1 // SPDX-License-Identifier: GPL-2.0
2 /*
3  * IPWireless 3G PCMCIA Network Driver
4  *
5  * Original code
6  *   by Stephen Blackheath <stephen@blacksapphire.com>,
7  *      Ben Martel <benm@symmetric.co.nz>
8  *
9  * Copyrighted as follows:
10  *   Copyright (C) 2004 by Symmetric Systems Ltd (NZ)
11  *
12  * Various driver changes and rewrites, port to new kernels
13  *   Copyright (C) 2006-2007 Jiri Kosina
14  *
15  * Misc code cleanups and updates
16  *   Copyright (C) 2007 David Sterba
17  */
18 
19 #include <linux/interrupt.h>
20 #include <linux/io.h>
21 #include <linux/irq.h>
22 #include <linux/kernel.h>
23 #include <linux/list.h>
24 #include <linux/slab.h>
25 
26 #include "hardware.h"
27 #include "setup_protocol.h"
28 #include "network.h"
29 #include "main.h"
30 
31 static void ipw_send_setup_packet(struct ipw_hardware *hw);
32 static void handle_received_SETUP_packet(struct ipw_hardware *ipw,
33 					 unsigned int address,
34 					 const unsigned char *data, int len,
35 					 int is_last);
36 static void ipwireless_setup_timer(struct timer_list *t);
37 static void handle_received_CTRL_packet(struct ipw_hardware *hw,
38 		unsigned int channel_idx, const unsigned char *data, int len);
39 
40 /*#define TIMING_DIAGNOSTICS*/
41 
42 #ifdef TIMING_DIAGNOSTICS
43 
44 static struct timing_stats {
45 	unsigned long last_report_time;
46 	unsigned long read_time;
47 	unsigned long write_time;
48 	unsigned long read_bytes;
49 	unsigned long write_bytes;
50 	unsigned long start_time;
51 };
52 
53 static void start_timing(void)
54 {
55 	timing_stats.start_time = jiffies;
56 }
57 
58 static void end_read_timing(unsigned length)
59 {
60 	timing_stats.read_time += (jiffies - start_time);
61 	timing_stats.read_bytes += length + 2;
62 	report_timing();
63 }
64 
65 static void end_write_timing(unsigned length)
66 {
67 	timing_stats.write_time += (jiffies - start_time);
68 	timing_stats.write_bytes += length + 2;
69 	report_timing();
70 }
71 
72 static void report_timing(void)
73 {
74 	unsigned long since = jiffies - timing_stats.last_report_time;
75 
76 	/* If it's been more than one second... */
77 	if (since >= HZ) {
78 		int first = (timing_stats.last_report_time == 0);
79 
80 		timing_stats.last_report_time = jiffies;
81 		if (!first)
82 			printk(KERN_INFO IPWIRELESS_PCCARD_NAME
83 			       ": %u us elapsed - read %lu bytes in %u us, wrote %lu bytes in %u us\n",
84 			       jiffies_to_usecs(since),
85 			       timing_stats.read_bytes,
86 			       jiffies_to_usecs(timing_stats.read_time),
87 			       timing_stats.write_bytes,
88 			       jiffies_to_usecs(timing_stats.write_time));
89 
90 		timing_stats.read_time = 0;
91 		timing_stats.write_time = 0;
92 		timing_stats.read_bytes = 0;
93 		timing_stats.write_bytes = 0;
94 	}
95 }
96 #else
97 static void start_timing(void) { }
98 static void end_read_timing(unsigned length) { }
99 static void end_write_timing(unsigned length) { }
100 #endif
101 
102 /* Imported IPW definitions */
103 
104 #define LL_MTU_V1 318
105 #define LL_MTU_V2 250
106 #define LL_MTU_MAX (LL_MTU_V1 > LL_MTU_V2 ? LL_MTU_V1 : LL_MTU_V2)
107 
108 #define PRIO_DATA  2
109 #define PRIO_CTRL  1
110 #define PRIO_SETUP 0
111 
112 /* Addresses */
113 #define ADDR_SETUP_PROT 0
114 
115 /* Protocol ids */
116 enum {
117 	/* Identifier for the Com Data protocol */
118 	TL_PROTOCOLID_COM_DATA = 0,
119 
120 	/* Identifier for the Com Control protocol */
121 	TL_PROTOCOLID_COM_CTRL = 1,
122 
123 	/* Identifier for the Setup protocol */
124 	TL_PROTOCOLID_SETUP = 2
125 };
126 
127 /* Number of bytes in NL packet header (cannot do
128  * sizeof(nl_packet_header) since it's a bitfield) */
129 #define NL_FIRST_PACKET_HEADER_SIZE        3
130 
131 /* Number of bytes in NL packet header (cannot do
132  * sizeof(nl_packet_header) since it's a bitfield) */
133 #define NL_FOLLOWING_PACKET_HEADER_SIZE    1
134 
135 struct nl_first_packet_header {
136 	unsigned char protocol:3;
137 	unsigned char address:3;
138 	unsigned char packet_rank:2;
139 	unsigned char length_lsb;
140 	unsigned char length_msb;
141 };
142 
143 struct nl_packet_header {
144 	unsigned char protocol:3;
145 	unsigned char address:3;
146 	unsigned char packet_rank:2;
147 };
148 
149 /* Value of 'packet_rank' above */
150 #define NL_INTERMEDIATE_PACKET    0x0
151 #define NL_LAST_PACKET            0x1
152 #define NL_FIRST_PACKET           0x2
153 
154 union nl_packet {
155 	/* Network packet header of the first packet (a special case) */
156 	struct nl_first_packet_header hdr_first;
157 	/* Network packet header of the following packets (if any) */
158 	struct nl_packet_header hdr;
159 	/* Complete network packet (header + data) */
160 	unsigned char rawpkt[LL_MTU_MAX];
161 } __attribute__ ((__packed__));
162 
163 #define HW_VERSION_UNKNOWN -1
164 #define HW_VERSION_1 1
165 #define HW_VERSION_2 2
166 
167 /* IPW I/O ports */
168 #define IOIER 0x00		/* Interrupt Enable Register */
169 #define IOIR  0x02		/* Interrupt Source/ACK register */
170 #define IODCR 0x04		/* Data Control Register */
171 #define IODRR 0x06		/* Data Read Register */
172 #define IODWR 0x08		/* Data Write Register */
173 #define IOESR 0x0A		/* Embedded Driver Status Register */
174 #define IORXR 0x0C		/* Rx Fifo Register (Host to Embedded) */
175 #define IOTXR 0x0E		/* Tx Fifo Register (Embedded to Host) */
176 
177 /* I/O ports and bit definitions for version 1 of the hardware */
178 
179 /* IER bits*/
180 #define IER_RXENABLED   0x1
181 #define IER_TXENABLED   0x2
182 
183 /* ISR bits */
184 #define IR_RXINTR       0x1
185 #define IR_TXINTR       0x2
186 
187 /* DCR bits */
188 #define DCR_RXDONE      0x1
189 #define DCR_TXDONE      0x2
190 #define DCR_RXRESET     0x4
191 #define DCR_TXRESET     0x8
192 
193 /* I/O ports and bit definitions for version 2 of the hardware */
194 
195 struct MEMCCR {
196 	unsigned short reg_config_option;	/* PCCOR: Configuration Option Register */
197 	unsigned short reg_config_and_status;	/* PCCSR: Configuration and Status Register */
198 	unsigned short reg_pin_replacement;	/* PCPRR: Pin Replacemant Register */
199 	unsigned short reg_socket_and_copy;	/* PCSCR: Socket and Copy Register */
200 	unsigned short reg_ext_status;		/* PCESR: Extendend Status Register */
201 	unsigned short reg_io_base;		/* PCIOB: I/O Base Register */
202 };
203 
204 struct MEMINFREG {
205 	unsigned short memreg_tx_old;	/* TX Register (R/W) */
206 	unsigned short pad1;
207 	unsigned short memreg_rx_done;	/* RXDone Register (R/W) */
208 	unsigned short pad2;
209 	unsigned short memreg_rx;	/* RX Register (R/W) */
210 	unsigned short pad3;
211 	unsigned short memreg_pc_interrupt_ack;	/* PC intr Ack Register (W) */
212 	unsigned short pad4;
213 	unsigned long memreg_card_present;/* Mask for Host to check (R) for
214 					   * CARD_PRESENT_VALUE */
215 	unsigned short memreg_tx_new;	/* TX2 (new) Register (R/W) */
216 };
217 
218 #define CARD_PRESENT_VALUE (0xBEEFCAFEUL)
219 
220 #define MEMTX_TX                       0x0001
221 #define MEMRX_RX                       0x0001
222 #define MEMRX_RX_DONE                  0x0001
223 #define MEMRX_PCINTACKK                0x0001
224 
225 #define NL_NUM_OF_PRIORITIES       3
226 #define NL_NUM_OF_PROTOCOLS        3
227 #define NL_NUM_OF_ADDRESSES        NO_OF_IPW_CHANNELS
228 
229 struct ipw_hardware {
230 	unsigned int base_port;
231 	short hw_version;
232 	unsigned short ll_mtu;
233 	spinlock_t lock;
234 
235 	int initializing;
236 	int init_loops;
237 	struct timer_list setup_timer;
238 
239 	/* Flag if hw is ready to send next packet */
240 	int tx_ready;
241 	/* Count of pending packets to be sent */
242 	int tx_queued;
243 	struct list_head tx_queue[NL_NUM_OF_PRIORITIES];
244 
245 	int rx_bytes_queued;
246 	struct list_head rx_queue;
247 	/* Pool of rx_packet structures that are not currently used. */
248 	struct list_head rx_pool;
249 	int rx_pool_size;
250 	/* True if reception of data is blocked while userspace processes it. */
251 	int blocking_rx;
252 	/* True if there is RX data ready on the hardware. */
253 	int rx_ready;
254 	unsigned short last_memtx_serial;
255 	/*
256 	 * Newer versions of the V2 card firmware send serial numbers in the
257 	 * MemTX register. 'serial_number_detected' is set true when we detect
258 	 * a non-zero serial number (indicating the new firmware).  Thereafter,
259 	 * the driver can safely ignore the Timer Recovery re-sends to avoid
260 	 * out-of-sync problems.
