
7309 {
7310 	/*
7311 	 * This can be called at any time.  No action lock required
7312 	 */
7313 
7314 	struct ipw2100_priv *priv = libipw_priv(dev);
7315 
7316 	if (!wrqu->frag.fixed)
7317 		return -EINVAL;
7318 
7319 	if (wrqu->frag.disabled) {
7320 		priv->frag_threshold |= FRAG_DISABLED;
7321 		priv->ieee->fts = DEFAULT_FTS;
7322 	} else {
7323 		if (wrqu->frag.value < MIN_FRAG_THRESHOLD ||
7324 		    wrqu->frag.value > MAX_FRAG_THRESHOLD)
7325 			return -EINVAL;
7326 
7327 		priv->ieee->fts = wrqu->frag.value & ~0x1;
7328 		priv->frag_threshold = priv->ieee->fts;
7329 	}
7330 
7331 	IPW_DEBUG_WX("SET Frag Threshold -> %d\n", priv->ieee->fts);
7332 
7333 	return 0;
7334 }
7335 
7336 static int ipw2100_wx_get_frag(struct net_device *dev,
7337 			       struct iw_request_info *info,
7338 			       union iwreq_data *wrqu, char *extra)
7339 {
7340 	/*
7341 	 * This can be called at any time.  No action lock required
7342 	 */
7343 
7344 	struct ipw2100_priv *priv = libipw_priv(dev);
7345 	wrqu->frag.value = priv->frag_threshold & ~FRAG_DISABLED;
7346 	wrqu->frag.fixed = 0;	/* no auto select */
7347 	wrqu->frag.disabled = (priv->frag_threshold & FRAG_DISABLED) ? 1 : 0;
7348 
7349 	IPW_DEBUG_WX("GET Frag Threshold -> %d\n", wrqu->frag.value);
7350 
7351 	return 0;
7352 }
7353 
7354 static int ipw2100_wx_set_retry(struct net_device *dev,
7355 				struct iw_request_info *info,
7356 				union iwreq_data *wrqu, char *extra)
7357 {
7358 	struct ipw2100_priv *priv = libipw_priv(dev);
7359 	int err = 0;
7360 
7361 	if (wrqu->retry.flags & IW_RETRY_LIFETIME || wrqu->retry.disabled)
7362 		return -EINVAL;
7363 
7364 	if (!(wrqu->retry.flags & IW_RETRY_LIMIT))
7365 		return 0;
7366 
7367 	mutex_lock(&priv->action_mutex);
7368 	if (!(priv->status & STATUS_INITIALIZED)) {
7369 		err = -EIO;
7370 		goto done;
7371 	}
7372 
7373 	if (wrqu->retry.flags & IW_RETRY_SHORT) {
7374 		err = ipw2100_set_short_retry(priv, wrqu->retry.value);
7375 		IPW_DEBUG_WX("SET Short Retry Limit -> %d\n",
7376 			     wrqu->retry.value);
7377 		goto done;
7378 	}
7379 
7380 	if (wrqu->retry.flags & IW_RETRY_LONG) {
7381 		err = ipw2100_set_long_retry(priv, wrqu->retry.value);
7382 		IPW_DEBUG_WX("SET Long Retry Limit -> %d\n",
7383 			     wrqu->retry.value);
7384 		goto done;
7385 	}
7386 
7387 	err = ipw2100_set_short_retry(priv, wrqu->retry.value);
7388 	if (!err)
7389 		err = ipw2100_set_long_retry(priv, wrqu->retry.value);
7390 
7391 	IPW_DEBUG_WX("SET Both Retry Limits -> %d\n", wrqu->retry.value);
7392 
7393       done:
7394 	mutex_unlock(&priv->action_mutex);
7395 	return err;
7396 }
7397 
7398 static int ipw2100_wx_get_retry(struct net_device *dev,
7399 				struct iw_request_info *info,
7400 				union iwreq_data *wrqu, char *extra)
7401 {
7402 	/*
7403 	 * This can be called at any time.  No action lock required
7404 	 */
7405 
7406 	struct ipw2100_priv *priv = libipw_priv(dev);
7407 
7408 	wrqu->retry.disabled = 0;	/* can't be disabled */
7409 
7410 	if ((wrqu->retry.flags & IW_RETRY_TYPE) == IW_RETRY_LIFETIME)
7411 		return -EINVAL;
7412 
7413 	if (wrqu->retry.flags & IW_RETRY_LONG) {
7414 		wrqu->retry.flags = IW_RETRY_LIMIT | IW_RETRY_LONG;
7415 		wrqu->retry.value = priv->long_retry_limit;
7416 	} else {
7417 		wrqu->retry.flags =
7418 		    (priv->short_retry_limit !=
7419 		     priv->long_retry_limit) ?
7420 		    IW_RETRY_LIMIT | IW_RETRY_SHORT : IW_RETRY_LIMIT;
7421 
7422 		wrqu->retry.value = priv->short_retry_limit;
7423 	}
7424 
7425 	IPW_DEBUG_WX("GET Retry -> %d\n", wrqu->retry.value);
7426 
7427 	return 0;
7428 }
7429 
7430 static int ipw2100_wx_set_scan(struct net_device *dev,
7431 			       struct iw_request_info *info,
7432 			       union iwreq_data *wrqu, char *extra)
7433 {
7434 	struct ipw2100_priv *priv = libipw_priv(dev);
7435 	int err = 0;
7436 
7437 	mutex_lock(&priv->action_mutex);
7438 	if (!(priv->status & STATUS_INITIALIZED)) {
7439 		err = -EIO;
7440 		goto done;
7441 	}
7442 
7443 	IPW_DEBUG_WX("Initiating scan...\n");
7444 
7445 	priv->user_requested_scan = 1;
7446 	if (ipw2100_set_scan_options(priv) || ipw2100_start_scan(priv)) {
7447 		IPW_DEBUG_WX("Start scan failed.\n");
7448 
7449 		/* TODO: Mark a scan as pending so when hardware initialized
7450 		 *       a scan starts */
7451 	}
7452 
7453       done:
7454 	mutex_unlock(&priv->action_mutex);
7455 	return err;
7456 }
7457 
7458 static int ipw2100_wx_get_scan(struct net_device *dev,
7459 			       struct iw_request_info *info,
7460 			       union iwreq_data *wrqu, char *extra)
7461 {
7462 	/*
7463 	 * This can be called at any time.  No action lock required
7464 	 */
7465 
7466 	struct ipw2100_priv *priv = libipw_priv(dev);
7467 	return libipw_wx_get_scan(priv->ieee, info, wrqu, extra);
7468 }
7469 
7470 /*
7471  * Implementation based on code in hostap-driver v0.1.3 hostap_ioctl.c
7472  */
7473 static int ipw2100_wx_set_encode(struct net_device *dev,
7474 				 struct iw_request_info *info,
7475 				 union iwreq_data *wrqu, char *key)
7476 {
7477 	/*
7478 	 * No check of STATUS_INITIALIZED required
7479 	 */
7480 
7481 	struct ipw2100_priv *priv = libipw_priv(dev);
7482 	return libipw_wx_set_encode(priv->ieee, info, wrqu, key);
7483 }
7484 
7485 static int ipw2100_wx_get_encode(struct net_device *dev,
7486 				 struct iw_request_info *info,
7487 				 union iwreq_data *wrqu, char *key)
7488 {
7489 	/*
7490 	 * This can be called at any time.  No action lock required
7491 	 */
7492 
7493 	struct ipw2100_priv *priv = libipw_priv(dev);
