3 Broadcom B43 wireless driver
5 Copyright (c) 2005 Martin Langer <martin-langer@gmx.de>
6 Copyright (c) 2005 Stefano Brivio <stefano.brivio@polimi.it>
7 Copyright (c) 2005, 2006 Michael Buesch <mb@bu3sch.de>
8 Copyright (c) 2005 Danny van Dyk <kugelfang@gentoo.org>
9 Copyright (c) 2005 Andreas Jaggi <andreas.jaggi@waterwave.ch>
11 Some parts of the code in this file are derived from the ipw2200
12 driver Copyright(c) 2003 - 2004 Intel Corporation.
14 This program is free software; you can redistribute it and/or modify
15 it under the terms of the GNU General Public License as published by
16 the Free Software Foundation; either version 2 of the License, or
17 (at your option) any later version.
19 This program is distributed in the hope that it will be useful,
20 but WITHOUT ANY WARRANTY; without even the implied warranty of
21 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
22 GNU General Public License for more details.
24 You should have received a copy of the GNU General Public License
25 along with this program; see the file COPYING. If not, write to
26 the Free Software Foundation, Inc., 51 Franklin Steet, Fifth Floor,
27 Boston, MA 02110-1301, USA.
31 #include <linux/delay.h>
32 #include <linux/init.h>
33 #include <linux/moduleparam.h>
34 #include <linux/if_arp.h>
35 #include <linux/etherdevice.h>
36 #include <linux/version.h>
37 #include <linux/firmware.h>
38 #include <linux/wireless.h>
39 #include <linux/workqueue.h>
40 #include <linux/skbuff.h>
42 #include <linux/dma-mapping.h>
43 #include <asm/unaligned.h>
57 MODULE_DESCRIPTION("Broadcom B43 wireless driver");
58 MODULE_AUTHOR("Martin Langer");
59 MODULE_AUTHOR("Stefano Brivio");
60 MODULE_AUTHOR("Michael Buesch");
61 MODULE_LICENSE("GPL");
63 MODULE_FIRMWARE(B43_SUPPORTED_FIRMWARE_ID);
66 static int modparam_bad_frames_preempt;
67 module_param_named(bad_frames_preempt, modparam_bad_frames_preempt, int, 0444);
68 MODULE_PARM_DESC(bad_frames_preempt,
69 "enable(1) / disable(0) Bad Frames Preemption");
71 static char modparam_fwpostfix[16];
72 module_param_string(fwpostfix, modparam_fwpostfix, 16, 0444);
73 MODULE_PARM_DESC(fwpostfix, "Postfix for the .fw files to load.");
75 static int modparam_hwpctl;
76 module_param_named(hwpctl, modparam_hwpctl, int, 0444);
77 MODULE_PARM_DESC(hwpctl, "Enable hardware-side power control (default off)");
79 static int modparam_nohwcrypt;
80 module_param_named(nohwcrypt, modparam_nohwcrypt, int, 0444);
81 MODULE_PARM_DESC(nohwcrypt, "Disable hardware encryption.");
83 int b43_modparam_qos = 1;
84 module_param_named(qos, b43_modparam_qos, int, 0444);
85 MODULE_PARM_DESC(qos, "Enable QOS support (default on)");
87 static int modparam_btcoex = 1;
88 module_param_named(btcoex, modparam_btcoex, int, 0444);
89 MODULE_PARM_DESC(btcoex, "Enable Bluetooth coexistance (default on)");
92 static const struct ssb_device_id b43_ssb_tbl[] = {
93 SSB_DEVICE(SSB_VENDOR_BROADCOM, SSB_DEV_80211, 5),
94 SSB_DEVICE(SSB_VENDOR_BROADCOM, SSB_DEV_80211, 6),
95 SSB_DEVICE(SSB_VENDOR_BROADCOM, SSB_DEV_80211, 7),
96 SSB_DEVICE(SSB_VENDOR_BROADCOM, SSB_DEV_80211, 9),
97 SSB_DEVICE(SSB_VENDOR_BROADCOM, SSB_DEV_80211, 10),
98 SSB_DEVICE(SSB_VENDOR_BROADCOM, SSB_DEV_80211, 11),
99 SSB_DEVICE(SSB_VENDOR_BROADCOM, SSB_DEV_80211, 13),
103 MODULE_DEVICE_TABLE(ssb, b43_ssb_tbl);
105 /* Channel and ratetables are shared for all devices.
106 * They can't be const, because ieee80211 puts some precalculated
107 * data in there. This data is the same for all devices, so we don't
108 * get concurrency issues */
109 #define RATETAB_ENT(_rateid, _flags) \
111 .bitrate = B43_RATE_TO_BASE100KBPS(_rateid), \
112 .hw_value = (_rateid), \
117 * NOTE: When changing this, sync with xmit.c's
118 * b43_plcp_get_bitrate_idx_* functions!
120 static struct ieee80211_rate __b43_ratetable[] = {
121 RATETAB_ENT(B43_CCK_RATE_1MB, 0),
122 RATETAB_ENT(B43_CCK_RATE_2MB, IEEE80211_RATE_SHORT_PREAMBLE),
123 RATETAB_ENT(B43_CCK_RATE_5MB, IEEE80211_RATE_SHORT_PREAMBLE),
124 RATETAB_ENT(B43_CCK_RATE_11MB, IEEE80211_RATE_SHORT_PREAMBLE),
125 RATETAB_ENT(B43_OFDM_RATE_6MB, 0),
126 RATETAB_ENT(B43_OFDM_RATE_9MB, 0),
127 RATETAB_ENT(B43_OFDM_RATE_12MB, 0),
128 RATETAB_ENT(B43_OFDM_RATE_18MB, 0),
129 RATETAB_ENT(B43_OFDM_RATE_24MB, 0),
130 RATETAB_ENT(B43_OFDM_RATE_36MB, 0),
131 RATETAB_ENT(B43_OFDM_RATE_48MB, 0),
132 RATETAB_ENT(B43_OFDM_RATE_54MB, 0),
135 #define b43_a_ratetable (__b43_ratetable + 4)
136 #define b43_a_ratetable_size 8
137 #define b43_b_ratetable (__b43_ratetable + 0)
138 #define b43_b_ratetable_size 4
139 #define b43_g_ratetable (__b43_ratetable + 0)
140 #define b43_g_ratetable_size 12
142 #define CHAN4G(_channel, _freq, _flags) { \
143 .band = IEEE80211_BAND_2GHZ, \
144 .center_freq = (_freq), \
145 .hw_value = (_channel), \
147 .max_antenna_gain = 0, \
150 static struct ieee80211_channel b43_2ghz_chantable[] = {
168 #define CHAN5G(_channel, _flags) { \
169 .band = IEEE80211_BAND_5GHZ, \
170 .center_freq = 5000 + (5 * (_channel)), \
171 .hw_value = (_channel), \
173 .max_antenna_gain = 0, \
176 static struct ieee80211_channel b43_5ghz_nphy_chantable[] = {
177 CHAN5G(32, 0), CHAN5G(34, 0),
178 CHAN5G(36, 0), CHAN5G(38, 0),
179 CHAN5G(40, 0), CHAN5G(42, 0),
180 CHAN5G(44, 0), CHAN5G(46, 0),
181 CHAN5G(48, 0), CHAN5G(50, 0),
182 CHAN5G(52, 0), CHAN5G(54, 0),
183 CHAN5G(56, 0), CHAN5G(58, 0),
184 CHAN5G(60, 0), CHAN5G(62, 0),
185 CHAN5G(64, 0), CHAN5G(66, 0),
186 CHAN5G(68, 0), CHAN5G(70, 0),
187 CHAN5G(72, 0), CHAN5G(74, 0),
188 CHAN5G(76, 0), CHAN5G(78, 0),
189 CHAN5G(80, 0), CHAN5G(82, 0),
190 CHAN5G(84, 0), CHAN5G(86, 0),
191 CHAN5G(88, 0), CHAN5G(90, 0),
192 CHAN5G(92, 0), CHAN5G(94, 0),
193 CHAN5G(96, 0), CHAN5G(98, 0),
194 CHAN5G(100, 0), CHAN5G(102, 0),
195 CHAN5G(104, 0), CHAN5G(106, 0),
196 CHAN5G(108, 0), CHAN5G(110, 0),
197 CHAN5G(112, 0), CHAN5G(114, 0),
198 CHAN5G(116, 0), CHAN5G(118, 0),
199 CHAN5G(120, 0), CHAN5G(122, 0),
200 CHAN5G(124, 0), CHAN5G(126, 0),
201 CHAN5G(128, 0), CHAN5G(130, 0),
202 CHAN5G(132, 0), CHAN5G(134, 0),
203 CHAN5G(136, 0), CHAN5G(138, 0),
204 CHAN5G(140, 0), CHAN5G(142, 0),
205 CHAN5G(144, 0), CHAN5G(145, 0),
206 CHAN5G(146, 0), CHAN5G(147, 0),
207 CHAN5G(148, 0), CHAN5G(149, 0),
208 CHAN5G(150, 0), CHAN5G(151, 0),
209 CHAN5G(152, 0), CHAN5G(153, 0),
210 CHAN5G(154, 0), CHAN5G(155, 0),
211 CHAN5G(156, 0), CHAN5G(157, 0),
212 CHAN5G(158, 0), CHAN5G(159, 0),
213 CHAN5G(160, 0), CHAN5G(161, 0),
214 CHAN5G(162, 0), CHAN5G(163, 0),
215 CHAN5G(164, 0), CHAN5G(165, 0),
216 CHAN5G(166, 0), CHAN5G(168, 0),
217 CHAN5G(170, 0), CHAN5G(172, 0),
218 CHAN5G(174, 0), CHAN5G(176, 0),
219 CHAN5G(178, 0), CHAN5G(180, 0),
220 CHAN5G(182, 0), CHAN5G(184, 0),
221 CHAN5G(186, 0), CHAN5G(188, 0),
222 CHAN5G(190, 0), CHAN5G(192, 0),
223 CHAN5G(194, 0), CHAN5G(196, 0),
224 CHAN5G(198, 0), CHAN5G(200, 0),
225 CHAN5G(202, 0), CHAN5G(204, 0),
226 CHAN5G(206, 0), CHAN5G(208, 0),
227 CHAN5G(210, 0), CHAN5G(212, 0),
228 CHAN5G(214, 0), CHAN5G(216, 0),
229 CHAN5G(218, 0), CHAN5G(220, 0),
230 CHAN5G(222, 0), CHAN5G(224, 0),
231 CHAN5G(226, 0), CHAN5G(228, 0),
234 static struct ieee80211_channel b43_5ghz_aphy_chantable[] = {
235 CHAN5G(34, 0), CHAN5G(36, 0),
236 CHAN5G(38, 0), CHAN5G(40, 0),
237 CHAN5G(42, 0), CHAN5G(44, 0),
238 CHAN5G(46, 0), CHAN5G(48, 0),
239 CHAN5G(52, 0), CHAN5G(56, 0),
240 CHAN5G(60, 0), CHAN5G(64, 0),
241 CHAN5G(100, 0), CHAN5G(104, 0),
242 CHAN5G(108, 0), CHAN5G(112, 0),
243 CHAN5G(116, 0), CHAN5G(120, 0),
244 CHAN5G(124, 0), CHAN5G(128, 0),
245 CHAN5G(132, 0), CHAN5G(136, 0),
246 CHAN5G(140, 0), CHAN5G(149, 0),
247 CHAN5G(153, 0), CHAN5G(157, 0),
248 CHAN5G(161, 0), CHAN5G(165, 0),
249 CHAN5G(184, 0), CHAN5G(188, 0),
250 CHAN5G(192, 0), CHAN5G(196, 0),
251 CHAN5G(200, 0), CHAN5G(204, 0),
252 CHAN5G(208, 0), CHAN5G(212, 0),
257 static struct ieee80211_supported_band b43_band_5GHz_nphy = {
258 .band = IEEE80211_BAND_5GHZ,
259 .channels = b43_5ghz_nphy_chantable,
260 .n_channels = ARRAY_SIZE(b43_5ghz_nphy_chantable),
261 .bitrates = b43_a_ratetable,
262 .n_bitrates = b43_a_ratetable_size,
265 static struct ieee80211_supported_band b43_band_5GHz_aphy = {
266 .band = IEEE80211_BAND_5GHZ,
267 .channels = b43_5ghz_aphy_chantable,
268 .n_channels = ARRAY_SIZE(b43_5ghz_aphy_chantable),
269 .bitrates = b43_a_ratetable,
270 .n_bitrates = b43_a_ratetable_size,
273 static struct ieee80211_supported_band b43_band_2GHz = {
274 .band = IEEE80211_BAND_2GHZ,
275 .channels = b43_2ghz_chantable,
276 .n_channels = ARRAY_SIZE(b43_2ghz_chantable),
277 .bitrates = b43_g_ratetable,
278 .n_bitrates = b43_g_ratetable_size,
281 static void b43_wireless_core_exit(struct b43_wldev *dev);
282 static int b43_wireless_core_init(struct b43_wldev *dev);
283 static void b43_wireless_core_stop(struct b43_wldev *dev);
284 static int b43_wireless_core_start(struct b43_wldev *dev);
286 static int b43_ratelimit(struct b43_wl *wl)
288 if (!wl || !wl->current_dev)
290 if (b43_status(wl->current_dev) < B43_STAT_STARTED)
292 /* We are up and running.
293 * Ratelimit the messages to avoid DoS over the net. */
294 return net_ratelimit();
297 void b43info(struct b43_wl *wl, const char *fmt, ...)
301 if (!b43_ratelimit(wl))
304 printk(KERN_INFO "b43-%s: ",
305 (wl && wl->hw) ? wiphy_name(wl->hw->wiphy) : "wlan");
310 void b43err(struct b43_wl *wl, const char *fmt, ...)
314 if (!b43_ratelimit(wl))
317 printk(KERN_ERR "b43-%s ERROR: ",
318 (wl && wl->hw) ? wiphy_name(wl->hw->wiphy) : "wlan");
323 void b43warn(struct b43_wl *wl, const char *fmt, ...)
327 if (!b43_ratelimit(wl))
330 printk(KERN_WARNING "b43-%s warning: ",
331 (wl && wl->hw) ? wiphy_name(wl->hw->wiphy) : "wlan");
337 void b43dbg(struct b43_wl *wl, const char *fmt, ...)
342 printk(KERN_DEBUG "b43-%s debug: ",
343 (wl && wl->hw) ? wiphy_name(wl->hw->wiphy) : "wlan");
349 static void b43_ram_write(struct b43_wldev *dev, u16 offset, u32 val)
353 B43_WARN_ON(offset % 4 != 0);
355 macctl = b43_read32(dev, B43_MMIO_MACCTL);
356 if (macctl & B43_MACCTL_BE)
359 b43_write32(dev, B43_MMIO_RAM_CONTROL, offset);
361 b43_write32(dev, B43_MMIO_RAM_DATA, val);
364 static inline void b43_shm_control_word(struct b43_wldev *dev,
365 u16 routing, u16 offset)
369 /* "offset" is the WORD offset. */
373 b43_write32(dev, B43_MMIO_SHM_CONTROL, control);
376 u32 __b43_shm_read32(struct b43_wldev *dev, u16 routing, u16 offset)
380 if (routing == B43_SHM_SHARED) {
381 B43_WARN_ON(offset & 0x0001);
382 if (offset & 0x0003) {
383 /* Unaligned access */
384 b43_shm_control_word(dev, routing, offset >> 2);
385 ret = b43_read16(dev, B43_MMIO_SHM_DATA_UNALIGNED);
387 b43_shm_control_word(dev, routing, (offset >> 2) + 1);
388 ret |= b43_read16(dev, B43_MMIO_SHM_DATA);
394 b43_shm_control_word(dev, routing, offset);
395 ret = b43_read32(dev, B43_MMIO_SHM_DATA);
400 u32 b43_shm_read32(struct b43_wldev *dev, u16 routing, u16 offset)
402 struct b43_wl *wl = dev->wl;
406 spin_lock_irqsave(&wl->shm_lock, flags);
407 ret = __b43_shm_read32(dev, routing, offset);
408 spin_unlock_irqrestore(&wl->shm_lock, flags);
413 u16 __b43_shm_read16(struct b43_wldev *dev, u16 routing, u16 offset)
417 if (routing == B43_SHM_SHARED) {
418 B43_WARN_ON(offset & 0x0001);
419 if (offset & 0x0003) {
420 /* Unaligned access */
421 b43_shm_control_word(dev, routing, offset >> 2);
422 ret = b43_read16(dev, B43_MMIO_SHM_DATA_UNALIGNED);
428 b43_shm_control_word(dev, routing, offset);
429 ret = b43_read16(dev, B43_MMIO_SHM_DATA);
434 u16 b43_shm_read16(struct b43_wldev *dev, u16 routing, u16 offset)
436 struct b43_wl *wl = dev->wl;
440 spin_lock_irqsave(&wl->shm_lock, flags);
441 ret = __b43_shm_read16(dev, routing, offset);
442 spin_unlock_irqrestore(&wl->shm_lock, flags);
447 void __b43_shm_write32(struct b43_wldev *dev, u16 routing, u16 offset, u32 value)
449 if (routing == B43_SHM_SHARED) {
450 B43_WARN_ON(offset & 0x0001);
451 if (offset & 0x0003) {
452 /* Unaligned access */
453 b43_shm_control_word(dev, routing, offset >> 2);
454 b43_write16(dev, B43_MMIO_SHM_DATA_UNALIGNED,
455 (value >> 16) & 0xffff);
456 b43_shm_control_word(dev, routing, (offset >> 2) + 1);
457 b43_write16(dev, B43_MMIO_SHM_DATA, value & 0xffff);
462 b43_shm_control_word(dev, routing, offset);
463 b43_write32(dev, B43_MMIO_SHM_DATA, value);
466 void b43_shm_write32(struct b43_wldev *dev, u16 routing, u16 offset, u32 value)
468 struct b43_wl *wl = dev->wl;
471 spin_lock_irqsave(&wl->shm_lock, flags);
472 __b43_shm_write32(dev, routing, offset, value);
473 spin_unlock_irqrestore(&wl->shm_lock, flags);
476 void __b43_shm_write16(struct b43_wldev *dev, u16 routing, u16 offset, u16 value)
478 if (routing == B43_SHM_SHARED) {
479 B43_WARN_ON(offset & 0x0001);
480 if (offset & 0x0003) {
481 /* Unaligned access */
482 b43_shm_control_word(dev, routing, offset >> 2);
483 b43_write16(dev, B43_MMIO_SHM_DATA_UNALIGNED, value);
488 b43_shm_control_word(dev, routing, offset);
489 b43_write16(dev, B43_MMIO_SHM_DATA, value);
492 void b43_shm_write16(struct b43_wldev *dev, u16 routing, u16 offset, u16 value)
494 struct b43_wl *wl = dev->wl;
497 spin_lock_irqsave(&wl->shm_lock, flags);
498 __b43_shm_write16(dev, routing, offset, value);
499 spin_unlock_irqrestore(&wl->shm_lock, flags);
503 u64 b43_hf_read(struct b43_wldev * dev)
507 ret = b43_shm_read16(dev, B43_SHM_SHARED, B43_SHM_SH_HOSTFHI);
509 ret |= b43_shm_read16(dev, B43_SHM_SHARED, B43_SHM_SH_HOSTFMI);
511 ret |= b43_shm_read16(dev, B43_SHM_SHARED, B43_SHM_SH_HOSTFLO);
516 /* Write HostFlags */
517 void b43_hf_write(struct b43_wldev *dev, u64 value)
521 lo = (value & 0x00000000FFFFULL);
522 mi = (value & 0x0000FFFF0000ULL) >> 16;
523 hi = (value & 0xFFFF00000000ULL) >> 32;
524 b43_shm_write16(dev, B43_SHM_SHARED, B43_SHM_SH_HOSTFLO, lo);
525 b43_shm_write16(dev, B43_SHM_SHARED, B43_SHM_SH_HOSTFMI, mi);
526 b43_shm_write16(dev, B43_SHM_SHARED, B43_SHM_SH_HOSTFHI, hi);
529 void b43_tsf_read(struct b43_wldev *dev, u64 * tsf)
531 /* We need to be careful. As we read the TSF from multiple
532 * registers, we should take care of register overflows.
533 * In theory, the whole tsf read process should be atomic.
534 * We try to be atomic here, by restaring the read process,
535 * if any of the high registers changed (overflew).
