drivers/net/wireless/mwl8k.c at v3.0-rc2

tjh.dev / kernel
fork
Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel os linux
fork
kernel / drivers / net / wireless / mwl8k.c
at v3.0-rc2 5762 lines 142 kB view raw
wrap content
   1/*
   2 * drivers/net/wireless/mwl8k.c
   3 * Driver for Marvell TOPDOG 802.11 Wireless cards
   4 *
   5 * Copyright (C) 2008, 2009, 2010 Marvell Semiconductor Inc.
   6 *
   7 * This file is licensed under the terms of the GNU General Public
   8 * License version 2.  This program is licensed "as is" without any
   9 * warranty of any kind, whether express or implied.
  10 */
  11
  12#include <linux/init.h>
  13#include <linux/module.h>
  14#include <linux/kernel.h>
  15#include <linux/sched.h>
  16#include <linux/spinlock.h>
  17#include <linux/list.h>
  18#include <linux/pci.h>
  19#include <linux/delay.h>
  20#include <linux/completion.h>
  21#include <linux/etherdevice.h>
  22#include <linux/slab.h>
  23#include <net/mac80211.h>
  24#include <linux/moduleparam.h>
  25#include <linux/firmware.h>
  26#include <linux/workqueue.h>
  27
  28#define MWL8K_DESC	"Marvell TOPDOG(R) 802.11 Wireless Network Driver"
  29#define MWL8K_NAME	KBUILD_MODNAME
  30#define MWL8K_VERSION	"0.12"
  31
  32/* Module parameters */
  33static unsigned ap_mode_default;
  34module_param(ap_mode_default, bool, 0);
  35MODULE_PARM_DESC(ap_mode_default,
  36		 "Set to 1 to make ap mode the default instead of sta mode");
  37
  38/* Register definitions */
  39#define MWL8K_HIU_GEN_PTR			0x00000c10
  40#define  MWL8K_MODE_STA				 0x0000005a
  41#define  MWL8K_MODE_AP				 0x000000a5
  42#define MWL8K_HIU_INT_CODE			0x00000c14
  43#define  MWL8K_FWSTA_READY			 0xf0f1f2f4
  44#define  MWL8K_FWAP_READY			 0xf1f2f4a5
  45#define  MWL8K_INT_CODE_CMD_FINISHED		 0x00000005
  46#define MWL8K_HIU_SCRATCH			0x00000c40
  47
  48/* Host->device communications */
  49#define MWL8K_HIU_H2A_INTERRUPT_EVENTS		0x00000c18
  50#define MWL8K_HIU_H2A_INTERRUPT_STATUS		0x00000c1c
  51#define MWL8K_HIU_H2A_INTERRUPT_MASK		0x00000c20
  52#define MWL8K_HIU_H2A_INTERRUPT_CLEAR_SEL	0x00000c24
  53#define MWL8K_HIU_H2A_INTERRUPT_STATUS_MASK	0x00000c28
  54#define  MWL8K_H2A_INT_DUMMY			 (1 << 20)
  55#define  MWL8K_H2A_INT_RESET			 (1 << 15)
  56#define  MWL8K_H2A_INT_DOORBELL			 (1 << 1)
  57#define  MWL8K_H2A_INT_PPA_READY		 (1 << 0)
  58
  59/* Device->host communications */
  60#define MWL8K_HIU_A2H_INTERRUPT_EVENTS		0x00000c2c
  61#define MWL8K_HIU_A2H_INTERRUPT_STATUS		0x00000c30
  62#define MWL8K_HIU_A2H_INTERRUPT_MASK		0x00000c34
  63#define MWL8K_HIU_A2H_INTERRUPT_CLEAR_SEL	0x00000c38
  64#define MWL8K_HIU_A2H_INTERRUPT_STATUS_MASK	0x00000c3c
  65#define  MWL8K_A2H_INT_DUMMY			 (1 << 20)
  66#define  MWL8K_A2H_INT_BA_WATCHDOG		 (1 << 14)
  67#define  MWL8K_A2H_INT_CHNL_SWITCHED		 (1 << 11)
  68#define  MWL8K_A2H_INT_QUEUE_EMPTY		 (1 << 10)
  69#define  MWL8K_A2H_INT_RADAR_DETECT		 (1 << 7)
  70#define  MWL8K_A2H_INT_RADIO_ON			 (1 << 6)
  71#define  MWL8K_A2H_INT_RADIO_OFF		 (1 << 5)
  72#define  MWL8K_A2H_INT_MAC_EVENT		 (1 << 3)
  73#define  MWL8K_A2H_INT_OPC_DONE			 (1 << 2)
  74#define  MWL8K_A2H_INT_RX_READY			 (1 << 1)
  75#define  MWL8K_A2H_INT_TX_DONE			 (1 << 0)
  76
  77/* HW micro second timer register
  78 * located at offset 0xA600. This
  79 * will be used to timestamp tx
  80 * packets.
  81 */
  82
  83#define	MWL8K_HW_TIMER_REGISTER			0x0000a600
  84
  85#define MWL8K_A2H_EVENTS	(MWL8K_A2H_INT_DUMMY | \
  86				 MWL8K_A2H_INT_CHNL_SWITCHED | \
  87				 MWL8K_A2H_INT_QUEUE_EMPTY | \
  88				 MWL8K_A2H_INT_RADAR_DETECT | \
  89				 MWL8K_A2H_INT_RADIO_ON | \
  90				 MWL8K_A2H_INT_RADIO_OFF | \
  91				 MWL8K_A2H_INT_MAC_EVENT | \
  92				 MWL8K_A2H_INT_OPC_DONE | \
  93				 MWL8K_A2H_INT_RX_READY | \
  94				 MWL8K_A2H_INT_TX_DONE | \
  95				 MWL8K_A2H_INT_BA_WATCHDOG)
  96
  97#define MWL8K_RX_QUEUES		1
  98#define MWL8K_TX_WMM_QUEUES	4
  99#define MWL8K_MAX_AMPDU_QUEUES	8
 100#define MWL8K_MAX_TX_QUEUES	(MWL8K_TX_WMM_QUEUES + MWL8K_MAX_AMPDU_QUEUES)
 101#define mwl8k_tx_queues(priv)	(MWL8K_TX_WMM_QUEUES + (priv)->num_ampdu_queues)
 102
 103struct rxd_ops {
 104	int rxd_size;
 105	void (*rxd_init)(void *rxd, dma_addr_t next_dma_addr);
 106	void (*rxd_refill)(void *rxd, dma_addr_t addr, int len);
 107	int (*rxd_process)(void *rxd, struct ieee80211_rx_status *status,
 108			   __le16 *qos, s8 *noise);
 109};
 110
 111struct mwl8k_device_info {
 112	char *part_name;
 113	char *helper_image;
 114	char *fw_image_sta;
 115	char *fw_image_ap;
 116	struct rxd_ops *ap_rxd_ops;
 117	u32 fw_api_ap;
 118};
 119
 120struct mwl8k_rx_queue {
 121	int rxd_count;
 122
 123	/* hw receives here */
 124	int head;
 125
 126	/* refill descs here */
 127	int tail;
 128
 129	void *rxd;
 130	dma_addr_t rxd_dma;
 131	struct {
 132		struct sk_buff *skb;
 133		DEFINE_DMA_UNMAP_ADDR(dma);
 134	} *buf;
 135};
 136
 137struct mwl8k_tx_queue {
 138	/* hw transmits here */
 139	int head;
 140
 141	/* sw appends here */
 142	int tail;
 143
 144	unsigned int len;
 145	struct mwl8k_tx_desc *txd;
 146	dma_addr_t txd_dma;
 147	struct sk_buff **skb;
 148};
 149
 150enum {
 151	AMPDU_NO_STREAM,
 152	AMPDU_STREAM_NEW,
 153	AMPDU_STREAM_IN_PROGRESS,
 154	AMPDU_STREAM_ACTIVE,
 155};
 156
 157struct mwl8k_ampdu_stream {
 158	struct ieee80211_sta *sta;
 159	u8 tid;
 160	u8 state;
 161	u8 idx;
 162	u8 txq_idx; /* index of this stream in priv->txq */
 163};
 164
 165struct mwl8k_priv {
 166	struct ieee80211_hw *hw;
 167	struct pci_dev *pdev;
 168	int irq;
 169
 170	struct mwl8k_device_info *device_info;
 171
 172	void __iomem *sram;
 173	void __iomem *regs;
 174
 175	/* firmware */
 176	const struct firmware *fw_helper;
 177	const struct firmware *fw_ucode;
 178
 179	/* hardware/firmware parameters */
 180	bool ap_fw;
 181	struct rxd_ops *rxd_ops;
 182	struct ieee80211_supported_band band_24;
 183	struct ieee80211_channel channels_24[14];
 184	struct ieee80211_rate rates_24[14];
 185	struct ieee80211_supported_band band_50;
 186	struct ieee80211_channel channels_50[4];
 187	struct ieee80211_rate rates_50[9];
 188	u32 ap_macids_supported;
 189	u32 sta_macids_supported;
 190
 191	/* Ampdu stream information */
 192	u8 num_ampdu_queues;
 193	spinlock_t stream_lock;
 194	struct mwl8k_ampdu_stream ampdu[MWL8K_MAX_AMPDU_QUEUES];
 195	struct work_struct watchdog_ba_handle;
 196
 197	/* firmware access */
 198	struct mutex fw_mutex;
 199	struct task_struct *fw_mutex_owner;
 200	int fw_mutex_depth;
 201	struct completion *hostcmd_wait;
 202
 203	/* lock held over TX and TX reap */
 204	spinlock_t tx_lock;
 205
 206	/* TX quiesce completion, protected by fw_mutex and tx_lock */
 207	struct completion *tx_wait;
 208
 209	/* List of interfaces.  */
 210	u32 macids_used;
 211	struct list_head vif_list;
 212
 213	/* power management status cookie from firmware */
 214	u32 *cookie;
 215	dma_addr_t cookie_dma;
 216
 217	u16 num_mcaddrs;
 218	u8 hw_rev;
 219	u32 fw_rev;
 220
 221	/*
 222	 * Running count of TX packets in flight, to avoid
 223	 * iterating over the transmit rings each time.
 224	 */
 225	int pending_tx_pkts;
 226
 227	struct mwl8k_rx_queue rxq[MWL8K_RX_QUEUES];
 228	struct mwl8k_tx_queue txq[MWL8K_MAX_TX_QUEUES];
 229	u32 txq_offset[MWL8K_MAX_TX_QUEUES];
 230
 231	bool radio_on;
 232	bool radio_short_preamble;
 233	bool sniffer_enabled;
 234	bool wmm_enabled;
 235
 236	/* XXX need to convert this to handle multiple interfaces */
 237	bool capture_beacon;
 238	u8 capture_bssid[ETH_ALEN];
 239	struct sk_buff *beacon_skb;
 240
 241	/*
 242	 * This FJ worker has to be global as it is scheduled from the
 243	 * RX handler.  At this point we don't know which interface it
 244	 * belongs to until the list of bssids waiting to complete join
 245	 * is checked.
 246	 */
 247	struct work_struct finalize_join_worker;
 248
 249	/* Tasklet to perform TX reclaim.  */
 250	struct tasklet_struct poll_tx_task;
 251
 252	/* Tasklet to perform RX.  */
 253	struct tasklet_struct poll_rx_task;
 254
 255	/* Most recently reported noise in dBm */
 256	s8 noise;
 257
 258	/*
 259	 * preserve the queue configurations so they can be restored if/when
 260	 * the firmware image is swapped.
 261	 */
 262	struct ieee80211_tx_queue_params wmm_params[MWL8K_TX_WMM_QUEUES];
 263
 264	/* async firmware loading state */
 265	unsigned fw_state;
 266	char *fw_pref;
 267	char *fw_alt;
 268	struct completion firmware_loading_complete;
 269};
 270
 271#define MAX_WEP_KEY_LEN         13
 272#define NUM_WEP_KEYS            4
 273
 274/* Per interface specific private data */
 275struct mwl8k_vif {
 276	struct list_head list;
 277	struct ieee80211_vif *vif;
 278
 279	/* Firmware macid for this vif.  */
 280	int macid;
 281
 282	/* Non AMPDU sequence number assigned by driver.  */
 283	u16 seqno;
 284
 285	/* Saved WEP keys */
 286	struct {
 287		u8 enabled;
 288		u8 key[sizeof(struct ieee80211_key_conf) + MAX_WEP_KEY_LEN];
 289	} wep_key_conf[NUM_WEP_KEYS];
 290
 291	/* BSSID */
 292	u8 bssid[ETH_ALEN];
 293
 294	/* A flag to indicate is HW crypto is enabled for this bssid */
 295	bool is_hw_crypto_enabled;
 296};
 297#define MWL8K_VIF(_vif) ((struct mwl8k_vif *)&((_vif)->drv_priv))
 298#define IEEE80211_KEY_CONF(_u8) ((struct ieee80211_key_conf *)(_u8))
 299
 300struct tx_traffic_info {
 301	u32 start_time;
 302	u32 pkts;
 303};
 304
 305#define MWL8K_MAX_TID 8
 306struct mwl8k_sta {
 307	/* Index into station database. Returned by UPDATE_STADB.  */
 308	u8 peer_id;
 309	u8 is_ampdu_allowed;
 310	struct tx_traffic_info tx_stats[MWL8K_MAX_TID];
 311};
 312#define MWL8K_STA(_sta) ((struct mwl8k_sta *)&((_sta)->drv_priv))
 313
 314static const struct ieee80211_channel mwl8k_channels_24[] = {
 315	{ .center_freq = 2412, .hw_value = 1, },
 316	{ .center_freq = 2417, .hw_value = 2, },
 317	{ .center_freq = 2422, .hw_value = 3, },
 318	{ .center_freq = 2427, .hw_value = 4, },
 319	{ .center_freq = 2432, .hw_value = 5, },
 320	{ .center_freq = 2437, .hw_value = 6, },
 321	{ .center_freq = 2442, .hw_value = 7, },
 322	{ .center_freq = 2447, .hw_value = 8, },
 323	{ .center_freq = 2452, .hw_value = 9, },
 324	{ .center_freq = 2457, .hw_value = 10, },
 325	{ .center_freq = 2462, .hw_value = 11, },
 326	{ .center_freq = 2467, .hw_value = 12, },
 327	{ .center_freq = 2472, .hw_value = 13, },
 328	{ .center_freq = 2484, .hw_value = 14, },
 329};
 330
 331static const struct ieee80211_rate mwl8k_rates_24[] = {
 332	{ .bitrate = 10, .hw_value = 2, },
 333	{ .bitrate = 20, .hw_value = 4, },
 334	{ .bitrate = 55, .hw_value = 11, },
 335	{ .bitrate = 110, .hw_value = 22, },
 336	{ .bitrate = 220, .hw_value = 44, },
 337	{ .bitrate = 60, .hw_value = 12, },
 338	{ .bitrate = 90, .hw_value = 18, },
 339	{ .bitrate = 120, .hw_value = 24, },
 340	{ .bitrate = 180, .hw_value = 36, },
 341	{ .bitrate = 240, .hw_value = 48, },
 342	{ .bitrate = 360, .hw_value = 72, },
 343	{ .bitrate = 480, .hw_value = 96, },
 344	{ .bitrate = 540, .hw_value = 108, },
 345	{ .bitrate = 720, .hw_value = 144, },
 346};
 347
 348static const struct ieee80211_channel mwl8k_channels_50[] = {
 349	{ .center_freq = 5180, .hw_value = 36, },
 350	{ .center_freq = 5200, .hw_value = 40, },
 351	{ .center_freq = 5220, .hw_value = 44, },
 352	{ .center_freq = 5240, .hw_value = 48, },
 353};
 354
 355static const struct ieee80211_rate mwl8k_rates_50[] = {
 356	{ .bitrate = 60, .hw_value = 12, },
 357	{ .bitrate = 90, .hw_value = 18, },
 358	{ .bitrate = 120, .hw_value = 24, },
 359	{ .bitrate = 180, .hw_value = 36, },
 360	{ .bitrate = 240, .hw_value = 48, },
 361	{ .bitrate = 360, .hw_value = 72, },
 362	{ .bitrate = 480, .hw_value = 96, },
 363	{ .bitrate = 540, .hw_value = 108, },
 364	{ .bitrate = 720, .hw_value = 144, },
 365};
 366
 367/* Set or get info from Firmware */
 368#define MWL8K_CMD_GET			0x0000
 369#define MWL8K_CMD_SET			0x0001
 370#define MWL8K_CMD_SET_LIST		0x0002
 371
 372/* Firmware command codes */
 373#define MWL8K_CMD_CODE_DNLD		0x0001
 374#define MWL8K_CMD_GET_HW_SPEC		0x0003
 375#define MWL8K_CMD_SET_HW_SPEC		0x0004
 376#define MWL8K_CMD_MAC_MULTICAST_ADR	0x0010
 377#define MWL8K_CMD_GET_STAT		0x0014
 378#define MWL8K_CMD_RADIO_CONTROL		0x001c
 379#define MWL8K_CMD_RF_TX_POWER		0x001e
 380#define MWL8K_CMD_TX_POWER		0x001f
 381#define MWL8K_CMD_RF_ANTENNA		0x0020
 382#define MWL8K_CMD_SET_BEACON		0x0100		/* per-vif */
 383#define MWL8K_CMD_SET_PRE_SCAN		0x0107
 384#define MWL8K_CMD_SET_POST_SCAN		0x0108
 385#define MWL8K_CMD_SET_RF_CHANNEL	0x010a
 386#define MWL8K_CMD_SET_AID		0x010d
 387#define MWL8K_CMD_SET_RATE		0x0110
 388#define MWL8K_CMD_SET_FINALIZE_JOIN	0x0111
 389#define MWL8K_CMD_RTS_THRESHOLD		0x0113
 390#define MWL8K_CMD_SET_SLOT		0x0114
 391#define MWL8K_CMD_SET_EDCA_PARAMS	0x0115
 392#define MWL8K_CMD_SET_WMM_MODE		0x0123
 393#define MWL8K_CMD_MIMO_CONFIG		0x0125
 394#define MWL8K_CMD_USE_FIXED_RATE	0x0126
 395#define MWL8K_CMD_ENABLE_SNIFFER	0x0150
 396#define MWL8K_CMD_SET_MAC_ADDR		0x0202		/* per-vif */
 397#define MWL8K_CMD_SET_RATEADAPT_MODE	0x0203
 398#define MWL8K_CMD_GET_WATCHDOG_BITMAP	0x0205
 399#define MWL8K_CMD_BSS_START		0x1100		/* per-vif */
 400#define MWL8K_CMD_SET_NEW_STN		0x1111		/* per-vif */
 401#define MWL8K_CMD_UPDATE_ENCRYPTION	0x1122		/* per-vif */
 402#define MWL8K_CMD_UPDATE_STADB		0x1123
 403#define MWL8K_CMD_BASTREAM		0x1125
 404
 405static const char *mwl8k_cmd_name(__le16 cmd, char *buf, int bufsize)
 406{
 407	u16 command = le16_to_cpu(cmd);
 408
 409#define MWL8K_CMDNAME(x)	case MWL8K_CMD_##x: do {\
 410					snprintf(buf, bufsize, "%s", #x);\
 411					return buf;\
 412					} while (0)
 413	switch (command & ~0x8000) {
 414		MWL8K_CMDNAME(CODE_DNLD);
 415		MWL8K_CMDNAME(GET_HW_SPEC);
 416		MWL8K_CMDNAME(SET_HW_SPEC);
 417		MWL8K_CMDNAME(MAC_MULTICAST_ADR);
 418		MWL8K_CMDNAME(GET_STAT);
 419		MWL8K_CMDNAME(RADIO_CONTROL);
 420		MWL8K_CMDNAME(RF_TX_POWER);
 421		MWL8K_CMDNAME(TX_POWER);
 422		MWL8K_CMDNAME(RF_ANTENNA);
 423		MWL8K_CMDNAME(SET_BEACON);
 424		MWL8K_CMDNAME(SET_PRE_SCAN);
 425		MWL8K_CMDNAME(SET_POST_SCAN);
 426		MWL8K_CMDNAME(SET_RF_CHANNEL);
 427		MWL8K_CMDNAME(SET_AID);
 428		MWL8K_CMDNAME(SET_RATE);
 429		MWL8K_CMDNAME(SET_FINALIZE_JOIN);
 430		MWL8K_CMDNAME(RTS_THRESHOLD);
 431		MWL8K_CMDNAME(SET_SLOT);
 432		MWL8K_CMDNAME(SET_EDCA_PARAMS);
 433		MWL8K_CMDNAME(SET_WMM_MODE);
 434		MWL8K_CMDNAME(MIMO_CONFIG);
 435		MWL8K_CMDNAME(USE_FIXED_RATE);
 436		MWL8K_CMDNAME(ENABLE_SNIFFER);
 437		MWL8K_CMDNAME(SET_MAC_ADDR);
 438		MWL8K_CMDNAME(SET_RATEADAPT_MODE);
 439		MWL8K_CMDNAME(BSS_START);
 440		MWL8K_CMDNAME(SET_NEW_STN);
 441		MWL8K_CMDNAME(UPDATE_ENCRYPTION);
 442		MWL8K_CMDNAME(UPDATE_STADB);
 443		MWL8K_CMDNAME(BASTREAM);
 444		MWL8K_CMDNAME(GET_WATCHDOG_BITMAP);
 445	default:
 446		snprintf(buf, bufsize, "0x%x", cmd);
 447	}
 448#undef MWL8K_CMDNAME
 449
 450	return buf;
 451}
 452
 453/* Hardware and firmware reset */
 454static void mwl8k_hw_reset(struct mwl8k_priv *priv)
 455{
 456	iowrite32(MWL8K_H2A_INT_RESET,
 457		priv->regs + MWL8K_HIU_H2A_INTERRUPT_EVENTS);
 458	iowrite32(MWL8K_H2A_INT_RESET,
 459		priv->regs + MWL8K_HIU_H2A_INTERRUPT_EVENTS);
 460	msleep(20);
 461}
 462
 463/* Release fw image */
 464static void mwl8k_release_fw(const struct firmware **fw)
 465{
 466	if (*fw == NULL)
 467		return;
 468	release_firmware(*fw);
 469	*fw = NULL;
 470}
 471
 472static void mwl8k_release_firmware(struct mwl8k_priv *priv)
 473{
 474	mwl8k_release_fw(&priv->fw_ucode);
 475	mwl8k_release_fw(&priv->fw_helper);
 476}
 477
 478/* states for asynchronous f/w loading */
 479static void mwl8k_fw_state_machine(const struct firmware *fw, void *context);
 480enum {
 481	FW_STATE_INIT = 0,
 482	FW_STATE_LOADING_PREF,
 483	FW_STATE_LOADING_ALT,
 484	FW_STATE_ERROR,
 485};
 486
 487/* Request fw image */
 488static int mwl8k_request_fw(struct mwl8k_priv *priv,
 489			    const char *fname, const struct firmware **fw,
 490			    bool nowait)
 491{
 492	/* release current image */
 493	if (*fw != NULL)
 494		mwl8k_release_fw(fw);
 495
 496	if (nowait)
 497		return request_firmware_nowait(THIS_MODULE, 1, fname,
 498					       &priv->pdev->dev, GFP_KERNEL,
 499					       priv, mwl8k_fw_state_machine);
 500	else
 501		return request_firmware(fw, fname, &priv->pdev->dev);
 502}
 503
 504static int mwl8k_request_firmware(struct mwl8k_priv *priv, char *fw_image,
 505				  bool nowait)
 506{
 507	struct mwl8k_device_info *di = priv->device_info;
 508	int rc;
 509
 510	if (di->helper_image != NULL) {
 511		if (nowait)
 512			rc = mwl8k_request_fw(priv, di->helper_image,
 513					      &priv->fw_helper, true);
 514		else
 515			rc = mwl8k_request_fw(priv, di->helper_image,
 516					      &priv->fw_helper, false);
 517		if (rc)
 518			printk(KERN_ERR "%s: Error requesting helper fw %s\n",
 519			       pci_name(priv->pdev), di->helper_image);
 520
 521		if (rc || nowait)
 522			return rc;
 523	}
 524
 525	if (nowait) {
 526		/*
 527		 * if we get here, no helper image is needed.  Skip the
 528		 * FW_STATE_INIT state.
 529		 */
 530		priv->fw_state = FW_STATE_LOADING_PREF;
 531		rc = mwl8k_request_fw(priv, fw_image,
 532				      &priv->fw_ucode,
 533				      true);
 534	} else
 535		rc = mwl8k_request_fw(priv, fw_image,
 536				      &priv->fw_ucode, false);
 537	if (rc) {
 538		printk(KERN_ERR "%s: Error requesting firmware file %s\n",
 539		       pci_name(priv->pdev), fw_image);
 540		mwl8k_release_fw(&priv->fw_helper);
 541		return rc;
 542	}
 543
 544	return 0;
 545}
 546
 547struct mwl8k_cmd_pkt {
 548	__le16	code;
 549	__le16	length;
 550	__u8	seq_num;
 551	__u8	macid;
 552	__le16	result;
 553	char	payload[0];
 554} __packed;
 555
 556/*
 557 * Firmware loading.
 558 */
 559static int
 560mwl8k_send_fw_load_cmd(struct mwl8k_priv *priv, void *data, int length)
 561{
 562	void __iomem *regs = priv->regs;
 563	dma_addr_t dma_addr;
 564	int loops;
 565
 566	dma_addr = pci_map_single(priv->pdev, data, length, PCI_DMA_TODEVICE);
 567	if (pci_dma_mapping_error(priv->pdev, dma_addr))
 568		return -ENOMEM;
 569
 570	iowrite32(dma_addr, regs + MWL8K_HIU_GEN_PTR);
 571	iowrite32(0, regs + MWL8K_HIU_INT_CODE);
 572	iowrite32(MWL8K_H2A_INT_DOORBELL,
 573		regs + MWL8K_HIU_H2A_INTERRUPT_EVENTS);
 574	iowrite32(MWL8K_H2A_INT_DUMMY,
 575		regs + MWL8K_HIU_H2A_INTERRUPT_EVENTS);
 576
 577	loops = 1000;
 578	do {
 579		u32 int_code;
 580
 581		int_code = ioread32(regs + MWL8K_HIU_INT_CODE);
 582		if (int_code == MWL8K_INT_CODE_CMD_FINISHED) {
 583			iowrite32(0, regs + MWL8K_HIU_INT_CODE);
 584			break;
 585		}
 586
 587		cond_resched();
 588		udelay(1);
 589	} while (--loops);
 590
 591	pci_unmap_single(priv->pdev, dma_addr, length, PCI_DMA_TODEVICE);
 592
 593	return loops ? 0 : -ETIMEDOUT;
 594}
 595
 596static int mwl8k_load_fw_image(struct mwl8k_priv *priv,
 597				const u8 *data, size_t length)
 598{
 599	struct mwl8k_cmd_pkt *cmd;
 600	int done;
 601	int rc = 0;
 602
 603	cmd = kmalloc(sizeof(*cmd) + 256, GFP_KERNEL);
 604	if (cmd == NULL)
 605		return -ENOMEM;
 606
 607	cmd->code = cpu_to_le16(MWL8K_CMD_CODE_DNLD);
 608	cmd->seq_num = 0;
 609	cmd->macid = 0;
 610	cmd->result = 0;
 611
 612	done = 0;
 613	while (length) {
 614		int block_size = length > 256 ? 256 : length;
 615
 616		memcpy(cmd->payload, data + done, block_size);
 617		cmd->length = cpu_to_le16(block_size);
 618
 619		rc = mwl8k_send_fw_load_cmd(priv, cmd,
 620						sizeof(*cmd) + block_size);
 621		if (rc)
 622			break;
 623
 624		done += block_size;
 625		length -= block_size;
 626	}
 627
 628	if (!rc) {
 629		cmd->length = 0;
 630		rc = mwl8k_send_fw_load_cmd(priv, cmd, sizeof(*cmd));
 631	}
 632
 633	kfree(cmd);
 634
 635	return rc;
 636}
 637
 638static int mwl8k_feed_fw_image(struct mwl8k_priv *priv,
 639				const u8 *data, size_t length)
 640{
 641	unsigned char *buffer;
 642	int may_continue, rc = 0;
 643	u32 done, prev_block_size;
 644
 645	buffer = kmalloc(1024, GFP_KERNEL);
 646	if (buffer == NULL)
 647		return -ENOMEM;
 648
 649	done = 0;
 650	prev_block_size = 0;
 651	may_continue = 1000;
 652	while (may_continue > 0) {
 653		u32 block_size;
 654
 655		block_size = ioread32(priv->regs + MWL8K_HIU_SCRATCH);
 656		if (block_size & 1) {
 657			block_size &= ~1;
 658			may_continue--;
 659		} else {
 660			done += prev_block_size;
 661			length -= prev_block_size;
 662		}
 663
 664		if (block_size > 1024 || block_size > length) {
 665			rc = -EOVERFLOW;
 666			break;
 667		}
 668
 669		if (length == 0) {
 670			rc = 0;
 671			break;
 672		}
 673
 674		if (block_size == 0) {
 675			rc = -EPROTO;
 676			may_continue--;
 677			udelay(1);
 678			continue;
 679		}
 680
 681		prev_block_size = block_size;
 682		memcpy(buffer, data + done, block_size);
 683
 684		rc = mwl8k_send_fw_load_cmd(priv, buffer, block_size);
 685		if (rc)
 686			break;
 687	}
 688
 689	if (!rc && length != 0)
 690		rc = -EREMOTEIO;
 691
 692	kfree(buffer);
 693
 694	return rc;
 695}
 696
 697static int mwl8k_load_firmware(struct ieee80211_hw *hw)
 698{
 699	struct mwl8k_priv *priv = hw->priv;
 700	const struct firmware *fw = priv->fw_ucode;
 701	int rc;
 702	int loops;
 703
 704	if (!memcmp(fw->data, "\x01\x00\x00\x00", 4)) {
 705		const struct firmware *helper = priv->fw_helper;
 706
 707		if (helper == NULL) {
 708			printk(KERN_ERR "%s: helper image needed but none "
 709			       "given\n", pci_name(priv->pdev));
 710			return -EINVAL;
 711		}
 712
 713		rc = mwl8k_load_fw_image(priv, helper->data, helper->size);
 714		if (rc) {
 715			printk(KERN_ERR "%s: unable to load firmware "
 716			       "helper image\n", pci_name(priv->pdev));
 717			return rc;
 718		}
 719		msleep(20);
 720
 721		rc = mwl8k_feed_fw_image(priv, fw->data, fw->size);
 722	} else {
 723		rc = mwl8k_load_fw_image(priv, fw->data, fw->size);
 724	}
 725
 726	if (rc) {
 727		printk(KERN_ERR "%s: unable to load firmware image\n",
 728		       pci_name(priv->pdev));
 729		return rc;
 730	}
 731
 732	iowrite32(MWL8K_MODE_STA, priv->regs + MWL8K_HIU_GEN_PTR);
 733
 734	loops = 500000;
 735	do {
 736		u32 ready_code;
 737
 738		ready_code = ioread32(priv->regs + MWL8K_HIU_INT_CODE);
 739		if (ready_code == MWL8K_FWAP_READY) {
 740			priv->ap_fw = 1;
 741			break;
 742		} else if (ready_code == MWL8K_FWSTA_READY) {
 743			priv->ap_fw = 0;
 744			break;
 745		}
 746
 747		cond_resched();
 748		udelay(1);
 749	} while (--loops);
 750
 751	return loops ? 0 : -ETIMEDOUT;
 752}
 753
 754
 755/* DMA header used by firmware and hardware.  */
 756struct mwl8k_dma_data {
 757	__le16 fwlen;
 758	struct ieee80211_hdr wh;
 759	char data[0];
 760} __packed;
 761
 762/* Routines to add/remove DMA header from skb.  */
 763static inline void mwl8k_remove_dma_header(struct sk_buff *skb, __le16 qos)
 764{
 765	struct mwl8k_dma_data *tr;
 766	int hdrlen;
 767
 768	tr = (struct mwl8k_dma_data *)skb->data;
 769	hdrlen = ieee80211_hdrlen(tr->wh.frame_control);
 770
 771	if (hdrlen != sizeof(tr->wh)) {
 772		if (ieee80211_is_data_qos(tr->wh.frame_control)) {
 773			memmove(tr->data - hdrlen, &tr->wh, hdrlen - 2);
 774			*((__le16 *)(tr->data - 2)) = qos;
 775		} else {
 776			memmove(tr->data - hdrlen, &tr->wh, hdrlen);
 777		}
 778	}
 779
 780	if (hdrlen != sizeof(*tr))
 781		skb_pull(skb, sizeof(*tr) - hdrlen);
 782}
 783
 784#define REDUCED_TX_HEADROOM	8
 785
 786static void
 787mwl8k_add_dma_header(struct mwl8k_priv *priv, struct sk_buff *skb,
 788						int head_pad, int tail_pad)
 789{
 790	struct ieee80211_hdr *wh;
 791	int hdrlen;
 792	int reqd_hdrlen;
 793	struct mwl8k_dma_data *tr;
 794
 795	/*
 796	 * Add a firmware DMA header; the firmware requires that we
 797	 * present a 2-byte payload length followed by a 4-address
 798	 * header (without QoS field), followed (optionally) by any
 799	 * WEP/ExtIV header (but only filled in for CCMP).