7494 	return libipw_wx_get_encode(priv->ieee, info, wrqu, key);
7495 }
7496 
7497 static int ipw2100_wx_set_power(struct net_device *dev,
7498 				struct iw_request_info *info,
7499 				union iwreq_data *wrqu, char *extra)
7500 {
7501 	struct ipw2100_priv *priv = libipw_priv(dev);
7502 	int err = 0;
7503 
7504 	mutex_lock(&priv->action_mutex);
7505 	if (!(priv->status & STATUS_INITIALIZED)) {
7506 		err = -EIO;
7507 		goto done;
7508 	}
7509 
7510 	if (wrqu->power.disabled) {
7511 		priv->power_mode = IPW_POWER_LEVEL(priv->power_mode);
7512 		err = ipw2100_set_power_mode(priv, IPW_POWER_MODE_CAM);
7513 		IPW_DEBUG_WX("SET Power Management Mode -> off\n");
7514 		goto done;
7515 	}
7516 
7517 	switch (wrqu->power.flags & IW_POWER_MODE) {
7518 	case IW_POWER_ON:	/* If not specified */
7519 	case IW_POWER_MODE:	/* If set all mask */
7520 	case IW_POWER_ALL_R:	/* If explicitly state all */
7521 		break;
7522 	default:		/* Otherwise we don't support it */
7523 		IPW_DEBUG_WX("SET PM Mode: %X not supported.\n",
7524 			     wrqu->power.flags);
7525 		err = -EOPNOTSUPP;
7526 		goto done;
7527 	}
7528 
7529 	/* If the user hasn't specified a power management mode yet, default
7530 	 * to BATTERY */
7531 	priv->power_mode = IPW_POWER_ENABLED | priv->power_mode;
7532 	err = ipw2100_set_power_mode(priv, IPW_POWER_LEVEL(priv->power_mode));
7533 
7534 	IPW_DEBUG_WX("SET Power Management Mode -> 0x%02X\n", priv->power_mode);
7535 
7536       done:
7537 	mutex_unlock(&priv->action_mutex);
7538 	return err;
7539 
7540 }
7541 
7542 static int ipw2100_wx_get_power(struct net_device *dev,
7543 				struct iw_request_info *info,
7544 				union iwreq_data *wrqu, char *extra)
7545 {
7546 	/*
7547 	 * This can be called at any time.  No action lock required
7548 	 */
7549 
7550 	struct ipw2100_priv *priv = libipw_priv(dev);
7551 
7552 	if (!(priv->power_mode & IPW_POWER_ENABLED))
7553 		wrqu->power.disabled = 1;
7554 	else {
7555 		wrqu->power.disabled = 0;
7556 		wrqu->power.flags = 0;
7557 	}
7558 
7559 	IPW_DEBUG_WX("GET Power Management Mode -> %02X\n", priv->power_mode);
7560 
7561 	return 0;
7562 }
7563 
7564 /*
7565  * WE-18 WPA support
7566  */
7567 
7568 /* SIOCSIWGENIE */
7569 static int ipw2100_wx_set_genie(struct net_device *dev,
7570 				struct iw_request_info *info,
7571 				union iwreq_data *wrqu, char *extra)
7572 {
7573 
7574 	struct ipw2100_priv *priv = libipw_priv(dev);
7575 	struct libipw_device *ieee = priv->ieee;
7576 	u8 *buf;
7577 
7578 	if (!ieee->wpa_enabled)
7579 		return -EOPNOTSUPP;
7580 
7581 	if (wrqu->data.length > MAX_WPA_IE_LEN ||
7582 	    (wrqu->data.length && extra == NULL))
7583 		return -EINVAL;
7584 
7585 	if (wrqu->data.length) {
7586 		buf = kmemdup(extra, wrqu->data.length, GFP_KERNEL);
7587 		if (buf == NULL)
7588 			return -ENOMEM;
7589 
7590 		kfree(ieee->wpa_ie);
7591 		ieee->wpa_ie = buf;
7592 		ieee->wpa_ie_len = wrqu->data.length;
7593 	} else {
7594 		kfree(ieee->wpa_ie);
7595 		ieee->wpa_ie = NULL;
7596 		ieee->wpa_ie_len = 0;
7597 	}
7598 
7599 	ipw2100_wpa_assoc_frame(priv, ieee->wpa_ie, ieee->wpa_ie_len);
7600 
7601 	return 0;
7602 }
7603 
7604 /* SIOCGIWGENIE */
7605 static int ipw2100_wx_get_genie(struct net_device *dev,
7606 				struct iw_request_info *info,
7607 				union iwreq_data *wrqu, char *extra)
7608 {
7609 	struct ipw2100_priv *priv = libipw_priv(dev);
7610 	struct libipw_device *ieee = priv->ieee;
7611 
7612 	if (ieee->wpa_ie_len == 0 || ieee->wpa_ie == NULL) {
7613 		wrqu->data.length = 0;
7614 		return 0;
7615 	}
7616 
7617 	if (wrqu->data.length < ieee->wpa_ie_len)
7618 		return -E2BIG;
7619 
7620 	wrqu->data.length = ieee->wpa_ie_len;
7621 	memcpy(extra, ieee->wpa_ie, ieee->wpa_ie_len);
7622 
7623 	return 0;
7624 }
7625 
7626 /* SIOCSIWAUTH */
7627 static int ipw2100_wx_set_auth(struct net_device *dev,
7628 			       struct iw_request_info *info,
7629 			       union iwreq_data *wrqu, char *extra)
7630 {
7631 	struct ipw2100_priv *priv = libipw_priv(dev);
7632 	struct libipw_device *ieee = priv->ieee;
7633 	struct iw_param *param = &wrqu->param;
7634 	struct lib80211_crypt_data *crypt;
7635 	unsigned long flags;
7636 	int ret = 0;
7637 
7638 	switch (param->flags & IW_AUTH_INDEX) {
7639 	case IW_AUTH_WPA_VERSION:
7640 	case IW_AUTH_CIPHER_PAIRWISE:
7641 	case IW_AUTH_CIPHER_GROUP:
7642 	case IW_AUTH_KEY_MGMT:
7643 		/*
7644 		 * ipw2200 does not use these parameters
7645 		 */
7646 		break;
7647 
7648 	case IW_AUTH_TKIP_COUNTERMEASURES:
7649 		crypt = priv->ieee->crypt_info.crypt[priv->ieee->crypt_info.tx_keyidx];
7650 		if (!crypt || !crypt->ops->set_flags || !crypt->ops->get_flags)
7651 			break;
7652 
7653 		flags = crypt->ops->get_flags(crypt->priv);
7654 
7655 		if (param->value)
7656 			flags |= IEEE80211_CRYPTO_TKIP_COUNTERMEASURES;
7657 		else
7658 			flags &= ~IEEE80211_CRYPTO_TKIP_COUNTERMEASURES;
7659 
7660 		crypt->ops->set_flags(flags, crypt->priv);
7661 
7662 		break;
7663 
7664 	case IW_AUTH_DROP_UNENCRYPTED:{
7665 			/* HACK:
7666 			 *
7667 			 * wpa_supplicant calls set_wpa_enabled when the driver
7668 			 * is loaded and unloaded, regardless of if WPA is being
7669 			 * used.  No other calls are made which can be used to
7670 			 * determine if encryption will be used or not prior to
7671 			 * association being expected.  If encryption is not being
7672 			 * used, drop_unencrypted is set to false, else true -- we
7673 			 * can use this to determine if the CAP_PRIVACY_ON bit should
7674 			 * be set.
