Avoid reading past buffer when calling GETACL
[zen-stable.git] / drivers / net / wireless / b43 / main.c
blob11ab4a46ea85385fc12068f1b3724859d1228e02
1 /*
3 Broadcom B43 wireless driver
5 Copyright (c) 2005 Martin Langer <martin-langer@gmx.de>
6 Copyright (c) 2005 Stefano Brivio <stefano.brivio@polimi.it>
7 Copyright (c) 2005-2009 Michael Buesch <m@bues.ch>
8 Copyright (c) 2005 Danny van Dyk <kugelfang@gentoo.org>
9 Copyright (c) 2005 Andreas Jaggi <andreas.jaggi@waterwave.ch>
10 Copyright (c) 2010-2011 Rafał Miłecki <zajec5@gmail.com>
12 SDIO support
13 Copyright (c) 2009 Albert Herranz <albert_herranz@yahoo.es>
15 Some parts of the code in this file are derived from the ipw2200
16 driver Copyright(c) 2003 - 2004 Intel Corporation.
18 This program is free software; you can redistribute it and/or modify
19 it under the terms of the GNU General Public License as published by
20 the Free Software Foundation; either version 2 of the License, or
21 (at your option) any later version.
23 This program is distributed in the hope that it will be useful,
24 but WITHOUT ANY WARRANTY; without even the implied warranty of
25 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
26 GNU General Public License for more details.
28 You should have received a copy of the GNU General Public License
29 along with this program; see the file COPYING. If not, write to
30 the Free Software Foundation, Inc., 51 Franklin Steet, Fifth Floor,
31 Boston, MA 02110-1301, USA.
35 #include <linux/delay.h>
36 #include <linux/init.h>
37 #include <linux/module.h>
38 #include <linux/if_arp.h>
39 #include <linux/etherdevice.h>
40 #include <linux/firmware.h>
41 #include <linux/workqueue.h>
42 #include <linux/skbuff.h>
43 #include <linux/io.h>
44 #include <linux/dma-mapping.h>
45 #include <linux/slab.h>
46 #include <asm/unaligned.h>
48 #include "b43.h"
49 #include "main.h"
50 #include "debugfs.h"
51 #include "phy_common.h"
52 #include "phy_g.h"
53 #include "phy_n.h"
54 #include "dma.h"
55 #include "pio.h"
56 #include "sysfs.h"
57 #include "xmit.h"
58 #include "lo.h"
59 #include "pcmcia.h"
60 #include "sdio.h"
61 #include <linux/mmc/sdio_func.h>
63 MODULE_DESCRIPTION("Broadcom B43 wireless driver");
64 MODULE_AUTHOR("Martin Langer");
65 MODULE_AUTHOR("Stefano Brivio");
66 MODULE_AUTHOR("Michael Buesch");
67 MODULE_AUTHOR("Gábor Stefanik");
68 MODULE_AUTHOR("Rafał Miłecki");
69 MODULE_LICENSE("GPL");
71 MODULE_FIRMWARE("b43/ucode11.fw");
72 MODULE_FIRMWARE("b43/ucode13.fw");
73 MODULE_FIRMWARE("b43/ucode14.fw");
74 MODULE_FIRMWARE("b43/ucode15.fw");
75 MODULE_FIRMWARE("b43/ucode16_mimo.fw");
76 MODULE_FIRMWARE("b43/ucode5.fw");
77 MODULE_FIRMWARE("b43/ucode9.fw");
79 static int modparam_bad_frames_preempt;
80 module_param_named(bad_frames_preempt, modparam_bad_frames_preempt, int, 0444);
81 MODULE_PARM_DESC(bad_frames_preempt,
82 "enable(1) / disable(0) Bad Frames Preemption");
84 static char modparam_fwpostfix[16];
85 module_param_string(fwpostfix, modparam_fwpostfix, 16, 0444);
86 MODULE_PARM_DESC(fwpostfix, "Postfix for the .fw files to load.");
88 static int modparam_hwpctl;
89 module_param_named(hwpctl, modparam_hwpctl, int, 0444);
90 MODULE_PARM_DESC(hwpctl, "Enable hardware-side power control (default off)");
92 static int modparam_nohwcrypt;
93 module_param_named(nohwcrypt, modparam_nohwcrypt, int, 0444);
94 MODULE_PARM_DESC(nohwcrypt, "Disable hardware encryption.");
96 static int modparam_hwtkip;
97 module_param_named(hwtkip, modparam_hwtkip, int, 0444);
98 MODULE_PARM_DESC(hwtkip, "Enable hardware tkip.");
100 static int modparam_qos = 1;
101 module_param_named(qos, modparam_qos, int, 0444);
102 MODULE_PARM_DESC(qos, "Enable QOS support (default on)");
104 static int modparam_btcoex = 1;
105 module_param_named(btcoex, modparam_btcoex, int, 0444);
106 MODULE_PARM_DESC(btcoex, "Enable Bluetooth coexistence (default on)");
108 int b43_modparam_verbose = B43_VERBOSITY_DEFAULT;
109 module_param_named(verbose, b43_modparam_verbose, int, 0644);
110 MODULE_PARM_DESC(verbose, "Log message verbosity: 0=error, 1=warn, 2=info(default), 3=debug");
112 static int b43_modparam_pio = 0;
113 module_param_named(pio, b43_modparam_pio, int, 0644);
114 MODULE_PARM_DESC(pio, "Use PIO accesses by default: 0=DMA, 1=PIO");
116 #ifdef CONFIG_B43_BCMA
117 static const struct bcma_device_id b43_bcma_tbl[] = {
118 BCMA_CORE(BCMA_MANUF_BCM, BCMA_CORE_80211, 0x11, BCMA_ANY_CLASS),
119 #ifdef CONFIG_B43_BCMA_EXTRA
120 BCMA_CORE(BCMA_MANUF_BCM, BCMA_CORE_80211, 0x17, BCMA_ANY_CLASS),
121 BCMA_CORE(BCMA_MANUF_BCM, BCMA_CORE_80211, 0x18, BCMA_ANY_CLASS),
122 #endif
123 BCMA_CORE(BCMA_MANUF_BCM, BCMA_CORE_80211, 0x1D, BCMA_ANY_CLASS),
124 BCMA_CORETABLE_END
126 MODULE_DEVICE_TABLE(bcma, b43_bcma_tbl);
127 #endif
129 #ifdef CONFIG_B43_SSB
130 static const struct ssb_device_id b43_ssb_tbl[] = {
131 SSB_DEVICE(SSB_VENDOR_BROADCOM, SSB_DEV_80211, 5),
132 SSB_DEVICE(SSB_VENDOR_BROADCOM, SSB_DEV_80211, 6),
133 SSB_DEVICE(SSB_VENDOR_BROADCOM, SSB_DEV_80211, 7),
134 SSB_DEVICE(SSB_VENDOR_BROADCOM, SSB_DEV_80211, 9),
135 SSB_DEVICE(SSB_VENDOR_BROADCOM, SSB_DEV_80211, 10),
136 SSB_DEVICE(SSB_VENDOR_BROADCOM, SSB_DEV_80211, 11),
137 SSB_DEVICE(SSB_VENDOR_BROADCOM, SSB_DEV_80211, 12),
138 SSB_DEVICE(SSB_VENDOR_BROADCOM, SSB_DEV_80211, 13),
139 SSB_DEVICE(SSB_VENDOR_BROADCOM, SSB_DEV_80211, 15),
140 SSB_DEVICE(SSB_VENDOR_BROADCOM, SSB_DEV_80211, 16),
141 SSB_DEVTABLE_END
143 MODULE_DEVICE_TABLE(ssb, b43_ssb_tbl);
144 #endif
146 /* Channel and ratetables are shared for all devices.
147 * They can't be const, because ieee80211 puts some precalculated
148 * data in there. This data is the same for all devices, so we don't
149 * get concurrency issues */
150 #define RATETAB_ENT(_rateid, _flags) \
152 .bitrate = B43_RATE_TO_BASE100KBPS(_rateid), \
153 .hw_value = (_rateid), \
154 .flags = (_flags), \
158 * NOTE: When changing this, sync with xmit.c's
159 * b43_plcp_get_bitrate_idx_* functions!
161 static struct ieee80211_rate __b43_ratetable[] = {
162 RATETAB_ENT(B43_CCK_RATE_1MB, 0),
163 RATETAB_ENT(B43_CCK_RATE_2MB, IEEE80211_RATE_SHORT_PREAMBLE),
164 RATETAB_ENT(B43_CCK_RATE_5MB, IEEE80211_RATE_SHORT_PREAMBLE),
165 RATETAB_ENT(B43_CCK_RATE_11MB, IEEE80211_RATE_SHORT_PREAMBLE),
166 RATETAB_ENT(B43_OFDM_RATE_6MB, 0),
167 RATETAB_ENT(B43_OFDM_RATE_9MB, 0),
168 RATETAB_ENT(B43_OFDM_RATE_12MB, 0),
169 RATETAB_ENT(B43_OFDM_RATE_18MB, 0),
170 RATETAB_ENT(B43_OFDM_RATE_24MB, 0),
171 RATETAB_ENT(B43_OFDM_RATE_36MB, 0),
172 RATETAB_ENT(B43_OFDM_RATE_48MB, 0),
173 RATETAB_ENT(B43_OFDM_RATE_54MB, 0),
176 #define b43_a_ratetable (__b43_ratetable + 4)
177 #define b43_a_ratetable_size 8
178 #define b43_b_ratetable (__b43_ratetable + 0)
179 #define b43_b_ratetable_size 4
180 #define b43_g_ratetable (__b43_ratetable + 0)
181 #define b43_g_ratetable_size 12
183 #define CHAN4G(_channel, _freq, _flags) { \
184 .band = IEEE80211_BAND_2GHZ, \
185 .center_freq = (_freq), \
186 .hw_value = (_channel), \
187 .flags = (_flags), \
188 .max_antenna_gain = 0, \
189 .max_power = 30, \
191 static struct ieee80211_channel b43_2ghz_chantable[] = {
192 CHAN4G(1, 2412, 0),
193 CHAN4G(2, 2417, 0),
194 CHAN4G(3, 2422, 0),
195 CHAN4G(4, 2427, 0),
196 CHAN4G(5, 2432, 0),
197 CHAN4G(6, 2437, 0),
198 CHAN4G(7, 2442, 0),
199 CHAN4G(8, 2447, 0),
200 CHAN4G(9, 2452, 0),
201 CHAN4G(10, 2457, 0),
202 CHAN4G(11, 2462, 0),
203 CHAN4G(12, 2467, 0),
204 CHAN4G(13, 2472, 0),
205 CHAN4G(14, 2484, 0),
207 #undef CHAN4G
209 #define CHAN5G(_channel, _flags) { \
210 .band = IEEE80211_BAND_5GHZ, \
211 .center_freq = 5000 + (5 * (_channel)), \
212 .hw_value = (_channel), \
213 .flags = (_flags), \
214 .max_antenna_gain = 0, \
215 .max_power = 30, \
217 static struct ieee80211_channel b43_5ghz_nphy_chantable[] = {
218 CHAN5G(32, 0), CHAN5G(34, 0),
219 CHAN5G(36, 0), CHAN5G(38, 0),
220 CHAN5G(40, 0), CHAN5G(42, 0),
221 CHAN5G(44, 0), CHAN5G(46, 0),
222 CHAN5G(48, 0), CHAN5G(50, 0),
223 CHAN5G(52, 0), CHAN5G(54, 0),
224 CHAN5G(56, 0), CHAN5G(58, 0),
225 CHAN5G(60, 0), CHAN5G(62, 0),
226 CHAN5G(64, 0), CHAN5G(66, 0),
227 CHAN5G(68, 0), CHAN5G(70, 0),
228 CHAN5G(72, 0), CHAN5G(74, 0),
229 CHAN5G(76, 0), CHAN5G(78, 0),
230 CHAN5G(80, 0), CHAN5G(82, 0),
231 CHAN5G(84, 0), CHAN5G(86, 0),
232 CHAN5G(88, 0), CHAN5G(90, 0),
233 CHAN5G(92, 0), CHAN5G(94, 0),
234 CHAN5G(96, 0), CHAN5G(98, 0),
235 CHAN5G(100, 0), CHAN5G(102, 0),
236 CHAN5G(104, 0), CHAN5G(106, 0),
237 CHAN5G(108, 0), CHAN5G(110, 0),
238 CHAN5G(112, 0), CHAN5G(114, 0),
239 CHAN5G(116, 0), CHAN5G(118, 0),
240 CHAN5G(120, 0), CHAN5G(122, 0),
241 CHAN5G(124, 0), CHAN5G(126, 0),
242 CHAN5G(128, 0), CHAN5G(130, 0),
243 CHAN5G(132, 0), CHAN5G(134, 0),
244 CHAN5G(136, 0), CHAN5G(138, 0),
245 CHAN5G(140, 0), CHAN5G(142, 0),
246 CHAN5G(144, 0), CHAN5G(145, 0),
247 CHAN5G(146, 0), CHAN5G(147, 0),
248 CHAN5G(148, 0), CHAN5G(149, 0),
249 CHAN5G(150, 0), CHAN5G(151, 0),
250 CHAN5G(152, 0), CHAN5G(153, 0),
251 CHAN5G(154, 0), CHAN5G(155, 0),
252 CHAN5G(156, 0), CHAN5G(157, 0),
253 CHAN5G(158, 0), CHAN5G(159, 0),
254 CHAN5G(160, 0), CHAN5G(161, 0),
255 CHAN5G(162, 0), CHAN5G(163, 0),
256 CHAN5G(164, 0), CHAN5G(165, 0),
257 CHAN5G(166, 0), CHAN5G(168, 0),
258 CHAN5G(170, 0), CHAN5G(172, 0),
259 CHAN5G(174, 0), CHAN5G(176, 0),
260 CHAN5G(178, 0), CHAN5G(180, 0),
261 CHAN5G(182, 0), CHAN5G(184, 0),
262 CHAN5G(186, 0), CHAN5G(188, 0),
263 CHAN5G(190, 0), CHAN5G(192, 0),
264 CHAN5G(194, 0), CHAN5G(196, 0),
265 CHAN5G(198, 0), CHAN5G(200, 0),
266 CHAN5G(202, 0), CHAN5G(204, 0),
267 CHAN5G(206, 0), CHAN5G(208, 0),
268 CHAN5G(210, 0), CHAN5G(212, 0),
269 CHAN5G(214, 0), CHAN5G(216, 0),
270 CHAN5G(218, 0), CHAN5G(220, 0),
271 CHAN5G(222, 0), CHAN5G(224, 0),
272 CHAN5G(226, 0), CHAN5G(228, 0),
275 static struct ieee80211_channel b43_5ghz_aphy_chantable[] = {
276 CHAN5G(34, 0), CHAN5G(36, 0),
277 CHAN5G(38, 0), CHAN5G(40, 0),
278 CHAN5G(42, 0), CHAN5G(44, 0),
279 CHAN5G(46, 0), CHAN5G(48, 0),
280 CHAN5G(52, 0), CHAN5G(56, 0),
281 CHAN5G(60, 0), CHAN5G(64, 0),
282 CHAN5G(100, 0), CHAN5G(104, 0),
283 CHAN5G(108, 0), CHAN5G(112, 0),
284 CHAN5G(116, 0), CHAN5G(120, 0),
285 CHAN5G(124, 0), CHAN5G(128, 0),
286 CHAN5G(132, 0), CHAN5G(136, 0),
287 CHAN5G(140, 0), CHAN5G(149, 0),
288 CHAN5G(153, 0), CHAN5G(157, 0),
289 CHAN5G(161, 0), CHAN5G(165, 0),
290 CHAN5G(184, 0), CHAN5G(188, 0),
291 CHAN5G(192, 0), CHAN5G(196, 0),
292 CHAN5G(200, 0), CHAN5G(204, 0),
293 CHAN5G(208, 0), CHAN5G(212, 0),
294 CHAN5G(216, 0),
296 #undef CHAN5G
298 static struct ieee80211_supported_band b43_band_5GHz_nphy = {
299 .band = IEEE80211_BAND_5GHZ,
300 .channels = b43_5ghz_nphy_chantable,
301 .n_channels = ARRAY_SIZE(b43_5ghz_nphy_chantable),
302 .bitrates = b43_a_ratetable,
303 .n_bitrates = b43_a_ratetable_size,
306 static struct ieee80211_supported_band b43_band_5GHz_aphy = {
307 .band = IEEE80211_BAND_5GHZ,
308 .channels = b43_5ghz_aphy_chantable,
309 .n_channels = ARRAY_SIZE(b43_5ghz_aphy_chantable),
310 .bitrates = b43_a_ratetable,
311 .n_bitrates = b43_a_ratetable_size,
314 static struct ieee80211_supported_band b43_band_2GHz = {
315 .band = IEEE80211_BAND_2GHZ,
316 .channels = b43_2ghz_chantable,
317 .n_channels = ARRAY_SIZE(b43_2ghz_chantable),
318 .bitrates = b43_g_ratetable,
319 .n_bitrates = b43_g_ratetable_size,
322 static void b43_wireless_core_exit(struct b43_wldev *dev);
323 static int b43_wireless_core_init(struct b43_wldev *dev);
324 static struct b43_wldev * b43_wireless_core_stop(struct b43_wldev *dev);
325 static int b43_wireless_core_start(struct b43_wldev *dev);
326 static void b43_op_bss_info_changed(struct ieee80211_hw *hw,
327 struct ieee80211_vif *vif,
328 struct ieee80211_bss_conf *conf,
329 u32 changed);
331 static int b43_ratelimit(struct b43_wl *wl)
333 if (!wl || !wl->current_dev)
334 return 1;
335 if (b43_status(wl->current_dev) < B43_STAT_STARTED)
336 return 1;
337 /* We are up and running.
338 * Ratelimit the messages to avoid DoS over the net. */
339 return net_ratelimit();
342 void b43info(struct b43_wl *wl, const char *fmt, ...)
344 struct va_format vaf;
345 va_list args;
347 if (b43_modparam_verbose < B43_VERBOSITY_INFO)
348 return;
349 if (!b43_ratelimit(wl))
350 return;
352 va_start(args, fmt);
354 vaf.fmt = fmt;
355 vaf.va = &args;
357 printk(KERN_INFO "b43-%s: %pV",
358 (wl && wl->hw) ? wiphy_name(wl->hw->wiphy) : "wlan", &vaf);
360 va_end(args);
363 void b43err(struct b43_wl *wl, const char *fmt, ...)
365 struct va_format vaf;
366 va_list args;
368 if (b43_modparam_verbose < B43_VERBOSITY_ERROR)
369 return;
370 if (!b43_ratelimit(wl))
371 return;
373 va_start(args, fmt);
375 vaf.fmt = fmt;
376 vaf.va = &args;
378 printk(KERN_ERR "b43-%s ERROR: %pV",
379 (wl && wl->hw) ? wiphy_name(wl->hw->wiphy) : "wlan", &vaf);
381 va_end(args);
384 void b43warn(struct b43_wl *wl, const char *fmt, ...)
386 struct va_format vaf;
387 va_list args;
389 if (b43_modparam_verbose < B43_VERBOSITY_WARN)
390 return;
391 if (!b43_ratelimit(wl))
392 return;
394 va_start(args, fmt);
396 vaf.fmt = fmt;
397 vaf.va = &args;
399 printk(KERN_WARNING "b43-%s warning: %pV",
400 (wl && wl->hw) ? wiphy_name(wl->hw->wiphy) : "wlan", &vaf);
402 va_end(args);
405 void b43dbg(struct b43_wl *wl, const char *fmt, ...)
407 struct va_format vaf;
408 va_list args;
410 if (b43_modparam_verbose < B43_VERBOSITY_DEBUG)
411 return;
413 va_start(args, fmt);
415 vaf.fmt = fmt;
416 vaf.va = &args;
418 printk(KERN_DEBUG "b43-%s debug: %pV",
419 (wl && wl->hw) ? wiphy_name(wl->hw->wiphy) : "wlan", &vaf);
421 va_end(args);
424 static void b43_ram_write(struct b43_wldev *dev, u16 offset, u32 val)
426 u32 macctl;
428 B43_WARN_ON(offset % 4 != 0);
430 macctl = b43_read32(dev, B43_MMIO_MACCTL);
431 if (macctl & B43_MACCTL_BE)
432 val = swab32(val);
434 b43_write32(dev, B43_MMIO_RAM_CONTROL, offset);
435 mmiowb();
436 b43_write32(dev, B43_MMIO_RAM_DATA, val);
439 static inline void b43_shm_control_word(struct b43_wldev *dev,
440 u16 routing, u16 offset)
442 u32 control;
444 /* "offset" is the WORD offset. */
445 control = routing;
446 control <<= 16;
447 control |= offset;
448 b43_write32(dev, B43_MMIO_SHM_CONTROL, control);
451 u32 b43_shm_read32(struct b43_wldev *dev, u16 routing, u16 offset)
453 u32 ret;
455 if (routing == B43_SHM_SHARED) {
456 B43_WARN_ON(offset & 0x0001);
457 if (offset & 0x0003) {
458 /* Unaligned access */
459 b43_shm_control_word(dev, routing, offset >> 2);
460 ret = b43_read16(dev, B43_MMIO_SHM_DATA_UNALIGNED);
461 b43_shm_control_word(dev, routing, (offset >> 2) + 1);
462 ret |= ((u32)b43_read16(dev, B43_MMIO_SHM_DATA)) << 16;
464 goto out;
466 offset >>= 2;
468 b43_shm_control_word(dev, routing, offset);
469 ret = b43_read32(dev, B43_MMIO_SHM_DATA);
470 out:
471 return ret;
474 u16 b43_shm_read16(struct b43_wldev *dev, u16 routing, u16 offset)
476 u16 ret;
478 if (routing == B43_SHM_SHARED) {
479 B43_WARN_ON(offset & 0x0001);
480 if (offset & 0x0003) {
481 /* Unaligned access */
482 b43_shm_control_word(dev, routing, offset >> 2);
483 ret = b43_read16(dev, B43_MMIO_SHM_DATA_UNALIGNED);
485 goto out;
487 offset >>= 2;
489 b43_shm_control_word(dev, routing, offset);
490 ret = b43_read16(dev, B43_MMIO_SHM_DATA);
491 out:
492 return ret;
495 void b43_shm_write32(struct b43_wldev *dev, u16 routing, u16 offset, u32 value)
497 if (routing == B43_SHM_SHARED) {
498 B43_WARN_ON(offset & 0x0001);
499 if (offset & 0x0003) {
500 /* Unaligned access */
501 b43_shm_control_word(dev, routing, offset >> 2);
502 b43_write16(dev, B43_MMIO_SHM_DATA_UNALIGNED,
503 value & 0xFFFF);
504 b43_shm_control_word(dev, routing, (offset >> 2) + 1);
505 b43_write16(dev, B43_MMIO_SHM_DATA,
506 (value >> 16) & 0xFFFF);
507 return;
509 offset >>= 2;
511 b43_shm_control_word(dev, routing, offset);
512 b43_write32(dev, B43_MMIO_SHM_DATA, value);
515 void b43_shm_write16(struct b43_wldev *dev, u16 routing, u16 offset, u16 value)
517 if (routing == B43_SHM_SHARED) {
518 B43_WARN_ON(offset & 0x0001);
519 if (offset & 0x0003) {
520 /* Unaligned access */
521 b43_shm_control_word(dev, routing, offset >> 2);
522 b43_write16(dev, B43_MMIO_SHM_DATA_UNALIGNED, value);
523 return;
525 offset >>= 2;
527 b43_shm_control_word(dev, routing, offset);
528 b43_write16(dev, B43_MMIO_SHM_DATA, value);
531 /* Read HostFlags */
532 u64 b43_hf_read(struct b43_wldev *dev)
534 u64 ret;
536 ret = b43_shm_read16(dev, B43_SHM_SHARED, B43_SHM_SH_HOSTFHI);
537 ret <<= 16;
538 ret |= b43_shm_read16(dev, B43_SHM_SHARED, B43_SHM_SH_HOSTFMI);
539 ret <<= 16;
540 ret |= b43_shm_read16(dev, B43_SHM_SHARED, B43_SHM_SH_HOSTFLO);
542 return ret;
545 /* Write HostFlags */
546 void b43_hf_write(struct b43_wldev *dev, u64 value)
548 u16 lo, mi, hi;
550 lo = (value & 0x00000000FFFFULL);
551 mi = (value & 0x0000FFFF0000ULL) >> 16;
552 hi = (value & 0xFFFF00000000ULL) >> 32;
553 b43_shm_write16(dev, B43_SHM_SHARED, B43_SHM_SH_HOSTFLO, lo);
554 b43_shm_write16(dev, B43_SHM_SHARED, B43_SHM_SH_HOSTFMI, mi);
555 b43_shm_write16(dev, B43_SHM_SHARED, B43_SHM_SH_HOSTFHI, hi);
558 /* Read the firmware capabilities bitmask (Opensource firmware only) */
559 static u16 b43_fwcapa_read(struct b43_wldev *dev)
561 B43_WARN_ON(!dev->fw.opensource);
562 return b43_shm_read16(dev, B43_SHM_SHARED, B43_SHM_SH_FWCAPA);
565 void b43_tsf_read(struct b43_wldev *dev, u64 *tsf)
567 u32 low, high;
569 B43_WARN_ON(dev->dev->core_rev < 3);
571 /* The hardware guarantees us an atomic read, if we
572 * read the low register first. */
573 low = b43_read32(dev, B43_MMIO_REV3PLUS_TSF_LOW);
574 high = b43_read32(dev, B43_MMIO_REV3PLUS_TSF_HIGH);
576 *tsf = high;
577 *tsf <<= 32;
578 *tsf |= low;
581 static void b43_time_lock(struct b43_wldev *dev)
583 u32 macctl;
585 macctl = b43_read32(dev, B43_MMIO_MACCTL);
586 macctl |= B43_MACCTL_TBTTHOLD;
587 b43_write32(dev, B43_MMIO_MACCTL, macctl);
588 /* Commit the write */
589 b43_read32(dev, B43_MMIO_MACCTL);
592 static void b43_time_unlock(struct b43_wldev *dev)
594 u32 macctl;
596 macctl = b43_read32(dev, B43_MMIO_MACCTL);
597 macctl &= ~B43_MACCTL_TBTTHOLD;
598 b43_write32(dev, B43_MMIO_MACCTL, macctl);
599 /* Commit the write */
600 b43_read32(dev, B43_MMIO_MACCTL);
603 static void b43_tsf_write_locked(struct b43_wldev *dev, u64 tsf)
605 u32 low, high;
607 B43_WARN_ON(dev->dev->core_rev < 3);
609 low = tsf;
610 high = (tsf >> 32);
611 /* The hardware guarantees us an atomic write, if we
612 * write the low register first. */
613 b43_write32(dev, B43_MMIO_REV3PLUS_TSF_LOW, low);
614 mmiowb();
615 b43_write32(dev, B43_MMIO_REV3PLUS_TSF_HIGH, high);
616 mmiowb();
619 void b43_tsf_write(struct b43_wldev *dev, u64 tsf)
621 b43_time_lock(dev);
622 b43_tsf_write_locked(dev, tsf);
623 b43_time_unlock(dev);
626 static
627 void b43_macfilter_set(struct b43_wldev *dev, u16 offset, const u8 *mac)
629 static const u8 zero_addr[ETH_ALEN] = { 0 };
630 u16 data;
632 if (!mac)
633 mac = zero_addr;
635 offset |= 0x0020;
636 b43_write16(dev, B43_MMIO_MACFILTER_CONTROL, offset);
638 data = mac[0];
639 data |= mac[1] << 8;
640 b43_write16(dev, B43_MMIO_MACFILTER_DATA, data);
641 data = mac[2];
642 data |= mac[3] << 8;
643 b43_write16(dev, B43_MMIO_MACFILTER_DATA, data);
644 data = mac[4];
645 data |= mac[5] << 8;
646 b43_write16(dev, B43_MMIO_MACFILTER_DATA, data);
649 static void b43_write_mac_bssid_templates(struct b43_wldev *dev)
651 const u8 *mac;
652 const u8 *bssid;
653 u8 mac_bssid[ETH_ALEN * 2];
654 int i;
655 u32 tmp;
657 bssid = dev->wl->bssid;
658 mac = dev->wl->mac_addr;
660 b43_macfilter_set(dev, B43_MACFILTER_BSSID, bssid);
662 memcpy(mac_bssid, mac, ETH_ALEN);
663 memcpy(mac_bssid + ETH_ALEN, bssid, ETH_ALEN);
665 /* Write our MAC address and BSSID to template ram */
666 for (i = 0; i < ARRAY_SIZE(mac_bssid); i += sizeof(u32)) {
667 tmp = (u32) (mac_bssid[i + 0]);
668 tmp |= (u32) (mac_bssid[i + 1]) << 8;
669 tmp |= (u32) (mac_bssid[i + 2]) << 16;
670 tmp |= (u32) (mac_bssid[i + 3]) << 24;
671 b43_ram_write(dev, 0x20 + i, tmp);
675 static void b43_upload_card_macaddress(struct b43_wldev *dev)
677 b43_write_mac_bssid_templates(dev);
678 b43_macfilter_set(dev, B43_MACFILTER_SELF, dev->wl->mac_addr);
681 static void b43_set_slot_time(struct b43_wldev *dev, u16 slot_time)
683 /* slot_time is in usec. */
684 /* This test used to exit for all but a G PHY. */
685 if (b43_current_band(dev->wl) == IEEE80211_BAND_5GHZ)
686 return;
687 b43_write16(dev, B43_MMIO_IFSSLOT, 510 + slot_time);
688 /* Shared memory location 0x0010 is the slot time and should be
689 * set to slot_time; however, this register is initially 0 and changing
690 * the value adversely affects the transmit rate for BCM4311
691 * devices. Until this behavior is unterstood, delete this step
693 * b43_shm_write16(dev, B43_SHM_SHARED, 0x0010, slot_time);
697 static void b43_short_slot_timing_enable(struct b43_wldev *dev)
699 b43_set_slot_time(dev, 9);
702 static void b43_short_slot_timing_disable(struct b43_wldev *dev)
704 b43_set_slot_time(dev, 20);
707 /* DummyTransmission function, as documented on
708 * http://bcm-v4.sipsolutions.net/802.11/DummyTransmission
710 void b43_dummy_transmission(struct b43_wldev *dev, bool ofdm, bool pa_on)
712 struct b43_phy *phy = &dev->phy;
713 unsigned int i, max_loop;
714 u16 value;
715 u32 buffer[5] = {
716 0x00000000,
717 0x00D40000,
718 0x00000000,
719 0x01000000,
720 0x00000000,
723 if (ofdm) {
724 max_loop = 0x1E;
725 buffer[0] = 0x000201CC;
726 } else {
727 max_loop = 0xFA;
728 buffer[0] = 0x000B846E;
731 for (i = 0; i < 5; i++)
732 b43_ram_write(dev, i * 4, buffer[i]);
734 b43_write16(dev, B43_MMIO_XMTSEL, 0x0000);
736 if (dev->dev->core_rev < 11)
737 b43_write16(dev, B43_MMIO_WEPCTL, 0x0000);
738 else
739 b43_write16(dev, B43_MMIO_WEPCTL, 0x0100);
741 value = (ofdm ? 0x41 : 0x40);
742 b43_write16(dev, B43_MMIO_TXE0_PHYCTL, value);
743 if (phy->type == B43_PHYTYPE_N || phy->type == B43_PHYTYPE_LP ||
744 phy->type == B43_PHYTYPE_LCN)
745 b43_write16(dev, B43_MMIO_TXE0_PHYCTL1, 0x1A02);
747 b43_write16(dev, B43_MMIO_TXE0_WM_0, 0x0000);
748 b43_write16(dev, B43_MMIO_TXE0_WM_1, 0x0000);
750 b43_write16(dev, B43_MMIO_XMTTPLATETXPTR, 0x0000);
751 b43_write16(dev, B43_MMIO_XMTTXCNT, 0x0014);
752 b43_write16(dev, B43_MMIO_XMTSEL, 0x0826);
753 b43_write16(dev, B43_MMIO_TXE0_CTL, 0x0000);
755 if (!pa_on && phy->type == B43_PHYTYPE_N)
756 ; /*b43_nphy_pa_override(dev, false) */
758 switch (phy->type) {
759 case B43_PHYTYPE_N:
760 case B43_PHYTYPE_LCN:
761 b43_write16(dev, B43_MMIO_TXE0_AUX, 0x00D0);
762 break;
763 case B43_PHYTYPE_LP:
764 b43_write16(dev, B43_MMIO_TXE0_AUX, 0x0050);
765 break;
766 default:
767 b43_write16(dev, B43_MMIO_TXE0_AUX, 0x0030);
769 b43_read16(dev, B43_MMIO_TXE0_AUX);
771 if (phy->radio_ver == 0x2050 && phy->radio_rev <= 0x5)
772 b43_radio_write16(dev, 0x0051, 0x0017);
773 for (i = 0x00; i < max_loop; i++) {
774 value = b43_read16(dev, B43_MMIO_TXE0_STATUS);
775 if (value & 0x0080)
776 break;
777 udelay(10);
779 for (i = 0x00; i < 0x0A; i++) {
780 value = b43_read16(dev, B43_MMIO_TXE0_STATUS);
781 if (value & 0x0400)
782 break;
783 udelay(10);
785 for (i = 0x00; i < 0x19; i++) {
786 value = b43_read16(dev, B43_MMIO_IFSSTAT);
787 if (!(value & 0x0100))
788 break;
789 udelay(10);
791 if (phy->radio_ver == 0x2050 && phy->radio_rev <= 0x5)
792 b43_radio_write16(dev, 0x0051, 0x0037);
795 static void key_write(struct b43_wldev *dev,
796 u8 index, u8 algorithm, const u8 *key)
798 unsigned int i;
799 u32 offset;
800 u16 value;
801 u16 kidx;
803 /* Key index/algo block */
804 kidx = b43_kidx_to_fw(dev, index);
805 value = ((kidx << 4) | algorithm);
806 b43_shm_write16(dev, B43_SHM_SHARED,
807 B43_SHM_SH_KEYIDXBLOCK + (kidx * 2), value);
809 /* Write the key to the Key Table Pointer offset */
810 offset = dev->ktp + (index * B43_SEC_KEYSIZE);
811 for (i = 0; i < B43_SEC_KEYSIZE; i += 2) {
812 value = key[i];
813 value |= (u16) (key[i + 1]) << 8;
814 b43_shm_write16(dev, B43_SHM_SHARED, offset + i, value);
818 static void keymac_write(struct b43_wldev *dev, u8 index, const u8 *addr)
820 u32 addrtmp[2] = { 0, 0, };
821 u8 pairwise_keys_start = B43_NR_GROUP_KEYS * 2;
823 if (b43_new_kidx_api(dev))
824 pairwise_keys_start = B43_NR_GROUP_KEYS;
826 B43_WARN_ON(index < pairwise_keys_start);
827 /* We have four default TX keys and possibly four default RX keys.