 800	 */
 801	wh = (struct ieee80211_hdr *)skb->data;
 802
 803	hdrlen = ieee80211_hdrlen(wh->frame_control);
 804
 805	/*
 806	 * Check if skb_resize is required because of
 807	 * tx_headroom adjustment.
 808	 */
 809	if (priv->ap_fw && (hdrlen < (sizeof(struct ieee80211_cts)
 810						+ REDUCED_TX_HEADROOM))) {
 811		if (pskb_expand_head(skb, REDUCED_TX_HEADROOM, 0, GFP_ATOMIC)) {
 812
 813			wiphy_err(priv->hw->wiphy,
 814					"Failed to reallocate TX buffer\n");
 815			return;
 816		}
 817		skb->truesize += REDUCED_TX_HEADROOM;
 818	}
 819
 820	reqd_hdrlen = sizeof(*tr) + head_pad;
 821
 822	if (hdrlen != reqd_hdrlen)
 823		skb_push(skb, reqd_hdrlen - hdrlen);
 824
 825	if (ieee80211_is_data_qos(wh->frame_control))
 826		hdrlen -= IEEE80211_QOS_CTL_LEN;
 827
 828	tr = (struct mwl8k_dma_data *)skb->data;
 829	if (wh != &tr->wh)
 830		memmove(&tr->wh, wh, hdrlen);
 831	if (hdrlen != sizeof(tr->wh))
 832		memset(((void *)&tr->wh) + hdrlen, 0, sizeof(tr->wh) - hdrlen);
 833
 834	/*
 835	 * Firmware length is the length of the fully formed "802.11
 836	 * payload".  That is, everything except for the 802.11 header.
 837	 * This includes all crypto material including the MIC.
 838	 */
 839	tr->fwlen = cpu_to_le16(skb->len - sizeof(*tr) + tail_pad);
 840}
 841
 842static void mwl8k_encapsulate_tx_frame(struct mwl8k_priv *priv,
 843		struct sk_buff *skb)
 844{
 845	struct ieee80211_hdr *wh;
 846	struct ieee80211_tx_info *tx_info;
 847	struct ieee80211_key_conf *key_conf;
 848	int data_pad;
 849	int head_pad = 0;
 850
 851	wh = (struct ieee80211_hdr *)skb->data;
 852
 853	tx_info = IEEE80211_SKB_CB(skb);
 854
 855	key_conf = NULL;
 856	if (ieee80211_is_data(wh->frame_control))
 857		key_conf = tx_info->control.hw_key;
 858
 859	/*
 860	 * Make sure the packet header is in the DMA header format (4-address
 861	 * without QoS), and add head & tail padding when HW crypto is enabled.
 862	 *
 863	 * We have the following trailer padding requirements:
 864	 * - WEP: 4 trailer bytes (ICV)
 865	 * - TKIP: 12 trailer bytes (8 MIC + 4 ICV)
 866	 * - CCMP: 8 trailer bytes (MIC)
 867	 */
 868	data_pad = 0;
 869	if (key_conf != NULL) {
 870		head_pad = key_conf->iv_len;
 871		switch (key_conf->cipher) {
 872		case WLAN_CIPHER_SUITE_WEP40:
 873		case WLAN_CIPHER_SUITE_WEP104:
 874			data_pad = 4;
 875			break;
 876		case WLAN_CIPHER_SUITE_TKIP:
 877			data_pad = 12;
 878			break;
 879		case WLAN_CIPHER_SUITE_CCMP:
 880			data_pad = 8;
 881			break;
 882		}
 883	}
 884	mwl8k_add_dma_header(priv, skb, head_pad, data_pad);
 885}
 886
 887/*
 888 * Packet reception for 88w8366 AP firmware.
 889 */
 890struct mwl8k_rxd_8366_ap {
 891	__le16 pkt_len;
 892	__u8 sq2;
 893	__u8 rate;
 894	__le32 pkt_phys_addr;
 895	__le32 next_rxd_phys_addr;
 896	__le16 qos_control;
 897	__le16 htsig2;
 898	__le32 hw_rssi_info;
 899	__le32 hw_noise_floor_info;
 900	__u8 noise_floor;
 901	__u8 pad0[3];
 902	__u8 rssi;
 903	__u8 rx_status;
 904	__u8 channel;
 905	__u8 rx_ctrl;
 906} __packed;
 907
 908#define MWL8K_8366_AP_RATE_INFO_MCS_FORMAT	0x80
 909#define MWL8K_8366_AP_RATE_INFO_40MHZ		0x40
 910#define MWL8K_8366_AP_RATE_INFO_RATEID(x)	((x) & 0x3f)
 911
 912#define MWL8K_8366_AP_RX_CTRL_OWNED_BY_HOST	0x80
 913
 914/* 8366 AP rx_status bits */
 915#define MWL8K_8366_AP_RXSTAT_DECRYPT_ERR_MASK		0x80
 916#define MWL8K_8366_AP_RXSTAT_GENERAL_DECRYPT_ERR	0xFF
 917#define MWL8K_8366_AP_RXSTAT_TKIP_DECRYPT_MIC_ERR	0x02
 918#define MWL8K_8366_AP_RXSTAT_WEP_DECRYPT_ICV_ERR	0x04
 919#define MWL8K_8366_AP_RXSTAT_TKIP_DECRYPT_ICV_ERR	0x08
 920
 921static void mwl8k_rxd_8366_ap_init(void *_rxd, dma_addr_t next_dma_addr)
 922{
 923	struct mwl8k_rxd_8366_ap *rxd = _rxd;
 924
 925	rxd->next_rxd_phys_addr = cpu_to_le32(next_dma_addr);
 926	rxd->rx_ctrl = MWL8K_8366_AP_RX_CTRL_OWNED_BY_HOST;
 927}
 928
 929static void mwl8k_rxd_8366_ap_refill(void *_rxd, dma_addr_t addr, int len)
 930{
 931	struct mwl8k_rxd_8366_ap *rxd = _rxd;
 932
 933	rxd->pkt_len = cpu_to_le16(len);
 934	rxd->pkt_phys_addr = cpu_to_le32(addr);
 935	wmb();
 936	rxd->rx_ctrl = 0;
 937}
 938
 939static int
 940mwl8k_rxd_8366_ap_process(void *_rxd, struct ieee80211_rx_status *status,
 941			  __le16 *qos, s8 *noise)
 942{
 943	struct mwl8k_rxd_8366_ap *rxd = _rxd;
 944
 945	if (!(rxd->rx_ctrl & MWL8K_8366_AP_RX_CTRL_OWNED_BY_HOST))
 946		return -1;
 947	rmb();
 948
 949	memset(status, 0, sizeof(*status));
 950
 951	status->signal = -rxd->rssi;
 952	*noise = -rxd->noise_floor;
 953
 954	if (rxd->rate & MWL8K_8366_AP_RATE_INFO_MCS_FORMAT) {
 955		status->flag |= RX_FLAG_HT;
 956		if (rxd->rate & MWL8K_8366_AP_RATE_INFO_40MHZ)
 957			status->flag |= RX_FLAG_40MHZ;
 958		status->rate_idx = MWL8K_8366_AP_RATE_INFO_RATEID(rxd->rate);
 959	} else {
 960		int i;
 961
 962		for (i = 0; i < ARRAY_SIZE(mwl8k_rates_24); i++) {
 963			if (mwl8k_rates_24[i].hw_value == rxd->rate) {
 964				status->rate_idx = i;
 965				break;
 966			}
 967		}
 968	}
 969
 970	if (rxd->channel > 14) {
 971		status->band = IEEE80211_BAND_5GHZ;
 972		if (!(status->flag & RX_FLAG_HT))
 973			status->rate_idx -= 5;
 974	} else {
 975		status->band = IEEE80211_BAND_2GHZ;
 976	}
 977	status->freq = ieee80211_channel_to_frequency(rxd->channel,
 978						      status->band);
 979
 980	*qos = rxd->qos_control;
 981
 982	if ((rxd->rx_status != MWL8K_8366_AP_RXSTAT_GENERAL_DECRYPT_ERR) &&
 983	    (rxd->rx_status & MWL8K_8366_AP_RXSTAT_DECRYPT_ERR_MASK) &&
 984	    (rxd->rx_status & MWL8K_8366_AP_RXSTAT_TKIP_DECRYPT_MIC_ERR))
 985		status->flag |= RX_FLAG_MMIC_ERROR;
 986
 987	return le16_to_cpu(rxd->pkt_len);
 988}
 989
 990static struct rxd_ops rxd_8366_ap_ops = {
 991	.rxd_size	= sizeof(struct mwl8k_rxd_8366_ap),
 992	.rxd_init	= mwl8k_rxd_8366_ap_init,
 993	.rxd_refill	= mwl8k_rxd_8366_ap_refill,
 994	.rxd_process	= mwl8k_rxd_8366_ap_process,
 995};
 996
 997/*
 998 * Packet reception for STA firmware.
 999 */
1000struct mwl8k_rxd_sta {
1001	__le16 pkt_len;
1002	__u8 link_quality;
1003	__u8 noise_level;
1004	__le32 pkt_phys_addr;
1005	__le32 next_rxd_phys_addr;
1006	__le16 qos_control;
1007	__le16 rate_info;
1008	__le32 pad0[4];
1009	__u8 rssi;
1010	__u8 channel;
1011	__le16 pad1;
1012	__u8 rx_ctrl;
1013	__u8 rx_status;
1014	__u8 pad2[2];
1015} __packed;
1016
1017#define MWL8K_STA_RATE_INFO_SHORTPRE		0x8000
1018#define MWL8K_STA_RATE_INFO_ANTSELECT(x)	(((x) >> 11) & 0x3)
1019#define MWL8K_STA_RATE_INFO_RATEID(x)		(((x) >> 3) & 0x3f)
1020#define MWL8K_STA_RATE_INFO_40MHZ		0x0004
1021#define MWL8K_STA_RATE_INFO_SHORTGI		0x0002
1022#define MWL8K_STA_RATE_INFO_MCS_FORMAT		0x0001
1023
1024#define MWL8K_STA_RX_CTRL_OWNED_BY_HOST		0x02
1025#define MWL8K_STA_RX_CTRL_DECRYPT_ERROR		0x04
1026/* ICV=0 or MIC=1 */
1027#define MWL8K_STA_RX_CTRL_DEC_ERR_TYPE		0x08
1028/* Key is uploaded only in failure case */
1029#define MWL8K_STA_RX_CTRL_KEY_INDEX			0x30
1030
1031static void mwl8k_rxd_sta_init(void *_rxd, dma_addr_t next_dma_addr)
1032{
1033	struct mwl8k_rxd_sta *rxd = _rxd;
1034
1035	rxd->next_rxd_phys_addr = cpu_to_le32(next_dma_addr);
1036	rxd->rx_ctrl = MWL8K_STA_RX_CTRL_OWNED_BY_HOST;
1037}
1038
1039static void mwl8k_rxd_sta_refill(void *_rxd, dma_addr_t addr, int len)
1040{
1041	struct mwl8k_rxd_sta *rxd = _rxd;
1042
1043	rxd->pkt_len = cpu_to_le16(len);
1044	rxd->pkt_phys_addr = cpu_to_le32(addr);
1045	wmb();
1046	rxd->rx_ctrl = 0;
1047}
1048
1049static int
1050mwl8k_rxd_sta_process(void *_rxd, struct ieee80211_rx_status *status,
1051		       __le16 *qos, s8 *noise)
1052{
1053	struct mwl8k_rxd_sta *rxd = _rxd;
1054	u16 rate_info;
1055
1056	if (!(rxd->rx_ctrl & MWL8K_STA_RX_CTRL_OWNED_BY_HOST))
1057		return -1;
1058	rmb();
1059
1060	rate_info = le16_to_cpu(rxd->rate_info);
1061
1062	memset(status, 0, sizeof(*status));
1063
1064	status->signal = -rxd->rssi;
1065	*noise = -rxd->noise_level;
1066	status->antenna = MWL8K_STA_RATE_INFO_ANTSELECT(rate_info);
1067	status->rate_idx = MWL8K_STA_RATE_INFO_RATEID(rate_info);
1068
1069	if (rate_info & MWL8K_STA_RATE_INFO_SHORTPRE)
1070		status->flag |= RX_FLAG_SHORTPRE;
1071	if (rate_info & MWL8K_STA_RATE_INFO_40MHZ)
1072		status->flag |= RX_FLAG_40MHZ;
1073	if (rate_info & MWL8K_STA_RATE_INFO_SHORTGI)
1074		status->flag |= RX_FLAG_SHORT_GI;
1075	if (rate_info & MWL8K_STA_RATE_INFO_MCS_FORMAT)
1076		status->flag |= RX_FLAG_HT;
1077
1078	if (rxd->channel > 14) {
1079		status->band = IEEE80211_BAND_5GHZ;
1080		if (!(status->flag & RX_FLAG_HT))
1081			status->rate_idx -= 5;
1082	} else {
1083		status->band = IEEE80211_BAND_2GHZ;
1084	}
1085	status->freq = ieee80211_channel_to_frequency(rxd->channel,
1086						      status->band);
1087
1088	*qos = rxd->qos_control;
1089	if ((rxd->rx_ctrl & MWL8K_STA_RX_CTRL_DECRYPT_ERROR) &&
1090	    (rxd->rx_ctrl & MWL8K_STA_RX_CTRL_DEC_ERR_TYPE))
1091		status->flag |= RX_FLAG_MMIC_ERROR;
1092
1093	return le16_to_cpu(rxd->pkt_len);
1094}
1095
1096static struct rxd_ops rxd_sta_ops = {
1097	.rxd_size	= sizeof(struct mwl8k_rxd_sta),
1098	.rxd_init	= mwl8k_rxd_sta_init,
1099	.rxd_refill	= mwl8k_rxd_sta_refill,
1100	.rxd_process	= mwl8k_rxd_sta_process,
1101};
1102
1103
1104#define MWL8K_RX_DESCS		256
1105#define MWL8K_RX_MAXSZ		3800
1106
1107static int mwl8k_rxq_init(struct ieee80211_hw *hw, int index)
1108{
1109	struct mwl8k_priv *priv = hw->priv;
1110	struct mwl8k_rx_queue *rxq = priv->rxq + index;
1111	int size;
1112	int i;
1113
1114	rxq->rxd_count = 0;
1115	rxq->head = 0;
1116	rxq->tail = 0;
1117
1118	size = MWL8K_RX_DESCS * priv->rxd_ops->rxd_size;
1119
1120	rxq->rxd = pci_alloc_consistent(priv->pdev, size, &rxq->rxd_dma);
1121	if (rxq->rxd == NULL) {
1122		wiphy_err(hw->wiphy, "failed to alloc RX descriptors\n");
1123		return -ENOMEM;
1124	}
1125	memset(rxq->rxd, 0, size);
1126
1127	rxq->buf = kcalloc(MWL8K_RX_DESCS, sizeof(*rxq->buf), GFP_KERNEL);
1128	if (rxq->buf == NULL) {
1129		wiphy_err(hw->wiphy, "failed to alloc RX skbuff list\n");
1130		pci_free_consistent(priv->pdev, size, rxq->rxd, rxq->rxd_dma);
1131		return -ENOMEM;
1132	}
1133
1134	for (i = 0; i < MWL8K_RX_DESCS; i++) {
1135		int desc_size;
1136		void *rxd;
1137		int nexti;
1138		dma_addr_t next_dma_addr;
1139
1140		desc_size = priv->rxd_ops->rxd_size;
1141		rxd = rxq->rxd + (i * priv->rxd_ops->rxd_size);
1142
1143		nexti = i + 1;
1144		if (nexti == MWL8K_RX_DESCS)
1145			nexti = 0;
1146		next_dma_addr = rxq->rxd_dma + (nexti * desc_size);
1147
1148		priv->rxd_ops->rxd_init(rxd, next_dma_addr);
1149	}
1150
1151	return 0;
1152}
1153
1154static int rxq_refill(struct ieee80211_hw *hw, int index, int limit)
1155{
1156	struct mwl8k_priv *priv = hw->priv;
1157	struct mwl8k_rx_queue *rxq = priv->rxq + index;
1158	int refilled;
1159
1160	refilled = 0;
1161	while (rxq->rxd_count < MWL8K_RX_DESCS && limit--) {
1162		struct sk_buff *skb;
1163		dma_addr_t addr;
1164		int rx;
1165		void *rxd;
1166
1167		skb = dev_alloc_skb(MWL8K_RX_MAXSZ);
1168		if (skb == NULL)
1169			break;
1170
1171		addr = pci_map_single(priv->pdev, skb->data,
1172				      MWL8K_RX_MAXSZ, DMA_FROM_DEVICE);
1173
1174		rxq->rxd_count++;
1175		rx = rxq->tail++;
1176		if (rxq->tail == MWL8K_RX_DESCS)
1177			rxq->tail = 0;
1178		rxq->buf[rx].skb = skb;
1179		dma_unmap_addr_set(&rxq->buf[rx], dma, addr);
1180
1181		rxd = rxq->rxd + (rx * priv->rxd_ops->rxd_size);
1182		priv->rxd_ops->rxd_refill(rxd, addr, MWL8K_RX_MAXSZ);
1183
1184		refilled++;
1185	}
1186
1187	return refilled;
1188}
1189
1190/* Must be called only when the card's reception is completely halted */
1191static void mwl8k_rxq_deinit(struct ieee80211_hw *hw, int index)
1192{
1193	struct mwl8k_priv *priv = hw->priv;
1194	struct mwl8k_rx_queue *rxq = priv->rxq + index;
1195	int i;
1196
1197	if (rxq->rxd == NULL)
1198		return;
1199
1200	for (i = 0; i < MWL8K_RX_DESCS; i++) {
1201		if (rxq->buf[i].skb != NULL) {
1202			pci_unmap_single(priv->pdev,
1203					 dma_unmap_addr(&rxq->buf[i], dma),
1204					 MWL8K_RX_MAXSZ, PCI_DMA_FROMDEVICE);
1205			dma_unmap_addr_set(&rxq->buf[i], dma, 0);
1206
1207			kfree_skb(rxq->buf[i].skb);
1208			rxq->buf[i].skb = NULL;
1209		}
1210	}
1211
1212	kfree(rxq->buf);
1213	rxq->buf = NULL;
1214
1215	pci_free_consistent(priv->pdev,
1216			    MWL8K_RX_DESCS * priv->rxd_ops->rxd_size,
1217			    rxq->rxd, rxq->rxd_dma);
1218	rxq->rxd = NULL;
1219}
1220
1221
1222/*
1223 * Scan a list of BSSIDs to process for finalize join.
1224 * Allows for extension to process multiple BSSIDs.
1225 */
1226static inline int
1227mwl8k_capture_bssid(struct mwl8k_priv *priv, struct ieee80211_hdr *wh)
1228{
1229	return priv->capture_beacon &&
1230		ieee80211_is_beacon(wh->frame_control) &&
1231		!compare_ether_addr(wh->addr3, priv->capture_bssid);
1232}
1233
1234static inline void mwl8k_save_beacon(struct ieee80211_hw *hw,
1235				     struct sk_buff *skb)
1236{
1237	struct mwl8k_priv *priv = hw->priv;
1238
1239	priv->capture_beacon = false;
1240	memset(priv->capture_bssid, 0, ETH_ALEN);
1241
1242	/*
1243	 * Use GFP_ATOMIC as rxq_process is called from
1244	 * the primary interrupt handler, memory allocation call
1245	 * must not sleep.
1246	 */
1247	priv->beacon_skb = skb_copy(skb, GFP_ATOMIC);
1248	if (priv->beacon_skb != NULL)
1249		ieee80211_queue_work(hw, &priv->finalize_join_worker);
1250}
1251
1252static inline struct mwl8k_vif *mwl8k_find_vif_bss(struct list_head *vif_list,
1253						   u8 *bssid)
1254{
1255	struct mwl8k_vif *mwl8k_vif;
1256
1257	list_for_each_entry(mwl8k_vif,
1258			    vif_list, list) {
1259		if (memcmp(bssid, mwl8k_vif->bssid,
1260			   ETH_ALEN) == 0)
1261			return mwl8k_vif;
1262	}
1263
1264	return NULL;
1265}
1266
1267static int rxq_process(struct ieee80211_hw *hw, int index, int limit)
1268{
1269	struct mwl8k_priv *priv = hw->priv;
1270	struct mwl8k_vif *mwl8k_vif = NULL;
1271	struct mwl8k_rx_queue *rxq = priv->rxq + index;
1272	int processed;
1273
1274	processed = 0;
1275	while (rxq->rxd_count && limit--) {
1276		struct sk_buff *skb;
1277		void *rxd;
1278		int pkt_len;
1279		struct ieee80211_rx_status status;
1280		struct ieee80211_hdr *wh;
1281		__le16 qos;
1282
1283		skb = rxq->buf[rxq->head].skb;
1284		if (skb == NULL)
1285			break;
1286
1287		rxd = rxq->rxd + (rxq->head * priv->rxd_ops->rxd_size);
1288
1289		pkt_len = priv->rxd_ops->rxd_process(rxd, &status, &qos,
1290							&priv->noise);
1291		if (pkt_len < 0)
1292			break;
1293
1294		rxq->buf[rxq->head].skb = NULL;
1295
1296		pci_unmap_single(priv->pdev,
1297				 dma_unmap_addr(&rxq->buf[rxq->head], dma),
1298				 MWL8K_RX_MAXSZ, PCI_DMA_FROMDEVICE);
1299		dma_unmap_addr_set(&rxq->buf[rxq->head], dma, 0);
1300
1301		rxq->head++;
1302		if (rxq->head == MWL8K_RX_DESCS)
1303			rxq->head = 0;
1304
1305		rxq->rxd_count--;
1306
1307		wh = &((struct mwl8k_dma_data *)skb->data)->wh;
1308
1309		/*
1310		 * Check for a pending join operation.  Save a
1311		 * copy of the beacon and schedule a tasklet to
1312		 * send a FINALIZE_JOIN command to the firmware.
1313		 */
1314		if (mwl8k_capture_bssid(priv, (void *)skb->data))
1315			mwl8k_save_beacon(hw, skb);
1316
1317		if (ieee80211_has_protected(wh->frame_control)) {
1318
1319			/* Check if hw crypto has been enabled for
1320			 * this bss. If yes, set the status flags
1321			 * accordingly
1322			 */
1323			mwl8k_vif = mwl8k_find_vif_bss(&priv->vif_list,
1324								wh->addr1);
1325
1326			if (mwl8k_vif != NULL &&
1327			    mwl8k_vif->is_hw_crypto_enabled == true) {
1328				/*
1329				 * When MMIC ERROR is encountered
1330				 * by the firmware, payload is
1331				 * dropped and only 32 bytes of
1332				 * mwl8k Firmware header is sent
1333				 * to the host.
1334				 *
1335				 * We need to add four bytes of
1336				 * key information.  In it
1337				 * MAC80211 expects keyidx set to
1338				 * 0 for triggering Counter
1339				 * Measure of MMIC failure.
1340				 */
1341				if (status.flag & RX_FLAG_MMIC_ERROR) {
1342					struct mwl8k_dma_data *tr;
1343					tr = (struct mwl8k_dma_data *)skb->data;
1344					memset((void *)&(tr->data), 0, 4);
1345					pkt_len += 4;
1346				}
1347
1348				if (!ieee80211_is_auth(wh->frame_control))
1349					status.flag |= RX_FLAG_IV_STRIPPED |
1350						       RX_FLAG_DECRYPTED |
1351						       RX_FLAG_MMIC_STRIPPED;
1352			}
1353		}
1354
1355		skb_put(skb, pkt_len);
1356		mwl8k_remove_dma_header(skb, qos);
1357		memcpy(IEEE80211_SKB_RXCB(skb), &status, sizeof(status));
1358		ieee80211_rx_irqsafe(hw, skb);
1359
1360		processed++;
1361	}
1362
1363	return processed;
1364}
1365
1366
1367/*
1368 * Packet transmission.
