drivers/net/wireless/mwl8k.c at v3.13-rc2

tjh.dev / kernel
fork
Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel os linux
fork
kernel / drivers / net / wireless / mwl8k.c
at v3.13-rc2 6166 lines 152 kB view raw
wrap content
   1/*
   2 * drivers/net/wireless/mwl8k.c
   3 * Driver for Marvell TOPDOG 802.11 Wireless cards
   4 *
   5 * Copyright (C) 2008, 2009, 2010 Marvell Semiconductor Inc.
   6 *
   7 * This file is licensed under the terms of the GNU General Public
   8 * License version 2.  This program is licensed "as is" without any
   9 * warranty of any kind, whether express or implied.
  10 */
  11
  12#include <linux/init.h>
  13#include <linux/interrupt.h>
  14#include <linux/module.h>
  15#include <linux/kernel.h>
  16#include <linux/sched.h>
  17#include <linux/spinlock.h>
  18#include <linux/list.h>
  19#include <linux/pci.h>
  20#include <linux/delay.h>
  21#include <linux/completion.h>
  22#include <linux/etherdevice.h>
  23#include <linux/slab.h>
  24#include <net/mac80211.h>
  25#include <linux/moduleparam.h>
  26#include <linux/firmware.h>
  27#include <linux/workqueue.h>
  28
  29#define MWL8K_DESC	"Marvell TOPDOG(R) 802.11 Wireless Network Driver"
  30#define MWL8K_NAME	KBUILD_MODNAME
  31#define MWL8K_VERSION	"0.13"
  32
  33/* Module parameters */
  34static bool ap_mode_default;
  35module_param(ap_mode_default, bool, 0);
  36MODULE_PARM_DESC(ap_mode_default,
  37		 "Set to 1 to make ap mode the default instead of sta mode");
  38
  39/* Register definitions */
  40#define MWL8K_HIU_GEN_PTR			0x00000c10
  41#define  MWL8K_MODE_STA				 0x0000005a
  42#define  MWL8K_MODE_AP				 0x000000a5
  43#define MWL8K_HIU_INT_CODE			0x00000c14
  44#define  MWL8K_FWSTA_READY			 0xf0f1f2f4
  45#define  MWL8K_FWAP_READY			 0xf1f2f4a5
  46#define  MWL8K_INT_CODE_CMD_FINISHED		 0x00000005
  47#define MWL8K_HIU_SCRATCH			0x00000c40
  48
  49/* Host->device communications */
  50#define MWL8K_HIU_H2A_INTERRUPT_EVENTS		0x00000c18
  51#define MWL8K_HIU_H2A_INTERRUPT_STATUS		0x00000c1c
  52#define MWL8K_HIU_H2A_INTERRUPT_MASK		0x00000c20
  53#define MWL8K_HIU_H2A_INTERRUPT_CLEAR_SEL	0x00000c24
  54#define MWL8K_HIU_H2A_INTERRUPT_STATUS_MASK	0x00000c28
  55#define  MWL8K_H2A_INT_DUMMY			 (1 << 20)
  56#define  MWL8K_H2A_INT_RESET			 (1 << 15)
  57#define  MWL8K_H2A_INT_DOORBELL			 (1 << 1)
  58#define  MWL8K_H2A_INT_PPA_READY		 (1 << 0)
  59
  60/* Device->host communications */
  61#define MWL8K_HIU_A2H_INTERRUPT_EVENTS		0x00000c2c
  62#define MWL8K_HIU_A2H_INTERRUPT_STATUS		0x00000c30
  63#define MWL8K_HIU_A2H_INTERRUPT_MASK		0x00000c34
  64#define MWL8K_HIU_A2H_INTERRUPT_CLEAR_SEL	0x00000c38
  65#define MWL8K_HIU_A2H_INTERRUPT_STATUS_MASK	0x00000c3c
  66#define  MWL8K_A2H_INT_DUMMY			 (1 << 20)
  67#define  MWL8K_A2H_INT_BA_WATCHDOG		 (1 << 14)
  68#define  MWL8K_A2H_INT_CHNL_SWITCHED		 (1 << 11)
  69#define  MWL8K_A2H_INT_QUEUE_EMPTY		 (1 << 10)
  70#define  MWL8K_A2H_INT_RADAR_DETECT		 (1 << 7)
  71#define  MWL8K_A2H_INT_RADIO_ON			 (1 << 6)
  72#define  MWL8K_A2H_INT_RADIO_OFF		 (1 << 5)
  73#define  MWL8K_A2H_INT_MAC_EVENT		 (1 << 3)
  74#define  MWL8K_A2H_INT_OPC_DONE			 (1 << 2)
  75#define  MWL8K_A2H_INT_RX_READY			 (1 << 1)
  76#define  MWL8K_A2H_INT_TX_DONE			 (1 << 0)
  77
  78/* HW micro second timer register
  79 * located at offset 0xA600. This
  80 * will be used to timestamp tx
  81 * packets.
  82 */
  83
  84#define	MWL8K_HW_TIMER_REGISTER			0x0000a600
  85
  86#define MWL8K_A2H_EVENTS	(MWL8K_A2H_INT_DUMMY | \
  87				 MWL8K_A2H_INT_CHNL_SWITCHED | \
  88				 MWL8K_A2H_INT_QUEUE_EMPTY | \
  89				 MWL8K_A2H_INT_RADAR_DETECT | \
  90				 MWL8K_A2H_INT_RADIO_ON | \
  91				 MWL8K_A2H_INT_RADIO_OFF | \
  92				 MWL8K_A2H_INT_MAC_EVENT | \
  93				 MWL8K_A2H_INT_OPC_DONE | \
  94				 MWL8K_A2H_INT_RX_READY | \
  95				 MWL8K_A2H_INT_TX_DONE | \
  96				 MWL8K_A2H_INT_BA_WATCHDOG)
  97
  98#define MWL8K_RX_QUEUES		1
  99#define MWL8K_TX_WMM_QUEUES	4
 100#define MWL8K_MAX_AMPDU_QUEUES	8
 101#define MWL8K_MAX_TX_QUEUES	(MWL8K_TX_WMM_QUEUES + MWL8K_MAX_AMPDU_QUEUES)
 102#define mwl8k_tx_queues(priv)	(MWL8K_TX_WMM_QUEUES + (priv)->num_ampdu_queues)
 103
 104/* txpriorities are mapped with hw queues.
 105 * Each hw queue has a txpriority.
 106 */
 107#define TOTAL_HW_TX_QUEUES	8
 108
 109/* Each HW queue can have one AMPDU stream.
 110 * But, because one of the hw queue is reserved,
 111 * maximum AMPDU queues that can be created are
 112 * one short of total tx queues.
 113 */
 114#define MWL8K_NUM_AMPDU_STREAMS	(TOTAL_HW_TX_QUEUES - 1)
 115
 116struct rxd_ops {
 117	int rxd_size;
 118	void (*rxd_init)(void *rxd, dma_addr_t next_dma_addr);
 119	void (*rxd_refill)(void *rxd, dma_addr_t addr, int len);
 120	int (*rxd_process)(void *rxd, struct ieee80211_rx_status *status,
 121			   __le16 *qos, s8 *noise);
 122};
 123
 124struct mwl8k_device_info {
 125	char *part_name;
 126	char *helper_image;
 127	char *fw_image_sta;
 128	char *fw_image_ap;
 129	struct rxd_ops *ap_rxd_ops;
 130	u32 fw_api_ap;
 131};
 132
 133struct mwl8k_rx_queue {
 134	int rxd_count;
 135
 136	/* hw receives here */
 137	int head;
 138
 139	/* refill descs here */
 140	int tail;
 141
 142	void *rxd;
 143	dma_addr_t rxd_dma;
 144	struct {
 145		struct sk_buff *skb;
 146		DEFINE_DMA_UNMAP_ADDR(dma);
 147	} *buf;
 148};
 149
 150struct mwl8k_tx_queue {
 151	/* hw transmits here */
 152	int head;
 153
 154	/* sw appends here */
 155	int tail;
 156
 157	unsigned int len;
 158	struct mwl8k_tx_desc *txd;
 159	dma_addr_t txd_dma;
 160	struct sk_buff **skb;
 161};
 162
 163enum {
 164	AMPDU_NO_STREAM,
 165	AMPDU_STREAM_NEW,
 166	AMPDU_STREAM_IN_PROGRESS,
 167	AMPDU_STREAM_ACTIVE,
 168};
 169
 170struct mwl8k_ampdu_stream {
 171	struct ieee80211_sta *sta;
 172	u8 tid;
 173	u8 state;
 174	u8 idx;
 175};
 176
 177struct mwl8k_priv {
 178	struct ieee80211_hw *hw;
 179	struct pci_dev *pdev;
 180	int irq;
 181
 182	struct mwl8k_device_info *device_info;
 183
 184	void __iomem *sram;
 185	void __iomem *regs;
 186
 187	/* firmware */
 188	const struct firmware *fw_helper;
 189	const struct firmware *fw_ucode;
 190
 191	/* hardware/firmware parameters */
 192	bool ap_fw;
 193	struct rxd_ops *rxd_ops;
 194	struct ieee80211_supported_band band_24;
 195	struct ieee80211_channel channels_24[14];
 196	struct ieee80211_rate rates_24[13];
 197	struct ieee80211_supported_band band_50;
 198	struct ieee80211_channel channels_50[4];
 199	struct ieee80211_rate rates_50[8];
 200	u32 ap_macids_supported;
 201	u32 sta_macids_supported;
 202
 203	/* Ampdu stream information */
 204	u8 num_ampdu_queues;
 205	spinlock_t stream_lock;
 206	struct mwl8k_ampdu_stream ampdu[MWL8K_MAX_AMPDU_QUEUES];
 207	struct work_struct watchdog_ba_handle;
 208
 209	/* firmware access */
 210	struct mutex fw_mutex;
 211	struct task_struct *fw_mutex_owner;
 212	struct task_struct *hw_restart_owner;
 213	int fw_mutex_depth;
 214	struct completion *hostcmd_wait;
 215
 216	atomic_t watchdog_event_pending;
 217
 218	/* lock held over TX and TX reap */
 219	spinlock_t tx_lock;
 220
 221	/* TX quiesce completion, protected by fw_mutex and tx_lock */
 222	struct completion *tx_wait;
 223
 224	/* List of interfaces.  */
 225	u32 macids_used;
 226	struct list_head vif_list;
 227
 228	/* power management status cookie from firmware */
 229	u32 *cookie;
 230	dma_addr_t cookie_dma;
 231
 232	u16 num_mcaddrs;
 233	u8 hw_rev;
 234	u32 fw_rev;
 235	u32 caps;
 236
 237	/*
 238	 * Running count of TX packets in flight, to avoid
 239	 * iterating over the transmit rings each time.
 240	 */
 241	int pending_tx_pkts;
 242
 243	struct mwl8k_rx_queue rxq[MWL8K_RX_QUEUES];
 244	struct mwl8k_tx_queue txq[MWL8K_MAX_TX_QUEUES];
 245	u32 txq_offset[MWL8K_MAX_TX_QUEUES];
 246
 247	bool radio_on;
 248	bool radio_short_preamble;
 249	bool sniffer_enabled;
 250	bool wmm_enabled;
 251
 252	/* XXX need to convert this to handle multiple interfaces */
 253	bool capture_beacon;
 254	u8 capture_bssid[ETH_ALEN];
 255	struct sk_buff *beacon_skb;
 256
 257	/*
 258	 * This FJ worker has to be global as it is scheduled from the
 259	 * RX handler.  At this point we don't know which interface it
 260	 * belongs to until the list of bssids waiting to complete join
 261	 * is checked.
 262	 */
 263	struct work_struct finalize_join_worker;
 264
 265	/* Tasklet to perform TX reclaim.  */
 266	struct tasklet_struct poll_tx_task;
 267
 268	/* Tasklet to perform RX.  */
 269	struct tasklet_struct poll_rx_task;
 270
 271	/* Most recently reported noise in dBm */
 272	s8 noise;
 273
 274	/*
 275	 * preserve the queue configurations so they can be restored if/when
 276	 * the firmware image is swapped.
 277	 */
 278	struct ieee80211_tx_queue_params wmm_params[MWL8K_TX_WMM_QUEUES];
 279
 280	/* To perform the task of reloading the firmware */
 281	struct work_struct fw_reload;
 282	bool hw_restart_in_progress;
 283
 284	/* async firmware loading state */
 285	unsigned fw_state;
 286	char *fw_pref;
 287	char *fw_alt;
 288	bool is_8764;
 289	struct completion firmware_loading_complete;
 290
 291	/* bitmap of running BSSes */
 292	u32 running_bsses;
 293};
 294
 295#define MAX_WEP_KEY_LEN         13
 296#define NUM_WEP_KEYS            4
 297
 298/* Per interface specific private data */
 299struct mwl8k_vif {
 300	struct list_head list;
 301	struct ieee80211_vif *vif;
 302
 303	/* Firmware macid for this vif.  */
 304	int macid;
 305
 306	/* Non AMPDU sequence number assigned by driver.  */
 307	u16 seqno;
 308
 309	/* Saved WEP keys */
 310	struct {
 311		u8 enabled;
 312		u8 key[sizeof(struct ieee80211_key_conf) + MAX_WEP_KEY_LEN];
 313	} wep_key_conf[NUM_WEP_KEYS];
 314
 315	/* BSSID */
 316	u8 bssid[ETH_ALEN];
 317
 318	/* A flag to indicate is HW crypto is enabled for this bssid */
 319	bool is_hw_crypto_enabled;
 320};
 321#define MWL8K_VIF(_vif) ((struct mwl8k_vif *)&((_vif)->drv_priv))
 322#define IEEE80211_KEY_CONF(_u8) ((struct ieee80211_key_conf *)(_u8))
 323
 324struct tx_traffic_info {
 325	u32 start_time;
 326	u32 pkts;
 327};
 328
 329#define MWL8K_MAX_TID 8
 330struct mwl8k_sta {
 331	/* Index into station database. Returned by UPDATE_STADB.  */
 332	u8 peer_id;
 333	u8 is_ampdu_allowed;
 334	struct tx_traffic_info tx_stats[MWL8K_MAX_TID];
 335};
 336#define MWL8K_STA(_sta) ((struct mwl8k_sta *)&((_sta)->drv_priv))
 337
 338static const struct ieee80211_channel mwl8k_channels_24[] = {
 339	{ .band = IEEE80211_BAND_2GHZ, .center_freq = 2412, .hw_value = 1, },
 340	{ .band = IEEE80211_BAND_2GHZ, .center_freq = 2417, .hw_value = 2, },
 341	{ .band = IEEE80211_BAND_2GHZ, .center_freq = 2422, .hw_value = 3, },
 342	{ .band = IEEE80211_BAND_2GHZ, .center_freq = 2427, .hw_value = 4, },
 343	{ .band = IEEE80211_BAND_2GHZ, .center_freq = 2432, .hw_value = 5, },
 344	{ .band = IEEE80211_BAND_2GHZ, .center_freq = 2437, .hw_value = 6, },
 345	{ .band = IEEE80211_BAND_2GHZ, .center_freq = 2442, .hw_value = 7, },
 346	{ .band = IEEE80211_BAND_2GHZ, .center_freq = 2447, .hw_value = 8, },
 347	{ .band = IEEE80211_BAND_2GHZ, .center_freq = 2452, .hw_value = 9, },
 348	{ .band = IEEE80211_BAND_2GHZ, .center_freq = 2457, .hw_value = 10, },
 349	{ .band = IEEE80211_BAND_2GHZ, .center_freq = 2462, .hw_value = 11, },
 350	{ .band = IEEE80211_BAND_2GHZ, .center_freq = 2467, .hw_value = 12, },
 351	{ .band = IEEE80211_BAND_2GHZ, .center_freq = 2472, .hw_value = 13, },
 352	{ .band = IEEE80211_BAND_2GHZ, .center_freq = 2484, .hw_value = 14, },
 353};
 354
 355static const struct ieee80211_rate mwl8k_rates_24[] = {
 356	{ .bitrate = 10, .hw_value = 2, },
 357	{ .bitrate = 20, .hw_value = 4, },
 358	{ .bitrate = 55, .hw_value = 11, },
 359	{ .bitrate = 110, .hw_value = 22, },
 360	{ .bitrate = 220, .hw_value = 44, },
 361	{ .bitrate = 60, .hw_value = 12, },
 362	{ .bitrate = 90, .hw_value = 18, },
 363	{ .bitrate = 120, .hw_value = 24, },
 364	{ .bitrate = 180, .hw_value = 36, },
 365	{ .bitrate = 240, .hw_value = 48, },
 366	{ .bitrate = 360, .hw_value = 72, },
 367	{ .bitrate = 480, .hw_value = 96, },
 368	{ .bitrate = 540, .hw_value = 108, },
 369};
 370
 371static const struct ieee80211_channel mwl8k_channels_50[] = {
 372	{ .band = IEEE80211_BAND_5GHZ, .center_freq = 5180, .hw_value = 36, },
 373	{ .band = IEEE80211_BAND_5GHZ, .center_freq = 5200, .hw_value = 40, },
 374	{ .band = IEEE80211_BAND_5GHZ, .center_freq = 5220, .hw_value = 44, },
 375	{ .band = IEEE80211_BAND_5GHZ, .center_freq = 5240, .hw_value = 48, },
 376};
 377
 378static const struct ieee80211_rate mwl8k_rates_50[] = {
 379	{ .bitrate = 60, .hw_value = 12, },
 380	{ .bitrate = 90, .hw_value = 18, },
 381	{ .bitrate = 120, .hw_value = 24, },
 382	{ .bitrate = 180, .hw_value = 36, },
 383	{ .bitrate = 240, .hw_value = 48, },
 384	{ .bitrate = 360, .hw_value = 72, },
 385	{ .bitrate = 480, .hw_value = 96, },
 386	{ .bitrate = 540, .hw_value = 108, },
 387};
 388
 389/* Set or get info from Firmware */
 390#define MWL8K_CMD_GET			0x0000
 391#define MWL8K_CMD_SET			0x0001
 392#define MWL8K_CMD_SET_LIST		0x0002
 393
 394/* Firmware command codes */
 395#define MWL8K_CMD_CODE_DNLD		0x0001
 396#define MWL8K_CMD_GET_HW_SPEC		0x0003
 397#define MWL8K_CMD_SET_HW_SPEC		0x0004
 398#define MWL8K_CMD_MAC_MULTICAST_ADR	0x0010
 399#define MWL8K_CMD_GET_STAT		0x0014
 400#define MWL8K_CMD_RADIO_CONTROL		0x001c
 401#define MWL8K_CMD_RF_TX_POWER		0x001e
 402#define MWL8K_CMD_TX_POWER		0x001f
 403#define MWL8K_CMD_RF_ANTENNA		0x0020
 404#define MWL8K_CMD_SET_BEACON		0x0100		/* per-vif */
 405#define MWL8K_CMD_SET_PRE_SCAN		0x0107
 406#define MWL8K_CMD_SET_POST_SCAN		0x0108
 407#define MWL8K_CMD_SET_RF_CHANNEL	0x010a
 408#define MWL8K_CMD_SET_AID		0x010d
 409#define MWL8K_CMD_SET_RATE		0x0110
 410#define MWL8K_CMD_SET_FINALIZE_JOIN	0x0111
 411#define MWL8K_CMD_RTS_THRESHOLD		0x0113
 412#define MWL8K_CMD_SET_SLOT		0x0114
 413#define MWL8K_CMD_SET_EDCA_PARAMS	0x0115
 414#define MWL8K_CMD_SET_WMM_MODE		0x0123
 415#define MWL8K_CMD_MIMO_CONFIG		0x0125
 416#define MWL8K_CMD_USE_FIXED_RATE	0x0126
 417#define MWL8K_CMD_ENABLE_SNIFFER	0x0150
 418#define MWL8K_CMD_SET_MAC_ADDR		0x0202		/* per-vif */
 419#define MWL8K_CMD_SET_RATEADAPT_MODE	0x0203
 420#define MWL8K_CMD_GET_WATCHDOG_BITMAP	0x0205
 421#define MWL8K_CMD_DEL_MAC_ADDR		0x0206		/* per-vif */
 422#define MWL8K_CMD_BSS_START		0x1100		/* per-vif */
 423#define MWL8K_CMD_SET_NEW_STN		0x1111		/* per-vif */
 424#define MWL8K_CMD_UPDATE_ENCRYPTION	0x1122		/* per-vif */
 425#define MWL8K_CMD_UPDATE_STADB		0x1123
 426#define MWL8K_CMD_BASTREAM		0x1125
 427
 428static const char *mwl8k_cmd_name(__le16 cmd, char *buf, int bufsize)
 429{
 430	u16 command = le16_to_cpu(cmd);
 431
 432#define MWL8K_CMDNAME(x)	case MWL8K_CMD_##x: do {\
 433					snprintf(buf, bufsize, "%s", #x);\
 434					return buf;\
 435					} while (0)
 436	switch (command & ~0x8000) {
 437		MWL8K_CMDNAME(CODE_DNLD);
 438		MWL8K_CMDNAME(GET_HW_SPEC);
 439		MWL8K_CMDNAME(SET_HW_SPEC);
 440		MWL8K_CMDNAME(MAC_MULTICAST_ADR);
 441		MWL8K_CMDNAME(GET_STAT);
 442		MWL8K_CMDNAME(RADIO_CONTROL);
 443		MWL8K_CMDNAME(RF_TX_POWER);
 444		MWL8K_CMDNAME(TX_POWER);
 445		MWL8K_CMDNAME(RF_ANTENNA);
 446		MWL8K_CMDNAME(SET_BEACON);
 447		MWL8K_CMDNAME(SET_PRE_SCAN);
 448		MWL8K_CMDNAME(SET_POST_SCAN);
 449		MWL8K_CMDNAME(SET_RF_CHANNEL);
 450		MWL8K_CMDNAME(SET_AID);
 451		MWL8K_CMDNAME(SET_RATE);
 452		MWL8K_CMDNAME(SET_FINALIZE_JOIN);
 453		MWL8K_CMDNAME(RTS_THRESHOLD);
 454		MWL8K_CMDNAME(SET_SLOT);
 455		MWL8K_CMDNAME(SET_EDCA_PARAMS);
 456		MWL8K_CMDNAME(SET_WMM_MODE);
 457		MWL8K_CMDNAME(MIMO_CONFIG);
 458		MWL8K_CMDNAME(USE_FIXED_RATE);
 459		MWL8K_CMDNAME(ENABLE_SNIFFER);
 460		MWL8K_CMDNAME(SET_MAC_ADDR);
 461		MWL8K_CMDNAME(SET_RATEADAPT_MODE);
 462		MWL8K_CMDNAME(BSS_START);
 463		MWL8K_CMDNAME(SET_NEW_STN);
 464		MWL8K_CMDNAME(UPDATE_ENCRYPTION);
 465		MWL8K_CMDNAME(UPDATE_STADB);
 466		MWL8K_CMDNAME(BASTREAM);
 467		MWL8K_CMDNAME(GET_WATCHDOG_BITMAP);
 468	default:
 469		snprintf(buf, bufsize, "0x%x", cmd);
 470	}
 471#undef MWL8K_CMDNAME
 472
 473	return buf;
 474}
 475
 476/* Hardware and firmware reset */
 477static void mwl8k_hw_reset(struct mwl8k_priv *priv)
 478{
 479	iowrite32(MWL8K_H2A_INT_RESET,
 480		priv->regs + MWL8K_HIU_H2A_INTERRUPT_EVENTS);
 481	iowrite32(MWL8K_H2A_INT_RESET,
 482		priv->regs + MWL8K_HIU_H2A_INTERRUPT_EVENTS);
 483	msleep(20);
 484}
 485
 486/* Release fw image */
 487static void mwl8k_release_fw(const struct firmware **fw)
 488{
 489	if (*fw == NULL)
 490		return;
 491	release_firmware(*fw);
 492	*fw = NULL;
 493}
 494
 495static void mwl8k_release_firmware(struct mwl8k_priv *priv)
 496{
 497	mwl8k_release_fw(&priv->fw_ucode);
 498	mwl8k_release_fw(&priv->fw_helper);
 499}
 500
 501/* states for asynchronous f/w loading */
 502static void mwl8k_fw_state_machine(const struct firmware *fw, void *context);
 503enum {
 504	FW_STATE_INIT = 0,
 505	FW_STATE_LOADING_PREF,
 506	FW_STATE_LOADING_ALT,
 507	FW_STATE_ERROR,
 508};
 509
 510/* Request fw image */
 511static int mwl8k_request_fw(struct mwl8k_priv *priv,
 512			    const char *fname, const struct firmware **fw,
 513			    bool nowait)
 514{
 515	/* release current image */
 516	if (*fw != NULL)
 517		mwl8k_release_fw(fw);
 518
 519	if (nowait)
 520		return request_firmware_nowait(THIS_MODULE, 1, fname,
 521					       &priv->pdev->dev, GFP_KERNEL,
 522					       priv, mwl8k_fw_state_machine);
 523	else
 524		return request_firmware(fw, fname, &priv->pdev->dev);
 525}
 526
 527static int mwl8k_request_firmware(struct mwl8k_priv *priv, char *fw_image,
 528				  bool nowait)
 529{
 530	struct mwl8k_device_info *di = priv->device_info;
 531	int rc;
 532
 533	if (di->helper_image != NULL) {
 534		if (nowait)
 535			rc = mwl8k_request_fw(priv, di->helper_image,
 536					      &priv->fw_helper, true);
 537		else
 538			rc = mwl8k_request_fw(priv, di->helper_image,
 539					      &priv->fw_helper, false);
 540		if (rc)
 541			printk(KERN_ERR "%s: Error requesting helper fw %s\n",
 542			       pci_name(priv->pdev), di->helper_image);
 543
 544		if (rc || nowait)
 545			return rc;
 546	}
 547
 548	if (nowait) {
 549		/*
 550		 * if we get here, no helper image is needed.  Skip the
 551		 * FW_STATE_INIT state.
