3 Broadcom B43 wireless driver
5 Copyright (c) 2005 Martin Langer <martin-langer@gmx.de>
6 Copyright (c) 2005 Stefano Brivio <stefano.brivio@polimi.it>
7 Copyright (c) 2005, 2006 Michael Buesch <mb@bu3sch.de>
8 Copyright (c) 2005 Danny van Dyk <kugelfang@gentoo.org>
9 Copyright (c) 2005 Andreas Jaggi <andreas.jaggi@waterwave.ch>
11 Some parts of the code in this file are derived from the ipw2200
12 driver Copyright(c) 2003 - 2004 Intel Corporation.
14 This program is free software; you can redistribute it and/or modify
15 it under the terms of the GNU General Public License as published by
16 the Free Software Foundation; either version 2 of the License, or
17 (at your option) any later version.
19 This program is distributed in the hope that it will be useful,
20 but WITHOUT ANY WARRANTY; without even the implied warranty of
21 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
22 GNU General Public License for more details.
24 You should have received a copy of the GNU General Public License
25 along with this program; see the file COPYING. If not, write to
26 the Free Software Foundation, Inc., 51 Franklin Steet, Fifth Floor,
27 Boston, MA 02110-1301, USA.
31 #include <linux/delay.h>
32 #include <linux/init.h>
33 #include <linux/moduleparam.h>
34 #include <linux/if_arp.h>
35 #include <linux/etherdevice.h>
36 #include <linux/version.h>
37 #include <linux/firmware.h>
38 #include <linux/wireless.h>
39 #include <linux/workqueue.h>
40 #include <linux/skbuff.h>
42 #include <linux/dma-mapping.h>
43 #include <asm/unaligned.h>
57 MODULE_DESCRIPTION("Broadcom B43 wireless driver");
58 MODULE_AUTHOR("Martin Langer");
59 MODULE_AUTHOR("Stefano Brivio");
60 MODULE_AUTHOR("Michael Buesch");
61 MODULE_LICENSE("GPL");
63 MODULE_FIRMWARE(B43_SUPPORTED_FIRMWARE_ID);
66 static int modparam_bad_frames_preempt;
67 module_param_named(bad_frames_preempt, modparam_bad_frames_preempt, int, 0444);
68 MODULE_PARM_DESC(bad_frames_preempt,
69 "enable(1) / disable(0) Bad Frames Preemption");
71 static char modparam_fwpostfix[16];
72 module_param_string(fwpostfix, modparam_fwpostfix, 16, 0444);
73 MODULE_PARM_DESC(fwpostfix, "Postfix for the .fw files to load.");
75 static int modparam_hwpctl;
76 module_param_named(hwpctl, modparam_hwpctl, int, 0444);
77 MODULE_PARM_DESC(hwpctl, "Enable hardware-side power control (default off)");
79 static int modparam_nohwcrypt;
80 module_param_named(nohwcrypt, modparam_nohwcrypt, int, 0444);
81 MODULE_PARM_DESC(nohwcrypt, "Disable hardware encryption.");
83 int b43_modparam_qos = 1;
84 module_param_named(qos, b43_modparam_qos, int, 0444);
85 MODULE_PARM_DESC(qos, "Enable QOS support (default on)");
88 static const struct ssb_device_id b43_ssb_tbl[] = {
89 SSB_DEVICE(SSB_VENDOR_BROADCOM, SSB_DEV_80211, 5),
90 SSB_DEVICE(SSB_VENDOR_BROADCOM, SSB_DEV_80211, 6),
91 SSB_DEVICE(SSB_VENDOR_BROADCOM, SSB_DEV_80211, 7),
92 SSB_DEVICE(SSB_VENDOR_BROADCOM, SSB_DEV_80211, 9),
93 SSB_DEVICE(SSB_VENDOR_BROADCOM, SSB_DEV_80211, 10),
94 SSB_DEVICE(SSB_VENDOR_BROADCOM, SSB_DEV_80211, 11),
95 SSB_DEVICE(SSB_VENDOR_BROADCOM, SSB_DEV_80211, 13),
99 MODULE_DEVICE_TABLE(ssb, b43_ssb_tbl);
101 /* Channel and ratetables are shared for all devices.
102 * They can't be const, because ieee80211 puts some precalculated
103 * data in there. This data is the same for all devices, so we don't
104 * get concurrency issues */
105 #define RATETAB_ENT(_rateid, _flags) \
107 .bitrate = B43_RATE_TO_BASE100KBPS(_rateid), \
108 .hw_value = (_rateid), \
113 * NOTE: When changing this, sync with xmit.c's
114 * b43_plcp_get_bitrate_idx_* functions!
116 static struct ieee80211_rate __b43_ratetable[] = {
117 RATETAB_ENT(B43_CCK_RATE_1MB, 0),
118 RATETAB_ENT(B43_CCK_RATE_2MB, IEEE80211_RATE_SHORT_PREAMBLE),
119 RATETAB_ENT(B43_CCK_RATE_5MB, IEEE80211_RATE_SHORT_PREAMBLE),
120 RATETAB_ENT(B43_CCK_RATE_11MB, IEEE80211_RATE_SHORT_PREAMBLE),
121 RATETAB_ENT(B43_OFDM_RATE_6MB, 0),
122 RATETAB_ENT(B43_OFDM_RATE_9MB, 0),
123 RATETAB_ENT(B43_OFDM_RATE_12MB, 0),
124 RATETAB_ENT(B43_OFDM_RATE_18MB, 0),
125 RATETAB_ENT(B43_OFDM_RATE_24MB, 0),
126 RATETAB_ENT(B43_OFDM_RATE_36MB, 0),
127 RATETAB_ENT(B43_OFDM_RATE_48MB, 0),
128 RATETAB_ENT(B43_OFDM_RATE_54MB, 0),
131 #define b43_a_ratetable (__b43_ratetable + 4)
132 #define b43_a_ratetable_size 8
133 #define b43_b_ratetable (__b43_ratetable + 0)
134 #define b43_b_ratetable_size 4
135 #define b43_g_ratetable (__b43_ratetable + 0)
136 #define b43_g_ratetable_size 12
138 #define CHAN4G(_channel, _freq, _flags) { \
139 .band = IEEE80211_BAND_2GHZ, \
140 .center_freq = (_freq), \
141 .hw_value = (_channel), \
143 .max_antenna_gain = 0, \
146 static struct ieee80211_channel b43_2ghz_chantable[] = {
164 #define CHAN5G(_channel, _flags) { \
165 .band = IEEE80211_BAND_5GHZ, \
166 .center_freq = 5000 + (5 * (_channel)), \
167 .hw_value = (_channel), \
169 .max_antenna_gain = 0, \
172 static struct ieee80211_channel b43_5ghz_nphy_chantable[] = {
173 CHAN5G(32, 0), CHAN5G(34, 0),
174 CHAN5G(36, 0), CHAN5G(38, 0),
175 CHAN5G(40, 0), CHAN5G(42, 0),
176 CHAN5G(44, 0), CHAN5G(46, 0),
177 CHAN5G(48, 0), CHAN5G(50, 0),
178 CHAN5G(52, 0), CHAN5G(54, 0),
179 CHAN5G(56, 0), CHAN5G(58, 0),
180 CHAN5G(60, 0), CHAN5G(62, 0),
181 CHAN5G(64, 0), CHAN5G(66, 0),
182 CHAN5G(68, 0), CHAN5G(70, 0),
183 CHAN5G(72, 0), CHAN5G(74, 0),
184 CHAN5G(76, 0), CHAN5G(78, 0),
185 CHAN5G(80, 0), CHAN5G(82, 0),
186 CHAN5G(84, 0), CHAN5G(86, 0),
187 CHAN5G(88, 0), CHAN5G(90, 0),
188 CHAN5G(92, 0), CHAN5G(94, 0),
189 CHAN5G(96, 0), CHAN5G(98, 0),
190 CHAN5G(100, 0), CHAN5G(102, 0),
191 CHAN5G(104, 0), CHAN5G(106, 0),
192 CHAN5G(108, 0), CHAN5G(110, 0),
193 CHAN5G(112, 0), CHAN5G(114, 0),
194 CHAN5G(116, 0), CHAN5G(118, 0),
195 CHAN5G(120, 0), CHAN5G(122, 0),
196 CHAN5G(124, 0), CHAN5G(126, 0),
197 CHAN5G(128, 0), CHAN5G(130, 0),
198 CHAN5G(132, 0), CHAN5G(134, 0),
199 CHAN5G(136, 0), CHAN5G(138, 0),
200 CHAN5G(140, 0), CHAN5G(142, 0),
201 CHAN5G(144, 0), CHAN5G(145, 0),
202 CHAN5G(146, 0), CHAN5G(147, 0),
203 CHAN5G(148, 0), CHAN5G(149, 0),
204 CHAN5G(150, 0), CHAN5G(151, 0),
205 CHAN5G(152, 0), CHAN5G(153, 0),
206 CHAN5G(154, 0), CHAN5G(155, 0),
207 CHAN5G(156, 0), CHAN5G(157, 0),
208 CHAN5G(158, 0), CHAN5G(159, 0),
209 CHAN5G(160, 0), CHAN5G(161, 0),
210 CHAN5G(162, 0), CHAN5G(163, 0),
211 CHAN5G(164, 0), CHAN5G(165, 0),
212 CHAN5G(166, 0), CHAN5G(168, 0),
213 CHAN5G(170, 0), CHAN5G(172, 0),
214 CHAN5G(174, 0), CHAN5G(176, 0),
215 CHAN5G(178, 0), CHAN5G(180, 0),
216 CHAN5G(182, 0), CHAN5G(184, 0),
217 CHAN5G(186, 0), CHAN5G(188, 0),
218 CHAN5G(190, 0), CHAN5G(192, 0),
219 CHAN5G(194, 0), CHAN5G(196, 0),
220 CHAN5G(198, 0), CHAN5G(200, 0),
221 CHAN5G(202, 0), CHAN5G(204, 0),
222 CHAN5G(206, 0), CHAN5G(208, 0),
223 CHAN5G(210, 0), CHAN5G(212, 0),
224 CHAN5G(214, 0), CHAN5G(216, 0),
225 CHAN5G(218, 0), CHAN5G(220, 0),
226 CHAN5G(222, 0), CHAN5G(224, 0),
227 CHAN5G(226, 0), CHAN5G(228, 0),
230 static struct ieee80211_channel b43_5ghz_aphy_chantable[] = {
231 CHAN5G(34, 0), CHAN5G(36, 0),
232 CHAN5G(38, 0), CHAN5G(40, 0),
233 CHAN5G(42, 0), CHAN5G(44, 0),
234 CHAN5G(46, 0), CHAN5G(48, 0),
235 CHAN5G(52, 0), CHAN5G(56, 0),
236 CHAN5G(60, 0), CHAN5G(64, 0),
237 CHAN5G(100, 0), CHAN5G(104, 0),
238 CHAN5G(108, 0), CHAN5G(112, 0),
239 CHAN5G(116, 0), CHAN5G(120, 0),
240 CHAN5G(124, 0), CHAN5G(128, 0),
241 CHAN5G(132, 0), CHAN5G(136, 0),
242 CHAN5G(140, 0), CHAN5G(149, 0),
243 CHAN5G(153, 0), CHAN5G(157, 0),
244 CHAN5G(161, 0), CHAN5G(165, 0),
245 CHAN5G(184, 0), CHAN5G(188, 0),
246 CHAN5G(192, 0), CHAN5G(196, 0),
247 CHAN5G(200, 0), CHAN5G(204, 0),
248 CHAN5G(208, 0), CHAN5G(212, 0),
253 static struct ieee80211_supported_band b43_band_5GHz_nphy = {
254 .band = IEEE80211_BAND_5GHZ,
255 .channels = b43_5ghz_nphy_chantable,
256 .n_channels = ARRAY_SIZE(b43_5ghz_nphy_chantable),
257 .bitrates = b43_a_ratetable,
258 .n_bitrates = b43_a_ratetable_size,
261 static struct ieee80211_supported_band b43_band_5GHz_aphy = {
262 .band = IEEE80211_BAND_5GHZ,
263 .channels = b43_5ghz_aphy_chantable,
264 .n_channels = ARRAY_SIZE(b43_5ghz_aphy_chantable),
265 .bitrates = b43_a_ratetable,
266 .n_bitrates = b43_a_ratetable_size,
269 static struct ieee80211_supported_band b43_band_2GHz = {
270 .band = IEEE80211_BAND_2GHZ,
271 .channels = b43_2ghz_chantable,
272 .n_channels = ARRAY_SIZE(b43_2ghz_chantable),
273 .bitrates = b43_g_ratetable,
274 .n_bitrates = b43_g_ratetable_size,
277 static void b43_wireless_core_exit(struct b43_wldev *dev);
278 static int b43_wireless_core_init(struct b43_wldev *dev);
279 static void b43_wireless_core_stop(struct b43_wldev *dev);
280 static int b43_wireless_core_start(struct b43_wldev *dev);
282 static int b43_ratelimit(struct b43_wl *wl)
284 if (!wl || !wl->current_dev)
286 if (b43_status(wl->current_dev) < B43_STAT_STARTED)
288 /* We are up and running.
289 * Ratelimit the messages to avoid DoS over the net. */
290 return net_ratelimit();
293 void b43info(struct b43_wl *wl, const char *fmt, ...)
297 if (!b43_ratelimit(wl))
300 printk(KERN_INFO "b43-%s: ",
301 (wl && wl->hw) ? wiphy_name(wl->hw->wiphy) : "wlan");
306 void b43err(struct b43_wl *wl, const char *fmt, ...)
310 if (!b43_ratelimit(wl))
313 printk(KERN_ERR "b43-%s ERROR: ",
314 (wl && wl->hw) ? wiphy_name(wl->hw->wiphy) : "wlan");
319 void b43warn(struct b43_wl *wl, const char *fmt, ...)
323 if (!b43_ratelimit(wl))
326 printk(KERN_WARNING "b43-%s warning: ",
327 (wl && wl->hw) ? wiphy_name(wl->hw->wiphy) : "wlan");
333 void b43dbg(struct b43_wl *wl, const char *fmt, ...)
338 printk(KERN_DEBUG "b43-%s debug: ",
339 (wl && wl->hw) ? wiphy_name(wl->hw->wiphy) : "wlan");
345 static void b43_ram_write(struct b43_wldev *dev, u16 offset, u32 val)
349 B43_WARN_ON(offset % 4 != 0);
351 macctl = b43_read32(dev, B43_MMIO_MACCTL);
352 if (macctl & B43_MACCTL_BE)
355 b43_write32(dev, B43_MMIO_RAM_CONTROL, offset);
357 b43_write32(dev, B43_MMIO_RAM_DATA, val);
360 static inline void b43_shm_control_word(struct b43_wldev *dev,
361 u16 routing, u16 offset)
365 /* "offset" is the WORD offset. */
369 b43_write32(dev, B43_MMIO_SHM_CONTROL, control);
372 u32 b43_shm_read32(struct b43_wldev *dev, u16 routing, u16 offset)
374 struct b43_wl *wl = dev->wl;
378 spin_lock_irqsave(&wl->shm_lock, flags);
379 if (routing == B43_SHM_SHARED) {
380 B43_WARN_ON(offset & 0x0001);
381 if (offset & 0x0003) {
382 /* Unaligned access */
383 b43_shm_control_word(dev, routing, offset >> 2);
384 ret = b43_read16(dev, B43_MMIO_SHM_DATA_UNALIGNED);
386 b43_shm_control_word(dev, routing, (offset >> 2) + 1);
387 ret |= b43_read16(dev, B43_MMIO_SHM_DATA);
393 b43_shm_control_word(dev, routing, offset);
394 ret = b43_read32(dev, B43_MMIO_SHM_DATA);
396 spin_unlock_irqrestore(&wl->shm_lock, flags);
401 u16 b43_shm_read16(struct b43_wldev * dev, u16 routing, u16 offset)
403 struct b43_wl *wl = dev->wl;
407 spin_lock_irqsave(&wl->shm_lock, flags);
408 if (routing == B43_SHM_SHARED) {
409 B43_WARN_ON(offset & 0x0001);
410 if (offset & 0x0003) {
411 /* Unaligned access */
412 b43_shm_control_word(dev, routing, offset >> 2);
413 ret = b43_read16(dev, B43_MMIO_SHM_DATA_UNALIGNED);
419 b43_shm_control_word(dev, routing, offset);
420 ret = b43_read16(dev, B43_MMIO_SHM_DATA);
422 spin_unlock_irqrestore(&wl->shm_lock, flags);
427 void b43_shm_write32(struct b43_wldev *dev, u16 routing, u16 offset, u32 value)
429 struct b43_wl *wl = dev->wl;
432 spin_lock_irqsave(&wl->shm_lock, flags);
433 if (routing == B43_SHM_SHARED) {
434 B43_WARN_ON(offset & 0x0001);
435 if (offset & 0x0003) {
436 /* Unaligned access */
437 b43_shm_control_word(dev, routing, offset >> 2);
438 b43_write16(dev, B43_MMIO_SHM_DATA_UNALIGNED,
439 (value >> 16) & 0xffff);
440 b43_shm_control_word(dev, routing, (offset >> 2) + 1);
441 b43_write16(dev, B43_MMIO_SHM_DATA, value & 0xffff);
446 b43_shm_control_word(dev, routing, offset);
447 b43_write32(dev, B43_MMIO_SHM_DATA, value);
449 spin_unlock_irqrestore(&wl->shm_lock, flags);
452 void b43_shm_write16(struct b43_wldev *dev, u16 routing, u16 offset, u16 value)
454 struct b43_wl *wl = dev->wl;
457 spin_lock_irqsave(&wl->shm_lock, flags);
458 if (routing == B43_SHM_SHARED) {
459 B43_WARN_ON(offset & 0x0001);
460 if (offset & 0x0003) {
461 /* Unaligned access */
462 b43_shm_control_word(dev, routing, offset >> 2);
463 b43_write16(dev, B43_MMIO_SHM_DATA_UNALIGNED, value);
468 b43_shm_control_word(dev, routing, offset);
469 b43_write16(dev, B43_MMIO_SHM_DATA, value);
471 spin_unlock_irqrestore(&wl->shm_lock, flags);
475 u64 b43_hf_read(struct b43_wldev * dev)
479 ret = b43_shm_read16(dev, B43_SHM_SHARED, B43_SHM_SH_HOSTFHI);
481 ret |= b43_shm_read16(dev, B43_SHM_SHARED, B43_SHM_SH_HOSTFMI);
483 ret |= b43_shm_read16(dev, B43_SHM_SHARED, B43_SHM_SH_HOSTFLO);
488 /* Write HostFlags */
489 void b43_hf_write(struct b43_wldev *dev, u64 value)
493 lo = (value & 0x00000000FFFFULL);
494 mi = (value & 0x0000FFFF0000ULL) >> 16;
495 hi = (value & 0xFFFF00000000ULL) >> 32;
496 b43_shm_write16(dev, B43_SHM_SHARED, B43_SHM_SH_HOSTFLO, lo);
497 b43_shm_write16(dev, B43_SHM_SHARED, B43_SHM_SH_HOSTFMI, mi);
498 b43_shm_write16(dev, B43_SHM_SHARED, B43_SHM_SH_HOSTFHI, hi);
501 void b43_tsf_read(struct b43_wldev *dev, u64 * tsf)
503 /* We need to be careful. As we read the TSF from multiple
504 * registers, we should take care of register overflows.
505 * In theory, the whole tsf read process should be atomic.
506 * We try to be atomic here, by restaring the read process,
507 * if any of the high registers changed (overflew).
