1 // SPDX-License-Identifier: GPL-2.0-or-later
2 /*
3 
4   Broadcom B43 wireless driver
5 
6   Copyright (c) 2005 Martin Langer <martin-langer@gmx.de>
7   Copyright (c) 2005 Stefano Brivio <stefano.brivio@polimi.it>
8   Copyright (c) 2005-2009 Michael Buesch <m@bues.ch>
9   Copyright (c) 2005 Danny van Dyk <kugelfang@gentoo.org>
10   Copyright (c) 2005 Andreas Jaggi <andreas.jaggi@waterwave.ch>
11   Copyright (c) 2010-2011 Rafał Miłecki <zajec5@gmail.com>
12 
13   SDIO support
14   Copyright (c) 2009 Albert Herranz <albert_herranz@yahoo.es>
15 
16   Some parts of the code in this file are derived from the ipw2200
17   driver  Copyright(c) 2003 - 2004 Intel Corporation.
18 
19 
20 */
21 
22 #include <linux/delay.h>
23 #include <linux/init.h>
24 #include <linux/module.h>
25 #include <linux/if_arp.h>
26 #include <linux/etherdevice.h>
27 #include <linux/firmware.h>
28 #include <linux/workqueue.h>
29 #include <linux/skbuff.h>
30 #include <linux/io.h>
31 #include <linux/dma-mapping.h>
32 #include <linux/slab.h>
33 #include <asm/unaligned.h>
34 
35 #include "b43.h"
36 #include "main.h"
37 #include "debugfs.h"
38 #include "phy_common.h"
39 #include "phy_g.h"
40 #include "phy_n.h"
41 #include "dma.h"
42 #include "pio.h"
43 #include "sysfs.h"
44 #include "xmit.h"
45 #include "lo.h"
46 #include "sdio.h"
47 #include <linux/mmc/sdio_func.h>
48 
49 MODULE_DESCRIPTION("Broadcom B43 wireless driver");
50 MODULE_AUTHOR("Martin Langer");
51 MODULE_AUTHOR("Stefano Brivio");
52 MODULE_AUTHOR("Michael Buesch");
53 MODULE_AUTHOR("Gábor Stefanik");
54 MODULE_AUTHOR("Rafał Miłecki");
55 MODULE_LICENSE("GPL");
56 
57 MODULE_FIRMWARE("b43/ucode11.fw");
58 MODULE_FIRMWARE("b43/ucode13.fw");
59 MODULE_FIRMWARE("b43/ucode14.fw");
60 MODULE_FIRMWARE("b43/ucode15.fw");
61 MODULE_FIRMWARE("b43/ucode16_lp.fw");
62 MODULE_FIRMWARE("b43/ucode16_mimo.fw");
63 MODULE_FIRMWARE("b43/ucode24_lcn.fw");
64 MODULE_FIRMWARE("b43/ucode25_lcn.fw");
65 MODULE_FIRMWARE("b43/ucode25_mimo.fw");
66 MODULE_FIRMWARE("b43/ucode26_mimo.fw");
67 MODULE_FIRMWARE("b43/ucode29_mimo.fw");
68 MODULE_FIRMWARE("b43/ucode33_lcn40.fw");
69 MODULE_FIRMWARE("b43/ucode30_mimo.fw");
70 MODULE_FIRMWARE("b43/ucode5.fw");
71 MODULE_FIRMWARE("b43/ucode40.fw");
72 MODULE_FIRMWARE("b43/ucode42.fw");
73 MODULE_FIRMWARE("b43/ucode9.fw");
74 
75 static int modparam_bad_frames_preempt;
76 module_param_named(bad_frames_preempt, modparam_bad_frames_preempt, int, 0444);
77 MODULE_PARM_DESC(bad_frames_preempt,
78 		 "enable(1) / disable(0) Bad Frames Preemption");
79 
80 static char modparam_fwpostfix[16];
81 module_param_string(fwpostfix, modparam_fwpostfix, 16, 0444);
82 MODULE_PARM_DESC(fwpostfix, "Postfix for the .fw files to load.");
83 
84 static int modparam_hwpctl;
85 module_param_named(hwpctl, modparam_hwpctl, int, 0444);
86 MODULE_PARM_DESC(hwpctl, "Enable hardware-side power control (default off)");
87 
88 static int modparam_nohwcrypt;
89 module_param_named(nohwcrypt, modparam_nohwcrypt, int, 0444);
90 MODULE_PARM_DESC(nohwcrypt, "Disable hardware encryption.");
91 
92 static int modparam_hwtkip;
93 module_param_named(hwtkip, modparam_hwtkip, int, 0444);
94 MODULE_PARM_DESC(hwtkip, "Enable hardware tkip.");
95 
96 static int modparam_qos = 1;
97 module_param_named(qos, modparam_qos, int, 0444);
98 MODULE_PARM_DESC(qos, "Enable QOS support (default on)");
99 
100 static int modparam_btcoex = 1;
101 module_param_named(btcoex, modparam_btcoex, int, 0444);
102 MODULE_PARM_DESC(btcoex, "Enable Bluetooth coexistence (default on)");
103 
104 int b43_modparam_verbose = B43_VERBOSITY_DEFAULT;
105 module_param_named(verbose, b43_modparam_verbose, int, 0644);
106 MODULE_PARM_DESC(verbose, "Log message verbosity: 0=error, 1=warn, 2=info(default), 3=debug");
107 
108 static int b43_modparam_pio;
109 module_param_named(pio, b43_modparam_pio, int, 0644);
110 MODULE_PARM_DESC(pio, "Use PIO accesses by default: 0=DMA, 1=PIO");
111 
112 static int modparam_allhwsupport = !IS_ENABLED(CONFIG_BRCMSMAC);
113 module_param_named(allhwsupport, modparam_allhwsupport, int, 0444);
114 MODULE_PARM_DESC(allhwsupport, "Enable support for all hardware (even it if overlaps with the brcmsmac driver)");
115 
116 #ifdef CONFIG_B43_BCMA
117 static const struct bcma_device_id b43_bcma_tbl[] = {
118 	BCMA_CORE(BCMA_MANUF_BCM, BCMA_CORE_80211, 0x11, BCMA_ANY_CLASS),
119 	BCMA_CORE(BCMA_MANUF_BCM, BCMA_CORE_80211, 0x15, BCMA_ANY_CLASS),
120 	BCMA_CORE(BCMA_MANUF_BCM, BCMA_CORE_80211, 0x17, BCMA_ANY_CLASS),
121 	BCMA_CORE(BCMA_MANUF_BCM, BCMA_CORE_80211, 0x18, BCMA_ANY_CLASS),
122 	BCMA_CORE(BCMA_MANUF_BCM, BCMA_CORE_80211, 0x1C, BCMA_ANY_CLASS),
123 	BCMA_CORE(BCMA_MANUF_BCM, BCMA_CORE_80211, 0x1D, BCMA_ANY_CLASS),
124 	BCMA_CORE(BCMA_MANUF_BCM, BCMA_CORE_80211, 0x1E, BCMA_ANY_CLASS),
125 	BCMA_CORE(BCMA_MANUF_BCM, BCMA_CORE_80211, 0x28, BCMA_ANY_CLASS),
126 	BCMA_CORE(BCMA_MANUF_BCM, BCMA_CORE_80211, 0x2A, BCMA_ANY_CLASS),
127 	{},
128 };
129 MODULE_DEVICE_TABLE(bcma, b43_bcma_tbl);
130 #endif
131 
132 #ifdef CONFIG_B43_SSB
133 static const struct ssb_device_id b43_ssb_tbl[] = {
134 	SSB_DEVICE(SSB_VENDOR_BROADCOM, SSB_DEV_80211, 5),
135 	SSB_DEVICE(SSB_VENDOR_BROADCOM, SSB_DEV_80211, 6),
136 	SSB_DEVICE(SSB_VENDOR_BROADCOM, SSB_DEV_80211, 7),
137 	SSB_DEVICE(SSB_VENDOR_BROADCOM, SSB_DEV_80211, 9),
138 	SSB_DEVICE(SSB_VENDOR_BROADCOM, SSB_DEV_80211, 10),
139 	SSB_DEVICE(SSB_VENDOR_BROADCOM, SSB_DEV_80211, 11),
140 	SSB_DEVICE(SSB_VENDOR_BROADCOM, SSB_DEV_80211, 12),
141 	SSB_DEVICE(SSB_VENDOR_BROADCOM, SSB_DEV_80211, 13),
142 	SSB_DEVICE(SSB_VENDOR_BROADCOM, SSB_DEV_80211, 15),
143 	SSB_DEVICE(SSB_VENDOR_BROADCOM, SSB_DEV_80211, 16),
144 	{},
145 };
146 MODULE_DEVICE_TABLE(ssb, b43_ssb_tbl);
147 #endif
148 
149 /* Channel and ratetables are shared for all devices.
150  * They can't be const, because ieee80211 puts some precalculated
151  * data in there. This data is the same for all devices, so we don't
152  * get concurrency issues */
153 #define RATETAB_ENT(_rateid, _flags) \
154 	{								\
155 		.bitrate	= B43_RATE_TO_BASE100KBPS(_rateid),	\
156 		.hw_value	= (_rateid),				\
157 		.flags		= (_flags),				\
158 	}
159 
160 /*
161  * NOTE: When changing this, sync with xmit.c's
162  *	 b43_plcp_get_bitrate_idx_* functions!
163  */
164 static struct ieee80211_rate __b43_ratetable[] = {
165 	RATETAB_ENT(B43_CCK_RATE_1MB, 0),
166 	RATETAB_ENT(B43_CCK_RATE_2MB, IEEE80211_RATE_SHORT_PREAMBLE),
167 	RATETAB_ENT(B43_CCK_RATE_5MB, IEEE80211_RATE_SHORT_PREAMBLE),
168 	RATETAB_ENT(B43_CCK_RATE_11MB, IEEE80211_RATE_SHORT_PREAMBLE),
169 	RATETAB_ENT(B43_OFDM_RATE_6MB, 0),
170 	RATETAB_ENT(B43_OFDM_RATE_9MB, 0),
171 	RATETAB_ENT(B43_OFDM_RATE_12MB, 0),
172 	RATETAB_ENT(B43_OFDM_RATE_18MB, 0),
173 	RATETAB_ENT(B43_OFDM_RATE_24MB, 0),
174 	RATETAB_ENT(B43_OFDM_RATE_36MB, 0),
175 	RATETAB_ENT(B43_OFDM_RATE_48MB, 0),
176 	RATETAB_ENT(B43_OFDM_RATE_54MB, 0),
177 };
178 
179 #define b43_a_ratetable		(__b43_ratetable + 4)
180 #define b43_a_ratetable_size	8
181 #define b43_b_ratetable		(__b43_ratetable + 0)
182 #define b43_b_ratetable_size	4
183 #define b43_g_ratetable		(__b43_ratetable + 0)
184 #define b43_g_ratetable_size	12
185 
186 #define CHAN2G(_channel, _freq, _flags) {			\
187 	.band			= NL80211_BAND_2GHZ,		\
188 	.center_freq		= (_freq),			\
189 	.hw_value		= (_channel),			\
190 	.flags			= (_flags),			\
191 	.max_antenna_gain	= 0,				\
192 	.max_power		= 30,				\
193 }
194 static struct ieee80211_channel b43_2ghz_chantable[] = {
195 	CHAN2G(1, 2412, 0),
196 	CHAN2G(2, 2417, 0),
197 	CHAN2G(3, 2422, 0),
198 	CHAN2G(4, 2427, 0),
199 	CHAN2G(5, 2432, 0),
200 	CHAN2G(6, 2437, 0),
201 	CHAN2G(7, 2442, 0),
202 	CHAN2G(8, 2447, 0),
203 	CHAN2G(9, 2452, 0),
204 	CHAN2G(10, 2457, 0),
205 	CHAN2G(11, 2462, 0),
206 	CHAN2G(12, 2467, 0),
207 	CHAN2G(13, 2472, 0),
208 	CHAN2G(14, 2484, 0),
209 };
210 
211 /* No support for the last 3 channels (12, 13, 14) */
212 #define b43_2ghz_chantable_limited_size		11
213 #undef CHAN2G
214 
215 #define CHAN4G(_channel, _flags) {				\
216 	.band			= NL80211_BAND_5GHZ,		\
217 	.center_freq		= 4000 + (5 * (_channel)),	\
218 	.hw_value		= (_channel),			\
219 	.flags			= (_flags),			\
220 	.max_antenna_gain	= 0,				\
221 	.max_power		= 30,				\
222 }
223 #define CHAN5G(_channel, _flags) {				\
224 	.band			= NL80211_BAND_5GHZ,		\
225 	.center_freq		= 5000 + (5 * (_channel)),	\
226 	.hw_value		= (_channel),			\
227 	.flags			= (_flags),			\
228 	.max_antenna_gain	= 0,				\
229 	.max_power		= 30,				\
230 }
231 static struct ieee80211_channel b43_5ghz_nphy_chantable[] = {
232 	CHAN4G(184, 0),		CHAN4G(186, 0),
233 	CHAN4G(188, 0),		CHAN4G(190, 0),
234 	CHAN4G(192, 0),		CHAN4G(194, 0),
235 	CHAN4G(196, 0),		CHAN4G(198, 0),
236 	CHAN4G(200, 0),		CHAN4G(202, 0),
237 	CHAN4G(204, 0),		CHAN4G(206, 0),
238 	CHAN4G(208, 0),		CHAN4G(210, 0),
239 	CHAN4G(212, 0),		CHAN4G(214, 0),
240 	CHAN4G(216, 0),		CHAN4G(218, 0),
241 	CHAN4G(220, 0),		CHAN4G(222, 0),
242 	CHAN4G(224, 0),		CHAN4G(226, 0),
243 	CHAN4G(228, 0),
244 	CHAN5G(32, 0),		CHAN5G(34, 0),
245 	CHAN5G(36, 0),		CHAN5G(38, 0),
246 	CHAN5G(40, 0),		CHAN5G(42, 0),
247 	CHAN5G(44, 0),		CHAN5G(46, 0),
248 	CHAN5G(48, 0),		CHAN5G(50, 0),
249 	CHAN5G(52, 0),		CHAN5G(54, 0),
250 	CHAN5G(56, 0),		CHAN5G(58, 0),
251 	CHAN5G(60, 0),		CHAN5G(62, 0),
252 	CHAN5G(64, 0),		CHAN5G(66, 0),
253 	CHAN5G(68, 0),		CHAN5G(70, 0),
254 	CHAN5G(72, 0),		CHAN5G(74, 0),
255 	CHAN5G(76, 0),		CHAN5G(78, 0),
256 	CHAN5G(80, 0),		CHAN5G(82, 0),
257 	CHAN5G(84, 0),		CHAN5G(86, 0),
258 	CHAN5G(88, 0),		CHAN5G(90, 0),
259 	CHAN5G(92, 0),		CHAN5G(94, 0),
260 	CHAN5G(96, 0),		CHAN5G(98, 0),
261 	CHAN5G(100, 0),		CHAN5G(102, 0),
262 	CHAN5G(104, 0),		CHAN5G(106, 0),
263 	CHAN5G(108, 0),		CHAN5G(110, 0),
264 	CHAN5G(112, 0),		CHAN5G(114, 0),
265 	CHAN5G(116, 0),		CHAN5G(118, 0),
266 	CHAN5G(120, 0),		CHAN5G(122, 0),
267 	CHAN5G(124, 0),		CHAN5G(126, 0),
268 	CHAN5G(128, 0),		CHAN5G(130, 0),
269 	CHAN5G(132, 0),		CHAN5G(134, 0),
270 	CHAN5G(136, 0),		CHAN5G(138, 0),
271 	CHAN5G(140, 0),		CHAN5G(142, 0),
272 	CHAN5G(144, 0),		CHAN5G(145, 0),
273 	CHAN5G(146, 0),		CHAN5G(147, 0),
274 	CHAN5G(148, 0),		CHAN5G(149, 0),
275 	CHAN5G(150, 0),		CHAN5G(151, 0),
276 	CHAN5G(152, 0),		CHAN5G(153, 0),
277 	CHAN5G(154, 0),		CHAN5G(155, 0),
278 	CHAN5G(156, 0),		CHAN5G(157, 0),
279 	CHAN5G(158, 0),		CHAN5G(159, 0),
280 	CHAN5G(160, 0),		CHAN5G(161, 0),
281 	CHAN5G(162, 0),		CHAN5G(163, 0),
282 	CHAN5G(164, 0),		CHAN5G(165, 0),
283 	CHAN5G(166, 0),		CHAN5G(168, 0),
284 	CHAN5G(170, 0),		CHAN5G(172, 0),
285 	CHAN5G(174, 0),		CHAN5G(176, 0),
286 	CHAN5G(178, 0),		CHAN5G(180, 0),
287 	CHAN5G(182, 0),
288 };
289 
290 static struct ieee80211_channel b43_5ghz_nphy_chantable_limited[] = {
291 	CHAN5G(36, 0),		CHAN5G(40, 0),
292 	CHAN5G(44, 0),		CHAN5G(48, 0),
293 	CHAN5G(149, 0),		CHAN5G(153, 0),
294 	CHAN5G(157, 0),		CHAN5G(161, 0),
295 	CHAN5G(165, 0),
296 };
297 
298 static struct ieee80211_channel b43_5ghz_aphy_chantable[] = {
299 	CHAN5G(34, 0),		CHAN5G(36, 0),
300 	CHAN5G(38, 0),		CHAN5G(40, 0),
301 	CHAN5G(42, 0),		CHAN5G(44, 0),
302 	CHAN5G(46, 0),		CHAN5G(48, 0),
303 	CHAN5G(52, 0),		CHAN5G(56, 0),
304 	CHAN5G(60, 0),		CHAN5G(64, 0),
305 	CHAN5G(100, 0),		CHAN5G(104, 0),
306 	CHAN5G(108, 0),		CHAN5G(112, 0),
307 	CHAN5G(116, 0),		CHAN5G(120, 0),
308 	CHAN5G(124, 0),		CHAN5G(128, 0),
309 	CHAN5G(132, 0),		CHAN5G(136, 0),
310 	CHAN5G(140, 0),		CHAN5G(149, 0),
311 	CHAN5G(153, 0),		CHAN5G(157, 0),
312 	CHAN5G(161, 0),		CHAN5G(165, 0),
313 	CHAN5G(184, 0),		CHAN5G(188, 0),
314 	CHAN5G(192, 0),		CHAN5G(196, 0),
315 	CHAN5G(200, 0),		CHAN5G(204, 0),
316 	CHAN5G(208, 0),		CHAN5G(212, 0),
317 	CHAN5G(216, 0),
318 };
319 #undef CHAN4G
320 #undef CHAN5G
321 
322 static struct ieee80211_supported_band b43_band_5GHz_nphy = {
323 	.band		= NL80211_BAND_5GHZ,
324 	.channels	= b43_5ghz_nphy_chantable,
325 	.n_channels	= ARRAY_SIZE(b43_5ghz_nphy_chantable),
326 	.bitrates	= b43_a_ratetable,
327 	.n_bitrates	= b43_a_ratetable_size,
328 };
329 
330 static struct ieee80211_supported_band b43_band_5GHz_nphy_limited = {
331 	.band		= NL80211_BAND_5GHZ,
332 	.channels	= b43_5ghz_nphy_chantable_limited,
333 	.n_channels	= ARRAY_SIZE(b43_5ghz_nphy_chantable_limited),
334 	.bitrates	= b43_a_ratetable,
335 	.n_bitrates	= b43_a_ratetable_size,
336 };
337 
338 static struct ieee80211_supported_band b43_band_5GHz_aphy = {
339 	.band		= NL80211_BAND_5GHZ,
340 	.channels	= b43_5ghz_aphy_chantable,
341 	.n_channels	= ARRAY_SIZE(b43_5ghz_aphy_chantable),
342 	.bitrates	= b43_a_ratetable,
343 	.n_bitrates	= b43_a_ratetable_size,
344 };
345 
346 static struct ieee80211_supported_band b43_band_2GHz = {
347 	.band		= NL80211_BAND_2GHZ,
348 	.channels	= b43_2ghz_chantable,
349 	.n_channels	= ARRAY_SIZE(b43_2ghz_chantable),
350 	.bitrates	= b43_g_ratetable,
351 	.n_bitrates	= b43_g_ratetable_size,
352 };
353 
354 static struct ieee80211_supported_band b43_band_2ghz_limited = {
355 	.band		= NL80211_BAND_2GHZ,
356 	.channels	= b43_2ghz_chantable,
357 	.n_channels	= b43_2ghz_chantable_limited_size,
358 	.bitrates	= b43_g_ratetable,
359 	.n_bitrates	= b43_g_ratetable_size,
360 };
361 
362 static void b43_wireless_core_exit(struct b43_wldev *dev);
363 static int b43_wireless_core_init(struct b43_wldev *dev);
364 static struct b43_wldev * b43_wireless_core_stop(struct b43_wldev *dev);
365 static int b43_wireless_core_start(struct b43_wldev *dev);
366 static void b43_op_bss_info_changed(struct ieee80211_hw *hw,
367 				    struct ieee80211_vif *vif,
368 				    struct ieee80211_bss_conf *conf,
369 				    u64 changed);
370 
371 static int b43_ratelimit(struct b43_wl *wl)
372 {
373 	if (!wl || !wl->current_dev)
374 		return 1;
375 	if (b43_status(wl->current_dev) < B43_STAT_STARTED)
376 		return 1;
377 	/* We are up and running.
378 	 * Ratelimit the messages to avoid DoS over the net. */
379 	return net_ratelimit();
380 }
381 
382 void b43info(struct b43_wl *wl, const char *fmt, ...)
383 {
384 	struct va_format vaf;
385 	va_list args;
386 
387 	if (b43_modparam_verbose < B43_VERBOSITY_INFO)
388 		return;
389 	if (!b43_ratelimit(wl))
390 		return;
391 
392 	va_start(args, fmt);
393 
394 	vaf.fmt = fmt;
395 	vaf.va = &args;
396 
397 	printk(KERN_INFO "b43-%s: %pV",
398 	       (wl && wl->hw) ? wiphy_name(wl->hw->wiphy) : "wlan", &vaf);
399 
400 	va_end(args);
401 }
402 
403 void b43err(struct b43_wl *wl, const char *fmt, ...)
404 {
405 	struct va_format vaf;
406 	va_list args;
407 
408 	if (b43_modparam_verbose < B43_VERBOSITY_ERROR)
409 		return;
410 	if (!b43_ratelimit(wl))
411 		return;
412 
413 	va_start(args, fmt);
414 
415 	vaf.fmt = fmt;
416 	vaf.va = &args;
417 
418 	printk(KERN_ERR "b43-%s ERROR: %pV",
419 	       (wl && wl->hw) ? wiphy_name(wl->hw->wiphy) : "wlan", &vaf);
420 
421 	va_end(args);
422 }
423 
424 void b43warn(struct b43_wl *wl, const char *fmt, ...)
425 {
426 	struct va_format vaf;
427 	va_list args;
428 
429 	if (b43_modparam_verbose < B43_VERBOSITY_WARN)
430 		return;
431 	if (!b43_ratelimit(wl))
432 		return;
433 
434 	va_start(args, fmt);
435 
436 	vaf.fmt = fmt;
437 	vaf.va = &args;
438 
439 	printk(KERN_WARNING "b43-%s warning: %pV",
440 	       (wl && wl->hw) ? wiphy_name(wl->hw->wiphy) : "wlan", &vaf);
441 
442 	va_end(args);
443 }
444 
445 void b43dbg(struct b43_wl *wl, const char *fmt, ...)
446 {
447 	struct va_format vaf;
448 	va_list args;
449 
450 	if (b43_modparam_verbose < B43_VERBOSITY_DEBUG)
451 		return;
452 
453 	va_start(args, fmt);
454 
455 	vaf.fmt = fmt;
456 	vaf.va = &args;
457 
458 	printk(KERN_DEBUG "b43-%s debug: %pV",
459 	       (wl && wl->hw) ? wiphy_name(wl->hw->wiphy) : "wlan", &vaf);
460 
461 	va_end(args);
462 }
463 
464 static void b43_ram_write(struct b43_wldev *dev, u16 offset, u32 val)
465 {
466 	u32 macctl;
467 
468 	B43_WARN_ON(offset % 4 != 0);
469 
470 	macctl = b43_read32(dev, B43_MMIO_MACCTL);
471 	if (macctl & B43_MACCTL_BE)
472 		val = swab32(val);
473 
474 	b43_write32(dev, B43_MMIO_RAM_CONTROL, offset);
475 	b43_write32(dev, B43_MMIO_RAM_DATA, val);
476 }
477 
478 static inline void b43_shm_control_word(struct b43_wldev *dev,
479 					u16 routing, u16 offset)
480 {
481 	u32 control;
482 
483 	/* "offset" is the WORD offset. */
484 	control = routing;
485 	control <<= 16;
486 	control |= offset;
487 	b43_write32(dev, B43_MMIO_SHM_CONTROL, control);
488 }
489 
490 u32 b43_shm_read32(struct b43_wldev *dev, u16 routing, u16 offset)
491 {
492 	u32 ret;
493 
494 	if (routing == B43_SHM_SHARED) {
495 		B43_WARN_ON(offset & 0x0001);
496 		if (offset & 0x0003) {
497 			/* Unaligned access */
498 			b43_shm_control_word(dev, routing, offset >> 2);
499 			ret = b43_read16(dev, B43_MMIO_SHM_DATA_UNALIGNED);
500 			b43_shm_control_word(dev, routing, (offset >> 2) + 1);
501 			ret |= ((u32)b43_read16(dev, B43_MMIO_SHM_DATA)) << 16;
502 
503 			goto out;
504 		}
505 		offset >>= 2;
506 	}
507 	b43_shm_control_word(dev, routing, offset);
508 	ret = b43_read32(dev, B43_MMIO_SHM_DATA);
509 out:
510 	return ret;
511 }
512 
513 u16 b43_shm_read16(struct b43_wldev *dev, u16 routing, u16 offset)
514 {
515 	u16 ret;
516 
517 	if (routing == B43_SHM_SHARED) {
518 		B43_WARN_ON(offset & 0x0001);
519 		if (offset & 0x0003) {
520 			/* Unaligned access */
521 			b43_shm_control_word(dev, routing, offset >> 2);
522 			ret = b43_read16(dev, B43_MMIO_SHM_DATA_UNALIGNED);
523 
524 			goto out;
525 		}
526 		offset >>= 2;
527 	}
528 	b43_shm_control_word(dev, routing, offset);
529 	ret = b43_read16(dev, B43_MMIO_SHM_DATA);
530 out:
531 	return ret;
532 }
533 
534 void b43_shm_write32(struct b43_wldev *dev, u16 routing, u16 offset, u32 value)
535 {
536 	if (routing == B43_SHM_SHARED) {
537 		B43_WARN_ON(offset & 0x0001);
538 		if (offset & 0x0003) {
539 			/* Unaligned access */
540 			b43_shm_control_word(dev, routing, offset >> 2);
541 			b43_write16(dev, B43_MMIO_SHM_DATA_UNALIGNED,
542 				    value & 0xFFFF);
543 			b43_shm_control_word(dev, routing, (offset >> 2) + 1);
544 			b43_write16(dev, B43_MMIO_SHM_DATA,
545 				    (value >> 16) & 0xFFFF);
546 			return;
547 		}
548 		offset >>= 2;
549 	}
550 	b43_shm_control_word(dev, routing, offset);
551 	b43_write32(dev, B43_MMIO_SHM_DATA, value);
552 }
553 
554 void b43_shm_write16(struct b43_wldev *dev, u16 routing, u16 offset, u16 value)
555 {
556 	if (routing == B43_SHM_SHARED) {
557 		B43_WARN_ON(offset & 0x0001);
558 		if (offset & 0x0003) {
559 			/* Unaligned access */
560 			b43_shm_control_word(dev, routing, offset >> 2);
561 			b43_write16(dev, B43_MMIO_SHM_DATA_UNALIGNED, value);
562 			return;
563 		}
564 		offset >>= 2;
565 	}
566 	b43_shm_control_word(dev, routing, offset);
567 	b43_write16(dev, B43_MMIO_SHM_DATA, value);
568 }
569 
570 /* Read HostFlags */
571 u64 b43_hf_read(struct b43_wldev *dev)
572 {
573 	u64 ret;
574 
575 	ret = b43_shm_read16(dev, B43_SHM_SHARED, B43_SHM_SH_HOSTF3);
576 	ret <<= 16;
577 	ret |= b43_shm_read16(dev, B43_SHM_SHARED, B43_SHM_SH_HOSTF2);
578 	ret <<= 16;
579 	ret |= b43_shm_read16(dev, B43_SHM_SHARED, B43_SHM_SH_HOSTF1);
580 
581 	return ret;
582 }
583 
584 /* Write HostFlags */
585 void b43_hf_write(struct b43_wldev *dev, u64 value)
586 {
587 	u16 lo, mi, hi;
588 
589 	lo = (value & 0x00000000FFFFULL);
590 	mi = (value & 0x0000FFFF0000ULL) >> 16;
591 	hi = (value & 0xFFFF00000000ULL) >> 32;
592 	b43_shm_write16(dev, B43_SHM_SHARED, B43_SHM_SH_HOSTF1, lo);
593 	b43_shm_write16(dev, B43_SHM_SHARED, B43_SHM_SH_HOSTF2, mi);
594 	b43_shm_write16(dev, B43_SHM_SHARED, B43_SHM_SH_HOSTF3, hi);
595 }
596 
597 /* Read the firmware capabilities bitmask (Opensource firmware only) */
598 static u16 b43_fwcapa_read(struct b43_wldev *dev)
599 {
600 	B43_WARN_ON(!dev->fw.opensource);
601 	return b43_shm_read16(dev, B43_SHM_SHARED, B43_SHM_SH_FWCAPA);
602 }
603 
604 void b43_tsf_read(struct b43_wldev *dev, u64 *tsf)
605 {
606 	u32 low, high;
607 
608 	B43_WARN_ON(dev->dev->core_rev < 3);
609 
610 	/* The hardware guarantees us an atomic read, if we
611 	 * read the low register first. */
612 	low = b43_read32(dev, B43_MMIO_REV3PLUS_TSF_LOW);
613 	high = b43_read32(dev, B43_MMIO_REV3PLUS_TSF_HIGH);
614 
615 	*tsf = high;
616 	*tsf <<= 32;
617 	*tsf |= low;
618 }
619 
620 static void b43_time_lock(struct b43_wldev *dev)
621 {
622 	b43_maskset32(dev, B43_MMIO_MACCTL, ~0, B43_MACCTL_TBTTHOLD);
623 	/* Commit the write */
624 	b43_read32(dev, B43_MMIO_MACCTL);
625 }
626 
627 static void b43_time_unlock(struct b43_wldev *dev)
628 {
629 	b43_maskset32(dev, B43_MMIO_MACCTL, ~B43_MACCTL_TBTTHOLD, 0);
630 	/* Commit the write */
631 	b43_read32(dev, B43_MMIO_MACCTL);
632 }
633 
634 static void b43_tsf_write_locked(struct b43_wldev *dev, u64 tsf)
635 {
636 	u32 low, high;
637 
638 	B43_WARN_ON(dev->dev->core_rev < 3);
639 
640 	low = tsf;
641 	high = (tsf >> 32);
642 	/* The hardware guarantees us an atomic write, if we
643 	 * write the low register first. */
644 	b43_write32(dev, B43_MMIO_REV3PLUS_TSF_LOW, low);
645 	b43_write32(dev, B43_MMIO_REV3PLUS_TSF_HIGH, high);
646 }
647 
648 void b43_tsf_write(struct b43_wldev *dev, u64 tsf)
649 {
650 	b43_time_lock(dev);
651 	b43_tsf_write_locked(dev, tsf);
652 	b43_time_unlock(dev);
653 }
654 
655 static
656 void b43_macfilter_set(struct b43_wldev *dev, u16 offset, const u8 *mac)
657 {
658 	static const u8 zero_addr[ETH_ALEN] = { 0 };
659 	u16 data;
660 
661 	if (!mac)
662 		mac = zero_addr;
663 
664 	offset |= 0x0020;
665 	b43_write16(dev, B43_MMIO_MACFILTER_CONTROL, offset);
666 
667 	data = mac[0];
668 	data |= mac[1] << 8;
669 	b43_write16(dev, B43_MMIO_MACFILTER_DATA, data);
670 	data = mac[2];
671 	data |= mac[3] << 8;
672 	b43_write16(dev, B43_MMIO_MACFILTER_DATA, data);
673 	data = mac[4];
674 	data |= mac[5] << 8;
675 	b43_write16(dev, B43_MMIO_MACFILTER_DATA, data);
676 }
677 
678 static void b43_write_mac_bssid_templates(struct b43_wldev *dev)
679 {
680 	const u8 *mac;
681 	const u8 *bssid;
682 	u8 mac_bssid[ETH_ALEN * 2];
683 	int i;
684 	u32 tmp;
685 
686 	bssid = dev->wl->bssid;
687 	mac = dev->wl->mac_addr;
688 
689 	b43_macfilter_set(dev, B43_MACFILTER_BSSID, bssid);
690 
691 	memcpy(mac_bssid, mac, ETH_ALEN);
692 	memcpy(mac_bssid + ETH_ALEN, bssid, ETH_ALEN);
693 
694 	/* Write our MAC address and BSSID to template ram */
695 	for (i = 0; i < ARRAY_SIZE(mac_bssid); i += sizeof(u32)) {
696 		tmp = (u32) (mac_bssid[i + 0]);
697 		tmp |= (u32) (mac_bssid[i + 1]) << 8;
698 		tmp |= (u32) (mac_bssid[i + 2]) << 16;
699 		tmp |= (u32) (mac_bssid[i + 3]) << 24;
700 		b43_ram_write(dev, 0x20 + i, tmp);
701 	}
702 }
703 
704 static void b43_upload_card_macaddress(struct b43_wldev *dev)
705 {
706 	b43_write_mac_bssid_templates(dev);
707 	b43_macfilter_set(dev, B43_MACFILTER_SELF, dev->wl->mac_addr);
708 }
709 
710 static void b43_set_slot_time(struct b43_wldev *dev, u16 slot_time)
711 {
712 	/* slot_time is in usec. */
713 	/* This test used to exit for all but a G PHY. */
714 	if (b43_current_band(dev->wl) == NL80211_BAND_5GHZ)
715 		return;
716 	b43_write16(dev, B43_MMIO_IFSSLOT, 510 + slot_time);
717 	/* Shared memory location 0x0010 is the slot time and should be
718 	 * set to slot_time; however, this register is initially 0 and changing
719 	 * the value adversely affects the transmit rate for BCM4311
720 	 * devices. Until this behavior is unterstood, delete this step
721 	 *
722 	 * b43_shm_write16(dev, B43_SHM_SHARED, 0x0010, slot_time);
723 	 */
724 }
725 
726 static void b43_short_slot_timing_enable(struct b43_wldev *dev)
727 {
728 	b43_set_slot_time(dev, 9);
729 }
730 
731 static void b43_short_slot_timing_disable(struct b43_wldev *dev)
732 {
733 	b43_set_slot_time(dev, 20);
734 }
735 
736 /* DummyTransmission function, as documented on
737  * https://bcm-v4.sipsolutions.net/802.11/DummyTransmission
738  */
739 void b43_dummy_transmission(struct b43_wldev *dev, bool ofdm, bool pa_on)
740 {
741 	struct b43_phy *phy = &dev->phy;
742 	unsigned int i, max_loop;
743 	u16 value;
744 	u32 buffer[5] = {
745 		0x00000000,
746 		0x00D40000,
747 		0x00000000,
748 		0x01000000,
749 		0x00000000,
750 	};
751 
752 	if (ofdm) {
753 		max_loop = 0x1E;
754 		buffer[0] = 0x000201CC;
755 	} else {
756 		max_loop = 0xFA;
757 		buffer[0] = 0x000B846E;
758 	}
759 
760 	for (i = 0; i < 5; i++)
761 		b43_ram_write(dev, i * 4, buffer[i]);
762 
763 	b43_write16(dev, B43_MMIO_XMTSEL, 0x0000);
764 
765 	if (dev->dev->core_rev < 11)
766 		b43_write16(dev, B43_MMIO_WEPCTL, 0x0000);
767 	else
768 		b43_write16(dev, B43_MMIO_WEPCTL, 0x0100);
769 
770 	value = (ofdm ? 0x41 : 0x40);
771 	b43_write16(dev, B43_MMIO_TXE0_PHYCTL, value);
772 	if (phy->type == B43_PHYTYPE_N || phy->type == B43_PHYTYPE_LP ||
773 	    phy->type == B43_PHYTYPE_LCN)
774 		b43_write16(dev, B43_MMIO_TXE0_PHYCTL1, 0x1A02);
775 
776 	b43_write16(dev, B43_MMIO_TXE0_WM_0, 0x0000);
777 	b43_write16(dev, B43_MMIO_TXE0_WM_1, 0x0000);
778 
779 	b43_write16(dev, B43_MMIO_XMTTPLATETXPTR, 0x0000);
780 	b43_write16(dev, B43_MMIO_XMTTXCNT, 0x0014);
781 	b43_write16(dev, B43_MMIO_XMTSEL, 0x0826);
782 	b43_write16(dev, B43_MMIO_TXE0_CTL, 0x0000);
783 
784 	if (!pa_on && phy->type == B43_PHYTYPE_N) {
785 		; /*b43_nphy_pa_override(dev, false) */
786 	}
787 
788 	switch (phy->type) {
789 	case B43_PHYTYPE_N:
790 	case B43_PHYTYPE_LCN:
791 		b43_write16(dev, B43_MMIO_TXE0_AUX, 0x00D0);
792 		break;
793 	case B43_PHYTYPE_LP:
794 		b43_write16(dev, B43_MMIO_TXE0_AUX, 0x0050);
795 		break;
796 	default:
797 		b43_write16(dev, B43_MMIO_TXE0_AUX, 0x0030);
798 	}
799 	b43_read16(dev, B43_MMIO_TXE0_AUX);
800 
801 	if (phy->radio_ver == 0x2050 && phy->radio_rev <= 0x5)
802 		b43_radio_write16(dev, 0x0051, 0x0017);
803 	for (i = 0x00; i < max_loop; i++) {
804 		value = b43_read16(dev, B43_MMIO_TXE0_STATUS);
805 		if (value & 0x0080)
806 			break;
807 		udelay(10);
808 	}
809 	for (i = 0x00; i < 0x0A; i++) {
810 		value = b43_read16(dev, B43_MMIO_TXE0_STATUS);
811 		if (value & 0x0400)
812 			break;
813 		udelay(10);
814 	}
815 	for (i = 0x00; i < 0x19; i++) {
816 		value = b43_read16(dev, B43_MMIO_IFSSTAT);
817 		if (!(value & 0x0100))
818 			break;
819 		udelay(10);
820 	}
821 	if (phy->radio_ver == 0x2050 && phy->radio_rev <= 0x5)
822 		b43_radio_write16(dev, 0x0051, 0x0037);
823 }
824 
825 static void key_write(struct b43_wldev *dev,
826 		      u8 index, u8 algorithm, const u8 *key)
827 {
828 	unsigned int i;
829 	u32 offset;
830 	u16 value;
831 	u16 kidx;
832 
833 	/* Key index/algo block */
834 	kidx = b43_kidx_to_fw(dev, index);
835 	value = ((kidx << 4) | algorithm);
836 	b43_shm_write16(dev, B43_SHM_SHARED,
837 			B43_SHM_SH_KEYIDXBLOCK + (kidx * 2), value);
838 
839 	/* Write the key to the Key Table Pointer offset */
840 	offset = dev->ktp + (index * B43_SEC_KEYSIZE);
841 	for (i = 0; i < B43_SEC_KEYSIZE; i += 2) {
842 		value = key[i];
843 		value |= (u16) (key[i + 1]) << 8;
844 		b43_shm_write16(dev, B43_SHM_SHARED, offset + i, value);
845 	}
846 }
847 
848 static void keymac_write(struct b43_wldev *dev, u8 index, const u8 *addr)
849 {
850 	u32 addrtmp[2] = { 0, 0, };
851 	u8 pairwise_keys_start = B43_NR_GROUP_KEYS * 2;
852 
853 	if (b43_new_kidx_api(dev))
854 		pairwise_keys_start = B43_NR_GROUP_KEYS;
855 
856 	B43_WARN_ON(index < pairwise_keys_start);
857 	/* We have four default TX keys and possibly four default RX keys.