 552		 */
 553		priv->fw_state = FW_STATE_LOADING_PREF;
 554		rc = mwl8k_request_fw(priv, fw_image,
 555				      &priv->fw_ucode,
 556				      true);
 557	} else
 558		rc = mwl8k_request_fw(priv, fw_image,
 559				      &priv->fw_ucode, false);
 560	if (rc) {
 561		printk(KERN_ERR "%s: Error requesting firmware file %s\n",
 562		       pci_name(priv->pdev), fw_image);
 563		mwl8k_release_fw(&priv->fw_helper);
 564		return rc;
 565	}
 566
 567	return 0;
 568}
 569
 570struct mwl8k_cmd_pkt {
 571	__le16	code;
 572	__le16	length;
 573	__u8	seq_num;
 574	__u8	macid;
 575	__le16	result;
 576	char	payload[0];
 577} __packed;
 578
 579/*
 580 * Firmware loading.
 581 */
 582static int
 583mwl8k_send_fw_load_cmd(struct mwl8k_priv *priv, void *data, int length)
 584{
 585	void __iomem *regs = priv->regs;
 586	dma_addr_t dma_addr;
 587	int loops;
 588
 589	dma_addr = pci_map_single(priv->pdev, data, length, PCI_DMA_TODEVICE);
 590	if (pci_dma_mapping_error(priv->pdev, dma_addr))
 591		return -ENOMEM;
 592
 593	iowrite32(dma_addr, regs + MWL8K_HIU_GEN_PTR);
 594	iowrite32(0, regs + MWL8K_HIU_INT_CODE);
 595	iowrite32(MWL8K_H2A_INT_DOORBELL,
 596		regs + MWL8K_HIU_H2A_INTERRUPT_EVENTS);
 597	iowrite32(MWL8K_H2A_INT_DUMMY,
 598		regs + MWL8K_HIU_H2A_INTERRUPT_EVENTS);
 599
 600	loops = 1000;
 601	do {
 602		u32 int_code;
 603		if (priv->is_8764) {
 604			int_code = ioread32(regs +
 605					    MWL8K_HIU_H2A_INTERRUPT_STATUS);
 606			if (int_code == 0)
 607				break;
 608		} else {
 609			int_code = ioread32(regs + MWL8K_HIU_INT_CODE);
 610			if (int_code == MWL8K_INT_CODE_CMD_FINISHED) {
 611				iowrite32(0, regs + MWL8K_HIU_INT_CODE);
 612				break;
 613			}
 614		}
 615		cond_resched();
 616		udelay(1);
 617	} while (--loops);
 618
 619	pci_unmap_single(priv->pdev, dma_addr, length, PCI_DMA_TODEVICE);
 620
 621	return loops ? 0 : -ETIMEDOUT;
 622}
 623
 624static int mwl8k_load_fw_image(struct mwl8k_priv *priv,
 625				const u8 *data, size_t length)
 626{
 627	struct mwl8k_cmd_pkt *cmd;
 628	int done;
 629	int rc = 0;
 630
 631	cmd = kmalloc(sizeof(*cmd) + 256, GFP_KERNEL);
 632	if (cmd == NULL)
 633		return -ENOMEM;
 634
 635	cmd->code = cpu_to_le16(MWL8K_CMD_CODE_DNLD);
 636	cmd->seq_num = 0;
 637	cmd->macid = 0;
 638	cmd->result = 0;
 639
 640	done = 0;
 641	while (length) {
 642		int block_size = length > 256 ? 256 : length;
 643
 644		memcpy(cmd->payload, data + done, block_size);
 645		cmd->length = cpu_to_le16(block_size);
 646
 647		rc = mwl8k_send_fw_load_cmd(priv, cmd,
 648						sizeof(*cmd) + block_size);
 649		if (rc)
 650			break;
 651
 652		done += block_size;
 653		length -= block_size;
 654	}
 655
 656	if (!rc) {
 657		cmd->length = 0;
 658		rc = mwl8k_send_fw_load_cmd(priv, cmd, sizeof(*cmd));
 659	}
 660
 661	kfree(cmd);
 662
 663	return rc;
 664}
 665
 666static int mwl8k_feed_fw_image(struct mwl8k_priv *priv,
 667				const u8 *data, size_t length)
 668{
 669	unsigned char *buffer;
 670	int may_continue, rc = 0;
 671	u32 done, prev_block_size;
 672
 673	buffer = kmalloc(1024, GFP_KERNEL);
 674	if (buffer == NULL)
 675		return -ENOMEM;
 676
 677	done = 0;
 678	prev_block_size = 0;
 679	may_continue = 1000;
 680	while (may_continue > 0) {
 681		u32 block_size;
 682
 683		block_size = ioread32(priv->regs + MWL8K_HIU_SCRATCH);
 684		if (block_size & 1) {
 685			block_size &= ~1;
 686			may_continue--;
 687		} else {
 688			done += prev_block_size;
 689			length -= prev_block_size;
 690		}
 691
 692		if (block_size > 1024 || block_size > length) {
 693			rc = -EOVERFLOW;
 694			break;
 695		}
 696
 697		if (length == 0) {
 698			rc = 0;
 699			break;
 700		}
 701
 702		if (block_size == 0) {
 703			rc = -EPROTO;
 704			may_continue--;
 705			udelay(1);
 706			continue;
 707		}
 708
 709		prev_block_size = block_size;
 710		memcpy(buffer, data + done, block_size);
 711
 712		rc = mwl8k_send_fw_load_cmd(priv, buffer, block_size);
 713		if (rc)
 714			break;
 715	}
 716
 717	if (!rc && length != 0)
 718		rc = -EREMOTEIO;
 719
 720	kfree(buffer);
 721
 722	return rc;
 723}
 724
 725static int mwl8k_load_firmware(struct ieee80211_hw *hw)
 726{
 727	struct mwl8k_priv *priv = hw->priv;
 728	const struct firmware *fw = priv->fw_ucode;
 729	int rc;
 730	int loops;
 731
 732	if (!memcmp(fw->data, "\x01\x00\x00\x00", 4) && !priv->is_8764) {
 733		const struct firmware *helper = priv->fw_helper;
 734
 735		if (helper == NULL) {
 736			printk(KERN_ERR "%s: helper image needed but none "
 737			       "given\n", pci_name(priv->pdev));
 738			return -EINVAL;
 739		}
 740
 741		rc = mwl8k_load_fw_image(priv, helper->data, helper->size);
 742		if (rc) {
 743			printk(KERN_ERR "%s: unable to load firmware "
 744			       "helper image\n", pci_name(priv->pdev));
 745			return rc;
 746		}
 747		msleep(20);
 748
 749		rc = mwl8k_feed_fw_image(priv, fw->data, fw->size);
 750	} else {
 751		if (priv->is_8764)
 752			rc = mwl8k_feed_fw_image(priv, fw->data, fw->size);
 753		else
 754			rc = mwl8k_load_fw_image(priv, fw->data, fw->size);
 755	}
 756
 757	if (rc) {
 758		printk(KERN_ERR "%s: unable to load firmware image\n",
 759		       pci_name(priv->pdev));
 760		return rc;
 761	}
 762
 763	iowrite32(MWL8K_MODE_STA, priv->regs + MWL8K_HIU_GEN_PTR);
 764
 765	loops = 500000;
 766	do {
 767		u32 ready_code;
 768
 769		ready_code = ioread32(priv->regs + MWL8K_HIU_INT_CODE);
 770		if (ready_code == MWL8K_FWAP_READY) {
 771			priv->ap_fw = true;
 772			break;
 773		} else if (ready_code == MWL8K_FWSTA_READY) {
 774			priv->ap_fw = false;
 775			break;
 776		}
 777
 778		cond_resched();
 779		udelay(1);
 780	} while (--loops);
 781
 782	return loops ? 0 : -ETIMEDOUT;
 783}
 784
 785
 786/* DMA header used by firmware and hardware.  */
 787struct mwl8k_dma_data {
 788	__le16 fwlen;
 789	struct ieee80211_hdr wh;
 790	char data[0];
 791} __packed;
 792
 793/* Routines to add/remove DMA header from skb.  */
 794static inline void mwl8k_remove_dma_header(struct sk_buff *skb, __le16 qos)
 795{
 796	struct mwl8k_dma_data *tr;
 797	int hdrlen;
 798
 799	tr = (struct mwl8k_dma_data *)skb->data;
 800	hdrlen = ieee80211_hdrlen(tr->wh.frame_control);
 801
 802	if (hdrlen != sizeof(tr->wh)) {
 803		if (ieee80211_is_data_qos(tr->wh.frame_control)) {
 804			memmove(tr->data - hdrlen, &tr->wh, hdrlen - 2);
 805			*((__le16 *)(tr->data - 2)) = qos;
 806		} else {
 807			memmove(tr->data - hdrlen, &tr->wh, hdrlen);
 808		}
 809	}
 810
 811	if (hdrlen != sizeof(*tr))
 812		skb_pull(skb, sizeof(*tr) - hdrlen);
 813}
 814
 815#define REDUCED_TX_HEADROOM	8
 816
 817static void
 818mwl8k_add_dma_header(struct mwl8k_priv *priv, struct sk_buff *skb,
 819						int head_pad, int tail_pad)
 820{
 821	struct ieee80211_hdr *wh;
 822	int hdrlen;
 823	int reqd_hdrlen;
 824	struct mwl8k_dma_data *tr;
 825
 826	/*
 827	 * Add a firmware DMA header; the firmware requires that we
 828	 * present a 2-byte payload length followed by a 4-address
 829	 * header (without QoS field), followed (optionally) by any
 830	 * WEP/ExtIV header (but only filled in for CCMP).
 831	 */
 832	wh = (struct ieee80211_hdr *)skb->data;
 833
 834	hdrlen = ieee80211_hdrlen(wh->frame_control);
 835
 836	/*
 837	 * Check if skb_resize is required because of
 838	 * tx_headroom adjustment.
 839	 */
 840	if (priv->ap_fw && (hdrlen < (sizeof(struct ieee80211_cts)
 841						+ REDUCED_TX_HEADROOM))) {
 842		if (pskb_expand_head(skb, REDUCED_TX_HEADROOM, 0, GFP_ATOMIC)) {
 843
 844			wiphy_err(priv->hw->wiphy,
 845					"Failed to reallocate TX buffer\n");
 846			return;
 847		}
 848		skb->truesize += REDUCED_TX_HEADROOM;
 849	}
 850
 851	reqd_hdrlen = sizeof(*tr) + head_pad;
 852
 853	if (hdrlen != reqd_hdrlen)
 854		skb_push(skb, reqd_hdrlen - hdrlen);
 855
 856	if (ieee80211_is_data_qos(wh->frame_control))
 857		hdrlen -= IEEE80211_QOS_CTL_LEN;
 858
 859	tr = (struct mwl8k_dma_data *)skb->data;
 860	if (wh != &tr->wh)
 861		memmove(&tr->wh, wh, hdrlen);
 862	if (hdrlen != sizeof(tr->wh))
 863		memset(((void *)&tr->wh) + hdrlen, 0, sizeof(tr->wh) - hdrlen);
 864
 865	/*
 866	 * Firmware length is the length of the fully formed "802.11
 867	 * payload".  That is, everything except for the 802.11 header.
 868	 * This includes all crypto material including the MIC.
 869	 */
 870	tr->fwlen = cpu_to_le16(skb->len - sizeof(*tr) + tail_pad);
 871}
 872
 873static void mwl8k_encapsulate_tx_frame(struct mwl8k_priv *priv,
 874		struct sk_buff *skb)
 875{
 876	struct ieee80211_hdr *wh;
 877	struct ieee80211_tx_info *tx_info;
 878	struct ieee80211_key_conf *key_conf;
 879	int data_pad;
 880	int head_pad = 0;
 881
 882	wh = (struct ieee80211_hdr *)skb->data;
 883
 884	tx_info = IEEE80211_SKB_CB(skb);
 885
 886	key_conf = NULL;
 887	if (ieee80211_is_data(wh->frame_control))
 888		key_conf = tx_info->control.hw_key;
 889
 890	/*
 891	 * Make sure the packet header is in the DMA header format (4-address
 892	 * without QoS), and add head & tail padding when HW crypto is enabled.
 893	 *
 894	 * We have the following trailer padding requirements:
 895	 * - WEP: 4 trailer bytes (ICV)
 896	 * - TKIP: 12 trailer bytes (8 MIC + 4 ICV)
 897	 * - CCMP: 8 trailer bytes (MIC)
 898	 */
 899	data_pad = 0;
 900	if (key_conf != NULL) {
 901		head_pad = key_conf->iv_len;
 902		switch (key_conf->cipher) {
 903		case WLAN_CIPHER_SUITE_WEP40:
 904		case WLAN_CIPHER_SUITE_WEP104:
 905			data_pad = 4;
 906			break;
 907		case WLAN_CIPHER_SUITE_TKIP:
 908			data_pad = 12;
 909			break;
 910		case WLAN_CIPHER_SUITE_CCMP:
 911			data_pad = 8;
 912			break;
 913		}
 914	}
 915	mwl8k_add_dma_header(priv, skb, head_pad, data_pad);
 916}
 917
 918/*
 919 * Packet reception for 88w8366/88w8764 AP firmware.
