xref: /linux/drivers/net/wireless/ralink/rt2x00/rt61pci.c (revision 4e95bc268b915c3a19ec8b9110f61e4ea41a1ed0)
1 // SPDX-License-Identifier: GPL-2.0-or-later
2 /*
3 	Copyright (C) 2004 - 2009 Ivo van Doorn <IvDoorn@gmail.com>
4 	<http://rt2x00.serialmonkey.com>
5 
6  */
7 
8 /*
9 	Module: rt61pci
10 	Abstract: rt61pci device specific routines.
11 	Supported chipsets: RT2561, RT2561s, RT2661.
12  */
13 
14 #include <linux/crc-itu-t.h>
15 #include <linux/delay.h>
16 #include <linux/etherdevice.h>
17 #include <linux/kernel.h>
18 #include <linux/module.h>
19 #include <linux/slab.h>
20 #include <linux/pci.h>
21 #include <linux/eeprom_93cx6.h>
22 
23 #include "rt2x00.h"
24 #include "rt2x00mmio.h"
25 #include "rt2x00pci.h"
26 #include "rt61pci.h"
27 
28 /*
29  * Allow hardware encryption to be disabled.
30  */
31 static bool modparam_nohwcrypt = false;
32 module_param_named(nohwcrypt, modparam_nohwcrypt, bool, 0444);
33 MODULE_PARM_DESC(nohwcrypt, "Disable hardware encryption.");
34 
35 /*
36  * Register access.
37  * BBP and RF register require indirect register access,
38  * and use the CSR registers PHY_CSR3 and PHY_CSR4 to achieve this.
39  * These indirect registers work with busy bits,
40  * and we will try maximal REGISTER_BUSY_COUNT times to access
41  * the register while taking a REGISTER_BUSY_DELAY us delay
42  * between each attempt. When the busy bit is still set at that time,
43  * the access attempt is considered to have failed,
44  * and we will print an error.
45  */
46 #define WAIT_FOR_BBP(__dev, __reg) \
47 	rt2x00mmio_regbusy_read((__dev), PHY_CSR3, PHY_CSR3_BUSY, (__reg))
48 #define WAIT_FOR_RF(__dev, __reg) \
49 	rt2x00mmio_regbusy_read((__dev), PHY_CSR4, PHY_CSR4_BUSY, (__reg))
50 #define WAIT_FOR_MCU(__dev, __reg) \
51 	rt2x00mmio_regbusy_read((__dev), H2M_MAILBOX_CSR, \
52 				H2M_MAILBOX_CSR_OWNER, (__reg))
53 
54 static void rt61pci_bbp_write(struct rt2x00_dev *rt2x00dev,
55 			      const unsigned int word, const u8 value)
56 {
57 	u32 reg;
58 
59 	mutex_lock(&rt2x00dev->csr_mutex);
60 
61 	/*
62 	 * Wait until the BBP becomes available, afterwards we
63 	 * can safely write the new data into the register.
64 	 */
65 	if (WAIT_FOR_BBP(rt2x00dev, &reg)) {
66 		reg = 0;
67 		rt2x00_set_field32(&reg, PHY_CSR3_VALUE, value);
68 		rt2x00_set_field32(&reg, PHY_CSR3_REGNUM, word);
69 		rt2x00_set_field32(&reg, PHY_CSR3_BUSY, 1);
70 		rt2x00_set_field32(&reg, PHY_CSR3_READ_CONTROL, 0);
71 
72 		rt2x00mmio_register_write(rt2x00dev, PHY_CSR3, reg);
73 	}
74 
75 	mutex_unlock(&rt2x00dev->csr_mutex);
76 }
77 
78 static u8 rt61pci_bbp_read(struct rt2x00_dev *rt2x00dev,
79 			   const unsigned int word)
80 {
81 	u32 reg;
82 	u8 value;
83 
84 	mutex_lock(&rt2x00dev->csr_mutex);
85 
86 	/*
87 	 * Wait until the BBP becomes available, afterwards we
88 	 * can safely write the read request into the register.
89 	 * After the data has been written, we wait until hardware
90 	 * returns the correct value, if at any time the register
91 	 * doesn't become available in time, reg will be 0xffffffff
92 	 * which means we return 0xff to the caller.
93 	 */
94 	if (WAIT_FOR_BBP(rt2x00dev, &reg)) {
95 		reg = 0;
96 		rt2x00_set_field32(&reg, PHY_CSR3_REGNUM, word);
97 		rt2x00_set_field32(&reg, PHY_CSR3_BUSY, 1);
98 		rt2x00_set_field32(&reg, PHY_CSR3_READ_CONTROL, 1);
99 
100 		rt2x00mmio_register_write(rt2x00dev, PHY_CSR3, reg);
101 
102 		WAIT_FOR_BBP(rt2x00dev, &reg);
103 	}
104 
105 	value = rt2x00_get_field32(reg, PHY_CSR3_VALUE);
106 
107 	mutex_unlock(&rt2x00dev->csr_mutex);
108 
109 	return value;
110 }
111 
112 static void rt61pci_rf_write(struct rt2x00_dev *rt2x00dev,
113 			     const unsigned int word, const u32 value)
114 {
115 	u32 reg;
116 
117 	mutex_lock(&rt2x00dev->csr_mutex);
118 
119 	/*
120 	 * Wait until the RF becomes available, afterwards we
121 	 * can safely write the new data into the register.
122 	 */
123 	if (WAIT_FOR_RF(rt2x00dev, &reg)) {
124 		reg = 0;
125 		rt2x00_set_field32(&reg, PHY_CSR4_VALUE, value);
126 		rt2x00_set_field32(&reg, PHY_CSR4_NUMBER_OF_BITS, 21);
127 		rt2x00_set_field32(&reg, PHY_CSR4_IF_SELECT, 0);
128 		rt2x00_set_field32(&reg, PHY_CSR4_BUSY, 1);
129 
130 		rt2x00mmio_register_write(rt2x00dev, PHY_CSR4, reg);
131 		rt2x00_rf_write(rt2x00dev, word, value);
132 	}
133 
134 	mutex_unlock(&rt2x00dev->csr_mutex);
135 }
136 
137 static void rt61pci_mcu_request(struct rt2x00_dev *rt2x00dev,
138 				const u8 command, const u8 token,
139 				const u8 arg0, const u8 arg1)
140 {
141 	u32 reg;
142 
143 	mutex_lock(&rt2x00dev->csr_mutex);
144 
145 	/*
146 	 * Wait until the MCU becomes available, afterwards we
147 	 * can safely write the new data into the register.
148 	 */
149 	if (WAIT_FOR_MCU(rt2x00dev, &reg)) {
150 		rt2x00_set_field32(&reg, H2M_MAILBOX_CSR_OWNER, 1);
151 		rt2x00_set_field32(&reg, H2M_MAILBOX_CSR_CMD_TOKEN, token);
152 		rt2x00_set_field32(&reg, H2M_MAILBOX_CSR_ARG0, arg0);
153 		rt2x00_set_field32(&reg, H2M_MAILBOX_CSR_ARG1, arg1);
154 		rt2x00mmio_register_write(rt2x00dev, H2M_MAILBOX_CSR, reg);
155 
156 		reg = rt2x00mmio_register_read(rt2x00dev, HOST_CMD_CSR);
157 		rt2x00_set_field32(&reg, HOST_CMD_CSR_HOST_COMMAND, command);
158 		rt2x00_set_field32(&reg, HOST_CMD_CSR_INTERRUPT_MCU, 1);
159 		rt2x00mmio_register_write(rt2x00dev, HOST_CMD_CSR, reg);
160 	}
161 
162 	mutex_unlock(&rt2x00dev->csr_mutex);
163 
164 }
165 
166 static void rt61pci_eepromregister_read(struct eeprom_93cx6 *eeprom)
167 {
168 	struct rt2x00_dev *rt2x00dev = eeprom->data;
169 	u32 reg;
170 
171 	reg = rt2x00mmio_register_read(rt2x00dev, E2PROM_CSR);
172 
173 	eeprom->reg_data_in = !!rt2x00_get_field32(reg, E2PROM_CSR_DATA_IN);
174 	eeprom->reg_data_out = !!rt2x00_get_field32(reg, E2PROM_CSR_DATA_OUT);
175 	eeprom->reg_data_clock =
176 	    !!rt2x00_get_field32(reg, E2PROM_CSR_DATA_CLOCK);
177 	eeprom->reg_chip_select =
178 	    !!rt2x00_get_field32(reg, E2PROM_CSR_CHIP_SELECT);
179 }
180 
181 static void rt61pci_eepromregister_write(struct eeprom_93cx6 *eeprom)
182 {
183 	struct rt2x00_dev *rt2x00dev = eeprom->data;
184 	u32 reg = 0;
185 
186 	rt2x00_set_field32(&reg, E2PROM_CSR_DATA_IN, !!eeprom->reg_data_in);
187 	rt2x00_set_field32(&reg, E2PROM_CSR_DATA_OUT, !!eeprom->reg_data_out);
188 	rt2x00_set_field32(&reg, E2PROM_CSR_DATA_CLOCK,
189 			   !!eeprom->reg_data_clock);
190 	rt2x00_set_field32(&reg, E2PROM_CSR_CHIP_SELECT,
191 			   !!eeprom->reg_chip_select);
192 
193 	rt2x00mmio_register_write(rt2x00dev, E2PROM_CSR, reg);
194 }
195 
196 #ifdef CONFIG_RT2X00_LIB_DEBUGFS
197 static const struct rt2x00debug rt61pci_rt2x00debug = {
198 	.owner	= THIS_MODULE,
199 	.csr	= {
200 		.read		= rt2x00mmio_register_read,
201 		.write		= rt2x00mmio_register_write,
202 		.flags		= RT2X00DEBUGFS_OFFSET,
203 		.word_base	= CSR_REG_BASE,
204 		.word_size	= sizeof(u32),
205 		.word_count	= CSR_REG_SIZE / sizeof(u32),
206 	},
207 	.eeprom	= {
208 		.read		= rt2x00_eeprom_read,
209 		.write		= rt2x00_eeprom_write,
210 		.word_base	= EEPROM_BASE,
211 		.word_size	= sizeof(u16),
212 		.word_count	= EEPROM_SIZE / sizeof(u16),
213 	},
214 	.bbp	= {
215 		.read		= rt61pci_bbp_read,
216 		.write		= rt61pci_bbp_write,
217 		.word_base	= BBP_BASE,
218 		.word_size	= sizeof(u8),
219 		.word_count	= BBP_SIZE / sizeof(u8),
220 	},
221 	.rf	= {
222 		.read		= rt2x00_rf_read,
223 		.write		= rt61pci_rf_write,
224 		.word_base	= RF_BASE,
225 		.word_size	= sizeof(u32),
226 		.word_count	= RF_SIZE / sizeof(u32),
227 	},
228 };
229 #endif /* CONFIG_RT2X00_LIB_DEBUGFS */
230 
231 static int rt61pci_rfkill_poll(struct rt2x00_dev *rt2x00dev)
232 {
233 	u32 reg;
234 
235 	reg = rt2x00mmio_register_read(rt2x00dev, MAC_CSR13);
236 	return rt2x00_get_field32(reg, MAC_CSR13_VAL5);
237 }
238 
239 #ifdef CONFIG_RT2X00_LIB_LEDS
240 static void rt61pci_brightness_set(struct led_classdev *led_cdev,
241 				   enum led_brightness brightness)
242 {
243 	struct rt2x00_led *led =
244 	    container_of(led_cdev, struct rt2x00_led, led_dev);
245 	unsigned int enabled = brightness != LED_OFF;
246 	unsigned int a_mode =
247 	    (enabled && led->rt2x00dev->curr_band == NL80211_BAND_5GHZ);
248 	unsigned int bg_mode =
249 	    (enabled && led->rt2x00dev->curr_band == NL80211_BAND_2GHZ);
250 
251 	if (led->type == LED_TYPE_RADIO) {
252 		rt2x00_set_field16(&led->rt2x00dev->led_mcu_reg,
253 				   MCU_LEDCS_RADIO_STATUS, enabled);
254 
255 		rt61pci_mcu_request(led->rt2x00dev, MCU_LED, 0xff,
256 				    (led->rt2x00dev->led_mcu_reg & 0xff),
257 				    ((led->rt2x00dev->led_mcu_reg >> 8)));
258 	} else if (led->type == LED_TYPE_ASSOC) {
259 		rt2x00_set_field16(&led->rt2x00dev->led_mcu_reg,
260 				   MCU_LEDCS_LINK_BG_STATUS, bg_mode);
261 		rt2x00_set_field16(&led->rt2x00dev->led_mcu_reg,
262 				   MCU_LEDCS_LINK_A_STATUS, a_mode);
263 
264 		rt61pci_mcu_request(led->rt2x00dev, MCU_LED, 0xff,
265 				    (led->rt2x00dev->led_mcu_reg & 0xff),
266 				    ((led->rt2x00dev->led_mcu_reg >> 8)));
267 	} else if (led->type == LED_TYPE_QUALITY) {
268 		/*
269 		 * The brightness is divided into 6 levels (0 - 5),
270 		 * this means we need to convert the brightness
271 		 * argument into the matching level within that range.
272 		 */
273 		rt61pci_mcu_request(led->rt2x00dev, MCU_LED_STRENGTH, 0xff,
274 				    brightness / (LED_FULL / 6), 0);
275 	}
276 }
277 
278 static int rt61pci_blink_set(struct led_classdev *led_cdev,
279 			     unsigned long *delay_on,
280 			     unsigned long *delay_off)
281 {
282 	struct rt2x00_led *led =
283 	    container_of(led_cdev, struct rt2x00_led, led_dev);
284 	u32 reg;
285 
286 	reg = rt2x00mmio_register_read(led->rt2x00dev, MAC_CSR14);
287 	rt2x00_set_field32(&reg, MAC_CSR14_ON_PERIOD, *delay_on);
288 	rt2x00_set_field32(&reg, MAC_CSR14_OFF_PERIOD, *delay_off);
289 	rt2x00mmio_register_write(led->rt2x00dev, MAC_CSR14, reg);
290 
291 	return 0;
292 }
293 
294 static void rt61pci_init_led(struct rt2x00_dev *rt2x00dev,
295 			     struct rt2x00_led *led,
296 			     enum led_type type)
297 {
298 	led->rt2x00dev = rt2x00dev;
299 	led->type = type;
300 	led->led_dev.brightness_set = rt61pci_brightness_set;
301 	led->led_dev.blink_set = rt61pci_blink_set;
302 	led->flags = LED_INITIALIZED;
303 }
304 #endif /* CONFIG_RT2X00_LIB_LEDS */
305 
306 /*
307  * Configuration handlers.
308  */
309 static int rt61pci_config_shared_key(struct rt2x00_dev *rt2x00dev,
310 				     struct rt2x00lib_crypto *crypto,
311 				     struct ieee80211_key_conf *key)
312 {
313 	/*
314 	 * Let the software handle the shared keys,
315 	 * since the hardware decryption does not work reliably,
316 	 * because the firmware does not know the key's keyidx.
317 	 */
318 	return -EOPNOTSUPP;
319 }
320 
321 static int rt61pci_config_pairwise_key(struct rt2x00_dev *rt2x00dev,
322 				       struct rt2x00lib_crypto *crypto,
323 				       struct ieee80211_key_conf *key)
324 {
325 	struct hw_pairwise_ta_entry addr_entry;
326 	struct hw_key_entry key_entry;
327 	u32 mask;
328 	u32 reg;
329 
330 	if (crypto->cmd == SET_KEY) {
331 		/*
332 		 * rt2x00lib can't determine the correct free
333 		 * key_idx for pairwise keys. We have 2 registers
334 		 * with key valid bits. The goal is simple: read
335 		 * the first register. If that is full, move to
336 		 * the next register.
337 		 * When both registers are full, we drop the key.
338 		 * Otherwise, we use the first invalid entry.
339 		 */
340 		reg = rt2x00mmio_register_read(rt2x00dev, SEC_CSR2);
341 		if (reg && reg == ~0) {
342 			key->hw_key_idx = 32;
343 			reg = rt2x00mmio_register_read(rt2x00dev, SEC_CSR3);
344 			if (reg && reg == ~0)
345 				return -ENOSPC;
346 		}
347 
348 		key->hw_key_idx += reg ? ffz(reg) : 0;
349 
350 		/*
351 		 * Upload key to hardware
352 		 */
353 		memcpy(key_entry.key, crypto->key,
354 		       sizeof(key_entry.key));
355 		memcpy(key_entry.tx_mic, crypto->tx_mic,
356 		       sizeof(key_entry.tx_mic));
357 		memcpy(key_entry.rx_mic, crypto->rx_mic,
358 		       sizeof(key_entry.rx_mic));
359 
360 		memset(&addr_entry, 0, sizeof(addr_entry));
361 		memcpy(&addr_entry, crypto->address, ETH_ALEN);
362 		addr_entry.cipher = crypto->cipher;
363 
364 		reg = PAIRWISE_KEY_ENTRY(key->hw_key_idx);
365 		rt2x00mmio_register_multiwrite(rt2x00dev, reg,
366 					       &key_entry, sizeof(key_entry));
367 
368 		reg = PAIRWISE_TA_ENTRY(key->hw_key_idx);
369 		rt2x00mmio_register_multiwrite(rt2x00dev, reg,
370 					       &addr_entry, sizeof(addr_entry));
371 
372 		/*
373 		 * Enable pairwise lookup table for given BSS idx.
374 		 * Without this, received frames will not be decrypted
375 		 * by the hardware.
376 		 */
377 		reg = rt2x00mmio_register_read(rt2x00dev, SEC_CSR4);
378 		reg |= (1 << crypto->bssidx);
379 		rt2x00mmio_register_write(rt2x00dev, SEC_CSR4, reg);
380 
381 		/*
382 		 * The driver does not support the IV/EIV generation
383 		 * in hardware. However it doesn't support the IV/EIV
384 		 * inside the ieee80211 frame either, but requires it
385 		 * to be provided separately for the descriptor.
386 		 * rt2x00lib will cut the IV/EIV data out of all frames
387 		 * given to us by mac80211, but we must tell mac80211
388 		 * to generate the IV/EIV data.
389 		 */
390 		key->flags |= IEEE80211_KEY_FLAG_GENERATE_IV;
391 	}
392 
393 	/*
394 	 * SEC_CSR2 and SEC_CSR3 contain only single-bit fields to indicate
395 	 * a particular key is valid. Because using the FIELD32()
396 	 * defines directly will cause a lot of overhead, we use
397 	 * a calculation to determine the correct bit directly.
398 	 */
399 	if (key->hw_key_idx < 32) {
400 		mask = 1 << key->hw_key_idx;
401 
402 		reg = rt2x00mmio_register_read(rt2x00dev, SEC_CSR2);
403 		if (crypto->cmd == SET_KEY)
404 			reg |= mask;
405 		else if (crypto->cmd == DISABLE_KEY)
406 			reg &= ~mask;
407 		rt2x00mmio_register_write(rt2x00dev, SEC_CSR2, reg);
408 	} else {
409 		mask = 1 << (key->hw_key_idx - 32);
410 
411 		reg = rt2x00mmio_register_read(rt2x00dev, SEC_CSR3);
412 		if (crypto->cmd == SET_KEY)
413 			reg |= mask;
414 		else if (crypto->cmd == DISABLE_KEY)
415 			reg &= ~mask;
416 		rt2x00mmio_register_write(rt2x00dev, SEC_CSR3, reg);
417 	}
418 
419 	return 0;
420 }
421 
422 static void rt61pci_config_filter(struct rt2x00_dev *rt2x00dev,
423 				  const unsigned int filter_flags)
424 {
425 	u32 reg;
426 
427 	/*
428 	 * Start configuration steps.
429 	 * Note that the version error will always be dropped
430 	 * and broadcast frames will always be accepted since
431 	 * there is no filter for it at this time.