858 	 * Physical mac 0 is mapped to physical key 4 or 8, depending
859 	 * on the firmware version.
860 	 * So we must adjust the index here.
861 	 */
862 	index -= pairwise_keys_start;
863 	B43_WARN_ON(index >= B43_NR_PAIRWISE_KEYS);
864 
865 	if (addr) {
866 		addrtmp[0] = addr[0];
867 		addrtmp[0] |= ((u32) (addr[1]) << 8);
868 		addrtmp[0] |= ((u32) (addr[2]) << 16);
869 		addrtmp[0] |= ((u32) (addr[3]) << 24);
870 		addrtmp[1] = addr[4];
871 		addrtmp[1] |= ((u32) (addr[5]) << 8);
872 	}
873 
874 	/* Receive match transmitter address (RCMTA) mechanism */
875 	b43_shm_write32(dev, B43_SHM_RCMTA,
876 			(index * 2) + 0, addrtmp[0]);
877 	b43_shm_write16(dev, B43_SHM_RCMTA,
878 			(index * 2) + 1, addrtmp[1]);
879 }
880 
881 /* The ucode will use phase1 key with TEK key to decrypt rx packets.
882  * When a packet is received, the iv32 is checked.
883  * - if it doesn't the packet is returned without modification (and software
884  *   decryption can be done). That's what happen when iv16 wrap.
885  * - if it does, the rc4 key is computed, and decryption is tried.
886  *   Either it will success and B43_RX_MAC_DEC is returned,
887  *   either it fails and B43_RX_MAC_DEC|B43_RX_MAC_DECERR is returned
888  *   and the packet is not usable (it got modified by the ucode).
889  * So in order to never have B43_RX_MAC_DECERR, we should provide
890  * a iv32 and phase1key that match. Because we drop packets in case of
891  * B43_RX_MAC_DECERR, if we have a correct iv32 but a wrong phase1key, all
892  * packets will be lost without higher layer knowing (ie no resync possible
893  * until next wrap).
894  *
895  * NOTE : this should support 50 key like RCMTA because
896  * (B43_SHM_SH_KEYIDXBLOCK - B43_SHM_SH_TKIPTSCTTAK)/14 = 50
897  */
898 static void rx_tkip_phase1_write(struct b43_wldev *dev, u8 index, u32 iv32,
899 		u16 *phase1key)
900 {
901 	unsigned int i;
902 	u32 offset;
903 	u8 pairwise_keys_start = B43_NR_GROUP_KEYS * 2;
904 
905 	if (!modparam_hwtkip)
906 		return;
907 
908 	if (b43_new_kidx_api(dev))
909 		pairwise_keys_start = B43_NR_GROUP_KEYS;
910 
911 	B43_WARN_ON(index < pairwise_keys_start);
912 	/* We have four default TX keys and possibly four default RX keys.
913 	 * Physical mac 0 is mapped to physical key 4 or 8, depending
914 	 * on the firmware version.
915 	 * So we must adjust the index here.
916 	 */
917 	index -= pairwise_keys_start;
918 	B43_WARN_ON(index >= B43_NR_PAIRWISE_KEYS);
919 
920 	if (b43_debug(dev, B43_DBG_KEYS)) {
921 		b43dbg(dev->wl, "rx_tkip_phase1_write : idx 0x%x, iv32 0x%x\n",
922 				index, iv32);
923 	}
924 	/* Write the key to the  RX tkip shared mem */
925 	offset = B43_SHM_SH_TKIPTSCTTAK + index * (10 + 4);
926 	for (i = 0; i < 10; i += 2) {
927 		b43_shm_write16(dev, B43_SHM_SHARED, offset + i,
928 				phase1key ? phase1key[i / 2] : 0);
929 	}
930 	b43_shm_write16(dev, B43_SHM_SHARED, offset + i, iv32);
931 	b43_shm_write16(dev, B43_SHM_SHARED, offset + i + 2, iv32 >> 16);
932 }
933 
934 static void b43_op_update_tkip_key(struct ieee80211_hw *hw,
935 				   struct ieee80211_vif *vif,
936 				   struct ieee80211_key_conf *keyconf,
937 				   struct ieee80211_sta *sta,
938 				   u32 iv32, u16 *phase1key)
939 {
940 	struct b43_wl *wl = hw_to_b43_wl(hw);
941 	struct b43_wldev *dev;
942 	int index = keyconf->hw_key_idx;
943 
944 	if (B43_WARN_ON(!modparam_hwtkip))
945 		return;
946 
947 	/* This is only called from the RX path through mac80211, where
948 	 * our mutex is already locked. */
949 	B43_WARN_ON(!mutex_is_locked(&wl->mutex));
950 	dev = wl->current_dev;
951 	B43_WARN_ON(!dev || b43_status(dev) < B43_STAT_INITIALIZED);
952 
953 	keymac_write(dev, index, NULL);	/* First zero out mac to avoid race */
954 
955 	rx_tkip_phase1_write(dev, index, iv32, phase1key);
956 	/* only pairwise TKIP keys are supported right now */
957 	if (WARN_ON(!sta))
958 		return;
959 	keymac_write(dev, index, sta->addr);
960 }
961 
962 static void do_key_write(struct b43_wldev *dev,
963 			 u8 index, u8 algorithm,
964 			 const u8 *key, size_t key_len, const u8 *mac_addr)
965 {
966 	u8 buf[B43_SEC_KEYSIZE] = { 0, };
967 	u8 pairwise_keys_start = B43_NR_GROUP_KEYS * 2;
968 
969 	if (b43_new_kidx_api(dev))
970 		pairwise_keys_start = B43_NR_GROUP_KEYS;
971 
972 	B43_WARN_ON(index >= ARRAY_SIZE(dev->key));
973 	B43_WARN_ON(key_len > B43_SEC_KEYSIZE);
974 
975 	if (index >= pairwise_keys_start)
976 		keymac_write(dev, index, NULL);	/* First zero out mac. */
977 	if (algorithm == B43_SEC_ALGO_TKIP) {
978 		/*
979 		 * We should provide an initial iv32, phase1key pair.
980 		 * We could start with iv32=0 and compute the corresponding
981 		 * phase1key, but this means calling ieee80211_get_tkip_key
982 		 * with a fake skb (or export other tkip function).
983 		 * Because we are lazy we hope iv32 won't start with
984 		 * 0xffffffff and let's b43_op_update_tkip_key provide a
985 		 * correct pair.
986 		 */
987 		rx_tkip_phase1_write(dev, index, 0xffffffff, (u16*)buf);
988 	} else if (index >= pairwise_keys_start) /* clear it */
989 		rx_tkip_phase1_write(dev, index, 0, NULL);
990 	if (key)
991 		memcpy(buf, key, key_len);
992 	key_write(dev, index, algorithm, buf);
993 	if (index >= pairwise_keys_start)
994 		keymac_write(dev, index, mac_addr);
995 
996 	dev->key[index].algorithm = algorithm;
997 }
998 
999 static int b43_key_write(struct b43_wldev *dev,
1000 			 int index, u8 algorithm,
1001 			 const u8 *key, size_t key_len,
1002 			 const u8 *mac_addr,
1003 			 struct ieee80211_key_conf *keyconf)
1004 {
1005 	int i;
1006 	int pairwise_keys_start;
1007 
1008 	/* For ALG_TKIP the key is encoded as a 256-bit (32 byte) data block:
1009 	 * 	- Temporal Encryption Key (128 bits)
1010 	 * 	- Temporal Authenticator Tx MIC Key (64 bits)
1011 	 * 	- Temporal Authenticator Rx MIC Key (64 bits)
1012 	 *
1013 	 * 	Hardware only store TEK
1014 	 */
1015 	if (algorithm == B43_SEC_ALGO_TKIP && key_len == 32)
1016 		key_len = 16;
1017 	if (key_len > B43_SEC_KEYSIZE)
1018 		return -EINVAL;
1019 	for (i = 0; i < ARRAY_SIZE(dev->key); i++) {
1020 		/* Check that we don't already have this key. */
1021 		B43_WARN_ON(dev->key[i].keyconf == keyconf);
1022 	}
1023 	if (index < 0) {
1024 		/* Pairwise key. Get an empty slot for the key. */
1025 		if (b43_new_kidx_api(dev))
1026 			pairwise_keys_start = B43_NR_GROUP_KEYS;
1027 		else
1028 			pairwise_keys_start = B43_NR_GROUP_KEYS * 2;
1029 		for (i = pairwise_keys_start;
1030 		     i < pairwise_keys_start + B43_NR_PAIRWISE_KEYS;
1031 		     i++) {
1032 			B43_WARN_ON(i >= ARRAY_SIZE(dev->key));
1033 			if (!dev->key[i].keyconf) {
1034 				/* found empty */
1035 				index = i;
1036 				break;
1037 			}
1038 		}
1039 		if (index < 0) {
1040 			b43warn(dev->wl, "Out of hardware key memory\n");
1041 			return -ENOSPC;
1042 		}
1043 	} else
1044 		B43_WARN_ON(index > 3);
1045 
1046 	do_key_write(dev, index, algorithm, key, key_len, mac_addr);
1047 	if ((index <= 3) && !b43_new_kidx_api(dev)) {
1048 		/* Default RX key */
1049 		B43_WARN_ON(mac_addr);
1050 		do_key_write(dev, index + 4, algorithm, key, key_len, NULL);
1051 	}
1052 	keyconf->hw_key_idx = index;
1053 	dev->key[index].keyconf = keyconf;
1054 
1055 	return 0;
1056 }
1057 
1058 static int b43_key_clear(struct b43_wldev *dev, int index)
1059 {
1060 	if (B43_WARN_ON((index < 0) || (index >= ARRAY_SIZE(dev->key))))
1061 		return -EINVAL;
1062 	do_key_write(dev, index, B43_SEC_ALGO_NONE,
1063 		     NULL, B43_SEC_KEYSIZE, NULL);
1064 	if ((index <= 3) && !b43_new_kidx_api(dev)) {
1065 		do_key_write(dev, index + 4, B43_SEC_ALGO_NONE,
1066 			     NULL, B43_SEC_KEYSIZE, NULL);
1067 	}
1068 	dev->key[index].keyconf = NULL;
1069 
1070 	return 0;
1071 }
1072 
1073 static void b43_clear_keys(struct b43_wldev *dev)
1074 {
1075 	int i, count;
1076 
1077 	if (b43_new_kidx_api(dev))
1078 		count = B43_NR_GROUP_KEYS + B43_NR_PAIRWISE_KEYS;
1079 	else
1080 		count = B43_NR_GROUP_KEYS * 2 + B43_NR_PAIRWISE_KEYS;
1081 	for (i = 0; i < count; i++)
1082 		b43_key_clear(dev, i);
1083 }
1084 
1085 static void b43_dump_keymemory(struct b43_wldev *dev)
1086 {
1087 	unsigned int i, index, count, offset, pairwise_keys_start;
1088 	u8 mac[ETH_ALEN];
1089 	u16 algo;
1090 	u32 rcmta0;
1091 	u16 rcmta1;
1092 	u64 hf;
1093 	struct b43_key *key;
1094 
1095 	if (!b43_debug(dev, B43_DBG_KEYS))
1096 		return;
1097 
1098 	hf = b43_hf_read(dev);
1099 	b43dbg(dev->wl, "Hardware key memory dump:  USEDEFKEYS=%u\n",
1100 	       !!(hf & B43_HF_USEDEFKEYS));
1101 	if (b43_new_kidx_api(dev)) {
1102 		pairwise_keys_start = B43_NR_GROUP_KEYS;
1103 		count = B43_NR_GROUP_KEYS + B43_NR_PAIRWISE_KEYS;
1104 	} else {
1105 		pairwise_keys_start = B43_NR_GROUP_KEYS * 2;
1106 		count = B43_NR_GROUP_KEYS * 2 + B43_NR_PAIRWISE_KEYS;
1107 	}
1108 	for (index = 0; index < count; index++) {
1109 		key = &(dev->key[index]);
1110 		printk(KERN_DEBUG "Key slot %02u: %s",
1111 		       index, (key->keyconf == NULL) ? " " : "*");
1112 		offset = dev->ktp + (index * B43_SEC_KEYSIZE);
1113 		for (i = 0; i < B43_SEC_KEYSIZE; i += 2) {
1114 			u16 tmp = b43_shm_read16(dev, B43_SHM_SHARED, offset + i);
1115 			printk("%02X%02X", (tmp & 0xFF), ((tmp >> 8) & 0xFF));
1116 		}
1117 
1118 		algo = b43_shm_read16(dev, B43_SHM_SHARED,
1119 				      B43_SHM_SH_KEYIDXBLOCK + (index * 2));
1120 		printk("   Algo: %04X/%02X", algo, key->algorithm);
1121 
1122 		if (index >= pairwise_keys_start) {
1123 			if (key->algorithm == B43_SEC_ALGO_TKIP) {
1124 				printk("   TKIP: ");
1125 				offset = B43_SHM_SH_TKIPTSCTTAK + (index - 4) * (10 + 4);
1126 				for (i = 0; i < 14; i += 2) {
1127 					u16 tmp = b43_shm_read16(dev, B43_SHM_SHARED, offset + i);
1128 					printk("%02X%02X", (tmp & 0xFF), ((tmp >> 8) & 0xFF));
1129 				}
1130 			}
1131 			rcmta0 = b43_shm_read32(dev, B43_SHM_RCMTA,
1132 						((index - pairwise_keys_start) * 2) + 0);
1133 			rcmta1 = b43_shm_read16(dev, B43_SHM_RCMTA,
1134 						((index - pairwise_keys_start) * 2) + 1);
1135 			*((__le32 *)(&mac[0])) = cpu_to_le32(rcmta0);
1136 			*((__le16 *)(&mac[4])) = cpu_to_le16(rcmta1);
1137 			printk("   MAC: %pM", mac);
1138 		} else
1139 			printk("   DEFAULT KEY");
1140 		printk("\n");
1141 	}
1142 }
1143 
1144 void b43_power_saving_ctl_bits(struct b43_wldev *dev, unsigned int ps_flags)
1145 {
1146 	u32 macctl;
1147 	u16 ucstat;
1148 	bool hwps;
1149 	bool awake;
1150 	int i;
1151 
1152 	B43_WARN_ON((ps_flags & B43_PS_ENABLED) &&
1153 		    (ps_flags & B43_PS_DISABLED));
1154 	B43_WARN_ON((ps_flags & B43_PS_AWAKE) && (ps_flags & B43_PS_ASLEEP));
1155 
1156 	if (ps_flags & B43_PS_ENABLED) {
1157 		hwps = true;
1158 	} else if (ps_flags & B43_PS_DISABLED) {
1159 		hwps = false;
1160 	} else {
1161 		//TODO: If powersave is not off and FIXME is not set and we are not in adhoc
1162 		//      and thus is not an AP and we are associated, set bit 25
1163 	}
1164 	if (ps_flags & B43_PS_AWAKE) {
1165 		awake = true;
1166 	} else if (ps_flags & B43_PS_ASLEEP) {
1167 		awake = false;
1168 	} else {
1169 		//TODO: If the device is awake or this is an AP, or we are scanning, or FIXME,
1170 		//      or we are associated, or FIXME, or the latest PS-Poll packet sent was
1171 		//      successful, set bit26
1172 	}
1173 
1174 /* FIXME: For now we force awake-on and hwps-off */
1175 	hwps = false;
1176 	awake = true;
1177 
1178 	macctl = b43_read32(dev, B43_MMIO_MACCTL);
1179 	if (hwps)
1180 		macctl |= B43_MACCTL_HWPS;
1181 	else
1182 		macctl &= ~B43_MACCTL_HWPS;
1183 	if (awake)
1184 		macctl |= B43_MACCTL_AWAKE;
1185 	else
1186 		macctl &= ~B43_MACCTL_AWAKE;
1187 	b43_write32(dev, B43_MMIO_MACCTL, macctl);
1188 	/* Commit write */
1189 	b43_read32(dev, B43_MMIO_MACCTL);
1190 	if (awake && dev->dev->core_rev >= 5) {
1191 		/* Wait for the microcode to wake up. */
1192 		for (i = 0; i < 100; i++) {
1193 			ucstat = b43_shm_read16(dev, B43_SHM_SHARED,
1194 						B43_SHM_SH_UCODESTAT);
1195 			if (ucstat != B43_SHM_SH_UCODESTAT_SLEEP)
1196 				break;
1197 			udelay(10);
1198 		}
1199 	}
1200 }
1201 
1202 /* https://bcm-v4.sipsolutions.net/802.11/PHY/BmacCorePllReset */
1203 void b43_wireless_core_phy_pll_reset(struct b43_wldev *dev)
1204 {
1205 	struct bcma_drv_cc *bcma_cc __maybe_unused;
1206 	struct ssb_chipcommon *ssb_cc __maybe_unused;
1207 
1208 	switch (dev->dev->bus_type) {
1209 #ifdef CONFIG_B43_BCMA
1210 	case B43_BUS_BCMA:
1211 		bcma_cc = &dev->dev->bdev->bus->drv_cc;
1212 
1213 		bcma_cc_write32(bcma_cc, BCMA_CC_PMU_CHIPCTL_ADDR, 0);
1214 		bcma_cc_mask32(bcma_cc, BCMA_CC_PMU_CHIPCTL_DATA, ~0x4);
1215 		bcma_cc_set32(bcma_cc, BCMA_CC_PMU_CHIPCTL_DATA, 0x4);
1216 		bcma_cc_mask32(bcma_cc, BCMA_CC_PMU_CHIPCTL_DATA, ~0x4);
1217 		break;
1218 #endif
1219 #ifdef CONFIG_B43_SSB
1220 	case B43_BUS_SSB:
1221 		ssb_cc = &dev->dev->sdev->bus->chipco;
1222 
1223 		chipco_write32(ssb_cc, SSB_CHIPCO_CHIPCTL_ADDR, 0);
1224 		chipco_mask32(ssb_cc, SSB_CHIPCO_CHIPCTL_DATA, ~0x4);
1225 		chipco_set32(ssb_cc, SSB_CHIPCO_CHIPCTL_DATA, 0x4);
1226 		chipco_mask32(ssb_cc, SSB_CHIPCO_CHIPCTL_DATA, ~0x4);
1227 		break;
1228 #endif
1229 	}
1230 }
1231 
1232 #ifdef CONFIG_B43_BCMA
1233 static void b43_bcma_phy_reset(struct b43_wldev *dev)
1234 {
1235 	u32 flags;
1236 
1237 	/* Put PHY into reset */
1238 	flags = bcma_aread32(dev->dev->bdev, BCMA_IOCTL);
1239 	flags |= B43_BCMA_IOCTL_PHY_RESET;
1240 	flags |= B43_BCMA_IOCTL_PHY_BW_20MHZ; /* Make 20 MHz def */
1241 	bcma_awrite32(dev->dev->bdev, BCMA_IOCTL, flags);
1242 	udelay(2);
1243 
1244 	b43_phy_take_out_of_reset(dev);
1245 }
1246 
1247 static void b43_bcma_wireless_core_reset(struct b43_wldev *dev, bool gmode)
1248 {
1249 	u32 req = B43_BCMA_CLKCTLST_80211_PLL_REQ |
1250 		  B43_BCMA_CLKCTLST_PHY_PLL_REQ;
1251 	u32 status = B43_BCMA_CLKCTLST_80211_PLL_ST |
1252 		     B43_BCMA_CLKCTLST_PHY_PLL_ST;
1253 	u32 flags;
1254 
1255 	flags = B43_BCMA_IOCTL_PHY_CLKEN;
1256 	if (gmode)
1257 		flags |= B43_BCMA_IOCTL_GMODE;
1258 	b43_device_enable(dev, flags);
1259 
1260 	if (dev->phy.type == B43_PHYTYPE_AC) {
1261 		u16 tmp;
1262 
1263 		tmp = bcma_aread32(dev->dev->bdev, BCMA_IOCTL);
1264 		tmp &= ~B43_BCMA_IOCTL_DAC;
1265 		tmp |= 0x100;
1266 		bcma_awrite32(dev->dev->bdev, BCMA_IOCTL, tmp);
1267 
1268 		tmp = bcma_aread32(dev->dev->bdev, BCMA_IOCTL);
1269 		tmp &= ~B43_BCMA_IOCTL_PHY_CLKEN;
1270 		bcma_awrite32(dev->dev->bdev, BCMA_IOCTL, tmp);
1271 
1272 		tmp = bcma_aread32(dev->dev->bdev, BCMA_IOCTL);
1273 		tmp |= B43_BCMA_IOCTL_PHY_CLKEN;
1274 		bcma_awrite32(dev->dev->bdev, BCMA_IOCTL, tmp);
1275 	}
1276 
1277 	bcma_core_set_clockmode(dev->dev->bdev, BCMA_CLKMODE_FAST);
1278 	b43_bcma_phy_reset(dev);
1279 	bcma_core_pll_ctl(dev->dev->bdev, req, status, true);
1280 }
1281 #endif
1282 
1283 #ifdef CONFIG_B43_SSB
1284 static void b43_ssb_wireless_core_reset(struct b43_wldev *dev, bool gmode)
1285 {
1286 	u32 flags = 0;
1287 
1288 	if (gmode)
1289 		flags |= B43_TMSLOW_GMODE;
1290 	flags |= B43_TMSLOW_PHYCLKEN;
1291 	flags |= B43_TMSLOW_PHYRESET;
1292 	if (dev->phy.type == B43_PHYTYPE_N)
1293 		flags |= B43_TMSLOW_PHY_BANDWIDTH_20MHZ; /* Make 20 MHz def */
1294 	b43_device_enable(dev, flags);
1295 	msleep(2);		/* Wait for the PLL to turn on. */
1296 
1297 	b43_phy_take_out_of_reset(dev);
1298 }
1299 #endif
1300 
1301 void b43_wireless_core_reset(struct b43_wldev *dev, bool gmode)
1302 {
1303 	u32 macctl;
1304 
1305 	switch (dev->dev->bus_type) {
1306 #ifdef CONFIG_B43_BCMA
1307 	case B43_BUS_BCMA:
1308 		b43_bcma_wireless_core_reset(dev, gmode);
1309 		break;
1310 #endif
1311 #ifdef CONFIG_B43_SSB
1312 	case B43_BUS_SSB:
1313 		b43_ssb_wireless_core_reset(dev, gmode);
1314 		break;
1315 #endif
1316 	}
1317 
1318 	/* Turn Analog ON, but only if we already know the PHY-type.
1319 	 * This protects against very early setup where we don't know the
1320 	 * PHY-type, yet. wireless_core_reset will be called once again later,
1321 	 * when we know the PHY-type. */
1322 	if (dev->phy.ops)
1323 		dev->phy.ops->switch_analog(dev, 1);
1324 
1325 	macctl = b43_read32(dev, B43_MMIO_MACCTL);
1326 	macctl &= ~B43_MACCTL_GMODE;
1327 	if (gmode)
1328 		macctl |= B43_MACCTL_GMODE;
1329 	macctl |= B43_MACCTL_IHR_ENABLED;
1330 	b43_write32(dev, B43_MMIO_MACCTL, macctl);
1331 }
1332 
1333 static void handle_irq_transmit_status(struct b43_wldev *dev)
1334 {
1335 	u32 v0, v1;
1336 	u16 tmp;
1337 	struct b43_txstatus stat;
1338 
1339 	while (1) {
1340 		v0 = b43_read32(dev, B43_MMIO_XMITSTAT_0);
1341 		if (!(v0 & 0x00000001))
1342 			break;
1343 		v1 = b43_read32(dev, B43_MMIO_XMITSTAT_1);
1344 
1345 		stat.cookie = (v0 >> 16);
1346 		stat.seq = (v1 & 0x0000FFFF);
1347 		stat.phy_stat = ((v1 & 0x00FF0000) >> 16);
1348 		tmp = (v0 & 0x0000FFFF);
1349 		stat.frame_count = ((tmp & 0xF000) >> 12);
1350 		stat.rts_count = ((tmp & 0x0F00) >> 8);
1351 		stat.supp_reason = ((tmp & 0x001C) >> 2);
1352 		stat.pm_indicated = !!(tmp & 0x0080);
1353 		stat.intermediate = !!(tmp & 0x0040);
1354 		stat.for_ampdu = !!(tmp & 0x0020);
1355 		stat.acked = !!(tmp & 0x0002);
1356 
1357 		b43_handle_txstatus(dev, &stat);
1358 	}
1359 }
1360 
1361 static void drain_txstatus_queue(struct b43_wldev *dev)
1362 {
1363 	u32 dummy;
1364 
1365 	if (dev->dev->core_rev < 5)
1366 		return;
1367 	/* Read all entries from the microcode TXstatus FIFO
1368 	 * and throw them away.
