1 // SPDX-License-Identifier: GPL-2.0-only
2 /******************************************************************************
3 
4   Copyright(c) 2003 - 2006 Intel Corporation. All rights reserved.
5 
6 
7   Contact Information:
8   Intel Linux Wireless <ilw@linux.intel.com>
9   Intel Corporation, 5200 N.E. Elam Young Parkway, Hillsboro, OR 97124-6497
10 
11   Portions of this file are based on the sample_* files provided by Wireless
12   Extensions 0.26 package and copyright (c) 1997-2003 Jean Tourrilhes
13   <jt@hpl.hp.com>
14 
15   Portions of this file are based on the Host AP project,
16   Copyright (c) 2001-2002, SSH Communications Security Corp and Jouni Malinen
17     <j@w1.fi>
18   Copyright (c) 2002-2003, Jouni Malinen <j@w1.fi>
19 
20   Portions of ipw2100_mod_firmware_load, ipw2100_do_mod_firmware_load, and
21   ipw2100_fw_load are loosely based on drivers/sound/sound_firmware.c
22   available in the 2.4.25 kernel sources, and are copyright (c) Alan Cox
23 
24 ******************************************************************************/
25 /*
26 
27  Initial driver on which this is based was developed by Janusz Gorycki,
28  Maciej Urbaniak, and Maciej Sosnowski.
29 
30  Promiscuous mode support added by Jacek Wysoczynski and Maciej Urbaniak.
31 
32 Theory of Operation
33 
34 Tx - Commands and Data
35 
36 Firmware and host share a circular queue of Transmit Buffer Descriptors (TBDs)
37 Each TBD contains a pointer to the physical (dma_addr_t) address of data being
38 sent to the firmware as well as the length of the data.
39 
40 The host writes to the TBD queue at the WRITE index.  The WRITE index points
41 to the _next_ packet to be written and is advanced when after the TBD has been
42 filled.
43 
44 The firmware pulls from the TBD queue at the READ index.  The READ index points
45 to the currently being read entry, and is advanced once the firmware is
46 done with a packet.
47 
48 When data is sent to the firmware, the first TBD is used to indicate to the
49 firmware if a Command or Data is being sent.  If it is Command, all of the
50 command information is contained within the physical address referred to by the
51 TBD.  If it is Data, the first TBD indicates the type of data packet, number
52 of fragments, etc.  The next TBD then refers to the actual packet location.
53 
54 The Tx flow cycle is as follows:
55 
56 1) ipw2100_tx() is called by kernel with SKB to transmit
57 2) Packet is move from the tx_free_list and appended to the transmit pending
58    list (tx_pend_list)
59 3) work is scheduled to move pending packets into the shared circular queue.
60 4) when placing packet in the circular queue, the incoming SKB is DMA mapped
61    to a physical address.  That address is entered into a TBD.  Two TBDs are
62    filled out.  The first indicating a data packet, the second referring to the
63    actual payload data.
64 5) the packet is removed from tx_pend_list and placed on the end of the
65    firmware pending list (fw_pend_list)
66 6) firmware is notified that the WRITE index has
67 7) Once the firmware has processed the TBD, INTA is triggered.
68 8) For each Tx interrupt received from the firmware, the READ index is checked
69    to see which TBDs are done being processed.
70 9) For each TBD that has been processed, the ISR pulls the oldest packet
71    from the fw_pend_list.
72 10)The packet structure contained in the fw_pend_list is then used
73    to unmap the DMA address and to free the SKB originally passed to the driver
74    from the kernel.
75 11)The packet structure is placed onto the tx_free_list
76 
77 The above steps are the same for commands, only the msg_free_list/msg_pend_list
78 are used instead of tx_free_list/tx_pend_list
79 
80 ...
81 
82 Critical Sections / Locking :
83 
84 There are two locks utilized.  The first is the low level lock (priv->low_lock)
85 that protects the following:
86 
87 - Access to the Tx/Rx queue lists via priv->low_lock. The lists are as follows:
88 
89   tx_free_list : Holds pre-allocated Tx buffers.
90     TAIL modified in __ipw2100_tx_process()
91     HEAD modified in ipw2100_tx()
92 
93   tx_pend_list : Holds used Tx buffers waiting to go into the TBD ring
94     TAIL modified ipw2100_tx()
95     HEAD modified by ipw2100_tx_send_data()
96 
97   msg_free_list : Holds pre-allocated Msg (Command) buffers
98     TAIL modified in __ipw2100_tx_process()
99     HEAD modified in ipw2100_hw_send_command()
100 
101   msg_pend_list : Holds used Msg buffers waiting to go into the TBD ring
102     TAIL modified in ipw2100_hw_send_command()
103     HEAD modified in ipw2100_tx_send_commands()
104 
105   The flow of data on the TX side is as follows:
106 
107   MSG_FREE_LIST + COMMAND => MSG_PEND_LIST => TBD => MSG_FREE_LIST
108   TX_FREE_LIST + DATA => TX_PEND_LIST => TBD => TX_FREE_LIST
109 
110   The methods that work on the TBD ring are protected via priv->low_lock.
111 
112 - The internal data state of the device itself
113 - Access to the firmware read/write indexes for the BD queues
114   and associated logic
115 
116 All external entry functions are locked with the priv->action_lock to ensure
117 that only one external action is invoked at a time.
118 
119 
120 */
121 
122 #include <linux/compiler.h>
123 #include <linux/errno.h>
124 #include <linux/if_arp.h>
125 #include <linux/in6.h>
126 #include <linux/in.h>
127 #include <linux/ip.h>
128 #include <linux/kernel.h>
129 #include <linux/kmod.h>
130 #include <linux/module.h>
131 #include <linux/netdevice.h>
132 #include <linux/ethtool.h>
133 #include <linux/pci.h>
134 #include <linux/dma-mapping.h>
135 #include <linux/proc_fs.h>
136 #include <linux/skbuff.h>
137 #include <linux/uaccess.h>
138 #include <asm/io.h>
139 #include <linux/fs.h>
140 #include <linux/mm.h>
141 #include <linux/slab.h>
142 #include <linux/unistd.h>
143 #include <linux/stringify.h>
144 #include <linux/tcp.h>
145 #include <linux/types.h>
146 #include <linux/time.h>
147 #include <linux/firmware.h>
148 #include <linux/acpi.h>
149 #include <linux/ctype.h>
150 #include <linux/pm_qos.h>
151 
152 #include <net/lib80211.h>
153 
154 #include "ipw2100.h"
155 #include "ipw.h"
156 
157 #define IPW2100_VERSION "git-1.2.2"
158 
159 #define DRV_NAME	"ipw2100"
160 #define DRV_VERSION	IPW2100_VERSION
161 #define DRV_DESCRIPTION	"Intel(R) PRO/Wireless 2100 Network Driver"
162 #define DRV_COPYRIGHT	"Copyright(c) 2003-2006 Intel Corporation"
163 
164 static struct pm_qos_request ipw2100_pm_qos_req;
165 
166 /* Debugging stuff */
167 #ifdef CONFIG_IPW2100_DEBUG
168 #define IPW2100_RX_DEBUG	/* Reception debugging */
169 #endif
170 
171 MODULE_DESCRIPTION(DRV_DESCRIPTION);
172 MODULE_VERSION(DRV_VERSION);
173 MODULE_AUTHOR(DRV_COPYRIGHT);
174 MODULE_LICENSE("GPL");
175 
176 static int debug = 0;
177 static int network_mode = 0;
178 static int channel = 0;
179 static int associate = 0;
180 static int disable = 0;
181 #ifdef CONFIG_PM
182 static struct ipw2100_fw ipw2100_firmware;
183 #endif
184 
185 #include <linux/moduleparam.h>
186 module_param(debug, int, 0444);
187 module_param_named(mode, network_mode, int, 0444);
188 module_param(channel, int, 0444);
189 module_param(associate, int, 0444);
190 module_param(disable, int, 0444);
191 
192 MODULE_PARM_DESC(debug, "debug level");
193 MODULE_PARM_DESC(mode, "network mode (0=BSS,1=IBSS,2=Monitor)");
194 MODULE_PARM_DESC(channel, "channel");
195 MODULE_PARM_DESC(associate, "auto associate when scanning (default off)");
196 MODULE_PARM_DESC(disable, "manually disable the radio (default 0 [radio on])");
197 
198 static u32 ipw2100_debug_level = IPW_DL_NONE;
199 
200 #ifdef CONFIG_IPW2100_DEBUG
201 #define IPW_DEBUG(level, message...) \
202 do { \
203 	if (ipw2100_debug_level & (level)) { \
204 		printk(KERN_DEBUG "ipw2100: %s ", __func__); \
205 		printk(message); \
206 	} \
207 } while (0)
208 #else
209 #define IPW_DEBUG(level, message...) do {} while (0)
210 #endif				/* CONFIG_IPW2100_DEBUG */
211 
212 #ifdef CONFIG_IPW2100_DEBUG
213 static const char *command_types[] = {
214 	"undefined",
215 	"unused",		/* HOST_ATTENTION */
216 	"HOST_COMPLETE",
217 	"unused",		/* SLEEP */
218 	"unused",		/* HOST_POWER_DOWN */
219 	"unused",
220 	"SYSTEM_CONFIG",
221 	"unused",		/* SET_IMR */
222 	"SSID",
223 	"MANDATORY_BSSID",
224 	"AUTHENTICATION_TYPE",
225 	"ADAPTER_ADDRESS",
226 	"PORT_TYPE",
227 	"INTERNATIONAL_MODE",
228 	"CHANNEL",
229 	"RTS_THRESHOLD",
230 	"FRAG_THRESHOLD",
231 	"POWER_MODE",
232 	"TX_RATES",
233 	"BASIC_TX_RATES",
234 	"WEP_KEY_INFO",
235 	"unused",
236 	"unused",
237 	"unused",
238 	"unused",
239 	"WEP_KEY_INDEX",
240 	"WEP_FLAGS",
241 	"ADD_MULTICAST",
242 	"CLEAR_ALL_MULTICAST",
243 	"BEACON_INTERVAL",
244 	"ATIM_WINDOW",
245 	"CLEAR_STATISTICS",
246 	"undefined",
247 	"undefined",
248 	"undefined",
249 	"undefined",
250 	"TX_POWER_INDEX",
251 	"undefined",
252 	"undefined",
253 	"undefined",
254 	"undefined",
255 	"undefined",
256 	"undefined",
257 	"BROADCAST_SCAN",
258 	"CARD_DISABLE",
259 	"PREFERRED_BSSID",
260 	"SET_SCAN_OPTIONS",
261 	"SCAN_DWELL_TIME",
262 	"SWEEP_TABLE",
263 	"AP_OR_STATION_TABLE",
264 	"GROUP_ORDINALS",
265 	"SHORT_RETRY_LIMIT",
266 	"LONG_RETRY_LIMIT",
267 	"unused",		/* SAVE_CALIBRATION */
268 	"unused",		/* RESTORE_CALIBRATION */
269 	"undefined",
270 	"undefined",
271 	"undefined",
272 	"HOST_PRE_POWER_DOWN",
273 	"unused",		/* HOST_INTERRUPT_COALESCING */
274 	"undefined",
275 	"CARD_DISABLE_PHY_OFF",
276 	"MSDU_TX_RATES",
277 	"undefined",
278 	"SET_STATION_STAT_BITS",
279 	"CLEAR_STATIONS_STAT_BITS",
280 	"LEAP_ROGUE_MODE",
281 	"SET_SECURITY_INFORMATION",
282 	"DISASSOCIATION_BSSID",
283 	"SET_WPA_ASS_IE"
284 };
285 #endif
286 
287 static const long ipw2100_frequencies[] = {
288 	2412, 2417, 2422, 2427,
289 	2432, 2437, 2442, 2447,
290 	2452, 2457, 2462, 2467,
291 	2472, 2484
292 };
293 
294 #define FREQ_COUNT	ARRAY_SIZE(ipw2100_frequencies)
295 
296 static struct ieee80211_rate ipw2100_bg_rates[] = {
297 	{ .bitrate = 10 },
298 	{ .bitrate = 20, .flags = IEEE80211_RATE_SHORT_PREAMBLE },
299 	{ .bitrate = 55, .flags = IEEE80211_RATE_SHORT_PREAMBLE },
300 	{ .bitrate = 110, .flags = IEEE80211_RATE_SHORT_PREAMBLE },
301 };
302 
303 #define RATE_COUNT ARRAY_SIZE(ipw2100_bg_rates)
304 
305 /* Pre-decl until we get the code solid and then we can clean it up */
306 static void ipw2100_tx_send_commands(struct ipw2100_priv *priv);
307 static void ipw2100_tx_send_data(struct ipw2100_priv *priv);
308 static int ipw2100_adapter_setup(struct ipw2100_priv *priv);
309 
310 static void ipw2100_queues_initialize(struct ipw2100_priv *priv);
311 static void ipw2100_queues_free(struct ipw2100_priv *priv);
312 static int ipw2100_queues_allocate(struct ipw2100_priv *priv);
313 
314 static int ipw2100_fw_download(struct ipw2100_priv *priv,
315 			       struct ipw2100_fw *fw);
316 static int ipw2100_get_firmware(struct ipw2100_priv *priv,
317 				struct ipw2100_fw *fw);
318 static int ipw2100_get_fwversion(struct ipw2100_priv *priv, char *buf,
319 				 size_t max);
320 static int ipw2100_get_ucodeversion(struct ipw2100_priv *priv, char *buf,
321 				    size_t max);
322 static void ipw2100_release_firmware(struct ipw2100_priv *priv,
323 				     struct ipw2100_fw *fw);
324 static int ipw2100_ucode_download(struct ipw2100_priv *priv,
325 				  struct ipw2100_fw *fw);
326 static void ipw2100_wx_event_work(struct work_struct *work);
327 static struct iw_statistics *ipw2100_wx_wireless_stats(struct net_device *dev);
328 static const struct iw_handler_def ipw2100_wx_handler_def;
329 
330 static inline void read_register(struct net_device *dev, u32 reg, u32 * val)
331 {
332 	struct ipw2100_priv *priv = libipw_priv(dev);
333 
334 	*val = ioread32(priv->ioaddr + reg);
335 	IPW_DEBUG_IO("r: 0x%08X => 0x%08X\n", reg, *val);
336 }
337 
338 static inline void write_register(struct net_device *dev, u32 reg, u32 val)
339 {
340 	struct ipw2100_priv *priv = libipw_priv(dev);
341 
342 	iowrite32(val, priv->ioaddr + reg);
343 	IPW_DEBUG_IO("w: 0x%08X <= 0x%08X\n", reg, val);
344 }
345 
346 static inline void read_register_word(struct net_device *dev, u32 reg,
347 				      u16 * val)
348 {
349 	struct ipw2100_priv *priv = libipw_priv(dev);
350 
351 	*val = ioread16(priv->ioaddr + reg);
352 	IPW_DEBUG_IO("r: 0x%08X => %04X\n", reg, *val);
353 }
354 
355 static inline void read_register_byte(struct net_device *dev, u32 reg, u8 * val)
356 {
357 	struct ipw2100_priv *priv = libipw_priv(dev);
358 
359 	*val = ioread8(priv->ioaddr + reg);
360 	IPW_DEBUG_IO("r: 0x%08X => %02X\n", reg, *val);
361 }
362 
363 static inline void write_register_word(struct net_device *dev, u32 reg, u16 val)
364 {
365 	struct ipw2100_priv *priv = libipw_priv(dev);
366 
367 	iowrite16(val, priv->ioaddr + reg);
368 	IPW_DEBUG_IO("w: 0x%08X <= %04X\n", reg, val);
369 }
370 
371 static inline void write_register_byte(struct net_device *dev, u32 reg, u8 val)
372 {
373 	struct ipw2100_priv *priv = libipw_priv(dev);
374 
375 	iowrite8(val, priv->ioaddr + reg);
376 	IPW_DEBUG_IO("w: 0x%08X =< %02X\n", reg, val);
377 }
378 
379 static inline void read_nic_dword(struct net_device *dev, u32 addr, u32 * val)
380 {
381 	write_register(dev, IPW_REG_INDIRECT_ACCESS_ADDRESS,
382 		       addr & IPW_REG_INDIRECT_ADDR_MASK);
383 	read_register(dev, IPW_REG_INDIRECT_ACCESS_DATA, val);
384 }
385 
386 static inline void write_nic_dword(struct net_device *dev, u32 addr, u32 val)
387 {
388 	write_register(dev, IPW_REG_INDIRECT_ACCESS_ADDRESS,
389 		       addr & IPW_REG_INDIRECT_ADDR_MASK);
390 	write_register(dev, IPW_REG_INDIRECT_ACCESS_DATA, val);
391 }
392 
393 static inline void read_nic_word(struct net_device *dev, u32 addr, u16 * val)
394 {
395 	write_register(dev, IPW_REG_INDIRECT_ACCESS_ADDRESS,
396 		       addr & IPW_REG_INDIRECT_ADDR_MASK);
397 	read_register_word(dev, IPW_REG_INDIRECT_ACCESS_DATA, val);
398 }
399 
400 static inline void write_nic_word(struct net_device *dev, u32 addr, u16 val)
401 {
402 	write_register(dev, IPW_REG_INDIRECT_ACCESS_ADDRESS,
403 		       addr & IPW_REG_INDIRECT_ADDR_MASK);
404 	write_register_word(dev, IPW_REG_INDIRECT_ACCESS_DATA, val);
405 }
406 
407 static inline void read_nic_byte(struct net_device *dev, u32 addr, u8 * val)
408 {
409 	write_register(dev, IPW_REG_INDIRECT_ACCESS_ADDRESS,
410 		       addr & IPW_REG_INDIRECT_ADDR_MASK);
411 	read_register_byte(dev, IPW_REG_INDIRECT_ACCESS_DATA, val);
412 }
413 
414 static inline void write_nic_byte(struct net_device *dev, u32 addr, u8 val)
415 {
416 	write_register(dev, IPW_REG_INDIRECT_ACCESS_ADDRESS,
417 		       addr & IPW_REG_INDIRECT_ADDR_MASK);
418 	write_register_byte(dev, IPW_REG_INDIRECT_ACCESS_DATA, val);
419 }
420 
421 static void write_nic_memory(struct net_device *dev, u32 addr, u32 len,
422 				    const u8 * buf)
423 {
424 	u32 aligned_addr;
425 	u32 aligned_len;
426 	u32 dif_len;
427 	u32 i;
428 
429 	/* read first nibble byte by byte */
430 	aligned_addr = addr & (~0x3);
431 	dif_len = addr - aligned_addr;
432 	if (dif_len) {
433 		/* Start reading at aligned_addr + dif_len */
434 		write_register(dev, IPW_REG_INDIRECT_ACCESS_ADDRESS,
435 			       aligned_addr);
436 		for (i = dif_len; i < 4; i++, buf++)
437 			write_register_byte(dev,
438 					    IPW_REG_INDIRECT_ACCESS_DATA + i,
439 					    *buf);
440 
441 		len -= dif_len;
442 		aligned_addr += 4;
443 	}
444 
445 	/* read DWs through autoincrement registers */
446 	write_register(dev, IPW_REG_AUTOINCREMENT_ADDRESS, aligned_addr);
447 	aligned_len = len & (~0x3);
448 	for (i = 0; i < aligned_len; i += 4, buf += 4, aligned_addr += 4)
449 		write_register(dev, IPW_REG_AUTOINCREMENT_DATA, *(u32 *) buf);
450 
451 	/* copy the last nibble */
452 	dif_len = len - aligned_len;
453 	write_register(dev, IPW_REG_INDIRECT_ACCESS_ADDRESS, aligned_addr);
454 	for (i = 0; i < dif_len; i++, buf++)
455 		write_register_byte(dev, IPW_REG_INDIRECT_ACCESS_DATA + i,
456 				    *buf);
457 }
458 
459 static void read_nic_memory(struct net_device *dev, u32 addr, u32 len,
460 				   u8 * buf)
461 {
462 	u32 aligned_addr;
463 	u32 aligned_len;
464 	u32 dif_len;
465 	u32 i;
466 
467 	/* read first nibble byte by byte */
468 	aligned_addr = addr & (~0x3);
469 	dif_len = addr - aligned_addr;
470 	if (dif_len) {
471 		/* Start reading at aligned_addr + dif_len */
472 		write_register(dev, IPW_REG_INDIRECT_ACCESS_ADDRESS,
473 			       aligned_addr);
474 		for (i = dif_len; i < 4; i++, buf++)
475 			read_register_byte(dev,
476 					   IPW_REG_INDIRECT_ACCESS_DATA + i,
477 					   buf);
478 
479 		len -= dif_len;
480 		aligned_addr += 4;
481 	}
482 
483 	/* read DWs through autoincrement registers */
484 	write_register(dev, IPW_REG_AUTOINCREMENT_ADDRESS, aligned_addr);
485 	aligned_len = len & (~0x3);
486 	for (i = 0; i < aligned_len; i += 4, buf += 4, aligned_addr += 4)
487 		read_register(dev, IPW_REG_AUTOINCREMENT_DATA, (u32 *) buf);
488 
489 	/* copy the last nibble */
490 	dif_len = len - aligned_len;
491 	write_register(dev, IPW_REG_INDIRECT_ACCESS_ADDRESS, aligned_addr);
492 	for (i = 0; i < dif_len; i++, buf++)
493 		read_register_byte(dev, IPW_REG_INDIRECT_ACCESS_DATA + i, buf);
494 }
495 
496 static bool ipw2100_hw_is_adapter_in_system(struct net_device *dev)
497 {
498 	u32 dbg;
499 
500 	read_register(dev, IPW_REG_DOA_DEBUG_AREA_START, &dbg);
501 
502 	return dbg == IPW_DATA_DOA_DEBUG_VALUE;
503 }
504 
505 static int ipw2100_get_ordinal(struct ipw2100_priv *priv, u32 ord,
506 			       void *val, u32 * len)
507 {
508 	struct ipw2100_ordinals *ordinals = &priv->ordinals;
509 	u32 addr;
510 	u32 field_info;
511 	u16 field_len;
512 	u16 field_count;
513 	u32 total_length;
514 
515 	if (ordinals->table1_addr == 0) {
516 		printk(KERN_WARNING DRV_NAME ": attempt to use fw ordinals "
517 		       "before they have been loaded.\n");
518 		return -EINVAL;
519 	}
520 
521 	if (IS_ORDINAL_TABLE_ONE(ordinals, ord)) {
522 		if (*len < IPW_ORD_TAB_1_ENTRY_SIZE) {
523 			*len = IPW_ORD_TAB_1_ENTRY_SIZE;
524 
525 			printk(KERN_WARNING DRV_NAME
526 			       ": ordinal buffer length too small, need %zd\n",
527 			       IPW_ORD_TAB_1_ENTRY_SIZE);
528 
529 			return -EINVAL;
530 		}
531 
532 		read_nic_dword(priv->net_dev,
533 			       ordinals->table1_addr + (ord << 2), &addr);
534 		read_nic_dword(priv->net_dev, addr, val);
535 
536 		*len = IPW_ORD_TAB_1_ENTRY_SIZE;
537 
538 		return 0;
539 	}
540 
541 	if (IS_ORDINAL_TABLE_TWO(ordinals, ord)) {
542 
543 		ord -= IPW_START_ORD_TAB_2;
544 
545 		/* get the address of statistic */
546 		read_nic_dword(priv->net_dev,
547 			       ordinals->table2_addr + (ord << 3), &addr);
548 
549 		/* get the second DW of statistics ;
550 		 * two 16-bit words - first is length, second is count */
551 		read_nic_dword(priv->net_dev,
552 			       ordinals->table2_addr + (ord << 3) + sizeof(u32),
553 			       &field_info);
554 
555 		/* get each entry length */
556 		field_len = *((u16 *) & field_info);
557 
558 		/* get number of entries */
559 		field_count = *(((u16 *) & field_info) + 1);
560 
561 		/* abort if no enough memory */
562 		total_length = field_len * field_count;
563 		if (total_length > *len) {
564 			*len = total_length;
565 			return -EINVAL;
566 		}
567 
568 		*len = total_length;
569 		if (!total_length)
570 			return 0;
571 
572 		/* read the ordinal data from the SRAM */
573 		read_nic_memory(priv->net_dev, addr, total_length, val);
574 
575 		return 0;
576 	}
577 
578 	printk(KERN_WARNING DRV_NAME ": ordinal %d neither in table 1 nor "
579 	       "in table 2\n", ord);
580 
581 	return -EINVAL;
582 }
583 
584 static int ipw2100_set_ordinal(struct ipw2100_priv *priv, u32 ord, u32 * val,
585 			       u32 * len)
586 {
587 	struct ipw2100_ordinals *ordinals = &priv->ordinals;
588 	u32 addr;
589 
590 	if (IS_ORDINAL_TABLE_ONE(ordinals, ord)) {
591 		if (*len != IPW_ORD_TAB_1_ENTRY_SIZE) {
592 			*len = IPW_ORD_TAB_1_ENTRY_SIZE;
593 			IPW_DEBUG_INFO("wrong size\n");
594 			return -EINVAL;
595 		}
596 
597 		read_nic_dword(priv->net_dev,
598 			       ordinals->table1_addr + (ord << 2), &addr);
599 
600 		write_nic_dword(priv->net_dev, addr, *val);
601 
602 		*len = IPW_ORD_TAB_1_ENTRY_SIZE;
603 
604 		return 0;
605 	}
606 
607 	IPW_DEBUG_INFO("wrong table\n");
608 	if (IS_ORDINAL_TABLE_TWO(ordinals, ord))
609 		return -EINVAL;
610 
611 	return -EINVAL;
612 }
613 
614 static char *snprint_line(char *buf, size_t count,
615 			  const u8 * data, u32 len, u32 ofs)
616 {
617 	int out, i, j, l;
618 	char c;
619 
620 	out = scnprintf(buf, count, "%08X", ofs);
621 
622 	for (l = 0, i = 0; i < 2; i++) {
623 		out += scnprintf(buf + out, count - out, " ");
624 		for (j = 0; j < 8 && l < len; j++, l++)
625 			out += scnprintf(buf + out, count - out, "%02X ",
626 					data[(i * 8 + j)]);
627 		for (; j < 8; j++)
628 			out += scnprintf(buf + out, count - out, "   ");
629 	}
630 
631 	out += scnprintf(buf + out, count - out, " ");
632 	for (l = 0, i = 0; i < 2; i++) {
633 		out += scnprintf(buf + out, count - out, " ");
634 		for (j = 0; j < 8 && l < len; j++, l++) {
635 			c = data[(i * 8 + j)];
636 			if (!isascii(c) || !isprint(c))
637 				c = '.';
638 
639 			out += scnprintf(buf + out, count - out, "%c", c);
640 		}
641 
642 		for (; j < 8; j++)
643 			out += scnprintf(buf + out, count - out, " ");
644 	}
645 
646 	return buf;
647 }
648 
649 static void printk_buf(int level, const u8 * data, u32 len)
650 {
651 	char line[81];
652 	u32 ofs = 0;
653 	if (!(ipw2100_debug_level & level))
654 		return;
655 
656 	while (len) {
657 		printk(KERN_DEBUG "%s\n",
658 		       snprint_line(line, sizeof(line), &data[ofs],
659 				    min(len, 16U), ofs));
660 		ofs += 16;
661 		len -= min(len, 16U);
662 	}
663 }
664 
665 #define MAX_RESET_BACKOFF 10
666 
667 static void schedule_reset(struct ipw2100_priv *priv)
668 {
669 	time64_t now = ktime_get_boottime_seconds();
670 
671 	/* If we haven't received a reset request within the backoff period,
672 	 * then we can reset the backoff interval so this reset occurs
673 	 * immediately */
674 	if (priv->reset_backoff &&
675 	    (now - priv->last_reset > priv->reset_backoff))
676 		priv->reset_backoff = 0;
677 
678 	priv->last_reset = now;
679 
680 	if (!(priv->status & STATUS_RESET_PENDING)) {
681 		IPW_DEBUG_INFO("%s: Scheduling firmware restart (%llds).\n",
682 			       priv->net_dev->name, priv->reset_backoff);
683 		netif_carrier_off(priv->net_dev);
684 		netif_stop_queue(priv->net_dev);
685 		priv->status |= STATUS_RESET_PENDING;
686 		if (priv->reset_backoff)
687 			schedule_delayed_work(&priv->reset_work,
688 					      priv->reset_backoff * HZ);
689 		else
690 			schedule_delayed_work(&priv->reset_work, 0);
691 
692 		if (priv->reset_backoff < MAX_RESET_BACKOFF)
693 			priv->reset_backoff++;
694 
695 		wake_up_interruptible(&priv->wait_command_queue);
696 	} else
697 		IPW_DEBUG_INFO("%s: Firmware restart already in progress.\n",
698 			       priv->net_dev->name);
699 
700 }
701 
702 #define HOST_COMPLETE_TIMEOUT (2 * HZ)
703 static int ipw2100_hw_send_command(struct ipw2100_priv *priv,
704 				   struct host_command *cmd)
705 {
706 	struct list_head *element;
707 	struct ipw2100_tx_packet *packet;
708 	unsigned long flags;
709 	int err = 0;
710 
711 	IPW_DEBUG_HC("Sending %s command (#%d), %d bytes\n",
712 		     command_types[cmd->host_command], cmd->host_command,
713 		     cmd->host_command_length);
714 	printk_buf(IPW_DL_HC, (u8 *) cmd->host_command_parameters,
715 		   cmd->host_command_length);
716 
717 	spin_lock_irqsave(&priv->low_lock, flags);
718 
719 	if (priv->fatal_error) {
720 		IPW_DEBUG_INFO
721 		    ("Attempt to send command while hardware in fatal error condition.\n");
722 		err = -EIO;
723 		goto fail_unlock;
724 	}
725 
726 	if (!(priv->status & STATUS_RUNNING)) {
727 		IPW_DEBUG_INFO
728 		    ("Attempt to send command while hardware is not running.\n");
729 		err = -EIO;
730 		goto fail_unlock;
731 	}
732 
733 	if (priv->status & STATUS_CMD_ACTIVE) {
734 		IPW_DEBUG_INFO
735 		    ("Attempt to send command while another command is pending.\n");
736 		err = -EBUSY;
737 		goto fail_unlock;
738 	}
739 
740 	if (list_empty(&priv->msg_free_list)) {
741 		IPW_DEBUG_INFO("no available msg buffers\n");
742 		goto fail_unlock;
743 	}
744 
745 	priv->status |= STATUS_CMD_ACTIVE;
746 	priv->messages_sent++;
747 
748 	element = priv->msg_free_list.next;
749 
750 	packet = list_entry(element, struct ipw2100_tx_packet, list);
751 	packet->jiffy_start = jiffies;
752 
753 	/* initialize the firmware command packet */
754 	packet->info.c_struct.cmd->host_command_reg = cmd->host_command;
755 	packet->info.c_struct.cmd->host_command_reg1 = cmd->host_command1;
756 	packet->info.c_struct.cmd->host_command_len_reg =
757 	    cmd->host_command_length;
758 	packet->info.c_struct.cmd->sequence = cmd->host_command_sequence;
759 
760 	memcpy(packet->info.c_struct.cmd->host_command_params_reg,
761 	       cmd->host_command_parameters,
762 	       sizeof(packet->info.c_struct.cmd->host_command_params_reg));
763 
764 	list_del(element);
765 	DEC_STAT(&priv->msg_free_stat);
766 
767 	list_add_tail(element, &priv->msg_pend_list);
768 	INC_STAT(&priv->msg_pend_stat);
769 
770 	ipw2100_tx_send_commands(priv);
771 	ipw2100_tx_send_data(priv);
772 
773 	spin_unlock_irqrestore(&priv->low_lock, flags);
774 
775 	/*
776 	 * We must wait for this command to complete before another
777 	 * command can be sent...  but if we wait more than 3 seconds
778 	 * then there is a problem.
779 	 */
780 
781 	err =
782 	    wait_event_interruptible_timeout(priv->wait_command_queue,
783 					     !(priv->
784 					       status & STATUS_CMD_ACTIVE),
785 					     HOST_COMPLETE_TIMEOUT);
786 
787 	if (err == 0) {
788 		IPW_DEBUG_INFO("Command completion failed out after %dms.\n",
789 			       1000 * (HOST_COMPLETE_TIMEOUT / HZ));
790 		priv->fatal_error = IPW2100_ERR_MSG_TIMEOUT;
791 		priv->status &= ~STATUS_CMD_ACTIVE;
792 		schedule_reset(priv);
793 		return -EIO;
794 	}
795 
796 	if (priv->fatal_error) {
797 		printk(KERN_WARNING DRV_NAME ": %s: firmware fatal error\n",
798 		       priv->net_dev->name);
799 		return -EIO;
800 	}
801 
802 	/* !!!!! HACK TEST !!!!!
803 	 * When lots of debug trace statements are enabled, the driver
804 	 * doesn't seem to have as many firmware restart cycles...
805 	 *
806 	 * As a test, we're sticking in a 1/100s delay here */
807 	schedule_timeout_uninterruptible(msecs_to_jiffies(10));
808 
809 	return 0;
810 
811       fail_unlock:
812 	spin_unlock_irqrestore(&priv->low_lock, flags);
813 
814 	return err;
815 }
816 
817 /*
818  * Verify the values and data access of the hardware
819  * No locks needed or used.  No functions called.
820  */
821 static int ipw2100_verify(struct ipw2100_priv *priv)
822 {
823 	u32 data1, data2;
824 	u32 address;
825 
826 	u32 val1 = 0x76543210;
827 	u32 val2 = 0xFEDCBA98;
828 
829 	/* Domain 0 check - all values should be DOA_DEBUG */
830 	for (address = IPW_REG_DOA_DEBUG_AREA_START;
831 	     address < IPW_REG_DOA_DEBUG_AREA_END; address += sizeof(u32)) {
832 		read_register(priv->net_dev, address, &data1);
833 		if (data1 != IPW_DATA_DOA_DEBUG_VALUE)
834 			return -EIO;
835 	}
836 
837 	/* Domain 1 check - use arbitrary read/write compare  */
838 	for (address = 0; address < 5; address++) {
839 		/* The memory area is not used now */
840 		write_register(priv->net_dev, IPW_REG_DOMAIN_1_OFFSET + 0x32,
841 			       val1);
842 		write_register(priv->net_dev, IPW_REG_DOMAIN_1_OFFSET + 0x36,
843 			       val2);
844 		read_register(priv->net_dev, IPW_REG_DOMAIN_1_OFFSET + 0x32,
845 			      &data1);
846 		read_register(priv->net_dev, IPW_REG_DOMAIN_1_OFFSET + 0x36,
847 			      &data2);
848 		if (val1 == data1 && val2 == data2)
849 			return 0;
850 	}
851 
852 	return -EIO;
853 }
854 
855 /*
856  *
857  * Loop until the CARD_DISABLED bit is the same value as the
858  * supplied parameter
859  *
860  * TODO: See if it would be more efficient to do a wait/wake
861  *       cycle and have the completion event trigger the wakeup
862  *
863  */
864 #define IPW_CARD_DISABLE_COMPLETE_WAIT		    100	// 100 milli
865 static int ipw2100_wait_for_card_state(struct ipw2100_priv *priv, int state)
866 {
867 	int i;
868 	u32 card_state;
869 	u32 len = sizeof(card_state);
870 	int err;
871 
872 	for (i = 0; i <= IPW_CARD_DISABLE_COMPLETE_WAIT * 1000; i += 50) {
873 		err = ipw2100_get_ordinal(priv, IPW_ORD_CARD_DISABLED,
874 					  &card_state, &len);
875 		if (err) {
876 			IPW_DEBUG_INFO("Query of CARD_DISABLED ordinal "
877 				       "failed.\n");
878 			return 0;
879 		}
880 
881 		/* We'll break out if either the HW state says it is
882 		 * in the state we want, or if HOST_COMPLETE command
883 		 * finishes */
884 		if ((card_state == state) ||
885 		    ((priv->status & STATUS_ENABLED) ?
886 		     IPW_HW_STATE_ENABLED : IPW_HW_STATE_DISABLED) == state) {
887 			if (state == IPW_HW_STATE_ENABLED)
888 				priv->status |= STATUS_ENABLED;
889 			else
890 				priv->status &= ~STATUS_ENABLED;
891 
892 			return 0;
893 		}
894 
895 		udelay(50);
896 	}
897 
898 	IPW_DEBUG_INFO("ipw2100_wait_for_card_state to %s state timed out\n",
899 		       state ? "DISABLED" : "ENABLED");
900 	return -EIO;
901 }
902 
903 /*********************************************************************
904     Procedure   :   sw_reset_and_clock
905     Purpose     :   Asserts s/w reset, asserts clock initialization
906                     and waits for clock stabilization
907  ********************************************************************/
908 static int sw_reset_and_clock(struct ipw2100_priv *priv)
909 {
910 	int i;
911 	u32 r;
912 
913 	// assert s/w reset
914 	write_register(priv->net_dev, IPW_REG_RESET_REG,
915 		       IPW_AUX_HOST_RESET_REG_SW_RESET);
916 
917 	// wait for clock stabilization
918 	for (i = 0; i < 1000; i++) {
919 		udelay(IPW_WAIT_RESET_ARC_COMPLETE_DELAY);
920 
921 		// check clock ready bit
922 		read_register(priv->net_dev, IPW_REG_RESET_REG, &r);
923 		if (r & IPW_AUX_HOST_RESET_REG_PRINCETON_RESET)
924 			break;
925 	}
926 
927 	if (i == 1000)
928 		return -EIO;	// TODO: better error value
929 
930 	/* set "initialization complete" bit to move adapter to
931 	 * D0 state */
932 	write_register(priv->net_dev, IPW_REG_GP_CNTRL,
933 		       IPW_AUX_HOST_GP_CNTRL_BIT_INIT_DONE);
934 
935 	/* wait for clock stabilization */
936 	for (i = 0; i < 10000; i++) {
937 		udelay(IPW_WAIT_CLOCK_STABILIZATION_DELAY * 4);
938 
939 		/* check clock ready bit */
940 		read_register(priv->net_dev, IPW_REG_GP_CNTRL, &r);
941 		if (r & IPW_AUX_HOST_GP_CNTRL_BIT_CLOCK_READY)
942 			break;
943 	}
944 
945 	if (i == 10000)
946 		return -EIO;	/* TODO: better error value */
947 
948 	/* set D0 standby bit */
949 	read_register(priv->net_dev, IPW_REG_GP_CNTRL, &r);
950 	write_register(priv->net_dev, IPW_REG_GP_CNTRL,
951 		       r | IPW_AUX_HOST_GP_CNTRL_BIT_HOST_ALLOWS_STANDBY);
952 
953 	return 0;
954 }
955 
956 /*********************************************************************
957     Procedure   :   ipw2100_download_firmware
958     Purpose     :   Initiaze adapter after power on.
959                     The sequence is:
960                     1. assert s/w reset first!
961                     2. awake clocks & wait for clock stabilization
962                     3. hold ARC (don't ask me why...)
963                     4. load Dino ucode and reset/clock init again
964                     5. zero-out shared mem
965                     6. download f/w
966  *******************************************************************/
967 static int ipw2100_download_firmware(struct ipw2100_priv *priv)
968 {
969 	u32 address;
970 	int err;
971 
972 #ifndef CONFIG_PM
973 	/* Fetch the firmware and microcode */
974 	struct ipw2100_fw ipw2100_firmware;
975 #endif
976 
977 	if (priv->fatal_error) {
978 		IPW_DEBUG_ERROR("%s: ipw2100_download_firmware called after "
979 				"fatal error %d.  Interface must be brought down.\n",
980 				priv->net_dev->name, priv->fatal_error);
981 		return -EINVAL;
982 	}
983 #ifdef CONFIG_PM
984 	if (!ipw2100_firmware.version) {
985 		err = ipw2100_get_firmware(priv, &ipw2100_firmware);
986 		if (err) {
987 			IPW_DEBUG_ERROR("%s: ipw2100_get_firmware failed: %d\n",
988 					priv->net_dev->name, err);
989 			priv->fatal_error = IPW2100_ERR_FW_LOAD;
990 			goto fail;
991 		}
992 	}
993 #else
994 	err = ipw2100_get_firmware(priv, &ipw2100_firmware);
995 	if (err) {
996 		IPW_DEBUG_ERROR("%s: ipw2100_get_firmware failed: %d\n",
997 				priv->net_dev->name, err);
998 		priv->fatal_error = IPW2100_ERR_FW_LOAD;
999 		goto fail;
1000 	}
1001 #endif
1002 	priv->firmware_version = ipw2100_firmware.version;
1003 
1004 	/* s/w reset and clock stabilization */
1005 	err = sw_reset_and_clock(priv);
1006 	if (err) {
1007 		IPW_DEBUG_ERROR("%s: sw_reset_and_clock failed: %d\n",
1008 				priv->net_dev->name, err);
1009 		goto fail;
1010 	}
1011 
1012 	err = ipw2100_verify(priv);
1013 	if (err) {
1014 		IPW_DEBUG_ERROR("%s: ipw2100_verify failed: %d\n",
1015 				priv->net_dev->name, err);
1016 		goto fail;
1017 	}
1018 
1019 	/* Hold ARC */
1020 	write_nic_dword(priv->net_dev,
1021 			IPW_INTERNAL_REGISTER_HALT_AND_RESET, 0x80000000);
1022 
1023 	/* allow ARC to run */
1024 	write_register(priv->net_dev, IPW_REG_RESET_REG, 0);
1025 
1026 	/* load microcode */
1027 	err = ipw2100_ucode_download(priv, &ipw2100_firmware);
1028 	if (err) {
1029 		printk(KERN_ERR DRV_NAME ": %s: Error loading microcode: %d\n",
1030 		       priv->net_dev->name, err);
1031 		goto fail;
1032 	}
1033 
1034 	/* release ARC */
1035 	write_nic_dword(priv->net_dev,
1036 			IPW_INTERNAL_REGISTER_HALT_AND_RESET, 0x00000000);
1037 
1038 	/* s/w reset and clock stabilization (again!!!) */
1039 	err = sw_reset_and_clock(priv);
1040 	if (err) {
1041 		printk(KERN_ERR DRV_NAME
1042 		       ": %s: sw_reset_and_clock failed: %d\n",
1043 		       priv->net_dev->name, err);
1044 		goto fail;
1045 	}
1046 
1047 	/* load f/w */
1048 	err = ipw2100_fw_download(priv, &ipw2100_firmware);
1049 	if (err) {
1050 		IPW_DEBUG_ERROR("%s: Error loading firmware: %d\n",
1051 				priv->net_dev->name, err);
1052 		goto fail;
1053 	}
1054 #ifndef CONFIG_PM
1055 	/*
1056 	 * When the .resume method of the driver is called, the other
1057 	 * part of the system, i.e. the ide driver could still stay in
1058 	 * the suspend stage. This prevents us from loading the firmware
1059 	 * from the disk.  --YZ
1060 	 */
1061 
1062 	/* free any storage allocated for firmware image */
1063 	ipw2100_release_firmware(priv, &ipw2100_firmware);
1064 #endif
1065 
1066 	/* zero out Domain 1 area indirectly (Si requirement) */
1067 	for (address = IPW_HOST_FW_SHARED_AREA0;
1068 	     address < IPW_HOST_FW_SHARED_AREA0_END; address += 4)
1069 		write_nic_dword(priv->net_dev, address, 0);
1070 	for (address = IPW_HOST_FW_SHARED_AREA1;
1071 	     address < IPW_HOST_FW_SHARED_AREA1_END; address += 4)
1072 		write_nic_dword(priv->net_dev, address, 0);
1073 	for (address = IPW_HOST_FW_SHARED_AREA2;
1074 	     address < IPW_HOST_FW_SHARED_AREA2_END; address += 4)
1075 		write_nic_dword(priv->net_dev, address, 0);
1076 	for (address = IPW_HOST_FW_SHARED_AREA3;
1077 	     address < IPW_HOST_FW_SHARED_AREA3_END; address += 4)
1078 		write_nic_dword(priv->net_dev, address, 0);
1079 	for (address = IPW_HOST_FW_INTERRUPT_AREA;
1080 	     address < IPW_HOST_FW_INTERRUPT_AREA_END; address += 4)
1081 		write_nic_dword(priv->net_dev, address, 0);
1082 
1083 	return 0;
1084 
1085       fail:
1086 	ipw2100_release_firmware(priv, &ipw2100_firmware);
1087 	return err;
1088 }
1089 
1090 static inline void ipw2100_enable_interrupts(struct ipw2100_priv *priv)
1091 {
1092 	if (priv->status & STATUS_INT_ENABLED)
1093 		return;
1094 	priv->status |= STATUS_INT_ENABLED;
1095 	write_register(priv->net_dev, IPW_REG_INTA_MASK, IPW_INTERRUPT_MASK);
1096 }
1097 
1098 static inline void ipw2100_disable_interrupts(struct ipw2100_priv *priv)
1099 {
1100 	if (!(priv->status & STATUS_INT_ENABLED))
1101 		return;
1102 	priv->status &= ~STATUS_INT_ENABLED;
1103 	write_register(priv->net_dev, IPW_REG_INTA_MASK, 0x0);
1104 }
1105 
1106 static void ipw2100_initialize_ordinals(struct ipw2100_priv *priv)
1107 {
1108 	struct ipw2100_ordinals *ord = &priv->ordinals;
1109 
1110 	IPW_DEBUG_INFO("enter\n");
1111 
1112 	read_register(priv->net_dev, IPW_MEM_HOST_SHARED_ORDINALS_TABLE_1,
1113 		      &ord->table1_addr);
1114 
1115 	read_register(priv->net_dev, IPW_MEM_HOST_SHARED_ORDINALS_TABLE_2,
1116 		      &ord->table2_addr);
1117 
1118 	read_nic_dword(priv->net_dev, ord->table1_addr, &ord->table1_size);
1119 	read_nic_dword(priv->net_dev, ord->table2_addr, &ord->table2_size);
1120 
1121 	ord->table2_size &= 0x0000FFFF;
1122 
1123 	IPW_DEBUG_INFO("table 1 size: %d\n", ord->table1_size);
1124 	IPW_DEBUG_INFO("table 2 size: %d\n", ord->table2_size);
1125 	IPW_DEBUG_INFO("exit\n");
1126 }
1127 
1128 static inline void ipw2100_hw_set_gpio(struct ipw2100_priv *priv)
1129 {
1130 	u32 reg = 0;
1131 	/*
1132 	 * Set GPIO 3 writable by FW; GPIO 1 writable
1133 	 * by driver and enable clock
1134 	 */
1135 	reg = (IPW_BIT_GPIO_GPIO3_MASK | IPW_BIT_GPIO_GPIO1_ENABLE |
1136 	       IPW_BIT_GPIO_LED_OFF);
1137 	write_register(priv->net_dev, IPW_REG_GPIO, reg);
1138 }
1139 
1140 static int rf_kill_active(struct ipw2100_priv *priv)
1141 {
1142 #define MAX_RF_KILL_CHECKS 5
1143 #define RF_KILL_CHECK_DELAY 40
1144 
1145 	unsigned short value = 0;
1146 	u32 reg = 0;
1147 	int i;
1148 
1149 	if (!(priv->hw_features & HW_FEATURE_RFKILL)) {
1150 		wiphy_rfkill_set_hw_state(priv->ieee->wdev.wiphy, false);
1151 		priv->status &= ~STATUS_RF_KILL_HW;
1152 		return 0;
1153 	}
1154 
1155 	for (i = 0; i < MAX_RF_KILL_CHECKS; i++) {
1156 		udelay(RF_KILL_CHECK_DELAY);
1157 		read_register(priv->net_dev, IPW_REG_GPIO, &reg);
1158 		value = (value << 1) | ((reg & IPW_BIT_GPIO_RF_KILL) ? 0 : 1);
1159 	}
1160 
1161 	if (value == 0) {
1162 		wiphy_rfkill_set_hw_state(priv->ieee->wdev.wiphy, true);
1163 		priv->status |= STATUS_RF_KILL_HW;
1164 	} else {
1165 		wiphy_rfkill_set_hw_state(priv->ieee->wdev.wiphy, false);
1166 		priv->status &= ~STATUS_RF_KILL_HW;
1167 	}
1168 
1169 	return (value == 0);
1170 }
1171 
1172 static int ipw2100_get_hw_features(struct ipw2100_priv *priv)
1173 {
1174 	u32 addr, len;
1175 	u32 val;
1176 
1177 	/*
1178 	 * EEPROM_SRAM_DB_START_ADDRESS using ordinal in ordinal table 1
1179 	 */
1180 	len = sizeof(addr);
1181 	if (ipw2100_get_ordinal
1182 	    (priv, IPW_ORD_EEPROM_SRAM_DB_BLOCK_START_ADDRESS, &addr, &len)) {
1183 		IPW_DEBUG_INFO("failed querying ordinals at line %d\n",
1184 			       __LINE__);
1185 		return -EIO;
1186 	}
1187 
1188 	IPW_DEBUG_INFO("EEPROM address: %08X\n", addr);
1189 
1190 	/*
1191 	 * EEPROM version is the byte at offset 0xfd in firmware
1192 	 * We read 4 bytes, then shift out the byte we actually want */
1193 	read_nic_dword(priv->net_dev, addr + 0xFC, &val);
1194 	priv->eeprom_version = (val >> 24) & 0xFF;
1195 	IPW_DEBUG_INFO("EEPROM version: %d\n", priv->eeprom_version);
1196 
1197 	/*
1198 	 *  HW RF Kill enable is bit 0 in byte at offset 0x21 in firmware
1199 	 *
1200 	 *  notice that the EEPROM bit is reverse polarity, i.e.