509 if (dev->dev->id.revision >= 3) {
510 u32 low, high, high2;
513 high = b43_read32(dev, B43_MMIO_REV3PLUS_TSF_HIGH);
514 low = b43_read32(dev, B43_MMIO_REV3PLUS_TSF_LOW);
515 high2 = b43_read32(dev, B43_MMIO_REV3PLUS_TSF_HIGH);
516 } while (unlikely(high != high2));
524 u16 test1, test2, test3;
527 v3 = b43_read16(dev, B43_MMIO_TSF_3);
528 v2 = b43_read16(dev, B43_MMIO_TSF_2);
529 v1 = b43_read16(dev, B43_MMIO_TSF_1);
530 v0 = b43_read16(dev, B43_MMIO_TSF_0);
532 test3 = b43_read16(dev, B43_MMIO_TSF_3);
533 test2 = b43_read16(dev, B43_MMIO_TSF_2);
534 test1 = b43_read16(dev, B43_MMIO_TSF_1);
535 } while (v3 != test3 || v2 != test2 || v1 != test1);
549 static void b43_time_lock(struct b43_wldev *dev)
553 macctl = b43_read32(dev, B43_MMIO_MACCTL);
554 macctl |= B43_MACCTL_TBTTHOLD;
555 b43_write32(dev, B43_MMIO_MACCTL, macctl);
556 /* Commit the write */
557 b43_read32(dev, B43_MMIO_MACCTL);
560 static void b43_time_unlock(struct b43_wldev *dev)
564 macctl = b43_read32(dev, B43_MMIO_MACCTL);
565 macctl &= ~B43_MACCTL_TBTTHOLD;
566 b43_write32(dev, B43_MMIO_MACCTL, macctl);
567 /* Commit the write */
568 b43_read32(dev, B43_MMIO_MACCTL);
571 static void b43_tsf_write_locked(struct b43_wldev *dev, u64 tsf)
573 /* Be careful with the in-progress timer.
574 * First zero out the low register, so we have a full
575 * register-overflow duration to complete the operation.
577 if (dev->dev->id.revision >= 3) {
578 u32 lo = (tsf & 0x00000000FFFFFFFFULL);
579 u32 hi = (tsf & 0xFFFFFFFF00000000ULL) >> 32;
581 b43_write32(dev, B43_MMIO_REV3PLUS_TSF_LOW, 0);
583 b43_write32(dev, B43_MMIO_REV3PLUS_TSF_HIGH, hi);
585 b43_write32(dev, B43_MMIO_REV3PLUS_TSF_LOW, lo);
587 u16 v0 = (tsf & 0x000000000000FFFFULL);
588 u16 v1 = (tsf & 0x00000000FFFF0000ULL) >> 16;
589 u16 v2 = (tsf & 0x0000FFFF00000000ULL) >> 32;
590 u16 v3 = (tsf & 0xFFFF000000000000ULL) >> 48;
592 b43_write16(dev, B43_MMIO_TSF_0, 0);
594 b43_write16(dev, B43_MMIO_TSF_3, v3);
596 b43_write16(dev, B43_MMIO_TSF_2, v2);
598 b43_write16(dev, B43_MMIO_TSF_1, v1);
600 b43_write16(dev, B43_MMIO_TSF_0, v0);
604 void b43_tsf_write(struct b43_wldev *dev, u64 tsf)
607 b43_tsf_write_locked(dev, tsf);
608 b43_time_unlock(dev);
612 void b43_macfilter_set(struct b43_wldev *dev, u16 offset, const u8 * mac)
614 static const u8 zero_addr[ETH_ALEN] = { 0 };
621 b43_write16(dev, B43_MMIO_MACFILTER_CONTROL, offset);
625 b43_write16(dev, B43_MMIO_MACFILTER_DATA, data);
628 b43_write16(dev, B43_MMIO_MACFILTER_DATA, data);
631 b43_write16(dev, B43_MMIO_MACFILTER_DATA, data);
634 static void b43_write_mac_bssid_templates(struct b43_wldev *dev)
638 u8 mac_bssid[ETH_ALEN * 2];
642 bssid = dev->wl->bssid;
643 mac = dev->wl->mac_addr;
645 b43_macfilter_set(dev, B43_MACFILTER_BSSID, bssid);
647 memcpy(mac_bssid, mac, ETH_ALEN);
648 memcpy(mac_bssid + ETH_ALEN, bssid, ETH_ALEN);
650 /* Write our MAC address and BSSID to template ram */
651 for (i = 0; i < ARRAY_SIZE(mac_bssid); i += sizeof(u32)) {
652 tmp = (u32) (mac_bssid[i + 0]);
653 tmp |= (u32) (mac_bssid[i + 1]) << 8;
654 tmp |= (u32) (mac_bssid[i + 2]) << 16;
655 tmp |= (u32) (mac_bssid[i + 3]) << 24;
656 b43_ram_write(dev, 0x20 + i, tmp);
660 static void b43_upload_card_macaddress(struct b43_wldev *dev)
662 b43_write_mac_bssid_templates(dev);
663 b43_macfilter_set(dev, B43_MACFILTER_SELF, dev->wl->mac_addr);
666 static void b43_set_slot_time(struct b43_wldev *dev, u16 slot_time)
668 /* slot_time is in usec. */
669 if (dev->phy.type != B43_PHYTYPE_G)
671 b43_write16(dev, 0x684, 510 + slot_time);
672 b43_shm_write16(dev, B43_SHM_SHARED, 0x0010, slot_time);
675 static void b43_short_slot_timing_enable(struct b43_wldev *dev)
677 b43_set_slot_time(dev, 9);
681 static void b43_short_slot_timing_disable(struct b43_wldev *dev)
683 b43_set_slot_time(dev, 20);
687 /* Enable a Generic IRQ. "mask" is the mask of which IRQs to enable.
688 * Returns the _previously_ enabled IRQ mask.
690 static inline u32 b43_interrupt_enable(struct b43_wldev *dev, u32 mask)
694 old_mask = b43_read32(dev, B43_MMIO_GEN_IRQ_MASK);
695 b43_write32(dev, B43_MMIO_GEN_IRQ_MASK, old_mask | mask);
700 /* Disable a Generic IRQ. "mask" is the mask of which IRQs to disable.
701 * Returns the _previously_ enabled IRQ mask.
703 static inline u32 b43_interrupt_disable(struct b43_wldev *dev, u32 mask)
707 old_mask = b43_read32(dev, B43_MMIO_GEN_IRQ_MASK);
708 b43_write32(dev, B43_MMIO_GEN_IRQ_MASK, old_mask & ~mask);
713 /* Synchronize IRQ top- and bottom-half.
714 * IRQs must be masked before calling this.
715 * This must not be called with the irq_lock held.
717 static void b43_synchronize_irq(struct b43_wldev *dev)
719 synchronize_irq(dev->dev->irq);
720 tasklet_kill(&dev->isr_tasklet);
723 /* DummyTransmission function, as documented on
724 * http://bcm-specs.sipsolutions.net/DummyTransmission
726 void b43_dummy_transmission(struct b43_wldev *dev)
728 struct b43_phy *phy = &dev->phy;
729 unsigned int i, max_loop;
742 buffer[0] = 0x000201CC;
747 buffer[0] = 0x000B846E;
754 for (i = 0; i < 5; i++)
755 b43_ram_write(dev, i * 4, buffer[i]);
758 b43_read32(dev, B43_MMIO_MACCTL);
760 b43_write16(dev, 0x0568, 0x0000);
761 b43_write16(dev, 0x07C0, 0x0000);
762 value = ((phy->type == B43_PHYTYPE_A) ? 1 : 0);
763 b43_write16(dev, 0x050C, value);
764 b43_write16(dev, 0x0508, 0x0000);
765 b43_write16(dev, 0x050A, 0x0000);
766 b43_write16(dev, 0x054C, 0x0000);
767 b43_write16(dev, 0x056A, 0x0014);
768 b43_write16(dev, 0x0568, 0x0826);
769 b43_write16(dev, 0x0500, 0x0000);
770 b43_write16(dev, 0x0502, 0x0030);
772 if (phy->radio_ver == 0x2050 && phy->radio_rev <= 0x5)
773 b43_radio_write16(dev, 0x0051, 0x0017);
774 for (i = 0x00; i < max_loop; i++) {
775 value = b43_read16(dev, 0x050E);
780 for (i = 0x00; i < 0x0A; i++) {
781 value = b43_read16(dev, 0x050E);
786 for (i = 0x00; i < 0x0A; i++) {
787 value = b43_read16(dev, 0x0690);
788 if (!(value & 0x0100))
792 if (phy->radio_ver == 0x2050 && phy->radio_rev <= 0x5)
793 b43_radio_write16(dev, 0x0051, 0x0037);
796 static void key_write(struct b43_wldev *dev,
797 u8 index, u8 algorithm, const u8 * key)
804 /* Key index/algo block */
805 kidx = b43_kidx_to_fw(dev, index);
806 value = ((kidx << 4) | algorithm);
807 b43_shm_write16(dev, B43_SHM_SHARED,
808 B43_SHM_SH_KEYIDXBLOCK + (kidx * 2), value);
810 /* Write the key to the Key Table Pointer offset */
811 offset = dev->ktp + (index * B43_SEC_KEYSIZE);
812 for (i = 0; i < B43_SEC_KEYSIZE; i += 2) {
814 value |= (u16) (key[i + 1]) << 8;
815 b43_shm_write16(dev, B43_SHM_SHARED, offset + i, value);
819 static void keymac_write(struct b43_wldev *dev, u8 index, const u8 * addr)
821 u32 addrtmp[2] = { 0, 0, };
822 u8 per_sta_keys_start = 8;
824 if (b43_new_kidx_api(dev))
825 per_sta_keys_start = 4;
827 B43_WARN_ON(index < per_sta_keys_start);
828 /* We have two default TX keys and possibly two default RX keys.
829 * Physical mac 0 is mapped to physical key 4 or 8, depending
830 * on the firmware version.
831 * So we must adjust the index here.
833 index -= per_sta_keys_start;
836 addrtmp[0] = addr[0];
837 addrtmp[0] |= ((u32) (addr[1]) << 8);
838 addrtmp[0] |= ((u32) (addr[2]) << 16);
839 addrtmp[0] |= ((u32) (addr[3]) << 24);
840 addrtmp[1] = addr[4];
841 addrtmp[1] |= ((u32) (addr[5]) << 8);
844 if (dev->dev->id.revision >= 5) {
845 /* Receive match transmitter address mechanism */
846 b43_shm_write32(dev, B43_SHM_RCMTA,
847 (index * 2) + 0, addrtmp[0]);
848 b43_shm_write16(dev, B43_SHM_RCMTA,
849 (index * 2) + 1, addrtmp[1]);
851 /* RXE (Receive Engine) and
852 * PSM (Programmable State Machine) mechanism
855 /* TODO write to RCM 16, 19, 22 and 25 */
857 b43_shm_write32(dev, B43_SHM_SHARED,
858 B43_SHM_SH_PSM + (index * 6) + 0,
860 b43_shm_write16(dev, B43_SHM_SHARED,
861 B43_SHM_SH_PSM + (index * 6) + 4,
867 static void do_key_write(struct b43_wldev *dev,
868 u8 index, u8 algorithm,
869 const u8 * key, size_t key_len, const u8 * mac_addr)
871 u8 buf[B43_SEC_KEYSIZE] = { 0, };
872 u8 per_sta_keys_start = 8;
874 if (b43_new_kidx_api(dev))
875 per_sta_keys_start = 4;
877 B43_WARN_ON(index >= dev->max_nr_keys);
878 B43_WARN_ON(key_len > B43_SEC_KEYSIZE);
880 if (index >= per_sta_keys_start)
881 keymac_write(dev, index, NULL); /* First zero out mac. */
883 memcpy(buf, key, key_len);
884 key_write(dev, index, algorithm, buf);
885 if (index >= per_sta_keys_start)
886 keymac_write(dev, index, mac_addr);
888 dev->key[index].algorithm = algorithm;
891 static int b43_key_write(struct b43_wldev *dev,
892 int index, u8 algorithm,
893 const u8 * key, size_t key_len,
895 struct ieee80211_key_conf *keyconf)
900 if (key_len > B43_SEC_KEYSIZE)
902 for (i = 0; i < dev->max_nr_keys; i++) {
903 /* Check that we don't already have this key. */
904 B43_WARN_ON(dev->key[i].keyconf == keyconf);
907 /* Either pairwise key or address is 00:00:00:00:00:00
908 * for transmit-only keys. Search the index. */
909 if (b43_new_kidx_api(dev))
913 for (i = sta_keys_start; i < dev->max_nr_keys; i++) {
914 if (!dev->key[i].keyconf) {
921 b43err(dev->wl, "Out of hardware key memory\n");
925 B43_WARN_ON(index > 3);
927 do_key_write(dev, index, algorithm, key, key_len, mac_addr);
928 if ((index <= 3) && !b43_new_kidx_api(dev)) {
930 B43_WARN_ON(mac_addr);
931 do_key_write(dev, index + 4, algorithm, key, key_len, NULL);
933 keyconf->hw_key_idx = index;
934 dev->key[index].keyconf = keyconf;
939 static int b43_key_clear(struct b43_wldev *dev, int index)
941 if (B43_WARN_ON((index < 0) || (index >= dev->max_nr_keys)))
943 do_key_write(dev, index, B43_SEC_ALGO_NONE,
944 NULL, B43_SEC_KEYSIZE, NULL);
945 if ((index <= 3) && !b43_new_kidx_api(dev)) {
946 do_key_write(dev, index + 4, B43_SEC_ALGO_NONE,
947 NULL, B43_SEC_KEYSIZE, NULL);
949 dev->key[index].keyconf = NULL;
954 static void b43_clear_keys(struct b43_wldev *dev)
958 for (i = 0; i < dev->max_nr_keys; i++)
959 b43_key_clear(dev, i);
962 void b43_power_saving_ctl_bits(struct b43_wldev *dev, unsigned int ps_flags)
970 B43_WARN_ON((ps_flags & B43_PS_ENABLED) &&
971 (ps_flags & B43_PS_DISABLED));
972 B43_WARN_ON((ps_flags & B43_PS_AWAKE) && (ps_flags & B43_PS_ASLEEP));
974 if (ps_flags & B43_PS_ENABLED) {
976 } else if (ps_flags & B43_PS_DISABLED) {
979 //TODO: If powersave is not off and FIXME is not set and we are not in adhoc
980 // and thus is not an AP and we are associated, set bit 25
982 if (ps_flags & B43_PS_AWAKE) {
984 } else if (ps_flags & B43_PS_ASLEEP) {
987 //TODO: If the device is awake or this is an AP, or we are scanning, or FIXME,
988 // or we are associated, or FIXME, or the latest PS-Poll packet sent was
989 // successful, set bit26
992 /* FIXME: For now we force awake-on and hwps-off */
996 macctl = b43_read32(dev, B43_MMIO_MACCTL);
998 macctl |= B43_MACCTL_HWPS;
1000 macctl &= ~B43_MACCTL_HWPS;
1002 macctl |= B43_MACCTL_AWAKE;
1004 macctl &= ~B43_MACCTL_AWAKE;
1005 b43_write32(dev, B43_MMIO_MACCTL, macctl);
1007 b43_read32(dev, B43_MMIO_MACCTL);
1008 if (awake && dev->dev->id.revision >= 5) {
1009 /* Wait for the microcode to wake up. */
1010 for (i = 0; i < 100; i++) {
1011 ucstat = b43_shm_read16(dev, B43_SHM_SHARED,
1012 B43_SHM_SH_UCODESTAT);
1013 if (ucstat != B43_SHM_SH_UCODESTAT_SLEEP)
1020 /* Turn the Analog ON/OFF */
1021 static void b43_switch_analog(struct b43_wldev *dev, int on)
1023 switch (dev->phy.type) {
1026 b43_write16(dev, B43_MMIO_PHY0, on ? 0 : 0xF4);
1029 b43_phy_write(dev, B43_NPHY_AFECTL_OVER,
1037 void b43_wireless_core_reset(struct b43_wldev *dev, u32 flags)
1042 flags |= B43_TMSLOW_PHYCLKEN;
1043 flags |= B43_TMSLOW_PHYRESET;
1044 ssb_device_enable(dev->dev, flags);
1045 msleep(2); /* Wait for the PLL to turn on. */
1047 /* Now take the PHY out of Reset again */
1048 tmslow = ssb_read32(dev->dev, SSB_TMSLOW);
1049 tmslow |= SSB_TMSLOW_FGC;
1050 tmslow &= ~B43_TMSLOW_PHYRESET;
1051 ssb_write32(dev->dev, SSB_TMSLOW, tmslow);
1052 ssb_read32(dev->dev, SSB_TMSLOW); /* flush */
1054 tmslow &= ~SSB_TMSLOW_FGC;
1055 ssb_write32(dev->dev, SSB_TMSLOW, tmslow);
1056 ssb_read32(dev->dev, SSB_TMSLOW); /* flush */
1059 /* Turn Analog ON */
1060 b43_switch_analog(dev, 1);
1062 macctl = b43_read32(dev, B43_MMIO_MACCTL);
1063 macctl &= ~B43_MACCTL_GMODE;
1064 if (flags & B43_TMSLOW_GMODE)
1065 macctl |= B43_MACCTL_GMODE;
1066 macctl |= B43_MACCTL_IHR_ENABLED;
1067 b43_write32(dev, B43_MMIO_MACCTL, macctl);
1070 static void handle_irq_transmit_status(struct b43_wldev *dev)
1074 struct b43_txstatus stat;
1077 v0 = b43_read32(dev, B43_MMIO_XMITSTAT_0);
1078 if (!(v0 & 0x00000001))
1080 v1 = b43_read32(dev, B43_MMIO_XMITSTAT_1);
1082 stat.cookie = (v0 >> 16);
1083 stat.seq = (v1 & 0x0000FFFF);
1084 stat.phy_stat = ((v1 & 0x00FF0000) >> 16);
1085 tmp = (v0 & 0x0000FFFF);
1086 stat.frame_count = ((tmp & 0xF000) >> 12);
1087 stat.rts_count = ((tmp & 0x0F00) >> 8);
1088 stat.supp_reason = ((tmp & 0x001C) >> 2);
1089 stat.pm_indicated = !!(tmp & 0x0080);
1090 stat.intermediate = !!(tmp & 0x0040);
1091 stat.for_ampdu = !!(tmp & 0x0020);
1092 stat.acked = !!(tmp & 0x0002);
1094 b43_handle_txstatus(dev, &stat);
1098 static void drain_txstatus_queue(struct b43_wldev *dev)
1102 if (dev->dev->id.revision < 5)
1104 /* Read all entries from the microcode TXstatus FIFO
1105 * and throw them away.
