1 
2 /* Linux device driver for RTL8180 / RTL8185 / RTL8187SE
3  *
4  * Copyright 2007 Michael Wu <flamingice@sourmilk.net>
5  * Copyright 2007,2014 Andrea Merello <andrea.merello@gmail.com>
6  *
7  * Based on the r8180 driver, which is:
8  * Copyright 2004-2005 Andrea Merello <andrea.merello@gmail.com>, et al.
9  *
10  * Thanks to Realtek for their support!
11  *
12  ************************************************************************
13  *
14  * The driver was extended to the RTL8187SE in 2014 by
15  * Andrea Merello <andrea.merello@gmail.com>
16  *
17  * based also on:
18  *  - portions of rtl8187se Linux staging driver, Copyright Realtek corp.
19  *    (available in drivers/staging/rtl8187se directory of Linux 3.14)
20  *  - other GPL, unpublished (until now), Linux driver code,
21  *    Copyright Larry Finger <Larry.Finger@lwfinger.net>
22  *
23  * A huge thanks goes to Sara V. Nari who forgives me when I'm
24  * sitting in front of my laptop at evening, week-end, night...
25  *
26  * A special thanks goes to Antonio Cuni, who helped me with
27  * some python userspace stuff I used to debug RTL8187SE code, and who
28  * bought a laptop with an unsupported Wi-Fi card some years ago...
29  *
30  * Thanks to Larry Finger for writing some code for rtl8187se and for
31  * his suggestions.
32  *
33  * Thanks to Dan Carpenter for reviewing my initial patch and for his
34  * suggestions.
35  *
36  * Thanks to Bernhard Schiffner for his help in testing and for his
37  * suggestions.
38  *
39  ************************************************************************
40  *
41  * This program is free software; you can redistribute it and/or modify
42  * it under the terms of the GNU General Public License version 2 as
43  * published by the Free Software Foundation.
44  */
45 
46 #include <linux/interrupt.h>
47 #include <linux/pci.h>
48 #include <linux/slab.h>
49 #include <linux/delay.h>
50 #include <linux/etherdevice.h>
51 #include <linux/eeprom_93cx6.h>
52 #include <linux/module.h>
53 #include <net/mac80211.h>
54 
55 #include "rtl8180.h"
56 #include "rtl8225.h"
57 #include "sa2400.h"
58 #include "max2820.h"
59 #include "grf5101.h"
60 #include "rtl8225se.h"
61 
62 MODULE_AUTHOR("Michael Wu <flamingice@sourmilk.net>");
63 MODULE_AUTHOR("Andrea Merello <andrea.merello@gmail.com>");
64 MODULE_DESCRIPTION("RTL8180 / RTL8185 / RTL8187SE PCI wireless driver");
65 MODULE_LICENSE("GPL");
66 
67 static const struct pci_device_id rtl8180_table[] = {
68 
69 	/* rtl8187se */
70 	{ PCI_DEVICE(PCI_VENDOR_ID_REALTEK, 0x8199) },
71 
72 	/* rtl8185 */
73 	{ PCI_DEVICE(PCI_VENDOR_ID_REALTEK, 0x8185) },
74 	{ PCI_DEVICE(PCI_VENDOR_ID_BELKIN, 0x700f) },
75 	{ PCI_DEVICE(PCI_VENDOR_ID_BELKIN, 0x701f) },
76 
77 	/* rtl8180 */
78 	{ PCI_DEVICE(PCI_VENDOR_ID_REALTEK, 0x8180) },
79 	{ PCI_DEVICE(0x1799, 0x6001) },
80 	{ PCI_DEVICE(0x1799, 0x6020) },
81 	{ PCI_DEVICE(PCI_VENDOR_ID_DLINK, 0x3300) },
82 	{ PCI_DEVICE(0x1186, 0x3301) },
83 	{ PCI_DEVICE(0x1432, 0x7106) },
84 	{ }
85 };
86 
87 MODULE_DEVICE_TABLE(pci, rtl8180_table);
88 
89 static const struct ieee80211_rate rtl818x_rates[] = {
90 	{ .bitrate = 10, .hw_value = 0, },
91 	{ .bitrate = 20, .hw_value = 1, },
92 	{ .bitrate = 55, .hw_value = 2, },
93 	{ .bitrate = 110, .hw_value = 3, },
94 	{ .bitrate = 60, .hw_value = 4, },
95 	{ .bitrate = 90, .hw_value = 5, },
96 	{ .bitrate = 120, .hw_value = 6, },
97 	{ .bitrate = 180, .hw_value = 7, },
98 	{ .bitrate = 240, .hw_value = 8, },
99 	{ .bitrate = 360, .hw_value = 9, },
100 	{ .bitrate = 480, .hw_value = 10, },
101 	{ .bitrate = 540, .hw_value = 11, },
102 };
103 
104 static const struct ieee80211_channel rtl818x_channels[] = {
105 	{ .center_freq = 2412 },
106 	{ .center_freq = 2417 },
107 	{ .center_freq = 2422 },
108 	{ .center_freq = 2427 },
109 	{ .center_freq = 2432 },
110 	{ .center_freq = 2437 },
111 	{ .center_freq = 2442 },
112 	{ .center_freq = 2447 },
113 	{ .center_freq = 2452 },
114 	{ .center_freq = 2457 },
115 	{ .center_freq = 2462 },
116 	{ .center_freq = 2467 },
117 	{ .center_freq = 2472 },
118 	{ .center_freq = 2484 },
119 };
120 
121 /* Queues for rtl8187se card
122  *
123  * name | reg  |  queue
124  *  BC  |  7   |   6
125  *  MG  |  1   |   0
126  *  HI  |  6   |   1
127  *  VO  |  5   |   2
128  *  VI  |  4   |   3
129  *  BE  |  3   |   4
130  *  BK  |  2   |   5
131  *
132  * The complete map for DMA kick reg using use all queue is:
133  * static const int rtl8187se_queues_map[RTL8187SE_NR_TX_QUEUES] =
134  *	{1, 6, 5, 4, 3, 2, 7};
135  *
136  * .. but.. Because for mac80211 4 queues are enough for QoS we use this
137  *
138  * name | reg  |  queue
139  *  BC  |  7   |   4  <- currently not used yet
140  *  MG  |  1   |   x  <- Not used
141  *  HI  |  6   |   x  <- Not used
142  *  VO  |  5   |   0  <- used
143  *  VI  |  4   |   1  <- used
144  *  BE  |  3   |   2  <- used
145  *  BK  |  2   |   3  <- used
146  *
147  * Beacon queue could be used, but this is not finished yet.
148  *
149  * I thougth about using the other two queues but I decided not to do this:
150  *
151  * - I'm unsure whether the mac80211 will ever try to use more than 4 queues
152  *   by itself.
153  *
154  * - I could route MGMT frames (currently sent over VO queue) to the MGMT
155  *   queue but since mac80211 will do not know about it, I will probably gain
156  *   some HW priority whenever the VO queue is not empty, but this gain is
157  *   limited by the fact that I had to stop the mac80211 queue whenever one of
158  *   the VO or MGMT queues is full, stopping also submitting of MGMT frame
159  *   to the driver.
160  *
161  * - I don't know how to set in the HW the contention window params for MGMT
162  *   and HI-prio queues.
163  */
164 
165 static const int rtl8187se_queues_map[RTL8187SE_NR_TX_QUEUES] = {5, 4, 3, 2, 7};
166 
167 /* Queues for rtl8180/rtl8185 cards
168  *
169  * name | reg  |  prio
170  *  BC  |  7   |   3
171  *  HI  |  6   |   0
172  *  NO  |  5   |   1
173  *  LO  |  4   |   2
174  *
175  * The complete map for DMA kick reg using all queue is:
176  * static const int rtl8180_queues_map[RTL8180_NR_TX_QUEUES] = {6, 5, 4, 7};
177  *
178  * .. but .. Because the mac80211 needs at least 4 queues for QoS or
179  * otherwise QoS can't be done, we use just one.
180  * Beacon queue could be used, but this is not finished yet.
181  * Actual map is:
182  *
183  * name | reg  |  prio
184  *  BC  |  7   |   1  <- currently not used yet.
185  *  HI  |  6   |   x  <- not used
186  *  NO  |  5   |   x  <- not used
187  *  LO  |  4   |   0  <- used
188  */
189 
190 static const int rtl8180_queues_map[RTL8180_NR_TX_QUEUES] = {4, 7};
191 
192 /* LNA gain table for rtl8187se */
193 static const u8 rtl8187se_lna_gain[4] = {02, 17, 29, 39};
194 
195 void rtl8180_write_phy(struct ieee80211_hw *dev, u8 addr, u32 data)
196 {
197 	struct rtl8180_priv *priv = dev->priv;
198 	int i = 10;
199 	u32 buf;
200 
201 	buf = (data << 8) | addr;
202 
203 	rtl818x_iowrite32(priv, (__le32 __iomem *)&priv->map->PHY[0], buf | 0x80);
204 	while (i--) {
205 		rtl818x_iowrite32(priv, (__le32 __iomem *)&priv->map->PHY[0], buf);
206 		if (rtl818x_ioread8(priv, &priv->map->PHY[2]) == (data & 0xFF))
207 			return;
208 	}
209 }
210 
211 static void rtl8180_handle_rx(struct ieee80211_hw *dev)
212 {
213 	struct rtl8180_priv *priv = dev->priv;
214 	struct rtl818x_rx_cmd_desc *cmd_desc;
215 	unsigned int count = 32;
216 	u8 agc, sq;
217 	s8 signal = 1;
218 	dma_addr_t mapping;
219 
220 	while (count--) {
221 		void *entry = priv->rx_ring + priv->rx_idx * priv->rx_ring_sz;
222 		struct sk_buff *skb = priv->rx_buf[priv->rx_idx];
223 		u32 flags, flags2, flags3 = 0;
224 		u64 tsft;
225 
226 		if (priv->chip_family == RTL818X_CHIP_FAMILY_RTL8187SE) {
227 			struct rtl8187se_rx_desc *desc = entry;
228 
229 			flags = le32_to_cpu(desc->flags);
230 			/* if ownership flag is set, then we can trust the
231 			 * HW has written other fields. We must not trust
232 			 * other descriptor data read before we checked (read)
233 			 * the ownership flag
234 			 */
235 			rmb();
236 			flags3 = le32_to_cpu(desc->flags3);
237 			flags2 = le32_to_cpu(desc->flags2);
238 			tsft = le64_to_cpu(desc->tsft);
239 		} else {
240 			struct rtl8180_rx_desc *desc = entry;
241 
242 			flags = le32_to_cpu(desc->flags);
243 			/* same as above */
244 			rmb();
245 			flags2 = le32_to_cpu(desc->flags2);
246 			tsft = le64_to_cpu(desc->tsft);
247 		}
248 
249 		if (flags & RTL818X_RX_DESC_FLAG_OWN)
250 			return;
251 
252 		if (unlikely(flags & (RTL818X_RX_DESC_FLAG_DMA_FAIL |
253 				      RTL818X_RX_DESC_FLAG_FOF |
254 				      RTL818X_RX_DESC_FLAG_RX_ERR)))
255 			goto done;
256 		else {
257 			struct ieee80211_rx_status rx_status = {0};
258 			struct sk_buff *new_skb = dev_alloc_skb(MAX_RX_SIZE);
259 
260 			if (unlikely(!new_skb))
261 				goto done;
262 
263 			mapping = pci_map_single(priv->pdev,
264 					       skb_tail_pointer(new_skb),
265 					       MAX_RX_SIZE, PCI_DMA_FROMDEVICE);
266 
267 			if (pci_dma_mapping_error(priv->pdev, mapping)) {
268 				kfree_skb(new_skb);
269 				dev_err(&priv->pdev->dev, "RX DMA map error\n");
270 
271 				goto done;
272 			}
273 
274 			pci_unmap_single(priv->pdev,
275 					 *((dma_addr_t *)skb->cb),
276 					 MAX_RX_SIZE, PCI_DMA_FROMDEVICE);
277 			skb_put(skb, flags & 0xFFF);
278 
279 			rx_status.antenna = (flags2 >> 15) & 1;
280 			rx_status.rate_idx = (flags >> 20) & 0xF;
281 			agc = (flags2 >> 17) & 0x7F;
282 
283 			switch (priv->chip_family) {
284 			case RTL818X_CHIP_FAMILY_RTL8185:
285 				if (rx_status.rate_idx > 3)
286 					signal = -clamp_t(u8, agc, 25, 90) - 9;
287 				else
288 					signal = -clamp_t(u8, agc, 30, 95);
289 				break;
290 			case RTL818X_CHIP_FAMILY_RTL8180:
291 				sq = flags2 & 0xff;
292 				signal = priv->rf->calc_rssi(agc, sq);
293 				break;
294 			case RTL818X_CHIP_FAMILY_RTL8187SE:
295 				/* OFDM measure reported by HW is signed,
296 				 * in 0.5dBm unit, with zero centered @ -41dBm
297 				 * input signal.