537 if (dev->dev->id.revision >= 3) {
538 u32 low, high, high2;
541 high = b43_read32(dev, B43_MMIO_REV3PLUS_TSF_HIGH);
542 low = b43_read32(dev, B43_MMIO_REV3PLUS_TSF_LOW);
543 high2 = b43_read32(dev, B43_MMIO_REV3PLUS_TSF_HIGH);
544 } while (unlikely(high != high2));
552 u16 test1, test2, test3;
555 v3 = b43_read16(dev, B43_MMIO_TSF_3);
556 v2 = b43_read16(dev, B43_MMIO_TSF_2);
557 v1 = b43_read16(dev, B43_MMIO_TSF_1);
558 v0 = b43_read16(dev, B43_MMIO_TSF_0);
560 test3 = b43_read16(dev, B43_MMIO_TSF_3);
561 test2 = b43_read16(dev, B43_MMIO_TSF_2);
562 test1 = b43_read16(dev, B43_MMIO_TSF_1);
563 } while (v3 != test3 || v2 != test2 || v1 != test1);
577 static void b43_time_lock(struct b43_wldev *dev)
581 macctl = b43_read32(dev, B43_MMIO_MACCTL);
582 macctl |= B43_MACCTL_TBTTHOLD;
583 b43_write32(dev, B43_MMIO_MACCTL, macctl);
584 /* Commit the write */
585 b43_read32(dev, B43_MMIO_MACCTL);
588 static void b43_time_unlock(struct b43_wldev *dev)
592 macctl = b43_read32(dev, B43_MMIO_MACCTL);
593 macctl &= ~B43_MACCTL_TBTTHOLD;
594 b43_write32(dev, B43_MMIO_MACCTL, macctl);
595 /* Commit the write */
596 b43_read32(dev, B43_MMIO_MACCTL);
599 static void b43_tsf_write_locked(struct b43_wldev *dev, u64 tsf)
601 /* Be careful with the in-progress timer.
602 * First zero out the low register, so we have a full
603 * register-overflow duration to complete the operation.
605 if (dev->dev->id.revision >= 3) {
606 u32 lo = (tsf & 0x00000000FFFFFFFFULL);
607 u32 hi = (tsf & 0xFFFFFFFF00000000ULL) >> 32;
609 b43_write32(dev, B43_MMIO_REV3PLUS_TSF_LOW, 0);
611 b43_write32(dev, B43_MMIO_REV3PLUS_TSF_HIGH, hi);
613 b43_write32(dev, B43_MMIO_REV3PLUS_TSF_LOW, lo);
615 u16 v0 = (tsf & 0x000000000000FFFFULL);
616 u16 v1 = (tsf & 0x00000000FFFF0000ULL) >> 16;
617 u16 v2 = (tsf & 0x0000FFFF00000000ULL) >> 32;
618 u16 v3 = (tsf & 0xFFFF000000000000ULL) >> 48;
620 b43_write16(dev, B43_MMIO_TSF_0, 0);
622 b43_write16(dev, B43_MMIO_TSF_3, v3);
624 b43_write16(dev, B43_MMIO_TSF_2, v2);
626 b43_write16(dev, B43_MMIO_TSF_1, v1);
628 b43_write16(dev, B43_MMIO_TSF_0, v0);
632 void b43_tsf_write(struct b43_wldev *dev, u64 tsf)
635 b43_tsf_write_locked(dev, tsf);
636 b43_time_unlock(dev);
640 void b43_macfilter_set(struct b43_wldev *dev, u16 offset, const u8 * mac)
642 static const u8 zero_addr[ETH_ALEN] = { 0 };
649 b43_write16(dev, B43_MMIO_MACFILTER_CONTROL, offset);
653 b43_write16(dev, B43_MMIO_MACFILTER_DATA, data);
656 b43_write16(dev, B43_MMIO_MACFILTER_DATA, data);
659 b43_write16(dev, B43_MMIO_MACFILTER_DATA, data);
662 static void b43_write_mac_bssid_templates(struct b43_wldev *dev)
666 u8 mac_bssid[ETH_ALEN * 2];
670 bssid = dev->wl->bssid;
671 mac = dev->wl->mac_addr;
673 b43_macfilter_set(dev, B43_MACFILTER_BSSID, bssid);
675 memcpy(mac_bssid, mac, ETH_ALEN);
676 memcpy(mac_bssid + ETH_ALEN, bssid, ETH_ALEN);
678 /* Write our MAC address and BSSID to template ram */
679 for (i = 0; i < ARRAY_SIZE(mac_bssid); i += sizeof(u32)) {
680 tmp = (u32) (mac_bssid[i + 0]);
681 tmp |= (u32) (mac_bssid[i + 1]) << 8;
682 tmp |= (u32) (mac_bssid[i + 2]) << 16;
683 tmp |= (u32) (mac_bssid[i + 3]) << 24;
684 b43_ram_write(dev, 0x20 + i, tmp);
688 static void b43_upload_card_macaddress(struct b43_wldev *dev)
690 b43_write_mac_bssid_templates(dev);
691 b43_macfilter_set(dev, B43_MACFILTER_SELF, dev->wl->mac_addr);
694 static void b43_set_slot_time(struct b43_wldev *dev, u16 slot_time)
696 /* slot_time is in usec. */
697 if (dev->phy.type != B43_PHYTYPE_G)
699 b43_write16(dev, 0x684, 510 + slot_time);
700 b43_shm_write16(dev, B43_SHM_SHARED, 0x0010, slot_time);
703 static void b43_short_slot_timing_enable(struct b43_wldev *dev)
705 b43_set_slot_time(dev, 9);
709 static void b43_short_slot_timing_disable(struct b43_wldev *dev)
711 b43_set_slot_time(dev, 20);
715 /* Enable a Generic IRQ. "mask" is the mask of which IRQs to enable.
716 * Returns the _previously_ enabled IRQ mask.
718 static inline u32 b43_interrupt_enable(struct b43_wldev *dev, u32 mask)
722 old_mask = b43_read32(dev, B43_MMIO_GEN_IRQ_MASK);
723 b43_write32(dev, B43_MMIO_GEN_IRQ_MASK, old_mask | mask);
728 /* Disable a Generic IRQ. "mask" is the mask of which IRQs to disable.
729 * Returns the _previously_ enabled IRQ mask.
731 static inline u32 b43_interrupt_disable(struct b43_wldev *dev, u32 mask)
735 old_mask = b43_read32(dev, B43_MMIO_GEN_IRQ_MASK);
736 b43_write32(dev, B43_MMIO_GEN_IRQ_MASK, old_mask & ~mask);
741 /* Synchronize IRQ top- and bottom-half.
742 * IRQs must be masked before calling this.
743 * This must not be called with the irq_lock held.
745 static void b43_synchronize_irq(struct b43_wldev *dev)
747 synchronize_irq(dev->dev->irq);
748 tasklet_kill(&dev->isr_tasklet);
751 /* DummyTransmission function, as documented on
752 * http://bcm-specs.sipsolutions.net/DummyTransmission
754 void b43_dummy_transmission(struct b43_wldev *dev)
756 struct b43_wl *wl = dev->wl;
757 struct b43_phy *phy = &dev->phy;
758 unsigned int i, max_loop;
771 buffer[0] = 0x000201CC;
776 buffer[0] = 0x000B846E;
783 spin_lock_irq(&wl->irq_lock);
784 write_lock(&wl->tx_lock);
786 for (i = 0; i < 5; i++)
787 b43_ram_write(dev, i * 4, buffer[i]);
790 b43_read32(dev, B43_MMIO_MACCTL);
792 b43_write16(dev, 0x0568, 0x0000);
793 b43_write16(dev, 0x07C0, 0x0000);
794 value = ((phy->type == B43_PHYTYPE_A) ? 1 : 0);
795 b43_write16(dev, 0x050C, value);
796 b43_write16(dev, 0x0508, 0x0000);
797 b43_write16(dev, 0x050A, 0x0000);
798 b43_write16(dev, 0x054C, 0x0000);
799 b43_write16(dev, 0x056A, 0x0014);
800 b43_write16(dev, 0x0568, 0x0826);
801 b43_write16(dev, 0x0500, 0x0000);
802 b43_write16(dev, 0x0502, 0x0030);
804 if (phy->radio_ver == 0x2050 && phy->radio_rev <= 0x5)
805 b43_radio_write16(dev, 0x0051, 0x0017);
806 for (i = 0x00; i < max_loop; i++) {
807 value = b43_read16(dev, 0x050E);
812 for (i = 0x00; i < 0x0A; i++) {
813 value = b43_read16(dev, 0x050E);
818 for (i = 0x00; i < 0x0A; i++) {
819 value = b43_read16(dev, 0x0690);
820 if (!(value & 0x0100))
824 if (phy->radio_ver == 0x2050 && phy->radio_rev <= 0x5)
825 b43_radio_write16(dev, 0x0051, 0x0037);
827 write_unlock(&wl->tx_lock);
828 spin_unlock_irq(&wl->irq_lock);
831 static void key_write(struct b43_wldev *dev,
832 u8 index, u8 algorithm, const u8 * key)
839 /* Key index/algo block */
840 kidx = b43_kidx_to_fw(dev, index);
841 value = ((kidx << 4) | algorithm);
842 b43_shm_write16(dev, B43_SHM_SHARED,
843 B43_SHM_SH_KEYIDXBLOCK + (kidx * 2), value);
845 /* Write the key to the Key Table Pointer offset */
846 offset = dev->ktp + (index * B43_SEC_KEYSIZE);
847 for (i = 0; i < B43_SEC_KEYSIZE; i += 2) {
849 value |= (u16) (key[i + 1]) << 8;
850 b43_shm_write16(dev, B43_SHM_SHARED, offset + i, value);
854 static void keymac_write(struct b43_wldev *dev, u8 index, const u8 * addr)
856 u32 addrtmp[2] = { 0, 0, };
857 u8 per_sta_keys_start = 8;
859 if (b43_new_kidx_api(dev))
860 per_sta_keys_start = 4;
862 B43_WARN_ON(index < per_sta_keys_start);
863 /* We have two default TX keys and possibly two default RX keys.
864 * Physical mac 0 is mapped to physical key 4 or 8, depending
865 * on the firmware version.
866 * So we must adjust the index here.
868 index -= per_sta_keys_start;
871 addrtmp[0] = addr[0];
872 addrtmp[0] |= ((u32) (addr[1]) << 8);
873 addrtmp[0] |= ((u32) (addr[2]) << 16);
874 addrtmp[0] |= ((u32) (addr[3]) << 24);
875 addrtmp[1] = addr[4];
876 addrtmp[1] |= ((u32) (addr[5]) << 8);
879 if (dev->dev->id.revision >= 5) {
880 /* Receive match transmitter address mechanism */
881 b43_shm_write32(dev, B43_SHM_RCMTA,
882 (index * 2) + 0, addrtmp[0]);
883 b43_shm_write16(dev, B43_SHM_RCMTA,
884 (index * 2) + 1, addrtmp[1]);
886 /* RXE (Receive Engine) and
887 * PSM (Programmable State Machine) mechanism
890 /* TODO write to RCM 16, 19, 22 and 25 */
892 b43_shm_write32(dev, B43_SHM_SHARED,
893 B43_SHM_SH_PSM + (index * 6) + 0,
895 b43_shm_write16(dev, B43_SHM_SHARED,
896 B43_SHM_SH_PSM + (index * 6) + 4,
902 static void do_key_write(struct b43_wldev *dev,
903 u8 index, u8 algorithm,
904 const u8 * key, size_t key_len, const u8 * mac_addr)
906 u8 buf[B43_SEC_KEYSIZE] = { 0, };
907 u8 per_sta_keys_start = 8;
909 if (b43_new_kidx_api(dev))
910 per_sta_keys_start = 4;
912 B43_WARN_ON(index >= dev->max_nr_keys);
913 B43_WARN_ON(key_len > B43_SEC_KEYSIZE);
915 if (index >= per_sta_keys_start)
916 keymac_write(dev, index, NULL); /* First zero out mac. */
918 memcpy(buf, key, key_len);
919 key_write(dev, index, algorithm, buf);
920 if (index >= per_sta_keys_start)
921 keymac_write(dev, index, mac_addr);
923 dev->key[index].algorithm = algorithm;
926 static int b43_key_write(struct b43_wldev *dev,
927 int index, u8 algorithm,
928 const u8 * key, size_t key_len,
930 struct ieee80211_key_conf *keyconf)
935 if (key_len > B43_SEC_KEYSIZE)
937 for (i = 0; i < dev->max_nr_keys; i++) {
938 /* Check that we don't already have this key. */
939 B43_WARN_ON(dev->key[i].keyconf == keyconf);
942 /* Either pairwise key or address is 00:00:00:00:00:00
943 * for transmit-only keys. Search the index. */
944 if (b43_new_kidx_api(dev))
948 for (i = sta_keys_start; i < dev->max_nr_keys; i++) {
949 if (!dev->key[i].keyconf) {
956 b43err(dev->wl, "Out of hardware key memory\n");
960 B43_WARN_ON(index > 3);
962 do_key_write(dev, index, algorithm, key, key_len, mac_addr);
963 if ((index <= 3) && !b43_new_kidx_api(dev)) {
965 B43_WARN_ON(mac_addr);
966 do_key_write(dev, index + 4, algorithm, key, key_len, NULL);
968 keyconf->hw_key_idx = index;
969 dev->key[index].keyconf = keyconf;
974 static int b43_key_clear(struct b43_wldev *dev, int index)
976 if (B43_WARN_ON((index < 0) || (index >= dev->max_nr_keys)))
978 do_key_write(dev, index, B43_SEC_ALGO_NONE,
979 NULL, B43_SEC_KEYSIZE, NULL);
980 if ((index <= 3) && !b43_new_kidx_api(dev)) {
981 do_key_write(dev, index + 4, B43_SEC_ALGO_NONE,
982 NULL, B43_SEC_KEYSIZE, NULL);
984 dev->key[index].keyconf = NULL;
989 static void b43_clear_keys(struct b43_wldev *dev)
993 for (i = 0; i < dev->max_nr_keys; i++)
994 b43_key_clear(dev, i);
997 void b43_power_saving_ctl_bits(struct b43_wldev *dev, unsigned int ps_flags)
1005 B43_WARN_ON((ps_flags & B43_PS_ENABLED) &&
1006 (ps_flags & B43_PS_DISABLED));
1007 B43_WARN_ON((ps_flags & B43_PS_AWAKE) && (ps_flags & B43_PS_ASLEEP));
1009 if (ps_flags & B43_PS_ENABLED) {
1011 } else if (ps_flags & B43_PS_DISABLED) {
1014 //TODO: If powersave is not off and FIXME is not set and we are not in adhoc
1015 // and thus is not an AP and we are associated, set bit 25
1017 if (ps_flags & B43_PS_AWAKE) {
1019 } else if (ps_flags & B43_PS_ASLEEP) {
1022 //TODO: If the device is awake or this is an AP, or we are scanning, or FIXME,
1023 // or we are associated, or FIXME, or the latest PS-Poll packet sent was
1024 // successful, set bit26
1027 /* FIXME: For now we force awake-on and hwps-off */
1031 macctl = b43_read32(dev, B43_MMIO_MACCTL);
1033 macctl |= B43_MACCTL_HWPS;
1035 macctl &= ~B43_MACCTL_HWPS;
1037 macctl |= B43_MACCTL_AWAKE;
1039 macctl &= ~B43_MACCTL_AWAKE;
1040 b43_write32(dev, B43_MMIO_MACCTL, macctl);
1042 b43_read32(dev, B43_MMIO_MACCTL);
1043 if (awake && dev->dev->id.revision >= 5) {
1044 /* Wait for the microcode to wake up. */
1045 for (i = 0; i < 100; i++) {
1046 ucstat = b43_shm_read16(dev, B43_SHM_SHARED,
1047 B43_SHM_SH_UCODESTAT);
1048 if (ucstat != B43_SHM_SH_UCODESTAT_SLEEP)
1055 /* Turn the Analog ON/OFF */
1056 static void b43_switch_analog(struct b43_wldev *dev, int on)
1058 switch (dev->phy.type) {
1061 b43_write16(dev, B43_MMIO_PHY0, on ? 0 : 0xF4);
1064 b43_phy_write(dev, B43_NPHY_AFECTL_OVER,
1072 void b43_wireless_core_reset(struct b43_wldev *dev, u32 flags)
1077 flags |= B43_TMSLOW_PHYCLKEN;
1078 flags |= B43_TMSLOW_PHYRESET;
1079 ssb_device_enable(dev->dev, flags);
1080 msleep(2); /* Wait for the PLL to turn on. */
1082 /* Now take the PHY out of Reset again */
1083 tmslow = ssb_read32(dev->dev, SSB_TMSLOW);
1084 tmslow |= SSB_TMSLOW_FGC;
1085 tmslow &= ~B43_TMSLOW_PHYRESET;
1086 ssb_write32(dev->dev, SSB_TMSLOW, tmslow);
1087 ssb_read32(dev->dev, SSB_TMSLOW); /* flush */
1089 tmslow &= ~SSB_TMSLOW_FGC;
1090 ssb_write32(dev->dev, SSB_TMSLOW, tmslow);
1091 ssb_read32(dev->dev, SSB_TMSLOW); /* flush */
1094 /* Turn Analog ON */
1095 b43_switch_analog(dev, 1);
1097 macctl = b43_read32(dev, B43_MMIO_MACCTL);
1098 macctl &= ~B43_MACCTL_GMODE;
1099 if (flags & B43_TMSLOW_GMODE)
1100 macctl |= B43_MACCTL_GMODE;
1101 macctl |= B43_MACCTL_IHR_ENABLED;
1102 b43_write32(dev, B43_MMIO_MACCTL, macctl);
1105 static void handle_irq_transmit_status(struct b43_wldev *dev)
1109 struct b43_txstatus stat;
1112 v0 = b43_read32(dev, B43_MMIO_XMITSTAT_0);
1113 if (!(v0 & 0x00000001))
1115 v1 = b43_read32(dev, B43_MMIO_XMITSTAT_1);
1117 stat.cookie = (v0 >> 16);
1118 stat.seq = (v1 & 0x0000FFFF);
1119 stat.phy_stat = ((v1 & 0x00FF0000) >> 16);
1120 tmp = (v0 & 0x0000FFFF);
1121 stat.frame_count = ((tmp & 0xF000) >> 12);
1122 stat.rts_count = ((tmp & 0x0F00) >> 8);
1123 stat.supp_reason = ((tmp & 0x001C) >> 2);
1124 stat.pm_indicated = !!(tmp & 0x0080);
1125 stat.intermediate = !!(tmp & 0x0040);
1126 stat.for_ampdu = !!(tmp & 0x0020);
1127 stat.acked = !!(tmp & 0x0002);
1129 b43_handle_txstatus(dev, &stat);
1133 static void drain_txstatus_queue(struct b43_wldev *dev)
1137 if (dev->dev->id.revision < 5)
1139 /* Read all entries from the microcode TXstatus FIFO
1140 * and throw them away.
