3 Broadcom B43 wireless driver
5 Copyright (c) 2005 Martin Langer <martin-langer@gmx.de>
6 Copyright (c) 2005 Stefano Brivio <stefano.brivio@polimi.it>
7 Copyright (c) 2005-2009 Michael Buesch <mb@bu3sch.de>
8 Copyright (c) 2005 Danny van Dyk <kugelfang@gentoo.org>
9 Copyright (c) 2005 Andreas Jaggi <andreas.jaggi@waterwave.ch>
11 Some parts of the code in this file are derived from the ipw2200
12 driver Copyright(c) 2003 - 2004 Intel Corporation.
14 This program is free software; you can redistribute it and/or modify
15 it under the terms of the GNU General Public License as published by
16 the Free Software Foundation; either version 2 of the License, or
17 (at your option) any later version.
19 This program is distributed in the hope that it will be useful,
20 but WITHOUT ANY WARRANTY; without even the implied warranty of
21 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
22 GNU General Public License for more details.
24 You should have received a copy of the GNU General Public License
25 along with this program; see the file COPYING. If not, write to
26 the Free Software Foundation, Inc., 51 Franklin Steet, Fifth Floor,
27 Boston, MA 02110-1301, USA.
31 #include <linux/delay.h>
32 #include <linux/init.h>
33 #include <linux/moduleparam.h>
34 #include <linux/if_arp.h>
35 #include <linux/etherdevice.h>
36 #include <linux/firmware.h>
37 #include <linux/wireless.h>
38 #include <linux/workqueue.h>
39 #include <linux/skbuff.h>
41 #include <linux/dma-mapping.h>
42 #include <asm/unaligned.h>
47 #include "phy_common.h"
57 MODULE_DESCRIPTION("Broadcom B43 wireless driver");
58 MODULE_AUTHOR("Martin Langer");
59 MODULE_AUTHOR("Stefano Brivio");
60 MODULE_AUTHOR("Michael Buesch");
61 MODULE_AUTHOR("Gábor Stefanik");
62 MODULE_LICENSE("GPL");
64 MODULE_FIRMWARE(B43_SUPPORTED_FIRMWARE_ID);
67 static int modparam_bad_frames_preempt;
68 module_param_named(bad_frames_preempt, modparam_bad_frames_preempt, int, 0444);
69 MODULE_PARM_DESC(bad_frames_preempt,
70 "enable(1) / disable(0) Bad Frames Preemption");
72 static char modparam_fwpostfix[16];
73 module_param_string(fwpostfix, modparam_fwpostfix, 16, 0444);
74 MODULE_PARM_DESC(fwpostfix, "Postfix for the .fw files to load.");
76 static int modparam_hwpctl;
77 module_param_named(hwpctl, modparam_hwpctl, int, 0444);
78 MODULE_PARM_DESC(hwpctl, "Enable hardware-side power control (default off)");
80 static int modparam_nohwcrypt;
81 module_param_named(nohwcrypt, modparam_nohwcrypt, int, 0444);
82 MODULE_PARM_DESC(nohwcrypt, "Disable hardware encryption.");
84 static int modparam_hwtkip;
85 module_param_named(hwtkip, modparam_hwtkip, int, 0444);
86 MODULE_PARM_DESC(hwtkip, "Enable hardware tkip.");
88 static int modparam_qos = 1;
89 module_param_named(qos, modparam_qos, int, 0444);
90 MODULE_PARM_DESC(qos, "Enable QOS support (default on)");
92 static int modparam_btcoex = 1;
93 module_param_named(btcoex, modparam_btcoex, int, 0444);
94 MODULE_PARM_DESC(btcoex, "Enable Bluetooth coexistence (default on)");
96 int b43_modparam_verbose = B43_VERBOSITY_DEFAULT;
97 module_param_named(verbose, b43_modparam_verbose, int, 0644);
98 MODULE_PARM_DESC(verbose, "Log message verbosity: 0=error, 1=warn, 2=info(default), 3=debug");
101 static const struct ssb_device_id b43_ssb_tbl[] = {
102 SSB_DEVICE(SSB_VENDOR_BROADCOM, SSB_DEV_80211, 5),
103 SSB_DEVICE(SSB_VENDOR_BROADCOM, SSB_DEV_80211, 6),
104 SSB_DEVICE(SSB_VENDOR_BROADCOM, SSB_DEV_80211, 7),
105 SSB_DEVICE(SSB_VENDOR_BROADCOM, SSB_DEV_80211, 9),
106 SSB_DEVICE(SSB_VENDOR_BROADCOM, SSB_DEV_80211, 10),
107 SSB_DEVICE(SSB_VENDOR_BROADCOM, SSB_DEV_80211, 11),
108 SSB_DEVICE(SSB_VENDOR_BROADCOM, SSB_DEV_80211, 13),
109 SSB_DEVICE(SSB_VENDOR_BROADCOM, SSB_DEV_80211, 15),
110 SSB_DEVICE(SSB_VENDOR_BROADCOM, SSB_DEV_80211, 16),
114 MODULE_DEVICE_TABLE(ssb, b43_ssb_tbl);
116 /* Channel and ratetables are shared for all devices.
117 * They can't be const, because ieee80211 puts some precalculated
118 * data in there. This data is the same for all devices, so we don't
119 * get concurrency issues */
120 #define RATETAB_ENT(_rateid, _flags) \
122 .bitrate = B43_RATE_TO_BASE100KBPS(_rateid), \
123 .hw_value = (_rateid), \
128 * NOTE: When changing this, sync with xmit.c's
129 * b43_plcp_get_bitrate_idx_* functions!
131 static struct ieee80211_rate __b43_ratetable[] = {
132 RATETAB_ENT(B43_CCK_RATE_1MB, 0),
133 RATETAB_ENT(B43_CCK_RATE_2MB, IEEE80211_RATE_SHORT_PREAMBLE),
134 RATETAB_ENT(B43_CCK_RATE_5MB, IEEE80211_RATE_SHORT_PREAMBLE),
135 RATETAB_ENT(B43_CCK_RATE_11MB, IEEE80211_RATE_SHORT_PREAMBLE),
136 RATETAB_ENT(B43_OFDM_RATE_6MB, 0),
137 RATETAB_ENT(B43_OFDM_RATE_9MB, 0),
138 RATETAB_ENT(B43_OFDM_RATE_12MB, 0),
139 RATETAB_ENT(B43_OFDM_RATE_18MB, 0),
140 RATETAB_ENT(B43_OFDM_RATE_24MB, 0),
141 RATETAB_ENT(B43_OFDM_RATE_36MB, 0),
142 RATETAB_ENT(B43_OFDM_RATE_48MB, 0),
143 RATETAB_ENT(B43_OFDM_RATE_54MB, 0),
146 #define b43_a_ratetable (__b43_ratetable + 4)
147 #define b43_a_ratetable_size 8
148 #define b43_b_ratetable (__b43_ratetable + 0)
149 #define b43_b_ratetable_size 4
150 #define b43_g_ratetable (__b43_ratetable + 0)
151 #define b43_g_ratetable_size 12
153 #define CHAN4G(_channel, _freq, _flags) { \
154 .band = IEEE80211_BAND_2GHZ, \
155 .center_freq = (_freq), \
156 .hw_value = (_channel), \
158 .max_antenna_gain = 0, \
161 static struct ieee80211_channel b43_2ghz_chantable[] = {
179 #define CHAN5G(_channel, _flags) { \
180 .band = IEEE80211_BAND_5GHZ, \
181 .center_freq = 5000 + (5 * (_channel)), \
182 .hw_value = (_channel), \
184 .max_antenna_gain = 0, \
187 static struct ieee80211_channel b43_5ghz_nphy_chantable[] = {
188 CHAN5G(32, 0), CHAN5G(34, 0),
189 CHAN5G(36, 0), CHAN5G(38, 0),
190 CHAN5G(40, 0), CHAN5G(42, 0),
191 CHAN5G(44, 0), CHAN5G(46, 0),
192 CHAN5G(48, 0), CHAN5G(50, 0),
193 CHAN5G(52, 0), CHAN5G(54, 0),
194 CHAN5G(56, 0), CHAN5G(58, 0),
195 CHAN5G(60, 0), CHAN5G(62, 0),
196 CHAN5G(64, 0), CHAN5G(66, 0),
197 CHAN5G(68, 0), CHAN5G(70, 0),
198 CHAN5G(72, 0), CHAN5G(74, 0),
199 CHAN5G(76, 0), CHAN5G(78, 0),
200 CHAN5G(80, 0), CHAN5G(82, 0),
201 CHAN5G(84, 0), CHAN5G(86, 0),
202 CHAN5G(88, 0), CHAN5G(90, 0),
203 CHAN5G(92, 0), CHAN5G(94, 0),
204 CHAN5G(96, 0), CHAN5G(98, 0),
205 CHAN5G(100, 0), CHAN5G(102, 0),
206 CHAN5G(104, 0), CHAN5G(106, 0),
207 CHAN5G(108, 0), CHAN5G(110, 0),
208 CHAN5G(112, 0), CHAN5G(114, 0),
209 CHAN5G(116, 0), CHAN5G(118, 0),
210 CHAN5G(120, 0), CHAN5G(122, 0),
211 CHAN5G(124, 0), CHAN5G(126, 0),
212 CHAN5G(128, 0), CHAN5G(130, 0),
213 CHAN5G(132, 0), CHAN5G(134, 0),
214 CHAN5G(136, 0), CHAN5G(138, 0),
215 CHAN5G(140, 0), CHAN5G(142, 0),
216 CHAN5G(144, 0), CHAN5G(145, 0),
217 CHAN5G(146, 0), CHAN5G(147, 0),
218 CHAN5G(148, 0), CHAN5G(149, 0),
219 CHAN5G(150, 0), CHAN5G(151, 0),
220 CHAN5G(152, 0), CHAN5G(153, 0),
221 CHAN5G(154, 0), CHAN5G(155, 0),
222 CHAN5G(156, 0), CHAN5G(157, 0),
223 CHAN5G(158, 0), CHAN5G(159, 0),
224 CHAN5G(160, 0), CHAN5G(161, 0),
225 CHAN5G(162, 0), CHAN5G(163, 0),
226 CHAN5G(164, 0), CHAN5G(165, 0),
227 CHAN5G(166, 0), CHAN5G(168, 0),
228 CHAN5G(170, 0), CHAN5G(172, 0),
229 CHAN5G(174, 0), CHAN5G(176, 0),
230 CHAN5G(178, 0), CHAN5G(180, 0),
231 CHAN5G(182, 0), CHAN5G(184, 0),
232 CHAN5G(186, 0), CHAN5G(188, 0),
233 CHAN5G(190, 0), CHAN5G(192, 0),
234 CHAN5G(194, 0), CHAN5G(196, 0),
235 CHAN5G(198, 0), CHAN5G(200, 0),
236 CHAN5G(202, 0), CHAN5G(204, 0),
237 CHAN5G(206, 0), CHAN5G(208, 0),
238 CHAN5G(210, 0), CHAN5G(212, 0),
239 CHAN5G(214, 0), CHAN5G(216, 0),
240 CHAN5G(218, 0), CHAN5G(220, 0),
241 CHAN5G(222, 0), CHAN5G(224, 0),
242 CHAN5G(226, 0), CHAN5G(228, 0),
245 static struct ieee80211_channel b43_5ghz_aphy_chantable[] = {
246 CHAN5G(34, 0), CHAN5G(36, 0),
247 CHAN5G(38, 0), CHAN5G(40, 0),
248 CHAN5G(42, 0), CHAN5G(44, 0),
249 CHAN5G(46, 0), CHAN5G(48, 0),
250 CHAN5G(52, 0), CHAN5G(56, 0),
251 CHAN5G(60, 0), CHAN5G(64, 0),
252 CHAN5G(100, 0), CHAN5G(104, 0),
253 CHAN5G(108, 0), CHAN5G(112, 0),
254 CHAN5G(116, 0), CHAN5G(120, 0),
255 CHAN5G(124, 0), CHAN5G(128, 0),
256 CHAN5G(132, 0), CHAN5G(136, 0),
257 CHAN5G(140, 0), CHAN5G(149, 0),
258 CHAN5G(153, 0), CHAN5G(157, 0),
259 CHAN5G(161, 0), CHAN5G(165, 0),
260 CHAN5G(184, 0), CHAN5G(188, 0),
261 CHAN5G(192, 0), CHAN5G(196, 0),
262 CHAN5G(200, 0), CHAN5G(204, 0),
263 CHAN5G(208, 0), CHAN5G(212, 0),
268 static struct ieee80211_supported_band b43_band_5GHz_nphy = {
269 .band = IEEE80211_BAND_5GHZ,
270 .channels = b43_5ghz_nphy_chantable,
271 .n_channels = ARRAY_SIZE(b43_5ghz_nphy_chantable),
272 .bitrates = b43_a_ratetable,
273 .n_bitrates = b43_a_ratetable_size,
276 static struct ieee80211_supported_band b43_band_5GHz_aphy = {
277 .band = IEEE80211_BAND_5GHZ,
278 .channels = b43_5ghz_aphy_chantable,
279 .n_channels = ARRAY_SIZE(b43_5ghz_aphy_chantable),
280 .bitrates = b43_a_ratetable,
281 .n_bitrates = b43_a_ratetable_size,
284 static struct ieee80211_supported_band b43_band_2GHz = {
285 .band = IEEE80211_BAND_2GHZ,
286 .channels = b43_2ghz_chantable,
287 .n_channels = ARRAY_SIZE(b43_2ghz_chantable),
288 .bitrates = b43_g_ratetable,
289 .n_bitrates = b43_g_ratetable_size,
292 static void b43_wireless_core_exit(struct b43_wldev *dev);
293 static int b43_wireless_core_init(struct b43_wldev *dev);
294 static struct b43_wldev * b43_wireless_core_stop(struct b43_wldev *dev);
295 static int b43_wireless_core_start(struct b43_wldev *dev);
297 static int b43_ratelimit(struct b43_wl *wl)
299 if (!wl || !wl->current_dev)
301 if (b43_status(wl->current_dev) < B43_STAT_STARTED)
303 /* We are up and running.
304 * Ratelimit the messages to avoid DoS over the net. */
305 return net_ratelimit();
308 void b43info(struct b43_wl *wl, const char *fmt, ...)
312 if (b43_modparam_verbose < B43_VERBOSITY_INFO)
314 if (!b43_ratelimit(wl))
317 printk(KERN_INFO "b43-%s: ",
318 (wl && wl->hw) ? wiphy_name(wl->hw->wiphy) : "wlan");
323 void b43err(struct b43_wl *wl, const char *fmt, ...)
327 if (b43_modparam_verbose < B43_VERBOSITY_ERROR)
329 if (!b43_ratelimit(wl))
332 printk(KERN_ERR "b43-%s ERROR: ",
333 (wl && wl->hw) ? wiphy_name(wl->hw->wiphy) : "wlan");
338 void b43warn(struct b43_wl *wl, const char *fmt, ...)
342 if (b43_modparam_verbose < B43_VERBOSITY_WARN)
344 if (!b43_ratelimit(wl))
347 printk(KERN_WARNING "b43-%s warning: ",
348 (wl && wl->hw) ? wiphy_name(wl->hw->wiphy) : "wlan");
353 void b43dbg(struct b43_wl *wl, const char *fmt, ...)
357 if (b43_modparam_verbose < B43_VERBOSITY_DEBUG)
360 printk(KERN_DEBUG "b43-%s debug: ",
361 (wl && wl->hw) ? wiphy_name(wl->hw->wiphy) : "wlan");
366 static void b43_ram_write(struct b43_wldev *dev, u16 offset, u32 val)
370 B43_WARN_ON(offset % 4 != 0);
372 macctl = b43_read32(dev, B43_MMIO_MACCTL);
373 if (macctl & B43_MACCTL_BE)
376 b43_write32(dev, B43_MMIO_RAM_CONTROL, offset);
378 b43_write32(dev, B43_MMIO_RAM_DATA, val);
381 static inline void b43_shm_control_word(struct b43_wldev *dev,
382 u16 routing, u16 offset)
386 /* "offset" is the WORD offset. */
390 b43_write32(dev, B43_MMIO_SHM_CONTROL, control);
393 u32 b43_shm_read32(struct b43_wldev *dev, u16 routing, u16 offset)
397 if (routing == B43_SHM_SHARED) {
398 B43_WARN_ON(offset & 0x0001);
399 if (offset & 0x0003) {
400 /* Unaligned access */
401 b43_shm_control_word(dev, routing, offset >> 2);
402 ret = b43_read16(dev, B43_MMIO_SHM_DATA_UNALIGNED);
403 b43_shm_control_word(dev, routing, (offset >> 2) + 1);
404 ret |= ((u32)b43_read16(dev, B43_MMIO_SHM_DATA)) << 16;
410 b43_shm_control_word(dev, routing, offset);
411 ret = b43_read32(dev, B43_MMIO_SHM_DATA);
416 u16 b43_shm_read16(struct b43_wldev *dev, u16 routing, u16 offset)
420 if (routing == B43_SHM_SHARED) {
421 B43_WARN_ON(offset & 0x0001);
422 if (offset & 0x0003) {
423 /* Unaligned access */
424 b43_shm_control_word(dev, routing, offset >> 2);
425 ret = b43_read16(dev, B43_MMIO_SHM_DATA_UNALIGNED);
431 b43_shm_control_word(dev, routing, offset);
432 ret = b43_read16(dev, B43_MMIO_SHM_DATA);
437 void b43_shm_write32(struct b43_wldev *dev, u16 routing, u16 offset, u32 value)
439 if (routing == B43_SHM_SHARED) {
440 B43_WARN_ON(offset & 0x0001);
441 if (offset & 0x0003) {
442 /* Unaligned access */
443 b43_shm_control_word(dev, routing, offset >> 2);
444 b43_write16(dev, B43_MMIO_SHM_DATA_UNALIGNED,
446 b43_shm_control_word(dev, routing, (offset >> 2) + 1);
447 b43_write16(dev, B43_MMIO_SHM_DATA,
448 (value >> 16) & 0xFFFF);
453 b43_shm_control_word(dev, routing, offset);
454 b43_write32(dev, B43_MMIO_SHM_DATA, value);
457 void b43_shm_write16(struct b43_wldev *dev, u16 routing, u16 offset, u16 value)
459 if (routing == B43_SHM_SHARED) {
460 B43_WARN_ON(offset & 0x0001);
461 if (offset & 0x0003) {
462 /* Unaligned access */
463 b43_shm_control_word(dev, routing, offset >> 2);
464 b43_write16(dev, B43_MMIO_SHM_DATA_UNALIGNED, value);
469 b43_shm_control_word(dev, routing, offset);
470 b43_write16(dev, B43_MMIO_SHM_DATA, value);
474 u64 b43_hf_read(struct b43_wldev *dev)
478 ret = b43_shm_read16(dev, B43_SHM_SHARED, B43_SHM_SH_HOSTFHI);
480 ret |= b43_shm_read16(dev, B43_SHM_SHARED, B43_SHM_SH_HOSTFMI);
482 ret |= b43_shm_read16(dev, B43_SHM_SHARED, B43_SHM_SH_HOSTFLO);
487 /* Write HostFlags */
488 void b43_hf_write(struct b43_wldev *dev, u64 value)
492 lo = (value & 0x00000000FFFFULL);
493 mi = (value & 0x0000FFFF0000ULL) >> 16;
494 hi = (value & 0xFFFF00000000ULL) >> 32;
495 b43_shm_write16(dev, B43_SHM_SHARED, B43_SHM_SH_HOSTFLO, lo);
496 b43_shm_write16(dev, B43_SHM_SHARED, B43_SHM_SH_HOSTFMI, mi);
497 b43_shm_write16(dev, B43_SHM_SHARED, B43_SHM_SH_HOSTFHI, hi);
500 /* Read the firmware capabilities bitmask (Opensource firmware only) */
501 static u16 b43_fwcapa_read(struct b43_wldev *dev)
503 B43_WARN_ON(!dev->fw.opensource);
504 return b43_shm_read16(dev, B43_SHM_SHARED, B43_SHM_SH_FWCAPA);
507 void b43_tsf_read(struct b43_wldev *dev, u64 *tsf)
511 B43_WARN_ON(dev->dev->id.revision < 3);
513 /* The hardware guarantees us an atomic read, if we
514 * read the low register first. */
515 low = b43_read32(dev, B43_MMIO_REV3PLUS_TSF_LOW);
516 high = b43_read32(dev, B43_MMIO_REV3PLUS_TSF_HIGH);
523 static void b43_time_lock(struct b43_wldev *dev)
527 macctl = b43_read32(dev, B43_MMIO_MACCTL);
528 macctl |= B43_MACCTL_TBTTHOLD;
529 b43_write32(dev, B43_MMIO_MACCTL, macctl);
530 /* Commit the write */
531 b43_read32(dev, B43_MMIO_MACCTL);
534 static void b43_time_unlock(struct b43_wldev *dev)
538 macctl = b43_read32(dev, B43_MMIO_MACCTL);
539 macctl &= ~B43_MACCTL_TBTTHOLD;
540 b43_write32(dev, B43_MMIO_MACCTL, macctl);
541 /* Commit the write */
542 b43_read32(dev, B43_MMIO_MACCTL);
545 static void b43_tsf_write_locked(struct b43_wldev *dev, u64 tsf)
549 B43_WARN_ON(dev->dev->id.revision < 3);
553 /* The hardware guarantees us an atomic write, if we
554 * write the low register first. */
555 b43_write32(dev, B43_MMIO_REV3PLUS_TSF_LOW, low);
557 b43_write32(dev, B43_MMIO_REV3PLUS_TSF_HIGH, high);
561 void b43_tsf_write(struct b43_wldev *dev, u64 tsf)
564 b43_tsf_write_locked(dev, tsf);
565 b43_time_unlock(dev);
569 void b43_macfilter_set(struct b43_wldev *dev, u16 offset, const u8 *mac)
571 static const u8 zero_addr[ETH_ALEN] = { 0 };
578 b43_write16(dev, B43_MMIO_MACFILTER_CONTROL, offset);
582 b43_write16(dev, B43_MMIO_MACFILTER_DATA, data);
585 b43_write16(dev, B43_MMIO_MACFILTER_DATA, data);
588 b43_write16(dev, B43_MMIO_MACFILTER_DATA, data);
591 static void b43_write_mac_bssid_templates(struct b43_wldev *dev)
595 u8 mac_bssid[ETH_ALEN * 2];
599 bssid = dev->wl->bssid;
600 mac = dev->wl->mac_addr;
602 b43_macfilter_set(dev, B43_MACFILTER_BSSID, bssid);
604 memcpy(mac_bssid, mac, ETH_ALEN);
605 memcpy(mac_bssid + ETH_ALEN, bssid, ETH_ALEN);
607 /* Write our MAC address and BSSID to template ram */
608 for (i = 0; i < ARRAY_SIZE(mac_bssid); i += sizeof(u32)) {
609 tmp = (u32) (mac_bssid[i + 0]);
610 tmp |= (u32) (mac_bssid[i + 1]) << 8;
611 tmp |= (u32) (mac_bssid[i + 2]) << 16;
612 tmp |= (u32) (mac_bssid[i + 3]) << 24;
613 b43_ram_write(dev, 0x20 + i, tmp);
617 static void b43_upload_card_macaddress(struct b43_wldev *dev)
619 b43_write_mac_bssid_templates(dev);
620 b43_macfilter_set(dev, B43_MACFILTER_SELF, dev->wl->mac_addr);
623 static void b43_set_slot_time(struct b43_wldev *dev, u16 slot_time)
625 /* slot_time is in usec. */
626 if (dev->phy.type != B43_PHYTYPE_G)
628 b43_write16(dev, 0x684, 510 + slot_time);
629 b43_shm_write16(dev, B43_SHM_SHARED, 0x0010, slot_time);
632 static void b43_short_slot_timing_enable(struct b43_wldev *dev)
634 b43_set_slot_time(dev, 9);
637 static void b43_short_slot_timing_disable(struct b43_wldev *dev)
639 b43_set_slot_time(dev, 20);
642 /* DummyTransmission function, as documented on
643 * http://bcm-v4.sipsolutions.net/802.11/DummyTransmission
645 void b43_dummy_transmission(struct b43_wldev *dev, bool ofdm, bool pa_on)
647 struct b43_phy *phy = &dev->phy;
648 unsigned int i, max_loop;
660 buffer[0] = 0x000201CC;
663 buffer[0] = 0x000B846E;
666 for (i = 0; i < 5; i++)
667 b43_ram_write(dev, i * 4, buffer[i]);
669 b43_write16(dev, 0x0568, 0x0000);
670 if (dev->dev->id.revision < 11)
671 b43_write16(dev, 0x07C0, 0x0000);
673 b43_write16(dev, 0x07C0, 0x0100);
674 value = (ofdm ? 0x41 : 0x40);
675 b43_write16(dev, 0x050C, value);
676 if ((phy->type == B43_PHYTYPE_N) || (phy->type == B43_PHYTYPE_LP))
677 b43_write16(dev, 0x0514, 0x1A02);
678 b43_write16(dev, 0x0508, 0x0000);
679 b43_write16(dev, 0x050A, 0x0000);
680 b43_write16(dev, 0x054C, 0x0000);
681 b43_write16(dev, 0x056A, 0x0014);
682 b43_write16(dev, 0x0568, 0x0826);
683 b43_write16(dev, 0x0500, 0x0000);
684 if (!pa_on && (phy->type == B43_PHYTYPE_N)) {
690 b43_write16(dev, 0x0502, 0x00D0);
693 b43_write16(dev, 0x0502, 0x0050);
696 b43_write16(dev, 0x0502, 0x0030);
699 if (phy->radio_ver == 0x2050 && phy->radio_rev <= 0x5)
700 b43_radio_write16(dev, 0x0051, 0x0017);
701 for (i = 0x00; i < max_loop; i++) {
702 value = b43_read16(dev, 0x050E);
707 for (i = 0x00; i < 0x0A; i++) {
708 value = b43_read16(dev, 0x050E);
713 for (i = 0x00; i < 0x19; i++) {
714 value = b43_read16(dev, 0x0690);
715 if (!(value & 0x0100))
719 if (phy->radio_ver == 0x2050 && phy->radio_rev <= 0x5)
720 b43_radio_write16(dev, 0x0051, 0x0037);
723 static void key_write(struct b43_wldev *dev,
724 u8 index, u8 algorithm, const u8 *key)
731 /* Key index/algo block */
732 kidx = b43_kidx_to_fw(dev, index);
733 value = ((kidx << 4) | algorithm);
734 b43_shm_write16(dev, B43_SHM_SHARED,
735 B43_SHM_SH_KEYIDXBLOCK + (kidx * 2), value);
737 /* Write the key to the Key Table Pointer offset */
738 offset = dev->ktp + (index * B43_SEC_KEYSIZE);
739 for (i = 0; i < B43_SEC_KEYSIZE; i += 2) {
741 value |= (u16) (key[i + 1]) << 8;
742 b43_shm_write16(dev, B43_SHM_SHARED, offset + i, value);
746 static void keymac_write(struct b43_wldev *dev, u8 index, const u8 *addr)
748 u32 addrtmp[2] = { 0, 0, };
749 u8 pairwise_keys_start = B43_NR_GROUP_KEYS * 2;
751 if (b43_new_kidx_api(dev))
752 pairwise_keys_start = B43_NR_GROUP_KEYS;
754 B43_WARN_ON(index < pairwise_keys_start);
755 /* We have four default TX keys and possibly four default RX keys.
