git://ftp.safe.ca / safe / jmp / linux-2.6 / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
b43: Do not return TX_BUSY from op_tx
[safe/jmp/linux-2.6] / drivers / net / wireless / b43 / main.c
1 /*
2
3   Broadcom B43 wireless driver
4
5   Copyright (c) 2005 Martin Langer <martin-langer@gmx.de>
6   Copyright (c) 2005 Stefano Brivio <stefano.brivio@polimi.it>
7   Copyright (c) 2005, 2006 Michael Buesch <mb@bu3sch.de>
8   Copyright (c) 2005 Danny van Dyk <kugelfang@gentoo.org>
9   Copyright (c) 2005 Andreas Jaggi <andreas.jaggi@waterwave.ch>
10
11   Some parts of the code in this file are derived from the ipw2200
12   driver  Copyright(c) 2003 - 2004 Intel Corporation.
13
14   This program is free software; you can redistribute it and/or modify
15   it under the terms of the GNU General Public License as published by
16   the Free Software Foundation; either version 2 of the License, or
17   (at your option) any later version.
18
19   This program is distributed in the hope that it will be useful,
20   but WITHOUT ANY WARRANTY; without even the implied warranty of
21   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
22   GNU General Public License for more details.
23
24   You should have received a copy of the GNU General Public License
25   along with this program; see the file COPYING.  If not, write to
26   the Free Software Foundation, Inc., 51 Franklin Steet, Fifth Floor,
27   Boston, MA 02110-1301, USA.
28
29 */
30
31 #include <linux/delay.h>
32 #include <linux/init.h>
33 #include <linux/moduleparam.h>
34 #include <linux/if_arp.h>
35 #include <linux/etherdevice.h>
36 #include <linux/version.h>
37 #include <linux/firmware.h>
38 #include <linux/wireless.h>
39 #include <linux/workqueue.h>
40 #include <linux/skbuff.h>
41 #include <linux/io.h>
42 #include <linux/dma-mapping.h>
43 #include <asm/unaligned.h>
44
45 #include "b43.h"
46 #include "main.h"
47 #include "debugfs.h"
48 #include "phy.h"
49 #include "nphy.h"
50 #include "dma.h"
51 #include "pio.h"
52 #include "sysfs.h"
53 #include "xmit.h"
54 #include "lo.h"
55 #include "pcmcia.h"
56
57 MODULE_DESCRIPTION("Broadcom B43 wireless driver");
58 MODULE_AUTHOR("Martin Langer");
59 MODULE_AUTHOR("Stefano Brivio");
60 MODULE_AUTHOR("Michael Buesch");
61 MODULE_LICENSE("GPL");
62
63 MODULE_FIRMWARE(B43_SUPPORTED_FIRMWARE_ID);
64
65
66 static int modparam_bad_frames_preempt;
67 module_param_named(bad_frames_preempt, modparam_bad_frames_preempt, int, 0444);
68 MODULE_PARM_DESC(bad_frames_preempt,
69                  "enable(1) / disable(0) Bad Frames Preemption");
70
71 static char modparam_fwpostfix[16];
72 module_param_string(fwpostfix, modparam_fwpostfix, 16, 0444);
73 MODULE_PARM_DESC(fwpostfix, "Postfix for the .fw files to load.");
74
75 static int modparam_hwpctl;
76 module_param_named(hwpctl, modparam_hwpctl, int, 0444);
77 MODULE_PARM_DESC(hwpctl, "Enable hardware-side power control (default off)");
78
79 static int modparam_nohwcrypt;
80 module_param_named(nohwcrypt, modparam_nohwcrypt, int, 0444);
81 MODULE_PARM_DESC(nohwcrypt, "Disable hardware encryption.");
82
83 int b43_modparam_qos = 1;
84 module_param_named(qos, b43_modparam_qos, int, 0444);
85 MODULE_PARM_DESC(qos, "Enable QOS support (default on)");
86
87 static int modparam_btcoex = 1;
88 module_param_named(btcoex, modparam_btcoex, int, 0444);
89 MODULE_PARM_DESC(btcoex, "Enable Bluetooth coexistance (default on)");
90
91
92 static const struct ssb_device_id b43_ssb_tbl[] = {
93         SSB_DEVICE(SSB_VENDOR_BROADCOM, SSB_DEV_80211, 5),
94         SSB_DEVICE(SSB_VENDOR_BROADCOM, SSB_DEV_80211, 6),
95         SSB_DEVICE(SSB_VENDOR_BROADCOM, SSB_DEV_80211, 7),
96         SSB_DEVICE(SSB_VENDOR_BROADCOM, SSB_DEV_80211, 9),
97         SSB_DEVICE(SSB_VENDOR_BROADCOM, SSB_DEV_80211, 10),
98         SSB_DEVICE(SSB_VENDOR_BROADCOM, SSB_DEV_80211, 11),
99         SSB_DEVICE(SSB_VENDOR_BROADCOM, SSB_DEV_80211, 13),
100         SSB_DEVTABLE_END
101 };
102
103 MODULE_DEVICE_TABLE(ssb, b43_ssb_tbl);
104
105 /* Channel and ratetables are shared for all devices.
106  * They can't be const, because ieee80211 puts some precalculated
107  * data in there. This data is the same for all devices, so we don't
108  * get concurrency issues */
109 #define RATETAB_ENT(_rateid, _flags) \
110         {                                                               \
111                 .bitrate        = B43_RATE_TO_BASE100KBPS(_rateid),     \
112                 .hw_value       = (_rateid),                            \
113                 .flags          = (_flags),                             \
114         }
115
116 /*
117  * NOTE: When changing this, sync with xmit.c's
118  *       b43_plcp_get_bitrate_idx_* functions!
119  */
120 static struct ieee80211_rate __b43_ratetable[] = {
121         RATETAB_ENT(B43_CCK_RATE_1MB, 0),
122         RATETAB_ENT(B43_CCK_RATE_2MB, IEEE80211_RATE_SHORT_PREAMBLE),
123         RATETAB_ENT(B43_CCK_RATE_5MB, IEEE80211_RATE_SHORT_PREAMBLE),
124         RATETAB_ENT(B43_CCK_RATE_11MB, IEEE80211_RATE_SHORT_PREAMBLE),
125         RATETAB_ENT(B43_OFDM_RATE_6MB, 0),
126         RATETAB_ENT(B43_OFDM_RATE_9MB, 0),
127         RATETAB_ENT(B43_OFDM_RATE_12MB, 0),
128         RATETAB_ENT(B43_OFDM_RATE_18MB, 0),
129         RATETAB_ENT(B43_OFDM_RATE_24MB, 0),
130         RATETAB_ENT(B43_OFDM_RATE_36MB, 0),
131         RATETAB_ENT(B43_OFDM_RATE_48MB, 0),
132         RATETAB_ENT(B43_OFDM_RATE_54MB, 0),
133 };
134
135 #define b43_a_ratetable         (__b43_ratetable + 4)
136 #define b43_a_ratetable_size    8
137 #define b43_b_ratetable         (__b43_ratetable + 0)
138 #define b43_b_ratetable_size    4
139 #define b43_g_ratetable         (__b43_ratetable + 0)
140 #define b43_g_ratetable_size    12
141
142 #define CHAN4G(_channel, _freq, _flags) {                       \
143         .band                   = IEEE80211_BAND_2GHZ,          \
144         .center_freq            = (_freq),                      \
145         .hw_value               = (_channel),                   \
146         .flags                  = (_flags),                     \
147         .max_antenna_gain       = 0,                            \
148         .max_power              = 30,                           \
149 }
150 static struct ieee80211_channel b43_2ghz_chantable[] = {
151         CHAN4G(1, 2412, 0),
152         CHAN4G(2, 2417, 0),
153         CHAN4G(3, 2422, 0),
154         CHAN4G(4, 2427, 0),
155         CHAN4G(5, 2432, 0),
156         CHAN4G(6, 2437, 0),
157         CHAN4G(7, 2442, 0),
158         CHAN4G(8, 2447, 0),
159         CHAN4G(9, 2452, 0),
160         CHAN4G(10, 2457, 0),
161         CHAN4G(11, 2462, 0),
162         CHAN4G(12, 2467, 0),
163         CHAN4G(13, 2472, 0),
164         CHAN4G(14, 2484, 0),
165 };
166 #undef CHAN4G
167
168 #define CHAN5G(_channel, _flags) {                              \
169         .band                   = IEEE80211_BAND_5GHZ,          \
170         .center_freq            = 5000 + (5 * (_channel)),      \
171         .hw_value               = (_channel),                   \
172         .flags                  = (_flags),                     \
173         .max_antenna_gain       = 0,                            \
174         .max_power              = 30,                           \
175 }
176 static struct ieee80211_channel b43_5ghz_nphy_chantable[] = {
177         CHAN5G(32, 0),          CHAN5G(34, 0),
178         CHAN5G(36, 0),          CHAN5G(38, 0),
179         CHAN5G(40, 0),          CHAN5G(42, 0),
180         CHAN5G(44, 0),          CHAN5G(46, 0),
181         CHAN5G(48, 0),          CHAN5G(50, 0),
182         CHAN5G(52, 0),          CHAN5G(54, 0),
183         CHAN5G(56, 0),          CHAN5G(58, 0),
184         CHAN5G(60, 0),          CHAN5G(62, 0),
185         CHAN5G(64, 0),          CHAN5G(66, 0),
186         CHAN5G(68, 0),          CHAN5G(70, 0),
187         CHAN5G(72, 0),          CHAN5G(74, 0),
188         CHAN5G(76, 0),          CHAN5G(78, 0),
189         CHAN5G(80, 0),          CHAN5G(82, 0),
190         CHAN5G(84, 0),          CHAN5G(86, 0),
191         CHAN5G(88, 0),          CHAN5G(90, 0),
192         CHAN5G(92, 0),          CHAN5G(94, 0),
193         CHAN5G(96, 0),          CHAN5G(98, 0),
194         CHAN5G(100, 0),         CHAN5G(102, 0),
195         CHAN5G(104, 0),         CHAN5G(106, 0),
196         CHAN5G(108, 0),         CHAN5G(110, 0),
197         CHAN5G(112, 0),         CHAN5G(114, 0),
198         CHAN5G(116, 0),         CHAN5G(118, 0),
199         CHAN5G(120, 0),         CHAN5G(122, 0),
200         CHAN5G(124, 0),         CHAN5G(126, 0),
201         CHAN5G(128, 0),         CHAN5G(130, 0),
202         CHAN5G(132, 0),         CHAN5G(134, 0),
203         CHAN5G(136, 0),         CHAN5G(138, 0),
204         CHAN5G(140, 0),         CHAN5G(142, 0),
205         CHAN5G(144, 0),         CHAN5G(145, 0),
206         CHAN5G(146, 0),         CHAN5G(147, 0),
207         CHAN5G(148, 0),         CHAN5G(149, 0),
208         CHAN5G(150, 0),         CHAN5G(151, 0),
209         CHAN5G(152, 0),         CHAN5G(153, 0),
210         CHAN5G(154, 0),         CHAN5G(155, 0),
211         CHAN5G(156, 0),         CHAN5G(157, 0),
212         CHAN5G(158, 0),         CHAN5G(159, 0),
213         CHAN5G(160, 0),         CHAN5G(161, 0),
214         CHAN5G(162, 0),         CHAN5G(163, 0),
215         CHAN5G(164, 0),         CHAN5G(165, 0),
216         CHAN5G(166, 0),         CHAN5G(168, 0),
217         CHAN5G(170, 0),         CHAN5G(172, 0),
218         CHAN5G(174, 0),         CHAN5G(176, 0),
219         CHAN5G(178, 0),         CHAN5G(180, 0),
220         CHAN5G(182, 0),         CHAN5G(184, 0),
221         CHAN5G(186, 0),         CHAN5G(188, 0),
222         CHAN5G(190, 0),         CHAN5G(192, 0),
223         CHAN5G(194, 0),         CHAN5G(196, 0),
224         CHAN5G(198, 0),         CHAN5G(200, 0),
225         CHAN5G(202, 0),         CHAN5G(204, 0),
226         CHAN5G(206, 0),         CHAN5G(208, 0),
227         CHAN5G(210, 0),         CHAN5G(212, 0),
228         CHAN5G(214, 0),         CHAN5G(216, 0),
229         CHAN5G(218, 0),         CHAN5G(220, 0),
230         CHAN5G(222, 0),         CHAN5G(224, 0),
231         CHAN5G(226, 0),         CHAN5G(228, 0),
232 };
233
234 static struct ieee80211_channel b43_5ghz_aphy_chantable[] = {
235         CHAN5G(34, 0),          CHAN5G(36, 0),
236         CHAN5G(38, 0),          CHAN5G(40, 0),
237         CHAN5G(42, 0),          CHAN5G(44, 0),
238         CHAN5G(46, 0),          CHAN5G(48, 0),
239         CHAN5G(52, 0),          CHAN5G(56, 0),
240         CHAN5G(60, 0),          CHAN5G(64, 0),
241         CHAN5G(100, 0),         CHAN5G(104, 0),
242         CHAN5G(108, 0),         CHAN5G(112, 0),
243         CHAN5G(116, 0),         CHAN5G(120, 0),
244         CHAN5G(124, 0),         CHAN5G(128, 0),
245         CHAN5G(132, 0),         CHAN5G(136, 0),
246         CHAN5G(140, 0),         CHAN5G(149, 0),
247         CHAN5G(153, 0),         CHAN5G(157, 0),
248         CHAN5G(161, 0),         CHAN5G(165, 0),
249         CHAN5G(184, 0),         CHAN5G(188, 0),
250         CHAN5G(192, 0),         CHAN5G(196, 0),
251         CHAN5G(200, 0),         CHAN5G(204, 0),
252         CHAN5G(208, 0),         CHAN5G(212, 0),
253         CHAN5G(216, 0),
254 };
255 #undef CHAN5G
256
257 static struct ieee80211_supported_band b43_band_5GHz_nphy = {
258         .band           = IEEE80211_BAND_5GHZ,
259         .channels       = b43_5ghz_nphy_chantable,
260         .n_channels     = ARRAY_SIZE(b43_5ghz_nphy_chantable),
261         .bitrates       = b43_a_ratetable,
262         .n_bitrates     = b43_a_ratetable_size,
263 };
264
265 static struct ieee80211_supported_band b43_band_5GHz_aphy = {
266         .band           = IEEE80211_BAND_5GHZ,
267         .channels       = b43_5ghz_aphy_chantable,
268         .n_channels     = ARRAY_SIZE(b43_5ghz_aphy_chantable),
269         .bitrates       = b43_a_ratetable,
270         .n_bitrates     = b43_a_ratetable_size,
271 };
272
273 static struct ieee80211_supported_band b43_band_2GHz = {
274         .band           = IEEE80211_BAND_2GHZ,
275         .channels       = b43_2ghz_chantable,
276         .n_channels     = ARRAY_SIZE(b43_2ghz_chantable),
277         .bitrates       = b43_g_ratetable,
278         .n_bitrates     = b43_g_ratetable_size,
279 };
280
281 static void b43_wireless_core_exit(struct b43_wldev *dev);
282 static int b43_wireless_core_init(struct b43_wldev *dev);
283 static void b43_wireless_core_stop(struct b43_wldev *dev);
284 static int b43_wireless_core_start(struct b43_wldev *dev);
285
286 static int b43_ratelimit(struct b43_wl *wl)
287 {
288         if (!wl || !wl->current_dev)
289                 return 1;
290         if (b43_status(wl->current_dev) < B43_STAT_STARTED)
291                 return 1;
292         /* We are up and running.
293          * Ratelimit the messages to avoid DoS over the net. */
294         return net_ratelimit();
295 }
296
297 void b43info(struct b43_wl *wl, const char *fmt, ...)
298 {
299         va_list args;
300
301         if (!b43_ratelimit(wl))
302                 return;
303         va_start(args, fmt);
304         printk(KERN_INFO "b43-%s: ",
305                (wl && wl->hw) ? wiphy_name(wl->hw->wiphy) : "wlan");
306         vprintk(fmt, args);
307         va_end(args);
308 }
309
310 void b43err(struct b43_wl *wl, const char *fmt, ...)
311 {
312         va_list args;
313
314         if (!b43_ratelimit(wl))
315                 return;
316         va_start(args, fmt);
317         printk(KERN_ERR "b43-%s ERROR: ",
318                (wl && wl->hw) ? wiphy_name(wl->hw->wiphy) : "wlan");
319         vprintk(fmt, args);
320         va_end(args);
321 }
322
323 void b43warn(struct b43_wl *wl, const char *fmt, ...)
324 {
325         va_list args;
326
327         if (!b43_ratelimit(wl))
328                 return;
329         va_start(args, fmt);
330         printk(KERN_WARNING "b43-%s warning: ",
331                (wl && wl->hw) ? wiphy_name(wl->hw->wiphy) : "wlan");
332         vprintk(fmt, args);
333         va_end(args);
334 }
335
336 #if B43_DEBUG
337 void b43dbg(struct b43_wl *wl, const char *fmt, ...)
338 {
339         va_list args;
340
341         va_start(args, fmt);
342         printk(KERN_DEBUG "b43-%s debug: ",
343                (wl && wl->hw) ? wiphy_name(wl->hw->wiphy) : "wlan");
344         vprintk(fmt, args);
345         va_end(args);
346 }
347 #endif /* DEBUG */
348
349 static void b43_ram_write(struct b43_wldev *dev, u16 offset, u32 val)
350 {
351         u32 macctl;
352
353         B43_WARN_ON(offset % 4 != 0);
354
355         macctl = b43_read32(dev, B43_MMIO_MACCTL);
356         if (macctl & B43_MACCTL_BE)
357                 val = swab32(val);
358
359         b43_write32(dev, B43_MMIO_RAM_CONTROL, offset);
360         mmiowb();
361         b43_write32(dev, B43_MMIO_RAM_DATA, val);
362 }
363
364 static inline void b43_shm_control_word(struct b43_wldev *dev,
365                                         u16 routing, u16 offset)
366 {
367         u32 control;
368
369         /* "offset" is the WORD offset. */
370         control = routing;
371         control <<= 16;
372         control |= offset;
373         b43_write32(dev, B43_MMIO_SHM_CONTROL, control);
374 }
375
376 u32 b43_shm_read32(struct b43_wldev *dev, u16 routing, u16 offset)
377 {
378         struct b43_wl *wl = dev->wl;
379         unsigned long flags;
380         u32 ret;
381
382         spin_lock_irqsave(&wl->shm_lock, flags);
383         if (routing == B43_SHM_SHARED) {
384                 B43_WARN_ON(offset & 0x0001);
385                 if (offset & 0x0003) {
386                         /* Unaligned access */
387                         b43_shm_control_word(dev, routing, offset >> 2);
388                         ret = b43_read16(dev, B43_MMIO_SHM_DATA_UNALIGNED);
389                         ret <<= 16;
390                         b43_shm_control_word(dev, routing, (offset >> 2) + 1);
391                         ret |= b43_read16(dev, B43_MMIO_SHM_DATA);
392
393                         goto out;
394                 }
395                 offset >>= 2;
396         }
397         b43_shm_control_word(dev, routing, offset);
398         ret = b43_read32(dev, B43_MMIO_SHM_DATA);
399 out:
400         spin_unlock_irqrestore(&wl->shm_lock, flags);
401
402         return ret;
403 }
404
405 u16 b43_shm_read16(struct b43_wldev * dev, u16 routing, u16 offset)
406 {
407         struct b43_wl *wl = dev->wl;
408         unsigned long flags;
409         u16 ret;
410
411         spin_lock_irqsave(&wl->shm_lock, flags);
412         if (routing == B43_SHM_SHARED) {
413                 B43_WARN_ON(offset & 0x0001);
414                 if (offset & 0x0003) {
415                         /* Unaligned access */
416                         b43_shm_control_word(dev, routing, offset >> 2);
417                         ret = b43_read16(dev, B43_MMIO_SHM_DATA_UNALIGNED);
418
419                         goto out;
420                 }
421                 offset >>= 2;
422         }
423         b43_shm_control_word(dev, routing, offset);
424         ret = b43_read16(dev, B43_MMIO_SHM_DATA);
425 out:
426         spin_unlock_irqrestore(&wl->shm_lock, flags);
427
428         return ret;
429 }
430
431 void b43_shm_write32(struct b43_wldev *dev, u16 routing, u16 offset, u32 value)
432 {
433         struct b43_wl *wl = dev->wl;
434         unsigned long flags;
435
436         spin_lock_irqsave(&wl->shm_lock, flags);
437         if (routing == B43_SHM_SHARED) {
438                 B43_WARN_ON(offset & 0x0001);
439                 if (offset & 0x0003) {
440                         /* Unaligned access */
441                         b43_shm_control_word(dev, routing, offset >> 2);
442                         b43_write16(dev, B43_MMIO_SHM_DATA_UNALIGNED,
443                                     (value >> 16) & 0xffff);
444                         b43_shm_control_word(dev, routing, (offset >> 2) + 1);
445                         b43_write16(dev, B43_MMIO_SHM_DATA, value & 0xffff);
446                         goto out;
447                 }
448                 offset >>= 2;
449         }
450         b43_shm_control_word(dev, routing, offset);
451         b43_write32(dev, B43_MMIO_SHM_DATA, value);
452 out:
453         spin_unlock_irqrestore(&wl->shm_lock, flags);
454 }
455
456 void b43_shm_write16(struct b43_wldev *dev, u16 routing, u16 offset, u16 value)
457 {
458         struct b43_wl *wl = dev->wl;
459         unsigned long flags;
460
461         spin_lock_irqsave(&wl->shm_lock, flags);
462         if (routing == B43_SHM_SHARED) {
463                 B43_WARN_ON(offset & 0x0001);
464                 if (offset & 0x0003) {
465                         /* Unaligned access */
466                         b43_shm_control_word(dev, routing, offset >> 2);
467                         b43_write16(dev, B43_MMIO_SHM_DATA_UNALIGNED, value);
468                         goto out;
469                 }
470                 offset >>= 2;
471         }
472         b43_shm_control_word(dev, routing, offset);
473         b43_write16(dev, B43_MMIO_SHM_DATA, value);
474 out:
475         spin_unlock_irqrestore(&wl->shm_lock, flags);
476 }
477
478 /* Read HostFlags */
479 u64 b43_hf_read(struct b43_wldev * dev)
480 {
481         u64 ret;
482
483         ret = b43_shm_read16(dev, B43_SHM_SHARED, B43_SHM_SH_HOSTFHI);
484         ret <<= 16;
485         ret |= b43_shm_read16(dev, B43_SHM_SHARED, B43_SHM_SH_HOSTFMI);
486         ret <<= 16;
487         ret |= b43_shm_read16(dev, B43_SHM_SHARED, B43_SHM_SH_HOSTFLO);
488
489         return ret;
490 }
491
492 /* Write HostFlags */
493 void b43_hf_write(struct b43_wldev *dev, u64 value)
494 {
495         u16 lo, mi, hi;
496
497         lo = (value & 0x00000000FFFFULL);
498         mi = (value & 0x0000FFFF0000ULL) >> 16;
499         hi = (value & 0xFFFF00000000ULL) >> 32;
500         b43_shm_write16(dev, B43_SHM_SHARED, B43_SHM_SH_HOSTFLO, lo);
501         b43_shm_write16(dev, B43_SHM_SHARED, B43_SHM_SH_HOSTFMI, mi);
502         b43_shm_write16(dev, B43_SHM_SHARED, B43_SHM_SH_HOSTFHI, hi);
503 }
504
505 void b43_tsf_read(struct b43_wldev *dev, u64 * tsf)
506 {
507         /* We need to be careful. As we read the TSF from multiple
508          * registers, we should take care of register overflows.
509          * In theory, the whole tsf read process should be atomic.
510          * We try to be atomic here, by restaring the read process,
511          * if any of the high registers changed (overflew).
512          */
513         if (dev->dev->id.revision >= 3) {
514                 u32 low, high, high2;
515
516                 do {
517                         high = b43_read32(dev, B43_MMIO_REV3PLUS_TSF_HIGH);
518                         low = b43_read32(dev, B43_MMIO_REV3PLUS_TSF_LOW);
519                         high2 = b43_read32(dev, B43_MMIO_REV3PLUS_TSF_HIGH);
520                 } while (unlikely(high != high2));
521
522                 *tsf = high;
523                 *tsf <<= 32;
524                 *tsf |= low;
525         } else {
526                 u64 tmp;
527                 u16 v0, v1, v2, v3;
528                 u16 test1, test2, test3;
529
530                 do {
531                         v3 = b43_read16(dev, B43_MMIO_TSF_3);
532                         v2 = b43_read16(dev, B43_MMIO_TSF_2);
533                         v1 = b43_read16(dev, B43_MMIO_TSF_1);
534                         v0 = b43_read16(dev, B43_MMIO_TSF_0);
535
536                         test3 = b43_read16(dev, B43_MMIO_TSF_3);
537                         test2 = b43_read16(dev, B43_MMIO_TSF_2);
538                         test1 = b43_read16(dev, B43_MMIO_TSF_1);
539                 } while (v3 != test3 || v2 != test2 || v1 != test1);
540
541                 *tsf = v3;
542                 *tsf <<= 48;
543                 tmp = v2;
544                 tmp <<= 32;
545                 *tsf |= tmp;
546                 tmp = v1;
547                 tmp <<= 16;
548                 *tsf |= tmp;
549                 *tsf |= v0;
550         }
551 }
552
553 static void b43_time_lock(struct b43_wldev *dev)
554 {
555         u32 macctl;
556
557         macctl = b43_read32(dev, B43_MMIO_MACCTL);
558         macctl |= B43_MACCTL_TBTTHOLD;
559         b43_write32(dev, B43_MMIO_MACCTL, macctl);
560         /* Commit the write */
561         b43_read32(dev, B43_MMIO_MACCTL);
562 }
563
564 static void b43_time_unlock(struct b43_wldev *dev)
565 {
566         u32 macctl;
567
568         macctl = b43_read32(dev, B43_MMIO_MACCTL);
569         macctl &= ~B43_MACCTL_TBTTHOLD;
570         b43_write32(dev, B43_MMIO_MACCTL, macctl);
571         /* Commit the write */
572         b43_read32(dev, B43_MMIO_MACCTL);
573 }
574
575 static void b43_tsf_write_locked(struct b43_wldev *dev, u64 tsf)
576 {
577         /* Be careful with the in-progress timer.