1201 	 *     bit = 0  signifies HW RF kill switch is supported
1202 	 *     bit = 1  signifies HW RF kill switch is NOT supported
1203 	 */
1204 	read_nic_dword(priv->net_dev, addr + 0x20, &val);
1205 	if (!((val >> 24) & 0x01))
1206 		priv->hw_features |= HW_FEATURE_RFKILL;
1207 
1208 	IPW_DEBUG_INFO("HW RF Kill: %ssupported.\n",
1209 		       (priv->hw_features & HW_FEATURE_RFKILL) ? "" : "not ");
1210 
1211 	return 0;
1212 }
1213 
1214 /*
1215  * Start firmware execution after power on and initialization
1216  * The sequence is:
1217  *  1. Release ARC
1218  *  2. Wait for f/w initialization completes;
1219  */
1220 static int ipw2100_start_adapter(struct ipw2100_priv *priv)
1221 {
1222 	int i;
1223 	u32 inta, inta_mask, gpio;
1224 
1225 	IPW_DEBUG_INFO("enter\n");
1226 
1227 	if (priv->status & STATUS_RUNNING)
1228 		return 0;
1229 
1230 	/*
1231 	 * Initialize the hw - drive adapter to DO state by setting
1232 	 * init_done bit. Wait for clk_ready bit and Download
1233 	 * fw & dino ucode
1234 	 */
1235 	if (ipw2100_download_firmware(priv)) {
1236 		printk(KERN_ERR DRV_NAME
1237 		       ": %s: Failed to power on the adapter.\n",
1238 		       priv->net_dev->name);
1239 		return -EIO;
1240 	}
1241 
1242 	/* Clear the Tx, Rx and Msg queues and the r/w indexes
1243 	 * in the firmware RBD and TBD ring queue */
1244 	ipw2100_queues_initialize(priv);
1245 
1246 	ipw2100_hw_set_gpio(priv);
1247 
1248 	/* TODO -- Look at disabling interrupts here to make sure none
1249 	 * get fired during FW initialization */
1250 
1251 	/* Release ARC - clear reset bit */
1252 	write_register(priv->net_dev, IPW_REG_RESET_REG, 0);
1253 
1254 	/* wait for f/w initialization complete */
1255 	IPW_DEBUG_FW("Waiting for f/w initialization to complete...\n");
1256 	i = 5000;
1257 	do {
1258 		schedule_timeout_uninterruptible(msecs_to_jiffies(40));
1259 		/* Todo... wait for sync command ... */
1260 
1261 		read_register(priv->net_dev, IPW_REG_INTA, &inta);
1262 
1263 		/* check "init done" bit */
1264 		if (inta & IPW2100_INTA_FW_INIT_DONE) {
1265 			/* reset "init done" bit */
1266 			write_register(priv->net_dev, IPW_REG_INTA,
1267 				       IPW2100_INTA_FW_INIT_DONE);
1268 			break;
1269 		}
1270 
1271 		/* check error conditions : we check these after the firmware
1272 		 * check so that if there is an error, the interrupt handler
1273 		 * will see it and the adapter will be reset */
1274 		if (inta &
1275 		    (IPW2100_INTA_FATAL_ERROR | IPW2100_INTA_PARITY_ERROR)) {
1276 			/* clear error conditions */
1277 			write_register(priv->net_dev, IPW_REG_INTA,
1278 				       IPW2100_INTA_FATAL_ERROR |
1279 				       IPW2100_INTA_PARITY_ERROR);
1280 		}
1281 	} while (--i);
1282 
1283 	/* Clear out any pending INTAs since we aren't supposed to have
1284 	 * interrupts enabled at this point... */
1285 	read_register(priv->net_dev, IPW_REG_INTA, &inta);
1286 	read_register(priv->net_dev, IPW_REG_INTA_MASK, &inta_mask);
1287 	inta &= IPW_INTERRUPT_MASK;
1288 	/* Clear out any pending interrupts */
1289 	if (inta & inta_mask)
1290 		write_register(priv->net_dev, IPW_REG_INTA, inta);
1291 
1292 	IPW_DEBUG_FW("f/w initialization complete: %s\n",
1293 		     i ? "SUCCESS" : "FAILED");
1294 
1295 	if (!i) {
1296 		printk(KERN_WARNING DRV_NAME
1297 		       ": %s: Firmware did not initialize.\n",
1298 		       priv->net_dev->name);
1299 		return -EIO;
1300 	}
1301 
1302 	/* allow firmware to write to GPIO1 & GPIO3 */
1303 	read_register(priv->net_dev, IPW_REG_GPIO, &gpio);
1304 
1305 	gpio |= (IPW_BIT_GPIO_GPIO1_MASK | IPW_BIT_GPIO_GPIO3_MASK);
1306 
1307 	write_register(priv->net_dev, IPW_REG_GPIO, gpio);
1308 
1309 	/* Ready to receive commands */
1310 	priv->status |= STATUS_RUNNING;
1311 
1312 	/* The adapter has been reset; we are not associated */
1313 	priv->status &= ~(STATUS_ASSOCIATING | STATUS_ASSOCIATED);
1314 
1315 	IPW_DEBUG_INFO("exit\n");
1316 
1317 	return 0;
1318 }
1319 
1320 static inline void ipw2100_reset_fatalerror(struct ipw2100_priv *priv)
1321 {
1322 	if (!priv->fatal_error)
1323 		return;
1324 
1325 	priv->fatal_errors[priv->fatal_index++] = priv->fatal_error;
1326 	priv->fatal_index %= IPW2100_ERROR_QUEUE;
1327 	priv->fatal_error = 0;
1328 }
1329 
1330 /* NOTE: Our interrupt is disabled when this method is called */
1331 static int ipw2100_power_cycle_adapter(struct ipw2100_priv *priv)
1332 {
1333 	u32 reg;
1334 	int i;
1335 
1336 	IPW_DEBUG_INFO("Power cycling the hardware.\n");
1337 
1338 	ipw2100_hw_set_gpio(priv);
1339 
1340 	/* Step 1. Stop Master Assert */
1341 	write_register(priv->net_dev, IPW_REG_RESET_REG,
1342 		       IPW_AUX_HOST_RESET_REG_STOP_MASTER);
1343 
1344 	/* Step 2. Wait for stop Master Assert
1345 	 *         (not more than 50us, otherwise ret error */
1346 	i = 5;
1347 	do {
1348 		udelay(IPW_WAIT_RESET_MASTER_ASSERT_COMPLETE_DELAY);
1349 		read_register(priv->net_dev, IPW_REG_RESET_REG, &reg);
1350 
1351 		if (reg & IPW_AUX_HOST_RESET_REG_MASTER_DISABLED)
1352 			break;
1353 	} while (--i);
1354 
1355 	priv->status &= ~STATUS_RESET_PENDING;
1356 
1357 	if (!i) {
1358 		IPW_DEBUG_INFO
1359 		    ("exit - waited too long for master assert stop\n");
1360 		return -EIO;
1361 	}
1362 
1363 	write_register(priv->net_dev, IPW_REG_RESET_REG,
1364 		       IPW_AUX_HOST_RESET_REG_SW_RESET);
1365 
1366 	/* Reset any fatal_error conditions */
1367 	ipw2100_reset_fatalerror(priv);
1368 
1369 	/* At this point, the adapter is now stopped and disabled */
1370 	priv->status &= ~(STATUS_RUNNING | STATUS_ASSOCIATING |
1371 			  STATUS_ASSOCIATED | STATUS_ENABLED);
1372 
1373 	return 0;
1374 }
1375 
1376 /*
1377  * Send the CARD_DISABLE_PHY_OFF command to the card to disable it
1378  *
1379  * After disabling, if the card was associated, a STATUS_ASSN_LOST will be sent.
1380  *
1381  * STATUS_CARD_DISABLE_NOTIFICATION will be sent regardless of
1382  * if STATUS_ASSN_LOST is sent.
1383  */
1384 static int ipw2100_hw_phy_off(struct ipw2100_priv *priv)
1385 {
1386 
1387 #define HW_PHY_OFF_LOOP_DELAY (msecs_to_jiffies(50))
1388 
1389 	struct host_command cmd = {
1390 		.host_command = CARD_DISABLE_PHY_OFF,
1391 		.host_command_sequence = 0,
1392 		.host_command_length = 0,
1393 	};
1394 	int err, i;
1395 	u32 val1, val2;
1396 
1397 	IPW_DEBUG_HC("CARD_DISABLE_PHY_OFF\n");
1398 
1399 	/* Turn off the radio */
1400 	err = ipw2100_hw_send_command(priv, &cmd);
1401 	if (err)
1402 		return err;
1403 
1404 	for (i = 0; i < 2500; i++) {
1405 		read_nic_dword(priv->net_dev, IPW2100_CONTROL_REG, &val1);
1406 		read_nic_dword(priv->net_dev, IPW2100_COMMAND, &val2);
1407 
1408 		if ((val1 & IPW2100_CONTROL_PHY_OFF) &&
1409 		    (val2 & IPW2100_COMMAND_PHY_OFF))
1410 			return 0;
1411 
1412 		schedule_timeout_uninterruptible(HW_PHY_OFF_LOOP_DELAY);
1413 	}
1414 
1415 	return -EIO;
1416 }
1417 
1418 static int ipw2100_enable_adapter(struct ipw2100_priv *priv)
1419 {
1420 	struct host_command cmd = {
1421 		.host_command = HOST_COMPLETE,
1422 		.host_command_sequence = 0,
1423 		.host_command_length = 0
1424 	};
1425 	int err = 0;
1426 
1427 	IPW_DEBUG_HC("HOST_COMPLETE\n");
1428 
1429 	if (priv->status & STATUS_ENABLED)
1430 		return 0;
1431 
1432 	mutex_lock(&priv->adapter_mutex);
1433 
1434 	if (rf_kill_active(priv)) {
1435 		IPW_DEBUG_HC("Command aborted due to RF kill active.\n");
1436 		goto fail_up;
1437 	}
1438 
1439 	err = ipw2100_hw_send_command(priv, &cmd);
1440 	if (err) {
1441 		IPW_DEBUG_INFO("Failed to send HOST_COMPLETE command\n");
1442 		goto fail_up;
1443 	}
1444 
1445 	err = ipw2100_wait_for_card_state(priv, IPW_HW_STATE_ENABLED);
1446 	if (err) {
1447 		IPW_DEBUG_INFO("%s: card not responding to init command.\n",
1448 			       priv->net_dev->name);
1449 		goto fail_up;
1450 	}
1451 
1452 	if (priv->stop_hang_check) {
1453 		priv->stop_hang_check = 0;
1454 		schedule_delayed_work(&priv->hang_check, HZ / 2);
1455 	}
1456 
1457       fail_up:
1458 	mutex_unlock(&priv->adapter_mutex);
1459 	return err;
1460 }
1461 
1462 static int ipw2100_hw_stop_adapter(struct ipw2100_priv *priv)
1463 {
1464 #define HW_POWER_DOWN_DELAY (msecs_to_jiffies(100))
1465 
1466 	struct host_command cmd = {
1467 		.host_command = HOST_PRE_POWER_DOWN,
1468 		.host_command_sequence = 0,
1469 		.host_command_length = 0,
1470 	};
1471 	int err, i;
1472 	u32 reg;
1473 
1474 	if (!(priv->status & STATUS_RUNNING))
1475 		return 0;
1476 
1477 	priv->status |= STATUS_STOPPING;
1478 
1479 	/* We can only shut down the card if the firmware is operational.  So,
1480 	 * if we haven't reset since a fatal_error, then we can not send the
1481 	 * shutdown commands. */
1482 	if (!priv->fatal_error) {
1483 		/* First, make sure the adapter is enabled so that the PHY_OFF
1484 		 * command can shut it down */
1485 		ipw2100_enable_adapter(priv);
1486 
1487 		err = ipw2100_hw_phy_off(priv);
1488 		if (err)
1489 			printk(KERN_WARNING DRV_NAME
1490 			       ": Error disabling radio %d\n", err);
1491 
1492 		/*
1493 		 * If in D0-standby mode going directly to D3 may cause a
1494 		 * PCI bus violation.  Therefore we must change out of the D0
1495 		 * state.
1496 		 *
1497 		 * Sending the PREPARE_FOR_POWER_DOWN will restrict the
1498 		 * hardware from going into standby mode and will transition
1499 		 * out of D0-standby if it is already in that state.
1500 		 *
1501 		 * STATUS_PREPARE_POWER_DOWN_COMPLETE will be sent by the
1502 		 * driver upon completion.  Once received, the driver can
1503 		 * proceed to the D3 state.
1504 		 *
1505 		 * Prepare for power down command to fw.  This command would
1506 		 * take HW out of D0-standby and prepare it for D3 state.
1507 		 *
1508 		 * Currently FW does not support event notification for this
1509 		 * event. Therefore, skip waiting for it.  Just wait a fixed
1510 		 * 100ms
1511 		 */
1512 		IPW_DEBUG_HC("HOST_PRE_POWER_DOWN\n");
1513 
1514 		err = ipw2100_hw_send_command(priv, &cmd);
1515 		if (err)
1516 			printk(KERN_WARNING DRV_NAME ": "
1517 			       "%s: Power down command failed: Error %d\n",
1518 			       priv->net_dev->name, err);
1519 		else
1520 			schedule_timeout_uninterruptible(HW_POWER_DOWN_DELAY);
1521 	}
1522 
1523 	priv->status &= ~STATUS_ENABLED;
1524 
1525 	/*
1526 	 * Set GPIO 3 writable by FW; GPIO 1 writable
1527 	 * by driver and enable clock
1528 	 */
1529 	ipw2100_hw_set_gpio(priv);
1530 
1531 	/*
1532 	 * Power down adapter.  Sequence:
1533 	 * 1. Stop master assert (RESET_REG[9]=1)
1534 	 * 2. Wait for stop master (RESET_REG[8]==1)
1535 	 * 3. S/w reset assert (RESET_REG[7] = 1)
1536 	 */
1537 
1538 	/* Stop master assert */
1539 	write_register(priv->net_dev, IPW_REG_RESET_REG,
1540 		       IPW_AUX_HOST_RESET_REG_STOP_MASTER);
1541 
1542 	/* wait stop master not more than 50 usec.
1543 	 * Otherwise return error. */
1544 	for (i = 5; i > 0; i--) {
1545 		udelay(10);
1546 
1547 		/* Check master stop bit */
1548 		read_register(priv->net_dev, IPW_REG_RESET_REG, &reg);
1549 
1550 		if (reg & IPW_AUX_HOST_RESET_REG_MASTER_DISABLED)
1551 			break;
1552 	}
1553 
1554 	if (i == 0)
1555 		printk(KERN_WARNING DRV_NAME
1556 		       ": %s: Could now power down adapter.\n",
1557 		       priv->net_dev->name);
1558 
1559 	/* assert s/w reset */
1560 	write_register(priv->net_dev, IPW_REG_RESET_REG,
1561 		       IPW_AUX_HOST_RESET_REG_SW_RESET);
1562 
1563 	priv->status &= ~(STATUS_RUNNING | STATUS_STOPPING);
1564 
1565 	return 0;
1566 }
1567 
1568 static int ipw2100_disable_adapter(struct ipw2100_priv *priv)
1569 {
1570 	struct host_command cmd = {
1571 		.host_command = CARD_DISABLE,
1572 		.host_command_sequence = 0,
1573 		.host_command_length = 0
1574 	};
1575 	int err = 0;
1576 
1577 	IPW_DEBUG_HC("CARD_DISABLE\n");
1578 
1579 	if (!(priv->status & STATUS_ENABLED))
1580 		return 0;
1581 
1582 	/* Make sure we clear the associated state */
1583 	priv->status &= ~(STATUS_ASSOCIATED | STATUS_ASSOCIATING);
1584 
1585 	if (!priv->stop_hang_check) {
1586 		priv->stop_hang_check = 1;
1587 		cancel_delayed_work(&priv->hang_check);
1588 	}
1589 
1590 	mutex_lock(&priv->adapter_mutex);
1591 
1592 	err = ipw2100_hw_send_command(priv, &cmd);
1593 	if (err) {
1594 		printk(KERN_WARNING DRV_NAME
1595 		       ": exit - failed to send CARD_DISABLE command\n");
1596 		goto fail_up;
1597 	}
1598 
1599 	err = ipw2100_wait_for_card_state(priv, IPW_HW_STATE_DISABLED);
1600 	if (err) {
1601 		printk(KERN_WARNING DRV_NAME
1602 		       ": exit - card failed to change to DISABLED\n");
1603 		goto fail_up;
1604 	}
1605 
1606 	IPW_DEBUG_INFO("TODO: implement scan state machine\n");
1607 
1608       fail_up:
1609 	mutex_unlock(&priv->adapter_mutex);
1610 	return err;
1611 }
1612 
1613 static int ipw2100_set_scan_options(struct ipw2100_priv *priv)
1614 {
1615 	struct host_command cmd = {
1616 		.host_command = SET_SCAN_OPTIONS,
1617 		.host_command_sequence = 0,
1618 		.host_command_length = 8
1619 	};
1620 	int err;
1621 
1622 	IPW_DEBUG_INFO("enter\n");
1623 
1624 	IPW_DEBUG_SCAN("setting scan options\n");
1625 
1626 	cmd.host_command_parameters[0] = 0;
1627 
1628 	if (!(priv->config & CFG_ASSOCIATE))
1629 		cmd.host_command_parameters[0] |= IPW_SCAN_NOASSOCIATE;
1630 	if ((priv->ieee->sec.flags & SEC_ENABLED) && priv->ieee->sec.enabled)
1631 		cmd.host_command_parameters[0] |= IPW_SCAN_MIXED_CELL;
1632 	if (priv->config & CFG_PASSIVE_SCAN)
1633 		cmd.host_command_parameters[0] |= IPW_SCAN_PASSIVE;
1634 
1635 	cmd.host_command_parameters[1] = priv->channel_mask;
1636 
1637 	err = ipw2100_hw_send_command(priv, &cmd);
1638 
1639 	IPW_DEBUG_HC("SET_SCAN_OPTIONS 0x%04X\n",
1640 		     cmd.host_command_parameters[0]);
1641 
1642 	return err;
1643 }
1644 
1645 static int ipw2100_start_scan(struct ipw2100_priv *priv)
1646 {
1647 	struct host_command cmd = {
1648 		.host_command = BROADCAST_SCAN,
1649 		.host_command_sequence = 0,
1650 		.host_command_length = 4
1651 	};
1652 	int err;
1653 
1654 	IPW_DEBUG_HC("START_SCAN\n");
1655 
1656 	cmd.host_command_parameters[0] = 0;
1657 
1658 	/* No scanning if in monitor mode */
1659 	if (priv->ieee->iw_mode == IW_MODE_MONITOR)
1660 		return 1;
1661 
1662 	if (priv->status & STATUS_SCANNING) {
1663 		IPW_DEBUG_SCAN("Scan requested while already in scan...\n");
1664 		return 0;
1665 	}
1666 
1667 	IPW_DEBUG_INFO("enter\n");
1668 
1669 	/* Not clearing here; doing so makes iwlist always return nothing...
1670 	 *
1671 	 * We should modify the table logic to use aging tables vs. clearing
1672 	 * the table on each scan start.
1673 	 */
1674 	IPW_DEBUG_SCAN("starting scan\n");
1675 
1676 	priv->status |= STATUS_SCANNING;
1677 	err = ipw2100_hw_send_command(priv, &cmd);
1678 	if (err)
1679 		priv->status &= ~STATUS_SCANNING;
1680 
1681 	IPW_DEBUG_INFO("exit\n");
1682 
1683 	return err;
1684 }
1685 
1686 static const struct libipw_geo ipw_geos[] = {
1687 	{			/* Restricted */
1688 	 "---",
1689 	 .bg_channels = 14,
1690 	 .bg = {{2412, 1}, {2417, 2}, {2422, 3},
1691 		{2427, 4}, {2432, 5}, {2437, 6},
1692 		{2442, 7}, {2447, 8}, {2452, 9},
1693 		{2457, 10}, {2462, 11}, {2467, 12},
1694 		{2472, 13}, {2484, 14}},
1695 	 },
1696 };
1697 
1698 static int ipw2100_up(struct ipw2100_priv *priv, int deferred)
1699 {
1700 	unsigned long flags;
1701 	int err = 0;
1702 	u32 lock;
1703 	u32 ord_len = sizeof(lock);
1704 
1705 	/* Age scan list entries found before suspend */
1706 	if (priv->suspend_time) {
1707 		libipw_networks_age(priv->ieee, priv->suspend_time);
1708 		priv->suspend_time = 0;
1709 	}
1710 
1711 	/* Quiet if manually disabled. */
1712 	if (priv->status & STATUS_RF_KILL_SW) {
1713 		IPW_DEBUG_INFO("%s: Radio is disabled by Manual Disable "
1714 			       "switch\n", priv->net_dev->name);
1715 		return 0;
1716 	}
1717 
1718 	/* the ipw2100 hardware really doesn't want power management delays
1719 	 * longer than 175usec
1720 	 */
1721 	cpu_latency_qos_update_request(&ipw2100_pm_qos_req, 175);
1722 
1723 	/* If the interrupt is enabled, turn it off... */
1724 	spin_lock_irqsave(&priv->low_lock, flags);
1725 	ipw2100_disable_interrupts(priv);
1726 
1727 	/* Reset any fatal_error conditions */
1728 	ipw2100_reset_fatalerror(priv);
1729 	spin_unlock_irqrestore(&priv->low_lock, flags);
1730 
1731 	if (priv->status & STATUS_POWERED ||
1732 	    (priv->status & STATUS_RESET_PENDING)) {
1733 		/* Power cycle the card ... */
1734 		err = ipw2100_power_cycle_adapter(priv);
1735 		if (err) {
1736 			printk(KERN_WARNING DRV_NAME
1737 			       ": %s: Could not cycle adapter.\n",
1738 			       priv->net_dev->name);
1739 			goto exit;
1740 		}
1741 	} else
1742 		priv->status |= STATUS_POWERED;
1743 
1744 	/* Load the firmware, start the clocks, etc. */
1745 	err = ipw2100_start_adapter(priv);
1746 	if (err) {
1747 		printk(KERN_ERR DRV_NAME
1748 		       ": %s: Failed to start the firmware.\n",
1749 		       priv->net_dev->name);
1750 		goto exit;
1751 	}
1752 
1753 	ipw2100_initialize_ordinals(priv);
1754 
1755 	/* Determine capabilities of this particular HW configuration */
1756 	err = ipw2100_get_hw_features(priv);
1757 	if (err) {
1758 		printk(KERN_ERR DRV_NAME
1759 		       ": %s: Failed to determine HW features.\n",
1760 		       priv->net_dev->name);
1761 		goto exit;
1762 	}
1763 
1764 	/* Initialize the geo */
1765 	libipw_set_geo(priv->ieee, &ipw_geos[0]);
1766 	priv->ieee->freq_band = LIBIPW_24GHZ_BAND;
1767 
1768 	lock = LOCK_NONE;
1769 	err = ipw2100_set_ordinal(priv, IPW_ORD_PERS_DB_LOCK, &lock, &ord_len);
1770 	if (err) {
1771 		printk(KERN_ERR DRV_NAME
1772 		       ": %s: Failed to clear ordinal lock.\n",
1773 		       priv->net_dev->name);
1774 		goto exit;
1775 	}
1776 
1777 	priv->status &= ~STATUS_SCANNING;
1778 
1779 	if (rf_kill_active(priv)) {
1780 		printk(KERN_INFO "%s: Radio is disabled by RF switch.\n",
1781 		       priv->net_dev->name);
1782 
1783 		if (priv->stop_rf_kill) {
1784 			priv->stop_rf_kill = 0;
1785 			schedule_delayed_work(&priv->rf_kill,
1786 					      round_jiffies_relative(HZ));
1787 		}
1788 
1789 		deferred = 1;
1790 	}
1791 
1792 	/* Turn on the interrupt so that commands can be processed */
1793 	ipw2100_enable_interrupts(priv);
1794 
1795 	/* Send all of the commands that must be sent prior to
1796 	 * HOST_COMPLETE */
1797 	err = ipw2100_adapter_setup(priv);
1798 	if (err) {
1799 		printk(KERN_ERR DRV_NAME ": %s: Failed to start the card.\n",
1800 		       priv->net_dev->name);
1801 		goto exit;
1802 	}
1803 
1804 	if (!deferred) {
1805 		/* Enable the adapter - sends HOST_COMPLETE */
1806 		err = ipw2100_enable_adapter(priv);
1807 		if (err) {
1808 			printk(KERN_ERR DRV_NAME ": "
1809 			       "%s: failed in call to enable adapter.\n",
1810 			       priv->net_dev->name);
1811 			ipw2100_hw_stop_adapter(priv);
1812 			goto exit;
1813 		}
1814 
1815 		/* Start a scan . . . */
1816 		ipw2100_set_scan_options(priv);
1817 		ipw2100_start_scan(priv);
1818 	}
1819 
1820       exit:
1821 	return err;
1822 }
1823 
1824 static void ipw2100_down(struct ipw2100_priv *priv)
1825 {
1826 	unsigned long flags;
1827 	union iwreq_data wrqu = {
1828 		.ap_addr = {
1829 			    .sa_family = ARPHRD_ETHER}
1830 	};
1831 	int associated = priv->status & STATUS_ASSOCIATED;
1832 
1833 	/* Kill the RF switch timer */
1834 	if (!priv->stop_rf_kill) {
1835 		priv->stop_rf_kill = 1;
1836 		cancel_delayed_work(&priv->rf_kill);
1837 	}
1838 
1839 	/* Kill the firmware hang check timer */
1840 	if (!priv->stop_hang_check) {
1841 		priv->stop_hang_check = 1;
1842 		cancel_delayed_work(&priv->hang_check);
1843 	}
1844 
1845 	/* Kill any pending resets */
1846 	if (priv->status & STATUS_RESET_PENDING)
1847 		cancel_delayed_work(&priv->reset_work);
1848 
1849 	/* Make sure the interrupt is on so that FW commands will be
1850 	 * processed correctly */
1851 	spin_lock_irqsave(&priv->low_lock, flags);
1852 	ipw2100_enable_interrupts(priv);
1853 	spin_unlock_irqrestore(&priv->low_lock, flags);
1854 
1855 	if (ipw2100_hw_stop_adapter(priv))
1856 		printk(KERN_ERR DRV_NAME ": %s: Error stopping adapter.\n",
1857 		       priv->net_dev->name);
1858 
1859 	/* Do not disable the interrupt until _after_ we disable
1860 	 * the adaptor.  Otherwise the CARD_DISABLE command will never
1861 	 * be ack'd by the firmware */
1862 	spin_lock_irqsave(&priv->low_lock, flags);
1863 	ipw2100_disable_interrupts(priv);
1864 	spin_unlock_irqrestore(&priv->low_lock, flags);
1865 
1866 	cpu_latency_qos_update_request(&ipw2100_pm_qos_req,
1867 				       PM_QOS_DEFAULT_VALUE);
1868 
1869 	/* We have to signal any supplicant if we are disassociating */
1870 	if (associated)
1871 		wireless_send_event(priv->net_dev, SIOCGIWAP, &wrqu, NULL);
1872 
1873 	priv->status &= ~(STATUS_ASSOCIATED | STATUS_ASSOCIATING);
1874 	netif_carrier_off(priv->net_dev);
1875 	netif_stop_queue(priv->net_dev);
1876 }
1877 
1878 static int ipw2100_wdev_init(struct net_device *dev)
1879 {
1880 	struct ipw2100_priv *priv = libipw_priv(dev);
1881 	const struct libipw_geo *geo = libipw_get_geo(priv->ieee);
1882 	struct wireless_dev *wdev = &priv->ieee->wdev;
1883 	int i;
1884 
1885 	memcpy(wdev->wiphy->perm_addr, priv->mac_addr, ETH_ALEN);
1886 
1887 	/* fill-out priv->ieee->bg_band */
1888 	if (geo->bg_channels) {
1889 		struct ieee80211_supported_band *bg_band = &priv->ieee->bg_band;
1890 
1891 		bg_band->band = NL80211_BAND_2GHZ;
1892 		bg_band->n_channels = geo->bg_channels;
1893 		bg_band->channels = kcalloc(geo->bg_channels,
1894 					    sizeof(struct ieee80211_channel),
1895 					    GFP_KERNEL);
1896 		if (!bg_band->channels) {
1897 			ipw2100_down(priv);
1898 			return -ENOMEM;
1899 		}
1900 		/* translate geo->bg to bg_band.channels */
1901 		for (i = 0; i < geo->bg_channels; i++) {
1902 			bg_band->channels[i].band = NL80211_BAND_2GHZ;
1903 			bg_band->channels[i].center_freq = geo->bg[i].freq;
1904 			bg_band->channels[i].hw_value = geo->bg[i].channel;
1905 			bg_band->channels[i].max_power = geo->bg[i].max_power;
1906 			if (geo->bg[i].flags & LIBIPW_CH_PASSIVE_ONLY)
1907 				bg_band->channels[i].flags |=
1908 					IEEE80211_CHAN_NO_IR;
1909 			if (geo->bg[i].flags & LIBIPW_CH_NO_IBSS)
1910 				bg_band->channels[i].flags |=
1911 					IEEE80211_CHAN_NO_IR;
1912 			if (geo->bg[i].flags & LIBIPW_CH_RADAR_DETECT)
1913 				bg_band->channels[i].flags |=
1914 					IEEE80211_CHAN_RADAR;
1915 			/* No equivalent for LIBIPW_CH_80211H_RULES,
1916 			   LIBIPW_CH_UNIFORM_SPREADING, or
1917 			   LIBIPW_CH_B_ONLY... */
1918 		}
1919 		/* point at bitrate info */
1920 		bg_band->bitrates = ipw2100_bg_rates;
1921 		bg_band->n_bitrates = RATE_COUNT;
1922 
1923 		wdev->wiphy->bands[NL80211_BAND_2GHZ] = bg_band;
1924 	}
1925 
1926 	wdev->wiphy->cipher_suites = ipw_cipher_suites;
1927 	wdev->wiphy->n_cipher_suites = ARRAY_SIZE(ipw_cipher_suites);
1928 
1929 	set_wiphy_dev(wdev->wiphy, &priv->pci_dev->dev);
1930 	if (wiphy_register(wdev->wiphy))
1931 		return -EIO;
1932 	return 0;
1933 }
1934 
1935 static void ipw2100_reset_adapter(struct work_struct *work)
1936 {
1937 	struct ipw2100_priv *priv =
1938 		container_of(work, struct ipw2100_priv, reset_work.work);
1939 	unsigned long flags;
1940 	union iwreq_data wrqu = {
1941 		.ap_addr = {
1942 			    .sa_family = ARPHRD_ETHER}
1943 	};
1944 	int associated = priv->status & STATUS_ASSOCIATED;
1945 
1946 	spin_lock_irqsave(&priv->low_lock, flags);
1947 	IPW_DEBUG_INFO(": %s: Restarting adapter.\n", priv->net_dev->name);
1948 	priv->resets++;
1949 	priv->status &= ~(STATUS_ASSOCIATED | STATUS_ASSOCIATING);
1950 	priv->status |= STATUS_SECURITY_UPDATED;
1951 
1952 	/* Force a power cycle even if interface hasn't been opened
1953 	 * yet */
1954 	cancel_delayed_work(&priv->reset_work);
1955 	priv->status |= STATUS_RESET_PENDING;
1956 	spin_unlock_irqrestore(&priv->low_lock, flags);
1957 
1958 	mutex_lock(&priv->action_mutex);
1959 	/* stop timed checks so that they don't interfere with reset */
1960 	priv->stop_hang_check = 1;
1961 	cancel_delayed_work(&priv->hang_check);
1962 
1963 	/* We have to signal any supplicant if we are disassociating */
1964 	if (associated)
1965 		wireless_send_event(priv->net_dev, SIOCGIWAP, &wrqu, NULL);
1966 
1967 	ipw2100_up(priv, 0);
1968 	mutex_unlock(&priv->action_mutex);
1969 
1970 }
1971 
1972 static void isr_indicate_associated(struct ipw2100_priv *priv, u32 status)
1973 {
1974 
1975 #define MAC_ASSOCIATION_READ_DELAY (HZ)
1976 	int ret;
1977 	unsigned int len, essid_len;
1978 	char essid[IW_ESSID_MAX_SIZE];
1979 	u32 txrate;
1980 	u32 chan;
1981 	char *txratename;
1982 	u8 bssid[ETH_ALEN];
1983 
1984 	/*
1985 	 * TBD: BSSID is usually 00:00:00:00:00:00 here and not
1986 	 *      an actual MAC of the AP. Seems like FW sets this
1987 	 *      address too late. Read it later and expose through
1988 	 *      /proc or schedule a later task to query and update
1989 	 */
1990 
1991 	essid_len = IW_ESSID_MAX_SIZE;
1992 	ret = ipw2100_get_ordinal(priv, IPW_ORD_STAT_ASSN_SSID,
1993 				  essid, &essid_len);
1994 	if (ret) {
1995 		IPW_DEBUG_INFO("failed querying ordinals at line %d\n",
1996 			       __LINE__);
1997 		return;
1998 	}
1999 
2000 	len = sizeof(u32);
2001 	ret = ipw2100_get_ordinal(priv, IPW_ORD_CURRENT_TX_RATE, &txrate, &len);
2002 	if (ret) {
2003 		IPW_DEBUG_INFO("failed querying ordinals at line %d\n",
2004 			       __LINE__);
2005 		return;
2006 	}
2007 
2008 	len = sizeof(u32);
2009 	ret = ipw2100_get_ordinal(priv, IPW_ORD_OUR_FREQ, &chan, &len);
2010 	if (ret) {
2011 		IPW_DEBUG_INFO("failed querying ordinals at line %d\n",
2012 			       __LINE__);
2013 		return;
2014 	}
2015 	len = ETH_ALEN;
2016 	ret = ipw2100_get_ordinal(priv, IPW_ORD_STAT_ASSN_AP_BSSID, bssid,
2017 				  &len);
2018 	if (ret) {
2019 		IPW_DEBUG_INFO("failed querying ordinals at line %d\n",
2020 			       __LINE__);
2021 		return;
2022 	}
2023 	memcpy(priv->ieee->bssid, bssid, ETH_ALEN);
2024 
2025 	switch (txrate) {
2026 	case TX_RATE_1_MBIT:
2027 		txratename = "1Mbps";
2028 		break;
2029 	case TX_RATE_2_MBIT:
2030 		txratename = "2Mbsp";
2031 		break;
2032 	case TX_RATE_5_5_MBIT:
2033 		txratename = "5.5Mbps";
2034 		break;
2035 	case TX_RATE_11_MBIT:
2036 		txratename = "11Mbps";
2037 		break;
2038 	default:
2039 		IPW_DEBUG_INFO("Unknown rate: %d\n", txrate);
2040 		txratename = "unknown rate";
2041 		break;
2042 	}
2043 
2044 	IPW_DEBUG_INFO("%s: Associated with '%*pE' at %s, channel %d (BSSID=%pM)\n",
2045 		       priv->net_dev->name, essid_len, essid,
2046 		       txratename, chan, bssid);
2047 
2048 	/* now we copy read ssid into dev */
2049 	if (!(priv->config & CFG_STATIC_ESSID)) {
2050 		priv->essid_len = min((u8) essid_len, (u8) IW_ESSID_MAX_SIZE);
2051 		memcpy(priv->essid, essid, priv->essid_len);
2052 	}
2053 	priv->channel = chan;
2054 	memcpy(priv->bssid, bssid, ETH_ALEN);
2055 
2056 	priv->status |= STATUS_ASSOCIATING;
2057 	priv->connect_start = ktime_get_boottime_seconds();
2058 
2059 	schedule_delayed_work(&priv->wx_event_work, HZ / 10);
2060 }
2061 
2062 static int ipw2100_set_essid(struct ipw2100_priv *priv, char *essid,
2063 			     int length, int batch_mode)
2064 {
2065 	int ssid_len = min(length, IW_ESSID_MAX_SIZE);
2066 	struct host_command cmd = {
2067 		.host_command = SSID,
2068 		.host_command_sequence = 0,
2069 		.host_command_length = ssid_len
2070 	};
2071 	int err;
2072 
2073 	IPW_DEBUG_HC("SSID: '%*pE'\n", ssid_len, essid);
2074 
2075 	if (ssid_len)
2076 		memcpy(cmd.host_command_parameters, essid, ssid_len);
2077 
2078 	if (!batch_mode) {
2079 		err = ipw2100_disable_adapter(priv);
2080 		if (err)
2081 			return err;
2082 	}
2083 
2084 	/* Bug in FW currently doesn't honor bit 0 in SET_SCAN_OPTIONS to
2085 	 * disable auto association -- so we cheat by setting a bogus SSID */
2086 	if (!ssid_len && !(priv->config & CFG_ASSOCIATE)) {
2087 		int i;
2088 		u8 *bogus = (u8 *) cmd.host_command_parameters;
2089 		for (i = 0; i < IW_ESSID_MAX_SIZE; i++)
2090 			bogus[i] = 0x18 + i;
2091 		cmd.host_command_length = IW_ESSID_MAX_SIZE;
2092 	}
2093 
2094 	/* NOTE:  We always send the SSID command even if the provided ESSID is
2095 	 * the same as what we currently think is set. */
2096 
2097 	err = ipw2100_hw_send_command(priv, &cmd);
2098 	if (!err) {
2099 		memset(priv->essid + ssid_len, 0, IW_ESSID_MAX_SIZE - ssid_len);
2100 		memcpy(priv->essid, essid, ssid_len);
2101 		priv->essid_len = ssid_len;
2102 	}
2103 
2104 	if (!batch_mode) {
2105 		if (ipw2100_enable_adapter(priv))
2106 			err = -EIO;
2107 	}
2108 
2109 	return err;
2110 }
2111 
2112 static void isr_indicate_association_lost(struct ipw2100_priv *priv, u32 status)
2113 {
2114 	IPW_DEBUG(IPW_DL_NOTIF | IPW_DL_STATE | IPW_DL_ASSOC,
2115 		  "disassociated: '%*pE' %pM\n", priv->essid_len, priv->essid,
2116 		  priv->bssid);
2117 
2118 	priv->status &= ~(STATUS_ASSOCIATED | STATUS_ASSOCIATING);
2119 
2120 	if (priv->status & STATUS_STOPPING) {
2121 		IPW_DEBUG_INFO("Card is stopping itself, discard ASSN_LOST.\n");
2122 		return;
2123 	}
2124 
2125 	eth_zero_addr(priv->bssid);
2126 	eth_zero_addr(priv->ieee->bssid);
2127 
2128 	netif_carrier_off(priv->net_dev);
2129 	netif_stop_queue(priv->net_dev);
2130 
2131 	if (!(priv->status & STATUS_RUNNING))
2132 		return;
2133 
2134 	if (priv->status & STATUS_SECURITY_UPDATED)
2135 		schedule_delayed_work(&priv->security_work, 0);
2136 
2137 	schedule_delayed_work(&priv->wx_event_work, 0);
2138 }
2139 
2140 static void isr_indicate_rf_kill(struct ipw2100_priv *priv, u32 status)
2141 {
2142 	IPW_DEBUG_INFO("%s: RF Kill state changed to radio OFF.\n",
2143 		       priv->net_dev->name);
2144 
2145 	/* RF_KILL is now enabled (else we wouldn't be here) */
2146 	wiphy_rfkill_set_hw_state(priv->ieee->wdev.wiphy, true);
2147 	priv->status |= STATUS_RF_KILL_HW;
2148 
2149 	/* Make sure the RF Kill check timer is running */
2150 	priv->stop_rf_kill = 0;
2151 	mod_delayed_work(system_wq, &priv->rf_kill, round_jiffies_relative(HZ));
2152 }
2153 
2154 static void ipw2100_scan_event(struct work_struct *work)
2155 {
2156 	struct ipw2100_priv *priv = container_of(work, struct ipw2100_priv,
2157 						 scan_event.work);
2158 	union iwreq_data wrqu;
2159 
2160 	wrqu.data.length = 0;
2161 	wrqu.data.flags = 0;
2162 	wireless_send_event(priv->net_dev, SIOCGIWSCAN, &wrqu, NULL);
2163 }
2164 
2165 static void isr_scan_complete(struct ipw2100_priv *priv, u32 status)
2166 {
2167 	IPW_DEBUG_SCAN("scan complete\n");
2168 	/* Age the scan results... */
2169 	priv->ieee->scans++;
2170 	priv->status &= ~STATUS_SCANNING;
2171 
2172 	/* Only userspace-requested scan completion events go out immediately */
2173 	if (!priv->user_requested_scan) {
2174 		schedule_delayed_work(&priv->scan_event,
2175 				      round_jiffies_relative(msecs_to_jiffies(4000)));
2176 	} else {
2177 		priv->user_requested_scan = 0;
2178 		mod_delayed_work(system_wq, &priv->scan_event, 0);
2179 	}
2180 }
2181 
2182 #ifdef CONFIG_IPW2100_DEBUG
2183 #define IPW2100_HANDLER(v, f) { v, f, # v }
2184 struct ipw2100_status_indicator {
2185 	int status;
2186 	void (*cb) (struct ipw2100_priv * priv, u32 status);
2187 	char *name;
2188 };
2189 #else
2190 #define IPW2100_HANDLER(v, f) { v, f }
2191 struct ipw2100_status_indicator {
2192 	int status;
2193 	void (*cb) (struct ipw2100_priv * priv, u32 status);
2194 };
2195 #endif				/* CONFIG_IPW2100_DEBUG */
2196 
2197 static void isr_indicate_scanning(struct ipw2100_priv *priv, u32 status)
2198 {
2199 	IPW_DEBUG_SCAN("Scanning...\n");
2200 	priv->status |= STATUS_SCANNING;
2201 }
2202 
2203 static const struct ipw2100_status_indicator status_handlers[] = {
2204 	IPW2100_HANDLER(IPW_STATE_INITIALIZED, NULL),
2205 	IPW2100_HANDLER(IPW_STATE_COUNTRY_FOUND, NULL),
2206 	IPW2100_HANDLER(IPW_STATE_ASSOCIATED, isr_indicate_associated),
2207 	IPW2100_HANDLER(IPW_STATE_ASSN_LOST, isr_indicate_association_lost),
2208 	IPW2100_HANDLER(IPW_STATE_ASSN_CHANGED, NULL),
2209 	IPW2100_HANDLER(IPW_STATE_SCAN_COMPLETE, isr_scan_complete),
2210 	IPW2100_HANDLER(IPW_STATE_ENTERED_PSP, NULL),
2211 	IPW2100_HANDLER(IPW_STATE_LEFT_PSP, NULL),
2212 	IPW2100_HANDLER(IPW_STATE_RF_KILL, isr_indicate_rf_kill),
2213 	IPW2100_HANDLER(IPW_STATE_DISABLED, NULL),
2214 	IPW2100_HANDLER(IPW_STATE_POWER_DOWN, NULL),
2215 	IPW2100_HANDLER(IPW_STATE_SCANNING, isr_indicate_scanning),
2216 	IPW2100_HANDLER(-1, NULL)
2217 };
2218 
2219 static void isr_status_change(struct ipw2100_priv *priv, int status)
2220 {
2221 	int i;
2222 
2223 	if (status == IPW_STATE_SCANNING &&
2224 	    priv->status & STATUS_ASSOCIATED &&
2225 	    !(priv->status & STATUS_SCANNING)) {
2226 		IPW_DEBUG_INFO("Scan detected while associated, with "
2227 			       "no scan request.  Restarting firmware.\n");
2228 
2229 		/* Wake up any sleeping jobs */
2230 		schedule_reset(priv);
2231 	}
2232 
2233 	for (i = 0; status_handlers[i].status != -1; i++) {
2234 		if (status == status_handlers[i].status) {
2235 			IPW_DEBUG_NOTIF("Status change: %s\n",
2236 					status_handlers[i].name);
2237 			if (status_handlers[i].cb)
2238 				status_handlers[i].cb(priv, status);
2239 			priv->wstats.status = status;
2240 			return;
2241 		}
2242 	}
2243 
2244 	IPW_DEBUG_NOTIF("unknown status received: %04x\n", status);
2245 }
2246 
2247 static void isr_rx_complete_command(struct ipw2100_priv *priv,
2248 				    struct ipw2100_cmd_header *cmd)
2249 {
2250 #ifdef CONFIG_IPW2100_DEBUG
2251 	if (cmd->host_command_reg < ARRAY_SIZE(command_types)) {
2252 		IPW_DEBUG_HC("Command completed '%s (%d)'\n",
2253 			     command_types[cmd->host_command_reg],
2254 			     cmd->host_command_reg);
2255 	}
2256 #endif
2257 	if (cmd->host_command_reg == HOST_COMPLETE)
2258 		priv->status |= STATUS_ENABLED;
2259 
2260 	if (cmd->host_command_reg == CARD_DISABLE)
2261 		priv->status &= ~STATUS_ENABLED;
2262 
2263 	priv->status &= ~STATUS_CMD_ACTIVE;
2264 
2265 	wake_up_interruptible(&priv->wait_command_queue);
2266 }
2267 
2268 #ifdef CONFIG_IPW2100_DEBUG
2269 static const char *frame_types[] = {
2270 	"COMMAND_STATUS_VAL",
2271 	"STATUS_CHANGE_VAL",
2272 	"P80211_DATA_VAL",
2273 	"P8023_DATA_VAL",
2274 	"HOST_NOTIFICATION_VAL"
2275 };
2276 #endif
2277 
2278 static int ipw2100_alloc_skb(struct ipw2100_priv *priv,
2279 				    struct ipw2100_rx_packet *packet)
2280 {
2281 	packet->skb = dev_alloc_skb(sizeof(struct ipw2100_rx));
2282 	if (!packet->skb)
2283 		return -ENOMEM;
2284 
2285 	packet->rxp = (struct ipw2100_rx *)packet->skb->data;
2286 	packet->dma_addr = dma_map_single(&priv->pci_dev->dev,
2287 					  packet->skb->data,
2288 					  sizeof(struct ipw2100_rx),
2289 					  DMA_FROM_DEVICE);
2290 	if (dma_mapping_error(&priv->pci_dev->dev, packet->dma_addr)) {
2291 		dev_kfree_skb(packet->skb);
2292 		return -ENOMEM;
2293 	}
2294 
2295 	return 0;
2296 }
2297 
2298 #define SEARCH_ERROR   0xffffffff
2299 #define SEARCH_FAIL    0xfffffffe
2300 #define SEARCH_SUCCESS 0xfffffff0
2301 #define SEARCH_DISCARD 0
2302 #define SEARCH_SNAPSHOT 1
2303 
2304 #define SNAPSHOT_ADDR(ofs) (priv->snapshot[((ofs) >> 12) & 0xff] + ((ofs) & 0xfff))
2305 static void ipw2100_snapshot_free(struct ipw2100_priv *priv)
2306 {
2307 	int i;
2308 	if (!priv->snapshot[0])
2309 		return;
2310 	for (i = 0; i < 0x30; i++)
2311 		kfree(priv->snapshot[i]);
2312 	priv->snapshot[0] = NULL;
2313 }
2314 
2315 #ifdef IPW2100_DEBUG_C3
2316 static int ipw2100_snapshot_alloc(struct ipw2100_priv *priv)
2317 {
2318 	int i;
2319 	if (priv->snapshot[0])
2320 		return 1;
2321 	for (i = 0; i < 0x30; i++) {
2322 		priv->snapshot[i] = kmalloc(0x1000, GFP_ATOMIC);
2323 		if (!priv->snapshot[i]) {
2324 			IPW_DEBUG_INFO("%s: Error allocating snapshot "
2325 				       "buffer %d\n", priv->net_dev->name, i);
2326 			while (i > 0)
2327 				kfree(priv->snapshot[--i]);
2328 			priv->snapshot[0] = NULL;
2329 			return 0;
2330 		}
2331 	}
2332 
2333 	return 1;
2334 }
2335 
2336 static u32 ipw2100_match_buf(struct ipw2100_priv *priv, u8 * in_buf,
2337 				    size_t len, int mode)
2338 {
2339 	u32 i, j;
2340 	u32 tmp;
2341 	u8 *s, *d;
2342 	u32 ret;
2343 
2344 	s = in_buf;
2345 	if (mode == SEARCH_SNAPSHOT) {
2346 		if (!ipw2100_snapshot_alloc(priv))
2347 			mode = SEARCH_DISCARD;
2348 	}
2349 
2350 	for (ret = SEARCH_FAIL, i = 0; i < 0x30000; i += 4) {
2351 		read_nic_dword(priv->net_dev, i, &tmp);
2352 		if (mode == SEARCH_SNAPSHOT)
2353 			*(u32 *) SNAPSHOT_ADDR(i) = tmp;
2354 		if (ret == SEARCH_FAIL) {
2355 			d = (u8 *) & tmp;
2356 			for (j = 0; j < 4; j++) {
2357 				if (*s != *d) {
2358 					s = in_buf;
2359 					continue;
2360 				}
2361 
2362 				s++;
2363 				d++;
2364 
2365 				if ((s - in_buf) == len)
2366 					ret = (i + j) - len + 1;
2367 			}
2368 		} else if (mode == SEARCH_DISCARD)
2369 			return ret;
2370 	}
2371 
2372 	return ret;
2373 }
2374 #endif
2375 
2376 /*
2377  *
2378  * 0) Disconnect the SKB from the firmware (just unmap)
2379  * 1) Pack the ETH header into the SKB
2380  * 2) Pass the SKB to the network stack
2381  *
2382  * When packet is provided by the firmware, it contains the following:
2383  *
2384  * .  libipw_hdr
2385  * .  libipw_snap_hdr
2386  *
2387  * The size of the constructed ethernet
2388  *
2389  */
2390 #ifdef IPW2100_RX_DEBUG
2391 static u8 packet_data[IPW_RX_NIC_BUFFER_LENGTH];
2392 #endif
2393 
2394 static void ipw2100_corruption_detected(struct ipw2100_priv *priv, int i)
2395 {
2396 #ifdef IPW2100_DEBUG_C3
2397 	struct ipw2100_status *status = &priv->status_queue.drv[i];
2398 	u32 match, reg;
2399 	int j;
2400 #endif
2401 
2402 	IPW_DEBUG_INFO(": PCI latency error detected at 0x%04zX.\n",
2403 		       i * sizeof(struct ipw2100_status));
2404 
2405 #ifdef IPW2100_DEBUG_C3
2406 	/* Halt the firmware so we can get a good image */
2407 	write_register(priv->net_dev, IPW_REG_RESET_REG,
2408 		       IPW_AUX_HOST_RESET_REG_STOP_MASTER);
2409 	j = 5;
2410 	do {
2411 		udelay(IPW_WAIT_RESET_MASTER_ASSERT_COMPLETE_DELAY);
2412 		read_register(priv->net_dev, IPW_REG_RESET_REG, &reg);
2413 
2414 		if (reg & IPW_AUX_HOST_RESET_REG_MASTER_DISABLED)
2415 			break;
2416 	} while (j--);
2417 
2418 	match = ipw2100_match_buf(priv, (u8 *) status,
2419 				  sizeof(struct ipw2100_status),
2420 				  SEARCH_SNAPSHOT);
2421 	if (match < SEARCH_SUCCESS)
2422 		IPW_DEBUG_INFO("%s: DMA status match in Firmware at "
2423 			       "offset 0x%06X, length %d:\n",
2424 			       priv->net_dev->name, match,
2425 			       sizeof(struct ipw2100_status));
2426 	else
2427 		IPW_DEBUG_INFO("%s: No DMA status match in "
2428 			       "Firmware.\n", priv->net_dev->name);
2429 
2430 	printk_buf((u8 *) priv->status_queue.drv,
2431 		   sizeof(struct ipw2100_status) * RX_QUEUE_LENGTH);
2432 #endif
2433 
2434 	priv->fatal_error = IPW2100_ERR_C3_CORRUPTION;
2435 	priv->net_dev->stats.rx_errors++;
2436 	schedule_reset(priv);
2437 }
2438 
2439 static void isr_rx(struct ipw2100_priv *priv, int i,
2440 			  struct libipw_rx_stats *stats)
2441 {
2442 	struct net_device *dev = priv->net_dev;
2443 	struct ipw2100_status *status = &priv->status_queue.drv[i];
2444 	struct ipw2100_rx_packet *packet = &priv->rx_buffers[i];