7675 			 */
7676 			struct libipw_security sec = {
7677 				.flags = SEC_ENABLED,
7678 				.enabled = param->value,
7679 			};
7680 			priv->ieee->drop_unencrypted = param->value;
7681 			/* We only change SEC_LEVEL for open mode. Others
7682 			 * are set by ipw_wpa_set_encryption.
7683 			 */
7684 			if (!param->value) {
7685 				sec.flags |= SEC_LEVEL;
7686 				sec.level = SEC_LEVEL_0;
7687 			} else {
7688 				sec.flags |= SEC_LEVEL;
7689 				sec.level = SEC_LEVEL_1;
7690 			}
7691 			if (priv->ieee->set_security)
7692 				priv->ieee->set_security(priv->ieee->dev, &sec);
7693 			break;
7694 		}
7695 
7696 	case IW_AUTH_80211_AUTH_ALG:
7697 		ret = ipw2100_wpa_set_auth_algs(priv, param->value);
7698 		break;
7699 
7700 	case IW_AUTH_WPA_ENABLED:
7701 		ret = ipw2100_wpa_enable(priv, param->value);
7702 		break;
7703 
7704 	case IW_AUTH_RX_UNENCRYPTED_EAPOL:
7705 		ieee->ieee802_1x = param->value;
7706 		break;
7707 
7708 		//case IW_AUTH_ROAMING_CONTROL:
7709 	case IW_AUTH_PRIVACY_INVOKED:
7710 		ieee->privacy_invoked = param->value;
7711 		break;
7712 
7713 	default:
7714 		return -EOPNOTSUPP;
7715 	}
7716 	return ret;
7717 }
7718 
7719 /* SIOCGIWAUTH */
7720 static int ipw2100_wx_get_auth(struct net_device *dev,
7721 			       struct iw_request_info *info,
7722 			       union iwreq_data *wrqu, char *extra)
7723 {
7724 	struct ipw2100_priv *priv = libipw_priv(dev);
7725 	struct libipw_device *ieee = priv->ieee;
7726 	struct lib80211_crypt_data *crypt;
7727 	struct iw_param *param = &wrqu->param;
7728 	int ret = 0;
7729 
7730 	switch (param->flags & IW_AUTH_INDEX) {
7731 	case IW_AUTH_WPA_VERSION:
7732 	case IW_AUTH_CIPHER_PAIRWISE:
7733 	case IW_AUTH_CIPHER_GROUP:
7734 	case IW_AUTH_KEY_MGMT:
7735 		/*
7736 		 * wpa_supplicant will control these internally
7737 		 */
7738 		ret = -EOPNOTSUPP;
7739 		break;
7740 
7741 	case IW_AUTH_TKIP_COUNTERMEASURES:
7742 		crypt = priv->ieee->crypt_info.crypt[priv->ieee->crypt_info.tx_keyidx];
7743 		if (!crypt || !crypt->ops->get_flags) {
7744 			IPW_DEBUG_WARNING("Can't get TKIP countermeasures: "
7745 					  "crypt not set!\n");
7746 			break;
7747 		}
7748 
7749 		param->value = (crypt->ops->get_flags(crypt->priv) &
7750 				IEEE80211_CRYPTO_TKIP_COUNTERMEASURES) ? 1 : 0;
7751 
7752 		break;
7753 
7754 	case IW_AUTH_DROP_UNENCRYPTED:
7755 		param->value = ieee->drop_unencrypted;
7756 		break;
7757 
7758 	case IW_AUTH_80211_AUTH_ALG:
7759 		param->value = priv->ieee->sec.auth_mode;
7760 		break;
7761 
7762 	case IW_AUTH_WPA_ENABLED:
7763 		param->value = ieee->wpa_enabled;
7764 		break;
7765 
7766 	case IW_AUTH_RX_UNENCRYPTED_EAPOL:
7767 		param->value = ieee->ieee802_1x;
7768 		break;
7769 
7770 	case IW_AUTH_ROAMING_CONTROL:
7771 	case IW_AUTH_PRIVACY_INVOKED:
7772 		param->value = ieee->privacy_invoked;
7773 		break;
7774 
7775 	default:
7776 		return -EOPNOTSUPP;
7777 	}
7778 	return 0;
7779 }
7780 
7781 /* SIOCSIWENCODEEXT */
7782 static int ipw2100_wx_set_encodeext(struct net_device *dev,
7783 				    struct iw_request_info *info,
7784 				    union iwreq_data *wrqu, char *extra)
7785 {
7786 	struct ipw2100_priv *priv = libipw_priv(dev);
7787 	return libipw_wx_set_encodeext(priv->ieee, info, wrqu, extra);
7788 }
7789 
7790 /* SIOCGIWENCODEEXT */
7791 static int ipw2100_wx_get_encodeext(struct net_device *dev,
7792 				    struct iw_request_info *info,
7793 				    union iwreq_data *wrqu, char *extra)
7794 {
7795 	struct ipw2100_priv *priv = libipw_priv(dev);
7796 	return libipw_wx_get_encodeext(priv->ieee, info, wrqu, extra);
7797 }
7798 
7799 /* SIOCSIWMLME */
7800 static int ipw2100_wx_set_mlme(struct net_device *dev,
7801 			       struct iw_request_info *info,
7802 			       union iwreq_data *wrqu, char *extra)
7803 {
7804 	struct ipw2100_priv *priv = libipw_priv(dev);
7805 	struct iw_mlme *mlme = (struct iw_mlme *)extra;
7806 	__le16 reason;
7807 
7808 	reason = cpu_to_le16(mlme->reason_code);
7809 
7810 	switch (mlme->cmd) {
7811 	case IW_MLME_DEAUTH:
7812 		// silently ignore
7813 		break;
7814 
7815 	case IW_MLME_DISASSOC:
7816 		ipw2100_disassociate_bssid(priv);
7817 		break;
7818 
7819 	default:
7820 		return -EOPNOTSUPP;
7821 	}
7822 	return 0;
7823 }
7824 
7825 /*
7826  *
7827  * IWPRIV handlers
7828  *
7829  */
7830 #ifdef CONFIG_IPW2100_MONITOR
7831 static int ipw2100_wx_set_promisc(struct net_device *dev,
7832 				  struct iw_request_info *info,
7833 				  union iwreq_data *wrqu, char *extra)
7834 {
7835 	struct ipw2100_priv *priv = libipw_priv(dev);
7836 	int *parms = (int *)extra;
7837 	int enable = (parms[0] > 0);
7838 	int err = 0;
7839 
7840 	mutex_lock(&priv->action_mutex);
7841 	if (!(priv->status & STATUS_INITIALIZED)) {
7842 		err = -EIO;
7843 		goto done;
7844 	}
