1 /*
2
3 Broadcom B43 wireless driver
4
5 Copyright (c) 2005 Martin Langer <martin-langer@gmx.de>
6 Copyright (c) 2005 Stefano Brivio <stefano.brivio@polimi.it>
7 Copyright (c) 2005-2009 Michael Buesch <m@bues.ch>
8 Copyright (c) 2005 Danny van Dyk <kugelfang@gentoo.org>
9 Copyright (c) 2005 Andreas Jaggi <andreas.jaggi@waterwave.ch>
10 Copyright (c) 2010-2011 Rafał Miłecki <zajec5@gmail.com>
11
12 SDIO support
13 Copyright (c) 2009 Albert Herranz <albert_herranz@yahoo.es>
14
15 Some parts of the code in this file are derived from the ipw2200
16 driver Copyright(c) 2003 - 2004 Intel Corporation.
17
18 This program is free software; you can redistribute it and/or modify
19 it under the terms of the GNU General Public License as published by
20 the Free Software Foundation; either version 2 of the License, or
21 (at your option) any later version.
22
23 This program is distributed in the hope that it will be useful,
24 but WITHOUT ANY WARRANTY; without even the implied warranty of
25 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
26 GNU General Public License for more details.
27
28 You should have received a copy of the GNU General Public License
29 along with this program; see the file COPYING. If not, write to
30 the Free Software Foundation, Inc., 51 Franklin Steet, Fifth Floor,
31 Boston, MA 02110-1301, USA.
32
33 */
34
35 #include <linux/delay.h>
36 #include <linux/init.h>
37 #include <linux/module.h>
38 #include <linux/if_arp.h>
39 #include <linux/etherdevice.h>
40 #include <linux/firmware.h>
41 #include <linux/workqueue.h>
42 #include <linux/skbuff.h>
43 #include <linux/io.h>
44 #include <linux/dma-mapping.h>
45 #include <linux/slab.h>
46 #include <asm/unaligned.h>
47
48 #include "b43.h"
49 #include "main.h"
50 #include "debugfs.h"
51 #include "phy_common.h"
52 #include "phy_g.h"
53 #include "phy_n.h"
54 #include "dma.h"
55 #include "pio.h"
56 #include "sysfs.h"
57 #include "xmit.h"
58 #include "lo.h"
59 #include "pcmcia.h"
60 #include "sdio.h"
61 #include <linux/mmc/sdio_func.h>
62
63 MODULE_DESCRIPTION("Broadcom B43 wireless driver");
64 MODULE_AUTHOR("Martin Langer");
65 MODULE_AUTHOR("Stefano Brivio");
66 MODULE_AUTHOR("Michael Buesch");
67 MODULE_AUTHOR("Gábor Stefanik");
68 MODULE_AUTHOR("Rafał Miłecki");
69 MODULE_LICENSE("GPL");
70
71 MODULE_FIRMWARE("b43/ucode11.fw");
72 MODULE_FIRMWARE("b43/ucode13.fw");
73 MODULE_FIRMWARE("b43/ucode14.fw");
74 MODULE_FIRMWARE("b43/ucode15.fw");
75 MODULE_FIRMWARE("b43/ucode16_mimo.fw");
76 MODULE_FIRMWARE("b43/ucode5.fw");
77 MODULE_FIRMWARE("b43/ucode9.fw");
78
79 static int modparam_bad_frames_preempt;
80 module_param_named(bad_frames_preempt, modparam_bad_frames_preempt, int, 0444);
81 MODULE_PARM_DESC(bad_frames_preempt,
82 "enable(1) / disable(0) Bad Frames Preemption");
83
84 static char modparam_fwpostfix[16];
85 module_param_string(fwpostfix, modparam_fwpostfix, 16, 0444);
86 MODULE_PARM_DESC(fwpostfix, "Postfix for the .fw files to load.");
87
88 static int modparam_hwpctl;
89 module_param_named(hwpctl, modparam_hwpctl, int, 0444);
90 MODULE_PARM_DESC(hwpctl, "Enable hardware-side power control (default off)");
91
92 static int modparam_nohwcrypt;
93 module_param_named(nohwcrypt, modparam_nohwcrypt, int, 0444);
94 MODULE_PARM_DESC(nohwcrypt, "Disable hardware encryption.");
95
96 static int modparam_hwtkip;
97 module_param_named(hwtkip, modparam_hwtkip, int, 0444);
98 MODULE_PARM_DESC(hwtkip, "Enable hardware tkip.");
99
100 static int modparam_qos = 1;
101 module_param_named(qos, modparam_qos, int, 0444);
102 MODULE_PARM_DESC(qos, "Enable QOS support (default on)");
103
104 static int modparam_btcoex = 1;
105 module_param_named(btcoex, modparam_btcoex, int, 0444);
106 MODULE_PARM_DESC(btcoex, "Enable Bluetooth coexistence (default on)");
107
108 int b43_modparam_verbose = B43_VERBOSITY_DEFAULT;
109 module_param_named(verbose, b43_modparam_verbose, int, 0644);
110 MODULE_PARM_DESC(verbose, "Log message verbosity: 0=error, 1=warn, 2=info(default), 3=debug");
111
112 static int b43_modparam_pio = 0;
113 module_param_named(pio, b43_modparam_pio, int, 0644);
114 MODULE_PARM_DESC(pio, "Use PIO accesses by default: 0=DMA, 1=PIO");
115
116 #ifdef CONFIG_B43_BCMA
117 static const struct bcma_device_id b43_bcma_tbl[] = {
118 BCMA_CORE(BCMA_MANUF_BCM, BCMA_CORE_80211, 0x11, BCMA_ANY_CLASS),
119 #ifdef CONFIG_B43_BCMA_EXTRA
120 BCMA_CORE(BCMA_MANUF_BCM, BCMA_CORE_80211, 0x17, BCMA_ANY_CLASS),
121 BCMA_CORE(BCMA_MANUF_BCM, BCMA_CORE_80211, 0x18, BCMA_ANY_CLASS),
122 #endif
123 BCMA_CORE(BCMA_MANUF_BCM, BCMA_CORE_80211, 0x1D, BCMA_ANY_CLASS),
124 BCMA_CORETABLE_END
125 };
126 MODULE_DEVICE_TABLE(bcma, b43_bcma_tbl);
127 #endif
128
129 #ifdef CONFIG_B43_SSB
130 static const struct ssb_device_id b43_ssb_tbl[] = {
131 SSB_DEVICE(SSB_VENDOR_BROADCOM, SSB_DEV_80211, 5),
132 SSB_DEVICE(SSB_VENDOR_BROADCOM, SSB_DEV_80211, 6),
133 SSB_DEVICE(SSB_VENDOR_BROADCOM, SSB_DEV_80211, 7),
134 SSB_DEVICE(SSB_VENDOR_BROADCOM, SSB_DEV_80211, 9),
135 SSB_DEVICE(SSB_VENDOR_BROADCOM, SSB_DEV_80211, 10),
136 SSB_DEVICE(SSB_VENDOR_BROADCOM, SSB_DEV_80211, 11),
137 SSB_DEVICE(SSB_VENDOR_BROADCOM, SSB_DEV_80211, 12),
138 SSB_DEVICE(SSB_VENDOR_BROADCOM, SSB_DEV_80211, 13),
139 SSB_DEVICE(SSB_VENDOR_BROADCOM, SSB_DEV_80211, 15),
140 SSB_DEVICE(SSB_VENDOR_BROADCOM, SSB_DEV_80211, 16),
141 SSB_DEVTABLE_END
142 };
143 MODULE_DEVICE_TABLE(ssb, b43_ssb_tbl);
144 #endif
145
146 /* Channel and ratetables are shared for all devices.
147 * They can't be const, because ieee80211 puts some precalculated
148 * data in there. This data is the same for all devices, so we don't
149 * get concurrency issues */
150 #define RATETAB_ENT(_rateid, _flags) \
151 { \
152 .bitrate = B43_RATE_TO_BASE100KBPS(_rateid), \
153 .hw_value = (_rateid), \
154 .flags = (_flags), \
155 }
156
157 /*
158 * NOTE: When changing this, sync with xmit.c's
159 * b43_plcp_get_bitrate_idx_* functions!
160 */
161 static struct ieee80211_rate __b43_ratetable[] = {
162 RATETAB_ENT(B43_CCK_RATE_1MB, 0),
163 RATETAB_ENT(B43_CCK_RATE_2MB, IEEE80211_RATE_SHORT_PREAMBLE),
164 RATETAB_ENT(B43_CCK_RATE_5MB, IEEE80211_RATE_SHORT_PREAMBLE),
165 RATETAB_ENT(B43_CCK_RATE_11MB, IEEE80211_RATE_SHORT_PREAMBLE),
166 RATETAB_ENT(B43_OFDM_RATE_6MB, 0),
167 RATETAB_ENT(B43_OFDM_RATE_9MB, 0),
168 RATETAB_ENT(B43_OFDM_RATE_12MB, 0),
169 RATETAB_ENT(B43_OFDM_RATE_18MB, 0),
170 RATETAB_ENT(B43_OFDM_RATE_24MB, 0),
171 RATETAB_ENT(B43_OFDM_RATE_36MB, 0),
172 RATETAB_ENT(B43_OFDM_RATE_48MB, 0),
173 RATETAB_ENT(B43_OFDM_RATE_54MB, 0),
174 };
175
176 #define b43_a_ratetable (__b43_ratetable + 4)
177 #define b43_a_ratetable_size 8
178 #define b43_b_ratetable (__b43_ratetable + 0)
179 #define b43_b_ratetable_size 4
180 #define b43_g_ratetable (__b43_ratetable + 0)
181 #define b43_g_ratetable_size 12
182
183 #define CHAN4G(_channel, _freq, _flags) { \
184 .band = IEEE80211_BAND_2GHZ, \
185 .center_freq = (_freq), \
186 .hw_value = (_channel), \
187 .flags = (_flags), \
188 .max_antenna_gain = 0, \
189 .max_power = 30, \
190 }
191 static struct ieee80211_channel b43_2ghz_chantable[] = {
192 CHAN4G(1, 2412, 0),
193 CHAN4G(2, 2417, 0),
194 CHAN4G(3, 2422, 0),
195 CHAN4G(4, 2427, 0),
196 CHAN4G(5, 2432, 0),
197 CHAN4G(6, 2437, 0),
198 CHAN4G(7, 2442, 0),
199 CHAN4G(8, 2447, 0),
200 CHAN4G(9, 2452, 0),
201 CHAN4G(10, 2457, 0),
202 CHAN4G(11, 2462, 0),
203 CHAN4G(12, 2467, 0),
204 CHAN4G(13, 2472, 0),
205 CHAN4G(14, 2484, 0),
206 };
207 #undef CHAN4G
208
209 #define CHAN5G(_channel, _flags) { \
210 .band = IEEE80211_BAND_5GHZ, \
211 .center_freq = 5000 + (5 * (_channel)), \
212 .hw_value = (_channel), \
213 .flags = (_flags), \
214 .max_antenna_gain = 0, \
215 .max_power = 30, \
216 }
217 static struct ieee80211_channel b43_5ghz_nphy_chantable[] = {
218 CHAN5G(32, 0), CHAN5G(34, 0),
219 CHAN5G(36, 0), CHAN5G(38, 0),
220 CHAN5G(40, 0), CHAN5G(42, 0),
221 CHAN5G(44, 0), CHAN5G(46, 0),
222 CHAN5G(48, 0), CHAN5G(50, 0),
223 CHAN5G(52, 0), CHAN5G(54, 0),
224 CHAN5G(56, 0), CHAN5G(58, 0),
225 CHAN5G(60, 0), CHAN5G(62, 0),
226 CHAN5G(64, 0), CHAN5G(66, 0),
227 CHAN5G(68, 0), CHAN5G(70, 0),
228 CHAN5G(72, 0), CHAN5G(74, 0),
229 CHAN5G(76, 0), CHAN5G(78, 0),
230 CHAN5G(80, 0), CHAN5G(82, 0),
231 CHAN5G(84, 0), CHAN5G(86, 0),
232 CHAN5G(88, 0), CHAN5G(90, 0),
233 CHAN5G(92, 0), CHAN5G(94, 0),
234 CHAN5G(96, 0), CHAN5G(98, 0),
235 CHAN5G(100, 0), CHAN5G(102, 0),
236 CHAN5G(104, 0), CHAN5G(106, 0),
237 CHAN5G(108, 0), CHAN5G(110, 0),
238 CHAN5G(112, 0), CHAN5G(114, 0),
239 CHAN5G(116, 0), CHAN5G(118, 0),
240 CHAN5G(120, 0), CHAN5G(122, 0),
241 CHAN5G(124, 0), CHAN5G(126, 0),
242 CHAN5G(128, 0), CHAN5G(130, 0),
243 CHAN5G(132, 0), CHAN5G(134, 0),
244 CHAN5G(136, 0), CHAN5G(138, 0),
245 CHAN5G(140, 0), CHAN5G(142, 0),
246 CHAN5G(144, 0), CHAN5G(145, 0),
247 CHAN5G(146, 0), CHAN5G(147, 0),
248 CHAN5G(148, 0), CHAN5G(149, 0),
249 CHAN5G(150, 0), CHAN5G(151, 0),
250 CHAN5G(152, 0), CHAN5G(153, 0),
251 CHAN5G(154, 0), CHAN5G(155, 0),
252 CHAN5G(156, 0), CHAN5G(157, 0),
253 CHAN5G(158, 0), CHAN5G(159, 0),
254 CHAN5G(160, 0), CHAN5G(161, 0),
255 CHAN5G(162, 0), CHAN5G(163, 0),
256 CHAN5G(164, 0), CHAN5G(165, 0),
257 CHAN5G(166, 0), CHAN5G(168, 0),
258 CHAN5G(170, 0), CHAN5G(172, 0),
259 CHAN5G(174, 0), CHAN5G(176, 0),
260 CHAN5G(178, 0), CHAN5G(180, 0),
261 CHAN5G(182, 0), CHAN5G(184, 0),
262 CHAN5G(186, 0), CHAN5G(188, 0),
263 CHAN5G(190, 0), CHAN5G(192, 0),
264 CHAN5G(194, 0), CHAN5G(196, 0),
265 CHAN5G(198, 0), CHAN5G(200, 0),
266 CHAN5G(202, 0), CHAN5G(204, 0),
267 CHAN5G(206, 0), CHAN5G(208, 0),
268 CHAN5G(210, 0), CHAN5G(212, 0),
269 CHAN5G(214, 0), CHAN5G(216, 0),
270 CHAN5G(218, 0), CHAN5G(220, 0),
271 CHAN5G(222, 0), CHAN5G(224, 0),
272 CHAN5G(226, 0), CHAN5G(228, 0),
273 };
274
275 static struct ieee80211_channel b43_5ghz_aphy_chantable[] = {
276 CHAN5G(34, 0), CHAN5G(36, 0),
277 CHAN5G(38, 0), CHAN5G(40, 0),
278 CHAN5G(42, 0), CHAN5G(44, 0),
279 CHAN5G(46, 0), CHAN5G(48, 0),
280 CHAN5G(52, 0), CHAN5G(56, 0),
281 CHAN5G(60, 0), CHAN5G(64, 0),
282 CHAN5G(100, 0), CHAN5G(104, 0),
283 CHAN5G(108, 0), CHAN5G(112, 0),
284 CHAN5G(116, 0), CHAN5G(120, 0),
285 CHAN5G(124, 0), CHAN5G(128, 0),
286 CHAN5G(132, 0), CHAN5G(136, 0),
287 CHAN5G(140, 0), CHAN5G(149, 0),
288 CHAN5G(153, 0), CHAN5G(157, 0),
289 CHAN5G(161, 0), CHAN5G(165, 0),
290 CHAN5G(184, 0), CHAN5G(188, 0),
291 CHAN5G(192, 0), CHAN5G(196, 0),
292 CHAN5G(200, 0), CHAN5G(204, 0),
293 CHAN5G(208, 0), CHAN5G(212, 0),
294 CHAN5G(216, 0),
295 };
296 #undef CHAN5G
297
298 static struct ieee80211_supported_band b43_band_5GHz_nphy = {
299 .band = IEEE80211_BAND_5GHZ,
300 .channels = b43_5ghz_nphy_chantable,
301 .n_channels = ARRAY_SIZE(b43_5ghz_nphy_chantable),
302 .bitrates = b43_a_ratetable,
303 .n_bitrates = b43_a_ratetable_size,
304 };
305
306 static struct ieee80211_supported_band b43_band_5GHz_aphy = {
307 .band = IEEE80211_BAND_5GHZ,
308 .channels = b43_5ghz_aphy_chantable,
309 .n_channels = ARRAY_SIZE(b43_5ghz_aphy_chantable),
310 .bitrates = b43_a_ratetable,
311 .n_bitrates = b43_a_ratetable_size,
312 };
313
314 static struct ieee80211_supported_band b43_band_2GHz = {
315 .band = IEEE80211_BAND_2GHZ,
316 .channels = b43_2ghz_chantable,
317 .n_channels = ARRAY_SIZE(b43_2ghz_chantable),
318 .bitrates = b43_g_ratetable,
319 .n_bitrates = b43_g_ratetable_size,
320 };
321
322 static void b43_wireless_core_exit(struct b43_wldev *dev);
323 static int b43_wireless_core_init(struct b43_wldev *dev);
324 static struct b43_wldev * b43_wireless_core_stop(struct b43_wldev *dev);
325 static int b43_wireless_core_start(struct b43_wldev *dev);
326 static void b43_op_bss_info_changed(struct ieee80211_hw *hw,
327 struct ieee80211_vif *vif,
328 struct ieee80211_bss_conf *conf,
329 u32 changed);
330
b43_ratelimit(struct b43_wl * wl)331 static int b43_ratelimit(struct b43_wl *wl)
332 {
333 if (!wl || !wl->current_dev)
334 return 1;
335 if (b43_status(wl->current_dev) < B43_STAT_STARTED)
336 return 1;
337 /* We are up and running.
338 * Ratelimit the messages to avoid DoS over the net. */
339 return net_ratelimit();
340 }
341
b43info(struct b43_wl * wl,const char * fmt,...)342 void b43info(struct b43_wl *wl, const char *fmt, ...)
343 {
344 struct va_format vaf;
345 va_list args;
346
347 if (b43_modparam_verbose < B43_VERBOSITY_INFO)
348 return;
349 if (!b43_ratelimit(wl))
350 return;
351
352 va_start(args, fmt);
353
354 vaf.fmt = fmt;
355 vaf.va = &args;
356
357 printk(KERN_INFO "b43-%s: %pV",
358 (wl && wl->hw) ? wiphy_name(wl->hw->wiphy) : "wlan", &vaf);
359
360 va_end(args);
361 }
362
b43err(struct b43_wl * wl,const char * fmt,...)363 void b43err(struct b43_wl *wl, const char *fmt, ...)
364 {
365 struct va_format vaf;
366 va_list args;
367
368 if (b43_modparam_verbose < B43_VERBOSITY_ERROR)
369 return;
370 if (!b43_ratelimit(wl))
371 return;
372
373 va_start(args, fmt);
374
375 vaf.fmt = fmt;
376 vaf.va = &args;
377
378 printk(KERN_ERR "b43-%s ERROR: %pV",
379 (wl && wl->hw) ? wiphy_name(wl->hw->wiphy) : "wlan", &vaf);
380
381 va_end(args);
382 }
383
b43warn(struct b43_wl * wl,const char * fmt,...)384 void b43warn(struct b43_wl *wl, const char *fmt, ...)
385 {
386 struct va_format vaf;
387 va_list args;
388
389 if (b43_modparam_verbose < B43_VERBOSITY_WARN)
390 return;
391 if (!b43_ratelimit(wl))
392 return;
393
394 va_start(args, fmt);
395
396 vaf.fmt = fmt;
397 vaf.va = &args;
398
399 printk(KERN_WARNING "b43-%s warning: %pV",
400 (wl && wl->hw) ? wiphy_name(wl->hw->wiphy) : "wlan", &vaf);
401
402 va_end(args);
403 }
404
b43dbg(struct b43_wl * wl,const char * fmt,...)405 void b43dbg(struct b43_wl *wl, const char *fmt, ...)
406 {
407 struct va_format vaf;
408 va_list args;
409
410 if (b43_modparam_verbose < B43_VERBOSITY_DEBUG)
411 return;
412
413 va_start(args, fmt);
414
415 vaf.fmt = fmt;
416 vaf.va = &args;
417
418 printk(KERN_DEBUG "b43-%s debug: %pV",
419 (wl && wl->hw) ? wiphy_name(wl->hw->wiphy) : "wlan", &vaf);
420
421 va_end(args);
422 }
423
b43_ram_write(struct b43_wldev * dev,u16 offset,u32 val)424 static void b43_ram_write(struct b43_wldev *dev, u16 offset, u32 val)
425 {
426 u32 macctl;
427
428 B43_WARN_ON(offset % 4 != 0);
429
430 macctl = b43_read32(dev, B43_MMIO_MACCTL);
431 if (macctl & B43_MACCTL_BE)
432 val = swab32(val);
433
434 b43_write32(dev, B43_MMIO_RAM_CONTROL, offset);
435 mmiowb();
436 b43_write32(dev, B43_MMIO_RAM_DATA, val);
437 }
438
b43_shm_control_word(struct b43_wldev * dev,u16 routing,u16 offset)439 static inline void b43_shm_control_word(struct b43_wldev *dev,
440 u16 routing, u16 offset)
441 {
442 u32 control;
443
444 /* "offset" is the WORD offset. */
445 control = routing;
446 control <<= 16;
447 control |= offset;
448 b43_write32(dev, B43_MMIO_SHM_CONTROL, control);
449 }
450
b43_shm_read32(struct b43_wldev * dev,u16 routing,u16 offset)451 u32 b43_shm_read32(struct b43_wldev *dev, u16 routing, u16 offset)
452 {
453 u32 ret;
454
455 if (routing == B43_SHM_SHARED) {
456 B43_WARN_ON(offset & 0x0001);
457 if (offset & 0x0003) {
458 /* Unaligned access */
459 b43_shm_control_word(dev, routing, offset >> 2);
460 ret = b43_read16(dev, B43_MMIO_SHM_DATA_UNALIGNED);
461 b43_shm_control_word(dev, routing, (offset >> 2) + 1);
462 ret |= ((u32)b43_read16(dev, B43_MMIO_SHM_DATA)) << 16;
463
464 goto out;
465 }
466 offset >>= 2;
467 }
468 b43_shm_control_word(dev, routing, offset);
469 ret = b43_read32(dev, B43_MMIO_SHM_DATA);
470 out:
471 return ret;
472 }
473
b43_shm_read16(struct b43_wldev * dev,u16 routing,u16 offset)474 u16 b43_shm_read16(struct b43_wldev *dev, u16 routing, u16 offset)
475 {
476 u16 ret;
477
478 if (routing == B43_SHM_SHARED) {
479 B43_WARN_ON(offset & 0x0001);
480 if (offset & 0x0003) {
481 /* Unaligned access */
482 b43_shm_control_word(dev, routing, offset >> 2);
483 ret = b43_read16(dev, B43_MMIO_SHM_DATA_UNALIGNED);
484
485 goto out;
486 }
487 offset >>= 2;
488 }
489 b43_shm_control_word(dev, routing, offset);
490 ret = b43_read16(dev, B43_MMIO_SHM_DATA);
491 out:
492 return ret;
493 }
494
b43_shm_write32(struct b43_wldev * dev,u16 routing,u16 offset,u32 value)495 void b43_shm_write32(struct b43_wldev *dev, u16 routing, u16 offset, u32 value)
496 {
497 if (routing == B43_SHM_SHARED) {
498 B43_WARN_ON(offset & 0x0001);
499 if (offset & 0x0003) {
500 /* Unaligned access */
501 b43_shm_control_word(dev, routing, offset >> 2);
502 b43_write16(dev, B43_MMIO_SHM_DATA_UNALIGNED,
503 value & 0xFFFF);
504 b43_shm_control_word(dev, routing, (offset >> 2) + 1);
505 b43_write16(dev, B43_MMIO_SHM_DATA,
506 (value >> 16) & 0xFFFF);
507 return;
508 }
509 offset >>= 2;
510 }
511 b43_shm_control_word(dev, routing, offset);
512 b43_write32(dev, B43_MMIO_SHM_DATA, value);
513 }
514
b43_shm_write16(struct b43_wldev * dev,u16 routing,u16 offset,u16 value)515 void b43_shm_write16(struct b43_wldev *dev, u16 routing, u16 offset, u16 value)
516 {
517 if (routing == B43_SHM_SHARED) {
518 B43_WARN_ON(offset & 0x0001);
519 if (offset & 0x0003) {
520 /* Unaligned access */
521 b43_shm_control_word(dev, routing, offset >> 2);
522 b43_write16(dev, B43_MMIO_SHM_DATA_UNALIGNED, value);
523 return;
524 }
525 offset >>= 2;
526 }
527 b43_shm_control_word(dev, routing, offset);
528 b43_write16(dev, B43_MMIO_SHM_DATA, value);
529 }
530
531 /* Read HostFlags */
b43_hf_read(struct b43_wldev * dev)532 u64 b43_hf_read(struct b43_wldev *dev)
533 {
534 u64 ret;
535
536 ret = b43_shm_read16(dev, B43_SHM_SHARED, B43_SHM_SH_HOSTF3);
537 ret <<= 16;
538 ret |= b43_shm_read16(dev, B43_SHM_SHARED, B43_SHM_SH_HOSTF2);
539 ret <<= 16;
540 ret |= b43_shm_read16(dev, B43_SHM_SHARED, B43_SHM_SH_HOSTF1);
541
542 return ret;
543 }
544
545 /* Write HostFlags */
b43_hf_write(struct b43_wldev * dev,u64 value)546 void b43_hf_write(struct b43_wldev *dev, u64 value)
547 {
548 u16 lo, mi, hi;
549
550 lo = (value & 0x00000000FFFFULL);
551 mi = (value & 0x0000FFFF0000ULL) >> 16;
552 hi = (value & 0xFFFF00000000ULL) >> 32;
553 b43_shm_write16(dev, B43_SHM_SHARED, B43_SHM_SH_HOSTF1, lo);
554 b43_shm_write16(dev, B43_SHM_SHARED, B43_SHM_SH_HOSTF2, mi);
555 b43_shm_write16(dev, B43_SHM_SHARED, B43_SHM_SH_HOSTF3, hi);
556 }
557
558 /* Read the firmware capabilities bitmask (Opensource firmware only) */
b43_fwcapa_read(struct b43_wldev * dev)559 static u16 b43_fwcapa_read(struct b43_wldev *dev)
560 {
561 B43_WARN_ON(!dev->fw.opensource);
562 return b43_shm_read16(dev, B43_SHM_SHARED, B43_SHM_SH_FWCAPA);
563 }
564
b43_tsf_read(struct b43_wldev * dev,u64 * tsf)565 void b43_tsf_read(struct b43_wldev *dev, u64 *tsf)
566 {
567 u32 low, high;
568
569 B43_WARN_ON(dev->dev->core_rev < 3);
570
571 /* The hardware guarantees us an atomic read, if we
572 * read the low register first. */
573 low = b43_read32(dev, B43_MMIO_REV3PLUS_TSF_LOW);
574 high = b43_read32(dev, B43_MMIO_REV3PLUS_TSF_HIGH);
575
576 *tsf = high;
577 *tsf <<= 32;
578 *tsf |= low;
579 }
580
b43_time_lock(struct b43_wldev * dev)581 static void b43_time_lock(struct b43_wldev *dev)
582 {
583 b43_maskset32(dev, B43_MMIO_MACCTL, ~0, B43_MACCTL_TBTTHOLD);
584 /* Commit the write */
585 b43_read32(dev, B43_MMIO_MACCTL);
586 }
587
b43_time_unlock(struct b43_wldev * dev)588 static void b43_time_unlock(struct b43_wldev *dev)
589 {
590 b43_maskset32(dev, B43_MMIO_MACCTL, ~B43_MACCTL_TBTTHOLD, 0);
591 /* Commit the write */
592 b43_read32(dev, B43_MMIO_MACCTL);
593 }
594
b43_tsf_write_locked(struct b43_wldev * dev,u64 tsf)595 static void b43_tsf_write_locked(struct b43_wldev *dev, u64 tsf)
596 {
597 u32 low, high;
598
599 B43_WARN_ON(dev->dev->core_rev < 3);
600
601 low = tsf;
602 high = (tsf >> 32);
603 /* The hardware guarantees us an atomic write, if we
604 * write the low register first. */
605 b43_write32(dev, B43_MMIO_REV3PLUS_TSF_LOW, low);
606 mmiowb();
607 b43_write32(dev, B43_MMIO_REV3PLUS_TSF_HIGH, high);
608 mmiowb();
609 }
610
b43_tsf_write(struct b43_wldev * dev,u64 tsf)611 void b43_tsf_write(struct b43_wldev *dev, u64 tsf)
612 {
613 b43_time_lock(dev);
614 b43_tsf_write_locked(dev, tsf);
615 b43_time_unlock(dev);
616 }
617
618 static
b43_macfilter_set(struct b43_wldev * dev,u16 offset,const u8 * mac)619 void b43_macfilter_set(struct b43_wldev *dev, u16 offset, const u8 *mac)
620 {
621 static const u8 zero_addr[ETH_ALEN] = { 0 };
622 u16 data;
623
624 if (!mac)
625 mac = zero_addr;
626
627 offset |= 0x0020;
628 b43_write16(dev, B43_MMIO_MACFILTER_CONTROL, offset);
629
630 data = mac[0];
631 data |= mac[1] << 8;
632 b43_write16(dev, B43_MMIO_MACFILTER_DATA, data);
633 data = mac[2];
634 data |= mac[3] << 8;
635 b43_write16(dev, B43_MMIO_MACFILTER_DATA, data);
636 data = mac[4];
637 data |= mac[5] << 8;
638 b43_write16(dev, B43_MMIO_MACFILTER_DATA, data);
639 }
640
b43_write_mac_bssid_templates(struct b43_wldev * dev)641 static void b43_write_mac_bssid_templates(struct b43_wldev *dev)
642 {
643 const u8 *mac;
644 const u8 *bssid;
645 u8 mac_bssid[ETH_ALEN * 2];
646 int i;
647 u32 tmp;
648
649 bssid = dev->wl->bssid;
650 mac = dev->wl->mac_addr;
651
652 b43_macfilter_set(dev, B43_MACFILTER_BSSID, bssid);
653
654 memcpy(mac_bssid, mac, ETH_ALEN);
655 memcpy(mac_bssid + ETH_ALEN, bssid, ETH_ALEN);
656
657 /* Write our MAC address and BSSID to template ram */
658 for (i = 0; i < ARRAY_SIZE(mac_bssid); i += sizeof(u32)) {
659 tmp = (u32) (mac_bssid[i + 0]);
660 tmp |= (u32) (mac_bssid[i + 1]) << 8;
661 tmp |= (u32) (mac_bssid[i + 2]) << 16;
662 tmp |= (u32) (mac_bssid[i + 3]) << 24;
663 b43_ram_write(dev, 0x20 + i, tmp);
664 }
665 }
666
b43_upload_card_macaddress(struct b43_wldev * dev)667 static void b43_upload_card_macaddress(struct b43_wldev *dev)
668 {
669 b43_write_mac_bssid_templates(dev);
670 b43_macfilter_set(dev, B43_MACFILTER_SELF, dev->wl->mac_addr);
671 }
672
b43_set_slot_time(struct b43_wldev * dev,u16 slot_time)673 static void b43_set_slot_time(struct b43_wldev *dev, u16 slot_time)
674 {
675 /* slot_time is in usec. */
676 /* This test used to exit for all but a G PHY. */
677 if (b43_current_band(dev->wl) == IEEE80211_BAND_5GHZ)
678 return;
679 b43_write16(dev, B43_MMIO_IFSSLOT, 510 + slot_time);
680 /* Shared memory location 0x0010 is the slot time and should be
681 * set to slot_time; however, this register is initially 0 and changing
682 * the value adversely affects the transmit rate for BCM4311
683 * devices. Until this behavior is unterstood, delete this step
684 *
685 * b43_shm_write16(dev, B43_SHM_SHARED, 0x0010, slot_time);
686 */
687 }
688
b43_short_slot_timing_enable(struct b43_wldev * dev)689 static void b43_short_slot_timing_enable(struct b43_wldev *dev)
690 {
691 b43_set_slot_time(dev, 9);
692 }
693
b43_short_slot_timing_disable(struct b43_wldev * dev)694 static void b43_short_slot_timing_disable(struct b43_wldev *dev)
695 {
696 b43_set_slot_time(dev, 20);
697 }
698
699 /* DummyTransmission function, as documented on
700 * http://bcm-v4.sipsolutions.net/802.11/DummyTransmission
701 */
b43_dummy_transmission(struct b43_wldev * dev,bool ofdm,bool pa_on)702 void b43_dummy_transmission(struct b43_wldev *dev, bool ofdm, bool pa_on)
703 {
704 struct b43_phy *phy = &dev->phy;
705 unsigned int i, max_loop;
706 u16 value;
707 u32 buffer[5] = {
708 0x00000000,
709 0x00D40000,
710 0x00000000,
711 0x01000000,
712 0x00000000,
713 };
714
715 if (ofdm) {
716 max_loop = 0x1E;
717 buffer[0] = 0x000201CC;
718 } else {
719 max_loop = 0xFA;
720 buffer[0] = 0x000B846E;
721 }
722
723 for (i = 0; i < 5; i++)
724 b43_ram_write(dev, i * 4, buffer[i]);
725
726 b43_write16(dev, B43_MMIO_XMTSEL, 0x0000);
727
728 if (dev->dev->core_rev < 11)
729 b43_write16(dev, B43_MMIO_WEPCTL, 0x0000);
730 else
731 b43_write16(dev, B43_MMIO_WEPCTL, 0x0100);
732
733 value = (ofdm ? 0x41 : 0x40);
734 b43_write16(dev, B43_MMIO_TXE0_PHYCTL, value);
735 if (phy->type == B43_PHYTYPE_N || phy->type == B43_PHYTYPE_LP ||
736 phy->type == B43_PHYTYPE_LCN)
737 b43_write16(dev, B43_MMIO_TXE0_PHYCTL1, 0x1A02);
738
739 b43_write16(dev, B43_MMIO_TXE0_WM_0, 0x0000);
740 b43_write16(dev, B43_MMIO_TXE0_WM_1, 0x0000);
741
742 b43_write16(dev, B43_MMIO_XMTTPLATETXPTR, 0x0000);
743 b43_write16(dev, B43_MMIO_XMTTXCNT, 0x0014);
744 b43_write16(dev, B43_MMIO_XMTSEL, 0x0826);
745 b43_write16(dev, B43_MMIO_TXE0_CTL, 0x0000);
746
747 if (!pa_on && phy->type == B43_PHYTYPE_N)
748 ; /*b43_nphy_pa_override(dev, false) */
749
750 switch (phy->type) {
751 case B43_PHYTYPE_N:
752 case B43_PHYTYPE_LCN:
753 b43_write16(dev, B43_MMIO_TXE0_AUX, 0x00D0);
754 break;
755 case B43_PHYTYPE_LP:
756 b43_write16(dev, B43_MMIO_TXE0_AUX, 0x0050);
757 break;
758 default:
759 b43_write16(dev, B43_MMIO_TXE0_AUX, 0x0030);
760 }
761 b43_read16(dev, B43_MMIO_TXE0_AUX);
762
763 if (phy->radio_ver == 0x2050 && phy->radio_rev <= 0x5)
764 b43_radio_write16(dev, 0x0051, 0x0017);
765 for (i = 0x00; i < max_loop; i++) {
766 value = b43_read16(dev, B43_MMIO_TXE0_STATUS);
767 if (value & 0x0080)
768 break;
769 udelay(10);
770 }
771 for (i = 0x00; i < 0x0A; i++) {
772 value = b43_read16(dev, B43_MMIO_TXE0_STATUS);
773 if (value & 0x0400)
774 break;
775 udelay(10);
776 }
777 for (i = 0x00; i < 0x19; i++) {
778 value = b43_read16(dev, B43_MMIO_IFSSTAT);
779 if (!(value & 0x0100))
780 break;
781 udelay(10);
782 }
783 if (phy->radio_ver == 0x2050 && phy->radio_rev <= 0x5)
784 b43_radio_write16(dev, 0x0051, 0x0037);
785 }
786
key_write(struct b43_wldev * dev,u8 index,u8 algorithm,const u8 * key)787 static void key_write(struct b43_wldev *dev,
788 u8 index, u8 algorithm, const u8 *key)
789 {
790 unsigned int i;
791 u32 offset;
792 u16 value;
793 u16 kidx;
794
795 /* Key index/algo block */
796 kidx = b43_kidx_to_fw(dev, index);
797 value = ((kidx << 4) | algorithm);
798 b43_shm_write16(dev, B43_SHM_SHARED,
799 B43_SHM_SH_KEYIDXBLOCK + (kidx * 2), value);
800
801 /* Write the key to the Key Table Pointer offset */
802 offset = dev->ktp + (index * B43_SEC_KEYSIZE);
803 for (i = 0; i < B43_SEC_KEYSIZE; i += 2) {
804 value = key[i];
805 value |= (u16) (key[i + 1]) << 8;
806 b43_shm_write16(dev, B43_SHM_SHARED, offset + i, value);
807 }
808 }
809
keymac_write(struct b43_wldev * dev,u8 index,const u8 * addr)810 static void keymac_write(struct b43_wldev *dev, u8 index, const u8 *addr)
811 {
812 u32 addrtmp[2] = { 0, 0, };
813 u8 pairwise_keys_start = B43_NR_GROUP_KEYS * 2;
814
815 if (b43_new_kidx_api(dev))
816 pairwise_keys_start = B43_NR_GROUP_KEYS;
817
818 B43_WARN_ON(index < pairwise_keys_start);
819 /* We have four default TX keys and possibly four default RX keys.