1369 	 */
1370 	while (1) {
1371 		dummy = b43_read32(dev, B43_MMIO_XMITSTAT_0);
1372 		if (!(dummy & 0x00000001))
1373 			break;
1374 		dummy = b43_read32(dev, B43_MMIO_XMITSTAT_1);
1375 	}
1376 }
1377 
1378 static u32 b43_jssi_read(struct b43_wldev *dev)
1379 {
1380 	u32 val = 0;
1381 
1382 	val = b43_shm_read16(dev, B43_SHM_SHARED, B43_SHM_SH_JSSI1);
1383 	val <<= 16;
1384 	val |= b43_shm_read16(dev, B43_SHM_SHARED, B43_SHM_SH_JSSI0);
1385 
1386 	return val;
1387 }
1388 
1389 static void b43_jssi_write(struct b43_wldev *dev, u32 jssi)
1390 {
1391 	b43_shm_write16(dev, B43_SHM_SHARED, B43_SHM_SH_JSSI0,
1392 			(jssi & 0x0000FFFF));
1393 	b43_shm_write16(dev, B43_SHM_SHARED, B43_SHM_SH_JSSI1,
1394 			(jssi & 0xFFFF0000) >> 16);
1395 }
1396 
1397 static void b43_generate_noise_sample(struct b43_wldev *dev)
1398 {
1399 	b43_jssi_write(dev, 0x7F7F7F7F);
1400 	b43_write32(dev, B43_MMIO_MACCMD,
1401 		    b43_read32(dev, B43_MMIO_MACCMD) | B43_MACCMD_BGNOISE);
1402 }
1403 
1404 static void b43_calculate_link_quality(struct b43_wldev *dev)
1405 {
1406 	/* Top half of Link Quality calculation. */
1407 
1408 	if (dev->phy.type != B43_PHYTYPE_G)
1409 		return;
1410 	if (dev->noisecalc.calculation_running)
1411 		return;
1412 	dev->noisecalc.calculation_running = true;
1413 	dev->noisecalc.nr_samples = 0;
1414 
1415 	b43_generate_noise_sample(dev);
1416 }
1417 
1418 static void handle_irq_noise(struct b43_wldev *dev)
1419 {
1420 	struct b43_phy_g *phy = dev->phy.g;
1421 	u16 tmp;
1422 	u8 noise[4];
1423 	u8 i, j;
1424 	s32 average;
1425 
1426 	/* Bottom half of Link Quality calculation. */
1427 
1428 	if (dev->phy.type != B43_PHYTYPE_G)
1429 		return;
1430 
1431 	/* Possible race condition: It might be possible that the user
1432 	 * changed to a different channel in the meantime since we
1433 	 * started the calculation. We ignore that fact, since it's
1434 	 * not really that much of a problem. The background noise is
1435 	 * an estimation only anyway. Slightly wrong results will get damped
1436 	 * by the averaging of the 8 sample rounds. Additionally the
1437 	 * value is shortlived. So it will be replaced by the next noise
1438 	 * calculation round soon. */
1439 
1440 	B43_WARN_ON(!dev->noisecalc.calculation_running);
1441 	*((__le32 *)noise) = cpu_to_le32(b43_jssi_read(dev));
1442 	if (noise[0] == 0x7F || noise[1] == 0x7F ||
1443 	    noise[2] == 0x7F || noise[3] == 0x7F)
1444 		goto generate_new;
1445 
1446 	/* Get the noise samples. */
1447 	B43_WARN_ON(dev->noisecalc.nr_samples >= 8);
1448 	i = dev->noisecalc.nr_samples;
1449 	noise[0] = clamp_val(noise[0], 0, ARRAY_SIZE(phy->nrssi_lt) - 1);
1450 	noise[1] = clamp_val(noise[1], 0, ARRAY_SIZE(phy->nrssi_lt) - 1);
1451 	noise[2] = clamp_val(noise[2], 0, ARRAY_SIZE(phy->nrssi_lt) - 1);
1452 	noise[3] = clamp_val(noise[3], 0, ARRAY_SIZE(phy->nrssi_lt) - 1);
1453 	dev->noisecalc.samples[i][0] = phy->nrssi_lt[noise[0]];
1454 	dev->noisecalc.samples[i][1] = phy->nrssi_lt[noise[1]];
1455 	dev->noisecalc.samples[i][2] = phy->nrssi_lt[noise[2]];
1456 	dev->noisecalc.samples[i][3] = phy->nrssi_lt[noise[3]];
1457 	dev->noisecalc.nr_samples++;
1458 	if (dev->noisecalc.nr_samples == 8) {
1459 		/* Calculate the Link Quality by the noise samples. */
1460 		average = 0;
1461 		for (i = 0; i < 8; i++) {
1462 			for (j = 0; j < 4; j++)
1463 				average += dev->noisecalc.samples[i][j];
1464 		}
1465 		average /= (8 * 4);
1466 		average *= 125;
1467 		average += 64;
1468 		average /= 128;
1469 		tmp = b43_shm_read16(dev, B43_SHM_SHARED, 0x40C);
1470 		tmp = (tmp / 128) & 0x1F;
1471 		if (tmp >= 8)
1472 			average += 2;
1473 		else
1474 			average -= 25;
1475 		if (tmp == 8)
1476 			average -= 72;
1477 		else
1478 			average -= 48;
1479 
1480 		dev->stats.link_noise = average;
1481 		dev->noisecalc.calculation_running = false;
1482 		return;
1483 	}
1484 generate_new:
1485 	b43_generate_noise_sample(dev);
1486 }
1487 
1488 static void handle_irq_tbtt_indication(struct b43_wldev *dev)
1489 {
1490 	if (b43_is_mode(dev->wl, NL80211_IFTYPE_AP)) {
1491 		///TODO: PS TBTT
1492 	} else {
1493 		if (1 /*FIXME: the last PSpoll frame was sent successfully */ )
1494 			b43_power_saving_ctl_bits(dev, 0);
1495 	}
1496 	if (b43_is_mode(dev->wl, NL80211_IFTYPE_ADHOC))
1497 		dev->dfq_valid = true;
1498 }
1499 
1500 static void handle_irq_atim_end(struct b43_wldev *dev)
1501 {
1502 	if (dev->dfq_valid) {
1503 		b43_write32(dev, B43_MMIO_MACCMD,
1504 			    b43_read32(dev, B43_MMIO_MACCMD)
1505 			    | B43_MACCMD_DFQ_VALID);
1506 		dev->dfq_valid = false;
1507 	}
1508 }
1509 
1510 static void handle_irq_pmq(struct b43_wldev *dev)
1511 {
1512 	u32 tmp;
1513 
1514 	//TODO: AP mode.
1515 
1516 	while (1) {
1517 		tmp = b43_read32(dev, B43_MMIO_PS_STATUS);
1518 		if (!(tmp & 0x00000008))
1519 			break;
1520 	}
1521 	/* 16bit write is odd, but correct. */
1522 	b43_write16(dev, B43_MMIO_PS_STATUS, 0x0002);
1523 }
1524 
1525 static void b43_write_template_common(struct b43_wldev *dev,
1526 				      const u8 *data, u16 size,
1527 				      u16 ram_offset,
1528 				      u16 shm_size_offset, u8 rate)
1529 {
1530 	u32 i, tmp;
1531 	struct b43_plcp_hdr4 plcp;
1532 
1533 	plcp.data = 0;
1534 	b43_generate_plcp_hdr(&plcp, size + FCS_LEN, rate);
1535 	b43_ram_write(dev, ram_offset, le32_to_cpu(plcp.data));
1536 	ram_offset += sizeof(u32);
1537 	/* The PLCP is 6 bytes long, but we only wrote 4 bytes, yet.
1538 	 * So leave the first two bytes of the next write blank.
1539 	 */
1540 	tmp = (u32) (data[0]) << 16;
1541 	tmp |= (u32) (data[1]) << 24;
1542 	b43_ram_write(dev, ram_offset, tmp);
1543 	ram_offset += sizeof(u32);
1544 	for (i = 2; i < size; i += sizeof(u32)) {
1545 		tmp = (u32) (data[i + 0]);
1546 		if (i + 1 < size)
1547 			tmp |= (u32) (data[i + 1]) << 8;
1548 		if (i + 2 < size)
1549 			tmp |= (u32) (data[i + 2]) << 16;
1550 		if (i + 3 < size)
1551 			tmp |= (u32) (data[i + 3]) << 24;
1552 		b43_ram_write(dev, ram_offset + i - 2, tmp);
1553 	}
1554 	b43_shm_write16(dev, B43_SHM_SHARED, shm_size_offset,
1555 			size + sizeof(struct b43_plcp_hdr6));
1556 }
1557 
1558 /* Check if the use of the antenna that ieee80211 told us to
1559  * use is possible. This will fall back to DEFAULT.
1560  * "antenna_nr" is the antenna identifier we got from ieee80211. */
1561 u8 b43_ieee80211_antenna_sanitize(struct b43_wldev *dev,
1562 				  u8 antenna_nr)
1563 {
1564 	u8 antenna_mask;
1565 
1566 	if (antenna_nr == 0) {
1567 		/* Zero means "use default antenna". That's always OK. */
1568 		return 0;
1569 	}
1570 
1571 	/* Get the mask of available antennas. */
1572 	if (dev->phy.gmode)
1573 		antenna_mask = dev->dev->bus_sprom->ant_available_bg;
1574 	else
1575 		antenna_mask = dev->dev->bus_sprom->ant_available_a;
1576 
1577 	if (!(antenna_mask & (1 << (antenna_nr - 1)))) {
1578 		/* This antenna is not available. Fall back to default. */
1579 		return 0;
1580 	}
1581 
1582 	return antenna_nr;
1583 }
1584 
1585 /* Convert a b43 antenna number value to the PHY TX control value. */
1586 static u16 b43_antenna_to_phyctl(int antenna)
1587 {
1588 	switch (antenna) {
1589 	case B43_ANTENNA0:
1590 		return B43_TXH_PHY_ANT0;
1591 	case B43_ANTENNA1:
1592 		return B43_TXH_PHY_ANT1;
1593 	case B43_ANTENNA2:
1594 		return B43_TXH_PHY_ANT2;
1595 	case B43_ANTENNA3:
1596 		return B43_TXH_PHY_ANT3;
1597 	case B43_ANTENNA_AUTO0:
1598 	case B43_ANTENNA_AUTO1:
1599 		return B43_TXH_PHY_ANT01AUTO;
1600 	}
1601 	B43_WARN_ON(1);
1602 	return 0;
1603 }
1604 
1605 static void b43_write_beacon_template(struct b43_wldev *dev,
1606 				      u16 ram_offset,
1607 				      u16 shm_size_offset)
1608 {
1609 	unsigned int i, len, variable_len;
1610 	const struct ieee80211_mgmt *bcn;
1611 	const u8 *ie;
1612 	bool tim_found = false;
1613 	unsigned int rate;
1614 	u16 ctl;
1615 	int antenna;
1616 	struct ieee80211_tx_info *info;
1617 	unsigned long flags;
1618 	struct sk_buff *beacon_skb;
1619 
1620 	spin_lock_irqsave(&dev->wl->beacon_lock, flags);
1621 	info = IEEE80211_SKB_CB(dev->wl->current_beacon);
1622 	rate = ieee80211_get_tx_rate(dev->wl->hw, info)->hw_value;
1623 	/* Clone the beacon, so it cannot go away, while we write it to hw. */
1624 	beacon_skb = skb_clone(dev->wl->current_beacon, GFP_ATOMIC);
1625 	spin_unlock_irqrestore(&dev->wl->beacon_lock, flags);
1626 
1627 	if (!beacon_skb) {
1628 		b43dbg(dev->wl, "Could not upload beacon. "
1629 		       "Failed to clone beacon skb.");
1630 		return;
1631 	}
1632 
1633 	bcn = (const struct ieee80211_mgmt *)(beacon_skb->data);
1634 	len = min_t(size_t, beacon_skb->len,
1635 		    0x200 - sizeof(struct b43_plcp_hdr6));
1636 
1637 	b43_write_template_common(dev, (const u8 *)bcn,
1638 				  len, ram_offset, shm_size_offset, rate);
1639 
1640 	/* Write the PHY TX control parameters. */
1641 	antenna = B43_ANTENNA_DEFAULT;
1642 	antenna = b43_antenna_to_phyctl(antenna);
1643 	ctl = b43_shm_read16(dev, B43_SHM_SHARED, B43_SHM_SH_BEACPHYCTL);
1644 	/* We can't send beacons with short preamble. Would get PHY errors. */
1645 	ctl &= ~B43_TXH_PHY_SHORTPRMBL;
1646 	ctl &= ~B43_TXH_PHY_ANT;
1647 	ctl &= ~B43_TXH_PHY_ENC;
1648 	ctl |= antenna;
1649 	if (b43_is_cck_rate(rate))
1650 		ctl |= B43_TXH_PHY_ENC_CCK;
1651 	else
1652 		ctl |= B43_TXH_PHY_ENC_OFDM;
1653 	b43_shm_write16(dev, B43_SHM_SHARED, B43_SHM_SH_BEACPHYCTL, ctl);
1654 
1655 	/* Find the position of the TIM and the DTIM_period value
1656 	 * and write them to SHM. */
1657 	ie = bcn->u.beacon.variable;
1658 	variable_len = len - offsetof(struct ieee80211_mgmt, u.beacon.variable);
1659 	for (i = 0; i < variable_len - 2; ) {
1660 		uint8_t ie_id, ie_len;
1661 
1662 		ie_id = ie[i];
1663 		ie_len = ie[i + 1];
1664 		if (ie_id == 5) {
1665 			u16 tim_position;
1666 			u16 dtim_period;
1667 			/* This is the TIM Information Element */
1668 
1669 			/* Check whether the ie_len is in the beacon data range. */
1670 			if (variable_len < ie_len + 2 + i)
1671 				break;
1672 			/* A valid TIM is at least 4 bytes long. */
1673 			if (ie_len < 4)
1674 				break;
1675 			tim_found = true;
1676 
1677 			tim_position = sizeof(struct b43_plcp_hdr6);
1678 			tim_position += offsetof(struct ieee80211_mgmt, u.beacon.variable);
1679 			tim_position += i;
1680 
1681 			dtim_period = ie[i + 3];
1682 
1683 			b43_shm_write16(dev, B43_SHM_SHARED,
1684 					B43_SHM_SH_TIMBPOS, tim_position);
1685 			b43_shm_write16(dev, B43_SHM_SHARED,
1686 					B43_SHM_SH_DTIMPER, dtim_period);
1687 			break;
1688 		}
1689 		i += ie_len + 2;
1690 	}
1691 	if (!tim_found) {
1692 		/*
1693 		 * If ucode wants to modify TIM do it behind the beacon, this
1694 		 * will happen, for example, when doing mesh networking.
1695 		 */
1696 		b43_shm_write16(dev, B43_SHM_SHARED,
1697 				B43_SHM_SH_TIMBPOS,
1698 				len + sizeof(struct b43_plcp_hdr6));
1699 		b43_shm_write16(dev, B43_SHM_SHARED,
1700 				B43_SHM_SH_DTIMPER, 0);
1701 	}
1702 	b43dbg(dev->wl, "Updated beacon template at 0x%x\n", ram_offset);
1703 
1704 	dev_kfree_skb_any(beacon_skb);
1705 }
1706 
1707 static void b43_upload_beacon0(struct b43_wldev *dev)
1708 {
1709 	struct b43_wl *wl = dev->wl;
1710 
1711 	if (wl->beacon0_uploaded)
1712 		return;
1713 	b43_write_beacon_template(dev, B43_SHM_SH_BT_BASE0, B43_SHM_SH_BTL0);
1714 	wl->beacon0_uploaded = true;
1715 }
1716 
1717 static void b43_upload_beacon1(struct b43_wldev *dev)
1718 {
1719 	struct b43_wl *wl = dev->wl;
1720 
1721 	if (wl->beacon1_uploaded)
1722 		return;
1723 	b43_write_beacon_template(dev, B43_SHM_SH_BT_BASE1, B43_SHM_SH_BTL1);
1724 	wl->beacon1_uploaded = true;
1725 }
1726 
1727 static void handle_irq_beacon(struct b43_wldev *dev)
1728 {
1729 	struct b43_wl *wl = dev->wl;
1730 	u32 cmd, beacon0_valid, beacon1_valid;
1731 
1732 	if (!b43_is_mode(wl, NL80211_IFTYPE_AP) &&
1733 	    !b43_is_mode(wl, NL80211_IFTYPE_MESH_POINT) &&
1734 	    !b43_is_mode(wl, NL80211_IFTYPE_ADHOC))
1735 		return;
1736 
1737 	/* This is the bottom half of the asynchronous beacon update. */
1738 
1739 	/* Ignore interrupt in the future. */
1740 	dev->irq_mask &= ~B43_IRQ_BEACON;
1741 
1742 	cmd = b43_read32(dev, B43_MMIO_MACCMD);
1743 	beacon0_valid = (cmd & B43_MACCMD_BEACON0_VALID);
1744 	beacon1_valid = (cmd & B43_MACCMD_BEACON1_VALID);
1745 
1746 	/* Schedule interrupt manually, if busy. */
1747 	if (beacon0_valid && beacon1_valid) {
1748 		b43_write32(dev, B43_MMIO_GEN_IRQ_REASON, B43_IRQ_BEACON);
1749 		dev->irq_mask |= B43_IRQ_BEACON;
1750 		return;
1751 	}
1752 
1753 	if (unlikely(wl->beacon_templates_virgin)) {
1754 		/* We never uploaded a beacon before.
1755 		 * Upload both templates now, but only mark one valid. */
1756 		wl->beacon_templates_virgin = false;
1757 		b43_upload_beacon0(dev);
1758 		b43_upload_beacon1(dev);
1759 		cmd = b43_read32(dev, B43_MMIO_MACCMD);
1760 		cmd |= B43_MACCMD_BEACON0_VALID;
1761 		b43_write32(dev, B43_MMIO_MACCMD, cmd);
1762 	} else {
1763 		if (!beacon0_valid) {
1764 			b43_upload_beacon0(dev);
1765 			cmd = b43_read32(dev, B43_MMIO_MACCMD);
1766 			cmd |= B43_MACCMD_BEACON0_VALID;
1767 			b43_write32(dev, B43_MMIO_MACCMD, cmd);
1768 		} else if (!beacon1_valid) {
1769 			b43_upload_beacon1(dev);
1770 			cmd = b43_read32(dev, B43_MMIO_MACCMD);
1771 			cmd |= B43_MACCMD_BEACON1_VALID;
1772 			b43_write32(dev, B43_MMIO_MACCMD, cmd);
1773 		}
1774 	}
1775 }
1776 
1777 static void b43_do_beacon_update_trigger_work(struct b43_wldev *dev)
1778 {
1779 	u32 old_irq_mask = dev->irq_mask;
1780 
1781 	/* update beacon right away or defer to irq */
1782 	handle_irq_beacon(dev);
1783 	if (old_irq_mask != dev->irq_mask) {
1784 		/* The handler updated the IRQ mask. */
1785 		B43_WARN_ON(!dev->irq_mask);
1786 		if (b43_read32(dev, B43_MMIO_GEN_IRQ_MASK)) {
1787 			b43_write32(dev, B43_MMIO_GEN_IRQ_MASK, dev->irq_mask);
1788 		} else {
1789 			/* Device interrupts are currently disabled. That means
1790 			 * we just ran the hardirq handler and scheduled the
1791 			 * IRQ thread. The thread will write the IRQ mask when
1792 			 * it finished, so there's nothing to do here. Writing
1793 			 * the mask _here_ would incorrectly re-enable IRQs. */
1794 		}
1795 	}
1796 }
1797 
1798 static void b43_beacon_update_trigger_work(struct work_struct *work)
1799 {
1800 	struct b43_wl *wl = container_of(work, struct b43_wl,
1801 					 beacon_update_trigger);
1802 	struct b43_wldev *dev;
1803 
1804 	mutex_lock(&wl->mutex);
1805 	dev = wl->current_dev;
1806 	if (likely(dev && (b43_status(dev) >= B43_STAT_INITIALIZED))) {
1807 		if (b43_bus_host_is_sdio(dev->dev)) {
1808 			/* wl->mutex is enough. */
1809 			b43_do_beacon_update_trigger_work(dev);
1810 		} else {
1811 			spin_lock_irq(&wl->hardirq_lock);
1812 			b43_do_beacon_update_trigger_work(dev);
1813 			spin_unlock_irq(&wl->hardirq_lock);
1814 		}
1815 	}
1816 	mutex_unlock(&wl->mutex);
1817 }
1818 
1819 /* Asynchronously update the packet templates in template RAM. */
1820 static void b43_update_templates(struct b43_wl *wl)
1821 {
1822 	struct sk_buff *beacon, *old_beacon;
1823 	unsigned long flags;
1824 
1825 	/* This is the top half of the asynchronous beacon update.
1826 	 * The bottom half is the beacon IRQ.
1827 	 * Beacon update must be asynchronous to avoid sending an
1828 	 * invalid beacon. This can happen for example, if the firmware
1829 	 * transmits a beacon while we are updating it. */
1830 
1831 	/* We could modify the existing beacon and set the aid bit in
1832 	 * the TIM field, but that would probably require resizing and
1833 	 * moving of data within the beacon template.
1834 	 * Simply request a new beacon and let mac80211 do the hard work. */
1835 	beacon = ieee80211_beacon_get(wl->hw, wl->vif, 0);
1836 	if (unlikely(!beacon))
1837 		return;
1838 
1839 	spin_lock_irqsave(&wl->beacon_lock, flags);
1840 	old_beacon = wl->current_beacon;
1841 	wl->current_beacon = beacon;
1842 	wl->beacon0_uploaded = false;
1843 	wl->beacon1_uploaded = false;
1844 	spin_unlock_irqrestore(&wl->beacon_lock, flags);
1845 
1846 	ieee80211_queue_work(wl->hw, &wl->beacon_update_trigger);
1847 
1848 	if (old_beacon)
1849 		dev_kfree_skb_any(old_beacon);
1850 }
1851 
1852 static void b43_set_beacon_int(struct b43_wldev *dev, u16 beacon_int)
1853 {
1854 	b43_time_lock(dev);
1855 	if (dev->dev->core_rev >= 3) {
1856 		b43_write32(dev, B43_MMIO_TSF_CFP_REP, (beacon_int << 16));
1857 		b43_write32(dev, B43_MMIO_TSF_CFP_START, (beacon_int << 10));
1858 	} else {
1859 		b43_write16(dev, 0x606, (beacon_int >> 6));
1860 		b43_write16(dev, 0x610, beacon_int);
1861 	}
1862 	b43_time_unlock(dev);
1863 	b43dbg(dev->wl, "Set beacon interval to %u\n", beacon_int);
1864 }
1865 
1866 static void b43_handle_firmware_panic(struct b43_wldev *dev)
1867 {
1868 	u16 reason;
1869 
1870 	/* Read the register that contains the reason code for the panic. */
1871 	reason = b43_shm_read16(dev, B43_SHM_SCRATCH, B43_FWPANIC_REASON_REG);
1872 	b43err(dev->wl, "Whoopsy, firmware panic! Reason: %u\n", reason);
1873 
1874 	switch (reason) {
1875 	default:
1876 		b43dbg(dev->wl, "The panic reason is unknown.\n");
1877 		fallthrough;
1878 	case B43_FWPANIC_DIE:
1879 		/* Do not restart the controller or firmware.
1880 		 * The device is nonfunctional from now on.
1881 		 * Restarting would result in this panic to trigger again,
1882 		 * so we avoid that recursion. */
1883 		break;
1884 	case B43_FWPANIC_RESTART:
1885 		b43_controller_restart(dev, "Microcode panic");
1886 		break;
1887 	}
1888 }
1889 
1890 static void handle_irq_ucode_debug(struct b43_wldev *dev)
1891 {
1892 	unsigned int i, cnt;
1893 	u16 reason, marker_id, marker_line;
1894 	__le16 *buf;
1895 
1896 	/* The proprietary firmware doesn't have this IRQ. */
1897 	if (!dev->fw.opensource)
1898 		return;
1899 
1900 	/* Read the register that contains the reason code for this IRQ. */
1901 	reason = b43_shm_read16(dev, B43_SHM_SCRATCH, B43_DEBUGIRQ_REASON_REG);
1902 
1903 	switch (reason) {
1904 	case B43_DEBUGIRQ_PANIC:
1905 		b43_handle_firmware_panic(dev);
1906 		break;
1907 	case B43_DEBUGIRQ_DUMP_SHM:
1908 		if (!B43_DEBUG)
1909 			break; /* Only with driver debugging enabled. */
1910 		buf = kmalloc(4096, GFP_ATOMIC);
1911 		if (!buf) {
1912 			b43dbg(dev->wl, "SHM-dump: Failed to allocate memory\n");
1913 			goto out;
1914 		}
1915 		for (i = 0; i < 4096; i += 2) {
1916 			u16 tmp = b43_shm_read16(dev, B43_SHM_SHARED, i);
1917 			buf[i / 2] = cpu_to_le16(tmp);
1918 		}
1919 		b43info(dev->wl, "Shared memory dump:\n");
1920 		print_hex_dump(KERN_INFO, "", DUMP_PREFIX_OFFSET,
1921 			       16, 2, buf, 4096, 1);
1922 		kfree(buf);
1923 		break;
1924 	case B43_DEBUGIRQ_DUMP_REGS:
1925 		if (!B43_DEBUG)
1926 			break; /* Only with driver debugging enabled. */
1927 		b43info(dev->wl, "Microcode register dump:\n");
1928 		for (i = 0, cnt = 0; i < 64; i++) {
1929 			u16 tmp = b43_shm_read16(dev, B43_SHM_SCRATCH, i);
1930 			if (cnt == 0)
1931 				printk(KERN_INFO);
1932 			printk("r%02u: 0x%04X  ", i, tmp);
1933 			cnt++;
1934 			if (cnt == 6) {
1935 				printk("\n");
1936 				cnt = 0;
1937 			}
1938 		}
1939 		printk("\n");
1940 		break;
1941 	case B43_DEBUGIRQ_MARKER:
1942 		if (!B43_DEBUG)
1943 			break; /* Only with driver debugging enabled. */
1944 		marker_id = b43_shm_read16(dev, B43_SHM_SCRATCH,
1945 					   B43_MARKER_ID_REG);
1946 		marker_line = b43_shm_read16(dev, B43_SHM_SCRATCH,
1947 					     B43_MARKER_LINE_REG);
1948 		b43info(dev->wl, "The firmware just executed the MARKER(%u) "
1949 			"at line number %u\n",
1950 			marker_id, marker_line);
1951 		break;
1952 	default:
1953 		b43dbg(dev->wl, "Debug-IRQ triggered for unknown reason: %u\n",
1954 		       reason);
1955 	}
1956 out:
1957 	/* Acknowledge the debug-IRQ, so the firmware can continue. */
1958 	b43_shm_write16(dev, B43_SHM_SCRATCH,
1959 			B43_DEBUGIRQ_REASON_REG, B43_DEBUGIRQ_ACK);
1960 }
1961 
1962 static void b43_do_interrupt_thread(struct b43_wldev *dev)
1963 {
1964 	u32 reason;
1965 	u32 dma_reason[ARRAY_SIZE(dev->dma_reason)];
1966 	u32 merged_dma_reason = 0;
1967 	int i;
1968 
1969 	if (unlikely(b43_status(dev) != B43_STAT_STARTED))
1970 		return;
1971 
1972 	reason = dev->irq_reason;
1973 	for (i = 0; i < ARRAY_SIZE(dma_reason); i++) {
1974 		dma_reason[i] = dev->dma_reason[i];
1975 		merged_dma_reason |= dma_reason[i];
1976 	}
1977 
1978 	if (unlikely(reason & B43_IRQ_MAC_TXERR))
1979 		b43err(dev->wl, "MAC transmission error\n");
1980 
1981 	if (unlikely(reason & B43_IRQ_PHY_TXERR)) {
1982 		b43err(dev->wl, "PHY transmission error\n");
1983 		rmb();
1984 		if (unlikely(atomic_dec_and_test(&dev->phy.txerr_cnt))) {
1985 			atomic_set(&dev->phy.txerr_cnt,
1986 				   B43_PHY_TX_BADNESS_LIMIT);
1987 			b43err(dev->wl, "Too many PHY TX errors, "
1988 					"restarting the controller\n");
1989 			b43_controller_restart(dev, "PHY TX errors");
1990 		}
1991 	}
1992 
1993 	if (unlikely(merged_dma_reason & (B43_DMAIRQ_FATALMASK))) {
1994 		b43err(dev->wl,
1995 			"Fatal DMA error: 0x%08X, 0x%08X, 0x%08X, 0x%08X, 0x%08X, 0x%08X\n",
1996 			dma_reason[0], dma_reason[1],
1997 			dma_reason[2], dma_reason[3],
1998 			dma_reason[4], dma_reason[5]);
1999 		b43err(dev->wl, "This device does not support DMA "
2000 			       "on your system. It will now be switched to PIO.\n");
2001 		/* Fall back to PIO transfers if we get fatal DMA errors! */
2002 		dev->use_pio = true;
2003 		b43_controller_restart(dev, "DMA error");
2004 		return;
2005 	}
2006 
2007 	if (unlikely(reason & B43_IRQ_UCODE_DEBUG))
2008 		handle_irq_ucode_debug(dev);
2009 	if (reason & B43_IRQ_TBTT_INDI)
2010 		handle_irq_tbtt_indication(dev);
2011 	if (reason & B43_IRQ_ATIM_END)
2012 		handle_irq_atim_end(dev);
2013 	if (reason & B43_IRQ_BEACON)
2014 		handle_irq_beacon(dev);
2015 	if (reason & B43_IRQ_PMQ)
2016 		handle_irq_pmq(dev);
2017 	if (reason & B43_IRQ_TXFIFO_FLUSH_OK) {
2018 		;/* TODO */
2019 	}
2020 	if (reason & B43_IRQ_NOISESAMPLE_OK)
2021 		handle_irq_noise(dev);
2022 
2023 	/* Check the DMA reason registers for received data. */
2024 	if (dma_reason[0] & B43_DMAIRQ_RDESC_UFLOW) {
2025 		if (B43_DEBUG)
2026 			b43warn(dev->wl, "RX descriptor underrun\n");
2027 		b43_dma_handle_rx_overflow(dev->dma.rx_ring);
2028 	}
2029 	if (dma_reason[0] & B43_DMAIRQ_RX_DONE) {
2030 		if (b43_using_pio_transfers(dev))
2031 			b43_pio_rx(dev->pio.rx_queue);
2032 		else
2033 			b43_dma_rx(dev->dma.rx_ring);
2034 	}
2035 	B43_WARN_ON(dma_reason[1] & B43_DMAIRQ_RX_DONE);
2036 	B43_WARN_ON(dma_reason[2] & B43_DMAIRQ_RX_DONE);
2037 	B43_WARN_ON(dma_reason[3] & B43_DMAIRQ_RX_DONE);
2038 	B43_WARN_ON(dma_reason[4] & B43_DMAIRQ_RX_DONE);
2039 	B43_WARN_ON(dma_reason[5] & B43_DMAIRQ_RX_DONE);
2040 
2041 	if (reason & B43_IRQ_TX_OK)
2042 		handle_irq_transmit_status(dev);
2043 
2044 	/* Re-enable interrupts on the device by restoring the current interrupt mask. */
2045 	b43_write32(dev, B43_MMIO_GEN_IRQ_MASK, dev->irq_mask);
2046 
2047 #if B43_DEBUG
2048 	if (b43_debug(dev, B43_DBG_VERBOSESTATS)) {
2049 		dev->irq_count++;
2050 		for (i = 0; i < ARRAY_SIZE(dev->irq_bit_count); i++) {
2051 			if (reason & (1 << i))
2052 				dev->irq_bit_count[i]++;
2053 		}
2054 	}
2055 #endif
2056 }
2057 
2058 /* Interrupt thread handler. Handles device interrupts in thread context. */
2059 static irqreturn_t b43_interrupt_thread_handler(int irq, void *dev_id)
2060 {
2061 	struct b43_wldev *dev = dev_id;
2062 
2063 	mutex_lock(&dev->wl->mutex);
2064 	b43_do_interrupt_thread(dev);
2065 	mutex_unlock(&dev->wl->mutex);
2066 
2067 	return IRQ_HANDLED;
2068 }
2069 
2070 static irqreturn_t b43_do_interrupt(struct b43_wldev *dev)
2071 {
2072 	u32 reason;
2073 
2074 	/* This code runs under wl->hardirq_lock, but _only_ on non-SDIO busses.
