search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
On Tue, Nov 06, 2007 at 02:33:53AM -0800, akpm@linux-foundation.org wrote:
[mmotm.git] / drivers / net / wireless / orinoco / main.c
blob753a1804eee7901f4d4cad5e4ac05aeff6853c53
1 /* main.c - (formerly known as dldwd_cs.c, orinoco_cs.c and orinoco.c)
2 *
3 * A driver for Hermes or Prism 2 chipset based PCMCIA wireless
4 * adaptors, with Lucent/Agere, Intersil or Symbol firmware.
5 *
6 * Current maintainers (as of 29 September 2003) are:
7 * Pavel Roskin <proski AT gnu.org>
8 * and David Gibson <hermes AT gibson.dropbear.id.au>
9 *
10 * (C) Copyright David Gibson, IBM Corporation 2001-2003.
11 * Copyright (C) 2000 David Gibson, Linuxcare Australia.
12 * With some help from :
13 * Copyright (C) 2001 Jean Tourrilhes, HP Labs
14 * Copyright (C) 2001 Benjamin Herrenschmidt
15 *
16 * Based on dummy_cs.c 1.27 2000/06/12 21:27:25
17 *
18 * Portions based on wvlan_cs.c 1.0.6, Copyright Andreas Neuhaus <andy
19 * AT fasta.fh-dortmund.de>
20 * http://www.stud.fh-dortmund.de/~andy/wvlan/
21 *
22 * The contents of this file are subject to the Mozilla Public License
23 * Version 1.1 (the "License"); you may not use this file except in
24 * compliance with the License. You may obtain a copy of the License
25 * at http://www.mozilla.org/MPL/
26 *
27 * Software distributed under the License is distributed on an "AS IS"
28 * basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See
29 * the License for the specific language governing rights and
30 * limitations under the License.
31 *
32 * The initial developer of the original code is David A. Hinds
33 * <dahinds AT users.sourceforge.net>. Portions created by David
34 * A. Hinds are Copyright (C) 1999 David A. Hinds. All Rights
35 * Reserved.
36 *
37 * Alternatively, the contents of this file may be used under the
38 * terms of the GNU General Public License version 2 (the "GPL"), in
39 * which case the provisions of the GPL are applicable instead of the
40 * above. If you wish to allow the use of your version of this file
41 * only under the terms of the GPL and not to allow others to use your
42 * version of this file under the MPL, indicate your decision by
43 * deleting the provisions above and replace them with the notice and
44 * other provisions required by the GPL. If you do not delete the
45 * provisions above, a recipient may use your version of this file
46 * under either the MPL or the GPL. */
47
48 /*
49 * TODO
50 * o Handle de-encapsulation within network layer, provide 802.11
51 * headers (patch from Thomas 'Dent' Mirlacher)
52 * o Fix possible races in SPY handling.
53 * o Disconnect wireless extensions from fundamental configuration.
54 * o (maybe) Software WEP support (patch from Stano Meduna).
55 * o (maybe) Use multiple Tx buffers - driver handling queue
56 * rather than firmware.
57 */
58
59 /* Locking and synchronization:
60 *
61 * The basic principle is that everything is serialized through a
62 * single spinlock, priv->lock. The lock is used in user, bh and irq
63 * context, so when taken outside hardirq context it should always be
64 * taken with interrupts disabled. The lock protects both the
65 * hardware and the struct orinoco_private.
66 *
67 * Another flag, priv->hw_unavailable indicates that the hardware is
68 * unavailable for an extended period of time (e.g. suspended, or in
69 * the middle of a hard reset). This flag is protected by the
70 * spinlock. All code which touches the hardware should check the
71 * flag after taking the lock, and if it is set, give up on whatever
72 * they are doing and drop the lock again. The orinoco_lock()
73 * function handles this (it unlocks and returns -EBUSY if
74 * hw_unavailable is non-zero).
75 */
76
77 #define DRIVER_NAME "orinoco"
78
79 #include <linux/module.h>
80 #include <linux/kernel.h>
81 #include <linux/init.h>
82 #include <linux/delay.h>
83 #include <linux/device.h>
84 #include <linux/netdevice.h>
85 #include <linux/etherdevice.h>
86 #include <linux/suspend.h>
87 #include <linux/if_arp.h>
88 #include <linux/wireless.h>
89 #include <linux/ieee80211.h>
90 #include <net/iw_handler.h>
91 #include <net/cfg80211.h>
92
93 #include "hermes_rid.h"
94 #include "hermes_dld.h"
95 #include "hw.h"
96 #include "scan.h"
97 #include "mic.h"
98 #include "fw.h"
99 #include "wext.h"
100 #include "cfg.h"
101 #include "main.h"
102
103 #include "orinoco.h"
104
105 /********************************************************************/
106 /* Module information */
107 /********************************************************************/
108
109 MODULE_AUTHOR("Pavel Roskin <proski@gnu.org> & "
110 "David Gibson <hermes@gibson.dropbear.id.au>");
111 MODULE_DESCRIPTION("Driver for Lucent Orinoco, Prism II based "
112 "and similar wireless cards");
113 MODULE_LICENSE("Dual MPL/GPL");
114
115 /* Level of debugging. Used in the macros in orinoco.h */
116 #ifdef ORINOCO_DEBUG
117 int orinoco_debug = ORINOCO_DEBUG;
118 EXPORT_SYMBOL(orinoco_debug);
119 module_param(orinoco_debug, int, 0644);
120 MODULE_PARM_DESC(orinoco_debug, "Debug level");
121 #endif
122
123 static int suppress_linkstatus; /* = 0 */
124 module_param(suppress_linkstatus, bool, 0644);
125 MODULE_PARM_DESC(suppress_linkstatus, "Don't log link status changes");
126
127 static int ignore_disconnect; /* = 0 */
128 module_param(ignore_disconnect, int, 0644);
129 MODULE_PARM_DESC(ignore_disconnect,
130 "Don't report lost link to the network layer");
131
132 int force_monitor; /* = 0 */
133 module_param(force_monitor, int, 0644);
134 MODULE_PARM_DESC(force_monitor, "Allow monitor mode for all firmware versions");
135
136 /********************************************************************/
137 /* Internal constants */
138 /********************************************************************/
139
140 /* 802.2 LLC/SNAP header used for Ethernet encapsulation over 802.11 */
141 static const u8 encaps_hdr[] = {0xaa, 0xaa, 0x03, 0x00, 0x00, 0x00};
142 #define ENCAPS_OVERHEAD (sizeof(encaps_hdr) + 2)
143
144 #define ORINOCO_MIN_MTU 256
145 #define ORINOCO_MAX_MTU (IEEE80211_MAX_DATA_LEN - ENCAPS_OVERHEAD)
146
147 #define MAX_IRQLOOPS_PER_IRQ 10
148 #define MAX_IRQLOOPS_PER_JIFFY (20000/HZ) /* Based on a guestimate of
149 * how many events the
150 * device could
151 * legitimately generate */
152
153 #define DUMMY_FID 0xFFFF
154
155 /*#define MAX_MULTICAST(priv) (priv->firmware_type == FIRMWARE_TYPE_AGERE ? \
156 HERMES_MAX_MULTICAST : 0)*/
157 #define MAX_MULTICAST(priv) (HERMES_MAX_MULTICAST)
158
159 #define ORINOCO_INTEN (HERMES_EV_RX | HERMES_EV_ALLOC \
160 | HERMES_EV_TX | HERMES_EV_TXEXC \
161 | HERMES_EV_WTERR | HERMES_EV_INFO \
162 | HERMES_EV_INFDROP)
163
164 /********************************************************************/
165 /* Data types */
166 /********************************************************************/
167
168 /* Beginning of the Tx descriptor, used in TxExc handling */
169 struct hermes_txexc_data {
170 struct hermes_tx_descriptor desc;
171 __le16 frame_ctl;
172 __le16 duration_id;
173 u8 addr1[ETH_ALEN];
174 } __attribute__ ((packed));
175
176 /* Rx frame header except compatibility 802.3 header */
177 struct hermes_rx_descriptor {
178 /* Control */
179 __le16 status;
180 __le32 time;
181 u8 silence;
182 u8 signal;
183 u8 rate;
184 u8 rxflow;
185 __le32 reserved;
186
187 /* 802.11 header */
188 __le16 frame_ctl;
189 __le16 duration_id;
190 u8 addr1[ETH_ALEN];
191 u8 addr2[ETH_ALEN];
192 u8 addr3[ETH_ALEN];
193 __le16 seq_ctl;
194 u8 addr4[ETH_ALEN];
195
196 /* Data length */
197 __le16 data_len;
198 } __attribute__ ((packed));
199
200 struct orinoco_rx_data {
201 struct hermes_rx_descriptor *desc;
202 struct sk_buff *skb;
203 struct list_head list;
204 };
205
206 struct orinoco_scan_data {
207 void *buf;
208 size_t len;
209 int type;
210 struct list_head list;
211 };
212
213 /********************************************************************/
214 /* Function prototypes */
215 /********************************************************************/
216
217 static int __orinoco_set_multicast_list(struct net_device *dev);
218 static int __orinoco_up(struct orinoco_private *priv);
219 static int __orinoco_down(struct orinoco_private *priv);
220 static int __orinoco_commit(struct orinoco_private *priv);
221
222 /********************************************************************/
223 /* Internal helper functions */
224 /********************************************************************/
225
226 void set_port_type(struct orinoco_private *priv)
227 {
228 switch (priv->iw_mode) {
229 case NL80211_IFTYPE_STATION:
230 priv->port_type = 1;
231 priv->createibss = 0;
232 break;
233 case NL80211_IFTYPE_ADHOC:
234 if (priv->prefer_port3) {
235 priv->port_type = 3;
236 priv->createibss = 0;
237 } else {
238 priv->port_type = priv->ibss_port;
239 priv->createibss = 1;
240 }
241 break;
242 case NL80211_IFTYPE_MONITOR:
243 priv->port_type = 3;
244 priv->createibss = 0;
245 break;
246 default:
247 printk(KERN_ERR "%s: Invalid priv->iw_mode in set_port_type()\n",
248 priv->ndev->name);
249 }
250 }
251
252 /********************************************************************/
253 /* Device methods */