578          * First zero out the low register, so we have a full
579          * register-overflow duration to complete the operation.
580          */
581         if (dev->dev->id.revision >= 3) {
582                 u32 lo = (tsf & 0x00000000FFFFFFFFULL);
583                 u32 hi = (tsf & 0xFFFFFFFF00000000ULL) >> 32;
584
585                 b43_write32(dev, B43_MMIO_REV3PLUS_TSF_LOW, 0);
586                 mmiowb();
587                 b43_write32(dev, B43_MMIO_REV3PLUS_TSF_HIGH, hi);
588                 mmiowb();
589                 b43_write32(dev, B43_MMIO_REV3PLUS_TSF_LOW, lo);
590         } else {
591                 u16 v0 = (tsf & 0x000000000000FFFFULL);
592                 u16 v1 = (tsf & 0x00000000FFFF0000ULL) >> 16;
593                 u16 v2 = (tsf & 0x0000FFFF00000000ULL) >> 32;
594                 u16 v3 = (tsf & 0xFFFF000000000000ULL) >> 48;
595
596                 b43_write16(dev, B43_MMIO_TSF_0, 0);
597                 mmiowb();
598                 b43_write16(dev, B43_MMIO_TSF_3, v3);
599                 mmiowb();
600                 b43_write16(dev, B43_MMIO_TSF_2, v2);
601                 mmiowb();
602                 b43_write16(dev, B43_MMIO_TSF_1, v1);
603                 mmiowb();
604                 b43_write16(dev, B43_MMIO_TSF_0, v0);
605         }
606 }
607
608 void b43_tsf_write(struct b43_wldev *dev, u64 tsf)
609 {
610         b43_time_lock(dev);
611         b43_tsf_write_locked(dev, tsf);
612         b43_time_unlock(dev);
613 }
614
615 static
616 void b43_macfilter_set(struct b43_wldev *dev, u16 offset, const u8 * mac)
617 {
618         static const u8 zero_addr[ETH_ALEN] = { 0 };
619         u16 data;
620
621         if (!mac)
622                 mac = zero_addr;
623
624         offset |= 0x0020;
625         b43_write16(dev, B43_MMIO_MACFILTER_CONTROL, offset);
626
627         data = mac[0];
628         data |= mac[1] << 8;
629         b43_write16(dev, B43_MMIO_MACFILTER_DATA, data);
630         data = mac[2];
631         data |= mac[3] << 8;
632         b43_write16(dev, B43_MMIO_MACFILTER_DATA, data);
633         data = mac[4];
634         data |= mac[5] << 8;
635         b43_write16(dev, B43_MMIO_MACFILTER_DATA, data);
636 }
637
638 static void b43_write_mac_bssid_templates(struct b43_wldev *dev)
639 {
640         const u8 *mac;
641         const u8 *bssid;
642         u8 mac_bssid[ETH_ALEN * 2];
643         int i;
644         u32 tmp;
645
646         bssid = dev->wl->bssid;
647         mac = dev->wl->mac_addr;
648
649         b43_macfilter_set(dev, B43_MACFILTER_BSSID, bssid);
650
651         memcpy(mac_bssid, mac, ETH_ALEN);
652         memcpy(mac_bssid + ETH_ALEN, bssid, ETH_ALEN);
653
654         /* Write our MAC address and BSSID to template ram */
655         for (i = 0; i < ARRAY_SIZE(mac_bssid); i += sizeof(u32)) {
656                 tmp = (u32) (mac_bssid[i + 0]);
657                 tmp |= (u32) (mac_bssid[i + 1]) << 8;
658                 tmp |= (u32) (mac_bssid[i + 2]) << 16;
659                 tmp |= (u32) (mac_bssid[i + 3]) << 24;
660                 b43_ram_write(dev, 0x20 + i, tmp);
661         }
662 }
663
664 static void b43_upload_card_macaddress(struct b43_wldev *dev)
665 {
666         b43_write_mac_bssid_templates(dev);
667         b43_macfilter_set(dev, B43_MACFILTER_SELF, dev->wl->mac_addr);
668 }
669
670 static void b43_set_slot_time(struct b43_wldev *dev, u16 slot_time)
671 {
672         /* slot_time is in usec. */
673         if (dev->phy.type != B43_PHYTYPE_G)
674                 return;
675         b43_write16(dev, 0x684, 510 + slot_time);
676         b43_shm_write16(dev, B43_SHM_SHARED, 0x0010, slot_time);
677 }
678
679 static void b43_short_slot_timing_enable(struct b43_wldev *dev)
680 {
681         b43_set_slot_time(dev, 9);
682         dev->short_slot = 1;
683 }
684
685 static void b43_short_slot_timing_disable(struct b43_wldev *dev)
686 {
687         b43_set_slot_time(dev, 20);
688         dev->short_slot = 0;
689 }
690
691 /* Enable a Generic IRQ. "mask" is the mask of which IRQs to enable.
692  * Returns the _previously_ enabled IRQ mask.
693  */
694 static inline u32 b43_interrupt_enable(struct b43_wldev *dev, u32 mask)
695 {
696         u32 old_mask;
697
698         old_mask = b43_read32(dev, B43_MMIO_GEN_IRQ_MASK);
699         b43_write32(dev, B43_MMIO_GEN_IRQ_MASK, old_mask | mask);
700
701         return old_mask;
702 }
703
704 /* Disable a Generic IRQ. "mask" is the mask of which IRQs to disable.
705  * Returns the _previously_ enabled IRQ mask.
706  */
707 static inline u32 b43_interrupt_disable(struct b43_wldev *dev, u32 mask)
708 {
709         u32 old_mask;
710
711         old_mask = b43_read32(dev, B43_MMIO_GEN_IRQ_MASK);
712         b43_write32(dev, B43_MMIO_GEN_IRQ_MASK, old_mask & ~mask);
713
714         return old_mask;
715 }
716
717 /* Synchronize IRQ top- and bottom-half.
718  * IRQs must be masked before calling this.
719  * This must not be called with the irq_lock held.
720  */
721 static void b43_synchronize_irq(struct b43_wldev *dev)
722 {
723         synchronize_irq(dev->dev->irq);
724         tasklet_kill(&dev->isr_tasklet);
725 }
726
727 /* DummyTransmission function, as documented on
728  * http://bcm-specs.sipsolutions.net/DummyTransmission
729  */
730 void b43_dummy_transmission(struct b43_wldev *dev)
731 {
732         struct b43_wl *wl = dev->wl;
733         struct b43_phy *phy = &dev->phy;
734         unsigned int i, max_loop;
735         u16 value;
736         u32 buffer[5] = {
737                 0x00000000,
738                 0x00D40000,
739                 0x00000000,
740                 0x01000000,
741                 0x00000000,
742         };
743
744         switch (phy->type) {
745         case B43_PHYTYPE_A:
746                 max_loop = 0x1E;
747                 buffer[0] = 0x000201CC;
748                 break;
749         case B43_PHYTYPE_B:
750         case B43_PHYTYPE_G:
751                 max_loop = 0xFA;
752                 buffer[0] = 0x000B846E;
753                 break;
754         default:
755                 B43_WARN_ON(1);
756                 return;
757         }
758
759         spin_lock_irq(&wl->irq_lock);
760         write_lock(&wl->tx_lock);
761
762         for (i = 0; i < 5; i++)
763                 b43_ram_write(dev, i * 4, buffer[i]);
764
765         /* Commit writes */
766         b43_read32(dev, B43_MMIO_MACCTL);
767
768         b43_write16(dev, 0x0568, 0x0000);
769         b43_write16(dev, 0x07C0, 0x0000);
770         value = ((phy->type == B43_PHYTYPE_A) ? 1 : 0);
771         b43_write16(dev, 0x050C, value);
772         b43_write16(dev, 0x0508, 0x0000);
773         b43_write16(dev, 0x050A, 0x0000);
774         b43_write16(dev, 0x054C, 0x0000);
775         b43_write16(dev, 0x056A, 0x0014);
776         b43_write16(dev, 0x0568, 0x0826);
777         b43_write16(dev, 0x0500, 0x0000);
778         b43_write16(dev, 0x0502, 0x0030);
779
780         if (phy->radio_ver == 0x2050 && phy->radio_rev <= 0x5)
781                 b43_radio_write16(dev, 0x0051, 0x0017);
782         for (i = 0x00; i < max_loop; i++) {
783                 value = b43_read16(dev, 0x050E);
784                 if (value & 0x0080)
785                         break;
786                 udelay(10);
787         }
788         for (i = 0x00; i < 0x0A; i++) {
789                 value = b43_read16(dev, 0x050E);
790                 if (value & 0x0400)
791                         break;
792                 udelay(10);
793         }
794         for (i = 0x00; i < 0x0A; i++) {
795                 value = b43_read16(dev, 0x0690);
796                 if (!(value & 0x0100))
797                         break;
798                 udelay(10);
799         }
800         if (phy->radio_ver == 0x2050 && phy->radio_rev <= 0x5)
801                 b43_radio_write16(dev, 0x0051, 0x0037);
802
803         write_unlock(&wl->tx_lock);
804         spin_unlock_irq(&wl->irq_lock);
805 }
806
807 static void key_write(struct b43_wldev *dev,
808                       u8 index, u8 algorithm, const u8 * key)
809 {
810         unsigned int i;
811         u32 offset;
812         u16 value;
813         u16 kidx;
814
815         /* Key index/algo block */
816         kidx = b43_kidx_to_fw(dev, index);
817         value = ((kidx << 4) | algorithm);
818         b43_shm_write16(dev, B43_SHM_SHARED,
819                         B43_SHM_SH_KEYIDXBLOCK + (kidx * 2), value);
820
821         /* Write the key to the Key Table Pointer offset */
822         offset = dev->ktp + (index * B43_SEC_KEYSIZE);
823         for (i = 0; i < B43_SEC_KEYSIZE; i += 2) {
824                 value = key[i];
825                 value |= (u16) (key[i + 1]) << 8;
826                 b43_shm_write16(dev, B43_SHM_SHARED, offset + i, value);
827         }
828 }
829
830 static void keymac_write(struct b43_wldev *dev, u8 index, const u8 * addr)
831 {
832         u32 addrtmp[2] = { 0, 0, };
833         u8 per_sta_keys_start = 8;
834
835         if (b43_new_kidx_api(dev))
836                 per_sta_keys_start = 4;
837
838         B43_WARN_ON(index < per_sta_keys_start);
839         /* We have two default TX keys and possibly two default RX keys.
840          * Physical mac 0 is mapped to physical key 4 or 8, depending
841          * on the firmware version.
842          * So we must adjust the index here.
843          */
844         index -= per_sta_keys_start;
845
846         if (addr) {
847                 addrtmp[0] = addr[0];
848                 addrtmp[0] |= ((u32) (addr[1]) << 8);
849                 addrtmp[0] |= ((u32) (addr[2]) << 16);
850                 addrtmp[0] |= ((u32) (addr[3]) << 24);
851                 addrtmp[1] = addr[4];
852                 addrtmp[1] |= ((u32) (addr[5]) << 8);
853         }
854
855         if (dev->dev->id.revision >= 5) {
856                 /* Receive match transmitter address mechanism */
857                 b43_shm_write32(dev, B43_SHM_RCMTA,
858                                 (index * 2) + 0, addrtmp[0]);
859                 b43_shm_write16(dev, B43_SHM_RCMTA,
860                                 (index * 2) + 1, addrtmp[1]);
861         } else {
862                 /* RXE (Receive Engine) and
863                  * PSM (Programmable State Machine) mechanism
864                  */
865                 if (index < 8) {
866                         /* TODO write to RCM 16, 19, 22 and 25 */
867                 } else {
868                         b43_shm_write32(dev, B43_SHM_SHARED,
869                                         B43_SHM_SH_PSM + (index * 6) + 0,
870                                         addrtmp[0]);
871                         b43_shm_write16(dev, B43_SHM_SHARED,
872                                         B43_SHM_SH_PSM + (index * 6) + 4,
873                                         addrtmp[1]);
874                 }
875         }
876 }
877
878 static void do_key_write(struct b43_wldev *dev,
879                          u8 index, u8 algorithm,
880                          const u8 * key, size_t key_len, const u8 * mac_addr)
881 {
882         u8 buf[B43_SEC_KEYSIZE] = { 0, };
883         u8 per_sta_keys_start = 8;
884
885         if (b43_new_kidx_api(dev))
886                 per_sta_keys_start = 4;
887
888         B43_WARN_ON(index >= dev->max_nr_keys);
889         B43_WARN_ON(key_len > B43_SEC_KEYSIZE);
890
891         if (index >= per_sta_keys_start)
892                 keymac_write(dev, index, NULL); /* First zero out mac. */
893         if (key)
894                 memcpy(buf, key, key_len);
895         key_write(dev, index, algorithm, buf);
896         if (index >= per_sta_keys_start)
897                 keymac_write(dev, index, mac_addr);
898
899         dev->key[index].algorithm = algorithm;
900 }
901
902 static int b43_key_write(struct b43_wldev *dev,
903                          int index, u8 algorithm,
904                          const u8 * key, size_t key_len,
905                          const u8 * mac_addr,
906                          struct ieee80211_key_conf *keyconf)
907 {
908         int i;
909         int sta_keys_start;
910
911         if (key_len > B43_SEC_KEYSIZE)
912                 return -EINVAL;
913         for (i = 0; i < dev->max_nr_keys; i++) {
914                 /* Check that we don't already have this key. */
915                 B43_WARN_ON(dev->key[i].keyconf == keyconf);
916         }
917         if (index < 0) {
918                 /* Either pairwise key or address is 00:00:00:00:00:00
919                  * for transmit-only keys. Search the index. */
920                 if (b43_new_kidx_api(dev))
921                         sta_keys_start = 4;
922                 else
923                         sta_keys_start = 8;
924                 for (i = sta_keys_start; i < dev->max_nr_keys; i++) {
925                         if (!dev->key[i].keyconf) {
926                                 /* found empty */
927                                 index = i;
928                                 break;
929                         }
930                 }
931                 if (index < 0) {
932                         b43err(dev->wl, "Out of hardware key memory\n");
933                         return -ENOSPC;
934                 }
935         } else
936                 B43_WARN_ON(index > 3);
937
938         do_key_write(dev, index, algorithm, key, key_len, mac_addr);
939         if ((index <= 3) && !b43_new_kidx_api(dev)) {
940                 /* Default RX key */
941                 B43_WARN_ON(mac_addr);
942                 do_key_write(dev, index + 4, algorithm, key, key_len, NULL);
943         }
944         keyconf->hw_key_idx = index;
945         dev->key[index].keyconf = keyconf;
946
947         return 0;
948 }
949
950 static int b43_key_clear(struct b43_wldev *dev, int index)
951 {
952         if (B43_WARN_ON((index < 0) || (index >= dev->max_nr_keys)))
953                 return -EINVAL;
954         do_key_write(dev, index, B43_SEC_ALGO_NONE,
955                      NULL, B43_SEC_KEYSIZE, NULL);
956         if ((index <= 3) && !b43_new_kidx_api(dev)) {
957                 do_key_write(dev, index + 4, B43_SEC_ALGO_NONE,
958                              NULL, B43_SEC_KEYSIZE, NULL);
959         }
960         dev->key[index].keyconf = NULL;
961
962         return 0;
963 }
964
965 static void b43_clear_keys(struct b43_wldev *dev)
966 {
967         int i;
968
969         for (i = 0; i < dev->max_nr_keys; i++)
970                 b43_key_clear(dev, i);
971 }
972
973 void b43_power_saving_ctl_bits(struct b43_wldev *dev, unsigned int ps_flags)
974 {
975         u32 macctl;
976         u16 ucstat;
977         bool hwps;
978         bool awake;
979         int i;
980
981         B43_WARN_ON((ps_flags & B43_PS_ENABLED) &&
982                     (ps_flags & B43_PS_DISABLED));
983         B43_WARN_ON((ps_flags & B43_PS_AWAKE) && (ps_flags & B43_PS_ASLEEP));
984
985         if (ps_flags & B43_PS_ENABLED) {
986                 hwps = 1;
987         } else if (ps_flags & B43_PS_DISABLED) {
988                 hwps = 0;
989         } else {
990                 //TODO: If powersave is not off and FIXME is not set and we are not in adhoc
991                 //      and thus is not an AP and we are associated, set bit 25
992         }
993         if (ps_flags & B43_PS_AWAKE) {
994                 awake = 1;
995         } else if (ps_flags & B43_PS_ASLEEP) {
996                 awake = 0;
997         } else {
998                 //TODO: If the device is awake or this is an AP, or we are scanning, or FIXME,
999                 //      or we are associated, or FIXME, or the latest PS-Poll packet sent was
1000                 //      successful, set bit26
1001         }
1002
1003 /* FIXME: For now we force awake-on and hwps-off */
1004         hwps = 0;
1005         awake = 1;
1006
1007         macctl = b43_read32(dev, B43_MMIO_MACCTL);
1008         if (hwps)
1009                 macctl |= B43_MACCTL_HWPS;
1010         else
1011                 macctl &= ~B43_MACCTL_HWPS;
1012         if (awake)
1013                 macctl |= B43_MACCTL_AWAKE;
1014         else
1015                 macctl &= ~B43_MACCTL_AWAKE;
1016         b43_write32(dev, B43_MMIO_MACCTL, macctl);
1017         /* Commit write */
1018         b43_read32(dev, B43_MMIO_MACCTL);
1019         if (awake && dev->dev->id.revision >= 5) {
1020                 /* Wait for the microcode to wake up. */
1021                 for (i = 0; i < 100; i++) {
1022                         ucstat = b43_shm_read16(dev, B43_SHM_SHARED,
1023                                                 B43_SHM_SH_UCODESTAT);
1024                         if (ucstat != B43_SHM_SH_UCODESTAT_SLEEP)
1025                                 break;
1026                         udelay(10);
1027                 }
1028         }
1029 }
1030
1031 /* Turn the Analog ON/OFF */
1032 static void b43_switch_analog(struct b43_wldev *dev, int on)
1033 {
1034         switch (dev->phy.type) {
1035         case B43_PHYTYPE_A:
1036         case B43_PHYTYPE_G:
1037                 b43_write16(dev, B43_MMIO_PHY0, on ? 0 : 0xF4);
1038                 break;
1039         case B43_PHYTYPE_N:
1040                 b43_phy_write(dev, B43_NPHY_AFECTL_OVER,
1041                               on ? 0 : 0x7FFF);
1042                 break;
1043         default:
1044                 B43_WARN_ON(1);
1045         }
1046 }
1047
1048 void b43_wireless_core_reset(struct b43_wldev *dev, u32 flags)
1049 {
1050         u32 tmslow;
1051         u32 macctl;
1052
1053         flags |= B43_TMSLOW_PHYCLKEN;
1054         flags |= B43_TMSLOW_PHYRESET;
1055         ssb_device_enable(dev->dev, flags);
1056         msleep(2);              /* Wait for the PLL to turn on. */
1057
1058         /* Now take the PHY out of Reset again */
1059         tmslow = ssb_read32(dev->dev, SSB_TMSLOW);
1060         tmslow |= SSB_TMSLOW_FGC;
1061         tmslow &= ~B43_TMSLOW_PHYRESET;
1062         ssb_write32(dev->dev, SSB_TMSLOW, tmslow);
1063         ssb_read32(dev->dev, SSB_TMSLOW);       /* flush */
1064         msleep(1);
1065         tmslow &= ~SSB_TMSLOW_FGC;
1066         ssb_write32(dev->dev, SSB_TMSLOW, tmslow);
1067         ssb_read32(dev->dev, SSB_TMSLOW);       /* flush */
1068         msleep(1);
1069
1070         /* Turn Analog ON */
1071         b43_switch_analog(dev, 1);
1072
1073         macctl = b43_read32(dev, B43_MMIO_MACCTL);
1074         macctl &= ~B43_MACCTL_GMODE;
1075         if (flags & B43_TMSLOW_GMODE)
1076                 macctl |= B43_MACCTL_GMODE;
1077         macctl |= B43_MACCTL_IHR_ENABLED;
1078         b43_write32(dev, B43_MMIO_MACCTL, macctl);
1079 }
1080
1081 static void handle_irq_transmit_status(struct b43_wldev *dev)
1082 {
1083         u32 v0, v1;
1084         u16 tmp;
1085         struct b43_txstatus stat;
1086
1087         while (1) {
1088                 v0 = b43_read32(dev, B43_MMIO_XMITSTAT_0);
1089                 if (!(v0 & 0x00000001))
1090                         break;
1091                 v1 = b43_read32(dev, B43_MMIO_XMITSTAT_1);
1092
1093                 stat.cookie = (v0 >> 16);
1094                 stat.seq = (v1 & 0x0000FFFF);
1095                 stat.phy_stat = ((v1 & 0x00FF0000) >> 16);
1096                 tmp = (v0 & 0x0000FFFF);
1097                 stat.frame_count = ((tmp & 0xF000) >> 12);
1098                 stat.rts_count = ((tmp & 0x0F00) >> 8);
1099                 stat.supp_reason = ((tmp & 0x001C) >> 2);
1100                 stat.pm_indicated = !!(tmp & 0x0080);
1101                 stat.intermediate = !!(tmp & 0x0040);
1102                 stat.for_ampdu = !!(tmp & 0x0020);
1103                 stat.acked = !!(tmp & 0x0002);
1104
1105                 b43_handle_txstatus(dev, &stat);
1106         }
1107 }
1108
1109 static void drain_txstatus_queue(struct b43_wldev *dev)
1110 {
1111         u32 dummy;
1112
1113         if (dev->dev->id.revision < 5)
1114                 return;
1115         /* Read all entries from the microcode TXstatus FIFO
1116          * and throw them away.
