linux/drivers/net/wireless/broadcom/b43/main.c
<<
>>
Prefs
   1// SPDX-License-Identifier: GPL-2.0-or-later
   2/*
   3
   4  Broadcom B43 wireless driver
   5
   6  Copyright (c) 2005 Martin Langer <martin-langer@gmx.de>
   7  Copyright (c) 2005 Stefano Brivio <stefano.brivio@polimi.it>
   8  Copyright (c) 2005-2009 Michael Buesch <m@bues.ch>
   9  Copyright (c) 2005 Danny van Dyk <kugelfang@gentoo.org>
  10  Copyright (c) 2005 Andreas Jaggi <andreas.jaggi@waterwave.ch>
  11  Copyright (c) 2010-2011 Rafał Miłecki <zajec5@gmail.com>
  12
  13  SDIO support
  14  Copyright (c) 2009 Albert Herranz <albert_herranz@yahoo.es>
  15
  16  Some parts of the code in this file are derived from the ipw2200
  17  driver  Copyright(c) 2003 - 2004 Intel Corporation.
  18
  19
  20*/
  21
  22#include <linux/delay.h>
  23#include <linux/init.h>
  24#include <linux/module.h>
  25#include <linux/if_arp.h>
  26#include <linux/etherdevice.h>
  27#include <linux/firmware.h>
  28#include <linux/workqueue.h>
  29#include <linux/skbuff.h>
  30#include <linux/io.h>
  31#include <linux/dma-mapping.h>
  32#include <linux/slab.h>
  33#include <asm/unaligned.h>
  34
  35#include "b43.h"
  36#include "main.h"
  37#include "debugfs.h"
  38#include "phy_common.h"
  39#include "phy_g.h"
  40#include "phy_n.h"
  41#include "dma.h"
  42#include "pio.h"
  43#include "sysfs.h"
  44#include "xmit.h"
  45#include "lo.h"
  46#include "sdio.h"
  47#include <linux/mmc/sdio_func.h>
  48
  49MODULE_DESCRIPTION("Broadcom B43 wireless driver");
  50MODULE_AUTHOR("Martin Langer");
  51MODULE_AUTHOR("Stefano Brivio");
  52MODULE_AUTHOR("Michael Buesch");
  53MODULE_AUTHOR("Gábor Stefanik");
  54MODULE_AUTHOR("Rafał Miłecki");
  55MODULE_LICENSE("GPL");
  56
  57MODULE_FIRMWARE("b43/ucode11.fw");
  58MODULE_FIRMWARE("b43/ucode13.fw");
  59MODULE_FIRMWARE("b43/ucode14.fw");
  60MODULE_FIRMWARE("b43/ucode15.fw");
  61MODULE_FIRMWARE("b43/ucode16_lp.fw");
  62MODULE_FIRMWARE("b43/ucode16_mimo.fw");
  63MODULE_FIRMWARE("b43/ucode24_lcn.fw");
  64MODULE_FIRMWARE("b43/ucode25_lcn.fw");
  65MODULE_FIRMWARE("b43/ucode25_mimo.fw");
  66MODULE_FIRMWARE("b43/ucode26_mimo.fw");
  67MODULE_FIRMWARE("b43/ucode29_mimo.fw");
  68MODULE_FIRMWARE("b43/ucode33_lcn40.fw");
  69MODULE_FIRMWARE("b43/ucode30_mimo.fw");
  70MODULE_FIRMWARE("b43/ucode5.fw");
  71MODULE_FIRMWARE("b43/ucode40.fw");
  72MODULE_FIRMWARE("b43/ucode42.fw");
  73MODULE_FIRMWARE("b43/ucode9.fw");
  74
  75static int modparam_bad_frames_preempt;
  76module_param_named(bad_frames_preempt, modparam_bad_frames_preempt, int, 0444);
  77MODULE_PARM_DESC(bad_frames_preempt,
  78                 "enable(1) / disable(0) Bad Frames Preemption");
  79
  80static char modparam_fwpostfix[16];
  81module_param_string(fwpostfix, modparam_fwpostfix, 16, 0444);
  82MODULE_PARM_DESC(fwpostfix, "Postfix for the .fw files to load.");
  83
  84static int modparam_hwpctl;
  85module_param_named(hwpctl, modparam_hwpctl, int, 0444);
  86MODULE_PARM_DESC(hwpctl, "Enable hardware-side power control (default off)");
  87
  88static int modparam_nohwcrypt;
  89module_param_named(nohwcrypt, modparam_nohwcrypt, int, 0444);
  90MODULE_PARM_DESC(nohwcrypt, "Disable hardware encryption.");
  91
  92static int modparam_hwtkip;
  93module_param_named(hwtkip, modparam_hwtkip, int, 0444);
  94MODULE_PARM_DESC(hwtkip, "Enable hardware tkip.");
  95
  96static int modparam_qos = 1;
  97module_param_named(qos, modparam_qos, int, 0444);
  98MODULE_PARM_DESC(qos, "Enable QOS support (default on)");
  99
 100static int modparam_btcoex = 1;
 101module_param_named(btcoex, modparam_btcoex, int, 0444);
 102MODULE_PARM_DESC(btcoex, "Enable Bluetooth coexistence (default on)");
 103
 104int b43_modparam_verbose = B43_VERBOSITY_DEFAULT;
 105module_param_named(verbose, b43_modparam_verbose, int, 0644);
 106MODULE_PARM_DESC(verbose, "Log message verbosity: 0=error, 1=warn, 2=info(default), 3=debug");
 107
 108static int b43_modparam_pio = 0;
 109module_param_named(pio, b43_modparam_pio, int, 0644);
 110MODULE_PARM_DESC(pio, "Use PIO accesses by default: 0=DMA, 1=PIO");
 111
 112static int modparam_allhwsupport = !IS_ENABLED(CONFIG_BRCMSMAC);
 113module_param_named(allhwsupport, modparam_allhwsupport, int, 0444);
 114MODULE_PARM_DESC(allhwsupport, "Enable support for all hardware (even it if overlaps with the brcmsmac driver)");
 115
 116#ifdef CONFIG_B43_BCMA
 117static const struct bcma_device_id b43_bcma_tbl[] = {
 118        BCMA_CORE(BCMA_MANUF_BCM, BCMA_CORE_80211, 0x11, BCMA_ANY_CLASS),
 119        BCMA_CORE(BCMA_MANUF_BCM, BCMA_CORE_80211, 0x15, BCMA_ANY_CLASS),
 120        BCMA_CORE(BCMA_MANUF_BCM, BCMA_CORE_80211, 0x17, BCMA_ANY_CLASS),
 121        BCMA_CORE(BCMA_MANUF_BCM, BCMA_CORE_80211, 0x18, BCMA_ANY_CLASS),
 122        BCMA_CORE(BCMA_MANUF_BCM, BCMA_CORE_80211, 0x1C, BCMA_ANY_CLASS),
 123        BCMA_CORE(BCMA_MANUF_BCM, BCMA_CORE_80211, 0x1D, BCMA_ANY_CLASS),
 124        BCMA_CORE(BCMA_MANUF_BCM, BCMA_CORE_80211, 0x1E, BCMA_ANY_CLASS),
 125        BCMA_CORE(BCMA_MANUF_BCM, BCMA_CORE_80211, 0x28, BCMA_ANY_CLASS),
 126        BCMA_CORE(BCMA_MANUF_BCM, BCMA_CORE_80211, 0x2A, BCMA_ANY_CLASS),
 127        {},
 128};
 129MODULE_DEVICE_TABLE(bcma, b43_bcma_tbl);
 130#endif
 131
 132#ifdef CONFIG_B43_SSB
 133static const struct ssb_device_id b43_ssb_tbl[] = {
 134        SSB_DEVICE(SSB_VENDOR_BROADCOM, SSB_DEV_80211, 5),
 135        SSB_DEVICE(SSB_VENDOR_BROADCOM, SSB_DEV_80211, 6),
 136        SSB_DEVICE(SSB_VENDOR_BROADCOM, SSB_DEV_80211, 7),
 137        SSB_DEVICE(SSB_VENDOR_BROADCOM, SSB_DEV_80211, 9),
 138        SSB_DEVICE(SSB_VENDOR_BROADCOM, SSB_DEV_80211, 10),
 139        SSB_DEVICE(SSB_VENDOR_BROADCOM, SSB_DEV_80211, 11),
 140        SSB_DEVICE(SSB_VENDOR_BROADCOM, SSB_DEV_80211, 12),
 141        SSB_DEVICE(SSB_VENDOR_BROADCOM, SSB_DEV_80211, 13),
 142        SSB_DEVICE(SSB_VENDOR_BROADCOM, SSB_DEV_80211, 15),
 143        SSB_DEVICE(SSB_VENDOR_BROADCOM, SSB_DEV_80211, 16),
 144        {},
 145};
 146MODULE_DEVICE_TABLE(ssb, b43_ssb_tbl);
 147#endif
 148
 149/* Channel and ratetables are shared for all devices.
 150 * They can't be const, because ieee80211 puts some precalculated
 151 * data in there. This data is the same for all devices, so we don't
 152 * get concurrency issues */
 153#define RATETAB_ENT(_rateid, _flags) \
 154        {                                                               \
 155                .bitrate        = B43_RATE_TO_BASE100KBPS(_rateid),     \
 156                .hw_value       = (_rateid),                            \
 157                .flags          = (_flags),                             \
 158        }
 159
 160/*
 161 * NOTE: When changing this, sync with xmit.c's
 162 *       b43_plcp_get_bitrate_idx_* functions!
 163 */
 164static struct ieee80211_rate __b43_ratetable[] = {
 165        RATETAB_ENT(B43_CCK_RATE_1MB, 0),
 166        RATETAB_ENT(B43_CCK_RATE_2MB, IEEE80211_RATE_SHORT_PREAMBLE),
 167        RATETAB_ENT(B43_CCK_RATE_5MB, IEEE80211_RATE_SHORT_PREAMBLE),
 168        RATETAB_ENT(B43_CCK_RATE_11MB, IEEE80211_RATE_SHORT_PREAMBLE),
 169        RATETAB_ENT(B43_OFDM_RATE_6MB, 0),
 170        RATETAB_ENT(B43_OFDM_RATE_9MB, 0),
 171        RATETAB_ENT(B43_OFDM_RATE_12MB, 0),
 172        RATETAB_ENT(B43_OFDM_RATE_18MB, 0),
 173        RATETAB_ENT(B43_OFDM_RATE_24MB, 0),
 174        RATETAB_ENT(B43_OFDM_RATE_36MB, 0),
 175        RATETAB_ENT(B43_OFDM_RATE_48MB, 0),
 176        RATETAB_ENT(B43_OFDM_RATE_54MB, 0),
 177};
 178
 179#define b43_a_ratetable         (__b43_ratetable + 4)
 180#define b43_a_ratetable_size    8
 181#define b43_b_ratetable         (__b43_ratetable + 0)
 182#define b43_b_ratetable_size    4
 183#define b43_g_ratetable         (__b43_ratetable + 0)
 184#define b43_g_ratetable_size    12
 185
 186#define CHAN2G(_channel, _freq, _flags) {                       \
 187        .band                   = NL80211_BAND_2GHZ,            \
 188        .center_freq            = (_freq),                      \
 189        .hw_value               = (_channel),                   \
 190        .flags                  = (_flags),                     \
 191        .max_antenna_gain       = 0,                            \
 192        .max_power              = 30,                           \
 193}
 194static struct ieee80211_channel b43_2ghz_chantable[] = {
 195        CHAN2G(1, 2412, 0),
 196        CHAN2G(2, 2417, 0),
 197        CHAN2G(3, 2422, 0),
 198        CHAN2G(4, 2427, 0),
 199        CHAN2G(5, 2432, 0),
 200        CHAN2G(6, 2437, 0),
 201        CHAN2G(7, 2442, 0),
 202        CHAN2G(8, 2447, 0),
 203        CHAN2G(9, 2452, 0),
 204        CHAN2G(10, 2457, 0),
 205        CHAN2G(11, 2462, 0),
 206        CHAN2G(12, 2467, 0),
 207        CHAN2G(13, 2472, 0),
 208        CHAN2G(14, 2484, 0),
 209};
 210
 211/* No support for the last 3 channels (12, 13, 14) */
 212#define b43_2ghz_chantable_limited_size         11
 213#undef CHAN2G
 214
 215#define CHAN4G(_channel, _flags) {                              \
 216        .band                   = NL80211_BAND_5GHZ,            \
 217        .center_freq            = 4000 + (5 * (_channel)),      \
 218        .hw_value               = (_channel),                   \
 219        .flags                  = (_flags),                     \
 220        .max_antenna_gain       = 0,                            \
 221        .max_power              = 30,                           \
 222}
 223#define CHAN5G(_channel, _flags) {                              \
 224        .band                   = NL80211_BAND_5GHZ,            \
 225        .center_freq            = 5000 + (5 * (_channel)),      \
 226        .hw_value               = (_channel),                   \
 227        .flags                  = (_flags),                     \
 228        .max_antenna_gain       = 0,                            \
 229        .max_power              = 30,                           \
 230}
 231static struct ieee80211_channel b43_5ghz_nphy_chantable[] = {
 232        CHAN4G(184, 0),         CHAN4G(186, 0),
 233        CHAN4G(188, 0),         CHAN4G(190, 0),
 234        CHAN4G(192, 0),         CHAN4G(194, 0),
 235        CHAN4G(196, 0),         CHAN4G(198, 0),
 236        CHAN4G(200, 0),         CHAN4G(202, 0),
 237        CHAN4G(204, 0),         CHAN4G(206, 0),
 238        CHAN4G(208, 0),         CHAN4G(210, 0),
 239        CHAN4G(212, 0),         CHAN4G(214, 0),
 240        CHAN4G(216, 0),         CHAN4G(218, 0),
 241        CHAN4G(220, 0),         CHAN4G(222, 0),
 242        CHAN4G(224, 0),         CHAN4G(226, 0),
 243        CHAN4G(228, 0),
 244        CHAN5G(32, 0),          CHAN5G(34, 0),
 245        CHAN5G(36, 0),          CHAN5G(38, 0),
 246        CHAN5G(40, 0),          CHAN5G(42, 0),
 247        CHAN5G(44, 0),          CHAN5G(46, 0),
 248        CHAN5G(48, 0),          CHAN5G(50, 0),
 249        CHAN5G(52, 0),          CHAN5G(54, 0),
 250        CHAN5G(56, 0),          CHAN5G(58, 0),
 251        CHAN5G(60, 0),          CHAN5G(62, 0),
 252        CHAN5G(64, 0),          CHAN5G(66, 0),
 253        CHAN5G(68, 0),          CHAN5G(70, 0),
 254        CHAN5G(72, 0),          CHAN5G(74, 0),
 255        CHAN5G(76, 0),          CHAN5G(78, 0),
 256        CHAN5G(80, 0),          CHAN5G(82, 0),
 257        CHAN5G(84, 0),          CHAN5G(86, 0),
 258        CHAN5G(88, 0),          CHAN5G(90, 0),
 259        CHAN5G(92, 0),          CHAN5G(94, 0),
 260        CHAN5G(96, 0),          CHAN5G(98, 0),
 261        CHAN5G(100, 0),         CHAN5G(102, 0),
 262        CHAN5G(104, 0),         CHAN5G(106, 0),
 263        CHAN5G(108, 0),         CHAN5G(110, 0),
 264        CHAN5G(112, 0),         CHAN5G(114, 0),
 265        CHAN5G(116, 0),         CHAN5G(118, 0),
 266        CHAN5G(120, 0),         CHAN5G(122, 0),
 267        CHAN5G(124, 0),         CHAN5G(126, 0),
 268        CHAN5G(128, 0),         CHAN5G(130, 0),
 269        CHAN5G(132, 0),         CHAN5G(134, 0),
 270        CHAN5G(136, 0),         CHAN5G(138, 0),
 271        CHAN5G(140, 0),         CHAN5G(142, 0),
 272        CHAN5G(144, 0),         CHAN5G(145, 0),
 273        CHAN5G(146, 0),         CHAN5G(147, 0),
 274        CHAN5G(148, 0),         CHAN5G(149, 0),
 275        CHAN5G(150, 0),         CHAN5G(151, 0),
 276        CHAN5G(152, 0),         CHAN5G(153, 0),
 277        CHAN5G(154, 0),         CHAN5G(155, 0),
 278        CHAN5G(156, 0),         CHAN5G(157, 0),
 279        CHAN5G(158, 0),         CHAN5G(159, 0),
 280        CHAN5G(160, 0),         CHAN5G(161, 0),
 281        CHAN5G(162, 0),         CHAN5G(163, 0),
 282        CHAN5G(164, 0),         CHAN5G(165, 0),
 283        CHAN5G(166, 0),         CHAN5G(168, 0),
 284        CHAN5G(170, 0),         CHAN5G(172, 0),
 285        CHAN5G(174, 0),         CHAN5G(176, 0),
 286        CHAN5G(178, 0),         CHAN5G(180, 0),
 287        CHAN5G(182, 0),
 288};
 289
 290static struct ieee80211_channel b43_5ghz_nphy_chantable_limited[] = {
 291        CHAN5G(36, 0),          CHAN5G(40, 0),
 292        CHAN5G(44, 0),          CHAN5G(48, 0),
 293        CHAN5G(149, 0),         CHAN5G(153, 0),
 294        CHAN5G(157, 0),         CHAN5G(161, 0),
 295        CHAN5G(165, 0),
 296};
 297
 298static struct ieee80211_channel b43_5ghz_aphy_chantable[] = {
 299        CHAN5G(34, 0),          CHAN5G(36, 0),
 300        CHAN5G(38, 0),          CHAN5G(40, 0),
 301        CHAN5G(42, 0),          CHAN5G(44, 0),
 302        CHAN5G(46, 0),          CHAN5G(48, 0),
 303        CHAN5G(52, 0),          CHAN5G(56, 0),
 304        CHAN5G(60, 0),          CHAN5G(64, 0),
 305        CHAN5G(100, 0),         CHAN5G(104, 0),
 306        CHAN5G(108, 0),         CHAN5G(112, 0),
 307        CHAN5G(116, 0),         CHAN5G(120, 0),
 308        CHAN5G(124, 0),         CHAN5G(128, 0),
 309        CHAN5G(132, 0),         CHAN5G(136, 0),
 310        CHAN5G(140, 0),         CHAN5G(149, 0),
 311        CHAN5G(153, 0),         CHAN5G(157, 0),
 312        CHAN5G(161, 0),         CHAN5G(165, 0),
 313        CHAN5G(184, 0),         CHAN5G(188, 0),
 314        CHAN5G(192, 0),         CHAN5G(196, 0),
 315        CHAN5G(200, 0),         CHAN5G(204, 0),
 316        CHAN5G(208, 0),         CHAN5G(212, 0),
 317        CHAN5G(216, 0),
 318};
 319#undef CHAN4G
 320#undef CHAN5G
 321
 322static struct ieee80211_supported_band b43_band_5GHz_nphy = {
 323        .band           = NL80211_BAND_5GHZ,
 324        .channels       = b43_5ghz_nphy_chantable,
 325        .n_channels     = ARRAY_SIZE(b43_5ghz_nphy_chantable),
 326        .bitrates       = b43_a_ratetable,
 327        .n_bitrates     = b43_a_ratetable_size,
 328};
 329
 330static struct ieee80211_supported_band b43_band_5GHz_nphy_limited = {
 331        .band           = NL80211_BAND_5GHZ,
 332        .channels       = b43_5ghz_nphy_chantable_limited,
 333        .n_channels     = ARRAY_SIZE(b43_5ghz_nphy_chantable_limited),
 334        .bitrates       = b43_a_ratetable,
 335        .n_bitrates     = b43_a_ratetable_size,
 336};
 337
 338static struct ieee80211_supported_band b43_band_5GHz_aphy = {
 339        .band           = NL80211_BAND_5GHZ,
 340        .channels       = b43_5ghz_aphy_chantable,
 341        .n_channels     = ARRAY_SIZE(b43_5ghz_aphy_chantable),
 342        .bitrates       = b43_a_ratetable,
 343        .n_bitrates     = b43_a_ratetable_size,
 344};
 345
 346static struct ieee80211_supported_band b43_band_2GHz = {
 347        .band           = NL80211_BAND_2GHZ,
 348        .channels       = b43_2ghz_chantable,
 349        .n_channels     = ARRAY_SIZE(b43_2ghz_chantable),
 350        .bitrates       = b43_g_ratetable,
 351        .n_bitrates     = b43_g_ratetable_size,
 352};
 353
 354static struct ieee80211_supported_band b43_band_2ghz_limited = {
 355        .band           = NL80211_BAND_2GHZ,
 356        .channels       = b43_2ghz_chantable,
 357        .n_channels     = b43_2ghz_chantable_limited_size,
 358        .bitrates       = b43_g_ratetable,
 359        .n_bitrates     = b43_g_ratetable_size,
 360};
 361
 362static void b43_wireless_core_exit(struct b43_wldev *dev);
 363static int b43_wireless_core_init(struct b43_wldev *dev);
 364static struct b43_wldev * b43_wireless_core_stop(struct b43_wldev *dev);
 365static int b43_wireless_core_start(struct b43_wldev *dev);
 366static void b43_op_bss_info_changed(struct ieee80211_hw *hw,
 367                                    struct ieee80211_vif *vif,
 368                                    struct ieee80211_bss_conf *conf,
 369                                    u32 changed);
 370
 371static int b43_ratelimit(struct b43_wl *wl)
 372{
 373        if (!wl || !wl->current_dev)
 374                return 1;
 375        if (b43_status(wl->current_dev) < B43_STAT_STARTED)
 376                return 1;
 377        /* We are up and running.
 378         * Ratelimit the messages to avoid DoS over the net. */
 379        return net_ratelimit();
 380}
 381
 382void b43info(struct b43_wl *wl, const char *fmt, ...)
 383{
 384        struct va_format vaf;
 385        va_list args;
 386
 387        if (b43_modparam_verbose < B43_VERBOSITY_INFO)
 388                return;
 389        if (!b43_ratelimit(wl))
 390                return;
 391
 392        va_start(args, fmt);
 393
 394        vaf.fmt = fmt;
 395        vaf.va = &args;
 396
 397        printk(KERN_INFO "b43-%s: %pV",
 398               (wl && wl->hw) ? wiphy_name(wl->hw->wiphy) : "wlan", &vaf);
 399
 400        va_end(args);
 401}
 402
 403void b43err(struct b43_wl *wl, const char *fmt, ...)