2075 	 * On SDIO, this runs under wl->mutex. */
2076 
2077 	reason = b43_read32(dev, B43_MMIO_GEN_IRQ_REASON);
2078 	if (reason == 0xffffffff)	/* shared IRQ */
2079 		return IRQ_NONE;
2080 	reason &= dev->irq_mask;
2081 	if (!reason)
2082 		return IRQ_NONE;
2083 
2084 	dev->dma_reason[0] = b43_read32(dev, B43_MMIO_DMA0_REASON)
2085 	    & 0x0001FC00;
2086 	dev->dma_reason[1] = b43_read32(dev, B43_MMIO_DMA1_REASON)
2087 	    & 0x0000DC00;
2088 	dev->dma_reason[2] = b43_read32(dev, B43_MMIO_DMA2_REASON)
2089 	    & 0x0000DC00;
2090 	dev->dma_reason[3] = b43_read32(dev, B43_MMIO_DMA3_REASON)
2091 	    & 0x0001DC00;
2092 	dev->dma_reason[4] = b43_read32(dev, B43_MMIO_DMA4_REASON)
2093 	    & 0x0000DC00;
2094 /* Unused ring
2095 	dev->dma_reason[5] = b43_read32(dev, B43_MMIO_DMA5_REASON)
2096 	    & 0x0000DC00;
2097 */
2098 
2099 	/* ACK the interrupt. */
2100 	b43_write32(dev, B43_MMIO_GEN_IRQ_REASON, reason);
2101 	b43_write32(dev, B43_MMIO_DMA0_REASON, dev->dma_reason[0]);
2102 	b43_write32(dev, B43_MMIO_DMA1_REASON, dev->dma_reason[1]);
2103 	b43_write32(dev, B43_MMIO_DMA2_REASON, dev->dma_reason[2]);
2104 	b43_write32(dev, B43_MMIO_DMA3_REASON, dev->dma_reason[3]);
2105 	b43_write32(dev, B43_MMIO_DMA4_REASON, dev->dma_reason[4]);
2106 /* Unused ring
2107 	b43_write32(dev, B43_MMIO_DMA5_REASON, dev->dma_reason[5]);
2108 */
2109 
2110 	/* Disable IRQs on the device. The IRQ thread handler will re-enable them. */
2111 	b43_write32(dev, B43_MMIO_GEN_IRQ_MASK, 0);
2112 	/* Save the reason bitmasks for the IRQ thread handler. */
2113 	dev->irq_reason = reason;
2114 
2115 	return IRQ_WAKE_THREAD;
2116 }
2117 
2118 /* Interrupt handler top-half. This runs with interrupts disabled. */
2119 static irqreturn_t b43_interrupt_handler(int irq, void *dev_id)
2120 {
2121 	struct b43_wldev *dev = dev_id;
2122 	irqreturn_t ret;
2123 
2124 	if (unlikely(b43_status(dev) < B43_STAT_STARTED))
2125 		return IRQ_NONE;
2126 
2127 	spin_lock(&dev->wl->hardirq_lock);
2128 	ret = b43_do_interrupt(dev);
2129 	spin_unlock(&dev->wl->hardirq_lock);
2130 
2131 	return ret;
2132 }
2133 
2134 /* SDIO interrupt handler. This runs in process context. */
2135 static void b43_sdio_interrupt_handler(struct b43_wldev *dev)
2136 {
2137 	struct b43_wl *wl = dev->wl;
2138 	irqreturn_t ret;
2139 
2140 	mutex_lock(&wl->mutex);
2141 
2142 	ret = b43_do_interrupt(dev);
2143 	if (ret == IRQ_WAKE_THREAD)
2144 		b43_do_interrupt_thread(dev);
2145 
2146 	mutex_unlock(&wl->mutex);
2147 }
2148 
2149 void b43_do_release_fw(struct b43_firmware_file *fw)
2150 {
2151 	release_firmware(fw->data);
2152 	fw->data = NULL;
2153 	fw->filename = NULL;
2154 }
2155 
2156 static void b43_release_firmware(struct b43_wldev *dev)
2157 {
2158 	complete(&dev->fw_load_complete);
2159 	b43_do_release_fw(&dev->fw.ucode);
2160 	b43_do_release_fw(&dev->fw.pcm);
2161 	b43_do_release_fw(&dev->fw.initvals);
2162 	b43_do_release_fw(&dev->fw.initvals_band);
2163 }
2164 
2165 static void b43_print_fw_helptext(struct b43_wl *wl, bool error)
2166 {
2167 	const char text[] =
2168 		"You must go to " \
2169 		"https://wireless.wiki.kernel.org/en/users/Drivers/b43#devicefirmware " \
2170 		"and download the correct firmware for this driver version. " \
2171 		"Please carefully read all instructions on this website.\n";
2172 
2173 	if (error)
2174 		b43err(wl, text);
2175 	else
2176 		b43warn(wl, text);
2177 }
2178 
2179 static void b43_fw_cb(const struct firmware *firmware, void *context)
2180 {
2181 	struct b43_request_fw_context *ctx = context;
2182 
2183 	ctx->blob = firmware;
2184 	complete(&ctx->dev->fw_load_complete);
2185 }
2186 
2187 int b43_do_request_fw(struct b43_request_fw_context *ctx,
2188 		      const char *name,
2189 		      struct b43_firmware_file *fw, bool async)
2190 {
2191 	struct b43_fw_header *hdr;
2192 	u32 size;
2193 	int err;
2194 
2195 	if (!name) {
2196 		/* Don't fetch anything. Free possibly cached firmware. */
2197 		/* FIXME: We should probably keep it anyway, to save some headache
2198 		 * on suspend/resume with multiband devices. */
2199 		b43_do_release_fw(fw);
2200 		return 0;
2201 	}
2202 	if (fw->filename) {
2203 		if ((fw->type == ctx->req_type) &&
2204 		    (strcmp(fw->filename, name) == 0))
2205 			return 0; /* Already have this fw. */
2206 		/* Free the cached firmware first. */
2207 		/* FIXME: We should probably do this later after we successfully
2208 		 * got the new fw. This could reduce headache with multiband devices.
2209 		 * We could also redesign this to cache the firmware for all possible
2210 		 * bands all the time. */
2211 		b43_do_release_fw(fw);
2212 	}
2213 
2214 	switch (ctx->req_type) {
2215 	case B43_FWTYPE_PROPRIETARY:
2216 		snprintf(ctx->fwname, sizeof(ctx->fwname),
2217 			 "b43%s/%s.fw",
2218 			 modparam_fwpostfix, name);
2219 		break;
2220 	case B43_FWTYPE_OPENSOURCE:
2221 		snprintf(ctx->fwname, sizeof(ctx->fwname),
2222 			 "b43-open%s/%s.fw",
2223 			 modparam_fwpostfix, name);
2224 		break;
2225 	default:
2226 		B43_WARN_ON(1);
2227 		return -ENOSYS;
2228 	}
2229 	if (async) {
2230 		/* do this part asynchronously */
2231 		init_completion(&ctx->dev->fw_load_complete);
2232 		err = request_firmware_nowait(THIS_MODULE, 1, ctx->fwname,
2233 					      ctx->dev->dev->dev, GFP_KERNEL,
2234 					      ctx, b43_fw_cb);
2235 		if (err < 0) {
2236 			pr_err("Unable to load firmware\n");
2237 			return err;
2238 		}
2239 		wait_for_completion(&ctx->dev->fw_load_complete);
2240 		if (ctx->blob)
2241 			goto fw_ready;
2242 	/* On some ARM systems, the async request will fail, but the next sync
2243 	 * request works. For this reason, we fall through here
2244 	 */
2245 	}
2246 	err = request_firmware(&ctx->blob, ctx->fwname,
2247 			       ctx->dev->dev->dev);
2248 	if (err == -ENOENT) {
2249 		snprintf(ctx->errors[ctx->req_type],
2250 			 sizeof(ctx->errors[ctx->req_type]),
2251 			 "Firmware file \"%s\" not found\n",
2252 			 ctx->fwname);
2253 		return err;
2254 	} else if (err) {
2255 		snprintf(ctx->errors[ctx->req_type],
2256 			 sizeof(ctx->errors[ctx->req_type]),
2257 			 "Firmware file \"%s\" request failed (err=%d)\n",
2258 			 ctx->fwname, err);
2259 		return err;
2260 	}
2261 fw_ready:
2262 	if (ctx->blob->size < sizeof(struct b43_fw_header))
2263 		goto err_format;
2264 	hdr = (struct b43_fw_header *)(ctx->blob->data);
2265 	switch (hdr->type) {
2266 	case B43_FW_TYPE_UCODE:
2267 	case B43_FW_TYPE_PCM:
2268 		size = be32_to_cpu(hdr->size);
2269 		if (size != ctx->blob->size - sizeof(struct b43_fw_header))
2270 			goto err_format;
2271 		fallthrough;
2272 	case B43_FW_TYPE_IV:
2273 		if (hdr->ver != 1)
2274 			goto err_format;
2275 		break;
2276 	default:
2277 		goto err_format;
2278 	}
2279 
2280 	fw->data = ctx->blob;
2281 	fw->filename = name;
2282 	fw->type = ctx->req_type;
2283 
2284 	return 0;
2285 
2286 err_format:
2287 	snprintf(ctx->errors[ctx->req_type],
2288 		 sizeof(ctx->errors[ctx->req_type]),
2289 		 "Firmware file \"%s\" format error.\n", ctx->fwname);
2290 	release_firmware(ctx->blob);
2291 
2292 	return -EPROTO;
2293 }
2294 
2295 /* https://bcm-v4.sipsolutions.net/802.11/Init/Firmware */
2296 static int b43_try_request_fw(struct b43_request_fw_context *ctx)
2297 {
2298 	struct b43_wldev *dev = ctx->dev;
2299 	struct b43_firmware *fw = &ctx->dev->fw;
2300 	struct b43_phy *phy = &dev->phy;
2301 	const u8 rev = ctx->dev->dev->core_rev;
2302 	const char *filename;
2303 	int err;
2304 
2305 	/* Get microcode */
2306 	filename = NULL;
2307 	switch (rev) {
2308 	case 42:
2309 		if (phy->type == B43_PHYTYPE_AC)
2310 			filename = "ucode42";
2311 		break;
2312 	case 40:
2313 		if (phy->type == B43_PHYTYPE_AC)
2314 			filename = "ucode40";
2315 		break;
2316 	case 33:
2317 		if (phy->type == B43_PHYTYPE_LCN40)
2318 			filename = "ucode33_lcn40";
2319 		break;
2320 	case 30:
2321 		if (phy->type == B43_PHYTYPE_N)
2322 			filename = "ucode30_mimo";
2323 		break;
2324 	case 29:
2325 		if (phy->type == B43_PHYTYPE_HT)
2326 			filename = "ucode29_mimo";
2327 		break;
2328 	case 26:
2329 		if (phy->type == B43_PHYTYPE_HT)
2330 			filename = "ucode26_mimo";
2331 		break;
2332 	case 28:
2333 	case 25:
2334 		if (phy->type == B43_PHYTYPE_N)
2335 			filename = "ucode25_mimo";
2336 		else if (phy->type == B43_PHYTYPE_LCN)
2337 			filename = "ucode25_lcn";
2338 		break;
2339 	case 24:
2340 		if (phy->type == B43_PHYTYPE_LCN)
2341 			filename = "ucode24_lcn";
2342 		break;
2343 	case 23:
2344 		if (phy->type == B43_PHYTYPE_N)
2345 			filename = "ucode16_mimo";
2346 		break;
2347 	case 16 ... 19:
2348 		if (phy->type == B43_PHYTYPE_N)
2349 			filename = "ucode16_mimo";
2350 		else if (phy->type == B43_PHYTYPE_LP)
2351 			filename = "ucode16_lp";
2352 		break;
2353 	case 15:
2354 		filename = "ucode15";
2355 		break;
2356 	case 14:
2357 		filename = "ucode14";
2358 		break;
2359 	case 13:
2360 		filename = "ucode13";
2361 		break;
2362 	case 11 ... 12:
2363 		filename = "ucode11";
2364 		break;
2365 	case 5 ... 10:
2366 		filename = "ucode5";
2367 		break;
2368 	}
2369 	if (!filename)
2370 		goto err_no_ucode;
2371 	err = b43_do_request_fw(ctx, filename, &fw->ucode, true);
2372 	if (err)
2373 		goto err_load;
2374 
2375 	/* Get PCM code */
2376 	if ((rev >= 5) && (rev <= 10))
2377 		filename = "pcm5";
2378 	else if (rev >= 11)
2379 		filename = NULL;
2380 	else
2381 		goto err_no_pcm;
2382 	fw->pcm_request_failed = false;
2383 	err = b43_do_request_fw(ctx, filename, &fw->pcm, false);
2384 	if (err == -ENOENT) {
2385 		/* We did not find a PCM file? Not fatal, but
2386 		 * core rev <= 10 must do without hwcrypto then. */
2387 		fw->pcm_request_failed = true;
2388 	} else if (err)
2389 		goto err_load;
2390 
2391 	/* Get initvals */
2392 	filename = NULL;
2393 	switch (dev->phy.type) {
2394 	case B43_PHYTYPE_G:
2395 		if (rev == 13)
2396 			filename = "b0g0initvals13";
2397 		else if (rev >= 5 && rev <= 10)
2398 			filename = "b0g0initvals5";
2399 		break;
2400 	case B43_PHYTYPE_N:
2401 		if (rev == 30)
2402 			filename = "n16initvals30";
2403 		else if (rev == 28 || rev == 25)
2404 			filename = "n0initvals25";
2405 		else if (rev == 24)
2406 			filename = "n0initvals24";
2407 		else if (rev == 23)
2408 			filename = "n0initvals16"; /* What about n0initvals22? */
2409 		else if (rev >= 16 && rev <= 18)
2410 			filename = "n0initvals16";
2411 		else if (rev >= 11 && rev <= 12)
2412 			filename = "n0initvals11";
2413 		break;
2414 	case B43_PHYTYPE_LP:
2415 		if (rev >= 16 && rev <= 18)
2416 			filename = "lp0initvals16";
2417 		else if (rev == 15)
2418 			filename = "lp0initvals15";
2419 		else if (rev == 14)
2420 			filename = "lp0initvals14";
2421 		else if (rev == 13)
2422 			filename = "lp0initvals13";
2423 		break;
2424 	case B43_PHYTYPE_HT:
2425 		if (rev == 29)
2426 			filename = "ht0initvals29";
2427 		else if (rev == 26)
2428 			filename = "ht0initvals26";
2429 		break;
2430 	case B43_PHYTYPE_LCN:
2431 		if (rev == 24)
2432 			filename = "lcn0initvals24";
2433 		break;
2434 	case B43_PHYTYPE_LCN40:
2435 		if (rev == 33)
2436 			filename = "lcn400initvals33";
2437 		break;
2438 	case B43_PHYTYPE_AC:
2439 		if (rev == 42)
2440 			filename = "ac1initvals42";
2441 		else if (rev == 40)
2442 			filename = "ac0initvals40";
2443 		break;
2444 	}
2445 	if (!filename)
2446 		goto err_no_initvals;
2447 	err = b43_do_request_fw(ctx, filename, &fw->initvals, false);
2448 	if (err)
2449 		goto err_load;
2450 
2451 	/* Get bandswitch initvals */
2452 	filename = NULL;
2453 	switch (dev->phy.type) {
2454 	case B43_PHYTYPE_G:
2455 		if (rev == 13)
2456 			filename = "b0g0bsinitvals13";
2457 		else if (rev >= 5 && rev <= 10)
2458 			filename = "b0g0bsinitvals5";
2459 		break;
2460 	case B43_PHYTYPE_N:
2461 		if (rev == 30)
2462 			filename = "n16bsinitvals30";
2463 		else if (rev == 28 || rev == 25)
2464 			filename = "n0bsinitvals25";
2465 		else if (rev == 24)
2466 			filename = "n0bsinitvals24";
2467 		else if (rev == 23)
2468 			filename = "n0bsinitvals16"; /* What about n0bsinitvals22? */
2469 		else if (rev >= 16 && rev <= 18)
2470 			filename = "n0bsinitvals16";
2471 		else if (rev >= 11 && rev <= 12)
2472 			filename = "n0bsinitvals11";
2473 		break;
2474 	case B43_PHYTYPE_LP:
2475 		if (rev >= 16 && rev <= 18)
2476 			filename = "lp0bsinitvals16";
2477 		else if (rev == 15)
2478 			filename = "lp0bsinitvals15";
2479 		else if (rev == 14)
2480 			filename = "lp0bsinitvals14";
2481 		else if (rev == 13)
2482 			filename = "lp0bsinitvals13";
2483 		break;
2484 	case B43_PHYTYPE_HT:
2485 		if (rev == 29)
2486 			filename = "ht0bsinitvals29";
2487 		else if (rev == 26)
2488 			filename = "ht0bsinitvals26";
2489 		break;
2490 	case B43_PHYTYPE_LCN:
2491 		if (rev == 24)
2492 			filename = "lcn0bsinitvals24";
2493 		break;
2494 	case B43_PHYTYPE_LCN40:
2495 		if (rev == 33)
2496 			filename = "lcn400bsinitvals33";
2497 		break;
2498 	case B43_PHYTYPE_AC:
2499 		if (rev == 42)
2500 			filename = "ac1bsinitvals42";
2501 		else if (rev == 40)
2502 			filename = "ac0bsinitvals40";
2503 		break;
2504 	}
2505 	if (!filename)
2506 		goto err_no_initvals;
2507 	err = b43_do_request_fw(ctx, filename, &fw->initvals_band, false);
2508 	if (err)
2509 		goto err_load;
2510 
2511 	fw->opensource = (ctx->req_type == B43_FWTYPE_OPENSOURCE);
2512 
2513 	return 0;
2514 
2515 err_no_ucode:
2516 	err = ctx->fatal_failure = -EOPNOTSUPP;
2517 	b43err(dev->wl, "The driver does not know which firmware (ucode) "
2518 	       "is required for your device (wl-core rev %u)\n", rev);
2519 	goto error;
2520 
2521 err_no_pcm:
2522 	err = ctx->fatal_failure = -EOPNOTSUPP;
2523 	b43err(dev->wl, "The driver does not know which firmware (PCM) "
2524 	       "is required for your device (wl-core rev %u)\n", rev);
2525 	goto error;
2526 
2527 err_no_initvals:
2528 	err = ctx->fatal_failure = -EOPNOTSUPP;
2529 	b43err(dev->wl, "The driver does not know which firmware (initvals) "
2530 	       "is required for your device (wl-core rev %u)\n", rev);
2531 	goto error;
2532 
2533 err_load:
2534 	/* We failed to load this firmware image. The error message
2535 	 * already is in ctx->errors. Return and let our caller decide
2536 	 * what to do. */
2537 	goto error;
2538 
2539 error:
2540 	b43_release_firmware(dev);
2541 	return err;
2542 }
2543 
2544 static int b43_one_core_attach(struct b43_bus_dev *dev, struct b43_wl *wl);
2545 static void b43_one_core_detach(struct b43_bus_dev *dev);
2546 static int b43_rng_init(struct b43_wl *wl);
2547 
2548 static void b43_request_firmware(struct work_struct *work)
2549 {
2550 	struct b43_wl *wl = container_of(work,
2551 			    struct b43_wl, firmware_load);
2552 	struct b43_wldev *dev = wl->current_dev;
2553 	struct b43_request_fw_context *ctx;
2554 	unsigned int i;
2555 	int err;
2556 	const char *errmsg;
2557 
2558 	ctx = kzalloc(sizeof(*ctx), GFP_KERNEL);
2559 	if (!ctx)
2560 		return;
2561 	ctx->dev = dev;
2562 
2563 	ctx->req_type = B43_FWTYPE_PROPRIETARY;
2564 	err = b43_try_request_fw(ctx);
2565 	if (!err)
2566 		goto start_ieee80211; /* Successfully loaded it. */
2567 	/* Was fw version known? */
2568 	if (ctx->fatal_failure)
2569 		goto out;
2570 
2571 	/* proprietary fw not found, try open source */
2572 	ctx->req_type = B43_FWTYPE_OPENSOURCE;
2573 	err = b43_try_request_fw(ctx);
2574 	if (!err)
2575 		goto start_ieee80211; /* Successfully loaded it. */
2576 	if(ctx->fatal_failure)
2577 		goto out;
2578 
2579 	/* Could not find a usable firmware. Print the errors. */
2580 	for (i = 0; i < B43_NR_FWTYPES; i++) {
2581 		errmsg = ctx->errors[i];
2582 		if (strlen(errmsg))
2583 			b43err(dev->wl, "%s", errmsg);
2584 	}
2585 	b43_print_fw_helptext(dev->wl, 1);
2586 	goto out;
2587 
2588 start_ieee80211:
2589 	wl->hw->queues = B43_QOS_QUEUE_NUM;
2590 	if (!modparam_qos || dev->fw.opensource)
2591 		wl->hw->queues = 1;
2592 
2593 	err = ieee80211_register_hw(wl->hw);
2594 	if (err)
2595 		goto out;
2596 	wl->hw_registered = true;
2597 	b43_leds_register(wl->current_dev);
2598 
2599 	/* Register HW RNG driver */
2600 	b43_rng_init(wl);
2601 
2602 out:
2603 	kfree(ctx);
2604 }
2605 
2606 static int b43_upload_microcode(struct b43_wldev *dev)
2607 {
2608 	struct wiphy *wiphy = dev->wl->hw->wiphy;
2609 	const size_t hdr_len = sizeof(struct b43_fw_header);
2610 	const __be32 *data;
2611 	unsigned int i, len;
2612 	u16 fwrev, fwpatch, fwdate, fwtime;
2613 	u32 tmp, macctl;
2614 	int err = 0;
2615 
2616 	/* Jump the microcode PSM to offset 0 */
2617 	macctl = b43_read32(dev, B43_MMIO_MACCTL);
2618 	B43_WARN_ON(macctl & B43_MACCTL_PSM_RUN);
2619 	macctl |= B43_MACCTL_PSM_JMP0;
2620 	b43_write32(dev, B43_MMIO_MACCTL, macctl);
2621 	/* Zero out all microcode PSM registers and shared memory. */
2622 	for (i = 0; i < 64; i++)
2623 		b43_shm_write16(dev, B43_SHM_SCRATCH, i, 0);
2624 	for (i = 0; i < 4096; i += 2)
2625 		b43_shm_write16(dev, B43_SHM_SHARED, i, 0);
2626 
2627 	/* Upload Microcode. */
2628 	data = (__be32 *) (dev->fw.ucode.data->data + hdr_len);
2629 	len = (dev->fw.ucode.data->size - hdr_len) / sizeof(__be32);
2630 	b43_shm_control_word(dev, B43_SHM_UCODE | B43_SHM_AUTOINC_W, 0x0000);
2631 	for (i = 0; i < len; i++) {
2632 		b43_write32(dev, B43_MMIO_SHM_DATA, be32_to_cpu(data[i]));
2633 		udelay(10);
2634 	}
2635 
2636 	if (dev->fw.pcm.data) {
2637 		/* Upload PCM data. */
2638 		data = (__be32 *) (dev->fw.pcm.data->data + hdr_len);
2639 		len = (dev->fw.pcm.data->size - hdr_len) / sizeof(__be32);
2640 		b43_shm_control_word(dev, B43_SHM_HW, 0x01EA);
2641 		b43_write32(dev, B43_MMIO_SHM_DATA, 0x00004000);
2642 		/* No need for autoinc bit in SHM_HW */
2643 		b43_shm_control_word(dev, B43_SHM_HW, 0x01EB);
2644 		for (i = 0; i < len; i++) {
2645 			b43_write32(dev, B43_MMIO_SHM_DATA, be32_to_cpu(data[i]));
2646 			udelay(10);
2647 		}
2648 	}
2649 
2650 	b43_write32(dev, B43_MMIO_GEN_IRQ_REASON, B43_IRQ_ALL);
2651 
2652 	/* Start the microcode PSM */
2653 	b43_maskset32(dev, B43_MMIO_MACCTL, ~B43_MACCTL_PSM_JMP0,
2654 		      B43_MACCTL_PSM_RUN);
2655 
2656 	/* Wait for the microcode to load and respond */
2657 	i = 0;
2658 	while (1) {
2659 		tmp = b43_read32(dev, B43_MMIO_GEN_IRQ_REASON);
2660 		if (tmp == B43_IRQ_MAC_SUSPENDED)
2661 			break;
2662 		i++;
2663 		if (i >= 20) {
2664 			b43err(dev->wl, "Microcode not responding\n");
2665 			b43_print_fw_helptext(dev->wl, 1);
2666 			err = -ENODEV;
2667 			goto error;
2668 		}
2669 		msleep(50);
2670 	}
2671 	b43_read32(dev, B43_MMIO_GEN_IRQ_REASON);	/* dummy read */
2672 
2673 	/* Get and check the revisions. */
2674 	fwrev = b43_shm_read16(dev, B43_SHM_SHARED, B43_SHM_SH_UCODEREV);
2675 	fwpatch = b43_shm_read16(dev, B43_SHM_SHARED, B43_SHM_SH_UCODEPATCH);
2676 	fwdate = b43_shm_read16(dev, B43_SHM_SHARED, B43_SHM_SH_UCODEDATE);
2677 	fwtime = b43_shm_read16(dev, B43_SHM_SHARED, B43_SHM_SH_UCODETIME);
2678 
2679 	if (fwrev <= 0x128) {
2680 		b43err(dev->wl, "YOUR FIRMWARE IS TOO OLD. Firmware from "
2681 		       "binary drivers older than version 4.x is unsupported. "
2682 		       "You must upgrade your firmware files.\n");
2683 		b43_print_fw_helptext(dev->wl, 1);
2684 		err = -EOPNOTSUPP;
2685 		goto error;
2686 	}
2687 	dev->fw.rev = fwrev;
2688 	dev->fw.patch = fwpatch;
2689 	if (dev->fw.rev >= 598)
2690 		dev->fw.hdr_format = B43_FW_HDR_598;
2691 	else if (dev->fw.rev >= 410)
2692 		dev->fw.hdr_format = B43_FW_HDR_410;
2693 	else
2694 		dev->fw.hdr_format = B43_FW_HDR_351;
2695 	WARN_ON(dev->fw.opensource != (fwdate == 0xFFFF));
2696 
2697 	dev->qos_enabled = dev->wl->hw->queues > 1;
2698 	/* Default to firmware/hardware crypto acceleration. */
2699 	dev->hwcrypto_enabled = true;
2700 
2701 	if (dev->fw.opensource) {
2702 		u16 fwcapa;
2703 
2704 		/* Patchlevel info is encoded in the "time" field. */
2705 		dev->fw.patch = fwtime;
2706 		b43info(dev->wl, "Loading OpenSource firmware version %u.%u\n",
2707 			dev->fw.rev, dev->fw.patch);
2708 
2709 		fwcapa = b43_fwcapa_read(dev);
2710 		if (!(fwcapa & B43_FWCAPA_HWCRYPTO) || dev->fw.pcm_request_failed) {
2711 			b43info(dev->wl, "Hardware crypto acceleration not supported by firmware\n");
2712 			/* Disable hardware crypto and fall back to software crypto. */
2713 			dev->hwcrypto_enabled = false;
2714 		}
2715 		/* adding QoS support should use an offline discovery mechanism */
2716 		WARN(fwcapa & B43_FWCAPA_QOS, "QoS in OpenFW not supported\n");
2717 	} else {
2718 		b43info(dev->wl, "Loading firmware version %u.%u "
2719 			"(20%.2i-%.2i-%.2i %.2i:%.2i:%.2i)\n",
2720 			fwrev, fwpatch,
2721 			(fwdate >> 12) & 0xF, (fwdate >> 8) & 0xF, fwdate & 0xFF,
2722 			(fwtime >> 11) & 0x1F, (fwtime >> 5) & 0x3F, fwtime & 0x1F);
2723 		if (dev->fw.pcm_request_failed) {
2724 			b43warn(dev->wl, "No \"pcm5.fw\" firmware file found. "
2725 				"Hardware accelerated cryptography is disabled.\n");
2726 			b43_print_fw_helptext(dev->wl, 0);
2727 		}
2728 	}
2729 
2730 	snprintf(wiphy->fw_version, sizeof(wiphy->fw_version), "%u.%u",
2731 			dev->fw.rev, dev->fw.patch);
2732 	wiphy->hw_version = dev->dev->core_id;
2733 
2734 	if (dev->fw.hdr_format == B43_FW_HDR_351) {
2735 		/* We're over the deadline, but we keep support for old fw
2736 		 * until it turns out to be in major conflict with something new. */
2737 		b43warn(dev->wl, "You are using an old firmware image. "
2738 			"Support for old firmware will be removed soon "
2739 			"(official deadline was July 2008).\n");
2740 		b43_print_fw_helptext(dev->wl, 0);
2741 	}
2742 
2743 	return 0;
2744 
2745 error:
2746 	/* Stop the microcode PSM. */
2747 	b43_maskset32(dev, B43_MMIO_MACCTL, ~B43_MACCTL_PSM_RUN,
2748 		      B43_MACCTL_PSM_JMP0);
2749 
2750 	return err;
2751 }
2752 
2753 static int b43_write_initvals(struct b43_wldev *dev,
2754 			      const struct b43_iv *ivals,
2755 			      size_t count,
2756 			      size_t array_size)
2757 {
2758 	const struct b43_iv *iv;
2759 	u16 offset;
2760 	size_t i;
2761 	bool bit32;
2762 
2763 	BUILD_BUG_ON(sizeof(struct b43_iv) != 6);
2764 	iv = ivals;
2765 	for (i = 0; i < count; i++) {
2766 		if (array_size < sizeof(iv->offset_size))
2767 			goto err_format;
2768 		array_size -= sizeof(iv->offset_size);
2769 		offset = be16_to_cpu(iv->offset_size);
2770 		bit32 = !!(offset & B43_IV_32BIT);
2771 		offset &= B43_IV_OFFSET_MASK;
2772 		if (offset >= 0x1000)
2773 			goto err_format;
2774 		if (bit32) {
2775 			u32 value;
2776 
2777 			if (array_size < sizeof(iv->data.d32))
2778 				goto err_format;
2779 			array_size -= sizeof(iv->data.d32);
2780 
2781 			value = get_unaligned_be32(&iv->data.d32);
2782 			b43_write32(dev, offset, value);
2783 
2784 			iv = (const struct b43_iv *)((const uint8_t *)iv +
2785 							sizeof(__be16) +
2786 							sizeof(__be32));
2787 		} else {
2788 			u16 value;
2789 
2790 			if (array_size < sizeof(iv->data.d16))
2791 				goto err_format;
2792 			array_size -= sizeof(iv->data.d16);
2793 
2794 			value = be16_to_cpu(iv->data.d16);
2795 			b43_write16(dev, offset, value);
2796 
2797 			iv = (const struct b43_iv *)((const uint8_t *)iv +
2798 							sizeof(__be16) +
2799 							sizeof(__be16));
2800 		}
2801 	}
2802 	if (array_size)
2803 		goto err_format;
2804 
2805 	return 0;
2806 
2807 err_format:
2808 	b43err(dev->wl, "Initial Values Firmware file-format error.\n");
2809 	b43_print_fw_helptext(dev->wl, 1);
2810 
2811 	return -EPROTO;
2812 }
2813 
2814 static int b43_upload_initvals(struct b43_wldev *dev)
2815 {
2816 	const size_t hdr_len = sizeof(struct b43_fw_header);