756 * Physical mac 0 is mapped to physical key 4 or 8, depending
757 * on the firmware version.
758 * So we must adjust the index here.
760 index -= pairwise_keys_start;
761 B43_WARN_ON(index >= B43_NR_PAIRWISE_KEYS);
764 addrtmp[0] = addr[0];
765 addrtmp[0] |= ((u32) (addr[1]) << 8);
766 addrtmp[0] |= ((u32) (addr[2]) << 16);
767 addrtmp[0] |= ((u32) (addr[3]) << 24);
768 addrtmp[1] = addr[4];
769 addrtmp[1] |= ((u32) (addr[5]) << 8);
772 /* Receive match transmitter address (RCMTA) mechanism */
773 b43_shm_write32(dev, B43_SHM_RCMTA,
774 (index * 2) + 0, addrtmp[0]);
775 b43_shm_write16(dev, B43_SHM_RCMTA,
776 (index * 2) + 1, addrtmp[1]);
779 /* The ucode will use phase1 key with TEK key to decrypt rx packets.
780 * When a packet is received, the iv32 is checked.
781 * - if it doesn't the packet is returned without modification (and software
782 * decryption can be done). That's what happen when iv16 wrap.
783 * - if it does, the rc4 key is computed, and decryption is tried.
784 * Either it will success and B43_RX_MAC_DEC is returned,
785 * either it fails and B43_RX_MAC_DEC|B43_RX_MAC_DECERR is returned
786 * and the packet is not usable (it got modified by the ucode).
787 * So in order to never have B43_RX_MAC_DECERR, we should provide
788 * a iv32 and phase1key that match. Because we drop packets in case of
789 * B43_RX_MAC_DECERR, if we have a correct iv32 but a wrong phase1key, all
790 * packets will be lost without higher layer knowing (ie no resync possible
793 * NOTE : this should support 50 key like RCMTA because
794 * (B43_SHM_SH_KEYIDXBLOCK - B43_SHM_SH_TKIPTSCTTAK)/14 = 50
796 static void rx_tkip_phase1_write(struct b43_wldev *dev, u8 index, u32 iv32,
801 u8 pairwise_keys_start = B43_NR_GROUP_KEYS * 2;
803 if (!modparam_hwtkip)
806 if (b43_new_kidx_api(dev))
807 pairwise_keys_start = B43_NR_GROUP_KEYS;
809 B43_WARN_ON(index < pairwise_keys_start);
810 /* We have four default TX keys and possibly four default RX keys.
811 * Physical mac 0 is mapped to physical key 4 or 8, depending
812 * on the firmware version.
813 * So we must adjust the index here.
815 index -= pairwise_keys_start;
816 B43_WARN_ON(index >= B43_NR_PAIRWISE_KEYS);
818 if (b43_debug(dev, B43_DBG_KEYS)) {
819 b43dbg(dev->wl, "rx_tkip_phase1_write : idx 0x%x, iv32 0x%x\n",
822 /* Write the key to the RX tkip shared mem */
823 offset = B43_SHM_SH_TKIPTSCTTAK + index * (10 + 4);
824 for (i = 0; i < 10; i += 2) {
825 b43_shm_write16(dev, B43_SHM_SHARED, offset + i,
826 phase1key ? phase1key[i / 2] : 0);
828 b43_shm_write16(dev, B43_SHM_SHARED, offset + i, iv32);
829 b43_shm_write16(dev, B43_SHM_SHARED, offset + i + 2, iv32 >> 16);
832 static void b43_op_update_tkip_key(struct ieee80211_hw *hw,
833 struct ieee80211_key_conf *keyconf, const u8 *addr,
834 u32 iv32, u16 *phase1key)
836 struct b43_wl *wl = hw_to_b43_wl(hw);
837 struct b43_wldev *dev;
838 int index = keyconf->hw_key_idx;
840 if (B43_WARN_ON(!modparam_hwtkip))
843 mutex_lock(&wl->mutex);
845 dev = wl->current_dev;
846 if (!dev || b43_status(dev) < B43_STAT_INITIALIZED)
849 keymac_write(dev, index, NULL); /* First zero out mac to avoid race */
851 rx_tkip_phase1_write(dev, index, iv32, phase1key);
852 keymac_write(dev, index, addr);
855 mutex_unlock(&wl->mutex);
858 static void do_key_write(struct b43_wldev *dev,
859 u8 index, u8 algorithm,
860 const u8 *key, size_t key_len, const u8 *mac_addr)
862 u8 buf[B43_SEC_KEYSIZE] = { 0, };
863 u8 pairwise_keys_start = B43_NR_GROUP_KEYS * 2;
865 if (b43_new_kidx_api(dev))
866 pairwise_keys_start = B43_NR_GROUP_KEYS;
868 B43_WARN_ON(index >= ARRAY_SIZE(dev->key));
869 B43_WARN_ON(key_len > B43_SEC_KEYSIZE);
871 if (index >= pairwise_keys_start)
872 keymac_write(dev, index, NULL); /* First zero out mac. */
873 if (algorithm == B43_SEC_ALGO_TKIP) {
875 * We should provide an initial iv32, phase1key pair.
876 * We could start with iv32=0 and compute the corresponding
877 * phase1key, but this means calling ieee80211_get_tkip_key
878 * with a fake skb (or export other tkip function).
879 * Because we are lazy we hope iv32 won't start with
880 * 0xffffffff and let's b43_op_update_tkip_key provide a
883 rx_tkip_phase1_write(dev, index, 0xffffffff, (u16*)buf);
884 } else if (index >= pairwise_keys_start) /* clear it */
885 rx_tkip_phase1_write(dev, index, 0, NULL);
887 memcpy(buf, key, key_len);
888 key_write(dev, index, algorithm, buf);
889 if (index >= pairwise_keys_start)
890 keymac_write(dev, index, mac_addr);
892 dev->key[index].algorithm = algorithm;
895 static int b43_key_write(struct b43_wldev *dev,
896 int index, u8 algorithm,
897 const u8 *key, size_t key_len,
899 struct ieee80211_key_conf *keyconf)
902 int pairwise_keys_start;
904 /* For ALG_TKIP the key is encoded as a 256-bit (32 byte) data block:
905 * - Temporal Encryption Key (128 bits)
906 * - Temporal Authenticator Tx MIC Key (64 bits)
907 * - Temporal Authenticator Rx MIC Key (64 bits)
909 * Hardware only store TEK
911 if (algorithm == B43_SEC_ALGO_TKIP && key_len == 32)
913 if (key_len > B43_SEC_KEYSIZE)
915 for (i = 0; i < ARRAY_SIZE(dev->key); i++) {
916 /* Check that we don't already have this key. */
917 B43_WARN_ON(dev->key[i].keyconf == keyconf);
920 /* Pairwise key. Get an empty slot for the key. */
921 if (b43_new_kidx_api(dev))
922 pairwise_keys_start = B43_NR_GROUP_KEYS;
924 pairwise_keys_start = B43_NR_GROUP_KEYS * 2;
925 for (i = pairwise_keys_start;
926 i < pairwise_keys_start + B43_NR_PAIRWISE_KEYS;
928 B43_WARN_ON(i >= ARRAY_SIZE(dev->key));
929 if (!dev->key[i].keyconf) {
936 b43warn(dev->wl, "Out of hardware key memory\n");
940 B43_WARN_ON(index > 3);
942 do_key_write(dev, index, algorithm, key, key_len, mac_addr);
943 if ((index <= 3) && !b43_new_kidx_api(dev)) {
945 B43_WARN_ON(mac_addr);
946 do_key_write(dev, index + 4, algorithm, key, key_len, NULL);
948 keyconf->hw_key_idx = index;
949 dev->key[index].keyconf = keyconf;
954 static int b43_key_clear(struct b43_wldev *dev, int index)
956 if (B43_WARN_ON((index < 0) || (index >= ARRAY_SIZE(dev->key))))
958 do_key_write(dev, index, B43_SEC_ALGO_NONE,
959 NULL, B43_SEC_KEYSIZE, NULL);
960 if ((index <= 3) && !b43_new_kidx_api(dev)) {
961 do_key_write(dev, index + 4, B43_SEC_ALGO_NONE,
962 NULL, B43_SEC_KEYSIZE, NULL);
964 dev->key[index].keyconf = NULL;
969 static void b43_clear_keys(struct b43_wldev *dev)
973 if (b43_new_kidx_api(dev))
974 count = B43_NR_GROUP_KEYS + B43_NR_PAIRWISE_KEYS;
976 count = B43_NR_GROUP_KEYS * 2 + B43_NR_PAIRWISE_KEYS;
977 for (i = 0; i < count; i++)
978 b43_key_clear(dev, i);
981 static void b43_dump_keymemory(struct b43_wldev *dev)
983 unsigned int i, index, count, offset, pairwise_keys_start;
991 if (!b43_debug(dev, B43_DBG_KEYS))
994 hf = b43_hf_read(dev);
995 b43dbg(dev->wl, "Hardware key memory dump: USEDEFKEYS=%u\n",
996 !!(hf & B43_HF_USEDEFKEYS));
997 if (b43_new_kidx_api(dev)) {
998 pairwise_keys_start = B43_NR_GROUP_KEYS;
999 count = B43_NR_GROUP_KEYS + B43_NR_PAIRWISE_KEYS;
1001 pairwise_keys_start = B43_NR_GROUP_KEYS * 2;
1002 count = B43_NR_GROUP_KEYS * 2 + B43_NR_PAIRWISE_KEYS;
1004 for (index = 0; index < count; index++) {
1005 key = &(dev->key[index]);
1006 printk(KERN_DEBUG "Key slot %02u: %s",
1007 index, (key->keyconf == NULL) ? " " : "*");
1008 offset = dev->ktp + (index * B43_SEC_KEYSIZE);
1009 for (i = 0; i < B43_SEC_KEYSIZE; i += 2) {
1010 u16 tmp = b43_shm_read16(dev, B43_SHM_SHARED, offset + i);
1011 printk("%02X%02X", (tmp & 0xFF), ((tmp >> 8) & 0xFF));
1014 algo = b43_shm_read16(dev, B43_SHM_SHARED,
1015 B43_SHM_SH_KEYIDXBLOCK + (index * 2));
1016 printk(" Algo: %04X/%02X", algo, key->algorithm);
1018 if (index >= pairwise_keys_start) {
1019 if (key->algorithm == B43_SEC_ALGO_TKIP) {
1021 offset = B43_SHM_SH_TKIPTSCTTAK + (index - 4) * (10 + 4);
1022 for (i = 0; i < 14; i += 2) {
1023 u16 tmp = b43_shm_read16(dev, B43_SHM_SHARED, offset + i);
1024 printk("%02X%02X", (tmp & 0xFF), ((tmp >> 8) & 0xFF));
1027 rcmta0 = b43_shm_read32(dev, B43_SHM_RCMTA,
1028 ((index - pairwise_keys_start) * 2) + 0);
1029 rcmta1 = b43_shm_read16(dev, B43_SHM_RCMTA,
1030 ((index - pairwise_keys_start) * 2) + 1);
1031 *((__le32 *)(&mac[0])) = cpu_to_le32(rcmta0);
1032 *((__le16 *)(&mac[4])) = cpu_to_le16(rcmta1);
1033 printk(" MAC: %pM", mac);
1035 printk(" DEFAULT KEY");
1040 void b43_power_saving_ctl_bits(struct b43_wldev *dev, unsigned int ps_flags)
1048 B43_WARN_ON((ps_flags & B43_PS_ENABLED) &&
1049 (ps_flags & B43_PS_DISABLED));
1050 B43_WARN_ON((ps_flags & B43_PS_AWAKE) && (ps_flags & B43_PS_ASLEEP));
1052 if (ps_flags & B43_PS_ENABLED) {
1054 } else if (ps_flags & B43_PS_DISABLED) {
1057 //TODO: If powersave is not off and FIXME is not set and we are not in adhoc
1058 // and thus is not an AP and we are associated, set bit 25
1060 if (ps_flags & B43_PS_AWAKE) {
1062 } else if (ps_flags & B43_PS_ASLEEP) {
1065 //TODO: If the device is awake or this is an AP, or we are scanning, or FIXME,
1066 // or we are associated, or FIXME, or the latest PS-Poll packet sent was
1067 // successful, set bit26
1070 /* FIXME: For now we force awake-on and hwps-off */
1074 macctl = b43_read32(dev, B43_MMIO_MACCTL);
1076 macctl |= B43_MACCTL_HWPS;
1078 macctl &= ~B43_MACCTL_HWPS;
1080 macctl |= B43_MACCTL_AWAKE;
1082 macctl &= ~B43_MACCTL_AWAKE;
1083 b43_write32(dev, B43_MMIO_MACCTL, macctl);
1085 b43_read32(dev, B43_MMIO_MACCTL);
1086 if (awake && dev->dev->id.revision >= 5) {
1087 /* Wait for the microcode to wake up. */
1088 for (i = 0; i < 100; i++) {
1089 ucstat = b43_shm_read16(dev, B43_SHM_SHARED,
1090 B43_SHM_SH_UCODESTAT);
1091 if (ucstat != B43_SHM_SH_UCODESTAT_SLEEP)
1098 void b43_wireless_core_reset(struct b43_wldev *dev, u32 flags)
1103 flags |= B43_TMSLOW_PHYCLKEN;
1104 flags |= B43_TMSLOW_PHYRESET;
1105 ssb_device_enable(dev->dev, flags);
1106 msleep(2); /* Wait for the PLL to turn on. */
1108 /* Now take the PHY out of Reset again */
1109 tmslow = ssb_read32(dev->dev, SSB_TMSLOW);
1110 tmslow |= SSB_TMSLOW_FGC;
1111 tmslow &= ~B43_TMSLOW_PHYRESET;
1112 ssb_write32(dev->dev, SSB_TMSLOW, tmslow);
1113 ssb_read32(dev->dev, SSB_TMSLOW); /* flush */
1115 tmslow &= ~SSB_TMSLOW_FGC;
1116 ssb_write32(dev->dev, SSB_TMSLOW, tmslow);
1117 ssb_read32(dev->dev, SSB_TMSLOW); /* flush */
1120 /* Turn Analog ON, but only if we already know the PHY-type.
1121 * This protects against very early setup where we don't know the
1122 * PHY-type, yet. wireless_core_reset will be called once again later,
1123 * when we know the PHY-type. */
1125 dev->phy.ops->switch_analog(dev, 1);
1127 macctl = b43_read32(dev, B43_MMIO_MACCTL);
1128 macctl &= ~B43_MACCTL_GMODE;
1129 if (flags & B43_TMSLOW_GMODE)
1130 macctl |= B43_MACCTL_GMODE;
1131 macctl |= B43_MACCTL_IHR_ENABLED;
1132 b43_write32(dev, B43_MMIO_MACCTL, macctl);
1135 static void handle_irq_transmit_status(struct b43_wldev *dev)
1139 struct b43_txstatus stat;
1142 v0 = b43_read32(dev, B43_MMIO_XMITSTAT_0);
1143 if (!(v0 & 0x00000001))
1145 v1 = b43_read32(dev, B43_MMIO_XMITSTAT_1);
1147 stat.cookie = (v0 >> 16);
1148 stat.seq = (v1 & 0x0000FFFF);
1149 stat.phy_stat = ((v1 & 0x00FF0000) >> 16);
1150 tmp = (v0 & 0x0000FFFF);
1151 stat.frame_count = ((tmp & 0xF000) >> 12);
1152 stat.rts_count = ((tmp & 0x0F00) >> 8);
1153 stat.supp_reason = ((tmp & 0x001C) >> 2);
1154 stat.pm_indicated = !!(tmp & 0x0080);
1155 stat.intermediate = !!(tmp & 0x0040);
1156 stat.for_ampdu = !!(tmp & 0x0020);
1157 stat.acked = !!(tmp & 0x0002);
1159 b43_handle_txstatus(dev, &stat);
1163 static void drain_txstatus_queue(struct b43_wldev *dev)
1167 if (dev->dev->id.revision < 5)
1169 /* Read all entries from the microcode TXstatus FIFO
1170 * and throw them away.