432 	 */
433 	reg = rt2x00mmio_register_read(rt2x00dev, TXRX_CSR0);
434 	rt2x00_set_field32(&reg, TXRX_CSR0_DROP_CRC,
435 			   !(filter_flags & FIF_FCSFAIL));
436 	rt2x00_set_field32(&reg, TXRX_CSR0_DROP_PHYSICAL,
437 			   !(filter_flags & FIF_PLCPFAIL));
438 	rt2x00_set_field32(&reg, TXRX_CSR0_DROP_CONTROL,
439 			   !(filter_flags & (FIF_CONTROL | FIF_PSPOLL)));
440 	rt2x00_set_field32(&reg, TXRX_CSR0_DROP_NOT_TO_ME,
441 			   !test_bit(CONFIG_MONITORING, &rt2x00dev->flags));
442 	rt2x00_set_field32(&reg, TXRX_CSR0_DROP_TO_DS,
443 			   !test_bit(CONFIG_MONITORING, &rt2x00dev->flags) &&
444 			   !rt2x00dev->intf_ap_count);
445 	rt2x00_set_field32(&reg, TXRX_CSR0_DROP_VERSION_ERROR, 1);
446 	rt2x00_set_field32(&reg, TXRX_CSR0_DROP_MULTICAST,
447 			   !(filter_flags & FIF_ALLMULTI));
448 	rt2x00_set_field32(&reg, TXRX_CSR0_DROP_BROADCAST, 0);
449 	rt2x00_set_field32(&reg, TXRX_CSR0_DROP_ACK_CTS,
450 			   !(filter_flags & FIF_CONTROL));
451 	rt2x00mmio_register_write(rt2x00dev, TXRX_CSR0, reg);
452 }
453 
454 static void rt61pci_config_intf(struct rt2x00_dev *rt2x00dev,
455 				struct rt2x00_intf *intf,
456 				struct rt2x00intf_conf *conf,
457 				const unsigned int flags)
458 {
459 	u32 reg;
460 
461 	if (flags & CONFIG_UPDATE_TYPE) {
462 		/*
463 		 * Enable synchronisation.
464 		 */
465 		reg = rt2x00mmio_register_read(rt2x00dev, TXRX_CSR9);
466 		rt2x00_set_field32(&reg, TXRX_CSR9_TSF_SYNC, conf->sync);
467 		rt2x00mmio_register_write(rt2x00dev, TXRX_CSR9, reg);
468 	}
469 
470 	if (flags & CONFIG_UPDATE_MAC) {
471 		reg = le32_to_cpu(conf->mac[1]);
472 		rt2x00_set_field32(&reg, MAC_CSR3_UNICAST_TO_ME_MASK, 0xff);
473 		conf->mac[1] = cpu_to_le32(reg);
474 
475 		rt2x00mmio_register_multiwrite(rt2x00dev, MAC_CSR2,
476 					       conf->mac, sizeof(conf->mac));
477 	}
478 
479 	if (flags & CONFIG_UPDATE_BSSID) {
480 		reg = le32_to_cpu(conf->bssid[1]);
481 		rt2x00_set_field32(&reg, MAC_CSR5_BSS_ID_MASK, 3);
482 		conf->bssid[1] = cpu_to_le32(reg);
483 
484 		rt2x00mmio_register_multiwrite(rt2x00dev, MAC_CSR4,
485 					       conf->bssid,
486 					       sizeof(conf->bssid));
487 	}
488 }
489 
490 static void rt61pci_config_erp(struct rt2x00_dev *rt2x00dev,
491 			       struct rt2x00lib_erp *erp,
492 			       u32 changed)
493 {
494 	u32 reg;
495 
496 	reg = rt2x00mmio_register_read(rt2x00dev, TXRX_CSR0);
497 	rt2x00_set_field32(&reg, TXRX_CSR0_RX_ACK_TIMEOUT, 0x32);
498 	rt2x00_set_field32(&reg, TXRX_CSR0_TSF_OFFSET, IEEE80211_HEADER);
499 	rt2x00mmio_register_write(rt2x00dev, TXRX_CSR0, reg);
500 
501 	if (changed & BSS_CHANGED_ERP_PREAMBLE) {
502 		reg = rt2x00mmio_register_read(rt2x00dev, TXRX_CSR4);
503 		rt2x00_set_field32(&reg, TXRX_CSR4_AUTORESPOND_ENABLE, 1);
504 		rt2x00_set_field32(&reg, TXRX_CSR4_AUTORESPOND_PREAMBLE,
505 				   !!erp->short_preamble);
506 		rt2x00mmio_register_write(rt2x00dev, TXRX_CSR4, reg);
507 	}
508 
509 	if (changed & BSS_CHANGED_BASIC_RATES)
510 		rt2x00mmio_register_write(rt2x00dev, TXRX_CSR5,
511 					  erp->basic_rates);
512 
513 	if (changed & BSS_CHANGED_BEACON_INT) {
514 		reg = rt2x00mmio_register_read(rt2x00dev, TXRX_CSR9);
515 		rt2x00_set_field32(&reg, TXRX_CSR9_BEACON_INTERVAL,
516 				   erp->beacon_int * 16);
517 		rt2x00mmio_register_write(rt2x00dev, TXRX_CSR9, reg);
518 	}
519 
520 	if (changed & BSS_CHANGED_ERP_SLOT) {
521 		reg = rt2x00mmio_register_read(rt2x00dev, MAC_CSR9);
522 		rt2x00_set_field32(&reg, MAC_CSR9_SLOT_TIME, erp->slot_time);
523 		rt2x00mmio_register_write(rt2x00dev, MAC_CSR9, reg);
524 
525 		reg = rt2x00mmio_register_read(rt2x00dev, MAC_CSR8);
526 		rt2x00_set_field32(&reg, MAC_CSR8_SIFS, erp->sifs);
527 		rt2x00_set_field32(&reg, MAC_CSR8_SIFS_AFTER_RX_OFDM, 3);
528 		rt2x00_set_field32(&reg, MAC_CSR8_EIFS, erp->eifs);
529 		rt2x00mmio_register_write(rt2x00dev, MAC_CSR8, reg);
530 	}
531 }
532 
533 static void rt61pci_config_antenna_5x(struct rt2x00_dev *rt2x00dev,
534 				      struct antenna_setup *ant)
535 {
536 	u8 r3;
537 	u8 r4;
538 	u8 r77;
539 
540 	r3 = rt61pci_bbp_read(rt2x00dev, 3);
541 	r4 = rt61pci_bbp_read(rt2x00dev, 4);
542 	r77 = rt61pci_bbp_read(rt2x00dev, 77);
543 
544 	rt2x00_set_field8(&r3, BBP_R3_SMART_MODE, rt2x00_rf(rt2x00dev, RF5325));
545 
546 	/*
547 	 * Configure the RX antenna.
548 	 */
549 	switch (ant->rx) {
550 	case ANTENNA_HW_DIVERSITY:
551 		rt2x00_set_field8(&r4, BBP_R4_RX_ANTENNA_CONTROL, 2);
552 		rt2x00_set_field8(&r4, BBP_R4_RX_FRAME_END,
553 				  (rt2x00dev->curr_band != NL80211_BAND_5GHZ));
554 		break;
555 	case ANTENNA_A:
556 		rt2x00_set_field8(&r4, BBP_R4_RX_ANTENNA_CONTROL, 1);
557 		rt2x00_set_field8(&r4, BBP_R4_RX_FRAME_END, 0);
558 		if (rt2x00dev->curr_band == NL80211_BAND_5GHZ)
559 			rt2x00_set_field8(&r77, BBP_R77_RX_ANTENNA, 0);
560 		else
561 			rt2x00_set_field8(&r77, BBP_R77_RX_ANTENNA, 3);
562 		break;
563 	case ANTENNA_B:
564 	default:
565 		rt2x00_set_field8(&r4, BBP_R4_RX_ANTENNA_CONTROL, 1);
566 		rt2x00_set_field8(&r4, BBP_R4_RX_FRAME_END, 0);
567 		if (rt2x00dev->curr_band == NL80211_BAND_5GHZ)
568 			rt2x00_set_field8(&r77, BBP_R77_RX_ANTENNA, 3);
569 		else
570 			rt2x00_set_field8(&r77, BBP_R77_RX_ANTENNA, 0);
571 		break;
572 	}
573 
574 	rt61pci_bbp_write(rt2x00dev, 77, r77);
575 	rt61pci_bbp_write(rt2x00dev, 3, r3);
576 	rt61pci_bbp_write(rt2x00dev, 4, r4);
577 }
578 
579 static void rt61pci_config_antenna_2x(struct rt2x00_dev *rt2x00dev,
580 				      struct antenna_setup *ant)
581 {
582 	u8 r3;
583 	u8 r4;
584 	u8 r77;
585 
586 	r3 = rt61pci_bbp_read(rt2x00dev, 3);
587 	r4 = rt61pci_bbp_read(rt2x00dev, 4);
588 	r77 = rt61pci_bbp_read(rt2x00dev, 77);
589 
590 	rt2x00_set_field8(&r3, BBP_R3_SMART_MODE, rt2x00_rf(rt2x00dev, RF2529));
591 	rt2x00_set_field8(&r4, BBP_R4_RX_FRAME_END,
592 			  !rt2x00_has_cap_frame_type(rt2x00dev));
593 
594 	/*
595 	 * Configure the RX antenna.
596 	 */
597 	switch (ant->rx) {
598 	case ANTENNA_HW_DIVERSITY:
599 		rt2x00_set_field8(&r4, BBP_R4_RX_ANTENNA_CONTROL, 2);
600 		break;
601 	case ANTENNA_A:
602 		rt2x00_set_field8(&r4, BBP_R4_RX_ANTENNA_CONTROL, 1);
603 		rt2x00_set_field8(&r77, BBP_R77_RX_ANTENNA, 3);
604 		break;
605 	case ANTENNA_B:
606 	default:
607 		rt2x00_set_field8(&r4, BBP_R4_RX_ANTENNA_CONTROL, 1);
608 		rt2x00_set_field8(&r77, BBP_R77_RX_ANTENNA, 0);
609 		break;
610 	}
611 
612 	rt61pci_bbp_write(rt2x00dev, 77, r77);
613 	rt61pci_bbp_write(rt2x00dev, 3, r3);
614 	rt61pci_bbp_write(rt2x00dev, 4, r4);
615 }
616 
617 static void rt61pci_config_antenna_2529_rx(struct rt2x00_dev *rt2x00dev,
618 					   const int p1, const int p2)
619 {
620 	u32 reg;
621 
622 	reg = rt2x00mmio_register_read(rt2x00dev, MAC_CSR13);
623 
624 	rt2x00_set_field32(&reg, MAC_CSR13_DIR4, 0);
625 	rt2x00_set_field32(&reg, MAC_CSR13_VAL4, p1);
626 
627 	rt2x00_set_field32(&reg, MAC_CSR13_DIR3, 0);
628 	rt2x00_set_field32(&reg, MAC_CSR13_VAL3, !p2);
629 
630 	rt2x00mmio_register_write(rt2x00dev, MAC_CSR13, reg);
631 }
632 
633 static void rt61pci_config_antenna_2529(struct rt2x00_dev *rt2x00dev,
634 					struct antenna_setup *ant)
635 {
636 	u8 r3;
637 	u8 r4;
638 	u8 r77;
639 
640 	r3 = rt61pci_bbp_read(rt2x00dev, 3);
641 	r4 = rt61pci_bbp_read(rt2x00dev, 4);
642 	r77 = rt61pci_bbp_read(rt2x00dev, 77);
643 
644 	/*
645 	 * Configure the RX antenna.
646 	 */
647 	switch (ant->rx) {
648 	case ANTENNA_A:
649 		rt2x00_set_field8(&r4, BBP_R4_RX_ANTENNA_CONTROL, 1);
650 		rt2x00_set_field8(&r77, BBP_R77_RX_ANTENNA, 0);
651 		rt61pci_config_antenna_2529_rx(rt2x00dev, 0, 0);
652 		break;
653 	case ANTENNA_HW_DIVERSITY:
654 		/*
655 		 * FIXME: Antenna selection for the rf 2529 is very confusing
656 		 * in the legacy driver. Just default to antenna B until the
657 		 * legacy code can be properly translated into rt2x00 code.
658 		 */
659 	case ANTENNA_B:
660 	default:
661 		rt2x00_set_field8(&r4, BBP_R4_RX_ANTENNA_CONTROL, 1);
662 		rt2x00_set_field8(&r77, BBP_R77_RX_ANTENNA, 3);
663 		rt61pci_config_antenna_2529_rx(rt2x00dev, 1, 1);
664 		break;
665 	}
666 
667 	rt61pci_bbp_write(rt2x00dev, 77, r77);
668 	rt61pci_bbp_write(rt2x00dev, 3, r3);
669 	rt61pci_bbp_write(rt2x00dev, 4, r4);
670 }
671 
672 struct antenna_sel {
673 	u8 word;
674 	/*
675 	 * value[0] -> non-LNA
676 	 * value[1] -> LNA
677 	 */
678 	u8 value[2];
679 };
680 
681 static const struct antenna_sel antenna_sel_a[] = {
682 	{ 96,  { 0x58, 0x78 } },
683 	{ 104, { 0x38, 0x48 } },
684 	{ 75,  { 0xfe, 0x80 } },
685 	{ 86,  { 0xfe, 0x80 } },
686 	{ 88,  { 0xfe, 0x80 } },
687 	{ 35,  { 0x60, 0x60 } },
688 	{ 97,  { 0x58, 0x58 } },
689 	{ 98,  { 0x58, 0x58 } },
690 };
691 
692 static const struct antenna_sel antenna_sel_bg[] = {
693 	{ 96,  { 0x48, 0x68 } },
694 	{ 104, { 0x2c, 0x3c } },
695 	{ 75,  { 0xfe, 0x80 } },
696 	{ 86,  { 0xfe, 0x80 } },
697 	{ 88,  { 0xfe, 0x80 } },
698 	{ 35,  { 0x50, 0x50 } },
699 	{ 97,  { 0x48, 0x48 } },
700 	{ 98,  { 0x48, 0x48 } },
701 };
702 
703 static void rt61pci_config_ant(struct rt2x00_dev *rt2x00dev,
704 			       struct antenna_setup *ant)
705 {
706 	const struct antenna_sel *sel;
707 	unsigned int lna;
708 	unsigned int i;
709 	u32 reg;
710 
711 	/*
712 	 * We should never come here because rt2x00lib is supposed
713 	 * to catch this and send us the correct antenna explicitely.
714 	 */
715 	BUG_ON(ant->rx == ANTENNA_SW_DIVERSITY ||
716 	       ant->tx == ANTENNA_SW_DIVERSITY);
717 
718 	if (rt2x00dev->curr_band == NL80211_BAND_5GHZ) {
719 		sel = antenna_sel_a;
720 		lna = rt2x00_has_cap_external_lna_a(rt2x00dev);
721 	} else {
722 		sel = antenna_sel_bg;
723 		lna = rt2x00_has_cap_external_lna_bg(rt2x00dev);
724 	}
725 
726 	for (i = 0; i < ARRAY_SIZE(antenna_sel_a); i++)
727 		rt61pci_bbp_write(rt2x00dev, sel[i].word, sel[i].value[lna]);
728 
729 	reg = rt2x00mmio_register_read(rt2x00dev, PHY_CSR0);
730 
731 	rt2x00_set_field32(&reg, PHY_CSR0_PA_PE_BG,
732 			   rt2x00dev->curr_band == NL80211_BAND_2GHZ);
733 	rt2x00_set_field32(&reg, PHY_CSR0_PA_PE_A,
734 			   rt2x00dev->curr_band == NL80211_BAND_5GHZ);
735 
736 	rt2x00mmio_register_write(rt2x00dev, PHY_CSR0, reg);
737 
738 	if (rt2x00_rf(rt2x00dev, RF5225) || rt2x00_rf(rt2x00dev, RF5325))
739 		rt61pci_config_antenna_5x(rt2x00dev, ant);
740 	else if (rt2x00_rf(rt2x00dev, RF2527))
741 		rt61pci_config_antenna_2x(rt2x00dev, ant);
742 	else if (rt2x00_rf(rt2x00dev, RF2529)) {
743 		if (rt2x00_has_cap_double_antenna(rt2x00dev))
744 			rt61pci_config_antenna_2x(rt2x00dev, ant);
745 		else
746 			rt61pci_config_antenna_2529(rt2x00dev, ant);
747 	}
748 }
749 
750 static void rt61pci_config_lna_gain(struct rt2x00_dev *rt2x00dev,
751 				    struct rt2x00lib_conf *libconf)
752 {
753 	u16 eeprom;
754 	short lna_gain = 0;
755 
756 	if (libconf->conf->chandef.chan->band == NL80211_BAND_2GHZ) {
757 		if (rt2x00_has_cap_external_lna_bg(rt2x00dev))
758 			lna_gain += 14;
759 
760 		eeprom = rt2x00_eeprom_read(rt2x00dev, EEPROM_RSSI_OFFSET_BG);
761 		lna_gain -= rt2x00_get_field16(eeprom, EEPROM_RSSI_OFFSET_BG_1);
762 	} else {
763 		if (rt2x00_has_cap_external_lna_a(rt2x00dev))
764 			lna_gain += 14;
765 
766 		eeprom = rt2x00_eeprom_read(rt2x00dev, EEPROM_RSSI_OFFSET_A);
767 		lna_gain -= rt2x00_get_field16(eeprom, EEPROM_RSSI_OFFSET_A_1);
768 	}
769 
770 	rt2x00dev->lna_gain = lna_gain;
771 }
772 
773 static void rt61pci_config_channel(struct rt2x00_dev *rt2x00dev,
774 				   struct rf_channel *rf, const int txpower)
775 {
776 	u8 r3;
777 	u8 r94;
778 	u8 smart;
779 
780 	rt2x00_set_field32(&rf->rf3, RF3_TXPOWER, TXPOWER_TO_DEV(txpower));
781 	rt2x00_set_field32(&rf->rf4, RF4_FREQ_OFFSET, rt2x00dev->freq_offset);
782 
783 	smart = !(rt2x00_rf(rt2x00dev, RF5225) || rt2x00_rf(rt2x00dev, RF2527));
784 
785 	r3 = rt61pci_bbp_read(rt2x00dev, 3);
786 	rt2x00_set_field8(&r3, BBP_R3_SMART_MODE, smart);
787 	rt61pci_bbp_write(rt2x00dev, 3, r3);
788 
789 	r94 = 6;
790 	if (txpower > MAX_TXPOWER && txpower <= (MAX_TXPOWER + r94))
791 		r94 += txpower - MAX_TXPOWER;
792 	else if (txpower < MIN_TXPOWER && txpower >= (MIN_TXPOWER - r94))
793 		r94 += txpower;
794 	rt61pci_bbp_write(rt2x00dev, 94, r94);
795 
796 	rt61pci_rf_write(rt2x00dev, 1, rf->rf1);
797 	rt61pci_rf_write(rt2x00dev, 2, rf->rf2);
798 	rt61pci_rf_write(rt2x00dev, 3, rf->rf3 & ~0x00000004);
799 	rt61pci_rf_write(rt2x00dev, 4, rf->rf4);
800 
801 	udelay(200);
802 
803 	rt61pci_rf_write(rt2x00dev, 1, rf->rf1);
804 	rt61pci_rf_write(rt2x00dev, 2, rf->rf2);
805 	rt61pci_rf_write(rt2x00dev, 3, rf->rf3 | 0x00000004);
806 	rt61pci_rf_write(rt2x00dev, 4, rf->rf4);
807 
808 	udelay(200);
809 
810 	rt61pci_rf_write(rt2x00dev, 1, rf->rf1);
811 	rt61pci_rf_write(rt2x00dev, 2, rf->rf2);
812 	rt61pci_rf_write(rt2x00dev, 3, rf->rf3 & ~0x00000004);
813 	rt61pci_rf_write(rt2x00dev, 4, rf->rf4);
814 
815 	msleep(1);
816 }
817 
818 static void rt61pci_config_txpower(struct rt2x00_dev *rt2x00dev,
819 				   const int txpower)
820 {
821 	struct rf_channel rf;
822 
823 	rf.rf1 = rt2x00_rf_read(rt2x00dev, 1);
824 	rf.rf2 = rt2x00_rf_read(rt2x00dev, 2);
825 	rf.rf3 = rt2x00_rf_read(rt2x00dev, 3);
826 	rf.rf4 = rt2x00_rf_read(rt2x00dev, 4);
827 
828 	rt61pci_config_channel(rt2x00dev, &rf, txpower);
829 }
830 
831 static void rt61pci_config_retry_limit(struct rt2x00_dev *rt2x00dev,
832 				    struct rt2x00lib_conf *libconf)
833 {
834 	u32 reg;
835 
836 	reg = rt2x00mmio_register_read(rt2x00dev, TXRX_CSR4);
837 	rt2x00_set_field32(&reg, TXRX_CSR4_OFDM_TX_RATE_DOWN, 1);
838 	rt2x00_set_field32(&reg, TXRX_CSR4_OFDM_TX_RATE_STEP, 0);
839 	rt2x00_set_field32(&reg, TXRX_CSR4_OFDM_TX_FALLBACK_CCK, 0);
840 	rt2x00_set_field32(&reg, TXRX_CSR4_LONG_RETRY_LIMIT,
841 			   libconf->conf->long_frame_max_tx_count);
842 	rt2x00_set_field32(&reg, TXRX_CSR4_SHORT_RETRY_LIMIT,
843 			   libconf->conf->short_frame_max_tx_count);
844 	rt2x00mmio_register_write(rt2x00dev, TXRX_CSR4, reg);
845 }
846 
847 static void rt61pci_config_ps(struct rt2x00_dev *rt2x00dev,
848 				struct rt2x00lib_conf *libconf)
849 {
850 	enum dev_state state =
851 	    (libconf->conf->flags & IEEE80211_CONF_PS) ?