298 				 */
299 				if (rx_status.rate_idx > 3) {
300 					signal = (s8)((flags3 >> 16) & 0xff);
301 					signal = signal / 2 - 41;
302 				} else {
303 					int idx, bb;
304 
305 					idx = (agc & 0x60) >> 5;
306 					bb = (agc & 0x1F) * 2;
307 					/* bias + BB gain + LNA gain */
308 					signal = 4 - bb - rtl8187se_lna_gain[idx];
309 				}
310 				break;
311 			}
312 			rx_status.signal = signal;
313 			rx_status.freq = dev->conf.chandef.chan->center_freq;
314 			rx_status.band = dev->conf.chandef.chan->band;
315 			rx_status.mactime = tsft;
316 			rx_status.flag |= RX_FLAG_MACTIME_START;
317 			if (flags & RTL818X_RX_DESC_FLAG_SPLCP)
318 				rx_status.flag |= RX_FLAG_SHORTPRE;
319 			if (flags & RTL818X_RX_DESC_FLAG_CRC32_ERR)
320 				rx_status.flag |= RX_FLAG_FAILED_FCS_CRC;
321 
322 			memcpy(IEEE80211_SKB_RXCB(skb), &rx_status, sizeof(rx_status));
323 			ieee80211_rx_irqsafe(dev, skb);
324 
325 			skb = new_skb;
326 			priv->rx_buf[priv->rx_idx] = skb;
327 			*((dma_addr_t *) skb->cb) = mapping;
328 		}
329 
330 	done:
331 		cmd_desc = entry;
332 		cmd_desc->rx_buf = cpu_to_le32(*((dma_addr_t *)skb->cb));
333 		cmd_desc->flags = cpu_to_le32(RTL818X_RX_DESC_FLAG_OWN |
334 					   MAX_RX_SIZE);
335 		if (priv->rx_idx == 31)
336 			cmd_desc->flags |=
337 				cpu_to_le32(RTL818X_RX_DESC_FLAG_EOR);
338 		priv->rx_idx = (priv->rx_idx + 1) % 32;
339 	}
340 }
341 
342 static void rtl8180_handle_tx(struct ieee80211_hw *dev, unsigned int prio)
343 {
344 	struct rtl8180_priv *priv = dev->priv;
345 	struct rtl8180_tx_ring *ring = &priv->tx_ring[prio];
346 
347 	while (skb_queue_len(&ring->queue)) {
348 		struct rtl8180_tx_desc *entry = &ring->desc[ring->idx];
349 		struct sk_buff *skb;
350 		struct ieee80211_tx_info *info;
351 		u32 flags = le32_to_cpu(entry->flags);
352 
353 		if (flags & RTL818X_TX_DESC_FLAG_OWN)
354 			return;
355 
356 		ring->idx = (ring->idx + 1) % ring->entries;
357 		skb = __skb_dequeue(&ring->queue);
358 		pci_unmap_single(priv->pdev, le32_to_cpu(entry->tx_buf),
359 				 skb->len, PCI_DMA_TODEVICE);
360 
361 		info = IEEE80211_SKB_CB(skb);
362 		ieee80211_tx_info_clear_status(info);
363 
364 		if (!(info->flags & IEEE80211_TX_CTL_NO_ACK) &&
365 		    (flags & RTL818X_TX_DESC_FLAG_TX_OK))
366 			info->flags |= IEEE80211_TX_STAT_ACK;
367 
368 		info->status.rates[0].count = (flags & 0xFF) + 1;
369 
370 		ieee80211_tx_status_irqsafe(dev, skb);
371 		if (ring->entries - skb_queue_len(&ring->queue) == 2)
372 			ieee80211_wake_queue(dev, prio);
373 	}
374 }
375 
376 static irqreturn_t rtl8187se_interrupt(int irq, void *dev_id)
377 {
378 	struct ieee80211_hw *dev = dev_id;
379 	struct rtl8180_priv *priv = dev->priv;
380 	u32 reg;
381 	unsigned long flags;
382 	static int desc_err;
383 
384 	spin_lock_irqsave(&priv->lock, flags);
385 	/* Note: 32-bit interrupt status */
386 	reg = rtl818x_ioread32(priv, &priv->map->INT_STATUS_SE);
387 	if (unlikely(reg == 0xFFFFFFFF)) {
388 		spin_unlock_irqrestore(&priv->lock, flags);
389 		return IRQ_HANDLED;
390 	}
391 
392 	rtl818x_iowrite32(priv, &priv->map->INT_STATUS_SE, reg);
393 
394 	if (reg & IMR_TIMEOUT1)
395 		rtl818x_iowrite32(priv, &priv->map->INT_TIMEOUT, 0);
396 
397 	if (reg & (IMR_TBDOK | IMR_TBDER))
398 		rtl8180_handle_tx(dev, 4);
399 
400 	if (reg & (IMR_TVODOK | IMR_TVODER))
401 		rtl8180_handle_tx(dev, 0);
402 
403 	if (reg & (IMR_TVIDOK | IMR_TVIDER))
404 		rtl8180_handle_tx(dev, 1);
405 
406 	if (reg & (IMR_TBEDOK | IMR_TBEDER))
407 		rtl8180_handle_tx(dev, 2);
408 
409 	if (reg & (IMR_TBKDOK | IMR_TBKDER))
410 		rtl8180_handle_tx(dev, 3);
411 
412 	if (reg & (IMR_ROK | IMR_RER | RTL818X_INT_SE_RX_DU | IMR_RQOSOK))
413 		rtl8180_handle_rx(dev);
414 	/* The interface sometimes generates several RX DMA descriptor errors
415 	 * at startup. Do not report these.
416 	 */
417 	if ((reg & RTL818X_INT_SE_RX_DU) && desc_err++ > 2)
418 		if (net_ratelimit())
419 			wiphy_err(dev->wiphy, "No RX DMA Descriptor avail\n");
420 
421 	spin_unlock_irqrestore(&priv->lock, flags);
422 	return IRQ_HANDLED;
423 }
424 
425 static irqreturn_t rtl8180_interrupt(int irq, void *dev_id)
426 {
427 	struct ieee80211_hw *dev = dev_id;
428 	struct rtl8180_priv *priv = dev->priv;
429 	u16 reg;
430 
431 	spin_lock(&priv->lock);
432 	reg = rtl818x_ioread16(priv, &priv->map->INT_STATUS);
433 	if (unlikely(reg == 0xFFFF)) {
434 		spin_unlock(&priv->lock);
435 		return IRQ_HANDLED;
436 	}
437 
438 	rtl818x_iowrite16(priv, &priv->map->INT_STATUS, reg);
439 
440 	if (reg & (RTL818X_INT_TXB_OK | RTL818X_INT_TXB_ERR))
441 		rtl8180_handle_tx(dev, 1);
442 
443 	if (reg & (RTL818X_INT_TXL_OK | RTL818X_INT_TXL_ERR))
444 		rtl8180_handle_tx(dev, 0);
445 
446 	if (reg & (RTL818X_INT_RX_OK | RTL818X_INT_RX_ERR))
447 		rtl8180_handle_rx(dev);
448 
449 	spin_unlock(&priv->lock);
450 
451 	return IRQ_HANDLED;
452 }
453 
454 static void rtl8180_tx(struct ieee80211_hw *dev,
455 		       struct ieee80211_tx_control *control,
456 		       struct sk_buff *skb)
457 {
458 	struct ieee80211_tx_info *info = IEEE80211_SKB_CB(skb);
459 	struct ieee80211_hdr *hdr = (struct ieee80211_hdr *)skb->data;
460 	struct rtl8180_priv *priv = dev->priv;
461 	struct rtl8180_tx_ring *ring;
462 	struct rtl8180_tx_desc *entry;
463 	unsigned long flags;
464 	unsigned int idx, prio, hw_prio;
465 	dma_addr_t mapping;
466 	u32 tx_flags;
467 	u8 rc_flags;
468 	u16 plcp_len = 0;
469 	__le16 rts_duration = 0;
470 	/* do arithmetic and then convert to le16 */
471 	u16 frame_duration = 0;
472 
473 	prio = skb_get_queue_mapping(skb);
474 	ring = &priv->tx_ring[prio];
475 
476 	mapping = pci_map_single(priv->pdev, skb->data,
477 				 skb->len, PCI_DMA_TODEVICE);
478 
479 	if (pci_dma_mapping_error(priv->pdev, mapping)) {
480 		kfree_skb(skb);
481 		dev_err(&priv->pdev->dev, "TX DMA mapping error\n");
482 		return;
483 	}
484 
485 	tx_flags = RTL818X_TX_DESC_FLAG_OWN | RTL818X_TX_DESC_FLAG_FS |
486 		   RTL818X_TX_DESC_FLAG_LS |
487 		   (ieee80211_get_tx_rate(dev, info)->hw_value << 24) |
488 		   skb->len;
489 
490 	if (priv->chip_family != RTL818X_CHIP_FAMILY_RTL8180)
491 		tx_flags |= RTL818X_TX_DESC_FLAG_DMA |
492 			    RTL818X_TX_DESC_FLAG_NO_ENC;
493 
494 	rc_flags = info->control.rates[0].flags;
495 
496 	/* HW will perform RTS-CTS when only RTS flags is set.
497 	 * HW will perform CTS-to-self when both RTS and CTS flags are set.
498 	 * RTS rate and RTS duration will be used also for CTS-to-self.
