xref: /openbmc/linux/drivers/net/wireless/atmel/atmel.c (revision ecfb9f40)
1 /*** -*- linux-c -*- **********************************************************
2 
3      Driver for Atmel at76c502 at76c504 and at76c506 wireless cards.
4 
5 	Copyright 2000-2001 ATMEL Corporation.
6 	Copyright 2003-2004 Simon Kelley.
7 
8     This code was developed from version 2.1.1 of the Atmel drivers,
9     released by Atmel corp. under the GPL in December 2002. It also
10     includes code from the Linux aironet drivers (C) Benjamin Reed,
11     and the Linux PCMCIA package, (C) David Hinds and the Linux wireless
12     extensions, (C) Jean Tourrilhes.
13 
14     The firmware module for reading the MAC address of the card comes from
15     net.russotto.AtmelMACFW, written by Matthew T. Russotto and copyright
16     by him. net.russotto.AtmelMACFW is used under the GPL license version 2.
17     This file contains the module in binary form and, under the terms
18     of the GPL, in source form. The source is located at the end of the file.
19 
20     This program is free software; you can redistribute it and/or modify
21     it under the terms of the GNU General Public License as published by
22     the Free Software Foundation; either version 2 of the License, or
23     (at your option) any later version.
24 
25     This software is distributed in the hope that it will be useful,
26     but WITHOUT ANY WARRANTY; without even the implied warranty of
27     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
28     GNU General Public License for more details.
29 
30     You should have received a copy of the GNU General Public License
31     along with Atmel wireless lan drivers; if not, see
32     <http://www.gnu.org/licenses/>.
33 
34     For all queries about this code, please contact the current author,
35     Simon Kelley <simon@thekelleys.org.uk> and not Atmel Corporation.
36 
37     Credit is due to HP UK and Cambridge Online Systems Ltd for supplying
38     hardware used during development of this driver.
39 
40 ******************************************************************************/
41 
42 #include <linux/interrupt.h>
43 
44 #include <linux/kernel.h>
45 #include <linux/ptrace.h>
46 #include <linux/slab.h>
47 #include <linux/string.h>
48 #include <linux/timer.h>
49 #include <asm/byteorder.h>
50 #include <asm/io.h>
51 #include <linux/uaccess.h>
52 #include <linux/module.h>
53 #include <linux/netdevice.h>
54 #include <linux/etherdevice.h>
55 #include <linux/skbuff.h>
56 #include <linux/if_arp.h>
57 #include <linux/ioport.h>
58 #include <linux/fcntl.h>
59 #include <linux/delay.h>
60 #include <linux/wireless.h>
61 #include <net/iw_handler.h>
62 #include <linux/crc32.h>
63 #include <linux/proc_fs.h>
64 #include <linux/seq_file.h>
65 #include <linux/device.h>
66 #include <linux/moduleparam.h>
67 #include <linux/firmware.h>
68 #include <linux/jiffies.h>
69 #include <net/cfg80211.h>
70 #include "atmel.h"
71 
72 #define DRIVER_MAJOR 0
73 #define DRIVER_MINOR 98
74 
75 MODULE_AUTHOR("Simon Kelley");
76 MODULE_DESCRIPTION("Support for Atmel at76c50x 802.11 wireless ethernet cards.");
77 MODULE_LICENSE("GPL");
78 
79 /* The name of the firmware file to be loaded
80    over-rides any automatic selection */
81 static char *firmware = NULL;
82 module_param(firmware, charp, 0);
83 
84 /* table of firmware file names */
85 static struct {
86 	AtmelFWType fw_type;
87 	const char *fw_file;
88 	const char *fw_file_ext;
89 } fw_table[] = {
90 	{ ATMEL_FW_TYPE_502,		"atmel_at76c502",	"bin" },
91 	{ ATMEL_FW_TYPE_502D,		"atmel_at76c502d",	"bin" },
92 	{ ATMEL_FW_TYPE_502E,		"atmel_at76c502e",	"bin" },
93 	{ ATMEL_FW_TYPE_502_3COM,	"atmel_at76c502_3com",	"bin" },
94 	{ ATMEL_FW_TYPE_504,		"atmel_at76c504",	"bin" },
95 	{ ATMEL_FW_TYPE_504_2958,	"atmel_at76c504_2958",	"bin" },
96 	{ ATMEL_FW_TYPE_504A_2958,	"atmel_at76c504a_2958",	"bin" },
97 	{ ATMEL_FW_TYPE_506,		"atmel_at76c506",	"bin" },
98 	{ ATMEL_FW_TYPE_NONE,		NULL,			NULL }
99 };
100 MODULE_FIRMWARE("atmel_at76c502-wpa.bin");
101 MODULE_FIRMWARE("atmel_at76c502.bin");
102 MODULE_FIRMWARE("atmel_at76c502d-wpa.bin");
103 MODULE_FIRMWARE("atmel_at76c502d.bin");
104 MODULE_FIRMWARE("atmel_at76c502e-wpa.bin");
105 MODULE_FIRMWARE("atmel_at76c502e.bin");
106 MODULE_FIRMWARE("atmel_at76c502_3com-wpa.bin");
107 MODULE_FIRMWARE("atmel_at76c502_3com.bin");
108 MODULE_FIRMWARE("atmel_at76c504-wpa.bin");
109 MODULE_FIRMWARE("atmel_at76c504.bin");
110 MODULE_FIRMWARE("atmel_at76c504_2958-wpa.bin");
111 MODULE_FIRMWARE("atmel_at76c504_2958.bin");
112 MODULE_FIRMWARE("atmel_at76c504a_2958-wpa.bin");
113 MODULE_FIRMWARE("atmel_at76c504a_2958.bin");
114 MODULE_FIRMWARE("atmel_at76c506-wpa.bin");
115 MODULE_FIRMWARE("atmel_at76c506.bin");
116 
117 #define MAX_SSID_LENGTH 32
118 #define MGMT_JIFFIES (256 * HZ / 100)
119 
120 #define MAX_BSS_ENTRIES	64
121 
122 /* registers */
123 #define GCR  0x00    /* (SIR0)  General Configuration Register */
124 #define BSR  0x02    /* (SIR1)  Bank Switching Select Register */
125 #define AR   0x04
126 #define DR   0x08
127 #define MR1  0x12    /* Mirror Register 1 */
128 #define MR2  0x14    /* Mirror Register 2 */
129 #define MR3  0x16    /* Mirror Register 3 */
130 #define MR4  0x18    /* Mirror Register 4 */
131 
132 #define GPR1                            0x0c
133 #define GPR2                            0x0e
134 #define GPR3                            0x10
135 /*
136  * Constants for the GCR register.
137  */
138 #define GCR_REMAP     0x0400          /* Remap internal SRAM to 0 */
139 #define GCR_SWRES     0x0080          /* BIU reset (ARM and PAI are NOT reset) */
140 #define GCR_CORES     0x0060          /* Core Reset (ARM and PAI are reset) */
141 #define GCR_ENINT     0x0002          /* Enable Interrupts */
142 #define GCR_ACKINT    0x0008          /* Acknowledge Interrupts */
143 
144 #define BSS_SRAM      0x0200          /* AMBA module selection --> SRAM */
145 #define BSS_IRAM      0x0100          /* AMBA module selection --> IRAM */
146 /*
147  *Constants for the MR registers.
148  */
149 #define MAC_INIT_COMPLETE       0x0001        /* MAC init has been completed */
150 #define MAC_BOOT_COMPLETE       0x0010        /* MAC boot has been completed */
151 #define MAC_INIT_OK             0x0002        /* MAC boot has been completed */
152 
153 #define MIB_MAX_DATA_BYTES    212
154 #define MIB_HEADER_SIZE       4    /* first four fields */
155 
156 struct get_set_mib {
157 	u8 type;
158 	u8 size;
159 	u8 index;
160 	u8 reserved;
161 	u8 data[MIB_MAX_DATA_BYTES];
162 };
163 
164 struct rx_desc {
165 	u32          Next;
166 	u16          MsduPos;
167 	u16          MsduSize;
168 
169 	u8           State;
170 	u8           Status;
171 	u8           Rate;
172 	u8           Rssi;
173 	u8           LinkQuality;
174 	u8           PreambleType;
175 	u16          Duration;
176 	u32          RxTime;
177 };
178 
179 #define RX_DESC_FLAG_VALID       0x80
180 #define RX_DESC_FLAG_CONSUMED    0x40
181 #define RX_DESC_FLAG_IDLE        0x00
182 
183 #define RX_STATUS_SUCCESS        0x00
184 
185 #define RX_DESC_MSDU_POS_OFFSET      4
186 #define RX_DESC_MSDU_SIZE_OFFSET     6
187 #define RX_DESC_FLAGS_OFFSET         8
188 #define RX_DESC_STATUS_OFFSET        9
189 #define RX_DESC_RSSI_OFFSET          11
190 #define RX_DESC_LINK_QUALITY_OFFSET  12
191 #define RX_DESC_PREAMBLE_TYPE_OFFSET 13
192 #define RX_DESC_DURATION_OFFSET      14
193 #define RX_DESC_RX_TIME_OFFSET       16
194 
195 struct tx_desc {
196 	u32       NextDescriptor;
197 	u16       TxStartOfFrame;
198 	u16       TxLength;
199 
200 	u8        TxState;
201 	u8        TxStatus;
202 	u8        RetryCount;
203 
204 	u8        TxRate;
205 
206 	u8        KeyIndex;
207 	u8        ChiperType;
208 	u8        ChipreLength;
209 	u8        Reserved1;
210 
211 	u8        Reserved;
212 	u8        PacketType;
213 	u16       HostTxLength;
214 };
215 
216 #define TX_DESC_NEXT_OFFSET          0
217 #define TX_DESC_POS_OFFSET           4
218 #define TX_DESC_SIZE_OFFSET          6
219 #define TX_DESC_FLAGS_OFFSET         8
220 #define TX_DESC_STATUS_OFFSET        9
221 #define TX_DESC_RETRY_OFFSET         10
222 #define TX_DESC_RATE_OFFSET          11
223 #define TX_DESC_KEY_INDEX_OFFSET     12
224 #define TX_DESC_CIPHER_TYPE_OFFSET   13
225 #define TX_DESC_CIPHER_LENGTH_OFFSET 14
226 #define TX_DESC_PACKET_TYPE_OFFSET   17
227 #define TX_DESC_HOST_LENGTH_OFFSET   18
228 
229 /*
230  * Host-MAC interface
231  */
232 
233 #define TX_STATUS_SUCCESS       0x00
234 
235 #define TX_FIRM_OWN             0x80
236 #define TX_DONE                 0x40
237 
238 #define TX_ERROR                0x01
239 
240 #define TX_PACKET_TYPE_DATA     0x01
241 #define TX_PACKET_TYPE_MGMT     0x02
242 
243 #define ISR_EMPTY               0x00        /* no bits set in ISR */
244 #define ISR_TxCOMPLETE          0x01        /* packet transmitted */
245 #define ISR_RxCOMPLETE          0x02        /* packet received */
246 #define ISR_RxFRAMELOST         0x04        /* Rx Frame lost */
247 #define ISR_FATAL_ERROR         0x08        /* Fatal error */
248 #define ISR_COMMAND_COMPLETE    0x10        /* command completed */
249 #define ISR_OUT_OF_RANGE        0x20        /* command completed */
250 #define ISR_IBSS_MERGE          0x40        /* (4.1.2.30): IBSS merge */
251 #define ISR_GENERIC_IRQ         0x80
252 
253 #define Local_Mib_Type          0x01
254 #define Mac_Address_Mib_Type    0x02
255 #define Mac_Mib_Type            0x03
256 #define Statistics_Mib_Type     0x04
257 #define Mac_Mgmt_Mib_Type       0x05
258 #define Mac_Wep_Mib_Type        0x06
259 #define Phy_Mib_Type            0x07
260 #define Multi_Domain_MIB        0x08
261 
262 #define MAC_MGMT_MIB_CUR_BSSID_POS            14
263 #define MAC_MIB_FRAG_THRESHOLD_POS            8
264 #define MAC_MIB_RTS_THRESHOLD_POS             10
265 #define MAC_MIB_SHORT_RETRY_POS               16
266 #define MAC_MIB_LONG_RETRY_POS                17
267 #define MAC_MIB_SHORT_RETRY_LIMIT_POS         16
268 #define MAC_MGMT_MIB_BEACON_PER_POS           0
269 #define MAC_MGMT_MIB_STATION_ID_POS           6
270 #define MAC_MGMT_MIB_CUR_PRIVACY_POS          11
271 #define MAC_MGMT_MIB_CUR_BSSID_POS            14
272 #define MAC_MGMT_MIB_PS_MODE_POS              53
273 #define MAC_MGMT_MIB_LISTEN_INTERVAL_POS      54
274 #define MAC_MGMT_MIB_MULTI_DOMAIN_IMPLEMENTED 56
275 #define MAC_MGMT_MIB_MULTI_DOMAIN_ENABLED     57
276 #define PHY_MIB_CHANNEL_POS                   14
277 #define PHY_MIB_RATE_SET_POS                  20
278 #define PHY_MIB_REG_DOMAIN_POS                26
279 #define LOCAL_MIB_AUTO_TX_RATE_POS            3
280 #define LOCAL_MIB_SSID_SIZE                   5
281 #define LOCAL_MIB_TX_PROMISCUOUS_POS          6
282 #define LOCAL_MIB_TX_MGMT_RATE_POS            7
283 #define LOCAL_MIB_TX_CONTROL_RATE_POS         8
284 #define LOCAL_MIB_PREAMBLE_TYPE               9
285 #define MAC_ADDR_MIB_MAC_ADDR_POS             0
286 
287 #define         CMD_Set_MIB_Vars              0x01
288 #define         CMD_Get_MIB_Vars              0x02
289 #define         CMD_Scan                      0x03
290 #define         CMD_Join                      0x04
291 #define         CMD_Start                     0x05
292 #define         CMD_EnableRadio               0x06
293 #define         CMD_DisableRadio              0x07
294 #define         CMD_SiteSurvey                0x0B
295 
296 #define         CMD_STATUS_IDLE                   0x00
297 #define         CMD_STATUS_COMPLETE               0x01
298 #define         CMD_STATUS_UNKNOWN                0x02
299 #define         CMD_STATUS_INVALID_PARAMETER      0x03
300 #define         CMD_STATUS_FUNCTION_NOT_SUPPORTED 0x04
301 #define         CMD_STATUS_TIME_OUT               0x07
302 #define         CMD_STATUS_IN_PROGRESS            0x08
303 #define         CMD_STATUS_REJECTED_RADIO_OFF     0x09
304 #define         CMD_STATUS_HOST_ERROR             0xFF
305 #define         CMD_STATUS_BUSY                   0xFE
306 
307 #define CMD_BLOCK_COMMAND_OFFSET        0
308 #define CMD_BLOCK_STATUS_OFFSET         1
309 #define CMD_BLOCK_PARAMETERS_OFFSET     4
310 
311 #define SCAN_OPTIONS_SITE_SURVEY        0x80
312 
313 #define MGMT_FRAME_BODY_OFFSET		24
314 #define MAX_AUTHENTICATION_RETRIES	3
315 #define MAX_ASSOCIATION_RETRIES		3
316 
317 #define AUTHENTICATION_RESPONSE_TIME_OUT  1000
318 
319 #define MAX_WIRELESS_BODY  2316 /* mtu is 2312, CRC is 4 */
320 #define LOOP_RETRY_LIMIT   500000
321 
322 #define ACTIVE_MODE	1
323 #define PS_MODE		2
324 
325 #define MAX_ENCRYPTION_KEYS 4
326 #define MAX_ENCRYPTION_KEY_SIZE 40
327 
328 /*
329  * 802.11 related definitions
330  */
331 
332 /*
333  * Regulatory Domains
334  */
335 
336 #define REG_DOMAIN_FCC		0x10	/* Channels	1-11	USA				*/
337 #define REG_DOMAIN_DOC		0x20	/* Channel	1-11	Canada				*/
338 #define REG_DOMAIN_ETSI		0x30	/* Channel	1-13	Europe (ex Spain/France)	*/
339 #define REG_DOMAIN_SPAIN	0x31	/* Channel	10-11	Spain				*/
340 #define REG_DOMAIN_FRANCE	0x32	/* Channel	10-13	France				*/
341 #define REG_DOMAIN_MKK		0x40	/* Channel	14	Japan				*/
342 #define REG_DOMAIN_MKK1		0x41	/* Channel	1-14	Japan(MKK1)			*/
343 #define REG_DOMAIN_ISRAEL	0x50	/* Channel	3-9	ISRAEL				*/
344 
345 #define BSS_TYPE_AD_HOC		1
346 #define BSS_TYPE_INFRASTRUCTURE 2
347 
348 #define SCAN_TYPE_ACTIVE	0
349 #define SCAN_TYPE_PASSIVE	1
350 
351 #define LONG_PREAMBLE		0
352 #define SHORT_PREAMBLE		1
353 #define AUTO_PREAMBLE		2
354 
355 #define DATA_FRAME_WS_HEADER_SIZE   30
356 
357 /* promiscuous mode control */
358 #define PROM_MODE_OFF			0x0
359 #define PROM_MODE_UNKNOWN		0x1
360 #define PROM_MODE_CRC_FAILED		0x2
361 #define PROM_MODE_DUPLICATED		0x4
362 #define PROM_MODE_MGMT			0x8
363 #define PROM_MODE_CTRL			0x10
364 #define PROM_MODE_BAD_PROTOCOL		0x20
365 
366 #define IFACE_INT_STATUS_OFFSET		0
367 #define IFACE_INT_MASK_OFFSET		1
368 #define IFACE_LOCKOUT_HOST_OFFSET	2
369 #define IFACE_LOCKOUT_MAC_OFFSET	3
370 #define IFACE_FUNC_CTRL_OFFSET		28
371 #define IFACE_MAC_STAT_OFFSET		30
372 #define IFACE_GENERIC_INT_TYPE_OFFSET	32
373 
374 #define CIPHER_SUITE_NONE     0
375 #define CIPHER_SUITE_WEP_64   1
376 #define CIPHER_SUITE_TKIP     2
377 #define CIPHER_SUITE_AES      3
378 #define CIPHER_SUITE_CCX      4
379 #define CIPHER_SUITE_WEP_128  5
380 
381 /*
382  * IFACE MACROS & definitions
383  */
384 
385 /*
386  * FuncCtrl field:
387  */
388 #define FUNC_CTRL_TxENABLE		0x10
389 #define FUNC_CTRL_RxENABLE		0x20
390 #define FUNC_CTRL_INIT_COMPLETE		0x01
391 
392 /* A stub firmware image which reads the MAC address from NVRAM on the card.