2817 	const struct b43_fw_header *hdr;
2818 	struct b43_firmware *fw = &dev->fw;
2819 	const struct b43_iv *ivals;
2820 	size_t count;
2821 
2822 	hdr = (const struct b43_fw_header *)(fw->initvals.data->data);
2823 	ivals = (const struct b43_iv *)(fw->initvals.data->data + hdr_len);
2824 	count = be32_to_cpu(hdr->size);
2825 	return b43_write_initvals(dev, ivals, count,
2826 				 fw->initvals.data->size - hdr_len);
2827 }
2828 
2829 static int b43_upload_initvals_band(struct b43_wldev *dev)
2830 {
2831 	const size_t hdr_len = sizeof(struct b43_fw_header);
2832 	const struct b43_fw_header *hdr;
2833 	struct b43_firmware *fw = &dev->fw;
2834 	const struct b43_iv *ivals;
2835 	size_t count;
2836 
2837 	if (!fw->initvals_band.data)
2838 		return 0;
2839 
2840 	hdr = (const struct b43_fw_header *)(fw->initvals_band.data->data);
2841 	ivals = (const struct b43_iv *)(fw->initvals_band.data->data + hdr_len);
2842 	count = be32_to_cpu(hdr->size);
2843 	return b43_write_initvals(dev, ivals, count,
2844 				  fw->initvals_band.data->size - hdr_len);
2845 }
2846 
2847 /* Initialize the GPIOs
2848  * https://bcm-specs.sipsolutions.net/GPIO
2849  */
2850 
2851 #ifdef CONFIG_B43_SSB
2852 static struct ssb_device *b43_ssb_gpio_dev(struct b43_wldev *dev)
2853 {
2854 	struct ssb_bus *bus = dev->dev->sdev->bus;
2855 
2856 #ifdef CONFIG_SSB_DRIVER_PCICORE
2857 	return (bus->chipco.dev ? bus->chipco.dev : bus->pcicore.dev);
2858 #else
2859 	return bus->chipco.dev;
2860 #endif
2861 }
2862 #endif
2863 
2864 static int b43_gpio_init(struct b43_wldev *dev)
2865 {
2866 #ifdef CONFIG_B43_SSB
2867 	struct ssb_device *gpiodev;
2868 #endif
2869 	u32 mask, set;
2870 
2871 	b43_maskset32(dev, B43_MMIO_MACCTL, ~B43_MACCTL_GPOUTSMSK, 0);
2872 	b43_maskset16(dev, B43_MMIO_GPIO_MASK, ~0, 0xF);
2873 
2874 	mask = 0x0000001F;
2875 	set = 0x0000000F;
2876 	if (dev->dev->chip_id == 0x4301) {
2877 		mask |= 0x0060;
2878 		set |= 0x0060;
2879 	} else if (dev->dev->chip_id == 0x5354) {
2880 		/* Don't allow overtaking buttons GPIOs */
2881 		set &= 0x2; /* 0x2 is LED GPIO on BCM5354 */
2882 	}
2883 
2884 	if (0 /* FIXME: conditional unknown */ ) {
2885 		b43_write16(dev, B43_MMIO_GPIO_MASK,
2886 			    b43_read16(dev, B43_MMIO_GPIO_MASK)
2887 			    | 0x0100);
2888 		/* BT Coexistance Input */
2889 		mask |= 0x0080;
2890 		set |= 0x0080;
2891 		/* BT Coexistance Out */
2892 		mask |= 0x0100;
2893 		set |= 0x0100;
2894 	}
2895 	if (dev->dev->bus_sprom->boardflags_lo & B43_BFL_PACTRL) {
2896 		/* PA is controlled by gpio 9, let ucode handle it */
2897 		b43_write16(dev, B43_MMIO_GPIO_MASK,
2898 			    b43_read16(dev, B43_MMIO_GPIO_MASK)
2899 			    | 0x0200);
2900 		mask |= 0x0200;
2901 		set |= 0x0200;
2902 	}
2903 
2904 	switch (dev->dev->bus_type) {
2905 #ifdef CONFIG_B43_BCMA
2906 	case B43_BUS_BCMA:
2907 		bcma_chipco_gpio_control(&dev->dev->bdev->bus->drv_cc, mask, set);
2908 		break;
2909 #endif
2910 #ifdef CONFIG_B43_SSB
2911 	case B43_BUS_SSB:
2912 		gpiodev = b43_ssb_gpio_dev(dev);
2913 		if (gpiodev)
2914 			ssb_write32(gpiodev, B43_GPIO_CONTROL,
2915 				    (ssb_read32(gpiodev, B43_GPIO_CONTROL)
2916 				    & ~mask) | set);
2917 		break;
2918 #endif
2919 	}
2920 
2921 	return 0;
2922 }
2923 
2924 /* Turn off all GPIO stuff. Call this on module unload, for example. */
2925 static void b43_gpio_cleanup(struct b43_wldev *dev)
2926 {
2927 #ifdef CONFIG_B43_SSB
2928 	struct ssb_device *gpiodev;
2929 #endif
2930 
2931 	switch (dev->dev->bus_type) {
2932 #ifdef CONFIG_B43_BCMA
2933 	case B43_BUS_BCMA:
2934 		bcma_chipco_gpio_control(&dev->dev->bdev->bus->drv_cc, ~0, 0);
2935 		break;
2936 #endif
2937 #ifdef CONFIG_B43_SSB
2938 	case B43_BUS_SSB:
2939 		gpiodev = b43_ssb_gpio_dev(dev);
2940 		if (gpiodev)
2941 			ssb_write32(gpiodev, B43_GPIO_CONTROL, 0);
2942 		break;
2943 #endif
2944 	}
2945 }
2946 
2947 /* http://bcm-specs.sipsolutions.net/EnableMac */
2948 void b43_mac_enable(struct b43_wldev *dev)
2949 {
2950 	if (b43_debug(dev, B43_DBG_FIRMWARE)) {
2951 		u16 fwstate;
2952 
2953 		fwstate = b43_shm_read16(dev, B43_SHM_SHARED,
2954 					 B43_SHM_SH_UCODESTAT);
2955 		if ((fwstate != B43_SHM_SH_UCODESTAT_SUSP) &&
2956 		    (fwstate != B43_SHM_SH_UCODESTAT_SLEEP)) {
2957 			b43err(dev->wl, "b43_mac_enable(): The firmware "
2958 			       "should be suspended, but current state is %u\n",
2959 			       fwstate);
2960 		}
2961 	}
2962 
2963 	dev->mac_suspended--;
2964 	B43_WARN_ON(dev->mac_suspended < 0);
2965 	if (dev->mac_suspended == 0) {
2966 		b43_maskset32(dev, B43_MMIO_MACCTL, ~0, B43_MACCTL_ENABLED);
2967 		b43_write32(dev, B43_MMIO_GEN_IRQ_REASON,
2968 			    B43_IRQ_MAC_SUSPENDED);
2969 		/* Commit writes */
2970 		b43_read32(dev, B43_MMIO_MACCTL);
2971 		b43_read32(dev, B43_MMIO_GEN_IRQ_REASON);
2972 		b43_power_saving_ctl_bits(dev, 0);
2973 	}
2974 }
2975 
2976 /* https://bcm-specs.sipsolutions.net/SuspendMAC */
2977 void b43_mac_suspend(struct b43_wldev *dev)
2978 {
2979 	int i;
2980 	u32 tmp;
2981 
2982 	might_sleep();
2983 	B43_WARN_ON(dev->mac_suspended < 0);
2984 
2985 	if (dev->mac_suspended == 0) {
2986 		b43_power_saving_ctl_bits(dev, B43_PS_AWAKE);
2987 		b43_maskset32(dev, B43_MMIO_MACCTL, ~B43_MACCTL_ENABLED, 0);
2988 		/* force pci to flush the write */
2989 		b43_read32(dev, B43_MMIO_MACCTL);
2990 		for (i = 35; i; i--) {
2991 			tmp = b43_read32(dev, B43_MMIO_GEN_IRQ_REASON);
2992 			if (tmp & B43_IRQ_MAC_SUSPENDED)
2993 				goto out;
2994 			udelay(10);
2995 		}
2996 		/* Hm, it seems this will take some time. Use msleep(). */
2997 		for (i = 40; i; i--) {
2998 			tmp = b43_read32(dev, B43_MMIO_GEN_IRQ_REASON);
2999 			if (tmp & B43_IRQ_MAC_SUSPENDED)
3000 				goto out;
3001 			msleep(1);
3002 		}
3003 		b43err(dev->wl, "MAC suspend failed\n");
3004 	}
3005 out:
3006 	dev->mac_suspended++;
3007 }
3008 
3009 /* https://bcm-v4.sipsolutions.net/802.11/PHY/N/MacPhyClkSet */
3010 void b43_mac_phy_clock_set(struct b43_wldev *dev, bool on)
3011 {
3012 	u32 tmp;
3013 
3014 	switch (dev->dev->bus_type) {
3015 #ifdef CONFIG_B43_BCMA
3016 	case B43_BUS_BCMA:
3017 		tmp = bcma_aread32(dev->dev->bdev, BCMA_IOCTL);
3018 		if (on)
3019 			tmp |= B43_BCMA_IOCTL_MACPHYCLKEN;
3020 		else
3021 			tmp &= ~B43_BCMA_IOCTL_MACPHYCLKEN;
3022 		bcma_awrite32(dev->dev->bdev, BCMA_IOCTL, tmp);
3023 		break;
3024 #endif
3025 #ifdef CONFIG_B43_SSB
3026 	case B43_BUS_SSB:
3027 		tmp = ssb_read32(dev->dev->sdev, SSB_TMSLOW);
3028 		if (on)
3029 			tmp |= B43_TMSLOW_MACPHYCLKEN;
3030 		else
3031 			tmp &= ~B43_TMSLOW_MACPHYCLKEN;
3032 		ssb_write32(dev->dev->sdev, SSB_TMSLOW, tmp);
3033 		break;
3034 #endif
3035 	}
3036 }
3037 
3038 /* brcms_b_switch_macfreq */
3039 void b43_mac_switch_freq(struct b43_wldev *dev, u8 spurmode)
3040 {
3041 	u16 chip_id = dev->dev->chip_id;
3042 
3043 	if (chip_id == BCMA_CHIP_ID_BCM4331) {
3044 		switch (spurmode) {
3045 		case 2: /* 168 Mhz: 2^26/168 = 0x61862 */
3046 			b43_write16(dev, B43_MMIO_TSF_CLK_FRAC_LOW, 0x1862);
3047 			b43_write16(dev, B43_MMIO_TSF_CLK_FRAC_HIGH, 0x6);
3048 			break;
3049 		case 1: /* 164 Mhz: 2^26/164 = 0x63e70 */
3050 			b43_write16(dev, B43_MMIO_TSF_CLK_FRAC_LOW, 0x3e70);
3051 			b43_write16(dev, B43_MMIO_TSF_CLK_FRAC_HIGH, 0x6);
3052 			break;
3053 		default: /* 160 Mhz: 2^26/160 = 0x66666 */
3054 			b43_write16(dev, B43_MMIO_TSF_CLK_FRAC_LOW, 0x6666);
3055 			b43_write16(dev, B43_MMIO_TSF_CLK_FRAC_HIGH, 0x6);
3056 			break;
3057 		}
3058 	} else if (chip_id == BCMA_CHIP_ID_BCM43131 ||
3059 	    chip_id == BCMA_CHIP_ID_BCM43217 ||
3060 	    chip_id == BCMA_CHIP_ID_BCM43222 ||
3061 	    chip_id == BCMA_CHIP_ID_BCM43224 ||
3062 	    chip_id == BCMA_CHIP_ID_BCM43225 ||
3063 	    chip_id == BCMA_CHIP_ID_BCM43227 ||
3064 	    chip_id == BCMA_CHIP_ID_BCM43228) {
3065 		switch (spurmode) {
3066 		case 2: /* 126 Mhz */
3067 			b43_write16(dev, B43_MMIO_TSF_CLK_FRAC_LOW, 0x2082);
3068 			b43_write16(dev, B43_MMIO_TSF_CLK_FRAC_HIGH, 0x8);
3069 			break;
3070 		case 1: /* 123 Mhz */
3071 			b43_write16(dev, B43_MMIO_TSF_CLK_FRAC_LOW, 0x5341);
3072 			b43_write16(dev, B43_MMIO_TSF_CLK_FRAC_HIGH, 0x8);
3073 			break;
3074 		default: /* 120 Mhz */
3075 			b43_write16(dev, B43_MMIO_TSF_CLK_FRAC_LOW, 0x8889);
3076 			b43_write16(dev, B43_MMIO_TSF_CLK_FRAC_HIGH, 0x8);
3077 			break;
3078 		}
3079 	} else if (dev->phy.type == B43_PHYTYPE_LCN) {
3080 		switch (spurmode) {
3081 		case 1: /* 82 Mhz */
3082 			b43_write16(dev, B43_MMIO_TSF_CLK_FRAC_LOW, 0x7CE0);
3083 			b43_write16(dev, B43_MMIO_TSF_CLK_FRAC_HIGH, 0xC);
3084 			break;
3085 		default: /* 80 Mhz */
3086 			b43_write16(dev, B43_MMIO_TSF_CLK_FRAC_LOW, 0xCCCD);
3087 			b43_write16(dev, B43_MMIO_TSF_CLK_FRAC_HIGH, 0xC);
3088 			break;
3089 		}
3090 	}
3091 }
3092 
3093 static void b43_adjust_opmode(struct b43_wldev *dev)
3094 {
3095 	struct b43_wl *wl = dev->wl;
3096 	u32 ctl;
3097 	u16 cfp_pretbtt;
3098 
3099 	ctl = b43_read32(dev, B43_MMIO_MACCTL);
3100 	/* Reset status to STA infrastructure mode. */
3101 	ctl &= ~B43_MACCTL_AP;
3102 	ctl &= ~B43_MACCTL_KEEP_CTL;
3103 	ctl &= ~B43_MACCTL_KEEP_BADPLCP;
3104 	ctl &= ~B43_MACCTL_KEEP_BAD;
3105 	ctl &= ~B43_MACCTL_PROMISC;
3106 	ctl &= ~B43_MACCTL_BEACPROMISC;
3107 	ctl |= B43_MACCTL_INFRA;
3108 
3109 	if (b43_is_mode(wl, NL80211_IFTYPE_AP) ||
3110 	    b43_is_mode(wl, NL80211_IFTYPE_MESH_POINT))
3111 		ctl |= B43_MACCTL_AP;
3112 	else if (b43_is_mode(wl, NL80211_IFTYPE_ADHOC))
3113 		ctl &= ~B43_MACCTL_INFRA;
3114 
3115 	if (wl->filter_flags & FIF_CONTROL)
3116 		ctl |= B43_MACCTL_KEEP_CTL;
3117 	if (wl->filter_flags & FIF_FCSFAIL)
3118 		ctl |= B43_MACCTL_KEEP_BAD;
3119 	if (wl->filter_flags & FIF_PLCPFAIL)
3120 		ctl |= B43_MACCTL_KEEP_BADPLCP;
3121 	if (wl->filter_flags & FIF_BCN_PRBRESP_PROMISC)
3122 		ctl |= B43_MACCTL_BEACPROMISC;
3123 
3124 	/* Workaround: On old hardware the HW-MAC-address-filter
3125 	 * doesn't work properly, so always run promisc in filter
3126 	 * it in software. */
3127 	if (dev->dev->core_rev <= 4)
3128 		ctl |= B43_MACCTL_PROMISC;
3129 
3130 	b43_write32(dev, B43_MMIO_MACCTL, ctl);
3131 
3132 	cfp_pretbtt = 2;
3133 	if ((ctl & B43_MACCTL_INFRA) && !(ctl & B43_MACCTL_AP)) {
3134 		if (dev->dev->chip_id == 0x4306 &&
3135 		    dev->dev->chip_rev == 3)
3136 			cfp_pretbtt = 100;
3137 		else
3138 			cfp_pretbtt = 50;
3139 	}
3140 	b43_write16(dev, 0x612, cfp_pretbtt);
3141 
3142 	/* FIXME: We don't currently implement the PMQ mechanism,
3143 	 *        so always disable it. If we want to implement PMQ,
3144 	 *        we need to enable it here (clear DISCPMQ) in AP mode.
3145 	 */
3146 	if (0  /* ctl & B43_MACCTL_AP */)
3147 		b43_maskset32(dev, B43_MMIO_MACCTL, ~B43_MACCTL_DISCPMQ, 0);
3148 	else
3149 		b43_maskset32(dev, B43_MMIO_MACCTL, ~0, B43_MACCTL_DISCPMQ);
3150 }
3151 
3152 static void b43_rate_memory_write(struct b43_wldev *dev, u16 rate, int is_ofdm)
3153 {
3154 	u16 offset;
3155 
3156 	if (is_ofdm) {
3157 		offset = 0x480;
3158 		offset += (b43_plcp_get_ratecode_ofdm(rate) & 0x000F) * 2;
3159 	} else {
3160 		offset = 0x4C0;
3161 		offset += (b43_plcp_get_ratecode_cck(rate) & 0x000F) * 2;
3162 	}
3163 	b43_shm_write16(dev, B43_SHM_SHARED, offset + 0x20,
3164 			b43_shm_read16(dev, B43_SHM_SHARED, offset));
3165 }
3166 
3167 static void b43_rate_memory_init(struct b43_wldev *dev)
3168 {
3169 	switch (dev->phy.type) {
3170 	case B43_PHYTYPE_G:
3171 	case B43_PHYTYPE_N:
3172 	case B43_PHYTYPE_LP:
3173 	case B43_PHYTYPE_HT:
3174 	case B43_PHYTYPE_LCN:
3175 		b43_rate_memory_write(dev, B43_OFDM_RATE_6MB, 1);
3176 		b43_rate_memory_write(dev, B43_OFDM_RATE_9MB, 1);
3177 		b43_rate_memory_write(dev, B43_OFDM_RATE_12MB, 1);
3178 		b43_rate_memory_write(dev, B43_OFDM_RATE_18MB, 1);
3179 		b43_rate_memory_write(dev, B43_OFDM_RATE_24MB, 1);
3180 		b43_rate_memory_write(dev, B43_OFDM_RATE_36MB, 1);
3181 		b43_rate_memory_write(dev, B43_OFDM_RATE_48MB, 1);
3182 		b43_rate_memory_write(dev, B43_OFDM_RATE_54MB, 1);
3183 		fallthrough;
3184 	case B43_PHYTYPE_B:
3185 		b43_rate_memory_write(dev, B43_CCK_RATE_1MB, 0);
3186 		b43_rate_memory_write(dev, B43_CCK_RATE_2MB, 0);
3187 		b43_rate_memory_write(dev, B43_CCK_RATE_5MB, 0);
3188 		b43_rate_memory_write(dev, B43_CCK_RATE_11MB, 0);
3189 		break;
3190 	default:
3191 		B43_WARN_ON(1);
3192 	}
3193 }
3194 
3195 /* Set the default values for the PHY TX Control Words. */
3196 static void b43_set_phytxctl_defaults(struct b43_wldev *dev)
3197 {
3198 	u16 ctl = 0;
3199 
3200 	ctl |= B43_TXH_PHY_ENC_CCK;
3201 	ctl |= B43_TXH_PHY_ANT01AUTO;
3202 	ctl |= B43_TXH_PHY_TXPWR;
3203 
3204 	b43_shm_write16(dev, B43_SHM_SHARED, B43_SHM_SH_BEACPHYCTL, ctl);
3205 	b43_shm_write16(dev, B43_SHM_SHARED, B43_SHM_SH_ACKCTSPHYCTL, ctl);
3206 	b43_shm_write16(dev, B43_SHM_SHARED, B43_SHM_SH_PRPHYCTL, ctl);
3207 }
3208 
3209 /* Set the TX-Antenna for management frames sent by firmware. */
3210 static void b43_mgmtframe_txantenna(struct b43_wldev *dev, int antenna)
3211 {
3212 	u16 ant;
3213 	u16 tmp;
3214 
3215 	ant = b43_antenna_to_phyctl(antenna);
3216 
3217 	/* For ACK/CTS */
3218 	tmp = b43_shm_read16(dev, B43_SHM_SHARED, B43_SHM_SH_ACKCTSPHYCTL);
3219 	tmp = (tmp & ~B43_TXH_PHY_ANT) | ant;
3220 	b43_shm_write16(dev, B43_SHM_SHARED, B43_SHM_SH_ACKCTSPHYCTL, tmp);
3221 	/* For Probe Resposes */
3222 	tmp = b43_shm_read16(dev, B43_SHM_SHARED, B43_SHM_SH_PRPHYCTL);
3223 	tmp = (tmp & ~B43_TXH_PHY_ANT) | ant;
3224 	b43_shm_write16(dev, B43_SHM_SHARED, B43_SHM_SH_PRPHYCTL, tmp);
3225 }
3226 
3227 /* This is the opposite of b43_chip_init() */
3228 static void b43_chip_exit(struct b43_wldev *dev)
3229 {
3230 	b43_phy_exit(dev);
3231 	b43_gpio_cleanup(dev);
3232 	/* firmware is released later */
3233 }
3234 
3235 /* Initialize the chip
3236  * https://bcm-specs.sipsolutions.net/ChipInit
3237  */
3238 static int b43_chip_init(struct b43_wldev *dev)
3239 {
3240 	struct b43_phy *phy = &dev->phy;
3241 	int err;
3242 	u32 macctl;
3243 	u16 value16;
3244 
3245 	/* Initialize the MAC control */
3246 	macctl = B43_MACCTL_IHR_ENABLED | B43_MACCTL_SHM_ENABLED;
3247 	if (dev->phy.gmode)
3248 		macctl |= B43_MACCTL_GMODE;
3249 	macctl |= B43_MACCTL_INFRA;
3250 	b43_write32(dev, B43_MMIO_MACCTL, macctl);
3251 
3252 	err = b43_upload_microcode(dev);
3253 	if (err)
3254 		goto out;	/* firmware is released later */
3255 
3256 	err = b43_gpio_init(dev);
3257 	if (err)
3258 		goto out;	/* firmware is released later */
3259 
3260 	err = b43_upload_initvals(dev);
3261 	if (err)
3262 		goto err_gpio_clean;
3263 
3264 	err = b43_upload_initvals_band(dev);
3265 	if (err)
3266 		goto err_gpio_clean;
3267 
3268 	/* Turn the Analog on and initialize the PHY. */
3269 	phy->ops->switch_analog(dev, 1);
3270 	err = b43_phy_init(dev);
3271 	if (err)
3272 		goto err_gpio_clean;
3273 
3274 	/* Disable Interference Mitigation. */
3275 	if (phy->ops->interf_mitigation)
3276 		phy->ops->interf_mitigation(dev, B43_INTERFMODE_NONE);
3277 
3278 	/* Select the antennae */
3279 	if (phy->ops->set_rx_antenna)
3280 		phy->ops->set_rx_antenna(dev, B43_ANTENNA_DEFAULT);
3281 	b43_mgmtframe_txantenna(dev, B43_ANTENNA_DEFAULT);
3282 
3283 	if (phy->type == B43_PHYTYPE_B) {
3284 		value16 = b43_read16(dev, 0x005E);
3285 		value16 |= 0x0004;
3286 		b43_write16(dev, 0x005E, value16);
3287 	}
3288 	b43_write32(dev, 0x0100, 0x01000000);
3289 	if (dev->dev->core_rev < 5)
3290 		b43_write32(dev, 0x010C, 0x01000000);
3291 
3292 	b43_maskset32(dev, B43_MMIO_MACCTL, ~B43_MACCTL_INFRA, 0);
3293 	b43_maskset32(dev, B43_MMIO_MACCTL, ~0, B43_MACCTL_INFRA);
3294 
3295 	/* Probe Response Timeout value */
3296 	/* FIXME: Default to 0, has to be set by ioctl probably... :-/ */
3297 	b43_shm_write16(dev, B43_SHM_SHARED, B43_SHM_SH_PRMAXTIME, 0);
3298 
3299 	/* Initially set the wireless operation mode. */
3300 	b43_adjust_opmode(dev);
3301 
3302 	if (dev->dev->core_rev < 3) {
3303 		b43_write16(dev, 0x060E, 0x0000);
3304 		b43_write16(dev, 0x0610, 0x8000);
3305 		b43_write16(dev, 0x0604, 0x0000);
3306 		b43_write16(dev, 0x0606, 0x0200);
3307 	} else {
3308 		b43_write32(dev, 0x0188, 0x80000000);
3309 		b43_write32(dev, 0x018C, 0x02000000);
3310 	}
3311 	b43_write32(dev, B43_MMIO_GEN_IRQ_REASON, 0x00004000);
3312 	b43_write32(dev, B43_MMIO_DMA0_IRQ_MASK, 0x0001FC00);
3313 	b43_write32(dev, B43_MMIO_DMA1_IRQ_MASK, 0x0000DC00);
3314 	b43_write32(dev, B43_MMIO_DMA2_IRQ_MASK, 0x0000DC00);
3315 	b43_write32(dev, B43_MMIO_DMA3_IRQ_MASK, 0x0001DC00);
3316 	b43_write32(dev, B43_MMIO_DMA4_IRQ_MASK, 0x0000DC00);
3317 	b43_write32(dev, B43_MMIO_DMA5_IRQ_MASK, 0x0000DC00);
3318 
3319 	b43_mac_phy_clock_set(dev, true);
3320 
3321 	switch (dev->dev->bus_type) {
3322 #ifdef CONFIG_B43_BCMA
3323 	case B43_BUS_BCMA:
3324 		/* FIXME: 0xE74 is quite common, but should be read from CC */
3325 		b43_write16(dev, B43_MMIO_POWERUP_DELAY, 0xE74);
3326 		break;
3327 #endif
3328 #ifdef CONFIG_B43_SSB
3329 	case B43_BUS_SSB:
3330 		b43_write16(dev, B43_MMIO_POWERUP_DELAY,
3331 			    dev->dev->sdev->bus->chipco.fast_pwrup_delay);
3332 		break;
3333 #endif
3334 	}
3335 
3336 	err = 0;
3337 	b43dbg(dev->wl, "Chip initialized\n");
3338 out:
3339 	return err;
3340 
3341 err_gpio_clean:
3342 	b43_gpio_cleanup(dev);
3343 	return err;
3344 }
3345 
3346 static void b43_periodic_every60sec(struct b43_wldev *dev)
3347 {
3348 	const struct b43_phy_operations *ops = dev->phy.ops;
3349 
3350 	if (ops->pwork_60sec)
3351 		ops->pwork_60sec(dev);
3352 
3353 	/* Force check the TX power emission now. */
3354 	b43_phy_txpower_check(dev, B43_TXPWR_IGNORE_TIME);
3355 }
3356 
3357 static void b43_periodic_every30sec(struct b43_wldev *dev)
3358 {
3359 	/* Update device statistics. */
3360 	b43_calculate_link_quality(dev);
3361 }
3362 
3363 static void b43_periodic_every15sec(struct b43_wldev *dev)
3364 {
3365 	struct b43_phy *phy = &dev->phy;
3366 	u16 wdr;
3367 
3368 	if (dev->fw.opensource) {
3369 		/* Check if the firmware is still alive.
3370 		 * It will reset the watchdog counter to 0 in its idle loop. */
3371 		wdr = b43_shm_read16(dev, B43_SHM_SCRATCH, B43_WATCHDOG_REG);
3372 		if (unlikely(wdr)) {
3373 			b43err(dev->wl, "Firmware watchdog: The firmware died!\n");
3374 			b43_controller_restart(dev, "Firmware watchdog");
3375 			return;
3376 		} else {
3377 			b43_shm_write16(dev, B43_SHM_SCRATCH,
3378 					B43_WATCHDOG_REG, 1);
3379 		}
3380 	}
3381 
3382 	if (phy->ops->pwork_15sec)
3383 		phy->ops->pwork_15sec(dev);
3384 
3385 	atomic_set(&phy->txerr_cnt, B43_PHY_TX_BADNESS_LIMIT);
3386 	wmb();
3387 
3388 #if B43_DEBUG
3389 	if (b43_debug(dev, B43_DBG_VERBOSESTATS)) {
3390 		unsigned int i;
3391 
3392 		b43dbg(dev->wl, "Stats: %7u IRQs/sec, %7u TX/sec, %7u RX/sec\n",
3393 		       dev->irq_count / 15,
3394 		       dev->tx_count / 15,
3395 		       dev->rx_count / 15);
3396 		dev->irq_count = 0;
3397 		dev->tx_count = 0;
3398 		dev->rx_count = 0;
3399 		for (i = 0; i < ARRAY_SIZE(dev->irq_bit_count); i++) {
3400 			if (dev->irq_bit_count[i]) {
3401 				b43dbg(dev->wl, "Stats: %7u IRQ-%02u/sec (0x%08X)\n",
3402 				       dev->irq_bit_count[i] / 15, i, (1 << i));
3403 				dev->irq_bit_count[i] = 0;
3404 			}
3405 		}
3406 	}
3407 #endif
3408 }
3409 
3410 static void do_periodic_work(struct b43_wldev *dev)
3411 {
3412 	unsigned int state;
3413 
3414 	state = dev->periodic_state;
3415 	if (state % 4 == 0)
3416 		b43_periodic_every60sec(dev);
3417 	if (state % 2 == 0)
3418 		b43_periodic_every30sec(dev);
3419 	b43_periodic_every15sec(dev);
3420 }
3421 
3422 /* Periodic work locking policy:
3423  * 	The whole periodic work handler is protected by
3424  * 	wl->mutex. If another lock is needed somewhere in the
3425  * 	pwork callchain, it's acquired in-place, where it's needed.
3426  */
3427 static void b43_periodic_work_handler(struct work_struct *work)
3428 {
3429 	struct b43_wldev *dev = container_of(work, struct b43_wldev,
3430 					     periodic_work.work);
3431 	struct b43_wl *wl = dev->wl;
3432 	unsigned long delay;
3433 
3434 	mutex_lock(&wl->mutex);
3435 
3436 	if (unlikely(b43_status(dev) != B43_STAT_STARTED))
3437 		goto out;
3438 	if (b43_debug(dev, B43_DBG_PWORK_STOP))
3439 		goto out_requeue;
3440 
3441 	do_periodic_work(dev);
3442 
3443 	dev->periodic_state++;
3444 out_requeue:
3445 	if (b43_debug(dev, B43_DBG_PWORK_FAST))
3446 		delay = msecs_to_jiffies(50);
3447 	else
3448 		delay = round_jiffies_relative(HZ * 15);
3449 	ieee80211_queue_delayed_work(wl->hw, &dev->periodic_work, delay);
3450 out:
3451 	mutex_unlock(&wl->mutex);
3452 }
3453 
3454 static void b43_periodic_tasks_setup(struct b43_wldev *dev)
3455 {
3456 	struct delayed_work *work = &dev->periodic_work;
3457 
3458 	dev->periodic_state = 0;
3459 	INIT_DELAYED_WORK(work, b43_periodic_work_handler);
3460 	ieee80211_queue_delayed_work(dev->wl->hw, work, 0);
3461 }
3462 
3463 /* Check if communication with the device works correctly. */
3464 static int b43_validate_chipaccess(struct b43_wldev *dev)
3465 {
3466 	u32 v, backup0, backup4;
3467 
3468 	backup0 = b43_shm_read32(dev, B43_SHM_SHARED, 0);
3469 	backup4 = b43_shm_read32(dev, B43_SHM_SHARED, 4);
3470 
3471 	/* Check for read/write and endianness problems. */
3472 	b43_shm_write32(dev, B43_SHM_SHARED, 0, 0x55AAAA55);
3473 	if (b43_shm_read32(dev, B43_SHM_SHARED, 0) != 0x55AAAA55)
3474 		goto error;
3475 	b43_shm_write32(dev, B43_SHM_SHARED, 0, 0xAA5555AA);
3476 	if (b43_shm_read32(dev, B43_SHM_SHARED, 0) != 0xAA5555AA)
3477 		goto error;
3478 
3479 	/* Check if unaligned 32bit SHM_SHARED access works properly.
3480 	 * However, don't bail out on failure, because it's noncritical. */
3481 	b43_shm_write16(dev, B43_SHM_SHARED, 0, 0x1122);
3482 	b43_shm_write16(dev, B43_SHM_SHARED, 2, 0x3344);
3483 	b43_shm_write16(dev, B43_SHM_SHARED, 4, 0x5566);
3484 	b43_shm_write16(dev, B43_SHM_SHARED, 6, 0x7788);
3485 	if (b43_shm_read32(dev, B43_SHM_SHARED, 2) != 0x55663344)
3486 		b43warn(dev->wl, "Unaligned 32bit SHM read access is broken\n");
3487 	b43_shm_write32(dev, B43_SHM_SHARED, 2, 0xAABBCCDD);
3488 	if (b43_shm_read16(dev, B43_SHM_SHARED, 0) != 0x1122 ||
3489 	    b43_shm_read16(dev, B43_SHM_SHARED, 2) != 0xCCDD ||
3490 	    b43_shm_read16(dev, B43_SHM_SHARED, 4) != 0xAABB ||
3491 	    b43_shm_read16(dev, B43_SHM_SHARED, 6) != 0x7788)
3492 		b43warn(dev->wl, "Unaligned 32bit SHM write access is broken\n");
3493 
3494 	b43_shm_write32(dev, B43_SHM_SHARED, 0, backup0);
3495 	b43_shm_write32(dev, B43_SHM_SHARED, 4, backup4);
3496 
3497 	if ((dev->dev->core_rev >= 3) && (dev->dev->core_rev <= 10)) {
3498 		/* The 32bit register shadows the two 16bit registers
3499 		 * with update sideeffects. Validate this. */
3500 		b43_write16(dev, B43_MMIO_TSF_CFP_START, 0xAAAA);
3501 		b43_write32(dev, B43_MMIO_TSF_CFP_START, 0xCCCCBBBB);
3502 		if (b43_read16(dev, B43_MMIO_TSF_CFP_START_LOW) != 0xBBBB)
3503 			goto error;
3504 		if (b43_read16(dev, B43_MMIO_TSF_CFP_START_HIGH) != 0xCCCC)
3505 			goto error;
3506 	}
3507 	b43_write32(dev, B43_MMIO_TSF_CFP_START, 0);
3508 
3509 	v = b43_read32(dev, B43_MMIO_MACCTL);
3510 	v |= B43_MACCTL_GMODE;
3511 	if (v != (B43_MACCTL_GMODE | B43_MACCTL_IHR_ENABLED))
3512 		goto error;
3513 
3514 	return 0;
3515 error:
3516 	b43err(dev->wl, "Failed to validate the chipaccess\n");
3517 	return -ENODEV;
3518 }
3519 
3520 static void b43_security_init(struct b43_wldev *dev)
3521 {
3522 	dev->ktp = b43_shm_read16(dev, B43_SHM_SHARED, B43_SHM_SH_KTP);
3523 	/* KTP is a word address, but we address SHM bytewise.
3524 	 * So multiply by two.