499 	 */
500 	if (rc_flags & IEEE80211_TX_RC_USE_RTS_CTS) {
501 		tx_flags |= RTL818X_TX_DESC_FLAG_RTS;
502 		tx_flags |= ieee80211_get_rts_cts_rate(dev, info)->hw_value << 19;
503 		rts_duration = ieee80211_rts_duration(dev, priv->vif,
504 						skb->len, info);
505 	} else if (rc_flags & IEEE80211_TX_RC_USE_CTS_PROTECT) {
506 		tx_flags |= RTL818X_TX_DESC_FLAG_RTS | RTL818X_TX_DESC_FLAG_CTS;
507 		tx_flags |= ieee80211_get_rts_cts_rate(dev, info)->hw_value << 19;
508 		rts_duration = ieee80211_ctstoself_duration(dev, priv->vif,
509 						skb->len, info);
510 	}
511 
512 	if (priv->chip_family == RTL818X_CHIP_FAMILY_RTL8180) {
513 		unsigned int remainder;
514 
515 		plcp_len = DIV_ROUND_UP(16 * (skb->len + 4),
516 				(ieee80211_get_tx_rate(dev, info)->bitrate * 2) / 10);
517 		remainder = (16 * (skb->len + 4)) %
518 			    ((ieee80211_get_tx_rate(dev, info)->bitrate * 2) / 10);
519 		if (remainder <= 6)
520 			plcp_len |= 1 << 15;
521 	}
522 
523 	if (priv->chip_family == RTL818X_CHIP_FAMILY_RTL8187SE) {
524 		__le16 duration;
525 		/* SIFS time (required by HW) is already included by
526 		 * ieee80211_generic_frame_duration
527 		 */
528 		duration = ieee80211_generic_frame_duration(dev, priv->vif,
529 					IEEE80211_BAND_2GHZ, skb->len,
530 					ieee80211_get_tx_rate(dev, info));
531 
532 		frame_duration =  priv->ack_time + le16_to_cpu(duration);
533 	}
534 
535 	spin_lock_irqsave(&priv->lock, flags);
536 
537 	if (info->flags & IEEE80211_TX_CTL_ASSIGN_SEQ) {
538 		if (info->flags & IEEE80211_TX_CTL_FIRST_FRAGMENT)
539 			priv->seqno += 0x10;
540 		hdr->seq_ctrl &= cpu_to_le16(IEEE80211_SCTL_FRAG);
541 		hdr->seq_ctrl |= cpu_to_le16(priv->seqno);
542 	}
543 
544 	idx = (ring->idx + skb_queue_len(&ring->queue)) % ring->entries;
545 	entry = &ring->desc[idx];
546 
547 	if (priv->chip_family == RTL818X_CHIP_FAMILY_RTL8187SE) {
548 		entry->frame_duration = cpu_to_le16(frame_duration);
549 		entry->frame_len_se = cpu_to_le16(skb->len);
550 
551 		/* tpc polarity */
552 		entry->flags3 = cpu_to_le16(1<<4);
553 	} else
554 		entry->frame_len = cpu_to_le32(skb->len);
555 
556 	entry->rts_duration = rts_duration;
557 	entry->plcp_len = cpu_to_le16(plcp_len);
558 	entry->tx_buf = cpu_to_le32(mapping);
559 
560 	entry->retry_limit = info->control.rates[0].count - 1;
561 
562 	/* We must be sure that tx_flags is written last because the HW
563 	 * looks at it to check if the rest of data is valid or not
564 	 */
565 	wmb();
566 	entry->flags = cpu_to_le32(tx_flags);
567 	/* We must be sure this has been written before followings HW
568 	 * register write, because this write will made the HW attempts
569 	 * to DMA the just-written data
570 	 */
571 	wmb();
572 
573 	__skb_queue_tail(&ring->queue, skb);
574 	if (ring->entries - skb_queue_len(&ring->queue) < 2)
575 		ieee80211_stop_queue(dev, prio);
576 
577 	spin_unlock_irqrestore(&priv->lock, flags);
578 
579 	if (priv->chip_family == RTL818X_CHIP_FAMILY_RTL8187SE) {
580 		/* just poll: rings are stopped with TPPollStop reg */
581 		hw_prio = rtl8187se_queues_map[prio];
582 		rtl818x_iowrite8(priv, &priv->map->TX_DMA_POLLING,
583 			 (1 << hw_prio));
584 	} else {
585 		hw_prio = rtl8180_queues_map[prio];
586 		rtl818x_iowrite8(priv, &priv->map->TX_DMA_POLLING,
587 			 (1 << hw_prio) | /* ring to poll  */
588 			 (1<<1) | (1<<2));/* stopped rings */
589 	}
590 }
591 
592 static void rtl8180_set_anaparam3(struct rtl8180_priv *priv, u16 anaparam3)
593 {
594 	u8 reg;
595 
596 	rtl818x_iowrite8(priv, &priv->map->EEPROM_CMD,
597 			 RTL818X_EEPROM_CMD_CONFIG);
598 
599 	reg = rtl818x_ioread8(priv, &priv->map->CONFIG3);
600 	rtl818x_iowrite8(priv, &priv->map->CONFIG3,
601 		 reg | RTL818X_CONFIG3_ANAPARAM_WRITE);
602 
603 	rtl818x_iowrite16(priv, &priv->map->ANAPARAM3, anaparam3);
604 
605 	rtl818x_iowrite8(priv, &priv->map->CONFIG3,
606 		 reg & ~RTL818X_CONFIG3_ANAPARAM_WRITE);
607 
608 	rtl818x_iowrite8(priv, &priv->map->EEPROM_CMD,
609 			 RTL818X_EEPROM_CMD_NORMAL);
610 }
611 
612 void rtl8180_set_anaparam2(struct rtl8180_priv *priv, u32 anaparam2)
613 {
614 	u8 reg;
615 
616 	rtl818x_iowrite8(priv, &priv->map->EEPROM_CMD,
617 			 RTL818X_EEPROM_CMD_CONFIG);
618 
619 	reg = rtl818x_ioread8(priv, &priv->map->CONFIG3);
620 	rtl818x_iowrite8(priv, &priv->map->CONFIG3,
621 		 reg | RTL818X_CONFIG3_ANAPARAM_WRITE);
622 
623 	rtl818x_iowrite32(priv, &priv->map->ANAPARAM2, anaparam2);
624 
625 	rtl818x_iowrite8(priv, &priv->map->CONFIG3,
626 		 reg & ~RTL818X_CONFIG3_ANAPARAM_WRITE);
627 
628 	rtl818x_iowrite8(priv, &priv->map->EEPROM_CMD,
629 			 RTL818X_EEPROM_CMD_NORMAL);
630 }
631 
632 void rtl8180_set_anaparam(struct rtl8180_priv *priv, u32 anaparam)
633 {
634 	u8 reg;
635 
636 	rtl818x_iowrite8(priv, &priv->map->EEPROM_CMD, RTL818X_EEPROM_CMD_CONFIG);
637 	reg = rtl818x_ioread8(priv, &priv->map->CONFIG3);
638 	rtl818x_iowrite8(priv, &priv->map->CONFIG3,
639 		 reg | RTL818X_CONFIG3_ANAPARAM_WRITE);
640 	rtl818x_iowrite32(priv, &priv->map->ANAPARAM, anaparam);
641 	rtl818x_iowrite8(priv, &priv->map->CONFIG3,
642 		 reg & ~RTL818X_CONFIG3_ANAPARAM_WRITE);
643 	rtl818x_iowrite8(priv, &priv->map->EEPROM_CMD, RTL818X_EEPROM_CMD_NORMAL);
644 }
645 
646 static void rtl8187se_mac_config(struct ieee80211_hw *dev)
647 {
648 	struct rtl8180_priv *priv = dev->priv;
649 	u8 reg;
650 
651 	rtl818x_iowrite32(priv, REG_ADDR4(0x1F0), 0);
652 	rtl818x_ioread32(priv, REG_ADDR4(0x1F0));
653 	rtl818x_iowrite32(priv, REG_ADDR4(0x1F4), 0);
654 	rtl818x_ioread32(priv, REG_ADDR4(0x1F4));
655 	rtl818x_iowrite8(priv, REG_ADDR1(0x1F8), 0);
656 	rtl818x_ioread8(priv, REG_ADDR1(0x1F8));
657 	/* Enable DA10 TX power saving */
658 	reg = rtl818x_ioread8(priv, &priv->map->PHY_PR);
659 	rtl818x_iowrite8(priv, &priv->map->PHY_PR, reg | 0x04);
660 	/* Power */
661 	rtl818x_iowrite16(priv, PI_DATA_REG, 0x1000);
662 	rtl818x_iowrite16(priv, SI_DATA_REG, 0x1000);
663 	/* AFE - default to power ON */
664 	rtl818x_iowrite16(priv, REG_ADDR2(0x370), 0x0560);
665 	rtl818x_iowrite16(priv, REG_ADDR2(0x372), 0x0560);
666 	rtl818x_iowrite16(priv, REG_ADDR2(0x374), 0x0DA4);
667 	rtl818x_iowrite16(priv, REG_ADDR2(0x376), 0x0DA4);
668 	rtl818x_iowrite16(priv, REG_ADDR2(0x378), 0x0560);
669 	rtl818x_iowrite16(priv, REG_ADDR2(0x37A), 0x0560);
670 	rtl818x_iowrite16(priv, REG_ADDR2(0x37C), 0x00EC);
671 	rtl818x_iowrite16(priv, REG_ADDR2(0x37E), 0x00EC);
672 	rtl818x_iowrite8(priv, REG_ADDR1(0x24E), 0x01);
673 	/* unknown, needed for suspend to RAM resume */
674 	rtl818x_iowrite8(priv, REG_ADDR1(0x0A), 0x72);
675 }
676 
677 static void rtl8187se_set_antenna_config(struct ieee80211_hw *dev, u8 def_ant,
678 					 bool diversity)
679 {
680 	struct rtl8180_priv *priv = dev->priv;
681 
682 	rtl8225_write_phy_cck(dev, 0x0C, 0x09);
683 	if (diversity) {
684 		if (def_ant == 1) {
685 			rtl818x_iowrite8(priv, &priv->map->TX_ANTENNA, 0x00);
686 			rtl8225_write_phy_cck(dev, 0x11, 0xBB);
687 			rtl8225_write_phy_cck(dev, 0x01, 0xC7);
688 			rtl8225_write_phy_ofdm(dev, 0x0D, 0x54);
689 			rtl8225_write_phy_ofdm(dev, 0x18, 0xB2);
690 		} else { /* main antenna */
691 			rtl818x_iowrite8(priv, &priv->map->TX_ANTENNA, 0x03);
692 			rtl8225_write_phy_cck(dev, 0x11, 0x9B);
693 			rtl8225_write_phy_cck(dev, 0x01, 0xC7);
694 			rtl8225_write_phy_ofdm(dev, 0x0D, 0x5C);
695 			rtl8225_write_phy_ofdm(dev, 0x18, 0xB2);
696 		}
697 	} else { /* disable antenna diversity */
698 		if (def_ant == 1) {
699 			rtl818x_iowrite8(priv, &priv->map->TX_ANTENNA, 0x00);
700 			rtl8225_write_phy_cck(dev, 0x11, 0xBB);
701 			rtl8225_write_phy_cck(dev, 0x01, 0x47);
702 			rtl8225_write_phy_ofdm(dev, 0x0D, 0x54);
703 			rtl8225_write_phy_ofdm(dev, 0x18, 0x32);
704 		} else { /* main antenna */
705 			rtl818x_iowrite8(priv, &priv->map->TX_ANTENNA, 0x03);
706 			rtl8225_write_phy_cck(dev, 0x11, 0x9B);
707 			rtl8225_write_phy_cck(dev, 0x01, 0x47);
708 			rtl8225_write_phy_ofdm(dev, 0x0D, 0x5C);
709 			rtl8225_write_phy_ofdm(dev, 0x18, 0x32);
710 		}
711 	}
712 	/* priv->curr_ant = def_ant; */
713 }
714 
715 static void rtl8180_int_enable(struct ieee80211_hw *dev)
716 {
717 	struct rtl8180_priv *priv = dev->priv;
718 
719 	if (priv->chip_family == RTL818X_CHIP_FAMILY_RTL8187SE) {
720 		rtl818x_iowrite32(priv, &priv->map->IMR,
721 			  IMR_TBDER | IMR_TBDOK |
722 			  IMR_TVODER | IMR_TVODOK |
723 			  IMR_TVIDER | IMR_TVIDOK |
724 			  IMR_TBEDER | IMR_TBEDOK |
725 			  IMR_TBKDER | IMR_TBKDOK |
726 			  IMR_RDU | IMR_RER |
727 			  IMR_ROK | IMR_RQOSOK);
728 	} else {
729 		rtl818x_iowrite16(priv, &priv->map->INT_MASK, 0xFFFF);
730 	}
731 }
732 
733 static void rtl8180_int_disable(struct ieee80211_hw *dev)
734 {
735 	struct rtl8180_priv *priv = dev->priv;
736 
737 	if (priv->chip_family == RTL818X_CHIP_FAMILY_RTL8187SE) {
738 		rtl818x_iowrite32(priv, &priv->map->IMR, 0);
739 	} else {
740 		rtl818x_iowrite16(priv, &priv->map->INT_MASK, 0);
741 	}
742 }
743 
744 static void rtl8180_conf_basic_rates(struct ieee80211_hw *dev,
745 			    u32 basic_mask)
746 {
747 	struct rtl8180_priv *priv = dev->priv;
748 	u16 reg;
749 	u32 resp_mask;
750 	u8 basic_max;
751 	u8 resp_max, resp_min;
752 
753 	resp_mask = basic_mask;
754 	/* IEEE80211 says the response rate should be equal to the highest basic
755 	 * rate that is not faster than received frame. But it says also that if
756 	 * the basic rate set does not contains any rate for the current
757 	 * modulation class then mandatory rate set must be used for that
758 	 * modulation class. Eventually add OFDM mandatory rates..
