drivers/net/wireless/mwl8k.c at v3.0-rc4

tjh.dev / kernel
fork
Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel os linux
fork
kernel / drivers / net / wireless / mwl8k.c
at v3.0-rc4 5764 lines 142 kB view raw
wrap content
   1/*
   2 * drivers/net/wireless/mwl8k.c
   3 * Driver for Marvell TOPDOG 802.11 Wireless cards
   4 *
   5 * Copyright (C) 2008, 2009, 2010 Marvell Semiconductor Inc.
   6 *
   7 * This file is licensed under the terms of the GNU General Public
   8 * License version 2.  This program is licensed "as is" without any
   9 * warranty of any kind, whether express or implied.
  10 */
  11
  12#include <linux/init.h>
  13#include <linux/module.h>
  14#include <linux/kernel.h>
  15#include <linux/sched.h>
  16#include <linux/spinlock.h>
  17#include <linux/list.h>
  18#include <linux/pci.h>
  19#include <linux/delay.h>
  20#include <linux/completion.h>
  21#include <linux/etherdevice.h>
  22#include <linux/slab.h>
  23#include <net/mac80211.h>
  24#include <linux/moduleparam.h>
  25#include <linux/firmware.h>
  26#include <linux/workqueue.h>
  27
  28#define MWL8K_DESC	"Marvell TOPDOG(R) 802.11 Wireless Network Driver"
  29#define MWL8K_NAME	KBUILD_MODNAME
  30#define MWL8K_VERSION	"0.12"
  31
  32/* Module parameters */
  33static unsigned ap_mode_default;
  34module_param(ap_mode_default, bool, 0);
  35MODULE_PARM_DESC(ap_mode_default,
  36		 "Set to 1 to make ap mode the default instead of sta mode");
  37
  38/* Register definitions */
  39#define MWL8K_HIU_GEN_PTR			0x00000c10
  40#define  MWL8K_MODE_STA				 0x0000005a
  41#define  MWL8K_MODE_AP				 0x000000a5
  42#define MWL8K_HIU_INT_CODE			0x00000c14
  43#define  MWL8K_FWSTA_READY			 0xf0f1f2f4
  44#define  MWL8K_FWAP_READY			 0xf1f2f4a5
  45#define  MWL8K_INT_CODE_CMD_FINISHED		 0x00000005
  46#define MWL8K_HIU_SCRATCH			0x00000c40
  47
  48/* Host->device communications */
  49#define MWL8K_HIU_H2A_INTERRUPT_EVENTS		0x00000c18
  50#define MWL8K_HIU_H2A_INTERRUPT_STATUS		0x00000c1c
  51#define MWL8K_HIU_H2A_INTERRUPT_MASK		0x00000c20
  52#define MWL8K_HIU_H2A_INTERRUPT_CLEAR_SEL	0x00000c24
  53#define MWL8K_HIU_H2A_INTERRUPT_STATUS_MASK	0x00000c28
  54#define  MWL8K_H2A_INT_DUMMY			 (1 << 20)
  55#define  MWL8K_H2A_INT_RESET			 (1 << 15)
  56#define  MWL8K_H2A_INT_DOORBELL			 (1 << 1)
  57#define  MWL8K_H2A_INT_PPA_READY		 (1 << 0)
  58
  59/* Device->host communications */
  60#define MWL8K_HIU_A2H_INTERRUPT_EVENTS		0x00000c2c
  61#define MWL8K_HIU_A2H_INTERRUPT_STATUS		0x00000c30
  62#define MWL8K_HIU_A2H_INTERRUPT_MASK		0x00000c34
  63#define MWL8K_HIU_A2H_INTERRUPT_CLEAR_SEL	0x00000c38
  64#define MWL8K_HIU_A2H_INTERRUPT_STATUS_MASK	0x00000c3c
  65#define  MWL8K_A2H_INT_DUMMY			 (1 << 20)
  66#define  MWL8K_A2H_INT_BA_WATCHDOG		 (1 << 14)
  67#define  MWL8K_A2H_INT_CHNL_SWITCHED		 (1 << 11)
  68#define  MWL8K_A2H_INT_QUEUE_EMPTY		 (1 << 10)
  69#define  MWL8K_A2H_INT_RADAR_DETECT		 (1 << 7)
  70#define  MWL8K_A2H_INT_RADIO_ON			 (1 << 6)
  71#define  MWL8K_A2H_INT_RADIO_OFF		 (1 << 5)
  72#define  MWL8K_A2H_INT_MAC_EVENT		 (1 << 3)
  73#define  MWL8K_A2H_INT_OPC_DONE			 (1 << 2)
  74#define  MWL8K_A2H_INT_RX_READY			 (1 << 1)
  75#define  MWL8K_A2H_INT_TX_DONE			 (1 << 0)
  76
  77/* HW micro second timer register
  78 * located at offset 0xA600. This
  79 * will be used to timestamp tx
  80 * packets.
  81 */
  82
  83#define	MWL8K_HW_TIMER_REGISTER			0x0000a600
  84
  85#define MWL8K_A2H_EVENTS	(MWL8K_A2H_INT_DUMMY | \
  86				 MWL8K_A2H_INT_CHNL_SWITCHED | \
  87				 MWL8K_A2H_INT_QUEUE_EMPTY | \
  88				 MWL8K_A2H_INT_RADAR_DETECT | \
  89				 MWL8K_A2H_INT_RADIO_ON | \
  90				 MWL8K_A2H_INT_RADIO_OFF | \
  91				 MWL8K_A2H_INT_MAC_EVENT | \
  92				 MWL8K_A2H_INT_OPC_DONE | \
  93				 MWL8K_A2H_INT_RX_READY | \
  94				 MWL8K_A2H_INT_TX_DONE | \
  95				 MWL8K_A2H_INT_BA_WATCHDOG)
  96
  97#define MWL8K_RX_QUEUES		1
  98#define MWL8K_TX_WMM_QUEUES	4
  99#define MWL8K_MAX_AMPDU_QUEUES	8
 100#define MWL8K_MAX_TX_QUEUES	(MWL8K_TX_WMM_QUEUES + MWL8K_MAX_AMPDU_QUEUES)
 101#define mwl8k_tx_queues(priv)	(MWL8K_TX_WMM_QUEUES + (priv)->num_ampdu_queues)
 102
 103struct rxd_ops {
 104	int rxd_size;
 105	void (*rxd_init)(void *rxd, dma_addr_t next_dma_addr);
 106	void (*rxd_refill)(void *rxd, dma_addr_t addr, int len);
 107	int (*rxd_process)(void *rxd, struct ieee80211_rx_status *status,
 108			   __le16 *qos, s8 *noise);
 109};
 110
 111struct mwl8k_device_info {
 112	char *part_name;
 113	char *helper_image;
 114	char *fw_image_sta;
 115	char *fw_image_ap;
 116	struct rxd_ops *ap_rxd_ops;
 117	u32 fw_api_ap;
 118};
 119
 120struct mwl8k_rx_queue {
 121	int rxd_count;
 122
 123	/* hw receives here */
 124	int head;
 125
 126	/* refill descs here */
 127	int tail;
 128
 129	void *rxd;
 130	dma_addr_t rxd_dma;
 131	struct {
 132		struct sk_buff *skb;
 133		DEFINE_DMA_UNMAP_ADDR(dma);
 134	} *buf;
 135};
 136
 137struct mwl8k_tx_queue {
 138	/* hw transmits here */
 139	int head;
 140
 141	/* sw appends here */
 142	int tail;
 143
 144	unsigned int len;
 145	struct mwl8k_tx_desc *txd;
 146	dma_addr_t txd_dma;
 147	struct sk_buff **skb;
 148};
 149
 150enum {
 151	AMPDU_NO_STREAM,
 152	AMPDU_STREAM_NEW,
 153	AMPDU_STREAM_IN_PROGRESS,
 154	AMPDU_STREAM_ACTIVE,
 155};
 156
 157struct mwl8k_ampdu_stream {
 158	struct ieee80211_sta *sta;
 159	u8 tid;
 160	u8 state;
 161	u8 idx;
 162	u8 txq_idx; /* index of this stream in priv->txq */
 163};
 164
 165struct mwl8k_priv {
 166	struct ieee80211_hw *hw;
 167	struct pci_dev *pdev;
 168	int irq;
 169
 170	struct mwl8k_device_info *device_info;
 171
 172	void __iomem *sram;
 173	void __iomem *regs;
 174
 175	/* firmware */
 176	const struct firmware *fw_helper;
 177	const struct firmware *fw_ucode;
 178
 179	/* hardware/firmware parameters */
 180	bool ap_fw;
 181	struct rxd_ops *rxd_ops;
 182	struct ieee80211_supported_band band_24;
 183	struct ieee80211_channel channels_24[14];
 184	struct ieee80211_rate rates_24[14];
 185	struct ieee80211_supported_band band_50;
 186	struct ieee80211_channel channels_50[4];
 187	struct ieee80211_rate rates_50[9];
 188	u32 ap_macids_supported;
 189	u32 sta_macids_supported;
 190
 191	/* Ampdu stream information */
 192	u8 num_ampdu_queues;
 193	spinlock_t stream_lock;
 194	struct mwl8k_ampdu_stream ampdu[MWL8K_MAX_AMPDU_QUEUES];
 195	struct work_struct watchdog_ba_handle;
 196
 197	/* firmware access */
 198	struct mutex fw_mutex;
 199	struct task_struct *fw_mutex_owner;
 200	int fw_mutex_depth;
 201	struct completion *hostcmd_wait;
 202
 203	/* lock held over TX and TX reap */
 204	spinlock_t tx_lock;
 205
 206	/* TX quiesce completion, protected by fw_mutex and tx_lock */
 207	struct completion *tx_wait;
 208
 209	/* List of interfaces.  */
 210	u32 macids_used;
 211	struct list_head vif_list;
 212
 213	/* power management status cookie from firmware */
 214	u32 *cookie;
 215	dma_addr_t cookie_dma;
 216
 217	u16 num_mcaddrs;
 218	u8 hw_rev;
 219	u32 fw_rev;
 220
 221	/*
 222	 * Running count of TX packets in flight, to avoid
 223	 * iterating over the transmit rings each time.
 224	 */
 225	int pending_tx_pkts;
 226
 227	struct mwl8k_rx_queue rxq[MWL8K_RX_QUEUES];
 228	struct mwl8k_tx_queue txq[MWL8K_MAX_TX_QUEUES];
 229	u32 txq_offset[MWL8K_MAX_TX_QUEUES];
 230
 231	bool radio_on;
 232	bool radio_short_preamble;
 233	bool sniffer_enabled;
 234	bool wmm_enabled;
 235
 236	/* XXX need to convert this to handle multiple interfaces */
 237	bool capture_beacon;
 238	u8 capture_bssid[ETH_ALEN];
 239	struct sk_buff *beacon_skb;
 240
 241	/*
 242	 * This FJ worker has to be global as it is scheduled from the
 243	 * RX handler.  At this point we don't know which interface it
 244	 * belongs to until the list of bssids waiting to complete join
 245	 * is checked.
 246	 */
 247	struct work_struct finalize_join_worker;
 248
 249	/* Tasklet to perform TX reclaim.  */
 250	struct tasklet_struct poll_tx_task;
 251
 252	/* Tasklet to perform RX.  */
 253	struct tasklet_struct poll_rx_task;
 254
 255	/* Most recently reported noise in dBm */
 256	s8 noise;
 257
 258	/*
 259	 * preserve the queue configurations so they can be restored if/when
 260	 * the firmware image is swapped.
 261	 */
 262	struct ieee80211_tx_queue_params wmm_params[MWL8K_TX_WMM_QUEUES];
 263
 264	/* async firmware loading state */
 265	unsigned fw_state;
 266	char *fw_pref;
 267	char *fw_alt;
 268	struct completion firmware_loading_complete;
 269};
 270
 271#define MAX_WEP_KEY_LEN         13
 272#define NUM_WEP_KEYS            4
 273
 274/* Per interface specific private data */
 275struct mwl8k_vif {
 276	struct list_head list;
 277	struct ieee80211_vif *vif;
 278
 279	/* Firmware macid for this vif.  */
 280	int macid;
 281
 282	/* Non AMPDU sequence number assigned by driver.  */
 283	u16 seqno;
 284
 285	/* Saved WEP keys */
 286	struct {
 287		u8 enabled;
 288		u8 key[sizeof(struct ieee80211_key_conf) + MAX_WEP_KEY_LEN];
 289	} wep_key_conf[NUM_WEP_KEYS];
 290
 291	/* BSSID */
 292	u8 bssid[ETH_ALEN];
 293
 294	/* A flag to indicate is HW crypto is enabled for this bssid */
 295	bool is_hw_crypto_enabled;
 296};
 297#define MWL8K_VIF(_vif) ((struct mwl8k_vif *)&((_vif)->drv_priv))
 298#define IEEE80211_KEY_CONF(_u8) ((struct ieee80211_key_conf *)(_u8))
 299
 300struct tx_traffic_info {
 301	u32 start_time;
 302	u32 pkts;
 303};
 304
 305#define MWL8K_MAX_TID 8
 306struct mwl8k_sta {
 307	/* Index into station database. Returned by UPDATE_STADB.  */
 308	u8 peer_id;
 309	u8 is_ampdu_allowed;
 310	struct tx_traffic_info tx_stats[MWL8K_MAX_TID];
 311};
 312#define MWL8K_STA(_sta) ((struct mwl8k_sta *)&((_sta)->drv_priv))
 313
 314static const struct ieee80211_channel mwl8k_channels_24[] = {
 315	{ .center_freq = 2412, .hw_value = 1, },
 316	{ .center_freq = 2417, .hw_value = 2, },
 317	{ .center_freq = 2422, .hw_value = 3, },
 318	{ .center_freq = 2427, .hw_value = 4, },
 319	{ .center_freq = 2432, .hw_value = 5, },
 320	{ .center_freq = 2437, .hw_value = 6, },
 321	{ .center_freq = 2442, .hw_value = 7, },
 322	{ .center_freq = 2447, .hw_value = 8, },
 323	{ .center_freq = 2452, .hw_value = 9, },
 324	{ .center_freq = 2457, .hw_value = 10, },
 325	{ .center_freq = 2462, .hw_value = 11, },
 326	{ .center_freq = 2467, .hw_value = 12, },
 327	{ .center_freq = 2472, .hw_value = 13, },
 328	{ .center_freq = 2484, .hw_value = 14, },
 329};
 330
 331static const struct ieee80211_rate mwl8k_rates_24[] = {
 332	{ .bitrate = 10, .hw_value = 2, },
 333	{ .bitrate = 20, .hw_value = 4, },
 334	{ .bitrate = 55, .hw_value = 11, },
 335	{ .bitrate = 110, .hw_value = 22, },
 336	{ .bitrate = 220, .hw_value = 44, },
 337	{ .bitrate = 60, .hw_value = 12, },
 338	{ .bitrate = 90, .hw_value = 18, },
 339	{ .bitrate = 120, .hw_value = 24, },
 340	{ .bitrate = 180, .hw_value = 36, },
 341	{ .bitrate = 240, .hw_value = 48, },
 342	{ .bitrate = 360, .hw_value = 72, },
 343	{ .bitrate = 480, .hw_value = 96, },
 344	{ .bitrate = 540, .hw_value = 108, },
 345	{ .bitrate = 720, .hw_value = 144, },
 346};
 347
 348static const struct ieee80211_channel mwl8k_channels_50[] = {
 349	{ .center_freq = 5180, .hw_value = 36, },
 350	{ .center_freq = 5200, .hw_value = 40, },
 351	{ .center_freq = 5220, .hw_value = 44, },
 352	{ .center_freq = 5240, .hw_value = 48, },
 353};
 354
 355static const struct ieee80211_rate mwl8k_rates_50[] = {
 356	{ .bitrate = 60, .hw_value = 12, },
 357	{ .bitrate = 90, .hw_value = 18, },
 358	{ .bitrate = 120, .hw_value = 24, },
 359	{ .bitrate = 180, .hw_value = 36, },
 360	{ .bitrate = 240, .hw_value = 48, },
 361	{ .bitrate = 360, .hw_value = 72, },
 362	{ .bitrate = 480, .hw_value = 96, },
 363	{ .bitrate = 540, .hw_value = 108, },
 364	{ .bitrate = 720, .hw_value = 144, },
 365};
 366
 367/* Set or get info from Firmware */
 368#define MWL8K_CMD_GET			0x0000
 369#define MWL8K_CMD_SET			0x0001
 370#define MWL8K_CMD_SET_LIST		0x0002
 371
 372/* Firmware command codes */
 373#define MWL8K_CMD_CODE_DNLD		0x0001
 374#define MWL8K_CMD_GET_HW_SPEC		0x0003
 375#define MWL8K_CMD_SET_HW_SPEC		0x0004
 376#define MWL8K_CMD_MAC_MULTICAST_ADR	0x0010
 377#define MWL8K_CMD_GET_STAT		0x0014
 378#define MWL8K_CMD_RADIO_CONTROL		0x001c
 379#define MWL8K_CMD_RF_TX_POWER		0x001e
 380#define MWL8K_CMD_TX_POWER		0x001f
 381#define MWL8K_CMD_RF_ANTENNA		0x0020
 382#define MWL8K_CMD_SET_BEACON		0x0100		/* per-vif */
 383#define MWL8K_CMD_SET_PRE_SCAN		0x0107
 384#define MWL8K_CMD_SET_POST_SCAN		0x0108
 385#define MWL8K_CMD_SET_RF_CHANNEL	0x010a
 386#define MWL8K_CMD_SET_AID		0x010d
 387#define MWL8K_CMD_SET_RATE		0x0110
 388#define MWL8K_CMD_SET_FINALIZE_JOIN	0x0111
 389#define MWL8K_CMD_RTS_THRESHOLD		0x0113
 390#define MWL8K_CMD_SET_SLOT		0x0114
 391#define MWL8K_CMD_SET_EDCA_PARAMS	0x0115
 392#define MWL8K_CMD_SET_WMM_MODE		0x0123
 393#define MWL8K_CMD_MIMO_CONFIG		0x0125
 394#define MWL8K_CMD_USE_FIXED_RATE	0x0126
 395#define MWL8K_CMD_ENABLE_SNIFFER	0x0150
 396#define MWL8K_CMD_SET_MAC_ADDR		0x0202		/* per-vif */
 397#define MWL8K_CMD_SET_RATEADAPT_MODE	0x0203
 398#define MWL8K_CMD_GET_WATCHDOG_BITMAP	0x0205
 399#define MWL8K_CMD_BSS_START		0x1100		/* per-vif */
 400#define MWL8K_CMD_SET_NEW_STN		0x1111		/* per-vif */
 401#define MWL8K_CMD_UPDATE_ENCRYPTION	0x1122		/* per-vif */
 402#define MWL8K_CMD_UPDATE_STADB		0x1123
 403#define MWL8K_CMD_BASTREAM		0x1125
 404
 405static const char *mwl8k_cmd_name(__le16 cmd, char *buf, int bufsize)
 406{
 407	u16 command = le16_to_cpu(cmd);
 408
 409#define MWL8K_CMDNAME(x)	case MWL8K_CMD_##x: do {\
 410					snprintf(buf, bufsize, "%s", #x);\
 411					return buf;\
 412					} while (0)
 413	switch (command & ~0x8000) {
 414		MWL8K_CMDNAME(CODE_DNLD);
 415		MWL8K_CMDNAME(GET_HW_SPEC);
 416		MWL8K_CMDNAME(SET_HW_SPEC);
 417		MWL8K_CMDNAME(MAC_MULTICAST_ADR);
 418		MWL8K_CMDNAME(GET_STAT);
 419		MWL8K_CMDNAME(RADIO_CONTROL);
 420		MWL8K_CMDNAME(RF_TX_POWER);
 421		MWL8K_CMDNAME(TX_POWER);
 422		MWL8K_CMDNAME(RF_ANTENNA);
 423		MWL8K_CMDNAME(SET_BEACON);
 424		MWL8K_CMDNAME(SET_PRE_SCAN);
 425		MWL8K_CMDNAME(SET_POST_SCAN);
 426		MWL8K_CMDNAME(SET_RF_CHANNEL);
 427		MWL8K_CMDNAME(SET_AID);
 428		MWL8K_CMDNAME(SET_RATE);
 429		MWL8K_CMDNAME(SET_FINALIZE_JOIN);
 430		MWL8K_CMDNAME(RTS_THRESHOLD);
 431		MWL8K_CMDNAME(SET_SLOT);
 432		MWL8K_CMDNAME(SET_EDCA_PARAMS);
 433		MWL8K_CMDNAME(SET_WMM_MODE);
 434		MWL8K_CMDNAME(MIMO_CONFIG);
 435		MWL8K_CMDNAME(USE_FIXED_RATE);
 436		MWL8K_CMDNAME(ENABLE_SNIFFER);
 437		MWL8K_CMDNAME(SET_MAC_ADDR);
 438		MWL8K_CMDNAME(SET_RATEADAPT_MODE);
 439		MWL8K_CMDNAME(BSS_START);
 440		MWL8K_CMDNAME(SET_NEW_STN);
 441		MWL8K_CMDNAME(UPDATE_ENCRYPTION);
 442		MWL8K_CMDNAME(UPDATE_STADB);
 443		MWL8K_CMDNAME(BASTREAM);
 444		MWL8K_CMDNAME(GET_WATCHDOG_BITMAP);
 445	default:
 446		snprintf(buf, bufsize, "0x%x", cmd);
 447	}
 448#undef MWL8K_CMDNAME
 449
 450	return buf;
 451}
 452
 453/* Hardware and firmware reset */
 454static void mwl8k_hw_reset(struct mwl8k_priv *priv)
 455{
 456	iowrite32(MWL8K_H2A_INT_RESET,
 457		priv->regs + MWL8K_HIU_H2A_INTERRUPT_EVENTS);
 458	iowrite32(MWL8K_H2A_INT_RESET,
 459		priv->regs + MWL8K_HIU_H2A_INTERRUPT_EVENTS);
 460	msleep(20);
 461}
 462
 463/* Release fw image */
 464static void mwl8k_release_fw(const struct firmware **fw)
 465{
 466	if (*fw == NULL)
 467		return;
 468	release_firmware(*fw);
 469	*fw = NULL;
 470}
 471
 472static void mwl8k_release_firmware(struct mwl8k_priv *priv)
 473{
 474	mwl8k_release_fw(&priv->fw_ucode);
 475	mwl8k_release_fw(&priv->fw_helper);
 476}
 477
 478/* states for asynchronous f/w loading */
 479static void mwl8k_fw_state_machine(const struct firmware *fw, void *context);
 480enum {
 481	FW_STATE_INIT = 0,
 482	FW_STATE_LOADING_PREF,
 483	FW_STATE_LOADING_ALT,
 484	FW_STATE_ERROR,
 485};
 486
 487/* Request fw image */
 488static int mwl8k_request_fw(struct mwl8k_priv *priv,
 489			    const char *fname, const struct firmware **fw,
 490			    bool nowait)
 491{
 492	/* release current image */
 493	if (*fw != NULL)
 494		mwl8k_release_fw(fw);
 495
 496	if (nowait)
 497		return request_firmware_nowait(THIS_MODULE, 1, fname,
 498					       &priv->pdev->dev, GFP_KERNEL,
 499					       priv, mwl8k_fw_state_machine);
 500	else
 501		return request_firmware(fw, fname, &priv->pdev->dev);
 502}
 503
 504static int mwl8k_request_firmware(struct mwl8k_priv *priv, char *fw_image,
 505				  bool nowait)
 506{
 507	struct mwl8k_device_info *di = priv->device_info;
 508	int rc;
 509
 510	if (di->helper_image != NULL) {
 511		if (nowait)
 512			rc = mwl8k_request_fw(priv, di->helper_image,
 513					      &priv->fw_helper, true);
 514		else
 515			rc = mwl8k_request_fw(priv, di->helper_image,
 516					      &priv->fw_helper, false);
 517		if (rc)
 518			printk(KERN_ERR "%s: Error requesting helper fw %s\n",
 519			       pci_name(priv->pdev), di->helper_image);
 520
 521		if (rc || nowait)
 522			return rc;
 523	}
 524
 525	if (nowait) {
 526		/*
 527		 * if we get here, no helper image is needed.  Skip the
 528		 * FW_STATE_INIT state.
 529		 */
 530		priv->fw_state = FW_STATE_LOADING_PREF;
 531		rc = mwl8k_request_fw(priv, fw_image,
 532				      &priv->fw_ucode,
 533				      true);
 534	} else
 535		rc = mwl8k_request_fw(priv, fw_image,
 536				      &priv->fw_ucode, false);
 537	if (rc) {
 538		printk(KERN_ERR "%s: Error requesting firmware file %s\n",
 539		       pci_name(priv->pdev), fw_image);
 540		mwl8k_release_fw(&priv->fw_helper);
 541		return rc;
 542	}
 543
 544	return 0;
 545}
 546
 547struct mwl8k_cmd_pkt {
 548	__le16	code;
 549	__le16	length;
 550	__u8	seq_num;
 551	__u8	macid;
 552	__le16	result;
 553	char	payload[0];
 554} __packed;
 555
 556/*
 557 * Firmware loading.
 558 */
 559static int
 560mwl8k_send_fw_load_cmd(struct mwl8k_priv *priv, void *data, int length)
 561{
 562	void __iomem *regs = priv->regs;
 563	dma_addr_t dma_addr;
 564	int loops;
 565
 566	dma_addr = pci_map_single(priv->pdev, data, length, PCI_DMA_TODEVICE);
 567	if (pci_dma_mapping_error(priv->pdev, dma_addr))
 568		return -ENOMEM;
 569
 570	iowrite32(dma_addr, regs + MWL8K_HIU_GEN_PTR);
 571	iowrite32(0, regs + MWL8K_HIU_INT_CODE);
 572	iowrite32(MWL8K_H2A_INT_DOORBELL,
 573		regs + MWL8K_HIU_H2A_INTERRUPT_EVENTS);
 574	iowrite32(MWL8K_H2A_INT_DUMMY,
 575		regs + MWL8K_HIU_H2A_INTERRUPT_EVENTS);
 576
 577	loops = 1000;
 578	do {
 579		u32 int_code;
 580
 581		int_code = ioread32(regs + MWL8K_HIU_INT_CODE);
 582		if (int_code == MWL8K_INT_CODE_CMD_FINISHED) {
 583			iowrite32(0, regs + MWL8K_HIU_INT_CODE);
 584			break;
 585		}
 586
 587		cond_resched();
 588		udelay(1);
 589	} while (--loops);
 590
 591	pci_unmap_single(priv->pdev, dma_addr, length, PCI_DMA_TODEVICE);
 592
 593	return loops ? 0 : -ETIMEDOUT;
 594}
 595
 596static int mwl8k_load_fw_image(struct mwl8k_priv *priv,
 597				const u8 *data, size_t length)
 598{
 599	struct mwl8k_cmd_pkt *cmd;
 600	int done;
 601	int rc = 0;
 602
 603	cmd = kmalloc(sizeof(*cmd) + 256, GFP_KERNEL);
 604	if (cmd == NULL)
 605		return -ENOMEM;
 606
 607	cmd->code = cpu_to_le16(MWL8K_CMD_CODE_DNLD);
 608	cmd->seq_num = 0;
 609	cmd->macid = 0;
 610	cmd->result = 0;
 611
 612	done = 0;
 613	while (length) {
 614		int block_size = length > 256 ? 256 : length;
 615
 616		memcpy(cmd->payload, data + done, block_size);
 617		cmd->length = cpu_to_le16(block_size);
 618
 619		rc = mwl8k_send_fw_load_cmd(priv, cmd,
 620						sizeof(*cmd) + block_size);
 621		if (rc)
 622			break;
 623
 624		done += block_size;
 625		length -= block_size;
 626	}
 627
 628	if (!rc) {
 629		cmd->length = 0;
 630		rc = mwl8k_send_fw_load_cmd(priv, cmd, sizeof(*cmd));
 631	}
 632
 633	kfree(cmd);
 634
 635	return rc;
 636}
 637
 638static int mwl8k_feed_fw_image(struct mwl8k_priv *priv,
 639				const u8 *data, size_t length)
 640{
 641	unsigned char *buffer;
 642	int may_continue, rc = 0;
 643	u32 done, prev_block_size;
 644
 645	buffer = kmalloc(1024, GFP_KERNEL);
 646	if (buffer == NULL)
 647		return -ENOMEM;
 648
 649	done = 0;
 650	prev_block_size = 0;
 651	may_continue = 1000;
 652	while (may_continue > 0) {
 653		u32 block_size;
 654
 655		block_size = ioread32(priv->regs + MWL8K_HIU_SCRATCH);
 656		if (block_size & 1) {
 657			block_size &= ~1;
 658			may_continue--;
 659		} else {
 660			done += prev_block_size;
 661			length -= prev_block_size;
 662		}
 663
 664		if (block_size > 1024 || block_size > length) {
 665			rc = -EOVERFLOW;
 666			break;
 667		}
 668
 669		if (length == 0) {
 670			rc = 0;
 671			break;
 672		}
 673
 674		if (block_size == 0) {
 675			rc = -EPROTO;
 676			may_continue--;
 677			udelay(1);
 678			continue;
 679		}
 680
 681		prev_block_size = block_size;
 682		memcpy(buffer, data + done, block_size);
 683
 684		rc = mwl8k_send_fw_load_cmd(priv, buffer, block_size);
 685		if (rc)
 686			break;
 687	}
 688
 689	if (!rc && length != 0)
 690		rc = -EREMOTEIO;
 691
 692	kfree(buffer);
 693
 694	return rc;
 695}
 696
 697static int mwl8k_load_firmware(struct ieee80211_hw *hw)
 698{
 699	struct mwl8k_priv *priv = hw->priv;
 700	const struct firmware *fw = priv->fw_ucode;
 701	int rc;
 702	int loops;
 703
 704	if (!memcmp(fw->data, "\x01\x00\x00\x00", 4)) {
 705		const struct firmware *helper = priv->fw_helper;
 706
 707		if (helper == NULL) {
 708			printk(KERN_ERR "%s: helper image needed but none "
 709			       "given\n", pci_name(priv->pdev));
 710			return -EINVAL;
 711		}
 712
 713		rc = mwl8k_load_fw_image(priv, helper->data, helper->size);
 714		if (rc) {
 715			printk(KERN_ERR "%s: unable to load firmware "
 716			       "helper image\n", pci_name(priv->pdev));
 717			return rc;
 718		}
 719		msleep(20);
 720
 721		rc = mwl8k_feed_fw_image(priv, fw->data, fw->size);
 722	} else {
 723		rc = mwl8k_load_fw_image(priv, fw->data, fw->size);
 724	}
 725
 726	if (rc) {
 727		printk(KERN_ERR "%s: unable to load firmware image\n",
 728		       pci_name(priv->pdev));
 729		return rc;
 730	}
 731
 732	iowrite32(MWL8K_MODE_STA, priv->regs + MWL8K_HIU_GEN_PTR);
 733
 734	loops = 500000;
 735	do {
 736		u32 ready_code;
 737
 738		ready_code = ioread32(priv->regs + MWL8K_HIU_INT_CODE);
 739		if (ready_code == MWL8K_FWAP_READY) {
 740			priv->ap_fw = 1;
 741			break;
 742		} else if (ready_code == MWL8K_FWSTA_READY) {
 743			priv->ap_fw = 0;
 744			break;
 745		}
 746
 747		cond_resched();
 748		udelay(1);
 749	} while (--loops);
 750
 751	return loops ? 0 : -ETIMEDOUT;
 752}
 753
 754
 755/* DMA header used by firmware and hardware.  */
 756struct mwl8k_dma_data {
 757	__le16 fwlen;
 758	struct ieee80211_hdr wh;
 759	char data[0];
 760} __packed;
 761
 762/* Routines to add/remove DMA header from skb.  */
 763static inline void mwl8k_remove_dma_header(struct sk_buff *skb, __le16 qos)
 764{
 765	struct mwl8k_dma_data *tr;
 766	int hdrlen;
 767
 768	tr = (struct mwl8k_dma_data *)skb->data;
 769	hdrlen = ieee80211_hdrlen(tr->wh.frame_control);
 770
 771	if (hdrlen != sizeof(tr->wh)) {
 772		if (ieee80211_is_data_qos(tr->wh.frame_control)) {
 773			memmove(tr->data - hdrlen, &tr->wh, hdrlen - 2);
 774			*((__le16 *)(tr->data - 2)) = qos;
 775		} else {
 776			memmove(tr->data - hdrlen, &tr->wh, hdrlen);
 777		}
 778	}
 779
 780	if (hdrlen != sizeof(*tr))
 781		skb_pull(skb, sizeof(*tr) - hdrlen);
 782}
 783
 784#define REDUCED_TX_HEADROOM	8
 785
 786static void
 787mwl8k_add_dma_header(struct mwl8k_priv *priv, struct sk_buff *skb,
 788						int head_pad, int tail_pad)
 789{
 790	struct ieee80211_hdr *wh;
 791	int hdrlen;
 792	int reqd_hdrlen;
 793	struct mwl8k_dma_data *tr;
 794
 795	/*
 796	 * Add a firmware DMA header; the firmware requires that we
 797	 * present a 2-byte payload length followed by a 4-address
 798	 * header (without QoS field), followed (optionally) by any
 799	 * WEP/ExtIV header (but only filled in for CCMP).