1143 dummy = b43_read32(dev, B43_MMIO_XMITSTAT_0);
1144 if (!(dummy & 0x00000001))
1146 dummy = b43_read32(dev, B43_MMIO_XMITSTAT_1);
1150 static u32 b43_jssi_read(struct b43_wldev *dev)
1154 val = b43_shm_read16(dev, B43_SHM_SHARED, 0x08A);
1156 val |= b43_shm_read16(dev, B43_SHM_SHARED, 0x088);
1161 static void b43_jssi_write(struct b43_wldev *dev, u32 jssi)
1163 b43_shm_write16(dev, B43_SHM_SHARED, 0x088, (jssi & 0x0000FFFF));
1164 b43_shm_write16(dev, B43_SHM_SHARED, 0x08A, (jssi & 0xFFFF0000) >> 16);
1167 static void b43_generate_noise_sample(struct b43_wldev *dev)
1169 b43_jssi_write(dev, 0x7F7F7F7F);
1170 b43_write32(dev, B43_MMIO_MACCMD,
1171 b43_read32(dev, B43_MMIO_MACCMD) | B43_MACCMD_BGNOISE);
1174 static void b43_calculate_link_quality(struct b43_wldev *dev)
1176 /* Top half of Link Quality calculation. */
1178 if (dev->noisecalc.calculation_running)
1180 dev->noisecalc.calculation_running = 1;
1181 dev->noisecalc.nr_samples = 0;
1183 b43_generate_noise_sample(dev);
1186 static void handle_irq_noise(struct b43_wldev *dev)
1188 struct b43_phy *phy = &dev->phy;
1194 /* Bottom half of Link Quality calculation. */
1196 /* Possible race condition: It might be possible that the user
1197 * changed to a different channel in the meantime since we
1198 * started the calculation. We ignore that fact, since it's
1199 * not really that much of a problem. The background noise is
1200 * an estimation only anyway. Slightly wrong results will get damped
1201 * by the averaging of the 8 sample rounds. Additionally the
1202 * value is shortlived. So it will be replaced by the next noise
1203 * calculation round soon. */
1205 B43_WARN_ON(!dev->noisecalc.calculation_running);
1206 *((__le32 *)noise) = cpu_to_le32(b43_jssi_read(dev));
1207 if (noise[0] == 0x7F || noise[1] == 0x7F ||
1208 noise[2] == 0x7F || noise[3] == 0x7F)
1211 /* Get the noise samples. */
1212 B43_WARN_ON(dev->noisecalc.nr_samples >= 8);
1213 i = dev->noisecalc.nr_samples;
1214 noise[0] = clamp_val(noise[0], 0, ARRAY_SIZE(phy->nrssi_lt) - 1);
1215 noise[1] = clamp_val(noise[1], 0, ARRAY_SIZE(phy->nrssi_lt) - 1);
1216 noise[2] = clamp_val(noise[2], 0, ARRAY_SIZE(phy->nrssi_lt) - 1);
1217 noise[3] = clamp_val(noise[3], 0, ARRAY_SIZE(phy->nrssi_lt) - 1);
1218 dev->noisecalc.samples[i][0] = phy->nrssi_lt[noise[0]];
1219 dev->noisecalc.samples[i][1] = phy->nrssi_lt[noise[1]];
1220 dev->noisecalc.samples[i][2] = phy->nrssi_lt[noise[2]];
1221 dev->noisecalc.samples[i][3] = phy->nrssi_lt[noise[3]];
1222 dev->noisecalc.nr_samples++;
1223 if (dev->noisecalc.nr_samples == 8) {
1224 /* Calculate the Link Quality by the noise samples. */
1226 for (i = 0; i < 8; i++) {
1227 for (j = 0; j < 4; j++)
1228 average += dev->noisecalc.samples[i][j];
1234 tmp = b43_shm_read16(dev, B43_SHM_SHARED, 0x40C);
1235 tmp = (tmp / 128) & 0x1F;
1245 dev->stats.link_noise = average;
1246 dev->noisecalc.calculation_running = 0;
1250 b43_generate_noise_sample(dev);
1253 static void handle_irq_tbtt_indication(struct b43_wldev *dev)
1255 if (b43_is_mode(dev->wl, IEEE80211_IF_TYPE_AP)) {
1258 if (1 /*FIXME: the last PSpoll frame was sent successfully */ )
1259 b43_power_saving_ctl_bits(dev, 0);
1261 if (b43_is_mode(dev->wl, IEEE80211_IF_TYPE_IBSS))
1265 static void handle_irq_atim_end(struct b43_wldev *dev)
1267 if (dev->dfq_valid) {
1268 b43_write32(dev, B43_MMIO_MACCMD,
1269 b43_read32(dev, B43_MMIO_MACCMD)
1270 | B43_MACCMD_DFQ_VALID);
1275 static void handle_irq_pmq(struct b43_wldev *dev)
1282 tmp = b43_read32(dev, B43_MMIO_PS_STATUS);
1283 if (!(tmp & 0x00000008))
1286 /* 16bit write is odd, but correct. */
1287 b43_write16(dev, B43_MMIO_PS_STATUS, 0x0002);
1290 static void b43_write_template_common(struct b43_wldev *dev,
1291 const u8 * data, u16 size,
1293 u16 shm_size_offset, u8 rate)
1296 struct b43_plcp_hdr4 plcp;
1299 b43_generate_plcp_hdr(&plcp, size + FCS_LEN, rate);
1300 b43_ram_write(dev, ram_offset, le32_to_cpu(plcp.data));
1301 ram_offset += sizeof(u32);
1302 /* The PLCP is 6 bytes long, but we only wrote 4 bytes, yet.
1303 * So leave the first two bytes of the next write blank.
1305 tmp = (u32) (data[0]) << 16;
1306 tmp |= (u32) (data[1]) << 24;
1307 b43_ram_write(dev, ram_offset, tmp);
1308 ram_offset += sizeof(u32);
1309 for (i = 2; i < size; i += sizeof(u32)) {
1310 tmp = (u32) (data[i + 0]);
1312 tmp |= (u32) (data[i + 1]) << 8;
1314 tmp |= (u32) (data[i + 2]) << 16;
1316 tmp |= (u32) (data[i + 3]) << 24;
1317 b43_ram_write(dev, ram_offset + i - 2, tmp);
1319 b43_shm_write16(dev, B43_SHM_SHARED, shm_size_offset,
1320 size + sizeof(struct b43_plcp_hdr6));
1323 /* Check if the use of the antenna that ieee80211 told us to
1324 * use is possible. This will fall back to DEFAULT.
1325 * "antenna_nr" is the antenna identifier we got from ieee80211. */
1326 u8 b43_ieee80211_antenna_sanitize(struct b43_wldev *dev,
1331 if (antenna_nr == 0) {
1332 /* Zero means "use default antenna". That's always OK. */
1336 /* Get the mask of available antennas. */
1338 antenna_mask = dev->dev->bus->sprom.ant_available_bg;
1340 antenna_mask = dev->dev->bus->sprom.ant_available_a;
1342 if (!(antenna_mask & (1 << (antenna_nr - 1)))) {
1343 /* This antenna is not available. Fall back to default. */
1350 static int b43_antenna_from_ieee80211(struct b43_wldev *dev, u8 antenna)
1352 antenna = b43_ieee80211_antenna_sanitize(dev, antenna);
1354 case 0: /* default/diversity */
1355 return B43_ANTENNA_DEFAULT;
1356 case 1: /* Antenna 0 */
1357 return B43_ANTENNA0;
1358 case 2: /* Antenna 1 */
1359 return B43_ANTENNA1;
1360 case 3: /* Antenna 2 */
1361 return B43_ANTENNA2;
1362 case 4: /* Antenna 3 */
1363 return B43_ANTENNA3;
1365 return B43_ANTENNA_DEFAULT;
1369 /* Convert a b43 antenna number value to the PHY TX control value. */
1370 static u16 b43_antenna_to_phyctl(int antenna)
1374 return B43_TXH_PHY_ANT0;
1376 return B43_TXH_PHY_ANT1;
1378 return B43_TXH_PHY_ANT2;
1380 return B43_TXH_PHY_ANT3;
1381 case B43_ANTENNA_AUTO:
1382 return B43_TXH_PHY_ANT01AUTO;
1388 static void b43_write_beacon_template(struct b43_wldev *dev,
1390 u16 shm_size_offset)
1392 unsigned int i, len, variable_len;
1393 const struct ieee80211_mgmt *bcn;
1399 struct ieee80211_tx_info *info = IEEE80211_SKB_CB(dev->wl->current_beacon);
1401 bcn = (const struct ieee80211_mgmt *)(dev->wl->current_beacon->data);
1402 len = min((size_t) dev->wl->current_beacon->len,
1403 0x200 - sizeof(struct b43_plcp_hdr6));
1404 rate = ieee80211_get_tx_rate(dev->wl->hw, info)->hw_value;
1406 b43_write_template_common(dev, (const u8 *)bcn,
1407 len, ram_offset, shm_size_offset, rate);
1409 /* Write the PHY TX control parameters. */
1410 antenna = b43_antenna_from_ieee80211(dev, info->antenna_sel_tx);
1411 antenna = b43_antenna_to_phyctl(antenna);
1412 ctl = b43_shm_read16(dev, B43_SHM_SHARED, B43_SHM_SH_BEACPHYCTL);
1413 /* We can't send beacons with short preamble. Would get PHY errors. */
1414 ctl &= ~B43_TXH_PHY_SHORTPRMBL;
1415 ctl &= ~B43_TXH_PHY_ANT;
1416 ctl &= ~B43_TXH_PHY_ENC;
1418 if (b43_is_cck_rate(rate))
1419 ctl |= B43_TXH_PHY_ENC_CCK;
1421 ctl |= B43_TXH_PHY_ENC_OFDM;
1422 b43_shm_write16(dev, B43_SHM_SHARED, B43_SHM_SH_BEACPHYCTL, ctl);
1424 /* Find the position of the TIM and the DTIM_period value
1425 * and write them to SHM. */
1426 ie = bcn->u.beacon.variable;
1427 variable_len = len - offsetof(struct ieee80211_mgmt, u.beacon.variable);
1428 for (i = 0; i < variable_len - 2; ) {
1429 uint8_t ie_id, ie_len;
1436 /* This is the TIM Information Element */
1438 /* Check whether the ie_len is in the beacon data range. */
1439 if (variable_len < ie_len + 2 + i)
1441 /* A valid TIM is at least 4 bytes long. */
1446 tim_position = sizeof(struct b43_plcp_hdr6);
1447 tim_position += offsetof(struct ieee80211_mgmt, u.beacon.variable);
1450 dtim_period = ie[i + 3];
1452 b43_shm_write16(dev, B43_SHM_SHARED,
1453 B43_SHM_SH_TIMBPOS, tim_position);
1454 b43_shm_write16(dev, B43_SHM_SHARED,
1455 B43_SHM_SH_DTIMPER, dtim_period);
1462 * If ucode wants to modify TIM do it behind the beacon, this
1463 * will happen, for example, when doing mesh networking.
1465 b43_shm_write16(dev, B43_SHM_SHARED,
1467 len + sizeof(struct b43_plcp_hdr6));
1468 b43_shm_write16(dev, B43_SHM_SHARED,
1469 B43_SHM_SH_DTIMPER, 0);
1471 b43dbg(dev->wl, "Updated beacon template at 0x%x\n", ram_offset);
1474 static void b43_write_probe_resp_plcp(struct b43_wldev *dev,
1475 u16 shm_offset, u16 size,
1476 struct ieee80211_rate *rate)
1478 struct b43_plcp_hdr4 plcp;
1483 b43_generate_plcp_hdr(&plcp, size + FCS_LEN, rate->hw_value);
1484 dur = ieee80211_generic_frame_duration(dev->wl->hw,
1487 /* Write PLCP in two parts and timing for packet transfer */
1488 tmp = le32_to_cpu(plcp.data);
1489 b43_shm_write16(dev, B43_SHM_SHARED, shm_offset, tmp & 0xFFFF);
1490 b43_shm_write16(dev, B43_SHM_SHARED, shm_offset + 2, tmp >> 16);
1491 b43_shm_write16(dev, B43_SHM_SHARED, shm_offset + 6, le16_to_cpu(dur));
1494 /* Instead of using custom probe response template, this function
1495 * just patches custom beacon template by:
1496 * 1) Changing packet type
1497 * 2) Patching duration field
1500 static const u8 * b43_generate_probe_resp(struct b43_wldev *dev,
1502 struct ieee80211_rate *rate)
1506 u16 src_size, elem_size, src_pos, dest_pos;
1508 struct ieee80211_hdr *hdr;
1511 src_size = dev->wl->current_beacon->len;
1512 src_data = (const u8 *)dev->wl->current_beacon->data;
1514 /* Get the start offset of the variable IEs in the packet. */
1515 ie_start = offsetof(struct ieee80211_mgmt, u.probe_resp.variable);
1516 B43_WARN_ON(ie_start != offsetof(struct ieee80211_mgmt, u.beacon.variable));
1518 if (B43_WARN_ON(src_size < ie_start))
1521 dest_data = kmalloc(src_size, GFP_ATOMIC);
1522 if (unlikely(!dest_data))
1525 /* Copy the static data and all Information Elements, except the TIM. */
1526 memcpy(dest_data, src_data, ie_start);
1528 dest_pos = ie_start;
1529 for ( ; src_pos < src_size - 2; src_pos += elem_size) {
1530 elem_size = src_data[src_pos + 1] + 2;
1531 if (src_data[src_pos] == 5) {
1532 /* This is the TIM. */
1535 memcpy(dest_data + dest_pos, src_data + src_pos,
1537 dest_pos += elem_size;
1539 *dest_size = dest_pos;
1540 hdr = (struct ieee80211_hdr *)dest_data;
1542 /* Set the frame control. */
1543 hdr->frame_control = cpu_to_le16(IEEE80211_FTYPE_MGMT |
1544 IEEE80211_STYPE_PROBE_RESP);
1545 dur = ieee80211_generic_frame_duration(dev->wl->hw,
1546 dev->wl->vif, *dest_size,
1548 hdr->duration_id = dur;
1553 static void b43_write_probe_resp_template(struct b43_wldev *dev,
1555 u16 shm_size_offset,
1556 struct ieee80211_rate *rate)
1558 const u8 *probe_resp_data;
1561 size = dev->wl->current_beacon->len;
1562 probe_resp_data = b43_generate_probe_resp(dev, &size, rate);
1563 if (unlikely(!probe_resp_data))
1566 /* Looks like PLCP headers plus packet timings are stored for
1567 * all possible basic rates
1569 b43_write_probe_resp_plcp(dev, 0x31A, size, &b43_b_ratetable[0]);
1570 b43_write_probe_resp_plcp(dev, 0x32C, size, &b43_b_ratetable[1]);
1571 b43_write_probe_resp_plcp(dev, 0x33E, size, &b43_b_ratetable[2]);
1572 b43_write_probe_resp_plcp(dev, 0x350, size, &b43_b_ratetable[3]);
1574 size = min((size_t) size, 0x200 - sizeof(struct b43_plcp_hdr6));
1575 b43_write_template_common(dev, probe_resp_data,
1576 size, ram_offset, shm_size_offset,
1578 kfree(probe_resp_data);
1581 static void b43_upload_beacon0(struct b43_wldev *dev)
1583 struct b43_wl *wl = dev->wl;
1585 if (wl->beacon0_uploaded)
1587 b43_write_beacon_template(dev, 0x68, 0x18);
1588 /* FIXME: Probe resp upload doesn't really belong here,
1589 * but we don't use that feature anyway. */
1590 b43_write_probe_resp_template(dev, 0x268, 0x4A,
1591 &__b43_ratetable[3]);
1592 wl->beacon0_uploaded = 1;
1595 static void b43_upload_beacon1(struct b43_wldev *dev)
1597 struct b43_wl *wl = dev->wl;
1599 if (wl->beacon1_uploaded)
1601 b43_write_beacon_template(dev, 0x468, 0x1A);
1602 wl->beacon1_uploaded = 1;
1605 static void handle_irq_beacon(struct b43_wldev *dev)
1607 struct b43_wl *wl = dev->wl;
1608 u32 cmd, beacon0_valid, beacon1_valid;
1610 if (!b43_is_mode(wl, IEEE80211_IF_TYPE_AP) &&
1611 !b43_is_mode(wl, IEEE80211_IF_TYPE_MESH_POINT))
1614 /* This is the bottom half of the asynchronous beacon update. */
1616 /* Ignore interrupt in the future. */
1617 dev->irq_savedstate &= ~B43_IRQ_BEACON;
1619 cmd = b43_read32(dev, B43_MMIO_MACCMD);
1620 beacon0_valid = (cmd & B43_MACCMD_BEACON0_VALID);
1621 beacon1_valid = (cmd & B43_MACCMD_BEACON1_VALID);
1623 /* Schedule interrupt manually, if busy. */
1624 if (beacon0_valid && beacon1_valid) {
1625 b43_write32(dev, B43_MMIO_GEN_IRQ_REASON, B43_IRQ_BEACON);
1626 dev->irq_savedstate |= B43_IRQ_BEACON;
1630 if (unlikely(wl->beacon_templates_virgin)) {
1631 /* We never uploaded a beacon before.
1632 * Upload both templates now, but only mark one valid. */
1633 wl->beacon_templates_virgin = 0;
1634 b43_upload_beacon0(dev);
1635 b43_upload_beacon1(dev);
1636 cmd = b43_read32(dev, B43_MMIO_MACCMD);
1637 cmd |= B43_MACCMD_BEACON0_VALID;
1638 b43_write32(dev, B43_MMIO_MACCMD, cmd);
1640 if (!beacon0_valid) {
1641 b43_upload_beacon0(dev);
1642 cmd = b43_read32(dev, B43_MMIO_MACCMD);
1643 cmd |= B43_MACCMD_BEACON0_VALID;
1644 b43_write32(dev, B43_MMIO_MACCMD, cmd);
1645 } else if (!beacon1_valid) {
1646 b43_upload_beacon1(dev);
1647 cmd = b43_read32(dev, B43_MMIO_MACCMD);
1648 cmd |= B43_MACCMD_BEACON1_VALID;
1649 b43_write32(dev, B43_MMIO_MACCMD, cmd);
1654 static void b43_beacon_update_trigger_work(struct work_struct *work)
1656 struct b43_wl *wl = container_of(work, struct b43_wl,
1657 beacon_update_trigger);
1658 struct b43_wldev *dev;
1660 mutex_lock(&wl->mutex);
1661 dev = wl->current_dev;
1662 if (likely(dev && (b43_status(dev) >= B43_STAT_INITIALIZED))) {
1663 spin_lock_irq(&wl->irq_lock);
1664 /* update beacon right away or defer to irq */
1665 dev->irq_savedstate = b43_read32(dev, B43_MMIO_GEN_IRQ_MASK);
1666 handle_irq_beacon(dev);
1667 /* The handler might have updated the IRQ mask. */
1668 b43_write32(dev, B43_MMIO_GEN_IRQ_MASK,
1669 dev->irq_savedstate);
1671 spin_unlock_irq(&wl->irq_lock);
1673 mutex_unlock(&wl->mutex);
1676 /* Asynchronously update the packet templates in template RAM.
1677 * Locking: Requires wl->irq_lock to be locked. */
1678 static void b43_update_templates(struct b43_wl *wl)
1680 struct sk_buff *beacon;
1682 /* This is the top half of the ansynchronous beacon update.
1683 * The bottom half is the beacon IRQ.
1684 * Beacon update must be asynchronous to avoid sending an
1685 * invalid beacon. This can happen for example, if the firmware
1686 * transmits a beacon while we are updating it. */
1688 /* We could modify the existing beacon and set the aid bit in
1689 * the TIM field, but that would probably require resizing and
1690 * moving of data within the beacon template.
1691 * Simply request a new beacon and let mac80211 do the hard work. */
1692 beacon = ieee80211_beacon_get(wl->hw, wl->vif);
1693 if (unlikely(!beacon))
1696 if (wl->current_beacon)
1697 dev_kfree_skb_any(wl->current_beacon);
1698 wl->current_beacon = beacon;
1699 wl->beacon0_uploaded = 0;
1700 wl->beacon1_uploaded = 0;
1701 queue_work(wl->hw->workqueue, &wl->beacon_update_trigger);
1704 static void b43_set_ssid(struct b43_wldev *dev, const u8 * ssid, u8 ssid_len)
1709 len = min((u16) ssid_len, (u16) 0x100);
1710 for (i = 0; i < len; i += sizeof(u32)) {
1711 tmp = (u32) (ssid[i + 0]);
1713 tmp |= (u32) (ssid[i + 1]) << 8;
1715 tmp |= (u32) (ssid[i + 2]) << 16;
1717 tmp |= (u32) (ssid[i + 3]) << 24;
1718 b43_shm_write32(dev, B43_SHM_SHARED, 0x380 + i, tmp);
1720 b43_shm_write16(dev, B43_SHM_SHARED, 0x48, len);
1723 static void b43_set_beacon_int(struct b43_wldev *dev, u16 beacon_int)
1726 if (dev->dev->id.revision >= 3) {
1727 b43_write32(dev, B43_MMIO_TSF_CFP_REP, (beacon_int << 16));
1728 b43_write32(dev, B43_MMIO_TSF_CFP_START, (beacon_int << 10));
1730 b43_write16(dev, 0x606, (beacon_int >> 6));
1731 b43_write16(dev, 0x610, beacon_int);
1733 b43_time_unlock(dev);
1734 b43dbg(dev->wl, "Set beacon interval to %u\n", beacon_int);
1737 static void b43_handle_firmware_panic(struct b43_wldev *dev)
1741 /* Read the register that contains the reason code for the panic. */
1742 reason = b43_shm_read16(dev, B43_SHM_SCRATCH, B43_FWPANIC_REASON_REG);
1743 b43err(dev->wl, "Whoopsy, firmware panic! Reason: %u\n", reason);
1747 b43dbg(dev->wl, "The panic reason is unknown.\n");
1749 case B43_FWPANIC_DIE:
1750 /* Do not restart the controller or firmware.
1751 * The device is nonfunctional from now on.