254 /********************************************************************/
255
256 static int orinoco_open(struct net_device *dev)
257 {
258 struct orinoco_private *priv = ndev_priv(dev);
259 unsigned long flags;
260 int err;
261
262 if (orinoco_lock(priv, &flags) != 0)
263 return -EBUSY;
264
265 err = __orinoco_up(priv);
266
267 if (!err)
268 priv->open = 1;
269
270 orinoco_unlock(priv, &flags);
271
272 return err;
273 }
274
275 static int orinoco_stop(struct net_device *dev)
276 {
277 struct orinoco_private *priv = ndev_priv(dev);
278 int err = 0;
279
280 /* We mustn't use orinoco_lock() here, because we need to be
281 able to close the interface even if hw_unavailable is set
282 (e.g. as we're released after a PC Card removal) */
283 spin_lock_irq(&priv->lock);
284
285 priv->open = 0;
286
287 err = __orinoco_down(priv);
288
289 spin_unlock_irq(&priv->lock);
290
291 return err;
292 }
293
294 static struct net_device_stats *orinoco_get_stats(struct net_device *dev)
295 {
296 struct orinoco_private *priv = ndev_priv(dev);
297
298 return &priv->stats;
299 }
300
301 static void orinoco_set_multicast_list(struct net_device *dev)
302 {
303 struct orinoco_private *priv = ndev_priv(dev);
304 unsigned long flags;
305
306 if (orinoco_lock(priv, &flags) != 0) {
307 printk(KERN_DEBUG "%s: orinoco_set_multicast_list() "
308 "called when hw_unavailable\n", dev->name);
309 return;
310 }
311
312 __orinoco_set_multicast_list(dev);
313 orinoco_unlock(priv, &flags);
314 }
315
316 static int orinoco_change_mtu(struct net_device *dev, int new_mtu)
317 {
318 struct orinoco_private *priv = ndev_priv(dev);
319
320 if ((new_mtu < ORINOCO_MIN_MTU) || (new_mtu > ORINOCO_MAX_MTU))
321 return -EINVAL;
322
323 /* MTU + encapsulation + header length */
324 if ((new_mtu + ENCAPS_OVERHEAD + sizeof(struct ieee80211_hdr)) >
325 (priv->nicbuf_size - ETH_HLEN))
326 return -EINVAL;
327
328 dev->mtu = new_mtu;
329
330 return 0;
331 }
332
333 /********************************************************************/
334 /* Tx path */
335 /********************************************************************/
336
337 static netdev_tx_t orinoco_xmit(struct sk_buff *skb, struct net_device *dev)
338 {
339 struct orinoco_private *priv = ndev_priv(dev);
340 struct net_device_stats *stats = &priv->stats;
341 struct orinoco_tkip_key *key;
342 hermes_t *hw = &priv->hw;
343 int err = 0;
344 u16 txfid = priv->txfid;
345 struct ethhdr *eh;
346 int tx_control;
347 unsigned long flags;
348 int do_mic;
349
350 if (!netif_running(dev)) {
351 printk(KERN_ERR "%s: Tx on stopped device!\n",
352 dev->name);
353 return NETDEV_TX_BUSY;
354 }
355
356 if (netif_queue_stopped(dev)) {
357 printk(KERN_DEBUG "%s: Tx while transmitter busy!\n",
358 dev->name);
359 return NETDEV_TX_BUSY;
360 }
361
362 if (orinoco_lock(priv, &flags) != 0) {
363 printk(KERN_ERR "%s: orinoco_xmit() called while hw_unavailable\n",
364 dev->name);
365 return NETDEV_TX_BUSY;
366 }
367
368 if (!netif_carrier_ok(dev) ||
369 (priv->iw_mode == NL80211_IFTYPE_MONITOR)) {
370 /* Oops, the firmware hasn't established a connection,
371 silently drop the packet (this seems to be the
372 safest approach). */
373 goto drop;
374 }
375
376 /* Check packet length */
377 if (skb->len < ETH_HLEN)
378 goto drop;
379
380 key = (struct orinoco_tkip_key *) priv->keys[priv->tx_key].key;
381
382 do_mic = ((priv->encode_alg == ORINOCO_ALG_TKIP) &&
383 (key != NULL));
384
385 tx_control = HERMES_TXCTRL_TX_OK | HERMES_TXCTRL_TX_EX;
386
387 if (do_mic)
388 tx_control |= (priv->tx_key << HERMES_MIC_KEY_ID_SHIFT) |
389 HERMES_TXCTRL_MIC;
390
391 if (priv->has_alt_txcntl) {
392 /* WPA enabled firmwares have tx_cntl at the end of
393 * the 802.11 header. So write zeroed descriptor and
394 * 802.11 header at the same time
395 */
396 char desc[HERMES_802_3_OFFSET];
397 __le16 *txcntl = (__le16 *) &desc[HERMES_TXCNTL2_OFFSET];
398
399 memset(&desc, 0, sizeof(desc));
400
401 *txcntl = cpu_to_le16(tx_control);
402 err = hermes_bap_pwrite(hw, USER_BAP, &desc, sizeof(desc),
403 txfid, 0);
404 if (err) {
405 if (net_ratelimit())
406 printk(KERN_ERR "%s: Error %d writing Tx "
407 "descriptor to BAP\n", dev->name, err);
408 goto busy;
409 }
410 } else {
411 struct hermes_tx_descriptor desc;
412
413 memset(&desc, 0, sizeof(desc));
414
415 desc.tx_control = cpu_to_le16(tx_control);
416 err = hermes_bap_pwrite(hw, USER_BAP, &desc, sizeof(desc),
417 txfid, 0);
418 if (err) {
419 if (net_ratelimit())
420 printk(KERN_ERR "%s: Error %d writing Tx "
421 "descriptor to BAP\n", dev->name, err);
422 goto busy;
423 }
424
425 /* Clear the 802.11 header and data length fields - some
426 * firmwares (e.g. Lucent/Agere 8.xx) appear to get confused
427 * if this isn't done. */
428 hermes_clear_words(hw, HERMES_DATA0,
429 HERMES_802_3_OFFSET - HERMES_802_11_OFFSET);
430 }
431
432 eh = (struct ethhdr *)skb->data;
433
434 /* Encapsulate Ethernet-II frames */
435 if (ntohs(eh->h_proto) > ETH_DATA_LEN) { /* Ethernet-II frame */
436 struct header_struct {
437 struct ethhdr eth; /* 802.3 header */
438 u8 encap[6]; /* 802.2 header */
439 } __attribute__ ((packed)) hdr;
440
441 /* Strip destination and source from the data */
442 skb_pull(skb, 2 * ETH_ALEN);
443
444 /* And move them to a separate header */
445 memcpy(&hdr.eth, eh, 2 * ETH_ALEN);
446 hdr.eth.h_proto = htons(sizeof(encaps_hdr) + skb->len);
447 memcpy(hdr.encap, encaps_hdr, sizeof(encaps_hdr));
448
449 /* Insert the SNAP header */
450 if (skb_headroom(skb) < sizeof(hdr)) {
451 printk(KERN_ERR
452 "%s: Not enough headroom for 802.2 headers %d\n",
453 dev->name, skb_headroom(skb));
454 goto drop;
455 }
456 eh = (struct ethhdr *) skb_push(skb, sizeof(hdr));
457 memcpy(eh, &hdr, sizeof(hdr));
458 }
459
460 err = hermes_bap_pwrite(hw, USER_BAP, skb->data, skb->len,
461 txfid, HERMES_802_3_OFFSET);
462 if (err) {
463 printk(KERN_ERR "%s: Error %d writing packet to BAP\n",
464 dev->name, err);
465 goto busy;
466 }
467
468 /* Calculate Michael MIC */
469 if (do_mic) {
470 u8 mic_buf[MICHAEL_MIC_LEN + 1];
471 u8 *mic;
472 size_t offset;
473 size_t len;
474
475 if (skb->len % 2) {
476 /* MIC start is on an odd boundary */
477 mic_buf[0] = skb->data[skb->len - 1];
478 mic = &mic_buf[1];
479 offset = skb->len - 1;
480 len = MICHAEL_MIC_LEN + 1;
481 } else {
482 mic = &mic_buf[0];
483 offset = skb->len;
484 len = MICHAEL_MIC_LEN;
485 }
486
487 orinoco_mic(priv->tx_tfm_mic, key->tx_mic,
488 eh->h_dest, eh->h_source, 0 /* priority */,
489 skb->data + ETH_HLEN, skb->len - ETH_HLEN, mic);
490
491 /* Write the MIC */
492 err = hermes_bap_pwrite(hw, USER_BAP, &mic_buf[0], len,
493 txfid, HERMES_802_3_OFFSET + offset);
494 if (err) {
495 printk(KERN_ERR "%s: Error %d writing MIC to BAP\n",
496 dev->name, err);
497 goto busy;
498 }
499 }
500
501 /* Finally, we actually initiate the send */
502 netif_stop_queue(dev);
503
504 err = hermes_docmd_wait(hw, HERMES_CMD_TX | HERMES_CMD_RECL,
505 txfid, NULL);
506 if (err) {
507 netif_start_queue(dev);
508 if (net_ratelimit())
509 printk(KERN_ERR "%s: Error %d transmitting packet\n",
510 dev->name, err);
511 goto busy;
512 }
513
514 dev->trans_start = jiffies;
515 stats->tx_bytes += HERMES_802_3_OFFSET + skb->len;
516 goto ok;
517
518 drop:
519 stats->tx_errors++;
520 stats->tx_dropped++;
521
522 ok:
523 orinoco_unlock(priv, &flags);
524 dev_kfree_skb(skb);
525 return NETDEV_TX_OK;
526
527 busy:
528 if (err == -EIO)
529 schedule_work(&priv->reset_work);
530 orinoco_unlock(priv, &flags);
531 return NETDEV_TX_BUSY;
532 }
533
534 static void __orinoco_ev_alloc(struct net_device *dev, hermes_t *hw)
535 {
536 struct orinoco_private *priv = ndev_priv(dev);
537 u16 fid = hermes_read_regn(hw, ALLOCFID);
538
539 if (fid != priv->txfid) {
540 if (fid != DUMMY_FID)
541 printk(KERN_WARNING "%s: Allocate event on unexpected fid (%04X)\n",
542 dev->name, fid);
543 return;
544 }
545
546 hermes_write_regn(hw, ALLOCFID, DUMMY_FID);
547 }
548
549 static void __orinoco_ev_tx(struct net_device *dev, hermes_t *hw)
550 {
551 struct orinoco_private *priv = ndev_priv(dev);
552 struct net_device_stats *stats = &priv->stats;
553
554 stats->tx_packets++;
555
556 netif_wake_queue(dev);
557
558 hermes_write_regn(hw, TXCOMPLFID, DUMMY_FID);
559 }
560
561 static void __orinoco_ev_txexc(struct net_device *dev, hermes_t *hw)
562 {
563 struct orinoco_private *priv = ndev_priv(dev);
564 struct net_device_stats *stats = &priv->stats;
565 u16 fid = hermes_read_regn(hw, TXCOMPLFID);
566 u16 status;
567 struct hermes_txexc_data hdr;
568 int err = 0;
569
570 if (fid == DUMMY_FID)
571 return; /* Nothing's really happened */
572
573 /* Read part of the frame header - we need status and addr1 */
574 err = hermes_bap_pread(hw, IRQ_BAP, &hdr,
575 sizeof(struct hermes_txexc_data),
576 fid, 0);
577
578 hermes_write_regn(hw, TXCOMPLFID, DUMMY_FID);
579 stats->tx_errors++;
580
581 if (err) {
582 printk(KERN_WARNING "%s: Unable to read descriptor on Tx error "
583 "(FID=%04X error %d)\n",
584 dev->name, fid, err);
585 return;
586 }
587
588 DEBUG(1, "%s: Tx error, err %d (FID=%04X)\n", dev->name,
589 err, fid);
590
591 /* We produce a TXDROP event only for retry or lifetime
592 * exceeded, because that's the only status that really mean
593 * that this particular node went away.