852 		STATE_SLEEP : STATE_AWAKE;
853 	u32 reg;
854 
855 	if (state == STATE_SLEEP) {
856 		reg = rt2x00mmio_register_read(rt2x00dev, MAC_CSR11);
857 		rt2x00_set_field32(&reg, MAC_CSR11_DELAY_AFTER_TBCN,
858 				   rt2x00dev->beacon_int - 10);
859 		rt2x00_set_field32(&reg, MAC_CSR11_TBCN_BEFORE_WAKEUP,
860 				   libconf->conf->listen_interval - 1);
861 		rt2x00_set_field32(&reg, MAC_CSR11_WAKEUP_LATENCY, 5);
862 
863 		/* We must first disable autowake before it can be enabled */
864 		rt2x00_set_field32(&reg, MAC_CSR11_AUTOWAKE, 0);
865 		rt2x00mmio_register_write(rt2x00dev, MAC_CSR11, reg);
866 
867 		rt2x00_set_field32(&reg, MAC_CSR11_AUTOWAKE, 1);
868 		rt2x00mmio_register_write(rt2x00dev, MAC_CSR11, reg);
869 
870 		rt2x00mmio_register_write(rt2x00dev, SOFT_RESET_CSR,
871 					  0x00000005);
872 		rt2x00mmio_register_write(rt2x00dev, IO_CNTL_CSR, 0x0000001c);
873 		rt2x00mmio_register_write(rt2x00dev, PCI_USEC_CSR, 0x00000060);
874 
875 		rt61pci_mcu_request(rt2x00dev, MCU_SLEEP, 0xff, 0, 0);
876 	} else {
877 		reg = rt2x00mmio_register_read(rt2x00dev, MAC_CSR11);
878 		rt2x00_set_field32(&reg, MAC_CSR11_DELAY_AFTER_TBCN, 0);
879 		rt2x00_set_field32(&reg, MAC_CSR11_TBCN_BEFORE_WAKEUP, 0);
880 		rt2x00_set_field32(&reg, MAC_CSR11_AUTOWAKE, 0);
881 		rt2x00_set_field32(&reg, MAC_CSR11_WAKEUP_LATENCY, 0);
882 		rt2x00mmio_register_write(rt2x00dev, MAC_CSR11, reg);
883 
884 		rt2x00mmio_register_write(rt2x00dev, SOFT_RESET_CSR,
885 					  0x00000007);
886 		rt2x00mmio_register_write(rt2x00dev, IO_CNTL_CSR, 0x00000018);
887 		rt2x00mmio_register_write(rt2x00dev, PCI_USEC_CSR, 0x00000020);
888 
889 		rt61pci_mcu_request(rt2x00dev, MCU_WAKEUP, 0xff, 0, 0);
890 	}
891 }
892 
893 static void rt61pci_config(struct rt2x00_dev *rt2x00dev,
894 			   struct rt2x00lib_conf *libconf,
895 			   const unsigned int flags)
896 {
897 	/* Always recalculate LNA gain before changing configuration */
898 	rt61pci_config_lna_gain(rt2x00dev, libconf);
899 
900 	if (flags & IEEE80211_CONF_CHANGE_CHANNEL)
901 		rt61pci_config_channel(rt2x00dev, &libconf->rf,
902 				       libconf->conf->power_level);
903 	if ((flags & IEEE80211_CONF_CHANGE_POWER) &&
904 	    !(flags & IEEE80211_CONF_CHANGE_CHANNEL))
905 		rt61pci_config_txpower(rt2x00dev, libconf->conf->power_level);
906 	if (flags & IEEE80211_CONF_CHANGE_RETRY_LIMITS)
907 		rt61pci_config_retry_limit(rt2x00dev, libconf);
908 	if (flags & IEEE80211_CONF_CHANGE_PS)
909 		rt61pci_config_ps(rt2x00dev, libconf);
910 }
911 
912 /*
913  * Link tuning
914  */
915 static void rt61pci_link_stats(struct rt2x00_dev *rt2x00dev,
916 			       struct link_qual *qual)
917 {
918 	u32 reg;
919 
920 	/*
921 	 * Update FCS error count from register.
922 	 */
923 	reg = rt2x00mmio_register_read(rt2x00dev, STA_CSR0);
924 	qual->rx_failed = rt2x00_get_field32(reg, STA_CSR0_FCS_ERROR);
925 
926 	/*
927 	 * Update False CCA count from register.
928 	 */
929 	reg = rt2x00mmio_register_read(rt2x00dev, STA_CSR1);
930 	qual->false_cca = rt2x00_get_field32(reg, STA_CSR1_FALSE_CCA_ERROR);
931 }
932 
933 static inline void rt61pci_set_vgc(struct rt2x00_dev *rt2x00dev,
934 				   struct link_qual *qual, u8 vgc_level)
935 {
936 	if (qual->vgc_level != vgc_level) {
937 		rt61pci_bbp_write(rt2x00dev, 17, vgc_level);
938 		qual->vgc_level = vgc_level;
939 		qual->vgc_level_reg = vgc_level;
940 	}
941 }
942 
943 static void rt61pci_reset_tuner(struct rt2x00_dev *rt2x00dev,
944 				struct link_qual *qual)
945 {
946 	rt61pci_set_vgc(rt2x00dev, qual, 0x20);
947 }
948 
949 static void rt61pci_link_tuner(struct rt2x00_dev *rt2x00dev,
950 			       struct link_qual *qual, const u32 count)
951 {
952 	u8 up_bound;
953 	u8 low_bound;
954 
955 	/*
956 	 * Determine r17 bounds.
957 	 */
958 	if (rt2x00dev->curr_band == NL80211_BAND_5GHZ) {
959 		low_bound = 0x28;
960 		up_bound = 0x48;
961 		if (rt2x00_has_cap_external_lna_a(rt2x00dev)) {
962 			low_bound += 0x10;
963 			up_bound += 0x10;
964 		}
965 	} else {
966 		low_bound = 0x20;
967 		up_bound = 0x40;
968 		if (rt2x00_has_cap_external_lna_bg(rt2x00dev)) {
969 			low_bound += 0x10;
970 			up_bound += 0x10;
971 		}
972 	}
973 
974 	/*
975 	 * If we are not associated, we should go straight to the
976 	 * dynamic CCA tuning.
977 	 */
978 	if (!rt2x00dev->intf_associated)
979 		goto dynamic_cca_tune;
980 
981 	/*
982 	 * Special big-R17 for very short distance
983 	 */
984 	if (qual->rssi >= -35) {
985 		rt61pci_set_vgc(rt2x00dev, qual, 0x60);
986 		return;
987 	}
988 
989 	/*
990 	 * Special big-R17 for short distance
991 	 */
992 	if (qual->rssi >= -58) {
993 		rt61pci_set_vgc(rt2x00dev, qual, up_bound);
994 		return;
995 	}
996 
997 	/*
998 	 * Special big-R17 for middle-short distance
999 	 */
1000 	if (qual->rssi >= -66) {
1001 		rt61pci_set_vgc(rt2x00dev, qual, low_bound + 0x10);
1002 		return;
1003 	}
1004 
1005 	/*
1006 	 * Special mid-R17 for middle distance
1007 	 */
1008 	if (qual->rssi >= -74) {
1009 		rt61pci_set_vgc(rt2x00dev, qual, low_bound + 0x08);
1010 		return;
1011 	}
1012 
1013 	/*
1014 	 * Special case: Change up_bound based on the rssi.
1015 	 * Lower up_bound when rssi is weaker then -74 dBm.
1016 	 */
1017 	up_bound -= 2 * (-74 - qual->rssi);
1018 	if (low_bound > up_bound)
1019 		up_bound = low_bound;
1020 
1021 	if (qual->vgc_level > up_bound) {
1022 		rt61pci_set_vgc(rt2x00dev, qual, up_bound);
1023 		return;
1024 	}
1025 
1026 dynamic_cca_tune:
1027 
1028 	/*
1029 	 * r17 does not yet exceed upper limit, continue and base
1030 	 * the r17 tuning on the false CCA count.
1031 	 */
1032 	if ((qual->false_cca > 512) && (qual->vgc_level < up_bound))
1033 		rt61pci_set_vgc(rt2x00dev, qual, ++qual->vgc_level);
1034 	else if ((qual->false_cca < 100) && (qual->vgc_level > low_bound))
1035 		rt61pci_set_vgc(rt2x00dev, qual, --qual->vgc_level);
1036 }
1037 
1038 /*
1039  * Queue handlers.
1040  */
1041 static void rt61pci_start_queue(struct data_queue *queue)
1042 {
1043 	struct rt2x00_dev *rt2x00dev = queue->rt2x00dev;
1044 	u32 reg;
1045 
1046 	switch (queue->qid) {
1047 	case QID_RX:
1048 		reg = rt2x00mmio_register_read(rt2x00dev, TXRX_CSR0);
1049 		rt2x00_set_field32(&reg, TXRX_CSR0_DISABLE_RX, 0);
1050 		rt2x00mmio_register_write(rt2x00dev, TXRX_CSR0, reg);
1051 		break;
1052 	case QID_BEACON:
1053 		reg = rt2x00mmio_register_read(rt2x00dev, TXRX_CSR9);
1054 		rt2x00_set_field32(&reg, TXRX_CSR9_TSF_TICKING, 1);
1055 		rt2x00_set_field32(&reg, TXRX_CSR9_TBTT_ENABLE, 1);
1056 		rt2x00_set_field32(&reg, TXRX_CSR9_BEACON_GEN, 1);
1057 		rt2x00mmio_register_write(rt2x00dev, TXRX_CSR9, reg);
1058 		break;
1059 	default:
1060 		break;
1061 	}
1062 }
1063 
1064 static void rt61pci_kick_queue(struct data_queue *queue)
1065 {
1066 	struct rt2x00_dev *rt2x00dev = queue->rt2x00dev;
1067 	u32 reg;
1068 
1069 	switch (queue->qid) {
1070 	case QID_AC_VO:
1071 		reg = rt2x00mmio_register_read(rt2x00dev, TX_CNTL_CSR);
1072 		rt2x00_set_field32(&reg, TX_CNTL_CSR_KICK_TX_AC0, 1);
1073 		rt2x00mmio_register_write(rt2x00dev, TX_CNTL_CSR, reg);
1074 		break;
1075 	case QID_AC_VI:
1076 		reg = rt2x00mmio_register_read(rt2x00dev, TX_CNTL_CSR);
1077 		rt2x00_set_field32(&reg, TX_CNTL_CSR_KICK_TX_AC1, 1);
1078 		rt2x00mmio_register_write(rt2x00dev, TX_CNTL_CSR, reg);
1079 		break;
1080 	case QID_AC_BE:
1081 		reg = rt2x00mmio_register_read(rt2x00dev, TX_CNTL_CSR);
1082 		rt2x00_set_field32(&reg, TX_CNTL_CSR_KICK_TX_AC2, 1);
1083 		rt2x00mmio_register_write(rt2x00dev, TX_CNTL_CSR, reg);
1084 		break;
1085 	case QID_AC_BK:
1086 		reg = rt2x00mmio_register_read(rt2x00dev, TX_CNTL_CSR);
1087 		rt2x00_set_field32(&reg, TX_CNTL_CSR_KICK_TX_AC3, 1);
1088 		rt2x00mmio_register_write(rt2x00dev, TX_CNTL_CSR, reg);
1089 		break;
1090 	default:
1091 		break;
1092 	}
1093 }
1094 
1095 static void rt61pci_stop_queue(struct data_queue *queue)
1096 {
1097 	struct rt2x00_dev *rt2x00dev = queue->rt2x00dev;
1098 	u32 reg;
1099 
1100 	switch (queue->qid) {
1101 	case QID_AC_VO:
1102 		reg = rt2x00mmio_register_read(rt2x00dev, TX_CNTL_CSR);
1103 		rt2x00_set_field32(&reg, TX_CNTL_CSR_ABORT_TX_AC0, 1);
1104 		rt2x00mmio_register_write(rt2x00dev, TX_CNTL_CSR, reg);
1105 		break;
1106 	case QID_AC_VI:
1107 		reg = rt2x00mmio_register_read(rt2x00dev, TX_CNTL_CSR);
1108 		rt2x00_set_field32(&reg, TX_CNTL_CSR_ABORT_TX_AC1, 1);
1109 		rt2x00mmio_register_write(rt2x00dev, TX_CNTL_CSR, reg);
1110 		break;
1111 	case QID_AC_BE:
1112 		reg = rt2x00mmio_register_read(rt2x00dev, TX_CNTL_CSR);
1113 		rt2x00_set_field32(&reg, TX_CNTL_CSR_ABORT_TX_AC2, 1);
1114 		rt2x00mmio_register_write(rt2x00dev, TX_CNTL_CSR, reg);
1115 		break;
1116 	case QID_AC_BK:
1117 		reg = rt2x00mmio_register_read(rt2x00dev, TX_CNTL_CSR);
1118 		rt2x00_set_field32(&reg, TX_CNTL_CSR_ABORT_TX_AC3, 1);
1119 		rt2x00mmio_register_write(rt2x00dev, TX_CNTL_CSR, reg);
1120 		break;
1121 	case QID_RX:
1122 		reg = rt2x00mmio_register_read(rt2x00dev, TXRX_CSR0);
1123 		rt2x00_set_field32(&reg, TXRX_CSR0_DISABLE_RX, 1);
1124 		rt2x00mmio_register_write(rt2x00dev, TXRX_CSR0, reg);
1125 		break;
1126 	case QID_BEACON:
1127 		reg = rt2x00mmio_register_read(rt2x00dev, TXRX_CSR9);
1128 		rt2x00_set_field32(&reg, TXRX_CSR9_TSF_TICKING, 0);
1129 		rt2x00_set_field32(&reg, TXRX_CSR9_TBTT_ENABLE, 0);
1130 		rt2x00_set_field32(&reg, TXRX_CSR9_BEACON_GEN, 0);
1131 		rt2x00mmio_register_write(rt2x00dev, TXRX_CSR9, reg);
1132 
1133 		/*
1134 		 * Wait for possibly running tbtt tasklets.
1135 		 */
1136 		tasklet_kill(&rt2x00dev->tbtt_tasklet);
1137 		break;
1138 	default:
1139 		break;
1140 	}
1141 }
1142 
1143 /*
1144  * Firmware functions
1145  */
1146 static char *rt61pci_get_firmware_name(struct rt2x00_dev *rt2x00dev)
1147 {
1148 	u16 chip;
1149 	char *fw_name;
1150 
1151 	pci_read_config_word(to_pci_dev(rt2x00dev->dev), PCI_DEVICE_ID, &chip);
1152 	switch (chip) {
1153 	case RT2561_PCI_ID:
1154 		fw_name = FIRMWARE_RT2561;
1155 		break;
1156 	case RT2561s_PCI_ID:
1157 		fw_name = FIRMWARE_RT2561s;
1158 		break;
1159 	case RT2661_PCI_ID:
1160 		fw_name = FIRMWARE_RT2661;
1161 		break;
1162 	default:
1163 		fw_name = NULL;
1164 		break;
1165 	}
1166 
1167 	return fw_name;
1168 }
1169 
1170 static int rt61pci_check_firmware(struct rt2x00_dev *rt2x00dev,
1171 				  const u8 *data, const size_t len)
1172 {
1173 	u16 fw_crc;
1174 	u16 crc;
1175 
1176 	/*
1177 	 * Only support 8kb firmware files.
1178 	 */
1179 	if (len != 8192)
1180 		return FW_BAD_LENGTH;
1181 
1182 	/*
1183 	 * The last 2 bytes in the firmware array are the crc checksum itself.
1184 	 * This means that we should never pass those 2 bytes to the crc
1185 	 * algorithm.
1186 	 */
1187 	fw_crc = (data[len - 2] << 8 | data[len - 1]);
1188 
1189 	/*
1190 	 * Use the crc itu-t algorithm.
1191 	 */
1192 	crc = crc_itu_t(0, data, len - 2);
1193 	crc = crc_itu_t_byte(crc, 0);
1194 	crc = crc_itu_t_byte(crc, 0);
1195 
1196 	return (fw_crc == crc) ? FW_OK : FW_BAD_CRC;
1197 }
1198 
1199 static int rt61pci_load_firmware(struct rt2x00_dev *rt2x00dev,
1200 				 const u8 *data, const size_t len)
1201 {
1202 	int i;
1203 	u32 reg;
1204 
1205 	/*
1206 	 * Wait for stable hardware.
1207 	 */
1208 	for (i = 0; i < 100; i++) {
1209 		reg = rt2x00mmio_register_read(rt2x00dev, MAC_CSR0);
1210 		if (reg)
1211 			break;
1212 		msleep(1);
1213 	}
1214 
1215 	if (!reg) {
1216 		rt2x00_err(rt2x00dev, "Unstable hardware\n");
1217 		return -EBUSY;
1218 	}
1219 
1220 	/*
1221 	 * Prepare MCU and mailbox for firmware loading.
1222 	 */
1223 	reg = 0;
1224 	rt2x00_set_field32(&reg, MCU_CNTL_CSR_RESET, 1);
1225 	rt2x00mmio_register_write(rt2x00dev, MCU_CNTL_CSR, reg);
1226 	rt2x00mmio_register_write(rt2x00dev, M2H_CMD_DONE_CSR, 0xffffffff);
1227 	rt2x00mmio_register_write(rt2x00dev, H2M_MAILBOX_CSR, 0);
1228 	rt2x00mmio_register_write(rt2x00dev, HOST_CMD_CSR, 0);
1229 
1230 	/*
1231 	 * Write firmware to device.
1232 	 */
1233 	reg = 0;
1234 	rt2x00_set_field32(&reg, MCU_CNTL_CSR_RESET, 1);
1235 	rt2x00_set_field32(&reg, MCU_CNTL_CSR_SELECT_BANK, 1);
1236 	rt2x00mmio_register_write(rt2x00dev, MCU_CNTL_CSR, reg);
1237 
1238 	rt2x00mmio_register_multiwrite(rt2x00dev, FIRMWARE_IMAGE_BASE,
1239 				       data, len);
1240 
1241 	rt2x00_set_field32(&reg, MCU_CNTL_CSR_SELECT_BANK, 0);
1242 	rt2x00mmio_register_write(rt2x00dev, MCU_CNTL_CSR, reg);
1243 
1244 	rt2x00_set_field32(&reg, MCU_CNTL_CSR_RESET, 0);
1245 	rt2x00mmio_register_write(rt2x00dev, MCU_CNTL_CSR, reg);
1246 
1247 	for (i = 0; i < 100; i++) {
1248 		reg = rt2x00mmio_register_read(rt2x00dev, MCU_CNTL_CSR);
1249 		if (rt2x00_get_field32(reg, MCU_CNTL_CSR_READY))
1250 			break;
1251 		msleep(1);
1252 	}
1253 
1254 	if (i == 100) {
1255 		rt2x00_err(rt2x00dev, "MCU Control register not ready\n");
1256 		return -EBUSY;
1257 	}
1258 
1259 	/*
1260 	 * Hardware needs another millisecond before it is ready.