 800	 */
 801	wh = (struct ieee80211_hdr *)skb->data;
 802
 803	hdrlen = ieee80211_hdrlen(wh->frame_control);
 804
 805	/*
 806	 * Check if skb_resize is required because of
 807	 * tx_headroom adjustment.
 808	 */
 809	if (priv->ap_fw && (hdrlen < (sizeof(struct ieee80211_cts)
 810						+ REDUCED_TX_HEADROOM))) {
 811		if (pskb_expand_head(skb, REDUCED_TX_HEADROOM, 0, GFP_ATOMIC)) {
 812
 813			wiphy_err(priv->hw->wiphy,
 814					"Failed to reallocate TX buffer\n");
 815			return;
 816		}
 817		skb->truesize += REDUCED_TX_HEADROOM;
 818	}
 819
 820	reqd_hdrlen = sizeof(*tr) + head_pad;
 821
 822	if (hdrlen != reqd_hdrlen)
 823		skb_push(skb, reqd_hdrlen - hdrlen);
 824
 825	if (ieee80211_is_data_qos(wh->frame_control))
 826		hdrlen -= IEEE80211_QOS_CTL_LEN;
 827
 828	tr = (struct mwl8k_dma_data *)skb->data;
 829	if (wh != &tr->wh)
 830		memmove(&tr->wh, wh, hdrlen);
 831	if (hdrlen != sizeof(tr->wh))
 832		memset(((void *)&tr->wh) + hdrlen, 0, sizeof(tr->wh) - hdrlen);
 833
 834	/*
 835	 * Firmware length is the length of the fully formed "802.11
 836	 * payload".  That is, everything except for the 802.11 header.
 837	 * This includes all crypto material including the MIC.
 838	 */
 839	tr->fwlen = cpu_to_le16(skb->len - sizeof(*tr) + tail_pad);
 840}
 841
 842static void mwl8k_encapsulate_tx_frame(struct mwl8k_priv *priv,
 843		struct sk_buff *skb)
 844{
 845	struct ieee80211_hdr *wh;
 846	struct ieee80211_tx_info *tx_info;
 847	struct ieee80211_key_conf *key_conf;
 848	int data_pad;
 849	int head_pad = 0;
 850
 851	wh = (struct ieee80211_hdr *)skb->data;
 852
 853	tx_info = IEEE80211_SKB_CB(skb);
 854
 855	key_conf = NULL;
 856	if (ieee80211_is_data(wh->frame_control))
 857		key_conf = tx_info->control.hw_key;
 858
 859	/*
 860	 * Make sure the packet header is in the DMA header format (4-address
 861	 * without QoS), and add head & tail padding when HW crypto is enabled.
 862	 *
 863	 * We have the following trailer padding requirements:
 864	 * - WEP: 4 trailer bytes (ICV)
 865	 * - TKIP: 12 trailer bytes (8 MIC + 4 ICV)
 866	 * - CCMP: 8 trailer bytes (MIC)
 867	 */
 868	data_pad = 0;
 869	if (key_conf != NULL) {
 870		head_pad = key_conf->iv_len;
 871		switch (key_conf->cipher) {
 872		case WLAN_CIPHER_SUITE_WEP40:
 873		case WLAN_CIPHER_SUITE_WEP104:
 874			data_pad = 4;
 875			break;
 876		case WLAN_CIPHER_SUITE_TKIP:
 877			data_pad = 12;
 878			break;
 879		case WLAN_CIPHER_SUITE_CCMP:
 880			data_pad = 8;
 881			break;
 882		}
 883	}
 884	mwl8k_add_dma_header(priv, skb, head_pad, data_pad);
 885}
 886
 887/*
 888 * Packet reception for 88w8366 AP firmware.
 889 */
 890struct mwl8k_rxd_8366_ap {
 891	__le16 pkt_len;
 892	__u8 sq2;
 893	__u8 rate;
 894	__le32 pkt_phys_addr;
 895	__le32 next_rxd_phys_addr;
 896	__le16 qos_control;
 897	__le16 htsig2;
 898	__le32 hw_rssi_info;
 899	__le32 hw_noise_floor_info;
 900	__u8 noise_floor;
 901	__u8 pad0[3];
 902	__u8 rssi;
 903	__u8 rx_status;
 904	__u8 channel;
 905	__u8 rx_ctrl;
 906} __packed;
 907
 908#define MWL8K_8366_AP_RATE_INFO_MCS_FORMAT	0x80
 909#define MWL8K_8366_AP_RATE_INFO_40MHZ		0x40
 910#define MWL8K_8366_AP_RATE_INFO_RATEID(x)	((x) & 0x3f)
 911
 912#define MWL8K_8366_AP_RX_CTRL_OWNED_BY_HOST	0x80
 913
 914/* 8366 AP rx_status bits */
 915#define MWL8K_8366_AP_RXSTAT_DECRYPT_ERR_MASK		0x80
 916#define MWL8K_8366_AP_RXSTAT_GENERAL_DECRYPT_ERR	0xFF
 917#define MWL8K_8366_AP_RXSTAT_TKIP_DECRYPT_MIC_ERR	0x02
 918#define MWL8K_8366_AP_RXSTAT_WEP_DECRYPT_ICV_ERR	0x04
 919#define MWL8K_8366_AP_RXSTAT_TKIP_DECRYPT_ICV_ERR	0x08
 920
 921static void mwl8k_rxd_8366_ap_init(void *_rxd, dma_addr_t next_dma_addr)
 922{
 923	struct mwl8k_rxd_8366_ap *rxd = _rxd;
 924
 925	rxd->next_rxd_phys_addr = cpu_to_le32(next_dma_addr);
 926	rxd->rx_ctrl = MWL8K_8366_AP_RX_CTRL_OWNED_BY_HOST;
 927}
 928
 929static void mwl8k_rxd_8366_ap_refill(void *_rxd, dma_addr_t addr, int len)
 930{
 931	struct mwl8k_rxd_8366_ap *rxd = _rxd;
 932
 933	rxd->pkt_len = cpu_to_le16(len);
 934	rxd->pkt_phys_addr = cpu_to_le32(addr);
 935	wmb();
 936	rxd->rx_ctrl = 0;
 937}
 938
 939static int
 940mwl8k_rxd_8366_ap_process(void *_rxd, struct ieee80211_rx_status *status,
 941			  __le16 *qos, s8 *noise)
 942{
 943	struct mwl8k_rxd_8366_ap *rxd = _rxd;
 944
 945	if (!(rxd->rx_ctrl & MWL8K_8366_AP_RX_CTRL_OWNED_BY_HOST))
 946		return -1;
 947	rmb();
 948
 949	memset(status, 0, sizeof(*status));
 950
 951	status->signal = -rxd->rssi;
 952	*noise = -rxd->noise_floor;
 953
 954	if (rxd->rate & MWL8K_8366_AP_RATE_INFO_MCS_FORMAT) {
 955		status->flag |= RX_FLAG_HT;
 956		if (rxd->rate & MWL8K_8366_AP_RATE_INFO_40MHZ)
 957			status->flag |= RX_FLAG_40MHZ;
 958		status->rate_idx = MWL8K_8366_AP_RATE_INFO_RATEID(rxd->rate);
 959	} else {
 960		int i;
 961
 962		for (i = 0; i < ARRAY_SIZE(mwl8k_rates_24); i++) {
 963			if (mwl8k_rates_24[i].hw_value == rxd->rate) {
 964				status->rate_idx = i;
 965				break;
 966			}
 967		}
 968	}
 969
 970	if (rxd->channel > 14) {
 971		status->band = IEEE80211_BAND_5GHZ;
 972		if (!(status->flag & RX_FLAG_HT))
 973			status->rate_idx -= 5;
 974	} else {
 975		status->band = IEEE80211_BAND_2GHZ;
 976	}
 977	status->freq = ieee80211_channel_to_frequency(rxd->channel,
 978						      status->band);
 979
 980	*qos = rxd->qos_control;
 981
 982	if ((rxd->rx_status != MWL8K_8366_AP_RXSTAT_GENERAL_DECRYPT_ERR) &&
 983	    (rxd->rx_status & MWL8K_8366_AP_RXSTAT_DECRYPT_ERR_MASK) &&
 984	    (rxd->rx_status & MWL8K_8366_AP_RXSTAT_TKIP_DECRYPT_MIC_ERR))
 985		status->flag |= RX_FLAG_MMIC_ERROR;
 986
 987	return le16_to_cpu(rxd->pkt_len);
 988}
 989
 990static struct rxd_ops rxd_8366_ap_ops = {
 991	.rxd_size	= sizeof(struct mwl8k_rxd_8366_ap),
 992	.rxd_init	= mwl8k_rxd_8366_ap_init,
 993	.rxd_refill	= mwl8k_rxd_8366_ap_refill,
 994	.rxd_process	= mwl8k_rxd_8366_ap_process,
 995};
 996
 997/*
 998 * Packet reception for STA firmware.
 999 */
1000struct mwl8k_rxd_sta {
1001	__le16 pkt_len;
1002	__u8 link_quality;
1003	__u8 noise_level;
1004	__le32 pkt_phys_addr;
1005	__le32 next_rxd_phys_addr;
1006	__le16 qos_control;
1007	__le16 rate_info;
1008	__le32 pad0[4];
1009	__u8 rssi;
1010	__u8 channel;
1011	__le16 pad1;
1012	__u8 rx_ctrl;
1013	__u8 rx_status;
1014	__u8 pad2[2];
1015} __packed;
1016
1017#define MWL8K_STA_RATE_INFO_SHORTPRE		0x8000
1018#define MWL8K_STA_RATE_INFO_ANTSELECT(x)	(((x) >> 11) & 0x3)
1019#define MWL8K_STA_RATE_INFO_RATEID(x)		(((x) >> 3) & 0x3f)
1020#define MWL8K_STA_RATE_INFO_40MHZ		0x0004
1021#define MWL8K_STA_RATE_INFO_SHORTGI		0x0002
1022#define MWL8K_STA_RATE_INFO_MCS_FORMAT		0x0001
1023
1024#define MWL8K_STA_RX_CTRL_OWNED_BY_HOST		0x02
1025#define MWL8K_STA_RX_CTRL_DECRYPT_ERROR		0x04
1026/* ICV=0 or MIC=1 */
1027#define MWL8K_STA_RX_CTRL_DEC_ERR_TYPE		0x08
1028/* Key is uploaded only in failure case */
1029#define MWL8K_STA_RX_CTRL_KEY_INDEX			0x30
1030
1031static void mwl8k_rxd_sta_init(void *_rxd, dma_addr_t next_dma_addr)
1032{
1033	struct mwl8k_rxd_sta *rxd = _rxd;
1034
1035	rxd->next_rxd_phys_addr = cpu_to_le32(next_dma_addr);
1036	rxd->rx_ctrl = MWL8K_STA_RX_CTRL_OWNED_BY_HOST;
1037}
1038
1039static void mwl8k_rxd_sta_refill(void *_rxd, dma_addr_t addr, int len)
1040{
1041	struct mwl8k_rxd_sta *rxd = _rxd;
1042
1043	rxd->pkt_len = cpu_to_le16(len);
1044	rxd->pkt_phys_addr = cpu_to_le32(addr);
1045	wmb();
1046	rxd->rx_ctrl = 0;
1047}
1048
1049static int
1050mwl8k_rxd_sta_process(void *_rxd, struct ieee80211_rx_status *status,
1051		       __le16 *qos, s8 *noise)
1052{
1053	struct mwl8k_rxd_sta *rxd = _rxd;
1054	u16 rate_info;
1055
1056	if (!(rxd->rx_ctrl & MWL8K_STA_RX_CTRL_OWNED_BY_HOST))
1057		return -1;
1058	rmb();
1059
1060	rate_info = le16_to_cpu(rxd->rate_info);
1061
1062	memset(status, 0, sizeof(*status));
1063
1064	status->signal = -rxd->rssi;
1065	*noise = -rxd->noise_level;
1066	status->antenna = MWL8K_STA_RATE_INFO_ANTSELECT(rate_info);
1067	status->rate_idx = MWL8K_STA_RATE_INFO_RATEID(rate_info);
1068
1069	if (rate_info & MWL8K_STA_RATE_INFO_SHORTPRE)
1070		status->flag |= RX_FLAG_SHORTPRE;
1071	if (rate_info & MWL8K_STA_RATE_INFO_40MHZ)
1072		status->flag |= RX_FLAG_40MHZ;
1073	if (rate_info & MWL8K_STA_RATE_INFO_SHORTGI)
1074		status->flag |= RX_FLAG_SHORT_GI;
1075	if (rate_info & MWL8K_STA_RATE_INFO_MCS_FORMAT)
1076		status->flag |= RX_FLAG_HT;
1077
1078	if (rxd->channel > 14) {
1079		status->band = IEEE80211_BAND_5GHZ;
1080		if (!(status->flag & RX_FLAG_HT))
1081			status->rate_idx -= 5;
1082	} else {
1083		status->band = IEEE80211_BAND_2GHZ;
1084	}
1085	status->freq = ieee80211_channel_to_frequency(rxd->channel,
1086						      status->band);
1087
1088	*qos = rxd->qos_control;
1089	if ((rxd->rx_ctrl & MWL8K_STA_RX_CTRL_DECRYPT_ERROR) &&
1090	    (rxd->rx_ctrl & MWL8K_STA_RX_CTRL_DEC_ERR_TYPE))
1091		status->flag |= RX_FLAG_MMIC_ERROR;
1092
1093	return le16_to_cpu(rxd->pkt_len);
1094}
1095
1096static struct rxd_ops rxd_sta_ops = {
1097	.rxd_size	= sizeof(struct mwl8k_rxd_sta),
1098	.rxd_init	= mwl8k_rxd_sta_init,
1099	.rxd_refill	= mwl8k_rxd_sta_refill,
1100	.rxd_process	= mwl8k_rxd_sta_process,
1101};
1102
1103
1104#define MWL8K_RX_DESCS		256
1105#define MWL8K_RX_MAXSZ		3800
1106
1107static int mwl8k_rxq_init(struct ieee80211_hw *hw, int index)
1108{
1109	struct mwl8k_priv *priv = hw->priv;
1110	struct mwl8k_rx_queue *rxq = priv->rxq + index;
1111	int size;
1112	int i;
1113
1114	rxq->rxd_count = 0;
1115	rxq->head = 0;
1116	rxq->tail = 0;
1117
1118	size = MWL8K_RX_DESCS * priv->rxd_ops->rxd_size;
1119
1120	rxq->rxd = pci_alloc_consistent(priv->pdev, size, &rxq->rxd_dma);
1121	if (rxq->rxd == NULL) {
1122		wiphy_err(hw->wiphy, "failed to alloc RX descriptors\n");
1123		return -ENOMEM;
1124	}
1125	memset(rxq->rxd, 0, size);
1126
1127	rxq->buf = kcalloc(MWL8K_RX_DESCS, sizeof(*rxq->buf), GFP_KERNEL);
1128	if (rxq->buf == NULL) {
1129		wiphy_err(hw->wiphy, "failed to alloc RX skbuff list\n");
1130		pci_free_consistent(priv->pdev, size, rxq->rxd, rxq->rxd_dma);
1131		return -ENOMEM;
1132	}
1133
1134	for (i = 0; i < MWL8K_RX_DESCS; i++) {
1135		int desc_size;
1136		void *rxd;
1137		int nexti;
1138		dma_addr_t next_dma_addr;
1139
1140		desc_size = priv->rxd_ops->rxd_size;
1141		rxd = rxq->rxd + (i * priv->rxd_ops->rxd_size);
1142
1143		nexti = i + 1;
1144		if (nexti == MWL8K_RX_DESCS)
1145			nexti = 0;
1146		next_dma_addr = rxq->rxd_dma + (nexti * desc_size);
1147
1148		priv->rxd_ops->rxd_init(rxd, next_dma_addr);
1149	}
1150
1151	return 0;
1152}
1153
1154static int rxq_refill(struct ieee80211_hw *hw, int index, int limit)
1155{
1156	struct mwl8k_priv *priv = hw->priv;
1157	struct mwl8k_rx_queue *rxq = priv->rxq + index;
1158	int refilled;
1159
1160	refilled = 0;
1161	while (rxq->rxd_count < MWL8K_RX_DESCS && limit--) {
1162		struct sk_buff *skb;
1163		dma_addr_t addr;
1164		int rx;
1165		void *rxd;
1166
1167		skb = dev_alloc_skb(MWL8K_RX_MAXSZ);
1168		if (skb == NULL)
1169			break;
1170
1171		addr = pci_map_single(priv->pdev, skb->data,
1172				      MWL8K_RX_MAXSZ, DMA_FROM_DEVICE);
1173
1174		rxq->rxd_count++;
1175		rx = rxq->tail++;
1176		if (rxq->tail == MWL8K_RX_DESCS)
1177			rxq->tail = 0;
1178		rxq->buf[rx].skb = skb;
1179		dma_unmap_addr_set(&rxq->buf[rx], dma, addr);
1180
1181		rxd = rxq->rxd + (rx * priv->rxd_ops->rxd_size);
1182		priv->rxd_ops->rxd_refill(rxd, addr, MWL8K_RX_MAXSZ);
1183
1184		refilled++;
1185	}
1186
1187	return refilled;
1188}
1189
1190/* Must be called only when the card's reception is completely halted */
1191static void mwl8k_rxq_deinit(struct ieee80211_hw *hw, int index)
1192{
1193	struct mwl8k_priv *priv = hw->priv;
1194	struct mwl8k_rx_queue *rxq = priv->rxq + index;
1195	int i;
1196
1197	if (rxq->rxd == NULL)
1198		return;
1199
1200	for (i = 0; i < MWL8K_RX_DESCS; i++) {
1201		if (rxq->buf[i].skb != NULL) {
1202			pci_unmap_single(priv->pdev,
1203					 dma_unmap_addr(&rxq->buf[i], dma),
1204					 MWL8K_RX_MAXSZ, PCI_DMA_FROMDEVICE);
1205			dma_unmap_addr_set(&rxq->buf[i], dma, 0);
1206
1207			kfree_skb(rxq->buf[i].skb);
1208			rxq->buf[i].skb = NULL;
1209		}
1210	}
1211
1212	kfree(rxq->buf);
1213	rxq->buf = NULL;
1214
1215	pci_free_consistent(priv->pdev,
1216			    MWL8K_RX_DESCS * priv->rxd_ops->rxd_size,
1217			    rxq->rxd, rxq->rxd_dma);
1218	rxq->rxd = NULL;
1219}
1220
1221
1222/*
1223 * Scan a list of BSSIDs to process for finalize join.
1224 * Allows for extension to process multiple BSSIDs.
1225 */
1226static inline int
1227mwl8k_capture_bssid(struct mwl8k_priv *priv, struct ieee80211_hdr *wh)
1228{
1229	return priv->capture_beacon &&
1230		ieee80211_is_beacon(wh->frame_control) &&
1231		!compare_ether_addr(wh->addr3, priv->capture_bssid);
1232}
1233
1234static inline void mwl8k_save_beacon(struct ieee80211_hw *hw,
1235				     struct sk_buff *skb)
1236{
1237	struct mwl8k_priv *priv = hw->priv;
1238
1239	priv->capture_beacon = false;
1240	memset(priv->capture_bssid, 0, ETH_ALEN);
1241
1242	/*
1243	 * Use GFP_ATOMIC as rxq_process is called from
1244	 * the primary interrupt handler, memory allocation call
1245	 * must not sleep.
1246	 */
1247	priv->beacon_skb = skb_copy(skb, GFP_ATOMIC);
1248	if (priv->beacon_skb != NULL)
1249		ieee80211_queue_work(hw, &priv->finalize_join_worker);
1250}
1251
1252static inline struct mwl8k_vif *mwl8k_find_vif_bss(struct list_head *vif_list,
1253						   u8 *bssid)
1254{
1255	struct mwl8k_vif *mwl8k_vif;
1256
1257	list_for_each_entry(mwl8k_vif,
1258			    vif_list, list) {
1259		if (memcmp(bssid, mwl8k_vif->bssid,
1260			   ETH_ALEN) == 0)
1261			return mwl8k_vif;
1262	}
1263
1264	return NULL;
1265}
1266
1267static int rxq_process(struct ieee80211_hw *hw, int index, int limit)
1268{
1269	struct mwl8k_priv *priv = hw->priv;
1270	struct mwl8k_vif *mwl8k_vif = NULL;
1271	struct mwl8k_rx_queue *rxq = priv->rxq + index;
1272	int processed;
1273
1274	processed = 0;
1275	while (rxq->rxd_count && limit--) {
1276		struct sk_buff *skb;
1277		void *rxd;
1278		int pkt_len;
1279		struct ieee80211_rx_status status;
1280		struct ieee80211_hdr *wh;
1281		__le16 qos;
1282
1283		skb = rxq->buf[rxq->head].skb;
1284		if (skb == NULL)
1285			break;
1286
1287		rxd = rxq->rxd + (rxq->head * priv->rxd_ops->rxd_size);
1288
1289		pkt_len = priv->rxd_ops->rxd_process(rxd, &status, &qos,
1290							&priv->noise);
1291		if (pkt_len < 0)
1292			break;
1293
1294		rxq->buf[rxq->head].skb = NULL;
1295
1296		pci_unmap_single(priv->pdev,
1297				 dma_unmap_addr(&rxq->buf[rxq->head], dma),
1298				 MWL8K_RX_MAXSZ, PCI_DMA_FROMDEVICE);
1299		dma_unmap_addr_set(&rxq->buf[rxq->head], dma, 0);
1300
1301		rxq->head++;
1302		if (rxq->head == MWL8K_RX_DESCS)
1303			rxq->head = 0;
1304
1305		rxq->rxd_count--;
1306
1307		wh = &((struct mwl8k_dma_data *)skb->data)->wh;
1308
1309		/*
1310		 * Check for a pending join operation.  Save a
1311		 * copy of the beacon and schedule a tasklet to
1312		 * send a FINALIZE_JOIN command to the firmware.
1313		 */
1314		if (mwl8k_capture_bssid(priv, (void *)skb->data))
1315			mwl8k_save_beacon(hw, skb);
1316
1317		if (ieee80211_has_protected(wh->frame_control)) {
1318
1319			/* Check if hw crypto has been enabled for
1320			 * this bss. If yes, set the status flags
1321			 * accordingly
1322			 */
1323			mwl8k_vif = mwl8k_find_vif_bss(&priv->vif_list,
1324								wh->addr1);
1325
1326			if (mwl8k_vif != NULL &&
1327			    mwl8k_vif->is_hw_crypto_enabled == true) {
1328				/*
1329				 * When MMIC ERROR is encountered
1330				 * by the firmware, payload is
1331				 * dropped and only 32 bytes of
1332				 * mwl8k Firmware header is sent
1333				 * to the host.
1334				 *
1335				 * We need to add four bytes of
1336				 * key information.  In it
1337				 * MAC80211 expects keyidx set to
1338				 * 0 for triggering Counter
1339				 * Measure of MMIC failure.
1340				 */
1341				if (status.flag & RX_FLAG_MMIC_ERROR) {
1342					struct mwl8k_dma_data *tr;
1343					tr = (struct mwl8k_dma_data *)skb->data;
1344					memset((void *)&(tr->data), 0, 4);
1345					pkt_len += 4;
1346				}
1347
1348				if (!ieee80211_is_auth(wh->frame_control))
1349					status.flag |= RX_FLAG_IV_STRIPPED |
1350						       RX_FLAG_DECRYPTED |
1351						       RX_FLAG_MMIC_STRIPPED;
1352			}
1353		}
1354
1355		skb_put(skb, pkt_len);
1356		mwl8k_remove_dma_header(skb, qos);
1357		memcpy(IEEE80211_SKB_RXCB(skb), &status, sizeof(status));
1358		ieee80211_rx_irqsafe(hw, skb);
1359
1360		processed++;
1361	}
1362
1363	return processed;
1364}
1365
1366
1367/*
1368 * Packet transmission.