1117          */
1118         while (1) {
1119                 dummy = b43_read32(dev, B43_MMIO_XMITSTAT_0);
1120                 if (!(dummy & 0x00000001))
1121                         break;
1122                 dummy = b43_read32(dev, B43_MMIO_XMITSTAT_1);
1123         }
1124 }
1125
1126 static u32 b43_jssi_read(struct b43_wldev *dev)
1127 {
1128         u32 val = 0;
1129
1130         val = b43_shm_read16(dev, B43_SHM_SHARED, 0x08A);
1131         val <<= 16;
1132         val |= b43_shm_read16(dev, B43_SHM_SHARED, 0x088);
1133
1134         return val;
1135 }
1136
1137 static void b43_jssi_write(struct b43_wldev *dev, u32 jssi)
1138 {
1139         b43_shm_write16(dev, B43_SHM_SHARED, 0x088, (jssi & 0x0000FFFF));
1140         b43_shm_write16(dev, B43_SHM_SHARED, 0x08A, (jssi & 0xFFFF0000) >> 16);
1141 }
1142
1143 static void b43_generate_noise_sample(struct b43_wldev *dev)
1144 {
1145         b43_jssi_write(dev, 0x7F7F7F7F);
1146         b43_write32(dev, B43_MMIO_MACCMD,
1147                     b43_read32(dev, B43_MMIO_MACCMD) | B43_MACCMD_BGNOISE);
1148 }
1149
1150 static void b43_calculate_link_quality(struct b43_wldev *dev)
1151 {
1152         /* Top half of Link Quality calculation. */
1153
1154         if (dev->noisecalc.calculation_running)
1155                 return;
1156         dev->noisecalc.calculation_running = 1;
1157         dev->noisecalc.nr_samples = 0;
1158
1159         b43_generate_noise_sample(dev);
1160 }
1161
1162 static void handle_irq_noise(struct b43_wldev *dev)
1163 {
1164         struct b43_phy *phy = &dev->phy;
1165         u16 tmp;
1166         u8 noise[4];
1167         u8 i, j;
1168         s32 average;
1169
1170         /* Bottom half of Link Quality calculation. */
1171
1172         /* Possible race condition: It might be possible that the user
1173          * changed to a different channel in the meantime since we
1174          * started the calculation. We ignore that fact, since it's
1175          * not really that much of a problem. The background noise is
1176          * an estimation only anyway. Slightly wrong results will get damped
1177          * by the averaging of the 8 sample rounds. Additionally the
1178          * value is shortlived. So it will be replaced by the next noise
1179          * calculation round soon. */
1180
1181         B43_WARN_ON(!dev->noisecalc.calculation_running);
1182         *((__le32 *)noise) = cpu_to_le32(b43_jssi_read(dev));
1183         if (noise[0] == 0x7F || noise[1] == 0x7F ||
1184             noise[2] == 0x7F || noise[3] == 0x7F)
1185                 goto generate_new;
1186
1187         /* Get the noise samples. */
1188         B43_WARN_ON(dev->noisecalc.nr_samples >= 8);
1189         i = dev->noisecalc.nr_samples;
1190         noise[0] = limit_value(noise[0], 0, ARRAY_SIZE(phy->nrssi_lt) - 1);
1191         noise[1] = limit_value(noise[1], 0, ARRAY_SIZE(phy->nrssi_lt) - 1);
1192         noise[2] = limit_value(noise[2], 0, ARRAY_SIZE(phy->nrssi_lt) - 1);
1193         noise[3] = limit_value(noise[3], 0, ARRAY_SIZE(phy->nrssi_lt) - 1);
1194         dev->noisecalc.samples[i][0] = phy->nrssi_lt[noise[0]];
1195         dev->noisecalc.samples[i][1] = phy->nrssi_lt[noise[1]];
1196         dev->noisecalc.samples[i][2] = phy->nrssi_lt[noise[2]];
1197         dev->noisecalc.samples[i][3] = phy->nrssi_lt[noise[3]];
1198         dev->noisecalc.nr_samples++;
1199         if (dev->noisecalc.nr_samples == 8) {
1200                 /* Calculate the Link Quality by the noise samples. */
1201                 average = 0;
1202                 for (i = 0; i < 8; i++) {
1203                         for (j = 0; j < 4; j++)
1204                                 average += dev->noisecalc.samples[i][j];
1205                 }
1206                 average /= (8 * 4);
1207                 average *= 125;
1208                 average += 64;
1209                 average /= 128;
1210                 tmp = b43_shm_read16(dev, B43_SHM_SHARED, 0x40C);
1211                 tmp = (tmp / 128) & 0x1F;
1212                 if (tmp >= 8)
1213                         average += 2;
1214                 else
1215                         average -= 25;
1216                 if (tmp == 8)
1217                         average -= 72;
1218                 else
1219                         average -= 48;
1220
1221                 dev->stats.link_noise = average;
1222                 dev->noisecalc.calculation_running = 0;
1223                 return;
1224         }
1225 generate_new:
1226         b43_generate_noise_sample(dev);
1227 }
1228
1229 static void handle_irq_tbtt_indication(struct b43_wldev *dev)
1230 {
1231         if (b43_is_mode(dev->wl, IEEE80211_IF_TYPE_AP)) {
1232                 ///TODO: PS TBTT
1233         } else {
1234                 if (1 /*FIXME: the last PSpoll frame was sent successfully */ )
1235                         b43_power_saving_ctl_bits(dev, 0);
1236         }
1237         if (b43_is_mode(dev->wl, IEEE80211_IF_TYPE_IBSS))
1238                 dev->dfq_valid = 1;
1239 }
1240
1241 static void handle_irq_atim_end(struct b43_wldev *dev)
1242 {
1243         if (dev->dfq_valid) {
1244                 b43_write32(dev, B43_MMIO_MACCMD,
1245                             b43_read32(dev, B43_MMIO_MACCMD)
1246                             | B43_MACCMD_DFQ_VALID);
1247                 dev->dfq_valid = 0;
1248         }
1249 }
1250
1251 static void handle_irq_pmq(struct b43_wldev *dev)
1252 {
1253         u32 tmp;
1254
1255         //TODO: AP mode.
1256
1257         while (1) {
1258                 tmp = b43_read32(dev, B43_MMIO_PS_STATUS);
1259                 if (!(tmp & 0x00000008))
1260                         break;
1261         }
1262         /* 16bit write is odd, but correct. */
1263         b43_write16(dev, B43_MMIO_PS_STATUS, 0x0002);
1264 }
1265
1266 static void b43_write_template_common(struct b43_wldev *dev,
1267                                       const u8 * data, u16 size,
1268                                       u16 ram_offset,
1269                                       u16 shm_size_offset, u8 rate)
1270 {
1271         u32 i, tmp;
1272         struct b43_plcp_hdr4 plcp;
1273
1274         plcp.data = 0;
1275         b43_generate_plcp_hdr(&plcp, size + FCS_LEN, rate);
1276         b43_ram_write(dev, ram_offset, le32_to_cpu(plcp.data));
1277         ram_offset += sizeof(u32);
1278         /* The PLCP is 6 bytes long, but we only wrote 4 bytes, yet.
1279          * So leave the first two bytes of the next write blank.
1280          */
1281         tmp = (u32) (data[0]) << 16;
1282         tmp |= (u32) (data[1]) << 24;
1283         b43_ram_write(dev, ram_offset, tmp);
1284         ram_offset += sizeof(u32);
1285         for (i = 2; i < size; i += sizeof(u32)) {
1286                 tmp = (u32) (data[i + 0]);
1287                 if (i + 1 < size)
1288                         tmp |= (u32) (data[i + 1]) << 8;
1289                 if (i + 2 < size)
1290                         tmp |= (u32) (data[i + 2]) << 16;
1291                 if (i + 3 < size)
1292                         tmp |= (u32) (data[i + 3]) << 24;
1293                 b43_ram_write(dev, ram_offset + i - 2, tmp);
1294         }
1295         b43_shm_write16(dev, B43_SHM_SHARED, shm_size_offset,
1296                         size + sizeof(struct b43_plcp_hdr6));
1297 }
1298
1299 /* Check if the use of the antenna that ieee80211 told us to
1300  * use is possible. This will fall back to DEFAULT.
1301  * "antenna_nr" is the antenna identifier we got from ieee80211. */
1302 u8 b43_ieee80211_antenna_sanitize(struct b43_wldev *dev,
1303                                   u8 antenna_nr)
1304 {
1305         u8 antenna_mask;
1306
1307         if (antenna_nr == 0) {
1308                 /* Zero means "use default antenna". That's always OK. */
1309                 return 0;
1310         }
1311
1312         /* Get the mask of available antennas. */
1313         if (dev->phy.gmode)
1314                 antenna_mask = dev->dev->bus->sprom.ant_available_bg;
1315         else
1316                 antenna_mask = dev->dev->bus->sprom.ant_available_a;
1317
1318         if (!(antenna_mask & (1 << (antenna_nr - 1)))) {
1319                 /* This antenna is not available. Fall back to default. */
1320                 return 0;
1321         }
1322
1323         return antenna_nr;
1324 }
1325
1326 static int b43_antenna_from_ieee80211(struct b43_wldev *dev, u8 antenna)
1327 {
1328         antenna = b43_ieee80211_antenna_sanitize(dev, antenna);
1329         switch (antenna) {
1330         case 0:         /* default/diversity */
1331                 return B43_ANTENNA_DEFAULT;
1332         case 1:         /* Antenna 0 */
1333                 return B43_ANTENNA0;
1334         case 2:         /* Antenna 1 */
1335                 return B43_ANTENNA1;
1336         case 3:         /* Antenna 2 */
1337                 return B43_ANTENNA2;
1338         case 4:         /* Antenna 3 */
1339                 return B43_ANTENNA3;
1340         default:
1341                 return B43_ANTENNA_DEFAULT;
1342         }
1343 }
1344
1345 /* Convert a b43 antenna number value to the PHY TX control value. */
1346 static u16 b43_antenna_to_phyctl(int antenna)
1347 {
1348         switch (antenna) {
1349         case B43_ANTENNA0:
1350                 return B43_TXH_PHY_ANT0;
1351         case B43_ANTENNA1:
1352                 return B43_TXH_PHY_ANT1;
1353         case B43_ANTENNA2:
1354                 return B43_TXH_PHY_ANT2;
1355         case B43_ANTENNA3:
1356                 return B43_TXH_PHY_ANT3;
1357         case B43_ANTENNA_AUTO:
1358                 return B43_TXH_PHY_ANT01AUTO;
1359         }
1360         B43_WARN_ON(1);
1361         return 0;
1362 }
1363
1364 static void b43_write_beacon_template(struct b43_wldev *dev,
1365                                       u16 ram_offset,
1366                                       u16 shm_size_offset)
1367 {
1368         unsigned int i, len, variable_len;
1369         const struct ieee80211_mgmt *bcn;
1370         const u8 *ie;
1371         bool tim_found = 0;
1372         unsigned int rate;
1373         u16 ctl;
1374         int antenna;
1375
1376         bcn = (const struct ieee80211_mgmt *)(dev->wl->current_beacon->data);
1377         len = min((size_t) dev->wl->current_beacon->len,
1378                   0x200 - sizeof(struct b43_plcp_hdr6));
1379         rate = dev->wl->beacon_txctl.tx_rate->hw_value;
1380
1381         b43_write_template_common(dev, (const u8 *)bcn,
1382                                   len, ram_offset, shm_size_offset, rate);
1383
1384         /* Write the PHY TX control parameters. */
1385         antenna = b43_antenna_from_ieee80211(dev,
1386                         dev->wl->beacon_txctl.antenna_sel_tx);
1387         antenna = b43_antenna_to_phyctl(antenna);
1388         ctl = b43_shm_read16(dev, B43_SHM_SHARED, B43_SHM_SH_BEACPHYCTL);
1389         /* We can't send beacons with short preamble. Would get PHY errors. */
1390         ctl &= ~B43_TXH_PHY_SHORTPRMBL;
1391         ctl &= ~B43_TXH_PHY_ANT;
1392         ctl &= ~B43_TXH_PHY_ENC;
1393         ctl |= antenna;
1394         if (b43_is_cck_rate(rate))
1395                 ctl |= B43_TXH_PHY_ENC_CCK;
1396         else
1397                 ctl |= B43_TXH_PHY_ENC_OFDM;
1398         b43_shm_write16(dev, B43_SHM_SHARED, B43_SHM_SH_BEACPHYCTL, ctl);
1399
1400         /* Find the position of the TIM and the DTIM_period value
1401          * and write them to SHM. */
1402         ie = bcn->u.beacon.variable;
1403         variable_len = len - offsetof(struct ieee80211_mgmt, u.beacon.variable);
1404         for (i = 0; i < variable_len - 2; ) {
1405                 uint8_t ie_id, ie_len;
1406
1407                 ie_id = ie[i];
1408                 ie_len = ie[i + 1];
1409                 if (ie_id == 5) {
1410                         u16 tim_position;
1411                         u16 dtim_period;
1412                         /* This is the TIM Information Element */
1413
1414                         /* Check whether the ie_len is in the beacon data range. */
1415                         if (variable_len < ie_len + 2 + i)
1416                                 break;
1417                         /* A valid TIM is at least 4 bytes long. */
1418                         if (ie_len < 4)
1419                                 break;
1420                         tim_found = 1;
1421
1422                         tim_position = sizeof(struct b43_plcp_hdr6);
1423                         tim_position += offsetof(struct ieee80211_mgmt, u.beacon.variable);
1424                         tim_position += i;
1425
1426                         dtim_period = ie[i + 3];
1427
1428                         b43_shm_write16(dev, B43_SHM_SHARED,
1429                                         B43_SHM_SH_TIMBPOS, tim_position);
1430                         b43_shm_write16(dev, B43_SHM_SHARED,
1431                                         B43_SHM_SH_DTIMPER, dtim_period);
1432                         break;
1433                 }
1434                 i += ie_len + 2;
1435         }
1436         if (!tim_found) {
1437                 b43warn(dev->wl, "Did not find a valid TIM IE in "
1438                         "the beacon template packet. AP or IBSS operation "
1439                         "may be broken.\n");
1440         } else
1441                 b43dbg(dev->wl, "Updated beacon template\n");
1442 }
1443
1444 static void b43_write_probe_resp_plcp(struct b43_wldev *dev,
1445                                       u16 shm_offset, u16 size,
1446                                       struct ieee80211_rate *rate)
1447 {
1448         struct b43_plcp_hdr4 plcp;
1449         u32 tmp;
1450         __le16 dur;
1451
1452         plcp.data = 0;
1453         b43_generate_plcp_hdr(&plcp, size + FCS_LEN, rate->hw_value);
1454         dur = ieee80211_generic_frame_duration(dev->wl->hw,
1455                                                dev->wl->vif, size,
1456                                                rate);
1457         /* Write PLCP in two parts and timing for packet transfer */
1458         tmp = le32_to_cpu(plcp.data);
1459         b43_shm_write16(dev, B43_SHM_SHARED, shm_offset, tmp & 0xFFFF);
1460         b43_shm_write16(dev, B43_SHM_SHARED, shm_offset + 2, tmp >> 16);
1461         b43_shm_write16(dev, B43_SHM_SHARED, shm_offset + 6, le16_to_cpu(dur));
1462 }
1463
1464 /* Instead of using custom probe response template, this function
1465  * just patches custom beacon template by:
1466  * 1) Changing packet type
1467  * 2) Patching duration field
1468  * 3) Stripping TIM
1469  */
1470 static const u8 * b43_generate_probe_resp(struct b43_wldev *dev,
1471                                           u16 *dest_size,
1472                                           struct ieee80211_rate *rate)
1473 {
1474         const u8 *src_data;
1475         u8 *dest_data;
1476         u16 src_size, elem_size, src_pos, dest_pos;
1477         __le16 dur;
1478         struct ieee80211_hdr *hdr;
1479         size_t ie_start;
1480
1481         src_size = dev->wl->current_beacon->len;
1482         src_data = (const u8 *)dev->wl->current_beacon->data;
1483
1484         /* Get the start offset of the variable IEs in the packet. */
1485         ie_start = offsetof(struct ieee80211_mgmt, u.probe_resp.variable);
1486         B43_WARN_ON(ie_start != offsetof(struct ieee80211_mgmt, u.beacon.variable));
1487
1488         if (B43_WARN_ON(src_size < ie_start))
1489                 return NULL;
1490
1491         dest_data = kmalloc(src_size, GFP_ATOMIC);
1492         if (unlikely(!dest_data))
1493                 return NULL;
1494
1495         /* Copy the static data and all Information Elements, except the TIM. */
1496         memcpy(dest_data, src_data, ie_start);
1497         src_pos = ie_start;
1498         dest_pos = ie_start;
1499         for ( ; src_pos < src_size - 2; src_pos += elem_size) {
1500                 elem_size = src_data[src_pos + 1] + 2;
1501                 if (src_data[src_pos] == 5) {
1502                         /* This is the TIM. */
1503                         continue;
1504                 }
1505                 memcpy(dest_data + dest_pos, src_data + src_pos,
1506                        elem_size);
1507                 dest_pos += elem_size;
1508         }
1509         *dest_size = dest_pos;
1510         hdr = (struct ieee80211_hdr *)dest_data;
1511
1512         /* Set the frame control. */
1513         hdr->frame_control = cpu_to_le16(IEEE80211_FTYPE_MGMT |
1514                                          IEEE80211_STYPE_PROBE_RESP);
1515         dur = ieee80211_generic_frame_duration(dev->wl->hw,
1516                                                dev->wl->vif, *dest_size,
1517                                                rate);
1518         hdr->duration_id = dur;
1519
1520         return dest_data;
1521 }
1522
1523 static void b43_write_probe_resp_template(struct b43_wldev *dev,
1524                                           u16 ram_offset,
1525                                           u16 shm_size_offset,
1526                                           struct ieee80211_rate *rate)
1527 {
1528         const u8 *probe_resp_data;
1529         u16 size;
1530
1531         size = dev->wl->current_beacon->len;
1532         probe_resp_data = b43_generate_probe_resp(dev, &size, rate);
1533         if (unlikely(!probe_resp_data))
1534                 return;
1535
1536         /* Looks like PLCP headers plus packet timings are stored for
1537          * all possible basic rates
1538          */
1539         b43_write_probe_resp_plcp(dev, 0x31A, size, &b43_b_ratetable[0]);
1540         b43_write_probe_resp_plcp(dev, 0x32C, size, &b43_b_ratetable[1]);
1541         b43_write_probe_resp_plcp(dev, 0x33E, size, &b43_b_ratetable[2]);
1542         b43_write_probe_resp_plcp(dev, 0x350, size, &b43_b_ratetable[3]);
1543
1544         size = min((size_t) size, 0x200 - sizeof(struct b43_plcp_hdr6));
1545         b43_write_template_common(dev, probe_resp_data,
1546                                   size, ram_offset, shm_size_offset,
1547                                   rate->hw_value);
1548         kfree(probe_resp_data);
1549 }
1550
1551 static void b43_upload_beacon0(struct b43_wldev *dev)
1552 {
1553         struct b43_wl *wl = dev->wl;
1554
1555         if (wl->beacon0_uploaded)
1556                 return;
1557         b43_write_beacon_template(dev, 0x68, 0x18);
1558         /* FIXME: Probe resp upload doesn't really belong here,
1559          *        but we don't use that feature anyway. */
1560         b43_write_probe_resp_template(dev, 0x268, 0x4A,
1561                                       &__b43_ratetable[3]);
1562         wl->beacon0_uploaded = 1;
1563 }
1564
1565 static void b43_upload_beacon1(struct b43_wldev *dev)
1566 {
1567         struct b43_wl *wl = dev->wl;
1568
1569         if (wl->beacon1_uploaded)
1570                 return;
1571         b43_write_beacon_template(dev, 0x468, 0x1A);
1572         wl->beacon1_uploaded = 1;
1573 }
1574
1575 static void handle_irq_beacon(struct b43_wldev *dev)
1576 {
1577         struct b43_wl *wl = dev->wl;
1578         u32 cmd, beacon0_valid, beacon1_valid;
1579
1580         if (!b43_is_mode(wl, IEEE80211_IF_TYPE_AP))
1581                 return;
1582
1583         /* This is the bottom half of the asynchronous beacon update. */
1584
1585         /* Ignore interrupt in the future. */
1586         dev->irq_savedstate &= ~B43_IRQ_BEACON;
1587
1588         cmd = b43_read32(dev, B43_MMIO_MACCMD);
1589         beacon0_valid = (cmd & B43_MACCMD_BEACON0_VALID);
1590         beacon1_valid = (cmd & B43_MACCMD_BEACON1_VALID);
1591
1592         /* Schedule interrupt manually, if busy. */
1593         if (beacon0_valid && beacon1_valid) {
1594                 b43_write32(dev, B43_MMIO_GEN_IRQ_REASON, B43_IRQ_BEACON);
1595                 dev->irq_savedstate |= B43_IRQ_BEACON;
1596                 return;
1597         }
1598
1599         if (unlikely(wl->beacon_templates_virgin)) {
1600                 /* We never uploaded a beacon before.
1601                  * Upload both templates now, but only mark one valid. */
1602                 wl->beacon_templates_virgin = 0;
1603                 b43_upload_beacon0(dev);
1604                 b43_upload_beacon1(dev);
1605                 cmd = b43_read32(dev, B43_MMIO_MACCMD);
1606                 cmd |= B43_MACCMD_BEACON0_VALID;
1607                 b43_write32(dev, B43_MMIO_MACCMD, cmd);
1608         } else {
1609                 if (!beacon0_valid) {
1610                         b43_upload_beacon0(dev);
1611                         cmd = b43_read32(dev, B43_MMIO_MACCMD);
1612                         cmd |= B43_MACCMD_BEACON0_VALID;
1613                         b43_write32(dev, B43_MMIO_MACCMD, cmd);
1614                 } else if (!beacon1_valid) {
1615                         b43_upload_beacon1(dev);
1616                         cmd = b43_read32(dev, B43_MMIO_MACCMD);
1617                         cmd |= B43_MACCMD_BEACON1_VALID;
1618                         b43_write32(dev, B43_MMIO_MACCMD, cmd);
1619                 }
1620         }
1621 }
1622
1623 static void b43_beacon_update_trigger_work(struct work_struct *work)
1624 {
1625         struct b43_wl *wl = container_of(work, struct b43_wl,
1626                                          beacon_update_trigger);
1627         struct b43_wldev *dev;
1628
1629         mutex_lock(&wl->mutex);
1630         dev = wl->current_dev;
1631         if (likely(dev && (b43_status(dev) >= B43_STAT_INITIALIZED))) {
1632                 spin_lock_irq(&wl->irq_lock);
1633                 /* update beacon right away or defer to irq */
1634                 dev->irq_savedstate = b43_read32(dev, B43_MMIO_GEN_IRQ_MASK);
1635                 handle_irq_beacon(dev);
1636                 /* The handler might have updated the IRQ mask. */
1637                 b43_write32(dev, B43_MMIO_GEN_IRQ_MASK,
1638                             dev->irq_savedstate);
1639                 mmiowb();
1640                 spin_unlock_irq(&wl->irq_lock);
1641         }
1642         mutex_unlock(&wl->mutex);
1643 }
1644
1645 /* Asynchronously update the packet templates in template RAM.
1646  * Locking: Requires wl->irq_lock to be locked. */
1647 static void b43_update_templates(struct b43_wl *wl, struct sk_buff *beacon,
1648                                  const struct ieee80211_tx_control *txctl)
1649 {
1650         /* This is the top half of the ansynchronous beacon update.
1651          * The bottom half is the beacon IRQ.