1369 */
1370
1371#define MWL8K_TXD_STATUS_OK			0x00000001
1372#define MWL8K_TXD_STATUS_OK_RETRY		0x00000002
1373#define MWL8K_TXD_STATUS_OK_MORE_RETRY		0x00000004
1374#define MWL8K_TXD_STATUS_MULTICAST_TX		0x00000008
1375#define MWL8K_TXD_STATUS_FW_OWNED		0x80000000
1376
1377#define MWL8K_QOS_QLEN_UNSPEC			0xff00
1378#define MWL8K_QOS_ACK_POLICY_MASK		0x0060
1379#define MWL8K_QOS_ACK_POLICY_NORMAL		0x0000
1380#define MWL8K_QOS_ACK_POLICY_BLOCKACK		0x0060
1381#define MWL8K_QOS_EOSP				0x0010
1382
1383struct mwl8k_tx_desc {
1384	__le32 status;
1385	__u8 data_rate;
1386	__u8 tx_priority;
1387	__le16 qos_control;
1388	__le32 pkt_phys_addr;
1389	__le16 pkt_len;
1390	__u8 dest_MAC_addr[ETH_ALEN];
1391	__le32 next_txd_phys_addr;
1392	__le32 timestamp;
1393	__le16 rate_info;
1394	__u8 peer_id;
1395	__u8 tx_frag_cnt;
1396} __packed;
1397
1398#define MWL8K_TX_DESCS		128
1399
1400static int mwl8k_txq_init(struct ieee80211_hw *hw, int index)
1401{
1402	struct mwl8k_priv *priv = hw->priv;
1403	struct mwl8k_tx_queue *txq = priv->txq + index;
1404	int size;
1405	int i;
1406
1407	txq->len = 0;
1408	txq->head = 0;
1409	txq->tail = 0;
1410
1411	size = MWL8K_TX_DESCS * sizeof(struct mwl8k_tx_desc);
1412
1413	txq->txd = pci_alloc_consistent(priv->pdev, size, &txq->txd_dma);
1414	if (txq->txd == NULL) {
1415		wiphy_err(hw->wiphy, "failed to alloc TX descriptors\n");
1416		return -ENOMEM;
1417	}
1418	memset(txq->txd, 0, size);
1419
1420	txq->skb = kcalloc(MWL8K_TX_DESCS, sizeof(*txq->skb), GFP_KERNEL);
1421	if (txq->skb == NULL) {
1422		wiphy_err(hw->wiphy, "failed to alloc TX skbuff list\n");
1423		pci_free_consistent(priv->pdev, size, txq->txd, txq->txd_dma);
1424		return -ENOMEM;
1425	}
1426
1427	for (i = 0; i < MWL8K_TX_DESCS; i++) {
1428		struct mwl8k_tx_desc *tx_desc;
1429		int nexti;
1430
1431		tx_desc = txq->txd + i;
1432		nexti = (i + 1) % MWL8K_TX_DESCS;
1433
1434		tx_desc->status = 0;
1435		tx_desc->next_txd_phys_addr =
1436			cpu_to_le32(txq->txd_dma + nexti * sizeof(*tx_desc));
1437	}
1438
1439	return 0;
1440}
1441
1442static inline void mwl8k_tx_start(struct mwl8k_priv *priv)
1443{
1444	iowrite32(MWL8K_H2A_INT_PPA_READY,
1445		priv->regs + MWL8K_HIU_H2A_INTERRUPT_EVENTS);
1446	iowrite32(MWL8K_H2A_INT_DUMMY,
1447		priv->regs + MWL8K_HIU_H2A_INTERRUPT_EVENTS);
1448	ioread32(priv->regs + MWL8K_HIU_INT_CODE);
1449}
1450
1451static void mwl8k_dump_tx_rings(struct ieee80211_hw *hw)
1452{
1453	struct mwl8k_priv *priv = hw->priv;
1454	int i;
1455
1456	for (i = 0; i < mwl8k_tx_queues(priv); i++) {
1457		struct mwl8k_tx_queue *txq = priv->txq + i;
1458		int fw_owned = 0;
1459		int drv_owned = 0;
1460		int unused = 0;
1461		int desc;
1462
1463		for (desc = 0; desc < MWL8K_TX_DESCS; desc++) {
1464			struct mwl8k_tx_desc *tx_desc = txq->txd + desc;
1465			u32 status;
1466
1467			status = le32_to_cpu(tx_desc->status);
1468			if (status & MWL8K_TXD_STATUS_FW_OWNED)
1469				fw_owned++;
1470			else
1471				drv_owned++;
1472
1473			if (tx_desc->pkt_len == 0)
1474				unused++;
1475		}
1476
1477		wiphy_err(hw->wiphy,
1478			  "txq[%d] len=%d head=%d tail=%d "
1479			  "fw_owned=%d drv_owned=%d unused=%d\n",
1480			  i,
1481			  txq->len, txq->head, txq->tail,
1482			  fw_owned, drv_owned, unused);
1483	}
1484}
1485
1486/*
1487 * Must be called with priv->fw_mutex held and tx queues stopped.
1488 */
1489#define MWL8K_TX_WAIT_TIMEOUT_MS	5000
1490
1491static int mwl8k_tx_wait_empty(struct ieee80211_hw *hw)
1492{
1493	struct mwl8k_priv *priv = hw->priv;
1494	DECLARE_COMPLETION_ONSTACK(tx_wait);
1495	int retry;
1496	int rc;
1497
1498	might_sleep();
1499
1500	/*
1501	 * The TX queues are stopped at this point, so this test
1502	 * doesn't need to take ->tx_lock.
1503	 */
1504	if (!priv->pending_tx_pkts)
1505		return 0;
1506
1507	retry = 0;
1508	rc = 0;
1509
1510	spin_lock_bh(&priv->tx_lock);
1511	priv->tx_wait = &tx_wait;
1512	while (!rc) {
1513		int oldcount;
1514		unsigned long timeout;
1515
1516		oldcount = priv->pending_tx_pkts;
1517
1518		spin_unlock_bh(&priv->tx_lock);
1519		timeout = wait_for_completion_timeout(&tx_wait,
1520			    msecs_to_jiffies(MWL8K_TX_WAIT_TIMEOUT_MS));
1521		spin_lock_bh(&priv->tx_lock);
1522
1523		if (timeout) {
1524			WARN_ON(priv->pending_tx_pkts);
1525			if (retry)
1526				wiphy_notice(hw->wiphy, "tx rings drained\n");
1527			break;
1528		}
1529
1530		if (priv->pending_tx_pkts < oldcount) {
1531			wiphy_notice(hw->wiphy,
1532				     "waiting for tx rings to drain (%d -> %d pkts)\n",
1533				     oldcount, priv->pending_tx_pkts);
1534			retry = 1;
1535			continue;
1536		}
1537
1538		priv->tx_wait = NULL;
1539
1540		wiphy_err(hw->wiphy, "tx rings stuck for %d ms\n",
1541			  MWL8K_TX_WAIT_TIMEOUT_MS);
1542		mwl8k_dump_tx_rings(hw);
1543
1544		rc = -ETIMEDOUT;
1545	}
1546	spin_unlock_bh(&priv->tx_lock);
1547
1548	return rc;
1549}
1550
1551#define MWL8K_TXD_SUCCESS(status)				\
1552	((status) & (MWL8K_TXD_STATUS_OK |			\
1553		     MWL8K_TXD_STATUS_OK_RETRY |		\
1554		     MWL8K_TXD_STATUS_OK_MORE_RETRY))
1555
1556static int mwl8k_tid_queue_mapping(u8 tid)
1557{
1558	BUG_ON(tid > 7);
1559
1560	switch (tid) {
1561	case 0:
1562	case 3:
1563		return IEEE80211_AC_BE;
1564		break;
1565	case 1:
1566	case 2:
1567		return IEEE80211_AC_BK;
1568		break;
1569	case 4:
1570	case 5:
1571		return IEEE80211_AC_VI;
1572		break;
1573	case 6:
1574	case 7:
1575		return IEEE80211_AC_VO;
1576		break;
1577	default:
1578		return -1;
1579		break;
1580	}
1581}
1582
1583/* The firmware will fill in the rate information
1584 * for each packet that gets queued in the hardware
1585 * and these macros will interpret that info.
1586 */
1587
1588#define RI_FORMAT(a)		  (a & 0x0001)
1589#define RI_RATE_ID_MCS(a)	 ((a & 0x01f8) >> 3)
1590
1591static int
1592mwl8k_txq_reclaim(struct ieee80211_hw *hw, int index, int limit, int force)
1593{
1594	struct mwl8k_priv *priv = hw->priv;
1595	struct mwl8k_tx_queue *txq = priv->txq + index;
1596	int processed;
1597
1598	processed = 0;
1599	while (txq->len > 0 && limit--) {
1600		int tx;
1601		struct mwl8k_tx_desc *tx_desc;
1602		unsigned long addr;
1603		int size;
1604		struct sk_buff *skb;
1605		struct ieee80211_tx_info *info;
1606		u32 status;
1607		struct ieee80211_sta *sta;
1608		struct mwl8k_sta *sta_info = NULL;
1609		u16 rate_info;
1610		struct ieee80211_hdr *wh;
1611
1612		tx = txq->head;
1613		tx_desc = txq->txd + tx;
1614
1615		status = le32_to_cpu(tx_desc->status);
1616
1617		if (status & MWL8K_TXD_STATUS_FW_OWNED) {
1618			if (!force)
1619				break;
1620			tx_desc->status &=
1621				~cpu_to_le32(MWL8K_TXD_STATUS_FW_OWNED);
1622		}
1623
1624		txq->head = (tx + 1) % MWL8K_TX_DESCS;
1625		BUG_ON(txq->len == 0);
1626		txq->len--;
1627		priv->pending_tx_pkts--;
1628
1629		addr = le32_to_cpu(tx_desc->pkt_phys_addr);
1630		size = le16_to_cpu(tx_desc->pkt_len);
1631		skb = txq->skb[tx];
1632		txq->skb[tx] = NULL;
1633
1634		BUG_ON(skb == NULL);
1635		pci_unmap_single(priv->pdev, addr, size, PCI_DMA_TODEVICE);
1636
1637		mwl8k_remove_dma_header(skb, tx_desc->qos_control);
1638
1639		wh = (struct ieee80211_hdr *) skb->data;
1640
1641		/* Mark descriptor as unused */
1642		tx_desc->pkt_phys_addr = 0;
1643		tx_desc->pkt_len = 0;
1644
1645		info = IEEE80211_SKB_CB(skb);
1646		if (ieee80211_is_data(wh->frame_control)) {
1647			sta = info->control.sta;
1648			if (sta) {
1649				sta_info = MWL8K_STA(sta);
1650				BUG_ON(sta_info == NULL);
1651				rate_info = le16_to_cpu(tx_desc->rate_info);
1652				/* If rate is < 6.5 Mpbs for an ht station
1653				 * do not form an ampdu. If the station is a
1654				 * legacy station (format = 0), do not form an
1655				 * ampdu
1656				 */
1657				if (RI_RATE_ID_MCS(rate_info) < 1 ||
1658				    RI_FORMAT(rate_info) == 0) {
1659					sta_info->is_ampdu_allowed = false;
1660				} else {
1661					sta_info->is_ampdu_allowed = true;
1662				}
1663			}
1664		}
1665
1666		ieee80211_tx_info_clear_status(info);
1667
1668		/* Rate control is happening in the firmware.
1669		 * Ensure no tx rate is being reported.
1670		 */
1671		info->status.rates[0].idx = -1;
1672		info->status.rates[0].count = 1;
1673
1674		if (MWL8K_TXD_SUCCESS(status))
1675			info->flags |= IEEE80211_TX_STAT_ACK;
1676
1677		ieee80211_tx_status_irqsafe(hw, skb);
1678
1679		processed++;
1680	}
1681
1682	return processed;
1683}
1684
1685/* must be called only when the card's transmit is completely halted */
1686static void mwl8k_txq_deinit(struct ieee80211_hw *hw, int index)
1687{
1688	struct mwl8k_priv *priv = hw->priv;
1689	struct mwl8k_tx_queue *txq = priv->txq + index;
1690
1691	if (txq->txd == NULL)
1692		return;
1693
1694	mwl8k_txq_reclaim(hw, index, INT_MAX, 1);
1695
1696	kfree(txq->skb);
1697	txq->skb = NULL;
1698
1699	pci_free_consistent(priv->pdev,
1700			    MWL8K_TX_DESCS * sizeof(struct mwl8k_tx_desc),
1701			    txq->txd, txq->txd_dma);
1702	txq->txd = NULL;
1703}
1704
1705/* caller must hold priv->stream_lock when calling the stream functions */
1706static struct mwl8k_ampdu_stream *
1707mwl8k_add_stream(struct ieee80211_hw *hw, struct ieee80211_sta *sta, u8 tid)
1708{
1709	struct mwl8k_ampdu_stream *stream;
1710	struct mwl8k_priv *priv = hw->priv;
1711	int i;
1712
1713	for (i = 0; i < priv->num_ampdu_queues; i++) {
1714		stream = &priv->ampdu[i];
1715		if (stream->state == AMPDU_NO_STREAM) {
1716			stream->sta = sta;
1717			stream->state = AMPDU_STREAM_NEW;
1718			stream->tid = tid;
1719			stream->idx = i;
1720			stream->txq_idx = MWL8K_TX_WMM_QUEUES + i;
1721			wiphy_debug(hw->wiphy, "Added a new stream for %pM %d",
1722				    sta->addr, tid);
1723			return stream;
1724		}
1725	}
1726	return NULL;
1727}
1728
1729static int
1730mwl8k_start_stream(struct ieee80211_hw *hw, struct mwl8k_ampdu_stream *stream)
1731{
1732	int ret;
1733
1734	/* if the stream has already been started, don't start it again */
1735	if (stream->state != AMPDU_STREAM_NEW)
1736		return 0;
1737	ret = ieee80211_start_tx_ba_session(stream->sta, stream->tid, 0);
1738	if (ret)
1739		wiphy_debug(hw->wiphy, "Failed to start stream for %pM %d: "
1740			    "%d\n", stream->sta->addr, stream->tid, ret);
1741	else
1742		wiphy_debug(hw->wiphy, "Started stream for %pM %d\n",
1743			    stream->sta->addr, stream->tid);
1744	return ret;
1745}
1746
1747static void
1748mwl8k_remove_stream(struct ieee80211_hw *hw, struct mwl8k_ampdu_stream *stream)
1749{
1750	wiphy_debug(hw->wiphy, "Remove stream for %pM %d\n", stream->sta->addr,
1751		    stream->tid);
1752	memset(stream, 0, sizeof(*stream));
1753}
1754
1755static struct mwl8k_ampdu_stream *
1756mwl8k_lookup_stream(struct ieee80211_hw *hw, u8 *addr, u8 tid)
1757{
1758	struct mwl8k_priv *priv = hw->priv;
1759	int i;
1760
1761	for (i = 0 ; i < priv->num_ampdu_queues; i++) {
1762		struct mwl8k_ampdu_stream *stream;
1763		stream = &priv->ampdu[i];
1764		if (stream->state == AMPDU_NO_STREAM)
1765			continue;
1766		if (!memcmp(stream->sta->addr, addr, ETH_ALEN) &&
1767		    stream->tid == tid)
1768			return stream;
1769	}
1770	return NULL;
1771}
1772
1773#define MWL8K_AMPDU_PACKET_THRESHOLD 64
1774static inline bool mwl8k_ampdu_allowed(struct ieee80211_sta *sta, u8 tid)
1775{
1776	struct mwl8k_sta *sta_info = MWL8K_STA(sta);
1777	struct tx_traffic_info *tx_stats;
1778
1779	BUG_ON(tid >= MWL8K_MAX_TID);
1780	tx_stats = &sta_info->tx_stats[tid];
1781
1782	return sta_info->is_ampdu_allowed &&
1783		tx_stats->pkts > MWL8K_AMPDU_PACKET_THRESHOLD;
1784}
1785
1786static inline void mwl8k_tx_count_packet(struct ieee80211_sta *sta, u8 tid)
1787{
1788	struct mwl8k_sta *sta_info = MWL8K_STA(sta);
1789	struct tx_traffic_info *tx_stats;
1790
1791	BUG_ON(tid >= MWL8K_MAX_TID);
1792	tx_stats = &sta_info->tx_stats[tid];
1793
1794	if (tx_stats->start_time == 0)
1795		tx_stats->start_time = jiffies;
1796
1797	/* reset the packet count after each second elapses.  If the number of
1798	 * packets ever exceeds the ampdu_min_traffic threshold, we will allow
1799	 * an ampdu stream to be started.
1800	 */
1801	if (jiffies - tx_stats->start_time > HZ) {
1802		tx_stats->pkts = 0;
1803		tx_stats->start_time = 0;
1804	} else
1805		tx_stats->pkts++;
1806}
1807
1808static void
1809mwl8k_txq_xmit(struct ieee80211_hw *hw, int index, struct sk_buff *skb)
1810{
1811	struct mwl8k_priv *priv = hw->priv;
1812	struct ieee80211_tx_info *tx_info;
1813	struct mwl8k_vif *mwl8k_vif;
1814	struct ieee80211_sta *sta;
1815	struct ieee80211_hdr *wh;
1816	struct mwl8k_tx_queue *txq;
1817	struct mwl8k_tx_desc *tx;
1818	dma_addr_t dma;
1819	u32 txstatus;
1820	u8 txdatarate;
1821	u16 qos;
1822	int txpriority;
1823	u8 tid = 0;
1824	struct mwl8k_ampdu_stream *stream = NULL;
1825	bool start_ba_session = false;
1826	bool mgmtframe = false;
1827	struct ieee80211_mgmt *mgmt = (struct ieee80211_mgmt *)skb->data;
1828
1829	wh = (struct ieee80211_hdr *)skb->data;
1830	if (ieee80211_is_data_qos(wh->frame_control))
1831		qos = le16_to_cpu(*((__le16 *)ieee80211_get_qos_ctl(wh)));
1832	else
1833		qos = 0;
1834
1835	if (ieee80211_is_mgmt(wh->frame_control))
1836		mgmtframe = true;
1837
1838	if (priv->ap_fw)
1839		mwl8k_encapsulate_tx_frame(priv, skb);
1840	else
1841		mwl8k_add_dma_header(priv, skb, 0, 0);
1842
1843	wh = &((struct mwl8k_dma_data *)skb->data)->wh;
1844
1845	tx_info = IEEE80211_SKB_CB(skb);
1846	sta = tx_info->control.sta;
1847	mwl8k_vif = MWL8K_VIF(tx_info->control.vif);
1848
1849	if (tx_info->flags & IEEE80211_TX_CTL_ASSIGN_SEQ) {
1850		wh->seq_ctrl &= cpu_to_le16(IEEE80211_SCTL_FRAG);
1851		wh->seq_ctrl |= cpu_to_le16(mwl8k_vif->seqno);
1852		mwl8k_vif->seqno += 0x10;
1853	}
1854
1855	/* Setup firmware control bit fields for each frame type.  */
1856	txstatus = 0;
1857	txdatarate = 0;
1858	if (ieee80211_is_mgmt(wh->frame_control) ||
1859	    ieee80211_is_ctl(wh->frame_control)) {
1860		txdatarate = 0;
1861		qos |= MWL8K_QOS_QLEN_UNSPEC | MWL8K_QOS_EOSP;
1862	} else if (ieee80211_is_data(wh->frame_control)) {
1863		txdatarate = 1;
1864		if (is_multicast_ether_addr(wh->addr1))
1865			txstatus |= MWL8K_TXD_STATUS_MULTICAST_TX;
1866
1867		qos &= ~MWL8K_QOS_ACK_POLICY_MASK;
1868		if (tx_info->flags & IEEE80211_TX_CTL_AMPDU)
1869			qos |= MWL8K_QOS_ACK_POLICY_BLOCKACK;
1870		else
1871			qos |= MWL8K_QOS_ACK_POLICY_NORMAL;
1872	}
1873
1874	/* Queue ADDBA request in the respective data queue.  While setting up
1875	 * the ampdu stream, mac80211 queues further packets for that
1876	 * particular ra/tid pair.  However, packets piled up in the hardware
1877	 * for that ra/tid pair will still go out. ADDBA request and the
1878	 * related data packets going out from different queues asynchronously
1879	 * will cause a shift in the receiver window which might result in
1880	 * ampdu packets getting dropped at the receiver after the stream has
1881	 * been setup.
1882	 */
1883	if (unlikely(ieee80211_is_action(wh->frame_control) &&
1884	    mgmt->u.action.category == WLAN_CATEGORY_BACK &&
1885	    mgmt->u.action.u.addba_req.action_code == WLAN_ACTION_ADDBA_REQ &&
1886	    priv->ap_fw)) {
1887		u16 capab = le16_to_cpu(mgmt->u.action.u.addba_req.capab);
1888		tid = (capab & IEEE80211_ADDBA_PARAM_TID_MASK) >> 2;
1889		index = mwl8k_tid_queue_mapping(tid);
1890	}
1891
1892	txpriority = index;
1893
1894	if (ieee80211_is_data_qos(wh->frame_control) &&
1895	    skb->protocol != cpu_to_be16(ETH_P_PAE) &&
1896	    sta->ht_cap.ht_supported && priv->ap_fw) {
1897		tid = qos & 0xf;
1898		mwl8k_tx_count_packet(sta, tid);
1899		spin_lock(&priv->stream_lock);
1900		stream = mwl8k_lookup_stream(hw, sta->addr, tid);
1901		if (stream != NULL) {
1902			if (stream->state == AMPDU_STREAM_ACTIVE) {
1903				txpriority = stream->txq_idx;
1904				index = stream->txq_idx;
1905			} else if (stream->state == AMPDU_STREAM_NEW) {
1906				/* We get here if the driver sends us packets
1907				 * after we've initiated a stream, but before
1908				 * our ampdu_action routine has been called
1909				 * with IEEE80211_AMPDU_TX_START to get the SSN
1910				 * for the ADDBA request.  So this packet can
1911				 * go out with no risk of sequence number
1912				 * mismatch.  No special handling is required.
1913				 */
1914			} else {
1915				/* Drop packets that would go out after the
1916				 * ADDBA request was sent but before the ADDBA
1917				 * response is received.  If we don't do this,
1918				 * the recipient would probably receive it
1919				 * after the ADDBA request with SSN 0.  This
1920				 * will cause the recipient's BA receive window
1921				 * to shift, which would cause the subsequent
1922				 * packets in the BA stream to be discarded.
1923				 * mac80211 queues our packets for us in this
1924				 * case, so this is really just a safety check.
1925				 */
1926				wiphy_warn(hw->wiphy,
1927					   "Cannot send packet while ADDBA "
1928					   "dialog is underway.\n");
1929				spin_unlock(&priv->stream_lock);
1930				dev_kfree_skb(skb);
1931				return;
1932			}
1933		} else {
1934			/* Defer calling mwl8k_start_stream so that the current
1935			 * skb can go out before the ADDBA request.  This
1936			 * prevents sequence number mismatch at the recepient
1937			 * as described above.
1938			 */
1939			if (mwl8k_ampdu_allowed(sta, tid)) {
1940				stream = mwl8k_add_stream(hw, sta, tid);
1941				if (stream != NULL)
1942					start_ba_session = true;
1943			}
1944		}
1945		spin_unlock(&priv->stream_lock);
1946	}
1947
1948	dma = pci_map_single(priv->pdev, skb->data,
1949				skb->len, PCI_DMA_TODEVICE);
1950
1951	if (pci_dma_mapping_error(priv->pdev, dma)) {
1952		wiphy_debug(hw->wiphy,
1953			    "failed to dma map skb, dropping TX frame.\n");
1954		if (start_ba_session) {
1955			spin_lock(&priv->stream_lock);
1956			mwl8k_remove_stream(hw, stream);
1957			spin_unlock(&priv->stream_lock);
1958		}
1959		dev_kfree_skb(skb);
1960		return;
1961	}
1962
1963	spin_lock_bh(&priv->tx_lock);
1964
1965	txq = priv->txq + index;
1966
1967	/* Mgmt frames that go out frequently are probe
1968	 * responses. Other mgmt frames got out relatively
1969	 * infrequently. Hence reserve 2 buffers so that
1970	 * other mgmt frames do not get dropped due to an
1971	 * already queued probe response in one of the
1972	 * reserved buffers.
1973	 */
1974
1975	if (txq->len >= MWL8K_TX_DESCS - 2) {
1976		if (mgmtframe == false ||
1977			txq->len == MWL8K_TX_DESCS) {
1978			if (start_ba_session) {
1979				spin_lock(&priv->stream_lock);
1980				mwl8k_remove_stream(hw, stream);
1981				spin_unlock(&priv->stream_lock);
1982			}
1983			spin_unlock_bh(&priv->tx_lock);
1984			dev_kfree_skb(skb);
1985			return;
1986		}
1987	}
1988
1989	BUG_ON(txq->skb[txq->tail] != NULL);
1990	txq->skb[txq->tail] = skb;
1991
1992	tx = txq->txd + txq->tail;
1993	tx->data_rate = txdatarate;
1994	tx->tx_priority = txpriority;
1995	tx->qos_control = cpu_to_le16(qos);
1996	tx->pkt_phys_addr = cpu_to_le32(dma);
1997	tx->pkt_len = cpu_to_le16(skb->len);
1998	tx->rate_info = 0;
1999	if (!priv->ap_fw && tx_info->control.sta != NULL)
2000		tx->peer_id = MWL8K_STA(tx_info->control.sta)->peer_id;
2001	else
2002		tx->peer_id = 0;
2003
2004	if (priv->ap_fw)
2005		tx->timestamp = cpu_to_le32(ioread32(priv->regs +
2006						MWL8K_HW_TIMER_REGISTER));
2007
2008	wmb();
2009	tx->status = cpu_to_le32(MWL8K_TXD_STATUS_FW_OWNED | txstatus);
2010
2011	txq->len++;
2012	priv->pending_tx_pkts++;
2013
2014	txq->tail++;
2015	if (txq->tail == MWL8K_TX_DESCS)
2016		txq->tail = 0;
2017
2018	mwl8k_tx_start(priv);
2019
2020	spin_unlock_bh(&priv->tx_lock);
2021
2022	/* Initiate the ampdu session here */
2023	if (start_ba_session) {
2024		spin_lock(&priv->stream_lock);
2025		if (mwl8k_start_stream(hw, stream))
2026			mwl8k_remove_stream(hw, stream);
2027		spin_unlock(&priv->stream_lock);
2028	}
2029}
2030
2031
2032/*
2033 * Firmware access.
2034 *
2035 * We have the following requirements for issuing firmware commands:
2036 * - Some commands require that the packet transmit path is idle when
2037 *   the command is issued.  (For simplicity, we'll just quiesce the
2038 *   transmit path for every command.)
2039 * - There are certain sequences of commands that need to be issued to
2040 *   the hardware sequentially, with no other intervening commands.
2041 *
2042 * This leads to an implementation of a "firmware lock" as a mutex that
2043 * can be taken recursively, and which is taken by both the low-level
2044 * command submission function (mwl8k_post_cmd) as well as any users of
2045 * that function that require issuing of an atomic sequence of commands,
2046 * and quiesces the transmit path whenever it's taken.
2047 */
2048static int mwl8k_fw_lock(struct ieee80211_hw *hw)
2049{
2050	struct mwl8k_priv *priv = hw->priv;
2051
2052	if (priv->fw_mutex_owner != current) {
2053		int rc;
2054
2055		mutex_lock(&priv->fw_mutex);
2056		ieee80211_stop_queues(hw);
2057
2058		rc = mwl8k_tx_wait_empty(hw);
2059		if (rc) {
2060			ieee80211_wake_queues(hw);
2061			mutex_unlock(&priv->fw_mutex);
2062
2063			return rc;
2064		}
2065
2066		priv->fw_mutex_owner = current;
2067	}
2068
2069	priv->fw_mutex_depth++;
2070
2071	return 0;
2072}
2073
2074static void mwl8k_fw_unlock(struct ieee80211_hw *hw)
2075{
2076	struct mwl8k_priv *priv = hw->priv;
2077
2078	if (!--priv->fw_mutex_depth) {
2079		ieee80211_wake_queues(hw);
2080		priv->fw_mutex_owner = NULL;
2081		mutex_unlock(&priv->fw_mutex);
2082	}
2083}
2084
2085
2086/*
2087 * Command processing.
2088 */
2089
2090/* Timeout firmware commands after 10s */
2091#define MWL8K_CMD_TIMEOUT_MS	10000
2092
2093static int mwl8k_post_cmd(struct ieee80211_hw *hw, struct mwl8k_cmd_pkt *cmd)
2094{
2095	DECLARE_COMPLETION_ONSTACK(cmd_wait);
2096	struct mwl8k_priv *priv = hw->priv;
2097	void __iomem *regs = priv->regs;
2098	dma_addr_t dma_addr;
2099	unsigned int dma_size;
2100	int rc;
2101	unsigned long timeout = 0;
2102	u8 buf[32];
2103
2104	cmd->result = (__force __le16) 0xffff;
2105	dma_size = le16_to_cpu(cmd->length);
2106	dma_addr = pci_map_single(priv->pdev, cmd, dma_size,
2107				  PCI_DMA_BIDIRECTIONAL);
2108	if (pci_dma_mapping_error(priv->pdev, dma_addr))
2109		return -ENOMEM;
2110
2111	rc = mwl8k_fw_lock(hw);
2112	if (rc) {
2113		pci_unmap_single(priv->pdev, dma_addr, dma_size,
2114						PCI_DMA_BIDIRECTIONAL);
2115		return rc;
2116	}
2117
2118	priv->hostcmd_wait = &cmd_wait;
2119	iowrite32(dma_addr, regs + MWL8K_HIU_GEN_PTR);
2120	iowrite32(MWL8K_H2A_INT_DOORBELL,
2121		regs + MWL8K_HIU_H2A_INTERRUPT_EVENTS);
2122	iowrite32(MWL8K_H2A_INT_DUMMY,
2123		regs + MWL8K_HIU_H2A_INTERRUPT_EVENTS);
2124
2125	timeout = wait_for_completion_timeout(&cmd_wait,
2126				msecs_to_jiffies(MWL8K_CMD_TIMEOUT_MS));
2127
2128	priv->hostcmd_wait = NULL;
2129
2130	mwl8k_fw_unlock(hw);
2131
2132	pci_unmap_single(priv->pdev, dma_addr, dma_size,
2133					PCI_DMA_BIDIRECTIONAL);
2134
2135	if (!timeout) {
2136		wiphy_err(hw->wiphy, "Command %s timeout after %u ms\n",
2137			  mwl8k_cmd_name(cmd->code, buf, sizeof(buf)),
2138			  MWL8K_CMD_TIMEOUT_MS);
2139		rc = -ETIMEDOUT;
2140	} else {
2141		int ms;
2142
2143		ms = MWL8K_CMD_TIMEOUT_MS - jiffies_to_msecs(timeout);
2144
2145		rc = cmd->result ? -EINVAL : 0;
2146		if (rc)
2147			wiphy_err(hw->wiphy, "Command %s error 0x%x\n",
2148				  mwl8k_cmd_name(cmd->code, buf, sizeof(buf)),
2149				  le16_to_cpu(cmd->result));
2150		else if (ms > 2000)
2151			wiphy_notice(hw->wiphy, "Command %s took %d ms\n",
2152				     mwl8k_cmd_name(cmd->code,
2153						    buf, sizeof(buf)),
2154				     ms);
2155	}
2156
2157	return rc;
2158}
2159
2160static int mwl8k_post_pervif_cmd(struct ieee80211_hw *hw,
2161				 struct ieee80211_vif *vif,
2162				 struct mwl8k_cmd_pkt *cmd)
2163{
2164	if (vif != NULL)
2165		cmd->macid = MWL8K_VIF(vif)->macid;
2166	return mwl8k_post_cmd(hw, cmd);
2167}
2168
2169/*
2170 * Setup code shared between STA and AP firmware images.