820 * Physical mac 0 is mapped to physical key 4 or 8, depending
821 * on the firmware version.
822 * So we must adjust the index here.
823 */
824 index -= pairwise_keys_start;
825 B43_WARN_ON(index >= B43_NR_PAIRWISE_KEYS);
826
827 if (addr) {
828 addrtmp[0] = addr[0];
829 addrtmp[0] |= ((u32) (addr[1]) << 8);
830 addrtmp[0] |= ((u32) (addr[2]) << 16);
831 addrtmp[0] |= ((u32) (addr[3]) << 24);
832 addrtmp[1] = addr[4];
833 addrtmp[1] |= ((u32) (addr[5]) << 8);
834 }
835
836 /* Receive match transmitter address (RCMTA) mechanism */
837 b43_shm_write32(dev, B43_SHM_RCMTA,
838 (index * 2) + 0, addrtmp[0]);
839 b43_shm_write16(dev, B43_SHM_RCMTA,
840 (index * 2) + 1, addrtmp[1]);
841 }
842
843 /* The ucode will use phase1 key with TEK key to decrypt rx packets.
844 * When a packet is received, the iv32 is checked.
845 * - if it doesn't the packet is returned without modification (and software
846 * decryption can be done). That's what happen when iv16 wrap.
847 * - if it does, the rc4 key is computed, and decryption is tried.
848 * Either it will success and B43_RX_MAC_DEC is returned,
849 * either it fails and B43_RX_MAC_DEC|B43_RX_MAC_DECERR is returned
850 * and the packet is not usable (it got modified by the ucode).
851 * So in order to never have B43_RX_MAC_DECERR, we should provide
852 * a iv32 and phase1key that match. Because we drop packets in case of
853 * B43_RX_MAC_DECERR, if we have a correct iv32 but a wrong phase1key, all
854 * packets will be lost without higher layer knowing (ie no resync possible
855 * until next wrap).
856 *
857 * NOTE : this should support 50 key like RCMTA because
858 * (B43_SHM_SH_KEYIDXBLOCK - B43_SHM_SH_TKIPTSCTTAK)/14 = 50
859 */
rx_tkip_phase1_write(struct b43_wldev * dev,u8 index,u32 iv32,u16 * phase1key)860 static void rx_tkip_phase1_write(struct b43_wldev *dev, u8 index, u32 iv32,
861 u16 *phase1key)
862 {
863 unsigned int i;
864 u32 offset;
865 u8 pairwise_keys_start = B43_NR_GROUP_KEYS * 2;
866
867 if (!modparam_hwtkip)
868 return;
869
870 if (b43_new_kidx_api(dev))
871 pairwise_keys_start = B43_NR_GROUP_KEYS;
872
873 B43_WARN_ON(index < pairwise_keys_start);
874 /* We have four default TX keys and possibly four default RX keys.
875 * Physical mac 0 is mapped to physical key 4 or 8, depending
876 * on the firmware version.
877 * So we must adjust the index here.
878 */
879 index -= pairwise_keys_start;
880 B43_WARN_ON(index >= B43_NR_PAIRWISE_KEYS);
881
882 if (b43_debug(dev, B43_DBG_KEYS)) {
883 b43dbg(dev->wl, "rx_tkip_phase1_write : idx 0x%x, iv32 0x%x\n",
884 index, iv32);
885 }
886 /* Write the key to the RX tkip shared mem */
887 offset = B43_SHM_SH_TKIPTSCTTAK + index * (10 + 4);
888 for (i = 0; i < 10; i += 2) {
889 b43_shm_write16(dev, B43_SHM_SHARED, offset + i,
890 phase1key ? phase1key[i / 2] : 0);
891 }
892 b43_shm_write16(dev, B43_SHM_SHARED, offset + i, iv32);
893 b43_shm_write16(dev, B43_SHM_SHARED, offset + i + 2, iv32 >> 16);
894 }
895
b43_op_update_tkip_key(struct ieee80211_hw * hw,struct ieee80211_vif * vif,struct ieee80211_key_conf * keyconf,struct ieee80211_sta * sta,u32 iv32,u16 * phase1key)896 static void b43_op_update_tkip_key(struct ieee80211_hw *hw,
897 struct ieee80211_vif *vif,
898 struct ieee80211_key_conf *keyconf,
899 struct ieee80211_sta *sta,
900 u32 iv32, u16 *phase1key)
901 {
902 struct b43_wl *wl = hw_to_b43_wl(hw);
903 struct b43_wldev *dev;
904 int index = keyconf->hw_key_idx;
905
906 if (B43_WARN_ON(!modparam_hwtkip))
907 return;
908
909 /* This is only called from the RX path through mac80211, where
910 * our mutex is already locked. */
911 B43_WARN_ON(!mutex_is_locked(&wl->mutex));
912 dev = wl->current_dev;
913 B43_WARN_ON(!dev || b43_status(dev) < B43_STAT_INITIALIZED);
914
915 keymac_write(dev, index, NULL); /* First zero out mac to avoid race */
916
917 rx_tkip_phase1_write(dev, index, iv32, phase1key);
918 /* only pairwise TKIP keys are supported right now */
919 if (WARN_ON(!sta))
920 return;
921 keymac_write(dev, index, sta->addr);
922 }
923
do_key_write(struct b43_wldev * dev,u8 index,u8 algorithm,const u8 * key,size_t key_len,const u8 * mac_addr)924 static void do_key_write(struct b43_wldev *dev,
925 u8 index, u8 algorithm,
926 const u8 *key, size_t key_len, const u8 *mac_addr)
927 {
928 u8 buf[B43_SEC_KEYSIZE] = { 0, };
929 u8 pairwise_keys_start = B43_NR_GROUP_KEYS * 2;
930
931 if (b43_new_kidx_api(dev))
932 pairwise_keys_start = B43_NR_GROUP_KEYS;
933
934 B43_WARN_ON(index >= ARRAY_SIZE(dev->key));
935 B43_WARN_ON(key_len > B43_SEC_KEYSIZE);
936
937 if (index >= pairwise_keys_start)
938 keymac_write(dev, index, NULL); /* First zero out mac. */
939 if (algorithm == B43_SEC_ALGO_TKIP) {
940 /*
941 * We should provide an initial iv32, phase1key pair.
942 * We could start with iv32=0 and compute the corresponding
943 * phase1key, but this means calling ieee80211_get_tkip_key
944 * with a fake skb (or export other tkip function).
945 * Because we are lazy we hope iv32 won't start with
946 * 0xffffffff and let's b43_op_update_tkip_key provide a
947 * correct pair.
948 */
949 rx_tkip_phase1_write(dev, index, 0xffffffff, (u16*)buf);
950 } else if (index >= pairwise_keys_start) /* clear it */
951 rx_tkip_phase1_write(dev, index, 0, NULL);
952 if (key)
953 memcpy(buf, key, key_len);
954 key_write(dev, index, algorithm, buf);
955 if (index >= pairwise_keys_start)
956 keymac_write(dev, index, mac_addr);
957
958 dev->key[index].algorithm = algorithm;
959 }
960
b43_key_write(struct b43_wldev * dev,int index,u8 algorithm,const u8 * key,size_t key_len,const u8 * mac_addr,struct ieee80211_key_conf * keyconf)961 static int b43_key_write(struct b43_wldev *dev,
962 int index, u8 algorithm,
963 const u8 *key, size_t key_len,
964 const u8 *mac_addr,
965 struct ieee80211_key_conf *keyconf)
966 {
967 int i;
968 int pairwise_keys_start;
969
970 /* For ALG_TKIP the key is encoded as a 256-bit (32 byte) data block:
971 * - Temporal Encryption Key (128 bits)
972 * - Temporal Authenticator Tx MIC Key (64 bits)
973 * - Temporal Authenticator Rx MIC Key (64 bits)
974 *
975 * Hardware only store TEK
976 */
977 if (algorithm == B43_SEC_ALGO_TKIP && key_len == 32)
978 key_len = 16;
979 if (key_len > B43_SEC_KEYSIZE)
980 return -EINVAL;
981 for (i = 0; i < ARRAY_SIZE(dev->key); i++) {
982 /* Check that we don't already have this key. */
983 B43_WARN_ON(dev->key[i].keyconf == keyconf);
984 }
985 if (index < 0) {
986 /* Pairwise key. Get an empty slot for the key. */
987 if (b43_new_kidx_api(dev))
988 pairwise_keys_start = B43_NR_GROUP_KEYS;
989 else
990 pairwise_keys_start = B43_NR_GROUP_KEYS * 2;
991 for (i = pairwise_keys_start;
992 i < pairwise_keys_start + B43_NR_PAIRWISE_KEYS;
993 i++) {
994 B43_WARN_ON(i >= ARRAY_SIZE(dev->key));
995 if (!dev->key[i].keyconf) {
996 /* found empty */
997 index = i;
998 break;
999 }
1000 }
1001 if (index < 0) {
1002 b43warn(dev->wl, "Out of hardware key memory\n");
1003 return -ENOSPC;
1004 }
1005 } else
1006 B43_WARN_ON(index > 3);
1007
1008 do_key_write(dev, index, algorithm, key, key_len, mac_addr);
1009 if ((index <= 3) && !b43_new_kidx_api(dev)) {
1010 /* Default RX key */
1011 B43_WARN_ON(mac_addr);
1012 do_key_write(dev, index + 4, algorithm, key, key_len, NULL);
1013 }
1014 keyconf->hw_key_idx = index;
1015 dev->key[index].keyconf = keyconf;
1016
1017 return 0;
1018 }
1019
b43_key_clear(struct b43_wldev * dev,int index)1020 static int b43_key_clear(struct b43_wldev *dev, int index)
1021 {
1022 if (B43_WARN_ON((index < 0) || (index >= ARRAY_SIZE(dev->key))))
1023 return -EINVAL;
1024 do_key_write(dev, index, B43_SEC_ALGO_NONE,
1025 NULL, B43_SEC_KEYSIZE, NULL);
1026 if ((index <= 3) && !b43_new_kidx_api(dev)) {
1027 do_key_write(dev, index + 4, B43_SEC_ALGO_NONE,
1028 NULL, B43_SEC_KEYSIZE, NULL);
1029 }
1030 dev->key[index].keyconf = NULL;
1031
1032 return 0;
1033 }
1034
b43_clear_keys(struct b43_wldev * dev)1035 static void b43_clear_keys(struct b43_wldev *dev)
1036 {
1037 int i, count;
1038
1039 if (b43_new_kidx_api(dev))
1040 count = B43_NR_GROUP_KEYS + B43_NR_PAIRWISE_KEYS;
1041 else
1042 count = B43_NR_GROUP_KEYS * 2 + B43_NR_PAIRWISE_KEYS;
1043 for (i = 0; i < count; i++)
1044 b43_key_clear(dev, i);
1045 }
1046
b43_dump_keymemory(struct b43_wldev * dev)1047 static void b43_dump_keymemory(struct b43_wldev *dev)
1048 {
1049 unsigned int i, index, count, offset, pairwise_keys_start;
1050 u8 mac[ETH_ALEN];
1051 u16 algo;
1052 u32 rcmta0;
1053 u16 rcmta1;
1054 u64 hf;
1055 struct b43_key *key;
1056
1057 if (!b43_debug(dev, B43_DBG_KEYS))
1058 return;
1059
1060 hf = b43_hf_read(dev);
1061 b43dbg(dev->wl, "Hardware key memory dump: USEDEFKEYS=%u\n",
1062 !!(hf & B43_HF_USEDEFKEYS));
1063 if (b43_new_kidx_api(dev)) {
1064 pairwise_keys_start = B43_NR_GROUP_KEYS;
1065 count = B43_NR_GROUP_KEYS + B43_NR_PAIRWISE_KEYS;
1066 } else {
1067 pairwise_keys_start = B43_NR_GROUP_KEYS * 2;
1068 count = B43_NR_GROUP_KEYS * 2 + B43_NR_PAIRWISE_KEYS;
1069 }
1070 for (index = 0; index < count; index++) {
1071 key = &(dev->key[index]);
1072 printk(KERN_DEBUG "Key slot %02u: %s",
1073 index, (key->keyconf == NULL) ? " " : "*");
1074 offset = dev->ktp + (index * B43_SEC_KEYSIZE);
1075 for (i = 0; i < B43_SEC_KEYSIZE; i += 2) {
1076 u16 tmp = b43_shm_read16(dev, B43_SHM_SHARED, offset + i);
1077 printk("%02X%02X", (tmp & 0xFF), ((tmp >> 8) & 0xFF));
1078 }
1079
1080 algo = b43_shm_read16(dev, B43_SHM_SHARED,
1081 B43_SHM_SH_KEYIDXBLOCK + (index * 2));
1082 printk(" Algo: %04X/%02X", algo, key->algorithm);
1083
1084 if (index >= pairwise_keys_start) {
1085 if (key->algorithm == B43_SEC_ALGO_TKIP) {
1086 printk(" TKIP: ");
1087 offset = B43_SHM_SH_TKIPTSCTTAK + (index - 4) * (10 + 4);
1088 for (i = 0; i < 14; i += 2) {
1089 u16 tmp = b43_shm_read16(dev, B43_SHM_SHARED, offset + i);
1090 printk("%02X%02X", (tmp & 0xFF), ((tmp >> 8) & 0xFF));
1091 }
1092 }
1093 rcmta0 = b43_shm_read32(dev, B43_SHM_RCMTA,
1094 ((index - pairwise_keys_start) * 2) + 0);
1095 rcmta1 = b43_shm_read16(dev, B43_SHM_RCMTA,
1096 ((index - pairwise_keys_start) * 2) + 1);
1097 *((__le32 *)(&mac[0])) = cpu_to_le32(rcmta0);
1098 *((__le16 *)(&mac[4])) = cpu_to_le16(rcmta1);
1099 printk(" MAC: %pM", mac);
1100 } else
1101 printk(" DEFAULT KEY");
1102 printk("\n");
1103 }
1104 }
1105
b43_power_saving_ctl_bits(struct b43_wldev * dev,unsigned int ps_flags)1106 void b43_power_saving_ctl_bits(struct b43_wldev *dev, unsigned int ps_flags)
1107 {
1108 u32 macctl;
1109 u16 ucstat;
1110 bool hwps;
1111 bool awake;
1112 int i;
1113
1114 B43_WARN_ON((ps_flags & B43_PS_ENABLED) &&
1115 (ps_flags & B43_PS_DISABLED));
1116 B43_WARN_ON((ps_flags & B43_PS_AWAKE) && (ps_flags & B43_PS_ASLEEP));
1117
1118 if (ps_flags & B43_PS_ENABLED) {
1119 hwps = true;
1120 } else if (ps_flags & B43_PS_DISABLED) {
1121 hwps = false;
1122 } else {
1123 //TODO: If powersave is not off and FIXME is not set and we are not in adhoc
1124 // and thus is not an AP and we are associated, set bit 25
1125 }
1126 if (ps_flags & B43_PS_AWAKE) {
1127 awake = true;
1128 } else if (ps_flags & B43_PS_ASLEEP) {
1129 awake = false;
1130 } else {
1131 //TODO: If the device is awake or this is an AP, or we are scanning, or FIXME,
1132 // or we are associated, or FIXME, or the latest PS-Poll packet sent was
1133 // successful, set bit26
1134 }
1135
1136 /* FIXME: For now we force awake-on and hwps-off */
1137 hwps = false;
1138 awake = true;
1139
1140 macctl = b43_read32(dev, B43_MMIO_MACCTL);
1141 if (hwps)
1142 macctl |= B43_MACCTL_HWPS;
1143 else
1144 macctl &= ~B43_MACCTL_HWPS;
1145 if (awake)
1146 macctl |= B43_MACCTL_AWAKE;
1147 else
1148 macctl &= ~B43_MACCTL_AWAKE;
1149 b43_write32(dev, B43_MMIO_MACCTL, macctl);
1150 /* Commit write */
1151 b43_read32(dev, B43_MMIO_MACCTL);
1152 if (awake && dev->dev->core_rev >= 5) {
1153 /* Wait for the microcode to wake up. */
1154 for (i = 0; i < 100; i++) {
1155 ucstat = b43_shm_read16(dev, B43_SHM_SHARED,
1156 B43_SHM_SH_UCODESTAT);
1157 if (ucstat != B43_SHM_SH_UCODESTAT_SLEEP)
1158 break;
1159 udelay(10);
1160 }
1161 }
1162 }
1163
1164 #ifdef CONFIG_B43_BCMA
b43_bcma_phy_reset(struct b43_wldev * dev)1165 static void b43_bcma_phy_reset(struct b43_wldev *dev)
1166 {
1167 u32 flags;
1168
1169 /* Put PHY into reset */
1170 flags = bcma_aread32(dev->dev->bdev, BCMA_IOCTL);
1171 flags |= B43_BCMA_IOCTL_PHY_RESET;
1172 flags |= B43_BCMA_IOCTL_PHY_BW_20MHZ; /* Make 20 MHz def */
1173 bcma_awrite32(dev->dev->bdev, BCMA_IOCTL, flags);
1174 udelay(2);
1175
1176 /* Take PHY out of reset */
1177 flags = bcma_aread32(dev->dev->bdev, BCMA_IOCTL);
1178 flags &= ~B43_BCMA_IOCTL_PHY_RESET;
1179 flags |= BCMA_IOCTL_FGC;
1180 bcma_awrite32(dev->dev->bdev, BCMA_IOCTL, flags);
1181 udelay(1);
1182
1183 /* Do not force clock anymore */
1184 flags = bcma_aread32(dev->dev->bdev, BCMA_IOCTL);
1185 flags &= ~BCMA_IOCTL_FGC;
1186 bcma_awrite32(dev->dev->bdev, BCMA_IOCTL, flags);
1187 udelay(1);
1188 }
1189
b43_bcma_wireless_core_reset(struct b43_wldev * dev,bool gmode)1190 static void b43_bcma_wireless_core_reset(struct b43_wldev *dev, bool gmode)
1191 {
1192 u32 req = B43_BCMA_CLKCTLST_80211_PLL_REQ |
1193 B43_BCMA_CLKCTLST_PHY_PLL_REQ;
1194 u32 status = B43_BCMA_CLKCTLST_80211_PLL_ST |
1195 B43_BCMA_CLKCTLST_PHY_PLL_ST;
1196
1197 b43_device_enable(dev, B43_BCMA_IOCTL_PHY_CLKEN);
1198 bcma_core_set_clockmode(dev->dev->bdev, BCMA_CLKMODE_FAST);
1199 b43_bcma_phy_reset(dev);
1200 bcma_core_pll_ctl(dev->dev->bdev, req, status, true);
1201 }
1202 #endif
1203
b43_ssb_wireless_core_reset(struct b43_wldev * dev,bool gmode)1204 static void b43_ssb_wireless_core_reset(struct b43_wldev *dev, bool gmode)
1205 {
1206 struct ssb_device *sdev = dev->dev->sdev;
1207 u32 tmslow;
1208 u32 flags = 0;
1209
1210 if (gmode)
1211 flags |= B43_TMSLOW_GMODE;
1212 flags |= B43_TMSLOW_PHYCLKEN;
1213 flags |= B43_TMSLOW_PHYRESET;
1214 if (dev->phy.type == B43_PHYTYPE_N)
1215 flags |= B43_TMSLOW_PHY_BANDWIDTH_20MHZ; /* Make 20 MHz def */
1216 b43_device_enable(dev, flags);
1217 msleep(2); /* Wait for the PLL to turn on. */
1218
1219 /* Now take the PHY out of Reset again */
1220 tmslow = ssb_read32(sdev, SSB_TMSLOW);
1221 tmslow |= SSB_TMSLOW_FGC;
1222 tmslow &= ~B43_TMSLOW_PHYRESET;
1223 ssb_write32(sdev, SSB_TMSLOW, tmslow);
1224 ssb_read32(sdev, SSB_TMSLOW); /* flush */
1225 msleep(1);
1226 tmslow &= ~SSB_TMSLOW_FGC;
1227 ssb_write32(sdev, SSB_TMSLOW, tmslow);
1228 ssb_read32(sdev, SSB_TMSLOW); /* flush */
1229 msleep(1);
1230 }
1231
b43_wireless_core_reset(struct b43_wldev * dev,bool gmode)1232 void b43_wireless_core_reset(struct b43_wldev *dev, bool gmode)
1233 {
1234 u32 macctl;
1235
1236 switch (dev->dev->bus_type) {
1237 #ifdef CONFIG_B43_BCMA
1238 case B43_BUS_BCMA:
1239 b43_bcma_wireless_core_reset(dev, gmode);
1240 break;
1241 #endif
1242 #ifdef CONFIG_B43_SSB
1243 case B43_BUS_SSB:
1244 b43_ssb_wireless_core_reset(dev, gmode);
1245 break;
1246 #endif
1247 }
1248
1249 /* Turn Analog ON, but only if we already know the PHY-type.
1250 * This protects against very early setup where we don't know the
1251 * PHY-type, yet. wireless_core_reset will be called once again later,
1252 * when we know the PHY-type. */
1253 if (dev->phy.ops)
1254 dev->phy.ops->switch_analog(dev, 1);
1255
1256 macctl = b43_read32(dev, B43_MMIO_MACCTL);
1257 macctl &= ~B43_MACCTL_GMODE;
1258 if (gmode)
1259 macctl |= B43_MACCTL_GMODE;
1260 macctl |= B43_MACCTL_IHR_ENABLED;
1261 b43_write32(dev, B43_MMIO_MACCTL, macctl);
1262 }
1263
handle_irq_transmit_status(struct b43_wldev * dev)1264 static void handle_irq_transmit_status(struct b43_wldev *dev)
1265 {
1266 u32 v0, v1;
1267 u16 tmp;
1268 struct b43_txstatus stat;
1269
1270 while (1) {
1271 v0 = b43_read32(dev, B43_MMIO_XMITSTAT_0);
1272 if (!(v0 & 0x00000001))
1273 break;
1274 v1 = b43_read32(dev, B43_MMIO_XMITSTAT_1);
1275
1276 stat.cookie = (v0 >> 16);
1277 stat.seq = (v1 & 0x0000FFFF);
1278 stat.phy_stat = ((v1 & 0x00FF0000) >> 16);
1279 tmp = (v0 & 0x0000FFFF);
1280 stat.frame_count = ((tmp & 0xF000) >> 12);
1281 stat.rts_count = ((tmp & 0x0F00) >> 8);
1282 stat.supp_reason = ((tmp & 0x001C) >> 2);
1283 stat.pm_indicated = !!(tmp & 0x0080);
1284 stat.intermediate = !!(tmp & 0x0040);
1285 stat.for_ampdu = !!(tmp & 0x0020);
1286 stat.acked = !!(tmp & 0x0002);
1287
1288 b43_handle_txstatus(dev, &stat);
1289 }
1290 }
1291
drain_txstatus_queue(struct b43_wldev * dev)1292 static void drain_txstatus_queue(struct b43_wldev *dev)
1293 {
1294 u32 dummy;
1295
1296 if (dev->dev->core_rev < 5)
1297 return;
1298 /* Read all entries from the microcode TXstatus FIFO
1299 * and throw them away.