1369 */
1370
1371#define MWL8K_TXD_STATUS_OK			0x00000001
1372#define MWL8K_TXD_STATUS_OK_RETRY		0x00000002
1373#define MWL8K_TXD_STATUS_OK_MORE_RETRY		0x00000004
1374#define MWL8K_TXD_STATUS_MULTICAST_TX		0x00000008
1375#define MWL8K_TXD_STATUS_FW_OWNED		0x80000000
1376
1377#define MWL8K_QOS_QLEN_UNSPEC			0xff00
1378#define MWL8K_QOS_ACK_POLICY_MASK		0x0060
1379#define MWL8K_QOS_ACK_POLICY_NORMAL		0x0000
1380#define MWL8K_QOS_ACK_POLICY_BLOCKACK		0x0060
1381#define MWL8K_QOS_EOSP				0x0010
1382
1383struct mwl8k_tx_desc {
1384	__le32 status;
1385	__u8 data_rate;
1386	__u8 tx_priority;
1387	__le16 qos_control;
1388	__le32 pkt_phys_addr;
1389	__le16 pkt_len;
1390	__u8 dest_MAC_addr[ETH_ALEN];
1391	__le32 next_txd_phys_addr;
1392	__le32 timestamp;
1393	__le16 rate_info;
1394	__u8 peer_id;
1395	__u8 tx_frag_cnt;
1396} __packed;
1397
1398#define MWL8K_TX_DESCS		128
1399
1400static int mwl8k_txq_init(struct ieee80211_hw *hw, int index)
1401{
1402	struct mwl8k_priv *priv = hw->priv;
1403	struct mwl8k_tx_queue *txq = priv->txq + index;
1404	int size;
1405	int i;
1406
1407	txq->len = 0;
1408	txq->head = 0;
1409	txq->tail = 0;
1410
1411	size = MWL8K_TX_DESCS * sizeof(struct mwl8k_tx_desc);
1412
1413	txq->txd = pci_alloc_consistent(priv->pdev, size, &txq->txd_dma);
1414	if (txq->txd == NULL) {
1415		wiphy_err(hw->wiphy, "failed to alloc TX descriptors\n");
1416		return -ENOMEM;
1417	}
1418	memset(txq->txd, 0, size);
1419
1420	txq->skb = kcalloc(MWL8K_TX_DESCS, sizeof(*txq->skb), GFP_KERNEL);
1421	if (txq->skb == NULL) {
1422		wiphy_err(hw->wiphy, "failed to alloc TX skbuff list\n");
1423		pci_free_consistent(priv->pdev, size, txq->txd, txq->txd_dma);
1424		return -ENOMEM;
1425	}
1426
1427	for (i = 0; i < MWL8K_TX_DESCS; i++) {
1428		struct mwl8k_tx_desc *tx_desc;
1429		int nexti;
1430
1431		tx_desc = txq->txd + i;
1432		nexti = (i + 1) % MWL8K_TX_DESCS;
1433
1434		tx_desc->status = 0;
1435		tx_desc->next_txd_phys_addr =
1436			cpu_to_le32(txq->txd_dma + nexti * sizeof(*tx_desc));
1437	}
1438
1439	return 0;
1440}
1441
1442static inline void mwl8k_tx_start(struct mwl8k_priv *priv)
1443{
1444	iowrite32(MWL8K_H2A_INT_PPA_READY,
1445		priv->regs + MWL8K_HIU_H2A_INTERRUPT_EVENTS);
1446	iowrite32(MWL8K_H2A_INT_DUMMY,
1447		priv->regs + MWL8K_HIU_H2A_INTERRUPT_EVENTS);
1448	ioread32(priv->regs + MWL8K_HIU_INT_CODE);
1449}
1450
1451static void mwl8k_dump_tx_rings(struct ieee80211_hw *hw)
1452{
1453	struct mwl8k_priv *priv = hw->priv;
1454	int i;
1455
1456	for (i = 0; i < mwl8k_tx_queues(priv); i++) {
1457		struct mwl8k_tx_queue *txq = priv->txq + i;
1458		int fw_owned = 0;
1459		int drv_owned = 0;
1460		int unused = 0;
1461		int desc;
1462
1463		for (desc = 0; desc < MWL8K_TX_DESCS; desc++) {
1464			struct mwl8k_tx_desc *tx_desc = txq->txd + desc;
1465			u32 status;
1466
1467			status = le32_to_cpu(tx_desc->status);
1468			if (status & MWL8K_TXD_STATUS_FW_OWNED)
1469				fw_owned++;
1470			else
1471				drv_owned++;
1472
1473			if (tx_desc->pkt_len == 0)
1474				unused++;
1475		}
1476
1477		wiphy_err(hw->wiphy,
1478			  "txq[%d] len=%d head=%d tail=%d "
1479			  "fw_owned=%d drv_owned=%d unused=%d\n",
1480			  i,
1481			  txq->len, txq->head, txq->tail,
1482			  fw_owned, drv_owned, unused);
1483	}
1484}
1485
1486/*
1487 * Must be called with priv->fw_mutex held and tx queues stopped.
1488 */
1489#define MWL8K_TX_WAIT_TIMEOUT_MS	5000
1490
1491static int mwl8k_tx_wait_empty(struct ieee80211_hw *hw)
1492{
1493	struct mwl8k_priv *priv = hw->priv;
1494	DECLARE_COMPLETION_ONSTACK(tx_wait);
1495	int retry;
1496	int rc;
1497
1498	might_sleep();
1499
1500	/*
1501	 * The TX queues are stopped at this point, so this test
1502	 * doesn't need to take ->tx_lock.
1503	 */
1504	if (!priv->pending_tx_pkts)
1505		return 0;
1506
1507	retry = 0;
1508	rc = 0;
1509
1510	spin_lock_bh(&priv->tx_lock);
1511	priv->tx_wait = &tx_wait;
1512	while (!rc) {
1513		int oldcount;
1514		unsigned long timeout;
1515
1516		oldcount = priv->pending_tx_pkts;
1517
1518		spin_unlock_bh(&priv->tx_lock);
1519		timeout = wait_for_completion_timeout(&tx_wait,
1520			    msecs_to_jiffies(MWL8K_TX_WAIT_TIMEOUT_MS));
1521		spin_lock_bh(&priv->tx_lock);
1522
1523		if (timeout) {
1524			WARN_ON(priv->pending_tx_pkts);
1525			if (retry)
1526				wiphy_notice(hw->wiphy, "tx rings drained\n");
1527			break;
1528		}
1529
1530		if (priv->pending_tx_pkts < oldcount) {
1531			wiphy_notice(hw->wiphy,
1532				     "waiting for tx rings to drain (%d -> %d pkts)\n",
1533				     oldcount, priv->pending_tx_pkts);
1534			retry = 1;
1535			continue;
1536		}
1537
1538		priv->tx_wait = NULL;
1539
1540		wiphy_err(hw->wiphy, "tx rings stuck for %d ms\n",
1541			  MWL8K_TX_WAIT_TIMEOUT_MS);
1542		mwl8k_dump_tx_rings(hw);
1543
1544		rc = -ETIMEDOUT;
1545	}
1546	spin_unlock_bh(&priv->tx_lock);
1547
1548	return rc;
1549}
1550
1551#define MWL8K_TXD_SUCCESS(status)				\
1552	((status) & (MWL8K_TXD_STATUS_OK |			\
1553		     MWL8K_TXD_STATUS_OK_RETRY |		\
1554		     MWL8K_TXD_STATUS_OK_MORE_RETRY))
1555
1556static int mwl8k_tid_queue_mapping(u8 tid)
1557{
1558	BUG_ON(tid > 7);
1559
1560	switch (tid) {
1561	case 0:
1562	case 3:
1563		return IEEE80211_AC_BE;
1564		break;
1565	case 1:
1566	case 2:
1567		return IEEE80211_AC_BK;
1568		break;
1569	case 4:
1570	case 5:
1571		return IEEE80211_AC_VI;
1572		break;
1573	case 6:
1574	case 7:
1575		return IEEE80211_AC_VO;
1576		break;
1577	default:
1578		return -1;
1579		break;
1580	}
1581}
1582
1583/* The firmware will fill in the rate information
1584 * for each packet that gets queued in the hardware
1585 * and these macros will interpret that info.
1586 */
1587
1588#define RI_FORMAT(a)		  (a & 0x0001)
1589#define RI_RATE_ID_MCS(a)	 ((a & 0x01f8) >> 3)
1590
1591static int
1592mwl8k_txq_reclaim(struct ieee80211_hw *hw, int index, int limit, int force)
1593{
1594	struct mwl8k_priv *priv = hw->priv;
1595	struct mwl8k_tx_queue *txq = priv->txq + index;
1596	int processed;
1597
1598	processed = 0;
1599	while (txq->len > 0 && limit--) {
1600		int tx;
1601		struct mwl8k_tx_desc *tx_desc;
1602		unsigned long addr;
1603		int size;
1604		struct sk_buff *skb;
1605		struct ieee80211_tx_info *info;
1606		u32 status;
1607		struct ieee80211_sta *sta;
1608		struct mwl8k_sta *sta_info = NULL;
1609		u16 rate_info;
1610		struct ieee80211_hdr *wh;
1611
1612		tx = txq->head;
1613		tx_desc = txq->txd + tx;
1614
1615		status = le32_to_cpu(tx_desc->status);
1616
1617		if (status & MWL8K_TXD_STATUS_FW_OWNED) {
1618			if (!force)
1619				break;
1620			tx_desc->status &=
1621				~cpu_to_le32(MWL8K_TXD_STATUS_FW_OWNED);
1622		}
1623
1624		txq->head = (tx + 1) % MWL8K_TX_DESCS;
1625		BUG_ON(txq->len == 0);
1626		txq->len--;
1627		priv->pending_tx_pkts--;
1628
1629		addr = le32_to_cpu(tx_desc->pkt_phys_addr);
1630		size = le16_to_cpu(tx_desc->pkt_len);
1631		skb = txq->skb[tx];
1632		txq->skb[tx] = NULL;
1633
1634		BUG_ON(skb == NULL);
1635		pci_unmap_single(priv->pdev, addr, size, PCI_DMA_TODEVICE);
1636
1637		mwl8k_remove_dma_header(skb, tx_desc->qos_control);
1638
1639		wh = (struct ieee80211_hdr *) skb->data;
1640
1641		/* Mark descriptor as unused */
1642		tx_desc->pkt_phys_addr = 0;
1643		tx_desc->pkt_len = 0;
1644
1645		info = IEEE80211_SKB_CB(skb);
1646		if (ieee80211_is_data(wh->frame_control)) {
1647			sta = info->control.sta;
1648			if (sta) {
1649				sta_info = MWL8K_STA(sta);
1650				BUG_ON(sta_info == NULL);
1651				rate_info = le16_to_cpu(tx_desc->rate_info);
1652				/* If rate is < 6.5 Mpbs for an ht station
1653				 * do not form an ampdu. If the station is a
1654				 * legacy station (format = 0), do not form an
1655				 * ampdu
1656				 */
1657				if (RI_RATE_ID_MCS(rate_info) < 1 ||
1658				    RI_FORMAT(rate_info) == 0) {
1659					sta_info->is_ampdu_allowed = false;
1660				} else {
1661					sta_info->is_ampdu_allowed = true;
1662				}
1663			}
1664		}
1665
1666		ieee80211_tx_info_clear_status(info);
1667
1668		/* Rate control is happening in the firmware.
1669		 * Ensure no tx rate is being reported.
1670		 */
1671		info->status.rates[0].idx = -1;
1672		info->status.rates[0].count = 1;
1673
1674		if (MWL8K_TXD_SUCCESS(status))
1675			info->flags |= IEEE80211_TX_STAT_ACK;
1676
1677		ieee80211_tx_status_irqsafe(hw, skb);
1678
1679		processed++;
1680	}
1681
1682	return processed;
1683}
1684
1685/* must be called only when the card's transmit is completely halted */
1686static void mwl8k_txq_deinit(struct ieee80211_hw *hw, int index)
1687{
1688	struct mwl8k_priv *priv = hw->priv;
1689	struct mwl8k_tx_queue *txq = priv->txq + index;
1690
1691	if (txq->txd == NULL)
1692		return;
1693
1694	mwl8k_txq_reclaim(hw, index, INT_MAX, 1);
1695
1696	kfree(txq->skb);
1697	txq->skb = NULL;
1698
1699	pci_free_consistent(priv->pdev,
1700			    MWL8K_TX_DESCS * sizeof(struct mwl8k_tx_desc),
1701			    txq->txd, txq->txd_dma);
1702	txq->txd = NULL;
1703}
1704
1705/* caller must hold priv->stream_lock when calling the stream functions */
1706static struct mwl8k_ampdu_stream *
1707mwl8k_add_stream(struct ieee80211_hw *hw, struct ieee80211_sta *sta, u8 tid)
1708{
1709	struct mwl8k_ampdu_stream *stream;
1710	struct mwl8k_priv *priv = hw->priv;
1711	int i;
1712
1713	for (i = 0; i < priv->num_ampdu_queues; i++) {
1714		stream = &priv->ampdu[i];
1715		if (stream->state == AMPDU_NO_STREAM) {
1716			stream->sta = sta;
1717			stream->state = AMPDU_STREAM_NEW;
1718			stream->tid = tid;
1719			stream->idx = i;
1720			stream->txq_idx = MWL8K_TX_WMM_QUEUES + i;
1721			wiphy_debug(hw->wiphy, "Added a new stream for %pM %d",
1722				    sta->addr, tid);
1723			return stream;
1724		}
1725	}
1726	return NULL;
1727}
1728
1729static int
1730mwl8k_start_stream(struct ieee80211_hw *hw, struct mwl8k_ampdu_stream *stream)
1731{
1732	int ret;
1733
1734	/* if the stream has already been started, don't start it again */
1735	if (stream->state != AMPDU_STREAM_NEW)
1736		return 0;
1737	ret = ieee80211_start_tx_ba_session(stream->sta, stream->tid, 0);
1738	if (ret)
1739		wiphy_debug(hw->wiphy, "Failed to start stream for %pM %d: "
1740			    "%d\n", stream->sta->addr, stream->tid, ret);
1741	else
1742		wiphy_debug(hw->wiphy, "Started stream for %pM %d\n",
1743			    stream->sta->addr, stream->tid);
1744	return ret;
1745}
1746
1747static void
1748mwl8k_remove_stream(struct ieee80211_hw *hw, struct mwl8k_ampdu_stream *stream)
1749{
1750	wiphy_debug(hw->wiphy, "Remove stream for %pM %d\n", stream->sta->addr,
1751		    stream->tid);
1752	memset(stream, 0, sizeof(*stream));
1753}
1754
1755static struct mwl8k_ampdu_stream *
1756mwl8k_lookup_stream(struct ieee80211_hw *hw, u8 *addr, u8 tid)
1757{
1758	struct mwl8k_priv *priv = hw->priv;
1759	int i;
1760
1761	for (i = 0 ; i < priv->num_ampdu_queues; i++) {
1762		struct mwl8k_ampdu_stream *stream;
1763		stream = &priv->ampdu[i];
1764		if (stream->state == AMPDU_NO_STREAM)
1765			continue;
1766		if (!memcmp(stream->sta->addr, addr, ETH_ALEN) &&
1767		    stream->tid == tid)
1768			return stream;
1769	}
1770	return NULL;
1771}
1772
1773#define MWL8K_AMPDU_PACKET_THRESHOLD 64
1774static inline bool mwl8k_ampdu_allowed(struct ieee80211_sta *sta, u8 tid)
1775{
1776	struct mwl8k_sta *sta_info = MWL8K_STA(sta);
1777	struct tx_traffic_info *tx_stats;
1778
1779	BUG_ON(tid >= MWL8K_MAX_TID);
1780	tx_stats = &sta_info->tx_stats[tid];
1781
1782	return sta_info->is_ampdu_allowed &&
1783		tx_stats->pkts > MWL8K_AMPDU_PACKET_THRESHOLD;
1784}
1785
1786static inline void mwl8k_tx_count_packet(struct ieee80211_sta *sta, u8 tid)
1787{
1788	struct mwl8k_sta *sta_info = MWL8K_STA(sta);
1789	struct tx_traffic_info *tx_stats;
1790
1791	BUG_ON(tid >= MWL8K_MAX_TID);
1792	tx_stats = &sta_info->tx_stats[tid];
1793
1794	if (tx_stats->start_time == 0)
1795		tx_stats->start_time = jiffies;
1796
1797	/* reset the packet count after each second elapses.  If the number of
1798	 * packets ever exceeds the ampdu_min_traffic threshold, we will allow
1799	 * an ampdu stream to be started.
1800	 */
1801	if (jiffies - tx_stats->start_time > HZ) {
1802		tx_stats->pkts = 0;
1803		tx_stats->start_time = 0;
1804	} else
1805		tx_stats->pkts++;
1806}
1807
1808static void
1809mwl8k_txq_xmit(struct ieee80211_hw *hw, int index, struct sk_buff *skb)
1810{
1811	struct mwl8k_priv *priv = hw->priv;
1812	struct ieee80211_tx_info *tx_info;
1813	struct mwl8k_vif *mwl8k_vif;
1814	struct ieee80211_sta *sta;
1815	struct ieee80211_hdr *wh;
1816	struct mwl8k_tx_queue *txq;
1817	struct mwl8k_tx_desc *tx;
1818	dma_addr_t dma;
1819	u32 txstatus;
1820	u8 txdatarate;
1821	u16 qos;
1822	int txpriority;
1823	u8 tid = 0;
1824	struct mwl8k_ampdu_stream *stream = NULL;
1825	bool start_ba_session = false;
1826	bool mgmtframe = false;
1827	struct ieee80211_mgmt *mgmt = (struct ieee80211_mgmt *)skb->data;
1828
1829	wh = (struct ieee80211_hdr *)skb->data;
1830	if (ieee80211_is_data_qos(wh->frame_control))
1831		qos = le16_to_cpu(*((__le16 *)ieee80211_get_qos_ctl(wh)));
1832	else
1833		qos = 0;
1834
1835	if (ieee80211_is_mgmt(wh->frame_control))
1836		mgmtframe = true;
1837
1838	if (priv->ap_fw)
1839		mwl8k_encapsulate_tx_frame(priv, skb);
1840	else
1841		mwl8k_add_dma_header(priv, skb, 0, 0);
1842
1843	wh = &((struct mwl8k_dma_data *)skb->data)->wh;
1844
1845	tx_info = IEEE80211_SKB_CB(skb);
1846	sta = tx_info->control.sta;
1847	mwl8k_vif = MWL8K_VIF(tx_info->control.vif);
1848
1849	if (tx_info->flags & IEEE80211_TX_CTL_ASSIGN_SEQ) {
1850		wh->seq_ctrl &= cpu_to_le16(IEEE80211_SCTL_FRAG);
1851		wh->seq_ctrl |= cpu_to_le16(mwl8k_vif->seqno);
1852		mwl8k_vif->seqno += 0x10;
1853	}
1854
1855	/* Setup firmware control bit fields for each frame type.  */
1856	txstatus = 0;
1857	txdatarate = 0;
1858	if (ieee80211_is_mgmt(wh->frame_control) ||
1859	    ieee80211_is_ctl(wh->frame_control)) {
1860		txdatarate = 0;
1861		qos |= MWL8K_QOS_QLEN_UNSPEC | MWL8K_QOS_EOSP;
1862	} else if (ieee80211_is_data(wh->frame_control)) {
1863		txdatarate = 1;
1864		if (is_multicast_ether_addr(wh->addr1))
1865			txstatus |= MWL8K_TXD_STATUS_MULTICAST_TX;
1866
1867		qos &= ~MWL8K_QOS_ACK_POLICY_MASK;
1868		if (tx_info->flags & IEEE80211_TX_CTL_AMPDU)
1869			qos |= MWL8K_QOS_ACK_POLICY_BLOCKACK;
1870		else
1871			qos |= MWL8K_QOS_ACK_POLICY_NORMAL;
1872	}
1873
1874	/* Queue ADDBA request in the respective data queue.  While setting up
1875	 * the ampdu stream, mac80211 queues further packets for that
1876	 * particular ra/tid pair.  However, packets piled up in the hardware
1877	 * for that ra/tid pair will still go out. ADDBA request and the
1878	 * related data packets going out from different queues asynchronously
1879	 * will cause a shift in the receiver window which might result in
1880	 * ampdu packets getting dropped at the receiver after the stream has
1881	 * been setup.
1882	 */
1883	if (unlikely(ieee80211_is_action(wh->frame_control) &&
1884	    mgmt->u.action.category == WLAN_CATEGORY_BACK &&
1885	    mgmt->u.action.u.addba_req.action_code == WLAN_ACTION_ADDBA_REQ &&
1886	    priv->ap_fw)) {
1887		u16 capab = le16_to_cpu(mgmt->u.action.u.addba_req.capab);
1888		tid = (capab & IEEE80211_ADDBA_PARAM_TID_MASK) >> 2;
1889		index = mwl8k_tid_queue_mapping(tid);
1890	}
1891
1892	txpriority = index;
1893
1894	if (ieee80211_is_data_qos(wh->frame_control) &&
1895	    skb->protocol != cpu_to_be16(ETH_P_PAE) &&
1896	    sta->ht_cap.ht_supported && priv->ap_fw) {
1897		tid = qos & 0xf;
1898		mwl8k_tx_count_packet(sta, tid);
1899		spin_lock(&priv->stream_lock);
1900		stream = mwl8k_lookup_stream(hw, sta->addr, tid);
1901		if (stream != NULL) {
1902			if (stream->state == AMPDU_STREAM_ACTIVE) {
1903				txpriority = stream->txq_idx;
1904				index = stream->txq_idx;
1905			} else if (stream->state == AMPDU_STREAM_NEW) {
1906				/* We get here if the driver sends us packets
1907				 * after we've initiated a stream, but before
1908				 * our ampdu_action routine has been called
1909				 * with IEEE80211_AMPDU_TX_START to get the SSN
1910				 * for the ADDBA request.  So this packet can
1911				 * go out with no risk of sequence number
1912				 * mismatch.  No special handling is required.
1913				 */
1914			} else {
1915				/* Drop packets that would go out after the
1916				 * ADDBA request was sent but before the ADDBA
1917				 * response is received.  If we don't do this,
1918				 * the recipient would probably receive it
1919				 * after the ADDBA request with SSN 0.  This
1920				 * will cause the recipient's BA receive window
1921				 * to shift, which would cause the subsequent
1922				 * packets in the BA stream to be discarded.
1923				 * mac80211 queues our packets for us in this
1924				 * case, so this is really just a safety check.
1925				 */
1926				wiphy_warn(hw->wiphy,
1927					   "Cannot send packet while ADDBA "
1928					   "dialog is underway.\n");
1929				spin_unlock(&priv->stream_lock);
1930				dev_kfree_skb(skb);
1931				return;
1932			}
1933		} else {
1934			/* Defer calling mwl8k_start_stream so that the current
1935			 * skb can go out before the ADDBA request.  This
1936			 * prevents sequence number mismatch at the recepient
1937			 * as described above.
1938			 */
1939			if (mwl8k_ampdu_allowed(sta, tid)) {
1940				stream = mwl8k_add_stream(hw, sta, tid);
1941				if (stream != NULL)
1942					start_ba_session = true;
1943			}
1944		}
1945		spin_unlock(&priv->stream_lock);
1946	}
1947
1948	dma = pci_map_single(priv->pdev, skb->data,
1949				skb->len, PCI_DMA_TODEVICE);
1950
1951	if (pci_dma_mapping_error(priv->pdev, dma)) {
1952		wiphy_debug(hw->wiphy,
1953			    "failed to dma map skb, dropping TX frame.\n");
1954		if (start_ba_session) {
1955			spin_lock(&priv->stream_lock);
1956			mwl8k_remove_stream(hw, stream);
1957			spin_unlock(&priv->stream_lock);
1958		}
1959		dev_kfree_skb(skb);
1960		return;
1961	}
1962
1963	spin_lock_bh(&priv->tx_lock);
1964
1965	txq = priv->txq + index;
1966
1967	/* Mgmt frames that go out frequently are probe
1968	 * responses. Other mgmt frames got out relatively
1969	 * infrequently. Hence reserve 2 buffers so that
1970	 * other mgmt frames do not get dropped due to an
1971	 * already queued probe response in one of the
1972	 * reserved buffers.
1973	 */
1974
1975	if (txq->len >= MWL8K_TX_DESCS - 2) {
1976		if (mgmtframe == false ||
1977			txq->len == MWL8K_TX_DESCS) {
1978			if (start_ba_session) {
1979				spin_lock(&priv->stream_lock);
1980				mwl8k_remove_stream(hw, stream);
1981				spin_unlock(&priv->stream_lock);
1982			}
1983			spin_unlock_bh(&priv->tx_lock);
1984			dev_kfree_skb(skb);
1985			return;
1986		}
1987	}
1988
1989	BUG_ON(txq->skb[txq->tail] != NULL);
1990	txq->skb[txq->tail] = skb;
1991
1992	tx = txq->txd + txq->tail;
1993	tx->data_rate = txdatarate;
1994	tx->tx_priority = txpriority;
1995	tx->qos_control = cpu_to_le16(qos);
1996	tx->pkt_phys_addr = cpu_to_le32(dma);
1997	tx->pkt_len = cpu_to_le16(skb->len);
1998	tx->rate_info = 0;
1999	if (!priv->ap_fw && tx_info->control.sta != NULL)
2000		tx->peer_id = MWL8K_STA(tx_info->control.sta)->peer_id;
2001	else
2002		tx->peer_id = 0;
2003
2004	if (priv->ap_fw)
2005		tx->timestamp = cpu_to_le32(ioread32(priv->regs +
2006						MWL8K_HW_TIMER_REGISTER));
2007
2008	wmb();
2009	tx->status = cpu_to_le32(MWL8K_TXD_STATUS_FW_OWNED | txstatus);
2010
2011	txq->len++;
2012	priv->pending_tx_pkts++;
2013
2014	txq->tail++;
2015	if (txq->tail == MWL8K_TX_DESCS)
2016		txq->tail = 0;
2017
2018	mwl8k_tx_start(priv);
2019
2020	spin_unlock_bh(&priv->tx_lock);
2021
2022	/* Initiate the ampdu session here */
2023	if (start_ba_session) {
2024		spin_lock(&priv->stream_lock);
2025		if (mwl8k_start_stream(hw, stream))
2026			mwl8k_remove_stream(hw, stream);
2027		spin_unlock(&priv->stream_lock);
2028	}
2029}
2030
2031
2032/*
2033 * Firmware access.
2034 *
2035 * We have the following requirements for issuing firmware commands:
2036 * - Some commands require that the packet transmit path is idle when
2037 *   the command is issued.  (For simplicity, we'll just quiesce the
2038 *   transmit path for every command.)
2039 * - There are certain sequences of commands that need to be issued to
2040 *   the hardware sequentially, with no other intervening commands.
2041 *
2042 * This leads to an implementation of a "firmware lock" as a mutex that
2043 * can be taken recursively, and which is taken by both the low-level
2044 * command submission function (mwl8k_post_cmd) as well as any users of
2045 * that function that require issuing of an atomic sequence of commands,
2046 * and quiesces the transmit path whenever it's taken.
2047 */
2048static int mwl8k_fw_lock(struct ieee80211_hw *hw)
2049{
2050	struct mwl8k_priv *priv = hw->priv;
2051
2052	if (priv->fw_mutex_owner != current) {
2053		int rc;
2054
2055		mutex_lock(&priv->fw_mutex);
2056		ieee80211_stop_queues(hw);
2057
2058		rc = mwl8k_tx_wait_empty(hw);
2059		if (rc) {
2060			ieee80211_wake_queues(hw);
2061			mutex_unlock(&priv->fw_mutex);
2062
2063			return rc;
2064		}
2065
2066		priv->fw_mutex_owner = current;
2067	}
2068
2069	priv->fw_mutex_depth++;
2070
2071	return 0;
2072}
2073
2074static void mwl8k_fw_unlock(struct ieee80211_hw *hw)
2075{
2076	struct mwl8k_priv *priv = hw->priv;
2077
2078	if (!--priv->fw_mutex_depth) {
2079		ieee80211_wake_queues(hw);
2080		priv->fw_mutex_owner = NULL;
2081		mutex_unlock(&priv->fw_mutex);
2082	}
2083}
2084
2085
2086/*
2087 * Command processing.
2088 */
2089
2090/* Timeout firmware commands after 10s */
2091#define MWL8K_CMD_TIMEOUT_MS	10000
2092
2093static int mwl8k_post_cmd(struct ieee80211_hw *hw, struct mwl8k_cmd_pkt *cmd)
2094{
2095	DECLARE_COMPLETION_ONSTACK(cmd_wait);
2096	struct mwl8k_priv *priv = hw->priv;
2097	void __iomem *regs = priv->regs;
2098	dma_addr_t dma_addr;
2099	unsigned int dma_size;
2100	int rc;
2101	unsigned long timeout = 0;
2102	u8 buf[32];
2103
2104	cmd->result = (__force __le16) 0xffff;
2105	dma_size = le16_to_cpu(cmd->length);
2106	dma_addr = pci_map_single(priv->pdev, cmd, dma_size,
2107				  PCI_DMA_BIDIRECTIONAL);
2108	if (pci_dma_mapping_error(priv->pdev, dma_addr))
2109		return -ENOMEM;
2110
2111	rc = mwl8k_fw_lock(hw);
2112	if (rc) {
2113		pci_unmap_single(priv->pdev, dma_addr, dma_size,
2114						PCI_DMA_BIDIRECTIONAL);
2115		return rc;
2116	}
2117
2118	priv->hostcmd_wait = &cmd_wait;
2119	iowrite32(dma_addr, regs + MWL8K_HIU_GEN_PTR);
2120	iowrite32(MWL8K_H2A_INT_DOORBELL,
2121		regs + MWL8K_HIU_H2A_INTERRUPT_EVENTS);
2122	iowrite32(MWL8K_H2A_INT_DUMMY,
2123		regs + MWL8K_HIU_H2A_INTERRUPT_EVENTS);
2124
2125	timeout = wait_for_completion_timeout(&cmd_wait,
2126				msecs_to_jiffies(MWL8K_CMD_TIMEOUT_MS));
2127
2128	priv->hostcmd_wait = NULL;
2129
2130	mwl8k_fw_unlock(hw);
2131
2132	pci_unmap_single(priv->pdev, dma_addr, dma_size,
2133					PCI_DMA_BIDIRECTIONAL);
2134
2135	if (!timeout) {
2136		wiphy_err(hw->wiphy, "Command %s timeout after %u ms\n",
2137			  mwl8k_cmd_name(cmd->code, buf, sizeof(buf)),
2138			  MWL8K_CMD_TIMEOUT_MS);
2139		rc = -ETIMEDOUT;
2140	} else {
2141		int ms;
2142
2143		ms = MWL8K_CMD_TIMEOUT_MS - jiffies_to_msecs(timeout);
2144
2145		rc = cmd->result ? -EINVAL : 0;
2146		if (rc)
2147			wiphy_err(hw->wiphy, "Command %s error 0x%x\n",
2148				  mwl8k_cmd_name(cmd->code, buf, sizeof(buf)),
2149				  le16_to_cpu(cmd->result));
2150		else if (ms > 2000)
2151			wiphy_notice(hw->wiphy, "Command %s took %d ms\n",
2152				     mwl8k_cmd_name(cmd->code,
2153						    buf, sizeof(buf)),
2154				     ms);
2155	}
2156
2157	return rc;
2158}
2159
2160static int mwl8k_post_pervif_cmd(struct ieee80211_hw *hw,
2161				 struct ieee80211_vif *vif,
2162				 struct mwl8k_cmd_pkt *cmd)
2163{
2164	if (vif != NULL)
2165		cmd->macid = MWL8K_VIF(vif)->macid;
2166	return mwl8k_post_cmd(hw, cmd);
2167}
2168
2169/*
2170 * Setup code shared between STA and AP firmware images.
