1 // SPDX-License-Identifier: GPL-2.0-only
2 /******************************************************************************
3 
4   Copyright(c) 2003 - 2006 Intel Corporation. All rights reserved.
5 
6 
7   Contact Information:
8   Intel Linux Wireless <ilw@linux.intel.com>
9   Intel Corporation, 5200 N.E. Elam Young Parkway, Hillsboro, OR 97124-6497
10 
11   Portions of this file are based on the sample_* files provided by Wireless
12   Extensions 0.26 package and copyright (c) 1997-2003 Jean Tourrilhes
13   <jt@hpl.hp.com>
14 
15   Portions of this file are based on the Host AP project,
16   Copyright (c) 2001-2002, SSH Communications Security Corp and Jouni Malinen
17     <j@w1.fi>
18   Copyright (c) 2002-2003, Jouni Malinen <j@w1.fi>
19 
20   Portions of ipw2100_mod_firmware_load, ipw2100_do_mod_firmware_load, and
21   ipw2100_fw_load are loosely based on drivers/sound/sound_firmware.c
22   available in the 2.4.25 kernel sources, and are copyright (c) Alan Cox
23 
24 ******************************************************************************/
25 /*
26 
27  Initial driver on which this is based was developed by Janusz Gorycki,
28  Maciej Urbaniak, and Maciej Sosnowski.
29 
30  Promiscuous mode support added by Jacek Wysoczynski and Maciej Urbaniak.
31 
32 Theory of Operation
33 
34 Tx - Commands and Data
35 
36 Firmware and host share a circular queue of Transmit Buffer Descriptors (TBDs)
37 Each TBD contains a pointer to the physical (dma_addr_t) address of data being
38 sent to the firmware as well as the length of the data.
39 
40 The host writes to the TBD queue at the WRITE index.  The WRITE index points
41 to the _next_ packet to be written and is advanced when after the TBD has been
42 filled.
43 
44 The firmware pulls from the TBD queue at the READ index.  The READ index points
45 to the currently being read entry, and is advanced once the firmware is
46 done with a packet.
47 
48 When data is sent to the firmware, the first TBD is used to indicate to the
49 firmware if a Command or Data is being sent.  If it is Command, all of the
50 command information is contained within the physical address referred to by the
51 TBD.  If it is Data, the first TBD indicates the type of data packet, number
52 of fragments, etc.  The next TBD then refers to the actual packet location.
53 
54 The Tx flow cycle is as follows:
55 
56 1) ipw2100_tx() is called by kernel with SKB to transmit
57 2) Packet is move from the tx_free_list and appended to the transmit pending
58    list (tx_pend_list)
59 3) work is scheduled to move pending packets into the shared circular queue.
60 4) when placing packet in the circular queue, the incoming SKB is DMA mapped
61    to a physical address.  That address is entered into a TBD.  Two TBDs are
62    filled out.  The first indicating a data packet, the second referring to the
63    actual payload data.
64 5) the packet is removed from tx_pend_list and placed on the end of the
65    firmware pending list (fw_pend_list)
66 6) firmware is notified that the WRITE index has
67 7) Once the firmware has processed the TBD, INTA is triggered.
68 8) For each Tx interrupt received from the firmware, the READ index is checked
69    to see which TBDs are done being processed.
70 9) For each TBD that has been processed, the ISR pulls the oldest packet
71    from the fw_pend_list.
72 10)The packet structure contained in the fw_pend_list is then used
73    to unmap the DMA address and to free the SKB originally passed to the driver
74    from the kernel.
75 11)The packet structure is placed onto the tx_free_list
76 
77 The above steps are the same for commands, only the msg_free_list/msg_pend_list
78 are used instead of tx_free_list/tx_pend_list
79 
80 ...
81 
82 Critical Sections / Locking :
83 
84 There are two locks utilized.  The first is the low level lock (priv->low_lock)
85 that protects the following:
86 
87 - Access to the Tx/Rx queue lists via priv->low_lock. The lists are as follows:
88 
89   tx_free_list : Holds pre-allocated Tx buffers.
90     TAIL modified in __ipw2100_tx_process()
91     HEAD modified in ipw2100_tx()
92 
93   tx_pend_list : Holds used Tx buffers waiting to go into the TBD ring
94     TAIL modified ipw2100_tx()
95     HEAD modified by ipw2100_tx_send_data()
96 
97   msg_free_list : Holds pre-allocated Msg (Command) buffers
98     TAIL modified in __ipw2100_tx_process()
99     HEAD modified in ipw2100_hw_send_command()
100 
101   msg_pend_list : Holds used Msg buffers waiting to go into the TBD ring
102     TAIL modified in ipw2100_hw_send_command()
103     HEAD modified in ipw2100_tx_send_commands()
104 
105   The flow of data on the TX side is as follows:
106 
107   MSG_FREE_LIST + COMMAND => MSG_PEND_LIST => TBD => MSG_FREE_LIST
108   TX_FREE_LIST + DATA => TX_PEND_LIST => TBD => TX_FREE_LIST
109 
110   The methods that work on the TBD ring are protected via priv->low_lock.
111 
112 - The internal data state of the device itself
113 - Access to the firmware read/write indexes for the BD queues
114   and associated logic
115 
116 All external entry functions are locked with the priv->action_lock to ensure
117 that only one external action is invoked at a time.
118 
119 
120 */
121 
122 #include <linux/compiler.h>
123 #include <linux/errno.h>
124 #include <linux/if_arp.h>
125 #include <linux/in6.h>
126 #include <linux/in.h>
127 #include <linux/ip.h>
128 #include <linux/kernel.h>
129 #include <linux/kmod.h>
130 #include <linux/module.h>
131 #include <linux/netdevice.h>
132 #include <linux/ethtool.h>
133 #include <linux/pci.h>
134 #include <linux/dma-mapping.h>
135 #include <linux/proc_fs.h>
136 #include <linux/skbuff.h>
137 #include <linux/uaccess.h>
138 #include <asm/io.h>
139 #include <linux/fs.h>
140 #include <linux/mm.h>
141 #include <linux/slab.h>
142 #include <linux/unistd.h>
143 #include <linux/stringify.h>
144 #include <linux/tcp.h>
145 #include <linux/types.h>
146 #include <linux/time.h>
147 #include <linux/firmware.h>
148 #include <linux/acpi.h>
149 #include <linux/ctype.h>
150 #include <linux/pm_qos.h>
151 
152 #include <net/lib80211.h>
153 
154 #include "ipw2100.h"
155 #include "ipw.h"
156 
157 #define IPW2100_VERSION "git-1.2.2"
158 
159 #define DRV_NAME	"ipw2100"
160 #define DRV_VERSION	IPW2100_VERSION
161 #define DRV_DESCRIPTION	"Intel(R) PRO/Wireless 2100 Network Driver"
162 #define DRV_COPYRIGHT	"Copyright(c) 2003-2006 Intel Corporation"
163 
164 static struct pm_qos_request ipw2100_pm_qos_req;
165 
166 /* Debugging stuff */
167 #ifdef CONFIG_IPW2100_DEBUG
168 #define IPW2100_RX_DEBUG	/* Reception debugging */
169 #endif
170 
171 MODULE_DESCRIPTION(DRV_DESCRIPTION);
172 MODULE_VERSION(DRV_VERSION);
173 MODULE_AUTHOR(DRV_COPYRIGHT);
174 MODULE_LICENSE("GPL");
175 
176 static int debug = 0;
177 static int network_mode = 0;
178 static int channel = 0;
179 static int associate = 0;
180 static int disable = 0;
181 #ifdef CONFIG_PM
182 static struct ipw2100_fw ipw2100_firmware;
183 #endif
184 
185 #include <linux/moduleparam.h>
186 module_param(debug, int, 0444);
187 module_param_named(mode, network_mode, int, 0444);
188 module_param(channel, int, 0444);
189 module_param(associate, int, 0444);
190 module_param(disable, int, 0444);
191 
192 MODULE_PARM_DESC(debug, "debug level");
193 MODULE_PARM_DESC(mode, "network mode (0=BSS,1=IBSS,2=Monitor)");
194 MODULE_PARM_DESC(channel, "channel");
195 MODULE_PARM_DESC(associate, "auto associate when scanning (default off)");
196 MODULE_PARM_DESC(disable, "manually disable the radio (default 0 [radio on])");
197 
198 static u32 ipw2100_debug_level = IPW_DL_NONE;
199 
200 #ifdef CONFIG_IPW2100_DEBUG
201 #define IPW_DEBUG(level, message...) \
202 do { \
203 	if (ipw2100_debug_level & (level)) { \
204 		printk(KERN_DEBUG "ipw2100: %c %s ", \
205                        in_interrupt() ? 'I' : 'U',  __func__); \
206 		printk(message); \
207 	} \
208 } while (0)
209 #else
210 #define IPW_DEBUG(level, message...) do {} while (0)
211 #endif				/* CONFIG_IPW2100_DEBUG */
212 
213 #ifdef CONFIG_IPW2100_DEBUG
214 static const char *command_types[] = {
215 	"undefined",
216 	"unused",		/* HOST_ATTENTION */
217 	"HOST_COMPLETE",
218 	"unused",		/* SLEEP */
219 	"unused",		/* HOST_POWER_DOWN */
220 	"unused",
221 	"SYSTEM_CONFIG",
222 	"unused",		/* SET_IMR */
223 	"SSID",
224 	"MANDATORY_BSSID",
225 	"AUTHENTICATION_TYPE",
226 	"ADAPTER_ADDRESS",
227 	"PORT_TYPE",
228 	"INTERNATIONAL_MODE",
229 	"CHANNEL",
230 	"RTS_THRESHOLD",
231 	"FRAG_THRESHOLD",
232 	"POWER_MODE",
233 	"TX_RATES",
234 	"BASIC_TX_RATES",
235 	"WEP_KEY_INFO",
236 	"unused",
237 	"unused",
238 	"unused",
239 	"unused",
240 	"WEP_KEY_INDEX",
241 	"WEP_FLAGS",
242 	"ADD_MULTICAST",
243 	"CLEAR_ALL_MULTICAST",
244 	"BEACON_INTERVAL",
245 	"ATIM_WINDOW",
246 	"CLEAR_STATISTICS",
247 	"undefined",
248 	"undefined",
249 	"undefined",
250 	"undefined",
251 	"TX_POWER_INDEX",
252 	"undefined",
253 	"undefined",
254 	"undefined",
255 	"undefined",
256 	"undefined",
257 	"undefined",
258 	"BROADCAST_SCAN",
259 	"CARD_DISABLE",
260 	"PREFERRED_BSSID",
261 	"SET_SCAN_OPTIONS",
262 	"SCAN_DWELL_TIME",
263 	"SWEEP_TABLE",
264 	"AP_OR_STATION_TABLE",
265 	"GROUP_ORDINALS",
266 	"SHORT_RETRY_LIMIT",
267 	"LONG_RETRY_LIMIT",
268 	"unused",		/* SAVE_CALIBRATION */
269 	"unused",		/* RESTORE_CALIBRATION */
270 	"undefined",
271 	"undefined",
272 	"undefined",
273 	"HOST_PRE_POWER_DOWN",
274 	"unused",		/* HOST_INTERRUPT_COALESCING */
275 	"undefined",
276 	"CARD_DISABLE_PHY_OFF",
277 	"MSDU_TX_RATES",
278 	"undefined",
279 	"SET_STATION_STAT_BITS",
280 	"CLEAR_STATIONS_STAT_BITS",
281 	"LEAP_ROGUE_MODE",
282 	"SET_SECURITY_INFORMATION",
283 	"DISASSOCIATION_BSSID",
284 	"SET_WPA_ASS_IE"
285 };
286 #endif
287 
288 static const long ipw2100_frequencies[] = {
289 	2412, 2417, 2422, 2427,
290 	2432, 2437, 2442, 2447,
291 	2452, 2457, 2462, 2467,
292 	2472, 2484
293 };
294 
295 #define FREQ_COUNT	ARRAY_SIZE(ipw2100_frequencies)
296 
297 static struct ieee80211_rate ipw2100_bg_rates[] = {
298 	{ .bitrate = 10 },
299 	{ .bitrate = 20, .flags = IEEE80211_RATE_SHORT_PREAMBLE },
300 	{ .bitrate = 55, .flags = IEEE80211_RATE_SHORT_PREAMBLE },
301 	{ .bitrate = 110, .flags = IEEE80211_RATE_SHORT_PREAMBLE },
302 };
303 
304 #define RATE_COUNT ARRAY_SIZE(ipw2100_bg_rates)
305 
306 /* Pre-decl until we get the code solid and then we can clean it up */
307 static void ipw2100_tx_send_commands(struct ipw2100_priv *priv);
308 static void ipw2100_tx_send_data(struct ipw2100_priv *priv);
309 static int ipw2100_adapter_setup(struct ipw2100_priv *priv);
310 
311 static void ipw2100_queues_initialize(struct ipw2100_priv *priv);
312 static void ipw2100_queues_free(struct ipw2100_priv *priv);
313 static int ipw2100_queues_allocate(struct ipw2100_priv *priv);
314 
315 static int ipw2100_fw_download(struct ipw2100_priv *priv,
316 			       struct ipw2100_fw *fw);
317 static int ipw2100_get_firmware(struct ipw2100_priv *priv,
318 				struct ipw2100_fw *fw);
319 static int ipw2100_get_fwversion(struct ipw2100_priv *priv, char *buf,
320 				 size_t max);
321 static int ipw2100_get_ucodeversion(struct ipw2100_priv *priv, char *buf,
322 				    size_t max);
323 static void ipw2100_release_firmware(struct ipw2100_priv *priv,
324 				     struct ipw2100_fw *fw);
325 static int ipw2100_ucode_download(struct ipw2100_priv *priv,
326 				  struct ipw2100_fw *fw);
327 static void ipw2100_wx_event_work(struct work_struct *work);
328 static struct iw_statistics *ipw2100_wx_wireless_stats(struct net_device *dev);
329 static const struct iw_handler_def ipw2100_wx_handler_def;
330 
331 static inline void read_register(struct net_device *dev, u32 reg, u32 * val)
332 {
333 	struct ipw2100_priv *priv = libipw_priv(dev);
334 
335 	*val = ioread32(priv->ioaddr + reg);
336 	IPW_DEBUG_IO("r: 0x%08X => 0x%08X\n", reg, *val);
337 }
338 
339 static inline void write_register(struct net_device *dev, u32 reg, u32 val)
340 {
341 	struct ipw2100_priv *priv = libipw_priv(dev);
342 
343 	iowrite32(val, priv->ioaddr + reg);
344 	IPW_DEBUG_IO("w: 0x%08X <= 0x%08X\n", reg, val);
345 }
346 
347 static inline void read_register_word(struct net_device *dev, u32 reg,
348 				      u16 * val)
349 {
350 	struct ipw2100_priv *priv = libipw_priv(dev);
351 
352 	*val = ioread16(priv->ioaddr + reg);
353 	IPW_DEBUG_IO("r: 0x%08X => %04X\n", reg, *val);
354 }
355 
356 static inline void read_register_byte(struct net_device *dev, u32 reg, u8 * val)
357 {
358 	struct ipw2100_priv *priv = libipw_priv(dev);
359 
360 	*val = ioread8(priv->ioaddr + reg);
361 	IPW_DEBUG_IO("r: 0x%08X => %02X\n", reg, *val);
362 }
363 
364 static inline void write_register_word(struct net_device *dev, u32 reg, u16 val)
365 {
366 	struct ipw2100_priv *priv = libipw_priv(dev);
367 
368 	iowrite16(val, priv->ioaddr + reg);
369 	IPW_DEBUG_IO("w: 0x%08X <= %04X\n", reg, val);
370 }
371 
372 static inline void write_register_byte(struct net_device *dev, u32 reg, u8 val)
373 {
374 	struct ipw2100_priv *priv = libipw_priv(dev);
375 
376 	iowrite8(val, priv->ioaddr + reg);
377 	IPW_DEBUG_IO("w: 0x%08X =< %02X\n", reg, val);
378 }
379 
380 static inline void read_nic_dword(struct net_device *dev, u32 addr, u32 * val)
381 {
382 	write_register(dev, IPW_REG_INDIRECT_ACCESS_ADDRESS,
383 		       addr & IPW_REG_INDIRECT_ADDR_MASK);
384 	read_register(dev, IPW_REG_INDIRECT_ACCESS_DATA, val);
385 }
386 
387 static inline void write_nic_dword(struct net_device *dev, u32 addr, u32 val)
388 {
389 	write_register(dev, IPW_REG_INDIRECT_ACCESS_ADDRESS,
390 		       addr & IPW_REG_INDIRECT_ADDR_MASK);
391 	write_register(dev, IPW_REG_INDIRECT_ACCESS_DATA, val);
392 }
393 
394 static inline void read_nic_word(struct net_device *dev, u32 addr, u16 * val)
395 {
396 	write_register(dev, IPW_REG_INDIRECT_ACCESS_ADDRESS,
397 		       addr & IPW_REG_INDIRECT_ADDR_MASK);
398 	read_register_word(dev, IPW_REG_INDIRECT_ACCESS_DATA, val);
399 }
400 
401 static inline void write_nic_word(struct net_device *dev, u32 addr, u16 val)
402 {
403 	write_register(dev, IPW_REG_INDIRECT_ACCESS_ADDRESS,
404 		       addr & IPW_REG_INDIRECT_ADDR_MASK);
405 	write_register_word(dev, IPW_REG_INDIRECT_ACCESS_DATA, val);
406 }
407 
408 static inline void read_nic_byte(struct net_device *dev, u32 addr, u8 * val)
409 {
410 	write_register(dev, IPW_REG_INDIRECT_ACCESS_ADDRESS,
411 		       addr & IPW_REG_INDIRECT_ADDR_MASK);
412 	read_register_byte(dev, IPW_REG_INDIRECT_ACCESS_DATA, val);
413 }
414 
415 static inline void write_nic_byte(struct net_device *dev, u32 addr, u8 val)
416 {
417 	write_register(dev, IPW_REG_INDIRECT_ACCESS_ADDRESS,
418 		       addr & IPW_REG_INDIRECT_ADDR_MASK);
419 	write_register_byte(dev, IPW_REG_INDIRECT_ACCESS_DATA, val);
420 }
421 
422 static inline void write_nic_auto_inc_address(struct net_device *dev, u32 addr)
423 {
424 	write_register(dev, IPW_REG_AUTOINCREMENT_ADDRESS,
425 		       addr & IPW_REG_INDIRECT_ADDR_MASK);
426 }
427 
428 static inline void write_nic_dword_auto_inc(struct net_device *dev, u32 val)
429 {
430 	write_register(dev, IPW_REG_AUTOINCREMENT_DATA, val);
431 }
432 
433 static void write_nic_memory(struct net_device *dev, u32 addr, u32 len,
434 				    const u8 * buf)
435 {
436 	u32 aligned_addr;
437 	u32 aligned_len;
438 	u32 dif_len;
439 	u32 i;
440 
441 	/* read first nibble byte by byte */
442 	aligned_addr = addr & (~0x3);
443 	dif_len = addr - aligned_addr;
444 	if (dif_len) {
445 		/* Start reading at aligned_addr + dif_len */
446 		write_register(dev, IPW_REG_INDIRECT_ACCESS_ADDRESS,
447 			       aligned_addr);
448 		for (i = dif_len; i < 4; i++, buf++)
449 			write_register_byte(dev,
450 					    IPW_REG_INDIRECT_ACCESS_DATA + i,
451 					    *buf);
452 
453 		len -= dif_len;
454 		aligned_addr += 4;
455 	}
456 
457 	/* read DWs through autoincrement registers */
458 	write_register(dev, IPW_REG_AUTOINCREMENT_ADDRESS, aligned_addr);
459 	aligned_len = len & (~0x3);
460 	for (i = 0; i < aligned_len; i += 4, buf += 4, aligned_addr += 4)
461 		write_register(dev, IPW_REG_AUTOINCREMENT_DATA, *(u32 *) buf);
462 
463 	/* copy the last nibble */
464 	dif_len = len - aligned_len;
465 	write_register(dev, IPW_REG_INDIRECT_ACCESS_ADDRESS, aligned_addr);
466 	for (i = 0; i < dif_len; i++, buf++)
467 		write_register_byte(dev, IPW_REG_INDIRECT_ACCESS_DATA + i,
468 				    *buf);
469 }
470 
471 static void read_nic_memory(struct net_device *dev, u32 addr, u32 len,
472 				   u8 * buf)
473 {
474 	u32 aligned_addr;
475 	u32 aligned_len;
476 	u32 dif_len;
477 	u32 i;
478 
479 	/* read first nibble byte by byte */
480 	aligned_addr = addr & (~0x3);
481 	dif_len = addr - aligned_addr;
482 	if (dif_len) {
483 		/* Start reading at aligned_addr + dif_len */
484 		write_register(dev, IPW_REG_INDIRECT_ACCESS_ADDRESS,
485 			       aligned_addr);
486 		for (i = dif_len; i < 4; i++, buf++)
487 			read_register_byte(dev,
488 					   IPW_REG_INDIRECT_ACCESS_DATA + i,
489 					   buf);
490 
491 		len -= dif_len;
492 		aligned_addr += 4;
493 	}
494 
495 	/* read DWs through autoincrement registers */
496 	write_register(dev, IPW_REG_AUTOINCREMENT_ADDRESS, aligned_addr);
497 	aligned_len = len & (~0x3);
498 	for (i = 0; i < aligned_len; i += 4, buf += 4, aligned_addr += 4)
499 		read_register(dev, IPW_REG_AUTOINCREMENT_DATA, (u32 *) buf);
500 
501 	/* copy the last nibble */
502 	dif_len = len - aligned_len;
503 	write_register(dev, IPW_REG_INDIRECT_ACCESS_ADDRESS, aligned_addr);
504 	for (i = 0; i < dif_len; i++, buf++)
505 		read_register_byte(dev, IPW_REG_INDIRECT_ACCESS_DATA + i, buf);
506 }
507 
508 static bool ipw2100_hw_is_adapter_in_system(struct net_device *dev)
509 {
510 	u32 dbg;
511 
512 	read_register(dev, IPW_REG_DOA_DEBUG_AREA_START, &dbg);
513 
514 	return dbg == IPW_DATA_DOA_DEBUG_VALUE;
515 }
516 
517 static int ipw2100_get_ordinal(struct ipw2100_priv *priv, u32 ord,
518 			       void *val, u32 * len)
519 {
520 	struct ipw2100_ordinals *ordinals = &priv->ordinals;
521 	u32 addr;
522 	u32 field_info;
523 	u16 field_len;
524 	u16 field_count;
525 	u32 total_length;
526 
527 	if (ordinals->table1_addr == 0) {
528 		printk(KERN_WARNING DRV_NAME ": attempt to use fw ordinals "
529 		       "before they have been loaded.\n");
530 		return -EINVAL;
531 	}
532 
533 	if (IS_ORDINAL_TABLE_ONE(ordinals, ord)) {
534 		if (*len < IPW_ORD_TAB_1_ENTRY_SIZE) {
535 			*len = IPW_ORD_TAB_1_ENTRY_SIZE;
536 
537 			printk(KERN_WARNING DRV_NAME
538 			       ": ordinal buffer length too small, need %zd\n",
539 			       IPW_ORD_TAB_1_ENTRY_SIZE);
540 
541 			return -EINVAL;
542 		}
543 
544 		read_nic_dword(priv->net_dev,
545 			       ordinals->table1_addr + (ord << 2), &addr);
546 		read_nic_dword(priv->net_dev, addr, val);
547 
548 		*len = IPW_ORD_TAB_1_ENTRY_SIZE;
549 
550 		return 0;
551 	}
552 
553 	if (IS_ORDINAL_TABLE_TWO(ordinals, ord)) {
554 
555 		ord -= IPW_START_ORD_TAB_2;
556 
557 		/* get the address of statistic */
558 		read_nic_dword(priv->net_dev,
559 			       ordinals->table2_addr + (ord << 3), &addr);
560 
561 		/* get the second DW of statistics ;
562 		 * two 16-bit words - first is length, second is count */
563 		read_nic_dword(priv->net_dev,
564 			       ordinals->table2_addr + (ord << 3) + sizeof(u32),
565 			       &field_info);
566 
567 		/* get each entry length */
568 		field_len = *((u16 *) & field_info);
569 
570 		/* get number of entries */
571 		field_count = *(((u16 *) & field_info) + 1);
572 
573 		/* abort if no enough memory */
574 		total_length = field_len * field_count;
575 		if (total_length > *len) {
576 			*len = total_length;
577 			return -EINVAL;
578 		}
579 
580 		*len = total_length;
581 		if (!total_length)
582 			return 0;
583 
584 		/* read the ordinal data from the SRAM */
585 		read_nic_memory(priv->net_dev, addr, total_length, val);
586 
587 		return 0;
588 	}
589 
590 	printk(KERN_WARNING DRV_NAME ": ordinal %d neither in table 1 nor "
591 	       "in table 2\n", ord);
592 
593 	return -EINVAL;
594 }
595 
596 static int ipw2100_set_ordinal(struct ipw2100_priv *priv, u32 ord, u32 * val,
597 			       u32 * len)
598 {
599 	struct ipw2100_ordinals *ordinals = &priv->ordinals;
600 	u32 addr;
601 
602 	if (IS_ORDINAL_TABLE_ONE(ordinals, ord)) {
603 		if (*len != IPW_ORD_TAB_1_ENTRY_SIZE) {
604 			*len = IPW_ORD_TAB_1_ENTRY_SIZE;
605 			IPW_DEBUG_INFO("wrong size\n");
606 			return -EINVAL;
607 		}
608 
609 		read_nic_dword(priv->net_dev,
610 			       ordinals->table1_addr + (ord << 2), &addr);
611 
612 		write_nic_dword(priv->net_dev, addr, *val);
613 
614 		*len = IPW_ORD_TAB_1_ENTRY_SIZE;
615 
616 		return 0;
617 	}
618 
619 	IPW_DEBUG_INFO("wrong table\n");
620 	if (IS_ORDINAL_TABLE_TWO(ordinals, ord))
621 		return -EINVAL;
622 
623 	return -EINVAL;
624 }
625 
626 static char *snprint_line(char *buf, size_t count,
627 			  const u8 * data, u32 len, u32 ofs)
628 {
629 	int out, i, j, l;
630 	char c;
631 
632 	out = scnprintf(buf, count, "%08X", ofs);
633 
634 	for (l = 0, i = 0; i < 2; i++) {
635 		out += scnprintf(buf + out, count - out, " ");
636 		for (j = 0; j < 8 && l < len; j++, l++)
637 			out += scnprintf(buf + out, count - out, "%02X ",
638 					data[(i * 8 + j)]);
639 		for (; j < 8; j++)
640 			out += scnprintf(buf + out, count - out, "   ");
641 	}
642 
643 	out += scnprintf(buf + out, count - out, " ");
644 	for (l = 0, i = 0; i < 2; i++) {
645 		out += scnprintf(buf + out, count - out, " ");
646 		for (j = 0; j < 8 && l < len; j++, l++) {
647 			c = data[(i * 8 + j)];
648 			if (!isascii(c) || !isprint(c))
649 				c = '.';
650 
651 			out += scnprintf(buf + out, count - out, "%c", c);
652 		}
653 
654 		for (; j < 8; j++)
655 			out += scnprintf(buf + out, count - out, " ");
656 	}
657 
658 	return buf;
659 }
660 
661 static void printk_buf(int level, const u8 * data, u32 len)
662 {
663 	char line[81];
664 	u32 ofs = 0;
665 	if (!(ipw2100_debug_level & level))
666 		return;
667 
668 	while (len) {
669 		printk(KERN_DEBUG "%s\n",
670 		       snprint_line(line, sizeof(line), &data[ofs],
671 				    min(len, 16U), ofs));
672 		ofs += 16;
673 		len -= min(len, 16U);
674 	}
675 }
676 
677 #define MAX_RESET_BACKOFF 10
678 
679 static void schedule_reset(struct ipw2100_priv *priv)
680 {
681 	time64_t now = ktime_get_boottime_seconds();
682 
683 	/* If we haven't received a reset request within the backoff period,
684 	 * then we can reset the backoff interval so this reset occurs
685 	 * immediately */
686 	if (priv->reset_backoff &&
687 	    (now - priv->last_reset > priv->reset_backoff))
688 		priv->reset_backoff = 0;
689 
690 	priv->last_reset = now;
691 
692 	if (!(priv->status & STATUS_RESET_PENDING)) {
693 		IPW_DEBUG_INFO("%s: Scheduling firmware restart (%llds).\n",
694 			       priv->net_dev->name, priv->reset_backoff);
695 		netif_carrier_off(priv->net_dev);
696 		netif_stop_queue(priv->net_dev);
697 		priv->status |= STATUS_RESET_PENDING;
698 		if (priv->reset_backoff)
699 			schedule_delayed_work(&priv->reset_work,
700 					      priv->reset_backoff * HZ);
701 		else
702 			schedule_delayed_work(&priv->reset_work, 0);
703 
704 		if (priv->reset_backoff < MAX_RESET_BACKOFF)
705 			priv->reset_backoff++;
706 
707 		wake_up_interruptible(&priv->wait_command_queue);
708 	} else
709 		IPW_DEBUG_INFO("%s: Firmware restart already in progress.\n",
710 			       priv->net_dev->name);
711 
712 }
713 
714 #define HOST_COMPLETE_TIMEOUT (2 * HZ)
715 static int ipw2100_hw_send_command(struct ipw2100_priv *priv,
716 				   struct host_command *cmd)
717 {
718 	struct list_head *element;
719 	struct ipw2100_tx_packet *packet;
720 	unsigned long flags;
721 	int err = 0;
722 
723 	IPW_DEBUG_HC("Sending %s command (#%d), %d bytes\n",
724 		     command_types[cmd->host_command], cmd->host_command,
725 		     cmd->host_command_length);
726 	printk_buf(IPW_DL_HC, (u8 *) cmd->host_command_parameters,
727 		   cmd->host_command_length);
728 
729 	spin_lock_irqsave(&priv->low_lock, flags);
730 
731 	if (priv->fatal_error) {
732 		IPW_DEBUG_INFO
733 		    ("Attempt to send command while hardware in fatal error condition.\n");
734 		err = -EIO;
735 		goto fail_unlock;
736 	}
737 
738 	if (!(priv->status & STATUS_RUNNING)) {
739 		IPW_DEBUG_INFO
740 		    ("Attempt to send command while hardware is not running.\n");
741 		err = -EIO;
742 		goto fail_unlock;
743 	}
744 
745 	if (priv->status & STATUS_CMD_ACTIVE) {
746 		IPW_DEBUG_INFO
747 		    ("Attempt to send command while another command is pending.\n");
748 		err = -EBUSY;
749 		goto fail_unlock;
750 	}
751 
752 	if (list_empty(&priv->msg_free_list)) {
753 		IPW_DEBUG_INFO("no available msg buffers\n");
754 		goto fail_unlock;
755 	}
756 
757 	priv->status |= STATUS_CMD_ACTIVE;
758 	priv->messages_sent++;
759 
760 	element = priv->msg_free_list.next;
761 
762 	packet = list_entry(element, struct ipw2100_tx_packet, list);
763 	packet->jiffy_start = jiffies;
764 
765 	/* initialize the firmware command packet */
766 	packet->info.c_struct.cmd->host_command_reg = cmd->host_command;
767 	packet->info.c_struct.cmd->host_command_reg1 = cmd->host_command1;
768 	packet->info.c_struct.cmd->host_command_len_reg =
769 	    cmd->host_command_length;
770 	packet->info.c_struct.cmd->sequence = cmd->host_command_sequence;
771 
772 	memcpy(packet->info.c_struct.cmd->host_command_params_reg,
773 	       cmd->host_command_parameters,
774 	       sizeof(packet->info.c_struct.cmd->host_command_params_reg));
775 
776 	list_del(element);
777 	DEC_STAT(&priv->msg_free_stat);
778 
779 	list_add_tail(element, &priv->msg_pend_list);
780 	INC_STAT(&priv->msg_pend_stat);
781 
782 	ipw2100_tx_send_commands(priv);
783 	ipw2100_tx_send_data(priv);
784 
785 	spin_unlock_irqrestore(&priv->low_lock, flags);
786 
787 	/*
788 	 * We must wait for this command to complete before another
789 	 * command can be sent...  but if we wait more than 3 seconds
790 	 * then there is a problem.
791 	 */
792 
793 	err =
794 	    wait_event_interruptible_timeout(priv->wait_command_queue,
795 					     !(priv->
796 					       status & STATUS_CMD_ACTIVE),
797 					     HOST_COMPLETE_TIMEOUT);
798 
799 	if (err == 0) {
800 		IPW_DEBUG_INFO("Command completion failed out after %dms.\n",
801 			       1000 * (HOST_COMPLETE_TIMEOUT / HZ));
802 		priv->fatal_error = IPW2100_ERR_MSG_TIMEOUT;
803 		priv->status &= ~STATUS_CMD_ACTIVE;
804 		schedule_reset(priv);
805 		return -EIO;
806 	}
807 
808 	if (priv->fatal_error) {
809 		printk(KERN_WARNING DRV_NAME ": %s: firmware fatal error\n",
810 		       priv->net_dev->name);
811 		return -EIO;
812 	}
813 
814 	/* !!!!! HACK TEST !!!!!
815 	 * When lots of debug trace statements are enabled, the driver
816 	 * doesn't seem to have as many firmware restart cycles...
817 	 *
818 	 * As a test, we're sticking in a 1/100s delay here */
819 	schedule_timeout_uninterruptible(msecs_to_jiffies(10));
820 
821 	return 0;
822 
823       fail_unlock:
824 	spin_unlock_irqrestore(&priv->low_lock, flags);
825 
826 	return err;
827 }
828 
829 /*
830  * Verify the values and data access of the hardware
831  * No locks needed or used.  No functions called.
832  */
833 static int ipw2100_verify(struct ipw2100_priv *priv)
834 {
835 	u32 data1, data2;
836 	u32 address;
837 
838 	u32 val1 = 0x76543210;
839 	u32 val2 = 0xFEDCBA98;
840 
841 	/* Domain 0 check - all values should be DOA_DEBUG */
842 	for (address = IPW_REG_DOA_DEBUG_AREA_START;
843 	     address < IPW_REG_DOA_DEBUG_AREA_END; address += sizeof(u32)) {
844 		read_register(priv->net_dev, address, &data1);
845 		if (data1 != IPW_DATA_DOA_DEBUG_VALUE)
846 			return -EIO;
847 	}
848 
849 	/* Domain 1 check - use arbitrary read/write compare  */
850 	for (address = 0; address < 5; address++) {
851 		/* The memory area is not used now */
852 		write_register(priv->net_dev, IPW_REG_DOMAIN_1_OFFSET + 0x32,
853 			       val1);
854 		write_register(priv->net_dev, IPW_REG_DOMAIN_1_OFFSET + 0x36,
855 			       val2);
856 		read_register(priv->net_dev, IPW_REG_DOMAIN_1_OFFSET + 0x32,
857 			      &data1);
858 		read_register(priv->net_dev, IPW_REG_DOMAIN_1_OFFSET + 0x36,
859 			      &data2);
860 		if (val1 == data1 && val2 == data2)
861 			return 0;
862 	}
863 
864 	return -EIO;
865 }
866 
867 /*
868  *
869  * Loop until the CARD_DISABLED bit is the same value as the
870  * supplied parameter
871  *
872  * TODO: See if it would be more efficient to do a wait/wake
873  *       cycle and have the completion event trigger the wakeup
874  *
875  */
876 #define IPW_CARD_DISABLE_COMPLETE_WAIT		    100	// 100 milli
877 static int ipw2100_wait_for_card_state(struct ipw2100_priv *priv, int state)
878 {
879 	int i;
880 	u32 card_state;
881 	u32 len = sizeof(card_state);
882 	int err;
883 
884 	for (i = 0; i <= IPW_CARD_DISABLE_COMPLETE_WAIT * 1000; i += 50) {
885 		err = ipw2100_get_ordinal(priv, IPW_ORD_CARD_DISABLED,
886 					  &card_state, &len);
887 		if (err) {
888 			IPW_DEBUG_INFO("Query of CARD_DISABLED ordinal "
889 				       "failed.\n");
890 			return 0;
891 		}
892 
893 		/* We'll break out if either the HW state says it is
894 		 * in the state we want, or if HOST_COMPLETE command
895 		 * finishes */
896 		if ((card_state == state) ||
897 		    ((priv->status & STATUS_ENABLED) ?
898 		     IPW_HW_STATE_ENABLED : IPW_HW_STATE_DISABLED) == state) {
899 			if (state == IPW_HW_STATE_ENABLED)
900 				priv->status |= STATUS_ENABLED;
901 			else
902 				priv->status &= ~STATUS_ENABLED;
903 
904 			return 0;
905 		}
906 
907 		udelay(50);
908 	}
909 
910 	IPW_DEBUG_INFO("ipw2100_wait_for_card_state to %s state timed out\n",
911 		       state ? "DISABLED" : "ENABLED");
912 	return -EIO;
913 }
914 
915 /*********************************************************************
916     Procedure   :   sw_reset_and_clock
917     Purpose     :   Asserts s/w reset, asserts clock initialization
918                     and waits for clock stabilization
919  ********************************************************************/
920 static int sw_reset_and_clock(struct ipw2100_priv *priv)
921 {
922 	int i;
923 	u32 r;
924 
925 	// assert s/w reset
926 	write_register(priv->net_dev, IPW_REG_RESET_REG,
927 		       IPW_AUX_HOST_RESET_REG_SW_RESET);
928 
929 	// wait for clock stabilization
930 	for (i = 0; i < 1000; i++) {
931 		udelay(IPW_WAIT_RESET_ARC_COMPLETE_DELAY);
932 
933 		// check clock ready bit
934 		read_register(priv->net_dev, IPW_REG_RESET_REG, &r);
935 		if (r & IPW_AUX_HOST_RESET_REG_PRINCETON_RESET)
936 			break;
937 	}
938 
939 	if (i == 1000)
940 		return -EIO;	// TODO: better error value
941 
942 	/* set "initialization complete" bit to move adapter to
943 	 * D0 state */
944 	write_register(priv->net_dev, IPW_REG_GP_CNTRL,
945 		       IPW_AUX_HOST_GP_CNTRL_BIT_INIT_DONE);
946 
947 	/* wait for clock stabilization */
948 	for (i = 0; i < 10000; i++) {
949 		udelay(IPW_WAIT_CLOCK_STABILIZATION_DELAY * 4);
950 
951 		/* check clock ready bit */
952 		read_register(priv->net_dev, IPW_REG_GP_CNTRL, &r);
953 		if (r & IPW_AUX_HOST_GP_CNTRL_BIT_CLOCK_READY)
954 			break;
955 	}
956 
957 	if (i == 10000)
958 		return -EIO;	/* TODO: better error value */
959 
960 	/* set D0 standby bit */
961 	read_register(priv->net_dev, IPW_REG_GP_CNTRL, &r);
962 	write_register(priv->net_dev, IPW_REG_GP_CNTRL,
963 		       r | IPW_AUX_HOST_GP_CNTRL_BIT_HOST_ALLOWS_STANDBY);
964 
965 	return 0;
966 }
967 
968 /*********************************************************************
969     Procedure   :   ipw2100_download_firmware
970     Purpose     :   Initiaze adapter after power on.
971                     The sequence is:
972                     1. assert s/w reset first!
973                     2. awake clocks & wait for clock stabilization
974                     3. hold ARC (don't ask me why...)
975                     4. load Dino ucode and reset/clock init again
976                     5. zero-out shared mem
977                     6. download f/w
978  *******************************************************************/
979 static int ipw2100_download_firmware(struct ipw2100_priv *priv)
980 {
981 	u32 address;
982 	int err;
983 
984 #ifndef CONFIG_PM
985 	/* Fetch the firmware and microcode */
986 	struct ipw2100_fw ipw2100_firmware;
987 #endif
988 
989 	if (priv->fatal_error) {
990 		IPW_DEBUG_ERROR("%s: ipw2100_download_firmware called after "
991 				"fatal error %d.  Interface must be brought down.\n",
992 				priv->net_dev->name, priv->fatal_error);
993 		return -EINVAL;
994 	}
995 #ifdef CONFIG_PM
996 	if (!ipw2100_firmware.version) {
997 		err = ipw2100_get_firmware(priv, &ipw2100_firmware);
998 		if (err) {
999 			IPW_DEBUG_ERROR("%s: ipw2100_get_firmware failed: %d\n",
1000 					priv->net_dev->name, err);
1001 			priv->fatal_error = IPW2100_ERR_FW_LOAD;
1002 			goto fail;
1003 		}
1004 	}
1005 #else
1006 	err = ipw2100_get_firmware(priv, &ipw2100_firmware);
1007 	if (err) {
1008 		IPW_DEBUG_ERROR("%s: ipw2100_get_firmware failed: %d\n",
1009 				priv->net_dev->name, err);
1010 		priv->fatal_error = IPW2100_ERR_FW_LOAD;
1011 		goto fail;
1012 	}
1013 #endif
1014 	priv->firmware_version = ipw2100_firmware.version;
1015 
1016 	/* s/w reset and clock stabilization */
1017 	err = sw_reset_and_clock(priv);
1018 	if (err) {
1019 		IPW_DEBUG_ERROR("%s: sw_reset_and_clock failed: %d\n",
1020 				priv->net_dev->name, err);
1021 		goto fail;
1022 	}
1023 
1024 	err = ipw2100_verify(priv);
1025 	if (err) {
1026 		IPW_DEBUG_ERROR("%s: ipw2100_verify failed: %d\n",
1027 				priv->net_dev->name, err);
1028 		goto fail;
1029 	}
1030 
1031 	/* Hold ARC */
1032 	write_nic_dword(priv->net_dev,
1033 			IPW_INTERNAL_REGISTER_HALT_AND_RESET, 0x80000000);
1034 
1035 	/* allow ARC to run */
1036 	write_register(priv->net_dev, IPW_REG_RESET_REG, 0);
1037 
1038 	/* load microcode */
1039 	err = ipw2100_ucode_download(priv, &ipw2100_firmware);
1040 	if (err) {
1041 		printk(KERN_ERR DRV_NAME ": %s: Error loading microcode: %d\n",
1042 		       priv->net_dev->name, err);
1043 		goto fail;
1044 	}
1045 
1046 	/* release ARC */
1047 	write_nic_dword(priv->net_dev,
1048 			IPW_INTERNAL_REGISTER_HALT_AND_RESET, 0x00000000);
1049 
1050 	/* s/w reset and clock stabilization (again!!!) */
1051 	err = sw_reset_and_clock(priv);
1052 	if (err) {
1053 		printk(KERN_ERR DRV_NAME
1054 		       ": %s: sw_reset_and_clock failed: %d\n",
1055 		       priv->net_dev->name, err);
1056 		goto fail;
1057 	}
1058 
1059 	/* load f/w */
1060 	err = ipw2100_fw_download(priv, &ipw2100_firmware);
1061 	if (err) {
1062 		IPW_DEBUG_ERROR("%s: Error loading firmware: %d\n",
1063 				priv->net_dev->name, err);
1064 		goto fail;
1065 	}
1066 #ifndef CONFIG_PM
1067 	/*
1068 	 * When the .resume method of the driver is called, the other
1069 	 * part of the system, i.e. the ide driver could still stay in
1070 	 * the suspend stage. This prevents us from loading the firmware
1071 	 * from the disk.  --YZ
1072 	 */
1073 
1074 	/* free any storage allocated for firmware image */
1075 	ipw2100_release_firmware(priv, &ipw2100_firmware);
1076 #endif
1077 
1078 	/* zero out Domain 1 area indirectly (Si requirement) */
1079 	for (address = IPW_HOST_FW_SHARED_AREA0;
1080 	     address < IPW_HOST_FW_SHARED_AREA0_END; address += 4)
1081 		write_nic_dword(priv->net_dev, address, 0);
1082 	for (address = IPW_HOST_FW_SHARED_AREA1;
1083 	     address < IPW_HOST_FW_SHARED_AREA1_END; address += 4)
1084 		write_nic_dword(priv->net_dev, address, 0);
1085 	for (address = IPW_HOST_FW_SHARED_AREA2;
1086 	     address < IPW_HOST_FW_SHARED_AREA2_END; address += 4)
1087 		write_nic_dword(priv->net_dev, address, 0);
1088 	for (address = IPW_HOST_FW_SHARED_AREA3;
1089 	     address < IPW_HOST_FW_SHARED_AREA3_END; address += 4)
1090 		write_nic_dword(priv->net_dev, address, 0);
1091 	for (address = IPW_HOST_FW_INTERRUPT_AREA;
1092 	     address < IPW_HOST_FW_INTERRUPT_AREA_END; address += 4)
1093 		write_nic_dword(priv->net_dev, address, 0);
1094 
1095 	return 0;
1096 
1097       fail:
1098 	ipw2100_release_firmware(priv, &ipw2100_firmware);
1099 	return err;
1100 }
1101 
1102 static inline void ipw2100_enable_interrupts(struct ipw2100_priv *priv)
1103 {
1104 	if (priv->status & STATUS_INT_ENABLED)
1105 		return;
1106 	priv->status |= STATUS_INT_ENABLED;
1107 	write_register(priv->net_dev, IPW_REG_INTA_MASK, IPW_INTERRUPT_MASK);
1108 }
1109 
1110 static inline void ipw2100_disable_interrupts(struct ipw2100_priv *priv)
1111 {
1112 	if (!(priv->status & STATUS_INT_ENABLED))
1113 		return;
1114 	priv->status &= ~STATUS_INT_ENABLED;
1115 	write_register(priv->net_dev, IPW_REG_INTA_MASK, 0x0);
1116 }
1117 
1118 static void ipw2100_initialize_ordinals(struct ipw2100_priv *priv)
1119 {
1120 	struct ipw2100_ordinals *ord = &priv->ordinals;
1121 
1122 	IPW_DEBUG_INFO("enter\n");
1123 
1124 	read_register(priv->net_dev, IPW_MEM_HOST_SHARED_ORDINALS_TABLE_1,
1125 		      &ord->table1_addr);
1126 
1127 	read_register(priv->net_dev, IPW_MEM_HOST_SHARED_ORDINALS_TABLE_2,
1128 		      &ord->table2_addr);
1129 
1130 	read_nic_dword(priv->net_dev, ord->table1_addr, &ord->table1_size);
1131 	read_nic_dword(priv->net_dev, ord->table2_addr, &ord->table2_size);
1132 
1133 	ord->table2_size &= 0x0000FFFF;
1134 
1135 	IPW_DEBUG_INFO("table 1 size: %d\n", ord->table1_size);
1136 	IPW_DEBUG_INFO("table 2 size: %d\n", ord->table2_size);
1137 	IPW_DEBUG_INFO("exit\n");
1138 }
1139 
1140 static inline void ipw2100_hw_set_gpio(struct ipw2100_priv *priv)
1141 {
1142 	u32 reg = 0;
1143 	/*
1144 	 * Set GPIO 3 writable by FW; GPIO 1 writable
1145 	 * by driver and enable clock
1146 	 */
1147 	reg = (IPW_BIT_GPIO_GPIO3_MASK | IPW_BIT_GPIO_GPIO1_ENABLE |
1148 	       IPW_BIT_GPIO_LED_OFF);
1149 	write_register(priv->net_dev, IPW_REG_GPIO, reg);
1150 }
1151 
1152 static int rf_kill_active(struct ipw2100_priv *priv)
1153 {
1154 #define MAX_RF_KILL_CHECKS 5
1155 #define RF_KILL_CHECK_DELAY 40
1156 
1157 	unsigned short value = 0;
1158 	u32 reg = 0;
1159 	int i;
1160 
1161 	if (!(priv->hw_features & HW_FEATURE_RFKILL)) {
1162 		wiphy_rfkill_set_hw_state(priv->ieee->wdev.wiphy, false);
1163 		priv->status &= ~STATUS_RF_KILL_HW;
1164 		return 0;
1165 	}
1166 
1167 	for (i = 0; i < MAX_RF_KILL_CHECKS; i++) {
1168 		udelay(RF_KILL_CHECK_DELAY);
1169 		read_register(priv->net_dev, IPW_REG_GPIO, &reg);
1170 		value = (value << 1) | ((reg & IPW_BIT_GPIO_RF_KILL) ? 0 : 1);
1171 	}
1172 
1173 	if (value == 0) {
1174 		wiphy_rfkill_set_hw_state(priv->ieee->wdev.wiphy, true);
1175 		priv->status |= STATUS_RF_KILL_HW;
1176 	} else {
1177 		wiphy_rfkill_set_hw_state(priv->ieee->wdev.wiphy, false);
1178 		priv->status &= ~STATUS_RF_KILL_HW;
1179 	}
1180 
1181 	return (value == 0);
1182 }
1183 
1184 static int ipw2100_get_hw_features(struct ipw2100_priv *priv)
1185 {
1186 	u32 addr, len;
1187 	u32 val;
1188 
1189 	/*
1190 	 * EEPROM_SRAM_DB_START_ADDRESS using ordinal in ordinal table 1
1191 	 */
1192 	len = sizeof(addr);
1193 	if (ipw2100_get_ordinal
1194 	    (priv, IPW_ORD_EEPROM_SRAM_DB_BLOCK_START_ADDRESS, &addr, &len)) {
1195 		IPW_DEBUG_INFO("failed querying ordinals at line %d\n",
1196 			       __LINE__);
1197 		return -EIO;
1198 	}
1199 
1200 	IPW_DEBUG_INFO("EEPROM address: %08X\n", addr);
1201 
1202 	/*
1203 	 * EEPROM version is the byte at offset 0xfd in firmware
1204 	 * We read 4 bytes, then shift out the byte we actually want */
1205 	read_nic_dword(priv->net_dev, addr + 0xFC, &val);
1206 	priv->eeprom_version = (val >> 24) & 0xFF;
1207 	IPW_DEBUG_INFO("EEPROM version: %d\n", priv->eeprom_version);
1208 
1209 	/*
1210 	 *  HW RF Kill enable is bit 0 in byte at offset 0x21 in firmware
1211 	 *
1212 	 *  notice that the EEPROM bit is reverse polarity, i.e.