 404{
 405        struct va_format vaf;
 406        va_list args;
 407
 408        if (b43_modparam_verbose < B43_VERBOSITY_ERROR)
 409                return;
 410        if (!b43_ratelimit(wl))
 411                return;
 412
 413        va_start(args, fmt);
 414
 415        vaf.fmt = fmt;
 416        vaf.va = &args;
 417
 418        printk(KERN_ERR "b43-%s ERROR: %pV",
 419               (wl && wl->hw) ? wiphy_name(wl->hw->wiphy) : "wlan", &vaf);
 420
 421        va_end(args);
 422}
 423
 424void b43warn(struct b43_wl *wl, const char *fmt, ...)
 425{
 426        struct va_format vaf;
 427        va_list args;
 428
 429        if (b43_modparam_verbose < B43_VERBOSITY_WARN)
 430                return;
 431        if (!b43_ratelimit(wl))
 432                return;
 433
 434        va_start(args, fmt);
 435
 436        vaf.fmt = fmt;
 437        vaf.va = &args;
 438
 439        printk(KERN_WARNING "b43-%s warning: %pV",
 440               (wl && wl->hw) ? wiphy_name(wl->hw->wiphy) : "wlan", &vaf);
 441
 442        va_end(args);
 443}
 444
 445void b43dbg(struct b43_wl *wl, const char *fmt, ...)
 446{
 447        struct va_format vaf;
 448        va_list args;
 449
 450        if (b43_modparam_verbose < B43_VERBOSITY_DEBUG)
 451                return;
 452
 453        va_start(args, fmt);
 454
 455        vaf.fmt = fmt;
 456        vaf.va = &args;
 457
 458        printk(KERN_DEBUG "b43-%s debug: %pV",
 459               (wl && wl->hw) ? wiphy_name(wl->hw->wiphy) : "wlan", &vaf);
 460
 461        va_end(args);
 462}
 463
 464static void b43_ram_write(struct b43_wldev *dev, u16 offset, u32 val)
 465{
 466        u32 macctl;
 467
 468        B43_WARN_ON(offset % 4 != 0);
 469
 470        macctl = b43_read32(dev, B43_MMIO_MACCTL);
 471        if (macctl & B43_MACCTL_BE)
 472                val = swab32(val);
 473
 474        b43_write32(dev, B43_MMIO_RAM_CONTROL, offset);
 475        b43_write32(dev, B43_MMIO_RAM_DATA, val);
 476}
 477
 478static inline void b43_shm_control_word(struct b43_wldev *dev,
 479                                        u16 routing, u16 offset)
 480{
 481        u32 control;
 482
 483        /* "offset" is the WORD offset. */
 484        control = routing;
 485        control <<= 16;
 486        control |= offset;
 487        b43_write32(dev, B43_MMIO_SHM_CONTROL, control);
 488}
 489
 490u32 b43_shm_read32(struct b43_wldev *dev, u16 routing, u16 offset)
 491{
 492        u32 ret;
 493
 494        if (routing == B43_SHM_SHARED) {
 495                B43_WARN_ON(offset & 0x0001);
 496                if (offset & 0x0003) {
 497                        /* Unaligned access */
 498                        b43_shm_control_word(dev, routing, offset >> 2);
 499                        ret = b43_read16(dev, B43_MMIO_SHM_DATA_UNALIGNED);
 500                        b43_shm_control_word(dev, routing, (offset >> 2) + 1);
 501                        ret |= ((u32)b43_read16(dev, B43_MMIO_SHM_DATA)) << 16;
 502
 503                        goto out;
 504                }
 505                offset >>= 2;
 506        }
 507        b43_shm_control_word(dev, routing, offset);
 508        ret = b43_read32(dev, B43_MMIO_SHM_DATA);
 509out:
 510        return ret;
 511}
 512
 513u16 b43_shm_read16(struct b43_wldev *dev, u16 routing, u16 offset)
 514{
 515        u16 ret;
 516
 517        if (routing == B43_SHM_SHARED) {
 518                B43_WARN_ON(offset & 0x0001);
 519                if (offset & 0x0003) {
 520                        /* Unaligned access */
 521                        b43_shm_control_word(dev, routing, offset >> 2);
 522                        ret = b43_read16(dev, B43_MMIO_SHM_DATA_UNALIGNED);
 523
 524                        goto out;
 525                }
 526                offset >>= 2;
 527        }
 528        b43_shm_control_word(dev, routing, offset);
 529        ret = b43_read16(dev, B43_MMIO_SHM_DATA);
 530out:
 531        return ret;
 532}
 533
 534void b43_shm_write32(struct b43_wldev *dev, u16 routing, u16 offset, u32 value)
 535{
 536        if (routing == B43_SHM_SHARED) {
 537                B43_WARN_ON(offset & 0x0001);
 538                if (offset & 0x0003) {
 539                        /* Unaligned access */
 540                        b43_shm_control_word(dev, routing, offset >> 2);
 541                        b43_write16(dev, B43_MMIO_SHM_DATA_UNALIGNED,
 542                                    value & 0xFFFF);
 543                        b43_shm_control_word(dev, routing, (offset >> 2) + 1);
 544                        b43_write16(dev, B43_MMIO_SHM_DATA,
 545                                    (value >> 16) & 0xFFFF);
 546                        return;
 547                }
 548                offset >>= 2;
 549        }
 550        b43_shm_control_word(dev, routing, offset);
 551        b43_write32(dev, B43_MMIO_SHM_DATA, value);
 552}
 553
 554void b43_shm_write16(struct b43_wldev *dev, u16 routing, u16 offset, u16 value)
 555{
 556        if (routing == B43_SHM_SHARED) {
 557                B43_WARN_ON(offset & 0x0001);
 558                if (offset & 0x0003) {
 559                        /* Unaligned access */
 560                        b43_shm_control_word(dev, routing, offset >> 2);
 561                        b43_write16(dev, B43_MMIO_SHM_DATA_UNALIGNED, value);
 562                        return;
 563                }
 564                offset >>= 2;
 565        }
 566        b43_shm_control_word(dev, routing, offset);
 567        b43_write16(dev, B43_MMIO_SHM_DATA, value);
 568}
 569
 570/* Read HostFlags */
 571u64 b43_hf_read(struct b43_wldev *dev)
 572{
 573        u64 ret;
 574
 575        ret = b43_shm_read16(dev, B43_SHM_SHARED, B43_SHM_SH_HOSTF3);
 576        ret <<= 16;
 577        ret |= b43_shm_read16(dev, B43_SHM_SHARED, B43_SHM_SH_HOSTF2);
 578        ret <<= 16;
 579        ret |= b43_shm_read16(dev, B43_SHM_SHARED, B43_SHM_SH_HOSTF1);
 580
 581        return ret;
 582}
 583
 584/* Write HostFlags */
 585void b43_hf_write(struct b43_wldev *dev, u64 value)
 586{
 587        u16 lo, mi, hi;
 588
 589        lo = (value & 0x00000000FFFFULL);
 590        mi = (value & 0x0000FFFF0000ULL) >> 16;
 591        hi = (value & 0xFFFF00000000ULL) >> 32;
 592        b43_shm_write16(dev, B43_SHM_SHARED, B43_SHM_SH_HOSTF1, lo);
 593        b43_shm_write16(dev, B43_SHM_SHARED, B43_SHM_SH_HOSTF2, mi);
 594        b43_shm_write16(dev, B43_SHM_SHARED, B43_SHM_SH_HOSTF3, hi);
 595}
 596
 597/* Read the firmware capabilities bitmask (Opensource firmware only) */
 598static u16 b43_fwcapa_read(struct b43_wldev *dev)
 599{
 600        B43_WARN_ON(!dev->fw.opensource);
 601        return b43_shm_read16(dev, B43_SHM_SHARED, B43_SHM_SH_FWCAPA);
 602}
 603
 604void b43_tsf_read(struct b43_wldev *dev, u64 *tsf)
 605{
 606        u32 low, high;
 607
 608        B43_WARN_ON(dev->dev->core_rev < 3);
 609
 610        /* The hardware guarantees us an atomic read, if we
 611         * read the low register first. */
 612        low = b43_read32(dev, B43_MMIO_REV3PLUS_TSF_LOW);
 613        high = b43_read32(dev, B43_MMIO_REV3PLUS_TSF_HIGH);
 614
 615        *tsf = high;
 616        *tsf <<= 32;
 617        *tsf |= low;
 618}
 619
 620static void b43_time_lock(struct b43_wldev *dev)
 621{
 622        b43_maskset32(dev, B43_MMIO_MACCTL, ~0, B43_MACCTL_TBTTHOLD);
 623        /* Commit the write */
 624        b43_read32(dev, B43_MMIO_MACCTL);
 625}
 626
 627static void b43_time_unlock(struct b43_wldev *dev)
 628{
 629        b43_maskset32(dev, B43_MMIO_MACCTL, ~B43_MACCTL_TBTTHOLD, 0);
 630        /* Commit the write */
 631        b43_read32(dev, B43_MMIO_MACCTL);
 632}
 633
 634static void b43_tsf_write_locked(struct b43_wldev *dev, u64 tsf)
 635{
 636        u32 low, high;
 637
 638        B43_WARN_ON(dev->dev->core_rev < 3);
 639
 640        low = tsf;
 641        high = (tsf >> 32);
 642        /* The hardware guarantees us an atomic write, if we
 643         * write the low register first. */
 644        b43_write32(dev, B43_MMIO_REV3PLUS_TSF_LOW, low);
 645        b43_write32(dev, B43_MMIO_REV3PLUS_TSF_HIGH, high);
 646}
 647
 648void b43_tsf_write(struct b43_wldev *dev, u64 tsf)
 649{
 650        b43_time_lock(dev);
 651        b43_tsf_write_locked(dev, tsf);
 652        b43_time_unlock(dev);
 653}
 654
 655static
 656void b43_macfilter_set(struct b43_wldev *dev, u16 offset, const u8 *mac)
 657{
 658        static const u8 zero_addr[ETH_ALEN] = { 0 };
 659        u16 data;
 660
 661        if (!mac)
 662                mac = zero_addr;
 663
 664        offset |= 0x0020;
 665        b43_write16(dev, B43_MMIO_MACFILTER_CONTROL, offset);
 666
 667        data = mac[0];
 668        data |= mac[1] << 8;
 669        b43_write16(dev, B43_MMIO_MACFILTER_DATA, data);
 670        data = mac[2];
 671        data |= mac[3] << 8;
 672        b43_write16(dev, B43_MMIO_MACFILTER_DATA, data);
 673        data = mac[4];
 674        data |= mac[5] << 8;
 675        b43_write16(dev, B43_MMIO_MACFILTER_DATA, data);
 676}
 677
 678static void b43_write_mac_bssid_templates(struct b43_wldev *dev)
 679{
 680        const u8 *mac;
 681        const u8 *bssid;
 682        u8 mac_bssid[ETH_ALEN * 2];
 683        int i;
 684        u32 tmp;
 685
 686        bssid = dev->wl->bssid;
 687        mac = dev->wl->mac_addr;
 688
 689        b43_macfilter_set(dev, B43_MACFILTER_BSSID, bssid);
 690
 691        memcpy(mac_bssid, mac, ETH_ALEN);
 692        memcpy(mac_bssid + ETH_ALEN, bssid, ETH_ALEN);
 693
 694        /* Write our MAC address and BSSID to template ram */
 695        for (i = 0; i < ARRAY_SIZE(mac_bssid); i += sizeof(u32)) {
 696                tmp = (u32) (mac_bssid[i + 0]);
 697                tmp |= (u32) (mac_bssid[i + 1]) << 8;
 698                tmp |= (u32) (mac_bssid[i + 2]) << 16;
 699                tmp |= (u32) (mac_bssid[i + 3]) << 24;
 700                b43_ram_write(dev, 0x20 + i, tmp);
 701        }
 702}
 703
 704static void b43_upload_card_macaddress(struct b43_wldev *dev)
 705{
 706        b43_write_mac_bssid_templates(dev);
 707        b43_macfilter_set(dev, B43_MACFILTER_SELF, dev->wl->mac_addr);
 708}
 709
 710static void b43_set_slot_time(struct b43_wldev *dev, u16 slot_time)
 711{
 712        /* slot_time is in usec. */
 713        /* This test used to exit for all but a G PHY. */
 714        if (b43_current_band(dev->wl) == NL80211_BAND_5GHZ)
 715                return;
 716        b43_write16(dev, B43_MMIO_IFSSLOT, 510 + slot_time);
 717        /* Shared memory location 0x0010 is the slot time and should be
 718         * set to slot_time; however, this register is initially 0 and changing
 719         * the value adversely affects the transmit rate for BCM4311
 720         * devices. Until this behavior is unterstood, delete this step
 721         *
 722         * b43_shm_write16(dev, B43_SHM_SHARED, 0x0010, slot_time);
 723         */
 724}
 725
 726static void b43_short_slot_timing_enable(struct b43_wldev *dev)
 727{
 728        b43_set_slot_time(dev, 9);
 729}
 730
 731static void b43_short_slot_timing_disable(struct b43_wldev *dev)
 732{
 733        b43_set_slot_time(dev, 20);
 734}
 735
 736/* DummyTransmission function, as documented on
 737 * https://bcm-v4.sipsolutions.net/802.11/DummyTransmission
 738 */
 739void b43_dummy_transmission(struct b43_wldev *dev, bool ofdm, bool pa_on)
 740{
 741        struct b43_phy *phy = &dev->phy;
 742        unsigned int i, max_loop;
 743        u16 value;
 744        u32 buffer[5] = {
 745                0x00000000,
 746                0x00D40000,
 747                0x00000000,
 748                0x01000000,
 749                0x00000000,
 750        };
 751
 752        if (ofdm) {
 753                max_loop = 0x1E;
 754                buffer[0] = 0x000201CC;
 755        } else {
 756                max_loop = 0xFA;
 757                buffer[0] = 0x000B846E;
 758        }
 759
 760        for (i = 0; i < 5; i++)
 761                b43_ram_write(dev, i * 4, buffer[i]);
 762
 763        b43_write16(dev, B43_MMIO_XMTSEL, 0x0000);
 764
 765        if (dev->dev->core_rev < 11)
 766                b43_write16(dev, B43_MMIO_WEPCTL, 0x0000);
 767        else
 768                b43_write16(dev, B43_MMIO_WEPCTL, 0x0100);
 769
 770        value = (ofdm ? 0x41 : 0x40);
 771        b43_write16(dev, B43_MMIO_TXE0_PHYCTL, value);
 772        if (phy->type == B43_PHYTYPE_N || phy->type == B43_PHYTYPE_LP ||
 773            phy->type == B43_PHYTYPE_LCN)
 774                b43_write16(dev, B43_MMIO_TXE0_PHYCTL1, 0x1A02);
 775
 776        b43_write16(dev, B43_MMIO_TXE0_WM_0, 0x0000);
 777        b43_write16(dev, B43_MMIO_TXE0_WM_1, 0x0000);
 778
 779        b43_write16(dev, B43_MMIO_XMTTPLATETXPTR, 0x0000);
 780        b43_write16(dev, B43_MMIO_XMTTXCNT, 0x0014);
 781        b43_write16(dev, B43_MMIO_XMTSEL, 0x0826);
 782        b43_write16(dev, B43_MMIO_TXE0_CTL, 0x0000);
 783
 784        if (!pa_on && phy->type == B43_PHYTYPE_N) {
 785                ; /*b43_nphy_pa_override(dev, false) */
 786        }
 787
 788        switch (phy->type) {
 789        case B43_PHYTYPE_N:
 790        case B43_PHYTYPE_LCN:
 791                b43_write16(dev, B43_MMIO_TXE0_AUX, 0x00D0);
 792                break;
 793        case B43_PHYTYPE_LP:
 794                b43_write16(dev, B43_MMIO_TXE0_AUX, 0x0050);
 795                break;
 796        default:
 797                b43_write16(dev, B43_MMIO_TXE0_AUX, 0x0030);
 798        }
 799        b43_read16(dev, B43_MMIO_TXE0_AUX);
 800
 801        if (phy->radio_ver == 0x2050 && phy->radio_rev <= 0x5)
 802                b43_radio_write16(dev, 0x0051, 0x0017);
 803        for (i = 0x00; i < max_loop; i++) {
 804                value = b43_read16(dev, B43_MMIO_TXE0_STATUS);
 805                if (value & 0x0080)
 806                        break;
 807                udelay(10);
 808        }
 809        for (i = 0x00; i < 0x0A; i++) {
 810                value = b43_read16(dev, B43_MMIO_TXE0_STATUS);
 811                if (value & 0x0400)
 812                        break;
 813                udelay(10);
 814        }
 815        for (i = 0x00; i < 0x19; i++) {
 816                value = b43_read16(dev, B43_MMIO_IFSSTAT);
 817                if (!(value & 0x0100))
 818                        break;
 819                udelay(10);
 820        }
 821        if (phy->radio_ver == 0x2050 && phy->radio_rev <= 0x5)
 822                b43_radio_write16(dev, 0x0051, 0x0037);
 823}
 824
 825static void key_write(struct b43_wldev *dev,
 826                      u8 index, u8 algorithm, const u8 *key)
 827{
 828        unsigned int i;
 829        u32 offset;
 830        u16 value;
 831        u16 kidx;
 832
 833        /* Key index/algo block */
 834        kidx = b43_kidx_to_fw(dev, index);
 835        value = ((kidx << 4) | algorithm);
 836        b43_shm_write16(dev, B43_SHM_SHARED,
 837                        B43_SHM_SH_KEYIDXBLOCK + (kidx * 2), value);
 838
 839        /* Write the key to the Key Table Pointer offset */
 840        offset = dev->ktp + (index * B43_SEC_KEYSIZE);
 841        for (i = 0; i < B43_SEC_KEYSIZE; i += 2) {
 842                value = key[i];
 843                value |= (u16) (key[i + 1]) << 8;
 844                b43_shm_write16(dev, B43_SHM_SHARED, offset + i, value);
 845        }
 846}
 847
 848static void keymac_write(struct b43_wldev *dev, u8 index, const u8 *addr)
 849{
 850        u32 addrtmp[2] = { 0, 0, };
 851        u8 pairwise_keys_start = B43_NR_GROUP_KEYS * 2;
 852
 853        if (b43_new_kidx_api(dev))
 854                pairwise_keys_start = B43_NR_GROUP_KEYS;
 855
 856        B43_WARN_ON(index < pairwise_keys_start);
 857        /* We have four default TX keys and possibly four default RX keys.
 858         * Physical mac 0 is mapped to physical key 4 or 8, depending
 859         * on the firmware version.
 860         * So we must adjust the index here.
 861         */
 862        index -= pairwise_keys_start;
 863        B43_WARN_ON(index >= B43_NR_PAIRWISE_KEYS);
 864
 865        if (addr) {
 866                addrtmp[0] = addr[0];
 867                addrtmp[0] |= ((u32) (addr[1]) << 8);
 868                addrtmp[0] |= ((u32) (addr[2]) << 16);
 869                addrtmp[0] |= ((u32) (addr[3]) << 24);
 870                addrtmp[1] = addr[4];
 871                addrtmp[1] |= ((u32) (addr[5]) << 8);
 872        }
 873
 874        /* Receive match transmitter address (RCMTA) mechanism */
 875        b43_shm_write32(dev, B43_SHM_RCMTA,
 876                        (index * 2) + 0, addrtmp[0]);
 877        b43_shm_write16(dev, B43_SHM_RCMTA,
 878                        (index * 2) + 1, addrtmp[1]);
 879}
 880
 881/* The ucode will use phase1 key with TEK key to decrypt rx packets.
 882 * When a packet is received, the iv32 is checked.
 883 * - if it doesn't the packet is returned without modification (and software
 884 *   decryption can be done). That's what happen when iv16 wrap.
 885 * - if it does, the rc4 key is computed, and decryption is tried.
 886 *   Either it will success and B43_RX_MAC_DEC is returned,
 887 *   either it fails and B43_RX_MAC_DEC|B43_RX_MAC_DECERR is returned
 888 *   and the packet is not usable (it got modified by the ucode).
 889 * So in order to never have B43_RX_MAC_DECERR, we should provide
 890 * a iv32 and phase1key that match. Because we drop packets in case of
 891 * B43_RX_MAC_DECERR, if we have a correct iv32 but a wrong phase1key, all
 892 * packets will be lost without higher layer knowing (ie no resync possible
 893 * until next wrap).
 894 *
 895 * NOTE : this should support 50 key like RCMTA because
 896 * (B43_SHM_SH_KEYIDXBLOCK - B43_SHM_SH_TKIPTSCTTAK)/14 = 50
 897 */
 898static void rx_tkip_phase1_write(struct b43_wldev *dev, u8 index, u32 iv32,
 899                u16 *phase1key)
 900{
 901        unsigned int i;
 902        u32 offset;
 903        u8 pairwise_keys_start = B43_NR_GROUP_KEYS * 2;
 904
 905        if (!modparam_hwtkip)
 906                return;
 907
 908        if (b43_new_kidx_api(dev))
 909                pairwise_keys_start = B43_NR_GROUP_KEYS;
 910
 911        B43_WARN_ON(index < pairwise_keys_start);
 912        /* We have four default TX keys and possibly four default RX keys.
 913         * Physical mac 0 is mapped to physical key 4 or 8, depending
 914         * on the firmware version.
 915         * So we must adjust the index here.
 916         */
 917        index -= pairwise_keys_start;
 918        B43_WARN_ON(index >= B43_NR_PAIRWISE_KEYS);
 919
 920        if (b43_debug(dev, B43_DBG_KEYS)) {
 921                b43dbg(dev->wl, "rx_tkip_phase1_write : idx 0x%x, iv32 0x%x\n",
 922                                index, iv32);
 923        }
 924        /* Write the key to the  RX tkip shared mem */
 925        offset = B43_SHM_SH_TKIPTSCTTAK + index * (10 + 4);
 926        for (i = 0; i < 10; i += 2) {
 927                b43_shm_write16(dev, B43_SHM_SHARED, offset + i,
 928                                phase1key ? phase1key[i / 2] : 0);
 929        }
 930        b43_shm_write16(dev, B43_SHM_SHARED, offset + i, iv32);
 931        b43_shm_write16(dev, B43_SHM_SHARED, offset + i + 2, iv32 >> 16);
 932}
 933
 934static void b43_op_update_tkip_key(struct ieee80211_hw *hw,
 935                                   struct ieee80211_vif *vif,
 936                                   struct ieee80211_key_conf *keyconf,
 937                                   struct ieee80211_sta *sta,
 938                                   u32 iv32, u16 *phase1key)
 939{
 940        struct b43_wl *wl = hw_to_b43_wl(hw);
 941        struct b43_wldev *dev;
 942        int index = keyconf->hw_key_idx;
 943
 944        if (B43_WARN_ON(!modparam_hwtkip))
 945                return;
 946
 947        /* This is only called from the RX path through mac80211, where
 948         * our mutex is already locked. */
 949        B43_WARN_ON(!mutex_is_locked(&wl->mutex));
 950        dev = wl->current_dev;
 951        B43_WARN_ON(!dev || b43_status(dev) < B43_STAT_INITIALIZED);
 952
 953        keymac_write(dev, index, NULL); /* First zero out mac to avoid race */
 954
 955        rx_tkip_phase1_write(dev, index, iv32, phase1key);
 956        /* only pairwise TKIP keys are supported right now */
 957        if (WARN_ON(!sta))
 958                return;
 959        keymac_write(dev, index, sta->addr);
 960}
 961
 962static void do_key_write(struct b43_wldev *dev,
 963                         u8 index, u8 algorithm,
 964                         const u8 *key, size_t key_len, const u8 *mac_addr)
 965{
 966        u8 buf[B43_SEC_KEYSIZE] = { 0, };
 967        u8 pairwise_keys_start = B43_NR_GROUP_KEYS * 2;
 968
 969        if (b43_new_kidx_api(dev))
 970                pairwise_keys_start = B43_NR_GROUP_KEYS;
 971
 972        B43_WARN_ON(index >= ARRAY_SIZE(dev->key));
 973        B43_WARN_ON(key_len > B43_SEC_KEYSIZE);
 974
 975        if (index >= pairwise_keys_start)
 976                keymac_write(dev, index, NULL); /* First zero out mac. */
 977        if (algorithm == B43_SEC_ALGO_TKIP) {
 978                /*
 979                 * We should provide an initial iv32, phase1key pair.