 920 */
 921struct mwl8k_rxd_ap {
 922	__le16 pkt_len;
 923	__u8 sq2;
 924	__u8 rate;
 925	__le32 pkt_phys_addr;
 926	__le32 next_rxd_phys_addr;
 927	__le16 qos_control;
 928	__le16 htsig2;
 929	__le32 hw_rssi_info;
 930	__le32 hw_noise_floor_info;
 931	__u8 noise_floor;
 932	__u8 pad0[3];
 933	__u8 rssi;
 934	__u8 rx_status;
 935	__u8 channel;
 936	__u8 rx_ctrl;
 937} __packed;
 938
 939#define MWL8K_AP_RATE_INFO_MCS_FORMAT		0x80
 940#define MWL8K_AP_RATE_INFO_40MHZ		0x40
 941#define MWL8K_AP_RATE_INFO_RATEID(x)		((x) & 0x3f)
 942
 943#define MWL8K_AP_RX_CTRL_OWNED_BY_HOST		0x80
 944
 945/* 8366/8764 AP rx_status bits */
 946#define MWL8K_AP_RXSTAT_DECRYPT_ERR_MASK		0x80
 947#define MWL8K_AP_RXSTAT_GENERAL_DECRYPT_ERR		0xFF
 948#define MWL8K_AP_RXSTAT_TKIP_DECRYPT_MIC_ERR		0x02
 949#define MWL8K_AP_RXSTAT_WEP_DECRYPT_ICV_ERR		0x04
 950#define MWL8K_AP_RXSTAT_TKIP_DECRYPT_ICV_ERR		0x08
 951
 952static void mwl8k_rxd_ap_init(void *_rxd, dma_addr_t next_dma_addr)
 953{
 954	struct mwl8k_rxd_ap *rxd = _rxd;
 955
 956	rxd->next_rxd_phys_addr = cpu_to_le32(next_dma_addr);
 957	rxd->rx_ctrl = MWL8K_AP_RX_CTRL_OWNED_BY_HOST;
 958}
 959
 960static void mwl8k_rxd_ap_refill(void *_rxd, dma_addr_t addr, int len)
 961{
 962	struct mwl8k_rxd_ap *rxd = _rxd;
 963
 964	rxd->pkt_len = cpu_to_le16(len);
 965	rxd->pkt_phys_addr = cpu_to_le32(addr);
 966	wmb();
 967	rxd->rx_ctrl = 0;
 968}
 969
 970static int
 971mwl8k_rxd_ap_process(void *_rxd, struct ieee80211_rx_status *status,
 972		     __le16 *qos, s8 *noise)
 973{
 974	struct mwl8k_rxd_ap *rxd = _rxd;
 975
 976	if (!(rxd->rx_ctrl & MWL8K_AP_RX_CTRL_OWNED_BY_HOST))
 977		return -1;
 978	rmb();
 979
 980	memset(status, 0, sizeof(*status));
 981
 982	status->signal = -rxd->rssi;
 983	*noise = -rxd->noise_floor;
 984
 985	if (rxd->rate & MWL8K_AP_RATE_INFO_MCS_FORMAT) {
 986		status->flag |= RX_FLAG_HT;
 987		if (rxd->rate & MWL8K_AP_RATE_INFO_40MHZ)
 988			status->flag |= RX_FLAG_40MHZ;
 989		status->rate_idx = MWL8K_AP_RATE_INFO_RATEID(rxd->rate);
 990	} else {
 991		int i;
 992
 993		for (i = 0; i < ARRAY_SIZE(mwl8k_rates_24); i++) {
 994			if (mwl8k_rates_24[i].hw_value == rxd->rate) {
 995				status->rate_idx = i;
 996				break;
 997			}
 998		}
 999	}
1000
1001	if (rxd->channel > 14) {
1002		status->band = IEEE80211_BAND_5GHZ;
1003		if (!(status->flag & RX_FLAG_HT))
1004			status->rate_idx -= 5;
1005	} else {
1006		status->band = IEEE80211_BAND_2GHZ;
1007	}
1008	status->freq = ieee80211_channel_to_frequency(rxd->channel,
1009						      status->band);
1010
1011	*qos = rxd->qos_control;
1012
1013	if ((rxd->rx_status != MWL8K_AP_RXSTAT_GENERAL_DECRYPT_ERR) &&
1014	    (rxd->rx_status & MWL8K_AP_RXSTAT_DECRYPT_ERR_MASK) &&
1015	    (rxd->rx_status & MWL8K_AP_RXSTAT_TKIP_DECRYPT_MIC_ERR))
1016		status->flag |= RX_FLAG_MMIC_ERROR;
1017
1018	return le16_to_cpu(rxd->pkt_len);
1019}
1020
1021static struct rxd_ops rxd_ap_ops = {
1022	.rxd_size	= sizeof(struct mwl8k_rxd_ap),
1023	.rxd_init	= mwl8k_rxd_ap_init,
1024	.rxd_refill	= mwl8k_rxd_ap_refill,
1025	.rxd_process	= mwl8k_rxd_ap_process,
1026};
1027
1028/*
1029 * Packet reception for STA firmware.
1030 */
1031struct mwl8k_rxd_sta {
1032	__le16 pkt_len;
1033	__u8 link_quality;
1034	__u8 noise_level;
1035	__le32 pkt_phys_addr;
1036	__le32 next_rxd_phys_addr;
1037	__le16 qos_control;
1038	__le16 rate_info;
1039	__le32 pad0[4];
1040	__u8 rssi;
1041	__u8 channel;
1042	__le16 pad1;
1043	__u8 rx_ctrl;
1044	__u8 rx_status;
1045	__u8 pad2[2];
1046} __packed;
1047
1048#define MWL8K_STA_RATE_INFO_SHORTPRE		0x8000
1049#define MWL8K_STA_RATE_INFO_ANTSELECT(x)	(((x) >> 11) & 0x3)
1050#define MWL8K_STA_RATE_INFO_RATEID(x)		(((x) >> 3) & 0x3f)
1051#define MWL8K_STA_RATE_INFO_40MHZ		0x0004
1052#define MWL8K_STA_RATE_INFO_SHORTGI		0x0002
1053#define MWL8K_STA_RATE_INFO_MCS_FORMAT		0x0001
1054
1055#define MWL8K_STA_RX_CTRL_OWNED_BY_HOST		0x02
1056#define MWL8K_STA_RX_CTRL_DECRYPT_ERROR		0x04
1057/* ICV=0 or MIC=1 */
1058#define MWL8K_STA_RX_CTRL_DEC_ERR_TYPE		0x08
1059/* Key is uploaded only in failure case */
1060#define MWL8K_STA_RX_CTRL_KEY_INDEX			0x30
1061
1062static void mwl8k_rxd_sta_init(void *_rxd, dma_addr_t next_dma_addr)
1063{
1064	struct mwl8k_rxd_sta *rxd = _rxd;
1065
1066	rxd->next_rxd_phys_addr = cpu_to_le32(next_dma_addr);
1067	rxd->rx_ctrl = MWL8K_STA_RX_CTRL_OWNED_BY_HOST;
1068}
1069
1070static void mwl8k_rxd_sta_refill(void *_rxd, dma_addr_t addr, int len)
1071{
1072	struct mwl8k_rxd_sta *rxd = _rxd;
1073
1074	rxd->pkt_len = cpu_to_le16(len);
1075	rxd->pkt_phys_addr = cpu_to_le32(addr);
1076	wmb();
1077	rxd->rx_ctrl = 0;
1078}
1079
1080static int
1081mwl8k_rxd_sta_process(void *_rxd, struct ieee80211_rx_status *status,
1082		       __le16 *qos, s8 *noise)
1083{
1084	struct mwl8k_rxd_sta *rxd = _rxd;
1085	u16 rate_info;
1086
1087	if (!(rxd->rx_ctrl & MWL8K_STA_RX_CTRL_OWNED_BY_HOST))
1088		return -1;
1089	rmb();
1090
1091	rate_info = le16_to_cpu(rxd->rate_info);
1092
1093	memset(status, 0, sizeof(*status));
1094
1095	status->signal = -rxd->rssi;
1096	*noise = -rxd->noise_level;
1097	status->antenna = MWL8K_STA_RATE_INFO_ANTSELECT(rate_info);
1098	status->rate_idx = MWL8K_STA_RATE_INFO_RATEID(rate_info);
1099
1100	if (rate_info & MWL8K_STA_RATE_INFO_SHORTPRE)
1101		status->flag |= RX_FLAG_SHORTPRE;
1102	if (rate_info & MWL8K_STA_RATE_INFO_40MHZ)
1103		status->flag |= RX_FLAG_40MHZ;
1104	if (rate_info & MWL8K_STA_RATE_INFO_SHORTGI)
1105		status->flag |= RX_FLAG_SHORT_GI;
1106	if (rate_info & MWL8K_STA_RATE_INFO_MCS_FORMAT)
1107		status->flag |= RX_FLAG_HT;
1108
1109	if (rxd->channel > 14) {
1110		status->band = IEEE80211_BAND_5GHZ;
1111		if (!(status->flag & RX_FLAG_HT))
1112			status->rate_idx -= 5;
1113	} else {
1114		status->band = IEEE80211_BAND_2GHZ;
1115	}
1116	status->freq = ieee80211_channel_to_frequency(rxd->channel,
1117						      status->band);
1118
1119	*qos = rxd->qos_control;
1120	if ((rxd->rx_ctrl & MWL8K_STA_RX_CTRL_DECRYPT_ERROR) &&
1121	    (rxd->rx_ctrl & MWL8K_STA_RX_CTRL_DEC_ERR_TYPE))
1122		status->flag |= RX_FLAG_MMIC_ERROR;
1123
1124	return le16_to_cpu(rxd->pkt_len);
1125}
1126
1127static struct rxd_ops rxd_sta_ops = {
1128	.rxd_size	= sizeof(struct mwl8k_rxd_sta),
1129	.rxd_init	= mwl8k_rxd_sta_init,
1130	.rxd_refill	= mwl8k_rxd_sta_refill,
1131	.rxd_process	= mwl8k_rxd_sta_process,
1132};
1133
1134
1135#define MWL8K_RX_DESCS		256
1136#define MWL8K_RX_MAXSZ		3800
1137
1138static int mwl8k_rxq_init(struct ieee80211_hw *hw, int index)
1139{
1140	struct mwl8k_priv *priv = hw->priv;
1141	struct mwl8k_rx_queue *rxq = priv->rxq + index;
1142	int size;
1143	int i;
1144
1145	rxq->rxd_count = 0;
1146	rxq->head = 0;
1147	rxq->tail = 0;
1148
1149	size = MWL8K_RX_DESCS * priv->rxd_ops->rxd_size;
1150
1151	rxq->rxd = pci_alloc_consistent(priv->pdev, size, &rxq->rxd_dma);
1152	if (rxq->rxd == NULL) {
1153		wiphy_err(hw->wiphy, "failed to alloc RX descriptors\n");
1154		return -ENOMEM;
1155	}
1156	memset(rxq->rxd, 0, size);
1157
1158	rxq->buf = kcalloc(MWL8K_RX_DESCS, sizeof(*rxq->buf), GFP_KERNEL);
1159	if (rxq->buf == NULL) {
1160		pci_free_consistent(priv->pdev, size, rxq->rxd, rxq->rxd_dma);
1161		return -ENOMEM;
1162	}
1163
1164	for (i = 0; i < MWL8K_RX_DESCS; i++) {
1165		int desc_size;
1166		void *rxd;
1167		int nexti;
1168		dma_addr_t next_dma_addr;
1169
1170		desc_size = priv->rxd_ops->rxd_size;
1171		rxd = rxq->rxd + (i * priv->rxd_ops->rxd_size);
1172
1173		nexti = i + 1;
1174		if (nexti == MWL8K_RX_DESCS)
1175			nexti = 0;
1176		next_dma_addr = rxq->rxd_dma + (nexti * desc_size);
1177
1178		priv->rxd_ops->rxd_init(rxd, next_dma_addr);
1179	}
1180
1181	return 0;
1182}
1183
1184static int rxq_refill(struct ieee80211_hw *hw, int index, int limit)
1185{
1186	struct mwl8k_priv *priv = hw->priv;
1187	struct mwl8k_rx_queue *rxq = priv->rxq + index;
1188	int refilled;
1189
1190	refilled = 0;
1191	while (rxq->rxd_count < MWL8K_RX_DESCS && limit--) {
1192		struct sk_buff *skb;
1193		dma_addr_t addr;
1194		int rx;
1195		void *rxd;
1196
1197		skb = dev_alloc_skb(MWL8K_RX_MAXSZ);
1198		if (skb == NULL)
1199			break;
1200
1201		addr = pci_map_single(priv->pdev, skb->data,
1202				      MWL8K_RX_MAXSZ, DMA_FROM_DEVICE);
1203
1204		rxq->rxd_count++;
1205		rx = rxq->tail++;
1206		if (rxq->tail == MWL8K_RX_DESCS)
1207			rxq->tail = 0;
1208		rxq->buf[rx].skb = skb;
1209		dma_unmap_addr_set(&rxq->buf[rx], dma, addr);
1210
1211		rxd = rxq->rxd + (rx * priv->rxd_ops->rxd_size);
1212		priv->rxd_ops->rxd_refill(rxd, addr, MWL8K_RX_MAXSZ);
1213
1214		refilled++;
1215	}
1216
1217	return refilled;
1218}
1219
1220/* Must be called only when the card's reception is completely halted */
1221static void mwl8k_rxq_deinit(struct ieee80211_hw *hw, int index)
1222{
1223	struct mwl8k_priv *priv = hw->priv;
1224	struct mwl8k_rx_queue *rxq = priv->rxq + index;
1225	int i;
1226
1227	if (rxq->rxd == NULL)
1228		return;
1229
1230	for (i = 0; i < MWL8K_RX_DESCS; i++) {
1231		if (rxq->buf[i].skb != NULL) {
1232			pci_unmap_single(priv->pdev,
1233					 dma_unmap_addr(&rxq->buf[i], dma),
1234					 MWL8K_RX_MAXSZ, PCI_DMA_FROMDEVICE);
1235			dma_unmap_addr_set(&rxq->buf[i], dma, 0);
1236
1237			kfree_skb(rxq->buf[i].skb);
1238			rxq->buf[i].skb = NULL;
1239		}
1240	}
1241
1242	kfree(rxq->buf);
1243	rxq->buf = NULL;
1244
1245	pci_free_consistent(priv->pdev,
1246			    MWL8K_RX_DESCS * priv->rxd_ops->rxd_size,
1247			    rxq->rxd, rxq->rxd_dma);
1248	rxq->rxd = NULL;
1249}
1250
1251
1252/*
1253 * Scan a list of BSSIDs to process for finalize join.
1254 * Allows for extension to process multiple BSSIDs.
1255 */
1256static inline int
1257mwl8k_capture_bssid(struct mwl8k_priv *priv, struct ieee80211_hdr *wh)
1258{
1259	return priv->capture_beacon &&
1260		ieee80211_is_beacon(wh->frame_control) &&
1261		ether_addr_equal(wh->addr3, priv->capture_bssid);
1262}
1263
1264static inline void mwl8k_save_beacon(struct ieee80211_hw *hw,
1265				     struct sk_buff *skb)
1266{
1267	struct mwl8k_priv *priv = hw->priv;
1268
1269	priv->capture_beacon = false;
1270	memset(priv->capture_bssid, 0, ETH_ALEN);
1271
1272	/*
1273	 * Use GFP_ATOMIC as rxq_process is called from
1274	 * the primary interrupt handler, memory allocation call
1275	 * must not sleep.
1276	 */
1277	priv->beacon_skb = skb_copy(skb, GFP_ATOMIC);
1278	if (priv->beacon_skb != NULL)
1279		ieee80211_queue_work(hw, &priv->finalize_join_worker);
1280}
1281
1282static inline struct mwl8k_vif *mwl8k_find_vif_bss(struct list_head *vif_list,
1283						   u8 *bssid)
1284{
1285	struct mwl8k_vif *mwl8k_vif;
1286
1287	list_for_each_entry(mwl8k_vif,
1288			    vif_list, list) {
1289		if (memcmp(bssid, mwl8k_vif->bssid,
1290			   ETH_ALEN) == 0)
1291			return mwl8k_vif;
1292	}
1293
1294	return NULL;
1295}
1296
1297static int rxq_process(struct ieee80211_hw *hw, int index, int limit)
1298{
1299	struct mwl8k_priv *priv = hw->priv;
1300	struct mwl8k_vif *mwl8k_vif = NULL;
1301	struct mwl8k_rx_queue *rxq = priv->rxq + index;
1302	int processed;
1303
1304	processed = 0;
1305	while (rxq->rxd_count && limit--) {
1306		struct sk_buff *skb;
1307		void *rxd;
1308		int pkt_len;
1309		struct ieee80211_rx_status status;
1310		struct ieee80211_hdr *wh;
1311		__le16 qos;
1312
1313		skb = rxq->buf[rxq->head].skb;
1314		if (skb == NULL)
1315			break;
1316
1317		rxd = rxq->rxd + (rxq->head * priv->rxd_ops->rxd_size);
1318
1319		pkt_len = priv->rxd_ops->rxd_process(rxd, &status, &qos,
1320							&priv->noise);
1321		if (pkt_len < 0)
1322			break;
1323
1324		rxq->buf[rxq->head].skb = NULL;
1325
1326		pci_unmap_single(priv->pdev,
1327				 dma_unmap_addr(&rxq->buf[rxq->head], dma),
1328				 MWL8K_RX_MAXSZ, PCI_DMA_FROMDEVICE);
1329		dma_unmap_addr_set(&rxq->buf[rxq->head], dma, 0);
1330
1331		rxq->head++;
1332		if (rxq->head == MWL8K_RX_DESCS)
1333			rxq->head = 0;
1334
1335		rxq->rxd_count--;
1336
1337		wh = &((struct mwl8k_dma_data *)skb->data)->wh;
1338
1339		/*
1340		 * Check for a pending join operation.  Save a
1341		 * copy of the beacon and schedule a tasklet to
1342		 * send a FINALIZE_JOIN command to the firmware.
1343		 */
1344		if (mwl8k_capture_bssid(priv, (void *)skb->data))
1345			mwl8k_save_beacon(hw, skb);
1346
1347		if (ieee80211_has_protected(wh->frame_control)) {
1348
1349			/* Check if hw crypto has been enabled for
1350			 * this bss. If yes, set the status flags
1351			 * accordingly
1352			 */
1353			mwl8k_vif = mwl8k_find_vif_bss(&priv->vif_list,
1354								wh->addr1);
1355
1356			if (mwl8k_vif != NULL &&
1357			    mwl8k_vif->is_hw_crypto_enabled) {
1358				/*
1359				 * When MMIC ERROR is encountered
1360				 * by the firmware, payload is
1361				 * dropped and only 32 bytes of
1362				 * mwl8k Firmware header is sent
1363				 * to the host.
1364				 *
1365				 * We need to add four bytes of
1366				 * key information.  In it
1367				 * MAC80211 expects keyidx set to
1368				 * 0 for triggering Counter
1369				 * Measure of MMIC failure.
1370				 */
1371				if (status.flag & RX_FLAG_MMIC_ERROR) {
1372					struct mwl8k_dma_data *tr;
1373					tr = (struct mwl8k_dma_data *)skb->data;
1374					memset((void *)&(tr->data), 0, 4);
1375					pkt_len += 4;
1376				}
1377
1378				if (!ieee80211_is_auth(wh->frame_control))
1379					status.flag |= RX_FLAG_IV_STRIPPED |
1380						       RX_FLAG_DECRYPTED |
1381						       RX_FLAG_MMIC_STRIPPED;
1382			}
1383		}
1384
1385		skb_put(skb, pkt_len);
1386		mwl8k_remove_dma_header(skb, qos);
1387		memcpy(IEEE80211_SKB_RXCB(skb), &status, sizeof(status));
1388		ieee80211_rx_irqsafe(hw, skb);
1389
1390		processed++;
1391	}
1392
1393	return processed;
1394}
1395
1396
1397/*
1398 * Packet transmission.