1213 	 *     bit = 0  signifies HW RF kill switch is supported
1214 	 *     bit = 1  signifies HW RF kill switch is NOT supported
1215 	 */
1216 	read_nic_dword(priv->net_dev, addr + 0x20, &val);
1217 	if (!((val >> 24) & 0x01))
1218 		priv->hw_features |= HW_FEATURE_RFKILL;
1219 
1220 	IPW_DEBUG_INFO("HW RF Kill: %ssupported.\n",
1221 		       (priv->hw_features & HW_FEATURE_RFKILL) ? "" : "not ");
1222 
1223 	return 0;
1224 }
1225 
1226 /*
1227  * Start firmware execution after power on and initialization
1228  * The sequence is:
1229  *  1. Release ARC
1230  *  2. Wait for f/w initialization completes;
1231  */
1232 static int ipw2100_start_adapter(struct ipw2100_priv *priv)
1233 {
1234 	int i;
1235 	u32 inta, inta_mask, gpio;
1236 
1237 	IPW_DEBUG_INFO("enter\n");
1238 
1239 	if (priv->status & STATUS_RUNNING)
1240 		return 0;
1241 
1242 	/*
1243 	 * Initialize the hw - drive adapter to DO state by setting
1244 	 * init_done bit. Wait for clk_ready bit and Download
1245 	 * fw & dino ucode
1246 	 */
1247 	if (ipw2100_download_firmware(priv)) {
1248 		printk(KERN_ERR DRV_NAME
1249 		       ": %s: Failed to power on the adapter.\n",
1250 		       priv->net_dev->name);
1251 		return -EIO;
1252 	}
1253 
1254 	/* Clear the Tx, Rx and Msg queues and the r/w indexes
1255 	 * in the firmware RBD and TBD ring queue */
1256 	ipw2100_queues_initialize(priv);
1257 
1258 	ipw2100_hw_set_gpio(priv);
1259 
1260 	/* TODO -- Look at disabling interrupts here to make sure none
1261 	 * get fired during FW initialization */
1262 
1263 	/* Release ARC - clear reset bit */
1264 	write_register(priv->net_dev, IPW_REG_RESET_REG, 0);
1265 
1266 	/* wait for f/w initialization complete */
1267 	IPW_DEBUG_FW("Waiting for f/w initialization to complete...\n");
1268 	i = 5000;
1269 	do {
1270 		schedule_timeout_uninterruptible(msecs_to_jiffies(40));
1271 		/* Todo... wait for sync command ... */
1272 
1273 		read_register(priv->net_dev, IPW_REG_INTA, &inta);
1274 
1275 		/* check "init done" bit */
1276 		if (inta & IPW2100_INTA_FW_INIT_DONE) {
1277 			/* reset "init done" bit */
1278 			write_register(priv->net_dev, IPW_REG_INTA,
1279 				       IPW2100_INTA_FW_INIT_DONE);
1280 			break;
1281 		}
1282 
1283 		/* check error conditions : we check these after the firmware
1284 		 * check so that if there is an error, the interrupt handler
1285 		 * will see it and the adapter will be reset */
1286 		if (inta &
1287 		    (IPW2100_INTA_FATAL_ERROR | IPW2100_INTA_PARITY_ERROR)) {
1288 			/* clear error conditions */
1289 			write_register(priv->net_dev, IPW_REG_INTA,
1290 				       IPW2100_INTA_FATAL_ERROR |
1291 				       IPW2100_INTA_PARITY_ERROR);
1292 		}
1293 	} while (--i);
1294 
1295 	/* Clear out any pending INTAs since we aren't supposed to have
1296 	 * interrupts enabled at this point... */
1297 	read_register(priv->net_dev, IPW_REG_INTA, &inta);
1298 	read_register(priv->net_dev, IPW_REG_INTA_MASK, &inta_mask);
1299 	inta &= IPW_INTERRUPT_MASK;
1300 	/* Clear out any pending interrupts */
1301 	if (inta & inta_mask)
1302 		write_register(priv->net_dev, IPW_REG_INTA, inta);
1303 
1304 	IPW_DEBUG_FW("f/w initialization complete: %s\n",
1305 		     i ? "SUCCESS" : "FAILED");
1306 
1307 	if (!i) {
1308 		printk(KERN_WARNING DRV_NAME
1309 		       ": %s: Firmware did not initialize.\n",
1310 		       priv->net_dev->name);
1311 		return -EIO;
1312 	}
1313 
1314 	/* allow firmware to write to GPIO1 & GPIO3 */
1315 	read_register(priv->net_dev, IPW_REG_GPIO, &gpio);
1316 
1317 	gpio |= (IPW_BIT_GPIO_GPIO1_MASK | IPW_BIT_GPIO_GPIO3_MASK);
1318 
1319 	write_register(priv->net_dev, IPW_REG_GPIO, gpio);
1320 
1321 	/* Ready to receive commands */
1322 	priv->status |= STATUS_RUNNING;
1323 
1324 	/* The adapter has been reset; we are not associated */
1325 	priv->status &= ~(STATUS_ASSOCIATING | STATUS_ASSOCIATED);
1326 
1327 	IPW_DEBUG_INFO("exit\n");
1328 
1329 	return 0;
1330 }
1331 
1332 static inline void ipw2100_reset_fatalerror(struct ipw2100_priv *priv)
1333 {
1334 	if (!priv->fatal_error)
1335 		return;
1336 
1337 	priv->fatal_errors[priv->fatal_index++] = priv->fatal_error;
1338 	priv->fatal_index %= IPW2100_ERROR_QUEUE;
1339 	priv->fatal_error = 0;
1340 }
1341 
1342 /* NOTE: Our interrupt is disabled when this method is called */
1343 static int ipw2100_power_cycle_adapter(struct ipw2100_priv *priv)
1344 {
1345 	u32 reg;
1346 	int i;
1347 
1348 	IPW_DEBUG_INFO("Power cycling the hardware.\n");
1349 
1350 	ipw2100_hw_set_gpio(priv);
1351 
1352 	/* Step 1. Stop Master Assert */
1353 	write_register(priv->net_dev, IPW_REG_RESET_REG,
1354 		       IPW_AUX_HOST_RESET_REG_STOP_MASTER);
1355 
1356 	/* Step 2. Wait for stop Master Assert
1357 	 *         (not more than 50us, otherwise ret error */
1358 	i = 5;
1359 	do {
1360 		udelay(IPW_WAIT_RESET_MASTER_ASSERT_COMPLETE_DELAY);
1361 		read_register(priv->net_dev, IPW_REG_RESET_REG, &reg);
1362 
1363 		if (reg & IPW_AUX_HOST_RESET_REG_MASTER_DISABLED)
1364 			break;
1365 	} while (--i);
1366 
1367 	priv->status &= ~STATUS_RESET_PENDING;
1368 
1369 	if (!i) {
1370 		IPW_DEBUG_INFO
1371 		    ("exit - waited too long for master assert stop\n");
1372 		return -EIO;
1373 	}
1374 
1375 	write_register(priv->net_dev, IPW_REG_RESET_REG,
1376 		       IPW_AUX_HOST_RESET_REG_SW_RESET);
1377 
1378 	/* Reset any fatal_error conditions */
1379 	ipw2100_reset_fatalerror(priv);
1380 
1381 	/* At this point, the adapter is now stopped and disabled */
1382 	priv->status &= ~(STATUS_RUNNING | STATUS_ASSOCIATING |
1383 			  STATUS_ASSOCIATED | STATUS_ENABLED);
1384 
1385 	return 0;
1386 }
1387 
1388 /*
1389  * Send the CARD_DISABLE_PHY_OFF command to the card to disable it
1390  *
1391  * After disabling, if the card was associated, a STATUS_ASSN_LOST will be sent.
1392  *
1393  * STATUS_CARD_DISABLE_NOTIFICATION will be sent regardless of
1394  * if STATUS_ASSN_LOST is sent.
1395  */
1396 static int ipw2100_hw_phy_off(struct ipw2100_priv *priv)
1397 {
1398 
1399 #define HW_PHY_OFF_LOOP_DELAY (msecs_to_jiffies(50))
1400 
1401 	struct host_command cmd = {
1402 		.host_command = CARD_DISABLE_PHY_OFF,
1403 		.host_command_sequence = 0,
1404 		.host_command_length = 0,
1405 	};
1406 	int err, i;
1407 	u32 val1, val2;
1408 
1409 	IPW_DEBUG_HC("CARD_DISABLE_PHY_OFF\n");
1410 
1411 	/* Turn off the radio */
1412 	err = ipw2100_hw_send_command(priv, &cmd);
1413 	if (err)
1414 		return err;
1415 
1416 	for (i = 0; i < 2500; i++) {
1417 		read_nic_dword(priv->net_dev, IPW2100_CONTROL_REG, &val1);
1418 		read_nic_dword(priv->net_dev, IPW2100_COMMAND, &val2);
1419 
1420 		if ((val1 & IPW2100_CONTROL_PHY_OFF) &&
1421 		    (val2 & IPW2100_COMMAND_PHY_OFF))
1422 			return 0;
1423 
1424 		schedule_timeout_uninterruptible(HW_PHY_OFF_LOOP_DELAY);
1425 	}
1426 
1427 	return -EIO;
1428 }
1429 
1430 static int ipw2100_enable_adapter(struct ipw2100_priv *priv)
1431 {
1432 	struct host_command cmd = {
1433 		.host_command = HOST_COMPLETE,
1434 		.host_command_sequence = 0,
1435 		.host_command_length = 0
1436 	};
1437 	int err = 0;
1438 
1439 	IPW_DEBUG_HC("HOST_COMPLETE\n");
1440 
1441 	if (priv->status & STATUS_ENABLED)
1442 		return 0;
1443 
1444 	mutex_lock(&priv->adapter_mutex);
1445 
1446 	if (rf_kill_active(priv)) {
1447 		IPW_DEBUG_HC("Command aborted due to RF kill active.\n");
1448 		goto fail_up;
1449 	}
1450 
1451 	err = ipw2100_hw_send_command(priv, &cmd);
1452 	if (err) {
1453 		IPW_DEBUG_INFO("Failed to send HOST_COMPLETE command\n");
1454 		goto fail_up;
1455 	}
1456 
1457 	err = ipw2100_wait_for_card_state(priv, IPW_HW_STATE_ENABLED);
1458 	if (err) {
1459 		IPW_DEBUG_INFO("%s: card not responding to init command.\n",
1460 			       priv->net_dev->name);
1461 		goto fail_up;
1462 	}
1463 
1464 	if (priv->stop_hang_check) {
1465 		priv->stop_hang_check = 0;
1466 		schedule_delayed_work(&priv->hang_check, HZ / 2);
1467 	}
1468 
1469       fail_up:
1470 	mutex_unlock(&priv->adapter_mutex);
1471 	return err;
1472 }
1473 
1474 static int ipw2100_hw_stop_adapter(struct ipw2100_priv *priv)
1475 {
1476 #define HW_POWER_DOWN_DELAY (msecs_to_jiffies(100))
1477 
1478 	struct host_command cmd = {
1479 		.host_command = HOST_PRE_POWER_DOWN,
1480 		.host_command_sequence = 0,
1481 		.host_command_length = 0,
1482 	};
1483 	int err, i;
1484 	u32 reg;
1485 
1486 	if (!(priv->status & STATUS_RUNNING))
1487 		return 0;
1488 
1489 	priv->status |= STATUS_STOPPING;
1490 
1491 	/* We can only shut down the card if the firmware is operational.  So,
1492 	 * if we haven't reset since a fatal_error, then we can not send the
1493 	 * shutdown commands. */
1494 	if (!priv->fatal_error) {
1495 		/* First, make sure the adapter is enabled so that the PHY_OFF
1496 		 * command can shut it down */
1497 		ipw2100_enable_adapter(priv);
1498 
1499 		err = ipw2100_hw_phy_off(priv);
1500 		if (err)
1501 			printk(KERN_WARNING DRV_NAME
1502 			       ": Error disabling radio %d\n", err);
1503 
1504 		/*
1505 		 * If in D0-standby mode going directly to D3 may cause a
1506 		 * PCI bus violation.  Therefore we must change out of the D0
1507 		 * state.
1508 		 *
1509 		 * Sending the PREPARE_FOR_POWER_DOWN will restrict the
1510 		 * hardware from going into standby mode and will transition
1511 		 * out of D0-standby if it is already in that state.
1512 		 *
1513 		 * STATUS_PREPARE_POWER_DOWN_COMPLETE will be sent by the
1514 		 * driver upon completion.  Once received, the driver can
1515 		 * proceed to the D3 state.
1516 		 *
1517 		 * Prepare for power down command to fw.  This command would
1518 		 * take HW out of D0-standby and prepare it for D3 state.
1519 		 *
1520 		 * Currently FW does not support event notification for this
1521 		 * event. Therefore, skip waiting for it.  Just wait a fixed
1522 		 * 100ms
1523 		 */
1524 		IPW_DEBUG_HC("HOST_PRE_POWER_DOWN\n");
1525 
1526 		err = ipw2100_hw_send_command(priv, &cmd);
1527 		if (err)
1528 			printk(KERN_WARNING DRV_NAME ": "
1529 			       "%s: Power down command failed: Error %d\n",
1530 			       priv->net_dev->name, err);
1531 		else
1532 			schedule_timeout_uninterruptible(HW_POWER_DOWN_DELAY);
1533 	}
1534 
1535 	priv->status &= ~STATUS_ENABLED;
1536 
1537 	/*
1538 	 * Set GPIO 3 writable by FW; GPIO 1 writable
1539 	 * by driver and enable clock
1540 	 */
1541 	ipw2100_hw_set_gpio(priv);
1542 
1543 	/*
1544 	 * Power down adapter.  Sequence:
1545 	 * 1. Stop master assert (RESET_REG[9]=1)
1546 	 * 2. Wait for stop master (RESET_REG[8]==1)
1547 	 * 3. S/w reset assert (RESET_REG[7] = 1)
1548 	 */
1549 
1550 	/* Stop master assert */
1551 	write_register(priv->net_dev, IPW_REG_RESET_REG,
1552 		       IPW_AUX_HOST_RESET_REG_STOP_MASTER);
1553 
1554 	/* wait stop master not more than 50 usec.
1555 	 * Otherwise return error. */
1556 	for (i = 5; i > 0; i--) {
1557 		udelay(10);
1558 
1559 		/* Check master stop bit */
1560 		read_register(priv->net_dev, IPW_REG_RESET_REG, &reg);
1561 
1562 		if (reg & IPW_AUX_HOST_RESET_REG_MASTER_DISABLED)
1563 			break;
1564 	}
1565 
1566 	if (i == 0)
1567 		printk(KERN_WARNING DRV_NAME
1568 		       ": %s: Could now power down adapter.\n",
1569 		       priv->net_dev->name);
1570 
1571 	/* assert s/w reset */
1572 	write_register(priv->net_dev, IPW_REG_RESET_REG,
1573 		       IPW_AUX_HOST_RESET_REG_SW_RESET);
1574 
1575 	priv->status &= ~(STATUS_RUNNING | STATUS_STOPPING);
1576 
1577 	return 0;
1578 }
1579 
1580 static int ipw2100_disable_adapter(struct ipw2100_priv *priv)
1581 {
1582 	struct host_command cmd = {
1583 		.host_command = CARD_DISABLE,
1584 		.host_command_sequence = 0,
1585 		.host_command_length = 0
1586 	};
1587 	int err = 0;
1588 
1589 	IPW_DEBUG_HC("CARD_DISABLE\n");
1590 
1591 	if (!(priv->status & STATUS_ENABLED))
1592 		return 0;
1593 
1594 	/* Make sure we clear the associated state */
1595 	priv->status &= ~(STATUS_ASSOCIATED | STATUS_ASSOCIATING);
1596 
1597 	if (!priv->stop_hang_check) {
1598 		priv->stop_hang_check = 1;
1599 		cancel_delayed_work(&priv->hang_check);
1600 	}
1601 
1602 	mutex_lock(&priv->adapter_mutex);
1603 
1604 	err = ipw2100_hw_send_command(priv, &cmd);
1605 	if (err) {
1606 		printk(KERN_WARNING DRV_NAME
1607 		       ": exit - failed to send CARD_DISABLE command\n");
1608 		goto fail_up;
1609 	}
1610 
1611 	err = ipw2100_wait_for_card_state(priv, IPW_HW_STATE_DISABLED);
1612 	if (err) {
1613 		printk(KERN_WARNING DRV_NAME
1614 		       ": exit - card failed to change to DISABLED\n");
1615 		goto fail_up;
1616 	}
1617 
1618 	IPW_DEBUG_INFO("TODO: implement scan state machine\n");
1619 
1620       fail_up:
1621 	mutex_unlock(&priv->adapter_mutex);
1622 	return err;
1623 }
1624 
1625 static int ipw2100_set_scan_options(struct ipw2100_priv *priv)
1626 {
1627 	struct host_command cmd = {
1628 		.host_command = SET_SCAN_OPTIONS,
1629 		.host_command_sequence = 0,
1630 		.host_command_length = 8
1631 	};
1632 	int err;
1633 
1634 	IPW_DEBUG_INFO("enter\n");
1635 
1636 	IPW_DEBUG_SCAN("setting scan options\n");
1637 
1638 	cmd.host_command_parameters[0] = 0;
1639 
1640 	if (!(priv->config & CFG_ASSOCIATE))
1641 		cmd.host_command_parameters[0] |= IPW_SCAN_NOASSOCIATE;
1642 	if ((priv->ieee->sec.flags & SEC_ENABLED) && priv->ieee->sec.enabled)
1643 		cmd.host_command_parameters[0] |= IPW_SCAN_MIXED_CELL;
1644 	if (priv->config & CFG_PASSIVE_SCAN)
1645 		cmd.host_command_parameters[0] |= IPW_SCAN_PASSIVE;
1646 
1647 	cmd.host_command_parameters[1] = priv->channel_mask;
1648 
1649 	err = ipw2100_hw_send_command(priv, &cmd);
1650 
1651 	IPW_DEBUG_HC("SET_SCAN_OPTIONS 0x%04X\n",
1652 		     cmd.host_command_parameters[0]);
1653 
1654 	return err;
1655 }
1656 
1657 static int ipw2100_start_scan(struct ipw2100_priv *priv)
1658 {
1659 	struct host_command cmd = {
1660 		.host_command = BROADCAST_SCAN,
1661 		.host_command_sequence = 0,
1662 		.host_command_length = 4
1663 	};
1664 	int err;
1665 
1666 	IPW_DEBUG_HC("START_SCAN\n");
1667 
1668 	cmd.host_command_parameters[0] = 0;
1669 
1670 	/* No scanning if in monitor mode */
1671 	if (priv->ieee->iw_mode == IW_MODE_MONITOR)
1672 		return 1;
1673 
1674 	if (priv->status & STATUS_SCANNING) {
1675 		IPW_DEBUG_SCAN("Scan requested while already in scan...\n");
1676 		return 0;
1677 	}
1678 
1679 	IPW_DEBUG_INFO("enter\n");
1680 
1681 	/* Not clearing here; doing so makes iwlist always return nothing...
1682 	 *
1683 	 * We should modify the table logic to use aging tables vs. clearing
1684 	 * the table on each scan start.
1685 	 */
1686 	IPW_DEBUG_SCAN("starting scan\n");
1687 
1688 	priv->status |= STATUS_SCANNING;
1689 	err = ipw2100_hw_send_command(priv, &cmd);
1690 	if (err)
1691 		priv->status &= ~STATUS_SCANNING;
1692 
1693 	IPW_DEBUG_INFO("exit\n");
1694 
1695 	return err;
1696 }
1697 
1698 static const struct libipw_geo ipw_geos[] = {
1699 	{			/* Restricted */
1700 	 "---",
1701 	 .bg_channels = 14,
1702 	 .bg = {{2412, 1}, {2417, 2}, {2422, 3},
1703 		{2427, 4}, {2432, 5}, {2437, 6},
1704 		{2442, 7}, {2447, 8}, {2452, 9},
1705 		{2457, 10}, {2462, 11}, {2467, 12},
1706 		{2472, 13}, {2484, 14}},
1707 	 },
1708 };
1709 
1710 static int ipw2100_up(struct ipw2100_priv *priv, int deferred)
1711 {
1712 	unsigned long flags;
1713 	int err = 0;
1714 	u32 lock;
1715 	u32 ord_len = sizeof(lock);
1716 
1717 	/* Age scan list entries found before suspend */
1718 	if (priv->suspend_time) {
1719 		libipw_networks_age(priv->ieee, priv->suspend_time);
1720 		priv->suspend_time = 0;
1721 	}
1722 
1723 	/* Quiet if manually disabled. */
1724 	if (priv->status & STATUS_RF_KILL_SW) {
1725 		IPW_DEBUG_INFO("%s: Radio is disabled by Manual Disable "
1726 			       "switch\n", priv->net_dev->name);
1727 		return 0;
1728 	}
1729 
1730 	/* the ipw2100 hardware really doesn't want power management delays
1731 	 * longer than 175usec
1732 	 */
1733 	cpu_latency_qos_update_request(&ipw2100_pm_qos_req, 175);
1734 
1735 	/* If the interrupt is enabled, turn it off... */
1736 	spin_lock_irqsave(&priv->low_lock, flags);
1737 	ipw2100_disable_interrupts(priv);
1738 
1739 	/* Reset any fatal_error conditions */
1740 	ipw2100_reset_fatalerror(priv);
1741 	spin_unlock_irqrestore(&priv->low_lock, flags);
1742 
1743 	if (priv->status & STATUS_POWERED ||
1744 	    (priv->status & STATUS_RESET_PENDING)) {
1745 		/* Power cycle the card ... */
1746 		err = ipw2100_power_cycle_adapter(priv);
1747 		if (err) {
1748 			printk(KERN_WARNING DRV_NAME
1749 			       ": %s: Could not cycle adapter.\n",
1750 			       priv->net_dev->name);
1751 			goto exit;
1752 		}
1753 	} else
1754 		priv->status |= STATUS_POWERED;
1755 
1756 	/* Load the firmware, start the clocks, etc. */
1757 	err = ipw2100_start_adapter(priv);
1758 	if (err) {
1759 		printk(KERN_ERR DRV_NAME
1760 		       ": %s: Failed to start the firmware.\n",
1761 		       priv->net_dev->name);
1762 		goto exit;
1763 	}
1764 
1765 	ipw2100_initialize_ordinals(priv);
1766 
1767 	/* Determine capabilities of this particular HW configuration */
1768 	err = ipw2100_get_hw_features(priv);
1769 	if (err) {
1770 		printk(KERN_ERR DRV_NAME
1771 		       ": %s: Failed to determine HW features.\n",
1772 		       priv->net_dev->name);
1773 		goto exit;
1774 	}
1775 
1776 	/* Initialize the geo */
1777 	libipw_set_geo(priv->ieee, &ipw_geos[0]);
1778 	priv->ieee->freq_band = LIBIPW_24GHZ_BAND;
1779 
1780 	lock = LOCK_NONE;
1781 	err = ipw2100_set_ordinal(priv, IPW_ORD_PERS_DB_LOCK, &lock, &ord_len);
1782 	if (err) {
1783 		printk(KERN_ERR DRV_NAME
1784 		       ": %s: Failed to clear ordinal lock.\n",
1785 		       priv->net_dev->name);
1786 		goto exit;
1787 	}
1788 
1789 	priv->status &= ~STATUS_SCANNING;
1790 
1791 	if (rf_kill_active(priv)) {
1792 		printk(KERN_INFO "%s: Radio is disabled by RF switch.\n",
1793 		       priv->net_dev->name);
1794 
1795 		if (priv->stop_rf_kill) {
1796 			priv->stop_rf_kill = 0;
1797 			schedule_delayed_work(&priv->rf_kill,
1798 					      round_jiffies_relative(HZ));
1799 		}
1800 
1801 		deferred = 1;
1802 	}
1803 
1804 	/* Turn on the interrupt so that commands can be processed */
1805 	ipw2100_enable_interrupts(priv);
1806 
1807 	/* Send all of the commands that must be sent prior to
1808 	 * HOST_COMPLETE */
1809 	err = ipw2100_adapter_setup(priv);
1810 	if (err) {
1811 		printk(KERN_ERR DRV_NAME ": %s: Failed to start the card.\n",
1812 		       priv->net_dev->name);
1813 		goto exit;
1814 	}
1815 
1816 	if (!deferred) {
1817 		/* Enable the adapter - sends HOST_COMPLETE */
1818 		err = ipw2100_enable_adapter(priv);
1819 		if (err) {
1820 			printk(KERN_ERR DRV_NAME ": "
1821 			       "%s: failed in call to enable adapter.\n",
1822 			       priv->net_dev->name);
1823 			ipw2100_hw_stop_adapter(priv);
1824 			goto exit;
1825 		}
1826 
1827 		/* Start a scan . . . */
1828 		ipw2100_set_scan_options(priv);
1829 		ipw2100_start_scan(priv);
1830 	}
1831 
1832       exit:
1833 	return err;
1834 }
1835 
1836 static void ipw2100_down(struct ipw2100_priv *priv)
1837 {
1838 	unsigned long flags;
1839 	union iwreq_data wrqu = {
1840 		.ap_addr = {
1841 			    .sa_family = ARPHRD_ETHER}
1842 	};
1843 	int associated = priv->status & STATUS_ASSOCIATED;
1844 
1845 	/* Kill the RF switch timer */
1846 	if (!priv->stop_rf_kill) {
1847 		priv->stop_rf_kill = 1;
1848 		cancel_delayed_work(&priv->rf_kill);
1849 	}
1850 
1851 	/* Kill the firmware hang check timer */
1852 	if (!priv->stop_hang_check) {
1853 		priv->stop_hang_check = 1;
1854 		cancel_delayed_work(&priv->hang_check);
1855 	}
1856 
1857 	/* Kill any pending resets */
1858 	if (priv->status & STATUS_RESET_PENDING)
1859 		cancel_delayed_work(&priv->reset_work);
1860 
1861 	/* Make sure the interrupt is on so that FW commands will be
1862 	 * processed correctly */
1863 	spin_lock_irqsave(&priv->low_lock, flags);
1864 	ipw2100_enable_interrupts(priv);
1865 	spin_unlock_irqrestore(&priv->low_lock, flags);
1866 
1867 	if (ipw2100_hw_stop_adapter(priv))
1868 		printk(KERN_ERR DRV_NAME ": %s: Error stopping adapter.\n",
1869 		       priv->net_dev->name);
1870 
1871 	/* Do not disable the interrupt until _after_ we disable
1872 	 * the adaptor.  Otherwise the CARD_DISABLE command will never
1873 	 * be ack'd by the firmware */
1874 	spin_lock_irqsave(&priv->low_lock, flags);
1875 	ipw2100_disable_interrupts(priv);
1876 	spin_unlock_irqrestore(&priv->low_lock, flags);
1877 
1878 	cpu_latency_qos_update_request(&ipw2100_pm_qos_req,
1879 				       PM_QOS_DEFAULT_VALUE);
1880 
1881 	/* We have to signal any supplicant if we are disassociating */
1882 	if (associated)
1883 		wireless_send_event(priv->net_dev, SIOCGIWAP, &wrqu, NULL);
1884 
1885 	priv->status &= ~(STATUS_ASSOCIATED | STATUS_ASSOCIATING);
1886 	netif_carrier_off(priv->net_dev);
1887 	netif_stop_queue(priv->net_dev);
1888 }
1889 
1890 static int ipw2100_wdev_init(struct net_device *dev)
1891 {
1892 	struct ipw2100_priv *priv = libipw_priv(dev);
1893 	const struct libipw_geo *geo = libipw_get_geo(priv->ieee);
1894 	struct wireless_dev *wdev = &priv->ieee->wdev;
1895 	int i;
1896 
1897 	memcpy(wdev->wiphy->perm_addr, priv->mac_addr, ETH_ALEN);
1898 
1899 	/* fill-out priv->ieee->bg_band */
1900 	if (geo->bg_channels) {
1901 		struct ieee80211_supported_band *bg_band = &priv->ieee->bg_band;
1902 
1903 		bg_band->band = NL80211_BAND_2GHZ;
1904 		bg_band->n_channels = geo->bg_channels;
1905 		bg_band->channels = kcalloc(geo->bg_channels,
1906 					    sizeof(struct ieee80211_channel),
1907 					    GFP_KERNEL);
1908 		if (!bg_band->channels) {
1909 			ipw2100_down(priv);
1910 			return -ENOMEM;
1911 		}
1912 		/* translate geo->bg to bg_band.channels */
1913 		for (i = 0; i < geo->bg_channels; i++) {
1914 			bg_band->channels[i].band = NL80211_BAND_2GHZ;
1915 			bg_band->channels[i].center_freq = geo->bg[i].freq;
1916 			bg_band->channels[i].hw_value = geo->bg[i].channel;
1917 			bg_band->channels[i].max_power = geo->bg[i].max_power;
1918 			if (geo->bg[i].flags & LIBIPW_CH_PASSIVE_ONLY)
1919 				bg_band->channels[i].flags |=
1920 					IEEE80211_CHAN_NO_IR;
1921 			if (geo->bg[i].flags & LIBIPW_CH_NO_IBSS)
1922 				bg_band->channels[i].flags |=
1923 					IEEE80211_CHAN_NO_IR;
1924 			if (geo->bg[i].flags & LIBIPW_CH_RADAR_DETECT)
1925 				bg_band->channels[i].flags |=
1926 					IEEE80211_CHAN_RADAR;
1927 			/* No equivalent for LIBIPW_CH_80211H_RULES,
1928 			   LIBIPW_CH_UNIFORM_SPREADING, or
1929 			   LIBIPW_CH_B_ONLY... */
1930 		}
1931 		/* point at bitrate info */
1932 		bg_band->bitrates = ipw2100_bg_rates;
1933 		bg_band->n_bitrates = RATE_COUNT;
1934 
1935 		wdev->wiphy->bands[NL80211_BAND_2GHZ] = bg_band;
1936 	}
1937 
1938 	wdev->wiphy->cipher_suites = ipw_cipher_suites;
1939 	wdev->wiphy->n_cipher_suites = ARRAY_SIZE(ipw_cipher_suites);
1940 
1941 	set_wiphy_dev(wdev->wiphy, &priv->pci_dev->dev);
1942 	if (wiphy_register(wdev->wiphy))
1943 		return -EIO;
1944 	return 0;
1945 }
1946 
1947 static void ipw2100_reset_adapter(struct work_struct *work)
1948 {
1949 	struct ipw2100_priv *priv =
1950 		container_of(work, struct ipw2100_priv, reset_work.work);
1951 	unsigned long flags;
1952 	union iwreq_data wrqu = {
1953 		.ap_addr = {
1954 			    .sa_family = ARPHRD_ETHER}
1955 	};
1956 	int associated = priv->status & STATUS_ASSOCIATED;
1957 
1958 	spin_lock_irqsave(&priv->low_lock, flags);
1959 	IPW_DEBUG_INFO(": %s: Restarting adapter.\n", priv->net_dev->name);
1960 	priv->resets++;
1961 	priv->status &= ~(STATUS_ASSOCIATED | STATUS_ASSOCIATING);
1962 	priv->status |= STATUS_SECURITY_UPDATED;
1963 
1964 	/* Force a power cycle even if interface hasn't been opened
1965 	 * yet */
1966 	cancel_delayed_work(&priv->reset_work);
1967 	priv->status |= STATUS_RESET_PENDING;
1968 	spin_unlock_irqrestore(&priv->low_lock, flags);
1969 
1970 	mutex_lock(&priv->action_mutex);
1971 	/* stop timed checks so that they don't interfere with reset */
1972 	priv->stop_hang_check = 1;
1973 	cancel_delayed_work(&priv->hang_check);
1974 
1975 	/* We have to signal any supplicant if we are disassociating */
1976 	if (associated)
1977 		wireless_send_event(priv->net_dev, SIOCGIWAP, &wrqu, NULL);
1978 
1979 	ipw2100_up(priv, 0);
1980 	mutex_unlock(&priv->action_mutex);
1981 
1982 }
1983 
1984 static void isr_indicate_associated(struct ipw2100_priv *priv, u32 status)
1985 {
1986 
1987 #define MAC_ASSOCIATION_READ_DELAY (HZ)
1988 	int ret;
1989 	unsigned int len, essid_len;
1990 	char essid[IW_ESSID_MAX_SIZE];
1991 	u32 txrate;
1992 	u32 chan;
1993 	char *txratename;
1994 	u8 bssid[ETH_ALEN];
1995 
1996 	/*
1997 	 * TBD: BSSID is usually 00:00:00:00:00:00 here and not
1998 	 *      an actual MAC of the AP. Seems like FW sets this
1999 	 *      address too late. Read it later and expose through
2000 	 *      /proc or schedule a later task to query and update
2001 	 */
2002 
2003 	essid_len = IW_ESSID_MAX_SIZE;
2004 	ret = ipw2100_get_ordinal(priv, IPW_ORD_STAT_ASSN_SSID,
2005 				  essid, &essid_len);
2006 	if (ret) {
2007 		IPW_DEBUG_INFO("failed querying ordinals at line %d\n",
2008 			       __LINE__);
2009 		return;
2010 	}
2011 
2012 	len = sizeof(u32);
2013 	ret = ipw2100_get_ordinal(priv, IPW_ORD_CURRENT_TX_RATE, &txrate, &len);
2014 	if (ret) {
2015 		IPW_DEBUG_INFO("failed querying ordinals at line %d\n",
2016 			       __LINE__);
2017 		return;
2018 	}
2019 
2020 	len = sizeof(u32);
2021 	ret = ipw2100_get_ordinal(priv, IPW_ORD_OUR_FREQ, &chan, &len);
2022 	if (ret) {
2023 		IPW_DEBUG_INFO("failed querying ordinals at line %d\n",
2024 			       __LINE__);
2025 		return;
2026 	}
2027 	len = ETH_ALEN;
2028 	ret = ipw2100_get_ordinal(priv, IPW_ORD_STAT_ASSN_AP_BSSID, bssid,
2029 				  &len);
2030 	if (ret) {
2031 		IPW_DEBUG_INFO("failed querying ordinals at line %d\n",
2032 			       __LINE__);
2033 		return;
2034 	}
2035 	memcpy(priv->ieee->bssid, bssid, ETH_ALEN);
2036 
2037 	switch (txrate) {
2038 	case TX_RATE_1_MBIT:
2039 		txratename = "1Mbps";
2040 		break;
2041 	case TX_RATE_2_MBIT:
2042 		txratename = "2Mbsp";
2043 		break;
2044 	case TX_RATE_5_5_MBIT:
2045 		txratename = "5.5Mbps";
2046 		break;
2047 	case TX_RATE_11_MBIT:
2048 		txratename = "11Mbps";
2049 		break;
2050 	default:
2051 		IPW_DEBUG_INFO("Unknown rate: %d\n", txrate);
2052 		txratename = "unknown rate";
2053 		break;
2054 	}
2055 
2056 	IPW_DEBUG_INFO("%s: Associated with '%*pE' at %s, channel %d (BSSID=%pM)\n",
2057 		       priv->net_dev->name, essid_len, essid,
2058 		       txratename, chan, bssid);
2059 
2060 	/* now we copy read ssid into dev */
2061 	if (!(priv->config & CFG_STATIC_ESSID)) {
2062 		priv->essid_len = min((u8) essid_len, (u8) IW_ESSID_MAX_SIZE);
2063 		memcpy(priv->essid, essid, priv->essid_len);
2064 	}
2065 	priv->channel = chan;
2066 	memcpy(priv->bssid, bssid, ETH_ALEN);
2067 
2068 	priv->status |= STATUS_ASSOCIATING;
2069 	priv->connect_start = ktime_get_boottime_seconds();
2070 
2071 	schedule_delayed_work(&priv->wx_event_work, HZ / 10);
2072 }
2073 
2074 static int ipw2100_set_essid(struct ipw2100_priv *priv, char *essid,
2075 			     int length, int batch_mode)
2076 {
2077 	int ssid_len = min(length, IW_ESSID_MAX_SIZE);
2078 	struct host_command cmd = {
2079 		.host_command = SSID,
2080 		.host_command_sequence = 0,
2081 		.host_command_length = ssid_len
2082 	};
2083 	int err;
2084 
2085 	IPW_DEBUG_HC("SSID: '%*pE'\n", ssid_len, essid);
2086 
2087 	if (ssid_len)
2088 		memcpy(cmd.host_command_parameters, essid, ssid_len);
2089 
2090 	if (!batch_mode) {
2091 		err = ipw2100_disable_adapter(priv);
2092 		if (err)
2093 			return err;
2094 	}
2095 
2096 	/* Bug in FW currently doesn't honor bit 0 in SET_SCAN_OPTIONS to
2097 	 * disable auto association -- so we cheat by setting a bogus SSID */
2098 	if (!ssid_len && !(priv->config & CFG_ASSOCIATE)) {
2099 		int i;
2100 		u8 *bogus = (u8 *) cmd.host_command_parameters;
2101 		for (i = 0; i < IW_ESSID_MAX_SIZE; i++)
2102 			bogus[i] = 0x18 + i;
2103 		cmd.host_command_length = IW_ESSID_MAX_SIZE;
2104 	}
2105 
2106 	/* NOTE:  We always send the SSID command even if the provided ESSID is
2107 	 * the same as what we currently think is set. */
2108 
2109 	err = ipw2100_hw_send_command(priv, &cmd);
2110 	if (!err) {
2111 		memset(priv->essid + ssid_len, 0, IW_ESSID_MAX_SIZE - ssid_len);
2112 		memcpy(priv->essid, essid, ssid_len);
2113 		priv->essid_len = ssid_len;
2114 	}
2115 
2116 	if (!batch_mode) {
2117 		if (ipw2100_enable_adapter(priv))
2118 			err = -EIO;
2119 	}
2120 
2121 	return err;
2122 }
2123 
2124 static void isr_indicate_association_lost(struct ipw2100_priv *priv, u32 status)
2125 {
2126 	IPW_DEBUG(IPW_DL_NOTIF | IPW_DL_STATE | IPW_DL_ASSOC,
2127 		  "disassociated: '%*pE' %pM\n", priv->essid_len, priv->essid,
2128 		  priv->bssid);
2129 
2130 	priv->status &= ~(STATUS_ASSOCIATED | STATUS_ASSOCIATING);
2131 
2132 	if (priv->status & STATUS_STOPPING) {
2133 		IPW_DEBUG_INFO("Card is stopping itself, discard ASSN_LOST.\n");
2134 		return;
2135 	}
2136 
2137 	eth_zero_addr(priv->bssid);
2138 	eth_zero_addr(priv->ieee->bssid);
2139 
2140 	netif_carrier_off(priv->net_dev);
2141 	netif_stop_queue(priv->net_dev);
2142 
2143 	if (!(priv->status & STATUS_RUNNING))
2144 		return;
2145 
2146 	if (priv->status & STATUS_SECURITY_UPDATED)
2147 		schedule_delayed_work(&priv->security_work, 0);
2148 
2149 	schedule_delayed_work(&priv->wx_event_work, 0);
2150 }
2151 
2152 static void isr_indicate_rf_kill(struct ipw2100_priv *priv, u32 status)
2153 {
2154 	IPW_DEBUG_INFO("%s: RF Kill state changed to radio OFF.\n",
2155 		       priv->net_dev->name);
2156 
2157 	/* RF_KILL is now enabled (else we wouldn't be here) */
2158 	wiphy_rfkill_set_hw_state(priv->ieee->wdev.wiphy, true);
2159 	priv->status |= STATUS_RF_KILL_HW;
2160 
2161 	/* Make sure the RF Kill check timer is running */
2162 	priv->stop_rf_kill = 0;
2163 	mod_delayed_work(system_wq, &priv->rf_kill, round_jiffies_relative(HZ));
2164 }
2165 
2166 static void ipw2100_scan_event(struct work_struct *work)
2167 {
2168 	struct ipw2100_priv *priv = container_of(work, struct ipw2100_priv,
2169 						 scan_event.work);
2170 	union iwreq_data wrqu;
2171 
2172 	wrqu.data.length = 0;
2173 	wrqu.data.flags = 0;
2174 	wireless_send_event(priv->net_dev, SIOCGIWSCAN, &wrqu, NULL);
2175 }
2176 
2177 static void isr_scan_complete(struct ipw2100_priv *priv, u32 status)
2178 {
2179 	IPW_DEBUG_SCAN("scan complete\n");
2180 	/* Age the scan results... */
2181 	priv->ieee->scans++;
2182 	priv->status &= ~STATUS_SCANNING;
2183 
2184 	/* Only userspace-requested scan completion events go out immediately */
2185 	if (!priv->user_requested_scan) {
2186 		schedule_delayed_work(&priv->scan_event,
2187 				      round_jiffies_relative(msecs_to_jiffies(4000)));
2188 	} else {
2189 		priv->user_requested_scan = 0;
2190 		mod_delayed_work(system_wq, &priv->scan_event, 0);
2191 	}
2192 }
2193 
2194 #ifdef CONFIG_IPW2100_DEBUG
2195 #define IPW2100_HANDLER(v, f) { v, f, # v }
2196 struct ipw2100_status_indicator {
2197 	int status;
2198 	void (*cb) (struct ipw2100_priv * priv, u32 status);
2199 	char *name;
2200 };
2201 #else
2202 #define IPW2100_HANDLER(v, f) { v, f }
2203 struct ipw2100_status_indicator {
2204 	int status;
2205 	void (*cb) (struct ipw2100_priv * priv, u32 status);
2206 };
2207 #endif				/* CONFIG_IPW2100_DEBUG */
2208 
2209 static void isr_indicate_scanning(struct ipw2100_priv *priv, u32 status)
2210 {
2211 	IPW_DEBUG_SCAN("Scanning...\n");
2212 	priv->status |= STATUS_SCANNING;
2213 }
2214 
2215 static const struct ipw2100_status_indicator status_handlers[] = {
2216 	IPW2100_HANDLER(IPW_STATE_INITIALIZED, NULL),
2217 	IPW2100_HANDLER(IPW_STATE_COUNTRY_FOUND, NULL),
2218 	IPW2100_HANDLER(IPW_STATE_ASSOCIATED, isr_indicate_associated),
2219 	IPW2100_HANDLER(IPW_STATE_ASSN_LOST, isr_indicate_association_lost),
2220 	IPW2100_HANDLER(IPW_STATE_ASSN_CHANGED, NULL),
2221 	IPW2100_HANDLER(IPW_STATE_SCAN_COMPLETE, isr_scan_complete),
2222 	IPW2100_HANDLER(IPW_STATE_ENTERED_PSP, NULL),
2223 	IPW2100_HANDLER(IPW_STATE_LEFT_PSP, NULL),
2224 	IPW2100_HANDLER(IPW_STATE_RF_KILL, isr_indicate_rf_kill),
2225 	IPW2100_HANDLER(IPW_STATE_DISABLED, NULL),
2226 	IPW2100_HANDLER(IPW_STATE_POWER_DOWN, NULL),
2227 	IPW2100_HANDLER(IPW_STATE_SCANNING, isr_indicate_scanning),
2228 	IPW2100_HANDLER(-1, NULL)
2229 };
2230 
2231 static void isr_status_change(struct ipw2100_priv *priv, int status)
2232 {
2233 	int i;
2234 
2235 	if (status == IPW_STATE_SCANNING &&
2236 	    priv->status & STATUS_ASSOCIATED &&
2237 	    !(priv->status & STATUS_SCANNING)) {
2238 		IPW_DEBUG_INFO("Scan detected while associated, with "
2239 			       "no scan request.  Restarting firmware.\n");
2240 
2241 		/* Wake up any sleeping jobs */
2242 		schedule_reset(priv);
2243 	}
2244 
2245 	for (i = 0; status_handlers[i].status != -1; i++) {
2246 		if (status == status_handlers[i].status) {
2247 			IPW_DEBUG_NOTIF("Status change: %s\n",
2248 					status_handlers[i].name);
2249 			if (status_handlers[i].cb)
2250 				status_handlers[i].cb(priv, status);
2251 			priv->wstats.status = status;
2252 			return;
2253 		}
2254 	}
2255 
2256 	IPW_DEBUG_NOTIF("unknown status received: %04x\n", status);
2257 }
2258 
2259 static void isr_rx_complete_command(struct ipw2100_priv *priv,
2260 				    struct ipw2100_cmd_header *cmd)
2261 {
2262 #ifdef CONFIG_IPW2100_DEBUG
2263 	if (cmd->host_command_reg < ARRAY_SIZE(command_types)) {
2264 		IPW_DEBUG_HC("Command completed '%s (%d)'\n",
2265 			     command_types[cmd->host_command_reg],
2266 			     cmd->host_command_reg);
2267 	}
2268 #endif
2269 	if (cmd->host_command_reg == HOST_COMPLETE)
2270 		priv->status |= STATUS_ENABLED;
2271 
2272 	if (cmd->host_command_reg == CARD_DISABLE)
2273 		priv->status &= ~STATUS_ENABLED;
2274 
2275 	priv->status &= ~STATUS_CMD_ACTIVE;
2276 
2277 	wake_up_interruptible(&priv->wait_command_queue);
2278 }
2279 
2280 #ifdef CONFIG_IPW2100_DEBUG
2281 static const char *frame_types[] = {
2282 	"COMMAND_STATUS_VAL",
2283 	"STATUS_CHANGE_VAL",
2284 	"P80211_DATA_VAL",
2285 	"P8023_DATA_VAL",
2286 	"HOST_NOTIFICATION_VAL"
2287 };
2288 #endif
2289 
2290 static int ipw2100_alloc_skb(struct ipw2100_priv *priv,
2291 				    struct ipw2100_rx_packet *packet)
2292 {
2293 	packet->skb = dev_alloc_skb(sizeof(struct ipw2100_rx));
2294 	if (!packet->skb)
2295 		return -ENOMEM;
2296 
2297 	packet->rxp = (struct ipw2100_rx *)packet->skb->data;
2298 	packet->dma_addr = pci_map_single(priv->pci_dev, packet->skb->data,
2299 					  sizeof(struct ipw2100_rx),
2300 					  PCI_DMA_FROMDEVICE);
2301 	if (pci_dma_mapping_error(priv->pci_dev, packet->dma_addr)) {
2302 		dev_kfree_skb(packet->skb);
2303 		return -ENOMEM;
2304 	}
2305 
2306 	return 0;
2307 }
2308 
2309 #define SEARCH_ERROR   0xffffffff
2310 #define SEARCH_FAIL    0xfffffffe
2311 #define SEARCH_SUCCESS 0xfffffff0
2312 #define SEARCH_DISCARD 0
2313 #define SEARCH_SNAPSHOT 1
2314 
2315 #define SNAPSHOT_ADDR(ofs) (priv->snapshot[((ofs) >> 12) & 0xff] + ((ofs) & 0xfff))
2316 static void ipw2100_snapshot_free(struct ipw2100_priv *priv)
2317 {
2318 	int i;
2319 	if (!priv->snapshot[0])
2320 		return;
2321 	for (i = 0; i < 0x30; i++)
2322 		kfree(priv->snapshot[i]);
2323 	priv->snapshot[0] = NULL;
2324 }
2325 
2326 #ifdef IPW2100_DEBUG_C3
2327 static int ipw2100_snapshot_alloc(struct ipw2100_priv *priv)
2328 {
2329 	int i;
2330 	if (priv->snapshot[0])
2331 		return 1;
2332 	for (i = 0; i < 0x30; i++) {
2333 		priv->snapshot[i] = kmalloc(0x1000, GFP_ATOMIC);
2334 		if (!priv->snapshot[i]) {
2335 			IPW_DEBUG_INFO("%s: Error allocating snapshot "
2336 				       "buffer %d\n", priv->net_dev->name, i);
2337 			while (i > 0)
2338 				kfree(priv->snapshot[--i]);
2339 			priv->snapshot[0] = NULL;
2340 			return 0;
2341 		}
2342 	}
2343 
2344 	return 1;
2345 }
2346 
2347 static u32 ipw2100_match_buf(struct ipw2100_priv *priv, u8 * in_buf,
2348 				    size_t len, int mode)
2349 {
2350 	u32 i, j;
2351 	u32 tmp;
2352 	u8 *s, *d;
2353 	u32 ret;
2354 
2355 	s = in_buf;
2356 	if (mode == SEARCH_SNAPSHOT) {
2357 		if (!ipw2100_snapshot_alloc(priv))
2358 			mode = SEARCH_DISCARD;
2359 	}
2360 
2361 	for (ret = SEARCH_FAIL, i = 0; i < 0x30000; i += 4) {
2362 		read_nic_dword(priv->net_dev, i, &tmp);
2363 		if (mode == SEARCH_SNAPSHOT)
2364 			*(u32 *) SNAPSHOT_ADDR(i) = tmp;
2365 		if (ret == SEARCH_FAIL) {
2366 			d = (u8 *) & tmp;
2367 			for (j = 0; j < 4; j++) {
2368 				if (*s != *d) {
2369 					s = in_buf;
2370 					continue;
2371 				}
2372 
2373 				s++;
2374 				d++;
2375 
2376 				if ((s - in_buf) == len)
2377 					ret = (i + j) - len + 1;
2378 			}
2379 		} else if (mode == SEARCH_DISCARD)
2380 			return ret;
2381 	}
2382 
2383 	return ret;
2384 }
2385 #endif
2386 
2387 /*
2388  *
2389  * 0) Disconnect the SKB from the firmware (just unmap)
2390  * 1) Pack the ETH header into the SKB
2391  * 2) Pass the SKB to the network stack
2392  *
2393  * When packet is provided by the firmware, it contains the following:
2394  *
2395  * .  libipw_hdr
2396  * .  libipw_snap_hdr
2397  *
2398  * The size of the constructed ethernet
2399  *
2400  */
2401 #ifdef IPW2100_RX_DEBUG
2402 static u8 packet_data[IPW_RX_NIC_BUFFER_LENGTH];
2403 #endif
2404 
2405 static void ipw2100_corruption_detected(struct ipw2100_priv *priv, int i)
2406 {
2407 #ifdef IPW2100_DEBUG_C3
2408 	struct ipw2100_status *status = &priv->status_queue.drv[i];
2409 	u32 match, reg;
2410 	int j;
2411 #endif
2412 
2413 	IPW_DEBUG_INFO(": PCI latency error detected at 0x%04zX.\n",
2414 		       i * sizeof(struct ipw2100_status));
2415 
2416 #ifdef IPW2100_DEBUG_C3
2417 	/* Halt the firmware so we can get a good image */
2418 	write_register(priv->net_dev, IPW_REG_RESET_REG,
2419 		       IPW_AUX_HOST_RESET_REG_STOP_MASTER);
2420 	j = 5;
2421 	do {
2422 		udelay(IPW_WAIT_RESET_MASTER_ASSERT_COMPLETE_DELAY);
2423 		read_register(priv->net_dev, IPW_REG_RESET_REG, &reg);
2424 
2425 		if (reg & IPW_AUX_HOST_RESET_REG_MASTER_DISABLED)
2426 			break;
2427 	} while (j--);
2428 
2429 	match = ipw2100_match_buf(priv, (u8 *) status,
2430 				  sizeof(struct ipw2100_status),
2431 				  SEARCH_SNAPSHOT);
2432 	if (match < SEARCH_SUCCESS)
2433 		IPW_DEBUG_INFO("%s: DMA status match in Firmware at "
2434 			       "offset 0x%06X, length %d:\n",
2435 			       priv->net_dev->name, match,
2436 			       sizeof(struct ipw2100_status));
2437 	else
2438 		IPW_DEBUG_INFO("%s: No DMA status match in "
2439 			       "Firmware.\n", priv->net_dev->name);
2440 
2441 	printk_buf((u8 *) priv->status_queue.drv,
2442 		   sizeof(struct ipw2100_status) * RX_QUEUE_LENGTH);
2443 #endif
2444 
2445 	priv->fatal_error = IPW2100_ERR_C3_CORRUPTION;
2446 	priv->net_dev->stats.rx_errors++;
2447 	schedule_reset(priv);
2448 }
2449 
2450 static void isr_rx(struct ipw2100_priv *priv, int i,
2451 			  struct libipw_rx_stats *stats)
2452 {
2453 	struct net_device *dev = priv->net_dev;
2454 	struct ipw2100_status *status = &priv->status_queue.drv[i];
2455 	struct ipw2100_rx_packet *packet = &priv->rx_buffers[i];