1300 */
1301 while (1) {
1302 dummy = b43_read32(dev, B43_MMIO_XMITSTAT_0);
1303 if (!(dummy & 0x00000001))
1304 break;
1305 dummy = b43_read32(dev, B43_MMIO_XMITSTAT_1);
1306 }
1307 }
1308
b43_jssi_read(struct b43_wldev * dev)1309 static u32 b43_jssi_read(struct b43_wldev *dev)
1310 {
1311 u32 val = 0;
1312
1313 val = b43_shm_read16(dev, B43_SHM_SHARED, B43_SHM_SH_JSSI1);
1314 val <<= 16;
1315 val |= b43_shm_read16(dev, B43_SHM_SHARED, B43_SHM_SH_JSSI0);
1316
1317 return val;
1318 }
1319
b43_jssi_write(struct b43_wldev * dev,u32 jssi)1320 static void b43_jssi_write(struct b43_wldev *dev, u32 jssi)
1321 {
1322 b43_shm_write16(dev, B43_SHM_SHARED, B43_SHM_SH_JSSI0,
1323 (jssi & 0x0000FFFF));
1324 b43_shm_write16(dev, B43_SHM_SHARED, B43_SHM_SH_JSSI1,
1325 (jssi & 0xFFFF0000) >> 16);
1326 }
1327
b43_generate_noise_sample(struct b43_wldev * dev)1328 static void b43_generate_noise_sample(struct b43_wldev *dev)
1329 {
1330 b43_jssi_write(dev, 0x7F7F7F7F);
1331 b43_write32(dev, B43_MMIO_MACCMD,
1332 b43_read32(dev, B43_MMIO_MACCMD) | B43_MACCMD_BGNOISE);
1333 }
1334
b43_calculate_link_quality(struct b43_wldev * dev)1335 static void b43_calculate_link_quality(struct b43_wldev *dev)
1336 {
1337 /* Top half of Link Quality calculation. */
1338
1339 if (dev->phy.type != B43_PHYTYPE_G)
1340 return;
1341 if (dev->noisecalc.calculation_running)
1342 return;
1343 dev->noisecalc.calculation_running = true;
1344 dev->noisecalc.nr_samples = 0;
1345
1346 b43_generate_noise_sample(dev);
1347 }
1348
handle_irq_noise(struct b43_wldev * dev)1349 static void handle_irq_noise(struct b43_wldev *dev)
1350 {
1351 struct b43_phy_g *phy = dev->phy.g;
1352 u16 tmp;
1353 u8 noise[4];
1354 u8 i, j;
1355 s32 average;
1356
1357 /* Bottom half of Link Quality calculation. */
1358
1359 if (dev->phy.type != B43_PHYTYPE_G)
1360 return;
1361
1362 /* Possible race condition: It might be possible that the user
1363 * changed to a different channel in the meantime since we
1364 * started the calculation. We ignore that fact, since it's
1365 * not really that much of a problem. The background noise is
1366 * an estimation only anyway. Slightly wrong results will get damped
1367 * by the averaging of the 8 sample rounds. Additionally the
1368 * value is shortlived. So it will be replaced by the next noise
1369 * calculation round soon. */
1370
1371 B43_WARN_ON(!dev->noisecalc.calculation_running);
1372 *((__le32 *)noise) = cpu_to_le32(b43_jssi_read(dev));
1373 if (noise[0] == 0x7F || noise[1] == 0x7F ||
1374 noise[2] == 0x7F || noise[3] == 0x7F)
1375 goto generate_new;
1376
1377 /* Get the noise samples. */
1378 B43_WARN_ON(dev->noisecalc.nr_samples >= 8);
1379 i = dev->noisecalc.nr_samples;
1380 noise[0] = clamp_val(noise[0], 0, ARRAY_SIZE(phy->nrssi_lt) - 1);
1381 noise[1] = clamp_val(noise[1], 0, ARRAY_SIZE(phy->nrssi_lt) - 1);
1382 noise[2] = clamp_val(noise[2], 0, ARRAY_SIZE(phy->nrssi_lt) - 1);
1383 noise[3] = clamp_val(noise[3], 0, ARRAY_SIZE(phy->nrssi_lt) - 1);
1384 dev->noisecalc.samples[i][0] = phy->nrssi_lt[noise[0]];
1385 dev->noisecalc.samples[i][1] = phy->nrssi_lt[noise[1]];
1386 dev->noisecalc.samples[i][2] = phy->nrssi_lt[noise[2]];
1387 dev->noisecalc.samples[i][3] = phy->nrssi_lt[noise[3]];
1388 dev->noisecalc.nr_samples++;
1389 if (dev->noisecalc.nr_samples == 8) {
1390 /* Calculate the Link Quality by the noise samples. */
1391 average = 0;
1392 for (i = 0; i < 8; i++) {
1393 for (j = 0; j < 4; j++)
1394 average += dev->noisecalc.samples[i][j];
1395 }
1396 average /= (8 * 4);
1397 average *= 125;
1398 average += 64;
1399 average /= 128;
1400 tmp = b43_shm_read16(dev, B43_SHM_SHARED, 0x40C);
1401 tmp = (tmp / 128) & 0x1F;
1402 if (tmp >= 8)
1403 average += 2;
1404 else
1405 average -= 25;
1406 if (tmp == 8)
1407 average -= 72;
1408 else
1409 average -= 48;
1410
1411 dev->stats.link_noise = average;
1412 dev->noisecalc.calculation_running = false;
1413 return;
1414 }
1415 generate_new:
1416 b43_generate_noise_sample(dev);
1417 }
1418
handle_irq_tbtt_indication(struct b43_wldev * dev)1419 static void handle_irq_tbtt_indication(struct b43_wldev *dev)
1420 {
1421 if (b43_is_mode(dev->wl, NL80211_IFTYPE_AP)) {
1422 ///TODO: PS TBTT
1423 } else {
1424 if (1 /*FIXME: the last PSpoll frame was sent successfully */ )
1425 b43_power_saving_ctl_bits(dev, 0);
1426 }
1427 if (b43_is_mode(dev->wl, NL80211_IFTYPE_ADHOC))
1428 dev->dfq_valid = true;
1429 }
1430
handle_irq_atim_end(struct b43_wldev * dev)1431 static void handle_irq_atim_end(struct b43_wldev *dev)
1432 {
1433 if (dev->dfq_valid) {
1434 b43_write32(dev, B43_MMIO_MACCMD,
1435 b43_read32(dev, B43_MMIO_MACCMD)
1436 | B43_MACCMD_DFQ_VALID);
1437 dev->dfq_valid = false;
1438 }
1439 }
1440
handle_irq_pmq(struct b43_wldev * dev)1441 static void handle_irq_pmq(struct b43_wldev *dev)
1442 {
1443 u32 tmp;
1444
1445 //TODO: AP mode.
1446
1447 while (1) {
1448 tmp = b43_read32(dev, B43_MMIO_PS_STATUS);
1449 if (!(tmp & 0x00000008))
1450 break;
1451 }
1452 /* 16bit write is odd, but correct. */
1453 b43_write16(dev, B43_MMIO_PS_STATUS, 0x0002);
1454 }
1455
b43_write_template_common(struct b43_wldev * dev,const u8 * data,u16 size,u16 ram_offset,u16 shm_size_offset,u8 rate)1456 static void b43_write_template_common(struct b43_wldev *dev,
1457 const u8 *data, u16 size,
1458 u16 ram_offset,
1459 u16 shm_size_offset, u8 rate)
1460 {
1461 u32 i, tmp;
1462 struct b43_plcp_hdr4 plcp;
1463
1464 plcp.data = 0;
1465 b43_generate_plcp_hdr(&plcp, size + FCS_LEN, rate);
1466 b43_ram_write(dev, ram_offset, le32_to_cpu(plcp.data));
1467 ram_offset += sizeof(u32);
1468 /* The PLCP is 6 bytes long, but we only wrote 4 bytes, yet.
1469 * So leave the first two bytes of the next write blank.
1470 */
1471 tmp = (u32) (data[0]) << 16;
1472 tmp |= (u32) (data[1]) << 24;
1473 b43_ram_write(dev, ram_offset, tmp);
1474 ram_offset += sizeof(u32);
1475 for (i = 2; i < size; i += sizeof(u32)) {
1476 tmp = (u32) (data[i + 0]);
1477 if (i + 1 < size)
1478 tmp |= (u32) (data[i + 1]) << 8;
1479 if (i + 2 < size)
1480 tmp |= (u32) (data[i + 2]) << 16;
1481 if (i + 3 < size)
1482 tmp |= (u32) (data[i + 3]) << 24;
1483 b43_ram_write(dev, ram_offset + i - 2, tmp);
1484 }
1485 b43_shm_write16(dev, B43_SHM_SHARED, shm_size_offset,
1486 size + sizeof(struct b43_plcp_hdr6));
1487 }
1488
1489 /* Check if the use of the antenna that ieee80211 told us to
1490 * use is possible. This will fall back to DEFAULT.
1491 * "antenna_nr" is the antenna identifier we got from ieee80211. */
b43_ieee80211_antenna_sanitize(struct b43_wldev * dev,u8 antenna_nr)1492 u8 b43_ieee80211_antenna_sanitize(struct b43_wldev *dev,
1493 u8 antenna_nr)
1494 {
1495 u8 antenna_mask;
1496
1497 if (antenna_nr == 0) {
1498 /* Zero means "use default antenna". That's always OK. */
1499 return 0;
1500 }
1501
1502 /* Get the mask of available antennas. */
1503 if (dev->phy.gmode)
1504 antenna_mask = dev->dev->bus_sprom->ant_available_bg;
1505 else
1506 antenna_mask = dev->dev->bus_sprom->ant_available_a;
1507
1508 if (!(antenna_mask & (1 << (antenna_nr - 1)))) {
1509 /* This antenna is not available. Fall back to default. */
1510 return 0;
1511 }
1512
1513 return antenna_nr;
1514 }
1515
1516 /* Convert a b43 antenna number value to the PHY TX control value. */
b43_antenna_to_phyctl(int antenna)1517 static u16 b43_antenna_to_phyctl(int antenna)
1518 {
1519 switch (antenna) {
1520 case B43_ANTENNA0:
1521 return B43_TXH_PHY_ANT0;
1522 case B43_ANTENNA1:
1523 return B43_TXH_PHY_ANT1;
1524 case B43_ANTENNA2:
1525 return B43_TXH_PHY_ANT2;
1526 case B43_ANTENNA3:
1527 return B43_TXH_PHY_ANT3;
1528 case B43_ANTENNA_AUTO0:
1529 case B43_ANTENNA_AUTO1:
1530 return B43_TXH_PHY_ANT01AUTO;
1531 }
1532 B43_WARN_ON(1);
1533 return 0;
1534 }
1535
b43_write_beacon_template(struct b43_wldev * dev,u16 ram_offset,u16 shm_size_offset)1536 static void b43_write_beacon_template(struct b43_wldev *dev,
1537 u16 ram_offset,
1538 u16 shm_size_offset)
1539 {
1540 unsigned int i, len, variable_len;
1541 const struct ieee80211_mgmt *bcn;
1542 const u8 *ie;
1543 bool tim_found = false;
1544 unsigned int rate;
1545 u16 ctl;
1546 int antenna;
1547 struct ieee80211_tx_info *info = IEEE80211_SKB_CB(dev->wl->current_beacon);
1548
1549 bcn = (const struct ieee80211_mgmt *)(dev->wl->current_beacon->data);
1550 len = min((size_t) dev->wl->current_beacon->len,
1551 0x200 - sizeof(struct b43_plcp_hdr6));
1552 rate = ieee80211_get_tx_rate(dev->wl->hw, info)->hw_value;
1553
1554 b43_write_template_common(dev, (const u8 *)bcn,
1555 len, ram_offset, shm_size_offset, rate);
1556
1557 /* Write the PHY TX control parameters. */
1558 antenna = B43_ANTENNA_DEFAULT;
1559 antenna = b43_antenna_to_phyctl(antenna);
1560 ctl = b43_shm_read16(dev, B43_SHM_SHARED, B43_SHM_SH_BEACPHYCTL);
1561 /* We can't send beacons with short preamble. Would get PHY errors. */
1562 ctl &= ~B43_TXH_PHY_SHORTPRMBL;
1563 ctl &= ~B43_TXH_PHY_ANT;
1564 ctl &= ~B43_TXH_PHY_ENC;
1565 ctl |= antenna;
1566 if (b43_is_cck_rate(rate))
1567 ctl |= B43_TXH_PHY_ENC_CCK;
1568 else
1569 ctl |= B43_TXH_PHY_ENC_OFDM;
1570 b43_shm_write16(dev, B43_SHM_SHARED, B43_SHM_SH_BEACPHYCTL, ctl);
1571
1572 /* Find the position of the TIM and the DTIM_period value
1573 * and write them to SHM. */
1574 ie = bcn->u.beacon.variable;
1575 variable_len = len - offsetof(struct ieee80211_mgmt, u.beacon.variable);
1576 for (i = 0; i < variable_len - 2; ) {
1577 uint8_t ie_id, ie_len;
1578
1579 ie_id = ie[i];
1580 ie_len = ie[i + 1];
1581 if (ie_id == 5) {
1582 u16 tim_position;
1583 u16 dtim_period;
1584 /* This is the TIM Information Element */
1585
1586 /* Check whether the ie_len is in the beacon data range. */
1587 if (variable_len < ie_len + 2 + i)
1588 break;
1589 /* A valid TIM is at least 4 bytes long. */
1590 if (ie_len < 4)
1591 break;
1592 tim_found = true;
1593
1594 tim_position = sizeof(struct b43_plcp_hdr6);
1595 tim_position += offsetof(struct ieee80211_mgmt, u.beacon.variable);
1596 tim_position += i;
1597
1598 dtim_period = ie[i + 3];
1599
1600 b43_shm_write16(dev, B43_SHM_SHARED,
1601 B43_SHM_SH_TIMBPOS, tim_position);
1602 b43_shm_write16(dev, B43_SHM_SHARED,
1603 B43_SHM_SH_DTIMPER, dtim_period);
1604 break;
1605 }
1606 i += ie_len + 2;
1607 }
1608 if (!tim_found) {
1609 /*
1610 * If ucode wants to modify TIM do it behind the beacon, this
1611 * will happen, for example, when doing mesh networking.
1612 */
1613 b43_shm_write16(dev, B43_SHM_SHARED,
1614 B43_SHM_SH_TIMBPOS,
1615 len + sizeof(struct b43_plcp_hdr6));
1616 b43_shm_write16(dev, B43_SHM_SHARED,
1617 B43_SHM_SH_DTIMPER, 0);
1618 }
1619 b43dbg(dev->wl, "Updated beacon template at 0x%x\n", ram_offset);
1620 }
1621
b43_upload_beacon0(struct b43_wldev * dev)1622 static void b43_upload_beacon0(struct b43_wldev *dev)
1623 {
1624 struct b43_wl *wl = dev->wl;
1625
1626 if (wl->beacon0_uploaded)
1627 return;
1628 b43_write_beacon_template(dev, B43_SHM_SH_BT_BASE0, B43_SHM_SH_BTL0);
1629 wl->beacon0_uploaded = true;
1630 }
1631
b43_upload_beacon1(struct b43_wldev * dev)1632 static void b43_upload_beacon1(struct b43_wldev *dev)
1633 {
1634 struct b43_wl *wl = dev->wl;
1635
1636 if (wl->beacon1_uploaded)
1637 return;
1638 b43_write_beacon_template(dev, B43_SHM_SH_BT_BASE1, B43_SHM_SH_BTL1);
1639 wl->beacon1_uploaded = true;
1640 }
1641
handle_irq_beacon(struct b43_wldev * dev)1642 static void handle_irq_beacon(struct b43_wldev *dev)
1643 {
1644 struct b43_wl *wl = dev->wl;
1645 u32 cmd, beacon0_valid, beacon1_valid;
1646
1647 if (!b43_is_mode(wl, NL80211_IFTYPE_AP) &&
1648 !b43_is_mode(wl, NL80211_IFTYPE_MESH_POINT) &&
1649 !b43_is_mode(wl, NL80211_IFTYPE_ADHOC))
1650 return;
1651
1652 /* This is the bottom half of the asynchronous beacon update. */
1653
1654 /* Ignore interrupt in the future. */
1655 dev->irq_mask &= ~B43_IRQ_BEACON;
1656
1657 cmd = b43_read32(dev, B43_MMIO_MACCMD);
1658 beacon0_valid = (cmd & B43_MACCMD_BEACON0_VALID);
1659 beacon1_valid = (cmd & B43_MACCMD_BEACON1_VALID);
1660
1661 /* Schedule interrupt manually, if busy. */
1662 if (beacon0_valid && beacon1_valid) {
1663 b43_write32(dev, B43_MMIO_GEN_IRQ_REASON, B43_IRQ_BEACON);
1664 dev->irq_mask |= B43_IRQ_BEACON;
1665 return;
1666 }
1667
1668 if (unlikely(wl->beacon_templates_virgin)) {
1669 /* We never uploaded a beacon before.
1670 * Upload both templates now, but only mark one valid. */
1671 wl->beacon_templates_virgin = false;
1672 b43_upload_beacon0(dev);
1673 b43_upload_beacon1(dev);
1674 cmd = b43_read32(dev, B43_MMIO_MACCMD);
1675 cmd |= B43_MACCMD_BEACON0_VALID;
1676 b43_write32(dev, B43_MMIO_MACCMD, cmd);
1677 } else {
1678 if (!beacon0_valid) {
1679 b43_upload_beacon0(dev);
1680 cmd = b43_read32(dev, B43_MMIO_MACCMD);
1681 cmd |= B43_MACCMD_BEACON0_VALID;
1682 b43_write32(dev, B43_MMIO_MACCMD, cmd);
1683 } else if (!beacon1_valid) {
1684 b43_upload_beacon1(dev);
1685 cmd = b43_read32(dev, B43_MMIO_MACCMD);
1686 cmd |= B43_MACCMD_BEACON1_VALID;
1687 b43_write32(dev, B43_MMIO_MACCMD, cmd);
1688 }
1689 }
1690 }
1691
b43_do_beacon_update_trigger_work(struct b43_wldev * dev)1692 static void b43_do_beacon_update_trigger_work(struct b43_wldev *dev)
1693 {
1694 u32 old_irq_mask = dev->irq_mask;
1695
1696 /* update beacon right away or defer to irq */
1697 handle_irq_beacon(dev);
1698 if (old_irq_mask != dev->irq_mask) {
1699 /* The handler updated the IRQ mask. */
1700 B43_WARN_ON(!dev->irq_mask);
1701 if (b43_read32(dev, B43_MMIO_GEN_IRQ_MASK)) {
1702 b43_write32(dev, B43_MMIO_GEN_IRQ_MASK, dev->irq_mask);
1703 } else {
1704 /* Device interrupts are currently disabled. That means
1705 * we just ran the hardirq handler and scheduled the
1706 * IRQ thread. The thread will write the IRQ mask when
1707 * it finished, so there's nothing to do here. Writing
1708 * the mask _here_ would incorrectly re-enable IRQs. */
1709 }
1710 }
1711 }
1712
b43_beacon_update_trigger_work(struct work_struct * work)1713 static void b43_beacon_update_trigger_work(struct work_struct *work)
1714 {
1715 struct b43_wl *wl = container_of(work, struct b43_wl,
1716 beacon_update_trigger);
1717 struct b43_wldev *dev;
1718
1719 mutex_lock(&wl->mutex);
1720 dev = wl->current_dev;
1721 if (likely(dev && (b43_status(dev) >= B43_STAT_INITIALIZED))) {
1722 if (b43_bus_host_is_sdio(dev->dev)) {
1723 /* wl->mutex is enough. */
1724 b43_do_beacon_update_trigger_work(dev);
1725 mmiowb();
1726 } else {
1727 spin_lock_irq(&wl->hardirq_lock);
1728 b43_do_beacon_update_trigger_work(dev);
1729 mmiowb();
1730 spin_unlock_irq(&wl->hardirq_lock);
1731 }
1732 }
1733 mutex_unlock(&wl->mutex);
1734 }
1735
1736 /* Asynchronously update the packet templates in template RAM.
1737 * Locking: Requires wl->mutex to be locked. */
b43_update_templates(struct b43_wl * wl)1738 static void b43_update_templates(struct b43_wl *wl)
1739 {
1740 struct sk_buff *beacon;
1741
1742 /* This is the top half of the ansynchronous beacon update.
1743 * The bottom half is the beacon IRQ.
1744 * Beacon update must be asynchronous to avoid sending an
1745 * invalid beacon. This can happen for example, if the firmware
1746 * transmits a beacon while we are updating it. */
1747
1748 /* We could modify the existing beacon and set the aid bit in
1749 * the TIM field, but that would probably require resizing and
1750 * moving of data within the beacon template.
1751 * Simply request a new beacon and let mac80211 do the hard work. */
1752 beacon = ieee80211_beacon_get(wl->hw, wl->vif);
1753 if (unlikely(!beacon))
1754 return;
1755
1756 if (wl->current_beacon)
1757 dev_kfree_skb_any(wl->current_beacon);
1758 wl->current_beacon = beacon;
1759 wl->beacon0_uploaded = false;
1760 wl->beacon1_uploaded = false;
1761 ieee80211_queue_work(wl->hw, &wl->beacon_update_trigger);
1762 }
1763
b43_set_beacon_int(struct b43_wldev * dev,u16 beacon_int)1764 static void b43_set_beacon_int(struct b43_wldev *dev, u16 beacon_int)
1765 {
1766 b43_time_lock(dev);
1767 if (dev->dev->core_rev >= 3) {
1768 b43_write32(dev, B43_MMIO_TSF_CFP_REP, (beacon_int << 16));
1769 b43_write32(dev, B43_MMIO_TSF_CFP_START, (beacon_int << 10));
1770 } else {
1771 b43_write16(dev, 0x606, (beacon_int >> 6));
1772 b43_write16(dev, 0x610, beacon_int);
1773 }
1774 b43_time_unlock(dev);
1775 b43dbg(dev->wl, "Set beacon interval to %u\n", beacon_int);
1776 }
1777
b43_handle_firmware_panic(struct b43_wldev * dev)1778 static void b43_handle_firmware_panic(struct b43_wldev *dev)
1779 {
1780 u16 reason;
1781
1782 /* Read the register that contains the reason code for the panic. */
1783 reason = b43_shm_read16(dev, B43_SHM_SCRATCH, B43_FWPANIC_REASON_REG);
1784 b43err(dev->wl, "Whoopsy, firmware panic! Reason: %u\n", reason);
1785
1786 switch (reason) {
1787 default:
1788 b43dbg(dev->wl, "The panic reason is unknown.\n");
1789 /* fallthrough */
1790 case B43_FWPANIC_DIE:
1791 /* Do not restart the controller or firmware.
1792 * The device is nonfunctional from now on.
1793 * Restarting would result in this panic to trigger again,
1794 * so we avoid that recursion. */
1795 break;
1796 case B43_FWPANIC_RESTART:
1797 b43_controller_restart(dev, "Microcode panic");
1798 break;
1799 }
1800 }
1801
handle_irq_ucode_debug(struct b43_wldev * dev)1802 static void handle_irq_ucode_debug(struct b43_wldev *dev)
1803 {
1804 unsigned int i, cnt;
1805 u16 reason, marker_id, marker_line;
1806 __le16 *buf;
1807
1808 /* The proprietary firmware doesn't have this IRQ. */
1809 if (!dev->fw.opensource)
1810 return;
1811
1812 /* Read the register that contains the reason code for this IRQ. */
1813 reason = b43_shm_read16(dev, B43_SHM_SCRATCH, B43_DEBUGIRQ_REASON_REG);
1814
1815 switch (reason) {
1816 case B43_DEBUGIRQ_PANIC:
1817 b43_handle_firmware_panic(dev);
1818 break;
1819 case B43_DEBUGIRQ_DUMP_SHM:
1820 if (!B43_DEBUG)
1821 break; /* Only with driver debugging enabled. */
1822 buf = kmalloc(4096, GFP_ATOMIC);
1823 if (!buf) {
1824 b43dbg(dev->wl, "SHM-dump: Failed to allocate memory\n");
1825 goto out;
1826 }
1827 for (i = 0; i < 4096; i += 2) {
1828 u16 tmp = b43_shm_read16(dev, B43_SHM_SHARED, i);
1829 buf[i / 2] = cpu_to_le16(tmp);
1830 }
1831 b43info(dev->wl, "Shared memory dump:\n");
1832 print_hex_dump(KERN_INFO, "", DUMP_PREFIX_OFFSET,
1833 16, 2, buf, 4096, 1);
1834 kfree(buf);
1835 break;
1836 case B43_DEBUGIRQ_DUMP_REGS:
1837 if (!B43_DEBUG)
1838 break; /* Only with driver debugging enabled. */
1839 b43info(dev->wl, "Microcode register dump:\n");
1840 for (i = 0, cnt = 0; i < 64; i++) {
1841 u16 tmp = b43_shm_read16(dev, B43_SHM_SCRATCH, i);
1842 if (cnt == 0)
1843 printk(KERN_INFO);
1844 printk("r%02u: 0x%04X ", i, tmp);
1845 cnt++;
1846 if (cnt == 6) {
1847 printk("\n");
1848 cnt = 0;
1849 }
1850 }
1851 printk("\n");
1852 break;
1853 case B43_DEBUGIRQ_MARKER:
1854 if (!B43_DEBUG)
1855 break; /* Only with driver debugging enabled. */
1856 marker_id = b43_shm_read16(dev, B43_SHM_SCRATCH,
1857 B43_MARKER_ID_REG);
1858 marker_line = b43_shm_read16(dev, B43_SHM_SCRATCH,
1859 B43_MARKER_LINE_REG);
1860 b43info(dev->wl, "The firmware just executed the MARKER(%u) "
1861 "at line number %u\n",
1862 marker_id, marker_line);
1863 break;
1864 default:
1865 b43dbg(dev->wl, "Debug-IRQ triggered for unknown reason: %u\n",
1866 reason);
1867 }
1868 out:
1869 /* Acknowledge the debug-IRQ, so the firmware can continue. */
1870 b43_shm_write16(dev, B43_SHM_SCRATCH,
1871 B43_DEBUGIRQ_REASON_REG, B43_DEBUGIRQ_ACK);
1872 }
1873
b43_do_interrupt_thread(struct b43_wldev * dev)1874 static void b43_do_interrupt_thread(struct b43_wldev *dev)
1875 {
1876 u32 reason;
1877 u32 dma_reason[ARRAY_SIZE(dev->dma_reason)];
1878 u32 merged_dma_reason = 0;
1879 int i;
1880
1881 if (unlikely(b43_status(dev) != B43_STAT_STARTED))
1882 return;
1883
1884 reason = dev->irq_reason;
1885 for (i = 0; i < ARRAY_SIZE(dma_reason); i++) {
1886 dma_reason[i] = dev->dma_reason[i];
1887 merged_dma_reason |= dma_reason[i];
1888 }
1889
1890 if (unlikely(reason & B43_IRQ_MAC_TXERR))
1891 b43err(dev->wl, "MAC transmission error\n");
1892
1893 if (unlikely(reason & B43_IRQ_PHY_TXERR)) {
1894 b43err(dev->wl, "PHY transmission error\n");
1895 rmb();
1896 if (unlikely(atomic_dec_and_test(&dev->phy.txerr_cnt))) {
1897 atomic_set(&dev->phy.txerr_cnt,
1898 B43_PHY_TX_BADNESS_LIMIT);
1899 b43err(dev->wl, "Too many PHY TX errors, "
1900 "restarting the controller\n");
1901 b43_controller_restart(dev, "PHY TX errors");
1902 }
1903 }
1904
1905 if (unlikely(merged_dma_reason & (B43_DMAIRQ_FATALMASK))) {
1906 b43err(dev->wl,
1907 "Fatal DMA error: 0x%08X, 0x%08X, 0x%08X, 0x%08X, 0x%08X, 0x%08X\n",
1908 dma_reason[0], dma_reason[1],
1909 dma_reason[2], dma_reason[3],
1910 dma_reason[4], dma_reason[5]);
1911 b43err(dev->wl, "This device does not support DMA "
1912 "on your system. It will now be switched to PIO.\n");
1913 /* Fall back to PIO transfers if we get fatal DMA errors! */
1914 dev->use_pio = true;
1915 b43_controller_restart(dev, "DMA error");
1916 return;
1917 }
1918
1919 if (unlikely(reason & B43_IRQ_UCODE_DEBUG))
1920 handle_irq_ucode_debug(dev);
1921 if (reason & B43_IRQ_TBTT_INDI)
1922 handle_irq_tbtt_indication(dev);
1923 if (reason & B43_IRQ_ATIM_END)
1924 handle_irq_atim_end(dev);
1925 if (reason & B43_IRQ_BEACON)
1926 handle_irq_beacon(dev);
1927 if (reason & B43_IRQ_PMQ)
1928 handle_irq_pmq(dev);
1929 if (reason & B43_IRQ_TXFIFO_FLUSH_OK)
1930 ;/* TODO */
1931 if (reason & B43_IRQ_NOISESAMPLE_OK)
1932 handle_irq_noise(dev);
1933
1934 /* Check the DMA reason registers for received data. */
1935 if (dma_reason[0] & B43_DMAIRQ_RDESC_UFLOW) {
1936 if (B43_DEBUG)
1937 b43warn(dev->wl, "RX descriptor underrun\n");
1938 b43_dma_handle_rx_overflow(dev->dma.rx_ring);
1939 }
1940 if (dma_reason[0] & B43_DMAIRQ_RX_DONE) {
1941 if (b43_using_pio_transfers(dev))
1942 b43_pio_rx(dev->pio.rx_queue);
1943 else
1944 b43_dma_rx(dev->dma.rx_ring);
1945 }
1946 B43_WARN_ON(dma_reason[1] & B43_DMAIRQ_RX_DONE);
1947 B43_WARN_ON(dma_reason[2] & B43_DMAIRQ_RX_DONE);
1948 B43_WARN_ON(dma_reason[3] & B43_DMAIRQ_RX_DONE);
1949 B43_WARN_ON(dma_reason[4] & B43_DMAIRQ_RX_DONE);
1950 B43_WARN_ON(dma_reason[5] & B43_DMAIRQ_RX_DONE);
1951
1952 if (reason & B43_IRQ_TX_OK)
1953 handle_irq_transmit_status(dev);
1954
1955 /* Re-enable interrupts on the device by restoring the current interrupt mask. */
1956 b43_write32(dev, B43_MMIO_GEN_IRQ_MASK, dev->irq_mask);
1957
1958 #if B43_DEBUG
1959 if (b43_debug(dev, B43_DBG_VERBOSESTATS)) {
1960 dev->irq_count++;
1961 for (i = 0; i < ARRAY_SIZE(dev->irq_bit_count); i++) {
1962 if (reason & (1 << i))
1963 dev->irq_bit_count[i]++;
1964 }
1965 }
1966 #endif
1967 }
1968
1969 /* Interrupt thread handler. Handles device interrupts in thread context. */
b43_interrupt_thread_handler(int irq,void * dev_id)1970 static irqreturn_t b43_interrupt_thread_handler(int irq, void *dev_id)
1971 {
1972 struct b43_wldev *dev = dev_id;
1973
1974 mutex_lock(&dev->wl->mutex);
1975 b43_do_interrupt_thread(dev);
1976 mmiowb();
1977 mutex_unlock(&dev->wl->mutex);
1978
1979 return IRQ_HANDLED;
1980 }
1981
b43_do_interrupt(struct b43_wldev * dev)1982 static irqreturn_t b43_do_interrupt(struct b43_wldev *dev)
1983 {
1984 u32 reason;
1985
1986 /* This code runs under wl->hardirq_lock, but _only_ on non-SDIO busses.