2171 */
2172static void mwl8k_setup_2ghz_band(struct ieee80211_hw *hw)
2173{
2174	struct mwl8k_priv *priv = hw->priv;
2175
2176	BUILD_BUG_ON(sizeof(priv->channels_24) != sizeof(mwl8k_channels_24));
2177	memcpy(priv->channels_24, mwl8k_channels_24, sizeof(mwl8k_channels_24));
2178
2179	BUILD_BUG_ON(sizeof(priv->rates_24) != sizeof(mwl8k_rates_24));
2180	memcpy(priv->rates_24, mwl8k_rates_24, sizeof(mwl8k_rates_24));
2181
2182	priv->band_24.band = IEEE80211_BAND_2GHZ;
2183	priv->band_24.channels = priv->channels_24;
2184	priv->band_24.n_channels = ARRAY_SIZE(mwl8k_channels_24);
2185	priv->band_24.bitrates = priv->rates_24;
2186	priv->band_24.n_bitrates = ARRAY_SIZE(mwl8k_rates_24);
2187
2188	hw->wiphy->bands[IEEE80211_BAND_2GHZ] = &priv->band_24;
2189}
2190
2191static void mwl8k_setup_5ghz_band(struct ieee80211_hw *hw)
2192{
2193	struct mwl8k_priv *priv = hw->priv;
2194
2195	BUILD_BUG_ON(sizeof(priv->channels_50) != sizeof(mwl8k_channels_50));
2196	memcpy(priv->channels_50, mwl8k_channels_50, sizeof(mwl8k_channels_50));
2197
2198	BUILD_BUG_ON(sizeof(priv->rates_50) != sizeof(mwl8k_rates_50));
2199	memcpy(priv->rates_50, mwl8k_rates_50, sizeof(mwl8k_rates_50));
2200
2201	priv->band_50.band = IEEE80211_BAND_5GHZ;
2202	priv->band_50.channels = priv->channels_50;
2203	priv->band_50.n_channels = ARRAY_SIZE(mwl8k_channels_50);
2204	priv->band_50.bitrates = priv->rates_50;
2205	priv->band_50.n_bitrates = ARRAY_SIZE(mwl8k_rates_50);
2206
2207	hw->wiphy->bands[IEEE80211_BAND_5GHZ] = &priv->band_50;
2208}
2209
2210/*
2211 * CMD_GET_HW_SPEC (STA version).
2212 */
2213struct mwl8k_cmd_get_hw_spec_sta {
2214	struct mwl8k_cmd_pkt header;
2215	__u8 hw_rev;
2216	__u8 host_interface;
2217	__le16 num_mcaddrs;
2218	__u8 perm_addr[ETH_ALEN];
2219	__le16 region_code;
2220	__le32 fw_rev;
2221	__le32 ps_cookie;
2222	__le32 caps;
2223	__u8 mcs_bitmap[16];
2224	__le32 rx_queue_ptr;
2225	__le32 num_tx_queues;
2226	__le32 tx_queue_ptrs[MWL8K_TX_WMM_QUEUES];
2227	__le32 caps2;
2228	__le32 num_tx_desc_per_queue;
2229	__le32 total_rxd;
2230} __packed;
2231
2232#define MWL8K_CAP_MAX_AMSDU		0x20000000
2233#define MWL8K_CAP_GREENFIELD		0x08000000
2234#define MWL8K_CAP_AMPDU			0x04000000
2235#define MWL8K_CAP_RX_STBC		0x01000000
2236#define MWL8K_CAP_TX_STBC		0x00800000
2237#define MWL8K_CAP_SHORTGI_40MHZ		0x00400000
2238#define MWL8K_CAP_SHORTGI_20MHZ		0x00200000
2239#define MWL8K_CAP_RX_ANTENNA_MASK	0x000e0000
2240#define MWL8K_CAP_TX_ANTENNA_MASK	0x0001c000
2241#define MWL8K_CAP_DELAY_BA		0x00003000
2242#define MWL8K_CAP_MIMO			0x00000200
2243#define MWL8K_CAP_40MHZ			0x00000100
2244#define MWL8K_CAP_BAND_MASK		0x00000007
2245#define MWL8K_CAP_5GHZ			0x00000004
2246#define MWL8K_CAP_2GHZ4			0x00000001
2247
2248static void
2249mwl8k_set_ht_caps(struct ieee80211_hw *hw,
2250		  struct ieee80211_supported_band *band, u32 cap)
2251{
2252	int rx_streams;
2253	int tx_streams;
2254
2255	band->ht_cap.ht_supported = 1;
2256
2257	if (cap & MWL8K_CAP_MAX_AMSDU)
2258		band->ht_cap.cap |= IEEE80211_HT_CAP_MAX_AMSDU;
2259	if (cap & MWL8K_CAP_GREENFIELD)
2260		band->ht_cap.cap |= IEEE80211_HT_CAP_GRN_FLD;
2261	if (cap & MWL8K_CAP_AMPDU) {
2262		hw->flags |= IEEE80211_HW_AMPDU_AGGREGATION;
2263		band->ht_cap.ampdu_factor = IEEE80211_HT_MAX_AMPDU_64K;
2264		band->ht_cap.ampdu_density = IEEE80211_HT_MPDU_DENSITY_NONE;
2265	}
2266	if (cap & MWL8K_CAP_RX_STBC)
2267		band->ht_cap.cap |= IEEE80211_HT_CAP_RX_STBC;
2268	if (cap & MWL8K_CAP_TX_STBC)
2269		band->ht_cap.cap |= IEEE80211_HT_CAP_TX_STBC;
2270	if (cap & MWL8K_CAP_SHORTGI_40MHZ)
2271		band->ht_cap.cap |= IEEE80211_HT_CAP_SGI_40;
2272	if (cap & MWL8K_CAP_SHORTGI_20MHZ)
2273		band->ht_cap.cap |= IEEE80211_HT_CAP_SGI_20;
2274	if (cap & MWL8K_CAP_DELAY_BA)
2275		band->ht_cap.cap |= IEEE80211_HT_CAP_DELAY_BA;
2276	if (cap & MWL8K_CAP_40MHZ)
2277		band->ht_cap.cap |= IEEE80211_HT_CAP_SUP_WIDTH_20_40;
2278
2279	rx_streams = hweight32(cap & MWL8K_CAP_RX_ANTENNA_MASK);
2280	tx_streams = hweight32(cap & MWL8K_CAP_TX_ANTENNA_MASK);
2281
2282	band->ht_cap.mcs.rx_mask[0] = 0xff;
2283	if (rx_streams >= 2)
2284		band->ht_cap.mcs.rx_mask[1] = 0xff;
2285	if (rx_streams >= 3)
2286		band->ht_cap.mcs.rx_mask[2] = 0xff;
2287	band->ht_cap.mcs.rx_mask[4] = 0x01;
2288	band->ht_cap.mcs.tx_params = IEEE80211_HT_MCS_TX_DEFINED;
2289
2290	if (rx_streams != tx_streams) {
2291		band->ht_cap.mcs.tx_params |= IEEE80211_HT_MCS_TX_RX_DIFF;
2292		band->ht_cap.mcs.tx_params |= (tx_streams - 1) <<
2293				IEEE80211_HT_MCS_TX_MAX_STREAMS_SHIFT;
2294	}
2295}
2296
2297static void
2298mwl8k_set_caps(struct ieee80211_hw *hw, u32 caps)
2299{
2300	struct mwl8k_priv *priv = hw->priv;
2301
2302	if ((caps & MWL8K_CAP_2GHZ4) || !(caps & MWL8K_CAP_BAND_MASK)) {
2303		mwl8k_setup_2ghz_band(hw);
2304		if (caps & MWL8K_CAP_MIMO)
2305			mwl8k_set_ht_caps(hw, &priv->band_24, caps);
2306	}
2307
2308	if (caps & MWL8K_CAP_5GHZ) {
2309		mwl8k_setup_5ghz_band(hw);
2310		if (caps & MWL8K_CAP_MIMO)
2311			mwl8k_set_ht_caps(hw, &priv->band_50, caps);
2312	}
2313}
2314
2315static int mwl8k_cmd_get_hw_spec_sta(struct ieee80211_hw *hw)
2316{
2317	struct mwl8k_priv *priv = hw->priv;
2318	struct mwl8k_cmd_get_hw_spec_sta *cmd;
2319	int rc;
2320	int i;
2321
2322	cmd = kzalloc(sizeof(*cmd), GFP_KERNEL);
2323	if (cmd == NULL)
2324		return -ENOMEM;
2325
2326	cmd->header.code = cpu_to_le16(MWL8K_CMD_GET_HW_SPEC);
2327	cmd->header.length = cpu_to_le16(sizeof(*cmd));
2328
2329	memset(cmd->perm_addr, 0xff, sizeof(cmd->perm_addr));
2330	cmd->ps_cookie = cpu_to_le32(priv->cookie_dma);
2331	cmd->rx_queue_ptr = cpu_to_le32(priv->rxq[0].rxd_dma);
2332	cmd->num_tx_queues = cpu_to_le32(mwl8k_tx_queues(priv));
2333	for (i = 0; i < mwl8k_tx_queues(priv); i++)
2334		cmd->tx_queue_ptrs[i] = cpu_to_le32(priv->txq[i].txd_dma);
2335	cmd->num_tx_desc_per_queue = cpu_to_le32(MWL8K_TX_DESCS);
2336	cmd->total_rxd = cpu_to_le32(MWL8K_RX_DESCS);
2337
2338	rc = mwl8k_post_cmd(hw, &cmd->header);
2339
2340	if (!rc) {
2341		SET_IEEE80211_PERM_ADDR(hw, cmd->perm_addr);
2342		priv->num_mcaddrs = le16_to_cpu(cmd->num_mcaddrs);
2343		priv->fw_rev = le32_to_cpu(cmd->fw_rev);
2344		priv->hw_rev = cmd->hw_rev;
2345		mwl8k_set_caps(hw, le32_to_cpu(cmd->caps));
2346		priv->ap_macids_supported = 0x00000000;
2347		priv->sta_macids_supported = 0x00000001;
2348	}
2349
2350	kfree(cmd);
2351	return rc;
2352}
2353
2354/*
2355 * CMD_GET_HW_SPEC (AP version).
2356 */
2357struct mwl8k_cmd_get_hw_spec_ap {
2358	struct mwl8k_cmd_pkt header;
2359	__u8 hw_rev;
2360	__u8 host_interface;
2361	__le16 num_wcb;
2362	__le16 num_mcaddrs;
2363	__u8 perm_addr[ETH_ALEN];
2364	__le16 region_code;
2365	__le16 num_antenna;
2366	__le32 fw_rev;
2367	__le32 wcbbase0;
2368	__le32 rxwrptr;
2369	__le32 rxrdptr;
2370	__le32 ps_cookie;
2371	__le32 wcbbase1;
2372	__le32 wcbbase2;
2373	__le32 wcbbase3;
2374	__le32 fw_api_version;
2375	__le32 caps;
2376	__le32 num_of_ampdu_queues;
2377	__le32 wcbbase_ampdu[MWL8K_MAX_AMPDU_QUEUES];
2378} __packed;
2379
2380static int mwl8k_cmd_get_hw_spec_ap(struct ieee80211_hw *hw)
2381{
2382	struct mwl8k_priv *priv = hw->priv;
2383	struct mwl8k_cmd_get_hw_spec_ap *cmd;
2384	int rc, i;
2385	u32 api_version;
2386
2387	cmd = kzalloc(sizeof(*cmd), GFP_KERNEL);
2388	if (cmd == NULL)
2389		return -ENOMEM;
2390
2391	cmd->header.code = cpu_to_le16(MWL8K_CMD_GET_HW_SPEC);
2392	cmd->header.length = cpu_to_le16(sizeof(*cmd));
2393
2394	memset(cmd->perm_addr, 0xff, sizeof(cmd->perm_addr));
2395	cmd->ps_cookie = cpu_to_le32(priv->cookie_dma);
2396
2397	rc = mwl8k_post_cmd(hw, &cmd->header);
2398
2399	if (!rc) {
2400		int off;
2401
2402		api_version = le32_to_cpu(cmd->fw_api_version);
2403		if (priv->device_info->fw_api_ap != api_version) {
2404			printk(KERN_ERR "%s: Unsupported fw API version for %s."
2405			       "  Expected %d got %d.\n", MWL8K_NAME,
2406			       priv->device_info->part_name,
2407			       priv->device_info->fw_api_ap,
2408			       api_version);
2409			rc = -EINVAL;
2410			goto done;
2411		}
2412		SET_IEEE80211_PERM_ADDR(hw, cmd->perm_addr);
2413		priv->num_mcaddrs = le16_to_cpu(cmd->num_mcaddrs);
2414		priv->fw_rev = le32_to_cpu(cmd->fw_rev);
2415		priv->hw_rev = cmd->hw_rev;
2416		mwl8k_set_caps(hw, le32_to_cpu(cmd->caps));
2417		priv->ap_macids_supported = 0x000000ff;
2418		priv->sta_macids_supported = 0x00000000;
2419		priv->num_ampdu_queues = le32_to_cpu(cmd->num_of_ampdu_queues);
2420		if (priv->num_ampdu_queues > MWL8K_MAX_AMPDU_QUEUES) {
2421			wiphy_warn(hw->wiphy, "fw reported %d ampdu queues"
2422				   " but we only support %d.\n",
2423				   priv->num_ampdu_queues,
2424				   MWL8K_MAX_AMPDU_QUEUES);
2425			priv->num_ampdu_queues = MWL8K_MAX_AMPDU_QUEUES;
2426		}
2427		off = le32_to_cpu(cmd->rxwrptr) & 0xffff;
2428		iowrite32(priv->rxq[0].rxd_dma, priv->sram + off);
2429
2430		off = le32_to_cpu(cmd->rxrdptr) & 0xffff;
2431		iowrite32(priv->rxq[0].rxd_dma, priv->sram + off);
2432
2433		priv->txq_offset[0] = le32_to_cpu(cmd->wcbbase0) & 0xffff;
2434		priv->txq_offset[1] = le32_to_cpu(cmd->wcbbase1) & 0xffff;
2435		priv->txq_offset[2] = le32_to_cpu(cmd->wcbbase2) & 0xffff;
2436		priv->txq_offset[3] = le32_to_cpu(cmd->wcbbase3) & 0xffff;
2437
2438		for (i = 0; i < priv->num_ampdu_queues; i++)
2439			priv->txq_offset[i + MWL8K_TX_WMM_QUEUES] =
2440				le32_to_cpu(cmd->wcbbase_ampdu[i]) & 0xffff;
2441	}
2442
2443done:
2444	kfree(cmd);
2445	return rc;
2446}
2447
2448/*
2449 * CMD_SET_HW_SPEC.
2450 */
2451struct mwl8k_cmd_set_hw_spec {
2452	struct mwl8k_cmd_pkt header;
2453	__u8 hw_rev;
2454	__u8 host_interface;
2455	__le16 num_mcaddrs;
2456	__u8 perm_addr[ETH_ALEN];
2457	__le16 region_code;
2458	__le32 fw_rev;
2459	__le32 ps_cookie;
2460	__le32 caps;
2461	__le32 rx_queue_ptr;
2462	__le32 num_tx_queues;
2463	__le32 tx_queue_ptrs[MWL8K_MAX_TX_QUEUES];
2464	__le32 flags;
2465	__le32 num_tx_desc_per_queue;
2466	__le32 total_rxd;
2467} __packed;
2468
2469/* If enabled, MWL8K_SET_HW_SPEC_FLAG_ENABLE_LIFE_TIME_EXPIRY will cause
2470 * packets to expire 500 ms after the timestamp in the tx descriptor.  That is,
2471 * the packets that are queued for more than 500ms, will be dropped in the
2472 * hardware. This helps minimizing the issues caused due to head-of-line
2473 * blocking where a slow client can hog the bandwidth and affect traffic to a
2474 * faster client.
2475 */
2476#define MWL8K_SET_HW_SPEC_FLAG_ENABLE_LIFE_TIME_EXPIRY	0x00000400
2477#define MWL8K_SET_HW_SPEC_FLAG_HOST_DECR_MGMT		0x00000080
2478#define MWL8K_SET_HW_SPEC_FLAG_HOSTFORM_PROBERESP	0x00000020
2479#define MWL8K_SET_HW_SPEC_FLAG_HOSTFORM_BEACON		0x00000010
2480
2481static int mwl8k_cmd_set_hw_spec(struct ieee80211_hw *hw)
2482{
2483	struct mwl8k_priv *priv = hw->priv;
2484	struct mwl8k_cmd_set_hw_spec *cmd;
2485	int rc;
2486	int i;
2487
2488	cmd = kzalloc(sizeof(*cmd), GFP_KERNEL);
2489	if (cmd == NULL)
2490		return -ENOMEM;
2491
2492	cmd->header.code = cpu_to_le16(MWL8K_CMD_SET_HW_SPEC);
2493	cmd->header.length = cpu_to_le16(sizeof(*cmd));
2494
2495	cmd->ps_cookie = cpu_to_le32(priv->cookie_dma);
2496	cmd->rx_queue_ptr = cpu_to_le32(priv->rxq[0].rxd_dma);
2497	cmd->num_tx_queues = cpu_to_le32(mwl8k_tx_queues(priv));
2498
2499	/*
2500	 * Mac80211 stack has Q0 as highest priority and Q3 as lowest in
2501	 * that order. Firmware has Q3 as highest priority and Q0 as lowest
2502	 * in that order. Map Q3 of mac80211 to Q0 of firmware so that the
2503	 * priority is interpreted the right way in firmware.
2504	 */
2505	for (i = 0; i < mwl8k_tx_queues(priv); i++) {
2506		int j = mwl8k_tx_queues(priv) - 1 - i;
2507		cmd->tx_queue_ptrs[i] = cpu_to_le32(priv->txq[j].txd_dma);
2508	}
2509
2510	cmd->flags = cpu_to_le32(MWL8K_SET_HW_SPEC_FLAG_HOST_DECR_MGMT |
2511				 MWL8K_SET_HW_SPEC_FLAG_HOSTFORM_PROBERESP |
2512				 MWL8K_SET_HW_SPEC_FLAG_HOSTFORM_BEACON |
2513				 MWL8K_SET_HW_SPEC_FLAG_ENABLE_LIFE_TIME_EXPIRY);
2514	cmd->num_tx_desc_per_queue = cpu_to_le32(MWL8K_TX_DESCS);
2515	cmd->total_rxd = cpu_to_le32(MWL8K_RX_DESCS);
2516
2517	rc = mwl8k_post_cmd(hw, &cmd->header);
2518	kfree(cmd);
2519
2520	return rc;
2521}
2522
2523/*
2524 * CMD_MAC_MULTICAST_ADR.
2525 */
2526struct mwl8k_cmd_mac_multicast_adr {
2527	struct mwl8k_cmd_pkt header;
2528	__le16 action;
2529	__le16 numaddr;
2530	__u8 addr[0][ETH_ALEN];
2531};
2532
2533#define MWL8K_ENABLE_RX_DIRECTED	0x0001
2534#define MWL8K_ENABLE_RX_MULTICAST	0x0002
2535#define MWL8K_ENABLE_RX_ALL_MULTICAST	0x0004
2536#define MWL8K_ENABLE_RX_BROADCAST	0x0008
2537
2538static struct mwl8k_cmd_pkt *
2539__mwl8k_cmd_mac_multicast_adr(struct ieee80211_hw *hw, int allmulti,
2540			      struct netdev_hw_addr_list *mc_list)
2541{
2542	struct mwl8k_priv *priv = hw->priv;
2543	struct mwl8k_cmd_mac_multicast_adr *cmd;
2544	int size;
2545	int mc_count = 0;
2546
2547	if (mc_list)
2548		mc_count = netdev_hw_addr_list_count(mc_list);
2549
2550	if (allmulti || mc_count > priv->num_mcaddrs) {
2551		allmulti = 1;
2552		mc_count = 0;
2553	}
2554
2555	size = sizeof(*cmd) + mc_count * ETH_ALEN;
2556
2557	cmd = kzalloc(size, GFP_ATOMIC);
2558	if (cmd == NULL)
2559		return NULL;
2560
2561	cmd->header.code = cpu_to_le16(MWL8K_CMD_MAC_MULTICAST_ADR);
2562	cmd->header.length = cpu_to_le16(size);
2563	cmd->action = cpu_to_le16(MWL8K_ENABLE_RX_DIRECTED |
2564				  MWL8K_ENABLE_RX_BROADCAST);
2565
2566	if (allmulti) {
2567		cmd->action |= cpu_to_le16(MWL8K_ENABLE_RX_ALL_MULTICAST);
2568	} else if (mc_count) {
2569		struct netdev_hw_addr *ha;
2570		int i = 0;
2571
2572		cmd->action |= cpu_to_le16(MWL8K_ENABLE_RX_MULTICAST);
2573		cmd->numaddr = cpu_to_le16(mc_count);
2574		netdev_hw_addr_list_for_each(ha, mc_list) {
2575			memcpy(cmd->addr[i], ha->addr, ETH_ALEN);
2576		}
2577	}
2578
2579	return &cmd->header;
2580}
2581
2582/*
2583 * CMD_GET_STAT.
2584 */
2585struct mwl8k_cmd_get_stat {
2586	struct mwl8k_cmd_pkt header;
2587	__le32 stats[64];
2588} __packed;
2589
2590#define MWL8K_STAT_ACK_FAILURE	9
2591#define MWL8K_STAT_RTS_FAILURE	12
2592#define MWL8K_STAT_FCS_ERROR	24
2593#define MWL8K_STAT_RTS_SUCCESS	11
2594
2595static int mwl8k_cmd_get_stat(struct ieee80211_hw *hw,
2596			      struct ieee80211_low_level_stats *stats)
2597{
2598	struct mwl8k_cmd_get_stat *cmd;
2599	int rc;
2600
2601	cmd = kzalloc(sizeof(*cmd), GFP_KERNEL);
2602	if (cmd == NULL)
2603		return -ENOMEM;
2604
2605	cmd->header.code = cpu_to_le16(MWL8K_CMD_GET_STAT);
2606	cmd->header.length = cpu_to_le16(sizeof(*cmd));
2607
2608	rc = mwl8k_post_cmd(hw, &cmd->header);
2609	if (!rc) {
2610		stats->dot11ACKFailureCount =
2611			le32_to_cpu(cmd->stats[MWL8K_STAT_ACK_FAILURE]);
2612		stats->dot11RTSFailureCount =
2613			le32_to_cpu(cmd->stats[MWL8K_STAT_RTS_FAILURE]);
2614		stats->dot11FCSErrorCount =
2615			le32_to_cpu(cmd->stats[MWL8K_STAT_FCS_ERROR]);
2616		stats->dot11RTSSuccessCount =
2617			le32_to_cpu(cmd->stats[MWL8K_STAT_RTS_SUCCESS]);
2618	}
2619	kfree(cmd);
2620
2621	return rc;
2622}
2623
2624/*
2625 * CMD_RADIO_CONTROL.
2626 */
2627struct mwl8k_cmd_radio_control {
2628	struct mwl8k_cmd_pkt header;
2629	__le16 action;
2630	__le16 control;
2631	__le16 radio_on;
2632} __packed;
2633
2634static int
2635mwl8k_cmd_radio_control(struct ieee80211_hw *hw, bool enable, bool force)
2636{
2637	struct mwl8k_priv *priv = hw->priv;
2638	struct mwl8k_cmd_radio_control *cmd;
2639	int rc;
2640
2641	if (enable == priv->radio_on && !force)
2642		return 0;
2643
2644	cmd = kzalloc(sizeof(*cmd), GFP_KERNEL);
2645	if (cmd == NULL)
2646		return -ENOMEM;
2647
2648	cmd->header.code = cpu_to_le16(MWL8K_CMD_RADIO_CONTROL);
2649	cmd->header.length = cpu_to_le16(sizeof(*cmd));
2650	cmd->action = cpu_to_le16(MWL8K_CMD_SET);
2651	cmd->control = cpu_to_le16(priv->radio_short_preamble ? 3 : 1);
2652	cmd->radio_on = cpu_to_le16(enable ? 0x0001 : 0x0000);
2653
2654	rc = mwl8k_post_cmd(hw, &cmd->header);
2655	kfree(cmd);
2656
2657	if (!rc)
2658		priv->radio_on = enable;
2659
2660	return rc;
2661}
2662
2663static int mwl8k_cmd_radio_disable(struct ieee80211_hw *hw)
2664{
2665	return mwl8k_cmd_radio_control(hw, 0, 0);
2666}
2667
2668static int mwl8k_cmd_radio_enable(struct ieee80211_hw *hw)
2669{
2670	return mwl8k_cmd_radio_control(hw, 1, 0);
2671}
2672
2673static int
2674mwl8k_set_radio_preamble(struct ieee80211_hw *hw, bool short_preamble)
2675{
2676	struct mwl8k_priv *priv = hw->priv;
2677
2678	priv->radio_short_preamble = short_preamble;
2679
2680	return mwl8k_cmd_radio_control(hw, 1, 1);
2681}
2682
2683/*
2684 * CMD_RF_TX_POWER.
2685 */
2686#define MWL8K_RF_TX_POWER_LEVEL_TOTAL	8
2687
2688struct mwl8k_cmd_rf_tx_power {
2689	struct mwl8k_cmd_pkt header;
2690	__le16 action;
2691	__le16 support_level;
2692	__le16 current_level;
2693	__le16 reserved;
2694	__le16 power_level_list[MWL8K_RF_TX_POWER_LEVEL_TOTAL];
2695} __packed;
2696
2697static int mwl8k_cmd_rf_tx_power(struct ieee80211_hw *hw, int dBm)
2698{
2699	struct mwl8k_cmd_rf_tx_power *cmd;
2700	int rc;
2701
2702	cmd = kzalloc(sizeof(*cmd), GFP_KERNEL);
2703	if (cmd == NULL)
2704		return -ENOMEM;
2705
2706	cmd->header.code = cpu_to_le16(MWL8K_CMD_RF_TX_POWER);
2707	cmd->header.length = cpu_to_le16(sizeof(*cmd));
2708	cmd->action = cpu_to_le16(MWL8K_CMD_SET);
2709	cmd->support_level = cpu_to_le16(dBm);
2710
2711	rc = mwl8k_post_cmd(hw, &cmd->header);
2712	kfree(cmd);
2713
2714	return rc;
2715}
2716
2717/*
2718 * CMD_TX_POWER.
2719 */
2720#define MWL8K_TX_POWER_LEVEL_TOTAL      12
2721
2722struct mwl8k_cmd_tx_power {
2723	struct mwl8k_cmd_pkt header;
2724	__le16 action;
2725	__le16 band;
2726	__le16 channel;
2727	__le16 bw;
2728	__le16 sub_ch;
2729	__le16 power_level_list[MWL8K_TX_POWER_LEVEL_TOTAL];
2730} __packed;
2731
2732static int mwl8k_cmd_tx_power(struct ieee80211_hw *hw,
2733				     struct ieee80211_conf *conf,
2734				     unsigned short pwr)
2735{
2736	struct ieee80211_channel *channel = conf->channel;
2737	struct mwl8k_cmd_tx_power *cmd;
2738	int rc;
2739	int i;
2740
2741	cmd = kzalloc(sizeof(*cmd), GFP_KERNEL);
2742	if (cmd == NULL)
2743		return -ENOMEM;
2744
2745	cmd->header.code = cpu_to_le16(MWL8K_CMD_TX_POWER);
2746	cmd->header.length = cpu_to_le16(sizeof(*cmd));
2747	cmd->action = cpu_to_le16(MWL8K_CMD_SET_LIST);
2748
2749	if (channel->band == IEEE80211_BAND_2GHZ)
2750		cmd->band = cpu_to_le16(0x1);
2751	else if (channel->band == IEEE80211_BAND_5GHZ)
2752		cmd->band = cpu_to_le16(0x4);
2753
2754	cmd->channel = channel->hw_value;
2755
2756	if (conf->channel_type == NL80211_CHAN_NO_HT ||
2757	    conf->channel_type == NL80211_CHAN_HT20) {
2758		cmd->bw = cpu_to_le16(0x2);
2759	} else {
2760		cmd->bw = cpu_to_le16(0x4);
2761		if (conf->channel_type == NL80211_CHAN_HT40MINUS)
2762			cmd->sub_ch = cpu_to_le16(0x3);
2763		else if (conf->channel_type == NL80211_CHAN_HT40PLUS)
2764			cmd->sub_ch = cpu_to_le16(0x1);
2765	}
2766
2767	for (i = 0; i < MWL8K_TX_POWER_LEVEL_TOTAL; i++)
2768		cmd->power_level_list[i] = cpu_to_le16(pwr);
2769
2770	rc = mwl8k_post_cmd(hw, &cmd->header);
2771	kfree(cmd);
2772
2773	return rc;
2774}
2775
2776/*
2777 * CMD_RF_ANTENNA.