2456 
2457 	IPW_DEBUG_RX("Handler...\n");
2458 
2459 	if (unlikely(status->frame_size > skb_tailroom(packet->skb))) {
2460 		IPW_DEBUG_INFO("%s: frame_size (%u) > skb_tailroom (%u)!"
2461 			       "  Dropping.\n",
2462 			       dev->name,
2463 			       status->frame_size, skb_tailroom(packet->skb));
2464 		dev->stats.rx_errors++;
2465 		return;
2466 	}
2467 
2468 	if (unlikely(!netif_running(dev))) {
2469 		dev->stats.rx_errors++;
2470 		priv->wstats.discard.misc++;
2471 		IPW_DEBUG_DROP("Dropping packet while interface is not up.\n");
2472 		return;
2473 	}
2474 
2475 	if (unlikely(priv->ieee->iw_mode != IW_MODE_MONITOR &&
2476 		     !(priv->status & STATUS_ASSOCIATED))) {
2477 		IPW_DEBUG_DROP("Dropping packet while not associated.\n");
2478 		priv->wstats.discard.misc++;
2479 		return;
2480 	}
2481 
2482 	pci_unmap_single(priv->pci_dev,
2483 			 packet->dma_addr,
2484 			 sizeof(struct ipw2100_rx), PCI_DMA_FROMDEVICE);
2485 
2486 	skb_put(packet->skb, status->frame_size);
2487 
2488 #ifdef IPW2100_RX_DEBUG
2489 	/* Make a copy of the frame so we can dump it to the logs if
2490 	 * libipw_rx fails */
2491 	skb_copy_from_linear_data(packet->skb, packet_data,
2492 				  min_t(u32, status->frame_size,
2493 					     IPW_RX_NIC_BUFFER_LENGTH));
2494 #endif
2495 
2496 	if (!libipw_rx(priv->ieee, packet->skb, stats)) {
2497 #ifdef IPW2100_RX_DEBUG
2498 		IPW_DEBUG_DROP("%s: Non consumed packet:\n",
2499 			       dev->name);
2500 		printk_buf(IPW_DL_DROP, packet_data, status->frame_size);
2501 #endif
2502 		dev->stats.rx_errors++;
2503 
2504 		/* libipw_rx failed, so it didn't free the SKB */
2505 		dev_kfree_skb_any(packet->skb);
2506 		packet->skb = NULL;
2507 	}
2508 
2509 	/* We need to allocate a new SKB and attach it to the RDB. */
2510 	if (unlikely(ipw2100_alloc_skb(priv, packet))) {
2511 		printk(KERN_WARNING DRV_NAME ": "
2512 		       "%s: Unable to allocate SKB onto RBD ring - disabling "
2513 		       "adapter.\n", dev->name);
2514 		/* TODO: schedule adapter shutdown */
2515 		IPW_DEBUG_INFO("TODO: Shutdown adapter...\n");
2516 	}
2517 
2518 	/* Update the RDB entry */
2519 	priv->rx_queue.drv[i].host_addr = packet->dma_addr;
2520 }
2521 
2522 #ifdef CONFIG_IPW2100_MONITOR
2523 
2524 static void isr_rx_monitor(struct ipw2100_priv *priv, int i,
2525 		   struct libipw_rx_stats *stats)
2526 {
2527 	struct net_device *dev = priv->net_dev;
2528 	struct ipw2100_status *status = &priv->status_queue.drv[i];
2529 	struct ipw2100_rx_packet *packet = &priv->rx_buffers[i];
2530 
2531 	/* Magic struct that slots into the radiotap header -- no reason
2532 	 * to build this manually element by element, we can write it much
2533 	 * more efficiently than we can parse it. ORDER MATTERS HERE */
2534 	struct ipw_rt_hdr {
2535 		struct ieee80211_radiotap_header rt_hdr;
2536 		s8 rt_dbmsignal; /* signal in dbM, kluged to signed */
2537 	} *ipw_rt;
2538 
2539 	IPW_DEBUG_RX("Handler...\n");
2540 
2541 	if (unlikely(status->frame_size > skb_tailroom(packet->skb) -
2542 				sizeof(struct ipw_rt_hdr))) {
2543 		IPW_DEBUG_INFO("%s: frame_size (%u) > skb_tailroom (%u)!"
2544 			       "  Dropping.\n",
2545 			       dev->name,
2546 			       status->frame_size,
2547 			       skb_tailroom(packet->skb));
2548 		dev->stats.rx_errors++;
2549 		return;
2550 	}
2551 
2552 	if (unlikely(!netif_running(dev))) {
2553 		dev->stats.rx_errors++;
2554 		priv->wstats.discard.misc++;
2555 		IPW_DEBUG_DROP("Dropping packet while interface is not up.\n");
2556 		return;
2557 	}
2558 
2559 	if (unlikely(priv->config & CFG_CRC_CHECK &&
2560 		     status->flags & IPW_STATUS_FLAG_CRC_ERROR)) {
2561 		IPW_DEBUG_RX("CRC error in packet.  Dropping.\n");
2562 		dev->stats.rx_errors++;
2563 		return;
2564 	}
2565 
2566 	pci_unmap_single(priv->pci_dev, packet->dma_addr,
2567 			 sizeof(struct ipw2100_rx), PCI_DMA_FROMDEVICE);
2568 	memmove(packet->skb->data + sizeof(struct ipw_rt_hdr),
2569 		packet->skb->data, status->frame_size);
2570 
2571 	ipw_rt = (struct ipw_rt_hdr *) packet->skb->data;
2572 
2573 	ipw_rt->rt_hdr.it_version = PKTHDR_RADIOTAP_VERSION;
2574 	ipw_rt->rt_hdr.it_pad = 0; /* always good to zero */
2575 	ipw_rt->rt_hdr.it_len = cpu_to_le16(sizeof(struct ipw_rt_hdr)); /* total hdr+data */
2576 
2577 	ipw_rt->rt_hdr.it_present = cpu_to_le32(1 << IEEE80211_RADIOTAP_DBM_ANTSIGNAL);
2578 
2579 	ipw_rt->rt_dbmsignal = status->rssi + IPW2100_RSSI_TO_DBM;
2580 
2581 	skb_put(packet->skb, status->frame_size + sizeof(struct ipw_rt_hdr));
2582 
2583 	if (!libipw_rx(priv->ieee, packet->skb, stats)) {
2584 		dev->stats.rx_errors++;
2585 
2586 		/* libipw_rx failed, so it didn't free the SKB */
2587 		dev_kfree_skb_any(packet->skb);
2588 		packet->skb = NULL;
2589 	}
2590 
2591 	/* We need to allocate a new SKB and attach it to the RDB. */
2592 	if (unlikely(ipw2100_alloc_skb(priv, packet))) {
2593 		IPW_DEBUG_WARNING(
2594 			"%s: Unable to allocate SKB onto RBD ring - disabling "
2595 			"adapter.\n", dev->name);
2596 		/* TODO: schedule adapter shutdown */
2597 		IPW_DEBUG_INFO("TODO: Shutdown adapter...\n");
2598 	}
2599 
2600 	/* Update the RDB entry */
2601 	priv->rx_queue.drv[i].host_addr = packet->dma_addr;
2602 }
2603 
2604 #endif
2605 
2606 static int ipw2100_corruption_check(struct ipw2100_priv *priv, int i)
2607 {
2608 	struct ipw2100_status *status = &priv->status_queue.drv[i];
2609 	struct ipw2100_rx *u = priv->rx_buffers[i].rxp;
2610 	u16 frame_type = status->status_fields & STATUS_TYPE_MASK;
2611 
2612 	switch (frame_type) {
2613 	case COMMAND_STATUS_VAL:
2614 		return (status->frame_size != sizeof(u->rx_data.command));
2615 	case STATUS_CHANGE_VAL:
2616 		return (status->frame_size != sizeof(u->rx_data.status));
2617 	case HOST_NOTIFICATION_VAL:
2618 		return (status->frame_size < sizeof(u->rx_data.notification));
2619 	case P80211_DATA_VAL:
2620 	case P8023_DATA_VAL:
2621 #ifdef CONFIG_IPW2100_MONITOR
2622 		return 0;
2623 #else
2624 		switch (WLAN_FC_GET_TYPE(le16_to_cpu(u->rx_data.header.frame_ctl))) {
2625 		case IEEE80211_FTYPE_MGMT:
2626 		case IEEE80211_FTYPE_CTL:
2627 			return 0;
2628 		case IEEE80211_FTYPE_DATA:
2629 			return (status->frame_size >
2630 				IPW_MAX_802_11_PAYLOAD_LENGTH);
2631 		}
2632 #endif
2633 	}
2634 
2635 	return 1;
2636 }
2637 
2638 /*
2639  * ipw2100 interrupts are disabled at this point, and the ISR
2640  * is the only code that calls this method.  So, we do not need
2641  * to play with any locks.
2642  *
2643  * RX Queue works as follows:
2644  *
2645  * Read index - firmware places packet in entry identified by the
2646  *              Read index and advances Read index.  In this manner,
2647  *              Read index will always point to the next packet to
2648  *              be filled--but not yet valid.
2649  *
2650  * Write index - driver fills this entry with an unused RBD entry.
2651  *               This entry has not filled by the firmware yet.
2652  *
2653  * In between the W and R indexes are the RBDs that have been received
2654  * but not yet processed.
2655  *
2656  * The process of handling packets will start at WRITE + 1 and advance
2657  * until it reaches the READ index.
2658  *
2659  * The WRITE index is cached in the variable 'priv->rx_queue.next'.
2660  *
2661  */
2662 static void __ipw2100_rx_process(struct ipw2100_priv *priv)
2663 {
2664 	struct ipw2100_bd_queue *rxq = &priv->rx_queue;
2665 	struct ipw2100_status_queue *sq = &priv->status_queue;
2666 	struct ipw2100_rx_packet *packet;
2667 	u16 frame_type;
2668 	u32 r, w, i, s;
2669 	struct ipw2100_rx *u;
2670 	struct libipw_rx_stats stats = {
2671 		.mac_time = jiffies,
2672 	};
2673 
2674 	read_register(priv->net_dev, IPW_MEM_HOST_SHARED_RX_READ_INDEX, &r);
2675 	read_register(priv->net_dev, IPW_MEM_HOST_SHARED_RX_WRITE_INDEX, &w);
2676 
2677 	if (r >= rxq->entries) {
2678 		IPW_DEBUG_RX("exit - bad read index\n");
2679 		return;
2680 	}
2681 
2682 	i = (rxq->next + 1) % rxq->entries;
2683 	s = i;
2684 	while (i != r) {
2685 		/* IPW_DEBUG_RX("r = %d : w = %d : processing = %d\n",
2686 		   r, rxq->next, i); */
2687 
2688 		packet = &priv->rx_buffers[i];
2689 
2690 		/* Sync the DMA for the RX buffer so CPU is sure to get
2691 		 * the correct values */
2692 		pci_dma_sync_single_for_cpu(priv->pci_dev, packet->dma_addr,
2693 					    sizeof(struct ipw2100_rx),
2694 					    PCI_DMA_FROMDEVICE);
2695 
2696 		if (unlikely(ipw2100_corruption_check(priv, i))) {
2697 			ipw2100_corruption_detected(priv, i);
2698 			goto increment;
2699 		}
2700 
2701 		u = packet->rxp;
2702 		frame_type = sq->drv[i].status_fields & STATUS_TYPE_MASK;
2703 		stats.rssi = sq->drv[i].rssi + IPW2100_RSSI_TO_DBM;
2704 		stats.len = sq->drv[i].frame_size;
2705 
2706 		stats.mask = 0;
2707 		if (stats.rssi != 0)
2708 			stats.mask |= LIBIPW_STATMASK_RSSI;
2709 		stats.freq = LIBIPW_24GHZ_BAND;
2710 
2711 		IPW_DEBUG_RX("%s: '%s' frame type received (%d).\n",
2712 			     priv->net_dev->name, frame_types[frame_type],
2713 			     stats.len);
2714 
2715 		switch (frame_type) {
2716 		case COMMAND_STATUS_VAL:
2717 			/* Reset Rx watchdog */
2718 			isr_rx_complete_command(priv, &u->rx_data.command);
2719 			break;
2720 
2721 		case STATUS_CHANGE_VAL:
2722 			isr_status_change(priv, u->rx_data.status);
2723 			break;
2724 
2725 		case P80211_DATA_VAL:
2726 		case P8023_DATA_VAL:
2727 #ifdef CONFIG_IPW2100_MONITOR
2728 			if (priv->ieee->iw_mode == IW_MODE_MONITOR) {
2729 				isr_rx_monitor(priv, i, &stats);
2730 				break;
2731 			}
2732 #endif
2733 			if (stats.len < sizeof(struct libipw_hdr_3addr))
2734 				break;
2735 			switch (WLAN_FC_GET_TYPE(le16_to_cpu(u->rx_data.header.frame_ctl))) {
2736 			case IEEE80211_FTYPE_MGMT:
2737 				libipw_rx_mgt(priv->ieee,
2738 						 &u->rx_data.header, &stats);
2739 				break;
2740 
2741 			case IEEE80211_FTYPE_CTL:
2742 				break;
2743 
2744 			case IEEE80211_FTYPE_DATA:
2745 				isr_rx(priv, i, &stats);
2746 				break;
2747 
2748 			}
2749 			break;
2750 		}
2751 
2752 	      increment:
2753 		/* clear status field associated with this RBD */
2754 		rxq->drv[i].status.info.field = 0;
2755 
2756 		i = (i + 1) % rxq->entries;
2757 	}
2758 
2759 	if (i != s) {
2760 		/* backtrack one entry, wrapping to end if at 0 */
2761 		rxq->next = (i ? i : rxq->entries) - 1;
2762 
2763 		write_register(priv->net_dev,
2764 			       IPW_MEM_HOST_SHARED_RX_WRITE_INDEX, rxq->next);
2765 	}
2766 }
2767 
2768 /*
2769  * __ipw2100_tx_process
2770  *
2771  * This routine will determine whether the next packet on
2772  * the fw_pend_list has been processed by the firmware yet.
2773  *
2774  * If not, then it does nothing and returns.
2775  *
2776  * If so, then it removes the item from the fw_pend_list, frees
2777  * any associated storage, and places the item back on the
2778  * free list of its source (either msg_free_list or tx_free_list)
2779  *
2780  * TX Queue works as follows:
2781  *
2782  * Read index - points to the next TBD that the firmware will
2783  *              process.  The firmware will read the data, and once
2784  *              done processing, it will advance the Read index.
2785  *
2786  * Write index - driver fills this entry with an constructed TBD
2787  *               entry.  The Write index is not advanced until the
2788  *               packet has been configured.
2789  *
2790  * In between the W and R indexes are the TBDs that have NOT been
2791  * processed.  Lagging behind the R index are packets that have
2792  * been processed but have not been freed by the driver.
2793  *
2794  * In order to free old storage, an internal index will be maintained
2795  * that points to the next packet to be freed.  When all used
2796  * packets have been freed, the oldest index will be the same as the
2797  * firmware's read index.
2798  *
2799  * The OLDEST index is cached in the variable 'priv->tx_queue.oldest'
2800  *
2801  * Because the TBD structure can not contain arbitrary data, the
2802  * driver must keep an internal queue of cached allocations such that
2803  * it can put that data back into the tx_free_list and msg_free_list
2804  * for use by future command and data packets.
2805  *
2806  */
2807 static int __ipw2100_tx_process(struct ipw2100_priv *priv)
2808 {
2809 	struct ipw2100_bd_queue *txq = &priv->tx_queue;
2810 	struct ipw2100_bd *tbd;
2811 	struct list_head *element;
2812 	struct ipw2100_tx_packet *packet;
2813 	int descriptors_used;
2814 	int e, i;
2815 	u32 r, w, frag_num = 0;
2816 
2817 	if (list_empty(&priv->fw_pend_list))
2818 		return 0;
2819 
2820 	element = priv->fw_pend_list.next;
2821 
2822 	packet = list_entry(element, struct ipw2100_tx_packet, list);
2823 	tbd = &txq->drv[packet->index];
2824 
2825 	/* Determine how many TBD entries must be finished... */
2826 	switch (packet->type) {
2827 	case COMMAND:
2828 		/* COMMAND uses only one slot; don't advance */
2829 		descriptors_used = 1;
2830 		e = txq->oldest;
2831 		break;
2832 
2833 	case DATA:
2834 		/* DATA uses two slots; advance and loop position. */
2835 		descriptors_used = tbd->num_fragments;
2836 		frag_num = tbd->num_fragments - 1;
2837 		e = txq->oldest + frag_num;
2838 		e %= txq->entries;
2839 		break;
2840 
2841 	default:
2842 		printk(KERN_WARNING DRV_NAME ": %s: Bad fw_pend_list entry!\n",
2843 		       priv->net_dev->name);
2844 		return 0;
2845 	}
2846 
2847 	/* if the last TBD is not done by NIC yet, then packet is
2848 	 * not ready to be released.
2849 	 *
2850 	 */
2851 	read_register(priv->net_dev, IPW_MEM_HOST_SHARED_TX_QUEUE_READ_INDEX,
2852 		      &r);
2853 	read_register(priv->net_dev, IPW_MEM_HOST_SHARED_TX_QUEUE_WRITE_INDEX,
2854 		      &w);
2855 	if (w != txq->next)
2856 		printk(KERN_WARNING DRV_NAME ": %s: write index mismatch\n",
2857 		       priv->net_dev->name);
2858 
2859 	/*
2860 	 * txq->next is the index of the last packet written txq->oldest is
2861 	 * the index of the r is the index of the next packet to be read by
2862 	 * firmware
2863 	 */
2864 
2865 	/*
2866 	 * Quick graphic to help you visualize the following
2867 	 * if / else statement
2868 	 *
2869 	 * ===>|                     s---->|===============
2870 	 *                               e>|
2871 	 * | a | b | c | d | e | f | g | h | i | j | k | l
2872 	 *       r---->|
2873 	 *               w
2874 	 *
2875 	 * w - updated by driver
2876 	 * r - updated by firmware
2877 	 * s - start of oldest BD entry (txq->oldest)
2878 	 * e - end of oldest BD entry
2879 	 *
2880 	 */
2881 	if (!((r <= w && (e < r || e >= w)) || (e < r && e >= w))) {
2882 		IPW_DEBUG_TX("exit - no processed packets ready to release.\n");
2883 		return 0;
2884 	}
2885 
2886 	list_del(element);
2887 	DEC_STAT(&priv->fw_pend_stat);
2888 
2889 #ifdef CONFIG_IPW2100_DEBUG
2890 	{
2891 		i = txq->oldest;
2892 		IPW_DEBUG_TX("TX%d V=%p P=%04X T=%04X L=%d\n", i,
2893 			     &txq->drv[i],
2894 			     (u32) (txq->nic + i * sizeof(struct ipw2100_bd)),
2895 			     txq->drv[i].host_addr, txq->drv[i].buf_length);
2896 
2897 		if (packet->type == DATA) {
2898 			i = (i + 1) % txq->entries;
2899 
2900 			IPW_DEBUG_TX("TX%d V=%p P=%04X T=%04X L=%d\n", i,
2901 				     &txq->drv[i],
2902 				     (u32) (txq->nic + i *
2903 					    sizeof(struct ipw2100_bd)),
2904 				     (u32) txq->drv[i].host_addr,
2905 				     txq->drv[i].buf_length);
2906 		}
2907 	}
2908 #endif
2909 
2910 	switch (packet->type) {
2911 	case DATA:
2912 		if (txq->drv[txq->oldest].status.info.fields.txType != 0)
2913 			printk(KERN_WARNING DRV_NAME ": %s: Queue mismatch.  "
2914 			       "Expecting DATA TBD but pulled "
2915 			       "something else: ids %d=%d.\n",
2916 			       priv->net_dev->name, txq->oldest, packet->index);
2917 
2918 		/* DATA packet; we have to unmap and free the SKB */
2919 		for (i = 0; i < frag_num; i++) {
2920 			tbd = &txq->drv[(packet->index + 1 + i) % txq->entries];
2921 
2922 			IPW_DEBUG_TX("TX%d P=%08x L=%d\n",
2923 				     (packet->index + 1 + i) % txq->entries,
2924 				     tbd->host_addr, tbd->buf_length);
2925 
2926 			pci_unmap_single(priv->pci_dev,
2927 					 tbd->host_addr,
2928 					 tbd->buf_length, PCI_DMA_TODEVICE);
2929 		}
2930 
2931 		libipw_txb_free(packet->info.d_struct.txb);
2932 		packet->info.d_struct.txb = NULL;
2933 
2934 		list_add_tail(element, &priv->tx_free_list);
2935 		INC_STAT(&priv->tx_free_stat);
2936 
2937 		/* We have a free slot in the Tx queue, so wake up the
2938 		 * transmit layer if it is stopped. */
2939 		if (priv->status & STATUS_ASSOCIATED)
2940 			netif_wake_queue(priv->net_dev);
2941 
2942 		/* A packet was processed by the hardware, so update the
2943 		 * watchdog */
2944 		netif_trans_update(priv->net_dev);
2945 
2946 		break;
2947 
2948 	case COMMAND:
2949 		if (txq->drv[txq->oldest].status.info.fields.txType != 1)
2950 			printk(KERN_WARNING DRV_NAME ": %s: Queue mismatch.  "
2951 			       "Expecting COMMAND TBD but pulled "
2952 			       "something else: ids %d=%d.\n",
2953 			       priv->net_dev->name, txq->oldest, packet->index);
2954 
2955 #ifdef CONFIG_IPW2100_DEBUG
2956 		if (packet->info.c_struct.cmd->host_command_reg <
2957 		    ARRAY_SIZE(command_types))
2958 			IPW_DEBUG_TX("Command '%s (%d)' processed: %d.\n",
2959 				     command_types[packet->info.c_struct.cmd->
2960 						   host_command_reg],
2961 				     packet->info.c_struct.cmd->
2962 				     host_command_reg,
2963 				     packet->info.c_struct.cmd->cmd_status_reg);
2964 #endif
2965 
2966 		list_add_tail(element, &priv->msg_free_list);
2967 		INC_STAT(&priv->msg_free_stat);
2968 		break;
2969 	}
2970 
2971 	/* advance oldest used TBD pointer to start of next entry */
2972 	txq->oldest = (e + 1) % txq->entries;
2973 	/* increase available TBDs number */
2974 	txq->available += descriptors_used;
2975 	SET_STAT(&priv->txq_stat, txq->available);
2976 
2977 	IPW_DEBUG_TX("packet latency (send to process)  %ld jiffies\n",
2978 		     jiffies - packet->jiffy_start);
2979 
2980 	return (!list_empty(&priv->fw_pend_list));
2981 }
2982 
2983 static inline void __ipw2100_tx_complete(struct ipw2100_priv *priv)
2984 {
2985 	int i = 0;
2986 
2987 	while (__ipw2100_tx_process(priv) && i < 200)
2988 		i++;
2989 
2990 	if (i == 200) {
2991 		printk(KERN_WARNING DRV_NAME ": "
2992 		       "%s: Driver is running slow (%d iters).\n",
2993 		       priv->net_dev->name, i);
2994 	}
2995 }
2996 
2997 static void ipw2100_tx_send_commands(struct ipw2100_priv *priv)
2998 {
2999 	struct list_head *element;
3000 	struct ipw2100_tx_packet *packet;
3001 	struct ipw2100_bd_queue *txq = &priv->tx_queue;
3002 	struct ipw2100_bd *tbd;
3003 	int next = txq->next;
3004 
3005 	while (!list_empty(&priv->msg_pend_list)) {
3006 		/* if there isn't enough space in TBD queue, then
3007 		 * don't stuff a new one in.
3008 		 * NOTE: 3 are needed as a command will take one,
3009 		 *       and there is a minimum of 2 that must be
3010 		 *       maintained between the r and w indexes
3011 		 */
3012 		if (txq->available <= 3) {
3013 			IPW_DEBUG_TX("no room in tx_queue\n");
3014 			break;
3015 		}
3016 
3017 		element = priv->msg_pend_list.next;
3018 		list_del(element);
3019 		DEC_STAT(&priv->msg_pend_stat);
3020 
3021 		packet = list_entry(element, struct ipw2100_tx_packet, list);
3022 
3023 		IPW_DEBUG_TX("using TBD at virt=%p, phys=%04X\n",
3024 			     &txq->drv[txq->next],
3025 			     (u32) (txq->nic + txq->next *
3026 				      sizeof(struct ipw2100_bd)));
3027 
3028 		packet->index = txq->next;
3029 
3030 		tbd = &txq->drv[txq->next];
3031 
3032 		/* initialize TBD */
3033 		tbd->host_addr = packet->info.c_struct.cmd_phys;
3034 		tbd->buf_length = sizeof(struct ipw2100_cmd_header);
3035 		/* not marking number of fragments causes problems
3036 		 * with f/w debug version */
3037 		tbd->num_fragments = 1;
3038 		tbd->status.info.field =
3039 		    IPW_BD_STATUS_TX_FRAME_COMMAND |
3040 		    IPW_BD_STATUS_TX_INTERRUPT_ENABLE;
3041 
3042 		/* update TBD queue counters */
3043 		txq->next++;
3044 		txq->next %= txq->entries;
3045 		txq->available--;
3046 		DEC_STAT(&priv->txq_stat);
3047 
3048 		list_add_tail(element, &priv->fw_pend_list);
3049 		INC_STAT(&priv->fw_pend_stat);
3050 	}
3051 
3052 	if (txq->next != next) {
3053 		/* kick off the DMA by notifying firmware the
3054 		 * write index has moved; make sure TBD stores are sync'd */
3055 		wmb();
3056 		write_register(priv->net_dev,
3057 			       IPW_MEM_HOST_SHARED_TX_QUEUE_WRITE_INDEX,
3058 			       txq->next);
3059 	}
3060 }
3061 
3062 /*
3063  * ipw2100_tx_send_data
3064  *
3065  */
3066 static void ipw2100_tx_send_data(struct ipw2100_priv *priv)
3067 {
3068 	struct list_head *element;
3069 	struct ipw2100_tx_packet *packet;
3070 	struct ipw2100_bd_queue *txq = &priv->tx_queue;
3071 	struct ipw2100_bd *tbd;
3072 	int next = txq->next;
3073 	int i = 0;
3074 	struct ipw2100_data_header *ipw_hdr;
3075 	struct libipw_hdr_3addr *hdr;
3076 
3077 	while (!list_empty(&priv->tx_pend_list)) {
3078 		/* if there isn't enough space in TBD queue, then
3079 		 * don't stuff a new one in.
3080 		 * NOTE: 4 are needed as a data will take two,
3081 		 *       and there is a minimum of 2 that must be
3082 		 *       maintained between the r and w indexes
3083 		 */
3084 		element = priv->tx_pend_list.next;
3085 		packet = list_entry(element, struct ipw2100_tx_packet, list);
3086 
3087 		if (unlikely(1 + packet->info.d_struct.txb->nr_frags >
3088 			     IPW_MAX_BDS)) {
3089 			/* TODO: Support merging buffers if more than
3090 			 * IPW_MAX_BDS are used */
3091 			IPW_DEBUG_INFO("%s: Maximum BD threshold exceeded.  "
3092 				       "Increase fragmentation level.\n",
3093 				       priv->net_dev->name);
3094 		}
3095 
3096 		if (txq->available <= 3 + packet->info.d_struct.txb->nr_frags) {
3097 			IPW_DEBUG_TX("no room in tx_queue\n");
3098 			break;
3099 		}
3100 
3101 		list_del(element);
3102 		DEC_STAT(&priv->tx_pend_stat);
3103 
3104 		tbd = &txq->drv[txq->next];
3105 
3106 		packet->index = txq->next;
3107 
3108 		ipw_hdr = packet->info.d_struct.data;
3109 		hdr = (struct libipw_hdr_3addr *)packet->info.d_struct.txb->
3110 		    fragments[0]->data;
3111 
3112 		if (priv->ieee->iw_mode == IW_MODE_INFRA) {
3113 			/* To DS: Addr1 = BSSID, Addr2 = SA,
3114 			   Addr3 = DA */
3115 			memcpy(ipw_hdr->src_addr, hdr->addr2, ETH_ALEN);
3116 			memcpy(ipw_hdr->dst_addr, hdr->addr3, ETH_ALEN);
3117 		} else if (priv->ieee->iw_mode == IW_MODE_ADHOC) {
3118 			/* not From/To DS: Addr1 = DA, Addr2 = SA,
3119 			   Addr3 = BSSID */
3120 			memcpy(ipw_hdr->src_addr, hdr->addr2, ETH_ALEN);
3121 			memcpy(ipw_hdr->dst_addr, hdr->addr1, ETH_ALEN);
3122 		}
3123 
3124 		ipw_hdr->host_command_reg = SEND;
3125 		ipw_hdr->host_command_reg1 = 0;
3126 
3127 		/* For now we only support host based encryption */
3128 		ipw_hdr->needs_encryption = 0;
3129 		ipw_hdr->encrypted = packet->info.d_struct.txb->encrypted;
3130 		if (packet->info.d_struct.txb->nr_frags > 1)
3131 			ipw_hdr->fragment_size =
3132 			    packet->info.d_struct.txb->frag_size -
3133 			    LIBIPW_3ADDR_LEN;
3134 		else
3135 			ipw_hdr->fragment_size = 0;
3136 
3137 		tbd->host_addr = packet->info.d_struct.data_phys;
3138 		tbd->buf_length = sizeof(struct ipw2100_data_header);
3139 		tbd->num_fragments = 1 + packet->info.d_struct.txb->nr_frags;
3140 		tbd->status.info.field =
3141 		    IPW_BD_STATUS_TX_FRAME_802_3 |
3142 		    IPW_BD_STATUS_TX_FRAME_NOT_LAST_FRAGMENT;
3143 		txq->next++;
3144 		txq->next %= txq->entries;
3145 
3146 		IPW_DEBUG_TX("data header tbd TX%d P=%08x L=%d\n",
3147 			     packet->index, tbd->host_addr, tbd->buf_length);
3148 #ifdef CONFIG_IPW2100_DEBUG
3149 		if (packet->info.d_struct.txb->nr_frags > 1)
3150 			IPW_DEBUG_FRAG("fragment Tx: %d frames\n",
3151 				       packet->info.d_struct.txb->nr_frags);
3152 #endif
3153 
3154 		for (i = 0; i < packet->info.d_struct.txb->nr_frags; i++) {
3155 			tbd = &txq->drv[txq->next];
3156 			if (i == packet->info.d_struct.txb->nr_frags - 1)
3157 				tbd->status.info.field =
3158 				    IPW_BD_STATUS_TX_FRAME_802_3 |
3159 				    IPW_BD_STATUS_TX_INTERRUPT_ENABLE;
3160 			else
3161 				tbd->status.info.field =
3162 				    IPW_BD_STATUS_TX_FRAME_802_3 |
3163 				    IPW_BD_STATUS_TX_FRAME_NOT_LAST_FRAGMENT;
3164 
3165 			tbd->buf_length = packet->info.d_struct.txb->
3166 			    fragments[i]->len - LIBIPW_3ADDR_LEN;
3167 
3168 			tbd->host_addr = pci_map_single(priv->pci_dev,
3169 							packet->info.d_struct.