393    For copyright information and source see the end of this file. */
394 static u8 mac_reader[] = {
395 	0x06, 0x00, 0x00, 0xea, 0x04, 0x00, 0x00, 0xea, 0x03, 0x00, 0x00, 0xea, 0x02, 0x00, 0x00, 0xea,
396 	0x01, 0x00, 0x00, 0xea, 0x00, 0x00, 0x00, 0xea, 0xff, 0xff, 0xff, 0xea, 0xfe, 0xff, 0xff, 0xea,
397 	0xd3, 0x00, 0xa0, 0xe3, 0x00, 0xf0, 0x21, 0xe1, 0x0e, 0x04, 0xa0, 0xe3, 0x00, 0x10, 0xa0, 0xe3,
398 	0x81, 0x11, 0xa0, 0xe1, 0x00, 0x10, 0x81, 0xe3, 0x00, 0x10, 0x80, 0xe5, 0x1c, 0x10, 0x90, 0xe5,
399 	0x10, 0x10, 0xc1, 0xe3, 0x1c, 0x10, 0x80, 0xe5, 0x01, 0x10, 0xa0, 0xe3, 0x08, 0x10, 0x80, 0xe5,
400 	0x02, 0x03, 0xa0, 0xe3, 0x00, 0x10, 0xa0, 0xe3, 0xb0, 0x10, 0xc0, 0xe1, 0xb4, 0x10, 0xc0, 0xe1,
401 	0xb8, 0x10, 0xc0, 0xe1, 0xbc, 0x10, 0xc0, 0xe1, 0x56, 0xdc, 0xa0, 0xe3, 0x21, 0x00, 0x00, 0xeb,
402 	0x0a, 0x00, 0xa0, 0xe3, 0x1a, 0x00, 0x00, 0xeb, 0x10, 0x00, 0x00, 0xeb, 0x07, 0x00, 0x00, 0xeb,
403 	0x02, 0x03, 0xa0, 0xe3, 0x02, 0x14, 0xa0, 0xe3, 0xb4, 0x10, 0xc0, 0xe1, 0x4c, 0x10, 0x9f, 0xe5,
404 	0xbc, 0x10, 0xc0, 0xe1, 0x10, 0x10, 0xa0, 0xe3, 0xb8, 0x10, 0xc0, 0xe1, 0xfe, 0xff, 0xff, 0xea,
405 	0x00, 0x40, 0x2d, 0xe9, 0x00, 0x20, 0xa0, 0xe3, 0x02, 0x3c, 0xa0, 0xe3, 0x00, 0x10, 0xa0, 0xe3,
406 	0x28, 0x00, 0x9f, 0xe5, 0x37, 0x00, 0x00, 0xeb, 0x00, 0x40, 0xbd, 0xe8, 0x1e, 0xff, 0x2f, 0xe1,
407 	0x00, 0x40, 0x2d, 0xe9, 0x12, 0x2e, 0xa0, 0xe3, 0x06, 0x30, 0xa0, 0xe3, 0x00, 0x10, 0xa0, 0xe3,
408 	0x02, 0x04, 0xa0, 0xe3, 0x2f, 0x00, 0x00, 0xeb, 0x00, 0x40, 0xbd, 0xe8, 0x1e, 0xff, 0x2f, 0xe1,
409 	0x00, 0x02, 0x00, 0x02, 0x80, 0x01, 0x90, 0xe0, 0x01, 0x00, 0x00, 0x0a, 0x01, 0x00, 0x50, 0xe2,
410 	0xfc, 0xff, 0xff, 0xea, 0x1e, 0xff, 0x2f, 0xe1, 0x80, 0x10, 0xa0, 0xe3, 0xf3, 0x06, 0xa0, 0xe3,
411 	0x00, 0x10, 0x80, 0xe5, 0x00, 0x10, 0xa0, 0xe3, 0x00, 0x10, 0x80, 0xe5, 0x01, 0x10, 0xa0, 0xe3,
412 	0x04, 0x10, 0x80, 0xe5, 0x00, 0x10, 0x80, 0xe5, 0x0e, 0x34, 0xa0, 0xe3, 0x1c, 0x10, 0x93, 0xe5,
413 	0x02, 0x1a, 0x81, 0xe3, 0x1c, 0x10, 0x83, 0xe5, 0x58, 0x11, 0x9f, 0xe5, 0x30, 0x10, 0x80, 0xe5,
414 	0x54, 0x11, 0x9f, 0xe5, 0x34, 0x10, 0x80, 0xe5, 0x38, 0x10, 0x80, 0xe5, 0x3c, 0x10, 0x80, 0xe5,
415 	0x10, 0x10, 0x90, 0xe5, 0x08, 0x00, 0x90, 0xe5, 0x1e, 0xff, 0x2f, 0xe1, 0xf3, 0x16, 0xa0, 0xe3,
416 	0x08, 0x00, 0x91, 0xe5, 0x05, 0x00, 0xa0, 0xe3, 0x0c, 0x00, 0x81, 0xe5, 0x10, 0x00, 0x91, 0xe5,
417 	0x02, 0x00, 0x10, 0xe3, 0xfc, 0xff, 0xff, 0x0a, 0xff, 0x00, 0xa0, 0xe3, 0x0c, 0x00, 0x81, 0xe5,
418 	0x10, 0x00, 0x91, 0xe5, 0x02, 0x00, 0x10, 0xe3, 0xfc, 0xff, 0xff, 0x0a, 0x08, 0x00, 0x91, 0xe5,
419 	0x10, 0x00, 0x91, 0xe5, 0x01, 0x00, 0x10, 0xe3, 0xfc, 0xff, 0xff, 0x0a, 0x08, 0x00, 0x91, 0xe5,
420 	0xff, 0x00, 0x00, 0xe2, 0x1e, 0xff, 0x2f, 0xe1, 0x30, 0x40, 0x2d, 0xe9, 0x00, 0x50, 0xa0, 0xe1,
421 	0x03, 0x40, 0xa0, 0xe1, 0xa2, 0x02, 0xa0, 0xe1, 0x08, 0x00, 0x00, 0xe2, 0x03, 0x00, 0x80, 0xe2,
422 	0xd8, 0x10, 0x9f, 0xe5, 0x00, 0x00, 0xc1, 0xe5, 0x01, 0x20, 0xc1, 0xe5, 0xe2, 0xff, 0xff, 0xeb,
423 	0x01, 0x00, 0x10, 0xe3, 0xfc, 0xff, 0xff, 0x1a, 0x14, 0x00, 0xa0, 0xe3, 0xc4, 0xff, 0xff, 0xeb,
424 	0x04, 0x20, 0xa0, 0xe1, 0x05, 0x10, 0xa0, 0xe1, 0x02, 0x00, 0xa0, 0xe3, 0x01, 0x00, 0x00, 0xeb,
425 	0x30, 0x40, 0xbd, 0xe8, 0x1e, 0xff, 0x2f, 0xe1, 0x70, 0x40, 0x2d, 0xe9, 0xf3, 0x46, 0xa0, 0xe3,
426 	0x00, 0x30, 0xa0, 0xe3, 0x00, 0x00, 0x50, 0xe3, 0x08, 0x00, 0x00, 0x9a, 0x8c, 0x50, 0x9f, 0xe5,
427 	0x03, 0x60, 0xd5, 0xe7, 0x0c, 0x60, 0x84, 0xe5, 0x10, 0x60, 0x94, 0xe5, 0x02, 0x00, 0x16, 0xe3,
428 	0xfc, 0xff, 0xff, 0x0a, 0x01, 0x30, 0x83, 0xe2, 0x00, 0x00, 0x53, 0xe1, 0xf7, 0xff, 0xff, 0x3a,
429 	0xff, 0x30, 0xa0, 0xe3, 0x0c, 0x30, 0x84, 0xe5, 0x08, 0x00, 0x94, 0xe5, 0x10, 0x00, 0x94, 0xe5,
430 	0x01, 0x00, 0x10, 0xe3, 0xfc, 0xff, 0xff, 0x0a, 0x08, 0x00, 0x94, 0xe5, 0x00, 0x00, 0xa0, 0xe3,
431 	0x00, 0x00, 0x52, 0xe3, 0x0b, 0x00, 0x00, 0x9a, 0x10, 0x50, 0x94, 0xe5, 0x02, 0x00, 0x15, 0xe3,
432 	0xfc, 0xff, 0xff, 0x0a, 0x0c, 0x30, 0x84, 0xe5, 0x10, 0x50, 0x94, 0xe5, 0x01, 0x00, 0x15, 0xe3,
433 	0xfc, 0xff, 0xff, 0x0a, 0x08, 0x50, 0x94, 0xe5, 0x01, 0x50, 0xc1, 0xe4, 0x01, 0x00, 0x80, 0xe2,
434 	0x02, 0x00, 0x50, 0xe1, 0xf3, 0xff, 0xff, 0x3a, 0xc8, 0x00, 0xa0, 0xe3, 0x98, 0xff, 0xff, 0xeb,
435 	0x70, 0x40, 0xbd, 0xe8, 0x1e, 0xff, 0x2f, 0xe1, 0x01, 0x0c, 0x00, 0x02, 0x01, 0x02, 0x00, 0x02,
436 	0x00, 0x01, 0x00, 0x02
437 };
438 
439 struct atmel_private {
440 	void *card; /* Bus dependent structure varies for PCcard */
441 	int (*present_callback)(void *); /* And callback which uses it */
442 	char firmware_id[32];
443 	AtmelFWType firmware_type;
444 	u8 *firmware;
445 	int firmware_length;
446 	struct timer_list management_timer;
447 	struct net_device *dev;
448 	struct device *sys_dev;
449 	struct iw_statistics wstats;
450 	spinlock_t irqlock, timerlock;	/* spinlocks */
451 	enum { BUS_TYPE_PCCARD, BUS_TYPE_PCI } bus_type;
452 	enum {
453 		CARD_TYPE_PARALLEL_FLASH,
454 		CARD_TYPE_SPI_FLASH,
455 		CARD_TYPE_EEPROM
456 	} card_type;
457 	int do_rx_crc; /* If we need to CRC incoming packets */
458 	int probe_crc; /* set if we don't yet know */
459 	int crc_ok_cnt, crc_ko_cnt; /* counters for probing */
460 	u16 rx_desc_head;
461 	u16 tx_desc_free, tx_desc_head, tx_desc_tail, tx_desc_previous;
462 	u16 tx_free_mem, tx_buff_head, tx_buff_tail;
463 
464 	u16 frag_seq, frag_len, frag_no;
465 	u8 frag_source[6];
466 
467 	u8 wep_is_on, default_key, exclude_unencrypted, encryption_level;
468 	u8 group_cipher_suite, pairwise_cipher_suite;
469 	u8 wep_keys[MAX_ENCRYPTION_KEYS][MAX_ENCRYPTION_KEY_SIZE];
470 	int wep_key_len[MAX_ENCRYPTION_KEYS];
471 	int use_wpa, radio_on_broken; /* firmware dependent stuff. */
472 
473 	u16 host_info_base;
474 	struct host_info_struct {
475 		/* NB this is matched to the hardware, don't change. */
476 		u8 volatile int_status;
477 		u8 volatile int_mask;
478 		u8 volatile lockout_host;
479 		u8 volatile lockout_mac;
480 
481 		u16 tx_buff_pos;
482 		u16 tx_buff_size;
483 		u16 tx_desc_pos;
484 		u16 tx_desc_count;
485 
486 		u16 rx_buff_pos;
487 		u16 rx_buff_size;
488 		u16 rx_desc_pos;
489 		u16 rx_desc_count;
490 
491 		u16 build_version;
492 		u16 command_pos;
493 
494 		u16 major_version;
495 		u16 minor_version;
496 
497 		u16 func_ctrl;
498 		u16 mac_status;
499 		u16 generic_IRQ_type;
500 		u8  reserved[2];
501 	} host_info;
502 
503 	enum {
504 		STATION_STATE_SCANNING,
505 		STATION_STATE_JOINNING,
506 		STATION_STATE_AUTHENTICATING,
507 		STATION_STATE_ASSOCIATING,
508 		STATION_STATE_READY,
509 		STATION_STATE_REASSOCIATING,
510 		STATION_STATE_DOWN,
511 		STATION_STATE_MGMT_ERROR
512 	} station_state;
513 
514 	int operating_mode, power_mode;
515 	unsigned long last_qual;
516 	int beacons_this_sec;
517 	int channel;
518 	int reg_domain, config_reg_domain;
519 	int tx_rate;
520 	int auto_tx_rate;
521 	int rts_threshold;
522 	int frag_threshold;
523 	int long_retry, short_retry;
524 	int preamble;
525 	int default_beacon_period, beacon_period, listen_interval;
526 	int CurrentAuthentTransactionSeqNum, ExpectedAuthentTransactionSeqNum;
527 	int AuthenticationRequestRetryCnt, AssociationRequestRetryCnt, ReAssociationRequestRetryCnt;
528 	enum {
529 		SITE_SURVEY_IDLE,
530 		SITE_SURVEY_IN_PROGRESS,
531 		SITE_SURVEY_COMPLETED
532 	} site_survey_state;
533 	unsigned long last_survey;
534 
535 	int station_was_associated, station_is_associated;
536 	int fast_scan;
537 
538 	struct bss_info {
539 		int channel;
540 		int SSIDsize;
541 		int RSSI;
542 		int UsingWEP;
543 		int preamble;
544 		int beacon_period;
545 		int BSStype;
546 		u8 BSSID[6];
547 		u8 SSID[MAX_SSID_LENGTH];
548 	} BSSinfo[MAX_BSS_ENTRIES];
549 	int BSS_list_entries, current_BSS;
550 	int connect_to_any_BSS;
551 	int SSID_size, new_SSID_size;
552 	u8 CurrentBSSID[6], BSSID[6];
553 	u8 SSID[MAX_SSID_LENGTH], new_SSID[MAX_SSID_LENGTH];
554 	u64 last_beacon_timestamp;
555 	u8 rx_buf[MAX_WIRELESS_BODY];
556 };
557 
558 static u8 atmel_basic_rates[4] = {0x82, 0x84, 0x0b, 0x16};
559 
560 static const struct {
561 	int reg_domain;
562 	int min, max;
563 	char *name;
564 } channel_table[] = { { REG_DOMAIN_FCC, 1, 11, "USA" },
565 		      { REG_DOMAIN_DOC, 1, 11, "Canada" },
566 		      { REG_DOMAIN_ETSI, 1, 13, "Europe" },
567 		      { REG_DOMAIN_SPAIN, 10, 11, "Spain" },
568 		      { REG_DOMAIN_FRANCE, 10, 13, "France" },
569 		      { REG_DOMAIN_MKK, 14, 14, "MKK" },
570 		      { REG_DOMAIN_MKK1, 1, 14, "MKK1" },
571 		      { REG_DOMAIN_ISRAEL, 3, 9, "Israel"} };
572 
573 static void build_wpa_mib(struct atmel_private *priv);
574 static int atmel_ioctl(struct net_device *dev, struct ifreq *rq, int cmd);
575 static void atmel_copy_to_card(struct net_device *dev, u16 dest,
576 			       const unsigned char *src, u16 len);
577 static void atmel_copy_to_host(struct net_device *dev, unsigned char *dest,
578 			       u16 src, u16 len);
579 static void atmel_set_gcr(struct net_device *dev, u16 mask);
580 static void atmel_clear_gcr(struct net_device *dev, u16 mask);
581 static int atmel_lock_mac(struct atmel_private *priv);
582 static void atmel_wmem32(struct atmel_private *priv, u16 pos, u32 data);
583 static void atmel_command_irq(struct atmel_private *priv);
584 static int atmel_validate_channel(struct atmel_private *priv, int channel);
585 static void atmel_management_frame(struct atmel_private *priv,
586 				   struct ieee80211_hdr *header,
587 				   u16 frame_len, u8 rssi);
588 static void atmel_management_timer(struct timer_list *t);
589 static void atmel_send_command(struct atmel_private *priv, int command,
590 			       void *cmd, int cmd_size);
591 static int atmel_send_command_wait(struct atmel_private *priv, int command,
592 				   void *cmd, int cmd_size);
593 static void atmel_transmit_management_frame(struct atmel_private *priv,
594 					    struct ieee80211_hdr *header,
595 					    u8 *body, int body_len);
596 
597 static u8 atmel_get_mib8(struct atmel_private *priv, u8 type, u8 index);
598 static void atmel_set_mib8(struct atmel_private *priv, u8 type, u8 index,
599 			   u8 data);
600 static void atmel_set_mib16(struct atmel_private *priv, u8 type, u8 index,
601 			    u16 data);
602 static void atmel_set_mib(struct atmel_private *priv, u8 type, u8 index,
603 			  const u8 *data, int data_len);
604 static void atmel_get_mib(struct atmel_private *priv, u8 type, u8 index,
605 			  u8 *data, int data_len);
606 static void atmel_scan(struct atmel_private *priv, int specific_ssid);
607 static void atmel_join_bss(struct atmel_private *priv, int bss_index);
608 static void atmel_smooth_qual(struct atmel_private *priv);
609 static void atmel_writeAR(struct net_device *dev, u16 data);
610 static int probe_atmel_card(struct net_device *dev);
611 static int reset_atmel_card(struct net_device *dev);
612 static void atmel_enter_state(struct atmel_private *priv, int new_state);
613 int atmel_open (struct net_device *dev);
614 
615 static inline u16 atmel_hi(struct atmel_private *priv, u16 offset)
616 {
617 	return priv->host_info_base + offset;
618 }
619 
620 static inline u16 atmel_co(struct atmel_private *priv, u16 offset)
621 {
622 	return priv->host_info.command_pos + offset;
623 }
624 
625 static inline u16 atmel_rx(struct atmel_private *priv, u16 offset, u16 desc)
626 {
627 	return priv->host_info.rx_desc_pos + (sizeof(struct rx_desc) * desc) + offset;
628 }
629 
630 static inline u16 atmel_tx(struct atmel_private *priv, u16 offset, u16 desc)
631 {
632 	return priv->host_info.tx_desc_pos + (sizeof(struct tx_desc) * desc) + offset;
633 }
634 
635 static inline u8 atmel_read8(struct net_device *dev, u16 offset)
636 {
637 	return inb(dev->base_addr + offset);
638 }
639 
640 static inline void atmel_write8(struct net_device *dev, u16 offset, u8 data)
641 {
642 	outb(data, dev->base_addr + offset);
643 }
644 
645 static inline u16 atmel_read16(struct net_device *dev, u16 offset)
646 {
647 	return inw(dev->base_addr + offset);
648 }
649 
650 static inline void atmel_write16(struct net_device *dev, u16 offset, u16 data)
651 {
652 	outw(data, dev->base_addr + offset);
653 }
654 
655 static inline u8 atmel_rmem8(struct atmel_private *priv, u16 pos)
656 {
657 	atmel_writeAR(priv->dev, pos);
658 	return atmel_read8(priv->dev, DR);
659 }
660 
661 static inline void atmel_wmem8(struct atmel_private *priv, u16 pos, u16 data)
662 {
663 	atmel_writeAR(priv->dev, pos);
664 	atmel_write8(priv->dev, DR, data);
665 }
666 
667 static inline u16 atmel_rmem16(struct atmel_private *priv, u16 pos)
668 {
669 	atmel_writeAR(priv->dev, pos);
670 	return atmel_read16(priv->dev, DR);
671 }
672 
673 static inline void atmel_wmem16(struct atmel_private *priv, u16 pos, u16 data)
674 {
675 	atmel_writeAR(priv->dev, pos);
676 	atmel_write16(priv->dev, DR, data);
677 }
678 
679 static const struct iw_handler_def atmel_handler_def;
680 
681 static void tx_done_irq(struct atmel_private *priv)
682 {
683 	int i;
684 
685 	for (i = 0;
686 	     atmel_rmem8(priv, atmel_tx(priv, TX_DESC_FLAGS_OFFSET, priv->tx_desc_head)) == TX_DONE &&
687 		     i < priv->host_info.tx_desc_count;
688 	     i++) {
689 		u8 status = atmel_rmem8(priv, atmel_tx(priv, TX_DESC_STATUS_OFFSET, priv->tx_desc_head));
690 		u16 msdu_size = atmel_rmem16(priv, atmel_tx(priv, TX_DESC_SIZE_OFFSET, priv->tx_desc_head));
691 		u8 type = atmel_rmem8(priv, atmel_tx(priv, TX_DESC_PACKET_TYPE_OFFSET, priv->tx_desc_head));
692 
693 		atmel_wmem8(priv, atmel_tx(priv, TX_DESC_FLAGS_OFFSET, priv->tx_desc_head), 0);
694 
695 		priv->tx_free_mem += msdu_size;
696 		priv->tx_desc_free++;
697 
698 		if (priv->tx_buff_head + msdu_size > (priv->host_info.tx_buff_pos + priv->host_info.tx_buff_size))
699 			priv->tx_buff_head = 0;
700 		else
701 			priv->tx_buff_head += msdu_size;
702 
703 		if (priv->tx_desc_head < (priv->host_info.tx_desc_count - 1))
704 			priv->tx_desc_head++ ;
705 		else
706 			priv->tx_desc_head = 0;
707 
708 		if (type == TX_PACKET_TYPE_DATA) {
709 			if (status == TX_STATUS_SUCCESS)
710 				priv->dev->stats.tx_packets++;
711 			else
712 				priv->dev->stats.tx_errors++;
713 			netif_wake_queue(priv->dev);
714 		}
715 	}
716 }
717 
718 static u16 find_tx_buff(struct atmel_private *priv, u16 len)
719 {
720 	u16 bottom_free = priv->host_info.tx_buff_size - priv->tx_buff_tail;
721 
722 	if (priv->tx_desc_free == 3 || priv->tx_free_mem < len)
723 		return 0;
724 
725 	if (bottom_free >= len)
726 		return priv->host_info.tx_buff_pos + priv->tx_buff_tail;
727 
728 	if (priv->tx_free_mem - bottom_free >= len) {
729 		priv->tx_buff_tail = 0;
730 		return priv->host_info.tx_buff_pos;
731 	}
732 
733 	return 0;
734 }
735 
736 static void tx_update_descriptor(struct atmel_private *priv, int is_bcast,
737 				 u16 len, u16 buff, u8 type)
738 {
739 	atmel_wmem16(priv, atmel_tx(priv, TX_DESC_POS_OFFSET, priv->tx_desc_tail), buff);
740 	atmel_wmem16(priv, atmel_tx(priv, TX_DESC_SIZE_OFFSET, priv->tx_desc_tail), len);
741 	if (!priv->use_wpa)
742 		atmel_wmem16(priv, atmel_tx(priv, TX_DESC_HOST_LENGTH_OFFSET, priv->tx_desc_tail), len);
743 	atmel_wmem8(priv, atmel_tx(priv, TX_DESC_PACKET_TYPE_OFFSET, priv->tx_desc_tail), type);
744 	atmel_wmem8(priv, atmel_tx(priv, TX_DESC_RATE_OFFSET, priv->tx_desc_tail), priv->tx_rate);
745 	atmel_wmem8(priv, atmel_tx(priv, TX_DESC_RETRY_OFFSET, priv->tx_desc_tail), 0);
746 	if (priv->use_wpa) {
747 		int cipher_type, cipher_length;
748 		if (is_bcast) {
749 			cipher_type = priv->group_cipher_suite;
750 			if (cipher_type == CIPHER_SUITE_WEP_64 ||
751 			    cipher_type == CIPHER_SUITE_WEP_128)
752 				cipher_length = 8;
753 			else if (cipher_type == CIPHER_SUITE_TKIP)
754 				cipher_length = 12;
755 			else if (priv->pairwise_cipher_suite == CIPHER_SUITE_WEP_64 ||
756 				 priv->pairwise_cipher_suite == CIPHER_SUITE_WEP_128) {
757 				cipher_type = priv->pairwise_cipher_suite;
758 				cipher_length = 8;
759 			} else {
760 				cipher_type = CIPHER_SUITE_NONE;
761 				cipher_length = 0;
762 			}
763 		} else {
764 			cipher_type = priv->pairwise_cipher_suite;
765 			if (cipher_type == CIPHER_SUITE_WEP_64 ||
766 			    cipher_type == CIPHER_SUITE_WEP_128)
767 				cipher_length = 8;
768 			else if (cipher_type == CIPHER_SUITE_TKIP)
769 				cipher_length = 12;
770 			else if (priv->group_cipher_suite == CIPHER_SUITE_WEP_64 ||
771 				 priv->group_cipher_suite == CIPHER_SUITE_WEP_128) {
772 				cipher_type = priv->group_cipher_suite;
773 				cipher_length = 8;
774 			} else {
775 				cipher_type = CIPHER_SUITE_NONE;
776 				cipher_length = 0;
777 			}
778 		}
779 
780 		atmel_wmem8(priv, atmel_tx(priv, TX_DESC_CIPHER_TYPE_OFFSET, priv->tx_desc_tail),
781 			    cipher_type);
782 		atmel_wmem8(priv, atmel_tx(priv, TX_DESC_CIPHER_LENGTH_OFFSET, priv->tx_desc_tail),
783 			    cipher_length);
784 	}
785 	atmel_wmem32(priv, atmel_tx(priv, TX_DESC_NEXT_OFFSET, priv->tx_desc_tail), 0x80000000L);
786 	atmel_wmem8(priv, atmel_tx(priv, TX_DESC_FLAGS_OFFSET, priv->tx_desc_tail), TX_FIRM_OWN);
787 	if (priv->tx_desc_previous != priv->tx_desc_tail)
788 		atmel_wmem32(priv, atmel_tx(priv, TX_DESC_NEXT_OFFSET, priv->tx_desc_previous), 0);
789 	priv->tx_desc_previous = priv->tx_desc_tail;
790 	if (priv->tx_desc_tail < (priv->host_info.tx_desc_count - 1))
791 		priv->tx_desc_tail++;
792 	else
793 		priv->tx_desc_tail = 0;
794 	priv->tx_desc_free--;
795 	priv->tx_free_mem -= len;
796 }
797 
798 static netdev_tx_t start_tx(struct sk_buff *skb, struct net_device *dev)
799 {
800 	struct atmel_private *priv = netdev_priv(dev);
801 	struct ieee80211_hdr header;
802 	unsigned long flags;
803 	u16 buff, frame_ctl, len = (ETH_ZLEN < skb->len) ? skb->len : ETH_ZLEN;
804 
805 	if (priv->card && priv->present_callback &&
806 	    !(*priv->present_callback)(priv->card)) {
807 		dev->stats.tx_errors++;
808 		dev_kfree_skb(skb);
809 		return NETDEV_TX_OK;
810 	}
811 
812 	if (priv->station_state != STATION_STATE_READY) {
813 		dev->stats.tx_errors++;
814 		dev_kfree_skb(skb);
815 		return NETDEV_TX_OK;
816 	}
817 
818 	/* first ensure the timer func cannot run */
819 	spin_lock_bh(&priv->timerlock);
820 	/* then stop the hardware ISR */
821 	spin_lock_irqsave(&priv->irqlock, flags);
822 	/* nb doing the above in the opposite order will deadlock */
823 
824 	/* The Wireless Header is 30 bytes. In the Ethernet packet we "cut" the
825 	   12 first bytes (containing DA/SA) and put them in the appropriate
826 	   fields of the Wireless Header. Thus the packet length is then the
827 	   initial + 18 (+30-12) */
828 
829 	if (!(buff = find_tx_buff(priv, len + 18))) {
830 		dev->stats.tx_dropped++;
831 		spin_unlock_irqrestore(&priv->irqlock, flags);
832 		spin_unlock_bh(&priv->timerlock);
833 		netif_stop_queue(dev);
834 		return NETDEV_TX_BUSY;
835 	}
836 
837 	frame_ctl = IEEE80211_FTYPE_DATA;
838 	header.duration_id = 0;
839 	header.seq_ctrl = 0;
840 	if (priv->wep_is_on)
841 		frame_ctl |= IEEE80211_FCTL_PROTECTED;
842 	if (priv->operating_mode == IW_MODE_ADHOC) {
843 		skb_copy_from_linear_data(skb, &header.addr1, ETH_ALEN);
844 		memcpy(&header.addr2, dev->dev_addr, ETH_ALEN);
845 		memcpy(&header.addr3, priv->BSSID, ETH_ALEN);
846 	} else {
847 		frame_ctl |= IEEE80211_FCTL_TODS;
848 		memcpy(&header.addr1, priv->CurrentBSSID, ETH_ALEN);
849 		memcpy(&header.addr2, dev->dev_addr, ETH_ALEN);
850 		skb_copy_from_linear_data(skb, &header.addr3, ETH_ALEN);
851 	}
852 
853 	if (priv->use_wpa)
854 		memcpy(&header.addr4, rfc1042_header, ETH_ALEN);
855 
856 	header.frame_control = cpu_to_le16(frame_ctl);
857 	/* Copy the wireless header into the card */
858 	atmel_copy_to_card(dev, buff, (unsigned char *)&header, DATA_FRAME_WS_HEADER_SIZE);
859 	/* Copy the packet sans its 802.3 header addresses which have been replaced */
860 	atmel_copy_to_card(dev, buff + DATA_FRAME_WS_HEADER_SIZE, skb->data + 12, len - 12);
861 	priv->tx_buff_tail += len - 12 + DATA_FRAME_WS_HEADER_SIZE;
862 
863 	/* low bit of first byte of destination tells us if broadcast */
864 	tx_update_descriptor(priv, *(skb->data) & 0x01, len + 18, buff, TX_PACKET_TYPE_DATA);
865 	dev->stats.tx_bytes += len;
866 
867 	spin_unlock_irqrestore(&priv->irqlock, flags);
868 	spin_unlock_bh(&priv->timerlock);
869 	dev_kfree_skb(skb);
870 
871 	return NETDEV_TX_OK;
872 }
873 
874 static void atmel_transmit_management_frame(struct atmel_private *priv,
875 					    struct ieee80211_hdr *header,
876 					    u8 *body, int body_len)
877 {
878 	u16 buff;
879 	int len = MGMT_FRAME_BODY_OFFSET + body_len;
880 
881 	if (!(buff = find_tx_buff(priv, len)))
882 		return;
883 
884 	atmel_copy_to_card(priv->dev, buff, (u8 *)header, MGMT_FRAME_BODY_OFFSET);
885 	atmel_copy_to_card(priv->dev, buff + MGMT_FRAME_BODY_OFFSET, body, body_len);
886 	priv->tx_buff_tail += len;
887 	tx_update_descriptor(priv, header->addr1[0] & 0x01, len, buff, TX_PACKET_TYPE_MGMT);
888 }
889 
890 static void fast_rx_path(struct atmel_private *priv,
891 			 struct ieee80211_hdr *header,
892 			 u16 msdu_size, u16 rx_packet_loc, u32 crc)
893 {
894 	/* fast path: unfragmented packet copy directly into skbuf */
895 	u8 mac4[6];
896 	struct sk_buff	*skb;
897 	unsigned char *skbp;
898 
899 	/* get the final, mac 4 header field, this tells us encapsulation */
900 	atmel_copy_to_host(priv->dev, mac4, rx_packet_loc + 24, 6);
901 	msdu_size -= 6;
902 
903 	if (priv->do_rx_crc) {
904 		crc = crc32_le(crc, mac4, 6);
905 		msdu_size -= 4;
906 	}
907 
908 	if (!(skb = dev_alloc_skb(msdu_size + 14))) {
909 		priv->dev->stats.rx_dropped++;
910 		return;
911 	}
912 
913 	skb_reserve(skb, 2);
914 	skbp = skb_put(skb, msdu_size + 12);
915 	atmel_copy_to_host(priv->dev, skbp + 12, rx_packet_loc + 30, msdu_size);
916 
917 	if (priv->do_rx_crc) {
918 		u32 netcrc;
919 		crc = crc32_le(crc, skbp + 12, msdu_size);
920 		atmel_copy_to_host(priv->dev, (void *)&netcrc, rx_packet_loc + 30 + msdu_size, 4);
921 		if ((crc ^ 0xffffffff) != netcrc) {
922 			priv->dev->stats.rx_crc_errors++;
923 			dev_kfree_skb(skb);
924 			return;
925 		}
926 	}
927 
928 	memcpy(skbp, header->addr1, ETH_ALEN); /* destination address */
929 	if (le16_to_cpu(header->frame_control) & IEEE80211_FCTL_FROMDS)
930 		memcpy(&skbp[ETH_ALEN], header->addr3, ETH_ALEN);
931 	else
932 		memcpy(&skbp[ETH_ALEN], header->addr2, ETH_ALEN); /* source address */
933 
934 	skb->protocol = eth_type_trans(skb, priv->dev);
935 	skb->ip_summed = CHECKSUM_NONE;
936 	netif_rx(skb);
937 	priv->dev->stats.rx_bytes += 12 + msdu_size;
938 	priv->dev->stats.rx_packets++;
939 }
940 
941 /* Test to see if the packet in card memory at packet_loc has a valid CRC
942    It doesn't matter that this is slow: it is only used to proble the first few
943    packets. */
944 static int probe_crc(struct atmel_private *priv, u16 packet_loc, u16 msdu_size)
945 {
946 	int i = msdu_size - 4;
947 	u32 netcrc, crc = 0xffffffff;
948 
949 	if (msdu_size < 4)
950 		return 0;
951 
952 	atmel_copy_to_host(priv->dev, (void *)&netcrc, packet_loc + i, 4);
953 
954 	atmel_writeAR(priv->dev, packet_loc);
955 	while (i--) {
956 		u8 octet = atmel_read8(priv->dev, DR);
957 		crc = crc32_le(crc, &octet, 1);
958 	}
959 
960 	return (crc ^ 0xffffffff) == netcrc;
961 }
962 
963 static void frag_rx_path(struct atmel_private *priv,
964 			 struct ieee80211_hdr *header,
965 			 u16 msdu_size, u16 rx_packet_loc, u32 crc, u16 seq_no,
966 			 u8 frag_no, int more_frags)
967 {
968 	u8 mac4[ETH_ALEN];
969 	u8 source[ETH_ALEN];
970 	struct sk_buff *skb;
971 
972 	if (le16_to_cpu(header->frame_control) & IEEE80211_FCTL_FROMDS)
973 		memcpy(source, header->addr3, ETH_ALEN);
974 	else
975 		memcpy(source, header->addr2, ETH_ALEN);
976 
977 	rx_packet_loc += 24; /* skip header */
978 
979 	if (priv->do_rx_crc)
980 		msdu_size -= 4;
981 
982 	if (frag_no == 0) { /* first fragment */
983 		atmel_copy_to_host(priv->dev, mac4, rx_packet_loc, ETH_ALEN);
984 		msdu_size -= ETH_ALEN;
985 		rx_packet_loc += ETH_ALEN;
986 
987 		if (priv->do_rx_crc)
988 			crc = crc32_le(crc, mac4, 6);