 980                 * We could start with iv32=0 and compute the corresponding
 981                 * phase1key, but this means calling ieee80211_get_tkip_key
 982                 * with a fake skb (or export other tkip function).
 983                 * Because we are lazy we hope iv32 won't start with
 984                 * 0xffffffff and let's b43_op_update_tkip_key provide a
 985                 * correct pair.
 986                 */
 987                rx_tkip_phase1_write(dev, index, 0xffffffff, (u16*)buf);
 988        } else if (index >= pairwise_keys_start) /* clear it */
 989                rx_tkip_phase1_write(dev, index, 0, NULL);
 990        if (key)
 991                memcpy(buf, key, key_len);
 992        key_write(dev, index, algorithm, buf);
 993        if (index >= pairwise_keys_start)
 994                keymac_write(dev, index, mac_addr);
 995
 996        dev->key[index].algorithm = algorithm;
 997}
 998
 999static int b43_key_write(struct b43_wldev *dev,
1000                         int index, u8 algorithm,
1001                         const u8 *key, size_t key_len,
1002                         const u8 *mac_addr,
1003                         struct ieee80211_key_conf *keyconf)
1004{
1005        int i;
1006        int pairwise_keys_start;
1007
1008        /* For ALG_TKIP the key is encoded as a 256-bit (32 byte) data block:
1009         *      - Temporal Encryption Key (128 bits)
1010         *      - Temporal Authenticator Tx MIC Key (64 bits)
1011         *      - Temporal Authenticator Rx MIC Key (64 bits)
1012         *
1013         *      Hardware only store TEK
1014         */
1015        if (algorithm == B43_SEC_ALGO_TKIP && key_len == 32)
1016                key_len = 16;
1017        if (key_len > B43_SEC_KEYSIZE)
1018                return -EINVAL;
1019        for (i = 0; i < ARRAY_SIZE(dev->key); i++) {
1020                /* Check that we don't already have this key. */
1021                B43_WARN_ON(dev->key[i].keyconf == keyconf);
1022        }
1023        if (index < 0) {
1024                /* Pairwise key. Get an empty slot for the key. */
1025                if (b43_new_kidx_api(dev))
1026                        pairwise_keys_start = B43_NR_GROUP_KEYS;
1027                else
1028                        pairwise_keys_start = B43_NR_GROUP_KEYS * 2;
1029                for (i = pairwise_keys_start;
1030                     i < pairwise_keys_start + B43_NR_PAIRWISE_KEYS;
1031                     i++) {
1032                        B43_WARN_ON(i >= ARRAY_SIZE(dev->key));
1033                        if (!dev->key[i].keyconf) {
1034                                /* found empty */
1035                                index = i;
1036                                break;
1037                        }
1038                }
1039                if (index < 0) {
1040                        b43warn(dev->wl, "Out of hardware key memory\n");
1041                        return -ENOSPC;
1042                }
1043        } else
1044                B43_WARN_ON(index > 3);
1045
1046        do_key_write(dev, index, algorithm, key, key_len, mac_addr);
1047        if ((index <= 3) && !b43_new_kidx_api(dev)) {
1048                /* Default RX key */
1049                B43_WARN_ON(mac_addr);
1050                do_key_write(dev, index + 4, algorithm, key, key_len, NULL);
1051        }
1052        keyconf->hw_key_idx = index;
1053        dev->key[index].keyconf = keyconf;
1054
1055        return 0;
1056}
1057
1058static int b43_key_clear(struct b43_wldev *dev, int index)
1059{
1060        if (B43_WARN_ON((index < 0) || (index >= ARRAY_SIZE(dev->key))))
1061                return -EINVAL;
1062        do_key_write(dev, index, B43_SEC_ALGO_NONE,
1063                     NULL, B43_SEC_KEYSIZE, NULL);
1064        if ((index <= 3) && !b43_new_kidx_api(dev)) {
1065                do_key_write(dev, index + 4, B43_SEC_ALGO_NONE,
1066                             NULL, B43_SEC_KEYSIZE, NULL);
1067        }
1068        dev->key[index].keyconf = NULL;
1069
1070        return 0;
1071}
1072
1073static void b43_clear_keys(struct b43_wldev *dev)
1074{
1075        int i, count;
1076
1077        if (b43_new_kidx_api(dev))
1078                count = B43_NR_GROUP_KEYS + B43_NR_PAIRWISE_KEYS;
1079        else
1080                count = B43_NR_GROUP_KEYS * 2 + B43_NR_PAIRWISE_KEYS;
1081        for (i = 0; i < count; i++)
1082                b43_key_clear(dev, i);
1083}
1084
1085static void b43_dump_keymemory(struct b43_wldev *dev)
1086{
1087        unsigned int i, index, count, offset, pairwise_keys_start;
1088        u8 mac[ETH_ALEN];
1089        u16 algo;
1090        u32 rcmta0;
1091        u16 rcmta1;
1092        u64 hf;
1093        struct b43_key *key;
1094
1095        if (!b43_debug(dev, B43_DBG_KEYS))
1096                return;
1097
1098        hf = b43_hf_read(dev);
1099        b43dbg(dev->wl, "Hardware key memory dump:  USEDEFKEYS=%u\n",
1100               !!(hf & B43_HF_USEDEFKEYS));
1101        if (b43_new_kidx_api(dev)) {
1102                pairwise_keys_start = B43_NR_GROUP_KEYS;
1103                count = B43_NR_GROUP_KEYS + B43_NR_PAIRWISE_KEYS;
1104        } else {
1105                pairwise_keys_start = B43_NR_GROUP_KEYS * 2;
1106                count = B43_NR_GROUP_KEYS * 2 + B43_NR_PAIRWISE_KEYS;
1107        }
1108        for (index = 0; index < count; index++) {
1109                key = &(dev->key[index]);
1110                printk(KERN_DEBUG "Key slot %02u: %s",
1111                       index, (key->keyconf == NULL) ? " " : "*");
1112                offset = dev->ktp + (index * B43_SEC_KEYSIZE);
1113                for (i = 0; i < B43_SEC_KEYSIZE; i += 2) {
1114                        u16 tmp = b43_shm_read16(dev, B43_SHM_SHARED, offset + i);
1115                        printk("%02X%02X", (tmp & 0xFF), ((tmp >> 8) & 0xFF));
1116                }
1117
1118                algo = b43_shm_read16(dev, B43_SHM_SHARED,
1119                                      B43_SHM_SH_KEYIDXBLOCK + (index * 2));
1120                printk("   Algo: %04X/%02X", algo, key->algorithm);
1121
1122                if (index >= pairwise_keys_start) {
1123                        if (key->algorithm == B43_SEC_ALGO_TKIP) {
1124                                printk("   TKIP: ");
1125                                offset = B43_SHM_SH_TKIPTSCTTAK + (index - 4) * (10 + 4);
1126                                for (i = 0; i < 14; i += 2) {
1127                                        u16 tmp = b43_shm_read16(dev, B43_SHM_SHARED, offset + i);
1128                                        printk("%02X%02X", (tmp & 0xFF), ((tmp >> 8) & 0xFF));
1129                                }
1130                        }
1131                        rcmta0 = b43_shm_read32(dev, B43_SHM_RCMTA,
1132                                                ((index - pairwise_keys_start) * 2) + 0);
1133                        rcmta1 = b43_shm_read16(dev, B43_SHM_RCMTA,
1134                                                ((index - pairwise_keys_start) * 2) + 1);
1135                        *((__le32 *)(&mac[0])) = cpu_to_le32(rcmta0);
1136                        *((__le16 *)(&mac[4])) = cpu_to_le16(rcmta1);
1137                        printk("   MAC: %pM", mac);
1138                } else
1139                        printk("   DEFAULT KEY");
1140                printk("\n");
1141        }
1142}
1143
1144void b43_power_saving_ctl_bits(struct b43_wldev *dev, unsigned int ps_flags)
1145{
1146        u32 macctl;
1147        u16 ucstat;
1148        bool hwps;
1149        bool awake;
1150        int i;
1151
1152        B43_WARN_ON((ps_flags & B43_PS_ENABLED) &&
1153                    (ps_flags & B43_PS_DISABLED));
1154        B43_WARN_ON((ps_flags & B43_PS_AWAKE) && (ps_flags & B43_PS_ASLEEP));
1155
1156        if (ps_flags & B43_PS_ENABLED) {
1157                hwps = true;
1158        } else if (ps_flags & B43_PS_DISABLED) {
1159                hwps = false;
1160        } else {
1161                //TODO: If powersave is not off and FIXME is not set and we are not in adhoc
1162                //      and thus is not an AP and we are associated, set bit 25
1163        }
1164        if (ps_flags & B43_PS_AWAKE) {
1165                awake = true;
1166        } else if (ps_flags & B43_PS_ASLEEP) {
1167                awake = false;
1168        } else {
1169                //TODO: If the device is awake or this is an AP, or we are scanning, or FIXME,
1170                //      or we are associated, or FIXME, or the latest PS-Poll packet sent was
1171                //      successful, set bit26
1172        }
1173
1174/* FIXME: For now we force awake-on and hwps-off */
1175        hwps = false;
1176        awake = true;
1177
1178        macctl = b43_read32(dev, B43_MMIO_MACCTL);
1179        if (hwps)
1180                macctl |= B43_MACCTL_HWPS;
1181        else
1182                macctl &= ~B43_MACCTL_HWPS;
1183        if (awake)
1184                macctl |= B43_MACCTL_AWAKE;
1185        else
1186                macctl &= ~B43_MACCTL_AWAKE;
1187        b43_write32(dev, B43_MMIO_MACCTL, macctl);
1188        /* Commit write */
1189        b43_read32(dev, B43_MMIO_MACCTL);
1190        if (awake && dev->dev->core_rev >= 5) {
1191                /* Wait for the microcode to wake up. */
1192                for (i = 0; i < 100; i++) {
1193                        ucstat = b43_shm_read16(dev, B43_SHM_SHARED,
1194                                                B43_SHM_SH_UCODESTAT);
1195                        if (ucstat != B43_SHM_SH_UCODESTAT_SLEEP)
1196                                break;
1197                        udelay(10);
1198                }
1199        }
1200}
1201
1202/* https://bcm-v4.sipsolutions.net/802.11/PHY/BmacCorePllReset */
1203void b43_wireless_core_phy_pll_reset(struct b43_wldev *dev)
1204{
1205        struct bcma_drv_cc *bcma_cc __maybe_unused;
1206        struct ssb_chipcommon *ssb_cc __maybe_unused;
1207
1208        switch (dev->dev->bus_type) {
1209#ifdef CONFIG_B43_BCMA
1210        case B43_BUS_BCMA:
1211                bcma_cc = &dev->dev->bdev->bus->drv_cc;
1212
1213                bcma_cc_write32(bcma_cc, BCMA_CC_PMU_CHIPCTL_ADDR, 0);
1214                bcma_cc_mask32(bcma_cc, BCMA_CC_PMU_CHIPCTL_DATA, ~0x4);
1215                bcma_cc_set32(bcma_cc, BCMA_CC_PMU_CHIPCTL_DATA, 0x4);
1216                bcma_cc_mask32(bcma_cc, BCMA_CC_PMU_CHIPCTL_DATA, ~0x4);
1217                break;
1218#endif
1219#ifdef CONFIG_B43_SSB
1220        case B43_BUS_SSB:
1221                ssb_cc = &dev->dev->sdev->bus->chipco;
1222
1223                chipco_write32(ssb_cc, SSB_CHIPCO_CHIPCTL_ADDR, 0);
1224                chipco_mask32(ssb_cc, SSB_CHIPCO_CHIPCTL_DATA, ~0x4);
1225                chipco_set32(ssb_cc, SSB_CHIPCO_CHIPCTL_DATA, 0x4);
1226                chipco_mask32(ssb_cc, SSB_CHIPCO_CHIPCTL_DATA, ~0x4);
1227                break;
1228#endif
1229        }
1230}
1231
1232#ifdef CONFIG_B43_BCMA
1233static void b43_bcma_phy_reset(struct b43_wldev *dev)
1234{
1235        u32 flags;
1236
1237        /* Put PHY into reset */
1238        flags = bcma_aread32(dev->dev->bdev, BCMA_IOCTL);
1239        flags |= B43_BCMA_IOCTL_PHY_RESET;
1240        flags |= B43_BCMA_IOCTL_PHY_BW_20MHZ; /* Make 20 MHz def */
1241        bcma_awrite32(dev->dev->bdev, BCMA_IOCTL, flags);
1242        udelay(2);
1243
1244        b43_phy_take_out_of_reset(dev);
1245}
1246
1247static void b43_bcma_wireless_core_reset(struct b43_wldev *dev, bool gmode)
1248{
1249        u32 req = B43_BCMA_CLKCTLST_80211_PLL_REQ |
1250                  B43_BCMA_CLKCTLST_PHY_PLL_REQ;
1251        u32 status = B43_BCMA_CLKCTLST_80211_PLL_ST |
1252                     B43_BCMA_CLKCTLST_PHY_PLL_ST;
1253        u32 flags;
1254
1255        flags = B43_BCMA_IOCTL_PHY_CLKEN;
1256        if (gmode)
1257                flags |= B43_BCMA_IOCTL_GMODE;
1258        b43_device_enable(dev, flags);
1259
1260        if (dev->phy.type == B43_PHYTYPE_AC) {
1261                u16 tmp;
1262
1263                tmp = bcma_aread32(dev->dev->bdev, BCMA_IOCTL);
1264                tmp &= ~B43_BCMA_IOCTL_DAC;
1265                tmp |= 0x100;
1266                bcma_awrite32(dev->dev->bdev, BCMA_IOCTL, tmp);
1267
1268                tmp = bcma_aread32(dev->dev->bdev, BCMA_IOCTL);
1269                tmp &= ~B43_BCMA_IOCTL_PHY_CLKEN;
1270                bcma_awrite32(dev->dev->bdev, BCMA_IOCTL, tmp);
1271
1272                tmp = bcma_aread32(dev->dev->bdev, BCMA_IOCTL);
1273                tmp |= B43_BCMA_IOCTL_PHY_CLKEN;
1274                bcma_awrite32(dev->dev->bdev, BCMA_IOCTL, tmp);
1275        }
1276
1277        bcma_core_set_clockmode(dev->dev->bdev, BCMA_CLKMODE_FAST);
1278        b43_bcma_phy_reset(dev);
1279        bcma_core_pll_ctl(dev->dev->bdev, req, status, true);
1280}
1281#endif
1282
1283#ifdef CONFIG_B43_SSB
1284static void b43_ssb_wireless_core_reset(struct b43_wldev *dev, bool gmode)
1285{
1286        u32 flags = 0;
1287
1288        if (gmode)
1289                flags |= B43_TMSLOW_GMODE;
1290        flags |= B43_TMSLOW_PHYCLKEN;
1291        flags |= B43_TMSLOW_PHYRESET;
1292        if (dev->phy.type == B43_PHYTYPE_N)
1293                flags |= B43_TMSLOW_PHY_BANDWIDTH_20MHZ; /* Make 20 MHz def */
1294        b43_device_enable(dev, flags);
1295        msleep(2);              /* Wait for the PLL to turn on. */
1296
1297        b43_phy_take_out_of_reset(dev);
1298}
1299#endif
1300
1301void b43_wireless_core_reset(struct b43_wldev *dev, bool gmode)
1302{
1303        u32 macctl;
1304
1305        switch (dev->dev->bus_type) {
1306#ifdef CONFIG_B43_BCMA
1307        case B43_BUS_BCMA:
1308                b43_bcma_wireless_core_reset(dev, gmode);
1309                break;
1310#endif
1311#ifdef CONFIG_B43_SSB
1312        case B43_BUS_SSB:
1313                b43_ssb_wireless_core_reset(dev, gmode);
1314                break;
1315#endif
1316        }
1317
1318        /* Turn Analog ON, but only if we already know the PHY-type.
1319         * This protects against very early setup where we don't know the
1320         * PHY-type, yet. wireless_core_reset will be called once again later,
1321         * when we know the PHY-type. */
1322        if (dev->phy.ops)
1323                dev->phy.ops->switch_analog(dev, 1);
1324
1325        macctl = b43_read32(dev, B43_MMIO_MACCTL);
1326        macctl &= ~B43_MACCTL_GMODE;
1327        if (gmode)
1328                macctl |= B43_MACCTL_GMODE;
1329        macctl |= B43_MACCTL_IHR_ENABLED;
1330        b43_write32(dev, B43_MMIO_MACCTL, macctl);
1331}
1332
1333static void handle_irq_transmit_status(struct b43_wldev *dev)
1334{
1335        u32 v0, v1;
1336        u16 tmp;
1337        struct b43_txstatus stat;
1338
1339        while (1) {
1340                v0 = b43_read32(dev, B43_MMIO_XMITSTAT_0);
1341                if (!(v0 & 0x00000001))
1342                        break;
1343                v1 = b43_read32(dev, B43_MMIO_XMITSTAT_1);
1344
1345                stat.cookie = (v0 >> 16);
1346                stat.seq = (v1 & 0x0000FFFF);
1347                stat.phy_stat = ((v1 & 0x00FF0000) >> 16);
1348                tmp = (v0 & 0x0000FFFF);
1349                stat.frame_count = ((tmp & 0xF000) >> 12);
1350                stat.rts_count = ((tmp & 0x0F00) >> 8);
1351                stat.supp_reason = ((tmp & 0x001C) >> 2);
1352                stat.pm_indicated = !!(tmp & 0x0080);
1353                stat.intermediate = !!(tmp & 0x0040);
1354                stat.for_ampdu = !!(tmp & 0x0020);
1355                stat.acked = !!(tmp & 0x0002);
1356
1357                b43_handle_txstatus(dev, &stat);
1358        }
1359}
1360
1361static void drain_txstatus_queue(struct b43_wldev *dev)
1362{
1363        u32 dummy;
1364
1365        if (dev->dev->core_rev < 5)
1366                return;
1367        /* Read all entries from the microcode TXstatus FIFO
1368         * and throw them away.
1369         */
1370        while (1) {
1371                dummy = b43_read32(dev, B43_MMIO_XMITSTAT_0);
1372                if (!(dummy & 0x00000001))
1373                        break;
1374                dummy = b43_read32(dev, B43_MMIO_XMITSTAT_1);
1375        }
1376}
1377
1378static u32 b43_jssi_read(struct b43_wldev *dev)
1379{
1380        u32 val = 0;
1381
1382        val = b43_shm_read16(dev, B43_SHM_SHARED, B43_SHM_SH_JSSI1);
1383        val <<= 16;
1384        val |= b43_shm_read16(dev, B43_SHM_SHARED, B43_SHM_SH_JSSI0);
1385
1386        return val;
1387}
1388
1389static void b43_jssi_write(struct b43_wldev *dev, u32 jssi)
1390{
1391        b43_shm_write16(dev, B43_SHM_SHARED, B43_SHM_SH_JSSI0,
1392                        (jssi & 0x0000FFFF));
1393        b43_shm_write16(dev, B43_SHM_SHARED, B43_SHM_SH_JSSI1,
1394                        (jssi & 0xFFFF0000) >> 16);
1395}
1396
1397static void b43_generate_noise_sample(struct b43_wldev *dev)
1398{
1399        b43_jssi_write(dev, 0x7F7F7F7F);
1400        b43_write32(dev, B43_MMIO_MACCMD,
1401                    b43_read32(dev, B43_MMIO_MACCMD) | B43_MACCMD_BGNOISE);
1402}
1403
1404static void b43_calculate_link_quality(struct b43_wldev *dev)
1405{
1406        /* Top half of Link Quality calculation. */
1407
1408        if (dev->phy.type != B43_PHYTYPE_G)
1409                return;
1410        if (dev->noisecalc.calculation_running)
1411                return;
1412        dev->noisecalc.calculation_running = true;
1413        dev->noisecalc.nr_samples = 0;
1414
1415        b43_generate_noise_sample(dev);
1416}
1417
1418static void handle_irq_noise(struct b43_wldev *dev)
1419{
1420        struct b43_phy_g *phy = dev->phy.g;
1421        u16 tmp;
1422        u8 noise[4];
1423        u8 i, j;
1424        s32 average;
1425
1426        /* Bottom half of Link Quality calculation. */
1427
1428        if (dev->phy.type != B43_PHYTYPE_G)
1429                return;
1430
1431        /* Possible race condition: It might be possible that the user
1432         * changed to a different channel in the meantime since we
1433         * started the calculation. We ignore that fact, since it's
1434         * not really that much of a problem. The background noise is
1435         * an estimation only anyway. Slightly wrong results will get damped
1436         * by the averaging of the 8 sample rounds. Additionally the
1437         * value is shortlived. So it will be replaced by the next noise
1438         * calculation round soon. */
1439
1440        B43_WARN_ON(!dev->noisecalc.calculation_running);
1441        *((__le32 *)noise) = cpu_to_le32(b43_jssi_read(dev));
1442        if (noise[0] == 0x7F || noise[1] == 0x7F ||
1443            noise[2] == 0x7F || noise[3] == 0x7F)
1444                goto generate_new;
1445
1446        /* Get the noise samples. */
1447        B43_WARN_ON(dev->noisecalc.nr_samples >= 8);
1448        i = dev->noisecalc.nr_samples;
1449        noise[0] = clamp_val(noise[0], 0, ARRAY_SIZE(phy->nrssi_lt) - 1);
1450        noise[1] = clamp_val(noise[1], 0, ARRAY_SIZE(phy->nrssi_lt) - 1);
1451        noise[2] = clamp_val(noise[2], 0, ARRAY_SIZE(phy->nrssi_lt) - 1);
1452        noise[3] = clamp_val(noise[3], 0, ARRAY_SIZE(phy->nrssi_lt) - 1);
1453        dev->noisecalc.samples[i][0] = phy->nrssi_lt[noise[0]];
1454        dev->noisecalc.samples[i][1] = phy->nrssi_lt[noise[1]];
1455        dev->noisecalc.samples[i][2] = phy->nrssi_lt[noise[2]];
1456        dev->noisecalc.samples[i][3] = phy->nrssi_lt[noise[3]];
1457        dev->noisecalc.nr_samples++;
1458        if (dev->noisecalc.nr_samples == 8) {
1459                /* Calculate the Link Quality by the noise samples. */
1460                average = 0;
1461                for (i = 0; i < 8; i++) {
1462                        for (j = 0; j < 4; j++)
1463                                average += dev->noisecalc.samples[i][j];
1464                }
1465                average /= (8 * 4);
1466                average *= 125;
1467                average += 64;
1468                average /= 128;
1469                tmp = b43_shm_read16(dev, B43_SHM_SHARED, 0x40C);
1470                tmp = (tmp / 128) & 0x1F;
1471                if (tmp >= 8)
1472                        average += 2;
1473                else
1474                        average -= 25;
1475                if (tmp == 8)
1476                        average -= 72;
1477                else
1478                        average -= 48;
1479
1480                dev->stats.link_noise = average;
1481                dev->noisecalc.calculation_running = false;
1482                return;
1483        }
1484generate_new:
1485        b43_generate_noise_sample(dev);
1486}
1487
1488static void handle_irq_tbtt_indication(struct b43_wldev *dev)
1489{
1490        if (b43_is_mode(dev->wl, NL80211_IFTYPE_AP)) {
1491                ///TODO: PS TBTT
1492        } else {
1493                if (1 /*FIXME: the last PSpoll frame was sent successfully */ )
1494                        b43_power_saving_ctl_bits(dev, 0);
1495        }
1496        if (b43_is_mode(dev->wl, NL80211_IFTYPE_ADHOC))
1497                dev->dfq_valid = true;
1498}
1499
1500static void handle_irq_atim_end(struct b43_wldev *dev)
1501{
1502        if (dev->dfq_valid) {
1503                b43_write32(dev, B43_MMIO_MACCMD,
1504                            b43_read32(dev, B43_MMIO_MACCMD)
1505                            | B43_MACCMD_DFQ_VALID);
1506                dev->dfq_valid = false;
1507        }
1508}
1509
1510static void handle_irq_pmq(struct b43_wldev *dev)
1511{
1512        u32 tmp;
1513
1514        //TODO: AP mode.