594 * Other errors means that *we* screwed up. - Jean II */
595 status = le16_to_cpu(hdr.desc.status);
596 if (status & (HERMES_TXSTAT_RETRYERR | HERMES_TXSTAT_AGEDERR)) {
597 union iwreq_data wrqu;
598
599 /* Copy 802.11 dest address.
600 * We use the 802.11 header because the frame may
601 * not be 802.3 or may be mangled...
602 * In Ad-Hoc mode, it will be the node address.
603 * In managed mode, it will be most likely the AP addr
604 * User space will figure out how to convert it to
605 * whatever it needs (IP address or else).
606 * - Jean II */
607 memcpy(wrqu.addr.sa_data, hdr.addr1, ETH_ALEN);
608 wrqu.addr.sa_family = ARPHRD_ETHER;
609
610 /* Send event to user space */
611 wireless_send_event(dev, IWEVTXDROP, &wrqu, NULL);
612 }
613
614 netif_wake_queue(dev);
615 }
616
617 static void orinoco_tx_timeout(struct net_device *dev)
618 {
619 struct orinoco_private *priv = ndev_priv(dev);
620 struct net_device_stats *stats = &priv->stats;
621 struct hermes *hw = &priv->hw;
622
623 printk(KERN_WARNING "%s: Tx timeout! "
624 "ALLOCFID=%04x, TXCOMPLFID=%04x, EVSTAT=%04x\n",
625 dev->name, hermes_read_regn(hw, ALLOCFID),
626 hermes_read_regn(hw, TXCOMPLFID), hermes_read_regn(hw, EVSTAT));
627
628 stats->tx_errors++;
629
630 schedule_work(&priv->reset_work);
631 }
632
633 /********************************************************************/
634 /* Rx path (data frames) */
635 /********************************************************************/
636
637 /* Does the frame have a SNAP header indicating it should be
638 * de-encapsulated to Ethernet-II? */
639 static inline int is_ethersnap(void *_hdr)
640 {
641 u8 *hdr = _hdr;
642
643 /* We de-encapsulate all packets which, a) have SNAP headers
644 * (i.e. SSAP=DSAP=0xaa and CTRL=0x3 in the 802.2 LLC header
645 * and where b) the OUI of the SNAP header is 00:00:00 or
646 * 00:00:f8 - we need both because different APs appear to use
647 * different OUIs for some reason */
648 return (memcmp(hdr, &encaps_hdr, 5) == 0)
649 && ((hdr[5] == 0x00) || (hdr[5] == 0xf8));
650 }
651
652 static inline void orinoco_spy_gather(struct net_device *dev, u_char *mac,
653 int level, int noise)
654 {
655 struct iw_quality wstats;
656 wstats.level = level - 0x95;
657 wstats.noise = noise - 0x95;
658 wstats.qual = (level > noise) ? (level - noise) : 0;
659 wstats.updated = IW_QUAL_ALL_UPDATED | IW_QUAL_DBM;
660 /* Update spy records */
661 wireless_spy_update(dev, mac, &wstats);
662 }
663
664 static void orinoco_stat_gather(struct net_device *dev,
665 struct sk_buff *skb,
666 struct hermes_rx_descriptor *desc)
667 {
668 struct orinoco_private *priv = ndev_priv(dev);
669
670 /* Using spy support with lots of Rx packets, like in an
671 * infrastructure (AP), will really slow down everything, because
672 * the MAC address must be compared to each entry of the spy list.
673 * If the user really asks for it (set some address in the
674 * spy list), we do it, but he will pay the price.
675 * Note that to get here, you need both WIRELESS_SPY
676 * compiled in AND some addresses in the list !!!
677 */
678 /* Note : gcc will optimise the whole section away if
679 * WIRELESS_SPY is not defined... - Jean II */
680 if (SPY_NUMBER(priv)) {
681 orinoco_spy_gather(dev, skb_mac_header(skb) + ETH_ALEN,
682 desc->signal, desc->silence);
683 }
684 }
685
686 /*
687 * orinoco_rx_monitor - handle received monitor frames.
688 *
689 * Arguments:
690 * dev network device
691 * rxfid received FID
692 * desc rx descriptor of the frame
693 *
694 * Call context: interrupt
695 */
696 static void orinoco_rx_monitor(struct net_device *dev, u16 rxfid,
697 struct hermes_rx_descriptor *desc)
698 {
699 u32 hdrlen = 30; /* return full header by default */
700 u32 datalen = 0;
701 u16 fc;
702 int err;
703 int len;
704 struct sk_buff *skb;
705 struct orinoco_private *priv = ndev_priv(dev);
706 struct net_device_stats *stats = &priv->stats;
707 hermes_t *hw = &priv->hw;
708
709 len = le16_to_cpu(desc->data_len);
710
711 /* Determine the size of the header and the data */
712 fc = le16_to_cpu(desc->frame_ctl);
713 switch (fc & IEEE80211_FCTL_FTYPE) {
714 case IEEE80211_FTYPE_DATA:
715 if ((fc & IEEE80211_FCTL_TODS)
716 && (fc & IEEE80211_FCTL_FROMDS))
717 hdrlen = 30;
718 else
719 hdrlen = 24;
720 datalen = len;
721 break;
722 case IEEE80211_FTYPE_MGMT:
723 hdrlen = 24;
724 datalen = len;
725 break;
726 case IEEE80211_FTYPE_CTL:
727 switch (fc & IEEE80211_FCTL_STYPE) {
728 case IEEE80211_STYPE_PSPOLL:
729 case IEEE80211_STYPE_RTS:
730 case IEEE80211_STYPE_CFEND:
731 case IEEE80211_STYPE_CFENDACK:
732 hdrlen = 16;
733 break;
734 case IEEE80211_STYPE_CTS:
735 case IEEE80211_STYPE_ACK:
736 hdrlen = 10;
737 break;
738 }
739 break;
740 default:
741 /* Unknown frame type */
742 break;
743 }
744
745 /* sanity check the length */
746 if (datalen > IEEE80211_MAX_DATA_LEN + 12) {
747 printk(KERN_DEBUG "%s: oversized monitor frame, "
748 "data length = %d\n", dev->name, datalen);
749 stats->rx_length_errors++;
750 goto update_stats;
751 }
752
753 skb = dev_alloc_skb(hdrlen + datalen);
754 if (!skb) {
755 printk(KERN_WARNING "%s: Cannot allocate skb for monitor frame\n",
756 dev->name);
757 goto update_stats;
758 }
759
760 /* Copy the 802.11 header to the skb */
761 memcpy(skb_put(skb, hdrlen), &(desc->frame_ctl), hdrlen);
762 skb_reset_mac_header(skb);
763
764 /* If any, copy the data from the card to the skb */
765 if (datalen > 0) {
766 err = hermes_bap_pread(hw, IRQ_BAP, skb_put(skb, datalen),
767 ALIGN(datalen, 2), rxfid,
768 HERMES_802_2_OFFSET);
769 if (err) {
770 printk(KERN_ERR "%s: error %d reading monitor frame\n",
771 dev->name, err);
772 goto drop;
773 }
774 }
775
776 skb->dev = dev;
777 skb->ip_summed = CHECKSUM_NONE;
778 skb->pkt_type = PACKET_OTHERHOST;
779 skb->protocol = cpu_to_be16(ETH_P_802_2);
780
781 stats->rx_packets++;
782 stats->rx_bytes += skb->len;
783
784 netif_rx(skb);
785 return;
786
787 drop:
788 dev_kfree_skb_irq(skb);
789 update_stats:
790 stats->rx_errors++;
791 stats->rx_dropped++;
792 }
793
794 static void __orinoco_ev_rx(struct net_device *dev, hermes_t *hw)
795 {
796 struct orinoco_private *priv = ndev_priv(dev);
797 struct net_device_stats *stats = &priv->stats;
798 struct iw_statistics *wstats = &priv->wstats;
799 struct sk_buff *skb = NULL;
800 u16 rxfid, status;
801 int length;
802 struct hermes_rx_descriptor *desc;
803 struct orinoco_rx_data *rx_data;
804 int err;
805
806 desc = kmalloc(sizeof(*desc), GFP_ATOMIC);
807 if (!desc) {
808 printk(KERN_WARNING
809 "%s: Can't allocate space for RX descriptor\n",
810 dev->name);
811 goto update_stats;
812 }
813
814 rxfid = hermes_read_regn(hw, RXFID);
815
816 err = hermes_bap_pread(hw, IRQ_BAP, desc, sizeof(*desc),
817 rxfid, 0);
818 if (err) {
819 printk(KERN_ERR "%s: error %d reading Rx descriptor. "
820 "Frame dropped.\n", dev->name, err);
821 goto update_stats;
822 }
823
824 status = le16_to_cpu(desc->status);
825
826 if (status & HERMES_RXSTAT_BADCRC) {
827 DEBUG(1, "%s: Bad CRC on Rx. Frame dropped.\n",
828 dev->name);
829 stats->rx_crc_errors++;
830 goto update_stats;
831 }
832
833 /* Handle frames in monitor mode */
834 if (priv->iw_mode == NL80211_IFTYPE_MONITOR) {
835 orinoco_rx_monitor(dev, rxfid, desc);
836 goto out;
837 }
838
839 if (status & HERMES_RXSTAT_UNDECRYPTABLE) {
840 DEBUG(1, "%s: Undecryptable frame on Rx. Frame dropped.\n",
841 dev->name);
842 wstats->discard.code++;
843 goto update_stats;
844 }
845
846 length = le16_to_cpu(desc->data_len);
847
848 /* Sanity checks */
849 if (length < 3) { /* No for even an 802.2 LLC header */
850 /* At least on Symbol firmware with PCF we get quite a
851 lot of these legitimately - Poll frames with no
852 data. */
853 goto out;
854 }
855 if (length > IEEE80211_MAX_DATA_LEN) {
856 printk(KERN_WARNING "%s: Oversized frame received (%d bytes)\n",
857 dev->name, length);
858 stats->rx_length_errors++;
859 goto update_stats;
860 }
861
862 /* Payload size does not include Michael MIC. Increase payload
863 * size to read it together with the data. */
864 if (status & HERMES_RXSTAT_MIC)
865 length += MICHAEL_MIC_LEN;
866
867 /* We need space for the packet data itself, plus an ethernet
868 header, plus 2 bytes so we can align the IP header on a
869 32bit boundary, plus 1 byte so we can read in odd length
870 packets from the card, which has an IO granularity of 16
871 bits */
872 skb = dev_alloc_skb(length+ETH_HLEN+2+1);
873 if (!skb) {
874 printk(KERN_WARNING "%s: Can't allocate skb for Rx\n",
875 dev->name);
876 goto update_stats;
877 }
878
879 /* We'll prepend the header, so reserve space for it. The worst
880 case is no decapsulation, when 802.3 header is prepended and
881 nothing is removed. 2 is for aligning the IP header. */
882 skb_reserve(skb, ETH_HLEN + 2);
883
884 err = hermes_bap_pread(hw, IRQ_BAP, skb_put(skb, length),
885 ALIGN(length, 2), rxfid,
886 HERMES_802_2_OFFSET);
887 if (err) {
888 printk(KERN_ERR "%s: error %d reading frame. "
889 "Frame dropped.\n", dev->name, err);
890 goto drop;
891 }
892
893 /* Add desc and skb to rx queue */
894 rx_data = kzalloc(sizeof(*rx_data), GFP_ATOMIC);
895 if (!rx_data) {
896 printk(KERN_WARNING "%s: Can't allocate RX packet\n",
897 dev->name);
898 goto drop;
899 }
900 rx_data->desc = desc;
901 rx_data->skb = skb;
902 list_add_tail(&rx_data->list, &priv->rx_list);
903 tasklet_schedule(&priv->rx_tasklet);
904
905 return;
906
907 drop:
908 dev_kfree_skb_irq(skb);
909 update_stats:
910 stats->rx_errors++;
911 stats->rx_dropped++;
912 out:
913 kfree(desc);
914 }
915
916 static void orinoco_rx(struct net_device *dev,
917 struct hermes_rx_descriptor *desc,
918 struct sk_buff *skb)
919 {
920 struct orinoco_private *priv = ndev_priv(dev);
921 struct net_device_stats *stats = &priv->stats;
922 u16 status, fc;
923 int length;
924 struct ethhdr *hdr;
925
926 status = le16_to_cpu(desc->status);
927 length = le16_to_cpu(desc->data_len);
928 fc = le16_to_cpu(desc->frame_ctl);
929
930 /* Calculate and check MIC */
931 if (status & HERMES_RXSTAT_MIC) {
932 struct orinoco_tkip_key *key;
933 int key_id = ((status & HERMES_RXSTAT_MIC_KEY_ID) >>
934 HERMES_MIC_KEY_ID_SHIFT);
935 u8 mic[MICHAEL_MIC_LEN];
936 u8 *rxmic;
937 u8 *src = (fc & IEEE80211_FCTL_FROMDS) ?