1652          * Beacon update must be asynchronous to avoid sending an
1653          * invalid beacon. This can happen for example, if the firmware
1654          * transmits a beacon while we are updating it. */
1655
1656         if (wl->current_beacon)
1657                 dev_kfree_skb_any(wl->current_beacon);
1658         wl->current_beacon = beacon;
1659         memcpy(&wl->beacon_txctl, txctl, sizeof(wl->beacon_txctl));
1660         wl->beacon0_uploaded = 0;
1661         wl->beacon1_uploaded = 0;
1662         queue_work(wl->hw->workqueue, &wl->beacon_update_trigger);
1663 }
1664
1665 static void b43_set_ssid(struct b43_wldev *dev, const u8 * ssid, u8 ssid_len)
1666 {
1667         u32 tmp;
1668         u16 i, len;
1669
1670         len = min((u16) ssid_len, (u16) 0x100);
1671         for (i = 0; i < len; i += sizeof(u32)) {
1672                 tmp = (u32) (ssid[i + 0]);
1673                 if (i + 1 < len)
1674                         tmp |= (u32) (ssid[i + 1]) << 8;
1675                 if (i + 2 < len)
1676                         tmp |= (u32) (ssid[i + 2]) << 16;
1677                 if (i + 3 < len)
1678                         tmp |= (u32) (ssid[i + 3]) << 24;
1679                 b43_shm_write32(dev, B43_SHM_SHARED, 0x380 + i, tmp);
1680         }
1681         b43_shm_write16(dev, B43_SHM_SHARED, 0x48, len);
1682 }
1683
1684 static void b43_set_beacon_int(struct b43_wldev *dev, u16 beacon_int)
1685 {
1686         b43_time_lock(dev);
1687         if (dev->dev->id.revision >= 3) {
1688                 b43_write32(dev, B43_MMIO_TSF_CFP_REP, (beacon_int << 16));
1689                 b43_write32(dev, B43_MMIO_TSF_CFP_START, (beacon_int << 10));
1690         } else {
1691                 b43_write16(dev, 0x606, (beacon_int >> 6));
1692                 b43_write16(dev, 0x610, beacon_int);
1693         }
1694         b43_time_unlock(dev);
1695         b43dbg(dev->wl, "Set beacon interval to %u\n", beacon_int);
1696 }
1697
1698 static void handle_irq_ucode_debug(struct b43_wldev *dev)
1699 {
1700         //TODO
1701 }
1702
1703 /* Interrupt handler bottom-half */
1704 static void b43_interrupt_tasklet(struct b43_wldev *dev)
1705 {
1706         u32 reason;
1707         u32 dma_reason[ARRAY_SIZE(dev->dma_reason)];
1708         u32 merged_dma_reason = 0;
1709         int i;
1710         unsigned long flags;
1711
1712         spin_lock_irqsave(&dev->wl->irq_lock, flags);
1713
1714         B43_WARN_ON(b43_status(dev) != B43_STAT_STARTED);
1715
1716         reason = dev->irq_reason;
1717         for (i = 0; i < ARRAY_SIZE(dma_reason); i++) {
1718                 dma_reason[i] = dev->dma_reason[i];
1719                 merged_dma_reason |= dma_reason[i];
1720         }
1721
1722         if (unlikely(reason & B43_IRQ_MAC_TXERR))
1723                 b43err(dev->wl, "MAC transmission error\n");
1724
1725         if (unlikely(reason & B43_IRQ_PHY_TXERR)) {
1726                 b43err(dev->wl, "PHY transmission error\n");
1727                 rmb();
1728                 if (unlikely(atomic_dec_and_test(&dev->phy.txerr_cnt))) {
1729                         atomic_set(&dev->phy.txerr_cnt,
1730                                    B43_PHY_TX_BADNESS_LIMIT);
1731                         b43err(dev->wl, "Too many PHY TX errors, "
1732                                         "restarting the controller\n");
1733                         b43_controller_restart(dev, "PHY TX errors");
1734                 }
1735         }
1736
1737         if (unlikely(merged_dma_reason & (B43_DMAIRQ_FATALMASK |
1738                                           B43_DMAIRQ_NONFATALMASK))) {
1739                 if (merged_dma_reason & B43_DMAIRQ_FATALMASK) {
1740                         b43err(dev->wl, "Fatal DMA error: "
1741                                "0x%08X, 0x%08X, 0x%08X, "
1742                                "0x%08X, 0x%08X, 0x%08X\n",
1743                                dma_reason[0], dma_reason[1],
1744                                dma_reason[2], dma_reason[3],
1745                                dma_reason[4], dma_reason[5]);
1746                         b43_controller_restart(dev, "DMA error");
1747                         mmiowb();
1748                         spin_unlock_irqrestore(&dev->wl->irq_lock, flags);
1749                         return;
1750                 }
1751                 if (merged_dma_reason & B43_DMAIRQ_NONFATALMASK) {
1752                         b43err(dev->wl, "DMA error: "
1753                                "0x%08X, 0x%08X, 0x%08X, "
1754                                "0x%08X, 0x%08X, 0x%08X\n",
1755                                dma_reason[0], dma_reason[1],
1756                                dma_reason[2], dma_reason[3],
1757                                dma_reason[4], dma_reason[5]);
1758                 }
1759         }
1760
1761         if (unlikely(reason & B43_IRQ_UCODE_DEBUG))
1762                 handle_irq_ucode_debug(dev);
1763         if (reason & B43_IRQ_TBTT_INDI)
1764                 handle_irq_tbtt_indication(dev);
1765         if (reason & B43_IRQ_ATIM_END)
1766                 handle_irq_atim_end(dev);
1767         if (reason & B43_IRQ_BEACON)
1768                 handle_irq_beacon(dev);
1769         if (reason & B43_IRQ_PMQ)
1770                 handle_irq_pmq(dev);
1771         if (reason & B43_IRQ_TXFIFO_FLUSH_OK)
1772                 ;/* TODO */
1773         if (reason & B43_IRQ_NOISESAMPLE_OK)
1774                 handle_irq_noise(dev);
1775
1776         /* Check the DMA reason registers for received data. */
1777         if (dma_reason[0] & B43_DMAIRQ_RX_DONE) {
1778                 if (b43_using_pio_transfers(dev))
1779                         b43_pio_rx(dev->pio.rx_queue);
1780                 else
1781                         b43_dma_rx(dev->dma.rx_ring);
1782         }
1783         B43_WARN_ON(dma_reason[1] & B43_DMAIRQ_RX_DONE);
1784         B43_WARN_ON(dma_reason[2] & B43_DMAIRQ_RX_DONE);
1785         B43_WARN_ON(dma_reason[3] & B43_DMAIRQ_RX_DONE);
1786         B43_WARN_ON(dma_reason[4] & B43_DMAIRQ_RX_DONE);
1787         B43_WARN_ON(dma_reason[5] & B43_DMAIRQ_RX_DONE);
1788
1789         if (reason & B43_IRQ_TX_OK)
1790                 handle_irq_transmit_status(dev);
1791
1792         b43_interrupt_enable(dev, dev->irq_savedstate);
1793         mmiowb();
1794         spin_unlock_irqrestore(&dev->wl->irq_lock, flags);
1795 }
1796
1797 static void b43_interrupt_ack(struct b43_wldev *dev, u32 reason)
1798 {
1799         b43_write32(dev, B43_MMIO_GEN_IRQ_REASON, reason);
1800
1801         b43_write32(dev, B43_MMIO_DMA0_REASON, dev->dma_reason[0]);
1802         b43_write32(dev, B43_MMIO_DMA1_REASON, dev->dma_reason[1]);
1803         b43_write32(dev, B43_MMIO_DMA2_REASON, dev->dma_reason[2]);
1804         b43_write32(dev, B43_MMIO_DMA3_REASON, dev->dma_reason[3]);
1805         b43_write32(dev, B43_MMIO_DMA4_REASON, dev->dma_reason[4]);
1806         b43_write32(dev, B43_MMIO_DMA5_REASON, dev->dma_reason[5]);
1807 }
1808
1809 /* Interrupt handler top-half */
1810 static irqreturn_t b43_interrupt_handler(int irq, void *dev_id)
1811 {
1812         irqreturn_t ret = IRQ_NONE;
1813         struct b43_wldev *dev = dev_id;
1814         u32 reason;
1815
1816         if (!dev)
1817                 return IRQ_NONE;
1818
1819         spin_lock(&dev->wl->irq_lock);
1820
1821         if (b43_status(dev) < B43_STAT_STARTED)
1822                 goto out;
1823         reason = b43_read32(dev, B43_MMIO_GEN_IRQ_REASON);
1824         if (reason == 0xffffffff)       /* shared IRQ */
1825                 goto out;
1826         ret = IRQ_HANDLED;
1827         reason &= b43_read32(dev, B43_MMIO_GEN_IRQ_MASK);
1828         if (!reason)
1829                 goto out;
1830
1831         dev->dma_reason[0] = b43_read32(dev, B43_MMIO_DMA0_REASON)
1832             & 0x0001DC00;
1833         dev->dma_reason[1] = b43_read32(dev, B43_MMIO_DMA1_REASON)
1834             & 0x0000DC00;
1835         dev->dma_reason[2] = b43_read32(dev, B43_MMIO_DMA2_REASON)
1836             & 0x0000DC00;
1837         dev->dma_reason[3] = b43_read32(dev, B43_MMIO_DMA3_REASON)
1838             & 0x0001DC00;
1839         dev->dma_reason[4] = b43_read32(dev, B43_MMIO_DMA4_REASON)
1840             & 0x0000DC00;
1841         dev->dma_reason[5] = b43_read32(dev, B43_MMIO_DMA5_REASON)
1842             & 0x0000DC00;
1843
1844         b43_interrupt_ack(dev, reason);
1845         /* disable all IRQs. They are enabled again in the bottom half. */
1846         dev->irq_savedstate = b43_interrupt_disable(dev, B43_IRQ_ALL);
1847         /* save the reason code and call our bottom half. */
1848         dev->irq_reason = reason;
1849         tasklet_schedule(&dev->isr_tasklet);
1850       out:
1851         mmiowb();
1852         spin_unlock(&dev->wl->irq_lock);
1853
1854         return ret;
1855 }
1856
1857 static void do_release_fw(struct b43_firmware_file *fw)
1858 {
1859         release_firmware(fw->data);
1860         fw->data = NULL;
1861         fw->filename = NULL;
1862 }
1863
1864 static void b43_release_firmware(struct b43_wldev *dev)
1865 {
1866         do_release_fw(&dev->fw.ucode);
1867         do_release_fw(&dev->fw.pcm);
1868         do_release_fw(&dev->fw.initvals);
1869         do_release_fw(&dev->fw.initvals_band);
1870 }
1871
1872 static void b43_print_fw_helptext(struct b43_wl *wl, bool error)
1873 {
1874         const char *text;
1875
1876         text = "You must go to "
1877                "http://linuxwireless.org/en/users/Drivers/b43#devicefirmware "
1878                "and download the latest firmware (version 4).\n";
1879         if (error)
1880                 b43err(wl, text);
1881         else
1882                 b43warn(wl, text);
1883 }
1884
1885 static int do_request_fw(struct b43_wldev *dev,
1886                          const char *name,
1887                          struct b43_firmware_file *fw)
1888 {
1889         char path[sizeof(modparam_fwpostfix) + 32];
1890         const struct firmware *blob;
1891         struct b43_fw_header *hdr;
1892         u32 size;
1893         int err;
1894
1895         if (!name) {
1896                 /* Don't fetch anything. Free possibly cached firmware. */
1897                 do_release_fw(fw);
1898                 return 0;
1899         }
1900         if (fw->filename) {
1901                 if (strcmp(fw->filename, name) == 0)
1902                         return 0; /* Already have this fw. */
1903                 /* Free the cached firmware first. */
1904                 do_release_fw(fw);
1905         }
1906
1907         snprintf(path, ARRAY_SIZE(path),
1908                  "b43%s/%s.fw",
1909                  modparam_fwpostfix, name);
1910         err = request_firmware(&blob, path, dev->dev->dev);
1911         if (err) {
1912                 b43err(dev->wl, "Firmware file \"%s\" not found "
1913                        "or load failed.\n", path);
1914                 return err;
1915         }
1916         if (blob->size < sizeof(struct b43_fw_header))
1917                 goto err_format;
1918         hdr = (struct b43_fw_header *)(blob->data);
1919         switch (hdr->type) {
1920         case B43_FW_TYPE_UCODE:
1921         case B43_FW_TYPE_PCM:
1922                 size = be32_to_cpu(hdr->size);
1923                 if (size != blob->size - sizeof(struct b43_fw_header))
1924                         goto err_format;
1925                 /* fallthrough */
1926         case B43_FW_TYPE_IV:
1927                 if (hdr->ver != 1)
1928                         goto err_format;
1929                 break;
1930         default:
1931                 goto err_format;
1932         }
1933
1934         fw->data = blob;
1935         fw->filename = name;
1936
1937         return 0;
1938
1939 err_format:
1940         b43err(dev->wl, "Firmware file \"%s\" format error.\n", path);
1941         release_firmware(blob);
1942
1943         return -EPROTO;
1944 }
1945
1946 static int b43_request_firmware(struct b43_wldev *dev)
1947 {
1948         struct b43_firmware *fw = &dev->fw;
1949         const u8 rev = dev->dev->id.revision;
1950         const char *filename;
1951         u32 tmshigh;
1952         int err;
1953
1954         /* Get microcode */
1955         tmshigh = ssb_read32(dev->dev, SSB_TMSHIGH);
1956         if ((rev >= 5) && (rev <= 10))
1957                 filename = "ucode5";
1958         else if ((rev >= 11) && (rev <= 12))
1959                 filename = "ucode11";
1960         else if (rev >= 13)
1961                 filename = "ucode13";
1962         else
1963                 goto err_no_ucode;
1964         err = do_request_fw(dev, filename, &fw->ucode);
1965         if (err)
1966                 goto err_load;
1967
1968         /* Get PCM code */
1969         if ((rev >= 5) && (rev <= 10))
1970                 filename = "pcm5";
1971         else if (rev >= 11)
1972                 filename = NULL;
1973         else
1974                 goto err_no_pcm;
1975         err = do_request_fw(dev, filename, &fw->pcm);
1976         if (err)
1977                 goto err_load;
1978
1979         /* Get initvals */
1980         switch (dev->phy.type) {
1981         case B43_PHYTYPE_A:
1982                 if ((rev >= 5) && (rev <= 10)) {
1983                         if (tmshigh & B43_TMSHIGH_HAVE_2GHZ_PHY)
1984                                 filename = "a0g1initvals5";
1985                         else
1986                                 filename = "a0g0initvals5";
1987                 } else
1988                         goto err_no_initvals;
1989                 break;
1990         case B43_PHYTYPE_G:
1991                 if ((rev >= 5) && (rev <= 10))
1992                         filename = "b0g0initvals5";
1993                 else if (rev >= 13)
1994                         filename = "lp0initvals13";
1995                 else
1996                         goto err_no_initvals;
1997                 break;
1998         case B43_PHYTYPE_N:
1999                 if ((rev >= 11) && (rev <= 12))
2000                         filename = "n0initvals11";
2001                 else
2002                         goto err_no_initvals;
2003                 break;
2004         default:
2005                 goto err_no_initvals;
2006         }
2007         err = do_request_fw(dev, filename, &fw->initvals);
2008         if (err)
2009                 goto err_load;
2010
2011         /* Get bandswitch initvals */
2012         switch (dev->phy.type) {
2013         case B43_PHYTYPE_A:
2014                 if ((rev >= 5) && (rev <= 10)) {
2015                         if (tmshigh & B43_TMSHIGH_HAVE_2GHZ_PHY)
2016                                 filename = "a0g1bsinitvals5";
2017                         else
2018                                 filename = "a0g0bsinitvals5";
2019                 } else if (rev >= 11)
2020                         filename = NULL;
2021                 else
2022                         goto err_no_initvals;
2023                 break;
2024         case B43_PHYTYPE_G:
2025                 if ((rev >= 5) && (rev <= 10))
2026                         filename = "b0g0bsinitvals5";
2027                 else if (rev >= 11)
2028                         filename = NULL;
2029                 else
2030                         goto err_no_initvals;
2031                 break;
2032         case B43_PHYTYPE_N:
2033                 if ((rev >= 11) && (rev <= 12))
2034                         filename = "n0bsinitvals11";
2035                 else
2036                         goto err_no_initvals;
2037                 break;
2038         default:
2039                 goto err_no_initvals;
2040         }
2041         err = do_request_fw(dev, filename, &fw->initvals_band);
2042         if (err)
2043                 goto err_load;
2044
2045         return 0;
2046
2047 err_load:
2048         b43_print_fw_helptext(dev->wl, 1);
2049         goto error;
2050
2051 err_no_ucode:
2052         err = -ENODEV;
2053         b43err(dev->wl, "No microcode available for core rev %u\n", rev);
2054         goto error;
2055
2056 err_no_pcm:
2057         err = -ENODEV;
2058         b43err(dev->wl, "No PCM available for core rev %u\n", rev);
2059         goto error;
2060
2061 err_no_initvals:
2062         err = -ENODEV;
2063         b43err(dev->wl, "No Initial Values firmware file for PHY %u, "
2064                "core rev %u\n", dev->phy.type, rev);
2065         goto error;
2066
2067 error:
2068         b43_release_firmware(dev);
2069         return err;
2070 }
2071
2072 static int b43_upload_microcode(struct b43_wldev *dev)
2073 {
2074         const size_t hdr_len = sizeof(struct b43_fw_header);
2075         const __be32 *data;
2076         unsigned int i, len;
2077         u16 fwrev, fwpatch, fwdate, fwtime;
2078         u32 tmp, macctl;
2079         int err = 0;
2080
2081         /* Jump the microcode PSM to offset 0 */
2082         macctl = b43_read32(dev, B43_MMIO_MACCTL);
2083         B43_WARN_ON(macctl & B43_MACCTL_PSM_RUN);
2084         macctl |= B43_MACCTL_PSM_JMP0;
2085         b43_write32(dev, B43_MMIO_MACCTL, macctl);
2086         /* Zero out all microcode PSM registers and shared memory. */
2087         for (i = 0; i < 64; i++)
2088                 b43_shm_write16(dev, B43_SHM_SCRATCH, i, 0);
2089         for (i = 0; i < 4096; i += 2)
2090                 b43_shm_write16(dev, B43_SHM_SHARED, i, 0);
2091
2092         /* Upload Microcode. */
2093         data = (__be32 *) (dev->fw.ucode.data->data + hdr_len);
2094         len = (dev->fw.ucode.data->size - hdr_len) / sizeof(__be32);
2095         b43_shm_control_word(dev, B43_SHM_UCODE | B43_SHM_AUTOINC_W, 0x0000);
2096         for (i = 0; i < len; i++) {
2097                 b43_write32(dev, B43_MMIO_SHM_DATA, be32_to_cpu(data[i]));
2098                 udelay(10);
2099         }
2100
2101         if (dev->fw.pcm.data) {
2102                 /* Upload PCM data. */
2103                 data = (__be32 *) (dev->fw.pcm.data->data + hdr_len);
2104                 len = (dev->fw.pcm.data->size - hdr_len) / sizeof(__be32);
2105                 b43_shm_control_word(dev, B43_SHM_HW, 0x01EA);
2106                 b43_write32(dev, B43_MMIO_SHM_DATA, 0x00004000);
2107                 /* No need for autoinc bit in SHM_HW */
2108                 b43_shm_control_word(dev, B43_SHM_HW, 0x01EB);
2109                 for (i = 0; i < len; i++) {
2110                         b43_write32(dev, B43_MMIO_SHM_DATA, be32_to_cpu(data[i]));
2111                         udelay(10);
2112                 }
2113         }
2114
2115         b43_write32(dev, B43_MMIO_GEN_IRQ_REASON, B43_IRQ_ALL);
2116
2117         /* Start the microcode PSM */
2118         macctl = b43_read32(dev, B43_MMIO_MACCTL);
2119         macctl &= ~B43_MACCTL_PSM_JMP0;
2120         macctl |= B43_MACCTL_PSM_RUN;
2121         b43_write32(dev, B43_MMIO_MACCTL, macctl);
2122
2123         /* Wait for the microcode to load and respond */
2124         i = 0;
2125         while (1) {
2126                 tmp = b43_read32(dev, B43_MMIO_GEN_IRQ_REASON);
2127                 if (tmp == B43_IRQ_MAC_SUSPENDED)
2128                         break;
2129                 i++;
2130                 if (i >= 20) {
2131                         b43err(dev->wl, "Microcode not responding\n");
2132                         b43_print_fw_helptext(dev->wl, 1);
2133                         err = -ENODEV;
2134                         goto error;
2135                 }
2136                 msleep_interruptible(50);
2137                 if (signal_pending(current)) {
2138                         err = -EINTR;
2139                         goto error;
2140                 }
2141         }
2142         b43_read32(dev, B43_MMIO_GEN_IRQ_REASON);       /* dummy read */
2143
2144         /* Get and check the revisions. */
2145         fwrev = b43_shm_read16(dev, B43_SHM_SHARED, B43_SHM_SH_UCODEREV);
2146         fwpatch = b43_shm_read16(dev, B43_SHM_SHARED, B43_SHM_SH_UCODEPATCH);
2147         fwdate = b43_shm_read16(dev, B43_SHM_SHARED, B43_SHM_SH_UCODEDATE);
2148         fwtime = b43_shm_read16(dev, B43_SHM_SHARED, B43_SHM_SH_UCODETIME);
2149
2150         if (fwrev <= 0x128) {
2151                 b43err(dev->wl, "YOUR FIRMWARE IS TOO OLD. Firmware from "
2152                        "binary drivers older than version 4.x is unsupported. "
2153                        "You must upgrade your firmware files.\n");
2154                 b43_print_fw_helptext(dev->wl, 1);
2155                 err = -EOPNOTSUPP;
2156                 goto error;
2157         }
2158         b43info(dev->wl, "Loading firmware version %u.%u "
2159                 "(20%.2i-%.2i-%.2i %.2i:%.2i:%.2i)\n",
2160                 fwrev, fwpatch,
2161                 (fwdate >> 12) & 0xF, (fwdate >> 8) & 0xF, fwdate & 0xFF,
2162                 (fwtime >> 11) & 0x1F, (fwtime >> 5) & 0x3F, fwtime & 0x1F);
2163
2164         dev->fw.rev = fwrev;
2165         dev->fw.patch = fwpatch;
2166
2167         if (b43_is_old_txhdr_format(dev)) {
2168                 b43warn(dev->wl, "You are using an old firmware image. "
2169                         "Support for old firmware will be removed in July 2008.\n");
2170                 b43_print_fw_helptext(dev->wl, 0);
2171         }
2172
2173         return 0;
2174
2175 error:
2176         macctl = b43_read32(dev, B43_MMIO_MACCTL);
2177         macctl &= ~B43_MACCTL_PSM_RUN;
2178         macctl |= B43_MACCTL_PSM_JMP0;
2179         b43_write32(dev, B43_MMIO_MACCTL, macctl);
2180
2181         return err;
2182 }
2183
2184 static int b43_write_initvals(struct b43_wldev *dev,
2185                               const struct b43_iv *ivals,
2186                               size_t count,
2187                               size_t array_size)
2188 {
2189         const struct b43_iv *iv;
2190         u16 offset;
2191         size_t i;
2192         bool bit32;
2193
2194         BUILD_BUG_ON(sizeof(struct b43_iv) != 6);
2195         iv = ivals;
2196         for (i = 0; i < count; i++) {
2197                 if (array_size < sizeof(iv->offset_size))
2198                         goto err_format;
2199                 array_size -= sizeof(iv->offset_size);
2200                 offset = be16_to_cpu(iv->offset_size);
2201                 bit32 = !!(offset & B43_IV_32BIT);
2202                 offset &= B43_IV_OFFSET_MASK;
2203                 if (offset >= 0x1000)
2204                         goto err_format;
2205                 if (bit32) {
2206                         u32 value;
2207
2208                         if (array_size < sizeof(iv->data.d32))
2209                                 goto err_format;
2210                         array_size -= sizeof(iv->data.d32);
2211
2212                         value = get_unaligned_be32(&iv->data.d32);
2213                         b43_write32(dev, offset, value);
2214
2215                         iv = (const struct b43_iv *)((const uint8_t *)iv +
2216                                                         sizeof(__be16) +
2217                                                         sizeof(__be32));
2218                 } else {
2219                         u16 value;
2220
2221                         if (array_size < sizeof(iv->data.d16))
2222                                 goto err_format;
2223                         array_size -= sizeof(iv->data.d16);
2224
2225                         value = be16_to_cpu(iv->data.d16);
2226                         b43_write16(dev, offset, value);
2227
2228                         iv = (const struct b43_iv *)((const uint8_t *)iv +
2229                                                         sizeof(__be16) +
2230                                                         sizeof(__be16));
2231                 }
2232         }