3170 							txb->fragments[i]->
3171 							data +
3172 							LIBIPW_3ADDR_LEN,
3173 							tbd->buf_length,
3174 							PCI_DMA_TODEVICE);
3175 			if (pci_dma_mapping_error(priv->pci_dev,
3176 						  tbd->host_addr)) {
3177 				IPW_DEBUG_TX("dma mapping error\n");
3178 				break;
3179 			}
3180 
3181 			IPW_DEBUG_TX("data frag tbd TX%d P=%08x L=%d\n",
3182 				     txq->next, tbd->host_addr,
3183 				     tbd->buf_length);
3184 
3185 			pci_dma_sync_single_for_device(priv->pci_dev,
3186 						       tbd->host_addr,
3187 						       tbd->buf_length,
3188 						       PCI_DMA_TODEVICE);
3189 
3190 			txq->next++;
3191 			txq->next %= txq->entries;
3192 		}
3193 
3194 		txq->available -= 1 + packet->info.d_struct.txb->nr_frags;
3195 		SET_STAT(&priv->txq_stat, txq->available);
3196 
3197 		list_add_tail(element, &priv->fw_pend_list);
3198 		INC_STAT(&priv->fw_pend_stat);
3199 	}
3200 
3201 	if (txq->next != next) {
3202 		/* kick off the DMA by notifying firmware the
3203 		 * write index has moved; make sure TBD stores are sync'd */
3204 		write_register(priv->net_dev,
3205 			       IPW_MEM_HOST_SHARED_TX_QUEUE_WRITE_INDEX,
3206 			       txq->next);
3207 	}
3208 }
3209 
3210 static void ipw2100_irq_tasklet(unsigned long data)
3211 {
3212 	struct ipw2100_priv *priv = (struct ipw2100_priv *)data;
3213 	struct net_device *dev = priv->net_dev;
3214 	unsigned long flags;
3215 	u32 inta, tmp;
3216 
3217 	spin_lock_irqsave(&priv->low_lock, flags);
3218 	ipw2100_disable_interrupts(priv);
3219 
3220 	read_register(dev, IPW_REG_INTA, &inta);
3221 
3222 	IPW_DEBUG_ISR("enter - INTA: 0x%08lX\n",
3223 		      (unsigned long)inta & IPW_INTERRUPT_MASK);
3224 
3225 	priv->in_isr++;
3226 	priv->interrupts++;
3227 
3228 	/* We do not loop and keep polling for more interrupts as this
3229 	 * is frowned upon and doesn't play nicely with other potentially
3230 	 * chained IRQs */
3231 	IPW_DEBUG_ISR("INTA: 0x%08lX\n",
3232 		      (unsigned long)inta & IPW_INTERRUPT_MASK);
3233 
3234 	if (inta & IPW2100_INTA_FATAL_ERROR) {
3235 		printk(KERN_WARNING DRV_NAME
3236 		       ": Fatal interrupt. Scheduling firmware restart.\n");
3237 		priv->inta_other++;
3238 		write_register(dev, IPW_REG_INTA, IPW2100_INTA_FATAL_ERROR);
3239 
3240 		read_nic_dword(dev, IPW_NIC_FATAL_ERROR, &priv->fatal_error);
3241 		IPW_DEBUG_INFO("%s: Fatal error value: 0x%08X\n",
3242 			       priv->net_dev->name, priv->fatal_error);
3243 
3244 		read_nic_dword(dev, IPW_ERROR_ADDR(priv->fatal_error), &tmp);
3245 		IPW_DEBUG_INFO("%s: Fatal error address value: 0x%08X\n",
3246 			       priv->net_dev->name, tmp);
3247 
3248 		/* Wake up any sleeping jobs */
3249 		schedule_reset(priv);
3250 	}
3251 
3252 	if (inta & IPW2100_INTA_PARITY_ERROR) {
3253 		printk(KERN_ERR DRV_NAME
3254 		       ": ***** PARITY ERROR INTERRUPT !!!!\n");
3255 		priv->inta_other++;
3256 		write_register(dev, IPW_REG_INTA, IPW2100_INTA_PARITY_ERROR);
3257 	}
3258 
3259 	if (inta & IPW2100_INTA_RX_TRANSFER) {
3260 		IPW_DEBUG_ISR("RX interrupt\n");
3261 
3262 		priv->rx_interrupts++;
3263 
3264 		write_register(dev, IPW_REG_INTA, IPW2100_INTA_RX_TRANSFER);
3265 
3266 		__ipw2100_rx_process(priv);
3267 		__ipw2100_tx_complete(priv);
3268 	}
3269 
3270 	if (inta & IPW2100_INTA_TX_TRANSFER) {
3271 		IPW_DEBUG_ISR("TX interrupt\n");
3272 
3273 		priv->tx_interrupts++;
3274 
3275 		write_register(dev, IPW_REG_INTA, IPW2100_INTA_TX_TRANSFER);
3276 
3277 		__ipw2100_tx_complete(priv);
3278 		ipw2100_tx_send_commands(priv);
3279 		ipw2100_tx_send_data(priv);
3280 	}
3281 
3282 	if (inta & IPW2100_INTA_TX_COMPLETE) {
3283 		IPW_DEBUG_ISR("TX complete\n");
3284 		priv->inta_other++;
3285 		write_register(dev, IPW_REG_INTA, IPW2100_INTA_TX_COMPLETE);
3286 
3287 		__ipw2100_tx_complete(priv);
3288 	}
3289 
3290 	if (inta & IPW2100_INTA_EVENT_INTERRUPT) {
3291 		/* ipw2100_handle_event(dev); */
3292 		priv->inta_other++;
3293 		write_register(dev, IPW_REG_INTA, IPW2100_INTA_EVENT_INTERRUPT);
3294 	}
3295 
3296 	if (inta & IPW2100_INTA_FW_INIT_DONE) {
3297 		IPW_DEBUG_ISR("FW init done interrupt\n");
3298 		priv->inta_other++;
3299 
3300 		read_register(dev, IPW_REG_INTA, &tmp);
3301 		if (tmp & (IPW2100_INTA_FATAL_ERROR |
3302 			   IPW2100_INTA_PARITY_ERROR)) {
3303 			write_register(dev, IPW_REG_INTA,
3304 				       IPW2100_INTA_FATAL_ERROR |
3305 				       IPW2100_INTA_PARITY_ERROR);
3306 		}
3307 
3308 		write_register(dev, IPW_REG_INTA, IPW2100_INTA_FW_INIT_DONE);
3309 	}
3310 
3311 	if (inta & IPW2100_INTA_STATUS_CHANGE) {
3312 		IPW_DEBUG_ISR("Status change interrupt\n");
3313 		priv->inta_other++;
3314 		write_register(dev, IPW_REG_INTA, IPW2100_INTA_STATUS_CHANGE);
3315 	}
3316 
3317 	if (inta & IPW2100_INTA_SLAVE_MODE_HOST_COMMAND_DONE) {
3318 		IPW_DEBUG_ISR("slave host mode interrupt\n");
3319 		priv->inta_other++;
3320 		write_register(dev, IPW_REG_INTA,
3321 			       IPW2100_INTA_SLAVE_MODE_HOST_COMMAND_DONE);
3322 	}
3323 
3324 	priv->in_isr--;
3325 	ipw2100_enable_interrupts(priv);
3326 
3327 	spin_unlock_irqrestore(&priv->low_lock, flags);
3328 
3329 	IPW_DEBUG_ISR("exit\n");
3330 }
3331 
3332 static irqreturn_t ipw2100_interrupt(int irq, void *data)
3333 {
3334 	struct ipw2100_priv *priv = data;
3335 	u32 inta, inta_mask;
3336 
3337 	if (!data)
3338 		return IRQ_NONE;
3339 
3340 	spin_lock(&priv->low_lock);
3341 
3342 	/* We check to see if we should be ignoring interrupts before
3343 	 * we touch the hardware.  During ucode load if we try and handle
3344 	 * an interrupt we can cause keyboard problems as well as cause
3345 	 * the ucode to fail to initialize */
3346 	if (!(priv->status & STATUS_INT_ENABLED)) {
3347 		/* Shared IRQ */
3348 		goto none;
3349 	}
3350 
3351 	read_register(priv->net_dev, IPW_REG_INTA_MASK, &inta_mask);
3352 	read_register(priv->net_dev, IPW_REG_INTA, &inta);
3353 
3354 	if (inta == 0xFFFFFFFF) {
3355 		/* Hardware disappeared */
3356 		printk(KERN_WARNING DRV_NAME ": IRQ INTA == 0xFFFFFFFF\n");
3357 		goto none;
3358 	}
3359 
3360 	inta &= IPW_INTERRUPT_MASK;
3361 
3362 	if (!(inta & inta_mask)) {
3363 		/* Shared interrupt */
3364 		goto none;
3365 	}
3366 
3367 	/* We disable the hardware interrupt here just to prevent unneeded
3368 	 * calls to be made.  We disable this again within the actual
3369 	 * work tasklet, so if another part of the code re-enables the
3370 	 * interrupt, that is fine */
3371 	ipw2100_disable_interrupts(priv);
3372 
3373 	tasklet_schedule(&priv->irq_tasklet);
3374 	spin_unlock(&priv->low_lock);
3375 
3376 	return IRQ_HANDLED;
3377       none:
3378 	spin_unlock(&priv->low_lock);
3379 	return IRQ_NONE;
3380 }
3381 
3382 static netdev_tx_t ipw2100_tx(struct libipw_txb *txb,
3383 			      struct net_device *dev, int pri)
3384 {
3385 	struct ipw2100_priv *priv = libipw_priv(dev);
3386 	struct list_head *element;
3387 	struct ipw2100_tx_packet *packet;
3388 	unsigned long flags;
3389 
3390 	spin_lock_irqsave(&priv->low_lock, flags);
3391 
3392 	if (!(priv->status & STATUS_ASSOCIATED)) {
3393 		IPW_DEBUG_INFO("Can not transmit when not connected.\n");
3394 		priv->net_dev->stats.tx_carrier_errors++;
3395 		netif_stop_queue(dev);
3396 		goto fail_unlock;
3397 	}
3398 
3399 	if (list_empty(&priv->tx_free_list))
3400 		goto fail_unlock;
3401 
3402 	element = priv->tx_free_list.next;
3403 	packet = list_entry(element, struct ipw2100_tx_packet, list);
3404 
3405 	packet->info.d_struct.txb = txb;
3406 
3407 	IPW_DEBUG_TX("Sending fragment (%d bytes):\n", txb->fragments[0]->len);
3408 	printk_buf(IPW_DL_TX, txb->fragments[0]->data, txb->fragments[0]->len);
3409 
3410 	packet->jiffy_start = jiffies;
3411 
3412 	list_del(element);
3413 	DEC_STAT(&priv->tx_free_stat);
3414 
3415 	list_add_tail(element, &priv->tx_pend_list);
3416 	INC_STAT(&priv->tx_pend_stat);
3417 
3418 	ipw2100_tx_send_data(priv);
3419 
3420 	spin_unlock_irqrestore(&priv->low_lock, flags);
3421 	return NETDEV_TX_OK;
3422 
3423 fail_unlock:
3424 	netif_stop_queue(dev);
3425 	spin_unlock_irqrestore(&priv->low_lock, flags);
3426 	return NETDEV_TX_BUSY;
3427 }
3428 
3429 static int ipw2100_msg_allocate(struct ipw2100_priv *priv)
3430 {
3431 	int i, j, err = -EINVAL;
3432 	void *v;
3433 	dma_addr_t p;
3434 
3435 	priv->msg_buffers =
3436 	    kmalloc_array(IPW_COMMAND_POOL_SIZE,
3437 			  sizeof(struct ipw2100_tx_packet),
3438 			  GFP_KERNEL);
3439 	if (!priv->msg_buffers)
3440 		return -ENOMEM;
3441 
3442 	for (i = 0; i < IPW_COMMAND_POOL_SIZE; i++) {
3443 		v = pci_zalloc_consistent(priv->pci_dev,
3444 					  sizeof(struct ipw2100_cmd_header),
3445 					  &p);
3446 		if (!v) {
3447 			printk(KERN_ERR DRV_NAME ": "
3448 			       "%s: PCI alloc failed for msg "
3449 			       "buffers.\n", priv->net_dev->name);
3450 			err = -ENOMEM;
3451 			break;
3452 		}
3453 
3454 		priv->msg_buffers[i].type = COMMAND;
3455 		priv->msg_buffers[i].info.c_struct.cmd =
3456 		    (struct ipw2100_cmd_header *)v;
3457 		priv->msg_buffers[i].info.c_struct.cmd_phys = p;
3458 	}
3459 
3460 	if (i == IPW_COMMAND_POOL_SIZE)
3461 		return 0;
3462 
3463 	for (j = 0; j < i; j++) {
3464 		pci_free_consistent(priv->pci_dev,
3465 				    sizeof(struct ipw2100_cmd_header),
3466 				    priv->msg_buffers[j].info.c_struct.cmd,
3467 				    priv->msg_buffers[j].info.c_struct.
3468 				    cmd_phys);
3469 	}
3470 
3471 	kfree(priv->msg_buffers);
3472 	priv->msg_buffers = NULL;
3473 
3474 	return err;
3475 }
3476 
3477 static int ipw2100_msg_initialize(struct ipw2100_priv *priv)
3478 {
3479 	int i;
3480 
3481 	INIT_LIST_HEAD(&priv->msg_free_list);
3482 	INIT_LIST_HEAD(&priv->msg_pend_list);
3483 
3484 	for (i = 0; i < IPW_COMMAND_POOL_SIZE; i++)
3485 		list_add_tail(&priv->msg_buffers[i].list, &priv->msg_free_list);
3486 	SET_STAT(&priv->msg_free_stat, i);
3487 
3488 	return 0;
3489 }
3490 
3491 static void ipw2100_msg_free(struct ipw2100_priv *priv)
3492 {
3493 	int i;
3494 
3495 	if (!priv->msg_buffers)
3496 		return;
3497 
3498 	for (i = 0; i < IPW_COMMAND_POOL_SIZE; i++) {
3499 		pci_free_consistent(priv->pci_dev,
3500 				    sizeof(struct ipw2100_cmd_header),
3501 				    priv->msg_buffers[i].info.c_struct.cmd,
3502 				    priv->msg_buffers[i].info.c_struct.
3503 				    cmd_phys);
3504 	}
3505 
3506 	kfree(priv->msg_buffers);
3507 	priv->msg_buffers = NULL;
3508 }
3509 
3510 static ssize_t show_pci(struct device *d, struct device_attribute *attr,
3511 			char *buf)
3512 {
3513 	struct pci_dev *pci_dev = to_pci_dev(d);
3514 	char *out = buf;
3515 	int i, j;
3516 	u32 val;
3517 
3518 	for (i = 0; i < 16; i++) {
3519 		out += sprintf(out, "[%08X] ", i * 16);
3520 		for (j = 0; j < 16; j += 4) {
3521 			pci_read_config_dword(pci_dev, i * 16 + j, &val);
3522 			out += sprintf(out, "%08X ", val);
3523 		}
3524 		out += sprintf(out, "\n");
3525 	}
3526 
3527 	return out - buf;
3528 }
3529 
3530 static DEVICE_ATTR(pci, 0444, show_pci, NULL);
3531 
3532 static ssize_t show_cfg(struct device *d, struct device_attribute *attr,
3533 			char *buf)
3534 {
3535 	struct ipw2100_priv *p = dev_get_drvdata(d);
3536 	return sprintf(buf, "0x%08x\n", (int)p->config);
3537 }
3538 
3539 static DEVICE_ATTR(cfg, 0444, show_cfg, NULL);
3540 
3541 static ssize_t show_status(struct device *d, struct device_attribute *attr,
3542 			   char *buf)
3543 {
3544 	struct ipw2100_priv *p = dev_get_drvdata(d);
3545 	return sprintf(buf, "0x%08x\n", (int)p->status);
3546 }
3547 
3548 static DEVICE_ATTR(status, 0444, show_status, NULL);
3549 
3550 static ssize_t show_capability(struct device *d, struct device_attribute *attr,
3551 			       char *buf)
3552 {
3553 	struct ipw2100_priv *p = dev_get_drvdata(d);
3554 	return sprintf(buf, "0x%08x\n", (int)p->capability);
3555 }
3556 
3557 static DEVICE_ATTR(capability, 0444, show_capability, NULL);
3558 
3559 #define IPW2100_REG(x) { IPW_ ##x, #x }
3560 static const struct {
3561 	u32 addr;
3562 	const char *name;
3563 } hw_data[] = {
3564 IPW2100_REG(REG_GP_CNTRL),
3565 	    IPW2100_REG(REG_GPIO),
3566 	    IPW2100_REG(REG_INTA),
3567 	    IPW2100_REG(REG_INTA_MASK), IPW2100_REG(REG_RESET_REG),};
3568 #define IPW2100_NIC(x, s) { x, #x, s }
3569 static const struct {
3570 	u32 addr;
3571 	const char *name;
3572 	size_t size;
3573 } nic_data[] = {
3574 IPW2100_NIC(IPW2100_CONTROL_REG, 2),
3575 	    IPW2100_NIC(0x210014, 1), IPW2100_NIC(0x210000, 1),};
3576 #define IPW2100_ORD(x, d) { IPW_ORD_ ##x, #x, d }
3577 static const struct {
3578 	u8 index;
3579 	const char *name;
3580 	const char *desc;
3581 } ord_data[] = {
3582 IPW2100_ORD(STAT_TX_HOST_REQUESTS, "requested Host Tx's (MSDU)"),
3583 	    IPW2100_ORD(STAT_TX_HOST_COMPLETE,
3584 				"successful Host Tx's (MSDU)"),
3585 	    IPW2100_ORD(STAT_TX_DIR_DATA,
3586 				"successful Directed Tx's (MSDU)"),
3587 	    IPW2100_ORD(STAT_TX_DIR_DATA1,
3588 				"successful Directed Tx's (MSDU) @ 1MB"),
3589 	    IPW2100_ORD(STAT_TX_DIR_DATA2,
3590 				"successful Directed Tx's (MSDU) @ 2MB"),
3591 	    IPW2100_ORD(STAT_TX_DIR_DATA5_5,
3592 				"successful Directed Tx's (MSDU) @ 5_5MB"),
3593 	    IPW2100_ORD(STAT_TX_DIR_DATA11,
3594 				"successful Directed Tx's (MSDU) @ 11MB"),
3595 	    IPW2100_ORD(STAT_TX_NODIR_DATA1,
3596 				"successful Non_Directed Tx's (MSDU) @ 1MB"),
3597 	    IPW2100_ORD(STAT_TX_NODIR_DATA2,
3598 				"successful Non_Directed Tx's (MSDU) @ 2MB"),
3599 	    IPW2100_ORD(STAT_TX_NODIR_DATA5_5,
3600 				"successful Non_Directed Tx's (MSDU) @ 5.5MB"),
3601 	    IPW2100_ORD(STAT_TX_NODIR_DATA11,
3602 				"successful Non_Directed Tx's (MSDU) @ 11MB"),
3603 	    IPW2100_ORD(STAT_NULL_DATA, "successful NULL data Tx's"),
3604 	    IPW2100_ORD(STAT_TX_RTS, "successful Tx RTS"),
3605 	    IPW2100_ORD(STAT_TX_CTS, "successful Tx CTS"),
3606 	    IPW2100_ORD(STAT_TX_ACK, "successful Tx ACK"),
3607 	    IPW2100_ORD(STAT_TX_ASSN, "successful Association Tx's"),
3608 	    IPW2100_ORD(STAT_TX_ASSN_RESP,
3609 				"successful Association response Tx's"),
3610 	    IPW2100_ORD(STAT_TX_REASSN,
3611 				"successful Reassociation Tx's"),
3612 	    IPW2100_ORD(STAT_TX_REASSN_RESP,
3613 				"successful Reassociation response Tx's"),
3614 	    IPW2100_ORD(STAT_TX_PROBE,
3615 				"probes successfully transmitted"),
3616 	    IPW2100_ORD(STAT_TX_PROBE_RESP,
3617 				"probe responses successfully transmitted"),
3618 	    IPW2100_ORD(STAT_TX_BEACON, "tx beacon"),
3619 	    IPW2100_ORD(STAT_TX_ATIM, "Tx ATIM"),
3620 	    IPW2100_ORD(STAT_TX_DISASSN,
3621 				"successful Disassociation TX"),
3622 	    IPW2100_ORD(STAT_TX_AUTH, "successful Authentication Tx"),
3623 	    IPW2100_ORD(STAT_TX_DEAUTH,
3624 				"successful Deauthentication TX"),
3625 	    IPW2100_ORD(STAT_TX_TOTAL_BYTES,
3626 				"Total successful Tx data bytes"),
3627 	    IPW2100_ORD(STAT_TX_RETRIES, "Tx retries"),
3628 	    IPW2100_ORD(STAT_TX_RETRY1, "Tx retries at 1MBPS"),
3629 	    IPW2100_ORD(STAT_TX_RETRY2, "Tx retries at 2MBPS"),
3630 	    IPW2100_ORD(STAT_TX_RETRY5_5, "Tx retries at 5.5MBPS"),
3631 	    IPW2100_ORD(STAT_TX_RETRY11, "Tx retries at 11MBPS"),
3632 	    IPW2100_ORD(STAT_TX_FAILURES, "Tx Failures"),
3633 	    IPW2100_ORD(STAT_TX_MAX_TRIES_IN_HOP,
3634 				"times max tries in a hop failed"),
3635 	    IPW2100_ORD(STAT_TX_DISASSN_FAIL,
3636 				"times disassociation failed"),
3637 	    IPW2100_ORD(STAT_TX_ERR_CTS, "missed/bad CTS frames"),
3638 	    IPW2100_ORD(STAT_TX_ERR_ACK, "tx err due to acks"),
3639 	    IPW2100_ORD(STAT_RX_HOST, "packets passed to host"),
3640 	    IPW2100_ORD(STAT_RX_DIR_DATA, "directed packets"),
3641 	    IPW2100_ORD(STAT_RX_DIR_DATA1, "directed packets at 1MB"),
3642 	    IPW2100_ORD(STAT_RX_DIR_DATA2, "directed packets at 2MB"),
3643 	    IPW2100_ORD(STAT_RX_DIR_DATA5_5,
3644 				"directed packets at 5.5MB"),
3645 	    IPW2100_ORD(STAT_RX_DIR_DATA11, "directed packets at 11MB"),
3646 	    IPW2100_ORD(STAT_RX_NODIR_DATA, "nondirected packets"),
3647 	    IPW2100_ORD(STAT_RX_NODIR_DATA1,
3648 				"nondirected packets at 1MB"),
3649 	    IPW2100_ORD(STAT_RX_NODIR_DATA2,
3650 				"nondirected packets at 2MB"),
3651 	    IPW2100_ORD(STAT_RX_NODIR_DATA5_5,
3652 				"nondirected packets at 5.5MB"),
3653 	    IPW2100_ORD(STAT_RX_NODIR_DATA11,
3654 				"nondirected packets at 11MB"),
3655 	    IPW2100_ORD(STAT_RX_NULL_DATA, "null data rx's"),
3656 	    IPW2100_ORD(STAT_RX_RTS, "Rx RTS"), IPW2100_ORD(STAT_RX_CTS,
3657 								    "Rx CTS"),
3658 	    IPW2100_ORD(STAT_RX_ACK, "Rx ACK"),
3659 	    IPW2100_ORD(STAT_RX_CFEND, "Rx CF End"),
3660 	    IPW2100_ORD(STAT_RX_CFEND_ACK, "Rx CF End + CF Ack"),
3661 	    IPW2100_ORD(STAT_RX_ASSN, "Association Rx's"),
3662 	    IPW2100_ORD(STAT_RX_ASSN_RESP, "Association response Rx's"),
3663 	    IPW2100_ORD(STAT_RX_REASSN, "Reassociation Rx's"),
3664 	    IPW2100_ORD(STAT_RX_REASSN_RESP,
3665 				"Reassociation response Rx's"),
3666 	    IPW2100_ORD(STAT_RX_PROBE, "probe Rx's"),
3667 	    IPW2100_ORD(STAT_RX_PROBE_RESP, "probe response Rx's"),
3668 	    IPW2100_ORD(STAT_RX_BEACON, "Rx beacon"),
3669 	    IPW2100_ORD(STAT_RX_ATIM, "Rx ATIM"),
3670 	    IPW2100_ORD(STAT_RX_DISASSN, "disassociation Rx"),
3671 	    IPW2100_ORD(STAT_RX_AUTH, "authentication Rx"),
3672 	    IPW2100_ORD(STAT_RX_DEAUTH, "deauthentication Rx"),
3673 	    IPW2100_ORD(STAT_RX_TOTAL_BYTES,
3674 				"Total rx data bytes received"),
3675 	    IPW2100_ORD(STAT_RX_ERR_CRC, "packets with Rx CRC error"),
3676 	    IPW2100_ORD(STAT_RX_ERR_CRC1, "Rx CRC errors at 1MB"),
3677 	    IPW2100_ORD(STAT_RX_ERR_CRC2, "Rx CRC errors at 2MB"),
3678 	    IPW2100_ORD(STAT_RX_ERR_CRC5_5, "Rx CRC errors at 5.5MB"),
3679 	    IPW2100_ORD(STAT_RX_ERR_CRC11, "Rx CRC errors at 11MB"),
3680 	    IPW2100_ORD(STAT_RX_DUPLICATE1,
3681 				"duplicate rx packets at 1MB"),
3682 	    IPW2100_ORD(STAT_RX_DUPLICATE2,
3683 				"duplicate rx packets at 2MB"),
3684 	    IPW2100_ORD(STAT_RX_DUPLICATE5_5,
3685 				"duplicate rx packets at 5.5MB"),
3686 	    IPW2100_ORD(STAT_RX_DUPLICATE11,
3687 				"duplicate rx packets at 11MB"),
3688 	    IPW2100_ORD(STAT_RX_DUPLICATE, "duplicate rx packets"),
3689 	    IPW2100_ORD(PERS_DB_LOCK, "locking fw permanent  db"),
3690 	    IPW2100_ORD(PERS_DB_SIZE, "size of fw permanent  db"),
3691 	    IPW2100_ORD(PERS_DB_ADDR, "address of fw permanent  db"),
3692 	    IPW2100_ORD(STAT_RX_INVALID_PROTOCOL,
3693 				"rx frames with invalid protocol"),
3694 	    IPW2100_ORD(SYS_BOOT_TIME, "Boot time"),
3695 	    IPW2100_ORD(STAT_RX_NO_BUFFER,
3696 				"rx frames rejected due to no buffer"),
3697 	    IPW2100_ORD(STAT_RX_MISSING_FRAG,
3698 				"rx frames dropped due to missing fragment"),
3699 	    IPW2100_ORD(STAT_RX_ORPHAN_FRAG,
3700 				"rx frames dropped due to non-sequential fragment"),
3701 	    IPW2100_ORD(STAT_RX_ORPHAN_FRAME,
3702 				"rx frames dropped due to unmatched 1st frame"),
3703 	    IPW2100_ORD(STAT_RX_FRAG_AGEOUT,
3704 				"rx frames dropped due to uncompleted frame"),
3705 	    IPW2100_ORD(STAT_RX_ICV_ERRORS,
3706 				"ICV errors during decryption"),
3707 	    IPW2100_ORD(STAT_PSP_SUSPENSION, "times adapter suspended"),
3708 	    IPW2100_ORD(STAT_PSP_BCN_TIMEOUT, "beacon timeout"),
3709 	    IPW2100_ORD(STAT_PSP_POLL_TIMEOUT,
3710 				"poll response timeouts"),
3711 	    IPW2100_ORD(STAT_PSP_NONDIR_TIMEOUT,
3712 				"timeouts waiting for last {broad,multi}cast pkt"),
3713 	    IPW2100_ORD(STAT_PSP_RX_DTIMS, "PSP DTIMs received"),
3714 	    IPW2100_ORD(STAT_PSP_RX_TIMS, "PSP TIMs received"),
3715 	    IPW2100_ORD(STAT_PSP_STATION_ID, "PSP Station ID"),
3716 	    IPW2100_ORD(LAST_ASSN_TIME, "RTC time of last association"),
3717 	    IPW2100_ORD(STAT_PERCENT_MISSED_BCNS,
3718 				"current calculation of % missed beacons"),
3719 	    IPW2100_ORD(STAT_PERCENT_RETRIES,
3720 				"current calculation of % missed tx retries"),
3721 	    IPW2100_ORD(ASSOCIATED_AP_PTR,
3722 				"0 if not associated, else pointer to AP table entry"),
3723 	    IPW2100_ORD(AVAILABLE_AP_CNT,
3724 				"AP's described in the AP table"),
3725 	    IPW2100_ORD(AP_LIST_PTR, "Ptr to list of available APs"),
3726 	    IPW2100_ORD(STAT_AP_ASSNS, "associations"),
3727 	    IPW2100_ORD(STAT_ASSN_FAIL, "association failures"),
3728 	    IPW2100_ORD(STAT_ASSN_RESP_FAIL,
3729 				"failures due to response fail"),
3730 	    IPW2100_ORD(STAT_FULL_SCANS, "full scans"),
3731 	    IPW2100_ORD(CARD_DISABLED, "Card Disabled"),
3732 	    IPW2100_ORD(STAT_ROAM_INHIBIT,
3733 				"times roaming was inhibited due to activity"),
3734 	    IPW2100_ORD(RSSI_AT_ASSN,
3735 				"RSSI of associated AP at time of association"),
3736 	    IPW2100_ORD(STAT_ASSN_CAUSE1,
3737 				"reassociation: no probe response or TX on hop"),
3738 	    IPW2100_ORD(STAT_ASSN_CAUSE2,
3739 				"reassociation: poor tx/rx quality"),
3740 	    IPW2100_ORD(STAT_ASSN_CAUSE3,
3741 				"reassociation: tx/rx quality (excessive AP load"),
3742 	    IPW2100_ORD(STAT_ASSN_CAUSE4,
3743 				"reassociation: AP RSSI level"),
3744 	    IPW2100_ORD(STAT_ASSN_CAUSE5,
3745 				"reassociations due to load leveling"),
3746 	    IPW2100_ORD(STAT_AUTH_FAIL, "times authentication failed"),
3747 	    IPW2100_ORD(STAT_AUTH_RESP_FAIL,
3748 				"times authentication response failed"),
3749 	    IPW2100_ORD(STATION_TABLE_CNT,
3750 				"entries in association table"),
3751 	    IPW2100_ORD(RSSI_AVG_CURR, "Current avg RSSI"),
3752 	    IPW2100_ORD(POWER_MGMT_MODE, "Power mode - 0=CAM, 1=PSP"),
3753 	    IPW2100_ORD(COUNTRY_CODE,
3754 				"IEEE country code as recv'd from beacon"),
3755 	    IPW2100_ORD(COUNTRY_CHANNELS,
3756 				"channels supported by country"),
3757 	    IPW2100_ORD(RESET_CNT, "adapter resets (warm)"),
3758 	    IPW2100_ORD(BEACON_INTERVAL, "Beacon interval"),
3759 	    IPW2100_ORD(ANTENNA_DIVERSITY,
3760 				"TRUE if antenna diversity is disabled"),
3761 	    IPW2100_ORD(DTIM_PERIOD, "beacon intervals between DTIMs"),
3762 	    IPW2100_ORD(OUR_FREQ,
3763 				"current radio freq lower digits - channel ID"),
3764 	    IPW2100_ORD(RTC_TIME, "current RTC time"),
3765 	    IPW2100_ORD(PORT_TYPE, "operating mode"),
3766 	    IPW2100_ORD(CURRENT_TX_RATE, "current tx rate"),
3767 	    IPW2100_ORD(SUPPORTED_RATES, "supported tx rates"),
3768 	    IPW2100_ORD(ATIM_WINDOW, "current ATIM Window"),
3769 	    IPW2100_ORD(BASIC_RATES, "basic tx rates"),
3770 	    IPW2100_ORD(NIC_HIGHEST_RATE, "NIC highest tx rate"),
3771 	    IPW2100_ORD(AP_HIGHEST_RATE, "AP highest tx rate"),
3772 	    IPW2100_ORD(CAPABILITIES,
3773 				"Management frame capability field"),
3774 	    IPW2100_ORD(AUTH_TYPE, "Type of authentication"),
3775 	    IPW2100_ORD(RADIO_TYPE, "Adapter card platform type"),
3776 	    IPW2100_ORD(RTS_THRESHOLD,
3777 				"Min packet length for RTS handshaking"),
3778 	    IPW2100_ORD(INT_MODE, "International mode"),
3779 	    IPW2100_ORD(FRAGMENTATION_THRESHOLD,
3780 				"protocol frag threshold"),
3781 	    IPW2100_ORD(EEPROM_SRAM_DB_BLOCK_START_ADDRESS,
3782 				"EEPROM offset in SRAM"),
3783 	    IPW2100_ORD(EEPROM_SRAM_DB_BLOCK_SIZE,
3784 				"EEPROM size in SRAM"),
3785 	    IPW2100_ORD(EEPROM_SKU_CAPABILITY, "EEPROM SKU Capability"),
3786 	    IPW2100_ORD(EEPROM_IBSS_11B_CHANNELS,
3787 				"EEPROM IBSS 11b channel set"),
3788 	    IPW2100_ORD(MAC_VERSION, "MAC Version"),
3789 	    IPW2100_ORD(MAC_REVISION, "MAC Revision"),
3790 	    IPW2100_ORD(RADIO_VERSION, "Radio Version"),
3791 	    IPW2100_ORD(NIC_MANF_DATE_TIME, "MANF Date/Time STAMP"),
3792 	    IPW2100_ORD(UCODE_VERSION, "Ucode Version"),};
3793 
3794 static ssize_t show_registers(struct device *d, struct device_attribute *attr,
3795 			      char *buf)
3796 {
3797 	int i;
3798 	struct ipw2100_priv *priv = dev_get_drvdata(d);
3799 	struct net_device *dev = priv->net_dev;
3800 	char *out = buf;
3801 	u32 val = 0;
3802 
3803 	out += sprintf(out, "%30s [Address ] : Hex\n", "Register");
3804 
3805 	for (i = 0; i < ARRAY_SIZE(hw_data); i++) {
3806 		read_register(dev, hw_data[i].addr, &val);
3807 		out += sprintf(out, "%30s [%08X] : %08X\n",
3808 			       hw_data[i].name, hw_data[i].addr, val);
3809 	}
3810 
3811 	return out - buf;
3812 }
3813 
3814 static DEVICE_ATTR(registers, 0444, show_registers, NULL);
3815 
3816 static ssize_t show_hardware(struct device *d, struct device_attribute *attr,
3817 			     char *buf)
3818 {
3819 	struct ipw2100_priv *priv = dev_get_drvdata(d);
3820 	struct net_device *dev = priv->net_dev;
3821 	char *out = buf;
3822 	int i;
3823 
3824 	out += sprintf(out, "%30s [Address ] : Hex\n", "NIC entry");
3825 
3826 	for (i = 0; i < ARRAY_SIZE(nic_data); i++) {
3827 		u8 tmp8;
3828 		u16 tmp16;
3829 		u32 tmp32;
3830 
3831 		switch (nic_data[i].size) {
3832 		case 1:
3833 			read_nic_byte(dev, nic_data[i].addr, &tmp8);
3834 			out += sprintf(out, "%30s [%08X] : %02X\n",
3835 				       nic_data[i].name, nic_data[i].addr,
3836 				       tmp8);
3837 			break;
3838 		case 2:
3839 			read_nic_word(dev, nic_data[i].addr, &tmp16);
3840 			out += sprintf(out, "%30s [%08X] : %04X\n",
3841 				       nic_data[i].name, nic_data[i].addr,
3842 				       tmp16);
3843 			break;
3844 		case 4:
3845 			read_nic_dword(dev, nic_data[i].addr, &tmp32);
3846 			out += sprintf(out, "%30s [%08X] : %08X\n",
3847 				       nic_data[i].name, nic_data[i].addr,
3848 				       tmp32);
3849 			break;
3850 		}
3851 	}
3852 	return out - buf;
3853 }
3854 
3855 static DEVICE_ATTR(hardware, 0444, show_hardware, NULL);
3856 
3857 static ssize_t show_memory(struct device *d, struct device_attribute *attr,
3858 			   char *buf)
3859 {
3860 	struct ipw2100_priv *priv = dev_get_drvdata(d);
3861 	struct net_device *dev = priv->net_dev;
3862 	static unsigned long loop = 0;
3863 	int len = 0;
3864 	u32 buffer[4];
3865 	int i;
3866 	char line[81];
3867 
3868 	if (loop >= 0x30000)
3869 		loop = 0;
3870 
3871 	/* sysfs provides us PAGE_SIZE buffer */
3872 	while (len < PAGE_SIZE - 128 && loop < 0x30000) {
3873 
3874 		if (priv->snapshot[0])
3875 			for (i = 0; i < 4; i++)
3876 				buffer[i] =
3877 				    *(u32 *) SNAPSHOT_ADDR(loop + i * 4);
3878 		else
3879 			for (i = 0; i < 4; i++)
3880 				read_nic_dword(dev, loop + i * 4, &buffer[i]);
3881 
3882 		if (priv->dump_raw)
3883 			len += sprintf(buf + len,
3884 				       "%c%c%c%c"
3885 				       "%c%c%c%c"
3886 				       "%c%c%c%c"
3887 				       "%c%c%c%c",
3888 				       ((u8 *) buffer)[0x0],
3889 				       ((u8 *) buffer)[0x1],
3890 				       ((u8 *) buffer)[0x2],
3891 				       ((u8 *) buffer)[0x3],
3892 				       ((u8 *) buffer)[0x4],
3893 				       ((u8 *) buffer)[0x5],
3894 				       ((u8 *) buffer)[0x6],
3895 				       ((u8 *) buffer)[0x7],
3896 				       ((u8 *) buffer)[0x8],
3897 				       ((u8 *) buffer)[0x9],
3898 				       ((u8 *) buffer)[0xa],
3899 				       ((u8 *) buffer)[0xb],
3900 				       ((u8 *) buffer)[0xc],
3901 				       ((u8 *) buffer)[0xd],
3902 				       ((u8 *) buffer)[0xe],
3903 				       ((u8 *) buffer)[0xf]);
3904 		else
3905 			len += sprintf(buf + len, "%s\n",
3906 				       snprint_line(line, sizeof(line),
3907 						    (u8 *) buffer, 16, loop));
3908 		loop += 16;
3909 	}
3910 
3911 	return len;
3912 }
3913 
3914 static ssize_t store_memory(struct device *d, struct device_attribute *attr,
3915 			    const char *buf, size_t count)
3916 {
3917 	struct ipw2100_priv *priv = dev_get_drvdata(d);
3918 	struct net_device *dev = priv->net_dev;
3919 	const char *p = buf;
3920 
3921 	(void)dev;		/* kill unused-var warning for debug-only code */
3922 
3923 	if (count < 1)
3924 		return count;
3925 
3926 	if (p[0] == '1' ||
3927 	    (count >= 2 && tolower(p[0]) == 'o' && tolower(p[1]) == 'n')) {
3928 		IPW_DEBUG_INFO("%s: Setting memory dump to RAW mode.\n",
3929 			       dev->name);
3930 		priv->dump_raw = 1;
3931 
3932 	} else if (p[0] == '0' || (count >= 2 && tolower(p[0]) == 'o' &&
3933 				   tolower(p[1]) == 'f')) {
3934 		IPW_DEBUG_INFO("%s: Setting memory dump to HEX mode.\n",
3935 			       dev->name);
3936 		priv->dump_raw = 0;
3937 
3938 	} else if (tolower(p[0]) == 'r') {
3939 		IPW_DEBUG_INFO("%s: Resetting firmware snapshot.\n", dev->name);
3940 		ipw2100_snapshot_free(priv);
3941 
3942 	} else
3943 		IPW_DEBUG_INFO("%s: Usage: 0|on = HEX, 1|off = RAW, "
3944 			       "reset = clear memory snapshot\n", dev->name);
3945 
3946 	return count;
3947 }
3948 
3949 static DEVICE_ATTR(memory, 0644, show_memory, store_memory);
3950 
3951 static ssize_t show_ordinals(struct device *d, struct device_attribute *attr,
3952 			     char *buf)
3953 {
3954 	struct ipw2100_priv *priv = dev_get_drvdata(d);
3955 	u32 val = 0;
3956 	int len = 0;
3957 	u32 val_len;
3958 	static int loop = 0;
3959 
3960 	if (priv->status & STATUS_RF_KILL_MASK)
3961 		return 0;
3962 
3963 	if (loop >= ARRAY_SIZE(ord_data))
3964 		loop = 0;
3965 
3966 	/* sysfs provides us PAGE_SIZE buffer */
3967 	while (len < PAGE_SIZE - 128 && loop < ARRAY_SIZE(ord_data)) {
3968 		val_len = sizeof(u32);
3969 
3970 		if (ipw2100_get_ordinal(priv, ord_data[loop].index, &val,
3971 					&val_len))
3972 			len += sprintf(buf + len, "[0x%02X] = ERROR    %s\n",
3973 				       ord_data[loop].index,
3974 				       ord_data[loop].desc);
3975 		else
3976 			len += sprintf(buf + len, "[0x%02X] = 0x%08X %s\n",
3977 				       ord_data[loop].index, val,
3978 				       ord_data[loop].desc);
3979 		loop++;
3980 	}
3981 
3982 	return len;
3983 }
3984 
3985 static DEVICE_ATTR(ordinals, 0444, show_ordinals, NULL);
3986 
3987 static ssize_t show_stats(struct device *d, struct device_attribute *attr,
3988 			  char *buf)
3989 {
3990 	struct ipw2100_priv *priv = dev_get_drvdata(d);
3991 	char *out = buf;
3992 
3993 	out += sprintf(out, "interrupts: %d {tx: %d, rx: %d, other: %d}\n",
3994 		       priv->interrupts, priv->tx_interrupts,
3995 		       priv->rx_interrupts, priv->inta_other);
3996 	out += sprintf(out, "firmware resets: %d\n", priv->resets);
3997 	out += sprintf(out, "firmware hangs: %d\n", priv->hangs);
3998 #ifdef CONFIG_IPW2100_DEBUG
3999 	out += sprintf(out, "packet mismatch image: %s\n",
4000 		       priv->snapshot[0] ? "YES" : "NO");
4001 #endif
4002 
4003 	return out - buf;
4004 }
4005 
4006 static DEVICE_ATTR(stats, 0444, show_stats, NULL);
4007 
4008 static int ipw2100_switch_mode(struct ipw2100_priv *priv, u32 mode)
4009 {
4010 	int err;
4011 
4012 	if (mode == priv->ieee->iw_mode)
4013 		return 0;
4014 
4015 	err = ipw2100_disable_adapter(priv);
4016 	if (err) {
4017 		printk(KERN_ERR DRV_NAME ": %s: Could not disable adapter %d\n",
4018 		       priv->net_dev->name, err);
4019 		return err;
4020 	}
4021 
4022 	switch (mode) {
4023 	case IW_MODE_INFRA:
4024 		priv->net_dev->type = ARPHRD_ETHER;
4025 		break;
4026 	case IW_MODE_ADHOC:
4027 		priv->net_dev->type = ARPHRD_ETHER;
4028 		break;
4029 #ifdef CONFIG_IPW2100_MONITOR
4030 	case IW_MODE_MONITOR:
4031 		priv->last_mode = priv->ieee->iw_mode;
4032 		priv->net_dev->type = ARPHRD_IEEE80211_RADIOTAP;
4033 		break;
4034 #endif				/* CONFIG_IPW2100_MONITOR */
4035 	}
4036 
4037 	priv->ieee->iw_mode = mode;
4038 
4039 #ifdef CONFIG_PM
4040 	/* Indicate ipw2100_download_firmware download firmware
4041 	 * from disk instead of memory. */
4042 	ipw2100_firmware.version = 0;
4043 #endif
4044 
4045 	printk(KERN_INFO "%s: Resetting on mode change.\n", priv->net_dev->name);
4046 	priv->reset_backoff = 0;
4047 	schedule_reset(priv);
4048 
4049 	return 0;
4050 }
4051 
4052 static ssize_t show_internals(struct device *d, struct device_attribute *attr,
4053 			      char *buf)
4054 {
4055 	struct ipw2100_priv *priv = dev_get_drvdata(d);
4056 	int len = 0;
4057 
4058 #define DUMP_VAR(x,y) len += sprintf(buf + len, # x ": %" y "\n", priv-> x)
4059 
4060 	if (priv->status & STATUS_ASSOCIATED)
4061 		len += sprintf(buf + len, "connected: %llu\n",
4062 			       ktime_get_boottime_seconds() - priv->connect_start);
4063 	else
4064 		len += sprintf(buf + len, "not connected\n");
4065 
4066 	DUMP_VAR(ieee->crypt_info.crypt[priv->ieee->crypt_info.tx_keyidx], "p");
4067 	DUMP_VAR(status, "08lx");
4068 	DUMP_VAR(config, "08lx");
4069 	DUMP_VAR(capability, "08lx");
4070 
4071 	len +=
4072 	    sprintf(buf + len, "last_rtc: %lu\n",
4073 		    (unsigned long)priv->last_rtc);
4074 
4075 	DUMP_VAR(fatal_error, "d");
4076 	DUMP_VAR(stop_hang_check, "d");
4077 	DUMP_VAR(stop_rf_kill, "d");
4078 	DUMP_VAR(messages_sent, "d");
4079 
4080 	DUMP_VAR(tx_pend_stat.value, "d");
4081 	DUMP_VAR(tx_pend_stat.hi, "d");
4082 
4083 	DUMP_VAR(tx_free_stat.value, "d");
4084 	DUMP_VAR(tx_free_stat.lo, "d");
4085 
4086 	DUMP_VAR(msg_free_stat.value, "d");
4087 	DUMP_VAR(msg_free_stat.lo, "d");
4088 
4089 	DUMP_VAR(msg_pend_stat.value, "d");
4090 	DUMP_VAR(msg_pend_stat.hi, "d");
4091 
4092 	DUMP_VAR(fw_pend_stat.value, "d");
4093 	DUMP_VAR(fw_pend_stat.hi, "d");
4094 
4095 	DUMP_VAR(txq_stat.value, "d");
4096 	DUMP_VAR(txq_stat.lo, "d");
4097 
4098 	DUMP_VAR(ieee->scans, "d");
4099 	DUMP_VAR(reset_backoff, "lld");
4100 
4101 	return len;
4102 }
4103 
4104 static DEVICE_ATTR(internals, 0444, show_internals, NULL);
4105 
4106 static ssize_t show_bssinfo(struct device *d, struct device_attribute *attr,
4107 			    char *buf)
4108 {
4109 	struct ipw2100_priv *priv = dev_get_drvdata(d);
4110 	char essid[IW_ESSID_MAX_SIZE + 1];
4111 	u8 bssid[ETH_ALEN];
4112 	u32 chan = 0;
4113 	char *out = buf;
4114 	unsigned int length;
4115 	int ret;
4116 
4117 	if (priv->status & STATUS_RF_KILL_MASK)
4118 		return 0;
4119 
4120 	memset(essid, 0, sizeof(essid));
4121 	memset(bssid, 0, sizeof(bssid));
4122 
4123 	length = IW_ESSID_MAX_SIZE;
4124 	ret = ipw2100_get_ordinal(priv, IPW_ORD_STAT_ASSN_SSID, essid, &length);
4125 	if (ret)
4126 		IPW_DEBUG_INFO("failed querying ordinals at line %d\n",
4127 			       __LINE__);
4128 
4129 	length = sizeof(bssid);
4130 	ret = ipw2100_get_ordinal(priv, IPW_ORD_STAT_ASSN_AP_BSSID,
4131 				  bssid, &length);
4132 	if (ret)
4133 		IPW_DEBUG_INFO("failed querying ordinals at line %d\n",
4134 			       __LINE__);
4135 
4136 	length = sizeof(u32);
4137 	ret = ipw2100_get_ordinal(priv, IPW_ORD_OUR_FREQ, &chan, &length);
4138 	if (ret)
4139 		IPW_DEBUG_INFO("failed querying ordinals at line %d\n",
4140 			       __LINE__);
4141 
4142 	out += sprintf(out, "ESSID: %s\n", essid);
4143 	out += sprintf(out, "BSSID:   %pM\n", bssid);
4144 	out += sprintf(out, "Channel: %d\n", chan);
4145 
4146 	return out - buf;
4147 }
4148 
4149 static DEVICE_ATTR(bssinfo, 0444, show_bssinfo, NULL);
4150 
4151 #ifdef CONFIG_IPW2100_DEBUG
4152 static ssize_t debug_level_show(struct device_driver *d, char *buf)
4153 {
4154 	return sprintf(buf, "0x%08X\n", ipw2100_debug_level);
4155 }
4156 
4157 static ssize_t debug_level_store(struct device_driver *d,
4158 				 const char *buf, size_t count)
4159 {
4160 	u32 val;
4161 	int ret;
4162 
4163 	ret = kstrtou32(buf, 0, &val);
4164 	if (ret)
4165 		IPW_DEBUG_INFO(": %s is not in hex or decimal form.\n", buf);
4166 	else
4167 		ipw2100_debug_level = val;
4168 
4169 	return strnlen(buf, count);
4170 }
4171 static DRIVER_ATTR_RW(debug_level);
4172 #endif				/* CONFIG_IPW2100_DEBUG */
4173 
4174 static ssize_t show_fatal_error(struct device *d,
4175 				struct device_attribute *attr, char *buf)
4176 {
4177 	struct ipw2100_priv *priv = dev_get_drvdata(d);
4178 	char *out = buf;
4179 	int i;
4180 
4181 	if (priv->fatal_error)
4182 		out += sprintf(out, "0x%08X\n", priv->fatal_error);
4183 	else
4184 		out += sprintf(out, "0\n");
4185 
4186 	for (i = 1; i <= IPW2100_ERROR_QUEUE; i++) {
4187 		if (!priv->fatal_errors[(priv->fatal_index - i) %
4188 					IPW2100_ERROR_QUEUE])
4189 			continue;
4190 
4191 		out += sprintf(out, "%d. 0x%08X\n", i,
4192 			       priv->fatal_errors[(priv->fatal_index - i) %
4193 						  IPW2100_ERROR_QUEUE]);
4194 	}
4195 
4196 	return out - buf;
4197 }
4198 
4199 static ssize_t store_fatal_error(struct device *d,
4200 				 struct device_attribute *attr, const char *buf,
4201 				 size_t count)
4202 {
4203 	struct ipw2100_priv *priv = dev_get_drvdata(d);
4204 	schedule_reset(priv);
4205 	return count;
4206 }
4207 
4208 static DEVICE_ATTR(fatal_error, 0644, show_fatal_error, store_fatal_error);
4209 
4210 static ssize_t show_scan_age(struct device *d, struct device_attribute *attr,
4211 			     char *buf)
4212 {
4213 	struct ipw2100_priv *priv = dev_get_drvdata(d);
4214 	return sprintf(buf, "%d\n", priv->ieee->scan_age);
4215 }
4216 
4217 static ssize_t store_scan_age(struct device *d, struct device_attribute *attr,
4218 			      const char *buf, size_t count)
4219 {
4220 	struct ipw2100_priv *priv = dev_get_drvdata(d);
4221 	struct net_device *dev = priv->net_dev;
4222 	unsigned long val;
4223 	int ret;
4224 
4225 	(void)dev;		/* kill unused-var warning for debug-only code */
4226 
4227 	IPW_DEBUG_INFO("enter\n");
4228 
4229 	ret = kstrtoul(buf, 0, &val);
4230 	if (ret) {
4231 		IPW_DEBUG_INFO("%s: user supplied invalid value.\n", dev->name);
4232 	} else {
4233 		priv->ieee->scan_age = val;
4234 		IPW_DEBUG_INFO("set scan_age = %u\n", priv->ieee->scan_age);
4235 	}
4236 
4237 	IPW_DEBUG_INFO("exit\n");
4238 	return strnlen(buf, count);
4239 }
4240 
4241 static DEVICE_ATTR(scan_age, 0644, show_scan_age, store_scan_age);
4242 
4243 static ssize_t show_rf_kill(struct device *d, struct device_attribute *attr,
4244 			    char *buf)
4245 {
4246 	/* 0 - RF kill not enabled
4247 	   1 - SW based RF kill active (sysfs)
4248 	   2 - HW based RF kill active
4249 	   3 - Both HW and SW baed RF kill active */
4250 	struct ipw2100_priv *priv = dev_get_drvdata(d);
4251 	int val = ((priv->status & STATUS_RF_KILL_SW) ? 0x1 : 0x0) |
4252 	    (rf_kill_active(priv) ? 0x2 : 0x0);
4253 	return sprintf(buf, "%i\n", val);
4254 }
4255 
4256 static int ipw_radio_kill_sw(struct ipw2100_priv *priv, int disable_radio)
4257 {
4258 	if ((disable_radio ? 1 : 0) ==
4259 	    (priv->status & STATUS_RF_KILL_SW ? 1 : 0))
4260 		return 0;
4261 
4262 	IPW_DEBUG_RF_KILL("Manual SW RF Kill set to: RADIO  %s\n",
4263 			  disable_radio ? "OFF" : "ON");
4264 
4265 	mutex_lock(&priv->action_mutex);
4266 
4267 	if (disable_radio) {
4268 		priv->status |= STATUS_RF_KILL_SW;
4269 		ipw2100_down(priv);
4270 	} else {
4271 		priv->status &= ~STATUS_RF_KILL_SW;
4272 		if (rf_kill_active(priv)) {
4273 			IPW_DEBUG_RF_KILL("Can not turn radio back on - "
4274 					  "disabled by HW switch\n");
4275 			/* Make sure the RF_KILL check timer is running */
4276 			priv->stop_rf_kill = 0;
4277 			mod_delayed_work(system_wq, &priv->rf_kill,
4278 					 round_jiffies_relative(HZ));
4279 		} else
4280 			schedule_reset(priv);
4281 	}
4282 
4283 	mutex_unlock(&priv->action_mutex);
4284 	return 1;
4285 }
4286 
4287 static ssize_t store_rf_kill(struct device *d, struct device_attribute *attr,
4288 			     const char *buf, size_t count)
4289 {
4290 	struct ipw2100_priv *priv = dev_get_drvdata(d);
4291 	ipw_radio_kill_sw(priv, buf[0] == '1');
4292 	return count;
4293 }
4294 
4295 static DEVICE_ATTR(rf_kill, 0644, show_rf_kill, store_rf_kill);
4296 
4297 static struct attribute *ipw2100_sysfs_entries[] = {
4298 	&dev_attr_hardware.attr,
4299 	&dev_attr_registers.attr,
4300 	&dev_attr_ordinals.attr,
4301 	&dev_attr_pci.attr,
4302 	&dev_attr_stats.attr,
4303 	&dev_attr_internals.attr,
4304 	&dev_attr_bssinfo.attr,
4305 	&dev_attr_memory.attr,
4306 	&dev_attr_scan_age.attr,
4307 	&dev_attr_fatal_error.attr,
4308 	&dev_attr_rf_kill.attr,
4309 	&dev_attr_cfg.attr,
4310 	&dev_attr_status.attr,
4311 	&dev_attr_capability.attr,
4312 	NULL,
4313 };
4314 
4315 static const struct attribute_group ipw2100_attribute_group = {
4316 	.attrs = ipw2100_sysfs_entries,
4317 };
4318 
4319 static int status_queue_allocate(struct ipw2100_priv *priv, int entries)
4320 {
4321 	struct ipw2100_status_queue *q = &priv->status_queue;
4322 
4323 	IPW_DEBUG_INFO("enter\n");
4324 
4325 	q->size = entries * sizeof(struct ipw2100_status);
4326 	q->drv = pci_zalloc_consistent(priv->pci_dev, q->size, &q->nic);
4327 	if (!q->drv) {
4328 		IPW_DEBUG_WARNING("Can not allocate status queue.\n");
4329 		return -ENOMEM;
4330 	}
4331 
4332 	IPW_DEBUG_INFO("exit\n");
4333 
4334 	return 0;
4335 }
4336 
4337 static void status_queue_free(struct ipw2100_priv *priv)
4338 {
4339 	IPW_DEBUG_INFO("enter\n");
4340 
4341 	if (priv->status_queue.drv) {
4342 		pci_free_consistent(priv->pci_dev, priv->status_queue.size,
4343 				    priv->status_queue.drv,
4344 				    priv->status_queue.nic);
4345 		priv->status_queue.drv = NULL;
4346 	}
4347 
4348 	IPW_DEBUG_INFO("exit\n");
4349 }
4350 
4351 static int bd_queue_allocate(struct ipw2100_priv *priv,
4352 			     struct ipw2100_bd_queue *q, int entries)
4353 {
4354 	IPW_DEBUG_INFO("enter\n");
4355 
4356 	memset(q, 0, sizeof(struct ipw2100_bd_queue));
4357 
4358 	q->entries = entries;
4359 	q->size = entries * sizeof(struct ipw2100_bd);
4360 	q->drv = pci_zalloc_consistent(priv->pci_dev, q->size, &q->nic);
4361 	if (!q->drv) {
4362 		IPW_DEBUG_INFO
4363 		    ("can't allocate shared memory for buffer descriptors\n");
4364 		return -ENOMEM;
4365 	}
4366 
4367 	IPW_DEBUG_INFO("exit\n");
4368 
4369 	return 0;
4370 }
4371 
4372 static void bd_queue_free(struct ipw2100_priv *priv, struct ipw2100_bd_queue *q)
4373 {
4374 	IPW_DEBUG_INFO("enter\n");
4375 
4376 	if (!q)
4377 		return;
4378 
4379 	if (q->drv) {
4380 		pci_free_consistent(priv->pci_dev, q->size, q->drv, q->nic);
4381 		q->drv = NULL;
4382 	}
4383 
4384 	IPW_DEBUG_INFO("exit\n");
4385 }
4386 
4387 static void bd_queue_initialize(struct ipw2100_priv *priv,
4388 				struct ipw2100_bd_queue *q, u32 base, u32 size,
4389 				u32 r, u32 w)
4390 {
4391 	IPW_DEBUG_INFO("enter\n");
4392 
4393 	IPW_DEBUG_INFO("initializing bd queue at virt=%p, phys=%08x\n", q->drv,
4394 		       (u32) q->nic);
4395 
4396 	write_register(priv->net_dev, base, q->nic);
4397 	write_register(priv->net_dev, size, q->entries);
4398 	write_register(priv->net_dev, r, q->oldest);
4399 	write_register(priv->net_dev, w, q->next);
4400 
4401 	IPW_DEBUG_INFO("exit\n");
4402 }
4403 
4404 static void ipw2100_kill_works(struct ipw2100_priv *priv)
4405 {
4406 	priv->stop_rf_kill = 1;
4407 	priv->stop_hang_check = 1;
4408 	cancel_delayed_work_sync(&priv->reset_work);
4409 	cancel_delayed_work_sync(&priv->security_work);
4410 	cancel_delayed_work_sync(&priv->wx_event_work);
4411 	cancel_delayed_work_sync(&priv->hang_check);
4412 	cancel_delayed_work_sync(&priv->rf_kill);
4413 	cancel_delayed_work_sync(&priv->scan_event);
4414 }
4415 
4416 static int ipw2100_tx_allocate(struct ipw2100_priv *priv)
4417 {
4418 	int i, j, err;
4419 	void *v;
4420 	dma_addr_t p;
4421 
4422 	IPW_DEBUG_INFO("enter\n");
4423 
4424 	err = bd_queue_allocate(priv, &priv->tx_queue, TX_QUEUE_LENGTH);
4425 	if (err) {
4426 		IPW_DEBUG_ERROR("%s: failed bd_queue_allocate\n",
4427 				priv->net_dev->name);
4428 		return err;
4429 	}
4430 
4431 	priv->tx_buffers = kmalloc_array(TX_PENDED_QUEUE_LENGTH,
4432 					 sizeof(struct ipw2100_tx_packet),
4433 					 GFP_ATOMIC);
4434 	if (!priv->tx_buffers) {
4435 		bd_queue_free(priv, &priv->tx_queue);
4436 		return -ENOMEM;
4437 	}
4438 
4439 	for (i = 0; i < TX_PENDED_QUEUE_LENGTH; i++) {
4440 		v = pci_alloc_consistent(priv->pci_dev,
4441 					 sizeof(struct ipw2100_data_header),
4442 					 &p);
4443 		if (!v) {
4444 			printk(KERN_ERR DRV_NAME
4445 			       ": %s: PCI alloc failed for tx " "buffers.\n",
4446 			       priv->net_dev->name);
4447 			err = -ENOMEM;
4448 			break;
4449 		}
4450 
4451 		priv->tx_buffers[i].type = DATA;
4452 		priv->tx_buffers[i].info.d_struct.data =
4453 		    (struct ipw2100_data_header *)v;
4454 		priv->tx_buffers[i].info.d_struct.data_phys = p;
4455 		priv->tx_buffers[i].info.d_struct.txb = NULL;
4456 	}
4457 
4458 	if (i == TX_PENDED_QUEUE_LENGTH)
4459 		return 0;
4460 
4461 	for (j = 0; j < i; j++) {
4462 		pci_free_consistent(priv->pci_dev,
4463 				    sizeof(struct ipw2100_data_header),
4464 				    priv->tx_buffers[j].info.d_struct.data,
4465 				    priv->tx_buffers[j].info.d_struct.