2445 
2446 	IPW_DEBUG_RX("Handler...\n");
2447 
2448 	if (unlikely(status->frame_size > skb_tailroom(packet->skb))) {
2449 		IPW_DEBUG_INFO("%s: frame_size (%u) > skb_tailroom (%u)!"
2450 			       "  Dropping.\n",
2451 			       dev->name,
2452 			       status->frame_size, skb_tailroom(packet->skb));
2453 		dev->stats.rx_errors++;
2454 		return;
2455 	}
2456 
2457 	if (unlikely(!netif_running(dev))) {
2458 		dev->stats.rx_errors++;
2459 		priv->wstats.discard.misc++;
2460 		IPW_DEBUG_DROP("Dropping packet while interface is not up.\n");
2461 		return;
2462 	}
2463 
2464 	if (unlikely(priv->ieee->iw_mode != IW_MODE_MONITOR &&
2465 		     !(priv->status & STATUS_ASSOCIATED))) {
2466 		IPW_DEBUG_DROP("Dropping packet while not associated.\n");
2467 		priv->wstats.discard.misc++;
2468 		return;
2469 	}
2470 
2471 	dma_unmap_single(&priv->pci_dev->dev, packet->dma_addr,
2472 			 sizeof(struct ipw2100_rx), DMA_FROM_DEVICE);
2473 
2474 	skb_put(packet->skb, status->frame_size);
2475 
2476 #ifdef IPW2100_RX_DEBUG
2477 	/* Make a copy of the frame so we can dump it to the logs if
2478 	 * libipw_rx fails */
2479 	skb_copy_from_linear_data(packet->skb, packet_data,
2480 				  min_t(u32, status->frame_size,
2481 					     IPW_RX_NIC_BUFFER_LENGTH));
2482 #endif
2483 
2484 	if (!libipw_rx(priv->ieee, packet->skb, stats)) {
2485 #ifdef IPW2100_RX_DEBUG
2486 		IPW_DEBUG_DROP("%s: Non consumed packet:\n",
2487 			       dev->name);
2488 		printk_buf(IPW_DL_DROP, packet_data, status->frame_size);
2489 #endif
2490 		dev->stats.rx_errors++;
2491 
2492 		/* libipw_rx failed, so it didn't free the SKB */
2493 		dev_kfree_skb_any(packet->skb);
2494 		packet->skb = NULL;
2495 	}
2496 
2497 	/* We need to allocate a new SKB and attach it to the RDB. */
2498 	if (unlikely(ipw2100_alloc_skb(priv, packet))) {
2499 		printk(KERN_WARNING DRV_NAME ": "
2500 		       "%s: Unable to allocate SKB onto RBD ring - disabling "
2501 		       "adapter.\n", dev->name);
2502 		/* TODO: schedule adapter shutdown */
2503 		IPW_DEBUG_INFO("TODO: Shutdown adapter...\n");
2504 	}
2505 
2506 	/* Update the RDB entry */
2507 	priv->rx_queue.drv[i].host_addr = packet->dma_addr;
2508 }
2509 
2510 #ifdef CONFIG_IPW2100_MONITOR
2511 
2512 static void isr_rx_monitor(struct ipw2100_priv *priv, int i,
2513 		   struct libipw_rx_stats *stats)
2514 {
2515 	struct net_device *dev = priv->net_dev;
2516 	struct ipw2100_status *status = &priv->status_queue.drv[i];
2517 	struct ipw2100_rx_packet *packet = &priv->rx_buffers[i];
2518 
2519 	/* Magic struct that slots into the radiotap header -- no reason
2520 	 * to build this manually element by element, we can write it much
2521 	 * more efficiently than we can parse it. ORDER MATTERS HERE */
2522 	struct ipw_rt_hdr {
2523 		struct ieee80211_radiotap_header rt_hdr;
2524 		s8 rt_dbmsignal; /* signal in dbM, kluged to signed */
2525 	} *ipw_rt;
2526 
2527 	IPW_DEBUG_RX("Handler...\n");
2528 
2529 	if (unlikely(status->frame_size > skb_tailroom(packet->skb) -
2530 				sizeof(struct ipw_rt_hdr))) {
2531 		IPW_DEBUG_INFO("%s: frame_size (%u) > skb_tailroom (%u)!"
2532 			       "  Dropping.\n",
2533 			       dev->name,
2534 			       status->frame_size,
2535 			       skb_tailroom(packet->skb));
2536 		dev->stats.rx_errors++;
2537 		return;
2538 	}
2539 
2540 	if (unlikely(!netif_running(dev))) {
2541 		dev->stats.rx_errors++;
2542 		priv->wstats.discard.misc++;
2543 		IPW_DEBUG_DROP("Dropping packet while interface is not up.\n");
2544 		return;
2545 	}
2546 
2547 	if (unlikely(priv->config & CFG_CRC_CHECK &&
2548 		     status->flags & IPW_STATUS_FLAG_CRC_ERROR)) {
2549 		IPW_DEBUG_RX("CRC error in packet.  Dropping.\n");
2550 		dev->stats.rx_errors++;
2551 		return;
2552 	}
2553 
2554 	dma_unmap_single(&priv->pci_dev->dev, packet->dma_addr,
2555 			 sizeof(struct ipw2100_rx), DMA_FROM_DEVICE);
2556 	memmove(packet->skb->data + sizeof(struct ipw_rt_hdr),
2557 		packet->skb->data, status->frame_size);
2558 
2559 	ipw_rt = (struct ipw_rt_hdr *) packet->skb->data;
2560 
2561 	ipw_rt->rt_hdr.it_version = PKTHDR_RADIOTAP_VERSION;
2562 	ipw_rt->rt_hdr.it_pad = 0; /* always good to zero */
2563 	ipw_rt->rt_hdr.it_len = cpu_to_le16(sizeof(struct ipw_rt_hdr)); /* total hdr+data */
2564 
2565 	ipw_rt->rt_hdr.it_present = cpu_to_le32(1 << IEEE80211_RADIOTAP_DBM_ANTSIGNAL);
2566 
2567 	ipw_rt->rt_dbmsignal = status->rssi + IPW2100_RSSI_TO_DBM;
2568 
2569 	skb_put(packet->skb, status->frame_size + sizeof(struct ipw_rt_hdr));
2570 
2571 	if (!libipw_rx(priv->ieee, packet->skb, stats)) {
2572 		dev->stats.rx_errors++;
2573 
2574 		/* libipw_rx failed, so it didn't free the SKB */
2575 		dev_kfree_skb_any(packet->skb);
2576 		packet->skb = NULL;
2577 	}
2578 
2579 	/* We need to allocate a new SKB and attach it to the RDB. */
2580 	if (unlikely(ipw2100_alloc_skb(priv, packet))) {
2581 		IPW_DEBUG_WARNING(
2582 			"%s: Unable to allocate SKB onto RBD ring - disabling "
2583 			"adapter.\n", dev->name);
2584 		/* TODO: schedule adapter shutdown */
2585 		IPW_DEBUG_INFO("TODO: Shutdown adapter...\n");
2586 	}
2587 
2588 	/* Update the RDB entry */
2589 	priv->rx_queue.drv[i].host_addr = packet->dma_addr;
2590 }
2591 
2592 #endif
2593 
2594 static int ipw2100_corruption_check(struct ipw2100_priv *priv, int i)
2595 {
2596 	struct ipw2100_status *status = &priv->status_queue.drv[i];
2597 	struct ipw2100_rx *u = priv->rx_buffers[i].rxp;
2598 	u16 frame_type = status->status_fields & STATUS_TYPE_MASK;
2599 
2600 	switch (frame_type) {
2601 	case COMMAND_STATUS_VAL:
2602 		return (status->frame_size != sizeof(u->rx_data.command));
2603 	case STATUS_CHANGE_VAL:
2604 		return (status->frame_size != sizeof(u->rx_data.status));
2605 	case HOST_NOTIFICATION_VAL:
2606 		return (status->frame_size < sizeof(u->rx_data.notification));
2607 	case P80211_DATA_VAL:
2608 	case P8023_DATA_VAL:
2609 #ifdef CONFIG_IPW2100_MONITOR
2610 		return 0;
2611 #else
2612 		switch (WLAN_FC_GET_TYPE(le16_to_cpu(u->rx_data.header.frame_ctl))) {
2613 		case IEEE80211_FTYPE_MGMT:
2614 		case IEEE80211_FTYPE_CTL:
2615 			return 0;
2616 		case IEEE80211_FTYPE_DATA:
2617 			return (status->frame_size >
2618 				IPW_MAX_802_11_PAYLOAD_LENGTH);
2619 		}
2620 #endif
2621 	}
2622 
2623 	return 1;
2624 }
2625 
2626 /*
2627  * ipw2100 interrupts are disabled at this point, and the ISR
2628  * is the only code that calls this method.  So, we do not need
2629  * to play with any locks.
2630  *
2631  * RX Queue works as follows:
2632  *
2633  * Read index - firmware places packet in entry identified by the
2634  *              Read index and advances Read index.  In this manner,
2635  *              Read index will always point to the next packet to
2636  *              be filled--but not yet valid.
2637  *
2638  * Write index - driver fills this entry with an unused RBD entry.
2639  *               This entry has not filled by the firmware yet.
2640  *
2641  * In between the W and R indexes are the RBDs that have been received
2642  * but not yet processed.
2643  *
2644  * The process of handling packets will start at WRITE + 1 and advance
2645  * until it reaches the READ index.
2646  *
2647  * The WRITE index is cached in the variable 'priv->rx_queue.next'.
2648  *
2649  */
2650 static void __ipw2100_rx_process(struct ipw2100_priv *priv)
2651 {
2652 	struct ipw2100_bd_queue *rxq = &priv->rx_queue;
2653 	struct ipw2100_status_queue *sq = &priv->status_queue;
2654 	struct ipw2100_rx_packet *packet;
2655 	u16 frame_type;
2656 	u32 r, w, i, s;
2657 	struct ipw2100_rx *u;
2658 	struct libipw_rx_stats stats = {
2659 		.mac_time = jiffies,
2660 	};
2661 
2662 	read_register(priv->net_dev, IPW_MEM_HOST_SHARED_RX_READ_INDEX, &r);
2663 	read_register(priv->net_dev, IPW_MEM_HOST_SHARED_RX_WRITE_INDEX, &w);
2664 
2665 	if (r >= rxq->entries) {
2666 		IPW_DEBUG_RX("exit - bad read index\n");
2667 		return;
2668 	}
2669 
2670 	i = (rxq->next + 1) % rxq->entries;
2671 	s = i;
2672 	while (i != r) {
2673 		/* IPW_DEBUG_RX("r = %d : w = %d : processing = %d\n",
2674 		   r, rxq->next, i); */
2675 
2676 		packet = &priv->rx_buffers[i];
2677 
2678 		/* Sync the DMA for the RX buffer so CPU is sure to get
2679 		 * the correct values */
2680 		dma_sync_single_for_cpu(&priv->pci_dev->dev, packet->dma_addr,
2681 					sizeof(struct ipw2100_rx),
2682 					DMA_FROM_DEVICE);
2683 
2684 		if (unlikely(ipw2100_corruption_check(priv, i))) {
2685 			ipw2100_corruption_detected(priv, i);
2686 			goto increment;
2687 		}
2688 
2689 		u = packet->rxp;
2690 		frame_type = sq->drv[i].status_fields & STATUS_TYPE_MASK;
2691 		stats.rssi = sq->drv[i].rssi + IPW2100_RSSI_TO_DBM;
2692 		stats.len = sq->drv[i].frame_size;
2693 
2694 		stats.mask = 0;
2695 		if (stats.rssi != 0)
2696 			stats.mask |= LIBIPW_STATMASK_RSSI;
2697 		stats.freq = LIBIPW_24GHZ_BAND;
2698 
2699 		IPW_DEBUG_RX("%s: '%s' frame type received (%d).\n",
2700 			     priv->net_dev->name, frame_types[frame_type],
2701 			     stats.len);
2702 
2703 		switch (frame_type) {
2704 		case COMMAND_STATUS_VAL:
2705 			/* Reset Rx watchdog */
2706 			isr_rx_complete_command(priv, &u->rx_data.command);
2707 			break;
2708 
2709 		case STATUS_CHANGE_VAL:
2710 			isr_status_change(priv, u->rx_data.status);
2711 			break;
2712 
2713 		case P80211_DATA_VAL:
2714 		case P8023_DATA_VAL:
2715 #ifdef CONFIG_IPW2100_MONITOR
2716 			if (priv->ieee->iw_mode == IW_MODE_MONITOR) {
2717 				isr_rx_monitor(priv, i, &stats);
2718 				break;
2719 			}
2720 #endif
2721 			if (stats.len < sizeof(struct libipw_hdr_3addr))
2722 				break;
2723 			switch (WLAN_FC_GET_TYPE(le16_to_cpu(u->rx_data.header.frame_ctl))) {
2724 			case IEEE80211_FTYPE_MGMT:
2725 				libipw_rx_mgt(priv->ieee,
2726 						 &u->rx_data.header, &stats);
2727 				break;
2728 
2729 			case IEEE80211_FTYPE_CTL:
2730 				break;
2731 
2732 			case IEEE80211_FTYPE_DATA:
2733 				isr_rx(priv, i, &stats);
2734 				break;
2735 
2736 			}
2737 			break;
2738 		}
2739 
2740 	      increment:
2741 		/* clear status field associated with this RBD */
2742 		rxq->drv[i].status.info.field = 0;
2743 
2744 		i = (i + 1) % rxq->entries;
2745 	}
2746 
2747 	if (i != s) {
2748 		/* backtrack one entry, wrapping to end if at 0 */
2749 		rxq->next = (i ? i : rxq->entries) - 1;
2750 
2751 		write_register(priv->net_dev,
2752 			       IPW_MEM_HOST_SHARED_RX_WRITE_INDEX, rxq->next);
2753 	}
2754 }
2755 
2756 /*
2757  * __ipw2100_tx_process
2758  *
2759  * This routine will determine whether the next packet on
2760  * the fw_pend_list has been processed by the firmware yet.
2761  *
2762  * If not, then it does nothing and returns.
2763  *
2764  * If so, then it removes the item from the fw_pend_list, frees
2765  * any associated storage, and places the item back on the
2766  * free list of its source (either msg_free_list or tx_free_list)
2767  *
2768  * TX Queue works as follows:
2769  *
2770  * Read index - points to the next TBD that the firmware will
2771  *              process.  The firmware will read the data, and once
2772  *              done processing, it will advance the Read index.
2773  *
2774  * Write index - driver fills this entry with an constructed TBD
2775  *               entry.  The Write index is not advanced until the
2776  *               packet has been configured.
2777  *
2778  * In between the W and R indexes are the TBDs that have NOT been
2779  * processed.  Lagging behind the R index are packets that have
2780  * been processed but have not been freed by the driver.
2781  *
2782  * In order to free old storage, an internal index will be maintained
2783  * that points to the next packet to be freed.  When all used
2784  * packets have been freed, the oldest index will be the same as the
2785  * firmware's read index.
2786  *
2787  * The OLDEST index is cached in the variable 'priv->tx_queue.oldest'
2788  *
2789  * Because the TBD structure can not contain arbitrary data, the
2790  * driver must keep an internal queue of cached allocations such that
2791  * it can put that data back into the tx_free_list and msg_free_list
2792  * for use by future command and data packets.
2793  *
2794  */
2795 static int __ipw2100_tx_process(struct ipw2100_priv *priv)
2796 {
2797 	struct ipw2100_bd_queue *txq = &priv->tx_queue;
2798 	struct ipw2100_bd *tbd;
2799 	struct list_head *element;
2800 	struct ipw2100_tx_packet *packet;
2801 	int descriptors_used;
2802 	int e, i;
2803 	u32 r, w, frag_num = 0;
2804 
2805 	if (list_empty(&priv->fw_pend_list))
2806 		return 0;
2807 
2808 	element = priv->fw_pend_list.next;
2809 
2810 	packet = list_entry(element, struct ipw2100_tx_packet, list);
2811 	tbd = &txq->drv[packet->index];
2812 
2813 	/* Determine how many TBD entries must be finished... */
2814 	switch (packet->type) {
2815 	case COMMAND:
2816 		/* COMMAND uses only one slot; don't advance */
2817 		descriptors_used = 1;
2818 		e = txq->oldest;
2819 		break;
2820 
2821 	case DATA:
2822 		/* DATA uses two slots; advance and loop position. */
2823 		descriptors_used = tbd->num_fragments;
2824 		frag_num = tbd->num_fragments - 1;
2825 		e = txq->oldest + frag_num;
2826 		e %= txq->entries;
2827 		break;
2828 
2829 	default:
2830 		printk(KERN_WARNING DRV_NAME ": %s: Bad fw_pend_list entry!\n",
2831 		       priv->net_dev->name);
2832 		return 0;
2833 	}
2834 
2835 	/* if the last TBD is not done by NIC yet, then packet is
2836 	 * not ready to be released.
2837 	 *
2838 	 */
2839 	read_register(priv->net_dev, IPW_MEM_HOST_SHARED_TX_QUEUE_READ_INDEX,
2840 		      &r);
2841 	read_register(priv->net_dev, IPW_MEM_HOST_SHARED_TX_QUEUE_WRITE_INDEX,
2842 		      &w);
2843 	if (w != txq->next)
2844 		printk(KERN_WARNING DRV_NAME ": %s: write index mismatch\n",
2845 		       priv->net_dev->name);
2846 
2847 	/*
2848 	 * txq->next is the index of the last packet written txq->oldest is
2849 	 * the index of the r is the index of the next packet to be read by
2850 	 * firmware
2851 	 */
2852 
2853 	/*
2854 	 * Quick graphic to help you visualize the following
2855 	 * if / else statement
2856 	 *
2857 	 * ===>|                     s---->|===============
2858 	 *                               e>|
2859 	 * | a | b | c | d | e | f | g | h | i | j | k | l
2860 	 *       r---->|
2861 	 *               w
2862 	 *
2863 	 * w - updated by driver
2864 	 * r - updated by firmware
2865 	 * s - start of oldest BD entry (txq->oldest)
2866 	 * e - end of oldest BD entry
2867 	 *
2868 	 */
2869 	if (!((r <= w && (e < r || e >= w)) || (e < r && e >= w))) {
2870 		IPW_DEBUG_TX("exit - no processed packets ready to release.\n");
2871 		return 0;
2872 	}
2873 
2874 	list_del(element);
2875 	DEC_STAT(&priv->fw_pend_stat);
2876 
2877 #ifdef CONFIG_IPW2100_DEBUG
2878 	{
2879 		i = txq->oldest;
2880 		IPW_DEBUG_TX("TX%d V=%p P=%04X T=%04X L=%d\n", i,
2881 			     &txq->drv[i],
2882 			     (u32) (txq->nic + i * sizeof(struct ipw2100_bd)),
2883 			     txq->drv[i].host_addr, txq->drv[i].buf_length);
2884 
2885 		if (packet->type == DATA) {
2886 			i = (i + 1) % txq->entries;
2887 
2888 			IPW_DEBUG_TX("TX%d V=%p P=%04X T=%04X L=%d\n", i,
2889 				     &txq->drv[i],
2890 				     (u32) (txq->nic + i *
2891 					    sizeof(struct ipw2100_bd)),
2892 				     (u32) txq->drv[i].host_addr,
2893 				     txq->drv[i].buf_length);
2894 		}
2895 	}
2896 #endif
2897 
2898 	switch (packet->type) {
2899 	case DATA:
2900 		if (txq->drv[txq->oldest].status.info.fields.txType != 0)
2901 			printk(KERN_WARNING DRV_NAME ": %s: Queue mismatch.  "
2902 			       "Expecting DATA TBD but pulled "
2903 			       "something else: ids %d=%d.\n",
2904 			       priv->net_dev->name, txq->oldest, packet->index);
2905 
2906 		/* DATA packet; we have to unmap and free the SKB */
2907 		for (i = 0; i < frag_num; i++) {
2908 			tbd = &txq->drv[(packet->index + 1 + i) % txq->entries];
2909 
2910 			IPW_DEBUG_TX("TX%d P=%08x L=%d\n",
2911 				     (packet->index + 1 + i) % txq->entries,
2912 				     tbd->host_addr, tbd->buf_length);
2913 
2914 			dma_unmap_single(&priv->pci_dev->dev, tbd->host_addr,
2915 					 tbd->buf_length, DMA_TO_DEVICE);
2916 		}
2917 
2918 		libipw_txb_free(packet->info.d_struct.txb);
2919 		packet->info.d_struct.txb = NULL;
2920 
2921 		list_add_tail(element, &priv->tx_free_list);
2922 		INC_STAT(&priv->tx_free_stat);
2923 
2924 		/* We have a free slot in the Tx queue, so wake up the
2925 		 * transmit layer if it is stopped. */
2926 		if (priv->status & STATUS_ASSOCIATED)
2927 			netif_wake_queue(priv->net_dev);
2928 
2929 		/* A packet was processed by the hardware, so update the
2930 		 * watchdog */
2931 		netif_trans_update(priv->net_dev);
2932 
2933 		break;
2934 
2935 	case COMMAND:
2936 		if (txq->drv[txq->oldest].status.info.fields.txType != 1)
2937 			printk(KERN_WARNING DRV_NAME ": %s: Queue mismatch.  "
2938 			       "Expecting COMMAND TBD but pulled "
2939 			       "something else: ids %d=%d.\n",
2940 			       priv->net_dev->name, txq->oldest, packet->index);
2941 
2942 #ifdef CONFIG_IPW2100_DEBUG
2943 		if (packet->info.c_struct.cmd->host_command_reg <
2944 		    ARRAY_SIZE(command_types))
2945 			IPW_DEBUG_TX("Command '%s (%d)' processed: %d.\n",
2946 				     command_types[packet->info.c_struct.cmd->
2947 						   host_command_reg],
2948 				     packet->info.c_struct.cmd->
2949 				     host_command_reg,
2950 				     packet->info.c_struct.cmd->cmd_status_reg);
2951 #endif
2952 
2953 		list_add_tail(element, &priv->msg_free_list);
2954 		INC_STAT(&priv->msg_free_stat);
2955 		break;
2956 	}
2957 
2958 	/* advance oldest used TBD pointer to start of next entry */
2959 	txq->oldest = (e + 1) % txq->entries;
2960 	/* increase available TBDs number */
2961 	txq->available += descriptors_used;
2962 	SET_STAT(&priv->txq_stat, txq->available);
2963 
2964 	IPW_DEBUG_TX("packet latency (send to process)  %ld jiffies\n",
2965 		     jiffies - packet->jiffy_start);
2966 
2967 	return (!list_empty(&priv->fw_pend_list));
2968 }
2969 
2970 static inline void __ipw2100_tx_complete(struct ipw2100_priv *priv)
2971 {
2972 	int i = 0;
2973 
2974 	while (__ipw2100_tx_process(priv) && i < 200)
2975 		i++;
2976 
2977 	if (i == 200) {
2978 		printk(KERN_WARNING DRV_NAME ": "
2979 		       "%s: Driver is running slow (%d iters).\n",
2980 		       priv->net_dev->name, i);
2981 	}
2982 }
2983 
2984 static void ipw2100_tx_send_commands(struct ipw2100_priv *priv)
2985 {
2986 	struct list_head *element;
2987 	struct ipw2100_tx_packet *packet;
2988 	struct ipw2100_bd_queue *txq = &priv->tx_queue;
2989 	struct ipw2100_bd *tbd;
2990 	int next = txq->next;
2991 
2992 	while (!list_empty(&priv->msg_pend_list)) {
2993 		/* if there isn't enough space in TBD queue, then
2994 		 * don't stuff a new one in.
2995 		 * NOTE: 3 are needed as a command will take one,
2996 		 *       and there is a minimum of 2 that must be
2997 		 *       maintained between the r and w indexes
2998 		 */
2999 		if (txq->available <= 3) {
3000 			IPW_DEBUG_TX("no room in tx_queue\n");
3001 			break;
3002 		}
3003 
3004 		element = priv->msg_pend_list.next;
3005 		list_del(element);
3006 		DEC_STAT(&priv->msg_pend_stat);
3007 
3008 		packet = list_entry(element, struct ipw2100_tx_packet, list);
3009 
3010 		IPW_DEBUG_TX("using TBD at virt=%p, phys=%04X\n",
3011 			     &txq->drv[txq->next],
3012 			     (u32) (txq->nic + txq->next *
3013 				      sizeof(struct ipw2100_bd)));
3014 
3015 		packet->index = txq->next;
3016 
3017 		tbd = &txq->drv[txq->next];
3018 
3019 		/* initialize TBD */
3020 		tbd->host_addr = packet->info.c_struct.cmd_phys;
3021 		tbd->buf_length = sizeof(struct ipw2100_cmd_header);
3022 		/* not marking number of fragments causes problems
3023 		 * with f/w debug version */
3024 		tbd->num_fragments = 1;
3025 		tbd->status.info.field =
3026 		    IPW_BD_STATUS_TX_FRAME_COMMAND |
3027 		    IPW_BD_STATUS_TX_INTERRUPT_ENABLE;
3028 
3029 		/* update TBD queue counters */
3030 		txq->next++;
3031 		txq->next %= txq->entries;
3032 		txq->available--;
3033 		DEC_STAT(&priv->txq_stat);
3034 
3035 		list_add_tail(element, &priv->fw_pend_list);
3036 		INC_STAT(&priv->fw_pend_stat);
3037 	}
3038 
3039 	if (txq->next != next) {
3040 		/* kick off the DMA by notifying firmware the
3041 		 * write index has moved; make sure TBD stores are sync'd */
3042 		wmb();
3043 		write_register(priv->net_dev,
3044 			       IPW_MEM_HOST_SHARED_TX_QUEUE_WRITE_INDEX,
3045 			       txq->next);
3046 	}
3047 }
3048 
3049 /*
3050  * ipw2100_tx_send_data
3051  *
3052  */
3053 static void ipw2100_tx_send_data(struct ipw2100_priv *priv)
3054 {
3055 	struct list_head *element;
3056 	struct ipw2100_tx_packet *packet;
3057 	struct ipw2100_bd_queue *txq = &priv->tx_queue;
3058 	struct ipw2100_bd *tbd;
3059 	int next = txq->next;
3060 	int i = 0;
3061 	struct ipw2100_data_header *ipw_hdr;
3062 	struct libipw_hdr_3addr *hdr;
3063 
3064 	while (!list_empty(&priv->tx_pend_list)) {
3065 		/* if there isn't enough space in TBD queue, then
3066 		 * don't stuff a new one in.
3067 		 * NOTE: 4 are needed as a data will take two,
3068 		 *       and there is a minimum of 2 that must be
3069 		 *       maintained between the r and w indexes
3070 		 */
3071 		element = priv->tx_pend_list.next;
3072 		packet = list_entry(element, struct ipw2100_tx_packet, list);
3073 
3074 		if (unlikely(1 + packet->info.d_struct.txb->nr_frags >
3075 			     IPW_MAX_BDS)) {
3076 			/* TODO: Support merging buffers if more than
3077 			 * IPW_MAX_BDS are used */
3078 			IPW_DEBUG_INFO("%s: Maximum BD threshold exceeded.  "
3079 				       "Increase fragmentation level.\n",
3080 				       priv->net_dev->name);
3081 		}
3082 
3083 		if (txq->available <= 3 + packet->info.d_struct.txb->nr_frags) {
3084 			IPW_DEBUG_TX("no room in tx_queue\n");
3085 			break;
3086 		}
3087 
3088 		list_del(element);
3089 		DEC_STAT(&priv->tx_pend_stat);
3090 
3091 		tbd = &txq->drv[txq->next];
3092 
3093 		packet->index = txq->next;
3094 
3095 		ipw_hdr = packet->info.d_struct.data;
3096 		hdr = (struct libipw_hdr_3addr *)packet->info.d_struct.txb->
3097 		    fragments[0]->data;
3098 
3099 		if (priv->ieee->iw_mode == IW_MODE_INFRA) {
3100 			/* To DS: Addr1 = BSSID, Addr2 = SA,
3101 			   Addr3 = DA */
3102 			memcpy(ipw_hdr->src_addr, hdr->addr2, ETH_ALEN);
3103 			memcpy(ipw_hdr->dst_addr, hdr->addr3, ETH_ALEN);
3104 		} else if (priv->ieee->iw_mode == IW_MODE_ADHOC) {
3105 			/* not From/To DS: Addr1 = DA, Addr2 = SA,
3106 			   Addr3 = BSSID */
3107 			memcpy(ipw_hdr->src_addr, hdr->addr2, ETH_ALEN);
3108 			memcpy(ipw_hdr->dst_addr, hdr->addr1, ETH_ALEN);
3109 		}
3110 
3111 		ipw_hdr->host_command_reg = SEND;
3112 		ipw_hdr->host_command_reg1 = 0;
3113 
3114 		/* For now we only support host based encryption */
3115 		ipw_hdr->needs_encryption = 0;
3116 		ipw_hdr->encrypted = packet->info.d_struct.txb->encrypted;
3117 		if (packet->info.d_struct.txb->nr_frags > 1)
3118 			ipw_hdr->fragment_size =
3119 			    packet->info.d_struct.txb->frag_size -
3120 			    LIBIPW_3ADDR_LEN;
3121 		else
3122 			ipw_hdr->fragment_size = 0;
3123 
3124 		tbd->host_addr = packet->info.d_struct.data_phys;
3125 		tbd->buf_length = sizeof(struct ipw2100_data_header);
3126 		tbd->num_fragments = 1 + packet->info.d_struct.txb->nr_frags;
3127 		tbd->status.info.field =
3128 		    IPW_BD_STATUS_TX_FRAME_802_3 |
3129 		    IPW_BD_STATUS_TX_FRAME_NOT_LAST_FRAGMENT;
3130 		txq->next++;
3131 		txq->next %= txq->entries;
3132 
3133 		IPW_DEBUG_TX("data header tbd TX%d P=%08x L=%d\n",
3134 			     packet->index, tbd->host_addr, tbd->buf_length);
3135 #ifdef CONFIG_IPW2100_DEBUG
3136 		if (packet->info.d_struct.txb->nr_frags > 1)
3137 			IPW_DEBUG_FRAG("fragment Tx: %d frames\n",
3138 				       packet->info.d_struct.txb->nr_frags);
3139 #endif
3140 
3141 		for (i = 0; i < packet->info.d_struct.txb->nr_frags; i++) {
3142 			tbd = &txq->drv[txq->next];
3143 			if (i == packet->info.d_struct.txb->nr_frags - 1)
3144 				tbd->status.info.field =
3145 				    IPW_BD_STATUS_TX_FRAME_802_3 |
3146 				    IPW_BD_STATUS_TX_INTERRUPT_ENABLE;
3147 			else
3148 				tbd->status.info.field =
3149 				    IPW_BD_STATUS_TX_FRAME_802_3 |
3150 				    IPW_BD_STATUS_TX_FRAME_NOT_LAST_FRAGMENT;
3151 
3152 			tbd->buf_length = packet->info.d_struct.txb->
3153 			    fragments[i]->len - LIBIPW_3ADDR_LEN;
3154 
3155 			tbd->host_addr = dma_map_single(&priv->pci_dev->dev,
3156 							packet->info.d_struct.