2233         if (array_size)
2234                 goto err_format;
2235
2236         return 0;
2237
2238 err_format:
2239         b43err(dev->wl, "Initial Values Firmware file-format error.\n");
2240         b43_print_fw_helptext(dev->wl, 1);
2241
2242         return -EPROTO;
2243 }
2244
2245 static int b43_upload_initvals(struct b43_wldev *dev)
2246 {
2247         const size_t hdr_len = sizeof(struct b43_fw_header);
2248         const struct b43_fw_header *hdr;
2249         struct b43_firmware *fw = &dev->fw;
2250         const struct b43_iv *ivals;
2251         size_t count;
2252         int err;
2253
2254         hdr = (const struct b43_fw_header *)(fw->initvals.data->data);
2255         ivals = (const struct b43_iv *)(fw->initvals.data->data + hdr_len);
2256         count = be32_to_cpu(hdr->size);
2257         err = b43_write_initvals(dev, ivals, count,
2258                                  fw->initvals.data->size - hdr_len);
2259         if (err)
2260                 goto out;
2261         if (fw->initvals_band.data) {
2262                 hdr = (const struct b43_fw_header *)(fw->initvals_band.data->data);
2263                 ivals = (const struct b43_iv *)(fw->initvals_band.data->data + hdr_len);
2264                 count = be32_to_cpu(hdr->size);
2265                 err = b43_write_initvals(dev, ivals, count,
2266                                          fw->initvals_band.data->size - hdr_len);
2267                 if (err)
2268                         goto out;
2269         }
2270 out:
2271
2272         return err;
2273 }
2274
2275 /* Initialize the GPIOs
2276  * http://bcm-specs.sipsolutions.net/GPIO
2277  */
2278 static int b43_gpio_init(struct b43_wldev *dev)
2279 {
2280         struct ssb_bus *bus = dev->dev->bus;
2281         struct ssb_device *gpiodev, *pcidev = NULL;
2282         u32 mask, set;
2283
2284         b43_write32(dev, B43_MMIO_MACCTL, b43_read32(dev, B43_MMIO_MACCTL)
2285                     & ~B43_MACCTL_GPOUTSMSK);
2286
2287         b43_write16(dev, B43_MMIO_GPIO_MASK, b43_read16(dev, B43_MMIO_GPIO_MASK)
2288                     | 0x000F);
2289
2290         mask = 0x0000001F;
2291         set = 0x0000000F;
2292         if (dev->dev->bus->chip_id == 0x4301) {
2293                 mask |= 0x0060;
2294                 set |= 0x0060;
2295         }
2296         if (0 /* FIXME: conditional unknown */ ) {
2297                 b43_write16(dev, B43_MMIO_GPIO_MASK,
2298                             b43_read16(dev, B43_MMIO_GPIO_MASK)
2299                             | 0x0100);
2300                 mask |= 0x0180;
2301                 set |= 0x0180;
2302         }
2303         if (dev->dev->bus->sprom.boardflags_lo & B43_BFL_PACTRL) {
2304                 b43_write16(dev, B43_MMIO_GPIO_MASK,
2305                             b43_read16(dev, B43_MMIO_GPIO_MASK)
2306                             | 0x0200);
2307                 mask |= 0x0200;
2308                 set |= 0x0200;
2309         }
2310         if (dev->dev->id.revision >= 2)
2311                 mask |= 0x0010; /* FIXME: This is redundant. */
2312
2313 #ifdef CONFIG_SSB_DRIVER_PCICORE
2314         pcidev = bus->pcicore.dev;
2315 #endif
2316         gpiodev = bus->chipco.dev ? : pcidev;
2317         if (!gpiodev)
2318                 return 0;
2319         ssb_write32(gpiodev, B43_GPIO_CONTROL,
2320                     (ssb_read32(gpiodev, B43_GPIO_CONTROL)
2321                      & mask) | set);
2322
2323         return 0;
2324 }
2325
2326 /* Turn off all GPIO stuff. Call this on module unload, for example. */
2327 static void b43_gpio_cleanup(struct b43_wldev *dev)
2328 {
2329         struct ssb_bus *bus = dev->dev->bus;
2330         struct ssb_device *gpiodev, *pcidev = NULL;
2331
2332 #ifdef CONFIG_SSB_DRIVER_PCICORE
2333         pcidev = bus->pcicore.dev;
2334 #endif
2335         gpiodev = bus->chipco.dev ? : pcidev;
2336         if (!gpiodev)
2337                 return;
2338         ssb_write32(gpiodev, B43_GPIO_CONTROL, 0);
2339 }
2340
2341 /* http://bcm-specs.sipsolutions.net/EnableMac */
2342 static void b43_mac_enable(struct b43_wldev *dev)
2343 {
2344         dev->mac_suspended--;
2345         B43_WARN_ON(dev->mac_suspended < 0);
2346         if (dev->mac_suspended == 0) {
2347                 b43_write32(dev, B43_MMIO_MACCTL,
2348                             b43_read32(dev, B43_MMIO_MACCTL)
2349                             | B43_MACCTL_ENABLED);
2350                 b43_write32(dev, B43_MMIO_GEN_IRQ_REASON,
2351                             B43_IRQ_MAC_SUSPENDED);
2352                 /* Commit writes */
2353                 b43_read32(dev, B43_MMIO_MACCTL);
2354                 b43_read32(dev, B43_MMIO_GEN_IRQ_REASON);
2355                 b43_power_saving_ctl_bits(dev, 0);
2356
2357                 /* Re-enable IRQs. */
2358                 spin_lock_irq(&dev->wl->irq_lock);
2359                 b43_interrupt_enable(dev, dev->irq_savedstate);
2360                 spin_unlock_irq(&dev->wl->irq_lock);
2361         }
2362 }
2363
2364 /* http://bcm-specs.sipsolutions.net/SuspendMAC */
2365 static void b43_mac_suspend(struct b43_wldev *dev)
2366 {
2367         int i;
2368         u32 tmp;
2369
2370         might_sleep();
2371         B43_WARN_ON(dev->mac_suspended < 0);
2372
2373         if (dev->mac_suspended == 0) {
2374                 /* Mask IRQs before suspending MAC. Otherwise
2375                  * the MAC stays busy and won't suspend. */
2376                 spin_lock_irq(&dev->wl->irq_lock);
2377                 tmp = b43_interrupt_disable(dev, B43_IRQ_ALL);
2378                 spin_unlock_irq(&dev->wl->irq_lock);
2379                 b43_synchronize_irq(dev);
2380                 dev->irq_savedstate = tmp;
2381
2382                 b43_power_saving_ctl_bits(dev, B43_PS_AWAKE);
2383                 b43_write32(dev, B43_MMIO_MACCTL,
2384                             b43_read32(dev, B43_MMIO_MACCTL)
2385                             & ~B43_MACCTL_ENABLED);
2386                 /* force pci to flush the write */
2387                 b43_read32(dev, B43_MMIO_MACCTL);
2388                 for (i = 35; i; i--) {
2389                         tmp = b43_read32(dev, B43_MMIO_GEN_IRQ_REASON);
2390                         if (tmp & B43_IRQ_MAC_SUSPENDED)
2391                                 goto out;
2392                         udelay(10);
2393                 }
2394                 /* Hm, it seems this will take some time. Use msleep(). */
2395                 for (i = 40; i; i--) {
2396                         tmp = b43_read32(dev, B43_MMIO_GEN_IRQ_REASON);
2397                         if (tmp & B43_IRQ_MAC_SUSPENDED)
2398                                 goto out;
2399                         msleep(1);
2400                 }
2401                 b43err(dev->wl, "MAC suspend failed\n");
2402         }
2403 out:
2404         dev->mac_suspended++;
2405 }
2406
2407 static void b43_adjust_opmode(struct b43_wldev *dev)
2408 {
2409         struct b43_wl *wl = dev->wl;
2410         u32 ctl;
2411         u16 cfp_pretbtt;
2412
2413         ctl = b43_read32(dev, B43_MMIO_MACCTL);
2414         /* Reset status to STA infrastructure mode. */
2415         ctl &= ~B43_MACCTL_AP;
2416         ctl &= ~B43_MACCTL_KEEP_CTL;
2417         ctl &= ~B43_MACCTL_KEEP_BADPLCP;
2418         ctl &= ~B43_MACCTL_KEEP_BAD;
2419         ctl &= ~B43_MACCTL_PROMISC;
2420         ctl &= ~B43_MACCTL_BEACPROMISC;
2421         ctl |= B43_MACCTL_INFRA;
2422
2423         if (b43_is_mode(wl, IEEE80211_IF_TYPE_AP))
2424                 ctl |= B43_MACCTL_AP;
2425         else if (b43_is_mode(wl, IEEE80211_IF_TYPE_IBSS))
2426                 ctl &= ~B43_MACCTL_INFRA;
2427
2428         if (wl->filter_flags & FIF_CONTROL)
2429                 ctl |= B43_MACCTL_KEEP_CTL;
2430         if (wl->filter_flags & FIF_FCSFAIL)
2431                 ctl |= B43_MACCTL_KEEP_BAD;
2432         if (wl->filter_flags & FIF_PLCPFAIL)
2433                 ctl |= B43_MACCTL_KEEP_BADPLCP;
2434         if (wl->filter_flags & FIF_PROMISC_IN_BSS)
2435                 ctl |= B43_MACCTL_PROMISC;
2436         if (wl->filter_flags & FIF_BCN_PRBRESP_PROMISC)
2437                 ctl |= B43_MACCTL_BEACPROMISC;
2438
2439         /* Workaround: On old hardware the HW-MAC-address-filter
2440          * doesn't work properly, so always run promisc in filter
2441          * it in software. */
2442         if (dev->dev->id.revision <= 4)
2443                 ctl |= B43_MACCTL_PROMISC;
2444
2445         b43_write32(dev, B43_MMIO_MACCTL, ctl);
2446
2447         cfp_pretbtt = 2;
2448         if ((ctl & B43_MACCTL_INFRA) && !(ctl & B43_MACCTL_AP)) {
2449                 if (dev->dev->bus->chip_id == 0x4306 &&
2450                     dev->dev->bus->chip_rev == 3)
2451                         cfp_pretbtt = 100;
2452                 else
2453                         cfp_pretbtt = 50;
2454         }
2455         b43_write16(dev, 0x612, cfp_pretbtt);
2456 }
2457
2458 static void b43_rate_memory_write(struct b43_wldev *dev, u16 rate, int is_ofdm)
2459 {
2460         u16 offset;
2461
2462         if (is_ofdm) {
2463                 offset = 0x480;
2464                 offset += (b43_plcp_get_ratecode_ofdm(rate) & 0x000F) * 2;
2465         } else {
2466                 offset = 0x4C0;
2467                 offset += (b43_plcp_get_ratecode_cck(rate) & 0x000F) * 2;
2468         }
2469         b43_shm_write16(dev, B43_SHM_SHARED, offset + 0x20,
2470                         b43_shm_read16(dev, B43_SHM_SHARED, offset));
2471 }
2472
2473 static void b43_rate_memory_init(struct b43_wldev *dev)
2474 {
2475         switch (dev->phy.type) {
2476         case B43_PHYTYPE_A:
2477         case B43_PHYTYPE_G:
2478         case B43_PHYTYPE_N:
2479                 b43_rate_memory_write(dev, B43_OFDM_RATE_6MB, 1);
2480                 b43_rate_memory_write(dev, B43_OFDM_RATE_12MB, 1);
2481                 b43_rate_memory_write(dev, B43_OFDM_RATE_18MB, 1);
2482                 b43_rate_memory_write(dev, B43_OFDM_RATE_24MB, 1);
2483                 b43_rate_memory_write(dev, B43_OFDM_RATE_36MB, 1);
2484                 b43_rate_memory_write(dev, B43_OFDM_RATE_48MB, 1);
2485                 b43_rate_memory_write(dev, B43_OFDM_RATE_54MB, 1);
2486                 if (dev->phy.type == B43_PHYTYPE_A)
2487                         break;
2488                 /* fallthrough */
2489         case B43_PHYTYPE_B:
2490                 b43_rate_memory_write(dev, B43_CCK_RATE_1MB, 0);
2491                 b43_rate_memory_write(dev, B43_CCK_RATE_2MB, 0);
2492                 b43_rate_memory_write(dev, B43_CCK_RATE_5MB, 0);
2493                 b43_rate_memory_write(dev, B43_CCK_RATE_11MB, 0);
2494                 break;
2495         default:
2496                 B43_WARN_ON(1);
2497         }
2498 }
2499
2500 /* Set the default values for the PHY TX Control Words. */
2501 static void b43_set_phytxctl_defaults(struct b43_wldev *dev)
2502 {
2503         u16 ctl = 0;
2504
2505         ctl |= B43_TXH_PHY_ENC_CCK;
2506         ctl |= B43_TXH_PHY_ANT01AUTO;
2507         ctl |= B43_TXH_PHY_TXPWR;
2508
2509         b43_shm_write16(dev, B43_SHM_SHARED, B43_SHM_SH_BEACPHYCTL, ctl);
2510         b43_shm_write16(dev, B43_SHM_SHARED, B43_SHM_SH_ACKCTSPHYCTL, ctl);
2511         b43_shm_write16(dev, B43_SHM_SHARED, B43_SHM_SH_PRPHYCTL, ctl);
2512 }
2513
2514 /* Set the TX-Antenna for management frames sent by firmware. */
2515 static void b43_mgmtframe_txantenna(struct b43_wldev *dev, int antenna)
2516 {
2517         u16 ant;
2518         u16 tmp;
2519
2520         ant = b43_antenna_to_phyctl(antenna);
2521
2522         /* For ACK/CTS */
2523         tmp = b43_shm_read16(dev, B43_SHM_SHARED, B43_SHM_SH_ACKCTSPHYCTL);
2524         tmp = (tmp & ~B43_TXH_PHY_ANT) | ant;
2525         b43_shm_write16(dev, B43_SHM_SHARED, B43_SHM_SH_ACKCTSPHYCTL, tmp);
2526         /* For Probe Resposes */
2527         tmp = b43_shm_read16(dev, B43_SHM_SHARED, B43_SHM_SH_PRPHYCTL);
2528         tmp = (tmp & ~B43_TXH_PHY_ANT) | ant;
2529         b43_shm_write16(dev, B43_SHM_SHARED, B43_SHM_SH_PRPHYCTL, tmp);
2530 }
2531
2532 /* This is the opposite of b43_chip_init() */
2533 static void b43_chip_exit(struct b43_wldev *dev)
2534 {
2535         b43_radio_turn_off(dev, 1);
2536         b43_gpio_cleanup(dev);
2537         /* firmware is released later */
2538 }
2539
2540 /* Initialize the chip
2541  * http://bcm-specs.sipsolutions.net/ChipInit
2542  */
2543 static int b43_chip_init(struct b43_wldev *dev)
2544 {
2545         struct b43_phy *phy = &dev->phy;
2546         int err, tmp;
2547         u32 value32, macctl;
2548         u16 value16;
2549
2550         /* Initialize the MAC control */
2551         macctl = B43_MACCTL_IHR_ENABLED | B43_MACCTL_SHM_ENABLED;
2552         if (dev->phy.gmode)
2553                 macctl |= B43_MACCTL_GMODE;
2554         macctl |= B43_MACCTL_INFRA;
2555         b43_write32(dev, B43_MMIO_MACCTL, macctl);
2556
2557         err = b43_request_firmware(dev);
2558         if (err)
2559                 goto out;
2560         err = b43_upload_microcode(dev);
2561         if (err)
2562                 goto out;       /* firmware is released later */
2563
2564         err = b43_gpio_init(dev);
2565         if (err)
2566                 goto out;       /* firmware is released later */
2567
2568         err = b43_upload_initvals(dev);
2569         if (err)
2570                 goto err_gpio_clean;
2571         b43_radio_turn_on(dev);
2572
2573         b43_write16(dev, 0x03E6, 0x0000);
2574         err = b43_phy_init(dev);
2575         if (err)
2576                 goto err_radio_off;
2577
2578         /* Select initial Interference Mitigation. */
2579         tmp = phy->interfmode;
2580         phy->interfmode = B43_INTERFMODE_NONE;
2581         b43_radio_set_interference_mitigation(dev, tmp);
2582
2583         b43_set_rx_antenna(dev, B43_ANTENNA_DEFAULT);
2584         b43_mgmtframe_txantenna(dev, B43_ANTENNA_DEFAULT);
2585
2586         if (phy->type == B43_PHYTYPE_B) {
2587                 value16 = b43_read16(dev, 0x005E);
2588                 value16 |= 0x0004;
2589                 b43_write16(dev, 0x005E, value16);
2590         }
2591         b43_write32(dev, 0x0100, 0x01000000);
2592         if (dev->dev->id.revision < 5)
2593                 b43_write32(dev, 0x010C, 0x01000000);
2594
2595         b43_write32(dev, B43_MMIO_MACCTL, b43_read32(dev, B43_MMIO_MACCTL)
2596                     & ~B43_MACCTL_INFRA);
2597         b43_write32(dev, B43_MMIO_MACCTL, b43_read32(dev, B43_MMIO_MACCTL)
2598                     | B43_MACCTL_INFRA);
2599
2600         /* Probe Response Timeout value */
2601         /* FIXME: Default to 0, has to be set by ioctl probably... :-/ */
2602         b43_shm_write16(dev, B43_SHM_SHARED, 0x0074, 0x0000);
2603
2604         /* Initially set the wireless operation mode. */
2605         b43_adjust_opmode(dev);
2606
2607         if (dev->dev->id.revision < 3) {
2608                 b43_write16(dev, 0x060E, 0x0000);
2609                 b43_write16(dev, 0x0610, 0x8000);
2610                 b43_write16(dev, 0x0604, 0x0000);
2611                 b43_write16(dev, 0x0606, 0x0200);
2612         } else {
2613                 b43_write32(dev, 0x0188, 0x80000000);
2614                 b43_write32(dev, 0x018C, 0x02000000);
2615         }
2616         b43_write32(dev, B43_MMIO_GEN_IRQ_REASON, 0x00004000);
2617         b43_write32(dev, B43_MMIO_DMA0_IRQ_MASK, 0x0001DC00);
2618         b43_write32(dev, B43_MMIO_DMA1_IRQ_MASK, 0x0000DC00);
2619         b43_write32(dev, B43_MMIO_DMA2_IRQ_MASK, 0x0000DC00);
2620         b43_write32(dev, B43_MMIO_DMA3_IRQ_MASK, 0x0001DC00);
2621         b43_write32(dev, B43_MMIO_DMA4_IRQ_MASK, 0x0000DC00);
2622         b43_write32(dev, B43_MMIO_DMA5_IRQ_MASK, 0x0000DC00);
2623
2624         value32 = ssb_read32(dev->dev, SSB_TMSLOW);
2625         value32 |= 0x00100000;
2626         ssb_write32(dev->dev, SSB_TMSLOW, value32);
2627
2628         b43_write16(dev, B43_MMIO_POWERUP_DELAY,
2629                     dev->dev->bus->chipco.fast_pwrup_delay);
2630
2631         err = 0;
2632         b43dbg(dev->wl, "Chip initialized\n");
2633 out:
2634         return err;
2635
2636 err_radio_off:
2637         b43_radio_turn_off(dev, 1);
2638 err_gpio_clean:
2639         b43_gpio_cleanup(dev);
2640         return err;
2641 }
2642
2643 static void b43_periodic_every120sec(struct b43_wldev *dev)
2644 {
2645         struct b43_phy *phy = &dev->phy;
2646
2647         if (phy->type != B43_PHYTYPE_G || phy->rev < 2)
2648                 return;
2649
2650         b43_mac_suspend(dev);
2651         b43_lo_g_measure(dev);
2652         b43_mac_enable(dev);
2653         if (b43_has_hardware_pctl(phy))
2654                 b43_lo_g_ctl_mark_all_unused(dev);
2655 }
2656
2657 static void b43_periodic_every60sec(struct b43_wldev *dev)
2658 {
2659         struct b43_phy *phy = &dev->phy;
2660
2661         if (phy->type != B43_PHYTYPE_G)
2662                 return;
2663         if (!b43_has_hardware_pctl(phy))
2664                 b43_lo_g_ctl_mark_all_unused(dev);
2665         if (dev->dev->bus->sprom.boardflags_lo & B43_BFL_RSSI) {
2666                 b43_mac_suspend(dev);
2667                 b43_calc_nrssi_slope(dev);
2668                 if ((phy->radio_ver == 0x2050) && (phy->radio_rev == 8)) {
2669                         u8 old_chan = phy->channel;
2670
2671                         /* VCO Calibration */
2672                         if (old_chan >= 8)
2673                                 b43_radio_selectchannel(dev, 1, 0);
2674                         else
2675                                 b43_radio_selectchannel(dev, 13, 0);
2676                         b43_radio_selectchannel(dev, old_chan, 0);
2677                 }
2678                 b43_mac_enable(dev);
2679         }
2680 }
2681
2682 static void b43_periodic_every30sec(struct b43_wldev *dev)
2683 {
2684         /* Update device statistics. */
2685         b43_calculate_link_quality(dev);
2686 }
2687
2688 static void b43_periodic_every15sec(struct b43_wldev *dev)
2689 {
2690         struct b43_phy *phy = &dev->phy;
2691
2692         if (phy->type == B43_PHYTYPE_G) {
2693                 //TODO: update_aci_moving_average
2694                 if (phy->aci_enable && phy->aci_wlan_automatic) {
2695                         b43_mac_suspend(dev);
2696                         if (!phy->aci_enable && 1 /*TODO: not scanning? */ ) {
2697                                 if (0 /*TODO: bunch of conditions */ ) {
2698                                         b43_radio_set_interference_mitigation
2699                                             (dev, B43_INTERFMODE_MANUALWLAN);
2700                                 }
2701                         } else if (1 /*TODO*/) {
2702                                 /*
2703                                    if ((aci_average > 1000) && !(b43_radio_aci_scan(dev))) {
2704                                    b43_radio_set_interference_mitigation(dev,
2705                                    B43_INTERFMODE_NONE);
2706                                    }
2707                                  */
2708                         }
2709                         b43_mac_enable(dev);
2710                 } else if (phy->interfmode == B43_INTERFMODE_NONWLAN &&
2711                            phy->rev == 1) {
2712                         //TODO: implement rev1 workaround
2713                 }
2714         }
2715         b43_phy_xmitpower(dev); //FIXME: unless scanning?
2716         //TODO for APHY (temperature?)
2717
2718         atomic_set(&phy->txerr_cnt, B43_PHY_TX_BADNESS_LIMIT);
2719         wmb();
2720 }
2721
2722 static void do_periodic_work(struct b43_wldev *dev)
2723 {
2724         unsigned int state;
2725
2726         state = dev->periodic_state;
2727         if (state % 8 == 0)
2728                 b43_periodic_every120sec(dev);
2729         if (state % 4 == 0)
2730                 b43_periodic_every60sec(dev);
2731         if (state % 2 == 0)
2732                 b43_periodic_every30sec(dev);
2733         b43_periodic_every15sec(dev);
2734 }
2735
2736 /* Periodic work locking policy:
2737  *      The whole periodic work handler is protected by
2738  *      wl->mutex. If another lock is needed somewhere in the
2739  *      pwork callchain, it's aquired in-place, where it's needed.
2740  */
2741 static void b43_periodic_work_handler(struct work_struct *work)
2742 {
2743         struct b43_wldev *dev = container_of(work, struct b43_wldev,
2744                                              periodic_work.work);
2745         struct b43_wl *wl = dev->wl;
2746         unsigned long delay;
2747
2748         mutex_lock(&wl->mutex);
2749
2750         if (unlikely(b43_status(dev) != B43_STAT_STARTED))
2751                 goto out;
2752         if (b43_debug(dev, B43_DBG_PWORK_STOP))
2753                 goto out_requeue;
2754
2755         do_periodic_work(dev);
2756
2757         dev->periodic_state++;
2758 out_requeue:
2759         if (b43_debug(dev, B43_DBG_PWORK_FAST))
2760                 delay = msecs_to_jiffies(50);
2761         else
2762                 delay = round_jiffies_relative(HZ * 15);
2763         queue_delayed_work(wl->hw->workqueue, &dev->periodic_work, delay);
2764 out:
2765         mutex_unlock(&wl->mutex);
2766 }
2767
2768 static void b43_periodic_tasks_setup(struct b43_wldev *dev)
2769 {
2770         struct delayed_work *work = &dev->periodic_work;
2771
2772         dev->periodic_state = 0;
2773         INIT_DELAYED_WORK(work, b43_periodic_work_handler);
2774         queue_delayed_work(dev->wl->hw->workqueue, work, 0);
2775 }
2776
2777 /* Check if communication with the device works correctly. */
2778 static int b43_validate_chipaccess(struct b43_wldev *dev)
2779 {
2780         u32 v, backup;
2781
2782         backup = b43_shm_read32(dev, B43_SHM_SHARED, 0);
2783
2784         /* Check for read/write and endianness problems. */
2785         b43_shm_write32(dev, B43_SHM_SHARED, 0, 0x55AAAA55);
2786         if (b43_shm_read32(dev, B43_SHM_SHARED, 0) != 0x55AAAA55)
2787                 goto error;
2788         b43_shm_write32(dev, B43_SHM_SHARED, 0, 0xAA5555AA);
2789         if (b43_shm_read32(dev, B43_SHM_SHARED, 0) != 0xAA5555AA)
2790                 goto error;
2791
2792         b43_shm_write32(dev, B43_SHM_SHARED, 0, backup);
2793
2794         if ((dev->dev->id.revision >= 3) && (dev->dev->id.revision <= 10)) {
2795                 /* The 32bit register shadows the two 16bit registers
2796                  * with update sideeffects. Validate this. */
2797                 b43_write16(dev, B43_MMIO_TSF_CFP_START, 0xAAAA);
2798                 b43_write32(dev, B43_MMIO_TSF_CFP_START, 0xCCCCBBBB);
2799                 if (b43_read16(dev, B43_MMIO_TSF_CFP_START_LOW) != 0xBBBB)
2800                         goto error;
2801                 if (b43_read16(dev, B43_MMIO_TSF_CFP_START_HIGH) != 0xCCCC)
2802                         goto error;
2803         }
2804         b43_write32(dev, B43_MMIO_TSF_CFP_START, 0);
2805
2806         v = b43_read32(dev, B43_MMIO_MACCTL);
2807         v |= B43_MACCTL_GMODE;
2808         if (v != (B43_MACCTL_GMODE | B43_MACCTL_IHR_ENABLED))
2809                 goto error;
2810
2811         return 0;
2812 error:
2813         b43err(dev->wl, "Failed to validate the chipaccess\n");
2814         return -ENODEV;
2815 }
2816
2817 static void b43_security_init(struct b43_wldev *dev)
2818 {
2819         dev->max_nr_keys = (dev->dev->id.revision >= 5) ? 58 : 20;
2820         B43_WARN_ON(dev->max_nr_keys > ARRAY_SIZE(dev->key));
2821         dev->ktp = b43_shm_read16(dev, B43_SHM_SHARED, B43_SHM_SH_KTP);
2822         /* KTP is a word address, but we address SHM bytewise.
2823          * So multiply by two.