1399 */
1400
1401#define MWL8K_TXD_STATUS_OK			0x00000001
1402#define MWL8K_TXD_STATUS_OK_RETRY		0x00000002
1403#define MWL8K_TXD_STATUS_OK_MORE_RETRY		0x00000004
1404#define MWL8K_TXD_STATUS_MULTICAST_TX		0x00000008
1405#define MWL8K_TXD_STATUS_FW_OWNED		0x80000000
1406
1407#define MWL8K_QOS_QLEN_UNSPEC			0xff00
1408#define MWL8K_QOS_ACK_POLICY_MASK		0x0060
1409#define MWL8K_QOS_ACK_POLICY_NORMAL		0x0000
1410#define MWL8K_QOS_ACK_POLICY_BLOCKACK		0x0060
1411#define MWL8K_QOS_EOSP				0x0010
1412
1413struct mwl8k_tx_desc {
1414	__le32 status;
1415	__u8 data_rate;
1416	__u8 tx_priority;
1417	__le16 qos_control;
1418	__le32 pkt_phys_addr;
1419	__le16 pkt_len;
1420	__u8 dest_MAC_addr[ETH_ALEN];
1421	__le32 next_txd_phys_addr;
1422	__le32 timestamp;
1423	__le16 rate_info;
1424	__u8 peer_id;
1425	__u8 tx_frag_cnt;
1426} __packed;
1427
1428#define MWL8K_TX_DESCS		128
1429
1430static int mwl8k_txq_init(struct ieee80211_hw *hw, int index)
1431{
1432	struct mwl8k_priv *priv = hw->priv;
1433	struct mwl8k_tx_queue *txq = priv->txq + index;
1434	int size;
1435	int i;
1436
1437	txq->len = 0;
1438	txq->head = 0;
1439	txq->tail = 0;
1440
1441	size = MWL8K_TX_DESCS * sizeof(struct mwl8k_tx_desc);
1442
1443	txq->txd = pci_alloc_consistent(priv->pdev, size, &txq->txd_dma);
1444	if (txq->txd == NULL) {
1445		wiphy_err(hw->wiphy, "failed to alloc TX descriptors\n");
1446		return -ENOMEM;
1447	}
1448	memset(txq->txd, 0, size);
1449
1450	txq->skb = kcalloc(MWL8K_TX_DESCS, sizeof(*txq->skb), GFP_KERNEL);
1451	if (txq->skb == NULL) {
1452		pci_free_consistent(priv->pdev, size, txq->txd, txq->txd_dma);
1453		return -ENOMEM;
1454	}
1455
1456	for (i = 0; i < MWL8K_TX_DESCS; i++) {
1457		struct mwl8k_tx_desc *tx_desc;
1458		int nexti;
1459
1460		tx_desc = txq->txd + i;
1461		nexti = (i + 1) % MWL8K_TX_DESCS;
1462
1463		tx_desc->status = 0;
1464		tx_desc->next_txd_phys_addr =
1465			cpu_to_le32(txq->txd_dma + nexti * sizeof(*tx_desc));
1466	}
1467
1468	return 0;
1469}
1470
1471static inline void mwl8k_tx_start(struct mwl8k_priv *priv)
1472{
1473	iowrite32(MWL8K_H2A_INT_PPA_READY,
1474		priv->regs + MWL8K_HIU_H2A_INTERRUPT_EVENTS);
1475	iowrite32(MWL8K_H2A_INT_DUMMY,
1476		priv->regs + MWL8K_HIU_H2A_INTERRUPT_EVENTS);
1477	ioread32(priv->regs + MWL8K_HIU_INT_CODE);
1478}
1479
1480static void mwl8k_dump_tx_rings(struct ieee80211_hw *hw)
1481{
1482	struct mwl8k_priv *priv = hw->priv;
1483	int i;
1484
1485	for (i = 0; i < mwl8k_tx_queues(priv); i++) {
1486		struct mwl8k_tx_queue *txq = priv->txq + i;
1487		int fw_owned = 0;
1488		int drv_owned = 0;
1489		int unused = 0;
1490		int desc;
1491
1492		for (desc = 0; desc < MWL8K_TX_DESCS; desc++) {
1493			struct mwl8k_tx_desc *tx_desc = txq->txd + desc;
1494			u32 status;
1495
1496			status = le32_to_cpu(tx_desc->status);
1497			if (status & MWL8K_TXD_STATUS_FW_OWNED)
1498				fw_owned++;
1499			else
1500				drv_owned++;
1501
1502			if (tx_desc->pkt_len == 0)
1503				unused++;
1504		}
1505
1506		wiphy_err(hw->wiphy,
1507			  "txq[%d] len=%d head=%d tail=%d "
1508			  "fw_owned=%d drv_owned=%d unused=%d\n",
1509			  i,
1510			  txq->len, txq->head, txq->tail,
1511			  fw_owned, drv_owned, unused);
1512	}
1513}
1514
1515/*
1516 * Must be called with priv->fw_mutex held and tx queues stopped.
1517 */
1518#define MWL8K_TX_WAIT_TIMEOUT_MS	5000
1519
1520static int mwl8k_tx_wait_empty(struct ieee80211_hw *hw)
1521{
1522	struct mwl8k_priv *priv = hw->priv;
1523	DECLARE_COMPLETION_ONSTACK(tx_wait);
1524	int retry;
1525	int rc;
1526
1527	might_sleep();
1528
1529	/* Since fw restart is in progress, allow only the firmware
1530	 * commands from the restart code and block the other
1531	 * commands since they are going to fail in any case since
1532	 * the firmware has crashed
1533	 */
1534	if (priv->hw_restart_in_progress) {
1535		if (priv->hw_restart_owner == current)
1536			return 0;
1537		else
1538			return -EBUSY;
1539	}
1540
1541	if (atomic_read(&priv->watchdog_event_pending))
1542		return 0;
1543
1544	/*
1545	 * The TX queues are stopped at this point, so this test
1546	 * doesn't need to take ->tx_lock.
1547	 */
1548	if (!priv->pending_tx_pkts)
1549		return 0;
1550
1551	retry = 1;
1552	rc = 0;
1553
1554	spin_lock_bh(&priv->tx_lock);
1555	priv->tx_wait = &tx_wait;
1556	while (!rc) {
1557		int oldcount;
1558		unsigned long timeout;
1559
1560		oldcount = priv->pending_tx_pkts;
1561
1562		spin_unlock_bh(&priv->tx_lock);
1563		timeout = wait_for_completion_timeout(&tx_wait,
1564			    msecs_to_jiffies(MWL8K_TX_WAIT_TIMEOUT_MS));
1565
1566		if (atomic_read(&priv->watchdog_event_pending)) {
1567			spin_lock_bh(&priv->tx_lock);
1568			priv->tx_wait = NULL;
1569			spin_unlock_bh(&priv->tx_lock);
1570			return 0;
1571		}
1572
1573		spin_lock_bh(&priv->tx_lock);
1574
1575		if (timeout || !priv->pending_tx_pkts) {
1576			WARN_ON(priv->pending_tx_pkts);
1577			if (retry)
1578				wiphy_notice(hw->wiphy, "tx rings drained\n");
1579			break;
1580		}
1581
1582		if (retry) {
1583			mwl8k_tx_start(priv);
1584			retry = 0;
1585			continue;
1586		}
1587
1588		if (priv->pending_tx_pkts < oldcount) {
1589			wiphy_notice(hw->wiphy,
1590				     "waiting for tx rings to drain (%d -> %d pkts)\n",
1591				     oldcount, priv->pending_tx_pkts);
1592			retry = 1;
1593			continue;
1594		}
1595
1596		priv->tx_wait = NULL;
1597
1598		wiphy_err(hw->wiphy, "tx rings stuck for %d ms\n",
1599			  MWL8K_TX_WAIT_TIMEOUT_MS);
1600		mwl8k_dump_tx_rings(hw);
1601		priv->hw_restart_in_progress = true;
1602		ieee80211_queue_work(hw, &priv->fw_reload);
1603
1604		rc = -ETIMEDOUT;
1605	}
1606	priv->tx_wait = NULL;
1607	spin_unlock_bh(&priv->tx_lock);
1608
1609	return rc;
1610}
1611
1612#define MWL8K_TXD_SUCCESS(status)				\
1613	((status) & (MWL8K_TXD_STATUS_OK |			\
1614		     MWL8K_TXD_STATUS_OK_RETRY |		\
1615		     MWL8K_TXD_STATUS_OK_MORE_RETRY))
1616
1617static int mwl8k_tid_queue_mapping(u8 tid)
1618{
1619	BUG_ON(tid > 7);
1620
1621	switch (tid) {
1622	case 0:
1623	case 3:
1624		return IEEE80211_AC_BE;
1625		break;
1626	case 1:
1627	case 2:
1628		return IEEE80211_AC_BK;
1629		break;
1630	case 4:
1631	case 5:
1632		return IEEE80211_AC_VI;
1633		break;
1634	case 6:
1635	case 7:
1636		return IEEE80211_AC_VO;
1637		break;
1638	default:
1639		return -1;
1640		break;
1641	}
1642}
1643
1644/* The firmware will fill in the rate information
1645 * for each packet that gets queued in the hardware
1646 * and these macros will interpret that info.
1647 */
1648
1649#define RI_FORMAT(a)		  (a & 0x0001)
1650#define RI_RATE_ID_MCS(a)	 ((a & 0x01f8) >> 3)
1651
1652static int
1653mwl8k_txq_reclaim(struct ieee80211_hw *hw, int index, int limit, int force)
1654{
1655	struct mwl8k_priv *priv = hw->priv;
1656	struct mwl8k_tx_queue *txq = priv->txq + index;
1657	int processed;
1658
1659	processed = 0;
1660	while (txq->len > 0 && limit--) {
1661		int tx;
1662		struct mwl8k_tx_desc *tx_desc;
1663		unsigned long addr;
1664		int size;
1665		struct sk_buff *skb;
1666		struct ieee80211_tx_info *info;
1667		u32 status;
1668		struct ieee80211_sta *sta;
1669		struct mwl8k_sta *sta_info = NULL;
1670		u16 rate_info;
1671		struct ieee80211_hdr *wh;
1672
1673		tx = txq->head;
1674		tx_desc = txq->txd + tx;
1675
1676		status = le32_to_cpu(tx_desc->status);
1677
1678		if (status & MWL8K_TXD_STATUS_FW_OWNED) {
1679			if (!force)
1680				break;
1681			tx_desc->status &=
1682				~cpu_to_le32(MWL8K_TXD_STATUS_FW_OWNED);
1683		}
1684
1685		txq->head = (tx + 1) % MWL8K_TX_DESCS;
1686		BUG_ON(txq->len == 0);
1687		txq->len--;
1688		priv->pending_tx_pkts--;
1689
1690		addr = le32_to_cpu(tx_desc->pkt_phys_addr);
1691		size = le16_to_cpu(tx_desc->pkt_len);
1692		skb = txq->skb[tx];
1693		txq->skb[tx] = NULL;
1694
1695		BUG_ON(skb == NULL);
1696		pci_unmap_single(priv->pdev, addr, size, PCI_DMA_TODEVICE);
1697
1698		mwl8k_remove_dma_header(skb, tx_desc->qos_control);
1699
1700		wh = (struct ieee80211_hdr *) skb->data;
1701
1702		/* Mark descriptor as unused */
1703		tx_desc->pkt_phys_addr = 0;
1704		tx_desc->pkt_len = 0;
1705
1706		info = IEEE80211_SKB_CB(skb);
1707		if (ieee80211_is_data(wh->frame_control)) {
1708			rcu_read_lock();
1709			sta = ieee80211_find_sta_by_ifaddr(hw, wh->addr1,
1710							   wh->addr2);
1711			if (sta) {
1712				sta_info = MWL8K_STA(sta);
1713				BUG_ON(sta_info == NULL);
1714				rate_info = le16_to_cpu(tx_desc->rate_info);
1715				/* If rate is < 6.5 Mpbs for an ht station
1716				 * do not form an ampdu. If the station is a
1717				 * legacy station (format = 0), do not form an
1718				 * ampdu
1719				 */
1720				if (RI_RATE_ID_MCS(rate_info) < 1 ||
1721				    RI_FORMAT(rate_info) == 0) {
1722					sta_info->is_ampdu_allowed = false;
1723				} else {
1724					sta_info->is_ampdu_allowed = true;
1725				}
1726			}
1727			rcu_read_unlock();
1728		}
1729
1730		ieee80211_tx_info_clear_status(info);
1731
1732		/* Rate control is happening in the firmware.
1733		 * Ensure no tx rate is being reported.
1734		 */
1735		info->status.rates[0].idx = -1;
1736		info->status.rates[0].count = 1;
1737
1738		if (MWL8K_TXD_SUCCESS(status))
1739			info->flags |= IEEE80211_TX_STAT_ACK;
1740
1741		ieee80211_tx_status_irqsafe(hw, skb);
1742
1743		processed++;
1744	}
1745
1746	return processed;
1747}
1748
1749/* must be called only when the card's transmit is completely halted */
1750static void mwl8k_txq_deinit(struct ieee80211_hw *hw, int index)
1751{
1752	struct mwl8k_priv *priv = hw->priv;
1753	struct mwl8k_tx_queue *txq = priv->txq + index;
1754
1755	if (txq->txd == NULL)
1756		return;
1757
1758	mwl8k_txq_reclaim(hw, index, INT_MAX, 1);
1759
1760	kfree(txq->skb);
1761	txq->skb = NULL;
1762
1763	pci_free_consistent(priv->pdev,
1764			    MWL8K_TX_DESCS * sizeof(struct mwl8k_tx_desc),
1765			    txq->txd, txq->txd_dma);
1766	txq->txd = NULL;
1767}
1768
1769/* caller must hold priv->stream_lock when calling the stream functions */
1770static struct mwl8k_ampdu_stream *
1771mwl8k_add_stream(struct ieee80211_hw *hw, struct ieee80211_sta *sta, u8 tid)
1772{
1773	struct mwl8k_ampdu_stream *stream;
1774	struct mwl8k_priv *priv = hw->priv;
1775	int i;
1776
1777	for (i = 0; i < MWL8K_NUM_AMPDU_STREAMS; i++) {
1778		stream = &priv->ampdu[i];
1779		if (stream->state == AMPDU_NO_STREAM) {
1780			stream->sta = sta;
1781			stream->state = AMPDU_STREAM_NEW;
1782			stream->tid = tid;
1783			stream->idx = i;
1784			wiphy_debug(hw->wiphy, "Added a new stream for %pM %d",
1785				    sta->addr, tid);
1786			return stream;
1787		}
1788	}
1789	return NULL;
1790}
1791
1792static int
1793mwl8k_start_stream(struct ieee80211_hw *hw, struct mwl8k_ampdu_stream *stream)
1794{
1795	int ret;
1796
1797	/* if the stream has already been started, don't start it again */
1798	if (stream->state != AMPDU_STREAM_NEW)
1799		return 0;
1800	ret = ieee80211_start_tx_ba_session(stream->sta, stream->tid, 0);
1801	if (ret)
1802		wiphy_debug(hw->wiphy, "Failed to start stream for %pM %d: "
1803			    "%d\n", stream->sta->addr, stream->tid, ret);
1804	else
1805		wiphy_debug(hw->wiphy, "Started stream for %pM %d\n",
1806			    stream->sta->addr, stream->tid);
1807	return ret;
1808}
1809
1810static void
1811mwl8k_remove_stream(struct ieee80211_hw *hw, struct mwl8k_ampdu_stream *stream)
1812{
1813	wiphy_debug(hw->wiphy, "Remove stream for %pM %d\n", stream->sta->addr,
1814		    stream->tid);
1815	memset(stream, 0, sizeof(*stream));
1816}
1817
1818static struct mwl8k_ampdu_stream *
1819mwl8k_lookup_stream(struct ieee80211_hw *hw, u8 *addr, u8 tid)
1820{
1821	struct mwl8k_priv *priv = hw->priv;
1822	int i;
1823
1824	for (i = 0; i < MWL8K_NUM_AMPDU_STREAMS; i++) {
1825		struct mwl8k_ampdu_stream *stream;
1826		stream = &priv->ampdu[i];
1827		if (stream->state == AMPDU_NO_STREAM)
1828			continue;
1829		if (!memcmp(stream->sta->addr, addr, ETH_ALEN) &&
1830		    stream->tid == tid)
1831			return stream;
1832	}
1833	return NULL;
1834}
1835
1836#define MWL8K_AMPDU_PACKET_THRESHOLD 64
1837static inline bool mwl8k_ampdu_allowed(struct ieee80211_sta *sta, u8 tid)
1838{
1839	struct mwl8k_sta *sta_info = MWL8K_STA(sta);
1840	struct tx_traffic_info *tx_stats;
1841
1842	BUG_ON(tid >= MWL8K_MAX_TID);
1843	tx_stats = &sta_info->tx_stats[tid];
1844
1845	return sta_info->is_ampdu_allowed &&
1846		tx_stats->pkts > MWL8K_AMPDU_PACKET_THRESHOLD;
1847}
1848
1849static inline void mwl8k_tx_count_packet(struct ieee80211_sta *sta, u8 tid)
1850{
1851	struct mwl8k_sta *sta_info = MWL8K_STA(sta);
1852	struct tx_traffic_info *tx_stats;
1853
1854	BUG_ON(tid >= MWL8K_MAX_TID);
1855	tx_stats = &sta_info->tx_stats[tid];
1856
1857	if (tx_stats->start_time == 0)
1858		tx_stats->start_time = jiffies;
1859
1860	/* reset the packet count after each second elapses.  If the number of
1861	 * packets ever exceeds the ampdu_min_traffic threshold, we will allow
1862	 * an ampdu stream to be started.
1863	 */
1864	if (jiffies - tx_stats->start_time > HZ) {
1865		tx_stats->pkts = 0;
1866		tx_stats->start_time = 0;
1867	} else
1868		tx_stats->pkts++;
1869}
1870
1871/* The hardware ampdu queues start from 5.
1872 * txpriorities for ampdu queues are
1873 * 5 6 7 0 1 2 3 4 ie., queue 5 is highest
1874 * and queue 3 is lowest (queue 4 is reserved)
1875 */
1876#define BA_QUEUE		5
1877
1878static void
1879mwl8k_txq_xmit(struct ieee80211_hw *hw,
1880	       int index,
1881	       struct ieee80211_sta *sta,
1882	       struct sk_buff *skb)
1883{
1884	struct mwl8k_priv *priv = hw->priv;
1885	struct ieee80211_tx_info *tx_info;
1886	struct mwl8k_vif *mwl8k_vif;
1887	struct ieee80211_hdr *wh;
1888	struct mwl8k_tx_queue *txq;
1889	struct mwl8k_tx_desc *tx;
1890	dma_addr_t dma;
1891	u32 txstatus;
1892	u8 txdatarate;
1893	u16 qos;
1894	int txpriority;
1895	u8 tid = 0;
1896	struct mwl8k_ampdu_stream *stream = NULL;
1897	bool start_ba_session = false;
1898	bool mgmtframe = false;
1899	struct ieee80211_mgmt *mgmt = (struct ieee80211_mgmt *)skb->data;
1900	bool eapol_frame = false;
1901
1902	wh = (struct ieee80211_hdr *)skb->data;
1903	if (ieee80211_is_data_qos(wh->frame_control))
1904		qos = le16_to_cpu(*((__le16 *)ieee80211_get_qos_ctl(wh)));
1905	else
1906		qos = 0;
1907
1908	if (skb->protocol == cpu_to_be16(ETH_P_PAE))
1909		eapol_frame = true;
1910
1911	if (ieee80211_is_mgmt(wh->frame_control))
1912		mgmtframe = true;
1913
1914	if (priv->ap_fw)
1915		mwl8k_encapsulate_tx_frame(priv, skb);
1916	else
1917		mwl8k_add_dma_header(priv, skb, 0, 0);
1918
1919	wh = &((struct mwl8k_dma_data *)skb->data)->wh;
1920
1921	tx_info = IEEE80211_SKB_CB(skb);
1922	mwl8k_vif = MWL8K_VIF(tx_info->control.vif);
1923
1924	if (tx_info->flags & IEEE80211_TX_CTL_ASSIGN_SEQ) {
1925		wh->seq_ctrl &= cpu_to_le16(IEEE80211_SCTL_FRAG);
1926		wh->seq_ctrl |= cpu_to_le16(mwl8k_vif->seqno);
1927		mwl8k_vif->seqno += 0x10;
1928	}
1929
1930	/* Setup firmware control bit fields for each frame type.  */
1931	txstatus = 0;
1932	txdatarate = 0;
1933	if (ieee80211_is_mgmt(wh->frame_control) ||
1934	    ieee80211_is_ctl(wh->frame_control)) {
1935		txdatarate = 0;
1936		qos |= MWL8K_QOS_QLEN_UNSPEC | MWL8K_QOS_EOSP;
1937	} else if (ieee80211_is_data(wh->frame_control)) {
1938		txdatarate = 1;
1939		if (is_multicast_ether_addr(wh->addr1))
1940			txstatus |= MWL8K_TXD_STATUS_MULTICAST_TX;
1941
1942		qos &= ~MWL8K_QOS_ACK_POLICY_MASK;
1943		if (tx_info->flags & IEEE80211_TX_CTL_AMPDU)
1944			qos |= MWL8K_QOS_ACK_POLICY_BLOCKACK;
1945		else
1946			qos |= MWL8K_QOS_ACK_POLICY_NORMAL;
1947	}
1948
1949	/* Queue ADDBA request in the respective data queue.  While setting up
1950	 * the ampdu stream, mac80211 queues further packets for that
1951	 * particular ra/tid pair.  However, packets piled up in the hardware
1952	 * for that ra/tid pair will still go out. ADDBA request and the
1953	 * related data packets going out from different queues asynchronously
1954	 * will cause a shift in the receiver window which might result in
1955	 * ampdu packets getting dropped at the receiver after the stream has
1956	 * been setup.
1957	 */
1958	if (unlikely(ieee80211_is_action(wh->frame_control) &&
1959	    mgmt->u.action.category == WLAN_CATEGORY_BACK &&
1960	    mgmt->u.action.u.addba_req.action_code == WLAN_ACTION_ADDBA_REQ &&
1961	    priv->ap_fw)) {
1962		u16 capab = le16_to_cpu(mgmt->u.action.u.addba_req.capab);
1963		tid = (capab & IEEE80211_ADDBA_PARAM_TID_MASK) >> 2;
1964		index = mwl8k_tid_queue_mapping(tid);
1965	}
1966
1967	txpriority = index;
1968
1969	if (priv->ap_fw && sta && sta->ht_cap.ht_supported && !eapol_frame &&
1970	    ieee80211_is_data_qos(wh->frame_control)) {
1971		tid = qos & 0xf;
1972		mwl8k_tx_count_packet(sta, tid);
1973		spin_lock(&priv->stream_lock);
1974		stream = mwl8k_lookup_stream(hw, sta->addr, tid);
1975		if (stream != NULL) {
1976			if (stream->state == AMPDU_STREAM_ACTIVE) {
1977				WARN_ON(!(qos & MWL8K_QOS_ACK_POLICY_BLOCKACK));
1978				txpriority = (BA_QUEUE + stream->idx) %
1979					     TOTAL_HW_TX_QUEUES;
1980				if (stream->idx <= 1)
1981					index = stream->idx +
1982						MWL8K_TX_WMM_QUEUES;
1983
1984			} else if (stream->state == AMPDU_STREAM_NEW) {
1985				/* We get here if the driver sends us packets
1986				 * after we've initiated a stream, but before
1987				 * our ampdu_action routine has been called
1988				 * with IEEE80211_AMPDU_TX_START to get the SSN
1989				 * for the ADDBA request.  So this packet can
1990				 * go out with no risk of sequence number
1991				 * mismatch.  No special handling is required.