3157 							txb->fragments[i]->data +
3158 							LIBIPW_3ADDR_LEN,
3159 							tbd->buf_length,
3160 							DMA_TO_DEVICE);
3161 			if (dma_mapping_error(&priv->pci_dev->dev, tbd->host_addr)) {
3162 				IPW_DEBUG_TX("dma mapping error\n");
3163 				break;
3164 			}
3165 
3166 			IPW_DEBUG_TX("data frag tbd TX%d P=%08x L=%d\n",
3167 				     txq->next, tbd->host_addr,
3168 				     tbd->buf_length);
3169 
3170 			dma_sync_single_for_device(&priv->pci_dev->dev,
3171 						   tbd->host_addr,
3172 						   tbd->buf_length,
3173 						   DMA_TO_DEVICE);
3174 
3175 			txq->next++;
3176 			txq->next %= txq->entries;
3177 		}
3178 
3179 		txq->available -= 1 + packet->info.d_struct.txb->nr_frags;
3180 		SET_STAT(&priv->txq_stat, txq->available);
3181 
3182 		list_add_tail(element, &priv->fw_pend_list);
3183 		INC_STAT(&priv->fw_pend_stat);
3184 	}
3185 
3186 	if (txq->next != next) {
3187 		/* kick off the DMA by notifying firmware the
3188 		 * write index has moved; make sure TBD stores are sync'd */
3189 		write_register(priv->net_dev,
3190 			       IPW_MEM_HOST_SHARED_TX_QUEUE_WRITE_INDEX,
3191 			       txq->next);
3192 	}
3193 }
3194 
3195 static void ipw2100_irq_tasklet(struct tasklet_struct *t)
3196 {
3197 	struct ipw2100_priv *priv = from_tasklet(priv, t, irq_tasklet);
3198 	struct net_device *dev = priv->net_dev;
3199 	unsigned long flags;
3200 	u32 inta, tmp;
3201 
3202 	spin_lock_irqsave(&priv->low_lock, flags);
3203 	ipw2100_disable_interrupts(priv);
3204 
3205 	read_register(dev, IPW_REG_INTA, &inta);
3206 
3207 	IPW_DEBUG_ISR("enter - INTA: 0x%08lX\n",
3208 		      (unsigned long)inta & IPW_INTERRUPT_MASK);
3209 
3210 	priv->in_isr++;
3211 	priv->interrupts++;
3212 
3213 	/* We do not loop and keep polling for more interrupts as this
3214 	 * is frowned upon and doesn't play nicely with other potentially
3215 	 * chained IRQs */
3216 	IPW_DEBUG_ISR("INTA: 0x%08lX\n",
3217 		      (unsigned long)inta & IPW_INTERRUPT_MASK);
3218 
3219 	if (inta & IPW2100_INTA_FATAL_ERROR) {
3220 		printk(KERN_WARNING DRV_NAME
3221 		       ": Fatal interrupt. Scheduling firmware restart.\n");
3222 		priv->inta_other++;
3223 		write_register(dev, IPW_REG_INTA, IPW2100_INTA_FATAL_ERROR);
3224 
3225 		read_nic_dword(dev, IPW_NIC_FATAL_ERROR, &priv->fatal_error);
3226 		IPW_DEBUG_INFO("%s: Fatal error value: 0x%08X\n",
3227 			       priv->net_dev->name, priv->fatal_error);
3228 
3229 		read_nic_dword(dev, IPW_ERROR_ADDR(priv->fatal_error), &tmp);
3230 		IPW_DEBUG_INFO("%s: Fatal error address value: 0x%08X\n",
3231 			       priv->net_dev->name, tmp);
3232 
3233 		/* Wake up any sleeping jobs */
3234 		schedule_reset(priv);
3235 	}
3236 
3237 	if (inta & IPW2100_INTA_PARITY_ERROR) {
3238 		printk(KERN_ERR DRV_NAME
3239 		       ": ***** PARITY ERROR INTERRUPT !!!!\n");
3240 		priv->inta_other++;
3241 		write_register(dev, IPW_REG_INTA, IPW2100_INTA_PARITY_ERROR);
3242 	}
3243 
3244 	if (inta & IPW2100_INTA_RX_TRANSFER) {
3245 		IPW_DEBUG_ISR("RX interrupt\n");
3246 
3247 		priv->rx_interrupts++;
3248 
3249 		write_register(dev, IPW_REG_INTA, IPW2100_INTA_RX_TRANSFER);
3250 
3251 		__ipw2100_rx_process(priv);
3252 		__ipw2100_tx_complete(priv);
3253 	}
3254 
3255 	if (inta & IPW2100_INTA_TX_TRANSFER) {
3256 		IPW_DEBUG_ISR("TX interrupt\n");
3257 
3258 		priv->tx_interrupts++;
3259 
3260 		write_register(dev, IPW_REG_INTA, IPW2100_INTA_TX_TRANSFER);
3261 
3262 		__ipw2100_tx_complete(priv);
3263 		ipw2100_tx_send_commands(priv);
3264 		ipw2100_tx_send_data(priv);
3265 	}
3266 
3267 	if (inta & IPW2100_INTA_TX_COMPLETE) {
3268 		IPW_DEBUG_ISR("TX complete\n");
3269 		priv->inta_other++;
3270 		write_register(dev, IPW_REG_INTA, IPW2100_INTA_TX_COMPLETE);
3271 
3272 		__ipw2100_tx_complete(priv);
3273 	}
3274 
3275 	if (inta & IPW2100_INTA_EVENT_INTERRUPT) {
3276 		/* ipw2100_handle_event(dev); */
3277 		priv->inta_other++;
3278 		write_register(dev, IPW_REG_INTA, IPW2100_INTA_EVENT_INTERRUPT);
3279 	}
3280 
3281 	if (inta & IPW2100_INTA_FW_INIT_DONE) {
3282 		IPW_DEBUG_ISR("FW init done interrupt\n");
3283 		priv->inta_other++;
3284 
3285 		read_register(dev, IPW_REG_INTA, &tmp);
3286 		if (tmp & (IPW2100_INTA_FATAL_ERROR |
3287 			   IPW2100_INTA_PARITY_ERROR)) {
3288 			write_register(dev, IPW_REG_INTA,
3289 				       IPW2100_INTA_FATAL_ERROR |
3290 				       IPW2100_INTA_PARITY_ERROR);
3291 		}
3292 
3293 		write_register(dev, IPW_REG_INTA, IPW2100_INTA_FW_INIT_DONE);
3294 	}
3295 
3296 	if (inta & IPW2100_INTA_STATUS_CHANGE) {
3297 		IPW_DEBUG_ISR("Status change interrupt\n");
3298 		priv->inta_other++;
3299 		write_register(dev, IPW_REG_INTA, IPW2100_INTA_STATUS_CHANGE);
3300 	}
3301 
3302 	if (inta & IPW2100_INTA_SLAVE_MODE_HOST_COMMAND_DONE) {
3303 		IPW_DEBUG_ISR("slave host mode interrupt\n");
3304 		priv->inta_other++;
3305 		write_register(dev, IPW_REG_INTA,
3306 			       IPW2100_INTA_SLAVE_MODE_HOST_COMMAND_DONE);
3307 	}
3308 
3309 	priv->in_isr--;
3310 	ipw2100_enable_interrupts(priv);
3311 
3312 	spin_unlock_irqrestore(&priv->low_lock, flags);
3313 
3314 	IPW_DEBUG_ISR("exit\n");
3315 }
3316 
3317 static irqreturn_t ipw2100_interrupt(int irq, void *data)
3318 {
3319 	struct ipw2100_priv *priv = data;
3320 	u32 inta, inta_mask;
3321 
3322 	if (!data)
3323 		return IRQ_NONE;
3324 
3325 	spin_lock(&priv->low_lock);
3326 
3327 	/* We check to see if we should be ignoring interrupts before
3328 	 * we touch the hardware.  During ucode load if we try and handle
3329 	 * an interrupt we can cause keyboard problems as well as cause
3330 	 * the ucode to fail to initialize */
3331 	if (!(priv->status & STATUS_INT_ENABLED)) {
3332 		/* Shared IRQ */
3333 		goto none;
3334 	}
3335 
3336 	read_register(priv->net_dev, IPW_REG_INTA_MASK, &inta_mask);
3337 	read_register(priv->net_dev, IPW_REG_INTA, &inta);
3338 
3339 	if (inta == 0xFFFFFFFF) {
3340 		/* Hardware disappeared */
3341 		printk(KERN_WARNING DRV_NAME ": IRQ INTA == 0xFFFFFFFF\n");
3342 		goto none;
3343 	}
3344 
3345 	inta &= IPW_INTERRUPT_MASK;
3346 
3347 	if (!(inta & inta_mask)) {
3348 		/* Shared interrupt */
3349 		goto none;
3350 	}
3351 
3352 	/* We disable the hardware interrupt here just to prevent unneeded
3353 	 * calls to be made.  We disable this again within the actual
3354 	 * work tasklet, so if another part of the code re-enables the
3355 	 * interrupt, that is fine */
3356 	ipw2100_disable_interrupts(priv);
3357 
3358 	tasklet_schedule(&priv->irq_tasklet);
3359 	spin_unlock(&priv->low_lock);
3360 
3361 	return IRQ_HANDLED;
3362       none:
3363 	spin_unlock(&priv->low_lock);
3364 	return IRQ_NONE;
3365 }
3366 
3367 static netdev_tx_t ipw2100_tx(struct libipw_txb *txb,
3368 			      struct net_device *dev, int pri)
3369 {
3370 	struct ipw2100_priv *priv = libipw_priv(dev);
3371 	struct list_head *element;
3372 	struct ipw2100_tx_packet *packet;
3373 	unsigned long flags;
3374 
3375 	spin_lock_irqsave(&priv->low_lock, flags);
3376 
3377 	if (!(priv->status & STATUS_ASSOCIATED)) {
3378 		IPW_DEBUG_INFO("Can not transmit when not connected.\n");
3379 		priv->net_dev->stats.tx_carrier_errors++;
3380 		netif_stop_queue(dev);
3381 		goto fail_unlock;
3382 	}
3383 
3384 	if (list_empty(&priv->tx_free_list))
3385 		goto fail_unlock;
3386 
3387 	element = priv->tx_free_list.next;
3388 	packet = list_entry(element, struct ipw2100_tx_packet, list);
3389 
3390 	packet->info.d_struct.txb = txb;
3391 
3392 	IPW_DEBUG_TX("Sending fragment (%d bytes):\n", txb->fragments[0]->len);
3393 	printk_buf(IPW_DL_TX, txb->fragments[0]->data, txb->fragments[0]->len);
3394 
3395 	packet->jiffy_start = jiffies;
3396 
3397 	list_del(element);
3398 	DEC_STAT(&priv->tx_free_stat);
3399 
3400 	list_add_tail(element, &priv->tx_pend_list);
3401 	INC_STAT(&priv->tx_pend_stat);
3402 
3403 	ipw2100_tx_send_data(priv);
3404 
3405 	spin_unlock_irqrestore(&priv->low_lock, flags);
3406 	return NETDEV_TX_OK;
3407 
3408 fail_unlock:
3409 	netif_stop_queue(dev);
3410 	spin_unlock_irqrestore(&priv->low_lock, flags);
3411 	return NETDEV_TX_BUSY;
3412 }
3413 
3414 static int ipw2100_msg_allocate(struct ipw2100_priv *priv)
3415 {
3416 	int i, j, err = -EINVAL;
3417 	void *v;
3418 	dma_addr_t p;
3419 
3420 	priv->msg_buffers =
3421 	    kmalloc_array(IPW_COMMAND_POOL_SIZE,
3422 			  sizeof(struct ipw2100_tx_packet),
3423 			  GFP_KERNEL);
3424 	if (!priv->msg_buffers)
3425 		return -ENOMEM;
3426 
3427 	for (i = 0; i < IPW_COMMAND_POOL_SIZE; i++) {
3428 		v = dma_alloc_coherent(&priv->pci_dev->dev,
3429 				       sizeof(struct ipw2100_cmd_header), &p,
3430 				       GFP_KERNEL);
3431 		if (!v) {
3432 			printk(KERN_ERR DRV_NAME ": "
3433 			       "%s: PCI alloc failed for msg "
3434 			       "buffers.\n", priv->net_dev->name);
3435 			err = -ENOMEM;
3436 			break;
3437 		}
3438 
3439 		priv->msg_buffers[i].type = COMMAND;
3440 		priv->msg_buffers[i].info.c_struct.cmd =
3441 		    (struct ipw2100_cmd_header *)v;
3442 		priv->msg_buffers[i].info.c_struct.cmd_phys = p;
3443 	}
3444 
3445 	if (i == IPW_COMMAND_POOL_SIZE)
3446 		return 0;
3447 
3448 	for (j = 0; j < i; j++) {
3449 		dma_free_coherent(&priv->pci_dev->dev,
3450 				  sizeof(struct ipw2100_cmd_header),
3451 				  priv->msg_buffers[j].info.c_struct.cmd,
3452 				  priv->msg_buffers[j].info.c_struct.cmd_phys);
3453 	}
3454 
3455 	kfree(priv->msg_buffers);
3456 	priv->msg_buffers = NULL;
3457 
3458 	return err;
3459 }
3460 
3461 static int ipw2100_msg_initialize(struct ipw2100_priv *priv)
3462 {
3463 	int i;
3464 
3465 	INIT_LIST_HEAD(&priv->msg_free_list);
3466 	INIT_LIST_HEAD(&priv->msg_pend_list);
3467 
3468 	for (i = 0; i < IPW_COMMAND_POOL_SIZE; i++)
3469 		list_add_tail(&priv->msg_buffers[i].list, &priv->msg_free_list);
3470 	SET_STAT(&priv->msg_free_stat, i);
3471 
3472 	return 0;
3473 }
3474 
3475 static void ipw2100_msg_free(struct ipw2100_priv *priv)
3476 {
3477 	int i;
3478 
3479 	if (!priv->msg_buffers)
3480 		return;
3481 
3482 	for (i = 0; i < IPW_COMMAND_POOL_SIZE; i++) {
3483 		dma_free_coherent(&priv->pci_dev->dev,
3484 				  sizeof(struct ipw2100_cmd_header),
3485 				  priv->msg_buffers[i].info.c_struct.cmd,
3486 				  priv->msg_buffers[i].info.c_struct.cmd_phys);
3487 	}
3488 
3489 	kfree(priv->msg_buffers);
3490 	priv->msg_buffers = NULL;
3491 }
3492 
3493 static ssize_t pci_show(struct device *d, struct device_attribute *attr,
3494 			char *buf)
3495 {
3496 	struct pci_dev *pci_dev = to_pci_dev(d);
3497 	char *out = buf;
3498 	int i, j;
3499 	u32 val;
3500 
3501 	for (i = 0; i < 16; i++) {
3502 		out += sprintf(out, "[%08X] ", i * 16);
3503 		for (j = 0; j < 16; j += 4) {
3504 			pci_read_config_dword(pci_dev, i * 16 + j, &val);
3505 			out += sprintf(out, "%08X ", val);
3506 		}
3507 		out += sprintf(out, "\n");
3508 	}
3509 
3510 	return out - buf;
3511 }
3512 
3513 static DEVICE_ATTR_RO(pci);
3514 
3515 static ssize_t cfg_show(struct device *d, struct device_attribute *attr,
3516 			char *buf)
3517 {
3518 	struct ipw2100_priv *p = dev_get_drvdata(d);
3519 	return sprintf(buf, "0x%08x\n", (int)p->config);
3520 }
3521 
3522 static DEVICE_ATTR_RO(cfg);
3523 
3524 static ssize_t status_show(struct device *d, struct device_attribute *attr,
3525 			   char *buf)
3526 {
3527 	struct ipw2100_priv *p = dev_get_drvdata(d);
3528 	return sprintf(buf, "0x%08x\n", (int)p->status);
3529 }
3530 
3531 static DEVICE_ATTR_RO(status);
3532 
3533 static ssize_t capability_show(struct device *d, struct device_attribute *attr,
3534 			       char *buf)
3535 {
3536 	struct ipw2100_priv *p = dev_get_drvdata(d);
3537 	return sprintf(buf, "0x%08x\n", (int)p->capability);
3538 }
3539 
3540 static DEVICE_ATTR_RO(capability);
3541 
3542 #define IPW2100_REG(x) { IPW_ ##x, #x }
3543 static const struct {
3544 	u32 addr;
3545 	const char *name;
3546 } hw_data[] = {
3547 IPW2100_REG(REG_GP_CNTRL),
3548 	    IPW2100_REG(REG_GPIO),
3549 	    IPW2100_REG(REG_INTA),
3550 	    IPW2100_REG(REG_INTA_MASK), IPW2100_REG(REG_RESET_REG),};
3551 #define IPW2100_NIC(x, s) { x, #x, s }
3552 static const struct {
3553 	u32 addr;
3554 	const char *name;
3555 	size_t size;
3556 } nic_data[] = {
3557 IPW2100_NIC(IPW2100_CONTROL_REG, 2),
3558 	    IPW2100_NIC(0x210014, 1), IPW2100_NIC(0x210000, 1),};
3559 #define IPW2100_ORD(x, d) { IPW_ORD_ ##x, #x, d }
3560 static const struct {
3561 	u8 index;
3562 	const char *name;
3563 	const char *desc;
3564 } ord_data[] = {
3565 IPW2100_ORD(STAT_TX_HOST_REQUESTS, "requested Host Tx's (MSDU)"),
3566 	    IPW2100_ORD(STAT_TX_HOST_COMPLETE,
3567 				"successful Host Tx's (MSDU)"),
3568 	    IPW2100_ORD(STAT_TX_DIR_DATA,
3569 				"successful Directed Tx's (MSDU)"),
3570 	    IPW2100_ORD(STAT_TX_DIR_DATA1,
3571 				"successful Directed Tx's (MSDU) @ 1MB"),
3572 	    IPW2100_ORD(STAT_TX_DIR_DATA2,
3573 				"successful Directed Tx's (MSDU) @ 2MB"),
3574 	    IPW2100_ORD(STAT_TX_DIR_DATA5_5,
3575 				"successful Directed Tx's (MSDU) @ 5_5MB"),
3576 	    IPW2100_ORD(STAT_TX_DIR_DATA11,
3577 				"successful Directed Tx's (MSDU) @ 11MB"),
3578 	    IPW2100_ORD(STAT_TX_NODIR_DATA1,
3579 				"successful Non_Directed Tx's (MSDU) @ 1MB"),
3580 	    IPW2100_ORD(STAT_TX_NODIR_DATA2,
3581 				"successful Non_Directed Tx's (MSDU) @ 2MB"),
3582 	    IPW2100_ORD(STAT_TX_NODIR_DATA5_5,
3583 				"successful Non_Directed Tx's (MSDU) @ 5.5MB"),
3584 	    IPW2100_ORD(STAT_TX_NODIR_DATA11,
3585 				"successful Non_Directed Tx's (MSDU) @ 11MB"),
3586 	    IPW2100_ORD(STAT_NULL_DATA, "successful NULL data Tx's"),
3587 	    IPW2100_ORD(STAT_TX_RTS, "successful Tx RTS"),
3588 	    IPW2100_ORD(STAT_TX_CTS, "successful Tx CTS"),
3589 	    IPW2100_ORD(STAT_TX_ACK, "successful Tx ACK"),
3590 	    IPW2100_ORD(STAT_TX_ASSN, "successful Association Tx's"),
3591 	    IPW2100_ORD(STAT_TX_ASSN_RESP,
3592 				"successful Association response Tx's"),
3593 	    IPW2100_ORD(STAT_TX_REASSN,
3594 				"successful Reassociation Tx's"),
3595 	    IPW2100_ORD(STAT_TX_REASSN_RESP,
3596 				"successful Reassociation response Tx's"),
3597 	    IPW2100_ORD(STAT_TX_PROBE,
3598 				"probes successfully transmitted"),
3599 	    IPW2100_ORD(STAT_TX_PROBE_RESP,
3600 				"probe responses successfully transmitted"),
3601 	    IPW2100_ORD(STAT_TX_BEACON, "tx beacon"),
3602 	    IPW2100_ORD(STAT_TX_ATIM, "Tx ATIM"),
3603 	    IPW2100_ORD(STAT_TX_DISASSN,
3604 				"successful Disassociation TX"),
3605 	    IPW2100_ORD(STAT_TX_AUTH, "successful Authentication Tx"),
3606 	    IPW2100_ORD(STAT_TX_DEAUTH,
3607 				"successful Deauthentication TX"),
3608 	    IPW2100_ORD(STAT_TX_TOTAL_BYTES,
3609 				"Total successful Tx data bytes"),
3610 	    IPW2100_ORD(STAT_TX_RETRIES, "Tx retries"),
3611 	    IPW2100_ORD(STAT_TX_RETRY1, "Tx retries at 1MBPS"),
3612 	    IPW2100_ORD(STAT_TX_RETRY2, "Tx retries at 2MBPS"),
3613 	    IPW2100_ORD(STAT_TX_RETRY5_5, "Tx retries at 5.5MBPS"),
3614 	    IPW2100_ORD(STAT_TX_RETRY11, "Tx retries at 11MBPS"),
3615 	    IPW2100_ORD(STAT_TX_FAILURES, "Tx Failures"),
3616 	    IPW2100_ORD(STAT_TX_MAX_TRIES_IN_HOP,
3617 				"times max tries in a hop failed"),
3618 	    IPW2100_ORD(STAT_TX_DISASSN_FAIL,
3619 				"times disassociation failed"),
3620 	    IPW2100_ORD(STAT_TX_ERR_CTS, "missed/bad CTS frames"),
3621 	    IPW2100_ORD(STAT_TX_ERR_ACK, "tx err due to acks"),
3622 	    IPW2100_ORD(STAT_RX_HOST, "packets passed to host"),
3623 	    IPW2100_ORD(STAT_RX_DIR_DATA, "directed packets"),
3624 	    IPW2100_ORD(STAT_RX_DIR_DATA1, "directed packets at 1MB"),
3625 	    IPW2100_ORD(STAT_RX_DIR_DATA2, "directed packets at 2MB"),
3626 	    IPW2100_ORD(STAT_RX_DIR_DATA5_5,
3627 				"directed packets at 5.5MB"),
3628 	    IPW2100_ORD(STAT_RX_DIR_DATA11, "directed packets at 11MB"),
3629 	    IPW2100_ORD(STAT_RX_NODIR_DATA, "nondirected packets"),
3630 	    IPW2100_ORD(STAT_RX_NODIR_DATA1,
3631 				"nondirected packets at 1MB"),
3632 	    IPW2100_ORD(STAT_RX_NODIR_DATA2,
3633 				"nondirected packets at 2MB"),
3634 	    IPW2100_ORD(STAT_RX_NODIR_DATA5_5,
3635 				"nondirected packets at 5.5MB"),
3636 	    IPW2100_ORD(STAT_RX_NODIR_DATA11,
3637 				"nondirected packets at 11MB"),
3638 	    IPW2100_ORD(STAT_RX_NULL_DATA, "null data rx's"),
3639 	    IPW2100_ORD(STAT_RX_RTS, "Rx RTS"), IPW2100_ORD(STAT_RX_CTS,
3640 								    "Rx CTS"),
3641 	    IPW2100_ORD(STAT_RX_ACK, "Rx ACK"),
3642 	    IPW2100_ORD(STAT_RX_CFEND, "Rx CF End"),
3643 	    IPW2100_ORD(STAT_RX_CFEND_ACK, "Rx CF End + CF Ack"),
3644 	    IPW2100_ORD(STAT_RX_ASSN, "Association Rx's"),
3645 	    IPW2100_ORD(STAT_RX_ASSN_RESP, "Association response Rx's"),
3646 	    IPW2100_ORD(STAT_RX_REASSN, "Reassociation Rx's"),
3647 	    IPW2100_ORD(STAT_RX_REASSN_RESP,
3648 				"Reassociation response Rx's"),
3649 	    IPW2100_ORD(STAT_RX_PROBE, "probe Rx's"),
3650 	    IPW2100_ORD(STAT_RX_PROBE_RESP, "probe response Rx's"),
3651 	    IPW2100_ORD(STAT_RX_BEACON, "Rx beacon"),
3652 	    IPW2100_ORD(STAT_RX_ATIM, "Rx ATIM"),
3653 	    IPW2100_ORD(STAT_RX_DISASSN, "disassociation Rx"),
3654 	    IPW2100_ORD(STAT_RX_AUTH, "authentication Rx"),
3655 	    IPW2100_ORD(STAT_RX_DEAUTH, "deauthentication Rx"),
3656 	    IPW2100_ORD(STAT_RX_TOTAL_BYTES,
3657 				"Total rx data bytes received"),
3658 	    IPW2100_ORD(STAT_RX_ERR_CRC, "packets with Rx CRC error"),
3659 	    IPW2100_ORD(STAT_RX_ERR_CRC1, "Rx CRC errors at 1MB"),
3660 	    IPW2100_ORD(STAT_RX_ERR_CRC2, "Rx CRC errors at 2MB"),
3661 	    IPW2100_ORD(STAT_RX_ERR_CRC5_5, "Rx CRC errors at 5.5MB"),
3662 	    IPW2100_ORD(STAT_RX_ERR_CRC11, "Rx CRC errors at 11MB"),
3663 	    IPW2100_ORD(STAT_RX_DUPLICATE1,
3664 				"duplicate rx packets at 1MB"),
3665 	    IPW2100_ORD(STAT_RX_DUPLICATE2,
3666 				"duplicate rx packets at 2MB"),
3667 	    IPW2100_ORD(STAT_RX_DUPLICATE5_5,
3668 				"duplicate rx packets at 5.5MB"),
3669 	    IPW2100_ORD(STAT_RX_DUPLICATE11,
3670 				"duplicate rx packets at 11MB"),
3671 	    IPW2100_ORD(STAT_RX_DUPLICATE, "duplicate rx packets"),
3672 	    IPW2100_ORD(PERS_DB_LOCK, "locking fw permanent  db"),
3673 	    IPW2100_ORD(PERS_DB_SIZE, "size of fw permanent  db"),
3674 	    IPW2100_ORD(PERS_DB_ADDR, "address of fw permanent  db"),
3675 	    IPW2100_ORD(STAT_RX_INVALID_PROTOCOL,
3676 				"rx frames with invalid protocol"),
3677 	    IPW2100_ORD(SYS_BOOT_TIME, "Boot time"),
3678 	    IPW2100_ORD(STAT_RX_NO_BUFFER,
3679 				"rx frames rejected due to no buffer"),
3680 	    IPW2100_ORD(STAT_RX_MISSING_FRAG,
3681 				"rx frames dropped due to missing fragment"),
3682 	    IPW2100_ORD(STAT_RX_ORPHAN_FRAG,
3683 				"rx frames dropped due to non-sequential fragment"),
3684 	    IPW2100_ORD(STAT_RX_ORPHAN_FRAME,
3685 				"rx frames dropped due to unmatched 1st frame"),
3686 	    IPW2100_ORD(STAT_RX_FRAG_AGEOUT,
3687 				"rx frames dropped due to uncompleted frame"),
3688 	    IPW2100_ORD(STAT_RX_ICV_ERRORS,
3689 				"ICV errors during decryption"),
3690 	    IPW2100_ORD(STAT_PSP_SUSPENSION, "times adapter suspended"),
3691 	    IPW2100_ORD(STAT_PSP_BCN_TIMEOUT, "beacon timeout"),
3692 	    IPW2100_ORD(STAT_PSP_POLL_TIMEOUT,
3693 				"poll response timeouts"),
3694 	    IPW2100_ORD(STAT_PSP_NONDIR_TIMEOUT,
3695 				"timeouts waiting for last {broad,multi}cast pkt"),
3696 	    IPW2100_ORD(STAT_PSP_RX_DTIMS, "PSP DTIMs received"),
3697 	    IPW2100_ORD(STAT_PSP_RX_TIMS, "PSP TIMs received"),
3698 	    IPW2100_ORD(STAT_PSP_STATION_ID, "PSP Station ID"),
3699 	    IPW2100_ORD(LAST_ASSN_TIME, "RTC time of last association"),
3700 	    IPW2100_ORD(STAT_PERCENT_MISSED_BCNS,
3701 				"current calculation of % missed beacons"),
3702 	    IPW2100_ORD(STAT_PERCENT_RETRIES,
3703 				"current calculation of % missed tx retries"),
3704 	    IPW2100_ORD(ASSOCIATED_AP_PTR,
3705 				"0 if not associated, else pointer to AP table entry"),
3706 	    IPW2100_ORD(AVAILABLE_AP_CNT,
3707 				"AP's described in the AP table"),
3708 	    IPW2100_ORD(AP_LIST_PTR, "Ptr to list of available APs"),
3709 	    IPW2100_ORD(STAT_AP_ASSNS, "associations"),
3710 	    IPW2100_ORD(STAT_ASSN_FAIL, "association failures"),
3711 	    IPW2100_ORD(STAT_ASSN_RESP_FAIL,
3712 				"failures due to response fail"),
3713 	    IPW2100_ORD(STAT_FULL_SCANS, "full scans"),
3714 	    IPW2100_ORD(CARD_DISABLED, "Card Disabled"),
3715 	    IPW2100_ORD(STAT_ROAM_INHIBIT,
3716 				"times roaming was inhibited due to activity"),
3717 	    IPW2100_ORD(RSSI_AT_ASSN,
3718 				"RSSI of associated AP at time of association"),
3719 	    IPW2100_ORD(STAT_ASSN_CAUSE1,
3720 				"reassociation: no probe response or TX on hop"),
3721 	    IPW2100_ORD(STAT_ASSN_CAUSE2,
3722 				"reassociation: poor tx/rx quality"),
3723 	    IPW2100_ORD(STAT_ASSN_CAUSE3,
3724 				"reassociation: tx/rx quality (excessive AP load"),
3725 	    IPW2100_ORD(STAT_ASSN_CAUSE4,
3726 				"reassociation: AP RSSI level"),
3727 	    IPW2100_ORD(STAT_ASSN_CAUSE5,
3728 				"reassociations due to load leveling"),
3729 	    IPW2100_ORD(STAT_AUTH_FAIL, "times authentication failed"),
3730 	    IPW2100_ORD(STAT_AUTH_RESP_FAIL,
3731 				"times authentication response failed"),
3732 	    IPW2100_ORD(STATION_TABLE_CNT,
3733 				"entries in association table"),
3734 	    IPW2100_ORD(RSSI_AVG_CURR, "Current avg RSSI"),
3735 	    IPW2100_ORD(POWER_MGMT_MODE, "Power mode - 0=CAM, 1=PSP"),
3736 	    IPW2100_ORD(COUNTRY_CODE,
3737 				"IEEE country code as recv'd from beacon"),
3738 	    IPW2100_ORD(COUNTRY_CHANNELS,
3739 				"channels supported by country"),
3740 	    IPW2100_ORD(RESET_CNT, "adapter resets (warm)"),
3741 	    IPW2100_ORD(BEACON_INTERVAL, "Beacon interval"),
3742 	    IPW2100_ORD(ANTENNA_DIVERSITY,
3743 				"TRUE if antenna diversity is disabled"),
3744 	    IPW2100_ORD(DTIM_PERIOD, "beacon intervals between DTIMs"),
3745 	    IPW2100_ORD(OUR_FREQ,
3746 				"current radio freq lower digits - channel ID"),
3747 	    IPW2100_ORD(RTC_TIME, "current RTC time"),
3748 	    IPW2100_ORD(PORT_TYPE, "operating mode"),
3749 	    IPW2100_ORD(CURRENT_TX_RATE, "current tx rate"),
3750 	    IPW2100_ORD(SUPPORTED_RATES, "supported tx rates"),
3751 	    IPW2100_ORD(ATIM_WINDOW, "current ATIM Window"),
3752 	    IPW2100_ORD(BASIC_RATES, "basic tx rates"),
3753 	    IPW2100_ORD(NIC_HIGHEST_RATE, "NIC highest tx rate"),
3754 	    IPW2100_ORD(AP_HIGHEST_RATE, "AP highest tx rate"),
3755 	    IPW2100_ORD(CAPABILITIES,
3756 				"Management frame capability field"),
3757 	    IPW2100_ORD(AUTH_TYPE, "Type of authentication"),
3758 	    IPW2100_ORD(RADIO_TYPE, "Adapter card platform type"),
3759 	    IPW2100_ORD(RTS_THRESHOLD,
3760 				"Min packet length for RTS handshaking"),
3761 	    IPW2100_ORD(INT_MODE, "International mode"),
3762 	    IPW2100_ORD(FRAGMENTATION_THRESHOLD,
3763 				"protocol frag threshold"),
3764 	    IPW2100_ORD(EEPROM_SRAM_DB_BLOCK_START_ADDRESS,
3765 				"EEPROM offset in SRAM"),
3766 	    IPW2100_ORD(EEPROM_SRAM_DB_BLOCK_SIZE,
3767 				"EEPROM size in SRAM"),
3768 	    IPW2100_ORD(EEPROM_SKU_CAPABILITY, "EEPROM SKU Capability"),
3769 	    IPW2100_ORD(EEPROM_IBSS_11B_CHANNELS,
3770 				"EEPROM IBSS 11b channel set"),
3771 	    IPW2100_ORD(MAC_VERSION, "MAC Version"),
3772 	    IPW2100_ORD(MAC_REVISION, "MAC Revision"),
3773 	    IPW2100_ORD(RADIO_VERSION, "Radio Version"),
3774 	    IPW2100_ORD(NIC_MANF_DATE_TIME, "MANF Date/Time STAMP"),
3775 	    IPW2100_ORD(UCODE_VERSION, "Ucode Version"),};
3776 
3777 static ssize_t registers_show(struct device *d, struct device_attribute *attr,
3778 			      char *buf)
3779 {
3780 	int i;
3781 	struct ipw2100_priv *priv = dev_get_drvdata(d);
3782 	struct net_device *dev = priv->net_dev;
3783 	char *out = buf;
3784 	u32 val = 0;
3785 
3786 	out += sprintf(out, "%30s [Address ] : Hex\n", "Register");
3787 
3788 	for (i = 0; i < ARRAY_SIZE(hw_data); i++) {
3789 		read_register(dev, hw_data[i].addr, &val);
3790 		out += sprintf(out, "%30s [%08X] : %08X\n",
3791 			       hw_data[i].name, hw_data[i].addr, val);
3792 	}
3793 
3794 	return out - buf;
3795 }
3796 
3797 static DEVICE_ATTR_RO(registers);
3798 
3799 static ssize_t hardware_show(struct device *d, struct device_attribute *attr,
3800 			     char *buf)
3801 {
3802 	struct ipw2100_priv *priv = dev_get_drvdata(d);
3803 	struct net_device *dev = priv->net_dev;
3804 	char *out = buf;
3805 	int i;
3806 
3807 	out += sprintf(out, "%30s [Address ] : Hex\n", "NIC entry");
3808 
3809 	for (i = 0; i < ARRAY_SIZE(nic_data); i++) {
3810 		u8 tmp8;
3811 		u16 tmp16;
3812 		u32 tmp32;
3813 
3814 		switch (nic_data[i].size) {
3815 		case 1:
3816 			read_nic_byte(dev, nic_data[i].addr, &tmp8);
3817 			out += sprintf(out, "%30s [%08X] : %02X\n",
3818 				       nic_data[i].name, nic_data[i].addr,
3819 				       tmp8);
3820 			break;
3821 		case 2:
3822 			read_nic_word(dev, nic_data[i].addr, &tmp16);
3823 			out += sprintf(out, "%30s [%08X] : %04X\n",
3824 				       nic_data[i].name, nic_data[i].addr,
3825 				       tmp16);
3826 			break;
3827 		case 4:
3828 			read_nic_dword(dev, nic_data[i].addr, &tmp32);
3829 			out += sprintf(out, "%30s [%08X] : %08X\n",
3830 				       nic_data[i].name, nic_data[i].addr,
3831 				       tmp32);
3832 			break;
3833 		}
3834 	}
3835 	return out - buf;
3836 }
3837 
3838 static DEVICE_ATTR_RO(hardware);
3839 
3840 static ssize_t memory_show(struct device *d, struct device_attribute *attr,
3841 			   char *buf)
3842 {
3843 	struct ipw2100_priv *priv = dev_get_drvdata(d);
3844 	struct net_device *dev = priv->net_dev;
3845 	static unsigned long loop = 0;
3846 	int len = 0;
3847 	u32 buffer[4];
3848 	int i;
3849 	char line[81];
3850 
3851 	if (loop >= 0x30000)
3852 		loop = 0;
3853 
3854 	/* sysfs provides us PAGE_SIZE buffer */
3855 	while (len < PAGE_SIZE - 128 && loop < 0x30000) {
3856 
3857 		if (priv->snapshot[0])
3858 			for (i = 0; i < 4; i++)
3859 				buffer[i] =
3860 				    *(u32 *) SNAPSHOT_ADDR(loop + i * 4);
3861 		else
3862 			for (i = 0; i < 4; i++)
3863 				read_nic_dword(dev, loop + i * 4, &buffer[i]);
3864 
3865 		if (priv->dump_raw)
3866 			len += sprintf(buf + len,
3867 				       "%c%c%c%c"
3868 				       "%c%c%c%c"
3869 				       "%c%c%c%c"
3870 				       "%c%c%c%c",
3871 				       ((u8 *) buffer)[0x0],
3872 				       ((u8 *) buffer)[0x1],
3873 				       ((u8 *) buffer)[0x2],
3874 				       ((u8 *) buffer)[0x3],
3875 				       ((u8 *) buffer)[0x4],
3876 				       ((u8 *) buffer)[0x5],
3877 				       ((u8 *) buffer)[0x6],
3878 				       ((u8 *) buffer)[0x7],
3879 				       ((u8 *) buffer)[0x8],
3880 				       ((u8 *) buffer)[0x9],
3881 				       ((u8 *) buffer)[0xa],
3882 				       ((u8 *) buffer)[0xb],
3883 				       ((u8 *) buffer)[0xc],
3884 				       ((u8 *) buffer)[0xd],
3885 				       ((u8 *) buffer)[0xe],
3886 				       ((u8 *) buffer)[0xf]);
3887 		else
3888 			len += sprintf(buf + len, "%s\n",
3889 				       snprint_line(line, sizeof(line),
3890 						    (u8 *) buffer, 16, loop));
3891 		loop += 16;
3892 	}
3893 
3894 	return len;
3895 }
3896 
3897 static ssize_t memory_store(struct device *d, struct device_attribute *attr,
3898 			    const char *buf, size_t count)
3899 {
3900 	struct ipw2100_priv *priv = dev_get_drvdata(d);
3901 	struct net_device *dev = priv->net_dev;
3902 	const char *p = buf;
3903 
3904 	(void)dev;		/* kill unused-var warning for debug-only code */
3905 
3906 	if (count < 1)
3907 		return count;
3908 
3909 	if (p[0] == '1' ||
3910 	    (count >= 2 && tolower(p[0]) == 'o' && tolower(p[1]) == 'n')) {
3911 		IPW_DEBUG_INFO("%s: Setting memory dump to RAW mode.\n",
3912 			       dev->name);
3913 		priv->dump_raw = 1;
3914 
3915 	} else if (p[0] == '0' || (count >= 2 && tolower(p[0]) == 'o' &&
3916 				   tolower(p[1]) == 'f')) {
3917 		IPW_DEBUG_INFO("%s: Setting memory dump to HEX mode.\n",
3918 			       dev->name);
3919 		priv->dump_raw = 0;
3920 
3921 	} else if (tolower(p[0]) == 'r') {
3922 		IPW_DEBUG_INFO("%s: Resetting firmware snapshot.\n", dev->name);
3923 		ipw2100_snapshot_free(priv);
3924 
3925 	} else
3926 		IPW_DEBUG_INFO("%s: Usage: 0|on = HEX, 1|off = RAW, "
3927 			       "reset = clear memory snapshot\n", dev->name);
3928 
3929 	return count;
3930 }
3931 
3932 static DEVICE_ATTR_RW(memory);
3933 
3934 static ssize_t ordinals_show(struct device *d, struct device_attribute *attr,
3935 			     char *buf)
3936 {
3937 	struct ipw2100_priv *priv = dev_get_drvdata(d);
3938 	u32 val = 0;
3939 	int len = 0;
3940 	u32 val_len;
3941 	static int loop = 0;
3942 
3943 	if (priv->status & STATUS_RF_KILL_MASK)
3944 		return 0;
3945 
3946 	if (loop >= ARRAY_SIZE(ord_data))
3947 		loop = 0;
3948 
3949 	/* sysfs provides us PAGE_SIZE buffer */
3950 	while (len < PAGE_SIZE - 128 && loop < ARRAY_SIZE(ord_data)) {
3951 		val_len = sizeof(u32);
3952 
3953 		if (ipw2100_get_ordinal(priv, ord_data[loop].index, &val,
3954 					&val_len))
3955 			len += sprintf(buf + len, "[0x%02X] = ERROR    %s\n",
3956 				       ord_data[loop].index,
3957 				       ord_data[loop].desc);
3958 		else
3959 			len += sprintf(buf + len, "[0x%02X] = 0x%08X %s\n",
3960 				       ord_data[loop].index, val,
3961 				       ord_data[loop].desc);
3962 		loop++;
3963 	}
3964 
3965 	return len;
3966 }
3967 
3968 static DEVICE_ATTR_RO(ordinals);
3969 
3970 static ssize_t stats_show(struct device *d, struct device_attribute *attr,
3971 			  char *buf)
3972 {
3973 	struct ipw2100_priv *priv = dev_get_drvdata(d);
3974 	char *out = buf;
3975 
3976 	out += sprintf(out, "interrupts: %d {tx: %d, rx: %d, other: %d}\n",
3977 		       priv->interrupts, priv->tx_interrupts,
3978 		       priv->rx_interrupts, priv->inta_other);
3979 	out += sprintf(out, "firmware resets: %d\n", priv->resets);
3980 	out += sprintf(out, "firmware hangs: %d\n", priv->hangs);
3981 #ifdef CONFIG_IPW2100_DEBUG
3982 	out += sprintf(out, "packet mismatch image: %s\n",
3983 		       priv->snapshot[0] ? "YES" : "NO");
3984 #endif
3985 
3986 	return out - buf;
3987 }
3988 
3989 static DEVICE_ATTR_RO(stats);
3990 
3991 static int ipw2100_switch_mode(struct ipw2100_priv *priv, u32 mode)
3992 {
3993 	int err;
3994 
3995 	if (mode == priv->ieee->iw_mode)
3996 		return 0;
3997 
3998 	err = ipw2100_disable_adapter(priv);
3999 	if (err) {
4000 		printk(KERN_ERR DRV_NAME ": %s: Could not disable adapter %d\n",
4001 		       priv->net_dev->name, err);
4002 		return err;
4003 	}
4004 
4005 	switch (mode) {
4006 	case IW_MODE_INFRA:
4007 		priv->net_dev->type = ARPHRD_ETHER;
4008 		break;
4009 	case IW_MODE_ADHOC:
4010 		priv->net_dev->type = ARPHRD_ETHER;
4011 		break;
4012 #ifdef CONFIG_IPW2100_MONITOR
4013 	case IW_MODE_MONITOR:
4014 		priv->last_mode = priv->ieee->iw_mode;
4015 		priv->net_dev->type = ARPHRD_IEEE80211_RADIOTAP;
4016 		break;
4017 #endif				/* CONFIG_IPW2100_MONITOR */
4018 	}
4019 
4020 	priv->ieee->iw_mode = mode;
4021 
4022 #ifdef CONFIG_PM
4023 	/* Indicate ipw2100_download_firmware download firmware
4024 	 * from disk instead of memory. */
4025 	ipw2100_firmware.version = 0;
4026 #endif
4027 
4028 	printk(KERN_INFO "%s: Resetting on mode change.\n", priv->net_dev->name);
4029 	priv->reset_backoff = 0;
4030 	schedule_reset(priv);
4031 
4032 	return 0;
4033 }
4034 
4035 static ssize_t internals_show(struct device *d, struct device_attribute *attr,
4036 			      char *buf)
4037 {
4038 	struct ipw2100_priv *priv = dev_get_drvdata(d);
4039 	int len = 0;
4040 
4041 #define DUMP_VAR(x,y) len += sprintf(buf + len, # x ": %" y "\n", priv-> x)
4042 
4043 	if (priv->status & STATUS_ASSOCIATED)
4044 		len += sprintf(buf + len, "connected: %llu\n",
4045 			       ktime_get_boottime_seconds() - priv->connect_start);
4046 	else
4047 		len += sprintf(buf + len, "not connected\n");
4048 
4049 	DUMP_VAR(ieee->crypt_info.crypt[priv->ieee->crypt_info.tx_keyidx], "p");
4050 	DUMP_VAR(status, "08lx");
4051 	DUMP_VAR(config, "08lx");
4052 	DUMP_VAR(capability, "08lx");
4053 
4054 	len +=
4055 	    sprintf(buf + len, "last_rtc: %lu\n",
4056 		    (unsigned long)priv->last_rtc);
4057 
4058 	DUMP_VAR(fatal_error, "d");
4059 	DUMP_VAR(stop_hang_check, "d");
4060 	DUMP_VAR(stop_rf_kill, "d");
4061 	DUMP_VAR(messages_sent, "d");
4062 
4063 	DUMP_VAR(tx_pend_stat.value, "d");
4064 	DUMP_VAR(tx_pend_stat.hi, "d");
4065 
4066 	DUMP_VAR(tx_free_stat.value, "d");
4067 	DUMP_VAR(tx_free_stat.lo, "d");
4068 
4069 	DUMP_VAR(msg_free_stat.value, "d");
4070 	DUMP_VAR(msg_free_stat.lo, "d");
4071 
4072 	DUMP_VAR(msg_pend_stat.value, "d");
4073 	DUMP_VAR(msg_pend_stat.hi, "d");
4074 
4075 	DUMP_VAR(fw_pend_stat.value, "d");
4076 	DUMP_VAR(fw_pend_stat.hi, "d");
4077 
4078 	DUMP_VAR(txq_stat.value, "d");
4079 	DUMP_VAR(txq_stat.lo, "d");
4080 
4081 	DUMP_VAR(ieee->scans, "d");
4082 	DUMP_VAR(reset_backoff, "lld");
4083 
4084 	return len;
4085 }
4086 
4087 static DEVICE_ATTR_RO(internals);
4088 
4089 static ssize_t bssinfo_show(struct device *d, struct device_attribute *attr,
4090 			    char *buf)
4091 {
4092 	struct ipw2100_priv *priv = dev_get_drvdata(d);
4093 	char essid[IW_ESSID_MAX_SIZE + 1];
4094 	u8 bssid[ETH_ALEN];
4095 	u32 chan = 0;
4096 	char *out = buf;
4097 	unsigned int length;
4098 	int ret;
4099 
4100 	if (priv->status & STATUS_RF_KILL_MASK)
4101 		return 0;
4102 
4103 	memset(essid, 0, sizeof(essid));
4104 	memset(bssid, 0, sizeof(bssid));
4105 
4106 	length = IW_ESSID_MAX_SIZE;
4107 	ret = ipw2100_get_ordinal(priv, IPW_ORD_STAT_ASSN_SSID, essid, &length);
4108 	if (ret)
4109 		IPW_DEBUG_INFO("failed querying ordinals at line %d\n",
4110 			       __LINE__);
4111 
4112 	length = sizeof(bssid);
4113 	ret = ipw2100_get_ordinal(priv, IPW_ORD_STAT_ASSN_AP_BSSID,
4114 				  bssid, &length);
4115 	if (ret)
4116 		IPW_DEBUG_INFO("failed querying ordinals at line %d\n",
4117 			       __LINE__);
4118 
4119 	length = sizeof(u32);
4120 	ret = ipw2100_get_ordinal(priv, IPW_ORD_OUR_FREQ, &chan, &length);
4121 	if (ret)
4122 		IPW_DEBUG_INFO("failed querying ordinals at line %d\n",
4123 			       __LINE__);
4124 
4125 	out += sprintf(out, "ESSID: %s\n", essid);
4126 	out += sprintf(out, "BSSID:   %pM\n", bssid);
4127 	out += sprintf(out, "Channel: %d\n", chan);
4128 
4129 	return out - buf;
4130 }
4131 
4132 static DEVICE_ATTR_RO(bssinfo);
4133 
4134 #ifdef CONFIG_IPW2100_DEBUG
4135 static ssize_t debug_level_show(struct device_driver *d, char *buf)
4136 {
4137 	return sprintf(buf, "0x%08X\n", ipw2100_debug_level);
4138 }
4139 
4140 static ssize_t debug_level_store(struct device_driver *d,
4141 				 const char *buf, size_t count)
4142 {
4143 	u32 val;
4144 	int ret;
4145 
4146 	ret = kstrtou32(buf, 0, &val);
4147 	if (ret)
4148 		IPW_DEBUG_INFO(": %s is not in hex or decimal form.\n", buf);
4149 	else
4150 		ipw2100_debug_level = val;
4151 
4152 	return strnlen(buf, count);
4153 }
4154 static DRIVER_ATTR_RW(debug_level);
4155 #endif				/* CONFIG_IPW2100_DEBUG */
4156 
4157 static ssize_t fatal_error_show(struct device *d,
4158 				struct device_attribute *attr, char *buf)
4159 {
4160 	struct ipw2100_priv *priv = dev_get_drvdata(d);
4161 	char *out = buf;
4162 	int i;
4163 
4164 	if (priv->fatal_error)
4165 		out += sprintf(out, "0x%08X\n", priv->fatal_error);
4166 	else
4167 		out += sprintf(out, "0\n");
4168 
4169 	for (i = 1; i <= IPW2100_ERROR_QUEUE; i++) {
4170 		if (!priv->fatal_errors[(priv->fatal_index - i) %
4171 					IPW2100_ERROR_QUEUE])
4172 			continue;
4173 
4174 		out += sprintf(out, "%d. 0x%08X\n", i,
4175 			       priv->fatal_errors[(priv->fatal_index - i) %
4176 						  IPW2100_ERROR_QUEUE]);
4177 	}
4178 
4179 	return out - buf;
4180 }
4181 
4182 static ssize_t fatal_error_store(struct device *d,
4183 				 struct device_attribute *attr, const char *buf,
4184 				 size_t count)
4185 {
4186 	struct ipw2100_priv *priv = dev_get_drvdata(d);
4187 	schedule_reset(priv);
4188 	return count;
4189 }
4190 
4191 static DEVICE_ATTR_RW(fatal_error);
4192 
4193 static ssize_t scan_age_show(struct device *d, struct device_attribute *attr,
4194 			     char *buf)
4195 {
4196 	struct ipw2100_priv *priv = dev_get_drvdata(d);
4197 	return sprintf(buf, "%d\n", priv->ieee->scan_age);
4198 }
4199 
4200 static ssize_t scan_age_store(struct device *d, struct device_attribute *attr,
4201 			      const char *buf, size_t count)
4202 {
4203 	struct ipw2100_priv *priv = dev_get_drvdata(d);
4204 	struct net_device *dev = priv->net_dev;
4205 	unsigned long val;
4206 	int ret;
4207 
4208 	(void)dev;		/* kill unused-var warning for debug-only code */
4209 
4210 	IPW_DEBUG_INFO("enter\n");
4211 
4212 	ret = kstrtoul(buf, 0, &val);
4213 	if (ret) {
4214 		IPW_DEBUG_INFO("%s: user supplied invalid value.\n", dev->name);
4215 	} else {
4216 		priv->ieee->scan_age = val;
4217 		IPW_DEBUG_INFO("set scan_age = %u\n", priv->ieee->scan_age);
4218 	}
4219 
4220 	IPW_DEBUG_INFO("exit\n");
4221 	return strnlen(buf, count);
4222 }
4223 
4224 static DEVICE_ATTR_RW(scan_age);
4225 
4226 static ssize_t rf_kill_show(struct device *d, struct device_attribute *attr,
4227 			    char *buf)
4228 {
4229 	/* 0 - RF kill not enabled
4230 	   1 - SW based RF kill active (sysfs)
4231 	   2 - HW based RF kill active
4232 	   3 - Both HW and SW baed RF kill active */
4233 	struct ipw2100_priv *priv = dev_get_drvdata(d);
4234 	int val = ((priv->status & STATUS_RF_KILL_SW) ? 0x1 : 0x0) |
4235 	    (rf_kill_active(priv) ? 0x2 : 0x0);
4236 	return sprintf(buf, "%i\n", val);
4237 }
4238 
4239 static int ipw_radio_kill_sw(struct ipw2100_priv *priv, int disable_radio)
4240 {
4241 	if ((disable_radio ? 1 : 0) ==
4242 	    (priv->status & STATUS_RF_KILL_SW ? 1 : 0))
4243 		return 0;
4244 
4245 	IPW_DEBUG_RF_KILL("Manual SW RF Kill set to: RADIO  %s\n",
4246 			  disable_radio ? "OFF" : "ON");
4247 
4248 	mutex_lock(&priv->action_mutex);
4249 
4250 	if (disable_radio) {
4251 		priv->status |= STATUS_RF_KILL_SW;
4252 		ipw2100_down(priv);
4253 	} else {
4254 		priv->status &= ~STATUS_RF_KILL_SW;
4255 		if (rf_kill_active(priv)) {
4256 			IPW_DEBUG_RF_KILL("Can not turn radio back on - "
4257 					  "disabled by HW switch\n");
4258 			/* Make sure the RF_KILL check timer is running */
4259 			priv->stop_rf_kill = 0;
4260 			mod_delayed_work(system_wq, &priv->rf_kill,
4261 					 round_jiffies_relative(HZ));
4262 		} else
4263 			schedule_reset(priv);
4264 	}
4265 
4266 	mutex_unlock(&priv->action_mutex);
4267 	return 1;
4268 }
4269 
4270 static ssize_t rf_kill_store(struct device *d, struct device_attribute *attr,
4271 			     const char *buf, size_t count)
4272 {
4273 	struct ipw2100_priv *priv = dev_get_drvdata(d);
4274 	ipw_radio_kill_sw(priv, buf[0] == '1');
4275 	return count;
4276 }
4277 
4278 static DEVICE_ATTR_RW(rf_kill);
4279 
4280 static struct attribute *ipw2100_sysfs_entries[] = {
4281 	&dev_attr_hardware.attr,
4282 	&dev_attr_registers.attr,
4283 	&dev_attr_ordinals.attr,
4284 	&dev_attr_pci.attr,
4285 	&dev_attr_stats.attr,
4286 	&dev_attr_internals.attr,
4287 	&dev_attr_bssinfo.attr,
4288 	&dev_attr_memory.attr,
4289 	&dev_attr_scan_age.attr,
4290 	&dev_attr_fatal_error.attr,
4291 	&dev_attr_rf_kill.attr,
4292 	&dev_attr_cfg.attr,
4293 	&dev_attr_status.attr,
4294 	&dev_attr_capability.attr,
4295 	NULL,
4296 };
4297 
4298 static const struct attribute_group ipw2100_attribute_group = {
4299 	.attrs = ipw2100_sysfs_entries,
4300 };
4301 
4302 static int status_queue_allocate(struct ipw2100_priv *priv, int entries)
4303 {
4304 	struct ipw2100_status_queue *q = &priv->status_queue;
4305 
4306 	IPW_DEBUG_INFO("enter\n");
4307 
4308 	q->size = entries * sizeof(struct ipw2100_status);
4309 	q->drv = dma_alloc_coherent(&priv->pci_dev->dev, q->size, &q->nic,
4310 				    GFP_KERNEL);
4311 	if (!q->drv) {
4312 		IPW_DEBUG_WARNING("Can not allocate status queue.\n");
4313 		return -ENOMEM;
4314 	}
4315 
4316 	IPW_DEBUG_INFO("exit\n");
4317 
4318 	return 0;
4319 }
4320 
4321 static void status_queue_free(struct ipw2100_priv *priv)
4322 {
4323 	IPW_DEBUG_INFO("enter\n");
4324 
4325 	if (priv->status_queue.drv) {
4326 		dma_free_coherent(&priv->pci_dev->dev,
4327 				  priv->status_queue.size,
4328 				  priv->status_queue.drv,
4329 				  priv->status_queue.nic);
4330 		priv->status_queue.drv = NULL;
4331 	}
4332 
4333 	IPW_DEBUG_INFO("exit\n");
4334 }
4335 
4336 static int bd_queue_allocate(struct ipw2100_priv *priv,
4337 			     struct ipw2100_bd_queue *q, int entries)
4338 {
4339 	IPW_DEBUG_INFO("enter\n");
4340 
4341 	memset(q, 0, sizeof(struct ipw2100_bd_queue));
4342 
4343 	q->entries = entries;
4344 	q->size = entries * sizeof(struct ipw2100_bd);
4345 	q->drv = dma_alloc_coherent(&priv->pci_dev->dev, q->size, &q->nic,
4346 				    GFP_KERNEL);
4347 	if (!q->drv) {
4348 		IPW_DEBUG_INFO
4349 		    ("can't allocate shared memory for buffer descriptors\n");
4350 		return -ENOMEM;
4351 	}
4352 
4353 	IPW_DEBUG_INFO("exit\n");
4354 
4355 	return 0;
4356 }
4357 
4358 static void bd_queue_free(struct ipw2100_priv *priv, struct ipw2100_bd_queue *q)
4359 {
4360 	IPW_DEBUG_INFO("enter\n");
4361 
4362 	if (!q)
4363 		return;
4364 
4365 	if (q->drv) {
4366 		dma_free_coherent(&priv->pci_dev->dev, q->size, q->drv,
4367 				  q->nic);
4368 		q->drv = NULL;
4369 	}
4370 
4371 	IPW_DEBUG_INFO("exit\n");
4372 }
4373 
4374 static void bd_queue_initialize(struct ipw2100_priv *priv,
4375 				struct ipw2100_bd_queue *q, u32 base, u32 size,
4376 				u32 r, u32 w)
4377 {
4378 	IPW_DEBUG_INFO("enter\n");
4379 
4380 	IPW_DEBUG_INFO("initializing bd queue at virt=%p, phys=%08x\n", q->drv,
4381 		       (u32) q->nic);
4382 
4383 	write_register(priv->net_dev, base, q->nic);
4384 	write_register(priv->net_dev, size, q->entries);
4385 	write_register(priv->net_dev, r, q->oldest);
4386 	write_register(priv->net_dev, w, q->next);
4387 
4388 	IPW_DEBUG_INFO("exit\n");
4389 }
4390 
4391 static void ipw2100_kill_works(struct ipw2100_priv *priv)
4392 {
4393 	priv->stop_rf_kill = 1;
4394 	priv->stop_hang_check = 1;
4395 	cancel_delayed_work_sync(&priv->reset_work);
4396 	cancel_delayed_work_sync(&priv->security_work);
4397 	cancel_delayed_work_sync(&priv->wx_event_work);
4398 	cancel_delayed_work_sync(&priv->hang_check);
4399 	cancel_delayed_work_sync(&priv->rf_kill);
4400 	cancel_delayed_work_sync(&priv->scan_event);
4401 }
4402 
4403 static int ipw2100_tx_allocate(struct ipw2100_priv *priv)
4404 {
4405 	int i, j, err;
4406 	void *v;
4407 	dma_addr_t p;
4408 
4409 	IPW_DEBUG_INFO("enter\n");
4410 
4411 	err = bd_queue_allocate(priv, &priv->tx_queue, TX_QUEUE_LENGTH);
4412 	if (err) {
4413 		IPW_DEBUG_ERROR("%s: failed bd_queue_allocate\n",
4414 				priv->net_dev->name);
4415 		return err;
4416 	}
4417 
4418 	priv->tx_buffers = kmalloc_array(TX_PENDED_QUEUE_LENGTH,
4419 					 sizeof(struct ipw2100_tx_packet),
4420 					 GFP_KERNEL);
4421 	if (!priv->tx_buffers) {
4422 		bd_queue_free(priv, &priv->tx_queue);
4423 		return -ENOMEM;
4424 	}
4425 
4426 	for (i = 0; i < TX_PENDED_QUEUE_LENGTH; i++) {
4427 		v = dma_alloc_coherent(&priv->pci_dev->dev,
4428 				       sizeof(struct ipw2100_data_header), &p,
4429 				       GFP_KERNEL);
4430 		if (!v) {
4431 			printk(KERN_ERR DRV_NAME
4432 			       ": %s: PCI alloc failed for tx " "buffers.\n",
4433 			       priv->net_dev->name);
4434 			err = -ENOMEM;
4435 			break;
4436 		}
4437 
4438 		priv->tx_buffers[i].type = DATA;
4439 		priv->tx_buffers[i].info.d_struct.data =
4440 		    (struct ipw2100_data_header *)v;
4441 		priv->tx_buffers[i].info.d_struct.data_phys = p;
4442 		priv->tx_buffers[i].info.d_struct.txb = NULL;
4443 	}
4444 
4445 	if (i == TX_PENDED_QUEUE_LENGTH)
4446 		return 0;
4447 
4448 	for (j = 0; j < i; j++) {
4449 		dma_free_coherent(&priv->pci_dev->dev,
4450 				  sizeof(struct ipw2100_data_header),
4451 				  priv->tx_buffers[j].info.d_struct.data,
4452 				  priv->tx_buffers[j].info.d_struct.data_phys);
4453 	}
4454 
4455 	kfree(priv->tx_buffers);
4456 	priv->tx_buffers = NULL;
4457 
4458 	return err;
4459 }
4460 
4461 static void ipw2100_tx_initialize(struct ipw2100_priv *priv)
4462 {
4463 	int i;
4464 
4465 	IPW_DEBUG_INFO("enter\n");
4466 
4467 	/*
4468 	 * reinitialize packet info lists
4469 	 */
4470 	INIT_LIST_HEAD(&priv->fw_pend_list);
4471 	INIT_STAT(&priv->fw_pend_stat);
4472 
4473 	/*
4474 	 * reinitialize lists
4475 	 */
4476 	INIT_LIST_HEAD(&priv->tx_pend_list);
4477 	INIT_LIST_HEAD(&priv->tx_free_list);
4478 	INIT_STAT(&priv->tx_pend_stat);
4479 	INIT_STAT(&priv->tx_free_stat);
4480 
4481 	for (i = 0; i < TX_PENDED_QUEUE_LENGTH; i++) {
4482 		/* We simply drop any SKBs that have been queued for
4483 		 * transmit */
4484 		if (priv->tx_buffers[i].info.d_struct.txb) {
4485 			libipw_txb_free(priv->tx_buffers[i].info.d_struct.
