1 /*
2  * IPWireless 3G PCMCIA Network Driver
3  *
4  * Original code
5  *   by Stephen Blackheath <stephen@blacksapphire.com>,
6  *      Ben Martel <benm@symmetric.co.nz>
7  *
8  * Copyrighted as follows:
9  *   Copyright (C) 2004 by Symmetric Systems Ltd (NZ)
10  *
11  * Various driver changes and rewrites, port to new kernels
12  *   Copyright (C) 2006-2007 Jiri Kosina
13  *
14  * Misc code cleanups and updates
15  *   Copyright (C) 2007 David Sterba
16  */
17 
18 #include <linux/interrupt.h>
19 #include <linux/io.h>
20 #include <linux/irq.h>
21 #include <linux/kernel.h>
22 #include <linux/list.h>
23 #include <linux/slab.h>
24 
25 #include "hardware.h"
26 #include "setup_protocol.h"
27 #include "network.h"
28 #include "main.h"
29 
30 static void ipw_send_setup_packet(struct ipw_hardware *hw);
31 static void handle_received_SETUP_packet(struct ipw_hardware *ipw,
32 					 unsigned int address,
33 					 const unsigned char *data, int len,
34 					 int is_last);
35 static void ipwireless_setup_timer(unsigned long data);
36 static void handle_received_CTRL_packet(struct ipw_hardware *hw,
37 		unsigned int channel_idx, const unsigned char *data, int len);
38 
39 /*#define TIMING_DIAGNOSTICS*/
40 
41 #ifdef TIMING_DIAGNOSTICS
42 
43 static struct timing_stats {
44 	unsigned long last_report_time;
45 	unsigned long read_time;
46 	unsigned long write_time;
47 	unsigned long read_bytes;
48 	unsigned long write_bytes;
49 	unsigned long start_time;
50 };
51 
52 static void start_timing(void)
53 {
54 	timing_stats.start_time = jiffies;
55 }
56 
57 static void end_read_timing(unsigned length)
58 {
59 	timing_stats.read_time += (jiffies - start_time);
60 	timing_stats.read_bytes += length + 2;
61 	report_timing();
62 }
63 
64 static void end_write_timing(unsigned length)
65 {
66 	timing_stats.write_time += (jiffies - start_time);
67 	timing_stats.write_bytes += length + 2;
68 	report_timing();
69 }
70 
71 static void report_timing(void)
72 {
73 	unsigned long since = jiffies - timing_stats.last_report_time;
74 
75 	/* If it's been more than one second... */
76 	if (since >= HZ) {
77 		int first = (timing_stats.last_report_time == 0);
78 
79 		timing_stats.last_report_time = jiffies;
80 		if (!first)
81 			printk(KERN_INFO IPWIRELESS_PCCARD_NAME
82 			       ": %u us elapsed - read %lu bytes in %u us, wrote %lu bytes in %u us\n",
83 			       jiffies_to_usecs(since),
84 			       timing_stats.read_bytes,
85 			       jiffies_to_usecs(timing_stats.read_time),
86 			       timing_stats.write_bytes,
87 			       jiffies_to_usecs(timing_stats.write_time));
88 
89 		timing_stats.read_time = 0;
90 		timing_stats.write_time = 0;
91 		timing_stats.read_bytes = 0;
92 		timing_stats.write_bytes = 0;
93 	}
94 }
95 #else
96 static void start_timing(void) { }
97 static void end_read_timing(unsigned length) { }
98 static void end_write_timing(unsigned length) { }
99 #endif
100 
101 /* Imported IPW definitions */
102 
103 #define LL_MTU_V1 318
104 #define LL_MTU_V2 250
105 #define LL_MTU_MAX (LL_MTU_V1 > LL_MTU_V2 ? LL_MTU_V1 : LL_MTU_V2)
106 
107 #define PRIO_DATA  2
108 #define PRIO_CTRL  1
109 #define PRIO_SETUP 0
110 
111 /* Addresses */
112 #define ADDR_SETUP_PROT 0
113 
114 /* Protocol ids */
115 enum {
116 	/* Identifier for the Com Data protocol */
117 	TL_PROTOCOLID_COM_DATA = 0,
118 
119 	/* Identifier for the Com Control protocol */
120 	TL_PROTOCOLID_COM_CTRL = 1,
121 
122 	/* Identifier for the Setup protocol */
123 	TL_PROTOCOLID_SETUP = 2
124 };
125 
126 /* Number of bytes in NL packet header (cannot do
127  * sizeof(nl_packet_header) since it's a bitfield) */
128 #define NL_FIRST_PACKET_HEADER_SIZE        3
129 
130 /* Number of bytes in NL packet header (cannot do
131  * sizeof(nl_packet_header) since it's a bitfield) */
132 #define NL_FOLLOWING_PACKET_HEADER_SIZE    1
133 
134 struct nl_first_packet_header {
135 	unsigned char protocol:3;
136 	unsigned char address:3;
137 	unsigned char packet_rank:2;
138 	unsigned char length_lsb;
139 	unsigned char length_msb;
140 };
141 
142 struct nl_packet_header {
143 	unsigned char protocol:3;
144 	unsigned char address:3;
145 	unsigned char packet_rank:2;
146 };
147 
148 /* Value of 'packet_rank' above */
149 #define NL_INTERMEDIATE_PACKET    0x0
150 #define NL_LAST_PACKET            0x1
151 #define NL_FIRST_PACKET           0x2
152 
153 union nl_packet {
154 	/* Network packet header of the first packet (a special case) */
155 	struct nl_first_packet_header hdr_first;
156 	/* Network packet header of the following packets (if any) */
157 	struct nl_packet_header hdr;
158 	/* Complete network packet (header + data) */
159 	unsigned char rawpkt[LL_MTU_MAX];
160 } __attribute__ ((__packed__));
161 
162 #define HW_VERSION_UNKNOWN -1
163 #define HW_VERSION_1 1
164 #define HW_VERSION_2 2
165 
166 /* IPW I/O ports */
167 #define IOIER 0x00		/* Interrupt Enable Register */
168 #define IOIR  0x02		/* Interrupt Source/ACK register */
169 #define IODCR 0x04		/* Data Control Register */
170 #define IODRR 0x06		/* Data Read Register */
171 #define IODWR 0x08		/* Data Write Register */
172 #define IOESR 0x0A		/* Embedded Driver Status Register */
173 #define IORXR 0x0C		/* Rx Fifo Register (Host to Embedded) */
174 #define IOTXR 0x0E		/* Tx Fifo Register (Embedded to Host) */
175 
176 /* I/O ports and bit definitions for version 1 of the hardware */
177 
178 /* IER bits*/
179 #define IER_RXENABLED   0x1
180 #define IER_TXENABLED   0x2
181 
182 /* ISR bits */
183 #define IR_RXINTR       0x1
184 #define IR_TXINTR       0x2
185 
186 /* DCR bits */
187 #define DCR_RXDONE      0x1
188 #define DCR_TXDONE      0x2
189 #define DCR_RXRESET     0x4
190 #define DCR_TXRESET     0x8
191 
192 /* I/O ports and bit definitions for version 2 of the hardware */
193 
194 struct MEMCCR {
195 	unsigned short reg_config_option;	/* PCCOR: Configuration Option Register */
196 	unsigned short reg_config_and_status;	/* PCCSR: Configuration and Status Register */
197 	unsigned short reg_pin_replacement;	/* PCPRR: Pin Replacemant Register */
198 	unsigned short reg_socket_and_copy;	/* PCSCR: Socket and Copy Register */
199 	unsigned short reg_ext_status;		/* PCESR: Extendend Status Register */
200 	unsigned short reg_io_base;		/* PCIOB: I/O Base Register */
201 };
202 
203 struct MEMINFREG {
204 	unsigned short memreg_tx_old;	/* TX Register (R/W) */
205 	unsigned short pad1;
206 	unsigned short memreg_rx_done;	/* RXDone Register (R/W) */
207 	unsigned short pad2;
208 	unsigned short memreg_rx;	/* RX Register (R/W) */
209 	unsigned short pad3;
210 	unsigned short memreg_pc_interrupt_ack;	/* PC intr Ack Register (W) */
211 	unsigned short pad4;
212 	unsigned long memreg_card_present;/* Mask for Host to check (R) for
213 					   * CARD_PRESENT_VALUE */
214 	unsigned short memreg_tx_new;	/* TX2 (new) Register (R/W) */
215 };
216 
217 #define CARD_PRESENT_VALUE (0xBEEFCAFEUL)
218 
219 #define MEMTX_TX                       0x0001
220 #define MEMRX_RX                       0x0001
221 #define MEMRX_RX_DONE                  0x0001
222 #define MEMRX_PCINTACKK                0x0001
223 
224 #define NL_NUM_OF_PRIORITIES       3
225 #define NL_NUM_OF_PROTOCOLS        3
226 #define NL_NUM_OF_ADDRESSES        NO_OF_IPW_CHANNELS
227 
228 struct ipw_hardware {
229 	unsigned int base_port;
230 	short hw_version;
231 	unsigned short ll_mtu;
232 	spinlock_t lock;
233 
234 	int initializing;
235 	int init_loops;
236 	struct timer_list setup_timer;
237 
238 	/* Flag if hw is ready to send next packet */
239 	int tx_ready;
240 	/* Count of pending packets to be sent */
241 	int tx_queued;
242 	struct list_head tx_queue[NL_NUM_OF_PRIORITIES];
243 
244 	int rx_bytes_queued;
245 	struct list_head rx_queue;
246 	/* Pool of rx_packet structures that are not currently used. */
247 	struct list_head rx_pool;
248 	int rx_pool_size;
249 	/* True if reception of data is blocked while userspace processes it. */
250 	int blocking_rx;
251 	/* True if there is RX data ready on the hardware. */
252 	int rx_ready;
253 	unsigned short last_memtx_serial;
254 	/*
255 	 * Newer versions of the V2 card firmware send serial numbers in the
256 	 * MemTX register. 'serial_number_detected' is set true when we detect
257 	 * a non-zero serial number (indicating the new firmware).  Thereafter,
258 	 * the driver can safely ignore the Timer Recovery re-sends to avoid
259 	 * out-of-sync problems.