1752 * Restarting would result in this panic to trigger again,
1753 * so we avoid that recursion. */
1755 case B43_FWPANIC_RESTART:
1756 b43_controller_restart(dev, "Microcode panic");
1761 static void handle_irq_ucode_debug(struct b43_wldev *dev)
1763 unsigned int i, cnt;
1764 u16 reason, marker_id, marker_line;
1767 /* The proprietary firmware doesn't have this IRQ. */
1768 if (!dev->fw.opensource)
1771 /* Read the register that contains the reason code for this IRQ. */
1772 reason = b43_shm_read16(dev, B43_SHM_SCRATCH, B43_DEBUGIRQ_REASON_REG);
1775 case B43_DEBUGIRQ_PANIC:
1776 b43_handle_firmware_panic(dev);
1778 case B43_DEBUGIRQ_DUMP_SHM:
1780 break; /* Only with driver debugging enabled. */
1781 buf = kmalloc(4096, GFP_ATOMIC);
1783 b43dbg(dev->wl, "SHM-dump: Failed to allocate memory\n");
1786 for (i = 0; i < 4096; i += 2) {
1787 u16 tmp = b43_shm_read16(dev, B43_SHM_SHARED, i);
1788 buf[i / 2] = cpu_to_le16(tmp);
1790 b43info(dev->wl, "Shared memory dump:\n");
1791 print_hex_dump(KERN_INFO, "", DUMP_PREFIX_OFFSET,
1792 16, 2, buf, 4096, 1);
1795 case B43_DEBUGIRQ_DUMP_REGS:
1797 break; /* Only with driver debugging enabled. */
1798 b43info(dev->wl, "Microcode register dump:\n");
1799 for (i = 0, cnt = 0; i < 64; i++) {
1800 u16 tmp = b43_shm_read16(dev, B43_SHM_SCRATCH, i);
1803 printk("r%02u: 0x%04X ", i, tmp);
1812 case B43_DEBUGIRQ_MARKER:
1814 break; /* Only with driver debugging enabled. */
1815 marker_id = b43_shm_read16(dev, B43_SHM_SCRATCH,
1817 marker_line = b43_shm_read16(dev, B43_SHM_SCRATCH,
1818 B43_MARKER_LINE_REG);
1819 b43info(dev->wl, "The firmware just executed the MARKER(%u) "
1820 "at line number %u\n",
1821 marker_id, marker_line);
1824 b43dbg(dev->wl, "Debug-IRQ triggered for unknown reason: %u\n",
1828 /* Acknowledge the debug-IRQ, so the firmware can continue. */
1829 b43_shm_write16(dev, B43_SHM_SCRATCH,
1830 B43_DEBUGIRQ_REASON_REG, B43_DEBUGIRQ_ACK);
1833 /* Interrupt handler bottom-half */
1834 static void b43_interrupt_tasklet(struct b43_wldev *dev)
1837 u32 dma_reason[ARRAY_SIZE(dev->dma_reason)];
1838 u32 merged_dma_reason = 0;
1840 unsigned long flags;
1842 spin_lock_irqsave(&dev->wl->irq_lock, flags);
1844 B43_WARN_ON(b43_status(dev) != B43_STAT_STARTED);
1846 reason = dev->irq_reason;
1847 for (i = 0; i < ARRAY_SIZE(dma_reason); i++) {
1848 dma_reason[i] = dev->dma_reason[i];
1849 merged_dma_reason |= dma_reason[i];
1852 if (unlikely(reason & B43_IRQ_MAC_TXERR))
1853 b43err(dev->wl, "MAC transmission error\n");
1855 if (unlikely(reason & B43_IRQ_PHY_TXERR)) {
1856 b43err(dev->wl, "PHY transmission error\n");
1858 if (unlikely(atomic_dec_and_test(&dev->phy.txerr_cnt))) {
1859 atomic_set(&dev->phy.txerr_cnt,
1860 B43_PHY_TX_BADNESS_LIMIT);
1861 b43err(dev->wl, "Too many PHY TX errors, "
1862 "restarting the controller\n");
1863 b43_controller_restart(dev, "PHY TX errors");
1867 if (unlikely(merged_dma_reason & (B43_DMAIRQ_FATALMASK |
1868 B43_DMAIRQ_NONFATALMASK))) {
1869 if (merged_dma_reason & B43_DMAIRQ_FATALMASK) {
1870 b43err(dev->wl, "Fatal DMA error: "
1871 "0x%08X, 0x%08X, 0x%08X, "
1872 "0x%08X, 0x%08X, 0x%08X\n",
1873 dma_reason[0], dma_reason[1],
1874 dma_reason[2], dma_reason[3],
1875 dma_reason[4], dma_reason[5]);
1876 b43_controller_restart(dev, "DMA error");
1878 spin_unlock_irqrestore(&dev->wl->irq_lock, flags);
1881 if (merged_dma_reason & B43_DMAIRQ_NONFATALMASK) {
1882 b43err(dev->wl, "DMA error: "
1883 "0x%08X, 0x%08X, 0x%08X, "
1884 "0x%08X, 0x%08X, 0x%08X\n",
1885 dma_reason[0], dma_reason[1],
1886 dma_reason[2], dma_reason[3],
1887 dma_reason[4], dma_reason[5]);
1891 if (unlikely(reason & B43_IRQ_UCODE_DEBUG))
1892 handle_irq_ucode_debug(dev);
1893 if (reason & B43_IRQ_TBTT_INDI)
1894 handle_irq_tbtt_indication(dev);
1895 if (reason & B43_IRQ_ATIM_END)
1896 handle_irq_atim_end(dev);
1897 if (reason & B43_IRQ_BEACON)
1898 handle_irq_beacon(dev);
1899 if (reason & B43_IRQ_PMQ)
1900 handle_irq_pmq(dev);
1901 if (reason & B43_IRQ_TXFIFO_FLUSH_OK)
1903 if (reason & B43_IRQ_NOISESAMPLE_OK)
1904 handle_irq_noise(dev);
1906 /* Check the DMA reason registers for received data. */
1907 if (dma_reason[0] & B43_DMAIRQ_RX_DONE) {
1908 if (b43_using_pio_transfers(dev))
1909 b43_pio_rx(dev->pio.rx_queue);
1911 b43_dma_rx(dev->dma.rx_ring);
1913 B43_WARN_ON(dma_reason[1] & B43_DMAIRQ_RX_DONE);
1914 B43_WARN_ON(dma_reason[2] & B43_DMAIRQ_RX_DONE);
1915 B43_WARN_ON(dma_reason[3] & B43_DMAIRQ_RX_DONE);
1916 B43_WARN_ON(dma_reason[4] & B43_DMAIRQ_RX_DONE);
1917 B43_WARN_ON(dma_reason[5] & B43_DMAIRQ_RX_DONE);
1919 if (reason & B43_IRQ_TX_OK)
1920 handle_irq_transmit_status(dev);
1922 b43_interrupt_enable(dev, dev->irq_savedstate);
1924 spin_unlock_irqrestore(&dev->wl->irq_lock, flags);
1927 static void b43_interrupt_ack(struct b43_wldev *dev, u32 reason)
1929 b43_write32(dev, B43_MMIO_GEN_IRQ_REASON, reason);
1931 b43_write32(dev, B43_MMIO_DMA0_REASON, dev->dma_reason[0]);
1932 b43_write32(dev, B43_MMIO_DMA1_REASON, dev->dma_reason[1]);
1933 b43_write32(dev, B43_MMIO_DMA2_REASON, dev->dma_reason[2]);
1934 b43_write32(dev, B43_MMIO_DMA3_REASON, dev->dma_reason[3]);
1935 b43_write32(dev, B43_MMIO_DMA4_REASON, dev->dma_reason[4]);
1936 b43_write32(dev, B43_MMIO_DMA5_REASON, dev->dma_reason[5]);
1939 /* Interrupt handler top-half */
1940 static irqreturn_t b43_interrupt_handler(int irq, void *dev_id)
1942 irqreturn_t ret = IRQ_NONE;
1943 struct b43_wldev *dev = dev_id;
1949 spin_lock(&dev->wl->irq_lock);
1951 if (b43_status(dev) < B43_STAT_STARTED)
1953 reason = b43_read32(dev, B43_MMIO_GEN_IRQ_REASON);
1954 if (reason == 0xffffffff) /* shared IRQ */
1957 reason &= b43_read32(dev, B43_MMIO_GEN_IRQ_MASK);
1961 dev->dma_reason[0] = b43_read32(dev, B43_MMIO_DMA0_REASON)
1963 dev->dma_reason[1] = b43_read32(dev, B43_MMIO_DMA1_REASON)
1965 dev->dma_reason[2] = b43_read32(dev, B43_MMIO_DMA2_REASON)
1967 dev->dma_reason[3] = b43_read32(dev, B43_MMIO_DMA3_REASON)
1969 dev->dma_reason[4] = b43_read32(dev, B43_MMIO_DMA4_REASON)
1971 dev->dma_reason[5] = b43_read32(dev, B43_MMIO_DMA5_REASON)
1974 b43_interrupt_ack(dev, reason);
1975 /* disable all IRQs. They are enabled again in the bottom half. */
1976 dev->irq_savedstate = b43_interrupt_disable(dev, B43_IRQ_ALL);
1977 /* save the reason code and call our bottom half. */
1978 dev->irq_reason = reason;
1979 tasklet_schedule(&dev->isr_tasklet);
1982 spin_unlock(&dev->wl->irq_lock);
1987 static void do_release_fw(struct b43_firmware_file *fw)
1989 release_firmware(fw->data);
1991 fw->filename = NULL;
1994 static void b43_release_firmware(struct b43_wldev *dev)
1996 do_release_fw(&dev->fw.ucode);
1997 do_release_fw(&dev->fw.pcm);
1998 do_release_fw(&dev->fw.initvals);
1999 do_release_fw(&dev->fw.initvals_band);
2002 static void b43_print_fw_helptext(struct b43_wl *wl, bool error)
2006 text = "You must go to "
2007 "http://linuxwireless.org/en/users/Drivers/b43#devicefirmware "
2008 "and download the latest firmware (version 4).\n";
2015 static int do_request_fw(struct b43_wldev *dev,
2017 struct b43_firmware_file *fw,
2020 char path[sizeof(modparam_fwpostfix) + 32];
2021 const struct firmware *blob;
2022 struct b43_fw_header *hdr;
2027 /* Don't fetch anything. Free possibly cached firmware. */
2032 if (strcmp(fw->filename, name) == 0)
2033 return 0; /* Already have this fw. */
2034 /* Free the cached firmware first. */
2038 snprintf(path, ARRAY_SIZE(path),
2040 modparam_fwpostfix, name);
2041 err = request_firmware(&blob, path, dev->dev->dev);
2042 if (err == -ENOENT) {
2044 b43err(dev->wl, "Firmware file \"%s\" not found\n",
2049 b43err(dev->wl, "Firmware file \"%s\" request failed (err=%d)\n",
2053 if (blob->size < sizeof(struct b43_fw_header))
2055 hdr = (struct b43_fw_header *)(blob->data);
2056 switch (hdr->type) {
2057 case B43_FW_TYPE_UCODE:
2058 case B43_FW_TYPE_PCM:
2059 size = be32_to_cpu(hdr->size);
2060 if (size != blob->size - sizeof(struct b43_fw_header))
2063 case B43_FW_TYPE_IV:
2072 fw->filename = name;
2077 b43err(dev->wl, "Firmware file \"%s\" format error.\n", path);
2078 release_firmware(blob);
2083 static int b43_request_firmware(struct b43_wldev *dev)
2085 struct b43_firmware *fw = &dev->fw;
2086 const u8 rev = dev->dev->id.revision;
2087 const char *filename;
2092 tmshigh = ssb_read32(dev->dev, SSB_TMSHIGH);
2093 if ((rev >= 5) && (rev <= 10))
2094 filename = "ucode5";
2095 else if ((rev >= 11) && (rev <= 12))
2096 filename = "ucode11";
2098 filename = "ucode13";
2101 err = do_request_fw(dev, filename, &fw->ucode, 0);
2106 if ((rev >= 5) && (rev <= 10))
2112 fw->pcm_request_failed = 0;
2113 err = do_request_fw(dev, filename, &fw->pcm, 1);
2114 if (err == -ENOENT) {
2115 /* We did not find a PCM file? Not fatal, but
2116 * core rev <= 10 must do without hwcrypto then. */
2117 fw->pcm_request_failed = 1;
2122 switch (dev->phy.type) {
2124 if ((rev >= 5) && (rev <= 10)) {
2125 if (tmshigh & B43_TMSHIGH_HAVE_2GHZ_PHY)
2126 filename = "a0g1initvals5";
2128 filename = "a0g0initvals5";
2130 goto err_no_initvals;
2133 if ((rev >= 5) && (rev <= 10))
2134 filename = "b0g0initvals5";
2136 filename = "b0g0initvals13";
2138 goto err_no_initvals;
2141 if ((rev >= 11) && (rev <= 12))
2142 filename = "n0initvals11";
2144 goto err_no_initvals;
2147 goto err_no_initvals;
2149 err = do_request_fw(dev, filename, &fw->initvals, 0);
2153 /* Get bandswitch initvals */
2154 switch (dev->phy.type) {
2156 if ((rev >= 5) && (rev <= 10)) {
2157 if (tmshigh & B43_TMSHIGH_HAVE_2GHZ_PHY)
2158 filename = "a0g1bsinitvals5";
2160 filename = "a0g0bsinitvals5";
2161 } else if (rev >= 11)
2164 goto err_no_initvals;
2167 if ((rev >= 5) && (rev <= 10))
2168 filename = "b0g0bsinitvals5";
2172 goto err_no_initvals;
2175 if ((rev >= 11) && (rev <= 12))
2176 filename = "n0bsinitvals11";
2178 goto err_no_initvals;
2181 goto err_no_initvals;
2183 err = do_request_fw(dev, filename, &fw->initvals_band, 0);
2190 b43_print_fw_helptext(dev->wl, 1);
2195 b43err(dev->wl, "No microcode available for core rev %u\n", rev);
2200 b43err(dev->wl, "No PCM available for core rev %u\n", rev);
2205 b43err(dev->wl, "No Initial Values firmware file for PHY %u, "
2206 "core rev %u\n", dev->phy.type, rev);
2210 b43_release_firmware(dev);
2214 static int b43_upload_microcode(struct b43_wldev *dev)
2216 const size_t hdr_len = sizeof(struct b43_fw_header);
2218 unsigned int i, len;
2219 u16 fwrev, fwpatch, fwdate, fwtime;
2223 /* Jump the microcode PSM to offset 0 */
2224 macctl = b43_read32(dev, B43_MMIO_MACCTL);
2225 B43_WARN_ON(macctl & B43_MACCTL_PSM_RUN);
2226 macctl |= B43_MACCTL_PSM_JMP0;
2227 b43_write32(dev, B43_MMIO_MACCTL, macctl);
2228 /* Zero out all microcode PSM registers and shared memory. */
2229 for (i = 0; i < 64; i++)
2230 b43_shm_write16(dev, B43_SHM_SCRATCH, i, 0);
2231 for (i = 0; i < 4096; i += 2)
2232 b43_shm_write16(dev, B43_SHM_SHARED, i, 0);
2234 /* Upload Microcode. */
2235 data = (__be32 *) (dev->fw.ucode.data->data + hdr_len);
2236 len = (dev->fw.ucode.data->size - hdr_len) / sizeof(__be32);
2237 b43_shm_control_word(dev, B43_SHM_UCODE | B43_SHM_AUTOINC_W, 0x0000);
2238 for (i = 0; i < len; i++) {
2239 b43_write32(dev, B43_MMIO_SHM_DATA, be32_to_cpu(data[i]));
2243 if (dev->fw.pcm.data) {
2244 /* Upload PCM data. */
2245 data = (__be32 *) (dev->fw.pcm.data->data + hdr_len);
2246 len = (dev->fw.pcm.data->size - hdr_len) / sizeof(__be32);
2247 b43_shm_control_word(dev, B43_SHM_HW, 0x01EA);
2248 b43_write32(dev, B43_MMIO_SHM_DATA, 0x00004000);
2249 /* No need for autoinc bit in SHM_HW */
2250 b43_shm_control_word(dev, B43_SHM_HW, 0x01EB);
2251 for (i = 0; i < len; i++) {
2252 b43_write32(dev, B43_MMIO_SHM_DATA, be32_to_cpu(data[i]));
2257 b43_write32(dev, B43_MMIO_GEN_IRQ_REASON, B43_IRQ_ALL);
2259 /* Start the microcode PSM */
2260 macctl = b43_read32(dev, B43_MMIO_MACCTL);
2261 macctl &= ~B43_MACCTL_PSM_JMP0;
2262 macctl |= B43_MACCTL_PSM_RUN;
2263 b43_write32(dev, B43_MMIO_MACCTL, macctl);
2265 /* Wait for the microcode to load and respond */
2268 tmp = b43_read32(dev, B43_MMIO_GEN_IRQ_REASON);
2269 if (tmp == B43_IRQ_MAC_SUSPENDED)
2273 b43err(dev->wl, "Microcode not responding\n");
2274 b43_print_fw_helptext(dev->wl, 1);
2278 msleep_interruptible(50);
2279 if (signal_pending(current)) {
2284 b43_read32(dev, B43_MMIO_GEN_IRQ_REASON); /* dummy read */
2286 /* Get and check the revisions. */
2287 fwrev = b43_shm_read16(dev, B43_SHM_SHARED, B43_SHM_SH_UCODEREV);
2288 fwpatch = b43_shm_read16(dev, B43_SHM_SHARED, B43_SHM_SH_UCODEPATCH);
2289 fwdate = b43_shm_read16(dev, B43_SHM_SHARED, B43_SHM_SH_UCODEDATE);
2290 fwtime = b43_shm_read16(dev, B43_SHM_SHARED, B43_SHM_SH_UCODETIME);
2292 if (fwrev <= 0x128) {
2293 b43err(dev->wl, "YOUR FIRMWARE IS TOO OLD. Firmware from "
2294 "binary drivers older than version 4.x is unsupported. "
2295 "You must upgrade your firmware files.\n");
2296 b43_print_fw_helptext(dev->wl, 1);
2300 dev->fw.rev = fwrev;
2301 dev->fw.patch = fwpatch;
2302 dev->fw.opensource = (fwdate == 0xFFFF);
2304 if (dev->fw.opensource) {
2305 /* Patchlevel info is encoded in the "time" field. */
2306 dev->fw.patch = fwtime;
2307 b43info(dev->wl, "Loading OpenSource firmware version %u.%u%s\n",
2308 dev->fw.rev, dev->fw.patch,
2309 dev->fw.pcm_request_failed ? " (Hardware crypto not supported)" : "");
2311 b43info(dev->wl, "Loading firmware version %u.%u "
2312 "(20%.2i-%.2i-%.2i %.2i:%.2i:%.2i)\n",
2314 (fwdate >> 12) & 0xF, (fwdate >> 8) & 0xF, fwdate & 0xFF,
2315 (fwtime >> 11) & 0x1F, (fwtime >> 5) & 0x3F, fwtime & 0x1F);
2316 if (dev->fw.pcm_request_failed) {
2317 b43warn(dev->wl, "No \"pcm5.fw\" firmware file found. "
2318 "Hardware accelerated cryptography is disabled.\n");
2319 b43_print_fw_helptext(dev->wl, 0);
2323 if (b43_is_old_txhdr_format(dev)) {
2324 b43warn(dev->wl, "You are using an old firmware image. "
2325 "Support for old firmware will be removed in July 2008.\n");
2326 b43_print_fw_helptext(dev->wl, 0);
2332 macctl = b43_read32(dev, B43_MMIO_MACCTL);
2333 macctl &= ~B43_MACCTL_PSM_RUN;
2334 macctl |= B43_MACCTL_PSM_JMP0;
2335 b43_write32(dev, B43_MMIO_MACCTL, macctl);
2340 static int b43_write_initvals(struct b43_wldev *dev,
2341 const struct b43_iv *ivals,
2345 const struct b43_iv *iv;
2350 BUILD_BUG_ON(sizeof(struct b43_iv) != 6);
2352 for (i = 0; i < count; i++) {
2353 if (array_size < sizeof(iv->offset_size))
2355 array_size -= sizeof(iv->offset_size);
2356 offset = be16_to_cpu(iv->offset_size);
2357 bit32 = !!(offset & B43_IV_32BIT);
2358 offset &= B43_IV_OFFSET_MASK;
2359 if (offset >= 0x1000)
2364 if (array_size < sizeof(iv->data.d32))
2366 array_size -= sizeof(iv->data.d32);
2368 value = get_unaligned_be32(&iv->data.d32);
2369 b43_write32(dev, offset, value);
2371 iv = (const struct b43_iv *)((const uint8_t *)iv +
2377 if (array_size < sizeof(iv->data.d16))
2379 array_size -= sizeof(iv->data.d16);
2381 value = be16_to_cpu(iv->data.d16);
2382 b43_write16(dev, offset, value);
2384 iv = (const struct b43_iv *)((const uint8_t *)iv +
2395 b43err(dev->wl, "Initial Values Firmware file-format error.\n");
2396 b43_print_fw_helptext(dev->wl, 1);
2401 static int b43_upload_initvals(struct b43_wldev *dev)
2403 const size_t hdr_len = sizeof(struct b43_fw_header);
2404 const struct b43_fw_header *hdr;