759 	 */
760 	if ((resp_mask & 0xf) == resp_mask)
761 		resp_mask |= 0x150; /* 6, 12, 24Mbps */
762 
763 	switch (priv->chip_family) {
764 
765 	case RTL818X_CHIP_FAMILY_RTL8180:
766 		/* in 8180 this is NOT a BITMAP */
767 		basic_max = fls(basic_mask) - 1;
768 		reg = rtl818x_ioread16(priv, &priv->map->BRSR);
769 		reg &= ~3;
770 		reg |= basic_max;
771 		rtl818x_iowrite16(priv, &priv->map->BRSR, reg);
772 		break;
773 
774 	case RTL818X_CHIP_FAMILY_RTL8185:
775 		resp_max = fls(resp_mask) - 1;
776 		resp_min = ffs(resp_mask) - 1;
777 		/* in 8185 this is a BITMAP */
778 		rtl818x_iowrite16(priv, &priv->map->BRSR, basic_mask);
779 		rtl818x_iowrite8(priv, &priv->map->RESP_RATE, (resp_max << 4) |
780 				resp_min);
781 		break;
782 
783 	case RTL818X_CHIP_FAMILY_RTL8187SE:
784 		/* in 8187se this is a BITMAP. BRSR reg actually sets
785 		 * response rates.
786 		 */
787 		rtl818x_iowrite16(priv, &priv->map->BRSR_8187SE, resp_mask);
788 		break;
789 	}
790 }
791 
792 static void rtl8180_config_cardbus(struct ieee80211_hw *dev)
793 {
794 	struct rtl8180_priv *priv = dev->priv;
795 	u16 reg16;
796 	u8 reg8;
797 
798 	reg8 = rtl818x_ioread8(priv, &priv->map->CONFIG3);
799 	reg8 |= 1 << 1;
800 	rtl818x_iowrite8(priv, &priv->map->CONFIG3, reg8);
801 
802 	if (priv->chip_family == RTL818X_CHIP_FAMILY_RTL8187SE) {
803 		rtl818x_iowrite16(priv, FEMR_SE, 0xffff);
804 	} else {
805 		reg16 = rtl818x_ioread16(priv, &priv->map->FEMR);
806 			reg16 |= (1 << 15) | (1 << 14) | (1 << 4);
807 		rtl818x_iowrite16(priv, &priv->map->FEMR, reg16);
808 	}
809 
810 }
811 
812 static int rtl8180_init_hw(struct ieee80211_hw *dev)
813 {
814 	struct rtl8180_priv *priv = dev->priv;
815 	u16 reg;
816 	u32 reg32;
817 
818 	rtl818x_iowrite8(priv, &priv->map->CMD, 0);
819 	rtl818x_ioread8(priv, &priv->map->CMD);
820 	msleep(10);
821 
822 	/* reset */
823 	rtl8180_int_disable(dev);
824 	rtl818x_ioread8(priv, &priv->map->CMD);
825 
826 	reg = rtl818x_ioread8(priv, &priv->map->CMD);
827 	reg &= (1 << 1);
828 	reg |= RTL818X_CMD_RESET;
829 	rtl818x_iowrite8(priv, &priv->map->CMD, RTL818X_CMD_RESET);
830 	rtl818x_ioread8(priv, &priv->map->CMD);
831 	msleep(200);
832 
833 	/* check success of reset */
834 	if (rtl818x_ioread8(priv, &priv->map->CMD) & RTL818X_CMD_RESET) {
835 		wiphy_err(dev->wiphy, "reset timeout!\n");
836 		return -ETIMEDOUT;
837 	}
838 
839 	rtl818x_iowrite8(priv, &priv->map->EEPROM_CMD, RTL818X_EEPROM_CMD_LOAD);
840 	rtl818x_ioread8(priv, &priv->map->CMD);
841 	msleep(200);
842 
843 	if (rtl818x_ioread8(priv, &priv->map->CONFIG3) & (1 << 3)) {
844 		rtl8180_config_cardbus(dev);
845 	}
846 
847 	if (priv->chip_family == RTL818X_CHIP_FAMILY_RTL8187SE)
848 		rtl818x_iowrite8(priv, &priv->map->MSR, RTL818X_MSR_ENEDCA);
849 	else
850 		rtl818x_iowrite8(priv, &priv->map->MSR, 0);
851 
852 	if (priv->chip_family == RTL818X_CHIP_FAMILY_RTL8180)
853 		rtl8180_set_anaparam(priv, priv->anaparam);
854 
855 	rtl818x_iowrite32(priv, &priv->map->RDSAR, priv->rx_ring_dma);
856 	/* mac80211 queue have higher prio for lower index. The last queue
857 	 * (that mac80211 is not aware of) is reserved for beacons (and have
858 	 * the highest priority on the NIC)
859 	 */
860 	if (priv->chip_family != RTL818X_CHIP_FAMILY_RTL8187SE) {
861 		rtl818x_iowrite32(priv, &priv->map->TBDA,
862 				  priv->tx_ring[1].dma);
863 		rtl818x_iowrite32(priv, &priv->map->TLPDA,
864 				  priv->tx_ring[0].dma);
865 	} else {
866 		rtl818x_iowrite32(priv, &priv->map->TBDA,
867 				  priv->tx_ring[4].dma);
868 		rtl818x_iowrite32(priv, &priv->map->TVODA,
869 				  priv->tx_ring[0].dma);
870 		rtl818x_iowrite32(priv, &priv->map->TVIDA,
871 				  priv->tx_ring[1].dma);
872 		rtl818x_iowrite32(priv, &priv->map->TBEDA,
873 				  priv->tx_ring[2].dma);
874 		rtl818x_iowrite32(priv, &priv->map->TBKDA,
875 				  priv->tx_ring[3].dma);
876 	}
877 
878 	/* TODO: necessary? specs indicate not */
879 	rtl818x_iowrite8(priv, &priv->map->EEPROM_CMD, RTL818X_EEPROM_CMD_CONFIG);
880 	reg = rtl818x_ioread8(priv, &priv->map->CONFIG2);
881 	rtl818x_iowrite8(priv, &priv->map->CONFIG2, reg & ~(1 << 3));
882 	if (priv->chip_family == RTL818X_CHIP_FAMILY_RTL8185) {
883 		reg = rtl818x_ioread8(priv, &priv->map->CONFIG2);
884 		rtl818x_iowrite8(priv, &priv->map->CONFIG2, reg | (1 << 4));
885 	}
886 	rtl818x_iowrite8(priv, &priv->map->EEPROM_CMD, RTL818X_EEPROM_CMD_NORMAL);
887 
888 	/* TODO: set CONFIG5 for calibrating AGC on rtl8180 + philips radio? */
889 
890 	/* TODO: turn off hw wep on rtl8180 */
891 
892 	rtl818x_iowrite32(priv, &priv->map->INT_TIMEOUT, 0);
893 
894 	if (priv->chip_family != RTL818X_CHIP_FAMILY_RTL8180) {
895 		rtl818x_iowrite8(priv, &priv->map->WPA_CONF, 0);
896 		rtl818x_iowrite8(priv, &priv->map->RATE_FALLBACK, 0);
897 	} else {
898 		rtl818x_iowrite8(priv, &priv->map->SECURITY, 0);
899 
900 		rtl818x_iowrite8(priv, &priv->map->PHY_DELAY, 0x6);
901 		rtl818x_iowrite8(priv, &priv->map->CARRIER_SENSE_COUNTER, 0x4C);
902 	}
903 
904 	if (priv->chip_family == RTL818X_CHIP_FAMILY_RTL8185) {
905 		/* TODO: set ClkRun enable? necessary? */
906 		reg = rtl818x_ioread8(priv, &priv->map->GP_ENABLE);
907 		rtl818x_iowrite8(priv, &priv->map->GP_ENABLE, reg & ~(1 << 6));
908 		rtl818x_iowrite8(priv, &priv->map->EEPROM_CMD, RTL818X_EEPROM_CMD_CONFIG);
909 		reg = rtl818x_ioread8(priv, &priv->map->CONFIG3);
910 		rtl818x_iowrite8(priv, &priv->map->CONFIG3, reg | (1 << 2));
911 		rtl818x_iowrite8(priv, &priv->map->EEPROM_CMD, RTL818X_EEPROM_CMD_NORMAL);
912 		/* fix eccessive IFS after CTS-to-self */
913 		if (priv->map_pio) {
914 			u8 reg;
915 
916 			reg = rtl818x_ioread8(priv, &priv->map->PGSELECT);
917 			rtl818x_iowrite8(priv, &priv->map->PGSELECT, reg | 1);
918 			rtl818x_iowrite8(priv, REG_ADDR1(0xff), 0x35);
919 			rtl818x_iowrite8(priv, &priv->map->PGSELECT, reg);
920 		} else
921 			rtl818x_iowrite8(priv, REG_ADDR1(0x1ff), 0x35);
922 	}
923 
924 	if (priv->chip_family == RTL818X_CHIP_FAMILY_RTL8187SE) {
925 
926 		/* the set auto rate fallback bitmask from 1M to 54 Mb/s */
927 		rtl818x_iowrite16(priv, ARFR, 0xFFF);
928 		rtl818x_ioread16(priv, ARFR);
929 
930 		/* stop unused queus (no dma alloc) */
931 		rtl818x_iowrite8(priv, &priv->map->TPPOLL_STOP,
932 			       RTL818x_TPPOLL_STOP_MG | RTL818x_TPPOLL_STOP_HI);
933 
934 		rtl818x_iowrite8(priv, &priv->map->ACM_CONTROL, 0x00);
935 		rtl818x_iowrite16(priv, &priv->map->TID_AC_MAP, 0xFA50);
936 
937 		rtl818x_iowrite16(priv, &priv->map->INT_MIG, 0);
938 
939 		/* some black magic here.. */
940 		rtl8187se_mac_config(dev);
941 
942 		rtl818x_iowrite16(priv, RFSW_CTRL, 0x569A);
943 		rtl818x_ioread16(priv, RFSW_CTRL);
944 
945 		rtl8180_set_anaparam(priv, RTL8225SE_ANAPARAM_ON);
946 		rtl8180_set_anaparam2(priv, RTL8225SE_ANAPARAM2_ON);
947 		rtl8180_set_anaparam3(priv, RTL8225SE_ANAPARAM3);
948 
949 
950 		rtl818x_iowrite8(priv, &priv->map->CONFIG5,
951 			    rtl818x_ioread8(priv, &priv->map->CONFIG5) & 0x7F);
952 
953 		/*probably this switch led on */
954 		rtl818x_iowrite8(priv, &priv->map->PGSELECT,
955 			    rtl818x_ioread8(priv, &priv->map->PGSELECT) | 0x08);
956 
957 		rtl818x_iowrite16(priv, &priv->map->RFPinsOutput, 0x0480);
958 		rtl818x_iowrite16(priv, &priv->map->RFPinsEnable, 0x1BFF);
959 		rtl818x_iowrite16(priv, &priv->map->RFPinsSelect, 0x2488);
960 
961 		rtl818x_iowrite32(priv, &priv->map->RF_TIMING, 0x4003);
962 
963 		/* the reference code mac hardcode table write
964 		 * this reg by doing byte-wide accesses.
965 		 * It does it just for lowest and highest byte..