261 	 */
262 	int serial_number_detected;
263 	struct work_struct work_rx;
264 
265 	/* True if we are to send the set-up data to the hardware. */
266 	int to_setup;
267 
268 	/* Card has been removed */
269 	int removed;
270 	/* Saved irq value when we disable the interrupt. */
271 	int irq;
272 	/* True if this driver is shutting down. */
273 	int shutting_down;
274 	/* Modem control lines */
275 	unsigned int control_lines[NL_NUM_OF_ADDRESSES];
276 	struct ipw_rx_packet *packet_assembler[NL_NUM_OF_ADDRESSES];
277 
278 	struct tasklet_struct tasklet;
279 
280 	/* The handle for the network layer, for the sending of events to it. */
281 	struct ipw_network *network;
282 	struct MEMINFREG __iomem *memory_info_regs;
283 	struct MEMCCR __iomem *memregs_CCR;
284 	void (*reboot_callback) (void *data);
285 	void *reboot_callback_data;
286 
287 	unsigned short __iomem *memreg_tx;
288 };
289 
290 /*
291  * Packet info structure for tx packets.
292  * Note: not all the fields defined here are required for all protocols
293  */
294 struct ipw_tx_packet {
295 	struct list_head queue;
296 	/* channel idx + 1 */
297 	unsigned char dest_addr;
298 	/* SETUP, CTRL or DATA */
299 	unsigned char protocol;
300 	/* Length of data block, which starts at the end of this structure */
301 	unsigned short length;
302 	/* Sending state */
303 	/* Offset of where we've sent up to so far */
304 	unsigned long offset;
305 	/* Count of packet fragments, starting at 0 */
306 	int fragment_count;
307 
308 	/* Called after packet is sent and before is freed */
309 	void (*packet_callback) (void *cb_data, unsigned int packet_length);
310 	void *callback_data;
311 };
312 
313 /* Signals from DTE */
314 #define COMCTRL_RTS	0
315 #define COMCTRL_DTR	1
316 
317 /* Signals from DCE */
318 #define COMCTRL_CTS	2
319 #define COMCTRL_DCD	3
320 #define COMCTRL_DSR	4
321 #define COMCTRL_RI	5
322 
323 struct ipw_control_packet_body {
324 	/* DTE signal or DCE signal */
325 	unsigned char sig_no;
326 	/* 0: set signal, 1: clear signal */
327 	unsigned char value;
328 } __attribute__ ((__packed__));
329 
330 struct ipw_control_packet {
331 	struct ipw_tx_packet header;
332 	struct ipw_control_packet_body body;
333 };
334 
335 struct ipw_rx_packet {
336 	struct list_head queue;
337 	unsigned int capacity;
338 	unsigned int length;
339 	unsigned int protocol;
340 	unsigned int channel_idx;
341 };
342 
343 static char *data_type(const unsigned char *buf, unsigned length)
344 {
345 	struct nl_packet_header *hdr = (struct nl_packet_header *) buf;
346 
347 	if (length == 0)
348 		return "     ";
349 
350 	if (hdr->packet_rank & NL_FIRST_PACKET) {
351 		switch (hdr->protocol) {
352 		case TL_PROTOCOLID_COM_DATA:	return "DATA ";
353 		case TL_PROTOCOLID_COM_CTRL:	return "CTRL ";
354 		case TL_PROTOCOLID_SETUP:	return "SETUP";
355 		default: return "???? ";
356 		}
357 	} else
358 		return "     ";
359 }
360 
361 #define DUMP_MAX_BYTES 64
362 
363 static void dump_data_bytes(const char *type, const unsigned char *data,
364 			    unsigned length)
365 {
366 	char prefix[56];
367 
368 	sprintf(prefix, IPWIRELESS_PCCARD_NAME ": %s %s ",
369 			type, data_type(data, length));
370 	print_hex_dump_bytes(prefix, 0, (void *)data,
371 			length < DUMP_MAX_BYTES ? length : DUMP_MAX_BYTES);
372 }
373 
374 static void swap_packet_bitfield_to_le(unsigned char *data)
375 {
376 #ifdef __BIG_ENDIAN_BITFIELD
377 	unsigned char tmp = *data, ret = 0;
378 
379 	/*
380 	 * transform bits from aa.bbb.ccc to ccc.bbb.aa
381 	 */
382 	ret |= (tmp & 0xc0) >> 6;
383 	ret |= (tmp & 0x38) >> 1;
384 	ret |= (tmp & 0x07) << 5;
385 	*data = ret & 0xff;
386 #endif
387 }
388 
389 static void swap_packet_bitfield_from_le(unsigned char *data)
390 {
391 #ifdef __BIG_ENDIAN_BITFIELD
392 	unsigned char tmp = *data, ret = 0;
393 
394 	/*
395 	 * transform bits from ccc.bbb.aa to aa.bbb.ccc
396 	 */
397 	ret |= (tmp & 0xe0) >> 5;
398 	ret |= (tmp & 0x1c) << 1;
399 	ret |= (tmp & 0x03) << 6;
400 	*data = ret & 0xff;
401 #endif
402 }
403 
404 static void do_send_fragment(struct ipw_hardware *hw, unsigned char *data,
405 			    unsigned length)
406 {
407 	unsigned i;
408 	unsigned long flags;
409 
410 	start_timing();
411 	BUG_ON(length > hw->ll_mtu);
412 
413 	if (ipwireless_debug)
414 		dump_data_bytes("send", data, length);
415 
416 	spin_lock_irqsave(&hw->lock, flags);
417 
418 	hw->tx_ready = 0;
419 	swap_packet_bitfield_to_le(data);
420 
421 	if (hw->hw_version == HW_VERSION_1) {
422 		outw((unsigned short) length, hw->base_port + IODWR);
423 
424 		for (i = 0; i < length; i += 2) {
425 			unsigned short d = data[i];
426 			__le16 raw_data;
427 
428 			if (i + 1 < length)
429 				d |= data[i + 1] << 8;
430 			raw_data = cpu_to_le16(d);
431 			outw(raw_data, hw->base_port + IODWR);
432 		}
433 
434 		outw(DCR_TXDONE, hw->base_port + IODCR);
435 	} else if (hw->hw_version == HW_VERSION_2) {
436 		outw((unsigned short) length, hw->base_port);
437 
438 		for (i = 0; i < length; i += 2) {
439 			unsigned short d = data[i];
440 			__le16 raw_data;
441 
442 			if (i + 1 < length)
443 				d |= data[i + 1] << 8;
444 			raw_data = cpu_to_le16(d);
445 			outw(raw_data, hw->base_port);
446 		}
447 		while ((i & 3) != 2) {
448 			outw((unsigned short) 0xDEAD, hw->base_port);
449 			i += 2;
450 		}
451 		writew(MEMRX_RX, &hw->memory_info_regs->memreg_rx);
452 	}
453 
454 	spin_unlock_irqrestore(&hw->lock, flags);
455 
456 	end_write_timing(length);
457 }
458 
459 static void do_send_packet(struct ipw_hardware *hw, struct ipw_tx_packet *packet)
460 {
461 	unsigned short fragment_data_len;
462 	unsigned short data_left = packet->length - packet->offset;
463 	unsigned short header_size;
464 	union nl_packet pkt;
465 
466 	header_size =
467 	    (packet->fragment_count == 0)
468 	    ? NL_FIRST_PACKET_HEADER_SIZE
469 	    : NL_FOLLOWING_PACKET_HEADER_SIZE;
470 	fragment_data_len = hw->ll_mtu - header_size;
471 	if (data_left < fragment_data_len)
472 		fragment_data_len = data_left;
473 
474 	/*
475 	 * hdr_first is now in machine bitfield order, which will be swapped
476 	 * to le just before it goes to hw
477 	 */
478 	pkt.hdr_first.protocol = packet->protocol;
479 	pkt.hdr_first.address = packet->dest_addr;
480 	pkt.hdr_first.packet_rank = 0;
481 
482 	/* First packet? */
483 	if (packet->fragment_count == 0) {
484 		pkt.hdr_first.packet_rank |= NL_FIRST_PACKET;
485 		pkt.hdr_first.length_lsb = (unsigned char) packet->length;