4466 				    data_phys);
4467 	}
4468 
4469 	kfree(priv->tx_buffers);
4470 	priv->tx_buffers = NULL;
4471 
4472 	return err;
4473 }
4474 
4475 static void ipw2100_tx_initialize(struct ipw2100_priv *priv)
4476 {
4477 	int i;
4478 
4479 	IPW_DEBUG_INFO("enter\n");
4480 
4481 	/*
4482 	 * reinitialize packet info lists
4483 	 */
4484 	INIT_LIST_HEAD(&priv->fw_pend_list);
4485 	INIT_STAT(&priv->fw_pend_stat);
4486 
4487 	/*
4488 	 * reinitialize lists
4489 	 */
4490 	INIT_LIST_HEAD(&priv->tx_pend_list);
4491 	INIT_LIST_HEAD(&priv->tx_free_list);
4492 	INIT_STAT(&priv->tx_pend_stat);
4493 	INIT_STAT(&priv->tx_free_stat);
4494 
4495 	for (i = 0; i < TX_PENDED_QUEUE_LENGTH; i++) {
4496 		/* We simply drop any SKBs that have been queued for
4497 		 * transmit */
4498 		if (priv->tx_buffers[i].info.d_struct.txb) {
4499 			libipw_txb_free(priv->tx_buffers[i].info.d_struct.
4500 					   txb);
4501 			priv->tx_buffers[i].info.d_struct.txb = NULL;
4502 		}
4503 
4504 		list_add_tail(&priv->tx_buffers[i].list, &priv->tx_free_list);
4505 	}
4506 
4507 	SET_STAT(&priv->tx_free_stat, i);
4508 
4509 	priv->tx_queue.oldest = 0;
4510 	priv->tx_queue.available = priv->tx_queue.entries;
4511 	priv->tx_queue.next = 0;
4512 	INIT_STAT(&priv->txq_stat);
4513 	SET_STAT(&priv->txq_stat, priv->tx_queue.available);
4514 
4515 	bd_queue_initialize(priv, &priv->tx_queue,
4516 			    IPW_MEM_HOST_SHARED_TX_QUEUE_BD_BASE,
4517 			    IPW_MEM_HOST_SHARED_TX_QUEUE_BD_SIZE,
4518 			    IPW_MEM_HOST_SHARED_TX_QUEUE_READ_INDEX,
4519 			    IPW_MEM_HOST_SHARED_TX_QUEUE_WRITE_INDEX);
4520 
4521 	IPW_DEBUG_INFO("exit\n");
4522 
4523 }
4524 
4525 static void ipw2100_tx_free(struct ipw2100_priv *priv)
4526 {
4527 	int i;
4528 
4529 	IPW_DEBUG_INFO("enter\n");
4530 
4531 	bd_queue_free(priv, &priv->tx_queue);
4532 
4533 	if (!priv->tx_buffers)
4534 		return;
4535 
4536 	for (i = 0; i < TX_PENDED_QUEUE_LENGTH; i++) {
4537 		if (priv->tx_buffers[i].info.d_struct.txb) {
4538 			libipw_txb_free(priv->tx_buffers[i].info.d_struct.
4539 					   txb);
4540 			priv->tx_buffers[i].info.d_struct.txb = NULL;
4541 		}
4542 		if (priv->tx_buffers[i].info.d_struct.data)
4543 			pci_free_consistent(priv->pci_dev,
4544 					    sizeof(struct ipw2100_data_header),
4545 					    priv->tx_buffers[i].info.d_struct.
4546 					    data,
4547 					    priv->tx_buffers[i].info.d_struct.
4548 					    data_phys);
4549 	}
4550 
4551 	kfree(priv->tx_buffers);
4552 	priv->tx_buffers = NULL;
4553 
4554 	IPW_DEBUG_INFO("exit\n");
4555 }
4556 
4557 static int ipw2100_rx_allocate(struct ipw2100_priv *priv)
4558 {
4559 	int i, j, err = -EINVAL;
4560 
4561 	IPW_DEBUG_INFO("enter\n");
4562 
4563 	err = bd_queue_allocate(priv, &priv->rx_queue, RX_QUEUE_LENGTH);
4564 	if (err) {
4565 		IPW_DEBUG_INFO("failed bd_queue_allocate\n");
4566 		return err;
4567 	}
4568 
4569 	err = status_queue_allocate(priv, RX_QUEUE_LENGTH);
4570 	if (err) {
4571 		IPW_DEBUG_INFO("failed status_queue_allocate\n");
4572 		bd_queue_free(priv, &priv->rx_queue);
4573 		return err;
4574 	}
4575 
4576 	/*
4577 	 * allocate packets
4578 	 */
4579 	priv->rx_buffers = kmalloc_array(RX_QUEUE_LENGTH,
4580 					 sizeof(struct ipw2100_rx_packet),
4581 					 GFP_KERNEL);
4582 	if (!priv->rx_buffers) {
4583 		IPW_DEBUG_INFO("can't allocate rx packet buffer table\n");
4584 
4585 		bd_queue_free(priv, &priv->rx_queue);
4586 
4587 		status_queue_free(priv);
4588 
4589 		return -ENOMEM;
4590 	}
4591 
4592 	for (i = 0; i < RX_QUEUE_LENGTH; i++) {
4593 		struct ipw2100_rx_packet *packet = &priv->rx_buffers[i];
4594 
4595 		err = ipw2100_alloc_skb(priv, packet);
4596 		if (unlikely(err)) {
4597 			err = -ENOMEM;
4598 			break;
4599 		}
4600 
4601 		/* The BD holds the cache aligned address */
4602 		priv->rx_queue.drv[i].host_addr = packet->dma_addr;
4603 		priv->rx_queue.drv[i].buf_length = IPW_RX_NIC_BUFFER_LENGTH;
4604 		priv->status_queue.drv[i].status_fields = 0;
4605 	}
4606 
4607 	if (i == RX_QUEUE_LENGTH)
4608 		return 0;
4609 
4610 	for (j = 0; j < i; j++) {
4611 		pci_unmap_single(priv->pci_dev, priv->rx_buffers[j].dma_addr,
4612 				 sizeof(struct ipw2100_rx_packet),
4613 				 PCI_DMA_FROMDEVICE);
4614 		dev_kfree_skb(priv->rx_buffers[j].skb);
4615 	}
4616 
4617 	kfree(priv->rx_buffers);
4618 	priv->rx_buffers = NULL;
4619 
4620 	bd_queue_free(priv, &priv->rx_queue);
4621 
4622 	status_queue_free(priv);
4623 
4624 	return err;
4625 }
4626 
4627 static void ipw2100_rx_initialize(struct ipw2100_priv *priv)
4628 {
4629 	IPW_DEBUG_INFO("enter\n");
4630 
4631 	priv->rx_queue.oldest = 0;
4632 	priv->rx_queue.available = priv->rx_queue.entries - 1;
4633 	priv->rx_queue.next = priv->rx_queue.entries - 1;
4634 
4635 	INIT_STAT(&priv->rxq_stat);
4636 	SET_STAT(&priv->rxq_stat, priv->rx_queue.available);
4637 
4638 	bd_queue_initialize(priv, &priv->rx_queue,
4639 			    IPW_MEM_HOST_SHARED_RX_BD_BASE,
4640 			    IPW_MEM_HOST_SHARED_RX_BD_SIZE,
4641 			    IPW_MEM_HOST_SHARED_RX_READ_INDEX,
4642 			    IPW_MEM_HOST_SHARED_RX_WRITE_INDEX);
4643 
4644 	/* set up the status queue */
4645 	write_register(priv->net_dev, IPW_MEM_HOST_SHARED_RX_STATUS_BASE,
4646 		       priv->status_queue.nic);
4647 
4648 	IPW_DEBUG_INFO("exit\n");
4649 }
4650 
4651 static void ipw2100_rx_free(struct ipw2100_priv *priv)
4652 {
4653 	int i;
4654 
4655 	IPW_DEBUG_INFO("enter\n");
4656 
4657 	bd_queue_free(priv, &priv->rx_queue);
4658 	status_queue_free(priv);
4659 
4660 	if (!priv->rx_buffers)
4661 		return;
4662 
4663 	for (i = 0; i < RX_QUEUE_LENGTH; i++) {
4664 		if (priv->rx_buffers[i].rxp) {
4665 			pci_unmap_single(priv->pci_dev,
4666 					 priv->rx_buffers[i].dma_addr,
4667 					 sizeof(struct ipw2100_rx),
4668 					 PCI_DMA_FROMDEVICE);
4669 			dev_kfree_skb(priv->rx_buffers[i].skb);
4670 		}
4671 	}
4672 
4673 	kfree(priv->rx_buffers);
4674 	priv->rx_buffers = NULL;
4675 
4676 	IPW_DEBUG_INFO("exit\n");
4677 }
4678 
4679 static int ipw2100_read_mac_address(struct ipw2100_priv *priv)
4680 {
4681 	u32 length = ETH_ALEN;
4682 	u8 addr[ETH_ALEN];
4683 
4684 	int err;
4685 
4686 	err = ipw2100_get_ordinal(priv, IPW_ORD_STAT_ADAPTER_MAC, addr, &length);
4687 	if (err) {
4688 		IPW_DEBUG_INFO("MAC address read failed\n");
4689 		return -EIO;
4690 	}
4691 
4692 	memcpy(priv->net_dev->dev_addr, addr, ETH_ALEN);
4693 	IPW_DEBUG_INFO("card MAC is %pM\n", priv->net_dev->dev_addr);
4694 
4695 	return 0;
4696 }
4697 
4698 /********************************************************************
4699  *
4700  * Firmware Commands
4701  *
4702  ********************************************************************/
4703 
4704 static int ipw2100_set_mac_address(struct ipw2100_priv *priv, int batch_mode)
4705 {
4706 	struct host_command cmd = {
4707 		.host_command = ADAPTER_ADDRESS,
4708 		.host_command_sequence = 0,
4709 		.host_command_length = ETH_ALEN
4710 	};
4711 	int err;
4712 
4713 	IPW_DEBUG_HC("SET_MAC_ADDRESS\n");
4714 
4715 	IPW_DEBUG_INFO("enter\n");
4716 
4717 	if (priv->config & CFG_CUSTOM_MAC) {
4718 		memcpy(cmd.host_command_parameters, priv->mac_addr, ETH_ALEN);
4719 		memcpy(priv->net_dev->dev_addr, priv->mac_addr, ETH_ALEN);
4720 	} else
4721 		memcpy(cmd.host_command_parameters, priv->net_dev->dev_addr,
4722 		       ETH_ALEN);
4723 
4724 	err = ipw2100_hw_send_command(priv, &cmd);
4725 
4726 	IPW_DEBUG_INFO("exit\n");
4727 	return err;
4728 }
4729 
4730 static int ipw2100_set_port_type(struct ipw2100_priv *priv, u32 port_type,
4731 				 int batch_mode)
4732 {
4733 	struct host_command cmd = {
4734 		.host_command = PORT_TYPE,
4735 		.host_command_sequence = 0,
4736 		.host_command_length = sizeof(u32)
4737 	};
4738 	int err;
4739 
4740 	switch (port_type) {
4741 	case IW_MODE_INFRA:
4742 		cmd.host_command_parameters[0] = IPW_BSS;
4743 		break;
4744 	case IW_MODE_ADHOC:
4745 		cmd.host_command_parameters[0] = IPW_IBSS;
4746 		break;
4747 	}
4748 
4749 	IPW_DEBUG_HC("PORT_TYPE: %s\n",
4750 		     port_type == IPW_IBSS ? "Ad-Hoc" : "Managed");
4751 
4752 	if (!batch_mode) {
4753 		err = ipw2100_disable_adapter(priv);
4754 		if (err) {
4755 			printk(KERN_ERR DRV_NAME
4756 			       ": %s: Could not disable adapter %d\n",
4757 			       priv->net_dev->name, err);
4758 			return err;
4759 		}
4760 	}
4761 
4762 	/* send cmd to firmware */
4763 	err = ipw2100_hw_send_command(priv, &cmd);
4764 
4765 	if (!batch_mode)
4766 		ipw2100_enable_adapter(priv);
4767 
4768 	return err;
4769 }
4770 
4771 static int ipw2100_set_channel(struct ipw2100_priv *priv, u32 channel,
4772 			       int batch_mode)
4773 {
4774 	struct host_command cmd = {
4775 		.host_command = CHANNEL,
4776 		.host_command_sequence = 0,
4777 		.host_command_length = sizeof(u32)
4778 	};
4779 	int err;
4780 
4781 	cmd.host_command_parameters[0] = channel;
4782 
4783 	IPW_DEBUG_HC("CHANNEL: %d\n", channel);
4784 
4785 	/* If BSS then we don't support channel selection */
4786 	if (priv->ieee->iw_mode == IW_MODE_INFRA)
4787 		return 0;
4788 
4789 	if ((channel != 0) &&
4790 	    ((channel < REG_MIN_CHANNEL) || (channel > REG_MAX_CHANNEL)))
4791 		return -EINVAL;
4792 
4793 	if (!batch_mode) {
4794 		err = ipw2100_disable_adapter(priv);
4795 		if (err)
4796 			return err;
4797 	}
4798 
4799 	err = ipw2100_hw_send_command(priv, &cmd);
4800 	if (err) {
4801 		IPW_DEBUG_INFO("Failed to set channel to %d", channel);
4802 		return err;
4803 	}
4804 
4805 	if (channel)
4806 		priv->config |= CFG_STATIC_CHANNEL;
4807 	else
4808 		priv->config &= ~CFG_STATIC_CHANNEL;
4809 
4810 	priv->channel = channel;
4811 
4812 	if (!batch_mode) {
4813 		err = ipw2100_enable_adapter(priv);
4814 		if (err)
4815 			return err;
4816 	}
4817 
4818 	return 0;
4819 }
4820 
4821 static int ipw2100_system_config(struct ipw2100_priv *priv, int batch_mode)
4822 {
4823 	struct host_command cmd = {
4824 		.host_command = SYSTEM_CONFIG,
4825 		.host_command_sequence = 0,
4826 		.host_command_length = 12,
4827 	};
4828 	u32 ibss_mask, len = sizeof(u32);
4829 	int err;
4830 
4831 	/* Set system configuration */
4832 
4833 	if (!batch_mode) {
4834 		err = ipw2100_disable_adapter(priv);
4835 		if (err)
4836 			return err;
4837 	}
4838 
4839 	if (priv->ieee->iw_mode == IW_MODE_ADHOC)
4840 		cmd.host_command_parameters[0] |= IPW_CFG_IBSS_AUTO_START;
4841 
4842 	cmd.host_command_parameters[0] |= IPW_CFG_IBSS_MASK |
4843 	    IPW_CFG_BSS_MASK | IPW_CFG_802_1x_ENABLE;
4844 
4845 	if (!(priv->config & CFG_LONG_PREAMBLE))
4846 		cmd.host_command_parameters[0] |= IPW_CFG_PREAMBLE_AUTO;
4847 
4848 	err = ipw2100_get_ordinal(priv,
4849 				  IPW_ORD_EEPROM_IBSS_11B_CHANNELS,
4850 				  &ibss_mask, &len);
4851 	if (err)
4852 		ibss_mask = IPW_IBSS_11B_DEFAULT_MASK;
4853 
4854 	cmd.host_command_parameters[1] = REG_CHANNEL_MASK;
4855 	cmd.host_command_parameters[2] = REG_CHANNEL_MASK & ibss_mask;
4856 
4857 	/* 11b only */
4858 	/*cmd.host_command_parameters[0] |= DIVERSITY_ANTENNA_A; */
4859 
4860 	err = ipw2100_hw_send_command(priv, &cmd);
4861 	if (err)
4862 		return err;
4863 
4864 /* If IPv6 is configured in the kernel then we don't want to filter out all
4865  * of the multicast packets as IPv6 needs some. */
4866 #if !defined(CONFIG_IPV6) && !defined(CONFIG_IPV6_MODULE)
4867 	cmd.host_command = ADD_MULTICAST;
4868 	cmd.host_command_sequence = 0;
4869 	cmd.host_command_length = 0;
4870 
4871 	ipw2100_hw_send_command(priv, &cmd);
4872 #endif
4873 	if (!batch_mode) {
4874 		err = ipw2100_enable_adapter(priv);
4875 		if (err)
4876 			return err;
4877 	}
4878 
4879 	return 0;
4880 }
4881 
4882 static int ipw2100_set_tx_rates(struct ipw2100_priv *priv, u32 rate,
4883 				int batch_mode)
4884 {
4885 	struct host_command cmd = {
4886 		.host_command = BASIC_TX_RATES,
4887 		.host_command_sequence = 0,
4888 		.host_command_length = 4
4889 	};
4890 	int err;
4891 
4892 	cmd.host_command_parameters[0] = rate & TX_RATE_MASK;
4893 
4894 	if (!batch_mode) {
4895 		err = ipw2100_disable_adapter(priv);
4896 		if (err)
4897 			return err;
4898 	}
4899 
4900 	/* Set BASIC TX Rate first */
4901 	ipw2100_hw_send_command(priv, &cmd);
4902 
4903 	/* Set TX Rate */
4904 	cmd.host_command = TX_RATES;
4905 	ipw2100_hw_send_command(priv, &cmd);
4906 
4907 	/* Set MSDU TX Rate */
4908 	cmd.host_command = MSDU_TX_RATES;
4909 	ipw2100_hw_send_command(priv, &cmd);
4910 
4911 	if (!batch_mode) {
4912 		err = ipw2100_enable_adapter(priv);
4913 		if (err)
4914 			return err;
4915 	}
4916 
4917 	priv->tx_rates = rate;
4918 
4919 	return 0;
4920 }
4921 
4922 static int ipw2100_set_power_mode(struct ipw2100_priv *priv, int power_level)
4923 {
4924 	struct host_command cmd = {
4925 		.host_command = POWER_MODE,
4926 		.host_command_sequence = 0,
4927 		.host_command_length = 4
4928 	};
4929 	int err;
4930 
4931 	cmd.host_command_parameters[0] = power_level;
4932 
4933 	err = ipw2100_hw_send_command(priv, &cmd);
4934 	if (err)
4935 		return err;
4936 
4937 	if (power_level == IPW_POWER_MODE_CAM)
4938 		priv->power_mode = IPW_POWER_LEVEL(priv->power_mode);
4939 	else
4940 		priv->power_mode = IPW_POWER_ENABLED | power_level;
4941 
4942 #ifdef IPW2100_TX_POWER
4943 	if (priv->port_type == IBSS && priv->adhoc_power != DFTL_IBSS_TX_POWER) {
4944 		/* Set beacon interval */
4945 		cmd.host_command = TX_POWER_INDEX;
4946 		cmd.host_command_parameters[0] = (u32) priv->adhoc_power;
4947 
4948 		err = ipw2100_hw_send_command(priv, &cmd);
4949 		if (err)
4950 			return err;
4951 	}
4952 #endif
4953 
4954 	return 0;
4955 }
4956 
4957 static int ipw2100_set_rts_threshold(struct ipw2100_priv *priv, u32 threshold)
4958 {
4959 	struct host_command cmd = {
4960 		.host_command = RTS_THRESHOLD,
4961 		.host_command_sequence = 0,
4962 		.host_command_length = 4
4963 	};
4964 	int err;
4965 
4966 	if (threshold & RTS_DISABLED)
4967 		cmd.host_command_parameters[0] = MAX_RTS_THRESHOLD;
4968 	else
4969 		cmd.host_command_parameters[0] = threshold & ~RTS_DISABLED;
4970 
4971 	err = ipw2100_hw_send_command(priv, &cmd);
4972 	if (err)
4973 		return err;
4974 
4975 	priv->rts_threshold = threshold;
4976 
4977 	return 0;
4978 }
4979 
4980 #if 0
4981 int ipw2100_set_fragmentation_threshold(struct ipw2100_priv *priv,
4982 					u32 threshold, int batch_mode)
4983 {
4984 	struct host_command cmd = {
4985 		.host_command = FRAG_THRESHOLD,
4986 		.host_command_sequence = 0,
4987 		.host_command_length = 4,
4988 		.host_command_parameters[0] = 0,
4989 	};
4990 	int err;
4991 
4992 	if (!batch_mode) {
4993 		err = ipw2100_disable_adapter(priv);
4994 		if (err)
4995 			return err;
4996 	}
4997 
4998 	if (threshold == 0)
4999 		threshold = DEFAULT_FRAG_THRESHOLD;
5000 	else {
5001 		threshold = max(threshold, MIN_FRAG_THRESHOLD);
5002 		threshold = min(threshold, MAX_FRAG_THRESHOLD);
5003 	}
5004 
5005 	cmd.host_command_parameters[0] = threshold;
5006 
5007 	IPW_DEBUG_HC("FRAG_THRESHOLD: %u\n", threshold);
5008 
5009 	err = ipw2100_hw_send_command(priv, &cmd);
5010 
5011 	if (!batch_mode)
5012 		ipw2100_enable_adapter(priv);
5013 
5014 	if (!err)
5015 		priv->frag_threshold = threshold;
5016 
5017 	return err;
5018 }
5019 #endif
5020 
5021 static int ipw2100_set_short_retry(struct ipw2100_priv *priv, u32 retry)
5022 {
5023 	struct host_command cmd = {
5024 		.host_command = SHORT_RETRY_LIMIT,
5025 		.host_command_sequence = 0,
5026 		.host_command_length = 4
5027 	};
5028 	int err;
5029 
5030 	cmd.host_command_parameters[0] = retry;
5031 
5032 	err = ipw2100_hw_send_command(priv, &cmd);
5033 	if (err)
5034 		return err;
5035 
5036 	priv->short_retry_limit = retry;
5037 
5038 	return 0;
5039 }
5040 
5041 static int ipw2100_set_long_retry(struct ipw2100_priv *priv, u32 retry)
5042 {
5043 	struct host_command cmd = {
5044 		.host_command = LONG_RETRY_LIMIT,
5045 		.host_command_sequence = 0,
5046 		.host_command_length = 4
5047 	};
5048 	int err;
5049 
5050 	cmd.host_command_parameters[0] = retry;
5051 
5052 	err = ipw2100_hw_send_command(priv, &cmd);
5053 	if (err)
5054 		return err;
5055 
5056 	priv->long_retry_limit = retry;
5057 
5058 	return 0;
5059 }
5060 
5061 static int ipw2100_set_mandatory_bssid(struct ipw2100_priv *priv, u8 * bssid,
5062 				       int batch_mode)
5063 {
5064 	struct host_command cmd = {
5065 		.host_command = MANDATORY_BSSID,
5066 		.host_command_sequence = 0,
5067 		.host_command_length = (bssid == NULL) ? 0 : ETH_ALEN
5068 	};
5069 	int err;
5070 
5071 #ifdef CONFIG_IPW2100_DEBUG
5072 	if (bssid != NULL)
5073 		IPW_DEBUG_HC("MANDATORY_BSSID: %pM\n", bssid);
5074 	else
5075 		IPW_DEBUG_HC("MANDATORY_BSSID: <clear>\n");
5076 #endif
5077 	/* if BSSID is empty then we disable mandatory bssid mode */
5078 	if (bssid != NULL)
5079 		memcpy(cmd.host_command_parameters, bssid, ETH_ALEN);
5080 
5081 	if (!batch_mode) {
5082 		err = ipw2100_disable_adapter(priv);
5083 		if (err)
5084 			return err;
5085 	}
5086 
5087 	err = ipw2100_hw_send_command(priv, &cmd);
5088 
5089 	if (!batch_mode)
5090 		ipw2100_enable_adapter(priv);
5091 
5092 	return err;
5093 }
5094 
5095 static int ipw2100_disassociate_bssid(struct ipw2100_priv *priv)
5096 {
5097 	struct host_command cmd = {
5098 		.host_command = DISASSOCIATION_BSSID,
5099 		.host_command_sequence = 0,
5100 		.host_command_length = ETH_ALEN
5101 	};
5102 	int err;
5103 
5104 	IPW_DEBUG_HC("DISASSOCIATION_BSSID\n");
5105 
5106 	/* The Firmware currently ignores the BSSID and just disassociates from
5107 	 * the currently associated AP -- but in the off chance that a future
5108 	 * firmware does use the BSSID provided here, we go ahead and try and
5109 	 * set it to the currently associated AP's BSSID */
5110 	memcpy(cmd.host_command_parameters, priv->bssid, ETH_ALEN);
5111 
5112 	err = ipw2100_hw_send_command(priv, &cmd);
5113 
5114 	return err;
5115 }
5116 
5117 static int ipw2100_set_wpa_ie(struct ipw2100_priv *,
5118 			      struct ipw2100_wpa_assoc_frame *, int)
5119     __attribute__ ((unused));
5120 
5121 static int ipw2100_set_wpa_ie(struct ipw2100_priv *priv,
5122 			      struct ipw2100_wpa_assoc_frame *wpa_frame,
5123 			      int batch_mode)
5124 {
5125 	struct host_command cmd = {
5126 		.host_command = SET_WPA_IE,
5127 		.host_command_sequence = 0,
5128 		.host_command_length = sizeof(struct ipw2100_wpa_assoc_frame),
5129 	};
5130 	int err;
5131 
5132 	IPW_DEBUG_HC("SET_WPA_IE\n");
5133 
5134 	if (!batch_mode) {
5135 		err = ipw2100_disable_adapter(priv);
5136 		if (err)
5137 			return err;
5138 	}
5139 
5140 	memcpy(cmd.host_command_parameters, wpa_frame,
5141 	       sizeof(struct ipw2100_wpa_assoc_frame));
5142 
5143 	err = ipw2100_hw_send_command(priv, &cmd);
5144 
5145 	if (!batch_mode) {
5146 		if (ipw2100_enable_adapter(priv))
5147 			err = -EIO;
5148 	}
5149 
5150 	return err;
5151 }
5152 
5153 struct security_info_params {
5154 	u32 allowed_ciphers;
5155 	u16 version;
5156 	u8 auth_mode;
5157 	u8 replay_counters_number;
5158 	u8 unicast_using_group;
5159 } __packed;
5160 
5161 static int ipw2100_set_security_information(struct ipw2100_priv *priv,
5162 					    int auth_mode,
5163 					    int security_level,
5164 					    int unicast_using_group,
5165 					    int batch_mode)
5166 {
5167 	struct host_command cmd = {
5168 		.host_command = SET_SECURITY_INFORMATION,
5169 		.host_command_sequence = 0,
5170 		.host_command_length = sizeof(struct security_info_params)
5171 	};
5172 	struct security_info_params *security =
5173 	    (struct security_info_params *)&cmd.host_command_parameters;
5174 	int err;
5175 	memset(security, 0, sizeof(*security));
5176 
5177 	/* If shared key AP authentication is turned on, then we need to
5178 	 * configure the firmware to try and use it.
5179 	 *
5180 	 * Actual data encryption/decryption is handled by the host. */
5181 	security->auth_mode = auth_mode;
5182 	security->unicast_using_group = unicast_using_group;
5183 
5184 	switch (security_level) {
5185 	default:
5186 	case SEC_LEVEL_0:
5187 		security->allowed_ciphers = IPW_NONE_CIPHER;
5188 		break;
5189 	case SEC_LEVEL_1:
5190 		security->allowed_ciphers = IPW_WEP40_CIPHER |
5191 		    IPW_WEP104_CIPHER;
5192 		break;
5193 	case SEC_LEVEL_2:
5194 		security->allowed_ciphers = IPW_WEP40_CIPHER |
5195 		    IPW_WEP104_CIPHER | IPW_TKIP_CIPHER;
5196 		break;
5197 	case SEC_LEVEL_2_CKIP:
5198 		security->allowed_ciphers = IPW_WEP40_CIPHER |
5199 		    IPW_WEP104_CIPHER | IPW_CKIP_CIPHER;
5200 		break;
5201 	case SEC_LEVEL_3:
5202 		security->allowed_ciphers = IPW_WEP40_CIPHER |
5203 		    IPW_WEP104_CIPHER | IPW_TKIP_CIPHER | IPW_CCMP_CIPHER;
5204 		break;
5205 	}
5206 
5207 	IPW_DEBUG_HC
5208 	    ("SET_SECURITY_INFORMATION: auth:%d cipher:0x%02X (level %d)\n",
5209 	     security->auth_mode, security->allowed_ciphers, security_level);
5210 
5211 	security->replay_counters_number = 0;
5212 
5213 	if (!batch_mode) {
5214 		err = ipw2100_disable_adapter(priv);
5215 		if (err)
5216 			return err;
5217 	}
5218 
5219 	err = ipw2100_hw_send_command(priv, &cmd);
5220 
5221 	if (!batch_mode)
5222 		ipw2100_enable_adapter(priv);
5223 
5224 	return err;
5225 }
5226 
5227 static int ipw2100_set_tx_power(struct ipw2100_priv *priv, u32 tx_power)
5228 {
5229 	struct host_command cmd = {
5230 		.host_command = TX_POWER_INDEX,
5231 		.host_command_sequence = 0,
5232 		.host_command_length = 4
5233 	};
5234 	int err = 0;
5235 	u32 tmp = tx_power;
5236 
5237 	if (tx_power != IPW_TX_POWER_DEFAULT)
5238 		tmp = (tx_power - IPW_TX_POWER_MIN_DBM) * 16 /
5239 		      (IPW_TX_POWER_MAX_DBM - IPW_TX_POWER_MIN_DBM);
5240 
5241 	cmd.host_command_parameters[0] = tmp;
5242 
5243 	if (priv->ieee->iw_mode == IW_MODE_ADHOC)
5244 		err = ipw2100_hw_send_command(priv, &cmd);
5245 	if (!err)
5246 		priv->tx_power = tx_power;
5247 
5248 	return 0;
5249 }
5250 
5251 static int ipw2100_set_ibss_beacon_interval(struct ipw2100_priv *priv,
5252 					    u32 interval, int batch_mode)
5253 {
5254 	struct host_command cmd = {
5255 		.host_command = BEACON_INTERVAL,
5256 		.host_command_sequence = 0,
5257 		.host_command_length = 4
5258 	};
5259 	int err;
5260 
5261 	cmd.host_command_parameters[0] = interval;
5262 
5263 	IPW_DEBUG_INFO("enter\n");
5264 
5265 	if (priv->ieee->iw_mode == IW_MODE_ADHOC) {
5266 		if (!batch_mode) {
5267 			err = ipw2100_disable_adapter(priv);
5268 			if (err)
5269 				return err;
5270 		}
5271 
5272 		ipw2100_hw_send_command(priv, &cmd);
5273 
5274 		if (!batch_mode) {
5275 			err = ipw2100_enable_adapter(priv);
5276 			if (err)
5277 				return err;
5278 		}
5279 	}
5280 
5281 	IPW_DEBUG_INFO("exit\n");
5282 
5283 	return 0;
5284 }
5285 
5286 static void ipw2100_queues_initialize(struct ipw2100_priv *priv)
5287 {
5288 	ipw2100_tx_initialize(priv);
5289 	ipw2100_rx_initialize(priv);
5290 	ipw2100_msg_initialize(priv);
5291 }
5292 
5293 static void ipw2100_queues_free(struct ipw2100_priv *priv)
5294 {
5295 	ipw2100_tx_free(priv);
5296 	ipw2100_rx_free(priv);
5297 	ipw2100_msg_free(priv);
5298 }
5299 
5300 static int ipw2100_queues_allocate(struct ipw2100_priv *priv)
5301 {
5302 	if (ipw2100_tx_allocate(priv) ||
5303 	    ipw2100_rx_allocate(priv) || ipw2100_msg_allocate(priv))
5304 		goto fail;
5305 
5306 	return 0;
5307 
5308       fail:
5309 	ipw2100_tx_free(priv);
5310 	ipw2100_rx_free(priv);
5311 	ipw2100_msg_free(priv);
5312 	return -ENOMEM;
5313 }
5314 
5315 #define IPW_PRIVACY_CAPABLE 0x0008
5316 
5317 static int ipw2100_set_wep_flags(struct ipw2100_priv *priv, u32 flags,
5318 				 int batch_mode)
5319 {
5320 	struct host_command cmd = {
5321 		.host_command = WEP_FLAGS,
5322 		.host_command_sequence = 0,
5323 		.host_command_length = 4
5324 	};
5325 	int err;
5326 
5327 	cmd.host_command_parameters[0] = flags;
5328 
5329 	IPW_DEBUG_HC("WEP_FLAGS: flags = 0x%08X\n", flags);
5330 
5331 	if (!batch_mode) {
5332 		err = ipw2100_disable_adapter(priv);
5333 		if (err) {
5334 			printk(KERN_ERR DRV_NAME
5335 			       ": %s: Could not disable adapter %d\n",
5336 			       priv->net_dev->name, err);
5337 			return err;
5338 		}
5339 	}
5340 
5341 	/* send cmd to firmware */
5342 	err = ipw2100_hw_send_command(priv, &cmd);
5343 
5344 	if (!batch_mode)
5345 		ipw2100_enable_adapter(priv);
5346 
5347 	return err;
5348 }
5349 
5350 struct ipw2100_wep_key {
5351 	u8 idx;
5352 	u8 len;
5353 	u8 key[13];
5354 };
5355 
5356 /* Macros to ease up priting WEP keys */
5357 #define WEP_FMT_64  "%02X%02X%02X%02X-%02X"
5358 #define WEP_FMT_128 "%02X%02X%02X%02X-%02X%02X%02X%02X-%02X%02X%02X"
5359 #define WEP_STR_64(x) x[0],x[1],x[2],x[3],x[4]
5360 #define WEP_STR_128(x) x[0],x[1],x[2],x[3],x[4],x[5],x[6],x[7],x[8],x[9],x[10]
5361 
5362 /**
5363  * Set a the wep key
5364  *
5365  * @priv: struct to work on
5366  * @idx: index of the key we want to set
5367  * @key: ptr to the key data to set
5368  * @len: length of the buffer at @key
5369  * @batch_mode: FIXME perform the operation in batch mode, not
5370  *              disabling the device.