1108 dummy = b43_read32(dev, B43_MMIO_XMITSTAT_0);
1109 if (!(dummy & 0x00000001))
1111 dummy = b43_read32(dev, B43_MMIO_XMITSTAT_1);
1115 static u32 b43_jssi_read(struct b43_wldev *dev)
1119 val = b43_shm_read16(dev, B43_SHM_SHARED, 0x08A);
1121 val |= b43_shm_read16(dev, B43_SHM_SHARED, 0x088);
1126 static void b43_jssi_write(struct b43_wldev *dev, u32 jssi)
1128 b43_shm_write16(dev, B43_SHM_SHARED, 0x088, (jssi & 0x0000FFFF));
1129 b43_shm_write16(dev, B43_SHM_SHARED, 0x08A, (jssi & 0xFFFF0000) >> 16);
1132 static void b43_generate_noise_sample(struct b43_wldev *dev)
1134 b43_jssi_write(dev, 0x7F7F7F7F);
1135 b43_write32(dev, B43_MMIO_MACCMD,
1136 b43_read32(dev, B43_MMIO_MACCMD) | B43_MACCMD_BGNOISE);
1137 B43_WARN_ON(dev->noisecalc.channel_at_start != dev->phy.channel);
1140 static void b43_calculate_link_quality(struct b43_wldev *dev)
1142 /* Top half of Link Quality calculation. */
1144 if (dev->noisecalc.calculation_running)
1146 dev->noisecalc.channel_at_start = dev->phy.channel;
1147 dev->noisecalc.calculation_running = 1;
1148 dev->noisecalc.nr_samples = 0;
1150 b43_generate_noise_sample(dev);
1153 static void handle_irq_noise(struct b43_wldev *dev)
1155 struct b43_phy *phy = &dev->phy;
1161 /* Bottom half of Link Quality calculation. */
1163 B43_WARN_ON(!dev->noisecalc.calculation_running);
1164 if (dev->noisecalc.channel_at_start != phy->channel)
1165 goto drop_calculation;
1166 *((__le32 *)noise) = cpu_to_le32(b43_jssi_read(dev));
1167 if (noise[0] == 0x7F || noise[1] == 0x7F ||
1168 noise[2] == 0x7F || noise[3] == 0x7F)
1171 /* Get the noise samples. */
1172 B43_WARN_ON(dev->noisecalc.nr_samples >= 8);
1173 i = dev->noisecalc.nr_samples;
1174 noise[0] = limit_value(noise[0], 0, ARRAY_SIZE(phy->nrssi_lt) - 1);
1175 noise[1] = limit_value(noise[1], 0, ARRAY_SIZE(phy->nrssi_lt) - 1);
1176 noise[2] = limit_value(noise[2], 0, ARRAY_SIZE(phy->nrssi_lt) - 1);
1177 noise[3] = limit_value(noise[3], 0, ARRAY_SIZE(phy->nrssi_lt) - 1);
1178 dev->noisecalc.samples[i][0] = phy->nrssi_lt[noise[0]];
1179 dev->noisecalc.samples[i][1] = phy->nrssi_lt[noise[1]];
1180 dev->noisecalc.samples[i][2] = phy->nrssi_lt[noise[2]];
1181 dev->noisecalc.samples[i][3] = phy->nrssi_lt[noise[3]];
1182 dev->noisecalc.nr_samples++;
1183 if (dev->noisecalc.nr_samples == 8) {
1184 /* Calculate the Link Quality by the noise samples. */
1186 for (i = 0; i < 8; i++) {
1187 for (j = 0; j < 4; j++)
1188 average += dev->noisecalc.samples[i][j];
1194 tmp = b43_shm_read16(dev, B43_SHM_SHARED, 0x40C);
1195 tmp = (tmp / 128) & 0x1F;
1205 dev->stats.link_noise = average;
1207 dev->noisecalc.calculation_running = 0;
1211 b43_generate_noise_sample(dev);
1214 static void handle_irq_tbtt_indication(struct b43_wldev *dev)
1216 if (b43_is_mode(dev->wl, IEEE80211_IF_TYPE_AP)) {
1219 if (1 /*FIXME: the last PSpoll frame was sent successfully */ )
1220 b43_power_saving_ctl_bits(dev, 0);
1222 if (b43_is_mode(dev->wl, IEEE80211_IF_TYPE_IBSS))
1226 static void handle_irq_atim_end(struct b43_wldev *dev)
1228 if (dev->dfq_valid) {
1229 b43_write32(dev, B43_MMIO_MACCMD,
1230 b43_read32(dev, B43_MMIO_MACCMD)
1231 | B43_MACCMD_DFQ_VALID);
1236 static void handle_irq_pmq(struct b43_wldev *dev)
1243 tmp = b43_read32(dev, B43_MMIO_PS_STATUS);
1244 if (!(tmp & 0x00000008))
1247 /* 16bit write is odd, but correct. */
1248 b43_write16(dev, B43_MMIO_PS_STATUS, 0x0002);
1251 static void b43_write_template_common(struct b43_wldev *dev,
1252 const u8 * data, u16 size,
1254 u16 shm_size_offset, u8 rate)
1257 struct b43_plcp_hdr4 plcp;
1260 b43_generate_plcp_hdr(&plcp, size + FCS_LEN, rate);
1261 b43_ram_write(dev, ram_offset, le32_to_cpu(plcp.data));
1262 ram_offset += sizeof(u32);
1263 /* The PLCP is 6 bytes long, but we only wrote 4 bytes, yet.
1264 * So leave the first two bytes of the next write blank.
1266 tmp = (u32) (data[0]) << 16;
1267 tmp |= (u32) (data[1]) << 24;
1268 b43_ram_write(dev, ram_offset, tmp);
1269 ram_offset += sizeof(u32);
1270 for (i = 2; i < size; i += sizeof(u32)) {
1271 tmp = (u32) (data[i + 0]);
1273 tmp |= (u32) (data[i + 1]) << 8;
1275 tmp |= (u32) (data[i + 2]) << 16;
1277 tmp |= (u32) (data[i + 3]) << 24;
1278 b43_ram_write(dev, ram_offset + i - 2, tmp);
1280 b43_shm_write16(dev, B43_SHM_SHARED, shm_size_offset,
1281 size + sizeof(struct b43_plcp_hdr6));
1284 /* Check if the use of the antenna that ieee80211 told us to
1285 * use is possible. This will fall back to DEFAULT.
1286 * "antenna_nr" is the antenna identifier we got from ieee80211. */
1287 u8 b43_ieee80211_antenna_sanitize(struct b43_wldev *dev,
1292 if (antenna_nr == 0) {
1293 /* Zero means "use default antenna". That's always OK. */
1297 /* Get the mask of available antennas. */
1299 antenna_mask = dev->dev->bus->sprom.ant_available_bg;
1301 antenna_mask = dev->dev->bus->sprom.ant_available_a;
1303 if (!(antenna_mask & (1 << (antenna_nr - 1)))) {
1304 /* This antenna is not available. Fall back to default. */
1311 static int b43_antenna_from_ieee80211(struct b43_wldev *dev, u8 antenna)
1313 antenna = b43_ieee80211_antenna_sanitize(dev, antenna);
1315 case 0: /* default/diversity */
1316 return B43_ANTENNA_DEFAULT;
1317 case 1: /* Antenna 0 */
1318 return B43_ANTENNA0;
1319 case 2: /* Antenna 1 */
1320 return B43_ANTENNA1;
1321 case 3: /* Antenna 2 */
1322 return B43_ANTENNA2;
1323 case 4: /* Antenna 3 */
1324 return B43_ANTENNA3;
1326 return B43_ANTENNA_DEFAULT;
1330 /* Convert a b43 antenna number value to the PHY TX control value. */
1331 static u16 b43_antenna_to_phyctl(int antenna)
1335 return B43_TXH_PHY_ANT0;
1337 return B43_TXH_PHY_ANT1;
1339 return B43_TXH_PHY_ANT2;
1341 return B43_TXH_PHY_ANT3;
1342 case B43_ANTENNA_AUTO:
1343 return B43_TXH_PHY_ANT01AUTO;
1349 static void b43_write_beacon_template(struct b43_wldev *dev,
1351 u16 shm_size_offset)
1353 unsigned int i, len, variable_len;
1354 const struct ieee80211_mgmt *bcn;
1361 bcn = (const struct ieee80211_mgmt *)(dev->wl->current_beacon->data);
1362 len = min((size_t) dev->wl->current_beacon->len,
1363 0x200 - sizeof(struct b43_plcp_hdr6));
1364 rate = dev->wl->beacon_txctl.tx_rate->hw_value;
1366 b43_write_template_common(dev, (const u8 *)bcn,
1367 len, ram_offset, shm_size_offset, rate);
1369 /* Write the PHY TX control parameters. */
1370 antenna = b43_antenna_from_ieee80211(dev,
1371 dev->wl->beacon_txctl.antenna_sel_tx);
1372 antenna = b43_antenna_to_phyctl(antenna);
1373 ctl = b43_shm_read16(dev, B43_SHM_SHARED, B43_SHM_SH_BEACPHYCTL);
1374 /* We can't send beacons with short preamble. Would get PHY errors. */
1375 ctl &= ~B43_TXH_PHY_SHORTPRMBL;
1376 ctl &= ~B43_TXH_PHY_ANT;
1377 ctl &= ~B43_TXH_PHY_ENC;
1379 if (b43_is_cck_rate(rate))
1380 ctl |= B43_TXH_PHY_ENC_CCK;
1382 ctl |= B43_TXH_PHY_ENC_OFDM;
1383 b43_shm_write16(dev, B43_SHM_SHARED, B43_SHM_SH_BEACPHYCTL, ctl);
1385 /* Find the position of the TIM and the DTIM_period value
1386 * and write them to SHM. */
1387 ie = bcn->u.beacon.variable;
1388 variable_len = len - offsetof(struct ieee80211_mgmt, u.beacon.variable);
1389 for (i = 0; i < variable_len - 2; ) {
1390 uint8_t ie_id, ie_len;
1397 /* This is the TIM Information Element */
1399 /* Check whether the ie_len is in the beacon data range. */
1400 if (variable_len < ie_len + 2 + i)
1402 /* A valid TIM is at least 4 bytes long. */
1407 tim_position = sizeof(struct b43_plcp_hdr6);
1408 tim_position += offsetof(struct ieee80211_mgmt, u.beacon.variable);
1411 dtim_period = ie[i + 3];
1413 b43_shm_write16(dev, B43_SHM_SHARED,
1414 B43_SHM_SH_TIMBPOS, tim_position);
1415 b43_shm_write16(dev, B43_SHM_SHARED,
1416 B43_SHM_SH_DTIMPER, dtim_period);
1422 b43warn(dev->wl, "Did not find a valid TIM IE in "
1423 "the beacon template packet. AP or IBSS operation "
1424 "may be broken.\n");
1426 b43dbg(dev->wl, "Updated beacon template\n");
1429 static void b43_write_probe_resp_plcp(struct b43_wldev *dev,
1430 u16 shm_offset, u16 size,
1431 struct ieee80211_rate *rate)
1433 struct b43_plcp_hdr4 plcp;
1438 b43_generate_plcp_hdr(&plcp, size + FCS_LEN, rate->hw_value);
1439 dur = ieee80211_generic_frame_duration(dev->wl->hw,
1442 /* Write PLCP in two parts and timing for packet transfer */
1443 tmp = le32_to_cpu(plcp.data);
1444 b43_shm_write16(dev, B43_SHM_SHARED, shm_offset, tmp & 0xFFFF);
1445 b43_shm_write16(dev, B43_SHM_SHARED, shm_offset + 2, tmp >> 16);
1446 b43_shm_write16(dev, B43_SHM_SHARED, shm_offset + 6, le16_to_cpu(dur));
1449 /* Instead of using custom probe response template, this function
1450 * just patches custom beacon template by:
1451 * 1) Changing packet type
1452 * 2) Patching duration field
1455 static const u8 * b43_generate_probe_resp(struct b43_wldev *dev,
1457 struct ieee80211_rate *rate)
1461 u16 src_size, elem_size, src_pos, dest_pos;
1463 struct ieee80211_hdr *hdr;
1466 src_size = dev->wl->current_beacon->len;
1467 src_data = (const u8 *)dev->wl->current_beacon->data;
1469 /* Get the start offset of the variable IEs in the packet. */
1470 ie_start = offsetof(struct ieee80211_mgmt, u.probe_resp.variable);
1471 B43_WARN_ON(ie_start != offsetof(struct ieee80211_mgmt, u.beacon.variable));
1473 if (B43_WARN_ON(src_size < ie_start))
1476 dest_data = kmalloc(src_size, GFP_ATOMIC);
1477 if (unlikely(!dest_data))
1480 /* Copy the static data and all Information Elements, except the TIM. */
1481 memcpy(dest_data, src_data, ie_start);
1483 dest_pos = ie_start;
1484 for ( ; src_pos < src_size - 2; src_pos += elem_size) {
1485 elem_size = src_data[src_pos + 1] + 2;
1486 if (src_data[src_pos] == 5) {
1487 /* This is the TIM. */
1490 memcpy(dest_data + dest_pos, src_data + src_pos,
1492 dest_pos += elem_size;
1494 *dest_size = dest_pos;
1495 hdr = (struct ieee80211_hdr *)dest_data;
1497 /* Set the frame control. */
1498 hdr->frame_control = cpu_to_le16(IEEE80211_FTYPE_MGMT |
1499 IEEE80211_STYPE_PROBE_RESP);
1500 dur = ieee80211_generic_frame_duration(dev->wl->hw,
1501 dev->wl->vif, *dest_size,
1503 hdr->duration_id = dur;
1508 static void b43_write_probe_resp_template(struct b43_wldev *dev,
1510 u16 shm_size_offset,
1511 struct ieee80211_rate *rate)
1513 const u8 *probe_resp_data;
1516 size = dev->wl->current_beacon->len;
1517 probe_resp_data = b43_generate_probe_resp(dev, &size, rate);
1518 if (unlikely(!probe_resp_data))
1521 /* Looks like PLCP headers plus packet timings are stored for
1522 * all possible basic rates
1524 b43_write_probe_resp_plcp(dev, 0x31A, size, &b43_b_ratetable[0]);
1525 b43_write_probe_resp_plcp(dev, 0x32C, size, &b43_b_ratetable[1]);
1526 b43_write_probe_resp_plcp(dev, 0x33E, size, &b43_b_ratetable[2]);
1527 b43_write_probe_resp_plcp(dev, 0x350, size, &b43_b_ratetable[3]);
1529 size = min((size_t) size, 0x200 - sizeof(struct b43_plcp_hdr6));
1530 b43_write_template_common(dev, probe_resp_data,
1531 size, ram_offset, shm_size_offset,
1533 kfree(probe_resp_data);
1536 static void handle_irq_beacon(struct b43_wldev *dev)
1538 struct b43_wl *wl = dev->wl;
1539 u32 cmd, beacon0_valid, beacon1_valid;
1541 if (!b43_is_mode(wl, IEEE80211_IF_TYPE_AP))
1544 /* This is the bottom half of the asynchronous beacon update. */
1546 /* Ignore interrupt in the future. */
1547 dev->irq_savedstate &= ~B43_IRQ_BEACON;
1549 cmd = b43_read32(dev, B43_MMIO_MACCMD);
1550 beacon0_valid = (cmd & B43_MACCMD_BEACON0_VALID);
1551 beacon1_valid = (cmd & B43_MACCMD_BEACON1_VALID);
1553 /* Schedule interrupt manually, if busy. */
1554 if (beacon0_valid && beacon1_valid) {
1555 b43_write32(dev, B43_MMIO_GEN_IRQ_REASON, B43_IRQ_BEACON);
1556 dev->irq_savedstate |= B43_IRQ_BEACON;
1560 if (!beacon0_valid) {
1561 if (!wl->beacon0_uploaded) {
1562 b43_write_beacon_template(dev, 0x68, 0x18);
1563 b43_write_probe_resp_template(dev, 0x268, 0x4A,
1564 &__b43_ratetable[3]);
1565 wl->beacon0_uploaded = 1;
1567 cmd = b43_read32(dev, B43_MMIO_MACCMD);
1568 cmd |= B43_MACCMD_BEACON0_VALID;
1569 b43_write32(dev, B43_MMIO_MACCMD, cmd);
1570 } else if (!beacon1_valid) {
1571 if (!wl->beacon1_uploaded) {
1572 b43_write_beacon_template(dev, 0x468, 0x1A);
1573 wl->beacon1_uploaded = 1;
1575 cmd = b43_read32(dev, B43_MMIO_MACCMD);
1576 cmd |= B43_MACCMD_BEACON1_VALID;
1577 b43_write32(dev, B43_MMIO_MACCMD, cmd);
1581 static void b43_beacon_update_trigger_work(struct work_struct *work)
1583 struct b43_wl *wl = container_of(work, struct b43_wl,
1584 beacon_update_trigger);
1585 struct b43_wldev *dev;
1587 mutex_lock(&wl->mutex);
1588 dev = wl->current_dev;
1589 if (likely(dev && (b43_status(dev) >= B43_STAT_INITIALIZED))) {
1590 spin_lock_irq(&wl->irq_lock);
1591 /* update beacon right away or defer to irq */
1592 dev->irq_savedstate = b43_read32(dev, B43_MMIO_GEN_IRQ_MASK);
1593 handle_irq_beacon(dev);
1594 /* The handler might have updated the IRQ mask. */
1595 b43_write32(dev, B43_MMIO_GEN_IRQ_MASK,
1596 dev->irq_savedstate);
1598 spin_unlock_irq(&wl->irq_lock);
1600 mutex_unlock(&wl->mutex);
1603 /* Asynchronously update the packet templates in template RAM.
1604 * Locking: Requires wl->irq_lock to be locked. */
1605 static void b43_update_templates(struct b43_wl *wl, struct sk_buff *beacon,
1606 const struct ieee80211_tx_control *txctl)
1608 /* This is the top half of the ansynchronous beacon update.
1609 * The bottom half is the beacon IRQ.