486 		pkt.hdr_first.length_msb =
487 			(unsigned char) (packet->length >> 8);
488 	}
489 
490 	memcpy(pkt.rawpkt + header_size,
491 	       ((unsigned char *) packet) + sizeof(struct ipw_tx_packet) +
492 	       packet->offset, fragment_data_len);
493 	packet->offset += fragment_data_len;
494 	packet->fragment_count++;
495 
496 	/* Last packet? (May also be first packet.) */
497 	if (packet->offset == packet->length)
498 		pkt.hdr_first.packet_rank |= NL_LAST_PACKET;
499 	do_send_fragment(hw, pkt.rawpkt, header_size + fragment_data_len);
500 
501 	/* If this packet has unsent data, then re-queue it. */
502 	if (packet->offset < packet->length) {
503 		/*
504 		 * Re-queue it at the head of the highest priority queue so
505 		 * it goes before all other packets
506 		 */
507 		unsigned long flags;
508 
509 		spin_lock_irqsave(&hw->lock, flags);
510 		list_add(&packet->queue, &hw->tx_queue[0]);
511 		hw->tx_queued++;
512 		spin_unlock_irqrestore(&hw->lock, flags);
513 	} else {
514 		if (packet->packet_callback)
515 			packet->packet_callback(packet->callback_data,
516 					packet->length);
517 		kfree(packet);
518 	}
519 }
520 
521 static void ipw_setup_hardware(struct ipw_hardware *hw)
522 {
523 	unsigned long flags;
524 
525 	spin_lock_irqsave(&hw->lock, flags);
526 	if (hw->hw_version == HW_VERSION_1) {
527 		/* Reset RX FIFO */
528 		outw(DCR_RXRESET, hw->base_port + IODCR);
529 		/* SB: Reset TX FIFO */
530 		outw(DCR_TXRESET, hw->base_port + IODCR);
531 
532 		/* Enable TX and RX interrupts. */
533 		outw(IER_TXENABLED | IER_RXENABLED, hw->base_port + IOIER);
534 	} else {
535 		/*
536 		 * Set INTRACK bit (bit 0), which means we must explicitly
537 		 * acknowledge interrupts by clearing bit 2 of reg_config_and_status.
538 		 */
539 		unsigned short csr = readw(&hw->memregs_CCR->reg_config_and_status);
540 
541 		csr |= 1;
542 		writew(csr, &hw->memregs_CCR->reg_config_and_status);
543 	}
544 	spin_unlock_irqrestore(&hw->lock, flags);
545 }
546 
547 /*
548  * If 'packet' is NULL, then this function allocates a new packet, setting its
549  * length to 0 and ensuring it has the specified minimum amount of free space.
550  *
551  * If 'packet' is not NULL, then this function enlarges it if it doesn't
552  * have the specified minimum amount of free space.
553  *
554  */
555 static struct ipw_rx_packet *pool_allocate(struct ipw_hardware *hw,
556 					   struct ipw_rx_packet *packet,
557 					   int minimum_free_space)
558 {
559 
560 	if (!packet) {
561 		unsigned long flags;
562 
563 		spin_lock_irqsave(&hw->lock, flags);
564 		if (!list_empty(&hw->rx_pool)) {
565 			packet = list_first_entry(&hw->rx_pool,
566 					struct ipw_rx_packet, queue);
567 			hw->rx_pool_size--;
568 			spin_unlock_irqrestore(&hw->lock, flags);
569 			list_del(&packet->queue);
570 		} else {
571 			const int min_capacity =
572 				ipwireless_ppp_mru(hw->network) + 2;
573 			int new_capacity;
574 
575 			spin_unlock_irqrestore(&hw->lock, flags);
576 			new_capacity =
577 				(minimum_free_space > min_capacity
578 				 ? minimum_free_space
579 				 : min_capacity);
580 			packet = kmalloc(sizeof(struct ipw_rx_packet)
581 					+ new_capacity, GFP_ATOMIC);
582 			if (!packet)
583 				return NULL;
584 			packet->capacity = new_capacity;
585 		}
586 		packet->length = 0;
587 	}
588 
589 	if (packet->length + minimum_free_space > packet->capacity) {
590 		struct ipw_rx_packet *old_packet = packet;
591 
592 		packet = kmalloc(sizeof(struct ipw_rx_packet) +
593 				old_packet->length + minimum_free_space,
594 				GFP_ATOMIC);
595 		if (!packet) {
596 			kfree(old_packet);
597 			return NULL;
598 		}
599 		memcpy(packet, old_packet,
600 				sizeof(struct ipw_rx_packet)
601 					+ old_packet->length);
602 		packet->capacity = old_packet->length + minimum_free_space;
603 		kfree(old_packet);
604 	}
605 
606 	return packet;
607 }
608 
609 static void pool_free(struct ipw_hardware *hw, struct ipw_rx_packet *packet)
610 {
611 	if (hw->rx_pool_size > 6)
612 		kfree(packet);
613 	else {
614 		hw->rx_pool_size++;
615 		list_add(&packet->queue, &hw->rx_pool);
616 	}
617 }
618 
619 static void queue_received_packet(struct ipw_hardware *hw,
620 				  unsigned int protocol,
621 				  unsigned int address,
622 				  const unsigned char *data, int length,
623 				  int is_last)
624 {
625 	unsigned int channel_idx = address - 1;
626 	struct ipw_rx_packet *packet = NULL;
627 	unsigned long flags;
628 
629 	/* Discard packet if channel index is out of range. */
630 	if (channel_idx >= NL_NUM_OF_ADDRESSES) {
631 		printk(KERN_INFO IPWIRELESS_PCCARD_NAME
632 		       ": data packet has bad address %u\n", address);
633 		return;
634 	}
635 
636 	/*
637 	 * ->packet_assembler is safe to touch unlocked, this is the only place
638 	 */
639 	if (protocol == TL_PROTOCOLID_COM_DATA) {
640 		struct ipw_rx_packet **assem =
641 			&hw->packet_assembler[channel_idx];
642 
643 		/*
644 		 * Create a new packet, or assembler already contains one
645 		 * enlarge it by 'length' bytes.
646 		 */
647 		(*assem) = pool_allocate(hw, *assem, length);
648 		if (!(*assem)) {
649 			printk(KERN_ERR IPWIRELESS_PCCARD_NAME
650 				": no memory for incoming data packet, dropped!\n");
651 			return;
652 		}
653 		(*assem)->protocol = protocol;
654 		(*assem)->channel_idx = channel_idx;
655 
656 		/* Append this packet data onto existing data. */
657 		memcpy((unsigned char *)(*assem) +
658 			       sizeof(struct ipw_rx_packet)
659 				+ (*assem)->length, data, length);
660 		(*assem)->length += length;
661 		if (is_last) {
662 			packet = *assem;
663 			*assem = NULL;
664 			/* Count queued DATA bytes only */
665 			spin_lock_irqsave(&hw->lock, flags);
666 			hw->rx_bytes_queued += packet->length;
667 			spin_unlock_irqrestore(&hw->lock, flags);
668 		}
669 	} else {
670 		/* If it's a CTRL packet, don't assemble, just queue it. */
671 		packet = pool_allocate(hw, NULL, length);
672 		if (!packet) {
673 			printk(KERN_ERR IPWIRELESS_PCCARD_NAME
674 				": no memory for incoming ctrl packet, dropped!\n");
675 			return;
676 		}
677 		packet->protocol = protocol;
678 		packet->channel_idx = channel_idx;
679 		memcpy((unsigned char *)packet + sizeof(struct ipw_rx_packet),
680 				data, length);
681 		packet->length = length;
682 	}
683 
684 	/*
685 	 * If this is the last packet, then send the assembled packet on to the
686 	 * network layer.