938 desc->addr3 : desc->addr2;
939
940 /* Extract Michael MIC from payload */
941 rxmic = skb->data + skb->len - MICHAEL_MIC_LEN;
942
943 skb_trim(skb, skb->len - MICHAEL_MIC_LEN);
944 length -= MICHAEL_MIC_LEN;
945
946 key = (struct orinoco_tkip_key *) priv->keys[key_id].key;
947
948 if (!key) {
949 printk(KERN_WARNING "%s: Received encrypted frame from "
950 "%pM using key %i, but key is not installed\n",
951 dev->name, src, key_id);
952 goto drop;
953 }
954
955 orinoco_mic(priv->rx_tfm_mic, key->rx_mic, desc->addr1, src,
956 0, /* priority or QoS? */
957 skb->data, skb->len, &mic[0]);
958
959 if (memcmp(mic, rxmic,
960 MICHAEL_MIC_LEN)) {
961 union iwreq_data wrqu;
962 struct iw_michaelmicfailure wxmic;
963
964 printk(KERN_WARNING "%s: "
965 "Invalid Michael MIC in data frame from %pM, "
966 "using key %i\n",
967 dev->name, src, key_id);
968
969 /* TODO: update stats */
970
971 /* Notify userspace */
972 memset(&wxmic, 0, sizeof(wxmic));
973 wxmic.flags = key_id & IW_MICFAILURE_KEY_ID;
974 wxmic.flags |= (desc->addr1[0] & 1) ?
975 IW_MICFAILURE_GROUP : IW_MICFAILURE_PAIRWISE;
976 wxmic.src_addr.sa_family = ARPHRD_ETHER;
977 memcpy(wxmic.src_addr.sa_data, src, ETH_ALEN);
978
979 (void) orinoco_hw_get_tkip_iv(priv, key_id,
980 &wxmic.tsc[0]);
981
982 memset(&wrqu, 0, sizeof(wrqu));
983 wrqu.data.length = sizeof(wxmic);
984 wireless_send_event(dev, IWEVMICHAELMICFAILURE, &wrqu,
985 (char *) &wxmic);
986
987 goto drop;
988 }
989 }
990
991 /* Handle decapsulation
992 * In most cases, the firmware tell us about SNAP frames.
993 * For some reason, the SNAP frames sent by LinkSys APs
994 * are not properly recognised by most firmwares.
995 * So, check ourselves */
996 if (length >= ENCAPS_OVERHEAD &&
997 (((status & HERMES_RXSTAT_MSGTYPE) == HERMES_RXSTAT_1042) ||
998 ((status & HERMES_RXSTAT_MSGTYPE) == HERMES_RXSTAT_TUNNEL) ||
999 is_ethersnap(skb->data))) {
1000 /* These indicate a SNAP within 802.2 LLC within
1001 802.11 frame which we'll need to de-encapsulate to
1002 the original EthernetII frame. */
1003 hdr = (struct ethhdr *)skb_push(skb,
1004 ETH_HLEN - ENCAPS_OVERHEAD);
1005 } else {
1006 /* 802.3 frame - prepend 802.3 header as is */
1007 hdr = (struct ethhdr *)skb_push(skb, ETH_HLEN);
1008 hdr->h_proto = htons(length);
1009 }
1010 memcpy(hdr->h_dest, desc->addr1, ETH_ALEN);
1011 if (fc & IEEE80211_FCTL_FROMDS)
1012 memcpy(hdr->h_source, desc->addr3, ETH_ALEN);
1013 else
1014 memcpy(hdr->h_source, desc->addr2, ETH_ALEN);
1015
1016 skb->protocol = eth_type_trans(skb, dev);
1017 skb->ip_summed = CHECKSUM_NONE;
1018 if (fc & IEEE80211_FCTL_TODS)
1019 skb->pkt_type = PACKET_OTHERHOST;
1020
1021 /* Process the wireless stats if needed */
1022 orinoco_stat_gather(dev, skb, desc);
1023
1024 /* Pass the packet to the networking stack */
1025 netif_rx(skb);
1026 stats->rx_packets++;
1027 stats->rx_bytes += length;
1028
1029 return;
1030
1031 drop:
1032 dev_kfree_skb(skb);
1033 stats->rx_errors++;
1034 stats->rx_dropped++;
1035 }
1036
1037 static void orinoco_rx_isr_tasklet(unsigned long data)
1038 {
1039 struct orinoco_private *priv = (struct orinoco_private *) data;
1040 struct net_device *dev = priv->ndev;
1041 struct orinoco_rx_data *rx_data, *temp;
1042 struct hermes_rx_descriptor *desc;
1043 struct sk_buff *skb;
1044 unsigned long flags;
1045
1046 /* orinoco_rx requires the driver lock, and we also need to
1047 * protect priv->rx_list, so just hold the lock over the
1048 * lot.
1049 *
1050 * If orinoco_lock fails, we've unplugged the card. In this
1051 * case just abort. */
1052 if (orinoco_lock(priv, &flags) != 0)
1053 return;
1054
1055 /* extract desc and skb from queue */
1056 list_for_each_entry_safe(rx_data, temp, &priv->rx_list, list) {
1057 desc = rx_data->desc;
1058 skb = rx_data->skb;
1059 list_del(&rx_data->list);
1060 kfree(rx_data);
1061
1062 orinoco_rx(dev, desc, skb);
1063
1064 kfree(desc);
1065 }
1066
1067 orinoco_unlock(priv, &flags);
1068 }
1069
1070 /********************************************************************/
1071 /* Rx path (info frames) */
1072 /********************************************************************/
1073
1074 static void print_linkstatus(struct net_device *dev, u16 status)
1075 {
1076 char *s;
1077
1078 if (suppress_linkstatus)
1079 return;
1080
1081 switch (status) {
1082 case HERMES_LINKSTATUS_NOT_CONNECTED:
1083 s = "Not Connected";
1084 break;
1085 case HERMES_LINKSTATUS_CONNECTED:
1086 s = "Connected";
1087 break;
1088 case HERMES_LINKSTATUS_DISCONNECTED:
1089 s = "Disconnected";
1090 break;
1091 case HERMES_LINKSTATUS_AP_CHANGE:
1092 s = "AP Changed";
1093 break;
1094 case HERMES_LINKSTATUS_AP_OUT_OF_RANGE:
1095 s = "AP Out of Range";
1096 break;
1097 case HERMES_LINKSTATUS_AP_IN_RANGE:
1098 s = "AP In Range";
1099 break;
1100 case HERMES_LINKSTATUS_ASSOC_FAILED:
1101 s = "Association Failed";
1102 break;
1103 default:
1104 s = "UNKNOWN";
1105 }
1106
1107 printk(KERN_DEBUG "%s: New link status: %s (%04x)\n",
1108 dev->name, s, status);
1109 }
1110
1111 /* Search scan results for requested BSSID, join it if found */
1112 static void orinoco_join_ap(struct work_struct *work)
1113 {
1114 struct orinoco_private *priv =
1115 container_of(work, struct orinoco_private, join_work);
1116 struct net_device *dev = priv->ndev;
1117 struct hermes *hw = &priv->hw;
1118 int err;
1119 unsigned long flags;
1120 struct join_req {
1121 u8 bssid[ETH_ALEN];
1122 __le16 channel;
1123 } __attribute__ ((packed)) req;
1124 const int atom_len = offsetof(struct prism2_scan_apinfo, atim);
1125 struct prism2_scan_apinfo *atom = NULL;
1126 int offset = 4;
1127 int found = 0;
1128 u8 *buf;
1129 u16 len;
1130
1131 /* Allocate buffer for scan results */
1132 buf = kmalloc(MAX_SCAN_LEN, GFP_KERNEL);
1133 if (!buf)
1134 return;
1135
1136 if (orinoco_lock(priv, &flags) != 0)
1137 goto fail_lock;
1138
1139 /* Sanity checks in case user changed something in the meantime */
1140 if (!priv->bssid_fixed)
1141 goto out;
1142
1143 if (strlen(priv->desired_essid) == 0)
1144 goto out;
1145
1146 /* Read scan results from the firmware */
1147 err = hermes_read_ltv(hw, USER_BAP,
1148 HERMES_RID_SCANRESULTSTABLE,
1149 MAX_SCAN_LEN, &len, buf);
1150 if (err) {
1151 printk(KERN_ERR "%s: Cannot read scan results\n",
1152 dev->name);
1153 goto out;
1154 }
1155
1156 len = HERMES_RECLEN_TO_BYTES(len);
1157
1158 /* Go through the scan results looking for the channel of the AP
1159 * we were requested to join */
1160 for (; offset + atom_len <= len; offset += atom_len) {
1161 atom = (struct prism2_scan_apinfo *) (buf + offset);
1162 if (memcmp(&atom->bssid, priv->desired_bssid, ETH_ALEN) == 0) {
1163 found = 1;
1164 break;
1165 }
1166 }
1167
1168 if (!found) {
1169 DEBUG(1, "%s: Requested AP not found in scan results\n",
1170 dev->name);
1171 goto out;
1172 }
1173
1174 memcpy(req.bssid, priv->desired_bssid, ETH_ALEN);
1175 req.channel = atom->channel; /* both are little-endian */
1176 err = HERMES_WRITE_RECORD(hw, USER_BAP, HERMES_RID_CNFJOINREQUEST,
1177 &req);
1178 if (err)
1179 printk(KERN_ERR "%s: Error issuing join request\n", dev->name);
1180
1181 out:
1182 orinoco_unlock(priv, &flags);
1183
1184 fail_lock:
1185 kfree(buf);
1186 }
1187
1188 /* Send new BSSID to userspace */
1189 static void orinoco_send_bssid_wevent(struct orinoco_private *priv)
1190 {
1191 struct net_device *dev = priv->ndev;
1192 struct hermes *hw = &priv->hw;
1193 union iwreq_data wrqu;
1194 int err;
1195
1196 err = hermes_read_ltv(hw, USER_BAP, HERMES_RID_CURRENTBSSID,
1197 ETH_ALEN, NULL, wrqu.ap_addr.sa_data);
1198 if (err != 0)
1199 return;
1200
1201 wrqu.ap_addr.sa_family = ARPHRD_ETHER;