2778 */
2779struct mwl8k_cmd_rf_antenna {
2780	struct mwl8k_cmd_pkt header;
2781	__le16 antenna;
2782	__le16 mode;
2783} __packed;
2784
2785#define MWL8K_RF_ANTENNA_RX		1
2786#define MWL8K_RF_ANTENNA_TX		2
2787
2788static int
2789mwl8k_cmd_rf_antenna(struct ieee80211_hw *hw, int antenna, int mask)
2790{
2791	struct mwl8k_cmd_rf_antenna *cmd;
2792	int rc;
2793
2794	cmd = kzalloc(sizeof(*cmd), GFP_KERNEL);
2795	if (cmd == NULL)
2796		return -ENOMEM;
2797
2798	cmd->header.code = cpu_to_le16(MWL8K_CMD_RF_ANTENNA);
2799	cmd->header.length = cpu_to_le16(sizeof(*cmd));
2800	cmd->antenna = cpu_to_le16(antenna);
2801	cmd->mode = cpu_to_le16(mask);
2802
2803	rc = mwl8k_post_cmd(hw, &cmd->header);
2804	kfree(cmd);
2805
2806	return rc;
2807}
2808
2809/*
2810 * CMD_SET_BEACON.
2811 */
2812struct mwl8k_cmd_set_beacon {
2813	struct mwl8k_cmd_pkt header;
2814	__le16 beacon_len;
2815	__u8 beacon[0];
2816};
2817
2818static int mwl8k_cmd_set_beacon(struct ieee80211_hw *hw,
2819				struct ieee80211_vif *vif, u8 *beacon, int len)
2820{
2821	struct mwl8k_cmd_set_beacon *cmd;
2822	int rc;
2823
2824	cmd = kzalloc(sizeof(*cmd) + len, GFP_KERNEL);
2825	if (cmd == NULL)
2826		return -ENOMEM;
2827
2828	cmd->header.code = cpu_to_le16(MWL8K_CMD_SET_BEACON);
2829	cmd->header.length = cpu_to_le16(sizeof(*cmd) + len);
2830	cmd->beacon_len = cpu_to_le16(len);
2831	memcpy(cmd->beacon, beacon, len);
2832
2833	rc = mwl8k_post_pervif_cmd(hw, vif, &cmd->header);
2834	kfree(cmd);
2835
2836	return rc;
2837}
2838
2839/*
2840 * CMD_SET_PRE_SCAN.
2841 */
2842struct mwl8k_cmd_set_pre_scan {
2843	struct mwl8k_cmd_pkt header;
2844} __packed;
2845
2846static int mwl8k_cmd_set_pre_scan(struct ieee80211_hw *hw)
2847{
2848	struct mwl8k_cmd_set_pre_scan *cmd;
2849	int rc;
2850
2851	cmd = kzalloc(sizeof(*cmd), GFP_KERNEL);
2852	if (cmd == NULL)
2853		return -ENOMEM;
2854
2855	cmd->header.code = cpu_to_le16(MWL8K_CMD_SET_PRE_SCAN);
2856	cmd->header.length = cpu_to_le16(sizeof(*cmd));
2857
2858	rc = mwl8k_post_cmd(hw, &cmd->header);
2859	kfree(cmd);
2860
2861	return rc;
2862}
2863
2864/*
2865 * CMD_SET_POST_SCAN.
2866 */
2867struct mwl8k_cmd_set_post_scan {
2868	struct mwl8k_cmd_pkt header;
2869	__le32 isibss;
2870	__u8 bssid[ETH_ALEN];
2871} __packed;
2872
2873static int
2874mwl8k_cmd_set_post_scan(struct ieee80211_hw *hw, const __u8 *mac)
2875{
2876	struct mwl8k_cmd_set_post_scan *cmd;
2877	int rc;
2878
2879	cmd = kzalloc(sizeof(*cmd), GFP_KERNEL);
2880	if (cmd == NULL)
2881		return -ENOMEM;
2882
2883	cmd->header.code = cpu_to_le16(MWL8K_CMD_SET_POST_SCAN);
2884	cmd->header.length = cpu_to_le16(sizeof(*cmd));
2885	cmd->isibss = 0;
2886	memcpy(cmd->bssid, mac, ETH_ALEN);
2887
2888	rc = mwl8k_post_cmd(hw, &cmd->header);
2889	kfree(cmd);
2890
2891	return rc;
2892}
2893
2894/*
2895 * CMD_SET_RF_CHANNEL.
2896 */
2897struct mwl8k_cmd_set_rf_channel {
2898	struct mwl8k_cmd_pkt header;
2899	__le16 action;
2900	__u8 current_channel;
2901	__le32 channel_flags;
2902} __packed;
2903
2904static int mwl8k_cmd_set_rf_channel(struct ieee80211_hw *hw,
2905				    struct ieee80211_conf *conf)
2906{
2907	struct ieee80211_channel *channel = conf->channel;
2908	struct mwl8k_cmd_set_rf_channel *cmd;
2909	int rc;
2910
2911	cmd = kzalloc(sizeof(*cmd), GFP_KERNEL);
2912	if (cmd == NULL)
2913		return -ENOMEM;
2914
2915	cmd->header.code = cpu_to_le16(MWL8K_CMD_SET_RF_CHANNEL);
2916	cmd->header.length = cpu_to_le16(sizeof(*cmd));
2917	cmd->action = cpu_to_le16(MWL8K_CMD_SET);
2918	cmd->current_channel = channel->hw_value;
2919
2920	if (channel->band == IEEE80211_BAND_2GHZ)
2921		cmd->channel_flags |= cpu_to_le32(0x00000001);
2922	else if (channel->band == IEEE80211_BAND_5GHZ)
2923		cmd->channel_flags |= cpu_to_le32(0x00000004);
2924
2925	if (conf->channel_type == NL80211_CHAN_NO_HT ||
2926	    conf->channel_type == NL80211_CHAN_HT20)
2927		cmd->channel_flags |= cpu_to_le32(0x00000080);
2928	else if (conf->channel_type == NL80211_CHAN_HT40MINUS)
2929		cmd->channel_flags |= cpu_to_le32(0x000001900);
2930	else if (conf->channel_type == NL80211_CHAN_HT40PLUS)
2931		cmd->channel_flags |= cpu_to_le32(0x000000900);
2932
2933	rc = mwl8k_post_cmd(hw, &cmd->header);
2934	kfree(cmd);
2935
2936	return rc;
2937}
2938
2939/*
2940 * CMD_SET_AID.
2941 */
2942#define MWL8K_FRAME_PROT_DISABLED			0x00
2943#define MWL8K_FRAME_PROT_11G				0x07
2944#define MWL8K_FRAME_PROT_11N_HT_40MHZ_ONLY		0x02
2945#define MWL8K_FRAME_PROT_11N_HT_ALL			0x06
2946
2947struct mwl8k_cmd_update_set_aid {
2948	struct	mwl8k_cmd_pkt header;
2949	__le16	aid;
2950
2951	 /* AP's MAC address (BSSID) */
2952	__u8	bssid[ETH_ALEN];
2953	__le16	protection_mode;
2954	__u8	supp_rates[14];
2955} __packed;
2956
2957static void legacy_rate_mask_to_array(u8 *rates, u32 mask)
2958{
2959	int i;
2960	int j;
2961
2962	/*
2963	 * Clear nonstandard rates 4 and 13.
2964	 */
2965	mask &= 0x1fef;
2966
2967	for (i = 0, j = 0; i < 14; i++) {
2968		if (mask & (1 << i))
2969			rates[j++] = mwl8k_rates_24[i].hw_value;
2970	}
2971}
2972
2973static int
2974mwl8k_cmd_set_aid(struct ieee80211_hw *hw,
2975		  struct ieee80211_vif *vif, u32 legacy_rate_mask)
2976{
2977	struct mwl8k_cmd_update_set_aid *cmd;
2978	u16 prot_mode;
2979	int rc;
2980
2981	cmd = kzalloc(sizeof(*cmd), GFP_KERNEL);
2982	if (cmd == NULL)
2983		return -ENOMEM;
2984
2985	cmd->header.code = cpu_to_le16(MWL8K_CMD_SET_AID);
2986	cmd->header.length = cpu_to_le16(sizeof(*cmd));
2987	cmd->aid = cpu_to_le16(vif->bss_conf.aid);
2988	memcpy(cmd->bssid, vif->bss_conf.bssid, ETH_ALEN);
2989
2990	if (vif->bss_conf.use_cts_prot) {
2991		prot_mode = MWL8K_FRAME_PROT_11G;
2992	} else {
2993		switch (vif->bss_conf.ht_operation_mode &
2994			IEEE80211_HT_OP_MODE_PROTECTION) {
2995		case IEEE80211_HT_OP_MODE_PROTECTION_20MHZ:
2996			prot_mode = MWL8K_FRAME_PROT_11N_HT_40MHZ_ONLY;
2997			break;
2998		case IEEE80211_HT_OP_MODE_PROTECTION_NONHT_MIXED:
2999			prot_mode = MWL8K_FRAME_PROT_11N_HT_ALL;
3000			break;
3001		default:
3002			prot_mode = MWL8K_FRAME_PROT_DISABLED;
3003			break;
3004		}
3005	}
3006	cmd->protection_mode = cpu_to_le16(prot_mode);
3007
3008	legacy_rate_mask_to_array(cmd->supp_rates, legacy_rate_mask);
3009
3010	rc = mwl8k_post_cmd(hw, &cmd->header);
3011	kfree(cmd);
3012
3013	return rc;
3014}
3015
3016/*
3017 * CMD_SET_RATE.
3018 */
3019struct mwl8k_cmd_set_rate {
3020	struct	mwl8k_cmd_pkt header;
3021	__u8	legacy_rates[14];
3022
3023	/* Bitmap for supported MCS codes.  */
3024	__u8	mcs_set[16];
3025	__u8	reserved[16];
3026} __packed;
3027
3028static int
3029mwl8k_cmd_set_rate(struct ieee80211_hw *hw, struct ieee80211_vif *vif,
3030		   u32 legacy_rate_mask, u8 *mcs_rates)
3031{
3032	struct mwl8k_cmd_set_rate *cmd;
3033	int rc;
3034
3035	cmd = kzalloc(sizeof(*cmd), GFP_KERNEL);
3036	if (cmd == NULL)
3037		return -ENOMEM;
3038
3039	cmd->header.code = cpu_to_le16(MWL8K_CMD_SET_RATE);
3040	cmd->header.length = cpu_to_le16(sizeof(*cmd));
3041	legacy_rate_mask_to_array(cmd->legacy_rates, legacy_rate_mask);
3042	memcpy(cmd->mcs_set, mcs_rates, 16);
3043
3044	rc = mwl8k_post_cmd(hw, &cmd->header);
3045	kfree(cmd);
3046
3047	return rc;
3048}
3049
3050/*
3051 * CMD_FINALIZE_JOIN.
3052 */
3053#define MWL8K_FJ_BEACON_MAXLEN	128
3054
3055struct mwl8k_cmd_finalize_join {
3056	struct mwl8k_cmd_pkt header;
3057	__le32 sleep_interval;	/* Number of beacon periods to sleep */
3058	__u8 beacon_data[MWL8K_FJ_BEACON_MAXLEN];
3059} __packed;
3060
3061static int mwl8k_cmd_finalize_join(struct ieee80211_hw *hw, void *frame,
3062				   int framelen, int dtim)
3063{
3064	struct mwl8k_cmd_finalize_join *cmd;
3065	struct ieee80211_mgmt *payload = frame;
3066	int payload_len;
3067	int rc;
3068
3069	cmd = kzalloc(sizeof(*cmd), GFP_KERNEL);
3070	if (cmd == NULL)
3071		return -ENOMEM;
3072
3073	cmd->header.code = cpu_to_le16(MWL8K_CMD_SET_FINALIZE_JOIN);
3074	cmd->header.length = cpu_to_le16(sizeof(*cmd));
3075	cmd->sleep_interval = cpu_to_le32(dtim ? dtim : 1);
3076
3077	payload_len = framelen - ieee80211_hdrlen(payload->frame_control);
3078	if (payload_len < 0)
3079		payload_len = 0;
3080	else if (payload_len > MWL8K_FJ_BEACON_MAXLEN)
3081		payload_len = MWL8K_FJ_BEACON_MAXLEN;
3082
3083	memcpy(cmd->beacon_data, &payload->u.beacon, payload_len);
3084
3085	rc = mwl8k_post_cmd(hw, &cmd->header);
3086	kfree(cmd);
3087
3088	return rc;
3089}
3090
3091/*
3092 * CMD_SET_RTS_THRESHOLD.
3093 */
3094struct mwl8k_cmd_set_rts_threshold {
3095	struct mwl8k_cmd_pkt header;
3096	__le16 action;
3097	__le16 threshold;
3098} __packed;
3099
3100static int
3101mwl8k_cmd_set_rts_threshold(struct ieee80211_hw *hw, int rts_thresh)
3102{
3103	struct mwl8k_cmd_set_rts_threshold *cmd;
3104	int rc;
3105
3106	cmd = kzalloc(sizeof(*cmd), GFP_KERNEL);
3107	if (cmd == NULL)
3108		return -ENOMEM;
3109
3110	cmd->header.code = cpu_to_le16(MWL8K_CMD_RTS_THRESHOLD);
3111	cmd->header.length = cpu_to_le16(sizeof(*cmd));
3112	cmd->action = cpu_to_le16(MWL8K_CMD_SET);
3113	cmd->threshold = cpu_to_le16(rts_thresh);
3114
3115	rc = mwl8k_post_cmd(hw, &cmd->header);
3116	kfree(cmd);
3117
3118	return rc;
3119}
3120
3121/*
3122 * CMD_SET_SLOT.
3123 */
3124struct mwl8k_cmd_set_slot {
3125	struct mwl8k_cmd_pkt header;
3126	__le16 action;
3127	__u8 short_slot;
3128} __packed;
3129
3130static int mwl8k_cmd_set_slot(struct ieee80211_hw *hw, bool short_slot_time)
3131{
3132	struct mwl8k_cmd_set_slot *cmd;
3133	int rc;
3134
3135	cmd = kzalloc(sizeof(*cmd), GFP_KERNEL);
3136	if (cmd == NULL)
3137		return -ENOMEM;
3138
3139	cmd->header.code = cpu_to_le16(MWL8K_CMD_SET_SLOT);
3140	cmd->header.length = cpu_to_le16(sizeof(*cmd));
3141	cmd->action = cpu_to_le16(MWL8K_CMD_SET);
3142	cmd->short_slot = short_slot_time;
3143
3144	rc = mwl8k_post_cmd(hw, &cmd->header);
3145	kfree(cmd);
3146
3147	return rc;
3148}
3149
3150/*
3151 * CMD_SET_EDCA_PARAMS.
3152 */
3153struct mwl8k_cmd_set_edca_params {
3154	struct mwl8k_cmd_pkt header;
3155
3156	/* See MWL8K_SET_EDCA_XXX below */
3157	__le16 action;
3158
3159	/* TX opportunity in units of 32 us */
3160	__le16 txop;
3161
3162	union {
3163		struct {
3164			/* Log exponent of max contention period: 0...15 */
3165			__le32 log_cw_max;
3166
3167			/* Log exponent of min contention period: 0...15 */
3168			__le32 log_cw_min;
3169
3170			/* Adaptive interframe spacing in units of 32us */
3171			__u8 aifs;
3172
3173			/* TX queue to configure */
3174			__u8 txq;
3175		} ap;
3176		struct {
3177			/* Log exponent of max contention period: 0...15 */
3178			__u8 log_cw_max;
3179
3180			/* Log exponent of min contention period: 0...15 */
3181			__u8 log_cw_min;
3182
3183			/* Adaptive interframe spacing in units of 32us */
3184			__u8 aifs;
3185
3186			/* TX queue to configure */
3187			__u8 txq;
3188		} sta;
3189	};
3190} __packed;
3191
3192#define MWL8K_SET_EDCA_CW	0x01
3193#define MWL8K_SET_EDCA_TXOP	0x02
3194#define MWL8K_SET_EDCA_AIFS	0x04
3195
3196#define MWL8K_SET_EDCA_ALL	(MWL8K_SET_EDCA_CW | \
3197				 MWL8K_SET_EDCA_TXOP | \
3198				 MWL8K_SET_EDCA_AIFS)
3199
3200static int
3201mwl8k_cmd_set_edca_params(struct ieee80211_hw *hw, __u8 qnum,
3202			  __u16 cw_min, __u16 cw_max,
3203			  __u8 aifs, __u16 txop)
3204{
3205	struct mwl8k_priv *priv = hw->priv;
3206	struct mwl8k_cmd_set_edca_params *cmd;
3207	int rc;
3208
3209	cmd = kzalloc(sizeof(*cmd), GFP_KERNEL);
3210	if (cmd == NULL)
3211		return -ENOMEM;
3212
3213	cmd->header.code = cpu_to_le16(MWL8K_CMD_SET_EDCA_PARAMS);
3214	cmd->header.length = cpu_to_le16(sizeof(*cmd));
3215	cmd->action = cpu_to_le16(MWL8K_SET_EDCA_ALL);
3216	cmd->txop = cpu_to_le16(txop);
3217	if (priv->ap_fw) {
3218		cmd->ap.log_cw_max = cpu_to_le32(ilog2(cw_max + 1));
3219		cmd->ap.log_cw_min = cpu_to_le32(ilog2(cw_min + 1));
3220		cmd->ap.aifs = aifs;
3221		cmd->ap.txq = qnum;
3222	} else {
3223		cmd->sta.log_cw_max = (u8)ilog2(cw_max + 1);
3224		cmd->sta.log_cw_min = (u8)ilog2(cw_min + 1);
3225		cmd->sta.aifs = aifs;
3226		cmd->sta.txq = qnum;
3227	}
3228
3229	rc = mwl8k_post_cmd(hw, &cmd->header);
3230	kfree(cmd);
3231
3232	return rc;
3233}
3234
3235/*
3236 * CMD_SET_WMM_MODE.
3237 */
3238struct mwl8k_cmd_set_wmm_mode {
3239	struct mwl8k_cmd_pkt header;
3240	__le16 action;
3241} __packed;
3242
3243static int mwl8k_cmd_set_wmm_mode(struct ieee80211_hw *hw, bool enable)
3244{
3245	struct mwl8k_priv *priv = hw->priv;
3246	struct mwl8k_cmd_set_wmm_mode *cmd;
3247	int rc;
3248
3249	cmd = kzalloc(sizeof(*cmd), GFP_KERNEL);
3250	if (cmd == NULL)
3251		return -ENOMEM;
3252
3253	cmd->header.code = cpu_to_le16(MWL8K_CMD_SET_WMM_MODE);
3254	cmd->header.length = cpu_to_le16(sizeof(*cmd));
3255	cmd->action = cpu_to_le16(!!enable);
3256
3257	rc = mwl8k_post_cmd(hw, &cmd->header);
3258	kfree(cmd);
3259
3260	if (!rc)
3261		priv->wmm_enabled = enable;
3262
3263	return rc;
3264}
3265
3266/*
3267 * CMD_MIMO_CONFIG.
3268 */
3269struct mwl8k_cmd_mimo_config {
3270	struct mwl8k_cmd_pkt header;
3271	__le32 action;
3272	__u8 rx_antenna_map;
3273	__u8 tx_antenna_map;
3274} __packed;
3275
3276static int mwl8k_cmd_mimo_config(struct ieee80211_hw *hw, __u8 rx, __u8 tx)
3277{
3278	struct mwl8k_cmd_mimo_config *cmd;
3279	int rc;
3280
3281	cmd = kzalloc(sizeof(*cmd), GFP_KERNEL);
3282	if (cmd == NULL)
3283		return -ENOMEM;
3284
3285	cmd->header.code = cpu_to_le16(MWL8K_CMD_MIMO_CONFIG);
3286	cmd->header.length = cpu_to_le16(sizeof(*cmd));
3287	cmd->action = cpu_to_le32((u32)MWL8K_CMD_SET);
3288	cmd->rx_antenna_map = rx;
3289	cmd->tx_antenna_map = tx;
3290
3291	rc = mwl8k_post_cmd(hw, &cmd->header);
3292	kfree(cmd);
3293
3294	return rc;
3295}
3296
3297/*
3298 * CMD_USE_FIXED_RATE (STA version).
3299 */
3300struct mwl8k_cmd_use_fixed_rate_sta {
3301	struct mwl8k_cmd_pkt header;
3302	__le32 action;
3303	__le32 allow_rate_drop;
3304	__le32 num_rates;
3305	struct {
3306		__le32 is_ht_rate;
3307		__le32 enable_retry;
3308		__le32 rate;
3309		__le32 retry_count;
3310	} rate_entry[8];
3311	__le32 rate_type;
3312	__le32 reserved1;
3313	__le32 reserved2;
3314} __packed;
3315
3316#define MWL8K_USE_AUTO_RATE	0x0002
3317#define MWL8K_UCAST_RATE	0
3318
3319static int mwl8k_cmd_use_fixed_rate_sta(struct ieee80211_hw *hw)
3320{
3321	struct mwl8k_cmd_use_fixed_rate_sta *cmd;
3322	int rc;
3323
3324	cmd = kzalloc(sizeof(*cmd), GFP_KERNEL);
3325	if (cmd == NULL)
3326		return -ENOMEM;
3327
3328	cmd->header.code = cpu_to_le16(MWL8K_CMD_USE_FIXED_RATE);
3329	cmd->header.length = cpu_to_le16(sizeof(*cmd));
3330	cmd->action = cpu_to_le32(MWL8K_USE_AUTO_RATE);
3331	cmd->rate_type = cpu_to_le32(MWL8K_UCAST_RATE);
3332
3333	rc = mwl8k_post_cmd(hw, &cmd->header);
3334	kfree(cmd);
3335
3336	return rc;
3337}
3338
3339/*
3340 * CMD_USE_FIXED_RATE (AP version).
3341 */
3342struct mwl8k_cmd_use_fixed_rate_ap {
3343	struct mwl8k_cmd_pkt header;
3344	__le32 action;
3345	__le32 allow_rate_drop;
3346	__le32 num_rates;
3347	struct mwl8k_rate_entry_ap {
3348		__le32 is_ht_rate;
3349		__le32 enable_retry;
3350		__le32 rate;
3351		__le32 retry_count;
3352	} rate_entry[4];
3353	u8 multicast_rate;
3354	u8 multicast_rate_type;
3355	u8 management_rate;
3356} __packed;
3357
3358static int
3359mwl8k_cmd_use_fixed_rate_ap(struct ieee80211_hw *hw, int mcast, int mgmt)
3360{
3361	struct mwl8k_cmd_use_fixed_rate_ap *cmd;
3362	int rc;
3363
3364	cmd = kzalloc(sizeof(*cmd), GFP_KERNEL);
3365	if (cmd == NULL)
3366		return -ENOMEM;
3367
3368	cmd->header.code = cpu_to_le16(MWL8K_CMD_USE_FIXED_RATE);
3369	cmd->header.length = cpu_to_le16(sizeof(*cmd));
3370	cmd->action = cpu_to_le32(MWL8K_USE_AUTO_RATE);
3371	cmd->multicast_rate = mcast;
3372	cmd->management_rate = mgmt;
3373
3374	rc = mwl8k_post_cmd(hw, &cmd->header);
3375	kfree(cmd);
3376
3377	return rc;
3378}
3379
3380/*
3381 * CMD_ENABLE_SNIFFER.
3382 */
3383struct mwl8k_cmd_enable_sniffer {
3384	struct mwl8k_cmd_pkt header;
3385	__le32 action;
3386} __packed;
3387
3388static int mwl8k_cmd_enable_sniffer(struct ieee80211_hw *hw, bool enable)
3389{
3390	struct mwl8k_cmd_enable_sniffer *cmd;
3391	int rc;
3392
3393	cmd = kzalloc(sizeof(*cmd), GFP_KERNEL);
3394	if (cmd == NULL)
3395		return -ENOMEM;
3396
3397	cmd->header.code = cpu_to_le16(MWL8K_CMD_ENABLE_SNIFFER);
3398	cmd->header.length = cpu_to_le16(sizeof(*cmd));
3399	cmd->action = cpu_to_le32(!!enable);
3400
3401	rc = mwl8k_post_cmd(hw, &cmd->header);
3402	kfree(cmd);
3403
3404	return rc;
3405}
3406
3407/*
3408 * CMD_SET_MAC_ADDR.
3409 */
3410struct mwl8k_cmd_set_mac_addr {
3411	struct mwl8k_cmd_pkt header;
3412	union {
3413		struct {
3414			__le16 mac_type;
3415			__u8 mac_addr[ETH_ALEN];
3416		} mbss;
3417		__u8 mac_addr[ETH_ALEN];
3418	};
3419} __packed;
3420
3421#define MWL8K_MAC_TYPE_PRIMARY_CLIENT		0
3422#define MWL8K_MAC_TYPE_SECONDARY_CLIENT		1
3423#define MWL8K_MAC_TYPE_PRIMARY_AP		2
3424#define MWL8K_MAC_TYPE_SECONDARY_AP		3
3425
3426static int mwl8k_cmd_set_mac_addr(struct ieee80211_hw *hw,
3427				  struct ieee80211_vif *vif, u8 *mac)
3428{
3429	struct mwl8k_priv *priv = hw->priv;
3430	struct mwl8k_vif *mwl8k_vif = MWL8K_VIF(vif);
3431	struct mwl8k_cmd_set_mac_addr *cmd;
3432	int mac_type;
3433	int rc;
3434
3435	mac_type = MWL8K_MAC_TYPE_PRIMARY_AP;
3436	if (vif != NULL && vif->type == NL80211_IFTYPE_STATION) {
3437		if (mwl8k_vif->macid + 1 == ffs(priv->sta_macids_supported))
3438			mac_type = MWL8K_MAC_TYPE_PRIMARY_CLIENT;
3439		else
3440			mac_type = MWL8K_MAC_TYPE_SECONDARY_CLIENT;
3441	} else if (vif != NULL && vif->type == NL80211_IFTYPE_AP) {
3442		if (mwl8k_vif->macid + 1 == ffs(priv->ap_macids_supported))
3443			mac_type = MWL8K_MAC_TYPE_PRIMARY_AP;
3444		else
3445			mac_type = MWL8K_MAC_TYPE_SECONDARY_AP;
3446	}
3447
3448	cmd = kzalloc(sizeof(*cmd), GFP_KERNEL);
3449	if (cmd == NULL)
3450		return -ENOMEM;
3451
3452	cmd->header.code = cpu_to_le16(MWL8K_CMD_SET_MAC_ADDR);
3453	cmd->header.length = cpu_to_le16(sizeof(*cmd));
3454	if (priv->ap_fw) {
3455		cmd->mbss.mac_type = cpu_to_le16(mac_type);
3456		memcpy(cmd->mbss.mac_addr, mac, ETH_ALEN);
3457	} else {
3458		memcpy(cmd->mac_addr, mac, ETH_ALEN);
3459	}
3460
3461	rc = mwl8k_post_pervif_cmd(hw, vif, &cmd->header);
3462	kfree(cmd);
3463
3464	return rc;
3465}
3466
3467/*
3468 * CMD_SET_RATEADAPT_MODE.
3469 */
3470struct mwl8k_cmd_set_rate_adapt_mode {
3471	struct mwl8k_cmd_pkt header;
3472	__le16 action;
3473	__le16 mode;
3474} __packed;
3475
3476static int mwl8k_cmd_set_rateadapt_mode(struct ieee80211_hw *hw, __u16 mode)
3477{
3478	struct mwl8k_cmd_set_rate_adapt_mode *cmd;
3479	int rc;
3480
3481	cmd = kzalloc(sizeof(*cmd), GFP_KERNEL);
3482	if (cmd == NULL)
3483		return -ENOMEM;
3484
3485	cmd->header.code = cpu_to_le16(MWL8K_CMD_SET_RATEADAPT_MODE);
3486	cmd->header.length = cpu_to_le16(sizeof(*cmd));
3487	cmd->action = cpu_to_le16(MWL8K_CMD_SET);
3488	cmd->mode = cpu_to_le16(mode);
3489
3490	rc = mwl8k_post_cmd(hw, &cmd->header);
3491	kfree(cmd);
3492
3493	return rc;
3494}
3495
3496/*
3497 * CMD_GET_WATCHDOG_BITMAP.
3498 */
3499struct mwl8k_cmd_get_watchdog_bitmap {
3500	struct mwl8k_cmd_pkt header;
3501	u8	bitmap;
3502} __packed;
3503
3504static int mwl8k_cmd_get_watchdog_bitmap(struct ieee80211_hw *hw, u8 *bitmap)
3505{
3506	struct mwl8k_cmd_get_watchdog_bitmap *cmd;
3507	int rc;
3508
3509	cmd = kzalloc(sizeof(*cmd), GFP_KERNEL);
3510	if (cmd == NULL)
3511		return -ENOMEM;
3512
3513	cmd->header.code = cpu_to_le16(MWL8K_CMD_GET_WATCHDOG_BITMAP);
3514	cmd->header.length = cpu_to_le16(sizeof(*cmd));
3515
3516	rc = mwl8k_post_cmd(hw, &cmd->header);
3517	if (!rc)
3518		*bitmap = cmd->bitmap;
3519
3520	kfree(cmd);
3521
3522	return rc;
3523}
3524
3525#define INVALID_BA	0xAA
3526static void mwl8k_watchdog_ba_events(struct work_struct *work)
3527{
3528	int rc;
3529	u8 bitmap = 0, stream_index;
3530	struct mwl8k_ampdu_stream *streams;
3531	struct mwl8k_priv *priv =
3532		container_of(work, struct mwl8k_priv, watchdog_ba_handle);
3533
3534	rc = mwl8k_cmd_get_watchdog_bitmap(priv->hw, &bitmap);
3535	if (rc)
3536		return;
3537
3538	if (bitmap == INVALID_BA)
3539		return;
3540
3541	/* the bitmap is the hw queue number.  Map it to the ampdu queue. */
3542	stream_index = bitmap - MWL8K_TX_WMM_QUEUES;
3543
3544	BUG_ON(stream_index >= priv->num_ampdu_queues);
3545
3546	streams = &priv->ampdu[stream_index];
3547
3548	if (streams->state == AMPDU_STREAM_ACTIVE)
3549		ieee80211_stop_tx_ba_session(streams->sta, streams->tid);
3550
3551	return;
3552}
3553
3554
3555/*
3556 * CMD_BSS_START.