1987 * On SDIO, this runs under wl->mutex. */
1988
1989 reason = b43_read32(dev, B43_MMIO_GEN_IRQ_REASON);
1990 if (reason == 0xffffffff) /* shared IRQ */
1991 return IRQ_NONE;
1992 reason &= dev->irq_mask;
1993 if (!reason)
1994 return IRQ_NONE;
1995
1996 dev->dma_reason[0] = b43_read32(dev, B43_MMIO_DMA0_REASON)
1997 & 0x0001FC00;
1998 dev->dma_reason[1] = b43_read32(dev, B43_MMIO_DMA1_REASON)
1999 & 0x0000DC00;
2000 dev->dma_reason[2] = b43_read32(dev, B43_MMIO_DMA2_REASON)
2001 & 0x0000DC00;
2002 dev->dma_reason[3] = b43_read32(dev, B43_MMIO_DMA3_REASON)
2003 & 0x0001DC00;
2004 dev->dma_reason[4] = b43_read32(dev, B43_MMIO_DMA4_REASON)
2005 & 0x0000DC00;
2006 /* Unused ring
2007 dev->dma_reason[5] = b43_read32(dev, B43_MMIO_DMA5_REASON)
2008 & 0x0000DC00;
2009 */
2010
2011 /* ACK the interrupt. */
2012 b43_write32(dev, B43_MMIO_GEN_IRQ_REASON, reason);
2013 b43_write32(dev, B43_MMIO_DMA0_REASON, dev->dma_reason[0]);
2014 b43_write32(dev, B43_MMIO_DMA1_REASON, dev->dma_reason[1]);
2015 b43_write32(dev, B43_MMIO_DMA2_REASON, dev->dma_reason[2]);
2016 b43_write32(dev, B43_MMIO_DMA3_REASON, dev->dma_reason[3]);
2017 b43_write32(dev, B43_MMIO_DMA4_REASON, dev->dma_reason[4]);
2018 /* Unused ring
2019 b43_write32(dev, B43_MMIO_DMA5_REASON, dev->dma_reason[5]);
2020 */
2021
2022 /* Disable IRQs on the device. The IRQ thread handler will re-enable them. */
2023 b43_write32(dev, B43_MMIO_GEN_IRQ_MASK, 0);
2024 /* Save the reason bitmasks for the IRQ thread handler. */
2025 dev->irq_reason = reason;
2026
2027 return IRQ_WAKE_THREAD;
2028 }
2029
2030 /* Interrupt handler top-half. This runs with interrupts disabled. */
b43_interrupt_handler(int irq,void * dev_id)2031 static irqreturn_t b43_interrupt_handler(int irq, void *dev_id)
2032 {
2033 struct b43_wldev *dev = dev_id;
2034 irqreturn_t ret;
2035
2036 if (unlikely(b43_status(dev) < B43_STAT_STARTED))
2037 return IRQ_NONE;
2038
2039 spin_lock(&dev->wl->hardirq_lock);
2040 ret = b43_do_interrupt(dev);
2041 mmiowb();
2042 spin_unlock(&dev->wl->hardirq_lock);
2043
2044 return ret;
2045 }
2046
2047 /* SDIO interrupt handler. This runs in process context. */
b43_sdio_interrupt_handler(struct b43_wldev * dev)2048 static void b43_sdio_interrupt_handler(struct b43_wldev *dev)
2049 {
2050 struct b43_wl *wl = dev->wl;
2051 irqreturn_t ret;
2052
2053 mutex_lock(&wl->mutex);
2054
2055 ret = b43_do_interrupt(dev);
2056 if (ret == IRQ_WAKE_THREAD)
2057 b43_do_interrupt_thread(dev);
2058
2059 mutex_unlock(&wl->mutex);
2060 }
2061
b43_do_release_fw(struct b43_firmware_file * fw)2062 void b43_do_release_fw(struct b43_firmware_file *fw)
2063 {
2064 release_firmware(fw->data);
2065 fw->data = NULL;
2066 fw->filename = NULL;
2067 }
2068
b43_release_firmware(struct b43_wldev * dev)2069 static void b43_release_firmware(struct b43_wldev *dev)
2070 {
2071 b43_do_release_fw(&dev->fw.ucode);
2072 b43_do_release_fw(&dev->fw.pcm);
2073 b43_do_release_fw(&dev->fw.initvals);
2074 b43_do_release_fw(&dev->fw.initvals_band);
2075 }
2076
b43_print_fw_helptext(struct b43_wl * wl,bool error)2077 static void b43_print_fw_helptext(struct b43_wl *wl, bool error)
2078 {
2079 const char text[] =
2080 "You must go to " \
2081 "http://wireless.kernel.org/en/users/Drivers/b43#devicefirmware " \
2082 "and download the correct firmware for this driver version. " \
2083 "Please carefully read all instructions on this website.\n";
2084
2085 if (error)
2086 b43err(wl, text);
2087 else
2088 b43warn(wl, text);
2089 }
2090
b43_fw_cb(const struct firmware * firmware,void * context)2091 static void b43_fw_cb(const struct firmware *firmware, void *context)
2092 {
2093 struct b43_request_fw_context *ctx = context;
2094
2095 ctx->blob = firmware;
2096 complete(&ctx->fw_load_complete);
2097 }
2098
b43_do_request_fw(struct b43_request_fw_context * ctx,const char * name,struct b43_firmware_file * fw,bool async)2099 int b43_do_request_fw(struct b43_request_fw_context *ctx,
2100 const char *name,
2101 struct b43_firmware_file *fw, bool async)
2102 {
2103 struct b43_fw_header *hdr;
2104 u32 size;
2105 int err;
2106
2107 if (!name) {
2108 /* Don't fetch anything. Free possibly cached firmware. */
2109 /* FIXME: We should probably keep it anyway, to save some headache
2110 * on suspend/resume with multiband devices. */
2111 b43_do_release_fw(fw);
2112 return 0;
2113 }
2114 if (fw->filename) {
2115 if ((fw->type == ctx->req_type) &&
2116 (strcmp(fw->filename, name) == 0))
2117 return 0; /* Already have this fw. */
2118 /* Free the cached firmware first. */
2119 /* FIXME: We should probably do this later after we successfully
2120 * got the new fw. This could reduce headache with multiband devices.
2121 * We could also redesign this to cache the firmware for all possible
2122 * bands all the time. */
2123 b43_do_release_fw(fw);
2124 }
2125
2126 switch (ctx->req_type) {
2127 case B43_FWTYPE_PROPRIETARY:
2128 snprintf(ctx->fwname, sizeof(ctx->fwname),
2129 "b43%s/%s.fw",
2130 modparam_fwpostfix, name);
2131 break;
2132 case B43_FWTYPE_OPENSOURCE:
2133 snprintf(ctx->fwname, sizeof(ctx->fwname),
2134 "b43-open%s/%s.fw",
2135 modparam_fwpostfix, name);
2136 break;
2137 default:
2138 B43_WARN_ON(1);
2139 return -ENOSYS;
2140 }
2141 if (async) {
2142 /* do this part asynchronously */
2143 init_completion(&ctx->fw_load_complete);
2144 err = request_firmware_nowait(THIS_MODULE, 1, ctx->fwname,
2145 ctx->dev->dev->dev, GFP_KERNEL,
2146 ctx, b43_fw_cb);
2147 if (err < 0) {
2148 pr_err("Unable to load firmware\n");
2149 return err;
2150 }
2151 /* stall here until fw ready */
2152 wait_for_completion(&ctx->fw_load_complete);
2153 if (ctx->blob)
2154 goto fw_ready;
2155 /* On some ARM systems, the async request will fail, but the next sync
2156 * request works. For this reason, we dall through here
2157 */
2158 }
2159 err = request_firmware(&ctx->blob, ctx->fwname,
2160 ctx->dev->dev->dev);
2161 if (err == -ENOENT) {
2162 snprintf(ctx->errors[ctx->req_type],
2163 sizeof(ctx->errors[ctx->req_type]),
2164 "Firmware file \"%s\" not found\n",
2165 ctx->fwname);
2166 return err;
2167 } else if (err) {
2168 snprintf(ctx->errors[ctx->req_type],
2169 sizeof(ctx->errors[ctx->req_type]),
2170 "Firmware file \"%s\" request failed (err=%d)\n",
2171 ctx->fwname, err);
2172 return err;
2173 }
2174 fw_ready:
2175 if (ctx->blob->size < sizeof(struct b43_fw_header))
2176 goto err_format;
2177 hdr = (struct b43_fw_header *)(ctx->blob->data);
2178 switch (hdr->type) {
2179 case B43_FW_TYPE_UCODE:
2180 case B43_FW_TYPE_PCM:
2181 size = be32_to_cpu(hdr->size);
2182 if (size != ctx->blob->size - sizeof(struct b43_fw_header))
2183 goto err_format;
2184 /* fallthrough */
2185 case B43_FW_TYPE_IV:
2186 if (hdr->ver != 1)
2187 goto err_format;
2188 break;
2189 default:
2190 goto err_format;
2191 }
2192
2193 fw->data = ctx->blob;
2194 fw->filename = name;
2195 fw->type = ctx->req_type;
2196
2197 return 0;
2198
2199 err_format:
2200 snprintf(ctx->errors[ctx->req_type],
2201 sizeof(ctx->errors[ctx->req_type]),
2202 "Firmware file \"%s\" format error.\n", ctx->fwname);
2203 release_firmware(ctx->blob);
2204
2205 return -EPROTO;
2206 }
2207
b43_try_request_fw(struct b43_request_fw_context * ctx)2208 static int b43_try_request_fw(struct b43_request_fw_context *ctx)
2209 {
2210 struct b43_wldev *dev = ctx->dev;
2211 struct b43_firmware *fw = &ctx->dev->fw;
2212 const u8 rev = ctx->dev->dev->core_rev;
2213 const char *filename;
2214 u32 tmshigh;
2215 int err;
2216
2217 /* Files for HT and LCN were found by trying one by one */
2218
2219 /* Get microcode */
2220 if ((rev >= 5) && (rev <= 10)) {
2221 filename = "ucode5";
2222 } else if ((rev >= 11) && (rev <= 12)) {
2223 filename = "ucode11";
2224 } else if (rev == 13) {
2225 filename = "ucode13";
2226 } else if (rev == 14) {
2227 filename = "ucode14";
2228 } else if (rev == 15) {
2229 filename = "ucode15";
2230 } else {
2231 switch (dev->phy.type) {
2232 case B43_PHYTYPE_N:
2233 if (rev >= 16)
2234 filename = "ucode16_mimo";
2235 else
2236 goto err_no_ucode;
2237 break;
2238 case B43_PHYTYPE_HT:
2239 if (rev == 29)
2240 filename = "ucode29_mimo";
2241 else
2242 goto err_no_ucode;
2243 break;
2244 case B43_PHYTYPE_LCN:
2245 if (rev == 24)
2246 filename = "ucode24_mimo";
2247 else
2248 goto err_no_ucode;
2249 break;
2250 default:
2251 goto err_no_ucode;
2252 }
2253 }
2254 err = b43_do_request_fw(ctx, filename, &fw->ucode, true);
2255 if (err)
2256 goto err_load;
2257
2258 /* Get PCM code */
2259 if ((rev >= 5) && (rev <= 10))
2260 filename = "pcm5";
2261 else if (rev >= 11)
2262 filename = NULL;
2263 else
2264 goto err_no_pcm;
2265 fw->pcm_request_failed = false;
2266 err = b43_do_request_fw(ctx, filename, &fw->pcm, false);
2267 if (err == -ENOENT) {
2268 /* We did not find a PCM file? Not fatal, but
2269 * core rev <= 10 must do without hwcrypto then. */
2270 fw->pcm_request_failed = true;
2271 } else if (err)
2272 goto err_load;
2273
2274 /* Get initvals */
2275 switch (dev->phy.type) {
2276 case B43_PHYTYPE_A:
2277 if ((rev >= 5) && (rev <= 10)) {
2278 tmshigh = ssb_read32(dev->dev->sdev, SSB_TMSHIGH);
2279 if (tmshigh & B43_TMSHIGH_HAVE_2GHZ_PHY)
2280 filename = "a0g1initvals5";
2281 else
2282 filename = "a0g0initvals5";
2283 } else
2284 goto err_no_initvals;
2285 break;
2286 case B43_PHYTYPE_G:
2287 if ((rev >= 5) && (rev <= 10))
2288 filename = "b0g0initvals5";
2289 else if (rev >= 13)
2290 filename = "b0g0initvals13";
2291 else
2292 goto err_no_initvals;
2293 break;
2294 case B43_PHYTYPE_N:
2295 if (rev >= 16)
2296 filename = "n0initvals16";
2297 else if ((rev >= 11) && (rev <= 12))
2298 filename = "n0initvals11";
2299 else
2300 goto err_no_initvals;
2301 break;
2302 case B43_PHYTYPE_LP:
2303 if (rev == 13)
2304 filename = "lp0initvals13";
2305 else if (rev == 14)
2306 filename = "lp0initvals14";
2307 else if (rev >= 15)
2308 filename = "lp0initvals15";
2309 else
2310 goto err_no_initvals;
2311 break;
2312 case B43_PHYTYPE_HT:
2313 if (rev == 29)
2314 filename = "ht0initvals29";
2315 else
2316 goto err_no_initvals;
2317 break;
2318 case B43_PHYTYPE_LCN:
2319 if (rev == 24)
2320 filename = "lcn0initvals24";
2321 else
2322 goto err_no_initvals;
2323 break;
2324 default:
2325 goto err_no_initvals;
2326 }
2327 err = b43_do_request_fw(ctx, filename, &fw->initvals, false);
2328 if (err)
2329 goto err_load;
2330
2331 /* Get bandswitch initvals */
2332 switch (dev->phy.type) {
2333 case B43_PHYTYPE_A:
2334 if ((rev >= 5) && (rev <= 10)) {
2335 tmshigh = ssb_read32(dev->dev->sdev, SSB_TMSHIGH);
2336 if (tmshigh & B43_TMSHIGH_HAVE_2GHZ_PHY)
2337 filename = "a0g1bsinitvals5";
2338 else
2339 filename = "a0g0bsinitvals5";
2340 } else if (rev >= 11)
2341 filename = NULL;
2342 else
2343 goto err_no_initvals;
2344 break;
2345 case B43_PHYTYPE_G:
2346 if ((rev >= 5) && (rev <= 10))
2347 filename = "b0g0bsinitvals5";
2348 else if (rev >= 11)
2349 filename = NULL;
2350 else
2351 goto err_no_initvals;
2352 break;
2353 case B43_PHYTYPE_N:
2354 if (rev >= 16)
2355 filename = "n0bsinitvals16";
2356 else if ((rev >= 11) && (rev <= 12))
2357 filename = "n0bsinitvals11";
2358 else
2359 goto err_no_initvals;
2360 break;
2361 case B43_PHYTYPE_LP:
2362 if (rev == 13)
2363 filename = "lp0bsinitvals13";
2364 else if (rev == 14)
2365 filename = "lp0bsinitvals14";
2366 else if (rev >= 15)
2367 filename = "lp0bsinitvals15";
2368 else
2369 goto err_no_initvals;
2370 break;
2371 case B43_PHYTYPE_HT:
2372 if (rev == 29)
2373 filename = "ht0bsinitvals29";
2374 else
2375 goto err_no_initvals;
2376 break;
2377 case B43_PHYTYPE_LCN:
2378 if (rev == 24)
2379 filename = "lcn0bsinitvals24";
2380 else
2381 goto err_no_initvals;
2382 break;
2383 default:
2384 goto err_no_initvals;
2385 }
2386 err = b43_do_request_fw(ctx, filename, &fw->initvals_band, false);
2387 if (err)
2388 goto err_load;
2389
2390 fw->opensource = (ctx->req_type == B43_FWTYPE_OPENSOURCE);
2391
2392 return 0;
2393
2394 err_no_ucode:
2395 err = ctx->fatal_failure = -EOPNOTSUPP;
2396 b43err(dev->wl, "The driver does not know which firmware (ucode) "
2397 "is required for your device (wl-core rev %u)\n", rev);
2398 goto error;
2399
2400 err_no_pcm:
2401 err = ctx->fatal_failure = -EOPNOTSUPP;
2402 b43err(dev->wl, "The driver does not know which firmware (PCM) "
2403 "is required for your device (wl-core rev %u)\n", rev);
2404 goto error;
2405
2406 err_no_initvals:
2407 err = ctx->fatal_failure = -EOPNOTSUPP;
2408 b43err(dev->wl, "The driver does not know which firmware (initvals) "
2409 "is required for your device (wl-core rev %u)\n", rev);
2410 goto error;
2411
2412 err_load:
2413 /* We failed to load this firmware image. The error message
2414 * already is in ctx->errors. Return and let our caller decide
2415 * what to do. */
2416 goto error;
2417
2418 error:
2419 b43_release_firmware(dev);
2420 return err;
2421 }
2422
2423 static int b43_one_core_attach(struct b43_bus_dev *dev, struct b43_wl *wl);
2424 static void b43_one_core_detach(struct b43_bus_dev *dev);
2425
b43_request_firmware(struct work_struct * work)2426 static void b43_request_firmware(struct work_struct *work)
2427 {
2428 struct b43_wl *wl = container_of(work,
2429 struct b43_wl, firmware_load);
2430 struct b43_wldev *dev = wl->current_dev;
2431 struct b43_request_fw_context *ctx;
2432 unsigned int i;
2433 int err;
2434 const char *errmsg;
2435
2436 ctx = kzalloc(sizeof(*ctx), GFP_KERNEL);
2437 if (!ctx)
2438 return;
2439 ctx->dev = dev;
2440
2441 ctx->req_type = B43_FWTYPE_PROPRIETARY;
2442 err = b43_try_request_fw(ctx);
2443 if (!err)
2444 goto start_ieee80211; /* Successfully loaded it. */
2445 /* Was fw version known? */
2446 if (ctx->fatal_failure)
2447 goto out;
2448
2449 /* proprietary fw not found, try open source */
2450 ctx->req_type = B43_FWTYPE_OPENSOURCE;
2451 err = b43_try_request_fw(ctx);
2452 if (!err)
2453 goto start_ieee80211; /* Successfully loaded it. */
2454 if(ctx->fatal_failure)
2455 goto out;
2456
2457 /* Could not find a usable firmware. Print the errors. */
2458 for (i = 0; i < B43_NR_FWTYPES; i++) {
2459 errmsg = ctx->errors[i];
2460 if (strlen(errmsg))
2461 b43err(dev->wl, "%s", errmsg);
2462 }
2463 b43_print_fw_helptext(dev->wl, 1);
2464 goto out;
2465
2466 start_ieee80211:
2467 wl->hw->queues = B43_QOS_QUEUE_NUM;
2468 if (!modparam_qos || dev->fw.opensource)
2469 wl->hw->queues = 1;
2470
2471 err = ieee80211_register_hw(wl->hw);
2472 if (err)
2473 goto err_one_core_detach;
2474 wl->hw_registred = true;
2475 b43_leds_register(wl->current_dev);
2476 goto out;
2477
2478 err_one_core_detach:
2479 b43_one_core_detach(dev->dev);
2480
2481 out:
2482 kfree(ctx);
2483 }
2484
b43_upload_microcode(struct b43_wldev * dev)2485 static int b43_upload_microcode(struct b43_wldev *dev)
2486 {
2487 struct wiphy *wiphy = dev->wl->hw->wiphy;
2488 const size_t hdr_len = sizeof(struct b43_fw_header);
2489 const __be32 *data;
2490 unsigned int i, len;
2491 u16 fwrev, fwpatch, fwdate, fwtime;
2492 u32 tmp, macctl;
2493 int err = 0;
2494
2495 /* Jump the microcode PSM to offset 0 */
2496 macctl = b43_read32(dev, B43_MMIO_MACCTL);
2497 B43_WARN_ON(macctl & B43_MACCTL_PSM_RUN);
2498 macctl |= B43_MACCTL_PSM_JMP0;
2499 b43_write32(dev, B43_MMIO_MACCTL, macctl);
2500 /* Zero out all microcode PSM registers and shared memory. */
2501 for (i = 0; i < 64; i++)
2502 b43_shm_write16(dev, B43_SHM_SCRATCH, i, 0);
2503 for (i = 0; i < 4096; i += 2)
2504 b43_shm_write16(dev, B43_SHM_SHARED, i, 0);
2505
2506 /* Upload Microcode. */
2507 data = (__be32 *) (dev->fw.ucode.data->data + hdr_len);
2508 len = (dev->fw.ucode.data->size - hdr_len) / sizeof(__be32);
2509 b43_shm_control_word(dev, B43_SHM_UCODE | B43_SHM_AUTOINC_W, 0x0000);
2510 for (i = 0; i < len; i++) {
2511 b43_write32(dev, B43_MMIO_SHM_DATA, be32_to_cpu(data[i]));
2512 udelay(10);
2513 }
2514
2515 if (dev->fw.pcm.data) {
2516 /* Upload PCM data. */
2517 data = (__be32 *) (dev->fw.pcm.data->data + hdr_len);
2518 len = (dev->fw.pcm.data->size - hdr_len) / sizeof(__be32);
2519 b43_shm_control_word(dev, B43_SHM_HW, 0x01EA);
2520 b43_write32(dev, B43_MMIO_SHM_DATA, 0x00004000);
2521 /* No need for autoinc bit in SHM_HW */
2522 b43_shm_control_word(dev, B43_SHM_HW, 0x01EB);
2523 for (i = 0; i < len; i++) {
2524 b43_write32(dev, B43_MMIO_SHM_DATA, be32_to_cpu(data[i]));
2525 udelay(10);
2526 }
2527 }
2528
2529 b43_write32(dev, B43_MMIO_GEN_IRQ_REASON, B43_IRQ_ALL);
2530
2531 /* Start the microcode PSM */
2532 b43_maskset32(dev, B43_MMIO_MACCTL, ~B43_MACCTL_PSM_JMP0,
2533 B43_MACCTL_PSM_RUN);
2534
2535 /* Wait for the microcode to load and respond */
2536 i = 0;
2537 while (1) {
2538 tmp = b43_read32(dev, B43_MMIO_GEN_IRQ_REASON);
2539 if (tmp == B43_IRQ_MAC_SUSPENDED)
2540 break;
2541 i++;
2542 if (i >= 20) {
2543 b43err(dev->wl, "Microcode not responding\n");
2544 b43_print_fw_helptext(dev->wl, 1);
2545 err = -ENODEV;
2546 goto error;
2547 }
2548 msleep(50);
2549 }
2550 b43_read32(dev, B43_MMIO_GEN_IRQ_REASON); /* dummy read */
2551
2552 /* Get and check the revisions. */
2553 fwrev = b43_shm_read16(dev, B43_SHM_SHARED, B43_SHM_SH_UCODEREV);
2554 fwpatch = b43_shm_read16(dev, B43_SHM_SHARED, B43_SHM_SH_UCODEPATCH);
2555 fwdate = b43_shm_read16(dev, B43_SHM_SHARED, B43_SHM_SH_UCODEDATE);
2556 fwtime = b43_shm_read16(dev, B43_SHM_SHARED, B43_SHM_SH_UCODETIME);
2557
2558 if (fwrev <= 0x128) {
2559 b43err(dev->wl, "YOUR FIRMWARE IS TOO OLD. Firmware from "
2560 "binary drivers older than version 4.x is unsupported. "
2561 "You must upgrade your firmware files.\n");
2562 b43_print_fw_helptext(dev->wl, 1);
2563 err = -EOPNOTSUPP;
2564 goto error;
2565 }
2566 dev->fw.rev = fwrev;
2567 dev->fw.patch = fwpatch;
2568 if (dev->fw.rev >= 598)
2569 dev->fw.hdr_format = B43_FW_HDR_598;
2570 else if (dev->fw.rev >= 410)
2571 dev->fw.hdr_format = B43_FW_HDR_410;
2572 else
2573 dev->fw.hdr_format = B43_FW_HDR_351;
2574 WARN_ON(dev->fw.opensource != (fwdate == 0xFFFF));
2575
2576 dev->qos_enabled = dev->wl->hw->queues > 1;
2577 /* Default to firmware/hardware crypto acceleration. */
2578 dev->hwcrypto_enabled = true;
2579
2580 if (dev->fw.opensource) {
2581 u16 fwcapa;
2582
2583 /* Patchlevel info is encoded in the "time" field. */
2584 dev->fw.patch = fwtime;
2585 b43info(dev->wl, "Loading OpenSource firmware version %u.%u\n",
2586 dev->fw.rev, dev->fw.patch);
2587
2588 fwcapa = b43_fwcapa_read(dev);
2589 if (!(fwcapa & B43_FWCAPA_HWCRYPTO) || dev->fw.pcm_request_failed) {
2590 b43info(dev->wl, "Hardware crypto acceleration not supported by firmware\n");
2591 /* Disable hardware crypto and fall back to software crypto. */
2592 dev->hwcrypto_enabled = false;
2593 }
2594 /* adding QoS support should use an offline discovery mechanism */
2595 WARN(fwcapa & B43_FWCAPA_QOS, "QoS in OpenFW not supported\n");
2596 } else {
2597 b43info(dev->wl, "Loading firmware version %u.%u "
2598 "(20%.2i-%.2i-%.2i %.2i:%.2i:%.2i)\n",
2599 fwrev, fwpatch,
2600 (fwdate >> 12) & 0xF, (fwdate >> 8) & 0xF, fwdate & 0xFF,
2601 (fwtime >> 11) & 0x1F, (fwtime >> 5) & 0x3F, fwtime & 0x1F);
2602 if (dev->fw.pcm_request_failed) {
2603 b43warn(dev->wl, "No \"pcm5.fw\" firmware file found. "
2604 "Hardware accelerated cryptography is disabled.\n");
2605 b43_print_fw_helptext(dev->wl, 0);
2606 }
2607 }
2608
2609 snprintf(wiphy->fw_version, sizeof(wiphy->fw_version), "%u.%u",
2610 dev->fw.rev, dev->fw.patch);
2611 wiphy->hw_version = dev->dev->core_id;
2612
2613 if (dev->fw.hdr_format == B43_FW_HDR_351) {
2614 /* We're over the deadline, but we keep support for old fw
2615 * until it turns out to be in major conflict with something new. */
2616 b43warn(dev->wl, "You are using an old firmware image. "
2617 "Support for old firmware will be removed soon "
2618 "(official deadline was July 2008).\n");
2619 b43_print_fw_helptext(dev->wl, 0);
2620 }
2621
2622 return 0;
2623
2624 error:
2625 /* Stop the microcode PSM. */
2626 b43_maskset32(dev, B43_MMIO_MACCTL, ~B43_MACCTL_PSM_RUN,
2627 B43_MACCTL_PSM_JMP0);
2628
2629 return err;
2630 }
2631
b43_write_initvals(struct b43_wldev * dev,const struct b43_iv * ivals,size_t count,size_t array_size)2632 static int b43_write_initvals(struct b43_wldev *dev,
2633 const struct b43_iv *ivals,
2634 size_t count,
2635 size_t array_size)
2636 {
2637 const struct b43_iv *iv;
2638 u16 offset;
2639 size_t i;
2640 bool bit32;
2641
2642 BUILD_BUG_ON(sizeof(struct b43_iv) != 6);
2643 iv = ivals;
2644 for (i = 0; i < count; i++) {
2645 if (array_size < sizeof(iv->offset_size))
2646 goto err_format;
2647 array_size -= sizeof(iv->offset_size);
2648 offset = be16_to_cpu(iv->offset_size);
2649 bit32 = !!(offset & B43_IV_32BIT);
2650 offset &= B43_IV_OFFSET_MASK;
2651 if (offset >= 0x1000)
2652 goto err_format;
2653 if (bit32) {
2654 u32 value;
2655
2656 if (array_size < sizeof(iv->data.d32))
2657 goto err_format;
2658 array_size -= sizeof(iv->data.d32);
2659
2660 value = get_unaligned_be32(&iv->data.d32);
2661 b43_write32(dev, offset, value);
2662
2663 iv = (const struct b43_iv *)((const uint8_t *)iv +
2664 sizeof(__be16) +
2665 sizeof(__be32));
2666 } else {
2667 u16 value;
2668
2669 if (array_size < sizeof(iv->data.d16))
2670 goto err_format;
2671 array_size -= sizeof(iv->data.d16);
2672
2673 value = be16_to_cpu(iv->data.d16);
2674 b43_write16(dev, offset, value);
2675
2676 iv = (const struct b43_iv *)((const uint8_t *)iv +
2677 sizeof(__be16) +
2678 sizeof(__be16));
2679 }
2680 }
2681 if (array_size)
2682 goto err_format;
2683
2684 return 0;
2685