1610 * Beacon update must be asynchronous to avoid sending an
1611 * invalid beacon. This can happen for example, if the firmware
1612 * transmits a beacon while we are updating it. */
1614 if (wl->current_beacon)
1615 dev_kfree_skb_any(wl->current_beacon);
1616 wl->current_beacon = beacon;
1617 memcpy(&wl->beacon_txctl, txctl, sizeof(wl->beacon_txctl));
1618 wl->beacon0_uploaded = 0;
1619 wl->beacon1_uploaded = 0;
1620 queue_work(wl->hw->workqueue, &wl->beacon_update_trigger);
1623 static void b43_set_ssid(struct b43_wldev *dev, const u8 * ssid, u8 ssid_len)
1628 len = min((u16) ssid_len, (u16) 0x100);
1629 for (i = 0; i < len; i += sizeof(u32)) {
1630 tmp = (u32) (ssid[i + 0]);
1632 tmp |= (u32) (ssid[i + 1]) << 8;
1634 tmp |= (u32) (ssid[i + 2]) << 16;
1636 tmp |= (u32) (ssid[i + 3]) << 24;
1637 b43_shm_write32(dev, B43_SHM_SHARED, 0x380 + i, tmp);
1639 b43_shm_write16(dev, B43_SHM_SHARED, 0x48, len);
1642 static void b43_set_beacon_int(struct b43_wldev *dev, u16 beacon_int)
1645 if (dev->dev->id.revision >= 3) {
1646 b43_write32(dev, B43_MMIO_TSF_CFP_REP, (beacon_int << 16));
1647 b43_write32(dev, B43_MMIO_TSF_CFP_START, (beacon_int << 10));
1649 b43_write16(dev, 0x606, (beacon_int >> 6));
1650 b43_write16(dev, 0x610, beacon_int);
1652 b43_time_unlock(dev);
1653 b43dbg(dev->wl, "Set beacon interval to %u\n", beacon_int);
1656 static void handle_irq_ucode_debug(struct b43_wldev *dev)
1661 /* Interrupt handler bottom-half */
1662 static void b43_interrupt_tasklet(struct b43_wldev *dev)
1665 u32 dma_reason[ARRAY_SIZE(dev->dma_reason)];
1666 u32 merged_dma_reason = 0;
1668 unsigned long flags;
1670 spin_lock_irqsave(&dev->wl->irq_lock, flags);
1672 B43_WARN_ON(b43_status(dev) != B43_STAT_STARTED);
1674 reason = dev->irq_reason;
1675 for (i = 0; i < ARRAY_SIZE(dma_reason); i++) {
1676 dma_reason[i] = dev->dma_reason[i];
1677 merged_dma_reason |= dma_reason[i];
1680 if (unlikely(reason & B43_IRQ_MAC_TXERR))
1681 b43err(dev->wl, "MAC transmission error\n");
1683 if (unlikely(reason & B43_IRQ_PHY_TXERR)) {
1684 b43err(dev->wl, "PHY transmission error\n");
1686 if (unlikely(atomic_dec_and_test(&dev->phy.txerr_cnt))) {
1687 atomic_set(&dev->phy.txerr_cnt,
1688 B43_PHY_TX_BADNESS_LIMIT);
1689 b43err(dev->wl, "Too many PHY TX errors, "
1690 "restarting the controller\n");
1691 b43_controller_restart(dev, "PHY TX errors");
1695 if (unlikely(merged_dma_reason & (B43_DMAIRQ_FATALMASK |
1696 B43_DMAIRQ_NONFATALMASK))) {
1697 if (merged_dma_reason & B43_DMAIRQ_FATALMASK) {
1698 b43err(dev->wl, "Fatal DMA error: "
1699 "0x%08X, 0x%08X, 0x%08X, "
1700 "0x%08X, 0x%08X, 0x%08X\n",
1701 dma_reason[0], dma_reason[1],
1702 dma_reason[2], dma_reason[3],
1703 dma_reason[4], dma_reason[5]);
1704 b43_controller_restart(dev, "DMA error");
1706 spin_unlock_irqrestore(&dev->wl->irq_lock, flags);
1709 if (merged_dma_reason & B43_DMAIRQ_NONFATALMASK) {
1710 b43err(dev->wl, "DMA error: "
1711 "0x%08X, 0x%08X, 0x%08X, "
1712 "0x%08X, 0x%08X, 0x%08X\n",
1713 dma_reason[0], dma_reason[1],
1714 dma_reason[2], dma_reason[3],
1715 dma_reason[4], dma_reason[5]);
1719 if (unlikely(reason & B43_IRQ_UCODE_DEBUG))
1720 handle_irq_ucode_debug(dev);
1721 if (reason & B43_IRQ_TBTT_INDI)
1722 handle_irq_tbtt_indication(dev);
1723 if (reason & B43_IRQ_ATIM_END)
1724 handle_irq_atim_end(dev);
1725 if (reason & B43_IRQ_BEACON)
1726 handle_irq_beacon(dev);
1727 if (reason & B43_IRQ_PMQ)
1728 handle_irq_pmq(dev);
1729 if (reason & B43_IRQ_TXFIFO_FLUSH_OK)
1731 if (reason & B43_IRQ_NOISESAMPLE_OK)
1732 handle_irq_noise(dev);
1734 /* Check the DMA reason registers for received data. */
1735 if (dma_reason[0] & B43_DMAIRQ_RX_DONE) {
1736 if (b43_using_pio_transfers(dev))
1737 b43_pio_rx(dev->pio.rx_queue);
1739 b43_dma_rx(dev->dma.rx_ring);
1741 B43_WARN_ON(dma_reason[1] & B43_DMAIRQ_RX_DONE);
1742 B43_WARN_ON(dma_reason[2] & B43_DMAIRQ_RX_DONE);
1743 B43_WARN_ON(dma_reason[3] & B43_DMAIRQ_RX_DONE);
1744 B43_WARN_ON(dma_reason[4] & B43_DMAIRQ_RX_DONE);
1745 B43_WARN_ON(dma_reason[5] & B43_DMAIRQ_RX_DONE);
1747 if (reason & B43_IRQ_TX_OK)
1748 handle_irq_transmit_status(dev);
1750 b43_interrupt_enable(dev, dev->irq_savedstate);
1752 spin_unlock_irqrestore(&dev->wl->irq_lock, flags);
1755 static void b43_interrupt_ack(struct b43_wldev *dev, u32 reason)
1757 b43_write32(dev, B43_MMIO_GEN_IRQ_REASON, reason);
1759 b43_write32(dev, B43_MMIO_DMA0_REASON, dev->dma_reason[0]);
1760 b43_write32(dev, B43_MMIO_DMA1_REASON, dev->dma_reason[1]);
1761 b43_write32(dev, B43_MMIO_DMA2_REASON, dev->dma_reason[2]);
1762 b43_write32(dev, B43_MMIO_DMA3_REASON, dev->dma_reason[3]);
1763 b43_write32(dev, B43_MMIO_DMA4_REASON, dev->dma_reason[4]);
1764 b43_write32(dev, B43_MMIO_DMA5_REASON, dev->dma_reason[5]);
1767 /* Interrupt handler top-half */
1768 static irqreturn_t b43_interrupt_handler(int irq, void *dev_id)
1770 irqreturn_t ret = IRQ_NONE;
1771 struct b43_wldev *dev = dev_id;
1777 spin_lock(&dev->wl->irq_lock);
1779 if (b43_status(dev) < B43_STAT_STARTED)
1781 reason = b43_read32(dev, B43_MMIO_GEN_IRQ_REASON);
1782 if (reason == 0xffffffff) /* shared IRQ */
1785 reason &= b43_read32(dev, B43_MMIO_GEN_IRQ_MASK);
1789 dev->dma_reason[0] = b43_read32(dev, B43_MMIO_DMA0_REASON)
1791 dev->dma_reason[1] = b43_read32(dev, B43_MMIO_DMA1_REASON)
1793 dev->dma_reason[2] = b43_read32(dev, B43_MMIO_DMA2_REASON)
1795 dev->dma_reason[3] = b43_read32(dev, B43_MMIO_DMA3_REASON)
1797 dev->dma_reason[4] = b43_read32(dev, B43_MMIO_DMA4_REASON)
1799 dev->dma_reason[5] = b43_read32(dev, B43_MMIO_DMA5_REASON)
1802 b43_interrupt_ack(dev, reason);
1803 /* disable all IRQs. They are enabled again in the bottom half. */
1804 dev->irq_savedstate = b43_interrupt_disable(dev, B43_IRQ_ALL);
1805 /* save the reason code and call our bottom half. */
1806 dev->irq_reason = reason;
1807 tasklet_schedule(&dev->isr_tasklet);
1810 spin_unlock(&dev->wl->irq_lock);
1815 static void do_release_fw(struct b43_firmware_file *fw)
1817 release_firmware(fw->data);
1819 fw->filename = NULL;
1822 static void b43_release_firmware(struct b43_wldev *dev)
1824 do_release_fw(&dev->fw.ucode);
1825 do_release_fw(&dev->fw.pcm);
1826 do_release_fw(&dev->fw.initvals);
1827 do_release_fw(&dev->fw.initvals_band);
1830 static void b43_print_fw_helptext(struct b43_wl *wl, bool error)
1834 text = "You must go to "
1835 "http://linuxwireless.org/en/users/Drivers/b43#devicefirmware "
1836 "and download the latest firmware (version 4).\n";
1843 static int do_request_fw(struct b43_wldev *dev,
1845 struct b43_firmware_file *fw)
1847 char path[sizeof(modparam_fwpostfix) + 32];
1848 const struct firmware *blob;
1849 struct b43_fw_header *hdr;
1854 /* Don't fetch anything. Free possibly cached firmware. */
1859 if (strcmp(fw->filename, name) == 0)
1860 return 0; /* Already have this fw. */
1861 /* Free the cached firmware first. */
1865 snprintf(path, ARRAY_SIZE(path),
1867 modparam_fwpostfix, name);
1868 err = request_firmware(&blob, path, dev->dev->dev);
1870 b43err(dev->wl, "Firmware file \"%s\" not found "
1871 "or load failed.\n", path);
1874 if (blob->size < sizeof(struct b43_fw_header))
1876 hdr = (struct b43_fw_header *)(blob->data);
1877 switch (hdr->type) {
1878 case B43_FW_TYPE_UCODE:
1879 case B43_FW_TYPE_PCM:
1880 size = be32_to_cpu(hdr->size);
1881 if (size != blob->size - sizeof(struct b43_fw_header))
1884 case B43_FW_TYPE_IV:
1893 fw->filename = name;
1898 b43err(dev->wl, "Firmware file \"%s\" format error.\n", path);
1899 release_firmware(blob);
1904 static int b43_request_firmware(struct b43_wldev *dev)
1906 struct b43_firmware *fw = &dev->fw;
1907 const u8 rev = dev->dev->id.revision;
1908 const char *filename;
1913 tmshigh = ssb_read32(dev->dev, SSB_TMSHIGH);
1914 if ((rev >= 5) && (rev <= 10))
1915 filename = "ucode5";
1916 else if ((rev >= 11) && (rev <= 12))
1917 filename = "ucode11";
1919 filename = "ucode13";
1922 err = do_request_fw(dev, filename, &fw->ucode);
1927 if ((rev >= 5) && (rev <= 10))
1933 err = do_request_fw(dev, filename, &fw->pcm);
1938 switch (dev->phy.type) {
1940 if ((rev >= 5) && (rev <= 10)) {
1941 if (tmshigh & B43_TMSHIGH_HAVE_2GHZ_PHY)
1942 filename = "a0g1initvals5";
1944 filename = "a0g0initvals5";
1946 goto err_no_initvals;
1949 if ((rev >= 5) && (rev <= 10))
1950 filename = "b0g0initvals5";
1952 filename = "lp0initvals13";
1954 goto err_no_initvals;
1957 if ((rev >= 11) && (rev <= 12))
1958 filename = "n0initvals11";
1960 goto err_no_initvals;
1963 goto err_no_initvals;
1965 err = do_request_fw(dev, filename, &fw->initvals);
1969 /* Get bandswitch initvals */
1970 switch (dev->phy.type) {
1972 if ((rev >= 5) && (rev <= 10)) {
1973 if (tmshigh & B43_TMSHIGH_HAVE_2GHZ_PHY)
1974 filename = "a0g1bsinitvals5";
1976 filename = "a0g0bsinitvals5";
1977 } else if (rev >= 11)
1980 goto err_no_initvals;
1983 if ((rev >= 5) && (rev <= 10))
1984 filename = "b0g0bsinitvals5";
1988 goto err_no_initvals;
1991 if ((rev >= 11) && (rev <= 12))
1992 filename = "n0bsinitvals11";
1994 goto err_no_initvals;
1997 goto err_no_initvals;
1999 err = do_request_fw(dev, filename, &fw->initvals_band);
2006 b43_print_fw_helptext(dev->wl, 1);
2011 b43err(dev->wl, "No microcode available for core rev %u\n", rev);
2016 b43err(dev->wl, "No PCM available for core rev %u\n", rev);
2021 b43err(dev->wl, "No Initial Values firmware file for PHY %u, "
2022 "core rev %u\n", dev->phy.type, rev);
2026 b43_release_firmware(dev);
2030 static int b43_upload_microcode(struct b43_wldev *dev)
2032 const size_t hdr_len = sizeof(struct b43_fw_header);
2034 unsigned int i, len;
2035 u16 fwrev, fwpatch, fwdate, fwtime;
2039 /* Jump the microcode PSM to offset 0 */
2040 macctl = b43_read32(dev, B43_MMIO_MACCTL);
2041 B43_WARN_ON(macctl & B43_MACCTL_PSM_RUN);
2042 macctl |= B43_MACCTL_PSM_JMP0;
2043 b43_write32(dev, B43_MMIO_MACCTL, macctl);
2044 /* Zero out all microcode PSM registers and shared memory. */
2045 for (i = 0; i < 64; i++)
2046 b43_shm_write16(dev, B43_SHM_SCRATCH, i, 0);
2047 for (i = 0; i < 4096; i += 2)
2048 b43_shm_write16(dev, B43_SHM_SHARED, i, 0);
2050 /* Upload Microcode. */
2051 data = (__be32 *) (dev->fw.ucode.data->data + hdr_len);
2052 len = (dev->fw.ucode.data->size - hdr_len) / sizeof(__be32);
2053 b43_shm_control_word(dev, B43_SHM_UCODE | B43_SHM_AUTOINC_W, 0x0000);
2054 for (i = 0; i < len; i++) {
2055 b43_write32(dev, B43_MMIO_SHM_DATA, be32_to_cpu(data[i]));
2059 if (dev->fw.pcm.data) {
2060 /* Upload PCM data. */
2061 data = (__be32 *) (dev->fw.pcm.data->data + hdr_len);
2062 len = (dev->fw.pcm.data->size - hdr_len) / sizeof(__be32);
2063 b43_shm_control_word(dev, B43_SHM_HW, 0x01EA);
2064 b43_write32(dev, B43_MMIO_SHM_DATA, 0x00004000);
2065 /* No need for autoinc bit in SHM_HW */
2066 b43_shm_control_word(dev, B43_SHM_HW, 0x01EB);
2067 for (i = 0; i < len; i++) {
2068 b43_write32(dev, B43_MMIO_SHM_DATA, be32_to_cpu(data[i]));
2073 b43_write32(dev, B43_MMIO_GEN_IRQ_REASON, B43_IRQ_ALL);
2075 /* Start the microcode PSM */
2076 macctl = b43_read32(dev, B43_MMIO_MACCTL);
2077 macctl &= ~B43_MACCTL_PSM_JMP0;
2078 macctl |= B43_MACCTL_PSM_RUN;
2079 b43_write32(dev, B43_MMIO_MACCTL, macctl);
2081 /* Wait for the microcode to load and respond */
2084 tmp = b43_read32(dev, B43_MMIO_GEN_IRQ_REASON);
2085 if (tmp == B43_IRQ_MAC_SUSPENDED)
2089 b43err(dev->wl, "Microcode not responding\n");
2090 b43_print_fw_helptext(dev->wl, 1);
2094 msleep_interruptible(50);
2095 if (signal_pending(current)) {
2100 b43_read32(dev, B43_MMIO_GEN_IRQ_REASON); /* dummy read */
2102 /* Get and check the revisions. */
2103 fwrev = b43_shm_read16(dev, B43_SHM_SHARED, B43_SHM_SH_UCODEREV);
2104 fwpatch = b43_shm_read16(dev, B43_SHM_SHARED, B43_SHM_SH_UCODEPATCH);
2105 fwdate = b43_shm_read16(dev, B43_SHM_SHARED, B43_SHM_SH_UCODEDATE);
2106 fwtime = b43_shm_read16(dev, B43_SHM_SHARED, B43_SHM_SH_UCODETIME);
2108 if (fwrev <= 0x128) {
2109 b43err(dev->wl, "YOUR FIRMWARE IS TOO OLD. Firmware from "
2110 "binary drivers older than version 4.x is unsupported. "
2111 "You must upgrade your firmware files.\n");
2112 b43_print_fw_helptext(dev->wl, 1);
2116 b43info(dev->wl, "Loading firmware version %u.%u "
2117 "(20%.2i-%.2i-%.2i %.2i:%.2i:%.2i)\n",
2119 (fwdate >> 12) & 0xF, (fwdate >> 8) & 0xF, fwdate & 0xFF,
2120 (fwtime >> 11) & 0x1F, (fwtime >> 5) & 0x3F, fwtime & 0x1F);
2122 dev->fw.rev = fwrev;
2123 dev->fw.patch = fwpatch;
2125 if (b43_is_old_txhdr_format(dev)) {
2126 b43warn(dev->wl, "You are using an old firmware image. "
2127 "Support for old firmware will be removed in July 2008.\n");
2128 b43_print_fw_helptext(dev->wl, 0);
2134 macctl = b43_read32(dev, B43_MMIO_MACCTL);
2135 macctl &= ~B43_MACCTL_PSM_RUN;
2136 macctl |= B43_MACCTL_PSM_JMP0;
2137 b43_write32(dev, B43_MMIO_MACCTL, macctl);
2142 static int b43_write_initvals(struct b43_wldev *dev,
2143 const struct b43_iv *ivals,
2147 const struct b43_iv *iv;
2152 BUILD_BUG_ON(sizeof(struct b43_iv) != 6);
2154 for (i = 0; i < count; i++) {
2155 if (array_size < sizeof(iv->offset_size))
2157 array_size -= sizeof(iv->offset_size);
2158 offset = be16_to_cpu(iv->offset_size);
2159 bit32 = !!(offset & B43_IV_32BIT);
2160 offset &= B43_IV_OFFSET_MASK;
2161 if (offset >= 0x1000)
2166 if (array_size < sizeof(iv->data.d32))
2168 array_size -= sizeof(iv->data.d32);
2170 value = be32_to_cpu(get_unaligned(&iv->data.d32));
2171 b43_write32(dev, offset, value);
2173 iv = (const struct b43_iv *)((const uint8_t *)iv +
2179 if (array_size < sizeof(iv->data.d16))
2181 array_size -= sizeof(iv->data.d16);
2183 value = be16_to_cpu(iv->data.d16);
2184 b43_write16(dev, offset, value);
2186 iv = (const struct b43_iv *)((const uint8_t *)iv +
2197 b43err(dev->wl, "Initial Values Firmware file-format error.\n");
2198 b43_print_fw_helptext(dev->wl, 1);
2203 static int b43_upload_initvals(struct b43_wldev *dev)
2205 const size_t hdr_len = sizeof(struct b43_fw_header);
2206 const struct b43_fw_header *hdr;
2207 struct b43_firmware *fw = &dev->fw;
2208 const struct b43_iv *ivals;
2212 hdr = (const struct b43_fw_header *)(fw->initvals.data->data);
2213 ivals = (const struct b43_iv *)(fw->initvals.data->data + hdr_len);
2214 count = be32_to_cpu(hdr->size);
2215 err = b43_write_initvals(dev, ivals, count,
2216 fw->initvals.data->size - hdr_len);
2219 if (fw->initvals_band.data) {
2220 hdr = (const struct b43_fw_header *)(fw->initvals_band.data->data);
2221 ivals = (const struct b43_iv *)(fw->initvals_band.data->data + hdr_len);
2222 count = be32_to_cpu(hdr->size);
2223 err = b43_write_initvals(dev, ivals, count,
2224 fw->initvals_band.data->size - hdr_len);