2824          */
2825         dev->ktp *= 2;
2826         if (dev->dev->id.revision >= 5) {
2827                 /* Number of RCMTA address slots */
2828                 b43_write16(dev, B43_MMIO_RCMTA_COUNT, dev->max_nr_keys - 8);
2829         }
2830         b43_clear_keys(dev);
2831 }
2832
2833 static int b43_rng_read(struct hwrng *rng, u32 * data)
2834 {
2835         struct b43_wl *wl = (struct b43_wl *)rng->priv;
2836         unsigned long flags;
2837
2838         /* Don't take wl->mutex here, as it could deadlock with
2839          * hwrng internal locking. It's not needed to take
2840          * wl->mutex here, anyway. */
2841
2842         spin_lock_irqsave(&wl->irq_lock, flags);
2843         *data = b43_read16(wl->current_dev, B43_MMIO_RNG);
2844         spin_unlock_irqrestore(&wl->irq_lock, flags);
2845
2846         return (sizeof(u16));
2847 }
2848
2849 static void b43_rng_exit(struct b43_wl *wl)
2850 {
2851         if (wl->rng_initialized)
2852                 hwrng_unregister(&wl->rng);
2853 }
2854
2855 static int b43_rng_init(struct b43_wl *wl)
2856 {
2857         int err;
2858
2859         snprintf(wl->rng_name, ARRAY_SIZE(wl->rng_name),
2860                  "%s_%s", KBUILD_MODNAME, wiphy_name(wl->hw->wiphy));
2861         wl->rng.name = wl->rng_name;
2862         wl->rng.data_read = b43_rng_read;
2863         wl->rng.priv = (unsigned long)wl;
2864         wl->rng_initialized = 1;
2865         err = hwrng_register(&wl->rng);
2866         if (err) {
2867                 wl->rng_initialized = 0;
2868                 b43err(wl, "Failed to register the random "
2869                        "number generator (%d)\n", err);
2870         }
2871
2872         return err;
2873 }
2874
2875 static int b43_op_tx(struct ieee80211_hw *hw,
2876                      struct sk_buff *skb,
2877                      struct ieee80211_tx_control *ctl)
2878 {
2879         struct b43_wl *wl = hw_to_b43_wl(hw);
2880         struct b43_wldev *dev = wl->current_dev;
2881         unsigned long flags;
2882         int err;
2883
2884         if (unlikely(skb->len < 2 + 2 + 6)) {
2885                 /* Too short, this can't be a valid frame. */
2886                 goto drop_packet;
2887         }
2888         B43_WARN_ON(skb_shinfo(skb)->nr_frags);
2889         if (unlikely(!dev))
2890                 goto drop_packet;
2891
2892         /* Transmissions on seperate queues can run concurrently. */
2893         read_lock_irqsave(&wl->tx_lock, flags);
2894
2895         err = -ENODEV;
2896         if (likely(b43_status(dev) >= B43_STAT_STARTED)) {
2897                 if (b43_using_pio_transfers(dev))
2898                         err = b43_pio_tx(dev, skb, ctl);
2899                 else
2900                         err = b43_dma_tx(dev, skb, ctl);
2901         }
2902
2903         read_unlock_irqrestore(&wl->tx_lock, flags);
2904
2905         if (unlikely(err))
2906                 goto drop_packet;
2907         return NETDEV_TX_OK;
2908
2909 drop_packet:
2910         /* We can not transmit this packet. Drop it. */
2911         dev_kfree_skb_any(skb);
2912         return NETDEV_TX_OK;
2913 }
2914
2915 /* Locking: wl->irq_lock */
2916 static void b43_qos_params_upload(struct b43_wldev *dev,
2917                                   const struct ieee80211_tx_queue_params *p,
2918                                   u16 shm_offset)
2919 {
2920         u16 params[B43_NR_QOSPARAMS];
2921         int cw_min, cw_max, aifs, bslots, tmp;
2922         unsigned int i;
2923
2924         const u16 aCWmin = 0x0001;
2925         const u16 aCWmax = 0x03FF;
2926
2927         /* Calculate the default values for the parameters, if needed. */
2928         switch (shm_offset) {
2929         case B43_QOS_VOICE:
2930                 aifs = (p->aifs == -1) ? 2 : p->aifs;
2931                 cw_min = (p->cw_min == 0) ? ((aCWmin + 1) / 4 - 1) : p->cw_min;
2932                 cw_max = (p->cw_max == 0) ? ((aCWmin + 1) / 2 - 1) : p->cw_max;
2933                 break;
2934         case B43_QOS_VIDEO:
2935                 aifs = (p->aifs == -1) ? 2 : p->aifs;
2936                 cw_min = (p->cw_min == 0) ? ((aCWmin + 1) / 2 - 1) : p->cw_min;
2937                 cw_max = (p->cw_max == 0) ? aCWmin : p->cw_max;
2938                 break;
2939         case B43_QOS_BESTEFFORT:
2940                 aifs = (p->aifs == -1) ? 3 : p->aifs;
2941                 cw_min = (p->cw_min == 0) ? aCWmin : p->cw_min;
2942                 cw_max = (p->cw_max == 0) ? aCWmax : p->cw_max;
2943                 break;
2944         case B43_QOS_BACKGROUND:
2945                 aifs = (p->aifs == -1) ? 7 : p->aifs;
2946                 cw_min = (p->cw_min == 0) ? aCWmin : p->cw_min;
2947                 cw_max = (p->cw_max == 0) ? aCWmax : p->cw_max;
2948                 break;
2949         default:
2950                 B43_WARN_ON(1);
2951                 return;
2952         }
2953         if (cw_min <= 0)
2954                 cw_min = aCWmin;
2955         if (cw_max <= 0)
2956                 cw_max = aCWmin;
2957         bslots = b43_read16(dev, B43_MMIO_RNG) % cw_min;
2958
2959         memset(&params, 0, sizeof(params));
2960
2961         params[B43_QOSPARAM_TXOP] = p->txop * 32;
2962         params[B43_QOSPARAM_CWMIN] = cw_min;
2963         params[B43_QOSPARAM_CWMAX] = cw_max;
2964         params[B43_QOSPARAM_CWCUR] = cw_min;
2965         params[B43_QOSPARAM_AIFS] = aifs;
2966         params[B43_QOSPARAM_BSLOTS] = bslots;
2967         params[B43_QOSPARAM_REGGAP] = bslots + aifs;
2968
2969         for (i = 0; i < ARRAY_SIZE(params); i++) {
2970                 if (i == B43_QOSPARAM_STATUS) {
2971                         tmp = b43_shm_read16(dev, B43_SHM_SHARED,
2972                                              shm_offset + (i * 2));
2973                         /* Mark the parameters as updated. */
2974                         tmp |= 0x100;
2975                         b43_shm_write16(dev, B43_SHM_SHARED,
2976                                         shm_offset + (i * 2),
2977                                         tmp);
2978                 } else {
2979                         b43_shm_write16(dev, B43_SHM_SHARED,
2980                                         shm_offset + (i * 2),
2981                                         params[i]);
2982                 }
2983         }
2984 }
2985
2986 /* Update the QOS parameters in hardware. */
2987 static void b43_qos_update(struct b43_wldev *dev)
2988 {
2989         struct b43_wl *wl = dev->wl;
2990         struct b43_qos_params *params;
2991         unsigned long flags;
2992         unsigned int i;
2993
2994         /* Mapping of mac80211 queues to b43 SHM offsets. */
2995         static const u16 qos_shm_offsets[] = {
2996                 [0] = B43_QOS_VOICE,
2997                 [1] = B43_QOS_VIDEO,
2998                 [2] = B43_QOS_BESTEFFORT,
2999                 [3] = B43_QOS_BACKGROUND,
3000         };
3001         BUILD_BUG_ON(ARRAY_SIZE(qos_shm_offsets) != ARRAY_SIZE(wl->qos_params));
3002
3003         b43_mac_suspend(dev);
3004         spin_lock_irqsave(&wl->irq_lock, flags);
3005
3006         for (i = 0; i < ARRAY_SIZE(wl->qos_params); i++) {
3007                 params = &(wl->qos_params[i]);
3008                 if (params->need_hw_update) {
3009                         b43_qos_params_upload(dev, &(params->p),
3010                                               qos_shm_offsets[i]);
3011                         params->need_hw_update = 0;
3012                 }
3013         }
3014
3015         spin_unlock_irqrestore(&wl->irq_lock, flags);
3016         b43_mac_enable(dev);
3017 }
3018
3019 static void b43_qos_clear(struct b43_wl *wl)
3020 {
3021         struct b43_qos_params *params;
3022         unsigned int i;
3023
3024         for (i = 0; i < ARRAY_SIZE(wl->qos_params); i++) {
3025                 params = &(wl->qos_params[i]);
3026
3027                 memset(&(params->p), 0, sizeof(params->p));
3028                 params->p.aifs = -1;
3029                 params->need_hw_update = 1;
3030         }
3031 }
3032
3033 /* Initialize the core's QOS capabilities */
3034 static void b43_qos_init(struct b43_wldev *dev)
3035 {
3036         struct b43_wl *wl = dev->wl;
3037         unsigned int i;
3038
3039         /* Upload the current QOS parameters. */
3040         for (i = 0; i < ARRAY_SIZE(wl->qos_params); i++)
3041                 wl->qos_params[i].need_hw_update = 1;
3042         b43_qos_update(dev);
3043
3044         /* Enable QOS support. */
3045         b43_hf_write(dev, b43_hf_read(dev) | B43_HF_EDCF);
3046         b43_write16(dev, B43_MMIO_IFSCTL,
3047                     b43_read16(dev, B43_MMIO_IFSCTL)
3048                     | B43_MMIO_IFSCTL_USE_EDCF);
3049 }
3050
3051 static void b43_qos_update_work(struct work_struct *work)
3052 {
3053         struct b43_wl *wl = container_of(work, struct b43_wl, qos_update_work);
3054         struct b43_wldev *dev;
3055
3056         mutex_lock(&wl->mutex);
3057         dev = wl->current_dev;
3058         if (likely(dev && (b43_status(dev) >= B43_STAT_INITIALIZED)))
3059                 b43_qos_update(dev);
3060         mutex_unlock(&wl->mutex);
3061 }
3062
3063 static int b43_op_conf_tx(struct ieee80211_hw *hw,
3064                           int _queue,
3065                           const struct ieee80211_tx_queue_params *params)
3066 {
3067         struct b43_wl *wl = hw_to_b43_wl(hw);
3068         unsigned long flags;
3069         unsigned int queue = (unsigned int)_queue;
3070         struct b43_qos_params *p;
3071
3072         if (queue >= ARRAY_SIZE(wl->qos_params)) {
3073                 /* Queue not available or don't support setting
3074                  * params on this queue. Return success to not
3075                  * confuse mac80211. */
3076                 return 0;
3077         }
3078
3079         spin_lock_irqsave(&wl->irq_lock, flags);
3080         p = &(wl->qos_params[queue]);
3081         memcpy(&(p->p), params, sizeof(p->p));
3082         p->need_hw_update = 1;
3083         spin_unlock_irqrestore(&wl->irq_lock, flags);
3084
3085         queue_work(hw->workqueue, &wl->qos_update_work);
3086
3087         return 0;
3088 }
3089
3090 static int b43_op_get_tx_stats(struct ieee80211_hw *hw,
3091                                struct ieee80211_tx_queue_stats *stats)
3092 {
3093         struct b43_wl *wl = hw_to_b43_wl(hw);
3094         struct b43_wldev *dev = wl->current_dev;
3095         unsigned long flags;
3096         int err = -ENODEV;
3097
3098         if (!dev)
3099                 goto out;
3100         spin_lock_irqsave(&wl->irq_lock, flags);
3101         if (likely(b43_status(dev) >= B43_STAT_STARTED)) {
3102                 if (b43_using_pio_transfers(dev))
3103                         b43_pio_get_tx_stats(dev, stats);
3104                 else
3105                         b43_dma_get_tx_stats(dev, stats);
3106                 err = 0;
3107         }
3108         spin_unlock_irqrestore(&wl->irq_lock, flags);
3109 out:
3110         return err;
3111 }
3112
3113 static int b43_op_get_stats(struct ieee80211_hw *hw,
3114                             struct ieee80211_low_level_stats *stats)
3115 {
3116         struct b43_wl *wl = hw_to_b43_wl(hw);
3117         unsigned long flags;
3118
3119         spin_lock_irqsave(&wl->irq_lock, flags);
3120         memcpy(stats, &wl->ieee_stats, sizeof(*stats));
3121         spin_unlock_irqrestore(&wl->irq_lock, flags);
3122
3123         return 0;
3124 }
3125
3126 static void b43_put_phy_into_reset(struct b43_wldev *dev)
3127 {
3128         struct ssb_device *sdev = dev->dev;
3129         u32 tmslow;
3130
3131         tmslow = ssb_read32(sdev, SSB_TMSLOW);
3132         tmslow &= ~B43_TMSLOW_GMODE;
3133         tmslow |= B43_TMSLOW_PHYRESET;
3134         tmslow |= SSB_TMSLOW_FGC;
3135         ssb_write32(sdev, SSB_TMSLOW, tmslow);
3136         msleep(1);
3137
3138         tmslow = ssb_read32(sdev, SSB_TMSLOW);
3139         tmslow &= ~SSB_TMSLOW_FGC;
3140         tmslow |= B43_TMSLOW_PHYRESET;
3141         ssb_write32(sdev, SSB_TMSLOW, tmslow);
3142         msleep(1);
3143 }
3144
3145 static const char * band_to_string(enum ieee80211_band band)
3146 {
3147         switch (band) {
3148         case IEEE80211_BAND_5GHZ:
3149                 return "5";
3150         case IEEE80211_BAND_2GHZ:
3151                 return "2.4";
3152         default:
3153                 break;
3154         }
3155         B43_WARN_ON(1);
3156         return "";
3157 }
3158
3159 /* Expects wl->mutex locked */
3160 static int b43_switch_band(struct b43_wl *wl, struct ieee80211_channel *chan)
3161 {
3162         struct b43_wldev *up_dev = NULL;
3163         struct b43_wldev *down_dev;
3164         struct b43_wldev *d;
3165         int err;
3166         bool gmode;
3167         int prev_status;
3168
3169         /* Find a device and PHY which supports the band. */
3170         list_for_each_entry(d, &wl->devlist, list) {
3171                 switch (chan->band) {
3172                 case IEEE80211_BAND_5GHZ:
3173                         if (d->phy.supports_5ghz) {
3174                                 up_dev = d;
3175                                 gmode = 0;
3176                         }
3177                         break;
3178                 case IEEE80211_BAND_2GHZ:
3179                         if (d->phy.supports_2ghz) {
3180                                 up_dev = d;
3181                                 gmode = 1;
3182                         }
3183                         break;
3184                 default:
3185                         B43_WARN_ON(1);
3186                         return -EINVAL;
3187                 }
3188                 if (up_dev)
3189                         break;
3190         }
3191         if (!up_dev) {
3192                 b43err(wl, "Could not find a device for %s-GHz band operation\n",
3193                        band_to_string(chan->band));
3194                 return -ENODEV;
3195         }
3196         if ((up_dev == wl->current_dev) &&
3197             (!!wl->current_dev->phy.gmode == !!gmode)) {
3198                 /* This device is already running. */
3199                 return 0;
3200         }
3201         b43dbg(wl, "Switching to %s-GHz band\n",
3202                band_to_string(chan->band));
3203         down_dev = wl->current_dev;
3204
3205         prev_status = b43_status(down_dev);
3206         /* Shutdown the currently running core. */
3207         if (prev_status >= B43_STAT_STARTED)
3208                 b43_wireless_core_stop(down_dev);
3209         if (prev_status >= B43_STAT_INITIALIZED)
3210                 b43_wireless_core_exit(down_dev);
3211
3212         if (down_dev != up_dev) {
3213                 /* We switch to a different core, so we put PHY into
3214                  * RESET on the old core. */
3215                 b43_put_phy_into_reset(down_dev);
3216         }
3217
3218         /* Now start the new core. */
3219         up_dev->phy.gmode = gmode;
3220         if (prev_status >= B43_STAT_INITIALIZED) {
3221                 err = b43_wireless_core_init(up_dev);
3222                 if (err) {
3223                         b43err(wl, "Fatal: Could not initialize device for "
3224                                "selected %s-GHz band\n",
3225                                band_to_string(chan->band));
3226                         goto init_failure;
3227                 }
3228         }
3229         if (prev_status >= B43_STAT_STARTED) {
3230                 err = b43_wireless_core_start(up_dev);
3231                 if (err) {
3232                         b43err(wl, "Fatal: Coult not start device for "
3233                                "selected %s-GHz band\n",
3234                                band_to_string(chan->band));
3235                         b43_wireless_core_exit(up_dev);
3236                         goto init_failure;
3237                 }
3238         }
3239         B43_WARN_ON(b43_status(up_dev) != prev_status);
3240
3241         wl->current_dev = up_dev;
3242
3243         return 0;
3244 init_failure:
3245         /* Whoops, failed to init the new core. No core is operating now. */
3246         wl->current_dev = NULL;
3247         return err;
3248 }
3249
3250 static int b43_op_config(struct ieee80211_hw *hw, struct ieee80211_conf *conf)
3251 {
3252         struct b43_wl *wl = hw_to_b43_wl(hw);
3253         struct b43_wldev *dev;
3254         struct b43_phy *phy;
3255         unsigned long flags;
3256         int antenna;
3257         int err = 0;
3258         u32 savedirqs;
3259
3260         mutex_lock(&wl->mutex);
3261
3262         /* Switch the band (if necessary). This might change the active core. */
3263         err = b43_switch_band(wl, conf->channel);
3264         if (err)
3265                 goto out_unlock_mutex;
3266         dev = wl->current_dev;
3267         phy = &dev->phy;
3268
3269         /* Disable IRQs while reconfiguring the device.
3270          * This makes it possible to drop the spinlock throughout
3271          * the reconfiguration process. */
3272         spin_lock_irqsave(&wl->irq_lock, flags);
3273         if (b43_status(dev) < B43_STAT_STARTED) {
3274                 spin_unlock_irqrestore(&wl->irq_lock, flags);
3275                 goto out_unlock_mutex;
3276         }
3277         savedirqs = b43_interrupt_disable(dev, B43_IRQ_ALL);
3278         spin_unlock_irqrestore(&wl->irq_lock, flags);
3279         b43_synchronize_irq(dev);
3280
3281         /* Switch to the requested channel.
3282          * The firmware takes care of races with the TX handler. */
3283         if (conf->channel->hw_value != phy->channel)
3284                 b43_radio_selectchannel(dev, conf->channel->hw_value, 0);
3285
3286         /* Enable/Disable ShortSlot timing. */
3287         if ((!!(conf->flags & IEEE80211_CONF_SHORT_SLOT_TIME)) !=
3288             dev->short_slot) {
3289                 B43_WARN_ON(phy->type != B43_PHYTYPE_G);
3290                 if (conf->flags & IEEE80211_CONF_SHORT_SLOT_TIME)
3291                         b43_short_slot_timing_enable(dev);
3292                 else
3293                         b43_short_slot_timing_disable(dev);
3294         }
3295
3296         dev->wl->radiotap_enabled = !!(conf->flags & IEEE80211_CONF_RADIOTAP);
3297
3298         /* Adjust the desired TX power level. */
3299         if (conf->power_level != 0) {
3300                 if (conf->power_level != phy->power_level) {
3301                         phy->power_level = conf->power_level;
3302                         b43_phy_xmitpower(dev);
3303                 }
3304         }
3305
3306         /* Antennas for RX and management frame TX. */
3307         antenna = b43_antenna_from_ieee80211(dev, conf->antenna_sel_tx);
3308         b43_mgmtframe_txantenna(dev, antenna);
3309         antenna = b43_antenna_from_ieee80211(dev, conf->antenna_sel_rx);
3310         b43_set_rx_antenna(dev, antenna);
3311
3312         /* Update templates for AP mode. */
3313         if (b43_is_mode(wl, IEEE80211_IF_TYPE_AP))
3314                 b43_set_beacon_int(dev, conf->beacon_int);
3315
3316         if (!!conf->radio_enabled != phy->radio_on) {
3317                 if (conf->radio_enabled) {
3318                         b43_radio_turn_on(dev);
3319                         b43info(dev->wl, "Radio turned on by software\n");
3320                         if (!dev->radio_hw_enable) {
3321                                 b43info(dev->wl, "The hardware RF-kill button "
3322                                         "still turns the radio physically off. "
3323                                         "Press the button to turn it on.\n");
3324                         }
3325                 } else {
3326                         b43_radio_turn_off(dev, 0);
3327                         b43info(dev->wl, "Radio turned off by software\n");
3328                 }
3329         }
3330
3331         spin_lock_irqsave(&wl->irq_lock, flags);
3332         b43_interrupt_enable(dev, savedirqs);
3333         mmiowb();
3334         spin_unlock_irqrestore(&wl->irq_lock, flags);
3335       out_unlock_mutex:
3336         mutex_unlock(&wl->mutex);
3337
3338         return err;
3339 }
3340
3341 static int b43_op_set_key(struct ieee80211_hw *hw, enum set_key_cmd cmd,
3342                            const u8 *local_addr, const u8 *addr,
3343                            struct ieee80211_key_conf *key)
3344 {
3345         struct b43_wl *wl = hw_to_b43_wl(hw);
3346         struct b43_wldev *dev;
3347         unsigned long flags;
3348         u8 algorithm;
3349         u8 index;
3350         int err;
3351         DECLARE_MAC_BUF(mac);
3352
3353         if (modparam_nohwcrypt)
3354                 return -ENOSPC; /* User disabled HW-crypto */
3355
3356         mutex_lock(&wl->mutex);
3357         spin_lock_irqsave(&wl->irq_lock, flags);
3358
3359         dev = wl->current_dev;
3360         err = -ENODEV;
3361         if (!dev || b43_status(dev) < B43_STAT_INITIALIZED)
3362                 goto out_unlock;
3363
3364         err = -EINVAL;
3365         switch (key->alg) {
3366         case ALG_WEP:
3367                 if (key->keylen == 5)
3368                         algorithm = B43_SEC_ALGO_WEP40;
3369                 else
3370                         algorithm = B43_SEC_ALGO_WEP104;
3371                 break;
3372         case ALG_TKIP:
3373                 algorithm = B43_SEC_ALGO_TKIP;
3374                 break;
3375         case ALG_CCMP:
3376                 algorithm = B43_SEC_ALGO_AES;
3377                 break;
3378         default:
3379                 B43_WARN_ON(1);
3380                 goto out_unlock;
3381         }
3382         index = (u8) (key->keyidx);
3383         if (index > 3)
3384                 goto out_unlock;
3385
3386         switch (cmd) {
3387         case SET_KEY:
3388                 if (algorithm == B43_SEC_ALGO_TKIP) {
3389                         /* FIXME: No TKIP hardware encryption for now. */
3390                         err = -EOPNOTSUPP;
3391                         goto out_unlock;
3392                 }
3393
3394                 if (is_broadcast_ether_addr(addr)) {
3395                         /* addr is FF:FF:FF:FF:FF:FF for default keys */
3396                         err = b43_key_write(dev, index, algorithm,
3397                                             key->key, key->keylen, NULL, key);
3398                 } else {
3399                         /*
3400                          * either pairwise key or address is 00:00:00:00:00:00
3401                          * for transmit-only keys
3402                          */
3403                         err = b43_key_write(dev, -1, algorithm,
3404                                             key->key, key->keylen, addr, key);
3405                 }
3406                 if (err)
3407                         goto out_unlock;
3408
3409                 if (algorithm == B43_SEC_ALGO_WEP40 ||
3410                     algorithm == B43_SEC_ALGO_WEP104) {
3411                         b43_hf_write(dev, b43_hf_read(dev) | B43_HF_USEDEFKEYS);
3412                 } else {
3413                         b43_hf_write(dev,
3414                                      b43_hf_read(dev) & ~B43_HF_USEDEFKEYS);
3415                 }
3416                 key->flags |= IEEE80211_KEY_FLAG_GENERATE_IV;
3417                 break;
3418         case DISABLE_KEY: {
3419                 err = b43_key_clear(dev, key->hw_key_idx);
3420                 if (err)
3421                         goto out_unlock;
3422                 break;
3423         }
3424         default:
3425                 B43_WARN_ON(1);
3426         }
3427 out_unlock:
3428         spin_unlock_irqrestore(&wl->irq_lock, flags);
3429         mutex_unlock(&wl->mutex);
3430         if (!err) {
3431                 b43dbg(wl, "%s hardware based encryption for keyidx: %d, "
3432                        "mac: %s\n",
3433                        cmd == SET_KEY ? "Using" : "Disabling", key->keyidx,
3434                        print_mac(mac, addr));
3435         }
3436         return err;
3437 }
3438
3439 static void b43_op_configure_filter(struct ieee80211_hw *hw,
3440                                     unsigned int changed, unsigned int *fflags,
3441                                     int mc_count, struct dev_addr_list *mc_list)
3442 {
3443         struct b43_wl *wl = hw_to_b43_wl(hw);
3444         struct b43_wldev *dev = wl->current_dev;
3445         unsigned long flags;
3446
3447         if (!dev) {
3448                 *fflags = 0;
3449                 return;
3450         }
3451
3452         spin_lock_irqsave(&wl->irq_lock, flags);
3453         *fflags &= FIF_PROMISC_IN_BSS |
3454                   FIF_ALLMULTI |
3455                   FIF_FCSFAIL |
3456                   FIF_PLCPFAIL |
3457                   FIF_CONTROL |
3458                   FIF_OTHER_BSS |
3459                   FIF_BCN_PRBRESP_PROMISC;
3460
3461         changed &= FIF_PROMISC_IN_BSS |
3462                    FIF_ALLMULTI |
3463                    FIF_FCSFAIL |
3464                    FIF_PLCPFAIL |
3465                    FIF_CONTROL |
3466                    FIF_OTHER_BSS |
3467                    FIF_BCN_PRBRESP_PROMISC;
3468
3469         wl->filter_flags = *fflags;
3470
3471         if (changed && b43_status(dev) >= B43_STAT_INITIALIZED)
3472                 b43_adjust_opmode(dev);
3473         spin_unlock_irqrestore(&wl->irq_lock, flags);
3474 }
3475
3476 static int b43_op_config_interface(struct ieee80211_hw *hw,
3477                                    struct ieee80211_vif *vif,
3478                                    struct ieee80211_if_conf *conf)
3479 {
3480         struct b43_wl *wl = hw_to_b43_wl(hw);
3481         struct b43_wldev *dev = wl->current_dev;
3482         unsigned long flags;
3483
3484         if (!dev)
3485                 return -ENODEV;
3486         mutex_lock(&wl->mutex);
3487         spin_lock_irqsave(&wl->irq_lock, flags);
3488         B43_WARN_ON(wl->vif != vif);
3489         if (conf->bssid)
3490                 memcpy(wl->bssid, conf->bssid, ETH_ALEN);
3491         else
3492                 memset(wl->bssid, 0, ETH_ALEN);
3493         if (b43_status(dev) >= B43_STAT_INITIALIZED) {
3494                 if (b43_is_mode(wl, IEEE80211_IF_TYPE_AP)) {
3495                         B43_WARN_ON(conf->type != IEEE80211_IF_TYPE_AP);
3496                         b43_set_ssid(dev, conf->ssid, conf->ssid_len);
3497                         if (conf->beacon) {
3498                                 b43_update_templates(wl, conf->beacon,
3499                                                      conf->beacon_control);
3500                         }
3501                 }
3502                 b43_write_mac_bssid_templates(dev);
3503         }
3504         spin_unlock_irqrestore(&wl->irq_lock, flags);
3505         mutex_unlock(&wl->mutex);
3506
3507         return 0;
3508 }
3509
3510 /* Locking: wl->mutex */
3511 static void b43_wireless_core_stop(struct b43_wldev *dev)
3512 {
3513         struct b43_wl *wl = dev->wl;
3514         unsigned long flags;
3515
3516         if (b43_status(dev) < B43_STAT_STARTED)
3517                 return;
3518
3519         /* Disable and sync interrupts. We must do this before than
3520          * setting the status to INITIALIZED, as the interrupt handler
3521          * won't care about IRQs then. */
3522         spin_lock_irqsave(&wl->irq_lock, flags);
3523         dev->irq_savedstate = b43_interrupt_disable(dev, B43_IRQ_ALL);
3524         b43_read32(dev, B43_MMIO_GEN_IRQ_MASK); /* flush */
3525         spin_unlock_irqrestore(&wl->irq_lock, flags);
3526         b43_synchronize_irq(dev);
3527
3528         write_lock_irqsave(&wl->tx_lock, flags);
3529         b43_set_status(dev, B43_STAT_INITIALIZED);
3530         write_unlock_irqrestore(&wl->tx_lock, flags);
3531
3532         b43_pio_stop(dev);
3533         mutex_unlock(&wl->mutex);
3534         /* Must unlock as it would otherwise deadlock. No races here.