828 * Physical mac 0 is mapped to physical key 4 or 8, depending
829 * on the firmware version.
830 * So we must adjust the index here.
832 index -= pairwise_keys_start;
833 B43_WARN_ON(index >= B43_NR_PAIRWISE_KEYS);
835 if (addr) {
836 addrtmp[0] = addr[0];
837 addrtmp[0] |= ((u32) (addr[1]) << 8);
838 addrtmp[0] |= ((u32) (addr[2]) << 16);
839 addrtmp[0] |= ((u32) (addr[3]) << 24);
840 addrtmp[1] = addr[4];
841 addrtmp[1] |= ((u32) (addr[5]) << 8);
844 /* Receive match transmitter address (RCMTA) mechanism */
845 b43_shm_write32(dev, B43_SHM_RCMTA,
846 (index * 2) + 0, addrtmp[0]);
847 b43_shm_write16(dev, B43_SHM_RCMTA,
848 (index * 2) + 1, addrtmp[1]);
851 /* The ucode will use phase1 key with TEK key to decrypt rx packets.
852 * When a packet is received, the iv32 is checked.
853 * - if it doesn't the packet is returned without modification (and software
854 * decryption can be done). That's what happen when iv16 wrap.
855 * - if it does, the rc4 key is computed, and decryption is tried.
856 * Either it will success and B43_RX_MAC_DEC is returned,
857 * either it fails and B43_RX_MAC_DEC|B43_RX_MAC_DECERR is returned
858 * and the packet is not usable (it got modified by the ucode).
859 * So in order to never have B43_RX_MAC_DECERR, we should provide
860 * a iv32 and phase1key that match. Because we drop packets in case of
861 * B43_RX_MAC_DECERR, if we have a correct iv32 but a wrong phase1key, all
862 * packets will be lost without higher layer knowing (ie no resync possible
863 * until next wrap).
865 * NOTE : this should support 50 key like RCMTA because
866 * (B43_SHM_SH_KEYIDXBLOCK - B43_SHM_SH_TKIPTSCTTAK)/14 = 50
868 static void rx_tkip_phase1_write(struct b43_wldev *dev, u8 index, u32 iv32,
869 u16 *phase1key)
871 unsigned int i;
872 u32 offset;
873 u8 pairwise_keys_start = B43_NR_GROUP_KEYS * 2;
875 if (!modparam_hwtkip)
876 return;
878 if (b43_new_kidx_api(dev))
879 pairwise_keys_start = B43_NR_GROUP_KEYS;
881 B43_WARN_ON(index < pairwise_keys_start);
882 /* We have four default TX keys and possibly four default RX keys.
883 * Physical mac 0 is mapped to physical key 4 or 8, depending
884 * on the firmware version.
885 * So we must adjust the index here.
887 index -= pairwise_keys_start;
888 B43_WARN_ON(index >= B43_NR_PAIRWISE_KEYS);
890 if (b43_debug(dev, B43_DBG_KEYS)) {
891 b43dbg(dev->wl, "rx_tkip_phase1_write : idx 0x%x, iv32 0x%x\n",
892 index, iv32);
894 /* Write the key to the RX tkip shared mem */
895 offset = B43_SHM_SH_TKIPTSCTTAK + index * (10 + 4);
896 for (i = 0; i < 10; i += 2) {
897 b43_shm_write16(dev, B43_SHM_SHARED, offset + i,
898 phase1key ? phase1key[i / 2] : 0);
900 b43_shm_write16(dev, B43_SHM_SHARED, offset + i, iv32);
901 b43_shm_write16(dev, B43_SHM_SHARED, offset + i + 2, iv32 >> 16);
904 static void b43_op_update_tkip_key(struct ieee80211_hw *hw,
905 struct ieee80211_vif *vif,
906 struct ieee80211_key_conf *keyconf,
907 struct ieee80211_sta *sta,
908 u32 iv32, u16 *phase1key)
910 struct b43_wl *wl = hw_to_b43_wl(hw);
911 struct b43_wldev *dev;
912 int index = keyconf->hw_key_idx;
914 if (B43_WARN_ON(!modparam_hwtkip))
915 return;
917 /* This is only called from the RX path through mac80211, where
918 * our mutex is already locked. */
919 B43_WARN_ON(!mutex_is_locked(&wl->mutex));
920 dev = wl->current_dev;
921 B43_WARN_ON(!dev || b43_status(dev) < B43_STAT_INITIALIZED);
923 keymac_write(dev, index, NULL); /* First zero out mac to avoid race */
925 rx_tkip_phase1_write(dev, index, iv32, phase1key);
926 /* only pairwise TKIP keys are supported right now */
927 if (WARN_ON(!sta))
928 return;
929 keymac_write(dev, index, sta->addr);
932 static void do_key_write(struct b43_wldev *dev,
933 u8 index, u8 algorithm,
934 const u8 *key, size_t key_len, const u8 *mac_addr)
936 u8 buf[B43_SEC_KEYSIZE] = { 0, };
937 u8 pairwise_keys_start = B43_NR_GROUP_KEYS * 2;
939 if (b43_new_kidx_api(dev))
940 pairwise_keys_start = B43_NR_GROUP_KEYS;
942 B43_WARN_ON(index >= ARRAY_SIZE(dev->key));
943 B43_WARN_ON(key_len > B43_SEC_KEYSIZE);
945 if (index >= pairwise_keys_start)
946 keymac_write(dev, index, NULL); /* First zero out mac. */
947 if (algorithm == B43_SEC_ALGO_TKIP) {
949 * We should provide an initial iv32, phase1key pair.
950 * We could start with iv32=0 and compute the corresponding
951 * phase1key, but this means calling ieee80211_get_tkip_key
952 * with a fake skb (or export other tkip function).
953 * Because we are lazy we hope iv32 won't start with
954 * 0xffffffff and let's b43_op_update_tkip_key provide a
955 * correct pair.
957 rx_tkip_phase1_write(dev, index, 0xffffffff, (u16*)buf);
958 } else if (index >= pairwise_keys_start) /* clear it */
959 rx_tkip_phase1_write(dev, index, 0, NULL);
960 if (key)
961 memcpy(buf, key, key_len);
962 key_write(dev, index, algorithm, buf);
963 if (index >= pairwise_keys_start)
964 keymac_write(dev, index, mac_addr);
966 dev->key[index].algorithm = algorithm;
969 static int b43_key_write(struct b43_wldev *dev,
970 int index, u8 algorithm,
971 const u8 *key, size_t key_len,
972 const u8 *mac_addr,
973 struct ieee80211_key_conf *keyconf)
975 int i;
976 int pairwise_keys_start;
978 /* For ALG_TKIP the key is encoded as a 256-bit (32 byte) data block:
979 * - Temporal Encryption Key (128 bits)
980 * - Temporal Authenticator Tx MIC Key (64 bits)
981 * - Temporal Authenticator Rx MIC Key (64 bits)
983 * Hardware only store TEK
985 if (algorithm == B43_SEC_ALGO_TKIP && key_len == 32)
986 key_len = 16;
987 if (key_len > B43_SEC_KEYSIZE)
988 return -EINVAL;
989 for (i = 0; i < ARRAY_SIZE(dev->key); i++) {
990 /* Check that we don't already have this key. */
991 B43_WARN_ON(dev->key[i].keyconf == keyconf);
993 if (index < 0) {
994 /* Pairwise key. Get an empty slot for the key. */
995 if (b43_new_kidx_api(dev))
996 pairwise_keys_start = B43_NR_GROUP_KEYS;
997 else
998 pairwise_keys_start = B43_NR_GROUP_KEYS * 2;
999 for (i = pairwise_keys_start;
1000 i < pairwise_keys_start + B43_NR_PAIRWISE_KEYS;
1001 i++) {
1002 B43_WARN_ON(i >= ARRAY_SIZE(dev->key));
1003 if (!dev->key[i].keyconf) {
1004 /* found empty */
1005 index = i;
1006 break;
1009 if (index < 0) {
1010 b43warn(dev->wl, "Out of hardware key memory\n");
1011 return -ENOSPC;
1013 } else
1014 B43_WARN_ON(index > 3);
1016 do_key_write(dev, index, algorithm, key, key_len, mac_addr);
1017 if ((index <= 3) && !b43_new_kidx_api(dev)) {
1018 /* Default RX key */
1019 B43_WARN_ON(mac_addr);
1020 do_key_write(dev, index + 4, algorithm, key, key_len, NULL);
1022 keyconf->hw_key_idx = index;
1023 dev->key[index].keyconf = keyconf;
1025 return 0;
1028 static int b43_key_clear(struct b43_wldev *dev, int index)
1030 if (B43_WARN_ON((index < 0) || (index >= ARRAY_SIZE(dev->key))))
1031 return -EINVAL;
1032 do_key_write(dev, index, B43_SEC_ALGO_NONE,
1033 NULL, B43_SEC_KEYSIZE, NULL);
1034 if ((index <= 3) && !b43_new_kidx_api(dev)) {
1035 do_key_write(dev, index + 4, B43_SEC_ALGO_NONE,
1036 NULL, B43_SEC_KEYSIZE, NULL);
1038 dev->key[index].keyconf = NULL;
1040 return 0;
1043 static void b43_clear_keys(struct b43_wldev *dev)
1045 int i, count;
1047 if (b43_new_kidx_api(dev))
1048 count = B43_NR_GROUP_KEYS + B43_NR_PAIRWISE_KEYS;
1049 else
1050 count = B43_NR_GROUP_KEYS * 2 + B43_NR_PAIRWISE_KEYS;
1051 for (i = 0; i < count; i++)
1052 b43_key_clear(dev, i);
1055 static void b43_dump_keymemory(struct b43_wldev *dev)
1057 unsigned int i, index, count, offset, pairwise_keys_start;
1058 u8 mac[ETH_ALEN];
1059 u16 algo;
1060 u32 rcmta0;
1061 u16 rcmta1;
1062 u64 hf;
1063 struct b43_key *key;
1065 if (!b43_debug(dev, B43_DBG_KEYS))
1066 return;
1068 hf = b43_hf_read(dev);
1069 b43dbg(dev->wl, "Hardware key memory dump: USEDEFKEYS=%u\n",
1070 !!(hf & B43_HF_USEDEFKEYS));
1071 if (b43_new_kidx_api(dev)) {
1072 pairwise_keys_start = B43_NR_GROUP_KEYS;
1073 count = B43_NR_GROUP_KEYS + B43_NR_PAIRWISE_KEYS;
1074 } else {
1075 pairwise_keys_start = B43_NR_GROUP_KEYS * 2;
1076 count = B43_NR_GROUP_KEYS * 2 + B43_NR_PAIRWISE_KEYS;
1078 for (index = 0; index < count; index++) {
1079 key = &(dev->key[index]);
1080 printk(KERN_DEBUG "Key slot %02u: %s",
1081 index, (key->keyconf == NULL) ? " " : "*");
1082 offset = dev->ktp + (index * B43_SEC_KEYSIZE);
1083 for (i = 0; i < B43_SEC_KEYSIZE; i += 2) {
1084 u16 tmp = b43_shm_read16(dev, B43_SHM_SHARED, offset + i);
1085 printk("%02X%02X", (tmp & 0xFF), ((tmp >> 8) & 0xFF));
1088 algo = b43_shm_read16(dev, B43_SHM_SHARED,
1089 B43_SHM_SH_KEYIDXBLOCK + (index * 2));
1090 printk(" Algo: %04X/%02X", algo, key->algorithm);
1092 if (index >= pairwise_keys_start) {
1093 if (key->algorithm == B43_SEC_ALGO_TKIP) {
1094 printk(" TKIP: ");
1095 offset = B43_SHM_SH_TKIPTSCTTAK + (index - 4) * (10 + 4);
1096 for (i = 0; i < 14; i += 2) {
1097 u16 tmp = b43_shm_read16(dev, B43_SHM_SHARED, offset + i);
1098 printk("%02X%02X", (tmp & 0xFF), ((tmp >> 8) & 0xFF));
1101 rcmta0 = b43_shm_read32(dev, B43_SHM_RCMTA,
1102 ((index - pairwise_keys_start) * 2) + 0);
1103 rcmta1 = b43_shm_read16(dev, B43_SHM_RCMTA,
1104 ((index - pairwise_keys_start) * 2) + 1);
1105 *((__le32 *)(&mac[0])) = cpu_to_le32(rcmta0);
1106 *((__le16 *)(&mac[4])) = cpu_to_le16(rcmta1);
1107 printk(" MAC: %pM", mac);
1108 } else
1109 printk(" DEFAULT KEY");
1110 printk("\n");
1114 void b43_power_saving_ctl_bits(struct b43_wldev *dev, unsigned int ps_flags)
1116 u32 macctl;
1117 u16 ucstat;
1118 bool hwps;
1119 bool awake;
1120 int i;
1122 B43_WARN_ON((ps_flags & B43_PS_ENABLED) &&
1123 (ps_flags & B43_PS_DISABLED));
1124 B43_WARN_ON((ps_flags & B43_PS_AWAKE) && (ps_flags & B43_PS_ASLEEP));
1126 if (ps_flags & B43_PS_ENABLED) {
1127 hwps = true;
1128 } else if (ps_flags & B43_PS_DISABLED) {
1129 hwps = false;
1130 } else {
1131 //TODO: If powersave is not off and FIXME is not set and we are not in adhoc
1132 // and thus is not an AP and we are associated, set bit 25
1134 if (ps_flags & B43_PS_AWAKE) {
1135 awake = true;
1136 } else if (ps_flags & B43_PS_ASLEEP) {
1137 awake = false;
1138 } else {
1139 //TODO: If the device is awake or this is an AP, or we are scanning, or FIXME,
1140 // or we are associated, or FIXME, or the latest PS-Poll packet sent was
1141 // successful, set bit26
1144 /* FIXME: For now we force awake-on and hwps-off */
1145 hwps = false;
1146 awake = true;
1148 macctl = b43_read32(dev, B43_MMIO_MACCTL);
1149 if (hwps)
1150 macctl |= B43_MACCTL_HWPS;
1151 else
1152 macctl &= ~B43_MACCTL_HWPS;
1153 if (awake)
1154 macctl |= B43_MACCTL_AWAKE;
1155 else
1156 macctl &= ~B43_MACCTL_AWAKE;
1157 b43_write32(dev, B43_MMIO_MACCTL, macctl);
1158 /* Commit write */
1159 b43_read32(dev, B43_MMIO_MACCTL);
1160 if (awake && dev->dev->core_rev >= 5) {
1161 /* Wait for the microcode to wake up. */
1162 for (i = 0; i < 100; i++) {
1163 ucstat = b43_shm_read16(dev, B43_SHM_SHARED,
1164 B43_SHM_SH_UCODESTAT);
1165 if (ucstat != B43_SHM_SH_UCODESTAT_SLEEP)
1166 break;
1167 udelay(10);
1172 #ifdef CONFIG_B43_BCMA
1173 static void b43_bcma_phy_reset(struct b43_wldev *dev)
1175 u32 flags;
1177 /* Put PHY into reset */
1178 flags = bcma_aread32(dev->dev->bdev, BCMA_IOCTL);
1179 flags |= B43_BCMA_IOCTL_PHY_RESET;
1180 flags |= B43_BCMA_IOCTL_PHY_BW_20MHZ; /* Make 20 MHz def */
1181 bcma_awrite32(dev->dev->bdev, BCMA_IOCTL, flags);
1182 udelay(2);
1184 /* Take PHY out of reset */
1185 flags = bcma_aread32(dev->dev->bdev, BCMA_IOCTL);
1186 flags &= ~B43_BCMA_IOCTL_PHY_RESET;
1187 flags |= BCMA_IOCTL_FGC;
1188 bcma_awrite32(dev->dev->bdev, BCMA_IOCTL, flags);
1189 udelay(1);
1191 /* Do not force clock anymore */
1192 flags = bcma_aread32(dev->dev->bdev, BCMA_IOCTL);
1193 flags &= ~BCMA_IOCTL_FGC;
1194 bcma_awrite32(dev->dev->bdev, BCMA_IOCTL, flags);
1195 udelay(1);
1198 static void b43_bcma_wireless_core_reset(struct b43_wldev *dev, bool gmode)
1200 b43_device_enable(dev, B43_BCMA_IOCTL_PHY_CLKEN);
1201 bcma_core_set_clockmode(dev->dev->bdev, BCMA_CLKMODE_FAST);
1202 b43_bcma_phy_reset(dev);
1203 bcma_core_pll_ctl(dev->dev->bdev, 0x300, 0x3000000, true);
1205 #endif
1207 static void b43_ssb_wireless_core_reset(struct b43_wldev *dev, bool gmode)
1209 struct ssb_device *sdev = dev->dev->sdev;
1210 u32 tmslow;
1211 u32 flags = 0;
1213 if (gmode)
1214 flags |= B43_TMSLOW_GMODE;
1215 flags |= B43_TMSLOW_PHYCLKEN;
1216 flags |= B43_TMSLOW_PHYRESET;
1217 if (dev->phy.type == B43_PHYTYPE_N)
1218 flags |= B43_TMSLOW_PHY_BANDWIDTH_20MHZ; /* Make 20 MHz def */
1219 b43_device_enable(dev, flags);
1220 msleep(2); /* Wait for the PLL to turn on. */
1222 /* Now take the PHY out of Reset again */
1223 tmslow = ssb_read32(sdev, SSB_TMSLOW);
1224 tmslow |= SSB_TMSLOW_FGC;
1225 tmslow &= ~B43_TMSLOW_PHYRESET;
1226 ssb_write32(sdev, SSB_TMSLOW, tmslow);
1227 ssb_read32(sdev, SSB_TMSLOW); /* flush */
1228 msleep(1);
1229 tmslow &= ~SSB_TMSLOW_FGC;
1230 ssb_write32(sdev, SSB_TMSLOW, tmslow);
1231 ssb_read32(sdev, SSB_TMSLOW); /* flush */
1232 msleep(1);
1235 void b43_wireless_core_reset(struct b43_wldev *dev, bool gmode)
1237 u32 macctl;
1239 switch (dev->dev->bus_type) {
1240 #ifdef CONFIG_B43_BCMA
1241 case B43_BUS_BCMA:
1242 b43_bcma_wireless_core_reset(dev, gmode);
1243 break;
1244 #endif
1245 #ifdef CONFIG_B43_SSB
1246 case B43_BUS_SSB:
1247 b43_ssb_wireless_core_reset(dev, gmode);
1248 break;
1249 #endif
1252 /* Turn Analog ON, but only if we already know the PHY-type.
1253 * This protects against very early setup where we don't know the
1254 * PHY-type, yet. wireless_core_reset will be called once again later,
1255 * when we know the PHY-type. */
1256 if (dev->phy.ops)
1257 dev->phy.ops->switch_analog(dev, 1);
1259 macctl = b43_read32(dev, B43_MMIO_MACCTL);
1260 macctl &= ~B43_MACCTL_GMODE;
1261 if (gmode)
1262 macctl |= B43_MACCTL_GMODE;
1263 macctl |= B43_MACCTL_IHR_ENABLED;
1264 b43_write32(dev, B43_MMIO_MACCTL, macctl);
1267 static void handle_irq_transmit_status(struct b43_wldev *dev)
1269 u32 v0, v1;
1270 u16 tmp;
1271 struct b43_txstatus stat;
1273 while (1) {
1274 v0 = b43_read32(dev, B43_MMIO_XMITSTAT_0);
1275 if (!(v0 & 0x00000001))
1276 break;
1277 v1 = b43_read32(dev, B43_MMIO_XMITSTAT_1);
1279 stat.cookie = (v0 >> 16);
1280 stat.seq = (v1 & 0x0000FFFF);
1281 stat.phy_stat = ((v1 & 0x00FF0000) >> 16);
1282 tmp = (v0 & 0x0000FFFF);
1283 stat.frame_count = ((tmp & 0xF000) >> 12);
1284 stat.rts_count = ((tmp & 0x0F00) >> 8);
1285 stat.supp_reason = ((tmp & 0x001C) >> 2);
1286 stat.pm_indicated = !!(tmp & 0x0080);
1287 stat.intermediate = !!(tmp & 0x0040);
1288 stat.for_ampdu = !!(tmp & 0x0020);
1289 stat.acked = !!(tmp & 0x0002);
1291 b43_handle_txstatus(dev, &stat);
1295 static void drain_txstatus_queue(struct b43_wldev *dev)
1297 u32 dummy;
1299 if (dev->dev->core_rev < 5)
1300 return;
1301 /* Read all entries from the microcode TXstatus FIFO
1302 * and throw them away.