7845 
7846 	if (enable) {
7847 		if (priv->ieee->iw_mode == IW_MODE_MONITOR) {
7848 			err = ipw2100_set_channel(priv, parms[1], 0);
7849 			goto done;
7850 		}
7851 		priv->channel = parms[1];
7852 		err = ipw2100_switch_mode(priv, IW_MODE_MONITOR);
7853 	} else {
7854 		if (priv->ieee->iw_mode == IW_MODE_MONITOR)
7855 			err = ipw2100_switch_mode(priv, priv->last_mode);
7856 	}
7857       done:
7858 	mutex_unlock(&priv->action_mutex);
7859 	return err;
7860 }
7861 
7862 static int ipw2100_wx_reset(struct net_device *dev,
7863 			    struct iw_request_info *info,
7864 			    union iwreq_data *wrqu, char *extra)
7865 {
7866 	struct ipw2100_priv *priv = libipw_priv(dev);
7867 	if (priv->status & STATUS_INITIALIZED)
7868 		schedule_reset(priv);
7869 	return 0;
7870 }
7871 
7872 #endif
7873 
7874 static int ipw2100_wx_set_powermode(struct net_device *dev,
7875 				    struct iw_request_info *info,
7876 				    union iwreq_data *wrqu, char *extra)
7877 {
7878 	struct ipw2100_priv *priv = libipw_priv(dev);
7879 	int err = 0, mode = *(int *)extra;
7880 
7881 	mutex_lock(&priv->action_mutex);
7882 	if (!(priv->status & STATUS_INITIALIZED)) {
7883 		err = -EIO;
7884 		goto done;
7885 	}
7886 
7887 	if ((mode < 0) || (mode > POWER_MODES))
7888 		mode = IPW_POWER_AUTO;
7889 
7890 	if (IPW_POWER_LEVEL(priv->power_mode) != mode)
7891 		err = ipw2100_set_power_mode(priv, mode);
7892       done:
7893 	mutex_unlock(&priv->action_mutex);
7894 	return err;
7895 }
7896 
7897 #define MAX_POWER_STRING 80
7898 static int ipw2100_wx_get_powermode(struct net_device *dev,
7899 				    struct iw_request_info *info,
7900 				    union iwreq_data *wrqu, char *extra)
7901 {
7902 	/*
7903 	 * This can be called at any time.  No action lock required
7904 	 */
7905 
7906 	struct ipw2100_priv *priv = libipw_priv(dev);
7907 	int level = IPW_POWER_LEVEL(priv->power_mode);
7908 	s32 timeout, period;
7909 
7910 	if (!(priv->power_mode & IPW_POWER_ENABLED)) {
7911 		snprintf(extra, MAX_POWER_STRING,
7912 			 "Power save level: %d (Off)", level);
7913 	} else {
7914 		switch (level) {
7915 		case IPW_POWER_MODE_CAM:
7916 			snprintf(extra, MAX_POWER_STRING,
7917 				 "Power save level: %d (None)", level);
7918 			break;
7919 		case IPW_POWER_AUTO:
7920 			snprintf(extra, MAX_POWER_STRING,
7921 				 "Power save level: %d (Auto)", level);
7922 			break;
7923 		default:
7924 			timeout = timeout_duration[level - 1] / 1000;
7925 			period = period_duration[level - 1] / 1000;
7926 			snprintf(extra, MAX_POWER_STRING,
7927 				 "Power save level: %d "
7928 				 "(Timeout %dms, Period %dms)",
7929 				 level, timeout, period);
7930 		}
7931 	}
7932 
7933 	wrqu->data.length = strlen(extra) + 1;
7934 
7935 	return 0;
7936 }
7937 
7938 static int ipw2100_wx_set_preamble(struct net_device *dev,
7939 				   struct iw_request_info *info,
7940 				   union iwreq_data *wrqu, char *extra)
7941 {
7942 	struct ipw2100_priv *priv = libipw_priv(dev);
7943 	int err, mode = *(int *)extra;
7944 
7945 	mutex_lock(&priv->action_mutex);
7946 	if (!(priv->status & STATUS_INITIALIZED)) {
7947 		err = -EIO;
7948 		goto done;
7949 	}
7950 
7951 	if (mode == 1)
7952 		priv->config |= CFG_LONG_PREAMBLE;
7953 	else if (mode == 0)
7954 		priv->config &= ~CFG_LONG_PREAMBLE;
7955 	else {
7956 		err = -EINVAL;
7957 		goto done;
7958 	}
7959 
7960 	err = ipw2100_system_config(priv, 0);
7961 
7962       done:
7963 	mutex_unlock(&priv->action_mutex);
7964 	return err;
7965 }
7966 
7967 static int ipw2100_wx_get_preamble(struct net_device *dev,
7968 				   struct iw_request_info *info,
7969 				   union iwreq_data *wrqu, char *extra)
7970 {
7971 	/*
7972 	 * This can be called at any time.  No action lock required
7973 	 */
7974 
7975 	struct ipw2100_priv *priv = libipw_priv(dev);
7976 
7977 	if (priv->config & CFG_LONG_PREAMBLE)
7978 		snprintf(wrqu->name, IFNAMSIZ, "long (1)");
7979 	else
7980 		snprintf(wrqu->name, IFNAMSIZ, "auto (0)");
7981 
7982 	return 0;
7983 }
7984 
7985 #ifdef CONFIG_IPW2100_MONITOR
7986 static int ipw2100_wx_set_crc_check(struct net_device *dev,
7987 				    struct iw_request_info *info,
7988 				    union iwreq_data *wrqu, char *extra)
7989 {
7990 	struct ipw2100_priv *priv = libipw_priv(dev);
7991 	int err, mode = *(int *)extra;
7992 
7993 	mutex_lock(&priv->action_mutex);
7994 	if (!(priv->status & STATUS_INITIALIZED)) {
7995 		err = -EIO;
7996 		goto done;
7997 	}
7998 
7999 	if (mode == 1)
8000 		priv->config |= CFG_CRC_CHECK;
8001 	else if (mode == 0)
8002 		priv->config &= ~CFG_CRC_CHECK;
8003 	else {
8004 		err = -EINVAL;
8005 		goto done;
8006 	}
8007 	err = 0;
8008 
8009       done:
8010 	mutex_unlock(&priv->action_mutex);
8011 	return err;
8012 }
8013 