5371  *
5372  * @returns 0 if OK, < 0 errno code on error.
5373  *
5374  * Fill out a command structure with the new wep key, length an
5375  * index and send it down the wire.
5376  */
5377 static int ipw2100_set_key(struct ipw2100_priv *priv,
5378 			   int idx, char *key, int len, int batch_mode)
5379 {
5380 	int keylen = len ? (len <= 5 ? 5 : 13) : 0;
5381 	struct host_command cmd = {
5382 		.host_command = WEP_KEY_INFO,
5383 		.host_command_sequence = 0,
5384 		.host_command_length = sizeof(struct ipw2100_wep_key),
5385 	};
5386 	struct ipw2100_wep_key *wep_key = (void *)cmd.host_command_parameters;
5387 	int err;
5388 
5389 	IPW_DEBUG_HC("WEP_KEY_INFO: index = %d, len = %d/%d\n",
5390 		     idx, keylen, len);
5391 
5392 	/* NOTE: We don't check cached values in case the firmware was reset
5393 	 * or some other problem is occurring.  If the user is setting the key,
5394 	 * then we push the change */
5395 
5396 	wep_key->idx = idx;
5397 	wep_key->len = keylen;
5398 
5399 	if (keylen) {
5400 		memcpy(wep_key->key, key, len);
5401 		memset(wep_key->key + len, 0, keylen - len);
5402 	}
5403 
5404 	/* Will be optimized out on debug not being configured in */
5405 	if (keylen == 0)
5406 		IPW_DEBUG_WEP("%s: Clearing key %d\n",
5407 			      priv->net_dev->name, wep_key->idx);
5408 	else if (keylen == 5)
5409 		IPW_DEBUG_WEP("%s: idx: %d, len: %d key: " WEP_FMT_64 "\n",
5410 			      priv->net_dev->name, wep_key->idx, wep_key->len,
5411 			      WEP_STR_64(wep_key->key));
5412 	else
5413 		IPW_DEBUG_WEP("%s: idx: %d, len: %d key: " WEP_FMT_128
5414 			      "\n",
5415 			      priv->net_dev->name, wep_key->idx, wep_key->len,
5416 			      WEP_STR_128(wep_key->key));
5417 
5418 	if (!batch_mode) {
5419 		err = ipw2100_disable_adapter(priv);
5420 		/* FIXME: IPG: shouldn't this prink be in _disable_adapter()? */
5421 		if (err) {
5422 			printk(KERN_ERR DRV_NAME
5423 			       ": %s: Could not disable adapter %d\n",
5424 			       priv->net_dev->name, err);
5425 			return err;
5426 		}
5427 	}
5428 
5429 	/* send cmd to firmware */
5430 	err = ipw2100_hw_send_command(priv, &cmd);
5431 
5432 	if (!batch_mode) {
5433 		int err2 = ipw2100_enable_adapter(priv);
5434 		if (err == 0)
5435 			err = err2;
5436 	}
5437 	return err;
5438 }
5439 
5440 static int ipw2100_set_key_index(struct ipw2100_priv *priv,
5441 				 int idx, int batch_mode)
5442 {
5443 	struct host_command cmd = {
5444 		.host_command = WEP_KEY_INDEX,
5445 		.host_command_sequence = 0,
5446 		.host_command_length = 4,
5447 		.host_command_parameters = {idx},
5448 	};
5449 	int err;
5450 
5451 	IPW_DEBUG_HC("WEP_KEY_INDEX: index = %d\n", idx);
5452 
5453 	if (idx < 0 || idx > 3)
5454 		return -EINVAL;
5455 
5456 	if (!batch_mode) {
5457 		err = ipw2100_disable_adapter(priv);
5458 		if (err) {
5459 			printk(KERN_ERR DRV_NAME
5460 			       ": %s: Could not disable adapter %d\n",
5461 			       priv->net_dev->name, err);
5462 			return err;
5463 		}
5464 	}
5465 
5466 	/* send cmd to firmware */
5467 	err = ipw2100_hw_send_command(priv, &cmd);
5468 
5469 	if (!batch_mode)
5470 		ipw2100_enable_adapter(priv);
5471 
5472 	return err;
5473 }
5474 
5475 static int ipw2100_configure_security(struct ipw2100_priv *priv, int batch_mode)
5476 {
5477 	int i, err, auth_mode, sec_level, use_group;
5478 
5479 	if (!(priv->status & STATUS_RUNNING))
5480 		return 0;
5481 
5482 	if (!batch_mode) {
5483 		err = ipw2100_disable_adapter(priv);
5484 		if (err)
5485 			return err;
5486 	}
5487 
5488 	if (!priv->ieee->sec.enabled) {
5489 		err =
5490 		    ipw2100_set_security_information(priv, IPW_AUTH_OPEN,
5491 						     SEC_LEVEL_0, 0, 1);
5492 	} else {
5493 		auth_mode = IPW_AUTH_OPEN;
5494 		if (priv->ieee->sec.flags & SEC_AUTH_MODE) {
5495 			if (priv->ieee->sec.auth_mode == WLAN_AUTH_SHARED_KEY)
5496 				auth_mode = IPW_AUTH_SHARED;
5497 			else if (priv->ieee->sec.auth_mode == WLAN_AUTH_LEAP)
5498 				auth_mode = IPW_AUTH_LEAP_CISCO_ID;
5499 		}
5500 
5501 		sec_level = SEC_LEVEL_0;
5502 		if (priv->ieee->sec.flags & SEC_LEVEL)
5503 			sec_level = priv->ieee->sec.level;
5504 
5505 		use_group = 0;
5506 		if (priv->ieee->sec.flags & SEC_UNICAST_GROUP)
5507 			use_group = priv->ieee->sec.unicast_uses_group;
5508 
5509 		err =
5510 		    ipw2100_set_security_information(priv, auth_mode, sec_level,
5511 						     use_group, 1);
5512 	}
5513 
5514 	if (err)
5515 		goto exit;
5516 
5517 	if (priv->ieee->sec.enabled) {
5518 		for (i = 0; i < 4; i++) {
5519 			if (!(priv->ieee->sec.flags & (1 << i))) {
5520 				memset(priv->ieee->sec.keys[i], 0, WEP_KEY_LEN);
5521 				priv->ieee->sec.key_sizes[i] = 0;
5522 			} else {
5523 				err = ipw2100_set_key(priv, i,
5524 						      priv->ieee->sec.keys[i],
5525 						      priv->ieee->sec.
5526 						      key_sizes[i], 1);
5527 				if (err)
5528 					goto exit;
5529 			}
5530 		}
5531 
5532 		ipw2100_set_key_index(priv, priv->ieee->crypt_info.tx_keyidx, 1);
5533 	}
5534 
5535 	/* Always enable privacy so the Host can filter WEP packets if
5536 	 * encrypted data is sent up */
5537 	err =
5538 	    ipw2100_set_wep_flags(priv,
5539 				  priv->ieee->sec.
5540 				  enabled ? IPW_PRIVACY_CAPABLE : 0, 1);
5541 	if (err)
5542 		goto exit;
5543 
5544 	priv->status &= ~STATUS_SECURITY_UPDATED;
5545 
5546       exit:
5547 	if (!batch_mode)
5548 		ipw2100_enable_adapter(priv);
5549 
5550 	return err;
5551 }
5552 
5553 static void ipw2100_security_work(struct work_struct *work)
5554 {
5555 	struct ipw2100_priv *priv =
5556 		container_of(work, struct ipw2100_priv, security_work.work);
5557 
5558 	/* If we happen to have reconnected before we get a chance to
5559 	 * process this, then update the security settings--which causes
5560 	 * a disassociation to occur */
5561 	if (!(priv->status & STATUS_ASSOCIATED) &&
5562 	    priv->status & STATUS_SECURITY_UPDATED)
5563 		ipw2100_configure_security(priv, 0);
5564 }
5565 
5566 static void shim__set_security(struct net_device *dev,
5567 			       struct libipw_security *sec)
5568 {
5569 	struct ipw2100_priv *priv = libipw_priv(dev);
5570 	int i;
5571 
5572 	mutex_lock(&priv->action_mutex);
5573 	if (!(priv->status & STATUS_INITIALIZED))
5574 		goto done;
5575 
5576 	for (i = 0; i < 4; i++) {
5577 		if (sec->flags & (1 << i)) {
5578 			priv->ieee->sec.key_sizes[i] = sec->key_sizes[i];
5579 			if (sec->key_sizes[i] == 0)
5580 				priv->ieee->sec.flags &= ~(1 << i);
5581 			else
5582 				memcpy(priv->ieee->sec.keys[i], sec->keys[i],
5583 				       sec->key_sizes[i]);
5584 			if (sec->level == SEC_LEVEL_1) {
5585 				priv->ieee->sec.flags |= (1 << i);
5586 				priv->status |= STATUS_SECURITY_UPDATED;
5587 			} else
5588 				priv->ieee->sec.flags &= ~(1 << i);
5589 		}
5590 	}
5591 
5592 	if ((sec->flags & SEC_ACTIVE_KEY) &&
5593 	    priv->ieee->sec.active_key != sec->active_key) {
5594 		priv->ieee->sec.active_key = sec->active_key;
5595 		priv->ieee->sec.flags |= SEC_ACTIVE_KEY;
5596 		priv->status |= STATUS_SECURITY_UPDATED;
5597 	}
5598 
5599 	if ((sec->flags & SEC_AUTH_MODE) &&
5600 	    (priv->ieee->sec.auth_mode != sec->auth_mode)) {
5601 		priv->ieee->sec.auth_mode = sec->auth_mode;
5602 		priv->ieee->sec.flags |= SEC_AUTH_MODE;
5603 		priv->status |= STATUS_SECURITY_UPDATED;
5604 	}
5605 
5606 	if (sec->flags & SEC_ENABLED && priv->ieee->sec.enabled != sec->enabled) {
5607 		priv->ieee->sec.flags |= SEC_ENABLED;
5608 		priv->ieee->sec.enabled = sec->enabled;
5609 		priv->status |= STATUS_SECURITY_UPDATED;
5610 	}
5611 
5612 	if (sec->flags & SEC_ENCRYPT)
5613 		priv->ieee->sec.encrypt = sec->encrypt;
5614 
5615 	if (sec->flags & SEC_LEVEL && priv->ieee->sec.level != sec->level) {
5616 		priv->ieee->sec.level = sec->level;
5617 		priv->ieee->sec.flags |= SEC_LEVEL;
5618 		priv->status |= STATUS_SECURITY_UPDATED;
5619 	}
5620 
5621 	IPW_DEBUG_WEP("Security flags: %c %c%c%c%c %c%c%c%c\n",
5622 		      priv->ieee->sec.flags & (1 << 8) ? '1' : '0',
5623 		      priv->ieee->sec.flags & (1 << 7) ? '1' : '0',
5624 		      priv->ieee->sec.flags & (1 << 6) ? '1' : '0',
5625 		      priv->ieee->sec.flags & (1 << 5) ? '1' : '0',
5626 		      priv->ieee->sec.flags & (1 << 4) ? '1' : '0',
5627 		      priv->ieee->sec.flags & (1 << 3) ? '1' : '0',
5628 		      priv->ieee->sec.flags & (1 << 2) ? '1' : '0',
5629 		      priv->ieee->sec.flags & (1 << 1) ? '1' : '0',
5630 		      priv->ieee->sec.flags & (1 << 0) ? '1' : '0');
5631 
5632 /* As a temporary work around to enable WPA until we figure out why
5633  * wpa_supplicant toggles the security capability of the driver, which
5634  * forces a disassociation with force_update...
5635  *
5636  *	if (force_update || !(priv->status & STATUS_ASSOCIATED))*/
5637 	if (!(priv->status & (STATUS_ASSOCIATED | STATUS_ASSOCIATING)))
5638 		ipw2100_configure_security(priv, 0);
5639       done:
5640 	mutex_unlock(&priv->action_mutex);
5641 }
5642 
5643 static int ipw2100_adapter_setup(struct ipw2100_priv *priv)
5644 {
5645 	int err;
5646 	int batch_mode = 1;
5647 	u8 *bssid;
5648 
5649 	IPW_DEBUG_INFO("enter\n");
5650 
5651 	err = ipw2100_disable_adapter(priv);
5652 	if (err)
5653 		return err;
5654 #ifdef CONFIG_IPW2100_MONITOR
5655 	if (priv->ieee->iw_mode == IW_MODE_MONITOR) {
5656 		err = ipw2100_set_channel(priv, priv->channel, batch_mode);
5657 		if (err)
5658 			return err;
5659 
5660 		IPW_DEBUG_INFO("exit\n");
5661 
5662 		return 0;
5663 	}
5664 #endif				/* CONFIG_IPW2100_MONITOR */
5665 
5666 	err = ipw2100_read_mac_address(priv);
5667 	if (err)
5668 		return -EIO;
5669 
5670 	err = ipw2100_set_mac_address(priv, batch_mode);
5671 	if (err)
5672 		return err;
5673 
5674 	err = ipw2100_set_port_type(priv, priv->ieee->iw_mode, batch_mode);
5675 	if (err)
5676 		return err;
5677 
5678 	if (priv->ieee->iw_mode == IW_MODE_ADHOC) {
5679 		err = ipw2100_set_channel(priv, priv->channel, batch_mode);
5680 		if (err)
5681 			return err;
5682 	}
5683 
5684 	err = ipw2100_system_config(priv, batch_mode);
5685 	if (err)
5686 		return err;
5687 
5688 	err = ipw2100_set_tx_rates(priv, priv->tx_rates, batch_mode);
5689 	if (err)
5690 		return err;
5691 
5692 	/* Default to power mode OFF */
5693 	err = ipw2100_set_power_mode(priv, IPW_POWER_MODE_CAM);
5694 	if (err)
5695 		return err;
5696 
5697 	err = ipw2100_set_rts_threshold(priv, priv->rts_threshold);
5698 	if (err)
5699 		return err;
5700 
5701 	if (priv->config & CFG_STATIC_BSSID)
5702 		bssid = priv->bssid;
5703 	else
5704 		bssid = NULL;
5705 	err = ipw2100_set_mandatory_bssid(priv, bssid, batch_mode);
5706 	if (err)
5707 		return err;
5708 
5709 	if (priv->config & CFG_STATIC_ESSID)
5710 		err = ipw2100_set_essid(priv, priv->essid, priv->essid_len,
5711 					batch_mode);
5712 	else
5713 		err = ipw2100_set_essid(priv, NULL, 0, batch_mode);
5714 	if (err)
5715 		return err;
5716 
5717 	err = ipw2100_configure_security(priv, batch_mode);
5718 	if (err)
5719 		return err;
5720 
5721 	if (priv->ieee->iw_mode == IW_MODE_ADHOC) {
5722 		err =
5723 		    ipw2100_set_ibss_beacon_interval(priv,
5724 						     priv->beacon_interval,
5725 						     batch_mode);
5726 		if (err)
5727 			return err;
5728 
5729 		err = ipw2100_set_tx_power(priv, priv->tx_power);
5730 		if (err)
5731 			return err;
5732 	}
5733 
5734 	/*
5735 	   err = ipw2100_set_fragmentation_threshold(
5736 	   priv, priv->frag_threshold, batch_mode);
5737 	   if (err)
5738 	   return err;
5739 	 */
5740 
5741 	IPW_DEBUG_INFO("exit\n");
5742 
5743 	return 0;
5744 }
5745 
5746 /*************************************************************************
5747  *
5748  * EXTERNALLY CALLED METHODS
5749  *
5750  *************************************************************************/
5751 
5752 /* This method is called by the network layer -- not to be confused with
5753  * ipw2100_set_mac_address() declared above called by this driver (and this
5754  * method as well) to talk to the firmware */
5755 static int ipw2100_set_address(struct net_device *dev, void *p)
5756 {
5757 	struct ipw2100_priv *priv = libipw_priv(dev);
5758 	struct sockaddr *addr = p;
5759 	int err = 0;
5760 
5761 	if (!is_valid_ether_addr(addr->sa_data))
5762 		return -EADDRNOTAVAIL;
5763 
5764 	mutex_lock(&priv->action_mutex);
5765 
5766 	priv->config |= CFG_CUSTOM_MAC;
5767 	memcpy(priv->mac_addr, addr->sa_data, ETH_ALEN);
5768 
5769 	err = ipw2100_set_mac_address(priv, 0);
5770 	if (err)
5771 		goto done;
5772 
5773 	priv->reset_backoff = 0;
5774 	mutex_unlock(&priv->action_mutex);
5775 	ipw2100_reset_adapter(&priv->reset_work.work);
5776 	return 0;
5777 
5778       done:
5779 	mutex_unlock(&priv->action_mutex);
5780 	return err;
5781 }
5782 
5783 static int ipw2100_open(struct net_device *dev)
5784 {
5785 	struct ipw2100_priv *priv = libipw_priv(dev);
5786 	unsigned long flags;
5787 	IPW_DEBUG_INFO("dev->open\n");
5788 
5789 	spin_lock_irqsave(&priv->low_lock, flags);
5790 	if (priv->status & STATUS_ASSOCIATED) {
5791 		netif_carrier_on(dev);
5792 		netif_start_queue(dev);
5793 	}
5794 	spin_unlock_irqrestore(&priv->low_lock, flags);
5795 
5796 	return 0;
5797 }
5798 
5799 static int ipw2100_close(struct net_device *dev)
5800 {
5801 	struct ipw2100_priv *priv = libipw_priv(dev);
5802 	unsigned long flags;
5803 	struct list_head *element;
5804 	struct ipw2100_tx_packet *packet;
5805 
5806 	IPW_DEBUG_INFO("enter\n");
5807 
5808 	spin_lock_irqsave(&priv->low_lock, flags);
5809 
5810 	if (priv->status & STATUS_ASSOCIATED)
5811 		netif_carrier_off(dev);
5812 	netif_stop_queue(dev);
5813 
5814 	/* Flush the TX queue ... */
5815 	while (!list_empty(&priv->tx_pend_list)) {
5816 		element = priv->tx_pend_list.next;
5817 		packet = list_entry(element, struct ipw2100_tx_packet, list);
5818 
5819 		list_del(element);
5820 		DEC_STAT(&priv->tx_pend_stat);
5821 
5822 		libipw_txb_free(packet->info.d_struct.txb);
5823 		packet->info.d_struct.txb = NULL;
5824 
5825 		list_add_tail(element, &priv->tx_free_list);
5826 		INC_STAT(&priv->tx_free_stat);
5827 	}
5828 	spin_unlock_irqrestore(&priv->low_lock, flags);
5829 
5830 	IPW_DEBUG_INFO("exit\n");
5831 
5832 	return 0;
5833 }
5834 
5835 /*
5836  * TODO:  Fix this function... its just wrong
5837  */
5838 static void ipw2100_tx_timeout(struct net_device *dev, unsigned int txqueue)
5839 {
5840 	struct ipw2100_priv *priv = libipw_priv(dev);
5841 
5842 	dev->stats.tx_errors++;
5843 
5844 #ifdef CONFIG_IPW2100_MONITOR
5845 	if (priv->ieee->iw_mode == IW_MODE_MONITOR)
5846 		return;
5847 #endif
5848 
5849 	IPW_DEBUG_INFO("%s: TX timed out.  Scheduling firmware restart.\n",
5850 		       dev->name);
5851 	schedule_reset(priv);
5852 }
5853 
5854 static int ipw2100_wpa_enable(struct ipw2100_priv *priv, int value)
5855 {
5856 	/* This is called when wpa_supplicant loads and closes the driver
5857 	 * interface. */
5858 	priv->ieee->wpa_enabled = value;
5859 	return 0;
5860 }
5861 
5862 static int ipw2100_wpa_set_auth_algs(struct ipw2100_priv *priv, int value)
5863 {
5864 
5865 	struct libipw_device *ieee = priv->ieee;
5866 	struct libipw_security sec = {
5867 		.flags = SEC_AUTH_MODE,
5868 	};
5869 	int ret = 0;
5870 
5871 	if (value & IW_AUTH_ALG_SHARED_KEY) {
5872 		sec.auth_mode = WLAN_AUTH_SHARED_KEY;
5873 		ieee->open_wep = 0;
5874 	} else if (value & IW_AUTH_ALG_OPEN_SYSTEM) {
5875 		sec.auth_mode = WLAN_AUTH_OPEN;
5876 		ieee->open_wep = 1;
5877 	} else if (value & IW_AUTH_ALG_LEAP) {
5878 		sec.auth_mode = WLAN_AUTH_LEAP;
5879 		ieee->open_wep = 1;
5880 	} else
5881 		return -EINVAL;
5882 
5883 	if (ieee->set_security)
5884 		ieee->set_security(ieee->dev, &sec);
5885 	else
5886 		ret = -EOPNOTSUPP;
5887 
5888 	return ret;
5889 }
5890 
5891 static void ipw2100_wpa_assoc_frame(struct ipw2100_priv *priv,
5892 				    char *wpa_ie, int wpa_ie_len)
5893 {
5894 
5895 	struct ipw2100_wpa_assoc_frame frame;
5896 
5897 	frame.fixed_ie_mask = 0;
5898 
5899 	/* copy WPA IE */
5900 	memcpy(frame.var_ie, wpa_ie, wpa_ie_len);
5901 	frame.var_ie_len = wpa_ie_len;
5902 
5903 	/* make sure WPA is enabled */
5904 	ipw2100_wpa_enable(priv, 1);
5905 	ipw2100_set_wpa_ie(priv, &frame, 0);
5906 }
5907 
5908 static void ipw_ethtool_get_drvinfo(struct net_device *dev,
5909 				    struct ethtool_drvinfo *info)
5910 {
5911 	struct ipw2100_priv *priv = libipw_priv(dev);
5912 	char fw_ver[64], ucode_ver[64];
5913 
5914 	strlcpy(info->driver, DRV_NAME, sizeof(info->driver));
5915 	strlcpy(info->version, DRV_VERSION, sizeof(info->version));
5916 
5917 	ipw2100_get_fwversion(priv, fw_ver, sizeof(fw_ver));
5918 	ipw2100_get_ucodeversion(priv, ucode_ver, sizeof(ucode_ver));
5919 
5920 	snprintf(info->fw_version, sizeof(info->fw_version), "%s:%d:%s",
5921 		 fw_ver, priv->eeprom_version, ucode_ver);
5922 
5923 	strlcpy(info->bus_info, pci_name(priv->pci_dev),
5924 		sizeof(info->bus_info));
5925 }
5926 
5927 static u32 ipw2100_ethtool_get_link(struct net_device *dev)
5928 {
5929 	struct ipw2100_priv *priv = libipw_priv(dev);
5930 	return (priv->status & STATUS_ASSOCIATED) ? 1 : 0;
5931 }
5932 
5933 static const struct ethtool_ops ipw2100_ethtool_ops = {
5934 	.get_link = ipw2100_ethtool_get_link,
5935 	.get_drvinfo = ipw_ethtool_get_drvinfo,
5936 };
5937 
5938 static void ipw2100_hang_check(struct work_struct *work)
5939 {
5940 	struct ipw2100_priv *priv =
5941 		container_of(work, struct ipw2100_priv, hang_check.work);
5942 	unsigned long flags;
5943 	u32 rtc = 0xa5a5a5a5;
5944 	u32 len = sizeof(rtc);
5945 	int restart = 0;
5946 
5947 	spin_lock_irqsave(&priv->low_lock, flags);
5948 
5949 	if (priv->fatal_error != 0) {
5950 		/* If fatal_error is set then we need to restart */
5951 		IPW_DEBUG_INFO("%s: Hardware fatal error detected.\n",
5952 			       priv->net_dev->name);
5953 
5954 		restart = 1;
5955 	} else if (ipw2100_get_ordinal(priv, IPW_ORD_RTC_TIME, &rtc, &len) ||
5956 		   (rtc == priv->last_rtc)) {
5957 		/* Check if firmware is hung */
5958 		IPW_DEBUG_INFO("%s: Firmware RTC stalled.\n",
5959 			       priv->net_dev->name);
5960 
5961 		restart = 1;
5962 	}
5963 
5964 	if (restart) {
5965 		/* Kill timer */
5966 		priv->stop_hang_check = 1;
5967 		priv->hangs++;
5968 
5969 		/* Restart the NIC */
5970 		schedule_reset(priv);
5971 	}
5972 
5973 	priv->last_rtc = rtc;
5974 
5975 	if (!priv->stop_hang_check)
5976 		schedule_delayed_work(&priv->hang_check, HZ / 2);
5977 
5978 	spin_unlock_irqrestore(&priv->low_lock, flags);
5979 }
5980 
5981 static void ipw2100_rf_kill(struct work_struct *work)
5982 {
5983 	struct ipw2100_priv *priv =
5984 		container_of(work, struct ipw2100_priv, rf_kill.work);
5985 	unsigned long flags;
5986 
5987 	spin_lock_irqsave(&priv->low_lock, flags);
5988 
5989 	if (rf_kill_active(priv)) {
5990 		IPW_DEBUG_RF_KILL("RF Kill active, rescheduling GPIO check\n");
5991 		if (!priv->stop_rf_kill)
5992 			schedule_delayed_work(&priv->rf_kill,
5993 					      round_jiffies_relative(HZ));
5994 		goto exit_unlock;
5995 	}
5996 
5997 	/* RF Kill is now disabled, so bring the device back up */
5998 
5999 	if (!(priv->status & STATUS_RF_KILL_MASK)) {
6000 		IPW_DEBUG_RF_KILL("HW RF Kill no longer active, restarting "
6001 				  "device\n");
6002 		schedule_reset(priv);
6003 	} else
6004 		IPW_DEBUG_RF_KILL("HW RF Kill deactivated.  SW RF Kill still "
6005 				  "enabled\n");
6006 
6007       exit_unlock:
6008 	spin_unlock_irqrestore(&priv->low_lock, flags);
6009 }
6010 
6011 static void ipw2100_irq_tasklet(unsigned long data);
6012 
6013 static const struct net_device_ops ipw2100_netdev_ops = {
6014 	.ndo_open		= ipw2100_open,
6015 	.ndo_stop		= ipw2100_close,
6016 	.ndo_start_xmit		= libipw_xmit,
6017 	.ndo_tx_timeout		= ipw2100_tx_timeout,
6018 	.ndo_set_mac_address	= ipw2100_set_address,
6019 	.ndo_validate_addr	= eth_validate_addr,
6020 };
6021 
6022 /* Look into using netdev destructor to shutdown libipw? */
6023 
6024 static struct net_device *ipw2100_alloc_device(struct pci_dev *pci_dev,
6025 					       void __iomem * ioaddr)
6026 {
6027 	struct ipw2100_priv *priv;
6028 	struct net_device *dev;
6029 
6030 	dev = alloc_libipw(sizeof(struct ipw2100_priv), 0);
6031 	if (!dev)
6032 		return NULL;
6033 	priv = libipw_priv(dev);
6034 	priv->ieee = netdev_priv(dev);
6035 	priv->pci_dev = pci_dev;
6036 	priv->net_dev = dev;
6037 	priv->ioaddr = ioaddr;
6038 
6039 	priv->ieee->hard_start_xmit = ipw2100_tx;
6040 	priv->ieee->set_security = shim__set_security;
6041 
6042 	priv->ieee->perfect_rssi = -20;
6043 	priv->ieee->worst_rssi = -85;
6044 
6045 	dev->netdev_ops = &ipw2100_netdev_ops;
6046 	dev->ethtool_ops = &ipw2100_ethtool_ops;
6047 	dev->wireless_handlers = &ipw2100_wx_handler_def;
6048 	priv->wireless_data.libipw = priv->ieee;
6049 	dev->wireless_data = &priv->wireless_data;
6050 	dev->watchdog_timeo = 3 * HZ;
6051 	dev->irq = 0;
6052 	dev->min_mtu = 68;
6053 	dev->max_mtu = LIBIPW_DATA_LEN;
6054 
6055 	/* NOTE: We don't use the wireless_handlers hook
6056 	 * in dev as the system will start throwing WX requests
6057 	 * to us before we're actually initialized and it just
6058 	 * ends up causing problems.  So, we just handle
6059 	 * the WX extensions through the ipw2100_ioctl interface */
6060 
6061 	/* memset() puts everything to 0, so we only have explicitly set
6062 	 * those values that need to be something else */
6063 
6064 	/* If power management is turned on, default to AUTO mode */
6065 	priv->power_mode = IPW_POWER_AUTO;
6066 
6067 #ifdef CONFIG_IPW2100_MONITOR
6068 	priv->config |= CFG_CRC_CHECK;
6069 #endif
6070 	priv->ieee->wpa_enabled = 0;
6071 	priv->ieee->drop_unencrypted = 0;
6072 	priv->ieee->privacy_invoked = 0;
6073 	priv->ieee->ieee802_1x = 1;
6074 
6075 	/* Set module parameters */
6076 	switch (network_mode) {
6077 	case 1:
6078 		priv->ieee->iw_mode = IW_MODE_ADHOC;
6079 		break;
6080 #ifdef CONFIG_IPW2100_MONITOR
6081 	case 2:
6082 		priv->ieee->iw_mode = IW_MODE_MONITOR;
6083 		break;
6084 #endif
6085 	default:
6086 	case 0:
6087 		priv->ieee->iw_mode = IW_MODE_INFRA;
6088 		break;
6089 	}
6090 
6091 	if (disable == 1)
6092 		priv->status |= STATUS_RF_KILL_SW;
6093 
6094 	if (channel != 0 &&
6095 	    ((channel >= REG_MIN_CHANNEL) && (channel <= REG_MAX_CHANNEL))) {
6096 		priv->config |= CFG_STATIC_CHANNEL;
6097 		priv->channel = channel;
6098 	}
6099 
6100 	if (associate)
6101 		priv->config |= CFG_ASSOCIATE;
6102 
6103 	priv->beacon_interval = DEFAULT_BEACON_INTERVAL;
6104 	priv->short_retry_limit = DEFAULT_SHORT_RETRY_LIMIT;
6105 	priv->long_retry_limit = DEFAULT_LONG_RETRY_LIMIT;
6106 	priv->rts_threshold = DEFAULT_RTS_THRESHOLD | RTS_DISABLED;
6107 	priv->frag_threshold = DEFAULT_FTS | FRAG_DISABLED;
6108 	priv->tx_power = IPW_TX_POWER_DEFAULT;
6109 	priv->tx_rates = DEFAULT_TX_RATES;
6110 
6111 	strcpy(priv->nick, "ipw2100");
6112 
6113 	spin_lock_init(&priv->low_lock);
6114 	mutex_init(&priv->action_mutex);
6115 	mutex_init(&priv->adapter_mutex);
6116 
6117 	init_waitqueue_head(&priv->wait_command_queue);
6118 
6119 	netif_carrier_off(dev);
6120 
6121 	INIT_LIST_HEAD(&priv->msg_free_list);
6122 	INIT_LIST_HEAD(&priv->msg_pend_list);
6123 	INIT_STAT(&priv->msg_free_stat);
6124 	INIT_STAT(&priv->msg_pend_stat);
6125 
6126 	INIT_LIST_HEAD(&priv->tx_free_list);
6127 	INIT_LIST_HEAD(&priv->tx_pend_list);
6128 	INIT_STAT(&priv->tx_free_stat);
6129 	INIT_STAT(&priv->tx_pend_stat);
6130 
6131 	INIT_LIST_HEAD(&priv->fw_pend_list);
6132 	INIT_STAT(&priv->fw_pend_stat);
6133 
6134 	INIT_DELAYED_WORK(&priv->reset_work, ipw2100_reset_adapter);
6135 	INIT_DELAYED_WORK(&priv->security_work, ipw2100_security_work);
6136 	INIT_DELAYED_WORK(&priv->wx_event_work, ipw2100_wx_event_work);
6137 	INIT_DELAYED_WORK(&priv->hang_check, ipw2100_hang_check);
6138 	INIT_DELAYED_WORK(&priv->rf_kill, ipw2100_rf_kill);
6139 	INIT_DELAYED_WORK(&priv->scan_event, ipw2100_scan_event);
6140 
6141 	tasklet_init(&priv->irq_tasklet,
6142 		     ipw2100_irq_tasklet, (unsigned long)priv);
6143 
6144 	/* NOTE:  We do not start the deferred work for status checks yet */
6145 	priv->stop_rf_kill = 1;
6146 	priv->stop_hang_check = 1;
6147 
6148 	return dev;
6149 }
6150 
6151 static int ipw2100_pci_init_one(struct pci_dev *pci_dev,
6152 				const struct pci_device_id *ent)
6153 {
6154 	void __iomem *ioaddr;
6155 	struct net_device *dev = NULL;
6156 	struct ipw2100_priv *priv = NULL;
6157 	int err = 0;
6158 	int registered = 0;
6159 	u32 val;
6160 
6161 	IPW_DEBUG_INFO("enter\n");
6162 
6163 	if (!(pci_resource_flags(pci_dev, 0) & IORESOURCE_MEM)) {
6164 		IPW_DEBUG_INFO("weird - resource type is not memory\n");
6165 		err = -ENODEV;
6166 		goto out;
6167 	}
6168 
6169 	ioaddr = pci_iomap(pci_dev, 0, 0);
6170 	if (!ioaddr) {
6171 		printk(KERN_WARNING DRV_NAME
6172 		       "Error calling ioremap.\n");
6173 		err = -EIO;
6174 		goto fail;
6175 	}
6176 
6177 	/* allocate and initialize our net_device */
6178 	dev = ipw2100_alloc_device(pci_dev, ioaddr);
6179 	if (!dev) {
6180 		printk(KERN_WARNING DRV_NAME
6181 		       "Error calling ipw2100_alloc_device.\n");
6182 		err = -ENOMEM;
6183 		goto fail;
6184 	}
6185 
6186 	/* set up PCI mappings for device */
6187 	err = pci_enable_device(pci_dev);
6188 	if (err) {
6189 		printk(KERN_WARNING DRV_NAME
6190 		       "Error calling pci_enable_device.\n");
6191 		return err;
6192 	}
6193 
6194 	priv = libipw_priv(dev);
6195 
6196 	pci_set_master(pci_dev);
6197 	pci_set_drvdata(pci_dev, priv);
6198 
6199 	err = pci_set_dma_mask(pci_dev, DMA_BIT_MASK(32));
6200 	if (err) {
6201 		printk(KERN_WARNING DRV_NAME
6202 		       "Error calling pci_set_dma_mask.\n");
6203 		pci_disable_device(pci_dev);
6204 		return err;
6205 	}
6206 
6207 	err = pci_request_regions(pci_dev, DRV_NAME);
6208 	if (err) {
6209 		printk(KERN_WARNING DRV_NAME
6210 		       "Error calling pci_request_regions.\n");
6211 		pci_disable_device(pci_dev);
6212 		return err;
6213 	}
6214 
6215 	/* We disable the RETRY_TIMEOUT register (0x41) to keep
6216 	 * PCI Tx retries from interfering with C3 CPU state */
6217 	pci_read_config_dword(pci_dev, 0x40, &val);
6218 	if ((val & 0x0000ff00) != 0)
6219 		pci_write_config_dword(pci_dev, 0x40, val & 0xffff00ff);
6220 
6221 	if (!ipw2100_hw_is_adapter_in_system(dev)) {
6222 		printk(KERN_WARNING DRV_NAME
6223 		       "Device not found via register read.\n");
6224 		err = -ENODEV;
6225 		goto fail;
6226 	}
6227 
6228 	SET_NETDEV_DEV(dev, &pci_dev->dev);
6229 
6230 	/* Force interrupts to be shut off on the device */
6231 	priv->status |= STATUS_INT_ENABLED;
6232 	ipw2100_disable_interrupts(priv);
6233 
6234 	/* Allocate and initialize the Tx/Rx queues and lists */
6235 	if (ipw2100_queues_allocate(priv)) {
6236 		printk(KERN_WARNING DRV_NAME
6237 		       "Error calling ipw2100_queues_allocate.\n");
6238 		err = -ENOMEM;
6239 		goto fail;
6240 	}
6241 	ipw2100_queues_initialize(priv);
6242 
6243 	err = request_irq(pci_dev->irq,
6244 			  ipw2100_interrupt, IRQF_SHARED, dev->name, priv);
6245 	if (err) {
6246 		printk(KERN_WARNING DRV_NAME
6247 		       "Error calling request_irq: %d.\n", pci_dev->irq);
6248 		goto fail;
6249 	}
6250 	dev->irq = pci_dev->irq;
6251 
6252 	IPW_DEBUG_INFO("Attempting to register device...\n");
6253 
6254 	printk(KERN_INFO DRV_NAME
6255 	       ": Detected Intel PRO/Wireless 2100 Network Connection\n");
6256 
6257 	err = ipw2100_up(priv, 1);
6258 	if (err)
6259 		goto fail;
6260 
6261 	err = ipw2100_wdev_init(dev);
6262 	if (err)
6263 		goto fail;
6264 	registered = 1;
6265 
6266 	/* Bring up the interface.  Pre 0.46, after we registered the
6267 	 * network device we would call ipw2100_up.  This introduced a race
6268 	 * condition with newer hotplug configurations (network was coming
6269 	 * up and making calls before the device was initialized).
6270 	 */
6271 	err = register_netdev(dev);
6272 	if (err) {
6273 		printk(KERN_WARNING DRV_NAME
6274 		       "Error calling register_netdev.\n");
6275 		goto fail;
6276 	}
6277 	registered = 2;
6278 
6279 	mutex_lock(&priv->action_mutex);
6280 
6281 	IPW_DEBUG_INFO("%s: Bound to %s\n", dev->name, pci_name(pci_dev));
6282 
6283 	/* perform this after register_netdev so that dev->name is set */
6284 	err = sysfs_create_group(&pci_dev->dev.kobj, &ipw2100_attribute_group);
6285 	if (err)
6286 		goto fail_unlock;
6287 
6288 	/* If the RF Kill switch is disabled, go ahead and complete the
6289 	 * startup sequence */
6290 	if (!(priv->status & STATUS_RF_KILL_MASK)) {
6291 		/* Enable the adapter - sends HOST_COMPLETE */
6292 		if (ipw2100_enable_adapter(priv)) {
6293 			printk(KERN_WARNING DRV_NAME
6294 			       ": %s: failed in call to enable adapter.\n",
6295 			       priv->net_dev->name);
6296 			ipw2100_hw_stop_adapter(priv);
6297 			err = -EIO;
6298 			goto fail_unlock;
6299 		}
6300 
6301 		/* Start a scan . . . */
6302 		ipw2100_set_scan_options(priv);
6303 		ipw2100_start_scan(priv);
6304 	}
6305 
6306 	IPW_DEBUG_INFO("exit\n");
6307 
6308 	priv->status |= STATUS_INITIALIZED;
6309 
6310 	mutex_unlock(&priv->action_mutex);
6311 out:
6312 	return err;
6313 
6314       fail_unlock:
6315 	mutex_unlock(&priv->action_mutex);
6316       fail:
6317 	if (dev) {
6318 		if (registered >= 2)
6319 			unregister_netdev(dev);
6320 
6321 		if (registered) {
6322 			wiphy_unregister(priv->ieee->wdev.wiphy);
6323 			kfree(priv->ieee->bg_band.channels);
6324 		}
6325 
6326 		ipw2100_hw_stop_adapter(priv);
6327 
6328 		ipw2100_disable_interrupts(priv);
6329 
6330 		if (dev->irq)
6331 			free_irq(dev->irq, priv);
6332 
6333 		ipw2100_kill_works(priv);
6334 
6335 		/* These are safe to call even if they weren't allocated */
6336 		ipw2100_queues_free(priv);
6337 		sysfs_remove_group(&pci_dev->dev.kobj,
6338 				   &ipw2100_attribute_group);
6339 
6340 		free_libipw(dev, 0);
6341 	}
6342 
6343 	pci_iounmap(pci_dev, ioaddr);
6344 
6345 	pci_release_regions(pci_dev);
6346 	pci_disable_device(pci_dev);
6347 	goto out;
6348 }
6349 
6350 static void ipw2100_pci_remove_one(struct pci_dev *pci_dev)
6351 {
6352 	struct ipw2100_priv *priv = pci_get_drvdata(pci_dev);
6353 	struct net_device *dev = priv->net_dev;
6354 
6355 	mutex_lock(&priv->action_mutex);
6356 
6357 	priv->status &= ~STATUS_INITIALIZED;
6358 
6359 	sysfs_remove_group(&pci_dev->dev.kobj, &ipw2100_attribute_group);
6360 
6361 #ifdef CONFIG_PM
6362 	if (ipw2100_firmware.version)
6363 		ipw2100_release_firmware(priv, &ipw2100_firmware);
6364 #endif
6365 	/* Take down the hardware */
6366 	ipw2100_down(priv);
6367 
6368 	/* Release the mutex so that the network subsystem can
6369 	 * complete any needed calls into the driver... */
6370 	mutex_unlock(&priv->action_mutex);
6371 
6372 	/* Unregister the device first - this results in close()
6373 	 * being called if the device is open.  If we free storage
6374 	 * first, then close() will crash.
6375 	 * FIXME: remove the comment above. */
6376 	unregister_netdev(dev);
6377 
6378 	ipw2100_kill_works(priv);
6379 
6380 	ipw2100_queues_free(priv);
6381 
6382 	/* Free potential debugging firmware snapshot */
6383 	ipw2100_snapshot_free(priv);
6384 
6385 	free_irq(dev->irq, priv);
6386 
6387 	pci_iounmap(pci_dev, priv->ioaddr);
6388 
6389 	/* wiphy_unregister needs to be here, before free_libipw */
6390 	wiphy_unregister(priv->ieee->wdev.wiphy);
6391 	kfree(priv->ieee->bg_band.channels);
6392 	free_libipw(dev, 0);
6393 
6394 	pci_release_regions(pci_dev);
6395 	pci_disable_device(pci_dev);
6396 
6397 	IPW_DEBUG_INFO("exit\n");
6398 }
6399 
6400 #ifdef CONFIG_PM
6401 static int ipw2100_suspend(struct pci_dev *pci_dev, pm_message_t state)
6402 {
6403 	struct ipw2100_priv *priv = pci_get_drvdata(pci_dev);
6404 	struct net_device *dev = priv->net_dev;
6405 
6406 	IPW_DEBUG_INFO("%s: Going into suspend...\n", dev->name);
6407 
6408 	mutex_lock(&priv->action_mutex);
6409 	if (priv->status & STATUS_INITIALIZED) {
6410 		/* Take down the device; powers it off, etc. */
6411 		ipw2100_down(priv);
6412 	}
6413 
6414 	/* Remove the PRESENT state of the device */
6415 	netif_device_detach(dev);
6416 
6417 	pci_save_state(pci_dev);
6418 	pci_disable_device(pci_dev);
6419 	pci_set_power_state(pci_dev, PCI_D3hot);
6420 
6421 	priv->suspend_at = ktime_get_boottime_seconds();
6422 
6423 	mutex_unlock(&priv->action_mutex);
6424 
6425 	return 0;
6426 }
6427 
6428 static int ipw2100_resume(struct pci_dev *pci_dev)
6429 {
6430 	struct ipw2100_priv *priv = pci_get_drvdata(pci_dev);
6431 	struct net_device *dev = priv->net_dev;
6432 	int err;
6433 	u32 val;
6434 
6435 	if (IPW2100_PM_DISABLED)
6436 		return 0;
6437 
6438 	mutex_lock(&priv->action_mutex);
6439 
6440 	IPW_DEBUG_INFO("%s: Coming out of suspend...\n", dev->name);
6441 
6442 	pci_set_power_state(pci_dev, PCI_D0);
6443 	err = pci_enable_device(pci_dev);
6444 	if (err) {
6445 		printk(KERN_ERR "%s: pci_enable_device failed on resume\n",
6446 		       dev->name);
6447 		mutex_unlock(&priv->action_mutex);
6448 		return err;
6449 	}
6450 	pci_restore_state(pci_dev);
6451 
6452 	/*
6453 	 * Suspend/Resume resets the PCI configuration space, so we have to
6454 	 * re-disable the RETRY_TIMEOUT register (0x41) to keep PCI Tx retries
6455 	 * from interfering with C3 CPU state. pci_restore_state won't help
6456 	 * here since it only restores the first 64 bytes pci config header.