1992				 */
1993			} else {
1994				/* Drop packets that would go out after the
1995				 * ADDBA request was sent but before the ADDBA
1996				 * response is received.  If we don't do this,
1997				 * the recipient would probably receive it
1998				 * after the ADDBA request with SSN 0.  This
1999				 * will cause the recipient's BA receive window
2000				 * to shift, which would cause the subsequent
2001				 * packets in the BA stream to be discarded.
2002				 * mac80211 queues our packets for us in this
2003				 * case, so this is really just a safety check.
2004				 */
2005				wiphy_warn(hw->wiphy,
2006					   "Cannot send packet while ADDBA "
2007					   "dialog is underway.\n");
2008				spin_unlock(&priv->stream_lock);
2009				dev_kfree_skb(skb);
2010				return;
2011			}
2012		} else {
2013			/* Defer calling mwl8k_start_stream so that the current
2014			 * skb can go out before the ADDBA request.  This
2015			 * prevents sequence number mismatch at the recepient
2016			 * as described above.
2017			 */
2018			if (mwl8k_ampdu_allowed(sta, tid)) {
2019				stream = mwl8k_add_stream(hw, sta, tid);
2020				if (stream != NULL)
2021					start_ba_session = true;
2022			}
2023		}
2024		spin_unlock(&priv->stream_lock);
2025	} else {
2026		qos &= ~MWL8K_QOS_ACK_POLICY_MASK;
2027		qos |= MWL8K_QOS_ACK_POLICY_NORMAL;
2028	}
2029
2030	dma = pci_map_single(priv->pdev, skb->data,
2031				skb->len, PCI_DMA_TODEVICE);
2032
2033	if (pci_dma_mapping_error(priv->pdev, dma)) {
2034		wiphy_debug(hw->wiphy,
2035			    "failed to dma map skb, dropping TX frame.\n");
2036		if (start_ba_session) {
2037			spin_lock(&priv->stream_lock);
2038			mwl8k_remove_stream(hw, stream);
2039			spin_unlock(&priv->stream_lock);
2040		}
2041		dev_kfree_skb(skb);
2042		return;
2043	}
2044
2045	spin_lock_bh(&priv->tx_lock);
2046
2047	txq = priv->txq + index;
2048
2049	/* Mgmt frames that go out frequently are probe
2050	 * responses. Other mgmt frames got out relatively
2051	 * infrequently. Hence reserve 2 buffers so that
2052	 * other mgmt frames do not get dropped due to an
2053	 * already queued probe response in one of the
2054	 * reserved buffers.
2055	 */
2056
2057	if (txq->len >= MWL8K_TX_DESCS - 2) {
2058		if (!mgmtframe || txq->len == MWL8K_TX_DESCS) {
2059			if (start_ba_session) {
2060				spin_lock(&priv->stream_lock);
2061				mwl8k_remove_stream(hw, stream);
2062				spin_unlock(&priv->stream_lock);
2063			}
2064			mwl8k_tx_start(priv);
2065			spin_unlock_bh(&priv->tx_lock);
2066			pci_unmap_single(priv->pdev, dma, skb->len,
2067					 PCI_DMA_TODEVICE);
2068			dev_kfree_skb(skb);
2069			return;
2070		}
2071	}
2072
2073	BUG_ON(txq->skb[txq->tail] != NULL);
2074	txq->skb[txq->tail] = skb;
2075
2076	tx = txq->txd + txq->tail;
2077	tx->data_rate = txdatarate;
2078	tx->tx_priority = txpriority;
2079	tx->qos_control = cpu_to_le16(qos);
2080	tx->pkt_phys_addr = cpu_to_le32(dma);
2081	tx->pkt_len = cpu_to_le16(skb->len);
2082	tx->rate_info = 0;
2083	if (!priv->ap_fw && sta != NULL)
2084		tx->peer_id = MWL8K_STA(sta)->peer_id;
2085	else
2086		tx->peer_id = 0;
2087
2088	if (priv->ap_fw && ieee80211_is_data(wh->frame_control) && !eapol_frame)
2089		tx->timestamp = cpu_to_le32(ioread32(priv->regs +
2090						MWL8K_HW_TIMER_REGISTER));
2091	else
2092		tx->timestamp = 0;
2093
2094	wmb();
2095	tx->status = cpu_to_le32(MWL8K_TXD_STATUS_FW_OWNED | txstatus);
2096
2097	txq->len++;
2098	priv->pending_tx_pkts++;
2099
2100	txq->tail++;
2101	if (txq->tail == MWL8K_TX_DESCS)
2102		txq->tail = 0;
2103
2104	mwl8k_tx_start(priv);
2105
2106	spin_unlock_bh(&priv->tx_lock);
2107
2108	/* Initiate the ampdu session here */
2109	if (start_ba_session) {
2110		spin_lock(&priv->stream_lock);
2111		if (mwl8k_start_stream(hw, stream))
2112			mwl8k_remove_stream(hw, stream);
2113		spin_unlock(&priv->stream_lock);
2114	}
2115}
2116
2117
2118/*
2119 * Firmware access.
2120 *
2121 * We have the following requirements for issuing firmware commands:
2122 * - Some commands require that the packet transmit path is idle when
2123 *   the command is issued.  (For simplicity, we'll just quiesce the
2124 *   transmit path for every command.)
2125 * - There are certain sequences of commands that need to be issued to
2126 *   the hardware sequentially, with no other intervening commands.
2127 *
2128 * This leads to an implementation of a "firmware lock" as a mutex that
2129 * can be taken recursively, and which is taken by both the low-level
2130 * command submission function (mwl8k_post_cmd) as well as any users of
2131 * that function that require issuing of an atomic sequence of commands,
2132 * and quiesces the transmit path whenever it's taken.
2133 */
2134static int mwl8k_fw_lock(struct ieee80211_hw *hw)
2135{
2136	struct mwl8k_priv *priv = hw->priv;
2137
2138	if (priv->fw_mutex_owner != current) {
2139		int rc;
2140
2141		mutex_lock(&priv->fw_mutex);
2142		ieee80211_stop_queues(hw);
2143
2144		rc = mwl8k_tx_wait_empty(hw);
2145		if (rc) {
2146			if (!priv->hw_restart_in_progress)
2147				ieee80211_wake_queues(hw);
2148
2149			mutex_unlock(&priv->fw_mutex);
2150
2151			return rc;
2152		}
2153
2154		priv->fw_mutex_owner = current;
2155	}
2156
2157	priv->fw_mutex_depth++;
2158
2159	return 0;
2160}
2161
2162static void mwl8k_fw_unlock(struct ieee80211_hw *hw)
2163{
2164	struct mwl8k_priv *priv = hw->priv;
2165
2166	if (!--priv->fw_mutex_depth) {
2167		if (!priv->hw_restart_in_progress)
2168			ieee80211_wake_queues(hw);
2169
2170		priv->fw_mutex_owner = NULL;
2171		mutex_unlock(&priv->fw_mutex);
2172	}
2173}
2174
2175static void mwl8k_enable_bsses(struct ieee80211_hw *hw, bool enable,
2176			       u32 bitmap);
2177
2178/*
2179 * Command processing.
2180 */
2181
2182/* Timeout firmware commands after 10s */
2183#define MWL8K_CMD_TIMEOUT_MS	10000
2184
2185static int mwl8k_post_cmd(struct ieee80211_hw *hw, struct mwl8k_cmd_pkt *cmd)
2186{
2187	DECLARE_COMPLETION_ONSTACK(cmd_wait);
2188	struct mwl8k_priv *priv = hw->priv;
2189	void __iomem *regs = priv->regs;
2190	dma_addr_t dma_addr;
2191	unsigned int dma_size;
2192	int rc;
2193	unsigned long timeout = 0;
2194	u8 buf[32];
2195	u32 bitmap = 0;
2196
2197	wiphy_dbg(hw->wiphy, "Posting %s [%d]\n",
2198		  mwl8k_cmd_name(cmd->code, buf, sizeof(buf)), cmd->macid);
2199
2200	/* Before posting firmware commands that could change the hardware
2201	 * characteristics, make sure that all BSSes are stopped temporary.
2202	 * Enable these stopped BSSes after completion of the commands
2203	 */
2204
2205	rc = mwl8k_fw_lock(hw);
2206	if (rc)
2207		return rc;
2208
2209	if (priv->ap_fw && priv->running_bsses) {
2210		switch (le16_to_cpu(cmd->code)) {
2211		case MWL8K_CMD_SET_RF_CHANNEL:
2212		case MWL8K_CMD_RADIO_CONTROL:
2213		case MWL8K_CMD_RF_TX_POWER:
2214		case MWL8K_CMD_TX_POWER:
2215		case MWL8K_CMD_RF_ANTENNA:
2216		case MWL8K_CMD_RTS_THRESHOLD:
2217		case MWL8K_CMD_MIMO_CONFIG:
2218			bitmap = priv->running_bsses;
2219			mwl8k_enable_bsses(hw, false, bitmap);
2220			break;
2221		}
2222	}
2223
2224	cmd->result = (__force __le16) 0xffff;
2225	dma_size = le16_to_cpu(cmd->length);
2226	dma_addr = pci_map_single(priv->pdev, cmd, dma_size,
2227				  PCI_DMA_BIDIRECTIONAL);
2228	if (pci_dma_mapping_error(priv->pdev, dma_addr))
2229		return -ENOMEM;
2230
2231	priv->hostcmd_wait = &cmd_wait;
2232	iowrite32(dma_addr, regs + MWL8K_HIU_GEN_PTR);
2233	iowrite32(MWL8K_H2A_INT_DOORBELL,
2234		regs + MWL8K_HIU_H2A_INTERRUPT_EVENTS);
2235	iowrite32(MWL8K_H2A_INT_DUMMY,
2236		regs + MWL8K_HIU_H2A_INTERRUPT_EVENTS);
2237
2238	timeout = wait_for_completion_timeout(&cmd_wait,
2239				msecs_to_jiffies(MWL8K_CMD_TIMEOUT_MS));
2240
2241	priv->hostcmd_wait = NULL;
2242
2243
2244	pci_unmap_single(priv->pdev, dma_addr, dma_size,
2245					PCI_DMA_BIDIRECTIONAL);
2246
2247	if (!timeout) {
2248		wiphy_err(hw->wiphy, "Command %s timeout after %u ms\n",
2249			  mwl8k_cmd_name(cmd->code, buf, sizeof(buf)),
2250			  MWL8K_CMD_TIMEOUT_MS);
2251		rc = -ETIMEDOUT;
2252	} else {
2253		int ms;
2254
2255		ms = MWL8K_CMD_TIMEOUT_MS - jiffies_to_msecs(timeout);
2256
2257		rc = cmd->result ? -EINVAL : 0;
2258		if (rc)
2259			wiphy_err(hw->wiphy, "Command %s error 0x%x\n",
2260				  mwl8k_cmd_name(cmd->code, buf, sizeof(buf)),
2261				  le16_to_cpu(cmd->result));
2262		else if (ms > 2000)
2263			wiphy_notice(hw->wiphy, "Command %s took %d ms\n",
2264				     mwl8k_cmd_name(cmd->code,
2265						    buf, sizeof(buf)),
2266				     ms);
2267	}
2268
2269	if (bitmap)
2270		mwl8k_enable_bsses(hw, true, bitmap);
2271
2272	mwl8k_fw_unlock(hw);
2273
2274	return rc;
2275}
2276
2277static int mwl8k_post_pervif_cmd(struct ieee80211_hw *hw,
2278				 struct ieee80211_vif *vif,
2279				 struct mwl8k_cmd_pkt *cmd)
2280{
2281	if (vif != NULL)
2282		cmd->macid = MWL8K_VIF(vif)->macid;
2283	return mwl8k_post_cmd(hw, cmd);
2284}
2285
2286/*
2287 * Setup code shared between STA and AP firmware images.
2288 */
2289static void mwl8k_setup_2ghz_band(struct ieee80211_hw *hw)
2290{
2291	struct mwl8k_priv *priv = hw->priv;
2292
2293	BUILD_BUG_ON(sizeof(priv->channels_24) != sizeof(mwl8k_channels_24));
2294	memcpy(priv->channels_24, mwl8k_channels_24, sizeof(mwl8k_channels_24));
2295
2296	BUILD_BUG_ON(sizeof(priv->rates_24) != sizeof(mwl8k_rates_24));
2297	memcpy(priv->rates_24, mwl8k_rates_24, sizeof(mwl8k_rates_24));
2298
2299	priv->band_24.band = IEEE80211_BAND_2GHZ;
2300	priv->band_24.channels = priv->channels_24;
2301	priv->band_24.n_channels = ARRAY_SIZE(mwl8k_channels_24);
2302	priv->band_24.bitrates = priv->rates_24;
2303	priv->band_24.n_bitrates = ARRAY_SIZE(mwl8k_rates_24);
2304
2305	hw->wiphy->bands[IEEE80211_BAND_2GHZ] = &priv->band_24;
2306}
2307
2308static void mwl8k_setup_5ghz_band(struct ieee80211_hw *hw)
2309{
2310	struct mwl8k_priv *priv = hw->priv;
2311
2312	BUILD_BUG_ON(sizeof(priv->channels_50) != sizeof(mwl8k_channels_50));
2313	memcpy(priv->channels_50, mwl8k_channels_50, sizeof(mwl8k_channels_50));
2314
2315	BUILD_BUG_ON(sizeof(priv->rates_50) != sizeof(mwl8k_rates_50));
2316	memcpy(priv->rates_50, mwl8k_rates_50, sizeof(mwl8k_rates_50));
2317
2318	priv->band_50.band = IEEE80211_BAND_5GHZ;
2319	priv->band_50.channels = priv->channels_50;
2320	priv->band_50.n_channels = ARRAY_SIZE(mwl8k_channels_50);
2321	priv->band_50.bitrates = priv->rates_50;
2322	priv->band_50.n_bitrates = ARRAY_SIZE(mwl8k_rates_50);
2323
2324	hw->wiphy->bands[IEEE80211_BAND_5GHZ] = &priv->band_50;
2325}
2326
2327/*
2328 * CMD_GET_HW_SPEC (STA version).
2329 */
2330struct mwl8k_cmd_get_hw_spec_sta {
2331	struct mwl8k_cmd_pkt header;
2332	__u8 hw_rev;
2333	__u8 host_interface;
2334	__le16 num_mcaddrs;
2335	__u8 perm_addr[ETH_ALEN];
2336	__le16 region_code;
2337	__le32 fw_rev;
2338	__le32 ps_cookie;
2339	__le32 caps;
2340	__u8 mcs_bitmap[16];
2341	__le32 rx_queue_ptr;
2342	__le32 num_tx_queues;
2343	__le32 tx_queue_ptrs[MWL8K_TX_WMM_QUEUES];
2344	__le32 caps2;
2345	__le32 num_tx_desc_per_queue;
2346	__le32 total_rxd;
2347} __packed;
2348
2349#define MWL8K_CAP_MAX_AMSDU		0x20000000
2350#define MWL8K_CAP_GREENFIELD		0x08000000
2351#define MWL8K_CAP_AMPDU			0x04000000
2352#define MWL8K_CAP_RX_STBC		0x01000000
2353#define MWL8K_CAP_TX_STBC		0x00800000
2354#define MWL8K_CAP_SHORTGI_40MHZ		0x00400000
2355#define MWL8K_CAP_SHORTGI_20MHZ		0x00200000
2356#define MWL8K_CAP_RX_ANTENNA_MASK	0x000e0000
2357#define MWL8K_CAP_TX_ANTENNA_MASK	0x0001c000
2358#define MWL8K_CAP_DELAY_BA		0x00003000
2359#define MWL8K_CAP_MIMO			0x00000200
2360#define MWL8K_CAP_40MHZ			0x00000100
2361#define MWL8K_CAP_BAND_MASK		0x00000007
2362#define MWL8K_CAP_5GHZ			0x00000004
2363#define MWL8K_CAP_2GHZ4			0x00000001
2364
2365static void
2366mwl8k_set_ht_caps(struct ieee80211_hw *hw,
2367		  struct ieee80211_supported_band *band, u32 cap)
2368{
2369	int rx_streams;
2370	int tx_streams;
2371
2372	band->ht_cap.ht_supported = 1;
2373
2374	if (cap & MWL8K_CAP_MAX_AMSDU)
2375		band->ht_cap.cap |= IEEE80211_HT_CAP_MAX_AMSDU;
2376	if (cap & MWL8K_CAP_GREENFIELD)
2377		band->ht_cap.cap |= IEEE80211_HT_CAP_GRN_FLD;
2378	if (cap & MWL8K_CAP_AMPDU) {
2379		hw->flags |= IEEE80211_HW_AMPDU_AGGREGATION;
2380		band->ht_cap.ampdu_factor = IEEE80211_HT_MAX_AMPDU_64K;
2381		band->ht_cap.ampdu_density = IEEE80211_HT_MPDU_DENSITY_NONE;
2382	}
2383	if (cap & MWL8K_CAP_RX_STBC)
2384		band->ht_cap.cap |= IEEE80211_HT_CAP_RX_STBC;
2385	if (cap & MWL8K_CAP_TX_STBC)
2386		band->ht_cap.cap |= IEEE80211_HT_CAP_TX_STBC;
2387	if (cap & MWL8K_CAP_SHORTGI_40MHZ)
2388		band->ht_cap.cap |= IEEE80211_HT_CAP_SGI_40;
2389	if (cap & MWL8K_CAP_SHORTGI_20MHZ)
2390		band->ht_cap.cap |= IEEE80211_HT_CAP_SGI_20;
2391	if (cap & MWL8K_CAP_DELAY_BA)
2392		band->ht_cap.cap |= IEEE80211_HT_CAP_DELAY_BA;
2393	if (cap & MWL8K_CAP_40MHZ)
2394		band->ht_cap.cap |= IEEE80211_HT_CAP_SUP_WIDTH_20_40;
2395
2396	rx_streams = hweight32(cap & MWL8K_CAP_RX_ANTENNA_MASK);
2397	tx_streams = hweight32(cap & MWL8K_CAP_TX_ANTENNA_MASK);
2398
2399	band->ht_cap.mcs.rx_mask[0] = 0xff;
2400	if (rx_streams >= 2)
2401		band->ht_cap.mcs.rx_mask[1] = 0xff;
2402	if (rx_streams >= 3)
2403		band->ht_cap.mcs.rx_mask[2] = 0xff;
2404	band->ht_cap.mcs.rx_mask[4] = 0x01;
2405	band->ht_cap.mcs.tx_params = IEEE80211_HT_MCS_TX_DEFINED;
2406
2407	if (rx_streams != tx_streams) {
2408		band->ht_cap.mcs.tx_params |= IEEE80211_HT_MCS_TX_RX_DIFF;
2409		band->ht_cap.mcs.tx_params |= (tx_streams - 1) <<
2410				IEEE80211_HT_MCS_TX_MAX_STREAMS_SHIFT;
2411	}
2412}
2413
2414static void
2415mwl8k_set_caps(struct ieee80211_hw *hw, u32 caps)
2416{
2417	struct mwl8k_priv *priv = hw->priv;
2418
2419	if (priv->caps)
2420		return;
2421
2422	if ((caps & MWL8K_CAP_2GHZ4) || !(caps & MWL8K_CAP_BAND_MASK)) {
2423		mwl8k_setup_2ghz_band(hw);
2424		if (caps & MWL8K_CAP_MIMO)
2425			mwl8k_set_ht_caps(hw, &priv->band_24, caps);
2426	}
2427
2428	if (caps & MWL8K_CAP_5GHZ) {
2429		mwl8k_setup_5ghz_band(hw);
2430		if (caps & MWL8K_CAP_MIMO)
2431			mwl8k_set_ht_caps(hw, &priv->band_50, caps);
2432	}
2433
2434	priv->caps = caps;
2435}
2436
2437static int mwl8k_cmd_get_hw_spec_sta(struct ieee80211_hw *hw)
2438{
2439	struct mwl8k_priv *priv = hw->priv;
2440	struct mwl8k_cmd_get_hw_spec_sta *cmd;
2441	int rc;
2442	int i;
2443
2444	cmd = kzalloc(sizeof(*cmd), GFP_KERNEL);
2445	if (cmd == NULL)
2446		return -ENOMEM;
2447
2448	cmd->header.code = cpu_to_le16(MWL8K_CMD_GET_HW_SPEC);
2449	cmd->header.length = cpu_to_le16(sizeof(*cmd));
2450
2451	memset(cmd->perm_addr, 0xff, sizeof(cmd->perm_addr));
2452	cmd->ps_cookie = cpu_to_le32(priv->cookie_dma);
2453	cmd->rx_queue_ptr = cpu_to_le32(priv->rxq[0].rxd_dma);
2454	cmd->num_tx_queues = cpu_to_le32(mwl8k_tx_queues(priv));
2455	for (i = 0; i < mwl8k_tx_queues(priv); i++)
2456		cmd->tx_queue_ptrs[i] = cpu_to_le32(priv->txq[i].txd_dma);
2457	cmd->num_tx_desc_per_queue = cpu_to_le32(MWL8K_TX_DESCS);
2458	cmd->total_rxd = cpu_to_le32(MWL8K_RX_DESCS);
2459
2460	rc = mwl8k_post_cmd(hw, &cmd->header);
2461
2462	if (!rc) {
2463		SET_IEEE80211_PERM_ADDR(hw, cmd->perm_addr);
2464		priv->num_mcaddrs = le16_to_cpu(cmd->num_mcaddrs);
2465		priv->fw_rev = le32_to_cpu(cmd->fw_rev);
2466		priv->hw_rev = cmd->hw_rev;
2467		mwl8k_set_caps(hw, le32_to_cpu(cmd->caps));
2468		priv->ap_macids_supported = 0x00000000;
2469		priv->sta_macids_supported = 0x00000001;
2470	}
2471
2472	kfree(cmd);
2473	return rc;
2474}
2475
2476/*
2477 * CMD_GET_HW_SPEC (AP version).