2233 /* Initialize the GPIOs
2234 * http://bcm-specs.sipsolutions.net/GPIO
2236 static int b43_gpio_init(struct b43_wldev *dev)
2238 struct ssb_bus *bus = dev->dev->bus;
2239 struct ssb_device *gpiodev, *pcidev = NULL;
2242 b43_write32(dev, B43_MMIO_MACCTL, b43_read32(dev, B43_MMIO_MACCTL)
2243 & ~B43_MACCTL_GPOUTSMSK);
2245 b43_write16(dev, B43_MMIO_GPIO_MASK, b43_read16(dev, B43_MMIO_GPIO_MASK)
2250 if (dev->dev->bus->chip_id == 0x4301) {
2254 if (0 /* FIXME: conditional unknown */ ) {
2255 b43_write16(dev, B43_MMIO_GPIO_MASK,
2256 b43_read16(dev, B43_MMIO_GPIO_MASK)
2261 if (dev->dev->bus->sprom.boardflags_lo & B43_BFL_PACTRL) {
2262 b43_write16(dev, B43_MMIO_GPIO_MASK,
2263 b43_read16(dev, B43_MMIO_GPIO_MASK)
2268 if (dev->dev->id.revision >= 2)
2269 mask |= 0x0010; /* FIXME: This is redundant. */
2271 #ifdef CONFIG_SSB_DRIVER_PCICORE
2272 pcidev = bus->pcicore.dev;
2274 gpiodev = bus->chipco.dev ? : pcidev;
2277 ssb_write32(gpiodev, B43_GPIO_CONTROL,
2278 (ssb_read32(gpiodev, B43_GPIO_CONTROL)
2284 /* Turn off all GPIO stuff. Call this on module unload, for example. */
2285 static void b43_gpio_cleanup(struct b43_wldev *dev)
2287 struct ssb_bus *bus = dev->dev->bus;
2288 struct ssb_device *gpiodev, *pcidev = NULL;
2290 #ifdef CONFIG_SSB_DRIVER_PCICORE
2291 pcidev = bus->pcicore.dev;
2293 gpiodev = bus->chipco.dev ? : pcidev;
2296 ssb_write32(gpiodev, B43_GPIO_CONTROL, 0);
2299 /* http://bcm-specs.sipsolutions.net/EnableMac */
2300 static void b43_mac_enable(struct b43_wldev *dev)
2302 dev->mac_suspended--;
2303 B43_WARN_ON(dev->mac_suspended < 0);
2304 if (dev->mac_suspended == 0) {
2305 b43_write32(dev, B43_MMIO_MACCTL,
2306 b43_read32(dev, B43_MMIO_MACCTL)
2307 | B43_MACCTL_ENABLED);
2308 b43_write32(dev, B43_MMIO_GEN_IRQ_REASON,
2309 B43_IRQ_MAC_SUSPENDED);
2311 b43_read32(dev, B43_MMIO_MACCTL);
2312 b43_read32(dev, B43_MMIO_GEN_IRQ_REASON);
2313 b43_power_saving_ctl_bits(dev, 0);
2315 /* Re-enable IRQs. */
2316 spin_lock_irq(&dev->wl->irq_lock);
2317 b43_interrupt_enable(dev, dev->irq_savedstate);
2318 spin_unlock_irq(&dev->wl->irq_lock);
2322 /* http://bcm-specs.sipsolutions.net/SuspendMAC */
2323 static void b43_mac_suspend(struct b43_wldev *dev)
2329 B43_WARN_ON(dev->mac_suspended < 0);
2331 if (dev->mac_suspended == 0) {
2332 /* Mask IRQs before suspending MAC. Otherwise
2333 * the MAC stays busy and won't suspend. */
2334 spin_lock_irq(&dev->wl->irq_lock);
2335 tmp = b43_interrupt_disable(dev, B43_IRQ_ALL);
2336 spin_unlock_irq(&dev->wl->irq_lock);
2337 b43_synchronize_irq(dev);
2338 dev->irq_savedstate = tmp;
2340 b43_power_saving_ctl_bits(dev, B43_PS_AWAKE);
2341 b43_write32(dev, B43_MMIO_MACCTL,
2342 b43_read32(dev, B43_MMIO_MACCTL)
2343 & ~B43_MACCTL_ENABLED);
2344 /* force pci to flush the write */
2345 b43_read32(dev, B43_MMIO_MACCTL);
2346 for (i = 35; i; i--) {
2347 tmp = b43_read32(dev, B43_MMIO_GEN_IRQ_REASON);
2348 if (tmp & B43_IRQ_MAC_SUSPENDED)
2352 /* Hm, it seems this will take some time. Use msleep(). */
2353 for (i = 40; i; i--) {
2354 tmp = b43_read32(dev, B43_MMIO_GEN_IRQ_REASON);
2355 if (tmp & B43_IRQ_MAC_SUSPENDED)
2359 b43err(dev->wl, "MAC suspend failed\n");
2362 dev->mac_suspended++;
2365 static void b43_adjust_opmode(struct b43_wldev *dev)
2367 struct b43_wl *wl = dev->wl;
2371 ctl = b43_read32(dev, B43_MMIO_MACCTL);
2372 /* Reset status to STA infrastructure mode. */
2373 ctl &= ~B43_MACCTL_AP;
2374 ctl &= ~B43_MACCTL_KEEP_CTL;
2375 ctl &= ~B43_MACCTL_KEEP_BADPLCP;
2376 ctl &= ~B43_MACCTL_KEEP_BAD;
2377 ctl &= ~B43_MACCTL_PROMISC;
2378 ctl &= ~B43_MACCTL_BEACPROMISC;
2379 ctl |= B43_MACCTL_INFRA;
2381 if (b43_is_mode(wl, IEEE80211_IF_TYPE_AP))
2382 ctl |= B43_MACCTL_AP;
2383 else if (b43_is_mode(wl, IEEE80211_IF_TYPE_IBSS))
2384 ctl &= ~B43_MACCTL_INFRA;
2386 if (wl->filter_flags & FIF_CONTROL)
2387 ctl |= B43_MACCTL_KEEP_CTL;
2388 if (wl->filter_flags & FIF_FCSFAIL)
2389 ctl |= B43_MACCTL_KEEP_BAD;
2390 if (wl->filter_flags & FIF_PLCPFAIL)
2391 ctl |= B43_MACCTL_KEEP_BADPLCP;
2392 if (wl->filter_flags & FIF_PROMISC_IN_BSS)
2393 ctl |= B43_MACCTL_PROMISC;
2394 if (wl->filter_flags & FIF_BCN_PRBRESP_PROMISC)
2395 ctl |= B43_MACCTL_BEACPROMISC;
2397 /* Workaround: On old hardware the HW-MAC-address-filter
2398 * doesn't work properly, so always run promisc in filter
2399 * it in software. */
2400 if (dev->dev->id.revision <= 4)
2401 ctl |= B43_MACCTL_PROMISC;
2403 b43_write32(dev, B43_MMIO_MACCTL, ctl);
2406 if ((ctl & B43_MACCTL_INFRA) && !(ctl & B43_MACCTL_AP)) {
2407 if (dev->dev->bus->chip_id == 0x4306 &&
2408 dev->dev->bus->chip_rev == 3)
2413 b43_write16(dev, 0x612, cfp_pretbtt);
2416 static void b43_rate_memory_write(struct b43_wldev *dev, u16 rate, int is_ofdm)
2422 offset += (b43_plcp_get_ratecode_ofdm(rate) & 0x000F) * 2;
2425 offset += (b43_plcp_get_ratecode_cck(rate) & 0x000F) * 2;
2427 b43_shm_write16(dev, B43_SHM_SHARED, offset + 0x20,
2428 b43_shm_read16(dev, B43_SHM_SHARED, offset));
2431 static void b43_rate_memory_init(struct b43_wldev *dev)
2433 switch (dev->phy.type) {
2437 b43_rate_memory_write(dev, B43_OFDM_RATE_6MB, 1);
2438 b43_rate_memory_write(dev, B43_OFDM_RATE_12MB, 1);
2439 b43_rate_memory_write(dev, B43_OFDM_RATE_18MB, 1);
2440 b43_rate_memory_write(dev, B43_OFDM_RATE_24MB, 1);
2441 b43_rate_memory_write(dev, B43_OFDM_RATE_36MB, 1);
2442 b43_rate_memory_write(dev, B43_OFDM_RATE_48MB, 1);
2443 b43_rate_memory_write(dev, B43_OFDM_RATE_54MB, 1);
2444 if (dev->phy.type == B43_PHYTYPE_A)
2448 b43_rate_memory_write(dev, B43_CCK_RATE_1MB, 0);
2449 b43_rate_memory_write(dev, B43_CCK_RATE_2MB, 0);
2450 b43_rate_memory_write(dev, B43_CCK_RATE_5MB, 0);
2451 b43_rate_memory_write(dev, B43_CCK_RATE_11MB, 0);
2458 /* Set the default values for the PHY TX Control Words. */
2459 static void b43_set_phytxctl_defaults(struct b43_wldev *dev)
2463 ctl |= B43_TXH_PHY_ENC_CCK;
2464 ctl |= B43_TXH_PHY_ANT01AUTO;
2465 ctl |= B43_TXH_PHY_TXPWR;
2467 b43_shm_write16(dev, B43_SHM_SHARED, B43_SHM_SH_BEACPHYCTL, ctl);
2468 b43_shm_write16(dev, B43_SHM_SHARED, B43_SHM_SH_ACKCTSPHYCTL, ctl);
2469 b43_shm_write16(dev, B43_SHM_SHARED, B43_SHM_SH_PRPHYCTL, ctl);
2472 /* Set the TX-Antenna for management frames sent by firmware. */
2473 static void b43_mgmtframe_txantenna(struct b43_wldev *dev, int antenna)
2478 ant = b43_antenna_to_phyctl(antenna);
2481 tmp = b43_shm_read16(dev, B43_SHM_SHARED, B43_SHM_SH_ACKCTSPHYCTL);
2482 tmp = (tmp & ~B43_TXH_PHY_ANT) | ant;
2483 b43_shm_write16(dev, B43_SHM_SHARED, B43_SHM_SH_ACKCTSPHYCTL, tmp);
2484 /* For Probe Resposes */
2485 tmp = b43_shm_read16(dev, B43_SHM_SHARED, B43_SHM_SH_PRPHYCTL);
2486 tmp = (tmp & ~B43_TXH_PHY_ANT) | ant;
2487 b43_shm_write16(dev, B43_SHM_SHARED, B43_SHM_SH_PRPHYCTL, tmp);
2490 /* This is the opposite of b43_chip_init() */
2491 static void b43_chip_exit(struct b43_wldev *dev)
2493 b43_radio_turn_off(dev, 1);
2494 b43_gpio_cleanup(dev);
2495 /* firmware is released later */
2498 /* Initialize the chip
2499 * http://bcm-specs.sipsolutions.net/ChipInit
2501 static int b43_chip_init(struct b43_wldev *dev)
2503 struct b43_phy *phy = &dev->phy;
2505 u32 value32, macctl;
2508 /* Initialize the MAC control */
2509 macctl = B43_MACCTL_IHR_ENABLED | B43_MACCTL_SHM_ENABLED;
2511 macctl |= B43_MACCTL_GMODE;
2512 macctl |= B43_MACCTL_INFRA;
2513 b43_write32(dev, B43_MMIO_MACCTL, macctl);
2515 err = b43_request_firmware(dev);
2518 err = b43_upload_microcode(dev);
2520 goto out; /* firmware is released later */
2522 err = b43_gpio_init(dev);
2524 goto out; /* firmware is released later */
2526 err = b43_upload_initvals(dev);
2528 goto err_gpio_clean;
2529 b43_radio_turn_on(dev);
2531 b43_write16(dev, 0x03E6, 0x0000);
2532 err = b43_phy_init(dev);
2536 /* Select initial Interference Mitigation. */
2537 tmp = phy->interfmode;
2538 phy->interfmode = B43_INTERFMODE_NONE;
2539 b43_radio_set_interference_mitigation(dev, tmp);
2541 b43_set_rx_antenna(dev, B43_ANTENNA_DEFAULT);
2542 b43_mgmtframe_txantenna(dev, B43_ANTENNA_DEFAULT);
2544 if (phy->type == B43_PHYTYPE_B) {
2545 value16 = b43_read16(dev, 0x005E);
2547 b43_write16(dev, 0x005E, value16);
2549 b43_write32(dev, 0x0100, 0x01000000);
2550 if (dev->dev->id.revision < 5)
2551 b43_write32(dev, 0x010C, 0x01000000);
2553 b43_write32(dev, B43_MMIO_MACCTL, b43_read32(dev, B43_MMIO_MACCTL)
2554 & ~B43_MACCTL_INFRA);
2555 b43_write32(dev, B43_MMIO_MACCTL, b43_read32(dev, B43_MMIO_MACCTL)
2556 | B43_MACCTL_INFRA);
2558 /* Probe Response Timeout value */
2559 /* FIXME: Default to 0, has to be set by ioctl probably... :-/ */
2560 b43_shm_write16(dev, B43_SHM_SHARED, 0x0074, 0x0000);
2562 /* Initially set the wireless operation mode. */
2563 b43_adjust_opmode(dev);
2565 if (dev->dev->id.revision < 3) {
2566 b43_write16(dev, 0x060E, 0x0000);
2567 b43_write16(dev, 0x0610, 0x8000);
2568 b43_write16(dev, 0x0604, 0x0000);
2569 b43_write16(dev, 0x0606, 0x0200);
2571 b43_write32(dev, 0x0188, 0x80000000);
2572 b43_write32(dev, 0x018C, 0x02000000);
2574 b43_write32(dev, B43_MMIO_GEN_IRQ_REASON, 0x00004000);
2575 b43_write32(dev, B43_MMIO_DMA0_IRQ_MASK, 0x0001DC00);
2576 b43_write32(dev, B43_MMIO_DMA1_IRQ_MASK, 0x0000DC00);
2577 b43_write32(dev, B43_MMIO_DMA2_IRQ_MASK, 0x0000DC00);
2578 b43_write32(dev, B43_MMIO_DMA3_IRQ_MASK, 0x0001DC00);
2579 b43_write32(dev, B43_MMIO_DMA4_IRQ_MASK, 0x0000DC00);
2580 b43_write32(dev, B43_MMIO_DMA5_IRQ_MASK, 0x0000DC00);
2582 value32 = ssb_read32(dev->dev, SSB_TMSLOW);
2583 value32 |= 0x00100000;
2584 ssb_write32(dev->dev, SSB_TMSLOW, value32);
2586 b43_write16(dev, B43_MMIO_POWERUP_DELAY,
2587 dev->dev->bus->chipco.fast_pwrup_delay);
2590 b43dbg(dev->wl, "Chip initialized\n");
2595 b43_radio_turn_off(dev, 1);
2597 b43_gpio_cleanup(dev);
2601 static void b43_periodic_every120sec(struct b43_wldev *dev)
2603 struct b43_phy *phy = &dev->phy;
2605 if (phy->type != B43_PHYTYPE_G || phy->rev < 2)
2608 b43_mac_suspend(dev);
2609 b43_lo_g_measure(dev);
2610 b43_mac_enable(dev);
2611 if (b43_has_hardware_pctl(phy))
2612 b43_lo_g_ctl_mark_all_unused(dev);
2615 static void b43_periodic_every60sec(struct b43_wldev *dev)
2617 struct b43_phy *phy = &dev->phy;
2619 if (phy->type != B43_PHYTYPE_G)
2621 if (!b43_has_hardware_pctl(phy))
2622 b43_lo_g_ctl_mark_all_unused(dev);
2623 if (dev->dev->bus->sprom.boardflags_lo & B43_BFL_RSSI) {
2624 b43_mac_suspend(dev);
2625 b43_calc_nrssi_slope(dev);
2626 if ((phy->radio_ver == 0x2050) && (phy->radio_rev == 8)) {
2627 u8 old_chan = phy->channel;
2629 /* VCO Calibration */
2631 b43_radio_selectchannel(dev, 1, 0);
2633 b43_radio_selectchannel(dev, 13, 0);
2634 b43_radio_selectchannel(dev, old_chan, 0);
2636 b43_mac_enable(dev);
2640 static void b43_periodic_every30sec(struct b43_wldev *dev)
2642 /* Update device statistics. */
2643 b43_calculate_link_quality(dev);
2646 static void b43_periodic_every15sec(struct b43_wldev *dev)
2648 struct b43_phy *phy = &dev->phy;
2650 if (phy->type == B43_PHYTYPE_G) {
2651 //TODO: update_aci_moving_average
2652 if (phy->aci_enable && phy->aci_wlan_automatic) {
2653 b43_mac_suspend(dev);
2654 if (!phy->aci_enable && 1 /*TODO: not scanning? */ ) {
2655 if (0 /*TODO: bunch of conditions */ ) {
2656 b43_radio_set_interference_mitigation
2657 (dev, B43_INTERFMODE_MANUALWLAN);
2659 } else if (1 /*TODO*/) {
2661 if ((aci_average > 1000) && !(b43_radio_aci_scan(dev))) {
2662 b43_radio_set_interference_mitigation(dev,
2663 B43_INTERFMODE_NONE);
2667 b43_mac_enable(dev);
2668 } else if (phy->interfmode == B43_INTERFMODE_NONWLAN &&
2670 //TODO: implement rev1 workaround
2673 b43_phy_xmitpower(dev); //FIXME: unless scanning?
2674 //TODO for APHY (temperature?)
2676 atomic_set(&phy->txerr_cnt, B43_PHY_TX_BADNESS_LIMIT);
2680 static void do_periodic_work(struct b43_wldev *dev)
2684 state = dev->periodic_state;
2686 b43_periodic_every120sec(dev);
2688 b43_periodic_every60sec(dev);
2690 b43_periodic_every30sec(dev);
2691 b43_periodic_every15sec(dev);
2694 /* Periodic work locking policy:
2695 * The whole periodic work handler is protected by
2696 * wl->mutex. If another lock is needed somewhere in the
2697 * pwork callchain, it's aquired in-place, where it's needed.
2699 static void b43_periodic_work_handler(struct work_struct *work)
2701 struct b43_wldev *dev = container_of(work, struct b43_wldev,
2702 periodic_work.work);
2703 struct b43_wl *wl = dev->wl;
2704 unsigned long delay;
2706 mutex_lock(&wl->mutex);
2708 if (unlikely(b43_status(dev) != B43_STAT_STARTED))
2710 if (b43_debug(dev, B43_DBG_PWORK_STOP))
2713 do_periodic_work(dev);
2715 dev->periodic_state++;
2717 if (b43_debug(dev, B43_DBG_PWORK_FAST))
2718 delay = msecs_to_jiffies(50);
2720 delay = round_jiffies_relative(HZ * 15);
2721 queue_delayed_work(wl->hw->workqueue, &dev->periodic_work, delay);
2723 mutex_unlock(&wl->mutex);
2726 static void b43_periodic_tasks_setup(struct b43_wldev *dev)
2728 struct delayed_work *work = &dev->periodic_work;
2730 dev->periodic_state = 0;
2731 INIT_DELAYED_WORK(work, b43_periodic_work_handler);
2732 queue_delayed_work(dev->wl->hw->workqueue, work, 0);
2735 /* Check if communication with the device works correctly. */
2736 static int b43_validate_chipaccess(struct b43_wldev *dev)
2740 backup = b43_shm_read32(dev, B43_SHM_SHARED, 0);
2742 /* Check for read/write and endianness problems. */
2743 b43_shm_write32(dev, B43_SHM_SHARED, 0, 0x55AAAA55);
2744 if (b43_shm_read32(dev, B43_SHM_SHARED, 0) != 0x55AAAA55)
2746 b43_shm_write32(dev, B43_SHM_SHARED, 0, 0xAA5555AA);
2747 if (b43_shm_read32(dev, B43_SHM_SHARED, 0) != 0xAA5555AA)
2750 b43_shm_write32(dev, B43_SHM_SHARED, 0, backup);
2752 if ((dev->dev->id.revision >= 3) && (dev->dev->id.revision <= 10)) {
2753 /* The 32bit register shadows the two 16bit registers
2754 * with update sideeffects. Validate this. */
2755 b43_write16(dev, B43_MMIO_TSF_CFP_START, 0xAAAA);
2756 b43_write32(dev, B43_MMIO_TSF_CFP_START, 0xCCCCBBBB);
2757 if (b43_read16(dev, B43_MMIO_TSF_CFP_START_LOW) != 0xBBBB)
2759 if (b43_read16(dev, B43_MMIO_TSF_CFP_START_HIGH) != 0xCCCC)
2762 b43_write32(dev, B43_MMIO_TSF_CFP_START, 0);
2764 v = b43_read32(dev, B43_MMIO_MACCTL);
2765 v |= B43_MACCTL_GMODE;
2766 if (v != (B43_MACCTL_GMODE | B43_MACCTL_IHR_ENABLED))
2771 b43err(dev->wl, "Failed to validate the chipaccess\n");
2775 static void b43_security_init(struct b43_wldev *dev)
2777 dev->max_nr_keys = (dev->dev->id.revision >= 5) ? 58 : 20;
2778 B43_WARN_ON(dev->max_nr_keys > ARRAY_SIZE(dev->key));
2779 dev->ktp = b43_shm_read16(dev, B43_SHM_SHARED, B43_SHM_SH_KTP);
2780 /* KTP is a word address, but we address SHM bytewise.
2781 * So multiply by two.
