linux/drivers/net/wireless/ipw2x00/ipw2200.c
<<
>>
Prefs
   1/******************************************************************************
   2
   3  Copyright(c) 2003 - 2006 Intel Corporation. All rights reserved.
   4
   5  802.11 status code portion of this file from ethereal-0.10.6:
   6    Copyright 2000, Axis Communications AB
   7    Ethereal - Network traffic analyzer
   8    By Gerald Combs <gerald@ethereal.com>
   9    Copyright 1998 Gerald Combs
  10
  11  This program is free software; you can redistribute it and/or modify it
  12  under the terms of version 2 of the GNU General Public License as
  13  published by the Free Software Foundation.
  14
  15  This program is distributed in the hope that it will be useful, but WITHOUT
  16  ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
  17  FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License for
  18  more details.
  19
  20  You should have received a copy of the GNU General Public License along with
  21  this program; if not, write to the Free Software Foundation, Inc., 59
  22  Temple Place - Suite 330, Boston, MA  02111-1307, USA.
  23
  24  The full GNU General Public License is included in this distribution in the
  25  file called LICENSE.
  26
  27  Contact Information:
  28  Intel Linux Wireless <ilw@linux.intel.com>
  29  Intel Corporation, 5200 N.E. Elam Young Parkway, Hillsboro, OR 97124-6497
  30
  31******************************************************************************/
  32
  33#include <linux/sched.h>
  34#include <linux/slab.h>
  35#include <net/cfg80211-wext.h>
  36#include "ipw2200.h"
  37#include "ipw.h"
  38
  39
  40#ifndef KBUILD_EXTMOD
  41#define VK "k"
  42#else
  43#define VK
  44#endif
  45
  46#ifdef CONFIG_IPW2200_DEBUG
  47#define VD "d"
  48#else
  49#define VD
  50#endif
  51
  52#ifdef CONFIG_IPW2200_MONITOR
  53#define VM "m"
  54#else
  55#define VM
  56#endif
  57
  58#ifdef CONFIG_IPW2200_PROMISCUOUS
  59#define VP "p"
  60#else
  61#define VP
  62#endif
  63
  64#ifdef CONFIG_IPW2200_RADIOTAP
  65#define VR "r"
  66#else
  67#define VR
  68#endif
  69
  70#ifdef CONFIG_IPW2200_QOS
  71#define VQ "q"
  72#else
  73#define VQ
  74#endif
  75
  76#define IPW2200_VERSION "1.2.2" VK VD VM VP VR VQ
  77#define DRV_DESCRIPTION "Intel(R) PRO/Wireless 2200/2915 Network Driver"
  78#define DRV_COPYRIGHT   "Copyright(c) 2003-2006 Intel Corporation"
  79#define DRV_VERSION     IPW2200_VERSION
  80
  81#define ETH_P_80211_STATS (ETH_P_80211_RAW + 1)
  82
  83MODULE_DESCRIPTION(DRV_DESCRIPTION);
  84MODULE_VERSION(DRV_VERSION);
  85MODULE_AUTHOR(DRV_COPYRIGHT);
  86MODULE_LICENSE("GPL");
  87MODULE_FIRMWARE("ipw2200-ibss.fw");
  88#ifdef CONFIG_IPW2200_MONITOR
  89MODULE_FIRMWARE("ipw2200-sniffer.fw");
  90#endif
  91MODULE_FIRMWARE("ipw2200-bss.fw");
  92
  93static int cmdlog = 0;
  94static int debug = 0;
  95static int default_channel = 0;
  96static int network_mode = 0;
  97
  98static u32 ipw_debug_level;
  99static int associate;
 100static int auto_create = 1;
 101static int led_support = 1;
 102static int disable = 0;
 103static int bt_coexist = 0;
 104static int hwcrypto = 0;
 105static int roaming = 1;
 106static const char ipw_modes[] = {
 107        'a', 'b', 'g', '?'
 108};
 109static int antenna = CFG_SYS_ANTENNA_BOTH;
 110
 111#ifdef CONFIG_IPW2200_PROMISCUOUS
 112static int rtap_iface = 0;     /* def: 0 -- do not create rtap interface */
 113#endif
 114
 115static struct ieee80211_rate ipw2200_rates[] = {
 116        { .bitrate = 10 },
 117        { .bitrate = 20, .flags = IEEE80211_RATE_SHORT_PREAMBLE },
 118        { .bitrate = 55, .flags = IEEE80211_RATE_SHORT_PREAMBLE },
 119        { .bitrate = 110, .flags = IEEE80211_RATE_SHORT_PREAMBLE },
 120        { .bitrate = 60 },
 121        { .bitrate = 90 },
 122        { .bitrate = 120 },
 123        { .bitrate = 180 },
 124        { .bitrate = 240 },
 125        { .bitrate = 360 },
 126        { .bitrate = 480 },
 127        { .bitrate = 540 }
 128};
 129
 130#define ipw2200_a_rates         (ipw2200_rates + 4)
 131#define ipw2200_num_a_rates     8
 132#define ipw2200_bg_rates        (ipw2200_rates + 0)
 133#define ipw2200_num_bg_rates    12
 134
 135/* Ugly macro to convert literal channel numbers into their mhz equivalents
 136 * There are certianly some conditions that will break this (like feeding it '30')
 137 * but they shouldn't arise since nothing talks on channel 30. */
 138#define ieee80211chan2mhz(x) \
 139        (((x) <= 14) ? \
 140        (((x) == 14) ? 2484 : ((x) * 5) + 2407) : \
 141        ((x) + 1000) * 5)
 142
 143#ifdef CONFIG_IPW2200_QOS
 144static int qos_enable = 0;
 145static int qos_burst_enable = 0;
 146static int qos_no_ack_mask = 0;
 147static int burst_duration_CCK = 0;
 148static int burst_duration_OFDM = 0;
 149
 150static struct libipw_qos_parameters def_qos_parameters_OFDM = {
 151        {QOS_TX0_CW_MIN_OFDM, QOS_TX1_CW_MIN_OFDM, QOS_TX2_CW_MIN_OFDM,
 152         QOS_TX3_CW_MIN_OFDM},
 153        {QOS_TX0_CW_MAX_OFDM, QOS_TX1_CW_MAX_OFDM, QOS_TX2_CW_MAX_OFDM,
 154         QOS_TX3_CW_MAX_OFDM},
 155        {QOS_TX0_AIFS, QOS_TX1_AIFS, QOS_TX2_AIFS, QOS_TX3_AIFS},
 156        {QOS_TX0_ACM, QOS_TX1_ACM, QOS_TX2_ACM, QOS_TX3_ACM},
 157        {QOS_TX0_TXOP_LIMIT_OFDM, QOS_TX1_TXOP_LIMIT_OFDM,
 158         QOS_TX2_TXOP_LIMIT_OFDM, QOS_TX3_TXOP_LIMIT_OFDM}
 159};
 160
 161static struct libipw_qos_parameters def_qos_parameters_CCK = {
 162        {QOS_TX0_CW_MIN_CCK, QOS_TX1_CW_MIN_CCK, QOS_TX2_CW_MIN_CCK,
 163         QOS_TX3_CW_MIN_CCK},
 164        {QOS_TX0_CW_MAX_CCK, QOS_TX1_CW_MAX_CCK, QOS_TX2_CW_MAX_CCK,
 165         QOS_TX3_CW_MAX_CCK},
 166        {QOS_TX0_AIFS, QOS_TX1_AIFS, QOS_TX2_AIFS, QOS_TX3_AIFS},
 167        {QOS_TX0_ACM, QOS_TX1_ACM, QOS_TX2_ACM, QOS_TX3_ACM},
 168        {QOS_TX0_TXOP_LIMIT_CCK, QOS_TX1_TXOP_LIMIT_CCK, QOS_TX2_TXOP_LIMIT_CCK,
 169         QOS_TX3_TXOP_LIMIT_CCK}
 170};
 171
 172static struct libipw_qos_parameters def_parameters_OFDM = {
 173        {DEF_TX0_CW_MIN_OFDM, DEF_TX1_CW_MIN_OFDM, DEF_TX2_CW_MIN_OFDM,
 174         DEF_TX3_CW_MIN_OFDM},
 175        {DEF_TX0_CW_MAX_OFDM, DEF_TX1_CW_MAX_OFDM, DEF_TX2_CW_MAX_OFDM,
 176         DEF_TX3_CW_MAX_OFDM},
 177        {DEF_TX0_AIFS, DEF_TX1_AIFS, DEF_TX2_AIFS, DEF_TX3_AIFS},
 178        {DEF_TX0_ACM, DEF_TX1_ACM, DEF_TX2_ACM, DEF_TX3_ACM},
 179        {DEF_TX0_TXOP_LIMIT_OFDM, DEF_TX1_TXOP_LIMIT_OFDM,
 180         DEF_TX2_TXOP_LIMIT_OFDM, DEF_TX3_TXOP_LIMIT_OFDM}
 181};
 182
 183static struct libipw_qos_parameters def_parameters_CCK = {
 184        {DEF_TX0_CW_MIN_CCK, DEF_TX1_CW_MIN_CCK, DEF_TX2_CW_MIN_CCK,
 185         DEF_TX3_CW_MIN_CCK},
 186        {DEF_TX0_CW_MAX_CCK, DEF_TX1_CW_MAX_CCK, DEF_TX2_CW_MAX_CCK,
 187         DEF_TX3_CW_MAX_CCK},
 188        {DEF_TX0_AIFS, DEF_TX1_AIFS, DEF_TX2_AIFS, DEF_TX3_AIFS},
 189        {DEF_TX0_ACM, DEF_TX1_ACM, DEF_TX2_ACM, DEF_TX3_ACM},
 190        {DEF_TX0_TXOP_LIMIT_CCK, DEF_TX1_TXOP_LIMIT_CCK, DEF_TX2_TXOP_LIMIT_CCK,
 191         DEF_TX3_TXOP_LIMIT_CCK}
 192};
 193
 194static u8 qos_oui[QOS_OUI_LEN] = { 0x00, 0x50, 0xF2 };
 195
 196static int from_priority_to_tx_queue[] = {
 197        IPW_TX_QUEUE_1, IPW_TX_QUEUE_2, IPW_TX_QUEUE_2, IPW_TX_QUEUE_1,
 198        IPW_TX_QUEUE_3, IPW_TX_QUEUE_3, IPW_TX_QUEUE_4, IPW_TX_QUEUE_4
 199};
 200
 201static u32 ipw_qos_get_burst_duration(struct ipw_priv *priv);
 202
 203static int ipw_send_qos_params_command(struct ipw_priv *priv, struct libipw_qos_parameters
 204                                       *qos_param);
 205static int ipw_send_qos_info_command(struct ipw_priv *priv, struct libipw_qos_information_element
 206                                     *qos_param);
 207#endif                          /* CONFIG_IPW2200_QOS */
 208
 209static struct iw_statistics *ipw_get_wireless_stats(struct net_device *dev);
 210static void ipw_remove_current_network(struct ipw_priv *priv);
 211static void ipw_rx(struct ipw_priv *priv);
 212static int ipw_queue_tx_reclaim(struct ipw_priv *priv,
 213                                struct clx2_tx_queue *txq, int qindex);
 214static int ipw_queue_reset(struct ipw_priv *priv);
 215
 216static int ipw_queue_tx_hcmd(struct ipw_priv *priv, int hcmd, void *buf,
 217                             int len, int sync);
 218
 219static void ipw_tx_queue_free(struct ipw_priv *);
 220
 221static struct ipw_rx_queue *ipw_rx_queue_alloc(struct ipw_priv *);
 222static void ipw_rx_queue_free(struct ipw_priv *, struct ipw_rx_queue *);
 223static void ipw_rx_queue_replenish(void *);
 224static int ipw_up(struct ipw_priv *);
 225static void ipw_bg_up(struct work_struct *work);
 226static void ipw_down(struct ipw_priv *);
 227static void ipw_bg_down(struct work_struct *work);
 228static int ipw_config(struct ipw_priv *);
 229static int init_supported_rates(struct ipw_priv *priv,
 230                                struct ipw_supported_rates *prates);
 231static void ipw_set_hwcrypto_keys(struct ipw_priv *);
 232static void ipw_send_wep_keys(struct ipw_priv *, int);
 233
 234static int snprint_line(char *buf, size_t count,
 235                        const u8 * data, u32 len, u32 ofs)
 236{
 237        int out, i, j, l;
 238        char c;
 239
 240        out = snprintf(buf, count, "%08X", ofs);
 241
 242        for (l = 0, i = 0; i < 2; i++) {
 243                out += snprintf(buf + out, count - out, " ");
 244                for (j = 0; j < 8 && l < len; j++, l++)
 245                        out += snprintf(buf + out, count - out, "%02X ",
 246                                        data[(i * 8 + j)]);
 247                for (; j < 8; j++)
 248                        out += snprintf(buf + out, count - out, "   ");
 249        }
 250
 251        out += snprintf(buf + out, count - out, " ");
 252        for (l = 0, i = 0; i < 2; i++) {
 253                out += snprintf(buf + out, count - out, " ");
 254                for (j = 0; j < 8 && l < len; j++, l++) {
 255                        c = data[(i * 8 + j)];
 256                        if (!isascii(c) || !isprint(c))
 257                                c = '.';
 258
 259                        out += snprintf(buf + out, count - out, "%c", c);
 260                }
 261
 262                for (; j < 8; j++)
 263                        out += snprintf(buf + out, count - out, " ");
 264        }
 265
 266        return out;
 267}
 268
 269static void printk_buf(int level, const u8 * data, u32 len)
 270{
 271        char line[81];
 272        u32 ofs = 0;
 273        if (!(ipw_debug_level & level))
 274                return;
 275
 276        while (len) {
 277                snprint_line(line, sizeof(line), &data[ofs],
 278                             min(len, 16U), ofs);
 279                printk(KERN_DEBUG "%s\n", line);
 280                ofs += 16;
 281                len -= min(len, 16U);
 282        }
 283}
 284
 285static int snprintk_buf(u8 * output, size_t size, const u8 * data, size_t len)
 286{
 287        size_t out = size;
 288        u32 ofs = 0;
 289        int total = 0;
 290
 291        while (size && len) {
 292                out = snprint_line(output, size, &data[ofs],
 293                                   min_t(size_t, len, 16U), ofs);
 294
 295                ofs += 16;
 296                output += out;
 297                size -= out;
 298                len -= min_t(size_t, len, 16U);
 299                total += out;
 300        }
 301        return total;
 302}
 303
 304/* alias for 32-bit indirect read (for SRAM/reg above 4K), with debug wrapper */
 305static u32 _ipw_read_reg32(struct ipw_priv *priv, u32 reg);
 306#define ipw_read_reg32(a, b) _ipw_read_reg32(a, b)
 307
 308/* alias for 8-bit indirect read (for SRAM/reg above 4K), with debug wrapper */
 309static u8 _ipw_read_reg8(struct ipw_priv *ipw, u32 reg);
 310#define ipw_read_reg8(a, b) _ipw_read_reg8(a, b)
 311
 312/* 8-bit indirect write (for SRAM/reg above 4K), with debug wrapper */
 313static void _ipw_write_reg8(struct ipw_priv *priv, u32 reg, u8 value);
 314static inline void ipw_write_reg8(struct ipw_priv *a, u32 b, u8 c)
 315{
 316        IPW_DEBUG_IO("%s %d: write_indirect8(0x%08X, 0x%08X)\n", __FILE__,
 317                     __LINE__, (u32) (b), (u32) (c));
 318        _ipw_write_reg8(a, b, c);
 319}
 320
 321/* 16-bit indirect write (for SRAM/reg above 4K), with debug wrapper */
 322static void _ipw_write_reg16(struct ipw_priv *priv, u32 reg, u16 value);
 323static inline void ipw_write_reg16(struct ipw_priv *a, u32 b, u16 c)
 324{
 325        IPW_DEBUG_IO("%s %d: write_indirect16(0x%08X, 0x%08X)\n", __FILE__,
 326                     __LINE__, (u32) (b), (u32) (c));
 327        _ipw_write_reg16(a, b, c);
 328}
 329
 330/* 32-bit indirect write (for SRAM/reg above 4K), with debug wrapper */
 331static void _ipw_write_reg32(struct ipw_priv *priv, u32 reg, u32 value);
 332static inline void ipw_write_reg32(struct ipw_priv *a, u32 b, u32 c)
 333{
 334        IPW_DEBUG_IO("%s %d: write_indirect32(0x%08X, 0x%08X)\n", __FILE__,
 335                     __LINE__, (u32) (b), (u32) (c));
 336        _ipw_write_reg32(a, b, c);
 337}
 338
 339/* 8-bit direct write (low 4K) */
 340static inline void _ipw_write8(struct ipw_priv *ipw, unsigned long ofs,
 341                u8 val)
 342{
 343        writeb(val, ipw->hw_base + ofs);
 344}
 345
 346/* 8-bit direct write (for low 4K of SRAM/regs), with debug wrapper */
 347#define ipw_write8(ipw, ofs, val) do { \
 348        IPW_DEBUG_IO("%s %d: write_direct8(0x%08X, 0x%08X)\n", __FILE__, \
 349                        __LINE__, (u32)(ofs), (u32)(val)); \
 350        _ipw_write8(ipw, ofs, val); \
 351} while (0)
 352
 353/* 16-bit direct write (low 4K) */
 354static inline void _ipw_write16(struct ipw_priv *ipw, unsigned long ofs,
 355                u16 val)
 356{
 357        writew(val, ipw->hw_base + ofs);
 358}
 359
 360/* 16-bit direct write (for low 4K of SRAM/regs), with debug wrapper */
 361#define ipw_write16(ipw, ofs, val) do { \
 362        IPW_DEBUG_IO("%s %d: write_direct16(0x%08X, 0x%08X)\n", __FILE__, \
 363                        __LINE__, (u32)(ofs), (u32)(val)); \
 364        _ipw_write16(ipw, ofs, val); \
 365} while (0)
 366
 367/* 32-bit direct write (low 4K) */
 368static inline void _ipw_write32(struct ipw_priv *ipw, unsigned long ofs,
 369                u32 val)
 370{
 371        writel(val, ipw->hw_base + ofs);
 372}
 373
 374/* 32-bit direct write (for low 4K of SRAM/regs), with debug wrapper */
 375#define ipw_write32(ipw, ofs, val) do { \
 376        IPW_DEBUG_IO("%s %d: write_direct32(0x%08X, 0x%08X)\n", __FILE__, \
 377                        __LINE__, (u32)(ofs), (u32)(val)); \
 378        _ipw_write32(ipw, ofs, val); \
 379} while (0)
 380
 381/* 8-bit direct read (low 4K) */
 382static inline u8 _ipw_read8(struct ipw_priv *ipw, unsigned long ofs)
 383{
 384        return readb(ipw->hw_base + ofs);
 385}
 386
 387/* alias to 8-bit direct read (low 4K of SRAM/regs), with debug wrapper */
 388#define ipw_read8(ipw, ofs) ({ \
 389        IPW_DEBUG_IO("%s %d: read_direct8(0x%08X)\n", __FILE__, __LINE__, \
 390                        (u32)(ofs)); \
 391        _ipw_read8(ipw, ofs); \
 392})
 393
 394/* 16-bit direct read (low 4K) */
 395static inline u16 _ipw_read16(struct ipw_priv *ipw, unsigned long ofs)
 396{
 397        return readw(ipw->hw_base + ofs);
 398}
 399
 400/* alias to 16-bit direct read (low 4K of SRAM/regs), with debug wrapper */
 401#define ipw_read16(ipw, ofs) ({ \
 402        IPW_DEBUG_IO("%s %d: read_direct16(0x%08X)\n", __FILE__, __LINE__, \
 403                        (u32)(ofs)); \
 404        _ipw_read16(ipw, ofs); \
 405})
 406
 407/* 32-bit direct read (low 4K) */
 408static inline u32 _ipw_read32(struct ipw_priv *ipw, unsigned long ofs)
 409{
 410        return readl(ipw->hw_base + ofs);
 411}
 412
 413/* alias to 32-bit direct read (low 4K of SRAM/regs), with debug wrapper */
 414#define ipw_read32(ipw, ofs) ({ \
 415        IPW_DEBUG_IO("%s %d: read_direct32(0x%08X)\n", __FILE__, __LINE__, \
 416                        (u32)(ofs)); \
 417        _ipw_read32(ipw, ofs); \
 418})
 419
 420static void _ipw_read_indirect(struct ipw_priv *, u32, u8 *, int);
 421/* alias to multi-byte read (SRAM/regs above 4K), with debug wrapper */
 422#define ipw_read_indirect(a, b, c, d) ({ \
 423        IPW_DEBUG_IO("%s %d: read_indirect(0x%08X) %u bytes\n", __FILE__, \
 424                        __LINE__, (u32)(b), (u32)(d)); \
 425        _ipw_read_indirect(a, b, c, d); \
 426})
 427
 428/* alias to multi-byte read (SRAM/regs above 4K), with debug wrapper */
 429static void _ipw_write_indirect(struct ipw_priv *priv, u32 addr, u8 * data,
 430                                int num);
 431#define ipw_write_indirect(a, b, c, d) do { \
 432        IPW_DEBUG_IO("%s %d: write_indirect(0x%08X) %u bytes\n", __FILE__, \
 433                        __LINE__, (u32)(b), (u32)(d)); \
 434        _ipw_write_indirect(a, b, c, d); \
 435} while (0)
 436
 437/* 32-bit indirect write (above 4K) */
 438static void _ipw_write_reg32(struct ipw_priv *priv, u32 reg, u32 value)
 439{
 440        IPW_DEBUG_IO(" %p : reg = 0x%8X : value = 0x%8X\n", priv, reg, value);
 441        _ipw_write32(priv, IPW_INDIRECT_ADDR, reg);
 442        _ipw_write32(priv, IPW_INDIRECT_DATA, value);
 443}
 444
 445/* 8-bit indirect write (above 4K) */
 446static void _ipw_write_reg8(struct ipw_priv *priv, u32 reg, u8 value)
 447{
 448        u32 aligned_addr = reg & IPW_INDIRECT_ADDR_MASK;        /* dword align */
 449        u32 dif_len = reg - aligned_addr;
 450
 451        IPW_DEBUG_IO(" reg = 0x%8X : value = 0x%8X\n", reg, value);
 452        _ipw_write32(priv, IPW_INDIRECT_ADDR, aligned_addr);
 453        _ipw_write8(priv, IPW_INDIRECT_DATA + dif_len, value);
 454}
 455
 456/* 16-bit indirect write (above 4K) */
 457static void _ipw_write_reg16(struct ipw_priv *priv, u32 reg, u16 value)
 458{
 459        u32 aligned_addr = reg & IPW_INDIRECT_ADDR_MASK;        /* dword align */
 460        u32 dif_len = (reg - aligned_addr) & (~0x1ul);
 461
 462        IPW_DEBUG_IO(" reg = 0x%8X : value = 0x%8X\n", reg, value);
 463        _ipw_write32(priv, IPW_INDIRECT_ADDR, aligned_addr);
 464        _ipw_write16(priv, IPW_INDIRECT_DATA + dif_len, value);
 465}
 466
 467/* 8-bit indirect read (above 4K) */
 468static u8 _ipw_read_reg8(struct ipw_priv *priv, u32 reg)
 469{
 470        u32 word;
 471        _ipw_write32(priv, IPW_INDIRECT_ADDR, reg & IPW_INDIRECT_ADDR_MASK);
 472        IPW_DEBUG_IO(" reg = 0x%8X :\n", reg);
 473        word = _ipw_read32(priv, IPW_INDIRECT_DATA);
 474        return (word >> ((reg & 0x3) * 8)) & 0xff;
 475}
 476
 477/* 32-bit indirect read (above 4K) */
 478static u32 _ipw_read_reg32(struct ipw_priv *priv, u32 reg)
 479{
 480        u32 value;
 481
 482        IPW_DEBUG_IO("%p : reg = 0x%08x\n", priv, reg);
 483
 484        _ipw_write32(priv, IPW_INDIRECT_ADDR, reg);
 485        value = _ipw_read32(priv, IPW_INDIRECT_DATA);
 486        IPW_DEBUG_IO(" reg = 0x%4X : value = 0x%4x\n", reg, value);
 487        return value;
 488}
 489
 490/* General purpose, no alignment requirement, iterative (multi-byte) read, */
 491/*    for area above 1st 4K of SRAM/reg space */
 492static void _ipw_read_indirect(struct ipw_priv *priv, u32 addr, u8 * buf,
 493                               int num)
 494{
 495        u32 aligned_addr = addr & IPW_INDIRECT_ADDR_MASK;       /* dword align */
 496        u32 dif_len = addr - aligned_addr;
 497        u32 i;
 498
 499        IPW_DEBUG_IO("addr = %i, buf = %p, num = %i\n", addr, buf, num);
 500
 501        if (num <= 0) {
 502                return;
 503        }
 504
 505        /* Read the first dword (or portion) byte by byte */
 506        if (unlikely(dif_len)) {
 507                _ipw_write32(priv, IPW_INDIRECT_ADDR, aligned_addr);
 508                /* Start reading at aligned_addr + dif_len */
 509                for (i = dif_len; ((i < 4) && (num > 0)); i++, num--)
 510                        *buf++ = _ipw_read8(priv, IPW_INDIRECT_DATA + i);
 511                aligned_addr += 4;
 512        }
 513
 514        /* Read all of the middle dwords as dwords, with auto-increment */
 515        _ipw_write32(priv, IPW_AUTOINC_ADDR, aligned_addr);
 516        for (; num >= 4; buf += 4, aligned_addr += 4, num -= 4)
 517                *(u32 *) buf = _ipw_read32(priv, IPW_AUTOINC_DATA);
 518
 519        /* Read the last dword (or portion) byte by byte */
 520        if (unlikely(num)) {
 521                _ipw_write32(priv, IPW_INDIRECT_ADDR, aligned_addr);
 522                for (i = 0; num > 0; i++, num--)
 523                        *buf++ = ipw_read8(priv, IPW_INDIRECT_DATA + i);
 524        }
 525}
 526
 527/* General purpose, no alignment requirement, iterative (multi-byte) write, */
 528/*    for area above 1st 4K of SRAM/reg space */
 529static void _ipw_write_indirect(struct ipw_priv *priv, u32 addr, u8 * buf,
 530                                int num)
 531{
 532        u32 aligned_addr = addr & IPW_INDIRECT_ADDR_MASK;       /* dword align */
 533        u32 dif_len = addr - aligned_addr;
 534        u32 i;
 535
 536        IPW_DEBUG_IO("addr = %i, buf = %p, num = %i\n", addr, buf, num);
 537
 538        if (num <= 0) {
 539                return;
 540        }
 541
 542        /* Write the first dword (or portion) byte by byte */
 543        if (unlikely(dif_len)) {
 544                _ipw_write32(priv, IPW_INDIRECT_ADDR, aligned_addr);
 545                /* Start writing at aligned_addr + dif_len */
 546                for (i = dif_len; ((i < 4) && (num > 0)); i++, num--, buf++)
 547                        _ipw_write8(priv, IPW_INDIRECT_DATA + i, *buf);
 548                aligned_addr += 4;
 549        }
 550
 551        /* Write all of the middle dwords as dwords, with auto-increment */
 552        _ipw_write32(priv, IPW_AUTOINC_ADDR, aligned_addr);
 553        for (; num >= 4; buf += 4, aligned_addr += 4, num -= 4)
 554                _ipw_write32(priv, IPW_AUTOINC_DATA, *(u32 *) buf);
 555
 556        /* Write the last dword (or portion) byte by byte */
 557        if (unlikely(num)) {
 558                _ipw_write32(priv, IPW_INDIRECT_ADDR, aligned_addr);
 559                for (i = 0; num > 0; i++, num--, buf++)
 560                        _ipw_write8(priv, IPW_INDIRECT_DATA + i, *buf);
 561        }
 562}
 563
 564/* General purpose, no alignment requirement, iterative (multi-byte) write, */
 565/*    for 1st 4K of SRAM/regs space */
 566static void ipw_write_direct(struct ipw_priv *priv, u32 addr, void *buf,
 567                             int num)
 568{
 569        memcpy_toio((priv->hw_base + addr), buf, num);
 570}
 571
 572/* Set bit(s) in low 4K of SRAM/regs */
 573static inline void ipw_set_bit(struct ipw_priv *priv, u32 reg, u32 mask)
 574{