8014 static int ipw2100_wx_get_crc_check(struct net_device *dev,
8015 				    struct iw_request_info *info,
8016 				    union iwreq_data *wrqu, char *extra)
8017 {
8018 	/*
8019 	 * This can be called at any time.  No action lock required
8020 	 */
8021 
8022 	struct ipw2100_priv *priv = libipw_priv(dev);
8023 
8024 	if (priv->config & CFG_CRC_CHECK)
8025 		snprintf(wrqu->name, IFNAMSIZ, "CRC checked (1)");
8026 	else
8027 		snprintf(wrqu->name, IFNAMSIZ, "CRC ignored (0)");
8028 
8029 	return 0;
8030 }
8031 #endif				/* CONFIG_IPW2100_MONITOR */
8032 
8033 static iw_handler ipw2100_wx_handlers[] = {
8034 	IW_HANDLER(SIOCGIWNAME, ipw2100_wx_get_name),
8035 	IW_HANDLER(SIOCSIWFREQ, ipw2100_wx_set_freq),
8036 	IW_HANDLER(SIOCGIWFREQ, ipw2100_wx_get_freq),
8037 	IW_HANDLER(SIOCSIWMODE, ipw2100_wx_set_mode),
8038 	IW_HANDLER(SIOCGIWMODE, ipw2100_wx_get_mode),
8039 	IW_HANDLER(SIOCGIWRANGE, ipw2100_wx_get_range),
8040 	IW_HANDLER(SIOCSIWAP, ipw2100_wx_set_wap),
8041 	IW_HANDLER(SIOCGIWAP, ipw2100_wx_get_wap),
8042 	IW_HANDLER(SIOCSIWMLME, ipw2100_wx_set_mlme),
8043 	IW_HANDLER(SIOCSIWSCAN, ipw2100_wx_set_scan),
8044 	IW_HANDLER(SIOCGIWSCAN, ipw2100_wx_get_scan),
8045 	IW_HANDLER(SIOCSIWESSID, ipw2100_wx_set_essid),
8046 	IW_HANDLER(SIOCGIWESSID, ipw2100_wx_get_essid),
8047 	IW_HANDLER(SIOCSIWNICKN, ipw2100_wx_set_nick),
8048 	IW_HANDLER(SIOCGIWNICKN, ipw2100_wx_get_nick),
8049 	IW_HANDLER(SIOCSIWRATE, ipw2100_wx_set_rate),
8050 	IW_HANDLER(SIOCGIWRATE, ipw2100_wx_get_rate),
8051 	IW_HANDLER(SIOCSIWRTS, ipw2100_wx_set_rts),
8052 	IW_HANDLER(SIOCGIWRTS, ipw2100_wx_get_rts),
8053 	IW_HANDLER(SIOCSIWFRAG, ipw2100_wx_set_frag),
8054 	IW_HANDLER(SIOCGIWFRAG, ipw2100_wx_get_frag),
8055 	IW_HANDLER(SIOCSIWTXPOW, ipw2100_wx_set_txpow),
8056 	IW_HANDLER(SIOCGIWTXPOW, ipw2100_wx_get_txpow),
8057 	IW_HANDLER(SIOCSIWRETRY, ipw2100_wx_set_retry),
8058 	IW_HANDLER(SIOCGIWRETRY, ipw2100_wx_get_retry),
8059 	IW_HANDLER(SIOCSIWENCODE, ipw2100_wx_set_encode),
8060 	IW_HANDLER(SIOCGIWENCODE, ipw2100_wx_get_encode),
8061 	IW_HANDLER(SIOCSIWPOWER, ipw2100_wx_set_power),
8062 	IW_HANDLER(SIOCGIWPOWER, ipw2100_wx_get_power),
8063 	IW_HANDLER(SIOCSIWGENIE, ipw2100_wx_set_genie),
8064 	IW_HANDLER(SIOCGIWGENIE, ipw2100_wx_get_genie),
8065 	IW_HANDLER(SIOCSIWAUTH, ipw2100_wx_set_auth),
8066 	IW_HANDLER(SIOCGIWAUTH, ipw2100_wx_get_auth),
8067 	IW_HANDLER(SIOCSIWENCODEEXT, ipw2100_wx_set_encodeext),
8068 	IW_HANDLER(SIOCGIWENCODEEXT, ipw2100_wx_get_encodeext),
8069 };
8070 
8071 #define IPW2100_PRIV_SET_MONITOR	SIOCIWFIRSTPRIV
8072 #define IPW2100_PRIV_RESET		SIOCIWFIRSTPRIV+1
8073 #define IPW2100_PRIV_SET_POWER		SIOCIWFIRSTPRIV+2
8074 #define IPW2100_PRIV_GET_POWER		SIOCIWFIRSTPRIV+3
8075 #define IPW2100_PRIV_SET_LONGPREAMBLE	SIOCIWFIRSTPRIV+4
8076 #define IPW2100_PRIV_GET_LONGPREAMBLE	SIOCIWFIRSTPRIV+5
8077 #define IPW2100_PRIV_SET_CRC_CHECK	SIOCIWFIRSTPRIV+6
8078 #define IPW2100_PRIV_GET_CRC_CHECK	SIOCIWFIRSTPRIV+7
8079 
8080 static const struct iw_priv_args ipw2100_private_args[] = {
8081 
8082 #ifdef CONFIG_IPW2100_MONITOR
8083 	{
8084 	 IPW2100_PRIV_SET_MONITOR,
8085 	 IW_PRIV_TYPE_INT | IW_PRIV_SIZE_FIXED | 2, 0, "monitor"},
8086 	{
8087 	 IPW2100_PRIV_RESET,
8088 	 IW_PRIV_TYPE_INT | IW_PRIV_SIZE_FIXED | 0, 0, "reset"},
8089 #endif				/* CONFIG_IPW2100_MONITOR */
8090 
8091 	{
8092 	 IPW2100_PRIV_SET_POWER,
8093 	 IW_PRIV_TYPE_INT | IW_PRIV_SIZE_FIXED | 1, 0, "set_power"},
8094 	{
8095 	 IPW2100_PRIV_GET_POWER,
8096 	 0, IW_PRIV_TYPE_CHAR | IW_PRIV_SIZE_FIXED | MAX_POWER_STRING,
8097 	 "get_power"},
8098 	{
8099 	 IPW2100_PRIV_SET_LONGPREAMBLE,
8100 	 IW_PRIV_TYPE_INT | IW_PRIV_SIZE_FIXED | 1, 0, "set_preamble"},
8101 	{
8102 	 IPW2100_PRIV_GET_LONGPREAMBLE,
8103 	 0, IW_PRIV_TYPE_CHAR | IW_PRIV_SIZE_FIXED | IFNAMSIZ, "get_preamble"},
8104 #ifdef CONFIG_IPW2100_MONITOR
8105 	{
8106 	 IPW2100_PRIV_SET_CRC_CHECK,
8107 	 IW_PRIV_TYPE_INT | IW_PRIV_SIZE_FIXED | 1, 0, "set_crc_check"},
8108 	{
8109 	 IPW2100_PRIV_GET_CRC_CHECK,
8110 	 0, IW_PRIV_TYPE_CHAR | IW_PRIV_SIZE_FIXED | IFNAMSIZ, "get_crc_check"},
8111 #endif				/* CONFIG_IPW2100_MONITOR */
8112 };
8113 
8114 static iw_handler ipw2100_private_handler[] = {
8115 #ifdef CONFIG_IPW2100_MONITOR
8116 	ipw2100_wx_set_promisc,
8117 	ipw2100_wx_reset,
8118 #else				/* CONFIG_IPW2100_MONITOR */
8119 	NULL,
8120 	NULL,
8121 #endif				/* CONFIG_IPW2100_MONITOR */
8122 	ipw2100_wx_set_powermode,
8123 	ipw2100_wx_get_powermode,
8124 	ipw2100_wx_set_preamble,
8125 	ipw2100_wx_get_preamble,
8126 #ifdef CONFIG_IPW2100_MONITOR
8127 	ipw2100_wx_set_crc_check,
8128 	ipw2100_wx_get_crc_check,
8129 #else				/* CONFIG_IPW2100_MONITOR */
8130 	NULL,
8131 	NULL,
8132 #endif				/* CONFIG_IPW2100_MONITOR */
8133 };
8134 
8135 /*
8136  * Get wireless statistics.