1261 	 */
1262 	msleep(1);
1263 
1264 	/*
1265 	 * Reset MAC and BBP registers.
1266 	 */
1267 	reg = 0;
1268 	rt2x00_set_field32(&reg, MAC_CSR1_SOFT_RESET, 1);
1269 	rt2x00_set_field32(&reg, MAC_CSR1_BBP_RESET, 1);
1270 	rt2x00mmio_register_write(rt2x00dev, MAC_CSR1, reg);
1271 
1272 	reg = rt2x00mmio_register_read(rt2x00dev, MAC_CSR1);
1273 	rt2x00_set_field32(&reg, MAC_CSR1_SOFT_RESET, 0);
1274 	rt2x00_set_field32(&reg, MAC_CSR1_BBP_RESET, 0);
1275 	rt2x00mmio_register_write(rt2x00dev, MAC_CSR1, reg);
1276 
1277 	reg = rt2x00mmio_register_read(rt2x00dev, MAC_CSR1);
1278 	rt2x00_set_field32(&reg, MAC_CSR1_HOST_READY, 1);
1279 	rt2x00mmio_register_write(rt2x00dev, MAC_CSR1, reg);
1280 
1281 	return 0;
1282 }
1283 
1284 /*
1285  * Initialization functions.
1286  */
1287 static bool rt61pci_get_entry_state(struct queue_entry *entry)
1288 {
1289 	struct queue_entry_priv_mmio *entry_priv = entry->priv_data;
1290 	u32 word;
1291 
1292 	if (entry->queue->qid == QID_RX) {
1293 		word = rt2x00_desc_read(entry_priv->desc, 0);
1294 
1295 		return rt2x00_get_field32(word, RXD_W0_OWNER_NIC);
1296 	} else {
1297 		word = rt2x00_desc_read(entry_priv->desc, 0);
1298 
1299 		return (rt2x00_get_field32(word, TXD_W0_OWNER_NIC) ||
1300 		        rt2x00_get_field32(word, TXD_W0_VALID));
1301 	}
1302 }
1303 
1304 static void rt61pci_clear_entry(struct queue_entry *entry)
1305 {
1306 	struct queue_entry_priv_mmio *entry_priv = entry->priv_data;
1307 	struct skb_frame_desc *skbdesc = get_skb_frame_desc(entry->skb);
1308 	u32 word;
1309 
1310 	if (entry->queue->qid == QID_RX) {
1311 		word = rt2x00_desc_read(entry_priv->desc, 5);
1312 		rt2x00_set_field32(&word, RXD_W5_BUFFER_PHYSICAL_ADDRESS,
1313 				   skbdesc->skb_dma);
1314 		rt2x00_desc_write(entry_priv->desc, 5, word);
1315 
1316 		word = rt2x00_desc_read(entry_priv->desc, 0);
1317 		rt2x00_set_field32(&word, RXD_W0_OWNER_NIC, 1);
1318 		rt2x00_desc_write(entry_priv->desc, 0, word);
1319 	} else {
1320 		word = rt2x00_desc_read(entry_priv->desc, 0);
1321 		rt2x00_set_field32(&word, TXD_W0_VALID, 0);
1322 		rt2x00_set_field32(&word, TXD_W0_OWNER_NIC, 0);
1323 		rt2x00_desc_write(entry_priv->desc, 0, word);
1324 	}
1325 }
1326 
1327 static int rt61pci_init_queues(struct rt2x00_dev *rt2x00dev)
1328 {
1329 	struct queue_entry_priv_mmio *entry_priv;
1330 	u32 reg;
1331 
1332 	/*
1333 	 * Initialize registers.
1334 	 */
1335 	reg = rt2x00mmio_register_read(rt2x00dev, TX_RING_CSR0);
1336 	rt2x00_set_field32(&reg, TX_RING_CSR0_AC0_RING_SIZE,
1337 			   rt2x00dev->tx[0].limit);
1338 	rt2x00_set_field32(&reg, TX_RING_CSR0_AC1_RING_SIZE,
1339 			   rt2x00dev->tx[1].limit);
1340 	rt2x00_set_field32(&reg, TX_RING_CSR0_AC2_RING_SIZE,
1341 			   rt2x00dev->tx[2].limit);
1342 	rt2x00_set_field32(&reg, TX_RING_CSR0_AC3_RING_SIZE,
1343 			   rt2x00dev->tx[3].limit);
1344 	rt2x00mmio_register_write(rt2x00dev, TX_RING_CSR0, reg);
1345 
1346 	reg = rt2x00mmio_register_read(rt2x00dev, TX_RING_CSR1);
1347 	rt2x00_set_field32(&reg, TX_RING_CSR1_TXD_SIZE,
1348 			   rt2x00dev->tx[0].desc_size / 4);
1349 	rt2x00mmio_register_write(rt2x00dev, TX_RING_CSR1, reg);
1350 
1351 	entry_priv = rt2x00dev->tx[0].entries[0].priv_data;
1352 	reg = rt2x00mmio_register_read(rt2x00dev, AC0_BASE_CSR);
1353 	rt2x00_set_field32(&reg, AC0_BASE_CSR_RING_REGISTER,
1354 			   entry_priv->desc_dma);
1355 	rt2x00mmio_register_write(rt2x00dev, AC0_BASE_CSR, reg);
1356 
1357 	entry_priv = rt2x00dev->tx[1].entries[0].priv_data;
1358 	reg = rt2x00mmio_register_read(rt2x00dev, AC1_BASE_CSR);
1359 	rt2x00_set_field32(&reg, AC1_BASE_CSR_RING_REGISTER,
1360 			   entry_priv->desc_dma);
1361 	rt2x00mmio_register_write(rt2x00dev, AC1_BASE_CSR, reg);
1362 
1363 	entry_priv = rt2x00dev->tx[2].entries[0].priv_data;
1364 	reg = rt2x00mmio_register_read(rt2x00dev, AC2_BASE_CSR);
1365 	rt2x00_set_field32(&reg, AC2_BASE_CSR_RING_REGISTER,
1366 			   entry_priv->desc_dma);
1367 	rt2x00mmio_register_write(rt2x00dev, AC2_BASE_CSR, reg);
1368 
1369 	entry_priv = rt2x00dev->tx[3].entries[0].priv_data;
1370 	reg = rt2x00mmio_register_read(rt2x00dev, AC3_BASE_CSR);
1371 	rt2x00_set_field32(&reg, AC3_BASE_CSR_RING_REGISTER,
1372 			   entry_priv->desc_dma);
1373 	rt2x00mmio_register_write(rt2x00dev, AC3_BASE_CSR, reg);
1374 
1375 	reg = rt2x00mmio_register_read(rt2x00dev, RX_RING_CSR);
1376 	rt2x00_set_field32(&reg, RX_RING_CSR_RING_SIZE, rt2x00dev->rx->limit);
1377 	rt2x00_set_field32(&reg, RX_RING_CSR_RXD_SIZE,
1378 			   rt2x00dev->rx->desc_size / 4);
1379 	rt2x00_set_field32(&reg, RX_RING_CSR_RXD_WRITEBACK_SIZE, 4);
1380 	rt2x00mmio_register_write(rt2x00dev, RX_RING_CSR, reg);
1381 
1382 	entry_priv = rt2x00dev->rx->entries[0].priv_data;
1383 	reg = rt2x00mmio_register_read(rt2x00dev, RX_BASE_CSR);
1384 	rt2x00_set_field32(&reg, RX_BASE_CSR_RING_REGISTER,
1385 			   entry_priv->desc_dma);
1386 	rt2x00mmio_register_write(rt2x00dev, RX_BASE_CSR, reg);
1387 
1388 	reg = rt2x00mmio_register_read(rt2x00dev, TX_DMA_DST_CSR);
1389 	rt2x00_set_field32(&reg, TX_DMA_DST_CSR_DEST_AC0, 2);
1390 	rt2x00_set_field32(&reg, TX_DMA_DST_CSR_DEST_AC1, 2);
1391 	rt2x00_set_field32(&reg, TX_DMA_DST_CSR_DEST_AC2, 2);
1392 	rt2x00_set_field32(&reg, TX_DMA_DST_CSR_DEST_AC3, 2);
1393 	rt2x00mmio_register_write(rt2x00dev, TX_DMA_DST_CSR, reg);
1394 
1395 	reg = rt2x00mmio_register_read(rt2x00dev, LOAD_TX_RING_CSR);
1396 	rt2x00_set_field32(&reg, LOAD_TX_RING_CSR_LOAD_TXD_AC0, 1);
1397 	rt2x00_set_field32(&reg, LOAD_TX_RING_CSR_LOAD_TXD_AC1, 1);
1398 	rt2x00_set_field32(&reg, LOAD_TX_RING_CSR_LOAD_TXD_AC2, 1);
1399 	rt2x00_set_field32(&reg, LOAD_TX_RING_CSR_LOAD_TXD_AC3, 1);
1400 	rt2x00mmio_register_write(rt2x00dev, LOAD_TX_RING_CSR, reg);
1401 
1402 	reg = rt2x00mmio_register_read(rt2x00dev, RX_CNTL_CSR);
1403 	rt2x00_set_field32(&reg, RX_CNTL_CSR_LOAD_RXD, 1);
1404 	rt2x00mmio_register_write(rt2x00dev, RX_CNTL_CSR, reg);
1405 
1406 	return 0;
1407 }
1408 
1409 static int rt61pci_init_registers(struct rt2x00_dev *rt2x00dev)
1410 {
1411 	u32 reg;
1412 
1413 	reg = rt2x00mmio_register_read(rt2x00dev, TXRX_CSR0);
1414 	rt2x00_set_field32(&reg, TXRX_CSR0_AUTO_TX_SEQ, 1);
1415 	rt2x00_set_field32(&reg, TXRX_CSR0_DISABLE_RX, 0);
1416 	rt2x00_set_field32(&reg, TXRX_CSR0_TX_WITHOUT_WAITING, 0);
1417 	rt2x00mmio_register_write(rt2x00dev, TXRX_CSR0, reg);
1418 
1419 	reg = rt2x00mmio_register_read(rt2x00dev, TXRX_CSR1);
1420 	rt2x00_set_field32(&reg, TXRX_CSR1_BBP_ID0, 47); /* CCK Signal */
1421 	rt2x00_set_field32(&reg, TXRX_CSR1_BBP_ID0_VALID, 1);
1422 	rt2x00_set_field32(&reg, TXRX_CSR1_BBP_ID1, 30); /* Rssi */
1423 	rt2x00_set_field32(&reg, TXRX_CSR1_BBP_ID1_VALID, 1);
1424 	rt2x00_set_field32(&reg, TXRX_CSR1_BBP_ID2, 42); /* OFDM Rate */
1425 	rt2x00_set_field32(&reg, TXRX_CSR1_BBP_ID2_VALID, 1);
1426 	rt2x00_set_field32(&reg, TXRX_CSR1_BBP_ID3, 30); /* Rssi */
1427 	rt2x00_set_field32(&reg, TXRX_CSR1_BBP_ID3_VALID, 1);
1428 	rt2x00mmio_register_write(rt2x00dev, TXRX_CSR1, reg);
1429 
1430 	/*
1431 	 * CCK TXD BBP registers
1432 	 */
1433 	reg = rt2x00mmio_register_read(rt2x00dev, TXRX_CSR2);
1434 	rt2x00_set_field32(&reg, TXRX_CSR2_BBP_ID0, 13);
1435 	rt2x00_set_field32(&reg, TXRX_CSR2_BBP_ID0_VALID, 1);
1436 	rt2x00_set_field32(&reg, TXRX_CSR2_BBP_ID1, 12);
1437 	rt2x00_set_field32(&reg, TXRX_CSR2_BBP_ID1_VALID, 1);
1438 	rt2x00_set_field32(&reg, TXRX_CSR2_BBP_ID2, 11);
1439 	rt2x00_set_field32(&reg, TXRX_CSR2_BBP_ID2_VALID, 1);
1440 	rt2x00_set_field32(&reg, TXRX_CSR2_BBP_ID3, 10);
1441 	rt2x00_set_field32(&reg, TXRX_CSR2_BBP_ID3_VALID, 1);
1442 	rt2x00mmio_register_write(rt2x00dev, TXRX_CSR2, reg);
1443 
1444 	/*
1445 	 * OFDM TXD BBP registers
1446 	 */
1447 	reg = rt2x00mmio_register_read(rt2x00dev, TXRX_CSR3);
1448 	rt2x00_set_field32(&reg, TXRX_CSR3_BBP_ID0, 7);
1449 	rt2x00_set_field32(&reg, TXRX_CSR3_BBP_ID0_VALID, 1);
1450 	rt2x00_set_field32(&reg, TXRX_CSR3_BBP_ID1, 6);
1451 	rt2x00_set_field32(&reg, TXRX_CSR3_BBP_ID1_VALID, 1);
1452 	rt2x00_set_field32(&reg, TXRX_CSR3_BBP_ID2, 5);
1453 	rt2x00_set_field32(&reg, TXRX_CSR3_BBP_ID2_VALID, 1);
1454 	rt2x00mmio_register_write(rt2x00dev, TXRX_CSR3, reg);
1455 
1456 	reg = rt2x00mmio_register_read(rt2x00dev, TXRX_CSR7);
1457 	rt2x00_set_field32(&reg, TXRX_CSR7_ACK_CTS_6MBS, 59);
1458 	rt2x00_set_field32(&reg, TXRX_CSR7_ACK_CTS_9MBS, 53);
1459 	rt2x00_set_field32(&reg, TXRX_CSR7_ACK_CTS_12MBS, 49);
1460 	rt2x00_set_field32(&reg, TXRX_CSR7_ACK_CTS_18MBS, 46);
1461 	rt2x00mmio_register_write(rt2x00dev, TXRX_CSR7, reg);
1462 
1463 	reg = rt2x00mmio_register_read(rt2x00dev, TXRX_CSR8);
1464 	rt2x00_set_field32(&reg, TXRX_CSR8_ACK_CTS_24MBS, 44);
1465 	rt2x00_set_field32(&reg, TXRX_CSR8_ACK_CTS_36MBS, 42);
1466 	rt2x00_set_field32(&reg, TXRX_CSR8_ACK_CTS_48MBS, 42);
1467 	rt2x00_set_field32(&reg, TXRX_CSR8_ACK_CTS_54MBS, 42);
1468 	rt2x00mmio_register_write(rt2x00dev, TXRX_CSR8, reg);
1469 
1470 	reg = rt2x00mmio_register_read(rt2x00dev, TXRX_CSR9);
1471 	rt2x00_set_field32(&reg, TXRX_CSR9_BEACON_INTERVAL, 0);
1472 	rt2x00_set_field32(&reg, TXRX_CSR9_TSF_TICKING, 0);
1473 	rt2x00_set_field32(&reg, TXRX_CSR9_TSF_SYNC, 0);
1474 	rt2x00_set_field32(&reg, TXRX_CSR9_TBTT_ENABLE, 0);
1475 	rt2x00_set_field32(&reg, TXRX_CSR9_BEACON_GEN, 0);
1476 	rt2x00_set_field32(&reg, TXRX_CSR9_TIMESTAMP_COMPENSATE, 0);
1477 	rt2x00mmio_register_write(rt2x00dev, TXRX_CSR9, reg);
1478 
1479 	rt2x00mmio_register_write(rt2x00dev, TXRX_CSR15, 0x0000000f);
1480 
1481 	rt2x00mmio_register_write(rt2x00dev, MAC_CSR6, 0x00000fff);
1482 
1483 	reg = rt2x00mmio_register_read(rt2x00dev, MAC_CSR9);
1484 	rt2x00_set_field32(&reg, MAC_CSR9_CW_SELECT, 0);
1485 	rt2x00mmio_register_write(rt2x00dev, MAC_CSR9, reg);
1486 
1487 	rt2x00mmio_register_write(rt2x00dev, MAC_CSR10, 0x0000071c);
1488 
1489 	if (rt2x00dev->ops->lib->set_device_state(rt2x00dev, STATE_AWAKE))
1490 		return -EBUSY;
1491 
1492 	rt2x00mmio_register_write(rt2x00dev, MAC_CSR13, 0x0000e000);
1493 
1494 	/*
1495 	 * Invalidate all Shared Keys (SEC_CSR0),
1496 	 * and clear the Shared key Cipher algorithms (SEC_CSR1 & SEC_CSR5)
1497 	 */
1498 	rt2x00mmio_register_write(rt2x00dev, SEC_CSR0, 0x00000000);
1499 	rt2x00mmio_register_write(rt2x00dev, SEC_CSR1, 0x00000000);
1500 	rt2x00mmio_register_write(rt2x00dev, SEC_CSR5, 0x00000000);
1501 
1502 	rt2x00mmio_register_write(rt2x00dev, PHY_CSR1, 0x000023b0);
1503 	rt2x00mmio_register_write(rt2x00dev, PHY_CSR5, 0x060a100c);
1504 	rt2x00mmio_register_write(rt2x00dev, PHY_CSR6, 0x00080606);
1505 	rt2x00mmio_register_write(rt2x00dev, PHY_CSR7, 0x00000a08);
1506 
1507 	rt2x00mmio_register_write(rt2x00dev, PCI_CFG_CSR, 0x28ca4404);
1508 
1509 	rt2x00mmio_register_write(rt2x00dev, TEST_MODE_CSR, 0x00000200);
1510 
1511 	rt2x00mmio_register_write(rt2x00dev, M2H_CMD_DONE_CSR, 0xffffffff);
1512 
1513 	/*
1514 	 * Clear all beacons
1515 	 * For the Beacon base registers we only need to clear
1516 	 * the first byte since that byte contains the VALID and OWNER
1517 	 * bits which (when set to 0) will invalidate the entire beacon.
1518 	 */
1519 	rt2x00mmio_register_write(rt2x00dev, HW_BEACON_BASE0, 0);
1520 	rt2x00mmio_register_write(rt2x00dev, HW_BEACON_BASE1, 0);
1521 	rt2x00mmio_register_write(rt2x00dev, HW_BEACON_BASE2, 0);
1522 	rt2x00mmio_register_write(rt2x00dev, HW_BEACON_BASE3, 0);
1523 
1524 	/*
1525 	 * We must clear the error counters.
1526 	 * These registers are cleared on read,
1527 	 * so we may pass a useless variable to store the value.
1528 	 */
1529 	reg = rt2x00mmio_register_read(rt2x00dev, STA_CSR0);
1530 	reg = rt2x00mmio_register_read(rt2x00dev, STA_CSR1);
1531 	reg = rt2x00mmio_register_read(rt2x00dev, STA_CSR2);
1532 
1533 	/*
1534 	 * Reset MAC and BBP registers.