966 		 */
967 		reg32 = rtl818x_ioread32(priv, &priv->map->RF_PARA);
968 		reg32 &= 0x00ffff00;
969 		reg32 |= 0xb8000054;
970 		rtl818x_iowrite32(priv, &priv->map->RF_PARA, reg32);
971 	} else
972 		/* stop unused queus (no dma alloc) */
973 		rtl818x_iowrite8(priv, &priv->map->TX_DMA_POLLING,
974 			    (1<<1) | (1<<2));
975 
976 	priv->rf->init(dev);
977 
978 	/* default basic rates are 1,2 Mbps for rtl8180. 1,2,6,9,12,18,24 Mbps
979 	 * otherwise. bitmask 0x3 and 0x01f3 respectively.
980 	 * NOTE: currenty rtl8225 RF code changes basic rates, so we need to do
981 	 * this after rf init.
982 	 * TODO: try to find out whether RF code really needs to do this..
983 	 */
984 	if (priv->chip_family == RTL818X_CHIP_FAMILY_RTL8180)
985 		rtl8180_conf_basic_rates(dev, 0x3);
986 	else
987 		rtl8180_conf_basic_rates(dev, 0x1f3);
988 
989 	if (priv->chip_family == RTL818X_CHIP_FAMILY_RTL8187SE)
990 		rtl8187se_set_antenna_config(dev,
991 					     priv->antenna_diversity_default,
992 					     priv->antenna_diversity_en);
993 	return 0;
994 }
995 
996 static int rtl8180_init_rx_ring(struct ieee80211_hw *dev)
997 {
998 	struct rtl8180_priv *priv = dev->priv;
999 	struct rtl818x_rx_cmd_desc *entry;
1000 	int i;
1001 
1002 	if (priv->chip_family == RTL818X_CHIP_FAMILY_RTL8187SE)
1003 		priv->rx_ring_sz = sizeof(struct rtl8187se_rx_desc);
1004 	else
1005 		priv->rx_ring_sz = sizeof(struct rtl8180_rx_desc);
1006 
1007 	priv->rx_ring = pci_zalloc_consistent(priv->pdev, priv->rx_ring_sz * 32,
1008 					      &priv->rx_ring_dma);
1009 	if (!priv->rx_ring || (unsigned long)priv->rx_ring & 0xFF) {
1010 		wiphy_err(dev->wiphy, "Cannot allocate RX ring\n");
1011 		return -ENOMEM;
1012 	}
1013 
1014 	priv->rx_idx = 0;
1015 
1016 	for (i = 0; i < 32; i++) {
1017 		struct sk_buff *skb = dev_alloc_skb(MAX_RX_SIZE);
1018 		dma_addr_t *mapping;
1019 		entry = priv->rx_ring + priv->rx_ring_sz*i;
1020 		if (!skb) {
1021 			wiphy_err(dev->wiphy, "Cannot allocate RX skb\n");
1022 			return -ENOMEM;
1023 		}
1024 		priv->rx_buf[i] = skb;
1025 		mapping = (dma_addr_t *)skb->cb;
1026 		*mapping = pci_map_single(priv->pdev, skb_tail_pointer(skb),
1027 					  MAX_RX_SIZE, PCI_DMA_FROMDEVICE);
1028 
1029 		if (pci_dma_mapping_error(priv->pdev, *mapping)) {
1030 			kfree_skb(skb);
1031 			wiphy_err(dev->wiphy, "Cannot map DMA for RX skb\n");
1032 			return -ENOMEM;
1033 		}
1034 
1035 		entry->rx_buf = cpu_to_le32(*mapping);
1036 		entry->flags = cpu_to_le32(RTL818X_RX_DESC_FLAG_OWN |
1037 					   MAX_RX_SIZE);
1038 	}
1039 	entry->flags |= cpu_to_le32(RTL818X_RX_DESC_FLAG_EOR);
1040 	return 0;
1041 }
1042 
1043 static void rtl8180_free_rx_ring(struct ieee80211_hw *dev)
1044 {
1045 	struct rtl8180_priv *priv = dev->priv;
1046 	int i;
1047 
1048 	for (i = 0; i < 32; i++) {
1049 		struct sk_buff *skb = priv->rx_buf[i];
1050 		if (!skb)
1051 			continue;
1052 
1053 		pci_unmap_single(priv->pdev,
1054 				 *((dma_addr_t *)skb->cb),
1055 				 MAX_RX_SIZE, PCI_DMA_FROMDEVICE);
1056 		kfree_skb(skb);
1057 	}
1058 
1059 	pci_free_consistent(priv->pdev, priv->rx_ring_sz * 32,
1060 			    priv->rx_ring, priv->rx_ring_dma);
1061 	priv->rx_ring = NULL;
1062 }
1063 
1064 static int rtl8180_init_tx_ring(struct ieee80211_hw *dev,
1065 				unsigned int prio, unsigned int entries)
1066 {
1067 	struct rtl8180_priv *priv = dev->priv;
1068 	struct rtl8180_tx_desc *ring;
1069 	dma_addr_t dma;
1070 	int i;
1071 
1072 	ring = pci_zalloc_consistent(priv->pdev, sizeof(*ring) * entries,
1073 				     &dma);
1074 	if (!ring || (unsigned long)ring & 0xFF) {
1075 		wiphy_err(dev->wiphy, "Cannot allocate TX ring (prio = %d)\n",
1076 			  prio);
1077 		return -ENOMEM;
1078 	}
1079 
1080 	priv->tx_ring[prio].desc = ring;
1081 	priv->tx_ring[prio].dma = dma;
1082 	priv->tx_ring[prio].idx = 0;
1083 	priv->tx_ring[prio].entries = entries;
1084 	skb_queue_head_init(&priv->tx_ring[prio].queue);
1085 
1086 	for (i = 0; i < entries; i++)
1087 		ring[i].next_tx_desc =
1088 			cpu_to_le32((u32)dma + ((i + 1) % entries) * sizeof(*ring));
1089 
1090 	return 0;
1091 }
1092 
1093 static void rtl8180_free_tx_ring(struct ieee80211_hw *dev, unsigned int prio)
1094 {
1095 	struct rtl8180_priv *priv = dev->priv;
1096 	struct rtl8180_tx_ring *ring = &priv->tx_ring[prio];
1097 
1098 	while (skb_queue_len(&ring->queue)) {
1099 		struct rtl8180_tx_desc *entry = &ring->desc[ring->idx];
1100 		struct sk_buff *skb = __skb_dequeue(&ring->queue);
1101 
1102 		pci_unmap_single(priv->pdev, le32_to_cpu(entry->tx_buf),
1103 				 skb->len, PCI_DMA_TODEVICE);
1104 		kfree_skb(skb);
1105 		ring->idx = (ring->idx + 1) % ring->entries;
1106 	}
1107 
1108 	pci_free_consistent(priv->pdev, sizeof(*ring->desc)*ring->entries,
1109 			    ring->desc, ring->dma);
1110 	ring->desc = NULL;
1111 }
1112 
1113 static int rtl8180_start(struct ieee80211_hw *dev)
1114 {
1115 	struct rtl8180_priv *priv = dev->priv;
1116 	int ret, i;
1117 	u32 reg;
1118 
1119 	ret = rtl8180_init_rx_ring(dev);
1120 	if (ret)
1121 		return ret;
1122 
1123 	for (i = 0; i < (dev->queues + 1); i++)
1124 		if ((ret = rtl8180_init_tx_ring(dev, i, 16)))
1125 			goto err_free_rings;
1126 
1127 	ret = rtl8180_init_hw(dev);
1128 	if (ret)
1129 		goto err_free_rings;
1130 
1131 	if (priv->chip_family == RTL818X_CHIP_FAMILY_RTL8187SE) {
1132 		ret = request_irq(priv->pdev->irq, rtl8187se_interrupt,
1133 			  IRQF_SHARED, KBUILD_MODNAME, dev);
1134 	} else {
1135 		ret = request_irq(priv->pdev->irq, rtl8180_interrupt,
1136 			  IRQF_SHARED, KBUILD_MODNAME, dev);
1137 	}
1138 
1139 	if (ret) {
1140 		wiphy_err(dev->wiphy, "failed to register IRQ handler\n");
1141 		goto err_free_rings;
1142 	}
1143 
1144 	rtl8180_int_enable(dev);
1145 
1146 	/* in rtl8187se at MAR regs offset there is the management
1147 	 * TX descriptor DMA addres..
1148 	 */
1149 	if (priv->chip_family != RTL818X_CHIP_FAMILY_RTL8187SE) {
1150 		rtl818x_iowrite32(priv, &priv->map->MAR[0], ~0);
1151 		rtl818x_iowrite32(priv, &priv->map->MAR[1], ~0);
1152 	}
1153 
1154 	reg = RTL818X_RX_CONF_ONLYERLPKT |
1155 	      RTL818X_RX_CONF_RX_AUTORESETPHY |
1156 	      RTL818X_RX_CONF_MGMT |
1157 	      RTL818X_RX_CONF_DATA |
1158 	      (7 << 8 /* MAX RX DMA */) |
1159 	      RTL818X_RX_CONF_BROADCAST |
1160 	      RTL818X_RX_CONF_NICMAC;
1161 
1162 	if (priv->chip_family == RTL818X_CHIP_FAMILY_RTL8185)
1163 		reg |= RTL818X_RX_CONF_CSDM1 | RTL818X_RX_CONF_CSDM2;
1164 	else if (priv->chip_family == RTL818X_CHIP_FAMILY_RTL8180) {
1165 		reg |= (priv->rfparam & RF_PARAM_CARRIERSENSE1)
1166 			? RTL818X_RX_CONF_CSDM1 : 0;
1167 		reg |= (priv->rfparam & RF_PARAM_CARRIERSENSE2)
1168 			? RTL818X_RX_CONF_CSDM2 : 0;
1169 	} else {
1170 		reg &= ~(RTL818X_RX_CONF_CSDM1 | RTL818X_RX_CONF_CSDM2);
1171 	}
1172 
1173 	priv->rx_conf = reg;
1174 	rtl818x_iowrite32(priv, &priv->map->RX_CONF, reg);
1175 
1176 	if (priv->chip_family != RTL818X_CHIP_FAMILY_RTL8180) {
1177 		reg = rtl818x_ioread8(priv, &priv->map->CW_CONF);
1178 
1179 		/* CW is not on per-packet basis.
1180 		 * in rtl8185 the CW_VALUE reg is used.
1181 		 * in rtl8187se the AC param regs are used.
1182 		 */
1183 		reg &= ~RTL818X_CW_CONF_PERPACKET_CW;
1184 		/* retry limit IS on per-packet basis.
1185 		 * the short and long retry limit in TX_CONF
1186 		 * reg are ignored
1187 		 */
1188 		reg |= RTL818X_CW_CONF_PERPACKET_RETRY;
1189 		rtl818x_iowrite8(priv, &priv->map->CW_CONF, reg);
1190 
1191 		reg = rtl818x_ioread8(priv, &priv->map->TX_AGC_CTL);
1192 		/* TX antenna and TX gain are not on per-packet basis.
1193 		 * TX Antenna is selected by ANTSEL reg (RX in BB regs).