687 	 */
688 	if (packet) {
689 		spin_lock_irqsave(&hw->lock, flags);
690 		list_add_tail(&packet->queue, &hw->rx_queue);
691 		/* Block reception of incoming packets if queue is full. */
692 		hw->blocking_rx =
693 			(hw->rx_bytes_queued >= IPWIRELESS_RX_QUEUE_SIZE);
694 
695 		spin_unlock_irqrestore(&hw->lock, flags);
696 		schedule_work(&hw->work_rx);
697 	}
698 }
699 
700 /*
701  * Workqueue callback
702  */
703 static void ipw_receive_data_work(struct work_struct *work_rx)
704 {
705 	struct ipw_hardware *hw =
706 	    container_of(work_rx, struct ipw_hardware, work_rx);
707 	unsigned long flags;
708 
709 	spin_lock_irqsave(&hw->lock, flags);
710 	while (!list_empty(&hw->rx_queue)) {
711 		struct ipw_rx_packet *packet =
712 			list_first_entry(&hw->rx_queue,
713 					struct ipw_rx_packet, queue);
714 
715 		if (hw->shutting_down)
716 			break;
717 		list_del(&packet->queue);
718 
719 		/*
720 		 * Note: ipwireless_network_packet_received must be called in a
721 		 * process context (i.e. via schedule_work) because the tty
722 		 * output code can sleep in the tty_flip_buffer_push call.
723 		 */
724 		if (packet->protocol == TL_PROTOCOLID_COM_DATA) {
725 			if (hw->network != NULL) {
726 				/* If the network hasn't been disconnected. */
727 				spin_unlock_irqrestore(&hw->lock, flags);
728 				/*
729 				 * This must run unlocked due to tty processing
730 				 * and mutex locking
731 				 */
732 				ipwireless_network_packet_received(
733 						hw->network,
734 						packet->channel_idx,
735 						(unsigned char *)packet
736 						+ sizeof(struct ipw_rx_packet),
737 						packet->length);
738 				spin_lock_irqsave(&hw->lock, flags);
739 			}
740 			/* Count queued DATA bytes only */
741 			hw->rx_bytes_queued -= packet->length;
742 		} else {
743 			/*
744 			 * This is safe to be called locked, callchain does
745 			 * not block
746 			 */
747 			handle_received_CTRL_packet(hw, packet->channel_idx,
748 					(unsigned char *)packet
749 					+ sizeof(struct ipw_rx_packet),
750 					packet->length);
751 		}
752 		pool_free(hw, packet);
753 		/*
754 		 * Unblock reception of incoming packets if queue is no longer
755 		 * full.
756 		 */
757 		hw->blocking_rx =
758 			hw->rx_bytes_queued >= IPWIRELESS_RX_QUEUE_SIZE;
759 		if (hw->shutting_down)
760 			break;
761 	}
762 	spin_unlock_irqrestore(&hw->lock, flags);
763 }
764 
765 static void handle_received_CTRL_packet(struct ipw_hardware *hw,
766 					unsigned int channel_idx,
767 					const unsigned char *data, int len)
768 {
769 	const struct ipw_control_packet_body *body =
770 		(const struct ipw_control_packet_body *) data;
771 	unsigned int changed_mask;
772 
773 	if (len != sizeof(struct ipw_control_packet_body)) {
774 		printk(KERN_INFO IPWIRELESS_PCCARD_NAME
775 		       ": control packet was %d bytes - wrong size!\n",
776 		       len);
777 		return;
778 	}
779 
780 	switch (body->sig_no) {
781 	case COMCTRL_CTS:
782 		changed_mask = IPW_CONTROL_LINE_CTS;
783 		break;
784 	case COMCTRL_DCD:
785 		changed_mask = IPW_CONTROL_LINE_DCD;
786 		break;
787 	case COMCTRL_DSR:
788 		changed_mask = IPW_CONTROL_LINE_DSR;
789 		break;
790 	case COMCTRL_RI:
791 		changed_mask = IPW_CONTROL_LINE_RI;
792 		break;
793 	default:
794 		changed_mask = 0;
795 	}
796 
797 	if (changed_mask != 0) {
798 		if (body->value)
799 			hw->control_lines[channel_idx] |= changed_mask;
800 		else
801 			hw->control_lines[channel_idx] &= ~changed_mask;
802 		if (hw->network)
803 			ipwireless_network_notify_control_line_change(
804 					hw->network,
805 					channel_idx,
806 					hw->control_lines[channel_idx],
807 					changed_mask);
808 	}
809 }
810 
811 static void handle_received_packet(struct ipw_hardware *hw,
812 				   const union nl_packet *packet,
813 				   unsigned short len)
814 {
815 	unsigned int protocol = packet->hdr.protocol;
816 	unsigned int address = packet->hdr.address;
817 	unsigned int header_length;
818 	const unsigned char *data;
819 	unsigned int data_len;
820 	int is_last = packet->hdr.packet_rank & NL_LAST_PACKET;
821 
822 	if (packet->hdr.packet_rank & NL_FIRST_PACKET)
823 		header_length = NL_FIRST_PACKET_HEADER_SIZE;
824 	else
825 		header_length = NL_FOLLOWING_PACKET_HEADER_SIZE;
826 
827 	data = packet->rawpkt + header_length;
828 	data_len = len - header_length;
829 	switch (protocol) {
830 	case TL_PROTOCOLID_COM_DATA:
831 	case TL_PROTOCOLID_COM_CTRL:
832 		queue_received_packet(hw, protocol, address, data, data_len,
833 				is_last);
834 		break;
835 	case TL_PROTOCOLID_SETUP:
836 		handle_received_SETUP_packet(hw, address, data, data_len,
837 				is_last);
838 		break;
839 	}
840 }
841 
842 static void acknowledge_data_read(struct ipw_hardware *hw)
843 {
844 	if (hw->hw_version == HW_VERSION_1)
845 		outw(DCR_RXDONE, hw->base_port + IODCR);
846 	else
847 		writew(MEMRX_PCINTACKK,
848 				&hw->memory_info_regs->memreg_pc_interrupt_ack);
849 }
850 
851 /*
852  * Retrieve a packet from the IPW hardware.
853  */
854 static void do_receive_packet(struct ipw_hardware *hw)
855 {
856 	unsigned len;
857 	unsigned i;
858 	unsigned char pkt[LL_MTU_MAX];
859 
860 	start_timing();
861 
862 	if (hw->hw_version == HW_VERSION_1) {
863 		len = inw(hw->base_port + IODRR);
864 		if (len > hw->ll_mtu) {
865 			printk(KERN_INFO IPWIRELESS_PCCARD_NAME
866 			       ": received a packet of %u bytes - longer than the MTU!\n", len);
867 			outw(DCR_RXDONE | DCR_RXRESET, hw->base_port + IODCR);
868 			return;
869 		}
870 
871 		for (i = 0; i < len; i += 2) {
872 			__le16 raw_data = inw(hw->base_port + IODRR);
873 			unsigned short data = le16_to_cpu(raw_data);
874 
875 			pkt[i] = (unsigned char) data;
876 			pkt[i + 1] = (unsigned char) (data >> 8);
877 		}
878 	} else {
879 		len = inw(hw->base_port);
880 		if (len > hw->ll_mtu) {
881 			printk(KERN_INFO IPWIRELESS_PCCARD_NAME
882 			       ": received a packet of %u bytes - longer than the MTU!\n", len);
883 			writew(MEMRX_PCINTACKK,
884 				&hw->memory_info_regs->memreg_pc_interrupt_ack);
885 			return;
886 		}
887 
888 		for (i = 0; i < len; i += 2) {
889 			__le16 raw_data = inw(hw->base_port);
890 			unsigned short data = le16_to_cpu(raw_data);
891 
892 			pkt[i] = (unsigned char) data;
893 			pkt[i + 1] = (unsigned char) (data >> 8);
894 		}
895 
896 		while ((i & 3) != 2) {
897 			inw(hw->base_port);
898 			i += 2;
899 		}
900 	}
901 
902 	acknowledge_data_read(hw);
903 
904 	swap_packet_bitfield_from_le(pkt);
905 
906 	if (ipwireless_debug)
907 		dump_data_bytes("recv", pkt, len);
908 
909 	handle_received_packet(hw, (union nl_packet *) pkt, len);
910 
911 	end_read_timing(len);
912 }
913 
914 static int get_current_packet_priority(struct ipw_hardware *hw)
915 {
916 	/*
917 	 * If we're initializing, don't send anything of higher priority than
918 	 * PRIO_SETUP.  The network layer therefore need not care about
919 	 * hardware initialization - any of its stuff will simply be queued
920 	 * until setup is complete.