260 	 */
261 	int serial_number_detected;
262 	struct work_struct work_rx;
263 
264 	/* True if we are to send the set-up data to the hardware. */
265 	int to_setup;
266 
267 	/* Card has been removed */
268 	int removed;
269 	/* Saved irq value when we disable the interrupt. */
270 	int irq;
271 	/* True if this driver is shutting down. */
272 	int shutting_down;
273 	/* Modem control lines */
274 	unsigned int control_lines[NL_NUM_OF_ADDRESSES];
275 	struct ipw_rx_packet *packet_assembler[NL_NUM_OF_ADDRESSES];
276 
277 	struct tasklet_struct tasklet;
278 
279 	/* The handle for the network layer, for the sending of events to it. */
280 	struct ipw_network *network;
281 	struct MEMINFREG __iomem *memory_info_regs;
282 	struct MEMCCR __iomem *memregs_CCR;
283 	void (*reboot_callback) (void *data);
284 	void *reboot_callback_data;
285 
286 	unsigned short __iomem *memreg_tx;
287 };
288 
289 /*
290  * Packet info structure for tx packets.
291  * Note: not all the fields defined here are required for all protocols
292  */
293 struct ipw_tx_packet {
294 	struct list_head queue;
295 	/* channel idx + 1 */
296 	unsigned char dest_addr;
297 	/* SETUP, CTRL or DATA */
298 	unsigned char protocol;
299 	/* Length of data block, which starts at the end of this structure */
300 	unsigned short length;
301 	/* Sending state */
302 	/* Offset of where we've sent up to so far */
303 	unsigned long offset;
304 	/* Count of packet fragments, starting at 0 */
305 	int fragment_count;
306 
307 	/* Called after packet is sent and before is freed */
308 	void (*packet_callback) (void *cb_data, unsigned int packet_length);
309 	void *callback_data;
310 };
311 
312 /* Signals from DTE */
313 #define COMCTRL_RTS	0
314 #define COMCTRL_DTR	1
315 
316 /* Signals from DCE */
317 #define COMCTRL_CTS	2
318 #define COMCTRL_DCD	3
319 #define COMCTRL_DSR	4
320 #define COMCTRL_RI	5
321 
322 struct ipw_control_packet_body {
323 	/* DTE signal or DCE signal */
324 	unsigned char sig_no;
325 	/* 0: set signal, 1: clear signal */
326 	unsigned char value;
327 } __attribute__ ((__packed__));
328 
329 struct ipw_control_packet {
330 	struct ipw_tx_packet header;
331 	struct ipw_control_packet_body body;
332 };
333 
334 struct ipw_rx_packet {
335 	struct list_head queue;
336 	unsigned int capacity;
337 	unsigned int length;
338 	unsigned int protocol;
339 	unsigned int channel_idx;
340 };
341 
342 static char *data_type(const unsigned char *buf, unsigned length)
343 {
344 	struct nl_packet_header *hdr = (struct nl_packet_header *) buf;
345 
346 	if (length == 0)
347 		return "     ";
348 
349 	if (hdr->packet_rank & NL_FIRST_PACKET) {
350 		switch (hdr->protocol) {
351 		case TL_PROTOCOLID_COM_DATA:	return "DATA ";
352 		case TL_PROTOCOLID_COM_CTRL:	return "CTRL ";
353 		case TL_PROTOCOLID_SETUP:	return "SETUP";
354 		default: return "???? ";
355 		}
356 	} else
357 		return "     ";
358 }
359 
360 #define DUMP_MAX_BYTES 64
361 
362 static void dump_data_bytes(const char *type, const unsigned char *data,
363 			    unsigned length)
364 {
365 	char prefix[56];
366 
367 	sprintf(prefix, IPWIRELESS_PCCARD_NAME ": %s %s ",
368 			type, data_type(data, length));
369 	print_hex_dump_bytes(prefix, 0, (void *)data,
370 			length < DUMP_MAX_BYTES ? length : DUMP_MAX_BYTES);
371 }
372 
373 static void swap_packet_bitfield_to_le(unsigned char *data)
374 {
375 #ifdef __BIG_ENDIAN_BITFIELD
376 	unsigned char tmp = *data, ret = 0;
377 
378 	/*
379 	 * transform bits from aa.bbb.ccc to ccc.bbb.aa
380 	 */
381 	ret |= (tmp & 0xc0) >> 6;
382 	ret |= (tmp & 0x38) >> 1;
383 	ret |= (tmp & 0x07) << 5;
384 	*data = ret & 0xff;
385 #endif
386 }
387 
388 static void swap_packet_bitfield_from_le(unsigned char *data)
389 {
390 #ifdef __BIG_ENDIAN_BITFIELD
391 	unsigned char tmp = *data, ret = 0;
392 
393 	/*
394 	 * transform bits from ccc.bbb.aa to aa.bbb.ccc
395 	 */
396 	ret |= (tmp & 0xe0) >> 5;
397 	ret |= (tmp & 0x1c) << 1;
398 	ret |= (tmp & 0x03) << 6;
399 	*data = ret & 0xff;
400 #endif
401 }
402 
403 static void do_send_fragment(struct ipw_hardware *hw, unsigned char *data,
404 			    unsigned length)
405 {
406 	unsigned i;
407 	unsigned long flags;
408 
409 	start_timing();
410 	BUG_ON(length > hw->ll_mtu);
411 
412 	if (ipwireless_debug)
413 		dump_data_bytes("send", data, length);
414 
415 	spin_lock_irqsave(&hw->lock, flags);
416 
417 	hw->tx_ready = 0;
418 	swap_packet_bitfield_to_le(data);
419 
420 	if (hw->hw_version == HW_VERSION_1) {
421 		outw((unsigned short) length, hw->base_port + IODWR);
422 
423 		for (i = 0; i < length; i += 2) {
424 			unsigned short d = data[i];
425 			__le16 raw_data;
426 
427 			if (i + 1 < length)
428 				d |= data[i + 1] << 8;
429 			raw_data = cpu_to_le16(d);
430 			outw(raw_data, hw->base_port + IODWR);
431 		}
432 
433 		outw(DCR_TXDONE, hw->base_port + IODCR);
434 	} else if (hw->hw_version == HW_VERSION_2) {
435 		outw((unsigned short) length, hw->base_port);
436 
437 		for (i = 0; i < length; i += 2) {
438 			unsigned short d = data[i];
439 			__le16 raw_data;
440 
441 			if (i + 1 < length)
442 				d |= data[i + 1] << 8;
443 			raw_data = cpu_to_le16(d);
444 			outw(raw_data, hw->base_port);
445 		}
446 		while ((i & 3) != 2) {
447 			outw((unsigned short) 0xDEAD, hw->base_port);
448 			i += 2;
449 		}
450 		writew(MEMRX_RX, &hw->memory_info_regs->memreg_rx);
451 	}
452 
453 	spin_unlock_irqrestore(&hw->lock, flags);
454 
455 	end_write_timing(length);
456 }
457 
458 static void do_send_packet(struct ipw_hardware *hw, struct ipw_tx_packet *packet)
459 {
460 	unsigned short fragment_data_len;
461 	unsigned short data_left = packet->length - packet->offset;
462 	unsigned short header_size;
463 	union nl_packet pkt;
464 
465 	header_size =
466 	    (packet->fragment_count == 0)
467 	    ? NL_FIRST_PACKET_HEADER_SIZE
468 	    : NL_FOLLOWING_PACKET_HEADER_SIZE;
469 	fragment_data_len = hw->ll_mtu - header_size;
470 	if (data_left < fragment_data_len)
471 		fragment_data_len = data_left;
472 
473 	/*
474 	 * hdr_first is now in machine bitfield order, which will be swapped
475 	 * to le just before it goes to hw
476 	 */
477 	pkt.hdr_first.protocol = packet->protocol;
478 	pkt.hdr_first.address = packet->dest_addr;
479 	pkt.hdr_first.packet_rank = 0;
480 
481 	/* First packet? */
482 	if (packet->fragment_count == 0) {
483 		pkt.hdr_first.packet_rank |= NL_FIRST_PACKET;
484 		pkt.hdr_first.length_lsb = (unsigned char) packet->length;