1535 	 */
1536 	reg = rt2x00mmio_register_read(rt2x00dev, MAC_CSR1);
1537 	rt2x00_set_field32(&reg, MAC_CSR1_SOFT_RESET, 1);
1538 	rt2x00_set_field32(&reg, MAC_CSR1_BBP_RESET, 1);
1539 	rt2x00mmio_register_write(rt2x00dev, MAC_CSR1, reg);
1540 
1541 	reg = rt2x00mmio_register_read(rt2x00dev, MAC_CSR1);
1542 	rt2x00_set_field32(&reg, MAC_CSR1_SOFT_RESET, 0);
1543 	rt2x00_set_field32(&reg, MAC_CSR1_BBP_RESET, 0);
1544 	rt2x00mmio_register_write(rt2x00dev, MAC_CSR1, reg);
1545 
1546 	reg = rt2x00mmio_register_read(rt2x00dev, MAC_CSR1);
1547 	rt2x00_set_field32(&reg, MAC_CSR1_HOST_READY, 1);
1548 	rt2x00mmio_register_write(rt2x00dev, MAC_CSR1, reg);
1549 
1550 	return 0;
1551 }
1552 
1553 static int rt61pci_wait_bbp_ready(struct rt2x00_dev *rt2x00dev)
1554 {
1555 	unsigned int i;
1556 	u8 value;
1557 
1558 	for (i = 0; i < REGISTER_BUSY_COUNT; i++) {
1559 		value = rt61pci_bbp_read(rt2x00dev, 0);
1560 		if ((value != 0xff) && (value != 0x00))
1561 			return 0;
1562 		udelay(REGISTER_BUSY_DELAY);
1563 	}
1564 
1565 	rt2x00_err(rt2x00dev, "BBP register access failed, aborting\n");
1566 	return -EACCES;
1567 }
1568 
1569 static int rt61pci_init_bbp(struct rt2x00_dev *rt2x00dev)
1570 {
1571 	unsigned int i;
1572 	u16 eeprom;
1573 	u8 reg_id;
1574 	u8 value;
1575 
1576 	if (unlikely(rt61pci_wait_bbp_ready(rt2x00dev)))
1577 		return -EACCES;
1578 
1579 	rt61pci_bbp_write(rt2x00dev, 3, 0x00);
1580 	rt61pci_bbp_write(rt2x00dev, 15, 0x30);
1581 	rt61pci_bbp_write(rt2x00dev, 21, 0xc8);
1582 	rt61pci_bbp_write(rt2x00dev, 22, 0x38);
1583 	rt61pci_bbp_write(rt2x00dev, 23, 0x06);
1584 	rt61pci_bbp_write(rt2x00dev, 24, 0xfe);
1585 	rt61pci_bbp_write(rt2x00dev, 25, 0x0a);
1586 	rt61pci_bbp_write(rt2x00dev, 26, 0x0d);
1587 	rt61pci_bbp_write(rt2x00dev, 34, 0x12);
1588 	rt61pci_bbp_write(rt2x00dev, 37, 0x07);
1589 	rt61pci_bbp_write(rt2x00dev, 39, 0xf8);
1590 	rt61pci_bbp_write(rt2x00dev, 41, 0x60);
1591 	rt61pci_bbp_write(rt2x00dev, 53, 0x10);
1592 	rt61pci_bbp_write(rt2x00dev, 54, 0x18);
1593 	rt61pci_bbp_write(rt2x00dev, 60, 0x10);
1594 	rt61pci_bbp_write(rt2x00dev, 61, 0x04);
1595 	rt61pci_bbp_write(rt2x00dev, 62, 0x04);
1596 	rt61pci_bbp_write(rt2x00dev, 75, 0xfe);
1597 	rt61pci_bbp_write(rt2x00dev, 86, 0xfe);
1598 	rt61pci_bbp_write(rt2x00dev, 88, 0xfe);
1599 	rt61pci_bbp_write(rt2x00dev, 90, 0x0f);
1600 	rt61pci_bbp_write(rt2x00dev, 99, 0x00);
1601 	rt61pci_bbp_write(rt2x00dev, 102, 0x16);
1602 	rt61pci_bbp_write(rt2x00dev, 107, 0x04);
1603 
1604 	for (i = 0; i < EEPROM_BBP_SIZE; i++) {
1605 		eeprom = rt2x00_eeprom_read(rt2x00dev, EEPROM_BBP_START + i);
1606 
1607 		if (eeprom != 0xffff && eeprom != 0x0000) {
1608 			reg_id = rt2x00_get_field16(eeprom, EEPROM_BBP_REG_ID);
1609 			value = rt2x00_get_field16(eeprom, EEPROM_BBP_VALUE);
1610 			rt61pci_bbp_write(rt2x00dev, reg_id, value);
1611 		}
1612 	}
1613 
1614 	return 0;
1615 }
1616 
1617 /*
1618  * Device state switch handlers.
1619  */
1620 static void rt61pci_toggle_irq(struct rt2x00_dev *rt2x00dev,
1621 			       enum dev_state state)
1622 {
1623 	int mask = (state == STATE_RADIO_IRQ_OFF);
1624 	u32 reg;
1625 	unsigned long flags;
1626 
1627 	/*
1628 	 * When interrupts are being enabled, the interrupt registers
1629 	 * should clear the register to assure a clean state.
1630 	 */
1631 	if (state == STATE_RADIO_IRQ_ON) {
1632 		reg = rt2x00mmio_register_read(rt2x00dev, INT_SOURCE_CSR);
1633 		rt2x00mmio_register_write(rt2x00dev, INT_SOURCE_CSR, reg);
1634 
1635 		reg = rt2x00mmio_register_read(rt2x00dev, MCU_INT_SOURCE_CSR);
1636 		rt2x00mmio_register_write(rt2x00dev, MCU_INT_SOURCE_CSR, reg);
1637 	}
1638 
1639 	/*
1640 	 * Only toggle the interrupts bits we are going to use.
1641 	 * Non-checked interrupt bits are disabled by default.
1642 	 */
1643 	spin_lock_irqsave(&rt2x00dev->irqmask_lock, flags);
1644 
1645 	reg = rt2x00mmio_register_read(rt2x00dev, INT_MASK_CSR);
1646 	rt2x00_set_field32(&reg, INT_MASK_CSR_TXDONE, mask);
1647 	rt2x00_set_field32(&reg, INT_MASK_CSR_RXDONE, mask);
1648 	rt2x00_set_field32(&reg, INT_MASK_CSR_BEACON_DONE, mask);
1649 	rt2x00_set_field32(&reg, INT_MASK_CSR_ENABLE_MITIGATION, mask);
1650 	rt2x00_set_field32(&reg, INT_MASK_CSR_MITIGATION_PERIOD, 0xff);
1651 	rt2x00mmio_register_write(rt2x00dev, INT_MASK_CSR, reg);
1652 
1653 	reg = rt2x00mmio_register_read(rt2x00dev, MCU_INT_MASK_CSR);
1654 	rt2x00_set_field32(&reg, MCU_INT_MASK_CSR_0, mask);
1655 	rt2x00_set_field32(&reg, MCU_INT_MASK_CSR_1, mask);
1656 	rt2x00_set_field32(&reg, MCU_INT_MASK_CSR_2, mask);
1657 	rt2x00_set_field32(&reg, MCU_INT_MASK_CSR_3, mask);
1658 	rt2x00_set_field32(&reg, MCU_INT_MASK_CSR_4, mask);
1659 	rt2x00_set_field32(&reg, MCU_INT_MASK_CSR_5, mask);
1660 	rt2x00_set_field32(&reg, MCU_INT_MASK_CSR_6, mask);
1661 	rt2x00_set_field32(&reg, MCU_INT_MASK_CSR_7, mask);
1662 	rt2x00_set_field32(&reg, MCU_INT_MASK_CSR_TWAKEUP, mask);
1663 	rt2x00mmio_register_write(rt2x00dev, MCU_INT_MASK_CSR, reg);
1664 
1665 	spin_unlock_irqrestore(&rt2x00dev->irqmask_lock, flags);
1666 
1667 	if (state == STATE_RADIO_IRQ_OFF) {
1668 		/*
1669 		 * Ensure that all tasklets are finished.
1670 		 */
1671 		tasklet_kill(&rt2x00dev->txstatus_tasklet);
1672 		tasklet_kill(&rt2x00dev->rxdone_tasklet);
1673 		tasklet_kill(&rt2x00dev->autowake_tasklet);
1674 		tasklet_kill(&rt2x00dev->tbtt_tasklet);
1675 	}
1676 }
1677 
1678 static int rt61pci_enable_radio(struct rt2x00_dev *rt2x00dev)
1679 {
1680 	u32 reg;
1681 
1682 	/*
1683 	 * Initialize all registers.
1684 	 */
1685 	if (unlikely(rt61pci_init_queues(rt2x00dev) ||
1686 		     rt61pci_init_registers(rt2x00dev) ||
1687 		     rt61pci_init_bbp(rt2x00dev)))
1688 		return -EIO;
1689 
1690 	/*
1691 	 * Enable RX.
1692 	 */
1693 	reg = rt2x00mmio_register_read(rt2x00dev, RX_CNTL_CSR);
1694 	rt2x00_set_field32(&reg, RX_CNTL_CSR_ENABLE_RX_DMA, 1);
1695 	rt2x00mmio_register_write(rt2x00dev, RX_CNTL_CSR, reg);
1696 
1697 	return 0;
1698 }
1699 
1700 static void rt61pci_disable_radio(struct rt2x00_dev *rt2x00dev)
1701 {
1702 	/*
1703 	 * Disable power
1704 	 */
1705 	rt2x00mmio_register_write(rt2x00dev, MAC_CSR10, 0x00001818);
1706 }
1707 
1708 static int rt61pci_set_state(struct rt2x00_dev *rt2x00dev, enum dev_state state)
1709 {
1710 	u32 reg, reg2;
1711 	unsigned int i;
1712 	char put_to_sleep;
1713 
1714 	put_to_sleep = (state != STATE_AWAKE);
1715 
1716 	reg = rt2x00mmio_register_read(rt2x00dev, MAC_CSR12);
1717 	rt2x00_set_field32(&reg, MAC_CSR12_FORCE_WAKEUP, !put_to_sleep);
1718 	rt2x00_set_field32(&reg, MAC_CSR12_PUT_TO_SLEEP, put_to_sleep);
1719 	rt2x00mmio_register_write(rt2x00dev, MAC_CSR12, reg);
1720 
1721 	/*
1722 	 * Device is not guaranteed to be in the requested state yet.
1723 	 * We must wait until the register indicates that the
1724 	 * device has entered the correct state.
1725 	 */
1726 	for (i = 0; i < REGISTER_BUSY_COUNT; i++) {
1727 		reg2 = rt2x00mmio_register_read(rt2x00dev, MAC_CSR12);
1728 		state = rt2x00_get_field32(reg2, MAC_CSR12_BBP_CURRENT_STATE);
1729 		if (state == !put_to_sleep)
1730 			return 0;
1731 		rt2x00mmio_register_write(rt2x00dev, MAC_CSR12, reg);
1732 		msleep(10);
1733 	}
1734 
1735 	return -EBUSY;
1736 }
1737 
1738 static int rt61pci_set_device_state(struct rt2x00_dev *rt2x00dev,
1739 				    enum dev_state state)
1740 {
1741 	int retval = 0;
1742 
1743 	switch (state) {
1744 	case STATE_RADIO_ON:
1745 		retval = rt61pci_enable_radio(rt2x00dev);
1746 		break;
1747 	case STATE_RADIO_OFF:
1748 		rt61pci_disable_radio(rt2x00dev);
1749 		break;
1750 	case STATE_RADIO_IRQ_ON:
1751 	case STATE_RADIO_IRQ_OFF:
1752 		rt61pci_toggle_irq(rt2x00dev, state);
1753 		break;
1754 	case STATE_DEEP_SLEEP:
1755 	case STATE_SLEEP:
1756 	case STATE_STANDBY:
1757 	case STATE_AWAKE:
1758 		retval = rt61pci_set_state(rt2x00dev, state);
1759 		break;
1760 	default:
1761 		retval = -ENOTSUPP;
1762 		break;
1763 	}
1764 
1765 	if (unlikely(retval))
1766 		rt2x00_err(rt2x00dev, "Device failed to enter state %d (%d)\n",
1767 			   state, retval);
1768 
1769 	return retval;
1770 }
1771 
1772 /*
1773  * TX descriptor initialization
1774  */
1775 static void rt61pci_write_tx_desc(struct queue_entry *entry,
1776 				  struct txentry_desc *txdesc)
1777 {
1778 	struct skb_frame_desc *skbdesc = get_skb_frame_desc(entry->skb);
1779 	struct queue_entry_priv_mmio *entry_priv = entry->priv_data;
1780 	__le32 *txd = entry_priv->desc;
1781 	u32 word;
1782 
1783 	/*
1784 	 * Start writing the descriptor words.
1785 	 */
1786 	word = rt2x00_desc_read(txd, 1);
1787 	rt2x00_set_field32(&word, TXD_W1_HOST_Q_ID, entry->queue->qid);
1788 	rt2x00_set_field32(&word, TXD_W1_AIFSN, entry->queue->aifs);
1789 	rt2x00_set_field32(&word, TXD_W1_CWMIN, entry->queue->cw_min);
1790 	rt2x00_set_field32(&word, TXD_W1_CWMAX, entry->queue->cw_max);
1791 	rt2x00_set_field32(&word, TXD_W1_IV_OFFSET, txdesc->iv_offset);
1792 	rt2x00_set_field32(&word, TXD_W1_HW_SEQUENCE,
1793 			   test_bit(ENTRY_TXD_GENERATE_SEQ, &txdesc->flags));
1794 	rt2x00_set_field32(&word, TXD_W1_BUFFER_COUNT, 1);
1795 	rt2x00_desc_write(txd, 1, word);
1796 
1797 	word = rt2x00_desc_read(txd, 2);
1798 	rt2x00_set_field32(&word, TXD_W2_PLCP_SIGNAL, txdesc->u.plcp.signal);
1799 	rt2x00_set_field32(&word, TXD_W2_PLCP_SERVICE, txdesc->u.plcp.service);
1800 	rt2x00_set_field32(&word, TXD_W2_PLCP_LENGTH_LOW,
1801 			   txdesc->u.plcp.length_low);
1802 	rt2x00_set_field32(&word, TXD_W2_PLCP_LENGTH_HIGH,
1803 			   txdesc->u.plcp.length_high);
1804 	rt2x00_desc_write(txd, 2, word);
1805 
1806 	if (test_bit(ENTRY_TXD_ENCRYPT, &txdesc->flags)) {
1807 		_rt2x00_desc_write(txd, 3, skbdesc->iv[0]);
1808 		_rt2x00_desc_write(txd, 4, skbdesc->iv[1]);
1809 	}
1810 
1811 	word = rt2x00_desc_read(txd, 5);
1812 	rt2x00_set_field32(&word, TXD_W5_PID_TYPE, entry->queue->qid);
1813 	rt2x00_set_field32(&word, TXD_W5_PID_SUBTYPE, entry->entry_idx);
1814 	rt2x00_set_field32(&word, TXD_W5_TX_POWER,
1815 			   TXPOWER_TO_DEV(entry->queue->rt2x00dev->tx_power));
1816 	rt2x00_set_field32(&word, TXD_W5_WAITING_DMA_DONE_INT, 1);
1817 	rt2x00_desc_write(txd, 5, word);
1818 
1819 	if (entry->queue->qid != QID_BEACON) {
1820 		word = rt2x00_desc_read(txd, 6);
1821 		rt2x00_set_field32(&word, TXD_W6_BUFFER_PHYSICAL_ADDRESS,
1822 				   skbdesc->skb_dma);
1823 		rt2x00_desc_write(txd, 6, word);
1824 
1825 		word = rt2x00_desc_read(txd, 11);
1826 		rt2x00_set_field32(&word, TXD_W11_BUFFER_LENGTH0,
1827 				   txdesc->length);
1828 		rt2x00_desc_write(txd, 11, word);
1829 	}
1830 
1831 	/*
1832 	 * Writing TXD word 0 must the last to prevent a race condition with
1833 	 * the device, whereby the device may take hold of the TXD before we
1834 	 * finished updating it.
1835 	 */
1836 	word = rt2x00_desc_read(txd, 0);
1837 	rt2x00_set_field32(&word, TXD_W0_OWNER_NIC, 1);
1838 	rt2x00_set_field32(&word, TXD_W0_VALID, 1);
1839 	rt2x00_set_field32(&word, TXD_W0_MORE_FRAG,
1840 			   test_bit(ENTRY_TXD_MORE_FRAG, &txdesc->flags));
1841 	rt2x00_set_field32(&word, TXD_W0_ACK,
1842 			   test_bit(ENTRY_TXD_ACK, &txdesc->flags));
1843 	rt2x00_set_field32(&word, TXD_W0_TIMESTAMP,
1844 			   test_bit(ENTRY_TXD_REQ_TIMESTAMP, &txdesc->flags));
1845 	rt2x00_set_field32(&word, TXD_W0_OFDM,
1846 			   (txdesc->rate_mode == RATE_MODE_OFDM));
1847 	rt2x00_set_field32(&word, TXD_W0_IFS, txdesc->u.plcp.ifs);
1848 	rt2x00_set_field32(&word, TXD_W0_RETRY_MODE,
1849 			   test_bit(ENTRY_TXD_RETRY_MODE, &txdesc->flags));
1850 	rt2x00_set_field32(&word, TXD_W0_TKIP_MIC,
1851 			   test_bit(ENTRY_TXD_ENCRYPT_MMIC, &txdesc->flags));
1852 	rt2x00_set_field32(&word, TXD_W0_KEY_TABLE,
1853 			   test_bit(ENTRY_TXD_ENCRYPT_PAIRWISE, &txdesc->flags));
1854 	rt2x00_set_field32(&word, TXD_W0_KEY_INDEX, txdesc->key_idx);
1855 	rt2x00_set_field32(&word, TXD_W0_DATABYTE_COUNT, txdesc->length);
1856 	rt2x00_set_field32(&word, TXD_W0_BURST,
1857 			   test_bit(ENTRY_TXD_BURST, &txdesc->flags));
1858 	rt2x00_set_field32(&word, TXD_W0_CIPHER_ALG, txdesc->cipher);
1859 	rt2x00_desc_write(txd, 0, word);
1860 
1861 	/*
1862 	 * Register descriptor details in skb frame descriptor.
1863 	 */
1864 	skbdesc->desc = txd;
1865 	skbdesc->desc_len = (entry->queue->qid == QID_BEACON) ? TXINFO_SIZE :
1866 			    TXD_DESC_SIZE;
1867 }
1868 
1869 /*
1870  * TX data initialization
1871  */
1872 static void rt61pci_write_beacon(struct queue_entry *entry,
1873 				 struct txentry_desc *txdesc)
1874 {
1875 	struct rt2x00_dev *rt2x00dev = entry->queue->rt2x00dev;
1876 	struct queue_entry_priv_mmio *entry_priv = entry->priv_data;
1877 	unsigned int beacon_base;
1878 	unsigned int padding_len;
1879 	u32 orig_reg, reg;
1880 
1881 	/*
1882 	 * Disable beaconing while we are reloading the beacon data,
1883 	 * otherwise we might be sending out invalid data.
1884 	 */
1885 	reg = rt2x00mmio_register_read(rt2x00dev, TXRX_CSR9);
1886 	orig_reg = reg;
1887 	rt2x00_set_field32(&reg, TXRX_CSR9_BEACON_GEN, 0);
1888 	rt2x00mmio_register_write(rt2x00dev, TXRX_CSR9, reg);
1889 
1890 	/*
1891 	 * Write the TX descriptor for the beacon.
1892 	 */
1893 	rt61pci_write_tx_desc(entry, txdesc);
1894 
1895 	/*
1896 	 * Dump beacon to userspace through debugfs.
1897 	 */
1898 	rt2x00debug_dump_frame(rt2x00dev, DUMP_FRAME_BEACON, entry);
1899 
1900 	/*
1901 	 * Write entire beacon with descriptor and padding to register.
1902 	 */
1903 	padding_len = roundup(entry->skb->len, 4) - entry->skb->len;
1904 	if (padding_len && skb_pad(entry->skb, padding_len)) {
1905 		rt2x00_err(rt2x00dev, "Failure padding beacon, aborting\n");
1906 		/* skb freed by skb_pad() on failure */
1907 		entry->skb = NULL;
1908 		rt2x00mmio_register_write(rt2x00dev, TXRX_CSR9, orig_reg);
1909 		return;
1910 	}
1911 
1912 	beacon_base = HW_BEACON_OFFSET(entry->entry_idx);
1913 	rt2x00mmio_register_multiwrite(rt2x00dev, beacon_base,
1914 				       entry_priv->desc, TXINFO_SIZE);
1915 	rt2x00mmio_register_multiwrite(rt2x00dev, beacon_base + TXINFO_SIZE,
1916 				       entry->skb->data,
1917 				       entry->skb->len + padding_len);
1918 
1919 	/*
1920 	 * Enable beaconing again.
1921 	 *
1922 	 * For Wi-Fi faily generated beacons between participating
1923 	 * stations. Set TBTT phase adaptive adjustment step to 8us.