989 
990 		priv->frag_seq = seq_no;
991 		priv->frag_no = 1;
992 		priv->frag_len = msdu_size;
993 		memcpy(priv->frag_source, source, ETH_ALEN);
994 		memcpy(&priv->rx_buf[ETH_ALEN], source, ETH_ALEN);
995 		memcpy(priv->rx_buf, header->addr1, ETH_ALEN);
996 
997 		atmel_copy_to_host(priv->dev, &priv->rx_buf[12], rx_packet_loc, msdu_size);
998 
999 		if (priv->do_rx_crc) {
1000 			u32 netcrc;
1001 			crc = crc32_le(crc, &priv->rx_buf[12], msdu_size);
1002 			atmel_copy_to_host(priv->dev, (void *)&netcrc, rx_packet_loc + msdu_size, 4);
1003 			if ((crc ^ 0xffffffff) != netcrc) {
1004 				priv->dev->stats.rx_crc_errors++;
1005 				eth_broadcast_addr(priv->frag_source);
1006 			}
1007 		}
1008 
1009 	} else if (priv->frag_no == frag_no &&
1010 		   priv->frag_seq == seq_no &&
1011 		   memcmp(priv->frag_source, source, ETH_ALEN) == 0) {
1012 
1013 		atmel_copy_to_host(priv->dev, &priv->rx_buf[12 + priv->frag_len],
1014 				   rx_packet_loc, msdu_size);
1015 		if (priv->do_rx_crc) {
1016 			u32 netcrc;
1017 			crc = crc32_le(crc,
1018 				       &priv->rx_buf[12 + priv->frag_len],
1019 				       msdu_size);
1020 			atmel_copy_to_host(priv->dev, (void *)&netcrc, rx_packet_loc + msdu_size, 4);
1021 			if ((crc ^ 0xffffffff) != netcrc) {
1022 				priv->dev->stats.rx_crc_errors++;
1023 				eth_broadcast_addr(priv->frag_source);
1024 				more_frags = 1; /* don't send broken assembly */
1025 			}
1026 		}
1027 
1028 		priv->frag_len += msdu_size;
1029 		priv->frag_no++;
1030 
1031 		if (!more_frags) { /* last one */
1032 			eth_broadcast_addr(priv->frag_source);
1033 			if (!(skb = dev_alloc_skb(priv->frag_len + 14))) {
1034 				priv->dev->stats.rx_dropped++;
1035 			} else {
1036 				skb_reserve(skb, 2);
1037 				skb_put_data(skb, priv->rx_buf,
1038 				             priv->frag_len + 12);
1039 				skb->protocol = eth_type_trans(skb, priv->dev);
1040 				skb->ip_summed = CHECKSUM_NONE;
1041 				netif_rx(skb);
1042 				priv->dev->stats.rx_bytes += priv->frag_len + 12;
1043 				priv->dev->stats.rx_packets++;
1044 			}
1045 		}
1046 	} else
1047 		priv->wstats.discard.fragment++;
1048 }
1049 
1050 static void rx_done_irq(struct atmel_private *priv)
1051 {
1052 	int i;
1053 	struct ieee80211_hdr header;
1054 
1055 	for (i = 0;
1056 	     atmel_rmem8(priv, atmel_rx(priv, RX_DESC_FLAGS_OFFSET, priv->rx_desc_head)) == RX_DESC_FLAG_VALID &&
1057 		     i < priv->host_info.rx_desc_count;
1058 	     i++) {
1059 
1060 		u16 msdu_size, rx_packet_loc, frame_ctl, seq_control;
1061 		u8 status = atmel_rmem8(priv, atmel_rx(priv, RX_DESC_STATUS_OFFSET, priv->rx_desc_head));
1062 		u32 crc = 0xffffffff;
1063 
1064 		if (status != RX_STATUS_SUCCESS) {
1065 			if (status == 0xc1) /* determined by experiment */
1066 				priv->wstats.discard.nwid++;
1067 			else
1068 				priv->dev->stats.rx_errors++;
1069 			goto next;
1070 		}
1071 
1072 		msdu_size = atmel_rmem16(priv, atmel_rx(priv, RX_DESC_MSDU_SIZE_OFFSET, priv->rx_desc_head));
1073 		rx_packet_loc = atmel_rmem16(priv, atmel_rx(priv, RX_DESC_MSDU_POS_OFFSET, priv->rx_desc_head));
1074 
1075 		if (msdu_size < 30) {
1076 			priv->dev->stats.rx_errors++;
1077 			goto next;
1078 		}
1079 
1080 		/* Get header as far as end of seq_ctrl */
1081 		atmel_copy_to_host(priv->dev, (char *)&header, rx_packet_loc, 24);
1082 		frame_ctl = le16_to_cpu(header.frame_control);
1083 		seq_control = le16_to_cpu(header.seq_ctrl);
1084 
1085 		/* probe for CRC use here if needed  once five packets have
1086 		   arrived with the same crc status, we assume we know what's
1087 		   happening and stop probing */
1088 		if (priv->probe_crc) {
1089 			if (!priv->wep_is_on || !(frame_ctl & IEEE80211_FCTL_PROTECTED)) {
1090 				priv->do_rx_crc = probe_crc(priv, rx_packet_loc, msdu_size);
1091 			} else {
1092 				priv->do_rx_crc = probe_crc(priv, rx_packet_loc + 24, msdu_size - 24);
1093 			}
1094 			if (priv->do_rx_crc) {
1095 				if (priv->crc_ok_cnt++ > 5)
1096 					priv->probe_crc = 0;
1097 			} else {
1098 				if (priv->crc_ko_cnt++ > 5)
1099 					priv->probe_crc = 0;
1100 			}
1101 		}
1102 
1103 		/* don't CRC header when WEP in use */
1104 		if (priv->do_rx_crc && (!priv->wep_is_on || !(frame_ctl & IEEE80211_FCTL_PROTECTED))) {
1105 			crc = crc32_le(0xffffffff, (unsigned char *)&header, 24);
1106 		}
1107 		msdu_size -= 24; /* header */
1108 
1109 		if ((frame_ctl & IEEE80211_FCTL_FTYPE) == IEEE80211_FTYPE_DATA) {
1110 			int more_fragments = frame_ctl & IEEE80211_FCTL_MOREFRAGS;
1111 			u8 packet_fragment_no = seq_control & IEEE80211_SCTL_FRAG;
1112 			u16 packet_sequence_no = (seq_control & IEEE80211_SCTL_SEQ) >> 4;
1113 
1114 			if (!more_fragments && packet_fragment_no == 0) {
1115 				fast_rx_path(priv, &header, msdu_size, rx_packet_loc, crc);
1116 			} else {
1117 				frag_rx_path(priv, &header, msdu_size, rx_packet_loc, crc,
1118 					     packet_sequence_no, packet_fragment_no, more_fragments);
1119 			}
1120 		}
1121 
1122 		if ((frame_ctl & IEEE80211_FCTL_FTYPE) == IEEE80211_FTYPE_MGMT) {
1123 			/* copy rest of packet into buffer */
1124 			atmel_copy_to_host(priv->dev, (unsigned char *)&priv->rx_buf, rx_packet_loc + 24, msdu_size);
1125 
1126 			/* we use the same buffer for frag reassembly and control packets */
1127 			eth_broadcast_addr(priv->frag_source);
1128 
1129 			if (priv->do_rx_crc) {
1130 				/* last 4 octets is crc */
1131 				msdu_size -= 4;
1132 				crc = crc32_le(crc, (unsigned char *)&priv->rx_buf, msdu_size);
1133 				if ((crc ^ 0xffffffff) != (*((u32 *)&priv->rx_buf[msdu_size]))) {
1134 					priv->dev->stats.rx_crc_errors++;
1135 					goto next;
1136 				}
1137 			}
1138 
1139 			atmel_management_frame(priv, &header, msdu_size,
1140 					       atmel_rmem8(priv, atmel_rx(priv, RX_DESC_RSSI_OFFSET, priv->rx_desc_head)));
1141 		}
1142 
1143 next:
1144 		/* release descriptor */
1145 		atmel_wmem8(priv, atmel_rx(priv, RX_DESC_FLAGS_OFFSET, priv->rx_desc_head), RX_DESC_FLAG_CONSUMED);
1146 
1147 		if (priv->rx_desc_head < (priv->host_info.rx_desc_count - 1))
1148 			priv->rx_desc_head++;
1149 		else
1150 			priv->rx_desc_head = 0;
1151 	}
1152 }
1153 
1154 static irqreturn_t service_interrupt(int irq, void *dev_id)
1155 {
1156 	struct net_device *dev = (struct net_device *) dev_id;
1157 	struct atmel_private *priv = netdev_priv(dev);
1158 	u8 isr;
1159 	int i = -1;
1160 	static const u8 irq_order[] = {
1161 		ISR_OUT_OF_RANGE,
1162 		ISR_RxCOMPLETE,
1163 		ISR_TxCOMPLETE,
1164 		ISR_RxFRAMELOST,
1165 		ISR_FATAL_ERROR,
1166 		ISR_COMMAND_COMPLETE,
1167 		ISR_IBSS_MERGE,
1168 		ISR_GENERIC_IRQ
1169 	};
1170 
1171 	if (priv->card && priv->present_callback &&
1172 	    !(*priv->present_callback)(priv->card))
1173 		return IRQ_HANDLED;
1174 
1175 	/* In this state upper-level code assumes it can mess with
1176 	   the card unhampered by interrupts which may change register state.
1177 	   Note that even though the card shouldn't generate interrupts
1178 	   the inturrupt line may be shared. This allows card setup
1179 	   to go on without disabling interrupts for a long time. */
1180 	if (priv->station_state == STATION_STATE_DOWN)
1181 		return IRQ_NONE;
1182 
1183 	atmel_clear_gcr(dev, GCR_ENINT); /* disable interrupts */
1184 
1185 	while (1) {
1186 		if (!atmel_lock_mac(priv)) {
1187 			/* failed to contact card */
1188 			printk(KERN_ALERT "%s: failed to contact MAC.\n", dev->name);
1189 			return IRQ_HANDLED;
1190 		}
1191 
1192 		isr = atmel_rmem8(priv, atmel_hi(priv, IFACE_INT_STATUS_OFFSET));
1193 		atmel_wmem8(priv, atmel_hi(priv, IFACE_LOCKOUT_MAC_OFFSET), 0);
1194 
1195 		if (!isr) {
1196 			atmel_set_gcr(dev, GCR_ENINT); /* enable interrupts */
1197 			return i == -1 ? IRQ_NONE : IRQ_HANDLED;
1198 		}
1199 
1200 		atmel_set_gcr(dev, GCR_ACKINT); /* acknowledge interrupt */
1201 
1202 		for (i = 0; i < ARRAY_SIZE(irq_order); i++)
1203 			if (isr & irq_order[i])
1204 				break;
1205 
1206 		if (!atmel_lock_mac(priv)) {
1207 			/* failed to contact card */
1208 			printk(KERN_ALERT "%s: failed to contact MAC.\n", dev->name);
1209 			return IRQ_HANDLED;
1210 		}
1211 
1212 		isr = atmel_rmem8(priv, atmel_hi(priv, IFACE_INT_STATUS_OFFSET));
1213 		isr ^= irq_order[i];
1214 		atmel_wmem8(priv, atmel_hi(priv, IFACE_INT_STATUS_OFFSET), isr);
1215 		atmel_wmem8(priv, atmel_hi(priv, IFACE_LOCKOUT_MAC_OFFSET), 0);
1216 
1217 		switch (irq_order[i]) {
1218 
1219 		case ISR_OUT_OF_RANGE:
1220 			if (priv->operating_mode == IW_MODE_INFRA &&
1221 			    priv->station_state == STATION_STATE_READY) {
1222 				priv->station_is_associated = 0;
1223 				atmel_scan(priv, 1);
1224 			}
1225 			break;
1226 
1227 		case ISR_RxFRAMELOST:
1228 			priv->wstats.discard.misc++;
1229 			fallthrough;
1230 		case ISR_RxCOMPLETE:
1231 			rx_done_irq(priv);
1232 			break;
1233 
1234 		case ISR_TxCOMPLETE:
1235 			tx_done_irq(priv);
1236 			break;
1237 
1238 		case ISR_FATAL_ERROR:
1239 			printk(KERN_ALERT "%s: *** FATAL error interrupt ***\n", dev->name);
1240 			atmel_enter_state(priv, STATION_STATE_MGMT_ERROR);
1241 			break;
1242 
1243 		case ISR_COMMAND_COMPLETE:
1244 			atmel_command_irq(priv);
1245 			break;
1246 
1247 		case ISR_IBSS_MERGE:
1248 			atmel_get_mib(priv, Mac_Mgmt_Mib_Type, MAC_MGMT_MIB_CUR_BSSID_POS,
1249 				      priv->CurrentBSSID, 6);
1250 			/* The WPA stuff cares about the current AP address */
1251 			if (priv->use_wpa)
1252 				build_wpa_mib(priv);
1253 			break;
1254 		case ISR_GENERIC_IRQ:
1255 			printk(KERN_INFO "%s: Generic_irq received.\n", dev->name);
1256 			break;
1257 		}
1258 	}
1259 }
1260 
1261 static struct iw_statistics *atmel_get_wireless_stats(struct net_device *dev)
1262 {
1263 	struct atmel_private *priv = netdev_priv(dev);
1264 
1265 	/* update the link quality here in case we are seeing no beacons
1266 	   at all to drive the process */
1267 	atmel_smooth_qual(priv);
1268 
1269 	priv->wstats.status = priv->station_state;
1270 
1271 	if (priv->operating_mode == IW_MODE_INFRA) {
1272 		if (priv->station_state != STATION_STATE_READY) {
1273 			priv->wstats.qual.qual = 0;
1274 			priv->wstats.qual.level = 0;
1275 			priv->wstats.qual.updated = (IW_QUAL_QUAL_INVALID
1276 					| IW_QUAL_LEVEL_INVALID);
1277 		}
1278 		priv->wstats.qual.noise = 0;
1279 		priv->wstats.qual.updated |= IW_QUAL_NOISE_INVALID;
1280 	} else {
1281 		/* Quality levels cannot be determined in ad-hoc mode,
1282 		   because we can 'hear' more that one remote station. */
1283 		priv->wstats.qual.qual = 0;
1284 		priv->wstats.qual.level	= 0;
1285 		priv->wstats.qual.noise	= 0;
1286 		priv->wstats.qual.updated = IW_QUAL_QUAL_INVALID
1287 					| IW_QUAL_LEVEL_INVALID
1288 					| IW_QUAL_NOISE_INVALID;
1289 		priv->wstats.miss.beacon = 0;
1290 	}
1291 
1292 	return &priv->wstats;
1293 }
1294 
1295 static int atmel_set_mac_address(struct net_device *dev, void *p)
1296 {
1297 	struct sockaddr *addr = p;
1298 
1299 	eth_hw_addr_set(dev, addr->sa_data);
1300 	return atmel_open(dev);
1301 }
1302 
1303 EXPORT_SYMBOL(atmel_open);
1304 
1305 int atmel_open(struct net_device *dev)
1306 {
1307 	struct atmel_private *priv = netdev_priv(dev);
1308 	int i, channel, err;
1309 
1310 	/* any scheduled timer is no longer needed and might screw things up.. */
1311 	del_timer_sync(&priv->management_timer);
1312 
1313 	/* Interrupts will not touch the card once in this state... */
1314 	priv->station_state = STATION_STATE_DOWN;
1315 
1316 	if (priv->new_SSID_size) {
1317 		memcpy(priv->SSID, priv->new_SSID, priv->new_SSID_size);
1318 		priv->SSID_size = priv->new_SSID_size;
1319 		priv->new_SSID_size = 0;
1320 	}
1321 	priv->BSS_list_entries = 0;
1322 
1323 	priv->AuthenticationRequestRetryCnt = 0;
1324 	priv->AssociationRequestRetryCnt = 0;
1325 	priv->ReAssociationRequestRetryCnt = 0;
1326 	priv->CurrentAuthentTransactionSeqNum = 0x0001;
1327 	priv->ExpectedAuthentTransactionSeqNum = 0x0002;
1328 
1329 	priv->site_survey_state = SITE_SURVEY_IDLE;
1330 	priv->station_is_associated = 0;
1331 
1332 	err = reset_atmel_card(dev);
1333 	if (err)
1334 		return err;
1335 
1336 	if (priv->config_reg_domain) {
1337 		priv->reg_domain = priv->config_reg_domain;
1338 		atmel_set_mib8(priv, Phy_Mib_Type, PHY_MIB_REG_DOMAIN_POS, priv->reg_domain);
1339 	} else {
1340 		priv->reg_domain = atmel_get_mib8(priv, Phy_Mib_Type, PHY_MIB_REG_DOMAIN_POS);
1341 		for (i = 0; i < ARRAY_SIZE(channel_table); i++)
1342 			if (priv->reg_domain == channel_table[i].reg_domain)
1343 				break;
1344 		if (i == ARRAY_SIZE(channel_table)) {
1345 			priv->reg_domain = REG_DOMAIN_MKK1;
1346 			printk(KERN_ALERT "%s: failed to get regulatory domain: assuming MKK1.\n", dev->name);
1347 		}
1348 	}
1349 
1350 	if ((channel = atmel_validate_channel(priv, priv->channel)))
1351 		priv->channel = channel;
1352 
1353 	/* this moves station_state on.... */
1354 	atmel_scan(priv, 1);
1355 
1356 	atmel_set_gcr(priv->dev, GCR_ENINT); /* enable interrupts */
1357 	return 0;
1358 }
1359 
1360 static int atmel_close(struct net_device *dev)
1361 {
1362 	struct atmel_private *priv = netdev_priv(dev);
1363 
1364 	/* Send event to userspace that we are disassociating */
1365 	if (priv->station_state == STATION_STATE_READY) {
1366 		union iwreq_data wrqu;
1367 
1368 		wrqu.data.length = 0;
1369 		wrqu.data.flags = 0;
1370 		wrqu.ap_addr.sa_family = ARPHRD_ETHER;
1371 		eth_zero_addr(wrqu.ap_addr.sa_data);
1372 		wireless_send_event(priv->dev, SIOCGIWAP, &wrqu, NULL);
1373 	}
1374 
1375 	atmel_enter_state(priv, STATION_STATE_DOWN);
1376 
1377 	if (priv->bus_type == BUS_TYPE_PCCARD)
1378 		atmel_write16(dev, GCR, 0x0060);
1379 	atmel_write16(dev, GCR, 0x0040);
1380 	return 0;
1381 }
1382 
1383 static int atmel_validate_channel(struct atmel_private *priv, int channel)
1384 {
1385 	/* check that channel is OK, if so return zero,
1386 	   else return suitable default channel */
1387 	int i;
1388 
1389 	for (i = 0; i < ARRAY_SIZE(channel_table); i++)
1390 		if (priv->reg_domain == channel_table[i].reg_domain) {
1391 			if (channel >= channel_table[i].min &&
1392 			    channel <= channel_table[i].max)
1393 				return 0;
1394 			else
1395 				return channel_table[i].min;
1396 		}
1397 	return 0;
1398 }
1399 
1400 #ifdef CONFIG_PROC_FS
1401 static int atmel_proc_show(struct seq_file *m, void *v)
1402 {
1403 	struct atmel_private *priv = m->private;
1404 	int i;
1405 	char *s, *r, *c;
1406 
1407 	seq_printf(m, "Driver version:\t\t%d.%d\n", DRIVER_MAJOR, DRIVER_MINOR);
1408 
1409 	if (priv->station_state != STATION_STATE_DOWN) {
1410 		seq_printf(m,
1411 			   "Firmware version:\t%d.%d build %d\n"
1412 			   "Firmware location:\t",
1413 			   priv->host_info.major_version,
1414 			   priv->host_info.minor_version,
1415 			   priv->host_info.build_version);
1416 
1417 		if (priv->card_type != CARD_TYPE_EEPROM)
1418 			seq_puts(m, "on card\n");
1419 		else if (priv->firmware)
1420 			seq_printf(m, "%s loaded by host\n", priv->firmware_id);
1421 		else
1422 			seq_printf(m, "%s loaded by hotplug\n", priv->firmware_id);
1423 
1424 		switch (priv->card_type) {
1425 		case CARD_TYPE_PARALLEL_FLASH:
1426 			c = "Parallel flash";
1427 			break;
1428 		case CARD_TYPE_SPI_FLASH:
1429 			c = "SPI flash\n";
1430 			break;
1431 		case CARD_TYPE_EEPROM:
1432 			c = "EEPROM";
1433 			break;
1434 		default:
1435 			c = "<unknown>";
1436 		}
1437 
1438 		r = "<unknown>";
1439 		for (i = 0; i < ARRAY_SIZE(channel_table); i++)
1440 			if (priv->reg_domain == channel_table[i].reg_domain)
1441 				r = channel_table[i].name;
1442 
1443 		seq_printf(m, "MAC memory type:\t%s\n", c);
1444 		seq_printf(m, "Regulatory domain:\t%s\n", r);
1445 		seq_printf(m, "Host CRC checking:\t%s\n",
1446 			 priv->do_rx_crc ? "On" : "Off");
1447 		seq_printf(m, "WPA-capable firmware:\t%s\n",
1448 			 priv->use_wpa ? "Yes" : "No");
1449 	}
1450 
1451 	switch (priv->station_state) {
1452 	case STATION_STATE_SCANNING:
1453 		s = "Scanning";
1454 		break;
1455 	case STATION_STATE_JOINNING:
1456 		s = "Joining";
1457 		break;
1458 	case STATION_STATE_AUTHENTICATING:
1459 		s = "Authenticating";
1460 		break;
1461 	case STATION_STATE_ASSOCIATING:
1462 		s = "Associating";
1463 		break;
1464 	case STATION_STATE_READY:
1465 		s = "Ready";
1466 		break;
1467 	case STATION_STATE_REASSOCIATING:
1468 		s = "Reassociating";
1469 		break;
1470 	case STATION_STATE_MGMT_ERROR:
1471 		s = "Management error";
1472 		break;
1473 	case STATION_STATE_DOWN:
1474 		s = "Down";
1475 		break;
1476 	default:
1477 		s = "<unknown>";
1478 	}
1479 
1480 	seq_printf(m, "Current state:\t\t%s\n", s);
1481 	return 0;
1482 }
1483 #endif
1484 
1485 static const struct net_device_ops atmel_netdev_ops = {
1486 	.ndo_open 		= atmel_open,
1487 	.ndo_stop		= atmel_close,
1488 	.ndo_set_mac_address 	= atmel_set_mac_address,
1489 	.ndo_start_xmit 	= start_tx,
1490 	.ndo_do_ioctl 		= atmel_ioctl,
1491 	.ndo_validate_addr	= eth_validate_addr,
1492 };
1493 
1494 struct net_device *init_atmel_card(unsigned short irq, unsigned long port,
1495 				   const AtmelFWType fw_type,
1496 				   struct device *sys_dev,
1497 				   int (*card_present)(void *), void *card)
1498 {
1499 	struct net_device *dev;
1500 	struct atmel_private *priv;
1501 	int rc;
1502 
1503 	/* Create the network device object. */
1504 	dev = alloc_etherdev(sizeof(*priv));
1505 	if (!dev)
1506 		return NULL;
1507 
1508 	if (dev_alloc_name(dev, dev->name) < 0) {
1509 		printk(KERN_ERR "atmel: Couldn't get name!\n");
1510 		goto err_out_free;
1511 	}
1512 
1513 	priv = netdev_priv(dev);
1514 	priv->dev = dev;
1515 	priv->sys_dev = sys_dev;
1516 	priv->present_callback = card_present;
1517 	priv->card = card;
1518 	priv->firmware = NULL;
1519 	priv->firmware_type = fw_type;
1520 	if (firmware) /* module parameter */
1521 		strscpy(priv->firmware_id, firmware, sizeof(priv->firmware_id));
1522 	priv->bus_type = card_present ? BUS_TYPE_PCCARD : BUS_TYPE_PCI;
1523 	priv->station_state = STATION_STATE_DOWN;
1524 	priv->do_rx_crc = 0;
1525 	/* For PCMCIA cards, some chips need CRC, some don't
1526 	   so we have to probe. */
1527 	if (priv->bus_type == BUS_TYPE_PCCARD) {
1528 		priv->probe_crc = 1;
1529 		priv->crc_ok_cnt = priv->crc_ko_cnt = 0;
1530 	} else
1531 		priv->probe_crc = 0;
1532 	priv->last_qual = jiffies;
1533 	priv->last_beacon_timestamp = 0;
1534 	memset(priv->frag_source, 0xff, sizeof(priv->frag_source));
1535 	eth_zero_addr(priv->BSSID);
1536 	priv->CurrentBSSID[0] = 0xFF; /* Initialize to something invalid.... */
1537 	priv->station_was_associated = 0;
1538 
1539 	priv->last_survey = jiffies;
1540 	priv->preamble = LONG_PREAMBLE;
1541 	priv->operating_mode = IW_MODE_INFRA;
1542 	priv->connect_to_any_BSS = 0;
1543 	priv->config_reg_domain = 0;
1544 	priv->reg_domain = 0;
1545 	priv->tx_rate = 3;
1546 	priv->auto_tx_rate = 1;
1547 	priv->channel = 4;
1548 	priv->power_mode = 0;
1549 	priv->SSID[0] = '\0';
1550 	priv->SSID_size = 0;
1551 	priv->new_SSID_size = 0;
1552 	priv->frag_threshold = 2346;
1553 	priv->rts_threshold = 2347;
1554 	priv->short_retry = 7;
1555 	priv->long_retry = 4;
1556 
1557 	priv->wep_is_on = 0;
1558 	priv->default_key = 0;
1559 	priv->encryption_level = 0;
1560 	priv->exclude_unencrypted = 0;
1561 	priv->group_cipher_suite = priv->pairwise_cipher_suite = CIPHER_SUITE_NONE;
1562 	priv->use_wpa = 0;
1563 	memset(priv->wep_keys, 0, sizeof(priv->wep_keys));
1564 	memset(priv->wep_key_len, 0, sizeof(priv->wep_key_len));
1565 
1566 	priv->default_beacon_period = priv->beacon_period = 100;
1567 	priv->listen_interval = 1;
1568 
1569 	timer_setup(&priv->management_timer, atmel_management_timer, 0);
1570 	spin_lock_init(&priv->irqlock);
1571 	spin_lock_init(&priv->timerlock);
1572 
1573 	dev->netdev_ops = &atmel_netdev_ops;
1574 	dev->wireless_handlers = &atmel_handler_def;
1575 	dev->irq = irq;
1576 	dev->base_addr = port;
1577 
1578 	/* MTU range: 68 - 2312 */
1579 	dev->min_mtu = 68;
1580 	dev->max_mtu = MAX_WIRELESS_BODY - ETH_FCS_LEN;
1581 
1582 	SET_NETDEV_DEV(dev, sys_dev);
1583 
1584 	if ((rc = request_irq(dev->irq, service_interrupt, IRQF_SHARED, dev->name, dev))) {
1585 		printk(KERN_ERR "%s: register interrupt %d failed, rc %d\n", dev->name, irq, rc);
1586 		goto err_out_free;
1587 	}
1588 
1589 	if (!request_region(dev->base_addr, 32,
1590 			    priv->bus_type == BUS_TYPE_PCCARD ?  "atmel_cs" : "atmel_pci")) {
1591 		goto err_out_irq;
1592 	}
1593 
1594 	if (register_netdev(dev))
1595 		goto err_out_res;
1596 
1597 	if (!probe_atmel_card(dev)) {
1598 		unregister_netdev(dev);
1599 		goto err_out_res;
1600 	}
1601 
1602 	netif_carrier_off(dev);
1603 
1604 	if (!proc_create_single_data("driver/atmel", 0, NULL, atmel_proc_show,
1605 			priv))
1606 		printk(KERN_WARNING "atmel: unable to create /proc entry.\n");
1607 
1608 	printk(KERN_INFO "%s: Atmel at76c50x. Version %d.%d. MAC %pM\n",
1609 	       dev->name, DRIVER_MAJOR, DRIVER_MINOR, dev->dev_addr);
1610 
1611 	return dev;
1612 
1613 err_out_res:
1614 	release_region(dev->base_addr, 32);
1615 err_out_irq:
1616 	free_irq(dev->irq, dev);
1617 err_out_free:
1618 	free_netdev(dev);
1619 	return NULL;
1620 }
1621 
1622 EXPORT_SYMBOL(init_atmel_card);
1623 
1624 void stop_atmel_card(struct net_device *dev)
1625 {
1626 	struct atmel_private *priv = netdev_priv(dev);
1627 
1628 	/* put a brick on it... */
1629 	if (priv->bus_type == BUS_TYPE_PCCARD)
1630 		atmel_write16(dev, GCR, 0x0060);
1631 	atmel_write16(dev, GCR, 0x0040);
1632 
1633 	del_timer_sync(&priv->management_timer);
1634 	unregister_netdev(dev);
1635 	remove_proc_entry("driver/atmel", NULL);
1636 	free_irq(dev->irq, dev);
1637 	kfree(priv->firmware);
1638 	release_region(dev->base_addr, 32);
1639 	free_netdev(dev);
1640 }
1641 
1642 EXPORT_SYMBOL(stop_atmel_card);
1643 
1644 static int atmel_set_essid(struct net_device *dev,
1645 			   struct iw_request_info *info,
1646 			   union iwreq_data *wrqu,
1647 			   char *extra)
1648 {
1649 	struct iw_point *dwrq = &wrqu->essid;
1650 	struct atmel_private *priv = netdev_priv(dev);
1651 
1652 	/* Check if we asked for `any' */
1653 	if (dwrq->flags == 0) {
1654 		priv->connect_to_any_BSS = 1;
1655 	} else {
1656 		int index = (dwrq->flags & IW_ENCODE_INDEX) - 1;
1657 
1658 		priv->connect_to_any_BSS = 0;
1659 
1660 		/* Check the size of the string */
1661 		if (dwrq->length > MAX_SSID_LENGTH)
1662 			 return -E2BIG;
1663 		if (index != 0)
1664 			return -EINVAL;
1665 
1666 		memcpy(priv->new_SSID, extra, dwrq->length);
1667 		priv->new_SSID_size = dwrq->length;
1668 	}
1669 
1670 	return -EINPROGRESS;
1671 }
1672 
1673 static int atmel_get_essid(struct net_device *dev,
1674 			   struct iw_request_info *info,
1675 			   union iwreq_data *wrqu,
1676 			   char *extra)
1677 {
1678 	struct iw_point *dwrq = &wrqu->essid;
1679 	struct atmel_private *priv = netdev_priv(dev);
1680 
1681 	/* Get the current SSID */
1682 	if (priv->new_SSID_size != 0) {
1683 		memcpy(extra, priv->new_SSID, priv->new_SSID_size);
1684 		dwrq->length = priv->new_SSID_size;
1685 	} else {
1686 		memcpy(extra, priv->SSID, priv->SSID_size);
1687 		dwrq->length = priv->SSID_size;
1688 	}
1689 
1690 	dwrq->flags = !priv->connect_to_any_BSS; /* active */
1691 
1692 	return 0;
1693 }
1694 
1695 static int atmel_get_wap(struct net_device *dev,
1696 			 struct iw_request_info *info,
1697 			 union iwreq_data *wrqu,
1698 			 char *extra)
1699 {
1700 	struct sockaddr *awrq = &wrqu->ap_addr;
1701 	struct atmel_private *priv = netdev_priv(dev);
1702 	memcpy(awrq->sa_data, priv->CurrentBSSID, ETH_ALEN);
1703 	awrq->sa_family = ARPHRD_ETHER;
1704 
1705 	return 0;
1706 }
1707 
1708 static int atmel_set_encode(struct net_device *dev,
1709 			    struct iw_request_info *info,
1710 			    union iwreq_data *wrqu,
1711 			    char *extra)
1712 {
1713 	struct iw_point *dwrq = &wrqu->encoding;
1714 	struct atmel_private *priv = netdev_priv(dev);
1715 
1716 	/* Basic checking: do we have a key to set ?