485 		pkt.hdr_first.length_msb =
486 			(unsigned char) (packet->length >> 8);
487 	}
488 
489 	memcpy(pkt.rawpkt + header_size,
490 	       ((unsigned char *) packet) + sizeof(struct ipw_tx_packet) +
491 	       packet->offset, fragment_data_len);
492 	packet->offset += fragment_data_len;
493 	packet->fragment_count++;
494 
495 	/* Last packet? (May also be first packet.) */
496 	if (packet->offset == packet->length)
497 		pkt.hdr_first.packet_rank |= NL_LAST_PACKET;
498 	do_send_fragment(hw, pkt.rawpkt, header_size + fragment_data_len);
499 
500 	/* If this packet has unsent data, then re-queue it. */
501 	if (packet->offset < packet->length) {
502 		/*
503 		 * Re-queue it at the head of the highest priority queue so
504 		 * it goes before all other packets
505 		 */
506 		unsigned long flags;
507 
508 		spin_lock_irqsave(&hw->lock, flags);
509 		list_add(&packet->queue, &hw->tx_queue[0]);
510 		hw->tx_queued++;
511 		spin_unlock_irqrestore(&hw->lock, flags);
512 	} else {
513 		if (packet->packet_callback)
514 			packet->packet_callback(packet->callback_data,
515 					packet->length);
516 		kfree(packet);
517 	}
518 }
519 
520 static void ipw_setup_hardware(struct ipw_hardware *hw)
521 {
522 	unsigned long flags;
523 
524 	spin_lock_irqsave(&hw->lock, flags);
525 	if (hw->hw_version == HW_VERSION_1) {
526 		/* Reset RX FIFO */
527 		outw(DCR_RXRESET, hw->base_port + IODCR);
528 		/* SB: Reset TX FIFO */
529 		outw(DCR_TXRESET, hw->base_port + IODCR);
530 
531 		/* Enable TX and RX interrupts. */
532 		outw(IER_TXENABLED | IER_RXENABLED, hw->base_port + IOIER);
533 	} else {
534 		/*
535 		 * Set INTRACK bit (bit 0), which means we must explicitly
536 		 * acknowledge interrupts by clearing bit 2 of reg_config_and_status.
537 		 */
538 		unsigned short csr = readw(&hw->memregs_CCR->reg_config_and_status);
539 
540 		csr |= 1;
541 		writew(csr, &hw->memregs_CCR->reg_config_and_status);
542 	}
543 	spin_unlock_irqrestore(&hw->lock, flags);
544 }
545 
546 /*
547  * If 'packet' is NULL, then this function allocates a new packet, setting its
548  * length to 0 and ensuring it has the specified minimum amount of free space.
549  *
550  * If 'packet' is not NULL, then this function enlarges it if it doesn't
551  * have the specified minimum amount of free space.
552  *
553  */
554 static struct ipw_rx_packet *pool_allocate(struct ipw_hardware *hw,
555 					   struct ipw_rx_packet *packet,
556 					   int minimum_free_space)
557 {
558 
559 	if (!packet) {
560 		unsigned long flags;
561 
562 		spin_lock_irqsave(&hw->lock, flags);
563 		if (!list_empty(&hw->rx_pool)) {
564 			packet = list_first_entry(&hw->rx_pool,
565 					struct ipw_rx_packet, queue);
566 			hw->rx_pool_size--;
567 			spin_unlock_irqrestore(&hw->lock, flags);
568 			list_del(&packet->queue);
569 		} else {
570 			const int min_capacity =
571 				ipwireless_ppp_mru(hw->network) + 2;
572 			int new_capacity;
573 
574 			spin_unlock_irqrestore(&hw->lock, flags);
575 			new_capacity =
576 				(minimum_free_space > min_capacity
577 				 ? minimum_free_space
578 				 : min_capacity);
579 			packet = kmalloc(sizeof(struct ipw_rx_packet)
580 					+ new_capacity, GFP_ATOMIC);
581 			if (!packet)
582 				return NULL;
583 			packet->capacity = new_capacity;
584 		}
585 		packet->length = 0;
586 	}
587 
588 	if (packet->length + minimum_free_space > packet->capacity) {
589 		struct ipw_rx_packet *old_packet = packet;
590 
591 		packet = kmalloc(sizeof(struct ipw_rx_packet) +
592 				old_packet->length + minimum_free_space,
593 				GFP_ATOMIC);
594 		if (!packet) {
595 			kfree(old_packet);
596 			return NULL;
597 		}
598 		memcpy(packet, old_packet,
599 				sizeof(struct ipw_rx_packet)
600 					+ old_packet->length);
601 		packet->capacity = old_packet->length + minimum_free_space;
602 		kfree(old_packet);
603 	}
604 
605 	return packet;
606 }
607 
608 static void pool_free(struct ipw_hardware *hw, struct ipw_rx_packet *packet)
609 {
610 	if (hw->rx_pool_size > 6)
611 		kfree(packet);
612 	else {
613 		hw->rx_pool_size++;
614 		list_add(&packet->queue, &hw->rx_pool);
615 	}
616 }
617 
618 static void queue_received_packet(struct ipw_hardware *hw,
619 				  unsigned int protocol,
620 				  unsigned int address,
621 				  const unsigned char *data, int length,
622 				  int is_last)
623 {
624 	unsigned int channel_idx = address - 1;
625 	struct ipw_rx_packet *packet = NULL;
626 	unsigned long flags;
627 
628 	/* Discard packet if channel index is out of range. */
629 	if (channel_idx >= NL_NUM_OF_ADDRESSES) {
630 		printk(KERN_INFO IPWIRELESS_PCCARD_NAME
631 		       ": data packet has bad address %u\n", address);
632 		return;
633 	}
634 
635 	/*
636 	 * ->packet_assembler is safe to touch unlocked, this is the only place
637 	 */
638 	if (protocol == TL_PROTOCOLID_COM_DATA) {
639 		struct ipw_rx_packet **assem =
640 			&hw->packet_assembler[channel_idx];
641 
642 		/*
643 		 * Create a new packet, or assembler already contains one
644 		 * enlarge it by 'length' bytes.
645 		 */
646 		(*assem) = pool_allocate(hw, *assem, length);
647 		if (!(*assem)) {
648 			printk(KERN_ERR IPWIRELESS_PCCARD_NAME
649 				": no memory for incoming data packet, dropped!\n");
650 			return;
651 		}
652 		(*assem)->protocol = protocol;
653 		(*assem)->channel_idx = channel_idx;
654 
655 		/* Append this packet data onto existing data. */
656 		memcpy((unsigned char *)(*assem) +
657 			       sizeof(struct ipw_rx_packet)
658 				+ (*assem)->length, data, length);
659 		(*assem)->length += length;
660 		if (is_last) {
661 			packet = *assem;
662 			*assem = NULL;
663 			/* Count queued DATA bytes only */
664 			spin_lock_irqsave(&hw->lock, flags);
665 			hw->rx_bytes_queued += packet->length;
666 			spin_unlock_irqrestore(&hw->lock, flags);
667 		}
668 	} else {
669 		/* If it's a CTRL packet, don't assemble, just queue it. */
670 		packet = pool_allocate(hw, NULL, length);
671 		if (!packet) {
672 			printk(KERN_ERR IPWIRELESS_PCCARD_NAME
673 				": no memory for incoming ctrl packet, dropped!\n");
674 			return;
675 		}
676 		packet->protocol = protocol;
677 		packet->channel_idx = channel_idx;
678 		memcpy((unsigned char *)packet + sizeof(struct ipw_rx_packet),
679 				data, length);
680 		packet->length = length;
681 	}
682 
683 	/*
684 	 * If this is the last packet, then send the assembled packet on to the
685 	 * network layer.