921 	 */
922 	return (hw->to_setup || hw->initializing
923 			? PRIO_SETUP + 1 : NL_NUM_OF_PRIORITIES);
924 }
925 
926 /*
927  * return 1 if something has been received from hw
928  */
929 static int get_packets_from_hw(struct ipw_hardware *hw)
930 {
931 	int received = 0;
932 	unsigned long flags;
933 
934 	spin_lock_irqsave(&hw->lock, flags);
935 	while (hw->rx_ready && !hw->blocking_rx) {
936 		received = 1;
937 		hw->rx_ready--;
938 		spin_unlock_irqrestore(&hw->lock, flags);
939 
940 		do_receive_packet(hw);
941 
942 		spin_lock_irqsave(&hw->lock, flags);
943 	}
944 	spin_unlock_irqrestore(&hw->lock, flags);
945 
946 	return received;
947 }
948 
949 /*
950  * Send pending packet up to given priority, prioritize SETUP data until
951  * hardware is fully setup.
952  *
953  * return 1 if more packets can be sent
954  */
955 static int send_pending_packet(struct ipw_hardware *hw, int priority_limit)
956 {
957 	int more_to_send = 0;
958 	unsigned long flags;
959 
960 	spin_lock_irqsave(&hw->lock, flags);
961 	if (hw->tx_queued && hw->tx_ready) {
962 		int priority;
963 		struct ipw_tx_packet *packet = NULL;
964 
965 		/* Pick a packet */
966 		for (priority = 0; priority < priority_limit; priority++) {
967 			if (!list_empty(&hw->tx_queue[priority])) {
968 				packet = list_first_entry(
969 						&hw->tx_queue[priority],
970 						struct ipw_tx_packet,
971 						queue);
972 
973 				hw->tx_queued--;
974 				list_del(&packet->queue);
975 
976 				break;
977 			}
978 		}
979 		if (!packet) {
980 			hw->tx_queued = 0;
981 			spin_unlock_irqrestore(&hw->lock, flags);
982 			return 0;
983 		}
984 
985 		spin_unlock_irqrestore(&hw->lock, flags);
986 
987 		/* Send */
988 		do_send_packet(hw, packet);
989 
990 		/* Check if more to send */
991 		spin_lock_irqsave(&hw->lock, flags);
992 		for (priority = 0; priority < priority_limit; priority++)
993 			if (!list_empty(&hw->tx_queue[priority])) {
994 				more_to_send = 1;
995 				break;
996 			}
997 
998 		if (!more_to_send)
999 			hw->tx_queued = 0;
1000 	}
1001 	spin_unlock_irqrestore(&hw->lock, flags);
1002 
1003 	return more_to_send;
1004 }
1005 
1006 /*
1007  * Send and receive all queued packets.
1008  */
1009 static void ipwireless_do_tasklet(unsigned long hw_)
1010 {
1011 	struct ipw_hardware *hw = (struct ipw_hardware *) hw_;
1012 	unsigned long flags;
1013 
1014 	spin_lock_irqsave(&hw->lock, flags);
1015 	if (hw->shutting_down) {
1016 		spin_unlock_irqrestore(&hw->lock, flags);
1017 		return;
1018 	}
1019 
1020 	if (hw->to_setup == 1) {
1021 		/*
1022 		 * Initial setup data sent to hardware
1023 		 */
1024 		hw->to_setup = 2;
1025 		spin_unlock_irqrestore(&hw->lock, flags);
1026 
1027 		ipw_setup_hardware(hw);
1028 		ipw_send_setup_packet(hw);
1029 
1030 		send_pending_packet(hw, PRIO_SETUP + 1);
1031 		get_packets_from_hw(hw);
1032 	} else {
1033 		int priority_limit = get_current_packet_priority(hw);
1034 		int again;
1035 
1036 		spin_unlock_irqrestore(&hw->lock, flags);
1037 
1038 		do {
1039 			again = send_pending_packet(hw, priority_limit);
1040 			again |= get_packets_from_hw(hw);
1041 		} while (again);
1042 	}
1043 }
1044 
1045 /*
1046  * return true if the card is physically present.
1047  */
1048 static int is_card_present(struct ipw_hardware *hw)
1049 {
1050 	if (hw->hw_version == HW_VERSION_1)
1051 		return inw(hw->base_port + IOIR) != 0xFFFF;
1052 	else
1053 		return readl(&hw->memory_info_regs->memreg_card_present) ==
1054 		    CARD_PRESENT_VALUE;
1055 }
1056 
1057 static irqreturn_t ipwireless_handle_v1_interrupt(int irq,
1058 						  struct ipw_hardware *hw)
1059 {
1060 	unsigned short irqn;
1061 
1062 	irqn = inw(hw->base_port + IOIR);
1063 
1064 	/* Check if card is present */
1065 	if (irqn == 0xFFFF)
1066 		return IRQ_NONE;
1067 	else if (irqn != 0) {
1068 		unsigned short ack = 0;
1069 		unsigned long flags;
1070 
1071 		/* Transmit complete. */
1072 		if (irqn & IR_TXINTR) {
1073 			ack |= IR_TXINTR;
1074 			spin_lock_irqsave(&hw->lock, flags);
1075 			hw->tx_ready = 1;
1076 			spin_unlock_irqrestore(&hw->lock, flags);
1077 		}
1078 		/* Received data */
1079 		if (irqn & IR_RXINTR) {
1080 			ack |= IR_RXINTR;
1081 			spin_lock_irqsave(&hw->lock, flags);
1082 			hw->rx_ready++;
1083 			spin_unlock_irqrestore(&hw->lock, flags);
1084 		}
1085 		if (ack != 0) {
1086 			outw(ack, hw->base_port + IOIR);
1087 			tasklet_schedule(&hw->tasklet);
1088 		}
1089 		return IRQ_HANDLED;
1090 	}
1091 	return IRQ_NONE;
1092 }
1093 
1094 static void acknowledge_pcmcia_interrupt(struct ipw_hardware *hw)
1095 {
1096 	unsigned short csr = readw(&hw->memregs_CCR->reg_config_and_status);
1097 
1098 	csr &= 0xfffd;
1099 	writew(csr, &hw->memregs_CCR->reg_config_and_status);
1100 }
1101 
1102 static irqreturn_t ipwireless_handle_v2_v3_interrupt(int irq,
1103 						     struct ipw_hardware *hw)
1104 {
1105 	int tx = 0;
1106 	int rx = 0;
1107 	int rx_repeat = 0;
1108 	int try_mem_tx_old;
1109 	unsigned long flags;
1110 
1111 	do {
1112 
1113 	unsigned short memtx = readw(hw->memreg_tx);
1114 	unsigned short memtx_serial;
1115 	unsigned short memrxdone =
1116 		readw(&hw->memory_info_regs->memreg_rx_done);
1117 
1118 	try_mem_tx_old = 0;
1119 
1120 	/* check whether the interrupt was generated by ipwireless card */
1121 	if (!(memtx & MEMTX_TX) && !(memrxdone & MEMRX_RX_DONE)) {
1122 
1123 		/* check if the card uses memreg_tx_old register */
1124 		if (hw->memreg_tx == &hw->memory_info_regs->memreg_tx_new) {
1125 			memtx = readw(&hw->memory_info_regs->memreg_tx_old);
1126 			if (memtx & MEMTX_TX) {
1127 				printk(KERN_INFO IPWIRELESS_PCCARD_NAME
1128 					": Using memreg_tx_old\n");
1129 				hw->memreg_tx =
1130 					&hw->memory_info_regs->memreg_tx_old;
1131 			} else {
1132 				return IRQ_NONE;
1133 			}
1134 		} else
1135 			return IRQ_NONE;
1136 	}
1137 
1138 	/*
1139 	 * See if the card is physically present. Note that while it is
1140 	 * powering up, it appears not to be present.
1141 	 */
1142 	if (!is_card_present(hw)) {
1143 		acknowledge_pcmcia_interrupt(hw);
1144 		return IRQ_HANDLED;
1145 	}
1146 
1147 	memtx_serial = memtx & (unsigned short) 0xff00;
1148 	if (memtx & MEMTX_TX) {
1149 		writew(memtx_serial, hw->memreg_tx);
1150 
1151 		if (hw->serial_number_detected) {
1152 			if (memtx_serial != hw->last_memtx_serial) {
1153 				hw->last_memtx_serial = memtx_serial;
1154 				spin_lock_irqsave(&hw->lock, flags);
1155 				hw->rx_ready++;
1156 				spin_unlock_irqrestore(&hw->lock, flags);
1157 				rx = 1;
1158 			} else
1159 				/* Ignore 'Timer Recovery' duplicates. */
1160 				rx_repeat = 1;
1161 		} else {
1162 			/*
1163 			 * If a non-zero serial number is seen, then enable
1164 			 * serial number checking.