1194 		 * TX gain is selected with CCK_TX_AGC and OFDM_TX_AGC regs
1195 		 */
1196 		reg &= ~RTL818X_TX_AGC_CTL_PERPACKET_GAIN;
1197 		reg &= ~RTL818X_TX_AGC_CTL_PERPACKET_ANTSEL;
1198 		reg |=  RTL818X_TX_AGC_CTL_FEEDBACK_ANT;
1199 		rtl818x_iowrite8(priv, &priv->map->TX_AGC_CTL, reg);
1200 
1201 		/* disable early TX */
1202 		rtl818x_iowrite8(priv, (u8 __iomem *)priv->map + 0xec, 0x3f);
1203 	}
1204 
1205 	reg = rtl818x_ioread32(priv, &priv->map->TX_CONF);
1206 	reg |= (6 << 21 /* MAX TX DMA */) |
1207 	       RTL818X_TX_CONF_NO_ICV;
1208 
1209 	if (priv->chip_family == RTL818X_CHIP_FAMILY_RTL8187SE)
1210 		reg |= 1<<30;  /*  "duration procedure mode" */
1211 
1212 	if (priv->chip_family != RTL818X_CHIP_FAMILY_RTL8180)
1213 		reg &= ~RTL818X_TX_CONF_PROBE_DTS;
1214 	else
1215 		reg &= ~RTL818X_TX_CONF_HW_SEQNUM;
1216 
1217 	reg &= ~RTL818X_TX_CONF_DISCW;
1218 
1219 	/* different meaning, same value on both rtl8185 and rtl8180 */
1220 	reg &= ~RTL818X_TX_CONF_SAT_HWPLCP;
1221 
1222 	rtl818x_iowrite32(priv, &priv->map->TX_CONF, reg);
1223 
1224 	reg = rtl818x_ioread8(priv, &priv->map->CMD);
1225 	reg |= RTL818X_CMD_RX_ENABLE;
1226 	reg |= RTL818X_CMD_TX_ENABLE;
1227 	rtl818x_iowrite8(priv, &priv->map->CMD, reg);
1228 
1229 	return 0;
1230 
1231  err_free_rings:
1232 	rtl8180_free_rx_ring(dev);
1233 	for (i = 0; i < (dev->queues + 1); i++)
1234 		if (priv->tx_ring[i].desc)
1235 			rtl8180_free_tx_ring(dev, i);
1236 
1237 	return ret;
1238 }
1239 
1240 static void rtl8180_stop(struct ieee80211_hw *dev)
1241 {
1242 	struct rtl8180_priv *priv = dev->priv;
1243 	u8 reg;
1244 	int i;
1245 
1246 	rtl8180_int_disable(dev);
1247 
1248 	reg = rtl818x_ioread8(priv, &priv->map->CMD);
1249 	reg &= ~RTL818X_CMD_TX_ENABLE;
1250 	reg &= ~RTL818X_CMD_RX_ENABLE;
1251 	rtl818x_iowrite8(priv, &priv->map->CMD, reg);
1252 
1253 	priv->rf->stop(dev);
1254 
1255 	rtl818x_iowrite8(priv, &priv->map->EEPROM_CMD, RTL818X_EEPROM_CMD_CONFIG);
1256 	reg = rtl818x_ioread8(priv, &priv->map->CONFIG4);
1257 	rtl818x_iowrite8(priv, &priv->map->CONFIG4, reg | RTL818X_CONFIG4_VCOOFF);
1258 	rtl818x_iowrite8(priv, &priv->map->EEPROM_CMD, RTL818X_EEPROM_CMD_NORMAL);
1259 
1260 	free_irq(priv->pdev->irq, dev);
1261 
1262 	rtl8180_free_rx_ring(dev);
1263 	for (i = 0; i < (dev->queues + 1); i++)
1264 		rtl8180_free_tx_ring(dev, i);
1265 }
1266 
1267 static u64 rtl8180_get_tsf(struct ieee80211_hw *dev,
1268 			   struct ieee80211_vif *vif)
1269 {
1270 	struct rtl8180_priv *priv = dev->priv;
1271 
1272 	return rtl818x_ioread32(priv, &priv->map->TSFT[0]) |
1273 	       (u64)(rtl818x_ioread32(priv, &priv->map->TSFT[1])) << 32;
1274 }
1275 
1276 static void rtl8180_beacon_work(struct work_struct *work)
1277 {
1278 	struct rtl8180_vif *vif_priv =
1279 		container_of(work, struct rtl8180_vif, beacon_work.work);
1280 	struct ieee80211_vif *vif =
1281 		container_of((void *)vif_priv, struct ieee80211_vif, drv_priv);
1282 	struct ieee80211_hw *dev = vif_priv->dev;
1283 	struct ieee80211_mgmt *mgmt;
1284 	struct sk_buff *skb;
1285 
1286 	/* don't overflow the tx ring */
1287 	if (ieee80211_queue_stopped(dev, 0))
1288 		goto resched;
1289 
1290 	/* grab a fresh beacon */
1291 	skb = ieee80211_beacon_get(dev, vif);
1292 	if (!skb)
1293 		goto resched;
1294 
1295 	/*
1296 	 * update beacon timestamp w/ TSF value
1297 	 * TODO: make hardware update beacon timestamp
1298 	 */
1299 	mgmt = (struct ieee80211_mgmt *)skb->data;
1300 	mgmt->u.beacon.timestamp = cpu_to_le64(rtl8180_get_tsf(dev, vif));
1301 
1302 	/* TODO: use actual beacon queue */
1303 	skb_set_queue_mapping(skb, 0);
1304 
1305 	rtl8180_tx(dev, NULL, skb);
1306 
1307 resched:
1308 	/*
1309 	 * schedule next beacon
1310 	 * TODO: use hardware support for beacon timing
1311 	 */
1312 	schedule_delayed_work(&vif_priv->beacon_work,
1313 			usecs_to_jiffies(1024 * vif->bss_conf.beacon_int));
1314 }
1315 
1316 static int rtl8180_add_interface(struct ieee80211_hw *dev,
1317 				 struct ieee80211_vif *vif)
1318 {
1319 	struct rtl8180_priv *priv = dev->priv;
1320 	struct rtl8180_vif *vif_priv;
1321 
1322 	/*
1323 	 * We only support one active interface at a time.
1324 	 */
1325 	if (priv->vif)
1326 		return -EBUSY;
1327 
1328 	switch (vif->type) {
1329 	case NL80211_IFTYPE_STATION:
1330 	case NL80211_IFTYPE_ADHOC:
1331 		break;
1332 	default:
1333 		return -EOPNOTSUPP;
1334 	}
1335 
1336 	priv->vif = vif;
1337 
1338 	/* Initialize driver private area */
1339 	vif_priv = (struct rtl8180_vif *)&vif->drv_priv;
1340 	vif_priv->dev = dev;
1341 	INIT_DELAYED_WORK(&vif_priv->beacon_work, rtl8180_beacon_work);
1342 	vif_priv->enable_beacon = false;
1343 
1344 	rtl818x_iowrite8(priv, &priv->map->EEPROM_CMD, RTL818X_EEPROM_CMD_CONFIG);
1345 	rtl818x_iowrite32(priv, (__le32 __iomem *)&priv->map->MAC[0],
1346 			  le32_to_cpu(*(__le32 *)vif->addr));
1347 	rtl818x_iowrite16(priv, (__le16 __iomem *)&priv->map->MAC[4],
1348 			  le16_to_cpu(*(__le16 *)(vif->addr + 4)));
1349 	rtl818x_iowrite8(priv, &priv->map->EEPROM_CMD, RTL818X_EEPROM_CMD_NORMAL);
1350 
1351 	return 0;
1352 }
1353 
1354 static void rtl8180_remove_interface(struct ieee80211_hw *dev,
1355 				     struct ieee80211_vif *vif)
1356 {
1357 	struct rtl8180_priv *priv = dev->priv;
1358 	priv->vif = NULL;
1359 }
1360 
1361 static int rtl8180_config(struct ieee80211_hw *dev, u32 changed)
1362 {
1363 	struct rtl8180_priv *priv = dev->priv;
1364 	struct ieee80211_conf *conf = &dev->conf;
1365 
1366 	priv->rf->set_chan(dev, conf);
1367 
1368 	return 0;
1369 }
1370 
1371 static void rtl8187se_conf_ac_parm(struct ieee80211_hw *dev, u8 queue)
1372 {
1373 	const struct ieee80211_tx_queue_params *params;
1374 	struct rtl8180_priv *priv = dev->priv;
1375 
1376 	/* hw value */
1377 	u32 ac_param;
1378 
1379 	u8 aifs;
1380 	u8 txop;
1381 	u8 cw_min, cw_max;
1382 
1383 	params = &priv->queue_param[queue];
1384 
1385 	cw_min = fls(params->cw_min);
1386 	cw_max = fls(params->cw_max);
1387 
1388 	aifs = 10 + params->aifs * priv->slot_time;
1389 
1390 	/* TODO: check if txop HW is in us (mult by 32) */
1391 	txop = params->txop;
1392 
1393 	ac_param = txop << AC_PARAM_TXOP_LIMIT_SHIFT |
1394 		cw_max << AC_PARAM_ECW_MAX_SHIFT |
1395 		cw_min << AC_PARAM_ECW_MIN_SHIFT |
1396 		aifs << AC_PARAM_AIFS_SHIFT;
1397 
1398 	switch (queue) {
1399 	case IEEE80211_AC_BK:
1400 		rtl818x_iowrite32(priv, &priv->map->AC_BK_PARAM, ac_param);
1401 		break;
1402 	case IEEE80211_AC_BE:
1403 		rtl818x_iowrite32(priv, &priv->map->AC_BE_PARAM, ac_param);
1404 		break;
1405 	case IEEE80211_AC_VI:
1406 		rtl818x_iowrite32(priv, &priv->map->AC_VI_PARAM, ac_param);
1407 		break;
1408 	case IEEE80211_AC_VO:
1409 		rtl818x_iowrite32(priv, &priv->map->AC_VO_PARAM, ac_param);
1410 		break;
1411 	}
1412 }
1413 
1414 static int rtl8180_conf_tx(struct ieee80211_hw *dev,
1415 			    struct ieee80211_vif *vif, u16 queue,
1416 			    const struct ieee80211_tx_queue_params *params)
1417 {
1418 	struct rtl8180_priv *priv = dev->priv;
1419 	u8 cw_min, cw_max;
1420 
1421 	/* nothing to do ? */
1422 	if (priv->chip_family == RTL818X_CHIP_FAMILY_RTL8180)
1423 		return 0;
1424 
1425 	cw_min = fls(params->cw_min);
1426 	cw_max = fls(params->cw_max);
1427 
1428 	if (priv->chip_family == RTL818X_CHIP_FAMILY_RTL8187SE) {
1429 		priv->queue_param[queue] = *params;
1430 		rtl8187se_conf_ac_parm(dev, queue);
1431 	} else
1432 		rtl818x_iowrite8(priv, &priv->map->CW_VAL,
1433 				 (cw_max << 4) | cw_min);
1434 	return 0;
1435 }
1436 
1437 static void rtl8180_conf_erp(struct ieee80211_hw *dev,
1438 			    struct ieee80211_bss_conf *info)
1439 {
1440 	struct rtl8180_priv *priv = dev->priv;
1441 	u8 sifs, difs;
1442 	int eifs;
1443 	u8 hw_eifs;
1444 
1445 	/* TODO: should we do something ? */
1446 	if (priv->chip_family == RTL818X_CHIP_FAMILY_RTL8180)
1447 		return;
1448 
1449 	/* I _hope_ this means 10uS for the HW.
1450 	 * In reference code it is 0x22 for
1451 	 * both rtl8187L and rtl8187SE
1452 	 */
1453 	sifs = 0x22;
1454 
1455 	if (info->use_short_slot)
1456 		priv->slot_time = 9;
1457 	else
1458 		priv->slot_time = 20;
1459 
1460 	/* 10 is SIFS time in uS */
1461 	difs = 10 + 2 * priv->slot_time;
1462 	eifs = 10 + difs + priv->ack_time;
1463 
1464 	/* HW should use 4uS units for EIFS (I'm sure for rtl8185)*/
1465 	hw_eifs = DIV_ROUND_UP(eifs, 4);
1466 
1467 
1468 	rtl818x_iowrite8(priv, &priv->map->SLOT, priv->slot_time);
1469 	rtl818x_iowrite8(priv, &priv->map->SIFS, sifs);
1470 	rtl818x_iowrite8(priv, &priv->map->DIFS, difs);
1471 
1472 	/* from reference code. set ack timeout reg = eifs reg */
1473 	rtl818x_iowrite8(priv, &priv->map->CARRIER_SENSE_COUNTER, hw_eifs);
1474 
1475 	if (priv->chip_family == RTL818X_CHIP_FAMILY_RTL8187SE)
1476 		rtl818x_iowrite8(priv, &priv->map->EIFS_8187SE, hw_eifs);
1477 	else if (priv->chip_family == RTL818X_CHIP_FAMILY_RTL8185) {
1478 		/* rtl8187/rtl8185 HW bug. After EIFS is elapsed,
1479 		 * the HW still wait for DIFS.