2171 */
2172static void mwl8k_setup_2ghz_band(struct ieee80211_hw *hw)
2173{
2174	struct mwl8k_priv *priv = hw->priv;
2175
2176	BUILD_BUG_ON(sizeof(priv->channels_24) != sizeof(mwl8k_channels_24));
2177	memcpy(priv->channels_24, mwl8k_channels_24, sizeof(mwl8k_channels_24));
2178
2179	BUILD_BUG_ON(sizeof(priv->rates_24) != sizeof(mwl8k_rates_24));
2180	memcpy(priv->rates_24, mwl8k_rates_24, sizeof(mwl8k_rates_24));
2181
2182	priv->band_24.band = IEEE80211_BAND_2GHZ;
2183	priv->band_24.channels = priv->channels_24;
2184	priv->band_24.n_channels = ARRAY_SIZE(mwl8k_channels_24);
2185	priv->band_24.bitrates = priv->rates_24;
2186	priv->band_24.n_bitrates = ARRAY_SIZE(mwl8k_rates_24);
2187
2188	hw->wiphy->bands[IEEE80211_BAND_2GHZ] = &priv->band_24;
2189}
2190
2191static void mwl8k_setup_5ghz_band(struct ieee80211_hw *hw)
2192{
2193	struct mwl8k_priv *priv = hw->priv;
2194
2195	BUILD_BUG_ON(sizeof(priv->channels_50) != sizeof(mwl8k_channels_50));
2196	memcpy(priv->channels_50, mwl8k_channels_50, sizeof(mwl8k_channels_50));
2197
2198	BUILD_BUG_ON(sizeof(priv->rates_50) != sizeof(mwl8k_rates_50));
2199	memcpy(priv->rates_50, mwl8k_rates_50, sizeof(mwl8k_rates_50));
2200
2201	priv->band_50.band = IEEE80211_BAND_5GHZ;
2202	priv->band_50.channels = priv->channels_50;
2203	priv->band_50.n_channels = ARRAY_SIZE(mwl8k_channels_50);
2204	priv->band_50.bitrates = priv->rates_50;
2205	priv->band_50.n_bitrates = ARRAY_SIZE(mwl8k_rates_50);
2206
2207	hw->wiphy->bands[IEEE80211_BAND_5GHZ] = &priv->band_50;
2208}
2209
2210/*
2211 * CMD_GET_HW_SPEC (STA version).
2212 */
2213struct mwl8k_cmd_get_hw_spec_sta {
2214	struct mwl8k_cmd_pkt header;
2215	__u8 hw_rev;
2216	__u8 host_interface;
2217	__le16 num_mcaddrs;
2218	__u8 perm_addr[ETH_ALEN];
2219	__le16 region_code;
2220	__le32 fw_rev;
2221	__le32 ps_cookie;
2222	__le32 caps;
2223	__u8 mcs_bitmap[16];
2224	__le32 rx_queue_ptr;
2225	__le32 num_tx_queues;
2226	__le32 tx_queue_ptrs[MWL8K_TX_WMM_QUEUES];
2227	__le32 caps2;
2228	__le32 num_tx_desc_per_queue;
2229	__le32 total_rxd;
2230} __packed;
2231
2232#define MWL8K_CAP_MAX_AMSDU		0x20000000
2233#define MWL8K_CAP_GREENFIELD		0x08000000
2234#define MWL8K_CAP_AMPDU			0x04000000
2235#define MWL8K_CAP_RX_STBC		0x01000000
2236#define MWL8K_CAP_TX_STBC		0x00800000
2237#define MWL8K_CAP_SHORTGI_40MHZ		0x00400000
2238#define MWL8K_CAP_SHORTGI_20MHZ		0x00200000
2239#define MWL8K_CAP_RX_ANTENNA_MASK	0x000e0000
2240#define MWL8K_CAP_TX_ANTENNA_MASK	0x0001c000
2241#define MWL8K_CAP_DELAY_BA		0x00003000
2242#define MWL8K_CAP_MIMO			0x00000200
2243#define MWL8K_CAP_40MHZ			0x00000100
2244#define MWL8K_CAP_BAND_MASK		0x00000007
2245#define MWL8K_CAP_5GHZ			0x00000004
2246#define MWL8K_CAP_2GHZ4			0x00000001
2247
2248static void
2249mwl8k_set_ht_caps(struct ieee80211_hw *hw,
2250		  struct ieee80211_supported_band *band, u32 cap)
2251{
2252	int rx_streams;
2253	int tx_streams;
2254
2255	band->ht_cap.ht_supported = 1;
2256
2257	if (cap & MWL8K_CAP_MAX_AMSDU)
2258		band->ht_cap.cap |= IEEE80211_HT_CAP_MAX_AMSDU;
2259	if (cap & MWL8K_CAP_GREENFIELD)
2260		band->ht_cap.cap |= IEEE80211_HT_CAP_GRN_FLD;
2261	if (cap & MWL8K_CAP_AMPDU) {
2262		hw->flags |= IEEE80211_HW_AMPDU_AGGREGATION;
2263		band->ht_cap.ampdu_factor = IEEE80211_HT_MAX_AMPDU_64K;
2264		band->ht_cap.ampdu_density = IEEE80211_HT_MPDU_DENSITY_NONE;
2265	}
2266	if (cap & MWL8K_CAP_RX_STBC)
2267		band->ht_cap.cap |= IEEE80211_HT_CAP_RX_STBC;
2268	if (cap & MWL8K_CAP_TX_STBC)
2269		band->ht_cap.cap |= IEEE80211_HT_CAP_TX_STBC;
2270	if (cap & MWL8K_CAP_SHORTGI_40MHZ)
2271		band->ht_cap.cap |= IEEE80211_HT_CAP_SGI_40;
2272	if (cap & MWL8K_CAP_SHORTGI_20MHZ)
2273		band->ht_cap.cap |= IEEE80211_HT_CAP_SGI_20;
2274	if (cap & MWL8K_CAP_DELAY_BA)
2275		band->ht_cap.cap |= IEEE80211_HT_CAP_DELAY_BA;
2276	if (cap & MWL8K_CAP_40MHZ)
2277		band->ht_cap.cap |= IEEE80211_HT_CAP_SUP_WIDTH_20_40;
2278
2279	rx_streams = hweight32(cap & MWL8K_CAP_RX_ANTENNA_MASK);
2280	tx_streams = hweight32(cap & MWL8K_CAP_TX_ANTENNA_MASK);
2281
2282	band->ht_cap.mcs.rx_mask[0] = 0xff;
2283	if (rx_streams >= 2)
2284		band->ht_cap.mcs.rx_mask[1] = 0xff;
2285	if (rx_streams >= 3)
2286		band->ht_cap.mcs.rx_mask[2] = 0xff;
2287	band->ht_cap.mcs.rx_mask[4] = 0x01;
2288	band->ht_cap.mcs.tx_params = IEEE80211_HT_MCS_TX_DEFINED;
2289
2290	if (rx_streams != tx_streams) {
2291		band->ht_cap.mcs.tx_params |= IEEE80211_HT_MCS_TX_RX_DIFF;
2292		band->ht_cap.mcs.tx_params |= (tx_streams - 1) <<
2293				IEEE80211_HT_MCS_TX_MAX_STREAMS_SHIFT;
2294	}
2295}
2296
2297static void
2298mwl8k_set_caps(struct ieee80211_hw *hw, u32 caps)
2299{
2300	struct mwl8k_priv *priv = hw->priv;
2301
2302	if ((caps & MWL8K_CAP_2GHZ4) || !(caps & MWL8K_CAP_BAND_MASK)) {
2303		mwl8k_setup_2ghz_band(hw);
2304		if (caps & MWL8K_CAP_MIMO)
2305			mwl8k_set_ht_caps(hw, &priv->band_24, caps);
2306	}
2307
2308	if (caps & MWL8K_CAP_5GHZ) {
2309		mwl8k_setup_5ghz_band(hw);
2310		if (caps & MWL8K_CAP_MIMO)
2311			mwl8k_set_ht_caps(hw, &priv->band_50, caps);
2312	}
2313}
2314
2315static int mwl8k_cmd_get_hw_spec_sta(struct ieee80211_hw *hw)
2316{
2317	struct mwl8k_priv *priv = hw->priv;
2318	struct mwl8k_cmd_get_hw_spec_sta *cmd;
2319	int rc;
2320	int i;
2321
2322	cmd = kzalloc(sizeof(*cmd), GFP_KERNEL);
2323	if (cmd == NULL)
2324		return -ENOMEM;
2325
2326	cmd->header.code = cpu_to_le16(MWL8K_CMD_GET_HW_SPEC);
2327	cmd->header.length = cpu_to_le16(sizeof(*cmd));
2328
2329	memset(cmd->perm_addr, 0xff, sizeof(cmd->perm_addr));
2330	cmd->ps_cookie = cpu_to_le32(priv->cookie_dma);
2331	cmd->rx_queue_ptr = cpu_to_le32(priv->rxq[0].rxd_dma);
2332	cmd->num_tx_queues = cpu_to_le32(mwl8k_tx_queues(priv));
2333	for (i = 0; i < mwl8k_tx_queues(priv); i++)
2334		cmd->tx_queue_ptrs[i] = cpu_to_le32(priv->txq[i].txd_dma);
2335	cmd->num_tx_desc_per_queue = cpu_to_le32(MWL8K_TX_DESCS);
2336	cmd->total_rxd = cpu_to_le32(MWL8K_RX_DESCS);
2337
2338	rc = mwl8k_post_cmd(hw, &cmd->header);
2339
2340	if (!rc) {
2341		SET_IEEE80211_PERM_ADDR(hw, cmd->perm_addr);
2342		priv->num_mcaddrs = le16_to_cpu(cmd->num_mcaddrs);
2343		priv->fw_rev = le32_to_cpu(cmd->fw_rev);
2344		priv->hw_rev = cmd->hw_rev;
2345		mwl8k_set_caps(hw, le32_to_cpu(cmd->caps));
2346		priv->ap_macids_supported = 0x00000000;
2347		priv->sta_macids_supported = 0x00000001;
2348	}
2349
2350	kfree(cmd);
2351	return rc;
2352}
2353
2354/*
2355 * CMD_GET_HW_SPEC (AP version).
2356 */
2357struct mwl8k_cmd_get_hw_spec_ap {
2358	struct mwl8k_cmd_pkt header;
2359	__u8 hw_rev;
2360	__u8 host_interface;
2361	__le16 num_wcb;
2362	__le16 num_mcaddrs;
2363	__u8 perm_addr[ETH_ALEN];
2364	__le16 region_code;
2365	__le16 num_antenna;
2366	__le32 fw_rev;
2367	__le32 wcbbase0;
2368	__le32 rxwrptr;
2369	__le32 rxrdptr;
2370	__le32 ps_cookie;
2371	__le32 wcbbase1;
2372	__le32 wcbbase2;
2373	__le32 wcbbase3;
2374	__le32 fw_api_version;
2375	__le32 caps;
2376	__le32 num_of_ampdu_queues;
2377	__le32 wcbbase_ampdu[MWL8K_MAX_AMPDU_QUEUES];
2378} __packed;
2379
2380static int mwl8k_cmd_get_hw_spec_ap(struct ieee80211_hw *hw)
2381{
2382	struct mwl8k_priv *priv = hw->priv;
2383	struct mwl8k_cmd_get_hw_spec_ap *cmd;
2384	int rc, i;
2385	u32 api_version;
2386
2387	cmd = kzalloc(sizeof(*cmd), GFP_KERNEL);
2388	if (cmd == NULL)
2389		return -ENOMEM;
2390
2391	cmd->header.code = cpu_to_le16(MWL8K_CMD_GET_HW_SPEC);
2392	cmd->header.length = cpu_to_le16(sizeof(*cmd));
2393
2394	memset(cmd->perm_addr, 0xff, sizeof(cmd->perm_addr));
2395	cmd->ps_cookie = cpu_to_le32(priv->cookie_dma);
2396
2397	rc = mwl8k_post_cmd(hw, &cmd->header);
2398
2399	if (!rc) {
2400		int off;
2401
2402		api_version = le32_to_cpu(cmd->fw_api_version);
2403		if (priv->device_info->fw_api_ap != api_version) {
2404			printk(KERN_ERR "%s: Unsupported fw API version for %s."
2405			       "  Expected %d got %d.\n", MWL8K_NAME,
2406			       priv->device_info->part_name,
2407			       priv->device_info->fw_api_ap,
2408			       api_version);
2409			rc = -EINVAL;
2410			goto done;
2411		}
2412		SET_IEEE80211_PERM_ADDR(hw, cmd->perm_addr);
2413		priv->num_mcaddrs = le16_to_cpu(cmd->num_mcaddrs);
2414		priv->fw_rev = le32_to_cpu(cmd->fw_rev);
2415		priv->hw_rev = cmd->hw_rev;
2416		mwl8k_set_caps(hw, le32_to_cpu(cmd->caps));
2417		priv->ap_macids_supported = 0x000000ff;
2418		priv->sta_macids_supported = 0x00000000;
2419		priv->num_ampdu_queues = le32_to_cpu(cmd->num_of_ampdu_queues);
2420		if (priv->num_ampdu_queues > MWL8K_MAX_AMPDU_QUEUES) {
2421			wiphy_warn(hw->wiphy, "fw reported %d ampdu queues"
2422				   " but we only support %d.\n",
2423				   priv->num_ampdu_queues,
2424				   MWL8K_MAX_AMPDU_QUEUES);
2425			priv->num_ampdu_queues = MWL8K_MAX_AMPDU_QUEUES;
2426		}
2427		off = le32_to_cpu(cmd->rxwrptr) & 0xffff;
2428		iowrite32(priv->rxq[0].rxd_dma, priv->sram + off);
2429
2430		off = le32_to_cpu(cmd->rxrdptr) & 0xffff;
2431		iowrite32(priv->rxq[0].rxd_dma, priv->sram + off);
2432
2433		priv->txq_offset[0] = le32_to_cpu(cmd->wcbbase0) & 0xffff;
2434		priv->txq_offset[1] = le32_to_cpu(cmd->wcbbase1) & 0xffff;
2435		priv->txq_offset[2] = le32_to_cpu(cmd->wcbbase2) & 0xffff;
2436		priv->txq_offset[3] = le32_to_cpu(cmd->wcbbase3) & 0xffff;
2437
2438		for (i = 0; i < priv->num_ampdu_queues; i++)
2439			priv->txq_offset[i + MWL8K_TX_WMM_QUEUES] =
2440				le32_to_cpu(cmd->wcbbase_ampdu[i]) & 0xffff;
2441	}
2442
2443done:
2444	kfree(cmd);
2445	return rc;
2446}
2447
2448/*
2449 * CMD_SET_HW_SPEC.
2450 */
2451struct mwl8k_cmd_set_hw_spec {
2452	struct mwl8k_cmd_pkt header;
2453	__u8 hw_rev;
2454	__u8 host_interface;
2455	__le16 num_mcaddrs;
2456	__u8 perm_addr[ETH_ALEN];
2457	__le16 region_code;
2458	__le32 fw_rev;
2459	__le32 ps_cookie;
2460	__le32 caps;
2461	__le32 rx_queue_ptr;
2462	__le32 num_tx_queues;
2463	__le32 tx_queue_ptrs[MWL8K_MAX_TX_QUEUES];
2464	__le32 flags;
2465	__le32 num_tx_desc_per_queue;
2466	__le32 total_rxd;
2467} __packed;
2468
2469/* If enabled, MWL8K_SET_HW_SPEC_FLAG_ENABLE_LIFE_TIME_EXPIRY will cause
2470 * packets to expire 500 ms after the timestamp in the tx descriptor.  That is,
2471 * the packets that are queued for more than 500ms, will be dropped in the
2472 * hardware. This helps minimizing the issues caused due to head-of-line
2473 * blocking where a slow client can hog the bandwidth and affect traffic to a
2474 * faster client.
2475 */
2476#define MWL8K_SET_HW_SPEC_FLAG_ENABLE_LIFE_TIME_EXPIRY	0x00000400
2477#define MWL8K_SET_HW_SPEC_FLAG_GENERATE_CCMP_HDR	0x00000200
2478#define MWL8K_SET_HW_SPEC_FLAG_HOST_DECR_MGMT		0x00000080
2479#define MWL8K_SET_HW_SPEC_FLAG_HOSTFORM_PROBERESP	0x00000020
2480#define MWL8K_SET_HW_SPEC_FLAG_HOSTFORM_BEACON		0x00000010
2481
2482static int mwl8k_cmd_set_hw_spec(struct ieee80211_hw *hw)
2483{
2484	struct mwl8k_priv *priv = hw->priv;
2485	struct mwl8k_cmd_set_hw_spec *cmd;
2486	int rc;
2487	int i;
2488
2489	cmd = kzalloc(sizeof(*cmd), GFP_KERNEL);
2490	if (cmd == NULL)
2491		return -ENOMEM;
2492
2493	cmd->header.code = cpu_to_le16(MWL8K_CMD_SET_HW_SPEC);
2494	cmd->header.length = cpu_to_le16(sizeof(*cmd));
2495
2496	cmd->ps_cookie = cpu_to_le32(priv->cookie_dma);
2497	cmd->rx_queue_ptr = cpu_to_le32(priv->rxq[0].rxd_dma);
2498	cmd->num_tx_queues = cpu_to_le32(mwl8k_tx_queues(priv));
2499
2500	/*
2501	 * Mac80211 stack has Q0 as highest priority and Q3 as lowest in
2502	 * that order. Firmware has Q3 as highest priority and Q0 as lowest
2503	 * in that order. Map Q3 of mac80211 to Q0 of firmware so that the
2504	 * priority is interpreted the right way in firmware.
2505	 */
2506	for (i = 0; i < mwl8k_tx_queues(priv); i++) {
2507		int j = mwl8k_tx_queues(priv) - 1 - i;
2508		cmd->tx_queue_ptrs[i] = cpu_to_le32(priv->txq[j].txd_dma);
2509	}
2510
2511	cmd->flags = cpu_to_le32(MWL8K_SET_HW_SPEC_FLAG_HOST_DECR_MGMT |
2512				 MWL8K_SET_HW_SPEC_FLAG_HOSTFORM_PROBERESP |
2513				 MWL8K_SET_HW_SPEC_FLAG_HOSTFORM_BEACON |
2514				 MWL8K_SET_HW_SPEC_FLAG_ENABLE_LIFE_TIME_EXPIRY |
2515				 MWL8K_SET_HW_SPEC_FLAG_GENERATE_CCMP_HDR);
2516	cmd->num_tx_desc_per_queue = cpu_to_le32(MWL8K_TX_DESCS);
2517	cmd->total_rxd = cpu_to_le32(MWL8K_RX_DESCS);
2518
2519	rc = mwl8k_post_cmd(hw, &cmd->header);
2520	kfree(cmd);
2521
2522	return rc;
2523}
2524
2525/*
2526 * CMD_MAC_MULTICAST_ADR.
2527 */
2528struct mwl8k_cmd_mac_multicast_adr {
2529	struct mwl8k_cmd_pkt header;
2530	__le16 action;
2531	__le16 numaddr;
2532	__u8 addr[0][ETH_ALEN];
2533};
2534
2535#define MWL8K_ENABLE_RX_DIRECTED	0x0001
2536#define MWL8K_ENABLE_RX_MULTICAST	0x0002
2537#define MWL8K_ENABLE_RX_ALL_MULTICAST	0x0004
2538#define MWL8K_ENABLE_RX_BROADCAST	0x0008
2539
2540static struct mwl8k_cmd_pkt *
2541__mwl8k_cmd_mac_multicast_adr(struct ieee80211_hw *hw, int allmulti,
2542			      struct netdev_hw_addr_list *mc_list)
2543{
2544	struct mwl8k_priv *priv = hw->priv;
2545	struct mwl8k_cmd_mac_multicast_adr *cmd;
2546	int size;
2547	int mc_count = 0;
2548
2549	if (mc_list)
2550		mc_count = netdev_hw_addr_list_count(mc_list);
2551
2552	if (allmulti || mc_count > priv->num_mcaddrs) {
2553		allmulti = 1;
2554		mc_count = 0;
2555	}
2556
2557	size = sizeof(*cmd) + mc_count * ETH_ALEN;
2558
2559	cmd = kzalloc(size, GFP_ATOMIC);
2560	if (cmd == NULL)
2561		return NULL;
2562
2563	cmd->header.code = cpu_to_le16(MWL8K_CMD_MAC_MULTICAST_ADR);
2564	cmd->header.length = cpu_to_le16(size);
2565	cmd->action = cpu_to_le16(MWL8K_ENABLE_RX_DIRECTED |
2566				  MWL8K_ENABLE_RX_BROADCAST);
2567
2568	if (allmulti) {
2569		cmd->action |= cpu_to_le16(MWL8K_ENABLE_RX_ALL_MULTICAST);
2570	} else if (mc_count) {
2571		struct netdev_hw_addr *ha;
2572		int i = 0;
2573
2574		cmd->action |= cpu_to_le16(MWL8K_ENABLE_RX_MULTICAST);
2575		cmd->numaddr = cpu_to_le16(mc_count);
2576		netdev_hw_addr_list_for_each(ha, mc_list) {
2577			memcpy(cmd->addr[i], ha->addr, ETH_ALEN);
2578		}
2579	}
2580
2581	return &cmd->header;
2582}
2583
2584/*
2585 * CMD_GET_STAT.
2586 */
2587struct mwl8k_cmd_get_stat {
2588	struct mwl8k_cmd_pkt header;
2589	__le32 stats[64];
2590} __packed;
2591
2592#define MWL8K_STAT_ACK_FAILURE	9
2593#define MWL8K_STAT_RTS_FAILURE	12
2594#define MWL8K_STAT_FCS_ERROR	24
2595#define MWL8K_STAT_RTS_SUCCESS	11
2596
2597static int mwl8k_cmd_get_stat(struct ieee80211_hw *hw,
2598			      struct ieee80211_low_level_stats *stats)
2599{
2600	struct mwl8k_cmd_get_stat *cmd;
2601	int rc;
2602
2603	cmd = kzalloc(sizeof(*cmd), GFP_KERNEL);
2604	if (cmd == NULL)
2605		return -ENOMEM;
2606
2607	cmd->header.code = cpu_to_le16(MWL8K_CMD_GET_STAT);
2608	cmd->header.length = cpu_to_le16(sizeof(*cmd));
2609
2610	rc = mwl8k_post_cmd(hw, &cmd->header);
2611	if (!rc) {
2612		stats->dot11ACKFailureCount =
2613			le32_to_cpu(cmd->stats[MWL8K_STAT_ACK_FAILURE]);
2614		stats->dot11RTSFailureCount =
2615			le32_to_cpu(cmd->stats[MWL8K_STAT_RTS_FAILURE]);
2616		stats->dot11FCSErrorCount =
2617			le32_to_cpu(cmd->stats[MWL8K_STAT_FCS_ERROR]);
2618		stats->dot11RTSSuccessCount =
2619			le32_to_cpu(cmd->stats[MWL8K_STAT_RTS_SUCCESS]);
2620	}
2621	kfree(cmd);
2622
2623	return rc;
2624}
2625
2626/*
2627 * CMD_RADIO_CONTROL.
2628 */
2629struct mwl8k_cmd_radio_control {
2630	struct mwl8k_cmd_pkt header;
2631	__le16 action;
2632	__le16 control;
2633	__le16 radio_on;
2634} __packed;
2635
2636static int
2637mwl8k_cmd_radio_control(struct ieee80211_hw *hw, bool enable, bool force)
2638{
2639	struct mwl8k_priv *priv = hw->priv;
2640	struct mwl8k_cmd_radio_control *cmd;
2641	int rc;
2642
2643	if (enable == priv->radio_on && !force)
2644		return 0;
2645
2646	cmd = kzalloc(sizeof(*cmd), GFP_KERNEL);
2647	if (cmd == NULL)
2648		return -ENOMEM;
2649
2650	cmd->header.code = cpu_to_le16(MWL8K_CMD_RADIO_CONTROL);
2651	cmd->header.length = cpu_to_le16(sizeof(*cmd));
2652	cmd->action = cpu_to_le16(MWL8K_CMD_SET);
2653	cmd->control = cpu_to_le16(priv->radio_short_preamble ? 3 : 1);
2654	cmd->radio_on = cpu_to_le16(enable ? 0x0001 : 0x0000);
2655
2656	rc = mwl8k_post_cmd(hw, &cmd->header);
2657	kfree(cmd);
2658
2659	if (!rc)
2660		priv->radio_on = enable;
2661
2662	return rc;
2663}
2664
2665static int mwl8k_cmd_radio_disable(struct ieee80211_hw *hw)
2666{
2667	return mwl8k_cmd_radio_control(hw, 0, 0);
2668}
2669
2670static int mwl8k_cmd_radio_enable(struct ieee80211_hw *hw)
2671{
2672	return mwl8k_cmd_radio_control(hw, 1, 0);
2673}
2674
2675static int
2676mwl8k_set_radio_preamble(struct ieee80211_hw *hw, bool short_preamble)
2677{
2678	struct mwl8k_priv *priv = hw->priv;
2679
2680	priv->radio_short_preamble = short_preamble;
2681
2682	return mwl8k_cmd_radio_control(hw, 1, 1);
2683}
2684
2685/*
2686 * CMD_RF_TX_POWER.
2687 */
2688#define MWL8K_RF_TX_POWER_LEVEL_TOTAL	8
2689
2690struct mwl8k_cmd_rf_tx_power {
2691	struct mwl8k_cmd_pkt header;
2692	__le16 action;
2693	__le16 support_level;
2694	__le16 current_level;
2695	__le16 reserved;
2696	__le16 power_level_list[MWL8K_RF_TX_POWER_LEVEL_TOTAL];
2697} __packed;
2698
2699static int mwl8k_cmd_rf_tx_power(struct ieee80211_hw *hw, int dBm)
2700{
2701	struct mwl8k_cmd_rf_tx_power *cmd;
2702	int rc;
2703
2704	cmd = kzalloc(sizeof(*cmd), GFP_KERNEL);
2705	if (cmd == NULL)
2706		return -ENOMEM;
2707
2708	cmd->header.code = cpu_to_le16(MWL8K_CMD_RF_TX_POWER);
2709	cmd->header.length = cpu_to_le16(sizeof(*cmd));
2710	cmd->action = cpu_to_le16(MWL8K_CMD_SET);
2711	cmd->support_level = cpu_to_le16(dBm);
2712
2713	rc = mwl8k_post_cmd(hw, &cmd->header);
2714	kfree(cmd);
2715
2716	return rc;
2717}
2718
2719/*
2720 * CMD_TX_POWER.
2721 */
2722#define MWL8K_TX_POWER_LEVEL_TOTAL      12
2723
2724struct mwl8k_cmd_tx_power {
2725	struct mwl8k_cmd_pkt header;
2726	__le16 action;
2727	__le16 band;
2728	__le16 channel;
2729	__le16 bw;
2730	__le16 sub_ch;
2731	__le16 power_level_list[MWL8K_TX_POWER_LEVEL_TOTAL];
2732} __packed;
2733
2734static int mwl8k_cmd_tx_power(struct ieee80211_hw *hw,
2735				     struct ieee80211_conf *conf,
2736				     unsigned short pwr)
2737{
2738	struct ieee80211_channel *channel = conf->channel;
2739	struct mwl8k_cmd_tx_power *cmd;
2740	int rc;
2741	int i;
2742
2743	cmd = kzalloc(sizeof(*cmd), GFP_KERNEL);
2744	if (cmd == NULL)
2745		return -ENOMEM;
2746
2747	cmd->header.code = cpu_to_le16(MWL8K_CMD_TX_POWER);
2748	cmd->header.length = cpu_to_le16(sizeof(*cmd));
2749	cmd->action = cpu_to_le16(MWL8K_CMD_SET_LIST);
2750
2751	if (channel->band == IEEE80211_BAND_2GHZ)
2752		cmd->band = cpu_to_le16(0x1);
2753	else if (channel->band == IEEE80211_BAND_5GHZ)
2754		cmd->band = cpu_to_le16(0x4);
2755
2756	cmd->channel = channel->hw_value;
2757
2758	if (conf->channel_type == NL80211_CHAN_NO_HT ||
2759	    conf->channel_type == NL80211_CHAN_HT20) {
2760		cmd->bw = cpu_to_le16(0x2);
2761	} else {
2762		cmd->bw = cpu_to_le16(0x4);
2763		if (conf->channel_type == NL80211_CHAN_HT40MINUS)
2764			cmd->sub_ch = cpu_to_le16(0x3);
2765		else if (conf->channel_type == NL80211_CHAN_HT40PLUS)
2766			cmd->sub_ch = cpu_to_le16(0x1);
2767	}
2768
2769	for (i = 0; i < MWL8K_TX_POWER_LEVEL_TOTAL; i++)
2770		cmd->power_level_list[i] = cpu_to_le16(pwr);
2771
2772	rc = mwl8k_post_cmd(hw, &cmd->header);
2773	kfree(cmd);
2774
2775	return rc;
2776}
2777
2778/*
2779 * CMD_RF_ANTENNA.