686 	 */
687 	if (packet) {
688 		spin_lock_irqsave(&hw->lock, flags);
689 		list_add_tail(&packet->queue, &hw->rx_queue);
690 		/* Block reception of incoming packets if queue is full. */
691 		hw->blocking_rx =
692 			(hw->rx_bytes_queued >= IPWIRELESS_RX_QUEUE_SIZE);
693 
694 		spin_unlock_irqrestore(&hw->lock, flags);
695 		schedule_work(&hw->work_rx);
696 	}
697 }
698 
699 /*
700  * Workqueue callback
701  */
702 static void ipw_receive_data_work(struct work_struct *work_rx)
703 {
704 	struct ipw_hardware *hw =
705 	    container_of(work_rx, struct ipw_hardware, work_rx);
706 	unsigned long flags;
707 
708 	spin_lock_irqsave(&hw->lock, flags);
709 	while (!list_empty(&hw->rx_queue)) {
710 		struct ipw_rx_packet *packet =
711 			list_first_entry(&hw->rx_queue,
712 					struct ipw_rx_packet, queue);
713 
714 		if (hw->shutting_down)
715 			break;
716 		list_del(&packet->queue);
717 
718 		/*
719 		 * Note: ipwireless_network_packet_received must be called in a
720 		 * process context (i.e. via schedule_work) because the tty
721 		 * output code can sleep in the tty_flip_buffer_push call.
722 		 */
723 		if (packet->protocol == TL_PROTOCOLID_COM_DATA) {
724 			if (hw->network != NULL) {
725 				/* If the network hasn't been disconnected. */
726 				spin_unlock_irqrestore(&hw->lock, flags);
727 				/*
728 				 * This must run unlocked due to tty processing
729 				 * and mutex locking
730 				 */
731 				ipwireless_network_packet_received(
732 						hw->network,
733 						packet->channel_idx,
734 						(unsigned char *)packet
735 						+ sizeof(struct ipw_rx_packet),
736 						packet->length);
737 				spin_lock_irqsave(&hw->lock, flags);
738 			}
739 			/* Count queued DATA bytes only */
740 			hw->rx_bytes_queued -= packet->length;
741 		} else {
742 			/*
743 			 * This is safe to be called locked, callchain does
744 			 * not block
745 			 */
746 			handle_received_CTRL_packet(hw, packet->channel_idx,
747 					(unsigned char *)packet
748 					+ sizeof(struct ipw_rx_packet),
749 					packet->length);
750 		}
751 		pool_free(hw, packet);
752 		/*
753 		 * Unblock reception of incoming packets if queue is no longer
754 		 * full.
755 		 */
756 		hw->blocking_rx =
757 			hw->rx_bytes_queued >= IPWIRELESS_RX_QUEUE_SIZE;
758 		if (hw->shutting_down)
759 			break;
760 	}
761 	spin_unlock_irqrestore(&hw->lock, flags);
762 }
763 
764 static void handle_received_CTRL_packet(struct ipw_hardware *hw,
765 					unsigned int channel_idx,
766 					const unsigned char *data, int len)
767 {
768 	const struct ipw_control_packet_body *body =
769 		(const struct ipw_control_packet_body *) data;
770 	unsigned int changed_mask;
771 
772 	if (len != sizeof(struct ipw_control_packet_body)) {
773 		printk(KERN_INFO IPWIRELESS_PCCARD_NAME
774 		       ": control packet was %d bytes - wrong size!\n",
775 		       len);
776 		return;
777 	}
778 
779 	switch (body->sig_no) {
780 	case COMCTRL_CTS:
781 		changed_mask = IPW_CONTROL_LINE_CTS;
782 		break;
783 	case COMCTRL_DCD:
784 		changed_mask = IPW_CONTROL_LINE_DCD;
785 		break;
786 	case COMCTRL_DSR:
787 		changed_mask = IPW_CONTROL_LINE_DSR;
788 		break;
789 	case COMCTRL_RI:
790 		changed_mask = IPW_CONTROL_LINE_RI;
791 		break;
792 	default:
793 		changed_mask = 0;
794 	}
795 
796 	if (changed_mask != 0) {
797 		if (body->value)
798 			hw->control_lines[channel_idx] |= changed_mask;
799 		else
800 			hw->control_lines[channel_idx] &= ~changed_mask;
801 		if (hw->network)
802 			ipwireless_network_notify_control_line_change(
803 					hw->network,
804 					channel_idx,
805 					hw->control_lines[channel_idx],
806 					changed_mask);
807 	}
808 }
809 
810 static void handle_received_packet(struct ipw_hardware *hw,
811 				   const union nl_packet *packet,
812 				   unsigned short len)
813 {
814 	unsigned int protocol = packet->hdr.protocol;
815 	unsigned int address = packet->hdr.address;
816 	unsigned int header_length;
817 	const unsigned char *data;
818 	unsigned int data_len;
819 	int is_last = packet->hdr.packet_rank & NL_LAST_PACKET;
820 
821 	if (packet->hdr.packet_rank & NL_FIRST_PACKET)
822 		header_length = NL_FIRST_PACKET_HEADER_SIZE;
823 	else
824 		header_length = NL_FOLLOWING_PACKET_HEADER_SIZE;
825 
826 	data = packet->rawpkt + header_length;
827 	data_len = len - header_length;
828 	switch (protocol) {
829 	case TL_PROTOCOLID_COM_DATA:
830 	case TL_PROTOCOLID_COM_CTRL:
831 		queue_received_packet(hw, protocol, address, data, data_len,
832 				is_last);
833 		break;
834 	case TL_PROTOCOLID_SETUP:
835 		handle_received_SETUP_packet(hw, address, data, data_len,
836 				is_last);
837 		break;
838 	}
839 }
840 
841 static void acknowledge_data_read(struct ipw_hardware *hw)
842 {
843 	if (hw->hw_version == HW_VERSION_1)
844 		outw(DCR_RXDONE, hw->base_port + IODCR);
845 	else
846 		writew(MEMRX_PCINTACKK,
847 				&hw->memory_info_regs->memreg_pc_interrupt_ack);
848 }
849 
850 /*
851  * Retrieve a packet from the IPW hardware.
852  */
853 static void do_receive_packet(struct ipw_hardware *hw)
854 {
855 	unsigned len;
856 	unsigned i;
857 	unsigned char pkt[LL_MTU_MAX];
858 
859 	start_timing();
860 
861 	if (hw->hw_version == HW_VERSION_1) {
862 		len = inw(hw->base_port + IODRR);
863 		if (len > hw->ll_mtu) {
864 			printk(KERN_INFO IPWIRELESS_PCCARD_NAME
865 			       ": received a packet of %u bytes - longer than the MTU!\n", len);
866 			outw(DCR_RXDONE | DCR_RXRESET, hw->base_port + IODCR);
867 			return;
868 		}
869 
870 		for (i = 0; i < len; i += 2) {
871 			__le16 raw_data = inw(hw->base_port + IODRR);
872 			unsigned short data = le16_to_cpu(raw_data);
873 
874 			pkt[i] = (unsigned char) data;
875 			pkt[i + 1] = (unsigned char) (data >> 8);
876 		}
877 	} else {
878 		len = inw(hw->base_port);
879 		if (len > hw->ll_mtu) {
880 			printk(KERN_INFO IPWIRELESS_PCCARD_NAME
881 			       ": received a packet of %u bytes - longer than the MTU!\n", len);
882 			writew(MEMRX_PCINTACKK,
883 				&hw->memory_info_regs->memreg_pc_interrupt_ack);
884 			return;
885 		}
886 
887 		for (i = 0; i < len; i += 2) {
888 			__le16 raw_data = inw(hw->base_port);
889 			unsigned short data = le16_to_cpu(raw_data);
890 
891 			pkt[i] = (unsigned char) data;
892 			pkt[i + 1] = (unsigned char) (data >> 8);
893 		}
894 
895 		while ((i & 3) != 2) {
896 			inw(hw->base_port);
897 			i += 2;
898 		}
899 	}
900 
901 	acknowledge_data_read(hw);
902 
903 	swap_packet_bitfield_from_le(pkt);
904 
905 	if (ipwireless_debug)
906 		dump_data_bytes("recv", pkt, len);
907 
908 	handle_received_packet(hw, (union nl_packet *) pkt, len);
909 
910 	end_read_timing(len);
911 }
912 
913 static int get_current_packet_priority(struct ipw_hardware *hw)
914 {
915 	/*
916 	 * If we're initializing, don't send anything of higher priority than
917 	 * PRIO_SETUP.  The network layer therefore need not care about
918 	 * hardware initialization - any of its stuff will simply be queued
919 	 * until setup is complete.