2405 struct b43_firmware *fw = &dev->fw;
2406 const struct b43_iv *ivals;
2410 hdr = (const struct b43_fw_header *)(fw->initvals.data->data);
2411 ivals = (const struct b43_iv *)(fw->initvals.data->data + hdr_len);
2412 count = be32_to_cpu(hdr->size);
2413 err = b43_write_initvals(dev, ivals, count,
2414 fw->initvals.data->size - hdr_len);
2417 if (fw->initvals_band.data) {
2418 hdr = (const struct b43_fw_header *)(fw->initvals_band.data->data);
2419 ivals = (const struct b43_iv *)(fw->initvals_band.data->data + hdr_len);
2420 count = be32_to_cpu(hdr->size);
2421 err = b43_write_initvals(dev, ivals, count,
2422 fw->initvals_band.data->size - hdr_len);
2431 /* Initialize the GPIOs
2432 * http://bcm-specs.sipsolutions.net/GPIO
2434 static int b43_gpio_init(struct b43_wldev *dev)
2436 struct ssb_bus *bus = dev->dev->bus;
2437 struct ssb_device *gpiodev, *pcidev = NULL;
2440 b43_write32(dev, B43_MMIO_MACCTL, b43_read32(dev, B43_MMIO_MACCTL)
2441 & ~B43_MACCTL_GPOUTSMSK);
2443 b43_write16(dev, B43_MMIO_GPIO_MASK, b43_read16(dev, B43_MMIO_GPIO_MASK)
2448 if (dev->dev->bus->chip_id == 0x4301) {
2452 if (0 /* FIXME: conditional unknown */ ) {
2453 b43_write16(dev, B43_MMIO_GPIO_MASK,
2454 b43_read16(dev, B43_MMIO_GPIO_MASK)
2459 if (dev->dev->bus->sprom.boardflags_lo & B43_BFL_PACTRL) {
2460 b43_write16(dev, B43_MMIO_GPIO_MASK,
2461 b43_read16(dev, B43_MMIO_GPIO_MASK)
2466 if (dev->dev->id.revision >= 2)
2467 mask |= 0x0010; /* FIXME: This is redundant. */
2469 #ifdef CONFIG_SSB_DRIVER_PCICORE
2470 pcidev = bus->pcicore.dev;
2472 gpiodev = bus->chipco.dev ? : pcidev;
2475 ssb_write32(gpiodev, B43_GPIO_CONTROL,
2476 (ssb_read32(gpiodev, B43_GPIO_CONTROL)
2482 /* Turn off all GPIO stuff. Call this on module unload, for example. */
2483 static void b43_gpio_cleanup(struct b43_wldev *dev)
2485 struct ssb_bus *bus = dev->dev->bus;
2486 struct ssb_device *gpiodev, *pcidev = NULL;
2488 #ifdef CONFIG_SSB_DRIVER_PCICORE
2489 pcidev = bus->pcicore.dev;
2491 gpiodev = bus->chipco.dev ? : pcidev;
2494 ssb_write32(gpiodev, B43_GPIO_CONTROL, 0);
2497 /* http://bcm-specs.sipsolutions.net/EnableMac */
2498 void b43_mac_enable(struct b43_wldev *dev)
2500 if (b43_debug(dev, B43_DBG_FIRMWARE)) {
2503 fwstate = b43_shm_read16(dev, B43_SHM_SHARED,
2504 B43_SHM_SH_UCODESTAT);
2505 if ((fwstate != B43_SHM_SH_UCODESTAT_SUSP) &&
2506 (fwstate != B43_SHM_SH_UCODESTAT_SLEEP)) {
2507 b43err(dev->wl, "b43_mac_enable(): The firmware "
2508 "should be suspended, but current state is %u\n",
2513 dev->mac_suspended--;
2514 B43_WARN_ON(dev->mac_suspended < 0);
2515 if (dev->mac_suspended == 0) {
2516 b43_write32(dev, B43_MMIO_MACCTL,
2517 b43_read32(dev, B43_MMIO_MACCTL)
2518 | B43_MACCTL_ENABLED);
2519 b43_write32(dev, B43_MMIO_GEN_IRQ_REASON,
2520 B43_IRQ_MAC_SUSPENDED);
2522 b43_read32(dev, B43_MMIO_MACCTL);
2523 b43_read32(dev, B43_MMIO_GEN_IRQ_REASON);
2524 b43_power_saving_ctl_bits(dev, 0);
2528 /* http://bcm-specs.sipsolutions.net/SuspendMAC */
2529 void b43_mac_suspend(struct b43_wldev *dev)
2535 B43_WARN_ON(dev->mac_suspended < 0);
2537 if (dev->mac_suspended == 0) {
2538 b43_power_saving_ctl_bits(dev, B43_PS_AWAKE);
2539 b43_write32(dev, B43_MMIO_MACCTL,
2540 b43_read32(dev, B43_MMIO_MACCTL)
2541 & ~B43_MACCTL_ENABLED);
2542 /* force pci to flush the write */
2543 b43_read32(dev, B43_MMIO_MACCTL);
2544 for (i = 35; i; i--) {
2545 tmp = b43_read32(dev, B43_MMIO_GEN_IRQ_REASON);
2546 if (tmp & B43_IRQ_MAC_SUSPENDED)
2550 /* Hm, it seems this will take some time. Use msleep(). */
2551 for (i = 40; i; i--) {
2552 tmp = b43_read32(dev, B43_MMIO_GEN_IRQ_REASON);
2553 if (tmp & B43_IRQ_MAC_SUSPENDED)
2557 b43err(dev->wl, "MAC suspend failed\n");
2560 dev->mac_suspended++;
2563 static void b43_adjust_opmode(struct b43_wldev *dev)
2565 struct b43_wl *wl = dev->wl;
2569 ctl = b43_read32(dev, B43_MMIO_MACCTL);
2570 /* Reset status to STA infrastructure mode. */
2571 ctl &= ~B43_MACCTL_AP;
2572 ctl &= ~B43_MACCTL_KEEP_CTL;
2573 ctl &= ~B43_MACCTL_KEEP_BADPLCP;
2574 ctl &= ~B43_MACCTL_KEEP_BAD;
2575 ctl &= ~B43_MACCTL_PROMISC;
2576 ctl &= ~B43_MACCTL_BEACPROMISC;
2577 ctl |= B43_MACCTL_INFRA;
2579 if (b43_is_mode(wl, IEEE80211_IF_TYPE_AP) ||
2580 b43_is_mode(wl, IEEE80211_IF_TYPE_MESH_POINT))
2581 ctl |= B43_MACCTL_AP;
2582 else if (b43_is_mode(wl, IEEE80211_IF_TYPE_IBSS))
2583 ctl &= ~B43_MACCTL_INFRA;
2585 if (wl->filter_flags & FIF_CONTROL)
2586 ctl |= B43_MACCTL_KEEP_CTL;
2587 if (wl->filter_flags & FIF_FCSFAIL)
2588 ctl |= B43_MACCTL_KEEP_BAD;
2589 if (wl->filter_flags & FIF_PLCPFAIL)
2590 ctl |= B43_MACCTL_KEEP_BADPLCP;
2591 if (wl->filter_flags & FIF_PROMISC_IN_BSS)
2592 ctl |= B43_MACCTL_PROMISC;
2593 if (wl->filter_flags & FIF_BCN_PRBRESP_PROMISC)
2594 ctl |= B43_MACCTL_BEACPROMISC;
2596 /* Workaround: On old hardware the HW-MAC-address-filter
2597 * doesn't work properly, so always run promisc in filter
2598 * it in software. */
2599 if (dev->dev->id.revision <= 4)
2600 ctl |= B43_MACCTL_PROMISC;
2602 b43_write32(dev, B43_MMIO_MACCTL, ctl);
2605 if ((ctl & B43_MACCTL_INFRA) && !(ctl & B43_MACCTL_AP)) {
2606 if (dev->dev->bus->chip_id == 0x4306 &&
2607 dev->dev->bus->chip_rev == 3)
2612 b43_write16(dev, 0x612, cfp_pretbtt);
2615 static void b43_rate_memory_write(struct b43_wldev *dev, u16 rate, int is_ofdm)
2621 offset += (b43_plcp_get_ratecode_ofdm(rate) & 0x000F) * 2;
2624 offset += (b43_plcp_get_ratecode_cck(rate) & 0x000F) * 2;
2626 b43_shm_write16(dev, B43_SHM_SHARED, offset + 0x20,
2627 b43_shm_read16(dev, B43_SHM_SHARED, offset));
2630 static void b43_rate_memory_init(struct b43_wldev *dev)
2632 switch (dev->phy.type) {
2636 b43_rate_memory_write(dev, B43_OFDM_RATE_6MB, 1);
2637 b43_rate_memory_write(dev, B43_OFDM_RATE_12MB, 1);
2638 b43_rate_memory_write(dev, B43_OFDM_RATE_18MB, 1);
2639 b43_rate_memory_write(dev, B43_OFDM_RATE_24MB, 1);
2640 b43_rate_memory_write(dev, B43_OFDM_RATE_36MB, 1);
2641 b43_rate_memory_write(dev, B43_OFDM_RATE_48MB, 1);
2642 b43_rate_memory_write(dev, B43_OFDM_RATE_54MB, 1);
2643 if (dev->phy.type == B43_PHYTYPE_A)
2647 b43_rate_memory_write(dev, B43_CCK_RATE_1MB, 0);
2648 b43_rate_memory_write(dev, B43_CCK_RATE_2MB, 0);
2649 b43_rate_memory_write(dev, B43_CCK_RATE_5MB, 0);
2650 b43_rate_memory_write(dev, B43_CCK_RATE_11MB, 0);
2657 /* Set the default values for the PHY TX Control Words. */
2658 static void b43_set_phytxctl_defaults(struct b43_wldev *dev)
2662 ctl |= B43_TXH_PHY_ENC_CCK;
2663 ctl |= B43_TXH_PHY_ANT01AUTO;
2664 ctl |= B43_TXH_PHY_TXPWR;
2666 b43_shm_write16(dev, B43_SHM_SHARED, B43_SHM_SH_BEACPHYCTL, ctl);
2667 b43_shm_write16(dev, B43_SHM_SHARED, B43_SHM_SH_ACKCTSPHYCTL, ctl);
2668 b43_shm_write16(dev, B43_SHM_SHARED, B43_SHM_SH_PRPHYCTL, ctl);
2671 /* Set the TX-Antenna for management frames sent by firmware. */
2672 static void b43_mgmtframe_txantenna(struct b43_wldev *dev, int antenna)
2677 ant = b43_antenna_to_phyctl(antenna);
2680 tmp = b43_shm_read16(dev, B43_SHM_SHARED, B43_SHM_SH_ACKCTSPHYCTL);
2681 tmp = (tmp & ~B43_TXH_PHY_ANT) | ant;
2682 b43_shm_write16(dev, B43_SHM_SHARED, B43_SHM_SH_ACKCTSPHYCTL, tmp);
2683 /* For Probe Resposes */
2684 tmp = b43_shm_read16(dev, B43_SHM_SHARED, B43_SHM_SH_PRPHYCTL);
2685 tmp = (tmp & ~B43_TXH_PHY_ANT) | ant;
2686 b43_shm_write16(dev, B43_SHM_SHARED, B43_SHM_SH_PRPHYCTL, tmp);
2689 /* This is the opposite of b43_chip_init() */
2690 static void b43_chip_exit(struct b43_wldev *dev)
2692 b43_radio_turn_off(dev, 1);
2693 b43_gpio_cleanup(dev);
2694 b43_lo_g_cleanup(dev);
2695 /* firmware is released later */
2698 /* Initialize the chip
2699 * http://bcm-specs.sipsolutions.net/ChipInit
2701 static int b43_chip_init(struct b43_wldev *dev)
2703 struct b43_phy *phy = &dev->phy;
2705 u32 value32, macctl;
2708 /* Initialize the MAC control */
2709 macctl = B43_MACCTL_IHR_ENABLED | B43_MACCTL_SHM_ENABLED;
2711 macctl |= B43_MACCTL_GMODE;
2712 macctl |= B43_MACCTL_INFRA;
2713 b43_write32(dev, B43_MMIO_MACCTL, macctl);
2715 err = b43_request_firmware(dev);
2718 err = b43_upload_microcode(dev);
2720 goto out; /* firmware is released later */
2722 err = b43_gpio_init(dev);
2724 goto out; /* firmware is released later */
2726 err = b43_upload_initvals(dev);
2728 goto err_gpio_clean;
2729 b43_radio_turn_on(dev);
2731 b43_write16(dev, 0x03E6, 0x0000);
2732 err = b43_phy_init(dev);
2736 /* Select initial Interference Mitigation. */
2737 tmp = phy->interfmode;
2738 phy->interfmode = B43_INTERFMODE_NONE;
2739 b43_radio_set_interference_mitigation(dev, tmp);
2741 b43_set_rx_antenna(dev, B43_ANTENNA_DEFAULT);
2742 b43_mgmtframe_txantenna(dev, B43_ANTENNA_DEFAULT);
2744 if (phy->type == B43_PHYTYPE_B) {
2745 value16 = b43_read16(dev, 0x005E);
2747 b43_write16(dev, 0x005E, value16);
2749 b43_write32(dev, 0x0100, 0x01000000);
2750 if (dev->dev->id.revision < 5)
2751 b43_write32(dev, 0x010C, 0x01000000);
2753 b43_write32(dev, B43_MMIO_MACCTL, b43_read32(dev, B43_MMIO_MACCTL)
2754 & ~B43_MACCTL_INFRA);
2755 b43_write32(dev, B43_MMIO_MACCTL, b43_read32(dev, B43_MMIO_MACCTL)
2756 | B43_MACCTL_INFRA);
2758 /* Probe Response Timeout value */
2759 /* FIXME: Default to 0, has to be set by ioctl probably... :-/ */
2760 b43_shm_write16(dev, B43_SHM_SHARED, 0x0074, 0x0000);
2762 /* Initially set the wireless operation mode. */
2763 b43_adjust_opmode(dev);
2765 if (dev->dev->id.revision < 3) {
2766 b43_write16(dev, 0x060E, 0x0000);
2767 b43_write16(dev, 0x0610, 0x8000);
2768 b43_write16(dev, 0x0604, 0x0000);
2769 b43_write16(dev, 0x0606, 0x0200);
2771 b43_write32(dev, 0x0188, 0x80000000);
2772 b43_write32(dev, 0x018C, 0x02000000);
2774 b43_write32(dev, B43_MMIO_GEN_IRQ_REASON, 0x00004000);
2775 b43_write32(dev, B43_MMIO_DMA0_IRQ_MASK, 0x0001DC00);
2776 b43_write32(dev, B43_MMIO_DMA1_IRQ_MASK, 0x0000DC00);
2777 b43_write32(dev, B43_MMIO_DMA2_IRQ_MASK, 0x0000DC00);
2778 b43_write32(dev, B43_MMIO_DMA3_IRQ_MASK, 0x0001DC00);
2779 b43_write32(dev, B43_MMIO_DMA4_IRQ_MASK, 0x0000DC00);
2780 b43_write32(dev, B43_MMIO_DMA5_IRQ_MASK, 0x0000DC00);
2782 value32 = ssb_read32(dev->dev, SSB_TMSLOW);
2783 value32 |= 0x00100000;
2784 ssb_write32(dev->dev, SSB_TMSLOW, value32);
2786 b43_write16(dev, B43_MMIO_POWERUP_DELAY,
2787 dev->dev->bus->chipco.fast_pwrup_delay);
2790 b43dbg(dev->wl, "Chip initialized\n");
2795 b43_radio_turn_off(dev, 1);
2797 b43_gpio_cleanup(dev);
2801 static void b43_periodic_every60sec(struct b43_wldev *dev)
2803 struct b43_phy *phy = &dev->phy;
2805 if (phy->type != B43_PHYTYPE_G)
2807 if (dev->dev->bus->sprom.boardflags_lo & B43_BFL_RSSI) {
2808 b43_mac_suspend(dev);
2809 b43_calc_nrssi_slope(dev);
2810 if ((phy->radio_ver == 0x2050) && (phy->radio_rev == 8)) {
2811 u8 old_chan = phy->channel;
2813 /* VCO Calibration */
2815 b43_radio_selectchannel(dev, 1, 0);
2817 b43_radio_selectchannel(dev, 13, 0);
2818 b43_radio_selectchannel(dev, old_chan, 0);
2820 b43_mac_enable(dev);
2824 static void b43_periodic_every30sec(struct b43_wldev *dev)
2826 /* Update device statistics. */
2827 b43_calculate_link_quality(dev);
2830 static void b43_periodic_every15sec(struct b43_wldev *dev)
2832 struct b43_phy *phy = &dev->phy;
2835 if (dev->fw.opensource) {
2836 /* Check if the firmware is still alive.
2837 * It will reset the watchdog counter to 0 in its idle loop. */
2838 wdr = b43_shm_read16(dev, B43_SHM_SCRATCH, B43_WATCHDOG_REG);
2839 if (unlikely(wdr)) {
2840 b43err(dev->wl, "Firmware watchdog: The firmware died!\n");
2841 b43_controller_restart(dev, "Firmware watchdog");
2844 b43_shm_write16(dev, B43_SHM_SCRATCH,
2845 B43_WATCHDOG_REG, 1);
2849 if (phy->type == B43_PHYTYPE_G) {
2850 //TODO: update_aci_moving_average
2851 if (phy->aci_enable && phy->aci_wlan_automatic) {
2852 b43_mac_suspend(dev);
2853 if (!phy->aci_enable && 1 /*TODO: not scanning? */ ) {
2854 if (0 /*TODO: bunch of conditions */ ) {
2855 b43_radio_set_interference_mitigation
2856 (dev, B43_INTERFMODE_MANUALWLAN);
2858 } else if (1 /*TODO*/) {
2860 if ((aci_average > 1000) && !(b43_radio_aci_scan(dev))) {
2861 b43_radio_set_interference_mitigation(dev,
2862 B43_INTERFMODE_NONE);
2866 b43_mac_enable(dev);
2867 } else if (phy->interfmode == B43_INTERFMODE_NONWLAN &&
2869 //TODO: implement rev1 workaround
2872 b43_phy_xmitpower(dev); //FIXME: unless scanning?
2873 b43_lo_g_maintanance_work(dev);
2874 //TODO for APHY (temperature?)
2876 atomic_set(&phy->txerr_cnt, B43_PHY_TX_BADNESS_LIMIT);
2880 static void do_periodic_work(struct b43_wldev *dev)
2884 state = dev->periodic_state;
2886 b43_periodic_every60sec(dev);
2888 b43_periodic_every30sec(dev);
2889 b43_periodic_every15sec(dev);
2892 /* Periodic work locking policy:
2893 * The whole periodic work handler is protected by
2894 * wl->mutex. If another lock is needed somewhere in the
2895 * pwork callchain, it's aquired in-place, where it's needed.
2897 static void b43_periodic_work_handler(struct work_struct *work)
2899 struct b43_wldev *dev = container_of(work, struct b43_wldev,
2900 periodic_work.work);
2901 struct b43_wl *wl = dev->wl;
2902 unsigned long delay;
2904 mutex_lock(&wl->mutex);
2906 if (unlikely(b43_status(dev) != B43_STAT_STARTED))
2908 if (b43_debug(dev, B43_DBG_PWORK_STOP))
2911 do_periodic_work(dev);
2913 dev->periodic_state++;
2915 if (b43_debug(dev, B43_DBG_PWORK_FAST))
2916 delay = msecs_to_jiffies(50);
2918 delay = round_jiffies_relative(HZ * 15);
2919 queue_delayed_work(wl->hw->workqueue, &dev->periodic_work, delay);
2921 mutex_unlock(&wl->mutex);
2924 static void b43_periodic_tasks_setup(struct b43_wldev *dev)
2926 struct delayed_work *work = &dev->periodic_work;
2928 dev->periodic_state = 0;
2929 INIT_DELAYED_WORK(work, b43_periodic_work_handler);
2930 queue_delayed_work(dev->wl->hw->workqueue, work, 0);
2933 /* Check if communication with the device works correctly. */
2934 static int b43_validate_chipaccess(struct b43_wldev *dev)
2938 backup = b43_shm_read32(dev, B43_SHM_SHARED, 0);
2940 /* Check for read/write and endianness problems. */
2941 b43_shm_write32(dev, B43_SHM_SHARED, 0, 0x55AAAA55);
2942 if (b43_shm_read32(dev, B43_SHM_SHARED, 0) != 0x55AAAA55)
2944 b43_shm_write32(dev, B43_SHM_SHARED, 0, 0xAA5555AA);
2945 if (b43_shm_read32(dev, B43_SHM_SHARED, 0) != 0xAA5555AA)
2948 b43_shm_write32(dev, B43_SHM_SHARED, 0, backup);
2950 if ((dev->dev->id.revision >= 3) && (dev->dev->id.revision <= 10)) {
2951 /* The 32bit register shadows the two 16bit registers
2952 * with update sideeffects. Validate this. */
2953 b43_write16(dev, B43_MMIO_TSF_CFP_START, 0xAAAA);
2954 b43_write32(dev, B43_MMIO_TSF_CFP_START, 0xCCCCBBBB);
2955 if (b43_read16(dev, B43_MMIO_TSF_CFP_START_LOW) != 0xBBBB)
2957 if (b43_read16(dev, B43_MMIO_TSF_CFP_START_HIGH) != 0xCCCC)
2960 b43_write32(dev, B43_MMIO_TSF_CFP_START, 0);
2962 v = b43_read32(dev, B43_MMIO_MACCTL);
2963 v |= B43_MACCTL_GMODE;
2964 if (v != (B43_MACCTL_GMODE | B43_MACCTL_IHR_ENABLED))
2969 b43err(dev->wl, "Failed to validate the chipaccess\n");
2973 static void b43_security_init(struct b43_wldev *dev)
2975 dev->max_nr_keys = (dev->dev->id.revision >= 5) ? 58 : 20;
2976 B43_WARN_ON(dev->max_nr_keys > ARRAY_SIZE(dev->key));
2977 dev->ktp = b43_shm_read16(dev, B43_SHM_SHARED, B43_SHM_SH_KTP);
2978 /* KTP is a word address, but we address SHM bytewise.