3557 */
3558struct mwl8k_cmd_bss_start {
3559	struct mwl8k_cmd_pkt header;
3560	__le32 enable;
3561} __packed;
3562
3563static int mwl8k_cmd_bss_start(struct ieee80211_hw *hw,
3564			       struct ieee80211_vif *vif, int enable)
3565{
3566	struct mwl8k_cmd_bss_start *cmd;
3567	int rc;
3568
3569	cmd = kzalloc(sizeof(*cmd), GFP_KERNEL);
3570	if (cmd == NULL)
3571		return -ENOMEM;
3572
3573	cmd->header.code = cpu_to_le16(MWL8K_CMD_BSS_START);
3574	cmd->header.length = cpu_to_le16(sizeof(*cmd));
3575	cmd->enable = cpu_to_le32(enable);
3576
3577	rc = mwl8k_post_pervif_cmd(hw, vif, &cmd->header);
3578	kfree(cmd);
3579
3580	return rc;
3581}
3582
3583/*
3584 * CMD_BASTREAM.
3585 */
3586
3587/*
3588 * UPSTREAM is tx direction
3589 */
3590#define BASTREAM_FLAG_DIRECTION_UPSTREAM	0x00
3591#define BASTREAM_FLAG_IMMEDIATE_TYPE		0x01
3592
3593enum ba_stream_action_type {
3594	MWL8K_BA_CREATE,
3595	MWL8K_BA_UPDATE,
3596	MWL8K_BA_DESTROY,
3597	MWL8K_BA_FLUSH,
3598	MWL8K_BA_CHECK,
3599};
3600
3601
3602struct mwl8k_create_ba_stream {
3603	__le32	flags;
3604	__le32	idle_thrs;
3605	__le32	bar_thrs;
3606	__le32	window_size;
3607	u8	peer_mac_addr[6];
3608	u8	dialog_token;
3609	u8	tid;
3610	u8	queue_id;
3611	u8	param_info;
3612	__le32	ba_context;
3613	u8	reset_seq_no_flag;
3614	__le16	curr_seq_no;
3615	u8	sta_src_mac_addr[6];
3616} __packed;
3617
3618struct mwl8k_destroy_ba_stream {
3619	__le32	flags;
3620	__le32	ba_context;
3621} __packed;
3622
3623struct mwl8k_cmd_bastream {
3624	struct mwl8k_cmd_pkt	header;
3625	__le32	action;
3626	union {
3627		struct mwl8k_create_ba_stream	create_params;
3628		struct mwl8k_destroy_ba_stream	destroy_params;
3629	};
3630} __packed;
3631
3632static int
3633mwl8k_check_ba(struct ieee80211_hw *hw, struct mwl8k_ampdu_stream *stream)
3634{
3635	struct mwl8k_cmd_bastream *cmd;
3636	int rc;
3637
3638	cmd = kzalloc(sizeof(*cmd), GFP_KERNEL);
3639	if (cmd == NULL)
3640		return -ENOMEM;
3641
3642	cmd->header.code = cpu_to_le16(MWL8K_CMD_BASTREAM);
3643	cmd->header.length = cpu_to_le16(sizeof(*cmd));
3644
3645	cmd->action = cpu_to_le32(MWL8K_BA_CHECK);
3646
3647	cmd->create_params.queue_id = stream->idx;
3648	memcpy(&cmd->create_params.peer_mac_addr[0], stream->sta->addr,
3649	       ETH_ALEN);
3650	cmd->create_params.tid = stream->tid;
3651
3652	cmd->create_params.flags =
3653		cpu_to_le32(BASTREAM_FLAG_IMMEDIATE_TYPE) |
3654		cpu_to_le32(BASTREAM_FLAG_DIRECTION_UPSTREAM);
3655
3656	rc = mwl8k_post_cmd(hw, &cmd->header);
3657
3658	kfree(cmd);
3659
3660	return rc;
3661}
3662
3663static int
3664mwl8k_create_ba(struct ieee80211_hw *hw, struct mwl8k_ampdu_stream *stream,
3665		u8 buf_size)
3666{
3667	struct mwl8k_cmd_bastream *cmd;
3668	int rc;
3669
3670	cmd = kzalloc(sizeof(*cmd), GFP_KERNEL);
3671	if (cmd == NULL)
3672		return -ENOMEM;
3673
3674
3675	cmd->header.code = cpu_to_le16(MWL8K_CMD_BASTREAM);
3676	cmd->header.length = cpu_to_le16(sizeof(*cmd));
3677
3678	cmd->action = cpu_to_le32(MWL8K_BA_CREATE);
3679
3680	cmd->create_params.bar_thrs = cpu_to_le32((u32)buf_size);
3681	cmd->create_params.window_size = cpu_to_le32((u32)buf_size);
3682	cmd->create_params.queue_id = stream->idx;
3683
3684	memcpy(cmd->create_params.peer_mac_addr, stream->sta->addr, ETH_ALEN);
3685	cmd->create_params.tid = stream->tid;
3686	cmd->create_params.curr_seq_no = cpu_to_le16(0);
3687	cmd->create_params.reset_seq_no_flag = 1;
3688
3689	cmd->create_params.param_info =
3690		(stream->sta->ht_cap.ampdu_factor &
3691		 IEEE80211_HT_AMPDU_PARM_FACTOR) |
3692		((stream->sta->ht_cap.ampdu_density << 2) &
3693		 IEEE80211_HT_AMPDU_PARM_DENSITY);
3694
3695	cmd->create_params.flags =
3696		cpu_to_le32(BASTREAM_FLAG_IMMEDIATE_TYPE |
3697					BASTREAM_FLAG_DIRECTION_UPSTREAM);
3698
3699	rc = mwl8k_post_cmd(hw, &cmd->header);
3700
3701	wiphy_debug(hw->wiphy, "Created a BA stream for %pM : tid %d\n",
3702		stream->sta->addr, stream->tid);
3703	kfree(cmd);
3704
3705	return rc;
3706}
3707
3708static void mwl8k_destroy_ba(struct ieee80211_hw *hw,
3709			     struct mwl8k_ampdu_stream *stream)
3710{
3711	struct mwl8k_cmd_bastream *cmd;
3712
3713	cmd = kzalloc(sizeof(*cmd), GFP_KERNEL);
3714	if (cmd == NULL)
3715		return;
3716
3717	cmd->header.code = cpu_to_le16(MWL8K_CMD_BASTREAM);
3718	cmd->header.length = cpu_to_le16(sizeof(*cmd));
3719	cmd->action = cpu_to_le32(MWL8K_BA_DESTROY);
3720
3721	cmd->destroy_params.ba_context = cpu_to_le32(stream->idx);
3722	mwl8k_post_cmd(hw, &cmd->header);
3723
3724	wiphy_debug(hw->wiphy, "Deleted BA stream index %d\n", stream->idx);
3725
3726	kfree(cmd);
3727}
3728
3729/*
3730 * CMD_SET_NEW_STN.
3731 */
3732struct mwl8k_cmd_set_new_stn {
3733	struct mwl8k_cmd_pkt header;
3734	__le16 aid;
3735	__u8 mac_addr[6];
3736	__le16 stn_id;
3737	__le16 action;
3738	__le16 rsvd;
3739	__le32 legacy_rates;
3740	__u8 ht_rates[4];
3741	__le16 cap_info;
3742	__le16 ht_capabilities_info;
3743	__u8 mac_ht_param_info;
3744	__u8 rev;
3745	__u8 control_channel;
3746	__u8 add_channel;
3747	__le16 op_mode;
3748	__le16 stbc;
3749	__u8 add_qos_info;
3750	__u8 is_qos_sta;
3751	__le32 fw_sta_ptr;
3752} __packed;
3753
3754#define MWL8K_STA_ACTION_ADD		0
3755#define MWL8K_STA_ACTION_REMOVE		2
3756
3757static int mwl8k_cmd_set_new_stn_add(struct ieee80211_hw *hw,
3758				     struct ieee80211_vif *vif,
3759				     struct ieee80211_sta *sta)
3760{
3761	struct mwl8k_cmd_set_new_stn *cmd;
3762	u32 rates;
3763	int rc;
3764
3765	cmd = kzalloc(sizeof(*cmd), GFP_KERNEL);
3766	if (cmd == NULL)
3767		return -ENOMEM;
3768
3769	cmd->header.code = cpu_to_le16(MWL8K_CMD_SET_NEW_STN);
3770	cmd->header.length = cpu_to_le16(sizeof(*cmd));
3771	cmd->aid = cpu_to_le16(sta->aid);
3772	memcpy(cmd->mac_addr, sta->addr, ETH_ALEN);
3773	cmd->stn_id = cpu_to_le16(sta->aid);
3774	cmd->action = cpu_to_le16(MWL8K_STA_ACTION_ADD);
3775	if (hw->conf.channel->band == IEEE80211_BAND_2GHZ)
3776		rates = sta->supp_rates[IEEE80211_BAND_2GHZ];
3777	else
3778		rates = sta->supp_rates[IEEE80211_BAND_5GHZ] << 5;
3779	cmd->legacy_rates = cpu_to_le32(rates);
3780	if (sta->ht_cap.ht_supported) {
3781		cmd->ht_rates[0] = sta->ht_cap.mcs.rx_mask[0];
3782		cmd->ht_rates[1] = sta->ht_cap.mcs.rx_mask[1];
3783		cmd->ht_rates[2] = sta->ht_cap.mcs.rx_mask[2];
3784		cmd->ht_rates[3] = sta->ht_cap.mcs.rx_mask[3];
3785		cmd->ht_capabilities_info = cpu_to_le16(sta->ht_cap.cap);
3786		cmd->mac_ht_param_info = (sta->ht_cap.ampdu_factor & 3) |
3787			((sta->ht_cap.ampdu_density & 7) << 2);
3788		cmd->is_qos_sta = 1;
3789	}
3790
3791	rc = mwl8k_post_pervif_cmd(hw, vif, &cmd->header);
3792	kfree(cmd);
3793
3794	return rc;
3795}
3796
3797static int mwl8k_cmd_set_new_stn_add_self(struct ieee80211_hw *hw,
3798					  struct ieee80211_vif *vif)
3799{
3800	struct mwl8k_cmd_set_new_stn *cmd;
3801	int rc;
3802
3803	cmd = kzalloc(sizeof(*cmd), GFP_KERNEL);
3804	if (cmd == NULL)
3805		return -ENOMEM;
3806
3807	cmd->header.code = cpu_to_le16(MWL8K_CMD_SET_NEW_STN);
3808	cmd->header.length = cpu_to_le16(sizeof(*cmd));
3809	memcpy(cmd->mac_addr, vif->addr, ETH_ALEN);
3810
3811	rc = mwl8k_post_pervif_cmd(hw, vif, &cmd->header);
3812	kfree(cmd);
3813
3814	return rc;
3815}
3816
3817static int mwl8k_cmd_set_new_stn_del(struct ieee80211_hw *hw,
3818				     struct ieee80211_vif *vif, u8 *addr)
3819{
3820	struct mwl8k_cmd_set_new_stn *cmd;
3821	int rc;
3822
3823	cmd = kzalloc(sizeof(*cmd), GFP_KERNEL);
3824	if (cmd == NULL)
3825		return -ENOMEM;
3826
3827	cmd->header.code = cpu_to_le16(MWL8K_CMD_SET_NEW_STN);
3828	cmd->header.length = cpu_to_le16(sizeof(*cmd));
3829	memcpy(cmd->mac_addr, addr, ETH_ALEN);
3830	cmd->action = cpu_to_le16(MWL8K_STA_ACTION_REMOVE);
3831
3832	rc = mwl8k_post_pervif_cmd(hw, vif, &cmd->header);
3833	kfree(cmd);
3834
3835	return rc;
3836}
3837
3838/*
3839 * CMD_UPDATE_ENCRYPTION.
3840 */
3841
3842#define MAX_ENCR_KEY_LENGTH	16
3843#define MIC_KEY_LENGTH		8
3844
3845struct mwl8k_cmd_update_encryption {
3846	struct mwl8k_cmd_pkt header;
3847
3848	__le32 action;
3849	__le32 reserved;
3850	__u8 mac_addr[6];
3851	__u8 encr_type;
3852
3853} __packed;
3854
3855struct mwl8k_cmd_set_key {
3856	struct mwl8k_cmd_pkt header;
3857
3858	__le32 action;
3859	__le32 reserved;
3860	__le16 length;
3861	__le16 key_type_id;
3862	__le32 key_info;
3863	__le32 key_id;
3864	__le16 key_len;
3865	__u8 key_material[MAX_ENCR_KEY_LENGTH];
3866	__u8 tkip_tx_mic_key[MIC_KEY_LENGTH];
3867	__u8 tkip_rx_mic_key[MIC_KEY_LENGTH];
3868	__le16 tkip_rsc_low;
3869	__le32 tkip_rsc_high;
3870	__le16 tkip_tsc_low;
3871	__le32 tkip_tsc_high;
3872	__u8 mac_addr[6];
3873} __packed;
3874
3875enum {
3876	MWL8K_ENCR_ENABLE,
3877	MWL8K_ENCR_SET_KEY,
3878	MWL8K_ENCR_REMOVE_KEY,
3879	MWL8K_ENCR_SET_GROUP_KEY,
3880};
3881
3882#define MWL8K_UPDATE_ENCRYPTION_TYPE_WEP	0
3883#define MWL8K_UPDATE_ENCRYPTION_TYPE_DISABLE	1
3884#define MWL8K_UPDATE_ENCRYPTION_TYPE_TKIP	4
3885#define MWL8K_UPDATE_ENCRYPTION_TYPE_MIXED	7
3886#define MWL8K_UPDATE_ENCRYPTION_TYPE_AES	8
3887
3888enum {
3889	MWL8K_ALG_WEP,
3890	MWL8K_ALG_TKIP,
3891	MWL8K_ALG_CCMP,
3892};
3893
3894#define MWL8K_KEY_FLAG_TXGROUPKEY	0x00000004
3895#define MWL8K_KEY_FLAG_PAIRWISE		0x00000008
3896#define MWL8K_KEY_FLAG_TSC_VALID	0x00000040
3897#define MWL8K_KEY_FLAG_WEP_TXKEY	0x01000000
3898#define MWL8K_KEY_FLAG_MICKEY_VALID	0x02000000
3899
3900static int mwl8k_cmd_update_encryption_enable(struct ieee80211_hw *hw,
3901					      struct ieee80211_vif *vif,
3902					      u8 *addr,
3903					      u8 encr_type)
3904{
3905	struct mwl8k_cmd_update_encryption *cmd;
3906	int rc;
3907
3908	cmd = kzalloc(sizeof(*cmd), GFP_KERNEL);
3909	if (cmd == NULL)
3910		return -ENOMEM;
3911
3912	cmd->header.code = cpu_to_le16(MWL8K_CMD_UPDATE_ENCRYPTION);
3913	cmd->header.length = cpu_to_le16(sizeof(*cmd));
3914	cmd->action = cpu_to_le32(MWL8K_ENCR_ENABLE);
3915	memcpy(cmd->mac_addr, addr, ETH_ALEN);
3916	cmd->encr_type = encr_type;
3917
3918	rc = mwl8k_post_pervif_cmd(hw, vif, &cmd->header);
3919	kfree(cmd);
3920
3921	return rc;
3922}
3923
3924static int mwl8k_encryption_set_cmd_info(struct mwl8k_cmd_set_key *cmd,
3925						u8 *addr,
3926						struct ieee80211_key_conf *key)
3927{
3928	cmd->header.code = cpu_to_le16(MWL8K_CMD_UPDATE_ENCRYPTION);
3929	cmd->header.length = cpu_to_le16(sizeof(*cmd));
3930	cmd->length = cpu_to_le16(sizeof(*cmd) -
3931				offsetof(struct mwl8k_cmd_set_key, length));
3932	cmd->key_id = cpu_to_le32(key->keyidx);
3933	cmd->key_len = cpu_to_le16(key->keylen);
3934	memcpy(cmd->mac_addr, addr, ETH_ALEN);
3935
3936	switch (key->cipher) {
3937	case WLAN_CIPHER_SUITE_WEP40:
3938	case WLAN_CIPHER_SUITE_WEP104:
3939		cmd->key_type_id = cpu_to_le16(MWL8K_ALG_WEP);
3940		if (key->keyidx == 0)
3941			cmd->key_info =	cpu_to_le32(MWL8K_KEY_FLAG_WEP_TXKEY);
3942
3943		break;
3944	case WLAN_CIPHER_SUITE_TKIP:
3945		cmd->key_type_id = cpu_to_le16(MWL8K_ALG_TKIP);
3946		cmd->key_info =	(key->flags & IEEE80211_KEY_FLAG_PAIRWISE)
3947			? cpu_to_le32(MWL8K_KEY_FLAG_PAIRWISE)
3948			: cpu_to_le32(MWL8K_KEY_FLAG_TXGROUPKEY);
3949		cmd->key_info |= cpu_to_le32(MWL8K_KEY_FLAG_MICKEY_VALID
3950						| MWL8K_KEY_FLAG_TSC_VALID);
3951		break;
3952	case WLAN_CIPHER_SUITE_CCMP:
3953		cmd->key_type_id = cpu_to_le16(MWL8K_ALG_CCMP);
3954		cmd->key_info =	(key->flags & IEEE80211_KEY_FLAG_PAIRWISE)
3955			? cpu_to_le32(MWL8K_KEY_FLAG_PAIRWISE)
3956			: cpu_to_le32(MWL8K_KEY_FLAG_TXGROUPKEY);
3957		break;
3958	default:
3959		return -ENOTSUPP;
3960	}
3961
3962	return 0;
3963}
3964
3965static int mwl8k_cmd_encryption_set_key(struct ieee80211_hw *hw,
3966						struct ieee80211_vif *vif,
3967						u8 *addr,
3968						struct ieee80211_key_conf *key)
3969{
3970	struct mwl8k_cmd_set_key *cmd;
3971	int rc;
3972	int keymlen;
3973	u32 action;
3974	u8 idx;
3975	struct mwl8k_vif *mwl8k_vif = MWL8K_VIF(vif);
3976
3977	cmd = kzalloc(sizeof(*cmd), GFP_KERNEL);
3978	if (cmd == NULL)
3979		return -ENOMEM;
3980
3981	rc = mwl8k_encryption_set_cmd_info(cmd, addr, key);
3982	if (rc < 0)
3983		goto done;
3984
3985	idx = key->keyidx;
3986
3987	if (key->flags & IEEE80211_KEY_FLAG_PAIRWISE)
3988		action = MWL8K_ENCR_SET_KEY;
3989	else
3990		action = MWL8K_ENCR_SET_GROUP_KEY;
3991
3992	switch (key->cipher) {
3993	case WLAN_CIPHER_SUITE_WEP40:
3994	case WLAN_CIPHER_SUITE_WEP104:
3995		if (!mwl8k_vif->wep_key_conf[idx].enabled) {
3996			memcpy(mwl8k_vif->wep_key_conf[idx].key, key,
3997						sizeof(*key) + key->keylen);
3998			mwl8k_vif->wep_key_conf[idx].enabled = 1;
3999		}
4000
4001		keymlen = key->keylen;
4002		action = MWL8K_ENCR_SET_KEY;
4003		break;
4004	case WLAN_CIPHER_SUITE_TKIP:
4005		keymlen = MAX_ENCR_KEY_LENGTH + 2 * MIC_KEY_LENGTH;
4006		break;
4007	case WLAN_CIPHER_SUITE_CCMP:
4008		keymlen = key->keylen;
4009		break;
4010	default:
4011		rc = -ENOTSUPP;
4012		goto done;
4013	}
4014
4015	memcpy(cmd->key_material, key->key, keymlen);
4016	cmd->action = cpu_to_le32(action);
4017
4018	rc = mwl8k_post_pervif_cmd(hw, vif, &cmd->header);
4019done:
4020	kfree(cmd);
4021
4022	return rc;
4023}
4024
4025static int mwl8k_cmd_encryption_remove_key(struct ieee80211_hw *hw,
4026						struct ieee80211_vif *vif,
4027						u8 *addr,
4028						struct ieee80211_key_conf *key)
4029{
4030	struct mwl8k_cmd_set_key *cmd;
4031	int rc;
4032	struct mwl8k_vif *mwl8k_vif = MWL8K_VIF(vif);
4033
4034	cmd = kzalloc(sizeof(*cmd), GFP_KERNEL);
4035	if (cmd == NULL)
4036		return -ENOMEM;
4037
4038	rc = mwl8k_encryption_set_cmd_info(cmd, addr, key);
4039	if (rc < 0)
4040		goto done;
4041
4042	if (key->cipher == WLAN_CIPHER_SUITE_WEP40 ||
4043			WLAN_CIPHER_SUITE_WEP104)
4044		mwl8k_vif->wep_key_conf[key->keyidx].enabled = 0;
4045
4046	cmd->action = cpu_to_le32(MWL8K_ENCR_REMOVE_KEY);
4047
4048	rc = mwl8k_post_pervif_cmd(hw, vif, &cmd->header);
4049done:
4050	kfree(cmd);
4051
4052	return rc;
4053}
4054
4055static int mwl8k_set_key(struct ieee80211_hw *hw,
4056			 enum set_key_cmd cmd_param,
4057			 struct ieee80211_vif *vif,
4058			 struct ieee80211_sta *sta,
4059			 struct ieee80211_key_conf *key)
4060{
4061	int rc = 0;
4062	u8 encr_type;
4063	u8 *addr;
4064	struct mwl8k_vif *mwl8k_vif = MWL8K_VIF(vif);
4065
4066	if (vif->type == NL80211_IFTYPE_STATION)
4067		return -EOPNOTSUPP;
4068
4069	if (sta == NULL)
4070		addr = hw->wiphy->perm_addr;
4071	else
4072		addr = sta->addr;
4073
4074	if (cmd_param == SET_KEY) {
4075		rc = mwl8k_cmd_encryption_set_key(hw, vif, addr, key);
4076		if (rc)
4077			goto out;
4078
4079		if ((key->cipher == WLAN_CIPHER_SUITE_WEP40)
4080				|| (key->cipher == WLAN_CIPHER_SUITE_WEP104))
4081			encr_type = MWL8K_UPDATE_ENCRYPTION_TYPE_WEP;
4082		else
4083			encr_type = MWL8K_UPDATE_ENCRYPTION_TYPE_MIXED;
4084
4085		rc = mwl8k_cmd_update_encryption_enable(hw, vif, addr,
4086								encr_type);
4087		if (rc)
4088			goto out;
4089
4090		mwl8k_vif->is_hw_crypto_enabled = true;
4091
4092	} else {
4093		rc = mwl8k_cmd_encryption_remove_key(hw, vif, addr, key);
4094
4095		if (rc)
4096			goto out;
4097
4098		mwl8k_vif->is_hw_crypto_enabled = false;
4099
4100	}
4101out:
4102	return rc;
4103}
4104
4105/*
4106 * CMD_UPDATE_STADB.
4107 */
4108struct ewc_ht_info {
4109	__le16	control1;
4110	__le16	control2;
4111	__le16	control3;
4112} __packed;
4113
4114struct peer_capability_info {
4115	/* Peer type - AP vs. STA.  */
4116	__u8	peer_type;
4117
4118	/* Basic 802.11 capabilities from assoc resp.  */
4119	__le16	basic_caps;
4120
4121	/* Set if peer supports 802.11n high throughput (HT).  */
4122	__u8	ht_support;
4123
4124	/* Valid if HT is supported.  */
4125	__le16	ht_caps;
4126	__u8	extended_ht_caps;
4127	struct ewc_ht_info	ewc_info;
4128
4129	/* Legacy rate table. Intersection of our rates and peer rates.  */
4130	__u8	legacy_rates[12];
4131
4132	/* HT rate table. Intersection of our rates and peer rates.  */
4133	__u8	ht_rates[16];
4134	__u8	pad[16];
4135
4136	/* If set, interoperability mode, no proprietary extensions.  */
4137	__u8	interop;
4138	__u8	pad2;
4139	__u8	station_id;
4140	__le16	amsdu_enabled;
4141} __packed;
4142
4143struct mwl8k_cmd_update_stadb {
4144	struct mwl8k_cmd_pkt header;
4145
4146	/* See STADB_ACTION_TYPE */
4147	__le32	action;
4148
4149	/* Peer MAC address */
4150	__u8	peer_addr[ETH_ALEN];
4151
4152	__le32	reserved;
4153
4154	/* Peer info - valid during add/update.  */
4155	struct peer_capability_info	peer_info;
4156} __packed;
4157
4158#define MWL8K_STA_DB_MODIFY_ENTRY	1
4159#define MWL8K_STA_DB_DEL_ENTRY		2
4160
4161/* Peer Entry flags - used to define the type of the peer node */
4162#define MWL8K_PEER_TYPE_ACCESSPOINT	2
4163
4164static int mwl8k_cmd_update_stadb_add(struct ieee80211_hw *hw,
4165				      struct ieee80211_vif *vif,
4166				      struct ieee80211_sta *sta)
4167{
4168	struct mwl8k_cmd_update_stadb *cmd;
4169	struct peer_capability_info *p;
4170	u32 rates;
4171	int rc;
4172
4173	cmd = kzalloc(sizeof(*cmd), GFP_KERNEL);
4174	if (cmd == NULL)
4175		return -ENOMEM;
4176
4177	cmd->header.code = cpu_to_le16(MWL8K_CMD_UPDATE_STADB);
4178	cmd->header.length = cpu_to_le16(sizeof(*cmd));
4179	cmd->action = cpu_to_le32(MWL8K_STA_DB_MODIFY_ENTRY);
4180	memcpy(cmd->peer_addr, sta->addr, ETH_ALEN);
4181
4182	p = &cmd->peer_info;
4183	p->peer_type = MWL8K_PEER_TYPE_ACCESSPOINT;
4184	p->basic_caps = cpu_to_le16(vif->bss_conf.assoc_capability);
4185	p->ht_support = sta->ht_cap.ht_supported;
4186	p->ht_caps = cpu_to_le16(sta->ht_cap.cap);
4187	p->extended_ht_caps = (sta->ht_cap.ampdu_factor & 3) |
4188		((sta->ht_cap.ampdu_density & 7) << 2);
4189	if (hw->conf.channel->band == IEEE80211_BAND_2GHZ)
4190		rates = sta->supp_rates[IEEE80211_BAND_2GHZ];
4191	else
4192		rates = sta->supp_rates[IEEE80211_BAND_5GHZ] << 5;
4193	legacy_rate_mask_to_array(p->legacy_rates, rates);
4194	memcpy(p->ht_rates, sta->ht_cap.mcs.rx_mask, 16);
4195	p->interop = 1;
4196	p->amsdu_enabled = 0;
4197
4198	rc = mwl8k_post_cmd(hw, &cmd->header);
4199	kfree(cmd);
4200
4201	return rc ? rc : p->station_id;
4202}
4203
4204static int mwl8k_cmd_update_stadb_del(struct ieee80211_hw *hw,
4205				      struct ieee80211_vif *vif, u8 *addr)
4206{
4207	struct mwl8k_cmd_update_stadb *cmd;
4208	int rc;
4209
4210	cmd = kzalloc(sizeof(*cmd), GFP_KERNEL);
4211	if (cmd == NULL)
4212		return -ENOMEM;
4213
4214	cmd->header.code = cpu_to_le16(MWL8K_CMD_UPDATE_STADB);
4215	cmd->header.length = cpu_to_le16(sizeof(*cmd));
4216	cmd->action = cpu_to_le32(MWL8K_STA_DB_DEL_ENTRY);
4217	memcpy(cmd->peer_addr, addr, ETH_ALEN);
4218
4219	rc = mwl8k_post_cmd(hw, &cmd->header);
4220	kfree(cmd);
4221
4222	return rc;
4223}
4224
4225
4226/*
4227 * Interrupt handling.