3535          * Cancel the possibly running self-rearming periodic work. */
3536         cancel_delayed_work_sync(&dev->periodic_work);
3537         mutex_lock(&wl->mutex);
3538
3539         b43_mac_suspend(dev);
3540         free_irq(dev->dev->irq, dev);
3541         b43dbg(wl, "Wireless interface stopped\n");
3542 }
3543
3544 /* Locking: wl->mutex */
3545 static int b43_wireless_core_start(struct b43_wldev *dev)
3546 {
3547         int err;
3548
3549         B43_WARN_ON(b43_status(dev) != B43_STAT_INITIALIZED);
3550
3551         drain_txstatus_queue(dev);
3552         err = request_irq(dev->dev->irq, b43_interrupt_handler,
3553                           IRQF_SHARED, KBUILD_MODNAME, dev);
3554         if (err) {
3555                 b43err(dev->wl, "Cannot request IRQ-%d\n", dev->dev->irq);
3556                 goto out;
3557         }
3558
3559         /* We are ready to run. */
3560         b43_set_status(dev, B43_STAT_STARTED);
3561
3562         /* Start data flow (TX/RX). */
3563         b43_mac_enable(dev);
3564         b43_interrupt_enable(dev, dev->irq_savedstate);
3565         ieee80211_start_queues(dev->wl->hw);
3566
3567         /* Start maintainance work */
3568         b43_periodic_tasks_setup(dev);
3569
3570         b43dbg(dev->wl, "Wireless interface started\n");
3571       out:
3572         return err;
3573 }
3574
3575 /* Get PHY and RADIO versioning numbers */
3576 static int b43_phy_versioning(struct b43_wldev *dev)
3577 {
3578         struct b43_phy *phy = &dev->phy;
3579         u32 tmp;
3580         u8 analog_type;
3581         u8 phy_type;
3582         u8 phy_rev;
3583         u16 radio_manuf;
3584         u16 radio_ver;
3585         u16 radio_rev;
3586         int unsupported = 0;
3587
3588         /* Get PHY versioning */
3589         tmp = b43_read16(dev, B43_MMIO_PHY_VER);
3590         analog_type = (tmp & B43_PHYVER_ANALOG) >> B43_PHYVER_ANALOG_SHIFT;
3591         phy_type = (tmp & B43_PHYVER_TYPE) >> B43_PHYVER_TYPE_SHIFT;
3592         phy_rev = (tmp & B43_PHYVER_VERSION);
3593         switch (phy_type) {
3594         case B43_PHYTYPE_A:
3595                 if (phy_rev >= 4)
3596                         unsupported = 1;
3597                 break;
3598         case B43_PHYTYPE_B:
3599                 if (phy_rev != 2 && phy_rev != 4 && phy_rev != 6
3600                     && phy_rev != 7)
3601                         unsupported = 1;
3602                 break;
3603         case B43_PHYTYPE_G:
3604                 if (phy_rev > 9)
3605                         unsupported = 1;
3606                 break;
3607 #ifdef CONFIG_B43_NPHY
3608         case B43_PHYTYPE_N:
3609                 if (phy_rev > 1)
3610                         unsupported = 1;
3611                 break;
3612 #endif
3613         default:
3614                 unsupported = 1;
3615         };
3616         if (unsupported) {
3617                 b43err(dev->wl, "FOUND UNSUPPORTED PHY "
3618                        "(Analog %u, Type %u, Revision %u)\n",
3619                        analog_type, phy_type, phy_rev);
3620                 return -EOPNOTSUPP;
3621         }
3622         b43dbg(dev->wl, "Found PHY: Analog %u, Type %u, Revision %u\n",
3623                analog_type, phy_type, phy_rev);
3624
3625         /* Get RADIO versioning */
3626         if (dev->dev->bus->chip_id == 0x4317) {
3627                 if (dev->dev->bus->chip_rev == 0)
3628                         tmp = 0x3205017F;
3629                 else if (dev->dev->bus->chip_rev == 1)
3630                         tmp = 0x4205017F;
3631                 else
3632                         tmp = 0x5205017F;
3633         } else {
3634                 b43_write16(dev, B43_MMIO_RADIO_CONTROL, B43_RADIOCTL_ID);
3635                 tmp = b43_read16(dev, B43_MMIO_RADIO_DATA_LOW);
3636                 b43_write16(dev, B43_MMIO_RADIO_CONTROL, B43_RADIOCTL_ID);
3637                 tmp |= (u32)b43_read16(dev, B43_MMIO_RADIO_DATA_HIGH) << 16;
3638         }
3639         radio_manuf = (tmp & 0x00000FFF);
3640         radio_ver = (tmp & 0x0FFFF000) >> 12;
3641         radio_rev = (tmp & 0xF0000000) >> 28;
3642         if (radio_manuf != 0x17F /* Broadcom */)
3643                 unsupported = 1;
3644         switch (phy_type) {
3645         case B43_PHYTYPE_A:
3646                 if (radio_ver != 0x2060)
3647                         unsupported = 1;
3648                 if (radio_rev != 1)
3649                         unsupported = 1;
3650                 if (radio_manuf != 0x17F)
3651                         unsupported = 1;
3652                 break;
3653         case B43_PHYTYPE_B:
3654                 if ((radio_ver & 0xFFF0) != 0x2050)
3655                         unsupported = 1;
3656                 break;
3657         case B43_PHYTYPE_G:
3658                 if (radio_ver != 0x2050)
3659                         unsupported = 1;
3660                 break;
3661         case B43_PHYTYPE_N:
3662                 if (radio_ver != 0x2055)
3663                         unsupported = 1;
3664                 break;
3665         default:
3666                 B43_WARN_ON(1);
3667         }
3668         if (unsupported) {
3669                 b43err(dev->wl, "FOUND UNSUPPORTED RADIO "
3670                        "(Manuf 0x%X, Version 0x%X, Revision %u)\n",
3671                        radio_manuf, radio_ver, radio_rev);
3672                 return -EOPNOTSUPP;
3673         }
3674         b43dbg(dev->wl, "Found Radio: Manuf 0x%X, Version 0x%X, Revision %u\n",
3675                radio_manuf, radio_ver, radio_rev);
3676
3677         phy->radio_manuf = radio_manuf;
3678         phy->radio_ver = radio_ver;
3679         phy->radio_rev = radio_rev;
3680
3681         phy->analog = analog_type;
3682         phy->type = phy_type;
3683         phy->rev = phy_rev;
3684
3685         return 0;
3686 }
3687
3688 static void setup_struct_phy_for_init(struct b43_wldev *dev,
3689                                       struct b43_phy *phy)
3690 {
3691         struct b43_txpower_lo_control *lo;
3692         int i;
3693
3694         memset(phy->minlowsig, 0xFF, sizeof(phy->minlowsig));
3695         memset(phy->minlowsigpos, 0, sizeof(phy->minlowsigpos));
3696
3697         phy->aci_enable = 0;
3698         phy->aci_wlan_automatic = 0;
3699         phy->aci_hw_rssi = 0;
3700
3701         phy->radio_off_context.valid = 0;
3702
3703         lo = phy->lo_control;
3704         if (lo) {
3705                 memset(lo, 0, sizeof(*(phy->lo_control)));
3706                 lo->rebuild = 1;
3707                 lo->tx_bias = 0xFF;
3708         }
3709         phy->max_lb_gain = 0;
3710         phy->trsw_rx_gain = 0;
3711         phy->txpwr_offset = 0;
3712
3713         /* NRSSI */
3714         phy->nrssislope = 0;
3715         for (i = 0; i < ARRAY_SIZE(phy->nrssi); i++)
3716                 phy->nrssi[i] = -1000;
3717         for (i = 0; i < ARRAY_SIZE(phy->nrssi_lt); i++)
3718                 phy->nrssi_lt[i] = i;
3719
3720         phy->lofcal = 0xFFFF;
3721         phy->initval = 0xFFFF;
3722
3723         phy->interfmode = B43_INTERFMODE_NONE;
3724         phy->channel = 0xFF;
3725
3726         phy->hardware_power_control = !!modparam_hwpctl;
3727
3728         /* PHY TX errors counter. */
3729         atomic_set(&phy->txerr_cnt, B43_PHY_TX_BADNESS_LIMIT);
3730
3731         /* OFDM-table address caching. */
3732         phy->ofdmtab_addr_direction = B43_OFDMTAB_DIRECTION_UNKNOWN;
3733 }
3734
3735 static void setup_struct_wldev_for_init(struct b43_wldev *dev)
3736 {
3737         dev->dfq_valid = 0;
3738
3739         /* Assume the radio is enabled. If it's not enabled, the state will
3740          * immediately get fixed on the first periodic work run. */
3741         dev->radio_hw_enable = 1;
3742
3743         /* Stats */
3744         memset(&dev->stats, 0, sizeof(dev->stats));
3745
3746         setup_struct_phy_for_init(dev, &dev->phy);
3747
3748         /* IRQ related flags */
3749         dev->irq_reason = 0;
3750         memset(dev->dma_reason, 0, sizeof(dev->dma_reason));
3751         dev->irq_savedstate = B43_IRQ_MASKTEMPLATE;
3752
3753         dev->mac_suspended = 1;
3754
3755         /* Noise calculation context */
3756         memset(&dev->noisecalc, 0, sizeof(dev->noisecalc));
3757 }
3758
3759 static void b43_bluetooth_coext_enable(struct b43_wldev *dev)
3760 {
3761         struct ssb_sprom *sprom = &dev->dev->bus->sprom;
3762         u64 hf;
3763
3764         if (!modparam_btcoex)
3765                 return;
3766         if (!(sprom->boardflags_lo & B43_BFL_BTCOEXIST))
3767                 return;
3768         if (dev->phy.type != B43_PHYTYPE_B && !dev->phy.gmode)
3769                 return;
3770
3771         hf = b43_hf_read(dev);
3772         if (sprom->boardflags_lo & B43_BFL_BTCMOD)
3773                 hf |= B43_HF_BTCOEXALT;
3774         else
3775                 hf |= B43_HF_BTCOEX;
3776         b43_hf_write(dev, hf);
3777 }
3778
3779 static void b43_bluetooth_coext_disable(struct b43_wldev *dev)
3780 {
3781         if (!modparam_btcoex)
3782                 return;
3783         //TODO
3784 }
3785
3786 static void b43_imcfglo_timeouts_workaround(struct b43_wldev *dev)
3787 {
3788 #ifdef CONFIG_SSB_DRIVER_PCICORE
3789         struct ssb_bus *bus = dev->dev->bus;
3790         u32 tmp;
3791
3792         if (bus->pcicore.dev &&
3793             bus->pcicore.dev->id.coreid == SSB_DEV_PCI &&
3794             bus->pcicore.dev->id.revision <= 5) {
3795                 /* IMCFGLO timeouts workaround. */
3796                 tmp = ssb_read32(dev->dev, SSB_IMCFGLO);
3797                 tmp &= ~SSB_IMCFGLO_REQTO;
3798                 tmp &= ~SSB_IMCFGLO_SERTO;
3799                 switch (bus->bustype) {
3800                 case SSB_BUSTYPE_PCI:
3801                 case SSB_BUSTYPE_PCMCIA:
3802                         tmp |= 0x32;
3803                         break;
3804                 case SSB_BUSTYPE_SSB:
3805                         tmp |= 0x53;
3806                         break;
3807                 }
3808                 ssb_write32(dev->dev, SSB_IMCFGLO, tmp);
3809         }
3810 #endif /* CONFIG_SSB_DRIVER_PCICORE */
3811 }
3812
3813 /* Write the short and long frame retry limit values. */
3814 static void b43_set_retry_limits(struct b43_wldev *dev,
3815                                  unsigned int short_retry,
3816                                  unsigned int long_retry)
3817 {
3818         /* The retry limit is a 4-bit counter. Enforce this to avoid overflowing
3819          * the chip-internal counter. */
3820         short_retry = min(short_retry, (unsigned int)0xF);
3821         long_retry = min(long_retry, (unsigned int)0xF);
3822
3823         b43_shm_write16(dev, B43_SHM_SCRATCH, B43_SHM_SC_SRLIMIT,
3824                         short_retry);
3825         b43_shm_write16(dev, B43_SHM_SCRATCH, B43_SHM_SC_LRLIMIT,
3826                         long_retry);
3827 }
3828
3829 static void b43_set_synth_pu_delay(struct b43_wldev *dev, bool idle)
3830 {
3831         u16 pu_delay;
3832
3833         /* The time value is in microseconds. */
3834         if (dev->phy.type == B43_PHYTYPE_A)
3835                 pu_delay = 3700;
3836         else
3837                 pu_delay = 1050;
3838         if (b43_is_mode(dev->wl, IEEE80211_IF_TYPE_IBSS) || idle)
3839                 pu_delay = 500;
3840         if ((dev->phy.radio_ver == 0x2050) && (dev->phy.radio_rev == 8))
3841                 pu_delay = max(pu_delay, (u16)2400);
3842
3843         b43_shm_write16(dev, B43_SHM_SHARED, B43_SHM_SH_SPUWKUP, pu_delay);
3844 }
3845
3846 /* Set the TSF CFP pre-TargetBeaconTransmissionTime. */
3847 static void b43_set_pretbtt(struct b43_wldev *dev)
3848 {
3849         u16 pretbtt;
3850
3851         /* The time value is in microseconds. */
3852         if (b43_is_mode(dev->wl, IEEE80211_IF_TYPE_IBSS)) {
3853                 pretbtt = 2;
3854         } else {
3855                 if (dev->phy.type == B43_PHYTYPE_A)
3856                         pretbtt = 120;
3857                 else
3858                         pretbtt = 250;
3859         }
3860         b43_shm_write16(dev, B43_SHM_SHARED, B43_SHM_SH_PRETBTT, pretbtt);
3861         b43_write16(dev, B43_MMIO_TSF_CFP_PRETBTT, pretbtt);
3862 }
3863
3864 /* Shutdown a wireless core */
3865 /* Locking: wl->mutex */
3866 static void b43_wireless_core_exit(struct b43_wldev *dev)
3867 {
3868         struct b43_phy *phy = &dev->phy;
3869         u32 macctl;
3870
3871         B43_WARN_ON(b43_status(dev) > B43_STAT_INITIALIZED);
3872         if (b43_status(dev) != B43_STAT_INITIALIZED)
3873                 return;
3874         b43_set_status(dev, B43_STAT_UNINIT);
3875
3876         /* Stop the microcode PSM. */
3877         macctl = b43_read32(dev, B43_MMIO_MACCTL);
3878         macctl &= ~B43_MACCTL_PSM_RUN;
3879         macctl |= B43_MACCTL_PSM_JMP0;
3880         b43_write32(dev, B43_MMIO_MACCTL, macctl);
3881
3882         if (!dev->suspend_in_progress) {
3883                 b43_leds_exit(dev);
3884                 b43_rng_exit(dev->wl);
3885         }
3886         b43_dma_free(dev);
3887         b43_pio_free(dev);
3888         b43_chip_exit(dev);
3889         b43_radio_turn_off(dev, 1);
3890         b43_switch_analog(dev, 0);
3891         if (phy->dyn_tssi_tbl)
3892                 kfree(phy->tssi2dbm);
3893         kfree(phy->lo_control);
3894         phy->lo_control = NULL;
3895         if (dev->wl->current_beacon) {
3896                 dev_kfree_skb_any(dev->wl->current_beacon);
3897                 dev->wl->current_beacon = NULL;
3898         }
3899
3900         ssb_device_disable(dev->dev, 0);
3901         ssb_bus_may_powerdown(dev->dev->bus);
3902 }
3903
3904 /* Initialize a wireless core */
3905 static int b43_wireless_core_init(struct b43_wldev *dev)
3906 {
3907         struct b43_wl *wl = dev->wl;
3908         struct ssb_bus *bus = dev->dev->bus;
3909         struct ssb_sprom *sprom = &bus->sprom;
3910         struct b43_phy *phy = &dev->phy;
3911         int err;
3912         u64 hf;
3913         u32 tmp;
3914
3915         B43_WARN_ON(b43_status(dev) != B43_STAT_UNINIT);
3916
3917         err = ssb_bus_powerup(bus, 0);
3918         if (err)
3919                 goto out;
3920         if (!ssb_device_is_enabled(dev->dev)) {
3921                 tmp = phy->gmode ? B43_TMSLOW_GMODE : 0;
3922                 b43_wireless_core_reset(dev, tmp);
3923         }
3924
3925         if ((phy->type == B43_PHYTYPE_B) || (phy->type == B43_PHYTYPE_G)) {
3926                 phy->lo_control =
3927                     kzalloc(sizeof(*(phy->lo_control)), GFP_KERNEL);
3928                 if (!phy->lo_control) {
3929                         err = -ENOMEM;
3930                         goto err_busdown;
3931                 }
3932         }
3933         setup_struct_wldev_for_init(dev);
3934
3935         err = b43_phy_init_tssi2dbm_table(dev);
3936         if (err)
3937                 goto err_kfree_lo_control;
3938
3939         /* Enable IRQ routing to this device. */
3940         ssb_pcicore_dev_irqvecs_enable(&bus->pcicore, dev->dev);
3941
3942         b43_imcfglo_timeouts_workaround(dev);
3943         b43_bluetooth_coext_disable(dev);
3944         b43_phy_early_init(dev);
3945         err = b43_chip_init(dev);
3946         if (err)
3947                 goto err_kfree_tssitbl;
3948         b43_shm_write16(dev, B43_SHM_SHARED,
3949                         B43_SHM_SH_WLCOREREV, dev->dev->id.revision);
3950         hf = b43_hf_read(dev);
3951         if (phy->type == B43_PHYTYPE_G) {
3952                 hf |= B43_HF_SYMW;
3953                 if (phy->rev == 1)
3954                         hf |= B43_HF_GDCW;
3955                 if (sprom->boardflags_lo & B43_BFL_PACTRL)
3956                         hf |= B43_HF_OFDMPABOOST;
3957         } else if (phy->type == B43_PHYTYPE_B) {
3958                 hf |= B43_HF_SYMW;
3959                 if (phy->rev >= 2 && phy->radio_ver == 0x2050)
3960                         hf &= ~B43_HF_GDCW;
3961         }
3962         b43_hf_write(dev, hf);
3963
3964         b43_set_retry_limits(dev, B43_DEFAULT_SHORT_RETRY_LIMIT,
3965                              B43_DEFAULT_LONG_RETRY_LIMIT);
3966         b43_shm_write16(dev, B43_SHM_SHARED, B43_SHM_SH_SFFBLIM, 3);
3967         b43_shm_write16(dev, B43_SHM_SHARED, B43_SHM_SH_LFFBLIM, 2);
3968
3969         /* Disable sending probe responses from firmware.
3970          * Setting the MaxTime to one usec will always trigger
3971          * a timeout, so we never send any probe resp.
3972          * A timeout of zero is infinite. */
3973         b43_shm_write16(dev, B43_SHM_SHARED, B43_SHM_SH_PRMAXTIME, 1);
3974
3975         b43_rate_memory_init(dev);
3976         b43_set_phytxctl_defaults(dev);
3977
3978         /* Minimum Contention Window */
3979         if (phy->type == B43_PHYTYPE_B) {
3980                 b43_shm_write16(dev, B43_SHM_SCRATCH, B43_SHM_SC_MINCONT, 0x1F);
3981         } else {
3982                 b43_shm_write16(dev, B43_SHM_SCRATCH, B43_SHM_SC_MINCONT, 0xF);
3983         }
3984         /* Maximum Contention Window */
3985         b43_shm_write16(dev, B43_SHM_SCRATCH, B43_SHM_SC_MAXCONT, 0x3FF);
3986
3987         if ((dev->dev->bus->bustype == SSB_BUSTYPE_PCMCIA) || B43_FORCE_PIO) {
3988                 dev->__using_pio_transfers = 1;
3989                 err = b43_pio_init(dev);
3990         } else {
3991                 dev->__using_pio_transfers = 0;
3992                 err = b43_dma_init(dev);
3993         }
3994         if (err)
3995                 goto err_chip_exit;
3996         b43_qos_init(dev);
3997         b43_set_synth_pu_delay(dev, 1);
3998         b43_bluetooth_coext_enable(dev);
3999
4000         ssb_bus_powerup(bus, 1);        /* Enable dynamic PCTL */
4001         b43_upload_card_macaddress(dev);
4002         b43_security_init(dev);
4003         if (!dev->suspend_in_progress)
4004                 b43_rng_init(wl);
4005
4006         b43_set_status(dev, B43_STAT_INITIALIZED);
4007
4008         if (!dev->suspend_in_progress)
4009                 b43_leds_init(dev);
4010 out:
4011         return err;
4012
4013       err_chip_exit:
4014         b43_chip_exit(dev);
4015       err_kfree_tssitbl:
4016         if (phy->dyn_tssi_tbl)
4017                 kfree(phy->tssi2dbm);
4018       err_kfree_lo_control:
4019         kfree(phy->lo_control);
4020         phy->lo_control = NULL;
4021       err_busdown:
4022         ssb_bus_may_powerdown(bus);
4023         B43_WARN_ON(b43_status(dev) != B43_STAT_UNINIT);
4024         return err;
4025 }
4026
4027 static int b43_op_add_interface(struct ieee80211_hw *hw,
4028                                 struct ieee80211_if_init_conf *conf)
4029 {
4030         struct b43_wl *wl = hw_to_b43_wl(hw);
4031         struct b43_wldev *dev;
4032         unsigned long flags;
4033         int err = -EOPNOTSUPP;
4034
4035         /* TODO: allow WDS/AP devices to coexist */
4036
4037         if (conf->type != IEEE80211_IF_TYPE_AP &&
4038             conf->type != IEEE80211_IF_TYPE_STA &&
4039             conf->type != IEEE80211_IF_TYPE_WDS &&
4040             conf->type != IEEE80211_IF_TYPE_IBSS)
4041                 return -EOPNOTSUPP;
4042
4043         mutex_lock(&wl->mutex);
4044         if (wl->operating)
4045                 goto out_mutex_unlock;
4046
4047         b43dbg(wl, "Adding Interface type %d\n", conf->type);
4048
4049         dev = wl->current_dev;
4050         wl->operating = 1;
4051         wl->vif = conf->vif;
4052         wl->if_type = conf->type;
4053         memcpy(wl->mac_addr, conf->mac_addr, ETH_ALEN);
4054
4055         spin_lock_irqsave(&wl->irq_lock, flags);
4056         b43_adjust_opmode(dev);
4057         b43_set_pretbtt(dev);
4058         b43_set_synth_pu_delay(dev, 0);
4059         b43_upload_card_macaddress(dev);
4060         spin_unlock_irqrestore(&wl->irq_lock, flags);
4061
4062         err = 0;
4063  out_mutex_unlock:
4064         mutex_unlock(&wl->mutex);
4065
4066         return err;
4067 }
4068
4069 static void b43_op_remove_interface(struct ieee80211_hw *hw,
4070                                     struct ieee80211_if_init_conf *conf)
4071 {
4072         struct b43_wl *wl = hw_to_b43_wl(hw);
4073         struct b43_wldev *dev = wl->current_dev;
4074         unsigned long flags;
4075
4076         b43dbg(wl, "Removing Interface type %d\n", conf->type);
4077
4078         mutex_lock(&wl->mutex);
4079
4080         B43_WARN_ON(!wl->operating);
4081         B43_WARN_ON(wl->vif != conf->vif);
4082         wl->vif = NULL;
4083
4084         wl->operating = 0;
4085
4086         spin_lock_irqsave(&wl->irq_lock, flags);
4087         b43_adjust_opmode(dev);
4088         memset(wl->mac_addr, 0, ETH_ALEN);
4089         b43_upload_card_macaddress(dev);
4090         spin_unlock_irqrestore(&wl->irq_lock, flags);
4091
4092         mutex_unlock(&wl->mutex);
4093 }
4094
4095 static int b43_op_start(struct ieee80211_hw *hw)
4096 {
4097         struct b43_wl *wl = hw_to_b43_wl(hw);
4098         struct b43_wldev *dev = wl->current_dev;
4099         int did_init = 0;
4100         int err = 0;
4101         bool do_rfkill_exit = 0;
4102
4103         /* Kill all old instance specific information to make sure
4104          * the card won't use it in the short timeframe between start
4105          * and mac80211 reconfiguring it. */
4106         memset(wl->bssid, 0, ETH_ALEN);
4107         memset(wl->mac_addr, 0, ETH_ALEN);
4108         wl->filter_flags = 0;
4109         wl->radiotap_enabled = 0;
4110         b43_qos_clear(wl);
4111         wl->beacon0_uploaded = 0;
4112         wl->beacon1_uploaded = 0;
4113         wl->beacon_templates_virgin = 1;
4114
4115         /* First register RFkill.