3525 	 */
3526 	dev->ktp *= 2;
3527 	/* Number of RCMTA address slots */
3528 	b43_write16(dev, B43_MMIO_RCMTA_COUNT, B43_NR_PAIRWISE_KEYS);
3529 	/* Clear the key memory. */
3530 	b43_clear_keys(dev);
3531 }
3532 
3533 #ifdef CONFIG_B43_HWRNG
3534 static int b43_rng_read(struct hwrng *rng, u32 *data)
3535 {
3536 	struct b43_wl *wl = (struct b43_wl *)rng->priv;
3537 	struct b43_wldev *dev;
3538 	int count = -ENODEV;
3539 
3540 	mutex_lock(&wl->mutex);
3541 	dev = wl->current_dev;
3542 	if (likely(dev && b43_status(dev) >= B43_STAT_INITIALIZED)) {
3543 		*data = b43_read16(dev, B43_MMIO_RNG);
3544 		count = sizeof(u16);
3545 	}
3546 	mutex_unlock(&wl->mutex);
3547 
3548 	return count;
3549 }
3550 #endif /* CONFIG_B43_HWRNG */
3551 
3552 static void b43_rng_exit(struct b43_wl *wl)
3553 {
3554 #ifdef CONFIG_B43_HWRNG
3555 	if (wl->rng_initialized)
3556 		hwrng_unregister(&wl->rng);
3557 #endif /* CONFIG_B43_HWRNG */
3558 }
3559 
3560 static int b43_rng_init(struct b43_wl *wl)
3561 {
3562 	int err = 0;
3563 
3564 #ifdef CONFIG_B43_HWRNG
3565 	snprintf(wl->rng_name, ARRAY_SIZE(wl->rng_name),
3566 		 "%s_%s", KBUILD_MODNAME, wiphy_name(wl->hw->wiphy));
3567 	wl->rng.name = wl->rng_name;
3568 	wl->rng.data_read = b43_rng_read;
3569 	wl->rng.priv = (unsigned long)wl;
3570 	wl->rng_initialized = true;
3571 	err = hwrng_register(&wl->rng);
3572 	if (err) {
3573 		wl->rng_initialized = false;
3574 		b43err(wl, "Failed to register the random "
3575 		       "number generator (%d)\n", err);
3576 	}
3577 #endif /* CONFIG_B43_HWRNG */
3578 
3579 	return err;
3580 }
3581 
3582 static void b43_tx_work(struct work_struct *work)
3583 {
3584 	struct b43_wl *wl = container_of(work, struct b43_wl, tx_work);
3585 	struct b43_wldev *dev;
3586 	struct sk_buff *skb;
3587 	int queue_num;
3588 	int err = 0;
3589 
3590 	mutex_lock(&wl->mutex);
3591 	dev = wl->current_dev;
3592 	if (unlikely(!dev || b43_status(dev) < B43_STAT_STARTED)) {
3593 		mutex_unlock(&wl->mutex);
3594 		return;
3595 	}
3596 
3597 	for (queue_num = 0; queue_num < B43_QOS_QUEUE_NUM; queue_num++) {
3598 		while (skb_queue_len(&wl->tx_queue[queue_num])) {
3599 			skb = skb_dequeue(&wl->tx_queue[queue_num]);
3600 			if (b43_using_pio_transfers(dev))
3601 				err = b43_pio_tx(dev, skb);
3602 			else
3603 				err = b43_dma_tx(dev, skb);
3604 			if (err == -ENOSPC) {
3605 				wl->tx_queue_stopped[queue_num] = true;
3606 				ieee80211_stop_queue(wl->hw, queue_num);
3607 				skb_queue_head(&wl->tx_queue[queue_num], skb);
3608 				break;
3609 			}
3610 			if (unlikely(err))
3611 				ieee80211_free_txskb(wl->hw, skb);
3612 			err = 0;
3613 		}
3614 
3615 		if (!err)
3616 			wl->tx_queue_stopped[queue_num] = false;
3617 	}
3618 
3619 #if B43_DEBUG
3620 	dev->tx_count++;
3621 #endif
3622 	mutex_unlock(&wl->mutex);
3623 }
3624 
3625 static void b43_op_tx(struct ieee80211_hw *hw,
3626 		      struct ieee80211_tx_control *control,
3627 		      struct sk_buff *skb)
3628 {
3629 	struct b43_wl *wl = hw_to_b43_wl(hw);
3630 
3631 	if (unlikely(skb->len < 2 + 2 + 6)) {
3632 		/* Too short, this can't be a valid frame. */
3633 		ieee80211_free_txskb(hw, skb);
3634 		return;
3635 	}
3636 	B43_WARN_ON(skb_shinfo(skb)->nr_frags);
3637 
3638 	skb_queue_tail(&wl->tx_queue[skb->queue_mapping], skb);
3639 	if (!wl->tx_queue_stopped[skb->queue_mapping]) {
3640 		ieee80211_queue_work(wl->hw, &wl->tx_work);
3641 	} else {
3642 		ieee80211_stop_queue(wl->hw, skb->queue_mapping);
3643 	}
3644 }
3645 
3646 static void b43_qos_params_upload(struct b43_wldev *dev,
3647 				  const struct ieee80211_tx_queue_params *p,
3648 				  u16 shm_offset)
3649 {
3650 	u16 params[B43_NR_QOSPARAMS];
3651 	int bslots, tmp;
3652 	unsigned int i;
3653 
3654 	if (!dev->qos_enabled)
3655 		return;
3656 
3657 	bslots = b43_read16(dev, B43_MMIO_RNG) & p->cw_min;
3658 
3659 	memset(&params, 0, sizeof(params));
3660 
3661 	params[B43_QOSPARAM_TXOP] = p->txop * 32;
3662 	params[B43_QOSPARAM_CWMIN] = p->cw_min;
3663 	params[B43_QOSPARAM_CWMAX] = p->cw_max;
3664 	params[B43_QOSPARAM_CWCUR] = p->cw_min;
3665 	params[B43_QOSPARAM_AIFS] = p->aifs;
3666 	params[B43_QOSPARAM_BSLOTS] = bslots;
3667 	params[B43_QOSPARAM_REGGAP] = bslots + p->aifs;
3668 
3669 	for (i = 0; i < ARRAY_SIZE(params); i++) {
3670 		if (i == B43_QOSPARAM_STATUS) {
3671 			tmp = b43_shm_read16(dev, B43_SHM_SHARED,
3672 					     shm_offset + (i * 2));
3673 			/* Mark the parameters as updated. */
3674 			tmp |= 0x100;
3675 			b43_shm_write16(dev, B43_SHM_SHARED,
3676 					shm_offset + (i * 2),
3677 					tmp);
3678 		} else {
3679 			b43_shm_write16(dev, B43_SHM_SHARED,
3680 					shm_offset + (i * 2),
3681 					params[i]);
3682 		}
3683 	}
3684 }
3685 
3686 /* Mapping of mac80211 queue numbers to b43 QoS SHM offsets. */
3687 static const u16 b43_qos_shm_offsets[] = {
3688 	/* [mac80211-queue-nr] = SHM_OFFSET, */
3689 	[0] = B43_QOS_VOICE,
3690 	[1] = B43_QOS_VIDEO,
3691 	[2] = B43_QOS_BESTEFFORT,
3692 	[3] = B43_QOS_BACKGROUND,
3693 };
3694 
3695 /* Update all QOS parameters in hardware. */
3696 static void b43_qos_upload_all(struct b43_wldev *dev)
3697 {
3698 	struct b43_wl *wl = dev->wl;
3699 	struct b43_qos_params *params;
3700 	unsigned int i;
3701 
3702 	if (!dev->qos_enabled)
3703 		return;
3704 
3705 	BUILD_BUG_ON(ARRAY_SIZE(b43_qos_shm_offsets) !=
3706 		     ARRAY_SIZE(wl->qos_params));
3707 
3708 	b43_mac_suspend(dev);
3709 	for (i = 0; i < ARRAY_SIZE(wl->qos_params); i++) {
3710 		params = &(wl->qos_params[i]);
3711 		b43_qos_params_upload(dev, &(params->p),
3712 				      b43_qos_shm_offsets[i]);
3713 	}
3714 	b43_mac_enable(dev);
3715 }
3716 
3717 static void b43_qos_clear(struct b43_wl *wl)
3718 {
3719 	struct b43_qos_params *params;
3720 	unsigned int i;
3721 
3722 	/* Initialize QoS parameters to sane defaults. */
3723 
3724 	BUILD_BUG_ON(ARRAY_SIZE(b43_qos_shm_offsets) !=
3725 		     ARRAY_SIZE(wl->qos_params));
3726 
3727 	for (i = 0; i < ARRAY_SIZE(wl->qos_params); i++) {
3728 		params = &(wl->qos_params[i]);
3729 
3730 		switch (b43_qos_shm_offsets[i]) {
3731 		case B43_QOS_VOICE:
3732 			params->p.txop = 0;
3733 			params->p.aifs = 2;
3734 			params->p.cw_min = 0x0001;
3735 			params->p.cw_max = 0x0001;
3736 			break;
3737 		case B43_QOS_VIDEO:
3738 			params->p.txop = 0;
3739 			params->p.aifs = 2;
3740 			params->p.cw_min = 0x0001;
3741 			params->p.cw_max = 0x0001;
3742 			break;
3743 		case B43_QOS_BESTEFFORT:
3744 			params->p.txop = 0;
3745 			params->p.aifs = 3;
3746 			params->p.cw_min = 0x0001;
3747 			params->p.cw_max = 0x03FF;
3748 			break;
3749 		case B43_QOS_BACKGROUND:
3750 			params->p.txop = 0;
3751 			params->p.aifs = 7;
3752 			params->p.cw_min = 0x0001;
3753 			params->p.cw_max = 0x03FF;
3754 			break;
3755 		default:
3756 			B43_WARN_ON(1);
3757 		}
3758 	}
3759 }
3760 
3761 /* Initialize the core's QOS capabilities */
3762 static void b43_qos_init(struct b43_wldev *dev)
3763 {
3764 	if (!dev->qos_enabled) {
3765 		/* Disable QOS support. */
3766 		b43_hf_write(dev, b43_hf_read(dev) & ~B43_HF_EDCF);
3767 		b43_write16(dev, B43_MMIO_IFSCTL,
3768 			    b43_read16(dev, B43_MMIO_IFSCTL)
3769 			    & ~B43_MMIO_IFSCTL_USE_EDCF);
3770 		b43dbg(dev->wl, "QoS disabled\n");
3771 		return;
3772 	}
3773 
3774 	/* Upload the current QOS parameters. */
3775 	b43_qos_upload_all(dev);
3776 
3777 	/* Enable QOS support. */
3778 	b43_hf_write(dev, b43_hf_read(dev) | B43_HF_EDCF);
3779 	b43_write16(dev, B43_MMIO_IFSCTL,
3780 		    b43_read16(dev, B43_MMIO_IFSCTL)
3781 		    | B43_MMIO_IFSCTL_USE_EDCF);
3782 	b43dbg(dev->wl, "QoS enabled\n");
3783 }
3784 
3785 static int b43_op_conf_tx(struct ieee80211_hw *hw,
3786 			  struct ieee80211_vif *vif,
3787 			  unsigned int link_id, u16 _queue,
3788 			  const struct ieee80211_tx_queue_params *params)
3789 {
3790 	struct b43_wl *wl = hw_to_b43_wl(hw);
3791 	struct b43_wldev *dev;
3792 	unsigned int queue = (unsigned int)_queue;
3793 	int err = -ENODEV;
3794 
3795 	if (queue >= ARRAY_SIZE(wl->qos_params)) {
3796 		/* Queue not available or don't support setting
3797 		 * params on this queue. Return success to not
3798 		 * confuse mac80211. */
3799 		return 0;
3800 	}
3801 	BUILD_BUG_ON(ARRAY_SIZE(b43_qos_shm_offsets) !=
3802 		     ARRAY_SIZE(wl->qos_params));
3803 
3804 	mutex_lock(&wl->mutex);
3805 	dev = wl->current_dev;
3806 	if (unlikely(!dev || (b43_status(dev) < B43_STAT_INITIALIZED)))
3807 		goto out_unlock;
3808 
3809 	memcpy(&(wl->qos_params[queue].p), params, sizeof(*params));
3810 	b43_mac_suspend(dev);
3811 	b43_qos_params_upload(dev, &(wl->qos_params[queue].p),
3812 			      b43_qos_shm_offsets[queue]);
3813 	b43_mac_enable(dev);
3814 	err = 0;
3815 
3816 out_unlock:
3817 	mutex_unlock(&wl->mutex);
3818 
3819 	return err;
3820 }
3821 
3822 static int b43_op_get_stats(struct ieee80211_hw *hw,
3823 			    struct ieee80211_low_level_stats *stats)
3824 {
3825 	struct b43_wl *wl = hw_to_b43_wl(hw);
3826 
3827 	mutex_lock(&wl->mutex);
3828 	memcpy(stats, &wl->ieee_stats, sizeof(*stats));
3829 	mutex_unlock(&wl->mutex);
3830 
3831 	return 0;
3832 }
3833 
3834 static u64 b43_op_get_tsf(struct ieee80211_hw *hw, struct ieee80211_vif *vif)
3835 {
3836 	struct b43_wl *wl = hw_to_b43_wl(hw);
3837 	struct b43_wldev *dev;
3838 	u64 tsf;
3839 
3840 	mutex_lock(&wl->mutex);
3841 	dev = wl->current_dev;
3842 
3843 	if (dev && (b43_status(dev) >= B43_STAT_INITIALIZED))
3844 		b43_tsf_read(dev, &tsf);
3845 	else
3846 		tsf = 0;
3847 
3848 	mutex_unlock(&wl->mutex);
3849 
3850 	return tsf;
3851 }
3852 
3853 static void b43_op_set_tsf(struct ieee80211_hw *hw,
3854 			   struct ieee80211_vif *vif, u64 tsf)
3855 {
3856 	struct b43_wl *wl = hw_to_b43_wl(hw);
3857 	struct b43_wldev *dev;
3858 
3859 	mutex_lock(&wl->mutex);
3860 	dev = wl->current_dev;
3861 
3862 	if (dev && (b43_status(dev) >= B43_STAT_INITIALIZED))
3863 		b43_tsf_write(dev, tsf);
3864 
3865 	mutex_unlock(&wl->mutex);
3866 }
3867 
3868 static const char *band_to_string(enum nl80211_band band)
3869 {
3870 	switch (band) {
3871 	case NL80211_BAND_5GHZ:
3872 		return "5";
3873 	case NL80211_BAND_2GHZ:
3874 		return "2.4";
3875 	default:
3876 		break;
3877 	}
3878 	B43_WARN_ON(1);
3879 	return "";
3880 }
3881 
3882 /* Expects wl->mutex locked */
3883 static int b43_switch_band(struct b43_wldev *dev,
3884 			   struct ieee80211_channel *chan)
3885 {
3886 	struct b43_phy *phy = &dev->phy;
3887 	bool gmode;
3888 	u32 tmp;
3889 
3890 	switch (chan->band) {
3891 	case NL80211_BAND_5GHZ:
3892 		gmode = false;
3893 		break;
3894 	case NL80211_BAND_2GHZ:
3895 		gmode = true;
3896 		break;
3897 	default:
3898 		B43_WARN_ON(1);
3899 		return -EINVAL;
3900 	}
3901 
3902 	if (!((gmode && phy->supports_2ghz) ||
3903 	      (!gmode && phy->supports_5ghz))) {
3904 		b43err(dev->wl, "This device doesn't support %s-GHz band\n",
3905 		       band_to_string(chan->band));
3906 		return -ENODEV;
3907 	}
3908 
3909 	if (!!phy->gmode == !!gmode) {
3910 		/* This device is already running. */
3911 		return 0;
3912 	}
3913 
3914 	b43dbg(dev->wl, "Switching to %s GHz band\n",
3915 	       band_to_string(chan->band));
3916 
3917 	/* Some new devices don't need disabling radio for band switching */
3918 	if (!(phy->type == B43_PHYTYPE_N && phy->rev >= 3))
3919 		b43_software_rfkill(dev, true);
3920 
3921 	phy->gmode = gmode;
3922 	b43_phy_put_into_reset(dev);
3923 	switch (dev->dev->bus_type) {
3924 #ifdef CONFIG_B43_BCMA
3925 	case B43_BUS_BCMA:
3926 		tmp = bcma_aread32(dev->dev->bdev, BCMA_IOCTL);
3927 		if (gmode)
3928 			tmp |= B43_BCMA_IOCTL_GMODE;
3929 		else
3930 			tmp &= ~B43_BCMA_IOCTL_GMODE;
3931 		bcma_awrite32(dev->dev->bdev, BCMA_IOCTL, tmp);
3932 		break;
3933 #endif
3934 #ifdef CONFIG_B43_SSB
3935 	case B43_BUS_SSB:
3936 		tmp = ssb_read32(dev->dev->sdev, SSB_TMSLOW);
3937 		if (gmode)
3938 			tmp |= B43_TMSLOW_GMODE;
3939 		else
3940 			tmp &= ~B43_TMSLOW_GMODE;
3941 		ssb_write32(dev->dev->sdev, SSB_TMSLOW, tmp);
3942 		break;
3943 #endif
3944 	}
3945 	b43_phy_take_out_of_reset(dev);
3946 
3947 	b43_upload_initvals_band(dev);
3948 
3949 	b43_phy_init(dev);
3950 
3951 	return 0;
3952 }
3953 
3954 static void b43_set_beacon_listen_interval(struct b43_wldev *dev, u16 interval)
3955 {
3956 	interval = min_t(u16, interval, (u16)0xFF);
3957 	b43_shm_write16(dev, B43_SHM_SHARED, B43_SHM_SH_BCN_LI, interval);
3958 }
3959 
3960 /* Write the short and long frame retry limit values. */
3961 static void b43_set_retry_limits(struct b43_wldev *dev,
3962 				 unsigned int short_retry,
3963 				 unsigned int long_retry)
3964 {
3965 	/* The retry limit is a 4-bit counter. Enforce this to avoid overflowing
3966 	 * the chip-internal counter. */
3967 	short_retry = min(short_retry, (unsigned int)0xF);
3968 	long_retry = min(long_retry, (unsigned int)0xF);
3969 
3970 	b43_shm_write16(dev, B43_SHM_SCRATCH, B43_SHM_SC_SRLIMIT,
3971 			short_retry);
3972 	b43_shm_write16(dev, B43_SHM_SCRATCH, B43_SHM_SC_LRLIMIT,
3973 			long_retry);
3974 }
3975 
3976 static int b43_op_config(struct ieee80211_hw *hw, u32 changed)
3977 {
3978 	struct b43_wl *wl = hw_to_b43_wl(hw);
3979 	struct b43_wldev *dev = wl->current_dev;
3980 	struct b43_phy *phy = &dev->phy;
3981 	struct ieee80211_conf *conf = &hw->conf;
3982 	int antenna;
3983 	int err = 0;
3984 
3985 	mutex_lock(&wl->mutex);
3986 	b43_mac_suspend(dev);
3987 
3988 	if (changed & IEEE80211_CONF_CHANGE_LISTEN_INTERVAL)
3989 		b43_set_beacon_listen_interval(dev, conf->listen_interval);
3990 
3991 	if (changed & IEEE80211_CONF_CHANGE_CHANNEL) {
3992 		phy->chandef = &conf->chandef;
3993 		phy->channel = conf->chandef.chan->hw_value;
3994 
3995 		/* Switch the band (if necessary). */
3996 		err = b43_switch_band(dev, conf->chandef.chan);
3997 		if (err)
3998 			goto out_mac_enable;
3999 
4000 		/* Switch to the requested channel.
4001 		 * The firmware takes care of races with the TX handler.
4002 		 */
4003 		b43_switch_channel(dev, phy->channel);
4004 	}
4005 
4006 	if (changed & IEEE80211_CONF_CHANGE_RETRY_LIMITS)
4007 		b43_set_retry_limits(dev, conf->short_frame_max_tx_count,
4008 					  conf->long_frame_max_tx_count);
4009 	changed &= ~IEEE80211_CONF_CHANGE_RETRY_LIMITS;
4010 	if (!changed)
4011 		goto out_mac_enable;
4012 
4013 	dev->wl->radiotap_enabled = !!(conf->flags & IEEE80211_CONF_MONITOR);
4014 
4015 	/* Adjust the desired TX power level. */
4016 	if (conf->power_level != 0) {
4017 		if (conf->power_level != phy->desired_txpower) {
4018 			phy->desired_txpower = conf->power_level;
4019 			b43_phy_txpower_check(dev, B43_TXPWR_IGNORE_TIME |
4020 						   B43_TXPWR_IGNORE_TSSI);
4021 		}
4022 	}
4023 
4024 	/* Antennas for RX and management frame TX. */
4025 	antenna = B43_ANTENNA_DEFAULT;
4026 	b43_mgmtframe_txantenna(dev, antenna);
4027 	antenna = B43_ANTENNA_DEFAULT;
4028 	if (phy->ops->set_rx_antenna)
4029 		phy->ops->set_rx_antenna(dev, antenna);
4030 
4031 	if (wl->radio_enabled != phy->radio_on) {
4032 		if (wl->radio_enabled) {
4033 			b43_software_rfkill(dev, false);
4034 			b43info(dev->wl, "Radio turned on by software\n");
4035 			if (!dev->radio_hw_enable) {
4036 				b43info(dev->wl, "The hardware RF-kill button "
4037 					"still turns the radio physically off. "
4038 					"Press the button to turn it on.\n");
4039 			}
4040 		} else {
4041 			b43_software_rfkill(dev, true);
4042 			b43info(dev->wl, "Radio turned off by software\n");
4043 		}
4044 	}
4045 
4046 out_mac_enable:
4047 	b43_mac_enable(dev);
4048 	mutex_unlock(&wl->mutex);
4049 
4050 	return err;
4051 }
4052 
4053 static void b43_update_basic_rates(struct b43_wldev *dev, u32 brates)
4054 {
4055 	struct ieee80211_supported_band *sband =
4056 		dev->wl->hw->wiphy->bands[b43_current_band(dev->wl)];
4057 	const struct ieee80211_rate *rate;
4058 	int i;
4059 	u16 basic, direct, offset, basic_offset, rateptr;
4060 
4061 	for (i = 0; i < sband->n_bitrates; i++) {
4062 		rate = &sband->bitrates[i];
4063 
4064 		if (b43_is_cck_rate(rate->hw_value)) {
4065 			direct = B43_SHM_SH_CCKDIRECT;
4066 			basic = B43_SHM_SH_CCKBASIC;
4067 			offset = b43_plcp_get_ratecode_cck(rate->hw_value);
4068 			offset &= 0xF;
4069 		} else {
4070 			direct = B43_SHM_SH_OFDMDIRECT;
4071 			basic = B43_SHM_SH_OFDMBASIC;
4072 			offset = b43_plcp_get_ratecode_ofdm(rate->hw_value);
4073 			offset &= 0xF;
4074 		}
4075 
4076 		rate = ieee80211_get_response_rate(sband, brates, rate->bitrate);
4077 
4078 		if (b43_is_cck_rate(rate->hw_value)) {
4079 			basic_offset = b43_plcp_get_ratecode_cck(rate->hw_value);
4080 			basic_offset &= 0xF;
4081 		} else {
4082 			basic_offset = b43_plcp_get_ratecode_ofdm(rate->hw_value);
4083 			basic_offset &= 0xF;
4084 		}
4085 
4086 		/*
4087 		 * Get the pointer that we need to point to
4088 		 * from the direct map
4089 		 */
4090 		rateptr = b43_shm_read16(dev, B43_SHM_SHARED,
4091 					 direct + 2 * basic_offset);
4092 		/* and write it to the basic map */
4093 		b43_shm_write16(dev, B43_SHM_SHARED, basic + 2 * offset,
4094 				rateptr);
4095 	}
4096 }
4097 
4098 static void b43_op_bss_info_changed(struct ieee80211_hw *hw,
4099 				    struct ieee80211_vif *vif,
4100 				    struct ieee80211_bss_conf *conf,
4101 				    u64 changed)
4102 {
4103 	struct b43_wl *wl = hw_to_b43_wl(hw);
4104 	struct b43_wldev *dev;
4105 
4106 	mutex_lock(&wl->mutex);
4107 
4108 	dev = wl->current_dev;
4109 	if (!dev || b43_status(dev) < B43_STAT_STARTED)
4110 		goto out_unlock_mutex;
4111 
4112 	B43_WARN_ON(wl->vif != vif);
4113 
4114 	if (changed & BSS_CHANGED_BSSID) {
4115 		if (conf->bssid)
4116 			memcpy(wl->bssid, conf->bssid, ETH_ALEN);
4117 		else
4118 			eth_zero_addr(wl->bssid);
4119 	}
4120 
4121 	if (b43_status(dev) >= B43_STAT_INITIALIZED) {
4122 		if (changed & BSS_CHANGED_BEACON &&
4123 		    (b43_is_mode(wl, NL80211_IFTYPE_AP) ||
4124 		     b43_is_mode(wl, NL80211_IFTYPE_MESH_POINT) ||
4125 		     b43_is_mode(wl, NL80211_IFTYPE_ADHOC)))
4126 			b43_update_templates(wl);
4127 
4128 		if (changed & BSS_CHANGED_BSSID)
4129 			b43_write_mac_bssid_templates(dev);
4130 	}
4131 
4132 	b43_mac_suspend(dev);
4133 
4134 	/* Update templates for AP/mesh mode. */
4135 	if (changed & BSS_CHANGED_BEACON_INT &&
4136 	    (b43_is_mode(wl, NL80211_IFTYPE_AP) ||
4137 	     b43_is_mode(wl, NL80211_IFTYPE_MESH_POINT) ||
4138 	     b43_is_mode(wl, NL80211_IFTYPE_ADHOC)) &&
4139 	    conf->beacon_int)
4140 		b43_set_beacon_int(dev, conf->beacon_int);
4141 
4142 	if (changed & BSS_CHANGED_BASIC_RATES)
4143 		b43_update_basic_rates(dev, conf->basic_rates);
4144 
4145 	if (changed & BSS_CHANGED_ERP_SLOT) {
4146 		if (conf->use_short_slot)
4147 			b43_short_slot_timing_enable(dev);
4148 		else
4149 			b43_short_slot_timing_disable(dev);
4150 	}
4151 
4152 	b43_mac_enable(dev);
4153 out_unlock_mutex:
4154 	mutex_unlock(&wl->mutex);
4155 }
4156 
4157 static int b43_op_set_key(struct ieee80211_hw *hw, enum set_key_cmd cmd,
4158 			  struct ieee80211_vif *vif, struct ieee80211_sta *sta,
4159 			  struct ieee80211_key_conf *key)
4160 {
4161 	struct b43_wl *wl = hw_to_b43_wl(hw);
4162 	struct b43_wldev *dev;
4163 	u8 algorithm;
4164 	u8 index;
4165 	int err;
4166 	static const u8 bcast_addr[ETH_ALEN] = { 0xff, 0xff, 0xff, 0xff, 0xff, 0xff };
4167 
4168 	if (modparam_nohwcrypt)
4169 		return -ENOSPC; /* User disabled HW-crypto */
4170 
4171 	if ((vif->type == NL80211_IFTYPE_ADHOC ||
4172 	     vif->type == NL80211_IFTYPE_MESH_POINT) &&
4173 	    (key->cipher == WLAN_CIPHER_SUITE_TKIP ||
4174 	     key->cipher == WLAN_CIPHER_SUITE_CCMP) &&
4175 	    !(key->flags & IEEE80211_KEY_FLAG_PAIRWISE)) {
4176 		/*
4177 		 * For now, disable hw crypto for the RSN IBSS group keys. This
4178 		 * could be optimized in the future, but until that gets
4179 		 * implemented, use of software crypto for group addressed
4180 		 * frames is a acceptable to allow RSN IBSS to be used.
4181 		 */
4182 		return -EOPNOTSUPP;
4183 	}
4184 
4185 	mutex_lock(&wl->mutex);
4186 
4187 	dev = wl->current_dev;
4188 	err = -ENODEV;
4189 	if (!dev || b43_status(dev) < B43_STAT_INITIALIZED)
4190 		goto out_unlock;
4191 
4192 	if (dev->fw.pcm_request_failed || !dev->hwcrypto_enabled) {
4193 		/* We don't have firmware for the crypto engine.