1165 			 */
1166 			if (memtx_serial != 0) {
1167 				hw->serial_number_detected = 1;
1168 				printk(KERN_DEBUG IPWIRELESS_PCCARD_NAME
1169 					": memreg_tx serial num detected\n");
1170 
1171 				spin_lock_irqsave(&hw->lock, flags);
1172 				hw->rx_ready++;
1173 				spin_unlock_irqrestore(&hw->lock, flags);
1174 			}
1175 			rx = 1;
1176 		}
1177 	}
1178 	if (memrxdone & MEMRX_RX_DONE) {
1179 		writew(0, &hw->memory_info_regs->memreg_rx_done);
1180 		spin_lock_irqsave(&hw->lock, flags);
1181 		hw->tx_ready = 1;
1182 		spin_unlock_irqrestore(&hw->lock, flags);
1183 		tx = 1;
1184 	}
1185 	if (tx)
1186 		writew(MEMRX_PCINTACKK,
1187 				&hw->memory_info_regs->memreg_pc_interrupt_ack);
1188 
1189 	acknowledge_pcmcia_interrupt(hw);
1190 
1191 	if (tx || rx)
1192 		tasklet_schedule(&hw->tasklet);
1193 	else if (!rx_repeat) {
1194 		if (hw->memreg_tx == &hw->memory_info_regs->memreg_tx_new) {
1195 			if (hw->serial_number_detected)
1196 				printk(KERN_WARNING IPWIRELESS_PCCARD_NAME
1197 					": spurious interrupt - new_tx mode\n");
1198 			else {
1199 				printk(KERN_WARNING IPWIRELESS_PCCARD_NAME
1200 					": no valid memreg_tx value - switching to the old memreg_tx\n");
1201 				hw->memreg_tx =
1202 					&hw->memory_info_regs->memreg_tx_old;
1203 				try_mem_tx_old = 1;
1204 			}
1205 		} else
1206 			printk(KERN_WARNING IPWIRELESS_PCCARD_NAME
1207 					": spurious interrupt - old_tx mode\n");
1208 	}
1209 
1210 	} while (try_mem_tx_old == 1);
1211 
1212 	return IRQ_HANDLED;
1213 }
1214 
1215 irqreturn_t ipwireless_interrupt(int irq, void *dev_id)
1216 {
1217 	struct ipw_dev *ipw = dev_id;
1218 
1219 	if (ipw->hardware->hw_version == HW_VERSION_1)
1220 		return ipwireless_handle_v1_interrupt(irq, ipw->hardware);
1221 	else
1222 		return ipwireless_handle_v2_v3_interrupt(irq, ipw->hardware);
1223 }
1224 
1225 static void flush_packets_to_hw(struct ipw_hardware *hw)
1226 {
1227 	int priority_limit;
1228 	unsigned long flags;
1229 
1230 	spin_lock_irqsave(&hw->lock, flags);
1231 	priority_limit = get_current_packet_priority(hw);
1232 	spin_unlock_irqrestore(&hw->lock, flags);
1233 
1234 	while (send_pending_packet(hw, priority_limit));
1235 }
1236 
1237 static void send_packet(struct ipw_hardware *hw, int priority,
1238 			struct ipw_tx_packet *packet)
1239 {
1240 	unsigned long flags;
1241 
1242 	spin_lock_irqsave(&hw->lock, flags);
1243 	list_add_tail(&packet->queue, &hw->tx_queue[priority]);
1244 	hw->tx_queued++;
1245 	spin_unlock_irqrestore(&hw->lock, flags);
1246 
1247 	flush_packets_to_hw(hw);
1248 }
1249 
1250 /* Create data packet, non-atomic allocation */
1251 static void *alloc_data_packet(int data_size,
1252 				unsigned char dest_addr,
1253 				unsigned char protocol)
1254 {
1255 	struct ipw_tx_packet *packet = kzalloc(
1256 			sizeof(struct ipw_tx_packet) + data_size,
1257 			GFP_ATOMIC);
1258 
1259 	if (!packet)
1260 		return NULL;
1261 
1262 	INIT_LIST_HEAD(&packet->queue);
1263 	packet->dest_addr = dest_addr;
1264 	packet->protocol = protocol;
1265 	packet->length = data_size;
1266 
1267 	return packet;
1268 }
1269 
1270 static void *alloc_ctrl_packet(int header_size,
1271 			       unsigned char dest_addr,
1272 			       unsigned char protocol,
1273 			       unsigned char sig_no)
1274 {
1275 	/*
1276 	 * sig_no is located right after ipw_tx_packet struct in every
1277 	 * CTRL or SETUP packets, we can use ipw_control_packet as a
1278 	 * common struct
1279 	 */
1280 	struct ipw_control_packet *packet = kzalloc(header_size, GFP_ATOMIC);
1281 
1282 	if (!packet)
1283 		return NULL;
1284 
1285 	INIT_LIST_HEAD(&packet->header.queue);
1286 	packet->header.dest_addr = dest_addr;
1287 	packet->header.protocol = protocol;
1288 	packet->header.length = header_size - sizeof(struct ipw_tx_packet);
1289 	packet->body.sig_no = sig_no;
1290 
1291 	return packet;
1292 }
1293 
1294 int ipwireless_send_packet(struct ipw_hardware *hw, unsigned int channel_idx,
1295 			    const unsigned char *data, unsigned int length,
1296 			    void (*callback) (void *cb, unsigned int length),
1297 			    void *callback_data)
1298 {
1299 	struct ipw_tx_packet *packet;
1300 
1301 	packet = alloc_data_packet(length, (channel_idx + 1),
1302 			TL_PROTOCOLID_COM_DATA);
1303 	if (!packet)
1304 		return -ENOMEM;
1305 	packet->packet_callback = callback;
1306 	packet->callback_data = callback_data;
1307 	memcpy((unsigned char *) packet + sizeof(struct ipw_tx_packet), data,
1308 			length);
1309 
1310 	send_packet(hw, PRIO_DATA, packet);
1311 	return 0;
1312 }
1313 
1314 static int set_control_line(struct ipw_hardware *hw, int prio,
1315 			   unsigned int channel_idx, int line, int state)
1316 {
1317 	struct ipw_control_packet *packet;
1318 	int protocolid = TL_PROTOCOLID_COM_CTRL;
1319 
1320 	if (prio == PRIO_SETUP)
1321 		protocolid = TL_PROTOCOLID_SETUP;
1322 
1323 	packet = alloc_ctrl_packet(sizeof(struct ipw_control_packet),
1324 			(channel_idx + 1), protocolid, line);
1325 	if (!packet)
1326 		return -ENOMEM;
1327 	packet->header.length = sizeof(struct ipw_control_packet_body);
1328 	packet->body.value = (state == 0 ? 0 : 1);
1329 	send_packet(hw, prio, &packet->header);
1330 	return 0;
1331 }
1332 
1333 
1334 static int set_DTR(struct ipw_hardware *hw, int priority,
1335 		   unsigned int channel_idx, int state)
1336 {
1337 	if (state != 0)
1338 		hw->control_lines[channel_idx] |= IPW_CONTROL_LINE_DTR;
1339 	else
1340 		hw->control_lines[channel_idx] &= ~IPW_CONTROL_LINE_DTR;
1341 
1342 	return set_control_line(hw, priority, channel_idx, COMCTRL_DTR, state);
1343 }
1344 
1345 static int set_RTS(struct ipw_hardware *hw, int priority,
1346 		   unsigned int channel_idx, int state)
1347 {
1348 	if (state != 0)
1349 		hw->control_lines[channel_idx] |= IPW_CONTROL_LINE_RTS;
1350 	else
1351 		hw->control_lines[channel_idx] &= ~IPW_CONTROL_LINE_RTS;
1352 
1353 	return set_control_line(hw, priority, channel_idx, COMCTRL_RTS, state);
1354 }
1355 
1356 int ipwireless_set_DTR(struct ipw_hardware *hw, unsigned int channel_idx,
1357 		       int state)
1358 {
1359 	return set_DTR(hw, PRIO_CTRL, channel_idx, state);
1360 }
1361 
1362 int ipwireless_set_RTS(struct ipw_hardware *hw, unsigned int channel_idx,
1363 		       int state)
1364 {
1365 	return set_RTS(hw, PRIO_CTRL, channel_idx, state);
1366 }
1367 
1368 struct ipw_setup_get_version_query_packet {
1369 	struct ipw_tx_packet header;
1370 	struct tl_setup_get_version_qry body;
1371 };
1372 
1373 struct ipw_setup_config_packet {