2979 * So multiply by two.
2982 if (dev->dev->id.revision >= 5) {
2983 /* Number of RCMTA address slots */
2984 b43_write16(dev, B43_MMIO_RCMTA_COUNT, dev->max_nr_keys - 8);
2986 b43_clear_keys(dev);
2989 static int b43_rng_read(struct hwrng *rng, u32 * data)
2991 struct b43_wl *wl = (struct b43_wl *)rng->priv;
2992 unsigned long flags;
2994 /* Don't take wl->mutex here, as it could deadlock with
2995 * hwrng internal locking. It's not needed to take
2996 * wl->mutex here, anyway. */
2998 spin_lock_irqsave(&wl->irq_lock, flags);
2999 *data = b43_read16(wl->current_dev, B43_MMIO_RNG);
3000 spin_unlock_irqrestore(&wl->irq_lock, flags);
3002 return (sizeof(u16));
3005 static void b43_rng_exit(struct b43_wl *wl)
3007 if (wl->rng_initialized)
3008 hwrng_unregister(&wl->rng);
3011 static int b43_rng_init(struct b43_wl *wl)
3015 snprintf(wl->rng_name, ARRAY_SIZE(wl->rng_name),
3016 "%s_%s", KBUILD_MODNAME, wiphy_name(wl->hw->wiphy));
3017 wl->rng.name = wl->rng_name;
3018 wl->rng.data_read = b43_rng_read;
3019 wl->rng.priv = (unsigned long)wl;
3020 wl->rng_initialized = 1;
3021 err = hwrng_register(&wl->rng);
3023 wl->rng_initialized = 0;
3024 b43err(wl, "Failed to register the random "
3025 "number generator (%d)\n", err);
3031 static int b43_op_tx(struct ieee80211_hw *hw,
3032 struct sk_buff *skb)
3034 struct b43_wl *wl = hw_to_b43_wl(hw);
3035 struct b43_wldev *dev = wl->current_dev;
3036 unsigned long flags;
3039 if (unlikely(skb->len < 2 + 2 + 6)) {
3040 /* Too short, this can't be a valid frame. */
3043 B43_WARN_ON(skb_shinfo(skb)->nr_frags);
3047 /* Transmissions on seperate queues can run concurrently. */
3048 read_lock_irqsave(&wl->tx_lock, flags);
3051 if (likely(b43_status(dev) >= B43_STAT_STARTED)) {
3052 if (b43_using_pio_transfers(dev))
3053 err = b43_pio_tx(dev, skb);
3055 err = b43_dma_tx(dev, skb);
3058 read_unlock_irqrestore(&wl->tx_lock, flags);
3062 return NETDEV_TX_OK;
3065 /* We can not transmit this packet. Drop it. */
3066 dev_kfree_skb_any(skb);
3067 return NETDEV_TX_OK;
3070 /* Locking: wl->irq_lock */
3071 static void b43_qos_params_upload(struct b43_wldev *dev,
3072 const struct ieee80211_tx_queue_params *p,
3075 u16 params[B43_NR_QOSPARAMS];
3076 int cw_min, cw_max, aifs, bslots, tmp;
3079 const u16 aCWmin = 0x0001;
3080 const u16 aCWmax = 0x03FF;
3082 /* Calculate the default values for the parameters, if needed. */
3083 switch (shm_offset) {
3085 aifs = (p->aifs == -1) ? 2 : p->aifs;
3086 cw_min = (p->cw_min == 0) ? ((aCWmin + 1) / 4 - 1) : p->cw_min;
3087 cw_max = (p->cw_max == 0) ? ((aCWmin + 1) / 2 - 1) : p->cw_max;
3090 aifs = (p->aifs == -1) ? 2 : p->aifs;
3091 cw_min = (p->cw_min == 0) ? ((aCWmin + 1) / 2 - 1) : p->cw_min;
3092 cw_max = (p->cw_max == 0) ? aCWmin : p->cw_max;
3094 case B43_QOS_BESTEFFORT:
3095 aifs = (p->aifs == -1) ? 3 : p->aifs;
3096 cw_min = (p->cw_min == 0) ? aCWmin : p->cw_min;
3097 cw_max = (p->cw_max == 0) ? aCWmax : p->cw_max;
3099 case B43_QOS_BACKGROUND:
3100 aifs = (p->aifs == -1) ? 7 : p->aifs;
3101 cw_min = (p->cw_min == 0) ? aCWmin : p->cw_min;
3102 cw_max = (p->cw_max == 0) ? aCWmax : p->cw_max;
3112 bslots = b43_read16(dev, B43_MMIO_RNG) % cw_min;
3114 memset(¶ms, 0, sizeof(params));
3116 params[B43_QOSPARAM_TXOP] = p->txop * 32;
3117 params[B43_QOSPARAM_CWMIN] = cw_min;
3118 params[B43_QOSPARAM_CWMAX] = cw_max;
3119 params[B43_QOSPARAM_CWCUR] = cw_min;
3120 params[B43_QOSPARAM_AIFS] = aifs;
3121 params[B43_QOSPARAM_BSLOTS] = bslots;
3122 params[B43_QOSPARAM_REGGAP] = bslots + aifs;
3124 for (i = 0; i < ARRAY_SIZE(params); i++) {
3125 if (i == B43_QOSPARAM_STATUS) {
3126 tmp = b43_shm_read16(dev, B43_SHM_SHARED,
3127 shm_offset + (i * 2));
3128 /* Mark the parameters as updated. */
3130 b43_shm_write16(dev, B43_SHM_SHARED,
3131 shm_offset + (i * 2),
3134 b43_shm_write16(dev, B43_SHM_SHARED,
3135 shm_offset + (i * 2),
3141 /* Update the QOS parameters in hardware. */
3142 static void b43_qos_update(struct b43_wldev *dev)
3144 struct b43_wl *wl = dev->wl;
3145 struct b43_qos_params *params;
3146 unsigned long flags;
3149 /* Mapping of mac80211 queues to b43 SHM offsets. */
3150 static const u16 qos_shm_offsets[] = {
3151 [0] = B43_QOS_VOICE,
3152 [1] = B43_QOS_VIDEO,
3153 [2] = B43_QOS_BESTEFFORT,
3154 [3] = B43_QOS_BACKGROUND,
3156 BUILD_BUG_ON(ARRAY_SIZE(qos_shm_offsets) != ARRAY_SIZE(wl->qos_params));
3158 b43_mac_suspend(dev);
3159 spin_lock_irqsave(&wl->irq_lock, flags);
3161 for (i = 0; i < ARRAY_SIZE(wl->qos_params); i++) {
3162 params = &(wl->qos_params[i]);
3163 if (params->need_hw_update) {
3164 b43_qos_params_upload(dev, &(params->p),
3165 qos_shm_offsets[i]);
3166 params->need_hw_update = 0;
3170 spin_unlock_irqrestore(&wl->irq_lock, flags);
3171 b43_mac_enable(dev);
3174 static void b43_qos_clear(struct b43_wl *wl)
3176 struct b43_qos_params *params;
3179 for (i = 0; i < ARRAY_SIZE(wl->qos_params); i++) {
3180 params = &(wl->qos_params[i]);
3182 memset(&(params->p), 0, sizeof(params->p));
3183 params->p.aifs = -1;
3184 params->need_hw_update = 1;
3188 /* Initialize the core's QOS capabilities */
3189 static void b43_qos_init(struct b43_wldev *dev)
3191 struct b43_wl *wl = dev->wl;
3194 /* Upload the current QOS parameters. */
3195 for (i = 0; i < ARRAY_SIZE(wl->qos_params); i++)
3196 wl->qos_params[i].need_hw_update = 1;
3197 b43_qos_update(dev);
3199 /* Enable QOS support. */
3200 b43_hf_write(dev, b43_hf_read(dev) | B43_HF_EDCF);
3201 b43_write16(dev, B43_MMIO_IFSCTL,
3202 b43_read16(dev, B43_MMIO_IFSCTL)
3203 | B43_MMIO_IFSCTL_USE_EDCF);
3206 static void b43_qos_update_work(struct work_struct *work)
3208 struct b43_wl *wl = container_of(work, struct b43_wl, qos_update_work);
3209 struct b43_wldev *dev;
3211 mutex_lock(&wl->mutex);
3212 dev = wl->current_dev;
3213 if (likely(dev && (b43_status(dev) >= B43_STAT_INITIALIZED)))
3214 b43_qos_update(dev);
3215 mutex_unlock(&wl->mutex);
3218 static int b43_op_conf_tx(struct ieee80211_hw *hw, u16 _queue,
3219 const struct ieee80211_tx_queue_params *params)
3221 struct b43_wl *wl = hw_to_b43_wl(hw);
3222 unsigned long flags;
3223 unsigned int queue = (unsigned int)_queue;
3224 struct b43_qos_params *p;
3226 if (queue >= ARRAY_SIZE(wl->qos_params)) {
3227 /* Queue not available or don't support setting
3228 * params on this queue. Return success to not
3229 * confuse mac80211. */
3233 spin_lock_irqsave(&wl->irq_lock, flags);
3234 p = &(wl->qos_params[queue]);
3235 memcpy(&(p->p), params, sizeof(p->p));
3236 p->need_hw_update = 1;
3237 spin_unlock_irqrestore(&wl->irq_lock, flags);
3239 queue_work(hw->workqueue, &wl->qos_update_work);
3244 static int b43_op_get_tx_stats(struct ieee80211_hw *hw,
3245 struct ieee80211_tx_queue_stats *stats)
3247 struct b43_wl *wl = hw_to_b43_wl(hw);
3248 struct b43_wldev *dev = wl->current_dev;
3249 unsigned long flags;
3254 spin_lock_irqsave(&wl->irq_lock, flags);
3255 if (likely(b43_status(dev) >= B43_STAT_STARTED)) {
3256 if (b43_using_pio_transfers(dev))
3257 b43_pio_get_tx_stats(dev, stats);
3259 b43_dma_get_tx_stats(dev, stats);
3262 spin_unlock_irqrestore(&wl->irq_lock, flags);
3267 static int b43_op_get_stats(struct ieee80211_hw *hw,
3268 struct ieee80211_low_level_stats *stats)
3270 struct b43_wl *wl = hw_to_b43_wl(hw);
3271 unsigned long flags;
3273 spin_lock_irqsave(&wl->irq_lock, flags);
3274 memcpy(stats, &wl->ieee_stats, sizeof(*stats));
3275 spin_unlock_irqrestore(&wl->irq_lock, flags);
3280 static void b43_put_phy_into_reset(struct b43_wldev *dev)
3282 struct ssb_device *sdev = dev->dev;
3285 tmslow = ssb_read32(sdev, SSB_TMSLOW);
3286 tmslow &= ~B43_TMSLOW_GMODE;
3287 tmslow |= B43_TMSLOW_PHYRESET;
3288 tmslow |= SSB_TMSLOW_FGC;
3289 ssb_write32(sdev, SSB_TMSLOW, tmslow);
3292 tmslow = ssb_read32(sdev, SSB_TMSLOW);
3293 tmslow &= ~SSB_TMSLOW_FGC;
3294 tmslow |= B43_TMSLOW_PHYRESET;
3295 ssb_write32(sdev, SSB_TMSLOW, tmslow);
3299 static const char * band_to_string(enum ieee80211_band band)
3302 case IEEE80211_BAND_5GHZ:
3304 case IEEE80211_BAND_2GHZ:
3313 /* Expects wl->mutex locked */
3314 static int b43_switch_band(struct b43_wl *wl, struct ieee80211_channel *chan)
3316 struct b43_wldev *up_dev = NULL;
3317 struct b43_wldev *down_dev;
3318 struct b43_wldev *d;
3323 /* Find a device and PHY which supports the band. */
3324 list_for_each_entry(d, &wl->devlist, list) {
3325 switch (chan->band) {
3326 case IEEE80211_BAND_5GHZ:
3327 if (d->phy.supports_5ghz) {
3332 case IEEE80211_BAND_2GHZ:
3333 if (d->phy.supports_2ghz) {
3346 b43err(wl, "Could not find a device for %s-GHz band operation\n",
3347 band_to_string(chan->band));
3350 if ((up_dev == wl->current_dev) &&
3351 (!!wl->current_dev->phy.gmode == !!gmode)) {
3352 /* This device is already running. */
3355 b43dbg(wl, "Switching to %s-GHz band\n",
3356 band_to_string(chan->band));
3357 down_dev = wl->current_dev;
3359 prev_status = b43_status(down_dev);
3360 /* Shutdown the currently running core. */
3361 if (prev_status >= B43_STAT_STARTED)
3362 b43_wireless_core_stop(down_dev);
3363 if (prev_status >= B43_STAT_INITIALIZED)
3364 b43_wireless_core_exit(down_dev);
3366 if (down_dev != up_dev) {
3367 /* We switch to a different core, so we put PHY into
3368 * RESET on the old core. */
3369 b43_put_phy_into_reset(down_dev);
3372 /* Now start the new core. */
3373 up_dev->phy.gmode = gmode;
3374 if (prev_status >= B43_STAT_INITIALIZED) {
3375 err = b43_wireless_core_init(up_dev);
3377 b43err(wl, "Fatal: Could not initialize device for "
3378 "selected %s-GHz band\n",
3379 band_to_string(chan->band));
3383 if (prev_status >= B43_STAT_STARTED) {
3384 err = b43_wireless_core_start(up_dev);
3386 b43err(wl, "Fatal: Coult not start device for "
3387 "selected %s-GHz band\n",
3388 band_to_string(chan->band));
3389 b43_wireless_core_exit(up_dev);
3393 B43_WARN_ON(b43_status(up_dev) != prev_status);
3395 wl->current_dev = up_dev;
3399 /* Whoops, failed to init the new core. No core is operating now. */
3400 wl->current_dev = NULL;
3404 static int b43_op_config(struct ieee80211_hw *hw, struct ieee80211_conf *conf)
3406 struct b43_wl *wl = hw_to_b43_wl(hw);
3407 struct b43_wldev *dev;
3408 struct b43_phy *phy;
3409 unsigned long flags;
3414 mutex_lock(&wl->mutex);
3416 /* Switch the band (if necessary). This might change the active core. */
3417 err = b43_switch_band(wl, conf->channel);
3419 goto out_unlock_mutex;
3420 dev = wl->current_dev;
3423 /* Disable IRQs while reconfiguring the device.
3424 * This makes it possible to drop the spinlock throughout
3425 * the reconfiguration process. */
3426 spin_lock_irqsave(&wl->irq_lock, flags);
3427 if (b43_status(dev) < B43_STAT_STARTED) {
3428 spin_unlock_irqrestore(&wl->irq_lock, flags);
3429 goto out_unlock_mutex;
3431 savedirqs = b43_interrupt_disable(dev, B43_IRQ_ALL);
3432 spin_unlock_irqrestore(&wl->irq_lock, flags);
3433 b43_synchronize_irq(dev);
3435 /* Switch to the requested channel.
3436 * The firmware takes care of races with the TX handler. */
3437 if (conf->channel->hw_value != phy->channel)
3438 b43_radio_selectchannel(dev, conf->channel->hw_value, 0);
3440 /* Enable/Disable ShortSlot timing. */
3441 if ((!!(conf->flags & IEEE80211_CONF_SHORT_SLOT_TIME)) !=
3443 B43_WARN_ON(phy->type != B43_PHYTYPE_G);
3444 if (conf->flags & IEEE80211_CONF_SHORT_SLOT_TIME)
3445 b43_short_slot_timing_enable(dev);
3447 b43_short_slot_timing_disable(dev);
3450 dev->wl->radiotap_enabled = !!(conf->flags & IEEE80211_CONF_RADIOTAP);
3452 /* Adjust the desired TX power level. */
3453 if (conf->power_level != 0) {
3454 if (conf->power_level != phy->power_level) {
3455 phy->power_level = conf->power_level;
3456 b43_phy_xmitpower(dev);
3460 /* Antennas for RX and management frame TX. */
3461 antenna = b43_antenna_from_ieee80211(dev, conf->antenna_sel_tx);
3462 b43_mgmtframe_txantenna(dev, antenna);
3463 antenna = b43_antenna_from_ieee80211(dev, conf->antenna_sel_rx);
3464 b43_set_rx_antenna(dev, antenna);
3466 /* Update templates for AP/mesh mode. */
3467 if (b43_is_mode(wl, IEEE80211_IF_TYPE_AP) ||
3468 b43_is_mode(wl, IEEE80211_IF_TYPE_MESH_POINT))
3469 b43_set_beacon_int(dev, conf->beacon_int);
3471 if (!!conf->radio_enabled != phy->radio_on) {
3472 if (conf->radio_enabled) {
3473 b43_radio_turn_on(dev);
3474 b43info(dev->wl, "Radio turned on by software\n");
3475 if (!dev->radio_hw_enable) {
3476 b43info(dev->wl, "The hardware RF-kill button "
3477 "still turns the radio physically off. "
3478 "Press the button to turn it on.\n");
3481 b43_radio_turn_off(dev, 0);
3482 b43info(dev->wl, "Radio turned off by software\n");
3486 spin_lock_irqsave(&wl->irq_lock, flags);
3487 b43_interrupt_enable(dev, savedirqs);
3489 spin_unlock_irqrestore(&wl->irq_lock, flags);
3491 mutex_unlock(&wl->mutex);
3496 static int b43_op_set_key(struct ieee80211_hw *hw, enum set_key_cmd cmd,
3497 const u8 *local_addr, const u8 *addr,
3498 struct ieee80211_key_conf *key)
3500 struct b43_wl *wl = hw_to_b43_wl(hw);
3501 struct b43_wldev *dev;
3502 unsigned long flags;
3506 DECLARE_MAC_BUF(mac);
3508 if (modparam_nohwcrypt)
3509 return -ENOSPC; /* User disabled HW-crypto */
3511 mutex_lock(&wl->mutex);
3512 spin_lock_irqsave(&wl->irq_lock, flags);
3514 dev = wl->current_dev;
3516 if (!dev || b43_status(dev) < B43_STAT_INITIALIZED)
3519 if (dev->fw.pcm_request_failed) {
3520 /* We don't have firmware for the crypto engine.