4194 		 * Must use software-crypto. */
4195 		err = -EOPNOTSUPP;
4196 		goto out_unlock;
4197 	}
4198 
4199 	err = -EINVAL;
4200 	switch (key->cipher) {
4201 	case WLAN_CIPHER_SUITE_WEP40:
4202 		algorithm = B43_SEC_ALGO_WEP40;
4203 		break;
4204 	case WLAN_CIPHER_SUITE_WEP104:
4205 		algorithm = B43_SEC_ALGO_WEP104;
4206 		break;
4207 	case WLAN_CIPHER_SUITE_TKIP:
4208 		algorithm = B43_SEC_ALGO_TKIP;
4209 		break;
4210 	case WLAN_CIPHER_SUITE_CCMP:
4211 		algorithm = B43_SEC_ALGO_AES;
4212 		break;
4213 	default:
4214 		B43_WARN_ON(1);
4215 		goto out_unlock;
4216 	}
4217 	index = (u8) (key->keyidx);
4218 	if (index > 3)
4219 		goto out_unlock;
4220 
4221 	switch (cmd) {
4222 	case SET_KEY:
4223 		if (algorithm == B43_SEC_ALGO_TKIP &&
4224 		    (!(key->flags & IEEE80211_KEY_FLAG_PAIRWISE) ||
4225 		    !modparam_hwtkip)) {
4226 			/* We support only pairwise key */
4227 			err = -EOPNOTSUPP;
4228 			goto out_unlock;
4229 		}
4230 
4231 		if (key->flags & IEEE80211_KEY_FLAG_PAIRWISE) {
4232 			if (WARN_ON(!sta)) {
4233 				err = -EOPNOTSUPP;
4234 				goto out_unlock;
4235 			}
4236 			/* Pairwise key with an assigned MAC address. */
4237 			err = b43_key_write(dev, -1, algorithm,
4238 					    key->key, key->keylen,
4239 					    sta->addr, key);
4240 		} else {
4241 			/* Group key */
4242 			err = b43_key_write(dev, index, algorithm,
4243 					    key->key, key->keylen, NULL, key);
4244 		}
4245 		if (err)
4246 			goto out_unlock;
4247 
4248 		if (algorithm == B43_SEC_ALGO_WEP40 ||
4249 		    algorithm == B43_SEC_ALGO_WEP104) {
4250 			b43_hf_write(dev, b43_hf_read(dev) | B43_HF_USEDEFKEYS);
4251 		} else {
4252 			b43_hf_write(dev,
4253 				     b43_hf_read(dev) & ~B43_HF_USEDEFKEYS);
4254 		}
4255 		key->flags |= IEEE80211_KEY_FLAG_GENERATE_IV;
4256 		if (algorithm == B43_SEC_ALGO_TKIP)
4257 			key->flags |= IEEE80211_KEY_FLAG_GENERATE_MMIC;
4258 		break;
4259 	case DISABLE_KEY: {
4260 		err = b43_key_clear(dev, key->hw_key_idx);
4261 		if (err)
4262 			goto out_unlock;
4263 		break;
4264 	}
4265 	default:
4266 		B43_WARN_ON(1);
4267 	}
4268 
4269 out_unlock:
4270 	if (!err) {
4271 		b43dbg(wl, "%s hardware based encryption for keyidx: %d, "
4272 		       "mac: %pM\n",
4273 		       cmd == SET_KEY ? "Using" : "Disabling", key->keyidx,
4274 		       sta ? sta->addr : bcast_addr);
4275 		b43_dump_keymemory(dev);
4276 	}
4277 	mutex_unlock(&wl->mutex);
4278 
4279 	return err;
4280 }
4281 
4282 static void b43_op_configure_filter(struct ieee80211_hw *hw,
4283 				    unsigned int changed, unsigned int *fflags,
4284 				    u64 multicast)
4285 {
4286 	struct b43_wl *wl = hw_to_b43_wl(hw);
4287 	struct b43_wldev *dev;
4288 
4289 	mutex_lock(&wl->mutex);
4290 	dev = wl->current_dev;
4291 	if (!dev) {
4292 		*fflags = 0;
4293 		goto out_unlock;
4294 	}
4295 
4296 	*fflags &= FIF_ALLMULTI |
4297 		  FIF_FCSFAIL |
4298 		  FIF_PLCPFAIL |
4299 		  FIF_CONTROL |
4300 		  FIF_OTHER_BSS |
4301 		  FIF_BCN_PRBRESP_PROMISC;
4302 
4303 	changed &= FIF_ALLMULTI |
4304 		   FIF_FCSFAIL |
4305 		   FIF_PLCPFAIL |
4306 		   FIF_CONTROL |
4307 		   FIF_OTHER_BSS |
4308 		   FIF_BCN_PRBRESP_PROMISC;
4309 
4310 	wl->filter_flags = *fflags;
4311 
4312 	if (changed && b43_status(dev) >= B43_STAT_INITIALIZED)
4313 		b43_adjust_opmode(dev);
4314 
4315 out_unlock:
4316 	mutex_unlock(&wl->mutex);
4317 }
4318 
4319 /* Locking: wl->mutex
4320  * Returns the current dev. This might be different from the passed in dev,
4321  * because the core might be gone away while we unlocked the mutex. */
4322 static struct b43_wldev * b43_wireless_core_stop(struct b43_wldev *dev)
4323 {
4324 	struct b43_wl *wl;
4325 	struct b43_wldev *orig_dev;
4326 	u32 mask;
4327 	int queue_num;
4328 
4329 	if (!dev)
4330 		return NULL;
4331 	wl = dev->wl;
4332 redo:
4333 	if (!dev || b43_status(dev) < B43_STAT_STARTED)
4334 		return dev;
4335 
4336 	/* Cancel work. Unlock to avoid deadlocks. */
4337 	mutex_unlock(&wl->mutex);
4338 	cancel_delayed_work_sync(&dev->periodic_work);
4339 	cancel_work_sync(&wl->tx_work);
4340 	b43_leds_stop(dev);
4341 	mutex_lock(&wl->mutex);
4342 	dev = wl->current_dev;
4343 	if (!dev || b43_status(dev) < B43_STAT_STARTED) {
4344 		/* Whoops, aliens ate up the device while we were unlocked. */
4345 		return dev;
4346 	}
4347 
4348 	/* Disable interrupts on the device. */
4349 	b43_set_status(dev, B43_STAT_INITIALIZED);
4350 	if (b43_bus_host_is_sdio(dev->dev)) {
4351 		/* wl->mutex is locked. That is enough. */
4352 		b43_write32(dev, B43_MMIO_GEN_IRQ_MASK, 0);
4353 		b43_read32(dev, B43_MMIO_GEN_IRQ_MASK);	/* Flush */
4354 	} else {
4355 		spin_lock_irq(&wl->hardirq_lock);
4356 		b43_write32(dev, B43_MMIO_GEN_IRQ_MASK, 0);
4357 		b43_read32(dev, B43_MMIO_GEN_IRQ_MASK);	/* Flush */
4358 		spin_unlock_irq(&wl->hardirq_lock);
4359 	}
4360 	/* Synchronize and free the interrupt handlers. Unlock to avoid deadlocks. */
4361 	orig_dev = dev;
4362 	mutex_unlock(&wl->mutex);
4363 	if (b43_bus_host_is_sdio(dev->dev))
4364 		b43_sdio_free_irq(dev);
4365 	else
4366 		free_irq(dev->dev->irq, dev);
4367 	mutex_lock(&wl->mutex);
4368 	dev = wl->current_dev;
4369 	if (!dev)
4370 		return dev;
4371 	if (dev != orig_dev) {
4372 		if (b43_status(dev) >= B43_STAT_STARTED)
4373 			goto redo;
4374 		return dev;
4375 	}
4376 	mask = b43_read32(dev, B43_MMIO_GEN_IRQ_MASK);
4377 	B43_WARN_ON(mask != 0xFFFFFFFF && mask);
4378 
4379 	/* Drain all TX queues. */
4380 	for (queue_num = 0; queue_num < B43_QOS_QUEUE_NUM; queue_num++) {
4381 		while (skb_queue_len(&wl->tx_queue[queue_num])) {
4382 			struct sk_buff *skb;
4383 
4384 			skb = skb_dequeue(&wl->tx_queue[queue_num]);
4385 			ieee80211_free_txskb(wl->hw, skb);
4386 		}
4387 	}
4388 
4389 	b43_mac_suspend(dev);
4390 	b43_leds_exit(dev);
4391 	b43dbg(wl, "Wireless interface stopped\n");
4392 
4393 	return dev;
4394 }
4395 
4396 /* Locking: wl->mutex */
4397 static int b43_wireless_core_start(struct b43_wldev *dev)
4398 {
4399 	int err;
4400 
4401 	B43_WARN_ON(b43_status(dev) != B43_STAT_INITIALIZED);
4402 
4403 	drain_txstatus_queue(dev);
4404 	if (b43_bus_host_is_sdio(dev->dev)) {
4405 		err = b43_sdio_request_irq(dev, b43_sdio_interrupt_handler);
4406 		if (err) {
4407 			b43err(dev->wl, "Cannot request SDIO IRQ\n");
4408 			goto out;
4409 		}
4410 	} else {
4411 		err = request_threaded_irq(dev->dev->irq, b43_interrupt_handler,
4412 					   b43_interrupt_thread_handler,
4413 					   IRQF_SHARED, KBUILD_MODNAME, dev);
4414 		if (err) {
4415 			b43err(dev->wl, "Cannot request IRQ-%d\n",
4416 			       dev->dev->irq);
4417 			goto out;
4418 		}
4419 	}
4420 
4421 	/* We are ready to run. */
4422 	ieee80211_wake_queues(dev->wl->hw);
4423 	b43_set_status(dev, B43_STAT_STARTED);
4424 
4425 	/* Start data flow (TX/RX). */
4426 	b43_mac_enable(dev);
4427 	b43_write32(dev, B43_MMIO_GEN_IRQ_MASK, dev->irq_mask);
4428 
4429 	/* Start maintenance work */
4430 	b43_periodic_tasks_setup(dev);
4431 
4432 	b43_leds_init(dev);
4433 
4434 	b43dbg(dev->wl, "Wireless interface started\n");
4435 out:
4436 	return err;
4437 }
4438 
4439 static char *b43_phy_name(struct b43_wldev *dev, u8 phy_type)
4440 {
4441 	switch (phy_type) {
4442 	case B43_PHYTYPE_A:
4443 		return "A";
4444 	case B43_PHYTYPE_B:
4445 		return "B";
4446 	case B43_PHYTYPE_G:
4447 		return "G";
4448 	case B43_PHYTYPE_N:
4449 		return "N";
4450 	case B43_PHYTYPE_LP:
4451 		return "LP";
4452 	case B43_PHYTYPE_SSLPN:
4453 		return "SSLPN";
4454 	case B43_PHYTYPE_HT:
4455 		return "HT";
4456 	case B43_PHYTYPE_LCN:
4457 		return "LCN";
4458 	case B43_PHYTYPE_LCNXN:
4459 		return "LCNXN";
4460 	case B43_PHYTYPE_LCN40:
4461 		return "LCN40";
4462 	case B43_PHYTYPE_AC:
4463 		return "AC";
4464 	}
4465 	return "UNKNOWN";
4466 }
4467 
4468 /* Get PHY and RADIO versioning numbers */
4469 static int b43_phy_versioning(struct b43_wldev *dev)
4470 {
4471 	struct b43_phy *phy = &dev->phy;
4472 	const u8 core_rev = dev->dev->core_rev;
4473 	u32 tmp;
4474 	u8 analog_type;
4475 	u8 phy_type;
4476 	u8 phy_rev;
4477 	u16 radio_manuf;
4478 	u16 radio_id;
4479 	u16 radio_rev;
4480 	u8 radio_ver;
4481 	int unsupported = 0;
4482 
4483 	/* Get PHY versioning */
4484 	tmp = b43_read16(dev, B43_MMIO_PHY_VER);
4485 	analog_type = (tmp & B43_PHYVER_ANALOG) >> B43_PHYVER_ANALOG_SHIFT;
4486 	phy_type = (tmp & B43_PHYVER_TYPE) >> B43_PHYVER_TYPE_SHIFT;
4487 	phy_rev = (tmp & B43_PHYVER_VERSION);
4488 
4489 	/* LCNXN is continuation of N which run out of revisions */
4490 	if (phy_type == B43_PHYTYPE_LCNXN) {
4491 		phy_type = B43_PHYTYPE_N;
4492 		phy_rev += 16;
4493 	}
4494 
4495 	switch (phy_type) {
4496 #ifdef CONFIG_B43_PHY_G
4497 	case B43_PHYTYPE_G:
4498 		if (phy_rev > 9)
4499 			unsupported = 1;
4500 		break;
4501 #endif
4502 #ifdef CONFIG_B43_PHY_N
4503 	case B43_PHYTYPE_N:
4504 		if (phy_rev >= 19)
4505 			unsupported = 1;
4506 		break;
4507 #endif
4508 #ifdef CONFIG_B43_PHY_LP
4509 	case B43_PHYTYPE_LP:
4510 		if (phy_rev > 2)
4511 			unsupported = 1;
4512 		break;
4513 #endif
4514 #ifdef CONFIG_B43_PHY_HT
4515 	case B43_PHYTYPE_HT:
4516 		if (phy_rev > 1)
4517 			unsupported = 1;
4518 		break;
4519 #endif
4520 #ifdef CONFIG_B43_PHY_LCN
4521 	case B43_PHYTYPE_LCN:
4522 		if (phy_rev > 1)
4523 			unsupported = 1;
4524 		break;
4525 #endif
4526 #ifdef CONFIG_B43_PHY_AC
4527 	case B43_PHYTYPE_AC:
4528 		if (phy_rev > 1)
4529 			unsupported = 1;
4530 		break;
4531 #endif
4532 	default:
4533 		unsupported = 1;
4534 	}
4535 	if (unsupported) {
4536 		b43err(dev->wl, "FOUND UNSUPPORTED PHY (Analog %u, Type %d (%s), Revision %u)\n",
4537 		       analog_type, phy_type, b43_phy_name(dev, phy_type),
4538 		       phy_rev);
4539 		return -EOPNOTSUPP;
4540 	}
4541 	b43info(dev->wl, "Found PHY: Analog %u, Type %d (%s), Revision %u\n",
4542 		analog_type, phy_type, b43_phy_name(dev, phy_type), phy_rev);
4543 
4544 	/* Get RADIO versioning */
4545 	if (core_rev == 40 || core_rev == 42) {
4546 		radio_manuf = 0x17F;
4547 
4548 		b43_write16f(dev, B43_MMIO_RADIO24_CONTROL, 0);
4549 		radio_rev = b43_read16(dev, B43_MMIO_RADIO24_DATA);
4550 
4551 		b43_write16f(dev, B43_MMIO_RADIO24_CONTROL, 1);
4552 		radio_id = b43_read16(dev, B43_MMIO_RADIO24_DATA);
4553 
4554 		radio_ver = 0; /* Is there version somewhere? */
4555 	} else if (core_rev >= 24) {
4556 		u16 radio24[3];
4557 
4558 		for (tmp = 0; tmp < 3; tmp++) {
4559 			b43_write16f(dev, B43_MMIO_RADIO24_CONTROL, tmp);
4560 			radio24[tmp] = b43_read16(dev, B43_MMIO_RADIO24_DATA);
4561 		}
4562 
4563 		radio_manuf = 0x17F;
4564 		radio_id = (radio24[2] << 8) | radio24[1];
4565 		radio_rev = (radio24[0] & 0xF);
4566 		radio_ver = (radio24[0] & 0xF0) >> 4;
4567 	} else {
4568 		if (dev->dev->chip_id == 0x4317) {
4569 			if (dev->dev->chip_rev == 0)
4570 				tmp = 0x3205017F;
4571 			else if (dev->dev->chip_rev == 1)
4572 				tmp = 0x4205017F;
4573 			else
4574 				tmp = 0x5205017F;
4575 		} else {
4576 			b43_write16f(dev, B43_MMIO_RADIO_CONTROL,
4577 				     B43_RADIOCTL_ID);
4578 			tmp = b43_read16(dev, B43_MMIO_RADIO_DATA_LOW);
4579 			b43_write16f(dev, B43_MMIO_RADIO_CONTROL,
4580 				     B43_RADIOCTL_ID);
4581 			tmp |= b43_read16(dev, B43_MMIO_RADIO_DATA_HIGH) << 16;
4582 		}
4583 		radio_manuf = (tmp & 0x00000FFF);
4584 		radio_id = (tmp & 0x0FFFF000) >> 12;
4585 		radio_rev = (tmp & 0xF0000000) >> 28;
4586 		radio_ver = 0; /* Probably not available on old hw */
4587 	}
4588 
4589 	if (radio_manuf != 0x17F /* Broadcom */)
4590 		unsupported = 1;
4591 	switch (phy_type) {
4592 	case B43_PHYTYPE_B:
4593 		if ((radio_id & 0xFFF0) != 0x2050)
4594 			unsupported = 1;
4595 		break;
4596 	case B43_PHYTYPE_G:
4597 		if (radio_id != 0x2050)
4598 			unsupported = 1;
4599 		break;
4600 	case B43_PHYTYPE_N:
4601 		if (radio_id != 0x2055 && radio_id != 0x2056 &&
4602 		    radio_id != 0x2057)
4603 			unsupported = 1;
4604 		if (radio_id == 0x2057 &&
4605 		    !(radio_rev == 9 || radio_rev == 14))
4606 			unsupported = 1;
4607 		break;
4608 	case B43_PHYTYPE_LP:
4609 		if (radio_id != 0x2062 && radio_id != 0x2063)
4610 			unsupported = 1;
4611 		break;
4612 	case B43_PHYTYPE_HT:
4613 		if (radio_id != 0x2059)
4614 			unsupported = 1;
4615 		break;
4616 	case B43_PHYTYPE_LCN:
4617 		if (radio_id != 0x2064)
4618 			unsupported = 1;
4619 		break;
4620 	case B43_PHYTYPE_AC:
4621 		if (radio_id != 0x2069)
4622 			unsupported = 1;
4623 		break;
4624 	default:
4625 		B43_WARN_ON(1);
4626 	}
4627 	if (unsupported) {
4628 		b43err(dev->wl,
4629 		       "FOUND UNSUPPORTED RADIO (Manuf 0x%X, ID 0x%X, Revision %u, Version %u)\n",
4630 		       radio_manuf, radio_id, radio_rev, radio_ver);
4631 		return -EOPNOTSUPP;
4632 	}
4633 	b43info(dev->wl,
4634 		"Found Radio: Manuf 0x%X, ID 0x%X, Revision %u, Version %u\n",
4635 		radio_manuf, radio_id, radio_rev, radio_ver);
4636 
4637 	/* FIXME: b43 treats "id" as "ver" and ignores the real "ver" */
4638 	phy->radio_manuf = radio_manuf;
4639 	phy->radio_ver = radio_id;
4640 	phy->radio_rev = radio_rev;
4641 
4642 	phy->analog = analog_type;
4643 	phy->type = phy_type;
4644 	phy->rev = phy_rev;
4645 
4646 	return 0;
4647 }
4648 
4649 static void setup_struct_phy_for_init(struct b43_wldev *dev,
4650 				      struct b43_phy *phy)
4651 {
4652 	phy->hardware_power_control = !!modparam_hwpctl;
4653 	phy->next_txpwr_check_time = jiffies;
4654 	/* PHY TX errors counter. */
4655 	atomic_set(&phy->txerr_cnt, B43_PHY_TX_BADNESS_LIMIT);
4656 
4657 #if B43_DEBUG
4658 	phy->phy_locked = false;
4659 	phy->radio_locked = false;
4660 #endif
4661 }
4662 
4663 static void setup_struct_wldev_for_init(struct b43_wldev *dev)
4664 {
4665 	dev->dfq_valid = false;
4666 
4667 	/* Assume the radio is enabled. If it's not enabled, the state will
4668 	 * immediately get fixed on the first periodic work run. */
4669 	dev->radio_hw_enable = true;
4670 
4671 	/* Stats */
4672 	memset(&dev->stats, 0, sizeof(dev->stats));
4673 
4674 	setup_struct_phy_for_init(dev, &dev->phy);
4675 
4676 	/* IRQ related flags */
4677 	dev->irq_reason = 0;
4678 	memset(dev->dma_reason, 0, sizeof(dev->dma_reason));
4679 	dev->irq_mask = B43_IRQ_MASKTEMPLATE;
4680 	if (b43_modparam_verbose < B43_VERBOSITY_DEBUG)
4681 		dev->irq_mask &= ~B43_IRQ_PHY_TXERR;
4682 
4683 	dev->mac_suspended = 1;
4684 
4685 	/* Noise calculation context */
4686 	memset(&dev->noisecalc, 0, sizeof(dev->noisecalc));
4687 }
4688 
4689 static void b43_bluetooth_coext_enable(struct b43_wldev *dev)
4690 {
4691 	struct ssb_sprom *sprom = dev->dev->bus_sprom;
4692 	u64 hf;
4693 
4694 	if (!modparam_btcoex)
4695 		return;
4696 	if (!(sprom->boardflags_lo & B43_BFL_BTCOEXIST))
4697 		return;
4698 	if (dev->phy.type != B43_PHYTYPE_B && !dev->phy.gmode)
4699 		return;
4700 
4701 	hf = b43_hf_read(dev);
4702 	if (sprom->boardflags_lo & B43_BFL_BTCMOD)
4703 		hf |= B43_HF_BTCOEXALT;
4704 	else
4705 		hf |= B43_HF_BTCOEX;
4706 	b43_hf_write(dev, hf);
4707 }
4708 
4709 static void b43_bluetooth_coext_disable(struct b43_wldev *dev)
4710 {
4711 	if (!modparam_btcoex)
4712 		return;
4713 	//TODO
4714 }
4715 
4716 static void b43_imcfglo_timeouts_workaround(struct b43_wldev *dev)
4717 {
4718 	struct ssb_bus *bus;
4719 	u32 tmp;
4720 
4721 #ifdef CONFIG_B43_SSB
4722 	if (dev->dev->bus_type != B43_BUS_SSB)
4723 		return;
4724 #else
4725 	return;
4726 #endif
4727 
4728 	bus = dev->dev->sdev->bus;
4729 
4730 	if ((bus->chip_id == 0x4311 && bus->chip_rev == 2) ||
4731 	    (bus->chip_id == 0x4312)) {
4732 		tmp = ssb_read32(dev->dev->sdev, SSB_IMCFGLO);
4733 		tmp &= ~SSB_IMCFGLO_REQTO;
4734 		tmp &= ~SSB_IMCFGLO_SERTO;
4735 		tmp |= 0x3;
4736 		ssb_write32(dev->dev->sdev, SSB_IMCFGLO, tmp);
4737 		ssb_commit_settings(bus);
4738 	}
4739 }
4740 
4741 static void b43_set_synth_pu_delay(struct b43_wldev *dev, bool idle)
4742 {
4743 	u16 pu_delay;
4744 
4745 	/* The time value is in microseconds. */
4746 	pu_delay = 1050;
4747 	if (b43_is_mode(dev->wl, NL80211_IFTYPE_ADHOC) || idle)
4748 		pu_delay = 500;
4749 	if ((dev->phy.radio_ver == 0x2050) && (dev->phy.radio_rev == 8))
4750 		pu_delay = max(pu_delay, (u16)2400);
4751 
4752 	b43_shm_write16(dev, B43_SHM_SHARED, B43_SHM_SH_SPUWKUP, pu_delay);
4753 }
4754 
4755 /* Set the TSF CFP pre-TargetBeaconTransmissionTime. */
4756 static void b43_set_pretbtt(struct b43_wldev *dev)
4757 {
4758 	u16 pretbtt;
4759 
4760 	/* The time value is in microseconds. */
4761 	if (b43_is_mode(dev->wl, NL80211_IFTYPE_ADHOC))
4762 		pretbtt = 2;
4763 	else
4764 		pretbtt = 250;
4765 	b43_shm_write16(dev, B43_SHM_SHARED, B43_SHM_SH_PRETBTT, pretbtt);
4766 	b43_write16(dev, B43_MMIO_TSF_CFP_PRETBTT, pretbtt);
4767 }
4768 
4769 /* Shutdown a wireless core */
4770 /* Locking: wl->mutex */
4771 static void b43_wireless_core_exit(struct b43_wldev *dev)
4772 {
4773 	B43_WARN_ON(dev && b43_status(dev) > B43_STAT_INITIALIZED);
4774 	if (!dev || b43_status(dev) != B43_STAT_INITIALIZED)
4775 		return;
4776 
4777 	b43_set_status(dev, B43_STAT_UNINIT);
4778 
4779 	/* Stop the microcode PSM. */
4780 	b43_maskset32(dev, B43_MMIO_MACCTL, ~B43_MACCTL_PSM_RUN,
4781 		      B43_MACCTL_PSM_JMP0);
4782 
4783 	switch (dev->dev->bus_type) {
4784 #ifdef CONFIG_B43_BCMA
4785 	case B43_BUS_BCMA:
4786 		bcma_host_pci_down(dev->dev->bdev->bus);
4787 		break;
4788 #endif
4789 #ifdef CONFIG_B43_SSB
4790 	case B43_BUS_SSB:
4791 		/* TODO */
4792 		break;
4793 #endif
4794 	}
4795 
4796 	b43_dma_free(dev);
4797 	b43_pio_free(dev);
4798 	b43_chip_exit(dev);
4799 	dev->phy.ops->switch_analog(dev, 0);
4800 	if (dev->wl->current_beacon) {
4801 		dev_kfree_skb_any(dev->wl->current_beacon);
4802 		dev->wl->current_beacon = NULL;
4803 	}
4804 
4805 	b43_device_disable(dev, 0);
4806 	b43_bus_may_powerdown(dev);
4807 }
4808 
4809 /* Initialize a wireless core */
4810 static int b43_wireless_core_init(struct b43_wldev *dev)
4811 {
4812 	struct ssb_sprom *sprom = dev->dev->bus_sprom;
4813 	struct b43_phy *phy = &dev->phy;
4814 	int err;
4815 	u64 hf;
4816 
4817 	B43_WARN_ON(b43_status(dev) != B43_STAT_UNINIT);
4818 
4819 	err = b43_bus_powerup(dev, 0);
4820 	if (err)
4821 		goto out;
4822 	if (!b43_device_is_enabled(dev))
4823 		b43_wireless_core_reset(dev, phy->gmode);
4824 
4825 	/* Reset all data structures. */
4826 	setup_struct_wldev_for_init(dev);
4827 	phy->ops->prepare_structs(dev);
4828 
4829 	/* Enable IRQ routing to this device. */
4830 	switch (dev->dev->bus_type) {
4831 #ifdef CONFIG_B43_BCMA
4832 	case B43_BUS_BCMA:
4833 		bcma_host_pci_irq_ctl(dev->dev->bdev->bus,
4834 				      dev->dev->bdev, true);
4835 		bcma_host_pci_up(dev->dev->bdev->bus);
4836 		break;
4837 #endif
4838 #ifdef CONFIG_B43_SSB
4839 	case B43_BUS_SSB:
4840 		ssb_pcicore_dev_irqvecs_enable(&dev->dev->sdev->bus->pcicore,
4841 					       dev->dev->sdev);
4842 		break;
4843 #endif
4844 	}
4845 
4846 	b43_imcfglo_timeouts_workaround(dev);
4847 	b43_bluetooth_coext_disable(dev);
4848 	if (phy->ops->prepare_hardware) {
4849 		err = phy->ops->prepare_hardware(dev);
4850 		if (err)
4851 			goto err_busdown;
4852 	}
4853 	err = b43_chip_init(dev);
4854 	if (err)
4855 		goto err_busdown;
4856 	b43_shm_write16(dev, B43_SHM_SHARED,
4857 			B43_SHM_SH_WLCOREREV, dev->dev->core_rev);
4858 	hf = b43_hf_read(dev);
4859 	if (phy->type == B43_PHYTYPE_G) {
4860 		hf |= B43_HF_SYMW;
4861 		if (phy->rev == 1)
4862 			hf |= B43_HF_GDCW;
4863 		if (sprom->boardflags_lo & B43_BFL_PACTRL)
4864 			hf |= B43_HF_OFDMPABOOST;
4865 	}
4866 	if (phy->radio_ver == 0x2050) {
4867 		if (phy->radio_rev == 6)
4868 			hf |= B43_HF_4318TSSI;
4869 		if (phy->radio_rev < 6)
4870 			hf |= B43_HF_VCORECALC;
4871 	}
4872 	if (sprom->boardflags_lo & B43_BFL_XTAL_NOSLOW)
4873 		hf |= B43_HF_DSCRQ; /* Disable slowclock requests from ucode. */
4874 #if defined(CONFIG_B43_SSB) && defined(CONFIG_SSB_DRIVER_PCICORE)
4875 	if (dev->dev->bus_type == B43_BUS_SSB &&
4876 	    dev->dev->sdev->bus->bustype == SSB_BUSTYPE_PCI &&
4877 	    dev->dev->sdev->bus->pcicore.dev->id.revision <= 10)
4878 		hf |= B43_HF_PCISCW; /* PCI slow clock workaround. */
4879 #endif
4880 	hf &= ~B43_HF_SKCFPUP;
4881 	b43_hf_write(dev, hf);
4882 
4883 	/* tell the ucode MAC capabilities */
4884 	if (dev->dev->core_rev >= 13) {
4885 		u32 mac_hw_cap = b43_read32(dev, B43_MMIO_MAC_HW_CAP);
4886 
4887 		b43_shm_write16(dev, B43_SHM_SHARED, B43_SHM_SH_MACHW_L,
4888 				mac_hw_cap & 0xffff);
4889 		b43_shm_write16(dev, B43_SHM_SHARED, B43_SHM_SH_MACHW_H,
4890 				(mac_hw_cap >> 16) & 0xffff);
4891 	}
4892 
4893 	b43_set_retry_limits(dev, B43_DEFAULT_SHORT_RETRY_LIMIT,
4894 			     B43_DEFAULT_LONG_RETRY_LIMIT);
4895 	b43_shm_write16(dev, B43_SHM_SHARED, B43_SHM_SH_SFFBLIM, 3);
4896 	b43_shm_write16(dev, B43_SHM_SHARED, B43_SHM_SH_LFFBLIM, 2);
4897 
4898 	/* Disable sending probe responses from firmware.
4899 	 * Setting the MaxTime to one usec will always trigger
4900 	 * a timeout, so we never send any probe resp.
4901 	 * A timeout of zero is infinite. */
4902 	b43_shm_write16(dev, B43_SHM_SHARED, B43_SHM_SH_PRMAXTIME, 1);
4903 
4904 	b43_rate_memory_init(dev);
4905 	b43_set_phytxctl_defaults(dev);
4906 
4907 	/* Minimum Contention Window */
4908 	if (phy->type == B43_PHYTYPE_B)
4909 		b43_shm_write16(dev, B43_SHM_SCRATCH, B43_SHM_SC_MINCONT, 0x1F);
4910 	else
4911 		b43_shm_write16(dev, B43_SHM_SCRATCH, B43_SHM_SC_MINCONT, 0xF);
4912 	/* Maximum Contention Window */
4913 	b43_shm_write16(dev, B43_SHM_SCRATCH, B43_SHM_SC_MAXCONT, 0x3FF);
4914 
4915 	/* write phytype and phyvers */
4916 	b43_shm_write16(dev, B43_SHM_SHARED, B43_SHM_SH_PHYTYPE, phy->type);
4917 	b43_shm_write16(dev, B43_SHM_SHARED, B43_SHM_SH_PHYVER, phy->rev);
4918 
4919 	if (b43_bus_host_is_pcmcia(dev->dev) ||
4920 	    b43_bus_host_is_sdio(dev->dev)) {
4921 		dev->__using_pio_transfers = true;
4922 		err = b43_pio_init(dev);
4923 	} else if (dev->use_pio) {
4924 		b43warn(dev->wl, "Forced PIO by use_pio module parameter. "
4925 			"This should not be needed and will result in lower "
4926 			"performance.\n");
4927 		dev->__using_pio_transfers = true;
4928 		err = b43_pio_init(dev);
4929 	} else {
4930 		dev->__using_pio_transfers = false;
4931 		err = b43_dma_init(dev);
4932 	}
4933 	if (err)
4934 		goto err_chip_exit;
4935 	b43_qos_init(dev);
4936 	b43_set_synth_pu_delay(dev, 1);
4937 	b43_bluetooth_coext_enable(dev);
4938 
4939 	b43_bus_powerup(dev, !(sprom->boardflags_lo & B43_BFL_XTAL_NOSLOW));
4940 	b43_upload_card_macaddress(dev);
4941 	b43_security_init(dev);
4942 
4943 	ieee80211_wake_queues(dev->wl->hw);
4944 
4945 	b43_set_status(dev, B43_STAT_INITIALIZED);
4946 
4947 out:
4948 	return err;
4949 
4950 err_chip_exit:
4951 	b43_chip_exit(dev);
4952 err_busdown:
4953 	b43_bus_may_powerdown(dev);
4954 	B43_WARN_ON(b43_status(dev) != B43_STAT_UNINIT);
4955 	return err;
4956 }
4957 
4958 static int b43_op_add_interface(struct ieee80211_hw *hw,
4959 				struct ieee80211_vif *vif)
4960 {
4961 	struct b43_wl *wl = hw_to_b43_wl(hw);
4962 	struct b43_wldev *dev;
4963 	int err = -EOPNOTSUPP;
4964 
4965 	/* TODO: allow AP devices to coexist */
4966 
4967 	if (vif->type != NL80211_IFTYPE_AP &&
4968 	    vif->type != NL80211_IFTYPE_MESH_POINT &&
4969 	    vif->type != NL80211_IFTYPE_STATION &&
4970 	    vif->type != NL80211_IFTYPE_ADHOC)
4971 		return -EOPNOTSUPP;
4972 
4973 	mutex_lock(&wl->mutex);
4974 	if (wl->operating)
4975 		goto out_mutex_unlock;
4976 
4977 	b43dbg(wl, "Adding Interface type %d\n", vif->type);
4978 
4979 	dev = wl->current_dev;
4980 	wl->operating = true;
4981 	wl->vif = vif;
4982 	wl->if_type = vif->type;
4983 	memcpy(wl->mac_addr, vif->addr, ETH_ALEN);
4984 
4985 	b43_adjust_opmode(dev);
4986 	b43_set_pretbtt(dev);
4987 	b43_set_synth_pu_delay(dev, 0);
4988 	b43_upload_card_macaddress(dev);
4989 
4990 	err = 0;
4991  out_mutex_unlock:
4992 	mutex_unlock(&wl->mutex);
4993 
4994 	if (err == 0)
4995 		b43_op_bss_info_changed(hw, vif, &vif->bss_conf, ~0);
4996 
4997 	return err;
4998 }
4999 
5000 static void b43_op_remove_interface(struct ieee80211_hw *hw,
5001 				    struct ieee80211_vif *vif)
5002 {
5003 	struct b43_wl *wl = hw_to_b43_wl(hw);
5004 	struct b43_wldev *dev = wl->current_dev;
5005 
5006 	b43dbg(wl, "Removing Interface type %d\n", vif->type);
5007 
5008 	mutex_lock(&wl->mutex);
5009 
5010 	B43_WARN_ON(!wl->operating);
5011 	B43_WARN_ON(wl->vif != vif);
5012 	wl->vif = NULL;
5013 
5014 	wl->operating = false;
5015 
5016 	b43_adjust_opmode(dev);
5017 	eth_zero_addr(wl->mac_addr);
5018 	b43_upload_card_macaddress(dev);
5019 
5020 	mutex_unlock(&wl->mutex);
5021 }
5022 
5023 static int b43_op_start(struct ieee80211_hw *hw)
5024 {
5025 	struct b43_wl *wl = hw_to_b43_wl(hw);
5026 	struct b43_wldev *dev = wl->current_dev;
5027 	int did_init = 0;
5028 	int err = 0;
5029 
5030 	/* Kill all old instance specific information to make sure
5031 	 * the card won't use it in the short timeframe between start
5032 	 * and mac80211 reconfiguring it. */
5033 	eth_zero_addr(wl->bssid);
5034 	eth_zero_addr(wl->mac_addr);
5035 	wl->filter_flags = 0;
5036 	wl->radiotap_enabled = false;
5037 	b43_qos_clear(wl);
5038 	wl->beacon0_uploaded = false;
5039 	wl->beacon1_uploaded = false;
5040 	wl->beacon_templates_virgin = true;
5041 	wl->radio_enabled = true;
5042 
5043 	mutex_lock(&wl->mutex);
5044 
5045 	if (b43_status(dev) < B43_STAT_INITIALIZED) {
5046 		err = b43_wireless_core_init(dev);
5047 		if (err)
5048 			goto out_mutex_unlock;
5049 		did_init = 1;
5050 	}
5051 
5052 	if (b43_status(dev) < B43_STAT_STARTED) {
5053 		err = b43_wireless_core_start(dev);
5054 		if (err) {
5055 			if (did_init)
5056 				b43_wireless_core_exit(dev);
5057 			goto out_mutex_unlock;
5058 		}
5059 	}
5060 
5061 	/* XXX: only do if device doesn't support rfkill irq */
5062 	wiphy_rfkill_start_polling(hw->wiphy);
5063 
5064  out_mutex_unlock:
5065 	mutex_unlock(&wl->mutex);
5066 
5067 	/*
5068 	 * Configuration may have been overwritten during initialization.
5069 	 * Reload the configuration, but only if initialization was
5070 	 * successful. Reloading the configuration after a failed init
5071 	 * may hang the system.