920 	 */
921 	return (hw->to_setup || hw->initializing
922 			? PRIO_SETUP + 1 : NL_NUM_OF_PRIORITIES);
923 }
924 
925 /*
926  * return 1 if something has been received from hw
927  */
928 static int get_packets_from_hw(struct ipw_hardware *hw)
929 {
930 	int received = 0;
931 	unsigned long flags;
932 
933 	spin_lock_irqsave(&hw->lock, flags);
934 	while (hw->rx_ready && !hw->blocking_rx) {
935 		received = 1;
936 		hw->rx_ready--;
937 		spin_unlock_irqrestore(&hw->lock, flags);
938 
939 		do_receive_packet(hw);
940 
941 		spin_lock_irqsave(&hw->lock, flags);
942 	}
943 	spin_unlock_irqrestore(&hw->lock, flags);
944 
945 	return received;
946 }
947 
948 /*
949  * Send pending packet up to given priority, prioritize SETUP data until
950  * hardware is fully setup.
951  *
952  * return 1 if more packets can be sent
953  */
954 static int send_pending_packet(struct ipw_hardware *hw, int priority_limit)
955 {
956 	int more_to_send = 0;
957 	unsigned long flags;
958 
959 	spin_lock_irqsave(&hw->lock, flags);
960 	if (hw->tx_queued && hw->tx_ready) {
961 		int priority;
962 		struct ipw_tx_packet *packet = NULL;
963 
964 		/* Pick a packet */
965 		for (priority = 0; priority < priority_limit; priority++) {
966 			if (!list_empty(&hw->tx_queue[priority])) {
967 				packet = list_first_entry(
968 						&hw->tx_queue[priority],
969 						struct ipw_tx_packet,
970 						queue);
971 
972 				hw->tx_queued--;
973 				list_del(&packet->queue);
974 
975 				break;
976 			}
977 		}
978 		if (!packet) {
979 			hw->tx_queued = 0;
980 			spin_unlock_irqrestore(&hw->lock, flags);
981 			return 0;
982 		}
983 
984 		spin_unlock_irqrestore(&hw->lock, flags);
985 
986 		/* Send */
987 		do_send_packet(hw, packet);
988 
989 		/* Check if more to send */
990 		spin_lock_irqsave(&hw->lock, flags);
991 		for (priority = 0; priority < priority_limit; priority++)
992 			if (!list_empty(&hw->tx_queue[priority])) {
993 				more_to_send = 1;
994 				break;
995 			}
996 
997 		if (!more_to_send)
998 			hw->tx_queued = 0;
999 	}
1000 	spin_unlock_irqrestore(&hw->lock, flags);
1001 
1002 	return more_to_send;
1003 }
1004 
1005 /*
1006  * Send and receive all queued packets.
1007  */
1008 static void ipwireless_do_tasklet(unsigned long hw_)
1009 {
1010 	struct ipw_hardware *hw = (struct ipw_hardware *) hw_;
1011 	unsigned long flags;
1012 
1013 	spin_lock_irqsave(&hw->lock, flags);
1014 	if (hw->shutting_down) {
1015 		spin_unlock_irqrestore(&hw->lock, flags);
1016 		return;
1017 	}
1018 
1019 	if (hw->to_setup == 1) {
1020 		/*
1021 		 * Initial setup data sent to hardware
1022 		 */
1023 		hw->to_setup = 2;
1024 		spin_unlock_irqrestore(&hw->lock, flags);
1025 
1026 		ipw_setup_hardware(hw);
1027 		ipw_send_setup_packet(hw);
1028 
1029 		send_pending_packet(hw, PRIO_SETUP + 1);
1030 		get_packets_from_hw(hw);
1031 	} else {
1032 		int priority_limit = get_current_packet_priority(hw);
1033 		int again;
1034 
1035 		spin_unlock_irqrestore(&hw->lock, flags);
1036 
1037 		do {
1038 			again = send_pending_packet(hw, priority_limit);
1039 			again |= get_packets_from_hw(hw);
1040 		} while (again);
1041 	}
1042 }
1043 
1044 /*
1045  * return true if the card is physically present.
1046  */
1047 static int is_card_present(struct ipw_hardware *hw)
1048 {
1049 	if (hw->hw_version == HW_VERSION_1)
1050 		return inw(hw->base_port + IOIR) != 0xFFFF;
1051 	else
1052 		return readl(&hw->memory_info_regs->memreg_card_present) ==
1053 		    CARD_PRESENT_VALUE;
1054 }
1055 
1056 static irqreturn_t ipwireless_handle_v1_interrupt(int irq,
1057 						  struct ipw_hardware *hw)
1058 {
1059 	unsigned short irqn;
1060 
1061 	irqn = inw(hw->base_port + IOIR);
1062 
1063 	/* Check if card is present */
1064 	if (irqn == 0xFFFF)
1065 		return IRQ_NONE;
1066 	else if (irqn != 0) {
1067 		unsigned short ack = 0;
1068 		unsigned long flags;
1069 
1070 		/* Transmit complete. */
1071 		if (irqn & IR_TXINTR) {
1072 			ack |= IR_TXINTR;
1073 			spin_lock_irqsave(&hw->lock, flags);
1074 			hw->tx_ready = 1;
1075 			spin_unlock_irqrestore(&hw->lock, flags);
1076 		}
1077 		/* Received data */
1078 		if (irqn & IR_RXINTR) {
1079 			ack |= IR_RXINTR;
1080 			spin_lock_irqsave(&hw->lock, flags);
1081 			hw->rx_ready++;
1082 			spin_unlock_irqrestore(&hw->lock, flags);
1083 		}
1084 		if (ack != 0) {
1085 			outw(ack, hw->base_port + IOIR);
1086 			tasklet_schedule(&hw->tasklet);
1087 		}
1088 		return IRQ_HANDLED;
1089 	}
1090 	return IRQ_NONE;
1091 }
1092 
1093 static void acknowledge_pcmcia_interrupt(struct ipw_hardware *hw)
1094 {
1095 	unsigned short csr = readw(&hw->memregs_CCR->reg_config_and_status);
1096 
1097 	csr &= 0xfffd;
1098 	writew(csr, &hw->memregs_CCR->reg_config_and_status);
1099 }
1100 
1101 static irqreturn_t ipwireless_handle_v2_v3_interrupt(int irq,
1102 						     struct ipw_hardware *hw)
1103 {
1104 	int tx = 0;
1105 	int rx = 0;
1106 	int rx_repeat = 0;
1107 	int try_mem_tx_old;
1108 	unsigned long flags;
1109 
1110 	do {
1111 
1112 	unsigned short memtx = readw(hw->memreg_tx);
1113 	unsigned short memtx_serial;
1114 	unsigned short memrxdone =
1115 		readw(&hw->memory_info_regs->memreg_rx_done);
1116 
1117 	try_mem_tx_old = 0;
1118 
1119 	/* check whether the interrupt was generated by ipwireless card */
1120 	if (!(memtx & MEMTX_TX) && !(memrxdone & MEMRX_RX_DONE)) {
1121 
1122 		/* check if the card uses memreg_tx_old register */
1123 		if (hw->memreg_tx == &hw->memory_info_regs->memreg_tx_new) {
1124 			memtx = readw(&hw->memory_info_regs->memreg_tx_old);
1125 			if (memtx & MEMTX_TX) {
1126 				printk(KERN_INFO IPWIRELESS_PCCARD_NAME
1127 					": Using memreg_tx_old\n");
1128 				hw->memreg_tx =
1129 					&hw->memory_info_regs->memreg_tx_old;
1130 			} else {
1131 				return IRQ_NONE;
1132 			}
1133 		} else
1134 			return IRQ_NONE;
1135 	}
1136 
1137 	/*
1138 	 * See if the card is physically present. Note that while it is
1139 	 * powering up, it appears not to be present.
1140 	 */
1141 	if (!is_card_present(hw)) {
1142 		acknowledge_pcmcia_interrupt(hw);
1143 		return IRQ_HANDLED;
1144 	}
1145 
1146 	memtx_serial = memtx & (unsigned short) 0xff00;
1147 	if (memtx & MEMTX_TX) {
1148 		writew(memtx_serial, hw->memreg_tx);
1149 
1150 		if (hw->serial_number_detected) {
1151 			if (memtx_serial != hw->last_memtx_serial) {
1152 				hw->last_memtx_serial = memtx_serial;
1153 				spin_lock_irqsave(&hw->lock, flags);
1154 				hw->rx_ready++;
1155 				spin_unlock_irqrestore(&hw->lock, flags);
1156 				rx = 1;
1157 			} else
1158 				/* Ignore 'Timer Recovery' duplicates. */
1159 				rx_repeat = 1;
1160 		} else {
1161 			/*
1162 			 * If a non-zero serial number is seen, then enable
1163 			 * serial number checking.