1515
1516        while (1) {
1517                tmp = b43_read32(dev, B43_MMIO_PS_STATUS);
1518                if (!(tmp & 0x00000008))
1519                        break;
1520        }
1521        /* 16bit write is odd, but correct. */
1522        b43_write16(dev, B43_MMIO_PS_STATUS, 0x0002);
1523}
1524
1525static void b43_write_template_common(struct b43_wldev *dev,
1526                                      const u8 *data, u16 size,
1527                                      u16 ram_offset,
1528                                      u16 shm_size_offset, u8 rate)
1529{
1530        u32 i, tmp;
1531        struct b43_plcp_hdr4 plcp;
1532
1533        plcp.data = 0;
1534        b43_generate_plcp_hdr(&plcp, size + FCS_LEN, rate);
1535        b43_ram_write(dev, ram_offset, le32_to_cpu(plcp.data));
1536        ram_offset += sizeof(u32);
1537        /* The PLCP is 6 bytes long, but we only wrote 4 bytes, yet.
1538         * So leave the first two bytes of the next write blank.
1539         */
1540        tmp = (u32) (data[0]) << 16;
1541        tmp |= (u32) (data[1]) << 24;
1542        b43_ram_write(dev, ram_offset, tmp);
1543        ram_offset += sizeof(u32);
1544        for (i = 2; i < size; i += sizeof(u32)) {
1545                tmp = (u32) (data[i + 0]);
1546                if (i + 1 < size)
1547                        tmp |= (u32) (data[i + 1]) << 8;
1548                if (i + 2 < size)
1549                        tmp |= (u32) (data[i + 2]) << 16;
1550                if (i + 3 < size)
1551                        tmp |= (u32) (data[i + 3]) << 24;
1552                b43_ram_write(dev, ram_offset + i - 2, tmp);
1553        }
1554        b43_shm_write16(dev, B43_SHM_SHARED, shm_size_offset,
1555                        size + sizeof(struct b43_plcp_hdr6));
1556}
1557
1558/* Check if the use of the antenna that ieee80211 told us to
1559 * use is possible. This will fall back to DEFAULT.
1560 * "antenna_nr" is the antenna identifier we got from ieee80211. */
1561u8 b43_ieee80211_antenna_sanitize(struct b43_wldev *dev,
1562                                  u8 antenna_nr)
1563{
1564        u8 antenna_mask;
1565
1566        if (antenna_nr == 0) {
1567                /* Zero means "use default antenna". That's always OK. */
1568                return 0;
1569        }
1570
1571        /* Get the mask of available antennas. */
1572        if (dev->phy.gmode)
1573                antenna_mask = dev->dev->bus_sprom->ant_available_bg;
1574        else
1575                antenna_mask = dev->dev->bus_sprom->ant_available_a;
1576
1577        if (!(antenna_mask & (1 << (antenna_nr - 1)))) {
1578                /* This antenna is not available. Fall back to default. */
1579                return 0;
1580        }
1581
1582        return antenna_nr;
1583}
1584
1585/* Convert a b43 antenna number value to the PHY TX control value. */
1586static u16 b43_antenna_to_phyctl(int antenna)
1587{
1588        switch (antenna) {
1589        case B43_ANTENNA0:
1590                return B43_TXH_PHY_ANT0;
1591        case B43_ANTENNA1:
1592                return B43_TXH_PHY_ANT1;
1593        case B43_ANTENNA2:
1594                return B43_TXH_PHY_ANT2;
1595        case B43_ANTENNA3:
1596                return B43_TXH_PHY_ANT3;
1597        case B43_ANTENNA_AUTO0:
1598        case B43_ANTENNA_AUTO1:
1599                return B43_TXH_PHY_ANT01AUTO;
1600        }
1601        B43_WARN_ON(1);
1602        return 0;
1603}
1604
1605static void b43_write_beacon_template(struct b43_wldev *dev,
1606                                      u16 ram_offset,
1607                                      u16 shm_size_offset)
1608{
1609        unsigned int i, len, variable_len;
1610        const struct ieee80211_mgmt *bcn;
1611        const u8 *ie;
1612        bool tim_found = false;
1613        unsigned int rate;
1614        u16 ctl;
1615        int antenna;
1616        struct ieee80211_tx_info *info;
1617        unsigned long flags;
1618        struct sk_buff *beacon_skb;
1619
1620        spin_lock_irqsave(&dev->wl->beacon_lock, flags);
1621        info = IEEE80211_SKB_CB(dev->wl->current_beacon);
1622        rate = ieee80211_get_tx_rate(dev->wl->hw, info)->hw_value;
1623        /* Clone the beacon, so it cannot go away, while we write it to hw. */
1624        beacon_skb = skb_clone(dev->wl->current_beacon, GFP_ATOMIC);
1625        spin_unlock_irqrestore(&dev->wl->beacon_lock, flags);
1626
1627        if (!beacon_skb) {
1628                b43dbg(dev->wl, "Could not upload beacon. "
1629                       "Failed to clone beacon skb.");
1630                return;
1631        }
1632
1633        bcn = (const struct ieee80211_mgmt *)(beacon_skb->data);
1634        len = min_t(size_t, beacon_skb->len,
1635                    0x200 - sizeof(struct b43_plcp_hdr6));
1636
1637        b43_write_template_common(dev, (const u8 *)bcn,
1638                                  len, ram_offset, shm_size_offset, rate);
1639
1640        /* Write the PHY TX control parameters. */
1641        antenna = B43_ANTENNA_DEFAULT;
1642        antenna = b43_antenna_to_phyctl(antenna);
1643        ctl = b43_shm_read16(dev, B43_SHM_SHARED, B43_SHM_SH_BEACPHYCTL);
1644        /* We can't send beacons with short preamble. Would get PHY errors. */
1645        ctl &= ~B43_TXH_PHY_SHORTPRMBL;
1646        ctl &= ~B43_TXH_PHY_ANT;
1647        ctl &= ~B43_TXH_PHY_ENC;
1648        ctl |= antenna;
1649        if (b43_is_cck_rate(rate))
1650                ctl |= B43_TXH_PHY_ENC_CCK;
1651        else
1652                ctl |= B43_TXH_PHY_ENC_OFDM;
1653        b43_shm_write16(dev, B43_SHM_SHARED, B43_SHM_SH_BEACPHYCTL, ctl);
1654
1655        /* Find the position of the TIM and the DTIM_period value
1656         * and write them to SHM. */
1657        ie = bcn->u.beacon.variable;
1658        variable_len = len - offsetof(struct ieee80211_mgmt, u.beacon.variable);
1659        for (i = 0; i < variable_len - 2; ) {
1660                uint8_t ie_id, ie_len;
1661
1662                ie_id = ie[i];
1663                ie_len = ie[i + 1];
1664                if (ie_id == 5) {
1665                        u16 tim_position;
1666                        u16 dtim_period;
1667                        /* This is the TIM Information Element */
1668
1669                        /* Check whether the ie_len is in the beacon data range. */
1670                        if (variable_len < ie_len + 2 + i)
1671                                break;
1672                        /* A valid TIM is at least 4 bytes long. */
1673                        if (ie_len < 4)
1674                                break;
1675                        tim_found = true;
1676
1677                        tim_position = sizeof(struct b43_plcp_hdr6);
1678                        tim_position += offsetof(struct ieee80211_mgmt, u.beacon.variable);
1679                        tim_position += i;
1680
1681                        dtim_period = ie[i + 3];
1682
1683                        b43_shm_write16(dev, B43_SHM_SHARED,
1684                                        B43_SHM_SH_TIMBPOS, tim_position);
1685                        b43_shm_write16(dev, B43_SHM_SHARED,
1686                                        B43_SHM_SH_DTIMPER, dtim_period);
1687                        break;
1688                }
1689                i += ie_len + 2;
1690        }
1691        if (!tim_found) {
1692                /*
1693                 * If ucode wants to modify TIM do it behind the beacon, this
1694                 * will happen, for example, when doing mesh networking.
1695                 */
1696                b43_shm_write16(dev, B43_SHM_SHARED,
1697                                B43_SHM_SH_TIMBPOS,
1698                                len + sizeof(struct b43_plcp_hdr6));
1699                b43_shm_write16(dev, B43_SHM_SHARED,
1700                                B43_SHM_SH_DTIMPER, 0);
1701        }
1702        b43dbg(dev->wl, "Updated beacon template at 0x%x\n", ram_offset);
1703
1704        dev_kfree_skb_any(beacon_skb);
1705}
1706
1707static void b43_upload_beacon0(struct b43_wldev *dev)
1708{
1709        struct b43_wl *wl = dev->wl;
1710
1711        if (wl->beacon0_uploaded)
1712                return;
1713        b43_write_beacon_template(dev, B43_SHM_SH_BT_BASE0, B43_SHM_SH_BTL0);
1714        wl->beacon0_uploaded = true;
1715}
1716
1717static void b43_upload_beacon1(struct b43_wldev *dev)
1718{
1719        struct b43_wl *wl = dev->wl;
1720
1721        if (wl->beacon1_uploaded)
1722                return;
1723        b43_write_beacon_template(dev, B43_SHM_SH_BT_BASE1, B43_SHM_SH_BTL1);
1724        wl->beacon1_uploaded = true;
1725}
1726
1727static void handle_irq_beacon(struct b43_wldev *dev)
1728{
1729        struct b43_wl *wl = dev->wl;
1730        u32 cmd, beacon0_valid, beacon1_valid;
1731
1732        if (!b43_is_mode(wl, NL80211_IFTYPE_AP) &&
1733            !b43_is_mode(wl, NL80211_IFTYPE_MESH_POINT) &&
1734            !b43_is_mode(wl, NL80211_IFTYPE_ADHOC))
1735                return;
1736
1737        /* This is the bottom half of the asynchronous beacon update. */
1738
1739        /* Ignore interrupt in the future. */
1740        dev->irq_mask &= ~B43_IRQ_BEACON;
1741
1742        cmd = b43_read32(dev, B43_MMIO_MACCMD);
1743        beacon0_valid = (cmd & B43_MACCMD_BEACON0_VALID);
1744        beacon1_valid = (cmd & B43_MACCMD_BEACON1_VALID);
1745
1746        /* Schedule interrupt manually, if busy. */
1747        if (beacon0_valid && beacon1_valid) {
1748                b43_write32(dev, B43_MMIO_GEN_IRQ_REASON, B43_IRQ_BEACON);
1749                dev->irq_mask |= B43_IRQ_BEACON;
1750                return;
1751        }
1752
1753        if (unlikely(wl->beacon_templates_virgin)) {
1754                /* We never uploaded a beacon before.
1755                 * Upload both templates now, but only mark one valid. */
1756                wl->beacon_templates_virgin = false;
1757                b43_upload_beacon0(dev);
1758                b43_upload_beacon1(dev);
1759                cmd = b43_read32(dev, B43_MMIO_MACCMD);
1760                cmd |= B43_MACCMD_BEACON0_VALID;
1761                b43_write32(dev, B43_MMIO_MACCMD, cmd);
1762        } else {
1763                if (!beacon0_valid) {
1764                        b43_upload_beacon0(dev);
1765                        cmd = b43_read32(dev, B43_MMIO_MACCMD);
1766                        cmd |= B43_MACCMD_BEACON0_VALID;
1767                        b43_write32(dev, B43_MMIO_MACCMD, cmd);
1768                } else if (!beacon1_valid) {
1769                        b43_upload_beacon1(dev);
1770                        cmd = b43_read32(dev, B43_MMIO_MACCMD);
1771                        cmd |= B43_MACCMD_BEACON1_VALID;
1772                        b43_write32(dev, B43_MMIO_MACCMD, cmd);
1773                }
1774        }
1775}
1776
1777static void b43_do_beacon_update_trigger_work(struct b43_wldev *dev)
1778{
1779        u32 old_irq_mask = dev->irq_mask;
1780
1781        /* update beacon right away or defer to irq */
1782        handle_irq_beacon(dev);
1783        if (old_irq_mask != dev->irq_mask) {
1784                /* The handler updated the IRQ mask. */
1785                B43_WARN_ON(!dev->irq_mask);
1786                if (b43_read32(dev, B43_MMIO_GEN_IRQ_MASK)) {
1787                        b43_write32(dev, B43_MMIO_GEN_IRQ_MASK, dev->irq_mask);
1788                } else {
1789                        /* Device interrupts are currently disabled. That means
1790                         * we just ran the hardirq handler and scheduled the
1791                         * IRQ thread. The thread will write the IRQ mask when
1792                         * it finished, so there's nothing to do here. Writing
1793                         * the mask _here_ would incorrectly re-enable IRQs. */
1794                }
1795        }
1796}
1797
1798static void b43_beacon_update_trigger_work(struct work_struct *work)
1799{
1800        struct b43_wl *wl = container_of(work, struct b43_wl,
1801                                         beacon_update_trigger);
1802        struct b43_wldev *dev;
1803
1804        mutex_lock(&wl->mutex);
1805        dev = wl->current_dev;
1806        if (likely(dev && (b43_status(dev) >= B43_STAT_INITIALIZED))) {
1807                if (b43_bus_host_is_sdio(dev->dev)) {
1808                        /* wl->mutex is enough. */
1809                        b43_do_beacon_update_trigger_work(dev);
1810                } else {
1811                        spin_lock_irq(&wl->hardirq_lock);
1812                        b43_do_beacon_update_trigger_work(dev);
1813                        spin_unlock_irq(&wl->hardirq_lock);
1814                }
1815        }
1816        mutex_unlock(&wl->mutex);
1817}
1818
1819/* Asynchronously update the packet templates in template RAM. */
1820static void b43_update_templates(struct b43_wl *wl)
1821{
1822        struct sk_buff *beacon, *old_beacon;
1823        unsigned long flags;
1824
1825        /* This is the top half of the asynchronous beacon update.
1826         * The bottom half is the beacon IRQ.
1827         * Beacon update must be asynchronous to avoid sending an
1828         * invalid beacon. This can happen for example, if the firmware
1829         * transmits a beacon while we are updating it. */
1830
1831        /* We could modify the existing beacon and set the aid bit in
1832         * the TIM field, but that would probably require resizing and
1833         * moving of data within the beacon template.
1834         * Simply request a new beacon and let mac80211 do the hard work. */
1835        beacon = ieee80211_beacon_get(wl->hw, wl->vif);
1836        if (unlikely(!beacon))
1837                return;
1838
1839        spin_lock_irqsave(&wl->beacon_lock, flags);
1840        old_beacon = wl->current_beacon;
1841        wl->current_beacon = beacon;
1842        wl->beacon0_uploaded = false;
1843        wl->beacon1_uploaded = false;
1844        spin_unlock_irqrestore(&wl->beacon_lock, flags);
1845
1846        ieee80211_queue_work(wl->hw, &wl->beacon_update_trigger);
1847
1848        if (old_beacon)
1849                dev_kfree_skb_any(old_beacon);
1850}
1851
1852static void b43_set_beacon_int(struct b43_wldev *dev, u16 beacon_int)
1853{
1854        b43_time_lock(dev);
1855        if (dev->dev->core_rev >= 3) {
1856                b43_write32(dev, B43_MMIO_TSF_CFP_REP, (beacon_int << 16));
1857                b43_write32(dev, B43_MMIO_TSF_CFP_START, (beacon_int << 10));
1858        } else {
1859                b43_write16(dev, 0x606, (beacon_int >> 6));
1860                b43_write16(dev, 0x610, beacon_int);
1861        }
1862        b43_time_unlock(dev);
1863        b43dbg(dev->wl, "Set beacon interval to %u\n", beacon_int);
1864}
1865
1866static void b43_handle_firmware_panic(struct b43_wldev *dev)
1867{
1868        u16 reason;
1869
1870        /* Read the register that contains the reason code for the panic. */
1871        reason = b43_shm_read16(dev, B43_SHM_SCRATCH, B43_FWPANIC_REASON_REG);
1872        b43err(dev->wl, "Whoopsy, firmware panic! Reason: %u\n", reason);
1873
1874        switch (reason) {
1875        default:
1876                b43dbg(dev->wl, "The panic reason is unknown.\n");
1877                fallthrough;
1878        case B43_FWPANIC_DIE:
1879                /* Do not restart the controller or firmware.
1880                 * The device is nonfunctional from now on.