2686 err_format:
2687 b43err(dev->wl, "Initial Values Firmware file-format error.\n");
2688 b43_print_fw_helptext(dev->wl, 1);
2689
2690 return -EPROTO;
2691 }
2692
b43_upload_initvals(struct b43_wldev * dev)2693 static int b43_upload_initvals(struct b43_wldev *dev)
2694 {
2695 const size_t hdr_len = sizeof(struct b43_fw_header);
2696 const struct b43_fw_header *hdr;
2697 struct b43_firmware *fw = &dev->fw;
2698 const struct b43_iv *ivals;
2699 size_t count;
2700 int err;
2701
2702 hdr = (const struct b43_fw_header *)(fw->initvals.data->data);
2703 ivals = (const struct b43_iv *)(fw->initvals.data->data + hdr_len);
2704 count = be32_to_cpu(hdr->size);
2705 err = b43_write_initvals(dev, ivals, count,
2706 fw->initvals.data->size - hdr_len);
2707 if (err)
2708 goto out;
2709 if (fw->initvals_band.data) {
2710 hdr = (const struct b43_fw_header *)(fw->initvals_band.data->data);
2711 ivals = (const struct b43_iv *)(fw->initvals_band.data->data + hdr_len);
2712 count = be32_to_cpu(hdr->size);
2713 err = b43_write_initvals(dev, ivals, count,
2714 fw->initvals_band.data->size - hdr_len);
2715 if (err)
2716 goto out;
2717 }
2718 out:
2719
2720 return err;
2721 }
2722
2723 /* Initialize the GPIOs
2724 * http://bcm-specs.sipsolutions.net/GPIO
2725 */
b43_ssb_gpio_dev(struct b43_wldev * dev)2726 static struct ssb_device *b43_ssb_gpio_dev(struct b43_wldev *dev)
2727 {
2728 struct ssb_bus *bus = dev->dev->sdev->bus;
2729
2730 #ifdef CONFIG_SSB_DRIVER_PCICORE
2731 return (bus->chipco.dev ? bus->chipco.dev : bus->pcicore.dev);
2732 #else
2733 return bus->chipco.dev;
2734 #endif
2735 }
2736
b43_gpio_init(struct b43_wldev * dev)2737 static int b43_gpio_init(struct b43_wldev *dev)
2738 {
2739 struct ssb_device *gpiodev;
2740 u32 mask, set;
2741
2742 b43_maskset32(dev, B43_MMIO_MACCTL, ~B43_MACCTL_GPOUTSMSK, 0);
2743 b43_maskset16(dev, B43_MMIO_GPIO_MASK, ~0, 0xF);
2744
2745 mask = 0x0000001F;
2746 set = 0x0000000F;
2747 if (dev->dev->chip_id == 0x4301) {
2748 mask |= 0x0060;
2749 set |= 0x0060;
2750 } else if (dev->dev->chip_id == 0x5354) {
2751 /* Don't allow overtaking buttons GPIOs */
2752 set &= 0x2; /* 0x2 is LED GPIO on BCM5354 */
2753 }
2754
2755 if (0 /* FIXME: conditional unknown */ ) {
2756 b43_write16(dev, B43_MMIO_GPIO_MASK,
2757 b43_read16(dev, B43_MMIO_GPIO_MASK)
2758 | 0x0100);
2759 /* BT Coexistance Input */
2760 mask |= 0x0080;
2761 set |= 0x0080;
2762 /* BT Coexistance Out */
2763 mask |= 0x0100;
2764 set |= 0x0100;
2765 }
2766 if (dev->dev->bus_sprom->boardflags_lo & B43_BFL_PACTRL) {
2767 /* PA is controlled by gpio 9, let ucode handle it */
2768 b43_write16(dev, B43_MMIO_GPIO_MASK,
2769 b43_read16(dev, B43_MMIO_GPIO_MASK)
2770 | 0x0200);
2771 mask |= 0x0200;
2772 set |= 0x0200;
2773 }
2774
2775 switch (dev->dev->bus_type) {
2776 #ifdef CONFIG_B43_BCMA
2777 case B43_BUS_BCMA:
2778 bcma_chipco_gpio_control(&dev->dev->bdev->bus->drv_cc, mask, set);
2779 break;
2780 #endif
2781 #ifdef CONFIG_B43_SSB
2782 case B43_BUS_SSB:
2783 gpiodev = b43_ssb_gpio_dev(dev);
2784 if (gpiodev)
2785 ssb_write32(gpiodev, B43_GPIO_CONTROL,
2786 (ssb_read32(gpiodev, B43_GPIO_CONTROL)
2787 & ~mask) | set);
2788 break;
2789 #endif
2790 }
2791
2792 return 0;
2793 }
2794
2795 /* Turn off all GPIO stuff. Call this on module unload, for example. */
b43_gpio_cleanup(struct b43_wldev * dev)2796 static void b43_gpio_cleanup(struct b43_wldev *dev)
2797 {
2798 struct ssb_device *gpiodev;
2799
2800 switch (dev->dev->bus_type) {
2801 #ifdef CONFIG_B43_BCMA
2802 case B43_BUS_BCMA:
2803 bcma_chipco_gpio_control(&dev->dev->bdev->bus->drv_cc, ~0, 0);
2804 break;
2805 #endif
2806 #ifdef CONFIG_B43_SSB
2807 case B43_BUS_SSB:
2808 gpiodev = b43_ssb_gpio_dev(dev);
2809 if (gpiodev)
2810 ssb_write32(gpiodev, B43_GPIO_CONTROL, 0);
2811 break;
2812 #endif
2813 }
2814 }
2815
2816 /* http://bcm-specs.sipsolutions.net/EnableMac */
b43_mac_enable(struct b43_wldev * dev)2817 void b43_mac_enable(struct b43_wldev *dev)
2818 {
2819 if (b43_debug(dev, B43_DBG_FIRMWARE)) {
2820 u16 fwstate;
2821
2822 fwstate = b43_shm_read16(dev, B43_SHM_SHARED,
2823 B43_SHM_SH_UCODESTAT);
2824 if ((fwstate != B43_SHM_SH_UCODESTAT_SUSP) &&
2825 (fwstate != B43_SHM_SH_UCODESTAT_SLEEP)) {
2826 b43err(dev->wl, "b43_mac_enable(): The firmware "
2827 "should be suspended, but current state is %u\n",
2828 fwstate);
2829 }
2830 }
2831
2832 dev->mac_suspended--;
2833 B43_WARN_ON(dev->mac_suspended < 0);
2834 if (dev->mac_suspended == 0) {
2835 b43_maskset32(dev, B43_MMIO_MACCTL, ~0, B43_MACCTL_ENABLED);
2836 b43_write32(dev, B43_MMIO_GEN_IRQ_REASON,
2837 B43_IRQ_MAC_SUSPENDED);
2838 /* Commit writes */
2839 b43_read32(dev, B43_MMIO_MACCTL);
2840 b43_read32(dev, B43_MMIO_GEN_IRQ_REASON);
2841 b43_power_saving_ctl_bits(dev, 0);
2842 }
2843 }
2844
2845 /* http://bcm-specs.sipsolutions.net/SuspendMAC */
b43_mac_suspend(struct b43_wldev * dev)2846 void b43_mac_suspend(struct b43_wldev *dev)
2847 {
2848 int i;
2849 u32 tmp;
2850
2851 might_sleep();
2852 B43_WARN_ON(dev->mac_suspended < 0);
2853
2854 if (dev->mac_suspended == 0) {
2855 b43_power_saving_ctl_bits(dev, B43_PS_AWAKE);
2856 b43_maskset32(dev, B43_MMIO_MACCTL, ~B43_MACCTL_ENABLED, 0);
2857 /* force pci to flush the write */
2858 b43_read32(dev, B43_MMIO_MACCTL);
2859 for (i = 35; i; i--) {
2860 tmp = b43_read32(dev, B43_MMIO_GEN_IRQ_REASON);
2861 if (tmp & B43_IRQ_MAC_SUSPENDED)
2862 goto out;
2863 udelay(10);
2864 }
2865 /* Hm, it seems this will take some time. Use msleep(). */
2866 for (i = 40; i; i--) {
2867 tmp = b43_read32(dev, B43_MMIO_GEN_IRQ_REASON);
2868 if (tmp & B43_IRQ_MAC_SUSPENDED)
2869 goto out;
2870 msleep(1);
2871 }
2872 b43err(dev->wl, "MAC suspend failed\n");
2873 }
2874 out:
2875 dev->mac_suspended++;
2876 }
2877
2878 /* http://bcm-v4.sipsolutions.net/802.11/PHY/N/MacPhyClkSet */
b43_mac_phy_clock_set(struct b43_wldev * dev,bool on)2879 void b43_mac_phy_clock_set(struct b43_wldev *dev, bool on)
2880 {
2881 u32 tmp;
2882
2883 switch (dev->dev->bus_type) {
2884 #ifdef CONFIG_B43_BCMA
2885 case B43_BUS_BCMA:
2886 tmp = bcma_aread32(dev->dev->bdev, BCMA_IOCTL);
2887 if (on)
2888 tmp |= B43_BCMA_IOCTL_MACPHYCLKEN;
2889 else
2890 tmp &= ~B43_BCMA_IOCTL_MACPHYCLKEN;
2891 bcma_awrite32(dev->dev->bdev, BCMA_IOCTL, tmp);
2892 break;
2893 #endif
2894 #ifdef CONFIG_B43_SSB
2895 case B43_BUS_SSB:
2896 tmp = ssb_read32(dev->dev->sdev, SSB_TMSLOW);
2897 if (on)
2898 tmp |= B43_TMSLOW_MACPHYCLKEN;
2899 else
2900 tmp &= ~B43_TMSLOW_MACPHYCLKEN;
2901 ssb_write32(dev->dev->sdev, SSB_TMSLOW, tmp);
2902 break;
2903 #endif
2904 }
2905 }
2906
b43_adjust_opmode(struct b43_wldev * dev)2907 static void b43_adjust_opmode(struct b43_wldev *dev)
2908 {
2909 struct b43_wl *wl = dev->wl;
2910 u32 ctl;
2911 u16 cfp_pretbtt;
2912
2913 ctl = b43_read32(dev, B43_MMIO_MACCTL);
2914 /* Reset status to STA infrastructure mode. */
2915 ctl &= ~B43_MACCTL_AP;
2916 ctl &= ~B43_MACCTL_KEEP_CTL;
2917 ctl &= ~B43_MACCTL_KEEP_BADPLCP;
2918 ctl &= ~B43_MACCTL_KEEP_BAD;
2919 ctl &= ~B43_MACCTL_PROMISC;
2920 ctl &= ~B43_MACCTL_BEACPROMISC;
2921 ctl |= B43_MACCTL_INFRA;
2922
2923 if (b43_is_mode(wl, NL80211_IFTYPE_AP) ||
2924 b43_is_mode(wl, NL80211_IFTYPE_MESH_POINT))
2925 ctl |= B43_MACCTL_AP;
2926 else if (b43_is_mode(wl, NL80211_IFTYPE_ADHOC))
2927 ctl &= ~B43_MACCTL_INFRA;
2928
2929 if (wl->filter_flags & FIF_CONTROL)
2930 ctl |= B43_MACCTL_KEEP_CTL;
2931 if (wl->filter_flags & FIF_FCSFAIL)
2932 ctl |= B43_MACCTL_KEEP_BAD;
2933 if (wl->filter_flags & FIF_PLCPFAIL)
2934 ctl |= B43_MACCTL_KEEP_BADPLCP;
2935 if (wl->filter_flags & FIF_PROMISC_IN_BSS)
2936 ctl |= B43_MACCTL_PROMISC;
2937 if (wl->filter_flags & FIF_BCN_PRBRESP_PROMISC)
2938 ctl |= B43_MACCTL_BEACPROMISC;
2939
2940 /* Workaround: On old hardware the HW-MAC-address-filter
2941 * doesn't work properly, so always run promisc in filter
2942 * it in software. */
2943 if (dev->dev->core_rev <= 4)
2944 ctl |= B43_MACCTL_PROMISC;
2945
2946 b43_write32(dev, B43_MMIO_MACCTL, ctl);
2947
2948 cfp_pretbtt = 2;
2949 if ((ctl & B43_MACCTL_INFRA) && !(ctl & B43_MACCTL_AP)) {
2950 if (dev->dev->chip_id == 0x4306 &&
2951 dev->dev->chip_rev == 3)
2952 cfp_pretbtt = 100;
2953 else
2954 cfp_pretbtt = 50;
2955 }
2956 b43_write16(dev, 0x612, cfp_pretbtt);
2957
2958 /* FIXME: We don't currently implement the PMQ mechanism,
2959 * so always disable it. If we want to implement PMQ,
2960 * we need to enable it here (clear DISCPMQ) in AP mode.
2961 */
2962 if (0 /* ctl & B43_MACCTL_AP */)
2963 b43_maskset32(dev, B43_MMIO_MACCTL, ~B43_MACCTL_DISCPMQ, 0);
2964 else
2965 b43_maskset32(dev, B43_MMIO_MACCTL, ~0, B43_MACCTL_DISCPMQ);
2966 }
2967
b43_rate_memory_write(struct b43_wldev * dev,u16 rate,int is_ofdm)2968 static void b43_rate_memory_write(struct b43_wldev *dev, u16 rate, int is_ofdm)
2969 {
2970 u16 offset;
2971
2972 if (is_ofdm) {
2973 offset = 0x480;
2974 offset += (b43_plcp_get_ratecode_ofdm(rate) & 0x000F) * 2;
2975 } else {
2976 offset = 0x4C0;
2977 offset += (b43_plcp_get_ratecode_cck(rate) & 0x000F) * 2;
2978 }
2979 b43_shm_write16(dev, B43_SHM_SHARED, offset + 0x20,
2980 b43_shm_read16(dev, B43_SHM_SHARED, offset));
2981 }
2982
b43_rate_memory_init(struct b43_wldev * dev)2983 static void b43_rate_memory_init(struct b43_wldev *dev)
2984 {
2985 switch (dev->phy.type) {
2986 case B43_PHYTYPE_A:
2987 case B43_PHYTYPE_G:
2988 case B43_PHYTYPE_N:
2989 case B43_PHYTYPE_LP:
2990 case B43_PHYTYPE_HT:
2991 case B43_PHYTYPE_LCN:
2992 b43_rate_memory_write(dev, B43_OFDM_RATE_6MB, 1);
2993 b43_rate_memory_write(dev, B43_OFDM_RATE_12MB, 1);
2994 b43_rate_memory_write(dev, B43_OFDM_RATE_18MB, 1);
2995 b43_rate_memory_write(dev, B43_OFDM_RATE_24MB, 1);
2996 b43_rate_memory_write(dev, B43_OFDM_RATE_36MB, 1);
2997 b43_rate_memory_write(dev, B43_OFDM_RATE_48MB, 1);
2998 b43_rate_memory_write(dev, B43_OFDM_RATE_54MB, 1);
2999 if (dev->phy.type == B43_PHYTYPE_A)
3000 break;
3001 /* fallthrough */
3002 case B43_PHYTYPE_B:
3003 b43_rate_memory_write(dev, B43_CCK_RATE_1MB, 0);
3004 b43_rate_memory_write(dev, B43_CCK_RATE_2MB, 0);
3005 b43_rate_memory_write(dev, B43_CCK_RATE_5MB, 0);
3006 b43_rate_memory_write(dev, B43_CCK_RATE_11MB, 0);
3007 break;
3008 default:
3009 B43_WARN_ON(1);
3010 }
3011 }
3012
3013 /* Set the default values for the PHY TX Control Words. */
b43_set_phytxctl_defaults(struct b43_wldev * dev)3014 static void b43_set_phytxctl_defaults(struct b43_wldev *dev)
3015 {
3016 u16 ctl = 0;
3017
3018 ctl |= B43_TXH_PHY_ENC_CCK;
3019 ctl |= B43_TXH_PHY_ANT01AUTO;
3020 ctl |= B43_TXH_PHY_TXPWR;
3021
3022 b43_shm_write16(dev, B43_SHM_SHARED, B43_SHM_SH_BEACPHYCTL, ctl);
3023 b43_shm_write16(dev, B43_SHM_SHARED, B43_SHM_SH_ACKCTSPHYCTL, ctl);
3024 b43_shm_write16(dev, B43_SHM_SHARED, B43_SHM_SH_PRPHYCTL, ctl);
3025 }
3026
3027 /* Set the TX-Antenna for management frames sent by firmware. */
b43_mgmtframe_txantenna(struct b43_wldev * dev,int antenna)3028 static void b43_mgmtframe_txantenna(struct b43_wldev *dev, int antenna)
3029 {
3030 u16 ant;
3031 u16 tmp;
3032
3033 ant = b43_antenna_to_phyctl(antenna);
3034
3035 /* For ACK/CTS */
3036 tmp = b43_shm_read16(dev, B43_SHM_SHARED, B43_SHM_SH_ACKCTSPHYCTL);
3037 tmp = (tmp & ~B43_TXH_PHY_ANT) | ant;
3038 b43_shm_write16(dev, B43_SHM_SHARED, B43_SHM_SH_ACKCTSPHYCTL, tmp);
3039 /* For Probe Resposes */
3040 tmp = b43_shm_read16(dev, B43_SHM_SHARED, B43_SHM_SH_PRPHYCTL);
3041 tmp = (tmp & ~B43_TXH_PHY_ANT) | ant;
3042 b43_shm_write16(dev, B43_SHM_SHARED, B43_SHM_SH_PRPHYCTL, tmp);
3043 }
3044
3045 /* This is the opposite of b43_chip_init() */
b43_chip_exit(struct b43_wldev * dev)3046 static void b43_chip_exit(struct b43_wldev *dev)
3047 {
3048 b43_phy_exit(dev);
3049 b43_gpio_cleanup(dev);
3050 /* firmware is released later */
3051 }
3052
3053 /* Initialize the chip
3054 * http://bcm-specs.sipsolutions.net/ChipInit
3055 */
b43_chip_init(struct b43_wldev * dev)3056 static int b43_chip_init(struct b43_wldev *dev)
3057 {
3058 struct b43_phy *phy = &dev->phy;
3059 int err;
3060 u32 macctl;
3061 u16 value16;
3062
3063 /* Initialize the MAC control */
3064 macctl = B43_MACCTL_IHR_ENABLED | B43_MACCTL_SHM_ENABLED;
3065 if (dev->phy.gmode)
3066 macctl |= B43_MACCTL_GMODE;
3067 macctl |= B43_MACCTL_INFRA;
3068 b43_write32(dev, B43_MMIO_MACCTL, macctl);
3069
3070 err = b43_upload_microcode(dev);
3071 if (err)
3072 goto out; /* firmware is released later */
3073
3074 err = b43_gpio_init(dev);
3075 if (err)
3076 goto out; /* firmware is released later */
3077
3078 err = b43_upload_initvals(dev);
3079 if (err)
3080 goto err_gpio_clean;
3081
3082 /* Turn the Analog on and initialize the PHY. */
3083 phy->ops->switch_analog(dev, 1);
3084 err = b43_phy_init(dev);
3085 if (err)
3086 goto err_gpio_clean;
3087
3088 /* Disable Interference Mitigation. */
3089 if (phy->ops->interf_mitigation)
3090 phy->ops->interf_mitigation(dev, B43_INTERFMODE_NONE);
3091
3092 /* Select the antennae */
3093 if (phy->ops->set_rx_antenna)
3094 phy->ops->set_rx_antenna(dev, B43_ANTENNA_DEFAULT);
3095 b43_mgmtframe_txantenna(dev, B43_ANTENNA_DEFAULT);
3096
3097 if (phy->type == B43_PHYTYPE_B) {
3098 value16 = b43_read16(dev, 0x005E);
3099 value16 |= 0x0004;
3100 b43_write16(dev, 0x005E, value16);
3101 }
3102 b43_write32(dev, 0x0100, 0x01000000);
3103 if (dev->dev->core_rev < 5)
3104 b43_write32(dev, 0x010C, 0x01000000);
3105
3106 b43_maskset32(dev, B43_MMIO_MACCTL, ~B43_MACCTL_INFRA, 0);
3107 b43_maskset32(dev, B43_MMIO_MACCTL, ~0, B43_MACCTL_INFRA);
3108
3109 /* Probe Response Timeout value */
3110 /* FIXME: Default to 0, has to be set by ioctl probably... :-/ */
3111 b43_shm_write16(dev, B43_SHM_SHARED, B43_SHM_SH_PRMAXTIME, 0);
3112
3113 /* Initially set the wireless operation mode. */
3114 b43_adjust_opmode(dev);
3115
3116 if (dev->dev->core_rev < 3) {
3117 b43_write16(dev, 0x060E, 0x0000);
3118 b43_write16(dev, 0x0610, 0x8000);
3119 b43_write16(dev, 0x0604, 0x0000);
3120 b43_write16(dev, 0x0606, 0x0200);
3121 } else {
3122 b43_write32(dev, 0x0188, 0x80000000);
3123 b43_write32(dev, 0x018C, 0x02000000);
3124 }
3125 b43_write32(dev, B43_MMIO_GEN_IRQ_REASON, 0x00004000);
3126 b43_write32(dev, B43_MMIO_DMA0_IRQ_MASK, 0x0001FC00);
3127 b43_write32(dev, B43_MMIO_DMA1_IRQ_MASK, 0x0000DC00);
3128 b43_write32(dev, B43_MMIO_DMA2_IRQ_MASK, 0x0000DC00);
3129 b43_write32(dev, B43_MMIO_DMA3_IRQ_MASK, 0x0001DC00);
3130 b43_write32(dev, B43_MMIO_DMA4_IRQ_MASK, 0x0000DC00);
3131 b43_write32(dev, B43_MMIO_DMA5_IRQ_MASK, 0x0000DC00);
3132
3133 b43_mac_phy_clock_set(dev, true);
3134
3135 switch (dev->dev->bus_type) {
3136 #ifdef CONFIG_B43_BCMA
3137 case B43_BUS_BCMA:
3138 /* FIXME: 0xE74 is quite common, but should be read from CC */
3139 b43_write16(dev, B43_MMIO_POWERUP_DELAY, 0xE74);
3140 break;
3141 #endif
3142 #ifdef CONFIG_B43_SSB
3143 case B43_BUS_SSB:
3144 b43_write16(dev, B43_MMIO_POWERUP_DELAY,
3145 dev->dev->sdev->bus->chipco.fast_pwrup_delay);
3146 break;
3147 #endif
3148 }
3149
3150 err = 0;
3151 b43dbg(dev->wl, "Chip initialized\n");
3152 out:
3153 return err;
3154
3155 err_gpio_clean:
3156 b43_gpio_cleanup(dev);
3157 return err;
3158 }
3159
b43_periodic_every60sec(struct b43_wldev * dev)3160 static void b43_periodic_every60sec(struct b43_wldev *dev)
3161 {
3162 const struct b43_phy_operations *ops = dev->phy.ops;
3163
3164 if (ops->pwork_60sec)
3165 ops->pwork_60sec(dev);
3166
3167 /* Force check the TX power emission now. */
3168 b43_phy_txpower_check(dev, B43_TXPWR_IGNORE_TIME);
3169 }
3170
b43_periodic_every30sec(struct b43_wldev * dev)3171 static void b43_periodic_every30sec(struct b43_wldev *dev)
3172 {
3173 /* Update device statistics. */
3174 b43_calculate_link_quality(dev);
3175 }
3176
b43_periodic_every15sec(struct b43_wldev * dev)3177 static void b43_periodic_every15sec(struct b43_wldev *dev)
3178 {
3179 struct b43_phy *phy = &dev->phy;
3180 u16 wdr;
3181
3182 if (dev->fw.opensource) {
3183 /* Check if the firmware is still alive.
3184 * It will reset the watchdog counter to 0 in its idle loop. */
3185 wdr = b43_shm_read16(dev, B43_SHM_SCRATCH, B43_WATCHDOG_REG);
3186 if (unlikely(wdr)) {
3187 b43err(dev->wl, "Firmware watchdog: The firmware died!\n");
3188 b43_controller_restart(dev, "Firmware watchdog");
3189 return;
3190 } else {
3191 b43_shm_write16(dev, B43_SHM_SCRATCH,
3192 B43_WATCHDOG_REG, 1);
3193 }
3194 }
3195
3196 if (phy->ops->pwork_15sec)
3197 phy->ops->pwork_15sec(dev);
3198
3199 atomic_set(&phy->txerr_cnt, B43_PHY_TX_BADNESS_LIMIT);
3200 wmb();
3201
3202 #if B43_DEBUG
3203 if (b43_debug(dev, B43_DBG_VERBOSESTATS)) {
3204 unsigned int i;
3205
3206 b43dbg(dev->wl, "Stats: %7u IRQs/sec, %7u TX/sec, %7u RX/sec\n",
3207 dev->irq_count / 15,
3208 dev->tx_count / 15,
3209 dev->rx_count / 15);
3210 dev->irq_count = 0;
3211 dev->tx_count = 0;
3212 dev->rx_count = 0;
3213 for (i = 0; i < ARRAY_SIZE(dev->irq_bit_count); i++) {
3214 if (dev->irq_bit_count[i]) {
3215 b43dbg(dev->wl, "Stats: %7u IRQ-%02u/sec (0x%08X)\n",
3216 dev->irq_bit_count[i] / 15, i, (1 << i));
3217 dev->irq_bit_count[i] = 0;
3218 }
3219 }
3220 }
3221 #endif
3222 }
3223
do_periodic_work(struct b43_wldev * dev)3224 static void do_periodic_work(struct b43_wldev *dev)
3225 {
3226 unsigned int state;
3227
3228 state = dev->periodic_state;
3229 if (state % 4 == 0)
3230 b43_periodic_every60sec(dev);
3231 if (state % 2 == 0)
3232 b43_periodic_every30sec(dev);
3233 b43_periodic_every15sec(dev);
3234 }
3235
3236 /* Periodic work locking policy:
3237 * The whole periodic work handler is protected by
3238 * wl->mutex. If another lock is needed somewhere in the
3239 * pwork callchain, it's acquired in-place, where it's needed.
3240 */
b43_periodic_work_handler(struct work_struct * work)3241 static void b43_periodic_work_handler(struct work_struct *work)
3242 {
3243 struct b43_wldev *dev = container_of(work, struct b43_wldev,
3244 periodic_work.work);
3245 struct b43_wl *wl = dev->wl;
3246 unsigned long delay;
3247
3248 mutex_lock(&wl->mutex);
3249
3250 if (unlikely(b43_status(dev) != B43_STAT_STARTED))
3251 goto out;
3252 if (b43_debug(dev, B43_DBG_PWORK_STOP))
3253 goto out_requeue;
3254
3255 do_periodic_work(dev);
3256
3257 dev->periodic_state++;
3258 out_requeue:
3259 if (b43_debug(dev, B43_DBG_PWORK_FAST))
3260 delay = msecs_to_jiffies(50);
3261 else
3262 delay = round_jiffies_relative(HZ * 15);
3263 ieee80211_queue_delayed_work(wl->hw, &dev->periodic_work, delay);
3264 out:
3265 mutex_unlock(&wl->mutex);
3266 }
3267
b43_periodic_tasks_setup(struct b43_wldev * dev)3268 static void b43_periodic_tasks_setup(struct b43_wldev *dev)
3269 {
3270 struct delayed_work *work = &dev->periodic_work;
3271
3272 dev->periodic_state = 0;
3273 INIT_DELAYED_WORK(work, b43_periodic_work_handler);
3274 ieee80211_queue_delayed_work(dev->wl->hw, work, 0);
3275 }
3276
3277 /* Check if communication with the device works correctly. */
b43_validate_chipaccess(struct b43_wldev * dev)3278 static int b43_validate_chipaccess(struct b43_wldev *dev)
3279 {
3280 u32 v, backup0, backup4;
3281
3282 backup0 = b43_shm_read32(dev, B43_SHM_SHARED, 0);
3283 backup4 = b43_shm_read32(dev, B43_SHM_SHARED, 4);
3284
3285 /* Check for read/write and endianness problems. */
3286 b43_shm_write32(dev, B43_SHM_SHARED, 0, 0x55AAAA55);
3287 if (b43_shm_read32(dev, B43_SHM_SHARED, 0) != 0x55AAAA55)
3288 goto error;
3289 b43_shm_write32(dev, B43_SHM_SHARED, 0, 0xAA5555AA);
3290 if (b43_shm_read32(dev, B43_SHM_SHARED, 0) != 0xAA5555AA)
3291 goto error;
3292
3293 /* Check if unaligned 32bit SHM_SHARED access works properly.
3294 * However, don't bail out on failure, because it's noncritical. */
3295 b43_shm_write16(dev, B43_SHM_SHARED, 0, 0x1122);
3296 b43_shm_write16(dev, B43_SHM_SHARED, 2, 0x3344);
3297 b43_shm_write16(dev, B43_SHM_SHARED, 4, 0x5566);
3298 b43_shm_write16(dev, B43_SHM_SHARED, 6, 0x7788);
3299 if (b43_shm_read32(dev, B43_SHM_SHARED, 2) != 0x55663344)
3300 b43warn(dev->wl, "Unaligned 32bit SHM read access is broken\n");
3301 b43_shm_write32(dev, B43_SHM_SHARED, 2, 0xAABBCCDD);
3302 if (b43_shm_read16(dev, B43_SHM_SHARED, 0) != 0x1122 ||
3303 b43_shm_read16(dev, B43_SHM_SHARED, 2) != 0xCCDD ||
3304 b43_shm_read16(dev, B43_SHM_SHARED, 4) != 0xAABB ||
3305 b43_shm_read16(dev, B43_SHM_SHARED, 6) != 0x7788)
3306 b43warn(dev->wl, "Unaligned 32bit SHM write access is broken\n");
3307
3308 b43_shm_write32(dev, B43_SHM_SHARED, 0, backup0);
3309 b43_shm_write32(dev, B43_SHM_SHARED, 4, backup4);
3310
3311 if ((dev->dev->core_rev >= 3) && (dev->dev->core_rev <= 10)) {
3312 /* The 32bit register shadows the two 16bit registers
3313 * with update sideeffects. Validate this. */
3314 b43_write16(dev, B43_MMIO_TSF_CFP_START, 0xAAAA);
3315 b43_write32(dev, B43_MMIO_TSF_CFP_START, 0xCCCCBBBB);
3316 if (b43_read16(dev, B43_MMIO_TSF_CFP_START_LOW) != 0xBBBB)
3317 goto error;
3318 if (b43_read16(dev, B43_MMIO_TSF_CFP_START_HIGH) != 0xCCCC)
3319 goto error;
3320 }
3321 b43_write32(dev, B43_MMIO_TSF_CFP_START, 0);
3322
3323 v = b43_read32(dev, B43_MMIO_MACCTL);
3324 v |= B43_MACCTL_GMODE;
3325 if (v != (B43_MACCTL_GMODE | B43_MACCTL_IHR_ENABLED))
3326 goto error;
3327
3328 return 0;
3329 error:
3330 b43err(dev->wl, "Failed to validate the chipaccess\n");
3331 return -ENODEV;
3332 }
3333
b43_security_init(struct b43_wldev * dev)3334 static void b43_security_init(struct b43_wldev *dev)
3335 {
3336 dev->ktp = b43_shm_read16(dev, B43_SHM_SHARED, B43_SHM_SH_KTP);
3337 /* KTP is a word address, but we address SHM bytewise.
3338 * So multiply by two.