1374 	struct ipw_tx_packet header;
1375 	struct tl_setup_config_msg body;
1376 };
1377 
1378 struct ipw_setup_config_done_packet {
1379 	struct ipw_tx_packet header;
1380 	struct tl_setup_config_done_msg body;
1381 };
1382 
1383 struct ipw_setup_open_packet {
1384 	struct ipw_tx_packet header;
1385 	struct tl_setup_open_msg body;
1386 };
1387 
1388 struct ipw_setup_info_packet {
1389 	struct ipw_tx_packet header;
1390 	struct tl_setup_info_msg body;
1391 };
1392 
1393 struct ipw_setup_reboot_msg_ack {
1394 	struct ipw_tx_packet header;
1395 	struct TlSetupRebootMsgAck body;
1396 };
1397 
1398 /* This handles the actual initialization of the card */
1399 static void __handle_setup_get_version_rsp(struct ipw_hardware *hw)
1400 {
1401 	struct ipw_setup_config_packet *config_packet;
1402 	struct ipw_setup_config_done_packet *config_done_packet;
1403 	struct ipw_setup_open_packet *open_packet;
1404 	struct ipw_setup_info_packet *info_packet;
1405 	int port;
1406 	unsigned int channel_idx;
1407 
1408 	/* generate config packet */
1409 	for (port = 1; port <= NL_NUM_OF_ADDRESSES; port++) {
1410 		config_packet = alloc_ctrl_packet(
1411 				sizeof(struct ipw_setup_config_packet),
1412 				ADDR_SETUP_PROT,
1413 				TL_PROTOCOLID_SETUP,
1414 				TL_SETUP_SIGNO_CONFIG_MSG);
1415 		if (!config_packet)
1416 			goto exit_nomem;
1417 		config_packet->header.length = sizeof(struct tl_setup_config_msg);
1418 		config_packet->body.port_no = port;
1419 		config_packet->body.prio_data = PRIO_DATA;
1420 		config_packet->body.prio_ctrl = PRIO_CTRL;
1421 		send_packet(hw, PRIO_SETUP, &config_packet->header);
1422 	}
1423 	config_done_packet = alloc_ctrl_packet(
1424 			sizeof(struct ipw_setup_config_done_packet),
1425 			ADDR_SETUP_PROT,
1426 			TL_PROTOCOLID_SETUP,
1427 			TL_SETUP_SIGNO_CONFIG_DONE_MSG);
1428 	if (!config_done_packet)
1429 		goto exit_nomem;
1430 	config_done_packet->header.length = sizeof(struct tl_setup_config_done_msg);
1431 	send_packet(hw, PRIO_SETUP, &config_done_packet->header);
1432 
1433 	/* generate open packet */
1434 	for (port = 1; port <= NL_NUM_OF_ADDRESSES; port++) {
1435 		open_packet = alloc_ctrl_packet(
1436 				sizeof(struct ipw_setup_open_packet),
1437 				ADDR_SETUP_PROT,
1438 				TL_PROTOCOLID_SETUP,
1439 				TL_SETUP_SIGNO_OPEN_MSG);
1440 		if (!open_packet)
1441 			goto exit_nomem;
1442 		open_packet->header.length = sizeof(struct tl_setup_open_msg);
1443 		open_packet->body.port_no = port;
1444 		send_packet(hw, PRIO_SETUP, &open_packet->header);
1445 	}
1446 	for (channel_idx = 0;
1447 			channel_idx < NL_NUM_OF_ADDRESSES; channel_idx++) {
1448 		int ret;
1449 
1450 		ret = set_DTR(hw, PRIO_SETUP, channel_idx,
1451 			(hw->control_lines[channel_idx] &
1452 			 IPW_CONTROL_LINE_DTR) != 0);
1453 		if (ret) {
1454 			printk(KERN_ERR IPWIRELESS_PCCARD_NAME
1455 					": error setting DTR (%d)\n", ret);
1456 			return;
1457 		}
1458 
1459 		ret = set_RTS(hw, PRIO_SETUP, channel_idx,
1460 			(hw->control_lines [channel_idx] &
1461 			 IPW_CONTROL_LINE_RTS) != 0);
1462 		if (ret) {
1463 			printk(KERN_ERR IPWIRELESS_PCCARD_NAME
1464 					": error setting RTS (%d)\n", ret);
1465 			return;
1466 		}
1467 	}
1468 	/*
1469 	 * For NDIS we assume that we are using sync PPP frames, for COM async.
1470 	 * This driver uses NDIS mode too. We don't bother with translation
1471 	 * from async -> sync PPP.
1472 	 */
1473 	info_packet = alloc_ctrl_packet(sizeof(struct ipw_setup_info_packet),
1474 			ADDR_SETUP_PROT,
1475 			TL_PROTOCOLID_SETUP,
1476 			TL_SETUP_SIGNO_INFO_MSG);
1477 	if (!info_packet)
1478 		goto exit_nomem;
1479 	info_packet->header.length = sizeof(struct tl_setup_info_msg);
1480 	info_packet->body.driver_type = NDISWAN_DRIVER;
1481 	info_packet->body.major_version = NDISWAN_DRIVER_MAJOR_VERSION;
1482 	info_packet->body.minor_version = NDISWAN_DRIVER_MINOR_VERSION;
1483 	send_packet(hw, PRIO_SETUP, &info_packet->header);
1484 
1485 	/* Initialization is now complete, so we clear the 'to_setup' flag */
1486 	hw->to_setup = 0;
1487 
1488 	return;
1489 
1490 exit_nomem:
1491 	printk(KERN_ERR IPWIRELESS_PCCARD_NAME
1492 			": not enough memory to alloc control packet\n");
1493 	hw->to_setup = -1;
1494 }
1495 
1496 static void handle_setup_get_version_rsp(struct ipw_hardware *hw,
1497 		unsigned char vers_no)
1498 {
1499 	del_timer(&hw->setup_timer);
1500 	hw->initializing = 0;
1501 	printk(KERN_INFO IPWIRELESS_PCCARD_NAME ": card is ready.\n");
1502 
1503 	if (vers_no == TL_SETUP_VERSION)
1504 		__handle_setup_get_version_rsp(hw);
1505 	else
1506 		printk(KERN_ERR IPWIRELESS_PCCARD_NAME
1507 				": invalid hardware version no %u\n",
1508 				(unsigned int) vers_no);
1509 }
1510 
1511 static void ipw_send_setup_packet(struct ipw_hardware *hw)
1512 {
1513 	struct ipw_setup_get_version_query_packet *ver_packet;
1514 
1515 	ver_packet = alloc_ctrl_packet(
1516 			sizeof(struct ipw_setup_get_version_query_packet),
1517 			ADDR_SETUP_PROT, TL_PROTOCOLID_SETUP,
1518 			TL_SETUP_SIGNO_GET_VERSION_QRY);
1519 	ver_packet->header.length = sizeof(struct tl_setup_get_version_qry);
1520 
1521 	/*
1522 	 * Response is handled in handle_received_SETUP_packet
1523 	 */
1524 	send_packet(hw, PRIO_SETUP, &ver_packet->header);
1525 }
1526 
1527 static void handle_received_SETUP_packet(struct ipw_hardware *hw,
1528 					 unsigned int address,
1529 					 const unsigned char *data, int len,
1530 					 int is_last)
1531 {
1532 	const union ipw_setup_rx_msg *rx_msg = (const union ipw_setup_rx_msg *) data;
1533 
1534 	if (address != ADDR_SETUP_PROT) {
1535 		printk(KERN_INFO IPWIRELESS_PCCARD_NAME
1536 		       ": setup packet has bad address %d\n", address);
1537 		return;
1538 	}
1539 
1540 	switch (rx_msg->sig_no) {
1541 	case TL_SETUP_SIGNO_GET_VERSION_RSP:
1542 		if (hw->to_setup)
1543 			handle_setup_get_version_rsp(hw,
1544 					rx_msg->version_rsp_msg.version);
1545 		break;
1546 
1547 	case TL_SETUP_SIGNO_OPEN_MSG:
1548 		if (ipwireless_debug) {
1549 			unsigned int channel_idx = rx_msg->open_msg.port_no - 1;
1550 
1551 			printk(KERN_INFO IPWIRELESS_PCCARD_NAME
1552 			       ": OPEN_MSG [channel %u] reply received\n",
1553 			       channel_idx);
1554 		}
1555 		break;
1556 
1557 	case TL_SETUP_SIGNO_INFO_MSG_ACK:
1558 		if (ipwireless_debug)
1559 			printk(KERN_DEBUG IPWIRELESS_PCCARD_NAME
1560 			       ": card successfully configured as NDISWAN\n");
1561 		break;
1562 
1563 	case TL_SETUP_SIGNO_REBOOT_MSG:
1564 		if (hw->to_setup)