1717 	 * Note : with the new API, it's impossible to get a NULL pointer.
1718 	 * Therefore, we need to check a key size == 0 instead.
1719 	 * New version of iwconfig properly set the IW_ENCODE_NOKEY flag
1720 	 * when no key is present (only change flags), but older versions
1721 	 * don't do it. - Jean II */
1722 	if (dwrq->length > 0) {
1723 		int index = (dwrq->flags & IW_ENCODE_INDEX) - 1;
1724 		int current_index = priv->default_key;
1725 		/* Check the size of the key */
1726 		if (dwrq->length > 13) {
1727 			return -EINVAL;
1728 		}
1729 		/* Check the index (none -> use current) */
1730 		if (index < 0 || index >= 4)
1731 			index = current_index;
1732 		else
1733 			priv->default_key = index;
1734 		/* Set the length */
1735 		if (dwrq->length > 5)
1736 			priv->wep_key_len[index] = 13;
1737 		else
1738 			if (dwrq->length > 0)
1739 				priv->wep_key_len[index] = 5;
1740 			else
1741 				/* Disable the key */
1742 				priv->wep_key_len[index] = 0;
1743 		/* Check if the key is not marked as invalid */
1744 		if (!(dwrq->flags & IW_ENCODE_NOKEY)) {
1745 			/* Cleanup */
1746 			memset(priv->wep_keys[index], 0, 13);
1747 			/* Copy the key in the driver */
1748 			memcpy(priv->wep_keys[index], extra, dwrq->length);
1749 		}
1750 		/* WE specify that if a valid key is set, encryption
1751 		 * should be enabled (user may turn it off later)
1752 		 * This is also how "iwconfig ethX key on" works */
1753 		if (index == current_index &&
1754 		    priv->wep_key_len[index] > 0) {
1755 			priv->wep_is_on = 1;
1756 			priv->exclude_unencrypted = 1;
1757 			if (priv->wep_key_len[index] > 5) {
1758 				priv->pairwise_cipher_suite = CIPHER_SUITE_WEP_128;
1759 				priv->encryption_level = 2;
1760 			} else {
1761 				priv->pairwise_cipher_suite = CIPHER_SUITE_WEP_64;
1762 				priv->encryption_level = 1;
1763 			}
1764 		}
1765 	} else {
1766 		/* Do we want to just set the transmit key index ? */
1767 		int index = (dwrq->flags & IW_ENCODE_INDEX) - 1;
1768 		if (index >= 0 && index < 4) {
1769 			priv->default_key = index;
1770 		} else
1771 			/* Don't complain if only change the mode */
1772 			if (!(dwrq->flags & IW_ENCODE_MODE))
1773 				return -EINVAL;
1774 	}
1775 	/* Read the flags */
1776 	if (dwrq->flags & IW_ENCODE_DISABLED) {
1777 		priv->wep_is_on = 0;
1778 		priv->encryption_level = 0;
1779 		priv->pairwise_cipher_suite = CIPHER_SUITE_NONE;
1780 	} else {
1781 		priv->wep_is_on = 1;
1782 		if (priv->wep_key_len[priv->default_key] > 5) {
1783 			priv->pairwise_cipher_suite = CIPHER_SUITE_WEP_128;
1784 			priv->encryption_level = 2;
1785 		} else {
1786 			priv->pairwise_cipher_suite = CIPHER_SUITE_WEP_64;
1787 			priv->encryption_level = 1;
1788 		}
1789 	}
1790 	if (dwrq->flags & IW_ENCODE_RESTRICTED)
1791 		priv->exclude_unencrypted = 1;
1792 	if (dwrq->flags & IW_ENCODE_OPEN)
1793 		priv->exclude_unencrypted = 0;
1794 
1795 	return -EINPROGRESS;		/* Call commit handler */
1796 }
1797 
1798 static int atmel_get_encode(struct net_device *dev,
1799 			    struct iw_request_info *info,
1800 			    union iwreq_data *wrqu,
1801 			    char *extra)
1802 {
1803 	struct iw_point *dwrq = &wrqu->encoding;
1804 	struct atmel_private *priv = netdev_priv(dev);
1805 	int index = (dwrq->flags & IW_ENCODE_INDEX) - 1;
1806 
1807 	if (!priv->wep_is_on)
1808 		dwrq->flags = IW_ENCODE_DISABLED;
1809 	else {
1810 		if (priv->exclude_unencrypted)
1811 			dwrq->flags = IW_ENCODE_RESTRICTED;
1812 		else
1813 			dwrq->flags = IW_ENCODE_OPEN;
1814 	}
1815 		/* Which key do we want ? -1 -> tx index */
1816 	if (index < 0 || index >= 4)
1817 		index = priv->default_key;
1818 	dwrq->flags |= index + 1;
1819 	/* Copy the key to the user buffer */
1820 	dwrq->length = priv->wep_key_len[index];
1821 	if (dwrq->length > 16) {
1822 		dwrq->length = 0;
1823 	} else {
1824 		memset(extra, 0, 16);
1825 		memcpy(extra, priv->wep_keys[index], dwrq->length);
1826 	}
1827 
1828 	return 0;
1829 }
1830 
1831 static int atmel_set_encodeext(struct net_device *dev,
1832 			    struct iw_request_info *info,
1833 			    union iwreq_data *wrqu,
1834 			    char *extra)
1835 {
1836 	struct atmel_private *priv = netdev_priv(dev);
1837 	struct iw_point *encoding = &wrqu->encoding;
1838 	struct iw_encode_ext *ext = (struct iw_encode_ext *)extra;
1839 	int idx, key_len, alg = ext->alg, set_key = 1;
1840 
1841 	/* Determine and validate the key index */
1842 	idx = encoding->flags & IW_ENCODE_INDEX;
1843 	if (idx) {
1844 		if (idx < 1 || idx > 4)
1845 			return -EINVAL;
1846 		idx--;
1847 	} else
1848 		idx = priv->default_key;
1849 
1850 	if (encoding->flags & IW_ENCODE_DISABLED)
1851 	    alg = IW_ENCODE_ALG_NONE;
1852 
1853 	if (ext->ext_flags & IW_ENCODE_EXT_SET_TX_KEY) {
1854 		priv->default_key = idx;
1855 		set_key = ext->key_len > 0 ? 1 : 0;
1856 	}
1857 
1858 	if (set_key) {
1859 		/* Set the requested key first */
1860 		switch (alg) {
1861 		case IW_ENCODE_ALG_NONE:
1862 			priv->wep_is_on = 0;
1863 			priv->encryption_level = 0;
1864 			priv->pairwise_cipher_suite = CIPHER_SUITE_NONE;
1865 			break;
1866 		case IW_ENCODE_ALG_WEP:
1867 			if (ext->key_len > 5) {
1868 				priv->wep_key_len[idx] = 13;
1869 				priv->pairwise_cipher_suite = CIPHER_SUITE_WEP_128;
1870 				priv->encryption_level = 2;
1871 			} else if (ext->key_len > 0) {
1872 				priv->wep_key_len[idx] = 5;
1873 				priv->pairwise_cipher_suite = CIPHER_SUITE_WEP_64;
1874 				priv->encryption_level = 1;
1875 			} else {
1876 				return -EINVAL;
1877 			}
1878 			priv->wep_is_on = 1;
1879 			memset(priv->wep_keys[idx], 0, 13);
1880 			key_len = min ((int)ext->key_len, priv->wep_key_len[idx]);
1881 			memcpy(priv->wep_keys[idx], ext->key, key_len);
1882 			break;
1883 		default:
1884 			return -EINVAL;
1885 		}
1886 	}
1887 
1888 	return -EINPROGRESS;
1889 }
1890 
1891 static int atmel_get_encodeext(struct net_device *dev,
1892 			    struct iw_request_info *info,
1893 			    union iwreq_data *wrqu,
1894 			    char *extra)
1895 {
1896 	struct atmel_private *priv = netdev_priv(dev);
1897 	struct iw_point *encoding = &wrqu->encoding;
1898 	struct iw_encode_ext *ext = (struct iw_encode_ext *)extra;
1899 	int idx, max_key_len;
1900 
1901 	max_key_len = encoding->length - sizeof(*ext);
1902 	if (max_key_len < 0)
1903 		return -EINVAL;
1904 
1905 	idx = encoding->flags & IW_ENCODE_INDEX;
1906 	if (idx) {
1907 		if (idx < 1 || idx > 4)
1908 			return -EINVAL;
1909 		idx--;
1910 	} else
1911 		idx = priv->default_key;
1912 
1913 	encoding->flags = idx + 1;
1914 	memset(ext, 0, sizeof(*ext));
1915 
1916 	if (!priv->wep_is_on) {
1917 		ext->alg = IW_ENCODE_ALG_NONE;
1918 		ext->key_len = 0;
1919 		encoding->flags |= IW_ENCODE_DISABLED;
1920 	} else {
1921 		if (priv->encryption_level > 0)
1922 			ext->alg = IW_ENCODE_ALG_WEP;
1923 		else
1924 			return -EINVAL;
1925 
1926 		ext->key_len = priv->wep_key_len[idx];
1927 		memcpy(ext->key, priv->wep_keys[idx], ext->key_len);
1928 		encoding->flags |= IW_ENCODE_ENABLED;
1929 	}
1930 
1931 	return 0;
1932 }
1933 
1934 static int atmel_set_auth(struct net_device *dev,
1935 			       struct iw_request_info *info,
1936 			       union iwreq_data *wrqu, char *extra)
1937 {
1938 	struct atmel_private *priv = netdev_priv(dev);
1939 	struct iw_param *param = &wrqu->param;
1940 
1941 	switch (param->flags & IW_AUTH_INDEX) {
1942 	case IW_AUTH_WPA_VERSION:
1943 	case IW_AUTH_CIPHER_PAIRWISE:
1944 	case IW_AUTH_CIPHER_GROUP:
1945 	case IW_AUTH_KEY_MGMT:
1946 	case IW_AUTH_RX_UNENCRYPTED_EAPOL:
1947 	case IW_AUTH_PRIVACY_INVOKED:
1948 		/*
1949 		 * atmel does not use these parameters
1950 		 */
1951 		break;
1952 
1953 	case IW_AUTH_DROP_UNENCRYPTED:
1954 		priv->exclude_unencrypted = param->value ? 1 : 0;
1955 		break;
1956 
1957 	case IW_AUTH_80211_AUTH_ALG: {
1958 			if (param->value & IW_AUTH_ALG_SHARED_KEY) {
1959 				priv->exclude_unencrypted = 1;
1960 			} else if (param->value & IW_AUTH_ALG_OPEN_SYSTEM) {
1961 				priv->exclude_unencrypted = 0;
1962 			} else
1963 				return -EINVAL;
1964 			break;
1965 		}
1966 
1967 	case IW_AUTH_WPA_ENABLED:
1968 		/* Silently accept disable of WPA */
1969 		if (param->value > 0)
1970 			return -EOPNOTSUPP;
1971 		break;
1972 
1973 	default:
1974 		return -EOPNOTSUPP;
1975 	}
1976 	return -EINPROGRESS;
1977 }
1978 
1979 static int atmel_get_auth(struct net_device *dev,
1980 			       struct iw_request_info *info,
1981 			       union iwreq_data *wrqu, char *extra)
1982 {
1983 	struct atmel_private *priv = netdev_priv(dev);
1984 	struct iw_param *param = &wrqu->param;
1985 
1986 	switch (param->flags & IW_AUTH_INDEX) {
1987 	case IW_AUTH_DROP_UNENCRYPTED:
1988 		param->value = priv->exclude_unencrypted;
1989 		break;
1990 
1991 	case IW_AUTH_80211_AUTH_ALG:
1992 		if (priv->exclude_unencrypted == 1)
1993 			param->value = IW_AUTH_ALG_SHARED_KEY;
1994 		else
1995 			param->value = IW_AUTH_ALG_OPEN_SYSTEM;
1996 		break;
1997 
1998 	case IW_AUTH_WPA_ENABLED:
1999 		param->value = 0;
2000 		break;
2001 
2002 	default:
2003 		return -EOPNOTSUPP;
2004 	}
2005 	return 0;
2006 }
2007 
2008 
2009 static int atmel_get_name(struct net_device *dev,
2010 			  struct iw_request_info *info,
2011 			  union iwreq_data *wrqu,
2012 			  char *extra)
2013 {
2014 	strcpy(wrqu->name, "IEEE 802.11-DS");
2015 	return 0;
2016 }
2017 
2018 static int atmel_set_rate(struct net_device *dev,
2019 			  struct iw_request_info *info,
2020 			  union iwreq_data *wrqu,
2021 			  char *extra)
2022 {
2023 	struct iw_param *vwrq = &wrqu->bitrate;
2024 	struct atmel_private *priv = netdev_priv(dev);
2025 
2026 	if (vwrq->fixed == 0) {
2027 		priv->tx_rate = 3;
2028 		priv->auto_tx_rate = 1;
2029 	} else {
2030 		priv->auto_tx_rate = 0;
2031 
2032 		/* Which type of value ? */
2033 		if ((vwrq->value < 4) && (vwrq->value >= 0)) {
2034 			/* Setting by rate index */
2035 			priv->tx_rate = vwrq->value;
2036 		} else {
2037 		/* Setting by frequency value */
2038 			switch (vwrq->value) {
2039 			case  1000000:
2040 				priv->tx_rate = 0;
2041 				break;
2042 			case  2000000:
2043 				priv->tx_rate = 1;
2044 				break;
2045 			case  5500000:
2046 				priv->tx_rate = 2;
2047 				break;
2048 			case 11000000:
2049 				priv->tx_rate = 3;
2050 				break;
2051 			default:
2052 				return -EINVAL;
2053 			}
2054 		}
2055 	}
2056 
2057 	return -EINPROGRESS;
2058 }
2059 
2060 static int atmel_set_mode(struct net_device *dev,
2061 			  struct iw_request_info *info,
2062 			  union iwreq_data *wrqu,
2063 			  char *extra)
2064 {
2065 	__u32 *uwrq = &wrqu->mode;
2066 	struct atmel_private *priv = netdev_priv(dev);
2067 
2068 	if (*uwrq != IW_MODE_ADHOC && *uwrq != IW_MODE_INFRA)
2069 		return -EINVAL;
2070 
2071 	priv->operating_mode = *uwrq;
2072 	return -EINPROGRESS;
2073 }
2074 
2075 static int atmel_get_mode(struct net_device *dev,
2076 			  struct iw_request_info *info,
2077 			  union iwreq_data *wrqu,
2078 			  char *extra)
2079 {
2080 	__u32 *uwrq = &wrqu->mode;
2081 	struct atmel_private *priv = netdev_priv(dev);
2082 
2083 	*uwrq = priv->operating_mode;
2084 	return 0;
2085 }
2086 
2087 static int atmel_get_rate(struct net_device *dev,
2088 			 struct iw_request_info *info,
2089 			 union iwreq_data *wrqu,
2090 			 char *extra)
2091 {
2092 	struct iw_param *vwrq = &wrqu->bitrate;
2093 	struct atmel_private *priv = netdev_priv(dev);
2094 
2095 	if (priv->auto_tx_rate) {
2096 		vwrq->fixed = 0;
2097 		vwrq->value = 11000000;
2098 	} else {
2099 		vwrq->fixed = 1;
2100 		switch (priv->tx_rate) {
2101 		case 0:
2102 			vwrq->value =  1000000;
2103 			break;
2104 		case 1:
2105 			vwrq->value =  2000000;
2106 			break;
2107 		case 2:
2108 			vwrq->value =  5500000;
2109 			break;
2110 		case 3:
2111 			vwrq->value = 11000000;
2112 			break;
2113 		}
2114 	}
2115 	return 0;
2116 }
2117 
2118 static int atmel_set_power(struct net_device *dev,
2119 			   struct iw_request_info *info,
2120 			   union iwreq_data *wrqu,
2121 			   char *extra)
2122 {
2123 	struct iw_param *vwrq = &wrqu->power;
2124 	struct atmel_private *priv = netdev_priv(dev);
2125 	priv->power_mode = vwrq->disabled ? 0 : 1;
2126 	return -EINPROGRESS;
2127 }
2128 
2129 static int atmel_get_power(struct net_device *dev,
2130 			   struct iw_request_info *info,
2131 			   union iwreq_data *wrqu,
2132 			   char *extra)
2133 {
2134 	struct iw_param *vwrq = &wrqu->power;
2135 	struct atmel_private *priv = netdev_priv(dev);
2136 	vwrq->disabled = priv->power_mode ? 0 : 1;
2137 	vwrq->flags = IW_POWER_ON;
2138 	return 0;
2139 }
2140 
2141 static int atmel_set_retry(struct net_device *dev,
2142 			   struct iw_request_info *info,
2143 			   union iwreq_data *wrqu,
2144 			   char *extra)
2145 {
2146 	struct iw_param *vwrq = &wrqu->retry;
2147 	struct atmel_private *priv = netdev_priv(dev);
2148 
2149 	if (!vwrq->disabled && (vwrq->flags & IW_RETRY_LIMIT)) {
2150 		if (vwrq->flags & IW_RETRY_LONG)
2151 			priv->long_retry = vwrq->value;
2152 		else if (vwrq->flags & IW_RETRY_SHORT)
2153 			priv->short_retry = vwrq->value;
2154 		else {
2155 			/* No modifier : set both */
2156 			priv->long_retry = vwrq->value;
2157 			priv->short_retry = vwrq->value;
2158 		}
2159 		return -EINPROGRESS;
2160 	}
2161 
2162 	return -EINVAL;
2163 }
2164 
2165 static int atmel_get_retry(struct net_device *dev,
2166 			   struct iw_request_info *info,
2167 			   union iwreq_data *wrqu,
2168 			   char *extra)
2169 {
2170 	struct iw_param *vwrq = &wrqu->retry;
2171 	struct atmel_private *priv = netdev_priv(dev);
2172 
2173 	vwrq->disabled = 0;      /* Can't be disabled */
2174 
2175 	/* Note : by default, display the short retry number */
2176 	if (vwrq->flags & IW_RETRY_LONG) {
2177 		vwrq->flags = IW_RETRY_LIMIT | IW_RETRY_LONG;
2178 		vwrq->value = priv->long_retry;
2179 	} else {
2180 		vwrq->flags = IW_RETRY_LIMIT;
2181 		vwrq->value = priv->short_retry;
2182 		if (priv->long_retry != priv->short_retry)
2183 			vwrq->flags |= IW_RETRY_SHORT;
2184 	}
2185 
2186 	return 0;
2187 }
2188 
2189 static int atmel_set_rts(struct net_device *dev,
2190 			 struct iw_request_info *info,
2191 			 union iwreq_data *wrqu,
2192 			 char *extra)
2193 {
2194 	struct iw_param *vwrq = &wrqu->rts;
2195 	struct atmel_private *priv = netdev_priv(dev);
2196 	int rthr = vwrq->value;
2197 
2198 	if (vwrq->disabled)
2199 		rthr = 2347;
2200 	if ((rthr < 0) || (rthr > 2347)) {
2201 		return -EINVAL;
2202 	}
2203 	priv->rts_threshold = rthr;
2204 
2205 	return -EINPROGRESS;		/* Call commit handler */
2206 }
2207 
2208 static int atmel_get_rts(struct net_device *dev,
2209 			 struct iw_request_info *info,
2210 			 union iwreq_data *wrqu,
2211 			 char *extra)
2212 {
2213 	struct iw_param *vwrq = &wrqu->rts;
2214 	struct atmel_private *priv = netdev_priv(dev);
2215 
2216 	vwrq->value = priv->rts_threshold;
2217 	vwrq->disabled = (vwrq->value >= 2347);
2218 	vwrq->fixed = 1;
2219 
2220 	return 0;
2221 }
2222 
2223 static int atmel_set_frag(struct net_device *dev,
2224 			  struct iw_request_info *info,
2225 			  union iwreq_data *wrqu,
2226 			  char *extra)
2227 {
2228 	struct iw_param *vwrq = &wrqu->frag;
2229 	struct atmel_private *priv = netdev_priv(dev);
2230 	int fthr = vwrq->value;
2231 
2232 	if (vwrq->disabled)
2233 		fthr = 2346;
2234 	if ((fthr < 256) || (fthr > 2346)) {
2235 		return -EINVAL;
2236 	}
2237 	fthr &= ~0x1;	/* Get an even value - is it really needed ??? */
2238 	priv->frag_threshold = fthr;
2239 
2240 	return -EINPROGRESS;		/* Call commit handler */
2241 }
2242 
2243 static int atmel_get_frag(struct net_device *dev,
2244 			  struct iw_request_info *info,
2245 			  union iwreq_data *wrqu,
2246 			  char *extra)
2247 {
2248 	struct iw_param *vwrq = &wrqu->frag;
2249 	struct atmel_private *priv = netdev_priv(dev);
2250 
2251 	vwrq->value = priv->frag_threshold;
2252 	vwrq->disabled = (vwrq->value >= 2346);
2253 	vwrq->fixed = 1;
2254 
2255 	return 0;
2256 }
2257 
2258 static int atmel_set_freq(struct net_device *dev,
2259 			  struct iw_request_info *info,
2260 			  union iwreq_data *wrqu,
2261 			  char *extra)
2262 {
2263 	struct iw_freq *fwrq = &wrqu->freq;
2264 	struct atmel_private *priv = netdev_priv(dev);
2265 	int rc = -EINPROGRESS;		/* Call commit handler */
2266 
2267 	/* If setting by frequency, convert to a channel */
2268 	if (fwrq->e == 1) {
2269 		int f = fwrq->m / 100000;
2270 
2271 		/* Hack to fall through... */
2272 		fwrq->e = 0;
2273 		fwrq->m = ieee80211_frequency_to_channel(f);
2274 	}
2275 	/* Setting by channel number */
2276 	if (fwrq->m < 0 || fwrq->m > 1000 || fwrq->e > 0)
2277 		rc = -EOPNOTSUPP;
2278 	else {
2279 		int channel = fwrq->m;
2280 		if (atmel_validate_channel(priv, channel) == 0) {
2281 			priv->channel = channel;
2282 		} else {
2283 			rc = -EINVAL;
2284 		}
2285 	}
2286 	return rc;
2287 }
2288 
2289 static int atmel_get_freq(struct net_device *dev,
2290 			  struct iw_request_info *info,
2291 			  union iwreq_data *wrqu,
2292 			  char *extra)
2293 {
2294 	struct iw_freq *fwrq = &wrqu->freq;
2295 	struct atmel_private *priv = netdev_priv(dev);
2296 
2297 	fwrq->m = priv->channel;
2298 	fwrq->e = 0;
2299 	return 0;
2300 }
2301 
2302 static int atmel_set_scan(struct net_device *dev,
2303 			  struct iw_request_info *info,
2304 			  union iwreq_data *dwrq,
2305 			  char *extra)
2306 {
2307 	struct atmel_private *priv = netdev_priv(dev);
2308 	unsigned long flags;
2309 
2310 	/* Note : you may have realised that, as this is a SET operation,
2311 	 * this is privileged and therefore a normal user can't
2312 	 * perform scanning.