1202
1203 /* Send event to user space */
1204 wireless_send_event(dev, SIOCGIWAP, &wrqu, NULL);
1205 }
1206
1207 static void orinoco_send_assocreqie_wevent(struct orinoco_private *priv)
1208 {
1209 struct net_device *dev = priv->ndev;
1210 struct hermes *hw = &priv->hw;
1211 union iwreq_data wrqu;
1212 int err;
1213 u8 buf[88];
1214 u8 *ie;
1215
1216 if (!priv->has_wpa)
1217 return;
1218
1219 err = hermes_read_ltv(hw, USER_BAP, HERMES_RID_CURRENT_ASSOC_REQ_INFO,
1220 sizeof(buf), NULL, &buf);
1221 if (err != 0)
1222 return;
1223
1224 ie = orinoco_get_wpa_ie(buf, sizeof(buf));
1225 if (ie) {
1226 int rem = sizeof(buf) - (ie - &buf[0]);
1227 wrqu.data.length = ie[1] + 2;
1228 if (wrqu.data.length > rem)
1229 wrqu.data.length = rem;
1230
1231 if (wrqu.data.length)
1232 /* Send event to user space */
1233 wireless_send_event(dev, IWEVASSOCREQIE, &wrqu, ie);
1234 }
1235 }
1236
1237 static void orinoco_send_assocrespie_wevent(struct orinoco_private *priv)
1238 {
1239 struct net_device *dev = priv->ndev;
1240 struct hermes *hw = &priv->hw;
1241 union iwreq_data wrqu;
1242 int err;
1243 u8 buf[88]; /* TODO: verify max size or IW_GENERIC_IE_MAX */
1244 u8 *ie;
1245
1246 if (!priv->has_wpa)
1247 return;
1248
1249 err = hermes_read_ltv(hw, USER_BAP, HERMES_RID_CURRENT_ASSOC_RESP_INFO,
1250 sizeof(buf), NULL, &buf);
1251 if (err != 0)
1252 return;
1253
1254 ie = orinoco_get_wpa_ie(buf, sizeof(buf));
1255 if (ie) {
1256 int rem = sizeof(buf) - (ie - &buf[0]);
1257 wrqu.data.length = ie[1] + 2;
1258 if (wrqu.data.length > rem)
1259 wrqu.data.length = rem;
1260
1261 if (wrqu.data.length)
1262 /* Send event to user space */
1263 wireless_send_event(dev, IWEVASSOCRESPIE, &wrqu, ie);
1264 }
1265 }
1266
1267 static void orinoco_send_wevents(struct work_struct *work)
1268 {
1269 struct orinoco_private *priv =
1270 container_of(work, struct orinoco_private, wevent_work);
1271 unsigned long flags;
1272
1273 if (orinoco_lock(priv, &flags) != 0)
1274 return;
1275
1276 orinoco_send_assocreqie_wevent(priv);
1277 orinoco_send_assocrespie_wevent(priv);
1278 orinoco_send_bssid_wevent(priv);
1279
1280 orinoco_unlock(priv, &flags);
1281 }
1282
1283 static void qbuf_scan(struct orinoco_private *priv, void *buf,
1284 int len, int type)
1285 {
1286 struct orinoco_scan_data *sd;
1287 unsigned long flags;
1288
1289 sd = kmalloc(sizeof(*sd), GFP_ATOMIC);
1290 sd->buf = buf;
1291 sd->len = len;
1292 sd->type = type;
1293
1294 spin_lock_irqsave(&priv->scan_lock, flags);
1295 list_add_tail(&sd->list, &priv->scan_list);
1296 spin_unlock_irqrestore(&priv->scan_lock, flags);
1297
1298 schedule_work(&priv->process_scan);
1299 }
1300
1301 static void qabort_scan(struct orinoco_private *priv)
1302 {
1303 struct orinoco_scan_data *sd;
1304 unsigned long flags;
1305
1306 sd = kmalloc(sizeof(*sd), GFP_ATOMIC);
1307 sd->len = -1; /* Abort */
1308
1309 spin_lock_irqsave(&priv->scan_lock, flags);
1310 list_add_tail(&sd->list, &priv->scan_list);
1311 spin_unlock_irqrestore(&priv->scan_lock, flags);
1312
1313 schedule_work(&priv->process_scan);
1314 }
1315
1316 static void orinoco_process_scan_results(struct work_struct *work)
1317 {
1318 struct orinoco_private *priv =
1319 container_of(work, struct orinoco_private, process_scan);
1320 struct orinoco_scan_data *sd, *temp;
1321 unsigned long flags;
1322 void *buf;
1323 int len;
1324 int type;
1325
1326 spin_lock_irqsave(&priv->scan_lock, flags);
1327 list_for_each_entry_safe(sd, temp, &priv->scan_list, list) {
1328 spin_unlock_irqrestore(&priv->scan_lock, flags);
1329
1330 buf = sd->buf;
1331 len = sd->len;
1332 type = sd->type;
1333
1334 list_del(&sd->list);
1335 kfree(sd);
1336
1337 if (len > 0) {
1338 if (type == HERMES_INQ_CHANNELINFO)
1339 orinoco_add_extscan_result(priv, buf, len);
1340 else
1341 orinoco_add_hostscan_results(priv, buf, len);
1342
1343 kfree(buf);
1344 } else if (priv->scan_request) {
1345 /* Either abort or complete the scan */
1346 cfg80211_scan_done(priv->scan_request, (len < 0));
1347 priv->scan_request = NULL;
1348 }
1349
1350 spin_lock_irqsave(&priv->scan_lock, flags);
1351 }
1352 spin_unlock_irqrestore(&priv->scan_lock, flags);
1353 }
1354
1355 static void __orinoco_ev_info(struct net_device *dev, hermes_t *hw)
1356 {
1357 struct orinoco_private *priv = ndev_priv(dev);
1358 u16 infofid;
1359 struct {
1360 __le16 len;
1361 __le16 type;
1362 } __attribute__ ((packed)) info;
1363 int len, type;
1364 int err;
1365
1366 /* This is an answer to an INQUIRE command that we did earlier,
1367 * or an information "event" generated by the card
1368 * The controller return to us a pseudo frame containing
1369 * the information in question - Jean II */
1370 infofid = hermes_read_regn(hw, INFOFID);
1371
1372 /* Read the info frame header - don't try too hard */
1373 err = hermes_bap_pread(hw, IRQ_BAP, &info, sizeof(info),
1374 infofid, 0);
1375 if (err) {
1376 printk(KERN_ERR "%s: error %d reading info frame. "
1377 "Frame dropped.\n", dev->name, err);
1378 return;
1379 }
1380
1381 len = HERMES_RECLEN_TO_BYTES(le16_to_cpu(info.len));
1382 type = le16_to_cpu(info.type);
1383
1384 switch (type) {
1385 case HERMES_INQ_TALLIES: {
1386 struct hermes_tallies_frame tallies;
1387 struct iw_statistics *wstats = &priv->wstats;
1388
1389 if (len > sizeof(tallies)) {
1390 printk(KERN_WARNING "%s: Tallies frame too long (%d bytes)\n",
1391 dev->name, len);
1392 len = sizeof(tallies);
1393 }
1394
1395 err = hermes_bap_pread(hw, IRQ_BAP, &tallies, len,
1396 infofid, sizeof(info));
1397 if (err)
1398 break;
1399
1400 /* Increment our various counters */
1401 /* wstats->discard.nwid - no wrong BSSID stuff */
1402 wstats->discard.code +=
1403 le16_to_cpu(tallies.RxWEPUndecryptable);
1404 if (len == sizeof(tallies))
1405 wstats->discard.code +=
1406 le16_to_cpu(tallies.RxDiscards_WEPICVError) +
1407 le16_to_cpu(tallies.RxDiscards_WEPExcluded);
1408 wstats->discard.misc +=
1409 le16_to_cpu(tallies.TxDiscardsWrongSA);
1410 wstats->discard.fragment +=
1411 le16_to_cpu(tallies.RxMsgInBadMsgFragments);
1412 wstats->discard.retries +=
1413 le16_to_cpu(tallies.TxRetryLimitExceeded);
1414 /* wstats->miss.beacon - no match */
1415 }
1416 break;
1417 case HERMES_INQ_LINKSTATUS: {
1418 struct hermes_linkstatus linkstatus;
1419 u16 newstatus;
1420 int connected;
1421
1422 if (priv->iw_mode == NL80211_IFTYPE_MONITOR)
1423 break;
1424
1425 if (len != sizeof(linkstatus)) {
1426 printk(KERN_WARNING "%s: Unexpected size for linkstatus frame (%d bytes)\n",
1427 dev->name, len);
1428 break;
1429 }
1430
1431 err = hermes_bap_pread(hw, IRQ_BAP, &linkstatus, len,
1432 infofid, sizeof(info));
1433 if (err)
1434 break;
1435 newstatus = le16_to_cpu(linkstatus.linkstatus);
1436
1437 /* Symbol firmware uses "out of range" to signal that
1438 * the hostscan frame can be requested. */
1439 if (newstatus == HERMES_LINKSTATUS_AP_OUT_OF_RANGE &&
1440 priv->firmware_type == FIRMWARE_TYPE_SYMBOL &&
1441 priv->has_hostscan && priv->scan_request) {
1442 hermes_inquire(hw, HERMES_INQ_HOSTSCAN_SYMBOL);
1443 break;
1444 }
1445
1446 connected = (newstatus == HERMES_LINKSTATUS_CONNECTED)
1447 || (newstatus == HERMES_LINKSTATUS_AP_CHANGE)
1448 || (newstatus == HERMES_LINKSTATUS_AP_IN_RANGE);
1449
1450 if (connected)
1451 netif_carrier_on(dev);
1452 else if (!ignore_disconnect)
1453 netif_carrier_off(dev);
1454
1455 if (newstatus != priv->last_linkstatus) {
1456 priv->last_linkstatus = newstatus;
1457 print_linkstatus(dev, newstatus);
1458 /* The info frame contains only one word which is the
1459 * status (see hermes.h). The status is pretty boring
1460 * in itself, that's why we export the new BSSID...