2784 if (dev->dev->id.revision >= 5) {
2785 /* Number of RCMTA address slots */
2786 b43_write16(dev, B43_MMIO_RCMTA_COUNT, dev->max_nr_keys - 8);
2788 b43_clear_keys(dev);
2791 static int b43_rng_read(struct hwrng *rng, u32 * data)
2793 struct b43_wl *wl = (struct b43_wl *)rng->priv;
2794 unsigned long flags;
2796 /* Don't take wl->mutex here, as it could deadlock with
2797 * hwrng internal locking. It's not needed to take
2798 * wl->mutex here, anyway. */
2800 spin_lock_irqsave(&wl->irq_lock, flags);
2801 *data = b43_read16(wl->current_dev, B43_MMIO_RNG);
2802 spin_unlock_irqrestore(&wl->irq_lock, flags);
2804 return (sizeof(u16));
2807 static void b43_rng_exit(struct b43_wl *wl)
2809 if (wl->rng_initialized)
2810 hwrng_unregister(&wl->rng);
2813 static int b43_rng_init(struct b43_wl *wl)
2817 snprintf(wl->rng_name, ARRAY_SIZE(wl->rng_name),
2818 "%s_%s", KBUILD_MODNAME, wiphy_name(wl->hw->wiphy));
2819 wl->rng.name = wl->rng_name;
2820 wl->rng.data_read = b43_rng_read;
2821 wl->rng.priv = (unsigned long)wl;
2822 wl->rng_initialized = 1;
2823 err = hwrng_register(&wl->rng);
2825 wl->rng_initialized = 0;
2826 b43err(wl, "Failed to register the random "
2827 "number generator (%d)\n", err);
2833 static int b43_op_tx(struct ieee80211_hw *hw,
2834 struct sk_buff *skb,
2835 struct ieee80211_tx_control *ctl)
2837 struct b43_wl *wl = hw_to_b43_wl(hw);
2838 struct b43_wldev *dev = wl->current_dev;
2841 if (unlikely(skb->len < 2 + 2 + 6)) {
2842 /* Too short, this can't be a valid frame. */
2845 B43_WARN_ON(skb_shinfo(skb)->nr_frags);
2849 if (unlikely(b43_status(dev) < B43_STAT_STARTED))
2851 /* TX is done without a global lock. */
2852 if (b43_using_pio_transfers(dev))
2853 err = b43_pio_tx(dev, skb, ctl);
2855 err = b43_dma_tx(dev, skb, ctl);
2858 return NETDEV_TX_BUSY;
2859 return NETDEV_TX_OK;
2862 /* Locking: wl->irq_lock */
2863 static void b43_qos_params_upload(struct b43_wldev *dev,
2864 const struct ieee80211_tx_queue_params *p,
2867 u16 params[B43_NR_QOSPARAMS];
2868 int cw_min, cw_max, aifs, bslots, tmp;
2871 const u16 aCWmin = 0x0001;
2872 const u16 aCWmax = 0x03FF;
2874 /* Calculate the default values for the parameters, if needed. */
2875 switch (shm_offset) {
2877 aifs = (p->aifs == -1) ? 2 : p->aifs;
2878 cw_min = (p->cw_min == 0) ? ((aCWmin + 1) / 4 - 1) : p->cw_min;
2879 cw_max = (p->cw_max == 0) ? ((aCWmin + 1) / 2 - 1) : p->cw_max;
2882 aifs = (p->aifs == -1) ? 2 : p->aifs;
2883 cw_min = (p->cw_min == 0) ? ((aCWmin + 1) / 2 - 1) : p->cw_min;
2884 cw_max = (p->cw_max == 0) ? aCWmin : p->cw_max;
2886 case B43_QOS_BESTEFFORT:
2887 aifs = (p->aifs == -1) ? 3 : p->aifs;
2888 cw_min = (p->cw_min == 0) ? aCWmin : p->cw_min;
2889 cw_max = (p->cw_max == 0) ? aCWmax : p->cw_max;
2891 case B43_QOS_BACKGROUND:
2892 aifs = (p->aifs == -1) ? 7 : p->aifs;
2893 cw_min = (p->cw_min == 0) ? aCWmin : p->cw_min;
2894 cw_max = (p->cw_max == 0) ? aCWmax : p->cw_max;
2904 bslots = b43_read16(dev, B43_MMIO_RNG) % cw_min;
2906 memset(¶ms, 0, sizeof(params));
2908 params[B43_QOSPARAM_TXOP] = p->txop * 32;
2909 params[B43_QOSPARAM_CWMIN] = cw_min;
2910 params[B43_QOSPARAM_CWMAX] = cw_max;
2911 params[B43_QOSPARAM_CWCUR] = cw_min;
2912 params[B43_QOSPARAM_AIFS] = aifs;
2913 params[B43_QOSPARAM_BSLOTS] = bslots;
2914 params[B43_QOSPARAM_REGGAP] = bslots + aifs;
2916 for (i = 0; i < ARRAY_SIZE(params); i++) {
2917 if (i == B43_QOSPARAM_STATUS) {
2918 tmp = b43_shm_read16(dev, B43_SHM_SHARED,
2919 shm_offset + (i * 2));
2920 /* Mark the parameters as updated. */
2922 b43_shm_write16(dev, B43_SHM_SHARED,
2923 shm_offset + (i * 2),
2926 b43_shm_write16(dev, B43_SHM_SHARED,
2927 shm_offset + (i * 2),
2933 /* Update the QOS parameters in hardware. */
2934 static void b43_qos_update(struct b43_wldev *dev)
2936 struct b43_wl *wl = dev->wl;
2937 struct b43_qos_params *params;
2938 unsigned long flags;
2941 /* Mapping of mac80211 queues to b43 SHM offsets. */
2942 static const u16 qos_shm_offsets[] = {
2943 [0] = B43_QOS_VOICE,
2944 [1] = B43_QOS_VIDEO,
2945 [2] = B43_QOS_BESTEFFORT,
2946 [3] = B43_QOS_BACKGROUND,
2948 BUILD_BUG_ON(ARRAY_SIZE(qos_shm_offsets) != ARRAY_SIZE(wl->qos_params));
2950 b43_mac_suspend(dev);
2951 spin_lock_irqsave(&wl->irq_lock, flags);
2953 for (i = 0; i < ARRAY_SIZE(wl->qos_params); i++) {
2954 params = &(wl->qos_params[i]);
2955 if (params->need_hw_update) {
2956 b43_qos_params_upload(dev, &(params->p),
2957 qos_shm_offsets[i]);
2958 params->need_hw_update = 0;
2962 spin_unlock_irqrestore(&wl->irq_lock, flags);
2963 b43_mac_enable(dev);
2966 static void b43_qos_clear(struct b43_wl *wl)
2968 struct b43_qos_params *params;
2971 for (i = 0; i < ARRAY_SIZE(wl->qos_params); i++) {
2972 params = &(wl->qos_params[i]);
2974 memset(&(params->p), 0, sizeof(params->p));
2975 params->p.aifs = -1;
2976 params->need_hw_update = 1;
2980 /* Initialize the core's QOS capabilities */
2981 static void b43_qos_init(struct b43_wldev *dev)
2983 struct b43_wl *wl = dev->wl;
2986 /* Upload the current QOS parameters. */
2987 for (i = 0; i < ARRAY_SIZE(wl->qos_params); i++)
2988 wl->qos_params[i].need_hw_update = 1;
2989 b43_qos_update(dev);
2991 /* Enable QOS support. */
2992 b43_hf_write(dev, b43_hf_read(dev) | B43_HF_EDCF);
2993 b43_write16(dev, B43_MMIO_IFSCTL,
2994 b43_read16(dev, B43_MMIO_IFSCTL)
2995 | B43_MMIO_IFSCTL_USE_EDCF);
2998 static void b43_qos_update_work(struct work_struct *work)
3000 struct b43_wl *wl = container_of(work, struct b43_wl, qos_update_work);
3001 struct b43_wldev *dev;
3003 mutex_lock(&wl->mutex);
3004 dev = wl->current_dev;
3005 if (likely(dev && (b43_status(dev) >= B43_STAT_INITIALIZED)))
3006 b43_qos_update(dev);
3007 mutex_unlock(&wl->mutex);
3010 static int b43_op_conf_tx(struct ieee80211_hw *hw,
3012 const struct ieee80211_tx_queue_params *params)
3014 struct b43_wl *wl = hw_to_b43_wl(hw);
3015 unsigned long flags;
3016 unsigned int queue = (unsigned int)_queue;
3017 struct b43_qos_params *p;
3019 if (queue >= ARRAY_SIZE(wl->qos_params)) {
3020 /* Queue not available or don't support setting
3021 * params on this queue. Return success to not
3022 * confuse mac80211. */
3026 spin_lock_irqsave(&wl->irq_lock, flags);
3027 p = &(wl->qos_params[queue]);
3028 memcpy(&(p->p), params, sizeof(p->p));
3029 p->need_hw_update = 1;
3030 spin_unlock_irqrestore(&wl->irq_lock, flags);
3032 queue_work(hw->workqueue, &wl->qos_update_work);
3037 static int b43_op_get_tx_stats(struct ieee80211_hw *hw,
3038 struct ieee80211_tx_queue_stats *stats)
3040 struct b43_wl *wl = hw_to_b43_wl(hw);
3041 struct b43_wldev *dev = wl->current_dev;
3042 unsigned long flags;
3047 spin_lock_irqsave(&wl->irq_lock, flags);
3048 if (likely(b43_status(dev) >= B43_STAT_STARTED)) {
3049 if (b43_using_pio_transfers(dev))
3050 b43_pio_get_tx_stats(dev, stats);
3052 b43_dma_get_tx_stats(dev, stats);
3055 spin_unlock_irqrestore(&wl->irq_lock, flags);
3060 static int b43_op_get_stats(struct ieee80211_hw *hw,
3061 struct ieee80211_low_level_stats *stats)
3063 struct b43_wl *wl = hw_to_b43_wl(hw);
3064 unsigned long flags;
3066 spin_lock_irqsave(&wl->irq_lock, flags);
3067 memcpy(stats, &wl->ieee_stats, sizeof(*stats));
3068 spin_unlock_irqrestore(&wl->irq_lock, flags);
3073 static void b43_put_phy_into_reset(struct b43_wldev *dev)
3075 struct ssb_device *sdev = dev->dev;
3078 tmslow = ssb_read32(sdev, SSB_TMSLOW);
3079 tmslow &= ~B43_TMSLOW_GMODE;
3080 tmslow |= B43_TMSLOW_PHYRESET;
3081 tmslow |= SSB_TMSLOW_FGC;
3082 ssb_write32(sdev, SSB_TMSLOW, tmslow);
3085 tmslow = ssb_read32(sdev, SSB_TMSLOW);
3086 tmslow &= ~SSB_TMSLOW_FGC;
3087 tmslow |= B43_TMSLOW_PHYRESET;
3088 ssb_write32(sdev, SSB_TMSLOW, tmslow);
3092 static const char * band_to_string(enum ieee80211_band band)
3095 case IEEE80211_BAND_5GHZ:
3097 case IEEE80211_BAND_2GHZ:
3106 /* Expects wl->mutex locked */
3107 static int b43_switch_band(struct b43_wl *wl, struct ieee80211_channel *chan)
3109 struct b43_wldev *up_dev = NULL;
3110 struct b43_wldev *down_dev;
3111 struct b43_wldev *d;
3116 /* Find a device and PHY which supports the band. */
3117 list_for_each_entry(d, &wl->devlist, list) {
3118 switch (chan->band) {
3119 case IEEE80211_BAND_5GHZ:
3120 if (d->phy.supports_5ghz) {
3125 case IEEE80211_BAND_2GHZ:
3126 if (d->phy.supports_2ghz) {
3139 b43err(wl, "Could not find a device for %s-GHz band operation\n",
3140 band_to_string(chan->band));
3143 if ((up_dev == wl->current_dev) &&
3144 (!!wl->current_dev->phy.gmode == !!gmode)) {
3145 /* This device is already running. */
3148 b43dbg(wl, "Switching to %s-GHz band\n",
3149 band_to_string(chan->band));
3150 down_dev = wl->current_dev;
3152 prev_status = b43_status(down_dev);
3153 /* Shutdown the currently running core. */
3154 if (prev_status >= B43_STAT_STARTED)
3155 b43_wireless_core_stop(down_dev);
3156 if (prev_status >= B43_STAT_INITIALIZED)
3157 b43_wireless_core_exit(down_dev);
3159 if (down_dev != up_dev) {
3160 /* We switch to a different core, so we put PHY into
3161 * RESET on the old core. */
3162 b43_put_phy_into_reset(down_dev);
3165 /* Now start the new core. */
3166 up_dev->phy.gmode = gmode;
3167 if (prev_status >= B43_STAT_INITIALIZED) {
3168 err = b43_wireless_core_init(up_dev);
3170 b43err(wl, "Fatal: Could not initialize device for "
3171 "selected %s-GHz band\n",
3172 band_to_string(chan->band));
3176 if (prev_status >= B43_STAT_STARTED) {
3177 err = b43_wireless_core_start(up_dev);
3179 b43err(wl, "Fatal: Coult not start device for "
3180 "selected %s-GHz band\n",
3181 band_to_string(chan->band));
3182 b43_wireless_core_exit(up_dev);
3186 B43_WARN_ON(b43_status(up_dev) != prev_status);
3188 wl->current_dev = up_dev;
3192 /* Whoops, failed to init the new core. No core is operating now. */
3193 wl->current_dev = NULL;
3197 static int b43_op_config(struct ieee80211_hw *hw, struct ieee80211_conf *conf)
3199 struct b43_wl *wl = hw_to_b43_wl(hw);
3200 struct b43_wldev *dev;
3201 struct b43_phy *phy;
3202 unsigned long flags;
3207 mutex_lock(&wl->mutex);
3209 /* Switch the band (if necessary). This might change the active core. */
3210 err = b43_switch_band(wl, conf->channel);
3212 goto out_unlock_mutex;
3213 dev = wl->current_dev;
3216 /* Disable IRQs while reconfiguring the device.
3217 * This makes it possible to drop the spinlock throughout
3218 * the reconfiguration process. */
3219 spin_lock_irqsave(&wl->irq_lock, flags);
3220 if (b43_status(dev) < B43_STAT_STARTED) {
3221 spin_unlock_irqrestore(&wl->irq_lock, flags);
3222 goto out_unlock_mutex;
3224 savedirqs = b43_interrupt_disable(dev, B43_IRQ_ALL);
3225 spin_unlock_irqrestore(&wl->irq_lock, flags);
3226 b43_synchronize_irq(dev);
3228 /* Switch to the requested channel.
3229 * The firmware takes care of races with the TX handler. */
3230 if (conf->channel->hw_value != phy->channel)
3231 b43_radio_selectchannel(dev, conf->channel->hw_value, 0);
3233 /* Enable/Disable ShortSlot timing. */
3234 if ((!!(conf->flags & IEEE80211_CONF_SHORT_SLOT_TIME)) !=
3236 B43_WARN_ON(phy->type != B43_PHYTYPE_G);
3237 if (conf->flags & IEEE80211_CONF_SHORT_SLOT_TIME)
3238 b43_short_slot_timing_enable(dev);
3240 b43_short_slot_timing_disable(dev);
3243 dev->wl->radiotap_enabled = !!(conf->flags & IEEE80211_CONF_RADIOTAP);
3245 /* Adjust the desired TX power level. */
3246 if (conf->power_level != 0) {
3247 if (conf->power_level != phy->power_level) {
3248 phy->power_level = conf->power_level;
3249 b43_phy_xmitpower(dev);
3253 /* Antennas for RX and management frame TX. */
3254 antenna = b43_antenna_from_ieee80211(dev, conf->antenna_sel_tx);
3255 b43_mgmtframe_txantenna(dev, antenna);
3256 antenna = b43_antenna_from_ieee80211(dev, conf->antenna_sel_rx);
3257 b43_set_rx_antenna(dev, antenna);
3259 /* Update templates for AP mode. */
3260 if (b43_is_mode(wl, IEEE80211_IF_TYPE_AP))
3261 b43_set_beacon_int(dev, conf->beacon_int);
3263 if (!!conf->radio_enabled != phy->radio_on) {
3264 if (conf->radio_enabled) {
3265 b43_radio_turn_on(dev);
3266 b43info(dev->wl, "Radio turned on by software\n");
3267 if (!dev->radio_hw_enable) {
3268 b43info(dev->wl, "The hardware RF-kill button "
3269 "still turns the radio physically off. "
3270 "Press the button to turn it on.\n");
3273 b43_radio_turn_off(dev, 0);
3274 b43info(dev->wl, "Radio turned off by software\n");
3278 spin_lock_irqsave(&wl->irq_lock, flags);
3279 b43_interrupt_enable(dev, savedirqs);
3281 spin_unlock_irqrestore(&wl->irq_lock, flags);
3283 mutex_unlock(&wl->mutex);
3288 static int b43_op_set_key(struct ieee80211_hw *hw, enum set_key_cmd cmd,
3289 const u8 *local_addr, const u8 *addr,
3290 struct ieee80211_key_conf *key)
3292 struct b43_wl *wl = hw_to_b43_wl(hw);
3293 struct b43_wldev *dev;
3294 unsigned long flags;
3298 DECLARE_MAC_BUF(mac);
3300 if (modparam_nohwcrypt)
3301 return -ENOSPC; /* User disabled HW-crypto */
3303 mutex_lock(&wl->mutex);
3304 spin_lock_irqsave(&wl->irq_lock, flags);
3306 dev = wl->current_dev;
3308 if (!dev || b43_status(dev) < B43_STAT_INITIALIZED)
3314 if (key->keylen == 5)
3315 algorithm = B43_SEC_ALGO_WEP40;
3317 algorithm = B43_SEC_ALGO_WEP104;
3320 algorithm = B43_SEC_ALGO_TKIP;
3323 algorithm = B43_SEC_ALGO_AES;
3329 index = (u8) (key->keyidx);
3335 if (algorithm == B43_SEC_ALGO_TKIP) {
3336 /* FIXME: No TKIP hardware encryption for now. */
3341 if (is_broadcast_ether_addr(addr)) {
3342 /* addr is FF:FF:FF:FF:FF:FF for default keys */
3343 err = b43_key_write(dev, index, algorithm,
3344 key->key, key->keylen, NULL, key);
3347 * either pairwise key or address is 00:00:00:00:00:00
3348 * for transmit-only keys
3350 err = b43_key_write(dev, -1, algorithm,
3351 key->key, key->keylen, addr, key);
3356 if (algorithm == B43_SEC_ALGO_WEP40 ||
3357 algorithm == B43_SEC_ALGO_WEP104) {
3358 b43_hf_write(dev, b43_hf_read(dev) | B43_HF_USEDEFKEYS);
3361 b43_hf_read(dev) & ~B43_HF_USEDEFKEYS);
3363 key->flags |= IEEE80211_KEY_FLAG_GENERATE_IV;
3366 err = b43_key_clear(dev, key->hw_key_idx);
3375 spin_unlock_irqrestore(&wl->irq_lock, flags);
3376 mutex_unlock(&wl->mutex);
3378 b43dbg(wl, "%s hardware based encryption for keyidx: %d, "
3380 cmd == SET_KEY ? "Using" : "Disabling", key->keyidx,
3381 print_mac(mac, addr));
3386 static void b43_op_configure_filter(struct ieee80211_hw *hw,
3387 unsigned int changed, unsigned int *fflags,
3388 int mc_count, struct dev_addr_list *mc_list)
3390 struct b43_wl *wl = hw_to_b43_wl(hw);
3391 struct b43_wldev *dev = wl->current_dev;
3392 unsigned long flags;
3399 spin_lock_irqsave(&wl->irq_lock, flags);
3400 *fflags &= FIF_PROMISC_IN_BSS |
3406 FIF_BCN_PRBRESP_PROMISC;
3408 changed &= FIF_PROMISC_IN_BSS |
3414 FIF_BCN_PRBRESP_PROMISC;
3416 wl->filter_flags = *fflags;
3418 if (changed && b43_status(dev) >= B43_STAT_INITIALIZED)
3419 b43_adjust_opmode(dev);
3420 spin_unlock_irqrestore(&wl->irq_lock, flags);
3423 static int b43_op_config_interface(struct ieee80211_hw *hw,
3424 struct ieee80211_vif *vif,
3425 struct ieee80211_if_conf *conf)
3427 struct b43_wl *wl = hw_to_b43_wl(hw);
3428 struct b43_wldev *dev = wl->current_dev;
3429 unsigned long flags;
3433 mutex_lock(&wl->mutex);
3434 spin_lock_irqsave(&wl->irq_lock, flags);
3435 B43_WARN_ON(wl->vif != vif);
3437 memcpy(wl->bssid, conf->bssid, ETH_ALEN);
3439 memset(wl->bssid, 0, ETH_ALEN);
3440 if (b43_status(dev) >= B43_STAT_INITIALIZED) {
3441 if (b43_is_mode(wl, IEEE80211_IF_TYPE_AP)) {
3442 B43_WARN_ON(conf->type != IEEE80211_IF_TYPE_AP);
3443 b43_set_ssid(dev, conf->ssid, conf->ssid_len);
3445 b43_update_templates(wl, conf->beacon,
3446 conf->beacon_control);
3449 b43_write_mac_bssid_templates(dev);
3451 spin_unlock_irqrestore(&wl->irq_lock, flags);
3452 mutex_unlock(&wl->mutex);
3457 /* Locking: wl->mutex */
3458 static void b43_wireless_core_stop(struct b43_wldev *dev)
3460 struct b43_wl *wl = dev->wl;
3461 unsigned long flags;
3463 if (b43_status(dev) < B43_STAT_STARTED)
3466 /* Disable and sync interrupts. We must do this before than
3467 * setting the status to INITIALIZED, as the interrupt handler
3468 * won't care about IRQs then. */
3469 spin_lock_irqsave(&wl->irq_lock, flags);
3470 dev->irq_savedstate = b43_interrupt_disable(dev, B43_IRQ_ALL);
3471 b43_read32(dev, B43_MMIO_GEN_IRQ_MASK); /* flush */
3472 spin_unlock_irqrestore(&wl->irq_lock, flags);
3473 b43_synchronize_irq(dev);
3475 b43_set_status(dev, B43_STAT_INITIALIZED);
3478 mutex_unlock(&wl->mutex);
3479 /* Must unlock as it would otherwise deadlock. No races here.