4486 					   txb);
4487 			priv->tx_buffers[i].info.d_struct.txb = NULL;
4488 		}
4489 
4490 		list_add_tail(&priv->tx_buffers[i].list, &priv->tx_free_list);
4491 	}
4492 
4493 	SET_STAT(&priv->tx_free_stat, i);
4494 
4495 	priv->tx_queue.oldest = 0;
4496 	priv->tx_queue.available = priv->tx_queue.entries;
4497 	priv->tx_queue.next = 0;
4498 	INIT_STAT(&priv->txq_stat);
4499 	SET_STAT(&priv->txq_stat, priv->tx_queue.available);
4500 
4501 	bd_queue_initialize(priv, &priv->tx_queue,
4502 			    IPW_MEM_HOST_SHARED_TX_QUEUE_BD_BASE,
4503 			    IPW_MEM_HOST_SHARED_TX_QUEUE_BD_SIZE,
4504 			    IPW_MEM_HOST_SHARED_TX_QUEUE_READ_INDEX,
4505 			    IPW_MEM_HOST_SHARED_TX_QUEUE_WRITE_INDEX);
4506 
4507 	IPW_DEBUG_INFO("exit\n");
4508 
4509 }
4510 
4511 static void ipw2100_tx_free(struct ipw2100_priv *priv)
4512 {
4513 	int i;
4514 
4515 	IPW_DEBUG_INFO("enter\n");
4516 
4517 	bd_queue_free(priv, &priv->tx_queue);
4518 
4519 	if (!priv->tx_buffers)
4520 		return;
4521 
4522 	for (i = 0; i < TX_PENDED_QUEUE_LENGTH; i++) {
4523 		if (priv->tx_buffers[i].info.d_struct.txb) {
4524 			libipw_txb_free(priv->tx_buffers[i].info.d_struct.
4525 					   txb);
4526 			priv->tx_buffers[i].info.d_struct.txb = NULL;
4527 		}
4528 		if (priv->tx_buffers[i].info.d_struct.data)
4529 			dma_free_coherent(&priv->pci_dev->dev,
4530 					  sizeof(struct ipw2100_data_header),
4531 					  priv->tx_buffers[i].info.d_struct.data,
4532 					  priv->tx_buffers[i].info.d_struct.data_phys);
4533 	}
4534 
4535 	kfree(priv->tx_buffers);
4536 	priv->tx_buffers = NULL;
4537 
4538 	IPW_DEBUG_INFO("exit\n");
4539 }
4540 
4541 static int ipw2100_rx_allocate(struct ipw2100_priv *priv)
4542 {
4543 	int i, j, err = -EINVAL;
4544 
4545 	IPW_DEBUG_INFO("enter\n");
4546 
4547 	err = bd_queue_allocate(priv, &priv->rx_queue, RX_QUEUE_LENGTH);
4548 	if (err) {
4549 		IPW_DEBUG_INFO("failed bd_queue_allocate\n");
4550 		return err;
4551 	}
4552 
4553 	err = status_queue_allocate(priv, RX_QUEUE_LENGTH);
4554 	if (err) {
4555 		IPW_DEBUG_INFO("failed status_queue_allocate\n");
4556 		bd_queue_free(priv, &priv->rx_queue);
4557 		return err;
4558 	}
4559 
4560 	/*
4561 	 * allocate packets
4562 	 */
4563 	priv->rx_buffers = kmalloc_array(RX_QUEUE_LENGTH,
4564 					 sizeof(struct ipw2100_rx_packet),
4565 					 GFP_KERNEL);
4566 	if (!priv->rx_buffers) {
4567 		IPW_DEBUG_INFO("can't allocate rx packet buffer table\n");
4568 
4569 		bd_queue_free(priv, &priv->rx_queue);
4570 
4571 		status_queue_free(priv);
4572 
4573 		return -ENOMEM;
4574 	}
4575 
4576 	for (i = 0; i < RX_QUEUE_LENGTH; i++) {
4577 		struct ipw2100_rx_packet *packet = &priv->rx_buffers[i];
4578 
4579 		err = ipw2100_alloc_skb(priv, packet);
4580 		if (unlikely(err)) {
4581 			err = -ENOMEM;
4582 			break;
4583 		}
4584 
4585 		/* The BD holds the cache aligned address */
4586 		priv->rx_queue.drv[i].host_addr = packet->dma_addr;
4587 		priv->rx_queue.drv[i].buf_length = IPW_RX_NIC_BUFFER_LENGTH;
4588 		priv->status_queue.drv[i].status_fields = 0;
4589 	}
4590 
4591 	if (i == RX_QUEUE_LENGTH)
4592 		return 0;
4593 
4594 	for (j = 0; j < i; j++) {
4595 		dma_unmap_single(&priv->pci_dev->dev,
4596 				 priv->rx_buffers[j].dma_addr,
4597 				 sizeof(struct ipw2100_rx_packet),
4598 				 DMA_FROM_DEVICE);
4599 		dev_kfree_skb(priv->rx_buffers[j].skb);
4600 	}
4601 
4602 	kfree(priv->rx_buffers);
4603 	priv->rx_buffers = NULL;
4604 
4605 	bd_queue_free(priv, &priv->rx_queue);
4606 
4607 	status_queue_free(priv);
4608 
4609 	return err;
4610 }
4611 
4612 static void ipw2100_rx_initialize(struct ipw2100_priv *priv)
4613 {
4614 	IPW_DEBUG_INFO("enter\n");
4615 
4616 	priv->rx_queue.oldest = 0;
4617 	priv->rx_queue.available = priv->rx_queue.entries - 1;
4618 	priv->rx_queue.next = priv->rx_queue.entries - 1;
4619 
4620 	INIT_STAT(&priv->rxq_stat);
4621 	SET_STAT(&priv->rxq_stat, priv->rx_queue.available);
4622 
4623 	bd_queue_initialize(priv, &priv->rx_queue,
4624 			    IPW_MEM_HOST_SHARED_RX_BD_BASE,
4625 			    IPW_MEM_HOST_SHARED_RX_BD_SIZE,
4626 			    IPW_MEM_HOST_SHARED_RX_READ_INDEX,
4627 			    IPW_MEM_HOST_SHARED_RX_WRITE_INDEX);
4628 
4629 	/* set up the status queue */
4630 	write_register(priv->net_dev, IPW_MEM_HOST_SHARED_RX_STATUS_BASE,
4631 		       priv->status_queue.nic);
4632 
4633 	IPW_DEBUG_INFO("exit\n");
4634 }
4635 
4636 static void ipw2100_rx_free(struct ipw2100_priv *priv)
4637 {
4638 	int i;
4639 
4640 	IPW_DEBUG_INFO("enter\n");
4641 
4642 	bd_queue_free(priv, &priv->rx_queue);
4643 	status_queue_free(priv);
4644 
4645 	if (!priv->rx_buffers)
4646 		return;
4647 
4648 	for (i = 0; i < RX_QUEUE_LENGTH; i++) {
4649 		if (priv->rx_buffers[i].rxp) {
4650 			dma_unmap_single(&priv->pci_dev->dev,
4651 					 priv->rx_buffers[i].dma_addr,
4652 					 sizeof(struct ipw2100_rx),
4653 					 DMA_FROM_DEVICE);
4654 			dev_kfree_skb(priv->rx_buffers[i].skb);
4655 		}
4656 	}
4657 
4658 	kfree(priv->rx_buffers);
4659 	priv->rx_buffers = NULL;
4660 
4661 	IPW_DEBUG_INFO("exit\n");
4662 }
4663 
4664 static int ipw2100_read_mac_address(struct ipw2100_priv *priv)
4665 {
4666 	u32 length = ETH_ALEN;
4667 	u8 addr[ETH_ALEN];
4668 
4669 	int err;
4670 
4671 	err = ipw2100_get_ordinal(priv, IPW_ORD_STAT_ADAPTER_MAC, addr, &length);
4672 	if (err) {
4673 		IPW_DEBUG_INFO("MAC address read failed\n");
4674 		return -EIO;
4675 	}
4676 
4677 	eth_hw_addr_set(priv->net_dev, addr);
4678 	IPW_DEBUG_INFO("card MAC is %pM\n", priv->net_dev->dev_addr);
4679 
4680 	return 0;
4681 }
4682 
4683 /********************************************************************
4684  *
4685  * Firmware Commands
4686  *
4687  ********************************************************************/
4688 
4689 static int ipw2100_set_mac_address(struct ipw2100_priv *priv, int batch_mode)
4690 {
4691 	struct host_command cmd = {
4692 		.host_command = ADAPTER_ADDRESS,
4693 		.host_command_sequence = 0,
4694 		.host_command_length = ETH_ALEN
4695 	};
4696 	int err;
4697 
4698 	IPW_DEBUG_HC("SET_MAC_ADDRESS\n");
4699 
4700 	IPW_DEBUG_INFO("enter\n");
4701 
4702 	if (priv->config & CFG_CUSTOM_MAC) {
4703 		memcpy(cmd.host_command_parameters, priv->mac_addr, ETH_ALEN);
4704 		eth_hw_addr_set(priv->net_dev, priv->mac_addr);
4705 	} else
4706 		memcpy(cmd.host_command_parameters, priv->net_dev->dev_addr,
4707 		       ETH_ALEN);
4708 
4709 	err = ipw2100_hw_send_command(priv, &cmd);
4710 
4711 	IPW_DEBUG_INFO("exit\n");
4712 	return err;
4713 }
4714 
4715 static int ipw2100_set_port_type(struct ipw2100_priv *priv, u32 port_type,
4716 				 int batch_mode)
4717 {
4718 	struct host_command cmd = {
4719 		.host_command = PORT_TYPE,
4720 		.host_command_sequence = 0,
4721 		.host_command_length = sizeof(u32)
4722 	};
4723 	int err;
4724 
4725 	switch (port_type) {
4726 	case IW_MODE_INFRA:
4727 		cmd.host_command_parameters[0] = IPW_BSS;
4728 		break;
4729 	case IW_MODE_ADHOC:
4730 		cmd.host_command_parameters[0] = IPW_IBSS;
4731 		break;
4732 	}
4733 
4734 	IPW_DEBUG_HC("PORT_TYPE: %s\n",
4735 		     port_type == IPW_IBSS ? "Ad-Hoc" : "Managed");
4736 
4737 	if (!batch_mode) {
4738 		err = ipw2100_disable_adapter(priv);
4739 		if (err) {
4740 			printk(KERN_ERR DRV_NAME
4741 			       ": %s: Could not disable adapter %d\n",
4742 			       priv->net_dev->name, err);
4743 			return err;
4744 		}
4745 	}
4746 
4747 	/* send cmd to firmware */
4748 	err = ipw2100_hw_send_command(priv, &cmd);
4749 
4750 	if (!batch_mode)
4751 		ipw2100_enable_adapter(priv);
4752 
4753 	return err;
4754 }
4755 
4756 static int ipw2100_set_channel(struct ipw2100_priv *priv, u32 channel,
4757 			       int batch_mode)
4758 {
4759 	struct host_command cmd = {
4760 		.host_command = CHANNEL,
4761 		.host_command_sequence = 0,
4762 		.host_command_length = sizeof(u32)
4763 	};
4764 	int err;
4765 
4766 	cmd.host_command_parameters[0] = channel;
4767 
4768 	IPW_DEBUG_HC("CHANNEL: %d\n", channel);
4769 
4770 	/* If BSS then we don't support channel selection */
4771 	if (priv->ieee->iw_mode == IW_MODE_INFRA)
4772 		return 0;
4773 
4774 	if ((channel != 0) &&
4775 	    ((channel < REG_MIN_CHANNEL) || (channel > REG_MAX_CHANNEL)))
4776 		return -EINVAL;
4777 
4778 	if (!batch_mode) {
4779 		err = ipw2100_disable_adapter(priv);
4780 		if (err)
4781 			return err;
4782 	}
4783 
4784 	err = ipw2100_hw_send_command(priv, &cmd);
4785 	if (err) {
4786 		IPW_DEBUG_INFO("Failed to set channel to %d", channel);
4787 		return err;
4788 	}
4789 
4790 	if (channel)
4791 		priv->config |= CFG_STATIC_CHANNEL;
4792 	else
4793 		priv->config &= ~CFG_STATIC_CHANNEL;
4794 
4795 	priv->channel = channel;
4796 
4797 	if (!batch_mode) {
4798 		err = ipw2100_enable_adapter(priv);
4799 		if (err)
4800 			return err;
4801 	}
4802 
4803 	return 0;
4804 }
4805 
4806 static int ipw2100_system_config(struct ipw2100_priv *priv, int batch_mode)
4807 {
4808 	struct host_command cmd = {
4809 		.host_command = SYSTEM_CONFIG,
4810 		.host_command_sequence = 0,
4811 		.host_command_length = 12,
4812 	};
4813 	u32 ibss_mask, len = sizeof(u32);
4814 	int err;
4815 
4816 	/* Set system configuration */
4817 
4818 	if (!batch_mode) {
4819 		err = ipw2100_disable_adapter(priv);
4820 		if (err)
4821 			return err;
4822 	}
4823 
4824 	if (priv->ieee->iw_mode == IW_MODE_ADHOC)
4825 		cmd.host_command_parameters[0] |= IPW_CFG_IBSS_AUTO_START;
4826 
4827 	cmd.host_command_parameters[0] |= IPW_CFG_IBSS_MASK |
4828 	    IPW_CFG_BSS_MASK | IPW_CFG_802_1x_ENABLE;
4829 
4830 	if (!(priv->config & CFG_LONG_PREAMBLE))
4831 		cmd.host_command_parameters[0] |= IPW_CFG_PREAMBLE_AUTO;
4832 
4833 	err = ipw2100_get_ordinal(priv,
4834 				  IPW_ORD_EEPROM_IBSS_11B_CHANNELS,
4835 				  &ibss_mask, &len);
4836 	if (err)
4837 		ibss_mask = IPW_IBSS_11B_DEFAULT_MASK;
4838 
4839 	cmd.host_command_parameters[1] = REG_CHANNEL_MASK;
4840 	cmd.host_command_parameters[2] = REG_CHANNEL_MASK & ibss_mask;
4841 
4842 	/* 11b only */
4843 	/*cmd.host_command_parameters[0] |= DIVERSITY_ANTENNA_A; */
4844 
4845 	err = ipw2100_hw_send_command(priv, &cmd);
4846 	if (err)
4847 		return err;
4848 
4849 /* If IPv6 is configured in the kernel then we don't want to filter out all
4850  * of the multicast packets as IPv6 needs some. */
4851 #if !defined(CONFIG_IPV6) && !defined(CONFIG_IPV6_MODULE)
4852 	cmd.host_command = ADD_MULTICAST;
4853 	cmd.host_command_sequence = 0;
4854 	cmd.host_command_length = 0;
4855 
4856 	ipw2100_hw_send_command(priv, &cmd);
4857 #endif
4858 	if (!batch_mode) {
4859 		err = ipw2100_enable_adapter(priv);
4860 		if (err)
4861 			return err;
4862 	}
4863 
4864 	return 0;
4865 }
4866 
4867 static int ipw2100_set_tx_rates(struct ipw2100_priv *priv, u32 rate,
4868 				int batch_mode)
4869 {
4870 	struct host_command cmd = {
4871 		.host_command = BASIC_TX_RATES,
4872 		.host_command_sequence = 0,
4873 		.host_command_length = 4
4874 	};
4875 	int err;
4876 
4877 	cmd.host_command_parameters[0] = rate & TX_RATE_MASK;
4878 
4879 	if (!batch_mode) {
4880 		err = ipw2100_disable_adapter(priv);
4881 		if (err)
4882 			return err;
4883 	}
4884 
4885 	/* Set BASIC TX Rate first */
4886 	ipw2100_hw_send_command(priv, &cmd);
4887 
4888 	/* Set TX Rate */
4889 	cmd.host_command = TX_RATES;
4890 	ipw2100_hw_send_command(priv, &cmd);
4891 
4892 	/* Set MSDU TX Rate */
4893 	cmd.host_command = MSDU_TX_RATES;
4894 	ipw2100_hw_send_command(priv, &cmd);
4895 
4896 	if (!batch_mode) {
4897 		err = ipw2100_enable_adapter(priv);
4898 		if (err)
4899 			return err;
4900 	}
4901 
4902 	priv->tx_rates = rate;
4903 
4904 	return 0;
4905 }
4906 
4907 static int ipw2100_set_power_mode(struct ipw2100_priv *priv, int power_level)
4908 {
4909 	struct host_command cmd = {
4910 		.host_command = POWER_MODE,
4911 		.host_command_sequence = 0,
4912 		.host_command_length = 4
4913 	};
4914 	int err;
4915 
4916 	cmd.host_command_parameters[0] = power_level;
4917 
4918 	err = ipw2100_hw_send_command(priv, &cmd);
4919 	if (err)
4920 		return err;
4921 
4922 	if (power_level == IPW_POWER_MODE_CAM)
4923 		priv->power_mode = IPW_POWER_LEVEL(priv->power_mode);
4924 	else
4925 		priv->power_mode = IPW_POWER_ENABLED | power_level;
4926 
4927 #ifdef IPW2100_TX_POWER
4928 	if (priv->port_type == IBSS && priv->adhoc_power != DFTL_IBSS_TX_POWER) {
4929 		/* Set beacon interval */
4930 		cmd.host_command = TX_POWER_INDEX;
4931 		cmd.host_command_parameters[0] = (u32) priv->adhoc_power;
4932 
4933 		err = ipw2100_hw_send_command(priv, &cmd);
4934 		if (err)
4935 			return err;
4936 	}
4937 #endif
4938 
4939 	return 0;
4940 }
4941 
4942 static int ipw2100_set_rts_threshold(struct ipw2100_priv *priv, u32 threshold)
4943 {
4944 	struct host_command cmd = {
4945 		.host_command = RTS_THRESHOLD,
4946 		.host_command_sequence = 0,
4947 		.host_command_length = 4
4948 	};
4949 	int err;
4950 
4951 	if (threshold & RTS_DISABLED)
4952 		cmd.host_command_parameters[0] = MAX_RTS_THRESHOLD;
4953 	else
4954 		cmd.host_command_parameters[0] = threshold & ~RTS_DISABLED;
4955 
4956 	err = ipw2100_hw_send_command(priv, &cmd);
4957 	if (err)
4958 		return err;
4959 
4960 	priv->rts_threshold = threshold;
4961 
4962 	return 0;
4963 }
4964 
4965 #if 0
4966 int ipw2100_set_fragmentation_threshold(struct ipw2100_priv *priv,
4967 					u32 threshold, int batch_mode)
4968 {
4969 	struct host_command cmd = {
4970 		.host_command = FRAG_THRESHOLD,
4971 		.host_command_sequence = 0,
4972 		.host_command_length = 4,
4973 		.host_command_parameters[0] = 0,
4974 	};
4975 	int err;
4976 
4977 	if (!batch_mode) {
4978 		err = ipw2100_disable_adapter(priv);
4979 		if (err)
4980 			return err;
4981 	}
4982 
4983 	if (threshold == 0)
4984 		threshold = DEFAULT_FRAG_THRESHOLD;
4985 	else {
4986 		threshold = max(threshold, MIN_FRAG_THRESHOLD);
4987 		threshold = min(threshold, MAX_FRAG_THRESHOLD);
4988 	}
4989 
4990 	cmd.host_command_parameters[0] = threshold;
4991 
4992 	IPW_DEBUG_HC("FRAG_THRESHOLD: %u\n", threshold);
4993 
4994 	err = ipw2100_hw_send_command(priv, &cmd);
4995 
4996 	if (!batch_mode)
4997 		ipw2100_enable_adapter(priv);
4998 
4999 	if (!err)
5000 		priv->frag_threshold = threshold;
5001 
5002 	return err;
5003 }
5004 #endif
5005 
5006 static int ipw2100_set_short_retry(struct ipw2100_priv *priv, u32 retry)
5007 {
5008 	struct host_command cmd = {
5009 		.host_command = SHORT_RETRY_LIMIT,
5010 		.host_command_sequence = 0,
5011 		.host_command_length = 4
5012 	};
5013 	int err;
5014 
5015 	cmd.host_command_parameters[0] = retry;
5016 
5017 	err = ipw2100_hw_send_command(priv, &cmd);
5018 	if (err)
5019 		return err;
5020 
5021 	priv->short_retry_limit = retry;
5022 
5023 	return 0;
5024 }
5025 
5026 static int ipw2100_set_long_retry(struct ipw2100_priv *priv, u32 retry)
5027 {
5028 	struct host_command cmd = {
5029 		.host_command = LONG_RETRY_LIMIT,
5030 		.host_command_sequence = 0,
5031 		.host_command_length = 4
5032 	};
5033 	int err;
5034 
5035 	cmd.host_command_parameters[0] = retry;
5036 
5037 	err = ipw2100_hw_send_command(priv, &cmd);
5038 	if (err)
5039 		return err;
5040 
5041 	priv->long_retry_limit = retry;
5042 
5043 	return 0;
5044 }
5045 
5046 static int ipw2100_set_mandatory_bssid(struct ipw2100_priv *priv, u8 * bssid,
5047 				       int batch_mode)
5048 {
5049 	struct host_command cmd = {
5050 		.host_command = MANDATORY_BSSID,
5051 		.host_command_sequence = 0,
5052 		.host_command_length = (bssid == NULL) ? 0 : ETH_ALEN
5053 	};
5054 	int err;
5055 
5056 #ifdef CONFIG_IPW2100_DEBUG
5057 	if (bssid != NULL)
5058 		IPW_DEBUG_HC("MANDATORY_BSSID: %pM\n", bssid);
5059 	else
5060 		IPW_DEBUG_HC("MANDATORY_BSSID: <clear>\n");
5061 #endif
5062 	/* if BSSID is empty then we disable mandatory bssid mode */
5063 	if (bssid != NULL)
5064 		memcpy(cmd.host_command_parameters, bssid, ETH_ALEN);
5065 
5066 	if (!batch_mode) {
5067 		err = ipw2100_disable_adapter(priv);
5068 		if (err)
5069 			return err;
5070 	}
5071 
5072 	err = ipw2100_hw_send_command(priv, &cmd);
5073 
5074 	if (!batch_mode)
5075 		ipw2100_enable_adapter(priv);
5076 
5077 	return err;
5078 }
5079 
5080 static int ipw2100_disassociate_bssid(struct ipw2100_priv *priv)
5081 {
5082 	struct host_command cmd = {
5083 		.host_command = DISASSOCIATION_BSSID,
5084 		.host_command_sequence = 0,
5085 		.host_command_length = ETH_ALEN
5086 	};
5087 	int err;
5088 
5089 	IPW_DEBUG_HC("DISASSOCIATION_BSSID\n");
5090 
5091 	/* The Firmware currently ignores the BSSID and just disassociates from
5092 	 * the currently associated AP -- but in the off chance that a future
5093 	 * firmware does use the BSSID provided here, we go ahead and try and
5094 	 * set it to the currently associated AP's BSSID */
5095 	memcpy(cmd.host_command_parameters, priv->bssid, ETH_ALEN);
5096 
5097 	err = ipw2100_hw_send_command(priv, &cmd);
5098 
5099 	return err;
5100 }
5101 
5102 static int ipw2100_set_wpa_ie(struct ipw2100_priv *,
5103 			      struct ipw2100_wpa_assoc_frame *, int)
5104     __attribute__ ((unused));
5105 
5106 static int ipw2100_set_wpa_ie(struct ipw2100_priv *priv,
5107 			      struct ipw2100_wpa_assoc_frame *wpa_frame,
5108 			      int batch_mode)
5109 {
5110 	struct host_command cmd = {
5111 		.host_command = SET_WPA_IE,
5112 		.host_command_sequence = 0,
5113 		.host_command_length = sizeof(struct ipw2100_wpa_assoc_frame),
5114 	};
5115 	int err;
5116 
5117 	IPW_DEBUG_HC("SET_WPA_IE\n");
5118 
5119 	if (!batch_mode) {
5120 		err = ipw2100_disable_adapter(priv);
5121 		if (err)
5122 			return err;
5123 	}
5124 
5125 	memcpy(cmd.host_command_parameters, wpa_frame,
5126 	       sizeof(struct ipw2100_wpa_assoc_frame));
5127 
5128 	err = ipw2100_hw_send_command(priv, &cmd);
5129 
5130 	if (!batch_mode) {
5131 		if (ipw2100_enable_adapter(priv))
5132 			err = -EIO;
5133 	}
5134 
5135 	return err;
5136 }
5137 
5138 struct security_info_params {
5139 	u32 allowed_ciphers;
5140 	u16 version;
5141 	u8 auth_mode;
5142 	u8 replay_counters_number;
5143 	u8 unicast_using_group;
5144 } __packed;
5145 
5146 static int ipw2100_set_security_information(struct ipw2100_priv *priv,
5147 					    int auth_mode,
5148 					    int security_level,
5149 					    int unicast_using_group,
5150 					    int batch_mode)
5151 {
5152 	struct host_command cmd = {
5153 		.host_command = SET_SECURITY_INFORMATION,
5154 		.host_command_sequence = 0,
5155 		.host_command_length = sizeof(struct security_info_params)
5156 	};
5157 	struct security_info_params *security =
5158 	    (struct security_info_params *)&cmd.host_command_parameters;
5159 	int err;
5160 	memset(security, 0, sizeof(*security));
5161 
5162 	/* If shared key AP authentication is turned on, then we need to
5163 	 * configure the firmware to try and use it.
5164 	 *
5165 	 * Actual data encryption/decryption is handled by the host. */
5166 	security->auth_mode = auth_mode;
5167 	security->unicast_using_group = unicast_using_group;
5168 
5169 	switch (security_level) {
5170 	default:
5171 	case SEC_LEVEL_0:
5172 		security->allowed_ciphers = IPW_NONE_CIPHER;
5173 		break;
5174 	case SEC_LEVEL_1:
5175 		security->allowed_ciphers = IPW_WEP40_CIPHER |
5176 		    IPW_WEP104_CIPHER;
5177 		break;
5178 	case SEC_LEVEL_2:
5179 		security->allowed_ciphers = IPW_WEP40_CIPHER |
5180 		    IPW_WEP104_CIPHER | IPW_TKIP_CIPHER;
5181 		break;
5182 	case SEC_LEVEL_2_CKIP:
5183 		security->allowed_ciphers = IPW_WEP40_CIPHER |
5184 		    IPW_WEP104_CIPHER | IPW_CKIP_CIPHER;
5185 		break;
5186 	case SEC_LEVEL_3:
5187 		security->allowed_ciphers = IPW_WEP40_CIPHER |
5188 		    IPW_WEP104_CIPHER | IPW_TKIP_CIPHER | IPW_CCMP_CIPHER;
5189 		break;
5190 	}
5191 
5192 	IPW_DEBUG_HC
5193 	    ("SET_SECURITY_INFORMATION: auth:%d cipher:0x%02X (level %d)\n",
5194 	     security->auth_mode, security->allowed_ciphers, security_level);
5195 
5196 	security->replay_counters_number = 0;
5197 
5198 	if (!batch_mode) {
5199 		err = ipw2100_disable_adapter(priv);
5200 		if (err)
5201 			return err;
5202 	}
5203 
5204 	err = ipw2100_hw_send_command(priv, &cmd);
5205 
5206 	if (!batch_mode)
5207 		ipw2100_enable_adapter(priv);
5208 
5209 	return err;
5210 }
5211 
5212 static int ipw2100_set_tx_power(struct ipw2100_priv *priv, u32 tx_power)
5213 {
5214 	struct host_command cmd = {
5215 		.host_command = TX_POWER_INDEX,
5216 		.host_command_sequence = 0,
5217 		.host_command_length = 4
5218 	};
5219 	int err = 0;
5220 	u32 tmp = tx_power;
5221 
5222 	if (tx_power != IPW_TX_POWER_DEFAULT)
5223 		tmp = (tx_power - IPW_TX_POWER_MIN_DBM) * 16 /
5224 		      (IPW_TX_POWER_MAX_DBM - IPW_TX_POWER_MIN_DBM);
5225 
5226 	cmd.host_command_parameters[0] = tmp;
5227 
5228 	if (priv->ieee->iw_mode == IW_MODE_ADHOC)
5229 		err = ipw2100_hw_send_command(priv, &cmd);
5230 	if (!err)
5231 		priv->tx_power = tx_power;
5232 
5233 	return 0;
5234 }
5235 
5236 static int ipw2100_set_ibss_beacon_interval(struct ipw2100_priv *priv,
5237 					    u32 interval, int batch_mode)
5238 {
5239 	struct host_command cmd = {
5240 		.host_command = BEACON_INTERVAL,
5241 		.host_command_sequence = 0,
5242 		.host_command_length = 4
5243 	};
5244 	int err;
5245 
5246 	cmd.host_command_parameters[0] = interval;
5247 
5248 	IPW_DEBUG_INFO("enter\n");
5249 
5250 	if (priv->ieee->iw_mode == IW_MODE_ADHOC) {
5251 		if (!batch_mode) {
5252 			err = ipw2100_disable_adapter(priv);
5253 			if (err)
5254 				return err;
5255 		}
5256 
5257 		ipw2100_hw_send_command(priv, &cmd);
5258 
5259 		if (!batch_mode) {
5260 			err = ipw2100_enable_adapter(priv);
5261 			if (err)
5262 				return err;
5263 		}
5264 	}
5265 
5266 	IPW_DEBUG_INFO("exit\n");
5267 
5268 	return 0;
5269 }
5270 
5271 static void ipw2100_queues_initialize(struct ipw2100_priv *priv)
5272 {
5273 	ipw2100_tx_initialize(priv);
5274 	ipw2100_rx_initialize(priv);
5275 	ipw2100_msg_initialize(priv);
5276 }
5277 
5278 static void ipw2100_queues_free(struct ipw2100_priv *priv)
5279 {
5280 	ipw2100_tx_free(priv);
5281 	ipw2100_rx_free(priv);
5282 	ipw2100_msg_free(priv);
5283 }
5284 
5285 static int ipw2100_queues_allocate(struct ipw2100_priv *priv)
5286 {
5287 	if (ipw2100_tx_allocate(priv) ||
5288 	    ipw2100_rx_allocate(priv) || ipw2100_msg_allocate(priv))
5289 		goto fail;
5290 
5291 	return 0;
5292 
5293       fail:
5294 	ipw2100_tx_free(priv);
5295 	ipw2100_rx_free(priv);
5296 	ipw2100_msg_free(priv);
5297 	return -ENOMEM;
5298 }
5299 
5300 #define IPW_PRIVACY_CAPABLE 0x0008
5301 
5302 static int ipw2100_set_wep_flags(struct ipw2100_priv *priv, u32 flags,
5303 				 int batch_mode)
5304 {
5305 	struct host_command cmd = {
5306 		.host_command = WEP_FLAGS,
5307 		.host_command_sequence = 0,
5308 		.host_command_length = 4
5309 	};
5310 	int err;
5311 
5312 	cmd.host_command_parameters[0] = flags;
5313 
5314 	IPW_DEBUG_HC("WEP_FLAGS: flags = 0x%08X\n", flags);
5315 
5316 	if (!batch_mode) {
5317 		err = ipw2100_disable_adapter(priv);
5318 		if (err) {
5319 			printk(KERN_ERR DRV_NAME
5320 			       ": %s: Could not disable adapter %d\n",
5321 			       priv->net_dev->name, err);
5322 			return err;
5323 		}
5324 	}
5325 
5326 	/* send cmd to firmware */
5327 	err = ipw2100_hw_send_command(priv, &cmd);
5328 
5329 	if (!batch_mode)
5330 		ipw2100_enable_adapter(priv);
5331 
5332 	return err;
5333 }
5334 
5335 struct ipw2100_wep_key {
5336 	u8 idx;
5337 	u8 len;
5338 	u8 key[13];
5339 };
5340 
5341 /* Macros to ease up priting WEP keys */
5342 #define WEP_FMT_64  "%02X%02X%02X%02X-%02X"
5343 #define WEP_FMT_128 "%02X%02X%02X%02X-%02X%02X%02X%02X-%02X%02X%02X"
5344 #define WEP_STR_64(x) x[0],x[1],x[2],x[3],x[4]
5345 #define WEP_STR_128(x) x[0],x[1],x[2],x[3],x[4],x[5],x[6],x[7],x[8],x[9],x[10]
5346 
5347 /**
5348  * ipw2100_set_key() - Set a the wep key
5349  *
5350  * @priv: struct to work on
5351  * @idx: index of the key we want to set
5352  * @key: ptr to the key data to set
5353  * @len: length of the buffer at @key
5354  * @batch_mode: FIXME perform the operation in batch mode, not
5355  *              disabling the device.