 575        ipw_write32(priv, reg, ipw_read32(priv, reg) | mask);
 576}
 577
 578/* Clear bit(s) in low 4K of SRAM/regs */
 579static inline void ipw_clear_bit(struct ipw_priv *priv, u32 reg, u32 mask)
 580{
 581        ipw_write32(priv, reg, ipw_read32(priv, reg) & ~mask);
 582}
 583
 584static inline void __ipw_enable_interrupts(struct ipw_priv *priv)
 585{
 586        if (priv->status & STATUS_INT_ENABLED)
 587                return;
 588        priv->status |= STATUS_INT_ENABLED;
 589        ipw_write32(priv, IPW_INTA_MASK_R, IPW_INTA_MASK_ALL);
 590}
 591
 592static inline void __ipw_disable_interrupts(struct ipw_priv *priv)
 593{
 594        if (!(priv->status & STATUS_INT_ENABLED))
 595                return;
 596        priv->status &= ~STATUS_INT_ENABLED;
 597        ipw_write32(priv, IPW_INTA_MASK_R, ~IPW_INTA_MASK_ALL);
 598}
 599
 600static inline void ipw_enable_interrupts(struct ipw_priv *priv)
 601{
 602        unsigned long flags;
 603
 604        spin_lock_irqsave(&priv->irq_lock, flags);
 605        __ipw_enable_interrupts(priv);
 606        spin_unlock_irqrestore(&priv->irq_lock, flags);
 607}
 608
 609static inline void ipw_disable_interrupts(struct ipw_priv *priv)
 610{
 611        unsigned long flags;
 612
 613        spin_lock_irqsave(&priv->irq_lock, flags);
 614        __ipw_disable_interrupts(priv);
 615        spin_unlock_irqrestore(&priv->irq_lock, flags);
 616}
 617
 618static char *ipw_error_desc(u32 val)
 619{
 620        switch (val) {
 621        case IPW_FW_ERROR_OK:
 622                return "ERROR_OK";
 623        case IPW_FW_ERROR_FAIL:
 624                return "ERROR_FAIL";
 625        case IPW_FW_ERROR_MEMORY_UNDERFLOW:
 626                return "MEMORY_UNDERFLOW";
 627        case IPW_FW_ERROR_MEMORY_OVERFLOW:
 628                return "MEMORY_OVERFLOW";
 629        case IPW_FW_ERROR_BAD_PARAM:
 630                return "BAD_PARAM";
 631        case IPW_FW_ERROR_BAD_CHECKSUM:
 632                return "BAD_CHECKSUM";
 633        case IPW_FW_ERROR_NMI_INTERRUPT:
 634                return "NMI_INTERRUPT";
 635        case IPW_FW_ERROR_BAD_DATABASE:
 636                return "BAD_DATABASE";
 637        case IPW_FW_ERROR_ALLOC_FAIL:
 638                return "ALLOC_FAIL";
 639        case IPW_FW_ERROR_DMA_UNDERRUN:
 640                return "DMA_UNDERRUN";
 641        case IPW_FW_ERROR_DMA_STATUS:
 642                return "DMA_STATUS";
 643        case IPW_FW_ERROR_DINO_ERROR:
 644                return "DINO_ERROR";
 645        case IPW_FW_ERROR_EEPROM_ERROR:
 646                return "EEPROM_ERROR";
 647        case IPW_FW_ERROR_SYSASSERT:
 648                return "SYSASSERT";
 649        case IPW_FW_ERROR_FATAL_ERROR:
 650                return "FATAL_ERROR";
 651        default:
 652                return "UNKNOWN_ERROR";
 653        }
 654}
 655
 656static void ipw_dump_error_log(struct ipw_priv *priv,
 657                               struct ipw_fw_error *error)
 658{
 659        u32 i;
 660
 661        if (!error) {
 662                IPW_ERROR("Error allocating and capturing error log.  "
 663                          "Nothing to dump.\n");
 664                return;
 665        }
 666
 667        IPW_ERROR("Start IPW Error Log Dump:\n");
 668        IPW_ERROR("Status: 0x%08X, Config: %08X\n",
 669                  error->status, error->config);
 670
 671        for (i = 0; i < error->elem_len; i++)
 672                IPW_ERROR("%s %i 0x%08x  0x%08x  0x%08x  0x%08x  0x%08x\n",
 673                          ipw_error_desc(error->elem[i].desc),
 674                          error->elem[i].time,
 675                          error->elem[i].blink1,
 676                          error->elem[i].blink2,
 677                          error->elem[i].link1,
 678                          error->elem[i].link2, error->elem[i].data);
 679        for (i = 0; i < error->log_len; i++)
 680                IPW_ERROR("%i\t0x%08x\t%i\n",
 681                          error->log[i].time,
 682                          error->log[i].data, error->log[i].event);
 683}
 684
 685static inline int ipw_is_init(struct ipw_priv *priv)
 686{
 687        return (priv->status & STATUS_INIT) ? 1 : 0;
 688}
 689
 690static int ipw_get_ordinal(struct ipw_priv *priv, u32 ord, void *val, u32 * len)
 691{
 692        u32 addr, field_info, field_len, field_count, total_len;
 693
 694        IPW_DEBUG_ORD("ordinal = %i\n", ord);
 695
 696        if (!priv || !val || !len) {
 697                IPW_DEBUG_ORD("Invalid argument\n");
 698                return -EINVAL;
 699        }
 700
 701        /* verify device ordinal tables have been initialized */
 702        if (!priv->table0_addr || !priv->table1_addr || !priv->table2_addr) {
 703                IPW_DEBUG_ORD("Access ordinals before initialization\n");
 704                return -EINVAL;
 705        }
 706
 707        switch (IPW_ORD_TABLE_ID_MASK & ord) {
 708        case IPW_ORD_TABLE_0_MASK:
 709                /*
 710                 * TABLE 0: Direct access to a table of 32 bit values
 711                 *
 712                 * This is a very simple table with the data directly
 713                 * read from the table
 714                 */
 715
 716                /* remove the table id from the ordinal */
 717                ord &= IPW_ORD_TABLE_VALUE_MASK;
 718
 719                /* boundary check */
 720                if (ord > priv->table0_len) {
 721                        IPW_DEBUG_ORD("ordinal value (%i) longer then "
 722                                      "max (%i)\n", ord, priv->table0_len);
 723                        return -EINVAL;
 724                }
 725
 726                /* verify we have enough room to store the value */
 727                if (*len < sizeof(u32)) {
 728                        IPW_DEBUG_ORD("ordinal buffer length too small, "
 729                                      "need %zd\n", sizeof(u32));
 730                        return -EINVAL;
 731                }
 732
 733                IPW_DEBUG_ORD("Reading TABLE0[%i] from offset 0x%08x\n",
 734                              ord, priv->table0_addr + (ord << 2));
 735
 736                *len = sizeof(u32);
 737                ord <<= 2;
 738                *((u32 *) val) = ipw_read32(priv, priv->table0_addr + ord);
 739                break;
 740
 741        case IPW_ORD_TABLE_1_MASK:
 742                /*
 743                 * TABLE 1: Indirect access to a table of 32 bit values
 744                 *
 745                 * This is a fairly large table of u32 values each
 746                 * representing starting addr for the data (which is
 747                 * also a u32)
 748                 */
 749
 750                /* remove the table id from the ordinal */
 751                ord &= IPW_ORD_TABLE_VALUE_MASK;
 752
 753                /* boundary check */
 754                if (ord > priv->table1_len) {
 755                        IPW_DEBUG_ORD("ordinal value too long\n");
 756                        return -EINVAL;
 757                }
 758
 759                /* verify we have enough room to store the value */
 760                if (*len < sizeof(u32)) {
 761                        IPW_DEBUG_ORD("ordinal buffer length too small, "
 762                                      "need %zd\n", sizeof(u32));
 763                        return -EINVAL;
 764                }
 765
 766                *((u32 *) val) =
 767                    ipw_read_reg32(priv, (priv->table1_addr + (ord << 2)));
 768                *len = sizeof(u32);
 769                break;
 770
 771        case IPW_ORD_TABLE_2_MASK:
 772                /*
 773                 * TABLE 2: Indirect access to a table of variable sized values
 774                 *
 775                 * This table consist of six values, each containing
 776                 *     - dword containing the starting offset of the data
 777                 *     - dword containing the lengh in the first 16bits
 778                 *       and the count in the second 16bits
 779                 */
 780
 781                /* remove the table id from the ordinal */
 782                ord &= IPW_ORD_TABLE_VALUE_MASK;
 783
 784                /* boundary check */
 785                if (ord > priv->table2_len) {
 786                        IPW_DEBUG_ORD("ordinal value too long\n");
 787                        return -EINVAL;
 788                }
 789
 790                /* get the address of statistic */
 791                addr = ipw_read_reg32(priv, priv->table2_addr + (ord << 3));
 792
 793                /* get the second DW of statistics ;
 794                 * two 16-bit words - first is length, second is count */
 795                field_info =
 796                    ipw_read_reg32(priv,
 797                                   priv->table2_addr + (ord << 3) +
 798                                   sizeof(u32));
 799
 800                /* get each entry length */
 801                field_len = *((u16 *) & field_info);
 802
 803                /* get number of entries */
 804                field_count = *(((u16 *) & field_info) + 1);
 805
 806                /* abort if not enough memory */
 807                total_len = field_len * field_count;
 808                if (total_len > *len) {
 809                        *len = total_len;
 810                        return -EINVAL;
 811                }
 812
 813                *len = total_len;
 814                if (!total_len)
 815                        return 0;
 816
 817                IPW_DEBUG_ORD("addr = 0x%08x, total_len = %i, "
 818                              "field_info = 0x%08x\n",
 819                              addr, total_len, field_info);
 820                ipw_read_indirect(priv, addr, val, total_len);
 821                break;
 822
 823        default:
 824                IPW_DEBUG_ORD("Invalid ordinal!\n");
 825                return -EINVAL;
 826
 827        }
 828
 829        return 0;
 830}
 831
 832static void ipw_init_ordinals(struct ipw_priv *priv)
 833{
 834        priv->table0_addr = IPW_ORDINALS_TABLE_LOWER;
 835        priv->table0_len = ipw_read32(priv, priv->table0_addr);
 836
 837        IPW_DEBUG_ORD("table 0 offset at 0x%08x, len = %i\n",
 838                      priv->table0_addr, priv->table0_len);
 839
 840        priv->table1_addr = ipw_read32(priv, IPW_ORDINALS_TABLE_1);
 841        priv->table1_len = ipw_read_reg32(priv, priv->table1_addr);
 842
 843        IPW_DEBUG_ORD("table 1 offset at 0x%08x, len = %i\n",
 844                      priv->table1_addr, priv->table1_len);
 845
 846        priv->table2_addr = ipw_read32(priv, IPW_ORDINALS_TABLE_2);
 847        priv->table2_len = ipw_read_reg32(priv, priv->table2_addr);
 848        priv->table2_len &= 0x0000ffff; /* use first two bytes */
 849
 850        IPW_DEBUG_ORD("table 2 offset at 0x%08x, len = %i\n",
 851                      priv->table2_addr, priv->table2_len);
 852
 853}
 854
 855static u32 ipw_register_toggle(u32 reg)
 856{
 857        reg &= ~IPW_START_STANDBY;
 858        if (reg & IPW_GATE_ODMA)
 859                reg &= ~IPW_GATE_ODMA;
 860        if (reg & IPW_GATE_IDMA)
 861                reg &= ~IPW_GATE_IDMA;
 862        if (reg & IPW_GATE_ADMA)
 863                reg &= ~IPW_GATE_ADMA;
 864        return reg;
 865}
 866
 867/*
 868 * LED behavior:
 869 * - On radio ON, turn on any LEDs that require to be on during start
 870 * - On initialization, start unassociated blink
 871 * - On association, disable unassociated blink
 872 * - On disassociation, start unassociated blink
 873 * - On radio OFF, turn off any LEDs started during radio on
 874 *
 875 */
 876#define LD_TIME_LINK_ON msecs_to_jiffies(300)
 877#define LD_TIME_LINK_OFF msecs_to_jiffies(2700)
 878#define LD_TIME_ACT_ON msecs_to_jiffies(250)
 879
 880static void ipw_led_link_on(struct ipw_priv *priv)
 881{
 882        unsigned long flags;
 883        u32 led;
 884
 885        /* If configured to not use LEDs, or nic_type is 1,
 886         * then we don't toggle a LINK led */
 887        if (priv->config & CFG_NO_LED || priv->nic_type == EEPROM_NIC_TYPE_1)
 888                return;
 889
 890        spin_lock_irqsave(&priv->lock, flags);
 891
 892        if (!(priv->status & STATUS_RF_KILL_MASK) &&
 893            !(priv->status & STATUS_LED_LINK_ON)) {
 894                IPW_DEBUG_LED("Link LED On\n");
 895                led = ipw_read_reg32(priv, IPW_EVENT_REG);
 896                led |= priv->led_association_on;
 897
 898                led = ipw_register_toggle(led);
 899
 900                IPW_DEBUG_LED("Reg: 0x%08X\n", led);
 901                ipw_write_reg32(priv, IPW_EVENT_REG, led);
 902
 903                priv->status |= STATUS_LED_LINK_ON;
 904
 905                /* If we aren't associated, schedule turning the LED off */
 906                if (!(priv->status & STATUS_ASSOCIATED))
 907                        schedule_delayed_work(&priv->led_link_off,
 908                                              LD_TIME_LINK_ON);
 909        }
 910
 911        spin_unlock_irqrestore(&priv->lock, flags);
 912}
 913
 914static void ipw_bg_led_link_on(struct work_struct *work)
 915{
 916        struct ipw_priv *priv =
 917                container_of(work, struct ipw_priv, led_link_on.work);
 918        mutex_lock(&priv->mutex);
 919        ipw_led_link_on(priv);
 920        mutex_unlock(&priv->mutex);
 921}
 922
 923static void ipw_led_link_off(struct ipw_priv *priv)
 924{
 925        unsigned long flags;
 926        u32 led;
 927
 928        /* If configured not to use LEDs, or nic type is 1,
 929         * then we don't goggle the LINK led. */
 930        if (priv->config & CFG_NO_LED || priv->nic_type == EEPROM_NIC_TYPE_1)
 931                return;
 932
 933        spin_lock_irqsave(&priv->lock, flags);
 934
 935        if (priv->status & STATUS_LED_LINK_ON) {
 936                led = ipw_read_reg32(priv, IPW_EVENT_REG);
 937                led &= priv->led_association_off;
 938                led = ipw_register_toggle(led);
 939
 940                IPW_DEBUG_LED("Reg: 0x%08X\n", led);
 941                ipw_write_reg32(priv, IPW_EVENT_REG, led);
 942
 943                IPW_DEBUG_LED("Link LED Off\n");
 944
 945                priv->status &= ~STATUS_LED_LINK_ON;
 946
 947                /* If we aren't associated and the radio is on, schedule
 948                 * turning the LED on (blink while unassociated) */
 949                if (!(priv->status & STATUS_RF_KILL_MASK) &&
 950                    !(priv->status & STATUS_ASSOCIATED))
 951                        schedule_delayed_work(&priv->led_link_on,
 952                                              LD_TIME_LINK_OFF);
 953
 954        }
 955
 956        spin_unlock_irqrestore(&priv->lock, flags);
 957}
 958
 959static void ipw_bg_led_link_off(struct work_struct *work)
 960{
 961        struct ipw_priv *priv =
 962                container_of(work, struct ipw_priv, led_link_off.work);
 963        mutex_lock(&priv->mutex);
 964        ipw_led_link_off(priv);
 965        mutex_unlock(&priv->mutex);
 966}
 967
 968static void __ipw_led_activity_on(struct ipw_priv *priv)
 969{
 970        u32 led;
 971
 972        if (priv->config & CFG_NO_LED)
 973                return;
 974
 975        if (priv->status & STATUS_RF_KILL_MASK)
 976                return;
 977
 978        if (!(priv->status & STATUS_LED_ACT_ON)) {
 979                led = ipw_read_reg32(priv, IPW_EVENT_REG);
 980                led |= priv->led_activity_on;
 981
 982                led = ipw_register_toggle(led);
 983
 984                IPW_DEBUG_LED("Reg: 0x%08X\n", led);
 985                ipw_write_reg32(priv, IPW_EVENT_REG, led);
 986
 987                IPW_DEBUG_LED("Activity LED On\n");
 988
 989                priv->status |= STATUS_LED_ACT_ON;
 990
 991                cancel_delayed_work(&priv->led_act_off);
 992                schedule_delayed_work(&priv->led_act_off, LD_TIME_ACT_ON);
 993        } else {
 994                /* Reschedule LED off for full time period */
 995                cancel_delayed_work(&priv->led_act_off);
 996                schedule_delayed_work(&priv->led_act_off, LD_TIME_ACT_ON);
 997        }
 998}
 999
1000#if 0
1001void ipw_led_activity_on(struct ipw_priv *priv)
1002{
1003        unsigned long flags;
1004        spin_lock_irqsave(&priv->lock, flags);
1005        __ipw_led_activity_on(priv);
1006        spin_unlock_irqrestore(&priv->lock, flags);
1007}
1008#endif  /*  0  */
1009
1010static void ipw_led_activity_off(struct ipw_priv *priv)
1011{
1012        unsigned long flags;
1013        u32 led;
1014
1015        if (priv->config & CFG_NO_LED)
1016                return;
1017
1018        spin_lock_irqsave(&priv->lock, flags);
1019
1020        if (priv->status & STATUS_LED_ACT_ON) {
1021                led = ipw_read_reg32(priv, IPW_EVENT_REG);
1022                led &= priv->led_activity_off;
1023
1024                led = ipw_register_toggle(led);
1025
1026                IPW_DEBUG_LED("Reg: 0x%08X\n", led);
1027                ipw_write_reg32(priv, IPW_EVENT_REG, led);
1028
1029                IPW_DEBUG_LED("Activity LED Off\n");
1030
1031                priv->status &= ~STATUS_LED_ACT_ON;
1032        }
1033
1034        spin_unlock_irqrestore(&priv->lock, flags);
1035}
1036
1037static void ipw_bg_led_activity_off(struct work_struct *work)
1038{
1039        struct ipw_priv *priv =
1040                container_of(work, struct ipw_priv, led_act_off.work);
1041        mutex_lock(&priv->mutex);
1042        ipw_led_activity_off(priv);
1043        mutex_unlock(&priv->mutex);
1044}
1045
1046static void ipw_led_band_on(struct ipw_priv *priv)
1047{
1048        unsigned long flags;
1049        u32 led;
1050
1051        /* Only nic type 1 supports mode LEDs */
1052        if (priv->config & CFG_NO_LED ||
1053            priv->nic_type != EEPROM_NIC_TYPE_1 || !priv->assoc_network)
1054                return;
1055
1056        spin_lock_irqsave(&priv->lock, flags);
1057
1058        led = ipw_read_reg32(priv, IPW_EVENT_REG);
1059        if (priv->assoc_network->mode == IEEE_A) {
1060                led |= priv->led_ofdm_on;
1061                led &= priv->led_association_off;
1062                IPW_DEBUG_LED("Mode LED On: 802.11a\n");
1063        } else if (priv->assoc_network->mode == IEEE_G) {
1064                led |= priv->led_ofdm_on;
1065                led |= priv->led_association_on;
1066                IPW_DEBUG_LED("Mode LED On: 802.11g\n");
1067        } else {
1068                led &= priv->led_ofdm_off;
1069                led |= priv->led_association_on;
1070                IPW_DEBUG_LED("Mode LED On: 802.11b\n");
1071        }
1072
1073        led = ipw_register_toggle(led);
1074
1075        IPW_DEBUG_LED("Reg: 0x%08X\n", led);
1076        ipw_write_reg32(priv, IPW_EVENT_REG, led);
1077
1078        spin_unlock_irqrestore(&priv->lock, flags);
1079}
1080
1081static void ipw_led_band_off(struct ipw_priv *priv)
1082{
1083        unsigned long flags;
1084        u32 led;
1085
1086        /* Only nic type 1 supports mode LEDs */
1087        if (priv->config & CFG_NO_LED || priv->nic_type != EEPROM_NIC_TYPE_1)
1088                return;
1089
1090        spin_lock_irqsave(&priv->lock, flags);
1091
1092        led = ipw_read_reg32(priv, IPW_EVENT_REG);
1093        led &= priv->led_ofdm_off;
1094        led &= priv->led_association_off;
1095
1096        led = ipw_register_toggle(led);
1097
1098        IPW_DEBUG_LED("Reg: 0x%08X\n", led);
1099        ipw_write_reg32(priv, IPW_EVENT_REG, led);
1100
1101        spin_unlock_irqrestore(&priv->lock, flags);
1102}
1103
1104static void ipw_led_radio_on(struct ipw_priv *priv)
1105{
1106        ipw_led_link_on(priv);
1107}
1108
1109static void ipw_led_radio_off(struct ipw_priv *priv)
1110{
1111        ipw_led_activity_off(priv);
1112        ipw_led_link_off(priv);
1113}
1114
1115static void ipw_led_link_up(struct ipw_priv *priv)
1116{
1117        /* Set the Link Led on for all nic types */
1118        ipw_led_link_on(priv);
1119}
1120
1121static void ipw_led_link_down(struct ipw_priv *priv)
1122{
1123        ipw_led_activity_off(priv);
1124        ipw_led_link_off(priv);
1125
1126        if (priv->status & STATUS_RF_KILL_MASK)
1127                ipw_led_radio_off(priv);
1128}
1129
1130static void ipw_led_init(struct ipw_priv *priv)
1131{
1132        priv->nic_type = priv->eeprom[EEPROM_NIC_TYPE];
1133
1134        /* Set the default PINs for the link and activity leds */
1135        priv->led_activity_on = IPW_ACTIVITY_LED;
1136        priv->led_activity_off = ~(IPW_ACTIVITY_LED);
1137
1138        priv->led_association_on = IPW_ASSOCIATED_LED;
1139        priv->led_association_off = ~(IPW_ASSOCIATED_LED);
1140
1141        /* Set the default PINs for the OFDM leds */
1142        priv->led_ofdm_on = IPW_OFDM_LED;
1143        priv->led_ofdm_off = ~(IPW_OFDM_LED);
1144
1145        switch (priv->nic_type) {
1146        case EEPROM_NIC_TYPE_1:
1147                /* In this NIC type, the LEDs are reversed.... */
1148                priv->led_activity_on = IPW_ASSOCIATED_LED;
1149                priv->led_activity_off = ~(IPW_ASSOCIATED_LED);
1150                priv->led_association_on = IPW_ACTIVITY_LED;
1151                priv->led_association_off = ~(IPW_ACTIVITY_LED);
1152
1153                if (!(priv->config & CFG_NO_LED))
1154                        ipw_led_band_on(priv);
1155
1156                /* And we don't blink link LEDs for this nic, so
1157                 * just return here */
1158                return;
1159
1160        case EEPROM_NIC_TYPE_3:
1161        case EEPROM_NIC_TYPE_2:
1162        case EEPROM_NIC_TYPE_4:
1163        case EEPROM_NIC_TYPE_0:
1164                break;
1165
1166        default:
1167                IPW_DEBUG_INFO("Unknown NIC type from EEPROM: %d\n",
1168                               priv->nic_type);
1169                priv->nic_type = EEPROM_NIC_TYPE_0;
1170                break;
1171        }
1172
1173        if (!(priv->config & CFG_NO_LED)) {
1174                if (priv->status & STATUS_ASSOCIATED)
1175                        ipw_led_link_on(priv);
1176                else
1177                        ipw_led_link_off(priv);
1178        }
1179}
1180
1181static void ipw_led_shutdown(struct ipw_priv *priv)
1182{
1183        ipw_led_activity_off(priv);
1184        ipw_led_link_off(priv);
1185        ipw_led_band_off(priv);
1186        cancel_delayed_work(&priv->led_link_on);
1187        cancel_delayed_work(&priv->led_link_off);
1188        cancel_delayed_work(&priv->led_act_off);
1189}
1190
1191/*
1192 * The following adds a new attribute to the sysfs representation
1193 * of this device driver (i.e. a new file in /sys/bus/pci/drivers/ipw/)
1194 * used for controlling the debug level.