2313 	 * This is not an error, while the device perform scanning,
2314 	 * traffic doesn't flow, so it's a perfect DoS...
2315 	 * Jean II */
2316 
2317 	if (priv->station_state == STATION_STATE_DOWN)
2318 		return -EAGAIN;
2319 
2320 	/* Timeout old surveys. */
2321 	if (time_after(jiffies, priv->last_survey + 20 * HZ))
2322 		priv->site_survey_state = SITE_SURVEY_IDLE;
2323 	priv->last_survey = jiffies;
2324 
2325 	/* Initiate a scan command */
2326 	if (priv->site_survey_state == SITE_SURVEY_IN_PROGRESS)
2327 		return -EBUSY;
2328 
2329 	del_timer_sync(&priv->management_timer);
2330 	spin_lock_irqsave(&priv->irqlock, flags);
2331 
2332 	priv->site_survey_state = SITE_SURVEY_IN_PROGRESS;
2333 	priv->fast_scan = 0;
2334 	atmel_scan(priv, 0);
2335 	spin_unlock_irqrestore(&priv->irqlock, flags);
2336 
2337 	return 0;
2338 }
2339 
2340 static int atmel_get_scan(struct net_device *dev,
2341 			  struct iw_request_info *info,
2342 			  union iwreq_data *wrqu,
2343 			  char *extra)
2344 {
2345 	struct iw_point *dwrq = &wrqu->data;
2346 	struct atmel_private *priv = netdev_priv(dev);
2347 	int i;
2348 	char *current_ev = extra;
2349 	struct iw_event	iwe;
2350 
2351 	if (priv->site_survey_state != SITE_SURVEY_COMPLETED)
2352 		return -EAGAIN;
2353 
2354 	for (i = 0; i < priv->BSS_list_entries; i++) {
2355 		iwe.cmd = SIOCGIWAP;
2356 		iwe.u.ap_addr.sa_family = ARPHRD_ETHER;
2357 		memcpy(iwe.u.ap_addr.sa_data, priv->BSSinfo[i].BSSID, ETH_ALEN);
2358 		current_ev = iwe_stream_add_event(info, current_ev,
2359 						  extra + IW_SCAN_MAX_DATA,
2360 						  &iwe, IW_EV_ADDR_LEN);
2361 
2362 		iwe.u.data.length =  priv->BSSinfo[i].SSIDsize;
2363 		if (iwe.u.data.length > 32)
2364 			iwe.u.data.length = 32;
2365 		iwe.cmd = SIOCGIWESSID;
2366 		iwe.u.data.flags = 1;
2367 		current_ev = iwe_stream_add_point(info, current_ev,
2368 						  extra + IW_SCAN_MAX_DATA,
2369 						  &iwe, priv->BSSinfo[i].SSID);
2370 
2371 		iwe.cmd = SIOCGIWMODE;
2372 		iwe.u.mode = priv->BSSinfo[i].BSStype;
2373 		current_ev = iwe_stream_add_event(info, current_ev,
2374 						  extra + IW_SCAN_MAX_DATA,
2375 						  &iwe, IW_EV_UINT_LEN);
2376 
2377 		iwe.cmd = SIOCGIWFREQ;
2378 		iwe.u.freq.m = priv->BSSinfo[i].channel;
2379 		iwe.u.freq.e = 0;
2380 		current_ev = iwe_stream_add_event(info, current_ev,
2381 						  extra + IW_SCAN_MAX_DATA,
2382 						  &iwe, IW_EV_FREQ_LEN);
2383 
2384 		/* Add quality statistics */
2385 		iwe.cmd = IWEVQUAL;
2386 		iwe.u.qual.level = priv->BSSinfo[i].RSSI;
2387 		iwe.u.qual.qual  = iwe.u.qual.level;
2388 		/* iwe.u.qual.noise  = SOMETHING */
2389 		current_ev = iwe_stream_add_event(info, current_ev,
2390 						  extra + IW_SCAN_MAX_DATA,
2391 						  &iwe, IW_EV_QUAL_LEN);
2392 
2393 
2394 		iwe.cmd = SIOCGIWENCODE;
2395 		if (priv->BSSinfo[i].UsingWEP)
2396 			iwe.u.data.flags = IW_ENCODE_ENABLED | IW_ENCODE_NOKEY;
2397 		else
2398 			iwe.u.data.flags = IW_ENCODE_DISABLED;
2399 		iwe.u.data.length = 0;
2400 		current_ev = iwe_stream_add_point(info, current_ev,
2401 						  extra + IW_SCAN_MAX_DATA,
2402 						  &iwe, NULL);
2403 	}
2404 
2405 	/* Length of data */
2406 	dwrq->length = (current_ev - extra);
2407 	dwrq->flags = 0;
2408 
2409 	return 0;
2410 }
2411 
2412 static int atmel_get_range(struct net_device *dev,
2413 			   struct iw_request_info *info,
2414 			   union iwreq_data *wrqu,
2415 			   char *extra)
2416 {
2417 	struct iw_point *dwrq = &wrqu->data;
2418 	struct atmel_private *priv = netdev_priv(dev);
2419 	struct iw_range *range = (struct iw_range *) extra;
2420 	int k, i, j;
2421 
2422 	dwrq->length = sizeof(struct iw_range);
2423 	memset(range, 0, sizeof(struct iw_range));
2424 	range->min_nwid = 0x0000;
2425 	range->max_nwid = 0x0000;
2426 	range->num_channels = 0;
2427 	for (j = 0; j < ARRAY_SIZE(channel_table); j++)
2428 		if (priv->reg_domain == channel_table[j].reg_domain) {
2429 			range->num_channels = channel_table[j].max - channel_table[j].min + 1;
2430 			break;
2431 		}
2432 	if (range->num_channels != 0) {
2433 		for (k = 0, i = channel_table[j].min; i <= channel_table[j].max; i++) {
2434 			range->freq[k].i = i; /* List index */
2435 
2436 			/* Values in MHz -> * 10^5 * 10 */
2437 			range->freq[k].m = 100000 *
2438 			 ieee80211_channel_to_frequency(i, NL80211_BAND_2GHZ);
2439 			range->freq[k++].e = 1;
2440 		}
2441 		range->num_frequency = k;
2442 	}
2443 
2444 	range->max_qual.qual = 100;
2445 	range->max_qual.level = 100;
2446 	range->max_qual.noise = 0;
2447 	range->max_qual.updated = IW_QUAL_NOISE_INVALID;
2448 
2449 	range->avg_qual.qual = 50;
2450 	range->avg_qual.level = 50;
2451 	range->avg_qual.noise = 0;
2452 	range->avg_qual.updated = IW_QUAL_NOISE_INVALID;
2453 
2454 	range->sensitivity = 0;
2455 
2456 	range->bitrate[0] =  1000000;
2457 	range->bitrate[1] =  2000000;
2458 	range->bitrate[2] =  5500000;
2459 	range->bitrate[3] = 11000000;
2460 	range->num_bitrates = 4;
2461 
2462 	range->min_rts = 0;
2463 	range->max_rts = 2347;
2464 	range->min_frag = 256;
2465 	range->max_frag = 2346;
2466 
2467 	range->encoding_size[0] = 5;
2468 	range->encoding_size[1] = 13;
2469 	range->num_encoding_sizes = 2;
2470 	range->max_encoding_tokens = 4;
2471 
2472 	range->pmp_flags = IW_POWER_ON;
2473 	range->pmt_flags = IW_POWER_ON;
2474 	range->pm_capa = 0;
2475 
2476 	range->we_version_source = WIRELESS_EXT;
2477 	range->we_version_compiled = WIRELESS_EXT;
2478 	range->retry_capa = IW_RETRY_LIMIT ;
2479 	range->retry_flags = IW_RETRY_LIMIT;
2480 	range->r_time_flags = 0;
2481 	range->min_retry = 1;
2482 	range->max_retry = 65535;
2483 
2484 	return 0;
2485 }
2486 
2487 static int atmel_set_wap(struct net_device *dev,
2488 			 struct iw_request_info *info,
2489 			 union iwreq_data *wrqu,
2490 			 char *extra)
2491 {
2492 	struct sockaddr *awrq = &wrqu->ap_addr;
2493 	struct atmel_private *priv = netdev_priv(dev);
2494 	int i;
2495 	static const u8 any[] = { 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF };
2496 	static const u8 off[] = { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 };
2497 	unsigned long flags;
2498 
2499 	if (awrq->sa_family != ARPHRD_ETHER)
2500 		return -EINVAL;
2501 
2502 	if (!memcmp(any, awrq->sa_data, 6) ||
2503 	    !memcmp(off, awrq->sa_data, 6)) {
2504 		del_timer_sync(&priv->management_timer);
2505 		spin_lock_irqsave(&priv->irqlock, flags);
2506 		atmel_scan(priv, 1);
2507 		spin_unlock_irqrestore(&priv->irqlock, flags);
2508 		return 0;
2509 	}
2510 
2511 	for (i = 0; i < priv->BSS_list_entries; i++) {
2512 		if (memcmp(priv->BSSinfo[i].BSSID, awrq->sa_data, 6) == 0) {
2513 			if (!priv->wep_is_on && priv->BSSinfo[i].UsingWEP) {
2514 				return -EINVAL;
2515 			} else if  (priv->wep_is_on && !priv->BSSinfo[i].UsingWEP) {
2516 				return -EINVAL;
2517 			} else {
2518 				del_timer_sync(&priv->management_timer);
2519 				spin_lock_irqsave(&priv->irqlock, flags);
2520 				atmel_join_bss(priv, i);
2521 				spin_unlock_irqrestore(&priv->irqlock, flags);
2522 				return 0;
2523 			}
2524 		}
2525 	}
2526 
2527 	return -EINVAL;
2528 }
2529 
2530 static int atmel_config_commit(struct net_device *dev,
2531 			       struct iw_request_info *info,	/* NULL */
2532 			       union iwreq_data *zwrq,		/* NULL */
2533 			       char *extra)			/* NULL */
2534 {
2535 	return atmel_open(dev);
2536 }
2537 
2538 static const iw_handler atmel_handler[] =
2539 {
2540 	IW_HANDLER(SIOCSIWCOMMIT,	atmel_config_commit),
2541 	IW_HANDLER(SIOCGIWNAME,		atmel_get_name),
2542 	IW_HANDLER(SIOCSIWFREQ,		atmel_set_freq),
2543 	IW_HANDLER(SIOCGIWFREQ,		atmel_get_freq),
2544 	IW_HANDLER(SIOCSIWMODE,		atmel_set_mode),
2545 	IW_HANDLER(SIOCGIWMODE,		atmel_get_mode),
2546 	IW_HANDLER(SIOCGIWRANGE,	atmel_get_range),
2547 	IW_HANDLER(SIOCSIWAP,		atmel_set_wap),
2548 	IW_HANDLER(SIOCGIWAP,		atmel_get_wap),
2549 	IW_HANDLER(SIOCSIWSCAN,		atmel_set_scan),
2550 	IW_HANDLER(SIOCGIWSCAN,		atmel_get_scan),
2551 	IW_HANDLER(SIOCSIWESSID,	atmel_set_essid),
2552 	IW_HANDLER(SIOCGIWESSID,	atmel_get_essid),
2553 	IW_HANDLER(SIOCSIWRATE,		atmel_set_rate),
2554 	IW_HANDLER(SIOCGIWRATE,		atmel_get_rate),
2555 	IW_HANDLER(SIOCSIWRTS,		atmel_set_rts),
2556 	IW_HANDLER(SIOCGIWRTS,		atmel_get_rts),
2557 	IW_HANDLER(SIOCSIWFRAG,		atmel_set_frag),
2558 	IW_HANDLER(SIOCGIWFRAG,		atmel_get_frag),
2559 	IW_HANDLER(SIOCSIWRETRY,	atmel_set_retry),
2560 	IW_HANDLER(SIOCGIWRETRY,	atmel_get_retry),
2561 	IW_HANDLER(SIOCSIWENCODE,	atmel_set_encode),
2562 	IW_HANDLER(SIOCGIWENCODE,	atmel_get_encode),
2563 	IW_HANDLER(SIOCSIWPOWER,	atmel_set_power),
2564 	IW_HANDLER(SIOCGIWPOWER,	atmel_get_power),
2565 	IW_HANDLER(SIOCSIWAUTH,		atmel_set_auth),
2566 	IW_HANDLER(SIOCGIWAUTH,		atmel_get_auth),
2567 	IW_HANDLER(SIOCSIWENCODEEXT,	atmel_set_encodeext),
2568 	IW_HANDLER(SIOCGIWENCODEEXT,	atmel_get_encodeext),
2569 };
2570 
2571 static const iw_handler atmel_private_handler[] =
2572 {
2573 	NULL,				/* SIOCIWFIRSTPRIV */
2574 };
2575 
2576 struct atmel_priv_ioctl {
2577 	char id[32];
2578 	unsigned char __user *data;
2579 	unsigned short len;
2580 };
2581 
2582 #define ATMELFWL	SIOCIWFIRSTPRIV
2583 #define ATMELIDIFC	ATMELFWL + 1
2584 #define ATMELRD		ATMELFWL + 2
2585 #define ATMELMAGIC 0x51807
2586 #define REGDOMAINSZ 20
2587 
2588 static const struct iw_priv_args atmel_private_args[] = {
2589 	{
2590 		.cmd = ATMELFWL,
2591 		.set_args = IW_PRIV_TYPE_BYTE
2592 				| IW_PRIV_SIZE_FIXED
2593 				| sizeof(struct atmel_priv_ioctl),
2594 		.get_args = IW_PRIV_TYPE_NONE,
2595 		.name = "atmelfwl"
2596 	}, {
2597 		.cmd = ATMELIDIFC,
2598 		.set_args = IW_PRIV_TYPE_NONE,
2599 		.get_args = IW_PRIV_TYPE_INT | IW_PRIV_SIZE_FIXED | 1,
2600 		.name = "atmelidifc"
2601 	}, {
2602 		.cmd = ATMELRD,
2603 		.set_args = IW_PRIV_TYPE_CHAR | REGDOMAINSZ,
2604 		.get_args = IW_PRIV_TYPE_NONE,
2605 		.name = "regdomain"
2606 	},
2607 };
2608 
2609 static const struct iw_handler_def atmel_handler_def = {
2610 	.num_standard	= ARRAY_SIZE(atmel_handler),
2611 	.num_private	= ARRAY_SIZE(atmel_private_handler),
2612 	.num_private_args = ARRAY_SIZE(atmel_private_args),
2613 	.standard	= atmel_handler,
2614 	.private	= atmel_private_handler,
2615 	.private_args	= (struct iw_priv_args *) atmel_private_args,
2616 	.get_wireless_stats = atmel_get_wireless_stats
2617 };
2618 
2619 static int atmel_ioctl(struct net_device *dev, struct ifreq *rq, int cmd)
2620 {
2621 	int i, rc = 0;
2622 	struct atmel_private *priv = netdev_priv(dev);
2623 	struct atmel_priv_ioctl com;
2624 	struct iwreq *wrq = (struct iwreq *) rq;
2625 	unsigned char *new_firmware;
2626 	char domain[REGDOMAINSZ + 1];
2627 
2628 	switch (cmd) {
2629 	case ATMELIDIFC:
2630 		wrq->u.param.value = ATMELMAGIC;
2631 		break;
2632 
2633 	case ATMELFWL:
2634 		if (copy_from_user(&com, rq->ifr_data, sizeof(com))) {
2635 			rc = -EFAULT;
2636 			break;
2637 		}
2638 
2639 		if (!capable(CAP_NET_ADMIN)) {
2640 			rc = -EPERM;
2641 			break;
2642 		}
2643 
2644 		new_firmware = memdup_user(com.data, com.len);
2645 		if (IS_ERR(new_firmware)) {
2646 			rc = PTR_ERR(new_firmware);
2647 			break;
2648 		}
2649 
2650 		kfree(priv->firmware);
2651 
2652 		priv->firmware = new_firmware;
2653 		priv->firmware_length = com.len;
2654 		strncpy(priv->firmware_id, com.id, 31);
2655 		priv->firmware_id[31] = '\0';
2656 		break;
2657 
2658 	case ATMELRD:
2659 		if (copy_from_user(domain, rq->ifr_data, REGDOMAINSZ)) {
2660 			rc = -EFAULT;
2661 			break;
2662 		}
2663 
2664 		if (!capable(CAP_NET_ADMIN)) {
2665 			rc = -EPERM;
2666 			break;
2667 		}
2668 
2669 		domain[REGDOMAINSZ] = 0;
2670 		rc = -EINVAL;
2671 		for (i = 0; i < ARRAY_SIZE(channel_table); i++) {
2672 			if (!strcasecmp(channel_table[i].name, domain)) {
2673 				priv->config_reg_domain = channel_table[i].reg_domain;
2674 				rc = 0;
2675 			}
2676 		}
2677 
2678 		if (rc == 0 &&  priv->station_state != STATION_STATE_DOWN)
2679 			rc = atmel_open(dev);
2680 		break;
2681 
2682 	default:
2683 		rc = -EOPNOTSUPP;
2684 	}
2685 
2686 	return rc;
2687 }
2688 
2689 struct auth_body {
2690 	__le16 alg;
2691 	__le16 trans_seq;
2692 	__le16 status;
2693 	u8 el_id;
2694 	u8 chall_text_len;
2695 	u8 chall_text[253];
2696 };
2697 
2698 static void atmel_enter_state(struct atmel_private *priv, int new_state)
2699 {
2700 	int old_state = priv->station_state;
2701 
2702 	if (new_state == old_state)
2703 		return;
2704 
2705 	priv->station_state = new_state;
2706 
2707 	if (new_state == STATION_STATE_READY) {
2708 		netif_start_queue(priv->dev);
2709 		netif_carrier_on(priv->dev);
2710 	}
2711 
2712 	if (old_state == STATION_STATE_READY) {
2713 		netif_carrier_off(priv->dev);
2714 		if (netif_running(priv->dev))
2715 			netif_stop_queue(priv->dev);
2716 		priv->last_beacon_timestamp = 0;
2717 	}
2718 }
2719 
2720 static void atmel_scan(struct atmel_private *priv, int specific_ssid)
2721 {
2722 	struct {
2723 		u8 BSSID[ETH_ALEN];
2724 		u8 SSID[MAX_SSID_LENGTH];
2725 		u8 scan_type;
2726 		u8 channel;
2727 		__le16 BSS_type;
2728 		__le16 min_channel_time;
2729 		__le16 max_channel_time;
2730 		u8 options;
2731 		u8 SSID_size;
2732 	} cmd;
2733 
2734 	eth_broadcast_addr(cmd.BSSID);
2735 
2736 	if (priv->fast_scan) {
2737 		cmd.SSID_size = priv->SSID_size;
2738 		memcpy(cmd.SSID, priv->SSID, priv->SSID_size);
2739 		cmd.min_channel_time = cpu_to_le16(10);
2740 		cmd.max_channel_time = cpu_to_le16(50);
2741 	} else {
2742 		priv->BSS_list_entries = 0;
2743 		cmd.SSID_size = 0;
2744 		cmd.min_channel_time = cpu_to_le16(10);
2745 		cmd.max_channel_time = cpu_to_le16(120);
2746 	}
2747 
2748 	cmd.options = 0;
2749 
2750 	if (!specific_ssid)
2751 		cmd.options |= SCAN_OPTIONS_SITE_SURVEY;
2752 
2753 	cmd.channel = (priv->channel & 0x7f);
2754 	cmd.scan_type = SCAN_TYPE_ACTIVE;
2755 	cmd.BSS_type = cpu_to_le16(priv->operating_mode == IW_MODE_ADHOC ?
2756 		BSS_TYPE_AD_HOC : BSS_TYPE_INFRASTRUCTURE);
2757 
2758 	atmel_send_command(priv, CMD_Scan, &cmd, sizeof(cmd));
2759 
2760 	/* This must come after all hardware access to avoid being messed up
2761 	   by stuff happening in interrupt context after we leave STATE_DOWN */
2762 	atmel_enter_state(priv, STATION_STATE_SCANNING);
2763 }
2764 
2765 static void join(struct atmel_private *priv, int type)
2766 {
2767 	struct {
2768 		u8 BSSID[6];
2769 		u8 SSID[MAX_SSID_LENGTH];
2770 		u8 BSS_type; /* this is a short in a scan command - weird */
2771 		u8 channel;
2772 		__le16 timeout;
2773 		u8 SSID_size;
2774 		u8 reserved;
2775 	} cmd;
2776 
2777 	cmd.SSID_size = priv->SSID_size;
2778 	memcpy(cmd.SSID, priv->SSID, priv->SSID_size);
2779 	memcpy(cmd.BSSID, priv->CurrentBSSID, ETH_ALEN);
2780 	cmd.channel = (priv->channel & 0x7f);
2781 	cmd.BSS_type = type;
2782 	cmd.timeout = cpu_to_le16(2000);
2783 
2784 	atmel_send_command(priv, CMD_Join, &cmd, sizeof(cmd));
2785 }
2786 
2787 static void start(struct atmel_private *priv, int type)
2788 {
2789 	struct {
2790 		u8 BSSID[6];
2791 		u8 SSID[MAX_SSID_LENGTH];
2792 		u8 BSS_type;
2793 		u8 channel;
2794 		u8 SSID_size;
2795 		u8 reserved[3];
2796 	} cmd;
2797 
2798 	cmd.SSID_size = priv->SSID_size;
2799 	memcpy(cmd.SSID, priv->SSID, priv->SSID_size);
2800 	memcpy(cmd.BSSID, priv->BSSID, ETH_ALEN);
2801 	cmd.BSS_type = type;
2802 	cmd.channel = (priv->channel & 0x7f);
2803 
2804 	atmel_send_command(priv, CMD_Start, &cmd, sizeof(cmd));
2805 }
2806 
2807 static void handle_beacon_probe(struct atmel_private *priv, u16 capability,
2808 				u8 channel)
2809 {
2810 	int rejoin = 0;
2811 	int new = capability & WLAN_CAPABILITY_SHORT_PREAMBLE ?