4116          * LEDs that are registered later depend on it. */
4117         b43_rfkill_init(dev);
4118
4119         mutex_lock(&wl->mutex);
4120
4121         if (b43_status(dev) < B43_STAT_INITIALIZED) {
4122                 err = b43_wireless_core_init(dev);
4123                 if (err) {
4124                         do_rfkill_exit = 1;
4125                         goto out_mutex_unlock;
4126                 }
4127                 did_init = 1;
4128         }
4129
4130         if (b43_status(dev) < B43_STAT_STARTED) {
4131                 err = b43_wireless_core_start(dev);
4132                 if (err) {
4133                         if (did_init)
4134                                 b43_wireless_core_exit(dev);
4135                         do_rfkill_exit = 1;
4136                         goto out_mutex_unlock;
4137                 }
4138         }
4139
4140  out_mutex_unlock:
4141         mutex_unlock(&wl->mutex);
4142
4143         if (do_rfkill_exit)
4144                 b43_rfkill_exit(dev);
4145
4146         return err;
4147 }
4148
4149 static void b43_op_stop(struct ieee80211_hw *hw)
4150 {
4151         struct b43_wl *wl = hw_to_b43_wl(hw);
4152         struct b43_wldev *dev = wl->current_dev;
4153
4154         b43_rfkill_exit(dev);
4155         cancel_work_sync(&(wl->qos_update_work));
4156         cancel_work_sync(&(wl->beacon_update_trigger));
4157
4158         mutex_lock(&wl->mutex);
4159         if (b43_status(dev) >= B43_STAT_STARTED)
4160                 b43_wireless_core_stop(dev);
4161         b43_wireless_core_exit(dev);
4162         mutex_unlock(&wl->mutex);
4163 }
4164
4165 static int b43_op_set_retry_limit(struct ieee80211_hw *hw,
4166                                   u32 short_retry_limit, u32 long_retry_limit)
4167 {
4168         struct b43_wl *wl = hw_to_b43_wl(hw);
4169         struct b43_wldev *dev;
4170         int err = 0;
4171
4172         mutex_lock(&wl->mutex);
4173         dev = wl->current_dev;
4174         if (unlikely(!dev || (b43_status(dev) < B43_STAT_INITIALIZED))) {
4175                 err = -ENODEV;
4176                 goto out_unlock;
4177         }
4178         b43_set_retry_limits(dev, short_retry_limit, long_retry_limit);
4179 out_unlock:
4180         mutex_unlock(&wl->mutex);
4181
4182         return err;
4183 }
4184
4185 static int b43_op_beacon_set_tim(struct ieee80211_hw *hw, int aid, int set)
4186 {
4187         struct b43_wl *wl = hw_to_b43_wl(hw);
4188         struct sk_buff *beacon;
4189         unsigned long flags;
4190         struct ieee80211_tx_control txctl;
4191
4192         /* We could modify the existing beacon and set the aid bit in
4193          * the TIM field, but that would probably require resizing and
4194          * moving of data within the beacon template.
4195          * Simply request a new beacon and let mac80211 do the hard work. */
4196         beacon = ieee80211_beacon_get(hw, wl->vif, &txctl);
4197         if (unlikely(!beacon))
4198                 return -ENOMEM;
4199         spin_lock_irqsave(&wl->irq_lock, flags);
4200         b43_update_templates(wl, beacon, &txctl);
4201         spin_unlock_irqrestore(&wl->irq_lock, flags);
4202
4203         return 0;
4204 }
4205
4206 static int b43_op_ibss_beacon_update(struct ieee80211_hw *hw,
4207                                      struct sk_buff *beacon,
4208                                      struct ieee80211_tx_control *ctl)
4209 {
4210         struct b43_wl *wl = hw_to_b43_wl(hw);
4211         unsigned long flags;
4212
4213         spin_lock_irqsave(&wl->irq_lock, flags);
4214         b43_update_templates(wl, beacon, ctl);
4215         spin_unlock_irqrestore(&wl->irq_lock, flags);
4216
4217         return 0;
4218 }
4219
4220 static void b43_op_sta_notify(struct ieee80211_hw *hw,
4221                               struct ieee80211_vif *vif,
4222                               enum sta_notify_cmd notify_cmd,
4223                               const u8 *addr)
4224 {
4225         struct b43_wl *wl = hw_to_b43_wl(hw);
4226
4227         B43_WARN_ON(!vif || wl->vif != vif);
4228 }
4229
4230 static const struct ieee80211_ops b43_hw_ops = {
4231         .tx                     = b43_op_tx,
4232         .conf_tx                = b43_op_conf_tx,
4233         .add_interface          = b43_op_add_interface,
4234         .remove_interface       = b43_op_remove_interface,
4235         .config                 = b43_op_config,
4236         .config_interface       = b43_op_config_interface,
4237         .configure_filter       = b43_op_configure_filter,
4238         .set_key                = b43_op_set_key,
4239         .get_stats              = b43_op_get_stats,
4240         .get_tx_stats           = b43_op_get_tx_stats,
4241         .start                  = b43_op_start,
4242         .stop                   = b43_op_stop,
4243         .set_retry_limit        = b43_op_set_retry_limit,
4244         .set_tim                = b43_op_beacon_set_tim,
4245         .beacon_update          = b43_op_ibss_beacon_update,
4246         .sta_notify             = b43_op_sta_notify,
4247 };
4248
4249 /* Hard-reset the chip. Do not call this directly.
4250  * Use b43_controller_restart()
4251  */
4252 static void b43_chip_reset(struct work_struct *work)
4253 {
4254         struct b43_wldev *dev =
4255             container_of(work, struct b43_wldev, restart_work);
4256         struct b43_wl *wl = dev->wl;
4257         int err = 0;
4258         int prev_status;
4259
4260         mutex_lock(&wl->mutex);
4261
4262         prev_status = b43_status(dev);
4263         /* Bring the device down... */
4264         if (prev_status >= B43_STAT_STARTED)
4265                 b43_wireless_core_stop(dev);
4266         if (prev_status >= B43_STAT_INITIALIZED)
4267                 b43_wireless_core_exit(dev);
4268
4269         /* ...and up again. */
4270         if (prev_status >= B43_STAT_INITIALIZED) {
4271                 err = b43_wireless_core_init(dev);
4272                 if (err)
4273                         goto out;
4274         }
4275         if (prev_status >= B43_STAT_STARTED) {
4276                 err = b43_wireless_core_start(dev);
4277                 if (err) {
4278                         b43_wireless_core_exit(dev);
4279                         goto out;
4280                 }
4281         }
4282 out:
4283         if (err)
4284                 wl->current_dev = NULL; /* Failed to init the dev. */
4285         mutex_unlock(&wl->mutex);
4286         if (err)
4287                 b43err(wl, "Controller restart FAILED\n");
4288         else
4289                 b43info(wl, "Controller restarted\n");
4290 }
4291
4292 static int b43_setup_bands(struct b43_wldev *dev,
4293                            bool have_2ghz_phy, bool have_5ghz_phy)
4294 {
4295         struct ieee80211_hw *hw = dev->wl->hw;
4296
4297         if (have_2ghz_phy)
4298                 hw->wiphy->bands[IEEE80211_BAND_2GHZ] = &b43_band_2GHz;
4299         if (dev->phy.type == B43_PHYTYPE_N) {
4300                 if (have_5ghz_phy)
4301                         hw->wiphy->bands[IEEE80211_BAND_5GHZ] = &b43_band_5GHz_nphy;
4302         } else {
4303                 if (have_5ghz_phy)
4304                         hw->wiphy->bands[IEEE80211_BAND_5GHZ] = &b43_band_5GHz_aphy;
4305         }
4306
4307         dev->phy.supports_2ghz = have_2ghz_phy;
4308         dev->phy.supports_5ghz = have_5ghz_phy;
4309
4310         return 0;
4311 }
4312
4313 static void b43_wireless_core_detach(struct b43_wldev *dev)
4314 {
4315         /* We release firmware that late to not be required to re-request
4316          * is all the time when we reinit the core. */
4317         b43_release_firmware(dev);
4318 }
4319
4320 static int b43_wireless_core_attach(struct b43_wldev *dev)
4321 {
4322         struct b43_wl *wl = dev->wl;
4323         struct ssb_bus *bus = dev->dev->bus;
4324         struct pci_dev *pdev = bus->host_pci;
4325         int err;
4326         bool have_2ghz_phy = 0, have_5ghz_phy = 0;
4327         u32 tmp;
4328
4329         /* Do NOT do any device initialization here.
4330          * Do it in wireless_core_init() instead.
4331          * This function is for gathering basic information about the HW, only.
4332          * Also some structs may be set up here. But most likely you want to have
4333          * that in core_init(), too.
4334          */
4335
4336         err = ssb_bus_powerup(bus, 0);
4337         if (err) {
4338                 b43err(wl, "Bus powerup failed\n");
4339                 goto out;
4340         }
4341         /* Get the PHY type. */
4342         if (dev->dev->id.revision >= 5) {
4343                 u32 tmshigh;
4344
4345                 tmshigh = ssb_read32(dev->dev, SSB_TMSHIGH);
4346                 have_2ghz_phy = !!(tmshigh & B43_TMSHIGH_HAVE_2GHZ_PHY);
4347                 have_5ghz_phy = !!(tmshigh & B43_TMSHIGH_HAVE_5GHZ_PHY);
4348         } else
4349                 B43_WARN_ON(1);
4350
4351         dev->phy.gmode = have_2ghz_phy;
4352         tmp = dev->phy.gmode ? B43_TMSLOW_GMODE : 0;
4353         b43_wireless_core_reset(dev, tmp);
4354
4355         err = b43_phy_versioning(dev);
4356         if (err)
4357                 goto err_powerdown;
4358         /* Check if this device supports multiband. */
4359         if (!pdev ||
4360             (pdev->device != 0x4312 &&
4361              pdev->device != 0x4319 && pdev->device != 0x4324)) {
4362                 /* No multiband support. */
4363                 have_2ghz_phy = 0;
4364                 have_5ghz_phy = 0;
4365                 switch (dev->phy.type) {
4366                 case B43_PHYTYPE_A:
4367                         have_5ghz_phy = 1;
4368                         break;
4369                 case B43_PHYTYPE_G:
4370                 case B43_PHYTYPE_N:
4371                         have_2ghz_phy = 1;
4372                         break;
4373                 default:
4374                         B43_WARN_ON(1);
4375                 }
4376         }
4377         if (dev->phy.type == B43_PHYTYPE_A) {
4378                 /* FIXME */
4379                 b43err(wl, "IEEE 802.11a devices are unsupported\n");
4380                 err = -EOPNOTSUPP;
4381                 goto err_powerdown;
4382         }
4383         if (1 /* disable A-PHY */) {
4384                 /* FIXME: For now we disable the A-PHY on multi-PHY devices. */
4385                 if (dev->phy.type != B43_PHYTYPE_N) {
4386                         have_2ghz_phy = 1;
4387                         have_5ghz_phy = 0;
4388                 }
4389         }
4390
4391         dev->phy.gmode = have_2ghz_phy;
4392         tmp = dev->phy.gmode ? B43_TMSLOW_GMODE : 0;
4393         b43_wireless_core_reset(dev, tmp);
4394
4395         err = b43_validate_chipaccess(dev);
4396         if (err)
4397                 goto err_powerdown;
4398         err = b43_setup_bands(dev, have_2ghz_phy, have_5ghz_phy);
4399         if (err)
4400                 goto err_powerdown;
4401
4402         /* Now set some default "current_dev" */
4403         if (!wl->current_dev)
4404                 wl->current_dev = dev;
4405         INIT_WORK(&dev->restart_work, b43_chip_reset);
4406
4407         b43_radio_turn_off(dev, 1);
4408         b43_switch_analog(dev, 0);
4409         ssb_device_disable(dev->dev, 0);
4410         ssb_bus_may_powerdown(bus);
4411
4412 out:
4413         return err;
4414
4415 err_powerdown:
4416         ssb_bus_may_powerdown(bus);
4417         return err;
4418 }
4419
4420 static void b43_one_core_detach(struct ssb_device *dev)
4421 {
4422         struct b43_wldev *wldev;
4423         struct b43_wl *wl;
4424
4425         /* Do not cancel ieee80211-workqueue based work here.
4426          * See comment in b43_remove(). */
4427
4428         wldev = ssb_get_drvdata(dev);
4429         wl = wldev->wl;
4430         b43_debugfs_remove_device(wldev);
4431         b43_wireless_core_detach(wldev);
4432         list_del(&wldev->list);
4433         wl->nr_devs--;
4434         ssb_set_drvdata(dev, NULL);
4435         kfree(wldev);
4436 }
4437
4438 static int b43_one_core_attach(struct ssb_device *dev, struct b43_wl *wl)
4439 {
4440         struct b43_wldev *wldev;
4441         struct pci_dev *pdev;
4442         int err = -ENOMEM;
4443
4444         if (!list_empty(&wl->devlist)) {
4445                 /* We are not the first core on this chip. */
4446                 pdev = dev->bus->host_pci;
4447                 /* Only special chips support more than one wireless
4448                  * core, although some of the other chips have more than
4449                  * one wireless core as well. Check for this and
4450                  * bail out early.
4451                  */
4452                 if (!pdev ||
4453                     ((pdev->device != 0x4321) &&
4454                      (pdev->device != 0x4313) && (pdev->device != 0x431A))) {
4455                         b43dbg(wl, "Ignoring unconnected 802.11 core\n");
4456                         return -ENODEV;
4457                 }
4458         }
4459
4460         wldev = kzalloc(sizeof(*wldev), GFP_KERNEL);
4461         if (!wldev)
4462                 goto out;
4463
4464         wldev->dev = dev;
4465         wldev->wl = wl;
4466         b43_set_status(wldev, B43_STAT_UNINIT);
4467         wldev->bad_frames_preempt = modparam_bad_frames_preempt;
4468         tasklet_init(&wldev->isr_tasklet,
4469                      (void (*)(unsigned long))b43_interrupt_tasklet,
4470                      (unsigned long)wldev);
4471         INIT_LIST_HEAD(&wldev->list);
4472
4473         err = b43_wireless_core_attach(wldev);
4474         if (err)
4475                 goto err_kfree_wldev;
4476
4477         list_add(&wldev->list, &wl->devlist);
4478         wl->nr_devs++;
4479         ssb_set_drvdata(dev, wldev);
4480         b43_debugfs_add_device(wldev);
4481
4482       out:
4483         return err;
4484
4485       err_kfree_wldev:
4486         kfree(wldev);
4487         return err;
4488 }
4489
4490 #define IS_PDEV(pdev, _vendor, _device, _subvendor, _subdevice)         ( \
4491         (pdev->vendor == PCI_VENDOR_ID_##_vendor) &&                    \
4492         (pdev->device == _device) &&                                    \
4493         (pdev->subsystem_vendor == PCI_VENDOR_ID_##_subvendor) &&       \
4494         (pdev->subsystem_device == _subdevice)                          )
4495
4496 static void b43_sprom_fixup(struct ssb_bus *bus)
4497 {
4498         struct pci_dev *pdev;
4499
4500         /* boardflags workarounds */
4501         if (bus->boardinfo.vendor == SSB_BOARDVENDOR_DELL &&
4502             bus->chip_id == 0x4301 && bus->boardinfo.rev == 0x74)
4503                 bus->sprom.boardflags_lo |= B43_BFL_BTCOEXIST;
4504         if (bus->boardinfo.vendor == PCI_VENDOR_ID_APPLE &&
4505             bus->boardinfo.type == 0x4E && bus->boardinfo.rev > 0x40)
4506                 bus->sprom.boardflags_lo |= B43_BFL_PACTRL;
4507         if (bus->bustype == SSB_BUSTYPE_PCI) {
4508                 pdev = bus->host_pci;
4509                 if (IS_PDEV(pdev, BROADCOM, 0x4318, ASUSTEK, 0x100F) ||
4510                     IS_PDEV(pdev, BROADCOM, 0x4320, LINKSYS, 0x0015) ||
4511                     IS_PDEV(pdev, BROADCOM, 0x4320, LINKSYS, 0x0013))
4512                         bus->sprom.boardflags_lo &= ~B43_BFL_BTCOEXIST;
4513         }
4514 }
4515
4516 static void b43_wireless_exit(struct ssb_device *dev, struct b43_wl *wl)
4517 {
4518         struct ieee80211_hw *hw = wl->hw;
4519
4520         ssb_set_devtypedata(dev, NULL);
4521         ieee80211_free_hw(hw);
4522 }
4523
4524 static int b43_wireless_init(struct ssb_device *dev)
4525 {
4526         struct ssb_sprom *sprom = &dev->bus->sprom;
4527         struct ieee80211_hw *hw;
4528         struct b43_wl *wl;
4529         int err = -ENOMEM;
4530
4531         b43_sprom_fixup(dev->bus);
4532
4533         hw = ieee80211_alloc_hw(sizeof(*wl), &b43_hw_ops);
4534         if (!hw) {
4535                 b43err(NULL, "Could not allocate ieee80211 device\n");
4536                 goto out;
4537         }
4538
4539         /* fill hw info */
4540         hw->flags = IEEE80211_HW_HOST_GEN_BEACON_TEMPLATE |
4541                     IEEE80211_HW_RX_INCLUDES_FCS;
4542         hw->max_signal = 100;
4543         hw->max_rssi = -110;
4544         hw->max_noise = -110;
4545         hw->queues = b43_modparam_qos ? 4 : 1;
4546         SET_IEEE80211_DEV(hw, dev->dev);
4547         if (is_valid_ether_addr(sprom->et1mac))
4548                 SET_IEEE80211_PERM_ADDR(hw, sprom->et1mac);
4549         else
4550                 SET_IEEE80211_PERM_ADDR(hw, sprom->il0mac);
4551
4552         /* Get and initialize struct b43_wl */
4553         wl = hw_to_b43_wl(hw);
4554         memset(wl, 0, sizeof(*wl));
4555         wl->hw = hw;
4556         spin_lock_init(&wl->irq_lock);
4557         rwlock_init(&wl->tx_lock);
4558         spin_lock_init(&wl->leds_lock);
4559         spin_lock_init(&wl->shm_lock);
4560         mutex_init(&wl->mutex);
4561         INIT_LIST_HEAD(&wl->devlist);
4562         INIT_WORK(&wl->qos_update_work, b43_qos_update_work);
4563         INIT_WORK(&wl->beacon_update_trigger, b43_beacon_update_trigger_work);
4564
4565         ssb_set_devtypedata(dev, wl);
4566         b43info(wl, "Broadcom %04X WLAN found\n", dev->bus->chip_id);
4567         err = 0;
4568       out:
4569         return err;
4570 }
4571
4572 static int b43_probe(struct ssb_device *dev, const struct ssb_device_id *id)
4573 {
4574         struct b43_wl *wl;
4575         int err;
4576         int first = 0;
4577
4578         wl = ssb_get_devtypedata(dev);
4579         if (!wl) {
4580                 /* Probing the first core. Must setup common struct b43_wl */
4581                 first = 1;
4582                 err = b43_wireless_init(dev);
4583                 if (err)
4584                         goto out;
4585                 wl = ssb_get_devtypedata(dev);
4586                 B43_WARN_ON(!wl);
4587         }
4588         err = b43_one_core_attach(dev, wl);
4589         if (err)
4590                 goto err_wireless_exit;
4591
4592         if (first) {
4593                 err = ieee80211_register_hw(wl->hw);
4594                 if (err)
4595                         goto err_one_core_detach;
4596         }
4597
4598       out:
4599         return err;
4600
4601       err_one_core_detach:
4602         b43_one_core_detach(dev);
4603       err_wireless_exit:
4604         if (first)
4605                 b43_wireless_exit(dev, wl);
4606         return err;
4607 }
4608
4609 static void b43_remove(struct ssb_device *dev)
4610 {
4611         struct b43_wl *wl = ssb_get_devtypedata(dev);
4612         struct b43_wldev *wldev = ssb_get_drvdata(dev);
4613
4614         /* We must cancel any work here before unregistering from ieee80211,
4615          * as the ieee80211 unreg will destroy the workqueue. */
4616         cancel_work_sync(&wldev->restart_work);
4617
4618         B43_WARN_ON(!wl);
4619         if (wl->current_dev == wldev)
4620                 ieee80211_unregister_hw(wl->hw);
4621
4622         b43_one_core_detach(dev);
4623
4624         if (list_empty(&wl->devlist)) {
4625                 /* Last core on the chip unregistered.
4626                  * We can destroy common struct b43_wl.
4627                  */
4628                 b43_wireless_exit(dev, wl);
4629         }
4630 }
4631
4632 /* Perform a hardware reset. This can be called from any context. */
4633 void b43_controller_restart(struct b43_wldev *dev, const char *reason)
4634 {
4635         /* Must avoid requeueing, if we are in shutdown. */
4636         if (b43_status(dev) < B43_STAT_INITIALIZED)
4637                 return;
4638         b43info(dev->wl, "Controller RESET (%s) ...\n", reason);
4639         queue_work(dev->wl->hw->workqueue, &dev->restart_work);
4640 }
4641
4642 #ifdef CONFIG_PM
4643
4644 static int b43_suspend(struct ssb_device *dev, pm_message_t state)
4645 {
4646         struct b43_wldev *wldev = ssb_get_drvdata(dev);
4647         struct b43_wl *wl = wldev->wl;
4648
4649         b43dbg(wl, "Suspending...\n");
4650
4651         mutex_lock(&wl->mutex);
4652         wldev->suspend_in_progress = true;
4653         wldev->suspend_init_status = b43_status(wldev);
4654         if (wldev->suspend_init_status >= B43_STAT_STARTED)
4655                 b43_wireless_core_stop(wldev);
4656         if (wldev->suspend_init_status >= B43_STAT_INITIALIZED)
4657                 b43_wireless_core_exit(wldev);
4658         mutex_unlock(&wl->mutex);
4659
4660         b43dbg(wl, "Device suspended.\n");
4661
4662         return 0;
4663 }
4664
4665 static int b43_resume(struct ssb_device *dev)
4666 {
4667         struct b43_wldev *wldev = ssb_get_drvdata(dev);
4668         struct b43_wl *wl = wldev->wl;
4669         int err = 0;
4670
4671         b43dbg(wl, "Resuming...\n");
4672
4673         mutex_lock(&wl->mutex);
4674         if (wldev->suspend_init_status >= B43_STAT_INITIALIZED) {
4675                 err = b43_wireless_core_init(wldev);
4676                 if (err) {
4677                         b43err(wl, "Resume failed at core init\n");
4678                         goto out;
4679                 }
4680         }
4681         if (wldev->suspend_init_status >= B43_STAT_STARTED) {
4682                 err = b43_wireless_core_start(wldev);
4683                 if (err) {
4684                         b43_leds_exit(wldev);
4685                         b43_rng_exit(wldev->wl);
4686                         b43_wireless_core_exit(wldev);
4687                         b43err(wl, "Resume failed at core start\n");
4688                         goto out;
4689                 }
4690         }
4691         b43dbg(wl, "Device resumed.\n");
4692  out:
4693         wldev->suspend_in_progress = false;
4694         mutex_unlock(&wl->mutex);
4695         return err;
4696 }
4697
4698 #else /* CONFIG_PM */
4699 # define b43_suspend    NULL
4700 # define b43_resume     NULL
4701 #endif /* CONFIG_PM */
4702
4703 static struct ssb_driver b43_ssb_driver = {
4704         .name           = KBUILD_MODNAME,
4705         .id_table       = b43_ssb_tbl,
4706         .probe          = b43_probe,
4707         .remove         = b43_remove,
4708         .suspend        = b43_suspend,
4709         .resume         = b43_resume,
4710 };
4711
4712 static void b43_print_driverinfo(void)
4713 {
4714         const char *feat_pci = "", *feat_pcmcia = "", *feat_nphy = "",
4715                    *feat_leds = "", *feat_rfkill = "";
4716
4717 #ifdef CONFIG_B43_PCI_AUTOSELECT
4718         feat_pci = "P";
4719 #endif
4720 #ifdef CONFIG_B43_PCMCIA
4721         feat_pcmcia = "M";
4722 #endif
4723 #ifdef CONFIG_B43_NPHY
4724         feat_nphy = "N";
4725 #endif
4726 #ifdef CONFIG_B43_LEDS
4727         feat_leds = "L";
4728 #endif
4729 #ifdef CONFIG_B43_RFKILL
4730         feat_rfkill = "R";
4731 #endif
4732         printk(KERN_INFO "Broadcom 43xx driver loaded "
4733                "[ Features: %s%s%s%s%s, Firmware-ID: "
4734                B43_SUPPORTED_FIRMWARE_ID " ]\n",
4735                feat_pci, feat_pcmcia, feat_nphy,
4736                feat_leds, feat_rfkill);
4737 }
4738
4739 static int __init b43_init(void)
4740 {
4741         int err;
4742
4743         b43_debugfs_init();
4744         err = b43_pcmcia_init();
4745         if (err)
4746                 goto err_dfs_exit;
4747         err = ssb_driver_register(&b43_ssb_driver);
4748         if (err)
4749                 goto err_pcmcia_exit;
4750         b43_print_driverinfo();
4751
4752         return err;
4753
4754 err_pcmcia_exit:
4755         b43_pcmcia_exit();
4756 err_dfs_exit:
4757         b43_debugfs_exit();
4758         return err;
4759 }
4760
4761 static void __exit b43_exit(void)
4762 {
4763         ssb_driver_unregister(&b43_ssb_driver);
4764         b43_pcmcia_exit();
4765         b43_debugfs_exit();
4766 }
4767
4768 module_init(b43_init)
4769 module_exit(b43_exit)
Full containers within linux kernel