2780 */
2781struct mwl8k_cmd_rf_antenna {
2782	struct mwl8k_cmd_pkt header;
2783	__le16 antenna;
2784	__le16 mode;
2785} __packed;
2786
2787#define MWL8K_RF_ANTENNA_RX		1
2788#define MWL8K_RF_ANTENNA_TX		2
2789
2790static int
2791mwl8k_cmd_rf_antenna(struct ieee80211_hw *hw, int antenna, int mask)
2792{
2793	struct mwl8k_cmd_rf_antenna *cmd;
2794	int rc;
2795
2796	cmd = kzalloc(sizeof(*cmd), GFP_KERNEL);
2797	if (cmd == NULL)
2798		return -ENOMEM;
2799
2800	cmd->header.code = cpu_to_le16(MWL8K_CMD_RF_ANTENNA);
2801	cmd->header.length = cpu_to_le16(sizeof(*cmd));
2802	cmd->antenna = cpu_to_le16(antenna);
2803	cmd->mode = cpu_to_le16(mask);
2804
2805	rc = mwl8k_post_cmd(hw, &cmd->header);
2806	kfree(cmd);
2807
2808	return rc;
2809}
2810
2811/*
2812 * CMD_SET_BEACON.
2813 */
2814struct mwl8k_cmd_set_beacon {
2815	struct mwl8k_cmd_pkt header;
2816	__le16 beacon_len;
2817	__u8 beacon[0];
2818};
2819
2820static int mwl8k_cmd_set_beacon(struct ieee80211_hw *hw,
2821				struct ieee80211_vif *vif, u8 *beacon, int len)
2822{
2823	struct mwl8k_cmd_set_beacon *cmd;
2824	int rc;
2825
2826	cmd = kzalloc(sizeof(*cmd) + len, GFP_KERNEL);
2827	if (cmd == NULL)
2828		return -ENOMEM;
2829
2830	cmd->header.code = cpu_to_le16(MWL8K_CMD_SET_BEACON);
2831	cmd->header.length = cpu_to_le16(sizeof(*cmd) + len);
2832	cmd->beacon_len = cpu_to_le16(len);
2833	memcpy(cmd->beacon, beacon, len);
2834
2835	rc = mwl8k_post_pervif_cmd(hw, vif, &cmd->header);
2836	kfree(cmd);
2837
2838	return rc;
2839}
2840
2841/*
2842 * CMD_SET_PRE_SCAN.
2843 */
2844struct mwl8k_cmd_set_pre_scan {
2845	struct mwl8k_cmd_pkt header;
2846} __packed;
2847
2848static int mwl8k_cmd_set_pre_scan(struct ieee80211_hw *hw)
2849{
2850	struct mwl8k_cmd_set_pre_scan *cmd;
2851	int rc;
2852
2853	cmd = kzalloc(sizeof(*cmd), GFP_KERNEL);
2854	if (cmd == NULL)
2855		return -ENOMEM;
2856
2857	cmd->header.code = cpu_to_le16(MWL8K_CMD_SET_PRE_SCAN);
2858	cmd->header.length = cpu_to_le16(sizeof(*cmd));
2859
2860	rc = mwl8k_post_cmd(hw, &cmd->header);
2861	kfree(cmd);
2862
2863	return rc;
2864}
2865
2866/*
2867 * CMD_SET_POST_SCAN.
2868 */
2869struct mwl8k_cmd_set_post_scan {
2870	struct mwl8k_cmd_pkt header;
2871	__le32 isibss;
2872	__u8 bssid[ETH_ALEN];
2873} __packed;
2874
2875static int
2876mwl8k_cmd_set_post_scan(struct ieee80211_hw *hw, const __u8 *mac)
2877{
2878	struct mwl8k_cmd_set_post_scan *cmd;
2879	int rc;
2880
2881	cmd = kzalloc(sizeof(*cmd), GFP_KERNEL);
2882	if (cmd == NULL)
2883		return -ENOMEM;
2884
2885	cmd->header.code = cpu_to_le16(MWL8K_CMD_SET_POST_SCAN);
2886	cmd->header.length = cpu_to_le16(sizeof(*cmd));
2887	cmd->isibss = 0;
2888	memcpy(cmd->bssid, mac, ETH_ALEN);
2889
2890	rc = mwl8k_post_cmd(hw, &cmd->header);
2891	kfree(cmd);
2892
2893	return rc;
2894}
2895
2896/*
2897 * CMD_SET_RF_CHANNEL.
2898 */
2899struct mwl8k_cmd_set_rf_channel {
2900	struct mwl8k_cmd_pkt header;
2901	__le16 action;
2902	__u8 current_channel;
2903	__le32 channel_flags;
2904} __packed;
2905
2906static int mwl8k_cmd_set_rf_channel(struct ieee80211_hw *hw,
2907				    struct ieee80211_conf *conf)
2908{
2909	struct ieee80211_channel *channel = conf->channel;
2910	struct mwl8k_cmd_set_rf_channel *cmd;
2911	int rc;
2912
2913	cmd = kzalloc(sizeof(*cmd), GFP_KERNEL);
2914	if (cmd == NULL)
2915		return -ENOMEM;
2916
2917	cmd->header.code = cpu_to_le16(MWL8K_CMD_SET_RF_CHANNEL);
2918	cmd->header.length = cpu_to_le16(sizeof(*cmd));
2919	cmd->action = cpu_to_le16(MWL8K_CMD_SET);
2920	cmd->current_channel = channel->hw_value;
2921
2922	if (channel->band == IEEE80211_BAND_2GHZ)
2923		cmd->channel_flags |= cpu_to_le32(0x00000001);
2924	else if (channel->band == IEEE80211_BAND_5GHZ)
2925		cmd->channel_flags |= cpu_to_le32(0x00000004);
2926
2927	if (conf->channel_type == NL80211_CHAN_NO_HT ||
2928	    conf->channel_type == NL80211_CHAN_HT20)
2929		cmd->channel_flags |= cpu_to_le32(0x00000080);
2930	else if (conf->channel_type == NL80211_CHAN_HT40MINUS)
2931		cmd->channel_flags |= cpu_to_le32(0x000001900);
2932	else if (conf->channel_type == NL80211_CHAN_HT40PLUS)
2933		cmd->channel_flags |= cpu_to_le32(0x000000900);
2934
2935	rc = mwl8k_post_cmd(hw, &cmd->header);
2936	kfree(cmd);
2937
2938	return rc;
2939}
2940
2941/*
2942 * CMD_SET_AID.
2943 */
2944#define MWL8K_FRAME_PROT_DISABLED			0x00
2945#define MWL8K_FRAME_PROT_11G				0x07
2946#define MWL8K_FRAME_PROT_11N_HT_40MHZ_ONLY		0x02
2947#define MWL8K_FRAME_PROT_11N_HT_ALL			0x06
2948
2949struct mwl8k_cmd_update_set_aid {
2950	struct	mwl8k_cmd_pkt header;
2951	__le16	aid;
2952
2953	 /* AP's MAC address (BSSID) */
2954	__u8	bssid[ETH_ALEN];
2955	__le16	protection_mode;
2956	__u8	supp_rates[14];
2957} __packed;
2958
2959static void legacy_rate_mask_to_array(u8 *rates, u32 mask)
2960{
2961	int i;
2962	int j;
2963
2964	/*
2965	 * Clear nonstandard rates 4 and 13.
2966	 */
2967	mask &= 0x1fef;
2968
2969	for (i = 0, j = 0; i < 14; i++) {
2970		if (mask & (1 << i))
2971			rates[j++] = mwl8k_rates_24[i].hw_value;
2972	}
2973}
2974
2975static int
2976mwl8k_cmd_set_aid(struct ieee80211_hw *hw,
2977		  struct ieee80211_vif *vif, u32 legacy_rate_mask)
2978{
2979	struct mwl8k_cmd_update_set_aid *cmd;
2980	u16 prot_mode;
2981	int rc;
2982
2983	cmd = kzalloc(sizeof(*cmd), GFP_KERNEL);
2984	if (cmd == NULL)
2985		return -ENOMEM;
2986
2987	cmd->header.code = cpu_to_le16(MWL8K_CMD_SET_AID);
2988	cmd->header.length = cpu_to_le16(sizeof(*cmd));
2989	cmd->aid = cpu_to_le16(vif->bss_conf.aid);
2990	memcpy(cmd->bssid, vif->bss_conf.bssid, ETH_ALEN);
2991
2992	if (vif->bss_conf.use_cts_prot) {
2993		prot_mode = MWL8K_FRAME_PROT_11G;
2994	} else {
2995		switch (vif->bss_conf.ht_operation_mode &
2996			IEEE80211_HT_OP_MODE_PROTECTION) {
2997		case IEEE80211_HT_OP_MODE_PROTECTION_20MHZ:
2998			prot_mode = MWL8K_FRAME_PROT_11N_HT_40MHZ_ONLY;
2999			break;
3000		case IEEE80211_HT_OP_MODE_PROTECTION_NONHT_MIXED:
3001			prot_mode = MWL8K_FRAME_PROT_11N_HT_ALL;
3002			break;
3003		default:
3004			prot_mode = MWL8K_FRAME_PROT_DISABLED;
3005			break;
3006		}
3007	}
3008	cmd->protection_mode = cpu_to_le16(prot_mode);
3009
3010	legacy_rate_mask_to_array(cmd->supp_rates, legacy_rate_mask);
3011
3012	rc = mwl8k_post_cmd(hw, &cmd->header);
3013	kfree(cmd);
3014
3015	return rc;
3016}
3017
3018/*
3019 * CMD_SET_RATE.
3020 */
3021struct mwl8k_cmd_set_rate {
3022	struct	mwl8k_cmd_pkt header;
3023	__u8	legacy_rates[14];
3024
3025	/* Bitmap for supported MCS codes.  */
3026	__u8	mcs_set[16];
3027	__u8	reserved[16];
3028} __packed;
3029
3030static int
3031mwl8k_cmd_set_rate(struct ieee80211_hw *hw, struct ieee80211_vif *vif,
3032		   u32 legacy_rate_mask, u8 *mcs_rates)
3033{
3034	struct mwl8k_cmd_set_rate *cmd;
3035	int rc;
3036
3037	cmd = kzalloc(sizeof(*cmd), GFP_KERNEL);
3038	if (cmd == NULL)
3039		return -ENOMEM;
3040
3041	cmd->header.code = cpu_to_le16(MWL8K_CMD_SET_RATE);
3042	cmd->header.length = cpu_to_le16(sizeof(*cmd));
3043	legacy_rate_mask_to_array(cmd->legacy_rates, legacy_rate_mask);
3044	memcpy(cmd->mcs_set, mcs_rates, 16);
3045
3046	rc = mwl8k_post_cmd(hw, &cmd->header);
3047	kfree(cmd);
3048
3049	return rc;
3050}
3051
3052/*
3053 * CMD_FINALIZE_JOIN.
3054 */
3055#define MWL8K_FJ_BEACON_MAXLEN	128
3056
3057struct mwl8k_cmd_finalize_join {
3058	struct mwl8k_cmd_pkt header;
3059	__le32 sleep_interval;	/* Number of beacon periods to sleep */
3060	__u8 beacon_data[MWL8K_FJ_BEACON_MAXLEN];
3061} __packed;
3062
3063static int mwl8k_cmd_finalize_join(struct ieee80211_hw *hw, void *frame,
3064				   int framelen, int dtim)
3065{
3066	struct mwl8k_cmd_finalize_join *cmd;
3067	struct ieee80211_mgmt *payload = frame;
3068	int payload_len;
3069	int rc;
3070
3071	cmd = kzalloc(sizeof(*cmd), GFP_KERNEL);
3072	if (cmd == NULL)
3073		return -ENOMEM;
3074
3075	cmd->header.code = cpu_to_le16(MWL8K_CMD_SET_FINALIZE_JOIN);
3076	cmd->header.length = cpu_to_le16(sizeof(*cmd));
3077	cmd->sleep_interval = cpu_to_le32(dtim ? dtim : 1);
3078
3079	payload_len = framelen - ieee80211_hdrlen(payload->frame_control);
3080	if (payload_len < 0)
3081		payload_len = 0;
3082	else if (payload_len > MWL8K_FJ_BEACON_MAXLEN)
3083		payload_len = MWL8K_FJ_BEACON_MAXLEN;
3084
3085	memcpy(cmd->beacon_data, &payload->u.beacon, payload_len);
3086
3087	rc = mwl8k_post_cmd(hw, &cmd->header);
3088	kfree(cmd);
3089
3090	return rc;
3091}
3092
3093/*
3094 * CMD_SET_RTS_THRESHOLD.
3095 */
3096struct mwl8k_cmd_set_rts_threshold {
3097	struct mwl8k_cmd_pkt header;
3098	__le16 action;
3099	__le16 threshold;
3100} __packed;
3101
3102static int
3103mwl8k_cmd_set_rts_threshold(struct ieee80211_hw *hw, int rts_thresh)
3104{
3105	struct mwl8k_cmd_set_rts_threshold *cmd;
3106	int rc;
3107
3108	cmd = kzalloc(sizeof(*cmd), GFP_KERNEL);
3109	if (cmd == NULL)
3110		return -ENOMEM;
3111
3112	cmd->header.code = cpu_to_le16(MWL8K_CMD_RTS_THRESHOLD);
3113	cmd->header.length = cpu_to_le16(sizeof(*cmd));
3114	cmd->action = cpu_to_le16(MWL8K_CMD_SET);
3115	cmd->threshold = cpu_to_le16(rts_thresh);
3116
3117	rc = mwl8k_post_cmd(hw, &cmd->header);
3118	kfree(cmd);
3119
3120	return rc;
3121}
3122
3123/*
3124 * CMD_SET_SLOT.
3125 */
3126struct mwl8k_cmd_set_slot {
3127	struct mwl8k_cmd_pkt header;
3128	__le16 action;
3129	__u8 short_slot;
3130} __packed;
3131
3132static int mwl8k_cmd_set_slot(struct ieee80211_hw *hw, bool short_slot_time)
3133{
3134	struct mwl8k_cmd_set_slot *cmd;
3135	int rc;
3136
3137	cmd = kzalloc(sizeof(*cmd), GFP_KERNEL);
3138	if (cmd == NULL)
3139		return -ENOMEM;
3140
3141	cmd->header.code = cpu_to_le16(MWL8K_CMD_SET_SLOT);
3142	cmd->header.length = cpu_to_le16(sizeof(*cmd));
3143	cmd->action = cpu_to_le16(MWL8K_CMD_SET);
3144	cmd->short_slot = short_slot_time;
3145
3146	rc = mwl8k_post_cmd(hw, &cmd->header);
3147	kfree(cmd);
3148
3149	return rc;
3150}
3151
3152/*
3153 * CMD_SET_EDCA_PARAMS.
3154 */
3155struct mwl8k_cmd_set_edca_params {
3156	struct mwl8k_cmd_pkt header;
3157
3158	/* See MWL8K_SET_EDCA_XXX below */
3159	__le16 action;
3160
3161	/* TX opportunity in units of 32 us */
3162	__le16 txop;
3163
3164	union {
3165		struct {
3166			/* Log exponent of max contention period: 0...15 */
3167			__le32 log_cw_max;
3168
3169			/* Log exponent of min contention period: 0...15 */
3170			__le32 log_cw_min;
3171
3172			/* Adaptive interframe spacing in units of 32us */
3173			__u8 aifs;
3174
3175			/* TX queue to configure */
3176			__u8 txq;
3177		} ap;
3178		struct {
3179			/* Log exponent of max contention period: 0...15 */
3180			__u8 log_cw_max;
3181
3182			/* Log exponent of min contention period: 0...15 */
3183			__u8 log_cw_min;
3184
3185			/* Adaptive interframe spacing in units of 32us */
3186			__u8 aifs;
3187
3188			/* TX queue to configure */
3189			__u8 txq;
3190		} sta;
3191	};
3192} __packed;
3193
3194#define MWL8K_SET_EDCA_CW	0x01
3195#define MWL8K_SET_EDCA_TXOP	0x02
3196#define MWL8K_SET_EDCA_AIFS	0x04
3197
3198#define MWL8K_SET_EDCA_ALL	(MWL8K_SET_EDCA_CW | \
3199				 MWL8K_SET_EDCA_TXOP | \
3200				 MWL8K_SET_EDCA_AIFS)
3201
3202static int
3203mwl8k_cmd_set_edca_params(struct ieee80211_hw *hw, __u8 qnum,
3204			  __u16 cw_min, __u16 cw_max,
3205			  __u8 aifs, __u16 txop)
3206{
3207	struct mwl8k_priv *priv = hw->priv;
3208	struct mwl8k_cmd_set_edca_params *cmd;
3209	int rc;
3210
3211	cmd = kzalloc(sizeof(*cmd), GFP_KERNEL);
3212	if (cmd == NULL)
3213		return -ENOMEM;
3214
3215	cmd->header.code = cpu_to_le16(MWL8K_CMD_SET_EDCA_PARAMS);
3216	cmd->header.length = cpu_to_le16(sizeof(*cmd));
3217	cmd->action = cpu_to_le16(MWL8K_SET_EDCA_ALL);
3218	cmd->txop = cpu_to_le16(txop);
3219	if (priv->ap_fw) {
3220		cmd->ap.log_cw_max = cpu_to_le32(ilog2(cw_max + 1));
3221		cmd->ap.log_cw_min = cpu_to_le32(ilog2(cw_min + 1));
3222		cmd->ap.aifs = aifs;
3223		cmd->ap.txq = qnum;
3224	} else {
3225		cmd->sta.log_cw_max = (u8)ilog2(cw_max + 1);
3226		cmd->sta.log_cw_min = (u8)ilog2(cw_min + 1);
3227		cmd->sta.aifs = aifs;
3228		cmd->sta.txq = qnum;
3229	}
3230
3231	rc = mwl8k_post_cmd(hw, &cmd->header);
3232	kfree(cmd);
3233
3234	return rc;
3235}
3236
3237/*
3238 * CMD_SET_WMM_MODE.
3239 */
3240struct mwl8k_cmd_set_wmm_mode {
3241	struct mwl8k_cmd_pkt header;
3242	__le16 action;
3243} __packed;
3244
3245static int mwl8k_cmd_set_wmm_mode(struct ieee80211_hw *hw, bool enable)
3246{
3247	struct mwl8k_priv *priv = hw->priv;
3248	struct mwl8k_cmd_set_wmm_mode *cmd;
3249	int rc;
3250
3251	cmd = kzalloc(sizeof(*cmd), GFP_KERNEL);
3252	if (cmd == NULL)
3253		return -ENOMEM;
3254
3255	cmd->header.code = cpu_to_le16(MWL8K_CMD_SET_WMM_MODE);
3256	cmd->header.length = cpu_to_le16(sizeof(*cmd));
3257	cmd->action = cpu_to_le16(!!enable);
3258
3259	rc = mwl8k_post_cmd(hw, &cmd->header);
3260	kfree(cmd);
3261
3262	if (!rc)
3263		priv->wmm_enabled = enable;
3264
3265	return rc;
3266}
3267
3268/*
3269 * CMD_MIMO_CONFIG.
3270 */
3271struct mwl8k_cmd_mimo_config {
3272	struct mwl8k_cmd_pkt header;
3273	__le32 action;
3274	__u8 rx_antenna_map;
3275	__u8 tx_antenna_map;
3276} __packed;
3277
3278static int mwl8k_cmd_mimo_config(struct ieee80211_hw *hw, __u8 rx, __u8 tx)
3279{
3280	struct mwl8k_cmd_mimo_config *cmd;
3281	int rc;
3282
3283	cmd = kzalloc(sizeof(*cmd), GFP_KERNEL);
3284	if (cmd == NULL)
3285		return -ENOMEM;
3286
3287	cmd->header.code = cpu_to_le16(MWL8K_CMD_MIMO_CONFIG);
3288	cmd->header.length = cpu_to_le16(sizeof(*cmd));
3289	cmd->action = cpu_to_le32((u32)MWL8K_CMD_SET);
3290	cmd->rx_antenna_map = rx;
3291	cmd->tx_antenna_map = tx;
3292
3293	rc = mwl8k_post_cmd(hw, &cmd->header);
3294	kfree(cmd);
3295
3296	return rc;
3297}
3298
3299/*
3300 * CMD_USE_FIXED_RATE (STA version).
3301 */
3302struct mwl8k_cmd_use_fixed_rate_sta {
3303	struct mwl8k_cmd_pkt header;
3304	__le32 action;
3305	__le32 allow_rate_drop;
3306	__le32 num_rates;
3307	struct {
3308		__le32 is_ht_rate;
3309		__le32 enable_retry;
3310		__le32 rate;
3311		__le32 retry_count;
3312	} rate_entry[8];
3313	__le32 rate_type;
3314	__le32 reserved1;
3315	__le32 reserved2;
3316} __packed;
3317
3318#define MWL8K_USE_AUTO_RATE	0x0002
3319#define MWL8K_UCAST_RATE	0
3320
3321static int mwl8k_cmd_use_fixed_rate_sta(struct ieee80211_hw *hw)
3322{
3323	struct mwl8k_cmd_use_fixed_rate_sta *cmd;
3324	int rc;
3325
3326	cmd = kzalloc(sizeof(*cmd), GFP_KERNEL);
3327	if (cmd == NULL)
3328		return -ENOMEM;
3329
3330	cmd->header.code = cpu_to_le16(MWL8K_CMD_USE_FIXED_RATE);
3331	cmd->header.length = cpu_to_le16(sizeof(*cmd));
3332	cmd->action = cpu_to_le32(MWL8K_USE_AUTO_RATE);
3333	cmd->rate_type = cpu_to_le32(MWL8K_UCAST_RATE);
3334
3335	rc = mwl8k_post_cmd(hw, &cmd->header);
3336	kfree(cmd);
3337
3338	return rc;
3339}
3340
3341/*
3342 * CMD_USE_FIXED_RATE (AP version).
3343 */
3344struct mwl8k_cmd_use_fixed_rate_ap {
3345	struct mwl8k_cmd_pkt header;
3346	__le32 action;
3347	__le32 allow_rate_drop;
3348	__le32 num_rates;
3349	struct mwl8k_rate_entry_ap {
3350		__le32 is_ht_rate;
3351		__le32 enable_retry;
3352		__le32 rate;
3353		__le32 retry_count;
3354	} rate_entry[4];
3355	u8 multicast_rate;
3356	u8 multicast_rate_type;
3357	u8 management_rate;
3358} __packed;
3359
3360static int
3361mwl8k_cmd_use_fixed_rate_ap(struct ieee80211_hw *hw, int mcast, int mgmt)
3362{
3363	struct mwl8k_cmd_use_fixed_rate_ap *cmd;
3364	int rc;
3365
3366	cmd = kzalloc(sizeof(*cmd), GFP_KERNEL);
3367	if (cmd == NULL)
3368		return -ENOMEM;
3369
3370	cmd->header.code = cpu_to_le16(MWL8K_CMD_USE_FIXED_RATE);
3371	cmd->header.length = cpu_to_le16(sizeof(*cmd));
3372	cmd->action = cpu_to_le32(MWL8K_USE_AUTO_RATE);
3373	cmd->multicast_rate = mcast;
3374	cmd->management_rate = mgmt;
3375
3376	rc = mwl8k_post_cmd(hw, &cmd->header);
3377	kfree(cmd);
3378
3379	return rc;
3380}
3381
3382/*
3383 * CMD_ENABLE_SNIFFER.
3384 */
3385struct mwl8k_cmd_enable_sniffer {
3386	struct mwl8k_cmd_pkt header;
3387	__le32 action;
3388} __packed;
3389
3390static int mwl8k_cmd_enable_sniffer(struct ieee80211_hw *hw, bool enable)
3391{
3392	struct mwl8k_cmd_enable_sniffer *cmd;
3393	int rc;
3394
3395	cmd = kzalloc(sizeof(*cmd), GFP_KERNEL);
3396	if (cmd == NULL)
3397		return -ENOMEM;
3398
3399	cmd->header.code = cpu_to_le16(MWL8K_CMD_ENABLE_SNIFFER);
3400	cmd->header.length = cpu_to_le16(sizeof(*cmd));
3401	cmd->action = cpu_to_le32(!!enable);
3402
3403	rc = mwl8k_post_cmd(hw, &cmd->header);
3404	kfree(cmd);
3405
3406	return rc;
3407}
3408
3409/*
3410 * CMD_SET_MAC_ADDR.
3411 */
3412struct mwl8k_cmd_set_mac_addr {
3413	struct mwl8k_cmd_pkt header;
3414	union {
3415		struct {
3416			__le16 mac_type;
3417			__u8 mac_addr[ETH_ALEN];
3418		} mbss;
3419		__u8 mac_addr[ETH_ALEN];
3420	};
3421} __packed;
3422
3423#define MWL8K_MAC_TYPE_PRIMARY_CLIENT		0
3424#define MWL8K_MAC_TYPE_SECONDARY_CLIENT		1
3425#define MWL8K_MAC_TYPE_PRIMARY_AP		2
3426#define MWL8K_MAC_TYPE_SECONDARY_AP		3
3427
3428static int mwl8k_cmd_set_mac_addr(struct ieee80211_hw *hw,
3429				  struct ieee80211_vif *vif, u8 *mac)
3430{
3431	struct mwl8k_priv *priv = hw->priv;
3432	struct mwl8k_vif *mwl8k_vif = MWL8K_VIF(vif);
3433	struct mwl8k_cmd_set_mac_addr *cmd;
3434	int mac_type;
3435	int rc;
3436
3437	mac_type = MWL8K_MAC_TYPE_PRIMARY_AP;
3438	if (vif != NULL && vif->type == NL80211_IFTYPE_STATION) {
3439		if (mwl8k_vif->macid + 1 == ffs(priv->sta_macids_supported))
3440			mac_type = MWL8K_MAC_TYPE_PRIMARY_CLIENT;
3441		else
3442			mac_type = MWL8K_MAC_TYPE_SECONDARY_CLIENT;
3443	} else if (vif != NULL && vif->type == NL80211_IFTYPE_AP) {
3444		if (mwl8k_vif->macid + 1 == ffs(priv->ap_macids_supported))
3445			mac_type = MWL8K_MAC_TYPE_PRIMARY_AP;
3446		else
3447			mac_type = MWL8K_MAC_TYPE_SECONDARY_AP;
3448	}
3449
3450	cmd = kzalloc(sizeof(*cmd), GFP_KERNEL);
3451	if (cmd == NULL)
3452		return -ENOMEM;
3453
3454	cmd->header.code = cpu_to_le16(MWL8K_CMD_SET_MAC_ADDR);
3455	cmd->header.length = cpu_to_le16(sizeof(*cmd));
3456	if (priv->ap_fw) {
3457		cmd->mbss.mac_type = cpu_to_le16(mac_type);
3458		memcpy(cmd->mbss.mac_addr, mac, ETH_ALEN);
3459	} else {
3460		memcpy(cmd->mac_addr, mac, ETH_ALEN);
3461	}
3462
3463	rc = mwl8k_post_pervif_cmd(hw, vif, &cmd->header);
3464	kfree(cmd);
3465
3466	return rc;
3467}
3468
3469/*
3470 * CMD_SET_RATEADAPT_MODE.
3471 */
3472struct mwl8k_cmd_set_rate_adapt_mode {
3473	struct mwl8k_cmd_pkt header;
3474	__le16 action;
3475	__le16 mode;
3476} __packed;
3477
3478static int mwl8k_cmd_set_rateadapt_mode(struct ieee80211_hw *hw, __u16 mode)
3479{
3480	struct mwl8k_cmd_set_rate_adapt_mode *cmd;
3481	int rc;
3482
3483	cmd = kzalloc(sizeof(*cmd), GFP_KERNEL);
3484	if (cmd == NULL)
3485		return -ENOMEM;
3486
3487	cmd->header.code = cpu_to_le16(MWL8K_CMD_SET_RATEADAPT_MODE);
3488	cmd->header.length = cpu_to_le16(sizeof(*cmd));
3489	cmd->action = cpu_to_le16(MWL8K_CMD_SET);
3490	cmd->mode = cpu_to_le16(mode);
3491
3492	rc = mwl8k_post_cmd(hw, &cmd->header);
3493	kfree(cmd);
3494
3495	return rc;
3496}
3497
3498/*
3499 * CMD_GET_WATCHDOG_BITMAP.
3500 */
3501struct mwl8k_cmd_get_watchdog_bitmap {
3502	struct mwl8k_cmd_pkt header;
3503	u8	bitmap;
3504} __packed;
3505
3506static int mwl8k_cmd_get_watchdog_bitmap(struct ieee80211_hw *hw, u8 *bitmap)
3507{
3508	struct mwl8k_cmd_get_watchdog_bitmap *cmd;
3509	int rc;
3510
3511	cmd = kzalloc(sizeof(*cmd), GFP_KERNEL);
3512	if (cmd == NULL)
3513		return -ENOMEM;
3514
3515	cmd->header.code = cpu_to_le16(MWL8K_CMD_GET_WATCHDOG_BITMAP);
3516	cmd->header.length = cpu_to_le16(sizeof(*cmd));
3517
3518	rc = mwl8k_post_cmd(hw, &cmd->header);
3519	if (!rc)
3520		*bitmap = cmd->bitmap;
3521
3522	kfree(cmd);
3523
3524	return rc;
3525}
3526
3527#define INVALID_BA	0xAA
3528static void mwl8k_watchdog_ba_events(struct work_struct *work)
3529{
3530	int rc;
3531	u8 bitmap = 0, stream_index;
3532	struct mwl8k_ampdu_stream *streams;
3533	struct mwl8k_priv *priv =
3534		container_of(work, struct mwl8k_priv, watchdog_ba_handle);
3535
3536	rc = mwl8k_cmd_get_watchdog_bitmap(priv->hw, &bitmap);
3537	if (rc)
3538		return;
3539
3540	if (bitmap == INVALID_BA)
3541		return;
3542
3543	/* the bitmap is the hw queue number.  Map it to the ampdu queue. */
3544	stream_index = bitmap - MWL8K_TX_WMM_QUEUES;
3545
3546	BUG_ON(stream_index >= priv->num_ampdu_queues);
3547
3548	streams = &priv->ampdu[stream_index];
3549
3550	if (streams->state == AMPDU_STREAM_ACTIVE)
3551		ieee80211_stop_tx_ba_session(streams->sta, streams->tid);
3552
3553	return;
3554}
3555
3556
3557/*
3558 * CMD_BSS_START.