1164 			 */
1165 			if (memtx_serial != 0) {
1166 				hw->serial_number_detected = 1;
1167 				printk(KERN_DEBUG IPWIRELESS_PCCARD_NAME
1168 					": memreg_tx serial num detected\n");
1169 
1170 				spin_lock_irqsave(&hw->lock, flags);
1171 				hw->rx_ready++;
1172 				spin_unlock_irqrestore(&hw->lock, flags);
1173 			}
1174 			rx = 1;
1175 		}
1176 	}
1177 	if (memrxdone & MEMRX_RX_DONE) {
1178 		writew(0, &hw->memory_info_regs->memreg_rx_done);
1179 		spin_lock_irqsave(&hw->lock, flags);
1180 		hw->tx_ready = 1;
1181 		spin_unlock_irqrestore(&hw->lock, flags);
1182 		tx = 1;
1183 	}
1184 	if (tx)
1185 		writew(MEMRX_PCINTACKK,
1186 				&hw->memory_info_regs->memreg_pc_interrupt_ack);
1187 
1188 	acknowledge_pcmcia_interrupt(hw);
1189 
1190 	if (tx || rx)
1191 		tasklet_schedule(&hw->tasklet);
1192 	else if (!rx_repeat) {
1193 		if (hw->memreg_tx == &hw->memory_info_regs->memreg_tx_new) {
1194 			if (hw->serial_number_detected)
1195 				printk(KERN_WARNING IPWIRELESS_PCCARD_NAME
1196 					": spurious interrupt - new_tx mode\n");
1197 			else {
1198 				printk(KERN_WARNING IPWIRELESS_PCCARD_NAME
1199 					": no valid memreg_tx value - switching to the old memreg_tx\n");
1200 				hw->memreg_tx =
1201 					&hw->memory_info_regs->memreg_tx_old;
1202 				try_mem_tx_old = 1;
1203 			}
1204 		} else
1205 			printk(KERN_WARNING IPWIRELESS_PCCARD_NAME
1206 					": spurious interrupt - old_tx mode\n");
1207 	}
1208 
1209 	} while (try_mem_tx_old == 1);
1210 
1211 	return IRQ_HANDLED;
1212 }
1213 
1214 irqreturn_t ipwireless_interrupt(int irq, void *dev_id)
1215 {
1216 	struct ipw_dev *ipw = dev_id;
1217 
1218 	if (ipw->hardware->hw_version == HW_VERSION_1)
1219 		return ipwireless_handle_v1_interrupt(irq, ipw->hardware);
1220 	else
1221 		return ipwireless_handle_v2_v3_interrupt(irq, ipw->hardware);
1222 }
1223 
1224 static void flush_packets_to_hw(struct ipw_hardware *hw)
1225 {
1226 	int priority_limit;
1227 	unsigned long flags;
1228 
1229 	spin_lock_irqsave(&hw->lock, flags);
1230 	priority_limit = get_current_packet_priority(hw);
1231 	spin_unlock_irqrestore(&hw->lock, flags);
1232 
1233 	while (send_pending_packet(hw, priority_limit));
1234 }
1235 
1236 static void send_packet(struct ipw_hardware *hw, int priority,
1237 			struct ipw_tx_packet *packet)
1238 {
1239 	unsigned long flags;
1240 
1241 	spin_lock_irqsave(&hw->lock, flags);
1242 	list_add_tail(&packet->queue, &hw->tx_queue[priority]);
1243 	hw->tx_queued++;
1244 	spin_unlock_irqrestore(&hw->lock, flags);
1245 
1246 	flush_packets_to_hw(hw);
1247 }
1248 
1249 /* Create data packet, non-atomic allocation */
1250 static void *alloc_data_packet(int data_size,
1251 				unsigned char dest_addr,
1252 				unsigned char protocol)
1253 {
1254 	struct ipw_tx_packet *packet = kzalloc(
1255 			sizeof(struct ipw_tx_packet) + data_size,
1256 			GFP_ATOMIC);
1257 
1258 	if (!packet)
1259 		return NULL;
1260 
1261 	INIT_LIST_HEAD(&packet->queue);
1262 	packet->dest_addr = dest_addr;
1263 	packet->protocol = protocol;
1264 	packet->length = data_size;
1265 
1266 	return packet;
1267 }
1268 
1269 static void *alloc_ctrl_packet(int header_size,
1270 			       unsigned char dest_addr,
1271 			       unsigned char protocol,
1272 			       unsigned char sig_no)
1273 {
1274 	/*
1275 	 * sig_no is located right after ipw_tx_packet struct in every
1276 	 * CTRL or SETUP packets, we can use ipw_control_packet as a
1277 	 * common struct
1278 	 */
1279 	struct ipw_control_packet *packet = kzalloc(header_size, GFP_ATOMIC);
1280 
1281 	if (!packet)
1282 		return NULL;
1283 
1284 	INIT_LIST_HEAD(&packet->header.queue);
1285 	packet->header.dest_addr = dest_addr;
1286 	packet->header.protocol = protocol;
1287 	packet->header.length = header_size - sizeof(struct ipw_tx_packet);
1288 	packet->body.sig_no = sig_no;
1289 
1290 	return packet;
1291 }
1292 
1293 int ipwireless_send_packet(struct ipw_hardware *hw, unsigned int channel_idx,
1294 			    const unsigned char *data, unsigned int length,
1295 			    void (*callback) (void *cb, unsigned int length),
1296 			    void *callback_data)
1297 {
1298 	struct ipw_tx_packet *packet;
1299 
1300 	packet = alloc_data_packet(length, (channel_idx + 1),
1301 			TL_PROTOCOLID_COM_DATA);
1302 	if (!packet)
1303 		return -ENOMEM;
1304 	packet->packet_callback = callback;
1305 	packet->callback_data = callback_data;
1306 	memcpy((unsigned char *) packet + sizeof(struct ipw_tx_packet), data,
1307 			length);
1308 
1309 	send_packet(hw, PRIO_DATA, packet);
1310 	return 0;
1311 }
1312 
1313 static int set_control_line(struct ipw_hardware *hw, int prio,
1314 			   unsigned int channel_idx, int line, int state)
1315 {
1316 	struct ipw_control_packet *packet;
1317 	int protocolid = TL_PROTOCOLID_COM_CTRL;
1318 
1319 	if (prio == PRIO_SETUP)
1320 		protocolid = TL_PROTOCOLID_SETUP;
1321 
1322 	packet = alloc_ctrl_packet(sizeof(struct ipw_control_packet),
1323 			(channel_idx + 1), protocolid, line);
1324 	if (!packet)
1325 		return -ENOMEM;
1326 	packet->header.length = sizeof(struct ipw_control_packet_body);
1327 	packet->body.value = (state == 0 ? 0 : 1);
1328 	send_packet(hw, prio, &packet->header);
1329 	return 0;
1330 }
1331 
1332 
1333 static int set_DTR(struct ipw_hardware *hw, int priority,
1334 		   unsigned int channel_idx, int state)
1335 {
1336 	if (state != 0)
1337 		hw->control_lines[channel_idx] |= IPW_CONTROL_LINE_DTR;
1338 	else
1339 		hw->control_lines[channel_idx] &= ~IPW_CONTROL_LINE_DTR;
1340 
1341 	return set_control_line(hw, priority, channel_idx, COMCTRL_DTR, state);
1342 }
1343 
1344 static int set_RTS(struct ipw_hardware *hw, int priority,
1345 		   unsigned int channel_idx, int state)
1346 {
1347 	if (state != 0)
1348 		hw->control_lines[channel_idx] |= IPW_CONTROL_LINE_RTS;
1349 	else
1350 		hw->control_lines[channel_idx] &= ~IPW_CONTROL_LINE_RTS;
1351 
1352 	return set_control_line(hw, priority, channel_idx, COMCTRL_RTS, state);
1353 }
1354 
1355 int ipwireless_set_DTR(struct ipw_hardware *hw, unsigned int channel_idx,
1356 		       int state)
1357 {
1358 	return set_DTR(hw, PRIO_CTRL, channel_idx, state);
1359 }
1360 
1361 int ipwireless_set_RTS(struct ipw_hardware *hw, unsigned int channel_idx,
1362 		       int state)
1363 {
1364 	return set_RTS(hw, PRIO_CTRL, channel_idx, state);
1365 }
1366 
1367 struct ipw_setup_get_version_query_packet {
1368 	struct ipw_tx_packet header;
1369 	struct tl_setup_get_version_qry body;