1195 *
1196 * See the level definitions in ipw for details.
1197 */
1198static ssize_t show_debug_level(struct device_driver *d, char *buf)
1199{
1200        return sprintf(buf, "0x%08X\n", ipw_debug_level);
1201}
1202
1203static ssize_t store_debug_level(struct device_driver *d, const char *buf,
1204                                 size_t count)
1205{
1206        char *p = (char *)buf;
1207        u32 val;
1208
1209        if (p[1] == 'x' || p[1] == 'X' || p[0] == 'x' || p[0] == 'X') {
1210                p++;
1211                if (p[0] == 'x' || p[0] == 'X')
1212                        p++;
1213                val = simple_strtoul(p, &p, 16);
1214        } else
1215                val = simple_strtoul(p, &p, 10);
1216        if (p == buf)
1217                printk(KERN_INFO DRV_NAME
1218                       ": %s is not in hex or decimal form.\n", buf);
1219        else
1220                ipw_debug_level = val;
1221
1222        return strnlen(buf, count);
1223}
1224
1225static DRIVER_ATTR(debug_level, S_IWUSR | S_IRUGO,
1226                   show_debug_level, store_debug_level);
1227
1228static inline u32 ipw_get_event_log_len(struct ipw_priv *priv)
1229{
1230        /* length = 1st dword in log */
1231        return ipw_read_reg32(priv, ipw_read32(priv, IPW_EVENT_LOG));
1232}
1233
1234static void ipw_capture_event_log(struct ipw_priv *priv,
1235                                  u32 log_len, struct ipw_event *log)
1236{
1237        u32 base;
1238
1239        if (log_len) {
1240                base = ipw_read32(priv, IPW_EVENT_LOG);
1241                ipw_read_indirect(priv, base + sizeof(base) + sizeof(u32),
1242                                  (u8 *) log, sizeof(*log) * log_len);
1243        }
1244}
1245
1246static struct ipw_fw_error *ipw_alloc_error_log(struct ipw_priv *priv)
1247{
1248        struct ipw_fw_error *error;
1249        u32 log_len = ipw_get_event_log_len(priv);
1250        u32 base = ipw_read32(priv, IPW_ERROR_LOG);
1251        u32 elem_len = ipw_read_reg32(priv, base);
1252
1253        error = kmalloc(sizeof(*error) +
1254                        sizeof(*error->elem) * elem_len +
1255                        sizeof(*error->log) * log_len, GFP_ATOMIC);
1256        if (!error) {
1257                IPW_ERROR("Memory allocation for firmware error log "
1258                          "failed.\n");
1259                return NULL;
1260        }
1261        error->jiffies = jiffies;
1262        error->status = priv->status;
1263        error->config = priv->config;
1264        error->elem_len = elem_len;
1265        error->log_len = log_len;
1266        error->elem = (struct ipw_error_elem *)error->payload;
1267        error->log = (struct ipw_event *)(error->elem + elem_len);
1268
1269        ipw_capture_event_log(priv, log_len, error->log);
1270
1271        if (elem_len)
1272                ipw_read_indirect(priv, base + sizeof(base), (u8 *) error->elem,
1273                                  sizeof(*error->elem) * elem_len);
1274
1275        return error;
1276}
1277
1278static ssize_t show_event_log(struct device *d,
1279                              struct device_attribute *attr, char *buf)
1280{
1281        struct ipw_priv *priv = dev_get_drvdata(d);
1282        u32 log_len = ipw_get_event_log_len(priv);
1283        u32 log_size;
1284        struct ipw_event *log;
1285        u32 len = 0, i;
1286
1287        /* not using min() because of its strict type checking */
1288        log_size = PAGE_SIZE / sizeof(*log) > log_len ?
1289                        sizeof(*log) * log_len : PAGE_SIZE;
1290        log = kzalloc(log_size, GFP_KERNEL);
1291        if (!log) {
1292                IPW_ERROR("Unable to allocate memory for log\n");
1293                return 0;
1294        }
1295        log_len = log_size / sizeof(*log);
1296        ipw_capture_event_log(priv, log_len, log);
1297
1298        len += snprintf(buf + len, PAGE_SIZE - len, "%08X", log_len);
1299        for (i = 0; i < log_len; i++)
1300                len += snprintf(buf + len, PAGE_SIZE - len,
1301                                "\n%08X%08X%08X",
1302                                log[i].time, log[i].event, log[i].data);
1303        len += snprintf(buf + len, PAGE_SIZE - len, "\n");
1304        kfree(log);
1305        return len;
1306}
1307
1308static DEVICE_ATTR(event_log, S_IRUGO, show_event_log, NULL);
1309
1310static ssize_t show_error(struct device *d,
1311                          struct device_attribute *attr, char *buf)
1312{
1313        struct ipw_priv *priv = dev_get_drvdata(d);
1314        u32 len = 0, i;
1315        if (!priv->error)
1316                return 0;
1317        len += snprintf(buf + len, PAGE_SIZE - len,
1318                        "%08lX%08X%08X%08X",
1319                        priv->error->jiffies,
1320                        priv->error->status,
1321                        priv->error->config, priv->error->elem_len);
1322        for (i = 0; i < priv->error->elem_len; i++)
1323                len += snprintf(buf + len, PAGE_SIZE - len,
1324                                "\n%08X%08X%08X%08X%08X%08X%08X",
1325                                priv->error->elem[i].time,
1326                                priv->error->elem[i].desc,
1327                                priv->error->elem[i].blink1,
1328                                priv->error->elem[i].blink2,
1329                                priv->error->elem[i].link1,
1330                                priv->error->elem[i].link2,
1331                                priv->error->elem[i].data);
1332
1333        len += snprintf(buf + len, PAGE_SIZE - len,
1334                        "\n%08X", priv->error->log_len);
1335        for (i = 0; i < priv->error->log_len; i++)
1336                len += snprintf(buf + len, PAGE_SIZE - len,
1337                                "\n%08X%08X%08X",
1338                                priv->error->log[i].time,
1339                                priv->error->log[i].event,
1340                                priv->error->log[i].data);
1341        len += snprintf(buf + len, PAGE_SIZE - len, "\n");
1342        return len;
1343}
1344
1345static ssize_t clear_error(struct device *d,
1346                           struct device_attribute *attr,
1347                           const char *buf, size_t count)
1348{
1349        struct ipw_priv *priv = dev_get_drvdata(d);
1350
1351        kfree(priv->error);
1352        priv->error = NULL;
1353        return count;
1354}
1355
1356static DEVICE_ATTR(error, S_IRUGO | S_IWUSR, show_error, clear_error);
1357
1358static ssize_t show_cmd_log(struct device *d,
1359                            struct device_attribute *attr, char *buf)
1360{
1361        struct ipw_priv *priv = dev_get_drvdata(d);
1362        u32 len = 0, i;
1363        if (!priv->cmdlog)
1364                return 0;
1365        for (i = (priv->cmdlog_pos + 1) % priv->cmdlog_len;
1366             (i != priv->cmdlog_pos) && (PAGE_SIZE - len);
1367             i = (i + 1) % priv->cmdlog_len) {
1368                len +=
1369                    snprintf(buf + len, PAGE_SIZE - len,
1370                             "\n%08lX%08X%08X%08X\n", priv->cmdlog[i].jiffies,
1371                             priv->cmdlog[i].retcode, priv->cmdlog[i].cmd.cmd,
1372                             priv->cmdlog[i].cmd.len);
1373                len +=
1374                    snprintk_buf(buf + len, PAGE_SIZE - len,
1375                                 (u8 *) priv->cmdlog[i].cmd.param,
1376                                 priv->cmdlog[i].cmd.len);
1377                len += snprintf(buf + len, PAGE_SIZE - len, "\n");
1378        }
1379        len += snprintf(buf + len, PAGE_SIZE - len, "\n");
1380        return len;
1381}
1382
1383static DEVICE_ATTR(cmd_log, S_IRUGO, show_cmd_log, NULL);
1384
1385#ifdef CONFIG_IPW2200_PROMISCUOUS
1386static void ipw_prom_free(struct ipw_priv *priv);
1387static int ipw_prom_alloc(struct ipw_priv *priv);
1388static ssize_t store_rtap_iface(struct device *d,
1389                         struct device_attribute *attr,
1390                         const char *buf, size_t count)
1391{
1392        struct ipw_priv *priv = dev_get_drvdata(d);
1393        int rc = 0;
1394
1395        if (count < 1)
1396                return -EINVAL;
1397
1398        switch (buf[0]) {
1399        case '0':
1400                if (!rtap_iface)
1401                        return count;
1402
1403                if (netif_running(priv->prom_net_dev)) {
1404                        IPW_WARNING("Interface is up.  Cannot unregister.\n");
1405                        return count;
1406                }
1407
1408                ipw_prom_free(priv);
1409                rtap_iface = 0;
1410                break;
1411
1412        case '1':
1413                if (rtap_iface)
1414                        return count;
1415
1416                rc = ipw_prom_alloc(priv);
1417                if (!rc)
1418                        rtap_iface = 1;
1419                break;
1420
1421        default:
1422                return -EINVAL;
1423        }
1424
1425        if (rc) {
1426                IPW_ERROR("Failed to register promiscuous network "
1427                          "device (error %d).\n", rc);
1428        }
1429
1430        return count;
1431}
1432
1433static ssize_t show_rtap_iface(struct device *d,
1434                        struct device_attribute *attr,
1435                        char *buf)
1436{
1437        struct ipw_priv *priv = dev_get_drvdata(d);
1438        if (rtap_iface)
1439                return sprintf(buf, "%s", priv->prom_net_dev->name);
1440        else {
1441                buf[0] = '-';
1442                buf[1] = '1';
1443                buf[2] = '\0';
1444                return 3;
1445        }
1446}
1447
1448static DEVICE_ATTR(rtap_iface, S_IWUSR | S_IRUSR, show_rtap_iface,
1449                   store_rtap_iface);
1450
1451static ssize_t store_rtap_filter(struct device *d,
1452                         struct device_attribute *attr,
1453                         const char *buf, size_t count)
1454{
1455        struct ipw_priv *priv = dev_get_drvdata(d);
1456
1457        if (!priv->prom_priv) {
1458                IPW_ERROR("Attempting to set filter without "
1459                          "rtap_iface enabled.\n");
1460                return -EPERM;
1461        }
1462
1463        priv->prom_priv->filter = simple_strtol(buf, NULL, 0);
1464
1465        IPW_DEBUG_INFO("Setting rtap filter to " BIT_FMT16 "\n",
1466                       BIT_ARG16(priv->prom_priv->filter));
1467
1468        return count;
1469}
1470
1471static ssize_t show_rtap_filter(struct device *d,
1472                        struct device_attribute *attr,
1473                        char *buf)
1474{
1475        struct ipw_priv *priv = dev_get_drvdata(d);
1476        return sprintf(buf, "0x%04X",
1477                       priv->prom_priv ? priv->prom_priv->filter : 0);
1478}
1479
1480static DEVICE_ATTR(rtap_filter, S_IWUSR | S_IRUSR, show_rtap_filter,
1481                   store_rtap_filter);
1482#endif
1483
1484static ssize_t show_scan_age(struct device *d, struct device_attribute *attr,
1485                             char *buf)
1486{
1487        struct ipw_priv *priv = dev_get_drvdata(d);
1488        return sprintf(buf, "%d\n", priv->ieee->scan_age);
1489}
1490
1491static ssize_t store_scan_age(struct device *d, struct device_attribute *attr,
1492                              const char *buf, size_t count)
1493{
1494        struct ipw_priv *priv = dev_get_drvdata(d);
1495        struct net_device *dev = priv->net_dev;
1496        char buffer[] = "00000000";
1497        unsigned long len =
1498            (sizeof(buffer) - 1) > count ? count : sizeof(buffer) - 1;
1499        unsigned long val;
1500        char *p = buffer;
1501
1502        IPW_DEBUG_INFO("enter\n");
1503
1504        strncpy(buffer, buf, len);
1505        buffer[len] = 0;
1506
1507        if (p[1] == 'x' || p[1] == 'X' || p[0] == 'x' || p[0] == 'X') {
1508                p++;
1509                if (p[0] == 'x' || p[0] == 'X')
1510                        p++;
1511                val = simple_strtoul(p, &p, 16);
1512        } else
1513                val = simple_strtoul(p, &p, 10);
1514        if (p == buffer) {
1515                IPW_DEBUG_INFO("%s: user supplied invalid value.\n", dev->name);
1516        } else {
1517                priv->ieee->scan_age = val;
1518                IPW_DEBUG_INFO("set scan_age = %u\n", priv->ieee->scan_age);
1519        }
1520
1521        IPW_DEBUG_INFO("exit\n");
1522        return len;
1523}
1524
1525static DEVICE_ATTR(scan_age, S_IWUSR | S_IRUGO, show_scan_age, store_scan_age);
1526
1527static ssize_t show_led(struct device *d, struct device_attribute *attr,
1528                        char *buf)
1529{
1530        struct ipw_priv *priv = dev_get_drvdata(d);
1531        return sprintf(buf, "%d\n", (priv->config & CFG_NO_LED) ? 0 : 1);
1532}
1533
1534static ssize_t store_led(struct device *d, struct device_attribute *attr,
1535                         const char *buf, size_t count)
1536{
1537        struct ipw_priv *priv = dev_get_drvdata(d);
1538
1539        IPW_DEBUG_INFO("enter\n");
1540
1541        if (count == 0)
1542                return 0;
1543
1544        if (*buf == 0) {
1545                IPW_DEBUG_LED("Disabling LED control.\n");
1546                priv->config |= CFG_NO_LED;
1547                ipw_led_shutdown(priv);
1548        } else {
1549                IPW_DEBUG_LED("Enabling LED control.\n");
1550                priv->config &= ~CFG_NO_LED;
1551                ipw_led_init(priv);
1552        }
1553
1554        IPW_DEBUG_INFO("exit\n");
1555        return count;
1556}
1557
1558static DEVICE_ATTR(led, S_IWUSR | S_IRUGO, show_led, store_led);
1559
1560static ssize_t show_status(struct device *d,
1561                           struct device_attribute *attr, char *buf)
1562{
1563        struct ipw_priv *p = dev_get_drvdata(d);
1564        return sprintf(buf, "0x%08x\n", (int)p->status);
1565}
1566
1567static DEVICE_ATTR(status, S_IRUGO, show_status, NULL);
1568
1569static ssize_t show_cfg(struct device *d, struct device_attribute *attr,
1570                        char *buf)
1571{
1572        struct ipw_priv *p = dev_get_drvdata(d);
1573        return sprintf(buf, "0x%08x\n", (int)p->config);
1574}
1575
1576static DEVICE_ATTR(cfg, S_IRUGO, show_cfg, NULL);
1577
1578static ssize_t show_nic_type(struct device *d,
1579                             struct device_attribute *attr, char *buf)
1580{
1581        struct ipw_priv *priv = dev_get_drvdata(d);
1582        return sprintf(buf, "TYPE: %d\n", priv->nic_type);
1583}
1584
1585static DEVICE_ATTR(nic_type, S_IRUGO, show_nic_type, NULL);
1586
1587static ssize_t show_ucode_version(struct device *d,
1588                                  struct device_attribute *attr, char *buf)
1589{
1590        u32 len = sizeof(u32), tmp = 0;
1591        struct ipw_priv *p = dev_get_drvdata(d);
1592
1593        if (ipw_get_ordinal(p, IPW_ORD_STAT_UCODE_VERSION, &tmp, &len))
1594                return 0;
1595
1596        return sprintf(buf, "0x%08x\n", tmp);
1597}
1598
1599static DEVICE_ATTR(ucode_version, S_IWUSR | S_IRUGO, show_ucode_version, NULL);
1600
1601static ssize_t show_rtc(struct device *d, struct device_attribute *attr,
1602                        char *buf)
1603{
1604        u32 len = sizeof(u32), tmp = 0;
1605        struct ipw_priv *p = dev_get_drvdata(d);
1606
1607        if (ipw_get_ordinal(p, IPW_ORD_STAT_RTC, &tmp, &len))
1608                return 0;
1609
1610        return sprintf(buf, "0x%08x\n", tmp);
1611}
1612
1613static DEVICE_ATTR(rtc, S_IWUSR | S_IRUGO, show_rtc, NULL);
1614
1615/*
1616 * Add a device attribute to view/control the delay between eeprom
1617 * operations.