3521 * Must use software-crypto. */
3529 if (key->keylen == 5)
3530 algorithm = B43_SEC_ALGO_WEP40;
3532 algorithm = B43_SEC_ALGO_WEP104;
3535 algorithm = B43_SEC_ALGO_TKIP;
3538 algorithm = B43_SEC_ALGO_AES;
3544 index = (u8) (key->keyidx);
3550 if (algorithm == B43_SEC_ALGO_TKIP) {
3551 /* FIXME: No TKIP hardware encryption for now. */
3556 if (is_broadcast_ether_addr(addr)) {
3557 /* addr is FF:FF:FF:FF:FF:FF for default keys */
3558 err = b43_key_write(dev, index, algorithm,
3559 key->key, key->keylen, NULL, key);
3562 * either pairwise key or address is 00:00:00:00:00:00
3563 * for transmit-only keys
3565 err = b43_key_write(dev, -1, algorithm,
3566 key->key, key->keylen, addr, key);
3571 if (algorithm == B43_SEC_ALGO_WEP40 ||
3572 algorithm == B43_SEC_ALGO_WEP104) {
3573 b43_hf_write(dev, b43_hf_read(dev) | B43_HF_USEDEFKEYS);
3576 b43_hf_read(dev) & ~B43_HF_USEDEFKEYS);
3578 key->flags |= IEEE80211_KEY_FLAG_GENERATE_IV;
3581 err = b43_key_clear(dev, key->hw_key_idx);
3590 spin_unlock_irqrestore(&wl->irq_lock, flags);
3591 mutex_unlock(&wl->mutex);
3593 b43dbg(wl, "%s hardware based encryption for keyidx: %d, "
3595 cmd == SET_KEY ? "Using" : "Disabling", key->keyidx,
3596 print_mac(mac, addr));
3601 static void b43_op_configure_filter(struct ieee80211_hw *hw,
3602 unsigned int changed, unsigned int *fflags,
3603 int mc_count, struct dev_addr_list *mc_list)
3605 struct b43_wl *wl = hw_to_b43_wl(hw);
3606 struct b43_wldev *dev = wl->current_dev;
3607 unsigned long flags;
3614 spin_lock_irqsave(&wl->irq_lock, flags);
3615 *fflags &= FIF_PROMISC_IN_BSS |
3621 FIF_BCN_PRBRESP_PROMISC;
3623 changed &= FIF_PROMISC_IN_BSS |
3629 FIF_BCN_PRBRESP_PROMISC;
3631 wl->filter_flags = *fflags;
3633 if (changed && b43_status(dev) >= B43_STAT_INITIALIZED)
3634 b43_adjust_opmode(dev);
3635 spin_unlock_irqrestore(&wl->irq_lock, flags);
3638 static int b43_op_config_interface(struct ieee80211_hw *hw,
3639 struct ieee80211_vif *vif,
3640 struct ieee80211_if_conf *conf)
3642 struct b43_wl *wl = hw_to_b43_wl(hw);
3643 struct b43_wldev *dev = wl->current_dev;
3644 unsigned long flags;
3648 mutex_lock(&wl->mutex);
3649 spin_lock_irqsave(&wl->irq_lock, flags);
3650 B43_WARN_ON(wl->vif != vif);
3652 memcpy(wl->bssid, conf->bssid, ETH_ALEN);
3654 memset(wl->bssid, 0, ETH_ALEN);
3655 if (b43_status(dev) >= B43_STAT_INITIALIZED) {
3656 if (b43_is_mode(wl, IEEE80211_IF_TYPE_AP) ||
3657 b43_is_mode(wl, IEEE80211_IF_TYPE_MESH_POINT)) {
3658 B43_WARN_ON(vif->type != wl->if_type);
3659 if (conf->changed & IEEE80211_IFCC_SSID)
3660 b43_set_ssid(dev, conf->ssid, conf->ssid_len);
3661 if (conf->changed & IEEE80211_IFCC_BEACON)
3662 b43_update_templates(wl);
3663 } else if (b43_is_mode(wl, IEEE80211_IF_TYPE_IBSS)) {
3664 if (conf->changed & IEEE80211_IFCC_BEACON)
3665 b43_update_templates(wl);
3667 b43_write_mac_bssid_templates(dev);
3669 spin_unlock_irqrestore(&wl->irq_lock, flags);
3670 mutex_unlock(&wl->mutex);
3675 /* Locking: wl->mutex */
3676 static void b43_wireless_core_stop(struct b43_wldev *dev)
3678 struct b43_wl *wl = dev->wl;
3679 unsigned long flags;
3681 if (b43_status(dev) < B43_STAT_STARTED)
3684 /* Disable and sync interrupts. We must do this before than
3685 * setting the status to INITIALIZED, as the interrupt handler
3686 * won't care about IRQs then. */
3687 spin_lock_irqsave(&wl->irq_lock, flags);
3688 dev->irq_savedstate = b43_interrupt_disable(dev, B43_IRQ_ALL);
3689 b43_read32(dev, B43_MMIO_GEN_IRQ_MASK); /* flush */
3690 spin_unlock_irqrestore(&wl->irq_lock, flags);
3691 b43_synchronize_irq(dev);
3693 write_lock_irqsave(&wl->tx_lock, flags);
3694 b43_set_status(dev, B43_STAT_INITIALIZED);
3695 write_unlock_irqrestore(&wl->tx_lock, flags);
3698 mutex_unlock(&wl->mutex);
3699 /* Must unlock as it would otherwise deadlock. No races here.
3700 * Cancel the possibly running self-rearming periodic work. */
3701 cancel_delayed_work_sync(&dev->periodic_work);
3702 mutex_lock(&wl->mutex);
3704 b43_mac_suspend(dev);
3705 free_irq(dev->dev->irq, dev);
3706 b43dbg(wl, "Wireless interface stopped\n");
3709 /* Locking: wl->mutex */
3710 static int b43_wireless_core_start(struct b43_wldev *dev)
3714 B43_WARN_ON(b43_status(dev) != B43_STAT_INITIALIZED);
3716 drain_txstatus_queue(dev);
3717 err = request_irq(dev->dev->irq, b43_interrupt_handler,
3718 IRQF_SHARED, KBUILD_MODNAME, dev);
3720 b43err(dev->wl, "Cannot request IRQ-%d\n", dev->dev->irq);
3724 /* We are ready to run. */
3725 b43_set_status(dev, B43_STAT_STARTED);
3727 /* Start data flow (TX/RX). */
3728 b43_mac_enable(dev);
3729 b43_interrupt_enable(dev, dev->irq_savedstate);
3731 /* Start maintainance work */
3732 b43_periodic_tasks_setup(dev);
3734 b43dbg(dev->wl, "Wireless interface started\n");
3739 /* Get PHY and RADIO versioning numbers */
3740 static int b43_phy_versioning(struct b43_wldev *dev)
3742 struct b43_phy *phy = &dev->phy;
3750 int unsupported = 0;
3752 /* Get PHY versioning */
3753 tmp = b43_read16(dev, B43_MMIO_PHY_VER);
3754 analog_type = (tmp & B43_PHYVER_ANALOG) >> B43_PHYVER_ANALOG_SHIFT;
3755 phy_type = (tmp & B43_PHYVER_TYPE) >> B43_PHYVER_TYPE_SHIFT;
3756 phy_rev = (tmp & B43_PHYVER_VERSION);
3763 if (phy_rev != 2 && phy_rev != 4 && phy_rev != 6
3771 #ifdef CONFIG_B43_NPHY
3781 b43err(dev->wl, "FOUND UNSUPPORTED PHY "
3782 "(Analog %u, Type %u, Revision %u)\n",
3783 analog_type, phy_type, phy_rev);
3786 b43dbg(dev->wl, "Found PHY: Analog %u, Type %u, Revision %u\n",
3787 analog_type, phy_type, phy_rev);
3789 /* Get RADIO versioning */
3790 if (dev->dev->bus->chip_id == 0x4317) {
3791 if (dev->dev->bus->chip_rev == 0)
3793 else if (dev->dev->bus->chip_rev == 1)
3798 b43_write16(dev, B43_MMIO_RADIO_CONTROL, B43_RADIOCTL_ID);
3799 tmp = b43_read16(dev, B43_MMIO_RADIO_DATA_LOW);
3800 b43_write16(dev, B43_MMIO_RADIO_CONTROL, B43_RADIOCTL_ID);
3801 tmp |= (u32)b43_read16(dev, B43_MMIO_RADIO_DATA_HIGH) << 16;
3803 radio_manuf = (tmp & 0x00000FFF);
3804 radio_ver = (tmp & 0x0FFFF000) >> 12;
3805 radio_rev = (tmp & 0xF0000000) >> 28;
3806 if (radio_manuf != 0x17F /* Broadcom */)
3810 if (radio_ver != 0x2060)
3814 if (radio_manuf != 0x17F)
3818 if ((radio_ver & 0xFFF0) != 0x2050)
3822 if (radio_ver != 0x2050)
3826 if (radio_ver != 0x2055)
3833 b43err(dev->wl, "FOUND UNSUPPORTED RADIO "
3834 "(Manuf 0x%X, Version 0x%X, Revision %u)\n",
3835 radio_manuf, radio_ver, radio_rev);
3838 b43dbg(dev->wl, "Found Radio: Manuf 0x%X, Version 0x%X, Revision %u\n",
3839 radio_manuf, radio_ver, radio_rev);
3841 phy->radio_manuf = radio_manuf;
3842 phy->radio_ver = radio_ver;
3843 phy->radio_rev = radio_rev;
3845 phy->analog = analog_type;
3846 phy->type = phy_type;
3852 static void setup_struct_phy_for_init(struct b43_wldev *dev,
3853 struct b43_phy *phy)
3855 struct b43_txpower_lo_control *lo;
3858 memset(phy->minlowsig, 0xFF, sizeof(phy->minlowsig));
3859 memset(phy->minlowsigpos, 0, sizeof(phy->minlowsigpos));
3861 phy->aci_enable = 0;
3862 phy->aci_wlan_automatic = 0;
3863 phy->aci_hw_rssi = 0;
3865 phy->radio_off_context.valid = 0;
3867 lo = phy->lo_control;
3869 memset(lo, 0, sizeof(*(phy->lo_control)));
3871 INIT_LIST_HEAD(&lo->calib_list);
3873 phy->max_lb_gain = 0;
3874 phy->trsw_rx_gain = 0;
3875 phy->txpwr_offset = 0;
3878 phy->nrssislope = 0;
3879 for (i = 0; i < ARRAY_SIZE(phy->nrssi); i++)
3880 phy->nrssi[i] = -1000;
3881 for (i = 0; i < ARRAY_SIZE(phy->nrssi_lt); i++)
3882 phy->nrssi_lt[i] = i;
3884 phy->lofcal = 0xFFFF;
3885 phy->initval = 0xFFFF;
3887 phy->interfmode = B43_INTERFMODE_NONE;
3888 phy->channel = 0xFF;
3890 phy->hardware_power_control = !!modparam_hwpctl;
3892 /* PHY TX errors counter. */
3893 atomic_set(&phy->txerr_cnt, B43_PHY_TX_BADNESS_LIMIT);
3895 /* OFDM-table address caching. */
3896 phy->ofdmtab_addr_direction = B43_OFDMTAB_DIRECTION_UNKNOWN;
3899 static void setup_struct_wldev_for_init(struct b43_wldev *dev)
3903 /* Assume the radio is enabled. If it's not enabled, the state will
3904 * immediately get fixed on the first periodic work run. */
3905 dev->radio_hw_enable = 1;
3908 memset(&dev->stats, 0, sizeof(dev->stats));
3910 setup_struct_phy_for_init(dev, &dev->phy);
3912 /* IRQ related flags */
3913 dev->irq_reason = 0;
3914 memset(dev->dma_reason, 0, sizeof(dev->dma_reason));
3915 dev->irq_savedstate = B43_IRQ_MASKTEMPLATE;
3917 dev->mac_suspended = 1;
3919 /* Noise calculation context */
3920 memset(&dev->noisecalc, 0, sizeof(dev->noisecalc));
3923 static void b43_bluetooth_coext_enable(struct b43_wldev *dev)
3925 struct ssb_sprom *sprom = &dev->dev->bus->sprom;
3928 if (!modparam_btcoex)
3930 if (!(sprom->boardflags_lo & B43_BFL_BTCOEXIST))
3932 if (dev->phy.type != B43_PHYTYPE_B && !dev->phy.gmode)
3935 hf = b43_hf_read(dev);
3936 if (sprom->boardflags_lo & B43_BFL_BTCMOD)
3937 hf |= B43_HF_BTCOEXALT;
3939 hf |= B43_HF_BTCOEX;
3940 b43_hf_write(dev, hf);
3943 static void b43_bluetooth_coext_disable(struct b43_wldev *dev)
3945 if (!modparam_btcoex)
3950 static void b43_imcfglo_timeouts_workaround(struct b43_wldev *dev)
3952 #ifdef CONFIG_SSB_DRIVER_PCICORE
3953 struct ssb_bus *bus = dev->dev->bus;
3956 if (bus->pcicore.dev &&
3957 bus->pcicore.dev->id.coreid == SSB_DEV_PCI &&
3958 bus->pcicore.dev->id.revision <= 5) {
3959 /* IMCFGLO timeouts workaround. */
3960 tmp = ssb_read32(dev->dev, SSB_IMCFGLO);
3961 tmp &= ~SSB_IMCFGLO_REQTO;
3962 tmp &= ~SSB_IMCFGLO_SERTO;
3963 switch (bus->bustype) {
3964 case SSB_BUSTYPE_PCI:
3965 case SSB_BUSTYPE_PCMCIA:
3968 case SSB_BUSTYPE_SSB:
3972 ssb_write32(dev->dev, SSB_IMCFGLO, tmp);
3974 #endif /* CONFIG_SSB_DRIVER_PCICORE */
3977 /* Write the short and long frame retry limit values. */
3978 static void b43_set_retry_limits(struct b43_wldev *dev,
3979 unsigned int short_retry,
3980 unsigned int long_retry)
3982 /* The retry limit is a 4-bit counter. Enforce this to avoid overflowing
3983 * the chip-internal counter. */
3984 short_retry = min(short_retry, (unsigned int)0xF);
3985 long_retry = min(long_retry, (unsigned int)0xF);
3987 b43_shm_write16(dev, B43_SHM_SCRATCH, B43_SHM_SC_SRLIMIT,
3989 b43_shm_write16(dev, B43_SHM_SCRATCH, B43_SHM_SC_LRLIMIT,
3993 static void b43_set_synth_pu_delay(struct b43_wldev *dev, bool idle)
3997 /* The time value is in microseconds. */
3998 if (dev->phy.type == B43_PHYTYPE_A)
4002 if (b43_is_mode(dev->wl, IEEE80211_IF_TYPE_IBSS) || idle)
4004 if ((dev->phy.radio_ver == 0x2050) && (dev->phy.radio_rev == 8))
4005 pu_delay = max(pu_delay, (u16)2400);
4007 b43_shm_write16(dev, B43_SHM_SHARED, B43_SHM_SH_SPUWKUP, pu_delay);
4010 /* Set the TSF CFP pre-TargetBeaconTransmissionTime. */
4011 static void b43_set_pretbtt(struct b43_wldev *dev)
4015 /* The time value is in microseconds. */
4016 if (b43_is_mode(dev->wl, IEEE80211_IF_TYPE_IBSS)) {
4019 if (dev->phy.type == B43_PHYTYPE_A)
4024 b43_shm_write16(dev, B43_SHM_SHARED, B43_SHM_SH_PRETBTT, pretbtt);
4025 b43_write16(dev, B43_MMIO_TSF_CFP_PRETBTT, pretbtt);
4028 /* Shutdown a wireless core */
4029 /* Locking: wl->mutex */
4030 static void b43_wireless_core_exit(struct b43_wldev *dev)
4032 struct b43_phy *phy = &dev->phy;
4035 B43_WARN_ON(b43_status(dev) > B43_STAT_INITIALIZED);
4036 if (b43_status(dev) != B43_STAT_INITIALIZED)
4038 b43_set_status(dev, B43_STAT_UNINIT);
4040 /* Stop the microcode PSM. */
4041 macctl = b43_read32(dev, B43_MMIO_MACCTL);
4042 macctl &= ~B43_MACCTL_PSM_RUN;
4043 macctl |= B43_MACCTL_PSM_JMP0;
4044 b43_write32(dev, B43_MMIO_MACCTL, macctl);
4046 if (!dev->suspend_in_progress) {
4048 b43_rng_exit(dev->wl);
4053 b43_radio_turn_off(dev, 1);
4054 b43_switch_analog(dev, 0);
4055 if (phy->dyn_tssi_tbl)
4056 kfree(phy->tssi2dbm);
4057 kfree(phy->lo_control);
4058 phy->lo_control = NULL;
4059 if (dev->wl->current_beacon) {
4060 dev_kfree_skb_any(dev->wl->current_beacon);
4061 dev->wl->current_beacon = NULL;
4064 ssb_device_disable(dev->dev, 0);
4065 ssb_bus_may_powerdown(dev->dev->bus);
4068 /* Initialize a wireless core */
4069 static int b43_wireless_core_init(struct b43_wldev *dev)
4071 struct b43_wl *wl = dev->wl;
4072 struct ssb_bus *bus = dev->dev->bus;
4073 struct ssb_sprom *sprom = &bus->sprom;
4074 struct b43_phy *phy = &dev->phy;
4079 B43_WARN_ON(b43_status(dev) != B43_STAT_UNINIT);
4081 err = ssb_bus_powerup(bus, 0);
4084 if (!ssb_device_is_enabled(dev->dev)) {
4085 tmp = phy->gmode ? B43_TMSLOW_GMODE : 0;
4086 b43_wireless_core_reset(dev, tmp);
4089 if ((phy->type == B43_PHYTYPE_B) || (phy->type == B43_PHYTYPE_G)) {
4091 kzalloc(sizeof(*(phy->lo_control)), GFP_KERNEL);
4092 if (!phy->lo_control) {
4097 setup_struct_wldev_for_init(dev);
4099 err = b43_phy_init_tssi2dbm_table(dev);
4101 goto err_kfree_lo_control;
4103 /* Enable IRQ routing to this device. */
4104 ssb_pcicore_dev_irqvecs_enable(&bus->pcicore, dev->dev);
4106 b43_imcfglo_timeouts_workaround(dev);
4107 b43_bluetooth_coext_disable(dev);
4108 b43_phy_early_init(dev);
4109 err = b43_chip_init(dev);
4111 goto err_kfree_tssitbl;
4112 b43_shm_write16(dev, B43_SHM_SHARED,
4113 B43_SHM_SH_WLCOREREV, dev->dev->id.revision);
4114 hf = b43_hf_read(dev);
4115 if (phy->type == B43_PHYTYPE_G) {
4119 if (sprom->boardflags_lo & B43_BFL_PACTRL)
4120 hf |= B43_HF_OFDMPABOOST;
4121 } else if (phy->type == B43_PHYTYPE_B) {
4123 if (phy->rev >= 2 && phy->radio_ver == 0x2050)
4126 b43_hf_write(dev, hf);
4128 b43_set_retry_limits(dev, B43_DEFAULT_SHORT_RETRY_LIMIT,
4129 B43_DEFAULT_LONG_RETRY_LIMIT);
4130 b43_shm_write16(dev, B43_SHM_SHARED, B43_SHM_SH_SFFBLIM, 3);
4131 b43_shm_write16(dev, B43_SHM_SHARED, B43_SHM_SH_LFFBLIM, 2);
4133 /* Disable sending probe responses from firmware.
4134 * Setting the MaxTime to one usec will always trigger
4135 * a timeout, so we never send any probe resp.
4136 * A timeout of zero is infinite. */
4137 b43_shm_write16(dev, B43_SHM_SHARED, B43_SHM_SH_PRMAXTIME, 1);
4139 b43_rate_memory_init(dev);
4140 b43_set_phytxctl_defaults(dev);
4142 /* Minimum Contention Window */
4143 if (phy->type == B43_PHYTYPE_B) {
4144 b43_shm_write16(dev, B43_SHM_SCRATCH, B43_SHM_SC_MINCONT, 0x1F);
4146 b43_shm_write16(dev, B43_SHM_SCRATCH, B43_SHM_SC_MINCONT, 0xF);
4148 /* Maximum Contention Window */
4149 b43_shm_write16(dev, B43_SHM_SCRATCH, B43_SHM_SC_MAXCONT, 0x3FF);
4151 if ((dev->dev->bus->bustype == SSB_BUSTYPE_PCMCIA) || B43_FORCE_PIO) {
4152 dev->__using_pio_transfers = 1;
4153 err = b43_pio_init(dev);
4155 dev->__using_pio_transfers = 0;
4156 err = b43_dma_init(dev);
4161 b43_set_synth_pu_delay(dev, 1);
4162 b43_bluetooth_coext_enable(dev);
4164 ssb_bus_powerup(bus, 1); /* Enable dynamic PCTL */
4165 b43_upload_card_macaddress(dev);
4166 b43_security_init(dev);
4167 if (!dev->suspend_in_progress)
4170 b43_set_status(dev, B43_STAT_INITIALIZED);
4172 if (!dev->suspend_in_progress)
4180 if (phy->dyn_tssi_tbl)
4181 kfree(phy->tssi2dbm);
4182 err_kfree_lo_control:
4183 kfree(phy->lo_control);
4184 phy->lo_control = NULL;
4186 ssb_bus_may_powerdown(bus);
4187 B43_WARN_ON(b43_status(dev) != B43_STAT_UNINIT);
4191 static int b43_op_add_interface(struct ieee80211_hw *hw,
4192 struct ieee80211_if_init_conf *conf)
4194 struct b43_wl *wl = hw_to_b43_wl(hw);
4195 struct b43_wldev *dev;
4196 unsigned long flags;
4197 int err = -EOPNOTSUPP;
4199 /* TODO: allow WDS/AP devices to coexist */
4201 if (conf->type != IEEE80211_IF_TYPE_AP &&
4202 conf->type != IEEE80211_IF_TYPE_MESH_POINT &&
4203 conf->type != IEEE80211_IF_TYPE_STA &&
4204 conf->type != IEEE80211_IF_TYPE_WDS &&
4205 conf->type != IEEE80211_IF_TYPE_IBSS)
4208 mutex_lock(&wl->mutex);
4210 goto out_mutex_unlock;
4212 b43dbg(wl, "Adding Interface type %d\n", conf->type);
4214 dev = wl->current_dev;
4216 wl->vif = conf->vif;
4217 wl->if_type = conf->type;
4218 memcpy(wl->mac_addr, conf->mac_addr, ETH_ALEN);
4220 spin_lock_irqsave(&wl->irq_lock, flags);
4221 b43_adjust_opmode(dev);
4222 b43_set_pretbtt(dev);
4223 b43_set_synth_pu_delay(dev, 0);
4224 b43_upload_card_macaddress(dev);
4225 spin_unlock_irqrestore(&wl->irq_lock, flags);
4229 mutex_unlock(&wl->mutex);
4234 static void b43_op_remove_interface(struct ieee80211_hw *hw,
4235 struct ieee80211_if_init_conf *conf)
4237 struct b43_wl *wl = hw_to_b43_wl(hw);
4238 struct b43_wldev *dev = wl->current_dev;
4239 unsigned long flags;
4241 b43dbg(wl, "Removing Interface type %d\n", conf->type);
4243 mutex_lock(&wl->mutex);
4245 B43_WARN_ON(!wl->operating);
4246 B43_WARN_ON(wl->vif != conf->vif);
4251 spin_lock_irqsave(&wl->irq_lock, flags);
4252 b43_adjust_opmode(dev);
4253 memset(wl->mac_addr, 0, ETH_ALEN);
4254 b43_upload_card_macaddress(dev);
4255 spin_unlock_irqrestore(&wl->irq_lock, flags);
4257 mutex_unlock(&wl->mutex);
4260 static int b43_op_start(struct ieee80211_hw *hw)
4262 struct b43_wl *wl = hw_to_b43_wl(hw);
4263 struct b43_wldev *dev = wl->current_dev;
4266 bool do_rfkill_exit = 0;
4268 /* Kill all old instance specific information to make sure
4269 * the card won't use it in the short timeframe between start
4270 * and mac80211 reconfiguring it. */
4271 memset(wl->bssid, 0, ETH_ALEN);
4272 memset(wl->mac_addr, 0, ETH_ALEN);
4273 wl->filter_flags = 0;
4274 wl->radiotap_enabled = 0;
4276 wl->beacon0_uploaded = 0;
4277 wl->beacon1_uploaded = 0;
4278 wl->beacon_templates_virgin = 1;
4280 /* First register RFkill.