8137  * Called by /proc/net/wireless
8138  * Also called by SIOCGIWSTATS
8139  */
8140 static struct iw_statistics *ipw2100_wx_wireless_stats(struct net_device *dev)
8141 {
8142 	enum {
8143 		POOR = 30,
8144 		FAIR = 60,
8145 		GOOD = 80,
8146 		VERY_GOOD = 90,
8147 		EXCELLENT = 95,
8148 		PERFECT = 100
8149 	};
8150 	int rssi_qual;
8151 	int tx_qual;
8152 	int beacon_qual;
8153 	int quality;
8154 
8155 	struct ipw2100_priv *priv = libipw_priv(dev);
8156 	struct iw_statistics *wstats;
8157 	u32 rssi, tx_retries, missed_beacons, tx_failures;
8158 	u32 ord_len = sizeof(u32);
8159 
8160 	if (!priv)
8161 		return (struct iw_statistics *)NULL;
8162 
8163 	wstats = &priv->wstats;
8164 
8165 	/* if hw is disabled, then ipw2100_get_ordinal() can't be called.
8166 	 * ipw2100_wx_wireless_stats seems to be called before fw is
8167 	 * initialized.  STATUS_ASSOCIATED will only be set if the hw is up
8168 	 * and associated; if not associcated, the values are all meaningless
8169 	 * anyway, so set them all to NULL and INVALID */
8170 	if (!(priv->status & STATUS_ASSOCIATED)) {
8171 		wstats->miss.beacon = 0;
8172 		wstats->discard.retries = 0;
8173 		wstats->qual.qual = 0;
8174 		wstats->qual.level = 0;
8175 		wstats->qual.noise = 0;
8176 		wstats->qual.updated = 7;
8177 		wstats->qual.updated |= IW_QUAL_NOISE_INVALID |
8178 		    IW_QUAL_QUAL_INVALID | IW_QUAL_LEVEL_INVALID;
8179 		return wstats;
8180 	}
8181 
8182 	if (ipw2100_get_ordinal(priv, IPW_ORD_STAT_PERCENT_MISSED_BCNS,
8183 				&missed_beacons, &ord_len))
8184 		goto fail_get_ordinal;
8185 
8186 	/* If we don't have a connection the quality and level is 0 */
8187 	if (!(priv->status & STATUS_ASSOCIATED)) {
8188 		wstats->qual.qual = 0;
8189 		wstats->qual.level = 0;
8190 	} else {
8191 		if (ipw2100_get_ordinal(priv, IPW_ORD_RSSI_AVG_CURR,
8192 					&rssi, &ord_len))
8193 			goto fail_get_ordinal;
8194 		wstats->qual.level = rssi + IPW2100_RSSI_TO_DBM;
8195 		if (rssi < 10)
8196 			rssi_qual = rssi * POOR / 10;
8197 		else if (rssi < 15)
8198 			rssi_qual = (rssi - 10) * (FAIR - POOR) / 5 + POOR;
8199 		else if (rssi < 20)
8200 			rssi_qual = (rssi - 15) * (GOOD - FAIR) / 5 + FAIR;
8201 		else if (rssi < 30)
8202 			rssi_qual = (rssi - 20) * (VERY_GOOD - GOOD) /
8203 			    10 + GOOD;
8204 		else
8205 			rssi_qual = (rssi - 30) * (PERFECT - VERY_GOOD) /
8206 			    10 + VERY_GOOD;
8207 
8208 		if (ipw2100_get_ordinal(priv, IPW_ORD_STAT_PERCENT_RETRIES,
8209 					&tx_retries, &ord_len))
8210 			goto fail_get_ordinal;
8211 
8212 		if (tx_retries > 75)
8213 			tx_qual = (90 - tx_retries) * POOR / 15;
8214 		else if (tx_retries > 70)
8215 			tx_qual = (75 - tx_retries) * (FAIR - POOR) / 5 + POOR;
8216 		else if (tx_retries > 65)
8217 			tx_qual = (70 - tx_retries) * (GOOD - FAIR) / 5 + FAIR;
8218 		else if (tx_retries > 50)
8219 			tx_qual = (65 - tx_retries) * (VERY_GOOD - GOOD) /
8220 			    15 + GOOD;
8221 		else
8222 			tx_qual = (50 - tx_retries) *
8223 			    (PERFECT - VERY_GOOD) / 50 + VERY_GOOD;
8224 
8225 		if (missed_beacons > 50)
8226 			beacon_qual = (60 - missed_beacons) * POOR / 10;
8227 		else if (missed_beacons > 40)
8228 			beacon_qual = (50 - missed_beacons) * (FAIR - POOR) /
8229 			    10 + POOR;
8230 		else if (missed_beacons > 32)
8231 			beacon_qual = (40 - missed_beacons) * (GOOD - FAIR) /
8232 			    18 + FAIR;
8233 		else if (missed_beacons > 20)
8234 			beacon_qual = (32 - missed_beacons) *
8235 			    (VERY_GOOD - GOOD) / 20 + GOOD;
8236 		else
8237 			beacon_qual = (20 - missed_beacons) *
8238 			    (PERFECT - VERY_GOOD) / 20 + VERY_GOOD;
8239 
8240 		quality = min(tx_qual, rssi_qual);
8241 		quality = min(beacon_qual, quality);
8242 
8243 #ifdef CONFIG_IPW2100_DEBUG
8244 		if (beacon_qual == quality)
8245 			IPW_DEBUG_WX("Quality clamped by Missed Beacons\n");
8246 		else if (tx_qual == quality)
8247 			IPW_DEBUG_WX("Quality clamped by Tx Retries\n");
8248 		else if (quality != 100)
8249 			IPW_DEBUG_WX("Quality clamped by Signal Strength\n");
8250 		else
8251 			IPW_DEBUG_WX("Quality not clamped.\n");
8252 #endif
8253 
8254 		wstats->qual.qual = quality;
8255 		wstats->qual.level = rssi + IPW2100_RSSI_TO_DBM;
8256 	}
8257 
8258 	wstats->qual.noise = 0;
8259 	wstats->qual.updated = 7;
8260 	wstats->qual.updated |= IW_QUAL_NOISE_INVALID;
8261 
8262 	/* FIXME: this is percent and not a # */
8263 	wstats->miss.beacon = missed_beacons;
8264 
8265 	if (ipw2100_get_ordinal(priv, IPW_ORD_STAT_TX_FAILURES,
8266 				&tx_failures, &ord_len))
8267 		goto fail_get_ordinal;
8268 	wstats->discard.retries = tx_failures;
8269 
8270 	return wstats;
8271 
8272       fail_get_ordinal:
8273 	IPW_DEBUG_WX("failed querying ordinals.\n");
8274 
8275 	return (struct iw_statistics *)NULL;
8276 }
8277 
8278 static struct iw_handler_def ipw2100_wx_handler_def = {
8279 	.standard = ipw2100_wx_handlers,
8280 	.num_standard = ARRAY_SIZE(ipw2100_wx_handlers),
8281 	.num_private = ARRAY_SIZE(ipw2100_private_handler),
8282 	.num_private_args = ARRAY_SIZE(ipw2100_private_args),
8283 	.private = (iw_handler *) ipw2100_private_handler,
8284 	.private_args = (struct iw_priv_args *)ipw2100_private_args,
8285 	.get_wireless_stats = ipw2100_wx_wireless_stats,
8286 };
8287 
8288 static void ipw2100_wx_event_work(struct work_struct *work)
8289 {
8290 	struct ipw2100_priv *priv =