1173 dummy = b43_read32(dev, B43_MMIO_XMITSTAT_0);
1174 if (!(dummy & 0x00000001))
1176 dummy = b43_read32(dev, B43_MMIO_XMITSTAT_1);
1180 static u32 b43_jssi_read(struct b43_wldev *dev)
1184 val = b43_shm_read16(dev, B43_SHM_SHARED, 0x08A);
1186 val |= b43_shm_read16(dev, B43_SHM_SHARED, 0x088);
1191 static void b43_jssi_write(struct b43_wldev *dev, u32 jssi)
1193 b43_shm_write16(dev, B43_SHM_SHARED, 0x088, (jssi & 0x0000FFFF));
1194 b43_shm_write16(dev, B43_SHM_SHARED, 0x08A, (jssi & 0xFFFF0000) >> 16);
1197 static void b43_generate_noise_sample(struct b43_wldev *dev)
1199 b43_jssi_write(dev, 0x7F7F7F7F);
1200 b43_write32(dev, B43_MMIO_MACCMD,
1201 b43_read32(dev, B43_MMIO_MACCMD) | B43_MACCMD_BGNOISE);
1204 static void b43_calculate_link_quality(struct b43_wldev *dev)
1206 /* Top half of Link Quality calculation. */
1208 if (dev->phy.type != B43_PHYTYPE_G)
1210 if (dev->noisecalc.calculation_running)
1212 dev->noisecalc.calculation_running = 1;
1213 dev->noisecalc.nr_samples = 0;
1215 b43_generate_noise_sample(dev);
1218 static void handle_irq_noise(struct b43_wldev *dev)
1220 struct b43_phy_g *phy = dev->phy.g;
1226 /* Bottom half of Link Quality calculation. */
1228 if (dev->phy.type != B43_PHYTYPE_G)
1231 /* Possible race condition: It might be possible that the user
1232 * changed to a different channel in the meantime since we
1233 * started the calculation. We ignore that fact, since it's
1234 * not really that much of a problem. The background noise is
1235 * an estimation only anyway. Slightly wrong results will get damped
1236 * by the averaging of the 8 sample rounds. Additionally the
1237 * value is shortlived. So it will be replaced by the next noise
1238 * calculation round soon. */
1240 B43_WARN_ON(!dev->noisecalc.calculation_running);
1241 *((__le32 *)noise) = cpu_to_le32(b43_jssi_read(dev));
1242 if (noise[0] == 0x7F || noise[1] == 0x7F ||
1243 noise[2] == 0x7F || noise[3] == 0x7F)
1246 /* Get the noise samples. */
1247 B43_WARN_ON(dev->noisecalc.nr_samples >= 8);
1248 i = dev->noisecalc.nr_samples;
1249 noise[0] = clamp_val(noise[0], 0, ARRAY_SIZE(phy->nrssi_lt) - 1);
1250 noise[1] = clamp_val(noise[1], 0, ARRAY_SIZE(phy->nrssi_lt) - 1);
1251 noise[2] = clamp_val(noise[2], 0, ARRAY_SIZE(phy->nrssi_lt) - 1);
1252 noise[3] = clamp_val(noise[3], 0, ARRAY_SIZE(phy->nrssi_lt) - 1);
1253 dev->noisecalc.samples[i][0] = phy->nrssi_lt[noise[0]];
1254 dev->noisecalc.samples[i][1] = phy->nrssi_lt[noise[1]];
1255 dev->noisecalc.samples[i][2] = phy->nrssi_lt[noise[2]];
1256 dev->noisecalc.samples[i][3] = phy->nrssi_lt[noise[3]];
1257 dev->noisecalc.nr_samples++;
1258 if (dev->noisecalc.nr_samples == 8) {
1259 /* Calculate the Link Quality by the noise samples. */
1261 for (i = 0; i < 8; i++) {
1262 for (j = 0; j < 4; j++)
1263 average += dev->noisecalc.samples[i][j];
1269 tmp = b43_shm_read16(dev, B43_SHM_SHARED, 0x40C);
1270 tmp = (tmp / 128) & 0x1F;
1280 dev->stats.link_noise = average;
1281 dev->noisecalc.calculation_running = 0;
1285 b43_generate_noise_sample(dev);
1288 static void handle_irq_tbtt_indication(struct b43_wldev *dev)
1290 if (b43_is_mode(dev->wl, NL80211_IFTYPE_AP)) {
1293 if (1 /*FIXME: the last PSpoll frame was sent successfully */ )
1294 b43_power_saving_ctl_bits(dev, 0);
1296 if (b43_is_mode(dev->wl, NL80211_IFTYPE_ADHOC))
1300 static void handle_irq_atim_end(struct b43_wldev *dev)
1302 if (dev->dfq_valid) {
1303 b43_write32(dev, B43_MMIO_MACCMD,
1304 b43_read32(dev, B43_MMIO_MACCMD)
1305 | B43_MACCMD_DFQ_VALID);
1310 static void handle_irq_pmq(struct b43_wldev *dev)
1317 tmp = b43_read32(dev, B43_MMIO_PS_STATUS);
1318 if (!(tmp & 0x00000008))
1321 /* 16bit write is odd, but correct. */
1322 b43_write16(dev, B43_MMIO_PS_STATUS, 0x0002);
1325 static void b43_write_template_common(struct b43_wldev *dev,
1326 const u8 *data, u16 size,
1328 u16 shm_size_offset, u8 rate)
1331 struct b43_plcp_hdr4 plcp;
1334 b43_generate_plcp_hdr(&plcp, size + FCS_LEN, rate);
1335 b43_ram_write(dev, ram_offset, le32_to_cpu(plcp.data));
1336 ram_offset += sizeof(u32);
1337 /* The PLCP is 6 bytes long, but we only wrote 4 bytes, yet.
1338 * So leave the first two bytes of the next write blank.
1340 tmp = (u32) (data[0]) << 16;
1341 tmp |= (u32) (data[1]) << 24;
1342 b43_ram_write(dev, ram_offset, tmp);
1343 ram_offset += sizeof(u32);
1344 for (i = 2; i < size; i += sizeof(u32)) {
1345 tmp = (u32) (data[i + 0]);
1347 tmp |= (u32) (data[i + 1]) << 8;
1349 tmp |= (u32) (data[i + 2]) << 16;
1351 tmp |= (u32) (data[i + 3]) << 24;
1352 b43_ram_write(dev, ram_offset + i - 2, tmp);
1354 b43_shm_write16(dev, B43_SHM_SHARED, shm_size_offset,
1355 size + sizeof(struct b43_plcp_hdr6));
1358 /* Check if the use of the antenna that ieee80211 told us to
1359 * use is possible. This will fall back to DEFAULT.
1360 * "antenna_nr" is the antenna identifier we got from ieee80211. */
1361 u8 b43_ieee80211_antenna_sanitize(struct b43_wldev *dev,
1366 if (antenna_nr == 0) {
1367 /* Zero means "use default antenna". That's always OK. */
1371 /* Get the mask of available antennas. */
1373 antenna_mask = dev->dev->bus->sprom.ant_available_bg;
1375 antenna_mask = dev->dev->bus->sprom.ant_available_a;
1377 if (!(antenna_mask & (1 << (antenna_nr - 1)))) {
1378 /* This antenna is not available. Fall back to default. */
1385 /* Convert a b43 antenna number value to the PHY TX control value. */
1386 static u16 b43_antenna_to_phyctl(int antenna)
1390 return B43_TXH_PHY_ANT0;
1392 return B43_TXH_PHY_ANT1;
1394 return B43_TXH_PHY_ANT2;
1396 return B43_TXH_PHY_ANT3;
1397 case B43_ANTENNA_AUTO0:
1398 case B43_ANTENNA_AUTO1:
1399 return B43_TXH_PHY_ANT01AUTO;
1405 static void b43_write_beacon_template(struct b43_wldev *dev,
1407 u16 shm_size_offset)
1409 unsigned int i, len, variable_len;
1410 const struct ieee80211_mgmt *bcn;
1416 struct ieee80211_tx_info *info = IEEE80211_SKB_CB(dev->wl->current_beacon);
1418 bcn = (const struct ieee80211_mgmt *)(dev->wl->current_beacon->data);
1419 len = min((size_t) dev->wl->current_beacon->len,
1420 0x200 - sizeof(struct b43_plcp_hdr6));
1421 rate = ieee80211_get_tx_rate(dev->wl->hw, info)->hw_value;
1423 b43_write_template_common(dev, (const u8 *)bcn,
1424 len, ram_offset, shm_size_offset, rate);
1426 /* Write the PHY TX control parameters. */
1427 antenna = B43_ANTENNA_DEFAULT;
1428 antenna = b43_antenna_to_phyctl(antenna);
1429 ctl = b43_shm_read16(dev, B43_SHM_SHARED, B43_SHM_SH_BEACPHYCTL);
1430 /* We can't send beacons with short preamble. Would get PHY errors. */
1431 ctl &= ~B43_TXH_PHY_SHORTPRMBL;
1432 ctl &= ~B43_TXH_PHY_ANT;
1433 ctl &= ~B43_TXH_PHY_ENC;
1435 if (b43_is_cck_rate(rate))
1436 ctl |= B43_TXH_PHY_ENC_CCK;
1438 ctl |= B43_TXH_PHY_ENC_OFDM;
1439 b43_shm_write16(dev, B43_SHM_SHARED, B43_SHM_SH_BEACPHYCTL, ctl);
1441 /* Find the position of the TIM and the DTIM_period value
1442 * and write them to SHM. */
1443 ie = bcn->u.beacon.variable;
1444 variable_len = len - offsetof(struct ieee80211_mgmt, u.beacon.variable);
1445 for (i = 0; i < variable_len - 2; ) {
1446 uint8_t ie_id, ie_len;
1453 /* This is the TIM Information Element */
1455 /* Check whether the ie_len is in the beacon data range. */
1456 if (variable_len < ie_len + 2 + i)
1458 /* A valid TIM is at least 4 bytes long. */
1463 tim_position = sizeof(struct b43_plcp_hdr6);
1464 tim_position += offsetof(struct ieee80211_mgmt, u.beacon.variable);
1467 dtim_period = ie[i + 3];
1469 b43_shm_write16(dev, B43_SHM_SHARED,
1470 B43_SHM_SH_TIMBPOS, tim_position);
1471 b43_shm_write16(dev, B43_SHM_SHARED,
1472 B43_SHM_SH_DTIMPER, dtim_period);
1479 * If ucode wants to modify TIM do it behind the beacon, this
1480 * will happen, for example, when doing mesh networking.
1482 b43_shm_write16(dev, B43_SHM_SHARED,
1484 len + sizeof(struct b43_plcp_hdr6));
1485 b43_shm_write16(dev, B43_SHM_SHARED,
1486 B43_SHM_SH_DTIMPER, 0);
1488 b43dbg(dev->wl, "Updated beacon template at 0x%x\n", ram_offset);
1491 static void b43_upload_beacon0(struct b43_wldev *dev)
1493 struct b43_wl *wl = dev->wl;
1495 if (wl->beacon0_uploaded)
1497 b43_write_beacon_template(dev, 0x68, 0x18);
1498 wl->beacon0_uploaded = 1;
1501 static void b43_upload_beacon1(struct b43_wldev *dev)
1503 struct b43_wl *wl = dev->wl;
1505 if (wl->beacon1_uploaded)
1507 b43_write_beacon_template(dev, 0x468, 0x1A);
1508 wl->beacon1_uploaded = 1;
1511 static void handle_irq_beacon(struct b43_wldev *dev)
1513 struct b43_wl *wl = dev->wl;
1514 u32 cmd, beacon0_valid, beacon1_valid;
1516 if (!b43_is_mode(wl, NL80211_IFTYPE_AP) &&
1517 !b43_is_mode(wl, NL80211_IFTYPE_MESH_POINT))
1520 /* This is the bottom half of the asynchronous beacon update. */
1522 /* Ignore interrupt in the future. */
1523 dev->irq_mask &= ~B43_IRQ_BEACON;
1525 cmd = b43_read32(dev, B43_MMIO_MACCMD);
1526 beacon0_valid = (cmd & B43_MACCMD_BEACON0_VALID);
1527 beacon1_valid = (cmd & B43_MACCMD_BEACON1_VALID);
1529 /* Schedule interrupt manually, if busy. */
1530 if (beacon0_valid && beacon1_valid) {
1531 b43_write32(dev, B43_MMIO_GEN_IRQ_REASON, B43_IRQ_BEACON);
1532 dev->irq_mask |= B43_IRQ_BEACON;
1536 if (unlikely(wl->beacon_templates_virgin)) {
1537 /* We never uploaded a beacon before.
1538 * Upload both templates now, but only mark one valid. */
1539 wl->beacon_templates_virgin = 0;
1540 b43_upload_beacon0(dev);
1541 b43_upload_beacon1(dev);
1542 cmd = b43_read32(dev, B43_MMIO_MACCMD);
1543 cmd |= B43_MACCMD_BEACON0_VALID;
1544 b43_write32(dev, B43_MMIO_MACCMD, cmd);
1546 if (!beacon0_valid) {
1547 b43_upload_beacon0(dev);
1548 cmd = b43_read32(dev, B43_MMIO_MACCMD);
1549 cmd |= B43_MACCMD_BEACON0_VALID;
1550 b43_write32(dev, B43_MMIO_MACCMD, cmd);
1551 } else if (!beacon1_valid) {
1552 b43_upload_beacon1(dev);
1553 cmd = b43_read32(dev, B43_MMIO_MACCMD);
1554 cmd |= B43_MACCMD_BEACON1_VALID;
1555 b43_write32(dev, B43_MMIO_MACCMD, cmd);
1560 static void b43_do_beacon_update_trigger_work(struct b43_wldev *dev)
1562 u32 old_irq_mask = dev->irq_mask;
1564 /* update beacon right away or defer to irq */
1565 handle_irq_beacon(dev);
1566 if (old_irq_mask != dev->irq_mask) {
1567 /* The handler updated the IRQ mask. */
1568 B43_WARN_ON(!dev->irq_mask);
1569 if (b43_read32(dev, B43_MMIO_GEN_IRQ_MASK)) {
1570 b43_write32(dev, B43_MMIO_GEN_IRQ_MASK, dev->irq_mask);
1572 /* Device interrupts are currently disabled. That means
1573 * we just ran the hardirq handler and scheduled the
1574 * IRQ thread. The thread will write the IRQ mask when
1575 * it finished, so there's nothing to do here. Writing
1576 * the mask _here_ would incorrectly re-enable IRQs. */
1581 static void b43_beacon_update_trigger_work(struct work_struct *work)
1583 struct b43_wl *wl = container_of(work, struct b43_wl,
1584 beacon_update_trigger);
1585 struct b43_wldev *dev;
1587 mutex_lock(&wl->mutex);
1588 dev = wl->current_dev;
1589 if (likely(dev && (b43_status(dev) >= B43_STAT_INITIALIZED))) {
1590 if (0 /*FIXME dev->dev->bus->bustype == SSB_BUSTYPE_SDIO*/) {
1591 /* wl->mutex is enough. */
1592 b43_do_beacon_update_trigger_work(dev);
1595 spin_lock_irq(&wl->hardirq_lock);
1596 b43_do_beacon_update_trigger_work(dev);
1598 spin_unlock_irq(&wl->hardirq_lock);
1601 mutex_unlock(&wl->mutex);
1604 /* Asynchronously update the packet templates in template RAM.
1605 * Locking: Requires wl->mutex to be locked. */
1606 static void b43_update_templates(struct b43_wl *wl)
1608 struct sk_buff *beacon;
1610 /* This is the top half of the ansynchronous beacon update.
1611 * The bottom half is the beacon IRQ.
1612 * Beacon update must be asynchronous to avoid sending an
1613 * invalid beacon. This can happen for example, if the firmware
1614 * transmits a beacon while we are updating it. */
1616 /* We could modify the existing beacon and set the aid bit in
1617 * the TIM field, but that would probably require resizing and
1618 * moving of data within the beacon template.
1619 * Simply request a new beacon and let mac80211 do the hard work. */
1620 beacon = ieee80211_beacon_get(wl->hw, wl->vif);
1621 if (unlikely(!beacon))
1624 if (wl->current_beacon)
1625 dev_kfree_skb_any(wl->current_beacon);
1626 wl->current_beacon = beacon;
1627 wl->beacon0_uploaded = 0;
1628 wl->beacon1_uploaded = 0;
1629 ieee80211_queue_work(wl->hw, &wl->beacon_update_trigger);
1632 static void b43_set_beacon_int(struct b43_wldev *dev, u16 beacon_int)
1635 if (dev->dev->id.revision >= 3) {
1636 b43_write32(dev, B43_MMIO_TSF_CFP_REP, (beacon_int << 16));
1637 b43_write32(dev, B43_MMIO_TSF_CFP_START, (beacon_int << 10));
1639 b43_write16(dev, 0x606, (beacon_int >> 6));
1640 b43_write16(dev, 0x610, beacon_int);
1642 b43_time_unlock(dev);
1643 b43dbg(dev->wl, "Set beacon interval to %u\n", beacon_int);
1646 static void b43_handle_firmware_panic(struct b43_wldev *dev)
1650 /* Read the register that contains the reason code for the panic. */
1651 reason = b43_shm_read16(dev, B43_SHM_SCRATCH, B43_FWPANIC_REASON_REG);
1652 b43err(dev->wl, "Whoopsy, firmware panic! Reason: %u\n", reason);
1656 b43dbg(dev->wl, "The panic reason is unknown.\n");
1658 case B43_FWPANIC_DIE:
1659 /* Do not restart the controller or firmware.
1660 * The device is nonfunctional from now on.