3339 */
3340 dev->ktp *= 2;
3341 /* Number of RCMTA address slots */
3342 b43_write16(dev, B43_MMIO_RCMTA_COUNT, B43_NR_PAIRWISE_KEYS);
3343 /* Clear the key memory. */
3344 b43_clear_keys(dev);
3345 }
3346
3347 #ifdef CONFIG_B43_HWRNG
b43_rng_read(struct hwrng * rng,u32 * data)3348 static int b43_rng_read(struct hwrng *rng, u32 *data)
3349 {
3350 struct b43_wl *wl = (struct b43_wl *)rng->priv;
3351 struct b43_wldev *dev;
3352 int count = -ENODEV;
3353
3354 mutex_lock(&wl->mutex);
3355 dev = wl->current_dev;
3356 if (likely(dev && b43_status(dev) >= B43_STAT_INITIALIZED)) {
3357 *data = b43_read16(dev, B43_MMIO_RNG);
3358 count = sizeof(u16);
3359 }
3360 mutex_unlock(&wl->mutex);
3361
3362 return count;
3363 }
3364 #endif /* CONFIG_B43_HWRNG */
3365
b43_rng_exit(struct b43_wl * wl)3366 static void b43_rng_exit(struct b43_wl *wl)
3367 {
3368 #ifdef CONFIG_B43_HWRNG
3369 if (wl->rng_initialized)
3370 hwrng_unregister(&wl->rng);
3371 #endif /* CONFIG_B43_HWRNG */
3372 }
3373
b43_rng_init(struct b43_wl * wl)3374 static int b43_rng_init(struct b43_wl *wl)
3375 {
3376 int err = 0;
3377
3378 #ifdef CONFIG_B43_HWRNG
3379 snprintf(wl->rng_name, ARRAY_SIZE(wl->rng_name),
3380 "%s_%s", KBUILD_MODNAME, wiphy_name(wl->hw->wiphy));
3381 wl->rng.name = wl->rng_name;
3382 wl->rng.data_read = b43_rng_read;
3383 wl->rng.priv = (unsigned long)wl;
3384 wl->rng_initialized = true;
3385 err = hwrng_register(&wl->rng);
3386 if (err) {
3387 wl->rng_initialized = false;
3388 b43err(wl, "Failed to register the random "
3389 "number generator (%d)\n", err);
3390 }
3391 #endif /* CONFIG_B43_HWRNG */
3392
3393 return err;
3394 }
3395
b43_tx_work(struct work_struct * work)3396 static void b43_tx_work(struct work_struct *work)
3397 {
3398 struct b43_wl *wl = container_of(work, struct b43_wl, tx_work);
3399 struct b43_wldev *dev;
3400 struct sk_buff *skb;
3401 int queue_num;
3402 int err = 0;
3403
3404 mutex_lock(&wl->mutex);
3405 dev = wl->current_dev;
3406 if (unlikely(!dev || b43_status(dev) < B43_STAT_STARTED)) {
3407 mutex_unlock(&wl->mutex);
3408 return;
3409 }
3410
3411 for (queue_num = 0; queue_num < B43_QOS_QUEUE_NUM; queue_num++) {
3412 while (skb_queue_len(&wl->tx_queue[queue_num])) {
3413 skb = skb_dequeue(&wl->tx_queue[queue_num]);
3414 if (b43_using_pio_transfers(dev))
3415 err = b43_pio_tx(dev, skb);
3416 else
3417 err = b43_dma_tx(dev, skb);
3418 if (err == -ENOSPC) {
3419 wl->tx_queue_stopped[queue_num] = 1;
3420 ieee80211_stop_queue(wl->hw, queue_num);
3421 skb_queue_head(&wl->tx_queue[queue_num], skb);
3422 break;
3423 }
3424 if (unlikely(err))
3425 ieee80211_free_txskb(wl->hw, skb);
3426 err = 0;
3427 }
3428
3429 if (!err)
3430 wl->tx_queue_stopped[queue_num] = 0;
3431 }
3432
3433 #if B43_DEBUG
3434 dev->tx_count++;
3435 #endif
3436 mutex_unlock(&wl->mutex);
3437 }
3438
b43_op_tx(struct ieee80211_hw * hw,struct ieee80211_tx_control * control,struct sk_buff * skb)3439 static void b43_op_tx(struct ieee80211_hw *hw,
3440 struct ieee80211_tx_control *control,
3441 struct sk_buff *skb)
3442 {
3443 struct b43_wl *wl = hw_to_b43_wl(hw);
3444
3445 if (unlikely(skb->len < 2 + 2 + 6)) {
3446 /* Too short, this can't be a valid frame. */
3447 ieee80211_free_txskb(hw, skb);
3448 return;
3449 }
3450 B43_WARN_ON(skb_shinfo(skb)->nr_frags);
3451
3452 skb_queue_tail(&wl->tx_queue[skb->queue_mapping], skb);
3453 if (!wl->tx_queue_stopped[skb->queue_mapping]) {
3454 ieee80211_queue_work(wl->hw, &wl->tx_work);
3455 } else {
3456 ieee80211_stop_queue(wl->hw, skb->queue_mapping);
3457 }
3458 }
3459
b43_qos_params_upload(struct b43_wldev * dev,const struct ieee80211_tx_queue_params * p,u16 shm_offset)3460 static void b43_qos_params_upload(struct b43_wldev *dev,
3461 const struct ieee80211_tx_queue_params *p,
3462 u16 shm_offset)
3463 {
3464 u16 params[B43_NR_QOSPARAMS];
3465 int bslots, tmp;
3466 unsigned int i;
3467
3468 if (!dev->qos_enabled)
3469 return;
3470
3471 bslots = b43_read16(dev, B43_MMIO_RNG) & p->cw_min;
3472
3473 memset(¶ms, 0, sizeof(params));
3474
3475 params[B43_QOSPARAM_TXOP] = p->txop * 32;
3476 params[B43_QOSPARAM_CWMIN] = p->cw_min;
3477 params[B43_QOSPARAM_CWMAX] = p->cw_max;
3478 params[B43_QOSPARAM_CWCUR] = p->cw_min;
3479 params[B43_QOSPARAM_AIFS] = p->aifs;
3480 params[B43_QOSPARAM_BSLOTS] = bslots;
3481 params[B43_QOSPARAM_REGGAP] = bslots + p->aifs;
3482
3483 for (i = 0; i < ARRAY_SIZE(params); i++) {
3484 if (i == B43_QOSPARAM_STATUS) {
3485 tmp = b43_shm_read16(dev, B43_SHM_SHARED,
3486 shm_offset + (i * 2));
3487 /* Mark the parameters as updated. */
3488 tmp |= 0x100;
3489 b43_shm_write16(dev, B43_SHM_SHARED,
3490 shm_offset + (i * 2),
3491 tmp);
3492 } else {
3493 b43_shm_write16(dev, B43_SHM_SHARED,
3494 shm_offset + (i * 2),
3495 params[i]);
3496 }
3497 }
3498 }
3499
3500 /* Mapping of mac80211 queue numbers to b43 QoS SHM offsets. */
3501 static const u16 b43_qos_shm_offsets[] = {
3502 /* [mac80211-queue-nr] = SHM_OFFSET, */
3503 [0] = B43_QOS_VOICE,
3504 [1] = B43_QOS_VIDEO,
3505 [2] = B43_QOS_BESTEFFORT,
3506 [3] = B43_QOS_BACKGROUND,
3507 };
3508
3509 /* Update all QOS parameters in hardware. */
b43_qos_upload_all(struct b43_wldev * dev)3510 static void b43_qos_upload_all(struct b43_wldev *dev)
3511 {
3512 struct b43_wl *wl = dev->wl;
3513 struct b43_qos_params *params;
3514 unsigned int i;
3515
3516 if (!dev->qos_enabled)
3517 return;
3518
3519 BUILD_BUG_ON(ARRAY_SIZE(b43_qos_shm_offsets) !=
3520 ARRAY_SIZE(wl->qos_params));
3521
3522 b43_mac_suspend(dev);
3523 for (i = 0; i < ARRAY_SIZE(wl->qos_params); i++) {
3524 params = &(wl->qos_params[i]);
3525 b43_qos_params_upload(dev, &(params->p),
3526 b43_qos_shm_offsets[i]);
3527 }
3528 b43_mac_enable(dev);
3529 }
3530
b43_qos_clear(struct b43_wl * wl)3531 static void b43_qos_clear(struct b43_wl *wl)
3532 {
3533 struct b43_qos_params *params;
3534 unsigned int i;
3535
3536 /* Initialize QoS parameters to sane defaults. */
3537
3538 BUILD_BUG_ON(ARRAY_SIZE(b43_qos_shm_offsets) !=
3539 ARRAY_SIZE(wl->qos_params));
3540
3541 for (i = 0; i < ARRAY_SIZE(wl->qos_params); i++) {
3542 params = &(wl->qos_params[i]);
3543
3544 switch (b43_qos_shm_offsets[i]) {
3545 case B43_QOS_VOICE:
3546 params->p.txop = 0;
3547 params->p.aifs = 2;
3548 params->p.cw_min = 0x0001;
3549 params->p.cw_max = 0x0001;
3550 break;
3551 case B43_QOS_VIDEO:
3552 params->p.txop = 0;
3553 params->p.aifs = 2;
3554 params->p.cw_min = 0x0001;
3555 params->p.cw_max = 0x0001;
3556 break;
3557 case B43_QOS_BESTEFFORT:
3558 params->p.txop = 0;
3559 params->p.aifs = 3;
3560 params->p.cw_min = 0x0001;
3561 params->p.cw_max = 0x03FF;
3562 break;
3563 case B43_QOS_BACKGROUND:
3564 params->p.txop = 0;
3565 params->p.aifs = 7;
3566 params->p.cw_min = 0x0001;
3567 params->p.cw_max = 0x03FF;
3568 break;
3569 default:
3570 B43_WARN_ON(1);
3571 }
3572 }
3573 }
3574
3575 /* Initialize the core's QOS capabilities */
b43_qos_init(struct b43_wldev * dev)3576 static void b43_qos_init(struct b43_wldev *dev)
3577 {
3578 if (!dev->qos_enabled) {
3579 /* Disable QOS support. */
3580 b43_hf_write(dev, b43_hf_read(dev) & ~B43_HF_EDCF);
3581 b43_write16(dev, B43_MMIO_IFSCTL,
3582 b43_read16(dev, B43_MMIO_IFSCTL)
3583 & ~B43_MMIO_IFSCTL_USE_EDCF);
3584 b43dbg(dev->wl, "QoS disabled\n");
3585 return;
3586 }
3587
3588 /* Upload the current QOS parameters. */
3589 b43_qos_upload_all(dev);
3590
3591 /* Enable QOS support. */
3592 b43_hf_write(dev, b43_hf_read(dev) | B43_HF_EDCF);
3593 b43_write16(dev, B43_MMIO_IFSCTL,
3594 b43_read16(dev, B43_MMIO_IFSCTL)
3595 | B43_MMIO_IFSCTL_USE_EDCF);
3596 b43dbg(dev->wl, "QoS enabled\n");
3597 }
3598
b43_op_conf_tx(struct ieee80211_hw * hw,struct ieee80211_vif * vif,u16 _queue,const struct ieee80211_tx_queue_params * params)3599 static int b43_op_conf_tx(struct ieee80211_hw *hw,
3600 struct ieee80211_vif *vif, u16 _queue,
3601 const struct ieee80211_tx_queue_params *params)
3602 {
3603 struct b43_wl *wl = hw_to_b43_wl(hw);
3604 struct b43_wldev *dev;
3605 unsigned int queue = (unsigned int)_queue;
3606 int err = -ENODEV;
3607
3608 if (queue >= ARRAY_SIZE(wl->qos_params)) {
3609 /* Queue not available or don't support setting
3610 * params on this queue. Return success to not
3611 * confuse mac80211. */
3612 return 0;
3613 }
3614 BUILD_BUG_ON(ARRAY_SIZE(b43_qos_shm_offsets) !=
3615 ARRAY_SIZE(wl->qos_params));
3616
3617 mutex_lock(&wl->mutex);
3618 dev = wl->current_dev;
3619 if (unlikely(!dev || (b43_status(dev) < B43_STAT_INITIALIZED)))
3620 goto out_unlock;
3621
3622 memcpy(&(wl->qos_params[queue].p), params, sizeof(*params));
3623 b43_mac_suspend(dev);
3624 b43_qos_params_upload(dev, &(wl->qos_params[queue].p),
3625 b43_qos_shm_offsets[queue]);
3626 b43_mac_enable(dev);
3627 err = 0;
3628
3629 out_unlock:
3630 mutex_unlock(&wl->mutex);
3631
3632 return err;
3633 }
3634
b43_op_get_stats(struct ieee80211_hw * hw,struct ieee80211_low_level_stats * stats)3635 static int b43_op_get_stats(struct ieee80211_hw *hw,
3636 struct ieee80211_low_level_stats *stats)
3637 {
3638 struct b43_wl *wl = hw_to_b43_wl(hw);
3639
3640 mutex_lock(&wl->mutex);
3641 memcpy(stats, &wl->ieee_stats, sizeof(*stats));
3642 mutex_unlock(&wl->mutex);
3643
3644 return 0;
3645 }
3646
b43_op_get_tsf(struct ieee80211_hw * hw,struct ieee80211_vif * vif)3647 static u64 b43_op_get_tsf(struct ieee80211_hw *hw, struct ieee80211_vif *vif)
3648 {
3649 struct b43_wl *wl = hw_to_b43_wl(hw);
3650 struct b43_wldev *dev;
3651 u64 tsf;
3652
3653 mutex_lock(&wl->mutex);
3654 dev = wl->current_dev;
3655
3656 if (dev && (b43_status(dev) >= B43_STAT_INITIALIZED))
3657 b43_tsf_read(dev, &tsf);
3658 else
3659 tsf = 0;
3660
3661 mutex_unlock(&wl->mutex);
3662
3663 return tsf;
3664 }
3665
b43_op_set_tsf(struct ieee80211_hw * hw,struct ieee80211_vif * vif,u64 tsf)3666 static void b43_op_set_tsf(struct ieee80211_hw *hw,
3667 struct ieee80211_vif *vif, u64 tsf)
3668 {
3669 struct b43_wl *wl = hw_to_b43_wl(hw);
3670 struct b43_wldev *dev;
3671
3672 mutex_lock(&wl->mutex);
3673 dev = wl->current_dev;
3674
3675 if (dev && (b43_status(dev) >= B43_STAT_INITIALIZED))
3676 b43_tsf_write(dev, tsf);
3677
3678 mutex_unlock(&wl->mutex);
3679 }
3680
b43_put_phy_into_reset(struct b43_wldev * dev)3681 static void b43_put_phy_into_reset(struct b43_wldev *dev)
3682 {
3683 u32 tmp;
3684
3685 switch (dev->dev->bus_type) {
3686 #ifdef CONFIG_B43_BCMA
3687 case B43_BUS_BCMA:
3688 b43err(dev->wl,
3689 "Putting PHY into reset not supported on BCMA\n");
3690 break;
3691 #endif
3692 #ifdef CONFIG_B43_SSB
3693 case B43_BUS_SSB:
3694 tmp = ssb_read32(dev->dev->sdev, SSB_TMSLOW);
3695 tmp &= ~B43_TMSLOW_GMODE;
3696 tmp |= B43_TMSLOW_PHYRESET;
3697 tmp |= SSB_TMSLOW_FGC;
3698 ssb_write32(dev->dev->sdev, SSB_TMSLOW, tmp);
3699 msleep(1);
3700
3701 tmp = ssb_read32(dev->dev->sdev, SSB_TMSLOW);
3702 tmp &= ~SSB_TMSLOW_FGC;
3703 tmp |= B43_TMSLOW_PHYRESET;
3704 ssb_write32(dev->dev->sdev, SSB_TMSLOW, tmp);
3705 msleep(1);
3706
3707 break;
3708 #endif
3709 }
3710 }
3711
band_to_string(enum ieee80211_band band)3712 static const char *band_to_string(enum ieee80211_band band)
3713 {
3714 switch (band) {
3715 case IEEE80211_BAND_5GHZ:
3716 return "5";
3717 case IEEE80211_BAND_2GHZ:
3718 return "2.4";
3719 default:
3720 break;
3721 }
3722 B43_WARN_ON(1);
3723 return "";
3724 }
3725
3726 /* Expects wl->mutex locked */
b43_switch_band(struct b43_wl * wl,struct ieee80211_channel * chan)3727 static int b43_switch_band(struct b43_wl *wl, struct ieee80211_channel *chan)
3728 {
3729 struct b43_wldev *up_dev = NULL;
3730 struct b43_wldev *down_dev;
3731 struct b43_wldev *d;
3732 int err;
3733 bool uninitialized_var(gmode);
3734 int prev_status;
3735
3736 /* Find a device and PHY which supports the band. */
3737 list_for_each_entry(d, &wl->devlist, list) {
3738 switch (chan->band) {
3739 case IEEE80211_BAND_5GHZ:
3740 if (d->phy.supports_5ghz) {
3741 up_dev = d;
3742 gmode = false;
3743 }
3744 break;
3745 case IEEE80211_BAND_2GHZ:
3746 if (d->phy.supports_2ghz) {
3747 up_dev = d;
3748 gmode = true;
3749 }
3750 break;
3751 default:
3752 B43_WARN_ON(1);
3753 return -EINVAL;
3754 }
3755 if (up_dev)
3756 break;
3757 }
3758 if (!up_dev) {
3759 b43err(wl, "Could not find a device for %s-GHz band operation\n",
3760 band_to_string(chan->band));
3761 return -ENODEV;
3762 }
3763 if ((up_dev == wl->current_dev) &&
3764 (!!wl->current_dev->phy.gmode == !!gmode)) {
3765 /* This device is already running. */
3766 return 0;
3767 }
3768 b43dbg(wl, "Switching to %s-GHz band\n",
3769 band_to_string(chan->band));
3770 down_dev = wl->current_dev;
3771
3772 prev_status = b43_status(down_dev);
3773 /* Shutdown the currently running core. */
3774 if (prev_status >= B43_STAT_STARTED)
3775 down_dev = b43_wireless_core_stop(down_dev);
3776 if (prev_status >= B43_STAT_INITIALIZED)
3777 b43_wireless_core_exit(down_dev);
3778
3779 if (down_dev != up_dev) {
3780 /* We switch to a different core, so we put PHY into
3781 * RESET on the old core. */
3782 b43_put_phy_into_reset(down_dev);
3783 }
3784
3785 /* Now start the new core. */
3786 up_dev->phy.gmode = gmode;
3787 if (prev_status >= B43_STAT_INITIALIZED) {
3788 err = b43_wireless_core_init(up_dev);
3789 if (err) {
3790 b43err(wl, "Fatal: Could not initialize device for "
3791 "selected %s-GHz band\n",
3792 band_to_string(chan->band));
3793 goto init_failure;
3794 }
3795 }
3796 if (prev_status >= B43_STAT_STARTED) {
3797 err = b43_wireless_core_start(up_dev);
3798 if (err) {
3799 b43err(wl, "Fatal: Could not start device for "
3800 "selected %s-GHz band\n",
3801 band_to_string(chan->band));
3802 b43_wireless_core_exit(up_dev);
3803 goto init_failure;
3804 }
3805 }
3806 B43_WARN_ON(b43_status(up_dev) != prev_status);
3807
3808 wl->current_dev = up_dev;
3809
3810 return 0;
3811 init_failure:
3812 /* Whoops, failed to init the new core. No core is operating now. */
3813 wl->current_dev = NULL;
3814 return err;
3815 }
3816
3817 /* Write the short and long frame retry limit values. */
b43_set_retry_limits(struct b43_wldev * dev,unsigned int short_retry,unsigned int long_retry)3818 static void b43_set_retry_limits(struct b43_wldev *dev,
3819 unsigned int short_retry,
3820 unsigned int long_retry)
3821 {
3822 /* The retry limit is a 4-bit counter. Enforce this to avoid overflowing
3823 * the chip-internal counter. */
3824 short_retry = min(short_retry, (unsigned int)0xF);
3825 long_retry = min(long_retry, (unsigned int)0xF);
3826
3827 b43_shm_write16(dev, B43_SHM_SCRATCH, B43_SHM_SC_SRLIMIT,
3828 short_retry);
3829 b43_shm_write16(dev, B43_SHM_SCRATCH, B43_SHM_SC_LRLIMIT,
3830 long_retry);
3831 }
3832
b43_op_config(struct ieee80211_hw * hw,u32 changed)3833 static int b43_op_config(struct ieee80211_hw *hw, u32 changed)
3834 {
3835 struct b43_wl *wl = hw_to_b43_wl(hw);
3836 struct b43_wldev *dev;
3837 struct b43_phy *phy;
3838 struct ieee80211_conf *conf = &hw->conf;
3839 int antenna;
3840 int err = 0;
3841 bool reload_bss = false;
3842
3843 mutex_lock(&wl->mutex);
3844
3845 dev = wl->current_dev;
3846
3847 /* Switch the band (if necessary). This might change the active core. */
3848 err = b43_switch_band(wl, conf->chandef.chan);
3849 if (err)
3850 goto out_unlock_mutex;
3851
3852 /* Need to reload all settings if the core changed */
3853 if (dev != wl->current_dev) {
3854 dev = wl->current_dev;
3855 changed = ~0;
3856 reload_bss = true;
3857 }
3858
3859 phy = &dev->phy;
3860
3861 if (conf_is_ht(conf))
3862 phy->is_40mhz =
3863 (conf_is_ht40_minus(conf) || conf_is_ht40_plus(conf));
3864 else
3865 phy->is_40mhz = false;
3866
3867 b43_mac_suspend(dev);
3868
3869 if (changed & IEEE80211_CONF_CHANGE_RETRY_LIMITS)
3870 b43_set_retry_limits(dev, conf->short_frame_max_tx_count,
3871 conf->long_frame_max_tx_count);
3872 changed &= ~IEEE80211_CONF_CHANGE_RETRY_LIMITS;
3873 if (!changed)
3874 goto out_mac_enable;
3875
3876 /* Switch to the requested channel.
3877 * The firmware takes care of races with the TX handler. */
3878 if (conf->chandef.chan->hw_value != phy->channel)
3879 b43_switch_channel(dev, conf->chandef.chan->hw_value);
3880
3881 dev->wl->radiotap_enabled = !!(conf->flags & IEEE80211_CONF_MONITOR);
3882
3883 /* Adjust the desired TX power level. */
3884 if (conf->power_level != 0) {
3885 if (conf->power_level != phy->desired_txpower) {
3886 phy->desired_txpower = conf->power_level;
3887 b43_phy_txpower_check(dev, B43_TXPWR_IGNORE_TIME |
3888 B43_TXPWR_IGNORE_TSSI);
3889 }
3890 }
3891
3892 /* Antennas for RX and management frame TX. */
3893 antenna = B43_ANTENNA_DEFAULT;
3894 b43_mgmtframe_txantenna(dev, antenna);
3895 antenna = B43_ANTENNA_DEFAULT;
3896 if (phy->ops->set_rx_antenna)
3897 phy->ops->set_rx_antenna(dev, antenna);
3898
3899 if (wl->radio_enabled != phy->radio_on) {
3900 if (wl->radio_enabled) {
3901 b43_software_rfkill(dev, false);
3902 b43info(dev->wl, "Radio turned on by software\n");
3903 if (!dev->radio_hw_enable) {
3904 b43info(dev->wl, "The hardware RF-kill button "
3905 "still turns the radio physically off. "
3906 "Press the button to turn it on.\n");
3907 }
3908 } else {
3909 b43_software_rfkill(dev, true);
3910 b43info(dev->wl, "Radio turned off by software\n");
3911 }
3912 }
3913
3914 out_mac_enable:
3915 b43_mac_enable(dev);
3916 out_unlock_mutex:
3917 mutex_unlock(&wl->mutex);
3918
3919 if (wl->vif && reload_bss)
3920 b43_op_bss_info_changed(hw, wl->vif, &wl->vif->bss_conf, ~0);
3921
3922 return err;
3923 }
3924
b43_update_basic_rates(struct b43_wldev * dev,u32 brates)3925 static void b43_update_basic_rates(struct b43_wldev *dev, u32 brates)
3926 {
3927 struct ieee80211_supported_band *sband =
3928 dev->wl->hw->wiphy->bands[b43_current_band(dev->wl)];
3929 struct ieee80211_rate *rate;
3930 int i;
3931 u16 basic, direct, offset, basic_offset, rateptr;
3932
3933 for (i = 0; i < sband->n_bitrates; i++) {
3934 rate = &sband->bitrates[i];
3935
3936 if (b43_is_cck_rate(rate->hw_value)) {
3937 direct = B43_SHM_SH_CCKDIRECT;
3938 basic = B43_SHM_SH_CCKBASIC;
3939 offset = b43_plcp_get_ratecode_cck(rate->hw_value);
3940 offset &= 0xF;
3941 } else {
3942 direct = B43_SHM_SH_OFDMDIRECT;
3943 basic = B43_SHM_SH_OFDMBASIC;
3944 offset = b43_plcp_get_ratecode_ofdm(rate->hw_value);
3945 offset &= 0xF;
3946 }
3947
3948 rate = ieee80211_get_response_rate(sband, brates, rate->bitrate);
3949
3950 if (b43_is_cck_rate(rate->hw_value)) {
3951 basic_offset = b43_plcp_get_ratecode_cck(rate->hw_value);
3952 basic_offset &= 0xF;
3953 } else {
3954 basic_offset = b43_plcp_get_ratecode_ofdm(rate->hw_value);
3955 basic_offset &= 0xF;
3956 }
3957
3958 /*
3959 * Get the pointer that we need to point to
3960 * from the direct map
3961 */
3962 rateptr = b43_shm_read16(dev, B43_SHM_SHARED,
3963 direct + 2 * basic_offset);
3964 /* and write it to the basic map */
3965 b43_shm_write16(dev, B43_SHM_SHARED, basic + 2 * offset,
3966 rateptr);
3967 }
3968 }
3969
b43_op_bss_info_changed(struct ieee80211_hw * hw,struct ieee80211_vif * vif,struct ieee80211_bss_conf * conf,u32 changed)3970 static void b43_op_bss_info_changed(struct ieee80211_hw *hw,
3971 struct ieee80211_vif *vif,
3972 struct ieee80211_bss_conf *conf,
3973 u32 changed)
3974 {
3975 struct b43_wl *wl = hw_to_b43_wl(hw);
3976 struct b43_wldev *dev;
3977
3978 mutex_lock(&wl->mutex);
3979
3980 dev = wl->current_dev;
3981 if (!dev || b43_status(dev) < B43_STAT_STARTED)
3982 goto out_unlock_mutex;
3983
3984 B43_WARN_ON(wl->vif != vif);
3985
3986 if (changed & BSS_CHANGED_BSSID) {
3987 if (conf->bssid)
3988 memcpy(wl->bssid, conf->bssid, ETH_ALEN);
3989 else
3990 memset(wl->bssid, 0, ETH_ALEN);
3991 }
3992
3993 if (b43_status(dev) >= B43_STAT_INITIALIZED) {
3994 if (changed & BSS_CHANGED_BEACON &&
3995 (b43_is_mode(wl, NL80211_IFTYPE_AP) ||
3996 b43_is_mode(wl, NL80211_IFTYPE_MESH_POINT) ||
3997 b43_is_mode(wl, NL80211_IFTYPE_ADHOC)))
3998 b43_update_templates(wl);
3999
4000 if (changed & BSS_CHANGED_BSSID)
4001 b43_write_mac_bssid_templates(dev);
4002 }
4003
4004 b43_mac_suspend(dev);
4005
4006 /* Update templates for AP/mesh mode. */
4007 if (changed & BSS_CHANGED_BEACON_INT &&
4008 (b43_is_mode(wl, NL80211_IFTYPE_AP) ||
4009 b43_is_mode(wl, NL80211_IFTYPE_MESH_POINT) ||
4010 b43_is_mode(wl, NL80211_IFTYPE_ADHOC)) &&
4011 conf->beacon_int)
4012 b43_set_beacon_int(dev, conf->beacon_int);
4013
4014 if (changed & BSS_CHANGED_BASIC_RATES)
4015 b43_update_basic_rates(dev, conf->basic_rates);
4016
4017 if (changed & BSS_CHANGED_ERP_SLOT) {
4018 if (conf->use_short_slot)
4019 b43_short_slot_timing_enable(dev);
4020 else
4021 b43_short_slot_timing_disable(dev);
4022 }
4023
4024 b43_mac_enable(dev);
4025 out_unlock_mutex:
4026 mutex_unlock(&wl->mutex);
4027 }
4028
b43_op_set_key(struct ieee80211_hw * hw,enum set_key_cmd cmd,struct ieee80211_vif * vif,struct ieee80211_sta * sta,struct ieee80211_key_conf * key)4029 static int b43_op_set_key(struct ieee80211_hw *hw, enum set_key_cmd cmd,
4030 struct ieee80211_vif *vif, struct ieee80211_sta *sta,
4031 struct ieee80211_key_conf *key)
4032 {
4033 struct b43_wl *wl = hw_to_b43_wl(hw);
4034 struct b43_wldev *dev;
4035 u8 algorithm;
4036 u8 index;
4037 int err;
4038 static const u8 bcast_addr[ETH_ALEN] = { 0xff, 0xff, 0xff, 0xff, 0xff, 0xff };
4039
4040 if (modparam_nohwcrypt)
4041 return -ENOSPC; /* User disabled HW-crypto */
4042
4043 if ((vif->type == NL80211_IFTYPE_ADHOC ||
4044 vif->type == NL80211_IFTYPE_MESH_POINT) &&
4045 (key->cipher == WLAN_CIPHER_SUITE_TKIP ||
4046 key->cipher == WLAN_CIPHER_SUITE_CCMP) &&
4047 !(key->flags & IEEE80211_KEY_FLAG_PAIRWISE)) {
4048 /*
4049 * For now, disable hw crypto for the RSN IBSS group keys. This
4050 * could be optimized in the future, but until that gets
4051 * implemented, use of software crypto for group addressed
4052 * frames is a acceptable to allow RSN IBSS to be used.
4053 */
4054 return -EOPNOTSUPP;
4055 }
4056
4057 mutex_lock(&wl->mutex);
4058
4059 dev = wl->current_dev;
4060 err = -ENODEV;
4061 if (!dev || b43_status(dev) < B43_STAT_INITIALIZED)
4062 goto out_unlock;
4063
4064 if (dev->fw.pcm_request_failed || !dev->hwcrypto_enabled) {
4065 /* We don't have firmware for the crypto engine.