1461 * Jean II */
1462 schedule_work(&priv->wevent_work);
1463 }
1464 }
1465 break;
1466 case HERMES_INQ_SCAN:
1467 if (!priv->scan_request && priv->bssid_fixed &&
1468 priv->firmware_type == FIRMWARE_TYPE_INTERSIL) {
1469 schedule_work(&priv->join_work);
1470 break;
1471 }
1472 /* fall through */
1473 case HERMES_INQ_HOSTSCAN:
1474 case HERMES_INQ_HOSTSCAN_SYMBOL: {
1475 /* Result of a scanning. Contains information about
1476 * cells in the vicinity - Jean II */
1477 unsigned char *buf;
1478
1479 /* Sanity check */
1480 if (len > 4096) {
1481 printk(KERN_WARNING "%s: Scan results too large (%d bytes)\n",
1482 dev->name, len);
1483 qabort_scan(priv);
1484 break;
1485 }
1486
1487 /* Allocate buffer for results */
1488 buf = kmalloc(len, GFP_ATOMIC);
1489 if (buf == NULL) {
1490 /* No memory, so can't printk()... */
1491 qabort_scan(priv);
1492 break;
1493 }
1494
1495 /* Read scan data */
1496 err = hermes_bap_pread(hw, IRQ_BAP, (void *) buf, len,
1497 infofid, sizeof(info));
1498 if (err) {
1499 kfree(buf);
1500 qabort_scan(priv);
1501 break;
1502 }
1503
1504 #ifdef ORINOCO_DEBUG
1505 {
1506 int i;
1507 printk(KERN_DEBUG "Scan result [%02X", buf[0]);
1508 for (i = 1; i < (len * 2); i++)
1509 printk(":%02X", buf[i]);
1510 printk("]\n");
1511 }
1512 #endif /* ORINOCO_DEBUG */
1513
1514 qbuf_scan(priv, buf, len, type);
1515 }
1516 break;
1517 case HERMES_INQ_CHANNELINFO:
1518 {
1519 struct agere_ext_scan_info *bss;
1520
1521 if (!priv->scan_request) {
1522 printk(KERN_DEBUG "%s: Got chaninfo without scan, "
1523 "len=%d\n", dev->name, len);
1524 break;
1525 }
1526
1527 /* An empty result indicates that the scan is complete */
1528 if (len == 0) {
1529 qbuf_scan(priv, NULL, len, type);
1530 break;
1531 }
1532
1533 /* Sanity check */
1534 else if (len < (offsetof(struct agere_ext_scan_info,
1535 data) + 2)) {
1536 /* Drop this result now so we don't have to
1537 * keep checking later */
1538 printk(KERN_WARNING
1539 "%s: Ext scan results too short (%d bytes)\n",
1540 dev->name, len);
1541 break;
1542 }
1543
1544 bss = kmalloc(len, GFP_ATOMIC);
1545 if (bss == NULL)
1546 break;
1547
1548 /* Read scan data */
1549 err = hermes_bap_pread(hw, IRQ_BAP, (void *) bss, len,
1550 infofid, sizeof(info));
1551 if (err)
1552 kfree(bss);
1553 else
1554 qbuf_scan(priv, bss, len, type);
1555
1556 break;
1557 }
1558 case HERMES_INQ_SEC_STAT_AGERE:
1559 /* Security status (Agere specific) */
1560 /* Ignore this frame for now */
1561 if (priv->firmware_type == FIRMWARE_TYPE_AGERE)
1562 break;
1563 /* fall through */
1564 default:
1565 printk(KERN_DEBUG "%s: Unknown information frame received: "
1566 "type 0x%04x, length %d\n", dev->name, type, len);
1567 /* We don't actually do anything about it */
1568 break;
1569 }
1570
1571 return;
1572 }
1573
1574 static void __orinoco_ev_infdrop(struct net_device *dev, hermes_t *hw)
1575 {
1576 if (net_ratelimit())
1577 printk(KERN_DEBUG "%s: Information frame lost.\n", dev->name);
1578 }
1579
1580 /********************************************************************/
1581 /* Internal hardware control routines */
1582 /********************************************************************/
1583
1584 static int __orinoco_up(struct orinoco_private *priv)
1585 {
1586 struct net_device *dev = priv->ndev;
1587 struct hermes *hw = &priv->hw;
1588 int err;
1589
1590 netif_carrier_off(dev); /* just to make sure */
1591
1592 err = __orinoco_commit(priv);
1593 if (err) {
1594 printk(KERN_ERR "%s: Error %d configuring card\n",
1595 dev->name, err);
1596 return err;
1597 }
1598
1599 /* Fire things up again */
1600 hermes_set_irqmask(hw, ORINOCO_INTEN);
1601 err = hermes_enable_port(hw, 0);
1602 if (err) {
1603 printk(KERN_ERR "%s: Error %d enabling MAC port\n",
1604 dev->name, err);
1605 return err;
1606 }
1607
1608 netif_start_queue(dev);
1609
1610 return 0;
1611 }
1612
1613 static int __orinoco_down(struct orinoco_private *priv)
1614 {
1615 struct net_device *dev = priv->ndev;
1616 struct hermes *hw = &priv->hw;
1617 int err;
1618
1619 netif_stop_queue(dev);
1620
1621 if (!priv->hw_unavailable) {
1622 if (!priv->broken_disableport) {
1623 err = hermes_disable_port(hw, 0);
1624 if (err) {
1625 /* Some firmwares (e.g. Intersil 1.3.x) seem
1626 * to have problems disabling the port, oh
1627 * well, too bad. */
1628 printk(KERN_WARNING "%s: Error %d disabling MAC port\n",
1629 dev->name, err);
1630 priv->broken_disableport = 1;
1631 }
1632 }
1633 hermes_set_irqmask(hw, 0);
1634 hermes_write_regn(hw, EVACK, 0xffff);
1635 }
1636
1637 /* firmware will have to reassociate */
1638 netif_carrier_off(dev);
1639 priv->last_linkstatus = 0xffff;
1640
1641 return 0;
1642 }
1643
1644 static int orinoco_reinit_firmware(struct orinoco_private *priv)
1645 {
1646 struct hermes *hw = &priv->hw;
1647 int err;
1648
1649 err = hermes_init(hw);
1650 if (priv->do_fw_download && !err) {
1651 err = orinoco_download(priv);
1652 if (err)
1653 priv->do_fw_download = 0;
1654 }
1655 if (!err)
1656 err = orinoco_hw_allocate_fid(priv);
1657
1658 return err;
1659 }
1660
1661 static int
1662 __orinoco_set_multicast_list(struct net_device *dev)
1663 {
1664 struct orinoco_private *priv = ndev_priv(dev);
1665 int err = 0;
1666 int promisc, mc_count;
1667
1668 /* The Hermes doesn't seem to have an allmulti mode, so we go
1669 * into promiscuous mode and let the upper levels deal. */
1670 if ((dev->flags & IFF_PROMISC) || (dev->flags & IFF_ALLMULTI) ||
1671 (dev->mc_count > MAX_MULTICAST(priv))) {
1672 promisc = 1;
1673 mc_count = 0;
1674 } else {
1675 promisc = 0;
1676 mc_count = dev->mc_count;
1677 }
1678
1679 err = __orinoco_hw_set_multicast_list(priv, dev->mc_list, mc_count,
1680 promisc);
1681
1682 return err;
1683 }
1684
1685 /* This must be called from user context, without locks held - use
1686 * schedule_work() */
1687 void orinoco_reset(struct work_struct *work)
1688 {
1689 struct orinoco_private *priv =
1690 container_of(work, struct orinoco_private, reset_work);
1691 struct net_device *dev = priv->ndev;
1692 struct hermes *hw = &priv->hw;
1693 int err;
1694 unsigned long flags;
1695
1696 if (orinoco_lock(priv, &flags) != 0)
1697 /* When the hardware becomes available again, whatever
1698 * detects that is responsible for re-initializing
1699 * it. So no need for anything further */
1700 return;
1701
1702 netif_stop_queue(dev);
1703
1704 /* Shut off interrupts. Depending on what state the hardware
1705 * is in, this might not work, but we'll try anyway */
1706 hermes_set_irqmask(hw, 0);
1707 hermes_write_regn(hw, EVACK, 0xffff);
1708
1709 priv->hw_unavailable++;
1710 priv->last_linkstatus = 0xffff; /* firmware will have to reassociate */
1711 netif_carrier_off(dev);
1712
1713 orinoco_unlock(priv, &flags);
1714
1715 /* Scanning support: Notify scan cancellation */
1716 if (priv->scan_request) {
1717 cfg80211_scan_done(priv->scan_request, 1);
1718 priv->scan_request = NULL;
1719 }
1720
1721 if (priv->hard_reset) {
1722 err = (*priv->hard_reset)(priv);
1723 if (err) {
1724 printk(KERN_ERR "%s: orinoco_reset: Error %d "
1725 "performing hard reset\n", dev->name, err);
1726 goto disable;
1727 }
1728 }
1729
1730 err = orinoco_reinit_firmware(priv);
1731 if (err) {
1732 printk(KERN_ERR "%s: orinoco_reset: Error %d re-initializing firmware\n",
1733 dev->name, err);
1734 goto disable;
1735 }
1736
1737 /* This has to be called from user context */
1738 spin_lock_irq(&priv->lock);
1739
1740 priv->hw_unavailable--;
1741
1742 /* priv->open or priv->hw_unavailable might have changed while
1743 * we dropped the lock */
1744 if (priv->open && (!priv->hw_unavailable)) {
1745 err = __orinoco_up(priv);
1746 if (err) {
1747 printk(KERN_ERR "%s: orinoco_reset: Error %d reenabling card\n",
1748 dev->name, err);
1749 } else
1750 dev->trans_start = jiffies;
1751 }
1752
1753 spin_unlock_irq(&priv->lock);
1754
1755 return;
1756 disable:
1757 hermes_set_irqmask(hw, 0);
1758 netif_device_detach(dev);
1759 printk(KERN_ERR "%s: Device has been disabled!\n", dev->name);
1760 }
1761
1762 static int __orinoco_commit(struct orinoco_private *priv)
1763 {
1764 struct net_device *dev = priv->ndev;
1765 int err = 0;
1766
1767 err = orinoco_hw_program_rids(priv);
1768
1769 /* FIXME: what about netif_tx_lock */
1770 (void) __orinoco_set_multicast_list(dev);
1771
1772 return err;
1773 }
1774
1775 /* Ensures configuration changes are applied. May result in a reset.