3559 */
3560struct mwl8k_cmd_bss_start {
3561	struct mwl8k_cmd_pkt header;
3562	__le32 enable;
3563} __packed;
3564
3565static int mwl8k_cmd_bss_start(struct ieee80211_hw *hw,
3566			       struct ieee80211_vif *vif, int enable)
3567{
3568	struct mwl8k_cmd_bss_start *cmd;
3569	int rc;
3570
3571	cmd = kzalloc(sizeof(*cmd), GFP_KERNEL);
3572	if (cmd == NULL)
3573		return -ENOMEM;
3574
3575	cmd->header.code = cpu_to_le16(MWL8K_CMD_BSS_START);
3576	cmd->header.length = cpu_to_le16(sizeof(*cmd));
3577	cmd->enable = cpu_to_le32(enable);
3578
3579	rc = mwl8k_post_pervif_cmd(hw, vif, &cmd->header);
3580	kfree(cmd);
3581
3582	return rc;
3583}
3584
3585/*
3586 * CMD_BASTREAM.
3587 */
3588
3589/*
3590 * UPSTREAM is tx direction
3591 */
3592#define BASTREAM_FLAG_DIRECTION_UPSTREAM	0x00
3593#define BASTREAM_FLAG_IMMEDIATE_TYPE		0x01
3594
3595enum ba_stream_action_type {
3596	MWL8K_BA_CREATE,
3597	MWL8K_BA_UPDATE,
3598	MWL8K_BA_DESTROY,
3599	MWL8K_BA_FLUSH,
3600	MWL8K_BA_CHECK,
3601};
3602
3603
3604struct mwl8k_create_ba_stream {
3605	__le32	flags;
3606	__le32	idle_thrs;
3607	__le32	bar_thrs;
3608	__le32	window_size;
3609	u8	peer_mac_addr[6];
3610	u8	dialog_token;
3611	u8	tid;
3612	u8	queue_id;
3613	u8	param_info;
3614	__le32	ba_context;
3615	u8	reset_seq_no_flag;
3616	__le16	curr_seq_no;
3617	u8	sta_src_mac_addr[6];
3618} __packed;
3619
3620struct mwl8k_destroy_ba_stream {
3621	__le32	flags;
3622	__le32	ba_context;
3623} __packed;
3624
3625struct mwl8k_cmd_bastream {
3626	struct mwl8k_cmd_pkt	header;
3627	__le32	action;
3628	union {
3629		struct mwl8k_create_ba_stream	create_params;
3630		struct mwl8k_destroy_ba_stream	destroy_params;
3631	};
3632} __packed;
3633
3634static int
3635mwl8k_check_ba(struct ieee80211_hw *hw, struct mwl8k_ampdu_stream *stream)
3636{
3637	struct mwl8k_cmd_bastream *cmd;
3638	int rc;
3639
3640	cmd = kzalloc(sizeof(*cmd), GFP_KERNEL);
3641	if (cmd == NULL)
3642		return -ENOMEM;
3643
3644	cmd->header.code = cpu_to_le16(MWL8K_CMD_BASTREAM);
3645	cmd->header.length = cpu_to_le16(sizeof(*cmd));
3646
3647	cmd->action = cpu_to_le32(MWL8K_BA_CHECK);
3648
3649	cmd->create_params.queue_id = stream->idx;
3650	memcpy(&cmd->create_params.peer_mac_addr[0], stream->sta->addr,
3651	       ETH_ALEN);
3652	cmd->create_params.tid = stream->tid;
3653
3654	cmd->create_params.flags =
3655		cpu_to_le32(BASTREAM_FLAG_IMMEDIATE_TYPE) |
3656		cpu_to_le32(BASTREAM_FLAG_DIRECTION_UPSTREAM);
3657
3658	rc = mwl8k_post_cmd(hw, &cmd->header);
3659
3660	kfree(cmd);
3661
3662	return rc;
3663}
3664
3665static int
3666mwl8k_create_ba(struct ieee80211_hw *hw, struct mwl8k_ampdu_stream *stream,
3667		u8 buf_size)
3668{
3669	struct mwl8k_cmd_bastream *cmd;
3670	int rc;
3671
3672	cmd = kzalloc(sizeof(*cmd), GFP_KERNEL);
3673	if (cmd == NULL)
3674		return -ENOMEM;
3675
3676
3677	cmd->header.code = cpu_to_le16(MWL8K_CMD_BASTREAM);
3678	cmd->header.length = cpu_to_le16(sizeof(*cmd));
3679
3680	cmd->action = cpu_to_le32(MWL8K_BA_CREATE);
3681
3682	cmd->create_params.bar_thrs = cpu_to_le32((u32)buf_size);
3683	cmd->create_params.window_size = cpu_to_le32((u32)buf_size);
3684	cmd->create_params.queue_id = stream->idx;
3685
3686	memcpy(cmd->create_params.peer_mac_addr, stream->sta->addr, ETH_ALEN);
3687	cmd->create_params.tid = stream->tid;
3688	cmd->create_params.curr_seq_no = cpu_to_le16(0);
3689	cmd->create_params.reset_seq_no_flag = 1;
3690
3691	cmd->create_params.param_info =
3692		(stream->sta->ht_cap.ampdu_factor &
3693		 IEEE80211_HT_AMPDU_PARM_FACTOR) |
3694		((stream->sta->ht_cap.ampdu_density << 2) &
3695		 IEEE80211_HT_AMPDU_PARM_DENSITY);
3696
3697	cmd->create_params.flags =
3698		cpu_to_le32(BASTREAM_FLAG_IMMEDIATE_TYPE |
3699					BASTREAM_FLAG_DIRECTION_UPSTREAM);
3700
3701	rc = mwl8k_post_cmd(hw, &cmd->header);
3702
3703	wiphy_debug(hw->wiphy, "Created a BA stream for %pM : tid %d\n",
3704		stream->sta->addr, stream->tid);
3705	kfree(cmd);
3706
3707	return rc;
3708}
3709
3710static void mwl8k_destroy_ba(struct ieee80211_hw *hw,
3711			     struct mwl8k_ampdu_stream *stream)
3712{
3713	struct mwl8k_cmd_bastream *cmd;
3714
3715	cmd = kzalloc(sizeof(*cmd), GFP_KERNEL);
3716	if (cmd == NULL)
3717		return;
3718
3719	cmd->header.code = cpu_to_le16(MWL8K_CMD_BASTREAM);
3720	cmd->header.length = cpu_to_le16(sizeof(*cmd));
3721	cmd->action = cpu_to_le32(MWL8K_BA_DESTROY);
3722
3723	cmd->destroy_params.ba_context = cpu_to_le32(stream->idx);
3724	mwl8k_post_cmd(hw, &cmd->header);
3725
3726	wiphy_debug(hw->wiphy, "Deleted BA stream index %d\n", stream->idx);
3727
3728	kfree(cmd);
3729}
3730
3731/*
3732 * CMD_SET_NEW_STN.
3733 */
3734struct mwl8k_cmd_set_new_stn {
3735	struct mwl8k_cmd_pkt header;
3736	__le16 aid;
3737	__u8 mac_addr[6];
3738	__le16 stn_id;
3739	__le16 action;
3740	__le16 rsvd;
3741	__le32 legacy_rates;
3742	__u8 ht_rates[4];
3743	__le16 cap_info;
3744	__le16 ht_capabilities_info;
3745	__u8 mac_ht_param_info;
3746	__u8 rev;
3747	__u8 control_channel;
3748	__u8 add_channel;
3749	__le16 op_mode;
3750	__le16 stbc;
3751	__u8 add_qos_info;
3752	__u8 is_qos_sta;
3753	__le32 fw_sta_ptr;
3754} __packed;
3755
3756#define MWL8K_STA_ACTION_ADD		0
3757#define MWL8K_STA_ACTION_REMOVE		2
3758
3759static int mwl8k_cmd_set_new_stn_add(struct ieee80211_hw *hw,
3760				     struct ieee80211_vif *vif,
3761				     struct ieee80211_sta *sta)
3762{
3763	struct mwl8k_cmd_set_new_stn *cmd;
3764	u32 rates;
3765	int rc;
3766
3767	cmd = kzalloc(sizeof(*cmd), GFP_KERNEL);
3768	if (cmd == NULL)
3769		return -ENOMEM;
3770
3771	cmd->header.code = cpu_to_le16(MWL8K_CMD_SET_NEW_STN);
3772	cmd->header.length = cpu_to_le16(sizeof(*cmd));
3773	cmd->aid = cpu_to_le16(sta->aid);
3774	memcpy(cmd->mac_addr, sta->addr, ETH_ALEN);
3775	cmd->stn_id = cpu_to_le16(sta->aid);
3776	cmd->action = cpu_to_le16(MWL8K_STA_ACTION_ADD);
3777	if (hw->conf.channel->band == IEEE80211_BAND_2GHZ)
3778		rates = sta->supp_rates[IEEE80211_BAND_2GHZ];
3779	else
3780		rates = sta->supp_rates[IEEE80211_BAND_5GHZ] << 5;
3781	cmd->legacy_rates = cpu_to_le32(rates);
3782	if (sta->ht_cap.ht_supported) {
3783		cmd->ht_rates[0] = sta->ht_cap.mcs.rx_mask[0];
3784		cmd->ht_rates[1] = sta->ht_cap.mcs.rx_mask[1];
3785		cmd->ht_rates[2] = sta->ht_cap.mcs.rx_mask[2];
3786		cmd->ht_rates[3] = sta->ht_cap.mcs.rx_mask[3];
3787		cmd->ht_capabilities_info = cpu_to_le16(sta->ht_cap.cap);
3788		cmd->mac_ht_param_info = (sta->ht_cap.ampdu_factor & 3) |
3789			((sta->ht_cap.ampdu_density & 7) << 2);
3790		cmd->is_qos_sta = 1;
3791	}
3792
3793	rc = mwl8k_post_pervif_cmd(hw, vif, &cmd->header);
3794	kfree(cmd);
3795
3796	return rc;
3797}
3798
3799static int mwl8k_cmd_set_new_stn_add_self(struct ieee80211_hw *hw,
3800					  struct ieee80211_vif *vif)
3801{
3802	struct mwl8k_cmd_set_new_stn *cmd;
3803	int rc;
3804
3805	cmd = kzalloc(sizeof(*cmd), GFP_KERNEL);
3806	if (cmd == NULL)
3807		return -ENOMEM;
3808
3809	cmd->header.code = cpu_to_le16(MWL8K_CMD_SET_NEW_STN);
3810	cmd->header.length = cpu_to_le16(sizeof(*cmd));
3811	memcpy(cmd->mac_addr, vif->addr, ETH_ALEN);
3812
3813	rc = mwl8k_post_pervif_cmd(hw, vif, &cmd->header);
3814	kfree(cmd);
3815
3816	return rc;
3817}
3818
3819static int mwl8k_cmd_set_new_stn_del(struct ieee80211_hw *hw,
3820				     struct ieee80211_vif *vif, u8 *addr)
3821{
3822	struct mwl8k_cmd_set_new_stn *cmd;
3823	int rc;
3824
3825	cmd = kzalloc(sizeof(*cmd), GFP_KERNEL);
3826	if (cmd == NULL)
3827		return -ENOMEM;
3828
3829	cmd->header.code = cpu_to_le16(MWL8K_CMD_SET_NEW_STN);
3830	cmd->header.length = cpu_to_le16(sizeof(*cmd));
3831	memcpy(cmd->mac_addr, addr, ETH_ALEN);
3832	cmd->action = cpu_to_le16(MWL8K_STA_ACTION_REMOVE);
3833
3834	rc = mwl8k_post_pervif_cmd(hw, vif, &cmd->header);
3835	kfree(cmd);
3836
3837	return rc;
3838}
3839
3840/*
3841 * CMD_UPDATE_ENCRYPTION.
3842 */
3843
3844#define MAX_ENCR_KEY_LENGTH	16
3845#define MIC_KEY_LENGTH		8
3846
3847struct mwl8k_cmd_update_encryption {
3848	struct mwl8k_cmd_pkt header;
3849
3850	__le32 action;
3851	__le32 reserved;
3852	__u8 mac_addr[6];
3853	__u8 encr_type;
3854
3855} __packed;
3856
3857struct mwl8k_cmd_set_key {
3858	struct mwl8k_cmd_pkt header;
3859
3860	__le32 action;
3861	__le32 reserved;
3862	__le16 length;
3863	__le16 key_type_id;
3864	__le32 key_info;
3865	__le32 key_id;
3866	__le16 key_len;
3867	__u8 key_material[MAX_ENCR_KEY_LENGTH];
3868	__u8 tkip_tx_mic_key[MIC_KEY_LENGTH];
3869	__u8 tkip_rx_mic_key[MIC_KEY_LENGTH];
3870	__le16 tkip_rsc_low;
3871	__le32 tkip_rsc_high;
3872	__le16 tkip_tsc_low;
3873	__le32 tkip_tsc_high;
3874	__u8 mac_addr[6];
3875} __packed;
3876
3877enum {
3878	MWL8K_ENCR_ENABLE,
3879	MWL8K_ENCR_SET_KEY,
3880	MWL8K_ENCR_REMOVE_KEY,
3881	MWL8K_ENCR_SET_GROUP_KEY,
3882};
3883
3884#define MWL8K_UPDATE_ENCRYPTION_TYPE_WEP	0
3885#define MWL8K_UPDATE_ENCRYPTION_TYPE_DISABLE	1
3886#define MWL8K_UPDATE_ENCRYPTION_TYPE_TKIP	4
3887#define MWL8K_UPDATE_ENCRYPTION_TYPE_MIXED	7
3888#define MWL8K_UPDATE_ENCRYPTION_TYPE_AES	8
3889
3890enum {
3891	MWL8K_ALG_WEP,
3892	MWL8K_ALG_TKIP,
3893	MWL8K_ALG_CCMP,
3894};
3895
3896#define MWL8K_KEY_FLAG_TXGROUPKEY	0x00000004
3897#define MWL8K_KEY_FLAG_PAIRWISE		0x00000008
3898#define MWL8K_KEY_FLAG_TSC_VALID	0x00000040
3899#define MWL8K_KEY_FLAG_WEP_TXKEY	0x01000000
3900#define MWL8K_KEY_FLAG_MICKEY_VALID	0x02000000
3901
3902static int mwl8k_cmd_update_encryption_enable(struct ieee80211_hw *hw,
3903					      struct ieee80211_vif *vif,
3904					      u8 *addr,
3905					      u8 encr_type)
3906{
3907	struct mwl8k_cmd_update_encryption *cmd;
3908	int rc;
3909
3910	cmd = kzalloc(sizeof(*cmd), GFP_KERNEL);
3911	if (cmd == NULL)
3912		return -ENOMEM;
3913
3914	cmd->header.code = cpu_to_le16(MWL8K_CMD_UPDATE_ENCRYPTION);
3915	cmd->header.length = cpu_to_le16(sizeof(*cmd));
3916	cmd->action = cpu_to_le32(MWL8K_ENCR_ENABLE);
3917	memcpy(cmd->mac_addr, addr, ETH_ALEN);
3918	cmd->encr_type = encr_type;
3919
3920	rc = mwl8k_post_pervif_cmd(hw, vif, &cmd->header);
3921	kfree(cmd);
3922
3923	return rc;
3924}
3925
3926static int mwl8k_encryption_set_cmd_info(struct mwl8k_cmd_set_key *cmd,
3927						u8 *addr,
3928						struct ieee80211_key_conf *key)
3929{
3930	cmd->header.code = cpu_to_le16(MWL8K_CMD_UPDATE_ENCRYPTION);
3931	cmd->header.length = cpu_to_le16(sizeof(*cmd));
3932	cmd->length = cpu_to_le16(sizeof(*cmd) -
3933				offsetof(struct mwl8k_cmd_set_key, length));
3934	cmd->key_id = cpu_to_le32(key->keyidx);
3935	cmd->key_len = cpu_to_le16(key->keylen);
3936	memcpy(cmd->mac_addr, addr, ETH_ALEN);
3937
3938	switch (key->cipher) {
3939	case WLAN_CIPHER_SUITE_WEP40:
3940	case WLAN_CIPHER_SUITE_WEP104:
3941		cmd->key_type_id = cpu_to_le16(MWL8K_ALG_WEP);
3942		if (key->keyidx == 0)
3943			cmd->key_info =	cpu_to_le32(MWL8K_KEY_FLAG_WEP_TXKEY);
3944
3945		break;
3946	case WLAN_CIPHER_SUITE_TKIP:
3947		cmd->key_type_id = cpu_to_le16(MWL8K_ALG_TKIP);
3948		cmd->key_info =	(key->flags & IEEE80211_KEY_FLAG_PAIRWISE)
3949			? cpu_to_le32(MWL8K_KEY_FLAG_PAIRWISE)
3950			: cpu_to_le32(MWL8K_KEY_FLAG_TXGROUPKEY);
3951		cmd->key_info |= cpu_to_le32(MWL8K_KEY_FLAG_MICKEY_VALID
3952						| MWL8K_KEY_FLAG_TSC_VALID);
3953		break;
3954	case WLAN_CIPHER_SUITE_CCMP:
3955		cmd->key_type_id = cpu_to_le16(MWL8K_ALG_CCMP);
3956		cmd->key_info =	(key->flags & IEEE80211_KEY_FLAG_PAIRWISE)
3957			? cpu_to_le32(MWL8K_KEY_FLAG_PAIRWISE)
3958			: cpu_to_le32(MWL8K_KEY_FLAG_TXGROUPKEY);
3959		break;
3960	default:
3961		return -ENOTSUPP;
3962	}
3963
3964	return 0;
3965}
3966
3967static int mwl8k_cmd_encryption_set_key(struct ieee80211_hw *hw,
3968						struct ieee80211_vif *vif,
3969						u8 *addr,
3970						struct ieee80211_key_conf *key)
3971{
3972	struct mwl8k_cmd_set_key *cmd;
3973	int rc;
3974	int keymlen;
3975	u32 action;
3976	u8 idx;
3977	struct mwl8k_vif *mwl8k_vif = MWL8K_VIF(vif);
3978
3979	cmd = kzalloc(sizeof(*cmd), GFP_KERNEL);
3980	if (cmd == NULL)
3981		return -ENOMEM;
3982
3983	rc = mwl8k_encryption_set_cmd_info(cmd, addr, key);
3984	if (rc < 0)
3985		goto done;
3986
3987	idx = key->keyidx;
3988
3989	if (key->flags & IEEE80211_KEY_FLAG_PAIRWISE)
3990		action = MWL8K_ENCR_SET_KEY;
3991	else
3992		action = MWL8K_ENCR_SET_GROUP_KEY;
3993
3994	switch (key->cipher) {
3995	case WLAN_CIPHER_SUITE_WEP40:
3996	case WLAN_CIPHER_SUITE_WEP104:
3997		if (!mwl8k_vif->wep_key_conf[idx].enabled) {
3998			memcpy(mwl8k_vif->wep_key_conf[idx].key, key,
3999						sizeof(*key) + key->keylen);
4000			mwl8k_vif->wep_key_conf[idx].enabled = 1;
4001		}
4002
4003		keymlen = key->keylen;
4004		action = MWL8K_ENCR_SET_KEY;
4005		break;
4006	case WLAN_CIPHER_SUITE_TKIP:
4007		keymlen = MAX_ENCR_KEY_LENGTH + 2 * MIC_KEY_LENGTH;
4008		break;
4009	case WLAN_CIPHER_SUITE_CCMP:
4010		keymlen = key->keylen;
4011		break;
4012	default:
4013		rc = -ENOTSUPP;
4014		goto done;
4015	}
4016
4017	memcpy(cmd->key_material, key->key, keymlen);
4018	cmd->action = cpu_to_le32(action);
4019
4020	rc = mwl8k_post_pervif_cmd(hw, vif, &cmd->header);
4021done:
4022	kfree(cmd);
4023
4024	return rc;
4025}
4026
4027static int mwl8k_cmd_encryption_remove_key(struct ieee80211_hw *hw,
4028						struct ieee80211_vif *vif,
4029						u8 *addr,
4030						struct ieee80211_key_conf *key)
4031{
4032	struct mwl8k_cmd_set_key *cmd;
4033	int rc;
4034	struct mwl8k_vif *mwl8k_vif = MWL8K_VIF(vif);
4035
4036	cmd = kzalloc(sizeof(*cmd), GFP_KERNEL);
4037	if (cmd == NULL)
4038		return -ENOMEM;
4039
4040	rc = mwl8k_encryption_set_cmd_info(cmd, addr, key);
4041	if (rc < 0)
4042		goto done;
4043
4044	if (key->cipher == WLAN_CIPHER_SUITE_WEP40 ||
4045			WLAN_CIPHER_SUITE_WEP104)
4046		mwl8k_vif->wep_key_conf[key->keyidx].enabled = 0;
4047
4048	cmd->action = cpu_to_le32(MWL8K_ENCR_REMOVE_KEY);
4049
4050	rc = mwl8k_post_pervif_cmd(hw, vif, &cmd->header);
4051done:
4052	kfree(cmd);
4053
4054	return rc;
4055}
4056
4057static int mwl8k_set_key(struct ieee80211_hw *hw,
4058			 enum set_key_cmd cmd_param,
4059			 struct ieee80211_vif *vif,
4060			 struct ieee80211_sta *sta,
4061			 struct ieee80211_key_conf *key)
4062{
4063	int rc = 0;
4064	u8 encr_type;
4065	u8 *addr;
4066	struct mwl8k_vif *mwl8k_vif = MWL8K_VIF(vif);
4067
4068	if (vif->type == NL80211_IFTYPE_STATION)
4069		return -EOPNOTSUPP;
4070
4071	if (sta == NULL)
4072		addr = hw->wiphy->perm_addr;
4073	else
4074		addr = sta->addr;
4075
4076	if (cmd_param == SET_KEY) {
4077		rc = mwl8k_cmd_encryption_set_key(hw, vif, addr, key);
4078		if (rc)
4079			goto out;
4080
4081		if ((key->cipher == WLAN_CIPHER_SUITE_WEP40)
4082				|| (key->cipher == WLAN_CIPHER_SUITE_WEP104))
4083			encr_type = MWL8K_UPDATE_ENCRYPTION_TYPE_WEP;
4084		else
4085			encr_type = MWL8K_UPDATE_ENCRYPTION_TYPE_MIXED;
4086
4087		rc = mwl8k_cmd_update_encryption_enable(hw, vif, addr,
4088								encr_type);
4089		if (rc)
4090			goto out;
4091
4092		mwl8k_vif->is_hw_crypto_enabled = true;
4093
4094	} else {
4095		rc = mwl8k_cmd_encryption_remove_key(hw, vif, addr, key);
4096
4097		if (rc)
4098			goto out;
4099
4100		mwl8k_vif->is_hw_crypto_enabled = false;
4101
4102	}
4103out:
4104	return rc;
4105}
4106
4107/*
4108 * CMD_UPDATE_STADB.
4109 */
4110struct ewc_ht_info {
4111	__le16	control1;
4112	__le16	control2;
4113	__le16	control3;
4114} __packed;
4115
4116struct peer_capability_info {
4117	/* Peer type - AP vs. STA.  */
4118	__u8	peer_type;
4119
4120	/* Basic 802.11 capabilities from assoc resp.  */
4121	__le16	basic_caps;
4122
4123	/* Set if peer supports 802.11n high throughput (HT).  */
4124	__u8	ht_support;
4125
4126	/* Valid if HT is supported.  */
4127	__le16	ht_caps;
4128	__u8	extended_ht_caps;
4129	struct ewc_ht_info	ewc_info;
4130
4131	/* Legacy rate table. Intersection of our rates and peer rates.  */
4132	__u8	legacy_rates[12];
4133
4134	/* HT rate table. Intersection of our rates and peer rates.  */
4135	__u8	ht_rates[16];
4136	__u8	pad[16];
4137
4138	/* If set, interoperability mode, no proprietary extensions.  */
4139	__u8	interop;
4140	__u8	pad2;
4141	__u8	station_id;
4142	__le16	amsdu_enabled;
4143} __packed;
4144
4145struct mwl8k_cmd_update_stadb {
4146	struct mwl8k_cmd_pkt header;
4147
4148	/* See STADB_ACTION_TYPE */
4149	__le32	action;
4150
4151	/* Peer MAC address */
4152	__u8	peer_addr[ETH_ALEN];
4153
4154	__le32	reserved;
4155
4156	/* Peer info - valid during add/update.  */
4157	struct peer_capability_info	peer_info;
4158} __packed;
4159
4160#define MWL8K_STA_DB_MODIFY_ENTRY	1
4161#define MWL8K_STA_DB_DEL_ENTRY		2
4162
4163/* Peer Entry flags - used to define the type of the peer node */
4164#define MWL8K_PEER_TYPE_ACCESSPOINT	2
4165
4166static int mwl8k_cmd_update_stadb_add(struct ieee80211_hw *hw,
4167				      struct ieee80211_vif *vif,
4168				      struct ieee80211_sta *sta)
4169{
4170	struct mwl8k_cmd_update_stadb *cmd;
4171	struct peer_capability_info *p;
4172	u32 rates;
4173	int rc;
4174
4175	cmd = kzalloc(sizeof(*cmd), GFP_KERNEL);
4176	if (cmd == NULL)
4177		return -ENOMEM;
4178
4179	cmd->header.code = cpu_to_le16(MWL8K_CMD_UPDATE_STADB);
4180	cmd->header.length = cpu_to_le16(sizeof(*cmd));
4181	cmd->action = cpu_to_le32(MWL8K_STA_DB_MODIFY_ENTRY);
4182	memcpy(cmd->peer_addr, sta->addr, ETH_ALEN);
4183
4184	p = &cmd->peer_info;
4185	p->peer_type = MWL8K_PEER_TYPE_ACCESSPOINT;
4186	p->basic_caps = cpu_to_le16(vif->bss_conf.assoc_capability);
4187	p->ht_support = sta->ht_cap.ht_supported;
4188	p->ht_caps = cpu_to_le16(sta->ht_cap.cap);
4189	p->extended_ht_caps = (sta->ht_cap.ampdu_factor & 3) |
4190		((sta->ht_cap.ampdu_density & 7) << 2);
4191	if (hw->conf.channel->band == IEEE80211_BAND_2GHZ)
4192		rates = sta->supp_rates[IEEE80211_BAND_2GHZ];
4193	else
4194		rates = sta->supp_rates[IEEE80211_BAND_5GHZ] << 5;
4195	legacy_rate_mask_to_array(p->legacy_rates, rates);
4196	memcpy(p->ht_rates, sta->ht_cap.mcs.rx_mask, 16);
4197	p->interop = 1;
4198	p->amsdu_enabled = 0;
4199
4200	rc = mwl8k_post_cmd(hw, &cmd->header);
4201	kfree(cmd);
4202
4203	return rc ? rc : p->station_id;
4204}
4205
4206static int mwl8k_cmd_update_stadb_del(struct ieee80211_hw *hw,
4207				      struct ieee80211_vif *vif, u8 *addr)
4208{
4209	struct mwl8k_cmd_update_stadb *cmd;
4210	int rc;
4211
4212	cmd = kzalloc(sizeof(*cmd), GFP_KERNEL);
4213	if (cmd == NULL)
4214		return -ENOMEM;
4215
4216	cmd->header.code = cpu_to_le16(MWL8K_CMD_UPDATE_STADB);
4217	cmd->header.length = cpu_to_le16(sizeof(*cmd));
4218	cmd->action = cpu_to_le32(MWL8K_STA_DB_DEL_ENTRY);
4219	memcpy(cmd->peer_addr, addr, ETH_ALEN);
4220
4221	rc = mwl8k_post_cmd(hw, &cmd->header);
4222	kfree(cmd);
4223
4224	return rc;
4225}
4226
4227
4228/*
4229 * Interrupt handling.