1480 		 * HW uses 4uS units for EIFS.
1481 		 */
1482 		hw_eifs = DIV_ROUND_UP(eifs - difs, 4);
1483 
1484 		rtl818x_iowrite8(priv, &priv->map->EIFS, hw_eifs);
1485 	}
1486 }
1487 
1488 static void rtl8180_bss_info_changed(struct ieee80211_hw *dev,
1489 				     struct ieee80211_vif *vif,
1490 				     struct ieee80211_bss_conf *info,
1491 				     u32 changed)
1492 {
1493 	struct rtl8180_priv *priv = dev->priv;
1494 	struct rtl8180_vif *vif_priv;
1495 	int i;
1496 	u8 reg;
1497 
1498 	vif_priv = (struct rtl8180_vif *)&vif->drv_priv;
1499 
1500 	if (changed & BSS_CHANGED_BSSID) {
1501 		rtl818x_iowrite16(priv, (__le16 __iomem *)&priv->map->BSSID[0],
1502 				  le16_to_cpu(*(__le16 *)info->bssid));
1503 		rtl818x_iowrite32(priv, (__le32 __iomem *)&priv->map->BSSID[2],
1504 				  le32_to_cpu(*(__le32 *)(info->bssid + 2)));
1505 
1506 		if (is_valid_ether_addr(info->bssid)) {
1507 			if (vif->type == NL80211_IFTYPE_ADHOC)
1508 				reg = RTL818X_MSR_ADHOC;
1509 			else
1510 				reg = RTL818X_MSR_INFRA;
1511 		} else
1512 			reg = RTL818X_MSR_NO_LINK;
1513 
1514 		if (priv->chip_family == RTL818X_CHIP_FAMILY_RTL8187SE)
1515 			reg |= RTL818X_MSR_ENEDCA;
1516 
1517 		rtl818x_iowrite8(priv, &priv->map->MSR, reg);
1518 	}
1519 
1520 	if (changed & BSS_CHANGED_BASIC_RATES)
1521 		rtl8180_conf_basic_rates(dev, info->basic_rates);
1522 
1523 	if (changed & (BSS_CHANGED_ERP_SLOT | BSS_CHANGED_ERP_PREAMBLE)) {
1524 
1525 		/* when preamble changes, acktime duration changes, and erp must
1526 		 * be recalculated. ACK time is calculated at lowest rate.
1527 		 * Since mac80211 include SIFS time we remove it (-10)
1528 		 */
1529 		priv->ack_time =
1530 			le16_to_cpu(ieee80211_generic_frame_duration(dev,
1531 					priv->vif,
1532 					IEEE80211_BAND_2GHZ, 10,
1533 					&priv->rates[0])) - 10;
1534 
1535 		rtl8180_conf_erp(dev, info);
1536 
1537 		/* mac80211 supplies aifs_n to driver and calls
1538 		 * conf_tx callback whether aifs_n changes, NOT
1539 		 * when aifs changes.
1540 		 * Aifs should be recalculated if slot changes.
1541 		 */
1542 		if (priv->chip_family == RTL818X_CHIP_FAMILY_RTL8187SE) {
1543 			for (i = 0; i < 4; i++)
1544 				rtl8187se_conf_ac_parm(dev, i);
1545 		}
1546 	}
1547 
1548 	if (changed & BSS_CHANGED_BEACON_ENABLED)
1549 		vif_priv->enable_beacon = info->enable_beacon;
1550 
1551 	if (changed & (BSS_CHANGED_BEACON_ENABLED | BSS_CHANGED_BEACON)) {
1552 		cancel_delayed_work_sync(&vif_priv->beacon_work);
1553 		if (vif_priv->enable_beacon)
1554 			schedule_work(&vif_priv->beacon_work.work);
1555 	}
1556 }
1557 
1558 static u64 rtl8180_prepare_multicast(struct ieee80211_hw *dev,
1559 				     struct netdev_hw_addr_list *mc_list)
1560 {
1561 	return netdev_hw_addr_list_count(mc_list);
1562 }
1563 
1564 static void rtl8180_configure_filter(struct ieee80211_hw *dev,
1565 				     unsigned int changed_flags,
1566 				     unsigned int *total_flags,
1567 				     u64 multicast)
1568 {
1569 	struct rtl8180_priv *priv = dev->priv;
1570 
1571 	if (changed_flags & FIF_FCSFAIL)
1572 		priv->rx_conf ^= RTL818X_RX_CONF_FCS;
1573 	if (changed_flags & FIF_CONTROL)
1574 		priv->rx_conf ^= RTL818X_RX_CONF_CTRL;
1575 	if (changed_flags & FIF_OTHER_BSS)
1576 		priv->rx_conf ^= RTL818X_RX_CONF_MONITOR;
1577 	if (*total_flags & FIF_ALLMULTI || multicast > 0)
1578 		priv->rx_conf |= RTL818X_RX_CONF_MULTICAST;
1579 	else
1580 		priv->rx_conf &= ~RTL818X_RX_CONF_MULTICAST;
1581 
1582 	*total_flags = 0;
1583 
1584 	if (priv->rx_conf & RTL818X_RX_CONF_FCS)
1585 		*total_flags |= FIF_FCSFAIL;
1586 	if (priv->rx_conf & RTL818X_RX_CONF_CTRL)
1587 		*total_flags |= FIF_CONTROL;
1588 	if (priv->rx_conf & RTL818X_RX_CONF_MONITOR)
1589 		*total_flags |= FIF_OTHER_BSS;
1590 	if (priv->rx_conf & RTL818X_RX_CONF_MULTICAST)
1591 		*total_flags |= FIF_ALLMULTI;
1592 
1593 	rtl818x_iowrite32(priv, &priv->map->RX_CONF, priv->rx_conf);
1594 }
1595 
1596 static const struct ieee80211_ops rtl8180_ops = {
1597 	.tx			= rtl8180_tx,
1598 	.start			= rtl8180_start,
1599 	.stop			= rtl8180_stop,
1600 	.add_interface		= rtl8180_add_interface,
1601 	.remove_interface	= rtl8180_remove_interface,
1602 	.config			= rtl8180_config,
1603 	.bss_info_changed	= rtl8180_bss_info_changed,
1604 	.conf_tx		= rtl8180_conf_tx,
1605 	.prepare_multicast	= rtl8180_prepare_multicast,
1606 	.configure_filter	= rtl8180_configure_filter,
1607 	.get_tsf		= rtl8180_get_tsf,
1608 };
1609 
1610 static void rtl8180_eeprom_register_read(struct eeprom_93cx6 *eeprom)
1611 {
1612 	struct rtl8180_priv *priv = eeprom->data;
1613 	u8 reg = rtl818x_ioread8(priv, &priv->map->EEPROM_CMD);
1614 
1615 	eeprom->reg_data_in = reg & RTL818X_EEPROM_CMD_WRITE;
1616 	eeprom->reg_data_out = reg & RTL818X_EEPROM_CMD_READ;
1617 	eeprom->reg_data_clock = reg & RTL818X_EEPROM_CMD_CK;
1618 	eeprom->reg_chip_select = reg & RTL818X_EEPROM_CMD_CS;
1619 }
1620 
1621 static void rtl8180_eeprom_register_write(struct eeprom_93cx6 *eeprom)
1622 {
1623 	struct rtl8180_priv *priv = eeprom->data;
1624 	u8 reg = 2 << 6;
1625 
1626 	if (eeprom->reg_data_in)
1627 		reg |= RTL818X_EEPROM_CMD_WRITE;
1628 	if (eeprom->reg_data_out)
1629 		reg |= RTL818X_EEPROM_CMD_READ;
1630 	if (eeprom->reg_data_clock)
1631 		reg |= RTL818X_EEPROM_CMD_CK;
1632 	if (eeprom->reg_chip_select)
1633 		reg |= RTL818X_EEPROM_CMD_CS;
1634 
1635 	rtl818x_iowrite8(priv, &priv->map->EEPROM_CMD, reg);
1636 	rtl818x_ioread8(priv, &priv->map->EEPROM_CMD);
1637 	udelay(10);
1638 }
1639 
1640 static void rtl8180_eeprom_read(struct rtl8180_priv *priv)
1641 {
1642 	struct eeprom_93cx6 eeprom;
1643 	int eeprom_cck_table_adr;
1644 	u16 eeprom_val;
1645 	int i;
1646 
1647 	eeprom.data = priv;
1648 	eeprom.register_read = rtl8180_eeprom_register_read;
1649 	eeprom.register_write = rtl8180_eeprom_register_write;
1650 	if (rtl818x_ioread32(priv, &priv->map->RX_CONF) & (1 << 6))
1651 		eeprom.width = PCI_EEPROM_WIDTH_93C66;
1652 	else
1653 		eeprom.width = PCI_EEPROM_WIDTH_93C46;
1654 
1655 	rtl818x_iowrite8(priv, &priv->map->EEPROM_CMD,
1656 			RTL818X_EEPROM_CMD_PROGRAM);
1657 	rtl818x_ioread8(priv, &priv->map->EEPROM_CMD);
1658 	udelay(10);
1659 
1660 	eeprom_93cx6_read(&eeprom, 0x06, &eeprom_val);
1661 	eeprom_val &= 0xFF;
1662 	priv->rf_type = eeprom_val;
1663 
1664 	eeprom_93cx6_read(&eeprom, 0x17, &eeprom_val);
1665 	priv->csthreshold = eeprom_val >> 8;
1666 
1667 	eeprom_93cx6_multiread(&eeprom, 0x7, (__le16 *)priv->mac_addr, 3);
1668 
1669 	if (priv->chip_family == RTL818X_CHIP_FAMILY_RTL8187SE)
1670 		eeprom_cck_table_adr = 0x30;
1671 	else
1672 		eeprom_cck_table_adr = 0x10;
1673 
1674 	/* CCK TX power */
1675 	for (i = 0; i < 14; i += 2) {
1676 		u16 txpwr;
1677 		eeprom_93cx6_read(&eeprom, eeprom_cck_table_adr + (i >> 1),
1678 				&txpwr);
1679 		priv->channels[i].hw_value = txpwr & 0xFF;
1680 		priv->channels[i + 1].hw_value = txpwr >> 8;
1681 	}
1682 
1683 	/* OFDM TX power */
1684 	if (priv->chip_family != RTL818X_CHIP_FAMILY_RTL8180) {
1685 		for (i = 0; i < 14; i += 2) {
1686 			u16 txpwr;
1687 			eeprom_93cx6_read(&eeprom, 0x20 + (i >> 1), &txpwr);
1688 			priv->channels[i].hw_value |= (txpwr & 0xFF) << 8;
1689 			priv->channels[i + 1].hw_value |= txpwr & 0xFF00;
1690 		}
1691 	}
1692 
1693 	if (priv->chip_family == RTL818X_CHIP_FAMILY_RTL8180) {
1694 		__le32 anaparam;
1695 		eeprom_93cx6_multiread(&eeprom, 0xD, (__le16 *)&anaparam, 2);
1696 		priv->anaparam = le32_to_cpu(anaparam);
1697 		eeprom_93cx6_read(&eeprom, 0x19, &priv->rfparam);
1698 	}
1699 
1700 	if (priv->chip_family == RTL818X_CHIP_FAMILY_RTL8187SE) {
1701 		eeprom_93cx6_read(&eeprom, 0x3F, &eeprom_val);
1702 		priv->antenna_diversity_en = !!(eeprom_val & 0x100);
1703 		priv->antenna_diversity_default = (eeprom_val & 0xC00) == 0x400;
1704 
1705 		eeprom_93cx6_read(&eeprom, 0x7C, &eeprom_val);
1706 		priv->xtal_out = eeprom_val & 0xF;
1707 		priv->xtal_in = (eeprom_val & 0xF0) >> 4;
1708 		priv->xtal_cal = !!(eeprom_val & 0x1000);
1709 		priv->thermal_meter_val = (eeprom_val & 0xF00) >> 8;
1710 		priv->thermal_meter_en = !!(eeprom_val & 0x2000);
1711 	}
1712 
1713 	rtl818x_iowrite8(priv, &priv->map->EEPROM_CMD,
1714 			RTL818X_EEPROM_CMD_NORMAL);
1715 }
1716 