4228 */
4229static irqreturn_t mwl8k_interrupt(int irq, void *dev_id)
4230{
4231	struct ieee80211_hw *hw = dev_id;
4232	struct mwl8k_priv *priv = hw->priv;
4233	u32 status;
4234
4235	status = ioread32(priv->regs + MWL8K_HIU_A2H_INTERRUPT_STATUS);
4236	if (!status)
4237		return IRQ_NONE;
4238
4239	if (status & MWL8K_A2H_INT_TX_DONE) {
4240		status &= ~MWL8K_A2H_INT_TX_DONE;
4241		tasklet_schedule(&priv->poll_tx_task);
4242	}
4243
4244	if (status & MWL8K_A2H_INT_RX_READY) {
4245		status &= ~MWL8K_A2H_INT_RX_READY;
4246		tasklet_schedule(&priv->poll_rx_task);
4247	}
4248
4249	if (status & MWL8K_A2H_INT_BA_WATCHDOG) {
4250		status &= ~MWL8K_A2H_INT_BA_WATCHDOG;
4251		ieee80211_queue_work(hw, &priv->watchdog_ba_handle);
4252	}
4253
4254	if (status)
4255		iowrite32(~status, priv->regs + MWL8K_HIU_A2H_INTERRUPT_STATUS);
4256
4257	if (status & MWL8K_A2H_INT_OPC_DONE) {
4258		if (priv->hostcmd_wait != NULL)
4259			complete(priv->hostcmd_wait);
4260	}
4261
4262	if (status & MWL8K_A2H_INT_QUEUE_EMPTY) {
4263		if (!mutex_is_locked(&priv->fw_mutex) &&
4264		    priv->radio_on && priv->pending_tx_pkts)
4265			mwl8k_tx_start(priv);
4266	}
4267
4268	return IRQ_HANDLED;
4269}
4270
4271static void mwl8k_tx_poll(unsigned long data)
4272{
4273	struct ieee80211_hw *hw = (struct ieee80211_hw *)data;
4274	struct mwl8k_priv *priv = hw->priv;
4275	int limit;
4276	int i;
4277
4278	limit = 32;
4279
4280	spin_lock_bh(&priv->tx_lock);
4281
4282	for (i = 0; i < mwl8k_tx_queues(priv); i++)
4283		limit -= mwl8k_txq_reclaim(hw, i, limit, 0);
4284
4285	if (!priv->pending_tx_pkts && priv->tx_wait != NULL) {
4286		complete(priv->tx_wait);
4287		priv->tx_wait = NULL;
4288	}
4289
4290	spin_unlock_bh(&priv->tx_lock);
4291
4292	if (limit) {
4293		writel(~MWL8K_A2H_INT_TX_DONE,
4294		       priv->regs + MWL8K_HIU_A2H_INTERRUPT_STATUS);
4295	} else {
4296		tasklet_schedule(&priv->poll_tx_task);
4297	}
4298}
4299
4300static void mwl8k_rx_poll(unsigned long data)
4301{
4302	struct ieee80211_hw *hw = (struct ieee80211_hw *)data;
4303	struct mwl8k_priv *priv = hw->priv;
4304	int limit;
4305
4306	limit = 32;
4307	limit -= rxq_process(hw, 0, limit);
4308	limit -= rxq_refill(hw, 0, limit);
4309
4310	if (limit) {
4311		writel(~MWL8K_A2H_INT_RX_READY,
4312		       priv->regs + MWL8K_HIU_A2H_INTERRUPT_STATUS);
4313	} else {
4314		tasklet_schedule(&priv->poll_rx_task);
4315	}
4316}
4317
4318
4319/*
4320 * Core driver operations.
4321 */
4322static void mwl8k_tx(struct ieee80211_hw *hw, struct sk_buff *skb)
4323{
4324	struct mwl8k_priv *priv = hw->priv;
4325	int index = skb_get_queue_mapping(skb);
4326
4327	if (!priv->radio_on) {
4328		wiphy_debug(hw->wiphy,
4329			    "dropped TX frame since radio disabled\n");
4330		dev_kfree_skb(skb);
4331		return;
4332	}
4333
4334	mwl8k_txq_xmit(hw, index, skb);
4335}
4336
4337static int mwl8k_start(struct ieee80211_hw *hw)
4338{
4339	struct mwl8k_priv *priv = hw->priv;
4340	int rc;
4341
4342	rc = request_irq(priv->pdev->irq, mwl8k_interrupt,
4343			 IRQF_SHARED, MWL8K_NAME, hw);
4344	if (rc) {
4345		priv->irq = -1;
4346		wiphy_err(hw->wiphy, "failed to register IRQ handler\n");
4347		return -EIO;
4348	}
4349	priv->irq = priv->pdev->irq;
4350
4351	/* Enable TX reclaim and RX tasklets.  */
4352	tasklet_enable(&priv->poll_tx_task);
4353	tasklet_enable(&priv->poll_rx_task);
4354
4355	/* Enable interrupts */
4356	iowrite32(MWL8K_A2H_EVENTS, priv->regs + MWL8K_HIU_A2H_INTERRUPT_MASK);
4357	iowrite32(MWL8K_A2H_EVENTS,
4358		  priv->regs + MWL8K_HIU_A2H_INTERRUPT_STATUS_MASK);
4359
4360	rc = mwl8k_fw_lock(hw);
4361	if (!rc) {
4362		rc = mwl8k_cmd_radio_enable(hw);
4363
4364		if (!priv->ap_fw) {
4365			if (!rc)
4366				rc = mwl8k_cmd_enable_sniffer(hw, 0);
4367
4368			if (!rc)
4369				rc = mwl8k_cmd_set_pre_scan(hw);
4370
4371			if (!rc)
4372				rc = mwl8k_cmd_set_post_scan(hw,
4373						"\x00\x00\x00\x00\x00\x00");
4374		}
4375
4376		if (!rc)
4377			rc = mwl8k_cmd_set_rateadapt_mode(hw, 0);
4378
4379		if (!rc)
4380			rc = mwl8k_cmd_set_wmm_mode(hw, 0);
4381
4382		mwl8k_fw_unlock(hw);
4383	}
4384
4385	if (rc) {
4386		iowrite32(0, priv->regs + MWL8K_HIU_A2H_INTERRUPT_MASK);
4387		free_irq(priv->pdev->irq, hw);
4388		priv->irq = -1;
4389		tasklet_disable(&priv->poll_tx_task);
4390		tasklet_disable(&priv->poll_rx_task);
4391	}
4392
4393	return rc;
4394}
4395
4396static void mwl8k_stop(struct ieee80211_hw *hw)
4397{
4398	struct mwl8k_priv *priv = hw->priv;
4399	int i;
4400
4401	mwl8k_cmd_radio_disable(hw);
4402
4403	ieee80211_stop_queues(hw);
4404
4405	/* Disable interrupts */
4406	iowrite32(0, priv->regs + MWL8K_HIU_A2H_INTERRUPT_MASK);
4407	if (priv->irq != -1) {
4408		free_irq(priv->pdev->irq, hw);
4409		priv->irq = -1;
4410	}
4411
4412	/* Stop finalize join worker */
4413	cancel_work_sync(&priv->finalize_join_worker);
4414	cancel_work_sync(&priv->watchdog_ba_handle);
4415	if (priv->beacon_skb != NULL)
4416		dev_kfree_skb(priv->beacon_skb);
4417
4418	/* Stop TX reclaim and RX tasklets.  */
4419	tasklet_disable(&priv->poll_tx_task);
4420	tasklet_disable(&priv->poll_rx_task);
4421
4422	/* Return all skbs to mac80211 */
4423	for (i = 0; i < mwl8k_tx_queues(priv); i++)
4424		mwl8k_txq_reclaim(hw, i, INT_MAX, 1);
4425}
4426
4427static int mwl8k_reload_firmware(struct ieee80211_hw *hw, char *fw_image);
4428
4429static int mwl8k_add_interface(struct ieee80211_hw *hw,
4430			       struct ieee80211_vif *vif)
4431{
4432	struct mwl8k_priv *priv = hw->priv;
4433	struct mwl8k_vif *mwl8k_vif;
4434	u32 macids_supported;
4435	int macid, rc;
4436	struct mwl8k_device_info *di;
4437
4438	/*
4439	 * Reject interface creation if sniffer mode is active, as
4440	 * STA operation is mutually exclusive with hardware sniffer
4441	 * mode.  (Sniffer mode is only used on STA firmware.)
4442	 */
4443	if (priv->sniffer_enabled) {
4444		wiphy_info(hw->wiphy,
4445			   "unable to create STA interface because sniffer mode is enabled\n");
4446		return -EINVAL;
4447	}
4448
4449	di = priv->device_info;
4450	switch (vif->type) {
4451	case NL80211_IFTYPE_AP:
4452		if (!priv->ap_fw && di->fw_image_ap) {
4453			/* we must load the ap fw to meet this request */
4454			if (!list_empty(&priv->vif_list))
4455				return -EBUSY;
4456			rc = mwl8k_reload_firmware(hw, di->fw_image_ap);
4457			if (rc)
4458				return rc;
4459		}
4460		macids_supported = priv->ap_macids_supported;
4461		break;
4462	case NL80211_IFTYPE_STATION:
4463		if (priv->ap_fw && di->fw_image_sta) {
4464			/* we must load the sta fw to meet this request */
4465			if (!list_empty(&priv->vif_list))
4466				return -EBUSY;
4467			rc = mwl8k_reload_firmware(hw, di->fw_image_sta);
4468			if (rc)
4469				return rc;
4470		}
4471		macids_supported = priv->sta_macids_supported;
4472		break;
4473	default:
4474		return -EINVAL;
4475	}
4476
4477	macid = ffs(macids_supported & ~priv->macids_used);
4478	if (!macid--)
4479		return -EBUSY;
4480
4481	/* Setup driver private area. */
4482	mwl8k_vif = MWL8K_VIF(vif);
4483	memset(mwl8k_vif, 0, sizeof(*mwl8k_vif));
4484	mwl8k_vif->vif = vif;
4485	mwl8k_vif->macid = macid;
4486	mwl8k_vif->seqno = 0;
4487	memcpy(mwl8k_vif->bssid, vif->addr, ETH_ALEN);
4488	mwl8k_vif->is_hw_crypto_enabled = false;
4489
4490	/* Set the mac address.  */
4491	mwl8k_cmd_set_mac_addr(hw, vif, vif->addr);
4492
4493	if (priv->ap_fw)
4494		mwl8k_cmd_set_new_stn_add_self(hw, vif);
4495
4496	priv->macids_used |= 1 << mwl8k_vif->macid;
4497	list_add_tail(&mwl8k_vif->list, &priv->vif_list);
4498
4499	return 0;
4500}
4501
4502static void mwl8k_remove_interface(struct ieee80211_hw *hw,
4503				   struct ieee80211_vif *vif)
4504{
4505	struct mwl8k_priv *priv = hw->priv;
4506	struct mwl8k_vif *mwl8k_vif = MWL8K_VIF(vif);
4507
4508	if (priv->ap_fw)
4509		mwl8k_cmd_set_new_stn_del(hw, vif, vif->addr);
4510
4511	mwl8k_cmd_set_mac_addr(hw, vif, "\x00\x00\x00\x00\x00\x00");
4512
4513	priv->macids_used &= ~(1 << mwl8k_vif->macid);
4514	list_del(&mwl8k_vif->list);
4515}
4516
4517static int mwl8k_config(struct ieee80211_hw *hw, u32 changed)
4518{
4519	struct ieee80211_conf *conf = &hw->conf;
4520	struct mwl8k_priv *priv = hw->priv;
4521	int rc;
4522
4523	if (conf->flags & IEEE80211_CONF_IDLE) {
4524		mwl8k_cmd_radio_disable(hw);
4525		return 0;
4526	}
4527
4528	rc = mwl8k_fw_lock(hw);
4529	if (rc)
4530		return rc;
4531
4532	rc = mwl8k_cmd_radio_enable(hw);
4533	if (rc)
4534		goto out;
4535
4536	rc = mwl8k_cmd_set_rf_channel(hw, conf);
4537	if (rc)
4538		goto out;
4539
4540	if (conf->power_level > 18)
4541		conf->power_level = 18;
4542
4543	if (priv->ap_fw) {
4544
4545		if (conf->flags & IEEE80211_CONF_CHANGE_POWER) {
4546			rc = mwl8k_cmd_tx_power(hw, conf, conf->power_level);
4547			if (rc)
4548				goto out;
4549		}
4550
4551		rc = mwl8k_cmd_rf_antenna(hw, MWL8K_RF_ANTENNA_RX, 0x3);
4552		if (rc)
4553			wiphy_warn(hw->wiphy, "failed to set # of RX antennas");
4554		rc = mwl8k_cmd_rf_antenna(hw, MWL8K_RF_ANTENNA_TX, 0x7);
4555		if (rc)
4556			wiphy_warn(hw->wiphy, "failed to set # of TX antennas");
4557
4558	} else {
4559		rc = mwl8k_cmd_rf_tx_power(hw, conf->power_level);
4560		if (rc)
4561			goto out;
4562		rc = mwl8k_cmd_mimo_config(hw, 0x7, 0x7);
4563	}
4564
4565out:
4566	mwl8k_fw_unlock(hw);
4567
4568	return rc;
4569}
4570
4571static void
4572mwl8k_bss_info_changed_sta(struct ieee80211_hw *hw, struct ieee80211_vif *vif,
4573			   struct ieee80211_bss_conf *info, u32 changed)
4574{
4575	struct mwl8k_priv *priv = hw->priv;
4576	u32 ap_legacy_rates = 0;
4577	u8 ap_mcs_rates[16];
4578	int rc;
4579
4580	if (mwl8k_fw_lock(hw))
4581		return;
4582
4583	/*
4584	 * No need to capture a beacon if we're no longer associated.
4585	 */
4586	if ((changed & BSS_CHANGED_ASSOC) && !vif->bss_conf.assoc)
4587		priv->capture_beacon = false;
4588
4589	/*
4590	 * Get the AP's legacy and MCS rates.
4591	 */
4592	if (vif->bss_conf.assoc) {
4593		struct ieee80211_sta *ap;
4594
4595		rcu_read_lock();
4596
4597		ap = ieee80211_find_sta(vif, vif->bss_conf.bssid);
4598		if (ap == NULL) {
4599			rcu_read_unlock();
4600			goto out;
4601		}
4602
4603		if (hw->conf.channel->band == IEEE80211_BAND_2GHZ) {
4604			ap_legacy_rates = ap->supp_rates[IEEE80211_BAND_2GHZ];
4605		} else {
4606			ap_legacy_rates =
4607				ap->supp_rates[IEEE80211_BAND_5GHZ] << 5;
4608		}
4609		memcpy(ap_mcs_rates, ap->ht_cap.mcs.rx_mask, 16);
4610
4611		rcu_read_unlock();
4612	}
4613
4614	if ((changed & BSS_CHANGED_ASSOC) && vif->bss_conf.assoc) {
4615		rc = mwl8k_cmd_set_rate(hw, vif, ap_legacy_rates, ap_mcs_rates);
4616		if (rc)
4617			goto out;
4618
4619		rc = mwl8k_cmd_use_fixed_rate_sta(hw);
4620		if (rc)
4621			goto out;
4622	}
4623
4624	if (changed & BSS_CHANGED_ERP_PREAMBLE) {
4625		rc = mwl8k_set_radio_preamble(hw,
4626				vif->bss_conf.use_short_preamble);
4627		if (rc)
4628			goto out;
4629	}
4630
4631	if (changed & BSS_CHANGED_ERP_SLOT) {
4632		rc = mwl8k_cmd_set_slot(hw, vif->bss_conf.use_short_slot);
4633		if (rc)
4634			goto out;
4635	}
4636
4637	if (vif->bss_conf.assoc &&
4638	    (changed & (BSS_CHANGED_ASSOC | BSS_CHANGED_ERP_CTS_PROT |
4639			BSS_CHANGED_HT))) {
4640		rc = mwl8k_cmd_set_aid(hw, vif, ap_legacy_rates);
4641		if (rc)
4642			goto out;
4643	}
4644
4645	if (vif->bss_conf.assoc &&
4646	    (changed & (BSS_CHANGED_ASSOC | BSS_CHANGED_BEACON_INT))) {
4647		/*
4648		 * Finalize the join.  Tell rx handler to process
4649		 * next beacon from our BSSID.
4650		 */
4651		memcpy(priv->capture_bssid, vif->bss_conf.bssid, ETH_ALEN);
4652		priv->capture_beacon = true;
4653	}
4654
4655out:
4656	mwl8k_fw_unlock(hw);
4657}
4658
4659static void
4660mwl8k_bss_info_changed_ap(struct ieee80211_hw *hw, struct ieee80211_vif *vif,
4661			  struct ieee80211_bss_conf *info, u32 changed)
4662{
4663	int rc;
4664
4665	if (mwl8k_fw_lock(hw))
4666		return;
4667
4668	if (changed & BSS_CHANGED_ERP_PREAMBLE) {
4669		rc = mwl8k_set_radio_preamble(hw,
4670				vif->bss_conf.use_short_preamble);
4671		if (rc)
4672			goto out;
4673	}
4674
4675	if (changed & BSS_CHANGED_BASIC_RATES) {
4676		int idx;
4677		int rate;
4678
4679		/*
4680		 * Use lowest supported basic rate for multicasts
4681		 * and management frames (such as probe responses --
4682		 * beacons will always go out at 1 Mb/s).
4683		 */
4684		idx = ffs(vif->bss_conf.basic_rates);
4685		if (idx)
4686			idx--;
4687
4688		if (hw->conf.channel->band == IEEE80211_BAND_2GHZ)
4689			rate = mwl8k_rates_24[idx].hw_value;
4690		else
4691			rate = mwl8k_rates_50[idx].hw_value;
4692
4693		mwl8k_cmd_use_fixed_rate_ap(hw, rate, rate);
4694	}
4695
4696	if (changed & (BSS_CHANGED_BEACON_INT | BSS_CHANGED_BEACON)) {
4697		struct sk_buff *skb;
4698
4699		skb = ieee80211_beacon_get(hw, vif);
4700		if (skb != NULL) {
4701			mwl8k_cmd_set_beacon(hw, vif, skb->data, skb->len);
4702			kfree_skb(skb);
4703		}
4704	}
4705
4706	if (changed & BSS_CHANGED_BEACON_ENABLED)
4707		mwl8k_cmd_bss_start(hw, vif, info->enable_beacon);
4708
4709out:
4710	mwl8k_fw_unlock(hw);
4711}
4712
4713static void
4714mwl8k_bss_info_changed(struct ieee80211_hw *hw, struct ieee80211_vif *vif,
4715		       struct ieee80211_bss_conf *info, u32 changed)
4716{
4717	struct mwl8k_priv *priv = hw->priv;
4718
4719	if (!priv->ap_fw)
4720		mwl8k_bss_info_changed_sta(hw, vif, info, changed);
4721	else
4722		mwl8k_bss_info_changed_ap(hw, vif, info, changed);
4723}
4724
4725static u64 mwl8k_prepare_multicast(struct ieee80211_hw *hw,
4726				   struct netdev_hw_addr_list *mc_list)
4727{
4728	struct mwl8k_cmd_pkt *cmd;
4729
4730	/*
4731	 * Synthesize and return a command packet that programs the
4732	 * hardware multicast address filter.  At this point we don't
4733	 * know whether FIF_ALLMULTI is being requested, but if it is,
4734	 * we'll end up throwing this packet away and creating a new
4735	 * one in mwl8k_configure_filter().
4736	 */
4737	cmd = __mwl8k_cmd_mac_multicast_adr(hw, 0, mc_list);
4738
4739	return (unsigned long)cmd;
4740}
4741
4742static int
4743mwl8k_configure_filter_sniffer(struct ieee80211_hw *hw,
4744			       unsigned int changed_flags,
4745			       unsigned int *total_flags)
4746{
4747	struct mwl8k_priv *priv = hw->priv;
4748
4749	/*
4750	 * Hardware sniffer mode is mutually exclusive with STA
4751	 * operation, so refuse to enable sniffer mode if a STA
4752	 * interface is active.
4753	 */
4754	if (!list_empty(&priv->vif_list)) {
4755		if (net_ratelimit())
4756			wiphy_info(hw->wiphy,
4757				   "not enabling sniffer mode because STA interface is active\n");
4758		return 0;
4759	}
4760
4761	if (!priv->sniffer_enabled) {
4762		if (mwl8k_cmd_enable_sniffer(hw, 1))
4763			return 0;
4764		priv->sniffer_enabled = true;
4765	}
4766
4767	*total_flags &=	FIF_PROMISC_IN_BSS | FIF_ALLMULTI |
4768			FIF_BCN_PRBRESP_PROMISC | FIF_CONTROL |
4769			FIF_OTHER_BSS;
4770
4771	return 1;
4772}
4773
4774static struct mwl8k_vif *mwl8k_first_vif(struct mwl8k_priv *priv)
4775{
4776	if (!list_empty(&priv->vif_list))
4777		return list_entry(priv->vif_list.next, struct mwl8k_vif, list);
4778
4779	return NULL;
4780}
4781
4782static void mwl8k_configure_filter(struct ieee80211_hw *hw,
4783				   unsigned int changed_flags,
4784				   unsigned int *total_flags,
4785				   u64 multicast)
4786{
4787	struct mwl8k_priv *priv = hw->priv;
4788	struct mwl8k_cmd_pkt *cmd = (void *)(unsigned long)multicast;
4789
4790	/*
4791	 * AP firmware doesn't allow fine-grained control over
4792	 * the receive filter.
4793	 */
4794	if (priv->ap_fw) {
4795		*total_flags &= FIF_ALLMULTI | FIF_BCN_PRBRESP_PROMISC;
4796		kfree(cmd);
4797		return;
4798	}
4799
4800	/*
4801	 * Enable hardware sniffer mode if FIF_CONTROL or
4802	 * FIF_OTHER_BSS is requested.
4803	 */
4804	if (*total_flags & (FIF_CONTROL | FIF_OTHER_BSS) &&
4805	    mwl8k_configure_filter_sniffer(hw, changed_flags, total_flags)) {
4806		kfree(cmd);
4807		return;
4808	}
4809
4810	/* Clear unsupported feature flags */
4811	*total_flags &= FIF_ALLMULTI | FIF_BCN_PRBRESP_PROMISC;
4812
4813	if (mwl8k_fw_lock(hw)) {
4814		kfree(cmd);
4815		return;
4816	}
4817
4818	if (priv->sniffer_enabled) {
4819		mwl8k_cmd_enable_sniffer(hw, 0);
4820		priv->sniffer_enabled = false;
4821	}
4822
4823	if (changed_flags & FIF_BCN_PRBRESP_PROMISC) {
4824		if (*total_flags & FIF_BCN_PRBRESP_PROMISC) {
4825			/*
4826			 * Disable the BSS filter.
4827			 */
4828			mwl8k_cmd_set_pre_scan(hw);
4829		} else {
4830			struct mwl8k_vif *mwl8k_vif;
4831			const u8 *bssid;
4832
4833			/*
4834			 * Enable the BSS filter.
4835			 *
4836			 * If there is an active STA interface, use that
4837			 * interface's BSSID, otherwise use a dummy one
4838			 * (where the OUI part needs to be nonzero for
4839			 * the BSSID to be accepted by POST_SCAN).
4840			 */
4841			mwl8k_vif = mwl8k_first_vif(priv);
4842			if (mwl8k_vif != NULL)
4843				bssid = mwl8k_vif->vif->bss_conf.bssid;
4844			else
4845				bssid = "\x01\x00\x00\x00\x00\x00";
4846
4847			mwl8k_cmd_set_post_scan(hw, bssid);
4848		}
4849	}
4850
4851	/*
4852	 * If FIF_ALLMULTI is being requested, throw away the command
4853	 * packet that ->prepare_multicast() built and replace it with
4854	 * a command packet that enables reception of all multicast
4855	 * packets.
4856	 */
4857	if (*total_flags & FIF_ALLMULTI) {
4858		kfree(cmd);
4859		cmd = __mwl8k_cmd_mac_multicast_adr(hw, 1, NULL);
4860	}
4861
4862	if (cmd != NULL) {
4863		mwl8k_post_cmd(hw, cmd);
4864		kfree(cmd);
4865	}
4866
4867	mwl8k_fw_unlock(hw);
4868}
4869
4870static int mwl8k_set_rts_threshold(struct ieee80211_hw *hw, u32 value)
4871{
4872	return mwl8k_cmd_set_rts_threshold(hw, value);
4873}
4874
4875static int mwl8k_sta_remove(struct ieee80211_hw *hw,
4876			    struct ieee80211_vif *vif,
4877			    struct ieee80211_sta *sta)
4878{
4879	struct mwl8k_priv *priv = hw->priv;
4880
4881	if (priv->ap_fw)
4882		return mwl8k_cmd_set_new_stn_del(hw, vif, sta->addr);
4883	else
4884		return mwl8k_cmd_update_stadb_del(hw, vif, sta->addr);
4885}
4886
4887static int mwl8k_sta_add(struct ieee80211_hw *hw,
4888			 struct ieee80211_vif *vif,
4889			 struct ieee80211_sta *sta)
4890{
4891	struct mwl8k_priv *priv = hw->priv;
4892	int ret;
4893	int i;
4894	struct mwl8k_vif *mwl8k_vif = MWL8K_VIF(vif);
4895	struct ieee80211_key_conf *key;
4896
4897	if (!priv->ap_fw) {
4898		ret = mwl8k_cmd_update_stadb_add(hw, vif, sta);
4899		if (ret >= 0) {
4900			MWL8K_STA(sta)->peer_id = ret;
4901			if (sta->ht_cap.ht_supported)
4902				MWL8K_STA(sta)->is_ampdu_allowed = true;
4903			ret = 0;
4904		}
4905
4906	} else {
4907		ret = mwl8k_cmd_set_new_stn_add(hw, vif, sta);
4908	}
4909
4910	for (i = 0; i < NUM_WEP_KEYS; i++) {
4911		key = IEEE80211_KEY_CONF(mwl8k_vif->wep_key_conf[i].key);
4912		if (mwl8k_vif->wep_key_conf[i].enabled)
4913			mwl8k_set_key(hw, SET_KEY, vif, sta, key);
4914	}
4915	return ret;
4916}
4917
4918static int mwl8k_conf_tx(struct ieee80211_hw *hw, u16 queue,
4919			 const struct ieee80211_tx_queue_params *params)
4920{
4921	struct mwl8k_priv *priv = hw->priv;
4922	int rc;
4923
4924	rc = mwl8k_fw_lock(hw);
4925	if (!rc) {
4926		BUG_ON(queue > MWL8K_TX_WMM_QUEUES - 1);
4927		memcpy(&priv->wmm_params[queue], params, sizeof(*params));
4928
4929		if (!priv->wmm_enabled)
4930			rc = mwl8k_cmd_set_wmm_mode(hw, 1);
4931
4932		if (!rc) {
4933			int q = MWL8K_TX_WMM_QUEUES - 1 - queue;
4934			rc = mwl8k_cmd_set_edca_params(hw, q,
4935						       params->cw_min,
4936						       params->cw_max,
4937						       params->aifs,
4938						       params->txop);
4939		}
4940
4941		mwl8k_fw_unlock(hw);
4942	}
4943
4944	return rc;
4945}
4946
4947static int mwl8k_get_stats(struct ieee80211_hw *hw,
4948			   struct ieee80211_low_level_stats *stats)
4949{
4950	return mwl8k_cmd_get_stat(hw, stats);
4951}
4952
4953static int mwl8k_get_survey(struct ieee80211_hw *hw, int idx,
4954				struct survey_info *survey)
4955{
4956	struct mwl8k_priv *priv = hw->priv;
4957	struct ieee80211_conf *conf = &hw->conf;
4958
4959	if (idx != 0)
4960		return -ENOENT;
4961
4962	survey->channel = conf->channel;
4963	survey->filled = SURVEY_INFO_NOISE_DBM;
4964	survey->noise = priv->noise;
4965
4966	return 0;
4967}
4968
4969#define MAX_AMPDU_ATTEMPTS 5
4970
4971static int
4972mwl8k_ampdu_action(struct ieee80211_hw *hw, struct ieee80211_vif *vif,
4973		   enum ieee80211_ampdu_mlme_action action,
4974		   struct ieee80211_sta *sta, u16 tid, u16 *ssn,
4975		   u8 buf_size)
4976{
4977
4978	int i, rc = 0;
4979	struct mwl8k_priv *priv = hw->priv;
4980	struct mwl8k_ampdu_stream *stream;
4981	u8 *addr = sta->addr;
4982
4983	if (!(hw->flags & IEEE80211_HW_AMPDU_AGGREGATION))
4984		return -ENOTSUPP;
4985
4986	spin_lock(&priv->stream_lock);
4987	stream = mwl8k_lookup_stream(hw, addr, tid);
4988
4989	switch (action) {
4990	case IEEE80211_AMPDU_RX_START:
4991	case IEEE80211_AMPDU_RX_STOP:
4992		break;
4993	case IEEE80211_AMPDU_TX_START:
4994		/* By the time we get here the hw queues may contain outgoing
4995		 * packets for this RA/TID that are not part of this BA
4996		 * session.  The hw will assign sequence numbers to these
4997		 * packets as they go out.  So if we query the hw for its next
4998		 * sequence number and use that for the SSN here, it may end up
4999		 * being wrong, which will lead to sequence number mismatch at
5000		 * the recipient.  To avoid this, we reset the sequence number
5001		 * to O for the first MPDU in this BA stream.
5002		 */
5003		*ssn = 0;
5004		if (stream == NULL) {
5005			/* This means that somebody outside this driver called
5006			 * ieee80211_start_tx_ba_session.  This is unexpected
5007			 * because we do our own rate control.  Just warn and
5008			 * move on.