1304 while (1) {
1305 dummy = b43_read32(dev, B43_MMIO_XMITSTAT_0);
1306 if (!(dummy & 0x00000001))
1307 break;
1308 dummy = b43_read32(dev, B43_MMIO_XMITSTAT_1);
1312 static u32 b43_jssi_read(struct b43_wldev *dev)
1314 u32 val = 0;
1316 val = b43_shm_read16(dev, B43_SHM_SHARED, 0x08A);
1317 val <<= 16;
1318 val |= b43_shm_read16(dev, B43_SHM_SHARED, 0x088);
1320 return val;
1323 static void b43_jssi_write(struct b43_wldev *dev, u32 jssi)
1325 b43_shm_write16(dev, B43_SHM_SHARED, 0x088, (jssi & 0x0000FFFF));
1326 b43_shm_write16(dev, B43_SHM_SHARED, 0x08A, (jssi & 0xFFFF0000) >> 16);
1329 static void b43_generate_noise_sample(struct b43_wldev *dev)
1331 b43_jssi_write(dev, 0x7F7F7F7F);
1332 b43_write32(dev, B43_MMIO_MACCMD,
1333 b43_read32(dev, B43_MMIO_MACCMD) | B43_MACCMD_BGNOISE);
1336 static void b43_calculate_link_quality(struct b43_wldev *dev)
1338 /* Top half of Link Quality calculation. */
1340 if (dev->phy.type != B43_PHYTYPE_G)
1341 return;
1342 if (dev->noisecalc.calculation_running)
1343 return;
1344 dev->noisecalc.calculation_running = true;
1345 dev->noisecalc.nr_samples = 0;
1347 b43_generate_noise_sample(dev);
1350 static void handle_irq_noise(struct b43_wldev *dev)
1352 struct b43_phy_g *phy = dev->phy.g;
1353 u16 tmp;
1354 u8 noise[4];
1355 u8 i, j;
1356 s32 average;
1358 /* Bottom half of Link Quality calculation. */
1360 if (dev->phy.type != B43_PHYTYPE_G)
1361 return;
1363 /* Possible race condition: It might be possible that the user
1364 * changed to a different channel in the meantime since we
1365 * started the calculation. We ignore that fact, since it's
1366 * not really that much of a problem. The background noise is
1367 * an estimation only anyway. Slightly wrong results will get damped
1368 * by the averaging of the 8 sample rounds. Additionally the
1369 * value is shortlived. So it will be replaced by the next noise
1370 * calculation round soon. */
1372 B43_WARN_ON(!dev->noisecalc.calculation_running);
1373 *((__le32 *)noise) = cpu_to_le32(b43_jssi_read(dev));
1374 if (noise[0] == 0x7F || noise[1] == 0x7F ||
1375 noise[2] == 0x7F || noise[3] == 0x7F)
1376 goto generate_new;
1378 /* Get the noise samples. */
1379 B43_WARN_ON(dev->noisecalc.nr_samples >= 8);
1380 i = dev->noisecalc.nr_samples;
1381 noise[0] = clamp_val(noise[0], 0, ARRAY_SIZE(phy->nrssi_lt) - 1);
1382 noise[1] = clamp_val(noise[1], 0, ARRAY_SIZE(phy->nrssi_lt) - 1);
1383 noise[2] = clamp_val(noise[2], 0, ARRAY_SIZE(phy->nrssi_lt) - 1);
1384 noise[3] = clamp_val(noise[3], 0, ARRAY_SIZE(phy->nrssi_lt) - 1);
1385 dev->noisecalc.samples[i][0] = phy->nrssi_lt[noise[0]];
1386 dev->noisecalc.samples[i][1] = phy->nrssi_lt[noise[1]];
1387 dev->noisecalc.samples[i][2] = phy->nrssi_lt[noise[2]];
1388 dev->noisecalc.samples[i][3] = phy->nrssi_lt[noise[3]];
1389 dev->noisecalc.nr_samples++;
1390 if (dev->noisecalc.nr_samples == 8) {
1391 /* Calculate the Link Quality by the noise samples. */
1392 average = 0;
1393 for (i = 0; i < 8; i++) {
1394 for (j = 0; j < 4; j++)
1395 average += dev->noisecalc.samples[i][j];
1397 average /= (8 * 4);
1398 average *= 125;
1399 average += 64;
1400 average /= 128;
1401 tmp = b43_shm_read16(dev, B43_SHM_SHARED, 0x40C);
1402 tmp = (tmp / 128) & 0x1F;
1403 if (tmp >= 8)
1404 average += 2;
1405 else
1406 average -= 25;
1407 if (tmp == 8)
1408 average -= 72;
1409 else
1410 average -= 48;
1412 dev->stats.link_noise = average;
1413 dev->noisecalc.calculation_running = false;
1414 return;
1416 generate_new:
1417 b43_generate_noise_sample(dev);
1420 static void handle_irq_tbtt_indication(struct b43_wldev *dev)
1422 if (b43_is_mode(dev->wl, NL80211_IFTYPE_AP)) {
1423 ///TODO: PS TBTT
1424 } else {
1425 if (1 /*FIXME: the last PSpoll frame was sent successfully */ )
1426 b43_power_saving_ctl_bits(dev, 0);
1428 if (b43_is_mode(dev->wl, NL80211_IFTYPE_ADHOC))
1429 dev->dfq_valid = true;
1432 static void handle_irq_atim_end(struct b43_wldev *dev)
1434 if (dev->dfq_valid) {
1435 b43_write32(dev, B43_MMIO_MACCMD,
1436 b43_read32(dev, B43_MMIO_MACCMD)
1437 | B43_MACCMD_DFQ_VALID);
1438 dev->dfq_valid = false;
1442 static void handle_irq_pmq(struct b43_wldev *dev)
1444 u32 tmp;
1446 //TODO: AP mode.
1448 while (1) {
1449 tmp = b43_read32(dev, B43_MMIO_PS_STATUS);
1450 if (!(tmp & 0x00000008))
1451 break;
1453 /* 16bit write is odd, but correct. */
1454 b43_write16(dev, B43_MMIO_PS_STATUS, 0x0002);
1457 static void b43_write_template_common(struct b43_wldev *dev,
1458 const u8 *data, u16 size,
1459 u16 ram_offset,
1460 u16 shm_size_offset, u8 rate)
1462 u32 i, tmp;
1463 struct b43_plcp_hdr4 plcp;
1465 plcp.data = 0;
1466 b43_generate_plcp_hdr(&plcp, size + FCS_LEN, rate);
1467 b43_ram_write(dev, ram_offset, le32_to_cpu(plcp.data));
1468 ram_offset += sizeof(u32);
1469 /* The PLCP is 6 bytes long, but we only wrote 4 bytes, yet.
1470 * So leave the first two bytes of the next write blank.
1472 tmp = (u32) (data[0]) << 16;
1473 tmp |= (u32) (data[1]) << 24;
1474 b43_ram_write(dev, ram_offset, tmp);
1475 ram_offset += sizeof(u32);
1476 for (i = 2; i < size; i += sizeof(u32)) {
1477 tmp = (u32) (data[i + 0]);
1478 if (i + 1 < size)
1479 tmp |= (u32) (data[i + 1]) << 8;
1480 if (i + 2 < size)
1481 tmp |= (u32) (data[i + 2]) << 16;
1482 if (i + 3 < size)
1483 tmp |= (u32) (data[i + 3]) << 24;
1484 b43_ram_write(dev, ram_offset + i - 2, tmp);
1486 b43_shm_write16(dev, B43_SHM_SHARED, shm_size_offset,
1487 size + sizeof(struct b43_plcp_hdr6));
1490 /* Check if the use of the antenna that ieee80211 told us to
1491 * use is possible. This will fall back to DEFAULT.
1492 * "antenna_nr" is the antenna identifier we got from ieee80211. */
1493 u8 b43_ieee80211_antenna_sanitize(struct b43_wldev *dev,
1494 u8 antenna_nr)
1496 u8 antenna_mask;
1498 if (antenna_nr == 0) {
1499 /* Zero means "use default antenna". That's always OK. */
1500 return 0;
1503 /* Get the mask of available antennas. */
1504 if (dev->phy.gmode)
1505 antenna_mask = dev->dev->bus_sprom->ant_available_bg;
1506 else
1507 antenna_mask = dev->dev->bus_sprom->ant_available_a;
1509 if (!(antenna_mask & (1 << (antenna_nr - 1)))) {
1510 /* This antenna is not available. Fall back to default. */
1511 return 0;
1514 return antenna_nr;
1517 /* Convert a b43 antenna number value to the PHY TX control value. */
1518 static u16 b43_antenna_to_phyctl(int antenna)
1520 switch (antenna) {
1521 case B43_ANTENNA0:
1522 return B43_TXH_PHY_ANT0;
1523 case B43_ANTENNA1:
1524 return B43_TXH_PHY_ANT1;
1525 case B43_ANTENNA2:
1526 return B43_TXH_PHY_ANT2;
1527 case B43_ANTENNA3:
1528 return B43_TXH_PHY_ANT3;
1529 case B43_ANTENNA_AUTO0:
1530 case B43_ANTENNA_AUTO1:
1531 return B43_TXH_PHY_ANT01AUTO;
1533 B43_WARN_ON(1);
1534 return 0;
1537 static void b43_write_beacon_template(struct b43_wldev *dev,
1538 u16 ram_offset,
1539 u16 shm_size_offset)
1541 unsigned int i, len, variable_len;
1542 const struct ieee80211_mgmt *bcn;
1543 const u8 *ie;
1544 bool tim_found = false;
1545 unsigned int rate;
1546 u16 ctl;
1547 int antenna;
1548 struct ieee80211_tx_info *info = IEEE80211_SKB_CB(dev->wl->current_beacon);
1550 bcn = (const struct ieee80211_mgmt *)(dev->wl->current_beacon->data);
1551 len = min((size_t) dev->wl->current_beacon->len,
1552 0x200 - sizeof(struct b43_plcp_hdr6));
1553 rate = ieee80211_get_tx_rate(dev->wl->hw, info)->hw_value;
1555 b43_write_template_common(dev, (const u8 *)bcn,
1556 len, ram_offset, shm_size_offset, rate);
1558 /* Write the PHY TX control parameters. */
1559 antenna = B43_ANTENNA_DEFAULT;
1560 antenna = b43_antenna_to_phyctl(antenna);
1561 ctl = b43_shm_read16(dev, B43_SHM_SHARED, B43_SHM_SH_BEACPHYCTL);
1562 /* We can't send beacons with short preamble. Would get PHY errors. */
1563 ctl &= ~B43_TXH_PHY_SHORTPRMBL;
1564 ctl &= ~B43_TXH_PHY_ANT;
1565 ctl &= ~B43_TXH_PHY_ENC;
1566 ctl |= antenna;
1567 if (b43_is_cck_rate(rate))
1568 ctl |= B43_TXH_PHY_ENC_CCK;
1569 else
1570 ctl |= B43_TXH_PHY_ENC_OFDM;
1571 b43_shm_write16(dev, B43_SHM_SHARED, B43_SHM_SH_BEACPHYCTL, ctl);
1573 /* Find the position of the TIM and the DTIM_period value
1574 * and write them to SHM. */
1575 ie = bcn->u.beacon.variable;
1576 variable_len = len - offsetof(struct ieee80211_mgmt, u.beacon.variable);
1577 for (i = 0; i < variable_len - 2; ) {
1578 uint8_t ie_id, ie_len;
1580 ie_id = ie[i];
1581 ie_len = ie[i + 1];
1582 if (ie_id == 5) {
1583 u16 tim_position;
1584 u16 dtim_period;
1585 /* This is the TIM Information Element */
1587 /* Check whether the ie_len is in the beacon data range. */
1588 if (variable_len < ie_len + 2 + i)
1589 break;
1590 /* A valid TIM is at least 4 bytes long. */
1591 if (ie_len < 4)
1592 break;
1593 tim_found = true;
1595 tim_position = sizeof(struct b43_plcp_hdr6);
1596 tim_position += offsetof(struct ieee80211_mgmt, u.beacon.variable);
1597 tim_position += i;
1599 dtim_period = ie[i + 3];
1601 b43_shm_write16(dev, B43_SHM_SHARED,
1602 B43_SHM_SH_TIMBPOS, tim_position);
1603 b43_shm_write16(dev, B43_SHM_SHARED,
1604 B43_SHM_SH_DTIMPER, dtim_period);
1605 break;
1607 i += ie_len + 2;
1609 if (!tim_found) {
1611 * If ucode wants to modify TIM do it behind the beacon, this
1612 * will happen, for example, when doing mesh networking.
1614 b43_shm_write16(dev, B43_SHM_SHARED,
1615 B43_SHM_SH_TIMBPOS,
1616 len + sizeof(struct b43_plcp_hdr6));
1617 b43_shm_write16(dev, B43_SHM_SHARED,
1618 B43_SHM_SH_DTIMPER, 0);
1620 b43dbg(dev->wl, "Updated beacon template at 0x%x\n", ram_offset);
1623 static void b43_upload_beacon0(struct b43_wldev *dev)
1625 struct b43_wl *wl = dev->wl;
1627 if (wl->beacon0_uploaded)
1628 return;
1629 b43_write_beacon_template(dev, 0x68, 0x18);
1630 wl->beacon0_uploaded = true;
1633 static void b43_upload_beacon1(struct b43_wldev *dev)
1635 struct b43_wl *wl = dev->wl;
1637 if (wl->beacon1_uploaded)
1638 return;
1639 b43_write_beacon_template(dev, 0x468, 0x1A);
1640 wl->beacon1_uploaded = true;
1643 static void handle_irq_beacon(struct b43_wldev *dev)
1645 struct b43_wl *wl = dev->wl;
1646 u32 cmd, beacon0_valid, beacon1_valid;
1648 if (!b43_is_mode(wl, NL80211_IFTYPE_AP) &&
1649 !b43_is_mode(wl, NL80211_IFTYPE_MESH_POINT) &&
1650 !b43_is_mode(wl, NL80211_IFTYPE_ADHOC))
1651 return;
1653 /* This is the bottom half of the asynchronous beacon update. */
1655 /* Ignore interrupt in the future. */
1656 dev->irq_mask &= ~B43_IRQ_BEACON;
1658 cmd = b43_read32(dev, B43_MMIO_MACCMD);
1659 beacon0_valid = (cmd & B43_MACCMD_BEACON0_VALID);
1660 beacon1_valid = (cmd & B43_MACCMD_BEACON1_VALID);
1662 /* Schedule interrupt manually, if busy. */
1663 if (beacon0_valid && beacon1_valid) {
1664 b43_write32(dev, B43_MMIO_GEN_IRQ_REASON, B43_IRQ_BEACON);
1665 dev->irq_mask |= B43_IRQ_BEACON;
1666 return;
1669 if (unlikely(wl->beacon_templates_virgin)) {
1670 /* We never uploaded a beacon before.
1671 * Upload both templates now, but only mark one valid. */
1672 wl->beacon_templates_virgin = false;
1673 b43_upload_beacon0(dev);
1674 b43_upload_beacon1(dev);
1675 cmd = b43_read32(dev, B43_MMIO_MACCMD);
1676 cmd |= B43_MACCMD_BEACON0_VALID;
1677 b43_write32(dev, B43_MMIO_MACCMD, cmd);
1678 } else {
1679 if (!beacon0_valid) {
1680 b43_upload_beacon0(dev);
1681 cmd = b43_read32(dev, B43_MMIO_MACCMD);
1682 cmd |= B43_MACCMD_BEACON0_VALID;
1683 b43_write32(dev, B43_MMIO_MACCMD, cmd);
1684 } else if (!beacon1_valid) {
1685 b43_upload_beacon1(dev);
1686 cmd = b43_read32(dev, B43_MMIO_MACCMD);
1687 cmd |= B43_MACCMD_BEACON1_VALID;
1688 b43_write32(dev, B43_MMIO_MACCMD, cmd);
1693 static void b43_do_beacon_update_trigger_work(struct b43_wldev *dev)
1695 u32 old_irq_mask = dev->irq_mask;
1697 /* update beacon right away or defer to irq */
1698 handle_irq_beacon(dev);
1699 if (old_irq_mask != dev->irq_mask) {
1700 /* The handler updated the IRQ mask. */
1701 B43_WARN_ON(!dev->irq_mask);
1702 if (b43_read32(dev, B43_MMIO_GEN_IRQ_MASK)) {
1703 b43_write32(dev, B43_MMIO_GEN_IRQ_MASK, dev->irq_mask);
1704 } else {
1705 /* Device interrupts are currently disabled. That means
1706 * we just ran the hardirq handler and scheduled the
1707 * IRQ thread. The thread will write the IRQ mask when
1708 * it finished, so there's nothing to do here. Writing
1709 * the mask _here_ would incorrectly re-enable IRQs. */
1714 static void b43_beacon_update_trigger_work(struct work_struct *work)
1716 struct b43_wl *wl = container_of(work, struct b43_wl,
1717 beacon_update_trigger);
1718 struct b43_wldev *dev;
1720 mutex_lock(&wl->mutex);
1721 dev = wl->current_dev;
1722 if (likely(dev && (b43_status(dev) >= B43_STAT_INITIALIZED))) {
1723 if (b43_bus_host_is_sdio(dev->dev)) {
1724 /* wl->mutex is enough. */
1725 b43_do_beacon_update_trigger_work(dev);
1726 mmiowb();
1727 } else {
1728 spin_lock_irq(&wl->hardirq_lock);
1729 b43_do_beacon_update_trigger_work(dev);
1730 mmiowb();
1731 spin_unlock_irq(&wl->hardirq_lock);
1734 mutex_unlock(&wl->mutex);
1737 /* Asynchronously update the packet templates in template RAM.
1738 * Locking: Requires wl->mutex to be locked. */
1739 static void b43_update_templates(struct b43_wl *wl)
1741 struct sk_buff *beacon;
1743 /* This is the top half of the ansynchronous beacon update.
1744 * The bottom half is the beacon IRQ.
1745 * Beacon update must be asynchronous to avoid sending an
1746 * invalid beacon. This can happen for example, if the firmware
1747 * transmits a beacon while we are updating it. */
1749 /* We could modify the existing beacon and set the aid bit in
1750 * the TIM field, but that would probably require resizing and
1751 * moving of data within the beacon template.
1752 * Simply request a new beacon and let mac80211 do the hard work. */
1753 beacon = ieee80211_beacon_get(wl->hw, wl->vif);
1754 if (unlikely(!beacon))
1755 return;
1757 if (wl->current_beacon)
1758 dev_kfree_skb_any(wl->current_beacon);
1759 wl->current_beacon = beacon;
1760 wl->beacon0_uploaded = false;
1761 wl->beacon1_uploaded = false;
1762 ieee80211_queue_work(wl->hw, &wl->beacon_update_trigger);
1765 static void b43_set_beacon_int(struct b43_wldev *dev, u16 beacon_int)
1767 b43_time_lock(dev);
1768 if (dev->dev->core_rev >= 3) {
1769 b43_write32(dev, B43_MMIO_TSF_CFP_REP, (beacon_int << 16));
1770 b43_write32(dev, B43_MMIO_TSF_CFP_START, (beacon_int << 10));
1771 } else {
1772 b43_write16(dev, 0x606, (beacon_int >> 6));
1773 b43_write16(dev, 0x610, beacon_int);
1775 b43_time_unlock(dev);
1776 b43dbg(dev->wl, "Set beacon interval to %u\n", beacon_int);
1779 static void b43_handle_firmware_panic(struct b43_wldev *dev)
1781 u16 reason;
1783 /* Read the register that contains the reason code for the panic. */
1784 reason = b43_shm_read16(dev, B43_SHM_SCRATCH, B43_FWPANIC_REASON_REG);
1785 b43err(dev->wl, "Whoopsy, firmware panic! Reason: %u\n", reason);
1787 switch (reason) {
1788 default:
1789 b43dbg(dev->wl, "The panic reason is unknown.\n");
1790 /* fallthrough */
1791 case B43_FWPANIC_DIE:
1792 /* Do not restart the controller or firmware.
1793 * The device is nonfunctional from now on.
1794 * Restarting would result in this panic to trigger again,
1795 * so we avoid that recursion. */
1796 break;
1797 case B43_FWPANIC_RESTART:
1798 b43_controller_restart(dev, "Microcode panic");
1799 break;
1803 static void handle_irq_ucode_debug(struct b43_wldev *dev)
1805 unsigned int i, cnt;
1806 u16 reason, marker_id, marker_line;
1807 __le16 *buf;
1809 /* The proprietary firmware doesn't have this IRQ. */
1810 if (!dev->fw.opensource)
1811 return;
1813 /* Read the register that contains the reason code for this IRQ. */
1814 reason = b43_shm_read16(dev, B43_SHM_SCRATCH, B43_DEBUGIRQ_REASON_REG);
1816 switch (reason) {
1817 case B43_DEBUGIRQ_PANIC:
1818 b43_handle_firmware_panic(dev);
1819 break;
1820 case B43_DEBUGIRQ_DUMP_SHM:
1821 if (!B43_DEBUG)
1822 break; /* Only with driver debugging enabled. */
1823 buf = kmalloc(4096, GFP_ATOMIC);
1824 if (!buf) {
1825 b43dbg(dev->wl, "SHM-dump: Failed to allocate memory\n");
1826 goto out;
1828 for (i = 0; i < 4096; i += 2) {
1829 u16 tmp = b43_shm_read16(dev, B43_SHM_SHARED, i);
1830 buf[i / 2] = cpu_to_le16(tmp);
1832 b43info(dev->wl, "Shared memory dump:\n");
1833 print_hex_dump(KERN_INFO, "", DUMP_PREFIX_OFFSET,
1834 16, 2, buf, 4096, 1);
1835 kfree(buf);
1836 break;
1837 case B43_DEBUGIRQ_DUMP_REGS:
1838 if (!B43_DEBUG)
1839 break; /* Only with driver debugging enabled. */
1840 b43info(dev->wl, "Microcode register dump:\n");
1841 for (i = 0, cnt = 0; i < 64; i++) {
1842 u16 tmp = b43_shm_read16(dev, B43_SHM_SCRATCH, i);
1843 if (cnt == 0)
1844 printk(KERN_INFO);
1845 printk("r%02u: 0x%04X ", i, tmp);
1846 cnt++;
1847 if (cnt == 6) {
1848 printk("\n");
1849 cnt = 0;
1852 printk("\n");
1853 break;
1854 case B43_DEBUGIRQ_MARKER:
1855 if (!B43_DEBUG)
1856 break; /* Only with driver debugging enabled. */
1857 marker_id = b43_shm_read16(dev, B43_SHM_SCRATCH,
1858 B43_MARKER_ID_REG);
1859 marker_line = b43_shm_read16(dev, B43_SHM_SCRATCH,
1860 B43_MARKER_LINE_REG);
1861 b43info(dev->wl, "The firmware just executed the MARKER(%u) "
1862 "at line number %u\n",
1863 marker_id, marker_line);
1864 break;
1865 default:
1866 b43dbg(dev->wl, "Debug-IRQ triggered for unknown reason: %u\n",
1867 reason);
1869 out:
1870 /* Acknowledge the debug-IRQ, so the firmware can continue. */
1871 b43_shm_write16(dev, B43_SHM_SCRATCH,
1872 B43_DEBUGIRQ_REASON_REG, B43_DEBUGIRQ_ACK);
1875 static void b43_do_interrupt_thread(struct b43_wldev *dev)
1877 u32 reason;
1878 u32 dma_reason[ARRAY_SIZE(dev->dma_reason)];
1879 u32 merged_dma_reason = 0;
1880 int i;
1882 if (unlikely(b43_status(dev) != B43_STAT_STARTED))
1883 return;
1885 reason = dev->irq_reason;
1886 for (i = 0; i < ARRAY_SIZE(dma_reason); i++) {
1887 dma_reason[i] = dev->dma_reason[i];
1888 merged_dma_reason |= dma_reason[i];
1891 if (unlikely(reason & B43_IRQ_MAC_TXERR))
1892 b43err(dev->wl, "MAC transmission error\n");
1894 if (unlikely(reason & B43_IRQ_PHY_TXERR)) {
1895 b43err(dev->wl, "PHY transmission error\n");
1896 rmb();
1897 if (unlikely(atomic_dec_and_test(&dev->phy.txerr_cnt))) {
1898 atomic_set(&dev->phy.txerr_cnt,
1899 B43_PHY_TX_BADNESS_LIMIT);
1900 b43err(dev->wl, "Too many PHY TX errors, "
1901 "restarting the controller\n");
1902 b43_controller_restart(dev, "PHY TX errors");
1906 if (unlikely(merged_dma_reason & (B43_DMAIRQ_FATALMASK |
1907 B43_DMAIRQ_NONFATALMASK))) {
1908 if (merged_dma_reason & B43_DMAIRQ_FATALMASK) {
1909 b43err(dev->wl, "Fatal DMA error: "
1910 "0x%08X, 0x%08X, 0x%08X, "
1911 "0x%08X, 0x%08X, 0x%08X\n",
1912 dma_reason[0], dma_reason[1],
1913 dma_reason[2], dma_reason[3],
1914 dma_reason[4], dma_reason[5]);
1915 b43err(dev->wl, "This device does not support DMA "
1916 "on your system. It will now be switched to PIO.\n");
1917 /* Fall back to PIO transfers if we get fatal DMA errors! */
1918 dev->use_pio = true;
1919 b43_controller_restart(dev, "DMA error");
1920 return;
1922 if (merged_dma_reason & B43_DMAIRQ_NONFATALMASK) {
1923 b43err(dev->wl, "DMA error: "
1924 "0x%08X, 0x%08X, 0x%08X, "
1925 "0x%08X, 0x%08X, 0x%08X\n",
1926 dma_reason[0], dma_reason[1],
1927 dma_reason[2], dma_reason[3],
1928 dma_reason[4], dma_reason[5]);
1932 if (unlikely(reason & B43_IRQ_UCODE_DEBUG))
1933 handle_irq_ucode_debug(dev);
1934 if (reason & B43_IRQ_TBTT_INDI)
1935 handle_irq_tbtt_indication(dev);
1936 if (reason & B43_IRQ_ATIM_END)
1937 handle_irq_atim_end(dev);
1938 if (reason & B43_IRQ_BEACON)
1939 handle_irq_beacon(dev);
1940 if (reason & B43_IRQ_PMQ)
1941 handle_irq_pmq(dev);
1942 if (reason & B43_IRQ_TXFIFO_FLUSH_OK)
1943 ;/* TODO */
1944 if (reason & B43_IRQ_NOISESAMPLE_OK)
1945 handle_irq_noise(dev);
1947 /* Check the DMA reason registers for received data. */
1948 if (dma_reason[0] & B43_DMAIRQ_RX_DONE) {
1949 if (b43_using_pio_transfers(dev))
1950 b43_pio_rx(dev->pio.rx_queue);
1951 else
1952 b43_dma_rx(dev->dma.rx_ring);
1954 B43_WARN_ON(dma_reason[1] & B43_DMAIRQ_RX_DONE);
1955 B43_WARN_ON(dma_reason[2] & B43_DMAIRQ_RX_DONE);
1956 B43_WARN_ON(dma_reason[3] & B43_DMAIRQ_RX_DONE);
1957 B43_WARN_ON(dma_reason[4] & B43_DMAIRQ_RX_DONE);
1958 B43_WARN_ON(dma_reason[5] & B43_DMAIRQ_RX_DONE);
1960 if (reason & B43_IRQ_TX_OK)
1961 handle_irq_transmit_status(dev);
1963 /* Re-enable interrupts on the device by restoring the current interrupt mask. */
1964 b43_write32(dev, B43_MMIO_GEN_IRQ_MASK, dev->irq_mask);
1966 #if B43_DEBUG
1967 if (b43_debug(dev, B43_DBG_VERBOSESTATS)) {
1968 dev->irq_count++;
1969 for (i = 0; i < ARRAY_SIZE(dev->irq_bit_count); i++) {
1970 if (reason & (1 << i))
1971 dev->irq_bit_count[i]++;
1974 #endif
1977 /* Interrupt thread handler. Handles device interrupts in thread context. */
1978 static irqreturn_t b43_interrupt_thread_handler(int irq, void *dev_id)
1980 struct b43_wldev *dev = dev_id;
1982 mutex_lock(&dev->wl->mutex);
1983 b43_do_interrupt_thread(dev);
1984 mmiowb();
1985 mutex_unlock(&dev->wl->mutex);
1987 return IRQ_HANDLED;
1990 static irqreturn_t b43_do_interrupt(struct b43_wldev *dev)
1992 u32 reason;
1994 /* This code runs under wl->hardirq_lock, but _only_ on non-SDIO busses.