5356  *
5357  * @returns 0 if OK, < 0 errno code on error.
5358  *
5359  * Fill out a command structure with the new wep key, length an
5360  * index and send it down the wire.
5361  */
5362 static int ipw2100_set_key(struct ipw2100_priv *priv,
5363 			   int idx, char *key, int len, int batch_mode)
5364 {
5365 	int keylen = len ? (len <= 5 ? 5 : 13) : 0;
5366 	struct host_command cmd = {
5367 		.host_command = WEP_KEY_INFO,
5368 		.host_command_sequence = 0,
5369 		.host_command_length = sizeof(struct ipw2100_wep_key),
5370 	};
5371 	struct ipw2100_wep_key *wep_key = (void *)cmd.host_command_parameters;
5372 	int err;
5373 
5374 	IPW_DEBUG_HC("WEP_KEY_INFO: index = %d, len = %d/%d\n",
5375 		     idx, keylen, len);
5376 
5377 	/* NOTE: We don't check cached values in case the firmware was reset
5378 	 * or some other problem is occurring.  If the user is setting the key,
5379 	 * then we push the change */
5380 
5381 	wep_key->idx = idx;
5382 	wep_key->len = keylen;
5383 
5384 	if (keylen) {
5385 		memcpy(wep_key->key, key, len);
5386 		memset(wep_key->key + len, 0, keylen - len);
5387 	}
5388 
5389 	/* Will be optimized out on debug not being configured in */
5390 	if (keylen == 0)
5391 		IPW_DEBUG_WEP("%s: Clearing key %d\n",
5392 			      priv->net_dev->name, wep_key->idx);
5393 	else if (keylen == 5)
5394 		IPW_DEBUG_WEP("%s: idx: %d, len: %d key: " WEP_FMT_64 "\n",
5395 			      priv->net_dev->name, wep_key->idx, wep_key->len,
5396 			      WEP_STR_64(wep_key->key));
5397 	else
5398 		IPW_DEBUG_WEP("%s: idx: %d, len: %d key: " WEP_FMT_128
5399 			      "\n",
5400 			      priv->net_dev->name, wep_key->idx, wep_key->len,
5401 			      WEP_STR_128(wep_key->key));
5402 
5403 	if (!batch_mode) {
5404 		err = ipw2100_disable_adapter(priv);
5405 		/* FIXME: IPG: shouldn't this prink be in _disable_adapter()? */
5406 		if (err) {
5407 			printk(KERN_ERR DRV_NAME
5408 			       ": %s: Could not disable adapter %d\n",
5409 			       priv->net_dev->name, err);
5410 			return err;
5411 		}
5412 	}
5413 
5414 	/* send cmd to firmware */
5415 	err = ipw2100_hw_send_command(priv, &cmd);
5416 
5417 	if (!batch_mode) {
5418 		int err2 = ipw2100_enable_adapter(priv);
5419 		if (err == 0)
5420 			err = err2;
5421 	}
5422 	return err;
5423 }
5424 
5425 static int ipw2100_set_key_index(struct ipw2100_priv *priv,
5426 				 int idx, int batch_mode)
5427 {
5428 	struct host_command cmd = {
5429 		.host_command = WEP_KEY_INDEX,
5430 		.host_command_sequence = 0,
5431 		.host_command_length = 4,
5432 		.host_command_parameters = {idx},
5433 	};
5434 	int err;
5435 
5436 	IPW_DEBUG_HC("WEP_KEY_INDEX: index = %d\n", idx);
5437 
5438 	if (idx < 0 || idx > 3)
5439 		return -EINVAL;
5440 
5441 	if (!batch_mode) {
5442 		err = ipw2100_disable_adapter(priv);
5443 		if (err) {
5444 			printk(KERN_ERR DRV_NAME
5445 			       ": %s: Could not disable adapter %d\n",
5446 			       priv->net_dev->name, err);
5447 			return err;
5448 		}
5449 	}
5450 
5451 	/* send cmd to firmware */
5452 	err = ipw2100_hw_send_command(priv, &cmd);
5453 
5454 	if (!batch_mode)
5455 		ipw2100_enable_adapter(priv);
5456 
5457 	return err;
5458 }
5459 
5460 static int ipw2100_configure_security(struct ipw2100_priv *priv, int batch_mode)
5461 {
5462 	int i, err, auth_mode, sec_level, use_group;
5463 
5464 	if (!(priv->status & STATUS_RUNNING))
5465 		return 0;
5466 
5467 	if (!batch_mode) {
5468 		err = ipw2100_disable_adapter(priv);
5469 		if (err)
5470 			return err;
5471 	}
5472 
5473 	if (!priv->ieee->sec.enabled) {
5474 		err =
5475 		    ipw2100_set_security_information(priv, IPW_AUTH_OPEN,
5476 						     SEC_LEVEL_0, 0, 1);
5477 	} else {
5478 		auth_mode = IPW_AUTH_OPEN;
5479 		if (priv->ieee->sec.flags & SEC_AUTH_MODE) {
5480 			if (priv->ieee->sec.auth_mode == WLAN_AUTH_SHARED_KEY)
5481 				auth_mode = IPW_AUTH_SHARED;
5482 			else if (priv->ieee->sec.auth_mode == WLAN_AUTH_LEAP)
5483 				auth_mode = IPW_AUTH_LEAP_CISCO_ID;
5484 		}
5485 
5486 		sec_level = SEC_LEVEL_0;
5487 		if (priv->ieee->sec.flags & SEC_LEVEL)
5488 			sec_level = priv->ieee->sec.level;
5489 
5490 		use_group = 0;
5491 		if (priv->ieee->sec.flags & SEC_UNICAST_GROUP)
5492 			use_group = priv->ieee->sec.unicast_uses_group;
5493 
5494 		err =
5495 		    ipw2100_set_security_information(priv, auth_mode, sec_level,
5496 						     use_group, 1);
5497 	}
5498 
5499 	if (err)
5500 		goto exit;
5501 
5502 	if (priv->ieee->sec.enabled) {
5503 		for (i = 0; i < 4; i++) {
5504 			if (!(priv->ieee->sec.flags & (1 << i))) {
5505 				memset(priv->ieee->sec.keys[i], 0, WEP_KEY_LEN);
5506 				priv->ieee->sec.key_sizes[i] = 0;
5507 			} else {
5508 				err = ipw2100_set_key(priv, i,
5509 						      priv->ieee->sec.keys[i],
5510 						      priv->ieee->sec.
5511 						      key_sizes[i], 1);
5512 				if (err)
5513 					goto exit;
5514 			}
5515 		}
5516 
5517 		ipw2100_set_key_index(priv, priv->ieee->crypt_info.tx_keyidx, 1);
5518 	}
5519 
5520 	/* Always enable privacy so the Host can filter WEP packets if
5521 	 * encrypted data is sent up */
5522 	err =
5523 	    ipw2100_set_wep_flags(priv,
5524 				  priv->ieee->sec.
5525 				  enabled ? IPW_PRIVACY_CAPABLE : 0, 1);
5526 	if (err)
5527 		goto exit;
5528 
5529 	priv->status &= ~STATUS_SECURITY_UPDATED;
5530 
5531       exit:
5532 	if (!batch_mode)
5533 		ipw2100_enable_adapter(priv);
5534 
5535 	return err;
5536 }
5537 
5538 static void ipw2100_security_work(struct work_struct *work)
5539 {
5540 	struct ipw2100_priv *priv =
5541 		container_of(work, struct ipw2100_priv, security_work.work);
5542 
5543 	/* If we happen to have reconnected before we get a chance to
5544 	 * process this, then update the security settings--which causes
5545 	 * a disassociation to occur */
5546 	if (!(priv->status & STATUS_ASSOCIATED) &&
5547 	    priv->status & STATUS_SECURITY_UPDATED)
5548 		ipw2100_configure_security(priv, 0);
5549 }
5550 
5551 static void shim__set_security(struct net_device *dev,
5552 			       struct libipw_security *sec)
5553 {
5554 	struct ipw2100_priv *priv = libipw_priv(dev);
5555 	int i;
5556 
5557 	mutex_lock(&priv->action_mutex);
5558 	if (!(priv->status & STATUS_INITIALIZED))
5559 		goto done;
5560 
5561 	for (i = 0; i < 4; i++) {
5562 		if (sec->flags & (1 << i)) {
5563 			priv->ieee->sec.key_sizes[i] = sec->key_sizes[i];
5564 			if (sec->key_sizes[i] == 0)
5565 				priv->ieee->sec.flags &= ~(1 << i);
5566 			else
5567 				memcpy(priv->ieee->sec.keys[i], sec->keys[i],
5568 				       sec->key_sizes[i]);
5569 			if (sec->level == SEC_LEVEL_1) {
5570 				priv->ieee->sec.flags |= (1 << i);
5571 				priv->status |= STATUS_SECURITY_UPDATED;
5572 			} else
5573 				priv->ieee->sec.flags &= ~(1 << i);
5574 		}
5575 	}
5576 
5577 	if ((sec->flags & SEC_ACTIVE_KEY) &&
5578 	    priv->ieee->sec.active_key != sec->active_key) {
5579 		priv->ieee->sec.active_key = sec->active_key;
5580 		priv->ieee->sec.flags |= SEC_ACTIVE_KEY;
5581 		priv->status |= STATUS_SECURITY_UPDATED;
5582 	}
5583 
5584 	if ((sec->flags & SEC_AUTH_MODE) &&
5585 	    (priv->ieee->sec.auth_mode != sec->auth_mode)) {
5586 		priv->ieee->sec.auth_mode = sec->auth_mode;
5587 		priv->ieee->sec.flags |= SEC_AUTH_MODE;
5588 		priv->status |= STATUS_SECURITY_UPDATED;
5589 	}
5590 
5591 	if (sec->flags & SEC_ENABLED && priv->ieee->sec.enabled != sec->enabled) {
5592 		priv->ieee->sec.flags |= SEC_ENABLED;
5593 		priv->ieee->sec.enabled = sec->enabled;
5594 		priv->status |= STATUS_SECURITY_UPDATED;
5595 	}
5596 
5597 	if (sec->flags & SEC_ENCRYPT)
5598 		priv->ieee->sec.encrypt = sec->encrypt;
5599 
5600 	if (sec->flags & SEC_LEVEL && priv->ieee->sec.level != sec->level) {
5601 		priv->ieee->sec.level = sec->level;
5602 		priv->ieee->sec.flags |= SEC_LEVEL;
5603 		priv->status |= STATUS_SECURITY_UPDATED;
5604 	}
5605 
5606 	IPW_DEBUG_WEP("Security flags: %c %c%c%c%c %c%c%c%c\n",
5607 		      priv->ieee->sec.flags & (1 << 8) ? '1' : '0',
5608 		      priv->ieee->sec.flags & (1 << 7) ? '1' : '0',
5609 		      priv->ieee->sec.flags & (1 << 6) ? '1' : '0',
5610 		      priv->ieee->sec.flags & (1 << 5) ? '1' : '0',
5611 		      priv->ieee->sec.flags & (1 << 4) ? '1' : '0',
5612 		      priv->ieee->sec.flags & (1 << 3) ? '1' : '0',
5613 		      priv->ieee->sec.flags & (1 << 2) ? '1' : '0',
5614 		      priv->ieee->sec.flags & (1 << 1) ? '1' : '0',
5615 		      priv->ieee->sec.flags & (1 << 0) ? '1' : '0');
5616 
5617 /* As a temporary work around to enable WPA until we figure out why
5618  * wpa_supplicant toggles the security capability of the driver, which
5619  * forces a disassociation with force_update...
5620  *
5621  *	if (force_update || !(priv->status & STATUS_ASSOCIATED))*/
5622 	if (!(priv->status & (STATUS_ASSOCIATED | STATUS_ASSOCIATING)))
5623 		ipw2100_configure_security(priv, 0);
5624       done:
5625 	mutex_unlock(&priv->action_mutex);
5626 }
5627 
5628 static int ipw2100_adapter_setup(struct ipw2100_priv *priv)
5629 {
5630 	int err;
5631 	int batch_mode = 1;
5632 	u8 *bssid;
5633 
5634 	IPW_DEBUG_INFO("enter\n");
5635 
5636 	err = ipw2100_disable_adapter(priv);
5637 	if (err)
5638 		return err;
5639 #ifdef CONFIG_IPW2100_MONITOR
5640 	if (priv->ieee->iw_mode == IW_MODE_MONITOR) {
5641 		err = ipw2100_set_channel(priv, priv->channel, batch_mode);
5642 		if (err)
5643 			return err;
5644 
5645 		IPW_DEBUG_INFO("exit\n");
5646 
5647 		return 0;
5648 	}
5649 #endif				/* CONFIG_IPW2100_MONITOR */
5650 
5651 	err = ipw2100_read_mac_address(priv);
5652 	if (err)
5653 		return -EIO;
5654 
5655 	err = ipw2100_set_mac_address(priv, batch_mode);
5656 	if (err)
5657 		return err;
5658 
5659 	err = ipw2100_set_port_type(priv, priv->ieee->iw_mode, batch_mode);
5660 	if (err)
5661 		return err;
5662 
5663 	if (priv->ieee->iw_mode == IW_MODE_ADHOC) {
5664 		err = ipw2100_set_channel(priv, priv->channel, batch_mode);
5665 		if (err)
5666 			return err;
5667 	}
5668 
5669 	err = ipw2100_system_config(priv, batch_mode);
5670 	if (err)
5671 		return err;
5672 
5673 	err = ipw2100_set_tx_rates(priv, priv->tx_rates, batch_mode);
5674 	if (err)
5675 		return err;
5676 
5677 	/* Default to power mode OFF */
5678 	err = ipw2100_set_power_mode(priv, IPW_POWER_MODE_CAM);
5679 	if (err)
5680 		return err;
5681 
5682 	err = ipw2100_set_rts_threshold(priv, priv->rts_threshold);
5683 	if (err)
5684 		return err;
5685 
5686 	if (priv->config & CFG_STATIC_BSSID)
5687 		bssid = priv->bssid;
5688 	else
5689 		bssid = NULL;
5690 	err = ipw2100_set_mandatory_bssid(priv, bssid, batch_mode);
5691 	if (err)
5692 		return err;
5693 
5694 	if (priv->config & CFG_STATIC_ESSID)
5695 		err = ipw2100_set_essid(priv, priv->essid, priv->essid_len,
5696 					batch_mode);
5697 	else
5698 		err = ipw2100_set_essid(priv, NULL, 0, batch_mode);
5699 	if (err)
5700 		return err;
5701 
5702 	err = ipw2100_configure_security(priv, batch_mode);
5703 	if (err)
5704 		return err;
5705 
5706 	if (priv->ieee->iw_mode == IW_MODE_ADHOC) {
5707 		err =
5708 		    ipw2100_set_ibss_beacon_interval(priv,
5709 						     priv->beacon_interval,
5710 						     batch_mode);
5711 		if (err)
5712 			return err;
5713 
5714 		err = ipw2100_set_tx_power(priv, priv->tx_power);
5715 		if (err)
5716 			return err;
5717 	}
5718 
5719 	/*
5720 	   err = ipw2100_set_fragmentation_threshold(
5721 	   priv, priv->frag_threshold, batch_mode);
5722 	   if (err)
5723 	   return err;
5724 	 */
5725 
5726 	IPW_DEBUG_INFO("exit\n");
5727 
5728 	return 0;
5729 }
5730 
5731 /*************************************************************************
5732  *
5733  * EXTERNALLY CALLED METHODS
5734  *
5735  *************************************************************************/
5736 
5737 /* This method is called by the network layer -- not to be confused with
5738  * ipw2100_set_mac_address() declared above called by this driver (and this
5739  * method as well) to talk to the firmware */
5740 static int ipw2100_set_address(struct net_device *dev, void *p)
5741 {
5742 	struct ipw2100_priv *priv = libipw_priv(dev);
5743 	struct sockaddr *addr = p;
5744 	int err = 0;
5745 
5746 	if (!is_valid_ether_addr(addr->sa_data))
5747 		return -EADDRNOTAVAIL;
5748 
5749 	mutex_lock(&priv->action_mutex);
5750 
5751 	priv->config |= CFG_CUSTOM_MAC;
5752 	memcpy(priv->mac_addr, addr->sa_data, ETH_ALEN);
5753 
5754 	err = ipw2100_set_mac_address(priv, 0);
5755 	if (err)
5756 		goto done;
5757 
5758 	priv->reset_backoff = 0;
5759 	mutex_unlock(&priv->action_mutex);
5760 	ipw2100_reset_adapter(&priv->reset_work.work);
5761 	return 0;
5762 
5763       done:
5764 	mutex_unlock(&priv->action_mutex);
5765 	return err;
5766 }
5767 
5768 static int ipw2100_open(struct net_device *dev)
5769 {
5770 	struct ipw2100_priv *priv = libipw_priv(dev);
5771 	unsigned long flags;
5772 	IPW_DEBUG_INFO("dev->open\n");
5773 
5774 	spin_lock_irqsave(&priv->low_lock, flags);
5775 	if (priv->status & STATUS_ASSOCIATED) {
5776 		netif_carrier_on(dev);
5777 		netif_start_queue(dev);
5778 	}
5779 	spin_unlock_irqrestore(&priv->low_lock, flags);
5780 
5781 	return 0;
5782 }
5783 
5784 static int ipw2100_close(struct net_device *dev)
5785 {
5786 	struct ipw2100_priv *priv = libipw_priv(dev);
5787 	unsigned long flags;
5788 	struct list_head *element;
5789 	struct ipw2100_tx_packet *packet;
5790 
5791 	IPW_DEBUG_INFO("enter\n");
5792 
5793 	spin_lock_irqsave(&priv->low_lock, flags);
5794 
5795 	if (priv->status & STATUS_ASSOCIATED)
5796 		netif_carrier_off(dev);
5797 	netif_stop_queue(dev);
5798 
5799 	/* Flush the TX queue ... */
5800 	while (!list_empty(&priv->tx_pend_list)) {
5801 		element = priv->tx_pend_list.next;
5802 		packet = list_entry(element, struct ipw2100_tx_packet, list);
5803 
5804 		list_del(element);
5805 		DEC_STAT(&priv->tx_pend_stat);
5806 
5807 		libipw_txb_free(packet->info.d_struct.txb);
5808 		packet->info.d_struct.txb = NULL;
5809 
5810 		list_add_tail(element, &priv->tx_free_list);
5811 		INC_STAT(&priv->tx_free_stat);
5812 	}
5813 	spin_unlock_irqrestore(&priv->low_lock, flags);
5814 
5815 	IPW_DEBUG_INFO("exit\n");
5816 
5817 	return 0;
5818 }
5819 
5820 /*
5821  * TODO:  Fix this function... its just wrong
5822  */
5823 static void ipw2100_tx_timeout(struct net_device *dev, unsigned int txqueue)
5824 {
5825 	struct ipw2100_priv *priv = libipw_priv(dev);
5826 
5827 	dev->stats.tx_errors++;
5828 
5829 #ifdef CONFIG_IPW2100_MONITOR
5830 	if (priv->ieee->iw_mode == IW_MODE_MONITOR)
5831 		return;
5832 #endif
5833 
5834 	IPW_DEBUG_INFO("%s: TX timed out.  Scheduling firmware restart.\n",
5835 		       dev->name);
5836 	schedule_reset(priv);
5837 }
5838 
5839 static int ipw2100_wpa_enable(struct ipw2100_priv *priv, int value)
5840 {
5841 	/* This is called when wpa_supplicant loads and closes the driver
5842 	 * interface. */
5843 	priv->ieee->wpa_enabled = value;
5844 	return 0;
5845 }
5846 
5847 static int ipw2100_wpa_set_auth_algs(struct ipw2100_priv *priv, int value)
5848 {
5849 
5850 	struct libipw_device *ieee = priv->ieee;
5851 	struct libipw_security sec = {
5852 		.flags = SEC_AUTH_MODE,
5853 	};
5854 	int ret = 0;
5855 
5856 	if (value & IW_AUTH_ALG_SHARED_KEY) {
5857 		sec.auth_mode = WLAN_AUTH_SHARED_KEY;
5858 		ieee->open_wep = 0;
5859 	} else if (value & IW_AUTH_ALG_OPEN_SYSTEM) {
5860 		sec.auth_mode = WLAN_AUTH_OPEN;
5861 		ieee->open_wep = 1;
5862 	} else if (value & IW_AUTH_ALG_LEAP) {
5863 		sec.auth_mode = WLAN_AUTH_LEAP;
5864 		ieee->open_wep = 1;
5865 	} else
5866 		return -EINVAL;
5867 
5868 	if (ieee->set_security)
5869 		ieee->set_security(ieee->dev, &sec);
5870 	else
5871 		ret = -EOPNOTSUPP;
5872 
5873 	return ret;
5874 }
5875 
5876 static void ipw2100_wpa_assoc_frame(struct ipw2100_priv *priv,
5877 				    char *wpa_ie, int wpa_ie_len)
5878 {
5879 
5880 	struct ipw2100_wpa_assoc_frame frame;
5881 
5882 	frame.fixed_ie_mask = 0;
5883 
5884 	/* copy WPA IE */
5885 	memcpy(frame.var_ie, wpa_ie, wpa_ie_len);
5886 	frame.var_ie_len = wpa_ie_len;
5887 
5888 	/* make sure WPA is enabled */
5889 	ipw2100_wpa_enable(priv, 1);
5890 	ipw2100_set_wpa_ie(priv, &frame, 0);
5891 }
5892 
5893 static void ipw_ethtool_get_drvinfo(struct net_device *dev,
5894 				    struct ethtool_drvinfo *info)
5895 {
5896 	struct ipw2100_priv *priv = libipw_priv(dev);
5897 	char fw_ver[64], ucode_ver[64];
5898 
5899 	strscpy(info->driver, DRV_NAME, sizeof(info->driver));
5900 	strscpy(info->version, DRV_VERSION, sizeof(info->version));
5901 
5902 	ipw2100_get_fwversion(priv, fw_ver, sizeof(fw_ver));
5903 	ipw2100_get_ucodeversion(priv, ucode_ver, sizeof(ucode_ver));
5904 
5905 	snprintf(info->fw_version, sizeof(info->fw_version), "%s:%d:%s",
5906 		 fw_ver, priv->eeprom_version, ucode_ver);
5907 
5908 	strscpy(info->bus_info, pci_name(priv->pci_dev),
5909 		sizeof(info->bus_info));
5910 }
5911 
5912 static u32 ipw2100_ethtool_get_link(struct net_device *dev)
5913 {
5914 	struct ipw2100_priv *priv = libipw_priv(dev);
5915 	return (priv->status & STATUS_ASSOCIATED) ? 1 : 0;
5916 }
5917 
5918 static const struct ethtool_ops ipw2100_ethtool_ops = {
5919 	.get_link = ipw2100_ethtool_get_link,
5920 	.get_drvinfo = ipw_ethtool_get_drvinfo,
5921 };
5922 
5923 static void ipw2100_hang_check(struct work_struct *work)
5924 {
5925 	struct ipw2100_priv *priv =
5926 		container_of(work, struct ipw2100_priv, hang_check.work);
5927 	unsigned long flags;
5928 	u32 rtc = 0xa5a5a5a5;
5929 	u32 len = sizeof(rtc);
5930 	int restart = 0;
5931 
5932 	spin_lock_irqsave(&priv->low_lock, flags);
5933 
5934 	if (priv->fatal_error != 0) {
5935 		/* If fatal_error is set then we need to restart */
5936 		IPW_DEBUG_INFO("%s: Hardware fatal error detected.\n",
5937 			       priv->net_dev->name);
5938 
5939 		restart = 1;
5940 	} else if (ipw2100_get_ordinal(priv, IPW_ORD_RTC_TIME, &rtc, &len) ||
5941 		   (rtc == priv->last_rtc)) {
5942 		/* Check if firmware is hung */
5943 		IPW_DEBUG_INFO("%s: Firmware RTC stalled.\n",
5944 			       priv->net_dev->name);
5945 
5946 		restart = 1;
5947 	}
5948 
5949 	if (restart) {
5950 		/* Kill timer */
5951 		priv->stop_hang_check = 1;
5952 		priv->hangs++;
5953 
5954 		/* Restart the NIC */
5955 		schedule_reset(priv);
5956 	}
5957 
5958 	priv->last_rtc = rtc;
5959 
5960 	if (!priv->stop_hang_check)
5961 		schedule_delayed_work(&priv->hang_check, HZ / 2);
5962 
5963 	spin_unlock_irqrestore(&priv->low_lock, flags);
5964 }
5965 
5966 static void ipw2100_rf_kill(struct work_struct *work)
5967 {
5968 	struct ipw2100_priv *priv =
5969 		container_of(work, struct ipw2100_priv, rf_kill.work);
5970 	unsigned long flags;
5971 
5972 	spin_lock_irqsave(&priv->low_lock, flags);
5973 
5974 	if (rf_kill_active(priv)) {
5975 		IPW_DEBUG_RF_KILL("RF Kill active, rescheduling GPIO check\n");
5976 		if (!priv->stop_rf_kill)
5977 			schedule_delayed_work(&priv->rf_kill,
5978 					      round_jiffies_relative(HZ));
5979 		goto exit_unlock;
5980 	}
5981 
5982 	/* RF Kill is now disabled, so bring the device back up */
5983 
5984 	if (!(priv->status & STATUS_RF_KILL_MASK)) {
5985 		IPW_DEBUG_RF_KILL("HW RF Kill no longer active, restarting "
5986 				  "device\n");
5987 		schedule_reset(priv);
5988 	} else
5989 		IPW_DEBUG_RF_KILL("HW RF Kill deactivated.  SW RF Kill still "
5990 				  "enabled\n");
5991 
5992       exit_unlock:
5993 	spin_unlock_irqrestore(&priv->low_lock, flags);
5994 }
5995 
5996 static void ipw2100_irq_tasklet(struct tasklet_struct *t);
5997 
5998 static const struct net_device_ops ipw2100_netdev_ops = {
5999 	.ndo_open		= ipw2100_open,
6000 	.ndo_stop		= ipw2100_close,
6001 	.ndo_start_xmit		= libipw_xmit,
6002 	.ndo_tx_timeout		= ipw2100_tx_timeout,
6003 	.ndo_set_mac_address	= ipw2100_set_address,
6004 	.ndo_validate_addr	= eth_validate_addr,
6005 };
6006 
6007 /* Look into using netdev destructor to shutdown libipw? */
6008 
6009 static struct net_device *ipw2100_alloc_device(struct pci_dev *pci_dev,
6010 					       void __iomem * ioaddr)
6011 {
6012 	struct ipw2100_priv *priv;
6013 	struct net_device *dev;
6014 
6015 	dev = alloc_libipw(sizeof(struct ipw2100_priv), 0);
6016 	if (!dev)
6017 		return NULL;
6018 	priv = libipw_priv(dev);
6019 	priv->ieee = netdev_priv(dev);
6020 	priv->pci_dev = pci_dev;
6021 	priv->net_dev = dev;
6022 	priv->ioaddr = ioaddr;
6023 
6024 	priv->ieee->hard_start_xmit = ipw2100_tx;
6025 	priv->ieee->set_security = shim__set_security;
6026 
6027 	priv->ieee->perfect_rssi = -20;
6028 	priv->ieee->worst_rssi = -85;
6029 
6030 	dev->netdev_ops = &ipw2100_netdev_ops;
6031 	dev->ethtool_ops = &ipw2100_ethtool_ops;
6032 	dev->wireless_handlers = &ipw2100_wx_handler_def;
6033 	priv->wireless_data.libipw = priv->ieee;
6034 	dev->wireless_data = &priv->wireless_data;
6035 	dev->watchdog_timeo = 3 * HZ;
6036 	dev->irq = 0;
6037 	dev->min_mtu = 68;
6038 	dev->max_mtu = LIBIPW_DATA_LEN;
6039 
6040 	/* NOTE: We don't use the wireless_handlers hook
6041 	 * in dev as the system will start throwing WX requests
6042 	 * to us before we're actually initialized and it just
6043 	 * ends up causing problems.  So, we just handle
6044 	 * the WX extensions through the ipw2100_ioctl interface */
6045 
6046 	/* memset() puts everything to 0, so we only have explicitly set
6047 	 * those values that need to be something else */
6048 
6049 	/* If power management is turned on, default to AUTO mode */
6050 	priv->power_mode = IPW_POWER_AUTO;
6051 
6052 #ifdef CONFIG_IPW2100_MONITOR
6053 	priv->config |= CFG_CRC_CHECK;
6054 #endif
6055 	priv->ieee->wpa_enabled = 0;
6056 	priv->ieee->drop_unencrypted = 0;
6057 	priv->ieee->privacy_invoked = 0;
6058 	priv->ieee->ieee802_1x = 1;
6059 
6060 	/* Set module parameters */
6061 	switch (network_mode) {
6062 	case 1:
6063 		priv->ieee->iw_mode = IW_MODE_ADHOC;
6064 		break;
6065 #ifdef CONFIG_IPW2100_MONITOR
6066 	case 2:
6067 		priv->ieee->iw_mode = IW_MODE_MONITOR;
6068 		break;
6069 #endif
6070 	default:
6071 	case 0:
6072 		priv->ieee->iw_mode = IW_MODE_INFRA;
6073 		break;
6074 	}
6075 
6076 	if (disable == 1)
6077 		priv->status |= STATUS_RF_KILL_SW;
6078 
6079 	if (channel != 0 &&
6080 	    ((channel >= REG_MIN_CHANNEL) && (channel <= REG_MAX_CHANNEL))) {
6081 		priv->config |= CFG_STATIC_CHANNEL;
6082 		priv->channel = channel;
6083 	}
6084 
6085 	if (associate)
6086 		priv->config |= CFG_ASSOCIATE;
6087 
6088 	priv->beacon_interval = DEFAULT_BEACON_INTERVAL;
6089 	priv->short_retry_limit = DEFAULT_SHORT_RETRY_LIMIT;
6090 	priv->long_retry_limit = DEFAULT_LONG_RETRY_LIMIT;
6091 	priv->rts_threshold = DEFAULT_RTS_THRESHOLD | RTS_DISABLED;
6092 	priv->frag_threshold = DEFAULT_FTS | FRAG_DISABLED;
6093 	priv->tx_power = IPW_TX_POWER_DEFAULT;
6094 	priv->tx_rates = DEFAULT_TX_RATES;
6095 
6096 	strcpy(priv->nick, "ipw2100");
6097 
6098 	spin_lock_init(&priv->low_lock);
6099 	mutex_init(&priv->action_mutex);
6100 	mutex_init(&priv->adapter_mutex);
6101 
6102 	init_waitqueue_head(&priv->wait_command_queue);
6103 
6104 	netif_carrier_off(dev);
6105 
6106 	INIT_LIST_HEAD(&priv->msg_free_list);
6107 	INIT_LIST_HEAD(&priv->msg_pend_list);
6108 	INIT_STAT(&priv->msg_free_stat);
6109 	INIT_STAT(&priv->msg_pend_stat);
6110 
6111 	INIT_LIST_HEAD(&priv->tx_free_list);
6112 	INIT_LIST_HEAD(&priv->tx_pend_list);
6113 	INIT_STAT(&priv->tx_free_stat);
6114 	INIT_STAT(&priv->tx_pend_stat);
6115 
6116 	INIT_LIST_HEAD(&priv->fw_pend_list);
6117 	INIT_STAT(&priv->fw_pend_stat);
6118 
6119 	INIT_DELAYED_WORK(&priv->reset_work, ipw2100_reset_adapter);
6120 	INIT_DELAYED_WORK(&priv->security_work, ipw2100_security_work);
6121 	INIT_DELAYED_WORK(&priv->wx_event_work, ipw2100_wx_event_work);
6122 	INIT_DELAYED_WORK(&priv->hang_check, ipw2100_hang_check);
6123 	INIT_DELAYED_WORK(&priv->rf_kill, ipw2100_rf_kill);
6124 	INIT_DELAYED_WORK(&priv->scan_event, ipw2100_scan_event);
6125 
6126 	tasklet_setup(&priv->irq_tasklet, ipw2100_irq_tasklet);
6127 
6128 	/* NOTE:  We do not start the deferred work for status checks yet */
6129 	priv->stop_rf_kill = 1;
6130 	priv->stop_hang_check = 1;
6131 
6132 	return dev;
6133 }
6134 
6135 static int ipw2100_pci_init_one(struct pci_dev *pci_dev,
6136 				const struct pci_device_id *ent)
6137 {
6138 	void __iomem *ioaddr;
6139 	struct net_device *dev = NULL;
6140 	struct ipw2100_priv *priv = NULL;
6141 	int err = 0;
6142 	int registered = 0;
6143 	u32 val;
6144 
6145 	IPW_DEBUG_INFO("enter\n");
6146 
6147 	if (!(pci_resource_flags(pci_dev, 0) & IORESOURCE_MEM)) {
6148 		IPW_DEBUG_INFO("weird - resource type is not memory\n");
6149 		err = -ENODEV;
6150 		goto out;
6151 	}
6152 
6153 	ioaddr = pci_iomap(pci_dev, 0, 0);
6154 	if (!ioaddr) {
6155 		printk(KERN_WARNING DRV_NAME
6156 		       "Error calling ioremap.\n");
6157 		err = -EIO;
6158 		goto fail;
6159 	}
6160 
6161 	/* allocate and initialize our net_device */
6162 	dev = ipw2100_alloc_device(pci_dev, ioaddr);
6163 	if (!dev) {
6164 		printk(KERN_WARNING DRV_NAME
6165 		       "Error calling ipw2100_alloc_device.\n");
6166 		err = -ENOMEM;
6167 		goto fail;
6168 	}
6169 
6170 	/* set up PCI mappings for device */
6171 	err = pci_enable_device(pci_dev);
6172 	if (err) {
6173 		printk(KERN_WARNING DRV_NAME
6174 		       "Error calling pci_enable_device.\n");
6175 		return err;
6176 	}
6177 
6178 	priv = libipw_priv(dev);
6179 
6180 	pci_set_master(pci_dev);
6181 	pci_set_drvdata(pci_dev, priv);
6182 
6183 	err = dma_set_mask(&pci_dev->dev, DMA_BIT_MASK(32));
6184 	if (err) {
6185 		printk(KERN_WARNING DRV_NAME
6186 		       "Error calling pci_set_dma_mask.\n");
6187 		pci_disable_device(pci_dev);
6188 		return err;
6189 	}
6190 
6191 	err = pci_request_regions(pci_dev, DRV_NAME);
6192 	if (err) {
6193 		printk(KERN_WARNING DRV_NAME
6194 		       "Error calling pci_request_regions.\n");
6195 		pci_disable_device(pci_dev);
6196 		return err;
6197 	}
6198 
6199 	/* We disable the RETRY_TIMEOUT register (0x41) to keep
6200 	 * PCI Tx retries from interfering with C3 CPU state */
6201 	pci_read_config_dword(pci_dev, 0x40, &val);
6202 	if ((val & 0x0000ff00) != 0)
6203 		pci_write_config_dword(pci_dev, 0x40, val & 0xffff00ff);
6204 
6205 	if (!ipw2100_hw_is_adapter_in_system(dev)) {
6206 		printk(KERN_WARNING DRV_NAME
6207 		       "Device not found via register read.\n");
6208 		err = -ENODEV;
6209 		goto fail;
6210 	}
6211 
6212 	SET_NETDEV_DEV(dev, &pci_dev->dev);
6213 
6214 	/* Force interrupts to be shut off on the device */
6215 	priv->status |= STATUS_INT_ENABLED;
6216 	ipw2100_disable_interrupts(priv);
6217 
6218 	/* Allocate and initialize the Tx/Rx queues and lists */
6219 	if (ipw2100_queues_allocate(priv)) {
6220 		printk(KERN_WARNING DRV_NAME
6221 		       "Error calling ipw2100_queues_allocate.\n");
6222 		err = -ENOMEM;
6223 		goto fail;
6224 	}
6225 	ipw2100_queues_initialize(priv);
6226 
6227 	err = request_irq(pci_dev->irq,
6228 			  ipw2100_interrupt, IRQF_SHARED, dev->name, priv);
6229 	if (err) {
6230 		printk(KERN_WARNING DRV_NAME
6231 		       "Error calling request_irq: %d.\n", pci_dev->irq);
6232 		goto fail;
6233 	}
6234 	dev->irq = pci_dev->irq;
6235 
6236 	IPW_DEBUG_INFO("Attempting to register device...\n");
6237 
6238 	printk(KERN_INFO DRV_NAME
6239 	       ": Detected Intel PRO/Wireless 2100 Network Connection\n");
6240 
6241 	err = ipw2100_up(priv, 1);
6242 	if (err)
6243 		goto fail;
6244 
6245 	err = ipw2100_wdev_init(dev);
6246 	if (err)
6247 		goto fail;
6248 	registered = 1;
6249 
6250 	/* Bring up the interface.  Pre 0.46, after we registered the
6251 	 * network device we would call ipw2100_up.  This introduced a race
6252 	 * condition with newer hotplug configurations (network was coming
6253 	 * up and making calls before the device was initialized).
6254 	 */
6255 	err = register_netdev(dev);
6256 	if (err) {
6257 		printk(KERN_WARNING DRV_NAME
6258 		       "Error calling register_netdev.\n");
6259 		goto fail;
6260 	}
6261 	registered = 2;
6262 
6263 	mutex_lock(&priv->action_mutex);
6264 
6265 	IPW_DEBUG_INFO("%s: Bound to %s\n", dev->name, pci_name(pci_dev));
6266 
6267 	/* perform this after register_netdev so that dev->name is set */
6268 	err = sysfs_create_group(&pci_dev->dev.kobj, &ipw2100_attribute_group);
6269 	if (err)
6270 		goto fail_unlock;
6271 
6272 	/* If the RF Kill switch is disabled, go ahead and complete the
6273 	 * startup sequence */
6274 	if (!(priv->status & STATUS_RF_KILL_MASK)) {
6275 		/* Enable the adapter - sends HOST_COMPLETE */
6276 		if (ipw2100_enable_adapter(priv)) {
6277 			printk(KERN_WARNING DRV_NAME
6278 			       ": %s: failed in call to enable adapter.\n",
6279 			       priv->net_dev->name);
6280 			ipw2100_hw_stop_adapter(priv);
6281 			err = -EIO;
6282 			goto fail_unlock;
6283 		}
6284 
6285 		/* Start a scan . . . */
6286 		ipw2100_set_scan_options(priv);
6287 		ipw2100_start_scan(priv);
6288 	}
6289 
6290 	IPW_DEBUG_INFO("exit\n");
6291 
6292 	priv->status |= STATUS_INITIALIZED;
6293 
6294 	mutex_unlock(&priv->action_mutex);
6295 out:
6296 	return err;
6297 
6298       fail_unlock:
6299 	mutex_unlock(&priv->action_mutex);
6300       fail:
6301 	if (dev) {
6302 		if (registered >= 2)
6303 			unregister_netdev(dev);
6304 
6305 		if (registered) {
6306 			wiphy_unregister(priv->ieee->wdev.wiphy);
6307 			kfree(priv->ieee->bg_band.channels);
6308 		}
6309 
6310 		ipw2100_hw_stop_adapter(priv);
6311 
6312 		ipw2100_disable_interrupts(priv);
6313 
6314 		if (dev->irq)
6315 			free_irq(dev->irq, priv);
6316 
6317 		ipw2100_kill_works(priv);
6318 
6319 		/* These are safe to call even if they weren't allocated */
6320 		ipw2100_queues_free(priv);
6321 		sysfs_remove_group(&pci_dev->dev.kobj,
6322 				   &ipw2100_attribute_group);
6323 
6324 		free_libipw(dev, 0);
6325 	}
6326 
6327 	pci_iounmap(pci_dev, ioaddr);
6328 
6329 	pci_release_regions(pci_dev);
6330 	pci_disable_device(pci_dev);
6331 	goto out;
6332 }
6333 
6334 static void ipw2100_pci_remove_one(struct pci_dev *pci_dev)
6335 {
6336 	struct ipw2100_priv *priv = pci_get_drvdata(pci_dev);
6337 	struct net_device *dev = priv->net_dev;
6338 
6339 	mutex_lock(&priv->action_mutex);
6340 
6341 	priv->status &= ~STATUS_INITIALIZED;
6342 
6343 	sysfs_remove_group(&pci_dev->dev.kobj, &ipw2100_attribute_group);
6344 
6345 #ifdef CONFIG_PM
6346 	if (ipw2100_firmware.version)
6347 		ipw2100_release_firmware(priv, &ipw2100_firmware);
6348 #endif
6349 	/* Take down the hardware */
6350 	ipw2100_down(priv);
6351 
6352 	/* Release the mutex so that the network subsystem can
6353 	 * complete any needed calls into the driver... */
6354 	mutex_unlock(&priv->action_mutex);
6355 
6356 	/* Unregister the device first - this results in close()
6357 	 * being called if the device is open.  If we free storage
6358 	 * first, then close() will crash.
6359 	 * FIXME: remove the comment above. */
6360 	unregister_netdev(dev);
6361 
6362 	ipw2100_kill_works(priv);
6363 
6364 	ipw2100_queues_free(priv);
6365 
6366 	/* Free potential debugging firmware snapshot */
6367 	ipw2100_snapshot_free(priv);
6368 
6369 	free_irq(dev->irq, priv);
6370 
6371 	pci_iounmap(pci_dev, priv->ioaddr);
6372 
6373 	/* wiphy_unregister needs to be here, before free_libipw */
6374 	wiphy_unregister(priv->ieee->wdev.wiphy);
6375 	kfree(priv->ieee->bg_band.channels);
6376 	free_libipw(dev, 0);
6377 
6378 	pci_release_regions(pci_dev);
6379 	pci_disable_device(pci_dev);
6380 
6381 	IPW_DEBUG_INFO("exit\n");
6382 }
6383 
6384 static int __maybe_unused ipw2100_suspend(struct device *dev_d)
6385 {
6386 	struct ipw2100_priv *priv = dev_get_drvdata(dev_d);
6387 	struct net_device *dev = priv->net_dev;
6388 
6389 	IPW_DEBUG_INFO("%s: Going into suspend...\n", dev->name);
6390 
6391 	mutex_lock(&priv->action_mutex);
6392 	if (priv->status & STATUS_INITIALIZED) {
6393 		/* Take down the device; powers it off, etc. */
6394 		ipw2100_down(priv);
6395 	}
6396 
6397 	/* Remove the PRESENT state of the device */
6398 	netif_device_detach(dev);
6399 
6400 	priv->suspend_at = ktime_get_boottime_seconds();
6401 
6402 	mutex_unlock(&priv->action_mutex);
6403 
6404 	return 0;
6405 }
6406 
6407 static int __maybe_unused ipw2100_resume(struct device *dev_d)
6408 {
6409 	struct pci_dev *pci_dev = to_pci_dev(dev_d);
6410 	struct ipw2100_priv *priv = pci_get_drvdata(pci_dev);
6411 	struct net_device *dev = priv->net_dev;
6412 	u32 val;
6413 
6414 	if (IPW2100_PM_DISABLED)
6415 		return 0;
6416 
6417 	mutex_lock(&priv->action_mutex);
6418 
6419 	IPW_DEBUG_INFO("%s: Coming out of suspend...\n", dev->name);
6420 
6421 	/*
6422 	 * Suspend/Resume resets the PCI configuration space, so we have to
6423 	 * re-disable the RETRY_TIMEOUT register (0x41) to keep PCI Tx retries
6424 	 * from interfering with C3 CPU state. pci_restore_state won't help
6425 	 * here since it only restores the first 64 bytes pci config header.