1717 static int rtl8180_probe(struct pci_dev *pdev,
1718 				   const struct pci_device_id *id)
1719 {
1720 	struct ieee80211_hw *dev;
1721 	struct rtl8180_priv *priv;
1722 	unsigned long mem_addr, mem_len;
1723 	unsigned int io_addr, io_len;
1724 	int err;
1725 	const char *chip_name, *rf_name = NULL;
1726 	u32 reg;
1727 
1728 	err = pci_enable_device(pdev);
1729 	if (err) {
1730 		printk(KERN_ERR "%s (rtl8180): Cannot enable new PCI device\n",
1731 		       pci_name(pdev));
1732 		return err;
1733 	}
1734 
1735 	err = pci_request_regions(pdev, KBUILD_MODNAME);
1736 	if (err) {
1737 		printk(KERN_ERR "%s (rtl8180): Cannot obtain PCI resources\n",
1738 		       pci_name(pdev));
1739 		return err;
1740 	}
1741 
1742 	io_addr = pci_resource_start(pdev, 0);
1743 	io_len = pci_resource_len(pdev, 0);
1744 	mem_addr = pci_resource_start(pdev, 1);
1745 	mem_len = pci_resource_len(pdev, 1);
1746 
1747 	if (mem_len < sizeof(struct rtl818x_csr) ||
1748 	    io_len < sizeof(struct rtl818x_csr)) {
1749 		printk(KERN_ERR "%s (rtl8180): Too short PCI resources\n",
1750 		       pci_name(pdev));
1751 		err = -ENOMEM;
1752 		goto err_free_reg;
1753 	}
1754 
1755 	if ((err = pci_set_dma_mask(pdev, DMA_BIT_MASK(32))) ||
1756 	    (err = pci_set_consistent_dma_mask(pdev, DMA_BIT_MASK(32)))) {
1757 		printk(KERN_ERR "%s (rtl8180): No suitable DMA available\n",
1758 		       pci_name(pdev));
1759 		goto err_free_reg;
1760 	}
1761 
1762 	pci_set_master(pdev);
1763 
1764 	dev = ieee80211_alloc_hw(sizeof(*priv), &rtl8180_ops);
1765 	if (!dev) {
1766 		printk(KERN_ERR "%s (rtl8180): ieee80211 alloc failed\n",
1767 		       pci_name(pdev));
1768 		err = -ENOMEM;
1769 		goto err_free_reg;
1770 	}
1771 
1772 	priv = dev->priv;
1773 	priv->pdev = pdev;
1774 
1775 	dev->max_rates = 1;
1776 	SET_IEEE80211_DEV(dev, &pdev->dev);
1777 	pci_set_drvdata(pdev, dev);
1778 
1779 	priv->map_pio = false;
1780 	priv->map = pci_iomap(pdev, 1, mem_len);
1781 	if (!priv->map) {
1782 		priv->map = pci_iomap(pdev, 0, io_len);
1783 		priv->map_pio = true;
1784 	}
1785 
1786 	if (!priv->map) {
1787 		dev_err(&pdev->dev, "Cannot map device memory/PIO\n");
1788 		err = -ENOMEM;
1789 		goto err_free_dev;
1790 	}
1791 
1792 	BUILD_BUG_ON(sizeof(priv->channels) != sizeof(rtl818x_channels));
1793 	BUILD_BUG_ON(sizeof(priv->rates) != sizeof(rtl818x_rates));
1794 
1795 	memcpy(priv->channels, rtl818x_channels, sizeof(rtl818x_channels));
1796 	memcpy(priv->rates, rtl818x_rates, sizeof(rtl818x_rates));
1797 
1798 	priv->band.band = IEEE80211_BAND_2GHZ;
1799 	priv->band.channels = priv->channels;
1800 	priv->band.n_channels = ARRAY_SIZE(rtl818x_channels);
1801 	priv->band.bitrates = priv->rates;
1802 	priv->band.n_bitrates = 4;
1803 	dev->wiphy->bands[IEEE80211_BAND_2GHZ] = &priv->band;
1804 
1805 	ieee80211_hw_set(dev, HOST_BROADCAST_PS_BUFFERING);
1806 	ieee80211_hw_set(dev, RX_INCLUDES_FCS);
1807 
1808 	dev->vif_data_size = sizeof(struct rtl8180_vif);
1809 	dev->wiphy->interface_modes = BIT(NL80211_IFTYPE_STATION) |
1810 					BIT(NL80211_IFTYPE_ADHOC);
1811 	dev->max_signal = 65;
1812 
1813 	reg = rtl818x_ioread32(priv, &priv->map->TX_CONF);
1814 	reg &= RTL818X_TX_CONF_HWVER_MASK;
1815 	switch (reg) {
1816 	case RTL818X_TX_CONF_R8180_ABCD:
1817 		chip_name = "RTL8180";
1818 		priv->chip_family = RTL818X_CHIP_FAMILY_RTL8180;
1819 		break;
1820 
1821 	case RTL818X_TX_CONF_R8180_F:
1822 		chip_name = "RTL8180vF";
1823 		priv->chip_family = RTL818X_CHIP_FAMILY_RTL8180;
1824 		break;
1825 
1826 	case RTL818X_TX_CONF_R8185_ABC:
1827 		chip_name = "RTL8185";
1828 		priv->chip_family = RTL818X_CHIP_FAMILY_RTL8185;
1829 		break;
1830 
1831 	case RTL818X_TX_CONF_R8185_D:
1832 		chip_name = "RTL8185vD";
1833 		priv->chip_family = RTL818X_CHIP_FAMILY_RTL8185;
1834 		break;
1835 
1836 	case RTL818X_TX_CONF_RTL8187SE:
1837 		chip_name = "RTL8187SE";
1838 		if (priv->map_pio) {
1839 			dev_err(&pdev->dev,
1840 				"MMIO failed. PIO not supported on RTL8187SE\n");
1841 			err = -ENOMEM;
1842 			goto err_iounmap;
1843 		}
1844 		priv->chip_family = RTL818X_CHIP_FAMILY_RTL8187SE;
1845 		break;
1846 
1847 	default:
1848 		printk(KERN_ERR "%s (rtl8180): Unknown chip! (0x%x)\n",
1849 		       pci_name(pdev), reg >> 25);
1850 		err = -ENODEV;
1851 		goto err_iounmap;
1852 	}
1853 
1854 	/* we declare to MAC80211 all the queues except for beacon queue
1855 	 * that will be eventually handled by DRV.
1856 	 * TX rings are arranged in such a way that lower is the IDX,
1857 	 * higher is the priority, in order to achieve direct mapping
1858 	 * with mac80211, however the beacon queue is an exception and it
1859 	 * is mapped on the highst tx ring IDX.
1860 	 */
1861 	if (priv->chip_family == RTL818X_CHIP_FAMILY_RTL8187SE)
1862 		dev->queues = RTL8187SE_NR_TX_QUEUES - 1;
1863 	else
1864 		dev->queues = RTL8180_NR_TX_QUEUES - 1;
1865 
1866 	if (priv->chip_family != RTL818X_CHIP_FAMILY_RTL8180) {
1867 		priv->band.n_bitrates = ARRAY_SIZE(rtl818x_rates);
1868 		pci_try_set_mwi(pdev);
1869 	}
1870 
1871 	if (priv->chip_family != RTL818X_CHIP_FAMILY_RTL8180)
1872 		ieee80211_hw_set(dev, SIGNAL_DBM);
1873 	else
1874 		ieee80211_hw_set(dev, SIGNAL_UNSPEC);
1875 
1876 	rtl8180_eeprom_read(priv);
1877 
1878 	switch (priv->rf_type) {
1879 	case 1:	rf_name = "Intersil";
1880 		break;
1881 	case 2:	rf_name = "RFMD";
1882 		break;
1883 	case 3:	priv->rf = &sa2400_rf_ops;
1884 		break;
1885 	case 4:	priv->rf = &max2820_rf_ops;
1886 		break;
1887 	case 5:	priv->rf = &grf5101_rf_ops;
1888 		break;
1889 	case 9:
1890 		if (priv->chip_family == RTL818X_CHIP_FAMILY_RTL8187SE)
1891 			priv->rf = rtl8187se_detect_rf(dev);
1892 		else
1893 			priv->rf = rtl8180_detect_rf(dev);
1894 		break;
1895 	case 10:
1896 		rf_name = "RTL8255";
1897 		break;
1898 	default:
1899 		printk(KERN_ERR "%s (rtl8180): Unknown RF! (0x%x)\n",
1900 		       pci_name(pdev), priv->rf_type);
1901 		err = -ENODEV;
1902 		goto err_iounmap;
1903 	}
1904 
1905 	if (!priv->rf) {
1906 		printk(KERN_ERR "%s (rtl8180): %s RF frontend not supported!\n",
1907 		       pci_name(pdev), rf_name);
1908 		err = -ENODEV;
1909 		goto err_iounmap;
1910 	}
1911 
1912 	if (!is_valid_ether_addr(priv->mac_addr)) {
1913 		printk(KERN_WARNING "%s (rtl8180): Invalid hwaddr! Using"
1914 		       " randomly generated MAC addr\n", pci_name(pdev));
1915 		eth_random_addr(priv->mac_addr);
1916 	}
1917 	SET_IEEE80211_PERM_ADDR(dev, priv->mac_addr);
1918 
1919 	spin_lock_init(&priv->lock);
1920 
1921 	err = ieee80211_register_hw(dev);
1922 	if (err) {
1923 		printk(KERN_ERR "%s (rtl8180): Cannot register device\n",
1924 		       pci_name(pdev));
1925 		goto err_iounmap;
1926 	}
1927 
1928 	wiphy_info(dev->wiphy, "hwaddr %pm, %s + %s\n",
1929 		   priv->mac_addr, chip_name, priv->rf->name);
1930 
1931 	return 0;
1932 
1933  err_iounmap:
1934 	pci_iounmap(pdev, priv->map);
1935 
1936  err_free_dev:
1937 	ieee80211_free_hw(dev);
1938 
1939  err_free_reg:
1940 	pci_release_regions(pdev);
1941 	pci_disable_device(pdev);
1942 	return err;
1943 }
1944 
1945 static void rtl8180_remove(struct pci_dev *pdev)
1946 {
1947 	struct ieee80211_hw *dev = pci_get_drvdata(pdev);
1948 	struct rtl8180_priv *priv;
1949 
1950 	if (!dev)
1951 		return;
1952 
1953 	ieee80211_unregister_hw(dev);
1954 
1955 	priv = dev->priv;
1956 
1957 	pci_iounmap(pdev, priv->map);
1958 	pci_release_regions(pdev);
1959 	pci_disable_device(pdev);
1960 	ieee80211_free_hw(dev);
1961 }
1962 
1963 #ifdef CONFIG_PM
1964 static int rtl8180_suspend(struct pci_dev *pdev, pm_message_t state)
1965 {
1966 	pci_save_state(pdev);
1967 	pci_set_power_state(pdev, pci_choose_state(pdev, state));
1968 	return 0;
1969 }
1970 
1971 static int rtl8180_resume(struct pci_dev *pdev)
1972 {
1973 	pci_set_power_state(pdev, PCI_D0);
1974 	pci_restore_state(pdev);
1975 	return 0;
1976 }
1977 
1978 #endif /* CONFIG_PM */
1979 
1980 static struct pci_driver rtl8180_driver = {
1981 	.name		= KBUILD_MODNAME,
1982 	.id_table	= rtl8180_table,
1983 	.probe		= rtl8180_probe,
1984 	.remove		= rtl8180_remove,
1985 #ifdef CONFIG_PM
1986 	.suspend	= rtl8180_suspend,
1987 	.resume		= rtl8180_resume,
1988 #endif /* CONFIG_PM */
1989 };
1990 
1991 module_pci_driver(rtl8180_driver);
1992