1618 */
1619static ssize_t show_eeprom_delay(struct device *d,
1620                                 struct device_attribute *attr, char *buf)
1621{
1622        struct ipw_priv *p = dev_get_drvdata(d);
1623        int n = p->eeprom_delay;
1624        return sprintf(buf, "%i\n", n);
1625}
1626static ssize_t store_eeprom_delay(struct device *d,
1627                                  struct device_attribute *attr,
1628                                  const char *buf, size_t count)
1629{
1630        struct ipw_priv *p = dev_get_drvdata(d);
1631        sscanf(buf, "%i", &p->eeprom_delay);
1632        return strnlen(buf, count);
1633}
1634
1635static DEVICE_ATTR(eeprom_delay, S_IWUSR | S_IRUGO,
1636                   show_eeprom_delay, store_eeprom_delay);
1637
1638static ssize_t show_command_event_reg(struct device *d,
1639                                      struct device_attribute *attr, char *buf)
1640{
1641        u32 reg = 0;
1642        struct ipw_priv *p = dev_get_drvdata(d);
1643
1644        reg = ipw_read_reg32(p, IPW_INTERNAL_CMD_EVENT);
1645        return sprintf(buf, "0x%08x\n", reg);
1646}
1647static ssize_t store_command_event_reg(struct device *d,
1648                                       struct device_attribute *attr,
1649                                       const char *buf, size_t count)
1650{
1651        u32 reg;
1652        struct ipw_priv *p = dev_get_drvdata(d);
1653
1654        sscanf(buf, "%x", &reg);
1655        ipw_write_reg32(p, IPW_INTERNAL_CMD_EVENT, reg);
1656        return strnlen(buf, count);
1657}
1658
1659static DEVICE_ATTR(command_event_reg, S_IWUSR | S_IRUGO,
1660                   show_command_event_reg, store_command_event_reg);
1661
1662static ssize_t show_mem_gpio_reg(struct device *d,
1663                                 struct device_attribute *attr, char *buf)
1664{
1665        u32 reg = 0;
1666        struct ipw_priv *p = dev_get_drvdata(d);
1667
1668        reg = ipw_read_reg32(p, 0x301100);
1669        return sprintf(buf, "0x%08x\n", reg);
1670}
1671static ssize_t store_mem_gpio_reg(struct device *d,
1672                                  struct device_attribute *attr,
1673                                  const char *buf, size_t count)
1674{
1675        u32 reg;
1676        struct ipw_priv *p = dev_get_drvdata(d);
1677
1678        sscanf(buf, "%x", &reg);
1679        ipw_write_reg32(p, 0x301100, reg);
1680        return strnlen(buf, count);
1681}
1682
1683static DEVICE_ATTR(mem_gpio_reg, S_IWUSR | S_IRUGO,
1684                   show_mem_gpio_reg, store_mem_gpio_reg);
1685
1686static ssize_t show_indirect_dword(struct device *d,
1687                                   struct device_attribute *attr, char *buf)
1688{
1689        u32 reg = 0;
1690        struct ipw_priv *priv = dev_get_drvdata(d);
1691
1692        if (priv->status & STATUS_INDIRECT_DWORD)
1693                reg = ipw_read_reg32(priv, priv->indirect_dword);
1694        else
1695                reg = 0;
1696
1697        return sprintf(buf, "0x%08x\n", reg);
1698}
1699static ssize_t store_indirect_dword(struct device *d,
1700                                    struct device_attribute *attr,
1701                                    const char *buf, size_t count)
1702{
1703        struct ipw_priv *priv = dev_get_drvdata(d);
1704
1705        sscanf(buf, "%x", &priv->indirect_dword);
1706        priv->status |= STATUS_INDIRECT_DWORD;
1707        return strnlen(buf, count);
1708}
1709
1710static DEVICE_ATTR(indirect_dword, S_IWUSR | S_IRUGO,
1711                   show_indirect_dword, store_indirect_dword);
1712
1713static ssize_t show_indirect_byte(struct device *d,
1714                                  struct device_attribute *attr, char *buf)
1715{
1716        u8 reg = 0;
1717        struct ipw_priv *priv = dev_get_drvdata(d);
1718
1719        if (priv->status & STATUS_INDIRECT_BYTE)
1720                reg = ipw_read_reg8(priv, priv->indirect_byte);
1721        else
1722                reg = 0;
1723
1724        return sprintf(buf, "0x%02x\n", reg);
1725}
1726static ssize_t store_indirect_byte(struct device *d,
1727                                   struct device_attribute *attr,
1728                                   const char *buf, size_t count)
1729{
1730        struct ipw_priv *priv = dev_get_drvdata(d);
1731
1732        sscanf(buf, "%x", &priv->indirect_byte);
1733        priv->status |= STATUS_INDIRECT_BYTE;
1734        return strnlen(buf, count);
1735}
1736
1737static DEVICE_ATTR(indirect_byte, S_IWUSR | S_IRUGO,
1738                   show_indirect_byte, store_indirect_byte);
1739
1740static ssize_t show_direct_dword(struct device *d,
1741                                 struct device_attribute *attr, char *buf)
1742{
1743        u32 reg = 0;
1744        struct ipw_priv *priv = dev_get_drvdata(d);
1745
1746        if (priv->status & STATUS_DIRECT_DWORD)
1747                reg = ipw_read32(priv, priv->direct_dword);
1748        else
1749                reg = 0;
1750
1751        return sprintf(buf, "0x%08x\n", reg);
1752}
1753static ssize_t store_direct_dword(struct device *d,
1754                                  struct device_attribute *attr,
1755                                  const char *buf, size_t count)
1756{
1757        struct ipw_priv *priv = dev_get_drvdata(d);
1758
1759        sscanf(buf, "%x", &priv->direct_dword);
1760        priv->status |= STATUS_DIRECT_DWORD;
1761        return strnlen(buf, count);
1762}
1763
1764static DEVICE_ATTR(direct_dword, S_IWUSR | S_IRUGO,
1765                   show_direct_dword, store_direct_dword);
1766
1767static int rf_kill_active(struct ipw_priv *priv)
1768{
1769        if (0 == (ipw_read32(priv, 0x30) & 0x10000)) {
1770                priv->status |= STATUS_RF_KILL_HW;
1771                wiphy_rfkill_set_hw_state(priv->ieee->wdev.wiphy, true);
1772        } else {
1773                priv->status &= ~STATUS_RF_KILL_HW;
1774                wiphy_rfkill_set_hw_state(priv->ieee->wdev.wiphy, false);
1775        }
1776
1777        return (priv->status & STATUS_RF_KILL_HW) ? 1 : 0;
1778}
1779
1780static ssize_t show_rf_kill(struct device *d, struct device_attribute *attr,
1781                            char *buf)
1782{
1783        /* 0 - RF kill not enabled
1784           1 - SW based RF kill active (sysfs)
1785           2 - HW based RF kill active
1786           3 - Both HW and SW baed RF kill active */
1787        struct ipw_priv *priv = dev_get_drvdata(d);
1788        int val = ((priv->status & STATUS_RF_KILL_SW) ? 0x1 : 0x0) |
1789            (rf_kill_active(priv) ? 0x2 : 0x0);
1790        return sprintf(buf, "%i\n", val);
1791}
1792
1793static int ipw_radio_kill_sw(struct ipw_priv *priv, int disable_radio)
1794{
1795        if ((disable_radio ? 1 : 0) ==
1796            ((priv->status & STATUS_RF_KILL_SW) ? 1 : 0))
1797                return 0;
1798
1799        IPW_DEBUG_RF_KILL("Manual SW RF Kill set to: RADIO  %s\n",
1800                          disable_radio ? "OFF" : "ON");
1801
1802        if (disable_radio) {
1803                priv->status |= STATUS_RF_KILL_SW;
1804
1805                cancel_delayed_work(&priv->request_scan);
1806                cancel_delayed_work(&priv->request_direct_scan);
1807                cancel_delayed_work(&priv->request_passive_scan);
1808                cancel_delayed_work(&priv->scan_event);
1809                schedule_work(&priv->down);
1810        } else {
1811                priv->status &= ~STATUS_RF_KILL_SW;
1812                if (rf_kill_active(priv)) {
1813                        IPW_DEBUG_RF_KILL("Can not turn radio back on - "
1814                                          "disabled by HW switch\n");
1815                        /* Make sure the RF_KILL check timer is running */
1816                        cancel_delayed_work(&priv->rf_kill);
1817                        schedule_delayed_work(&priv->rf_kill,
1818                                              round_jiffies_relative(2 * HZ));
1819                } else
1820                        schedule_work(&priv->up);
1821        }
1822
1823        return 1;
1824}
1825
1826static ssize_t store_rf_kill(struct device *d, struct device_attribute *attr,
1827                             const char *buf, size_t count)
1828{
1829        struct ipw_priv *priv = dev_get_drvdata(d);
1830
1831        ipw_radio_kill_sw(priv, buf[0] == '1');
1832
1833        return count;
1834}
1835
1836static DEVICE_ATTR(rf_kill, S_IWUSR | S_IRUGO, show_rf_kill, store_rf_kill);
1837
1838static ssize_t show_speed_scan(struct device *d, struct device_attribute *attr,
1839                               char *buf)
1840{
1841        struct ipw_priv *priv = dev_get_drvdata(d);
1842        int pos = 0, len = 0;
1843        if (priv->config & CFG_SPEED_SCAN) {
1844                while (priv->speed_scan[pos] != 0)
1845                        len += sprintf(&buf[len], "%d ",
1846                                       priv->speed_scan[pos++]);
1847                return len + sprintf(&buf[len], "\n");
1848        }
1849
1850        return sprintf(buf, "0\n");
1851}
1852
1853static ssize_t store_speed_scan(struct device *d, struct device_attribute *attr,
1854                                const char *buf, size_t count)
1855{
1856        struct ipw_priv *priv = dev_get_drvdata(d);
1857        int channel, pos = 0;
1858        const char *p = buf;
1859
1860        /* list of space separated channels to scan, optionally ending with 0 */
1861        while ((channel = simple_strtol(p, NULL, 0))) {
1862                if (pos == MAX_SPEED_SCAN - 1) {
1863                        priv->speed_scan[pos] = 0;
1864                        break;
1865                }
1866
1867                if (libipw_is_valid_channel(priv->ieee, channel))
1868                        priv->speed_scan[pos++] = channel;
1869                else
1870                        IPW_WARNING("Skipping invalid channel request: %d\n",
1871                                    channel);
1872                p = strchr(p, ' ');
1873                if (!p)
1874                        break;
1875                while (*p == ' ' || *p == '\t')
1876                        p++;
1877        }
1878
1879        if (pos == 0)
1880                priv->config &= ~CFG_SPEED_SCAN;
1881        else {
1882                priv->speed_scan_pos = 0;
1883                priv->config |= CFG_SPEED_SCAN;
1884        }
1885
1886        return count;
1887}
1888
1889static DEVICE_ATTR(speed_scan, S_IWUSR | S_IRUGO, show_speed_scan,
1890                   store_speed_scan);
1891
1892static ssize_t show_net_stats(struct device *d, struct device_attribute *attr,
1893                              char *buf)
1894{
1895        struct ipw_priv *priv = dev_get_drvdata(d);
1896        return sprintf(buf, "%c\n", (priv->config & CFG_NET_STATS) ? '1' : '0');
1897}
1898
1899static ssize_t store_net_stats(struct device *d, struct device_attribute *attr,
1900                               const char *buf, size_t count)
1901{
1902        struct ipw_priv *priv = dev_get_drvdata(d);
1903        if (buf[0] == '1')
1904                priv->config |= CFG_NET_STATS;
1905        else
1906                priv->config &= ~CFG_NET_STATS;
1907
1908        return count;
1909}
1910
1911static DEVICE_ATTR(net_stats, S_IWUSR | S_IRUGO,
1912                   show_net_stats, store_net_stats);
1913
1914static ssize_t show_channels(struct device *d,
1915                             struct device_attribute *attr,
1916                             char *buf)
1917{
1918        struct ipw_priv *priv = dev_get_drvdata(d);
1919        const struct libipw_geo *geo = libipw_get_geo(priv->ieee);
1920        int len = 0, i;
1921
1922        len = sprintf(&buf[len],
1923                      "Displaying %d channels in 2.4Ghz band "
1924                      "(802.11bg):\n", geo->bg_channels);
1925
1926        for (i = 0; i < geo->bg_channels; i++) {
1927                len += sprintf(&buf[len], "%d: BSS%s%s, %s, Band %s.\n",
1928                               geo->bg[i].channel,
1929                               geo->bg[i].flags & LIBIPW_CH_RADAR_DETECT ?
1930                               " (radar spectrum)" : "",
1931                               ((geo->bg[i].flags & LIBIPW_CH_NO_IBSS) ||
1932                                (geo->bg[i].flags & LIBIPW_CH_RADAR_DETECT))
1933                               ? "" : ", IBSS",
1934                               geo->bg[i].flags & LIBIPW_CH_PASSIVE_ONLY ?
1935                               "passive only" : "active/passive",
1936                               geo->bg[i].flags & LIBIPW_CH_B_ONLY ?
1937                               "B" : "B/G");
1938        }
1939
1940        len += sprintf(&buf[len],
1941                       "Displaying %d channels in 5.2Ghz band "
1942                       "(802.11a):\n", geo->a_channels);
1943        for (i = 0; i < geo->a_channels; i++) {
1944                len += sprintf(&buf[len], "%d: BSS%s%s, %s.\n",
1945                               geo->a[i].channel,
1946                               geo->a[i].flags & LIBIPW_CH_RADAR_DETECT ?
1947                               " (radar spectrum)" : "",
1948                               ((geo->a[i].flags & LIBIPW_CH_NO_IBSS) ||
1949                                (geo->a[i].flags & LIBIPW_CH_RADAR_DETECT))
1950                               ? "" : ", IBSS",
1951                               geo->a[i].flags & LIBIPW_CH_PASSIVE_ONLY ?
1952                               "passive only" : "active/passive");
1953        }
1954
1955        return len;
1956}
1957
1958static DEVICE_ATTR(channels, S_IRUSR, show_channels, NULL);
1959
1960static void notify_wx_assoc_event(struct ipw_priv *priv)
1961{
1962        union iwreq_data wrqu;
1963        wrqu.ap_addr.sa_family = ARPHRD_ETHER;
1964        if (priv->status & STATUS_ASSOCIATED)
1965                memcpy(wrqu.ap_addr.sa_data, priv->bssid, ETH_ALEN);
1966        else
1967                memset(wrqu.ap_addr.sa_data, 0, ETH_ALEN);
1968        wireless_send_event(priv->net_dev, SIOCGIWAP, &wrqu, NULL);
1969}
1970
1971static void ipw_irq_tasklet(struct ipw_priv *priv)
1972{
1973        u32 inta, inta_mask, handled = 0;
1974        unsigned long flags;
1975        int rc = 0;
1976
1977        spin_lock_irqsave(&priv->irq_lock, flags);
1978
1979        inta = ipw_read32(priv, IPW_INTA_RW);
1980        inta_mask = ipw_read32(priv, IPW_INTA_MASK_R);
1981
1982        if (inta == 0xFFFFFFFF) {
1983                /* Hardware disappeared */
1984                IPW_WARNING("TASKLET INTA == 0xFFFFFFFF\n");
1985                /* Only handle the cached INTA values */
1986                inta = 0;
1987        }
1988        inta &= (IPW_INTA_MASK_ALL & inta_mask);
1989
1990        /* Add any cached INTA values that need to be handled */
1991        inta |= priv->isr_inta;
1992
1993        spin_unlock_irqrestore(&priv->irq_lock, flags);
1994
1995        spin_lock_irqsave(&priv->lock, flags);
1996
1997        /* handle all the justifications for the interrupt */
1998        if (inta & IPW_INTA_BIT_RX_TRANSFER) {
1999                ipw_rx(priv);
2000                handled |= IPW_INTA_BIT_RX_TRANSFER;
2001        }
2002
2003        if (inta & IPW_INTA_BIT_TX_CMD_QUEUE) {
2004                IPW_DEBUG_HC("Command completed.\n");
2005                rc = ipw_queue_tx_reclaim(priv, &priv->txq_cmd, -1);
2006                priv->status &= ~STATUS_HCMD_ACTIVE;
2007                wake_up_interruptible(&priv->wait_command_queue);
2008                handled |= IPW_INTA_BIT_TX_CMD_QUEUE;
2009        }
2010
2011        if (inta & IPW_INTA_BIT_TX_QUEUE_1) {
2012                IPW_DEBUG_TX("TX_QUEUE_1\n");
2013                rc = ipw_queue_tx_reclaim(priv, &priv->txq[0], 0);
2014                handled |= IPW_INTA_BIT_TX_QUEUE_1;
2015        }
2016
2017        if (inta & IPW_INTA_BIT_TX_QUEUE_2) {
2018                IPW_DEBUG_TX("TX_QUEUE_2\n");
2019                rc = ipw_queue_tx_reclaim(priv, &priv->txq[1], 1);
2020                handled |= IPW_INTA_BIT_TX_QUEUE_2;
2021        }
2022
2023        if (inta & IPW_INTA_BIT_TX_QUEUE_3) {
2024                IPW_DEBUG_TX("TX_QUEUE_3\n");
2025                rc = ipw_queue_tx_reclaim(priv, &priv->txq[2], 2);
2026                handled |= IPW_INTA_BIT_TX_QUEUE_3;
2027        }
2028
2029        if (inta & IPW_INTA_BIT_TX_QUEUE_4) {
2030                IPW_DEBUG_TX("TX_QUEUE_4\n");
2031                rc = ipw_queue_tx_reclaim(priv, &priv->txq[3], 3);
2032                handled |= IPW_INTA_BIT_TX_QUEUE_4;
2033        }
2034
2035        if (inta & IPW_INTA_BIT_STATUS_CHANGE) {
2036                IPW_WARNING("STATUS_CHANGE\n");
2037                handled |= IPW_INTA_BIT_STATUS_CHANGE;
2038        }
2039
2040        if (inta & IPW_INTA_BIT_BEACON_PERIOD_EXPIRED) {
2041                IPW_WARNING("TX_PERIOD_EXPIRED\n");
2042                handled |= IPW_INTA_BIT_BEACON_PERIOD_EXPIRED;
2043        }
2044
2045        if (inta & IPW_INTA_BIT_SLAVE_MODE_HOST_CMD_DONE) {
2046                IPW_WARNING("HOST_CMD_DONE\n");
2047                handled |= IPW_INTA_BIT_SLAVE_MODE_HOST_CMD_DONE;
2048        }
2049
2050        if (inta & IPW_INTA_BIT_FW_INITIALIZATION_DONE) {
2051                IPW_WARNING("FW_INITIALIZATION_DONE\n");
2052                handled |= IPW_INTA_BIT_FW_INITIALIZATION_DONE;
2053        }
2054
2055        if (inta & IPW_INTA_BIT_FW_CARD_DISABLE_PHY_OFF_DONE) {
2056                IPW_WARNING("PHY_OFF_DONE\n");
2057                handled |= IPW_INTA_BIT_FW_CARD_DISABLE_PHY_OFF_DONE;
2058        }
2059
2060        if (inta & IPW_INTA_BIT_RF_KILL_DONE) {
2061                IPW_DEBUG_RF_KILL("RF_KILL_DONE\n");
2062                priv->status |= STATUS_RF_KILL_HW;
2063                wiphy_rfkill_set_hw_state(priv->ieee->wdev.wiphy, true);
2064                wake_up_interruptible(&priv->wait_command_queue);
2065                priv->status &= ~(STATUS_ASSOCIATED | STATUS_ASSOCIATING);
2066                cancel_delayed_work(&priv->request_scan);
2067                cancel_delayed_work(&priv->request_direct_scan);
2068                cancel_delayed_work(&priv->request_passive_scan);
2069                cancel_delayed_work(&priv->scan_event);
2070                schedule_work(&priv->link_down);
2071                schedule_delayed_work(&priv->rf_kill, 2 * HZ);
2072                handled |= IPW_INTA_BIT_RF_KILL_DONE;
2073        }
2074
2075        if (inta & IPW_INTA_BIT_FATAL_ERROR) {
2076                IPW_WARNING("Firmware error detected.  Restarting.\n");
2077                if (priv->error) {
2078                        IPW_DEBUG_FW("Sysfs 'error' log already exists.\n");
2079                        if (ipw_debug_level & IPW_DL_FW_ERRORS) {
2080                                struct ipw_fw_error *error =
2081                                    ipw_alloc_error_log(priv);
2082                                ipw_dump_error_log(priv, error);
2083                                kfree(error);
2084                        }
2085                } else {
2086                        priv->error = ipw_alloc_error_log(priv);
2087                        if (priv->error)
2088                                IPW_DEBUG_FW("Sysfs 'error' log captured.\n");
2089                        else
2090                                IPW_DEBUG_FW("Error allocating sysfs 'error' "
2091                                             "log.\n");
2092                        if (ipw_debug_level & IPW_DL_FW_ERRORS)
2093                                ipw_dump_error_log(priv, priv->error);
2094                }
2095
2096                /* XXX: If hardware encryption is for WPA/WPA2,
2097                 * we have to notify the supplicant. */
2098                if (priv->ieee->sec.encrypt) {
2099                        priv->status &= ~STATUS_ASSOCIATED;
2100                        notify_wx_assoc_event(priv);
2101                }
2102
2103                /* Keep the restart process from trying to send host
2104                 * commands by clearing the INIT status bit */
2105                priv->status &= ~STATUS_INIT;
2106
2107                /* Cancel currently queued command. */
2108                priv->status &= ~STATUS_HCMD_ACTIVE;
2109                wake_up_interruptible(&priv->wait_command_queue);
2110
2111                schedule_work(&priv->adapter_restart);
2112                handled |= IPW_INTA_BIT_FATAL_ERROR;
2113        }
2114
2115        if (inta & IPW_INTA_BIT_PARITY_ERROR) {
2116                IPW_ERROR("Parity error\n");
2117                handled |= IPW_INTA_BIT_PARITY_ERROR;
2118        }
2119
2120        if (handled != inta) {
2121                IPW_ERROR("Unhandled INTA bits 0x%08x\n", inta & ~handled);
2122        }
2123
2124        spin_unlock_irqrestore(&priv->lock, flags);
2125
2126        /* enable all interrupts */
2127        ipw_enable_interrupts(priv);
2128}
2129
2130#define IPW_CMD(x) case IPW_CMD_ ## x : return #x
2131static char *get_cmd_string(u8 cmd)
2132{
2133        switch (cmd) {
2134                IPW_CMD(HOST_COMPLETE);
2135                IPW_CMD(POWER_DOWN);
2136                IPW_CMD(SYSTEM_CONFIG);
2137                IPW_CMD(MULTICAST_ADDRESS);
2138                IPW_CMD(SSID);
2139                IPW_CMD(ADAPTER_ADDRESS);
2140                IPW_CMD(PORT_TYPE);
2141                IPW_CMD(RTS_THRESHOLD);
2142                IPW_CMD(FRAG_THRESHOLD);
2143                IPW_CMD(POWER_MODE);
2144                IPW_CMD(WEP_KEY);
2145                IPW_CMD(TGI_TX_KEY);
2146                IPW_CMD(SCAN_REQUEST);
2147                IPW_CMD(SCAN_REQUEST_EXT);
2148                IPW_CMD(ASSOCIATE);
2149                IPW_CMD(SUPPORTED_RATES);
2150                IPW_CMD(SCAN_ABORT);
2151                IPW_CMD(TX_FLUSH);
2152                IPW_CMD(QOS_PARAMETERS);
2153                IPW_CMD(DINO_CONFIG);
2154                IPW_CMD(RSN_CAPABILITIES);
2155                IPW_CMD(RX_KEY);
2156                IPW_CMD(CARD_DISABLE);
2157                IPW_CMD(SEED_NUMBER);
2158                IPW_CMD(TX_POWER);
2159                IPW_CMD(COUNTRY_INFO);
2160                IPW_CMD(AIRONET_INFO);
2161                IPW_CMD(AP_TX_POWER);
2162                IPW_CMD(CCKM_INFO);
2163                IPW_CMD(CCX_VER_INFO);
2164                IPW_CMD(SET_CALIBRATION);
2165                IPW_CMD(SENSITIVITY_CALIB);
2166                IPW_CMD(RETRY_LIMIT);
2167                IPW_CMD(IPW_PRE_POWER_DOWN);
2168                IPW_CMD(VAP_BEACON_TEMPLATE);
2169                IPW_CMD(VAP_DTIM_PERIOD);
2170                IPW_CMD(EXT_SUPPORTED_RATES);
2171                IPW_CMD(VAP_LOCAL_TX_PWR_CONSTRAINT);
2172                IPW_CMD(VAP_QUIET_INTERVALS);
2173                IPW_CMD(VAP_CHANNEL_SWITCH);
2174                IPW_CMD(VAP_MANDATORY_CHANNELS);
2175                IPW_CMD(VAP_CELL_PWR_LIMIT);
2176                IPW_CMD(VAP_CF_PARAM_SET);
2177                IPW_CMD(VAP_SET_BEACONING_STATE);
2178                IPW_CMD(MEASUREMENT);
2179                IPW_CMD(POWER_CAPABILITY);
2180                IPW_CMD(SUPPORTED_CHANNELS);
2181                IPW_CMD(TPC_REPORT);
2182                IPW_CMD(WME_INFO);
2183                IPW_CMD(PRODUCTION_COMMAND);
2184        default:
2185                return "UNKNOWN";
2186        }
2187}
2188
2189#define HOST_COMPLETE_TIMEOUT HZ
2190
2191static int __ipw_send_cmd(struct ipw_priv *priv, struct host_cmd *cmd)
2192{
2193        int rc = 0;
2194        unsigned long flags;
2195        unsigned long now, end;
2196
2197        spin_lock_irqsave(&priv->lock, flags);
2198        if (priv->status & STATUS_HCMD_ACTIVE) {
2199                IPW_ERROR("Failed to send %s: Already sending a command.\n",
2200                          get_cmd_string(cmd->cmd));
2201                spin_unlock_irqrestore(&priv->lock, flags);
2202                return -EAGAIN;
2203        }
2204
2205        priv->status |= STATUS_HCMD_ACTIVE;
2206
2207        if (priv->cmdlog) {
2208                priv->cmdlog[priv->cmdlog_pos].jiffies = jiffies;
2209                priv->cmdlog[priv->cmdlog_pos].cmd.cmd = cmd->cmd;
2210                priv->cmdlog[priv->cmdlog_pos].cmd.len = cmd->len;
2211                memcpy(priv->cmdlog[priv->cmdlog_pos].cmd.param, cmd->param,
2212                       cmd->len);
2213                priv->cmdlog[priv->cmdlog_pos].retcode = -1;
2214        }
2215
2216        IPW_DEBUG_HC("%s command (#%d) %d bytes: 0x%08X\n",
2217                     get_cmd_string(cmd->cmd), cmd->cmd, cmd->len,
2218                     priv->status);
2219
2220#ifndef DEBUG_CMD_WEP_KEY
2221        if (cmd->cmd == IPW_CMD_WEP_KEY)
2222                IPW_DEBUG_HC("WEP_KEY command masked out for secure.\n");
2223        else
2224#endif
2225                printk_buf(IPW_DL_HOST_COMMAND, (u8 *) cmd->param, cmd->len);
2226
2227        rc = ipw_queue_tx_hcmd(priv, cmd->cmd, cmd->param, cmd->len, 0);
2228        if (rc) {
2229                priv->status &= ~STATUS_HCMD_ACTIVE;
2230                IPW_ERROR("Failed to send %s: Reason %d\n",
2231                          get_cmd_string(cmd->cmd), rc);
2232                spin_unlock_irqrestore(&priv->lock, flags);
2233                goto exit;
2234        }
2235        spin_unlock_irqrestore(&priv->lock, flags);
2236
2237        now = jiffies;
2238        end = now + HOST_COMPLETE_TIMEOUT;
2239again:
2240        rc = wait_event_interruptible_timeout(priv->wait_command_queue,
2241                                              !(priv->
2242                                                status & STATUS_HCMD_ACTIVE),
2243                                              end - now);
2244        if (rc < 0) {
2245                now = jiffies;
2246                if (time_before(now, end))
2247                        goto again;
2248                rc = 0;
2249        }
2250
2251        if (rc == 0) {
2252                spin_lock_irqsave(&priv->lock, flags);
2253                if (priv->status & STATUS_HCMD_ACTIVE) {
2254                        IPW_ERROR("Failed to send %s: Command timed out.\n",
2255                                  get_cmd_string(cmd->cmd));
2256                        priv->status &= ~STATUS_HCMD_ACTIVE;
2257                        spin_unlock_irqrestore(&priv->lock, flags);
2258                        rc = -EIO;
2259                        goto exit;
2260                }
2261                spin_unlock_irqrestore(&priv->lock, flags);
2262        } else
2263                rc = 0;
2264
2265        if (priv->status & STATUS_RF_KILL_HW) {
2266                IPW_ERROR("Failed to send %s: Aborted due to RF kill switch.\n",
2267                          get_cmd_string(cmd->cmd));
2268                rc = -EIO;
2269                goto exit;
2270        }
2271
2272      exit:
2273        if (priv->cmdlog) {
2274                priv->cmdlog[priv->cmdlog_pos++].retcode = rc;
2275                priv->cmdlog_pos %= priv->cmdlog_len;
2276        }
2277        return rc;
2278}
2279
2280static int ipw_send_cmd_simple(struct ipw_priv *priv, u8 command)
2281{
2282        struct host_cmd cmd = {
2283                .cmd = command,
2284        };
2285
2286        return __ipw_send_cmd(priv, &cmd);
2287}
2288
2289static int ipw_send_cmd_pdu(struct ipw_priv *priv, u8 command, u8 len,
2290                            void *data)
2291{
2292        struct host_cmd cmd = {
2293                .cmd = command,
2294                .len = len,
2295                .param = data,
2296        };
2297
2298        return __ipw_send_cmd(priv, &cmd);
2299}
2300
2301static int ipw_send_host_complete(struct ipw_priv *priv)
2302{
2303        if (!priv) {
2304                IPW_ERROR("Invalid args\n");
2305                return -1;
2306        }
2307
2308        return ipw_send_cmd_simple(priv, IPW_CMD_HOST_COMPLETE);
2309}
2310
2311static int ipw_send_system_config(struct ipw_priv *priv)
2312{
2313        return ipw_send_cmd_pdu(priv, IPW_CMD_SYSTEM_CONFIG,
2314                                sizeof(priv->sys_config),
2315                                &priv->sys_config);
2316}
2317
2318static int ipw_send_ssid(struct ipw_priv *priv, u8 * ssid, int len)
2319{
2320        if (!priv || !ssid) {
2321                IPW_ERROR("Invalid args\n");
2322                return -1;
2323        }
2324
2325        return ipw_send_cmd_pdu(priv, IPW_CMD_SSID, min(len, IW_ESSID_MAX_SIZE),
2326                                ssid);
2327}
2328
2329static int ipw_send_adapter_address(struct ipw_priv *priv, u8 * mac)
2330{
2331        if (!priv || !mac) {
2332                IPW_ERROR("Invalid args\n");
2333                return -1;
2334        }
2335
2336        IPW_DEBUG_INFO("%s: Setting MAC to %pM\n",
2337                       priv->net_dev->name, mac);
2338
2339        return ipw_send_cmd_pdu(priv, IPW_CMD_ADAPTER_ADDRESS, ETH_ALEN, mac);
2340}
2341
2342static void ipw_adapter_restart(void *adapter)
2343{
2344        struct ipw_priv *priv = adapter;
2345
2346        if (priv->status & STATUS_RF_KILL_MASK)
2347                return;
2348
2349        ipw_down(priv);
2350
2351        if (priv->assoc_network &&
2352            (priv->assoc_network->capability & WLAN_CAPABILITY_IBSS))
2353                ipw_remove_current_network(priv);
2354
2355        if (ipw_up(priv)) {
2356                IPW_ERROR("Failed to up device\n");
2357                return;
2358        }
2359}
2360
2361static void ipw_bg_adapter_restart(struct work_struct *work)
2362{
2363        struct ipw_priv *priv =
2364                container_of(work, struct ipw_priv, adapter_restart);
2365        mutex_lock(&priv->mutex);
2366        ipw_adapter_restart(priv);
2367        mutex_unlock(&priv->mutex);
2368}
2369
2370static void ipw_abort_scan(struct ipw_priv *priv);
2371
2372#define IPW_SCAN_CHECK_WATCHDOG (5 * HZ)
2373
2374static void ipw_scan_check(void *data)
2375{
2376        struct ipw_priv *priv = data;
2377
2378        if (priv->status & STATUS_SCAN_ABORTING) {
2379                IPW_DEBUG_SCAN("Scan completion watchdog resetting "
2380                               "adapter after (%dms).\n",
2381                               jiffies_to_msecs(IPW_SCAN_CHECK_WATCHDOG));
2382                schedule_work(&priv->adapter_restart);
2383        } else if (priv->status & STATUS_SCANNING) {
2384                IPW_DEBUG_SCAN("Scan completion watchdog aborting scan "
2385                               "after (%dms).\n",
2386                               jiffies_to_msecs(IPW_SCAN_CHECK_WATCHDOG));
2387                ipw_abort_scan(priv);
2388                schedule_delayed_work(&priv->scan_check, HZ);
2389        }
2390}
2391
2392static void ipw_bg_scan_check(struct work_struct *work)
2393{
2394        struct ipw_priv *priv =
2395                container_of(work, struct ipw_priv, scan_check.work);
2396        mutex_lock(&priv->mutex);
2397        ipw_scan_check(priv);
2398        mutex_unlock(&priv->mutex);
2399}
2400
2401static int ipw_send_scan_request_ext(struct ipw_priv *priv,
2402                                     struct ipw_scan_request_ext *request)
2403{
2404        return ipw_send_cmd_pdu(priv, IPW_CMD_SCAN_REQUEST_EXT,
2405                                sizeof(*request), request);
2406}
2407
2408static int ipw_send_scan_abort(struct ipw_priv *priv)
2409{
2410        if (!priv) {
2411                IPW_ERROR("Invalid args\n");
2412                return -1;
2413        }
2414
2415        return ipw_send_cmd_simple(priv, IPW_CMD_SCAN_ABORT);
2416}
2417
2418static int ipw_set_sensitivity(struct ipw_priv *priv, u16 sens)
2419{
2420        struct ipw_sensitivity_calib calib = {
2421                .beacon_rssi_raw = cpu_to_le16(sens),
2422        };
2423
2424        return ipw_send_cmd_pdu(priv, IPW_CMD_SENSITIVITY_CALIB, sizeof(calib),
2425                                &calib);
2426}
2427
2428static int ipw_send_associate(struct ipw_priv *priv,
2429                              struct ipw_associate *associate)
2430{
2431        if (!priv || !associate) {
2432                IPW_ERROR("Invalid args\n");
2433                return -1;
2434        }
2435
2436        return ipw_send_cmd_pdu(priv, IPW_CMD_ASSOCIATE, sizeof(*associate),
2437                                associate);
2438}
2439
2440static int ipw_send_supported_rates(struct ipw_priv *priv,
2441                                    struct ipw_supported_rates *rates)
2442{
2443        if (!priv || !rates) {
2444                IPW_ERROR("Invalid args\n");
2445                return -1;
2446        }
2447
2448        return ipw_send_cmd_pdu(priv, IPW_CMD_SUPPORTED_RATES, sizeof(*rates),
2449                                rates);
2450}
2451
2452static int ipw_set_random_seed(struct ipw_priv *priv)
2453{
2454        u32 val;
2455
2456        if (!priv) {
2457                IPW_ERROR("Invalid args\n");
2458                return -1;
2459        }
2460
2461        get_random_bytes(&val, sizeof(val));
2462
2463        return ipw_send_cmd_pdu(priv, IPW_CMD_SEED_NUMBER, sizeof(val), &val);
2464}
2465
2466static int ipw_send_card_disable(struct ipw_priv *priv, u32 phy_off)
2467{
2468        __le32 v = cpu_to_le32(phy_off);
2469        if (!priv) {
2470                IPW_ERROR("Invalid args\n");
2471                return -1;
2472        }
2473
2474        return ipw_send_cmd_pdu(priv, IPW_CMD_CARD_DISABLE, sizeof(v), &v);
2475}
2476
2477static int ipw_send_tx_power(struct ipw_priv *priv, struct ipw_tx_power *power)
2478{
2479        if (!priv || !power) {
2480                IPW_ERROR("Invalid args\n");
2481                return -1;
2482        }
2483
2484        return ipw_send_cmd_pdu(priv, IPW_CMD_TX_POWER, sizeof(*power), power);
2485}
2486
2487static int ipw_set_tx_power(struct ipw_priv *priv)
2488{
2489        const struct libipw_geo *geo = libipw_get_geo(priv->ieee);
2490        struct ipw_tx_power tx_power;
2491        s8 max_power;
2492        int i;
2493
2494        memset(&tx_power, 0, sizeof(tx_power));
2495
2496        /* configure device for 'G' band */
2497        tx_power.ieee_mode = IPW_G_MODE;
2498        tx_power.num_channels = geo->bg_channels;
2499        for (i = 0; i < geo->bg_channels; i++) {
2500                max_power = geo->bg[i].max_power;
2501                tx_power.channels_tx_power[i].channel_number =
2502                    geo->bg[i].channel;
2503                tx_power.channels_tx_power[i].tx_power = max_power ?