1661 * Restarting would result in this panic to trigger again,
1662 * so we avoid that recursion. */
1664 case B43_FWPANIC_RESTART:
1665 b43_controller_restart(dev, "Microcode panic");
1670 static void handle_irq_ucode_debug(struct b43_wldev *dev)
1672 unsigned int i, cnt;
1673 u16 reason, marker_id, marker_line;
1676 /* The proprietary firmware doesn't have this IRQ. */
1677 if (!dev->fw.opensource)
1680 /* Read the register that contains the reason code for this IRQ. */
1681 reason = b43_shm_read16(dev, B43_SHM_SCRATCH, B43_DEBUGIRQ_REASON_REG);
1684 case B43_DEBUGIRQ_PANIC:
1685 b43_handle_firmware_panic(dev);
1687 case B43_DEBUGIRQ_DUMP_SHM:
1689 break; /* Only with driver debugging enabled. */
1690 buf = kmalloc(4096, GFP_ATOMIC);
1692 b43dbg(dev->wl, "SHM-dump: Failed to allocate memory\n");
1695 for (i = 0; i < 4096; i += 2) {
1696 u16 tmp = b43_shm_read16(dev, B43_SHM_SHARED, i);
1697 buf[i / 2] = cpu_to_le16(tmp);
1699 b43info(dev->wl, "Shared memory dump:\n");
1700 print_hex_dump(KERN_INFO, "", DUMP_PREFIX_OFFSET,
1701 16, 2, buf, 4096, 1);
1704 case B43_DEBUGIRQ_DUMP_REGS:
1706 break; /* Only with driver debugging enabled. */
1707 b43info(dev->wl, "Microcode register dump:\n");
1708 for (i = 0, cnt = 0; i < 64; i++) {
1709 u16 tmp = b43_shm_read16(dev, B43_SHM_SCRATCH, i);
1712 printk("r%02u: 0x%04X ", i, tmp);
1721 case B43_DEBUGIRQ_MARKER:
1723 break; /* Only with driver debugging enabled. */
1724 marker_id = b43_shm_read16(dev, B43_SHM_SCRATCH,
1726 marker_line = b43_shm_read16(dev, B43_SHM_SCRATCH,
1727 B43_MARKER_LINE_REG);
1728 b43info(dev->wl, "The firmware just executed the MARKER(%u) "
1729 "at line number %u\n",
1730 marker_id, marker_line);
1733 b43dbg(dev->wl, "Debug-IRQ triggered for unknown reason: %u\n",
1737 /* Acknowledge the debug-IRQ, so the firmware can continue. */
1738 b43_shm_write16(dev, B43_SHM_SCRATCH,
1739 B43_DEBUGIRQ_REASON_REG, B43_DEBUGIRQ_ACK);
1742 static void b43_do_interrupt_thread(struct b43_wldev *dev)
1745 u32 dma_reason[ARRAY_SIZE(dev->dma_reason)];
1746 u32 merged_dma_reason = 0;
1749 if (unlikely(b43_status(dev) != B43_STAT_STARTED))
1752 reason = dev->irq_reason;
1753 for (i = 0; i < ARRAY_SIZE(dma_reason); i++) {
1754 dma_reason[i] = dev->dma_reason[i];
1755 merged_dma_reason |= dma_reason[i];
1758 if (unlikely(reason & B43_IRQ_MAC_TXERR))
1759 b43err(dev->wl, "MAC transmission error\n");
1761 if (unlikely(reason & B43_IRQ_PHY_TXERR)) {
1762 b43err(dev->wl, "PHY transmission error\n");
1764 if (unlikely(atomic_dec_and_test(&dev->phy.txerr_cnt))) {
1765 atomic_set(&dev->phy.txerr_cnt,
1766 B43_PHY_TX_BADNESS_LIMIT);
1767 b43err(dev->wl, "Too many PHY TX errors, "
1768 "restarting the controller\n");
1769 b43_controller_restart(dev, "PHY TX errors");
1773 if (unlikely(merged_dma_reason & (B43_DMAIRQ_FATALMASK |
1774 B43_DMAIRQ_NONFATALMASK))) {
1775 if (merged_dma_reason & B43_DMAIRQ_FATALMASK) {
1776 b43err(dev->wl, "Fatal DMA error: "
1777 "0x%08X, 0x%08X, 0x%08X, "
1778 "0x%08X, 0x%08X, 0x%08X\n",
1779 dma_reason[0], dma_reason[1],
1780 dma_reason[2], dma_reason[3],
1781 dma_reason[4], dma_reason[5]);
1782 b43_controller_restart(dev, "DMA error");
1785 if (merged_dma_reason & B43_DMAIRQ_NONFATALMASK) {
1786 b43err(dev->wl, "DMA error: "
1787 "0x%08X, 0x%08X, 0x%08X, "
1788 "0x%08X, 0x%08X, 0x%08X\n",
1789 dma_reason[0], dma_reason[1],
1790 dma_reason[2], dma_reason[3],
1791 dma_reason[4], dma_reason[5]);
1795 if (unlikely(reason & B43_IRQ_UCODE_DEBUG))
1796 handle_irq_ucode_debug(dev);
1797 if (reason & B43_IRQ_TBTT_INDI)
1798 handle_irq_tbtt_indication(dev);
1799 if (reason & B43_IRQ_ATIM_END)
1800 handle_irq_atim_end(dev);
1801 if (reason & B43_IRQ_BEACON)
1802 handle_irq_beacon(dev);
1803 if (reason & B43_IRQ_PMQ)
1804 handle_irq_pmq(dev);
1805 if (reason & B43_IRQ_TXFIFO_FLUSH_OK)
1807 if (reason & B43_IRQ_NOISESAMPLE_OK)
1808 handle_irq_noise(dev);
1810 /* Check the DMA reason registers for received data. */
1811 if (dma_reason[0] & B43_DMAIRQ_RX_DONE) {
1812 if (b43_using_pio_transfers(dev))
1813 b43_pio_rx(dev->pio.rx_queue);
1815 b43_dma_rx(dev->dma.rx_ring);
1817 B43_WARN_ON(dma_reason[1] & B43_DMAIRQ_RX_DONE);
1818 B43_WARN_ON(dma_reason[2] & B43_DMAIRQ_RX_DONE);
1819 B43_WARN_ON(dma_reason[3] & B43_DMAIRQ_RX_DONE);
1820 B43_WARN_ON(dma_reason[4] & B43_DMAIRQ_RX_DONE);
1821 B43_WARN_ON(dma_reason[5] & B43_DMAIRQ_RX_DONE);
1823 if (reason & B43_IRQ_TX_OK)
1824 handle_irq_transmit_status(dev);
1826 /* Re-enable interrupts on the device by restoring the current interrupt mask. */
1827 b43_write32(dev, B43_MMIO_GEN_IRQ_MASK, dev->irq_mask);
1830 /* Interrupt thread handler. Handles device interrupts in thread context. */
1831 static irqreturn_t b43_interrupt_thread_handler(int irq, void *dev_id)
1833 struct b43_wldev *dev = dev_id;
1835 mutex_lock(&dev->wl->mutex);
1836 b43_do_interrupt_thread(dev);
1838 mutex_unlock(&dev->wl->mutex);
1843 static irqreturn_t b43_do_interrupt(struct b43_wldev *dev)
1847 /* This code runs under wl->hardirq_lock, but _only_ on non-SDIO busses.
1848 * On SDIO, this runs under wl->mutex. */
1850 reason = b43_read32(dev, B43_MMIO_GEN_IRQ_REASON);
1851 if (reason == 0xffffffff) /* shared IRQ */
1853 reason &= dev->irq_mask;
1857 dev->dma_reason[0] = b43_read32(dev, B43_MMIO_DMA0_REASON)
1859 dev->dma_reason[1] = b43_read32(dev, B43_MMIO_DMA1_REASON)
1861 dev->dma_reason[2] = b43_read32(dev, B43_MMIO_DMA2_REASON)
1863 dev->dma_reason[3] = b43_read32(dev, B43_MMIO_DMA3_REASON)
1865 dev->dma_reason[4] = b43_read32(dev, B43_MMIO_DMA4_REASON)
1868 dev->dma_reason[5] = b43_read32(dev, B43_MMIO_DMA5_REASON)
1872 /* ACK the interrupt. */
1873 b43_write32(dev, B43_MMIO_GEN_IRQ_REASON, reason);
1874 b43_write32(dev, B43_MMIO_DMA0_REASON, dev->dma_reason[0]);
1875 b43_write32(dev, B43_MMIO_DMA1_REASON, dev->dma_reason[1]);
1876 b43_write32(dev, B43_MMIO_DMA2_REASON, dev->dma_reason[2]);
1877 b43_write32(dev, B43_MMIO_DMA3_REASON, dev->dma_reason[3]);
1878 b43_write32(dev, B43_MMIO_DMA4_REASON, dev->dma_reason[4]);
1880 b43_write32(dev, B43_MMIO_DMA5_REASON, dev->dma_reason[5]);
1883 /* Disable IRQs on the device. The IRQ thread handler will re-enable them. */
1884 b43_write32(dev, B43_MMIO_GEN_IRQ_MASK, 0);
1885 /* Save the reason bitmasks for the IRQ thread handler. */
1886 dev->irq_reason = reason;
1888 return IRQ_WAKE_THREAD;
1891 /* Interrupt handler top-half. This runs with interrupts disabled. */
1892 static irqreturn_t b43_interrupt_handler(int irq, void *dev_id)
1894 struct b43_wldev *dev = dev_id;
1897 if (unlikely(b43_status(dev) < B43_STAT_STARTED))
1900 spin_lock(&dev->wl->hardirq_lock);
1901 ret = b43_do_interrupt(dev);
1903 spin_unlock(&dev->wl->hardirq_lock);
1908 void b43_do_release_fw(struct b43_firmware_file *fw)
1910 release_firmware(fw->data);
1912 fw->filename = NULL;
1915 static void b43_release_firmware(struct b43_wldev *dev)
1917 b43_do_release_fw(&dev->fw.ucode);
1918 b43_do_release_fw(&dev->fw.pcm);
1919 b43_do_release_fw(&dev->fw.initvals);
1920 b43_do_release_fw(&dev->fw.initvals_band);
1923 static void b43_print_fw_helptext(struct b43_wl *wl, bool error)
1927 "http://wireless.kernel.org/en/users/Drivers/b43#devicefirmware " \
1928 "and download the correct firmware for this driver version. " \
1929 "Please carefully read all instructions on this website.\n";
1937 int b43_do_request_fw(struct b43_request_fw_context *ctx,
1939 struct b43_firmware_file *fw)
1941 const struct firmware *blob;
1942 struct b43_fw_header *hdr;
1947 /* Don't fetch anything. Free possibly cached firmware. */
1948 /* FIXME: We should probably keep it anyway, to save some headache
1949 * on suspend/resume with multiband devices. */
1950 b43_do_release_fw(fw);
1954 if ((fw->type == ctx->req_type) &&
1955 (strcmp(fw->filename, name) == 0))
1956 return 0; /* Already have this fw. */
1957 /* Free the cached firmware first. */
1958 /* FIXME: We should probably do this later after we successfully
1959 * got the new fw. This could reduce headache with multiband devices.
1960 * We could also redesign this to cache the firmware for all possible
1961 * bands all the time. */
1962 b43_do_release_fw(fw);
1965 switch (ctx->req_type) {
1966 case B43_FWTYPE_PROPRIETARY:
1967 snprintf(ctx->fwname, sizeof(ctx->fwname),
1969 modparam_fwpostfix, name);
1971 case B43_FWTYPE_OPENSOURCE:
1972 snprintf(ctx->fwname, sizeof(ctx->fwname),
1974 modparam_fwpostfix, name);
1980 err = request_firmware(&blob, ctx->fwname, ctx->dev->dev->dev);
1981 if (err == -ENOENT) {
1982 snprintf(ctx->errors[ctx->req_type],
1983 sizeof(ctx->errors[ctx->req_type]),
1984 "Firmware file \"%s\" not found\n", ctx->fwname);
1987 snprintf(ctx->errors[ctx->req_type],
1988 sizeof(ctx->errors[ctx->req_type]),
1989 "Firmware file \"%s\" request failed (err=%d)\n",
1993 if (blob->size < sizeof(struct b43_fw_header))
1995 hdr = (struct b43_fw_header *)(blob->data);
1996 switch (hdr->type) {
1997 case B43_FW_TYPE_UCODE:
1998 case B43_FW_TYPE_PCM:
1999 size = be32_to_cpu(hdr->size);
2000 if (size != blob->size - sizeof(struct b43_fw_header))
2003 case B43_FW_TYPE_IV:
2012 fw->filename = name;
2013 fw->type = ctx->req_type;
2018 snprintf(ctx->errors[ctx->req_type],
2019 sizeof(ctx->errors[ctx->req_type]),
2020 "Firmware file \"%s\" format error.\n", ctx->fwname);
2021 release_firmware(blob);
2026 static int b43_try_request_fw(struct b43_request_fw_context *ctx)
2028 struct b43_wldev *dev = ctx->dev;
2029 struct b43_firmware *fw = &ctx->dev->fw;
2030 const u8 rev = ctx->dev->dev->id.revision;
2031 const char *filename;
2036 tmshigh = ssb_read32(dev->dev, SSB_TMSHIGH);
2037 if ((rev >= 5) && (rev <= 10))
2038 filename = "ucode5";
2039 else if ((rev >= 11) && (rev <= 12))
2040 filename = "ucode11";
2042 filename = "ucode13";
2044 filename = "ucode14";
2046 filename = "ucode15";
2049 err = b43_do_request_fw(ctx, filename, &fw->ucode);
2054 if ((rev >= 5) && (rev <= 10))
2060 fw->pcm_request_failed = 0;
2061 err = b43_do_request_fw(ctx, filename, &fw->pcm);
2062 if (err == -ENOENT) {
2063 /* We did not find a PCM file? Not fatal, but
2064 * core rev <= 10 must do without hwcrypto then. */
2065 fw->pcm_request_failed = 1;
2070 switch (dev->phy.type) {
2072 if ((rev >= 5) && (rev <= 10)) {
2073 if (tmshigh & B43_TMSHIGH_HAVE_2GHZ_PHY)
2074 filename = "a0g1initvals5";
2076 filename = "a0g0initvals5";
2078 goto err_no_initvals;
2081 if ((rev >= 5) && (rev <= 10))
2082 filename = "b0g0initvals5";
2084 filename = "b0g0initvals13";
2086 goto err_no_initvals;
2089 if ((rev >= 11) && (rev <= 12))
2090 filename = "n0initvals11";
2092 goto err_no_initvals;
2094 case B43_PHYTYPE_LP:
2096 filename = "lp0initvals13";
2098 filename = "lp0initvals14";
2100 filename = "lp0initvals15";
2102 goto err_no_initvals;
2105 goto err_no_initvals;
2107 err = b43_do_request_fw(ctx, filename, &fw->initvals);
2111 /* Get bandswitch initvals */
2112 switch (dev->phy.type) {
2114 if ((rev >= 5) && (rev <= 10)) {
2115 if (tmshigh & B43_TMSHIGH_HAVE_2GHZ_PHY)
2116 filename = "a0g1bsinitvals5";
2118 filename = "a0g0bsinitvals5";
2119 } else if (rev >= 11)
2122 goto err_no_initvals;
2125 if ((rev >= 5) && (rev <= 10))
2126 filename = "b0g0bsinitvals5";
2130 goto err_no_initvals;
2133 if ((rev >= 11) && (rev <= 12))
2134 filename = "n0bsinitvals11";
2136 goto err_no_initvals;
2138 case B43_PHYTYPE_LP:
2140 filename = "lp0bsinitvals13";
2142 filename = "lp0bsinitvals14";
2144 filename = "lp0bsinitvals15";
2146 goto err_no_initvals;
2149 goto err_no_initvals;
2151 err = b43_do_request_fw(ctx, filename, &fw->initvals_band);
2158 err = ctx->fatal_failure = -EOPNOTSUPP;
2159 b43err(dev->wl, "The driver does not know which firmware (ucode) "
2160 "is required for your device (wl-core rev %u)\n", rev);
2164 err = ctx->fatal_failure = -EOPNOTSUPP;
2165 b43err(dev->wl, "The driver does not know which firmware (PCM) "
2166 "is required for your device (wl-core rev %u)\n", rev);
2170 err = ctx->fatal_failure = -EOPNOTSUPP;
2171 b43err(dev->wl, "The driver does not know which firmware (initvals) "
2172 "is required for your device (wl-core rev %u)\n", rev);
2176 /* We failed to load this firmware image. The error message
2177 * already is in ctx->errors. Return and let our caller decide
2182 b43_release_firmware(dev);
2186 static int b43_request_firmware(struct b43_wldev *dev)
2188 struct b43_request_fw_context *ctx;
2193 ctx = kzalloc(sizeof(*ctx), GFP_KERNEL);
2198 ctx->req_type = B43_FWTYPE_PROPRIETARY;
2199 err = b43_try_request_fw(ctx);
2201 goto out; /* Successfully loaded it. */
2202 err = ctx->fatal_failure;
2206 ctx->req_type = B43_FWTYPE_OPENSOURCE;
2207 err = b43_try_request_fw(ctx);
2209 goto out; /* Successfully loaded it. */
2210 err = ctx->fatal_failure;
2214 /* Could not find a usable firmware. Print the errors. */
2215 for (i = 0; i < B43_NR_FWTYPES; i++) {
2216 errmsg = ctx->errors[i];
2218 b43err(dev->wl, errmsg);
2220 b43_print_fw_helptext(dev->wl, 1);
2228 static int b43_upload_microcode(struct b43_wldev *dev)
2230 const size_t hdr_len = sizeof(struct b43_fw_header);
2232 unsigned int i, len;
2233 u16 fwrev, fwpatch, fwdate, fwtime;
2237 /* Jump the microcode PSM to offset 0 */
2238 macctl = b43_read32(dev, B43_MMIO_MACCTL);
2239 B43_WARN_ON(macctl & B43_MACCTL_PSM_RUN);
2240 macctl |= B43_MACCTL_PSM_JMP0;
2241 b43_write32(dev, B43_MMIO_MACCTL, macctl);
2242 /* Zero out all microcode PSM registers and shared memory. */
2243 for (i = 0; i < 64; i++)
2244 b43_shm_write16(dev, B43_SHM_SCRATCH, i, 0);
2245 for (i = 0; i < 4096; i += 2)
2246 b43_shm_write16(dev, B43_SHM_SHARED, i, 0);
2248 /* Upload Microcode. */
2249 data = (__be32 *) (dev->fw.ucode.data->data + hdr_len);
2250 len = (dev->fw.ucode.data->size - hdr_len) / sizeof(__be32);
2251 b43_shm_control_word(dev, B43_SHM_UCODE | B43_SHM_AUTOINC_W, 0x0000);
2252 for (i = 0; i < len; i++) {
2253 b43_write32(dev, B43_MMIO_SHM_DATA, be32_to_cpu(data[i]));
2257 if (dev->fw.pcm.data) {
2258 /* Upload PCM data. */
2259 data = (__be32 *) (dev->fw.pcm.data->data + hdr_len);
2260 len = (dev->fw.pcm.data->size - hdr_len) / sizeof(__be32);
2261 b43_shm_control_word(dev, B43_SHM_HW, 0x01EA);
2262 b43_write32(dev, B43_MMIO_SHM_DATA, 0x00004000);
2263 /* No need for autoinc bit in SHM_HW */
2264 b43_shm_control_word(dev, B43_SHM_HW, 0x01EB);
2265 for (i = 0; i < len; i++) {
2266 b43_write32(dev, B43_MMIO_SHM_DATA, be32_to_cpu(data[i]));
2271 b43_write32(dev, B43_MMIO_GEN_IRQ_REASON, B43_IRQ_ALL);
2273 /* Start the microcode PSM */
2274 macctl = b43_read32(dev, B43_MMIO_MACCTL);
2275 macctl &= ~B43_MACCTL_PSM_JMP0;
2276 macctl |= B43_MACCTL_PSM_RUN;
2277 b43_write32(dev, B43_MMIO_MACCTL, macctl);
2279 /* Wait for the microcode to load and respond */
2282 tmp = b43_read32(dev, B43_MMIO_GEN_IRQ_REASON);
2283 if (tmp == B43_IRQ_MAC_SUSPENDED)
2287 b43err(dev->wl, "Microcode not responding\n");
2288 b43_print_fw_helptext(dev->wl, 1);
2294 b43_read32(dev, B43_MMIO_GEN_IRQ_REASON); /* dummy read */
2296 /* Get and check the revisions. */
2297 fwrev = b43_shm_read16(dev, B43_SHM_SHARED, B43_SHM_SH_UCODEREV);
2298 fwpatch = b43_shm_read16(dev, B43_SHM_SHARED, B43_SHM_SH_UCODEPATCH);
2299 fwdate = b43_shm_read16(dev, B43_SHM_SHARED, B43_SHM_SH_UCODEDATE);
2300 fwtime = b43_shm_read16(dev, B43_SHM_SHARED, B43_SHM_SH_UCODETIME);
2302 if (fwrev <= 0x128) {
2303 b43err(dev->wl, "YOUR FIRMWARE IS TOO OLD. Firmware from "
2304 "binary drivers older than version 4.x is unsupported. "
2305 "You must upgrade your firmware files.\n");
2306 b43_print_fw_helptext(dev->wl, 1);
2310 dev->fw.rev = fwrev;
2311 dev->fw.patch = fwpatch;
2312 dev->fw.opensource = (fwdate == 0xFFFF);
2314 /* Default to use-all-queues. */
2315 dev->wl->hw->queues = dev->wl->mac80211_initially_registered_queues;
2316 dev->qos_enabled = !!modparam_qos;
2317 /* Default to firmware/hardware crypto acceleration. */
2318 dev->hwcrypto_enabled = 1;
2320 if (dev->fw.opensource) {
2323 /* Patchlevel info is encoded in the "time" field. */
2324 dev->fw.patch = fwtime;
2325 b43info(dev->wl, "Loading OpenSource firmware version %u.%u\n",
2326 dev->fw.rev, dev->fw.patch);
2328 fwcapa = b43_fwcapa_read(dev);
2329 if (!(fwcapa & B43_FWCAPA_HWCRYPTO) || dev->fw.pcm_request_failed) {
2330 b43info(dev->wl, "Hardware crypto acceleration not supported by firmware\n");
2331 /* Disable hardware crypto and fall back to software crypto. */
2332 dev->hwcrypto_enabled = 0;
2334 if (!(fwcapa & B43_FWCAPA_QOS)) {
2335 b43info(dev->wl, "QoS not supported by firmware\n");
2336 /* Disable QoS. Tweak hw->queues to 1. It will be restored before
2337 * ieee80211_unregister to make sure the networking core can
2338 * properly free possible resources. */
2339 dev->wl->hw->queues = 1;
2340 dev->qos_enabled = 0;
2343 b43info(dev->wl, "Loading firmware version %u.%u "
2344 "(20%.2i-%.2i-%.2i %.2i:%.2i:%.2i)\n",
2346 (fwdate >> 12) & 0xF, (fwdate >> 8) & 0xF, fwdate & 0xFF,
2347 (fwtime >> 11) & 0x1F, (fwtime >> 5) & 0x3F, fwtime & 0x1F);
2348 if (dev->fw.pcm_request_failed) {