1995 * On SDIO, this runs under wl->mutex. */
1997 reason = b43_read32(dev, B43_MMIO_GEN_IRQ_REASON);
1998 if (reason == 0xffffffff) /* shared IRQ */
1999 return IRQ_NONE;
2000 reason &= dev->irq_mask;
2001 if (!reason)
2002 return IRQ_NONE;
2004 dev->dma_reason[0] = b43_read32(dev, B43_MMIO_DMA0_REASON)
2005 & 0x0001DC00;
2006 dev->dma_reason[1] = b43_read32(dev, B43_MMIO_DMA1_REASON)
2007 & 0x0000DC00;
2008 dev->dma_reason[2] = b43_read32(dev, B43_MMIO_DMA2_REASON)
2009 & 0x0000DC00;
2010 dev->dma_reason[3] = b43_read32(dev, B43_MMIO_DMA3_REASON)
2011 & 0x0001DC00;
2012 dev->dma_reason[4] = b43_read32(dev, B43_MMIO_DMA4_REASON)
2013 & 0x0000DC00;
2014 /* Unused ring
2015 dev->dma_reason[5] = b43_read32(dev, B43_MMIO_DMA5_REASON)
2016 & 0x0000DC00;
2019 /* ACK the interrupt. */
2020 b43_write32(dev, B43_MMIO_GEN_IRQ_REASON, reason);
2021 b43_write32(dev, B43_MMIO_DMA0_REASON, dev->dma_reason[0]);
2022 b43_write32(dev, B43_MMIO_DMA1_REASON, dev->dma_reason[1]);
2023 b43_write32(dev, B43_MMIO_DMA2_REASON, dev->dma_reason[2]);
2024 b43_write32(dev, B43_MMIO_DMA3_REASON, dev->dma_reason[3]);
2025 b43_write32(dev, B43_MMIO_DMA4_REASON, dev->dma_reason[4]);
2026 /* Unused ring
2027 b43_write32(dev, B43_MMIO_DMA5_REASON, dev->dma_reason[5]);
2030 /* Disable IRQs on the device. The IRQ thread handler will re-enable them. */
2031 b43_write32(dev, B43_MMIO_GEN_IRQ_MASK, 0);
2032 /* Save the reason bitmasks for the IRQ thread handler. */
2033 dev->irq_reason = reason;
2035 return IRQ_WAKE_THREAD;
2038 /* Interrupt handler top-half. This runs with interrupts disabled. */
2039 static irqreturn_t b43_interrupt_handler(int irq, void *dev_id)
2041 struct b43_wldev *dev = dev_id;
2042 irqreturn_t ret;
2044 if (unlikely(b43_status(dev) < B43_STAT_STARTED))
2045 return IRQ_NONE;
2047 spin_lock(&dev->wl->hardirq_lock);
2048 ret = b43_do_interrupt(dev);
2049 mmiowb();
2050 spin_unlock(&dev->wl->hardirq_lock);
2052 return ret;
2055 /* SDIO interrupt handler. This runs in process context. */
2056 static void b43_sdio_interrupt_handler(struct b43_wldev *dev)
2058 struct b43_wl *wl = dev->wl;
2059 irqreturn_t ret;
2061 mutex_lock(&wl->mutex);
2063 ret = b43_do_interrupt(dev);
2064 if (ret == IRQ_WAKE_THREAD)
2065 b43_do_interrupt_thread(dev);
2067 mutex_unlock(&wl->mutex);
2070 void b43_do_release_fw(struct b43_firmware_file *fw)
2072 release_firmware(fw->data);
2073 fw->data = NULL;
2074 fw->filename = NULL;
2077 static void b43_release_firmware(struct b43_wldev *dev)
2079 b43_do_release_fw(&dev->fw.ucode);
2080 b43_do_release_fw(&dev->fw.pcm);
2081 b43_do_release_fw(&dev->fw.initvals);
2082 b43_do_release_fw(&dev->fw.initvals_band);
2085 static void b43_print_fw_helptext(struct b43_wl *wl, bool error)
2087 const char text[] =
2088 "You must go to " \
2089 "http://wireless.kernel.org/en/users/Drivers/b43#devicefirmware " \
2090 "and download the correct firmware for this driver version. " \
2091 "Please carefully read all instructions on this website.\n";
2093 if (error)
2094 b43err(wl, text);
2095 else
2096 b43warn(wl, text);
2099 int b43_do_request_fw(struct b43_request_fw_context *ctx,
2100 const char *name,
2101 struct b43_firmware_file *fw)
2103 const struct firmware *blob;
2104 struct b43_fw_header *hdr;
2105 u32 size;
2106 int err;
2108 if (!name) {
2109 /* Don't fetch anything. Free possibly cached firmware. */
2110 /* FIXME: We should probably keep it anyway, to save some headache
2111 * on suspend/resume with multiband devices. */
2112 b43_do_release_fw(fw);
2113 return 0;
2115 if (fw->filename) {
2116 if ((fw->type == ctx->req_type) &&
2117 (strcmp(fw->filename, name) == 0))
2118 return 0; /* Already have this fw. */
2119 /* Free the cached firmware first. */
2120 /* FIXME: We should probably do this later after we successfully
2121 * got the new fw. This could reduce headache with multiband devices.
2122 * We could also redesign this to cache the firmware for all possible
2123 * bands all the time. */
2124 b43_do_release_fw(fw);
2127 switch (ctx->req_type) {
2128 case B43_FWTYPE_PROPRIETARY:
2129 snprintf(ctx->fwname, sizeof(ctx->fwname),
2130 "b43%s/%s.fw",
2131 modparam_fwpostfix, name);
2132 break;
2133 case B43_FWTYPE_OPENSOURCE:
2134 snprintf(ctx->fwname, sizeof(ctx->fwname),
2135 "b43-open%s/%s.fw",
2136 modparam_fwpostfix, name);
2137 break;
2138 default:
2139 B43_WARN_ON(1);
2140 return -ENOSYS;
2142 err = request_firmware(&blob, ctx->fwname, ctx->dev->dev->dev);
2143 if (err == -ENOENT) {
2144 snprintf(ctx->errors[ctx->req_type],
2145 sizeof(ctx->errors[ctx->req_type]),
2146 "Firmware file \"%s\" not found\n", ctx->fwname);
2147 return err;
2148 } else if (err) {
2149 snprintf(ctx->errors[ctx->req_type],
2150 sizeof(ctx->errors[ctx->req_type]),
2151 "Firmware file \"%s\" request failed (err=%d)\n",
2152 ctx->fwname, err);
2153 return err;
2155 if (blob->size < sizeof(struct b43_fw_header))
2156 goto err_format;
2157 hdr = (struct b43_fw_header *)(blob->data);
2158 switch (hdr->type) {
2159 case B43_FW_TYPE_UCODE:
2160 case B43_FW_TYPE_PCM:
2161 size = be32_to_cpu(hdr->size);
2162 if (size != blob->size - sizeof(struct b43_fw_header))
2163 goto err_format;
2164 /* fallthrough */
2165 case B43_FW_TYPE_IV:
2166 if (hdr->ver != 1)
2167 goto err_format;
2168 break;
2169 default:
2170 goto err_format;
2173 fw->data = blob;
2174 fw->filename = name;
2175 fw->type = ctx->req_type;
2177 return 0;
2179 err_format:
2180 snprintf(ctx->errors[ctx->req_type],
2181 sizeof(ctx->errors[ctx->req_type]),
2182 "Firmware file \"%s\" format error.\n", ctx->fwname);
2183 release_firmware(blob);
2185 return -EPROTO;
2188 static int b43_try_request_fw(struct b43_request_fw_context *ctx)
2190 struct b43_wldev *dev = ctx->dev;
2191 struct b43_firmware *fw = &ctx->dev->fw;
2192 const u8 rev = ctx->dev->dev->core_rev;
2193 const char *filename;
2194 u32 tmshigh;
2195 int err;
2197 /* Files for HT and LCN were found by trying one by one */
2199 /* Get microcode */
2200 if ((rev >= 5) && (rev <= 10)) {
2201 filename = "ucode5";
2202 } else if ((rev >= 11) && (rev <= 12)) {
2203 filename = "ucode11";
2204 } else if (rev == 13) {
2205 filename = "ucode13";
2206 } else if (rev == 14) {
2207 filename = "ucode14";
2208 } else if (rev == 15) {
2209 filename = "ucode15";
2210 } else {
2211 switch (dev->phy.type) {
2212 case B43_PHYTYPE_N:
2213 if (rev >= 16)
2214 filename = "ucode16_mimo";
2215 else
2216 goto err_no_ucode;
2217 break;
2218 case B43_PHYTYPE_HT:
2219 if (rev == 29)
2220 filename = "ucode29_mimo";
2221 else
2222 goto err_no_ucode;
2223 break;
2224 case B43_PHYTYPE_LCN:
2225 if (rev == 24)
2226 filename = "ucode24_mimo";
2227 else
2228 goto err_no_ucode;
2229 break;
2230 default:
2231 goto err_no_ucode;
2234 err = b43_do_request_fw(ctx, filename, &fw->ucode);
2235 if (err)
2236 goto err_load;
2238 /* Get PCM code */
2239 if ((rev >= 5) && (rev <= 10))
2240 filename = "pcm5";
2241 else if (rev >= 11)
2242 filename = NULL;
2243 else
2244 goto err_no_pcm;
2245 fw->pcm_request_failed = false;
2246 err = b43_do_request_fw(ctx, filename, &fw->pcm);
2247 if (err == -ENOENT) {
2248 /* We did not find a PCM file? Not fatal, but
2249 * core rev <= 10 must do without hwcrypto then. */
2250 fw->pcm_request_failed = true;
2251 } else if (err)
2252 goto err_load;
2254 /* Get initvals */
2255 switch (dev->phy.type) {
2256 case B43_PHYTYPE_A:
2257 if ((rev >= 5) && (rev <= 10)) {
2258 tmshigh = ssb_read32(dev->dev->sdev, SSB_TMSHIGH);
2259 if (tmshigh & B43_TMSHIGH_HAVE_2GHZ_PHY)
2260 filename = "a0g1initvals5";
2261 else
2262 filename = "a0g0initvals5";
2263 } else
2264 goto err_no_initvals;
2265 break;
2266 case B43_PHYTYPE_G:
2267 if ((rev >= 5) && (rev <= 10))
2268 filename = "b0g0initvals5";
2269 else if (rev >= 13)
2270 filename = "b0g0initvals13";
2271 else
2272 goto err_no_initvals;
2273 break;
2274 case B43_PHYTYPE_N:
2275 if (rev >= 16)
2276 filename = "n0initvals16";
2277 else if ((rev >= 11) && (rev <= 12))
2278 filename = "n0initvals11";
2279 else
2280 goto err_no_initvals;
2281 break;
2282 case B43_PHYTYPE_LP:
2283 if (rev == 13)
2284 filename = "lp0initvals13";
2285 else if (rev == 14)
2286 filename = "lp0initvals14";
2287 else if (rev >= 15)
2288 filename = "lp0initvals15";
2289 else
2290 goto err_no_initvals;
2291 break;
2292 case B43_PHYTYPE_HT:
2293 if (rev == 29)
2294 filename = "ht0initvals29";
2295 else
2296 goto err_no_initvals;
2297 break;
2298 case B43_PHYTYPE_LCN:
2299 if (rev == 24)
2300 filename = "lcn0initvals24";
2301 else
2302 goto err_no_initvals;
2303 break;
2304 default:
2305 goto err_no_initvals;
2307 err = b43_do_request_fw(ctx, filename, &fw->initvals);
2308 if (err)
2309 goto err_load;
2311 /* Get bandswitch initvals */
2312 switch (dev->phy.type) {
2313 case B43_PHYTYPE_A:
2314 if ((rev >= 5) && (rev <= 10)) {
2315 tmshigh = ssb_read32(dev->dev->sdev, SSB_TMSHIGH);
2316 if (tmshigh & B43_TMSHIGH_HAVE_2GHZ_PHY)
2317 filename = "a0g1bsinitvals5";
2318 else
2319 filename = "a0g0bsinitvals5";
2320 } else if (rev >= 11)
2321 filename = NULL;
2322 else
2323 goto err_no_initvals;
2324 break;
2325 case B43_PHYTYPE_G:
2326 if ((rev >= 5) && (rev <= 10))
2327 filename = "b0g0bsinitvals5";
2328 else if (rev >= 11)
2329 filename = NULL;
2330 else
2331 goto err_no_initvals;
2332 break;
2333 case B43_PHYTYPE_N:
2334 if (rev >= 16)
2335 filename = "n0bsinitvals16";
2336 else if ((rev >= 11) && (rev <= 12))
2337 filename = "n0bsinitvals11";
2338 else
2339 goto err_no_initvals;
2340 break;
2341 case B43_PHYTYPE_LP:
2342 if (rev == 13)
2343 filename = "lp0bsinitvals13";
2344 else if (rev == 14)
2345 filename = "lp0bsinitvals14";
2346 else if (rev >= 15)
2347 filename = "lp0bsinitvals15";
2348 else
2349 goto err_no_initvals;
2350 break;
2351 case B43_PHYTYPE_HT:
2352 if (rev == 29)
2353 filename = "ht0bsinitvals29";
2354 else
2355 goto err_no_initvals;
2356 break;
2357 case B43_PHYTYPE_LCN:
2358 if (rev == 24)
2359 filename = "lcn0bsinitvals24";
2360 else
2361 goto err_no_initvals;
2362 break;
2363 default:
2364 goto err_no_initvals;
2366 err = b43_do_request_fw(ctx, filename, &fw->initvals_band);
2367 if (err)
2368 goto err_load;
2370 return 0;
2372 err_no_ucode:
2373 err = ctx->fatal_failure = -EOPNOTSUPP;
2374 b43err(dev->wl, "The driver does not know which firmware (ucode) "
2375 "is required for your device (wl-core rev %u)\n", rev);
2376 goto error;
2378 err_no_pcm:
2379 err = ctx->fatal_failure = -EOPNOTSUPP;
2380 b43err(dev->wl, "The driver does not know which firmware (PCM) "
2381 "is required for your device (wl-core rev %u)\n", rev);
2382 goto error;
2384 err_no_initvals:
2385 err = ctx->fatal_failure = -EOPNOTSUPP;
2386 b43err(dev->wl, "The driver does not know which firmware (initvals) "
2387 "is required for your device (wl-core rev %u)\n", rev);
2388 goto error;
2390 err_load:
2391 /* We failed to load this firmware image. The error message
2392 * already is in ctx->errors. Return and let our caller decide
2393 * what to do. */
2394 goto error;
2396 error:
2397 b43_release_firmware(dev);
2398 return err;
2401 static int b43_request_firmware(struct b43_wldev *dev)
2403 struct b43_request_fw_context *ctx;
2404 unsigned int i;
2405 int err;
2406 const char *errmsg;
2408 ctx = kzalloc(sizeof(*ctx), GFP_KERNEL);
2409 if (!ctx)
2410 return -ENOMEM;
2411 ctx->dev = dev;
2413 ctx->req_type = B43_FWTYPE_PROPRIETARY;
2414 err = b43_try_request_fw(ctx);
2415 if (!err)
2416 goto out; /* Successfully loaded it. */
2417 err = ctx->fatal_failure;
2418 if (err)
2419 goto out;
2421 ctx->req_type = B43_FWTYPE_OPENSOURCE;
2422 err = b43_try_request_fw(ctx);
2423 if (!err)
2424 goto out; /* Successfully loaded it. */
2425 err = ctx->fatal_failure;
2426 if (err)
2427 goto out;
2429 /* Could not find a usable firmware. Print the errors. */
2430 for (i = 0; i < B43_NR_FWTYPES; i++) {
2431 errmsg = ctx->errors[i];
2432 if (strlen(errmsg))
2433 b43err(dev->wl, errmsg);
2435 b43_print_fw_helptext(dev->wl, 1);
2436 err = -ENOENT;
2438 out:
2439 kfree(ctx);
2440 return err;
2443 static int b43_upload_microcode(struct b43_wldev *dev)
2445 struct wiphy *wiphy = dev->wl->hw->wiphy;
2446 const size_t hdr_len = sizeof(struct b43_fw_header);
2447 const __be32 *data;
2448 unsigned int i, len;
2449 u16 fwrev, fwpatch, fwdate, fwtime;
2450 u32 tmp, macctl;
2451 int err = 0;
2453 /* Jump the microcode PSM to offset 0 */
2454 macctl = b43_read32(dev, B43_MMIO_MACCTL);
2455 B43_WARN_ON(macctl & B43_MACCTL_PSM_RUN);
2456 macctl |= B43_MACCTL_PSM_JMP0;
2457 b43_write32(dev, B43_MMIO_MACCTL, macctl);
2458 /* Zero out all microcode PSM registers and shared memory. */
2459 for (i = 0; i < 64; i++)
2460 b43_shm_write16(dev, B43_SHM_SCRATCH, i, 0);
2461 for (i = 0; i < 4096; i += 2)
2462 b43_shm_write16(dev, B43_SHM_SHARED, i, 0);
2464 /* Upload Microcode. */
2465 data = (__be32 *) (dev->fw.ucode.data->data + hdr_len);
2466 len = (dev->fw.ucode.data->size - hdr_len) / sizeof(__be32);
2467 b43_shm_control_word(dev, B43_SHM_UCODE | B43_SHM_AUTOINC_W, 0x0000);
2468 for (i = 0; i < len; i++) {
2469 b43_write32(dev, B43_MMIO_SHM_DATA, be32_to_cpu(data[i]));
2470 udelay(10);
2473 if (dev->fw.pcm.data) {
2474 /* Upload PCM data. */
2475 data = (__be32 *) (dev->fw.pcm.data->data + hdr_len);
2476 len = (dev->fw.pcm.data->size - hdr_len) / sizeof(__be32);
2477 b43_shm_control_word(dev, B43_SHM_HW, 0x01EA);
2478 b43_write32(dev, B43_MMIO_SHM_DATA, 0x00004000);
2479 /* No need for autoinc bit in SHM_HW */
2480 b43_shm_control_word(dev, B43_SHM_HW, 0x01EB);
2481 for (i = 0; i < len; i++) {
2482 b43_write32(dev, B43_MMIO_SHM_DATA, be32_to_cpu(data[i]));
2483 udelay(10);
2487 b43_write32(dev, B43_MMIO_GEN_IRQ_REASON, B43_IRQ_ALL);
2489 /* Start the microcode PSM */
2490 macctl = b43_read32(dev, B43_MMIO_MACCTL);
2491 macctl &= ~B43_MACCTL_PSM_JMP0;
2492 macctl |= B43_MACCTL_PSM_RUN;
2493 b43_write32(dev, B43_MMIO_MACCTL, macctl);
2495 /* Wait for the microcode to load and respond */
2496 i = 0;
2497 while (1) {
2498 tmp = b43_read32(dev, B43_MMIO_GEN_IRQ_REASON);
2499 if (tmp == B43_IRQ_MAC_SUSPENDED)
2500 break;
2501 i++;
2502 if (i >= 20) {
2503 b43err(dev->wl, "Microcode not responding\n");
2504 b43_print_fw_helptext(dev->wl, 1);
2505 err = -ENODEV;
2506 goto error;
2508 msleep(50);
2510 b43_read32(dev, B43_MMIO_GEN_IRQ_REASON); /* dummy read */
2512 /* Get and check the revisions. */
2513 fwrev = b43_shm_read16(dev, B43_SHM_SHARED, B43_SHM_SH_UCODEREV);
2514 fwpatch = b43_shm_read16(dev, B43_SHM_SHARED, B43_SHM_SH_UCODEPATCH);
2515 fwdate = b43_shm_read16(dev, B43_SHM_SHARED, B43_SHM_SH_UCODEDATE);
2516 fwtime = b43_shm_read16(dev, B43_SHM_SHARED, B43_SHM_SH_UCODETIME);
2518 if (fwrev <= 0x128) {
2519 b43err(dev->wl, "YOUR FIRMWARE IS TOO OLD. Firmware from "
2520 "binary drivers older than version 4.x is unsupported. "
2521 "You must upgrade your firmware files.\n");
2522 b43_print_fw_helptext(dev->wl, 1);
2523 err = -EOPNOTSUPP;
2524 goto error;
2526 dev->fw.rev = fwrev;
2527 dev->fw.patch = fwpatch;
2528 if (dev->fw.rev >= 598)
2529 dev->fw.hdr_format = B43_FW_HDR_598;
2530 else if (dev->fw.rev >= 410)
2531 dev->fw.hdr_format = B43_FW_HDR_410;
2532 else
2533 dev->fw.hdr_format = B43_FW_HDR_351;
2534 dev->fw.opensource = (fwdate == 0xFFFF);
2536 /* Default to use-all-queues. */
2537 dev->wl->hw->queues = dev->wl->mac80211_initially_registered_queues;
2538 dev->qos_enabled = !!modparam_qos;
2539 /* Default to firmware/hardware crypto acceleration. */
2540 dev->hwcrypto_enabled = true;
2542 if (dev->fw.opensource) {
2543 u16 fwcapa;
2545 /* Patchlevel info is encoded in the "time" field. */
2546 dev->fw.patch = fwtime;
2547 b43info(dev->wl, "Loading OpenSource firmware version %u.%u\n",
2548 dev->fw.rev, dev->fw.patch);
2550 fwcapa = b43_fwcapa_read(dev);
2551 if (!(fwcapa & B43_FWCAPA_HWCRYPTO) || dev->fw.pcm_request_failed) {
2552 b43info(dev->wl, "Hardware crypto acceleration not supported by firmware\n");
2553 /* Disable hardware crypto and fall back to software crypto. */
2554 dev->hwcrypto_enabled = false;
2556 if (!(fwcapa & B43_FWCAPA_QOS)) {
2557 b43info(dev->wl, "QoS not supported by firmware\n");
2558 /* Disable QoS. Tweak hw->queues to 1. It will be restored before
2559 * ieee80211_unregister to make sure the networking core can
2560 * properly free possible resources. */
2561 dev->wl->hw->queues = 1;
2562 dev->qos_enabled = false;
2564 } else {
2565 b43info(dev->wl, "Loading firmware version %u.%u "
2566 "(20%.2i-%.2i-%.2i %.2i:%.2i:%.2i)\n",
2567 fwrev, fwpatch,
2568 (fwdate >> 12) & 0xF, (fwdate >> 8) & 0xF, fwdate & 0xFF,
2569 (fwtime >> 11) & 0x1F, (fwtime >> 5) & 0x3F, fwtime & 0x1F);
2570 if (dev->fw.pcm_request_failed) {
2571 b43warn(dev->wl, "No \"pcm5.fw\" firmware file found. "
2572 "Hardware accelerated cryptography is disabled.\n");
2573 b43_print_fw_helptext(dev->wl, 0);
2577 snprintf(wiphy->fw_version, sizeof(wiphy->fw_version), "%u.%u",
2578 dev->fw.rev, dev->fw.patch);
2579 wiphy->hw_version = dev->dev->core_id;
2581 if (dev->fw.hdr_format == B43_FW_HDR_351) {
2582 /* We're over the deadline, but we keep support for old fw
2583 * until it turns out to be in major conflict with something new. */
2584 b43warn(dev->wl, "You are using an old firmware image. "
2585 "Support for old firmware will be removed soon "
2586 "(official deadline was July 2008).\n");
2587 b43_print_fw_helptext(dev->wl, 0);
2590 return 0;
2592 error:
2593 macctl = b43_read32(dev, B43_MMIO_MACCTL);
2594 macctl &= ~B43_MACCTL_PSM_RUN;
2595 macctl |= B43_MACCTL_PSM_JMP0;
2596 b43_write32(dev, B43_MMIO_MACCTL, macctl);
2598 return err;
2601 static int b43_write_initvals(struct b43_wldev *dev,
2602 const struct b43_iv *ivals,
2603 size_t count,
2604 size_t array_size)
2606 const struct b43_iv *iv;
2607 u16 offset;
2608 size_t i;
2609 bool bit32;
2611 BUILD_BUG_ON(sizeof(struct b43_iv) != 6);
2612 iv = ivals;
2613 for (i = 0; i < count; i++) {
2614 if (array_size < sizeof(iv->offset_size))
2615 goto err_format;
2616 array_size -= sizeof(iv->offset_size);
2617 offset = be16_to_cpu(iv->offset_size);
2618 bit32 = !!(offset & B43_IV_32BIT);
2619 offset &= B43_IV_OFFSET_MASK;
2620 if (offset >= 0x1000)
2621 goto err_format;
2622 if (bit32) {
2623 u32 value;
2625 if (array_size < sizeof(iv->data.d32))
2626 goto err_format;
2627 array_size -= sizeof(iv->data.d32);
2629 value = get_unaligned_be32(&iv->data.d32);
2630 b43_write32(dev, offset, value);
2632 iv = (const struct b43_iv *)((const uint8_t *)iv +
2633 sizeof(__be16) +
2634 sizeof(__be32));
2635 } else {
2636 u16 value;
2638 if (array_size < sizeof(iv->data.d16))
2639 goto err_format;
2640 array_size -= sizeof(iv->data.d16);
2642 value = be16_to_cpu(iv->data.d16);
2643 b43_write16(dev, offset, value);
2645 iv = (const struct b43_iv *)((const uint8_t *)iv +
2646 sizeof(__be16) +
2647 sizeof(__be16));
2650 if (array_size)
2651 goto err_format;
2653 return 0;
2655 err_format:
2656 b43err(dev->wl, "Initial Values Firmware file-format error.\n");
2657 b43_print_fw_helptext(dev->wl, 1);
2659 return -EPROTO;
2662 static int b43_upload_initvals(struct b43_wldev *dev)
2664 const size_t hdr_len = sizeof(struct b43_fw_header);
2665 const struct b43_fw_header *hdr;
2666 struct b43_firmware *fw = &dev->fw;
2667 const struct b43_iv *ivals;
2668 size_t count;
2669 int err;