2504                    min(max_power, priv->tx_power) : priv->tx_power;
2505        }
2506        if (ipw_send_tx_power(priv, &tx_power))
2507                return -EIO;
2508
2509        /* configure device to also handle 'B' band */
2510        tx_power.ieee_mode = IPW_B_MODE;
2511        if (ipw_send_tx_power(priv, &tx_power))
2512                return -EIO;
2513
2514        /* configure device to also handle 'A' band */
2515        if (priv->ieee->abg_true) {
2516                tx_power.ieee_mode = IPW_A_MODE;
2517                tx_power.num_channels = geo->a_channels;
2518                for (i = 0; i < tx_power.num_channels; i++) {
2519                        max_power = geo->a[i].max_power;
2520                        tx_power.channels_tx_power[i].channel_number =
2521                            geo->a[i].channel;
2522                        tx_power.channels_tx_power[i].tx_power = max_power ?
2523                            min(max_power, priv->tx_power) : priv->tx_power;
2524                }
2525                if (ipw_send_tx_power(priv, &tx_power))
2526                        return -EIO;
2527        }
2528        return 0;
2529}
2530
2531static int ipw_send_rts_threshold(struct ipw_priv *priv, u16 rts)
2532{
2533        struct ipw_rts_threshold rts_threshold = {
2534                .rts_threshold = cpu_to_le16(rts),
2535        };
2536
2537        if (!priv) {
2538                IPW_ERROR("Invalid args\n");
2539                return -1;
2540        }
2541
2542        return ipw_send_cmd_pdu(priv, IPW_CMD_RTS_THRESHOLD,
2543                                sizeof(rts_threshold), &rts_threshold);
2544}
2545
2546static int ipw_send_frag_threshold(struct ipw_priv *priv, u16 frag)
2547{
2548        struct ipw_frag_threshold frag_threshold = {
2549                .frag_threshold = cpu_to_le16(frag),
2550        };
2551
2552        if (!priv) {
2553                IPW_ERROR("Invalid args\n");
2554                return -1;
2555        }
2556
2557        return ipw_send_cmd_pdu(priv, IPW_CMD_FRAG_THRESHOLD,
2558                                sizeof(frag_threshold), &frag_threshold);
2559}
2560
2561static int ipw_send_power_mode(struct ipw_priv *priv, u32 mode)
2562{
2563        __le32 param;
2564
2565        if (!priv) {
2566                IPW_ERROR("Invalid args\n");
2567                return -1;
2568        }
2569
2570        /* If on battery, set to 3, if AC set to CAM, else user
2571         * level */
2572        switch (mode) {
2573        case IPW_POWER_BATTERY:
2574                param = cpu_to_le32(IPW_POWER_INDEX_3);
2575                break;
2576        case IPW_POWER_AC:
2577                param = cpu_to_le32(IPW_POWER_MODE_CAM);
2578                break;
2579        default:
2580                param = cpu_to_le32(mode);
2581                break;
2582        }
2583
2584        return ipw_send_cmd_pdu(priv, IPW_CMD_POWER_MODE, sizeof(param),
2585                                &param);
2586}
2587
2588static int ipw_send_retry_limit(struct ipw_priv *priv, u8 slimit, u8 llimit)
2589{
2590        struct ipw_retry_limit retry_limit = {
2591                .short_retry_limit = slimit,
2592                .long_retry_limit = llimit
2593        };
2594
2595        if (!priv) {
2596                IPW_ERROR("Invalid args\n");
2597                return -1;
2598        }
2599
2600        return ipw_send_cmd_pdu(priv, IPW_CMD_RETRY_LIMIT, sizeof(retry_limit),
2601                                &retry_limit);
2602}
2603
2604/*
2605 * The IPW device contains a Microwire compatible EEPROM that stores
2606 * various data like the MAC address.  Usually the firmware has exclusive
2607 * access to the eeprom, but during device initialization (before the
2608 * device driver has sent the HostComplete command to the firmware) the
2609 * device driver has read access to the EEPROM by way of indirect addressing
2610 * through a couple of memory mapped registers.
2611 *
2612 * The following is a simplified implementation for pulling data out of the
2613 * the eeprom, along with some helper functions to find information in
2614 * the per device private data's copy of the eeprom.
2615 *
2616 * NOTE: To better understand how these functions work (i.e what is a chip
2617 *       select and why do have to keep driving the eeprom clock?), read
2618 *       just about any data sheet for a Microwire compatible EEPROM.
2619 */
2620
2621/* write a 32 bit value into the indirect accessor register */
2622static inline void eeprom_write_reg(struct ipw_priv *p, u32 data)
2623{
2624        ipw_write_reg32(p, FW_MEM_REG_EEPROM_ACCESS, data);
2625
2626        /* the eeprom requires some time to complete the operation */
2627        udelay(p->eeprom_delay);
2628}
2629
2630/* perform a chip select operation */
2631static void eeprom_cs(struct ipw_priv *priv)
2632{
2633        eeprom_write_reg(priv, 0);
2634        eeprom_write_reg(priv, EEPROM_BIT_CS);
2635        eeprom_write_reg(priv, EEPROM_BIT_CS | EEPROM_BIT_SK);
2636        eeprom_write_reg(priv, EEPROM_BIT_CS);
2637}
2638
2639/* perform a chip select operation */
2640static void eeprom_disable_cs(struct ipw_priv *priv)
2641{
2642        eeprom_write_reg(priv, EEPROM_BIT_CS);
2643        eeprom_write_reg(priv, 0);
2644        eeprom_write_reg(priv, EEPROM_BIT_SK);
2645}
2646
2647/* push a single bit down to the eeprom */
2648static inline void eeprom_write_bit(struct ipw_priv *p, u8 bit)
2649{
2650        int d = (bit ? EEPROM_BIT_DI : 0);
2651        eeprom_write_reg(p, EEPROM_BIT_CS | d);
2652        eeprom_write_reg(p, EEPROM_BIT_CS | d | EEPROM_BIT_SK);
2653}
2654
2655/* push an opcode followed by an address down to the eeprom */
2656static void eeprom_op(struct ipw_priv *priv, u8 op, u8 addr)
2657{
2658        int i;
2659
2660        eeprom_cs(priv);
2661        eeprom_write_bit(priv, 1);
2662        eeprom_write_bit(priv, op & 2);
2663        eeprom_write_bit(priv, op & 1);
2664        for (i = 7; i >= 0; i--) {
2665                eeprom_write_bit(priv, addr & (1 << i));
2666        }
2667}
2668
2669/* pull 16 bits off the eeprom, one bit at a time */
2670static u16 eeprom_read_u16(struct ipw_priv *priv, u8 addr)
2671{
2672        int i;
2673        u16 r = 0;
2674
2675        /* Send READ Opcode */
2676        eeprom_op(priv, EEPROM_CMD_READ, addr);
2677
2678        /* Send dummy bit */
2679        eeprom_write_reg(priv, EEPROM_BIT_CS);
2680
2681        /* Read the byte off the eeprom one bit at a time */
2682        for (i = 0; i < 16; i++) {
2683                u32 data = 0;
2684                eeprom_write_reg(priv, EEPROM_BIT_CS | EEPROM_BIT_SK);
2685                eeprom_write_reg(priv, EEPROM_BIT_CS);
2686                data = ipw_read_reg32(priv, FW_MEM_REG_EEPROM_ACCESS);
2687                r = (r << 1) | ((data & EEPROM_BIT_DO) ? 1 : 0);
2688        }
2689
2690        /* Send another dummy bit */
2691        eeprom_write_reg(priv, 0);
2692        eeprom_disable_cs(priv);
2693
2694        return r;
2695}
2696
2697/* helper function for pulling the mac address out of the private */
2698/* data's copy of the eeprom data                                 */
2699static void eeprom_parse_mac(struct ipw_priv *priv, u8 * mac)
2700{
2701        memcpy(mac, &priv->eeprom[EEPROM_MAC_ADDRESS], ETH_ALEN);
2702}
2703
2704static void ipw_read_eeprom(struct ipw_priv *priv)
2705{
2706        int i;
2707        __le16 *eeprom = (__le16 *) priv->eeprom;
2708
2709        IPW_DEBUG_TRACE(">>\n");
2710
2711        /* read entire contents of eeprom into private buffer */
2712        for (i = 0; i < 128; i++)
2713                eeprom[i] = cpu_to_le16(eeprom_read_u16(priv, (u8) i));
2714
2715        IPW_DEBUG_TRACE("<<\n");
2716}
2717
2718/*
2719 * Either the device driver (i.e. the host) or the firmware can
2720 * load eeprom data into the designated region in SRAM.  If neither
2721 * happens then the FW will shutdown with a fatal error.
2722 *
2723 * In order to signal the FW to load the EEPROM, the EEPROM_LOAD_DISABLE
2724 * bit needs region of shared SRAM needs to be non-zero.
2725 */
2726static void ipw_eeprom_init_sram(struct ipw_priv *priv)
2727{
2728        int i;
2729
2730        IPW_DEBUG_TRACE(">>\n");
2731
2732        /*
2733           If the data looks correct, then copy it to our private
2734           copy.  Otherwise let the firmware know to perform the operation
2735           on its own.
2736         */
2737        if (priv->eeprom[EEPROM_VERSION] != 0) {
2738                IPW_DEBUG_INFO("Writing EEPROM data into SRAM\n");
2739
2740                /* write the eeprom data to sram */
2741                for (i = 0; i < IPW_EEPROM_IMAGE_SIZE; i++)
2742                        ipw_write8(priv, IPW_EEPROM_DATA + i, priv->eeprom[i]);
2743
2744                /* Do not load eeprom data on fatal error or suspend */
2745                ipw_write32(priv, IPW_EEPROM_LOAD_DISABLE, 0);
2746        } else {
2747                IPW_DEBUG_INFO("Enabling FW initializationg of SRAM\n");
2748
2749                /* Load eeprom data on fatal error or suspend */
2750                ipw_write32(priv, IPW_EEPROM_LOAD_DISABLE, 1);
2751        }
2752
2753        IPW_DEBUG_TRACE("<<\n");
2754}
2755
2756static void ipw_zero_memory(struct ipw_priv *priv, u32 start, u32 count)
2757{
2758        count >>= 2;
2759        if (!count)
2760                return;
2761        _ipw_write32(priv, IPW_AUTOINC_ADDR, start);
2762        while (count--)
2763                _ipw_write32(priv, IPW_AUTOINC_DATA, 0);
2764}
2765
2766static inline void ipw_fw_dma_reset_command_blocks(struct ipw_priv *priv)
2767{
2768        ipw_zero_memory(priv, IPW_SHARED_SRAM_DMA_CONTROL,
2769                        CB_NUMBER_OF_ELEMENTS_SMALL *
2770                        sizeof(struct command_block));
2771}
2772
2773static int ipw_fw_dma_enable(struct ipw_priv *priv)
2774{                               /* start dma engine but no transfers yet */
2775
2776        IPW_DEBUG_FW(">> :\n");
2777
2778        /* Start the dma */
2779        ipw_fw_dma_reset_command_blocks(priv);
2780
2781        /* Write CB base address */
2782        ipw_write_reg32(priv, IPW_DMA_I_CB_BASE, IPW_SHARED_SRAM_DMA_CONTROL);
2783
2784        IPW_DEBUG_FW("<< :\n");
2785        return 0;
2786}
2787
2788static void ipw_fw_dma_abort(struct ipw_priv *priv)
2789{
2790        u32 control = 0;
2791
2792        IPW_DEBUG_FW(">> :\n");
2793
2794        /* set the Stop and Abort bit */
2795        control = DMA_CONTROL_SMALL_CB_CONST_VALUE | DMA_CB_STOP_AND_ABORT;
2796        ipw_write_reg32(priv, IPW_DMA_I_DMA_CONTROL, control);
2797        priv->sram_desc.last_cb_index = 0;
2798
2799        IPW_DEBUG_FW("<<\n");
2800}
2801
2802static int ipw_fw_dma_write_command_block(struct ipw_priv *priv, int index,
2803                                          struct command_block *cb)
2804{
2805        u32 address =
2806            IPW_SHARED_SRAM_DMA_CONTROL +
2807            (sizeof(struct command_block) * index);
2808        IPW_DEBUG_FW(">> :\n");
2809
2810        ipw_write_indirect(priv, address, (u8 *) cb,
2811                           (int)sizeof(struct command_block));
2812
2813        IPW_DEBUG_FW("<< :\n");
2814        return 0;
2815
2816}
2817
2818static int ipw_fw_dma_kick(struct ipw_priv *priv)
2819{
2820        u32 control = 0;
2821        u32 index = 0;
2822
2823        IPW_DEBUG_FW(">> :\n");
2824
2825        for (index = 0; index < priv->sram_desc.last_cb_index; index++)
2826                ipw_fw_dma_write_command_block(priv, index,
2827                                               &priv->sram_desc.cb_list[index]);
2828
2829        /* Enable the DMA in the CSR register */
2830        ipw_clear_bit(priv, IPW_RESET_REG,
2831                      IPW_RESET_REG_MASTER_DISABLED |
2832                      IPW_RESET_REG_STOP_MASTER);
2833
2834        /* Set the Start bit. */
2835        control = DMA_CONTROL_SMALL_CB_CONST_VALUE | DMA_CB_START;
2836        ipw_write_reg32(priv, IPW_DMA_I_DMA_CONTROL, control);
2837
2838        IPW_DEBUG_FW("<< :\n");
2839        return 0;
2840}
2841
2842static void ipw_fw_dma_dump_command_block(struct ipw_priv *priv)
2843{
2844        u32 address;
2845        u32 register_value = 0;
2846        u32 cb_fields_address = 0;
2847
2848        IPW_DEBUG_FW(">> :\n");
2849        address = ipw_read_reg32(priv, IPW_DMA_I_CURRENT_CB);
2850        IPW_DEBUG_FW_INFO("Current CB is 0x%x\n", address);
2851
2852        /* Read the DMA Controlor register */
2853        register_value = ipw_read_reg32(priv, IPW_DMA_I_DMA_CONTROL);
2854        IPW_DEBUG_FW_INFO("IPW_DMA_I_DMA_CONTROL is 0x%x\n", register_value);
2855
2856        /* Print the CB values */
2857        cb_fields_address = address;
2858        register_value = ipw_read_reg32(priv, cb_fields_address);
2859        IPW_DEBUG_FW_INFO("Current CB Control Field is 0x%x\n", register_value);
2860
2861        cb_fields_address += sizeof(u32);
2862        register_value = ipw_read_reg32(priv, cb_fields_address);
2863        IPW_DEBUG_FW_INFO("Current CB Source Field is 0x%x\n", register_value);
2864
2865        cb_fields_address += sizeof(u32);
2866        register_value = ipw_read_reg32(priv, cb_fields_address);
2867        IPW_DEBUG_FW_INFO("Current CB Destination Field is 0x%x\n",
2868                          register_value);
2869
2870        cb_fields_address += sizeof(u32);
2871        register_value = ipw_read_reg32(priv, cb_fields_address);
2872        IPW_DEBUG_FW_INFO("Current CB Status Field is 0x%x\n", register_value);
2873
2874        IPW_DEBUG_FW(">> :\n");
2875}
2876
2877static int ipw_fw_dma_command_block_index(struct ipw_priv *priv)
2878{
2879        u32 current_cb_address = 0;
2880        u32 current_cb_index = 0;
2881
2882        IPW_DEBUG_FW("<< :\n");
2883        current_cb_address = ipw_read_reg32(priv, IPW_DMA_I_CURRENT_CB);
2884
2885        current_cb_index = (current_cb_address - IPW_SHARED_SRAM_DMA_CONTROL) /
2886            sizeof(struct command_block);
2887
2888        IPW_DEBUG_FW_INFO("Current CB index 0x%x address = 0x%X\n",
2889                          current_cb_index, current_cb_address);
2890
2891        IPW_DEBUG_FW(">> :\n");
2892        return current_cb_index;
2893
2894}
2895
2896static int ipw_fw_dma_add_command_block(struct ipw_priv *priv,
2897                                        u32 src_address,
2898                                        u32 dest_address,
2899                                        u32 length,
2900                                        int interrupt_enabled, int is_last)
2901{
2902
2903        u32 control = CB_VALID | CB_SRC_LE | CB_DEST_LE | CB_SRC_AUTOINC |
2904            CB_SRC_IO_GATED | CB_DEST_AUTOINC | CB_SRC_SIZE_LONG |
2905            CB_DEST_SIZE_LONG;
2906        struct command_block *cb;
2907        u32 last_cb_element = 0;
2908
2909        IPW_DEBUG_FW_INFO("src_address=0x%x dest_address=0x%x length=0x%x\n",
2910                          src_address, dest_address, length);
2911
2912        if (priv->sram_desc.last_cb_index >= CB_NUMBER_OF_ELEMENTS_SMALL)
2913                return -1;
2914
2915        last_cb_element = priv->sram_desc.last_cb_index;
2916        cb = &priv->sram_desc.cb_list[last_cb_element];
2917        priv->sram_desc.last_cb_index++;
2918
2919        /* Calculate the new CB control word */
2920        if (interrupt_enabled)
2921                control |= CB_INT_ENABLED;
2922
2923        if (is_last)
2924                control |= CB_LAST_VALID;
2925
2926        control |= length;
2927
2928        /* Calculate the CB Element's checksum value */
2929        cb->status = control ^ src_address ^ dest_address;
2930
2931        /* Copy the Source and Destination addresses */
2932        cb->dest_addr = dest_address;
2933        cb->source_addr = src_address;
2934
2935        /* Copy the Control Word last */
2936        cb->control = control;
2937
2938        return 0;
2939}
2940
2941static int ipw_fw_dma_add_buffer(struct ipw_priv *priv, dma_addr_t *src_address,
2942                                 int nr, u32 dest_address, u32 len)
2943{
2944        int ret, i;
2945        u32 size;
2946
2947        IPW_DEBUG_FW(">>\n");
2948        IPW_DEBUG_FW_INFO("nr=%d dest_address=0x%x len=0x%x\n",
2949                          nr, dest_address, len);
2950
2951        for (i = 0; i < nr; i++) {
2952                size = min_t(u32, len - i * CB_MAX_LENGTH, CB_MAX_LENGTH);
2953                ret = ipw_fw_dma_add_command_block(priv, src_address[i],
2954                                                   dest_address +
2955                                                   i * CB_MAX_LENGTH, size,
2956                                                   0, 0);
2957                if (ret) {
2958                        IPW_DEBUG_FW_INFO(": Failed\n");
2959                        return -1;
2960                } else
2961                        IPW_DEBUG_FW_INFO(": Added new cb\n");
2962        }
2963
2964        IPW_DEBUG_FW("<<\n");
2965        return 0;
2966}
2967
2968static int ipw_fw_dma_wait(struct ipw_priv *priv)
2969{
2970        u32 current_index = 0, previous_index;
2971        u32 watchdog = 0;
2972
2973        IPW_DEBUG_FW(">> :\n");
2974
2975        current_index = ipw_fw_dma_command_block_index(priv);
2976        IPW_DEBUG_FW_INFO("sram_desc.last_cb_index:0x%08X\n",
2977                          (int)priv->sram_desc.last_cb_index);
2978
2979        while (current_index < priv->sram_desc.last_cb_index) {
2980                udelay(50);
2981                previous_index = current_index;
2982                current_index = ipw_fw_dma_command_block_index(priv);
2983
2984                if (previous_index < current_index) {
2985                        watchdog = 0;
2986                        continue;
2987                }
2988                if (++watchdog > 400) {
2989                        IPW_DEBUG_FW_INFO("Timeout\n");
2990                        ipw_fw_dma_dump_command_block(priv);
2991                        ipw_fw_dma_abort(priv);
2992                        return -1;
2993                }
2994        }
2995
2996        ipw_fw_dma_abort(priv);
2997
2998        /*Disable the DMA in the CSR register */
2999        ipw_set_bit(priv, IPW_RESET_REG,
3000                    IPW_RESET_REG_MASTER_DISABLED | IPW_RESET_REG_STOP_MASTER);
3001
3002        IPW_DEBUG_FW("<< dmaWaitSync\n");
3003        return 0;
3004}
3005
3006static void ipw_remove_current_network(struct ipw_priv *priv)
3007{
3008        struct list_head *element, *safe;
3009        struct libipw_network *network = NULL;
3010        unsigned long flags;
3011
3012        spin_lock_irqsave(&priv->ieee->lock, flags);
3013        list_for_each_safe(element, safe, &priv->ieee->network_list) {
3014                network = list_entry(element, struct libipw_network, list);
3015                if (ether_addr_equal(network->bssid, priv->bssid)) {
3016                        list_del(element);
3017                        list_add_tail(&network->list,
3018                                      &priv->ieee->network_free_list);
3019                }
3020        }
3021        spin_unlock_irqrestore(&priv->ieee->lock, flags);
3022}
3023
3024/**
3025 * Check that card is still alive.