2349 b43warn(dev->wl, "No \"pcm5.fw\" firmware file found. "
2350 "Hardware accelerated cryptography is disabled.\n");
2351 b43_print_fw_helptext(dev->wl, 0);
2355 if (b43_is_old_txhdr_format(dev)) {
2356 /* We're over the deadline, but we keep support for old fw
2357 * until it turns out to be in major conflict with something new. */
2358 b43warn(dev->wl, "You are using an old firmware image. "
2359 "Support for old firmware will be removed soon "
2360 "(official deadline was July 2008).\n");
2361 b43_print_fw_helptext(dev->wl, 0);
2367 macctl = b43_read32(dev, B43_MMIO_MACCTL);
2368 macctl &= ~B43_MACCTL_PSM_RUN;
2369 macctl |= B43_MACCTL_PSM_JMP0;
2370 b43_write32(dev, B43_MMIO_MACCTL, macctl);
2375 static int b43_write_initvals(struct b43_wldev *dev,
2376 const struct b43_iv *ivals,
2380 const struct b43_iv *iv;
2385 BUILD_BUG_ON(sizeof(struct b43_iv) != 6);
2387 for (i = 0; i < count; i++) {
2388 if (array_size < sizeof(iv->offset_size))
2390 array_size -= sizeof(iv->offset_size);
2391 offset = be16_to_cpu(iv->offset_size);
2392 bit32 = !!(offset & B43_IV_32BIT);
2393 offset &= B43_IV_OFFSET_MASK;
2394 if (offset >= 0x1000)
2399 if (array_size < sizeof(iv->data.d32))
2401 array_size -= sizeof(iv->data.d32);
2403 value = get_unaligned_be32(&iv->data.d32);
2404 b43_write32(dev, offset, value);
2406 iv = (const struct b43_iv *)((const uint8_t *)iv +
2412 if (array_size < sizeof(iv->data.d16))
2414 array_size -= sizeof(iv->data.d16);
2416 value = be16_to_cpu(iv->data.d16);
2417 b43_write16(dev, offset, value);
2419 iv = (const struct b43_iv *)((const uint8_t *)iv +
2430 b43err(dev->wl, "Initial Values Firmware file-format error.\n");
2431 b43_print_fw_helptext(dev->wl, 1);
2436 static int b43_upload_initvals(struct b43_wldev *dev)
2438 const size_t hdr_len = sizeof(struct b43_fw_header);
2439 const struct b43_fw_header *hdr;
2440 struct b43_firmware *fw = &dev->fw;
2441 const struct b43_iv *ivals;
2445 hdr = (const struct b43_fw_header *)(fw->initvals.data->data);
2446 ivals = (const struct b43_iv *)(fw->initvals.data->data + hdr_len);
2447 count = be32_to_cpu(hdr->size);
2448 err = b43_write_initvals(dev, ivals, count,
2449 fw->initvals.data->size - hdr_len);
2452 if (fw->initvals_band.data) {
2453 hdr = (const struct b43_fw_header *)(fw->initvals_band.data->data);
2454 ivals = (const struct b43_iv *)(fw->initvals_band.data->data + hdr_len);
2455 count = be32_to_cpu(hdr->size);
2456 err = b43_write_initvals(dev, ivals, count,
2457 fw->initvals_band.data->size - hdr_len);
2466 /* Initialize the GPIOs
2467 * http://bcm-specs.sipsolutions.net/GPIO
2469 static int b43_gpio_init(struct b43_wldev *dev)
2471 struct ssb_bus *bus = dev->dev->bus;
2472 struct ssb_device *gpiodev, *pcidev = NULL;
2475 b43_write32(dev, B43_MMIO_MACCTL, b43_read32(dev, B43_MMIO_MACCTL)
2476 & ~B43_MACCTL_GPOUTSMSK);
2478 b43_write16(dev, B43_MMIO_GPIO_MASK, b43_read16(dev, B43_MMIO_GPIO_MASK)
2483 if (dev->dev->bus->chip_id == 0x4301) {
2487 if (0 /* FIXME: conditional unknown */ ) {
2488 b43_write16(dev, B43_MMIO_GPIO_MASK,
2489 b43_read16(dev, B43_MMIO_GPIO_MASK)
2494 if (dev->dev->bus->sprom.boardflags_lo & B43_BFL_PACTRL) {
2495 b43_write16(dev, B43_MMIO_GPIO_MASK,
2496 b43_read16(dev, B43_MMIO_GPIO_MASK)
2501 if (dev->dev->id.revision >= 2)
2502 mask |= 0x0010; /* FIXME: This is redundant. */
2504 #ifdef CONFIG_SSB_DRIVER_PCICORE
2505 pcidev = bus->pcicore.dev;
2507 gpiodev = bus->chipco.dev ? : pcidev;
2510 ssb_write32(gpiodev, B43_GPIO_CONTROL,
2511 (ssb_read32(gpiodev, B43_GPIO_CONTROL)
2517 /* Turn off all GPIO stuff. Call this on module unload, for example. */
2518 static void b43_gpio_cleanup(struct b43_wldev *dev)
2520 struct ssb_bus *bus = dev->dev->bus;
2521 struct ssb_device *gpiodev, *pcidev = NULL;
2523 #ifdef CONFIG_SSB_DRIVER_PCICORE
2524 pcidev = bus->pcicore.dev;
2526 gpiodev = bus->chipco.dev ? : pcidev;
2529 ssb_write32(gpiodev, B43_GPIO_CONTROL, 0);
2532 /* http://bcm-specs.sipsolutions.net/EnableMac */
2533 void b43_mac_enable(struct b43_wldev *dev)
2535 if (b43_debug(dev, B43_DBG_FIRMWARE)) {
2538 fwstate = b43_shm_read16(dev, B43_SHM_SHARED,
2539 B43_SHM_SH_UCODESTAT);
2540 if ((fwstate != B43_SHM_SH_UCODESTAT_SUSP) &&
2541 (fwstate != B43_SHM_SH_UCODESTAT_SLEEP)) {
2542 b43err(dev->wl, "b43_mac_enable(): The firmware "
2543 "should be suspended, but current state is %u\n",
2548 dev->mac_suspended--;
2549 B43_WARN_ON(dev->mac_suspended < 0);
2550 if (dev->mac_suspended == 0) {
2551 b43_write32(dev, B43_MMIO_MACCTL,
2552 b43_read32(dev, B43_MMIO_MACCTL)
2553 | B43_MACCTL_ENABLED);
2554 b43_write32(dev, B43_MMIO_GEN_IRQ_REASON,
2555 B43_IRQ_MAC_SUSPENDED);
2557 b43_read32(dev, B43_MMIO_MACCTL);
2558 b43_read32(dev, B43_MMIO_GEN_IRQ_REASON);
2559 b43_power_saving_ctl_bits(dev, 0);
2563 /* http://bcm-specs.sipsolutions.net/SuspendMAC */
2564 void b43_mac_suspend(struct b43_wldev *dev)
2570 B43_WARN_ON(dev->mac_suspended < 0);
2572 if (dev->mac_suspended == 0) {
2573 b43_power_saving_ctl_bits(dev, B43_PS_AWAKE);
2574 b43_write32(dev, B43_MMIO_MACCTL,
2575 b43_read32(dev, B43_MMIO_MACCTL)
2576 & ~B43_MACCTL_ENABLED);
2577 /* force pci to flush the write */
2578 b43_read32(dev, B43_MMIO_MACCTL);
2579 for (i = 35; i; i--) {
2580 tmp = b43_read32(dev, B43_MMIO_GEN_IRQ_REASON);
2581 if (tmp & B43_IRQ_MAC_SUSPENDED)
2585 /* Hm, it seems this will take some time. Use msleep(). */
2586 for (i = 40; i; i--) {
2587 tmp = b43_read32(dev, B43_MMIO_GEN_IRQ_REASON);
2588 if (tmp & B43_IRQ_MAC_SUSPENDED)
2592 b43err(dev->wl, "MAC suspend failed\n");
2595 dev->mac_suspended++;
2598 static void b43_adjust_opmode(struct b43_wldev *dev)
2600 struct b43_wl *wl = dev->wl;
2604 ctl = b43_read32(dev, B43_MMIO_MACCTL);
2605 /* Reset status to STA infrastructure mode. */
2606 ctl &= ~B43_MACCTL_AP;
2607 ctl &= ~B43_MACCTL_KEEP_CTL;
2608 ctl &= ~B43_MACCTL_KEEP_BADPLCP;
2609 ctl &= ~B43_MACCTL_KEEP_BAD;
2610 ctl &= ~B43_MACCTL_PROMISC;
2611 ctl &= ~B43_MACCTL_BEACPROMISC;
2612 ctl |= B43_MACCTL_INFRA;
2614 if (b43_is_mode(wl, NL80211_IFTYPE_AP) ||
2615 b43_is_mode(wl, NL80211_IFTYPE_MESH_POINT))
2616 ctl |= B43_MACCTL_AP;
2617 else if (b43_is_mode(wl, NL80211_IFTYPE_ADHOC))
2618 ctl &= ~B43_MACCTL_INFRA;
2620 if (wl->filter_flags & FIF_CONTROL)
2621 ctl |= B43_MACCTL_KEEP_CTL;
2622 if (wl->filter_flags & FIF_FCSFAIL)
2623 ctl |= B43_MACCTL_KEEP_BAD;
2624 if (wl->filter_flags & FIF_PLCPFAIL)
2625 ctl |= B43_MACCTL_KEEP_BADPLCP;
2626 if (wl->filter_flags & FIF_PROMISC_IN_BSS)
2627 ctl |= B43_MACCTL_PROMISC;
2628 if (wl->filter_flags & FIF_BCN_PRBRESP_PROMISC)
2629 ctl |= B43_MACCTL_BEACPROMISC;
2631 /* Workaround: On old hardware the HW-MAC-address-filter
2632 * doesn't work properly, so always run promisc in filter
2633 * it in software. */
2634 if (dev->dev->id.revision <= 4)
2635 ctl |= B43_MACCTL_PROMISC;
2637 b43_write32(dev, B43_MMIO_MACCTL, ctl);
2640 if ((ctl & B43_MACCTL_INFRA) && !(ctl & B43_MACCTL_AP)) {
2641 if (dev->dev->bus->chip_id == 0x4306 &&
2642 dev->dev->bus->chip_rev == 3)
2647 b43_write16(dev, 0x612, cfp_pretbtt);
2650 static void b43_rate_memory_write(struct b43_wldev *dev, u16 rate, int is_ofdm)
2656 offset += (b43_plcp_get_ratecode_ofdm(rate) & 0x000F) * 2;
2659 offset += (b43_plcp_get_ratecode_cck(rate) & 0x000F) * 2;
2661 b43_shm_write16(dev, B43_SHM_SHARED, offset + 0x20,
2662 b43_shm_read16(dev, B43_SHM_SHARED, offset));
2665 static void b43_rate_memory_init(struct b43_wldev *dev)
2667 switch (dev->phy.type) {
2671 case B43_PHYTYPE_LP:
2672 b43_rate_memory_write(dev, B43_OFDM_RATE_6MB, 1);
2673 b43_rate_memory_write(dev, B43_OFDM_RATE_12MB, 1);
2674 b43_rate_memory_write(dev, B43_OFDM_RATE_18MB, 1);
2675 b43_rate_memory_write(dev, B43_OFDM_RATE_24MB, 1);
2676 b43_rate_memory_write(dev, B43_OFDM_RATE_36MB, 1);
2677 b43_rate_memory_write(dev, B43_OFDM_RATE_48MB, 1);
2678 b43_rate_memory_write(dev, B43_OFDM_RATE_54MB, 1);
2679 if (dev->phy.type == B43_PHYTYPE_A)
2683 b43_rate_memory_write(dev, B43_CCK_RATE_1MB, 0);
2684 b43_rate_memory_write(dev, B43_CCK_RATE_2MB, 0);
2685 b43_rate_memory_write(dev, B43_CCK_RATE_5MB, 0);
2686 b43_rate_memory_write(dev, B43_CCK_RATE_11MB, 0);
2693 /* Set the default values for the PHY TX Control Words. */
2694 static void b43_set_phytxctl_defaults(struct b43_wldev *dev)
2698 ctl |= B43_TXH_PHY_ENC_CCK;
2699 ctl |= B43_TXH_PHY_ANT01AUTO;
2700 ctl |= B43_TXH_PHY_TXPWR;
2702 b43_shm_write16(dev, B43_SHM_SHARED, B43_SHM_SH_BEACPHYCTL, ctl);
2703 b43_shm_write16(dev, B43_SHM_SHARED, B43_SHM_SH_ACKCTSPHYCTL, ctl);
2704 b43_shm_write16(dev, B43_SHM_SHARED, B43_SHM_SH_PRPHYCTL, ctl);
2707 /* Set the TX-Antenna for management frames sent by firmware. */
2708 static void b43_mgmtframe_txantenna(struct b43_wldev *dev, int antenna)
2713 ant = b43_antenna_to_phyctl(antenna);
2716 tmp = b43_shm_read16(dev, B43_SHM_SHARED, B43_SHM_SH_ACKCTSPHYCTL);
2717 tmp = (tmp & ~B43_TXH_PHY_ANT) | ant;
2718 b43_shm_write16(dev, B43_SHM_SHARED, B43_SHM_SH_ACKCTSPHYCTL, tmp);
2719 /* For Probe Resposes */
2720 tmp = b43_shm_read16(dev, B43_SHM_SHARED, B43_SHM_SH_PRPHYCTL);
2721 tmp = (tmp & ~B43_TXH_PHY_ANT) | ant;
2722 b43_shm_write16(dev, B43_SHM_SHARED, B43_SHM_SH_PRPHYCTL, tmp);
2725 /* This is the opposite of b43_chip_init() */
2726 static void b43_chip_exit(struct b43_wldev *dev)
2729 b43_gpio_cleanup(dev);
2730 /* firmware is released later */
2733 /* Initialize the chip
2734 * http://bcm-specs.sipsolutions.net/ChipInit
2736 static int b43_chip_init(struct b43_wldev *dev)
2738 struct b43_phy *phy = &dev->phy;
2740 u32 value32, macctl;
2743 /* Initialize the MAC control */
2744 macctl = B43_MACCTL_IHR_ENABLED | B43_MACCTL_SHM_ENABLED;
2746 macctl |= B43_MACCTL_GMODE;
2747 macctl |= B43_MACCTL_INFRA;
2748 b43_write32(dev, B43_MMIO_MACCTL, macctl);
2750 err = b43_request_firmware(dev);
2753 err = b43_upload_microcode(dev);
2755 goto out; /* firmware is released later */
2757 err = b43_gpio_init(dev);
2759 goto out; /* firmware is released later */
2761 err = b43_upload_initvals(dev);
2763 goto err_gpio_clean;
2765 /* Turn the Analog on and initialize the PHY. */
2766 phy->ops->switch_analog(dev, 1);
2767 err = b43_phy_init(dev);
2769 goto err_gpio_clean;
2771 /* Disable Interference Mitigation. */
2772 if (phy->ops->interf_mitigation)
2773 phy->ops->interf_mitigation(dev, B43_INTERFMODE_NONE);
2775 /* Select the antennae */
2776 if (phy->ops->set_rx_antenna)
2777 phy->ops->set_rx_antenna(dev, B43_ANTENNA_DEFAULT);
2778 b43_mgmtframe_txantenna(dev, B43_ANTENNA_DEFAULT);
2780 if (phy->type == B43_PHYTYPE_B) {
2781 value16 = b43_read16(dev, 0x005E);
2783 b43_write16(dev, 0x005E, value16);
2785 b43_write32(dev, 0x0100, 0x01000000);
2786 if (dev->dev->id.revision < 5)
2787 b43_write32(dev, 0x010C, 0x01000000);
2789 b43_write32(dev, B43_MMIO_MACCTL, b43_read32(dev, B43_MMIO_MACCTL)
2790 & ~B43_MACCTL_INFRA);
2791 b43_write32(dev, B43_MMIO_MACCTL, b43_read32(dev, B43_MMIO_MACCTL)
2792 | B43_MACCTL_INFRA);
2794 /* Probe Response Timeout value */
2795 /* FIXME: Default to 0, has to be set by ioctl probably... :-/ */
2796 b43_shm_write16(dev, B43_SHM_SHARED, 0x0074, 0x0000);
2798 /* Initially set the wireless operation mode. */
2799 b43_adjust_opmode(dev);
2801 if (dev->dev->id.revision < 3) {
2802 b43_write16(dev, 0x060E, 0x0000);
2803 b43_write16(dev, 0x0610, 0x8000);
2804 b43_write16(dev, 0x0604, 0x0000);
2805 b43_write16(dev, 0x0606, 0x0200);
2807 b43_write32(dev, 0x0188, 0x80000000);
2808 b43_write32(dev, 0x018C, 0x02000000);
2810 b43_write32(dev, B43_MMIO_GEN_IRQ_REASON, 0x00004000);
2811 b43_write32(dev, B43_MMIO_DMA0_IRQ_MASK, 0x0001DC00);
2812 b43_write32(dev, B43_MMIO_DMA1_IRQ_MASK, 0x0000DC00);
2813 b43_write32(dev, B43_MMIO_DMA2_IRQ_MASK, 0x0000DC00);
2814 b43_write32(dev, B43_MMIO_DMA3_IRQ_MASK, 0x0001DC00);
2815 b43_write32(dev, B43_MMIO_DMA4_IRQ_MASK, 0x0000DC00);
2816 b43_write32(dev, B43_MMIO_DMA5_IRQ_MASK, 0x0000DC00);
2818 value32 = ssb_read32(dev->dev, SSB_TMSLOW);
2819 value32 |= 0x00100000;
2820 ssb_write32(dev->dev, SSB_TMSLOW, value32);
2822 b43_write16(dev, B43_MMIO_POWERUP_DELAY,
2823 dev->dev->bus->chipco.fast_pwrup_delay);
2826 b43dbg(dev->wl, "Chip initialized\n");
2831 b43_gpio_cleanup(dev);
2835 static void b43_periodic_every60sec(struct b43_wldev *dev)
2837 const struct b43_phy_operations *ops = dev->phy.ops;
2839 if (ops->pwork_60sec)
2840 ops->pwork_60sec(dev);
2842 /* Force check the TX power emission now. */
2843 b43_phy_txpower_check(dev, B43_TXPWR_IGNORE_TIME);
2846 static void b43_periodic_every30sec(struct b43_wldev *dev)
2848 /* Update device statistics. */
2849 b43_calculate_link_quality(dev);
2852 static void b43_periodic_every15sec(struct b43_wldev *dev)
2854 struct b43_phy *phy = &dev->phy;
2857 if (dev->fw.opensource) {
2858 /* Check if the firmware is still alive.
2859 * It will reset the watchdog counter to 0 in its idle loop. */
2860 wdr = b43_shm_read16(dev, B43_SHM_SCRATCH, B43_WATCHDOG_REG);
2861 if (unlikely(wdr)) {
2862 b43err(dev->wl, "Firmware watchdog: The firmware died!\n");
2863 b43_controller_restart(dev, "Firmware watchdog");
2866 b43_shm_write16(dev, B43_SHM_SCRATCH,
2867 B43_WATCHDOG_REG, 1);
2871 if (phy->ops->pwork_15sec)
2872 phy->ops->pwork_15sec(dev);
2874 atomic_set(&phy->txerr_cnt, B43_PHY_TX_BADNESS_LIMIT);
2878 static void do_periodic_work(struct b43_wldev *dev)
2882 state = dev->periodic_state;
2884 b43_periodic_every60sec(dev);
2886 b43_periodic_every30sec(dev);
2887 b43_periodic_every15sec(dev);
2890 /* Periodic work locking policy:
2891 * The whole periodic work handler is protected by
2892 * wl->mutex. If another lock is needed somewhere in the
2893 * pwork callchain, it's aquired in-place, where it's needed.
2895 static void b43_periodic_work_handler(struct work_struct *work)
2897 struct b43_wldev *dev = container_of(work, struct b43_wldev,
2898 periodic_work.work);
2899 struct b43_wl *wl = dev->wl;
2900 unsigned long delay;
2902 mutex_lock(&wl->mutex);
2904 if (unlikely(b43_status(dev) != B43_STAT_STARTED))
2906 if (b43_debug(dev, B43_DBG_PWORK_STOP))
2909 do_periodic_work(dev);
2911 dev->periodic_state++;
2913 if (b43_debug(dev, B43_DBG_PWORK_FAST))
2914 delay = msecs_to_jiffies(50);
2916 delay = round_jiffies_relative(HZ * 15);
2917 ieee80211_queue_delayed_work(wl->hw, &dev->periodic_work, delay);
2919 mutex_unlock(&wl->mutex);
2922 static void b43_periodic_tasks_setup(struct b43_wldev *dev)
2924 struct delayed_work *work = &dev->periodic_work;
2926 dev->periodic_state = 0;
2927 INIT_DELAYED_WORK(work, b43_periodic_work_handler);
2928 ieee80211_queue_delayed_work(dev->wl->hw, work, 0);
2931 /* Check if communication with the device works correctly. */
2932 static int b43_validate_chipaccess(struct b43_wldev *dev)
2934 u32 v, backup0, backup4;
2936 backup0 = b43_shm_read32(dev, B43_SHM_SHARED, 0);
2937 backup4 = b43_shm_read32(dev, B43_SHM_SHARED, 4);
2939 /* Check for read/write and endianness problems. */
2940 b43_shm_write32(dev, B43_SHM_SHARED, 0, 0x55AAAA55);
2941 if (b43_shm_read32(dev, B43_SHM_SHARED, 0) != 0x55AAAA55)
2943 b43_shm_write32(dev, B43_SHM_SHARED, 0, 0xAA5555AA);
2944 if (b43_shm_read32(dev, B43_SHM_SHARED, 0) != 0xAA5555AA)
2947 /* Check if unaligned 32bit SHM_SHARED access works properly.
2948 * However, don't bail out on failure, because it's noncritical. */
2949 b43_shm_write16(dev, B43_SHM_SHARED, 0, 0x1122);
2950 b43_shm_write16(dev, B43_SHM_SHARED, 2, 0x3344);
2951 b43_shm_write16(dev, B43_SHM_SHARED, 4, 0x5566);
2952 b43_shm_write16(dev, B43_SHM_SHARED, 6, 0x7788);
2953 if (b43_shm_read32(dev, B43_SHM_SHARED, 2) != 0x55663344)
2954 b43warn(dev->wl, "Unaligned 32bit SHM read access is broken\n");
2955 b43_shm_write32(dev, B43_SHM_SHARED, 2, 0xAABBCCDD);
2956 if (b43_shm_read16(dev, B43_SHM_SHARED, 0) != 0x1122 ||
2957 b43_shm_read16(dev, B43_SHM_SHARED, 2) != 0xCCDD ||
2958 b43_shm_read16(dev, B43_SHM_SHARED, 4) != 0xAABB ||
2959 b43_shm_read16(dev, B43_SHM_SHARED, 6) != 0x7788)
2960 b43warn(dev->wl, "Unaligned 32bit SHM write access is broken\n");
2962 b43_shm_write32(dev, B43_SHM_SHARED, 0, backup0);
2963 b43_shm_write32(dev, B43_SHM_SHARED, 4, backup4);
2965 if ((dev->dev->id.revision >= 3) && (dev->dev->id.revision <= 10)) {
2966 /* The 32bit register shadows the two 16bit registers
2967 * with update sideeffects. Validate this. */
2968 b43_write16(dev, B43_MMIO_TSF_CFP_START, 0xAAAA);
2969 b43_write32(dev, B43_MMIO_TSF_CFP_START, 0xCCCCBBBB);
2970 if (b43_read16(dev, B43_MMIO_TSF_CFP_START_LOW) != 0xBBBB)
2972 if (b43_read16(dev, B43_MMIO_TSF_CFP_START_HIGH) != 0xCCCC)
2975 b43_write32(dev, B43_MMIO_TSF_CFP_START, 0);
2977 v = b43_read32(dev, B43_MMIO_MACCTL);
2978 v |= B43_MACCTL_GMODE;
2979 if (v != (B43_MACCTL_GMODE | B43_MACCTL_IHR_ENABLED))
2984 b43err(dev->wl, "Failed to validate the chipaccess\n");
2988 static void b43_security_init(struct b43_wldev *dev)
2990 dev->ktp = b43_shm_read16(dev, B43_SHM_SHARED, B43_SHM_SH_KTP);
2991 /* KTP is a word address, but we address SHM bytewise.