2812 		SHORT_PREAMBLE : LONG_PREAMBLE;
2813 
2814 	if (priv->preamble != new) {
2815 		priv->preamble = new;
2816 		rejoin = 1;
2817 		atmel_set_mib8(priv, Local_Mib_Type, LOCAL_MIB_PREAMBLE_TYPE, new);
2818 	}
2819 
2820 	if (priv->channel != channel) {
2821 		priv->channel = channel;
2822 		rejoin = 1;
2823 		atmel_set_mib8(priv, Phy_Mib_Type, PHY_MIB_CHANNEL_POS, channel);
2824 	}
2825 
2826 	if (rejoin) {
2827 		priv->station_is_associated = 0;
2828 		atmel_enter_state(priv, STATION_STATE_JOINNING);
2829 
2830 		if (priv->operating_mode == IW_MODE_INFRA)
2831 			join(priv, BSS_TYPE_INFRASTRUCTURE);
2832 		else
2833 			join(priv, BSS_TYPE_AD_HOC);
2834 	}
2835 }
2836 
2837 static void send_authentication_request(struct atmel_private *priv, u16 system,
2838 					u8 *challenge, int challenge_len)
2839 {
2840 	struct ieee80211_hdr header;
2841 	struct auth_body auth;
2842 
2843 	header.frame_control = cpu_to_le16(IEEE80211_FTYPE_MGMT | IEEE80211_STYPE_AUTH);
2844 	header.duration_id = cpu_to_le16(0x8000);
2845 	header.seq_ctrl = 0;
2846 	memcpy(header.addr1, priv->CurrentBSSID, ETH_ALEN);
2847 	memcpy(header.addr2, priv->dev->dev_addr, ETH_ALEN);
2848 	memcpy(header.addr3, priv->CurrentBSSID, ETH_ALEN);
2849 
2850 	if (priv->wep_is_on && priv->CurrentAuthentTransactionSeqNum != 1)
2851 		/* no WEP for authentication frames with TrSeqNo 1 */
2852 		header.frame_control |=  cpu_to_le16(IEEE80211_FCTL_PROTECTED);
2853 
2854 	auth.alg = cpu_to_le16(system);
2855 
2856 	auth.status = 0;
2857 	auth.trans_seq = cpu_to_le16(priv->CurrentAuthentTransactionSeqNum);
2858 	priv->ExpectedAuthentTransactionSeqNum = priv->CurrentAuthentTransactionSeqNum+1;
2859 	priv->CurrentAuthentTransactionSeqNum += 2;
2860 
2861 	if (challenge_len != 0)	{
2862 		auth.el_id = 16; /* challenge_text */
2863 		auth.chall_text_len = challenge_len;
2864 		memcpy(auth.chall_text, challenge, challenge_len);
2865 		atmel_transmit_management_frame(priv, &header, (u8 *)&auth, 8 + challenge_len);
2866 	} else {
2867 		atmel_transmit_management_frame(priv, &header, (u8 *)&auth, 6);
2868 	}
2869 }
2870 
2871 static void send_association_request(struct atmel_private *priv, int is_reassoc)
2872 {
2873 	u8 *ssid_el_p;
2874 	int bodysize;
2875 	struct ieee80211_hdr header;
2876 	struct ass_req_format {
2877 		__le16 capability;
2878 		__le16 listen_interval;
2879 		u8 ap[ETH_ALEN]; /* nothing after here directly accessible */
2880 		u8 ssid_el_id;
2881 		u8 ssid_len;
2882 		u8 ssid[MAX_SSID_LENGTH];
2883 		u8 sup_rates_el_id;
2884 		u8 sup_rates_len;
2885 		u8 rates[4];
2886 	} body;
2887 
2888 	header.frame_control = cpu_to_le16(IEEE80211_FTYPE_MGMT |
2889 		(is_reassoc ? IEEE80211_STYPE_REASSOC_REQ : IEEE80211_STYPE_ASSOC_REQ));
2890 	header.duration_id = cpu_to_le16(0x8000);
2891 	header.seq_ctrl = 0;
2892 
2893 	memcpy(header.addr1, priv->CurrentBSSID, ETH_ALEN);
2894 	memcpy(header.addr2, priv->dev->dev_addr, ETH_ALEN);
2895 	memcpy(header.addr3, priv->CurrentBSSID, ETH_ALEN);
2896 
2897 	body.capability = cpu_to_le16(WLAN_CAPABILITY_ESS);
2898 	if (priv->wep_is_on)
2899 		body.capability |= cpu_to_le16(WLAN_CAPABILITY_PRIVACY);
2900 	if (priv->preamble == SHORT_PREAMBLE)
2901 		body.capability |= cpu_to_le16(WLAN_CAPABILITY_SHORT_PREAMBLE);
2902 
2903 	body.listen_interval = cpu_to_le16(priv->listen_interval * priv->beacon_period);
2904 
2905 	/* current AP address - only in reassoc frame */
2906 	if (is_reassoc) {
2907 		memcpy(body.ap, priv->CurrentBSSID, ETH_ALEN);
2908 		ssid_el_p = &body.ssid_el_id;
2909 		bodysize = 18 + priv->SSID_size;
2910 	} else {
2911 		ssid_el_p = &body.ap[0];
2912 		bodysize = 12 + priv->SSID_size;
2913 	}
2914 
2915 	ssid_el_p[0] = WLAN_EID_SSID;
2916 	ssid_el_p[1] = priv->SSID_size;
2917 	memcpy(ssid_el_p + 2, priv->SSID, priv->SSID_size);
2918 	ssid_el_p[2 + priv->SSID_size] = WLAN_EID_SUPP_RATES;
2919 	ssid_el_p[3 + priv->SSID_size] = 4; /* len of supported rates */
2920 	memcpy(ssid_el_p + 4 + priv->SSID_size, atmel_basic_rates, 4);
2921 
2922 	atmel_transmit_management_frame(priv, &header, (void *)&body, bodysize);
2923 }
2924 
2925 static int is_frame_from_current_bss(struct atmel_private *priv,
2926 				     struct ieee80211_hdr *header)
2927 {
2928 	if (le16_to_cpu(header->frame_control) & IEEE80211_FCTL_FROMDS)
2929 		return memcmp(header->addr3, priv->CurrentBSSID, 6) == 0;
2930 	else
2931 		return memcmp(header->addr2, priv->CurrentBSSID, 6) == 0;
2932 }
2933 
2934 static int retrieve_bss(struct atmel_private *priv)
2935 {
2936 	int i;
2937 	int max_rssi = -128;
2938 	int max_index = -1;
2939 
2940 	if (priv->BSS_list_entries == 0)
2941 		return -1;
2942 
2943 	if (priv->connect_to_any_BSS) {
2944 		/* Select a BSS with the max-RSSI but of the same type and of
2945 		   the same WEP mode and that it is not marked as 'bad' (i.e.
2946 		   we had previously failed to connect to this BSS with the
2947 		   settings that we currently use) */
2948 		priv->current_BSS = 0;
2949 		for (i = 0; i < priv->BSS_list_entries; i++) {
2950 			if (priv->operating_mode == priv->BSSinfo[i].BSStype &&
2951 			    ((!priv->wep_is_on && !priv->BSSinfo[i].UsingWEP) ||
2952 			     (priv->wep_is_on && priv->BSSinfo[i].UsingWEP)) &&
2953 			    !(priv->BSSinfo[i].channel & 0x80)) {
2954 				max_rssi = priv->BSSinfo[i].RSSI;
2955 				priv->current_BSS = max_index = i;
2956 			}
2957 		}
2958 		return max_index;
2959 	}
2960 
2961 	for (i = 0; i < priv->BSS_list_entries; i++) {
2962 		if (priv->SSID_size == priv->BSSinfo[i].SSIDsize &&
2963 		    memcmp(priv->SSID, priv->BSSinfo[i].SSID, priv->SSID_size) == 0 &&
2964 		    priv->operating_mode == priv->BSSinfo[i].BSStype &&
2965 		    atmel_validate_channel(priv, priv->BSSinfo[i].channel) == 0) {
2966 			if (priv->BSSinfo[i].RSSI >= max_rssi) {
2967 				max_rssi = priv->BSSinfo[i].RSSI;
2968 				max_index = i;
2969 			}
2970 		}
2971 	}
2972 	return max_index;
2973 }
2974 
2975 static void store_bss_info(struct atmel_private *priv,
2976 			   struct ieee80211_hdr *header, u16 capability,
2977 			   u16 beacon_period, u8 channel, u8 rssi, u8 ssid_len,
2978 			   u8 *ssid, int is_beacon)
2979 {
2980 	u8 *bss = capability & WLAN_CAPABILITY_ESS ? header->addr2 : header->addr3;
2981 	int i, index;
2982 
2983 	for (index = -1, i = 0; i < priv->BSS_list_entries; i++)
2984 		if (memcmp(bss, priv->BSSinfo[i].BSSID, ETH_ALEN) == 0)
2985 			index = i;
2986 
2987 	/* If we process a probe and an entry from this BSS exists
2988 	   we will update the BSS entry with the info from this BSS.
2989 	   If we process a beacon we will only update RSSI */
2990 
2991 	if (index == -1) {
2992 		if (priv->BSS_list_entries == MAX_BSS_ENTRIES)
2993 			return;
2994 		index = priv->BSS_list_entries++;
2995 		memcpy(priv->BSSinfo[index].BSSID, bss, ETH_ALEN);
2996 		priv->BSSinfo[index].RSSI = rssi;
2997 	} else {
2998 		if (rssi > priv->BSSinfo[index].RSSI)
2999 			priv->BSSinfo[index].RSSI = rssi;
3000 		if (is_beacon)
3001 			return;
3002 	}
3003 
3004 	priv->BSSinfo[index].channel = channel;
3005 	priv->BSSinfo[index].beacon_period = beacon_period;
3006 	priv->BSSinfo[index].UsingWEP = capability & WLAN_CAPABILITY_PRIVACY;
3007 	memcpy(priv->BSSinfo[index].SSID, ssid, ssid_len);
3008 	priv->BSSinfo[index].SSIDsize = ssid_len;
3009 
3010 	if (capability & WLAN_CAPABILITY_IBSS)
3011 		priv->BSSinfo[index].BSStype = IW_MODE_ADHOC;
3012 	else if (capability & WLAN_CAPABILITY_ESS)
3013 		priv->BSSinfo[index].BSStype = IW_MODE_INFRA;
3014 
3015 	priv->BSSinfo[index].preamble = capability & WLAN_CAPABILITY_SHORT_PREAMBLE ?
3016 		SHORT_PREAMBLE : LONG_PREAMBLE;
3017 }
3018 
3019 static void authenticate(struct atmel_private *priv, u16 frame_len)
3020 {
3021 	struct auth_body *auth = (struct auth_body *)priv->rx_buf;
3022 	u16 status = le16_to_cpu(auth->status);
3023 	u16 trans_seq_no = le16_to_cpu(auth->trans_seq);
3024 	u16 system = le16_to_cpu(auth->alg);
3025 
3026 	if (status == WLAN_STATUS_SUCCESS && !priv->wep_is_on) {
3027 		/* no WEP */
3028 		if (priv->station_was_associated) {
3029 			atmel_enter_state(priv, STATION_STATE_REASSOCIATING);
3030 			send_association_request(priv, 1);
3031 			return;
3032 		} else {
3033 			atmel_enter_state(priv, STATION_STATE_ASSOCIATING);
3034 			send_association_request(priv, 0);
3035 			return;
3036 		}
3037 	}
3038 
3039 	if (status == WLAN_STATUS_SUCCESS && priv->wep_is_on) {
3040 		int should_associate = 0;
3041 		/* WEP */
3042 		if (trans_seq_no != priv->ExpectedAuthentTransactionSeqNum)
3043 			return;
3044 
3045 		if (system == WLAN_AUTH_OPEN) {
3046 			if (trans_seq_no == 0x0002) {
3047 				should_associate = 1;
3048 			}
3049 		} else if (system == WLAN_AUTH_SHARED_KEY) {
3050 			if (trans_seq_no == 0x0002 &&
3051 			    auth->el_id == WLAN_EID_CHALLENGE) {
3052 				send_authentication_request(priv, system, auth->chall_text, auth->chall_text_len);
3053 				return;
3054 			} else if (trans_seq_no == 0x0004) {
3055 				should_associate = 1;
3056 			}
3057 		}
3058 
3059 		if (should_associate) {
3060 			if (priv->station_was_associated) {
3061 				atmel_enter_state(priv, STATION_STATE_REASSOCIATING);
3062 				send_association_request(priv, 1);
3063 				return;
3064 			} else {
3065 				atmel_enter_state(priv, STATION_STATE_ASSOCIATING);
3066 				send_association_request(priv, 0);
3067 				return;
3068 			}
3069 		}
3070 	}
3071 
3072 	if (status == WLAN_STATUS_NOT_SUPPORTED_AUTH_ALG) {
3073 		/* Flip back and forth between WEP auth modes until the max
3074 		 * authentication tries has been exceeded.
3075 		 */
3076 		if (system == WLAN_AUTH_OPEN) {
3077 			priv->CurrentAuthentTransactionSeqNum = 0x001;
3078 			priv->exclude_unencrypted = 1;
3079 			send_authentication_request(priv, WLAN_AUTH_SHARED_KEY, NULL, 0);
3080 			return;
3081 		} else if (system == WLAN_AUTH_SHARED_KEY
3082 			   && priv->wep_is_on) {
3083 			priv->CurrentAuthentTransactionSeqNum = 0x001;
3084 			priv->exclude_unencrypted = 0;
3085 			send_authentication_request(priv, WLAN_AUTH_OPEN, NULL, 0);
3086 			return;
3087 		} else if (priv->connect_to_any_BSS) {
3088 			int bss_index;
3089 
3090 			priv->BSSinfo[(int)(priv->current_BSS)].channel |= 0x80;
3091 
3092 			if ((bss_index  = retrieve_bss(priv)) != -1) {
3093 				atmel_join_bss(priv, bss_index);
3094 				return;
3095 			}
3096 		}
3097 	}
3098 
3099 	priv->AuthenticationRequestRetryCnt = 0;
3100 	atmel_enter_state(priv,  STATION_STATE_MGMT_ERROR);
3101 	priv->station_is_associated = 0;
3102 }
3103 
3104 static void associate(struct atmel_private *priv, u16 frame_len, u16 subtype)
3105 {
3106 	struct ass_resp_format {
3107 		__le16 capability;
3108 		__le16 status;
3109 		__le16 ass_id;
3110 		u8 el_id;
3111 		u8 length;
3112 		u8 rates[4];
3113 	} *ass_resp = (struct ass_resp_format *)priv->rx_buf;
3114 
3115 	u16 status = le16_to_cpu(ass_resp->status);
3116 	u16 ass_id = le16_to_cpu(ass_resp->ass_id);
3117 	u16 rates_len = ass_resp->length > 4 ? 4 : ass_resp->length;
3118 
3119 	union iwreq_data wrqu;
3120 
3121 	if (frame_len < 8 + rates_len)
3122 		return;
3123 
3124 	if (status == WLAN_STATUS_SUCCESS) {
3125 		if (subtype == IEEE80211_STYPE_ASSOC_RESP)
3126 			priv->AssociationRequestRetryCnt = 0;
3127 		else
3128 			priv->ReAssociationRequestRetryCnt = 0;
3129 
3130 		atmel_set_mib16(priv, Mac_Mgmt_Mib_Type,
3131 				MAC_MGMT_MIB_STATION_ID_POS, ass_id & 0x3fff);
3132 		atmel_set_mib(priv, Phy_Mib_Type,
3133 			      PHY_MIB_RATE_SET_POS, ass_resp->rates, rates_len);
3134 		if (priv->power_mode == 0) {
3135 			priv->listen_interval = 1;
3136 			atmel_set_mib8(priv, Mac_Mgmt_Mib_Type,
3137 				       MAC_MGMT_MIB_PS_MODE_POS, ACTIVE_MODE);
3138 			atmel_set_mib16(priv, Mac_Mgmt_Mib_Type,
3139 					MAC_MGMT_MIB_LISTEN_INTERVAL_POS, 1);
3140 		} else {
3141 			priv->listen_interval = 2;
3142 			atmel_set_mib8(priv, Mac_Mgmt_Mib_Type,
3143 				       MAC_MGMT_MIB_PS_MODE_POS,  PS_MODE);
3144 			atmel_set_mib16(priv, Mac_Mgmt_Mib_Type,
3145 					MAC_MGMT_MIB_LISTEN_INTERVAL_POS, 2);
3146 		}
3147 
3148 		priv->station_is_associated = 1;
3149 		priv->station_was_associated = 1;
3150 		atmel_enter_state(priv, STATION_STATE_READY);
3151 
3152 		/* Send association event to userspace */
3153 		wrqu.data.length = 0;
3154 		wrqu.data.flags = 0;
3155 		memcpy(wrqu.ap_addr.sa_data, priv->CurrentBSSID, ETH_ALEN);
3156 		wrqu.ap_addr.sa_family = ARPHRD_ETHER;
3157 		wireless_send_event(priv->dev, SIOCGIWAP, &wrqu, NULL);
3158 
3159 		return;
3160 	}
3161 
3162 	if (subtype == IEEE80211_STYPE_ASSOC_RESP &&
3163 	    status != WLAN_STATUS_ASSOC_DENIED_RATES &&
3164 	    status != WLAN_STATUS_CAPS_UNSUPPORTED &&
3165 	    priv->AssociationRequestRetryCnt < MAX_ASSOCIATION_RETRIES) {
3166 		mod_timer(&priv->management_timer, jiffies + MGMT_JIFFIES);
3167 		priv->AssociationRequestRetryCnt++;
3168 		send_association_request(priv, 0);
3169 		return;
3170 	}
3171 
3172 	if (subtype == IEEE80211_STYPE_REASSOC_RESP &&
3173 	    status != WLAN_STATUS_ASSOC_DENIED_RATES &&
3174 	    status != WLAN_STATUS_CAPS_UNSUPPORTED &&
3175 	    priv->ReAssociationRequestRetryCnt < MAX_ASSOCIATION_RETRIES) {
3176 		mod_timer(&priv->management_timer, jiffies + MGMT_JIFFIES);
3177 		priv->ReAssociationRequestRetryCnt++;
3178 		send_association_request(priv, 1);
3179 		return;
3180 	}
3181 
3182 	atmel_enter_state(priv,  STATION_STATE_MGMT_ERROR);
3183 	priv->station_is_associated = 0;
3184 
3185 	if (priv->connect_to_any_BSS) {
3186 		int bss_index;
3187 		priv->BSSinfo[(int)(priv->current_BSS)].channel |= 0x80;
3188 
3189 		if ((bss_index = retrieve_bss(priv)) != -1)
3190 			atmel_join_bss(priv, bss_index);
3191 	}
3192 }
3193 
3194 static void atmel_join_bss(struct atmel_private *priv, int bss_index)
3195 {
3196 	struct bss_info *bss =  &priv->BSSinfo[bss_index];
3197 
3198 	memcpy(priv->CurrentBSSID, bss->BSSID, ETH_ALEN);
3199 	memcpy(priv->SSID, bss->SSID, priv->SSID_size = bss->SSIDsize);
3200 
3201 	/* The WPA stuff cares about the current AP address */
3202 	if (priv->use_wpa)
3203 		build_wpa_mib(priv);
3204 
3205 	/* When switching to AdHoc turn OFF Power Save if needed */
3206 
3207 	if (bss->BSStype == IW_MODE_ADHOC &&
3208 	    priv->operating_mode != IW_MODE_ADHOC &&
3209 	    priv->power_mode) {
3210 		priv->power_mode = 0;
3211 		priv->listen_interval = 1;
3212 		atmel_set_mib8(priv, Mac_Mgmt_Mib_Type,
3213 			       MAC_MGMT_MIB_PS_MODE_POS,  ACTIVE_MODE);
3214 		atmel_set_mib16(priv, Mac_Mgmt_Mib_Type,
3215 				MAC_MGMT_MIB_LISTEN_INTERVAL_POS, 1);
3216 	}
3217 
3218 	priv->operating_mode = bss->BSStype;
3219 	priv->channel = bss->channel & 0x7f;
3220 	priv->beacon_period = bss->beacon_period;
3221 
3222 	if (priv->preamble != bss->preamble) {
3223 		priv->preamble = bss->preamble;
3224 		atmel_set_mib8(priv, Local_Mib_Type,
3225 			       LOCAL_MIB_PREAMBLE_TYPE, bss->preamble);
3226 	}
3227 
3228 	if (!priv->wep_is_on && bss->UsingWEP) {
3229 		atmel_enter_state(priv, STATION_STATE_MGMT_ERROR);
3230 		priv->station_is_associated = 0;
3231 		return;
3232 	}
3233 
3234 	if (priv->wep_is_on && !bss->UsingWEP) {
3235 		atmel_enter_state(priv, STATION_STATE_MGMT_ERROR);
3236 		priv->station_is_associated = 0;
3237 		return;
3238 	}
3239 
3240 	atmel_enter_state(priv, STATION_STATE_JOINNING);
3241 
3242 	if (priv->operating_mode == IW_MODE_INFRA)
3243 		join(priv, BSS_TYPE_INFRASTRUCTURE);
3244 	else
3245 		join(priv, BSS_TYPE_AD_HOC);
3246 }
3247 
3248 static void restart_search(struct atmel_private *priv)
3249 {
3250 	int bss_index;
3251 
3252 	if (!priv->connect_to_any_BSS) {
3253 		atmel_scan(priv, 1);
3254 	} else {
3255 		priv->BSSinfo[(int)(priv->current_BSS)].channel |= 0x80;
3256 
3257 		if ((bss_index = retrieve_bss(priv)) != -1)
3258 			atmel_join_bss(priv, bss_index);
3259 		else
3260 			atmel_scan(priv, 0);
3261 	}
3262 }
3263 
3264 static void smooth_rssi(struct atmel_private *priv, u8 rssi)
3265 {
3266 	u8 old = priv->wstats.qual.level;
3267 	u8 max_rssi = 42; /* 502-rmfd-revd max by experiment, default for now */
3268 
3269 	switch (priv->firmware_type) {
3270 	case ATMEL_FW_TYPE_502E:
3271 		max_rssi = 63; /* 502-rmfd-reve max by experiment */
3272 		break;
3273 	default:
3274 		break;
3275 	}
3276 
3277 	rssi = rssi * 100 / max_rssi;
3278 	if ((rssi + old) % 2)
3279 		priv->wstats.qual.level = (rssi + old) / 2 + 1;
3280 	else
3281 		priv->wstats.qual.level = (rssi + old) / 2;
3282 	priv->wstats.qual.updated |= IW_QUAL_LEVEL_UPDATED;
3283 	priv->wstats.qual.updated &= ~IW_QUAL_LEVEL_INVALID;
3284 }
3285 
3286 static void atmel_smooth_qual(struct atmel_private *priv)
3287 {
3288 	unsigned long time_diff = (jiffies - priv->last_qual) / HZ;
3289 	while (time_diff--) {
3290 		priv->last_qual += HZ;
3291 		priv->wstats.qual.qual = priv->wstats.qual.qual / 2;
3292 		priv->wstats.qual.qual +=
3293 			priv->beacons_this_sec * priv->beacon_period * (priv->wstats.qual.level + 100) / 4000;
3294 		priv->beacons_this_sec = 0;
3295 	}
3296 	priv->wstats.qual.updated |= IW_QUAL_QUAL_UPDATED;
3297 	priv->wstats.qual.updated &= ~IW_QUAL_QUAL_INVALID;
3298 }
3299 
3300 /* deals with incoming management frames. */
3301 static void atmel_management_frame(struct atmel_private *priv,
3302 				   struct ieee80211_hdr *header,
3303 				   u16 frame_len, u8 rssi)
3304 {
3305 	u16 subtype;
3306 
3307 	subtype = le16_to_cpu(header->frame_control) & IEEE80211_FCTL_STYPE;
3308 	switch (subtype) {
3309 	case IEEE80211_STYPE_BEACON:
3310 	case IEEE80211_STYPE_PROBE_RESP:
3311 
3312 		/* beacon frame has multiple variable-length fields -
3313 		   never let an engineer loose with a data structure design. */
3314 		{
3315 			struct beacon_format {
3316 				__le64 timestamp;
3317 				__le16 interval;
3318 				__le16 capability;
3319 				u8 ssid_el_id;
3320 				u8 ssid_length;
3321 				/* ssid here */
3322 				u8 rates_el_id;
3323 				u8 rates_length;
3324 				/* rates here */
3325 				u8 ds_el_id;
3326 				u8 ds_length;
3327 				/* ds here */
3328 			} *beacon = (struct beacon_format *)priv->rx_buf;
3329 
3330 			u8 channel, rates_length, ssid_length;
3331 			u64 timestamp = le64_to_cpu(beacon->timestamp);
3332 			u16 beacon_interval = le16_to_cpu(beacon->interval);
3333 			u16 capability = le16_to_cpu(beacon->capability);
3334 			u8 *beaconp = priv->rx_buf;
3335 			ssid_length = beacon->ssid_length;
3336 			/* this blows chunks. */
3337 			if (frame_len < 14 || frame_len < ssid_length + 15)
3338 				return;
3339 			rates_length = beaconp[beacon->ssid_length + 15];
3340 			if (frame_len < ssid_length + rates_length + 18)
3341 				return;
3342 			if (ssid_length >  MAX_SSID_LENGTH)
3343 				return;
3344 			channel = beaconp[ssid_length + rates_length + 18];
3345 
3346 			if (priv->station_state == STATION_STATE_READY) {
3347 				smooth_rssi(priv, rssi);
3348 				if (is_frame_from_current_bss(priv, header)) {
3349 					priv->beacons_this_sec++;
3350 					atmel_smooth_qual(priv);
3351 					if (priv->last_beacon_timestamp) {
3352 						/* Note truncate this to 32 bits - kernel can't divide a long */
3353 						u32 beacon_delay = timestamp - priv->last_beacon_timestamp;
3354 						int beacons = beacon_delay / (beacon_interval * 1000);
3355 						if (beacons > 1)
3356 							priv->wstats.miss.beacon += beacons - 1;
3357 					}
3358 					priv->last_beacon_timestamp = timestamp;
3359 					handle_beacon_probe(priv, capability, channel);
3360 				}
3361 			}
3362 
3363 			if (priv->station_state == STATION_STATE_SCANNING)
3364 				store_bss_info(priv, header, capability,
3365 					       beacon_interval, channel, rssi,
3366 					       ssid_length,
3367 					       &beacon->rates_el_id,
3368 					       subtype == IEEE80211_STYPE_BEACON);
3369 		}
3370 		break;
3371 
3372 	case IEEE80211_STYPE_AUTH:
3373 
3374 		if (priv->station_state == STATION_STATE_AUTHENTICATING)
3375 			authenticate(priv, frame_len);
3376 
3377 		break;
3378 
3379 	case IEEE80211_STYPE_ASSOC_RESP:
3380 	case IEEE80211_STYPE_REASSOC_RESP:
3381 