1776 * The caller should hold priv->lock
1777 */
1778 int orinoco_commit(struct orinoco_private *priv)
1779 {
1780 struct net_device *dev = priv->ndev;
1781 hermes_t *hw = &priv->hw;
1782 int err;
1783
1784 if (priv->broken_disableport) {
1785 schedule_work(&priv->reset_work);
1786 return 0;
1787 }
1788
1789 err = hermes_disable_port(hw, 0);
1790 if (err) {
1791 printk(KERN_WARNING "%s: Unable to disable port "
1792 "while reconfiguring card\n", dev->name);
1793 priv->broken_disableport = 1;
1794 goto out;
1795 }
1796
1797 err = __orinoco_commit(priv);
1798 if (err) {
1799 printk(KERN_WARNING "%s: Unable to reconfigure card\n",
1800 dev->name);
1801 goto out;
1802 }
1803
1804 err = hermes_enable_port(hw, 0);
1805 if (err) {
1806 printk(KERN_WARNING "%s: Unable to enable port while reconfiguring card\n",
1807 dev->name);
1808 goto out;
1809 }
1810
1811 out:
1812 if (err) {
1813 printk(KERN_WARNING "%s: Resetting instead...\n", dev->name);
1814 schedule_work(&priv->reset_work);
1815 err = 0;
1816 }
1817 return err;
1818 }
1819
1820 /********************************************************************/
1821 /* Interrupt handler */
1822 /********************************************************************/
1823
1824 static void __orinoco_ev_tick(struct net_device *dev, hermes_t *hw)
1825 {
1826 printk(KERN_DEBUG "%s: TICK\n", dev->name);
1827 }
1828
1829 static void __orinoco_ev_wterr(struct net_device *dev, hermes_t *hw)
1830 {
1831 /* This seems to happen a fair bit under load, but ignoring it
1832 seems to work fine...*/
1833 printk(KERN_DEBUG "%s: MAC controller error (WTERR). Ignoring.\n",
1834 dev->name);
1835 }
1836
1837 irqreturn_t orinoco_interrupt(int irq, void *dev_id)
1838 {
1839 struct orinoco_private *priv = dev_id;
1840 struct net_device *dev = priv->ndev;
1841 hermes_t *hw = &priv->hw;
1842 int count = MAX_IRQLOOPS_PER_IRQ;
1843 u16 evstat, events;
1844 /* These are used to detect a runaway interrupt situation.
1845 *
1846 * If we get more than MAX_IRQLOOPS_PER_JIFFY iterations in a jiffy,
1847 * we panic and shut down the hardware
1848 */
1849 /* jiffies value the last time we were called */
1850 static int last_irq_jiffy; /* = 0 */
1851 static int loops_this_jiffy; /* = 0 */
1852 unsigned long flags;
1853
1854 if (orinoco_lock(priv, &flags) != 0) {
1855 /* If hw is unavailable - we don't know if the irq was
1856 * for us or not */
1857 return IRQ_HANDLED;
1858 }
1859
1860 evstat = hermes_read_regn(hw, EVSTAT);
1861 events = evstat & hw->inten;
1862 if (!events) {
1863 orinoco_unlock(priv, &flags);
1864 return IRQ_NONE;
1865 }
1866
1867 if (jiffies != last_irq_jiffy)
1868 loops_this_jiffy = 0;
1869 last_irq_jiffy = jiffies;
1870
1871 while (events && count--) {
1872 if (++loops_this_jiffy > MAX_IRQLOOPS_PER_JIFFY) {
1873 printk(KERN_WARNING "%s: IRQ handler is looping too "
1874 "much! Resetting.\n", dev->name);
1875 /* Disable interrupts for now */
1876 hermes_set_irqmask(hw, 0);
1877 schedule_work(&priv->reset_work);
1878 break;
1879 }
1880
1881 /* Check the card hasn't been removed */
1882 if (!hermes_present(hw)) {
1883 DEBUG(0, "orinoco_interrupt(): card removed\n");
1884 break;
1885 }
1886
1887 if (events & HERMES_EV_TICK)
1888 __orinoco_ev_tick(dev, hw);
1889 if (events & HERMES_EV_WTERR)
1890 __orinoco_ev_wterr(dev, hw);
1891 if (events & HERMES_EV_INFDROP)
1892 __orinoco_ev_infdrop(dev, hw);
1893 if (events & HERMES_EV_INFO)
1894 __orinoco_ev_info(dev, hw);
1895 if (events & HERMES_EV_RX)
1896 __orinoco_ev_rx(dev, hw);
1897 if (events & HERMES_EV_TXEXC)
1898 __orinoco_ev_txexc(dev, hw);
1899 if (events & HERMES_EV_TX)
1900 __orinoco_ev_tx(dev, hw);
1901 if (events & HERMES_EV_ALLOC)
1902 __orinoco_ev_alloc(dev, hw);
1903
1904 hermes_write_regn(hw, EVACK, evstat);
1905
1906 evstat = hermes_read_regn(hw, EVSTAT);
1907 events = evstat & hw->inten;
1908 };
1909
1910 orinoco_unlock(priv, &flags);
1911 return IRQ_HANDLED;
1912 }
1913 EXPORT_SYMBOL(orinoco_interrupt);
1914
1915 /********************************************************************/
1916 /* Power management */
1917 /********************************************************************/
1918 #if defined(CONFIG_PM_SLEEP) && !defined(CONFIG_HERMES_CACHE_FW_ON_INIT)
1919 static int orinoco_pm_notifier(struct notifier_block *notifier,
1920 unsigned long pm_event,
1921 void *unused)
1922 {
1923 struct orinoco_private *priv = container_of(notifier,
1924 struct orinoco_private,
1925 pm_notifier);
1926
1927 /* All we need to do is cache the firmware before suspend, and
1928 * release it when we come out.
1929 *
1930 * Only need to do this if we're downloading firmware. */
1931 if (!priv->do_fw_download)
1932 return NOTIFY_DONE;
1933
1934 switch (pm_event) {
1935 case PM_HIBERNATION_PREPARE:
1936 case PM_SUSPEND_PREPARE:
1937 orinoco_cache_fw(priv, 0);
1938 break;
1939
1940 case PM_POST_RESTORE:
1941 /* Restore from hibernation failed. We need to clean
1942 * up in exactly the same way, so fall through. */
1943 case PM_POST_HIBERNATION:
1944 case PM_POST_SUSPEND:
1945 orinoco_uncache_fw(priv);
1946 break;
1947
1948 case PM_RESTORE_PREPARE:
1949 default:
1950 break;
1951 }
1952
1953 return NOTIFY_DONE;
1954 }
1955
1956 static void orinoco_register_pm_notifier(struct orinoco_private *priv)
1957 {
1958 priv->pm_notifier.notifier_call = orinoco_pm_notifier;
1959 register_pm_notifier(&priv->pm_notifier);
1960 }
1961
1962 static void orinoco_unregister_pm_notifier(struct orinoco_private *priv)
1963 {
1964 unregister_pm_notifier(&priv->pm_notifier);
1965 }
1966 #else /* !PM_SLEEP || HERMES_CACHE_FW_ON_INIT */
1967 #define orinoco_register_pm_notifier(priv) do { } while(0)
1968 #define orinoco_unregister_pm_notifier(priv) do { } while(0)
1969 #endif
1970
1971 /********************************************************************/
1972 /* Initialization */
1973 /********************************************************************/
1974
1975 int orinoco_init(struct orinoco_private *priv)
1976 {
1977 struct device *dev = priv->dev;
1978 struct wiphy *wiphy = priv_to_wiphy(priv);
1979 hermes_t *hw = &priv->hw;
1980 int err = 0;
1981
1982 /* No need to lock, the hw_unavailable flag is already set in
1983 * alloc_orinocodev() */
1984 priv->nicbuf_size = IEEE80211_MAX_FRAME_LEN + ETH_HLEN;
1985
1986 /* Initialize the firmware */
1987 err = hermes_init(hw);
1988 if (err != 0) {
1989 dev_err(dev, "Failed to initialize firmware (err = %d)\n",
1990 err);
1991 goto out;
1992 }
1993
1994 err = determine_fw_capabilities(priv, wiphy->fw_version,
1995 sizeof(wiphy->fw_version),
1996 &wiphy->hw_version);
1997 if (err != 0) {
1998 dev_err(dev, "Incompatible firmware, aborting\n");
1999 goto out;
2000 }
2001
2002 if (priv->do_fw_download) {
2003 #ifdef CONFIG_HERMES_CACHE_FW_ON_INIT
2004 orinoco_cache_fw(priv, 0);
2005 #endif
2006
2007 err = orinoco_download(priv);
2008 if (err)
2009 priv->do_fw_download = 0;
2010
2011 /* Check firmware version again */
2012 err = determine_fw_capabilities(priv, wiphy->fw_version,
2013 sizeof(wiphy->fw_version),
2014 &wiphy->hw_version);
2015 if (err != 0) {
2016 dev_err(dev, "Incompatible firmware, aborting\n");
2017 goto out;
2018 }
2019 }
2020
2021 if (priv->has_port3)
2022 dev_info(dev, "Ad-hoc demo mode supported\n");
2023 if (priv->has_ibss)
2024 dev_info(dev, "IEEE standard IBSS ad-hoc mode supported\n");
2025 if (priv->has_wep)
2026 dev_info(dev, "WEP supported, %s-bit key\n",
2027 priv->has_big_wep ? "104" : "40");
2028 if (priv->has_wpa) {
2029 dev_info(dev, "WPA-PSK supported\n");
2030 if (orinoco_mic_init(priv)) {
2031 dev_err(dev, "Failed to setup MIC crypto algorithm. "
2032 "Disabling WPA support\n");
2033 priv->has_wpa = 0;
2034 }
2035 }
2036
2037 err = orinoco_hw_read_card_settings(priv, wiphy->perm_addr);
2038 if (err)
2039 goto out;
2040
2041 err = orinoco_hw_allocate_fid(priv);
2042 if (err) {
2043 dev_err(dev, "Failed to allocate NIC buffer!\n");
2044 goto out;
2045 }
2046
2047 /* Set up the default configuration */
2048 priv->iw_mode = NL80211_IFTYPE_STATION;
2049 /* By default use IEEE/IBSS ad-hoc mode if we have it */
2050 priv->prefer_port3 = priv->has_port3 && (!priv->has_ibss);
2051 set_port_type(priv);
2052 priv->channel = 0; /* use firmware default */
2053
2054 priv->promiscuous = 0;
2055 priv->encode_alg = ORINOCO_ALG_NONE;
2056 priv->tx_key = 0;
2057 priv->wpa_enabled = 0;
2058 priv->tkip_cm_active = 0;
2059 priv->key_mgmt = 0;
2060 priv->wpa_ie_len = 0;
2061 priv->wpa_ie = NULL;
2062
2063 if (orinoco_wiphy_register(wiphy)) {
2064 err = -ENODEV;
2065 goto out;
2066 }
2067
2068 /* Make the hardware available, as long as it hasn't been
2069 * removed elsewhere (e.g. by PCMCIA hot unplug) */
2070 spin_lock_irq(&priv->lock);
2071 priv->hw_unavailable--;
2072 spin_unlock_irq(&priv->lock);
2073
2074 dev_dbg(dev, "Ready\n");
2075
2076 out:
2077 return err;
2078 }
2079 EXPORT_SYMBOL(orinoco_init);
2080
2081 static const struct net_device_ops orinoco_netdev_ops = {
2082 .ndo_open = orinoco_open,
2083 .ndo_stop = orinoco_stop,
2084 .ndo_start_xmit = orinoco_xmit,
2085 .ndo_set_multicast_list = orinoco_set_multicast_list,
2086 .ndo_change_mtu = orinoco_change_mtu,
2087 .ndo_set_mac_address = eth_mac_addr,
2088 .ndo_validate_addr = eth_validate_addr,
2089 .ndo_tx_timeout = orinoco_tx_timeout,
2090 .ndo_get_stats = orinoco_get_stats,
2091 };
2092
2093 /* Allocate private data.