4066 * Must use software-crypto. */
4067 err = -EOPNOTSUPP;
4068 goto out_unlock;
4069 }
4070
4071 err = -EINVAL;
4072 switch (key->cipher) {
4073 case WLAN_CIPHER_SUITE_WEP40:
4074 algorithm = B43_SEC_ALGO_WEP40;
4075 break;
4076 case WLAN_CIPHER_SUITE_WEP104:
4077 algorithm = B43_SEC_ALGO_WEP104;
4078 break;
4079 case WLAN_CIPHER_SUITE_TKIP:
4080 algorithm = B43_SEC_ALGO_TKIP;
4081 break;
4082 case WLAN_CIPHER_SUITE_CCMP:
4083 algorithm = B43_SEC_ALGO_AES;
4084 break;
4085 default:
4086 B43_WARN_ON(1);
4087 goto out_unlock;
4088 }
4089 index = (u8) (key->keyidx);
4090 if (index > 3)
4091 goto out_unlock;
4092
4093 switch (cmd) {
4094 case SET_KEY:
4095 if (algorithm == B43_SEC_ALGO_TKIP &&
4096 (!(key->flags & IEEE80211_KEY_FLAG_PAIRWISE) ||
4097 !modparam_hwtkip)) {
4098 /* We support only pairwise key */
4099 err = -EOPNOTSUPP;
4100 goto out_unlock;
4101 }
4102
4103 if (key->flags & IEEE80211_KEY_FLAG_PAIRWISE) {
4104 if (WARN_ON(!sta)) {
4105 err = -EOPNOTSUPP;
4106 goto out_unlock;
4107 }
4108 /* Pairwise key with an assigned MAC address. */
4109 err = b43_key_write(dev, -1, algorithm,
4110 key->key, key->keylen,
4111 sta->addr, key);
4112 } else {
4113 /* Group key */
4114 err = b43_key_write(dev, index, algorithm,
4115 key->key, key->keylen, NULL, key);
4116 }
4117 if (err)
4118 goto out_unlock;
4119
4120 if (algorithm == B43_SEC_ALGO_WEP40 ||
4121 algorithm == B43_SEC_ALGO_WEP104) {
4122 b43_hf_write(dev, b43_hf_read(dev) | B43_HF_USEDEFKEYS);
4123 } else {
4124 b43_hf_write(dev,
4125 b43_hf_read(dev) & ~B43_HF_USEDEFKEYS);
4126 }
4127 key->flags |= IEEE80211_KEY_FLAG_GENERATE_IV;
4128 if (algorithm == B43_SEC_ALGO_TKIP)
4129 key->flags |= IEEE80211_KEY_FLAG_GENERATE_MMIC;
4130 break;
4131 case DISABLE_KEY: {
4132 err = b43_key_clear(dev, key->hw_key_idx);
4133 if (err)
4134 goto out_unlock;
4135 break;
4136 }
4137 default:
4138 B43_WARN_ON(1);
4139 }
4140
4141 out_unlock:
4142 if (!err) {
4143 b43dbg(wl, "%s hardware based encryption for keyidx: %d, "
4144 "mac: %pM\n",
4145 cmd == SET_KEY ? "Using" : "Disabling", key->keyidx,
4146 sta ? sta->addr : bcast_addr);
4147 b43_dump_keymemory(dev);
4148 }
4149 mutex_unlock(&wl->mutex);
4150
4151 return err;
4152 }
4153
b43_op_configure_filter(struct ieee80211_hw * hw,unsigned int changed,unsigned int * fflags,u64 multicast)4154 static void b43_op_configure_filter(struct ieee80211_hw *hw,
4155 unsigned int changed, unsigned int *fflags,
4156 u64 multicast)
4157 {
4158 struct b43_wl *wl = hw_to_b43_wl(hw);
4159 struct b43_wldev *dev;
4160
4161 mutex_lock(&wl->mutex);
4162 dev = wl->current_dev;
4163 if (!dev) {
4164 *fflags = 0;
4165 goto out_unlock;
4166 }
4167
4168 *fflags &= FIF_PROMISC_IN_BSS |
4169 FIF_ALLMULTI |
4170 FIF_FCSFAIL |
4171 FIF_PLCPFAIL |
4172 FIF_CONTROL |
4173 FIF_OTHER_BSS |
4174 FIF_BCN_PRBRESP_PROMISC;
4175
4176 changed &= FIF_PROMISC_IN_BSS |
4177 FIF_ALLMULTI |
4178 FIF_FCSFAIL |
4179 FIF_PLCPFAIL |
4180 FIF_CONTROL |
4181 FIF_OTHER_BSS |
4182 FIF_BCN_PRBRESP_PROMISC;
4183
4184 wl->filter_flags = *fflags;
4185
4186 if (changed && b43_status(dev) >= B43_STAT_INITIALIZED)
4187 b43_adjust_opmode(dev);
4188
4189 out_unlock:
4190 mutex_unlock(&wl->mutex);
4191 }
4192
4193 /* Locking: wl->mutex
4194 * Returns the current dev. This might be different from the passed in dev,
4195 * because the core might be gone away while we unlocked the mutex. */
b43_wireless_core_stop(struct b43_wldev * dev)4196 static struct b43_wldev * b43_wireless_core_stop(struct b43_wldev *dev)
4197 {
4198 struct b43_wl *wl;
4199 struct b43_wldev *orig_dev;
4200 u32 mask;
4201 int queue_num;
4202
4203 if (!dev)
4204 return NULL;
4205 wl = dev->wl;
4206 redo:
4207 if (!dev || b43_status(dev) < B43_STAT_STARTED)
4208 return dev;
4209
4210 /* Cancel work. Unlock to avoid deadlocks. */
4211 mutex_unlock(&wl->mutex);
4212 cancel_delayed_work_sync(&dev->periodic_work);
4213 cancel_work_sync(&wl->tx_work);
4214 mutex_lock(&wl->mutex);
4215 dev = wl->current_dev;
4216 if (!dev || b43_status(dev) < B43_STAT_STARTED) {
4217 /* Whoops, aliens ate up the device while we were unlocked. */
4218 return dev;
4219 }
4220
4221 /* Disable interrupts on the device. */
4222 b43_set_status(dev, B43_STAT_INITIALIZED);
4223 if (b43_bus_host_is_sdio(dev->dev)) {
4224 /* wl->mutex is locked. That is enough. */
4225 b43_write32(dev, B43_MMIO_GEN_IRQ_MASK, 0);
4226 b43_read32(dev, B43_MMIO_GEN_IRQ_MASK); /* Flush */
4227 } else {
4228 spin_lock_irq(&wl->hardirq_lock);
4229 b43_write32(dev, B43_MMIO_GEN_IRQ_MASK, 0);
4230 b43_read32(dev, B43_MMIO_GEN_IRQ_MASK); /* Flush */
4231 spin_unlock_irq(&wl->hardirq_lock);
4232 }
4233 /* Synchronize and free the interrupt handlers. Unlock to avoid deadlocks. */
4234 orig_dev = dev;
4235 mutex_unlock(&wl->mutex);
4236 if (b43_bus_host_is_sdio(dev->dev)) {
4237 b43_sdio_free_irq(dev);
4238 } else {
4239 synchronize_irq(dev->dev->irq);
4240 free_irq(dev->dev->irq, dev);
4241 }
4242 mutex_lock(&wl->mutex);
4243 dev = wl->current_dev;
4244 if (!dev)
4245 return dev;
4246 if (dev != orig_dev) {
4247 if (b43_status(dev) >= B43_STAT_STARTED)
4248 goto redo;
4249 return dev;
4250 }
4251 mask = b43_read32(dev, B43_MMIO_GEN_IRQ_MASK);
4252 B43_WARN_ON(mask != 0xFFFFFFFF && mask);
4253
4254 /* Drain all TX queues. */
4255 for (queue_num = 0; queue_num < B43_QOS_QUEUE_NUM; queue_num++) {
4256 while (skb_queue_len(&wl->tx_queue[queue_num])) {
4257 struct sk_buff *skb;
4258
4259 skb = skb_dequeue(&wl->tx_queue[queue_num]);
4260 ieee80211_free_txskb(wl->hw, skb);
4261 }
4262 }
4263
4264 b43_mac_suspend(dev);
4265 b43_leds_exit(dev);
4266 b43dbg(wl, "Wireless interface stopped\n");
4267
4268 return dev;
4269 }
4270
4271 /* Locking: wl->mutex */
b43_wireless_core_start(struct b43_wldev * dev)4272 static int b43_wireless_core_start(struct b43_wldev *dev)
4273 {
4274 int err;
4275
4276 B43_WARN_ON(b43_status(dev) != B43_STAT_INITIALIZED);
4277
4278 drain_txstatus_queue(dev);
4279 if (b43_bus_host_is_sdio(dev->dev)) {
4280 err = b43_sdio_request_irq(dev, b43_sdio_interrupt_handler);
4281 if (err) {
4282 b43err(dev->wl, "Cannot request SDIO IRQ\n");
4283 goto out;
4284 }
4285 } else {
4286 err = request_threaded_irq(dev->dev->irq, b43_interrupt_handler,
4287 b43_interrupt_thread_handler,
4288 IRQF_SHARED, KBUILD_MODNAME, dev);
4289 if (err) {
4290 b43err(dev->wl, "Cannot request IRQ-%d\n",
4291 dev->dev->irq);
4292 goto out;
4293 }
4294 }
4295
4296 /* We are ready to run. */
4297 ieee80211_wake_queues(dev->wl->hw);
4298 b43_set_status(dev, B43_STAT_STARTED);
4299
4300 /* Start data flow (TX/RX). */
4301 b43_mac_enable(dev);
4302 b43_write32(dev, B43_MMIO_GEN_IRQ_MASK, dev->irq_mask);
4303
4304 /* Start maintenance work */
4305 b43_periodic_tasks_setup(dev);
4306
4307 b43_leds_init(dev);
4308
4309 b43dbg(dev->wl, "Wireless interface started\n");
4310 out:
4311 return err;
4312 }
4313
b43_phy_name(struct b43_wldev * dev,u8 phy_type)4314 static char *b43_phy_name(struct b43_wldev *dev, u8 phy_type)
4315 {
4316 switch (phy_type) {
4317 case B43_PHYTYPE_A:
4318 return "A";
4319 case B43_PHYTYPE_B:
4320 return "B";
4321 case B43_PHYTYPE_G:
4322 return "G";
4323 case B43_PHYTYPE_N:
4324 return "N";
4325 case B43_PHYTYPE_LP:
4326 return "LP";
4327 case B43_PHYTYPE_SSLPN:
4328 return "SSLPN";
4329 case B43_PHYTYPE_HT:
4330 return "HT";
4331 case B43_PHYTYPE_LCN:
4332 return "LCN";
4333 case B43_PHYTYPE_LCNXN:
4334 return "LCNXN";
4335 case B43_PHYTYPE_LCN40:
4336 return "LCN40";
4337 case B43_PHYTYPE_AC:
4338 return "AC";
4339 }
4340 return "UNKNOWN";
4341 }
4342
4343 /* Get PHY and RADIO versioning numbers */
b43_phy_versioning(struct b43_wldev * dev)4344 static int b43_phy_versioning(struct b43_wldev *dev)
4345 {
4346 struct b43_phy *phy = &dev->phy;
4347 u32 tmp;
4348 u8 analog_type;
4349 u8 phy_type;
4350 u8 phy_rev;
4351 u16 radio_manuf;
4352 u16 radio_ver;
4353 u16 radio_rev;
4354 int unsupported = 0;
4355
4356 /* Get PHY versioning */
4357 tmp = b43_read16(dev, B43_MMIO_PHY_VER);
4358 analog_type = (tmp & B43_PHYVER_ANALOG) >> B43_PHYVER_ANALOG_SHIFT;
4359 phy_type = (tmp & B43_PHYVER_TYPE) >> B43_PHYVER_TYPE_SHIFT;
4360 phy_rev = (tmp & B43_PHYVER_VERSION);
4361 switch (phy_type) {
4362 case B43_PHYTYPE_A:
4363 if (phy_rev >= 4)
4364 unsupported = 1;
4365 break;
4366 case B43_PHYTYPE_B:
4367 if (phy_rev != 2 && phy_rev != 4 && phy_rev != 6
4368 && phy_rev != 7)
4369 unsupported = 1;
4370 break;
4371 case B43_PHYTYPE_G:
4372 if (phy_rev > 9)
4373 unsupported = 1;
4374 break;
4375 #ifdef CONFIG_B43_PHY_N
4376 case B43_PHYTYPE_N:
4377 if (phy_rev > 9)
4378 unsupported = 1;
4379 break;
4380 #endif
4381 #ifdef CONFIG_B43_PHY_LP
4382 case B43_PHYTYPE_LP:
4383 if (phy_rev > 2)
4384 unsupported = 1;
4385 break;
4386 #endif
4387 #ifdef CONFIG_B43_PHY_HT
4388 case B43_PHYTYPE_HT:
4389 if (phy_rev > 1)
4390 unsupported = 1;
4391 break;
4392 #endif
4393 #ifdef CONFIG_B43_PHY_LCN
4394 case B43_PHYTYPE_LCN:
4395 if (phy_rev > 1)
4396 unsupported = 1;
4397 break;
4398 #endif
4399 default:
4400 unsupported = 1;
4401 }
4402 if (unsupported) {
4403 b43err(dev->wl, "FOUND UNSUPPORTED PHY (Analog %u, Type %d (%s), Revision %u)\n",
4404 analog_type, phy_type, b43_phy_name(dev, phy_type),
4405 phy_rev);
4406 return -EOPNOTSUPP;
4407 }
4408 b43info(dev->wl, "Found PHY: Analog %u, Type %d (%s), Revision %u\n",
4409 analog_type, phy_type, b43_phy_name(dev, phy_type), phy_rev);
4410
4411 /* Get RADIO versioning */
4412 if (dev->dev->core_rev >= 24) {
4413 u16 radio24[3];
4414
4415 for (tmp = 0; tmp < 3; tmp++) {
4416 b43_write16(dev, B43_MMIO_RADIO24_CONTROL, tmp);
4417 radio24[tmp] = b43_read16(dev, B43_MMIO_RADIO24_DATA);
4418 }
4419
4420 /* Broadcom uses "id" for our "ver" and has separated "ver" */
4421 /* radio_ver = (radio24[0] & 0xF0) >> 4; */
4422
4423 radio_manuf = 0x17F;
4424 radio_ver = (radio24[2] << 8) | radio24[1];
4425 radio_rev = (radio24[0] & 0xF);
4426 } else {
4427 if (dev->dev->chip_id == 0x4317) {
4428 if (dev->dev->chip_rev == 0)
4429 tmp = 0x3205017F;
4430 else if (dev->dev->chip_rev == 1)
4431 tmp = 0x4205017F;
4432 else
4433 tmp = 0x5205017F;
4434 } else {
4435 b43_write16(dev, B43_MMIO_RADIO_CONTROL,
4436 B43_RADIOCTL_ID);
4437 tmp = b43_read16(dev, B43_MMIO_RADIO_DATA_LOW);
4438 b43_write16(dev, B43_MMIO_RADIO_CONTROL,
4439 B43_RADIOCTL_ID);
4440 tmp |= (u32)b43_read16(dev, B43_MMIO_RADIO_DATA_HIGH)
4441 << 16;
4442 }
4443 radio_manuf = (tmp & 0x00000FFF);
4444 radio_ver = (tmp & 0x0FFFF000) >> 12;
4445 radio_rev = (tmp & 0xF0000000) >> 28;
4446 }
4447
4448 if (radio_manuf != 0x17F /* Broadcom */)
4449 unsupported = 1;
4450 switch (phy_type) {
4451 case B43_PHYTYPE_A:
4452 if (radio_ver != 0x2060)
4453 unsupported = 1;
4454 if (radio_rev != 1)
4455 unsupported = 1;
4456 if (radio_manuf != 0x17F)
4457 unsupported = 1;
4458 break;
4459 case B43_PHYTYPE_B:
4460 if ((radio_ver & 0xFFF0) != 0x2050)
4461 unsupported = 1;
4462 break;
4463 case B43_PHYTYPE_G:
4464 if (radio_ver != 0x2050)
4465 unsupported = 1;
4466 break;
4467 case B43_PHYTYPE_N:
4468 if (radio_ver != 0x2055 && radio_ver != 0x2056)
4469 unsupported = 1;
4470 break;
4471 case B43_PHYTYPE_LP:
4472 if (radio_ver != 0x2062 && radio_ver != 0x2063)
4473 unsupported = 1;
4474 break;
4475 case B43_PHYTYPE_HT:
4476 if (radio_ver != 0x2059)
4477 unsupported = 1;
4478 break;
4479 case B43_PHYTYPE_LCN:
4480 if (radio_ver != 0x2064)
4481 unsupported = 1;
4482 break;
4483 default:
4484 B43_WARN_ON(1);
4485 }
4486 if (unsupported) {
4487 b43err(dev->wl, "FOUND UNSUPPORTED RADIO "
4488 "(Manuf 0x%X, Version 0x%X, Revision %u)\n",
4489 radio_manuf, radio_ver, radio_rev);
4490 return -EOPNOTSUPP;
4491 }
4492 b43dbg(dev->wl, "Found Radio: Manuf 0x%X, Version 0x%X, Revision %u\n",
4493 radio_manuf, radio_ver, radio_rev);
4494
4495 phy->radio_manuf = radio_manuf;
4496 phy->radio_ver = radio_ver;
4497 phy->radio_rev = radio_rev;
4498
4499 phy->analog = analog_type;
4500 phy->type = phy_type;
4501 phy->rev = phy_rev;
4502
4503 return 0;
4504 }
4505
setup_struct_phy_for_init(struct b43_wldev * dev,struct b43_phy * phy)4506 static void setup_struct_phy_for_init(struct b43_wldev *dev,
4507 struct b43_phy *phy)
4508 {
4509 phy->hardware_power_control = !!modparam_hwpctl;
4510 phy->next_txpwr_check_time = jiffies;
4511 /* PHY TX errors counter. */
4512 atomic_set(&phy->txerr_cnt, B43_PHY_TX_BADNESS_LIMIT);
4513
4514 #if B43_DEBUG
4515 phy->phy_locked = false;
4516 phy->radio_locked = false;
4517 #endif
4518 }
4519
setup_struct_wldev_for_init(struct b43_wldev * dev)4520 static void setup_struct_wldev_for_init(struct b43_wldev *dev)
4521 {
4522 dev->dfq_valid = false;
4523
4524 /* Assume the radio is enabled. If it's not enabled, the state will
4525 * immediately get fixed on the first periodic work run. */
4526 dev->radio_hw_enable = true;
4527
4528 /* Stats */
4529 memset(&dev->stats, 0, sizeof(dev->stats));
4530
4531 setup_struct_phy_for_init(dev, &dev->phy);
4532
4533 /* IRQ related flags */
4534 dev->irq_reason = 0;
4535 memset(dev->dma_reason, 0, sizeof(dev->dma_reason));
4536 dev->irq_mask = B43_IRQ_MASKTEMPLATE;
4537 if (b43_modparam_verbose < B43_VERBOSITY_DEBUG)
4538 dev->irq_mask &= ~B43_IRQ_PHY_TXERR;
4539
4540 dev->mac_suspended = 1;
4541
4542 /* Noise calculation context */
4543 memset(&dev->noisecalc, 0, sizeof(dev->noisecalc));
4544 }
4545
b43_bluetooth_coext_enable(struct b43_wldev * dev)4546 static void b43_bluetooth_coext_enable(struct b43_wldev *dev)
4547 {
4548 struct ssb_sprom *sprom = dev->dev->bus_sprom;
4549 u64 hf;
4550
4551 if (!modparam_btcoex)
4552 return;
4553 if (!(sprom->boardflags_lo & B43_BFL_BTCOEXIST))
4554 return;
4555 if (dev->phy.type != B43_PHYTYPE_B && !dev->phy.gmode)
4556 return;
4557
4558 hf = b43_hf_read(dev);
4559 if (sprom->boardflags_lo & B43_BFL_BTCMOD)
4560 hf |= B43_HF_BTCOEXALT;
4561 else
4562 hf |= B43_HF_BTCOEX;
4563 b43_hf_write(dev, hf);
4564 }
4565
b43_bluetooth_coext_disable(struct b43_wldev * dev)4566 static void b43_bluetooth_coext_disable(struct b43_wldev *dev)
4567 {
4568 if (!modparam_btcoex)
4569 return;
4570 //TODO
4571 }
4572
b43_imcfglo_timeouts_workaround(struct b43_wldev * dev)4573 static void b43_imcfglo_timeouts_workaround(struct b43_wldev *dev)
4574 {
4575 struct ssb_bus *bus;
4576 u32 tmp;
4577
4578 if (dev->dev->bus_type != B43_BUS_SSB)
4579 return;
4580
4581 bus = dev->dev->sdev->bus;
4582
4583 if ((bus->chip_id == 0x4311 && bus->chip_rev == 2) ||
4584 (bus->chip_id == 0x4312)) {
4585 tmp = ssb_read32(dev->dev->sdev, SSB_IMCFGLO);
4586 tmp &= ~SSB_IMCFGLO_REQTO;
4587 tmp &= ~SSB_IMCFGLO_SERTO;
4588 tmp |= 0x3;
4589 ssb_write32(dev->dev->sdev, SSB_IMCFGLO, tmp);
4590 ssb_commit_settings(bus);
4591 }
4592 }
4593
b43_set_synth_pu_delay(struct b43_wldev * dev,bool idle)4594 static void b43_set_synth_pu_delay(struct b43_wldev *dev, bool idle)
4595 {
4596 u16 pu_delay;
4597
4598 /* The time value is in microseconds. */
4599 if (dev->phy.type == B43_PHYTYPE_A)
4600 pu_delay = 3700;
4601 else
4602 pu_delay = 1050;
4603 if (b43_is_mode(dev->wl, NL80211_IFTYPE_ADHOC) || idle)
4604 pu_delay = 500;
4605 if ((dev->phy.radio_ver == 0x2050) && (dev->phy.radio_rev == 8))
4606 pu_delay = max(pu_delay, (u16)2400);
4607
4608 b43_shm_write16(dev, B43_SHM_SHARED, B43_SHM_SH_SPUWKUP, pu_delay);
4609 }
4610
4611 /* Set the TSF CFP pre-TargetBeaconTransmissionTime. */
b43_set_pretbtt(struct b43_wldev * dev)4612 static void b43_set_pretbtt(struct b43_wldev *dev)
4613 {
4614 u16 pretbtt;
4615
4616 /* The time value is in microseconds. */
4617 if (b43_is_mode(dev->wl, NL80211_IFTYPE_ADHOC)) {
4618 pretbtt = 2;
4619 } else {
4620 if (dev->phy.type == B43_PHYTYPE_A)
4621 pretbtt = 120;
4622 else
4623 pretbtt = 250;
4624 }
4625 b43_shm_write16(dev, B43_SHM_SHARED, B43_SHM_SH_PRETBTT, pretbtt);
4626 b43_write16(dev, B43_MMIO_TSF_CFP_PRETBTT, pretbtt);
4627 }
4628
4629 /* Shutdown a wireless core */
4630 /* Locking: wl->mutex */
b43_wireless_core_exit(struct b43_wldev * dev)4631 static void b43_wireless_core_exit(struct b43_wldev *dev)
4632 {
4633 B43_WARN_ON(dev && b43_status(dev) > B43_STAT_INITIALIZED);
4634 if (!dev || b43_status(dev) != B43_STAT_INITIALIZED)
4635 return;
4636
4637 /* Unregister HW RNG driver */
4638 b43_rng_exit(dev->wl);
4639
4640 b43_set_status(dev, B43_STAT_UNINIT);
4641
4642 /* Stop the microcode PSM. */
4643 b43_maskset32(dev, B43_MMIO_MACCTL, ~B43_MACCTL_PSM_RUN,
4644 B43_MACCTL_PSM_JMP0);
4645
4646 b43_dma_free(dev);
4647 b43_pio_free(dev);
4648 b43_chip_exit(dev);
4649 dev->phy.ops->switch_analog(dev, 0);
4650 if (dev->wl->current_beacon) {
4651 dev_kfree_skb_any(dev->wl->current_beacon);
4652 dev->wl->current_beacon = NULL;
4653 }
4654
4655 b43_device_disable(dev, 0);
4656 b43_bus_may_powerdown(dev);
4657 }
4658
4659 /* Initialize a wireless core */
b43_wireless_core_init(struct b43_wldev * dev)4660 static int b43_wireless_core_init(struct b43_wldev *dev)
4661 {
4662 struct ssb_sprom *sprom = dev->dev->bus_sprom;
4663 struct b43_phy *phy = &dev->phy;
4664 int err;
4665 u64 hf;
4666
4667 B43_WARN_ON(b43_status(dev) != B43_STAT_UNINIT);
4668
4669 err = b43_bus_powerup(dev, 0);
4670 if (err)
4671 goto out;
4672 if (!b43_device_is_enabled(dev))
4673 b43_wireless_core_reset(dev, phy->gmode);
4674
4675 /* Reset all data structures. */
4676 setup_struct_wldev_for_init(dev);
4677 phy->ops->prepare_structs(dev);
4678
4679 /* Enable IRQ routing to this device. */
4680 switch (dev->dev->bus_type) {
4681 #ifdef CONFIG_B43_BCMA
4682 case B43_BUS_BCMA:
4683 bcma_core_pci_irq_ctl(&dev->dev->bdev->bus->drv_pci[0],
4684 dev->dev->bdev, true);
4685 break;
4686 #endif
4687 #ifdef CONFIG_B43_SSB
4688 case B43_BUS_SSB:
4689 ssb_pcicore_dev_irqvecs_enable(&dev->dev->sdev->bus->pcicore,
4690 dev->dev->sdev);
4691 break;
4692 #endif
4693 }
4694
4695 b43_imcfglo_timeouts_workaround(dev);
4696 b43_bluetooth_coext_disable(dev);
4697 if (phy->ops->prepare_hardware) {
4698 err = phy->ops->prepare_hardware(dev);
4699 if (err)
4700 goto err_busdown;
4701 }
4702 err = b43_chip_init(dev);
4703 if (err)
4704 goto err_busdown;
4705 b43_shm_write16(dev, B43_SHM_SHARED,
4706 B43_SHM_SH_WLCOREREV, dev->dev->core_rev);
4707 hf = b43_hf_read(dev);
4708 if (phy->type == B43_PHYTYPE_G) {
4709 hf |= B43_HF_SYMW;
4710 if (phy->rev == 1)
4711 hf |= B43_HF_GDCW;
4712 if (sprom->boardflags_lo & B43_BFL_PACTRL)
4713 hf |= B43_HF_OFDMPABOOST;
4714 }
4715 if (phy->radio_ver == 0x2050) {
4716 if (phy->radio_rev == 6)
4717 hf |= B43_HF_4318TSSI;
4718 if (phy->radio_rev < 6)
4719 hf |= B43_HF_VCORECALC;
4720 }
4721 if (sprom->boardflags_lo & B43_BFL_XTAL_NOSLOW)
4722 hf |= B43_HF_DSCRQ; /* Disable slowclock requests from ucode. */
4723 #ifdef CONFIG_SSB_DRIVER_PCICORE
4724 if (dev->dev->bus_type == B43_BUS_SSB &&
4725 dev->dev->sdev->bus->bustype == SSB_BUSTYPE_PCI &&
4726 dev->dev->sdev->bus->pcicore.dev->id.revision <= 10)
4727 hf |= B43_HF_PCISCW; /* PCI slow clock workaround. */
4728 #endif
4729 hf &= ~B43_HF_SKCFPUP;
4730 b43_hf_write(dev, hf);
4731
4732 b43_set_retry_limits(dev, B43_DEFAULT_SHORT_RETRY_LIMIT,
4733 B43_DEFAULT_LONG_RETRY_LIMIT);
4734 b43_shm_write16(dev, B43_SHM_SHARED, B43_SHM_SH_SFFBLIM, 3);
4735 b43_shm_write16(dev, B43_SHM_SHARED, B43_SHM_SH_LFFBLIM, 2);
4736
4737 /* Disable sending probe responses from firmware.
4738 * Setting the MaxTime to one usec will always trigger
4739 * a timeout, so we never send any probe resp.
4740 * A timeout of zero is infinite. */
4741 b43_shm_write16(dev, B43_SHM_SHARED, B43_SHM_SH_PRMAXTIME, 1);
4742
4743 b43_rate_memory_init(dev);
4744 b43_set_phytxctl_defaults(dev);
4745
4746 /* Minimum Contention Window */
4747 if (phy->type == B43_PHYTYPE_B)
4748 b43_shm_write16(dev, B43_SHM_SCRATCH, B43_SHM_SC_MINCONT, 0x1F);
4749 else
4750 b43_shm_write16(dev, B43_SHM_SCRATCH, B43_SHM_SC_MINCONT, 0xF);
4751 /* Maximum Contention Window */
4752 b43_shm_write16(dev, B43_SHM_SCRATCH, B43_SHM_SC_MAXCONT, 0x3FF);
4753
4754 if (b43_bus_host_is_pcmcia(dev->dev) ||
4755 b43_bus_host_is_sdio(dev->dev)) {
4756 dev->__using_pio_transfers = true;
4757 err = b43_pio_init(dev);
4758 } else if (dev->use_pio) {
4759 b43warn(dev->wl, "Forced PIO by use_pio module parameter. "
4760 "This should not be needed and will result in lower "
4761 "performance.\n");
4762 dev->__using_pio_transfers = true;
4763 err = b43_pio_init(dev);
4764 } else {
4765 dev->__using_pio_transfers = false;
4766 err = b43_dma_init(dev);
4767 }
4768 if (err)
4769 goto err_chip_exit;
4770 b43_qos_init(dev);
4771 b43_set_synth_pu_delay(dev, 1);
4772 b43_bluetooth_coext_enable(dev);
4773
4774 b43_bus_powerup(dev, !(sprom->boardflags_lo & B43_BFL_XTAL_NOSLOW));
4775 b43_upload_card_macaddress(dev);
4776 b43_security_init(dev);
4777
4778 ieee80211_wake_queues(dev->wl->hw);
4779
4780 b43_set_status(dev, B43_STAT_INITIALIZED);
4781
4782 /* Register HW RNG driver */
4783 b43_rng_init(dev->wl);
4784
4785 out:
4786 return err;
4787
4788 err_chip_exit:
4789 b43_chip_exit(dev);
4790 err_busdown:
4791 b43_bus_may_powerdown(dev);
4792 B43_WARN_ON(b43_status(dev) != B43_STAT_UNINIT);
4793 return err;
4794 }
4795
b43_op_add_interface(struct ieee80211_hw * hw,struct ieee80211_vif * vif)4796 static int b43_op_add_interface(struct ieee80211_hw *hw,
4797 struct ieee80211_vif *vif)
4798 {
4799 struct b43_wl *wl = hw_to_b43_wl(hw);
4800 struct b43_wldev *dev;
4801 int err = -EOPNOTSUPP;
4802
4803 /* TODO: allow WDS/AP devices to coexist */
4804
4805 if (vif->type != NL80211_IFTYPE_AP &&
4806 vif->type != NL80211_IFTYPE_MESH_POINT &&
4807 vif->type != NL80211_IFTYPE_STATION &&
4808 vif->type != NL80211_IFTYPE_WDS &&
4809 vif->type != NL80211_IFTYPE_ADHOC)
4810 return -EOPNOTSUPP;
4811
4812 mutex_lock(&wl->mutex);
4813 if (wl->operating)
4814 goto out_mutex_unlock;
4815
4816 b43dbg(wl, "Adding Interface type %d\n", vif->type);
4817
4818 dev = wl->current_dev;
4819 wl->operating = true;
4820 wl->vif = vif;
4821 wl->if_type = vif->type;
4822 memcpy(wl->mac_addr, vif->addr, ETH_ALEN);
4823
4824 b43_adjust_opmode(dev);
4825 b43_set_pretbtt(dev);
4826 b43_set_synth_pu_delay(dev, 0);
4827 b43_upload_card_macaddress(dev);
4828
4829 err = 0;
4830 out_mutex_unlock:
4831 mutex_unlock(&wl->mutex);
4832
4833 if (err == 0)
4834 b43_op_bss_info_changed(hw, vif, &vif->bss_conf, ~0);
4835
4836 return err;
4837 }
4838
b43_op_remove_interface(struct ieee80211_hw * hw,struct ieee80211_vif * vif)4839 static void b43_op_remove_interface(struct ieee80211_hw *hw,
4840 struct ieee80211_vif *vif)
4841 {
4842 struct b43_wl *wl = hw_to_b43_wl(hw);
4843 struct b43_wldev *dev = wl->current_dev;
4844
4845 b43dbg(wl, "Removing Interface type %d\n", vif->type);
4846
4847 mutex_lock(&wl->mutex);
4848
4849 B43_WARN_ON(!wl->operating);
4850 B43_WARN_ON(wl->vif != vif);
4851 wl->vif = NULL;
4852
4853 wl->operating = false;
4854
4855 b43_adjust_opmode(dev);
4856 memset(wl->mac_addr, 0, ETH_ALEN);
4857 b43_upload_card_macaddress(dev);
4858
4859 mutex_unlock(&wl->mutex);
4860 }
4861
b43_op_start(struct ieee80211_hw * hw)4862 static int b43_op_start(struct ieee80211_hw *hw)
4863 {
4864 struct b43_wl *wl = hw_to_b43_wl(hw);
4865 struct b43_wldev *dev = wl->current_dev;
4866 int did_init = 0;
4867 int err = 0;
4868
4869 /* Kill all old instance specific information to make sure
4870 * the card won't use it in the short timeframe between start
4871 * and mac80211 reconfiguring it. */
4872 memset(wl->bssid, 0, ETH_ALEN);
4873 memset(wl->mac_addr, 0, ETH_ALEN);
4874 wl->filter_flags = 0;
4875 wl->radiotap_enabled = false;
4876 b43_qos_clear(wl);
4877 wl->beacon0_uploaded = false;
4878 wl->beacon1_uploaded = false;
4879 wl->beacon_templates_virgin = true;
4880 wl->radio_enabled = true;
4881
4882 mutex_lock(&wl->mutex);
4883
4884 if (b43_status(dev) < B43_STAT_INITIALIZED) {
4885 err = b43_wireless_core_init(dev);
4886 if (err)
4887 goto out_mutex_unlock;
4888 did_init = 1;
4889 }
4890
4891 if (b43_status(dev) < B43_STAT_STARTED) {
4892 err = b43_wireless_core_start(dev);
4893 if (err) {
4894 if (did_init)
4895 b43_wireless_core_exit(dev);
4896 goto out_mutex_unlock;
4897 }
4898 }
4899
4900 /* XXX: only do if device doesn't support rfkill irq */
4901 wiphy_rfkill_start_polling(hw->wiphy);
4902
4903 out_mutex_unlock:
4904 mutex_unlock(&wl->mutex);
4905
4906 /*
4907 * Configuration may have been overwritten during initialization.