6457 	 */
6458 	pci_read_config_dword(pci_dev, 0x40, &val);
6459 	if ((val & 0x0000ff00) != 0)
6460 		pci_write_config_dword(pci_dev, 0x40, val & 0xffff00ff);
6461 
6462 	/* Set the device back into the PRESENT state; this will also wake
6463 	 * the queue of needed */
6464 	netif_device_attach(dev);
6465 
6466 	priv->suspend_time = ktime_get_boottime_seconds() - priv->suspend_at;
6467 
6468 	/* Bring the device back up */
6469 	if (!(priv->status & STATUS_RF_KILL_SW))
6470 		ipw2100_up(priv, 0);
6471 
6472 	mutex_unlock(&priv->action_mutex);
6473 
6474 	return 0;
6475 }
6476 #endif
6477 
6478 static void ipw2100_shutdown(struct pci_dev *pci_dev)
6479 {
6480 	struct ipw2100_priv *priv = pci_get_drvdata(pci_dev);
6481 
6482 	/* Take down the device; powers it off, etc. */
6483 	ipw2100_down(priv);
6484 
6485 	pci_disable_device(pci_dev);
6486 }
6487 
6488 #define IPW2100_DEV_ID(x) { PCI_VENDOR_ID_INTEL, 0x1043, 0x8086, x }
6489 
6490 static const struct pci_device_id ipw2100_pci_id_table[] = {
6491 	IPW2100_DEV_ID(0x2520),	/* IN 2100A mPCI 3A */
6492 	IPW2100_DEV_ID(0x2521),	/* IN 2100A mPCI 3B */
6493 	IPW2100_DEV_ID(0x2524),	/* IN 2100A mPCI 3B */
6494 	IPW2100_DEV_ID(0x2525),	/* IN 2100A mPCI 3B */
6495 	IPW2100_DEV_ID(0x2526),	/* IN 2100A mPCI Gen A3 */
6496 	IPW2100_DEV_ID(0x2522),	/* IN 2100 mPCI 3B */
6497 	IPW2100_DEV_ID(0x2523),	/* IN 2100 mPCI 3A */
6498 	IPW2100_DEV_ID(0x2527),	/* IN 2100 mPCI 3B */
6499 	IPW2100_DEV_ID(0x2528),	/* IN 2100 mPCI 3B */
6500 	IPW2100_DEV_ID(0x2529),	/* IN 2100 mPCI 3B */
6501 	IPW2100_DEV_ID(0x252B),	/* IN 2100 mPCI 3A */
6502 	IPW2100_DEV_ID(0x252C),	/* IN 2100 mPCI 3A */
6503 	IPW2100_DEV_ID(0x252D),	/* IN 2100 mPCI 3A */
6504 
6505 	IPW2100_DEV_ID(0x2550),	/* IB 2100A mPCI 3B */
6506 	IPW2100_DEV_ID(0x2551),	/* IB 2100 mPCI 3B */
6507 	IPW2100_DEV_ID(0x2553),	/* IB 2100 mPCI 3B */
6508 	IPW2100_DEV_ID(0x2554),	/* IB 2100 mPCI 3B */
6509 	IPW2100_DEV_ID(0x2555),	/* IB 2100 mPCI 3B */
6510 
6511 	IPW2100_DEV_ID(0x2560),	/* DE 2100A mPCI 3A */
6512 	IPW2100_DEV_ID(0x2562),	/* DE 2100A mPCI 3A */
6513 	IPW2100_DEV_ID(0x2563),	/* DE 2100A mPCI 3A */
6514 	IPW2100_DEV_ID(0x2561),	/* DE 2100 mPCI 3A */
6515 	IPW2100_DEV_ID(0x2565),	/* DE 2100 mPCI 3A */
6516 	IPW2100_DEV_ID(0x2566),	/* DE 2100 mPCI 3A */
6517 	IPW2100_DEV_ID(0x2567),	/* DE 2100 mPCI 3A */
6518 
6519 	IPW2100_DEV_ID(0x2570),	/* GA 2100 mPCI 3B */
6520 
6521 	IPW2100_DEV_ID(0x2580),	/* TO 2100A mPCI 3B */
6522 	IPW2100_DEV_ID(0x2582),	/* TO 2100A mPCI 3B */
6523 	IPW2100_DEV_ID(0x2583),	/* TO 2100A mPCI 3B */
6524 	IPW2100_DEV_ID(0x2581),	/* TO 2100 mPCI 3B */
6525 	IPW2100_DEV_ID(0x2585),	/* TO 2100 mPCI 3B */
6526 	IPW2100_DEV_ID(0x2586),	/* TO 2100 mPCI 3B */
6527 	IPW2100_DEV_ID(0x2587),	/* TO 2100 mPCI 3B */
6528 
6529 	IPW2100_DEV_ID(0x2590),	/* SO 2100A mPCI 3B */
6530 	IPW2100_DEV_ID(0x2592),	/* SO 2100A mPCI 3B */
6531 	IPW2100_DEV_ID(0x2591),	/* SO 2100 mPCI 3B */
6532 	IPW2100_DEV_ID(0x2593),	/* SO 2100 mPCI 3B */
6533 	IPW2100_DEV_ID(0x2596),	/* SO 2100 mPCI 3B */
6534 	IPW2100_DEV_ID(0x2598),	/* SO 2100 mPCI 3B */
6535 
6536 	IPW2100_DEV_ID(0x25A0),	/* HP 2100 mPCI 3B */
6537 	{0,},
6538 };
6539 
6540 MODULE_DEVICE_TABLE(pci, ipw2100_pci_id_table);
6541 
6542 static struct pci_driver ipw2100_pci_driver = {
6543 	.name = DRV_NAME,
6544 	.id_table = ipw2100_pci_id_table,
6545 	.probe = ipw2100_pci_init_one,
6546 	.remove = ipw2100_pci_remove_one,
6547 #ifdef CONFIG_PM
6548 	.suspend = ipw2100_suspend,
6549 	.resume = ipw2100_resume,
6550 #endif
6551 	.shutdown = ipw2100_shutdown,
6552 };
6553 
6554 /**
6555  * Initialize the ipw2100 driver/module
6556  *
6557  * @returns 0 if ok, < 0 errno node con error.
6558  *
6559  * Note: we cannot init the /proc stuff until the PCI driver is there,
6560  * or we risk an unlikely race condition on someone accessing
6561  * uninitialized data in the PCI dev struct through /proc.
6562  */
6563 static int __init ipw2100_init(void)
6564 {
6565 	int ret;
6566 
6567 	printk(KERN_INFO DRV_NAME ": %s, %s\n", DRV_DESCRIPTION, DRV_VERSION);
6568 	printk(KERN_INFO DRV_NAME ": %s\n", DRV_COPYRIGHT);
6569 
6570 	cpu_latency_qos_add_request(&ipw2100_pm_qos_req, PM_QOS_DEFAULT_VALUE);
6571 
6572 	ret = pci_register_driver(&ipw2100_pci_driver);
6573 	if (ret)
6574 		goto out;
6575 
6576 #ifdef CONFIG_IPW2100_DEBUG
6577 	ipw2100_debug_level = debug;
6578 	ret = driver_create_file(&ipw2100_pci_driver.driver,
6579 				 &driver_attr_debug_level);
6580 #endif
6581 
6582 out:
6583 	return ret;
6584 }
6585 
6586 /**
6587  * Cleanup ipw2100 driver registration
6588  */
6589 static void __exit ipw2100_exit(void)
6590 {
6591 	/* FIXME: IPG: check that we have no instances of the devices open */
6592 #ifdef CONFIG_IPW2100_DEBUG
6593 	driver_remove_file(&ipw2100_pci_driver.driver,
6594 			   &driver_attr_debug_level);
6595 #endif
6596 	pci_unregister_driver(&ipw2100_pci_driver);
6597 	cpu_latency_qos_remove_request(&ipw2100_pm_qos_req);
6598 }
6599 
6600 module_init(ipw2100_init);
6601 module_exit(ipw2100_exit);
6602 
6603 static int ipw2100_wx_get_name(struct net_device *dev,
6604 			       struct iw_request_info *info,
6605 			       union iwreq_data *wrqu, char *extra)
6606 {
6607 	/*
6608 	 * This can be called at any time.  No action lock required
6609 	 */
6610 
6611 	struct ipw2100_priv *priv = libipw_priv(dev);
6612 	if (!(priv->status & STATUS_ASSOCIATED))
6613 		strcpy(wrqu->name, "unassociated");
6614 	else
6615 		snprintf(wrqu->name, IFNAMSIZ, "IEEE 802.11b");
6616 
6617 	IPW_DEBUG_WX("Name: %s\n", wrqu->name);
6618 	return 0;
6619 }
6620 
6621 static int ipw2100_wx_set_freq(struct net_device *dev,
6622 			       struct iw_request_info *info,
6623 			       union iwreq_data *wrqu, char *extra)
6624 {
6625 	struct ipw2100_priv *priv = libipw_priv(dev);
6626 	struct iw_freq *fwrq = &wrqu->freq;
6627 	int err = 0;
6628 
6629 	if (priv->ieee->iw_mode == IW_MODE_INFRA)
6630 		return -EOPNOTSUPP;
6631 
6632 	mutex_lock(&priv->action_mutex);
6633 	if (!(priv->status & STATUS_INITIALIZED)) {
6634 		err = -EIO;
6635 		goto done;
6636 	}
6637 
6638 	/* if setting by freq convert to channel */
6639 	if (fwrq->e == 1) {
6640 		if ((fwrq->m >= (int)2.412e8 && fwrq->m <= (int)2.487e8)) {
6641 			int f = fwrq->m / 100000;
6642 			int c = 0;
6643 
6644 			while ((c < REG_MAX_CHANNEL) &&
6645 			       (f != ipw2100_frequencies[c]))
6646 				c++;
6647 
6648 			/* hack to fall through */
6649 			fwrq->e = 0;
6650 			fwrq->m = c + 1;
6651 		}
6652 	}
6653 
6654 	if (fwrq->e > 0 || fwrq->m > 1000) {
6655 		err = -EOPNOTSUPP;
6656 		goto done;
6657 	} else {		/* Set the channel */
6658 		IPW_DEBUG_WX("SET Freq/Channel -> %d\n", fwrq->m);
6659 		err = ipw2100_set_channel(priv, fwrq->m, 0);
6660 	}
6661 
6662       done:
6663 	mutex_unlock(&priv->action_mutex);
6664 	return err;
6665 }
6666 
6667 static int ipw2100_wx_get_freq(struct net_device *dev,
6668 			       struct iw_request_info *info,
6669 			       union iwreq_data *wrqu, char *extra)
6670 {
6671 	/*
6672 	 * This can be called at any time.  No action lock required
6673 	 */
6674 
6675 	struct ipw2100_priv *priv = libipw_priv(dev);
6676 
6677 	wrqu->freq.e = 0;
6678 
6679 	/* If we are associated, trying to associate, or have a statically
6680 	 * configured CHANNEL then return that; otherwise return ANY */
6681 	if (priv->config & CFG_STATIC_CHANNEL ||
6682 	    priv->status & STATUS_ASSOCIATED)
6683 		wrqu->freq.m = priv->channel;
6684 	else
6685 		wrqu->freq.m = 0;
6686 
6687 	IPW_DEBUG_WX("GET Freq/Channel -> %d\n", priv->channel);
6688 	return 0;
6689 
6690 }
6691 
6692 static int ipw2100_wx_set_mode(struct net_device *dev,
6693 			       struct iw_request_info *info,
6694 			       union iwreq_data *wrqu, char *extra)
6695 {
6696 	struct ipw2100_priv *priv = libipw_priv(dev);
6697 	int err = 0;
6698 
6699 	IPW_DEBUG_WX("SET Mode -> %d\n", wrqu->mode);
6700 
6701 	if (wrqu->mode == priv->ieee->iw_mode)
6702 		return 0;
6703 
6704 	mutex_lock(&priv->action_mutex);
6705 	if (!(priv->status & STATUS_INITIALIZED)) {
6706 		err = -EIO;
6707 		goto done;
6708 	}
6709 
6710 	switch (wrqu->mode) {
6711 #ifdef CONFIG_IPW2100_MONITOR
6712 	case IW_MODE_MONITOR:
6713 		err = ipw2100_switch_mode(priv, IW_MODE_MONITOR);
6714 		break;
6715 #endif				/* CONFIG_IPW2100_MONITOR */
6716 	case IW_MODE_ADHOC:
6717 		err = ipw2100_switch_mode(priv, IW_MODE_ADHOC);
6718 		break;
6719 	case IW_MODE_INFRA:
6720 	case IW_MODE_AUTO:
6721 	default:
6722 		err = ipw2100_switch_mode(priv, IW_MODE_INFRA);
6723 		break;
6724 	}
6725 
6726       done:
6727 	mutex_unlock(&priv->action_mutex);
6728 	return err;
6729 }
6730 
6731 static int ipw2100_wx_get_mode(struct net_device *dev,
6732 			       struct iw_request_info *info,
6733 			       union iwreq_data *wrqu, char *extra)
6734 {
6735 	/*
6736 	 * This can be called at any time.  No action lock required
6737 	 */
6738 
6739 	struct ipw2100_priv *priv = libipw_priv(dev);
6740 
6741 	wrqu->mode = priv->ieee->iw_mode;
6742 	IPW_DEBUG_WX("GET Mode -> %d\n", wrqu->mode);
6743 
6744 	return 0;
6745 }
6746 
6747 #define POWER_MODES 5
6748 
6749 /* Values are in microsecond */
6750 static const s32 timeout_duration[POWER_MODES] = {
6751 	350000,
6752 	250000,
6753 	75000,
6754 	37000,
6755 	25000,
6756 };
6757 
6758 static const s32 period_duration[POWER_MODES] = {
6759 	400000,
6760 	700000,
6761 	1000000,
6762 	1000000,
6763 	1000000
6764 };
6765 
6766 static int ipw2100_wx_get_range(struct net_device *dev,
6767 				struct iw_request_info *info,
6768 				union iwreq_data *wrqu, char *extra)
6769 {
6770 	/*
6771 	 * This can be called at any time.  No action lock required
6772 	 */
6773 
6774 	struct ipw2100_priv *priv = libipw_priv(dev);
6775 	struct iw_range *range = (struct iw_range *)extra;
6776 	u16 val;
6777 	int i, level;
6778 
6779 	wrqu->data.length = sizeof(*range);
6780 	memset(range, 0, sizeof(*range));
6781 
6782 	/* Let's try to keep this struct in the same order as in
6783 	 * linux/include/wireless.h
6784 	 */
6785 
6786 	/* TODO: See what values we can set, and remove the ones we can't
6787 	 * set, or fill them with some default data.
6788 	 */
6789 
6790 	/* ~5 Mb/s real (802.11b) */
6791 	range->throughput = 5 * 1000 * 1000;
6792 
6793 //      range->sensitivity;     /* signal level threshold range */
6794 
6795 	range->max_qual.qual = 100;
6796 	/* TODO: Find real max RSSI and stick here */
6797 	range->max_qual.level = 0;
6798 	range->max_qual.noise = 0;
6799 	range->max_qual.updated = 7;	/* Updated all three */
6800 
6801 	range->avg_qual.qual = 70;	/* > 8% missed beacons is 'bad' */
6802 	/* TODO: Find real 'good' to 'bad' threshold value for RSSI */
6803 	range->avg_qual.level = 20 + IPW2100_RSSI_TO_DBM;
6804 	range->avg_qual.noise = 0;
6805 	range->avg_qual.updated = 7;	/* Updated all three */
6806 
6807 	range->num_bitrates = RATE_COUNT;
6808 
6809 	for (i = 0; i < RATE_COUNT && i < IW_MAX_BITRATES; i++) {
6810 		range->bitrate[i] = ipw2100_bg_rates[i].bitrate * 100 * 1000;
6811 	}
6812 
6813 	range->min_rts = MIN_RTS_THRESHOLD;
6814 	range->max_rts = MAX_RTS_THRESHOLD;
6815 	range->min_frag = MIN_FRAG_THRESHOLD;
6816 	range->max_frag = MAX_FRAG_THRESHOLD;
6817 
6818 	range->min_pmp = period_duration[0];	/* Minimal PM period */
6819 	range->max_pmp = period_duration[POWER_MODES - 1];	/* Maximal PM period */
6820 	range->min_pmt = timeout_duration[POWER_MODES - 1];	/* Minimal PM timeout */
6821 	range->max_pmt = timeout_duration[0];	/* Maximal PM timeout */
6822 
6823 	/* How to decode max/min PM period */
6824 	range->pmp_flags = IW_POWER_PERIOD;
6825 	/* How to decode max/min PM period */
6826 	range->pmt_flags = IW_POWER_TIMEOUT;
6827 	/* What PM options are supported */
6828 	range->pm_capa = IW_POWER_TIMEOUT | IW_POWER_PERIOD;
6829 
6830 	range->encoding_size[0] = 5;
6831 	range->encoding_size[1] = 13;	/* Different token sizes */
6832 	range->num_encoding_sizes = 2;	/* Number of entry in the list */
6833 	range->max_encoding_tokens = WEP_KEYS;	/* Max number of tokens */
6834 //      range->encoding_login_index;            /* token index for login token */
6835 
6836 	if (priv->ieee->iw_mode == IW_MODE_ADHOC) {
6837 		range->txpower_capa = IW_TXPOW_DBM;
6838 		range->num_txpower = IW_MAX_TXPOWER;
6839 		for (i = 0, level = (IPW_TX_POWER_MAX_DBM * 16);
6840 		     i < IW_MAX_TXPOWER;
6841 		     i++, level -=
6842 		     ((IPW_TX_POWER_MAX_DBM -
6843 		       IPW_TX_POWER_MIN_DBM) * 16) / (IW_MAX_TXPOWER - 1))
6844 			range->txpower[i] = level / 16;
6845 	} else {
6846 		range->txpower_capa = 0;
6847 		range->num_txpower = 0;
6848 	}
6849 
6850 	/* Set the Wireless Extension versions */
6851 	range->we_version_compiled = WIRELESS_EXT;
6852 	range->we_version_source = 18;
6853 
6854 //      range->retry_capa;      /* What retry options are supported */
6855 //      range->retry_flags;     /* How to decode max/min retry limit */
6856 //      range->r_time_flags;    /* How to decode max/min retry life */
6857 //      range->min_retry;       /* Minimal number of retries */
6858 //      range->max_retry;       /* Maximal number of retries */
6859 //      range->min_r_time;      /* Minimal retry lifetime */
6860 //      range->max_r_time;      /* Maximal retry lifetime */
6861 
6862 	range->num_channels = FREQ_COUNT;
6863 
6864 	val = 0;
6865 	for (i = 0; i < FREQ_COUNT; i++) {
6866 		// TODO: Include only legal frequencies for some countries
6867 //              if (local->channel_mask & (1 << i)) {
6868 		range->freq[val].i = i + 1;
6869 		range->freq[val].m = ipw2100_frequencies[i] * 100000;
6870 		range->freq[val].e = 1;
6871 		val++;
6872 //              }
6873 		if (val == IW_MAX_FREQUENCIES)
6874 			break;
6875 	}
6876 	range->num_frequency = val;
6877 
6878 	/* Event capability (kernel + driver) */
6879 	range->event_capa[0] = (IW_EVENT_CAPA_K_0 |
6880 				IW_EVENT_CAPA_MASK(SIOCGIWAP));
6881 	range->event_capa[1] = IW_EVENT_CAPA_K_1;
6882 
6883 	range->enc_capa = IW_ENC_CAPA_WPA | IW_ENC_CAPA_WPA2 |
6884 		IW_ENC_CAPA_CIPHER_TKIP | IW_ENC_CAPA_CIPHER_CCMP;
6885 
6886 	IPW_DEBUG_WX("GET Range\n");
6887 
6888 	return 0;
6889 }
6890 
6891 static int ipw2100_wx_set_wap(struct net_device *dev,
6892 			      struct iw_request_info *info,
6893 			      union iwreq_data *wrqu, char *extra)
6894 {
6895 	struct ipw2100_priv *priv = libipw_priv(dev);
6896 	int err = 0;
6897 
6898 	// sanity checks
6899 	if (wrqu->ap_addr.sa_family != ARPHRD_ETHER)
6900 		return -EINVAL;
6901 
6902 	mutex_lock(&priv->action_mutex);
6903 	if (!(priv->status & STATUS_INITIALIZED)) {
6904 		err = -EIO;
6905 		goto done;
6906 	}
6907 
6908 	if (is_broadcast_ether_addr(wrqu->ap_addr.sa_data) ||
6909 	    is_zero_ether_addr(wrqu->ap_addr.sa_data)) {
6910 		/* we disable mandatory BSSID association */
6911 		IPW_DEBUG_WX("exit - disable mandatory BSSID\n");
6912 		priv->config &= ~CFG_STATIC_BSSID;
6913 		err = ipw2100_set_mandatory_bssid(priv, NULL, 0);
6914 		goto done;
6915 	}
6916 
6917 	priv->config |= CFG_STATIC_BSSID;
6918 	memcpy(priv->mandatory_bssid_mac, wrqu->ap_addr.sa_data, ETH_ALEN);
6919 
6920 	err = ipw2100_set_mandatory_bssid(priv, wrqu->ap_addr.sa_data, 0);
6921 
6922 	IPW_DEBUG_WX("SET BSSID -> %pM\n", wrqu->ap_addr.sa_data);
6923 
6924       done:
6925 	mutex_unlock(&priv->action_mutex);
6926 	return err;
6927 }
6928 
6929 static int ipw2100_wx_get_wap(struct net_device *dev,
6930 			      struct iw_request_info *info,
6931 			      union iwreq_data *wrqu, char *extra)
6932 {
6933 	/*
6934 	 * This can be called at any time.  No action lock required
6935 	 */
6936 
6937 	struct ipw2100_priv *priv = libipw_priv(dev);
6938 
6939 	/* If we are associated, trying to associate, or have a statically
6940 	 * configured BSSID then return that; otherwise return ANY */
6941 	if (priv->config & CFG_STATIC_BSSID || priv->status & STATUS_ASSOCIATED) {
6942 		wrqu->ap_addr.sa_family = ARPHRD_ETHER;
6943 		memcpy(wrqu->ap_addr.sa_data, priv->bssid, ETH_ALEN);
6944 	} else
6945 		eth_zero_addr(wrqu->ap_addr.sa_data);
6946 
6947 	IPW_DEBUG_WX("Getting WAP BSSID: %pM\n", wrqu->ap_addr.sa_data);
6948 	return 0;
6949 }
6950 
6951 static int ipw2100_wx_set_essid(struct net_device *dev,
6952 				struct iw_request_info *info,
6953 				union iwreq_data *wrqu, char *extra)
6954 {
6955 	struct ipw2100_priv *priv = libipw_priv(dev);
6956 	char *essid = "";	/* ANY */
6957 	int length = 0;
6958 	int err = 0;
6959 
6960 	mutex_lock(&priv->action_mutex);
6961 	if (!(priv->status & STATUS_INITIALIZED)) {
6962 		err = -EIO;
6963 		goto done;
6964 	}
6965 
6966 	if (wrqu->essid.flags && wrqu->essid.length) {
6967 		length = wrqu->essid.length;
6968 		essid = extra;
6969 	}
6970 
6971 	if (length == 0) {
6972 		IPW_DEBUG_WX("Setting ESSID to ANY\n");
6973 		priv->config &= ~CFG_STATIC_ESSID;
6974 		err = ipw2100_set_essid(priv, NULL, 0, 0);
6975 		goto done;
6976 	}
6977 
6978 	length = min(length, IW_ESSID_MAX_SIZE);
6979 
6980 	priv->config |= CFG_STATIC_ESSID;
6981 
6982 	if (priv->essid_len == length && !memcmp(priv->essid, extra, length)) {
6983 		IPW_DEBUG_WX("ESSID set to current ESSID.\n");
6984 		err = 0;
6985 		goto done;
6986 	}
6987 
6988 	IPW_DEBUG_WX("Setting ESSID: '%*pE' (%d)\n", length, essid, length);
6989 
6990 	priv->essid_len = length;
6991 	memcpy(priv->essid, essid, priv->essid_len);
6992 
6993 	err = ipw2100_set_essid(priv, essid, length, 0);
6994 
6995       done:
6996 	mutex_unlock(&priv->action_mutex);
6997 	return err;
6998 }
6999 
7000 static int ipw2100_wx_get_essid(struct net_device *dev,
7001 				struct iw_request_info *info,
7002 				union iwreq_data *wrqu, char *extra)
7003 {
7004 	/*
7005 	 * This can be called at any time.  No action lock required
7006 	 */
7007 
7008 	struct ipw2100_priv *priv = libipw_priv(dev);
7009 
7010 	/* If we are associated, trying to associate, or have a statically
7011 	 * configured ESSID then return that; otherwise return ANY */
7012 	if (priv->config & CFG_STATIC_ESSID || priv->status & STATUS_ASSOCIATED) {
7013 		IPW_DEBUG_WX("Getting essid: '%*pE'\n",
7014 			     priv->essid_len, priv->essid);
7015 		memcpy(extra, priv->essid, priv->essid_len);
7016 		wrqu->essid.length = priv->essid_len;
7017 		wrqu->essid.flags = 1;	/* active */
7018 	} else {
7019 		IPW_DEBUG_WX("Getting essid: ANY\n");
7020 		wrqu->essid.length = 0;
7021 		wrqu->essid.flags = 0;	/* active */
7022 	}
7023 
7024 	return 0;
7025 }
7026 
7027 static int ipw2100_wx_set_nick(struct net_device *dev,
7028 			       struct iw_request_info *info,
7029 			       union iwreq_data *wrqu, char *extra)
7030 {
7031 	/*
7032 	 * This can be called at any time.  No action lock required
7033 	 */
7034 
7035 	struct ipw2100_priv *priv = libipw_priv(dev);
7036 
7037 	if (wrqu->data.length > IW_ESSID_MAX_SIZE)
7038 		return -E2BIG;
7039 
7040 	wrqu->data.length = min_t(size_t, wrqu->data.length, sizeof(priv->nick));
7041 	memset(priv->nick, 0, sizeof(priv->nick));
7042 	memcpy(priv->nick, extra, wrqu->data.length);
7043 
7044 	IPW_DEBUG_WX("SET Nickname -> %s\n", priv->nick);
7045 
7046 	return 0;
7047 }
7048 
7049 static int ipw2100_wx_get_nick(struct net_device *dev,
7050 			       struct iw_request_info *info,
7051 			       union iwreq_data *wrqu, char *extra)
7052 {
7053 	/*
7054 	 * This can be called at any time.  No action lock required
7055 	 */
7056 
7057 	struct ipw2100_priv *priv = libipw_priv(dev);
7058 
7059 	wrqu->data.length = strlen(priv->nick);
7060 	memcpy(extra, priv->nick, wrqu->data.length);
7061 	wrqu->data.flags = 1;	/* active */
7062 
7063 	IPW_DEBUG_WX("GET Nickname -> %s\n", extra);
7064 
7065 	return 0;
7066 }
7067 
7068 static int ipw2100_wx_set_rate(struct net_device *dev,
7069 			       struct iw_request_info *info,
7070 			       union iwreq_data *wrqu, char *extra)
7071 {
7072 	struct ipw2100_priv *priv = libipw_priv(dev);
7073 	u32 target_rate = wrqu->bitrate.value;
7074 	u32 rate;
7075 	int err = 0;
7076 
7077 	mutex_lock(&priv->action_mutex);
7078 	if (!(priv->status & STATUS_INITIALIZED)) {
7079 		err = -EIO;
7080 		goto done;
7081 	}
7082 
7083 	rate = 0;
7084 
7085 	if (target_rate == 1000000 ||
7086 	    (!wrqu->bitrate.fixed && target_rate > 1000000))
7087 		rate |= TX_RATE_1_MBIT;
7088 	if (target_rate == 2000000 ||
7089 	    (!wrqu->bitrate.fixed && target_rate > 2000000))
7090 		rate |= TX_RATE_2_MBIT;
7091 	if (target_rate == 5500000 ||
7092 	    (!wrqu->bitrate.fixed && target_rate > 5500000))
7093 		rate |= TX_RATE_5_5_MBIT;
7094 	if (target_rate == 11000000 ||
7095 	    (!wrqu->bitrate.fixed && target_rate > 11000000))
7096 		rate |= TX_RATE_11_MBIT;
7097 	if (rate == 0)
7098 		rate = DEFAULT_TX_RATES;
7099 
7100 	err = ipw2100_set_tx_rates(priv, rate, 0);
7101 
7102 	IPW_DEBUG_WX("SET Rate -> %04X\n", rate);
7103       done:
7104 	mutex_unlock(&priv->action_mutex);
7105 	return err;
7106 }
7107 
7108 static int ipw2100_wx_get_rate(struct net_device *dev,
7109 			       struct iw_request_info *info,
7110 			       union iwreq_data *wrqu, char *extra)
7111 {
7112 	struct ipw2100_priv *priv = libipw_priv(dev);
7113 	int val;
7114 	unsigned int len = sizeof(val);
7115 	int err = 0;
7116 
7117 	if (!(priv->status & STATUS_ENABLED) ||
7118 	    priv->status & STATUS_RF_KILL_MASK ||
7119 	    !(priv->status & STATUS_ASSOCIATED)) {
7120 		wrqu->bitrate.value = 0;
7121 		return 0;
7122 	}
7123 
7124 	mutex_lock(&priv->action_mutex);
7125 	if (!(priv->status & STATUS_INITIALIZED)) {
7126 		err = -EIO;
7127 		goto done;
7128 	}
7129 
7130 	err = ipw2100_get_ordinal(priv, IPW_ORD_CURRENT_TX_RATE, &val, &len);
7131 	if (err) {
7132 		IPW_DEBUG_WX("failed querying ordinals.\n");
7133 		goto done;
7134 	}
7135 
7136 	switch (val & TX_RATE_MASK) {
7137 	case TX_RATE_1_MBIT:
7138 		wrqu->bitrate.value = 1000000;
7139 		break;
7140 	case TX_RATE_2_MBIT:
7141 		wrqu->bitrate.value = 2000000;
7142 		break;
7143 	case TX_RATE_5_5_MBIT:
7144 		wrqu->bitrate.value = 5500000;
7145 		break;
7146 	case TX_RATE_11_MBIT:
7147 		wrqu->bitrate.value = 11000000;
7148 		break;
7149 	default:
7150 		wrqu->bitrate.value = 0;
7151 	}
7152 
7153 	IPW_DEBUG_WX("GET Rate -> %d\n", wrqu->bitrate.value);
7154 
7155       done:
7156 	mutex_unlock(&priv->action_mutex);
7157 	return err;
7158 }
7159 
7160 static int ipw2100_wx_set_rts(struct net_device *dev,
7161 			      struct iw_request_info *info,
7162 			      union iwreq_data *wrqu, char *extra)
7163 {
7164 	struct ipw2100_priv *priv = libipw_priv(dev);
7165 	int value, err;
7166 
7167 	/* Auto RTS not yet supported */
7168 	if (wrqu->rts.fixed == 0)
7169 		return -EINVAL;
7170 
7171 	mutex_lock(&priv->action_mutex);
7172 	if (!(priv->status & STATUS_INITIALIZED)) {
7173 		err = -EIO;
7174 		goto done;
7175 	}
7176 
7177 	if (wrqu->rts.disabled)
7178 		value = priv->rts_threshold | RTS_DISABLED;
7179 	else {
7180 		if (wrqu->rts.value < 1 || wrqu->rts.value > 2304) {
7181 			err = -EINVAL;
7182 			goto done;
7183 		}
7184 		value = wrqu->rts.value;
7185 	}
7186 
7187 	err = ipw2100_set_rts_threshold(priv, value);
7188 
7189 	IPW_DEBUG_WX("SET RTS Threshold -> 0x%08X\n", value);
7190       done:
7191 	mutex_unlock(&priv->action_mutex);
7192 	return err;
7193 }
7194 
7195 static int ipw2100_wx_get_rts(struct net_device *dev,
7196 			      struct iw_request_info *info,
7197 			      union iwreq_data *wrqu, char *extra)
7198 {
7199 	/*
7200 	 * This can be called at any time.  No action lock required
7201 	 */
7202 
7203 	struct ipw2100_priv *priv = libipw_priv(dev);
7204 
7205 	wrqu->rts.value = priv->rts_threshold & ~RTS_DISABLED;
7206 	wrqu->rts.fixed = 1;	/* no auto select */
7207 
7208 	/* If RTS is set to the default value, then it is disabled */
7209 	wrqu->rts.disabled = (priv->rts_threshold & RTS_DISABLED) ? 1 : 0;
7210 
7211 	IPW_DEBUG_WX("GET RTS Threshold -> 0x%08X\n", wrqu->rts.value);
7212 
7213 	return 0;
7214 }
7215 
7216 static int ipw2100_wx_set_txpow(struct net_device *dev,
7217 				struct iw_request_info *info,
7218 				union iwreq_data *wrqu, char *extra)
7219 {
7220 	struct ipw2100_priv *priv = libipw_priv(dev);
7221 	int err = 0, value;
7222 
7223 	if (ipw_radio_kill_sw(priv, wrqu->txpower.disabled))
7224 		return -EINPROGRESS;
7225 
7226 	if (priv->ieee->iw_mode != IW_MODE_ADHOC)
7227 		return 0;
7228 
7229 	if ((wrqu->txpower.flags & IW_TXPOW_TYPE) != IW_TXPOW_DBM)
7230 		return -EINVAL;
7231 
7232 	if (wrqu->txpower.fixed == 0)
7233 		value = IPW_TX_POWER_DEFAULT;
7234 	else {
7235 		if (wrqu->txpower.value < IPW_TX_POWER_MIN_DBM ||
7236 		    wrqu->txpower.value > IPW_TX_POWER_MAX_DBM)
7237 			return -EINVAL;
7238 
7239 		value = wrqu->txpower.value;
7240 	}
7241 
7242 	mutex_lock(&priv->action_mutex);
7243 	if (!(priv->status & STATUS_INITIALIZED)) {
7244 		err = -EIO;
7245 		goto done;
7246 	}
7247 
7248 	err = ipw2100_set_tx_power(priv, value);
7249 
7250 	IPW_DEBUG_WX("SET TX Power -> %d\n", value);
7251 
7252       done:
7253 	mutex_unlock(&priv->action_mutex);
7254 	return err;
7255 }
7256 
7257 static int ipw2100_wx_get_txpow(struct net_device *dev,
7258 				struct iw_request_info *info,
7259 				union iwreq_data *wrqu, char *extra)
7260 {
7261 	/*
7262 	 * This can be called at any time.  No action lock required
7263 	 */
7264 
7265 	struct ipw2100_priv *priv = libipw_priv(dev);
7266 
7267 	wrqu->txpower.disabled = (priv->status & STATUS_RF_KILL_MASK) ? 1 : 0;
7268 
7269 	if (priv->tx_power == IPW_TX_POWER_DEFAULT) {
7270 		wrqu->txpower.fixed = 0;
7271 		wrqu->txpower.value = IPW_TX_POWER_MAX_DBM;
7272 	} else {
7273 		wrqu->txpower.fixed = 1;
7274 		wrqu->txpower.value = priv->tx_power;
7275 	}
7276 
7277 	wrqu->txpower.flags = IW_TXPOW_DBM;
7278 
7279 	IPW_DEBUG_WX("GET TX Power -> %d\n", wrqu->txpower.value);
7280 
7281 	return 0;
7282 }
7283 
7284 static int ipw2100_wx_set_frag(struct net_device *dev,
7285 			       struct iw_request_info *info,
7286 			       union iwreq_data *wrqu, char *extra)
7287 {
7288 	/*
7289 	 * This can be called at any time.  No action lock required
7290 	 */
7291 
7292 	struct ipw2100_priv *priv = libipw_priv(dev);
7293 
7294 	if (!wrqu->frag.fixed)
7295 		return -EINVAL;
7296 
7297 	if (wrqu->frag.disabled) {
7298 		priv->frag_threshold |= FRAG_DISABLED;
7299 		priv->ieee->fts = DEFAULT_FTS;
7300 	} else {
7301 		if (wrqu->frag.value < MIN_FRAG_THRESHOLD ||
7302 		    wrqu->frag.value > MAX_FRAG_THRESHOLD)
7303 			return -EINVAL;
7304 
7305 		priv->ieee->fts = wrqu->frag.value & ~0x1;
7306 		priv->frag_threshold = priv->ieee->fts;
7307 	}
7308 
7309 	IPW_DEBUG_WX("SET Frag Threshold -> %d\n", priv->ieee->fts);
7310 
7311 	return 0;
7312 }
7313 
7314 static int ipw2100_wx_get_frag(struct net_device *dev,
7315 			       struct iw_request_info *info,
7316 			       union iwreq_data *wrqu, char *extra)
7317 {
7318 	/*
7319 	 * This can be called at any time.  No action lock required
7320 	 */
7321 
7322 	struct ipw2100_priv *priv = libipw_priv(dev);
7323 	wrqu->frag.value = priv->frag_threshold & ~FRAG_DISABLED;
7324 	wrqu->frag.fixed = 0;	/* no auto select */
7325 	wrqu->frag.disabled = (priv->frag_threshold & FRAG_DISABLED) ? 1 : 0;
7326 
7327 	IPW_DEBUG_WX("GET Frag Threshold -> %d\n", wrqu->frag.value);
7328 
7329 	return 0;
7330 }
7331 
7332 static int ipw2100_wx_set_retry(struct net_device *dev,
7333 				struct iw_request_info *info,
7334 				union iwreq_data *wrqu, char *extra)
7335 {
7336 	struct ipw2100_priv *priv = libipw_priv(dev);
7337 	int err = 0;
7338 
7339 	if (wrqu->retry.flags & IW_RETRY_LIFETIME || wrqu->retry.disabled)
7340 		return -EINVAL;
7341 
7342 	if (!(wrqu->retry.flags & IW_RETRY_LIMIT))
7343 		return 0;
7344 
7345 	mutex_lock(&priv->action_mutex);
7346 	if (!(priv->status & STATUS_INITIALIZED)) {
7347 		err = -EIO;
7348 		goto done;
7349 	}
7350 
7351 	if (wrqu->retry.flags & IW_RETRY_SHORT) {
7352 		err = ipw2100_set_short_retry(priv, wrqu->retry.value);
7353 		IPW_DEBUG_WX("SET Short Retry Limit -> %d\n",
7354 			     wrqu->retry.value);
7355 		goto done;
7356 	}
7357 
7358 	if (wrqu->retry.flags & IW_RETRY_LONG) {
7359 		err = ipw2100_set_long_retry(priv, wrqu->retry.value);
7360 		IPW_DEBUG_WX("SET Long Retry Limit -> %d\n",
7361 			     wrqu->retry.value);
7362 		goto done;
7363 	}
7364 
7365 	err = ipw2100_set_short_retry(priv, wrqu->retry.value);
7366 	if (!err)
7367 		err = ipw2100_set_long_retry(priv, wrqu->retry.value);
7368 
7369 	IPW_DEBUG_WX("SET Both Retry Limits -> %d\n", wrqu->retry.value);
7370 
7371       done:
7372 	mutex_unlock(&priv->action_mutex);
7373 	return err;
7374 }
7375 
7376 static int ipw2100_wx_get_retry(struct net_device *dev,
7377 				struct iw_request_info *info,
7378 				union iwreq_data *wrqu, char *extra)
7379 {
7380 	/*
7381 	 * This can be called at any time.  No action lock required
7382 	 */
7383 
7384 	struct ipw2100_priv *priv = libipw_priv(dev);
7385 
7386 	wrqu->retry.disabled = 0;	/* can't be disabled */
7387 
7388 	if ((wrqu->retry.flags & IW_RETRY_TYPE) == IW_RETRY_LIFETIME)
7389 		return -EINVAL;
7390 
7391 	if (wrqu->retry.flags & IW_RETRY_LONG) {
7392 		wrqu->retry.flags = IW_RETRY_LIMIT | IW_RETRY_LONG;
7393 		wrqu->retry.value = priv->long_retry_limit;
7394 	} else {
7395 		wrqu->retry.flags =
7396 		    (priv->short_retry_limit !=
7397 		     priv->long_retry_limit) ?
7398 		    IW_RETRY_LIMIT | IW_RETRY_SHORT : IW_RETRY_LIMIT;
7399 
7400 		wrqu->retry.value = priv->short_retry_limit;
7401 	}
7402 
7403 	IPW_DEBUG_WX("GET Retry -> %d\n", wrqu->retry.value);
7404 
7405 	return 0;
7406 }
7407 
7408 static int ipw2100_wx_set_scan(struct net_device *dev,
7409 			       struct iw_request_info *info,
7410 			       union iwreq_data *wrqu, char *extra)
7411 {
7412 	struct ipw2100_priv *priv = libipw_priv(dev);
7413 	int err = 0;
7414 
7415 	mutex_lock(&priv->action_mutex);
7416 	if (!(priv->status & STATUS_INITIALIZED)) {
7417 		err = -EIO;
7418 		goto done;
7419 	}
7420 
7421 	IPW_DEBUG_WX("Initiating scan...\n");
7422 
7423 	priv->user_requested_scan = 1;
7424 	if (ipw2100_set_scan_options(priv) || ipw2100_start_scan(priv)) {
7425 		IPW_DEBUG_WX("Start scan failed.\n");
7426 
7427 		/* TODO: Mark a scan as pending so when hardware initialized
7428 		 *       a scan starts */
7429 	}
7430 
7431       done:
7432 	mutex_unlock(&priv->action_mutex);
7433 	return err;
7434 }
7435 
7436 static int ipw2100_wx_get_scan(struct net_device *dev,
7437 			       struct iw_request_info *info,
7438 			       union iwreq_data *wrqu, char *extra)
7439 {
7440 	/*
7441 	 * This can be called at any time.  No action lock required
7442 	 */
7443 
7444 	struct ipw2100_priv *priv = libipw_priv(dev);
7445 	return libipw_wx_get_scan(priv->ieee, info, wrqu, extra);
7446 }
7447 
7448 /*
7449  * Implementation based on code in hostap-driver v0.1.3 hostap_ioctl.c
7450  */
7451 static int ipw2100_wx_set_encode(struct net_device *dev,
7452 				 struct iw_request_info *info,
7453 				 union iwreq_data *wrqu, char *key)
7454 {
7455 	/*
7456 	 * No check of STATUS_INITIALIZED required
7457 	 */
7458 
7459 	struct ipw2100_priv *priv = libipw_priv(dev);
7460 	return libipw_wx_set_encode(priv->ieee, info, wrqu, key);
7461 }
7462 
7463 static int ipw2100_wx_get_encode(struct net_device *dev,
7464 				 struct iw_request_info *info,
7465 				 union iwreq_data *wrqu, char *key)
7466 {
7467 	/*
7468 	 * This can be called at any time.  No action lock required
7469 	 */
7470 
7471 	struct ipw2100_priv *priv = libipw_priv(dev);
7472 	return libipw_wx_get_encode(priv->ieee, info, wrqu, key);
7473 }
7474 
7475 static int ipw2100_wx_set_power(struct net_device *dev,
7476 				struct iw_request_info *info,
7477 				union iwreq_data *wrqu, char *extra)
7478 {
7479 	struct ipw2100_priv *priv = libipw_priv(dev);
7480 	int err = 0;
7481 
7482 	mutex_lock(&priv->action_mutex);
7483 	if (!(priv->status & STATUS_INITIALIZED)) {
7484 		err = -EIO;
7485 		goto done;
7486 	}
7487 
7488 	if (wrqu->power.disabled) {
7489 		priv->power_mode = IPW_POWER_LEVEL(priv->power_mode);
7490 		err = ipw2100_set_power_mode(priv, IPW_POWER_MODE_CAM);
7491 		IPW_DEBUG_WX("SET Power Management Mode -> off\n");
7492 		goto done;
7493 	}
7494 
7495 	switch (wrqu->power.flags & IW_POWER_MODE) {
7496 	case IW_POWER_ON:	/* If not specified */
7497 	case IW_POWER_MODE:	/* If set all mask */
7498 	case IW_POWER_ALL_R:	/* If explicitly state all */
7499 		break;
7500 	default:		/* Otherwise we don't support it */
7501 		IPW_DEBUG_WX("SET PM Mode: %X not supported.\n",
7502 			     wrqu->power.flags);
7503 		err = -EOPNOTSUPP;
7504 		goto done;
7505 	}
7506 
7507 	/* If the user hasn't specified a power management mode yet, default
7508 	 * to BATTERY */
7509 	priv->power_mode = IPW_POWER_ENABLED | priv->power_mode;
7510 	err = ipw2100_set_power_mode(priv, IPW_POWER_LEVEL(priv->power_mode));
7511 
7512 	IPW_DEBUG_WX("SET Power Management Mode -> 0x%02X\n", priv->power_mode);
7513 
7514       done:
7515 	mutex_unlock(&priv->action_mutex);
7516 	return err;
7517 
7518 }
7519 
7520 static int ipw2100_wx_get_power(struct net_device *dev,
7521 				struct iw_request_info *info,
7522 				union iwreq_data *wrqu, char *extra)
7523 {
7524 	/*
7525 	 * This can be called at any time.  No action lock required
7526 	 */
7527 
7528 	struct ipw2100_priv *priv = libipw_priv(dev);
7529 
7530 	if (!(priv->power_mode & IPW_POWER_ENABLED))
7531 		wrqu->power.disabled = 1;
7532 	else {
7533 		wrqu->power.disabled = 0;
7534 		wrqu->power.flags = 0;
7535 	}
7536 
7537 	IPW_DEBUG_WX("GET Power Management Mode -> %02X\n", priv->power_mode);
7538 
7539 	return 0;
7540 }
7541 
7542 /*
7543  * WE-18 WPA support
7544  */
7545 
7546 /* SIOCSIWGENIE */
7547 static int ipw2100_wx_set_genie(struct net_device *dev,
7548 				struct iw_request_info *info,
7549 				union iwreq_data *wrqu, char *extra)
7550 {
7551 
7552 	struct ipw2100_priv *priv = libipw_priv(dev);
7553 	struct libipw_device *ieee = priv->ieee;
7554 	u8 *buf;
7555 
7556 	if (!ieee->wpa_enabled)
7557 		return -EOPNOTSUPP;
7558 
7559 	if (wrqu->data.length > MAX_WPA_IE_LEN ||
7560 	    (wrqu->data.length && extra == NULL))
7561 		return -EINVAL;
7562 
7563 	if (wrqu->data.length) {
7564 		buf = kmemdup(extra, wrqu->data.length, GFP_KERNEL);
7565 		if (buf == NULL)
7566 			return -ENOMEM;
7567 
7568 		kfree(ieee->wpa_ie);
7569 		ieee->wpa_ie = buf;
7570 		ieee->wpa_ie_len = wrqu->data.length;
7571 	} else {
7572 		kfree(ieee->wpa_ie);
7573 		ieee->wpa_ie = NULL;
7574 		ieee->wpa_ie_len = 0;
7575 	}
7576 
7577 	ipw2100_wpa_assoc_frame(priv, ieee->wpa_ie, ieee->wpa_ie_len);
7578 
7579 	return 0;
7580 }
7581 
7582 /* SIOCGIWGENIE */
7583 static int ipw2100_wx_get_genie(struct net_device *dev,
7584 				struct iw_request_info *info,
7585 				union iwreq_data *wrqu, char *extra)
7586 {
7587 	struct ipw2100_priv *priv = libipw_priv(dev);
7588 	struct libipw_device *ieee = priv->ieee;
7589 
7590 	if (ieee->wpa_ie_len == 0 || ieee->wpa_ie == NULL) {
7591 		wrqu->data.length = 0;
7592 		return 0;
7593 	}
7594 
7595 	if (wrqu->data.length < ieee->wpa_ie_len)
7596 		return -E2BIG;
7597 
7598 	wrqu->data.length = ieee->wpa_ie_len;
7599 	memcpy(extra, ieee->wpa_ie, ieee->wpa_ie_len);
7600 
7601 	return 0;
7602 }
7603 
7604 /* SIOCSIWAUTH */
7605 static int ipw2100_wx_set_auth(struct net_device *dev,
7606 			       struct iw_request_info *info,
7607 			       union iwreq_data *wrqu, char *extra)
7608 {
7609 	struct ipw2100_priv *priv = libipw_priv(dev);
7610 	struct libipw_device *ieee = priv->ieee;
7611 	struct iw_param *param = &wrqu->param;
7612 	struct lib80211_crypt_data *crypt;
7613 	unsigned long flags;
7614 	int ret = 0;
7615 
7616 	switch (param->flags & IW_AUTH_INDEX) {
7617 	case IW_AUTH_WPA_VERSION:
7618 	case IW_AUTH_CIPHER_PAIRWISE:
7619 	case IW_AUTH_CIPHER_GROUP:
7620 	case IW_AUTH_KEY_MGMT:
7621 		/*
7622 		 * ipw2200 does not use these parameters
7623 		 */
7624 		break;
7625 
7626 	case IW_AUTH_TKIP_COUNTERMEASURES:
7627 		crypt = priv->ieee->crypt_info.crypt[priv->ieee->crypt_info.tx_keyidx];
7628 		if (!crypt || !crypt->ops->set_flags || !crypt->ops->get_flags)
7629 			break;
7630 
7631 		flags = crypt->ops->get_flags(crypt->priv);
7632 
7633 		if (param->value)
7634 			flags |= IEEE80211_CRYPTO_TKIP_COUNTERMEASURES;
7635 		else
7636 			flags &= ~IEEE80211_CRYPTO_TKIP_COUNTERMEASURES;
7637 
7638 		crypt->ops->set_flags(flags, crypt->priv);
7639 
7640 		break;
7641 
7642 	case IW_AUTH_DROP_UNENCRYPTED:{
7643 			/* HACK:
7644 			 *
7645 			 * wpa_supplicant calls set_wpa_enabled when the driver
7646 			 * is loaded and unloaded, regardless of if WPA is being
7647 			 * used.  No other calls are made which can be used to
7648 			 * determine if encryption will be used or not prior to
7649 			 * association being expected.  If encryption is not being
7650 			 * used, drop_unencrypted is set to false, else true -- we
7651 			 * can use this to determine if the CAP_PRIVACY_ON bit should
7652 			 * be set.