6426 	 */
6427 	pci_read_config_dword(pci_dev, 0x40, &val);
6428 	if ((val & 0x0000ff00) != 0)
6429 		pci_write_config_dword(pci_dev, 0x40, val & 0xffff00ff);
6430 
6431 	/* Set the device back into the PRESENT state; this will also wake
6432 	 * the queue of needed */
6433 	netif_device_attach(dev);
6434 
6435 	priv->suspend_time = ktime_get_boottime_seconds() - priv->suspend_at;
6436 
6437 	/* Bring the device back up */
6438 	if (!(priv->status & STATUS_RF_KILL_SW))
6439 		ipw2100_up(priv, 0);
6440 
6441 	mutex_unlock(&priv->action_mutex);
6442 
6443 	return 0;
6444 }
6445 
6446 static void ipw2100_shutdown(struct pci_dev *pci_dev)
6447 {
6448 	struct ipw2100_priv *priv = pci_get_drvdata(pci_dev);
6449 
6450 	/* Take down the device; powers it off, etc. */
6451 	ipw2100_down(priv);
6452 
6453 	pci_disable_device(pci_dev);
6454 }
6455 
6456 #define IPW2100_DEV_ID(x) { PCI_VENDOR_ID_INTEL, 0x1043, 0x8086, x }
6457 
6458 static const struct pci_device_id ipw2100_pci_id_table[] = {
6459 	IPW2100_DEV_ID(0x2520),	/* IN 2100A mPCI 3A */
6460 	IPW2100_DEV_ID(0x2521),	/* IN 2100A mPCI 3B */
6461 	IPW2100_DEV_ID(0x2524),	/* IN 2100A mPCI 3B */
6462 	IPW2100_DEV_ID(0x2525),	/* IN 2100A mPCI 3B */
6463 	IPW2100_DEV_ID(0x2526),	/* IN 2100A mPCI Gen A3 */
6464 	IPW2100_DEV_ID(0x2522),	/* IN 2100 mPCI 3B */
6465 	IPW2100_DEV_ID(0x2523),	/* IN 2100 mPCI 3A */
6466 	IPW2100_DEV_ID(0x2527),	/* IN 2100 mPCI 3B */
6467 	IPW2100_DEV_ID(0x2528),	/* IN 2100 mPCI 3B */
6468 	IPW2100_DEV_ID(0x2529),	/* IN 2100 mPCI 3B */
6469 	IPW2100_DEV_ID(0x252B),	/* IN 2100 mPCI 3A */
6470 	IPW2100_DEV_ID(0x252C),	/* IN 2100 mPCI 3A */
6471 	IPW2100_DEV_ID(0x252D),	/* IN 2100 mPCI 3A */
6472 
6473 	IPW2100_DEV_ID(0x2550),	/* IB 2100A mPCI 3B */
6474 	IPW2100_DEV_ID(0x2551),	/* IB 2100 mPCI 3B */
6475 	IPW2100_DEV_ID(0x2553),	/* IB 2100 mPCI 3B */
6476 	IPW2100_DEV_ID(0x2554),	/* IB 2100 mPCI 3B */
6477 	IPW2100_DEV_ID(0x2555),	/* IB 2100 mPCI 3B */
6478 
6479 	IPW2100_DEV_ID(0x2560),	/* DE 2100A mPCI 3A */
6480 	IPW2100_DEV_ID(0x2562),	/* DE 2100A mPCI 3A */
6481 	IPW2100_DEV_ID(0x2563),	/* DE 2100A mPCI 3A */
6482 	IPW2100_DEV_ID(0x2561),	/* DE 2100 mPCI 3A */
6483 	IPW2100_DEV_ID(0x2565),	/* DE 2100 mPCI 3A */
6484 	IPW2100_DEV_ID(0x2566),	/* DE 2100 mPCI 3A */
6485 	IPW2100_DEV_ID(0x2567),	/* DE 2100 mPCI 3A */
6486 
6487 	IPW2100_DEV_ID(0x2570),	/* GA 2100 mPCI 3B */
6488 
6489 	IPW2100_DEV_ID(0x2580),	/* TO 2100A mPCI 3B */
6490 	IPW2100_DEV_ID(0x2582),	/* TO 2100A mPCI 3B */
6491 	IPW2100_DEV_ID(0x2583),	/* TO 2100A mPCI 3B */
6492 	IPW2100_DEV_ID(0x2581),	/* TO 2100 mPCI 3B */
6493 	IPW2100_DEV_ID(0x2585),	/* TO 2100 mPCI 3B */
6494 	IPW2100_DEV_ID(0x2586),	/* TO 2100 mPCI 3B */
6495 	IPW2100_DEV_ID(0x2587),	/* TO 2100 mPCI 3B */
6496 
6497 	IPW2100_DEV_ID(0x2590),	/* SO 2100A mPCI 3B */
6498 	IPW2100_DEV_ID(0x2592),	/* SO 2100A mPCI 3B */
6499 	IPW2100_DEV_ID(0x2591),	/* SO 2100 mPCI 3B */
6500 	IPW2100_DEV_ID(0x2593),	/* SO 2100 mPCI 3B */
6501 	IPW2100_DEV_ID(0x2596),	/* SO 2100 mPCI 3B */
6502 	IPW2100_DEV_ID(0x2598),	/* SO 2100 mPCI 3B */
6503 
6504 	IPW2100_DEV_ID(0x25A0),	/* HP 2100 mPCI 3B */
6505 	{0,},
6506 };
6507 
6508 MODULE_DEVICE_TABLE(pci, ipw2100_pci_id_table);
6509 
6510 static SIMPLE_DEV_PM_OPS(ipw2100_pm_ops, ipw2100_suspend, ipw2100_resume);
6511 
6512 static struct pci_driver ipw2100_pci_driver = {
6513 	.name = DRV_NAME,
6514 	.id_table = ipw2100_pci_id_table,
6515 	.probe = ipw2100_pci_init_one,
6516 	.remove = ipw2100_pci_remove_one,
6517 	.driver.pm = &ipw2100_pm_ops,
6518 	.shutdown = ipw2100_shutdown,
6519 };
6520 
6521 /*
6522  * Initialize the ipw2100 driver/module
6523  *
6524  * @returns 0 if ok, < 0 errno node con error.
6525  *
6526  * Note: we cannot init the /proc stuff until the PCI driver is there,
6527  * or we risk an unlikely race condition on someone accessing
6528  * uninitialized data in the PCI dev struct through /proc.
6529  */
6530 static int __init ipw2100_init(void)
6531 {
6532 	int ret;
6533 
6534 	printk(KERN_INFO DRV_NAME ": %s, %s\n", DRV_DESCRIPTION, DRV_VERSION);
6535 	printk(KERN_INFO DRV_NAME ": %s\n", DRV_COPYRIGHT);
6536 
6537 	cpu_latency_qos_add_request(&ipw2100_pm_qos_req, PM_QOS_DEFAULT_VALUE);
6538 
6539 	ret = pci_register_driver(&ipw2100_pci_driver);
6540 	if (ret)
6541 		goto out;
6542 
6543 #ifdef CONFIG_IPW2100_DEBUG
6544 	ipw2100_debug_level = debug;
6545 	ret = driver_create_file(&ipw2100_pci_driver.driver,
6546 				 &driver_attr_debug_level);
6547 #endif
6548 
6549 out:
6550 	return ret;
6551 }
6552 
6553 /*
6554  * Cleanup ipw2100 driver registration
6555  */
6556 static void __exit ipw2100_exit(void)
6557 {
6558 	/* FIXME: IPG: check that we have no instances of the devices open */
6559 #ifdef CONFIG_IPW2100_DEBUG
6560 	driver_remove_file(&ipw2100_pci_driver.driver,
6561 			   &driver_attr_debug_level);
6562 #endif
6563 	pci_unregister_driver(&ipw2100_pci_driver);
6564 	cpu_latency_qos_remove_request(&ipw2100_pm_qos_req);
6565 }
6566 
6567 module_init(ipw2100_init);
6568 module_exit(ipw2100_exit);
6569 
6570 static int ipw2100_wx_get_name(struct net_device *dev,
6571 			       struct iw_request_info *info,
6572 			       union iwreq_data *wrqu, char *extra)
6573 {
6574 	/*
6575 	 * This can be called at any time.  No action lock required
6576 	 */
6577 
6578 	struct ipw2100_priv *priv = libipw_priv(dev);
6579 	if (!(priv->status & STATUS_ASSOCIATED))
6580 		strcpy(wrqu->name, "unassociated");
6581 	else
6582 		snprintf(wrqu->name, IFNAMSIZ, "IEEE 802.11b");
6583 
6584 	IPW_DEBUG_WX("Name: %s\n", wrqu->name);
6585 	return 0;
6586 }
6587 
6588 static int ipw2100_wx_set_freq(struct net_device *dev,
6589 			       struct iw_request_info *info,
6590 			       union iwreq_data *wrqu, char *extra)
6591 {
6592 	struct ipw2100_priv *priv = libipw_priv(dev);
6593 	struct iw_freq *fwrq = &wrqu->freq;
6594 	int err = 0;
6595 
6596 	if (priv->ieee->iw_mode == IW_MODE_INFRA)
6597 		return -EOPNOTSUPP;
6598 
6599 	mutex_lock(&priv->action_mutex);
6600 	if (!(priv->status & STATUS_INITIALIZED)) {
6601 		err = -EIO;
6602 		goto done;
6603 	}
6604 
6605 	/* if setting by freq convert to channel */
6606 	if (fwrq->e == 1) {
6607 		if ((fwrq->m >= (int)2.412e8 && fwrq->m <= (int)2.487e8)) {
6608 			int f = fwrq->m / 100000;
6609 			int c = 0;
6610 
6611 			while ((c < REG_MAX_CHANNEL) &&
6612 			       (f != ipw2100_frequencies[c]))
6613 				c++;
6614 
6615 			/* hack to fall through */
6616 			fwrq->e = 0;
6617 			fwrq->m = c + 1;
6618 		}
6619 	}
6620 
6621 	if (fwrq->e > 0 || fwrq->m > 1000) {
6622 		err = -EOPNOTSUPP;
6623 		goto done;
6624 	} else {		/* Set the channel */
6625 		IPW_DEBUG_WX("SET Freq/Channel -> %d\n", fwrq->m);
6626 		err = ipw2100_set_channel(priv, fwrq->m, 0);
6627 	}
6628 
6629       done:
6630 	mutex_unlock(&priv->action_mutex);
6631 	return err;
6632 }
6633 
6634 static int ipw2100_wx_get_freq(struct net_device *dev,
6635 			       struct iw_request_info *info,
6636 			       union iwreq_data *wrqu, char *extra)
6637 {
6638 	/*
6639 	 * This can be called at any time.  No action lock required
6640 	 */
6641 
6642 	struct ipw2100_priv *priv = libipw_priv(dev);
6643 
6644 	wrqu->freq.e = 0;
6645 
6646 	/* If we are associated, trying to associate, or have a statically
6647 	 * configured CHANNEL then return that; otherwise return ANY */
6648 	if (priv->config & CFG_STATIC_CHANNEL ||
6649 	    priv->status & STATUS_ASSOCIATED)
6650 		wrqu->freq.m = priv->channel;
6651 	else
6652 		wrqu->freq.m = 0;
6653 
6654 	IPW_DEBUG_WX("GET Freq/Channel -> %d\n", priv->channel);
6655 	return 0;
6656 
6657 }
6658 
6659 static int ipw2100_wx_set_mode(struct net_device *dev,
6660 			       struct iw_request_info *info,
6661 			       union iwreq_data *wrqu, char *extra)
6662 {
6663 	struct ipw2100_priv *priv = libipw_priv(dev);
6664 	int err = 0;
6665 
6666 	IPW_DEBUG_WX("SET Mode -> %d\n", wrqu->mode);
6667 
6668 	if (wrqu->mode == priv->ieee->iw_mode)
6669 		return 0;
6670 
6671 	mutex_lock(&priv->action_mutex);
6672 	if (!(priv->status & STATUS_INITIALIZED)) {
6673 		err = -EIO;
6674 		goto done;
6675 	}
6676 
6677 	switch (wrqu->mode) {
6678 #ifdef CONFIG_IPW2100_MONITOR
6679 	case IW_MODE_MONITOR:
6680 		err = ipw2100_switch_mode(priv, IW_MODE_MONITOR);
6681 		break;
6682 #endif				/* CONFIG_IPW2100_MONITOR */
6683 	case IW_MODE_ADHOC:
6684 		err = ipw2100_switch_mode(priv, IW_MODE_ADHOC);
6685 		break;
6686 	case IW_MODE_INFRA:
6687 	case IW_MODE_AUTO:
6688 	default:
6689 		err = ipw2100_switch_mode(priv, IW_MODE_INFRA);
6690 		break;
6691 	}
6692 
6693       done:
6694 	mutex_unlock(&priv->action_mutex);
6695 	return err;
6696 }
6697 
6698 static int ipw2100_wx_get_mode(struct net_device *dev,
6699 			       struct iw_request_info *info,
6700 			       union iwreq_data *wrqu, char *extra)
6701 {
6702 	/*
6703 	 * This can be called at any time.  No action lock required
6704 	 */
6705 
6706 	struct ipw2100_priv *priv = libipw_priv(dev);
6707 
6708 	wrqu->mode = priv->ieee->iw_mode;
6709 	IPW_DEBUG_WX("GET Mode -> %d\n", wrqu->mode);
6710 
6711 	return 0;
6712 }
6713 
6714 #define POWER_MODES 5
6715 
6716 /* Values are in microsecond */
6717 static const s32 timeout_duration[POWER_MODES] = {
6718 	350000,
6719 	250000,
6720 	75000,
6721 	37000,
6722 	25000,
6723 };
6724 
6725 static const s32 period_duration[POWER_MODES] = {
6726 	400000,
6727 	700000,
6728 	1000000,
6729 	1000000,
6730 	1000000
6731 };
6732 
6733 static int ipw2100_wx_get_range(struct net_device *dev,
6734 				struct iw_request_info *info,
6735 				union iwreq_data *wrqu, char *extra)
6736 {
6737 	/*
6738 	 * This can be called at any time.  No action lock required
6739 	 */
6740 
6741 	struct ipw2100_priv *priv = libipw_priv(dev);
6742 	struct iw_range *range = (struct iw_range *)extra;
6743 	u16 val;
6744 	int i, level;
6745 
6746 	wrqu->data.length = sizeof(*range);
6747 	memset(range, 0, sizeof(*range));
6748 
6749 	/* Let's try to keep this struct in the same order as in
6750 	 * linux/include/wireless.h
6751 	 */
6752 
6753 	/* TODO: See what values we can set, and remove the ones we can't
6754 	 * set, or fill them with some default data.
6755 	 */
6756 
6757 	/* ~5 Mb/s real (802.11b) */
6758 	range->throughput = 5 * 1000 * 1000;
6759 
6760 //      range->sensitivity;     /* signal level threshold range */
6761 
6762 	range->max_qual.qual = 100;
6763 	/* TODO: Find real max RSSI and stick here */
6764 	range->max_qual.level = 0;
6765 	range->max_qual.noise = 0;
6766 	range->max_qual.updated = 7;	/* Updated all three */
6767 
6768 	range->avg_qual.qual = 70;	/* > 8% missed beacons is 'bad' */
6769 	/* TODO: Find real 'good' to 'bad' threshold value for RSSI */
6770 	range->avg_qual.level = 20 + IPW2100_RSSI_TO_DBM;
6771 	range->avg_qual.noise = 0;
6772 	range->avg_qual.updated = 7;	/* Updated all three */
6773 
6774 	range->num_bitrates = RATE_COUNT;
6775 
6776 	for (i = 0; i < RATE_COUNT && i < IW_MAX_BITRATES; i++) {
6777 		range->bitrate[i] = ipw2100_bg_rates[i].bitrate * 100 * 1000;
6778 	}
6779 
6780 	range->min_rts = MIN_RTS_THRESHOLD;
6781 	range->max_rts = MAX_RTS_THRESHOLD;
6782 	range->min_frag = MIN_FRAG_THRESHOLD;
6783 	range->max_frag = MAX_FRAG_THRESHOLD;
6784 
6785 	range->min_pmp = period_duration[0];	/* Minimal PM period */
6786 	range->max_pmp = period_duration[POWER_MODES - 1];	/* Maximal PM period */
6787 	range->min_pmt = timeout_duration[POWER_MODES - 1];	/* Minimal PM timeout */
6788 	range->max_pmt = timeout_duration[0];	/* Maximal PM timeout */
6789 
6790 	/* How to decode max/min PM period */
6791 	range->pmp_flags = IW_POWER_PERIOD;
6792 	/* How to decode max/min PM period */
6793 	range->pmt_flags = IW_POWER_TIMEOUT;
6794 	/* What PM options are supported */
6795 	range->pm_capa = IW_POWER_TIMEOUT | IW_POWER_PERIOD;
6796 
6797 	range->encoding_size[0] = 5;
6798 	range->encoding_size[1] = 13;	/* Different token sizes */
6799 	range->num_encoding_sizes = 2;	/* Number of entry in the list */
6800 	range->max_encoding_tokens = WEP_KEYS;	/* Max number of tokens */
6801 //      range->encoding_login_index;            /* token index for login token */
6802 
6803 	if (priv->ieee->iw_mode == IW_MODE_ADHOC) {
6804 		range->txpower_capa = IW_TXPOW_DBM;
6805 		range->num_txpower = IW_MAX_TXPOWER;
6806 		for (i = 0, level = (IPW_TX_POWER_MAX_DBM * 16);
6807 		     i < IW_MAX_TXPOWER;
6808 		     i++, level -=
6809 		     ((IPW_TX_POWER_MAX_DBM -
6810 		       IPW_TX_POWER_MIN_DBM) * 16) / (IW_MAX_TXPOWER - 1))
6811 			range->txpower[i] = level / 16;
6812 	} else {
6813 		range->txpower_capa = 0;
6814 		range->num_txpower = 0;
6815 	}
6816 
6817 	/* Set the Wireless Extension versions */
6818 	range->we_version_compiled = WIRELESS_EXT;
6819 	range->we_version_source = 18;
6820 
6821 //      range->retry_capa;      /* What retry options are supported */
6822 //      range->retry_flags;     /* How to decode max/min retry limit */
6823 //      range->r_time_flags;    /* How to decode max/min retry life */
6824 //      range->min_retry;       /* Minimal number of retries */
6825 //      range->max_retry;       /* Maximal number of retries */
6826 //      range->min_r_time;      /* Minimal retry lifetime */
6827 //      range->max_r_time;      /* Maximal retry lifetime */
6828 
6829 	range->num_channels = FREQ_COUNT;
6830 
6831 	val = 0;
6832 	for (i = 0; i < FREQ_COUNT; i++) {
6833 		// TODO: Include only legal frequencies for some countries
6834 //              if (local->channel_mask & (1 << i)) {
6835 		range->freq[val].i = i + 1;
6836 		range->freq[val].m = ipw2100_frequencies[i] * 100000;
6837 		range->freq[val].e = 1;
6838 		val++;
6839 //              }
6840 		if (val == IW_MAX_FREQUENCIES)
6841 			break;
6842 	}
6843 	range->num_frequency = val;
6844 
6845 	/* Event capability (kernel + driver) */
6846 	range->event_capa[0] = (IW_EVENT_CAPA_K_0 |
6847 				IW_EVENT_CAPA_MASK(SIOCGIWAP));
6848 	range->event_capa[1] = IW_EVENT_CAPA_K_1;
6849 
6850 	range->enc_capa = IW_ENC_CAPA_WPA | IW_ENC_CAPA_WPA2 |
6851 		IW_ENC_CAPA_CIPHER_TKIP | IW_ENC_CAPA_CIPHER_CCMP;
6852 
6853 	IPW_DEBUG_WX("GET Range\n");
6854 
6855 	return 0;
6856 }
6857 
6858 static int ipw2100_wx_set_wap(struct net_device *dev,
6859 			      struct iw_request_info *info,
6860 			      union iwreq_data *wrqu, char *extra)
6861 {
6862 	struct ipw2100_priv *priv = libipw_priv(dev);
6863 	int err = 0;
6864 
6865 	// sanity checks
6866 	if (wrqu->ap_addr.sa_family != ARPHRD_ETHER)
6867 		return -EINVAL;
6868 
6869 	mutex_lock(&priv->action_mutex);
6870 	if (!(priv->status & STATUS_INITIALIZED)) {
6871 		err = -EIO;
6872 		goto done;
6873 	}
6874 
6875 	if (is_broadcast_ether_addr(wrqu->ap_addr.sa_data) ||
6876 	    is_zero_ether_addr(wrqu->ap_addr.sa_data)) {
6877 		/* we disable mandatory BSSID association */
6878 		IPW_DEBUG_WX("exit - disable mandatory BSSID\n");
6879 		priv->config &= ~CFG_STATIC_BSSID;
6880 		err = ipw2100_set_mandatory_bssid(priv, NULL, 0);
6881 		goto done;
6882 	}
6883 
6884 	priv->config |= CFG_STATIC_BSSID;
6885 	memcpy(priv->mandatory_bssid_mac, wrqu->ap_addr.sa_data, ETH_ALEN);
6886 
6887 	err = ipw2100_set_mandatory_bssid(priv, wrqu->ap_addr.sa_data, 0);
6888 
6889 	IPW_DEBUG_WX("SET BSSID -> %pM\n", wrqu->ap_addr.sa_data);
6890 
6891       done:
6892 	mutex_unlock(&priv->action_mutex);
6893 	return err;
6894 }
6895 
6896 static int ipw2100_wx_get_wap(struct net_device *dev,
6897 			      struct iw_request_info *info,
6898 			      union iwreq_data *wrqu, char *extra)
6899 {
6900 	/*
6901 	 * This can be called at any time.  No action lock required
6902 	 */
6903 
6904 	struct ipw2100_priv *priv = libipw_priv(dev);
6905 
6906 	/* If we are associated, trying to associate, or have a statically
6907 	 * configured BSSID then return that; otherwise return ANY */
6908 	if (priv->config & CFG_STATIC_BSSID || priv->status & STATUS_ASSOCIATED) {
6909 		wrqu->ap_addr.sa_family = ARPHRD_ETHER;
6910 		memcpy(wrqu->ap_addr.sa_data, priv->bssid, ETH_ALEN);
6911 	} else
6912 		eth_zero_addr(wrqu->ap_addr.sa_data);
6913 
6914 	IPW_DEBUG_WX("Getting WAP BSSID: %pM\n", wrqu->ap_addr.sa_data);
6915 	return 0;
6916 }
6917 
6918 static int ipw2100_wx_set_essid(struct net_device *dev,
6919 				struct iw_request_info *info,
6920 				union iwreq_data *wrqu, char *extra)
6921 {
6922 	struct ipw2100_priv *priv = libipw_priv(dev);
6923 	char *essid = "";	/* ANY */
6924 	int length = 0;
6925 	int err = 0;
6926 
6927 	mutex_lock(&priv->action_mutex);
6928 	if (!(priv->status & STATUS_INITIALIZED)) {
6929 		err = -EIO;
6930 		goto done;
6931 	}
6932 
6933 	if (wrqu->essid.flags && wrqu->essid.length) {
6934 		length = wrqu->essid.length;
6935 		essid = extra;
6936 	}
6937 
6938 	if (length == 0) {
6939 		IPW_DEBUG_WX("Setting ESSID to ANY\n");
6940 		priv->config &= ~CFG_STATIC_ESSID;
6941 		err = ipw2100_set_essid(priv, NULL, 0, 0);
6942 		goto done;
6943 	}
6944 
6945 	length = min(length, IW_ESSID_MAX_SIZE);
6946 
6947 	priv->config |= CFG_STATIC_ESSID;
6948 
6949 	if (priv->essid_len == length && !memcmp(priv->essid, extra, length)) {
6950 		IPW_DEBUG_WX("ESSID set to current ESSID.\n");
6951 		err = 0;
6952 		goto done;
6953 	}
6954 
6955 	IPW_DEBUG_WX("Setting ESSID: '%*pE' (%d)\n", length, essid, length);
6956 
6957 	priv->essid_len = length;
6958 	memcpy(priv->essid, essid, priv->essid_len);
6959 
6960 	err = ipw2100_set_essid(priv, essid, length, 0);
6961 
6962       done:
6963 	mutex_unlock(&priv->action_mutex);
6964 	return err;
6965 }
6966 
6967 static int ipw2100_wx_get_essid(struct net_device *dev,
6968 				struct iw_request_info *info,
6969 				union iwreq_data *wrqu, char *extra)
6970 {
6971 	/*
6972 	 * This can be called at any time.  No action lock required
6973 	 */
6974 
6975 	struct ipw2100_priv *priv = libipw_priv(dev);
6976 
6977 	/* If we are associated, trying to associate, or have a statically
6978 	 * configured ESSID then return that; otherwise return ANY */
6979 	if (priv->config & CFG_STATIC_ESSID || priv->status & STATUS_ASSOCIATED) {
6980 		IPW_DEBUG_WX("Getting essid: '%*pE'\n",
6981 			     priv->essid_len, priv->essid);
6982 		memcpy(extra, priv->essid, priv->essid_len);
6983 		wrqu->essid.length = priv->essid_len;
6984 		wrqu->essid.flags = 1;	/* active */
6985 	} else {
6986 		IPW_DEBUG_WX("Getting essid: ANY\n");
6987 		wrqu->essid.length = 0;
6988 		wrqu->essid.flags = 0;	/* active */
6989 	}
6990 
6991 	return 0;
6992 }
6993 
6994 static int ipw2100_wx_set_nick(struct net_device *dev,
6995 			       struct iw_request_info *info,
6996 			       union iwreq_data *wrqu, char *extra)
6997 {
6998 	/*
6999 	 * This can be called at any time.  No action lock required
7000 	 */
7001 
7002 	struct ipw2100_priv *priv = libipw_priv(dev);
7003 
7004 	if (wrqu->data.length > IW_ESSID_MAX_SIZE)
7005 		return -E2BIG;
7006 
7007 	wrqu->data.length = min_t(size_t, wrqu->data.length, sizeof(priv->nick));
7008 	memset(priv->nick, 0, sizeof(priv->nick));
7009 	memcpy(priv->nick, extra, wrqu->data.length);
7010 
7011 	IPW_DEBUG_WX("SET Nickname -> %s\n", priv->nick);
7012 
7013 	return 0;
7014 }
7015 
7016 static int ipw2100_wx_get_nick(struct net_device *dev,
7017 			       struct iw_request_info *info,
7018 			       union iwreq_data *wrqu, char *extra)
7019 {
7020 	/*
7021 	 * This can be called at any time.  No action lock required
7022 	 */
7023 
7024 	struct ipw2100_priv *priv = libipw_priv(dev);
7025 
7026 	wrqu->data.length = strlen(priv->nick);
7027 	memcpy(extra, priv->nick, wrqu->data.length);
7028 	wrqu->data.flags = 1;	/* active */
7029 
7030 	IPW_DEBUG_WX("GET Nickname -> %s\n", extra);
7031 
7032 	return 0;
7033 }
7034 
7035 static int ipw2100_wx_set_rate(struct net_device *dev,
7036 			       struct iw_request_info *info,
7037 			       union iwreq_data *wrqu, char *extra)
7038 {
7039 	struct ipw2100_priv *priv = libipw_priv(dev);
7040 	u32 target_rate = wrqu->bitrate.value;
7041 	u32 rate;
7042 	int err = 0;
7043 
7044 	mutex_lock(&priv->action_mutex);
7045 	if (!(priv->status & STATUS_INITIALIZED)) {
7046 		err = -EIO;
7047 		goto done;
7048 	}
7049 
7050 	rate = 0;
7051 
7052 	if (target_rate == 1000000 ||
7053 	    (!wrqu->bitrate.fixed && target_rate > 1000000))
7054 		rate |= TX_RATE_1_MBIT;
7055 	if (target_rate == 2000000 ||
7056 	    (!wrqu->bitrate.fixed && target_rate > 2000000))
7057 		rate |= TX_RATE_2_MBIT;
7058 	if (target_rate == 5500000 ||
7059 	    (!wrqu->bitrate.fixed && target_rate > 5500000))
7060 		rate |= TX_RATE_5_5_MBIT;
7061 	if (target_rate == 11000000 ||
7062 	    (!wrqu->bitrate.fixed && target_rate > 11000000))
7063 		rate |= TX_RATE_11_MBIT;
7064 	if (rate == 0)
7065 		rate = DEFAULT_TX_RATES;
7066 
7067 	err = ipw2100_set_tx_rates(priv, rate, 0);
7068 
7069 	IPW_DEBUG_WX("SET Rate -> %04X\n", rate);
7070       done:
7071 	mutex_unlock(&priv->action_mutex);
7072 	return err;
7073 }
7074 
7075 static int ipw2100_wx_get_rate(struct net_device *dev,
7076 			       struct iw_request_info *info,
7077 			       union iwreq_data *wrqu, char *extra)
7078 {
7079 	struct ipw2100_priv *priv = libipw_priv(dev);
7080 	int val;
7081 	unsigned int len = sizeof(val);
7082 	int err = 0;
7083 
7084 	if (!(priv->status & STATUS_ENABLED) ||
7085 	    priv->status & STATUS_RF_KILL_MASK ||
7086 	    !(priv->status & STATUS_ASSOCIATED)) {
7087 		wrqu->bitrate.value = 0;
7088 		return 0;
7089 	}
7090 
7091 	mutex_lock(&priv->action_mutex);
7092 	if (!(priv->status & STATUS_INITIALIZED)) {
7093 		err = -EIO;
7094 		goto done;
7095 	}
7096 
7097 	err = ipw2100_get_ordinal(priv, IPW_ORD_CURRENT_TX_RATE, &val, &len);
7098 	if (err) {
7099 		IPW_DEBUG_WX("failed querying ordinals.\n");
7100 		goto done;
7101 	}
7102 
7103 	switch (val & TX_RATE_MASK) {
7104 	case TX_RATE_1_MBIT:
7105 		wrqu->bitrate.value = 1000000;
7106 		break;
7107 	case TX_RATE_2_MBIT:
7108 		wrqu->bitrate.value = 2000000;
7109 		break;
7110 	case TX_RATE_5_5_MBIT:
7111 		wrqu->bitrate.value = 5500000;
7112 		break;
7113 	case TX_RATE_11_MBIT:
7114 		wrqu->bitrate.value = 11000000;
7115 		break;
7116 	default:
7117 		wrqu->bitrate.value = 0;
7118 	}
7119 
7120 	IPW_DEBUG_WX("GET Rate -> %d\n", wrqu->bitrate.value);
7121 
7122       done:
7123 	mutex_unlock(&priv->action_mutex);
7124 	return err;
7125 }
7126 
7127 static int ipw2100_wx_set_rts(struct net_device *dev,
7128 			      struct iw_request_info *info,
7129 			      union iwreq_data *wrqu, char *extra)
7130 {
7131 	struct ipw2100_priv *priv = libipw_priv(dev);
7132 	int value, err;
7133 
7134 	/* Auto RTS not yet supported */
7135 	if (wrqu->rts.fixed == 0)
7136 		return -EINVAL;
7137 
7138 	mutex_lock(&priv->action_mutex);
7139 	if (!(priv->status & STATUS_INITIALIZED)) {
7140 		err = -EIO;
7141 		goto done;
7142 	}
7143 
7144 	if (wrqu->rts.disabled)
7145 		value = priv->rts_threshold | RTS_DISABLED;
7146 	else {
7147 		if (wrqu->rts.value < 1 || wrqu->rts.value > 2304) {
7148 			err = -EINVAL;
7149 			goto done;
7150 		}
7151 		value = wrqu->rts.value;
7152 	}
7153 
7154 	err = ipw2100_set_rts_threshold(priv, value);
7155 
7156 	IPW_DEBUG_WX("SET RTS Threshold -> 0x%08X\n", value);
7157       done:
7158 	mutex_unlock(&priv->action_mutex);
7159 	return err;
7160 }
7161 
7162 static int ipw2100_wx_get_rts(struct net_device *dev,
7163 			      struct iw_request_info *info,
7164 			      union iwreq_data *wrqu, char *extra)
7165 {
7166 	/*
7167 	 * This can be called at any time.  No action lock required
7168 	 */
7169 
7170 	struct ipw2100_priv *priv = libipw_priv(dev);
7171 
7172 	wrqu->rts.value = priv->rts_threshold & ~RTS_DISABLED;
7173 	wrqu->rts.fixed = 1;	/* no auto select */
7174 
7175 	/* If RTS is set to the default value, then it is disabled */
7176 	wrqu->rts.disabled = (priv->rts_threshold & RTS_DISABLED) ? 1 : 0;
7177 
7178 	IPW_DEBUG_WX("GET RTS Threshold -> 0x%08X\n", wrqu->rts.value);
7179 
7180 	return 0;
7181 }
7182 
7183 static int ipw2100_wx_set_txpow(struct net_device *dev,
7184 				struct iw_request_info *info,
7185 				union iwreq_data *wrqu, char *extra)
7186 {
7187 	struct ipw2100_priv *priv = libipw_priv(dev);
7188 	int err = 0, value;
7189 
7190 	if (ipw_radio_kill_sw(priv, wrqu->txpower.disabled))
7191 		return -EINPROGRESS;
7192 
7193 	if (priv->ieee->iw_mode != IW_MODE_ADHOC)
7194 		return 0;
7195 
7196 	if ((wrqu->txpower.flags & IW_TXPOW_TYPE) != IW_TXPOW_DBM)
7197 		return -EINVAL;
7198 
7199 	if (wrqu->txpower.fixed == 0)
7200 		value = IPW_TX_POWER_DEFAULT;
7201 	else {
7202 		if (wrqu->txpower.value < IPW_TX_POWER_MIN_DBM ||
7203 		    wrqu->txpower.value > IPW_TX_POWER_MAX_DBM)
7204 			return -EINVAL;
7205 
7206 		value = wrqu->txpower.value;
7207 	}
7208 
7209 	mutex_lock(&priv->action_mutex);
7210 	if (!(priv->status & STATUS_INITIALIZED)) {
7211 		err = -EIO;
7212 		goto done;
7213 	}
7214 
7215 	err = ipw2100_set_tx_power(priv, value);
7216 
7217 	IPW_DEBUG_WX("SET TX Power -> %d\n", value);
7218 
7219       done:
7220 	mutex_unlock(&priv->action_mutex);
7221 	return err;
7222 }
7223 
7224 static int ipw2100_wx_get_txpow(struct net_device *dev,
7225 				struct iw_request_info *info,
7226 				union iwreq_data *wrqu, char *extra)
7227 {
7228 	/*
7229 	 * This can be called at any time.  No action lock required
7230 	 */
7231 
7232 	struct ipw2100_priv *priv = libipw_priv(dev);
7233 
7234 	wrqu->txpower.disabled = (priv->status & STATUS_RF_KILL_MASK) ? 1 : 0;
7235 
7236 	if (priv->tx_power == IPW_TX_POWER_DEFAULT) {
7237 		wrqu->txpower.fixed = 0;
7238 		wrqu->txpower.value = IPW_TX_POWER_MAX_DBM;
7239 	} else {
7240 		wrqu->txpower.fixed = 1;
7241 		wrqu->txpower.value = priv->tx_power;
7242 	}
7243 
7244 	wrqu->txpower.flags = IW_TXPOW_DBM;
7245 
7246 	IPW_DEBUG_WX("GET TX Power -> %d\n", wrqu->txpower.value);
7247 
7248 	return 0;
7249 }
7250 
7251 static int ipw2100_wx_set_frag(struct net_device *dev,
7252 			       struct iw_request_info *info,
7253 			       union iwreq_data *wrqu, char *extra)
7254 {
7255 	/*
7256 	 * This can be called at any time.  No action lock required
7257 	 */
7258 
7259 	struct ipw2100_priv *priv = libipw_priv(dev);
7260 
7261 	if (!wrqu->frag.fixed)
7262 		return -EINVAL;
7263 
7264 	if (wrqu->frag.disabled) {
7265 		priv->frag_threshold |= FRAG_DISABLED;
7266 		priv->ieee->fts = DEFAULT_FTS;
7267 	} else {
7268 		if (wrqu->frag.value < MIN_FRAG_THRESHOLD ||
7269 		    wrqu->frag.value > MAX_FRAG_THRESHOLD)
7270 			return -EINVAL;
7271 
7272 		priv->ieee->fts = wrqu->frag.value & ~0x1;
7273 		priv->frag_threshold = priv->ieee->fts;
7274 	}
7275 
7276 	IPW_DEBUG_WX("SET Frag Threshold -> %d\n", priv->ieee->fts);
7277 
7278 	return 0;
7279 }
7280 
7281 static int ipw2100_wx_get_frag(struct net_device *dev,
7282 			       struct iw_request_info *info,
7283 			       union iwreq_data *wrqu, char *extra)
7284 {
7285 	/*
7286 	 * This can be called at any time.  No action lock required
7287 	 */
7288 
7289 	struct ipw2100_priv *priv = libipw_priv(dev);
7290 	wrqu->frag.value = priv->frag_threshold & ~FRAG_DISABLED;
7291 	wrqu->frag.fixed = 0;	/* no auto select */
7292 	wrqu->frag.disabled = (priv->frag_threshold & FRAG_DISABLED) ? 1 : 0;
7293 
7294 	IPW_DEBUG_WX("GET Frag Threshold -> %d\n", wrqu->frag.value);
7295 
7296 	return 0;
7297 }
7298 
7299 static int ipw2100_wx_set_retry(struct net_device *dev,
7300 				struct iw_request_info *info,
7301 				union iwreq_data *wrqu, char *extra)
7302 {
7303 	struct ipw2100_priv *priv = libipw_priv(dev);
7304 	int err = 0;
7305 
7306 	if (wrqu->retry.flags & IW_RETRY_LIFETIME || wrqu->retry.disabled)
7307 		return -EINVAL;
7308 
7309 	if (!(wrqu->retry.flags & IW_RETRY_LIMIT))
7310 		return 0;
7311 
7312 	mutex_lock(&priv->action_mutex);
7313 	if (!(priv->status & STATUS_INITIALIZED)) {
7314 		err = -EIO;
7315 		goto done;
7316 	}
7317 
7318 	if (wrqu->retry.flags & IW_RETRY_SHORT) {
7319 		err = ipw2100_set_short_retry(priv, wrqu->retry.value);
7320 		IPW_DEBUG_WX("SET Short Retry Limit -> %d\n",
7321 			     wrqu->retry.value);
7322 		goto done;
7323 	}
7324 
7325 	if (wrqu->retry.flags & IW_RETRY_LONG) {
7326 		err = ipw2100_set_long_retry(priv, wrqu->retry.value);
7327 		IPW_DEBUG_WX("SET Long Retry Limit -> %d\n",
7328 			     wrqu->retry.value);
7329 		goto done;
7330 	}
7331 
7332 	err = ipw2100_set_short_retry(priv, wrqu->retry.value);
7333 	if (!err)
7334 		err = ipw2100_set_long_retry(priv, wrqu->retry.value);
7335 
7336 	IPW_DEBUG_WX("SET Both Retry Limits -> %d\n", wrqu->retry.value);
7337 
7338       done:
7339 	mutex_unlock(&priv->action_mutex);
7340 	return err;
7341 }
7342 
7343 static int ipw2100_wx_get_retry(struct net_device *dev,
7344 				struct iw_request_info *info,
7345 				union iwreq_data *wrqu, char *extra)
7346 {
7347 	/*
7348 	 * This can be called at any time.  No action lock required
7349 	 */
7350 
7351 	struct ipw2100_priv *priv = libipw_priv(dev);
7352 
7353 	wrqu->retry.disabled = 0;	/* can't be disabled */
7354 
7355 	if ((wrqu->retry.flags & IW_RETRY_TYPE) == IW_RETRY_LIFETIME)
7356 		return -EINVAL;
7357 
7358 	if (wrqu->retry.flags & IW_RETRY_LONG) {
7359 		wrqu->retry.flags = IW_RETRY_LIMIT | IW_RETRY_LONG;
7360 		wrqu->retry.value = priv->long_retry_limit;
7361 	} else {
7362 		wrqu->retry.flags =
7363 		    (priv->short_retry_limit !=
7364 		     priv->long_retry_limit) ?
7365 		    IW_RETRY_LIMIT | IW_RETRY_SHORT : IW_RETRY_LIMIT;
7366 
7367 		wrqu->retry.value = priv->short_retry_limit;
7368 	}
7369 
7370 	IPW_DEBUG_WX("GET Retry -> %d\n", wrqu->retry.value);
7371 
7372 	return 0;
7373 }
7374 
7375 static int ipw2100_wx_set_scan(struct net_device *dev,
7376 			       struct iw_request_info *info,
7377 			       union iwreq_data *wrqu, char *extra)
7378 {
7379 	struct ipw2100_priv *priv = libipw_priv(dev);
7380 	int err = 0;
7381 
7382 	mutex_lock(&priv->action_mutex);
7383 	if (!(priv->status & STATUS_INITIALIZED)) {
7384 		err = -EIO;
7385 		goto done;
7386 	}
7387 
7388 	IPW_DEBUG_WX("Initiating scan...\n");
7389 
7390 	priv->user_requested_scan = 1;
7391 	if (ipw2100_set_scan_options(priv) || ipw2100_start_scan(priv)) {
7392 		IPW_DEBUG_WX("Start scan failed.\n");
7393 
7394 		/* TODO: Mark a scan as pending so when hardware initialized
7395 		 *       a scan starts */
7396 	}
7397 
7398       done:
7399 	mutex_unlock(&priv->action_mutex);
7400 	return err;
7401 }
7402 
7403 static int ipw2100_wx_get_scan(struct net_device *dev,
7404 			       struct iw_request_info *info,
7405 			       union iwreq_data *wrqu, char *extra)
7406 {
7407 	/*
7408 	 * This can be called at any time.  No action lock required
7409 	 */
7410 
7411 	struct ipw2100_priv *priv = libipw_priv(dev);
7412 	return libipw_wx_get_scan(priv->ieee, info, wrqu, extra);
7413 }
7414 
7415 /*
7416  * Implementation based on code in hostap-driver v0.1.3 hostap_ioctl.c
7417  */
7418 static int ipw2100_wx_set_encode(struct net_device *dev,
7419 				 struct iw_request_info *info,
7420 				 union iwreq_data *wrqu, char *key)
7421 {
7422 	/*
7423 	 * No check of STATUS_INITIALIZED required
7424 	 */
7425 
7426 	struct ipw2100_priv *priv = libipw_priv(dev);
7427 	return libipw_wx_set_encode(priv->ieee, info, wrqu, key);
7428 }
7429 
7430 static int ipw2100_wx_get_encode(struct net_device *dev,
7431 				 struct iw_request_info *info,
7432 				 union iwreq_data *wrqu, char *key)
7433 {
7434 	/*
7435 	 * This can be called at any time.  No action lock required
7436 	 */
7437 
7438 	struct ipw2100_priv *priv = libipw_priv(dev);
7439 	return libipw_wx_get_encode(priv->ieee, info, wrqu, key);
7440 }
7441 
7442 static int ipw2100_wx_set_power(struct net_device *dev,
7443 				struct iw_request_info *info,
7444 				union iwreq_data *wrqu, char *extra)
7445 {
7446 	struct ipw2100_priv *priv = libipw_priv(dev);
7447 	int err = 0;
7448 
7449 	mutex_lock(&priv->action_mutex);
7450 	if (!(priv->status & STATUS_INITIALIZED)) {
7451 		err = -EIO;
7452 		goto done;
7453 	}
7454 
7455 	if (wrqu->power.disabled) {
7456 		priv->power_mode = IPW_POWER_LEVEL(priv->power_mode);
7457 		err = ipw2100_set_power_mode(priv, IPW_POWER_MODE_CAM);
7458 		IPW_DEBUG_WX("SET Power Management Mode -> off\n");
7459 		goto done;
7460 	}
7461 
7462 	switch (wrqu->power.flags & IW_POWER_MODE) {
7463 	case IW_POWER_ON:	/* If not specified */
7464 	case IW_POWER_MODE:	/* If set all mask */
7465 	case IW_POWER_ALL_R:	/* If explicitly state all */
7466 		break;
7467 	default:		/* Otherwise we don't support it */
7468 		IPW_DEBUG_WX("SET PM Mode: %X not supported.\n",
7469 			     wrqu->power.flags);
7470 		err = -EOPNOTSUPP;
7471 		goto done;
7472 	}
7473 
7474 	/* If the user hasn't specified a power management mode yet, default
7475 	 * to BATTERY */
7476 	priv->power_mode = IPW_POWER_ENABLED | priv->power_mode;
7477 	err = ipw2100_set_power_mode(priv, IPW_POWER_LEVEL(priv->power_mode));
7478 
7479 	IPW_DEBUG_WX("SET Power Management Mode -> 0x%02X\n", priv->power_mode);
7480 
7481       done:
7482 	mutex_unlock(&priv->action_mutex);
7483 	return err;
7484 
7485 }
7486 
7487 static int ipw2100_wx_get_power(struct net_device *dev,
7488 				struct iw_request_info *info,
7489 				union iwreq_data *wrqu, char *extra)
7490 {
7491 	/*
7492 	 * This can be called at any time.  No action lock required
7493 	 */
7494 
7495 	struct ipw2100_priv *priv = libipw_priv(dev);
7496 
7497 	if (!(priv->power_mode & IPW_POWER_ENABLED))
7498 		wrqu->power.disabled = 1;
7499 	else {
7500 		wrqu->power.disabled = 0;
7501 		wrqu->power.flags = 0;
7502 	}
7503 
7504 	IPW_DEBUG_WX("GET Power Management Mode -> %02X\n", priv->power_mode);
7505 
7506 	return 0;
7507 }
7508 
7509 /*
7510  * WE-18 WPA support
7511  */
7512 
7513 /* SIOCSIWGENIE */
7514 static int ipw2100_wx_set_genie(struct net_device *dev,
7515 				struct iw_request_info *info,
7516 				union iwreq_data *wrqu, char *extra)
7517 {
7518 
7519 	struct ipw2100_priv *priv = libipw_priv(dev);
7520 	struct libipw_device *ieee = priv->ieee;
7521 	u8 *buf;
7522 
7523 	if (!ieee->wpa_enabled)
7524 		return -EOPNOTSUPP;
7525 
7526 	if (wrqu->data.length > MAX_WPA_IE_LEN ||
7527 	    (wrqu->data.length && extra == NULL))
7528 		return -EINVAL;
7529 
7530 	if (wrqu->data.length) {
7531 		buf = kmemdup(extra, wrqu->data.length, GFP_KERNEL);
7532 		if (buf == NULL)
7533 			return -ENOMEM;
7534 
7535 		kfree(ieee->wpa_ie);
7536 		ieee->wpa_ie = buf;
7537 		ieee->wpa_ie_len = wrqu->data.length;
7538 	} else {
7539 		kfree(ieee->wpa_ie);
7540 		ieee->wpa_ie = NULL;
7541 		ieee->wpa_ie_len = 0;
7542 	}
7543 
7544 	ipw2100_wpa_assoc_frame(priv, ieee->wpa_ie, ieee->wpa_ie_len);
7545 
7546 	return 0;
7547 }
7548 
7549 /* SIOCGIWGENIE */
7550 static int ipw2100_wx_get_genie(struct net_device *dev,
7551 				struct iw_request_info *info,
7552 				union iwreq_data *wrqu, char *extra)
7553 {
7554 	struct ipw2100_priv *priv = libipw_priv(dev);
7555 	struct libipw_device *ieee = priv->ieee;
7556 
7557 	if (ieee->wpa_ie_len == 0 || ieee->wpa_ie == NULL) {
7558 		wrqu->data.length = 0;
7559 		return 0;
7560 	}
7561 
7562 	if (wrqu->data.length < ieee->wpa_ie_len)
7563 		return -E2BIG;
7564 
7565 	wrqu->data.length = ieee->wpa_ie_len;
7566 	memcpy(extra, ieee->wpa_ie, ieee->wpa_ie_len);
7567 
7568 	return 0;
7569 }
7570 
7571 /* SIOCSIWAUTH */
7572 static int ipw2100_wx_set_auth(struct net_device *dev,
7573 			       struct iw_request_info *info,
7574 			       union iwreq_data *wrqu, char *extra)
7575 {
7576 	struct ipw2100_priv *priv = libipw_priv(dev);
7577 	struct libipw_device *ieee = priv->ieee;
7578 	struct iw_param *param = &wrqu->param;
7579 	struct lib80211_crypt_data *crypt;
7580 	unsigned long flags;
7581 	int ret = 0;
7582 
7583 	switch (param->flags & IW_AUTH_INDEX) {
7584 	case IW_AUTH_WPA_VERSION:
7585 	case IW_AUTH_CIPHER_PAIRWISE:
7586 	case IW_AUTH_CIPHER_GROUP:
7587 	case IW_AUTH_KEY_MGMT:
7588 		/*
7589 		 * ipw2200 does not use these parameters
7590 		 */
7591 		break;
7592 
7593 	case IW_AUTH_TKIP_COUNTERMEASURES:
7594 		crypt = priv->ieee->crypt_info.crypt[priv->ieee->crypt_info.tx_keyidx];
7595 		if (!crypt || !crypt->ops->set_flags || !crypt->ops->get_flags)
7596 			break;
7597 
7598 		flags = crypt->ops->get_flags(crypt->priv);
7599 
7600 		if (param->value)
7601 			flags |= IEEE80211_CRYPTO_TKIP_COUNTERMEASURES;
7602 		else
7603 			flags &= ~IEEE80211_CRYPTO_TKIP_COUNTERMEASURES;
7604 
7605 		crypt->ops->set_flags(flags, crypt->priv);
7606 
7607 		break;
7608 
7609 	case IW_AUTH_DROP_UNENCRYPTED:{
7610 			/* HACK:
7611 			 *
7612 			 * wpa_supplicant calls set_wpa_enabled when the driver
7613 			 * is loaded and unloaded, regardless of if WPA is being
7614 			 * used.  No other calls are made which can be used to
7615 			 * determine if encryption will be used or not prior to
7616 			 * association being expected.  If encryption is not being
7617 			 * used, drop_unencrypted is set to false, else true -- we
7618 			 * can use this to determine if the CAP_PRIVACY_ON bit should
7619 			 * be set.