4908 * Reload the configuration, but only if initialization was
4909 * successful. Reloading the configuration after a failed init
4910 * may hang the system.
4911 */
4912 if (!err)
4913 b43_op_config(hw, ~0);
4914
4915 return err;
4916 }
4917
b43_op_stop(struct ieee80211_hw * hw)4918 static void b43_op_stop(struct ieee80211_hw *hw)
4919 {
4920 struct b43_wl *wl = hw_to_b43_wl(hw);
4921 struct b43_wldev *dev = wl->current_dev;
4922
4923 cancel_work_sync(&(wl->beacon_update_trigger));
4924
4925 if (!dev)
4926 goto out;
4927
4928 mutex_lock(&wl->mutex);
4929 if (b43_status(dev) >= B43_STAT_STARTED) {
4930 dev = b43_wireless_core_stop(dev);
4931 if (!dev)
4932 goto out_unlock;
4933 }
4934 b43_wireless_core_exit(dev);
4935 wl->radio_enabled = false;
4936
4937 out_unlock:
4938 mutex_unlock(&wl->mutex);
4939 out:
4940 cancel_work_sync(&(wl->txpower_adjust_work));
4941 }
4942
b43_op_beacon_set_tim(struct ieee80211_hw * hw,struct ieee80211_sta * sta,bool set)4943 static int b43_op_beacon_set_tim(struct ieee80211_hw *hw,
4944 struct ieee80211_sta *sta, bool set)
4945 {
4946 struct b43_wl *wl = hw_to_b43_wl(hw);
4947
4948 /* FIXME: add locking */
4949 b43_update_templates(wl);
4950
4951 return 0;
4952 }
4953
b43_op_sta_notify(struct ieee80211_hw * hw,struct ieee80211_vif * vif,enum sta_notify_cmd notify_cmd,struct ieee80211_sta * sta)4954 static void b43_op_sta_notify(struct ieee80211_hw *hw,
4955 struct ieee80211_vif *vif,
4956 enum sta_notify_cmd notify_cmd,
4957 struct ieee80211_sta *sta)
4958 {
4959 struct b43_wl *wl = hw_to_b43_wl(hw);
4960
4961 B43_WARN_ON(!vif || wl->vif != vif);
4962 }
4963
b43_op_sw_scan_start_notifier(struct ieee80211_hw * hw)4964 static void b43_op_sw_scan_start_notifier(struct ieee80211_hw *hw)
4965 {
4966 struct b43_wl *wl = hw_to_b43_wl(hw);
4967 struct b43_wldev *dev;
4968
4969 mutex_lock(&wl->mutex);
4970 dev = wl->current_dev;
4971 if (dev && (b43_status(dev) >= B43_STAT_INITIALIZED)) {
4972 /* Disable CFP update during scan on other channels. */
4973 b43_hf_write(dev, b43_hf_read(dev) | B43_HF_SKCFPUP);
4974 }
4975 mutex_unlock(&wl->mutex);
4976 }
4977
b43_op_sw_scan_complete_notifier(struct ieee80211_hw * hw)4978 static void b43_op_sw_scan_complete_notifier(struct ieee80211_hw *hw)
4979 {
4980 struct b43_wl *wl = hw_to_b43_wl(hw);
4981 struct b43_wldev *dev;
4982
4983 mutex_lock(&wl->mutex);
4984 dev = wl->current_dev;
4985 if (dev && (b43_status(dev) >= B43_STAT_INITIALIZED)) {
4986 /* Re-enable CFP update. */
4987 b43_hf_write(dev, b43_hf_read(dev) & ~B43_HF_SKCFPUP);
4988 }
4989 mutex_unlock(&wl->mutex);
4990 }
4991
b43_op_get_survey(struct ieee80211_hw * hw,int idx,struct survey_info * survey)4992 static int b43_op_get_survey(struct ieee80211_hw *hw, int idx,
4993 struct survey_info *survey)
4994 {
4995 struct b43_wl *wl = hw_to_b43_wl(hw);
4996 struct b43_wldev *dev = wl->current_dev;
4997 struct ieee80211_conf *conf = &hw->conf;
4998
4999 if (idx != 0)
5000 return -ENOENT;
5001
5002 survey->channel = conf->chandef.chan;
5003 survey->filled = SURVEY_INFO_NOISE_DBM;
5004 survey->noise = dev->stats.link_noise;
5005
5006 return 0;
5007 }
5008
5009 static const struct ieee80211_ops b43_hw_ops = {
5010 .tx = b43_op_tx,
5011 .conf_tx = b43_op_conf_tx,
5012 .add_interface = b43_op_add_interface,
5013 .remove_interface = b43_op_remove_interface,
5014 .config = b43_op_config,
5015 .bss_info_changed = b43_op_bss_info_changed,
5016 .configure_filter = b43_op_configure_filter,
5017 .set_key = b43_op_set_key,
5018 .update_tkip_key = b43_op_update_tkip_key,
5019 .get_stats = b43_op_get_stats,
5020 .get_tsf = b43_op_get_tsf,
5021 .set_tsf = b43_op_set_tsf,
5022 .start = b43_op_start,
5023 .stop = b43_op_stop,
5024 .set_tim = b43_op_beacon_set_tim,
5025 .sta_notify = b43_op_sta_notify,
5026 .sw_scan_start = b43_op_sw_scan_start_notifier,
5027 .sw_scan_complete = b43_op_sw_scan_complete_notifier,
5028 .get_survey = b43_op_get_survey,
5029 .rfkill_poll = b43_rfkill_poll,
5030 };
5031
5032 /* Hard-reset the chip. Do not call this directly.
5033 * Use b43_controller_restart()
5034 */
b43_chip_reset(struct work_struct * work)5035 static void b43_chip_reset(struct work_struct *work)
5036 {
5037 struct b43_wldev *dev =
5038 container_of(work, struct b43_wldev, restart_work);
5039 struct b43_wl *wl = dev->wl;
5040 int err = 0;
5041 int prev_status;
5042
5043 mutex_lock(&wl->mutex);
5044
5045 prev_status = b43_status(dev);
5046 /* Bring the device down... */
5047 if (prev_status >= B43_STAT_STARTED) {
5048 dev = b43_wireless_core_stop(dev);
5049 if (!dev) {
5050 err = -ENODEV;
5051 goto out;
5052 }
5053 }
5054 if (prev_status >= B43_STAT_INITIALIZED)
5055 b43_wireless_core_exit(dev);
5056
5057 /* ...and up again. */
5058 if (prev_status >= B43_STAT_INITIALIZED) {
5059 err = b43_wireless_core_init(dev);
5060 if (err)
5061 goto out;
5062 }
5063 if (prev_status >= B43_STAT_STARTED) {
5064 err = b43_wireless_core_start(dev);
5065 if (err) {
5066 b43_wireless_core_exit(dev);
5067 goto out;
5068 }
5069 }
5070 out:
5071 if (err)
5072 wl->current_dev = NULL; /* Failed to init the dev. */
5073 mutex_unlock(&wl->mutex);
5074
5075 if (err) {
5076 b43err(wl, "Controller restart FAILED\n");
5077 return;
5078 }
5079
5080 /* reload configuration */
5081 b43_op_config(wl->hw, ~0);
5082 if (wl->vif)
5083 b43_op_bss_info_changed(wl->hw, wl->vif, &wl->vif->bss_conf, ~0);
5084
5085 b43info(wl, "Controller restarted\n");
5086 }
5087
b43_setup_bands(struct b43_wldev * dev,bool have_2ghz_phy,bool have_5ghz_phy)5088 static int b43_setup_bands(struct b43_wldev *dev,
5089 bool have_2ghz_phy, bool have_5ghz_phy)
5090 {
5091 struct ieee80211_hw *hw = dev->wl->hw;
5092
5093 if (have_2ghz_phy)
5094 hw->wiphy->bands[IEEE80211_BAND_2GHZ] = &b43_band_2GHz;
5095 if (dev->phy.type == B43_PHYTYPE_N) {
5096 if (have_5ghz_phy)
5097 hw->wiphy->bands[IEEE80211_BAND_5GHZ] = &b43_band_5GHz_nphy;
5098 } else {
5099 if (have_5ghz_phy)
5100 hw->wiphy->bands[IEEE80211_BAND_5GHZ] = &b43_band_5GHz_aphy;
5101 }
5102
5103 dev->phy.supports_2ghz = have_2ghz_phy;
5104 dev->phy.supports_5ghz = have_5ghz_phy;
5105
5106 return 0;
5107 }
5108
b43_wireless_core_detach(struct b43_wldev * dev)5109 static void b43_wireless_core_detach(struct b43_wldev *dev)
5110 {
5111 /* We release firmware that late to not be required to re-request
5112 * is all the time when we reinit the core. */
5113 b43_release_firmware(dev);
5114 b43_phy_free(dev);
5115 }
5116
b43_wireless_core_attach(struct b43_wldev * dev)5117 static int b43_wireless_core_attach(struct b43_wldev *dev)
5118 {
5119 struct b43_wl *wl = dev->wl;
5120 struct pci_dev *pdev = NULL;
5121 int err;
5122 u32 tmp;
5123 bool have_2ghz_phy = false, have_5ghz_phy = false;
5124
5125 /* Do NOT do any device initialization here.
5126 * Do it in wireless_core_init() instead.
5127 * This function is for gathering basic information about the HW, only.
5128 * Also some structs may be set up here. But most likely you want to have
5129 * that in core_init(), too.
5130 */
5131
5132 #ifdef CONFIG_B43_SSB
5133 if (dev->dev->bus_type == B43_BUS_SSB &&
5134 dev->dev->sdev->bus->bustype == SSB_BUSTYPE_PCI)
5135 pdev = dev->dev->sdev->bus->host_pci;
5136 #endif
5137
5138 err = b43_bus_powerup(dev, 0);
5139 if (err) {
5140 b43err(wl, "Bus powerup failed\n");
5141 goto out;
5142 }
5143
5144 /* Get the PHY type. */
5145 switch (dev->dev->bus_type) {
5146 #ifdef CONFIG_B43_BCMA
5147 case B43_BUS_BCMA:
5148 tmp = bcma_aread32(dev->dev->bdev, BCMA_IOST);
5149 have_2ghz_phy = !!(tmp & B43_BCMA_IOST_2G_PHY);
5150 have_5ghz_phy = !!(tmp & B43_BCMA_IOST_5G_PHY);
5151 break;
5152 #endif
5153 #ifdef CONFIG_B43_SSB
5154 case B43_BUS_SSB:
5155 if (dev->dev->core_rev >= 5) {
5156 tmp = ssb_read32(dev->dev->sdev, SSB_TMSHIGH);
5157 have_2ghz_phy = !!(tmp & B43_TMSHIGH_HAVE_2GHZ_PHY);
5158 have_5ghz_phy = !!(tmp & B43_TMSHIGH_HAVE_5GHZ_PHY);
5159 } else
5160 B43_WARN_ON(1);
5161 break;
5162 #endif
5163 }
5164
5165 dev->phy.gmode = have_2ghz_phy;
5166 dev->phy.radio_on = true;
5167 b43_wireless_core_reset(dev, dev->phy.gmode);
5168
5169 err = b43_phy_versioning(dev);
5170 if (err)
5171 goto err_powerdown;
5172 /* Check if this device supports multiband. */
5173 if (!pdev ||
5174 (pdev->device != 0x4312 &&
5175 pdev->device != 0x4319 && pdev->device != 0x4324)) {
5176 /* No multiband support. */
5177 have_2ghz_phy = false;
5178 have_5ghz_phy = false;
5179 switch (dev->phy.type) {
5180 case B43_PHYTYPE_A:
5181 have_5ghz_phy = true;
5182 break;
5183 case B43_PHYTYPE_LP: //FIXME not always!
5184 #if 0 //FIXME enabling 5GHz causes a NULL pointer dereference
5185 have_5ghz_phy = 1;
5186 #endif
5187 case B43_PHYTYPE_G:
5188 case B43_PHYTYPE_N:
5189 case B43_PHYTYPE_HT:
5190 case B43_PHYTYPE_LCN:
5191 have_2ghz_phy = true;
5192 break;
5193 default:
5194 B43_WARN_ON(1);
5195 }
5196 }
5197 if (dev->phy.type == B43_PHYTYPE_A) {
5198 /* FIXME */
5199 b43err(wl, "IEEE 802.11a devices are unsupported\n");
5200 err = -EOPNOTSUPP;
5201 goto err_powerdown;
5202 }
5203 if (1 /* disable A-PHY */) {
5204 /* FIXME: For now we disable the A-PHY on multi-PHY devices. */
5205 if (dev->phy.type != B43_PHYTYPE_N &&
5206 dev->phy.type != B43_PHYTYPE_LP) {
5207 have_2ghz_phy = true;
5208 have_5ghz_phy = false;
5209 }
5210 }
5211
5212 err = b43_phy_allocate(dev);
5213 if (err)
5214 goto err_powerdown;
5215
5216 dev->phy.gmode = have_2ghz_phy;
5217 b43_wireless_core_reset(dev, dev->phy.gmode);
5218
5219 err = b43_validate_chipaccess(dev);
5220 if (err)
5221 goto err_phy_free;
5222 err = b43_setup_bands(dev, have_2ghz_phy, have_5ghz_phy);
5223 if (err)
5224 goto err_phy_free;
5225
5226 /* Now set some default "current_dev" */
5227 if (!wl->current_dev)
5228 wl->current_dev = dev;
5229 INIT_WORK(&dev->restart_work, b43_chip_reset);
5230
5231 dev->phy.ops->switch_analog(dev, 0);
5232 b43_device_disable(dev, 0);
5233 b43_bus_may_powerdown(dev);
5234
5235 out:
5236 return err;
5237
5238 err_phy_free:
5239 b43_phy_free(dev);
5240 err_powerdown:
5241 b43_bus_may_powerdown(dev);
5242 return err;
5243 }
5244
b43_one_core_detach(struct b43_bus_dev * dev)5245 static void b43_one_core_detach(struct b43_bus_dev *dev)
5246 {
5247 struct b43_wldev *wldev;
5248 struct b43_wl *wl;
5249
5250 /* Do not cancel ieee80211-workqueue based work here.
5251 * See comment in b43_remove(). */
5252
5253 wldev = b43_bus_get_wldev(dev);
5254 wl = wldev->wl;
5255 b43_debugfs_remove_device(wldev);
5256 b43_wireless_core_detach(wldev);
5257 list_del(&wldev->list);
5258 wl->nr_devs--;
5259 b43_bus_set_wldev(dev, NULL);
5260 kfree(wldev);
5261 }
5262
b43_one_core_attach(struct b43_bus_dev * dev,struct b43_wl * wl)5263 static int b43_one_core_attach(struct b43_bus_dev *dev, struct b43_wl *wl)
5264 {
5265 struct b43_wldev *wldev;
5266 int err = -ENOMEM;
5267
5268 wldev = kzalloc(sizeof(*wldev), GFP_KERNEL);
5269 if (!wldev)
5270 goto out;
5271
5272 wldev->use_pio = b43_modparam_pio;
5273 wldev->dev = dev;
5274 wldev->wl = wl;
5275 b43_set_status(wldev, B43_STAT_UNINIT);
5276 wldev->bad_frames_preempt = modparam_bad_frames_preempt;
5277 INIT_LIST_HEAD(&wldev->list);
5278
5279 err = b43_wireless_core_attach(wldev);
5280 if (err)
5281 goto err_kfree_wldev;
5282
5283 list_add(&wldev->list, &wl->devlist);
5284 wl->nr_devs++;
5285 b43_bus_set_wldev(dev, wldev);
5286 b43_debugfs_add_device(wldev);
5287
5288 out:
5289 return err;
5290
5291 err_kfree_wldev:
5292 kfree(wldev);
5293 return err;
5294 }
5295
5296 #define IS_PDEV(pdev, _vendor, _device, _subvendor, _subdevice) ( \
5297 (pdev->vendor == PCI_VENDOR_ID_##_vendor) && \
5298 (pdev->device == _device) && \
5299 (pdev->subsystem_vendor == PCI_VENDOR_ID_##_subvendor) && \
5300 (pdev->subsystem_device == _subdevice) )
5301
b43_sprom_fixup(struct ssb_bus * bus)5302 static void b43_sprom_fixup(struct ssb_bus *bus)
5303 {
5304 struct pci_dev *pdev;
5305
5306 /* boardflags workarounds */
5307 if (bus->boardinfo.vendor == SSB_BOARDVENDOR_DELL &&
5308 bus->chip_id == 0x4301 && bus->sprom.board_rev == 0x74)
5309 bus->sprom.boardflags_lo |= B43_BFL_BTCOEXIST;
5310 if (bus->boardinfo.vendor == PCI_VENDOR_ID_APPLE &&
5311 bus->boardinfo.type == 0x4E && bus->sprom.board_rev > 0x40)
5312 bus->sprom.boardflags_lo |= B43_BFL_PACTRL;
5313 if (bus->bustype == SSB_BUSTYPE_PCI) {
5314 pdev = bus->host_pci;
5315 if (IS_PDEV(pdev, BROADCOM, 0x4318, ASUSTEK, 0x100F) ||
5316 IS_PDEV(pdev, BROADCOM, 0x4320, DELL, 0x0003) ||
5317 IS_PDEV(pdev, BROADCOM, 0x4320, HP, 0x12f8) ||
5318 IS_PDEV(pdev, BROADCOM, 0x4320, LINKSYS, 0x0015) ||
5319 IS_PDEV(pdev, BROADCOM, 0x4320, LINKSYS, 0x0014) ||
5320 IS_PDEV(pdev, BROADCOM, 0x4320, LINKSYS, 0x0013) ||
5321 IS_PDEV(pdev, BROADCOM, 0x4320, MOTOROLA, 0x7010))
5322 bus->sprom.boardflags_lo &= ~B43_BFL_BTCOEXIST;
5323 }
5324 }
5325
b43_wireless_exit(struct b43_bus_dev * dev,struct b43_wl * wl)5326 static void b43_wireless_exit(struct b43_bus_dev *dev, struct b43_wl *wl)
5327 {
5328 struct ieee80211_hw *hw = wl->hw;
5329
5330 ssb_set_devtypedata(dev->sdev, NULL);
5331 ieee80211_free_hw(hw);
5332 }
5333
b43_wireless_init(struct b43_bus_dev * dev)5334 static struct b43_wl *b43_wireless_init(struct b43_bus_dev *dev)
5335 {
5336 struct ssb_sprom *sprom = dev->bus_sprom;
5337 struct ieee80211_hw *hw;
5338 struct b43_wl *wl;
5339 char chip_name[6];
5340 int queue_num;
5341
5342 hw = ieee80211_alloc_hw(sizeof(*wl), &b43_hw_ops);
5343 if (!hw) {
5344 b43err(NULL, "Could not allocate ieee80211 device\n");
5345 return ERR_PTR(-ENOMEM);
5346 }
5347 wl = hw_to_b43_wl(hw);
5348
5349 /* fill hw info */
5350 hw->flags = IEEE80211_HW_RX_INCLUDES_FCS |
5351 IEEE80211_HW_SIGNAL_DBM;
5352
5353 hw->wiphy->interface_modes =
5354 BIT(NL80211_IFTYPE_AP) |
5355 BIT(NL80211_IFTYPE_MESH_POINT) |
5356 BIT(NL80211_IFTYPE_STATION) |
5357 BIT(NL80211_IFTYPE_WDS) |
5358 BIT(NL80211_IFTYPE_ADHOC);
5359
5360 hw->wiphy->flags |= WIPHY_FLAG_IBSS_RSN;
5361
5362 wl->hw_registred = false;
5363 hw->max_rates = 2;
5364 SET_IEEE80211_DEV(hw, dev->dev);
5365 if (is_valid_ether_addr(sprom->et1mac))
5366 SET_IEEE80211_PERM_ADDR(hw, sprom->et1mac);
5367 else
5368 SET_IEEE80211_PERM_ADDR(hw, sprom->il0mac);
5369
5370 /* Initialize struct b43_wl */
5371 wl->hw = hw;
5372 mutex_init(&wl->mutex);
5373 spin_lock_init(&wl->hardirq_lock);
5374 INIT_LIST_HEAD(&wl->devlist);
5375 INIT_WORK(&wl->beacon_update_trigger, b43_beacon_update_trigger_work);
5376 INIT_WORK(&wl->txpower_adjust_work, b43_phy_txpower_adjust_work);
5377 INIT_WORK(&wl->tx_work, b43_tx_work);
5378
5379 /* Initialize queues and flags. */
5380 for (queue_num = 0; queue_num < B43_QOS_QUEUE_NUM; queue_num++) {
5381 skb_queue_head_init(&wl->tx_queue[queue_num]);
5382 wl->tx_queue_stopped[queue_num] = 0;
5383 }
5384
5385 snprintf(chip_name, ARRAY_SIZE(chip_name),
5386 (dev->chip_id > 0x9999) ? "%d" : "%04X", dev->chip_id);
5387 b43info(wl, "Broadcom %s WLAN found (core revision %u)\n", chip_name,
5388 dev->core_rev);
5389 return wl;
5390 }
5391
5392 #ifdef CONFIG_B43_BCMA
b43_bcma_probe(struct bcma_device * core)5393 static int b43_bcma_probe(struct bcma_device *core)
5394 {
5395 struct b43_bus_dev *dev;
5396 struct b43_wl *wl;
5397 int err;
5398
5399 dev = b43_bus_dev_bcma_init(core);
5400 if (!dev)
5401 return -ENODEV;
5402
5403 wl = b43_wireless_init(dev);
5404 if (IS_ERR(wl)) {
5405 err = PTR_ERR(wl);
5406 goto bcma_out;
5407 }
5408
5409 err = b43_one_core_attach(dev, wl);
5410 if (err)
5411 goto bcma_err_wireless_exit;
5412
5413 /* setup and start work to load firmware */
5414 INIT_WORK(&wl->firmware_load, b43_request_firmware);
5415 schedule_work(&wl->firmware_load);
5416
5417 bcma_out:
5418 return err;
5419
5420 bcma_err_wireless_exit:
5421 ieee80211_free_hw(wl->hw);
5422 return err;
5423 }
5424
b43_bcma_remove(struct bcma_device * core)5425 static void b43_bcma_remove(struct bcma_device *core)
5426 {
5427 struct b43_wldev *wldev = bcma_get_drvdata(core);
5428 struct b43_wl *wl = wldev->wl;
5429
5430 /* We must cancel any work here before unregistering from ieee80211,
5431 * as the ieee80211 unreg will destroy the workqueue. */
5432 cancel_work_sync(&wldev->restart_work);
5433 cancel_work_sync(&wl->firmware_load);
5434
5435 B43_WARN_ON(!wl);
5436 if (!wldev->fw.ucode.data)
5437 return; /* NULL if firmware never loaded */
5438 if (wl->current_dev == wldev && wl->hw_registred) {
5439 b43_leds_stop(wldev);
5440 ieee80211_unregister_hw(wl->hw);
5441 }
5442
5443 b43_one_core_detach(wldev->dev);
5444
5445 b43_leds_unregister(wl);
5446
5447 ieee80211_free_hw(wl->hw);
5448 }
5449
5450 static struct bcma_driver b43_bcma_driver = {
5451 .name = KBUILD_MODNAME,
5452 .id_table = b43_bcma_tbl,
5453 .probe = b43_bcma_probe,
5454 .remove = b43_bcma_remove,
5455 };
5456 #endif
5457
5458 #ifdef CONFIG_B43_SSB
5459 static
b43_ssb_probe(struct ssb_device * sdev,const struct ssb_device_id * id)5460 int b43_ssb_probe(struct ssb_device *sdev, const struct ssb_device_id *id)
5461 {
5462 struct b43_bus_dev *dev;
5463 struct b43_wl *wl;
5464 int err;
5465 int first = 0;
5466
5467 dev = b43_bus_dev_ssb_init(sdev);
5468 if (!dev)
5469 return -ENOMEM;
5470
5471 wl = ssb_get_devtypedata(sdev);
5472 if (!wl) {
5473 /* Probing the first core. Must setup common struct b43_wl */
5474 first = 1;
5475 b43_sprom_fixup(sdev->bus);
5476 wl = b43_wireless_init(dev);
5477 if (IS_ERR(wl)) {
5478 err = PTR_ERR(wl);
5479 goto out;
5480 }
5481 ssb_set_devtypedata(sdev, wl);
5482 B43_WARN_ON(ssb_get_devtypedata(sdev) != wl);
5483 }
5484 err = b43_one_core_attach(dev, wl);
5485 if (err)
5486 goto err_wireless_exit;
5487
5488 /* setup and start work to load firmware */
5489 INIT_WORK(&wl->firmware_load, b43_request_firmware);
5490 schedule_work(&wl->firmware_load);
5491
5492 out:
5493 return err;
5494
5495 err_wireless_exit:
5496 if (first)
5497 b43_wireless_exit(dev, wl);
5498 return err;
5499 }
5500
b43_ssb_remove(struct ssb_device * sdev)5501 static void b43_ssb_remove(struct ssb_device *sdev)
5502 {
5503 struct b43_wl *wl = ssb_get_devtypedata(sdev);
5504 struct b43_wldev *wldev = ssb_get_drvdata(sdev);
5505 struct b43_bus_dev *dev = wldev->dev;
5506
5507 /* We must cancel any work here before unregistering from ieee80211,
5508 * as the ieee80211 unreg will destroy the workqueue. */
5509 cancel_work_sync(&wldev->restart_work);
5510 cancel_work_sync(&wl->firmware_load);
5511
5512 B43_WARN_ON(!wl);
5513 if (!wldev->fw.ucode.data)
5514 return; /* NULL if firmware never loaded */
5515 if (wl->current_dev == wldev && wl->hw_registred) {
5516 b43_leds_stop(wldev);
5517 ieee80211_unregister_hw(wl->hw);
5518 }
5519
5520 b43_one_core_detach(dev);
5521
5522 if (list_empty(&wl->devlist)) {
5523 b43_leds_unregister(wl);
5524 /* Last core on the chip unregistered.
5525 * We can destroy common struct b43_wl.
5526 */
5527 b43_wireless_exit(dev, wl);
5528 }
5529 }
5530
5531 static struct ssb_driver b43_ssb_driver = {
5532 .name = KBUILD_MODNAME,
5533 .id_table = b43_ssb_tbl,
5534 .probe = b43_ssb_probe,
5535 .remove = b43_ssb_remove,
5536 };
5537 #endif /* CONFIG_B43_SSB */
5538
5539 /* Perform a hardware reset. This can be called from any context. */
b43_controller_restart(struct b43_wldev * dev,const char * reason)5540 void b43_controller_restart(struct b43_wldev *dev, const char *reason)
5541 {
5542 /* Must avoid requeueing, if we are in shutdown. */
5543 if (b43_status(dev) < B43_STAT_INITIALIZED)
5544 return;
5545 b43info(dev->wl, "Controller RESET (%s) ...\n", reason);
5546 ieee80211_queue_work(dev->wl->hw, &dev->restart_work);
5547 }
5548
b43_print_driverinfo(void)5549 static void b43_print_driverinfo(void)
5550 {
5551 const char *feat_pci = "", *feat_pcmcia = "", *feat_nphy = "",
5552 *feat_leds = "", *feat_sdio = "";
5553
5554 #ifdef CONFIG_B43_PCI_AUTOSELECT
5555 feat_pci = "P";
5556 #endif
5557 #ifdef CONFIG_B43_PCMCIA
5558 feat_pcmcia = "M";
5559 #endif
5560 #ifdef CONFIG_B43_PHY_N
5561 feat_nphy = "N";
5562 #endif
5563 #ifdef CONFIG_B43_LEDS
5564 feat_leds = "L";
5565 #endif
5566 #ifdef CONFIG_B43_SDIO
5567 feat_sdio = "S";
5568 #endif
5569 printk(KERN_INFO "Broadcom 43xx driver loaded "
5570 "[ Features: %s%s%s%s%s ]\n",
5571 feat_pci, feat_pcmcia, feat_nphy,
5572 feat_leds, feat_sdio);
5573 }
5574
b43_init(void)5575 static int __init b43_init(void)
5576 {
5577 int err;
5578
5579 b43_debugfs_init();
5580 err = b43_pcmcia_init();
5581 if (err)
5582 goto err_dfs_exit;
5583 err = b43_sdio_init();
5584 if (err)
5585 goto err_pcmcia_exit;
5586 #ifdef CONFIG_B43_BCMA
5587 err = bcma_driver_register(&b43_bcma_driver);
5588 if (err)
5589 goto err_sdio_exit;
5590 #endif
5591 #ifdef CONFIG_B43_SSB
5592 err = ssb_driver_register(&b43_ssb_driver);
5593 if (err)
5594 goto err_bcma_driver_exit;
5595 #endif
5596 b43_print_driverinfo();
5597
5598 return err;
5599
5600 #ifdef CONFIG_B43_SSB
5601 err_bcma_driver_exit:
5602 #endif
5603 #ifdef CONFIG_B43_BCMA
5604 bcma_driver_unregister(&b43_bcma_driver);
5605 err_sdio_exit:
5606 #endif
5607 b43_sdio_exit();
5608 err_pcmcia_exit:
5609 b43_pcmcia_exit();
5610 err_dfs_exit:
5611 b43_debugfs_exit();
5612 return err;
5613 }
5614
b43_exit(void)5615 static void __exit b43_exit(void)
5616 {
5617 #ifdef CONFIG_B43_SSB
5618 ssb_driver_unregister(&b43_ssb_driver);
5619 #endif
5620 #ifdef CONFIG_B43_BCMA
5621 bcma_driver_unregister(&b43_bcma_driver);
5622 #endif
5623 b43_sdio_exit();
5624 b43_pcmcia_exit();
5625 b43_debugfs_exit();
5626 }
5627
5628 module_init(b43_init)
5629 module_exit(b43_exit)
5630