5072 	 */
5073 	if (!err)
5074 		b43_op_config(hw, ~0);
5075 
5076 	return err;
5077 }
5078 
5079 static void b43_op_stop(struct ieee80211_hw *hw)
5080 {
5081 	struct b43_wl *wl = hw_to_b43_wl(hw);
5082 	struct b43_wldev *dev = wl->current_dev;
5083 
5084 	cancel_work_sync(&(wl->beacon_update_trigger));
5085 
5086 	if (!dev)
5087 		goto out;
5088 
5089 	mutex_lock(&wl->mutex);
5090 	if (b43_status(dev) >= B43_STAT_STARTED) {
5091 		dev = b43_wireless_core_stop(dev);
5092 		if (!dev)
5093 			goto out_unlock;
5094 	}
5095 	b43_wireless_core_exit(dev);
5096 	wl->radio_enabled = false;
5097 
5098 out_unlock:
5099 	mutex_unlock(&wl->mutex);
5100 out:
5101 	cancel_work_sync(&(wl->txpower_adjust_work));
5102 }
5103 
5104 static int b43_op_beacon_set_tim(struct ieee80211_hw *hw,
5105 				 struct ieee80211_sta *sta, bool set)
5106 {
5107 	struct b43_wl *wl = hw_to_b43_wl(hw);
5108 
5109 	b43_update_templates(wl);
5110 
5111 	return 0;
5112 }
5113 
5114 static void b43_op_sta_notify(struct ieee80211_hw *hw,
5115 			      struct ieee80211_vif *vif,
5116 			      enum sta_notify_cmd notify_cmd,
5117 			      struct ieee80211_sta *sta)
5118 {
5119 	struct b43_wl *wl = hw_to_b43_wl(hw);
5120 
5121 	B43_WARN_ON(!vif || wl->vif != vif);
5122 }
5123 
5124 static void b43_op_sw_scan_start_notifier(struct ieee80211_hw *hw,
5125 					  struct ieee80211_vif *vif,
5126 					  const u8 *mac_addr)
5127 {
5128 	struct b43_wl *wl = hw_to_b43_wl(hw);
5129 	struct b43_wldev *dev;
5130 
5131 	mutex_lock(&wl->mutex);
5132 	dev = wl->current_dev;
5133 	if (dev && (b43_status(dev) >= B43_STAT_INITIALIZED)) {
5134 		/* Disable CFP update during scan on other channels. */
5135 		b43_hf_write(dev, b43_hf_read(dev) | B43_HF_SKCFPUP);
5136 	}
5137 	mutex_unlock(&wl->mutex);
5138 }
5139 
5140 static void b43_op_sw_scan_complete_notifier(struct ieee80211_hw *hw,
5141 					     struct ieee80211_vif *vif)
5142 {
5143 	struct b43_wl *wl = hw_to_b43_wl(hw);
5144 	struct b43_wldev *dev;
5145 
5146 	mutex_lock(&wl->mutex);
5147 	dev = wl->current_dev;
5148 	if (dev && (b43_status(dev) >= B43_STAT_INITIALIZED)) {
5149 		/* Re-enable CFP update. */
5150 		b43_hf_write(dev, b43_hf_read(dev) & ~B43_HF_SKCFPUP);
5151 	}
5152 	mutex_unlock(&wl->mutex);
5153 }
5154 
5155 static int b43_op_get_survey(struct ieee80211_hw *hw, int idx,
5156 			     struct survey_info *survey)
5157 {
5158 	struct b43_wl *wl = hw_to_b43_wl(hw);
5159 	struct b43_wldev *dev = wl->current_dev;
5160 	struct ieee80211_conf *conf = &hw->conf;
5161 
5162 	if (idx != 0)
5163 		return -ENOENT;
5164 
5165 	survey->channel = conf->chandef.chan;
5166 	survey->filled = SURVEY_INFO_NOISE_DBM;
5167 	survey->noise = dev->stats.link_noise;
5168 
5169 	return 0;
5170 }
5171 
5172 static const struct ieee80211_ops b43_hw_ops = {
5173 	.tx			= b43_op_tx,
5174 	.wake_tx_queue		= ieee80211_handle_wake_tx_queue,
5175 	.conf_tx		= b43_op_conf_tx,
5176 	.add_interface		= b43_op_add_interface,
5177 	.remove_interface	= b43_op_remove_interface,
5178 	.config			= b43_op_config,
5179 	.bss_info_changed	= b43_op_bss_info_changed,
5180 	.configure_filter	= b43_op_configure_filter,
5181 	.set_key		= b43_op_set_key,
5182 	.update_tkip_key	= b43_op_update_tkip_key,
5183 	.get_stats		= b43_op_get_stats,
5184 	.get_tsf		= b43_op_get_tsf,
5185 	.set_tsf		= b43_op_set_tsf,
5186 	.start			= b43_op_start,
5187 	.stop			= b43_op_stop,
5188 	.set_tim		= b43_op_beacon_set_tim,
5189 	.sta_notify		= b43_op_sta_notify,
5190 	.sw_scan_start		= b43_op_sw_scan_start_notifier,
5191 	.sw_scan_complete	= b43_op_sw_scan_complete_notifier,
5192 	.get_survey		= b43_op_get_survey,
5193 	.rfkill_poll		= b43_rfkill_poll,
5194 };
5195 
5196 /* Hard-reset the chip. Do not call this directly.
5197  * Use b43_controller_restart()
5198  */
5199 static void b43_chip_reset(struct work_struct *work)
5200 {
5201 	struct b43_wldev *dev =
5202 	    container_of(work, struct b43_wldev, restart_work);
5203 	struct b43_wl *wl = dev->wl;
5204 	int err = 0;
5205 	int prev_status;
5206 
5207 	mutex_lock(&wl->mutex);
5208 
5209 	prev_status = b43_status(dev);
5210 	/* Bring the device down... */
5211 	if (prev_status >= B43_STAT_STARTED) {
5212 		dev = b43_wireless_core_stop(dev);
5213 		if (!dev) {
5214 			err = -ENODEV;
5215 			goto out;
5216 		}
5217 	}
5218 	if (prev_status >= B43_STAT_INITIALIZED)
5219 		b43_wireless_core_exit(dev);
5220 
5221 	/* ...and up again. */
5222 	if (prev_status >= B43_STAT_INITIALIZED) {
5223 		err = b43_wireless_core_init(dev);
5224 		if (err)
5225 			goto out;
5226 	}
5227 	if (prev_status >= B43_STAT_STARTED) {
5228 		err = b43_wireless_core_start(dev);
5229 		if (err) {
5230 			b43_wireless_core_exit(dev);
5231 			goto out;
5232 		}
5233 	}
5234 out:
5235 	if (err)
5236 		wl->current_dev = NULL; /* Failed to init the dev. */
5237 	mutex_unlock(&wl->mutex);
5238 
5239 	if (err) {
5240 		b43err(wl, "Controller restart FAILED\n");
5241 		return;
5242 	}
5243 
5244 	/* reload configuration */
5245 	b43_op_config(wl->hw, ~0);
5246 	if (wl->vif)
5247 		b43_op_bss_info_changed(wl->hw, wl->vif, &wl->vif->bss_conf, ~0);
5248 
5249 	b43info(wl, "Controller restarted\n");
5250 }
5251 
5252 static int b43_setup_bands(struct b43_wldev *dev,
5253 			   bool have_2ghz_phy, bool have_5ghz_phy)
5254 {
5255 	struct ieee80211_hw *hw = dev->wl->hw;
5256 	struct b43_phy *phy = &dev->phy;
5257 	bool limited_2g;
5258 	bool limited_5g;
5259 
5260 	/* We don't support all 2 GHz channels on some devices */
5261 	limited_2g = phy->radio_ver == 0x2057 &&
5262 		     (phy->radio_rev == 9 || phy->radio_rev == 14);
5263 	limited_5g = phy->radio_ver == 0x2057 &&
5264 		     phy->radio_rev == 9;
5265 
5266 	if (have_2ghz_phy)
5267 		hw->wiphy->bands[NL80211_BAND_2GHZ] = limited_2g ?
5268 			&b43_band_2ghz_limited : &b43_band_2GHz;
5269 	if (dev->phy.type == B43_PHYTYPE_N) {
5270 		if (have_5ghz_phy)
5271 			hw->wiphy->bands[NL80211_BAND_5GHZ] = limited_5g ?
5272 				&b43_band_5GHz_nphy_limited :
5273 				&b43_band_5GHz_nphy;
5274 	} else {
5275 		if (have_5ghz_phy)
5276 			hw->wiphy->bands[NL80211_BAND_5GHZ] = &b43_band_5GHz_aphy;
5277 	}
5278 
5279 	dev->phy.supports_2ghz = have_2ghz_phy;
5280 	dev->phy.supports_5ghz = have_5ghz_phy;
5281 
5282 	return 0;
5283 }
5284 
5285 static void b43_wireless_core_detach(struct b43_wldev *dev)
5286 {
5287 	/* We release firmware that late to not be required to re-request
5288 	 * is all the time when we reinit the core. */
5289 	b43_release_firmware(dev);
5290 	b43_phy_free(dev);
5291 }
5292 
5293 static void b43_supported_bands(struct b43_wldev *dev, bool *have_2ghz_phy,
5294 				bool *have_5ghz_phy)
5295 {
5296 	u16 dev_id = 0;
5297 
5298 #ifdef CONFIG_B43_BCMA
5299 	if (dev->dev->bus_type == B43_BUS_BCMA &&
5300 	    dev->dev->bdev->bus->hosttype == BCMA_HOSTTYPE_PCI)
5301 		dev_id = dev->dev->bdev->bus->host_pci->device;
5302 #endif
5303 #ifdef CONFIG_B43_SSB
5304 	if (dev->dev->bus_type == B43_BUS_SSB &&
5305 	    dev->dev->sdev->bus->bustype == SSB_BUSTYPE_PCI)
5306 		dev_id = dev->dev->sdev->bus->host_pci->device;
5307 #endif
5308 	/* Override with SPROM value if available */
5309 	if (dev->dev->bus_sprom->dev_id)
5310 		dev_id = dev->dev->bus_sprom->dev_id;
5311 
5312 	/* Note: below IDs can be "virtual" (not maching e.g. real PCI ID) */
5313 	switch (dev_id) {
5314 	case 0x4324: /* BCM4306 */
5315 	case 0x4312: /* BCM4311 */
5316 	case 0x4319: /* BCM4318 */
5317 	case 0x4328: /* BCM4321 */
5318 	case 0x432b: /* BCM4322 */
5319 	case 0x4350: /* BCM43222 */
5320 	case 0x4353: /* BCM43224 */
5321 	case 0x0576: /* BCM43224 */
5322 	case 0x435f: /* BCM6362 */
5323 	case 0x4331: /* BCM4331 */
5324 	case 0x4359: /* BCM43228 */
5325 	case 0x43a0: /* BCM4360 */
5326 	case 0x43b1: /* BCM4352 */
5327 		/* Dual band devices */
5328 		*have_2ghz_phy = true;
5329 		*have_5ghz_phy = true;
5330 		return;
5331 	case 0x4321: /* BCM4306 */
5332 		/* There are 14e4:4321 PCI devs with 2.4 GHz BCM4321 (N-PHY) */
5333 		if (dev->phy.type != B43_PHYTYPE_G)
5334 			break;
5335 		fallthrough;
5336 	case 0x4313: /* BCM4311 */
5337 	case 0x431a: /* BCM4318 */
5338 	case 0x432a: /* BCM4321 */
5339 	case 0x432d: /* BCM4322 */
5340 	case 0x4352: /* BCM43222 */
5341 	case 0x435a: /* BCM43228 */
5342 	case 0x4333: /* BCM4331 */
5343 	case 0x43a2: /* BCM4360 */
5344 	case 0x43b3: /* BCM4352 */
5345 		/* 5 GHz only devices */
5346 		*have_2ghz_phy = false;
5347 		*have_5ghz_phy = true;
5348 		return;
5349 	}
5350 
5351 	/* As a fallback, try to guess using PHY type */
5352 	switch (dev->phy.type) {
5353 	case B43_PHYTYPE_G:
5354 	case B43_PHYTYPE_N:
5355 	case B43_PHYTYPE_LP:
5356 	case B43_PHYTYPE_HT:
5357 	case B43_PHYTYPE_LCN:
5358 		*have_2ghz_phy = true;
5359 		*have_5ghz_phy = false;
5360 		return;
5361 	}
5362 
5363 	B43_WARN_ON(1);
5364 }
5365 
5366 static int b43_wireless_core_attach(struct b43_wldev *dev)
5367 {
5368 	struct b43_wl *wl = dev->wl;
5369 	struct b43_phy *phy = &dev->phy;
5370 	int err;
5371 	u32 tmp;
5372 	bool have_2ghz_phy = false, have_5ghz_phy = false;
5373 
5374 	/* Do NOT do any device initialization here.
5375 	 * Do it in wireless_core_init() instead.
5376 	 * This function is for gathering basic information about the HW, only.
5377 	 * Also some structs may be set up here. But most likely you want to have
5378 	 * that in core_init(), too.
5379 	 */
5380 
5381 	err = b43_bus_powerup(dev, 0);
5382 	if (err) {
5383 		b43err(wl, "Bus powerup failed\n");
5384 		goto out;
5385 	}
5386 
5387 	phy->do_full_init = true;
5388 
5389 	/* Try to guess supported bands for the first init needs */
5390 	switch (dev->dev->bus_type) {
5391 #ifdef CONFIG_B43_BCMA
5392 	case B43_BUS_BCMA:
5393 		tmp = bcma_aread32(dev->dev->bdev, BCMA_IOST);
5394 		have_2ghz_phy = !!(tmp & B43_BCMA_IOST_2G_PHY);
5395 		have_5ghz_phy = !!(tmp & B43_BCMA_IOST_5G_PHY);
5396 		break;
5397 #endif
5398 #ifdef CONFIG_B43_SSB
5399 	case B43_BUS_SSB:
5400 		if (dev->dev->core_rev >= 5) {
5401 			tmp = ssb_read32(dev->dev->sdev, SSB_TMSHIGH);
5402 			have_2ghz_phy = !!(tmp & B43_TMSHIGH_HAVE_2GHZ_PHY);
5403 			have_5ghz_phy = !!(tmp & B43_TMSHIGH_HAVE_5GHZ_PHY);
5404 		} else
5405 			B43_WARN_ON(1);
5406 		break;
5407 #endif
5408 	}
5409 
5410 	dev->phy.gmode = have_2ghz_phy;
5411 	b43_wireless_core_reset(dev, dev->phy.gmode);
5412 
5413 	/* Get the PHY type. */
5414 	err = b43_phy_versioning(dev);
5415 	if (err)
5416 		goto err_powerdown;
5417 
5418 	/* Get real info about supported bands */
5419 	b43_supported_bands(dev, &have_2ghz_phy, &have_5ghz_phy);
5420 
5421 	/* We don't support 5 GHz on some PHYs yet */
5422 	if (have_5ghz_phy) {
5423 		switch (dev->phy.type) {
5424 		case B43_PHYTYPE_G:
5425 		case B43_PHYTYPE_LP:
5426 		case B43_PHYTYPE_HT:
5427 			b43warn(wl, "5 GHz band is unsupported on this PHY\n");
5428 			have_5ghz_phy = false;
5429 		}
5430 	}
5431 
5432 	if (!have_2ghz_phy && !have_5ghz_phy) {
5433 		b43err(wl, "b43 can't support any band on this device\n");
5434 		err = -EOPNOTSUPP;
5435 		goto err_powerdown;
5436 	}
5437 
5438 	err = b43_phy_allocate(dev);
5439 	if (err)
5440 		goto err_powerdown;
5441 
5442 	dev->phy.gmode = have_2ghz_phy;
5443 	b43_wireless_core_reset(dev, dev->phy.gmode);
5444 
5445 	err = b43_validate_chipaccess(dev);
5446 	if (err)
5447 		goto err_phy_free;
5448 	err = b43_setup_bands(dev, have_2ghz_phy, have_5ghz_phy);
5449 	if (err)
5450 		goto err_phy_free;
5451 
5452 	/* Now set some default "current_dev" */
5453 	if (!wl->current_dev)
5454 		wl->current_dev = dev;
5455 	INIT_WORK(&dev->restart_work, b43_chip_reset);
5456 
5457 	dev->phy.ops->switch_analog(dev, 0);
5458 	b43_device_disable(dev, 0);
5459 	b43_bus_may_powerdown(dev);
5460 
5461 out:
5462 	return err;
5463 
5464 err_phy_free:
5465 	b43_phy_free(dev);
5466 err_powerdown:
5467 	b43_bus_may_powerdown(dev);
5468 	return err;
5469 }
5470 
5471 static void b43_one_core_detach(struct b43_bus_dev *dev)
5472 {
5473 	struct b43_wldev *wldev;
5474 
5475 	/* Do not cancel ieee80211-workqueue based work here.
5476 	 * See comment in b43_remove(). */
5477 
5478 	wldev = b43_bus_get_wldev(dev);
5479 	b43_debugfs_remove_device(wldev);
5480 	b43_wireless_core_detach(wldev);
5481 	list_del(&wldev->list);
5482 	b43_bus_set_wldev(dev, NULL);
5483 	kfree(wldev);
5484 }
5485 
5486 static int b43_one_core_attach(struct b43_bus_dev *dev, struct b43_wl *wl)
5487 {
5488 	struct b43_wldev *wldev;
5489 	int err = -ENOMEM;
5490 
5491 	wldev = kzalloc(sizeof(*wldev), GFP_KERNEL);
5492 	if (!wldev)
5493 		goto out;
5494 
5495 	wldev->use_pio = b43_modparam_pio;
5496 	wldev->dev = dev;
5497 	wldev->wl = wl;
5498 	b43_set_status(wldev, B43_STAT_UNINIT);
5499 	wldev->bad_frames_preempt = modparam_bad_frames_preempt;
5500 	INIT_LIST_HEAD(&wldev->list);
5501 
5502 	err = b43_wireless_core_attach(wldev);
5503 	if (err)
5504 		goto err_kfree_wldev;
5505 
5506 	b43_bus_set_wldev(dev, wldev);
5507 	b43_debugfs_add_device(wldev);
5508 
5509       out:
5510 	return err;
5511 
5512       err_kfree_wldev:
5513 	kfree(wldev);
5514 	return err;
5515 }
5516 
5517 #define IS_PDEV(pdev, _vendor, _device, _subvendor, _subdevice)		( \
5518 	(pdev->vendor == PCI_VENDOR_ID_##_vendor) &&			\
5519 	(pdev->device == _device) &&					\
5520 	(pdev->subsystem_vendor == PCI_VENDOR_ID_##_subvendor) &&	\
5521 	(pdev->subsystem_device == _subdevice)				)
5522 
5523 #ifdef CONFIG_B43_SSB
5524 static void b43_sprom_fixup(struct ssb_bus *bus)
5525 {
5526 	struct pci_dev *pdev;
5527 
5528 	/* boardflags workarounds */
5529 	if (bus->boardinfo.vendor == SSB_BOARDVENDOR_DELL &&
5530 	    bus->chip_id == 0x4301 && bus->sprom.board_rev == 0x74)
5531 		bus->sprom.boardflags_lo |= B43_BFL_BTCOEXIST;
5532 	if (bus->boardinfo.vendor == PCI_VENDOR_ID_APPLE &&
5533 	    bus->boardinfo.type == 0x4E && bus->sprom.board_rev > 0x40)
5534 		bus->sprom.boardflags_lo |= B43_BFL_PACTRL;
5535 	if (bus->bustype == SSB_BUSTYPE_PCI) {
5536 		pdev = bus->host_pci;
5537 		if (IS_PDEV(pdev, BROADCOM, 0x4318, ASUSTEK, 0x100F) ||
5538 		    IS_PDEV(pdev, BROADCOM, 0x4320,    DELL, 0x0003) ||
5539 		    IS_PDEV(pdev, BROADCOM, 0x4320,      HP, 0x12f8) ||
5540 		    IS_PDEV(pdev, BROADCOM, 0x4320, LINKSYS, 0x0015) ||
5541 		    IS_PDEV(pdev, BROADCOM, 0x4320, LINKSYS, 0x0014) ||
5542 		    IS_PDEV(pdev, BROADCOM, 0x4320, LINKSYS, 0x0013) ||
5543 		    IS_PDEV(pdev, BROADCOM, 0x4320, MOTOROLA, 0x7010))
5544 			bus->sprom.boardflags_lo &= ~B43_BFL_BTCOEXIST;
5545 	}
5546 }
5547 
5548 static void b43_wireless_exit(struct b43_bus_dev *dev, struct b43_wl *wl)
5549 {
5550 	struct ieee80211_hw *hw = wl->hw;
5551 
5552 	ssb_set_devtypedata(dev->sdev, NULL);
5553 	ieee80211_free_hw(hw);
5554 }
5555 #endif
5556 
5557 static struct b43_wl *b43_wireless_init(struct b43_bus_dev *dev)
5558 {
5559 	struct ssb_sprom *sprom = dev->bus_sprom;
5560 	struct ieee80211_hw *hw;
5561 	struct b43_wl *wl;
5562 	char chip_name[6];
5563 	int queue_num;
5564 
5565 	hw = ieee80211_alloc_hw(sizeof(*wl), &b43_hw_ops);
5566 	if (!hw) {
5567 		b43err(NULL, "Could not allocate ieee80211 device\n");
5568 		return ERR_PTR(-ENOMEM);
5569 	}
5570 	wl = hw_to_b43_wl(hw);
5571 
5572 	/* fill hw info */
5573 	ieee80211_hw_set(hw, RX_INCLUDES_FCS);
5574 	ieee80211_hw_set(hw, SIGNAL_DBM);
5575 	ieee80211_hw_set(hw, MFP_CAPABLE);
5576 	hw->wiphy->interface_modes =
5577 		BIT(NL80211_IFTYPE_AP) |
5578 		BIT(NL80211_IFTYPE_MESH_POINT) |
5579 		BIT(NL80211_IFTYPE_STATION) |
5580 		BIT(NL80211_IFTYPE_ADHOC);
5581 
5582 	hw->wiphy->flags |= WIPHY_FLAG_IBSS_RSN;
5583 
5584 	wiphy_ext_feature_set(hw->wiphy, NL80211_EXT_FEATURE_CQM_RSSI_LIST);
5585 
5586 	wl->hw_registered = false;
5587 	hw->max_rates = 2;
5588 	SET_IEEE80211_DEV(hw, dev->dev);
5589 	if (is_valid_ether_addr(sprom->et1mac))
5590 		SET_IEEE80211_PERM_ADDR(hw, sprom->et1mac);
5591 	else
5592 		SET_IEEE80211_PERM_ADDR(hw, sprom->il0mac);
5593 
5594 	/* Initialize struct b43_wl */
5595 	wl->hw = hw;
5596 	mutex_init(&wl->mutex);
5597 	spin_lock_init(&wl->hardirq_lock);
5598 	spin_lock_init(&wl->beacon_lock);
5599 	INIT_WORK(&wl->beacon_update_trigger, b43_beacon_update_trigger_work);
5600 	INIT_WORK(&wl->txpower_adjust_work, b43_phy_txpower_adjust_work);
5601 	INIT_WORK(&wl->tx_work, b43_tx_work);
5602 
5603 	/* Initialize queues and flags. */
5604 	for (queue_num = 0; queue_num < B43_QOS_QUEUE_NUM; queue_num++) {
5605 		skb_queue_head_init(&wl->tx_queue[queue_num]);
5606 		wl->tx_queue_stopped[queue_num] = false;
5607 	}
5608 
5609 	snprintf(chip_name, ARRAY_SIZE(chip_name),
5610 		 (dev->chip_id > 0x9999) ? "%d" : "%04X", dev->chip_id);
5611 	b43info(wl, "Broadcom %s WLAN found (core revision %u)\n", chip_name,
5612 		dev->core_rev);
5613 	return wl;
5614 }
5615 
5616 #ifdef CONFIG_B43_BCMA
5617 static int b43_bcma_probe(struct bcma_device *core)
5618 {
5619 	struct b43_bus_dev *dev;
5620 	struct b43_wl *wl;
5621 	int err;
5622 
5623 	if (!modparam_allhwsupport &&
5624 	    (core->id.rev == 0x17 || core->id.rev == 0x18)) {
5625 		pr_err("Support for cores revisions 0x17 and 0x18 disabled by module param allhwsupport=0. Try b43.allhwsupport=1\n");
5626 		return -ENOTSUPP;
5627 	}
5628 
5629 	dev = b43_bus_dev_bcma_init(core);
5630 	if (!dev)
5631 		return -ENODEV;
5632 
5633 	wl = b43_wireless_init(dev);
5634 	if (IS_ERR(wl)) {
5635 		err = PTR_ERR(wl);
5636 		goto bcma_out;
5637 	}
5638 
5639 	err = b43_one_core_attach(dev, wl);
5640 	if (err)
5641 		goto bcma_err_wireless_exit;
5642 
5643 	/* setup and start work to load firmware */
5644 	INIT_WORK(&wl->firmware_load, b43_request_firmware);
5645 	schedule_work(&wl->firmware_load);
5646 
5647 	return err;
5648 
5649 bcma_err_wireless_exit:
5650 	ieee80211_free_hw(wl->hw);
5651 bcma_out:
5652 	kfree(dev);
5653 	return err;
5654 }
5655 
5656 static void b43_bcma_remove(struct bcma_device *core)
5657 {
5658 	struct b43_wldev *wldev = bcma_get_drvdata(core);
5659 	struct b43_wl *wl = wldev->wl;
5660 
5661 	/* We must cancel any work here before unregistering from ieee80211,
5662 	 * as the ieee80211 unreg will destroy the workqueue. */
5663 	cancel_work_sync(&wldev->restart_work);
5664 	cancel_work_sync(&wl->firmware_load);
5665 
5666 	B43_WARN_ON(!wl);
5667 	if (!wldev->fw.ucode.data)
5668 		return;			/* NULL if firmware never loaded */
5669 	if (wl->current_dev == wldev && wl->hw_registered) {
5670 		b43_leds_stop(wldev);
5671 		ieee80211_unregister_hw(wl->hw);
5672 	}
5673 
5674 	b43_one_core_detach(wldev->dev);
5675 
5676 	/* Unregister HW RNG driver */
5677 	b43_rng_exit(wl);
5678 
5679 	b43_leds_unregister(wl);
5680 	ieee80211_free_hw(wl->hw);
5681 	kfree(wldev->dev);
5682 }
5683 
5684 static struct bcma_driver b43_bcma_driver = {
5685 	.name		= KBUILD_MODNAME,
5686 	.id_table	= b43_bcma_tbl,
5687 	.probe		= b43_bcma_probe,
5688 	.remove		= b43_bcma_remove,
5689 };
5690 #endif
5691 
5692 #ifdef CONFIG_B43_SSB
5693 static
5694 int b43_ssb_probe(struct ssb_device *sdev, const struct ssb_device_id *id)
5695 {
5696 	struct b43_bus_dev *dev;
5697 	struct b43_wl *wl;
5698 	int err;
5699 
5700 	dev = b43_bus_dev_ssb_init(sdev);
5701 	if (!dev)
5702 		return -ENOMEM;
5703 
5704 	wl = ssb_get_devtypedata(sdev);
5705 	if (wl) {
5706 		b43err(NULL, "Dual-core devices are not supported\n");
5707 		err = -ENOTSUPP;
5708 		goto err_ssb_kfree_dev;
5709 	}
5710 
5711 	b43_sprom_fixup(sdev->bus);
5712 
5713 	wl = b43_wireless_init(dev);
5714 	if (IS_ERR(wl)) {
5715 		err = PTR_ERR(wl);
5716 		goto err_ssb_kfree_dev;
5717 	}
5718 	ssb_set_devtypedata(sdev, wl);
5719 	B43_WARN_ON(ssb_get_devtypedata(sdev) != wl);
5720 
5721 	err = b43_one_core_attach(dev, wl);
5722 	if (err)
5723 		goto err_ssb_wireless_exit;
5724 
5725 	/* setup and start work to load firmware */
5726 	INIT_WORK(&wl->firmware_load, b43_request_firmware);
5727 	schedule_work(&wl->firmware_load);
5728 
5729 	return err;
5730 
5731 err_ssb_wireless_exit:
5732 	b43_wireless_exit(dev, wl);
5733 err_ssb_kfree_dev:
5734 	kfree(dev);
5735 	return err;
5736 }
5737 
5738 static void b43_ssb_remove(struct ssb_device *sdev)
5739 {
5740 	struct b43_wl *wl = ssb_get_devtypedata(sdev);
5741 	struct b43_wldev *wldev = ssb_get_drvdata(sdev);
5742 	struct b43_bus_dev *dev = wldev->dev;
5743 
5744 	/* We must cancel any work here before unregistering from ieee80211,
5745 	 * as the ieee80211 unreg will destroy the workqueue. */
5746 	cancel_work_sync(&wldev->restart_work);
5747 	cancel_work_sync(&wl->firmware_load);
5748 
5749 	B43_WARN_ON(!wl);
5750 	if (!wldev->fw.ucode.data)
5751 		return;			/* NULL if firmware never loaded */
5752 	if (wl->current_dev == wldev && wl->hw_registered) {
5753 		b43_leds_stop(wldev);
5754 		ieee80211_unregister_hw(wl->hw);
5755 	}
5756 
5757 	b43_one_core_detach(dev);
5758 
5759 	/* Unregister HW RNG driver */
5760 	b43_rng_exit(wl);
5761 
5762 	b43_leds_unregister(wl);
5763 	b43_wireless_exit(dev, wl);
5764 	kfree(dev);
5765 }
5766 
5767 static struct ssb_driver b43_ssb_driver = {
5768 	.name		= KBUILD_MODNAME,
5769 	.id_table	= b43_ssb_tbl,
5770 	.probe		= b43_ssb_probe,
5771 	.remove		= b43_ssb_remove,
5772 };
5773 #endif /* CONFIG_B43_SSB */
5774 
5775 /* Perform a hardware reset. This can be called from any context. */
5776 void b43_controller_restart(struct b43_wldev *dev, const char *reason)
5777 {
5778 	/* Must avoid requeueing, if we are in shutdown. */
5779 	if (b43_status(dev) < B43_STAT_INITIALIZED)
5780 		return;
5781 	b43info(dev->wl, "Controller RESET (%s) ...\n", reason);
5782 	ieee80211_queue_work(dev->wl->hw, &dev->restart_work);
5783 }
5784 
5785 static void b43_print_driverinfo(void)
5786 {
5787 	const char *feat_pci = "", *feat_nphy = "",
5788 		   *feat_leds = "", *feat_sdio = "";
5789 
5790 #ifdef CONFIG_B43_PCI_AUTOSELECT
5791 	feat_pci = "P";
5792 #endif
5793 #ifdef CONFIG_B43_PHY_N
5794 	feat_nphy = "N";
5795 #endif
5796 #ifdef CONFIG_B43_LEDS
5797 	feat_leds = "L";
5798 #endif
5799 #ifdef CONFIG_B43_SDIO
5800 	feat_sdio = "S";
5801 #endif
5802 	printk(KERN_INFO "Broadcom 43xx driver loaded "
5803 	       "[ Features: %s%s%s%s ]\n",
5804 	       feat_pci, feat_nphy, feat_leds, feat_sdio);
5805 }
5806 
5807 static int __init b43_init(void)
5808 {
5809 	int err;
5810 
5811 	b43_debugfs_init();
5812 	err = b43_sdio_init();
5813 	if (err)
5814 		goto err_dfs_exit;
5815 #ifdef CONFIG_B43_BCMA
5816 	err = bcma_driver_register(&b43_bcma_driver);
5817 	if (err)
5818 		goto err_sdio_exit;
5819 #endif
5820 #ifdef CONFIG_B43_SSB
5821 	err = ssb_driver_register(&b43_ssb_driver);
5822 	if (err)
5823 		goto err_bcma_driver_exit;
5824 #endif
5825 	b43_print_driverinfo();
5826 
5827 	return err;
5828 
5829 #ifdef CONFIG_B43_SSB
5830 err_bcma_driver_exit:
5831 #endif
5832 #ifdef CONFIG_B43_BCMA
5833 	bcma_driver_unregister(&b43_bcma_driver);
5834 err_sdio_exit:
5835 #endif
5836 	b43_sdio_exit();
5837 err_dfs_exit:
5838 	b43_debugfs_exit();
5839 	return err;
5840 }
5841 
5842 static void __exit b43_exit(void)
5843 {
5844 #ifdef CONFIG_B43_SSB
5845 	ssb_driver_unregister(&b43_ssb_driver);
5846 #endif
5847 #ifdef CONFIG_B43_BCMA
5848 	bcma_driver_unregister(&b43_bcma_driver);
5849 #endif
5850 	b43_sdio_exit();
5851 	b43_debugfs_exit();
5852 }
5853 
5854 module_init(b43_init)
5855 module_exit(b43_exit)
5856