3480 * Cancel the possibly running self-rearming periodic work. */
3481 cancel_delayed_work_sync(&dev->periodic_work);
3482 mutex_lock(&wl->mutex);
3484 ieee80211_stop_queues(wl->hw); //FIXME this could cause a deadlock, as mac80211 seems buggy.
3486 b43_mac_suspend(dev);
3487 free_irq(dev->dev->irq, dev);
3488 b43dbg(wl, "Wireless interface stopped\n");
3491 /* Locking: wl->mutex */
3492 static int b43_wireless_core_start(struct b43_wldev *dev)
3496 B43_WARN_ON(b43_status(dev) != B43_STAT_INITIALIZED);
3498 drain_txstatus_queue(dev);
3499 err = request_irq(dev->dev->irq, b43_interrupt_handler,
3500 IRQF_SHARED, KBUILD_MODNAME, dev);
3502 b43err(dev->wl, "Cannot request IRQ-%d\n", dev->dev->irq);
3506 /* We are ready to run. */
3507 b43_set_status(dev, B43_STAT_STARTED);
3509 /* Start data flow (TX/RX). */
3510 b43_mac_enable(dev);
3511 b43_interrupt_enable(dev, dev->irq_savedstate);
3512 ieee80211_start_queues(dev->wl->hw);
3514 /* Start maintainance work */
3515 b43_periodic_tasks_setup(dev);
3517 b43dbg(dev->wl, "Wireless interface started\n");
3522 /* Get PHY and RADIO versioning numbers */
3523 static int b43_phy_versioning(struct b43_wldev *dev)
3525 struct b43_phy *phy = &dev->phy;
3533 int unsupported = 0;
3535 /* Get PHY versioning */
3536 tmp = b43_read16(dev, B43_MMIO_PHY_VER);
3537 analog_type = (tmp & B43_PHYVER_ANALOG) >> B43_PHYVER_ANALOG_SHIFT;
3538 phy_type = (tmp & B43_PHYVER_TYPE) >> B43_PHYVER_TYPE_SHIFT;
3539 phy_rev = (tmp & B43_PHYVER_VERSION);
3546 if (phy_rev != 2 && phy_rev != 4 && phy_rev != 6
3554 #ifdef CONFIG_B43_NPHY
3564 b43err(dev->wl, "FOUND UNSUPPORTED PHY "
3565 "(Analog %u, Type %u, Revision %u)\n",
3566 analog_type, phy_type, phy_rev);
3569 b43dbg(dev->wl, "Found PHY: Analog %u, Type %u, Revision %u\n",
3570 analog_type, phy_type, phy_rev);
3572 /* Get RADIO versioning */
3573 if (dev->dev->bus->chip_id == 0x4317) {
3574 if (dev->dev->bus->chip_rev == 0)
3576 else if (dev->dev->bus->chip_rev == 1)
3581 b43_write16(dev, B43_MMIO_RADIO_CONTROL, B43_RADIOCTL_ID);
3582 tmp = b43_read16(dev, B43_MMIO_RADIO_DATA_LOW);
3583 b43_write16(dev, B43_MMIO_RADIO_CONTROL, B43_RADIOCTL_ID);
3584 tmp |= (u32)b43_read16(dev, B43_MMIO_RADIO_DATA_HIGH) << 16;
3586 radio_manuf = (tmp & 0x00000FFF);
3587 radio_ver = (tmp & 0x0FFFF000) >> 12;
3588 radio_rev = (tmp & 0xF0000000) >> 28;
3589 if (radio_manuf != 0x17F /* Broadcom */)
3593 if (radio_ver != 0x2060)
3597 if (radio_manuf != 0x17F)
3601 if ((radio_ver & 0xFFF0) != 0x2050)
3605 if (radio_ver != 0x2050)
3609 if (radio_ver != 0x2055)
3616 b43err(dev->wl, "FOUND UNSUPPORTED RADIO "
3617 "(Manuf 0x%X, Version 0x%X, Revision %u)\n",
3618 radio_manuf, radio_ver, radio_rev);
3621 b43dbg(dev->wl, "Found Radio: Manuf 0x%X, Version 0x%X, Revision %u\n",
3622 radio_manuf, radio_ver, radio_rev);
3624 phy->radio_manuf = radio_manuf;
3625 phy->radio_ver = radio_ver;
3626 phy->radio_rev = radio_rev;
3628 phy->analog = analog_type;
3629 phy->type = phy_type;
3635 static void setup_struct_phy_for_init(struct b43_wldev *dev,
3636 struct b43_phy *phy)
3638 struct b43_txpower_lo_control *lo;
3641 memset(phy->minlowsig, 0xFF, sizeof(phy->minlowsig));
3642 memset(phy->minlowsigpos, 0, sizeof(phy->minlowsigpos));
3644 phy->aci_enable = 0;
3645 phy->aci_wlan_automatic = 0;
3646 phy->aci_hw_rssi = 0;
3648 phy->radio_off_context.valid = 0;
3650 lo = phy->lo_control;
3652 memset(lo, 0, sizeof(*(phy->lo_control)));
3656 phy->max_lb_gain = 0;
3657 phy->trsw_rx_gain = 0;
3658 phy->txpwr_offset = 0;
3661 phy->nrssislope = 0;
3662 for (i = 0; i < ARRAY_SIZE(phy->nrssi); i++)
3663 phy->nrssi[i] = -1000;
3664 for (i = 0; i < ARRAY_SIZE(phy->nrssi_lt); i++)
3665 phy->nrssi_lt[i] = i;
3667 phy->lofcal = 0xFFFF;
3668 phy->initval = 0xFFFF;
3670 phy->interfmode = B43_INTERFMODE_NONE;
3671 phy->channel = 0xFF;
3673 phy->hardware_power_control = !!modparam_hwpctl;
3675 /* PHY TX errors counter. */
3676 atomic_set(&phy->txerr_cnt, B43_PHY_TX_BADNESS_LIMIT);
3678 /* OFDM-table address caching. */
3679 phy->ofdmtab_addr_direction = B43_OFDMTAB_DIRECTION_UNKNOWN;
3682 static void setup_struct_wldev_for_init(struct b43_wldev *dev)
3686 /* Assume the radio is enabled. If it's not enabled, the state will
3687 * immediately get fixed on the first periodic work run. */
3688 dev->radio_hw_enable = 1;
3691 memset(&dev->stats, 0, sizeof(dev->stats));
3693 setup_struct_phy_for_init(dev, &dev->phy);
3695 /* IRQ related flags */
3696 dev->irq_reason = 0;
3697 memset(dev->dma_reason, 0, sizeof(dev->dma_reason));
3698 dev->irq_savedstate = B43_IRQ_MASKTEMPLATE;
3700 dev->mac_suspended = 1;
3702 /* Noise calculation context */
3703 memset(&dev->noisecalc, 0, sizeof(dev->noisecalc));
3706 static void b43_bluetooth_coext_enable(struct b43_wldev *dev)
3708 struct ssb_sprom *sprom = &dev->dev->bus->sprom;
3711 if (!(sprom->boardflags_lo & B43_BFL_BTCOEXIST))
3713 if (dev->phy.type != B43_PHYTYPE_B && !dev->phy.gmode)
3716 hf = b43_hf_read(dev);
3717 if (sprom->boardflags_lo & B43_BFL_BTCMOD)
3718 hf |= B43_HF_BTCOEXALT;
3720 hf |= B43_HF_BTCOEX;
3721 b43_hf_write(dev, hf);
3725 static void b43_bluetooth_coext_disable(struct b43_wldev *dev)
3729 static void b43_imcfglo_timeouts_workaround(struct b43_wldev *dev)
3731 #ifdef CONFIG_SSB_DRIVER_PCICORE
3732 struct ssb_bus *bus = dev->dev->bus;
3735 if (bus->pcicore.dev &&
3736 bus->pcicore.dev->id.coreid == SSB_DEV_PCI &&
3737 bus->pcicore.dev->id.revision <= 5) {
3738 /* IMCFGLO timeouts workaround. */
3739 tmp = ssb_read32(dev->dev, SSB_IMCFGLO);
3740 tmp &= ~SSB_IMCFGLO_REQTO;
3741 tmp &= ~SSB_IMCFGLO_SERTO;
3742 switch (bus->bustype) {
3743 case SSB_BUSTYPE_PCI:
3744 case SSB_BUSTYPE_PCMCIA:
3747 case SSB_BUSTYPE_SSB:
3751 ssb_write32(dev->dev, SSB_IMCFGLO, tmp);
3753 #endif /* CONFIG_SSB_DRIVER_PCICORE */
3756 /* Write the short and long frame retry limit values. */
3757 static void b43_set_retry_limits(struct b43_wldev *dev,
3758 unsigned int short_retry,
3759 unsigned int long_retry)
3761 /* The retry limit is a 4-bit counter. Enforce this to avoid overflowing
3762 * the chip-internal counter. */
3763 short_retry = min(short_retry, (unsigned int)0xF);
3764 long_retry = min(long_retry, (unsigned int)0xF);
3766 b43_shm_write16(dev, B43_SHM_SCRATCH, B43_SHM_SC_SRLIMIT,
3768 b43_shm_write16(dev, B43_SHM_SCRATCH, B43_SHM_SC_LRLIMIT,
3772 static void b43_set_synth_pu_delay(struct b43_wldev *dev, bool idle)
3776 /* The time value is in microseconds. */
3777 if (dev->phy.type == B43_PHYTYPE_A)
3781 if (b43_is_mode(dev->wl, IEEE80211_IF_TYPE_IBSS) || idle)
3783 if ((dev->phy.radio_ver == 0x2050) && (dev->phy.radio_rev == 8))
3784 pu_delay = max(pu_delay, (u16)2400);
3786 b43_shm_write16(dev, B43_SHM_SHARED, B43_SHM_SH_SPUWKUP, pu_delay);
3789 /* Set the TSF CFP pre-TargetBeaconTransmissionTime. */
3790 static void b43_set_pretbtt(struct b43_wldev *dev)
3794 /* The time value is in microseconds. */
3795 if (b43_is_mode(dev->wl, IEEE80211_IF_TYPE_IBSS)) {
3798 if (dev->phy.type == B43_PHYTYPE_A)
3803 b43_shm_write16(dev, B43_SHM_SHARED, B43_SHM_SH_PRETBTT, pretbtt);
3804 b43_write16(dev, B43_MMIO_TSF_CFP_PRETBTT, pretbtt);
3807 /* Shutdown a wireless core */
3808 /* Locking: wl->mutex */
3809 static void b43_wireless_core_exit(struct b43_wldev *dev)
3811 struct b43_phy *phy = &dev->phy;
3814 B43_WARN_ON(b43_status(dev) > B43_STAT_INITIALIZED);
3815 if (b43_status(dev) != B43_STAT_INITIALIZED)
3817 b43_set_status(dev, B43_STAT_UNINIT);
3819 /* Stop the microcode PSM. */
3820 macctl = b43_read32(dev, B43_MMIO_MACCTL);
3821 macctl &= ~B43_MACCTL_PSM_RUN;
3822 macctl |= B43_MACCTL_PSM_JMP0;
3823 b43_write32(dev, B43_MMIO_MACCTL, macctl);
3825 if (!dev->suspend_in_progress) {
3827 b43_rng_exit(dev->wl);
3832 b43_radio_turn_off(dev, 1);
3833 b43_switch_analog(dev, 0);
3834 if (phy->dyn_tssi_tbl)
3835 kfree(phy->tssi2dbm);
3836 kfree(phy->lo_control);
3837 phy->lo_control = NULL;
3838 if (dev->wl->current_beacon) {
3839 dev_kfree_skb_any(dev->wl->current_beacon);
3840 dev->wl->current_beacon = NULL;
3843 ssb_device_disable(dev->dev, 0);
3844 ssb_bus_may_powerdown(dev->dev->bus);
3847 /* Initialize a wireless core */
3848 static int b43_wireless_core_init(struct b43_wldev *dev)
3850 struct b43_wl *wl = dev->wl;
3851 struct ssb_bus *bus = dev->dev->bus;
3852 struct ssb_sprom *sprom = &bus->sprom;
3853 struct b43_phy *phy = &dev->phy;
3857 B43_WARN_ON(b43_status(dev) != B43_STAT_UNINIT);
3859 err = ssb_bus_powerup(bus, 0);
3862 if (!ssb_device_is_enabled(dev->dev)) {
3863 tmp = phy->gmode ? B43_TMSLOW_GMODE : 0;
3864 b43_wireless_core_reset(dev, tmp);
3867 if ((phy->type == B43_PHYTYPE_B) || (phy->type == B43_PHYTYPE_G)) {
3869 kzalloc(sizeof(*(phy->lo_control)), GFP_KERNEL);
3870 if (!phy->lo_control) {
3875 setup_struct_wldev_for_init(dev);
3877 err = b43_phy_init_tssi2dbm_table(dev);
3879 goto err_kfree_lo_control;
3881 /* Enable IRQ routing to this device. */
3882 ssb_pcicore_dev_irqvecs_enable(&bus->pcicore, dev->dev);
3884 b43_imcfglo_timeouts_workaround(dev);
3885 b43_bluetooth_coext_disable(dev);
3886 b43_phy_early_init(dev);
3887 err = b43_chip_init(dev);
3889 goto err_kfree_tssitbl;
3890 b43_shm_write16(dev, B43_SHM_SHARED,
3891 B43_SHM_SH_WLCOREREV, dev->dev->id.revision);
3892 hf = b43_hf_read(dev);
3893 if (phy->type == B43_PHYTYPE_G) {
3897 if (sprom->boardflags_lo & B43_BFL_PACTRL)
3898 hf |= B43_HF_OFDMPABOOST;
3899 } else if (phy->type == B43_PHYTYPE_B) {
3901 if (phy->rev >= 2 && phy->radio_ver == 0x2050)
3904 b43_hf_write(dev, hf);
3906 b43_set_retry_limits(dev, B43_DEFAULT_SHORT_RETRY_LIMIT,
3907 B43_DEFAULT_LONG_RETRY_LIMIT);
3908 b43_shm_write16(dev, B43_SHM_SHARED, B43_SHM_SH_SFFBLIM, 3);
3909 b43_shm_write16(dev, B43_SHM_SHARED, B43_SHM_SH_LFFBLIM, 2);
3911 /* Disable sending probe responses from firmware.
3912 * Setting the MaxTime to one usec will always trigger
3913 * a timeout, so we never send any probe resp.
3914 * A timeout of zero is infinite. */
3915 b43_shm_write16(dev, B43_SHM_SHARED, B43_SHM_SH_PRMAXTIME, 1);
3917 b43_rate_memory_init(dev);
3918 b43_set_phytxctl_defaults(dev);
3920 /* Minimum Contention Window */
3921 if (phy->type == B43_PHYTYPE_B) {
3922 b43_shm_write16(dev, B43_SHM_SCRATCH, B43_SHM_SC_MINCONT, 0x1F);
3924 b43_shm_write16(dev, B43_SHM_SCRATCH, B43_SHM_SC_MINCONT, 0xF);
3926 /* Maximum Contention Window */
3927 b43_shm_write16(dev, B43_SHM_SCRATCH, B43_SHM_SC_MAXCONT, 0x3FF);
3929 if ((dev->dev->bus->bustype == SSB_BUSTYPE_PCMCIA) || B43_FORCE_PIO) {
3930 dev->__using_pio_transfers = 1;
3931 err = b43_pio_init(dev);
3933 dev->__using_pio_transfers = 0;
3934 err = b43_dma_init(dev);
3939 b43_set_synth_pu_delay(dev, 1);
3940 b43_bluetooth_coext_enable(dev);
3942 ssb_bus_powerup(bus, 1); /* Enable dynamic PCTL */
3943 b43_upload_card_macaddress(dev);
3944 b43_security_init(dev);
3945 if (!dev->suspend_in_progress)
3948 b43_set_status(dev, B43_STAT_INITIALIZED);
3950 if (!dev->suspend_in_progress)
3958 if (phy->dyn_tssi_tbl)
3959 kfree(phy->tssi2dbm);
3960 err_kfree_lo_control:
3961 kfree(phy->lo_control);
3962 phy->lo_control = NULL;
3964 ssb_bus_may_powerdown(bus);
3965 B43_WARN_ON(b43_status(dev) != B43_STAT_UNINIT);
3969 static int b43_op_add_interface(struct ieee80211_hw *hw,
3970 struct ieee80211_if_init_conf *conf)
3972 struct b43_wl *wl = hw_to_b43_wl(hw);
3973 struct b43_wldev *dev;
3974 unsigned long flags;
3975 int err = -EOPNOTSUPP;
3977 /* TODO: allow WDS/AP devices to coexist */
3979 if (conf->type != IEEE80211_IF_TYPE_AP &&
3980 conf->type != IEEE80211_IF_TYPE_STA &&
3981 conf->type != IEEE80211_IF_TYPE_WDS &&
3982 conf->type != IEEE80211_IF_TYPE_IBSS)
3985 mutex_lock(&wl->mutex);
3987 goto out_mutex_unlock;
3989 b43dbg(wl, "Adding Interface type %d\n", conf->type);
3991 dev = wl->current_dev;
3993 wl->vif = conf->vif;
3994 wl->if_type = conf->type;
3995 memcpy(wl->mac_addr, conf->mac_addr, ETH_ALEN);
3997 spin_lock_irqsave(&wl->irq_lock, flags);
3998 b43_adjust_opmode(dev);
3999 b43_set_pretbtt(dev);
4000 b43_set_synth_pu_delay(dev, 0);
4001 b43_upload_card_macaddress(dev);
4002 spin_unlock_irqrestore(&wl->irq_lock, flags);
4006 mutex_unlock(&wl->mutex);
4011 static void b43_op_remove_interface(struct ieee80211_hw *hw,
4012 struct ieee80211_if_init_conf *conf)
4014 struct b43_wl *wl = hw_to_b43_wl(hw);
4015 struct b43_wldev *dev = wl->current_dev;
4016 unsigned long flags;
4018 b43dbg(wl, "Removing Interface type %d\n", conf->type);
4020 mutex_lock(&wl->mutex);
4022 B43_WARN_ON(!wl->operating);
4023 B43_WARN_ON(wl->vif != conf->vif);
4028 spin_lock_irqsave(&wl->irq_lock, flags);
4029 b43_adjust_opmode(dev);
4030 memset(wl->mac_addr, 0, ETH_ALEN);
4031 b43_upload_card_macaddress(dev);
4032 spin_unlock_irqrestore(&wl->irq_lock, flags);
4034 mutex_unlock(&wl->mutex);
4037 static int b43_op_start(struct ieee80211_hw *hw)
4039 struct b43_wl *wl = hw_to_b43_wl(hw);
4040 struct b43_wldev *dev = wl->current_dev;
4043 bool do_rfkill_exit = 0;
4045 /* Kill all old instance specific information to make sure
4046 * the card won't use it in the short timeframe between start
4047 * and mac80211 reconfiguring it. */
4048 memset(wl->bssid, 0, ETH_ALEN);
4049 memset(wl->mac_addr, 0, ETH_ALEN);
4050 wl->filter_flags = 0;
4051 wl->radiotap_enabled = 0;
4054 /* First register RFkill.