4281 * LEDs that are registered later depend on it. */
4282 b43_rfkill_init(dev);
4284 mutex_lock(&wl->mutex);
4286 if (b43_status(dev) < B43_STAT_INITIALIZED) {
4287 err = b43_wireless_core_init(dev);
4290 goto out_mutex_unlock;
4295 if (b43_status(dev) < B43_STAT_STARTED) {
4296 err = b43_wireless_core_start(dev);
4299 b43_wireless_core_exit(dev);
4301 goto out_mutex_unlock;
4306 mutex_unlock(&wl->mutex);
4309 b43_rfkill_exit(dev);
4314 static void b43_op_stop(struct ieee80211_hw *hw)
4316 struct b43_wl *wl = hw_to_b43_wl(hw);
4317 struct b43_wldev *dev = wl->current_dev;
4319 b43_rfkill_exit(dev);
4320 cancel_work_sync(&(wl->qos_update_work));
4321 cancel_work_sync(&(wl->beacon_update_trigger));
4323 mutex_lock(&wl->mutex);
4324 if (b43_status(dev) >= B43_STAT_STARTED)
4325 b43_wireless_core_stop(dev);
4326 b43_wireless_core_exit(dev);
4327 mutex_unlock(&wl->mutex);
4330 static int b43_op_set_retry_limit(struct ieee80211_hw *hw,
4331 u32 short_retry_limit, u32 long_retry_limit)
4333 struct b43_wl *wl = hw_to_b43_wl(hw);
4334 struct b43_wldev *dev;
4337 mutex_lock(&wl->mutex);
4338 dev = wl->current_dev;
4339 if (unlikely(!dev || (b43_status(dev) < B43_STAT_INITIALIZED))) {
4343 b43_set_retry_limits(dev, short_retry_limit, long_retry_limit);
4345 mutex_unlock(&wl->mutex);
4350 static int b43_op_beacon_set_tim(struct ieee80211_hw *hw, int aid, int set)
4352 struct b43_wl *wl = hw_to_b43_wl(hw);
4353 unsigned long flags;
4355 spin_lock_irqsave(&wl->irq_lock, flags);
4356 b43_update_templates(wl);
4357 spin_unlock_irqrestore(&wl->irq_lock, flags);
4362 static void b43_op_sta_notify(struct ieee80211_hw *hw,
4363 struct ieee80211_vif *vif,
4364 enum sta_notify_cmd notify_cmd,
4367 struct b43_wl *wl = hw_to_b43_wl(hw);
4369 B43_WARN_ON(!vif || wl->vif != vif);
4372 static const struct ieee80211_ops b43_hw_ops = {
4374 .conf_tx = b43_op_conf_tx,
4375 .add_interface = b43_op_add_interface,
4376 .remove_interface = b43_op_remove_interface,
4377 .config = b43_op_config,
4378 .config_interface = b43_op_config_interface,
4379 .configure_filter = b43_op_configure_filter,
4380 .set_key = b43_op_set_key,
4381 .get_stats = b43_op_get_stats,
4382 .get_tx_stats = b43_op_get_tx_stats,
4383 .start = b43_op_start,
4384 .stop = b43_op_stop,
4385 .set_retry_limit = b43_op_set_retry_limit,
4386 .set_tim = b43_op_beacon_set_tim,
4387 .sta_notify = b43_op_sta_notify,
4390 /* Hard-reset the chip. Do not call this directly.
4391 * Use b43_controller_restart()
4393 static void b43_chip_reset(struct work_struct *work)
4395 struct b43_wldev *dev =
4396 container_of(work, struct b43_wldev, restart_work);
4397 struct b43_wl *wl = dev->wl;
4401 mutex_lock(&wl->mutex);
4403 prev_status = b43_status(dev);
4404 /* Bring the device down... */
4405 if (prev_status >= B43_STAT_STARTED)
4406 b43_wireless_core_stop(dev);
4407 if (prev_status >= B43_STAT_INITIALIZED)
4408 b43_wireless_core_exit(dev);
4410 /* ...and up again. */
4411 if (prev_status >= B43_STAT_INITIALIZED) {
4412 err = b43_wireless_core_init(dev);
4416 if (prev_status >= B43_STAT_STARTED) {
4417 err = b43_wireless_core_start(dev);
4419 b43_wireless_core_exit(dev);
4425 wl->current_dev = NULL; /* Failed to init the dev. */
4426 mutex_unlock(&wl->mutex);
4428 b43err(wl, "Controller restart FAILED\n");
4430 b43info(wl, "Controller restarted\n");
4433 static int b43_setup_bands(struct b43_wldev *dev,
4434 bool have_2ghz_phy, bool have_5ghz_phy)
4436 struct ieee80211_hw *hw = dev->wl->hw;
4439 hw->wiphy->bands[IEEE80211_BAND_2GHZ] = &b43_band_2GHz;
4440 if (dev->phy.type == B43_PHYTYPE_N) {
4442 hw->wiphy->bands[IEEE80211_BAND_5GHZ] = &b43_band_5GHz_nphy;
4445 hw->wiphy->bands[IEEE80211_BAND_5GHZ] = &b43_band_5GHz_aphy;
4448 dev->phy.supports_2ghz = have_2ghz_phy;
4449 dev->phy.supports_5ghz = have_5ghz_phy;
4454 static void b43_wireless_core_detach(struct b43_wldev *dev)
4456 /* We release firmware that late to not be required to re-request
4457 * is all the time when we reinit the core. */
4458 b43_release_firmware(dev);
4461 static int b43_wireless_core_attach(struct b43_wldev *dev)
4463 struct b43_wl *wl = dev->wl;
4464 struct ssb_bus *bus = dev->dev->bus;
4465 struct pci_dev *pdev = bus->host_pci;
4467 bool have_2ghz_phy = 0, have_5ghz_phy = 0;
4470 /* Do NOT do any device initialization here.
4471 * Do it in wireless_core_init() instead.
4472 * This function is for gathering basic information about the HW, only.
4473 * Also some structs may be set up here. But most likely you want to have
4474 * that in core_init(), too.
4477 err = ssb_bus_powerup(bus, 0);
4479 b43err(wl, "Bus powerup failed\n");
4482 /* Get the PHY type. */
4483 if (dev->dev->id.revision >= 5) {
4486 tmshigh = ssb_read32(dev->dev, SSB_TMSHIGH);
4487 have_2ghz_phy = !!(tmshigh & B43_TMSHIGH_HAVE_2GHZ_PHY);
4488 have_5ghz_phy = !!(tmshigh & B43_TMSHIGH_HAVE_5GHZ_PHY);
4492 dev->phy.gmode = have_2ghz_phy;
4493 tmp = dev->phy.gmode ? B43_TMSLOW_GMODE : 0;
4494 b43_wireless_core_reset(dev, tmp);
4496 err = b43_phy_versioning(dev);
4499 /* Check if this device supports multiband. */
4501 (pdev->device != 0x4312 &&
4502 pdev->device != 0x4319 && pdev->device != 0x4324)) {
4503 /* No multiband support. */
4506 switch (dev->phy.type) {
4518 if (dev->phy.type == B43_PHYTYPE_A) {
4520 b43err(wl, "IEEE 802.11a devices are unsupported\n");
4524 if (1 /* disable A-PHY */) {
4525 /* FIXME: For now we disable the A-PHY on multi-PHY devices. */
4526 if (dev->phy.type != B43_PHYTYPE_N) {
4532 dev->phy.gmode = have_2ghz_phy;
4533 tmp = dev->phy.gmode ? B43_TMSLOW_GMODE : 0;
4534 b43_wireless_core_reset(dev, tmp);
4536 err = b43_validate_chipaccess(dev);
4539 err = b43_setup_bands(dev, have_2ghz_phy, have_5ghz_phy);
4543 /* Now set some default "current_dev" */
4544 if (!wl->current_dev)
4545 wl->current_dev = dev;
4546 INIT_WORK(&dev->restart_work, b43_chip_reset);
4548 b43_radio_turn_off(dev, 1);
4549 b43_switch_analog(dev, 0);
4550 ssb_device_disable(dev->dev, 0);
4551 ssb_bus_may_powerdown(bus);
4557 ssb_bus_may_powerdown(bus);
4561 static void b43_one_core_detach(struct ssb_device *dev)
4563 struct b43_wldev *wldev;
4566 /* Do not cancel ieee80211-workqueue based work here.
4567 * See comment in b43_remove(). */
4569 wldev = ssb_get_drvdata(dev);
4571 b43_debugfs_remove_device(wldev);
4572 b43_wireless_core_detach(wldev);
4573 list_del(&wldev->list);
4575 ssb_set_drvdata(dev, NULL);
4579 static int b43_one_core_attach(struct ssb_device *dev, struct b43_wl *wl)
4581 struct b43_wldev *wldev;
4582 struct pci_dev *pdev;
4585 if (!list_empty(&wl->devlist)) {
4586 /* We are not the first core on this chip. */
4587 pdev = dev->bus->host_pci;
4588 /* Only special chips support more than one wireless
4589 * core, although some of the other chips have more than
4590 * one wireless core as well. Check for this and
4594 ((pdev->device != 0x4321) &&
4595 (pdev->device != 0x4313) && (pdev->device != 0x431A))) {
4596 b43dbg(wl, "Ignoring unconnected 802.11 core\n");
4601 wldev = kzalloc(sizeof(*wldev), GFP_KERNEL);
4607 b43_set_status(wldev, B43_STAT_UNINIT);
4608 wldev->bad_frames_preempt = modparam_bad_frames_preempt;
4609 tasklet_init(&wldev->isr_tasklet,
4610 (void (*)(unsigned long))b43_interrupt_tasklet,
4611 (unsigned long)wldev);
4612 INIT_LIST_HEAD(&wldev->list);
4614 err = b43_wireless_core_attach(wldev);
4616 goto err_kfree_wldev;
4618 list_add(&wldev->list, &wl->devlist);
4620 ssb_set_drvdata(dev, wldev);
4621 b43_debugfs_add_device(wldev);
4631 #define IS_PDEV(pdev, _vendor, _device, _subvendor, _subdevice) ( \
4632 (pdev->vendor == PCI_VENDOR_ID_##_vendor) && \
4633 (pdev->device == _device) && \
4634 (pdev->subsystem_vendor == PCI_VENDOR_ID_##_subvendor) && \
4635 (pdev->subsystem_device == _subdevice) )
4637 static void b43_sprom_fixup(struct ssb_bus *bus)
4639 struct pci_dev *pdev;
4641 /* boardflags workarounds */
4642 if (bus->boardinfo.vendor == SSB_BOARDVENDOR_DELL &&
4643 bus->chip_id == 0x4301 && bus->boardinfo.rev == 0x74)
4644 bus->sprom.boardflags_lo |= B43_BFL_BTCOEXIST;
4645 if (bus->boardinfo.vendor == PCI_VENDOR_ID_APPLE &&
4646 bus->boardinfo.type == 0x4E && bus->boardinfo.rev > 0x40)
4647 bus->sprom.boardflags_lo |= B43_BFL_PACTRL;
4648 if (bus->bustype == SSB_BUSTYPE_PCI) {
4649 pdev = bus->host_pci;
4650 if (IS_PDEV(pdev, BROADCOM, 0x4318, ASUSTEK, 0x100F) ||
4651 IS_PDEV(pdev, BROADCOM, 0x4320, LINKSYS, 0x0015) ||
4652 IS_PDEV(pdev, BROADCOM, 0x4320, LINKSYS, 0x0013))
4653 bus->sprom.boardflags_lo &= ~B43_BFL_BTCOEXIST;
4657 static void b43_wireless_exit(struct ssb_device *dev, struct b43_wl *wl)
4659 struct ieee80211_hw *hw = wl->hw;
4661 ssb_set_devtypedata(dev, NULL);
4662 ieee80211_free_hw(hw);
4665 static int b43_wireless_init(struct ssb_device *dev)
4667 struct ssb_sprom *sprom = &dev->bus->sprom;
4668 struct ieee80211_hw *hw;
4672 b43_sprom_fixup(dev->bus);
4674 hw = ieee80211_alloc_hw(sizeof(*wl), &b43_hw_ops);
4676 b43err(NULL, "Could not allocate ieee80211 device\n");
4681 hw->flags = IEEE80211_HW_HOST_GEN_BEACON_TEMPLATE |
4682 IEEE80211_HW_RX_INCLUDES_FCS |
4683 IEEE80211_HW_SIGNAL_DBM |
4684 IEEE80211_HW_NOISE_DBM;
4686 hw->queues = b43_modparam_qos ? 4 : 1;
4687 SET_IEEE80211_DEV(hw, dev->dev);
4688 if (is_valid_ether_addr(sprom->et1mac))
4689 SET_IEEE80211_PERM_ADDR(hw, sprom->et1mac);
4691 SET_IEEE80211_PERM_ADDR(hw, sprom->il0mac);
4693 /* Get and initialize struct b43_wl */
4694 wl = hw_to_b43_wl(hw);
4695 memset(wl, 0, sizeof(*wl));
4697 spin_lock_init(&wl->irq_lock);
4698 rwlock_init(&wl->tx_lock);
4699 spin_lock_init(&wl->leds_lock);
4700 spin_lock_init(&wl->shm_lock);
4701 mutex_init(&wl->mutex);
4702 INIT_LIST_HEAD(&wl->devlist);
4703 INIT_WORK(&wl->qos_update_work, b43_qos_update_work);
4704 INIT_WORK(&wl->beacon_update_trigger, b43_beacon_update_trigger_work);
4706 ssb_set_devtypedata(dev, wl);
4707 b43info(wl, "Broadcom %04X WLAN found\n", dev->bus->chip_id);
4713 static int b43_probe(struct ssb_device *dev, const struct ssb_device_id *id)
4719 wl = ssb_get_devtypedata(dev);
4721 /* Probing the first core. Must setup common struct b43_wl */
4723 err = b43_wireless_init(dev);
4726 wl = ssb_get_devtypedata(dev);
4729 err = b43_one_core_attach(dev, wl);
4731 goto err_wireless_exit;
4734 err = ieee80211_register_hw(wl->hw);
4736 goto err_one_core_detach;
4742 err_one_core_detach:
4743 b43_one_core_detach(dev);
4746 b43_wireless_exit(dev, wl);
4750 static void b43_remove(struct ssb_device *dev)
4752 struct b43_wl *wl = ssb_get_devtypedata(dev);
4753 struct b43_wldev *wldev = ssb_get_drvdata(dev);
4755 /* We must cancel any work here before unregistering from ieee80211,
4756 * as the ieee80211 unreg will destroy the workqueue. */
4757 cancel_work_sync(&wldev->restart_work);
4760 if (wl->current_dev == wldev)
4761 ieee80211_unregister_hw(wl->hw);
4763 b43_one_core_detach(dev);
4765 if (list_empty(&wl->devlist)) {
4766 /* Last core on the chip unregistered.
4767 * We can destroy common struct b43_wl.
4769 b43_wireless_exit(dev, wl);
4773 /* Perform a hardware reset. This can be called from any context. */
4774 void b43_controller_restart(struct b43_wldev *dev, const char *reason)
4776 /* Must avoid requeueing, if we are in shutdown. */
4777 if (b43_status(dev) < B43_STAT_INITIALIZED)
4779 b43info(dev->wl, "Controller RESET (%s) ...\n", reason);
4780 queue_work(dev->wl->hw->workqueue, &dev->restart_work);
4785 static int b43_suspend(struct ssb_device *dev, pm_message_t state)
4787 struct b43_wldev *wldev = ssb_get_drvdata(dev);
4788 struct b43_wl *wl = wldev->wl;
4790 b43dbg(wl, "Suspending...\n");
4792 mutex_lock(&wl->mutex);
4793 wldev->suspend_in_progress = true;
4794 wldev->suspend_init_status = b43_status(wldev);
4795 if (wldev->suspend_init_status >= B43_STAT_STARTED)
4796 b43_wireless_core_stop(wldev);
4797 if (wldev->suspend_init_status >= B43_STAT_INITIALIZED)
4798 b43_wireless_core_exit(wldev);
4799 mutex_unlock(&wl->mutex);
4801 b43dbg(wl, "Device suspended.\n");
4806 static int b43_resume(struct ssb_device *dev)
4808 struct b43_wldev *wldev = ssb_get_drvdata(dev);
4809 struct b43_wl *wl = wldev->wl;
4812 b43dbg(wl, "Resuming...\n");
4814 mutex_lock(&wl->mutex);
4815 if (wldev->suspend_init_status >= B43_STAT_INITIALIZED) {
4816 err = b43_wireless_core_init(wldev);
4818 b43err(wl, "Resume failed at core init\n");
4822 if (wldev->suspend_init_status >= B43_STAT_STARTED) {
4823 err = b43_wireless_core_start(wldev);
4825 b43_leds_exit(wldev);
4826 b43_rng_exit(wldev->wl);
4827 b43_wireless_core_exit(wldev);
4828 b43err(wl, "Resume failed at core start\n");
4832 b43dbg(wl, "Device resumed.\n");
4834 wldev->suspend_in_progress = false;
4835 mutex_unlock(&wl->mutex);
4839 #else /* CONFIG_PM */
4840 # define b43_suspend NULL
4841 # define b43_resume NULL
4842 #endif /* CONFIG_PM */
4844 static struct ssb_driver b43_ssb_driver = {
4845 .name = KBUILD_MODNAME,
4846 .id_table = b43_ssb_tbl,
4848 .remove = b43_remove,
4849 .suspend = b43_suspend,
4850 .resume = b43_resume,
4853 static void b43_print_driverinfo(void)
4855 const char *feat_pci = "", *feat_pcmcia = "", *feat_nphy = "",
4856 *feat_leds = "", *feat_rfkill = "";
4858 #ifdef CONFIG_B43_PCI_AUTOSELECT
4861 #ifdef CONFIG_B43_PCMCIA
4864 #ifdef CONFIG_B43_NPHY
4867 #ifdef CONFIG_B43_LEDS
4870 #ifdef CONFIG_B43_RFKILL
4873 printk(KERN_INFO "Broadcom 43xx driver loaded "
4874 "[ Features: %s%s%s%s%s, Firmware-ID: "
4875 B43_SUPPORTED_FIRMWARE_ID " ]\n",
4876 feat_pci, feat_pcmcia, feat_nphy,
4877 feat_leds, feat_rfkill);
4880 static int __init b43_init(void)
4885 err = b43_pcmcia_init();
4888 err = ssb_driver_register(&b43_ssb_driver);
4890 goto err_pcmcia_exit;
4891 b43_print_driverinfo();
4902 static void __exit b43_exit(void)
4904 ssb_driver_unregister(&b43_ssb_driver);
4909 module_init(b43_init)
4910 module_exit(b43_exit)
projects / linux-2.6-omap-h63xx.git / blob