1370 };
1371 
1372 struct ipw_setup_config_packet {
1373 	struct ipw_tx_packet header;
1374 	struct tl_setup_config_msg body;
1375 };
1376 
1377 struct ipw_setup_config_done_packet {
1378 	struct ipw_tx_packet header;
1379 	struct tl_setup_config_done_msg body;
1380 };
1381 
1382 struct ipw_setup_open_packet {
1383 	struct ipw_tx_packet header;
1384 	struct tl_setup_open_msg body;
1385 };
1386 
1387 struct ipw_setup_info_packet {
1388 	struct ipw_tx_packet header;
1389 	struct tl_setup_info_msg body;
1390 };
1391 
1392 struct ipw_setup_reboot_msg_ack {
1393 	struct ipw_tx_packet header;
1394 	struct TlSetupRebootMsgAck body;
1395 };
1396 
1397 /* This handles the actual initialization of the card */
1398 static void __handle_setup_get_version_rsp(struct ipw_hardware *hw)
1399 {
1400 	struct ipw_setup_config_packet *config_packet;
1401 	struct ipw_setup_config_done_packet *config_done_packet;
1402 	struct ipw_setup_open_packet *open_packet;
1403 	struct ipw_setup_info_packet *info_packet;
1404 	int port;
1405 	unsigned int channel_idx;
1406 
1407 	/* generate config packet */
1408 	for (port = 1; port <= NL_NUM_OF_ADDRESSES; port++) {
1409 		config_packet = alloc_ctrl_packet(
1410 				sizeof(struct ipw_setup_config_packet),
1411 				ADDR_SETUP_PROT,
1412 				TL_PROTOCOLID_SETUP,
1413 				TL_SETUP_SIGNO_CONFIG_MSG);
1414 		if (!config_packet)
1415 			goto exit_nomem;
1416 		config_packet->header.length = sizeof(struct tl_setup_config_msg);
1417 		config_packet->body.port_no = port;
1418 		config_packet->body.prio_data = PRIO_DATA;
1419 		config_packet->body.prio_ctrl = PRIO_CTRL;
1420 		send_packet(hw, PRIO_SETUP, &config_packet->header);
1421 	}
1422 	config_done_packet = alloc_ctrl_packet(
1423 			sizeof(struct ipw_setup_config_done_packet),
1424 			ADDR_SETUP_PROT,
1425 			TL_PROTOCOLID_SETUP,
1426 			TL_SETUP_SIGNO_CONFIG_DONE_MSG);
1427 	if (!config_done_packet)
1428 		goto exit_nomem;
1429 	config_done_packet->header.length = sizeof(struct tl_setup_config_done_msg);
1430 	send_packet(hw, PRIO_SETUP, &config_done_packet->header);
1431 
1432 	/* generate open packet */
1433 	for (port = 1; port <= NL_NUM_OF_ADDRESSES; port++) {
1434 		open_packet = alloc_ctrl_packet(
1435 				sizeof(struct ipw_setup_open_packet),
1436 				ADDR_SETUP_PROT,
1437 				TL_PROTOCOLID_SETUP,
1438 				TL_SETUP_SIGNO_OPEN_MSG);
1439 		if (!open_packet)
1440 			goto exit_nomem;
1441 		open_packet->header.length = sizeof(struct tl_setup_open_msg);
1442 		open_packet->body.port_no = port;
1443 		send_packet(hw, PRIO_SETUP, &open_packet->header);
1444 	}
1445 	for (channel_idx = 0;
1446 			channel_idx < NL_NUM_OF_ADDRESSES; channel_idx++) {
1447 		int ret;
1448 
1449 		ret = set_DTR(hw, PRIO_SETUP, channel_idx,
1450 			(hw->control_lines[channel_idx] &
1451 			 IPW_CONTROL_LINE_DTR) != 0);
1452 		if (ret) {
1453 			printk(KERN_ERR IPWIRELESS_PCCARD_NAME
1454 					": error setting DTR (%d)\n", ret);
1455 			return;
1456 		}
1457 
1458 		set_RTS(hw, PRIO_SETUP, channel_idx,
1459 			(hw->control_lines [channel_idx] &
1460 			 IPW_CONTROL_LINE_RTS) != 0);
1461 		if (ret) {
1462 			printk(KERN_ERR IPWIRELESS_PCCARD_NAME
1463 					": error setting RTS (%d)\n", ret);
1464 			return;
1465 		}
1466 	}
1467 	/*
1468 	 * For NDIS we assume that we are using sync PPP frames, for COM async.
1469 	 * This driver uses NDIS mode too. We don't bother with translation
1470 	 * from async -> sync PPP.
1471 	 */
1472 	info_packet = alloc_ctrl_packet(sizeof(struct ipw_setup_info_packet),
1473 			ADDR_SETUP_PROT,
1474 			TL_PROTOCOLID_SETUP,
1475 			TL_SETUP_SIGNO_INFO_MSG);
1476 	if (!info_packet)
1477 		goto exit_nomem;
1478 	info_packet->header.length = sizeof(struct tl_setup_info_msg);
1479 	info_packet->body.driver_type = NDISWAN_DRIVER;
1480 	info_packet->body.major_version = NDISWAN_DRIVER_MAJOR_VERSION;
1481 	info_packet->body.minor_version = NDISWAN_DRIVER_MINOR_VERSION;
1482 	send_packet(hw, PRIO_SETUP, &info_packet->header);
1483 
1484 	/* Initialization is now complete, so we clear the 'to_setup' flag */
1485 	hw->to_setup = 0;
1486 
1487 	return;
1488 
1489 exit_nomem:
1490 	printk(KERN_ERR IPWIRELESS_PCCARD_NAME
1491 			": not enough memory to alloc control packet\n");
1492 	hw->to_setup = -1;
1493 }
1494 
1495 static void handle_setup_get_version_rsp(struct ipw_hardware *hw,
1496 		unsigned char vers_no)
1497 {
1498 	del_timer(&hw->setup_timer);
1499 	hw->initializing = 0;
1500 	printk(KERN_INFO IPWIRELESS_PCCARD_NAME ": card is ready.\n");
1501 
1502 	if (vers_no == TL_SETUP_VERSION)
1503 		__handle_setup_get_version_rsp(hw);
1504 	else
1505 		printk(KERN_ERR IPWIRELESS_PCCARD_NAME
1506 				": invalid hardware version no %u\n",
1507 				(unsigned int) vers_no);
1508 }
1509 
1510 static void ipw_send_setup_packet(struct ipw_hardware *hw)
1511 {
1512 	struct ipw_setup_get_version_query_packet *ver_packet;
1513 
1514 	ver_packet = alloc_ctrl_packet(
1515 			sizeof(struct ipw_setup_get_version_query_packet),
1516 			ADDR_SETUP_PROT, TL_PROTOCOLID_SETUP,
1517 			TL_SETUP_SIGNO_GET_VERSION_QRY);
1518 	ver_packet->header.length = sizeof(struct tl_setup_get_version_qry);
1519 
1520 	/*
1521 	 * Response is handled in handle_received_SETUP_packet
1522 	 */
1523 	send_packet(hw, PRIO_SETUP, &ver_packet->header);
1524 }
1525 
1526 static void handle_received_SETUP_packet(struct ipw_hardware *hw,
1527 					 unsigned int address,
1528 					 const unsigned char *data, int len,
1529 					 int is_last)
1530 {
1531 	const union ipw_setup_rx_msg *rx_msg = (const union ipw_setup_rx_msg *) data;
1532 
1533 	if (address != ADDR_SETUP_PROT) {
1534 		printk(KERN_INFO IPWIRELESS_PCCARD_NAME
1535 		       ": setup packet has bad address %d\n", address);
1536 		return;
1537 	}
1538 
1539 	switch (rx_msg->sig_no) {
1540 	case TL_SETUP_SIGNO_GET_VERSION_RSP:
1541 		if (hw->to_setup)
1542 			handle_setup_get_version_rsp(hw,
1543 					rx_msg->version_rsp_msg.version);
1544 		break;
1545 
1546 	case TL_SETUP_SIGNO_OPEN_MSG:
1547 		if (ipwireless_debug) {
1548 			unsigned int channel_idx = rx_msg->open_msg.port_no - 1;
1549 
1550 			printk(KERN_INFO IPWIRELESS_PCCARD_NAME
1551 			       ": OPEN_MSG [channel %u] reply received\n",
1552 			       channel_idx);
1553 		}
1554 		break;
1555 
1556 	case TL_SETUP_SIGNO_INFO_MSG_ACK:
1557 		if (ipwireless_debug)
1558 			printk(KERN_DEBUG IPWIRELESS_PCCARD_NAME
1559 			       ": card successfully configured as NDISWAN\n");