1565 			printk(KERN_DEBUG IPWIRELESS_PCCARD_NAME
1566 			       ": Setup not completed - ignoring reboot msg\n");
1567 		else {
1568 			struct ipw_setup_reboot_msg_ack *packet;
1569 
1570 			printk(KERN_DEBUG IPWIRELESS_PCCARD_NAME
1571 			       ": Acknowledging REBOOT message\n");
1572 			packet = alloc_ctrl_packet(
1573 					sizeof(struct ipw_setup_reboot_msg_ack),
1574 					ADDR_SETUP_PROT, TL_PROTOCOLID_SETUP,
1575 					TL_SETUP_SIGNO_REBOOT_MSG_ACK);
1576 			if (!packet) {
1577 				pr_err(IPWIRELESS_PCCARD_NAME
1578 				       ": Not enough memory to send reboot packet");
1579 				break;
1580 			}
1581 			packet->header.length =
1582 				sizeof(struct TlSetupRebootMsgAck);
1583 			send_packet(hw, PRIO_SETUP, &packet->header);
1584 			if (hw->reboot_callback)
1585 				hw->reboot_callback(hw->reboot_callback_data);
1586 		}
1587 		break;
1588 
1589 	default:
1590 		printk(KERN_INFO IPWIRELESS_PCCARD_NAME
1591 		       ": unknown setup message %u received\n",
1592 		       (unsigned int) rx_msg->sig_no);
1593 	}
1594 }
1595 
1596 static void do_close_hardware(struct ipw_hardware *hw)
1597 {
1598 	unsigned int irqn;
1599 
1600 	if (hw->hw_version == HW_VERSION_1) {
1601 		/* Disable TX and RX interrupts. */
1602 		outw(0, hw->base_port + IOIER);
1603 
1604 		/* Acknowledge any outstanding interrupt requests */
1605 		irqn = inw(hw->base_port + IOIR);
1606 		if (irqn & IR_TXINTR)
1607 			outw(IR_TXINTR, hw->base_port + IOIR);
1608 		if (irqn & IR_RXINTR)
1609 			outw(IR_RXINTR, hw->base_port + IOIR);
1610 
1611 		synchronize_irq(hw->irq);
1612 	}
1613 }
1614 
1615 struct ipw_hardware *ipwireless_hardware_create(void)
1616 {
1617 	int i;
1618 	struct ipw_hardware *hw =
1619 		kzalloc(sizeof(struct ipw_hardware), GFP_KERNEL);
1620 
1621 	if (!hw)
1622 		return NULL;
1623 
1624 	hw->irq = -1;
1625 	hw->initializing = 1;
1626 	hw->tx_ready = 1;
1627 	hw->rx_bytes_queued = 0;
1628 	hw->rx_pool_size = 0;
1629 	hw->last_memtx_serial = (unsigned short) 0xffff;
1630 	for (i = 0; i < NL_NUM_OF_PRIORITIES; i++)
1631 		INIT_LIST_HEAD(&hw->tx_queue[i]);
1632 
1633 	INIT_LIST_HEAD(&hw->rx_queue);
1634 	INIT_LIST_HEAD(&hw->rx_pool);
1635 	spin_lock_init(&hw->lock);
1636 	tasklet_init(&hw->tasklet, ipwireless_do_tasklet, (unsigned long) hw);
1637 	INIT_WORK(&hw->work_rx, ipw_receive_data_work);
1638 	timer_setup(&hw->setup_timer, ipwireless_setup_timer, 0);
1639 
1640 	return hw;
1641 }
1642 
1643 void ipwireless_init_hardware_v1(struct ipw_hardware *hw,
1644 		unsigned int base_port,
1645 		void __iomem *attr_memory,
1646 		void __iomem *common_memory,
1647 		int is_v2_card,
1648 		void (*reboot_callback) (void *data),
1649 		void *reboot_callback_data)
1650 {
1651 	if (hw->removed) {
1652 		hw->removed = 0;
1653 		enable_irq(hw->irq);
1654 	}
1655 	hw->base_port = base_port;
1656 	hw->hw_version = (is_v2_card ? HW_VERSION_2 : HW_VERSION_1);
1657 	hw->ll_mtu = (hw->hw_version == HW_VERSION_1 ? LL_MTU_V1 : LL_MTU_V2);
1658 	hw->memregs_CCR = (struct MEMCCR __iomem *)
1659 			((unsigned short __iomem *) attr_memory + 0x200);
1660 	hw->memory_info_regs = (struct MEMINFREG __iomem *) common_memory;
1661 	hw->memreg_tx = &hw->memory_info_regs->memreg_tx_new;
1662 	hw->reboot_callback = reboot_callback;
1663 	hw->reboot_callback_data = reboot_callback_data;
1664 }
1665 
1666 void ipwireless_init_hardware_v2_v3(struct ipw_hardware *hw)
1667 {
1668 	hw->initializing = 1;
1669 	hw->init_loops = 0;
1670 	printk(KERN_INFO IPWIRELESS_PCCARD_NAME
1671 	       ": waiting for card to start up...\n");
1672 	ipwireless_setup_timer(&hw->setup_timer);
1673 }
1674 
1675 static void ipwireless_setup_timer(struct timer_list *t)
1676 {
1677 	struct ipw_hardware *hw = from_timer(hw, t, setup_timer);
1678 
1679 	hw->init_loops++;
1680 
1681 	if (hw->init_loops == TL_SETUP_MAX_VERSION_QRY &&
1682 			hw->hw_version == HW_VERSION_2 &&
1683 			hw->memreg_tx == &hw->memory_info_regs->memreg_tx_new) {
1684 		printk(KERN_INFO IPWIRELESS_PCCARD_NAME
1685 				": failed to startup using TX2, trying TX\n");
1686 
1687 		hw->memreg_tx = &hw->memory_info_regs->memreg_tx_old;
1688 		hw->init_loops = 0;
1689 	}
1690 	/* Give up after a certain number of retries */
1691 	if (hw->init_loops == TL_SETUP_MAX_VERSION_QRY) {
1692 		printk(KERN_INFO IPWIRELESS_PCCARD_NAME
1693 		       ": card failed to start up!\n");
1694 		hw->initializing = 0;
1695 	} else {
1696 		/* Do not attempt to write to the board if it is not present. */
1697 		if (is_card_present(hw)) {
1698 			unsigned long flags;
1699 
1700 			spin_lock_irqsave(&hw->lock, flags);
1701 			hw->to_setup = 1;
1702 			hw->tx_ready = 1;
1703 			spin_unlock_irqrestore(&hw->lock, flags);
1704 			tasklet_schedule(&hw->tasklet);
1705 		}
1706 
1707 		mod_timer(&hw->setup_timer,
1708 			jiffies + msecs_to_jiffies(TL_SETUP_VERSION_QRY_TMO));
1709 	}
1710 }
1711 
1712 /*
1713  * Stop any interrupts from executing so that, once this function returns,
1714  * other layers of the driver can be sure they won't get any more callbacks.
1715  * Thus must be called on a proper process context.
1716  */
1717 void ipwireless_stop_interrupts(struct ipw_hardware *hw)
1718 {
1719 	if (!hw->shutting_down) {
1720 		/* Tell everyone we are going down. */
1721 		hw->shutting_down = 1;
1722 		del_timer(&hw->setup_timer);
1723 
1724 		/* Prevent the hardware from sending any more interrupts */
1725 		do_close_hardware(hw);
1726 	}
1727 }
1728 
1729 void ipwireless_hardware_free(struct ipw_hardware *hw)
1730 {
1731 	int i;
1732 	struct ipw_rx_packet *rp, *rq;
1733 	struct ipw_tx_packet *tp, *tq;
1734 
1735 	ipwireless_stop_interrupts(hw);
1736 
1737 	flush_work(&hw->work_rx);
1738 
1739 	for (i = 0; i < NL_NUM_OF_ADDRESSES; i++)
1740 		kfree(hw->packet_assembler[i]);
1741 
1742 	for (i = 0; i < NL_NUM_OF_PRIORITIES; i++)
1743 		list_for_each_entry_safe(tp, tq, &hw->tx_queue[i], queue) {
1744 			list_del(&tp->queue);
1745 			kfree(tp);
1746 		}
1747 
1748 	list_for_each_entry_safe(rp, rq, &hw->rx_queue, queue) {
1749 		list_del(&rp->queue);
1750 		kfree(rp);
1751 	}
1752 
1753 	list_for_each_entry_safe(rp, rq, &hw->rx_pool, queue) {
1754 		list_del(&rp->queue);
1755 		kfree(rp);
1756 	}
1757 	kfree(hw);
1758 }
1759 
1760 /*
1761  * Associate the specified network with this hardware, so it will receive events
1762  * from it.
1763  */
1764 void ipwireless_associate_network(struct ipw_hardware *hw,
1765 				  struct ipw_network *network)
1766 {
1767 	hw->network = network;
1768 }
1769