1881                 * Restarting would result in this panic to trigger again,
1882                 * so we avoid that recursion. */
1883                break;
1884        case B43_FWPANIC_RESTART:
1885                b43_controller_restart(dev, "Microcode panic");
1886                break;
1887        }
1888}
1889
1890static void handle_irq_ucode_debug(struct b43_wldev *dev)
1891{
1892        unsigned int i, cnt;
1893        u16 reason, marker_id, marker_line;
1894        __le16 *buf;
1895
1896        /* The proprietary firmware doesn't have this IRQ. */
1897        if (!dev->fw.opensource)
1898                return;
1899
1900        /* Read the register that contains the reason code for this IRQ. */
1901        reason = b43_shm_read16(dev, B43_SHM_SCRATCH, B43_DEBUGIRQ_REASON_REG);
1902
1903        switch (reason) {
1904        case B43_DEBUGIRQ_PANIC:
1905                b43_handle_firmware_panic(dev);
1906                break;
1907        case B43_DEBUGIRQ_DUMP_SHM:
1908                if (!B43_DEBUG)
1909                        break; /* Only with driver debugging enabled. */
1910                buf = kmalloc(4096, GFP_ATOMIC);
1911                if (!buf) {
1912                        b43dbg(dev->wl, "SHM-dump: Failed to allocate memory\n");
1913                        goto out;
1914                }
1915                for (i = 0; i < 4096; i += 2) {
1916                        u16 tmp = b43_shm_read16(dev, B43_SHM_SHARED, i);
1917                        buf[i / 2] = cpu_to_le16(tmp);
1918                }
1919                b43info(dev->wl, "Shared memory dump:\n");
1920                print_hex_dump(KERN_INFO, "", DUMP_PREFIX_OFFSET,
1921                               16, 2, buf, 4096, 1);
1922                kfree(buf);
1923                break;
1924        case B43_DEBUGIRQ_DUMP_REGS:
1925                if (!B43_DEBUG)
1926                        break; /* Only with driver debugging enabled. */
1927                b43info(dev->wl, "Microcode register dump:\n");
1928                for (i = 0, cnt = 0; i < 64; i++) {
1929                        u16 tmp = b43_shm_read16(dev, B43_SHM_SCRATCH, i);
1930                        if (cnt == 0)
1931                                printk(KERN_INFO);
1932                        printk("r%02u: 0x%04X  ", i, tmp);
1933                        cnt++;
1934                        if (cnt == 6) {
1935                                printk("\n");
1936                                cnt = 0;
1937                        }
1938                }
1939                printk("\n");
1940                break;
1941        case B43_DEBUGIRQ_MARKER:
1942                if (!B43_DEBUG)
1943                        break; /* Only with driver debugging enabled. */
1944                marker_id = b43_shm_read16(dev, B43_SHM_SCRATCH,
1945                                           B43_MARKER_ID_REG);
1946                marker_line = b43_shm_read16(dev, B43_SHM_SCRATCH,
1947                                             B43_MARKER_LINE_REG);
1948                b43info(dev->wl, "The firmware just executed the MARKER(%u) "
1949                        "at line number %u\n",
1950                        marker_id, marker_line);
1951                break;
1952        default:
1953                b43dbg(dev->wl, "Debug-IRQ triggered for unknown reason: %u\n",
1954                       reason);
1955        }
1956out:
1957        /* Acknowledge the debug-IRQ, so the firmware can continue. */
1958        b43_shm_write16(dev, B43_SHM_SCRATCH,
1959                        B43_DEBUGIRQ_REASON_REG, B43_DEBUGIRQ_ACK);
1960}
1961
1962static void b43_do_interrupt_thread(struct b43_wldev *dev)
1963{
1964        u32 reason;
1965        u32 dma_reason[ARRAY_SIZE(dev->dma_reason)];
1966        u32 merged_dma_reason = 0;
1967        int i;
1968
1969        if (unlikely(b43_status(dev) != B43_STAT_STARTED))
1970                return;
1971
1972        reason = dev->irq_reason;
1973        for (i = 0; i < ARRAY_SIZE(dma_reason); i++) {
1974                dma_reason[i] = dev->dma_reason[i];
1975                merged_dma_reason |= dma_reason[i];
1976        }
1977
1978        if (unlikely(reason & B43_IRQ_MAC_TXERR))
1979                b43err(dev->wl, "MAC transmission error\n");
1980
1981        if (unlikely(reason & B43_IRQ_PHY_TXERR)) {
1982                b43err(dev->wl, "PHY transmission error\n");
1983                rmb();
1984                if (unlikely(atomic_dec_and_test(&dev->phy.txerr_cnt))) {
1985                        atomic_set(&dev->phy.txerr_cnt,
1986                                   B43_PHY_TX_BADNESS_LIMIT);
1987                        b43err(dev->wl, "Too many PHY TX errors, "
1988                                        "restarting the controller\n");
1989                        b43_controller_restart(dev, "PHY TX errors");
1990                }
1991        }
1992
1993        if (unlikely(merged_dma_reason & (B43_DMAIRQ_FATALMASK))) {
1994                b43err(dev->wl,
1995                        "Fatal DMA error: 0x%08X, 0x%08X, 0x%08X, 0x%08X, 0x%08X, 0x%08X\n",
1996                        dma_reason[0], dma_reason[1],
1997                        dma_reason[2], dma_reason[3],
1998                        dma_reason[4], dma_reason[5]);
1999                b43err(dev->wl, "This device does not support DMA "
2000                               "on your system. It will now be switched to PIO.\n");
2001                /* Fall back to PIO transfers if we get fatal DMA errors! */
2002                dev->use_pio = true;
2003                b43_controller_restart(dev, "DMA error");
2004                return;
2005        }
2006
2007        if (unlikely(reason & B43_IRQ_UCODE_DEBUG))
2008                handle_irq_ucode_debug(dev);
2009        if (reason & B43_IRQ_TBTT_INDI)
2010                handle_irq_tbtt_indication(dev);
2011        if (reason & B43_IRQ_ATIM_END)
2012                handle_irq_atim_end(dev);
2013        if (reason & B43_IRQ_BEACON)
2014                handle_irq_beacon(dev);
2015        if (reason & B43_IRQ_PMQ)
2016                handle_irq_pmq(dev);
2017        if (reason & B43_IRQ_TXFIFO_FLUSH_OK) {
2018                ;/* TODO */
2019        }
2020        if (reason & B43_IRQ_NOISESAMPLE_OK)
2021                handle_irq_noise(dev);
2022
2023        /* Check the DMA reason registers for received data. */
2024        if (dma_reason[0] & B43_DMAIRQ_RDESC_UFLOW) {
2025                if (B43_DEBUG)
2026                        b43warn(dev->wl, "RX descriptor underrun\n");
2027                b43_dma_handle_rx_overflow(dev->dma.rx_ring);
2028        }
2029        if (dma_reason[0] & B43_DMAIRQ_RX_DONE) {
2030                if (b43_using_pio_transfers(dev))
2031                        b43_pio_rx(dev->pio.rx_queue);
2032                else
2033                        b43_dma_rx(dev->dma.rx_ring);
2034        }
2035        B43_WARN_ON(dma_reason[1] & B43_DMAIRQ_RX_DONE);
2036        B43_WARN_ON(dma_reason[2] & B43_DMAIRQ_RX_DONE);
2037        B43_WARN_ON(dma_reason[3] & B43_DMAIRQ_RX_DONE);
2038        B43_WARN_ON(dma_reason[4] & B43_DMAIRQ_RX_DONE);
2039        B43_WARN_ON(dma_reason[5] & B43_DMAIRQ_RX_DONE);
2040
2041        if (reason & B43_IRQ_TX_OK)
2042                handle_irq_transmit_status(dev);
2043
2044        /* Re-enable interrupts on the device by restoring the current interrupt mask. */
2045        b43_write32(dev, B43_MMIO_GEN_IRQ_MASK, dev->irq_mask);
2046
2047#if B43_DEBUG
2048        if (b43_debug(dev, B43_DBG_VERBOSESTATS)) {
2049                dev->irq_count++;
2050                for (i = 0; i < ARRAY_SIZE(dev->irq_bit_count); i++) {
2051                        if (reason & (1 << i))
2052                                dev->irq_bit_count[i]++;
2053                }
2054        }
2055#endif
2056}
2057
2058/* Interrupt thread handler. Handles device interrupts in thread context. */
2059static irqreturn_t b43_interrupt_thread_handler(int irq, void *dev_id)
2060{
2061        struct b43_wldev *dev = dev_id;
2062
2063        mutex_lock(&dev->wl->mutex);
2064        b43_do_interrupt_thread(dev);
2065        mutex_unlock(&dev->wl->mutex);
2066
2067        return IRQ_HANDLED;
2068}
2069
2070static irqreturn_t b43_do_interrupt(struct b43_wldev *dev)
2071{
2072        u32 reason;
2073
2074        /* This code runs under wl->hardirq_lock, but _only_ on non-SDIO busses.
2075         * On SDIO, this runs under wl->mutex. */
2076
2077        reason = b43_read32(dev, B43_MMIO_GEN_IRQ_REASON);
2078        if (reason == 0xffffffff)       /* shared IRQ */
2079                return IRQ_NONE;
2080        reason &= dev->irq_mask;
2081        if (!reason)
2082                return IRQ_NONE;
2083
2084        dev->dma_reason[0] = b43_read32(dev, B43_MMIO_DMA0_REASON)
2085            & 0x0001FC00;
2086        dev->dma_reason[1] = b43_read32(dev, B43_MMIO_DMA1_REASON)
2087            & 0x0000DC00;
2088        dev->dma_reason[2] = b43_read32(dev, B43_MMIO_DMA2_REASON)
2089            & 0x0000DC00;
2090        dev->dma_reason[3] = b43_read32(dev, B43_MMIO_DMA3_REASON)
2091            & 0x0001DC00;
2092        dev->dma_reason[4] = b43_read32(dev, B43_MMIO_DMA4_REASON)
2093            & 0x0000DC00;
2094/* Unused ring
2095        dev->dma_reason[5] = b43_read32(dev, B43_MMIO_DMA5_REASON)
2096            & 0x0000DC00;
2097*/
2098
2099        /* ACK the interrupt. */
2100        b43_write32(dev, B43_MMIO_GEN_IRQ_REASON, reason);
2101        b43_write32(dev, B43_MMIO_DMA0_REASON, dev->dma_reason[0]);
2102        b43_write32(dev, B43_MMIO_DMA1_REASON, dev->dma_reason[1]);
2103        b43_write32(dev, B43_MMIO_DMA2_REASON, dev->dma_reason[2]);
2104        b43_write32(dev, B43_MMIO_DMA3_REASON, dev->dma_reason[3]);
2105        b43_write32(dev, B43_MMIO_DMA4_REASON, dev->dma_reason[4]);
2106/* Unused ring
2107        b43_write32(dev, B43_MMIO_DMA5_REASON, dev->dma_reason[5]);
2108*/
2109
2110        /* Disable IRQs on the device. The IRQ thread handler will re-enable them. */
2111        b43_write32(dev, B43_MMIO_GEN_IRQ_MASK, 0);
2112        /* Save the reason bitmasks for the IRQ thread handler. */
2113        dev->irq_reason = reason;
2114
2115        return IRQ_WAKE_THREAD;
2116}
2117
2118/* Interrupt handler top-half. This runs with interrupts disabled. */
2119static irqreturn_t b43_interrupt_handler(int irq, void *dev_id)
2120{
2121        struct b43_wldev *dev = dev_id;
2122        irqreturn_t ret;
2123
2124        if (unlikely(b43_status(dev) < B43_STAT_STARTED))
2125                return IRQ_NONE;
2126
2127        spin_lock(&dev->wl->hardirq_lock);
2128        ret = b43_do_interrupt(dev);
2129        spin_unlock(&dev->wl->hardirq_lock);
2130
2131        return ret;
2132}
2133
2134/* SDIO interrupt handler. This runs in process context. */
2135static void b43_sdio_interrupt_handler(struct b43_wldev *dev)
2136{
2137        struct b43_wl *wl = dev->wl;
2138        irqreturn_t ret;
2139
2140        mutex_lock(&wl->mutex);
2141
2142        ret = b43_do_interrupt(dev);
2143        if (ret == IRQ_WAKE_THREAD)
2144                b43_do_interrupt_thread(dev);
2145
2146        mutex_unlock(&wl->mutex);
2147}
2148
2149void b43_do_release_fw(struct b43_firmware_file *fw)
2150{
2151        release_firmware(fw->data);
2152        fw->data = NULL;
2153        fw->filename = NULL;
2154}
2155
2156static void b43_release_firmware(struct b43_wldev *dev)
2157{
2158        complete(&dev->fw_load_complete);
2159        b43_do_release_fw(&dev->fw.ucode);
2160        b43_do_release_fw(&dev->fw.pcm);
2161        b43_do_release_fw(&dev->fw.initvals);
2162        b43_do_release_fw(&dev->fw.initvals_band);
2163}
2164
2165static void b43_print_fw_helptext(struct b43_wl *wl, bool error)
2166{
2167        const char text[] =
2168                "You must go to " \
2169                "https://wireless.wiki.kernel.org/en/users/Drivers/b43#devicefirmware " \
2170                "and download the correct firmware for this driver version. " \
2171                "Please carefully read all instructions on this website.\n";
2172
2173        if (error)
2174                b43err(wl, text);
2175        else
2176                b43warn(wl, text);
2177}
2178
2179static void b43_fw_cb(const struct firmware *firmware, void *context)
2180{
2181        struct b43_request_fw_context *ctx = context;
2182
2183        ctx->blob = firmware;
2184        complete(&ctx->dev->fw_load_complete);
2185}
2186
2187int b43_do_request_fw(struct b43_request_fw_context *ctx,
2188                      const char *name,
2189                      struct b43_firmware_file *fw, bool async)
2190{
2191        struct b43_fw_header *hdr;
2192        u32 size;
2193        int err;
2194
2195        if (!name) {
2196                /* Don't fetch anything. Free possibly cached firmware. */
2197                /* FIXME: We should probably keep it anyway, to save some headache
2198                 * on suspend/resume with multiband devices. */
2199                b43_do_release_fw(fw);
2200                return 0;
2201        }
2202        if (fw->filename) {
2203                if ((fw->type == ctx->req_type) &&
2204                    (strcmp(fw->filename, name) == 0))
2205                        return 0; /* Already have this fw. */
2206                /* Free the cached firmware first. */
2207                /* FIXME: We should probably do this later after we successfully
2208                 * got the new fw. This could reduce headache with multiband devices.
2209                 * We could also redesign this to cache the firmware for all possible
2210                 * bands all the time. */
2211                b43_do_release_fw(fw);
2212        }
2213
2214        switch (ctx->req_type) {
2215        case B43_FWTYPE_PROPRIETARY:
2216                snprintf(ctx->fwname, sizeof(ctx->fwname),
2217                         "b43%s/%s.fw",
2218                         modparam_fwpostfix, name);
2219                break;
2220        case B43_FWTYPE_OPENSOURCE:
2221                snprintf(ctx->fwname, sizeof(ctx->fwname),
2222                         "b43-open%s/%s.fw",
2223                         modparam_fwpostfix, name);
2224                break;
2225        default:
2226                B43_WARN_ON(1);
2227                return -ENOSYS;
2228        }
2229        if (async) {
2230                /* do this part asynchronously */
2231                init_completion(&ctx->dev->fw_load_complete);
2232                err = request_firmware_nowait(THIS_MODULE, 1, ctx->fwname,
2233                                              ctx->dev->dev->dev, GFP_KERNEL,
2234                                              ctx, b43_fw_cb);
2235                if (err < 0) {
2236                        pr_err("Unable to load firmware\n");
2237                        return err;
2238                }
2239                wait_for_completion(&ctx->dev->fw_load_complete);
2240                if (ctx->blob)
2241                        goto fw_ready;
2242        /* On some ARM systems, the async request will fail, but the next sync
2243         * request works. For this reason, we fall through here
2244         */
2245        }
2246        err = request_firmware(&ctx->blob, ctx->fwname,
2247                               ctx->dev->dev->dev);
2248        if (err == -ENOENT) {
2249                snprintf(ctx->errors[ctx->req_type],
2250                         sizeof(ctx->errors[ctx->req_type]),
2251                         "Firmware file \"%s\" not found\n",
2252                         ctx->fwname);
2253                return err;
2254        } else if (err) {
2255                snprintf(ctx->errors[ctx->req_type],
2256                         sizeof(ctx->errors[ctx->req_type]),
2257                         "Firmware file \"%s\" request failed (err=%d)\n",
2258                         ctx->fwname, err);
2259                return err;
2260        }
2261fw_ready:
2262        if (ctx->blob->size < sizeof(struct b43_fw_header))
2263                goto err_format;
2264        hdr = (struct b43_fw_header *)(ctx->blob->data);
2265        switch (hdr->type) {
2266        case B43_FW_TYPE_UCODE:
2267        case B43_FW_TYPE_PCM:
2268                size = be32_to_cpu(hdr->size);
2269                if (size != ctx->blob->size - sizeof(struct b43_fw_header))
2270                        goto err_format;
2271                fallthrough;
2272        case B43_FW_TYPE_IV:
2273                if (hdr->ver != 1)
2274                        goto err_format;
2275                break;
2276        default:
2277                goto err_format;
2278        }
2279
2280        fw->data = ctx->blob;
2281        fw->filename = name;
2282        fw->type = ctx->req_type;
2283
2284        return 0;
2285
2286err_format:
2287        snprintf(ctx->errors[ctx->req_type],
2288                 sizeof(ctx->errors[ctx->req_type]),
2289                 "Firmware file \"%s\" format error.\n", ctx->fwname);
2290        release_firmware(ctx->blob);
2291
2292        return -EPROTO;
2293}
2294
2295/* https://bcm-v4.sipsolutions.net/802.11/Init/Firmware */
2296static int b43_try_request_fw(struct b43_request_fw_context *ctx)
2297{
2298        struct b43_wldev *dev = ctx->dev;
2299        struct b43_firmware *fw = &ctx->dev->fw;
2300        struct b43_phy *phy = &dev->phy;
2301        const u8 rev = ctx->dev->dev->core_rev;
2302        const char *filename;
2303        int err;
2304
2305        /* Get microcode */
2306        filename = NULL;
2307        switch (rev) {
2308        case 42:
2309                if (phy->type == B43_PHYTYPE_AC)
2310                        filename = "ucode42";
2311                break;
2312        case 40:
2313                if (phy->type == B43_PHYTYPE_AC)
2314                        filename = "ucode40";
2315                break;
2316        case 33:
2317                if (phy->type == B43_PHYTYPE_LCN40)
2318                        filename = "ucode33_lcn40";
2319                break;
2320        case 30:
2321                if (phy->type == B43_PHYTYPE_N)
2322                        filename = "ucode30_mimo";
2323                break;
2324        case 29:
2325                if (phy->type == B43_PHYTYPE_HT)
2326                        filename = "ucode29_mimo";
2327                break;
2328        case 26:
2329                if (phy->type == B43_PHYTYPE_HT)
2330                        filename = "ucode26_mimo";
2331                break;
2332        case 28:
2333        case 25:
2334                if (phy->type == B43_PHYTYPE_N)
2335                        filename = "ucode25_mimo";
2336                else if (phy->type == B43_PHYTYPE_LCN)
2337                        filename = "ucode25_lcn";
2338                break;
2339        case 24:
2340                if (phy->type == B43_PHYTYPE_LCN)
2341                        filename = "ucode24_lcn";
2342                break;
2343        case 23:
2344                if (phy->type == B43_PHYTYPE_N)
2345                        filename = "ucode16_mimo";
2346                break;
2347        case 16 ... 19:
2348                if (phy->type == B43_PHYTYPE_N)
2349                        filename = "ucode16_mimo";
2350                else if (phy->type == B43_PHYTYPE_LP)
2351                        filename = "ucode16_lp";
2352                break;
2353        case 15:
2354                filename = "ucode15";
2355                break;
2356        case 14:
2357                filename = "ucode14";
2358                break;
2359        case 13:
2360                filename = "ucode13";
2361                break;
2362        case 11 ... 12:
2363                filename = "ucode11";
2364                break;
2365        case 5 ... 10:
2366                filename = "ucode5";
2367                break;
2368        }
2369        if (!filename)
2370                goto err_no_ucode;
2371        err = b43_do_request_fw(ctx, filename, &fw->ucode, true);
2372        if (err)
2373                goto err_load;
2374
2375        /* Get PCM code */
2376        if ((rev >= 5) && (rev <= 10))
2377                filename = "pcm5";
2378        else if (rev >= 11)
2379                filename = NULL;
2380        else
2381                goto err_no_pcm;
2382        fw->pcm_request_failed = false;
2383        err = b43_do_request_fw(ctx, filename, &fw->pcm, false);
2384        if (err == -ENOENT) {
2385                /* We did not find a PCM file? Not fatal, but
2386                 * core rev <= 10 must do without hwcrypto then. */
2387                fw->pcm_request_failed = true;
2388        } else if (err)
2389                goto err_load;
2390
2391        /* Get initvals */
2392        filename = NULL;
2393        switch (dev->phy.type) {
2394        case B43_PHYTYPE_G:
2395                if (rev == 13)
2396                        filename = "b0g0initvals13";
2397                else if (rev >= 5 && rev <= 10)
2398                        filename = "b0g0initvals5";
2399                break;
2400        case B43_PHYTYPE_N:
2401                if (rev == 30)
2402                        filename = "n16initvals30";
2403                else if (rev == 28 || rev == 25)
2404                        filename = "n0initvals25";
2405                else if (rev == 24)
2406                        filename = "n0initvals24";
2407                else if (rev == 23)
2408                        filename = "n0initvals16"; /* What about n0initvals22? */
2409                else if (rev >= 16 && rev <= 18)
2410                        filename = "n0initvals16";
2411                else if (rev >= 11 && rev <= 12)
2412                        filename = "n0initvals11";
2413                break;
2414        case B43_PHYTYPE_LP:
2415                if (rev >= 16 && rev <= 18)
2416                        filename = "lp0initvals16";
2417                else if (rev == 15)
2418                        filename = "lp0initvals15";
2419                else if (rev == 14)
2420                        filename = "lp0initvals14";
2421                else if (rev == 13)
2422                        filename = "lp0initvals13";
2423                break;
2424        case B43_PHYTYPE_HT:
2425                if (rev == 29)
2426                        filename = "ht0initvals29";
2427                else if (rev == 26)
2428                        filename = "ht0initvals26";
2429                break;
2430        case B43_PHYTYPE_LCN:
2431                if (rev == 24)
2432                        filename = "lcn0initvals24";
2433                break;
2434        case B43_PHYTYPE_LCN40:
2435                if (rev == 33)
2436                        filename = "lcn400initvals33";
2437                break;
2438        case B43_PHYTYPE_AC:
2439                if (rev == 42)
2440                        filename = "ac1initvals42";
2441                else if (rev == 40)
2442                        filename = "ac0initvals40";
2443                break;
2444        }
2445        if (!filename)
2446                goto err_no_initvals;
2447        err = b43_do_request_fw(ctx, filename, &fw->initvals, false);
2448        if (err)
2449                goto err_load;
2450
2451        /* Get bandswitch initvals */
2452        filename = NULL;
2453        switch (dev->phy.type) {
2454        case B43_PHYTYPE_G:
2455                if (rev == 13)
2456                        filename = "b0g0bsinitvals13";
2457                else if (rev >= 5 && rev <= 10)
2458                        filename = "b0g0bsinitvals5";
2459                break;
2460        case B43_PHYTYPE_N:
2461                if (rev == 30)
2462                        filename = "n16bsinitvals30";
2463                else if (rev == 28 || rev == 25)
2464                        filename = "n0bsinitvals25";
2465                else if (rev == 24)
2466                        filename = "n0bsinitvals24";
2467                else if (rev == 23)
2468                        filename = "n0bsinitvals16"; /* What about n0bsinitvals22? */
2469                else if (rev >= 16 && rev <= 18)
2470                        filename = "n0bsinitvals16";
2471                else if (rev >= 11 && rev <= 12)
2472                        filename = "n0bsinitvals11";
2473                break;
2474        case B43_PHYTYPE_LP:
2475                if (rev >= 16 && rev <= 18)
2476                        filename = "lp0bsinitvals16";
2477                else if (rev == 15)
2478                        filename = "lp0bsinitvals15";
2479                else if (rev == 14)
2480                        filename = "lp0bsinitvals14";
2481                else if (rev == 13)
2482                        filename = "lp0bsinitvals13";
2483                break;
2484        case B43_PHYTYPE_HT:
2485                if (rev == 29)
2486                        filename = "ht0bsinitvals29";
2487                else if (rev == 26)
2488                        filename = "ht0bsinitvals26";
2489                break;
2490        case B43_PHYTYPE_LCN:
2491                if (rev == 24)
2492                        filename = "lcn0bsinitvals24";
2493                break;
2494        case B43_PHYTYPE_LCN40:
2495                if (rev == 33)
2496                        filename = "lcn400bsinitvals33";
2497                break;
2498        case B43_PHYTYPE_AC:
2499                if (rev == 42)
2500                        filename = "ac1bsinitvals42";
2501                else if (rev == 40)
2502                        filename = "ac0bsinitvals40";
2503                break;
2504        }
2505        if (!filename)
2506                goto err_no_initvals;
2507        err = b43_do_request_fw(ctx, filename, &fw->initvals_band, false);
2508        if (err)
2509                goto err_load;
2510
2511        fw->opensource = (ctx->req_type == B43_FWTYPE_OPENSOURCE);
2512
2513        return 0;
2514
2515err_no_ucode:
2516        err = ctx->fatal_failure = -EOPNOTSUPP;
2517        b43err(dev->wl, "The driver does not know which firmware (ucode) "
2518               "is required for your device (wl-core rev %u)\n", rev);
2519        goto error;
2520
2521err_no_pcm:
2522        err = ctx->fatal_failure = -EOPNOTSUPP;
2523        b43err(dev->wl, "The driver does not know which firmware (PCM) "
2524               "is required for your device (wl-core rev %u)\n", rev);
2525        goto error;
2526
2527err_no_initvals:
2528        err = ctx->fatal_failure = -EOPNOTSUPP;
2529        b43err(dev->wl, "The driver does not know which firmware (initvals) "
2530               "is required for your device (wl-core rev %u)\n", rev);
2531        goto error;
2532
2533err_load:
2534        /* We failed to load this firmware image. The error message
2535         * already is in ctx->errors. Return and let our caller decide
2536         * what to do. */
2537        goto error;
2538
2539error:
2540        b43_release_firmware(dev);
2541        return err;
2542}
2543
2544static int b43_one_core_attach(struct b43_bus_dev *dev, struct b43_wl *wl);
2545static void b43_one_core_detach(struct b43_bus_dev *dev);
2546static int b43_rng_init(struct b43_wl *wl);
2547
2548static void b43_request_firmware(struct work_struct *work)
2549{
2550        struct b43_wl *wl = container_of(work,
2551                            struct b43_wl, firmware_load);
2552        struct b43_wldev *dev = wl->current_dev;
2553        struct b43_request_fw_context *ctx;
2554        unsigned int i;
2555        int err;
2556        const char *errmsg;
2557
2558        ctx = kzalloc(sizeof(*ctx), GFP_KERNEL);
2559        if (!ctx)
2560                return;
2561        ctx->dev = dev;
2562
2563        ctx->req_type = B43_FWTYPE_PROPRIETARY;
2564        err = b43_try_request_fw(ctx);
2565        if (!err)
2566                goto start_ieee80211; /* Successfully loaded it. */
2567        /* Was fw version known? */
2568        if (ctx->fatal_failure)
2569                goto out;
2570
2571        /* proprietary fw not found, try open source */
2572        ctx->req_type = B43_FWTYPE_OPENSOURCE;
2573        err = b43_try_request_fw(ctx);
2574        if (!err)
2575                goto start_ieee80211; /* Successfully loaded it. */
2576        if(ctx->fatal_failure)
2577                goto out;
2578
2579        /* Could not find a usable firmware. Print the errors. */
2580        for (i = 0; i < B43_NR_FWTYPES; i++) {
2581                errmsg = ctx->errors[i];
2582                if (strlen(errmsg))
2583                        b43err(dev->wl, "%s", errmsg);
2584        }
2585        b43_print_fw_helptext(dev->wl, 1);
2586        goto out;
2587
2588start_ieee80211:
2589        wl->hw->queues = B43_QOS_QUEUE_NUM;
2590        if (!modparam_qos || dev->fw.opensource)
2591                wl->hw->queues = 1;
2592
2593        err = ieee80211_register_hw(wl->hw);
2594        if (err)
2595                goto out;
2596        wl->hw_registered = true;
2597        b43_leds_register(wl->current_dev);
2598
2599        /* Register HW RNG driver */
2600        b43_rng_init(wl);
2601
2602out:
2603        kfree(ctx);
2604}
2605
2606static int b43_upload_microcode(struct b43_wldev *dev)
2607{
2608        struct wiphy *wiphy = dev->wl->hw->wiphy;
2609        const size_t hdr_len = sizeof(struct b43_fw_header);
2610        const __be32 *data;
2611        unsigned int i, len;
2612        u16 fwrev, fwpatch, fwdate, fwtime;
2613        u32 tmp, macctl;
2614        int err = 0;
2615
2616        /* Jump the microcode PSM to offset 0 */
2617        macctl = b43_read32(dev, B43_MMIO_MACCTL);
2618        B43_WARN_ON(macctl & B43_MACCTL_PSM_RUN);
2619        macctl |= B43_MACCTL_PSM_JMP0;
2620        b43_write32(dev, B43_MMIO_MACCTL, macctl);
2621        /* Zero out all microcode PSM registers and shared memory. */
2622        for (i = 0; i < 64; i++)
2623                b43_shm_write16(dev, B43_SHM_SCRATCH, i, 0);
2624        for (i = 0; i < 4096; i += 2)
2625                b43_shm_write16(dev, B43_SHM_SHARED, i, 0);
2626
2627        /* Upload Microcode. */
2628        data = (__be32 *) (dev->fw.ucode.data->data + hdr_len);
2629        len = (dev->fw.ucode.data->size - hdr_len) / sizeof(__be32);
2630        b43_shm_control_word(dev, B43_SHM_UCODE | B43_SHM_AUTOINC_W, 0x0000);
2631        for (i = 0; i < len; i++) {
2632                b43_write32(dev, B43_MMIO_SHM_DATA, be32_to_cpu(data[i]));
2633                udelay(10);
2634        }
2635
2636        if (dev->fw.pcm.data) {
2637                /* Upload PCM data. */
2638                data = (__be32 *) (dev->fw.pcm.data->data + hdr_len);
2639                len = (dev->fw.pcm.data->size - hdr_len) / sizeof(__be32);
2640                b43_shm_control_word(dev, B43_SHM_HW, 0x01EA);
2641                b43_write32(dev, B43_MMIO_SHM_DATA, 0x00004000);
2642                /* No need for autoinc bit in SHM_HW */
2643                b43_shm_control_word(dev, B43_SHM_HW, 0x01EB);
2644                for (i = 0; i < len; i++) {
2645                        b43_write32(dev, B43_MMIO_SHM_DATA, be32_to_cpu(data[i]));
2646                        udelay(10);
2647                }
2648        }
2649
2650        b43_write32(dev, B43_MMIO_GEN_IRQ_REASON, B43_IRQ_ALL);
2651
2652        /* Start the microcode PSM */
2653        b43_maskset32(dev, B43_MMIO_MACCTL, ~B43_MACCTL_PSM_JMP0,
2654                      B43_MACCTL_PSM_RUN);
2655
2656        /* Wait for the microcode to load and respond */
2657        i = 0;
2658        while (1) {
2659                tmp = b43_read32(dev, B43_MMIO_GEN_IRQ_REASON);
2660                if (tmp == B43_IRQ_MAC_SUSPENDED)
2661                        break;
2662                i++;
2663                if (i >= 20) {
2664                        b43err(dev->wl, "Microcode not responding\n");
2665                        b43_print_fw_helptext(dev->wl, 1);
2666                        err = -ENODEV;
2667                        goto error;
2668                }
2669                msleep(50);
2670        }
2671        b43_read32(dev, B43_MMIO_GEN_IRQ_REASON);       /* dummy read */
2672
2673        /* Get and check the revisions. */
2674        fwrev = b43_shm_read16(dev, B43_SHM_SHARED, B43_SHM_SH_UCODEREV);
2675        fwpatch = b43_shm_read16(dev, B43_SHM_SHARED, B43_SHM_SH_UCODEPATCH);
2676        fwdate = b43_shm_read16(dev, B43_SHM_SHARED, B43_SHM_SH_UCODEDATE);
2677        fwtime = b43_shm_read16(dev, B43_SHM_SHARED, B43_SHM_SH_UCODETIME);
2678
2679        if (fwrev <= 0x128) {
2680                b43err(dev->wl, "YOUR FIRMWARE IS TOO OLD. Firmware from "
2681                       "binary drivers older than version 4.x is unsupported. "
2682                       "You must upgrade your firmware files.\n");
2683                b43_print_fw_helptext(dev->wl, 1);
2684                err = -EOPNOTSUPP;
2685                goto error;
2686        }
2687        dev->fw.rev = fwrev;
2688        dev->fw.patch = fwpatch;
2689        if (dev->fw.rev >= 598)
2690                dev->fw.hdr_format = B43_FW_HDR_598;
2691        else if (dev->fw.rev >= 410)
2692                dev->fw.hdr_format = B43_FW_HDR_410;
2693        else
2694                dev->fw.hdr_format = B43_FW_HDR_351;
2695        WARN_ON(dev->fw.opensource != (fwdate == 0xFFFF));
2696
2697        dev->qos_enabled = dev->wl->hw->queues > 1;
2698        /* Default to firmware/hardware crypto acceleration. */
2699        dev->hwcrypto_enabled = true;
2700
2701        if (dev->fw.opensource) {
2702                u16 fwcapa;
2703
2704                /* Patchlevel info is encoded in the "time" field. */
2705                dev->fw.patch = fwtime;
2706                b43info(dev->wl, "Loading OpenSource firmware version %u.%u\n",
2707                        dev->fw.rev, dev->fw.patch);
2708
2709                fwcapa = b43_fwcapa_read(dev);
2710                if (!(fwcapa & B43_FWCAPA_HWCRYPTO) || dev->fw.pcm_request_failed) {
2711                        b43info(dev->wl, "Hardware crypto acceleration not supported by firmware\n");
2712                        /* Disable hardware crypto and fall back to software crypto. */
2713                        dev->hwcrypto_enabled = false;
2714                }
2715                /* adding QoS support should use an offline discovery mechanism */
2716                WARN(fwcapa & B43_FWCAPA_QOS, "QoS in OpenFW not supported\n");
2717        } else {
2718                b43info(dev->wl, "Loading firmware version %u.%u "
2719                        "(20%.2i-%.2i-%.2i %.2i:%.2i:%.2i)\n",
2720                        fwrev, fwpatch,
2721                        (fwdate >> 12) & 0xF, (fwdate >> 8) & 0xF, fwdate & 0xFF,
2722                        (fwtime >> 11) & 0x1F, (fwtime >> 5) & 0x3F, fwtime & 0x1F);
2723                if (dev->fw.pcm_request_failed) {
2724                        b43warn(dev->wl, "No \"pcm5.fw\" firmware file found. "
2725                                "Hardware accelerated cryptography is disabled.\n");
2726                        b43_print_fw_helptext(dev->wl, 0);
2727                }
2728        }
2729
2730        snprintf(wiphy->fw_version, sizeof(wiphy->fw_version), "%u.%u",
2731                        dev->fw.rev, dev->fw.patch);
2732        wiphy->hw_version = dev->dev->core_id;
2733
2734        if (dev->fw.hdr_format == B43_FW_HDR_351) {
2735                /* We're over the deadline, but we keep support for old fw
2736                 * until it turns out to be in major conflict with something new. */
2737                b43warn(dev->wl, "You are using an old firmware image. "
2738                        "Support for old firmware will be removed soon "
2739                        "(official deadline was July 2008).\n");
2740                b43_print_fw_helptext(dev->wl, 0);
2741        }
2742
2743        return 0;
2744
2745error:
2746        /* Stop the microcode PSM. */
2747        b43_maskset32(dev, B43_MMIO_MACCTL, ~B43_MACCTL_PSM_RUN,
2748                      B43_MACCTL_PSM_JMP0);
2749
2750        return err;
2751}
2752
2753static int b43_write_initvals(struct b43_wldev *dev,
2754                              const struct b43_iv *ivals,
2755                              size_t count,
2756                              size_t array_size)
2757{
2758        const struct b43_iv *iv;
2759        u16 offset;
2760        size_t i;
2761        bool bit32;
2762
2763        BUILD_BUG_ON(sizeof(struct b43_iv) != 6);
2764        iv = ivals;
2765        for (i = 0; i < count; i++) {
2766                if (array_size < sizeof(iv->offset_size))
2767                        goto err_format;
2768                array_size -= sizeof(iv->offset_size);
2769                offset = be16_to_cpu(iv->offset_size);
2770                bit32 = !!(offset & B43_IV_32BIT);
2771                offset &= B43_IV_OFFSET_MASK;
2772                if (offset >= 0x1000)
2773                        goto err_format;
2774                if (bit32) {
2775                        u32 value;
2776
2777                        if (array_size < sizeof(iv->data.d32))
2778                                goto err_format;
2779                        array_size -= sizeof(iv->data.d32);
2780
2781                        value = get_unaligned_be32(&iv->data.d32);
2782                        b43_write32(dev, offset, value);
2783
2784                        iv = (const struct b43_iv *)((const uint8_t *)iv +
2785                                                        sizeof(__be16) +
2786                                                        sizeof(__be32));
2787                } else {
2788                        u16 value;
2789
2790                        if (array_size < sizeof(iv->data.d16))
2791                                goto err_format;
2792                        array_size -= sizeof(iv->data.d16);
2793
2794                        value = be16_to_cpu(iv->data.d16);
2795                        b43_write16(dev, offset, value);
2796
2797                        iv = (const struct b43_iv *)((const uint8_t *)iv +
2798                                                        sizeof(__be16) +
2799                                                        sizeof(__be16));
2800                }
2801        }
2802        if (array_size)
2803                goto err_format;
2804
2805        return 0;
2806
2807err_format:
2808        b43err(dev->wl, "Initial Values Firmware file-format error.\n");
2809        b43_print_fw_helptext(dev->wl, 1);
2810
2811        return -EPROTO;
2812}
2813
2814static int b43_upload_initvals(struct b43_wldev *dev)
2815{
2816        const size_t hdr_len = sizeof(struct b43_fw_header);
2817        const struct b43_fw_header *hdr;
2818        struct b43_firmware *fw = &dev->fw;
2819        const struct b43_iv *ivals;
2820        size_t count;
2821
2822        hdr = (const struct b43_fw_header *)(fw->initvals.data->data);
2823        ivals = (const struct b43_iv *)(fw->initvals.data->data + hdr_len);
2824        count = be32_to_cpu(hdr->size);
2825        return b43_write_initvals(dev, ivals, count,
2826                                 fw->initvals.data->size - hdr_len);
2827}
2828
2829static int b43_upload_initvals_band(struct b43_wldev *dev)
2830{
2831        const size_t hdr_len = sizeof(struct b43_fw_header);
2832        const struct b43_fw_header *hdr;
2833        struct b43_firmware *fw = &dev->fw;
2834        const struct b43_iv *ivals;
2835        size_t count;
2836
2837        if (!fw->initvals_band.data)
2838                return 0;
2839
2840        hdr = (const struct b43_fw_header *)(fw->initvals_band.data->data);
2841        ivals = (const struct b43_iv *)(fw->initvals_band.data->data + hdr_len);
2842        count = be32_to_cpu(hdr->size);
2843        return b43_write_initvals(dev, ivals, count,
2844                                  fw->initvals_band.data->size - hdr_len);
2845}
2846
2847/* Initialize the GPIOs
2848 * https://bcm-specs.sipsolutions.net/GPIO
2849 */
2850
2851#ifdef CONFIG_B43_SSB
2852static struct ssb_device *b43_ssb_gpio_dev(struct b43_wldev *dev)
2853{
2854        struct ssb_bus *bus = dev->dev->sdev->bus;
2855
2856#ifdef CONFIG_SSB_DRIVER_PCICORE
2857        return (bus->chipco.dev ? bus->chipco.dev : bus->pcicore.dev);
2858#else
2859        return bus->chipco.dev;
2860#endif
2861}
2862#endif
2863
2864static int b43_gpio_init(struct b43_wldev *dev)
2865{
2866#ifdef CONFIG_B43_SSB
2867        struct ssb_device *gpiodev;
2868#endif
2869        u32 mask, set;
2870
2871        b43_maskset32(dev, B43_MMIO_MACCTL, ~B43_MACCTL_GPOUTSMSK, 0);
2872        b43_maskset16(dev, B43_MMIO_GPIO_MASK, ~0, 0xF);
2873
2874        mask = 0x0000001F;
2875        set = 0x0000000F;
2876        if (dev->dev->chip_id == 0x4301) {
2877                mask |= 0x0060;
2878                set |= 0x0060;
2879        } else if (dev->dev->chip_id == 0x5354) {
2880                /* Don't allow overtaking buttons GPIOs */
2881                set &= 0x2; /* 0x2 is LED GPIO on BCM5354 */
2882        }
2883
2884        if (0 /* FIXME: conditional unknown */ ) {
2885                b43_write16(dev, B43_MMIO_GPIO_MASK,
2886                            b43_read16(dev, B43_MMIO_GPIO_MASK)
2887                            | 0x0100);
2888                /* BT Coexistance Input */
2889                mask |= 0x0080;
2890                set |= 0x0080;
2891                /* BT Coexistance Out */
2892                mask |= 0x0100;
2893                set |= 0x0100;
2894        }
2895        if (dev->dev->bus_sprom->boardflags_lo & B43_BFL_PACTRL) {
2896                /* PA is controlled by gpio 9, let ucode handle it */
2897                b43_write16(dev, B43_MMIO_GPIO_MASK,
2898                            b43_read16(dev, B43_MMIO_GPIO_MASK)
2899                            | 0x0200);
2900                mask |= 0x0200;
2901                set |= 0x0200;
2902        }
2903
2904        switch (dev->dev->bus_type) {
2905#ifdef CONFIG_B43_BCMA
2906        case B43_BUS_BCMA:
2907                bcma_chipco_gpio_control(&dev->dev->bdev->bus->drv_cc, mask, set);
2908                break;
2909#endif
2910#ifdef CONFIG_B43_SSB
2911        case B43_BUS_SSB:
2912                gpiodev = b43_ssb_gpio_dev(dev);
2913                if (gpiodev)
2914                        ssb_write32(gpiodev, B43_GPIO_CONTROL,
2915                                    (ssb_read32(gpiodev, B43_GPIO_CONTROL)
2916                                    & ~mask) | set);
2917                break;
2918#endif
2919        }
2920
2921        return 0;
2922}
2923
2924/* Turn off all GPIO stuff. Call this on module unload, for example. */
2925static void b43_gpio_cleanup(struct b43_wldev *dev)
2926{
2927#ifdef CONFIG_B43_SSB
2928        struct ssb_device *gpiodev;
2929#endif
2930
2931        switch (dev->dev->bus_type) {
2932#ifdef CONFIG_B43_BCMA
2933        case B43_BUS_BCMA:
2934                bcma_chipco_gpio_control(&dev->dev->bdev->bus->drv_cc, ~0, 0);
2935                break;
2936#endif
2937#ifdef CONFIG_B43_SSB
2938        case B43_BUS_SSB:
2939                gpiodev = b43_ssb_gpio_dev(dev);
2940                if (gpiodev)
2941                        ssb_write32(gpiodev, B43_GPIO_CONTROL, 0);
2942                break;
2943#endif
2944        }
2945}
2946
2947/* http://bcm-specs.sipsolutions.net/EnableMac */
2948void b43_mac_enable(struct b43_wldev *dev)
2949{
2950        if (b43_debug(dev, B43_DBG_FIRMWARE)) {
2951                u16 fwstate;
2952
2953                fwstate = b43_shm_read16(dev, B43_SHM_SHARED,
2954                                         B43_SHM_SH_UCODESTAT);
2955                if ((fwstate != B43_SHM_SH_UCODESTAT_SUSP) &&
2956                    (fwstate != B43_SHM_SH_UCODESTAT_SLEEP)) {
2957                        b43err(dev->wl, "b43_mac_enable(): The firmware "
2958                               "should be suspended, but current state is %u\n",
2959                               fwstate);
2960                }
2961        }
2962
2963        dev->mac_suspended--;
2964        B43_WARN_ON(dev->mac_suspended < 0);
2965        if (dev->mac_suspended == 0) {
2966                b43_maskset32(dev, B43_MMIO_MACCTL, ~0, B43_MACCTL_ENABLED);
2967                b43_write32(dev, B43_MMIO_GEN_IRQ_REASON,
2968                            B43_IRQ_MAC_SUSPENDED);
2969                /* Commit writes */
2970                b43_read32(dev, B43_MMIO_MACCTL);
2971                b43_read32(dev, B43_MMIO_GEN_IRQ_REASON);
2972                b43_power_saving_ctl_bits(dev, 0);
2973        }
2974}
2975
2976/* https://bcm-specs.sipsolutions.net/SuspendMAC */
2977void b43_mac_suspend(struct b43_wldev *dev)
2978{
2979        int i;
2980        u32 tmp;
2981
2982        might_sleep();
2983        B43_WARN_ON(dev->mac_suspended < 0);
2984
2985        if (dev->mac_suspended == 0) {
2986                b43_power_saving_ctl_bits(dev, B43_PS_AWAKE);
2987                b43_maskset32(dev, B43_MMIO_MACCTL, ~B43_MACCTL_ENABLED, 0);
2988                /* force pci to flush the write */
2989                b43_read32(dev, B43_MMIO_MACCTL);
2990                for (i = 35; i; i--) {
2991                        tmp = b43_read32(dev, B43_MMIO_GEN_IRQ_REASON);
2992                        if (tmp & B43_IRQ_MAC_SUSPENDED)
2993                                goto out;
2994                        udelay(10);
2995                }
2996                /* Hm, it seems this will take some time. Use msleep(). */
2997                for (i = 40; i; i--) {
2998                        tmp = b43_read32(dev, B43_MMIO_GEN_IRQ_REASON);
2999                        if (tmp & B43_IRQ_MAC_SUSPENDED)
3000                                goto out;
3001                        msleep(1);
3002                }
3003                b43err(dev->wl, "MAC suspend failed\n");
3004        }
3005out:
3006        dev->mac_suspended++;
3007}
3008
3009/* https://bcm-v4.sipsolutions.net/802.11/PHY/N/MacPhyClkSet */
3010void b43_mac_phy_clock_set(struct b43_wldev *dev, bool on)
3011{
3012        u32 tmp;
3013
3014        switch (dev->dev->bus_type) {
3015#ifdef CONFIG_B43_BCMA
3016        case B43_BUS_BCMA:
3017                tmp = bcma_aread32(dev->dev->bdev, BCMA_IOCTL);
3018                if (on)
3019                        tmp |= B43_BCMA_IOCTL_MACPHYCLKEN;
3020                else
3021                        tmp &= ~B43_BCMA_IOCTL_MACPHYCLKEN;
3022                bcma_awrite32(dev->dev->bdev, BCMA_IOCTL, tmp);
3023                break;
3024#endif
3025#ifdef CONFIG_B43_SSB
3026        case B43_BUS_SSB:
3027                tmp = ssb_read32(dev->dev->sdev, SSB_TMSLOW);
3028                if (on)
3029                        tmp |= B43_TMSLOW_MACPHYCLKEN;
3030                else
3031                        tmp &= ~B43_TMSLOW_MACPHYCLKEN;
3032                ssb_write32(dev->dev->sdev, SSB_TMSLOW, tmp);
3033                break;
3034#endif
3035        }
3036}
3037
3038/* brcms_b_switch_macfreq */
3039void b43_mac_switch_freq(struct b43_wldev *dev, u8 spurmode)
3040{
3041        u16 chip_id = dev->dev->chip_id;
3042
3043        if (chip_id == BCMA_CHIP_ID_BCM4331) {
3044                switch (spurmode) {
3045                case 2: /* 168 Mhz: 2^26/168 = 0x61862 */
3046                        b43_write16(dev, B43_MMIO_TSF_CLK_FRAC_LOW, 0x1862);
3047                        b43_write16(dev, B43_MMIO_TSF_CLK_FRAC_HIGH, 0x6);
3048                        break;
3049                case 1: /* 164 Mhz: 2^26/164 = 0x63e70 */
3050                        b43_write16(dev, B43_MMIO_TSF_CLK_FRAC_LOW, 0x3e70);
3051                        b43_write16(dev, B43_MMIO_TSF_CLK_FRAC_HIGH, 0x6);
3052                        break;
3053                default: /* 160 Mhz: 2^26/160 = 0x66666 */
3054                        b43_write16(dev, B43_MMIO_TSF_CLK_FRAC_LOW, 0x6666);
3055                        b43_write16(dev, B43_MMIO_TSF_CLK_FRAC_HIGH, 0x6);
3056                        break;
3057                }
3058        } else if (chip_id == BCMA_CHIP_ID_BCM43131 ||
3059            chip_id == BCMA_CHIP_ID_BCM43217 ||
3060            chip_id == BCMA_CHIP_ID_BCM43222 ||
3061            chip_id == BCMA_CHIP_ID_BCM43224 ||
3062            chip_id == BCMA_CHIP_ID_BCM43225 ||
3063            chip_id == BCMA_CHIP_ID_BCM43227 ||
3064            chip_id == BCMA_CHIP_ID_BCM43228) {
3065                switch (spurmode) {
3066                case 2: /* 126 Mhz */
3067                        b43_write16(dev, B43_MMIO_TSF_CLK_FRAC_LOW, 0x2082);
3068                        b43_write16(dev, B43_MMIO_TSF_CLK_FRAC_HIGH, 0x8);
3069                        break;
3070                case 1: /* 123 Mhz */
3071                        b43_write16(dev, B43_MMIO_TSF_CLK_FRAC_LOW, 0x5341);
3072                        b43_write16(dev, B43_MMIO_TSF_CLK_FRAC_HIGH, 0x8);
3073                        break;
3074                default: /* 120 Mhz */
3075                        b43_write16(dev, B43_MMIO_TSF_CLK_FRAC_LOW, 0x8889);
3076                        b43_write16(dev, B43_MMIO_TSF_CLK_FRAC_HIGH, 0x8);
3077                        break;
3078                }
3079        } else if (dev->phy.type == B43_PHYTYPE_LCN) {
3080                switch (spurmode) {
3081                case 1: /* 82 Mhz */
3082                        b43_write16(dev, B43_MMIO_TSF_CLK_FRAC_LOW, 0x7CE0);
3083                        b43_write16(dev, B43_MMIO_TSF_CLK_FRAC_HIGH, 0xC);
3084                        break;
3085                default: /* 80 Mhz */
3086                        b43_write16(dev, B43_MMIO_TSF_CLK_FRAC_LOW, 0xCCCD);
3087                        b43_write16(dev, B43_MMIO_TSF_CLK_FRAC_HIGH, 0xC);
3088                        break;
3089                }
3090        }
3091}
3092
3093static void b43_adjust_opmode(struct b43_wldev *dev)
3094{
3095        struct b43_wl *wl = dev->wl;
3096        u32 ctl;
3097        u16 cfp_pretbtt;
3098
3099        ctl = b43_read32(dev, B43_MMIO_MACCTL);
3100        /* Reset status to STA infrastructure mode. */
3101        ctl &= ~B43_MACCTL_AP;
3102        ctl &= ~B43_MACCTL_KEEP_CTL;
3103        ctl &= ~B43_MACCTL_KEEP_BADPLCP;
3104        ctl &= ~B43_MACCTL_KEEP_BAD;
3105        ctl &= ~B43_MACCTL_PROMISC;
3106        ctl &= ~B43_MACCTL_BEACPROMISC;
3107        ctl |= B43_MACCTL_INFRA;
3108
3109        if (b43_is_mode(wl, NL80211_IFTYPE_AP) ||
3110            b43_is_mode(wl, NL80211_IFTYPE_MESH_POINT))
3111                ctl |= B43_MACCTL_AP;
3112        else if (b43_is_mode(wl, NL80211_IFTYPE_ADHOC))
3113                ctl &= ~B43_MACCTL_INFRA;
3114
3115        if (wl->filter_flags & FIF_CONTROL)
3116                ctl |= B43_MACCTL_KEEP_CTL;
3117        if (wl->filter_flags & FIF_FCSFAIL)
3118                ctl |= B43_MACCTL_KEEP_BAD;
3119        if (wl->filter_flags & FIF_PLCPFAIL)
3120                ctl |= B43_MACCTL_KEEP_BADPLCP;
3121        if (wl->filter_flags & FIF_BCN_PRBRESP_PROMISC)
3122                ctl |= B43_MACCTL_BEACPROMISC;
3123
3124        /* Workaround: On old hardware the HW-MAC-address-filter
3125         * doesn't work properly, so always run promisc in filter
3126         * it in software. */
3127        if (dev->dev->core_rev <= 4)
3128                ctl |= B43_MACCTL_PROMISC;
3129
3130        b43_write32(dev, B43_MMIO_MACCTL, ctl);
3131
3132        cfp_pretbtt = 2;
3133        if ((ctl & B43_MACCTL_INFRA) && !(ctl & B43_MACCTL_AP)) {
3134                if (dev->dev->chip_id == 0x4306 &&
3135                    dev->dev->chip_rev == 3)
3136                        cfp_pretbtt = 100;
3137                else
3138                        cfp_pretbtt = 50;
3139        }
3140        b43_write16(dev, 0x612, cfp_pretbtt);
3141
3142        /* FIXME: We don't currently implement the PMQ mechanism,
3143         *        so always disable it. If we want to implement PMQ,
3144         *        we need to enable it here (clear DISCPMQ) in AP mode.