4230 */
4231static irqreturn_t mwl8k_interrupt(int irq, void *dev_id)
4232{
4233	struct ieee80211_hw *hw = dev_id;
4234	struct mwl8k_priv *priv = hw->priv;
4235	u32 status;
4236
4237	status = ioread32(priv->regs + MWL8K_HIU_A2H_INTERRUPT_STATUS);
4238	if (!status)
4239		return IRQ_NONE;
4240
4241	if (status & MWL8K_A2H_INT_TX_DONE) {
4242		status &= ~MWL8K_A2H_INT_TX_DONE;
4243		tasklet_schedule(&priv->poll_tx_task);
4244	}
4245
4246	if (status & MWL8K_A2H_INT_RX_READY) {
4247		status &= ~MWL8K_A2H_INT_RX_READY;
4248		tasklet_schedule(&priv->poll_rx_task);
4249	}
4250
4251	if (status & MWL8K_A2H_INT_BA_WATCHDOG) {
4252		status &= ~MWL8K_A2H_INT_BA_WATCHDOG;
4253		ieee80211_queue_work(hw, &priv->watchdog_ba_handle);
4254	}
4255
4256	if (status)
4257		iowrite32(~status, priv->regs + MWL8K_HIU_A2H_INTERRUPT_STATUS);
4258
4259	if (status & MWL8K_A2H_INT_OPC_DONE) {
4260		if (priv->hostcmd_wait != NULL)
4261			complete(priv->hostcmd_wait);
4262	}
4263
4264	if (status & MWL8K_A2H_INT_QUEUE_EMPTY) {
4265		if (!mutex_is_locked(&priv->fw_mutex) &&
4266		    priv->radio_on && priv->pending_tx_pkts)
4267			mwl8k_tx_start(priv);
4268	}
4269
4270	return IRQ_HANDLED;
4271}
4272
4273static void mwl8k_tx_poll(unsigned long data)
4274{
4275	struct ieee80211_hw *hw = (struct ieee80211_hw *)data;
4276	struct mwl8k_priv *priv = hw->priv;
4277	int limit;
4278	int i;
4279
4280	limit = 32;
4281
4282	spin_lock_bh(&priv->tx_lock);
4283
4284	for (i = 0; i < mwl8k_tx_queues(priv); i++)
4285		limit -= mwl8k_txq_reclaim(hw, i, limit, 0);
4286
4287	if (!priv->pending_tx_pkts && priv->tx_wait != NULL) {
4288		complete(priv->tx_wait);
4289		priv->tx_wait = NULL;
4290	}
4291
4292	spin_unlock_bh(&priv->tx_lock);
4293
4294	if (limit) {
4295		writel(~MWL8K_A2H_INT_TX_DONE,
4296		       priv->regs + MWL8K_HIU_A2H_INTERRUPT_STATUS);
4297	} else {
4298		tasklet_schedule(&priv->poll_tx_task);
4299	}
4300}
4301
4302static void mwl8k_rx_poll(unsigned long data)
4303{
4304	struct ieee80211_hw *hw = (struct ieee80211_hw *)data;
4305	struct mwl8k_priv *priv = hw->priv;
4306	int limit;
4307
4308	limit = 32;
4309	limit -= rxq_process(hw, 0, limit);
4310	limit -= rxq_refill(hw, 0, limit);
4311
4312	if (limit) {
4313		writel(~MWL8K_A2H_INT_RX_READY,
4314		       priv->regs + MWL8K_HIU_A2H_INTERRUPT_STATUS);
4315	} else {
4316		tasklet_schedule(&priv->poll_rx_task);
4317	}
4318}
4319
4320
4321/*
4322 * Core driver operations.
4323 */
4324static void mwl8k_tx(struct ieee80211_hw *hw, struct sk_buff *skb)
4325{
4326	struct mwl8k_priv *priv = hw->priv;
4327	int index = skb_get_queue_mapping(skb);
4328
4329	if (!priv->radio_on) {
4330		wiphy_debug(hw->wiphy,
4331			    "dropped TX frame since radio disabled\n");
4332		dev_kfree_skb(skb);
4333		return;
4334	}
4335
4336	mwl8k_txq_xmit(hw, index, skb);
4337}
4338
4339static int mwl8k_start(struct ieee80211_hw *hw)
4340{
4341	struct mwl8k_priv *priv = hw->priv;
4342	int rc;
4343
4344	rc = request_irq(priv->pdev->irq, mwl8k_interrupt,
4345			 IRQF_SHARED, MWL8K_NAME, hw);
4346	if (rc) {
4347		priv->irq = -1;
4348		wiphy_err(hw->wiphy, "failed to register IRQ handler\n");
4349		return -EIO;
4350	}
4351	priv->irq = priv->pdev->irq;
4352
4353	/* Enable TX reclaim and RX tasklets.  */
4354	tasklet_enable(&priv->poll_tx_task);
4355	tasklet_enable(&priv->poll_rx_task);
4356
4357	/* Enable interrupts */
4358	iowrite32(MWL8K_A2H_EVENTS, priv->regs + MWL8K_HIU_A2H_INTERRUPT_MASK);
4359	iowrite32(MWL8K_A2H_EVENTS,
4360		  priv->regs + MWL8K_HIU_A2H_INTERRUPT_STATUS_MASK);
4361
4362	rc = mwl8k_fw_lock(hw);
4363	if (!rc) {
4364		rc = mwl8k_cmd_radio_enable(hw);
4365
4366		if (!priv->ap_fw) {
4367			if (!rc)
4368				rc = mwl8k_cmd_enable_sniffer(hw, 0);
4369
4370			if (!rc)
4371				rc = mwl8k_cmd_set_pre_scan(hw);
4372
4373			if (!rc)
4374				rc = mwl8k_cmd_set_post_scan(hw,
4375						"\x00\x00\x00\x00\x00\x00");
4376		}
4377
4378		if (!rc)
4379			rc = mwl8k_cmd_set_rateadapt_mode(hw, 0);
4380
4381		if (!rc)
4382			rc = mwl8k_cmd_set_wmm_mode(hw, 0);
4383
4384		mwl8k_fw_unlock(hw);
4385	}
4386
4387	if (rc) {
4388		iowrite32(0, priv->regs + MWL8K_HIU_A2H_INTERRUPT_MASK);
4389		free_irq(priv->pdev->irq, hw);
4390		priv->irq = -1;
4391		tasklet_disable(&priv->poll_tx_task);
4392		tasklet_disable(&priv->poll_rx_task);
4393	}
4394
4395	return rc;
4396}
4397
4398static void mwl8k_stop(struct ieee80211_hw *hw)
4399{
4400	struct mwl8k_priv *priv = hw->priv;
4401	int i;
4402
4403	mwl8k_cmd_radio_disable(hw);
4404
4405	ieee80211_stop_queues(hw);
4406
4407	/* Disable interrupts */
4408	iowrite32(0, priv->regs + MWL8K_HIU_A2H_INTERRUPT_MASK);
4409	if (priv->irq != -1) {
4410		free_irq(priv->pdev->irq, hw);
4411		priv->irq = -1;
4412	}
4413
4414	/* Stop finalize join worker */
4415	cancel_work_sync(&priv->finalize_join_worker);
4416	cancel_work_sync(&priv->watchdog_ba_handle);
4417	if (priv->beacon_skb != NULL)
4418		dev_kfree_skb(priv->beacon_skb);
4419
4420	/* Stop TX reclaim and RX tasklets.  */
4421	tasklet_disable(&priv->poll_tx_task);
4422	tasklet_disable(&priv->poll_rx_task);
4423
4424	/* Return all skbs to mac80211 */
4425	for (i = 0; i < mwl8k_tx_queues(priv); i++)
4426		mwl8k_txq_reclaim(hw, i, INT_MAX, 1);
4427}
4428
4429static int mwl8k_reload_firmware(struct ieee80211_hw *hw, char *fw_image);
4430
4431static int mwl8k_add_interface(struct ieee80211_hw *hw,
4432			       struct ieee80211_vif *vif)
4433{
4434	struct mwl8k_priv *priv = hw->priv;
4435	struct mwl8k_vif *mwl8k_vif;
4436	u32 macids_supported;
4437	int macid, rc;
4438	struct mwl8k_device_info *di;
4439
4440	/*
4441	 * Reject interface creation if sniffer mode is active, as
4442	 * STA operation is mutually exclusive with hardware sniffer
4443	 * mode.  (Sniffer mode is only used on STA firmware.)
4444	 */
4445	if (priv->sniffer_enabled) {
4446		wiphy_info(hw->wiphy,
4447			   "unable to create STA interface because sniffer mode is enabled\n");
4448		return -EINVAL;
4449	}
4450
4451	di = priv->device_info;
4452	switch (vif->type) {
4453	case NL80211_IFTYPE_AP:
4454		if (!priv->ap_fw && di->fw_image_ap) {
4455			/* we must load the ap fw to meet this request */
4456			if (!list_empty(&priv->vif_list))
4457				return -EBUSY;
4458			rc = mwl8k_reload_firmware(hw, di->fw_image_ap);
4459			if (rc)
4460				return rc;
4461		}
4462		macids_supported = priv->ap_macids_supported;
4463		break;
4464	case NL80211_IFTYPE_STATION:
4465		if (priv->ap_fw && di->fw_image_sta) {
4466			/* we must load the sta fw to meet this request */
4467			if (!list_empty(&priv->vif_list))
4468				return -EBUSY;
4469			rc = mwl8k_reload_firmware(hw, di->fw_image_sta);
4470			if (rc)
4471				return rc;
4472		}
4473		macids_supported = priv->sta_macids_supported;
4474		break;
4475	default:
4476		return -EINVAL;
4477	}
4478
4479	macid = ffs(macids_supported & ~priv->macids_used);
4480	if (!macid--)
4481		return -EBUSY;
4482
4483	/* Setup driver private area. */
4484	mwl8k_vif = MWL8K_VIF(vif);
4485	memset(mwl8k_vif, 0, sizeof(*mwl8k_vif));
4486	mwl8k_vif->vif = vif;
4487	mwl8k_vif->macid = macid;
4488	mwl8k_vif->seqno = 0;
4489	memcpy(mwl8k_vif->bssid, vif->addr, ETH_ALEN);
4490	mwl8k_vif->is_hw_crypto_enabled = false;
4491
4492	/* Set the mac address.  */
4493	mwl8k_cmd_set_mac_addr(hw, vif, vif->addr);
4494
4495	if (priv->ap_fw)
4496		mwl8k_cmd_set_new_stn_add_self(hw, vif);
4497
4498	priv->macids_used |= 1 << mwl8k_vif->macid;
4499	list_add_tail(&mwl8k_vif->list, &priv->vif_list);
4500
4501	return 0;
4502}
4503
4504static void mwl8k_remove_interface(struct ieee80211_hw *hw,
4505				   struct ieee80211_vif *vif)
4506{
4507	struct mwl8k_priv *priv = hw->priv;
4508	struct mwl8k_vif *mwl8k_vif = MWL8K_VIF(vif);
4509
4510	if (priv->ap_fw)
4511		mwl8k_cmd_set_new_stn_del(hw, vif, vif->addr);
4512
4513	mwl8k_cmd_set_mac_addr(hw, vif, "\x00\x00\x00\x00\x00\x00");
4514
4515	priv->macids_used &= ~(1 << mwl8k_vif->macid);
4516	list_del(&mwl8k_vif->list);
4517}
4518
4519static int mwl8k_config(struct ieee80211_hw *hw, u32 changed)
4520{
4521	struct ieee80211_conf *conf = &hw->conf;
4522	struct mwl8k_priv *priv = hw->priv;
4523	int rc;
4524
4525	if (conf->flags & IEEE80211_CONF_IDLE) {
4526		mwl8k_cmd_radio_disable(hw);
4527		return 0;
4528	}
4529
4530	rc = mwl8k_fw_lock(hw);
4531	if (rc)
4532		return rc;
4533
4534	rc = mwl8k_cmd_radio_enable(hw);
4535	if (rc)
4536		goto out;
4537
4538	rc = mwl8k_cmd_set_rf_channel(hw, conf);
4539	if (rc)
4540		goto out;
4541
4542	if (conf->power_level > 18)
4543		conf->power_level = 18;
4544
4545	if (priv->ap_fw) {
4546
4547		if (conf->flags & IEEE80211_CONF_CHANGE_POWER) {
4548			rc = mwl8k_cmd_tx_power(hw, conf, conf->power_level);
4549			if (rc)
4550				goto out;
4551		}
4552
4553		rc = mwl8k_cmd_rf_antenna(hw, MWL8K_RF_ANTENNA_RX, 0x3);
4554		if (rc)
4555			wiphy_warn(hw->wiphy, "failed to set # of RX antennas");
4556		rc = mwl8k_cmd_rf_antenna(hw, MWL8K_RF_ANTENNA_TX, 0x7);
4557		if (rc)
4558			wiphy_warn(hw->wiphy, "failed to set # of TX antennas");
4559
4560	} else {
4561		rc = mwl8k_cmd_rf_tx_power(hw, conf->power_level);
4562		if (rc)
4563			goto out;
4564		rc = mwl8k_cmd_mimo_config(hw, 0x7, 0x7);
4565	}
4566
4567out:
4568	mwl8k_fw_unlock(hw);
4569
4570	return rc;
4571}
4572
4573static void
4574mwl8k_bss_info_changed_sta(struct ieee80211_hw *hw, struct ieee80211_vif *vif,
4575			   struct ieee80211_bss_conf *info, u32 changed)
4576{
4577	struct mwl8k_priv *priv = hw->priv;
4578	u32 ap_legacy_rates = 0;
4579	u8 ap_mcs_rates[16];
4580	int rc;
4581
4582	if (mwl8k_fw_lock(hw))
4583		return;
4584
4585	/*
4586	 * No need to capture a beacon if we're no longer associated.
4587	 */
4588	if ((changed & BSS_CHANGED_ASSOC) && !vif->bss_conf.assoc)
4589		priv->capture_beacon = false;
4590
4591	/*
4592	 * Get the AP's legacy and MCS rates.
4593	 */
4594	if (vif->bss_conf.assoc) {
4595		struct ieee80211_sta *ap;
4596
4597		rcu_read_lock();
4598
4599		ap = ieee80211_find_sta(vif, vif->bss_conf.bssid);
4600		if (ap == NULL) {
4601			rcu_read_unlock();
4602			goto out;
4603		}
4604
4605		if (hw->conf.channel->band == IEEE80211_BAND_2GHZ) {
4606			ap_legacy_rates = ap->supp_rates[IEEE80211_BAND_2GHZ];
4607		} else {
4608			ap_legacy_rates =
4609				ap->supp_rates[IEEE80211_BAND_5GHZ] << 5;
4610		}
4611		memcpy(ap_mcs_rates, ap->ht_cap.mcs.rx_mask, 16);
4612
4613		rcu_read_unlock();
4614	}
4615
4616	if ((changed & BSS_CHANGED_ASSOC) && vif->bss_conf.assoc) {
4617		rc = mwl8k_cmd_set_rate(hw, vif, ap_legacy_rates, ap_mcs_rates);
4618		if (rc)
4619			goto out;
4620
4621		rc = mwl8k_cmd_use_fixed_rate_sta(hw);
4622		if (rc)
4623			goto out;
4624	}
4625
4626	if (changed & BSS_CHANGED_ERP_PREAMBLE) {
4627		rc = mwl8k_set_radio_preamble(hw,
4628				vif->bss_conf.use_short_preamble);
4629		if (rc)
4630			goto out;
4631	}
4632
4633	if (changed & BSS_CHANGED_ERP_SLOT) {
4634		rc = mwl8k_cmd_set_slot(hw, vif->bss_conf.use_short_slot);
4635		if (rc)
4636			goto out;
4637	}
4638
4639	if (vif->bss_conf.assoc &&
4640	    (changed & (BSS_CHANGED_ASSOC | BSS_CHANGED_ERP_CTS_PROT |
4641			BSS_CHANGED_HT))) {
4642		rc = mwl8k_cmd_set_aid(hw, vif, ap_legacy_rates);
4643		if (rc)
4644			goto out;
4645	}
4646
4647	if (vif->bss_conf.assoc &&
4648	    (changed & (BSS_CHANGED_ASSOC | BSS_CHANGED_BEACON_INT))) {
4649		/*
4650		 * Finalize the join.  Tell rx handler to process
4651		 * next beacon from our BSSID.
4652		 */
4653		memcpy(priv->capture_bssid, vif->bss_conf.bssid, ETH_ALEN);
4654		priv->capture_beacon = true;
4655	}
4656
4657out:
4658	mwl8k_fw_unlock(hw);
4659}
4660
4661static void
4662mwl8k_bss_info_changed_ap(struct ieee80211_hw *hw, struct ieee80211_vif *vif,
4663			  struct ieee80211_bss_conf *info, u32 changed)
4664{
4665	int rc;
4666
4667	if (mwl8k_fw_lock(hw))
4668		return;
4669
4670	if (changed & BSS_CHANGED_ERP_PREAMBLE) {
4671		rc = mwl8k_set_radio_preamble(hw,
4672				vif->bss_conf.use_short_preamble);
4673		if (rc)
4674			goto out;
4675	}
4676
4677	if (changed & BSS_CHANGED_BASIC_RATES) {
4678		int idx;
4679		int rate;
4680
4681		/*
4682		 * Use lowest supported basic rate for multicasts
4683		 * and management frames (such as probe responses --
4684		 * beacons will always go out at 1 Mb/s).
4685		 */
4686		idx = ffs(vif->bss_conf.basic_rates);
4687		if (idx)
4688			idx--;
4689
4690		if (hw->conf.channel->band == IEEE80211_BAND_2GHZ)
4691			rate = mwl8k_rates_24[idx].hw_value;
4692		else
4693			rate = mwl8k_rates_50[idx].hw_value;
4694
4695		mwl8k_cmd_use_fixed_rate_ap(hw, rate, rate);
4696	}
4697
4698	if (changed & (BSS_CHANGED_BEACON_INT | BSS_CHANGED_BEACON)) {
4699		struct sk_buff *skb;
4700
4701		skb = ieee80211_beacon_get(hw, vif);
4702		if (skb != NULL) {
4703			mwl8k_cmd_set_beacon(hw, vif, skb->data, skb->len);
4704			kfree_skb(skb);
4705		}
4706	}
4707
4708	if (changed & BSS_CHANGED_BEACON_ENABLED)
4709		mwl8k_cmd_bss_start(hw, vif, info->enable_beacon);
4710
4711out:
4712	mwl8k_fw_unlock(hw);
4713}
4714
4715static void
4716mwl8k_bss_info_changed(struct ieee80211_hw *hw, struct ieee80211_vif *vif,
4717		       struct ieee80211_bss_conf *info, u32 changed)
4718{
4719	struct mwl8k_priv *priv = hw->priv;
4720
4721	if (!priv->ap_fw)
4722		mwl8k_bss_info_changed_sta(hw, vif, info, changed);
4723	else
4724		mwl8k_bss_info_changed_ap(hw, vif, info, changed);
4725}
4726
4727static u64 mwl8k_prepare_multicast(struct ieee80211_hw *hw,
4728				   struct netdev_hw_addr_list *mc_list)
4729{
4730	struct mwl8k_cmd_pkt *cmd;
4731
4732	/*
4733	 * Synthesize and return a command packet that programs the
4734	 * hardware multicast address filter.  At this point we don't
4735	 * know whether FIF_ALLMULTI is being requested, but if it is,
4736	 * we'll end up throwing this packet away and creating a new
4737	 * one in mwl8k_configure_filter().
4738	 */
4739	cmd = __mwl8k_cmd_mac_multicast_adr(hw, 0, mc_list);
4740
4741	return (unsigned long)cmd;
4742}
4743
4744static int
4745mwl8k_configure_filter_sniffer(struct ieee80211_hw *hw,
4746			       unsigned int changed_flags,
4747			       unsigned int *total_flags)
4748{
4749	struct mwl8k_priv *priv = hw->priv;
4750
4751	/*
4752	 * Hardware sniffer mode is mutually exclusive with STA
4753	 * operation, so refuse to enable sniffer mode if a STA
4754	 * interface is active.
4755	 */
4756	if (!list_empty(&priv->vif_list)) {
4757		if (net_ratelimit())
4758			wiphy_info(hw->wiphy,
4759				   "not enabling sniffer mode because STA interface is active\n");
4760		return 0;
4761	}
4762
4763	if (!priv->sniffer_enabled) {
4764		if (mwl8k_cmd_enable_sniffer(hw, 1))
4765			return 0;
4766		priv->sniffer_enabled = true;
4767	}
4768
4769	*total_flags &=	FIF_PROMISC_IN_BSS | FIF_ALLMULTI |
4770			FIF_BCN_PRBRESP_PROMISC | FIF_CONTROL |
4771			FIF_OTHER_BSS;
4772
4773	return 1;
4774}
4775
4776static struct mwl8k_vif *mwl8k_first_vif(struct mwl8k_priv *priv)
4777{
4778	if (!list_empty(&priv->vif_list))
4779		return list_entry(priv->vif_list.next, struct mwl8k_vif, list);
4780
4781	return NULL;
4782}
4783
4784static void mwl8k_configure_filter(struct ieee80211_hw *hw,
4785				   unsigned int changed_flags,
4786				   unsigned int *total_flags,
4787				   u64 multicast)
4788{
4789	struct mwl8k_priv *priv = hw->priv;
4790	struct mwl8k_cmd_pkt *cmd = (void *)(unsigned long)multicast;
4791
4792	/*
4793	 * AP firmware doesn't allow fine-grained control over
4794	 * the receive filter.
4795	 */
4796	if (priv->ap_fw) {
4797		*total_flags &= FIF_ALLMULTI | FIF_BCN_PRBRESP_PROMISC;
4798		kfree(cmd);
4799		return;
4800	}
4801
4802	/*
4803	 * Enable hardware sniffer mode if FIF_CONTROL or
4804	 * FIF_OTHER_BSS is requested.
4805	 */
4806	if (*total_flags & (FIF_CONTROL | FIF_OTHER_BSS) &&
4807	    mwl8k_configure_filter_sniffer(hw, changed_flags, total_flags)) {
4808		kfree(cmd);
4809		return;
4810	}
4811
4812	/* Clear unsupported feature flags */
4813	*total_flags &= FIF_ALLMULTI | FIF_BCN_PRBRESP_PROMISC;
4814
4815	if (mwl8k_fw_lock(hw)) {
4816		kfree(cmd);
4817		return;
4818	}
4819
4820	if (priv->sniffer_enabled) {
4821		mwl8k_cmd_enable_sniffer(hw, 0);
4822		priv->sniffer_enabled = false;
4823	}
4824
4825	if (changed_flags & FIF_BCN_PRBRESP_PROMISC) {
4826		if (*total_flags & FIF_BCN_PRBRESP_PROMISC) {
4827			/*
4828			 * Disable the BSS filter.
4829			 */
4830			mwl8k_cmd_set_pre_scan(hw);
4831		} else {
4832			struct mwl8k_vif *mwl8k_vif;
4833			const u8 *bssid;
4834
4835			/*
4836			 * Enable the BSS filter.
4837			 *
4838			 * If there is an active STA interface, use that
4839			 * interface's BSSID, otherwise use a dummy one
4840			 * (where the OUI part needs to be nonzero for
4841			 * the BSSID to be accepted by POST_SCAN).
4842			 */
4843			mwl8k_vif = mwl8k_first_vif(priv);
4844			if (mwl8k_vif != NULL)
4845				bssid = mwl8k_vif->vif->bss_conf.bssid;
4846			else
4847				bssid = "\x01\x00\x00\x00\x00\x00";
4848
4849			mwl8k_cmd_set_post_scan(hw, bssid);
4850		}
4851	}
4852
4853	/*
4854	 * If FIF_ALLMULTI is being requested, throw away the command
4855	 * packet that ->prepare_multicast() built and replace it with
4856	 * a command packet that enables reception of all multicast
4857	 * packets.
4858	 */
4859	if (*total_flags & FIF_ALLMULTI) {
4860		kfree(cmd);
4861		cmd = __mwl8k_cmd_mac_multicast_adr(hw, 1, NULL);
4862	}
4863
4864	if (cmd != NULL) {
4865		mwl8k_post_cmd(hw, cmd);
4866		kfree(cmd);
4867	}
4868
4869	mwl8k_fw_unlock(hw);
4870}
4871
4872static int mwl8k_set_rts_threshold(struct ieee80211_hw *hw, u32 value)
4873{
4874	return mwl8k_cmd_set_rts_threshold(hw, value);
4875}
4876
4877static int mwl8k_sta_remove(struct ieee80211_hw *hw,
4878			    struct ieee80211_vif *vif,
4879			    struct ieee80211_sta *sta)
4880{
4881	struct mwl8k_priv *priv = hw->priv;
4882
4883	if (priv->ap_fw)
4884		return mwl8k_cmd_set_new_stn_del(hw, vif, sta->addr);
4885	else
4886		return mwl8k_cmd_update_stadb_del(hw, vif, sta->addr);
4887}
4888
4889static int mwl8k_sta_add(struct ieee80211_hw *hw,
4890			 struct ieee80211_vif *vif,
4891			 struct ieee80211_sta *sta)
4892{
4893	struct mwl8k_priv *priv = hw->priv;
4894	int ret;
4895	int i;
4896	struct mwl8k_vif *mwl8k_vif = MWL8K_VIF(vif);
4897	struct ieee80211_key_conf *key;
4898
4899	if (!priv->ap_fw) {
4900		ret = mwl8k_cmd_update_stadb_add(hw, vif, sta);
4901		if (ret >= 0) {
4902			MWL8K_STA(sta)->peer_id = ret;
4903			if (sta->ht_cap.ht_supported)
4904				MWL8K_STA(sta)->is_ampdu_allowed = true;
4905			ret = 0;
4906		}
4907
4908	} else {
4909		ret = mwl8k_cmd_set_new_stn_add(hw, vif, sta);
4910	}
4911
4912	for (i = 0; i < NUM_WEP_KEYS; i++) {
4913		key = IEEE80211_KEY_CONF(mwl8k_vif->wep_key_conf[i].key);
4914		if (mwl8k_vif->wep_key_conf[i].enabled)
4915			mwl8k_set_key(hw, SET_KEY, vif, sta, key);
4916	}
4917	return ret;
4918}
4919
4920static int mwl8k_conf_tx(struct ieee80211_hw *hw, u16 queue,
4921			 const struct ieee80211_tx_queue_params *params)
4922{
4923	struct mwl8k_priv *priv = hw->priv;
4924	int rc;
4925
4926	rc = mwl8k_fw_lock(hw);
4927	if (!rc) {
4928		BUG_ON(queue > MWL8K_TX_WMM_QUEUES - 1);
4929		memcpy(&priv->wmm_params[queue], params, sizeof(*params));
4930
4931		if (!priv->wmm_enabled)
4932			rc = mwl8k_cmd_set_wmm_mode(hw, 1);
4933
4934		if (!rc) {
4935			int q = MWL8K_TX_WMM_QUEUES - 1 - queue;
4936			rc = mwl8k_cmd_set_edca_params(hw, q,
4937						       params->cw_min,
4938						       params->cw_max,
4939						       params->aifs,
4940						       params->txop);
4941		}
4942
4943		mwl8k_fw_unlock(hw);
4944	}
4945
4946	return rc;
4947}
4948
4949static int mwl8k_get_stats(struct ieee80211_hw *hw,
4950			   struct ieee80211_low_level_stats *stats)
4951{
4952	return mwl8k_cmd_get_stat(hw, stats);
4953}
4954
4955static int mwl8k_get_survey(struct ieee80211_hw *hw, int idx,
4956				struct survey_info *survey)
4957{
4958	struct mwl8k_priv *priv = hw->priv;
4959	struct ieee80211_conf *conf = &hw->conf;
4960
4961	if (idx != 0)
4962		return -ENOENT;
4963
4964	survey->channel = conf->channel;
4965	survey->filled = SURVEY_INFO_NOISE_DBM;
4966	survey->noise = priv->noise;
4967
4968	return 0;
4969}
4970
4971#define MAX_AMPDU_ATTEMPTS 5
4972
4973static int
4974mwl8k_ampdu_action(struct ieee80211_hw *hw, struct ieee80211_vif *vif,
4975		   enum ieee80211_ampdu_mlme_action action,
4976		   struct ieee80211_sta *sta, u16 tid, u16 *ssn,
4977		   u8 buf_size)
4978{
4979
4980	int i, rc = 0;
4981	struct mwl8k_priv *priv = hw->priv;
4982	struct mwl8k_ampdu_stream *stream;
4983	u8 *addr = sta->addr;
4984
4985	if (!(hw->flags & IEEE80211_HW_AMPDU_AGGREGATION))
4986		return -ENOTSUPP;
4987
4988	spin_lock(&priv->stream_lock);
4989	stream = mwl8k_lookup_stream(hw, addr, tid);
4990
4991	switch (action) {
4992	case IEEE80211_AMPDU_RX_START:
4993	case IEEE80211_AMPDU_RX_STOP:
4994		break;
4995	case IEEE80211_AMPDU_TX_START:
4996		/* By the time we get here the hw queues may contain outgoing
4997		 * packets for this RA/TID that are not part of this BA
4998		 * session.  The hw will assign sequence numbers to these
4999		 * packets as they go out.  So if we query the hw for its next
5000		 * sequence number and use that for the SSN here, it may end up
5001		 * being wrong, which will lead to sequence number mismatch at
5002		 * the recipient.  To avoid this, we reset the sequence number
5003		 * to O for the first MPDU in this BA stream.
5004		 */
5005		*ssn = 0;
5006		if (stream == NULL) {
5007			/* This means that somebody outside this driver called
5008			 * ieee80211_start_tx_ba_session.  This is unexpected
5009			 * because we do our own rate control.  Just warn and
5010			 * move on.