7620 			 */
7621 			struct libipw_security sec = {
7622 				.flags = SEC_ENABLED,
7623 				.enabled = param->value,
7624 			};
7625 			priv->ieee->drop_unencrypted = param->value;
7626 			/* We only change SEC_LEVEL for open mode. Others
7627 			 * are set by ipw_wpa_set_encryption.
7628 			 */
7629 			if (!param->value) {
7630 				sec.flags |= SEC_LEVEL;
7631 				sec.level = SEC_LEVEL_0;
7632 			} else {
7633 				sec.flags |= SEC_LEVEL;
7634 				sec.level = SEC_LEVEL_1;
7635 			}
7636 			if (priv->ieee->set_security)
7637 				priv->ieee->set_security(priv->ieee->dev, &sec);
7638 			break;
7639 		}
7640 
7641 	case IW_AUTH_80211_AUTH_ALG:
7642 		ret = ipw2100_wpa_set_auth_algs(priv, param->value);
7643 		break;
7644 
7645 	case IW_AUTH_WPA_ENABLED:
7646 		ret = ipw2100_wpa_enable(priv, param->value);
7647 		break;
7648 
7649 	case IW_AUTH_RX_UNENCRYPTED_EAPOL:
7650 		ieee->ieee802_1x = param->value;
7651 		break;
7652 
7653 		//case IW_AUTH_ROAMING_CONTROL:
7654 	case IW_AUTH_PRIVACY_INVOKED:
7655 		ieee->privacy_invoked = param->value;
7656 		break;
7657 
7658 	default:
7659 		return -EOPNOTSUPP;
7660 	}
7661 	return ret;
7662 }
7663 
7664 /* SIOCGIWAUTH */
7665 static int ipw2100_wx_get_auth(struct net_device *dev,
7666 			       struct iw_request_info *info,
7667 			       union iwreq_data *wrqu, char *extra)
7668 {
7669 	struct ipw2100_priv *priv = libipw_priv(dev);
7670 	struct libipw_device *ieee = priv->ieee;
7671 	struct lib80211_crypt_data *crypt;
7672 	struct iw_param *param = &wrqu->param;
7673 
7674 	switch (param->flags & IW_AUTH_INDEX) {
7675 	case IW_AUTH_WPA_VERSION:
7676 	case IW_AUTH_CIPHER_PAIRWISE:
7677 	case IW_AUTH_CIPHER_GROUP:
7678 	case IW_AUTH_KEY_MGMT:
7679 		/*
7680 		 * wpa_supplicant will control these internally
7681 		 */
7682 		break;
7683 
7684 	case IW_AUTH_TKIP_COUNTERMEASURES:
7685 		crypt = priv->ieee->crypt_info.crypt[priv->ieee->crypt_info.tx_keyidx];
7686 		if (!crypt || !crypt->ops->get_flags) {
7687 			IPW_DEBUG_WARNING("Can't get TKIP countermeasures: "
7688 					  "crypt not set!\n");
7689 			break;
7690 		}
7691 
7692 		param->value = (crypt->ops->get_flags(crypt->priv) &
7693 				IEEE80211_CRYPTO_TKIP_COUNTERMEASURES) ? 1 : 0;
7694 
7695 		break;
7696 
7697 	case IW_AUTH_DROP_UNENCRYPTED:
7698 		param->value = ieee->drop_unencrypted;
7699 		break;
7700 
7701 	case IW_AUTH_80211_AUTH_ALG:
7702 		param->value = priv->ieee->sec.auth_mode;
7703 		break;
7704 
7705 	case IW_AUTH_WPA_ENABLED:
7706 		param->value = ieee->wpa_enabled;
7707 		break;
7708 
7709 	case IW_AUTH_RX_UNENCRYPTED_EAPOL:
7710 		param->value = ieee->ieee802_1x;
7711 		break;
7712 
7713 	case IW_AUTH_ROAMING_CONTROL:
7714 	case IW_AUTH_PRIVACY_INVOKED:
7715 		param->value = ieee->privacy_invoked;
7716 		break;
7717 
7718 	default:
7719 		return -EOPNOTSUPP;
7720 	}
7721 	return 0;
7722 }
7723 
7724 /* SIOCSIWENCODEEXT */
7725 static int ipw2100_wx_set_encodeext(struct net_device *dev,
7726 				    struct iw_request_info *info,
7727 				    union iwreq_data *wrqu, char *extra)
7728 {
7729 	struct ipw2100_priv *priv = libipw_priv(dev);
7730 	return libipw_wx_set_encodeext(priv->ieee, info, wrqu, extra);
7731 }
7732 
7733 /* SIOCGIWENCODEEXT */
7734 static int ipw2100_wx_get_encodeext(struct net_device *dev,
7735 				    struct iw_request_info *info,
7736 				    union iwreq_data *wrqu, char *extra)
7737 {
7738 	struct ipw2100_priv *priv = libipw_priv(dev);
7739 	return libipw_wx_get_encodeext(priv->ieee, info, wrqu, extra);
7740 }
7741 
7742 /* SIOCSIWMLME */
7743 static int ipw2100_wx_set_mlme(struct net_device *dev,
7744 			       struct iw_request_info *info,
7745 			       union iwreq_data *wrqu, char *extra)
7746 {
7747 	struct ipw2100_priv *priv = libipw_priv(dev);
7748 	struct iw_mlme *mlme = (struct iw_mlme *)extra;
7749 
7750 	switch (mlme->cmd) {
7751 	case IW_MLME_DEAUTH:
7752 		// silently ignore
7753 		break;
7754 
7755 	case IW_MLME_DISASSOC:
7756 		ipw2100_disassociate_bssid(priv);
7757 		break;
7758 
7759 	default:
7760 		return -EOPNOTSUPP;
7761 	}
7762 	return 0;
7763 }
7764 
7765 /*
7766  *
7767  * IWPRIV handlers
7768  *
7769  */
7770 #ifdef CONFIG_IPW2100_MONITOR
7771 static int ipw2100_wx_set_promisc(struct net_device *dev,
7772 				  struct iw_request_info *info,
7773 				  union iwreq_data *wrqu, char *extra)
7774 {
7775 	struct ipw2100_priv *priv = libipw_priv(dev);
7776 	int *parms = (int *)extra;
7777 	int enable = (parms[0] > 0);
7778 	int err = 0;
7779 
7780 	mutex_lock(&priv->action_mutex);
7781 	if (!(priv->status & STATUS_INITIALIZED)) {
7782 		err = -EIO;
7783 		goto done;
7784 	}
7785 
7786 	if (enable) {
7787 		if (priv->ieee->iw_mode == IW_MODE_MONITOR) {
7788 			err = ipw2100_set_channel(priv, parms[1], 0);
7789 			goto done;
7790 		}
7791 		priv->channel = parms[1];
7792 		err = ipw2100_switch_mode(priv, IW_MODE_MONITOR);
7793 	} else {
7794 		if (priv->ieee->iw_mode == IW_MODE_MONITOR)
7795 			err = ipw2100_switch_mode(priv, priv->last_mode);
7796 	}
7797       done:
7798 	mutex_unlock(&priv->action_mutex);
7799 	return err;
7800 }
7801 
7802 static int ipw2100_wx_reset(struct net_device *dev,
7803 			    struct iw_request_info *info,
7804 			    union iwreq_data *wrqu, char *extra)
7805 {
7806 	struct ipw2100_priv *priv = libipw_priv(dev);
7807 	if (priv->status & STATUS_INITIALIZED)
7808 		schedule_reset(priv);
7809 	return 0;
7810 }
7811 
7812 #endif
7813 
7814 static int ipw2100_wx_set_powermode(struct net_device *dev,
7815 				    struct iw_request_info *info,
7816 				    union iwreq_data *wrqu, char *extra)
7817 {
7818 	struct ipw2100_priv *priv = libipw_priv(dev);
7819 	int err = 0, mode = *(int *)extra;
7820 
7821 	mutex_lock(&priv->action_mutex);
7822 	if (!(priv->status & STATUS_INITIALIZED)) {
7823 		err = -EIO;
7824 		goto done;
7825 	}
7826 
7827 	if ((mode < 0) || (mode > POWER_MODES))
7828 		mode = IPW_POWER_AUTO;
7829 
7830 	if (IPW_POWER_LEVEL(priv->power_mode) != mode)
7831 		err = ipw2100_set_power_mode(priv, mode);
7832       done:
7833 	mutex_unlock(&priv->action_mutex);
7834 	return err;
7835 }
7836 
7837 #define MAX_POWER_STRING 80
7838 static int ipw2100_wx_get_powermode(struct net_device *dev,
7839 				    struct iw_request_info *info,
7840 				    union iwreq_data *wrqu, char *extra)
7841 {
7842 	/*
7843 	 * This can be called at any time.  No action lock required
7844 	 */
7845 
7846 	struct ipw2100_priv *priv = libipw_priv(dev);
7847 	int level = IPW_POWER_LEVEL(priv->power_mode);
7848 	s32 timeout, period;
7849 
7850 	if (!(priv->power_mode & IPW_POWER_ENABLED)) {
7851 		snprintf(extra, MAX_POWER_STRING,
7852 			 "Power save level: %d (Off)", level);
7853 	} else {
7854 		switch (level) {
7855 		case IPW_POWER_MODE_CAM:
7856 			snprintf(extra, MAX_POWER_STRING,
7857 				 "Power save level: %d (None)", level);
7858 			break;
7859 		case IPW_POWER_AUTO:
7860 			snprintf(extra, MAX_POWER_STRING,
7861 				 "Power save level: %d (Auto)", level);
7862 			break;
7863 		default:
7864 			timeout = timeout_duration[level - 1] / 1000;
7865 			period = period_duration[level - 1] / 1000;
7866 			snprintf(extra, MAX_POWER_STRING,
7867 				 "Power save level: %d "
7868 				 "(Timeout %dms, Period %dms)",
7869 				 level, timeout, period);
7870 		}
7871 	}
7872 
7873 	wrqu->data.length = strlen(extra) + 1;
7874 
7875 	return 0;
7876 }
7877 
7878 static int ipw2100_wx_set_preamble(struct net_device *dev,
7879 				   struct iw_request_info *info,
7880 				   union iwreq_data *wrqu, char *extra)
7881 {
7882 	struct ipw2100_priv *priv = libipw_priv(dev);
7883 	int err, mode = *(int *)extra;
7884 
7885 	mutex_lock(&priv->action_mutex);
7886 	if (!(priv->status & STATUS_INITIALIZED)) {
7887 		err = -EIO;
7888 		goto done;
7889 	}
7890 
7891 	if (mode == 1)
7892 		priv->config |= CFG_LONG_PREAMBLE;
7893 	else if (mode == 0)
7894 		priv->config &= ~CFG_LONG_PREAMBLE;
7895 	else {
7896 		err = -EINVAL;
7897 		goto done;
7898 	}
7899 
7900 	err = ipw2100_system_config(priv, 0);
7901 
7902       done:
7903 	mutex_unlock(&priv->action_mutex);
7904 	return err;
7905 }
7906 
7907 static int ipw2100_wx_get_preamble(struct net_device *dev,
7908 				   struct iw_request_info *info,
7909 				   union iwreq_data *wrqu, char *extra)
7910 {
7911 	/*
7912 	 * This can be called at any time.  No action lock required
7913 	 */
7914 
7915 	struct ipw2100_priv *priv = libipw_priv(dev);
7916 
7917 	if (priv->config & CFG_LONG_PREAMBLE)
7918 		snprintf(wrqu->name, IFNAMSIZ, "long (1)");
7919 	else
7920 		snprintf(wrqu->name, IFNAMSIZ, "auto (0)");
7921 
7922 	return 0;
7923 }
7924 
7925 #ifdef CONFIG_IPW2100_MONITOR
7926 static int ipw2100_wx_set_crc_check(struct net_device *dev,
7927 				    struct iw_request_info *info,
7928 				    union iwreq_data *wrqu, char *extra)
7929 {
7930 	struct ipw2100_priv *priv = libipw_priv(dev);
7931 	int err, mode = *(int *)extra;
7932 
7933 	mutex_lock(&priv->action_mutex);
7934 	if (!(priv->status & STATUS_INITIALIZED)) {
7935 		err = -EIO;
7936 		goto done;
7937 	}
7938 
7939 	if (mode == 1)
7940 		priv->config |= CFG_CRC_CHECK;
7941 	else if (mode == 0)
7942 		priv->config &= ~CFG_CRC_CHECK;
7943 	else {
7944 		err = -EINVAL;
7945 		goto done;
7946 	}
7947 	err = 0;
7948 
7949       done:
7950 	mutex_unlock(&priv->action_mutex);
7951 	return err;
7952 }
7953 
7954 static int ipw2100_wx_get_crc_check(struct net_device *dev,
7955 				    struct iw_request_info *info,
7956 				    union iwreq_data *wrqu, char *extra)
7957 {
7958 	/*
7959 	 * This can be called at any time.  No action lock required
7960 	 */
7961 
7962 	struct ipw2100_priv *priv = libipw_priv(dev);
7963 
7964 	if (priv->config & CFG_CRC_CHECK)
7965 		snprintf(wrqu->name, IFNAMSIZ, "CRC checked (1)");
7966 	else
7967 		snprintf(wrqu->name, IFNAMSIZ, "CRC ignored (0)");
7968 
7969 	return 0;
7970 }
7971 #endif				/* CONFIG_IPW2100_MONITOR */
7972 
7973 static iw_handler ipw2100_wx_handlers[] = {
7974 	IW_HANDLER(SIOCGIWNAME, ipw2100_wx_get_name),
7975 	IW_HANDLER(SIOCSIWFREQ, ipw2100_wx_set_freq),
7976 	IW_HANDLER(SIOCGIWFREQ, ipw2100_wx_get_freq),
7977 	IW_HANDLER(SIOCSIWMODE, ipw2100_wx_set_mode),
7978 	IW_HANDLER(SIOCGIWMODE, ipw2100_wx_get_mode),
7979 	IW_HANDLER(SIOCGIWRANGE, ipw2100_wx_get_range),
7980 	IW_HANDLER(SIOCSIWAP, ipw2100_wx_set_wap),
7981 	IW_HANDLER(SIOCGIWAP, ipw2100_wx_get_wap),
7982 	IW_HANDLER(SIOCSIWMLME, ipw2100_wx_set_mlme),
7983 	IW_HANDLER(SIOCSIWSCAN, ipw2100_wx_set_scan),
7984 	IW_HANDLER(SIOCGIWSCAN, ipw2100_wx_get_scan),
7985 	IW_HANDLER(SIOCSIWESSID, ipw2100_wx_set_essid),
7986 	IW_HANDLER(SIOCGIWESSID, ipw2100_wx_get_essid),
7987 	IW_HANDLER(SIOCSIWNICKN, ipw2100_wx_set_nick),
7988 	IW_HANDLER(SIOCGIWNICKN, ipw2100_wx_get_nick),
7989 	IW_HANDLER(SIOCSIWRATE, ipw2100_wx_set_rate),
7990 	IW_HANDLER(SIOCGIWRATE, ipw2100_wx_get_rate),
7991 	IW_HANDLER(SIOCSIWRTS, ipw2100_wx_set_rts),
7992 	IW_HANDLER(SIOCGIWRTS, ipw2100_wx_get_rts),
7993 	IW_HANDLER(SIOCSIWFRAG, ipw2100_wx_set_frag),
7994 	IW_HANDLER(SIOCGIWFRAG, ipw2100_wx_get_frag),
7995 	IW_HANDLER(SIOCSIWTXPOW, ipw2100_wx_set_txpow),
7996 	IW_HANDLER(SIOCGIWTXPOW, ipw2100_wx_get_txpow),
7997 	IW_HANDLER(SIOCSIWRETRY, ipw2100_wx_set_retry),
7998 	IW_HANDLER(SIOCGIWRETRY, ipw2100_wx_get_retry),
7999 	IW_HANDLER(SIOCSIWENCODE, ipw2100_wx_set_encode),
8000 	IW_HANDLER(SIOCGIWENCODE, ipw2100_wx_get_encode),
8001 	IW_HANDLER(SIOCSIWPOWER, ipw2100_wx_set_power),
8002 	IW_HANDLER(SIOCGIWPOWER, ipw2100_wx_get_power),
8003 	IW_HANDLER(SIOCSIWGENIE, ipw2100_wx_set_genie),
8004 	IW_HANDLER(SIOCGIWGENIE, ipw2100_wx_get_genie),
8005 	IW_HANDLER(SIOCSIWAUTH, ipw2100_wx_set_auth),
8006 	IW_HANDLER(SIOCGIWAUTH, ipw2100_wx_get_auth),
8007 	IW_HANDLER(SIOCSIWENCODEEXT, ipw2100_wx_set_encodeext),
8008 	IW_HANDLER(SIOCGIWENCODEEXT, ipw2100_wx_get_encodeext),
8009 };
8010 
8011 #define IPW2100_PRIV_SET_MONITOR	SIOCIWFIRSTPRIV
8012 #define IPW2100_PRIV_RESET		SIOCIWFIRSTPRIV+1
8013 #define IPW2100_PRIV_SET_POWER		SIOCIWFIRSTPRIV+2
8014 #define IPW2100_PRIV_GET_POWER		SIOCIWFIRSTPRIV+3
8015 #define IPW2100_PRIV_SET_LONGPREAMBLE	SIOCIWFIRSTPRIV+4
8016 #define IPW2100_PRIV_GET_LONGPREAMBLE	SIOCIWFIRSTPRIV+5
8017 #define IPW2100_PRIV_SET_CRC_CHECK	SIOCIWFIRSTPRIV+6
8018 #define IPW2100_PRIV_GET_CRC_CHECK	SIOCIWFIRSTPRIV+7
8019 
8020 static const struct iw_priv_args ipw2100_private_args[] = {
8021 
8022 #ifdef CONFIG_IPW2100_MONITOR
8023 	{
8024 	 IPW2100_PRIV_SET_MONITOR,
8025 	 IW_PRIV_TYPE_INT | IW_PRIV_SIZE_FIXED | 2, 0, "monitor"},
8026 	{
8027 	 IPW2100_PRIV_RESET,
8028 	 IW_PRIV_TYPE_INT | IW_PRIV_SIZE_FIXED | 0, 0, "reset"},
8029 #endif				/* CONFIG_IPW2100_MONITOR */
8030 
8031 	{
8032 	 IPW2100_PRIV_SET_POWER,
8033 	 IW_PRIV_TYPE_INT | IW_PRIV_SIZE_FIXED | 1, 0, "set_power"},
8034 	{
8035 	 IPW2100_PRIV_GET_POWER,
8036 	 0, IW_PRIV_TYPE_CHAR | IW_PRIV_SIZE_FIXED | MAX_POWER_STRING,
8037 	 "get_power"},
8038 	{
8039 	 IPW2100_PRIV_SET_LONGPREAMBLE,
8040 	 IW_PRIV_TYPE_INT | IW_PRIV_SIZE_FIXED | 1, 0, "set_preamble"},
8041 	{
8042 	 IPW2100_PRIV_GET_LONGPREAMBLE,
8043 	 0, IW_PRIV_TYPE_CHAR | IW_PRIV_SIZE_FIXED | IFNAMSIZ, "get_preamble"},
8044 #ifdef CONFIG_IPW2100_MONITOR
8045 	{
8046 	 IPW2100_PRIV_SET_CRC_CHECK,
8047 	 IW_PRIV_TYPE_INT | IW_PRIV_SIZE_FIXED | 1, 0, "set_crc_check"},
8048 	{
8049 	 IPW2100_PRIV_GET_CRC_CHECK,
8050 	 0, IW_PRIV_TYPE_CHAR | IW_PRIV_SIZE_FIXED | IFNAMSIZ, "get_crc_check"},
8051 #endif				/* CONFIG_IPW2100_MONITOR */
8052 };
8053 
8054 static iw_handler ipw2100_private_handler[] = {
8055 #ifdef CONFIG_IPW2100_MONITOR
8056 	ipw2100_wx_set_promisc,
8057 	ipw2100_wx_reset,
8058 #else				/* CONFIG_IPW2100_MONITOR */
8059 	NULL,
8060 	NULL,
8061 #endif				/* CONFIG_IPW2100_MONITOR */
8062 	ipw2100_wx_set_powermode,
8063 	ipw2100_wx_get_powermode,
8064 	ipw2100_wx_set_preamble,
8065 	ipw2100_wx_get_preamble,
8066 #ifdef CONFIG_IPW2100_MONITOR
8067 	ipw2100_wx_set_crc_check,
8068 	ipw2100_wx_get_crc_check,
8069 #else				/* CONFIG_IPW2100_MONITOR */
8070 	NULL,
8071 	NULL,
8072 #endif				/* CONFIG_IPW2100_MONITOR */
8073 };
8074 
8075 /*
8076  * Get wireless statistics.
8077  * Called by /proc/net/wireless
8078  * Also called by SIOCGIWSTATS
8079  */
8080 static struct iw_statistics *ipw2100_wx_wireless_stats(struct net_device *dev)
8081 {
8082 	enum {
8083 		POOR = 30,
8084 		FAIR = 60,
8085 		GOOD = 80,
8086 		VERY_GOOD = 90,
8087 		EXCELLENT = 95,
8088 		PERFECT = 100
8089 	};
8090 	int rssi_qual;
8091 	int tx_qual;
8092 	int beacon_qual;
8093 	int quality;
8094 
8095 	struct ipw2100_priv *priv = libipw_priv(dev);
8096 	struct iw_statistics *wstats;
8097 	u32 rssi, tx_retries, missed_beacons, tx_failures;
8098 	u32 ord_len = sizeof(u32);
8099 
8100 	if (!priv)
8101 		return (struct iw_statistics *)NULL;
8102 
8103 	wstats = &priv->wstats;
8104 
8105 	/* if hw is disabled, then ipw2100_get_ordinal() can't be called.
8106 	 * ipw2100_wx_wireless_stats seems to be called before fw is
8107 	 * initialized.  STATUS_ASSOCIATED will only be set if the hw is up
8108 	 * and associated; if not associcated, the values are all meaningless
8109 	 * anyway, so set them all to NULL and INVALID */
8110 	if (!(priv->status & STATUS_ASSOCIATED)) {
8111 		wstats->miss.beacon = 0;
8112 		wstats->discard.retries = 0;
8113 		wstats->qual.qual = 0;
8114 		wstats->qual.level = 0;
8115 		wstats->qual.noise = 0;
8116 		wstats->qual.updated = 7;
8117 		wstats->qual.updated |= IW_QUAL_NOISE_INVALID |
8118 		    IW_QUAL_QUAL_INVALID | IW_QUAL_LEVEL_INVALID;
8119 		return wstats;
8120 	}
8121 
8122 	if (ipw2100_get_ordinal(priv, IPW_ORD_STAT_PERCENT_MISSED_BCNS,
8123 				&missed_beacons, &ord_len))
8124 		goto fail_get_ordinal;
8125 
8126 	/* If we don't have a connection the quality and level is 0 */
8127 	if (!(priv->status & STATUS_ASSOCIATED)) {
8128 		wstats->qual.qual = 0;
8129 		wstats->qual.level = 0;
8130 	} else {
8131 		if (ipw2100_get_ordinal(priv, IPW_ORD_RSSI_AVG_CURR,
8132 					&rssi, &ord_len))
8133 			goto fail_get_ordinal;
8134 		wstats->qual.level = rssi + IPW2100_RSSI_TO_DBM;
8135 		if (rssi < 10)
8136 			rssi_qual = rssi * POOR / 10;
8137 		else if (rssi < 15)
8138 			rssi_qual = (rssi - 10) * (FAIR - POOR) / 5 + POOR;
8139 		else if (rssi < 20)
8140 			rssi_qual = (rssi - 15) * (GOOD - FAIR) / 5 + FAIR;
8141 		else if (rssi < 30)
8142 			rssi_qual = (rssi - 20) * (VERY_GOOD - GOOD) /
8143 			    10 + GOOD;
8144 		else
8145 			rssi_qual = (rssi - 30) * (PERFECT - VERY_GOOD) /
8146 			    10 + VERY_GOOD;
8147 
8148 		if (ipw2100_get_ordinal(priv, IPW_ORD_STAT_PERCENT_RETRIES,
8149 					&tx_retries, &ord_len))
8150 			goto fail_get_ordinal;
8151 
8152 		if (tx_retries > 75)
8153 			tx_qual = (90 - tx_retries) * POOR / 15;
8154 		else if (tx_retries > 70)
8155 			tx_qual = (75 - tx_retries) * (FAIR - POOR) / 5 + POOR;
8156 		else if (tx_retries > 65)
8157 			tx_qual = (70 - tx_retries) * (GOOD - FAIR) / 5 + FAIR;
8158 		else if (tx_retries > 50)
8159 			tx_qual = (65 - tx_retries) * (VERY_GOOD - GOOD) /
8160 			    15 + GOOD;
8161 		else
8162 			tx_qual = (50 - tx_retries) *
8163 			    (PERFECT - VERY_GOOD) / 50 + VERY_GOOD;
8164 
8165 		if (missed_beacons > 50)
8166 			beacon_qual = (60 - missed_beacons) * POOR / 10;
8167 		else if (missed_beacons > 40)
8168 			beacon_qual = (50 - missed_beacons) * (FAIR - POOR) /
8169 			    10 + POOR;
8170 		else if (missed_beacons > 32)
8171 			beacon_qual = (40 - missed_beacons) * (GOOD - FAIR) /
8172 			    18 + FAIR;
8173 		else if (missed_beacons > 20)
8174 			beacon_qual = (32 - missed_beacons) *
8175 			    (VERY_GOOD - GOOD) / 20 + GOOD;
8176 		else
8177 			beacon_qual = (20 - missed_beacons) *
8178 			    (PERFECT - VERY_GOOD) / 20 + VERY_GOOD;
8179 
8180 		quality = min(tx_qual, rssi_qual);
8181 		quality = min(beacon_qual, quality);
8182 
8183 #ifdef CONFIG_IPW2100_DEBUG
8184 		if (beacon_qual == quality)
8185 			IPW_DEBUG_WX("Quality clamped by Missed Beacons\n");
8186 		else if (tx_qual == quality)
8187 			IPW_DEBUG_WX("Quality clamped by Tx Retries\n");
8188 		else if (quality != 100)
8189 			IPW_DEBUG_WX("Quality clamped by Signal Strength\n");
8190 		else
8191 			IPW_DEBUG_WX("Quality not clamped.\n");
8192 #endif
8193 
8194 		wstats->qual.qual = quality;
8195 		wstats->qual.level = rssi + IPW2100_RSSI_TO_DBM;
8196 	}
8197 
8198 	wstats->qual.noise = 0;
8199 	wstats->qual.updated = 7;
8200 	wstats->qual.updated |= IW_QUAL_NOISE_INVALID;
8201 
8202 	/* FIXME: this is percent and not a # */
8203 	wstats->miss.beacon = missed_beacons;
8204 
8205 	if (ipw2100_get_ordinal(priv, IPW_ORD_STAT_TX_FAILURES,
8206 				&tx_failures, &ord_len))
8207 		goto fail_get_ordinal;
8208 	wstats->discard.retries = tx_failures;
8209 
8210 	return wstats;
8211 
8212       fail_get_ordinal:
8213 	IPW_DEBUG_WX("failed querying ordinals.\n");
8214 
8215 	return (struct iw_statistics *)NULL;
8216 }
8217 
8218 static const struct iw_handler_def ipw2100_wx_handler_def = {
8219 	.standard = ipw2100_wx_handlers,
8220 	.num_standard = ARRAY_SIZE(ipw2100_wx_handlers),
8221 	.num_private = ARRAY_SIZE(ipw2100_private_handler),
8222 	.num_private_args = ARRAY_SIZE(ipw2100_private_args),
8223 	.private = (iw_handler *) ipw2100_private_handler,
8224 	.private_args = (struct iw_priv_args *)ipw2100_private_args,
8225 	.get_wireless_stats = ipw2100_wx_wireless_stats,
8226 };
8227 
8228 static void ipw2100_wx_event_work(struct work_struct *work)
8229 {
8230 	struct ipw2100_priv *priv =
8231 		container_of(work, struct ipw2100_priv, wx_event_work.work);
8232 	union iwreq_data wrqu;
8233 	unsigned int len = ETH_ALEN;
8234 
8235 	if (priv->status & STATUS_STOPPING)
8236 		return;
8237 
8238 	mutex_lock(&priv->action_mutex);
8239 
8240 	IPW_DEBUG_WX("enter\n");
8241 
8242 	mutex_unlock(&priv->action_mutex);
8243 
8244 	wrqu.ap_addr.sa_family = ARPHRD_ETHER;
8245 
8246 	/* Fetch BSSID from the hardware */
8247 	if (!(priv->status & (STATUS_ASSOCIATING | STATUS_ASSOCIATED)) ||
8248 	    priv->status & STATUS_RF_KILL_MASK ||
8249 	    ipw2100_get_ordinal(priv, IPW_ORD_STAT_ASSN_AP_BSSID,
8250 				&priv->bssid, &len)) {
8251 		eth_zero_addr(wrqu.ap_addr.sa_data);
8252 	} else {
8253 		/* We now have the BSSID, so can finish setting to the full
8254 		 * associated state */
8255 		memcpy(wrqu.ap_addr.sa_data, priv->bssid, ETH_ALEN);
8256 		memcpy(priv->ieee->bssid, priv->bssid, ETH_ALEN);
8257 		priv->status &= ~STATUS_ASSOCIATING;
8258 		priv->status |= STATUS_ASSOCIATED;
8259 		netif_carrier_on(priv->net_dev);
8260 		netif_wake_queue(priv->net_dev);
8261 	}
8262 
8263 	if (!(priv->status & STATUS_ASSOCIATED)) {
8264 		IPW_DEBUG_WX("Configuring ESSID\n");
8265 		mutex_lock(&priv->action_mutex);
8266 		/* This is a disassociation event, so kick the firmware to
8267 		 * look for another AP */
8268 		if (priv->config & CFG_STATIC_ESSID)
8269 			ipw2100_set_essid(priv, priv->essid, priv->essid_len,
8270 					  0);
8271 		else
8272 			ipw2100_set_essid(priv, NULL, 0, 0);
8273 		mutex_unlock(&priv->action_mutex);
8274 	}
8275 
8276 	wireless_send_event(priv->net_dev, SIOCGIWAP, &wrqu, NULL);
8277 }
8278 
8279 #define IPW2100_FW_MAJOR_VERSION 1
8280 #define IPW2100_FW_MINOR_VERSION 3
8281 
8282 #define IPW2100_FW_MINOR(x) ((x & 0xff) >> 8)
8283 #define IPW2100_FW_MAJOR(x) (x & 0xff)
8284 
8285 #define IPW2100_FW_VERSION ((IPW2100_FW_MINOR_VERSION << 8) | \
8286                              IPW2100_FW_MAJOR_VERSION)
8287 
8288 #define IPW2100_FW_PREFIX "ipw2100-" __stringify(IPW2100_FW_MAJOR_VERSION) \
8289 "." __stringify(IPW2100_FW_MINOR_VERSION)
8290 
8291 #define IPW2100_FW_NAME(x) IPW2100_FW_PREFIX "" x ".fw"
8292 
8293 /*
8294 
8295 BINARY FIRMWARE HEADER FORMAT
8296 
8297 offset      length   desc
8298 0           2        version
8299 2           2        mode == 0:BSS,1:IBSS,2:MONITOR
8300 4           4        fw_len
8301 8           4        uc_len
8302 C           fw_len   firmware data
8303 12 + fw_len uc_len   microcode data
8304 
8305 */
8306 
8307 struct ipw2100_fw_header {
8308 	short version;
8309 	short mode;
8310 	unsigned int fw_size;
8311 	unsigned int uc_size;
8312 } __packed;
8313 
8314 static int ipw2100_mod_firmware_load(struct ipw2100_fw *fw)
8315 {
8316 	struct ipw2100_fw_header *h =
8317 	    (struct ipw2100_fw_header *)fw->fw_entry->data;
8318 
8319 	if (IPW2100_FW_MAJOR(h->version) != IPW2100_FW_MAJOR_VERSION) {
8320 		printk(KERN_WARNING DRV_NAME ": Firmware image not compatible "
8321 		       "(detected version id of %u). "
8322 		       "See Documentation/networking/device_drivers/wifi/intel/ipw2100.rst\n",
8323 		       h->version);
8324 		return 1;
8325 	}
8326 
8327 	fw->version = h->version;
8328 	fw->fw.data = fw->fw_entry->data + sizeof(struct ipw2100_fw_header);
8329 	fw->fw.size = h->fw_size;
8330 	fw->uc.data = fw->fw.data + h->fw_size;
8331 	fw->uc.size = h->uc_size;
8332 
8333 	return 0;
8334 }
8335 
8336 static int ipw2100_get_firmware(struct ipw2100_priv *priv,
8337 				struct ipw2100_fw *fw)
8338 {
8339 	char *fw_name;
8340 	int rc;
8341 
8342 	IPW_DEBUG_INFO("%s: Using hotplug firmware load.\n",
8343 		       priv->net_dev->name);
8344 
8345 	switch (priv->ieee->iw_mode) {
8346 	case IW_MODE_ADHOC:
8347 		fw_name = IPW2100_FW_NAME("-i");
8348 		break;
8349 #ifdef CONFIG_IPW2100_MONITOR
8350 	case IW_MODE_MONITOR:
8351 		fw_name = IPW2100_FW_NAME("-p");
8352 		break;
8353 #endif
8354 	case IW_MODE_INFRA:
8355 	default:
8356 		fw_name = IPW2100_FW_NAME("");
8357 		break;
8358 	}
8359 
8360 	rc = request_firmware(&fw->fw_entry, fw_name, &priv->pci_dev->dev);
8361 
8362 	if (rc < 0) {
8363 		printk(KERN_ERR DRV_NAME ": "
8364 		       "%s: Firmware '%s' not available or load failed.\n",
8365 		       priv->net_dev->name, fw_name);
8366 		return rc;
8367 	}
8368 	IPW_DEBUG_INFO("firmware data %p size %zd\n", fw->fw_entry->data,
8369 		       fw->fw_entry->size);
8370 
8371 	ipw2100_mod_firmware_load(fw);
8372 
8373 	return 0;
8374 }
8375 
8376 MODULE_FIRMWARE(IPW2100_FW_NAME("-i"));
8377 #ifdef CONFIG_IPW2100_MONITOR
8378 MODULE_FIRMWARE(IPW2100_FW_NAME("-p"));
8379 #endif
8380 MODULE_FIRMWARE(IPW2100_FW_NAME(""));
8381 
8382 static void ipw2100_release_firmware(struct ipw2100_priv *priv,
8383 				     struct ipw2100_fw *fw)
8384 {
8385 	fw->version = 0;
8386 	release_firmware(fw->fw_entry);
8387 	fw->fw_entry = NULL;
8388 }
8389 
8390 static int ipw2100_get_fwversion(struct ipw2100_priv *priv, char *buf,
8391 				 size_t max)
8392 {
8393 	char ver[MAX_FW_VERSION_LEN];
8394 	u32 len = MAX_FW_VERSION_LEN;
8395 	u32 tmp;
8396 	int i;
8397 	/* firmware version is an ascii string (max len of 14) */
8398 	if (ipw2100_get_ordinal(priv, IPW_ORD_STAT_FW_VER_NUM, ver, &len))
8399 		return -EIO;
8400 	tmp = max;
8401 	if (len >= max)
8402 		len = max - 1;
8403 	for (i = 0; i < len; i++)
8404 		buf[i] = ver[i];
8405 	buf[i] = '\0';
8406 	return tmp;
8407 }
8408 
8409 static int ipw2100_get_ucodeversion(struct ipw2100_priv *priv, char *buf,
8410 				    size_t max)
8411 {
8412 	u32 ver;
8413 	u32 len = sizeof(ver);
8414 	/* microcode version is a 32 bit integer */
8415 	if (ipw2100_get_ordinal(priv, IPW_ORD_UCODE_VERSION, &ver, &len))
8416 		return -EIO;
8417 	return snprintf(buf, max, "%08X", ver);
8418 }
8419 
8420 /*
8421  * On exit, the firmware will have been freed from the fw list
8422  */
8423 static int ipw2100_fw_download(struct ipw2100_priv *priv, struct ipw2100_fw *fw)
8424 {
8425 	/* firmware is constructed of N contiguous entries, each entry is
8426 	 * structured as:
8427 	 *
8428 	 * offset    sie         desc
8429 	 * 0         4           address to write to
8430 	 * 4         2           length of data run
8431 	 * 6         length      data
8432 	 */
8433 	unsigned int addr;
8434 	unsigned short len;
8435 
8436 	const unsigned char *firmware_data = fw->fw.data;
8437 	unsigned int firmware_data_left = fw->fw.size;
8438 
8439 	while (firmware_data_left > 0) {
8440 		addr = *(u32 *) (firmware_data);
8441 		firmware_data += 4;
8442 		firmware_data_left -= 4;
8443 
8444 		len = *(u16 *) (firmware_data);
8445 		firmware_data += 2;
8446 		firmware_data_left -= 2;
8447 
8448 		if (len > 32) {
8449 			printk(KERN_ERR DRV_NAME ": "
8450 			       "Invalid firmware run-length of %d bytes\n",
8451 			       len);
8452 			return -EINVAL;
8453 		}
8454 
8455 		write_nic_memory(priv->net_dev, addr, len, firmware_data);
8456 		firmware_data += len;
8457 		firmware_data_left -= len;
8458 	}
8459 
8460 	return 0;
8461 }
8462 
8463 struct symbol_alive_response {
8464 	u8 cmd_id;
8465 	u8 seq_num;
8466 	u8 ucode_rev;
8467 	u8 eeprom_valid;
8468 	u16 valid_flags;
8469 	u8 IEEE_addr[6];
8470 	u16 flags;
8471 	u16 pcb_rev;
8472 	u16 clock_settle_time;	// 1us LSB
8473 	u16 powerup_settle_time;	// 1us LSB
8474 	u16 hop_settle_time;	// 1us LSB
8475 	u8 date[3];		// month, day, year
8476 	u8 time[2];		// hours, minutes
8477 	u8 ucode_valid;
8478 };
8479 
8480 static int ipw2100_ucode_download(struct ipw2100_priv *priv,
8481 				  struct ipw2100_fw *fw)
8482 {
8483 	struct net_device *dev = priv->net_dev;
8484 	const unsigned char *microcode_data = fw->uc.data;
8485 	unsigned int microcode_data_left = fw->uc.size;
8486 	void __iomem *reg = priv->ioaddr;
8487 
8488 	struct symbol_alive_response response;
8489 	int i, j;
8490 	u8 data;
8491 
8492 	/* Symbol control */
8493 	write_nic_word(dev, IPW2100_CONTROL_REG, 0x703);
8494 	readl(reg);
8495 	write_nic_word(dev, IPW2100_CONTROL_REG, 0x707);
8496 	readl(reg);
8497 
8498 	/* HW config */
8499 	write_nic_byte(dev, 0x210014, 0x72);	/* fifo width =16 */
8500 	readl(reg);
8501 	write_nic_byte(dev, 0x210014, 0x72);	/* fifo width =16 */
8502 	readl(reg);
8503 
8504 	/* EN_CS_ACCESS bit to reset control store pointer */
8505 	write_nic_byte(dev, 0x210000, 0x40);
8506 	readl(reg);
8507 	write_nic_byte(dev, 0x210000, 0x0);
8508 	readl(reg);
8509 	write_nic_byte(dev, 0x210000, 0x40);
8510 	readl(reg);
8511 
8512 	/* copy microcode from buffer into Symbol */
8513 
8514 	while (microcode_data_left > 0) {
8515 		write_nic_byte(dev, 0x210010, *microcode_data++);
8516 		write_nic_byte(dev, 0x210010, *microcode_data++);
8517 		microcode_data_left -= 2;
8518 	}
8519 
8520 	/* EN_CS_ACCESS bit to reset the control store pointer */
8521 	write_nic_byte(dev, 0x210000, 0x0);
8522 	readl(reg);
8523 
8524 	/* Enable System (Reg 0)
8525 	 * first enable causes garbage in RX FIFO */
8526 	write_nic_byte(dev, 0x210000, 0x0);
8527 	readl(reg);
8528 	write_nic_byte(dev, 0x210000, 0x80);
8529 	readl(reg);
8530 
8531 	/* Reset External Baseband Reg */
8532 	write_nic_word(dev, IPW2100_CONTROL_REG, 0x703);
8533 	readl(reg);
8534 	write_nic_word(dev, IPW2100_CONTROL_REG, 0x707);
8535 	readl(reg);
8536 
8537 	/* HW Config (Reg 5) */
8538 	write_nic_byte(dev, 0x210014, 0x72);	// fifo width =16
8539 	readl(reg);
8540 	write_nic_byte(dev, 0x210014, 0x72);	// fifo width =16
8541 	readl(reg);
8542 
8543 	/* Enable System (Reg 0)
8544 	 * second enable should be OK */
8545 	write_nic_byte(dev, 0x210000, 0x00);	// clear enable system
8546 	readl(reg);
8547 	write_nic_byte(dev, 0x210000, 0x80);	// set enable system
8548 
8549 	/* check Symbol is enabled - upped this from 5 as it wasn't always
8550 	 * catching the update */
8551 	for (i = 0; i < 10; i++) {
8552 		udelay(10);
8553 
8554 		/* check Dino is enabled bit */
8555 		read_nic_byte(dev, 0x210000, &data);
8556 		if (data & 0x1)
8557 			break;
8558 	}
8559 
8560 	if (i == 10) {
8561 		printk(KERN_ERR DRV_NAME ": %s: Error initializing Symbol\n",
8562 		       dev->name);
8563 		return -EIO;
8564 	}
8565 
8566 	/* Get Symbol alive response */
8567 	for (i = 0; i < 30; i++) {
8568 		/* Read alive response structure */
8569 		for (j = 0;
8570 		     j < (sizeof(struct symbol_alive_response) >> 1); j++)
8571 			read_nic_word(dev, 0x210004, ((u16 *) & response) + j);
8572 
8573 		if ((response.cmd_id == 1) && (response.ucode_valid == 0x1))
8574 			break;
8575 		udelay(10);
8576 	}
8577 
8578 	if (i == 30) {
8579 		printk(KERN_ERR DRV_NAME
8580 		       ": %s: No response from Symbol - hw not alive\n",
8581 		       dev->name);
8582 		printk_buf(IPW_DL_ERROR, (u8 *) & response, sizeof(response));
8583 		return -EIO;
8584 	}
8585 
8586 	return 0;
8587 }
8588