2671 hdr = (const struct b43_fw_header *)(fw->initvals.data->data);
2672 ivals = (const struct b43_iv *)(fw->initvals.data->data + hdr_len);
2673 count = be32_to_cpu(hdr->size);
2674 err = b43_write_initvals(dev, ivals, count,
2675 fw->initvals.data->size - hdr_len);
2676 if (err)
2677 goto out;
2678 if (fw->initvals_band.data) {
2679 hdr = (const struct b43_fw_header *)(fw->initvals_band.data->data);
2680 ivals = (const struct b43_iv *)(fw->initvals_band.data->data + hdr_len);
2681 count = be32_to_cpu(hdr->size);
2682 err = b43_write_initvals(dev, ivals, count,
2683 fw->initvals_band.data->size - hdr_len);
2684 if (err)
2685 goto out;
2687 out:
2689 return err;
2692 /* Initialize the GPIOs
2693 * http://bcm-specs.sipsolutions.net/GPIO
2695 static struct ssb_device *b43_ssb_gpio_dev(struct b43_wldev *dev)
2697 struct ssb_bus *bus = dev->dev->sdev->bus;
2699 #ifdef CONFIG_SSB_DRIVER_PCICORE
2700 return (bus->chipco.dev ? bus->chipco.dev : bus->pcicore.dev);
2701 #else
2702 return bus->chipco.dev;
2703 #endif
2706 static int b43_gpio_init(struct b43_wldev *dev)
2708 struct ssb_device *gpiodev;
2709 u32 mask, set;
2711 b43_write32(dev, B43_MMIO_MACCTL, b43_read32(dev, B43_MMIO_MACCTL)
2712 & ~B43_MACCTL_GPOUTSMSK);
2714 b43_write16(dev, B43_MMIO_GPIO_MASK, b43_read16(dev, B43_MMIO_GPIO_MASK)
2715 | 0x000F);
2717 mask = 0x0000001F;
2718 set = 0x0000000F;
2719 if (dev->dev->chip_id == 0x4301) {
2720 mask |= 0x0060;
2721 set |= 0x0060;
2723 if (0 /* FIXME: conditional unknown */ ) {
2724 b43_write16(dev, B43_MMIO_GPIO_MASK,
2725 b43_read16(dev, B43_MMIO_GPIO_MASK)
2726 | 0x0100);
2727 mask |= 0x0180;
2728 set |= 0x0180;
2730 if (dev->dev->bus_sprom->boardflags_lo & B43_BFL_PACTRL) {
2731 b43_write16(dev, B43_MMIO_GPIO_MASK,
2732 b43_read16(dev, B43_MMIO_GPIO_MASK)
2733 | 0x0200);
2734 mask |= 0x0200;
2735 set |= 0x0200;
2737 if (dev->dev->core_rev >= 2)
2738 mask |= 0x0010; /* FIXME: This is redundant. */
2740 switch (dev->dev->bus_type) {
2741 #ifdef CONFIG_B43_BCMA
2742 case B43_BUS_BCMA:
2743 bcma_cc_write32(&dev->dev->bdev->bus->drv_cc, BCMA_CC_GPIOCTL,
2744 (bcma_cc_read32(&dev->dev->bdev->bus->drv_cc,
2745 BCMA_CC_GPIOCTL) & mask) | set);
2746 break;
2747 #endif
2748 #ifdef CONFIG_B43_SSB
2749 case B43_BUS_SSB:
2750 gpiodev = b43_ssb_gpio_dev(dev);
2751 if (gpiodev)
2752 ssb_write32(gpiodev, B43_GPIO_CONTROL,
2753 (ssb_read32(gpiodev, B43_GPIO_CONTROL)
2754 & mask) | set);
2755 break;
2756 #endif
2759 return 0;
2762 /* Turn off all GPIO stuff. Call this on module unload, for example. */
2763 static void b43_gpio_cleanup(struct b43_wldev *dev)
2765 struct ssb_device *gpiodev;
2767 switch (dev->dev->bus_type) {
2768 #ifdef CONFIG_B43_BCMA
2769 case B43_BUS_BCMA:
2770 bcma_cc_write32(&dev->dev->bdev->bus->drv_cc, BCMA_CC_GPIOCTL,
2772 break;
2773 #endif
2774 #ifdef CONFIG_B43_SSB
2775 case B43_BUS_SSB:
2776 gpiodev = b43_ssb_gpio_dev(dev);
2777 if (gpiodev)
2778 ssb_write32(gpiodev, B43_GPIO_CONTROL, 0);
2779 break;
2780 #endif
2784 /* http://bcm-specs.sipsolutions.net/EnableMac */
2785 void b43_mac_enable(struct b43_wldev *dev)
2787 if (b43_debug(dev, B43_DBG_FIRMWARE)) {
2788 u16 fwstate;
2790 fwstate = b43_shm_read16(dev, B43_SHM_SHARED,
2791 B43_SHM_SH_UCODESTAT);
2792 if ((fwstate != B43_SHM_SH_UCODESTAT_SUSP) &&
2793 (fwstate != B43_SHM_SH_UCODESTAT_SLEEP)) {
2794 b43err(dev->wl, "b43_mac_enable(): The firmware "
2795 "should be suspended, but current state is %u\n",
2796 fwstate);
2800 dev->mac_suspended--;
2801 B43_WARN_ON(dev->mac_suspended < 0);
2802 if (dev->mac_suspended == 0) {
2803 b43_write32(dev, B43_MMIO_MACCTL,
2804 b43_read32(dev, B43_MMIO_MACCTL)
2805 | B43_MACCTL_ENABLED);
2806 b43_write32(dev, B43_MMIO_GEN_IRQ_REASON,
2807 B43_IRQ_MAC_SUSPENDED);
2808 /* Commit writes */
2809 b43_read32(dev, B43_MMIO_MACCTL);
2810 b43_read32(dev, B43_MMIO_GEN_IRQ_REASON);
2811 b43_power_saving_ctl_bits(dev, 0);
2815 /* http://bcm-specs.sipsolutions.net/SuspendMAC */
2816 void b43_mac_suspend(struct b43_wldev *dev)
2818 int i;
2819 u32 tmp;
2821 might_sleep();
2822 B43_WARN_ON(dev->mac_suspended < 0);
2824 if (dev->mac_suspended == 0) {
2825 b43_power_saving_ctl_bits(dev, B43_PS_AWAKE);
2826 b43_write32(dev, B43_MMIO_MACCTL,
2827 b43_read32(dev, B43_MMIO_MACCTL)
2828 & ~B43_MACCTL_ENABLED);
2829 /* force pci to flush the write */
2830 b43_read32(dev, B43_MMIO_MACCTL);
2831 for (i = 35; i; i--) {
2832 tmp = b43_read32(dev, B43_MMIO_GEN_IRQ_REASON);
2833 if (tmp & B43_IRQ_MAC_SUSPENDED)
2834 goto out;
2835 udelay(10);
2837 /* Hm, it seems this will take some time. Use msleep(). */
2838 for (i = 40; i; i--) {
2839 tmp = b43_read32(dev, B43_MMIO_GEN_IRQ_REASON);
2840 if (tmp & B43_IRQ_MAC_SUSPENDED)
2841 goto out;
2842 msleep(1);
2844 b43err(dev->wl, "MAC suspend failed\n");
2846 out:
2847 dev->mac_suspended++;
2850 /* http://bcm-v4.sipsolutions.net/802.11/PHY/N/MacPhyClkSet */
2851 void b43_mac_phy_clock_set(struct b43_wldev *dev, bool on)
2853 u32 tmp;
2855 switch (dev->dev->bus_type) {
2856 #ifdef CONFIG_B43_BCMA
2857 case B43_BUS_BCMA:
2858 tmp = bcma_aread32(dev->dev->bdev, BCMA_IOCTL);
2859 if (on)
2860 tmp |= B43_BCMA_IOCTL_MACPHYCLKEN;
2861 else
2862 tmp &= ~B43_BCMA_IOCTL_MACPHYCLKEN;
2863 bcma_awrite32(dev->dev->bdev, BCMA_IOCTL, tmp);
2864 break;
2865 #endif
2866 #ifdef CONFIG_B43_SSB
2867 case B43_BUS_SSB:
2868 tmp = ssb_read32(dev->dev->sdev, SSB_TMSLOW);
2869 if (on)
2870 tmp |= B43_TMSLOW_MACPHYCLKEN;
2871 else
2872 tmp &= ~B43_TMSLOW_MACPHYCLKEN;
2873 ssb_write32(dev->dev->sdev, SSB_TMSLOW, tmp);
2874 break;
2875 #endif
2879 static void b43_adjust_opmode(struct b43_wldev *dev)
2881 struct b43_wl *wl = dev->wl;
2882 u32 ctl;
2883 u16 cfp_pretbtt;
2885 ctl = b43_read32(dev, B43_MMIO_MACCTL);
2886 /* Reset status to STA infrastructure mode. */
2887 ctl &= ~B43_MACCTL_AP;
2888 ctl &= ~B43_MACCTL_KEEP_CTL;
2889 ctl &= ~B43_MACCTL_KEEP_BADPLCP;
2890 ctl &= ~B43_MACCTL_KEEP_BAD;
2891 ctl &= ~B43_MACCTL_PROMISC;
2892 ctl &= ~B43_MACCTL_BEACPROMISC;
2893 ctl |= B43_MACCTL_INFRA;
2895 if (b43_is_mode(wl, NL80211_IFTYPE_AP) ||
2896 b43_is_mode(wl, NL80211_IFTYPE_MESH_POINT))
2897 ctl |= B43_MACCTL_AP;
2898 else if (b43_is_mode(wl, NL80211_IFTYPE_ADHOC))
2899 ctl &= ~B43_MACCTL_INFRA;
2901 if (wl->filter_flags & FIF_CONTROL)
2902 ctl |= B43_MACCTL_KEEP_CTL;
2903 if (wl->filter_flags & FIF_FCSFAIL)
2904 ctl |= B43_MACCTL_KEEP_BAD;
2905 if (wl->filter_flags & FIF_PLCPFAIL)
2906 ctl |= B43_MACCTL_KEEP_BADPLCP;
2907 if (wl->filter_flags & FIF_PROMISC_IN_BSS)
2908 ctl |= B43_MACCTL_PROMISC;
2909 if (wl->filter_flags & FIF_BCN_PRBRESP_PROMISC)
2910 ctl |= B43_MACCTL_BEACPROMISC;
2912 /* Workaround: On old hardware the HW-MAC-address-filter
2913 * doesn't work properly, so always run promisc in filter
2914 * it in software. */
2915 if (dev->dev->core_rev <= 4)
2916 ctl |= B43_MACCTL_PROMISC;
2918 b43_write32(dev, B43_MMIO_MACCTL, ctl);
2920 cfp_pretbtt = 2;
2921 if ((ctl & B43_MACCTL_INFRA) && !(ctl & B43_MACCTL_AP)) {
2922 if (dev->dev->chip_id == 0x4306 &&
2923 dev->dev->chip_rev == 3)
2924 cfp_pretbtt = 100;
2925 else
2926 cfp_pretbtt = 50;
2928 b43_write16(dev, 0x612, cfp_pretbtt);
2930 /* FIXME: We don't currently implement the PMQ mechanism,
2931 * so always disable it. If we want to implement PMQ,
2932 * we need to enable it here (clear DISCPMQ) in AP mode.
2934 if (0 /* ctl & B43_MACCTL_AP */) {
2935 b43_write32(dev, B43_MMIO_MACCTL,
2936 b43_read32(dev, B43_MMIO_MACCTL)
2937 & ~B43_MACCTL_DISCPMQ);
2938 } else {
2939 b43_write32(dev, B43_MMIO_MACCTL,
2940 b43_read32(dev, B43_MMIO_MACCTL)
2941 | B43_MACCTL_DISCPMQ);
2945 static void b43_rate_memory_write(struct b43_wldev *dev, u16 rate, int is_ofdm)
2947 u16 offset;
2949 if (is_ofdm) {
2950 offset = 0x480;
2951 offset += (b43_plcp_get_ratecode_ofdm(rate) & 0x000F) * 2;
2952 } else {
2953 offset = 0x4C0;
2954 offset += (b43_plcp_get_ratecode_cck(rate) & 0x000F) * 2;
2956 b43_shm_write16(dev, B43_SHM_SHARED, offset + 0x20,
2957 b43_shm_read16(dev, B43_SHM_SHARED, offset));
2960 static void b43_rate_memory_init(struct b43_wldev *dev)
2962 switch (dev->phy.type) {
2963 case B43_PHYTYPE_A:
2964 case B43_PHYTYPE_G:
2965 case B43_PHYTYPE_N:
2966 case B43_PHYTYPE_LP:
2967 case B43_PHYTYPE_HT:
2968 case B43_PHYTYPE_LCN:
2969 b43_rate_memory_write(dev, B43_OFDM_RATE_6MB, 1);
2970 b43_rate_memory_write(dev, B43_OFDM_RATE_12MB, 1);
2971 b43_rate_memory_write(dev, B43_OFDM_RATE_18MB, 1);
2972 b43_rate_memory_write(dev, B43_OFDM_RATE_24MB, 1);
2973 b43_rate_memory_write(dev, B43_OFDM_RATE_36MB, 1);
2974 b43_rate_memory_write(dev, B43_OFDM_RATE_48MB, 1);
2975 b43_rate_memory_write(dev, B43_OFDM_RATE_54MB, 1);
2976 if (dev->phy.type == B43_PHYTYPE_A)
2977 break;
2978 /* fallthrough */
2979 case B43_PHYTYPE_B:
2980 b43_rate_memory_write(dev, B43_CCK_RATE_1MB, 0);
2981 b43_rate_memory_write(dev, B43_CCK_RATE_2MB, 0);
2982 b43_rate_memory_write(dev, B43_CCK_RATE_5MB, 0);
2983 b43_rate_memory_write(dev, B43_CCK_RATE_11MB, 0);
2984 break;
2985 default:
2986 B43_WARN_ON(1);
2990 /* Set the default values for the PHY TX Control Words. */
2991 static void b43_set_phytxctl_defaults(struct b43_wldev *dev)
2993 u16 ctl = 0;
2995 ctl |= B43_TXH_PHY_ENC_CCK;
2996 ctl |= B43_TXH_PHY_ANT01AUTO;
2997 ctl |= B43_TXH_PHY_TXPWR;
2999 b43_shm_write16(dev, B43_SHM_SHARED, B43_SHM_SH_BEACPHYCTL, ctl);
3000 b43_shm_write16(dev, B43_SHM_SHARED, B43_SHM_SH_ACKCTSPHYCTL, ctl);
3001 b43_shm_write16(dev, B43_SHM_SHARED, B43_SHM_SH_PRPHYCTL, ctl);
3004 /* Set the TX-Antenna for management frames sent by firmware. */
3005 static void b43_mgmtframe_txantenna(struct b43_wldev *dev, int antenna)
3007 u16 ant;
3008 u16 tmp;
3010 ant = b43_antenna_to_phyctl(antenna);
3012 /* For ACK/CTS */
3013 tmp = b43_shm_read16(dev, B43_SHM_SHARED, B43_SHM_SH_ACKCTSPHYCTL);
3014 tmp = (tmp & ~B43_TXH_PHY_ANT) | ant;
3015 b43_shm_write16(dev, B43_SHM_SHARED, B43_SHM_SH_ACKCTSPHYCTL, tmp);
3016 /* For Probe Resposes */
3017 tmp = b43_shm_read16(dev, B43_SHM_SHARED, B43_SHM_SH_PRPHYCTL);
3018 tmp = (tmp & ~B43_TXH_PHY_ANT) | ant;
3019 b43_shm_write16(dev, B43_SHM_SHARED, B43_SHM_SH_PRPHYCTL, tmp);
3022 /* This is the opposite of b43_chip_init() */
3023 static void b43_chip_exit(struct b43_wldev *dev)
3025 b43_phy_exit(dev);
3026 b43_gpio_cleanup(dev);
3027 /* firmware is released later */
3030 /* Initialize the chip
3031 * http://bcm-specs.sipsolutions.net/ChipInit
3033 static int b43_chip_init(struct b43_wldev *dev)
3035 struct b43_phy *phy = &dev->phy;
3036 int err;
3037 u32 macctl;
3038 u16 value16;
3040 /* Initialize the MAC control */
3041 macctl = B43_MACCTL_IHR_ENABLED | B43_MACCTL_SHM_ENABLED;
3042 if (dev->phy.gmode)
3043 macctl |= B43_MACCTL_GMODE;
3044 macctl |= B43_MACCTL_INFRA;
3045 b43_write32(dev, B43_MMIO_MACCTL, macctl);
3047 err = b43_request_firmware(dev);
3048 if (err)
3049 goto out;
3050 err = b43_upload_microcode(dev);
3051 if (err)
3052 goto out; /* firmware is released later */
3054 err = b43_gpio_init(dev);
3055 if (err)
3056 goto out; /* firmware is released later */
3058 err = b43_upload_initvals(dev);
3059 if (err)
3060 goto err_gpio_clean;
3062 /* Turn the Analog on and initialize the PHY. */
3063 phy->ops->switch_analog(dev, 1);
3064 err = b43_phy_init(dev);
3065 if (err)
3066 goto err_gpio_clean;
3068 /* Disable Interference Mitigation. */
3069 if (phy->ops->interf_mitigation)
3070 phy->ops->interf_mitigation(dev, B43_INTERFMODE_NONE);
3072 /* Select the antennae */
3073 if (phy->ops->set_rx_antenna)
3074 phy->ops->set_rx_antenna(dev, B43_ANTENNA_DEFAULT);
3075 b43_mgmtframe_txantenna(dev, B43_ANTENNA_DEFAULT);
3077 if (phy->type == B43_PHYTYPE_B) {
3078 value16 = b43_read16(dev, 0x005E);
3079 value16 |= 0x0004;
3080 b43_write16(dev, 0x005E, value16);
3082 b43_write32(dev, 0x0100, 0x01000000);
3083 if (dev->dev->core_rev < 5)
3084 b43_write32(dev, 0x010C, 0x01000000);
3086 b43_write32(dev, B43_MMIO_MACCTL, b43_read32(dev, B43_MMIO_MACCTL)
3087 & ~B43_MACCTL_INFRA);
3088 b43_write32(dev, B43_MMIO_MACCTL, b43_read32(dev, B43_MMIO_MACCTL)
3089 | B43_MACCTL_INFRA);
3091 /* Probe Response Timeout value */
3092 /* FIXME: Default to 0, has to be set by ioctl probably... :-/ */
3093 b43_shm_write16(dev, B43_SHM_SHARED, 0x0074, 0x0000);
3095 /* Initially set the wireless operation mode. */
3096 b43_adjust_opmode(dev);
3098 if (dev->dev->core_rev < 3) {
3099 b43_write16(dev, 0x060E, 0x0000);
3100 b43_write16(dev, 0x0610, 0x8000);
3101 b43_write16(dev, 0x0604, 0x0000);
3102 b43_write16(dev, 0x0606, 0x0200);
3103 } else {
3104 b43_write32(dev, 0x0188, 0x80000000);
3105 b43_write32(dev, 0x018C, 0x02000000);
3107 b43_write32(dev, B43_MMIO_GEN_IRQ_REASON, 0x00004000);
3108 b43_write32(dev, B43_MMIO_DMA0_IRQ_MASK, 0x0001DC00);
3109 b43_write32(dev, B43_MMIO_DMA1_IRQ_MASK, 0x0000DC00);
3110 b43_write32(dev, B43_MMIO_DMA2_IRQ_MASK, 0x0000DC00);
3111 b43_write32(dev, B43_MMIO_DMA3_IRQ_MASK, 0x0001DC00);
3112 b43_write32(dev, B43_MMIO_DMA4_IRQ_MASK, 0x0000DC00);
3113 b43_write32(dev, B43_MMIO_DMA5_IRQ_MASK, 0x0000DC00);
3115 b43_mac_phy_clock_set(dev, true);
3117 switch (dev->dev->bus_type) {
3118 #ifdef CONFIG_B43_BCMA
3119 case B43_BUS_BCMA:
3120 /* FIXME: 0xE74 is quite common, but should be read from CC */
3121 b43_write16(dev, B43_MMIO_POWERUP_DELAY, 0xE74);
3122 break;
3123 #endif
3124 #ifdef CONFIG_B43_SSB
3125 case B43_BUS_SSB:
3126 b43_write16(dev, B43_MMIO_POWERUP_DELAY,
3127 dev->dev->sdev->bus->chipco.fast_pwrup_delay);
3128 break;
3129 #endif
3132 err = 0;
3133 b43dbg(dev->wl, "Chip initialized\n");
3134 out:
3135 return err;
3137 err_gpio_clean:
3138 b43_gpio_cleanup(dev);
3139 return err;
3142 static void b43_periodic_every60sec(struct b43_wldev *dev)
3144 const struct b43_phy_operations *ops = dev->phy.ops;
3146 if (ops->pwork_60sec)
3147 ops->pwork_60sec(dev);
3149 /* Force check the TX power emission now. */
3150 b43_phy_txpower_check(dev, B43_TXPWR_IGNORE_TIME);
3153 static void b43_periodic_every30sec(struct b43_wldev *dev)
3155 /* Update device statistics. */
3156 b43_calculate_link_quality(dev);
3159 static void b43_periodic_every15sec(struct b43_wldev *dev)
3161 struct b43_phy *phy = &dev->phy;
3162 u16 wdr;
3164 if (dev->fw.opensource) {
3165 /* Check if the firmware is still alive.
3166 * It will reset the watchdog counter to 0 in its idle loop. */
3167 wdr = b43_shm_read16(dev, B43_SHM_SCRATCH, B43_WATCHDOG_REG);
3168 if (unlikely(wdr)) {
3169 b43err(dev->wl, "Firmware watchdog: The firmware died!\n");
3170 b43_controller_restart(dev, "Firmware watchdog");
3171 return;
3172 } else {
3173 b43_shm_write16(dev, B43_SHM_SCRATCH,
3174 B43_WATCHDOG_REG, 1);
3178 if (phy->ops->pwork_15sec)
3179 phy->ops->pwork_15sec(dev);
3181 atomic_set(&phy->txerr_cnt, B43_PHY_TX_BADNESS_LIMIT);
3182 wmb();
3184 #if B43_DEBUG
3185 if (b43_debug(dev, B43_DBG_VERBOSESTATS)) {
3186 unsigned int i;
3188 b43dbg(dev->wl, "Stats: %7u IRQs/sec, %7u TX/sec, %7u RX/sec\n",
3189 dev->irq_count / 15,
3190 dev->tx_count / 15,
3191 dev->rx_count / 15);
3192 dev->irq_count = 0;
3193 dev->tx_count = 0;
3194 dev->rx_count = 0;
3195 for (i = 0; i < ARRAY_SIZE(dev->irq_bit_count); i++) {
3196 if (dev->irq_bit_count[i]) {
3197 b43dbg(dev->wl, "Stats: %7u IRQ-%02u/sec (0x%08X)\n",
3198 dev->irq_bit_count[i] / 15, i, (1 << i));
3199 dev->irq_bit_count[i] = 0;
3203 #endif
3206 static void do_periodic_work(struct b43_wldev *dev)
3208 unsigned int state;
3210 state = dev->periodic_state;
3211 if (state % 4 == 0)
3212 b43_periodic_every60sec(dev);
3213 if (state % 2 == 0)
3214 b43_periodic_every30sec(dev);
3215 b43_periodic_every15sec(dev);
3218 /* Periodic work locking policy:
3219 * The whole periodic work handler is protected by
3220 * wl->mutex. If another lock is needed somewhere in the
3221 * pwork callchain, it's acquired in-place, where it's needed.
3223 static void b43_periodic_work_handler(struct work_struct *work)
3225 struct b43_wldev *dev = container_of(work, struct b43_wldev,
3226 periodic_work.work);
3227 struct b43_wl *wl = dev->wl;
3228 unsigned long delay;
3230 mutex_lock(&wl->mutex);
3232 if (unlikely(b43_status(dev) != B43_STAT_STARTED))
3233 goto out;
3234 if (b43_debug(dev, B43_DBG_PWORK_STOP))
3235 goto out_requeue;
3237 do_periodic_work(dev);
3239 dev->periodic_state++;
3240 out_requeue:
3241 if (b43_debug(dev, B43_DBG_PWORK_FAST))
3242 delay = msecs_to_jiffies(50);
3243 else
3244 delay = round_jiffies_relative(HZ * 15);
3245 ieee80211_queue_delayed_work(wl->hw, &dev->periodic_work, delay);
3246 out:
3247 mutex_unlock(&wl->mutex);
3250 static void b43_periodic_tasks_setup(struct b43_wldev *dev)
3252 struct delayed_work *work = &dev->periodic_work;
3254 dev->periodic_state = 0;
3255 INIT_DELAYED_WORK(work, b43_periodic_work_handler);
3256 ieee80211_queue_delayed_work(dev->wl->hw, work, 0);
3259 /* Check if communication with the device works correctly. */
3260 static int b43_validate_chipaccess(struct b43_wldev *dev)
3262 u32 v, backup0, backup4;
3264 backup0 = b43_shm_read32(dev, B43_SHM_SHARED, 0);
3265 backup4 = b43_shm_read32(dev, B43_SHM_SHARED, 4);
3267 /* Check for read/write and endianness problems. */
3268 b43_shm_write32(dev, B43_SHM_SHARED, 0, 0x55AAAA55);
3269 if (b43_shm_read32(dev, B43_SHM_SHARED, 0) != 0x55AAAA55)
3270 goto error;
3271 b43_shm_write32(dev, B43_SHM_SHARED, 0, 0xAA5555AA);
3272 if (b43_shm_read32(dev, B43_SHM_SHARED, 0) != 0xAA5555AA)
3273 goto error;
3275 /* Check if unaligned 32bit SHM_SHARED access works properly.
3276 * However, don't bail out on failure, because it's noncritical. */
3277 b43_shm_write16(dev, B43_SHM_SHARED, 0, 0x1122);
3278 b43_shm_write16(dev, B43_SHM_SHARED, 2, 0x3344);
3279 b43_shm_write16(dev, B43_SHM_SHARED, 4, 0x5566);
3280 b43_shm_write16(dev, B43_SHM_SHARED, 6, 0x7788);
3281 if (b43_shm_read32(dev, B43_SHM_SHARED, 2) != 0x55663344)
3282 b43warn(dev->wl, "Unaligned 32bit SHM read access is broken\n");
3283 b43_shm_write32(dev, B43_SHM_SHARED, 2, 0xAABBCCDD);
3284 if (b43_shm_read16(dev, B43_SHM_SHARED, 0) != 0x1122 ||
3285 b43_shm_read16(dev, B43_SHM_SHARED, 2) != 0xCCDD ||
3286 b43_shm_read16(dev, B43_SHM_SHARED, 4) != 0xAABB ||
3287 b43_shm_read16(dev, B43_SHM_SHARED, 6) != 0x7788)
3288 b43warn(dev->wl, "Unaligned 32bit SHM write access is broken\n");
3290 b43_shm_write32(dev, B43_SHM_SHARED, 0, backup0);
3291 b43_shm_write32(dev, B43_SHM_SHARED, 4, backup4);
3293 if ((dev->dev->core_rev >= 3) && (dev->dev->core_rev <= 10)) {
3294 /* The 32bit register shadows the two 16bit registers
3295 * with update sideeffects. Validate this. */
3296 b43_write16(dev, B43_MMIO_TSF_CFP_START, 0xAAAA);
3297 b43_write32(dev, B43_MMIO_TSF_CFP_START, 0xCCCCBBBB);
3298 if (b43_read16(dev, B43_MMIO_TSF_CFP_START_LOW) != 0xBBBB)
3299 goto error;
3300 if (b43_read16(dev, B43_MMIO_TSF_CFP_START_HIGH) != 0xCCCC)
3301 goto error;
3303 b43_write32(dev, B43_MMIO_TSF_CFP_START, 0);
3305 v = b43_read32(dev, B43_MMIO_MACCTL);
3306 v |= B43_MACCTL_GMODE;
3307 if (v != (B43_MACCTL_GMODE | B43_MACCTL_IHR_ENABLED))
3308 goto error;
3310 return 0;
3311 error:
3312 b43err(dev->wl, "Failed to validate the chipaccess\n");
3313 return -ENODEV;
3316 static void b43_security_init(struct b43_wldev *dev)
3318 dev->ktp = b43_shm_read16(dev, B43_SHM_SHARED, B43_SHM_SH_KTP);
3319 /* KTP is a word address, but we address SHM bytewise.
3320 * So multiply by two.