1560 		break;
1561 
1562 	case TL_SETUP_SIGNO_REBOOT_MSG:
1563 		if (hw->to_setup)
1564 			printk(KERN_DEBUG IPWIRELESS_PCCARD_NAME
1565 			       ": Setup not completed - ignoring reboot msg\n");
1566 		else {
1567 			struct ipw_setup_reboot_msg_ack *packet;
1568 
1569 			printk(KERN_DEBUG IPWIRELESS_PCCARD_NAME
1570 			       ": Acknowledging REBOOT message\n");
1571 			packet = alloc_ctrl_packet(
1572 					sizeof(struct ipw_setup_reboot_msg_ack),
1573 					ADDR_SETUP_PROT, TL_PROTOCOLID_SETUP,
1574 					TL_SETUP_SIGNO_REBOOT_MSG_ACK);
1575 			packet->header.length =
1576 				sizeof(struct TlSetupRebootMsgAck);
1577 			send_packet(hw, PRIO_SETUP, &packet->header);
1578 			if (hw->reboot_callback)
1579 				hw->reboot_callback(hw->reboot_callback_data);
1580 		}
1581 		break;
1582 
1583 	default:
1584 		printk(KERN_INFO IPWIRELESS_PCCARD_NAME
1585 		       ": unknown setup message %u received\n",
1586 		       (unsigned int) rx_msg->sig_no);
1587 	}
1588 }
1589 
1590 static void do_close_hardware(struct ipw_hardware *hw)
1591 {
1592 	unsigned int irqn;
1593 
1594 	if (hw->hw_version == HW_VERSION_1) {
1595 		/* Disable TX and RX interrupts. */
1596 		outw(0, hw->base_port + IOIER);
1597 
1598 		/* Acknowledge any outstanding interrupt requests */
1599 		irqn = inw(hw->base_port + IOIR);
1600 		if (irqn & IR_TXINTR)
1601 			outw(IR_TXINTR, hw->base_port + IOIR);
1602 		if (irqn & IR_RXINTR)
1603 			outw(IR_RXINTR, hw->base_port + IOIR);
1604 
1605 		synchronize_irq(hw->irq);
1606 	}
1607 }
1608 
1609 struct ipw_hardware *ipwireless_hardware_create(void)
1610 {
1611 	int i;
1612 	struct ipw_hardware *hw =
1613 		kzalloc(sizeof(struct ipw_hardware), GFP_KERNEL);
1614 
1615 	if (!hw)
1616 		return NULL;
1617 
1618 	hw->irq = -1;
1619 	hw->initializing = 1;
1620 	hw->tx_ready = 1;
1621 	hw->rx_bytes_queued = 0;
1622 	hw->rx_pool_size = 0;
1623 	hw->last_memtx_serial = (unsigned short) 0xffff;
1624 	for (i = 0; i < NL_NUM_OF_PRIORITIES; i++)
1625 		INIT_LIST_HEAD(&hw->tx_queue[i]);
1626 
1627 	INIT_LIST_HEAD(&hw->rx_queue);
1628 	INIT_LIST_HEAD(&hw->rx_pool);
1629 	spin_lock_init(&hw->lock);
1630 	tasklet_init(&hw->tasklet, ipwireless_do_tasklet, (unsigned long) hw);
1631 	INIT_WORK(&hw->work_rx, ipw_receive_data_work);
1632 	setup_timer(&hw->setup_timer, ipwireless_setup_timer,
1633 			(unsigned long) hw);
1634 
1635 	return hw;
1636 }
1637 
1638 void ipwireless_init_hardware_v1(struct ipw_hardware *hw,
1639 		unsigned int base_port,
1640 		void __iomem *attr_memory,
1641 		void __iomem *common_memory,
1642 		int is_v2_card,
1643 		void (*reboot_callback) (void *data),
1644 		void *reboot_callback_data)
1645 {
1646 	if (hw->removed) {
1647 		hw->removed = 0;
1648 		enable_irq(hw->irq);
1649 	}
1650 	hw->base_port = base_port;
1651 	hw->hw_version = (is_v2_card ? HW_VERSION_2 : HW_VERSION_1);
1652 	hw->ll_mtu = (hw->hw_version == HW_VERSION_1 ? LL_MTU_V1 : LL_MTU_V2);
1653 	hw->memregs_CCR = (struct MEMCCR __iomem *)
1654 			((unsigned short __iomem *) attr_memory + 0x200);
1655 	hw->memory_info_regs = (struct MEMINFREG __iomem *) common_memory;
1656 	hw->memreg_tx = &hw->memory_info_regs->memreg_tx_new;
1657 	hw->reboot_callback = reboot_callback;
1658 	hw->reboot_callback_data = reboot_callback_data;
1659 }
1660 
1661 void ipwireless_init_hardware_v2_v3(struct ipw_hardware *hw)
1662 {
1663 	hw->initializing = 1;
1664 	hw->init_loops = 0;
1665 	printk(KERN_INFO IPWIRELESS_PCCARD_NAME
1666 	       ": waiting for card to start up...\n");
1667 	ipwireless_setup_timer((unsigned long) hw);
1668 }
1669 
1670 static void ipwireless_setup_timer(unsigned long data)
1671 {
1672 	struct ipw_hardware *hw = (struct ipw_hardware *) data;
1673 
1674 	hw->init_loops++;
1675 
1676 	if (hw->init_loops == TL_SETUP_MAX_VERSION_QRY &&
1677 			hw->hw_version == HW_VERSION_2 &&
1678 			hw->memreg_tx == &hw->memory_info_regs->memreg_tx_new) {
1679 		printk(KERN_INFO IPWIRELESS_PCCARD_NAME
1680 				": failed to startup using TX2, trying TX\n");
1681 
1682 		hw->memreg_tx = &hw->memory_info_regs->memreg_tx_old;
1683 		hw->init_loops = 0;
1684 	}
1685 	/* Give up after a certain number of retries */
1686 	if (hw->init_loops == TL_SETUP_MAX_VERSION_QRY) {
1687 		printk(KERN_INFO IPWIRELESS_PCCARD_NAME
1688 		       ": card failed to start up!\n");
1689 		hw->initializing = 0;
1690 	} else {
1691 		/* Do not attempt to write to the board if it is not present. */
1692 		if (is_card_present(hw)) {
1693 			unsigned long flags;
1694 
1695 			spin_lock_irqsave(&hw->lock, flags);
1696 			hw->to_setup = 1;
1697 			hw->tx_ready = 1;
1698 			spin_unlock_irqrestore(&hw->lock, flags);
1699 			tasklet_schedule(&hw->tasklet);
1700 		}
1701 
1702 		mod_timer(&hw->setup_timer,
1703 			jiffies + msecs_to_jiffies(TL_SETUP_VERSION_QRY_TMO));
1704 	}
1705 }
1706 
1707 /*
1708  * Stop any interrupts from executing so that, once this function returns,
1709  * other layers of the driver can be sure they won't get any more callbacks.
1710  * Thus must be called on a proper process context.
1711  */
1712 void ipwireless_stop_interrupts(struct ipw_hardware *hw)
1713 {
1714 	if (!hw->shutting_down) {
1715 		/* Tell everyone we are going down. */
1716 		hw->shutting_down = 1;
1717 		del_timer(&hw->setup_timer);
1718 
1719 		/* Prevent the hardware from sending any more interrupts */
1720 		do_close_hardware(hw);
1721 	}
1722 }
1723 
1724 void ipwireless_hardware_free(struct ipw_hardware *hw)
1725 {
1726 	int i;
1727 	struct ipw_rx_packet *rp, *rq;
1728 	struct ipw_tx_packet *tp, *tq;
1729 
1730 	ipwireless_stop_interrupts(hw);
1731 
1732 	flush_work(&hw->work_rx);
1733 
1734 	for (i = 0; i < NL_NUM_OF_ADDRESSES; i++)
1735 		kfree(hw->packet_assembler[i]);
1736 
1737 	for (i = 0; i < NL_NUM_OF_PRIORITIES; i++)
1738 		list_for_each_entry_safe(tp, tq, &hw->tx_queue[i], queue) {
1739 			list_del(&tp->queue);
1740 			kfree(tp);
1741 		}
1742 
1743 	list_for_each_entry_safe(rp, rq, &hw->rx_queue, queue) {
1744 		list_del(&rp->queue);
1745 		kfree(rp);
1746 	}
1747 
1748 	list_for_each_entry_safe(rp, rq, &hw->rx_pool, queue) {
1749 		list_del(&rp->queue);
1750 		kfree(rp);
1751 	}
1752 	kfree(hw);
1753 }
1754 
1755 /*
1756  * Associate the specified network with this hardware, so it will receive events
1757  * from it.
1758  */
1759 void ipwireless_associate_network(struct ipw_hardware *hw,
1760 				  struct ipw_network *network)
1761 {
1762 	hw->network = network;
1763 }
1764