2478 */
2479struct mwl8k_cmd_get_hw_spec_ap {
2480	struct mwl8k_cmd_pkt header;
2481	__u8 hw_rev;
2482	__u8 host_interface;
2483	__le16 num_wcb;
2484	__le16 num_mcaddrs;
2485	__u8 perm_addr[ETH_ALEN];
2486	__le16 region_code;
2487	__le16 num_antenna;
2488	__le32 fw_rev;
2489	__le32 wcbbase0;
2490	__le32 rxwrptr;
2491	__le32 rxrdptr;
2492	__le32 ps_cookie;
2493	__le32 wcbbase1;
2494	__le32 wcbbase2;
2495	__le32 wcbbase3;
2496	__le32 fw_api_version;
2497	__le32 caps;
2498	__le32 num_of_ampdu_queues;
2499	__le32 wcbbase_ampdu[MWL8K_MAX_AMPDU_QUEUES];
2500} __packed;
2501
2502static int mwl8k_cmd_get_hw_spec_ap(struct ieee80211_hw *hw)
2503{
2504	struct mwl8k_priv *priv = hw->priv;
2505	struct mwl8k_cmd_get_hw_spec_ap *cmd;
2506	int rc, i;
2507	u32 api_version;
2508
2509	cmd = kzalloc(sizeof(*cmd), GFP_KERNEL);
2510	if (cmd == NULL)
2511		return -ENOMEM;
2512
2513	cmd->header.code = cpu_to_le16(MWL8K_CMD_GET_HW_SPEC);
2514	cmd->header.length = cpu_to_le16(sizeof(*cmd));
2515
2516	memset(cmd->perm_addr, 0xff, sizeof(cmd->perm_addr));
2517	cmd->ps_cookie = cpu_to_le32(priv->cookie_dma);
2518
2519	rc = mwl8k_post_cmd(hw, &cmd->header);
2520
2521	if (!rc) {
2522		int off;
2523
2524		api_version = le32_to_cpu(cmd->fw_api_version);
2525		if (priv->device_info->fw_api_ap != api_version) {
2526			printk(KERN_ERR "%s: Unsupported fw API version for %s."
2527			       "  Expected %d got %d.\n", MWL8K_NAME,
2528			       priv->device_info->part_name,
2529			       priv->device_info->fw_api_ap,
2530			       api_version);
2531			rc = -EINVAL;
2532			goto done;
2533		}
2534		SET_IEEE80211_PERM_ADDR(hw, cmd->perm_addr);
2535		priv->num_mcaddrs = le16_to_cpu(cmd->num_mcaddrs);
2536		priv->fw_rev = le32_to_cpu(cmd->fw_rev);
2537		priv->hw_rev = cmd->hw_rev;
2538		mwl8k_set_caps(hw, le32_to_cpu(cmd->caps));
2539		priv->ap_macids_supported = 0x000000ff;
2540		priv->sta_macids_supported = 0x00000100;
2541		priv->num_ampdu_queues = le32_to_cpu(cmd->num_of_ampdu_queues);
2542		if (priv->num_ampdu_queues > MWL8K_MAX_AMPDU_QUEUES) {
2543			wiphy_warn(hw->wiphy, "fw reported %d ampdu queues"
2544				   " but we only support %d.\n",
2545				   priv->num_ampdu_queues,
2546				   MWL8K_MAX_AMPDU_QUEUES);
2547			priv->num_ampdu_queues = MWL8K_MAX_AMPDU_QUEUES;
2548		}
2549		off = le32_to_cpu(cmd->rxwrptr) & 0xffff;
2550		iowrite32(priv->rxq[0].rxd_dma, priv->sram + off);
2551
2552		off = le32_to_cpu(cmd->rxrdptr) & 0xffff;
2553		iowrite32(priv->rxq[0].rxd_dma, priv->sram + off);
2554
2555		priv->txq_offset[0] = le32_to_cpu(cmd->wcbbase0) & 0xffff;
2556		priv->txq_offset[1] = le32_to_cpu(cmd->wcbbase1) & 0xffff;
2557		priv->txq_offset[2] = le32_to_cpu(cmd->wcbbase2) & 0xffff;
2558		priv->txq_offset[3] = le32_to_cpu(cmd->wcbbase3) & 0xffff;
2559
2560		for (i = 0; i < priv->num_ampdu_queues; i++)
2561			priv->txq_offset[i + MWL8K_TX_WMM_QUEUES] =
2562				le32_to_cpu(cmd->wcbbase_ampdu[i]) & 0xffff;
2563	}
2564
2565done:
2566	kfree(cmd);
2567	return rc;
2568}
2569
2570/*
2571 * CMD_SET_HW_SPEC.
2572 */
2573struct mwl8k_cmd_set_hw_spec {
2574	struct mwl8k_cmd_pkt header;
2575	__u8 hw_rev;
2576	__u8 host_interface;
2577	__le16 num_mcaddrs;
2578	__u8 perm_addr[ETH_ALEN];
2579	__le16 region_code;
2580	__le32 fw_rev;
2581	__le32 ps_cookie;
2582	__le32 caps;
2583	__le32 rx_queue_ptr;
2584	__le32 num_tx_queues;
2585	__le32 tx_queue_ptrs[MWL8K_MAX_TX_QUEUES];
2586	__le32 flags;
2587	__le32 num_tx_desc_per_queue;
2588	__le32 total_rxd;
2589} __packed;
2590
2591/* If enabled, MWL8K_SET_HW_SPEC_FLAG_ENABLE_LIFE_TIME_EXPIRY will cause
2592 * packets to expire 500 ms after the timestamp in the tx descriptor.  That is,
2593 * the packets that are queued for more than 500ms, will be dropped in the
2594 * hardware. This helps minimizing the issues caused due to head-of-line
2595 * blocking where a slow client can hog the bandwidth and affect traffic to a
2596 * faster client.
2597 */
2598#define MWL8K_SET_HW_SPEC_FLAG_ENABLE_LIFE_TIME_EXPIRY	0x00000400
2599#define MWL8K_SET_HW_SPEC_FLAG_GENERATE_CCMP_HDR	0x00000200
2600#define MWL8K_SET_HW_SPEC_FLAG_HOST_DECR_MGMT		0x00000080
2601#define MWL8K_SET_HW_SPEC_FLAG_HOSTFORM_PROBERESP	0x00000020
2602#define MWL8K_SET_HW_SPEC_FLAG_HOSTFORM_BEACON		0x00000010
2603
2604static int mwl8k_cmd_set_hw_spec(struct ieee80211_hw *hw)
2605{
2606	struct mwl8k_priv *priv = hw->priv;
2607	struct mwl8k_cmd_set_hw_spec *cmd;
2608	int rc;
2609	int i;
2610
2611	cmd = kzalloc(sizeof(*cmd), GFP_KERNEL);
2612	if (cmd == NULL)
2613		return -ENOMEM;
2614
2615	cmd->header.code = cpu_to_le16(MWL8K_CMD_SET_HW_SPEC);
2616	cmd->header.length = cpu_to_le16(sizeof(*cmd));
2617
2618	cmd->ps_cookie = cpu_to_le32(priv->cookie_dma);
2619	cmd->rx_queue_ptr = cpu_to_le32(priv->rxq[0].rxd_dma);
2620	cmd->num_tx_queues = cpu_to_le32(mwl8k_tx_queues(priv));
2621
2622	/*
2623	 * Mac80211 stack has Q0 as highest priority and Q3 as lowest in
2624	 * that order. Firmware has Q3 as highest priority and Q0 as lowest
2625	 * in that order. Map Q3 of mac80211 to Q0 of firmware so that the
2626	 * priority is interpreted the right way in firmware.
2627	 */
2628	for (i = 0; i < mwl8k_tx_queues(priv); i++) {
2629		int j = mwl8k_tx_queues(priv) - 1 - i;
2630		cmd->tx_queue_ptrs[i] = cpu_to_le32(priv->txq[j].txd_dma);
2631	}
2632
2633	cmd->flags = cpu_to_le32(MWL8K_SET_HW_SPEC_FLAG_HOST_DECR_MGMT |
2634				 MWL8K_SET_HW_SPEC_FLAG_HOSTFORM_PROBERESP |
2635				 MWL8K_SET_HW_SPEC_FLAG_HOSTFORM_BEACON |
2636				 MWL8K_SET_HW_SPEC_FLAG_ENABLE_LIFE_TIME_EXPIRY |
2637				 MWL8K_SET_HW_SPEC_FLAG_GENERATE_CCMP_HDR);
2638	cmd->num_tx_desc_per_queue = cpu_to_le32(MWL8K_TX_DESCS);
2639	cmd->total_rxd = cpu_to_le32(MWL8K_RX_DESCS);
2640
2641	rc = mwl8k_post_cmd(hw, &cmd->header);
2642	kfree(cmd);
2643
2644	return rc;
2645}
2646
2647/*
2648 * CMD_MAC_MULTICAST_ADR.
2649 */
2650struct mwl8k_cmd_mac_multicast_adr {
2651	struct mwl8k_cmd_pkt header;
2652	__le16 action;
2653	__le16 numaddr;
2654	__u8 addr[0][ETH_ALEN];
2655};
2656
2657#define MWL8K_ENABLE_RX_DIRECTED	0x0001
2658#define MWL8K_ENABLE_RX_MULTICAST	0x0002
2659#define MWL8K_ENABLE_RX_ALL_MULTICAST	0x0004
2660#define MWL8K_ENABLE_RX_BROADCAST	0x0008
2661
2662static struct mwl8k_cmd_pkt *
2663__mwl8k_cmd_mac_multicast_adr(struct ieee80211_hw *hw, int allmulti,
2664			      struct netdev_hw_addr_list *mc_list)
2665{
2666	struct mwl8k_priv *priv = hw->priv;
2667	struct mwl8k_cmd_mac_multicast_adr *cmd;
2668	int size;
2669	int mc_count = 0;
2670
2671	if (mc_list)
2672		mc_count = netdev_hw_addr_list_count(mc_list);
2673
2674	if (allmulti || mc_count > priv->num_mcaddrs) {
2675		allmulti = 1;
2676		mc_count = 0;
2677	}
2678
2679	size = sizeof(*cmd) + mc_count * ETH_ALEN;
2680
2681	cmd = kzalloc(size, GFP_ATOMIC);
2682	if (cmd == NULL)
2683		return NULL;
2684
2685	cmd->header.code = cpu_to_le16(MWL8K_CMD_MAC_MULTICAST_ADR);
2686	cmd->header.length = cpu_to_le16(size);
2687	cmd->action = cpu_to_le16(MWL8K_ENABLE_RX_DIRECTED |
2688				  MWL8K_ENABLE_RX_BROADCAST);
2689
2690	if (allmulti) {
2691		cmd->action |= cpu_to_le16(MWL8K_ENABLE_RX_ALL_MULTICAST);
2692	} else if (mc_count) {
2693		struct netdev_hw_addr *ha;
2694		int i = 0;
2695
2696		cmd->action |= cpu_to_le16(MWL8K_ENABLE_RX_MULTICAST);
2697		cmd->numaddr = cpu_to_le16(mc_count);
2698		netdev_hw_addr_list_for_each(ha, mc_list) {
2699			memcpy(cmd->addr[i], ha->addr, ETH_ALEN);
2700		}
2701	}
2702
2703	return &cmd->header;
2704}
2705
2706/*
2707 * CMD_GET_STAT.
2708 */
2709struct mwl8k_cmd_get_stat {
2710	struct mwl8k_cmd_pkt header;
2711	__le32 stats[64];
2712} __packed;
2713
2714#define MWL8K_STAT_ACK_FAILURE	9
2715#define MWL8K_STAT_RTS_FAILURE	12
2716#define MWL8K_STAT_FCS_ERROR	24
2717#define MWL8K_STAT_RTS_SUCCESS	11
2718
2719static int mwl8k_cmd_get_stat(struct ieee80211_hw *hw,
2720			      struct ieee80211_low_level_stats *stats)
2721{
2722	struct mwl8k_cmd_get_stat *cmd;
2723	int rc;
2724
2725	cmd = kzalloc(sizeof(*cmd), GFP_KERNEL);
2726	if (cmd == NULL)
2727		return -ENOMEM;
2728
2729	cmd->header.code = cpu_to_le16(MWL8K_CMD_GET_STAT);
2730	cmd->header.length = cpu_to_le16(sizeof(*cmd));
2731
2732	rc = mwl8k_post_cmd(hw, &cmd->header);
2733	if (!rc) {
2734		stats->dot11ACKFailureCount =
2735			le32_to_cpu(cmd->stats[MWL8K_STAT_ACK_FAILURE]);
2736		stats->dot11RTSFailureCount =
2737			le32_to_cpu(cmd->stats[MWL8K_STAT_RTS_FAILURE]);
2738		stats->dot11FCSErrorCount =
2739			le32_to_cpu(cmd->stats[MWL8K_STAT_FCS_ERROR]);
2740		stats->dot11RTSSuccessCount =
2741			le32_to_cpu(cmd->stats[MWL8K_STAT_RTS_SUCCESS]);
2742	}
2743	kfree(cmd);
2744
2745	return rc;
2746}
2747
2748/*
2749 * CMD_RADIO_CONTROL.
2750 */
2751struct mwl8k_cmd_radio_control {
2752	struct mwl8k_cmd_pkt header;
2753	__le16 action;
2754	__le16 control;
2755	__le16 radio_on;
2756} __packed;
2757
2758static int
2759mwl8k_cmd_radio_control(struct ieee80211_hw *hw, bool enable, bool force)
2760{
2761	struct mwl8k_priv *priv = hw->priv;
2762	struct mwl8k_cmd_radio_control *cmd;
2763	int rc;
2764
2765	if (enable == priv->radio_on && !force)
2766		return 0;
2767
2768	cmd = kzalloc(sizeof(*cmd), GFP_KERNEL);
2769	if (cmd == NULL)
2770		return -ENOMEM;
2771
2772	cmd->header.code = cpu_to_le16(MWL8K_CMD_RADIO_CONTROL);
2773	cmd->header.length = cpu_to_le16(sizeof(*cmd));
2774	cmd->action = cpu_to_le16(MWL8K_CMD_SET);
2775	cmd->control = cpu_to_le16(priv->radio_short_preamble ? 3 : 1);
2776	cmd->radio_on = cpu_to_le16(enable ? 0x0001 : 0x0000);
2777
2778	rc = mwl8k_post_cmd(hw, &cmd->header);
2779	kfree(cmd);
2780
2781	if (!rc)
2782		priv->radio_on = enable;
2783
2784	return rc;
2785}
2786
2787static int mwl8k_cmd_radio_disable(struct ieee80211_hw *hw)
2788{
2789	return mwl8k_cmd_radio_control(hw, 0, 0);
2790}
2791
2792static int mwl8k_cmd_radio_enable(struct ieee80211_hw *hw)
2793{
2794	return mwl8k_cmd_radio_control(hw, 1, 0);
2795}
2796
2797static int
2798mwl8k_set_radio_preamble(struct ieee80211_hw *hw, bool short_preamble)
2799{
2800	struct mwl8k_priv *priv = hw->priv;
2801
2802	priv->radio_short_preamble = short_preamble;
2803
2804	return mwl8k_cmd_radio_control(hw, 1, 1);
2805}
2806
2807/*
2808 * CMD_RF_TX_POWER.
2809 */
2810#define MWL8K_RF_TX_POWER_LEVEL_TOTAL	8
2811
2812struct mwl8k_cmd_rf_tx_power {
2813	struct mwl8k_cmd_pkt header;
2814	__le16 action;
2815	__le16 support_level;
2816	__le16 current_level;
2817	__le16 reserved;
2818	__le16 power_level_list[MWL8K_RF_TX_POWER_LEVEL_TOTAL];
2819} __packed;
2820
2821static int mwl8k_cmd_rf_tx_power(struct ieee80211_hw *hw, int dBm)
2822{
2823	struct mwl8k_cmd_rf_tx_power *cmd;
2824	int rc;
2825
2826	cmd = kzalloc(sizeof(*cmd), GFP_KERNEL);
2827	if (cmd == NULL)
2828		return -ENOMEM;
2829
2830	cmd->header.code = cpu_to_le16(MWL8K_CMD_RF_TX_POWER);
2831	cmd->header.length = cpu_to_le16(sizeof(*cmd));
2832	cmd->action = cpu_to_le16(MWL8K_CMD_SET);
2833	cmd->support_level = cpu_to_le16(dBm);
2834
2835	rc = mwl8k_post_cmd(hw, &cmd->header);
2836	kfree(cmd);
2837
2838	return rc;
2839}
2840
2841/*
2842 * CMD_TX_POWER.
2843 */
2844#define MWL8K_TX_POWER_LEVEL_TOTAL      12
2845
2846struct mwl8k_cmd_tx_power {
2847	struct mwl8k_cmd_pkt header;
2848	__le16 action;
2849	__le16 band;
2850	__le16 channel;
2851	__le16 bw;
2852	__le16 sub_ch;
2853	__le16 power_level_list[MWL8K_TX_POWER_LEVEL_TOTAL];
2854} __packed;
2855
2856static int mwl8k_cmd_tx_power(struct ieee80211_hw *hw,
2857				     struct ieee80211_conf *conf,
2858				     unsigned short pwr)
2859{
2860	struct ieee80211_channel *channel = conf->chandef.chan;
2861	enum nl80211_channel_type channel_type =
2862		cfg80211_get_chandef_type(&conf->chandef);
2863	struct mwl8k_cmd_tx_power *cmd;
2864	int rc;
2865	int i;
2866
2867	cmd = kzalloc(sizeof(*cmd), GFP_KERNEL);
2868	if (cmd == NULL)
2869		return -ENOMEM;
2870
2871	cmd->header.code = cpu_to_le16(MWL8K_CMD_TX_POWER);
2872	cmd->header.length = cpu_to_le16(sizeof(*cmd));
2873	cmd->action = cpu_to_le16(MWL8K_CMD_SET_LIST);
2874
2875	if (channel->band == IEEE80211_BAND_2GHZ)
2876		cmd->band = cpu_to_le16(0x1);
2877	else if (channel->band == IEEE80211_BAND_5GHZ)
2878		cmd->band = cpu_to_le16(0x4);
2879
2880	cmd->channel = cpu_to_le16(channel->hw_value);
2881
2882	if (channel_type == NL80211_CHAN_NO_HT ||
2883	    channel_type == NL80211_CHAN_HT20) {
2884		cmd->bw = cpu_to_le16(0x2);
2885	} else {
2886		cmd->bw = cpu_to_le16(0x4);
2887		if (channel_type == NL80211_CHAN_HT40MINUS)
2888			cmd->sub_ch = cpu_to_le16(0x3);
2889		else if (channel_type == NL80211_CHAN_HT40PLUS)
2890			cmd->sub_ch = cpu_to_le16(0x1);
2891	}
2892
2893	for (i = 0; i < MWL8K_TX_POWER_LEVEL_TOTAL; i++)
2894		cmd->power_level_list[i] = cpu_to_le16(pwr);
2895
2896	rc = mwl8k_post_cmd(hw, &cmd->header);
2897	kfree(cmd);
2898
2899	return rc;
2900}
2901
2902/*
2903 * CMD_RF_ANTENNA.