2992 * So multiply by two.
2995 /* Number of RCMTA address slots */
2996 b43_write16(dev, B43_MMIO_RCMTA_COUNT, B43_NR_PAIRWISE_KEYS);
2997 /* Clear the key memory. */
2998 b43_clear_keys(dev);
3001 #ifdef CONFIG_B43_HWRNG
3002 static int b43_rng_read(struct hwrng *rng, u32 *data)
3004 struct b43_wl *wl = (struct b43_wl *)rng->priv;
3005 struct b43_wldev *dev;
3006 int count = -ENODEV;
3008 mutex_lock(&wl->mutex);
3009 dev = wl->current_dev;
3010 if (likely(dev && b43_status(dev) >= B43_STAT_INITIALIZED)) {
3011 *data = b43_read16(dev, B43_MMIO_RNG);
3012 count = sizeof(u16);
3014 mutex_unlock(&wl->mutex);
3018 #endif /* CONFIG_B43_HWRNG */
3020 static void b43_rng_exit(struct b43_wl *wl)
3022 #ifdef CONFIG_B43_HWRNG
3023 if (wl->rng_initialized)
3024 hwrng_unregister(&wl->rng);
3025 #endif /* CONFIG_B43_HWRNG */
3028 static int b43_rng_init(struct b43_wl *wl)
3032 #ifdef CONFIG_B43_HWRNG
3033 snprintf(wl->rng_name, ARRAY_SIZE(wl->rng_name),
3034 "%s_%s", KBUILD_MODNAME, wiphy_name(wl->hw->wiphy));
3035 wl->rng.name = wl->rng_name;
3036 wl->rng.data_read = b43_rng_read;
3037 wl->rng.priv = (unsigned long)wl;
3038 wl->rng_initialized = 1;
3039 err = hwrng_register(&wl->rng);
3041 wl->rng_initialized = 0;
3042 b43err(wl, "Failed to register the random "
3043 "number generator (%d)\n", err);
3045 #endif /* CONFIG_B43_HWRNG */
3050 static void b43_tx_work(struct work_struct *work)
3052 struct b43_wl *wl = container_of(work, struct b43_wl, tx_work);
3053 struct b43_wldev *dev;
3054 struct sk_buff *skb;
3057 mutex_lock(&wl->mutex);
3058 dev = wl->current_dev;
3059 if (unlikely(!dev || b43_status(dev) < B43_STAT_STARTED)) {
3060 mutex_unlock(&wl->mutex);
3064 while (skb_queue_len(&wl->tx_queue)) {
3065 skb = skb_dequeue(&wl->tx_queue);
3067 if (b43_using_pio_transfers(dev))
3068 err = b43_pio_tx(dev, skb);
3070 err = b43_dma_tx(dev, skb);
3072 dev_kfree_skb(skb); /* Drop it */
3075 mutex_unlock(&wl->mutex);
3078 static int b43_op_tx(struct ieee80211_hw *hw,
3079 struct sk_buff *skb)
3081 struct b43_wl *wl = hw_to_b43_wl(hw);
3083 if (unlikely(skb->len < 2 + 2 + 6)) {
3084 /* Too short, this can't be a valid frame. */
3085 dev_kfree_skb_any(skb);
3086 return NETDEV_TX_OK;
3088 B43_WARN_ON(skb_shinfo(skb)->nr_frags);
3090 skb_queue_tail(&wl->tx_queue, skb);
3091 ieee80211_queue_work(wl->hw, &wl->tx_work);
3093 return NETDEV_TX_OK;
3096 static void b43_qos_params_upload(struct b43_wldev *dev,
3097 const struct ieee80211_tx_queue_params *p,
3100 u16 params[B43_NR_QOSPARAMS];
3104 if (!dev->qos_enabled)
3107 bslots = b43_read16(dev, B43_MMIO_RNG) & p->cw_min;
3109 memset(¶ms, 0, sizeof(params));
3111 params[B43_QOSPARAM_TXOP] = p->txop * 32;
3112 params[B43_QOSPARAM_CWMIN] = p->cw_min;
3113 params[B43_QOSPARAM_CWMAX] = p->cw_max;
3114 params[B43_QOSPARAM_CWCUR] = p->cw_min;
3115 params[B43_QOSPARAM_AIFS] = p->aifs;
3116 params[B43_QOSPARAM_BSLOTS] = bslots;
3117 params[B43_QOSPARAM_REGGAP] = bslots + p->aifs;
3119 for (i = 0; i < ARRAY_SIZE(params); i++) {
3120 if (i == B43_QOSPARAM_STATUS) {
3121 tmp = b43_shm_read16(dev, B43_SHM_SHARED,
3122 shm_offset + (i * 2));
3123 /* Mark the parameters as updated. */
3125 b43_shm_write16(dev, B43_SHM_SHARED,
3126 shm_offset + (i * 2),
3129 b43_shm_write16(dev, B43_SHM_SHARED,
3130 shm_offset + (i * 2),
3136 /* Mapping of mac80211 queue numbers to b43 QoS SHM offsets. */
3137 static const u16 b43_qos_shm_offsets[] = {
3138 /* [mac80211-queue-nr] = SHM_OFFSET, */
3139 [0] = B43_QOS_VOICE,
3140 [1] = B43_QOS_VIDEO,
3141 [2] = B43_QOS_BESTEFFORT,
3142 [3] = B43_QOS_BACKGROUND,
3145 /* Update all QOS parameters in hardware. */
3146 static void b43_qos_upload_all(struct b43_wldev *dev)
3148 struct b43_wl *wl = dev->wl;
3149 struct b43_qos_params *params;
3152 if (!dev->qos_enabled)
3155 BUILD_BUG_ON(ARRAY_SIZE(b43_qos_shm_offsets) !=
3156 ARRAY_SIZE(wl->qos_params));
3158 b43_mac_suspend(dev);
3159 for (i = 0; i < ARRAY_SIZE(wl->qos_params); i++) {
3160 params = &(wl->qos_params[i]);
3161 b43_qos_params_upload(dev, &(params->p),
3162 b43_qos_shm_offsets[i]);
3164 b43_mac_enable(dev);
3167 static void b43_qos_clear(struct b43_wl *wl)
3169 struct b43_qos_params *params;
3172 /* Initialize QoS parameters to sane defaults. */
3174 BUILD_BUG_ON(ARRAY_SIZE(b43_qos_shm_offsets) !=
3175 ARRAY_SIZE(wl->qos_params));
3177 for (i = 0; i < ARRAY_SIZE(wl->qos_params); i++) {
3178 params = &(wl->qos_params[i]);
3180 switch (b43_qos_shm_offsets[i]) {
3184 params->p.cw_min = 0x0001;
3185 params->p.cw_max = 0x0001;
3190 params->p.cw_min = 0x0001;
3191 params->p.cw_max = 0x0001;
3193 case B43_QOS_BESTEFFORT:
3196 params->p.cw_min = 0x0001;
3197 params->p.cw_max = 0x03FF;
3199 case B43_QOS_BACKGROUND:
3202 params->p.cw_min = 0x0001;
3203 params->p.cw_max = 0x03FF;
3211 /* Initialize the core's QOS capabilities */
3212 static void b43_qos_init(struct b43_wldev *dev)
3214 if (!dev->qos_enabled) {
3215 /* Disable QOS support. */
3216 b43_hf_write(dev, b43_hf_read(dev) & ~B43_HF_EDCF);
3217 b43_write16(dev, B43_MMIO_IFSCTL,
3218 b43_read16(dev, B43_MMIO_IFSCTL)
3219 & ~B43_MMIO_IFSCTL_USE_EDCF);
3220 b43dbg(dev->wl, "QoS disabled\n");
3224 /* Upload the current QOS parameters. */
3225 b43_qos_upload_all(dev);
3227 /* Enable QOS support. */
3228 b43_hf_write(dev, b43_hf_read(dev) | B43_HF_EDCF);
3229 b43_write16(dev, B43_MMIO_IFSCTL,
3230 b43_read16(dev, B43_MMIO_IFSCTL)
3231 | B43_MMIO_IFSCTL_USE_EDCF);
3232 b43dbg(dev->wl, "QoS enabled\n");
3235 static int b43_op_conf_tx(struct ieee80211_hw *hw, u16 _queue,
3236 const struct ieee80211_tx_queue_params *params)
3238 struct b43_wl *wl = hw_to_b43_wl(hw);
3239 struct b43_wldev *dev;
3240 unsigned int queue = (unsigned int)_queue;
3243 if (queue >= ARRAY_SIZE(wl->qos_params)) {
3244 /* Queue not available or don't support setting
3245 * params on this queue. Return success to not
3246 * confuse mac80211. */
3249 BUILD_BUG_ON(ARRAY_SIZE(b43_qos_shm_offsets) !=
3250 ARRAY_SIZE(wl->qos_params));
3252 mutex_lock(&wl->mutex);
3253 dev = wl->current_dev;
3254 if (unlikely(!dev || (b43_status(dev) < B43_STAT_INITIALIZED)))
3257 memcpy(&(wl->qos_params[queue].p), params, sizeof(*params));
3258 b43_mac_suspend(dev);
3259 b43_qos_params_upload(dev, &(wl->qos_params[queue].p),
3260 b43_qos_shm_offsets[queue]);
3261 b43_mac_enable(dev);
3265 mutex_unlock(&wl->mutex);
3270 static int b43_op_get_tx_stats(struct ieee80211_hw *hw,
3271 struct ieee80211_tx_queue_stats *stats)
3273 struct b43_wl *wl = hw_to_b43_wl(hw);
3274 struct b43_wldev *dev;
3277 mutex_lock(&wl->mutex);
3278 dev = wl->current_dev;
3279 if (dev && b43_status(dev) >= B43_STAT_STARTED) {
3280 if (b43_using_pio_transfers(dev))
3281 b43_pio_get_tx_stats(dev, stats);
3283 b43_dma_get_tx_stats(dev, stats);
3286 mutex_unlock(&wl->mutex);
3291 static int b43_op_get_stats(struct ieee80211_hw *hw,
3292 struct ieee80211_low_level_stats *stats)
3294 struct b43_wl *wl = hw_to_b43_wl(hw);
3296 mutex_lock(&wl->mutex);
3297 memcpy(stats, &wl->ieee_stats, sizeof(*stats));
3298 mutex_unlock(&wl->mutex);
3303 static u64 b43_op_get_tsf(struct ieee80211_hw *hw)
3305 struct b43_wl *wl = hw_to_b43_wl(hw);
3306 struct b43_wldev *dev;
3309 mutex_lock(&wl->mutex);
3310 dev = wl->current_dev;
3312 if (dev && (b43_status(dev) >= B43_STAT_INITIALIZED))
3313 b43_tsf_read(dev, &tsf);
3317 mutex_unlock(&wl->mutex);
3322 static void b43_op_set_tsf(struct ieee80211_hw *hw, u64 tsf)
3324 struct b43_wl *wl = hw_to_b43_wl(hw);
3325 struct b43_wldev *dev;
3327 mutex_lock(&wl->mutex);
3328 dev = wl->current_dev;
3330 if (dev && (b43_status(dev) >= B43_STAT_INITIALIZED))
3331 b43_tsf_write(dev, tsf);
3333 mutex_unlock(&wl->mutex);
3336 static void b43_put_phy_into_reset(struct b43_wldev *dev)
3338 struct ssb_device *sdev = dev->dev;
3341 tmslow = ssb_read32(sdev, SSB_TMSLOW);
3342 tmslow &= ~B43_TMSLOW_GMODE;
3343 tmslow |= B43_TMSLOW_PHYRESET;
3344 tmslow |= SSB_TMSLOW_FGC;
3345 ssb_write32(sdev, SSB_TMSLOW, tmslow);
3348 tmslow = ssb_read32(sdev, SSB_TMSLOW);
3349 tmslow &= ~SSB_TMSLOW_FGC;
3350 tmslow |= B43_TMSLOW_PHYRESET;
3351 ssb_write32(sdev, SSB_TMSLOW, tmslow);
3355 static const char *band_to_string(enum ieee80211_band band)
3358 case IEEE80211_BAND_5GHZ:
3360 case IEEE80211_BAND_2GHZ:
3369 /* Expects wl->mutex locked */
3370 static int b43_switch_band(struct b43_wl *wl, struct ieee80211_channel *chan)
3372 struct b43_wldev *up_dev = NULL;
3373 struct b43_wldev *down_dev;
3374 struct b43_wldev *d;
3376 bool uninitialized_var(gmode);
3379 /* Find a device and PHY which supports the band. */
3380 list_for_each_entry(d, &wl->devlist, list) {
3381 switch (chan->band) {
3382 case IEEE80211_BAND_5GHZ:
3383 if (d->phy.supports_5ghz) {
3388 case IEEE80211_BAND_2GHZ:
3389 if (d->phy.supports_2ghz) {
3402 b43err(wl, "Could not find a device for %s-GHz band operation\n",
3403 band_to_string(chan->band));
3406 if ((up_dev == wl->current_dev) &&
3407 (!!wl->current_dev->phy.gmode == !!gmode)) {
3408 /* This device is already running. */
3411 b43dbg(wl, "Switching to %s-GHz band\n",
3412 band_to_string(chan->band));
3413 down_dev = wl->current_dev;
3415 prev_status = b43_status(down_dev);
3416 /* Shutdown the currently running core. */
3417 if (prev_status >= B43_STAT_STARTED)
3418 down_dev = b43_wireless_core_stop(down_dev);
3419 if (prev_status >= B43_STAT_INITIALIZED)
3420 b43_wireless_core_exit(down_dev);
3422 if (down_dev != up_dev) {
3423 /* We switch to a different core, so we put PHY into
3424 * RESET on the old core. */
3425 b43_put_phy_into_reset(down_dev);
3428 /* Now start the new core. */
3429 up_dev->phy.gmode = gmode;
3430 if (prev_status >= B43_STAT_INITIALIZED) {
3431 err = b43_wireless_core_init(up_dev);
3433 b43err(wl, "Fatal: Could not initialize device for "
3434 "selected %s-GHz band\n",
3435 band_to_string(chan->band));
3439 if (prev_status >= B43_STAT_STARTED) {
3440 err = b43_wireless_core_start(up_dev);
3442 b43err(wl, "Fatal: Coult not start device for "
3443 "selected %s-GHz band\n",
3444 band_to_string(chan->band));
3445 b43_wireless_core_exit(up_dev);
3449 B43_WARN_ON(b43_status(up_dev) != prev_status);
3451 wl->current_dev = up_dev;
3455 /* Whoops, failed to init the new core. No core is operating now. */
3456 wl->current_dev = NULL;
3460 /* Write the short and long frame retry limit values. */
3461 static void b43_set_retry_limits(struct b43_wldev *dev,
3462 unsigned int short_retry,
3463 unsigned int long_retry)
3465 /* The retry limit is a 4-bit counter. Enforce this to avoid overflowing
3466 * the chip-internal counter. */
3467 short_retry = min(short_retry, (unsigned int)0xF);
3468 long_retry = min(long_retry, (unsigned int)0xF);
3470 b43_shm_write16(dev, B43_SHM_SCRATCH, B43_SHM_SC_SRLIMIT,
3472 b43_shm_write16(dev, B43_SHM_SCRATCH, B43_SHM_SC_LRLIMIT,
3476 static int b43_op_config(struct ieee80211_hw *hw, u32 changed)
3478 struct b43_wl *wl = hw_to_b43_wl(hw);
3479 struct b43_wldev *dev;
3480 struct b43_phy *phy;
3481 struct ieee80211_conf *conf = &hw->conf;
3485 mutex_lock(&wl->mutex);
3487 /* Switch the band (if necessary). This might change the active core. */
3488 err = b43_switch_band(wl, conf->channel);
3490 goto out_unlock_mutex;
3491 dev = wl->current_dev;
3494 b43_mac_suspend(dev);
3496 if (changed & IEEE80211_CONF_CHANGE_RETRY_LIMITS)
3497 b43_set_retry_limits(dev, conf->short_frame_max_tx_count,
3498 conf->long_frame_max_tx_count);
3499 changed &= ~IEEE80211_CONF_CHANGE_RETRY_LIMITS;
3501 goto out_mac_enable;
3503 /* Switch to the requested channel.
3504 * The firmware takes care of races with the TX handler. */
3505 if (conf->channel->hw_value != phy->channel)
3506 b43_switch_channel(dev, conf->channel->hw_value);
3508 dev->wl->radiotap_enabled = !!(conf->flags & IEEE80211_CONF_RADIOTAP);
3510 /* Adjust the desired TX power level. */
3511 if (conf->power_level != 0) {
3512 if (conf->power_level != phy->desired_txpower) {
3513 phy->desired_txpower = conf->power_level;
3514 b43_phy_txpower_check(dev, B43_TXPWR_IGNORE_TIME |
3515 B43_TXPWR_IGNORE_TSSI);
3519 /* Antennas for RX and management frame TX. */
3520 antenna = B43_ANTENNA_DEFAULT;
3521 b43_mgmtframe_txantenna(dev, antenna);
3522 antenna = B43_ANTENNA_DEFAULT;
3523 if (phy->ops->set_rx_antenna)
3524 phy->ops->set_rx_antenna(dev, antenna);
3526 if (wl->radio_enabled != phy->radio_on) {
3527 if (wl->radio_enabled) {
3528 b43_software_rfkill(dev, false);
3529 b43info(dev->wl, "Radio turned on by software\n");
3530 if (!dev->radio_hw_enable) {
3531 b43info(dev->wl, "The hardware RF-kill button "
3532 "still turns the radio physically off. "
3533 "Press the button to turn it on.\n");
3536 b43_software_rfkill(dev, true);
3537 b43info(dev->wl, "Radio turned off by software\n");
3542 b43_mac_enable(dev);
3544 mutex_unlock(&wl->mutex);
3549 static void b43_update_basic_rates(struct b43_wldev *dev, u32 brates)
3551 struct ieee80211_supported_band *sband =
3552 dev->wl->hw->wiphy->bands[b43_current_band(dev->wl)];
3553 struct ieee80211_rate *rate;
3555 u16 basic, direct, offset, basic_offset, rateptr;
3557 for (i = 0; i < sband->n_bitrates; i++) {
3558 rate = &sband->bitrates[i];
3560 if (b43_is_cck_rate(rate->hw_value)) {
3561 direct = B43_SHM_SH_CCKDIRECT;
3562 basic = B43_SHM_SH_CCKBASIC;
3563 offset = b43_plcp_get_ratecode_cck(rate->hw_value);
3566 direct = B43_SHM_SH_OFDMDIRECT;
3567 basic = B43_SHM_SH_OFDMBASIC;
3568 offset = b43_plcp_get_ratecode_ofdm(rate->hw_value);
3572 rate = ieee80211_get_response_rate(sband, brates, rate->bitrate);
3574 if (b43_is_cck_rate(rate->hw_value)) {
3575 basic_offset = b43_plcp_get_ratecode_cck(rate->hw_value);
3576 basic_offset &= 0xF;
3578 basic_offset = b43_plcp_get_ratecode_ofdm(rate->hw_value);
3579 basic_offset &= 0xF;
3583 * Get the pointer that we need to point to
3584 * from the direct map
3586 rateptr = b43_shm_read16(dev, B43_SHM_SHARED,
3587 direct + 2 * basic_offset);
3588 /* and write it to the basic map */
3589 b43_shm_write16(dev, B43_SHM_SHARED, basic + 2 * offset,
3594 static void b43_op_bss_info_changed(struct ieee80211_hw *hw,
3595 struct ieee80211_vif *vif,
3596 struct ieee80211_bss_conf *conf,
3599 struct b43_wl *wl = hw_to_b43_wl(hw);
3600 struct b43_wldev *dev;
3602 mutex_lock(&wl->mutex);
3604 dev = wl->current_dev;
3605 if (!dev || b43_status(dev) < B43_STAT_STARTED)
3606 goto out_unlock_mutex;
3608 B43_WARN_ON(wl->vif != vif);
3610 if (changed & BSS_CHANGED_BSSID) {
3612 memcpy(wl->bssid, conf->bssid, ETH_ALEN);
3614 memset(wl->bssid, 0, ETH_ALEN);
3617 if (b43_status(dev) >= B43_STAT_INITIALIZED) {
3618 if (changed & BSS_CHANGED_BEACON &&
3619 (b43_is_mode(wl, NL80211_IFTYPE_AP) ||
3620 b43_is_mode(wl, NL80211_IFTYPE_MESH_POINT) ||
3621 b43_is_mode(wl, NL80211_IFTYPE_ADHOC)))
3622 b43_update_templates(wl);
3624 if (changed & BSS_CHANGED_BSSID)
3625 b43_write_mac_bssid_templates(dev);
3628 b43_mac_suspend(dev);
3630 /* Update templates for AP/mesh mode. */
3631 if (changed & BSS_CHANGED_BEACON_INT &&
3632 (b43_is_mode(wl, NL80211_IFTYPE_AP) ||
3633 b43_is_mode(wl, NL80211_IFTYPE_MESH_POINT) ||
3634 b43_is_mode(wl, NL80211_IFTYPE_ADHOC)))
3635 b43_set_beacon_int(dev, conf->beacon_int);
3637 if (changed & BSS_CHANGED_BASIC_RATES)
3638 b43_update_basic_rates(dev, conf->basic_rates);
3640 if (changed & BSS_CHANGED_ERP_SLOT) {
3641 if (conf->use_short_slot)
3642 b43_short_slot_timing_enable(dev);
3644 b43_short_slot_timing_disable(dev);
3647 b43_mac_enable(dev);
3649 mutex_unlock(&wl->mutex);
3652 static int b43_op_set_key(struct ieee80211_hw *hw, enum set_key_cmd cmd,
3653 struct ieee80211_vif *vif, struct ieee80211_sta *sta,
3654 struct ieee80211_key_conf *key)
3656 struct b43_wl *wl = hw_to_b43_wl(hw);
3657 struct b43_wldev *dev;
3661 static const u8 bcast_addr[ETH_ALEN] = { 0xff, 0xff, 0xff, 0xff, 0xff, 0xff };
3663 if (modparam_nohwcrypt)
3664 return -ENOSPC; /* User disabled HW-crypto */
3666 mutex_lock(&wl->mutex);
3668 dev = wl->current_dev;
3670 if (!dev || b43_status(dev) < B43_STAT_INITIALIZED)
3673 if (dev->fw.pcm_request_failed || !dev->hwcrypto_enabled) {
3674 /* We don't have firmware for the crypto engine.