7653 			 */
7654 			struct libipw_security sec = {
7655 				.flags = SEC_ENABLED,
7656 				.enabled = param->value,
7657 			};
7658 			priv->ieee->drop_unencrypted = param->value;
7659 			/* We only change SEC_LEVEL for open mode. Others
7660 			 * are set by ipw_wpa_set_encryption.
7661 			 */
7662 			if (!param->value) {
7663 				sec.flags |= SEC_LEVEL;
7664 				sec.level = SEC_LEVEL_0;
7665 			} else {
7666 				sec.flags |= SEC_LEVEL;
7667 				sec.level = SEC_LEVEL_1;
7668 			}
7669 			if (priv->ieee->set_security)
7670 				priv->ieee->set_security(priv->ieee->dev, &sec);
7671 			break;
7672 		}
7673 
7674 	case IW_AUTH_80211_AUTH_ALG:
7675 		ret = ipw2100_wpa_set_auth_algs(priv, param->value);
7676 		break;
7677 
7678 	case IW_AUTH_WPA_ENABLED:
7679 		ret = ipw2100_wpa_enable(priv, param->value);
7680 		break;
7681 
7682 	case IW_AUTH_RX_UNENCRYPTED_EAPOL:
7683 		ieee->ieee802_1x = param->value;
7684 		break;
7685 
7686 		//case IW_AUTH_ROAMING_CONTROL:
7687 	case IW_AUTH_PRIVACY_INVOKED:
7688 		ieee->privacy_invoked = param->value;
7689 		break;
7690 
7691 	default:
7692 		return -EOPNOTSUPP;
7693 	}
7694 	return ret;
7695 }
7696 
7697 /* SIOCGIWAUTH */
7698 static int ipw2100_wx_get_auth(struct net_device *dev,
7699 			       struct iw_request_info *info,
7700 			       union iwreq_data *wrqu, char *extra)
7701 {
7702 	struct ipw2100_priv *priv = libipw_priv(dev);
7703 	struct libipw_device *ieee = priv->ieee;
7704 	struct lib80211_crypt_data *crypt;
7705 	struct iw_param *param = &wrqu->param;
7706 
7707 	switch (param->flags & IW_AUTH_INDEX) {
7708 	case IW_AUTH_WPA_VERSION:
7709 	case IW_AUTH_CIPHER_PAIRWISE:
7710 	case IW_AUTH_CIPHER_GROUP:
7711 	case IW_AUTH_KEY_MGMT:
7712 		/*
7713 		 * wpa_supplicant will control these internally
7714 		 */
7715 		break;
7716 
7717 	case IW_AUTH_TKIP_COUNTERMEASURES:
7718 		crypt = priv->ieee->crypt_info.crypt[priv->ieee->crypt_info.tx_keyidx];
7719 		if (!crypt || !crypt->ops->get_flags) {
7720 			IPW_DEBUG_WARNING("Can't get TKIP countermeasures: "
7721 					  "crypt not set!\n");
7722 			break;
7723 		}
7724 
7725 		param->value = (crypt->ops->get_flags(crypt->priv) &
7726 				IEEE80211_CRYPTO_TKIP_COUNTERMEASURES) ? 1 : 0;
7727 
7728 		break;
7729 
7730 	case IW_AUTH_DROP_UNENCRYPTED:
7731 		param->value = ieee->drop_unencrypted;
7732 		break;
7733 
7734 	case IW_AUTH_80211_AUTH_ALG:
7735 		param->value = priv->ieee->sec.auth_mode;
7736 		break;
7737 
7738 	case IW_AUTH_WPA_ENABLED:
7739 		param->value = ieee->wpa_enabled;
7740 		break;
7741 
7742 	case IW_AUTH_RX_UNENCRYPTED_EAPOL:
7743 		param->value = ieee->ieee802_1x;
7744 		break;
7745 
7746 	case IW_AUTH_ROAMING_CONTROL:
7747 	case IW_AUTH_PRIVACY_INVOKED:
7748 		param->value = ieee->privacy_invoked;
7749 		break;
7750 
7751 	default:
7752 		return -EOPNOTSUPP;
7753 	}
7754 	return 0;
7755 }
7756 
7757 /* SIOCSIWENCODEEXT */
7758 static int ipw2100_wx_set_encodeext(struct net_device *dev,
7759 				    struct iw_request_info *info,
7760 				    union iwreq_data *wrqu, char *extra)
7761 {
7762 	struct ipw2100_priv *priv = libipw_priv(dev);
7763 	return libipw_wx_set_encodeext(priv->ieee, info, wrqu, extra);
7764 }
7765 
7766 /* SIOCGIWENCODEEXT */
7767 static int ipw2100_wx_get_encodeext(struct net_device *dev,
7768 				    struct iw_request_info *info,
7769 				    union iwreq_data *wrqu, char *extra)
7770 {
7771 	struct ipw2100_priv *priv = libipw_priv(dev);
7772 	return libipw_wx_get_encodeext(priv->ieee, info, wrqu, extra);
7773 }
7774 
7775 /* SIOCSIWMLME */
7776 static int ipw2100_wx_set_mlme(struct net_device *dev,
7777 			       struct iw_request_info *info,
7778 			       union iwreq_data *wrqu, char *extra)
7779 {
7780 	struct ipw2100_priv *priv = libipw_priv(dev);
7781 	struct iw_mlme *mlme = (struct iw_mlme *)extra;
7782 
7783 	switch (mlme->cmd) {
7784 	case IW_MLME_DEAUTH:
7785 		// silently ignore
7786 		break;
7787 
7788 	case IW_MLME_DISASSOC:
7789 		ipw2100_disassociate_bssid(priv);
7790 		break;
7791 
7792 	default:
7793 		return -EOPNOTSUPP;
7794 	}
7795 	return 0;
7796 }
7797 
7798 /*
7799  *
7800  * IWPRIV handlers
7801  *
7802  */
7803 #ifdef CONFIG_IPW2100_MONITOR
7804 static int ipw2100_wx_set_promisc(struct net_device *dev,
7805 				  struct iw_request_info *info,
7806 				  union iwreq_data *wrqu, char *extra)
7807 {
7808 	struct ipw2100_priv *priv = libipw_priv(dev);
7809 	int *parms = (int *)extra;
7810 	int enable = (parms[0] > 0);
7811 	int err = 0;
7812 
7813 	mutex_lock(&priv->action_mutex);
7814 	if (!(priv->status & STATUS_INITIALIZED)) {
7815 		err = -EIO;
7816 		goto done;
7817 	}
7818 
7819 	if (enable) {
7820 		if (priv->ieee->iw_mode == IW_MODE_MONITOR) {
7821 			err = ipw2100_set_channel(priv, parms[1], 0);
7822 			goto done;
7823 		}
7824 		priv->channel = parms[1];
7825 		err = ipw2100_switch_mode(priv, IW_MODE_MONITOR);
7826 	} else {
7827 		if (priv->ieee->iw_mode == IW_MODE_MONITOR)
7828 			err = ipw2100_switch_mode(priv, priv->last_mode);
7829 	}
7830       done:
7831 	mutex_unlock(&priv->action_mutex);
7832 	return err;
7833 }
7834 
7835 static int ipw2100_wx_reset(struct net_device *dev,
7836 			    struct iw_request_info *info,
7837 			    union iwreq_data *wrqu, char *extra)
7838 {
7839 	struct ipw2100_priv *priv = libipw_priv(dev);
7840 	if (priv->status & STATUS_INITIALIZED)
7841 		schedule_reset(priv);
7842 	return 0;
7843 }
7844 
7845 #endif
7846 
7847 static int ipw2100_wx_set_powermode(struct net_device *dev,
7848 				    struct iw_request_info *info,
7849 				    union iwreq_data *wrqu, char *extra)
7850 {
7851 	struct ipw2100_priv *priv = libipw_priv(dev);
7852 	int err = 0, mode = *(int *)extra;
7853 
7854 	mutex_lock(&priv->action_mutex);
7855 	if (!(priv->status & STATUS_INITIALIZED)) {
7856 		err = -EIO;
7857 		goto done;
7858 	}
7859 
7860 	if ((mode < 0) || (mode > POWER_MODES))
7861 		mode = IPW_POWER_AUTO;
7862 
7863 	if (IPW_POWER_LEVEL(priv->power_mode) != mode)
7864 		err = ipw2100_set_power_mode(priv, mode);
7865       done:
7866 	mutex_unlock(&priv->action_mutex);
7867 	return err;
7868 }
7869 
7870 #define MAX_POWER_STRING 80
7871 static int ipw2100_wx_get_powermode(struct net_device *dev,
7872 				    struct iw_request_info *info,
7873 				    union iwreq_data *wrqu, char *extra)
7874 {
7875 	/*
7876 	 * This can be called at any time.  No action lock required
7877 	 */
7878 
7879 	struct ipw2100_priv *priv = libipw_priv(dev);
7880 	int level = IPW_POWER_LEVEL(priv->power_mode);
7881 	s32 timeout, period;
7882 
7883 	if (!(priv->power_mode & IPW_POWER_ENABLED)) {
7884 		snprintf(extra, MAX_POWER_STRING,
7885 			 "Power save level: %d (Off)", level);
7886 	} else {
7887 		switch (level) {
7888 		case IPW_POWER_MODE_CAM:
7889 			snprintf(extra, MAX_POWER_STRING,
7890 				 "Power save level: %d (None)", level);
7891 			break;
7892 		case IPW_POWER_AUTO:
7893 			snprintf(extra, MAX_POWER_STRING,
7894 				 "Power save level: %d (Auto)", level);
7895 			break;
7896 		default:
7897 			timeout = timeout_duration[level - 1] / 1000;
7898 			period = period_duration[level - 1] / 1000;
7899 			snprintf(extra, MAX_POWER_STRING,
7900 				 "Power save level: %d "
7901 				 "(Timeout %dms, Period %dms)",
7902 				 level, timeout, period);
7903 		}
7904 	}
7905 
7906 	wrqu->data.length = strlen(extra) + 1;
7907 
7908 	return 0;
7909 }
7910 
7911 static int ipw2100_wx_set_preamble(struct net_device *dev,
7912 				   struct iw_request_info *info,
7913 				   union iwreq_data *wrqu, char *extra)
7914 {
7915 	struct ipw2100_priv *priv = libipw_priv(dev);
7916 	int err, mode = *(int *)extra;
7917 
7918 	mutex_lock(&priv->action_mutex);
7919 	if (!(priv->status & STATUS_INITIALIZED)) {
7920 		err = -EIO;
7921 		goto done;
7922 	}
7923 
7924 	if (mode == 1)
7925 		priv->config |= CFG_LONG_PREAMBLE;
7926 	else if (mode == 0)
7927 		priv->config &= ~CFG_LONG_PREAMBLE;
7928 	else {
7929 		err = -EINVAL;
7930 		goto done;
7931 	}
7932 
7933 	err = ipw2100_system_config(priv, 0);
7934 
7935       done:
7936 	mutex_unlock(&priv->action_mutex);
7937 	return err;
7938 }
7939 
7940 static int ipw2100_wx_get_preamble(struct net_device *dev,
7941 				   struct iw_request_info *info,
7942 				   union iwreq_data *wrqu, char *extra)
7943 {
7944 	/*
7945 	 * This can be called at any time.  No action lock required
7946 	 */
7947 
7948 	struct ipw2100_priv *priv = libipw_priv(dev);
7949 
7950 	if (priv->config & CFG_LONG_PREAMBLE)
7951 		snprintf(wrqu->name, IFNAMSIZ, "long (1)");
7952 	else
7953 		snprintf(wrqu->name, IFNAMSIZ, "auto (0)");
7954 
7955 	return 0;
7956 }
7957 
7958 #ifdef CONFIG_IPW2100_MONITOR
7959 static int ipw2100_wx_set_crc_check(struct net_device *dev,
7960 				    struct iw_request_info *info,
7961 				    union iwreq_data *wrqu, char *extra)
7962 {
7963 	struct ipw2100_priv *priv = libipw_priv(dev);
7964 	int err, mode = *(int *)extra;
7965 
7966 	mutex_lock(&priv->action_mutex);
7967 	if (!(priv->status & STATUS_INITIALIZED)) {
7968 		err = -EIO;
7969 		goto done;
7970 	}
7971 
7972 	if (mode == 1)
7973 		priv->config |= CFG_CRC_CHECK;
7974 	else if (mode == 0)
7975 		priv->config &= ~CFG_CRC_CHECK;
7976 	else {
7977 		err = -EINVAL;
7978 		goto done;
7979 	}
7980 	err = 0;
7981 
7982       done:
7983 	mutex_unlock(&priv->action_mutex);
7984 	return err;
7985 }
7986 
7987 static int ipw2100_wx_get_crc_check(struct net_device *dev,
7988 				    struct iw_request_info *info,
7989 				    union iwreq_data *wrqu, char *extra)
7990 {
7991 	/*
7992 	 * This can be called at any time.  No action lock required
7993 	 */
7994 
7995 	struct ipw2100_priv *priv = libipw_priv(dev);
7996 
7997 	if (priv->config & CFG_CRC_CHECK)
7998 		snprintf(wrqu->name, IFNAMSIZ, "CRC checked (1)");
7999 	else
8000 		snprintf(wrqu->name, IFNAMSIZ, "CRC ignored (0)");
8001 
8002 	return 0;
8003 }
8004 #endif				/* CONFIG_IPW2100_MONITOR */
8005 
8006 static iw_handler ipw2100_wx_handlers[] = {
8007 	IW_HANDLER(SIOCGIWNAME, ipw2100_wx_get_name),
8008 	IW_HANDLER(SIOCSIWFREQ, ipw2100_wx_set_freq),
8009 	IW_HANDLER(SIOCGIWFREQ, ipw2100_wx_get_freq),
8010 	IW_HANDLER(SIOCSIWMODE, ipw2100_wx_set_mode),
8011 	IW_HANDLER(SIOCGIWMODE, ipw2100_wx_get_mode),
8012 	IW_HANDLER(SIOCGIWRANGE, ipw2100_wx_get_range),
8013 	IW_HANDLER(SIOCSIWAP, ipw2100_wx_set_wap),
8014 	IW_HANDLER(SIOCGIWAP, ipw2100_wx_get_wap),
8015 	IW_HANDLER(SIOCSIWMLME, ipw2100_wx_set_mlme),
8016 	IW_HANDLER(SIOCSIWSCAN, ipw2100_wx_set_scan),
8017 	IW_HANDLER(SIOCGIWSCAN, ipw2100_wx_get_scan),
8018 	IW_HANDLER(SIOCSIWESSID, ipw2100_wx_set_essid),
8019 	IW_HANDLER(SIOCGIWESSID, ipw2100_wx_get_essid),
8020 	IW_HANDLER(SIOCSIWNICKN, ipw2100_wx_set_nick),
8021 	IW_HANDLER(SIOCGIWNICKN, ipw2100_wx_get_nick),
8022 	IW_HANDLER(SIOCSIWRATE, ipw2100_wx_set_rate),
8023 	IW_HANDLER(SIOCGIWRATE, ipw2100_wx_get_rate),
8024 	IW_HANDLER(SIOCSIWRTS, ipw2100_wx_set_rts),
8025 	IW_HANDLER(SIOCGIWRTS, ipw2100_wx_get_rts),
8026 	IW_HANDLER(SIOCSIWFRAG, ipw2100_wx_set_frag),
8027 	IW_HANDLER(SIOCGIWFRAG, ipw2100_wx_get_frag),
8028 	IW_HANDLER(SIOCSIWTXPOW, ipw2100_wx_set_txpow),
8029 	IW_HANDLER(SIOCGIWTXPOW, ipw2100_wx_get_txpow),
8030 	IW_HANDLER(SIOCSIWRETRY, ipw2100_wx_set_retry),
8031 	IW_HANDLER(SIOCGIWRETRY, ipw2100_wx_get_retry),
8032 	IW_HANDLER(SIOCSIWENCODE, ipw2100_wx_set_encode),
8033 	IW_HANDLER(SIOCGIWENCODE, ipw2100_wx_get_encode),
8034 	IW_HANDLER(SIOCSIWPOWER, ipw2100_wx_set_power),
8035 	IW_HANDLER(SIOCGIWPOWER, ipw2100_wx_get_power),
8036 	IW_HANDLER(SIOCSIWGENIE, ipw2100_wx_set_genie),
8037 	IW_HANDLER(SIOCGIWGENIE, ipw2100_wx_get_genie),
8038 	IW_HANDLER(SIOCSIWAUTH, ipw2100_wx_set_auth),
8039 	IW_HANDLER(SIOCGIWAUTH, ipw2100_wx_get_auth),
8040 	IW_HANDLER(SIOCSIWENCODEEXT, ipw2100_wx_set_encodeext),
8041 	IW_HANDLER(SIOCGIWENCODEEXT, ipw2100_wx_get_encodeext),
8042 };
8043 
8044 #define IPW2100_PRIV_SET_MONITOR	SIOCIWFIRSTPRIV
8045 #define IPW2100_PRIV_RESET		SIOCIWFIRSTPRIV+1
8046 #define IPW2100_PRIV_SET_POWER		SIOCIWFIRSTPRIV+2
8047 #define IPW2100_PRIV_GET_POWER		SIOCIWFIRSTPRIV+3
8048 #define IPW2100_PRIV_SET_LONGPREAMBLE	SIOCIWFIRSTPRIV+4
8049 #define IPW2100_PRIV_GET_LONGPREAMBLE	SIOCIWFIRSTPRIV+5
8050 #define IPW2100_PRIV_SET_CRC_CHECK	SIOCIWFIRSTPRIV+6
8051 #define IPW2100_PRIV_GET_CRC_CHECK	SIOCIWFIRSTPRIV+7
8052 
8053 static const struct iw_priv_args ipw2100_private_args[] = {
8054 
8055 #ifdef CONFIG_IPW2100_MONITOR
8056 	{
8057 	 IPW2100_PRIV_SET_MONITOR,
8058 	 IW_PRIV_TYPE_INT | IW_PRIV_SIZE_FIXED | 2, 0, "monitor"},
8059 	{
8060 	 IPW2100_PRIV_RESET,
8061 	 IW_PRIV_TYPE_INT | IW_PRIV_SIZE_FIXED | 0, 0, "reset"},
8062 #endif				/* CONFIG_IPW2100_MONITOR */
8063 
8064 	{
8065 	 IPW2100_PRIV_SET_POWER,
8066 	 IW_PRIV_TYPE_INT | IW_PRIV_SIZE_FIXED | 1, 0, "set_power"},
8067 	{
8068 	 IPW2100_PRIV_GET_POWER,
8069 	 0, IW_PRIV_TYPE_CHAR | IW_PRIV_SIZE_FIXED | MAX_POWER_STRING,
8070 	 "get_power"},
8071 	{
8072 	 IPW2100_PRIV_SET_LONGPREAMBLE,
8073 	 IW_PRIV_TYPE_INT | IW_PRIV_SIZE_FIXED | 1, 0, "set_preamble"},
8074 	{
8075 	 IPW2100_PRIV_GET_LONGPREAMBLE,
8076 	 0, IW_PRIV_TYPE_CHAR | IW_PRIV_SIZE_FIXED | IFNAMSIZ, "get_preamble"},
8077 #ifdef CONFIG_IPW2100_MONITOR
8078 	{
8079 	 IPW2100_PRIV_SET_CRC_CHECK,
8080 	 IW_PRIV_TYPE_INT | IW_PRIV_SIZE_FIXED | 1, 0, "set_crc_check"},
8081 	{
8082 	 IPW2100_PRIV_GET_CRC_CHECK,
8083 	 0, IW_PRIV_TYPE_CHAR | IW_PRIV_SIZE_FIXED | IFNAMSIZ, "get_crc_check"},
8084 #endif				/* CONFIG_IPW2100_MONITOR */
8085 };
8086 
8087 static iw_handler ipw2100_private_handler[] = {
8088 #ifdef CONFIG_IPW2100_MONITOR
8089 	ipw2100_wx_set_promisc,
8090 	ipw2100_wx_reset,
8091 #else				/* CONFIG_IPW2100_MONITOR */
8092 	NULL,
8093 	NULL,
8094 #endif				/* CONFIG_IPW2100_MONITOR */
8095 	ipw2100_wx_set_powermode,
8096 	ipw2100_wx_get_powermode,
8097 	ipw2100_wx_set_preamble,
8098 	ipw2100_wx_get_preamble,
8099 #ifdef CONFIG_IPW2100_MONITOR
8100 	ipw2100_wx_set_crc_check,
8101 	ipw2100_wx_get_crc_check,
8102 #else				/* CONFIG_IPW2100_MONITOR */
8103 	NULL,
8104 	NULL,
8105 #endif				/* CONFIG_IPW2100_MONITOR */
8106 };
8107 
8108 /*
8109  * Get wireless statistics.
8110  * Called by /proc/net/wireless
8111  * Also called by SIOCGIWSTATS
8112  */
8113 static struct iw_statistics *ipw2100_wx_wireless_stats(struct net_device *dev)
8114 {
8115 	enum {
8116 		POOR = 30,
8117 		FAIR = 60,
8118 		GOOD = 80,
8119 		VERY_GOOD = 90,
8120 		EXCELLENT = 95,
8121 		PERFECT = 100
8122 	};
8123 	int rssi_qual;
8124 	int tx_qual;
8125 	int beacon_qual;
8126 	int quality;
8127 
8128 	struct ipw2100_priv *priv = libipw_priv(dev);
8129 	struct iw_statistics *wstats;
8130 	u32 rssi, tx_retries, missed_beacons, tx_failures;
8131 	u32 ord_len = sizeof(u32);
8132 
8133 	if (!priv)
8134 		return (struct iw_statistics *)NULL;
8135 
8136 	wstats = &priv->wstats;
8137 
8138 	/* if hw is disabled, then ipw2100_get_ordinal() can't be called.
8139 	 * ipw2100_wx_wireless_stats seems to be called before fw is
8140 	 * initialized.  STATUS_ASSOCIATED will only be set if the hw is up
8141 	 * and associated; if not associcated, the values are all meaningless
8142 	 * anyway, so set them all to NULL and INVALID */
8143 	if (!(priv->status & STATUS_ASSOCIATED)) {
8144 		wstats->miss.beacon = 0;
8145 		wstats->discard.retries = 0;
8146 		wstats->qual.qual = 0;
8147 		wstats->qual.level = 0;
8148 		wstats->qual.noise = 0;
8149 		wstats->qual.updated = 7;
8150 		wstats->qual.updated |= IW_QUAL_NOISE_INVALID |
8151 		    IW_QUAL_QUAL_INVALID | IW_QUAL_LEVEL_INVALID;
8152 		return wstats;
8153 	}
8154 
8155 	if (ipw2100_get_ordinal(priv, IPW_ORD_STAT_PERCENT_MISSED_BCNS,
8156 				&missed_beacons, &ord_len))
8157 		goto fail_get_ordinal;
8158 
8159 	/* If we don't have a connection the quality and level is 0 */
8160 	if (!(priv->status & STATUS_ASSOCIATED)) {
8161 		wstats->qual.qual = 0;
8162 		wstats->qual.level = 0;
8163 	} else {
8164 		if (ipw2100_get_ordinal(priv, IPW_ORD_RSSI_AVG_CURR,
8165 					&rssi, &ord_len))
8166 			goto fail_get_ordinal;
8167 		wstats->qual.level = rssi + IPW2100_RSSI_TO_DBM;
8168 		if (rssi < 10)
8169 			rssi_qual = rssi * POOR / 10;
8170 		else if (rssi < 15)
8171 			rssi_qual = (rssi - 10) * (FAIR - POOR) / 5 + POOR;
8172 		else if (rssi < 20)
8173 			rssi_qual = (rssi - 15) * (GOOD - FAIR) / 5 + FAIR;
8174 		else if (rssi < 30)
8175 			rssi_qual = (rssi - 20) * (VERY_GOOD - GOOD) /
8176 			    10 + GOOD;
8177 		else
8178 			rssi_qual = (rssi - 30) * (PERFECT - VERY_GOOD) /
8179 			    10 + VERY_GOOD;
8180 
8181 		if (ipw2100_get_ordinal(priv, IPW_ORD_STAT_PERCENT_RETRIES,
8182 					&tx_retries, &ord_len))
8183 			goto fail_get_ordinal;
8184 
8185 		if (tx_retries > 75)
8186 			tx_qual = (90 - tx_retries) * POOR / 15;
8187 		else if (tx_retries > 70)
8188 			tx_qual = (75 - tx_retries) * (FAIR - POOR) / 5 + POOR;
8189 		else if (tx_retries > 65)
8190 			tx_qual = (70 - tx_retries) * (GOOD - FAIR) / 5 + FAIR;
8191 		else if (tx_retries > 50)
8192 			tx_qual = (65 - tx_retries) * (VERY_GOOD - GOOD) /
8193 			    15 + GOOD;
8194 		else
8195 			tx_qual = (50 - tx_retries) *
8196 			    (PERFECT - VERY_GOOD) / 50 + VERY_GOOD;
8197 
8198 		if (missed_beacons > 50)
8199 			beacon_qual = (60 - missed_beacons) * POOR / 10;
8200 		else if (missed_beacons > 40)
8201 			beacon_qual = (50 - missed_beacons) * (FAIR - POOR) /
8202 			    10 + POOR;
8203 		else if (missed_beacons > 32)
8204 			beacon_qual = (40 - missed_beacons) * (GOOD - FAIR) /
8205 			    18 + FAIR;
8206 		else if (missed_beacons > 20)
8207 			beacon_qual = (32 - missed_beacons) *
8208 			    (VERY_GOOD - GOOD) / 20 + GOOD;
8209 		else
8210 			beacon_qual = (20 - missed_beacons) *
8211 			    (PERFECT - VERY_GOOD) / 20 + VERY_GOOD;
8212 
8213 		quality = min(tx_qual, rssi_qual);
8214 		quality = min(beacon_qual, quality);
8215 
8216 #ifdef CONFIG_IPW2100_DEBUG
8217 		if (beacon_qual == quality)
8218 			IPW_DEBUG_WX("Quality clamped by Missed Beacons\n");
8219 		else if (tx_qual == quality)
8220 			IPW_DEBUG_WX("Quality clamped by Tx Retries\n");
8221 		else if (quality != 100)
8222 			IPW_DEBUG_WX("Quality clamped by Signal Strength\n");
8223 		else
8224 			IPW_DEBUG_WX("Quality not clamped.\n");
8225 #endif
8226 
8227 		wstats->qual.qual = quality;
8228 		wstats->qual.level = rssi + IPW2100_RSSI_TO_DBM;
8229 	}
8230 
8231 	wstats->qual.noise = 0;
8232 	wstats->qual.updated = 7;
8233 	wstats->qual.updated |= IW_QUAL_NOISE_INVALID;
8234 
8235 	/* FIXME: this is percent and not a # */
8236 	wstats->miss.beacon = missed_beacons;
8237 
8238 	if (ipw2100_get_ordinal(priv, IPW_ORD_STAT_TX_FAILURES,
8239 				&tx_failures, &ord_len))
8240 		goto fail_get_ordinal;
8241 	wstats->discard.retries = tx_failures;
8242 
8243 	return wstats;
8244 
8245       fail_get_ordinal:
8246 	IPW_DEBUG_WX("failed querying ordinals.\n");
8247 
8248 	return (struct iw_statistics *)NULL;
8249 }
8250 
8251 static const struct iw_handler_def ipw2100_wx_handler_def = {
8252 	.standard = ipw2100_wx_handlers,
8253 	.num_standard = ARRAY_SIZE(ipw2100_wx_handlers),
8254 	.num_private = ARRAY_SIZE(ipw2100_private_handler),
8255 	.num_private_args = ARRAY_SIZE(ipw2100_private_args),
8256 	.private = (iw_handler *) ipw2100_private_handler,
8257 	.private_args = (struct iw_priv_args *)ipw2100_private_args,
8258 	.get_wireless_stats = ipw2100_wx_wireless_stats,
8259 };
8260 
8261 static void ipw2100_wx_event_work(struct work_struct *work)
8262 {
8263 	struct ipw2100_priv *priv =
8264 		container_of(work, struct ipw2100_priv, wx_event_work.work);
8265 	union iwreq_data wrqu;
8266 	unsigned int len = ETH_ALEN;
8267 
8268 	if (priv->status & STATUS_STOPPING)
8269 		return;
8270 
8271 	mutex_lock(&priv->action_mutex);
8272 
8273 	IPW_DEBUG_WX("enter\n");
8274 
8275 	mutex_unlock(&priv->action_mutex);
8276 
8277 	wrqu.ap_addr.sa_family = ARPHRD_ETHER;
8278 
8279 	/* Fetch BSSID from the hardware */
8280 	if (!(priv->status & (STATUS_ASSOCIATING | STATUS_ASSOCIATED)) ||
8281 	    priv->status & STATUS_RF_KILL_MASK ||
8282 	    ipw2100_get_ordinal(priv, IPW_ORD_STAT_ASSN_AP_BSSID,
8283 				&priv->bssid, &len)) {
8284 		eth_zero_addr(wrqu.ap_addr.sa_data);
8285 	} else {
8286 		/* We now have the BSSID, so can finish setting to the full
8287 		 * associated state */
8288 		memcpy(wrqu.ap_addr.sa_data, priv->bssid, ETH_ALEN);
8289 		memcpy(priv->ieee->bssid, priv->bssid, ETH_ALEN);
8290 		priv->status &= ~STATUS_ASSOCIATING;
8291 		priv->status |= STATUS_ASSOCIATED;
8292 		netif_carrier_on(priv->net_dev);
8293 		netif_wake_queue(priv->net_dev);
8294 	}
8295 
8296 	if (!(priv->status & STATUS_ASSOCIATED)) {
8297 		IPW_DEBUG_WX("Configuring ESSID\n");
8298 		mutex_lock(&priv->action_mutex);
8299 		/* This is a disassociation event, so kick the firmware to
8300 		 * look for another AP */
8301 		if (priv->config & CFG_STATIC_ESSID)
8302 			ipw2100_set_essid(priv, priv->essid, priv->essid_len,
8303 					  0);
8304 		else
8305 			ipw2100_set_essid(priv, NULL, 0, 0);
8306 		mutex_unlock(&priv->action_mutex);
8307 	}
8308 
8309 	wireless_send_event(priv->net_dev, SIOCGIWAP, &wrqu, NULL);
8310 }
8311 
8312 #define IPW2100_FW_MAJOR_VERSION 1
8313 #define IPW2100_FW_MINOR_VERSION 3
8314 
8315 #define IPW2100_FW_MINOR(x) ((x & 0xff) >> 8)
8316 #define IPW2100_FW_MAJOR(x) (x & 0xff)
8317 
8318 #define IPW2100_FW_VERSION ((IPW2100_FW_MINOR_VERSION << 8) | \
8319                              IPW2100_FW_MAJOR_VERSION)
8320 
8321 #define IPW2100_FW_PREFIX "ipw2100-" __stringify(IPW2100_FW_MAJOR_VERSION) \
8322 "." __stringify(IPW2100_FW_MINOR_VERSION)
8323 
8324 #define IPW2100_FW_NAME(x) IPW2100_FW_PREFIX "" x ".fw"
8325 
8326 /*
8327 
8328 BINARY FIRMWARE HEADER FORMAT
8329 
8330 offset      length   desc
8331 0           2        version
8332 2           2        mode == 0:BSS,1:IBSS,2:MONITOR
8333 4           4        fw_len
8334 8           4        uc_len
8335 C           fw_len   firmware data
8336 12 + fw_len uc_len   microcode data
8337 
8338 */
8339 
8340 struct ipw2100_fw_header {
8341 	short version;
8342 	short mode;
8343 	unsigned int fw_size;
8344 	unsigned int uc_size;
8345 } __packed;
8346 
8347 static int ipw2100_mod_firmware_load(struct ipw2100_fw *fw)
8348 {
8349 	struct ipw2100_fw_header *h =
8350 	    (struct ipw2100_fw_header *)fw->fw_entry->data;
8351 
8352 	if (IPW2100_FW_MAJOR(h->version) != IPW2100_FW_MAJOR_VERSION) {
8353 		printk(KERN_WARNING DRV_NAME ": Firmware image not compatible "
8354 		       "(detected version id of %u). "
8355 		       "See Documentation/networking/device_drivers/intel/ipw2100.txt\n",
8356 		       h->version);
8357 		return 1;
8358 	}
8359 
8360 	fw->version = h->version;
8361 	fw->fw.data = fw->fw_entry->data + sizeof(struct ipw2100_fw_header);
8362 	fw->fw.size = h->fw_size;
8363 	fw->uc.data = fw->fw.data + h->fw_size;
8364 	fw->uc.size = h->uc_size;
8365 
8366 	return 0;
8367 }
8368 
8369 static int ipw2100_get_firmware(struct ipw2100_priv *priv,
8370 				struct ipw2100_fw *fw)
8371 {
8372 	char *fw_name;
8373 	int rc;
8374 
8375 	IPW_DEBUG_INFO("%s: Using hotplug firmware load.\n",
8376 		       priv->net_dev->name);
8377 
8378 	switch (priv->ieee->iw_mode) {
8379 	case IW_MODE_ADHOC:
8380 		fw_name = IPW2100_FW_NAME("-i");
8381 		break;
8382 #ifdef CONFIG_IPW2100_MONITOR
8383 	case IW_MODE_MONITOR:
8384 		fw_name = IPW2100_FW_NAME("-p");
8385 		break;
8386 #endif
8387 	case IW_MODE_INFRA:
8388 	default:
8389 		fw_name = IPW2100_FW_NAME("");
8390 		break;
8391 	}
8392 
8393 	rc = request_firmware(&fw->fw_entry, fw_name, &priv->pci_dev->dev);
8394 
8395 	if (rc < 0) {
8396 		printk(KERN_ERR DRV_NAME ": "
8397 		       "%s: Firmware '%s' not available or load failed.\n",
8398 		       priv->net_dev->name, fw_name);
8399 		return rc;
8400 	}
8401 	IPW_DEBUG_INFO("firmware data %p size %zd\n", fw->fw_entry->data,
8402 		       fw->fw_entry->size);
8403 
8404 	ipw2100_mod_firmware_load(fw);
8405 
8406 	return 0;
8407 }
8408 
8409 MODULE_FIRMWARE(IPW2100_FW_NAME("-i"));
8410 #ifdef CONFIG_IPW2100_MONITOR
8411 MODULE_FIRMWARE(IPW2100_FW_NAME("-p"));
8412 #endif
8413 MODULE_FIRMWARE(IPW2100_FW_NAME(""));
8414 
8415 static void ipw2100_release_firmware(struct ipw2100_priv *priv,
8416 				     struct ipw2100_fw *fw)
8417 {
8418 	fw->version = 0;
8419 	release_firmware(fw->fw_entry);
8420 	fw->fw_entry = NULL;
8421 }
8422 
8423 static int ipw2100_get_fwversion(struct ipw2100_priv *priv, char *buf,
8424 				 size_t max)
8425 {
8426 	char ver[MAX_FW_VERSION_LEN];
8427 	u32 len = MAX_FW_VERSION_LEN;
8428 	u32 tmp;
8429 	int i;
8430 	/* firmware version is an ascii string (max len of 14) */
8431 	if (ipw2100_get_ordinal(priv, IPW_ORD_STAT_FW_VER_NUM, ver, &len))
8432 		return -EIO;
8433 	tmp = max;
8434 	if (len >= max)
8435 		len = max - 1;
8436 	for (i = 0; i < len; i++)
8437 		buf[i] = ver[i];
8438 	buf[i] = '\0';
8439 	return tmp;
8440 }
8441 
8442 static int ipw2100_get_ucodeversion(struct ipw2100_priv *priv, char *buf,
8443 				    size_t max)
8444 {
8445 	u32 ver;
8446 	u32 len = sizeof(ver);
8447 	/* microcode version is a 32 bit integer */
8448 	if (ipw2100_get_ordinal(priv, IPW_ORD_UCODE_VERSION, &ver, &len))
8449 		return -EIO;
8450 	return snprintf(buf, max, "%08X", ver);
8451 }
8452 
8453 /*
8454  * On exit, the firmware will have been freed from the fw list
8455  */
8456 static int ipw2100_fw_download(struct ipw2100_priv *priv, struct ipw2100_fw *fw)
8457 {
8458 	/* firmware is constructed of N contiguous entries, each entry is
8459 	 * structured as:
8460 	 *
8461 	 * offset    sie         desc
8462 	 * 0         4           address to write to
8463 	 * 4         2           length of data run
8464 	 * 6         length      data
8465 	 */
8466 	unsigned int addr;
8467 	unsigned short len;
8468 
8469 	const unsigned char *firmware_data = fw->fw.data;
8470 	unsigned int firmware_data_left = fw->fw.size;
8471 
8472 	while (firmware_data_left > 0) {
8473 		addr = *(u32 *) (firmware_data);
8474 		firmware_data += 4;
8475 		firmware_data_left -= 4;
8476 
8477 		len = *(u16 *) (firmware_data);
8478 		firmware_data += 2;
8479 		firmware_data_left -= 2;
8480 
8481 		if (len > 32) {
8482 			printk(KERN_ERR DRV_NAME ": "
8483 			       "Invalid firmware run-length of %d bytes\n",
8484 			       len);
8485 			return -EINVAL;
8486 		}
8487 
8488 		write_nic_memory(priv->net_dev, addr, len, firmware_data);
8489 		firmware_data += len;
8490 		firmware_data_left -= len;
8491 	}
8492 
8493 	return 0;
8494 }
8495 
8496 struct symbol_alive_response {
8497 	u8 cmd_id;
8498 	u8 seq_num;
8499 	u8 ucode_rev;
8500 	u8 eeprom_valid;
8501 	u16 valid_flags;
8502 	u8 IEEE_addr[6];
8503 	u16 flags;
8504 	u16 pcb_rev;
8505 	u16 clock_settle_time;	// 1us LSB
8506 	u16 powerup_settle_time;	// 1us LSB
8507 	u16 hop_settle_time;	// 1us LSB
8508 	u8 date[3];		// month, day, year
8509 	u8 time[2];		// hours, minutes
8510 	u8 ucode_valid;
8511 };
8512 
8513 static int ipw2100_ucode_download(struct ipw2100_priv *priv,
8514 				  struct ipw2100_fw *fw)
8515 {
8516 	struct net_device *dev = priv->net_dev;
8517 	const unsigned char *microcode_data = fw->uc.data;
8518 	unsigned int microcode_data_left = fw->uc.size;
8519 	void __iomem *reg = priv->ioaddr;
8520 
8521 	struct symbol_alive_response response;
8522 	int i, j;
8523 	u8 data;
8524 
8525 	/* Symbol control */
8526 	write_nic_word(dev, IPW2100_CONTROL_REG, 0x703);
8527 	readl(reg);
8528 	write_nic_word(dev, IPW2100_CONTROL_REG, 0x707);
8529 	readl(reg);
8530 
8531 	/* HW config */
8532 	write_nic_byte(dev, 0x210014, 0x72);	/* fifo width =16 */
8533 	readl(reg);
8534 	write_nic_byte(dev, 0x210014, 0x72);	/* fifo width =16 */
8535 	readl(reg);
8536 
8537 	/* EN_CS_ACCESS bit to reset control store pointer */
8538 	write_nic_byte(dev, 0x210000, 0x40);
8539 	readl(reg);
8540 	write_nic_byte(dev, 0x210000, 0x0);
8541 	readl(reg);
8542 	write_nic_byte(dev, 0x210000, 0x40);
8543 	readl(reg);
8544 
8545 	/* copy microcode from buffer into Symbol */
8546 
8547 	while (microcode_data_left > 0) {
8548 		write_nic_byte(dev, 0x210010, *microcode_data++);
8549 		write_nic_byte(dev, 0x210010, *microcode_data++);
8550 		microcode_data_left -= 2;
8551 	}
8552 
8553 	/* EN_CS_ACCESS bit to reset the control store pointer */
8554 	write_nic_byte(dev, 0x210000, 0x0);
8555 	readl(reg);
8556 
8557 	/* Enable System (Reg 0)
8558 	 * first enable causes garbage in RX FIFO */
8559 	write_nic_byte(dev, 0x210000, 0x0);
8560 	readl(reg);
8561 	write_nic_byte(dev, 0x210000, 0x80);
8562 	readl(reg);
8563 
8564 	/* Reset External Baseband Reg */
8565 	write_nic_word(dev, IPW2100_CONTROL_REG, 0x703);
8566 	readl(reg);
8567 	write_nic_word(dev, IPW2100_CONTROL_REG, 0x707);
8568 	readl(reg);
8569 
8570 	/* HW Config (Reg 5) */
8571 	write_nic_byte(dev, 0x210014, 0x72);	// fifo width =16
8572 	readl(reg);
8573 	write_nic_byte(dev, 0x210014, 0x72);	// fifo width =16
8574 	readl(reg);
8575 
8576 	/* Enable System (Reg 0)
8577 	 * second enable should be OK */
8578 	write_nic_byte(dev, 0x210000, 0x00);	// clear enable system
8579 	readl(reg);
8580 	write_nic_byte(dev, 0x210000, 0x80);	// set enable system
8581 
8582 	/* check Symbol is enabled - upped this from 5 as it wasn't always
8583 	 * catching the update */
8584 	for (i = 0; i < 10; i++) {
8585 		udelay(10);
8586 
8587 		/* check Dino is enabled bit */
8588 		read_nic_byte(dev, 0x210000, &data);
8589 		if (data & 0x1)
8590 			break;
8591 	}
8592 
8593 	if (i == 10) {
8594 		printk(KERN_ERR DRV_NAME ": %s: Error initializing Symbol\n",
8595 		       dev->name);
8596 		return -EIO;
8597 	}
8598 
8599 	/* Get Symbol alive response */
8600 	for (i = 0; i < 30; i++) {
8601 		/* Read alive response structure */
8602 		for (j = 0;
8603 		     j < (sizeof(struct symbol_alive_response) >> 1); j++)
8604 			read_nic_word(dev, 0x210004, ((u16 *) & response) + j);
8605 
8606 		if ((response.cmd_id == 1) && (response.ucode_valid == 0x1))
8607 			break;
8608 		udelay(10);
8609 	}
8610 
8611 	if (i == 30) {
8612 		printk(KERN_ERR DRV_NAME
8613 		       ": %s: No response from Symbol - hw not alive\n",
8614 		       dev->name);
8615 		printk_buf(IPW_DL_ERROR, (u8 *) & response, sizeof(response));
8616 		return -EIO;
8617 	}
8618 
8619 	return 0;
8620 }
8621