3382 		if (priv->station_state == STATION_STATE_ASSOCIATING ||
3383 		    priv->station_state == STATION_STATE_REASSOCIATING)
3384 			associate(priv, frame_len, subtype);
3385 
3386 		break;
3387 
3388 	case IEEE80211_STYPE_DISASSOC:
3389 		if (priv->station_is_associated &&
3390 		    priv->operating_mode == IW_MODE_INFRA &&
3391 		    is_frame_from_current_bss(priv, header)) {
3392 			priv->station_was_associated = 0;
3393 			priv->station_is_associated = 0;
3394 
3395 			atmel_enter_state(priv, STATION_STATE_JOINNING);
3396 			join(priv, BSS_TYPE_INFRASTRUCTURE);
3397 		}
3398 
3399 		break;
3400 
3401 	case IEEE80211_STYPE_DEAUTH:
3402 		if (priv->operating_mode == IW_MODE_INFRA &&
3403 		    is_frame_from_current_bss(priv, header)) {
3404 			priv->station_was_associated = 0;
3405 
3406 			atmel_enter_state(priv, STATION_STATE_JOINNING);
3407 			join(priv, BSS_TYPE_INFRASTRUCTURE);
3408 		}
3409 
3410 		break;
3411 	}
3412 }
3413 
3414 /* run when timer expires */
3415 static void atmel_management_timer(struct timer_list *t)
3416 {
3417 	struct atmel_private *priv = from_timer(priv, t, management_timer);
3418 	unsigned long flags;
3419 
3420 	/* Check if the card has been yanked. */
3421 	if (priv->card && priv->present_callback &&
3422 		!(*priv->present_callback)(priv->card))
3423 		return;
3424 
3425 	spin_lock_irqsave(&priv->irqlock, flags);
3426 
3427 	switch (priv->station_state) {
3428 
3429 	case STATION_STATE_AUTHENTICATING:
3430 		if (priv->AuthenticationRequestRetryCnt >= MAX_AUTHENTICATION_RETRIES) {
3431 			atmel_enter_state(priv, STATION_STATE_MGMT_ERROR);
3432 			priv->station_is_associated = 0;
3433 			priv->AuthenticationRequestRetryCnt = 0;
3434 			restart_search(priv);
3435 		} else {
3436 			int auth = WLAN_AUTH_OPEN;
3437 			priv->AuthenticationRequestRetryCnt++;
3438 			priv->CurrentAuthentTransactionSeqNum = 0x0001;
3439 			mod_timer(&priv->management_timer, jiffies + MGMT_JIFFIES);
3440 			if (priv->wep_is_on && priv->exclude_unencrypted)
3441 				auth = WLAN_AUTH_SHARED_KEY;
3442 			send_authentication_request(priv, auth, NULL, 0);
3443 	  }
3444 	  break;
3445 
3446 	case STATION_STATE_ASSOCIATING:
3447 		if (priv->AssociationRequestRetryCnt == MAX_ASSOCIATION_RETRIES) {
3448 			atmel_enter_state(priv, STATION_STATE_MGMT_ERROR);
3449 			priv->station_is_associated = 0;
3450 			priv->AssociationRequestRetryCnt = 0;
3451 			restart_search(priv);
3452 		} else {
3453 			priv->AssociationRequestRetryCnt++;
3454 			mod_timer(&priv->management_timer, jiffies + MGMT_JIFFIES);
3455 			send_association_request(priv, 0);
3456 		}
3457 	  break;
3458 
3459 	case STATION_STATE_REASSOCIATING:
3460 		if (priv->ReAssociationRequestRetryCnt == MAX_ASSOCIATION_RETRIES) {
3461 			atmel_enter_state(priv, STATION_STATE_MGMT_ERROR);
3462 			priv->station_is_associated = 0;
3463 			priv->ReAssociationRequestRetryCnt = 0;
3464 			restart_search(priv);
3465 		} else {
3466 			priv->ReAssociationRequestRetryCnt++;
3467 			mod_timer(&priv->management_timer, jiffies + MGMT_JIFFIES);
3468 			send_association_request(priv, 1);
3469 		}
3470 		break;
3471 
3472 	default:
3473 		break;
3474 	}
3475 
3476 	spin_unlock_irqrestore(&priv->irqlock, flags);
3477 }
3478 
3479 static void atmel_command_irq(struct atmel_private *priv)
3480 {
3481 	u8 status = atmel_rmem8(priv, atmel_co(priv, CMD_BLOCK_STATUS_OFFSET));
3482 	u8 command = atmel_rmem8(priv, atmel_co(priv, CMD_BLOCK_COMMAND_OFFSET));
3483 	int fast_scan;
3484 	union iwreq_data wrqu;
3485 
3486 	if (status == CMD_STATUS_IDLE ||
3487 	    status == CMD_STATUS_IN_PROGRESS)
3488 		return;
3489 
3490 	switch (command) {
3491 	case CMD_Start:
3492 		if (status == CMD_STATUS_COMPLETE) {
3493 			priv->station_was_associated = priv->station_is_associated;
3494 			atmel_get_mib(priv, Mac_Mgmt_Mib_Type, MAC_MGMT_MIB_CUR_BSSID_POS,
3495 				      (u8 *)priv->CurrentBSSID, 6);
3496 			atmel_enter_state(priv, STATION_STATE_READY);
3497 		}
3498 		break;
3499 
3500 	case CMD_Scan:
3501 		fast_scan = priv->fast_scan;
3502 		priv->fast_scan = 0;
3503 
3504 		if (status != CMD_STATUS_COMPLETE) {
3505 			atmel_scan(priv, 1);
3506 		} else {
3507 			int bss_index = retrieve_bss(priv);
3508 			int notify_scan_complete = 1;
3509 			if (bss_index != -1) {
3510 				atmel_join_bss(priv, bss_index);
3511 			} else if (priv->operating_mode == IW_MODE_ADHOC &&
3512 				   priv->SSID_size != 0) {
3513 				start(priv, BSS_TYPE_AD_HOC);
3514 			} else {
3515 				priv->fast_scan = !fast_scan;
3516 				atmel_scan(priv, 1);
3517 				notify_scan_complete = 0;
3518 			}
3519 			priv->site_survey_state = SITE_SURVEY_COMPLETED;
3520 			if (notify_scan_complete) {
3521 				wrqu.data.length = 0;
3522 				wrqu.data.flags = 0;
3523 				wireless_send_event(priv->dev, SIOCGIWSCAN, &wrqu, NULL);
3524 			}
3525 		}
3526 		break;
3527 
3528 	case CMD_SiteSurvey:
3529 		priv->fast_scan = 0;
3530 
3531 		if (status != CMD_STATUS_COMPLETE)
3532 			return;
3533 
3534 		priv->site_survey_state = SITE_SURVEY_COMPLETED;
3535 		if (priv->station_is_associated) {
3536 			atmel_enter_state(priv, STATION_STATE_READY);
3537 			wrqu.data.length = 0;
3538 			wrqu.data.flags = 0;
3539 			wireless_send_event(priv->dev, SIOCGIWSCAN, &wrqu, NULL);
3540 		} else {
3541 			atmel_scan(priv, 1);
3542 		}
3543 		break;
3544 
3545 	case CMD_Join:
3546 		if (status == CMD_STATUS_COMPLETE) {
3547 			if (priv->operating_mode == IW_MODE_ADHOC) {
3548 				priv->station_was_associated = priv->station_is_associated;
3549 				atmel_enter_state(priv, STATION_STATE_READY);
3550 			} else {
3551 				int auth = WLAN_AUTH_OPEN;
3552 				priv->AuthenticationRequestRetryCnt = 0;
3553 				atmel_enter_state(priv, STATION_STATE_AUTHENTICATING);
3554 
3555 				mod_timer(&priv->management_timer, jiffies + MGMT_JIFFIES);
3556 				priv->CurrentAuthentTransactionSeqNum = 0x0001;
3557 				if (priv->wep_is_on && priv->exclude_unencrypted)
3558 					auth = WLAN_AUTH_SHARED_KEY;
3559 				send_authentication_request(priv, auth, NULL, 0);
3560 			}
3561 			return;
3562 		}
3563 
3564 		atmel_scan(priv, 1);
3565 	}
3566 }
3567 
3568 static int atmel_wakeup_firmware(struct atmel_private *priv)
3569 {
3570 	struct host_info_struct *iface = &priv->host_info;
3571 	u16 mr1, mr3;
3572 	int i;
3573 
3574 	if (priv->card_type == CARD_TYPE_SPI_FLASH)
3575 		atmel_set_gcr(priv->dev, GCR_REMAP);
3576 
3577 	/* wake up on-board processor */
3578 	atmel_clear_gcr(priv->dev, 0x0040);
3579 	atmel_write16(priv->dev, BSR, BSS_SRAM);
3580 
3581 	if (priv->card_type == CARD_TYPE_SPI_FLASH)
3582 		mdelay(100);
3583 
3584 	/* and wait for it */
3585 	for (i = LOOP_RETRY_LIMIT; i; i--) {
3586 		mr1 = atmel_read16(priv->dev, MR1);
3587 		mr3 = atmel_read16(priv->dev, MR3);
3588 
3589 		if (mr3 & MAC_BOOT_COMPLETE)
3590 			break;
3591 		if (mr1 & MAC_BOOT_COMPLETE &&
3592 		    priv->bus_type == BUS_TYPE_PCCARD)
3593 			break;
3594 	}
3595 
3596 	if (i == 0) {
3597 		printk(KERN_ALERT "%s: MAC failed to boot.\n", priv->dev->name);
3598 		return -EIO;
3599 	}
3600 
3601 	if ((priv->host_info_base = atmel_read16(priv->dev, MR2)) == 0xffff) {
3602 		printk(KERN_ALERT "%s: card missing.\n", priv->dev->name);
3603 		return -ENODEV;
3604 	}
3605 
3606 	/* now check for completion of MAC initialization through
3607 	   the FunCtrl field of the IFACE, poll MR1 to detect completion of
3608 	   MAC initialization, check completion status, set interrupt mask,
3609 	   enables interrupts and calls Tx and Rx initialization functions */
3610 
3611 	atmel_wmem8(priv, atmel_hi(priv, IFACE_FUNC_CTRL_OFFSET), FUNC_CTRL_INIT_COMPLETE);
3612 
3613 	for (i = LOOP_RETRY_LIMIT; i; i--) {
3614 		mr1 = atmel_read16(priv->dev, MR1);
3615 		mr3 = atmel_read16(priv->dev, MR3);
3616 
3617 		if (mr3 & MAC_INIT_COMPLETE)
3618 			break;
3619 		if (mr1 & MAC_INIT_COMPLETE &&
3620 		    priv->bus_type == BUS_TYPE_PCCARD)
3621 			break;
3622 	}
3623 
3624 	if (i == 0) {
3625 		printk(KERN_ALERT "%s: MAC failed to initialise.\n",
3626 				priv->dev->name);
3627 		return -EIO;
3628 	}
3629 
3630 	/* Check for MAC_INIT_OK only on the register that the MAC_INIT_OK was set */
3631 	if ((mr3 & MAC_INIT_COMPLETE) &&
3632 	    !(atmel_read16(priv->dev, MR3) & MAC_INIT_OK)) {
3633 		printk(KERN_ALERT "%s: MAC failed MR3 self-test.\n", priv->dev->name);
3634 		return -EIO;
3635 	}
3636 	if ((mr1 & MAC_INIT_COMPLETE) &&
3637 	    !(atmel_read16(priv->dev, MR1) & MAC_INIT_OK)) {
3638 		printk(KERN_ALERT "%s: MAC failed MR1 self-test.\n", priv->dev->name);
3639 		return -EIO;
3640 	}
3641 
3642 	atmel_copy_to_host(priv->dev, (unsigned char *)iface,
3643 			   priv->host_info_base, sizeof(*iface));
3644 
3645 	iface->tx_buff_pos = le16_to_cpu(iface->tx_buff_pos);
3646 	iface->tx_buff_size = le16_to_cpu(iface->tx_buff_size);
3647 	iface->tx_desc_pos = le16_to_cpu(iface->tx_desc_pos);
3648 	iface->tx_desc_count = le16_to_cpu(iface->tx_desc_count);
3649 	iface->rx_buff_pos = le16_to_cpu(iface->rx_buff_pos);
3650 	iface->rx_buff_size = le16_to_cpu(iface->rx_buff_size);
3651 	iface->rx_desc_pos = le16_to_cpu(iface->rx_desc_pos);
3652 	iface->rx_desc_count = le16_to_cpu(iface->rx_desc_count);
3653 	iface->build_version = le16_to_cpu(iface->build_version);
3654 	iface->command_pos = le16_to_cpu(iface->command_pos);
3655 	iface->major_version = le16_to_cpu(iface->major_version);
3656 	iface->minor_version = le16_to_cpu(iface->minor_version);
3657 	iface->func_ctrl = le16_to_cpu(iface->func_ctrl);
3658 	iface->mac_status = le16_to_cpu(iface->mac_status);
3659 
3660 	return 0;
3661 }
3662 
3663 /* determine type of memory and MAC address */
3664 static int probe_atmel_card(struct net_device *dev)
3665 {
3666 	int rc = 0;
3667 	struct atmel_private *priv = netdev_priv(dev);
3668 	u8 addr[ETH_ALEN] = {};
3669 
3670 	/* reset pccard */
3671 	if (priv->bus_type == BUS_TYPE_PCCARD)
3672 		atmel_write16(dev, GCR, 0x0060);
3673 
3674 	atmel_write16(dev, GCR, 0x0040);
3675 	msleep(500);
3676 
3677 	if (atmel_read16(dev, MR2) == 0) {
3678 		/* No stored firmware so load a small stub which just
3679 		   tells us the MAC address */
3680 		int i;
3681 		priv->card_type = CARD_TYPE_EEPROM;
3682 		atmel_write16(dev, BSR, BSS_IRAM);
3683 		atmel_copy_to_card(dev, 0, mac_reader, sizeof(mac_reader));
3684 		atmel_set_gcr(dev, GCR_REMAP);
3685 		atmel_clear_gcr(priv->dev, 0x0040);
3686 		atmel_write16(dev, BSR, BSS_SRAM);
3687 		for (i = LOOP_RETRY_LIMIT; i; i--)
3688 			if (atmel_read16(dev, MR3) & MAC_BOOT_COMPLETE)
3689 				break;
3690 		if (i == 0) {
3691 			printk(KERN_ALERT "%s: MAC failed to boot MAC address reader.\n", dev->name);
3692 		} else {
3693 
3694 			atmel_copy_to_host(dev, addr, atmel_read16(dev, MR2), 6);
3695 			eth_hw_addr_set(dev, addr);
3696 			/* got address, now squash it again until the network
3697 			   interface is opened */
3698 			if (priv->bus_type == BUS_TYPE_PCCARD)
3699 				atmel_write16(dev, GCR, 0x0060);
3700 			atmel_write16(dev, GCR, 0x0040);
3701 			rc = 1;
3702 		}
3703 	} else if (atmel_read16(dev, MR4) == 0) {
3704 		/* Mac address easy in this case. */
3705 		priv->card_type = CARD_TYPE_PARALLEL_FLASH;
3706 		atmel_write16(dev,  BSR, 1);
3707 		atmel_copy_to_host(dev, addr, 0xc000, 6);
3708 		eth_hw_addr_set(dev, addr);
3709 		atmel_write16(dev,  BSR, 0x200);
3710 		rc = 1;
3711 	} else {
3712 		/* Standard firmware in flash, boot it up and ask
3713 		   for the Mac Address */
3714 		priv->card_type = CARD_TYPE_SPI_FLASH;
3715 		if (atmel_wakeup_firmware(priv) == 0) {
3716 			atmel_get_mib(priv, Mac_Address_Mib_Type, 0, addr, 6);
3717 			eth_hw_addr_set(dev, addr);
3718 
3719 			/* got address, now squash it again until the network
3720 			   interface is opened */
3721 			if (priv->bus_type == BUS_TYPE_PCCARD)
3722 				atmel_write16(dev, GCR, 0x0060);
3723 			atmel_write16(dev, GCR, 0x0040);
3724 			rc = 1;
3725 		}
3726 	}
3727 
3728 	if (rc) {
3729 		if (dev->dev_addr[0] == 0xFF) {
3730 			static const u8 default_mac[] = {
3731 				0x00, 0x04, 0x25, 0x00, 0x00, 0x00
3732 			};
3733 			printk(KERN_ALERT "%s: *** Invalid MAC address. UPGRADE Firmware ****\n", dev->name);
3734 			eth_hw_addr_set(dev, default_mac);
3735 		}
3736 	}
3737 
3738 	return rc;
3739 }
3740 
3741 /* Move the encyption information on the MIB structure.
3742    This routine is for the pre-WPA firmware: later firmware has
3743    a different format MIB and a different routine. */
3744 static void build_wep_mib(struct atmel_private *priv)
3745 {
3746 	struct { /* NB this is matched to the hardware, don't change. */
3747 		u8 wep_is_on;
3748 		u8 default_key; /* 0..3 */
3749 		u8 reserved;
3750 		u8 exclude_unencrypted;
3751 
3752 		u32 WEPICV_error_count;
3753 		u32 WEP_excluded_count;
3754 
3755 		u8 wep_keys[MAX_ENCRYPTION_KEYS][13];
3756 		u8 encryption_level; /* 0, 1, 2 */
3757 		u8 reserved2[3];
3758 	} mib;
3759 	int i;
3760 
3761 	mib.wep_is_on = priv->wep_is_on;
3762 	if (priv->wep_is_on) {
3763 		if (priv->wep_key_len[priv->default_key] > 5)
3764 			mib.encryption_level = 2;
3765 		else
3766 			mib.encryption_level = 1;
3767 	} else {
3768 		mib.encryption_level = 0;
3769 	}
3770 
3771 	mib.default_key = priv->default_key;
3772 	mib.exclude_unencrypted = priv->exclude_unencrypted;
3773 
3774 	for (i = 0; i < MAX_ENCRYPTION_KEYS; i++)
3775 		memcpy(mib.wep_keys[i], priv->wep_keys[i], 13);
3776 
3777 	atmel_set_mib(priv, Mac_Wep_Mib_Type, 0, (u8 *)&mib, sizeof(mib));
3778 }
3779 
3780 static void build_wpa_mib(struct atmel_private *priv)
3781 {
3782 	/* This is for the later (WPA enabled) firmware. */
3783 
3784 	struct { /* NB this is matched to the hardware, don't change. */
3785 		u8 cipher_default_key_value[MAX_ENCRYPTION_KEYS][MAX_ENCRYPTION_KEY_SIZE];
3786 		u8 receiver_address[ETH_ALEN];
3787 		u8 wep_is_on;
3788 		u8 default_key; /* 0..3 */
3789 		u8 group_key;
3790 		u8 exclude_unencrypted;
3791 		u8 encryption_type;
3792 		u8 reserved;
3793 
3794 		u32 WEPICV_error_count;
3795 		u32 WEP_excluded_count;
3796 
3797 		u8 key_RSC[4][8];
3798 	} mib;
3799 
3800 	int i;
3801 
3802 	mib.wep_is_on = priv->wep_is_on;
3803 	mib.exclude_unencrypted = priv->exclude_unencrypted;
3804 	memcpy(mib.receiver_address, priv->CurrentBSSID, ETH_ALEN);
3805 
3806 	/* zero all the keys before adding in valid ones. */
3807 	memset(mib.cipher_default_key_value, 0, sizeof(mib.cipher_default_key_value));
3808 
3809 	if (priv->wep_is_on) {
3810 		/* There's a comment in the Atmel code to the effect that this
3811 		   is only valid when still using WEP, it may need to be set to
3812 		   something to use WPA */
3813 		memset(mib.key_RSC, 0, sizeof(mib.key_RSC));
3814 
3815 		mib.default_key = mib.group_key = 255;
3816 		for (i = 0; i < MAX_ENCRYPTION_KEYS; i++) {
3817 			if (priv->wep_key_len[i] > 0) {
3818 				memcpy(mib.cipher_default_key_value[i], priv->wep_keys[i], MAX_ENCRYPTION_KEY_SIZE);
3819 				if (i == priv->default_key) {
3820 					mib.default_key = i;
3821 					mib.cipher_default_key_value[i][MAX_ENCRYPTION_KEY_SIZE-1] = 7;
3822 					mib.cipher_default_key_value[i][MAX_ENCRYPTION_KEY_SIZE-2] = priv->pairwise_cipher_suite;
3823 				} else {
3824 					mib.group_key = i;
3825 					priv->group_cipher_suite = priv->pairwise_cipher_suite;
3826 					mib.cipher_default_key_value[i][MAX_ENCRYPTION_KEY_SIZE-1] = 1;
3827 					mib.cipher_default_key_value[i][MAX_ENCRYPTION_KEY_SIZE-2] = priv->group_cipher_suite;
3828 				}
3829 			}
3830 		}
3831 		if (mib.default_key == 255)
3832 			mib.default_key = mib.group_key != 255 ? mib.group_key : 0;
3833 		if (mib.group_key == 255)
3834 			mib.group_key = mib.default_key;
3835 
3836 	}
3837 
3838 	atmel_set_mib(priv, Mac_Wep_Mib_Type, 0, (u8 *)&mib, sizeof(mib));
3839 }
3840 
3841 static int reset_atmel_card(struct net_device *dev)
3842 {
3843 	/* do everything necessary to wake up the hardware, including
3844 	   waiting for the lightning strike and throwing the knife switch....
3845 
3846 	   set all the Mib values which matter in the card to match
3847 	   their settings in the atmel_private structure. Some of these
3848 	   can be altered on the fly, but many (WEP, infrastructure or ad-hoc)
3849 	   can only be changed by tearing down the world and coming back through
3850 	   here.
3851 
3852 	   This routine is also responsible for initialising some
3853 	   hardware-specific fields in the atmel_private structure,
3854 	   including a copy of the firmware's hostinfo structure
3855 	   which is the route into the rest of the firmware datastructures. */
3856 
3857 	struct atmel_private *priv = netdev_priv(dev);
3858 	u8 configuration;
3859 	int old_state = priv->station_state;
3860 	int err = 0;
3861 
3862 	/* data to add to the firmware names, in priority order
3863 	   this implemenents firmware versioning */
3864 
3865 	static char *firmware_modifier[] = {
3866 		"-wpa",
3867 		"",
3868 		NULL
3869 	};
3870 
3871 	/* reset pccard */
3872 	if (priv->bus_type == BUS_TYPE_PCCARD)
3873 		atmel_write16(priv->dev, GCR, 0x0060);
3874 
3875 	/* stop card , disable interrupts */
3876 	atmel_write16(priv->dev, GCR, 0x0040);
3877 
3878 	if (priv->card_type == CARD_TYPE_EEPROM) {
3879 		/* copy in firmware if needed */
3880 		const struct firmware *fw_entry = NULL;
3881 		const unsigned char *fw;
3882 		int len = priv->firmware_length;
3883 		if (!(fw = priv->firmware)) {
3884 			if (priv->firmware_type == ATMEL_FW_TYPE_NONE) {
3885 				if (strlen(priv->firmware_id) == 0) {
3886 					printk(KERN_INFO
3887 					       "%s: card type is unknown: assuming at76c502 firmware is OK.\n",
3888 					       dev->name);
3889 					printk(KERN_INFO
3890 					       "%s: if not, use the firmware= module parameter.\n",
3891 					       dev->name);
3892 					strcpy(priv->firmware_id, "atmel_at76c502.bin");
3893 				}
3894 				err = request_firmware(&fw_entry, priv->firmware_id, priv->sys_dev);
3895 				if (err != 0) {
3896 					printk(KERN_ALERT
3897 					       "%s: firmware %s is missing, cannot continue.\n",
3898 					       dev->name, priv->firmware_id);
3899 					return err;
3900 				}
3901 			} else {
3902 				int fw_index = 0;
3903 				int success = 0;
3904 
3905 				/* get firmware filename entry based on firmware type ID */
3906 				while (fw_table[fw_index].fw_type != priv->firmware_type
3907 						&& fw_table[fw_index].fw_type != ATMEL_FW_TYPE_NONE)
3908 					fw_index++;
3909 
3910 				/* construct the actual firmware file name */
3911 				if (fw_table[fw_index].fw_type != ATMEL_FW_TYPE_NONE) {
3912 					int i;
3913 					for (i = 0; firmware_modifier[i]; i++) {
3914 						snprintf(priv->firmware_id, 32, "%s%s.%s", fw_table[fw_index].fw_file,
3915 							firmware_modifier[i], fw_table[fw_index].fw_file_ext);
3916 						priv->firmware_id[31] = '\0';
3917 						if (request_firmware(&fw_entry, priv->firmware_id, priv->sys_dev) == 0) {
3918 							success = 1;
3919 							break;
3920 						}
3921 					}
3922 				}
3923 				if (!success) {
3924 					printk(KERN_ALERT
3925 					       "%s: firmware %s is missing, cannot start.\n",
3926 					       dev->name, priv->firmware_id);
3927 					priv->firmware_id[0] = '\0';
3928 					return -ENOENT;
3929 				}
3930 			}
3931 
3932 			fw = fw_entry->data;
3933 			len = fw_entry->size;
3934 		}
3935 
3936 		if (len <= 0x6000) {
3937 			atmel_write16(priv->dev, BSR, BSS_IRAM);
3938 			atmel_copy_to_card(priv->dev, 0, fw, len);
3939 			atmel_set_gcr(priv->dev, GCR_REMAP);
3940 		} else {
3941 			/* Remap */
3942 			atmel_set_gcr(priv->dev, GCR_REMAP);
3943 			atmel_write16(priv->dev, BSR, BSS_IRAM);
3944 			atmel_copy_to_card(priv->dev, 0, fw, 0x6000);
3945 			atmel_write16(priv->dev, BSR, 0x2ff);
3946 			atmel_copy_to_card(priv->dev, 0x8000, &fw[0x6000], len - 0x6000);
3947 		}
3948 
3949 		release_firmware(fw_entry);
3950 	}
3951 
3952 	err = atmel_wakeup_firmware(priv);
3953 	if (err != 0)
3954 		return err;
3955 
3956 	/* Check the version and set the correct flag for wpa stuff,
3957 	   old and new firmware is incompatible.