5011			 */
5012			wiphy_warn(hw->wiphy, "Unexpected call to %s.  "
5013				   "Proceeding anyway.\n", __func__);
5014			stream = mwl8k_add_stream(hw, sta, tid);
5015		}
5016		if (stream == NULL) {
5017			wiphy_debug(hw->wiphy, "no free AMPDU streams\n");
5018			rc = -EBUSY;
5019			break;
5020		}
5021		stream->state = AMPDU_STREAM_IN_PROGRESS;
5022
5023		/* Release the lock before we do the time consuming stuff */
5024		spin_unlock(&priv->stream_lock);
5025		for (i = 0; i < MAX_AMPDU_ATTEMPTS; i++) {
5026			rc = mwl8k_check_ba(hw, stream);
5027
5028			if (!rc)
5029				break;
5030			/*
5031			 * HW queues take time to be flushed, give them
5032			 * sufficient time
5033			 */
5034
5035			msleep(1000);
5036		}
5037		spin_lock(&priv->stream_lock);
5038		if (rc) {
5039			wiphy_err(hw->wiphy, "Stream for tid %d busy after %d"
5040				" attempts\n", tid, MAX_AMPDU_ATTEMPTS);
5041			mwl8k_remove_stream(hw, stream);
5042			rc = -EBUSY;
5043			break;
5044		}
5045		ieee80211_start_tx_ba_cb_irqsafe(vif, addr, tid);
5046		break;
5047	case IEEE80211_AMPDU_TX_STOP:
5048		if (stream == NULL)
5049			break;
5050		if (stream->state == AMPDU_STREAM_ACTIVE) {
5051			spin_unlock(&priv->stream_lock);
5052			mwl8k_destroy_ba(hw, stream);
5053			spin_lock(&priv->stream_lock);
5054		}
5055		mwl8k_remove_stream(hw, stream);
5056		ieee80211_stop_tx_ba_cb_irqsafe(vif, addr, tid);
5057		break;
5058	case IEEE80211_AMPDU_TX_OPERATIONAL:
5059		BUG_ON(stream == NULL);
5060		BUG_ON(stream->state != AMPDU_STREAM_IN_PROGRESS);
5061		spin_unlock(&priv->stream_lock);
5062		rc = mwl8k_create_ba(hw, stream, buf_size);
5063		spin_lock(&priv->stream_lock);
5064		if (!rc)
5065			stream->state = AMPDU_STREAM_ACTIVE;
5066		else {
5067			spin_unlock(&priv->stream_lock);
5068			mwl8k_destroy_ba(hw, stream);
5069			spin_lock(&priv->stream_lock);
5070			wiphy_debug(hw->wiphy,
5071				"Failed adding stream for sta %pM tid %d\n",
5072				addr, tid);
5073			mwl8k_remove_stream(hw, stream);
5074		}
5075		break;
5076
5077	default:
5078		rc = -ENOTSUPP;
5079	}
5080
5081	spin_unlock(&priv->stream_lock);
5082	return rc;
5083}
5084
5085static const struct ieee80211_ops mwl8k_ops = {
5086	.tx			= mwl8k_tx,
5087	.start			= mwl8k_start,
5088	.stop			= mwl8k_stop,
5089	.add_interface		= mwl8k_add_interface,
5090	.remove_interface	= mwl8k_remove_interface,
5091	.config			= mwl8k_config,
5092	.bss_info_changed	= mwl8k_bss_info_changed,
5093	.prepare_multicast	= mwl8k_prepare_multicast,
5094	.configure_filter	= mwl8k_configure_filter,
5095	.set_key                = mwl8k_set_key,
5096	.set_rts_threshold	= mwl8k_set_rts_threshold,
5097	.sta_add		= mwl8k_sta_add,
5098	.sta_remove		= mwl8k_sta_remove,
5099	.conf_tx		= mwl8k_conf_tx,
5100	.get_stats		= mwl8k_get_stats,
5101	.get_survey		= mwl8k_get_survey,
5102	.ampdu_action		= mwl8k_ampdu_action,
5103};
5104
5105static void mwl8k_finalize_join_worker(struct work_struct *work)
5106{
5107	struct mwl8k_priv *priv =
5108		container_of(work, struct mwl8k_priv, finalize_join_worker);
5109	struct sk_buff *skb = priv->beacon_skb;
5110	struct ieee80211_mgmt *mgmt = (void *)skb->data;
5111	int len = skb->len - offsetof(struct ieee80211_mgmt, u.beacon.variable);
5112	const u8 *tim = cfg80211_find_ie(WLAN_EID_TIM,
5113					 mgmt->u.beacon.variable, len);
5114	int dtim_period = 1;
5115
5116	if (tim && tim[1] >= 2)
5117		dtim_period = tim[3];
5118
5119	mwl8k_cmd_finalize_join(priv->hw, skb->data, skb->len, dtim_period);
5120
5121	dev_kfree_skb(skb);
5122	priv->beacon_skb = NULL;
5123}
5124
5125enum {
5126	MWL8363 = 0,
5127	MWL8687,
5128	MWL8366,
5129};
5130
5131#define MWL8K_8366_AP_FW_API 2
5132#define _MWL8K_8366_AP_FW(api) "mwl8k/fmimage_8366_ap-" #api ".fw"
5133#define MWL8K_8366_AP_FW(api) _MWL8K_8366_AP_FW(api)
5134
5135static struct mwl8k_device_info mwl8k_info_tbl[] __devinitdata = {
5136	[MWL8363] = {
5137		.part_name	= "88w8363",
5138		.helper_image	= "mwl8k/helper_8363.fw",
5139		.fw_image_sta	= "mwl8k/fmimage_8363.fw",
5140	},
5141	[MWL8687] = {
5142		.part_name	= "88w8687",
5143		.helper_image	= "mwl8k/helper_8687.fw",
5144		.fw_image_sta	= "mwl8k/fmimage_8687.fw",
5145	},
5146	[MWL8366] = {
5147		.part_name	= "88w8366",
5148		.helper_image	= "mwl8k/helper_8366.fw",
5149		.fw_image_sta	= "mwl8k/fmimage_8366.fw",
5150		.fw_image_ap	= MWL8K_8366_AP_FW(MWL8K_8366_AP_FW_API),
5151		.fw_api_ap	= MWL8K_8366_AP_FW_API,
5152		.ap_rxd_ops	= &rxd_8366_ap_ops,
5153	},
5154};
5155
5156MODULE_FIRMWARE("mwl8k/helper_8363.fw");
5157MODULE_FIRMWARE("mwl8k/fmimage_8363.fw");
5158MODULE_FIRMWARE("mwl8k/helper_8687.fw");
5159MODULE_FIRMWARE("mwl8k/fmimage_8687.fw");
5160MODULE_FIRMWARE("mwl8k/helper_8366.fw");
5161MODULE_FIRMWARE("mwl8k/fmimage_8366.fw");
5162MODULE_FIRMWARE(MWL8K_8366_AP_FW(MWL8K_8366_AP_FW_API));
5163
5164static DEFINE_PCI_DEVICE_TABLE(mwl8k_pci_id_table) = {
5165	{ PCI_VDEVICE(MARVELL, 0x2a0a), .driver_data = MWL8363, },
5166	{ PCI_VDEVICE(MARVELL, 0x2a0c), .driver_data = MWL8363, },
5167	{ PCI_VDEVICE(MARVELL, 0x2a24), .driver_data = MWL8363, },
5168	{ PCI_VDEVICE(MARVELL, 0x2a2b), .driver_data = MWL8687, },
5169	{ PCI_VDEVICE(MARVELL, 0x2a30), .driver_data = MWL8687, },
5170	{ PCI_VDEVICE(MARVELL, 0x2a40), .driver_data = MWL8366, },
5171	{ PCI_VDEVICE(MARVELL, 0x2a43), .driver_data = MWL8366, },
5172	{ },
5173};
5174MODULE_DEVICE_TABLE(pci, mwl8k_pci_id_table);
5175
5176static int mwl8k_request_alt_fw(struct mwl8k_priv *priv)
5177{
5178	int rc;
5179	printk(KERN_ERR "%s: Error requesting preferred fw %s.\n"
5180	       "Trying alternative firmware %s\n", pci_name(priv->pdev),
5181	       priv->fw_pref, priv->fw_alt);
5182	rc = mwl8k_request_fw(priv, priv->fw_alt, &priv->fw_ucode, true);
5183	if (rc) {
5184		printk(KERN_ERR "%s: Error requesting alt fw %s\n",
5185		       pci_name(priv->pdev), priv->fw_alt);
5186		return rc;
5187	}
5188	return 0;
5189}
5190
5191static int mwl8k_firmware_load_success(struct mwl8k_priv *priv);
5192static void mwl8k_fw_state_machine(const struct firmware *fw, void *context)
5193{
5194	struct mwl8k_priv *priv = context;
5195	struct mwl8k_device_info *di = priv->device_info;
5196	int rc;
5197
5198	switch (priv->fw_state) {
5199	case FW_STATE_INIT:
5200		if (!fw) {
5201			printk(KERN_ERR "%s: Error requesting helper fw %s\n",
5202			       pci_name(priv->pdev), di->helper_image);
5203			goto fail;
5204		}
5205		priv->fw_helper = fw;
5206		rc = mwl8k_request_fw(priv, priv->fw_pref, &priv->fw_ucode,
5207				      true);
5208		if (rc && priv->fw_alt) {
5209			rc = mwl8k_request_alt_fw(priv);
5210			if (rc)
5211				goto fail;
5212			priv->fw_state = FW_STATE_LOADING_ALT;
5213		} else if (rc)
5214			goto fail;
5215		else
5216			priv->fw_state = FW_STATE_LOADING_PREF;
5217		break;
5218
5219	case FW_STATE_LOADING_PREF:
5220		if (!fw) {
5221			if (priv->fw_alt) {
5222				rc = mwl8k_request_alt_fw(priv);
5223				if (rc)
5224					goto fail;
5225				priv->fw_state = FW_STATE_LOADING_ALT;
5226			} else
5227				goto fail;
5228		} else {
5229			priv->fw_ucode = fw;
5230			rc = mwl8k_firmware_load_success(priv);
5231			if (rc)
5232				goto fail;
5233			else
5234				complete(&priv->firmware_loading_complete);
5235		}
5236		break;
5237
5238	case FW_STATE_LOADING_ALT:
5239		if (!fw) {
5240			printk(KERN_ERR "%s: Error requesting alt fw %s\n",
5241			       pci_name(priv->pdev), di->helper_image);
5242			goto fail;
5243		}
5244		priv->fw_ucode = fw;
5245		rc = mwl8k_firmware_load_success(priv);
5246		if (rc)
5247			goto fail;
5248		else
5249			complete(&priv->firmware_loading_complete);
5250		break;
5251
5252	default:
5253		printk(KERN_ERR "%s: Unexpected firmware loading state: %d\n",
5254		       MWL8K_NAME, priv->fw_state);
5255		BUG_ON(1);
5256	}
5257
5258	return;
5259
5260fail:
5261	priv->fw_state = FW_STATE_ERROR;
5262	complete(&priv->firmware_loading_complete);
5263	device_release_driver(&priv->pdev->dev);
5264	mwl8k_release_firmware(priv);
5265}
5266
5267static int mwl8k_init_firmware(struct ieee80211_hw *hw, char *fw_image,
5268			       bool nowait)
5269{
5270	struct mwl8k_priv *priv = hw->priv;
5271	int rc;
5272
5273	/* Reset firmware and hardware */
5274	mwl8k_hw_reset(priv);
5275
5276	/* Ask userland hotplug daemon for the device firmware */
5277	rc = mwl8k_request_firmware(priv, fw_image, nowait);
5278	if (rc) {
5279		wiphy_err(hw->wiphy, "Firmware files not found\n");
5280		return rc;
5281	}
5282
5283	if (nowait)
5284		return rc;
5285
5286	/* Load firmware into hardware */
5287	rc = mwl8k_load_firmware(hw);
5288	if (rc)
5289		wiphy_err(hw->wiphy, "Cannot start firmware\n");
5290
5291	/* Reclaim memory once firmware is successfully loaded */
5292	mwl8k_release_firmware(priv);
5293
5294	return rc;
5295}
5296
5297static int mwl8k_init_txqs(struct ieee80211_hw *hw)
5298{
5299	struct mwl8k_priv *priv = hw->priv;
5300	int rc = 0;
5301	int i;
5302
5303	for (i = 0; i < mwl8k_tx_queues(priv); i++) {
5304		rc = mwl8k_txq_init(hw, i);
5305		if (rc)
5306			break;
5307		if (priv->ap_fw)
5308			iowrite32(priv->txq[i].txd_dma,
5309				  priv->sram + priv->txq_offset[i]);
5310	}
5311	return rc;
5312}
5313
5314/* initialize hw after successfully loading a firmware image */
5315static int mwl8k_probe_hw(struct ieee80211_hw *hw)
5316{
5317	struct mwl8k_priv *priv = hw->priv;
5318	int rc = 0;
5319	int i;
5320
5321	if (priv->ap_fw) {
5322		priv->rxd_ops = priv->device_info->ap_rxd_ops;
5323		if (priv->rxd_ops == NULL) {
5324			wiphy_err(hw->wiphy,
5325				  "Driver does not have AP firmware image support for this hardware\n");
5326			goto err_stop_firmware;
5327		}
5328	} else {
5329		priv->rxd_ops = &rxd_sta_ops;
5330	}
5331
5332	priv->sniffer_enabled = false;
5333	priv->wmm_enabled = false;
5334	priv->pending_tx_pkts = 0;
5335
5336	rc = mwl8k_rxq_init(hw, 0);
5337	if (rc)
5338		goto err_stop_firmware;
5339	rxq_refill(hw, 0, INT_MAX);
5340
5341	/* For the sta firmware, we need to know the dma addresses of tx queues
5342	 * before sending MWL8K_CMD_GET_HW_SPEC.  So we must initialize them
5343	 * prior to issuing this command.  But for the AP case, we learn the
5344	 * total number of queues from the result CMD_GET_HW_SPEC, so for this
5345	 * case we must initialize the tx queues after.
5346	 */
5347	priv->num_ampdu_queues = 0;
5348	if (!priv->ap_fw) {
5349		rc = mwl8k_init_txqs(hw);
5350		if (rc)
5351			goto err_free_queues;
5352	}
5353
5354	iowrite32(0, priv->regs + MWL8K_HIU_A2H_INTERRUPT_STATUS);
5355	iowrite32(0, priv->regs + MWL8K_HIU_A2H_INTERRUPT_MASK);
5356	iowrite32(MWL8K_A2H_INT_TX_DONE|MWL8K_A2H_INT_RX_READY|
5357		  MWL8K_A2H_INT_BA_WATCHDOG,
5358		  priv->regs + MWL8K_HIU_A2H_INTERRUPT_CLEAR_SEL);
5359	iowrite32(MWL8K_A2H_INT_OPC_DONE,
5360		  priv->regs + MWL8K_HIU_A2H_INTERRUPT_STATUS_MASK);
5361
5362	rc = request_irq(priv->pdev->irq, mwl8k_interrupt,
5363			 IRQF_SHARED, MWL8K_NAME, hw);
5364	if (rc) {
5365		wiphy_err(hw->wiphy, "failed to register IRQ handler\n");
5366		goto err_free_queues;
5367	}
5368
5369	memset(priv->ampdu, 0, sizeof(priv->ampdu));
5370
5371	/*
5372	 * Temporarily enable interrupts.  Initial firmware host
5373	 * commands use interrupts and avoid polling.  Disable
5374	 * interrupts when done.
5375	 */
5376	iowrite32(MWL8K_A2H_EVENTS, priv->regs + MWL8K_HIU_A2H_INTERRUPT_MASK);
5377
5378	/* Get config data, mac addrs etc */
5379	if (priv->ap_fw) {
5380		rc = mwl8k_cmd_get_hw_spec_ap(hw);
5381		if (!rc)
5382			rc = mwl8k_init_txqs(hw);
5383		if (!rc)
5384			rc = mwl8k_cmd_set_hw_spec(hw);
5385	} else {
5386		rc = mwl8k_cmd_get_hw_spec_sta(hw);
5387	}
5388	if (rc) {
5389		wiphy_err(hw->wiphy, "Cannot initialise firmware\n");
5390		goto err_free_irq;
5391	}
5392
5393	/* Turn radio off */
5394	rc = mwl8k_cmd_radio_disable(hw);
5395	if (rc) {
5396		wiphy_err(hw->wiphy, "Cannot disable\n");
5397		goto err_free_irq;
5398	}
5399
5400	/* Clear MAC address */
5401	rc = mwl8k_cmd_set_mac_addr(hw, NULL, "\x00\x00\x00\x00\x00\x00");
5402	if (rc) {
5403		wiphy_err(hw->wiphy, "Cannot clear MAC address\n");
5404		goto err_free_irq;
5405	}
5406
5407	/* Disable interrupts */
5408	iowrite32(0, priv->regs + MWL8K_HIU_A2H_INTERRUPT_MASK);
5409	free_irq(priv->pdev->irq, hw);
5410
5411	wiphy_info(hw->wiphy, "%s v%d, %pm, %s firmware %u.%u.%u.%u\n",
5412		   priv->device_info->part_name,
5413		   priv->hw_rev, hw->wiphy->perm_addr,
5414		   priv->ap_fw ? "AP" : "STA",
5415		   (priv->fw_rev >> 24) & 0xff, (priv->fw_rev >> 16) & 0xff,
5416		   (priv->fw_rev >> 8) & 0xff, priv->fw_rev & 0xff);
5417
5418	return 0;
5419
5420err_free_irq:
5421	iowrite32(0, priv->regs + MWL8K_HIU_A2H_INTERRUPT_MASK);
5422	free_irq(priv->pdev->irq, hw);
5423
5424err_free_queues:
5425	for (i = 0; i < mwl8k_tx_queues(priv); i++)
5426		mwl8k_txq_deinit(hw, i);
5427	mwl8k_rxq_deinit(hw, 0);
5428
5429err_stop_firmware:
5430	mwl8k_hw_reset(priv);
5431
5432	return rc;
5433}
5434
5435/*
5436 * invoke mwl8k_reload_firmware to change the firmware image after the device
5437 * has already been registered
5438 */
5439static int mwl8k_reload_firmware(struct ieee80211_hw *hw, char *fw_image)
5440{
5441	int i, rc = 0;
5442	struct mwl8k_priv *priv = hw->priv;
5443
5444	mwl8k_stop(hw);
5445	mwl8k_rxq_deinit(hw, 0);
5446
5447	for (i = 0; i < mwl8k_tx_queues(priv); i++)
5448		mwl8k_txq_deinit(hw, i);
5449
5450	rc = mwl8k_init_firmware(hw, fw_image, false);
5451	if (rc)
5452		goto fail;
5453
5454	rc = mwl8k_probe_hw(hw);
5455	if (rc)
5456		goto fail;
5457
5458	rc = mwl8k_start(hw);
5459	if (rc)
5460		goto fail;
5461
5462	rc = mwl8k_config(hw, ~0);
5463	if (rc)
5464		goto fail;
5465
5466	for (i = 0; i < MWL8K_TX_WMM_QUEUES; i++) {
5467		rc = mwl8k_conf_tx(hw, i, &priv->wmm_params[i]);
5468		if (rc)
5469			goto fail;
5470	}
5471
5472	return rc;
5473
5474fail:
5475	printk(KERN_WARNING "mwl8k: Failed to reload firmware image.\n");
5476	return rc;
5477}
5478
5479static int mwl8k_firmware_load_success(struct mwl8k_priv *priv)
5480{
5481	struct ieee80211_hw *hw = priv->hw;
5482	int i, rc;
5483
5484	rc = mwl8k_load_firmware(hw);
5485	mwl8k_release_firmware(priv);
5486	if (rc) {
5487		wiphy_err(hw->wiphy, "Cannot start firmware\n");
5488		return rc;
5489	}
5490
5491	/*
5492	 * Extra headroom is the size of the required DMA header
5493	 * minus the size of the smallest 802.11 frame (CTS frame).
5494	 */
5495	hw->extra_tx_headroom =
5496		sizeof(struct mwl8k_dma_data) - sizeof(struct ieee80211_cts);
5497
5498	hw->extra_tx_headroom -= priv->ap_fw ? REDUCED_TX_HEADROOM : 0;
5499
5500	hw->channel_change_time = 10;
5501
5502	hw->queues = MWL8K_TX_WMM_QUEUES;
5503
5504	/* Set rssi values to dBm */
5505	hw->flags |= IEEE80211_HW_SIGNAL_DBM | IEEE80211_HW_HAS_RATE_CONTROL;
5506	hw->vif_data_size = sizeof(struct mwl8k_vif);
5507	hw->sta_data_size = sizeof(struct mwl8k_sta);
5508
5509	priv->macids_used = 0;
5510	INIT_LIST_HEAD(&priv->vif_list);
5511
5512	/* Set default radio state and preamble */
5513	priv->radio_on = 0;
5514	priv->radio_short_preamble = 0;
5515
5516	/* Finalize join worker */
5517	INIT_WORK(&priv->finalize_join_worker, mwl8k_finalize_join_worker);
5518	/* Handle watchdog ba events */
5519	INIT_WORK(&priv->watchdog_ba_handle, mwl8k_watchdog_ba_events);
5520
5521	/* TX reclaim and RX tasklets.  */
5522	tasklet_init(&priv->poll_tx_task, mwl8k_tx_poll, (unsigned long)hw);
5523	tasklet_disable(&priv->poll_tx_task);
5524	tasklet_init(&priv->poll_rx_task, mwl8k_rx_poll, (unsigned long)hw);
5525	tasklet_disable(&priv->poll_rx_task);
5526
5527	/* Power management cookie */
5528	priv->cookie = pci_alloc_consistent(priv->pdev, 4, &priv->cookie_dma);
5529	if (priv->cookie == NULL)
5530		return -ENOMEM;
5531
5532	mutex_init(&priv->fw_mutex);
5533	priv->fw_mutex_owner = NULL;
5534	priv->fw_mutex_depth = 0;
5535	priv->hostcmd_wait = NULL;
5536
5537	spin_lock_init(&priv->tx_lock);
5538
5539	spin_lock_init(&priv->stream_lock);
5540
5541	priv->tx_wait = NULL;
5542
5543	rc = mwl8k_probe_hw(hw);
5544	if (rc)
5545		goto err_free_cookie;
5546
5547	hw->wiphy->interface_modes = 0;
5548	if (priv->ap_macids_supported || priv->device_info->fw_image_ap)
5549		hw->wiphy->interface_modes |= BIT(NL80211_IFTYPE_AP);
5550	if (priv->sta_macids_supported || priv->device_info->fw_image_sta)
5551		hw->wiphy->interface_modes |= BIT(NL80211_IFTYPE_STATION);
5552
5553	rc = ieee80211_register_hw(hw);
5554	if (rc) {
5555		wiphy_err(hw->wiphy, "Cannot register device\n");
5556		goto err_unprobe_hw;
5557	}
5558
5559	return 0;
5560
5561err_unprobe_hw:
5562	for (i = 0; i < mwl8k_tx_queues(priv); i++)
5563		mwl8k_txq_deinit(hw, i);
5564	mwl8k_rxq_deinit(hw, 0);
5565
5566err_free_cookie:
5567	if (priv->cookie != NULL)
5568		pci_free_consistent(priv->pdev, 4,
5569				priv->cookie, priv->cookie_dma);
5570
5571	return rc;
5572}
5573static int __devinit mwl8k_probe(struct pci_dev *pdev,
5574				 const struct pci_device_id *id)
5575{
5576	static int printed_version;
5577	struct ieee80211_hw *hw;
5578	struct mwl8k_priv *priv;
5579	struct mwl8k_device_info *di;
5580	int rc;
5581
5582	if (!printed_version) {
5583		printk(KERN_INFO "%s version %s\n", MWL8K_DESC, MWL8K_VERSION);
5584		printed_version = 1;
5585	}
5586
5587
5588	rc = pci_enable_device(pdev);
5589	if (rc) {
5590		printk(KERN_ERR "%s: Cannot enable new PCI device\n",
5591		       MWL8K_NAME);
5592		return rc;
5593	}
5594
5595	rc = pci_request_regions(pdev, MWL8K_NAME);
5596	if (rc) {
5597		printk(KERN_ERR "%s: Cannot obtain PCI resources\n",
5598		       MWL8K_NAME);
5599		goto err_disable_device;
5600	}
5601
5602	pci_set_master(pdev);
5603
5604
5605	hw = ieee80211_alloc_hw(sizeof(*priv), &mwl8k_ops);
5606	if (hw == NULL) {
5607		printk(KERN_ERR "%s: ieee80211 alloc failed\n", MWL8K_NAME);
5608		rc = -ENOMEM;
5609		goto err_free_reg;
5610	}
5611
5612	SET_IEEE80211_DEV(hw, &pdev->dev);
5613	pci_set_drvdata(pdev, hw);
5614
5615	priv = hw->priv;
5616	priv->hw = hw;
5617	priv->pdev = pdev;
5618	priv->device_info = &mwl8k_info_tbl[id->driver_data];
5619
5620
5621	priv->sram = pci_iomap(pdev, 0, 0x10000);
5622	if (priv->sram == NULL) {
5623		wiphy_err(hw->wiphy, "Cannot map device SRAM\n");
5624		goto err_iounmap;
5625	}
5626
5627	/*
5628	 * If BAR0 is a 32 bit BAR, the register BAR will be BAR1.
5629	 * If BAR0 is a 64 bit BAR, the register BAR will be BAR2.
5630	 */
5631	priv->regs = pci_iomap(pdev, 1, 0x10000);
5632	if (priv->regs == NULL) {
5633		priv->regs = pci_iomap(pdev, 2, 0x10000);
5634		if (priv->regs == NULL) {
5635			wiphy_err(hw->wiphy, "Cannot map device registers\n");
5636			goto err_iounmap;
5637		}
5638	}
5639
5640	/*
5641	 * Choose the initial fw image depending on user input.  If a second
5642	 * image is available, make it the alternative image that will be
5643	 * loaded if the first one fails.
5644	 */
5645	init_completion(&priv->firmware_loading_complete);
5646	di = priv->device_info;
5647	if (ap_mode_default && di->fw_image_ap) {
5648		priv->fw_pref = di->fw_image_ap;
5649		priv->fw_alt = di->fw_image_sta;
5650	} else if (!ap_mode_default && di->fw_image_sta) {
5651		priv->fw_pref = di->fw_image_sta;
5652		priv->fw_alt = di->fw_image_ap;
5653	} else if (ap_mode_default && !di->fw_image_ap && di->fw_image_sta) {
5654		printk(KERN_WARNING "AP fw is unavailable.  Using STA fw.");
5655		priv->fw_pref = di->fw_image_sta;
5656	} else if (!ap_mode_default && !di->fw_image_sta && di->fw_image_ap) {
5657		printk(KERN_WARNING "STA fw is unavailable.  Using AP fw.");
5658		priv->fw_pref = di->fw_image_ap;
5659	}
5660	rc = mwl8k_init_firmware(hw, priv->fw_pref, true);
5661	if (rc)
5662		goto err_stop_firmware;
5663	return rc;
5664
5665err_stop_firmware:
5666	mwl8k_hw_reset(priv);
5667
5668err_iounmap:
5669	if (priv->regs != NULL)
5670		pci_iounmap(pdev, priv->regs);
5671
5672	if (priv->sram != NULL)
5673		pci_iounmap(pdev, priv->sram);
5674
5675	pci_set_drvdata(pdev, NULL);
5676	ieee80211_free_hw(hw);
5677
5678err_free_reg:
5679	pci_release_regions(pdev);
5680
5681err_disable_device:
5682	pci_disable_device(pdev);
5683
5684	return rc;
5685}
5686
5687static void __devexit mwl8k_shutdown(struct pci_dev *pdev)
5688{
5689	printk(KERN_ERR "===>%s(%u)\n", __func__, __LINE__);
5690}
5691
5692static void __devexit mwl8k_remove(struct pci_dev *pdev)
5693{
5694	struct ieee80211_hw *hw = pci_get_drvdata(pdev);
5695	struct mwl8k_priv *priv;
5696	int i;
5697
5698	if (hw == NULL)
5699		return;
5700	priv = hw->priv;
5701
5702	wait_for_completion(&priv->firmware_loading_complete);
5703
5704	if (priv->fw_state == FW_STATE_ERROR) {
5705		mwl8k_hw_reset(priv);
5706		goto unmap;
5707	}
5708
5709	ieee80211_stop_queues(hw);
5710
5711	ieee80211_unregister_hw(hw);
5712
5713	/* Remove TX reclaim and RX tasklets.  */
5714	tasklet_kill(&priv->poll_tx_task);
5715	tasklet_kill(&priv->poll_rx_task);
5716
5717	/* Stop hardware */
5718	mwl8k_hw_reset(priv);
5719
5720	/* Return all skbs to mac80211 */
5721	for (i = 0; i < mwl8k_tx_queues(priv); i++)
5722		mwl8k_txq_reclaim(hw, i, INT_MAX, 1);
5723
5724	for (i = 0; i < mwl8k_tx_queues(priv); i++)
5725		mwl8k_txq_deinit(hw, i);
5726
5727	mwl8k_rxq_deinit(hw, 0);
5728
5729	pci_free_consistent(priv->pdev, 4, priv->cookie, priv->cookie_dma);
5730
5731unmap:
5732	pci_iounmap(pdev, priv->regs);
5733	pci_iounmap(pdev, priv->sram);
5734	pci_set_drvdata(pdev, NULL);
5735	ieee80211_free_hw(hw);
5736	pci_release_regions(pdev);
5737	pci_disable_device(pdev);
5738}
5739
5740static struct pci_driver mwl8k_driver = {
5741	.name		= MWL8K_NAME,
5742	.id_table	= mwl8k_pci_id_table,
5743	.probe		= mwl8k_probe,
5744	.remove		= __devexit_p(mwl8k_remove),
5745	.shutdown	= __devexit_p(mwl8k_shutdown),
5746};
5747
5748static int __init mwl8k_init(void)
5749{
5750	return pci_register_driver(&mwl8k_driver);
5751}
5752
5753static void __exit mwl8k_exit(void)
5754{
5755	pci_unregister_driver(&mwl8k_driver);
5756}
5757
5758module_init(mwl8k_init);
5759module_exit(mwl8k_exit);
5760
5761MODULE_DESCRIPTION(MWL8K_DESC);
5762MODULE_VERSION(MWL8K_VERSION);
5763MODULE_AUTHOR("Lennert Buytenhek <buytenh@marvell.com>");
5764MODULE_LICENSE("GPL");
Configure Feed

Configure Feed