8291 		container_of(work, struct ipw2100_priv, wx_event_work.work);
8292 	union iwreq_data wrqu;
8293 	unsigned int len = ETH_ALEN;
8294 
8295 	if (priv->status & STATUS_STOPPING)
8296 		return;
8297 
8298 	mutex_lock(&priv->action_mutex);
8299 
8300 	IPW_DEBUG_WX("enter\n");
8301 
8302 	mutex_unlock(&priv->action_mutex);
8303 
8304 	wrqu.ap_addr.sa_family = ARPHRD_ETHER;
8305 
8306 	/* Fetch BSSID from the hardware */
8307 	if (!(priv->status & (STATUS_ASSOCIATING | STATUS_ASSOCIATED)) ||
8308 	    priv->status & STATUS_RF_KILL_MASK ||
8309 	    ipw2100_get_ordinal(priv, IPW_ORD_STAT_ASSN_AP_BSSID,
8310 				&priv->bssid, &len)) {
8311 		eth_zero_addr(wrqu.ap_addr.sa_data);
8312 	} else {
8313 		/* We now have the BSSID, so can finish setting to the full
8314 		 * associated state */
8315 		memcpy(wrqu.ap_addr.sa_data, priv->bssid, ETH_ALEN);
8316 		memcpy(priv->ieee->bssid, priv->bssid, ETH_ALEN);
8317 		priv->status &= ~STATUS_ASSOCIATING;
8318 		priv->status |= STATUS_ASSOCIATED;
8319 		netif_carrier_on(priv->net_dev);
8320 		netif_wake_queue(priv->net_dev);
8321 	}
8322 
8323 	if (!(priv->status & STATUS_ASSOCIATED)) {
8324 		IPW_DEBUG_WX("Configuring ESSID\n");
8325 		mutex_lock(&priv->action_mutex);
8326 		/* This is a disassociation event, so kick the firmware to
8327 		 * look for another AP */
8328 		if (priv->config & CFG_STATIC_ESSID)
8329 			ipw2100_set_essid(priv, priv->essid, priv->essid_len,
8330 					  0);
8331 		else
8332 			ipw2100_set_essid(priv, NULL, 0, 0);
8333 		mutex_unlock(&priv->action_mutex);
8334 	}
8335 
8336 	wireless_send_event(priv->net_dev, SIOCGIWAP, &wrqu, NULL);
8337 }
8338 
8339 #define IPW2100_FW_MAJOR_VERSION 1
8340 #define IPW2100_FW_MINOR_VERSION 3
8341 
8342 #define IPW2100_FW_MINOR(x) ((x & 0xff) >> 8)
8343 #define IPW2100_FW_MAJOR(x) (x & 0xff)
8344 
8345 #define IPW2100_FW_VERSION ((IPW2100_FW_MINOR_VERSION << 8) | \
8346                              IPW2100_FW_MAJOR_VERSION)
8347 
8348 #define IPW2100_FW_PREFIX "ipw2100-" __stringify(IPW2100_FW_MAJOR_VERSION) \
8349 "." __stringify(IPW2100_FW_MINOR_VERSION)
8350 
8351 #define IPW2100_FW_NAME(x) IPW2100_FW_PREFIX "" x ".fw"
8352 
8353 /*
8354 
8355 BINARY FIRMWARE HEADER FORMAT
8356 
8357 offset      length   desc
8358 0           2        version
8359 2           2        mode == 0:BSS,1:IBSS,2:MONITOR
8360 4           4        fw_len
8361 8           4        uc_len
8362 C           fw_len   firmware data
8363 12 + fw_len uc_len   microcode data
8364 
8365 */
8366 
8367 struct ipw2100_fw_header {
8368 	short version;
8369 	short mode;
8370 	unsigned int fw_size;
8371 	unsigned int uc_size;
8372 } __packed;
8373 
8374 static int ipw2100_mod_firmware_load(struct ipw2100_fw *fw)
8375 {
8376 	struct ipw2100_fw_header *h =
8377 	    (struct ipw2100_fw_header *)fw->fw_entry->data;
8378 
8379 	if (IPW2100_FW_MAJOR(h->version) != IPW2100_FW_MAJOR_VERSION) {
8380 		printk(KERN_WARNING DRV_NAME ": Firmware image not compatible "
8381 		       "(detected version id of %u). "
8382 		       "See Documentation/networking/README.ipw2100\n",
8383 		       h->version);
8384 		return 1;
8385 	}
8386 
8387 	fw->version = h->version;
8388 	fw->fw.data = fw->fw_entry->data + sizeof(struct ipw2100_fw_header);
8389 	fw->fw.size = h->fw_size;
8390 	fw->uc.data = fw->fw.data + h->fw_size;
8391 	fw->uc.size = h->uc_size;
8392 
8393 	return 0;
8394 }
8395 
8396 static int ipw2100_get_firmware(struct ipw2100_priv *priv,
8397 				struct ipw2100_fw *fw)
8398 {
8399 	char *fw_name;
8400 	int rc;
8401 
8402 	IPW_DEBUG_INFO("%s: Using hotplug firmware load.\n",
8403 		       priv->net_dev->name);
8404 
8405 	switch (priv->ieee->iw_mode) {
8406 	case IW_MODE_ADHOC:
8407 		fw_name = IPW2100_FW_NAME("-i");
8408 		break;
8409 #ifdef CONFIG_IPW2100_MONITOR
8410 	case IW_MODE_MONITOR:
8411 		fw_name = IPW2100_FW_NAME("-p");
8412 		break;
8413 #endif
8414 	case IW_MODE_INFRA:
8415 	default:
8416 		fw_name = IPW2100_FW_NAME("");
8417 		break;
8418 	}
8419 
8420 	rc = request_firmware(&fw->fw_entry, fw_name, &priv->pci_dev->dev);
8421 
8422 	if (rc < 0) {
8423 		printk(KERN_ERR DRV_NAME ": "
8424 		       "%s: Firmware '%s' not available or load failed.\n",
8425 		       priv->net_dev->name, fw_name);
8426 		return rc;
8427 	}
8428 	IPW_DEBUG_INFO("firmware data %p size %zd\n", fw->fw_entry->data,
8429 		       fw->fw_entry->size);
8430 
8431 	ipw2100_mod_firmware_load(fw);
8432 
8433 	return 0;
8434 }
8435 
8436 MODULE_FIRMWARE(IPW2100_FW_NAME("-i"));
8437 #ifdef CONFIG_IPW2100_MONITOR
8438 MODULE_FIRMWARE(IPW2100_FW_NAME("-p"));
8439 #endif
8440 MODULE_FIRMWARE(IPW2100_FW_NAME(""));
8441 
8442 static void ipw2100_release_firmware(struct ipw2100_priv *priv,
8443 				     struct ipw2100_fw *fw)
8444 {
8445 	fw->version = 0;
8446 	release_firmware(fw->fw_entry);
8447 	fw->fw_entry = NULL;
8448 }
8449 
8450 static int ipw2100_get_fwversion(struct ipw2100_priv *priv, char *buf,
8451 				 size_t max)
8452 {
8453 	char ver[MAX_FW_VERSION_LEN];
8454 	u32 len = MAX_FW_VERSION_LEN;
8455 	u32 tmp;
8456 	int i;
8457 	/* firmware version is an ascii string (max len of 14) */
8458 	if (ipw2100_get_ordinal(priv, IPW_ORD_STAT_FW_VER_NUM, ver, &len))
8459 		return -EIO;
8460 	tmp = max;
8461 	if (len >= max)
8462 		len = max - 1;
8463 	for (i = 0; i < len; i++)
8464 		buf[i] = ver[i];
8465 	buf[i] = '\0';
8466 	return tmp;
8467 }
8468 