5009			 */
5010			wiphy_warn(hw->wiphy, "Unexpected call to %s.  "
5011				   "Proceeding anyway.\n", __func__);
5012			stream = mwl8k_add_stream(hw, sta, tid);
5013		}
5014		if (stream == NULL) {
5015			wiphy_debug(hw->wiphy, "no free AMPDU streams\n");
5016			rc = -EBUSY;
5017			break;
5018		}
5019		stream->state = AMPDU_STREAM_IN_PROGRESS;
5020
5021		/* Release the lock before we do the time consuming stuff */
5022		spin_unlock(&priv->stream_lock);
5023		for (i = 0; i < MAX_AMPDU_ATTEMPTS; i++) {
5024			rc = mwl8k_check_ba(hw, stream);
5025
5026			if (!rc)
5027				break;
5028			/*
5029			 * HW queues take time to be flushed, give them
5030			 * sufficient time
5031			 */
5032
5033			msleep(1000);
5034		}
5035		spin_lock(&priv->stream_lock);
5036		if (rc) {
5037			wiphy_err(hw->wiphy, "Stream for tid %d busy after %d"
5038				" attempts\n", tid, MAX_AMPDU_ATTEMPTS);
5039			mwl8k_remove_stream(hw, stream);
5040			rc = -EBUSY;
5041			break;
5042		}
5043		ieee80211_start_tx_ba_cb_irqsafe(vif, addr, tid);
5044		break;
5045	case IEEE80211_AMPDU_TX_STOP:
5046		if (stream == NULL)
5047			break;
5048		if (stream->state == AMPDU_STREAM_ACTIVE) {
5049			spin_unlock(&priv->stream_lock);
5050			mwl8k_destroy_ba(hw, stream);
5051			spin_lock(&priv->stream_lock);
5052		}
5053		mwl8k_remove_stream(hw, stream);
5054		ieee80211_stop_tx_ba_cb_irqsafe(vif, addr, tid);
5055		break;
5056	case IEEE80211_AMPDU_TX_OPERATIONAL:
5057		BUG_ON(stream == NULL);
5058		BUG_ON(stream->state != AMPDU_STREAM_IN_PROGRESS);
5059		spin_unlock(&priv->stream_lock);
5060		rc = mwl8k_create_ba(hw, stream, buf_size);
5061		spin_lock(&priv->stream_lock);
5062		if (!rc)
5063			stream->state = AMPDU_STREAM_ACTIVE;
5064		else {
5065			spin_unlock(&priv->stream_lock);
5066			mwl8k_destroy_ba(hw, stream);
5067			spin_lock(&priv->stream_lock);
5068			wiphy_debug(hw->wiphy,
5069				"Failed adding stream for sta %pM tid %d\n",
5070				addr, tid);
5071			mwl8k_remove_stream(hw, stream);
5072		}
5073		break;
5074
5075	default:
5076		rc = -ENOTSUPP;
5077	}
5078
5079	spin_unlock(&priv->stream_lock);
5080	return rc;
5081}
5082
5083static const struct ieee80211_ops mwl8k_ops = {
5084	.tx			= mwl8k_tx,
5085	.start			= mwl8k_start,
5086	.stop			= mwl8k_stop,
5087	.add_interface		= mwl8k_add_interface,
5088	.remove_interface	= mwl8k_remove_interface,
5089	.config			= mwl8k_config,
5090	.bss_info_changed	= mwl8k_bss_info_changed,
5091	.prepare_multicast	= mwl8k_prepare_multicast,
5092	.configure_filter	= mwl8k_configure_filter,
5093	.set_key                = mwl8k_set_key,
5094	.set_rts_threshold	= mwl8k_set_rts_threshold,
5095	.sta_add		= mwl8k_sta_add,
5096	.sta_remove		= mwl8k_sta_remove,
5097	.conf_tx		= mwl8k_conf_tx,
5098	.get_stats		= mwl8k_get_stats,
5099	.get_survey		= mwl8k_get_survey,
5100	.ampdu_action		= mwl8k_ampdu_action,
5101};
5102
5103static void mwl8k_finalize_join_worker(struct work_struct *work)
5104{
5105	struct mwl8k_priv *priv =
5106		container_of(work, struct mwl8k_priv, finalize_join_worker);
5107	struct sk_buff *skb = priv->beacon_skb;
5108	struct ieee80211_mgmt *mgmt = (void *)skb->data;
5109	int len = skb->len - offsetof(struct ieee80211_mgmt, u.beacon.variable);
5110	const u8 *tim = cfg80211_find_ie(WLAN_EID_TIM,
5111					 mgmt->u.beacon.variable, len);
5112	int dtim_period = 1;
5113
5114	if (tim && tim[1] >= 2)
5115		dtim_period = tim[3];
5116
5117	mwl8k_cmd_finalize_join(priv->hw, skb->data, skb->len, dtim_period);
5118
5119	dev_kfree_skb(skb);
5120	priv->beacon_skb = NULL;
5121}
5122
5123enum {
5124	MWL8363 = 0,
5125	MWL8687,
5126	MWL8366,
5127};
5128
5129#define MWL8K_8366_AP_FW_API 2
5130#define _MWL8K_8366_AP_FW(api) "mwl8k/fmimage_8366_ap-" #api ".fw"
5131#define MWL8K_8366_AP_FW(api) _MWL8K_8366_AP_FW(api)
5132
5133static struct mwl8k_device_info mwl8k_info_tbl[] __devinitdata = {
5134	[MWL8363] = {
5135		.part_name	= "88w8363",
5136		.helper_image	= "mwl8k/helper_8363.fw",
5137		.fw_image_sta	= "mwl8k/fmimage_8363.fw",
5138	},
5139	[MWL8687] = {
5140		.part_name	= "88w8687",
5141		.helper_image	= "mwl8k/helper_8687.fw",
5142		.fw_image_sta	= "mwl8k/fmimage_8687.fw",
5143	},
5144	[MWL8366] = {
5145		.part_name	= "88w8366",
5146		.helper_image	= "mwl8k/helper_8366.fw",
5147		.fw_image_sta	= "mwl8k/fmimage_8366.fw",
5148		.fw_image_ap	= MWL8K_8366_AP_FW(MWL8K_8366_AP_FW_API),
5149		.fw_api_ap	= MWL8K_8366_AP_FW_API,
5150		.ap_rxd_ops	= &rxd_8366_ap_ops,
5151	},
5152};
5153
5154MODULE_FIRMWARE("mwl8k/helper_8363.fw");
5155MODULE_FIRMWARE("mwl8k/fmimage_8363.fw");
5156MODULE_FIRMWARE("mwl8k/helper_8687.fw");
5157MODULE_FIRMWARE("mwl8k/fmimage_8687.fw");
5158MODULE_FIRMWARE("mwl8k/helper_8366.fw");
5159MODULE_FIRMWARE("mwl8k/fmimage_8366.fw");
5160MODULE_FIRMWARE(MWL8K_8366_AP_FW(MWL8K_8366_AP_FW_API));
5161
5162static DEFINE_PCI_DEVICE_TABLE(mwl8k_pci_id_table) = {
5163	{ PCI_VDEVICE(MARVELL, 0x2a0a), .driver_data = MWL8363, },
5164	{ PCI_VDEVICE(MARVELL, 0x2a0c), .driver_data = MWL8363, },
5165	{ PCI_VDEVICE(MARVELL, 0x2a24), .driver_data = MWL8363, },
5166	{ PCI_VDEVICE(MARVELL, 0x2a2b), .driver_data = MWL8687, },
5167	{ PCI_VDEVICE(MARVELL, 0x2a30), .driver_data = MWL8687, },
5168	{ PCI_VDEVICE(MARVELL, 0x2a40), .driver_data = MWL8366, },
5169	{ PCI_VDEVICE(MARVELL, 0x2a43), .driver_data = MWL8366, },
5170	{ },
5171};
5172MODULE_DEVICE_TABLE(pci, mwl8k_pci_id_table);
5173
5174static int mwl8k_request_alt_fw(struct mwl8k_priv *priv)
5175{
5176	int rc;
5177	printk(KERN_ERR "%s: Error requesting preferred fw %s.\n"
5178	       "Trying alternative firmware %s\n", pci_name(priv->pdev),
5179	       priv->fw_pref, priv->fw_alt);
5180	rc = mwl8k_request_fw(priv, priv->fw_alt, &priv->fw_ucode, true);
5181	if (rc) {
5182		printk(KERN_ERR "%s: Error requesting alt fw %s\n",
5183		       pci_name(priv->pdev), priv->fw_alt);
5184		return rc;
5185	}
5186	return 0;
5187}
5188
5189static int mwl8k_firmware_load_success(struct mwl8k_priv *priv);
5190static void mwl8k_fw_state_machine(const struct firmware *fw, void *context)
5191{
5192	struct mwl8k_priv *priv = context;
5193	struct mwl8k_device_info *di = priv->device_info;
5194	int rc;
5195
5196	switch (priv->fw_state) {
5197	case FW_STATE_INIT:
5198		if (!fw) {
5199			printk(KERN_ERR "%s: Error requesting helper fw %s\n",
5200			       pci_name(priv->pdev), di->helper_image);
5201			goto fail;
5202		}
5203		priv->fw_helper = fw;
5204		rc = mwl8k_request_fw(priv, priv->fw_pref, &priv->fw_ucode,
5205				      true);
5206		if (rc && priv->fw_alt) {
5207			rc = mwl8k_request_alt_fw(priv);
5208			if (rc)
5209				goto fail;
5210			priv->fw_state = FW_STATE_LOADING_ALT;
5211		} else if (rc)
5212			goto fail;
5213		else
5214			priv->fw_state = FW_STATE_LOADING_PREF;
5215		break;
5216
5217	case FW_STATE_LOADING_PREF:
5218		if (!fw) {
5219			if (priv->fw_alt) {
5220				rc = mwl8k_request_alt_fw(priv);
5221				if (rc)
5222					goto fail;
5223				priv->fw_state = FW_STATE_LOADING_ALT;
5224			} else
5225				goto fail;
5226		} else {
5227			priv->fw_ucode = fw;
5228			rc = mwl8k_firmware_load_success(priv);
5229			if (rc)
5230				goto fail;
5231			else
5232				complete(&priv->firmware_loading_complete);
5233		}
5234		break;
5235
5236	case FW_STATE_LOADING_ALT:
5237		if (!fw) {
5238			printk(KERN_ERR "%s: Error requesting alt fw %s\n",
5239			       pci_name(priv->pdev), di->helper_image);
5240			goto fail;
5241		}
5242		priv->fw_ucode = fw;
5243		rc = mwl8k_firmware_load_success(priv);
5244		if (rc)
5245			goto fail;
5246		else
5247			complete(&priv->firmware_loading_complete);
5248		break;
5249
5250	default:
5251		printk(KERN_ERR "%s: Unexpected firmware loading state: %d\n",
5252		       MWL8K_NAME, priv->fw_state);
5253		BUG_ON(1);
5254	}
5255
5256	return;
5257
5258fail:
5259	priv->fw_state = FW_STATE_ERROR;
5260	complete(&priv->firmware_loading_complete);
5261	device_release_driver(&priv->pdev->dev);
5262	mwl8k_release_firmware(priv);
5263}
5264
5265static int mwl8k_init_firmware(struct ieee80211_hw *hw, char *fw_image,
5266			       bool nowait)
5267{
5268	struct mwl8k_priv *priv = hw->priv;
5269	int rc;
5270
5271	/* Reset firmware and hardware */
5272	mwl8k_hw_reset(priv);
5273
5274	/* Ask userland hotplug daemon for the device firmware */
5275	rc = mwl8k_request_firmware(priv, fw_image, nowait);
5276	if (rc) {
5277		wiphy_err(hw->wiphy, "Firmware files not found\n");
5278		return rc;
5279	}
5280
5281	if (nowait)
5282		return rc;
5283
5284	/* Load firmware into hardware */
5285	rc = mwl8k_load_firmware(hw);
5286	if (rc)
5287		wiphy_err(hw->wiphy, "Cannot start firmware\n");
5288
5289	/* Reclaim memory once firmware is successfully loaded */
5290	mwl8k_release_firmware(priv);
5291
5292	return rc;
5293}
5294
5295static int mwl8k_init_txqs(struct ieee80211_hw *hw)
5296{
5297	struct mwl8k_priv *priv = hw->priv;
5298	int rc = 0;
5299	int i;
5300
5301	for (i = 0; i < mwl8k_tx_queues(priv); i++) {
5302		rc = mwl8k_txq_init(hw, i);
5303		if (rc)
5304			break;
5305		if (priv->ap_fw)
5306			iowrite32(priv->txq[i].txd_dma,
5307				  priv->sram + priv->txq_offset[i]);
5308	}
5309	return rc;
5310}
5311
5312/* initialize hw after successfully loading a firmware image */
5313static int mwl8k_probe_hw(struct ieee80211_hw *hw)
5314{
5315	struct mwl8k_priv *priv = hw->priv;
5316	int rc = 0;
5317	int i;
5318
5319	if (priv->ap_fw) {
5320		priv->rxd_ops = priv->device_info->ap_rxd_ops;
5321		if (priv->rxd_ops == NULL) {
5322			wiphy_err(hw->wiphy,
5323				  "Driver does not have AP firmware image support for this hardware\n");
5324			goto err_stop_firmware;
5325		}
5326	} else {
5327		priv->rxd_ops = &rxd_sta_ops;
5328	}
5329
5330	priv->sniffer_enabled = false;
5331	priv->wmm_enabled = false;
5332	priv->pending_tx_pkts = 0;
5333
5334	rc = mwl8k_rxq_init(hw, 0);
5335	if (rc)
5336		goto err_stop_firmware;
5337	rxq_refill(hw, 0, INT_MAX);
5338
5339	/* For the sta firmware, we need to know the dma addresses of tx queues
5340	 * before sending MWL8K_CMD_GET_HW_SPEC.  So we must initialize them
5341	 * prior to issuing this command.  But for the AP case, we learn the
5342	 * total number of queues from the result CMD_GET_HW_SPEC, so for this
5343	 * case we must initialize the tx queues after.
5344	 */
5345	priv->num_ampdu_queues = 0;
5346	if (!priv->ap_fw) {
5347		rc = mwl8k_init_txqs(hw);
5348		if (rc)
5349			goto err_free_queues;
5350	}
5351
5352	iowrite32(0, priv->regs + MWL8K_HIU_A2H_INTERRUPT_STATUS);
5353	iowrite32(0, priv->regs + MWL8K_HIU_A2H_INTERRUPT_MASK);
5354	iowrite32(MWL8K_A2H_INT_TX_DONE|MWL8K_A2H_INT_RX_READY|
5355		  MWL8K_A2H_INT_BA_WATCHDOG,
5356		  priv->regs + MWL8K_HIU_A2H_INTERRUPT_CLEAR_SEL);
5357	iowrite32(MWL8K_A2H_INT_OPC_DONE,
5358		  priv->regs + MWL8K_HIU_A2H_INTERRUPT_STATUS_MASK);
5359
5360	rc = request_irq(priv->pdev->irq, mwl8k_interrupt,
5361			 IRQF_SHARED, MWL8K_NAME, hw);
5362	if (rc) {
5363		wiphy_err(hw->wiphy, "failed to register IRQ handler\n");
5364		goto err_free_queues;
5365	}
5366
5367	memset(priv->ampdu, 0, sizeof(priv->ampdu));
5368
5369	/*
5370	 * Temporarily enable interrupts.  Initial firmware host
5371	 * commands use interrupts and avoid polling.  Disable
5372	 * interrupts when done.
5373	 */
5374	iowrite32(MWL8K_A2H_EVENTS, priv->regs + MWL8K_HIU_A2H_INTERRUPT_MASK);
5375
5376	/* Get config data, mac addrs etc */
5377	if (priv->ap_fw) {
5378		rc = mwl8k_cmd_get_hw_spec_ap(hw);
5379		if (!rc)
5380			rc = mwl8k_init_txqs(hw);
5381		if (!rc)
5382			rc = mwl8k_cmd_set_hw_spec(hw);
5383	} else {
5384		rc = mwl8k_cmd_get_hw_spec_sta(hw);
5385	}
5386	if (rc) {
5387		wiphy_err(hw->wiphy, "Cannot initialise firmware\n");
5388		goto err_free_irq;
5389	}
5390
5391	/* Turn radio off */
5392	rc = mwl8k_cmd_radio_disable(hw);
5393	if (rc) {
5394		wiphy_err(hw->wiphy, "Cannot disable\n");
5395		goto err_free_irq;
5396	}
5397
5398	/* Clear MAC address */
5399	rc = mwl8k_cmd_set_mac_addr(hw, NULL, "\x00\x00\x00\x00\x00\x00");
5400	if (rc) {
5401		wiphy_err(hw->wiphy, "Cannot clear MAC address\n");
5402		goto err_free_irq;
5403	}
5404
5405	/* Disable interrupts */
5406	iowrite32(0, priv->regs + MWL8K_HIU_A2H_INTERRUPT_MASK);
5407	free_irq(priv->pdev->irq, hw);
5408
5409	wiphy_info(hw->wiphy, "%s v%d, %pm, %s firmware %u.%u.%u.%u\n",
5410		   priv->device_info->part_name,
5411		   priv->hw_rev, hw->wiphy->perm_addr,
5412		   priv->ap_fw ? "AP" : "STA",
5413		   (priv->fw_rev >> 24) & 0xff, (priv->fw_rev >> 16) & 0xff,
5414		   (priv->fw_rev >> 8) & 0xff, priv->fw_rev & 0xff);
5415
5416	return 0;
5417
5418err_free_irq:
5419	iowrite32(0, priv->regs + MWL8K_HIU_A2H_INTERRUPT_MASK);
5420	free_irq(priv->pdev->irq, hw);
5421
5422err_free_queues:
5423	for (i = 0; i < mwl8k_tx_queues(priv); i++)
5424		mwl8k_txq_deinit(hw, i);
5425	mwl8k_rxq_deinit(hw, 0);
5426
5427err_stop_firmware:
5428	mwl8k_hw_reset(priv);
5429
5430	return rc;
5431}
5432
5433/*
5434 * invoke mwl8k_reload_firmware to change the firmware image after the device
5435 * has already been registered
5436 */
5437static int mwl8k_reload_firmware(struct ieee80211_hw *hw, char *fw_image)
5438{
5439	int i, rc = 0;
5440	struct mwl8k_priv *priv = hw->priv;
5441
5442	mwl8k_stop(hw);
5443	mwl8k_rxq_deinit(hw, 0);
5444
5445	for (i = 0; i < mwl8k_tx_queues(priv); i++)
5446		mwl8k_txq_deinit(hw, i);
5447
5448	rc = mwl8k_init_firmware(hw, fw_image, false);
5449	if (rc)
5450		goto fail;
5451
5452	rc = mwl8k_probe_hw(hw);
5453	if (rc)
5454		goto fail;
5455
5456	rc = mwl8k_start(hw);
5457	if (rc)
5458		goto fail;
5459
5460	rc = mwl8k_config(hw, ~0);
5461	if (rc)
5462		goto fail;
5463
5464	for (i = 0; i < MWL8K_TX_WMM_QUEUES; i++) {
5465		rc = mwl8k_conf_tx(hw, i, &priv->wmm_params[i]);
5466		if (rc)
5467			goto fail;
5468	}
5469
5470	return rc;
5471
5472fail:
5473	printk(KERN_WARNING "mwl8k: Failed to reload firmware image.\n");
5474	return rc;
5475}
5476
5477static int mwl8k_firmware_load_success(struct mwl8k_priv *priv)
5478{
5479	struct ieee80211_hw *hw = priv->hw;
5480	int i, rc;
5481
5482	rc = mwl8k_load_firmware(hw);
5483	mwl8k_release_firmware(priv);
5484	if (rc) {
5485		wiphy_err(hw->wiphy, "Cannot start firmware\n");
5486		return rc;
5487	}
5488
5489	/*
5490	 * Extra headroom is the size of the required DMA header
5491	 * minus the size of the smallest 802.11 frame (CTS frame).
5492	 */
5493	hw->extra_tx_headroom =
5494		sizeof(struct mwl8k_dma_data) - sizeof(struct ieee80211_cts);
5495
5496	hw->extra_tx_headroom -= priv->ap_fw ? REDUCED_TX_HEADROOM : 0;
5497
5498	hw->channel_change_time = 10;
5499
5500	hw->queues = MWL8K_TX_WMM_QUEUES;
5501
5502	/* Set rssi values to dBm */
5503	hw->flags |= IEEE80211_HW_SIGNAL_DBM | IEEE80211_HW_HAS_RATE_CONTROL;
5504	hw->vif_data_size = sizeof(struct mwl8k_vif);
5505	hw->sta_data_size = sizeof(struct mwl8k_sta);
5506
5507	priv->macids_used = 0;
5508	INIT_LIST_HEAD(&priv->vif_list);
5509
5510	/* Set default radio state and preamble */
5511	priv->radio_on = 0;
5512	priv->radio_short_preamble = 0;
5513
5514	/* Finalize join worker */
5515	INIT_WORK(&priv->finalize_join_worker, mwl8k_finalize_join_worker);
5516	/* Handle watchdog ba events */
5517	INIT_WORK(&priv->watchdog_ba_handle, mwl8k_watchdog_ba_events);
5518
5519	/* TX reclaim and RX tasklets.  */
5520	tasklet_init(&priv->poll_tx_task, mwl8k_tx_poll, (unsigned long)hw);
5521	tasklet_disable(&priv->poll_tx_task);
5522	tasklet_init(&priv->poll_rx_task, mwl8k_rx_poll, (unsigned long)hw);
5523	tasklet_disable(&priv->poll_rx_task);
5524
5525	/* Power management cookie */
5526	priv->cookie = pci_alloc_consistent(priv->pdev, 4, &priv->cookie_dma);
5527	if (priv->cookie == NULL)
5528		return -ENOMEM;
5529
5530	mutex_init(&priv->fw_mutex);
5531	priv->fw_mutex_owner = NULL;
5532	priv->fw_mutex_depth = 0;
5533	priv->hostcmd_wait = NULL;
5534
5535	spin_lock_init(&priv->tx_lock);
5536
5537	spin_lock_init(&priv->stream_lock);
5538
5539	priv->tx_wait = NULL;
5540
5541	rc = mwl8k_probe_hw(hw);
5542	if (rc)
5543		goto err_free_cookie;
5544
5545	hw->wiphy->interface_modes = 0;
5546	if (priv->ap_macids_supported || priv->device_info->fw_image_ap)
5547		hw->wiphy->interface_modes |= BIT(NL80211_IFTYPE_AP);
5548	if (priv->sta_macids_supported || priv->device_info->fw_image_sta)
5549		hw->wiphy->interface_modes |= BIT(NL80211_IFTYPE_STATION);
5550
5551	rc = ieee80211_register_hw(hw);
5552	if (rc) {
5553		wiphy_err(hw->wiphy, "Cannot register device\n");
5554		goto err_unprobe_hw;
5555	}
5556
5557	return 0;
5558
5559err_unprobe_hw:
5560	for (i = 0; i < mwl8k_tx_queues(priv); i++)
5561		mwl8k_txq_deinit(hw, i);
5562	mwl8k_rxq_deinit(hw, 0);
5563
5564err_free_cookie:
5565	if (priv->cookie != NULL)
5566		pci_free_consistent(priv->pdev, 4,
5567				priv->cookie, priv->cookie_dma);
5568
5569	return rc;
5570}
5571static int __devinit mwl8k_probe(struct pci_dev *pdev,
5572				 const struct pci_device_id *id)
5573{
5574	static int printed_version;
5575	struct ieee80211_hw *hw;
5576	struct mwl8k_priv *priv;
5577	struct mwl8k_device_info *di;
5578	int rc;
5579
5580	if (!printed_version) {
5581		printk(KERN_INFO "%s version %s\n", MWL8K_DESC, MWL8K_VERSION);
5582		printed_version = 1;
5583	}
5584
5585
5586	rc = pci_enable_device(pdev);
5587	if (rc) {
5588		printk(KERN_ERR "%s: Cannot enable new PCI device\n",
5589		       MWL8K_NAME);
5590		return rc;
5591	}
5592
5593	rc = pci_request_regions(pdev, MWL8K_NAME);
5594	if (rc) {
5595		printk(KERN_ERR "%s: Cannot obtain PCI resources\n",
5596		       MWL8K_NAME);
5597		goto err_disable_device;
5598	}
5599
5600	pci_set_master(pdev);
5601
5602
5603	hw = ieee80211_alloc_hw(sizeof(*priv), &mwl8k_ops);
5604	if (hw == NULL) {
5605		printk(KERN_ERR "%s: ieee80211 alloc failed\n", MWL8K_NAME);
5606		rc = -ENOMEM;
5607		goto err_free_reg;
5608	}
5609
5610	SET_IEEE80211_DEV(hw, &pdev->dev);
5611	pci_set_drvdata(pdev, hw);
5612
5613	priv = hw->priv;
5614	priv->hw = hw;
5615	priv->pdev = pdev;
5616	priv->device_info = &mwl8k_info_tbl[id->driver_data];
5617
5618
5619	priv->sram = pci_iomap(pdev, 0, 0x10000);
5620	if (priv->sram == NULL) {
5621		wiphy_err(hw->wiphy, "Cannot map device SRAM\n");
5622		goto err_iounmap;
5623	}
5624
5625	/*
5626	 * If BAR0 is a 32 bit BAR, the register BAR will be BAR1.
5627	 * If BAR0 is a 64 bit BAR, the register BAR will be BAR2.
5628	 */
5629	priv->regs = pci_iomap(pdev, 1, 0x10000);
5630	if (priv->regs == NULL) {
5631		priv->regs = pci_iomap(pdev, 2, 0x10000);
5632		if (priv->regs == NULL) {
5633			wiphy_err(hw->wiphy, "Cannot map device registers\n");
5634			goto err_iounmap;
5635		}
5636	}
5637
5638	/*
5639	 * Choose the initial fw image depending on user input.  If a second
5640	 * image is available, make it the alternative image that will be
5641	 * loaded if the first one fails.
5642	 */
5643	init_completion(&priv->firmware_loading_complete);
5644	di = priv->device_info;
5645	if (ap_mode_default && di->fw_image_ap) {
5646		priv->fw_pref = di->fw_image_ap;
5647		priv->fw_alt = di->fw_image_sta;
5648	} else if (!ap_mode_default && di->fw_image_sta) {
5649		priv->fw_pref = di->fw_image_sta;
5650		priv->fw_alt = di->fw_image_ap;
5651	} else if (ap_mode_default && !di->fw_image_ap && di->fw_image_sta) {
5652		printk(KERN_WARNING "AP fw is unavailable.  Using STA fw.");
5653		priv->fw_pref = di->fw_image_sta;
5654	} else if (!ap_mode_default && !di->fw_image_sta && di->fw_image_ap) {
5655		printk(KERN_WARNING "STA fw is unavailable.  Using AP fw.");
5656		priv->fw_pref = di->fw_image_ap;
5657	}
5658	rc = mwl8k_init_firmware(hw, priv->fw_pref, true);
5659	if (rc)
5660		goto err_stop_firmware;
5661	return rc;
5662
5663err_stop_firmware:
5664	mwl8k_hw_reset(priv);
5665
5666err_iounmap:
5667	if (priv->regs != NULL)
5668		pci_iounmap(pdev, priv->regs);
5669
5670	if (priv->sram != NULL)
5671		pci_iounmap(pdev, priv->sram);
5672
5673	pci_set_drvdata(pdev, NULL);
5674	ieee80211_free_hw(hw);
5675
5676err_free_reg:
5677	pci_release_regions(pdev);
5678
5679err_disable_device:
5680	pci_disable_device(pdev);
5681
5682	return rc;
5683}
5684
5685static void __devexit mwl8k_shutdown(struct pci_dev *pdev)
5686{
5687	printk(KERN_ERR "===>%s(%u)\n", __func__, __LINE__);
5688}
5689
5690static void __devexit mwl8k_remove(struct pci_dev *pdev)
5691{
5692	struct ieee80211_hw *hw = pci_get_drvdata(pdev);
5693	struct mwl8k_priv *priv;
5694	int i;
5695
5696	if (hw == NULL)
5697		return;
5698	priv = hw->priv;
5699
5700	wait_for_completion(&priv->firmware_loading_complete);
5701
5702	if (priv->fw_state == FW_STATE_ERROR) {
5703		mwl8k_hw_reset(priv);
5704		goto unmap;
5705	}
5706
5707	ieee80211_stop_queues(hw);
5708
5709	ieee80211_unregister_hw(hw);
5710
5711	/* Remove TX reclaim and RX tasklets.  */
5712	tasklet_kill(&priv->poll_tx_task);
5713	tasklet_kill(&priv->poll_rx_task);
5714
5715	/* Stop hardware */
5716	mwl8k_hw_reset(priv);
5717
5718	/* Return all skbs to mac80211 */
5719	for (i = 0; i < mwl8k_tx_queues(priv); i++)
5720		mwl8k_txq_reclaim(hw, i, INT_MAX, 1);
5721
5722	for (i = 0; i < mwl8k_tx_queues(priv); i++)
5723		mwl8k_txq_deinit(hw, i);
5724
5725	mwl8k_rxq_deinit(hw, 0);
5726
5727	pci_free_consistent(priv->pdev, 4, priv->cookie, priv->cookie_dma);
5728
5729unmap:
5730	pci_iounmap(pdev, priv->regs);
5731	pci_iounmap(pdev, priv->sram);
5732	pci_set_drvdata(pdev, NULL);
5733	ieee80211_free_hw(hw);
5734	pci_release_regions(pdev);
5735	pci_disable_device(pdev);
5736}
5737
5738static struct pci_driver mwl8k_driver = {
5739	.name		= MWL8K_NAME,
5740	.id_table	= mwl8k_pci_id_table,
5741	.probe		= mwl8k_probe,
5742	.remove		= __devexit_p(mwl8k_remove),
5743	.shutdown	= __devexit_p(mwl8k_shutdown),
5744};
5745
5746static int __init mwl8k_init(void)
5747{
5748	return pci_register_driver(&mwl8k_driver);
5749}
5750
5751static void __exit mwl8k_exit(void)
5752{
5753	pci_unregister_driver(&mwl8k_driver);
5754}
5755
5756module_init(mwl8k_init);
5757module_exit(mwl8k_exit);
5758
5759MODULE_DESCRIPTION(MWL8K_DESC);
5760MODULE_VERSION(MWL8K_VERSION);
5761MODULE_AUTHOR("Lennert Buytenhek <buytenh@marvell.com>");
5762MODULE_LICENSE("GPL");
Configure Feed

Configure Feed