1924 	 */
1925 	rt2x00mmio_register_write(rt2x00dev, TXRX_CSR10, 0x00001008);
1926 
1927 	rt2x00_set_field32(&reg, TXRX_CSR9_BEACON_GEN, 1);
1928 	rt2x00mmio_register_write(rt2x00dev, TXRX_CSR9, reg);
1929 
1930 	/*
1931 	 * Clean up beacon skb.
1932 	 */
1933 	dev_kfree_skb_any(entry->skb);
1934 	entry->skb = NULL;
1935 }
1936 
1937 static void rt61pci_clear_beacon(struct queue_entry *entry)
1938 {
1939 	struct rt2x00_dev *rt2x00dev = entry->queue->rt2x00dev;
1940 	u32 orig_reg, reg;
1941 
1942 	/*
1943 	 * Disable beaconing while we are reloading the beacon data,
1944 	 * otherwise we might be sending out invalid data.
1945 	 */
1946 	orig_reg = rt2x00mmio_register_read(rt2x00dev, TXRX_CSR9);
1947 	reg = orig_reg;
1948 	rt2x00_set_field32(&reg, TXRX_CSR9_BEACON_GEN, 0);
1949 	rt2x00mmio_register_write(rt2x00dev, TXRX_CSR9, reg);
1950 
1951 	/*
1952 	 * Clear beacon.
1953 	 */
1954 	rt2x00mmio_register_write(rt2x00dev,
1955 				  HW_BEACON_OFFSET(entry->entry_idx), 0);
1956 
1957 	/*
1958 	 * Restore global beaconing state.
1959 	 */
1960 	rt2x00mmio_register_write(rt2x00dev, TXRX_CSR9, orig_reg);
1961 }
1962 
1963 /*
1964  * RX control handlers
1965  */
1966 static int rt61pci_agc_to_rssi(struct rt2x00_dev *rt2x00dev, int rxd_w1)
1967 {
1968 	u8 offset = rt2x00dev->lna_gain;
1969 	u8 lna;
1970 
1971 	lna = rt2x00_get_field32(rxd_w1, RXD_W1_RSSI_LNA);
1972 	switch (lna) {
1973 	case 3:
1974 		offset += 90;
1975 		break;
1976 	case 2:
1977 		offset += 74;
1978 		break;
1979 	case 1:
1980 		offset += 64;
1981 		break;
1982 	default:
1983 		return 0;
1984 	}
1985 
1986 	if (rt2x00dev->curr_band == NL80211_BAND_5GHZ) {
1987 		if (lna == 3 || lna == 2)
1988 			offset += 10;
1989 	}
1990 
1991 	return rt2x00_get_field32(rxd_w1, RXD_W1_RSSI_AGC) * 2 - offset;
1992 }
1993 
1994 static void rt61pci_fill_rxdone(struct queue_entry *entry,
1995 				struct rxdone_entry_desc *rxdesc)
1996 {
1997 	struct rt2x00_dev *rt2x00dev = entry->queue->rt2x00dev;
1998 	struct queue_entry_priv_mmio *entry_priv = entry->priv_data;
1999 	u32 word0;
2000 	u32 word1;
2001 
2002 	word0 = rt2x00_desc_read(entry_priv->desc, 0);
2003 	word1 = rt2x00_desc_read(entry_priv->desc, 1);
2004 
2005 	if (rt2x00_get_field32(word0, RXD_W0_CRC_ERROR))
2006 		rxdesc->flags |= RX_FLAG_FAILED_FCS_CRC;
2007 
2008 	rxdesc->cipher = rt2x00_get_field32(word0, RXD_W0_CIPHER_ALG);
2009 	rxdesc->cipher_status = rt2x00_get_field32(word0, RXD_W0_CIPHER_ERROR);
2010 
2011 	if (rxdesc->cipher != CIPHER_NONE) {
2012 		rxdesc->iv[0] = _rt2x00_desc_read(entry_priv->desc, 2);
2013 		rxdesc->iv[1] = _rt2x00_desc_read(entry_priv->desc, 3);
2014 		rxdesc->dev_flags |= RXDONE_CRYPTO_IV;
2015 
2016 		rxdesc->icv = _rt2x00_desc_read(entry_priv->desc, 4);
2017 		rxdesc->dev_flags |= RXDONE_CRYPTO_ICV;
2018 
2019 		/*
2020 		 * Hardware has stripped IV/EIV data from 802.11 frame during
2021 		 * decryption. It has provided the data separately but rt2x00lib
2022 		 * should decide if it should be reinserted.
2023 		 */
2024 		rxdesc->flags |= RX_FLAG_IV_STRIPPED;
2025 
2026 		/*
2027 		 * The hardware has already checked the Michael Mic and has
2028 		 * stripped it from the frame. Signal this to mac80211.
2029 		 */
2030 		rxdesc->flags |= RX_FLAG_MMIC_STRIPPED;
2031 
2032 		if (rxdesc->cipher_status == RX_CRYPTO_SUCCESS)
2033 			rxdesc->flags |= RX_FLAG_DECRYPTED;
2034 		else if (rxdesc->cipher_status == RX_CRYPTO_FAIL_MIC)
2035 			rxdesc->flags |= RX_FLAG_MMIC_ERROR;
2036 	}
2037 
2038 	/*
2039 	 * Obtain the status about this packet.
2040 	 * When frame was received with an OFDM bitrate,
2041 	 * the signal is the PLCP value. If it was received with
2042 	 * a CCK bitrate the signal is the rate in 100kbit/s.
2043 	 */
2044 	rxdesc->signal = rt2x00_get_field32(word1, RXD_W1_SIGNAL);
2045 	rxdesc->rssi = rt61pci_agc_to_rssi(rt2x00dev, word1);
2046 	rxdesc->size = rt2x00_get_field32(word0, RXD_W0_DATABYTE_COUNT);
2047 
2048 	if (rt2x00_get_field32(word0, RXD_W0_OFDM))
2049 		rxdesc->dev_flags |= RXDONE_SIGNAL_PLCP;
2050 	else
2051 		rxdesc->dev_flags |= RXDONE_SIGNAL_BITRATE;
2052 	if (rt2x00_get_field32(word0, RXD_W0_MY_BSS))
2053 		rxdesc->dev_flags |= RXDONE_MY_BSS;
2054 }
2055 
2056 /*
2057  * Interrupt functions.
2058  */
2059 static void rt61pci_txdone(struct rt2x00_dev *rt2x00dev)
2060 {
2061 	struct data_queue *queue;
2062 	struct queue_entry *entry;
2063 	struct queue_entry *entry_done;
2064 	struct queue_entry_priv_mmio *entry_priv;
2065 	struct txdone_entry_desc txdesc;
2066 	u32 word;
2067 	u32 reg;
2068 	int type;
2069 	int index;
2070 	int i;
2071 
2072 	/*
2073 	 * TX_STA_FIFO is a stack of X entries, hence read TX_STA_FIFO
2074 	 * at most X times and also stop processing once the TX_STA_FIFO_VALID
2075 	 * flag is not set anymore.
2076 	 *
2077 	 * The legacy drivers use X=TX_RING_SIZE but state in a comment
2078 	 * that the TX_STA_FIFO stack has a size of 16. We stick to our
2079 	 * tx ring size for now.
2080 	 */
2081 	for (i = 0; i < rt2x00dev->tx->limit; i++) {
2082 		reg = rt2x00mmio_register_read(rt2x00dev, STA_CSR4);
2083 		if (!rt2x00_get_field32(reg, STA_CSR4_VALID))
2084 			break;
2085 
2086 		/*
2087 		 * Skip this entry when it contains an invalid
2088 		 * queue identication number.
2089 		 */
2090 		type = rt2x00_get_field32(reg, STA_CSR4_PID_TYPE);
2091 		queue = rt2x00queue_get_tx_queue(rt2x00dev, type);
2092 		if (unlikely(!queue))
2093 			continue;
2094 
2095 		/*
2096 		 * Skip this entry when it contains an invalid
2097 		 * index number.
2098 		 */
2099 		index = rt2x00_get_field32(reg, STA_CSR4_PID_SUBTYPE);
2100 		if (unlikely(index >= queue->limit))
2101 			continue;
2102 
2103 		entry = &queue->entries[index];
2104 		entry_priv = entry->priv_data;
2105 		word = rt2x00_desc_read(entry_priv->desc, 0);
2106 
2107 		if (rt2x00_get_field32(word, TXD_W0_OWNER_NIC) ||
2108 		    !rt2x00_get_field32(word, TXD_W0_VALID))
2109 			return;
2110 
2111 		entry_done = rt2x00queue_get_entry(queue, Q_INDEX_DONE);
2112 		while (entry != entry_done) {
2113 			/* Catch up.
2114 			 * Just report any entries we missed as failed.
2115 			 */
2116 			rt2x00_warn(rt2x00dev, "TX status report missed for entry %d\n",
2117 				    entry_done->entry_idx);
2118 
2119 			rt2x00lib_txdone_noinfo(entry_done, TXDONE_UNKNOWN);
2120 			entry_done = rt2x00queue_get_entry(queue, Q_INDEX_DONE);
2121 		}
2122 
2123 		/*
2124 		 * Obtain the status about this packet.
2125 		 */
2126 		txdesc.flags = 0;
2127 		switch (rt2x00_get_field32(reg, STA_CSR4_TX_RESULT)) {
2128 		case 0: /* Success, maybe with retry */
2129 			__set_bit(TXDONE_SUCCESS, &txdesc.flags);
2130 			break;
2131 		case 6: /* Failure, excessive retries */
2132 			__set_bit(TXDONE_EXCESSIVE_RETRY, &txdesc.flags);
2133 			/* Fall through - this is a failed frame! */
2134 		default: /* Failure */
2135 			__set_bit(TXDONE_FAILURE, &txdesc.flags);
2136 		}
2137 		txdesc.retry = rt2x00_get_field32(reg, STA_CSR4_RETRY_COUNT);
2138 
2139 		/*
2140 		 * the frame was retried at least once
2141 		 * -> hw used fallback rates
2142 		 */
2143 		if (txdesc.retry)
2144 			__set_bit(TXDONE_FALLBACK, &txdesc.flags);
2145 
2146 		rt2x00lib_txdone(entry, &txdesc);
2147 	}
2148 }
2149 
2150 static void rt61pci_wakeup(struct rt2x00_dev *rt2x00dev)
2151 {
2152 	struct rt2x00lib_conf libconf = { .conf = &rt2x00dev->hw->conf };
2153 
2154 	rt61pci_config(rt2x00dev, &libconf, IEEE80211_CONF_CHANGE_PS);
2155 }
2156 
2157 static inline void rt61pci_enable_interrupt(struct rt2x00_dev *rt2x00dev,
2158 					    struct rt2x00_field32 irq_field)
2159 {
2160 	u32 reg;
2161 
2162 	/*
2163 	 * Enable a single interrupt. The interrupt mask register
2164 	 * access needs locking.
2165 	 */
2166 	spin_lock_irq(&rt2x00dev->irqmask_lock);
2167 
2168 	reg = rt2x00mmio_register_read(rt2x00dev, INT_MASK_CSR);
2169 	rt2x00_set_field32(&reg, irq_field, 0);
2170 	rt2x00mmio_register_write(rt2x00dev, INT_MASK_CSR, reg);
2171 
2172 	spin_unlock_irq(&rt2x00dev->irqmask_lock);
2173 }
2174 
2175 static void rt61pci_enable_mcu_interrupt(struct rt2x00_dev *rt2x00dev,
2176 					 struct rt2x00_field32 irq_field)
2177 {
2178 	u32 reg;
2179 
2180 	/*
2181 	 * Enable a single MCU interrupt. The interrupt mask register
2182 	 * access needs locking.
2183 	 */
2184 	spin_lock_irq(&rt2x00dev->irqmask_lock);
2185 
2186 	reg = rt2x00mmio_register_read(rt2x00dev, MCU_INT_MASK_CSR);
2187 	rt2x00_set_field32(&reg, irq_field, 0);
2188 	rt2x00mmio_register_write(rt2x00dev, MCU_INT_MASK_CSR, reg);
2189 
2190 	spin_unlock_irq(&rt2x00dev->irqmask_lock);
2191 }
2192 
2193 static void rt61pci_txstatus_tasklet(unsigned long data)
2194 {
2195 	struct rt2x00_dev *rt2x00dev = (struct rt2x00_dev *)data;
2196 	rt61pci_txdone(rt2x00dev);
2197 	if (test_bit(DEVICE_STATE_ENABLED_RADIO, &rt2x00dev->flags))
2198 		rt61pci_enable_interrupt(rt2x00dev, INT_MASK_CSR_TXDONE);
2199 }
2200 
2201 static void rt61pci_tbtt_tasklet(unsigned long data)
2202 {
2203 	struct rt2x00_dev *rt2x00dev = (struct rt2x00_dev *)data;
2204 	rt2x00lib_beacondone(rt2x00dev);
2205 	if (test_bit(DEVICE_STATE_ENABLED_RADIO, &rt2x00dev->flags))
2206 		rt61pci_enable_interrupt(rt2x00dev, INT_MASK_CSR_BEACON_DONE);
2207 }
2208 
2209 static void rt61pci_rxdone_tasklet(unsigned long data)
2210 {
2211 	struct rt2x00_dev *rt2x00dev = (struct rt2x00_dev *)data;
2212 	if (rt2x00mmio_rxdone(rt2x00dev))
2213 		tasklet_schedule(&rt2x00dev->rxdone_tasklet);
2214 	else if (test_bit(DEVICE_STATE_ENABLED_RADIO, &rt2x00dev->flags))
2215 		rt61pci_enable_interrupt(rt2x00dev, INT_MASK_CSR_RXDONE);
2216 }
2217 
2218 static void rt61pci_autowake_tasklet(unsigned long data)
2219 {
2220 	struct rt2x00_dev *rt2x00dev = (struct rt2x00_dev *)data;
2221 	rt61pci_wakeup(rt2x00dev);
2222 	rt2x00mmio_register_write(rt2x00dev,
2223 				  M2H_CMD_DONE_CSR, 0xffffffff);
2224 	if (test_bit(DEVICE_STATE_ENABLED_RADIO, &rt2x00dev->flags))
2225 		rt61pci_enable_mcu_interrupt(rt2x00dev, MCU_INT_MASK_CSR_TWAKEUP);
2226 }
2227 
2228 static irqreturn_t rt61pci_interrupt(int irq, void *dev_instance)
2229 {
2230 	struct rt2x00_dev *rt2x00dev = dev_instance;
2231 	u32 reg_mcu, mask_mcu;
2232 	u32 reg, mask;
2233 
2234 	/*
2235 	 * Get the interrupt sources & saved to local variable.
2236 	 * Write register value back to clear pending interrupts.
2237 	 */
2238 	reg_mcu = rt2x00mmio_register_read(rt2x00dev, MCU_INT_SOURCE_CSR);
2239 	rt2x00mmio_register_write(rt2x00dev, MCU_INT_SOURCE_CSR, reg_mcu);
2240 
2241 	reg = rt2x00mmio_register_read(rt2x00dev, INT_SOURCE_CSR);
2242 	rt2x00mmio_register_write(rt2x00dev, INT_SOURCE_CSR, reg);
2243 
2244 	if (!reg && !reg_mcu)
2245 		return IRQ_NONE;
2246 
2247 	if (!test_bit(DEVICE_STATE_ENABLED_RADIO, &rt2x00dev->flags))
2248 		return IRQ_HANDLED;
2249 
2250 	/*
2251 	 * Schedule tasklets for interrupt handling.
2252 	 */
2253 	if (rt2x00_get_field32(reg, INT_SOURCE_CSR_RXDONE))
2254 		tasklet_schedule(&rt2x00dev->rxdone_tasklet);
2255 
2256 	if (rt2x00_get_field32(reg, INT_SOURCE_CSR_TXDONE))
2257 		tasklet_schedule(&rt2x00dev->txstatus_tasklet);
2258 
2259 	if (rt2x00_get_field32(reg, INT_SOURCE_CSR_BEACON_DONE))
2260 		tasklet_hi_schedule(&rt2x00dev->tbtt_tasklet);
2261 
2262 	if (rt2x00_get_field32(reg_mcu, MCU_INT_SOURCE_CSR_TWAKEUP))
2263 		tasklet_schedule(&rt2x00dev->autowake_tasklet);
2264 
2265 	/*
2266 	 * Since INT_MASK_CSR and INT_SOURCE_CSR use the same bits
2267 	 * for interrupts and interrupt masks we can just use the value of
2268 	 * INT_SOURCE_CSR to create the interrupt mask.
2269 	 */
2270 	mask = reg;
2271 	mask_mcu = reg_mcu;
2272 
2273 	/*
2274 	 * Disable all interrupts for which a tasklet was scheduled right now,
2275 	 * the tasklet will reenable the appropriate interrupts.
2276 	 */
2277 	spin_lock(&rt2x00dev->irqmask_lock);
2278 
2279 	reg = rt2x00mmio_register_read(rt2x00dev, INT_MASK_CSR);
2280 	reg |= mask;
2281 	rt2x00mmio_register_write(rt2x00dev, INT_MASK_CSR, reg);
2282 
2283 	reg = rt2x00mmio_register_read(rt2x00dev, MCU_INT_MASK_CSR);
2284 	reg |= mask_mcu;
2285 	rt2x00mmio_register_write(rt2x00dev, MCU_INT_MASK_CSR, reg);
2286 
2287 	spin_unlock(&rt2x00dev->irqmask_lock);
2288 
2289 	return IRQ_HANDLED;
2290 }
2291 
2292 /*
2293  * Device probe functions.
2294  */
2295 static int rt61pci_validate_eeprom(struct rt2x00_dev *rt2x00dev)
2296 {
2297 	struct eeprom_93cx6 eeprom;
2298 	u32 reg;
2299 	u16 word;
2300 	u8 *mac;
2301 	s8 value;
2302 
2303 	reg = rt2x00mmio_register_read(rt2x00dev, E2PROM_CSR);
2304 
2305 	eeprom.data = rt2x00dev;
2306 	eeprom.register_read = rt61pci_eepromregister_read;
2307 	eeprom.register_write = rt61pci_eepromregister_write;
2308 	eeprom.width = rt2x00_get_field32(reg, E2PROM_CSR_TYPE_93C46) ?
2309 	    PCI_EEPROM_WIDTH_93C46 : PCI_EEPROM_WIDTH_93C66;
2310 	eeprom.reg_data_in = 0;
2311 	eeprom.reg_data_out = 0;
2312 	eeprom.reg_data_clock = 0;
2313 	eeprom.reg_chip_select = 0;
2314 
2315 	eeprom_93cx6_multiread(&eeprom, EEPROM_BASE, rt2x00dev->eeprom,
2316 			       EEPROM_SIZE / sizeof(u16));
2317 
2318 	/*
2319 	 * Start validation of the data that has been read.