3322 dev->ktp *= 2;
3323 /* Number of RCMTA address slots */
3324 b43_write16(dev, B43_MMIO_RCMTA_COUNT, B43_NR_PAIRWISE_KEYS);
3325 /* Clear the key memory. */
3326 b43_clear_keys(dev);
3329 #ifdef CONFIG_B43_HWRNG
3330 static int b43_rng_read(struct hwrng *rng, u32 *data)
3332 struct b43_wl *wl = (struct b43_wl *)rng->priv;
3333 struct b43_wldev *dev;
3334 int count = -ENODEV;
3336 mutex_lock(&wl->mutex);
3337 dev = wl->current_dev;
3338 if (likely(dev && b43_status(dev) >= B43_STAT_INITIALIZED)) {
3339 *data = b43_read16(dev, B43_MMIO_RNG);
3340 count = sizeof(u16);
3342 mutex_unlock(&wl->mutex);
3344 return count;
3346 #endif /* CONFIG_B43_HWRNG */
3348 static void b43_rng_exit(struct b43_wl *wl)
3350 #ifdef CONFIG_B43_HWRNG
3351 if (wl->rng_initialized)
3352 hwrng_unregister(&wl->rng);
3353 #endif /* CONFIG_B43_HWRNG */
3356 static int b43_rng_init(struct b43_wl *wl)
3358 int err = 0;
3360 #ifdef CONFIG_B43_HWRNG
3361 snprintf(wl->rng_name, ARRAY_SIZE(wl->rng_name),
3362 "%s_%s", KBUILD_MODNAME, wiphy_name(wl->hw->wiphy));
3363 wl->rng.name = wl->rng_name;
3364 wl->rng.data_read = b43_rng_read;
3365 wl->rng.priv = (unsigned long)wl;
3366 wl->rng_initialized = true;
3367 err = hwrng_register(&wl->rng);
3368 if (err) {
3369 wl->rng_initialized = false;
3370 b43err(wl, "Failed to register the random "
3371 "number generator (%d)\n", err);
3373 #endif /* CONFIG_B43_HWRNG */
3375 return err;
3378 static void b43_tx_work(struct work_struct *work)
3380 struct b43_wl *wl = container_of(work, struct b43_wl, tx_work);
3381 struct b43_wldev *dev;
3382 struct sk_buff *skb;
3383 int queue_num;
3384 int err = 0;
3386 mutex_lock(&wl->mutex);
3387 dev = wl->current_dev;
3388 if (unlikely(!dev || b43_status(dev) < B43_STAT_STARTED)) {
3389 mutex_unlock(&wl->mutex);
3390 return;
3393 for (queue_num = 0; queue_num < B43_QOS_QUEUE_NUM; queue_num++) {
3394 while (skb_queue_len(&wl->tx_queue[queue_num])) {
3395 skb = skb_dequeue(&wl->tx_queue[queue_num]);
3396 if (b43_using_pio_transfers(dev))
3397 err = b43_pio_tx(dev, skb);
3398 else
3399 err = b43_dma_tx(dev, skb);
3400 if (err == -ENOSPC) {
3401 wl->tx_queue_stopped[queue_num] = 1;
3402 ieee80211_stop_queue(wl->hw, queue_num);
3403 skb_queue_head(&wl->tx_queue[queue_num], skb);
3404 break;
3406 if (unlikely(err))
3407 dev_kfree_skb(skb); /* Drop it */
3408 err = 0;
3411 if (!err)
3412 wl->tx_queue_stopped[queue_num] = 0;
3415 #if B43_DEBUG
3416 dev->tx_count++;
3417 #endif
3418 mutex_unlock(&wl->mutex);
3421 static void b43_op_tx(struct ieee80211_hw *hw,
3422 struct sk_buff *skb)
3424 struct b43_wl *wl = hw_to_b43_wl(hw);
3426 if (unlikely(skb->len < 2 + 2 + 6)) {
3427 /* Too short, this can't be a valid frame. */
3428 dev_kfree_skb_any(skb);
3429 return;
3431 B43_WARN_ON(skb_shinfo(skb)->nr_frags);
3433 skb_queue_tail(&wl->tx_queue[skb->queue_mapping], skb);
3434 if (!wl->tx_queue_stopped[skb->queue_mapping]) {
3435 ieee80211_queue_work(wl->hw, &wl->tx_work);
3436 } else {
3437 ieee80211_stop_queue(wl->hw, skb->queue_mapping);
3441 static void b43_qos_params_upload(struct b43_wldev *dev,
3442 const struct ieee80211_tx_queue_params *p,
3443 u16 shm_offset)
3445 u16 params[B43_NR_QOSPARAMS];
3446 int bslots, tmp;
3447 unsigned int i;
3449 if (!dev->qos_enabled)
3450 return;
3452 bslots = b43_read16(dev, B43_MMIO_RNG) & p->cw_min;
3454 memset(&params, 0, sizeof(params));
3456 params[B43_QOSPARAM_TXOP] = p->txop * 32;
3457 params[B43_QOSPARAM_CWMIN] = p->cw_min;
3458 params[B43_QOSPARAM_CWMAX] = p->cw_max;
3459 params[B43_QOSPARAM_CWCUR] = p->cw_min;
3460 params[B43_QOSPARAM_AIFS] = p->aifs;
3461 params[B43_QOSPARAM_BSLOTS] = bslots;
3462 params[B43_QOSPARAM_REGGAP] = bslots + p->aifs;
3464 for (i = 0; i < ARRAY_SIZE(params); i++) {
3465 if (i == B43_QOSPARAM_STATUS) {
3466 tmp = b43_shm_read16(dev, B43_SHM_SHARED,
3467 shm_offset + (i * 2));
3468 /* Mark the parameters as updated. */
3469 tmp |= 0x100;
3470 b43_shm_write16(dev, B43_SHM_SHARED,
3471 shm_offset + (i * 2),
3472 tmp);
3473 } else {
3474 b43_shm_write16(dev, B43_SHM_SHARED,
3475 shm_offset + (i * 2),
3476 params[i]);
3481 /* Mapping of mac80211 queue numbers to b43 QoS SHM offsets. */
3482 static const u16 b43_qos_shm_offsets[] = {
3483 /* [mac80211-queue-nr] = SHM_OFFSET, */
3484 [0] = B43_QOS_VOICE,
3485 [1] = B43_QOS_VIDEO,
3486 [2] = B43_QOS_BESTEFFORT,
3487 [3] = B43_QOS_BACKGROUND,
3490 /* Update all QOS parameters in hardware. */
3491 static void b43_qos_upload_all(struct b43_wldev *dev)
3493 struct b43_wl *wl = dev->wl;
3494 struct b43_qos_params *params;
3495 unsigned int i;
3497 if (!dev->qos_enabled)
3498 return;
3500 BUILD_BUG_ON(ARRAY_SIZE(b43_qos_shm_offsets) !=
3501 ARRAY_SIZE(wl->qos_params));
3503 b43_mac_suspend(dev);
3504 for (i = 0; i < ARRAY_SIZE(wl->qos_params); i++) {
3505 params = &(wl->qos_params[i]);
3506 b43_qos_params_upload(dev, &(params->p),
3507 b43_qos_shm_offsets[i]);
3509 b43_mac_enable(dev);
3512 static void b43_qos_clear(struct b43_wl *wl)
3514 struct b43_qos_params *params;
3515 unsigned int i;
3517 /* Initialize QoS parameters to sane defaults. */
3519 BUILD_BUG_ON(ARRAY_SIZE(b43_qos_shm_offsets) !=
3520 ARRAY_SIZE(wl->qos_params));
3522 for (i = 0; i < ARRAY_SIZE(wl->qos_params); i++) {
3523 params = &(wl->qos_params[i]);
3525 switch (b43_qos_shm_offsets[i]) {
3526 case B43_QOS_VOICE:
3527 params->p.txop = 0;
3528 params->p.aifs = 2;
3529 params->p.cw_min = 0x0001;
3530 params->p.cw_max = 0x0001;
3531 break;
3532 case B43_QOS_VIDEO:
3533 params->p.txop = 0;
3534 params->p.aifs = 2;
3535 params->p.cw_min = 0x0001;
3536 params->p.cw_max = 0x0001;
3537 break;
3538 case B43_QOS_BESTEFFORT:
3539 params->p.txop = 0;
3540 params->p.aifs = 3;
3541 params->p.cw_min = 0x0001;
3542 params->p.cw_max = 0x03FF;
3543 break;
3544 case B43_QOS_BACKGROUND:
3545 params->p.txop = 0;
3546 params->p.aifs = 7;
3547 params->p.cw_min = 0x0001;
3548 params->p.cw_max = 0x03FF;
3549 break;
3550 default:
3551 B43_WARN_ON(1);
3556 /* Initialize the core's QOS capabilities */
3557 static void b43_qos_init(struct b43_wldev *dev)
3559 if (!dev->qos_enabled) {
3560 /* Disable QOS support. */
3561 b43_hf_write(dev, b43_hf_read(dev) & ~B43_HF_EDCF);
3562 b43_write16(dev, B43_MMIO_IFSCTL,
3563 b43_read16(dev, B43_MMIO_IFSCTL)
3564 & ~B43_MMIO_IFSCTL_USE_EDCF);
3565 b43dbg(dev->wl, "QoS disabled\n");
3566 return;
3569 /* Upload the current QOS parameters. */
3570 b43_qos_upload_all(dev);
3572 /* Enable QOS support. */
3573 b43_hf_write(dev, b43_hf_read(dev) | B43_HF_EDCF);
3574 b43_write16(dev, B43_MMIO_IFSCTL,
3575 b43_read16(dev, B43_MMIO_IFSCTL)
3576 | B43_MMIO_IFSCTL_USE_EDCF);
3577 b43dbg(dev->wl, "QoS enabled\n");
3580 static int b43_op_conf_tx(struct ieee80211_hw *hw,
3581 struct ieee80211_vif *vif, u16 _queue,
3582 const struct ieee80211_tx_queue_params *params)
3584 struct b43_wl *wl = hw_to_b43_wl(hw);
3585 struct b43_wldev *dev;
3586 unsigned int queue = (unsigned int)_queue;
3587 int err = -ENODEV;
3589 if (queue >= ARRAY_SIZE(wl->qos_params)) {
3590 /* Queue not available or don't support setting
3591 * params on this queue. Return success to not
3592 * confuse mac80211. */
3593 return 0;
3595 BUILD_BUG_ON(ARRAY_SIZE(b43_qos_shm_offsets) !=
3596 ARRAY_SIZE(wl->qos_params));
3598 mutex_lock(&wl->mutex);
3599 dev = wl->current_dev;
3600 if (unlikely(!dev || (b43_status(dev) < B43_STAT_INITIALIZED)))
3601 goto out_unlock;
3603 memcpy(&(wl->qos_params[queue].p), params, sizeof(*params));
3604 b43_mac_suspend(dev);
3605 b43_qos_params_upload(dev, &(wl->qos_params[queue].p),
3606 b43_qos_shm_offsets[queue]);
3607 b43_mac_enable(dev);
3608 err = 0;
3610 out_unlock:
3611 mutex_unlock(&wl->mutex);
3613 return err;
3616 static int b43_op_get_stats(struct ieee80211_hw *hw,
3617 struct ieee80211_low_level_stats *stats)
3619 struct b43_wl *wl = hw_to_b43_wl(hw);
3621 mutex_lock(&wl->mutex);
3622 memcpy(stats, &wl->ieee_stats, sizeof(*stats));
3623 mutex_unlock(&wl->mutex);
3625 return 0;
3628 static u64 b43_op_get_tsf(struct ieee80211_hw *hw, struct ieee80211_vif *vif)
3630 struct b43_wl *wl = hw_to_b43_wl(hw);
3631 struct b43_wldev *dev;
3632 u64 tsf;
3634 mutex_lock(&wl->mutex);
3635 dev = wl->current_dev;
3637 if (dev && (b43_status(dev) >= B43_STAT_INITIALIZED))
3638 b43_tsf_read(dev, &tsf);
3639 else
3640 tsf = 0;
3642 mutex_unlock(&wl->mutex);
3644 return tsf;
3647 static void b43_op_set_tsf(struct ieee80211_hw *hw,
3648 struct ieee80211_vif *vif, u64 tsf)
3650 struct b43_wl *wl = hw_to_b43_wl(hw);
3651 struct b43_wldev *dev;
3653 mutex_lock(&wl->mutex);
3654 dev = wl->current_dev;
3656 if (dev && (b43_status(dev) >= B43_STAT_INITIALIZED))
3657 b43_tsf_write(dev, tsf);
3659 mutex_unlock(&wl->mutex);
3662 static void b43_put_phy_into_reset(struct b43_wldev *dev)
3664 u32 tmp;
3666 switch (dev->dev->bus_type) {
3667 #ifdef CONFIG_B43_BCMA
3668 case B43_BUS_BCMA:
3669 b43err(dev->wl,
3670 "Putting PHY into reset not supported on BCMA\n");
3671 break;
3672 #endif
3673 #ifdef CONFIG_B43_SSB
3674 case B43_BUS_SSB:
3675 tmp = ssb_read32(dev->dev->sdev, SSB_TMSLOW);
3676 tmp &= ~B43_TMSLOW_GMODE;
3677 tmp |= B43_TMSLOW_PHYRESET;
3678 tmp |= SSB_TMSLOW_FGC;
3679 ssb_write32(dev->dev->sdev, SSB_TMSLOW, tmp);
3680 msleep(1);
3682 tmp = ssb_read32(dev->dev->sdev, SSB_TMSLOW);
3683 tmp &= ~SSB_TMSLOW_FGC;
3684 tmp |= B43_TMSLOW_PHYRESET;
3685 ssb_write32(dev->dev->sdev, SSB_TMSLOW, tmp);
3686 msleep(1);
3688 break;
3689 #endif
3693 static const char *band_to_string(enum ieee80211_band band)
3695 switch (band) {
3696 case IEEE80211_BAND_5GHZ:
3697 return "5";
3698 case IEEE80211_BAND_2GHZ:
3699 return "2.4";
3700 default:
3701 break;
3703 B43_WARN_ON(1);
3704 return "";
3707 /* Expects wl->mutex locked */
3708 static int b43_switch_band(struct b43_wl *wl, struct ieee80211_channel *chan)
3710 struct b43_wldev *up_dev = NULL;
3711 struct b43_wldev *down_dev;
3712 struct b43_wldev *d;
3713 int err;
3714 bool uninitialized_var(gmode);
3715 int prev_status;
3717 /* Find a device and PHY which supports the band. */
3718 list_for_each_entry(d, &wl->devlist, list) {
3719 switch (chan->band) {
3720 case IEEE80211_BAND_5GHZ:
3721 if (d->phy.supports_5ghz) {
3722 up_dev = d;
3723 gmode = false;
3725 break;
3726 case IEEE80211_BAND_2GHZ:
3727 if (d->phy.supports_2ghz) {
3728 up_dev = d;
3729 gmode = true;
3731 break;
3732 default:
3733 B43_WARN_ON(1);
3734 return -EINVAL;
3736 if (up_dev)
3737 break;
3739 if (!up_dev) {
3740 b43err(wl, "Could not find a device for %s-GHz band operation\n",
3741 band_to_string(chan->band));
3742 return -ENODEV;
3744 if ((up_dev == wl->current_dev) &&
3745 (!!wl->current_dev->phy.gmode == !!gmode)) {
3746 /* This device is already running. */
3747 return 0;
3749 b43dbg(wl, "Switching to %s-GHz band\n",
3750 band_to_string(chan->band));
3751 down_dev = wl->current_dev;
3753 prev_status = b43_status(down_dev);
3754 /* Shutdown the currently running core. */
3755 if (prev_status >= B43_STAT_STARTED)
3756 down_dev = b43_wireless_core_stop(down_dev);
3757 if (prev_status >= B43_STAT_INITIALIZED)
3758 b43_wireless_core_exit(down_dev);
3760 if (down_dev != up_dev) {
3761 /* We switch to a different core, so we put PHY into
3762 * RESET on the old core. */
3763 b43_put_phy_into_reset(down_dev);
3766 /* Now start the new core. */
3767 up_dev->phy.gmode = gmode;
3768 if (prev_status >= B43_STAT_INITIALIZED) {
3769 err = b43_wireless_core_init(up_dev);
3770 if (err) {
3771 b43err(wl, "Fatal: Could not initialize device for "
3772 "selected %s-GHz band\n",
3773 band_to_string(chan->band));
3774 goto init_failure;
3777 if (prev_status >= B43_STAT_STARTED) {
3778 err = b43_wireless_core_start(up_dev);
3779 if (err) {
3780 b43err(wl, "Fatal: Coult not start device for "
3781 "selected %s-GHz band\n",
3782 band_to_string(chan->band));
3783 b43_wireless_core_exit(up_dev);
3784 goto init_failure;
3787 B43_WARN_ON(b43_status(up_dev) != prev_status);
3789 wl->current_dev = up_dev;
3791 return 0;
3792 init_failure:
3793 /* Whoops, failed to init the new core. No core is operating now. */
3794 wl->current_dev = NULL;
3795 return err;
3798 /* Write the short and long frame retry limit values. */
3799 static void b43_set_retry_limits(struct b43_wldev *dev,
3800 unsigned int short_retry,
3801 unsigned int long_retry)
3803 /* The retry limit is a 4-bit counter. Enforce this to avoid overflowing
3804 * the chip-internal counter. */
3805 short_retry = min(short_retry, (unsigned int)0xF);
3806 long_retry = min(long_retry, (unsigned int)0xF);
3808 b43_shm_write16(dev, B43_SHM_SCRATCH, B43_SHM_SC_SRLIMIT,
3809 short_retry);
3810 b43_shm_write16(dev, B43_SHM_SCRATCH, B43_SHM_SC_LRLIMIT,
3811 long_retry);
3814 static int b43_op_config(struct ieee80211_hw *hw, u32 changed)
3816 struct b43_wl *wl = hw_to_b43_wl(hw);
3817 struct b43_wldev *dev;
3818 struct b43_phy *phy;
3819 struct ieee80211_conf *conf = &hw->conf;
3820 int antenna;
3821 int err = 0;
3822 bool reload_bss = false;
3824 mutex_lock(&wl->mutex);
3826 dev = wl->current_dev;
3828 /* Switch the band (if necessary). This might change the active core. */
3829 err = b43_switch_band(wl, conf->channel);
3830 if (err)
3831 goto out_unlock_mutex;
3833 /* Need to reload all settings if the core changed */
3834 if (dev != wl->current_dev) {
3835 dev = wl->current_dev;
3836 changed = ~0;
3837 reload_bss = true;
3840 phy = &dev->phy;
3842 if (conf_is_ht(conf))
3843 phy->is_40mhz =
3844 (conf_is_ht40_minus(conf) || conf_is_ht40_plus(conf));
3845 else
3846 phy->is_40mhz = false;
3848 b43_mac_suspend(dev);
3850 if (changed & IEEE80211_CONF_CHANGE_RETRY_LIMITS)
3851 b43_set_retry_limits(dev, conf->short_frame_max_tx_count,
3852 conf->long_frame_max_tx_count);
3853 changed &= ~IEEE80211_CONF_CHANGE_RETRY_LIMITS;
3854 if (!changed)
3855 goto out_mac_enable;
3857 /* Switch to the requested channel.
3858 * The firmware takes care of races with the TX handler. */
3859 if (conf->channel->hw_value != phy->channel)
3860 b43_switch_channel(dev, conf->channel->hw_value);
3862 dev->wl->radiotap_enabled = !!(conf->flags & IEEE80211_CONF_MONITOR);
3864 /* Adjust the desired TX power level. */
3865 if (conf->power_level != 0) {
3866 if (conf->power_level != phy->desired_txpower) {
3867 phy->desired_txpower = conf->power_level;
3868 b43_phy_txpower_check(dev, B43_TXPWR_IGNORE_TIME |
3869 B43_TXPWR_IGNORE_TSSI);
3873 /* Antennas for RX and management frame TX. */
3874 antenna = B43_ANTENNA_DEFAULT;
3875 b43_mgmtframe_txantenna(dev, antenna);
3876 antenna = B43_ANTENNA_DEFAULT;
3877 if (phy->ops->set_rx_antenna)
3878 phy->ops->set_rx_antenna(dev, antenna);
3880 if (wl->radio_enabled != phy->radio_on) {
3881 if (wl->radio_enabled) {
3882 b43_software_rfkill(dev, false);
3883 b43info(dev->wl, "Radio turned on by software\n");
3884 if (!dev->radio_hw_enable) {
3885 b43info(dev->wl, "The hardware RF-kill button "
3886 "still turns the radio physically off. "
3887 "Press the button to turn it on.\n");
3889 } else {
3890 b43_software_rfkill(dev, true);
3891 b43info(dev->wl, "Radio turned off by software\n");
3895 out_mac_enable:
3896 b43_mac_enable(dev);
3897 out_unlock_mutex:
3898 mutex_unlock(&wl->mutex);
3900 if (wl->vif && reload_bss)
3901 b43_op_bss_info_changed(hw, wl->vif, &wl->vif->bss_conf, ~0);
3903 return err;
3906 static void b43_update_basic_rates(struct b43_wldev *dev, u32 brates)
3908 struct ieee80211_supported_band *sband =
3909 dev->wl->hw->wiphy->bands[b43_current_band(dev->wl)];
3910 struct ieee80211_rate *rate;
3911 int i;
3912 u16 basic, direct, offset, basic_offset, rateptr;
3914 for (i = 0; i < sband->n_bitrates; i++) {
3915 rate = &sband->bitrates[i];
3917 if (b43_is_cck_rate(rate->hw_value)) {
3918 direct = B43_SHM_SH_CCKDIRECT;
3919 basic = B43_SHM_SH_CCKBASIC;
3920 offset = b43_plcp_get_ratecode_cck(rate->hw_value);
3921 offset &= 0xF;
3922 } else {
3923 direct = B43_SHM_SH_OFDMDIRECT;
3924 basic = B43_SHM_SH_OFDMBASIC;
3925 offset = b43_plcp_get_ratecode_ofdm(rate->hw_value);
3926 offset &= 0xF;
3929 rate = ieee80211_get_response_rate(sband, brates, rate->bitrate);
3931 if (b43_is_cck_rate(rate->hw_value)) {
3932 basic_offset = b43_plcp_get_ratecode_cck(rate->hw_value);
3933 basic_offset &= 0xF;
3934 } else {
3935 basic_offset = b43_plcp_get_ratecode_ofdm(rate->hw_value);
3936 basic_offset &= 0xF;
3940 * Get the pointer that we need to point to
3941 * from the direct map
3943 rateptr = b43_shm_read16(dev, B43_SHM_SHARED,
3944 direct + 2 * basic_offset);
3945 /* and write it to the basic map */
3946 b43_shm_write16(dev, B43_SHM_SHARED, basic + 2 * offset,
3947 rateptr);
3951 static void b43_op_bss_info_changed(struct ieee80211_hw *hw,
3952 struct ieee80211_vif *vif,
3953 struct ieee80211_bss_conf *conf,
3954 u32 changed)
3956 struct b43_wl *wl = hw_to_b43_wl(hw);
3957 struct b43_wldev *dev;
3959 mutex_lock(&wl->mutex);
3961 dev = wl->current_dev;
3962 if (!dev || b43_status(dev) < B43_STAT_STARTED)
3963 goto out_unlock_mutex;
3965 B43_WARN_ON(wl->vif != vif);
3967 if (changed & BSS_CHANGED_BSSID) {
3968 if (conf->bssid)
3969 memcpy(wl->bssid, conf->bssid, ETH_ALEN);
3970 else
3971 memset(wl->bssid, 0, ETH_ALEN);
3974 if (b43_status(dev) >= B43_STAT_INITIALIZED) {
3975 if (changed & BSS_CHANGED_BEACON &&
3976 (b43_is_mode(wl, NL80211_IFTYPE_AP) ||
3977 b43_is_mode(wl, NL80211_IFTYPE_MESH_POINT) ||
3978 b43_is_mode(wl, NL80211_IFTYPE_ADHOC)))
3979 b43_update_templates(wl);
3981 if (changed & BSS_CHANGED_BSSID)
3982 b43_write_mac_bssid_templates(dev);
3985 b43_mac_suspend(dev);
3987 /* Update templates for AP/mesh mode. */
3988 if (changed & BSS_CHANGED_BEACON_INT &&
3989 (b43_is_mode(wl, NL80211_IFTYPE_AP) ||
3990 b43_is_mode(wl, NL80211_IFTYPE_MESH_POINT) ||
3991 b43_is_mode(wl, NL80211_IFTYPE_ADHOC)) &&
3992 conf->beacon_int)
3993 b43_set_beacon_int(dev, conf->beacon_int);
3995 if (changed & BSS_CHANGED_BASIC_RATES)
3996 b43_update_basic_rates(dev, conf->basic_rates);
3998 if (changed & BSS_CHANGED_ERP_SLOT) {
3999 if (conf->use_short_slot)
4000 b43_short_slot_timing_enable(dev);
4001 else
4002 b43_short_slot_timing_disable(dev);
4005 b43_mac_enable(dev);
4006 out_unlock_mutex:
4007 mutex_unlock(&wl->mutex);
4010 static int b43_op_set_key(struct ieee80211_hw *hw, enum set_key_cmd cmd,
4011 struct ieee80211_vif *vif, struct ieee80211_sta *sta,
4012 struct ieee80211_key_conf *key)
4014 struct b43_wl *wl = hw_to_b43_wl(hw);
4015 struct b43_wldev *dev;
4016 u8 algorithm;
4017 u8 index;
4018 int err;
4019 static const u8 bcast_addr[ETH_ALEN] = { 0xff, 0xff, 0xff, 0xff, 0xff, 0xff };
4021 if (modparam_nohwcrypt)
4022 return -ENOSPC; /* User disabled HW-crypto */
4024 mutex_lock(&wl->mutex);
4026 dev = wl->current_dev;
4027 err = -ENODEV;
4028 if (!dev || b43_status(dev) < B43_STAT_INITIALIZED)
4029 goto out_unlock;
4031 if (dev->fw.pcm_request_failed || !dev->hwcrypto_enabled) {
4032 /* We don't have firmware for the crypto engine.