3026 * Reads debug register from domain0.
3027 * If card is present, pre-defined value should
3028 * be found there.
3029 *
3030 * @param priv
3031 * @return 1 if card is present, 0 otherwise
3032 */
3033static inline int ipw_alive(struct ipw_priv *priv)
3034{
3035        return ipw_read32(priv, 0x90) == 0xd55555d5;
3036}
3037
3038/* timeout in msec, attempted in 10-msec quanta */
3039static int ipw_poll_bit(struct ipw_priv *priv, u32 addr, u32 mask,
3040                               int timeout)
3041{
3042        int i = 0;
3043
3044        do {
3045                if ((ipw_read32(priv, addr) & mask) == mask)
3046                        return i;
3047                mdelay(10);
3048                i += 10;
3049        } while (i < timeout);
3050
3051        return -ETIME;
3052}
3053
3054/* These functions load the firmware and micro code for the operation of
3055 * the ipw hardware.  It assumes the buffer has all the bits for the
3056 * image and the caller is handling the memory allocation and clean up.
3057 */
3058
3059static int ipw_stop_master(struct ipw_priv *priv)
3060{
3061        int rc;
3062
3063        IPW_DEBUG_TRACE(">>\n");
3064        /* stop master. typical delay - 0 */
3065        ipw_set_bit(priv, IPW_RESET_REG, IPW_RESET_REG_STOP_MASTER);
3066
3067        /* timeout is in msec, polled in 10-msec quanta */
3068        rc = ipw_poll_bit(priv, IPW_RESET_REG,
3069                          IPW_RESET_REG_MASTER_DISABLED, 100);
3070        if (rc < 0) {
3071                IPW_ERROR("wait for stop master failed after 100ms\n");
3072                return -1;
3073        }
3074
3075        IPW_DEBUG_INFO("stop master %dms\n", rc);
3076
3077        return rc;
3078}
3079
3080static void ipw_arc_release(struct ipw_priv *priv)
3081{
3082        IPW_DEBUG_TRACE(">>\n");
3083        mdelay(5);
3084
3085        ipw_clear_bit(priv, IPW_RESET_REG, CBD_RESET_REG_PRINCETON_RESET);
3086
3087        /* no one knows timing, for safety add some delay */
3088        mdelay(5);
3089}
3090
3091struct fw_chunk {
3092        __le32 address;
3093        __le32 length;
3094};
3095
3096static int ipw_load_ucode(struct ipw_priv *priv, u8 * data, size_t len)
3097{
3098        int rc = 0, i, addr;
3099        u8 cr = 0;
3100        __le16 *image;
3101
3102        image = (__le16 *) data;
3103
3104        IPW_DEBUG_TRACE(">>\n");
3105
3106        rc = ipw_stop_master(priv);
3107
3108        if (rc < 0)
3109                return rc;
3110
3111        for (addr = IPW_SHARED_LOWER_BOUND;
3112             addr < IPW_REGISTER_DOMAIN1_END; addr += 4) {
3113                ipw_write32(priv, addr, 0);
3114        }
3115
3116        /* no ucode (yet) */
3117        memset(&priv->dino_alive, 0, sizeof(priv->dino_alive));
3118        /* destroy DMA queues */
3119        /* reset sequence */
3120
3121        ipw_write_reg32(priv, IPW_MEM_HALT_AND_RESET, IPW_BIT_HALT_RESET_ON);
3122        ipw_arc_release(priv);
3123        ipw_write_reg32(priv, IPW_MEM_HALT_AND_RESET, IPW_BIT_HALT_RESET_OFF);
3124        mdelay(1);
3125
3126        /* reset PHY */
3127        ipw_write_reg32(priv, IPW_INTERNAL_CMD_EVENT, IPW_BASEBAND_POWER_DOWN);
3128        mdelay(1);
3129
3130        ipw_write_reg32(priv, IPW_INTERNAL_CMD_EVENT, 0);
3131        mdelay(1);
3132
3133        /* enable ucode store */
3134        ipw_write_reg8(priv, IPW_BASEBAND_CONTROL_STATUS, 0x0);
3135        ipw_write_reg8(priv, IPW_BASEBAND_CONTROL_STATUS, DINO_ENABLE_CS);
3136        mdelay(1);
3137
3138        /* write ucode */
3139        /**
3140         * @bug
3141         * Do NOT set indirect address register once and then
3142         * store data to indirect data register in the loop.
3143         * It seems very reasonable, but in this case DINO do not
3144         * accept ucode. It is essential to set address each time.
3145         */
3146        /* load new ipw uCode */
3147        for (i = 0; i < len / 2; i++)
3148                ipw_write_reg16(priv, IPW_BASEBAND_CONTROL_STORE,
3149                                le16_to_cpu(image[i]));
3150
3151        /* enable DINO */
3152        ipw_write_reg8(priv, IPW_BASEBAND_CONTROL_STATUS, 0);
3153        ipw_write_reg8(priv, IPW_BASEBAND_CONTROL_STATUS, DINO_ENABLE_SYSTEM);
3154
3155        /* this is where the igx / win driver deveates from the VAP driver. */
3156
3157        /* wait for alive response */
3158        for (i = 0; i < 100; i++) {
3159                /* poll for incoming data */
3160                cr = ipw_read_reg8(priv, IPW_BASEBAND_CONTROL_STATUS);
3161                if (cr & DINO_RXFIFO_DATA)
3162                        break;
3163                mdelay(1);
3164        }
3165
3166        if (cr & DINO_RXFIFO_DATA) {
3167                /* alive_command_responce size is NOT multiple of 4 */
3168                __le32 response_buffer[(sizeof(priv->dino_alive) + 3) / 4];
3169
3170                for (i = 0; i < ARRAY_SIZE(response_buffer); i++)
3171                        response_buffer[i] =
3172                            cpu_to_le32(ipw_read_reg32(priv,
3173                                                       IPW_BASEBAND_RX_FIFO_READ));
3174                memcpy(&priv->dino_alive, response_buffer,
3175                       sizeof(priv->dino_alive));
3176                if (priv->dino_alive.alive_command == 1
3177                    && priv->dino_alive.ucode_valid == 1) {
3178                        rc = 0;
3179                        IPW_DEBUG_INFO
3180                            ("Microcode OK, rev. %d (0x%x) dev. %d (0x%x) "
3181                             "of %02d/%02d/%02d %02d:%02d\n",
3182                             priv->dino_alive.software_revision,
3183                             priv->dino_alive.software_revision,
3184                             priv->dino_alive.device_identifier,
3185                             priv->dino_alive.device_identifier,
3186                             priv->dino_alive.time_stamp[0],
3187                             priv->dino_alive.time_stamp[1],
3188                             priv->dino_alive.time_stamp[2],
3189                             priv->dino_alive.time_stamp[3],
3190                             priv->dino_alive.time_stamp[4]);
3191                } else {
3192                        IPW_DEBUG_INFO("Microcode is not alive\n");
3193                        rc = -EINVAL;
3194                }
3195        } else {
3196                IPW_DEBUG_INFO("No alive response from DINO\n");
3197                rc = -ETIME;
3198        }
3199
3200        /* disable DINO, otherwise for some reason
3201           firmware have problem getting alive resp. */
3202        ipw_write_reg8(priv, IPW_BASEBAND_CONTROL_STATUS, 0);
3203
3204        return rc;
3205}
3206
3207static int ipw_load_firmware(struct ipw_priv *priv, u8 * data, size_t len)
3208{
3209        int ret = -1;
3210        int offset = 0;
3211        struct fw_chunk *chunk;
3212        int total_nr = 0;
3213        int i;
3214        struct pci_pool *pool;
3215        void **virts;
3216        dma_addr_t *phys;
3217
3218        IPW_DEBUG_TRACE("<< :\n");
3219
3220        virts = kmalloc(sizeof(void *) * CB_NUMBER_OF_ELEMENTS_SMALL,
3221                        GFP_KERNEL);
3222        if (!virts)
3223                return -ENOMEM;
3224
3225        phys = kmalloc(sizeof(dma_addr_t) * CB_NUMBER_OF_ELEMENTS_SMALL,
3226                        GFP_KERNEL);
3227        if (!phys) {
3228                kfree(virts);
3229                return -ENOMEM;
3230        }
3231        pool = pci_pool_create("ipw2200", priv->pci_dev, CB_MAX_LENGTH, 0, 0);
3232        if (!pool) {
3233                IPW_ERROR("pci_pool_create failed\n");
3234                kfree(phys);
3235                kfree(virts);
3236                return -ENOMEM;
3237        }
3238
3239        /* Start the Dma */
3240        ret = ipw_fw_dma_enable(priv);
3241
3242        /* the DMA is already ready this would be a bug. */
3243        BUG_ON(priv->sram_desc.last_cb_index > 0);
3244
3245        do {
3246                u32 chunk_len;
3247                u8 *start;
3248                int size;
3249                int nr = 0;
3250
3251                chunk = (struct fw_chunk *)(data + offset);
3252                offset += sizeof(struct fw_chunk);
3253                chunk_len = le32_to_cpu(chunk->length);
3254                start = data + offset;
3255
3256                nr = (chunk_len + CB_MAX_LENGTH - 1) / CB_MAX_LENGTH;
3257                for (i = 0; i < nr; i++) {
3258                        virts[total_nr] = pci_pool_alloc(pool, GFP_KERNEL,
3259                                                         &phys[total_nr]);
3260                        if (!virts[total_nr]) {
3261                                ret = -ENOMEM;
3262                                goto out;
3263                        }
3264                        size = min_t(u32, chunk_len - i * CB_MAX_LENGTH,
3265                                     CB_MAX_LENGTH);
3266                        memcpy(virts[total_nr], start, size);
3267                        start += size;
3268                        total_nr++;
3269                        /* We don't support fw chunk larger than 64*8K */
3270                        BUG_ON(total_nr > CB_NUMBER_OF_ELEMENTS_SMALL);
3271                }
3272
3273                /* build DMA packet and queue up for sending */
3274                /* dma to chunk->address, the chunk->length bytes from data +
3275                 * offeset*/
3276                /* Dma loading */
3277                ret = ipw_fw_dma_add_buffer(priv, &phys[total_nr - nr],
3278                                            nr, le32_to_cpu(chunk->address),
3279                                            chunk_len);
3280                if (ret) {
3281                        IPW_DEBUG_INFO("dmaAddBuffer Failed\n");
3282                        goto out;
3283                }
3284
3285                offset += chunk_len;
3286        } while (offset < len);
3287
3288        /* Run the DMA and wait for the answer */
3289        ret = ipw_fw_dma_kick(priv);
3290        if (ret) {
3291                IPW_ERROR("dmaKick Failed\n");
3292                goto out;
3293        }
3294
3295        ret = ipw_fw_dma_wait(priv);
3296        if (ret) {
3297                IPW_ERROR("dmaWaitSync Failed\n");
3298                goto out;
3299        }
3300 out:
3301        for (i = 0; i < total_nr; i++)
3302                pci_pool_free(pool, virts[i], phys[i]);
3303
3304        pci_pool_destroy(pool);
3305        kfree(phys);
3306        kfree(virts);
3307
3308        return ret;
3309}
3310
3311/* stop nic */
3312static int ipw_stop_nic(struct ipw_priv *priv)
3313{
3314        int rc = 0;
3315
3316        /* stop */
3317        ipw_write32(priv, IPW_RESET_REG, IPW_RESET_REG_STOP_MASTER);
3318
3319        rc = ipw_poll_bit(priv, IPW_RESET_REG,
3320                          IPW_RESET_REG_MASTER_DISABLED, 500);
3321        if (rc < 0) {
3322                IPW_ERROR("wait for reg master disabled failed after 500ms\n");
3323                return rc;
3324        }
3325
3326        ipw_set_bit(priv, IPW_RESET_REG, CBD_RESET_REG_PRINCETON_RESET);
3327
3328        return rc;
3329}
3330
3331static void ipw_start_nic(struct ipw_priv *priv)
3332{
3333        IPW_DEBUG_TRACE(">>\n");
3334
3335        /* prvHwStartNic  release ARC */
3336        ipw_clear_bit(priv, IPW_RESET_REG,
3337                      IPW_RESET_REG_MASTER_DISABLED |
3338                      IPW_RESET_REG_STOP_MASTER |
3339                      CBD_RESET_REG_PRINCETON_RESET);
3340
3341        /* enable power management */
3342        ipw_set_bit(priv, IPW_GP_CNTRL_RW,
3343                    IPW_GP_CNTRL_BIT_HOST_ALLOWS_STANDBY);
3344
3345        IPW_DEBUG_TRACE("<<\n");
3346}
3347
3348static int ipw_init_nic(struct ipw_priv *priv)
3349{
3350        int rc;
3351
3352        IPW_DEBUG_TRACE(">>\n");
3353        /* reset */
3354        /*prvHwInitNic */
3355        /* set "initialization complete" bit to move adapter to D0 state */
3356        ipw_set_bit(priv, IPW_GP_CNTRL_RW, IPW_GP_CNTRL_BIT_INIT_DONE);
3357
3358        /* low-level PLL activation */
3359        ipw_write32(priv, IPW_READ_INT_REGISTER,
3360                    IPW_BIT_INT_HOST_SRAM_READ_INT_REGISTER);
3361
3362        /* wait for clock stabilization */
3363        rc = ipw_poll_bit(priv, IPW_GP_CNTRL_RW,
3364                          IPW_GP_CNTRL_BIT_CLOCK_READY, 250);
3365        if (rc < 0)
3366                IPW_DEBUG_INFO("FAILED wait for clock stablization\n");
3367
3368        /* assert SW reset */
3369        ipw_set_bit(priv, IPW_RESET_REG, IPW_RESET_REG_SW_RESET);
3370
3371        udelay(10);
3372
3373        /* set "initialization complete" bit to move adapter to D0 state */
3374        ipw_set_bit(priv, IPW_GP_CNTRL_RW, IPW_GP_CNTRL_BIT_INIT_DONE);
3375
3376        IPW_DEBUG_TRACE(">>\n");
3377        return 0;
3378}
3379
3380/* Call this function from process context, it will sleep in request_firmware.
3381 * Probe is an ok place to call this from.
3382 */
3383static int ipw_reset_nic(struct ipw_priv *priv)
3384{
3385        int rc = 0;
3386        unsigned long flags;
3387
3388        IPW_DEBUG_TRACE(">>\n");
3389
3390        rc = ipw_init_nic(priv);
3391
3392        spin_lock_irqsave(&priv->lock, flags);
3393        /* Clear the 'host command active' bit... */
3394        priv->status &= ~STATUS_HCMD_ACTIVE;
3395        wake_up_interruptible(&priv->wait_command_queue);
3396        priv->status &= ~(STATUS_SCANNING | STATUS_SCAN_ABORTING);
3397        wake_up_interruptible(&priv->wait_state);
3398        spin_unlock_irqrestore(&priv->lock, flags);
3399
3400        IPW_DEBUG_TRACE("<<\n");
3401        return rc;
3402}
3403
3404
3405struct ipw_fw {
3406        __le32 ver;
3407        __le32 boot_size;
3408        __le32 ucode_size;
3409        __le32 fw_size;
3410        u8 data[0];
3411};
3412
3413static int ipw_get_fw(struct ipw_priv *priv,
3414                      const struct firmware **raw, const char *name)
3415{
3416        struct ipw_fw *fw;
3417        int rc;
3418
3419        /* ask firmware_class module to get the boot firmware off disk */
3420        rc = request_firmware(raw, name, &priv->pci_dev->dev);
3421        if (rc < 0) {
3422                IPW_ERROR("%s request_firmware failed: Reason %d\n", name, rc);
3423                return rc;
3424        }
3425
3426        if ((*raw)->size < sizeof(*fw)) {
3427                IPW_ERROR("%s is too small (%zd)\n", name, (*raw)->size);
3428                return -EINVAL;
3429        }
3430
3431        fw = (void *)(*raw)->data;
3432
3433        if ((*raw)->size < sizeof(*fw) + le32_to_cpu(fw->boot_size) +
3434            le32_to_cpu(fw->ucode_size) + le32_to_cpu(fw->fw_size)) {
3435                IPW_ERROR("%s is too small or corrupt (%zd)\n",
3436                          name, (*raw)->size);
3437                return -EINVAL;
3438        }
3439
3440        IPW_DEBUG_INFO("Read firmware '%s' image v%d.%d (%zd bytes)\n",
3441                       name,
3442                       le32_to_cpu(fw->ver) >> 16,
3443                       le32_to_cpu(fw->ver) & 0xff,
3444                       (*raw)->size - sizeof(*fw));
3445        return 0;
3446}
3447
3448#define IPW_RX_BUF_SIZE (3000)
3449
3450static void ipw_rx_queue_reset(struct ipw_priv *priv,
3451                                      struct ipw_rx_queue *rxq)
3452{
3453        unsigned long flags;
3454        int i;
3455
3456        spin_lock_irqsave(&rxq->lock, flags);
3457
3458        INIT_LIST_HEAD(&rxq->rx_free);
3459        INIT_LIST_HEAD(&rxq->rx_used);
3460
3461        /* Fill the rx_used queue with _all_ of the Rx buffers */
3462        for (i = 0; i < RX_FREE_BUFFERS + RX_QUEUE_SIZE; i++) {
3463                /* In the reset function, these buffers may have been allocated
3464                 * to an SKB, so we need to unmap and free potential storage */
3465                if (rxq->pool[i].skb != NULL) {
3466                        pci_unmap_single(priv->pci_dev, rxq->pool[i].dma_addr,
3467                                         IPW_RX_BUF_SIZE, PCI_DMA_FROMDEVICE);
3468                        dev_kfree_skb(rxq->pool[i].skb);
3469                        rxq->pool[i].skb = NULL;
3470                }
3471                list_add_tail(&rxq->pool[i].list, &rxq->rx_used);
3472        }
3473
3474        /* Set us so that we have processed and used all buffers, but have
3475         * not restocked the Rx queue with fresh buffers */
3476        rxq->read = rxq->write = 0;
3477        rxq->free_count = 0;
3478        spin_unlock_irqrestore(&rxq->lock, flags);
3479}
3480
3481#ifdef CONFIG_PM
3482static int fw_loaded = 0;
3483static const struct firmware *raw = NULL;
3484
3485static void free_firmware(void)
3486{
3487        if (fw_loaded) {
3488                release_firmware(raw);
3489                raw = NULL;
3490                fw_loaded = 0;
3491        }
3492}
3493#else
3494#define free_firmware() do {} while (0)
3495#endif
3496
3497static int ipw_load(struct ipw_priv *priv)
3498{
3499#ifndef CONFIG_PM
3500        const struct firmware *raw = NULL;
3501#endif
3502        struct ipw_fw *fw;
3503        u8 *boot_img, *ucode_img, *fw_img;
3504        u8 *name = NULL;
3505        int rc = 0, retries = 3;
3506
3507        switch (priv->ieee->iw_mode) {
3508        case IW_MODE_ADHOC:
3509                name = "ipw2200-ibss.fw";
3510                break;
3511#ifdef CONFIG_IPW2200_MONITOR
3512        case IW_MODE_MONITOR:
3513                name = "ipw2200-sniffer.fw";
3514                break;
3515#endif
3516        case IW_MODE_INFRA:
3517                name = "ipw2200-bss.fw";
3518                break;
3519        }
3520
3521        if (!name) {
3522                rc = -EINVAL;
3523                goto error;
3524        }
3525
3526#ifdef CONFIG_PM
3527        if (!fw_loaded) {
3528#endif
3529                rc = ipw_get_fw(priv, &raw, name);
3530                if (rc < 0)
3531                        goto error;
3532#ifdef CONFIG_PM
3533        }
3534#endif
3535
3536        fw = (void *)raw->data;
3537        boot_img = &fw->data[0];
3538        ucode_img = &fw->data[le32_to_cpu(fw->boot_size)];
3539        fw_img = &fw->data[le32_to_cpu(fw->boot_size) +
3540                           le32_to_cpu(fw->ucode_size)];
3541
3542        if (rc < 0)
3543                goto error;
3544
3545        if (!priv->rxq)
3546                priv->rxq = ipw_rx_queue_alloc(priv);
3547        else
3548                ipw_rx_queue_reset(priv, priv->rxq);
3549        if (!priv->rxq) {
3550                IPW_ERROR("Unable to initialize Rx queue\n");
3551                rc = -ENOMEM;
3552                goto error;
3553        }
3554
3555      retry:
3556        /* Ensure interrupts are disabled */
3557        ipw_write32(priv, IPW_INTA_MASK_R, ~IPW_INTA_MASK_ALL);
3558        priv->status &= ~STATUS_INT_ENABLED;
3559
3560        /* ack pending interrupts */
3561        ipw_write32(priv, IPW_INTA_RW, IPW_INTA_MASK_ALL);
3562
3563        ipw_stop_nic(priv);
3564
3565        rc = ipw_reset_nic(priv);
3566        if (rc < 0) {
3567                IPW_ERROR("Unable to reset NIC\n");
3568                goto error;
3569        }
3570
3571        ipw_zero_memory(priv, IPW_NIC_SRAM_LOWER_BOUND,
3572                        IPW_NIC_SRAM_UPPER_BOUND - IPW_NIC_SRAM_LOWER_BOUND);
3573
3574        /* DMA the initial boot firmware into the device */
3575        rc = ipw_load_firmware(priv, boot_img, le32_to_cpu(fw->boot_size));
3576        if (rc < 0) {
3577                IPW_ERROR("Unable to load boot firmware: %d\n", rc);
3578                goto error;
3579        }
3580
3581        /* kick start the device */
3582        ipw_start_nic(priv);
3583
3584        /* wait for the device to finish its initial startup sequence */
3585        rc = ipw_poll_bit(priv, IPW_INTA_RW,
3586                          IPW_INTA_BIT_FW_INITIALIZATION_DONE, 500);
3587        if (rc < 0) {
3588                IPW_ERROR("device failed to boot initial fw image\n");
3589                goto error;
3590        }
3591        IPW_DEBUG_INFO("initial device response after %dms\n", rc);
3592
3593        /* ack fw init done interrupt */
3594        ipw_write32(priv, IPW_INTA_RW, IPW_INTA_BIT_FW_INITIALIZATION_DONE);
3595
3596        /* DMA the ucode into the device */
3597        rc = ipw_load_ucode(priv, ucode_img, le32_to_cpu(fw->ucode_size));
3598        if (rc < 0) {
3599                IPW_ERROR("Unable to load ucode: %d\n", rc);
3600                goto error;
3601        }
3602
3603        /* stop nic */
3604        ipw_stop_nic(priv);
3605
3606        /* DMA bss firmware into the device */
3607        rc = ipw_load_firmware(priv, fw_img, le32_to_cpu(fw->fw_size));
3608        if (rc < 0) {
3609                IPW_ERROR("Unable to load firmware: %d\n", rc);
3610                goto error;
3611        }
3612#ifdef CONFIG_PM
3613        fw_loaded = 1;
3614#endif
3615
3616        ipw_write32(priv, IPW_EEPROM_LOAD_DISABLE, 0);
3617
3618        rc = ipw_queue_reset(priv);
3619        if (rc < 0) {
3620                IPW_ERROR("Unable to initialize queues\n");
3621                goto error;
3622        }
3623
3624        /* Ensure interrupts are disabled */
3625        ipw_write32(priv, IPW_INTA_MASK_R, ~IPW_INTA_MASK_ALL);
3626        /* ack pending interrupts */
3627        ipw_write32(priv, IPW_INTA_RW, IPW_INTA_MASK_ALL);
3628
3629        /* kick start the device */
3630        ipw_start_nic(priv);
3631
3632        if (ipw_read32(priv, IPW_INTA_RW) & IPW_INTA_BIT_PARITY_ERROR) {
3633                if (retries > 0) {
3634                        IPW_WARNING("Parity error.  Retrying init.\n");
3635                        retries--;
3636                        goto retry;
3637                }
3638
3639                IPW_ERROR("TODO: Handle parity error -- schedule restart?\n");
3640                rc = -EIO;
3641                goto error;
3642        }
3643
3644        /* wait for the device */
3645        rc = ipw_poll_bit(priv, IPW_INTA_RW,
3646                          IPW_INTA_BIT_FW_INITIALIZATION_DONE, 500);
3647        if (rc < 0) {
3648                IPW_ERROR("device failed to start within 500ms\n");
3649                goto error;
3650        }
3651        IPW_DEBUG_INFO("device response after %dms\n", rc);
3652
3653        /* ack fw init done interrupt */
3654        ipw_write32(priv, IPW_INTA_RW, IPW_INTA_BIT_FW_INITIALIZATION_DONE);
3655
3656        /* read eeprom data */
3657        priv->eeprom_delay = 1;
3658        ipw_read_eeprom(priv);
3659        /* initialize the eeprom region of sram */
3660        ipw_eeprom_init_sram(priv);
3661
3662        /* enable interrupts */
3663        ipw_enable_interrupts(priv);
3664
3665        /* Ensure our queue has valid packets */
3666        ipw_rx_queue_replenish(priv);
3667
3668        ipw_write32(priv, IPW_RX_READ_INDEX, priv->rxq->read);
3669
3670        /* ack pending interrupts */
3671        ipw_write32(priv, IPW_INTA_RW, IPW_INTA_MASK_ALL);
3672
3673#ifndef CONFIG_PM
3674        release_firmware(raw);
3675#endif
3676        return 0;
3677
3678      error:
3679        if (priv->rxq) {
3680                ipw_rx_queue_free(priv, priv->rxq);
3681                priv->rxq = NULL;
3682        }
3683        ipw_tx_queue_free(priv);
3684        release_firmware(raw);
3685#ifdef CONFIG_PM
3686        fw_loaded = 0;
3687        raw = NULL;
3688#endif
3689
3690        return rc;
3691}
3692
3693/**
3694 * DMA services
3695 *
3696 * Theory of operation
3697 *
3698 * A queue is a circular buffers with 'Read' and 'Write' pointers.