3145         */
3146        if (0  /* ctl & B43_MACCTL_AP */)
3147                b43_maskset32(dev, B43_MMIO_MACCTL, ~B43_MACCTL_DISCPMQ, 0);
3148        else
3149                b43_maskset32(dev, B43_MMIO_MACCTL, ~0, B43_MACCTL_DISCPMQ);
3150}
3151
3152static void b43_rate_memory_write(struct b43_wldev *dev, u16 rate, int is_ofdm)
3153{
3154        u16 offset;
3155
3156        if (is_ofdm) {
3157                offset = 0x480;
3158                offset += (b43_plcp_get_ratecode_ofdm(rate) & 0x000F) * 2;
3159        } else {
3160                offset = 0x4C0;
3161                offset += (b43_plcp_get_ratecode_cck(rate) & 0x000F) * 2;
3162        }
3163        b43_shm_write16(dev, B43_SHM_SHARED, offset + 0x20,
3164                        b43_shm_read16(dev, B43_SHM_SHARED, offset));
3165}
3166
3167static void b43_rate_memory_init(struct b43_wldev *dev)
3168{
3169        switch (dev->phy.type) {
3170        case B43_PHYTYPE_G:
3171        case B43_PHYTYPE_N:
3172        case B43_PHYTYPE_LP:
3173        case B43_PHYTYPE_HT:
3174        case B43_PHYTYPE_LCN:
3175                b43_rate_memory_write(dev, B43_OFDM_RATE_6MB, 1);
3176                b43_rate_memory_write(dev, B43_OFDM_RATE_9MB, 1);
3177                b43_rate_memory_write(dev, B43_OFDM_RATE_12MB, 1);
3178                b43_rate_memory_write(dev, B43_OFDM_RATE_18MB, 1);
3179                b43_rate_memory_write(dev, B43_OFDM_RATE_24MB, 1);
3180                b43_rate_memory_write(dev, B43_OFDM_RATE_36MB, 1);
3181                b43_rate_memory_write(dev, B43_OFDM_RATE_48MB, 1);
3182                b43_rate_memory_write(dev, B43_OFDM_RATE_54MB, 1);
3183                fallthrough;
3184        case B43_PHYTYPE_B:
3185                b43_rate_memory_write(dev, B43_CCK_RATE_1MB, 0);
3186                b43_rate_memory_write(dev, B43_CCK_RATE_2MB, 0);
3187                b43_rate_memory_write(dev, B43_CCK_RATE_5MB, 0);
3188                b43_rate_memory_write(dev, B43_CCK_RATE_11MB, 0);
3189                break;
3190        default:
3191                B43_WARN_ON(1);
3192        }
3193}
3194
3195/* Set the default values for the PHY TX Control Words. */
3196static void b43_set_phytxctl_defaults(struct b43_wldev *dev)
3197{
3198        u16 ctl = 0;
3199
3200        ctl |= B43_TXH_PHY_ENC_CCK;
3201        ctl |= B43_TXH_PHY_ANT01AUTO;
3202        ctl |= B43_TXH_PHY_TXPWR;
3203
3204        b43_shm_write16(dev, B43_SHM_SHARED, B43_SHM_SH_BEACPHYCTL, ctl);
3205        b43_shm_write16(dev, B43_SHM_SHARED, B43_SHM_SH_ACKCTSPHYCTL, ctl);
3206        b43_shm_write16(dev, B43_SHM_SHARED, B43_SHM_SH_PRPHYCTL, ctl);
3207}
3208
3209/* Set the TX-Antenna for management frames sent by firmware. */
3210static void b43_mgmtframe_txantenna(struct b43_wldev *dev, int antenna)
3211{
3212        u16 ant;
3213        u16 tmp;
3214
3215        ant = b43_antenna_to_phyctl(antenna);
3216
3217        /* For ACK/CTS */
3218        tmp = b43_shm_read16(dev, B43_SHM_SHARED, B43_SHM_SH_ACKCTSPHYCTL);
3219        tmp = (tmp & ~B43_TXH_PHY_ANT) | ant;
3220        b43_shm_write16(dev, B43_SHM_SHARED, B43_SHM_SH_ACKCTSPHYCTL, tmp);
3221        /* For Probe Resposes */
3222        tmp = b43_shm_read16(dev, B43_SHM_SHARED, B43_SHM_SH_PRPHYCTL);
3223        tmp = (tmp & ~B43_TXH_PHY_ANT) | ant;
3224        b43_shm_write16(dev, B43_SHM_SHARED, B43_SHM_SH_PRPHYCTL, tmp);
3225}
3226
3227/* This is the opposite of b43_chip_init() */
3228static void b43_chip_exit(struct b43_wldev *dev)
3229{
3230        b43_phy_exit(dev);
3231        b43_gpio_cleanup(dev);
3232        /* firmware is released later */
3233}
3234
3235/* Initialize the chip
3236 * https://bcm-specs.sipsolutions.net/ChipInit
3237 */
3238static int b43_chip_init(struct b43_wldev *dev)
3239{
3240        struct b43_phy *phy = &dev->phy;
3241        int err;
3242        u32 macctl;
3243        u16 value16;
3244
3245        /* Initialize the MAC control */
3246        macctl = B43_MACCTL_IHR_ENABLED | B43_MACCTL_SHM_ENABLED;
3247        if (dev->phy.gmode)
3248                macctl |= B43_MACCTL_GMODE;
3249        macctl |= B43_MACCTL_INFRA;
3250        b43_write32(dev, B43_MMIO_MACCTL, macctl);
3251
3252        err = b43_upload_microcode(dev);
3253        if (err)
3254                goto out;       /* firmware is released later */
3255
3256        err = b43_gpio_init(dev);
3257        if (err)
3258                goto out;       /* firmware is released later */
3259
3260        err = b43_upload_initvals(dev);
3261        if (err)
3262                goto err_gpio_clean;
3263
3264        err = b43_upload_initvals_band(dev);
3265        if (err)
3266                goto err_gpio_clean;
3267
3268        /* Turn the Analog on and initialize the PHY. */
3269        phy->ops->switch_analog(dev, 1);
3270        err = b43_phy_init(dev);
3271        if (err)
3272                goto err_gpio_clean;
3273
3274        /* Disable Interference Mitigation. */
3275        if (phy->ops->interf_mitigation)
3276                phy->ops->interf_mitigation(dev, B43_INTERFMODE_NONE);
3277
3278        /* Select the antennae */
3279        if (phy->ops->set_rx_antenna)
3280                phy->ops->set_rx_antenna(dev, B43_ANTENNA_DEFAULT);
3281        b43_mgmtframe_txantenna(dev, B43_ANTENNA_DEFAULT);
3282
3283        if (phy->type == B43_PHYTYPE_B) {
3284                value16 = b43_read16(dev, 0x005E);
3285                value16 |= 0x0004;
3286                b43_write16(dev, 0x005E, value16);
3287        }
3288        b43_write32(dev, 0x0100, 0x01000000);
3289        if (dev->dev->core_rev < 5)
3290                b43_write32(dev, 0x010C, 0x01000000);
3291
3292        b43_maskset32(dev, B43_MMIO_MACCTL, ~B43_MACCTL_INFRA, 0);
3293        b43_maskset32(dev, B43_MMIO_MACCTL, ~0, B43_MACCTL_INFRA);
3294
3295        /* Probe Response Timeout value */
3296        /* FIXME: Default to 0, has to be set by ioctl probably... :-/ */
3297        b43_shm_write16(dev, B43_SHM_SHARED, B43_SHM_SH_PRMAXTIME, 0);
3298
3299        /* Initially set the wireless operation mode. */
3300        b43_adjust_opmode(dev);
3301
3302        if (dev->dev->core_rev < 3) {
3303                b43_write16(dev, 0x060E, 0x0000);
3304                b43_write16(dev, 0x0610, 0x8000);
3305                b43_write16(dev, 0x0604, 0x0000);
3306                b43_write16(dev, 0x0606, 0x0200);
3307        } else {
3308                b43_write32(dev, 0x0188, 0x80000000);
3309                b43_write32(dev, 0x018C, 0x02000000);
3310        }
3311        b43_write32(dev, B43_MMIO_GEN_IRQ_REASON, 0x00004000);
3312        b43_write32(dev, B43_MMIO_DMA0_IRQ_MASK, 0x0001FC00);
3313        b43_write32(dev, B43_MMIO_DMA1_IRQ_MASK, 0x0000DC00);
3314        b43_write32(dev, B43_MMIO_DMA2_IRQ_MASK, 0x0000DC00);
3315        b43_write32(dev, B43_MMIO_DMA3_IRQ_MASK, 0x0001DC00);
3316        b43_write32(dev, B43_MMIO_DMA4_IRQ_MASK, 0x0000DC00);
3317        b43_write32(dev, B43_MMIO_DMA5_IRQ_MASK, 0x0000DC00);
3318
3319        b43_mac_phy_clock_set(dev, true);
3320
3321        switch (dev->dev->bus_type) {
3322#ifdef CONFIG_B43_BCMA
3323        case B43_BUS_BCMA:
3324                /* FIXME: 0xE74 is quite common, but should be read from CC */
3325                b43_write16(dev, B43_MMIO_POWERUP_DELAY, 0xE74);
3326                break;
3327#endif
3328#ifdef CONFIG_B43_SSB
3329        case B43_BUS_SSB:
3330                b43_write16(dev, B43_MMIO_POWERUP_DELAY,
3331                            dev->dev->sdev->bus->chipco.fast_pwrup_delay);
3332                break;
3333#endif
3334        }
3335
3336        err = 0;
3337        b43dbg(dev->wl, "Chip initialized\n");
3338out:
3339        return err;
3340
3341err_gpio_clean:
3342        b43_gpio_cleanup(dev);
3343        return err;
3344}
3345
3346static void b43_periodic_every60sec(struct b43_wldev *dev)
3347{
3348        const struct b43_phy_operations *ops = dev->phy.ops;
3349
3350        if (ops->pwork_60sec)
3351                ops->pwork_60sec(dev);
3352
3353        /* Force check the TX power emission now. */
3354        b43_phy_txpower_check(dev, B43_TXPWR_IGNORE_TIME);
3355}
3356
3357static void b43_periodic_every30sec(struct b43_wldev *dev)
3358{
3359        /* Update device statistics. */
3360        b43_calculate_link_quality(dev);
3361}
3362
3363static void b43_periodic_every15sec(struct b43_wldev *dev)
3364{
3365        struct b43_phy *phy = &dev->phy;
3366        u16 wdr;
3367
3368        if (dev->fw.opensource) {
3369                /* Check if the firmware is still alive.
3370                 * It will reset the watchdog counter to 0 in its idle loop. */
3371                wdr = b43_shm_read16(dev, B43_SHM_SCRATCH, B43_WATCHDOG_REG);
3372                if (unlikely(wdr)) {
3373                        b43err(dev->wl, "Firmware watchdog: The firmware died!\n");
3374                        b43_controller_restart(dev, "Firmware watchdog");
3375                        return;
3376                } else {
3377                        b43_shm_write16(dev, B43_SHM_SCRATCH,
3378                                        B43_WATCHDOG_REG, 1);
3379                }
3380        }
3381
3382        if (phy->ops->pwork_15sec)
3383                phy->ops->pwork_15sec(dev);
3384
3385        atomic_set(&phy->txerr_cnt, B43_PHY_TX_BADNESS_LIMIT);
3386        wmb();
3387
3388#if B43_DEBUG
3389        if (b43_debug(dev, B43_DBG_VERBOSESTATS)) {
3390                unsigned int i;
3391
3392                b43dbg(dev->wl, "Stats: %7u IRQs/sec, %7u TX/sec, %7u RX/sec\n",
3393                       dev->irq_count / 15,
3394                       dev->tx_count / 15,
3395                       dev->rx_count / 15);
3396                dev->irq_count = 0;
3397                dev->tx_count = 0;
3398                dev->rx_count = 0;
3399                for (i = 0; i < ARRAY_SIZE(dev->irq_bit_count); i++) {
3400                        if (dev->irq_bit_count[i]) {
3401                                b43dbg(dev->wl, "Stats: %7u IRQ-%02u/sec (0x%08X)\n",
3402                                       dev->irq_bit_count[i] / 15, i, (1 << i));
3403                                dev->irq_bit_count[i] = 0;
3404                        }
3405                }
3406        }
3407#endif
3408}
3409
3410static void do_periodic_work(struct b43_wldev *dev)
3411{
3412        unsigned int state;
3413
3414        state = dev->periodic_state;
3415        if (state % 4 == 0)
3416                b43_periodic_every60sec(dev);
3417        if (state % 2 == 0)
3418                b43_periodic_every30sec(dev);
3419        b43_periodic_every15sec(dev);
3420}
3421
3422/* Periodic work locking policy:
3423 *      The whole periodic work handler is protected by
3424 *      wl->mutex. If another lock is needed somewhere in the
3425 *      pwork callchain, it's acquired in-place, where it's needed.
3426 */
3427static void b43_periodic_work_handler(struct work_struct *work)
3428{
3429        struct b43_wldev *dev = container_of(work, struct b43_wldev,
3430                                             periodic_work.work);
3431        struct b43_wl *wl = dev->wl;
3432        unsigned long delay;
3433
3434        mutex_lock(&wl->mutex);
3435
3436        if (unlikely(b43_status(dev) != B43_STAT_STARTED))
3437                goto out;
3438        if (b43_debug(dev, B43_DBG_PWORK_STOP))
3439                goto out_requeue;
3440
3441        do_periodic_work(dev);
3442
3443        dev->periodic_state++;
3444out_requeue:
3445        if (b43_debug(dev, B43_DBG_PWORK_FAST))
3446                delay = msecs_to_jiffies(50);
3447        else
3448                delay = round_jiffies_relative(HZ * 15);
3449        ieee80211_queue_delayed_work(wl->hw, &dev->periodic_work, delay);
3450out:
3451        mutex_unlock(&wl->mutex);
3452}
3453
3454static void b43_periodic_tasks_setup(struct b43_wldev *dev)
3455{
3456        struct delayed_work *work = &dev->periodic_work;
3457
3458        dev->periodic_state = 0;
3459        INIT_DELAYED_WORK(work, b43_periodic_work_handler);
3460        ieee80211_queue_delayed_work(dev->wl->hw, work, 0);
3461}
3462
3463/* Check if communication with the device works correctly. */
3464static int b43_validate_chipaccess(struct b43_wldev *dev)
3465{
3466        u32 v, backup0, backup4;
3467
3468        backup0 = b43_shm_read32(dev, B43_SHM_SHARED, 0);
3469        backup4 = b43_shm_read32(dev, B43_SHM_SHARED, 4);
3470
3471        /* Check for read/write and endianness problems. */
3472        b43_shm_write32(dev, B43_SHM_SHARED, 0, 0x55AAAA55);
3473        if (b43_shm_read32(dev, B43_SHM_SHARED, 0) != 0x55AAAA55)
3474                goto error;
3475        b43_shm_write32(dev, B43_SHM_SHARED, 0, 0xAA5555AA);
3476        if (b43_shm_read32(dev, B43_SHM_SHARED, 0) != 0xAA5555AA)
3477                goto error;
3478
3479        /* Check if unaligned 32bit SHM_SHARED access works properly.
3480         * However, don't bail out on failure, because it's noncritical. */
3481        b43_shm_write16(dev, B43_SHM_SHARED, 0, 0x1122);
3482        b43_shm_write16(dev, B43_SHM_SHARED, 2, 0x3344);
3483        b43_shm_write16(dev, B43_SHM_SHARED, 4, 0x5566);
3484        b43_shm_write16(dev, B43_SHM_SHARED, 6, 0x7788);
3485        if (b43_shm_read32(dev, B43_SHM_SHARED, 2) != 0x55663344)
3486                b43warn(dev->wl, "Unaligned 32bit SHM read access is broken\n");
3487        b43_shm_write32(dev, B43_SHM_SHARED, 2, 0xAABBCCDD);
3488        if (b43_shm_read16(dev, B43_SHM_SHARED, 0) != 0x1122 ||
3489            b43_shm_read16(dev, B43_SHM_SHARED, 2) != 0xCCDD ||
3490            b43_shm_read16(dev, B43_SHM_SHARED, 4) != 0xAABB ||
3491            b43_shm_read16(dev, B43_SHM_SHARED, 6) != 0x7788)
3492                b43warn(dev->wl, "Unaligned 32bit SHM write access is broken\n");
3493
3494        b43_shm_write32(dev, B43_SHM_SHARED, 0, backup0);
3495        b43_shm_write32(dev, B43_SHM_SHARED, 4, backup4);
3496
3497        if ((dev->dev->core_rev >= 3) && (dev->dev->core_rev <= 10)) {
3498                /* The 32bit register shadows the two 16bit registers
3499                 * with update sideeffects. Validate this. */
3500                b43_write16(dev, B43_MMIO_TSF_CFP_START, 0xAAAA);
3501                b43_write32(dev, B43_MMIO_TSF_CFP_START, 0xCCCCBBBB);
3502                if (b43_read16(dev, B43_MMIO_TSF_CFP_START_LOW) != 0xBBBB)
3503                        goto error;
3504                if (b43_read16(dev, B43_MMIO_TSF_CFP_START_HIGH) != 0xCCCC)
3505                        goto error;
3506        }
3507        b43_write32(dev, B43_MMIO_TSF_CFP_START, 0);
3508
3509        v = b43_read32(dev, B43_MMIO_MACCTL);
3510        v |= B43_MACCTL_GMODE;
3511        if (v != (B43_MACCTL_GMODE | B43_MACCTL_IHR_ENABLED))
3512                goto error;
3513
3514        return 0;
3515error:
3516        b43err(dev->wl, "Failed to validate the chipaccess\n");
3517        return -ENODEV;
3518}
3519
3520static void b43_security_init(struct b43_wldev *dev)
3521{
3522        dev->ktp = b43_shm_read16(dev, B43_SHM_SHARED, B43_SHM_SH_KTP);
3523        /* KTP is a word address, but we address SHM bytewise.