4033 * Must use software-crypto. */
4034 err = -EOPNOTSUPP;
4035 goto out_unlock;
4038 err = -EINVAL;
4039 switch (key->cipher) {
4040 case WLAN_CIPHER_SUITE_WEP40:
4041 algorithm = B43_SEC_ALGO_WEP40;
4042 break;
4043 case WLAN_CIPHER_SUITE_WEP104:
4044 algorithm = B43_SEC_ALGO_WEP104;
4045 break;
4046 case WLAN_CIPHER_SUITE_TKIP:
4047 algorithm = B43_SEC_ALGO_TKIP;
4048 break;
4049 case WLAN_CIPHER_SUITE_CCMP:
4050 algorithm = B43_SEC_ALGO_AES;
4051 break;
4052 default:
4053 B43_WARN_ON(1);
4054 goto out_unlock;
4056 index = (u8) (key->keyidx);
4057 if (index > 3)
4058 goto out_unlock;
4060 switch (cmd) {
4061 case SET_KEY:
4062 if (algorithm == B43_SEC_ALGO_TKIP &&
4063 (!(key->flags & IEEE80211_KEY_FLAG_PAIRWISE) ||
4064 !modparam_hwtkip)) {
4065 /* We support only pairwise key */
4066 err = -EOPNOTSUPP;
4067 goto out_unlock;
4070 if (key->flags & IEEE80211_KEY_FLAG_PAIRWISE) {
4071 if (WARN_ON(!sta)) {
4072 err = -EOPNOTSUPP;
4073 goto out_unlock;
4075 /* Pairwise key with an assigned MAC address. */
4076 err = b43_key_write(dev, -1, algorithm,
4077 key->key, key->keylen,
4078 sta->addr, key);
4079 } else {
4080 /* Group key */
4081 err = b43_key_write(dev, index, algorithm,
4082 key->key, key->keylen, NULL, key);
4084 if (err)
4085 goto out_unlock;
4087 if (algorithm == B43_SEC_ALGO_WEP40 ||
4088 algorithm == B43_SEC_ALGO_WEP104) {
4089 b43_hf_write(dev, b43_hf_read(dev) | B43_HF_USEDEFKEYS);
4090 } else {
4091 b43_hf_write(dev,
4092 b43_hf_read(dev) & ~B43_HF_USEDEFKEYS);
4094 key->flags |= IEEE80211_KEY_FLAG_GENERATE_IV;
4095 if (algorithm == B43_SEC_ALGO_TKIP)
4096 key->flags |= IEEE80211_KEY_FLAG_GENERATE_MMIC;
4097 break;
4098 case DISABLE_KEY: {
4099 err = b43_key_clear(dev, key->hw_key_idx);
4100 if (err)
4101 goto out_unlock;
4102 break;
4104 default:
4105 B43_WARN_ON(1);
4108 out_unlock:
4109 if (!err) {
4110 b43dbg(wl, "%s hardware based encryption for keyidx: %d, "
4111 "mac: %pM\n",
4112 cmd == SET_KEY ? "Using" : "Disabling", key->keyidx,
4113 sta ? sta->addr : bcast_addr);
4114 b43_dump_keymemory(dev);
4116 mutex_unlock(&wl->mutex);
4118 return err;
4121 static void b43_op_configure_filter(struct ieee80211_hw *hw,
4122 unsigned int changed, unsigned int *fflags,
4123 u64 multicast)
4125 struct b43_wl *wl = hw_to_b43_wl(hw);
4126 struct b43_wldev *dev;
4128 mutex_lock(&wl->mutex);
4129 dev = wl->current_dev;
4130 if (!dev) {
4131 *fflags = 0;
4132 goto out_unlock;
4135 *fflags &= FIF_PROMISC_IN_BSS |
4136 FIF_ALLMULTI |
4137 FIF_FCSFAIL |
4138 FIF_PLCPFAIL |
4139 FIF_CONTROL |
4140 FIF_OTHER_BSS |
4141 FIF_BCN_PRBRESP_PROMISC;
4143 changed &= FIF_PROMISC_IN_BSS |
4144 FIF_ALLMULTI |
4145 FIF_FCSFAIL |
4146 FIF_PLCPFAIL |
4147 FIF_CONTROL |
4148 FIF_OTHER_BSS |
4149 FIF_BCN_PRBRESP_PROMISC;
4151 wl->filter_flags = *fflags;
4153 if (changed && b43_status(dev) >= B43_STAT_INITIALIZED)
4154 b43_adjust_opmode(dev);
4156 out_unlock:
4157 mutex_unlock(&wl->mutex);
4160 /* Locking: wl->mutex
4161 * Returns the current dev. This might be different from the passed in dev,
4162 * because the core might be gone away while we unlocked the mutex. */
4163 static struct b43_wldev * b43_wireless_core_stop(struct b43_wldev *dev)
4165 struct b43_wl *wl;
4166 struct b43_wldev *orig_dev;
4167 u32 mask;
4168 int queue_num;
4170 if (!dev)
4171 return NULL;
4172 wl = dev->wl;
4173 redo:
4174 if (!dev || b43_status(dev) < B43_STAT_STARTED)
4175 return dev;
4177 /* Cancel work. Unlock to avoid deadlocks. */
4178 mutex_unlock(&wl->mutex);
4179 cancel_delayed_work_sync(&dev->periodic_work);
4180 cancel_work_sync(&wl->tx_work);
4181 mutex_lock(&wl->mutex);
4182 dev = wl->current_dev;
4183 if (!dev || b43_status(dev) < B43_STAT_STARTED) {
4184 /* Whoops, aliens ate up the device while we were unlocked. */
4185 return dev;
4188 /* Disable interrupts on the device. */
4189 b43_set_status(dev, B43_STAT_INITIALIZED);
4190 if (b43_bus_host_is_sdio(dev->dev)) {
4191 /* wl->mutex is locked. That is enough. */
4192 b43_write32(dev, B43_MMIO_GEN_IRQ_MASK, 0);
4193 b43_read32(dev, B43_MMIO_GEN_IRQ_MASK); /* Flush */
4194 } else {
4195 spin_lock_irq(&wl->hardirq_lock);
4196 b43_write32(dev, B43_MMIO_GEN_IRQ_MASK, 0);
4197 b43_read32(dev, B43_MMIO_GEN_IRQ_MASK); /* Flush */
4198 spin_unlock_irq(&wl->hardirq_lock);
4200 /* Synchronize and free the interrupt handlers. Unlock to avoid deadlocks. */
4201 orig_dev = dev;
4202 mutex_unlock(&wl->mutex);
4203 if (b43_bus_host_is_sdio(dev->dev)) {
4204 b43_sdio_free_irq(dev);
4205 } else {
4206 synchronize_irq(dev->dev->irq);
4207 free_irq(dev->dev->irq, dev);
4209 mutex_lock(&wl->mutex);
4210 dev = wl->current_dev;
4211 if (!dev)
4212 return dev;
4213 if (dev != orig_dev) {
4214 if (b43_status(dev) >= B43_STAT_STARTED)
4215 goto redo;
4216 return dev;
4218 mask = b43_read32(dev, B43_MMIO_GEN_IRQ_MASK);
4219 B43_WARN_ON(mask != 0xFFFFFFFF && mask);
4221 /* Drain all TX queues. */
4222 for (queue_num = 0; queue_num < B43_QOS_QUEUE_NUM; queue_num++) {
4223 while (skb_queue_len(&wl->tx_queue[queue_num]))
4224 dev_kfree_skb(skb_dequeue(&wl->tx_queue[queue_num]));
4227 b43_mac_suspend(dev);
4228 b43_leds_exit(dev);
4229 b43dbg(wl, "Wireless interface stopped\n");
4231 return dev;
4234 /* Locking: wl->mutex */
4235 static int b43_wireless_core_start(struct b43_wldev *dev)
4237 int err;
4239 B43_WARN_ON(b43_status(dev) != B43_STAT_INITIALIZED);
4241 drain_txstatus_queue(dev);
4242 if (b43_bus_host_is_sdio(dev->dev)) {
4243 err = b43_sdio_request_irq(dev, b43_sdio_interrupt_handler);
4244 if (err) {
4245 b43err(dev->wl, "Cannot request SDIO IRQ\n");
4246 goto out;
4248 } else {
4249 err = request_threaded_irq(dev->dev->irq, b43_interrupt_handler,
4250 b43_interrupt_thread_handler,
4251 IRQF_SHARED, KBUILD_MODNAME, dev);
4252 if (err) {
4253 b43err(dev->wl, "Cannot request IRQ-%d\n",
4254 dev->dev->irq);
4255 goto out;
4259 /* We are ready to run. */
4260 ieee80211_wake_queues(dev->wl->hw);
4261 b43_set_status(dev, B43_STAT_STARTED);
4263 /* Start data flow (TX/RX). */
4264 b43_mac_enable(dev);
4265 b43_write32(dev, B43_MMIO_GEN_IRQ_MASK, dev->irq_mask);
4267 /* Start maintenance work */
4268 b43_periodic_tasks_setup(dev);
4270 b43_leds_init(dev);
4272 b43dbg(dev->wl, "Wireless interface started\n");
4273 out:
4274 return err;
4277 /* Get PHY and RADIO versioning numbers */
4278 static int b43_phy_versioning(struct b43_wldev *dev)
4280 struct b43_phy *phy = &dev->phy;
4281 u32 tmp;
4282 u8 analog_type;
4283 u8 phy_type;
4284 u8 phy_rev;
4285 u16 radio_manuf;
4286 u16 radio_ver;
4287 u16 radio_rev;
4288 int unsupported = 0;
4290 /* Get PHY versioning */
4291 tmp = b43_read16(dev, B43_MMIO_PHY_VER);
4292 analog_type = (tmp & B43_PHYVER_ANALOG) >> B43_PHYVER_ANALOG_SHIFT;
4293 phy_type = (tmp & B43_PHYVER_TYPE) >> B43_PHYVER_TYPE_SHIFT;
4294 phy_rev = (tmp & B43_PHYVER_VERSION);
4295 switch (phy_type) {
4296 case B43_PHYTYPE_A:
4297 if (phy_rev >= 4)
4298 unsupported = 1;
4299 break;
4300 case B43_PHYTYPE_B:
4301 if (phy_rev != 2 && phy_rev != 4 && phy_rev != 6
4302 && phy_rev != 7)
4303 unsupported = 1;
4304 break;
4305 case B43_PHYTYPE_G:
4306 if (phy_rev > 9)
4307 unsupported = 1;
4308 break;
4309 #ifdef CONFIG_B43_PHY_N
4310 case B43_PHYTYPE_N:
4311 if (phy_rev > 9)
4312 unsupported = 1;
4313 break;
4314 #endif
4315 #ifdef CONFIG_B43_PHY_LP
4316 case B43_PHYTYPE_LP:
4317 if (phy_rev > 2)
4318 unsupported = 1;
4319 break;
4320 #endif
4321 #ifdef CONFIG_B43_PHY_HT
4322 case B43_PHYTYPE_HT:
4323 if (phy_rev > 1)
4324 unsupported = 1;
4325 break;
4326 #endif
4327 #ifdef CONFIG_B43_PHY_LCN
4328 case B43_PHYTYPE_LCN:
4329 if (phy_rev > 1)
4330 unsupported = 1;
4331 break;
4332 #endif
4333 default:
4334 unsupported = 1;
4336 if (unsupported) {
4337 b43err(dev->wl, "FOUND UNSUPPORTED PHY "
4338 "(Analog %u, Type %u, Revision %u)\n",
4339 analog_type, phy_type, phy_rev);
4340 return -EOPNOTSUPP;
4342 b43dbg(dev->wl, "Found PHY: Analog %u, Type %u, Revision %u\n",
4343 analog_type, phy_type, phy_rev);
4345 /* Get RADIO versioning */
4346 if (dev->dev->core_rev >= 24) {
4347 u16 radio24[3];
4349 for (tmp = 0; tmp < 3; tmp++) {
4350 b43_write16(dev, B43_MMIO_RADIO24_CONTROL, tmp);
4351 radio24[tmp] = b43_read16(dev, B43_MMIO_RADIO24_DATA);
4354 /* Broadcom uses "id" for our "ver" and has separated "ver" */
4355 /* radio_ver = (radio24[0] & 0xF0) >> 4; */
4357 radio_manuf = 0x17F;
4358 radio_ver = (radio24[2] << 8) | radio24[1];
4359 radio_rev = (radio24[0] & 0xF);
4360 } else {
4361 if (dev->dev->chip_id == 0x4317) {
4362 if (dev->dev->chip_rev == 0)
4363 tmp = 0x3205017F;
4364 else if (dev->dev->chip_rev == 1)
4365 tmp = 0x4205017F;
4366 else
4367 tmp = 0x5205017F;
4368 } else {
4369 b43_write16(dev, B43_MMIO_RADIO_CONTROL,
4370 B43_RADIOCTL_ID);
4371 tmp = b43_read16(dev, B43_MMIO_RADIO_DATA_LOW);
4372 b43_write16(dev, B43_MMIO_RADIO_CONTROL,
4373 B43_RADIOCTL_ID);
4374 tmp |= (u32)b43_read16(dev, B43_MMIO_RADIO_DATA_HIGH)
4375 << 16;
4377 radio_manuf = (tmp & 0x00000FFF);
4378 radio_ver = (tmp & 0x0FFFF000) >> 12;
4379 radio_rev = (tmp & 0xF0000000) >> 28;
4382 if (radio_manuf != 0x17F /* Broadcom */)
4383 unsupported = 1;
4384 switch (phy_type) {
4385 case B43_PHYTYPE_A:
4386 if (radio_ver != 0x2060)
4387 unsupported = 1;
4388 if (radio_rev != 1)
4389 unsupported = 1;
4390 if (radio_manuf != 0x17F)
4391 unsupported = 1;
4392 break;
4393 case B43_PHYTYPE_B:
4394 if ((radio_ver & 0xFFF0) != 0x2050)
4395 unsupported = 1;
4396 break;
4397 case B43_PHYTYPE_G:
4398 if (radio_ver != 0x2050)
4399 unsupported = 1;
4400 break;
4401 case B43_PHYTYPE_N:
4402 if (radio_ver != 0x2055 && radio_ver != 0x2056)
4403 unsupported = 1;
4404 break;
4405 case B43_PHYTYPE_LP:
4406 if (radio_ver != 0x2062 && radio_ver != 0x2063)
4407 unsupported = 1;
4408 break;
4409 case B43_PHYTYPE_HT:
4410 if (radio_ver != 0x2059)
4411 unsupported = 1;
4412 break;
4413 case B43_PHYTYPE_LCN:
4414 if (radio_ver != 0x2064)
4415 unsupported = 1;
4416 break;
4417 default:
4418 B43_WARN_ON(1);
4420 if (unsupported) {
4421 b43err(dev->wl, "FOUND UNSUPPORTED RADIO "
4422 "(Manuf 0x%X, Version 0x%X, Revision %u)\n",
4423 radio_manuf, radio_ver, radio_rev);
4424 return -EOPNOTSUPP;
4426 b43dbg(dev->wl, "Found Radio: Manuf 0x%X, Version 0x%X, Revision %u\n",
4427 radio_manuf, radio_ver, radio_rev);
4429 phy->radio_manuf = radio_manuf;
4430 phy->radio_ver = radio_ver;
4431 phy->radio_rev = radio_rev;
4433 phy->analog = analog_type;
4434 phy->type = phy_type;
4435 phy->rev = phy_rev;
4437 return 0;
4440 static void setup_struct_phy_for_init(struct b43_wldev *dev,
4441 struct b43_phy *phy)
4443 phy->hardware_power_control = !!modparam_hwpctl;
4444 phy->next_txpwr_check_time = jiffies;
4445 /* PHY TX errors counter. */
4446 atomic_set(&phy->txerr_cnt, B43_PHY_TX_BADNESS_LIMIT);
4448 #if B43_DEBUG
4449 phy->phy_locked = false;
4450 phy->radio_locked = false;
4451 #endif
4454 static void setup_struct_wldev_for_init(struct b43_wldev *dev)
4456 dev->dfq_valid = false;
4458 /* Assume the radio is enabled. If it's not enabled, the state will
4459 * immediately get fixed on the first periodic work run. */
4460 dev->radio_hw_enable = true;
4462 /* Stats */
4463 memset(&dev->stats, 0, sizeof(dev->stats));
4465 setup_struct_phy_for_init(dev, &dev->phy);
4467 /* IRQ related flags */
4468 dev->irq_reason = 0;
4469 memset(dev->dma_reason, 0, sizeof(dev->dma_reason));
4470 dev->irq_mask = B43_IRQ_MASKTEMPLATE;
4471 if (b43_modparam_verbose < B43_VERBOSITY_DEBUG)
4472 dev->irq_mask &= ~B43_IRQ_PHY_TXERR;
4474 dev->mac_suspended = 1;
4476 /* Noise calculation context */
4477 memset(&dev->noisecalc, 0, sizeof(dev->noisecalc));
4480 static void b43_bluetooth_coext_enable(struct b43_wldev *dev)
4482 struct ssb_sprom *sprom = dev->dev->bus_sprom;
4483 u64 hf;
4485 if (!modparam_btcoex)
4486 return;
4487 if (!(sprom->boardflags_lo & B43_BFL_BTCOEXIST))
4488 return;
4489 if (dev->phy.type != B43_PHYTYPE_B && !dev->phy.gmode)
4490 return;
4492 hf = b43_hf_read(dev);
4493 if (sprom->boardflags_lo & B43_BFL_BTCMOD)
4494 hf |= B43_HF_BTCOEXALT;
4495 else
4496 hf |= B43_HF_BTCOEX;
4497 b43_hf_write(dev, hf);
4500 static void b43_bluetooth_coext_disable(struct b43_wldev *dev)
4502 if (!modparam_btcoex)
4503 return;
4504 //TODO
4507 static void b43_imcfglo_timeouts_workaround(struct b43_wldev *dev)
4509 struct ssb_bus *bus;
4510 u32 tmp;
4512 if (dev->dev->bus_type != B43_BUS_SSB)
4513 return;
4515 bus = dev->dev->sdev->bus;
4517 if ((bus->chip_id == 0x4311 && bus->chip_rev == 2) ||
4518 (bus->chip_id == 0x4312)) {
4519 tmp = ssb_read32(dev->dev->sdev, SSB_IMCFGLO);
4520 tmp &= ~SSB_IMCFGLO_REQTO;
4521 tmp &= ~SSB_IMCFGLO_SERTO;
4522 tmp |= 0x3;
4523 ssb_write32(dev->dev->sdev, SSB_IMCFGLO, tmp);
4524 ssb_commit_settings(bus);
4528 static void b43_set_synth_pu_delay(struct b43_wldev *dev, bool idle)
4530 u16 pu_delay;
4532 /* The time value is in microseconds. */
4533 if (dev->phy.type == B43_PHYTYPE_A)
4534 pu_delay = 3700;
4535 else
4536 pu_delay = 1050;
4537 if (b43_is_mode(dev->wl, NL80211_IFTYPE_ADHOC) || idle)
4538 pu_delay = 500;
4539 if ((dev->phy.radio_ver == 0x2050) && (dev->phy.radio_rev == 8))
4540 pu_delay = max(pu_delay, (u16)2400);
4542 b43_shm_write16(dev, B43_SHM_SHARED, B43_SHM_SH_SPUWKUP, pu_delay);
4545 /* Set the TSF CFP pre-TargetBeaconTransmissionTime. */
4546 static void b43_set_pretbtt(struct b43_wldev *dev)
4548 u16 pretbtt;
4550 /* The time value is in microseconds. */
4551 if (b43_is_mode(dev->wl, NL80211_IFTYPE_ADHOC)) {
4552 pretbtt = 2;
4553 } else {
4554 if (dev->phy.type == B43_PHYTYPE_A)
4555 pretbtt = 120;
4556 else
4557 pretbtt = 250;
4559 b43_shm_write16(dev, B43_SHM_SHARED, B43_SHM_SH_PRETBTT, pretbtt);
4560 b43_write16(dev, B43_MMIO_TSF_CFP_PRETBTT, pretbtt);
4563 /* Shutdown a wireless core */
4564 /* Locking: wl->mutex */
4565 static void b43_wireless_core_exit(struct b43_wldev *dev)
4567 u32 macctl;
4569 B43_WARN_ON(dev && b43_status(dev) > B43_STAT_INITIALIZED);
4570 if (!dev || b43_status(dev) != B43_STAT_INITIALIZED)
4571 return;
4573 /* Unregister HW RNG driver */
4574 b43_rng_exit(dev->wl);
4576 b43_set_status(dev, B43_STAT_UNINIT);
4578 /* Stop the microcode PSM. */
4579 macctl = b43_read32(dev, B43_MMIO_MACCTL);
4580 macctl &= ~B43_MACCTL_PSM_RUN;
4581 macctl |= B43_MACCTL_PSM_JMP0;
4582 b43_write32(dev, B43_MMIO_MACCTL, macctl);
4584 b43_dma_free(dev);
4585 b43_pio_free(dev);
4586 b43_chip_exit(dev);
4587 dev->phy.ops->switch_analog(dev, 0);
4588 if (dev->wl->current_beacon) {
4589 dev_kfree_skb_any(dev->wl->current_beacon);
4590 dev->wl->current_beacon = NULL;
4593 b43_device_disable(dev, 0);
4594 b43_bus_may_powerdown(dev);
4597 /* Initialize a wireless core */
4598 static int b43_wireless_core_init(struct b43_wldev *dev)
4600 struct ssb_sprom *sprom = dev->dev->bus_sprom;
4601 struct b43_phy *phy = &dev->phy;
4602 int err;
4603 u64 hf;
4605 B43_WARN_ON(b43_status(dev) != B43_STAT_UNINIT);
4607 err = b43_bus_powerup(dev, 0);
4608 if (err)
4609 goto out;
4610 if (!b43_device_is_enabled(dev))
4611 b43_wireless_core_reset(dev, phy->gmode);
4613 /* Reset all data structures. */
4614 setup_struct_wldev_for_init(dev);
4615 phy->ops->prepare_structs(dev);
4617 /* Enable IRQ routing to this device. */
4618 switch (dev->dev->bus_type) {
4619 #ifdef CONFIG_B43_BCMA
4620 case B43_BUS_BCMA:
4621 bcma_core_pci_irq_ctl(&dev->dev->bdev->bus->drv_pci,
4622 dev->dev->bdev, true);
4623 break;
4624 #endif
4625 #ifdef CONFIG_B43_SSB
4626 case B43_BUS_SSB:
4627 ssb_pcicore_dev_irqvecs_enable(&dev->dev->sdev->bus->pcicore,
4628 dev->dev->sdev);
4629 break;
4630 #endif
4633 b43_imcfglo_timeouts_workaround(dev);
4634 b43_bluetooth_coext_disable(dev);
4635 if (phy->ops->prepare_hardware) {
4636 err = phy->ops->prepare_hardware(dev);
4637 if (err)
4638 goto err_busdown;
4640 err = b43_chip_init(dev);
4641 if (err)
4642 goto err_busdown;
4643 b43_shm_write16(dev, B43_SHM_SHARED,
4644 B43_SHM_SH_WLCOREREV, dev->dev->core_rev);
4645 hf = b43_hf_read(dev);
4646 if (phy->type == B43_PHYTYPE_G) {
4647 hf |= B43_HF_SYMW;
4648 if (phy->rev == 1)
4649 hf |= B43_HF_GDCW;
4650 if (sprom->boardflags_lo & B43_BFL_PACTRL)
4651 hf |= B43_HF_OFDMPABOOST;
4653 if (phy->radio_ver == 0x2050) {
4654 if (phy->radio_rev == 6)
4655 hf |= B43_HF_4318TSSI;
4656 if (phy->radio_rev < 6)
4657 hf |= B43_HF_VCORECALC;
4659 if (sprom->boardflags_lo & B43_BFL_XTAL_NOSLOW)
4660 hf |= B43_HF_DSCRQ; /* Disable slowclock requests from ucode. */
4661 #ifdef CONFIG_SSB_DRIVER_PCICORE
4662 if (dev->dev->bus_type == B43_BUS_SSB &&
4663 dev->dev->sdev->bus->bustype == SSB_BUSTYPE_PCI &&
4664 dev->dev->sdev->bus->pcicore.dev->id.revision <= 10)
4665 hf |= B43_HF_PCISCW; /* PCI slow clock workaround. */
4666 #endif
4667 hf &= ~B43_HF_SKCFPUP;
4668 b43_hf_write(dev, hf);
4670 b43_set_retry_limits(dev, B43_DEFAULT_SHORT_RETRY_LIMIT,
4671 B43_DEFAULT_LONG_RETRY_LIMIT);
4672 b43_shm_write16(dev, B43_SHM_SHARED, B43_SHM_SH_SFFBLIM, 3);
4673 b43_shm_write16(dev, B43_SHM_SHARED, B43_SHM_SH_LFFBLIM, 2);
4675 /* Disable sending probe responses from firmware.
4676 * Setting the MaxTime to one usec will always trigger
4677 * a timeout, so we never send any probe resp.
4678 * A timeout of zero is infinite. */
4679 b43_shm_write16(dev, B43_SHM_SHARED, B43_SHM_SH_PRMAXTIME, 1);
4681 b43_rate_memory_init(dev);
4682 b43_set_phytxctl_defaults(dev);
4684 /* Minimum Contention Window */
4685 if (phy->type == B43_PHYTYPE_B)
4686 b43_shm_write16(dev, B43_SHM_SCRATCH, B43_SHM_SC_MINCONT, 0x1F);
4687 else
4688 b43_shm_write16(dev, B43_SHM_SCRATCH, B43_SHM_SC_MINCONT, 0xF);
4689 /* Maximum Contention Window */
4690 b43_shm_write16(dev, B43_SHM_SCRATCH, B43_SHM_SC_MAXCONT, 0x3FF);
4692 if (b43_bus_host_is_pcmcia(dev->dev) ||
4693 b43_bus_host_is_sdio(dev->dev)) {
4694 dev->__using_pio_transfers = true;
4695 err = b43_pio_init(dev);
4696 } else if (dev->use_pio) {
4697 b43warn(dev->wl, "Forced PIO by use_pio module parameter. "
4698 "This should not be needed and will result in lower "
4699 "performance.\n");
4700 dev->__using_pio_transfers = true;
4701 err = b43_pio_init(dev);
4702 } else {
4703 dev->__using_pio_transfers = false;
4704 err = b43_dma_init(dev);
4706 if (err)
4707 goto err_chip_exit;
4708 b43_qos_init(dev);
4709 b43_set_synth_pu_delay(dev, 1);
4710 b43_bluetooth_coext_enable(dev);
4712 b43_bus_powerup(dev, !(sprom->boardflags_lo & B43_BFL_XTAL_NOSLOW));
4713 b43_upload_card_macaddress(dev);
4714 b43_security_init(dev);
4716 ieee80211_wake_queues(dev->wl->hw);
4718 b43_set_status(dev, B43_STAT_INITIALIZED);
4720 /* Register HW RNG driver */
4721 b43_rng_init(dev->wl);
4723 out:
4724 return err;
4726 err_chip_exit:
4727 b43_chip_exit(dev);
4728 err_busdown:
4729 b43_bus_may_powerdown(dev);
4730 B43_WARN_ON(b43_status(dev) != B43_STAT_UNINIT);
4731 return err;
4734 static int b43_op_add_interface(struct ieee80211_hw *hw,
4735 struct ieee80211_vif *vif)
4737 struct b43_wl *wl = hw_to_b43_wl(hw);
4738 struct b43_wldev *dev;
4739 int err = -EOPNOTSUPP;
4741 /* TODO: allow WDS/AP devices to coexist */
4743 if (vif->type != NL80211_IFTYPE_AP &&
4744 vif->type != NL80211_IFTYPE_MESH_POINT &&
4745 vif->type != NL80211_IFTYPE_STATION &&
4746 vif->type != NL80211_IFTYPE_WDS &&
4747 vif->type != NL80211_IFTYPE_ADHOC)
4748 return -EOPNOTSUPP;
4750 mutex_lock(&wl->mutex);
4751 if (wl->operating)
4752 goto out_mutex_unlock;
4754 b43dbg(wl, "Adding Interface type %d\n", vif->type);
4756 dev = wl->current_dev;
4757 wl->operating = true;
4758 wl->vif = vif;
4759 wl->if_type = vif->type;
4760 memcpy(wl->mac_addr, vif->addr, ETH_ALEN);
4762 b43_adjust_opmode(dev);
4763 b43_set_pretbtt(dev);
4764 b43_set_synth_pu_delay(dev, 0);
4765 b43_upload_card_macaddress(dev);
4767 err = 0;
4768 out_mutex_unlock:
4769 mutex_unlock(&wl->mutex);
4771 if (err == 0)
4772 b43_op_bss_info_changed(hw, vif, &vif->bss_conf, ~0);
4774 return err;
4777 static void b43_op_remove_interface(struct ieee80211_hw *hw,
4778 struct ieee80211_vif *vif)
4780 struct b43_wl *wl = hw_to_b43_wl(hw);
4781 struct b43_wldev *dev = wl->current_dev;
4783 b43dbg(wl, "Removing Interface type %d\n", vif->type);
4785 mutex_lock(&wl->mutex);
4787 B43_WARN_ON(!wl->operating);
4788 B43_WARN_ON(wl->vif != vif);
4789 wl->vif = NULL;
4791 wl->operating = false;
4793 b43_adjust_opmode(dev);
4794 memset(wl->mac_addr, 0, ETH_ALEN);
4795 b43_upload_card_macaddress(dev);
4797 mutex_unlock(&wl->mutex);
4800 static int b43_op_start(struct ieee80211_hw *hw)
4802 struct b43_wl *wl = hw_to_b43_wl(hw);
4803 struct b43_wldev *dev = wl->current_dev;
4804 int did_init = 0;
4805 int err = 0;
4807 /* Kill all old instance specific information to make sure
4808 * the card won't use it in the short timeframe between start
4809 * and mac80211 reconfiguring it. */
4810 memset(wl->bssid, 0, ETH_ALEN);
4811 memset(wl->mac_addr, 0, ETH_ALEN);
4812 wl->filter_flags = 0;
4813 wl->radiotap_enabled = false;
4814 b43_qos_clear(wl);
4815 wl->beacon0_uploaded = false;
4816 wl->beacon1_uploaded = false;
4817 wl->beacon_templates_virgin = true;
4818 wl->radio_enabled = true;
4820 mutex_lock(&wl->mutex);
4822 if (b43_status(dev) < B43_STAT_INITIALIZED) {
4823 err = b43_wireless_core_init(dev);
4824 if (err)
4825 goto out_mutex_unlock;
4826 did_init = 1;
4829 if (b43_status(dev) < B43_STAT_STARTED) {
4830 err = b43_wireless_core_start(dev);
4831 if (err) {
4832 if (did_init)
4833 b43_wireless_core_exit(dev);
4834 goto out_mutex_unlock;
4838 /* XXX: only do if device doesn't support rfkill irq */
4839 wiphy_rfkill_start_polling(hw->wiphy);
4841 out_mutex_unlock:
4842 mutex_unlock(&wl->mutex);
4845 * Configuration may have been overwritten during initialization.