3699 * 2 empty entries always kept in the buffer to protect from overflow.
3700 *
3701 * For Tx queue, there are low mark and high mark limits. If, after queuing
3702 * the packet for Tx, free space become < low mark, Tx queue stopped. When
3703 * reclaiming packets (on 'tx done IRQ), if free space become > high mark,
3704 * Tx queue resumed.
3705 *
3706 * The IPW operates with six queues, one receive queue in the device's
3707 * sram, one transmit queue for sending commands to the device firmware,
3708 * and four transmit queues for data.
3709 *
3710 * The four transmit queues allow for performing quality of service (qos)
3711 * transmissions as per the 802.11 protocol.  Currently Linux does not
3712 * provide a mechanism to the user for utilizing prioritized queues, so
3713 * we only utilize the first data transmit queue (queue1).
3714 */
3715
3716/**
3717 * Driver allocates buffers of this size for Rx
3718 */
3719
3720/**
3721 * ipw_rx_queue_space - Return number of free slots available in queue.
3722 */
3723static int ipw_rx_queue_space(const struct ipw_rx_queue *q)
3724{
3725        int s = q->read - q->write;
3726        if (s <= 0)
3727                s += RX_QUEUE_SIZE;
3728        /* keep some buffer to not confuse full and empty queue */
3729        s -= 2;
3730        if (s < 0)
3731                s = 0;
3732        return s;
3733}
3734
3735static inline int ipw_tx_queue_space(const struct clx2_queue *q)
3736{
3737        int s = q->last_used - q->first_empty;
3738        if (s <= 0)
3739                s += q->n_bd;
3740        s -= 2;                 /* keep some reserve to not confuse empty and full situations */
3741        if (s < 0)
3742                s = 0;
3743        return s;
3744}
3745
3746static inline int ipw_queue_inc_wrap(int index, int n_bd)
3747{
3748        return (++index == n_bd) ? 0 : index;
3749}
3750
3751/**
3752 * Initialize common DMA queue structure
3753 *
3754 * @param q                queue to init
3755 * @param count            Number of BD's to allocate. Should be power of 2
3756 * @param read_register    Address for 'read' register
3757 *                         (not offset within BAR, full address)
3758 * @param write_register   Address for 'write' register
3759 *                         (not offset within BAR, full address)
3760 * @param base_register    Address for 'base' register
3761 *                         (not offset within BAR, full address)
3762 * @param size             Address for 'size' register
3763 *                         (not offset within BAR, full address)
3764 */
3765static void ipw_queue_init(struct ipw_priv *priv, struct clx2_queue *q,
3766                           int count, u32 read, u32 write, u32 base, u32 size)
3767{
3768        q->n_bd = count;
3769
3770        q->low_mark = q->n_bd / 4;
3771        if (q->low_mark < 4)
3772                q->low_mark = 4;
3773
3774        q->high_mark = q->n_bd / 8;
3775        if (q->high_mark < 2)
3776                q->high_mark = 2;
3777
3778        q->first_empty = q->last_used = 0;
3779        q->reg_r = read;
3780        q->reg_w = write;
3781
3782        ipw_write32(priv, base, q->dma_addr);
3783        ipw_write32(priv, size, count);
3784        ipw_write32(priv, read, 0);
3785        ipw_write32(priv, write, 0);
3786
3787        _ipw_read32(priv, 0x90);
3788}
3789
3790static int ipw_queue_tx_init(struct ipw_priv *priv,
3791                             struct clx2_tx_queue *q,
3792                             int count, u32 read, u32 write, u32 base, u32 size)
3793{
3794        struct pci_dev *dev = priv->pci_dev;
3795
3796        q->txb = kmalloc(sizeof(q->txb[0]) * count, GFP_KERNEL);
3797        if (!q->txb) {
3798                IPW_ERROR("vmalloc for auxiliary BD structures failed\n");
3799                return -ENOMEM;
3800        }
3801
3802        q->bd =
3803            pci_alloc_consistent(dev, sizeof(q->bd[0]) * count, &q->q.dma_addr);
3804        if (!q->bd) {
3805                IPW_ERROR("pci_alloc_consistent(%zd) failed\n",
3806                          sizeof(q->bd[0]) * count);
3807                kfree(q->txb);
3808                q->txb = NULL;
3809                return -ENOMEM;
3810        }
3811
3812        ipw_queue_init(priv, &q->q, count, read, write, base, size);
3813        return 0;
3814}
3815
3816/**
3817 * Free one TFD, those at index [txq->q.last_used].
3818 * Do NOT advance any indexes
3819 *
3820 * @param dev
3821 * @param txq
3822 */
3823static void ipw_queue_tx_free_tfd(struct ipw_priv *priv,
3824                                  struct clx2_tx_queue *txq)
3825{
3826        struct tfd_frame *bd = &txq->bd[txq->q.last_used];
3827        struct pci_dev *dev = priv->pci_dev;
3828        int i;
3829
3830        /* classify bd */
3831        if (bd->control_flags.message_type == TX_HOST_COMMAND_TYPE)
3832                /* nothing to cleanup after for host commands */
3833                return;
3834
3835        /* sanity check */
3836        if (le32_to_cpu(bd->u.data.num_chunks) > NUM_TFD_CHUNKS) {
3837                IPW_ERROR("Too many chunks: %i\n",
3838                          le32_to_cpu(bd->u.data.num_chunks));
3839                /** @todo issue fatal error, it is quite serious situation */
3840                return;
3841        }
3842
3843        /* unmap chunks if any */
3844        for (i = 0; i < le32_to_cpu(bd->u.data.num_chunks); i++) {
3845                pci_unmap_single(dev, le32_to_cpu(bd->u.data.chunk_ptr[i]),
3846                                 le16_to_cpu(bd->u.data.chunk_len[i]),
3847                                 PCI_DMA_TODEVICE);
3848                if (txq->txb[txq->q.last_used]) {
3849                        libipw_txb_free(txq->txb[txq->q.last_used]);
3850                        txq->txb[txq->q.last_used] = NULL;
3851                }
3852        }
3853}
3854
3855/**
3856 * Deallocate DMA queue.
3857 *
3858 * Empty queue by removing and destroying all BD's.
3859 * Free all buffers.
3860 *
3861 * @param dev
3862 * @param q
3863 */
3864static void ipw_queue_tx_free(struct ipw_priv *priv, struct clx2_tx_queue *txq)
3865{
3866        struct clx2_queue *q = &txq->q;
3867        struct pci_dev *dev = priv->pci_dev;
3868
3869        if (q->n_bd == 0)
3870                return;
3871
3872        /* first, empty all BD's */
3873        for (; q->first_empty != q->last_used;
3874             q->last_used = ipw_queue_inc_wrap(q->last_used, q->n_bd)) {
3875                ipw_queue_tx_free_tfd(priv, txq);
3876        }
3877
3878        /* free buffers belonging to queue itself */
3879        pci_free_consistent(dev, sizeof(txq->bd[0]) * q->n_bd, txq->bd,
3880                            q->dma_addr);
3881        kfree(txq->txb);
3882
3883        /* 0 fill whole structure */
3884        memset(txq, 0, sizeof(*txq));
3885}
3886
3887/**
3888 * Destroy all DMA queues and structures
3889 *
3890 * @param priv
3891 */
3892static void ipw_tx_queue_free(struct ipw_priv *priv)
3893{
3894        /* Tx CMD queue */
3895        ipw_queue_tx_free(priv, &priv->txq_cmd);
3896
3897        /* Tx queues */
3898        ipw_queue_tx_free(priv, &priv->txq[0]);
3899        ipw_queue_tx_free(priv, &priv->txq[1]);
3900        ipw_queue_tx_free(priv, &priv->txq[2]);
3901        ipw_queue_tx_free(priv, &priv->txq[3]);
3902}
3903
3904static void ipw_create_bssid(struct ipw_priv *priv, u8 * bssid)
3905{
3906        /* First 3 bytes are manufacturer */
3907        bssid[0] = priv->mac_addr[0];
3908        bssid[1] = priv->mac_addr[1];
3909        bssid[2] = priv->mac_addr[2];
3910
3911        /* Last bytes are random */
3912        get_random_bytes(&bssid[3], ETH_ALEN - 3);
3913
3914        bssid[0] &= 0xfe;       /* clear multicast bit */
3915        bssid[0] |= 0x02;       /* set local assignment bit (IEEE802) */
3916}
3917
3918static u8 ipw_add_station(struct ipw_priv *priv, u8 * bssid)
3919{
3920        struct ipw_station_entry entry;
3921        int i;
3922
3923        for (i = 0; i < priv->num_stations; i++) {
3924                if (ether_addr_equal(priv->stations[i], bssid)) {
3925                        /* Another node is active in network */
3926                        priv->missed_adhoc_beacons = 0;
3927                        if (!(priv->config & CFG_STATIC_CHANNEL))
3928                                /* when other nodes drop out, we drop out */
3929                                priv->config &= ~CFG_ADHOC_PERSIST;
3930
3931                        return i;
3932                }
3933        }
3934
3935        if (i == MAX_STATIONS)
3936                return IPW_INVALID_STATION;
3937
3938        IPW_DEBUG_SCAN("Adding AdHoc station: %pM\n", bssid);
3939
3940        entry.reserved = 0;
3941        entry.support_mode = 0;
3942        memcpy(entry.mac_addr, bssid, ETH_ALEN);
3943        memcpy(priv->stations[i], bssid, ETH_ALEN);
3944        ipw_write_direct(priv, IPW_STATION_TABLE_LOWER + i * sizeof(entry),
3945                         &entry, sizeof(entry));
3946        priv->num_stations++;
3947
3948        return i;
3949}
3950
3951static u8 ipw_find_station(struct ipw_priv *priv, u8 * bssid)
3952{
3953        int i;
3954
3955        for (i = 0; i < priv->num_stations; i++)
3956                if (ether_addr_equal(priv->stations[i], bssid))
3957                        return i;
3958
3959        return IPW_INVALID_STATION;
3960}
3961
3962static void ipw_send_disassociate(struct ipw_priv *priv, int quiet)
3963{
3964        int err;
3965
3966        if (priv->status & STATUS_ASSOCIATING) {
3967                IPW_DEBUG_ASSOC("Disassociating while associating.\n");
3968                schedule_work(&priv->disassociate);
3969                return;
3970        }
3971
3972        if (!(priv->status & STATUS_ASSOCIATED)) {
3973                IPW_DEBUG_ASSOC("Disassociating while not associated.\n");
3974                return;
3975        }
3976
3977        IPW_DEBUG_ASSOC("Disassocation attempt from %pM "
3978                        "on channel %d.\n",
3979                        priv->assoc_request.bssid,
3980                        priv->assoc_request.channel);
3981
3982        priv->status &= ~(STATUS_ASSOCIATING | STATUS_ASSOCIATED);
3983        priv->status |= STATUS_DISASSOCIATING;
3984
3985        if (quiet)
3986                priv->assoc_request.assoc_type = HC_DISASSOC_QUIET;
3987        else
3988                priv->assoc_request.assoc_type = HC_DISASSOCIATE;
3989
3990        err = ipw_send_associate(priv, &priv->assoc_request);
3991        if (err) {
3992                IPW_DEBUG_HC("Attempt to send [dis]associate command "
3993                             "failed.\n");
3994                return;
3995        }
3996
3997}
3998
3999static int ipw_disassociate(void *data)
4000{
4001        struct ipw_priv *priv = data;
4002        if (!(priv->status & (STATUS_ASSOCIATED | STATUS_ASSOCIATING)))
4003                return 0;
4004        ipw_send_disassociate(data, 0);
4005        netif_carrier_off(priv->net_dev);
4006        return 1;
4007}
4008
4009static void ipw_bg_disassociate(struct work_struct *work)
4010{
4011        struct ipw_priv *priv =
4012                container_of(work, struct ipw_priv, disassociate);
4013        mutex_lock(&priv->mutex);
4014        ipw_disassociate(priv);
4015        mutex_unlock(&priv->mutex);
4016}
4017
4018static void ipw_system_config(struct work_struct *work)
4019{
4020        struct ipw_priv *priv =
4021                container_of(work, struct ipw_priv, system_config);
4022
4023#ifdef CONFIG_IPW2200_PROMISCUOUS
4024        if (priv->prom_net_dev && netif_running(priv->prom_net_dev)) {
4025                priv->sys_config.accept_all_data_frames = 1;
4026                priv->sys_config.accept_non_directed_frames = 1;
4027                priv->sys_config.accept_all_mgmt_bcpr = 1;
4028                priv->sys_config.accept_all_mgmt_frames = 1;
4029        }
4030#endif
4031
4032        ipw_send_system_config(priv);
4033}
4034
4035struct ipw_status_code {
4036        u16 status;
4037        const char *reason;
4038};
4039
4040static const struct ipw_status_code ipw_status_codes[] = {
4041        {0x00, "Successful"},
4042        {0x01, "Unspecified failure"},
4043        {0x0A, "Cannot support all requested capabilities in the "
4044         "Capability information field"},
4045        {0x0B, "Reassociation denied due to inability to confirm that "
4046         "association exists"},
4047        {0x0C, "Association denied due to reason outside the scope of this "
4048         "standard"},
4049        {0x0D,
4050         "Responding station does not support the specified authentication "
4051         "algorithm"},
4052        {0x0E,
4053         "Received an Authentication frame with authentication sequence "
4054         "transaction sequence number out of expected sequence"},
4055        {0x0F, "Authentication rejected because of challenge failure"},
4056        {0x10, "Authentication rejected due to timeout waiting for next "
4057         "frame in sequence"},
4058        {0x11, "Association denied because AP is unable to handle additional "
4059         "associated stations"},
4060        {0x12,
4061         "Association denied due to requesting station not supporting all "
4062         "of the datarates in the BSSBasicServiceSet Parameter"},
4063        {0x13,
4064         "Association denied due to requesting station not supporting "
4065         "short preamble operation"},
4066        {0x14,
4067         "Association denied due to requesting station not supporting "
4068         "PBCC encoding"},
4069        {0x15,
4070         "Association denied due to requesting station not supporting "
4071         "channel agility"},
4072        {0x19,
4073         "Association denied due to requesting station not supporting "
4074         "short slot operation"},
4075        {0x1A,
4076         "Association denied due to requesting station not supporting "
4077         "DSSS-OFDM operation"},
4078        {0x28, "Invalid Information Element"},
4079        {0x29, "Group Cipher is not valid"},
4080        {0x2A, "Pairwise Cipher is not valid"},
4081        {0x2B, "AKMP is not valid"},
4082        {0x2C, "Unsupported RSN IE version"},
4083        {0x2D, "Invalid RSN IE Capabilities"},
4084        {0x2E, "Cipher suite is rejected per security policy"},
4085};
4086
4087static const char *ipw_get_status_code(u16 status)
4088{
4089        int i;
4090        for (i = 0; i < ARRAY_SIZE(ipw_status_codes); i++)
4091                if (ipw_status_codes[i].status == (status & 0xff))
4092                        return ipw_status_codes[i].reason;
4093        return "Unknown status value.";
4094}
4095
4096static void inline average_init(struct average *avg)
4097{
4098        memset(avg, 0, sizeof(*avg));
4099}
4100
4101#define DEPTH_RSSI 8
4102#define DEPTH_NOISE 16
4103static s16 exponential_average(s16 prev_avg, s16 val, u8 depth)
4104{
4105        return ((depth-1)*prev_avg +  val)/depth;
4106}
4107
4108static void average_add(struct average *avg, s16 val)
4109{
4110        avg->sum -= avg->entries[avg->pos];
4111        avg->sum += val;
4112        avg->entries[avg->pos++] = val;
4113        if (unlikely(avg->pos == AVG_ENTRIES)) {
4114                avg->init = 1;
4115                avg->pos = 0;
4116        }
4117}
4118
4119static s16 average_value(struct average *avg)
4120{
4121        if (!unlikely(avg->init)) {
4122                if (avg->pos)
4123                        return avg->sum / avg->pos;
4124                return 0;
4125        }
4126
4127        return avg->sum / AVG_ENTRIES;
4128}
4129
4130static void ipw_reset_stats(struct ipw_priv *priv)
4131{
4132        u32 len = sizeof(u32);
4133
4134        priv->quality = 0;
4135
4136        average_init(&priv->average_missed_beacons);
4137        priv->exp_avg_rssi = -60;
4138        priv->exp_avg_noise = -85 + 0x100;
4139
4140        priv->last_rate = 0;
4141        priv->last_missed_beacons = 0;
4142        priv->last_rx_packets = 0;
4143        priv->last_tx_packets = 0;
4144        priv->last_tx_failures = 0;
4145
4146        /* Firmware managed, reset only when NIC is restarted, so we have to
4147         * normalize on the current value */
4148        ipw_get_ordinal(priv, IPW_ORD_STAT_RX_ERR_CRC,
4149                        &priv->last_rx_err, &len);
4150        ipw_get_ordinal(priv, IPW_ORD_STAT_TX_FAILURE,
4151                        &priv->last_tx_failures, &len);
4152
4153        /* Driver managed, reset with each association */
4154        priv->missed_adhoc_beacons = 0;
4155        priv->missed_beacons = 0;
4156        priv->tx_packets = 0;
4157        priv->rx_packets = 0;
4158
4159}
4160
4161static u32 ipw_get_max_rate(struct ipw_priv *priv)
4162{
4163        u32 i = 0x80000000;
4164        u32 mask = priv->rates_mask;
4165        /* If currently associated in B mode, restrict the maximum
4166         * rate match to B rates */
4167        if (priv->assoc_request.ieee_mode == IPW_B_MODE)
4168                mask &= LIBIPW_CCK_RATES_MASK;
4169
4170        /* TODO: Verify that the rate is supported by the current rates
4171         * list. */
4172
4173        while (i && !(mask & i))
4174                i >>= 1;
4175        switch (i) {
4176        case LIBIPW_CCK_RATE_1MB_MASK:
4177                return 1000000;
4178        case LIBIPW_CCK_RATE_2MB_MASK:
4179                return 2000000;
4180        case LIBIPW_CCK_RATE_5MB_MASK:
4181                return 5500000;
4182        case LIBIPW_OFDM_RATE_6MB_MASK:
4183                return 6000000;
4184        case LIBIPW_OFDM_RATE_9MB_MASK:
4185                return 9000000;
4186        case LIBIPW_CCK_RATE_11MB_MASK:
4187                return 11000000;
4188        case LIBIPW_OFDM_RATE_12MB_MASK:
4189                return 12000000;
4190        case LIBIPW_OFDM_RATE_18MB_MASK:
4191                return 18000000;
4192        case LIBIPW_OFDM_RATE_24MB_MASK:
4193                return 24000000;
4194        case LIBIPW_OFDM_RATE_36MB_MASK:
4195                return 36000000;
4196        case LIBIPW_OFDM_RATE_48MB_MASK:
4197                return 48000000;
4198        case LIBIPW_OFDM_RATE_54MB_MASK:
4199                return 54000000;
4200        }
4201
4202        if (priv->ieee->mode == IEEE_B)
4203                return 11000000;
4204        else
4205                return 54000000;
4206}
4207
4208static u32 ipw_get_current_rate(struct ipw_priv *priv)
4209{
4210        u32 rate, len = sizeof(rate);
4211        int err;
4212
4213        if (!(priv->status & STATUS_ASSOCIATED))
4214                return 0;
4215
4216        if (priv->tx_packets > IPW_REAL_RATE_RX_PACKET_THRESHOLD) {
4217                err = ipw_get_ordinal(priv, IPW_ORD_STAT_TX_CURR_RATE, &rate,
4218                                      &len);
4219                if (err) {
4220                        IPW_DEBUG_INFO("failed querying ordinals.\n");
4221                        return 0;
4222                }
4223        } else
4224                return ipw_get_max_rate(priv);
4225
4226        switch (rate) {
4227        case IPW_TX_RATE_1MB:
4228                return 1000000;
4229        case IPW_TX_RATE_2MB:
4230                return 2000000;
4231        case IPW_TX_RATE_5MB:
4232                return 5500000;
4233        case IPW_TX_RATE_6MB:
4234                return 6000000;
4235        case IPW_TX_RATE_9MB:
4236                return 9000000;
4237        case IPW_TX_RATE_11MB:
4238                return 11000000;
4239        case IPW_TX_RATE_12MB:
4240                return 12000000;
4241        case IPW_TX_RATE_18MB:
4242                return 18000000;
4243        case IPW_TX_RATE_24MB:
4244                return 24000000;
4245        case IPW_TX_RATE_36MB:
4246                return 36000000;
4247        case IPW_TX_RATE_48MB:
4248                return 48000000;
4249        case IPW_TX_RATE_54MB:
4250                return 54000000;
4251        }
4252
4253        return 0;
4254}
4255
4256#define IPW_STATS_INTERVAL (2 * HZ)
4257static void ipw_gather_stats(struct ipw_priv *priv)
4258{
4259        u32 rx_err, rx_err_delta, rx_packets_delta;
4260        u32 tx_failures, tx_failures_delta, tx_packets_delta;
4261        u32 missed_beacons_percent, missed_beacons_delta;
4262        u32 quality = 0;
4263        u32 len = sizeof(u32);
4264        s16 rssi;
4265        u32 beacon_quality, signal_quality, tx_quality, rx_quality,
4266            rate_quality;
4267        u32 max_rate;
4268
4269        if (!(priv->status & STATUS_ASSOCIATED)) {
4270                priv->quality = 0;
4271                return;
4272        }
4273
4274        /* Update the statistics */
4275        ipw_get_ordinal(priv, IPW_ORD_STAT_MISSED_BEACONS,
4276                        &priv->missed_beacons, &len);
4277        missed_beacons_delta = priv->missed_beacons - priv->last_missed_beacons;
4278        priv->last_missed_beacons = priv->missed_beacons;
4279        if (priv->assoc_request.beacon_interval) {
4280                missed_beacons_percent = missed_beacons_delta *
4281                    (HZ * le16_to_cpu(priv->assoc_request.beacon_interval)) /
4282                    (IPW_STATS_INTERVAL * 10);
4283        } else {
4284                missed_beacons_percent = 0;
4285        }
4286        average_add(&priv->average_missed_beacons, missed_beacons_percent);
4287
4288        ipw_get_ordinal(priv, IPW_ORD_STAT_RX_ERR_CRC, &rx_err, &len);
4289        rx_err_delta = rx_err - priv->last_rx_err;
4290        priv->last_rx_err = rx_err;
4291
4292        ipw_get_ordinal(priv, IPW_ORD_STAT_TX_FAILURE, &tx_failures, &len);
4293        tx_failures_delta = tx_failures - priv->last_tx_failures;
4294        priv->last_tx_failures = tx_failures;
4295
4296        rx_packets_delta = priv->rx_packets - priv->last_rx_packets;
4297        priv->last_rx_packets = priv->rx_packets;
4298
4299        tx_packets_delta = priv->tx_packets - priv->last_tx_packets;
4300        priv->last_tx_packets = priv->tx_packets;
4301
4302        /* Calculate quality based on the following:
4303         *
4304         * Missed beacon: 100% = 0, 0% = 70% missed
4305         * Rate: 60% = 1Mbs, 100% = Max
4306         * Rx and Tx errors represent a straight % of total Rx/Tx
4307         * RSSI: 100% = > -50,  0% = < -80
4308         * Rx errors: 100% = 0, 0% = 50% missed
4309         *
4310         * The lowest computed quality is used.