2904 */
2905struct mwl8k_cmd_rf_antenna {
2906	struct mwl8k_cmd_pkt header;
2907	__le16 antenna;
2908	__le16 mode;
2909} __packed;
2910
2911#define MWL8K_RF_ANTENNA_RX		1
2912#define MWL8K_RF_ANTENNA_TX		2
2913
2914static int
2915mwl8k_cmd_rf_antenna(struct ieee80211_hw *hw, int antenna, int mask)
2916{
2917	struct mwl8k_cmd_rf_antenna *cmd;
2918	int rc;
2919
2920	cmd = kzalloc(sizeof(*cmd), GFP_KERNEL);
2921	if (cmd == NULL)
2922		return -ENOMEM;
2923
2924	cmd->header.code = cpu_to_le16(MWL8K_CMD_RF_ANTENNA);
2925	cmd->header.length = cpu_to_le16(sizeof(*cmd));
2926	cmd->antenna = cpu_to_le16(antenna);
2927	cmd->mode = cpu_to_le16(mask);
2928
2929	rc = mwl8k_post_cmd(hw, &cmd->header);
2930	kfree(cmd);
2931
2932	return rc;
2933}
2934
2935/*
2936 * CMD_SET_BEACON.
2937 */
2938struct mwl8k_cmd_set_beacon {
2939	struct mwl8k_cmd_pkt header;
2940	__le16 beacon_len;
2941	__u8 beacon[0];
2942};
2943
2944static int mwl8k_cmd_set_beacon(struct ieee80211_hw *hw,
2945				struct ieee80211_vif *vif, u8 *beacon, int len)
2946{
2947	struct mwl8k_cmd_set_beacon *cmd;
2948	int rc;
2949
2950	cmd = kzalloc(sizeof(*cmd) + len, GFP_KERNEL);
2951	if (cmd == NULL)
2952		return -ENOMEM;
2953
2954	cmd->header.code = cpu_to_le16(MWL8K_CMD_SET_BEACON);
2955	cmd->header.length = cpu_to_le16(sizeof(*cmd) + len);
2956	cmd->beacon_len = cpu_to_le16(len);
2957	memcpy(cmd->beacon, beacon, len);
2958
2959	rc = mwl8k_post_pervif_cmd(hw, vif, &cmd->header);
2960	kfree(cmd);
2961
2962	return rc;
2963}
2964
2965/*
2966 * CMD_SET_PRE_SCAN.
2967 */
2968struct mwl8k_cmd_set_pre_scan {
2969	struct mwl8k_cmd_pkt header;
2970} __packed;
2971
2972static int mwl8k_cmd_set_pre_scan(struct ieee80211_hw *hw)
2973{
2974	struct mwl8k_cmd_set_pre_scan *cmd;
2975	int rc;
2976
2977	cmd = kzalloc(sizeof(*cmd), GFP_KERNEL);
2978	if (cmd == NULL)
2979		return -ENOMEM;
2980
2981	cmd->header.code = cpu_to_le16(MWL8K_CMD_SET_PRE_SCAN);
2982	cmd->header.length = cpu_to_le16(sizeof(*cmd));
2983
2984	rc = mwl8k_post_cmd(hw, &cmd->header);
2985	kfree(cmd);
2986
2987	return rc;
2988}
2989
2990/*
2991 * CMD_SET_POST_SCAN.
2992 */
2993struct mwl8k_cmd_set_post_scan {
2994	struct mwl8k_cmd_pkt header;
2995	__le32 isibss;
2996	__u8 bssid[ETH_ALEN];
2997} __packed;
2998
2999static int
3000mwl8k_cmd_set_post_scan(struct ieee80211_hw *hw, const __u8 *mac)
3001{
3002	struct mwl8k_cmd_set_post_scan *cmd;
3003	int rc;
3004
3005	cmd = kzalloc(sizeof(*cmd), GFP_KERNEL);
3006	if (cmd == NULL)
3007		return -ENOMEM;
3008
3009	cmd->header.code = cpu_to_le16(MWL8K_CMD_SET_POST_SCAN);
3010	cmd->header.length = cpu_to_le16(sizeof(*cmd));
3011	cmd->isibss = 0;
3012	memcpy(cmd->bssid, mac, ETH_ALEN);
3013
3014	rc = mwl8k_post_cmd(hw, &cmd->header);
3015	kfree(cmd);
3016
3017	return rc;
3018}
3019
3020/*
3021 * CMD_SET_RF_CHANNEL.
3022 */
3023struct mwl8k_cmd_set_rf_channel {
3024	struct mwl8k_cmd_pkt header;
3025	__le16 action;
3026	__u8 current_channel;
3027	__le32 channel_flags;
3028} __packed;
3029
3030static int mwl8k_cmd_set_rf_channel(struct ieee80211_hw *hw,
3031				    struct ieee80211_conf *conf)
3032{
3033	struct ieee80211_channel *channel = conf->chandef.chan;
3034	enum nl80211_channel_type channel_type =
3035		cfg80211_get_chandef_type(&conf->chandef);
3036	struct mwl8k_cmd_set_rf_channel *cmd;
3037	int rc;
3038
3039	cmd = kzalloc(sizeof(*cmd), GFP_KERNEL);
3040	if (cmd == NULL)
3041		return -ENOMEM;
3042
3043	cmd->header.code = cpu_to_le16(MWL8K_CMD_SET_RF_CHANNEL);
3044	cmd->header.length = cpu_to_le16(sizeof(*cmd));
3045	cmd->action = cpu_to_le16(MWL8K_CMD_SET);
3046	cmd->current_channel = channel->hw_value;
3047
3048	if (channel->band == IEEE80211_BAND_2GHZ)
3049		cmd->channel_flags |= cpu_to_le32(0x00000001);
3050	else if (channel->band == IEEE80211_BAND_5GHZ)
3051		cmd->channel_flags |= cpu_to_le32(0x00000004);
3052
3053	if (channel_type == NL80211_CHAN_NO_HT ||
3054	    channel_type == NL80211_CHAN_HT20)
3055		cmd->channel_flags |= cpu_to_le32(0x00000080);
3056	else if (channel_type == NL80211_CHAN_HT40MINUS)
3057		cmd->channel_flags |= cpu_to_le32(0x000001900);
3058	else if (channel_type == NL80211_CHAN_HT40PLUS)
3059		cmd->channel_flags |= cpu_to_le32(0x000000900);
3060
3061	rc = mwl8k_post_cmd(hw, &cmd->header);
3062	kfree(cmd);
3063
3064	return rc;
3065}
3066
3067/*
3068 * CMD_SET_AID.
3069 */
3070#define MWL8K_FRAME_PROT_DISABLED			0x00
3071#define MWL8K_FRAME_PROT_11G				0x07
3072#define MWL8K_FRAME_PROT_11N_HT_40MHZ_ONLY		0x02
3073#define MWL8K_FRAME_PROT_11N_HT_ALL			0x06
3074
3075struct mwl8k_cmd_update_set_aid {
3076	struct	mwl8k_cmd_pkt header;
3077	__le16	aid;
3078
3079	 /* AP's MAC address (BSSID) */
3080	__u8	bssid[ETH_ALEN];
3081	__le16	protection_mode;
3082	__u8	supp_rates[14];
3083} __packed;
3084
3085static void legacy_rate_mask_to_array(u8 *rates, u32 mask)
3086{
3087	int i;
3088	int j;
3089
3090	/*
3091	 * Clear nonstandard rate 4.
3092	 */
3093	mask &= 0x1fef;
3094
3095	for (i = 0, j = 0; i < 13; i++) {
3096		if (mask & (1 << i))
3097			rates[j++] = mwl8k_rates_24[i].hw_value;
3098	}
3099}
3100
3101static int
3102mwl8k_cmd_set_aid(struct ieee80211_hw *hw,
3103		  struct ieee80211_vif *vif, u32 legacy_rate_mask)
3104{
3105	struct mwl8k_cmd_update_set_aid *cmd;
3106	u16 prot_mode;
3107	int rc;
3108
3109	cmd = kzalloc(sizeof(*cmd), GFP_KERNEL);
3110	if (cmd == NULL)
3111		return -ENOMEM;
3112
3113	cmd->header.code = cpu_to_le16(MWL8K_CMD_SET_AID);
3114	cmd->header.length = cpu_to_le16(sizeof(*cmd));
3115	cmd->aid = cpu_to_le16(vif->bss_conf.aid);
3116	memcpy(cmd->bssid, vif->bss_conf.bssid, ETH_ALEN);
3117
3118	if (vif->bss_conf.use_cts_prot) {
3119		prot_mode = MWL8K_FRAME_PROT_11G;
3120	} else {
3121		switch (vif->bss_conf.ht_operation_mode &
3122			IEEE80211_HT_OP_MODE_PROTECTION) {
3123		case IEEE80211_HT_OP_MODE_PROTECTION_20MHZ:
3124			prot_mode = MWL8K_FRAME_PROT_11N_HT_40MHZ_ONLY;
3125			break;
3126		case IEEE80211_HT_OP_MODE_PROTECTION_NONHT_MIXED:
3127			prot_mode = MWL8K_FRAME_PROT_11N_HT_ALL;
3128			break;
3129		default:
3130			prot_mode = MWL8K_FRAME_PROT_DISABLED;
3131			break;
3132		}
3133	}
3134	cmd->protection_mode = cpu_to_le16(prot_mode);
3135
3136	legacy_rate_mask_to_array(cmd->supp_rates, legacy_rate_mask);
3137
3138	rc = mwl8k_post_cmd(hw, &cmd->header);
3139	kfree(cmd);
3140
3141	return rc;
3142}
3143
3144/*
3145 * CMD_SET_RATE.
3146 */
3147struct mwl8k_cmd_set_rate {
3148	struct	mwl8k_cmd_pkt header;
3149	__u8	legacy_rates[14];
3150
3151	/* Bitmap for supported MCS codes.  */
3152	__u8	mcs_set[16];
3153	__u8	reserved[16];
3154} __packed;
3155
3156static int
3157mwl8k_cmd_set_rate(struct ieee80211_hw *hw, struct ieee80211_vif *vif,
3158		   u32 legacy_rate_mask, u8 *mcs_rates)
3159{
3160	struct mwl8k_cmd_set_rate *cmd;
3161	int rc;
3162
3163	cmd = kzalloc(sizeof(*cmd), GFP_KERNEL);
3164	if (cmd == NULL)
3165		return -ENOMEM;
3166
3167	cmd->header.code = cpu_to_le16(MWL8K_CMD_SET_RATE);
3168	cmd->header.length = cpu_to_le16(sizeof(*cmd));
3169	legacy_rate_mask_to_array(cmd->legacy_rates, legacy_rate_mask);
3170	memcpy(cmd->mcs_set, mcs_rates, 16);
3171
3172	rc = mwl8k_post_cmd(hw, &cmd->header);
3173	kfree(cmd);
3174
3175	return rc;
3176}
3177
3178/*
3179 * CMD_FINALIZE_JOIN.
3180 */
3181#define MWL8K_FJ_BEACON_MAXLEN	128
3182
3183struct mwl8k_cmd_finalize_join {
3184	struct mwl8k_cmd_pkt header;
3185	__le32 sleep_interval;	/* Number of beacon periods to sleep */
3186	__u8 beacon_data[MWL8K_FJ_BEACON_MAXLEN];
3187} __packed;
3188
3189static int mwl8k_cmd_finalize_join(struct ieee80211_hw *hw, void *frame,
3190				   int framelen, int dtim)
3191{
3192	struct mwl8k_cmd_finalize_join *cmd;
3193	struct ieee80211_mgmt *payload = frame;
3194	int payload_len;
3195	int rc;
3196
3197	cmd = kzalloc(sizeof(*cmd), GFP_KERNEL);
3198	if (cmd == NULL)
3199		return -ENOMEM;
3200
3201	cmd->header.code = cpu_to_le16(MWL8K_CMD_SET_FINALIZE_JOIN);
3202	cmd->header.length = cpu_to_le16(sizeof(*cmd));
3203	cmd->sleep_interval = cpu_to_le32(dtim ? dtim : 1);
3204
3205	payload_len = framelen - ieee80211_hdrlen(payload->frame_control);
3206	if (payload_len < 0)
3207		payload_len = 0;
3208	else if (payload_len > MWL8K_FJ_BEACON_MAXLEN)
3209		payload_len = MWL8K_FJ_BEACON_MAXLEN;
3210
3211	memcpy(cmd->beacon_data, &payload->u.beacon, payload_len);
3212
3213	rc = mwl8k_post_cmd(hw, &cmd->header);
3214	kfree(cmd);
3215
3216	return rc;
3217}
3218
3219/*
3220 * CMD_SET_RTS_THRESHOLD.
3221 */
3222struct mwl8k_cmd_set_rts_threshold {
3223	struct mwl8k_cmd_pkt header;
3224	__le16 action;
3225	__le16 threshold;
3226} __packed;
3227
3228static int
3229mwl8k_cmd_set_rts_threshold(struct ieee80211_hw *hw, int rts_thresh)
3230{
3231	struct mwl8k_cmd_set_rts_threshold *cmd;
3232	int rc;
3233
3234	cmd = kzalloc(sizeof(*cmd), GFP_KERNEL);
3235	if (cmd == NULL)
3236		return -ENOMEM;
3237
3238	cmd->header.code = cpu_to_le16(MWL8K_CMD_RTS_THRESHOLD);
3239	cmd->header.length = cpu_to_le16(sizeof(*cmd));
3240	cmd->action = cpu_to_le16(MWL8K_CMD_SET);
3241	cmd->threshold = cpu_to_le16(rts_thresh);
3242
3243	rc = mwl8k_post_cmd(hw, &cmd->header);
3244	kfree(cmd);
3245
3246	return rc;
3247}
3248
3249/*
3250 * CMD_SET_SLOT.
3251 */
3252struct mwl8k_cmd_set_slot {
3253	struct mwl8k_cmd_pkt header;
3254	__le16 action;
3255	__u8 short_slot;
3256} __packed;
3257
3258static int mwl8k_cmd_set_slot(struct ieee80211_hw *hw, bool short_slot_time)
3259{
3260	struct mwl8k_cmd_set_slot *cmd;
3261	int rc;
3262
3263	cmd = kzalloc(sizeof(*cmd), GFP_KERNEL);
3264	if (cmd == NULL)
3265		return -ENOMEM;
3266
3267	cmd->header.code = cpu_to_le16(MWL8K_CMD_SET_SLOT);
3268	cmd->header.length = cpu_to_le16(sizeof(*cmd));
3269	cmd->action = cpu_to_le16(MWL8K_CMD_SET);
3270	cmd->short_slot = short_slot_time;
3271
3272	rc = mwl8k_post_cmd(hw, &cmd->header);
3273	kfree(cmd);
3274
3275	return rc;
3276}
3277
3278/*
3279 * CMD_SET_EDCA_PARAMS.
3280 */
3281struct mwl8k_cmd_set_edca_params {
3282	struct mwl8k_cmd_pkt header;
3283
3284	/* See MWL8K_SET_EDCA_XXX below */
3285	__le16 action;
3286
3287	/* TX opportunity in units of 32 us */
3288	__le16 txop;
3289
3290	union {
3291		struct {
3292			/* Log exponent of max contention period: 0...15 */
3293			__le32 log_cw_max;
3294
3295			/* Log exponent of min contention period: 0...15 */
3296			__le32 log_cw_min;
3297
3298			/* Adaptive interframe spacing in units of 32us */
3299			__u8 aifs;
3300
3301			/* TX queue to configure */
3302			__u8 txq;
3303		} ap;
3304		struct {
3305			/* Log exponent of max contention period: 0...15 */
3306			__u8 log_cw_max;
3307
3308			/* Log exponent of min contention period: 0...15 */
3309			__u8 log_cw_min;
3310
3311			/* Adaptive interframe spacing in units of 32us */
3312			__u8 aifs;
3313
3314			/* TX queue to configure */
3315			__u8 txq;
3316		} sta;
3317	};
3318} __packed;
3319
3320#define MWL8K_SET_EDCA_CW	0x01
3321#define MWL8K_SET_EDCA_TXOP	0x02
3322#define MWL8K_SET_EDCA_AIFS	0x04
3323
3324#define MWL8K_SET_EDCA_ALL	(MWL8K_SET_EDCA_CW | \
3325				 MWL8K_SET_EDCA_TXOP | \
3326				 MWL8K_SET_EDCA_AIFS)
3327
3328static int
3329mwl8k_cmd_set_edca_params(struct ieee80211_hw *hw, __u8 qnum,
3330			  __u16 cw_min, __u16 cw_max,
3331			  __u8 aifs, __u16 txop)
3332{
3333	struct mwl8k_priv *priv = hw->priv;
3334	struct mwl8k_cmd_set_edca_params *cmd;
3335	int rc;
3336
3337	cmd = kzalloc(sizeof(*cmd), GFP_KERNEL);
3338	if (cmd == NULL)
3339		return -ENOMEM;
3340
3341	cmd->header.code = cpu_to_le16(MWL8K_CMD_SET_EDCA_PARAMS);
3342	cmd->header.length = cpu_to_le16(sizeof(*cmd));
3343	cmd->action = cpu_to_le16(MWL8K_SET_EDCA_ALL);
3344	cmd->txop = cpu_to_le16(txop);
3345	if (priv->ap_fw) {
3346		cmd->ap.log_cw_max = cpu_to_le32(ilog2(cw_max + 1));
3347		cmd->ap.log_cw_min = cpu_to_le32(ilog2(cw_min + 1));
3348		cmd->ap.aifs = aifs;
3349		cmd->ap.txq = qnum;
3350	} else {
3351		cmd->sta.log_cw_max = (u8)ilog2(cw_max + 1);
3352		cmd->sta.log_cw_min = (u8)ilog2(cw_min + 1);
3353		cmd->sta.aifs = aifs;
3354		cmd->sta.txq = qnum;
3355	}
3356
3357	rc = mwl8k_post_cmd(hw, &cmd->header);
3358	kfree(cmd);
3359
3360	return rc;
3361}
3362
3363/*
3364 * CMD_SET_WMM_MODE.
3365 */
3366struct mwl8k_cmd_set_wmm_mode {
3367	struct mwl8k_cmd_pkt header;
3368	__le16 action;
3369} __packed;
3370
3371static int mwl8k_cmd_set_wmm_mode(struct ieee80211_hw *hw, bool enable)
3372{
3373	struct mwl8k_priv *priv = hw->priv;
3374	struct mwl8k_cmd_set_wmm_mode *cmd;
3375	int rc;
3376
3377	cmd = kzalloc(sizeof(*cmd), GFP_KERNEL);
3378	if (cmd == NULL)
3379		return -ENOMEM;
3380
3381	cmd->header.code = cpu_to_le16(MWL8K_CMD_SET_WMM_MODE);
3382	cmd->header.length = cpu_to_le16(sizeof(*cmd));
3383	cmd->action = cpu_to_le16(!!enable);
3384
3385	rc = mwl8k_post_cmd(hw, &cmd->header);
3386	kfree(cmd);
3387
3388	if (!rc)
3389		priv->wmm_enabled = enable;
3390
3391	return rc;
3392}
3393
3394/*
3395 * CMD_MIMO_CONFIG.