2320 	 */
2321 	mac = rt2x00_eeprom_addr(rt2x00dev, EEPROM_MAC_ADDR_0);
2322 	rt2x00lib_set_mac_address(rt2x00dev, mac);
2323 
2324 	word = rt2x00_eeprom_read(rt2x00dev, EEPROM_ANTENNA);
2325 	if (word == 0xffff) {
2326 		rt2x00_set_field16(&word, EEPROM_ANTENNA_NUM, 2);
2327 		rt2x00_set_field16(&word, EEPROM_ANTENNA_TX_DEFAULT,
2328 				   ANTENNA_B);
2329 		rt2x00_set_field16(&word, EEPROM_ANTENNA_RX_DEFAULT,
2330 				   ANTENNA_B);
2331 		rt2x00_set_field16(&word, EEPROM_ANTENNA_FRAME_TYPE, 0);
2332 		rt2x00_set_field16(&word, EEPROM_ANTENNA_DYN_TXAGC, 0);
2333 		rt2x00_set_field16(&word, EEPROM_ANTENNA_HARDWARE_RADIO, 0);
2334 		rt2x00_set_field16(&word, EEPROM_ANTENNA_RF_TYPE, RF5225);
2335 		rt2x00_eeprom_write(rt2x00dev, EEPROM_ANTENNA, word);
2336 		rt2x00_eeprom_dbg(rt2x00dev, "Antenna: 0x%04x\n", word);
2337 	}
2338 
2339 	word = rt2x00_eeprom_read(rt2x00dev, EEPROM_NIC);
2340 	if (word == 0xffff) {
2341 		rt2x00_set_field16(&word, EEPROM_NIC_ENABLE_DIVERSITY, 0);
2342 		rt2x00_set_field16(&word, EEPROM_NIC_TX_DIVERSITY, 0);
2343 		rt2x00_set_field16(&word, EEPROM_NIC_RX_FIXED, 0);
2344 		rt2x00_set_field16(&word, EEPROM_NIC_TX_FIXED, 0);
2345 		rt2x00_set_field16(&word, EEPROM_NIC_EXTERNAL_LNA_BG, 0);
2346 		rt2x00_set_field16(&word, EEPROM_NIC_CARDBUS_ACCEL, 0);
2347 		rt2x00_set_field16(&word, EEPROM_NIC_EXTERNAL_LNA_A, 0);
2348 		rt2x00_eeprom_write(rt2x00dev, EEPROM_NIC, word);
2349 		rt2x00_eeprom_dbg(rt2x00dev, "NIC: 0x%04x\n", word);
2350 	}
2351 
2352 	word = rt2x00_eeprom_read(rt2x00dev, EEPROM_LED);
2353 	if (word == 0xffff) {
2354 		rt2x00_set_field16(&word, EEPROM_LED_LED_MODE,
2355 				   LED_MODE_DEFAULT);
2356 		rt2x00_eeprom_write(rt2x00dev, EEPROM_LED, word);
2357 		rt2x00_eeprom_dbg(rt2x00dev, "Led: 0x%04x\n", word);
2358 	}
2359 
2360 	word = rt2x00_eeprom_read(rt2x00dev, EEPROM_FREQ);
2361 	if (word == 0xffff) {
2362 		rt2x00_set_field16(&word, EEPROM_FREQ_OFFSET, 0);
2363 		rt2x00_set_field16(&word, EEPROM_FREQ_SEQ, 0);
2364 		rt2x00_eeprom_write(rt2x00dev, EEPROM_FREQ, word);
2365 		rt2x00_eeprom_dbg(rt2x00dev, "Freq: 0x%04x\n", word);
2366 	}
2367 
2368 	word = rt2x00_eeprom_read(rt2x00dev, EEPROM_RSSI_OFFSET_BG);
2369 	if (word == 0xffff) {
2370 		rt2x00_set_field16(&word, EEPROM_RSSI_OFFSET_BG_1, 0);
2371 		rt2x00_set_field16(&word, EEPROM_RSSI_OFFSET_BG_2, 0);
2372 		rt2x00_eeprom_write(rt2x00dev, EEPROM_RSSI_OFFSET_BG, word);
2373 		rt2x00_eeprom_dbg(rt2x00dev, "RSSI OFFSET BG: 0x%04x\n", word);
2374 	} else {
2375 		value = rt2x00_get_field16(word, EEPROM_RSSI_OFFSET_BG_1);
2376 		if (value < -10 || value > 10)
2377 			rt2x00_set_field16(&word, EEPROM_RSSI_OFFSET_BG_1, 0);
2378 		value = rt2x00_get_field16(word, EEPROM_RSSI_OFFSET_BG_2);
2379 		if (value < -10 || value > 10)
2380 			rt2x00_set_field16(&word, EEPROM_RSSI_OFFSET_BG_2, 0);
2381 		rt2x00_eeprom_write(rt2x00dev, EEPROM_RSSI_OFFSET_BG, word);
2382 	}
2383 
2384 	word = rt2x00_eeprom_read(rt2x00dev, EEPROM_RSSI_OFFSET_A);
2385 	if (word == 0xffff) {
2386 		rt2x00_set_field16(&word, EEPROM_RSSI_OFFSET_A_1, 0);
2387 		rt2x00_set_field16(&word, EEPROM_RSSI_OFFSET_A_2, 0);
2388 		rt2x00_eeprom_write(rt2x00dev, EEPROM_RSSI_OFFSET_A, word);
2389 		rt2x00_eeprom_dbg(rt2x00dev, "RSSI OFFSET A: 0x%04x\n", word);
2390 	} else {
2391 		value = rt2x00_get_field16(word, EEPROM_RSSI_OFFSET_A_1);
2392 		if (value < -10 || value > 10)
2393 			rt2x00_set_field16(&word, EEPROM_RSSI_OFFSET_A_1, 0);
2394 		value = rt2x00_get_field16(word, EEPROM_RSSI_OFFSET_A_2);
2395 		if (value < -10 || value > 10)
2396 			rt2x00_set_field16(&word, EEPROM_RSSI_OFFSET_A_2, 0);
2397 		rt2x00_eeprom_write(rt2x00dev, EEPROM_RSSI_OFFSET_A, word);
2398 	}
2399 
2400 	return 0;
2401 }
2402 
2403 static int rt61pci_init_eeprom(struct rt2x00_dev *rt2x00dev)
2404 {
2405 	u32 reg;
2406 	u16 value;
2407 	u16 eeprom;
2408 
2409 	/*
2410 	 * Read EEPROM word for configuration.
2411 	 */
2412 	eeprom = rt2x00_eeprom_read(rt2x00dev, EEPROM_ANTENNA);
2413 
2414 	/*
2415 	 * Identify RF chipset.
2416 	 */
2417 	value = rt2x00_get_field16(eeprom, EEPROM_ANTENNA_RF_TYPE);
2418 	reg = rt2x00mmio_register_read(rt2x00dev, MAC_CSR0);
2419 	rt2x00_set_chip(rt2x00dev, rt2x00_get_field32(reg, MAC_CSR0_CHIPSET),
2420 			value, rt2x00_get_field32(reg, MAC_CSR0_REVISION));
2421 
2422 	if (!rt2x00_rf(rt2x00dev, RF5225) &&
2423 	    !rt2x00_rf(rt2x00dev, RF5325) &&
2424 	    !rt2x00_rf(rt2x00dev, RF2527) &&
2425 	    !rt2x00_rf(rt2x00dev, RF2529)) {
2426 		rt2x00_err(rt2x00dev, "Invalid RF chipset detected\n");
2427 		return -ENODEV;
2428 	}
2429 
2430 	/*
2431 	 * Determine number of antennas.
2432 	 */
2433 	if (rt2x00_get_field16(eeprom, EEPROM_ANTENNA_NUM) == 2)
2434 		__set_bit(CAPABILITY_DOUBLE_ANTENNA, &rt2x00dev->cap_flags);
2435 
2436 	/*
2437 	 * Identify default antenna configuration.
2438 	 */
2439 	rt2x00dev->default_ant.tx =
2440 	    rt2x00_get_field16(eeprom, EEPROM_ANTENNA_TX_DEFAULT);
2441 	rt2x00dev->default_ant.rx =
2442 	    rt2x00_get_field16(eeprom, EEPROM_ANTENNA_RX_DEFAULT);
2443 
2444 	/*
2445 	 * Read the Frame type.
2446 	 */
2447 	if (rt2x00_get_field16(eeprom, EEPROM_ANTENNA_FRAME_TYPE))
2448 		__set_bit(CAPABILITY_FRAME_TYPE, &rt2x00dev->cap_flags);
2449 
2450 	/*
2451 	 * Detect if this device has a hardware controlled radio.
2452 	 */
2453 	if (rt2x00_get_field16(eeprom, EEPROM_ANTENNA_HARDWARE_RADIO))
2454 		__set_bit(CAPABILITY_HW_BUTTON, &rt2x00dev->cap_flags);
2455 
2456 	/*
2457 	 * Read frequency offset and RF programming sequence.
2458 	 */
2459 	eeprom = rt2x00_eeprom_read(rt2x00dev, EEPROM_FREQ);
2460 	if (rt2x00_get_field16(eeprom, EEPROM_FREQ_SEQ))
2461 		__set_bit(CAPABILITY_RF_SEQUENCE, &rt2x00dev->cap_flags);
2462 
2463 	rt2x00dev->freq_offset = rt2x00_get_field16(eeprom, EEPROM_FREQ_OFFSET);
2464 
2465 	/*
2466 	 * Read external LNA informations.
2467 	 */
2468 	eeprom = rt2x00_eeprom_read(rt2x00dev, EEPROM_NIC);
2469 
2470 	if (rt2x00_get_field16(eeprom, EEPROM_NIC_EXTERNAL_LNA_A))
2471 		__set_bit(CAPABILITY_EXTERNAL_LNA_A, &rt2x00dev->cap_flags);
2472 	if (rt2x00_get_field16(eeprom, EEPROM_NIC_EXTERNAL_LNA_BG))
2473 		__set_bit(CAPABILITY_EXTERNAL_LNA_BG, &rt2x00dev->cap_flags);
2474 
2475 	/*
2476 	 * When working with a RF2529 chip without double antenna,
2477 	 * the antenna settings should be gathered from the NIC
2478 	 * eeprom word.
2479 	 */
2480 	if (rt2x00_rf(rt2x00dev, RF2529) &&
2481 	    !rt2x00_has_cap_double_antenna(rt2x00dev)) {
2482 		rt2x00dev->default_ant.rx =
2483 		    ANTENNA_A + rt2x00_get_field16(eeprom, EEPROM_NIC_RX_FIXED);
2484 		rt2x00dev->default_ant.tx =
2485 		    ANTENNA_B - rt2x00_get_field16(eeprom, EEPROM_NIC_TX_FIXED);
2486 
2487 		if (rt2x00_get_field16(eeprom, EEPROM_NIC_TX_DIVERSITY))
2488 			rt2x00dev->default_ant.tx = ANTENNA_SW_DIVERSITY;
2489 		if (rt2x00_get_field16(eeprom, EEPROM_NIC_ENABLE_DIVERSITY))
2490 			rt2x00dev->default_ant.rx = ANTENNA_SW_DIVERSITY;
2491 	}
2492 
2493 	/*
2494 	 * Store led settings, for correct led behaviour.
2495 	 * If the eeprom value is invalid,
2496 	 * switch to default led mode.
2497 	 */
2498 #ifdef CONFIG_RT2X00_LIB_LEDS
2499 	eeprom = rt2x00_eeprom_read(rt2x00dev, EEPROM_LED);
2500 	value = rt2x00_get_field16(eeprom, EEPROM_LED_LED_MODE);
2501 
2502 	rt61pci_init_led(rt2x00dev, &rt2x00dev->led_radio, LED_TYPE_RADIO);
2503 	rt61pci_init_led(rt2x00dev, &rt2x00dev->led_assoc, LED_TYPE_ASSOC);
2504 	if (value == LED_MODE_SIGNAL_STRENGTH)
2505 		rt61pci_init_led(rt2x00dev, &rt2x00dev->led_qual,
2506 				 LED_TYPE_QUALITY);
2507 
2508 	rt2x00_set_field16(&rt2x00dev->led_mcu_reg, MCU_LEDCS_LED_MODE, value);
2509 	rt2x00_set_field16(&rt2x00dev->led_mcu_reg, MCU_LEDCS_POLARITY_GPIO_0,
2510 			   rt2x00_get_field16(eeprom,
2511 					      EEPROM_LED_POLARITY_GPIO_0));
2512 	rt2x00_set_field16(&rt2x00dev->led_mcu_reg, MCU_LEDCS_POLARITY_GPIO_1,
2513 			   rt2x00_get_field16(eeprom,
2514 					      EEPROM_LED_POLARITY_GPIO_1));
2515 	rt2x00_set_field16(&rt2x00dev->led_mcu_reg, MCU_LEDCS_POLARITY_GPIO_2,
2516 			   rt2x00_get_field16(eeprom,
2517 					      EEPROM_LED_POLARITY_GPIO_2));
2518 	rt2x00_set_field16(&rt2x00dev->led_mcu_reg, MCU_LEDCS_POLARITY_GPIO_3,
2519 			   rt2x00_get_field16(eeprom,
2520 					      EEPROM_LED_POLARITY_GPIO_3));
2521 	rt2x00_set_field16(&rt2x00dev->led_mcu_reg, MCU_LEDCS_POLARITY_GPIO_4,
2522 			   rt2x00_get_field16(eeprom,
2523 					      EEPROM_LED_POLARITY_GPIO_4));
2524 	rt2x00_set_field16(&rt2x00dev->led_mcu_reg, MCU_LEDCS_POLARITY_ACT,
2525 			   rt2x00_get_field16(eeprom, EEPROM_LED_POLARITY_ACT));
2526 	rt2x00_set_field16(&rt2x00dev->led_mcu_reg, MCU_LEDCS_POLARITY_READY_BG,
2527 			   rt2x00_get_field16(eeprom,
2528 					      EEPROM_LED_POLARITY_RDY_G));
2529 	rt2x00_set_field16(&rt2x00dev->led_mcu_reg, MCU_LEDCS_POLARITY_READY_A,
2530 			   rt2x00_get_field16(eeprom,
2531 					      EEPROM_LED_POLARITY_RDY_A));
2532 #endif /* CONFIG_RT2X00_LIB_LEDS */
2533 
2534 	return 0;
2535 }
2536 
2537 /*
2538  * RF value list for RF5225 & RF5325
2539  * Supports: 2.4 GHz & 5.2 GHz, rf_sequence disabled
2540  */
2541 static const struct rf_channel rf_vals_noseq[] = {
2542 	{ 1,  0x00002ccc, 0x00004786, 0x00068455, 0x000ffa0b },
2543 	{ 2,  0x00002ccc, 0x00004786, 0x00068455, 0x000ffa1f },
2544 	{ 3,  0x00002ccc, 0x0000478a, 0x00068455, 0x000ffa0b },
2545 	{ 4,  0x00002ccc, 0x0000478a, 0x00068455, 0x000ffa1f },
2546 	{ 5,  0x00002ccc, 0x0000478e, 0x00068455, 0x000ffa0b },
2547 	{ 6,  0x00002ccc, 0x0000478e, 0x00068455, 0x000ffa1f },
2548 	{ 7,  0x00002ccc, 0x00004792, 0x00068455, 0x000ffa0b },
2549 	{ 8,  0x00002ccc, 0x00004792, 0x00068455, 0x000ffa1f },
2550 	{ 9,  0x00002ccc, 0x00004796, 0x00068455, 0x000ffa0b },
2551 	{ 10, 0x00002ccc, 0x00004796, 0x00068455, 0x000ffa1f },
2552 	{ 11, 0x00002ccc, 0x0000479a, 0x00068455, 0x000ffa0b },
2553 	{ 12, 0x00002ccc, 0x0000479a, 0x00068455, 0x000ffa1f },
2554 	{ 13, 0x00002ccc, 0x0000479e, 0x00068455, 0x000ffa0b },
2555 	{ 14, 0x00002ccc, 0x000047a2, 0x00068455, 0x000ffa13 },
2556 
2557 	/* 802.11 UNI / HyperLan 2 */
2558 	{ 36, 0x00002ccc, 0x0000499a, 0x0009be55, 0x000ffa23 },
2559 	{ 40, 0x00002ccc, 0x000049a2, 0x0009be55, 0x000ffa03 },
2560 	{ 44, 0x00002ccc, 0x000049a6, 0x0009be55, 0x000ffa0b },
2561 	{ 48, 0x00002ccc, 0x000049aa, 0x0009be55, 0x000ffa13 },
2562 	{ 52, 0x00002ccc, 0x000049ae, 0x0009ae55, 0x000ffa1b },
2563 	{ 56, 0x00002ccc, 0x000049b2, 0x0009ae55, 0x000ffa23 },
2564 	{ 60, 0x00002ccc, 0x000049ba, 0x0009ae55, 0x000ffa03 },
2565 	{ 64, 0x00002ccc, 0x000049be, 0x0009ae55, 0x000ffa0b },
2566 
2567 	/* 802.11 HyperLan 2 */
2568 	{ 100, 0x00002ccc, 0x00004a2a, 0x000bae55, 0x000ffa03 },
2569 	{ 104, 0x00002ccc, 0x00004a2e, 0x000bae55, 0x000ffa0b },
2570 	{ 108, 0x00002ccc, 0x00004a32, 0x000bae55, 0x000ffa13 },
2571 	{ 112, 0x00002ccc, 0x00004a36, 0x000bae55, 0x000ffa1b },
2572 	{ 116, 0x00002ccc, 0x00004a3a, 0x000bbe55, 0x000ffa23 },
2573 	{ 120, 0x00002ccc, 0x00004a82, 0x000bbe55, 0x000ffa03 },
2574 	{ 124, 0x00002ccc, 0x00004a86, 0x000bbe55, 0x000ffa0b },
2575 	{ 128, 0x00002ccc, 0x00004a8a, 0x000bbe55, 0x000ffa13 },
2576 	{ 132, 0x00002ccc, 0x00004a8e, 0x000bbe55, 0x000ffa1b },
2577 	{ 136, 0x00002ccc, 0x00004a92, 0x000bbe55, 0x000ffa23 },
2578 
2579 	/* 802.11 UNII */
2580 	{ 140, 0x00002ccc, 0x00004a9a, 0x000bbe55, 0x000ffa03 },
2581 	{ 149, 0x00002ccc, 0x00004aa2, 0x000bbe55, 0x000ffa1f },
2582 	{ 153, 0x00002ccc, 0x00004aa6, 0x000bbe55, 0x000ffa27 },
2583 	{ 157, 0x00002ccc, 0x00004aae, 0x000bbe55, 0x000ffa07 },
2584 	{ 161, 0x00002ccc, 0x00004ab2, 0x000bbe55, 0x000ffa0f },
2585 	{ 165, 0x00002ccc, 0x00004ab6, 0x000bbe55, 0x000ffa17 },
2586 
2587 	/* MMAC(Japan)J52 ch 34,38,42,46 */
2588 	{ 34, 0x00002ccc, 0x0000499a, 0x0009be55, 0x000ffa0b },
2589 	{ 38, 0x00002ccc, 0x0000499e, 0x0009be55, 0x000ffa13 },
2590 	{ 42, 0x00002ccc, 0x000049a2, 0x0009be55, 0x000ffa1b },
2591 	{ 46, 0x00002ccc, 0x000049a6, 0x0009be55, 0x000ffa23 },
2592 };
2593 
2594 /*
2595  * RF value list for RF5225 & RF5325
2596  * Supports: 2.4 GHz & 5.2 GHz, rf_sequence enabled
2597  */
2598 static const struct rf_channel rf_vals_seq[] = {
2599 	{ 1,  0x00002ccc, 0x00004786, 0x00068455, 0x000ffa0b },
2600 	{ 2,  0x00002ccc, 0x00004786, 0x00068455, 0x000ffa1f },
2601 	{ 3,  0x00002ccc, 0x0000478a, 0x00068455, 0x000ffa0b },
2602 	{ 4,  0x00002ccc, 0x0000478a, 0x00068455, 0x000ffa1f },
2603 	{ 5,  0x00002ccc, 0x0000478e, 0x00068455, 0x000ffa0b },
2604 	{ 6,  0x00002ccc, 0x0000478e, 0x00068455, 0x000ffa1f },
2605 	{ 7,  0x00002ccc, 0x00004792, 0x00068455, 0x000ffa0b },
2606 	{ 8,  0x00002ccc, 0x00004792, 0x00068455, 0x000ffa1f },
2607 	{ 9,  0x00002ccc, 0x00004796, 0x00068455, 0x000ffa0b },
2608 	{ 10, 0x00002ccc, 0x00004796, 0x00068455, 0x000ffa1f },
2609 	{ 11, 0x00002ccc, 0x0000479a, 0x00068455, 0x000ffa0b },
2610 	{ 12, 0x00002ccc, 0x0000479a, 0x00068455, 0x000ffa1f },
2611 	{ 13, 0x00002ccc, 0x0000479e, 0x00068455, 0x000ffa0b },
2612 	{ 14, 0x00002ccc, 0x000047a2, 0x00068455, 0x000ffa13 },
2613 
2614 	/* 802.11 UNI / HyperLan 2 */
2615 	{ 36, 0x00002cd4, 0x0004481a, 0x00098455, 0x000c0a03 },
2616 	{ 40, 0x00002cd0, 0x00044682, 0x00098455, 0x000c0a03 },
2617 	{ 44, 0x00002cd0, 0x00044686, 0x00098455, 0x000c0a1b },
2618 	{ 48, 0x00002cd0, 0x0004468e, 0x00098655, 0x000c0a0b },
2619 	{ 52, 0x00002cd0, 0x00044692, 0x00098855, 0x000c0a23 },
2620 	{ 56, 0x00002cd0, 0x0004469a, 0x00098c55, 0x000c0a13 },
2621 	{ 60, 0x00002cd0, 0x000446a2, 0x00098e55, 0x000c0a03 },
2622 	{ 64, 0x00002cd0, 0x000446a6, 0x00099255, 0x000c0a1b },
2623 
2624 	/* 802.11 HyperLan 2 */
2625 	{ 100, 0x00002cd4, 0x0004489a, 0x000b9855, 0x000c0a03 },
2626 	{ 104, 0x00002cd4, 0x000448a2, 0x000b9855, 0x000c0a03 },
2627 	{ 108, 0x00002cd4, 0x000448aa, 0x000b9855, 0x000c0a03 },
2628 	{ 112, 0x00002cd4, 0x000448b2, 0x000b9a55, 0x000c0a03 },
2629 	{ 116, 0x00002cd4, 0x000448ba, 0x000b9a55, 0x000c0a03 },
2630 	{ 120, 0x00002cd0, 0x00044702, 0x000b9a55, 0x000c0a03 },
2631 	{ 124, 0x00002cd0, 0x00044706, 0x000b9a55, 0x000c0a1b },
2632 	{ 128, 0x00002cd0, 0x0004470e, 0x000b9c55, 0x000c0a0b },
2633 	{ 132, 0x00002cd0, 0x00044712, 0x000b9c55, 0x000c0a23 },
2634 	{ 136, 0x00002cd0, 0x0004471a, 0x000b9e55, 0x000c0a13 },
2635 
2636 	/* 802.11 UNII */
2637 	{ 140, 0x00002cd0, 0x00044722, 0x000b9e55, 0x000c0a03 },
2638 	{ 149, 0x00002cd0, 0x0004472e, 0x000ba255, 0x000c0a1b },
2639 	{ 153, 0x00002cd0, 0x00044736, 0x000ba255, 0x000c0a0b },
2640 	{ 157, 0x00002cd4, 0x0004490a, 0x000ba255, 0x000c0a17 },
2641 	{ 161, 0x00002cd4, 0x00044912, 0x000ba255, 0x000c0a17 },
2642 	{ 165, 0x00002cd4, 0x0004491a, 0x000ba255, 0x000c0a17 },
2643 
2644 	/* MMAC(Japan)J52 ch 34,38,42,46 */
2645 	{ 34, 0x00002ccc, 0x0000499a, 0x0009be55, 0x000c0a0b },
2646 	{ 38, 0x00002ccc, 0x0000499e, 0x0009be55, 0x000c0a13 },
2647 	{ 42, 0x00002ccc, 0x000049a2, 0x0009be55, 0x000c0a1b },
2648 	{ 46, 0x00002ccc, 0x000049a6, 0x0009be55, 0x000c0a23 },
2649 };
2650 
2651 static int rt61pci_probe_hw_mode(struct rt2x00_dev *rt2x00dev)
2652 {
2653 	struct hw_mode_spec *spec = &rt2x00dev->spec;
2654 	struct channel_info *info;
2655 	char *tx_power;
2656 	unsigned int i;
2657 
2658 	/*
2659 	 * Disable powersaving as default.