3524         * So multiply by two.
3525         */
3526        dev->ktp *= 2;
3527        /* Number of RCMTA address slots */
3528        b43_write16(dev, B43_MMIO_RCMTA_COUNT, B43_NR_PAIRWISE_KEYS);
3529        /* Clear the key memory. */
3530        b43_clear_keys(dev);
3531}
3532
3533#ifdef CONFIG_B43_HWRNG
3534static int b43_rng_read(struct hwrng *rng, u32 *data)
3535{
3536        struct b43_wl *wl = (struct b43_wl *)rng->priv;
3537        struct b43_wldev *dev;
3538        int count = -ENODEV;
3539
3540        mutex_lock(&wl->mutex);
3541        dev = wl->current_dev;
3542        if (likely(dev && b43_status(dev) >= B43_STAT_INITIALIZED)) {
3543                *data = b43_read16(dev, B43_MMIO_RNG);
3544                count = sizeof(u16);
3545        }
3546        mutex_unlock(&wl->mutex);
3547
3548        return count;
3549}
3550#endif /* CONFIG_B43_HWRNG */
3551
3552static void b43_rng_exit(struct b43_wl *wl)
3553{
3554#ifdef CONFIG_B43_HWRNG
3555        if (wl->rng_initialized)
3556                hwrng_unregister(&wl->rng);
3557#endif /* CONFIG_B43_HWRNG */
3558}
3559
3560static int b43_rng_init(struct b43_wl *wl)
3561{
3562        int err = 0;
3563
3564#ifdef CONFIG_B43_HWRNG
3565        snprintf(wl->rng_name, ARRAY_SIZE(wl->rng_name),
3566                 "%s_%s", KBUILD_MODNAME, wiphy_name(wl->hw->wiphy));
3567        wl->rng.name = wl->rng_name;
3568        wl->rng.data_read = b43_rng_read;
3569        wl->rng.priv = (unsigned long)wl;
3570        wl->rng_initialized = true;
3571        err = hwrng_register(&wl->rng);
3572        if (err) {
3573                wl->rng_initialized = false;
3574                b43err(wl, "Failed to register the random "
3575                       "number generator (%d)\n", err);
3576        }
3577#endif /* CONFIG_B43_HWRNG */
3578
3579        return err;
3580}
3581
3582static void b43_tx_work(struct work_struct *work)
3583{
3584        struct b43_wl *wl = container_of(work, struct b43_wl, tx_work);
3585        struct b43_wldev *dev;
3586        struct sk_buff *skb;
3587        int queue_num;
3588        int err = 0;
3589
3590        mutex_lock(&wl->mutex);
3591        dev = wl->current_dev;
3592        if (unlikely(!dev || b43_status(dev) < B43_STAT_STARTED)) {
3593                mutex_unlock(&wl->mutex);
3594                return;
3595        }
3596
3597        for (queue_num = 0; queue_num < B43_QOS_QUEUE_NUM; queue_num++) {
3598                while (skb_queue_len(&wl->tx_queue[queue_num])) {
3599                        skb = skb_dequeue(&wl->tx_queue[queue_num]);
3600                        if (b43_using_pio_transfers(dev))
3601                                err = b43_pio_tx(dev, skb);
3602                        else
3603                                err = b43_dma_tx(dev, skb);
3604                        if (err == -ENOSPC) {
3605                                wl->tx_queue_stopped[queue_num] = true;
3606                                ieee80211_stop_queue(wl->hw, queue_num);
3607                                skb_queue_head(&wl->tx_queue[queue_num], skb);
3608                                break;
3609                        }
3610                        if (unlikely(err))
3611                                ieee80211_free_txskb(wl->hw, skb);
3612                        err = 0;
3613                }
3614
3615                if (!err)
3616                        wl->tx_queue_stopped[queue_num] = false;
3617        }
3618
3619#if B43_DEBUG
3620        dev->tx_count++;
3621#endif
3622        mutex_unlock(&wl->mutex);
3623}
3624
3625static void b43_op_tx(struct ieee80211_hw *hw,
3626                      struct ieee80211_tx_control *control,
3627                      struct sk_buff *skb)
3628{
3629        struct b43_wl *wl = hw_to_b43_wl(hw);
3630
3631        if (unlikely(skb->len < 2 + 2 + 6)) {
3632                /* Too short, this can't be a valid frame. */
3633                ieee80211_free_txskb(hw, skb);
3634                return;
3635        }
3636        B43_WARN_ON(skb_shinfo(skb)->nr_frags);
3637
3638        skb_queue_tail(&wl->tx_queue[skb->queue_mapping], skb);
3639        if (!wl->tx_queue_stopped[skb->queue_mapping]) {
3640                ieee80211_queue_work(wl->hw, &wl->tx_work);
3641        } else {
3642                ieee80211_stop_queue(wl->hw, skb->queue_mapping);
3643        }
3644}
3645
3646static void b43_qos_params_upload(struct b43_wldev *dev,
3647                                  const struct ieee80211_tx_queue_params *p,
3648                                  u16 shm_offset)
3649{
3650        u16 params[B43_NR_QOSPARAMS];
3651        int bslots, tmp;
3652        unsigned int i;
3653
3654        if (!dev->qos_enabled)
3655                return;
3656
3657        bslots = b43_read16(dev, B43_MMIO_RNG) & p->cw_min;
3658
3659        memset(&params, 0, sizeof(params));
3660
3661        params[B43_QOSPARAM_TXOP] = p->txop * 32;
3662        params[B43_QOSPARAM_CWMIN] = p->cw_min;
3663        params[B43_QOSPARAM_CWMAX] = p->cw_max;
3664        params[B43_QOSPARAM_CWCUR] = p->cw_min;
3665        params[B43_QOSPARAM_AIFS] = p->aifs;
3666        params[B43_QOSPARAM_BSLOTS] = bslots;
3667        params[B43_QOSPARAM_REGGAP] = bslots + p->aifs;
3668
3669        for (i = 0; i < ARRAY_SIZE(params); i++) {
3670                if (i == B43_QOSPARAM_STATUS) {
3671                        tmp = b43_shm_read16(dev, B43_SHM_SHARED,
3672                                             shm_offset + (i * 2));
3673                        /* Mark the parameters as updated. */
3674                        tmp |= 0x100;
3675                        b43_shm_write16(dev, B43_SHM_SHARED,
3676                                        shm_offset + (i * 2),
3677                                        tmp);
3678                } else {
3679                        b43_shm_write16(dev, B43_SHM_SHARED,
3680                                        shm_offset + (i * 2),
3681                                        params[i]);
3682                }
3683        }
3684}
3685
3686/* Mapping of mac80211 queue numbers to b43 QoS SHM offsets. */
3687static const u16 b43_qos_shm_offsets[] = {
3688        /* [mac80211-queue-nr] = SHM_OFFSET, */
3689        [0] = B43_QOS_VOICE,
3690        [1] = B43_QOS_VIDEO,
3691        [2] = B43_QOS_BESTEFFORT,
3692        [3] = B43_QOS_BACKGROUND,
3693};
3694
3695/* Update all QOS parameters in hardware. */
3696static void b43_qos_upload_all(struct b43_wldev *dev)
3697{
3698        struct b43_wl *wl = dev->wl;
3699        struct b43_qos_params *params;
3700        unsigned int i;
3701
3702        if (!dev->qos_enabled)
3703                return;
3704
3705        BUILD_BUG_ON(ARRAY_SIZE(b43_qos_shm_offsets) !=
3706                     ARRAY_SIZE(wl->qos_params));
3707
3708        b43_mac_suspend(dev);
3709        for (i = 0; i < ARRAY_SIZE(wl->qos_params); i++) {
3710                params = &(wl->qos_params[i]);
3711                b43_qos_params_upload(dev, &(params->p),
3712                                      b43_qos_shm_offsets[i]);
3713        }
3714        b43_mac_enable(dev);
3715}
3716
3717static void b43_qos_clear(struct b43_wl *wl)
3718{
3719        struct b43_qos_params *params;
3720        unsigned int i;
3721
3722        /* Initialize QoS parameters to sane defaults. */
3723
3724        BUILD_BUG_ON(ARRAY_SIZE(b43_qos_shm_offsets) !=
3725                     ARRAY_SIZE(wl->qos_params));
3726
3727        for (i = 0; i < ARRAY_SIZE(wl->qos_params); i++) {
3728                params = &(wl->qos_params[i]);
3729
3730                switch (b43_qos_shm_offsets[i]) {
3731                case B43_QOS_VOICE:
3732                        params->p.txop = 0;
3733                        params->p.aifs = 2;
3734                        params->p.cw_min = 0x0001;
3735                        params->p.cw_max = 0x0001;
3736                        break;
3737                case B43_QOS_VIDEO:
3738                        params->p.txop = 0;
3739                        params->p.aifs = 2;
3740                        params->p.cw_min = 0x0001;
3741                        params->p.cw_max = 0x0001;
3742                        break;
3743                case B43_QOS_BESTEFFORT:
3744                        params->p.txop = 0;
3745                        params->p.aifs = 3;
3746                        params->p.cw_min = 0x0001;
3747                        params->p.cw_max = 0x03FF;
3748                        break;
3749                case B43_QOS_BACKGROUND:
3750                        params->p.txop = 0;
3751                        params->p.aifs = 7;
3752                        params->p.cw_min = 0x0001;
3753                        params->p.cw_max = 0x03FF;
3754                        break;
3755                default:
3756                        B43_WARN_ON(1);
3757                }
3758        }
3759}
3760
3761/* Initialize the core's QOS capabilities */
3762static void b43_qos_init(struct b43_wldev *dev)
3763{
3764        if (!dev->qos_enabled) {
3765                /* Disable QOS support. */
3766                b43_hf_write(dev, b43_hf_read(dev) & ~B43_HF_EDCF);
3767                b43_write16(dev, B43_MMIO_IFSCTL,
3768                            b43_read16(dev, B43_MMIO_IFSCTL)
3769                            & ~B43_MMIO_IFSCTL_USE_EDCF);
3770                b43dbg(dev->wl, "QoS disabled\n");
3771                return;
3772        }
3773
3774        /* Upload the current QOS parameters. */
3775        b43_qos_upload_all(dev);
3776
3777        /* Enable QOS support. */
3778        b43_hf_write(dev, b43_hf_read(dev) | B43_HF_EDCF);
3779        b43_write16(dev, B43_MMIO_IFSCTL,
3780                    b43_read16(dev, B43_MMIO_IFSCTL)
3781                    | B43_MMIO_IFSCTL_USE_EDCF);
3782        b43dbg(dev->wl, "QoS enabled\n");
3783}
3784
3785static int b43_op_conf_tx(struct ieee80211_hw *hw,
3786                          struct ieee80211_vif *vif, u16 _queue,
3787                          const struct ieee80211_tx_queue_params *params)
3788{
3789        struct b43_wl *wl = hw_to_b43_wl(hw);
3790        struct b43_wldev *dev;
3791        unsigned int queue = (unsigned int)_queue;
3792        int err = -ENODEV;
3793
3794        if (queue >= ARRAY_SIZE(wl->qos_params)) {
3795                /* Queue not available or don't support setting
3796                 * params on this queue. Return success to not
3797                 * confuse mac80211. */
3798                return 0;
3799        }
3800        BUILD_BUG_ON(ARRAY_SIZE(b43_qos_shm_offsets) !=
3801                     ARRAY_SIZE(wl->qos_params));
3802
3803        mutex_lock(&wl->mutex);
3804        dev = wl->current_dev;
3805        if (unlikely(!dev || (b43_status(dev) < B43_STAT_INITIALIZED)))
3806                goto out_unlock;
3807
3808        memcpy(&(wl->qos_params[queue].p), params, sizeof(*params));
3809        b43_mac_suspend(dev);
3810        b43_qos_params_upload(dev, &(wl->qos_params[queue].p),
3811                              b43_qos_shm_offsets[queue]);
3812        b43_mac_enable(dev);
3813        err = 0;
3814
3815out_unlock:
3816        mutex_unlock(&wl->mutex);
3817
3818        return err;
3819}
3820
3821static int b43_op_get_stats(struct ieee80211_hw *hw,
3822                            struct ieee80211_low_level_stats *stats)
3823{
3824        struct b43_wl *wl = hw_to_b43_wl(hw);
3825
3826        mutex_lock(&wl->mutex);
3827        memcpy(stats, &wl->ieee_stats, sizeof(*stats));
3828        mutex_unlock(&wl->mutex);
3829
3830        return 0;
3831}
3832
3833static u64 b43_op_get_tsf(struct ieee80211_hw *hw, struct ieee80211_vif *vif)
3834{
3835        struct b43_wl *wl = hw_to_b43_wl(hw);
3836        struct b43_wldev *dev;
3837        u64 tsf;
3838
3839        mutex_lock(&wl->mutex);
3840        dev = wl->current_dev;
3841
3842        if (dev && (b43_status(dev) >= B43_STAT_INITIALIZED))
3843                b43_tsf_read(dev, &tsf);
3844        else
3845                tsf = 0;
3846
3847        mutex_unlock(&wl->mutex);
3848
3849        return tsf;
3850}
3851
3852static void b43_op_set_tsf(struct ieee80211_hw *hw,
3853                           struct ieee80211_vif *vif, u64 tsf)
3854{
3855        struct b43_wl *wl = hw_to_b43_wl(hw);
3856        struct b43_wldev *dev;
3857
3858        mutex_lock(&wl->mutex);
3859        dev = wl->current_dev;
3860
3861        if (dev && (b43_status(dev) >= B43_STAT_INITIALIZED))
3862                b43_tsf_write(dev, tsf);
3863
3864        mutex_unlock(&wl->mutex);
3865}
3866
3867static const char *band_to_string(enum nl80211_band band)
3868{
3869        switch (band) {
3870        case NL80211_BAND_5GHZ:
3871                return "5";
3872        case NL80211_BAND_2GHZ:
3873                return "2.4";
3874        default:
3875                break;
3876        }
3877        B43_WARN_ON(1);
3878        return "";
3879}
3880
3881/* Expects wl->mutex locked */
3882static int b43_switch_band(struct b43_wldev *dev,
3883                           struct ieee80211_channel *chan)
3884{
3885        struct b43_phy *phy = &dev->phy;
3886        bool gmode;
3887        u32 tmp;
3888
3889        switch (chan->band) {
3890        case NL80211_BAND_5GHZ:
3891                gmode = false;
3892                break;
3893        case NL80211_BAND_2GHZ:
3894                gmode = true;
3895                break;
3896        default:
3897                B43_WARN_ON(1);
3898                return -EINVAL;
3899        }
3900
3901        if (!((gmode && phy->supports_2ghz) ||
3902              (!gmode && phy->supports_5ghz))) {
3903                b43err(dev->wl, "This device doesn't support %s-GHz band\n",
3904                       band_to_string(chan->band));
3905                return -ENODEV;
3906        }
3907
3908        if (!!phy->gmode == !!gmode) {
3909                /* This device is already running. */
3910                return 0;
3911        }
3912
3913        b43dbg(dev->wl, "Switching to %s GHz band\n",
3914               band_to_string(chan->band));
3915
3916        /* Some new devices don't need disabling radio for band switching */
3917        if (!(phy->type == B43_PHYTYPE_N && phy->rev >= 3))
3918                b43_software_rfkill(dev, true);
3919
3920        phy->gmode = gmode;
3921        b43_phy_put_into_reset(dev);
3922        switch (dev->dev->bus_type) {
3923#ifdef CONFIG_B43_BCMA
3924        case B43_BUS_BCMA:
3925                tmp = bcma_aread32(dev->dev->bdev, BCMA_IOCTL);
3926                if (gmode)
3927                        tmp |= B43_BCMA_IOCTL_GMODE;
3928                else
3929                        tmp &= ~B43_BCMA_IOCTL_GMODE;
3930                bcma_awrite32(dev->dev->bdev, BCMA_IOCTL, tmp);
3931                break;
3932#endif
3933#ifdef CONFIG_B43_SSB
3934        case B43_BUS_SSB:
3935                tmp = ssb_read32(dev->dev->sdev, SSB_TMSLOW);
3936                if (gmode)
3937                        tmp |= B43_TMSLOW_GMODE;
3938                else
3939                        tmp &= ~B43_TMSLOW_GMODE;
3940                ssb_write32(dev->dev->sdev, SSB_TMSLOW, tmp);
3941                break;
3942#endif
3943        }
3944        b43_phy_take_out_of_reset(dev);
3945
3946        b43_upload_initvals_band(dev);
3947
3948        b43_phy_init(dev);
3949
3950        return 0;
3951}
3952
3953static void b43_set_beacon_listen_interval(struct b43_wldev *dev, u16 interval)
3954{
3955        interval = min_t(u16, interval, (u16)0xFF);
3956        b43_shm_write16(dev, B43_SHM_SHARED, B43_SHM_SH_BCN_LI, interval);
3957}
3958
3959/* Write the short and long frame retry limit values. */
3960static void b43_set_retry_limits(struct b43_wldev *dev,
3961                                 unsigned int short_retry,
3962                                 unsigned int long_retry)
3963{
3964        /* The retry limit is a 4-bit counter. Enforce this to avoid overflowing
3965         * the chip-internal counter. */
3966        short_retry = min(short_retry, (unsigned int)0xF);
3967        long_retry = min(long_retry, (unsigned int)0xF);
3968
3969        b43_shm_write16(dev, B43_SHM_SCRATCH, B43_SHM_SC_SRLIMIT,
3970                        short_retry);
3971        b43_shm_write16(dev, B43_SHM_SCRATCH, B43_SHM_SC_LRLIMIT,
3972                        long_retry);
3973}
3974
3975static int b43_op_config(struct ieee80211_hw *hw, u32 changed)
3976{
3977        struct b43_wl *wl = hw_to_b43_wl(hw);
3978        struct b43_wldev *dev = wl->current_dev;
3979        struct b43_phy *phy = &dev->phy;
3980        struct ieee80211_conf *conf = &hw->conf;
3981        int antenna;
3982        int err = 0;
3983
3984        mutex_lock(&wl->mutex);
3985        b43_mac_suspend(dev);
3986
3987        if (changed & IEEE80211_CONF_CHANGE_LISTEN_INTERVAL)
3988                b43_set_beacon_listen_interval(dev, conf->listen_interval);
3989
3990        if (changed & IEEE80211_CONF_CHANGE_CHANNEL) {
3991                phy->chandef = &conf->chandef;
3992                phy->channel = conf->chandef.chan->hw_value;
3993
3994                /* Switch the band (if necessary). */
3995                err = b43_switch_band(dev, conf->chandef.chan);
3996                if (err)
3997                        goto out_mac_enable;
3998
3999                /* Switch to the requested channel.
4000                 * The firmware takes care of races with the TX handler.
4001                 */
4002                b43_switch_channel(dev, phy->channel);
4003        }
4004
4005        if (changed & IEEE80211_CONF_CHANGE_RETRY_LIMITS)
4006                b43_set_retry_limits(dev, conf->short_frame_max_tx_count,
4007                                          conf->long_frame_max_tx_count);
4008        changed &= ~IEEE80211_CONF_CHANGE_RETRY_LIMITS;
4009        if (!changed)
4010                goto out_mac_enable;
4011
4012        dev->wl->radiotap_enabled = !!(conf->flags & IEEE80211_CONF_MONITOR);
4013
4014        /* Adjust the desired TX power level. */
4015        if (conf->power_level != 0) {
4016                if (conf->power_level != phy->desired_txpower) {
4017                        phy->desired_txpower = conf->power_level;
4018                        b43_phy_txpower_check(dev, B43_TXPWR_IGNORE_TIME |
4019                                                   B43_TXPWR_IGNORE_TSSI);
4020                }
4021        }
4022
4023        /* Antennas for RX and management frame TX. */
4024        antenna = B43_ANTENNA_DEFAULT;
4025        b43_mgmtframe_txantenna(dev, antenna);
4026        antenna = B43_ANTENNA_DEFAULT;
4027        if (phy->ops->set_rx_antenna)
4028                phy->ops->set_rx_antenna(dev, antenna);
4029
4030        if (wl->radio_enabled != phy->radio_on) {
4031                if (wl->radio_enabled) {
4032                        b43_software_rfkill(dev, false);
4033                        b43info(dev->wl, "Radio turned on by software\n");
4034                        if (!dev->radio_hw_enable) {
4035                                b43info(dev->wl, "The hardware RF-kill button "
4036                                        "still turns the radio physically off. "
4037                                        "Press the button to turn it on.\n");
4038                        }
4039                } else {
4040                        b43_software_rfkill(dev, true);
4041                        b43info(dev->wl, "Radio turned off by software\n");
4042                }
4043        }
4044
4045out_mac_enable:
4046        b43_mac_enable(dev);
4047        mutex_unlock(&wl->mutex);
4048
4049        return err;
4050}
4051
4052static void b43_update_basic_rates(struct b43_wldev *dev, u32 brates)
4053{
4054        struct ieee80211_supported_band *sband =
4055                dev->wl->hw->wiphy->bands[b43_current_band(dev->wl)];
4056        const struct ieee80211_rate *rate;
4057        int i;
4058        u16 basic, direct, offset, basic_offset, rateptr;
4059
4060        for (i = 0; i < sband->n_bitrates; i++) {
4061                rate = &sband->bitrates[i];
4062
4063                if (b43_is_cck_rate(rate->hw_value)) {
4064                        direct = B43_SHM_SH_CCKDIRECT;
4065                        basic = B43_SHM_SH_CCKBASIC;
4066                        offset = b43_plcp_get_ratecode_cck(rate->hw_value);
4067                        offset &= 0xF;
4068                } else {
4069                        direct = B43_SHM_SH_OFDMDIRECT;
4070                        basic = B43_SHM_SH_OFDMBASIC;
4071                        offset = b43_plcp_get_ratecode_ofdm(rate->hw_value);
4072                        offset &= 0xF;
4073                }
4074
4075                rate = ieee80211_get_response_rate(sband, brates, rate->bitrate);
4076
4077                if (b43_is_cck_rate(rate->hw_value)) {
4078                        basic_offset = b43_plcp_get_ratecode_cck(rate->hw_value);
4079                        basic_offset &= 0xF;
4080                } else {
4081                        basic_offset = b43_plcp_get_ratecode_ofdm(rate->hw_value);
4082                        basic_offset &= 0xF;
4083                }
4084
4085                /*
4086                 * Get the pointer that we need to point to
4087                 * from the direct map
4088                 */
4089                rateptr = b43_shm_read16(dev, B43_SHM_SHARED,
4090                                         direct + 2 * basic_offset);
4091                /* and write it to the basic map */
4092                b43_shm_write16(dev, B43_SHM_SHARED, basic + 2 * offset,
4093                                rateptr);
4094