4055 * LEDs that are registered later depend on it. */
4056 b43_rfkill_init(dev);
4058 mutex_lock(&wl->mutex);
4060 if (b43_status(dev) < B43_STAT_INITIALIZED) {
4061 err = b43_wireless_core_init(dev);
4064 goto out_mutex_unlock;
4069 if (b43_status(dev) < B43_STAT_STARTED) {
4070 err = b43_wireless_core_start(dev);
4073 b43_wireless_core_exit(dev);
4075 goto out_mutex_unlock;
4080 mutex_unlock(&wl->mutex);
4083 b43_rfkill_exit(dev);
4088 static void b43_op_stop(struct ieee80211_hw *hw)
4090 struct b43_wl *wl = hw_to_b43_wl(hw);
4091 struct b43_wldev *dev = wl->current_dev;
4093 b43_rfkill_exit(dev);
4094 cancel_work_sync(&(wl->qos_update_work));
4095 cancel_work_sync(&(wl->beacon_update_trigger));
4097 mutex_lock(&wl->mutex);
4098 if (b43_status(dev) >= B43_STAT_STARTED)
4099 b43_wireless_core_stop(dev);
4100 b43_wireless_core_exit(dev);
4101 mutex_unlock(&wl->mutex);
4104 static int b43_op_set_retry_limit(struct ieee80211_hw *hw,
4105 u32 short_retry_limit, u32 long_retry_limit)
4107 struct b43_wl *wl = hw_to_b43_wl(hw);
4108 struct b43_wldev *dev;
4111 mutex_lock(&wl->mutex);
4112 dev = wl->current_dev;
4113 if (unlikely(!dev || (b43_status(dev) < B43_STAT_INITIALIZED))) {
4117 b43_set_retry_limits(dev, short_retry_limit, long_retry_limit);
4119 mutex_unlock(&wl->mutex);
4124 static int b43_op_beacon_set_tim(struct ieee80211_hw *hw, int aid, int set)
4126 struct b43_wl *wl = hw_to_b43_wl(hw);
4127 struct sk_buff *beacon;
4128 unsigned long flags;
4129 struct ieee80211_tx_control txctl;
4131 /* We could modify the existing beacon and set the aid bit in
4132 * the TIM field, but that would probably require resizing and
4133 * moving of data within the beacon template.
4134 * Simply request a new beacon and let mac80211 do the hard work. */
4135 beacon = ieee80211_beacon_get(hw, wl->vif, &txctl);
4136 if (unlikely(!beacon))
4138 spin_lock_irqsave(&wl->irq_lock, flags);
4139 b43_update_templates(wl, beacon, &txctl);
4140 spin_unlock_irqrestore(&wl->irq_lock, flags);
4145 static int b43_op_ibss_beacon_update(struct ieee80211_hw *hw,
4146 struct sk_buff *beacon,
4147 struct ieee80211_tx_control *ctl)
4149 struct b43_wl *wl = hw_to_b43_wl(hw);
4150 unsigned long flags;
4152 spin_lock_irqsave(&wl->irq_lock, flags);
4153 b43_update_templates(wl, beacon, ctl);
4154 spin_unlock_irqrestore(&wl->irq_lock, flags);
4159 static void b43_op_sta_notify(struct ieee80211_hw *hw,
4160 struct ieee80211_vif *vif,
4161 enum sta_notify_cmd notify_cmd,
4164 struct b43_wl *wl = hw_to_b43_wl(hw);
4166 B43_WARN_ON(!vif || wl->vif != vif);
4169 static const struct ieee80211_ops b43_hw_ops = {
4171 .conf_tx = b43_op_conf_tx,
4172 .add_interface = b43_op_add_interface,
4173 .remove_interface = b43_op_remove_interface,
4174 .config = b43_op_config,
4175 .config_interface = b43_op_config_interface,
4176 .configure_filter = b43_op_configure_filter,
4177 .set_key = b43_op_set_key,
4178 .get_stats = b43_op_get_stats,
4179 .get_tx_stats = b43_op_get_tx_stats,
4180 .start = b43_op_start,
4181 .stop = b43_op_stop,
4182 .set_retry_limit = b43_op_set_retry_limit,
4183 .set_tim = b43_op_beacon_set_tim,
4184 .beacon_update = b43_op_ibss_beacon_update,
4185 .sta_notify = b43_op_sta_notify,
4188 /* Hard-reset the chip. Do not call this directly.
4189 * Use b43_controller_restart()
4191 static void b43_chip_reset(struct work_struct *work)
4193 struct b43_wldev *dev =
4194 container_of(work, struct b43_wldev, restart_work);
4195 struct b43_wl *wl = dev->wl;
4199 mutex_lock(&wl->mutex);
4201 prev_status = b43_status(dev);
4202 /* Bring the device down... */
4203 if (prev_status >= B43_STAT_STARTED)
4204 b43_wireless_core_stop(dev);
4205 if (prev_status >= B43_STAT_INITIALIZED)
4206 b43_wireless_core_exit(dev);
4208 /* ...and up again. */
4209 if (prev_status >= B43_STAT_INITIALIZED) {
4210 err = b43_wireless_core_init(dev);
4214 if (prev_status >= B43_STAT_STARTED) {
4215 err = b43_wireless_core_start(dev);
4217 b43_wireless_core_exit(dev);
4222 mutex_unlock(&wl->mutex);
4224 b43err(wl, "Controller restart FAILED\n");
4226 b43info(wl, "Controller restarted\n");
4229 static int b43_setup_bands(struct b43_wldev *dev,
4230 bool have_2ghz_phy, bool have_5ghz_phy)
4232 struct ieee80211_hw *hw = dev->wl->hw;
4235 hw->wiphy->bands[IEEE80211_BAND_2GHZ] = &b43_band_2GHz;
4236 if (dev->phy.type == B43_PHYTYPE_N) {
4238 hw->wiphy->bands[IEEE80211_BAND_5GHZ] = &b43_band_5GHz_nphy;
4241 hw->wiphy->bands[IEEE80211_BAND_5GHZ] = &b43_band_5GHz_aphy;
4244 dev->phy.supports_2ghz = have_2ghz_phy;
4245 dev->phy.supports_5ghz = have_5ghz_phy;
4250 static void b43_wireless_core_detach(struct b43_wldev *dev)
4252 /* We release firmware that late to not be required to re-request
4253 * is all the time when we reinit the core. */
4254 b43_release_firmware(dev);
4257 static int b43_wireless_core_attach(struct b43_wldev *dev)
4259 struct b43_wl *wl = dev->wl;
4260 struct ssb_bus *bus = dev->dev->bus;
4261 struct pci_dev *pdev = bus->host_pci;
4263 bool have_2ghz_phy = 0, have_5ghz_phy = 0;
4266 /* Do NOT do any device initialization here.
4267 * Do it in wireless_core_init() instead.
4268 * This function is for gathering basic information about the HW, only.
4269 * Also some structs may be set up here. But most likely you want to have
4270 * that in core_init(), too.
4273 err = ssb_bus_powerup(bus, 0);
4275 b43err(wl, "Bus powerup failed\n");
4278 /* Get the PHY type. */
4279 if (dev->dev->id.revision >= 5) {
4282 tmshigh = ssb_read32(dev->dev, SSB_TMSHIGH);
4283 have_2ghz_phy = !!(tmshigh & B43_TMSHIGH_HAVE_2GHZ_PHY);
4284 have_5ghz_phy = !!(tmshigh & B43_TMSHIGH_HAVE_5GHZ_PHY);
4288 dev->phy.gmode = have_2ghz_phy;
4289 tmp = dev->phy.gmode ? B43_TMSLOW_GMODE : 0;
4290 b43_wireless_core_reset(dev, tmp);
4292 err = b43_phy_versioning(dev);
4295 /* Check if this device supports multiband. */
4297 (pdev->device != 0x4312 &&
4298 pdev->device != 0x4319 && pdev->device != 0x4324)) {
4299 /* No multiband support. */
4302 switch (dev->phy.type) {
4314 if (dev->phy.type == B43_PHYTYPE_A) {
4316 b43err(wl, "IEEE 802.11a devices are unsupported\n");
4320 dev->phy.gmode = have_2ghz_phy;
4321 tmp = dev->phy.gmode ? B43_TMSLOW_GMODE : 0;
4322 b43_wireless_core_reset(dev, tmp);
4324 err = b43_validate_chipaccess(dev);
4327 err = b43_setup_bands(dev, have_2ghz_phy, have_5ghz_phy);
4331 /* Now set some default "current_dev" */
4332 if (!wl->current_dev)
4333 wl->current_dev = dev;
4334 INIT_WORK(&dev->restart_work, b43_chip_reset);
4336 b43_radio_turn_off(dev, 1);
4337 b43_switch_analog(dev, 0);
4338 ssb_device_disable(dev->dev, 0);
4339 ssb_bus_may_powerdown(bus);
4345 ssb_bus_may_powerdown(bus);
4349 static void b43_one_core_detach(struct ssb_device *dev)
4351 struct b43_wldev *wldev;
4354 wldev = ssb_get_drvdata(dev);
4356 cancel_work_sync(&wldev->restart_work);
4357 b43_debugfs_remove_device(wldev);
4358 b43_wireless_core_detach(wldev);
4359 list_del(&wldev->list);
4361 ssb_set_drvdata(dev, NULL);
4365 static int b43_one_core_attach(struct ssb_device *dev, struct b43_wl *wl)
4367 struct b43_wldev *wldev;
4368 struct pci_dev *pdev;
4371 if (!list_empty(&wl->devlist)) {
4372 /* We are not the first core on this chip. */
4373 pdev = dev->bus->host_pci;
4374 /* Only special chips support more than one wireless
4375 * core, although some of the other chips have more than
4376 * one wireless core as well. Check for this and
4380 ((pdev->device != 0x4321) &&
4381 (pdev->device != 0x4313) && (pdev->device != 0x431A))) {
4382 b43dbg(wl, "Ignoring unconnected 802.11 core\n");
4387 wldev = kzalloc(sizeof(*wldev), GFP_KERNEL);
4393 b43_set_status(wldev, B43_STAT_UNINIT);
4394 wldev->bad_frames_preempt = modparam_bad_frames_preempt;
4395 tasklet_init(&wldev->isr_tasklet,
4396 (void (*)(unsigned long))b43_interrupt_tasklet,
4397 (unsigned long)wldev);
4398 INIT_LIST_HEAD(&wldev->list);
4400 err = b43_wireless_core_attach(wldev);
4402 goto err_kfree_wldev;
4404 list_add(&wldev->list, &wl->devlist);
4406 ssb_set_drvdata(dev, wldev);
4407 b43_debugfs_add_device(wldev);
4417 static void b43_sprom_fixup(struct ssb_bus *bus)
4419 /* boardflags workarounds */
4420 if (bus->boardinfo.vendor == SSB_BOARDVENDOR_DELL &&
4421 bus->chip_id == 0x4301 && bus->boardinfo.rev == 0x74)
4422 bus->sprom.boardflags_lo |= B43_BFL_BTCOEXIST;
4423 if (bus->boardinfo.vendor == PCI_VENDOR_ID_APPLE &&
4424 bus->boardinfo.type == 0x4E && bus->boardinfo.rev > 0x40)
4425 bus->sprom.boardflags_lo |= B43_BFL_PACTRL;
4428 static void b43_wireless_exit(struct ssb_device *dev, struct b43_wl *wl)
4430 struct ieee80211_hw *hw = wl->hw;
4432 ssb_set_devtypedata(dev, NULL);
4433 ieee80211_free_hw(hw);
4436 static int b43_wireless_init(struct ssb_device *dev)
4438 struct ssb_sprom *sprom = &dev->bus->sprom;
4439 struct ieee80211_hw *hw;
4443 b43_sprom_fixup(dev->bus);
4445 hw = ieee80211_alloc_hw(sizeof(*wl), &b43_hw_ops);
4447 b43err(NULL, "Could not allocate ieee80211 device\n");
4452 hw->flags = IEEE80211_HW_HOST_GEN_BEACON_TEMPLATE |
4453 IEEE80211_HW_RX_INCLUDES_FCS;
4454 hw->max_signal = 100;
4455 hw->max_rssi = -110;
4456 hw->max_noise = -110;
4457 hw->queues = b43_modparam_qos ? 4 : 1;
4458 SET_IEEE80211_DEV(hw, dev->dev);
4459 if (is_valid_ether_addr(sprom->et1mac))
4460 SET_IEEE80211_PERM_ADDR(hw, sprom->et1mac);
4462 SET_IEEE80211_PERM_ADDR(hw, sprom->il0mac);
4464 /* Get and initialize struct b43_wl */
4465 wl = hw_to_b43_wl(hw);
4466 memset(wl, 0, sizeof(*wl));
4468 spin_lock_init(&wl->irq_lock);
4469 spin_lock_init(&wl->leds_lock);
4470 spin_lock_init(&wl->shm_lock);
4471 mutex_init(&wl->mutex);
4472 INIT_LIST_HEAD(&wl->devlist);
4473 INIT_WORK(&wl->qos_update_work, b43_qos_update_work);
4474 INIT_WORK(&wl->beacon_update_trigger, b43_beacon_update_trigger_work);
4476 ssb_set_devtypedata(dev, wl);
4477 b43info(wl, "Broadcom %04X WLAN found\n", dev->bus->chip_id);
4483 static int b43_probe(struct ssb_device *dev, const struct ssb_device_id *id)
4489 wl = ssb_get_devtypedata(dev);
4491 /* Probing the first core. Must setup common struct b43_wl */
4493 err = b43_wireless_init(dev);
4496 wl = ssb_get_devtypedata(dev);
4499 err = b43_one_core_attach(dev, wl);
4501 goto err_wireless_exit;
4504 err = ieee80211_register_hw(wl->hw);
4506 goto err_one_core_detach;
4512 err_one_core_detach:
4513 b43_one_core_detach(dev);
4516 b43_wireless_exit(dev, wl);
4520 static void b43_remove(struct ssb_device *dev)
4522 struct b43_wl *wl = ssb_get_devtypedata(dev);
4523 struct b43_wldev *wldev = ssb_get_drvdata(dev);
4526 if (wl->current_dev == wldev)
4527 ieee80211_unregister_hw(wl->hw);
4529 b43_one_core_detach(dev);
4531 if (list_empty(&wl->devlist)) {
4532 /* Last core on the chip unregistered.
4533 * We can destroy common struct b43_wl.
4535 b43_wireless_exit(dev, wl);
4539 /* Perform a hardware reset. This can be called from any context. */
4540 void b43_controller_restart(struct b43_wldev *dev, const char *reason)
4542 /* Must avoid requeueing, if we are in shutdown. */
4543 if (b43_status(dev) < B43_STAT_INITIALIZED)
4545 b43info(dev->wl, "Controller RESET (%s) ...\n", reason);
4546 queue_work(dev->wl->hw->workqueue, &dev->restart_work);
4551 static int b43_suspend(struct ssb_device *dev, pm_message_t state)
4553 struct b43_wldev *wldev = ssb_get_drvdata(dev);
4554 struct b43_wl *wl = wldev->wl;
4556 b43dbg(wl, "Suspending...\n");
4558 mutex_lock(&wl->mutex);
4559 wldev->suspend_in_progress = true;
4560 wldev->suspend_init_status = b43_status(wldev);
4561 if (wldev->suspend_init_status >= B43_STAT_STARTED)
4562 b43_wireless_core_stop(wldev);
4563 if (wldev->suspend_init_status >= B43_STAT_INITIALIZED)
4564 b43_wireless_core_exit(wldev);
4565 mutex_unlock(&wl->mutex);
4567 b43dbg(wl, "Device suspended.\n");
4572 static int b43_resume(struct ssb_device *dev)
4574 struct b43_wldev *wldev = ssb_get_drvdata(dev);
4575 struct b43_wl *wl = wldev->wl;
4578 b43dbg(wl, "Resuming...\n");
4580 mutex_lock(&wl->mutex);
4581 if (wldev->suspend_init_status >= B43_STAT_INITIALIZED) {
4582 err = b43_wireless_core_init(wldev);
4584 b43err(wl, "Resume failed at core init\n");
4588 if (wldev->suspend_init_status >= B43_STAT_STARTED) {
4589 err = b43_wireless_core_start(wldev);
4591 b43_leds_exit(wldev);
4592 b43_rng_exit(wldev->wl);
4593 b43_wireless_core_exit(wldev);
4594 b43err(wl, "Resume failed at core start\n");
4598 b43dbg(wl, "Device resumed.\n");
4600 wldev->suspend_in_progress = false;
4601 mutex_unlock(&wl->mutex);
4605 #else /* CONFIG_PM */
4606 # define b43_suspend NULL
4607 # define b43_resume NULL
4608 #endif /* CONFIG_PM */
4610 static struct ssb_driver b43_ssb_driver = {
4611 .name = KBUILD_MODNAME,
4612 .id_table = b43_ssb_tbl,
4614 .remove = b43_remove,
4615 .suspend = b43_suspend,
4616 .resume = b43_resume,
4619 static void b43_print_driverinfo(void)
4621 const char *feat_pci = "", *feat_pcmcia = "", *feat_nphy = "",
4622 *feat_leds = "", *feat_rfkill = "";
4624 #ifdef CONFIG_B43_PCI_AUTOSELECT
4627 #ifdef CONFIG_B43_PCMCIA
4630 #ifdef CONFIG_B43_NPHY
4633 #ifdef CONFIG_B43_LEDS
4636 #ifdef CONFIG_B43_RFKILL
4639 printk(KERN_INFO "Broadcom 43xx driver loaded "
4640 "[ Features: %s%s%s%s%s, Firmware-ID: "
4641 B43_SUPPORTED_FIRMWARE_ID " ]\n",
4642 feat_pci, feat_pcmcia, feat_nphy,
4643 feat_leds, feat_rfkill);
4646 static int __init b43_init(void)
4651 err = b43_pcmcia_init();
4654 err = ssb_driver_register(&b43_ssb_driver);
4656 goto err_pcmcia_exit;
4657 b43_print_driverinfo();
4668 static void __exit b43_exit(void)
4670 ssb_driver_unregister(&b43_ssb_driver);
4675 module_init(b43_init)
4676 module_exit(b43_exit)
git://ftp.safe.ca / safe / jmp / linux-2.6 / blob