2094 *
2095 * This driver has a number of structures associated with it
2096 * netdev - Net device structure for each network interface
2097 * wiphy - structure associated with wireless phy
2098 * wireless_dev (wdev) - structure for each wireless interface
2099 * hw - structure for hermes chip info
2100 * card - card specific structure for use by the card driver
2101 * (airport, orinoco_cs)
2102 * priv - orinoco private data
2103 * device - generic linux device structure
2104 *
2105 * +---------+ +---------+
2106 * | wiphy | | netdev |
2107 * | +-------+ | +-------+
2108 * | | priv | | | wdev |
2109 * | | +-----+ +-+-------+
2110 * | | | hw |
2111 * | +-+-----+
2112 * | | card |
2113 * +-+-------+
2114 *
2115 * priv has a link to netdev and device
2116 * wdev has a link to wiphy
2117 */
2118 struct orinoco_private
2119 *alloc_orinocodev(int sizeof_card,
2120 struct device *device,
2121 int (*hard_reset)(struct orinoco_private *),
2122 int (*stop_fw)(struct orinoco_private *, int))
2123 {
2124 struct orinoco_private *priv;
2125 struct wiphy *wiphy;
2126
2127 /* allocate wiphy
2128 * NOTE: We only support a single virtual interface
2129 * but this may change when monitor mode is added
2130 */
2131 wiphy = wiphy_new(&orinoco_cfg_ops,
2132 sizeof(struct orinoco_private) + sizeof_card);
2133 if (!wiphy)
2134 return NULL;
2135
2136 priv = wiphy_priv(wiphy);
2137 priv->dev = device;
2138
2139 if (sizeof_card)
2140 priv->card = (void *)((unsigned long)priv
2141 + sizeof(struct orinoco_private));
2142 else
2143 priv->card = NULL;
2144
2145 orinoco_wiphy_init(wiphy);
2146
2147 #ifdef WIRELESS_SPY
2148 priv->wireless_data.spy_data = &priv->spy_data;
2149 #endif
2150
2151 /* Set up default callbacks */
2152 priv->hard_reset = hard_reset;
2153 priv->stop_fw = stop_fw;
2154
2155 spin_lock_init(&priv->lock);
2156 priv->open = 0;
2157 priv->hw_unavailable = 1; /* orinoco_init() must clear this
2158 * before anything else touches the
2159 * hardware */
2160 INIT_WORK(&priv->reset_work, orinoco_reset);
2161 INIT_WORK(&priv->join_work, orinoco_join_ap);
2162 INIT_WORK(&priv->wevent_work, orinoco_send_wevents);
2163
2164 INIT_LIST_HEAD(&priv->rx_list);
2165 tasklet_init(&priv->rx_tasklet, orinoco_rx_isr_tasklet,
2166 (unsigned long) priv);
2167
2168 spin_lock_init(&priv->scan_lock);
2169 INIT_LIST_HEAD(&priv->scan_list);
2170 INIT_WORK(&priv->process_scan, orinoco_process_scan_results);
2171
2172 priv->last_linkstatus = 0xffff;
2173
2174 #if defined(CONFIG_HERMES_CACHE_FW_ON_INIT) || defined(CONFIG_PM_SLEEP)
2175 priv->cached_pri_fw = NULL;
2176 priv->cached_fw = NULL;
2177 #endif
2178
2179 /* Register PM notifiers */
2180 orinoco_register_pm_notifier(priv);
2181
2182 return priv;
2183 }
2184 EXPORT_SYMBOL(alloc_orinocodev);
2185
2186 /* We can only support a single interface. We provide a separate
2187 * function to set it up to distinguish between hardware
2188 * initialisation and interface setup.
2189 *
2190 * The base_addr and irq parameters are passed on to netdev for use
2191 * with SIOCGIFMAP.
2192 */
2193 int orinoco_if_add(struct orinoco_private *priv,
2194 unsigned long base_addr,
2195 unsigned int irq)
2196 {
2197 struct wiphy *wiphy = priv_to_wiphy(priv);
2198 struct wireless_dev *wdev;
2199 struct net_device *dev;
2200 int ret;
2201
2202 dev = alloc_etherdev(sizeof(struct wireless_dev));
2203
2204 if (!dev)
2205 return -ENOMEM;
2206
2207 /* Initialise wireless_dev */
2208 wdev = netdev_priv(dev);
2209 wdev->wiphy = wiphy;
2210 wdev->iftype = NL80211_IFTYPE_STATION;
2211
2212 /* Setup / override net_device fields */
2213 dev->ieee80211_ptr = wdev;
2214 dev->netdev_ops = &orinoco_netdev_ops;
2215 dev->watchdog_timeo = HZ; /* 1 second timeout */
2216 dev->wireless_handlers = &orinoco_handler_def;
2217 #ifdef WIRELESS_SPY
2218 dev->wireless_data = &priv->wireless_data;
2219 #endif
2220 /* we use the default eth_mac_addr for setting the MAC addr */
2221
2222 /* Reserve space in skb for the SNAP header */
2223 dev->hard_header_len += ENCAPS_OVERHEAD;
2224
2225 netif_carrier_off(dev);
2226
2227 memcpy(dev->dev_addr, wiphy->perm_addr, ETH_ALEN);
2228 memcpy(dev->perm_addr, wiphy->perm_addr, ETH_ALEN);
2229
2230 dev->base_addr = base_addr;
2231 dev->irq = irq;
2232
2233 SET_NETDEV_DEV(dev, priv->dev);
2234 ret = register_netdev(dev);
2235 if (ret)
2236 goto fail;
2237
2238 priv->ndev = dev;
2239
2240 /* Report what we've done */
2241 dev_dbg(priv->dev, "Registerred interface %s.\n", dev->name);
2242
2243 return 0;
2244
2245 fail:
2246 free_netdev(dev);
2247 return ret;
2248 }
2249 EXPORT_SYMBOL(orinoco_if_add);
2250
2251 void orinoco_if_del(struct orinoco_private *priv)
2252 {
2253 struct net_device *dev = priv->ndev;
2254
2255 unregister_netdev(dev);
2256 free_netdev(dev);
2257 }
2258 EXPORT_SYMBOL(orinoco_if_del);
2259
2260 void free_orinocodev(struct orinoco_private *priv)
2261 {
2262 struct wiphy *wiphy = priv_to_wiphy(priv);
2263 struct orinoco_rx_data *rx_data, *temp;
2264 struct orinoco_scan_data *sd, *sdtemp;
2265
2266 wiphy_unregister(wiphy);
2267
2268 /* If the tasklet is scheduled when we call tasklet_kill it
2269 * will run one final time. However the tasklet will only
2270 * drain priv->rx_list if the hw is still available. */
2271 tasklet_kill(&priv->rx_tasklet);
2272
2273 /* Explicitly drain priv->rx_list */
2274 list_for_each_entry_safe(rx_data, temp, &priv->rx_list, list) {
2275 list_del(&rx_data->list);
2276
2277 dev_kfree_skb(rx_data->skb);
2278 kfree(rx_data->desc);
2279 kfree(rx_data);
2280 }
2281
2282 cancel_work_sync(&priv->process_scan);
2283 /* Explicitly drain priv->scan_list */
2284 list_for_each_entry_safe(sd, sdtemp, &priv->scan_list, list) {
2285 list_del(&sd->list);
2286
2287 if ((sd->len > 0) && sd->buf)
2288 kfree(sd->buf);
2289 kfree(sd);
2290 }
2291
2292 orinoco_unregister_pm_notifier(priv);
2293 orinoco_uncache_fw(priv);
2294
2295 priv->wpa_ie_len = 0;
2296 kfree(priv->wpa_ie);
2297 orinoco_mic_free(priv);
2298 wiphy_free(wiphy);
2299 }
2300 EXPORT_SYMBOL(free_orinocodev);
2301
2302 int orinoco_up(struct orinoco_private *priv)
2303 {
2304 struct net_device *dev = priv->ndev;
2305 unsigned long flags;
2306 int err;
2307
2308 spin_lock_irqsave(&priv->lock, flags);
2309
2310 err = orinoco_reinit_firmware(priv);
2311 if (err) {
2312 printk(KERN_ERR "%s: Error %d re-initializing firmware\n",
2313 dev->name, err);
2314 goto exit;
2315 }
2316
2317 netif_device_attach(dev);
2318 priv->hw_unavailable--;
2319
2320 if (priv->open && !priv->hw_unavailable) {
2321 err = __orinoco_up(priv);
2322 if (err)
2323 printk(KERN_ERR "%s: Error %d restarting card\n",
2324 dev->name, err);
2325 }
2326
2327 exit:
2328 spin_unlock_irqrestore(&priv->lock, flags);
2329
2330 return 0;
2331 }
2332 EXPORT_SYMBOL(orinoco_up);
2333
2334 void orinoco_down(struct orinoco_private *priv)
2335 {
2336 struct net_device *dev = priv->ndev;
2337 unsigned long flags;
2338 int err;
2339
2340 spin_lock_irqsave(&priv->lock, flags);
2341 err = __orinoco_down(priv);
2342 if (err)
2343 printk(KERN_WARNING "%s: Error %d downing interface\n",
2344 dev->name, err);
2345
2346 netif_device_detach(dev);
2347 priv->hw_unavailable++;
2348 spin_unlock_irqrestore(&priv->lock, flags);
2349 }
2350 EXPORT_SYMBOL(orinoco_down);
2351
2352 /********************************************************************/
2353 /* Module initialization */
2354 /********************************************************************/
2355
2356 /* Can't be declared "const" or the whole __initdata section will
2357 * become const */
2358 static char version[] __initdata = DRIVER_NAME " " DRIVER_VERSION
2359 " (David Gibson <hermes@gibson.dropbear.id.au>, "
2360 "Pavel Roskin <proski@gnu.org>, et al)";
2361
2362 static int __init init_orinoco(void)
2363 {
2364 printk(KERN_DEBUG "%s\n", version);
2365 return 0;
2366 }
2367
2368 static void __exit exit_orinoco(void)
2369 {
2370 }
2371
2372 module_init(init_orinoco);
2373 module_exit(exit_orinoco);
mm of the moment repository