3675 * Must use software-crypto. */
3683 if (key->keylen == WLAN_KEY_LEN_WEP40)
3684 algorithm = B43_SEC_ALGO_WEP40;
3686 algorithm = B43_SEC_ALGO_WEP104;
3689 algorithm = B43_SEC_ALGO_TKIP;
3692 algorithm = B43_SEC_ALGO_AES;
3698 index = (u8) (key->keyidx);
3704 if (algorithm == B43_SEC_ALGO_TKIP &&
3705 (!(key->flags & IEEE80211_KEY_FLAG_PAIRWISE) ||
3706 !modparam_hwtkip)) {
3707 /* We support only pairwise key */
3712 if (key->flags & IEEE80211_KEY_FLAG_PAIRWISE) {
3713 if (WARN_ON(!sta)) {
3717 /* Pairwise key with an assigned MAC address. */
3718 err = b43_key_write(dev, -1, algorithm,
3719 key->key, key->keylen,
3723 err = b43_key_write(dev, index, algorithm,
3724 key->key, key->keylen, NULL, key);
3729 if (algorithm == B43_SEC_ALGO_WEP40 ||
3730 algorithm == B43_SEC_ALGO_WEP104) {
3731 b43_hf_write(dev, b43_hf_read(dev) | B43_HF_USEDEFKEYS);
3734 b43_hf_read(dev) & ~B43_HF_USEDEFKEYS);
3736 key->flags |= IEEE80211_KEY_FLAG_GENERATE_IV;
3737 if (algorithm == B43_SEC_ALGO_TKIP)
3738 key->flags |= IEEE80211_KEY_FLAG_GENERATE_MMIC;
3741 err = b43_key_clear(dev, key->hw_key_idx);
3752 b43dbg(wl, "%s hardware based encryption for keyidx: %d, "
3754 cmd == SET_KEY ? "Using" : "Disabling", key->keyidx,
3755 sta ? sta->addr : bcast_addr);
3756 b43_dump_keymemory(dev);
3758 mutex_unlock(&wl->mutex);
3763 static void b43_op_configure_filter(struct ieee80211_hw *hw,
3764 unsigned int changed, unsigned int *fflags,
3767 struct b43_wl *wl = hw_to_b43_wl(hw);
3768 struct b43_wldev *dev;
3770 mutex_lock(&wl->mutex);
3771 dev = wl->current_dev;
3777 *fflags &= FIF_PROMISC_IN_BSS |
3783 FIF_BCN_PRBRESP_PROMISC;
3785 changed &= FIF_PROMISC_IN_BSS |
3791 FIF_BCN_PRBRESP_PROMISC;
3793 wl->filter_flags = *fflags;
3795 if (changed && b43_status(dev) >= B43_STAT_INITIALIZED)
3796 b43_adjust_opmode(dev);
3799 mutex_unlock(&wl->mutex);
3802 /* Locking: wl->mutex
3803 * Returns the current dev. This might be different from the passed in dev,
3804 * because the core might be gone away while we unlocked the mutex. */
3805 static struct b43_wldev * b43_wireless_core_stop(struct b43_wldev *dev)
3807 struct b43_wl *wl = dev->wl;
3808 struct b43_wldev *orig_dev;
3811 if (!dev || b43_status(dev) < B43_STAT_STARTED)
3814 /* Cancel work. Unlock to avoid deadlocks. */
3815 mutex_unlock(&wl->mutex);
3816 cancel_delayed_work_sync(&dev->periodic_work);
3817 cancel_work_sync(&wl->tx_work);
3818 mutex_lock(&wl->mutex);
3819 dev = wl->current_dev;
3820 if (!dev || b43_status(dev) < B43_STAT_STARTED) {
3821 /* Whoops, aliens ate up the device while we were unlocked. */
3825 /* Disable interrupts on the device. */
3826 b43_set_status(dev, B43_STAT_INITIALIZED);
3827 if (0 /*FIXME dev->dev->bus->bustype == SSB_BUSTYPE_SDIO*/) {
3828 /* wl->mutex is locked. That is enough. */
3829 b43_write32(dev, B43_MMIO_GEN_IRQ_MASK, 0);
3830 b43_read32(dev, B43_MMIO_GEN_IRQ_MASK); /* Flush */
3832 spin_lock_irq(&wl->hardirq_lock);
3833 b43_write32(dev, B43_MMIO_GEN_IRQ_MASK, 0);
3834 b43_read32(dev, B43_MMIO_GEN_IRQ_MASK); /* Flush */
3835 spin_unlock_irq(&wl->hardirq_lock);
3837 /* Synchronize the interrupt handlers. Unlock to avoid deadlocks. */
3839 mutex_unlock(&wl->mutex);
3840 synchronize_irq(dev->dev->irq);
3841 mutex_lock(&wl->mutex);
3842 dev = wl->current_dev;
3845 if (dev != orig_dev) {
3846 if (b43_status(dev) >= B43_STAT_STARTED)
3850 B43_WARN_ON(b43_read32(dev, B43_MMIO_GEN_IRQ_MASK));
3852 /* Drain the TX queue */
3853 while (skb_queue_len(&wl->tx_queue))
3854 dev_kfree_skb(skb_dequeue(&wl->tx_queue));
3856 b43_mac_suspend(dev);
3857 free_irq(dev->dev->irq, dev);
3859 b43dbg(wl, "Wireless interface stopped\n");
3864 /* Locking: wl->mutex */
3865 static int b43_wireless_core_start(struct b43_wldev *dev)
3869 B43_WARN_ON(b43_status(dev) != B43_STAT_INITIALIZED);
3871 drain_txstatus_queue(dev);
3872 err = request_threaded_irq(dev->dev->irq, b43_interrupt_handler,
3873 b43_interrupt_thread_handler,
3874 IRQF_SHARED, KBUILD_MODNAME, dev);
3876 b43err(dev->wl, "Cannot request IRQ-%d\n", dev->dev->irq);
3880 /* We are ready to run. */
3881 b43_set_status(dev, B43_STAT_STARTED);
3883 /* Start data flow (TX/RX). */
3884 b43_mac_enable(dev);
3885 b43_write32(dev, B43_MMIO_GEN_IRQ_MASK, dev->irq_mask);
3887 /* Start maintainance work */
3888 b43_periodic_tasks_setup(dev);
3892 b43dbg(dev->wl, "Wireless interface started\n");
3897 /* Get PHY and RADIO versioning numbers */
3898 static int b43_phy_versioning(struct b43_wldev *dev)
3900 struct b43_phy *phy = &dev->phy;
3908 int unsupported = 0;
3910 /* Get PHY versioning */
3911 tmp = b43_read16(dev, B43_MMIO_PHY_VER);
3912 analog_type = (tmp & B43_PHYVER_ANALOG) >> B43_PHYVER_ANALOG_SHIFT;
3913 phy_type = (tmp & B43_PHYVER_TYPE) >> B43_PHYVER_TYPE_SHIFT;
3914 phy_rev = (tmp & B43_PHYVER_VERSION);
3921 if (phy_rev != 2 && phy_rev != 4 && phy_rev != 6
3929 #ifdef CONFIG_B43_NPHY
3935 #ifdef CONFIG_B43_PHY_LP
3936 case B43_PHYTYPE_LP:
3945 b43err(dev->wl, "FOUND UNSUPPORTED PHY "
3946 "(Analog %u, Type %u, Revision %u)\n",
3947 analog_type, phy_type, phy_rev);
3950 b43dbg(dev->wl, "Found PHY: Analog %u, Type %u, Revision %u\n",
3951 analog_type, phy_type, phy_rev);
3953 /* Get RADIO versioning */
3954 if (dev->dev->bus->chip_id == 0x4317) {
3955 if (dev->dev->bus->chip_rev == 0)
3957 else if (dev->dev->bus->chip_rev == 1)
3962 b43_write16(dev, B43_MMIO_RADIO_CONTROL, B43_RADIOCTL_ID);
3963 tmp = b43_read16(dev, B43_MMIO_RADIO_DATA_LOW);
3964 b43_write16(dev, B43_MMIO_RADIO_CONTROL, B43_RADIOCTL_ID);
3965 tmp |= (u32)b43_read16(dev, B43_MMIO_RADIO_DATA_HIGH) << 16;
3967 radio_manuf = (tmp & 0x00000FFF);
3968 radio_ver = (tmp & 0x0FFFF000) >> 12;
3969 radio_rev = (tmp & 0xF0000000) >> 28;
3970 if (radio_manuf != 0x17F /* Broadcom */)
3974 if (radio_ver != 0x2060)
3978 if (radio_manuf != 0x17F)
3982 if ((radio_ver & 0xFFF0) != 0x2050)
3986 if (radio_ver != 0x2050)
3990 if (radio_ver != 0x2055 && radio_ver != 0x2056)
3993 case B43_PHYTYPE_LP:
3994 if (radio_ver != 0x2062 && radio_ver != 0x2063)
4001 b43err(dev->wl, "FOUND UNSUPPORTED RADIO "
4002 "(Manuf 0x%X, Version 0x%X, Revision %u)\n",
4003 radio_manuf, radio_ver, radio_rev);
4006 b43dbg(dev->wl, "Found Radio: Manuf 0x%X, Version 0x%X, Revision %u\n",
4007 radio_manuf, radio_ver, radio_rev);
4009 phy->radio_manuf = radio_manuf;
4010 phy->radio_ver = radio_ver;
4011 phy->radio_rev = radio_rev;
4013 phy->analog = analog_type;
4014 phy->type = phy_type;
4020 static void setup_struct_phy_for_init(struct b43_wldev *dev,
4021 struct b43_phy *phy)
4023 phy->hardware_power_control = !!modparam_hwpctl;
4024 phy->next_txpwr_check_time = jiffies;
4025 /* PHY TX errors counter. */
4026 atomic_set(&phy->txerr_cnt, B43_PHY_TX_BADNESS_LIMIT);
4029 phy->phy_locked = 0;
4030 phy->radio_locked = 0;
4034 static void setup_struct_wldev_for_init(struct b43_wldev *dev)
4038 /* Assume the radio is enabled. If it's not enabled, the state will
4039 * immediately get fixed on the first periodic work run. */
4040 dev->radio_hw_enable = 1;
4043 memset(&dev->stats, 0, sizeof(dev->stats));
4045 setup_struct_phy_for_init(dev, &dev->phy);
4047 /* IRQ related flags */
4048 dev->irq_reason = 0;
4049 memset(dev->dma_reason, 0, sizeof(dev->dma_reason));
4050 dev->irq_mask = B43_IRQ_MASKTEMPLATE;
4051 if (b43_modparam_verbose < B43_VERBOSITY_DEBUG)
4052 dev->irq_mask &= ~B43_IRQ_PHY_TXERR;
4054 dev->mac_suspended = 1;
4056 /* Noise calculation context */
4057 memset(&dev->noisecalc, 0, sizeof(dev->noisecalc));
4060 static void b43_bluetooth_coext_enable(struct b43_wldev *dev)
4062 struct ssb_sprom *sprom = &dev->dev->bus->sprom;
4065 if (!modparam_btcoex)
4067 if (!(sprom->boardflags_lo & B43_BFL_BTCOEXIST))
4069 if (dev->phy.type != B43_PHYTYPE_B && !dev->phy.gmode)
4072 hf = b43_hf_read(dev);
4073 if (sprom->boardflags_lo & B43_BFL_BTCMOD)
4074 hf |= B43_HF_BTCOEXALT;
4076 hf |= B43_HF_BTCOEX;
4077 b43_hf_write(dev, hf);
4080 static void b43_bluetooth_coext_disable(struct b43_wldev *dev)
4082 if (!modparam_btcoex)
4087 static void b43_imcfglo_timeouts_workaround(struct b43_wldev *dev)
4089 #ifdef CONFIG_SSB_DRIVER_PCICORE
4090 struct ssb_bus *bus = dev->dev->bus;
4093 if (bus->pcicore.dev &&
4094 bus->pcicore.dev->id.coreid == SSB_DEV_PCI &&
4095 bus->pcicore.dev->id.revision <= 5) {
4096 /* IMCFGLO timeouts workaround. */
4097 tmp = ssb_read32(dev->dev, SSB_IMCFGLO);
4098 switch (bus->bustype) {
4099 case SSB_BUSTYPE_PCI:
4100 case SSB_BUSTYPE_PCMCIA:
4101 tmp &= ~SSB_IMCFGLO_REQTO;
4102 tmp &= ~SSB_IMCFGLO_SERTO;
4105 case SSB_BUSTYPE_SSB:
4106 tmp &= ~SSB_IMCFGLO_REQTO;
4107 tmp &= ~SSB_IMCFGLO_SERTO;
4113 ssb_write32(dev->dev, SSB_IMCFGLO, tmp);
4115 #endif /* CONFIG_SSB_DRIVER_PCICORE */
4118 static void b43_set_synth_pu_delay(struct b43_wldev *dev, bool idle)
4122 /* The time value is in microseconds. */
4123 if (dev->phy.type == B43_PHYTYPE_A)
4127 if (b43_is_mode(dev->wl, NL80211_IFTYPE_ADHOC) || idle)
4129 if ((dev->phy.radio_ver == 0x2050) && (dev->phy.radio_rev == 8))
4130 pu_delay = max(pu_delay, (u16)2400);
4132 b43_shm_write16(dev, B43_SHM_SHARED, B43_SHM_SH_SPUWKUP, pu_delay);
4135 /* Set the TSF CFP pre-TargetBeaconTransmissionTime. */
4136 static void b43_set_pretbtt(struct b43_wldev *dev)
4140 /* The time value is in microseconds. */
4141 if (b43_is_mode(dev->wl, NL80211_IFTYPE_ADHOC)) {
4144 if (dev->phy.type == B43_PHYTYPE_A)
4149 b43_shm_write16(dev, B43_SHM_SHARED, B43_SHM_SH_PRETBTT, pretbtt);
4150 b43_write16(dev, B43_MMIO_TSF_CFP_PRETBTT, pretbtt);
4153 /* Shutdown a wireless core */
4154 /* Locking: wl->mutex */
4155 static void b43_wireless_core_exit(struct b43_wldev *dev)
4159 B43_WARN_ON(dev && b43_status(dev) > B43_STAT_INITIALIZED);
4160 if (!dev || b43_status(dev) != B43_STAT_INITIALIZED)
4162 b43_set_status(dev, B43_STAT_UNINIT);
4164 /* Stop the microcode PSM. */
4165 macctl = b43_read32(dev, B43_MMIO_MACCTL);
4166 macctl &= ~B43_MACCTL_PSM_RUN;
4167 macctl |= B43_MACCTL_PSM_JMP0;
4168 b43_write32(dev, B43_MMIO_MACCTL, macctl);
4173 dev->phy.ops->switch_analog(dev, 0);
4174 if (dev->wl->current_beacon) {
4175 dev_kfree_skb_any(dev->wl->current_beacon);
4176 dev->wl->current_beacon = NULL;
4179 ssb_device_disable(dev->dev, 0);
4180 ssb_bus_may_powerdown(dev->dev->bus);
4183 /* Initialize a wireless core */
4184 static int b43_wireless_core_init(struct b43_wldev *dev)
4186 struct ssb_bus *bus = dev->dev->bus;
4187 struct ssb_sprom *sprom = &bus->sprom;
4188 struct b43_phy *phy = &dev->phy;
4193 B43_WARN_ON(b43_status(dev) != B43_STAT_UNINIT);
4195 err = ssb_bus_powerup(bus, 0);
4198 if (!ssb_device_is_enabled(dev->dev)) {
4199 tmp = phy->gmode ? B43_TMSLOW_GMODE : 0;
4200 b43_wireless_core_reset(dev, tmp);
4203 /* Reset all data structures. */
4204 setup_struct_wldev_for_init(dev);
4205 phy->ops->prepare_structs(dev);
4207 /* Enable IRQ routing to this device. */
4208 ssb_pcicore_dev_irqvecs_enable(&bus->pcicore, dev->dev);
4210 b43_imcfglo_timeouts_workaround(dev);
4211 b43_bluetooth_coext_disable(dev);
4212 if (phy->ops->prepare_hardware) {
4213 err = phy->ops->prepare_hardware(dev);
4217 err = b43_chip_init(dev);
4220 b43_shm_write16(dev, B43_SHM_SHARED,
4221 B43_SHM_SH_WLCOREREV, dev->dev->id.revision);
4222 hf = b43_hf_read(dev);
4223 if (phy->type == B43_PHYTYPE_G) {
4227 if (sprom->boardflags_lo & B43_BFL_PACTRL)
4228 hf |= B43_HF_OFDMPABOOST;
4230 if (phy->radio_ver == 0x2050) {
4231 if (phy->radio_rev == 6)
4232 hf |= B43_HF_4318TSSI;
4233 if (phy->radio_rev < 6)
4234 hf |= B43_HF_VCORECALC;
4236 if (sprom->boardflags_lo & B43_BFL_XTAL_NOSLOW)
4237 hf |= B43_HF_DSCRQ; /* Disable slowclock requests from ucode. */
4238 #ifdef CONFIG_SSB_DRIVER_PCICORE
4239 if ((bus->bustype == SSB_BUSTYPE_PCI) &&
4240 (bus->pcicore.dev->id.revision <= 10))
4241 hf |= B43_HF_PCISCW; /* PCI slow clock workaround. */
4243 hf &= ~B43_HF_SKCFPUP;
4244 b43_hf_write(dev, hf);
4246 b43_set_retry_limits(dev, B43_DEFAULT_SHORT_RETRY_LIMIT,
4247 B43_DEFAULT_LONG_RETRY_LIMIT);
4248 b43_shm_write16(dev, B43_SHM_SHARED, B43_SHM_SH_SFFBLIM, 3);
4249 b43_shm_write16(dev, B43_SHM_SHARED, B43_SHM_SH_LFFBLIM, 2);
4251 /* Disable sending probe responses from firmware.
4252 * Setting the MaxTime to one usec will always trigger
4253 * a timeout, so we never send any probe resp.