2660 	 */
2661 	rt2x00dev->hw->wiphy->flags &= ~WIPHY_FLAG_PS_ON_BY_DEFAULT;
2662 
2663 	/*
2664 	 * Initialize all hw fields.
2665 	 */
2666 	ieee80211_hw_set(rt2x00dev->hw, PS_NULLFUNC_STACK);
2667 	ieee80211_hw_set(rt2x00dev->hw, SUPPORTS_PS);
2668 	ieee80211_hw_set(rt2x00dev->hw, HOST_BROADCAST_PS_BUFFERING);
2669 	ieee80211_hw_set(rt2x00dev->hw, SIGNAL_DBM);
2670 
2671 	SET_IEEE80211_DEV(rt2x00dev->hw, rt2x00dev->dev);
2672 	SET_IEEE80211_PERM_ADDR(rt2x00dev->hw,
2673 				rt2x00_eeprom_addr(rt2x00dev,
2674 						   EEPROM_MAC_ADDR_0));
2675 
2676 	/*
2677 	 * As rt61 has a global fallback table we cannot specify
2678 	 * more then one tx rate per frame but since the hw will
2679 	 * try several rates (based on the fallback table) we should
2680 	 * initialize max_report_rates to the maximum number of rates
2681 	 * we are going to try. Otherwise mac80211 will truncate our
2682 	 * reported tx rates and the rc algortihm will end up with
2683 	 * incorrect data.
2684 	 */
2685 	rt2x00dev->hw->max_rates = 1;
2686 	rt2x00dev->hw->max_report_rates = 7;
2687 	rt2x00dev->hw->max_rate_tries = 1;
2688 
2689 	/*
2690 	 * Initialize hw_mode information.
2691 	 */
2692 	spec->supported_bands = SUPPORT_BAND_2GHZ;
2693 	spec->supported_rates = SUPPORT_RATE_CCK | SUPPORT_RATE_OFDM;
2694 
2695 	if (!rt2x00_has_cap_rf_sequence(rt2x00dev)) {
2696 		spec->num_channels = 14;
2697 		spec->channels = rf_vals_noseq;
2698 	} else {
2699 		spec->num_channels = 14;
2700 		spec->channels = rf_vals_seq;
2701 	}
2702 
2703 	if (rt2x00_rf(rt2x00dev, RF5225) || rt2x00_rf(rt2x00dev, RF5325)) {
2704 		spec->supported_bands |= SUPPORT_BAND_5GHZ;
2705 		spec->num_channels = ARRAY_SIZE(rf_vals_seq);
2706 	}
2707 
2708 	/*
2709 	 * Create channel information array
2710 	 */
2711 	info = kcalloc(spec->num_channels, sizeof(*info), GFP_KERNEL);
2712 	if (!info)
2713 		return -ENOMEM;
2714 
2715 	spec->channels_info = info;
2716 
2717 	tx_power = rt2x00_eeprom_addr(rt2x00dev, EEPROM_TXPOWER_G_START);
2718 	for (i = 0; i < 14; i++) {
2719 		info[i].max_power = MAX_TXPOWER;
2720 		info[i].default_power1 = TXPOWER_FROM_DEV(tx_power[i]);
2721 	}
2722 
2723 	if (spec->num_channels > 14) {
2724 		tx_power = rt2x00_eeprom_addr(rt2x00dev, EEPROM_TXPOWER_A_START);
2725 		for (i = 14; i < spec->num_channels; i++) {
2726 			info[i].max_power = MAX_TXPOWER;
2727 			info[i].default_power1 =
2728 					TXPOWER_FROM_DEV(tx_power[i - 14]);
2729 		}
2730 	}
2731 
2732 	return 0;
2733 }
2734 
2735 static int rt61pci_probe_hw(struct rt2x00_dev *rt2x00dev)
2736 {
2737 	int retval;
2738 	u32 reg;
2739 
2740 	/*
2741 	 * Disable power saving.
2742 	 */
2743 	rt2x00mmio_register_write(rt2x00dev, SOFT_RESET_CSR, 0x00000007);
2744 
2745 	/*
2746 	 * Allocate eeprom data.
2747 	 */
2748 	retval = rt61pci_validate_eeprom(rt2x00dev);
2749 	if (retval)
2750 		return retval;
2751 
2752 	retval = rt61pci_init_eeprom(rt2x00dev);
2753 	if (retval)
2754 		return retval;
2755 
2756 	/*
2757 	 * Enable rfkill polling by setting GPIO direction of the
2758 	 * rfkill switch GPIO pin correctly.
2759 	 */
2760 	reg = rt2x00mmio_register_read(rt2x00dev, MAC_CSR13);
2761 	rt2x00_set_field32(&reg, MAC_CSR13_DIR5, 1);
2762 	rt2x00mmio_register_write(rt2x00dev, MAC_CSR13, reg);
2763 
2764 	/*
2765 	 * Initialize hw specifications.
2766 	 */
2767 	retval = rt61pci_probe_hw_mode(rt2x00dev);
2768 	if (retval)
2769 		return retval;
2770 
2771 	/*
2772 	 * This device has multiple filters for control frames,
2773 	 * but has no a separate filter for PS Poll frames.
2774 	 */
2775 	__set_bit(CAPABILITY_CONTROL_FILTERS, &rt2x00dev->cap_flags);
2776 
2777 	/*
2778 	 * This device requires firmware and DMA mapped skbs.
2779 	 */
2780 	__set_bit(REQUIRE_FIRMWARE, &rt2x00dev->cap_flags);
2781 	__set_bit(REQUIRE_DMA, &rt2x00dev->cap_flags);
2782 	if (!modparam_nohwcrypt)
2783 		__set_bit(CAPABILITY_HW_CRYPTO, &rt2x00dev->cap_flags);
2784 	__set_bit(CAPABILITY_LINK_TUNING, &rt2x00dev->cap_flags);
2785 
2786 	/*
2787 	 * Set the rssi offset.
2788 	 */
2789 	rt2x00dev->rssi_offset = DEFAULT_RSSI_OFFSET;
2790 
2791 	return 0;
2792 }
2793 
2794 /*
2795  * IEEE80211 stack callback functions.
2796  */
2797 static int rt61pci_conf_tx(struct ieee80211_hw *hw,
2798 			   struct ieee80211_vif *vif, u16 queue_idx,
2799 			   const struct ieee80211_tx_queue_params *params)
2800 {
2801 	struct rt2x00_dev *rt2x00dev = hw->priv;
2802 	struct data_queue *queue;
2803 	struct rt2x00_field32 field;
2804 	int retval;
2805 	u32 reg;
2806 	u32 offset;
2807 
2808 	/*
2809 	 * First pass the configuration through rt2x00lib, that will
2810 	 * update the queue settings and validate the input. After that
2811 	 * we are free to update the registers based on the value
2812 	 * in the queue parameter.
2813 	 */
2814 	retval = rt2x00mac_conf_tx(hw, vif, queue_idx, params);
2815 	if (retval)
2816 		return retval;
2817 
2818 	/*
2819 	 * We only need to perform additional register initialization
2820 	 * for WMM queues.
2821 	 */
2822 	if (queue_idx >= 4)
2823 		return 0;
2824 
2825 	queue = rt2x00queue_get_tx_queue(rt2x00dev, queue_idx);
2826 
2827 	/* Update WMM TXOP register */
2828 	offset = AC_TXOP_CSR0 + (sizeof(u32) * (!!(queue_idx & 2)));
2829 	field.bit_offset = (queue_idx & 1) * 16;
2830 	field.bit_mask = 0xffff << field.bit_offset;
2831 
2832 	reg = rt2x00mmio_register_read(rt2x00dev, offset);
2833 	rt2x00_set_field32(&reg, field, queue->txop);
2834 	rt2x00mmio_register_write(rt2x00dev, offset, reg);
2835 
2836 	/* Update WMM registers */
2837 	field.bit_offset = queue_idx * 4;
2838 	field.bit_mask = 0xf << field.bit_offset;
2839 
2840 	reg = rt2x00mmio_register_read(rt2x00dev, AIFSN_CSR);
2841 	rt2x00_set_field32(&reg, field, queue->aifs);
2842 	rt2x00mmio_register_write(rt2x00dev, AIFSN_CSR, reg);
2843 
2844 	reg = rt2x00mmio_register_read(rt2x00dev, CWMIN_CSR);
2845 	rt2x00_set_field32(&reg, field, queue->cw_min);
2846 	rt2x00mmio_register_write(rt2x00dev, CWMIN_CSR, reg);
2847 
2848 	reg = rt2x00mmio_register_read(rt2x00dev, CWMAX_CSR);
2849 	rt2x00_set_field32(&reg, field, queue->cw_max);
2850 	rt2x00mmio_register_write(rt2x00dev, CWMAX_CSR, reg);
2851 
2852 	return 0;
2853 }
2854 
2855 static u64 rt61pci_get_tsf(struct ieee80211_hw *hw, struct ieee80211_vif *vif)
2856 {
2857 	struct rt2x00_dev *rt2x00dev = hw->priv;
2858 	u64 tsf;
2859 	u32 reg;
2860 
2861 	reg = rt2x00mmio_register_read(rt2x00dev, TXRX_CSR13);
2862 	tsf = (u64) rt2x00_get_field32(reg, TXRX_CSR13_HIGH_TSFTIMER) << 32;
2863 	reg = rt2x00mmio_register_read(rt2x00dev, TXRX_CSR12);
2864 	tsf |= rt2x00_get_field32(reg, TXRX_CSR12_LOW_TSFTIMER);
2865 
2866 	return tsf;
2867 }
2868 
2869 static const struct ieee80211_ops rt61pci_mac80211_ops = {
2870 	.tx			= rt2x00mac_tx,
2871 	.start			= rt2x00mac_start,
2872 	.stop			= rt2x00mac_stop,
2873 	.add_interface		= rt2x00mac_add_interface,
2874 	.remove_interface	= rt2x00mac_remove_interface,
2875 	.config			= rt2x00mac_config,
2876 	.configure_filter	= rt2x00mac_configure_filter,
2877 	.set_key		= rt2x00mac_set_key,
2878 	.sw_scan_start		= rt2x00mac_sw_scan_start,
2879 	.sw_scan_complete	= rt2x00mac_sw_scan_complete,
2880 	.get_stats		= rt2x00mac_get_stats,
2881 	.bss_info_changed	= rt2x00mac_bss_info_changed,
2882 	.conf_tx		= rt61pci_conf_tx,
2883 	.get_tsf		= rt61pci_get_tsf,
2884 	.rfkill_poll		= rt2x00mac_rfkill_poll,
2885 	.flush			= rt2x00mac_flush,
2886 	.set_antenna		= rt2x00mac_set_antenna,
2887 	.get_antenna		= rt2x00mac_get_antenna,
2888 	.get_ringparam		= rt2x00mac_get_ringparam,
2889 	.tx_frames_pending	= rt2x00mac_tx_frames_pending,
2890 };
2891 
2892 static const struct rt2x00lib_ops rt61pci_rt2x00_ops = {
2893 	.irq_handler		= rt61pci_interrupt,
2894 	.txstatus_tasklet	= rt61pci_txstatus_tasklet,
2895 	.tbtt_tasklet		= rt61pci_tbtt_tasklet,
2896 	.rxdone_tasklet		= rt61pci_rxdone_tasklet,
2897 	.autowake_tasklet	= rt61pci_autowake_tasklet,
2898 	.probe_hw		= rt61pci_probe_hw,
2899 	.get_firmware_name	= rt61pci_get_firmware_name,
2900 	.check_firmware		= rt61pci_check_firmware,
2901 	.load_firmware		= rt61pci_load_firmware,
2902 	.initialize		= rt2x00mmio_initialize,
2903 	.uninitialize		= rt2x00mmio_uninitialize,
2904 	.get_entry_state	= rt61pci_get_entry_state,
2905 	.clear_entry		= rt61pci_clear_entry,
2906 	.set_device_state	= rt61pci_set_device_state,
2907 	.rfkill_poll		= rt61pci_rfkill_poll,
2908 	.link_stats		= rt61pci_link_stats,
2909 	.reset_tuner		= rt61pci_reset_tuner,
2910 	.link_tuner		= rt61pci_link_tuner,
2911 	.start_queue		= rt61pci_start_queue,
2912 	.kick_queue		= rt61pci_kick_queue,
2913 	.stop_queue		= rt61pci_stop_queue,
2914 	.flush_queue		= rt2x00mmio_flush_queue,
2915 	.write_tx_desc		= rt61pci_write_tx_desc,
2916 	.write_beacon		= rt61pci_write_beacon,
2917 	.clear_beacon		= rt61pci_clear_beacon,
2918 	.fill_rxdone		= rt61pci_fill_rxdone,
2919 	.config_shared_key	= rt61pci_config_shared_key,
2920 	.config_pairwise_key	= rt61pci_config_pairwise_key,
2921 	.config_filter		= rt61pci_config_filter,
2922 	.config_intf		= rt61pci_config_intf,
2923 	.config_erp		= rt61pci_config_erp,
2924 	.config_ant		= rt61pci_config_ant,
2925 	.config			= rt61pci_config,
2926 };
2927 
2928 static void rt61pci_queue_init(struct data_queue *queue)
2929 {
2930 	switch (queue->qid) {
2931 	case QID_RX:
2932 		queue->limit = 32;
2933 		queue->data_size = DATA_FRAME_SIZE;
2934 		queue->desc_size = RXD_DESC_SIZE;
2935 		queue->priv_size = sizeof(struct queue_entry_priv_mmio);
2936 		break;
2937 
2938 	case QID_AC_VO:
2939 	case QID_AC_VI:
2940 	case QID_AC_BE:
2941 	case QID_AC_BK:
2942 		queue->limit = 32;
2943 		queue->data_size = DATA_FRAME_SIZE;
2944 		queue->desc_size = TXD_DESC_SIZE;
2945 		queue->priv_size = sizeof(struct queue_entry_priv_mmio);
2946 		break;
2947 
2948 	case QID_BEACON:
2949 		queue->limit = 4;
2950 		queue->data_size = 0; /* No DMA required for beacons */
2951 		queue->desc_size = TXINFO_SIZE;
2952 		queue->priv_size = sizeof(struct queue_entry_priv_mmio);
2953 		break;
2954 
2955 	case QID_ATIM:
2956 		/* fallthrough */
2957 	default:
2958 		BUG();
2959 		break;
2960 	}
2961 }
2962 
2963 static const struct rt2x00_ops rt61pci_ops = {
2964 	.name			= KBUILD_MODNAME,
2965 	.max_ap_intf		= 4,
2966 	.eeprom_size		= EEPROM_SIZE,
2967 	.rf_size		= RF_SIZE,
2968 	.tx_queues		= NUM_TX_QUEUES,
2969 	.queue_init		= rt61pci_queue_init,
2970 	.lib			= &rt61pci_rt2x00_ops,
2971 	.hw			= &rt61pci_mac80211_ops,
2972 #ifdef CONFIG_RT2X00_LIB_DEBUGFS
2973 	.debugfs		= &rt61pci_rt2x00debug,
2974 #endif /* CONFIG_RT2X00_LIB_DEBUGFS */
2975 };
2976 
2977 /*
2978  * RT61pci module information.
2979  */
2980 static const struct pci_device_id rt61pci_device_table[] = {
2981 	/* RT2561s */
2982 	{ PCI_DEVICE(0x1814, 0x0301) },
2983 	/* RT2561 v2 */
2984 	{ PCI_DEVICE(0x1814, 0x0302) },
2985 	/* RT2661 */
2986 	{ PCI_DEVICE(0x1814, 0x0401) },
2987 	{ 0, }
2988 };
2989 
2990 MODULE_AUTHOR(DRV_PROJECT);
2991 MODULE_VERSION(DRV_VERSION);
2992 MODULE_DESCRIPTION("Ralink RT61 PCI & PCMCIA Wireless LAN driver.");
2993 MODULE_SUPPORTED_DEVICE("Ralink RT2561, RT2561s & RT2661 "
2994 			"PCI & PCMCIA chipset based cards");
2995 MODULE_DEVICE_TABLE(pci, rt61pci_device_table);
2996 MODULE_FIRMWARE(FIRMWARE_RT2561);
2997 MODULE_FIRMWARE(FIRMWARE_RT2561s);
2998 MODULE_FIRMWARE(FIRMWARE_RT2661);
2999 MODULE_LICENSE("GPL");
3000 
3001 static int rt61pci_probe(struct pci_dev *pci_dev,
3002 			 const struct pci_device_id *id)
3003 {
3004 	return rt2x00pci_probe(pci_dev, &rt61pci_ops);
3005 }
3006 
3007 static struct pci_driver rt61pci_driver = {
3008 	.name		= KBUILD_MODNAME,
3009 	.id_table	= rt61pci_device_table,
3010 	.probe		= rt61pci_probe,
3011 	.remove		= rt2x00pci_remove,
3012 	.suspend	= rt2x00pci_suspend,
3013 	.resume		= rt2x00pci_resume,
3014 };
3015 
3016 module_pci_driver(rt61pci_driver);
3017