8469 static int ipw2100_get_ucodeversion(struct ipw2100_priv *priv, char *buf,
8470 				    size_t max)
8471 {
8472 	u32 ver;
8473 	u32 len = sizeof(ver);
8474 	/* microcode version is a 32 bit integer */
8475 	if (ipw2100_get_ordinal(priv, IPW_ORD_UCODE_VERSION, &ver, &len))
8476 		return -EIO;
8477 	return snprintf(buf, max, "%08X", ver);
8478 }
8479 
8480 /*
8481  * On exit, the firmware will have been freed from the fw list
8482  */
8483 static int ipw2100_fw_download(struct ipw2100_priv *priv, struct ipw2100_fw *fw)
8484 {
8485 	/* firmware is constructed of N contiguous entries, each entry is
8486 	 * structured as:
8487 	 *
8488 	 * offset    sie         desc
8489 	 * 0         4           address to write to
8490 	 * 4         2           length of data run
8491 	 * 6         length      data
8492 	 */
8493 	unsigned int addr;
8494 	unsigned short len;
8495 
8496 	const unsigned char *firmware_data = fw->fw.data;
8497 	unsigned int firmware_data_left = fw->fw.size;
8498 
8499 	while (firmware_data_left > 0) {
8500 		addr = *(u32 *) (firmware_data);
8501 		firmware_data += 4;
8502 		firmware_data_left -= 4;
8503 
8504 		len = *(u16 *) (firmware_data);
8505 		firmware_data += 2;
8506 		firmware_data_left -= 2;
8507 
8508 		if (len > 32) {
8509 			printk(KERN_ERR DRV_NAME ": "
8510 			       "Invalid firmware run-length of %d bytes\n",
8511 			       len);
8512 			return -EINVAL;
8513 		}
8514 
8515 		write_nic_memory(priv->net_dev, addr, len, firmware_data);
8516 		firmware_data += len;
8517 		firmware_data_left -= len;
8518 	}
8519 
8520 	return 0;
8521 }
8522 
8523 struct symbol_alive_response {
8524 	u8 cmd_id;
8525 	u8 seq_num;
8526 	u8 ucode_rev;
8527 	u8 eeprom_valid;
8528 	u16 valid_flags;
8529 	u8 IEEE_addr[6];
8530 	u16 flags;
8531 	u16 pcb_rev;
8532 	u16 clock_settle_time;	// 1us LSB
8533 	u16 powerup_settle_time;	// 1us LSB
8534 	u16 hop_settle_time;	// 1us LSB
8535 	u8 date[3];		// month, day, year
8536 	u8 time[2];		// hours, minutes
8537 	u8 ucode_valid;
8538 };
8539 
8540 static int ipw2100_ucode_download(struct ipw2100_priv *priv,
8541 				  struct ipw2100_fw *fw)
8542 {
8543 	struct net_device *dev = priv->net_dev;
8544 	const unsigned char *microcode_data = fw->uc.data;
8545 	unsigned int microcode_data_left = fw->uc.size;
8546 	void __iomem *reg = priv->ioaddr;
8547 
8548 	struct symbol_alive_response response;
8549 	int i, j;
8550 	u8 data;
8551 
8552 	/* Symbol control */
8553 	write_nic_word(dev, IPW2100_CONTROL_REG, 0x703);
8554 	readl(reg);
8555 	write_nic_word(dev, IPW2100_CONTROL_REG, 0x707);
8556 	readl(reg);
8557 
8558 	/* HW config */
8559 	write_nic_byte(dev, 0x210014, 0x72);	/* fifo width =16 */
8560 	readl(reg);
8561 	write_nic_byte(dev, 0x210014, 0x72);	/* fifo width =16 */
8562 	readl(reg);
8563 
8564 	/* EN_CS_ACCESS bit to reset control store pointer */
8565 	write_nic_byte(dev, 0x210000, 0x40);
8566 	readl(reg);
8567 	write_nic_byte(dev, 0x210000, 0x0);
8568 	readl(reg);
8569 	write_nic_byte(dev, 0x210000, 0x40);
8570 	readl(reg);
8571 
8572 	/* copy microcode from buffer into Symbol */
8573 
8574 	while (microcode_data_left > 0) {
8575 		write_nic_byte(dev, 0x210010, *microcode_data++);
8576 		write_nic_byte(dev, 0x210010, *microcode_data++);
8577 		microcode_data_left -= 2;
8578 	}
8579 
8580 	/* EN_CS_ACCESS bit to reset the control store pointer */
8581 	write_nic_byte(dev, 0x210000, 0x0);
8582 	readl(reg);
8583 
8584 	/* Enable System (Reg 0)
8585 	 * first enable causes garbage in RX FIFO */
8586 	write_nic_byte(dev, 0x210000, 0x0);
8587 	readl(reg);
8588 	write_nic_byte(dev, 0x210000, 0x80);
8589 	readl(reg);
8590 
8591 	/* Reset External Baseband Reg */
8592 	write_nic_word(dev, IPW2100_CONTROL_REG, 0x703);
8593 	readl(reg);
8594 	write_nic_word(dev, IPW2100_CONTROL_REG, 0x707);
8595 	readl(reg);
8596 
8597 	/* HW Config (Reg 5) */
8598 	write_nic_byte(dev, 0x210014, 0x72);	// fifo width =16
8599 	readl(reg);
8600 	write_nic_byte(dev, 0x210014, 0x72);	// fifo width =16
8601 	readl(reg);
8602 
8603 	/* Enable System (Reg 0)
8604 	 * second enable should be OK */
8605 	write_nic_byte(dev, 0x210000, 0x00);	// clear enable system
8606 	readl(reg);
8607 	write_nic_byte(dev, 0x210000, 0x80);	// set enable system
8608 
8609 	/* check Symbol is enabled - upped this from 5 as it wasn't always
8610 	 * catching the update */
8611 	for (i = 0; i < 10; i++) {
8612 		udelay(10);
8613 
8614 		/* check Dino is enabled bit */
8615 		read_nic_byte(dev, 0x210000, &data);
8616 		if (data & 0x1)
8617 			break;
8618 	}
8619 
8620 	if (i == 10) {
8621 		printk(KERN_ERR DRV_NAME ": %s: Error initializing Symbol\n",
8622 		       dev->name);
8623 		return -EIO;
8624 	}
8625 
8626 	/* Get Symbol alive response */
8627 	for (i = 0; i < 30; i++) {
8628 		/* Read alive response structure */
8629 		for (j = 0;
8630 		     j < (sizeof(struct symbol_alive_response) >> 1); j++)
8631 			read_nic_word(dev, 0x210004, ((u16 *) & response) + j);
8632 
8633 		if ((response.cmd_id == 1) && (response.ucode_valid == 0x1))
8634 			break;
8635 		udelay(10);
8636 	}
8637 
8638 	if (i == 30) {
8639 		printk(KERN_ERR DRV_NAME
8640 		       ": %s: No response from Symbol - hw not alive\n",
8641 		       dev->name);
8642 		printk_buf(IPW_DL_ERROR, (u8 *) & response, sizeof(response));
8643 		return -EIO;
8644 	}
8645 
8646 	return 0;
8647 }
8648