4254 * A timeout of zero is infinite. */
4255 b43_shm_write16(dev, B43_SHM_SHARED, B43_SHM_SH_PRMAXTIME, 1);
4257 b43_rate_memory_init(dev);
4258 b43_set_phytxctl_defaults(dev);
4260 /* Minimum Contention Window */
4261 if (phy->type == B43_PHYTYPE_B) {
4262 b43_shm_write16(dev, B43_SHM_SCRATCH, B43_SHM_SC_MINCONT, 0x1F);
4264 b43_shm_write16(dev, B43_SHM_SCRATCH, B43_SHM_SC_MINCONT, 0xF);
4266 /* Maximum Contention Window */
4267 b43_shm_write16(dev, B43_SHM_SCRATCH, B43_SHM_SC_MAXCONT, 0x3FF);
4269 if ((dev->dev->bus->bustype == SSB_BUSTYPE_PCMCIA) || B43_FORCE_PIO) {
4270 dev->__using_pio_transfers = 1;
4271 err = b43_pio_init(dev);
4273 dev->__using_pio_transfers = 0;
4274 err = b43_dma_init(dev);
4279 b43_set_synth_pu_delay(dev, 1);
4280 b43_bluetooth_coext_enable(dev);
4282 ssb_bus_powerup(bus, !(sprom->boardflags_lo & B43_BFL_XTAL_NOSLOW));
4283 b43_upload_card_macaddress(dev);
4284 b43_security_init(dev);
4286 ieee80211_wake_queues(dev->wl->hw);
4288 b43_set_status(dev, B43_STAT_INITIALIZED);
4296 ssb_bus_may_powerdown(bus);
4297 B43_WARN_ON(b43_status(dev) != B43_STAT_UNINIT);
4301 static int b43_op_add_interface(struct ieee80211_hw *hw,
4302 struct ieee80211_if_init_conf *conf)
4304 struct b43_wl *wl = hw_to_b43_wl(hw);
4305 struct b43_wldev *dev;
4306 int err = -EOPNOTSUPP;
4308 /* TODO: allow WDS/AP devices to coexist */
4310 if (conf->type != NL80211_IFTYPE_AP &&
4311 conf->type != NL80211_IFTYPE_MESH_POINT &&
4312 conf->type != NL80211_IFTYPE_STATION &&
4313 conf->type != NL80211_IFTYPE_WDS &&
4314 conf->type != NL80211_IFTYPE_ADHOC)
4317 mutex_lock(&wl->mutex);
4319 goto out_mutex_unlock;
4321 b43dbg(wl, "Adding Interface type %d\n", conf->type);
4323 dev = wl->current_dev;
4325 wl->vif = conf->vif;
4326 wl->if_type = conf->type;
4327 memcpy(wl->mac_addr, conf->mac_addr, ETH_ALEN);
4329 b43_adjust_opmode(dev);
4330 b43_set_pretbtt(dev);
4331 b43_set_synth_pu_delay(dev, 0);
4332 b43_upload_card_macaddress(dev);
4336 mutex_unlock(&wl->mutex);
4341 static void b43_op_remove_interface(struct ieee80211_hw *hw,
4342 struct ieee80211_if_init_conf *conf)
4344 struct b43_wl *wl = hw_to_b43_wl(hw);
4345 struct b43_wldev *dev = wl->current_dev;
4347 b43dbg(wl, "Removing Interface type %d\n", conf->type);
4349 mutex_lock(&wl->mutex);
4351 B43_WARN_ON(!wl->operating);
4352 B43_WARN_ON(wl->vif != conf->vif);
4357 b43_adjust_opmode(dev);
4358 memset(wl->mac_addr, 0, ETH_ALEN);
4359 b43_upload_card_macaddress(dev);
4361 mutex_unlock(&wl->mutex);
4364 static int b43_op_start(struct ieee80211_hw *hw)
4366 struct b43_wl *wl = hw_to_b43_wl(hw);
4367 struct b43_wldev *dev = wl->current_dev;
4371 /* Kill all old instance specific information to make sure
4372 * the card won't use it in the short timeframe between start
4373 * and mac80211 reconfiguring it. */
4374 memset(wl->bssid, 0, ETH_ALEN);
4375 memset(wl->mac_addr, 0, ETH_ALEN);
4376 wl->filter_flags = 0;
4377 wl->radiotap_enabled = 0;
4379 wl->beacon0_uploaded = 0;
4380 wl->beacon1_uploaded = 0;
4381 wl->beacon_templates_virgin = 1;
4382 wl->radio_enabled = 1;
4384 mutex_lock(&wl->mutex);
4386 if (b43_status(dev) < B43_STAT_INITIALIZED) {
4387 err = b43_wireless_core_init(dev);
4389 goto out_mutex_unlock;
4393 if (b43_status(dev) < B43_STAT_STARTED) {
4394 err = b43_wireless_core_start(dev);
4397 b43_wireless_core_exit(dev);
4398 goto out_mutex_unlock;
4402 /* XXX: only do if device doesn't support rfkill irq */
4403 wiphy_rfkill_start_polling(hw->wiphy);
4406 mutex_unlock(&wl->mutex);
4411 static void b43_op_stop(struct ieee80211_hw *hw)
4413 struct b43_wl *wl = hw_to_b43_wl(hw);
4414 struct b43_wldev *dev = wl->current_dev;
4416 cancel_work_sync(&(wl->beacon_update_trigger));
4418 mutex_lock(&wl->mutex);
4419 if (b43_status(dev) >= B43_STAT_STARTED) {
4420 dev = b43_wireless_core_stop(dev);
4424 b43_wireless_core_exit(dev);
4425 wl->radio_enabled = 0;
4428 mutex_unlock(&wl->mutex);
4430 cancel_work_sync(&(wl->txpower_adjust_work));
4433 static int b43_op_beacon_set_tim(struct ieee80211_hw *hw,
4434 struct ieee80211_sta *sta, bool set)
4436 struct b43_wl *wl = hw_to_b43_wl(hw);
4438 mutex_lock(&wl->mutex);
4439 b43_update_templates(wl);
4440 mutex_unlock(&wl->mutex);
4445 static void b43_op_sta_notify(struct ieee80211_hw *hw,
4446 struct ieee80211_vif *vif,
4447 enum sta_notify_cmd notify_cmd,
4448 struct ieee80211_sta *sta)
4450 struct b43_wl *wl = hw_to_b43_wl(hw);
4452 B43_WARN_ON(!vif || wl->vif != vif);
4455 static void b43_op_sw_scan_start_notifier(struct ieee80211_hw *hw)
4457 struct b43_wl *wl = hw_to_b43_wl(hw);
4458 struct b43_wldev *dev;
4460 mutex_lock(&wl->mutex);
4461 dev = wl->current_dev;
4462 if (dev && (b43_status(dev) >= B43_STAT_INITIALIZED)) {
4463 /* Disable CFP update during scan on other channels. */
4464 b43_hf_write(dev, b43_hf_read(dev) | B43_HF_SKCFPUP);
4466 mutex_unlock(&wl->mutex);
4469 static void b43_op_sw_scan_complete_notifier(struct ieee80211_hw *hw)
4471 struct b43_wl *wl = hw_to_b43_wl(hw);
4472 struct b43_wldev *dev;
4474 mutex_lock(&wl->mutex);
4475 dev = wl->current_dev;
4476 if (dev && (b43_status(dev) >= B43_STAT_INITIALIZED)) {
4477 /* Re-enable CFP update. */
4478 b43_hf_write(dev, b43_hf_read(dev) & ~B43_HF_SKCFPUP);
4480 mutex_unlock(&wl->mutex);
4483 static const struct ieee80211_ops b43_hw_ops = {
4485 .conf_tx = b43_op_conf_tx,
4486 .add_interface = b43_op_add_interface,
4487 .remove_interface = b43_op_remove_interface,
4488 .config = b43_op_config,
4489 .bss_info_changed = b43_op_bss_info_changed,
4490 .configure_filter = b43_op_configure_filter,
4491 .set_key = b43_op_set_key,
4492 .update_tkip_key = b43_op_update_tkip_key,
4493 .get_stats = b43_op_get_stats,
4494 .get_tx_stats = b43_op_get_tx_stats,
4495 .get_tsf = b43_op_get_tsf,
4496 .set_tsf = b43_op_set_tsf,
4497 .start = b43_op_start,
4498 .stop = b43_op_stop,
4499 .set_tim = b43_op_beacon_set_tim,
4500 .sta_notify = b43_op_sta_notify,
4501 .sw_scan_start = b43_op_sw_scan_start_notifier,
4502 .sw_scan_complete = b43_op_sw_scan_complete_notifier,
4503 .rfkill_poll = b43_rfkill_poll,
4506 /* Hard-reset the chip. Do not call this directly.
4507 * Use b43_controller_restart()
4509 static void b43_chip_reset(struct work_struct *work)
4511 struct b43_wldev *dev =
4512 container_of(work, struct b43_wldev, restart_work);
4513 struct b43_wl *wl = dev->wl;
4517 mutex_lock(&wl->mutex);
4519 prev_status = b43_status(dev);
4520 /* Bring the device down... */
4521 if (prev_status >= B43_STAT_STARTED) {
4522 dev = b43_wireless_core_stop(dev);
4528 if (prev_status >= B43_STAT_INITIALIZED)
4529 b43_wireless_core_exit(dev);
4531 /* ...and up again. */
4532 if (prev_status >= B43_STAT_INITIALIZED) {
4533 err = b43_wireless_core_init(dev);
4537 if (prev_status >= B43_STAT_STARTED) {
4538 err = b43_wireless_core_start(dev);
4540 b43_wireless_core_exit(dev);
4546 wl->current_dev = NULL; /* Failed to init the dev. */
4547 mutex_unlock(&wl->mutex);
4549 b43err(wl, "Controller restart FAILED\n");
4551 b43info(wl, "Controller restarted\n");
4554 static int b43_setup_bands(struct b43_wldev *dev,
4555 bool have_2ghz_phy, bool have_5ghz_phy)
4557 struct ieee80211_hw *hw = dev->wl->hw;
4560 hw->wiphy->bands[IEEE80211_BAND_2GHZ] = &b43_band_2GHz;
4561 if (dev->phy.type == B43_PHYTYPE_N) {
4563 hw->wiphy->bands[IEEE80211_BAND_5GHZ] = &b43_band_5GHz_nphy;
4566 hw->wiphy->bands[IEEE80211_BAND_5GHZ] = &b43_band_5GHz_aphy;
4569 dev->phy.supports_2ghz = have_2ghz_phy;
4570 dev->phy.supports_5ghz = have_5ghz_phy;
4575 static void b43_wireless_core_detach(struct b43_wldev *dev)
4577 /* We release firmware that late to not be required to re-request
4578 * is all the time when we reinit the core. */
4579 b43_release_firmware(dev);
4583 static int b43_wireless_core_attach(struct b43_wldev *dev)
4585 struct b43_wl *wl = dev->wl;
4586 struct ssb_bus *bus = dev->dev->bus;
4587 struct pci_dev *pdev = bus->host_pci;
4589 bool have_2ghz_phy = 0, have_5ghz_phy = 0;
4592 /* Do NOT do any device initialization here.
4593 * Do it in wireless_core_init() instead.
4594 * This function is for gathering basic information about the HW, only.
4595 * Also some structs may be set up here. But most likely you want to have
4596 * that in core_init(), too.
4599 err = ssb_bus_powerup(bus, 0);
4601 b43err(wl, "Bus powerup failed\n");
4604 /* Get the PHY type. */
4605 if (dev->dev->id.revision >= 5) {
4608 tmshigh = ssb_read32(dev->dev, SSB_TMSHIGH);
4609 have_2ghz_phy = !!(tmshigh & B43_TMSHIGH_HAVE_2GHZ_PHY);
4610 have_5ghz_phy = !!(tmshigh & B43_TMSHIGH_HAVE_5GHZ_PHY);
4614 dev->phy.gmode = have_2ghz_phy;
4615 dev->phy.radio_on = 1;
4616 tmp = dev->phy.gmode ? B43_TMSLOW_GMODE : 0;
4617 b43_wireless_core_reset(dev, tmp);
4619 err = b43_phy_versioning(dev);
4622 /* Check if this device supports multiband. */
4624 (pdev->device != 0x4312 &&
4625 pdev->device != 0x4319 && pdev->device != 0x4324)) {
4626 /* No multiband support. */
4629 switch (dev->phy.type) {
4633 case B43_PHYTYPE_LP: //FIXME not always!
4634 #if 0 //FIXME enabling 5GHz causes a NULL pointer dereference
4645 if (dev->phy.type == B43_PHYTYPE_A) {
4647 b43err(wl, "IEEE 802.11a devices are unsupported\n");
4651 if (1 /* disable A-PHY */) {
4652 /* FIXME: For now we disable the A-PHY on multi-PHY devices. */
4653 if (dev->phy.type != B43_PHYTYPE_N &&
4654 dev->phy.type != B43_PHYTYPE_LP) {
4660 err = b43_phy_allocate(dev);
4664 dev->phy.gmode = have_2ghz_phy;
4665 tmp = dev->phy.gmode ? B43_TMSLOW_GMODE : 0;
4666 b43_wireless_core_reset(dev, tmp);
4668 err = b43_validate_chipaccess(dev);
4671 err = b43_setup_bands(dev, have_2ghz_phy, have_5ghz_phy);
4675 /* Now set some default "current_dev" */
4676 if (!wl->current_dev)
4677 wl->current_dev = dev;
4678 INIT_WORK(&dev->restart_work, b43_chip_reset);
4680 dev->phy.ops->switch_analog(dev, 0);
4681 ssb_device_disable(dev->dev, 0);
4682 ssb_bus_may_powerdown(bus);
4690 ssb_bus_may_powerdown(bus);
4694 static void b43_one_core_detach(struct ssb_device *dev)
4696 struct b43_wldev *wldev;
4699 /* Do not cancel ieee80211-workqueue based work here.
4700 * See comment in b43_remove(). */
4702 wldev = ssb_get_drvdata(dev);
4704 b43_debugfs_remove_device(wldev);
4705 b43_wireless_core_detach(wldev);
4706 list_del(&wldev->list);
4708 ssb_set_drvdata(dev, NULL);
4712 static int b43_one_core_attach(struct ssb_device *dev, struct b43_wl *wl)
4714 struct b43_wldev *wldev;
4715 struct pci_dev *pdev;
4718 if (!list_empty(&wl->devlist)) {
4719 /* We are not the first core on this chip. */
4720 pdev = dev->bus->host_pci;
4721 /* Only special chips support more than one wireless
4722 * core, although some of the other chips have more than
4723 * one wireless core as well. Check for this and
4727 ((pdev->device != 0x4321) &&
4728 (pdev->device != 0x4313) && (pdev->device != 0x431A))) {
4729 b43dbg(wl, "Ignoring unconnected 802.11 core\n");
4734 wldev = kzalloc(sizeof(*wldev), GFP_KERNEL);
4740 b43_set_status(wldev, B43_STAT_UNINIT);
4741 wldev->bad_frames_preempt = modparam_bad_frames_preempt;
4742 INIT_LIST_HEAD(&wldev->list);
4744 err = b43_wireless_core_attach(wldev);
4746 goto err_kfree_wldev;
4748 list_add(&wldev->list, &wl->devlist);
4750 ssb_set_drvdata(dev, wldev);
4751 b43_debugfs_add_device(wldev);
4761 #define IS_PDEV(pdev, _vendor, _device, _subvendor, _subdevice) ( \
4762 (pdev->vendor == PCI_VENDOR_ID_##_vendor) && \
4763 (pdev->device == _device) && \
4764 (pdev->subsystem_vendor == PCI_VENDOR_ID_##_subvendor) && \
4765 (pdev->subsystem_device == _subdevice) )
4767 static void b43_sprom_fixup(struct ssb_bus *bus)
4769 struct pci_dev *pdev;
4771 /* boardflags workarounds */
4772 if (bus->boardinfo.vendor == SSB_BOARDVENDOR_DELL &&
4773 bus->chip_id == 0x4301 && bus->boardinfo.rev == 0x74)
4774 bus->sprom.boardflags_lo |= B43_BFL_BTCOEXIST;
4775 if (bus->boardinfo.vendor == PCI_VENDOR_ID_APPLE &&
4776 bus->boardinfo.type == 0x4E && bus->boardinfo.rev > 0x40)
4777 bus->sprom.boardflags_lo |= B43_BFL_PACTRL;
4778 if (bus->bustype == SSB_BUSTYPE_PCI) {
4779 pdev = bus->host_pci;
4780 if (IS_PDEV(pdev, BROADCOM, 0x4318, ASUSTEK, 0x100F) ||
4781 IS_PDEV(pdev, BROADCOM, 0x4320, DELL, 0x0003) ||
4782 IS_PDEV(pdev, BROADCOM, 0x4320, HP, 0x12f8) ||
4783 IS_PDEV(pdev, BROADCOM, 0x4320, LINKSYS, 0x0015) ||
4784 IS_PDEV(pdev, BROADCOM, 0x4320, LINKSYS, 0x0014) ||
4785 IS_PDEV(pdev, BROADCOM, 0x4320, LINKSYS, 0x0013) ||
4786 IS_PDEV(pdev, BROADCOM, 0x4320, MOTOROLA, 0x7010))
4787 bus->sprom.boardflags_lo &= ~B43_BFL_BTCOEXIST;
4791 static void b43_wireless_exit(struct ssb_device *dev, struct b43_wl *wl)
4793 struct ieee80211_hw *hw = wl->hw;
4795 ssb_set_devtypedata(dev, NULL);
4796 ieee80211_free_hw(hw);
4799 static int b43_wireless_init(struct ssb_device *dev)
4801 struct ssb_sprom *sprom = &dev->bus->sprom;
4802 struct ieee80211_hw *hw;
4806 b43_sprom_fixup(dev->bus);
4808 hw = ieee80211_alloc_hw(sizeof(*wl), &b43_hw_ops);
4810 b43err(NULL, "Could not allocate ieee80211 device\n");
4813 wl = hw_to_b43_wl(hw);
4816 hw->flags = IEEE80211_HW_RX_INCLUDES_FCS |
4817 IEEE80211_HW_SIGNAL_DBM |
4818 IEEE80211_HW_NOISE_DBM;
4820 hw->wiphy->interface_modes =
4821 BIT(NL80211_IFTYPE_AP) |
4822 BIT(NL80211_IFTYPE_MESH_POINT) |
4823 BIT(NL80211_IFTYPE_STATION) |
4824 BIT(NL80211_IFTYPE_WDS) |
4825 BIT(NL80211_IFTYPE_ADHOC);
4827 hw->queues = modparam_qos ? 4 : 1;
4828 wl->mac80211_initially_registered_queues = hw->queues;
4830 SET_IEEE80211_DEV(hw, dev->dev);
4831 if (is_valid_ether_addr(sprom->et1mac))
4832 SET_IEEE80211_PERM_ADDR(hw, sprom->et1mac);
4834 SET_IEEE80211_PERM_ADDR(hw, sprom->il0mac);
4836 /* Initialize struct b43_wl */
4838 mutex_init(&wl->mutex);
4839 spin_lock_init(&wl->hardirq_lock);
4840 INIT_LIST_HEAD(&wl->devlist);
4841 INIT_WORK(&wl->beacon_update_trigger, b43_beacon_update_trigger_work);
4842 INIT_WORK(&wl->txpower_adjust_work, b43_phy_txpower_adjust_work);
4843 INIT_WORK(&wl->tx_work, b43_tx_work);
4844 skb_queue_head_init(&wl->tx_queue);
4846 ssb_set_devtypedata(dev, wl);
4847 b43info(wl, "Broadcom %04X WLAN found (core revision %u)\n",
4848 dev->bus->chip_id, dev->id.revision);
4854 static int b43_probe(struct ssb_device *dev, const struct ssb_device_id *id)
4860 wl = ssb_get_devtypedata(dev);
4862 /* Probing the first core. Must setup common struct b43_wl */
4864 err = b43_wireless_init(dev);
4867 wl = ssb_get_devtypedata(dev);
4870 err = b43_one_core_attach(dev, wl);
4872 goto err_wireless_exit;
4875 err = ieee80211_register_hw(wl->hw);
4877 goto err_one_core_detach;
4878 b43_leds_register(wl->current_dev);
4885 err_one_core_detach:
4886 b43_one_core_detach(dev);
4889 b43_wireless_exit(dev, wl);
4893 static void b43_remove(struct ssb_device *dev)
4895 struct b43_wl *wl = ssb_get_devtypedata(dev);
4896 struct b43_wldev *wldev = ssb_get_drvdata(dev);
4898 /* We must cancel any work here before unregistering from ieee80211,
4899 * as the ieee80211 unreg will destroy the workqueue. */
4900 cancel_work_sync(&wldev->restart_work);
4903 if (wl->current_dev == wldev) {
4904 /* Restore the queues count before unregistering, because firmware detect
4905 * might have modified it. Restoring is important, so the networking
4906 * stack can properly free resources. */
4907 wl->hw->queues = wl->mac80211_initially_registered_queues;
4908 wl->current_dev = NULL;
4909 cancel_work_sync(&wl->leds.work);
4910 ieee80211_unregister_hw(wl->hw);
4913 b43_one_core_detach(dev);
4915 if (list_empty(&wl->devlist)) {
4917 b43_leds_unregister(wldev);
4918 /* Last core on the chip unregistered.
4919 * We can destroy common struct b43_wl.
4921 b43_wireless_exit(dev, wl);
4925 /* Perform a hardware reset. This can be called from any context. */
4926 void b43_controller_restart(struct b43_wldev *dev, const char *reason)
4928 /* Must avoid requeueing, if we are in shutdown. */
4929 if (b43_status(dev) < B43_STAT_INITIALIZED)
4931 b43info(dev->wl, "Controller RESET (%s) ...\n", reason);
4932 ieee80211_queue_work(dev->wl->hw, &dev->restart_work);
4935 static struct ssb_driver b43_ssb_driver = {
4936 .name = KBUILD_MODNAME,
4937 .id_table = b43_ssb_tbl,
4939 .remove = b43_remove,
4942 static void b43_print_driverinfo(void)
4944 const char *feat_pci = "", *feat_pcmcia = "", *feat_nphy = "",
4947 #ifdef CONFIG_B43_PCI_AUTOSELECT
4950 #ifdef CONFIG_B43_PCMCIA
4953 #ifdef CONFIG_B43_NPHY
4956 #ifdef CONFIG_B43_LEDS
4959 printk(KERN_INFO "Broadcom 43xx driver loaded "
4960 "[ Features: %s%s%s%s, Firmware-ID: "
4961 B43_SUPPORTED_FIRMWARE_ID " ]\n",
4962 feat_pci, feat_pcmcia, feat_nphy,
4966 static int __init b43_init(void)
4971 err = b43_pcmcia_init();
4974 err = ssb_driver_register(&b43_ssb_driver);
4976 goto err_pcmcia_exit;
4977 b43_print_driverinfo();
4988 static void __exit b43_exit(void)
4990 ssb_driver_unregister(&b43_ssb_driver);
4995 module_init(b43_init)
4996 module_exit(b43_exit)
git://ftp.safe.ca / safe / jmp / linux-2.6 / blob