4311         *
4312         */
4313#define BEACON_THRESHOLD 5
4314        beacon_quality = 100 - missed_beacons_percent;
4315        if (beacon_quality < BEACON_THRESHOLD)
4316                beacon_quality = 0;
4317        else
4318                beacon_quality = (beacon_quality - BEACON_THRESHOLD) * 100 /
4319                    (100 - BEACON_THRESHOLD);
4320        IPW_DEBUG_STATS("Missed beacon: %3d%% (%d%%)\n",
4321                        beacon_quality, missed_beacons_percent);
4322
4323        priv->last_rate = ipw_get_current_rate(priv);
4324        max_rate = ipw_get_max_rate(priv);
4325        rate_quality = priv->last_rate * 40 / max_rate + 60;
4326        IPW_DEBUG_STATS("Rate quality : %3d%% (%dMbs)\n",
4327                        rate_quality, priv->last_rate / 1000000);
4328
4329        if (rx_packets_delta > 100 && rx_packets_delta + rx_err_delta)
4330                rx_quality = 100 - (rx_err_delta * 100) /
4331                    (rx_packets_delta + rx_err_delta);
4332        else
4333                rx_quality = 100;
4334        IPW_DEBUG_STATS("Rx quality   : %3d%% (%u errors, %u packets)\n",
4335                        rx_quality, rx_err_delta, rx_packets_delta);
4336
4337        if (tx_packets_delta > 100 && tx_packets_delta + tx_failures_delta)
4338                tx_quality = 100 - (tx_failures_delta * 100) /
4339                    (tx_packets_delta + tx_failures_delta);
4340        else
4341                tx_quality = 100;
4342        IPW_DEBUG_STATS("Tx quality   : %3d%% (%u errors, %u packets)\n",
4343                        tx_quality, tx_failures_delta, tx_packets_delta);
4344
4345        rssi = priv->exp_avg_rssi;
4346        signal_quality =
4347            (100 *
4348             (priv->ieee->perfect_rssi - priv->ieee->worst_rssi) *
4349             (priv->ieee->perfect_rssi - priv->ieee->worst_rssi) -
4350             (priv->ieee->perfect_rssi - rssi) *
4351             (15 * (priv->ieee->perfect_rssi - priv->ieee->worst_rssi) +
4352              62 * (priv->ieee->perfect_rssi - rssi))) /
4353            ((priv->ieee->perfect_rssi - priv->ieee->worst_rssi) *
4354             (priv->ieee->perfect_rssi - priv->ieee->worst_rssi));
4355        if (signal_quality > 100)
4356                signal_quality = 100;
4357        else if (signal_quality < 1)
4358                signal_quality = 0;
4359
4360        IPW_DEBUG_STATS("Signal level : %3d%% (%d dBm)\n",
4361                        signal_quality, rssi);
4362
4363        quality = min(rx_quality, signal_quality);
4364        quality = min(tx_quality, quality);
4365        quality = min(rate_quality, quality);
4366        quality = min(beacon_quality, quality);
4367        if (quality == beacon_quality)
4368                IPW_DEBUG_STATS("Quality (%d%%): Clamped to missed beacons.\n",
4369                                quality);
4370        if (quality == rate_quality)
4371                IPW_DEBUG_STATS("Quality (%d%%): Clamped to rate quality.\n",
4372                                quality);
4373        if (quality == tx_quality)
4374                IPW_DEBUG_STATS("Quality (%d%%): Clamped to Tx quality.\n",
4375                                quality);
4376        if (quality == rx_quality)
4377                IPW_DEBUG_STATS("Quality (%d%%): Clamped to Rx quality.\n",
4378                                quality);
4379        if (quality == signal_quality)
4380                IPW_DEBUG_STATS("Quality (%d%%): Clamped to signal quality.\n",
4381                                quality);
4382
4383        priv->quality = quality;
4384
4385        schedule_delayed_work(&priv->gather_stats, IPW_STATS_INTERVAL);
4386}
4387
4388static void ipw_bg_gather_stats(struct work_struct *work)
4389{
4390        struct ipw_priv *priv =
4391                container_of(work, struct ipw_priv, gather_stats.work);
4392        mutex_lock(&priv->mutex);
4393        ipw_gather_stats(priv);
4394        mutex_unlock(&priv->mutex);
4395}
4396
4397/* Missed beacon behavior:
4398 * 1st missed -> roaming_threshold, just wait, don't do any scan/roam.
4399 * roaming_threshold -> disassociate_threshold, scan and roam for better signal.
4400 * Above disassociate threshold, give up and stop scanning.
4401 * Roaming is disabled if disassociate_threshold <= roaming_threshold  */
4402static void ipw_handle_missed_beacon(struct ipw_priv *priv,
4403                                            int missed_count)
4404{
4405        priv->notif_missed_beacons = missed_count;
4406
4407        if (missed_count > priv->disassociate_threshold &&
4408            priv->status & STATUS_ASSOCIATED) {
4409                /* If associated and we've hit the missed
4410                 * beacon threshold, disassociate, turn
4411                 * off roaming, and abort any active scans */
4412                IPW_DEBUG(IPW_DL_INFO | IPW_DL_NOTIF |
4413                          IPW_DL_STATE | IPW_DL_ASSOC,
4414                          "Missed beacon: %d - disassociate\n", missed_count);
4415                priv->status &= ~STATUS_ROAMING;
4416                if (priv->status & STATUS_SCANNING) {
4417                        IPW_DEBUG(IPW_DL_INFO | IPW_DL_NOTIF |
4418                                  IPW_DL_STATE,
4419                                  "Aborting scan with missed beacon.\n");
4420                        schedule_work(&priv->abort_scan);
4421                }
4422
4423                schedule_work(&priv->disassociate);
4424                return;
4425        }
4426
4427        if (priv->status & STATUS_ROAMING) {
4428                /* If we are currently roaming, then just
4429                 * print a debug statement... */
4430                IPW_DEBUG(IPW_DL_NOTIF | IPW_DL_STATE,
4431                          "Missed beacon: %d - roam in progress\n",
4432                          missed_count);
4433                return;
4434        }
4435
4436        if (roaming &&
4437            (missed_count > priv->roaming_threshold &&
4438             missed_count <= priv->disassociate_threshold)) {
4439                /* If we are not already roaming, set the ROAM
4440                 * bit in the status and kick off a scan.
4441                 * This can happen several times before we reach
4442                 * disassociate_threshold. */
4443                IPW_DEBUG(IPW_DL_NOTIF | IPW_DL_STATE,
4444                          "Missed beacon: %d - initiate "
4445                          "roaming\n", missed_count);
4446                if (!(priv->status & STATUS_ROAMING)) {
4447                        priv->status |= STATUS_ROAMING;
4448                        if (!(priv->status & STATUS_SCANNING))
4449                                schedule_delayed_work(&priv->request_scan, 0);
4450                }
4451                return;
4452        }
4453
4454        if (priv->status & STATUS_SCANNING &&
4455            missed_count > IPW_MB_SCAN_CANCEL_THRESHOLD) {
4456                /* Stop scan to keep fw from getting
4457                 * stuck (only if we aren't roaming --
4458                 * otherwise we'll never scan more than 2 or 3
4459                 * channels..) */
4460                IPW_DEBUG(IPW_DL_INFO | IPW_DL_NOTIF | IPW_DL_STATE,
4461                          "Aborting scan with missed beacon.\n");
4462                schedule_work(&priv->abort_scan);
4463        }
4464
4465        IPW_DEBUG_NOTIF("Missed beacon: %d\n", missed_count);
4466}
4467
4468static void ipw_scan_event(struct work_struct *work)
4469{
4470        union iwreq_data wrqu;
4471
4472        struct ipw_priv *priv =
4473                container_of(work, struct ipw_priv, scan_event.work);
4474
4475        wrqu.data.length = 0;
4476        wrqu.data.flags = 0;
4477        wireless_send_event(priv->net_dev, SIOCGIWSCAN, &wrqu, NULL);
4478}
4479
4480static void handle_scan_event(struct ipw_priv *priv)
4481{
4482        /* Only userspace-requested scan completion events go out immediately */
4483        if (!priv->user_requested_scan) {
4484                schedule_delayed_work(&priv->scan_event,
4485                                      round_jiffies_relative(msecs_to_jiffies(4000)));
4486        } else {
4487                priv->user_requested_scan = 0;
4488                mod_delayed_work(system_wq, &priv->scan_event, 0);
4489        }
4490}
4491
4492/**
4493 * Handle host notification packet.
4494 * Called from interrupt routine
4495 */
4496static void ipw_rx_notification(struct ipw_priv *priv,
4497                                       struct ipw_rx_notification *notif)
4498{
4499        DECLARE_SSID_BUF(ssid);
4500        u16 size = le16_to_cpu(notif->size);
4501
4502        IPW_DEBUG_NOTIF("type = %i (%d bytes)\n", notif->subtype, size);
4503
4504        switch (notif->subtype) {
4505        case HOST_NOTIFICATION_STATUS_ASSOCIATED:{
4506                        struct notif_association *assoc = &notif->u.assoc;
4507
4508                        switch (assoc->state) {
4509                        case CMAS_ASSOCIATED:{
4510                                        IPW_DEBUG(IPW_DL_NOTIF | IPW_DL_STATE |
4511                                                  IPW_DL_ASSOC,
4512                                                  "associated: '%s' %pM\n",
4513                                                  print_ssid(ssid, priv->essid,
4514                                                             priv->essid_len),
4515                                                  priv->bssid);
4516
4517                                        switch (priv->ieee->iw_mode) {
4518                                        case IW_MODE_INFRA:
4519                                                memcpy(priv->ieee->bssid,
4520                                                       priv->bssid, ETH_ALEN);
4521                                                break;
4522
4523                                        case IW_MODE_ADHOC:
4524                                                memcpy(priv->ieee->bssid,
4525                                                       priv->bssid, ETH_ALEN);
4526
4527                                                /* clear out the station table */
4528                                                priv->num_stations = 0;
4529
4530                                                IPW_DEBUG_ASSOC
4531                                                    ("queueing adhoc check\n");
4532                                                schedule_delayed_work(
4533                                                        &priv->adhoc_check,
4534                                                        le16_to_cpu(priv->
4535                                                        assoc_request.
4536                                                        beacon_interval));
4537                                                break;
4538                                        }
4539
4540                                        priv->status &= ~STATUS_ASSOCIATING;
4541                                        priv->status |= STATUS_ASSOCIATED;
4542                                        schedule_work(&priv->system_config);
4543
4544#ifdef CONFIG_IPW2200_QOS
4545#define IPW_GET_PACKET_STYPE(x) WLAN_FC_GET_STYPE( \
4546                         le16_to_cpu(((struct ieee80211_hdr *)(x))->frame_control))
4547                                        if ((priv->status & STATUS_AUTH) &&
4548                                            (IPW_GET_PACKET_STYPE(&notif->u.raw)
4549                                             == IEEE80211_STYPE_ASSOC_RESP)) {
4550                                                if ((sizeof
4551                                                     (struct
4552                                                      libipw_assoc_response)
4553                                                     <= size)
4554                                                    && (size <= 2314)) {
4555                                                        struct
4556                                                        libipw_rx_stats
4557                                                            stats = {
4558                                                                .len = size - 1,
4559                                                        };
4560
4561                                                        IPW_DEBUG_QOS
4562                                                            ("QoS Associate "
4563                                                             "size %d\n", size);
4564                                                        libipw_rx_mgt(priv->
4565                                                                         ieee,
4566                                                                         (struct
4567                                                                          libipw_hdr_4addr
4568                                                                          *)
4569                                                                         &notif->u.raw, &stats);
4570                                                }
4571                                        }
4572#endif
4573
4574                                        schedule_work(&priv->link_up);
4575
4576                                        break;
4577                                }
4578
4579                        case CMAS_AUTHENTICATED:{
4580                                        if (priv->
4581                                            status & (STATUS_ASSOCIATED |
4582                                                      STATUS_AUTH)) {
4583                                                struct notif_authenticate *auth
4584                                                    = &notif->u.auth;
4585                                                IPW_DEBUG(IPW_DL_NOTIF |
4586                                                          IPW_DL_STATE |
4587                                                          IPW_DL_ASSOC,
4588                                                          "deauthenticated: '%s' "
4589                                                          "%pM"
4590                                                          ": (0x%04X) - %s\n",
4591                                                          print_ssid(ssid,
4592                                                                     priv->
4593                                                                     essid,
4594                                                                     priv->
4595                                                                     essid_len),
4596                                                          priv->bssid,
4597                                                          le16_to_cpu(auth->status),
4598                                                          ipw_get_status_code
4599                                                          (le16_to_cpu
4600                                                           (auth->status)));
4601
4602                                                priv->status &=
4603                                                    ~(STATUS_ASSOCIATING |
4604                                                      STATUS_AUTH |
4605                                                      STATUS_ASSOCIATED);
4606
4607                                                schedule_work(&priv->link_down);
4608                                                break;
4609                                        }
4610
4611                                        IPW_DEBUG(IPW_DL_NOTIF | IPW_DL_STATE |
4612                                                  IPW_DL_ASSOC,
4613                                                  "authenticated: '%s' %pM\n",
4614                                                  print_ssid(ssid, priv->essid,
4615                                                             priv->essid_len),
4616                                                  priv->bssid);
4617                                        break;
4618                                }
4619
4620                        case CMAS_INIT:{
4621                                        if (priv->status & STATUS_AUTH) {
4622                                                struct
4623                                                    libipw_assoc_response
4624                                                *resp;
4625                                                resp =
4626                                                    (struct
4627                                                     libipw_assoc_response
4628                                                     *)&notif->u.raw;
4629                                                IPW_DEBUG(IPW_DL_NOTIF |
4630                                                          IPW_DL_STATE |
4631                                                          IPW_DL_ASSOC,
4632                                                          "association failed (0x%04X): %s\n",
4633                                                          le16_to_cpu(resp->status),
4634                                                          ipw_get_status_code
4635                                                          (le16_to_cpu
4636                                                           (resp->status)));
4637                                        }
4638
4639                                        IPW_DEBUG(IPW_DL_NOTIF | IPW_DL_STATE |
4640                                                  IPW_DL_ASSOC,
4641                                                  "disassociated: '%s' %pM\n",
4642                                                  print_ssid(ssid, priv->essid,
4643                                                             priv->essid_len),
4644                                                  priv->bssid);
4645
4646                                        priv->status &=
4647                                            ~(STATUS_DISASSOCIATING |
4648                                              STATUS_ASSOCIATING |
4649                                              STATUS_ASSOCIATED | STATUS_AUTH);
4650                                        if (priv->assoc_network
4651                                            && (priv->assoc_network->
4652                                                capability &
4653                                                WLAN_CAPABILITY_IBSS))
4654                                                ipw_remove_current_network
4655                                                    (priv);
4656
4657                                        schedule_work(&priv->link_down);
4658
4659                                        break;
4660                                }
4661
4662                        case CMAS_RX_ASSOC_RESP:
4663                                break;
4664
4665                        default:
4666                                IPW_ERROR("assoc: unknown (%d)\n",
4667                                          assoc->state);
4668                                break;
4669                        }
4670
4671                        break;
4672                }
4673
4674        case HOST_NOTIFICATION_STATUS_AUTHENTICATE:{
4675                        struct notif_authenticate *auth = &notif->u.auth;
4676                        switch (auth->state) {
4677                        case CMAS_AUTHENTICATED:
4678                                IPW_DEBUG(IPW_DL_NOTIF | IPW_DL_STATE,
4679                                          "authenticated: '%s' %pM\n",
4680                                          print_ssid(ssid, priv->essid,
4681                                                     priv->essid_len),
4682                                          priv->bssid);
4683                                priv->status |= STATUS_AUTH;
4684                                break;
4685
4686                        case CMAS_INIT:
4687                                if (priv->status & STATUS_AUTH) {
4688                                        IPW_DEBUG(IPW_DL_NOTIF | IPW_DL_STATE |
4689                                                  IPW_DL_ASSOC,
4690                                                  "authentication failed (0x%04X): %s\n",
4691                                                  le16_to_cpu(auth->status),
4692                                                  ipw_get_status_code(le16_to_cpu
4693                                                                      (auth->
4694                                                                       status)));
4695                                }
4696                                IPW_DEBUG(IPW_DL_NOTIF | IPW_DL_STATE |
4697                                          IPW_DL_ASSOC,
4698                                          "deauthenticated: '%s' %pM\n",
4699                                          print_ssid(ssid, priv->essid,
4700                                                     priv->essid_len),
4701                                          priv->bssid);
4702
4703                                priv->status &= ~(STATUS_ASSOCIATING |
4704                                                  STATUS_AUTH |
4705                                                  STATUS_ASSOCIATED);
4706
4707                                schedule_work(&priv->link_down);
4708                                break;
4709
4710                        case CMAS_TX_AUTH_SEQ_1:
4711                                IPW_DEBUG(IPW_DL_NOTIF | IPW_DL_STATE |
4712                                          IPW_DL_ASSOC, "AUTH_SEQ_1\n");
4713                                break;
4714                        case CMAS_RX_AUTH_SEQ_2:
4715                                IPW_DEBUG(IPW_DL_NOTIF | IPW_DL_STATE |
4716                                          IPW_DL_ASSOC, "AUTH_SEQ_2\n");
4717                                break;
4718                        case CMAS_AUTH_SEQ_1_PASS:
4719                                IPW_DEBUG(IPW_DL_NOTIF | IPW_DL_STATE |
4720                                          IPW_DL_ASSOC, "AUTH_SEQ_1_PASS\n");
4721                                break;
4722                        case CMAS_AUTH_SEQ_1_FAIL:
4723                                IPW_DEBUG(IPW_DL_NOTIF | IPW_DL_STATE |
4724                                          IPW_DL_ASSOC, "AUTH_SEQ_1_FAIL\n");
4725                                break;
4726                        case CMAS_TX_AUTH_SEQ_3:
4727                                IPW_DEBUG(IPW_DL_NOTIF | IPW_DL_STATE |
4728                                          IPW_DL_ASSOC, "AUTH_SEQ_3\n");
4729                                break;
4730                        case CMAS_RX_AUTH_SEQ_4:
4731                                IPW_DEBUG(IPW_DL_NOTIF | IPW_DL_STATE |
4732                                          IPW_DL_ASSOC, "RX_AUTH_SEQ_4\n");
4733                                break;
4734                        case CMAS_AUTH_SEQ_2_PASS:
4735                                IPW_DEBUG(IPW_DL_NOTIF | IPW_DL_STATE |
4736                                          IPW_DL_ASSOC, "AUTH_SEQ_2_PASS\n");
4737                                break;
4738                        case CMAS_AUTH_SEQ_2_FAIL:
4739                                IPW_DEBUG(IPW_DL_NOTIF | IPW_DL_STATE |
4740                                          IPW_DL_ASSOC, "AUT_SEQ_2_FAIL\n");
4741                                break;
4742                        case CMAS_TX_ASSOC:
4743                                IPW_DEBUG(IPW_DL_NOTIF | IPW_DL_STATE |
4744                                          IPW_DL_ASSOC, "TX_ASSOC\n");
4745                                break;
4746                        case CMAS_RX_ASSOC_RESP:
4747                                IPW_DEBUG(IPW_DL_NOTIF | IPW_DL_STATE |
4748                                          IPW_DL_ASSOC, "RX_ASSOC_RESP\n");
4749
4750                                break;
4751                        case CMAS_ASSOCIATED:
4752                                IPW_DEBUG(IPW_DL_NOTIF | IPW_DL_STATE |
4753                                          IPW_DL_ASSOC, "ASSOCIATED\n");
4754                                break;
4755                        default:
4756                                IPW_DEBUG_NOTIF("auth: failure - %d\n",
4757                                                auth->state);
4758                                break;
4759                        }
4760                        break;
4761                }
4762
4763        case HOST_NOTIFICATION_STATUS_SCAN_CHANNEL_RESULT:{
4764                        struct notif_channel_result *x =
4765                            &notif->u.channel_result;
4766
4767                        if (size == sizeof(*x)) {
4768                                IPW_DEBUG_SCAN("Scan result for channel %d\n",
4769                                               x->channel_num);
4770                        } else {
4771                                IPW_DEBUG_SCAN("Scan result of wrong size %d "
4772                                               "(should be %zd)\n",
4773                                               size, sizeof(*x));
4774                        }
4775                        break;
4776                }
4777
4778        case HOST_NOTIFICATION_STATUS_SCAN_COMPLETED:{
4779                        struct notif_scan_complete *x = &notif->u.scan_complete;
4780                        if (size == sizeof(*x)) {
4781                                IPW_DEBUG_SCAN
4782                                    ("Scan completed: type %d, %d channels, "
4783                                     "%d status\n", x->scan_type,
4784                                     x->num_channels, x->status);
4785                        } else {
4786                                IPW_ERROR("Scan completed of wrong size %d "
4787                                          "(should be %zd)\n",
4788                                          size, sizeof(*x));
4789                        }
4790
4791                        priv->status &=
4792                            ~(STATUS_SCANNING | STATUS_SCAN_ABORTING);
4793
4794                        wake_up_interruptible(&priv->wait_state);
4795                        cancel_delayed_work(&priv->scan_check);
4796
4797                        if (priv->status & STATUS_EXIT_PENDING)
4798                                break;
4799
4800                        priv->ieee->scans++;
4801
4802#ifdef CONFIG_IPW2200_MONITOR
4803                        if (priv->ieee->iw_mode == IW_MODE_MONITOR) {
4804                                priv->status |= STATUS_SCAN_FORCED;
4805                                schedule_delayed_work(&priv->request_scan, 0);
4806                                break;