4846 * Reload the configuration, but only if initialization was
4847 * successful. Reloading the configuration after a failed init
4848 * may hang the system.
4850 if (!err)
4851 b43_op_config(hw, ~0);
4853 return err;
4856 static void b43_op_stop(struct ieee80211_hw *hw)
4858 struct b43_wl *wl = hw_to_b43_wl(hw);
4859 struct b43_wldev *dev = wl->current_dev;
4861 cancel_work_sync(&(wl->beacon_update_trigger));
4863 if (!dev)
4864 goto out;
4866 mutex_lock(&wl->mutex);
4867 if (b43_status(dev) >= B43_STAT_STARTED) {
4868 dev = b43_wireless_core_stop(dev);
4869 if (!dev)
4870 goto out_unlock;
4872 b43_wireless_core_exit(dev);
4873 wl->radio_enabled = false;
4875 out_unlock:
4876 mutex_unlock(&wl->mutex);
4877 out:
4878 cancel_work_sync(&(wl->txpower_adjust_work));
4881 static int b43_op_beacon_set_tim(struct ieee80211_hw *hw,
4882 struct ieee80211_sta *sta, bool set)
4884 struct b43_wl *wl = hw_to_b43_wl(hw);
4886 /* FIXME: add locking */
4887 b43_update_templates(wl);
4889 return 0;
4892 static void b43_op_sta_notify(struct ieee80211_hw *hw,
4893 struct ieee80211_vif *vif,
4894 enum sta_notify_cmd notify_cmd,
4895 struct ieee80211_sta *sta)
4897 struct b43_wl *wl = hw_to_b43_wl(hw);
4899 B43_WARN_ON(!vif || wl->vif != vif);
4902 static void b43_op_sw_scan_start_notifier(struct ieee80211_hw *hw)
4904 struct b43_wl *wl = hw_to_b43_wl(hw);
4905 struct b43_wldev *dev;
4907 mutex_lock(&wl->mutex);
4908 dev = wl->current_dev;
4909 if (dev && (b43_status(dev) >= B43_STAT_INITIALIZED)) {
4910 /* Disable CFP update during scan on other channels. */
4911 b43_hf_write(dev, b43_hf_read(dev) | B43_HF_SKCFPUP);
4913 mutex_unlock(&wl->mutex);
4916 static void b43_op_sw_scan_complete_notifier(struct ieee80211_hw *hw)
4918 struct b43_wl *wl = hw_to_b43_wl(hw);
4919 struct b43_wldev *dev;
4921 mutex_lock(&wl->mutex);
4922 dev = wl->current_dev;
4923 if (dev && (b43_status(dev) >= B43_STAT_INITIALIZED)) {
4924 /* Re-enable CFP update. */
4925 b43_hf_write(dev, b43_hf_read(dev) & ~B43_HF_SKCFPUP);
4927 mutex_unlock(&wl->mutex);
4930 static int b43_op_get_survey(struct ieee80211_hw *hw, int idx,
4931 struct survey_info *survey)
4933 struct b43_wl *wl = hw_to_b43_wl(hw);
4934 struct b43_wldev *dev = wl->current_dev;
4935 struct ieee80211_conf *conf = &hw->conf;
4937 if (idx != 0)
4938 return -ENOENT;
4940 survey->channel = conf->channel;
4941 survey->filled = SURVEY_INFO_NOISE_DBM;
4942 survey->noise = dev->stats.link_noise;
4944 return 0;
4947 static const struct ieee80211_ops b43_hw_ops = {
4948 .tx = b43_op_tx,
4949 .conf_tx = b43_op_conf_tx,
4950 .add_interface = b43_op_add_interface,
4951 .remove_interface = b43_op_remove_interface,
4952 .config = b43_op_config,
4953 .bss_info_changed = b43_op_bss_info_changed,
4954 .configure_filter = b43_op_configure_filter,
4955 .set_key = b43_op_set_key,
4956 .update_tkip_key = b43_op_update_tkip_key,
4957 .get_stats = b43_op_get_stats,
4958 .get_tsf = b43_op_get_tsf,
4959 .set_tsf = b43_op_set_tsf,
4960 .start = b43_op_start,
4961 .stop = b43_op_stop,
4962 .set_tim = b43_op_beacon_set_tim,
4963 .sta_notify = b43_op_sta_notify,
4964 .sw_scan_start = b43_op_sw_scan_start_notifier,
4965 .sw_scan_complete = b43_op_sw_scan_complete_notifier,
4966 .get_survey = b43_op_get_survey,
4967 .rfkill_poll = b43_rfkill_poll,
4970 /* Hard-reset the chip. Do not call this directly.
4971 * Use b43_controller_restart()
4973 static void b43_chip_reset(struct work_struct *work)
4975 struct b43_wldev *dev =
4976 container_of(work, struct b43_wldev, restart_work);
4977 struct b43_wl *wl = dev->wl;
4978 int err = 0;
4979 int prev_status;
4981 mutex_lock(&wl->mutex);
4983 prev_status = b43_status(dev);
4984 /* Bring the device down... */
4985 if (prev_status >= B43_STAT_STARTED) {
4986 dev = b43_wireless_core_stop(dev);
4987 if (!dev) {
4988 err = -ENODEV;
4989 goto out;
4992 if (prev_status >= B43_STAT_INITIALIZED)
4993 b43_wireless_core_exit(dev);
4995 /* ...and up again. */
4996 if (prev_status >= B43_STAT_INITIALIZED) {
4997 err = b43_wireless_core_init(dev);
4998 if (err)
4999 goto out;
5001 if (prev_status >= B43_STAT_STARTED) {
5002 err = b43_wireless_core_start(dev);
5003 if (err) {
5004 b43_wireless_core_exit(dev);
5005 goto out;
5008 out:
5009 if (err)
5010 wl->current_dev = NULL; /* Failed to init the dev. */
5011 mutex_unlock(&wl->mutex);
5013 if (err) {
5014 b43err(wl, "Controller restart FAILED\n");
5015 return;
5018 /* reload configuration */
5019 b43_op_config(wl->hw, ~0);
5020 if (wl->vif)
5021 b43_op_bss_info_changed(wl->hw, wl->vif, &wl->vif->bss_conf, ~0);
5023 b43info(wl, "Controller restarted\n");
5026 static int b43_setup_bands(struct b43_wldev *dev,
5027 bool have_2ghz_phy, bool have_5ghz_phy)
5029 struct ieee80211_hw *hw = dev->wl->hw;
5031 if (have_2ghz_phy)
5032 hw->wiphy->bands[IEEE80211_BAND_2GHZ] = &b43_band_2GHz;
5033 if (dev->phy.type == B43_PHYTYPE_N) {
5034 if (have_5ghz_phy)
5035 hw->wiphy->bands[IEEE80211_BAND_5GHZ] = &b43_band_5GHz_nphy;
5036 } else {
5037 if (have_5ghz_phy)
5038 hw->wiphy->bands[IEEE80211_BAND_5GHZ] = &b43_band_5GHz_aphy;
5041 dev->phy.supports_2ghz = have_2ghz_phy;
5042 dev->phy.supports_5ghz = have_5ghz_phy;
5044 return 0;
5047 static void b43_wireless_core_detach(struct b43_wldev *dev)
5049 /* We release firmware that late to not be required to re-request
5050 * is all the time when we reinit the core. */
5051 b43_release_firmware(dev);
5052 b43_phy_free(dev);
5055 static int b43_wireless_core_attach(struct b43_wldev *dev)
5057 struct b43_wl *wl = dev->wl;
5058 struct pci_dev *pdev = NULL;
5059 int err;
5060 u32 tmp;
5061 bool have_2ghz_phy = false, have_5ghz_phy = false;
5063 /* Do NOT do any device initialization here.
5064 * Do it in wireless_core_init() instead.
5065 * This function is for gathering basic information about the HW, only.
5066 * Also some structs may be set up here. But most likely you want to have
5067 * that in core_init(), too.
5070 #ifdef CONFIG_B43_SSB
5071 if (dev->dev->bus_type == B43_BUS_SSB &&
5072 dev->dev->sdev->bus->bustype == SSB_BUSTYPE_PCI)
5073 pdev = dev->dev->sdev->bus->host_pci;
5074 #endif
5076 err = b43_bus_powerup(dev, 0);
5077 if (err) {
5078 b43err(wl, "Bus powerup failed\n");
5079 goto out;
5082 /* Get the PHY type. */
5083 switch (dev->dev->bus_type) {
5084 #ifdef CONFIG_B43_BCMA
5085 case B43_BUS_BCMA:
5086 tmp = bcma_aread32(dev->dev->bdev, BCMA_IOST);
5087 have_2ghz_phy = !!(tmp & B43_BCMA_IOST_2G_PHY);
5088 have_5ghz_phy = !!(tmp & B43_BCMA_IOST_5G_PHY);
5089 break;
5090 #endif
5091 #ifdef CONFIG_B43_SSB
5092 case B43_BUS_SSB:
5093 if (dev->dev->core_rev >= 5) {
5094 tmp = ssb_read32(dev->dev->sdev, SSB_TMSHIGH);
5095 have_2ghz_phy = !!(tmp & B43_TMSHIGH_HAVE_2GHZ_PHY);
5096 have_5ghz_phy = !!(tmp & B43_TMSHIGH_HAVE_5GHZ_PHY);
5097 } else
5098 B43_WARN_ON(1);
5099 break;
5100 #endif
5103 dev->phy.gmode = have_2ghz_phy;
5104 dev->phy.radio_on = true;
5105 b43_wireless_core_reset(dev, dev->phy.gmode);
5107 err = b43_phy_versioning(dev);
5108 if (err)
5109 goto err_powerdown;
5110 /* Check if this device supports multiband. */
5111 if (!pdev ||
5112 (pdev->device != 0x4312 &&
5113 pdev->device != 0x4319 && pdev->device != 0x4324)) {
5114 /* No multiband support. */
5115 have_2ghz_phy = false;
5116 have_5ghz_phy = false;
5117 switch (dev->phy.type) {
5118 case B43_PHYTYPE_A:
5119 have_5ghz_phy = true;
5120 break;
5121 case B43_PHYTYPE_LP: //FIXME not always!
5122 #if 0 //FIXME enabling 5GHz causes a NULL pointer dereference
5123 have_5ghz_phy = 1;
5124 #endif
5125 case B43_PHYTYPE_G:
5126 case B43_PHYTYPE_N:
5127 case B43_PHYTYPE_HT:
5128 case B43_PHYTYPE_LCN:
5129 have_2ghz_phy = true;
5130 break;
5131 default:
5132 B43_WARN_ON(1);
5135 if (dev->phy.type == B43_PHYTYPE_A) {
5136 /* FIXME */
5137 b43err(wl, "IEEE 802.11a devices are unsupported\n");
5138 err = -EOPNOTSUPP;
5139 goto err_powerdown;
5141 if (1 /* disable A-PHY */) {
5142 /* FIXME: For now we disable the A-PHY on multi-PHY devices. */
5143 if (dev->phy.type != B43_PHYTYPE_N &&
5144 dev->phy.type != B43_PHYTYPE_LP) {
5145 have_2ghz_phy = true;
5146 have_5ghz_phy = false;
5150 err = b43_phy_allocate(dev);
5151 if (err)
5152 goto err_powerdown;
5154 dev->phy.gmode = have_2ghz_phy;
5155 b43_wireless_core_reset(dev, dev->phy.gmode);
5157 err = b43_validate_chipaccess(dev);
5158 if (err)
5159 goto err_phy_free;
5160 err = b43_setup_bands(dev, have_2ghz_phy, have_5ghz_phy);
5161 if (err)
5162 goto err_phy_free;
5164 /* Now set some default "current_dev" */
5165 if (!wl->current_dev)
5166 wl->current_dev = dev;
5167 INIT_WORK(&dev->restart_work, b43_chip_reset);
5169 dev->phy.ops->switch_analog(dev, 0);
5170 b43_device_disable(dev, 0);
5171 b43_bus_may_powerdown(dev);
5173 out:
5174 return err;
5176 err_phy_free:
5177 b43_phy_free(dev);
5178 err_powerdown:
5179 b43_bus_may_powerdown(dev);
5180 return err;
5183 static void b43_one_core_detach(struct b43_bus_dev *dev)
5185 struct b43_wldev *wldev;
5186 struct b43_wl *wl;
5188 /* Do not cancel ieee80211-workqueue based work here.
5189 * See comment in b43_remove(). */
5191 wldev = b43_bus_get_wldev(dev);
5192 wl = wldev->wl;
5193 b43_debugfs_remove_device(wldev);
5194 b43_wireless_core_detach(wldev);
5195 list_del(&wldev->list);
5196 wl->nr_devs--;
5197 b43_bus_set_wldev(dev, NULL);
5198 kfree(wldev);
5201 static int b43_one_core_attach(struct b43_bus_dev *dev, struct b43_wl *wl)
5203 struct b43_wldev *wldev;
5204 int err = -ENOMEM;
5206 wldev = kzalloc(sizeof(*wldev), GFP_KERNEL);
5207 if (!wldev)
5208 goto out;
5210 wldev->use_pio = b43_modparam_pio;
5211 wldev->dev = dev;
5212 wldev->wl = wl;
5213 b43_set_status(wldev, B43_STAT_UNINIT);
5214 wldev->bad_frames_preempt = modparam_bad_frames_preempt;
5215 INIT_LIST_HEAD(&wldev->list);
5217 err = b43_wireless_core_attach(wldev);
5218 if (err)
5219 goto err_kfree_wldev;
5221 list_add(&wldev->list, &wl->devlist);
5222 wl->nr_devs++;
5223 b43_bus_set_wldev(dev, wldev);
5224 b43_debugfs_add_device(wldev);
5226 out:
5227 return err;
5229 err_kfree_wldev:
5230 kfree(wldev);
5231 return err;
5234 #define IS_PDEV(pdev, _vendor, _device, _subvendor, _subdevice) ( \
5235 (pdev->vendor == PCI_VENDOR_ID_##_vendor) && \
5236 (pdev->device == _device) && \
5237 (pdev->subsystem_vendor == PCI_VENDOR_ID_##_subvendor) && \
5238 (pdev->subsystem_device == _subdevice) )
5240 static void b43_sprom_fixup(struct ssb_bus *bus)
5242 struct pci_dev *pdev;
5244 /* boardflags workarounds */
5245 if (bus->boardinfo.vendor == SSB_BOARDVENDOR_DELL &&
5246 bus->chip_id == 0x4301 && bus->boardinfo.rev == 0x74)
5247 bus->sprom.boardflags_lo |= B43_BFL_BTCOEXIST;
5248 if (bus->boardinfo.vendor == PCI_VENDOR_ID_APPLE &&
5249 bus->boardinfo.type == 0x4E && bus->boardinfo.rev > 0x40)
5250 bus->sprom.boardflags_lo |= B43_BFL_PACTRL;
5251 if (bus->bustype == SSB_BUSTYPE_PCI) {
5252 pdev = bus->host_pci;
5253 if (IS_PDEV(pdev, BROADCOM, 0x4318, ASUSTEK, 0x100F) ||
5254 IS_PDEV(pdev, BROADCOM, 0x4320, DELL, 0x0003) ||
5255 IS_PDEV(pdev, BROADCOM, 0x4320, HP, 0x12f8) ||
5256 IS_PDEV(pdev, BROADCOM, 0x4320, LINKSYS, 0x0015) ||
5257 IS_PDEV(pdev, BROADCOM, 0x4320, LINKSYS, 0x0014) ||
5258 IS_PDEV(pdev, BROADCOM, 0x4320, LINKSYS, 0x0013) ||
5259 IS_PDEV(pdev, BROADCOM, 0x4320, MOTOROLA, 0x7010))
5260 bus->sprom.boardflags_lo &= ~B43_BFL_BTCOEXIST;
5264 static void b43_wireless_exit(struct b43_bus_dev *dev, struct b43_wl *wl)
5266 struct ieee80211_hw *hw = wl->hw;
5268 ssb_set_devtypedata(dev->sdev, NULL);
5269 ieee80211_free_hw(hw);
5272 static struct b43_wl *b43_wireless_init(struct b43_bus_dev *dev)
5274 struct ssb_sprom *sprom = dev->bus_sprom;
5275 struct ieee80211_hw *hw;
5276 struct b43_wl *wl;
5277 char chip_name[6];
5278 int queue_num;
5280 hw = ieee80211_alloc_hw(sizeof(*wl), &b43_hw_ops);
5281 if (!hw) {
5282 b43err(NULL, "Could not allocate ieee80211 device\n");
5283 return ERR_PTR(-ENOMEM);
5285 wl = hw_to_b43_wl(hw);
5287 /* fill hw info */
5288 hw->flags = IEEE80211_HW_RX_INCLUDES_FCS |
5289 IEEE80211_HW_SIGNAL_DBM;
5291 hw->wiphy->interface_modes =
5292 BIT(NL80211_IFTYPE_AP) |
5293 BIT(NL80211_IFTYPE_MESH_POINT) |
5294 BIT(NL80211_IFTYPE_STATION) |
5295 BIT(NL80211_IFTYPE_WDS) |
5296 BIT(NL80211_IFTYPE_ADHOC);
5298 hw->queues = modparam_qos ? B43_QOS_QUEUE_NUM : 1;
5299 wl->mac80211_initially_registered_queues = hw->queues;
5300 hw->max_rates = 2;
5301 SET_IEEE80211_DEV(hw, dev->dev);
5302 if (is_valid_ether_addr(sprom->et1mac))
5303 SET_IEEE80211_PERM_ADDR(hw, sprom->et1mac);
5304 else
5305 SET_IEEE80211_PERM_ADDR(hw, sprom->il0mac);
5307 /* Initialize struct b43_wl */
5308 wl->hw = hw;
5309 mutex_init(&wl->mutex);
5310 spin_lock_init(&wl->hardirq_lock);
5311 INIT_LIST_HEAD(&wl->devlist);
5312 INIT_WORK(&wl->beacon_update_trigger, b43_beacon_update_trigger_work);
5313 INIT_WORK(&wl->txpower_adjust_work, b43_phy_txpower_adjust_work);
5314 INIT_WORK(&wl->tx_work, b43_tx_work);
5316 /* Initialize queues and flags. */
5317 for (queue_num = 0; queue_num < B43_QOS_QUEUE_NUM; queue_num++) {
5318 skb_queue_head_init(&wl->tx_queue[queue_num]);
5319 wl->tx_queue_stopped[queue_num] = 0;
5322 snprintf(chip_name, ARRAY_SIZE(chip_name),
5323 (dev->chip_id > 0x9999) ? "%d" : "%04X", dev->chip_id);
5324 b43info(wl, "Broadcom %s WLAN found (core revision %u)\n", chip_name,
5325 dev->core_rev);
5326 return wl;
5329 #ifdef CONFIG_B43_BCMA
5330 static int b43_bcma_probe(struct bcma_device *core)
5332 struct b43_bus_dev *dev;
5333 struct b43_wl *wl;
5334 int err;
5336 dev = b43_bus_dev_bcma_init(core);
5337 if (!dev)
5338 return -ENODEV;
5340 wl = b43_wireless_init(dev);
5341 if (IS_ERR(wl)) {
5342 err = PTR_ERR(wl);
5343 goto bcma_out;
5346 err = b43_one_core_attach(dev, wl);
5347 if (err)
5348 goto bcma_err_wireless_exit;
5350 err = ieee80211_register_hw(wl->hw);
5351 if (err)
5352 goto bcma_err_one_core_detach;
5353 b43_leds_register(wl->current_dev);
5355 bcma_out:
5356 return err;
5358 bcma_err_one_core_detach:
5359 b43_one_core_detach(dev);
5360 bcma_err_wireless_exit:
5361 ieee80211_free_hw(wl->hw);
5362 return err;
5365 static void b43_bcma_remove(struct bcma_device *core)
5367 struct b43_wldev *wldev = bcma_get_drvdata(core);
5368 struct b43_wl *wl = wldev->wl;
5370 /* We must cancel any work here before unregistering from ieee80211,
5371 * as the ieee80211 unreg will destroy the workqueue. */
5372 cancel_work_sync(&wldev->restart_work);
5374 /* Restore the queues count before unregistering, because firmware detect
5375 * might have modified it. Restoring is important, so the networking
5376 * stack can properly free resources. */
5377 wl->hw->queues = wl->mac80211_initially_registered_queues;
5378 b43_leds_stop(wldev);
5379 ieee80211_unregister_hw(wl->hw);
5381 b43_one_core_detach(wldev->dev);
5383 b43_leds_unregister(wl);
5385 ieee80211_free_hw(wl->hw);
5388 static struct bcma_driver b43_bcma_driver = {
5389 .name = KBUILD_MODNAME,
5390 .id_table = b43_bcma_tbl,
5391 .probe = b43_bcma_probe,
5392 .remove = b43_bcma_remove,
5394 #endif
5396 #ifdef CONFIG_B43_SSB
5397 static
5398 int b43_ssb_probe(struct ssb_device *sdev, const struct ssb_device_id *id)
5400 struct b43_bus_dev *dev;
5401 struct b43_wl *wl;
5402 int err;
5403 int first = 0;
5405 dev = b43_bus_dev_ssb_init(sdev);
5406 if (!dev)
5407 return -ENOMEM;
5409 wl = ssb_get_devtypedata(sdev);
5410 if (!wl) {
5411 /* Probing the first core. Must setup common struct b43_wl */
5412 first = 1;
5413 b43_sprom_fixup(sdev->bus);
5414 wl = b43_wireless_init(dev);
5415 if (IS_ERR(wl)) {
5416 err = PTR_ERR(wl);
5417 goto out;
5419 ssb_set_devtypedata(sdev, wl);
5420 B43_WARN_ON(ssb_get_devtypedata(sdev) != wl);
5422 err = b43_one_core_attach(dev, wl);
5423 if (err)
5424 goto err_wireless_exit;
5426 if (first) {
5427 err = ieee80211_register_hw(wl->hw);
5428 if (err)
5429 goto err_one_core_detach;
5430 b43_leds_register(wl->current_dev);
5433 out:
5434 return err;
5436 err_one_core_detach:
5437 b43_one_core_detach(dev);
5438 err_wireless_exit:
5439 if (first)
5440 b43_wireless_exit(dev, wl);
5441 return err;
5444 static void b43_ssb_remove(struct ssb_device *sdev)
5446 struct b43_wl *wl = ssb_get_devtypedata(sdev);
5447 struct b43_wldev *wldev = ssb_get_drvdata(sdev);
5448 struct b43_bus_dev *dev = wldev->dev;
5450 /* We must cancel any work here before unregistering from ieee80211,
5451 * as the ieee80211 unreg will destroy the workqueue. */
5452 cancel_work_sync(&wldev->restart_work);
5454 B43_WARN_ON(!wl);
5455 if (wl->current_dev == wldev) {
5456 /* Restore the queues count before unregistering, because firmware detect
5457 * might have modified it. Restoring is important, so the networking
5458 * stack can properly free resources. */
5459 wl->hw->queues = wl->mac80211_initially_registered_queues;
5460 b43_leds_stop(wldev);
5461 ieee80211_unregister_hw(wl->hw);
5464 b43_one_core_detach(dev);
5466 if (list_empty(&wl->devlist)) {
5467 b43_leds_unregister(wl);
5468 /* Last core on the chip unregistered.
5469 * We can destroy common struct b43_wl.
5471 b43_wireless_exit(dev, wl);
5475 static struct ssb_driver b43_ssb_driver = {
5476 .name = KBUILD_MODNAME,
5477 .id_table = b43_ssb_tbl,
5478 .probe = b43_ssb_probe,
5479 .remove = b43_ssb_remove,
5481 #endif /* CONFIG_B43_SSB */
5483 /* Perform a hardware reset. This can be called from any context. */
5484 void b43_controller_restart(struct b43_wldev *dev, const char *reason)
5486 /* Must avoid requeueing, if we are in shutdown. */
5487 if (b43_status(dev) < B43_STAT_INITIALIZED)
5488 return;
5489 b43info(dev->wl, "Controller RESET (%s) ...\n", reason);
5490 ieee80211_queue_work(dev->wl->hw, &dev->restart_work);
5493 static void b43_print_driverinfo(void)
5495 const char *feat_pci = "", *feat_pcmcia = "", *feat_nphy = "",
5496 *feat_leds = "", *feat_sdio = "";
5498 #ifdef CONFIG_B43_PCI_AUTOSELECT
5499 feat_pci = "P";
5500 #endif
5501 #ifdef CONFIG_B43_PCMCIA
5502 feat_pcmcia = "M";
5503 #endif
5504 #ifdef CONFIG_B43_PHY_N
5505 feat_nphy = "N";
5506 #endif
5507 #ifdef CONFIG_B43_LEDS
5508 feat_leds = "L";
5509 #endif
5510 #ifdef CONFIG_B43_SDIO
5511 feat_sdio = "S";
5512 #endif
5513 printk(KERN_INFO "Broadcom 43xx driver loaded "
5514 "[ Features: %s%s%s%s%s ]\n",
5515 feat_pci, feat_pcmcia, feat_nphy,
5516 feat_leds, feat_sdio);
5519 static int __init b43_init(void)
5521 int err;
5523 b43_debugfs_init();
5524 err = b43_pcmcia_init();
5525 if (err)
5526 goto err_dfs_exit;
5527 err = b43_sdio_init();
5528 if (err)
5529 goto err_pcmcia_exit;
5530 #ifdef CONFIG_B43_BCMA
5531 err = bcma_driver_register(&b43_bcma_driver);
5532 if (err)
5533 goto err_sdio_exit;
5534 #endif
5535 #ifdef CONFIG_B43_SSB
5536 err = ssb_driver_register(&b43_ssb_driver);
5537 if (err)
5538 goto err_bcma_driver_exit;
5539 #endif
5540 b43_print_driverinfo();
5542 return err;
5544 #ifdef CONFIG_B43_SSB
5545 err_bcma_driver_exit:
5546 #endif
5547 #ifdef CONFIG_B43_BCMA
5548 bcma_driver_unregister(&b43_bcma_driver);
5549 err_sdio_exit:
5550 #endif
5551 b43_sdio_exit();
5552 err_pcmcia_exit:
5553 b43_pcmcia_exit();
5554 err_dfs_exit:
5555 b43_debugfs_exit();
5556 return err;
5559 static void __exit b43_exit(void)
5561 #ifdef CONFIG_B43_SSB
5562 ssb_driver_unregister(&b43_ssb_driver);
5563 #endif
5564 #ifdef CONFIG_B43_BCMA
5565 bcma_driver_unregister(&b43_bcma_driver);
5566 #endif
5567 b43_sdio_exit();
5568 b43_pcmcia_exit();
5569 b43_debugfs_exit();
5572 module_init(b43_init)
5573 module_exit(b43_exit)