3958 	   The pre-wpa 3com firmware reports major version 5,
3959 	   the wpa 3com firmware is major version 4 and doesn't need
3960 	   the 3com broken-ness filter. */
3961 	priv->use_wpa = (priv->host_info.major_version == 4);
3962 	priv->radio_on_broken = (priv->host_info.major_version == 5);
3963 
3964 	/* unmask all irq sources */
3965 	atmel_wmem8(priv, atmel_hi(priv, IFACE_INT_MASK_OFFSET), 0xff);
3966 
3967 	/* int Tx system and enable Tx */
3968 	atmel_wmem8(priv, atmel_tx(priv, TX_DESC_FLAGS_OFFSET, 0), 0);
3969 	atmel_wmem32(priv, atmel_tx(priv, TX_DESC_NEXT_OFFSET, 0), 0x80000000L);
3970 	atmel_wmem16(priv, atmel_tx(priv, TX_DESC_POS_OFFSET, 0), 0);
3971 	atmel_wmem16(priv, atmel_tx(priv, TX_DESC_SIZE_OFFSET, 0), 0);
3972 
3973 	priv->tx_desc_free = priv->host_info.tx_desc_count;
3974 	priv->tx_desc_head = 0;
3975 	priv->tx_desc_tail = 0;
3976 	priv->tx_desc_previous = 0;
3977 	priv->tx_free_mem = priv->host_info.tx_buff_size;
3978 	priv->tx_buff_head = 0;
3979 	priv->tx_buff_tail = 0;
3980 
3981 	configuration = atmel_rmem8(priv, atmel_hi(priv, IFACE_FUNC_CTRL_OFFSET));
3982 	atmel_wmem8(priv, atmel_hi(priv, IFACE_FUNC_CTRL_OFFSET),
3983 				   configuration | FUNC_CTRL_TxENABLE);
3984 
3985 	/* init Rx system and enable */
3986 	priv->rx_desc_head = 0;
3987 
3988 	configuration = atmel_rmem8(priv, atmel_hi(priv, IFACE_FUNC_CTRL_OFFSET));
3989 	atmel_wmem8(priv, atmel_hi(priv, IFACE_FUNC_CTRL_OFFSET),
3990 				   configuration | FUNC_CTRL_RxENABLE);
3991 
3992 	if (!priv->radio_on_broken) {
3993 		if (atmel_send_command_wait(priv, CMD_EnableRadio, NULL, 0) ==
3994 		    CMD_STATUS_REJECTED_RADIO_OFF) {
3995 			printk(KERN_INFO "%s: cannot turn the radio on.\n",
3996 			       dev->name);
3997 			return -EIO;
3998 		}
3999 	}
4000 
4001 	/* set up enough MIB values to run. */
4002 	atmel_set_mib8(priv, Local_Mib_Type, LOCAL_MIB_AUTO_TX_RATE_POS, priv->auto_tx_rate);
4003 	atmel_set_mib8(priv, Local_Mib_Type,  LOCAL_MIB_TX_PROMISCUOUS_POS,  PROM_MODE_OFF);
4004 	atmel_set_mib16(priv, Mac_Mib_Type, MAC_MIB_RTS_THRESHOLD_POS, priv->rts_threshold);
4005 	atmel_set_mib16(priv, Mac_Mib_Type, MAC_MIB_FRAG_THRESHOLD_POS, priv->frag_threshold);
4006 	atmel_set_mib8(priv, Mac_Mib_Type, MAC_MIB_SHORT_RETRY_POS, priv->short_retry);
4007 	atmel_set_mib8(priv, Mac_Mib_Type, MAC_MIB_LONG_RETRY_POS, priv->long_retry);
4008 	atmel_set_mib8(priv, Local_Mib_Type, LOCAL_MIB_PREAMBLE_TYPE, priv->preamble);
4009 	atmel_set_mib(priv, Mac_Address_Mib_Type, MAC_ADDR_MIB_MAC_ADDR_POS,
4010 		      priv->dev->dev_addr, 6);
4011 	atmel_set_mib8(priv, Mac_Mgmt_Mib_Type, MAC_MGMT_MIB_PS_MODE_POS, ACTIVE_MODE);
4012 	atmel_set_mib16(priv, Mac_Mgmt_Mib_Type, MAC_MGMT_MIB_LISTEN_INTERVAL_POS, 1);
4013 	atmel_set_mib16(priv, Mac_Mgmt_Mib_Type, MAC_MGMT_MIB_BEACON_PER_POS, priv->default_beacon_period);
4014 	atmel_set_mib(priv, Phy_Mib_Type, PHY_MIB_RATE_SET_POS, atmel_basic_rates, 4);
4015 	atmel_set_mib8(priv, Mac_Mgmt_Mib_Type, MAC_MGMT_MIB_CUR_PRIVACY_POS, priv->wep_is_on);
4016 	if (priv->use_wpa)
4017 		build_wpa_mib(priv);
4018 	else
4019 		build_wep_mib(priv);
4020 
4021 	if (old_state == STATION_STATE_READY) {
4022 		union iwreq_data wrqu;
4023 
4024 		wrqu.data.length = 0;
4025 		wrqu.data.flags = 0;
4026 		wrqu.ap_addr.sa_family = ARPHRD_ETHER;
4027 		eth_zero_addr(wrqu.ap_addr.sa_data);
4028 		wireless_send_event(priv->dev, SIOCGIWAP, &wrqu, NULL);
4029 	}
4030 
4031 	return 0;
4032 }
4033 
4034 static void atmel_send_command(struct atmel_private *priv, int command,
4035 			       void *cmd, int cmd_size)
4036 {
4037 	if (cmd)
4038 		atmel_copy_to_card(priv->dev, atmel_co(priv, CMD_BLOCK_PARAMETERS_OFFSET),
4039 				   cmd, cmd_size);
4040 
4041 	atmel_wmem8(priv, atmel_co(priv, CMD_BLOCK_COMMAND_OFFSET), command);
4042 	atmel_wmem8(priv, atmel_co(priv, CMD_BLOCK_STATUS_OFFSET), 0);
4043 }
4044 
4045 static int atmel_send_command_wait(struct atmel_private *priv, int command,
4046 				   void *cmd, int cmd_size)
4047 {
4048 	int i, status;
4049 
4050 	atmel_send_command(priv, command, cmd, cmd_size);
4051 
4052 	for (i = 5000; i; i--) {
4053 		status = atmel_rmem8(priv, atmel_co(priv, CMD_BLOCK_STATUS_OFFSET));
4054 		if (status != CMD_STATUS_IDLE &&
4055 		    status != CMD_STATUS_IN_PROGRESS)
4056 			break;
4057 		udelay(20);
4058 	}
4059 
4060 	if (i == 0) {
4061 		printk(KERN_ALERT "%s: failed to contact MAC.\n", priv->dev->name);
4062 		status =  CMD_STATUS_HOST_ERROR;
4063 	} else {
4064 		if (command != CMD_EnableRadio)
4065 			status = CMD_STATUS_COMPLETE;
4066 	}
4067 
4068 	return status;
4069 }
4070 
4071 static u8 atmel_get_mib8(struct atmel_private *priv, u8 type, u8 index)
4072 {
4073 	struct get_set_mib m;
4074 	m.type = type;
4075 	m.size = 1;
4076 	m.index = index;
4077 
4078 	atmel_send_command_wait(priv, CMD_Get_MIB_Vars, &m, MIB_HEADER_SIZE + 1);
4079 	return atmel_rmem8(priv, atmel_co(priv, CMD_BLOCK_PARAMETERS_OFFSET + MIB_HEADER_SIZE));
4080 }
4081 
4082 static void atmel_set_mib8(struct atmel_private *priv, u8 type, u8 index, u8 data)
4083 {
4084 	struct get_set_mib m;
4085 	m.type = type;
4086 	m.size = 1;
4087 	m.index = index;
4088 	m.data[0] = data;
4089 
4090 	atmel_send_command_wait(priv, CMD_Set_MIB_Vars, &m, MIB_HEADER_SIZE + 1);
4091 }
4092 
4093 static void atmel_set_mib16(struct atmel_private *priv, u8 type, u8 index,
4094 			    u16 data)
4095 {
4096 	struct get_set_mib m;
4097 	m.type = type;
4098 	m.size = 2;
4099 	m.index = index;
4100 	m.data[0] = data;
4101 	m.data[1] = data >> 8;
4102 
4103 	atmel_send_command_wait(priv, CMD_Set_MIB_Vars, &m, MIB_HEADER_SIZE + 2);
4104 }
4105 
4106 static void atmel_set_mib(struct atmel_private *priv, u8 type, u8 index,
4107 			  const u8 *data, int data_len)
4108 {
4109 	struct get_set_mib m;
4110 	m.type = type;
4111 	m.size = data_len;
4112 	m.index = index;
4113 
4114 	if (data_len > MIB_MAX_DATA_BYTES)
4115 		printk(KERN_ALERT "%s: MIB buffer too small.\n", priv->dev->name);
4116 
4117 	memcpy(m.data, data, data_len);
4118 	atmel_send_command_wait(priv, CMD_Set_MIB_Vars, &m, MIB_HEADER_SIZE + data_len);
4119 }
4120 
4121 static void atmel_get_mib(struct atmel_private *priv, u8 type, u8 index,
4122 			  u8 *data, int data_len)
4123 {
4124 	struct get_set_mib m;
4125 	m.type = type;
4126 	m.size = data_len;
4127 	m.index = index;
4128 
4129 	if (data_len > MIB_MAX_DATA_BYTES)
4130 		printk(KERN_ALERT "%s: MIB buffer too small.\n", priv->dev->name);
4131 
4132 	atmel_send_command_wait(priv, CMD_Get_MIB_Vars, &m, MIB_HEADER_SIZE + data_len);
4133 	atmel_copy_to_host(priv->dev, data,
4134 			   atmel_co(priv, CMD_BLOCK_PARAMETERS_OFFSET + MIB_HEADER_SIZE), data_len);
4135 }
4136 
4137 static void atmel_writeAR(struct net_device *dev, u16 data)
4138 {
4139 	int i;
4140 	outw(data, dev->base_addr + AR);
4141 	/* Address register appears to need some convincing..... */
4142 	for (i = 0; data != inw(dev->base_addr + AR) && i < 10; i++)
4143 		outw(data, dev->base_addr + AR);
4144 }
4145 
4146 static void atmel_copy_to_card(struct net_device *dev, u16 dest,
4147 			       const unsigned char *src, u16 len)
4148 {
4149 	int i;
4150 	atmel_writeAR(dev, dest);
4151 	if (dest % 2) {
4152 		atmel_write8(dev, DR, *src);
4153 		src++; len--;
4154 	}
4155 	for (i = len; i > 1 ; i -= 2) {
4156 		u8 lb = *src++;
4157 		u8 hb = *src++;
4158 		atmel_write16(dev, DR, lb | (hb << 8));
4159 	}
4160 	if (i)
4161 		atmel_write8(dev, DR, *src);
4162 }
4163 
4164 static void atmel_copy_to_host(struct net_device *dev, unsigned char *dest,
4165 			       u16 src, u16 len)
4166 {
4167 	int i;
4168 	atmel_writeAR(dev, src);
4169 	if (src % 2) {
4170 		*dest = atmel_read8(dev, DR);
4171 		dest++; len--;
4172 	}
4173 	for (i = len; i > 1 ; i -= 2) {
4174 		u16 hw = atmel_read16(dev, DR);
4175 		*dest++ = hw;
4176 		*dest++ = hw >> 8;
4177 	}
4178 	if (i)
4179 		*dest = atmel_read8(dev, DR);
4180 }
4181 
4182 static void atmel_set_gcr(struct net_device *dev, u16 mask)
4183 {
4184 	outw(inw(dev->base_addr + GCR) | mask, dev->base_addr + GCR);
4185 }
4186 
4187 static void atmel_clear_gcr(struct net_device *dev, u16 mask)
4188 {
4189 	outw(inw(dev->base_addr + GCR) & ~mask, dev->base_addr + GCR);
4190 }
4191 
4192 static int atmel_lock_mac(struct atmel_private *priv)
4193 {
4194 	int i, j = 20;
4195  retry:
4196 	for (i = 5000; i; i--) {
4197 		if (!atmel_rmem8(priv, atmel_hi(priv, IFACE_LOCKOUT_HOST_OFFSET)))
4198 			break;
4199 		udelay(20);
4200 	}
4201 
4202 	if (!i)
4203 		return 0; /* timed out */
4204 
4205 	atmel_wmem8(priv, atmel_hi(priv, IFACE_LOCKOUT_MAC_OFFSET), 1);
4206 	if (atmel_rmem8(priv, atmel_hi(priv, IFACE_LOCKOUT_HOST_OFFSET))) {
4207 		atmel_wmem8(priv, atmel_hi(priv, IFACE_LOCKOUT_MAC_OFFSET), 0);
4208 		if (!j--)
4209 			return 0; /* timed out */
4210 		goto retry;
4211 	}
4212 
4213 	return 1;
4214 }
4215 
4216 static void atmel_wmem32(struct atmel_private *priv, u16 pos, u32 data)
4217 {
4218 	atmel_writeAR(priv->dev, pos);
4219 	atmel_write16(priv->dev, DR, data); /* card is little-endian */
4220 	atmel_write16(priv->dev, DR, data >> 16);
4221 }
4222 
4223 /***************************************************************************/
4224 /* There follows the source form of the MAC address reading firmware       */
4225 /***************************************************************************/
4226 #if 0
4227 
4228 /* Copyright 2003 Matthew T. Russotto                                      */
4229 /* But derived from the Atmel 76C502 firmware written by Atmel and         */
4230 /* included in "atmel wireless lan drivers" package                        */
4231 /*
4232     This file is part of net.russotto.AtmelMACFW, hereto referred to
4233     as AtmelMACFW
4234 
4235     AtmelMACFW is free software; you can redistribute it and/or modify
4236     it under the terms of the GNU General Public License version 2
4237     as published by the Free Software Foundation.
4238 
4239     AtmelMACFW is distributed in the hope that it will be useful,
4240     but WITHOUT ANY WARRANTY; without even the implied warranty of
4241     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
4242     GNU General Public License for more details.
4243 
4244     You should have received a copy of the GNU General Public License
4245     along with AtmelMACFW; if not, see <http://www.gnu.org/licenses/>.
4246 
4247 ****************************************************************************/
4248 /* This firmware should work on the 76C502 RFMD, RFMD_D, and RFMD_E        */
4249 /* It will probably work on the 76C504 and 76C502 RFMD_3COM                */
4250 /* It only works on SPI EEPROM versions of the card.                       */
4251 
4252 /* This firmware initializes the SPI controller and clock, reads the MAC   */
4253 /* address from the EEPROM into SRAM, and puts the SRAM offset of the MAC  */
4254 /* address in MR2, and sets MR3 to 0x10 to indicate it is done             */
4255 /* It also puts a complete copy of the EEPROM in SRAM with the offset in   */
4256 /* MR4, for investigational purposes (maybe we can determine chip type     */
4257 /* from that?)                                                             */
4258 
4259 	.org 0
4260     .set MRBASE, 0x8000000
4261 	.set CPSR_INITIAL, 0xD3 /* IRQ/FIQ disabled, ARM mode, Supervisor state */
4262 	.set CPSR_USER, 0xD1 /* IRQ/FIQ disabled, ARM mode, USER state */
4263 	.set SRAM_BASE,  0x02000000
4264 	.set SP_BASE,    0x0F300000
4265 	.set UNK_BASE,   0x0F000000 /* Some internal device, but which one? */
4266 	.set SPI_CGEN_BASE,  0x0E000000 /* Some internal device, but which one? */
4267 	.set UNK3_BASE,  0x02014000 /* Some internal device, but which one? */
4268 	.set STACK_BASE, 0x5600
4269 	.set SP_SR, 0x10
4270 	.set SP_TDRE, 2 /* status register bit -- TDR empty */
4271 	.set SP_RDRF, 1 /* status register bit -- RDR full */
4272 	.set SP_SWRST, 0x80
4273 	.set SP_SPIEN, 0x1
4274 	.set SP_CR, 0   /* control register */
4275 	.set SP_MR, 4   /* mode register */
4276 	.set SP_RDR, 0x08 /* Read Data Register */
4277 	.set SP_TDR, 0x0C /* Transmit Data Register */
4278 	.set SP_CSR0, 0x30 /* chip select registers */
4279 	.set SP_CSR1, 0x34
4280 	.set SP_CSR2, 0x38
4281 	.set SP_CSR3, 0x3C
4282 	.set NVRAM_CMD_RDSR, 5 /* read status register */
4283 	.set NVRAM_CMD_READ, 3 /* read data */
4284 	.set NVRAM_SR_RDY, 1 /* RDY bit.  This bit is inverted */
4285 	.set SPI_8CLOCKS, 0xFF /* Writing this to the TDR doesn't do anything to the
4286 				  serial output, since SO is normally high.  But it
4287 				  does cause 8 clock cycles and thus 8 bits to be
4288 				  clocked in to the chip.  See Atmel's SPI
4289 				  controller (e.g. AT91M55800) timing and 4K
4290 				  SPI EEPROM manuals */
4291 
4292 	.set NVRAM_SCRATCH, 0x02000100  /* arbitrary area for scratchpad memory */
4293 	.set NVRAM_IMAGE, 0x02000200
4294 	.set NVRAM_LENGTH, 0x0200
4295 	.set MAC_ADDRESS_MIB, SRAM_BASE
4296 	.set MAC_ADDRESS_LENGTH, 6
4297 	.set MAC_BOOT_FLAG, 0x10
4298 	.set MR1, 0
4299 	.set MR2, 4
4300 	.set MR3, 8
4301 	.set MR4, 0xC
4302 RESET_VECTOR:
4303 	b RESET_HANDLER
4304 UNDEF_VECTOR:
4305 	b HALT1
4306 SWI_VECTOR:
4307 	b HALT1
4308 IABORT_VECTOR:
4309 	b HALT1
4310 DABORT_VECTOR:
4311 RESERVED_VECTOR:
4312 	b HALT1
4313 IRQ_VECTOR:
4314 	b HALT1
4315 FIQ_VECTOR:
4316 	b HALT1
4317 HALT1:	b HALT1
4318 RESET_HANDLER:
4319 	mov     r0, #CPSR_INITIAL
4320 	msr	CPSR_c, r0	/* This is probably unnecessary */
4321 
4322 /* I'm guessing this is initializing clock generator electronics for SPI */
4323 	ldr	r0, =SPI_CGEN_BASE
4324 	mov	r1, #0
4325 	mov	r1, r1, lsl #3
4326 	orr	r1, r1, #0
4327 	str	r1, [r0]
4328 	ldr	r1, [r0, #28]
4329 	bic	r1, r1, #16
4330 	str	r1, [r0, #28]
4331 	mov	r1, #1
4332 	str	r1, [r0, #8]
4333 
4334 	ldr	r0, =MRBASE
4335 	mov	r1, #0
4336 	strh	r1, [r0, #MR1]
4337 	strh	r1, [r0, #MR2]
4338 	strh	r1, [r0, #MR3]
4339 	strh	r1, [r0, #MR4]
4340 
4341 	mov	sp, #STACK_BASE
4342 	bl	SP_INIT
4343 	mov	r0, #10
4344 	bl	DELAY9
4345 	bl	GET_MAC_ADDR
4346 	bl	GET_WHOLE_NVRAM
4347 	ldr	r0, =MRBASE
4348 	ldr	r1, =MAC_ADDRESS_MIB
4349 	strh	r1, [r0, #MR2]
4350 	ldr	r1, =NVRAM_IMAGE
4351 	strh	r1, [r0, #MR4]
4352 	mov	r1, #MAC_BOOT_FLAG
4353 	strh	r1, [r0, #MR3]
4354 HALT2:	b HALT2
4355 .func Get_Whole_NVRAM, GET_WHOLE_NVRAM
4356 GET_WHOLE_NVRAM:
4357 	stmdb	sp!, {lr}
4358 	mov	r2, #0 /* 0th bytes of NVRAM */
4359 	mov	r3, #NVRAM_LENGTH
4360 	mov	r1, #0		/* not used in routine */
4361 	ldr	r0, =NVRAM_IMAGE
4362 	bl	NVRAM_XFER
4363 	ldmia	sp!, {lr}
4364 	bx	lr
4365 .endfunc
4366 
4367 .func Get_MAC_Addr, GET_MAC_ADDR
4368 GET_MAC_ADDR:
4369 	stmdb	sp!, {lr}
4370 	mov	r2, #0x120	/* address of MAC Address within NVRAM */
4371 	mov	r3, #MAC_ADDRESS_LENGTH
4372 	mov	r1, #0		/* not used in routine */
4373 	ldr	r0, =MAC_ADDRESS_MIB
4374 	bl	NVRAM_XFER
4375 	ldmia	sp!, {lr}
4376 	bx	lr
4377 .endfunc
4378 .ltorg
4379 .func Delay9, DELAY9
4380 DELAY9:
4381 	adds	r0, r0, r0, LSL #3   /* r0 = r0 * 9 */
4382 DELAYLOOP:
4383 	beq	DELAY9_done
4384 	subs	r0, r0, #1
4385 	b	DELAYLOOP
4386 DELAY9_done:
4387 	bx	lr
4388 .endfunc
4389 
4390 .func SP_Init, SP_INIT
4391 SP_INIT:
4392 	mov	r1, #SP_SWRST
4393 	ldr	r0, =SP_BASE
4394 	str	r1, [r0, #SP_CR] /* reset the SPI */
4395 	mov	r1, #0
4396 	str	r1, [r0, #SP_CR] /* release SPI from reset state */
4397 	mov	r1, #SP_SPIEN
4398 	str	r1, [r0, #SP_MR] /* set the SPI to MASTER mode*/
4399 	str	r1, [r0, #SP_CR] /* enable the SPI */
4400 
4401 /*  My guess would be this turns on the SPI clock */
4402 	ldr	r3, =SPI_CGEN_BASE
4403 	ldr	r1, [r3, #28]
4404 	orr	r1, r1, #0x2000
4405 	str	r1, [r3, #28]
4406 
4407 	ldr	r1, =0x2000c01
4408 	str	r1, [r0, #SP_CSR0]
4409 	ldr	r1, =0x2000201
4410 	str	r1, [r0, #SP_CSR1]
4411 	str	r1, [r0, #SP_CSR2]
4412 	str	r1, [r0, #SP_CSR3]
4413 	ldr	r1, [r0, #SP_SR]
4414 	ldr	r0, [r0, #SP_RDR]
4415 	bx	lr
4416 .endfunc
4417 .func NVRAM_Init, NVRAM_INIT
4418 NVRAM_INIT:
4419 	ldr	r1, =SP_BASE
4420 	ldr	r0, [r1, #SP_RDR]
4421 	mov	r0, #NVRAM_CMD_RDSR
4422 	str	r0, [r1, #SP_TDR]
4423 SP_loop1:
4424 	ldr	r0, [r1, #SP_SR]
4425 	tst	r0, #SP_TDRE
4426 	beq	SP_loop1
4427 
4428 	mov	r0, #SPI_8CLOCKS
4429 	str	r0, [r1, #SP_TDR]
4430 SP_loop2:
4431 	ldr	r0, [r1, #SP_SR]
4432 	tst	r0, #SP_TDRE
4433 	beq	SP_loop2
4434 
4435 	ldr	r0, [r1, #SP_RDR]
4436 SP_loop3:
4437 	ldr	r0, [r1, #SP_SR]
4438 	tst	r0, #SP_RDRF
4439 	beq	SP_loop3
4440 
4441 	ldr	r0, [r1, #SP_RDR]
4442 	and	r0, r0, #255
4443 	bx	lr
4444 .endfunc
4445 
4446 .func NVRAM_Xfer, NVRAM_XFER
4447 	/* r0 = dest address */
4448 	/* r1 = not used */
4449 	/* r2 = src address within NVRAM */
4450 	/* r3 = length */
4451 NVRAM_XFER:
4452 	stmdb	sp!, {r4, r5, lr}
4453 	mov	r5, r0		/* save r0 (dest address) */
4454 	mov	r4, r3		/* save r3 (length) */
4455 	mov	r0, r2, LSR #5 /*  SPI memories put A8 in the command field */
4456 	and	r0, r0, #8
4457 	add	r0, r0, #NVRAM_CMD_READ
4458 	ldr	r1, =NVRAM_SCRATCH
4459 	strb	r0, [r1, #0]	/* save command in NVRAM_SCRATCH[0] */
4460 	strb	r2, [r1, #1]    /* save low byte of source address in NVRAM_SCRATCH[1] */
4461 _local1:
4462 	bl	NVRAM_INIT
4463 	tst	r0, #NVRAM_SR_RDY
4464 	bne	_local1
4465 	mov	r0, #20
4466 	bl	DELAY9
4467 	mov	r2, r4		/* length */
4468 	mov	r1, r5		/* dest address */
4469 	mov	r0, #2		/* bytes to transfer in command */
4470 	bl	NVRAM_XFER2
4471 	ldmia	sp!, {r4, r5, lr}
4472 	bx	lr
4473 .endfunc
4474 
4475 .func NVRAM_Xfer2, NVRAM_XFER2
4476 NVRAM_XFER2:
4477 	stmdb	sp!, {r4, r5, r6, lr}
4478 	ldr	r4, =SP_BASE
4479 	mov	r3, #0
4480 	cmp	r0, #0
4481 	bls	_local2
4482 	ldr	r5, =NVRAM_SCRATCH
4483 _local4:
4484 	ldrb	r6, [r5, r3]
4485 	str	r6, [r4, #SP_TDR]
4486 _local3:
4487 	ldr	r6, [r4, #SP_SR]
4488 	tst	r6, #SP_TDRE
4489 	beq	_local3
4490 	add	r3, r3, #1
4491 	cmp	r3, r0 /* r0 is # of bytes to send out (command+addr) */
4492 	blo	_local4
4493 _local2:
4494 	mov	r3, #SPI_8CLOCKS
4495 	str	r3, [r4, #SP_TDR]
4496 	ldr	r0, [r4, #SP_RDR]
4497 _local5:
4498 	ldr	r0, [r4, #SP_SR]
4499 	tst	r0, #SP_RDRF
4500 	beq	_local5
4501 	ldr	r0, [r4, #SP_RDR] /* what's this byte?  It's the byte read while writing the TDR -- nonsense, because the NVRAM doesn't read and write at the same time */
4502 	mov	r0, #0
4503 	cmp	r2, #0  /* r2 is # of bytes to copy in */
4504 	bls	_local6
4505 _local7:
4506 	ldr	r5, [r4, #SP_SR]
4507 	tst	r5, #SP_TDRE
4508 	beq	_local7
4509 	str	r3, [r4, #SP_TDR]  /* r3 has SPI_8CLOCKS */
4510 _local8:
4511 	ldr	r5, [r4, #SP_SR]
4512 	tst	r5, #SP_RDRF
4513 	beq	_local8
4514 	ldr	r5, [r4, #SP_RDR] /* but didn't we read this byte above? */
4515 	strb	r5, [r1], #1 /* postindexed */
4516 	add	r0, r0, #1
4517 	cmp	r0, r2
4518 	blo	_local7 /* since we don't send another address, the NVRAM must be capable of sequential reads */
4519 _local6:
4520 	mov	r0, #200
4521 	bl	DELAY9
4522 	ldmia	sp!, {r4, r5, r6, lr}
4523 	bx	lr
4524 #endif
4525