3396 */
3397struct mwl8k_cmd_mimo_config {
3398	struct mwl8k_cmd_pkt header;
3399	__le32 action;
3400	__u8 rx_antenna_map;
3401	__u8 tx_antenna_map;
3402} __packed;
3403
3404static int mwl8k_cmd_mimo_config(struct ieee80211_hw *hw, __u8 rx, __u8 tx)
3405{
3406	struct mwl8k_cmd_mimo_config *cmd;
3407	int rc;
3408
3409	cmd = kzalloc(sizeof(*cmd), GFP_KERNEL);
3410	if (cmd == NULL)
3411		return -ENOMEM;
3412
3413	cmd->header.code = cpu_to_le16(MWL8K_CMD_MIMO_CONFIG);
3414	cmd->header.length = cpu_to_le16(sizeof(*cmd));
3415	cmd->action = cpu_to_le32((u32)MWL8K_CMD_SET);
3416	cmd->rx_antenna_map = rx;
3417	cmd->tx_antenna_map = tx;
3418
3419	rc = mwl8k_post_cmd(hw, &cmd->header);
3420	kfree(cmd);
3421
3422	return rc;
3423}
3424
3425/*
3426 * CMD_USE_FIXED_RATE (STA version).
3427 */
3428struct mwl8k_cmd_use_fixed_rate_sta {
3429	struct mwl8k_cmd_pkt header;
3430	__le32 action;
3431	__le32 allow_rate_drop;
3432	__le32 num_rates;
3433	struct {
3434		__le32 is_ht_rate;
3435		__le32 enable_retry;
3436		__le32 rate;
3437		__le32 retry_count;
3438	} rate_entry[8];
3439	__le32 rate_type;
3440	__le32 reserved1;
3441	__le32 reserved2;
3442} __packed;
3443
3444#define MWL8K_USE_AUTO_RATE	0x0002
3445#define MWL8K_UCAST_RATE	0
3446
3447static int mwl8k_cmd_use_fixed_rate_sta(struct ieee80211_hw *hw)
3448{
3449	struct mwl8k_cmd_use_fixed_rate_sta *cmd;
3450	int rc;
3451
3452	cmd = kzalloc(sizeof(*cmd), GFP_KERNEL);
3453	if (cmd == NULL)
3454		return -ENOMEM;
3455
3456	cmd->header.code = cpu_to_le16(MWL8K_CMD_USE_FIXED_RATE);
3457	cmd->header.length = cpu_to_le16(sizeof(*cmd));
3458	cmd->action = cpu_to_le32(MWL8K_USE_AUTO_RATE);
3459	cmd->rate_type = cpu_to_le32(MWL8K_UCAST_RATE);
3460
3461	rc = mwl8k_post_cmd(hw, &cmd->header);
3462	kfree(cmd);
3463
3464	return rc;
3465}
3466
3467/*
3468 * CMD_USE_FIXED_RATE (AP version).
3469 */
3470struct mwl8k_cmd_use_fixed_rate_ap {
3471	struct mwl8k_cmd_pkt header;
3472	__le32 action;
3473	__le32 allow_rate_drop;
3474	__le32 num_rates;
3475	struct mwl8k_rate_entry_ap {
3476		__le32 is_ht_rate;
3477		__le32 enable_retry;
3478		__le32 rate;
3479		__le32 retry_count;
3480	} rate_entry[4];
3481	u8 multicast_rate;
3482	u8 multicast_rate_type;
3483	u8 management_rate;
3484} __packed;
3485
3486static int
3487mwl8k_cmd_use_fixed_rate_ap(struct ieee80211_hw *hw, int mcast, int mgmt)
3488{
3489	struct mwl8k_cmd_use_fixed_rate_ap *cmd;
3490	int rc;
3491
3492	cmd = kzalloc(sizeof(*cmd), GFP_KERNEL);
3493	if (cmd == NULL)
3494		return -ENOMEM;
3495
3496	cmd->header.code = cpu_to_le16(MWL8K_CMD_USE_FIXED_RATE);
3497	cmd->header.length = cpu_to_le16(sizeof(*cmd));
3498	cmd->action = cpu_to_le32(MWL8K_USE_AUTO_RATE);
3499	cmd->multicast_rate = mcast;
3500	cmd->management_rate = mgmt;
3501
3502	rc = mwl8k_post_cmd(hw, &cmd->header);
3503	kfree(cmd);
3504
3505	return rc;
3506}
3507
3508/*
3509 * CMD_ENABLE_SNIFFER.
3510 */
3511struct mwl8k_cmd_enable_sniffer {
3512	struct mwl8k_cmd_pkt header;
3513	__le32 action;
3514} __packed;
3515
3516static int mwl8k_cmd_enable_sniffer(struct ieee80211_hw *hw, bool enable)
3517{
3518	struct mwl8k_cmd_enable_sniffer *cmd;
3519	int rc;
3520
3521	cmd = kzalloc(sizeof(*cmd), GFP_KERNEL);
3522	if (cmd == NULL)
3523		return -ENOMEM;
3524
3525	cmd->header.code = cpu_to_le16(MWL8K_CMD_ENABLE_SNIFFER);
3526	cmd->header.length = cpu_to_le16(sizeof(*cmd));
3527	cmd->action = cpu_to_le32(!!enable);
3528
3529	rc = mwl8k_post_cmd(hw, &cmd->header);
3530	kfree(cmd);
3531
3532	return rc;
3533}
3534
3535struct mwl8k_cmd_update_mac_addr {
3536	struct mwl8k_cmd_pkt header;
3537	union {
3538		struct {
3539			__le16 mac_type;
3540			__u8 mac_addr[ETH_ALEN];
3541		} mbss;
3542		__u8 mac_addr[ETH_ALEN];
3543	};
3544} __packed;
3545
3546#define MWL8K_MAC_TYPE_PRIMARY_CLIENT		0
3547#define MWL8K_MAC_TYPE_SECONDARY_CLIENT		1
3548#define MWL8K_MAC_TYPE_PRIMARY_AP		2
3549#define MWL8K_MAC_TYPE_SECONDARY_AP		3
3550
3551static int mwl8k_cmd_update_mac_addr(struct ieee80211_hw *hw,
3552				  struct ieee80211_vif *vif, u8 *mac, bool set)
3553{
3554	struct mwl8k_priv *priv = hw->priv;
3555	struct mwl8k_vif *mwl8k_vif = MWL8K_VIF(vif);
3556	struct mwl8k_cmd_update_mac_addr *cmd;
3557	int mac_type;
3558	int rc;
3559
3560	mac_type = MWL8K_MAC_TYPE_PRIMARY_AP;
3561	if (vif != NULL && vif->type == NL80211_IFTYPE_STATION) {
3562		if (mwl8k_vif->macid + 1 == ffs(priv->sta_macids_supported))
3563			if (priv->ap_fw)
3564				mac_type = MWL8K_MAC_TYPE_SECONDARY_CLIENT;
3565			else
3566				mac_type = MWL8K_MAC_TYPE_PRIMARY_CLIENT;
3567		else
3568			mac_type = MWL8K_MAC_TYPE_SECONDARY_CLIENT;
3569	} else if (vif != NULL && vif->type == NL80211_IFTYPE_AP) {
3570		if (mwl8k_vif->macid + 1 == ffs(priv->ap_macids_supported))
3571			mac_type = MWL8K_MAC_TYPE_PRIMARY_AP;
3572		else
3573			mac_type = MWL8K_MAC_TYPE_SECONDARY_AP;
3574	}
3575
3576	cmd = kzalloc(sizeof(*cmd), GFP_KERNEL);
3577	if (cmd == NULL)
3578		return -ENOMEM;
3579
3580	if (set)
3581		cmd->header.code = cpu_to_le16(MWL8K_CMD_SET_MAC_ADDR);
3582	else
3583		cmd->header.code = cpu_to_le16(MWL8K_CMD_DEL_MAC_ADDR);
3584
3585	cmd->header.length = cpu_to_le16(sizeof(*cmd));
3586	if (priv->ap_fw) {
3587		cmd->mbss.mac_type = cpu_to_le16(mac_type);
3588		memcpy(cmd->mbss.mac_addr, mac, ETH_ALEN);
3589	} else {
3590		memcpy(cmd->mac_addr, mac, ETH_ALEN);
3591	}
3592
3593	rc = mwl8k_post_pervif_cmd(hw, vif, &cmd->header);
3594	kfree(cmd);
3595
3596	return rc;
3597}
3598
3599/*
3600 * MWL8K_CMD_SET_MAC_ADDR.
3601 */
3602static inline int mwl8k_cmd_set_mac_addr(struct ieee80211_hw *hw,
3603				  struct ieee80211_vif *vif, u8 *mac)
3604{
3605	return mwl8k_cmd_update_mac_addr(hw, vif, mac, true);
3606}
3607
3608/*
3609 * MWL8K_CMD_DEL_MAC_ADDR.
3610 */
3611static inline int mwl8k_cmd_del_mac_addr(struct ieee80211_hw *hw,
3612				  struct ieee80211_vif *vif, u8 *mac)
3613{
3614	return mwl8k_cmd_update_mac_addr(hw, vif, mac, false);
3615}
3616
3617/*
3618 * CMD_SET_RATEADAPT_MODE.
3619 */
3620struct mwl8k_cmd_set_rate_adapt_mode {
3621	struct mwl8k_cmd_pkt header;
3622	__le16 action;
3623	__le16 mode;
3624} __packed;
3625
3626static int mwl8k_cmd_set_rateadapt_mode(struct ieee80211_hw *hw, __u16 mode)
3627{
3628	struct mwl8k_cmd_set_rate_adapt_mode *cmd;
3629	int rc;
3630
3631	cmd = kzalloc(sizeof(*cmd), GFP_KERNEL);
3632	if (cmd == NULL)
3633		return -ENOMEM;
3634
3635	cmd->header.code = cpu_to_le16(MWL8K_CMD_SET_RATEADAPT_MODE);
3636	cmd->header.length = cpu_to_le16(sizeof(*cmd));
3637	cmd->action = cpu_to_le16(MWL8K_CMD_SET);
3638	cmd->mode = cpu_to_le16(mode);
3639
3640	rc = mwl8k_post_cmd(hw, &cmd->header);
3641	kfree(cmd);
3642
3643	return rc;
3644}
3645
3646/*
3647 * CMD_GET_WATCHDOG_BITMAP.
3648 */
3649struct mwl8k_cmd_get_watchdog_bitmap {
3650	struct mwl8k_cmd_pkt header;
3651	u8	bitmap;
3652} __packed;
3653
3654static int mwl8k_cmd_get_watchdog_bitmap(struct ieee80211_hw *hw, u8 *bitmap)
3655{
3656	struct mwl8k_cmd_get_watchdog_bitmap *cmd;
3657	int rc;
3658
3659	cmd = kzalloc(sizeof(*cmd), GFP_KERNEL);
3660	if (cmd == NULL)
3661		return -ENOMEM;
3662
3663	cmd->header.code = cpu_to_le16(MWL8K_CMD_GET_WATCHDOG_BITMAP);
3664	cmd->header.length = cpu_to_le16(sizeof(*cmd));
3665
3666	rc = mwl8k_post_cmd(hw, &cmd->header);
3667	if (!rc)
3668		*bitmap = cmd->bitmap;
3669
3670	kfree(cmd);
3671
3672	return rc;
3673}
3674
3675#define MWL8K_WMM_QUEUE_NUMBER	3
3676
3677static void mwl8k_destroy_ba(struct ieee80211_hw *hw,
3678			     u8 idx);
3679
3680static void mwl8k_watchdog_ba_events(struct work_struct *work)
3681{
3682	int rc;
3683	u8 bitmap = 0, stream_index;
3684	struct mwl8k_ampdu_stream *streams;
3685	struct mwl8k_priv *priv =
3686		container_of(work, struct mwl8k_priv, watchdog_ba_handle);
3687	struct ieee80211_hw *hw = priv->hw;
3688	int i;
3689	u32 status = 0;
3690
3691	mwl8k_fw_lock(hw);
3692
3693	rc = mwl8k_cmd_get_watchdog_bitmap(priv->hw, &bitmap);
3694	if (rc)
3695		goto done;
3696
3697	spin_lock(&priv->stream_lock);
3698
3699	/* the bitmap is the hw queue number.  Map it to the ampdu queue. */
3700	for (i = 0; i < TOTAL_HW_TX_QUEUES; i++) {
3701		if (bitmap & (1 << i)) {
3702			stream_index = (i + MWL8K_WMM_QUEUE_NUMBER) %
3703				       TOTAL_HW_TX_QUEUES;
3704			streams = &priv->ampdu[stream_index];
3705			if (streams->state == AMPDU_STREAM_ACTIVE) {
3706				ieee80211_stop_tx_ba_session(streams->sta,
3707							     streams->tid);
3708				spin_unlock(&priv->stream_lock);
3709				mwl8k_destroy_ba(hw, stream_index);
3710				spin_lock(&priv->stream_lock);
3711			}
3712		}
3713	}
3714
3715	spin_unlock(&priv->stream_lock);
3716done:
3717	atomic_dec(&priv->watchdog_event_pending);
3718	status = ioread32(priv->regs + MWL8K_HIU_A2H_INTERRUPT_STATUS_MASK);
3719	iowrite32((status | MWL8K_A2H_INT_BA_WATCHDOG),
3720		  priv->regs + MWL8K_HIU_A2H_INTERRUPT_STATUS_MASK);
3721	mwl8k_fw_unlock(hw);
3722	return;
3723}
3724
3725
3726/*
3727 * CMD_BSS_START.
3728 */
3729struct mwl8k_cmd_bss_start {
3730	struct mwl8k_cmd_pkt header;
3731	__le32 enable;
3732} __packed;
3733
3734static int mwl8k_cmd_bss_start(struct ieee80211_hw *hw,
3735			       struct ieee80211_vif *vif, int enable)
3736{
3737	struct mwl8k_cmd_bss_start *cmd;
3738	struct mwl8k_vif *mwl8k_vif = MWL8K_VIF(vif);
3739	struct mwl8k_priv *priv = hw->priv;
3740	int rc;
3741
3742	if (enable && (priv->running_bsses & (1 << mwl8k_vif->macid)))
3743		return 0;
3744
3745	if (!enable && !(priv->running_bsses & (1 << mwl8k_vif->macid)))
3746		return 0;
3747
3748	cmd = kzalloc(sizeof(*cmd), GFP_KERNEL);
3749	if (cmd == NULL)
3750		return -ENOMEM;
3751
3752	cmd->header.code = cpu_to_le16(MWL8K_CMD_BSS_START);
3753	cmd->header.length = cpu_to_le16(sizeof(*cmd));
3754	cmd->enable = cpu_to_le32(enable);
3755
3756	rc = mwl8k_post_pervif_cmd(hw, vif, &cmd->header);
3757	kfree(cmd);
3758
3759	if (!rc) {
3760		if (enable)
3761			priv->running_bsses |= (1 << mwl8k_vif->macid);
3762		else
3763			priv->running_bsses &= ~(1 << mwl8k_vif->macid);
3764	}
3765	return rc;
3766}
3767
3768static void mwl8k_enable_bsses(struct ieee80211_hw *hw, bool enable, u32 bitmap)
3769{
3770	struct mwl8k_priv *priv = hw->priv;
3771	struct mwl8k_vif *mwl8k_vif, *tmp_vif;
3772	struct ieee80211_vif *vif;
3773
3774	list_for_each_entry_safe(mwl8k_vif, tmp_vif, &priv->vif_list, list) {
3775		vif = mwl8k_vif->vif;
3776
3777		if (!(bitmap & (1 << mwl8k_vif->macid)))
3778			continue;
3779
3780		if (vif->type == NL80211_IFTYPE_AP)
3781			mwl8k_cmd_bss_start(hw, vif, enable);
3782	}
3783}
3784/*
3785 * CMD_BASTREAM.
3786 */
3787
3788/*
3789 * UPSTREAM is tx direction
3790 */
3791#define BASTREAM_FLAG_DIRECTION_UPSTREAM	0x00
3792#define BASTREAM_FLAG_IMMEDIATE_TYPE		0x01
3793
3794enum ba_stream_action_type {
3795	MWL8K_BA_CREATE,
3796	MWL8K_BA_UPDATE,
3797	MWL8K_BA_DESTROY,
3798	MWL8K_BA_FLUSH,
3799	MWL8K_BA_CHECK,
3800};
3801
3802
3803struct mwl8k_create_ba_stream {
3804	__le32	flags;
3805	__le32	idle_thrs;
3806	__le32	bar_thrs;
3807	__le32	window_size;
3808	u8	peer_mac_addr[6];
3809	u8	dialog_token;
3810	u8	tid;
3811	u8	queue_id;
3812	u8	param_info;
3813	__le32	ba_context;
3814	u8	reset_seq_no_flag;
3815	__le16	curr_seq_no;
3816	u8	sta_src_mac_addr[6];
3817} __packed;
3818
3819struct mwl8k_destroy_ba_stream {
3820	__le32	flags;
3821	__le32	ba_context;
3822} __packed;
3823
3824struct mwl8k_cmd_bastream {
3825	struct mwl8k_cmd_pkt	header;
3826	__le32	action;
3827	union {
3828		struct mwl8k_create_ba_stream	create_params;
3829		struct mwl8k_destroy_ba_stream	destroy_params;
3830	};
3831} __packed;
3832
3833static int
3834mwl8k_check_ba(struct ieee80211_hw *hw, struct mwl8k_ampdu_stream *stream,
3835	       struct ieee80211_vif *vif)
3836{
3837	struct mwl8k_cmd_bastream *cmd;
3838	int rc;
3839
3840	cmd = kzalloc(sizeof(*cmd), GFP_KERNEL);
3841	if (cmd == NULL)
3842		return -ENOMEM;
3843
3844	cmd->header.code = cpu_to_le16(MWL8K_CMD_BASTREAM);
3845	cmd->header.length = cpu_to_le16(sizeof(*cmd));
3846
3847	cmd->action = cpu_to_le32(MWL8K_BA_CHECK);
3848
3849	cmd->create_params.queue_id = stream->idx;
3850	memcpy(&cmd->create_params.peer_mac_addr[0], stream->sta->addr,
3851	       ETH_ALEN);
3852	cmd->create_params.tid = stream->tid;
3853
3854	cmd->create_params.flags =
3855		cpu_to_le32(BASTREAM_FLAG_IMMEDIATE_TYPE) |
3856		cpu_to_le32(BASTREAM_FLAG_DIRECTION_UPSTREAM);
3857
3858	rc = mwl8k_post_pervif_cmd(hw, vif, &cmd->header);
3859
3860	kfree(cmd);
3861
3862	return rc;
3863}
3864
3865static int
3866mwl8k_create_ba(struct ieee80211_hw *hw, struct mwl8k_ampdu_stream *stream,
3867		u8 buf_size, struct ieee80211_vif *vif)
3868{
3869	struct mwl8k_cmd_bastream *cmd;
3870	int rc;
3871
3872	cmd = kzalloc(sizeof(*cmd), GFP_KERNEL);
3873	if (cmd == NULL)
3874		return -ENOMEM;
3875
3876
3877	cmd->header.code = cpu_to_le16(MWL8K_CMD_BASTREAM);
3878	cmd->header.length = cpu_to_le16(sizeof(*cmd));
3879
3880	cmd->action = cpu_to_le32(MWL8K_BA_CREATE);
3881
3882	cmd->create_params.bar_thrs = cpu_to_le32((u32)buf_size);
3883	cmd->create_params.window_size = cpu_to_le32((u32)buf_size);
3884	cmd->create_params.queue_id = stream->idx;
3885
3886	memcpy(cmd->create_params.peer_mac_addr, stream->sta->addr, ETH_ALEN);
3887	cmd->create_params.tid = stream->tid;
3888	cmd->create_params.curr_seq_no = cpu_to_le16(0);
3889	cmd->create_params.reset_seq_no_flag = 1;
3890
3891	cmd->create_params.param_info =
3892		(stream->sta->ht_cap.ampdu_factor &
3893		 IEEE80211_HT_AMPDU_PARM_FACTOR) |
3894		((stream->sta->ht_cap.ampdu_density << 2) &
3895		 IEEE80211_HT_AMPDU_PARM_DENSITY);
3896
3897	cmd->create_params.flags =
3898		cpu_to_le32(BASTREAM_FLAG_IMMEDIATE_TYPE |
3899					BASTREAM_FLAG_DIRECTION_UPSTREAM);
3900
3901	rc = mwl8k_post_pervif_cmd(hw, vif, &cmd->header);
3902
3903	wiphy_debug(hw->wiphy, "Created a BA stream for %pM : tid %d\n",
3904		stream->sta->addr, stream->tid);
3905	kfree(cmd);
3906
3907	return rc;
3908}
3909
3910static void mwl8k_destroy_ba(struct ieee80211_hw *hw,
3911			     u8 idx)
3912{
3913	struct mwl8k_cmd_bastream *cmd;
3914
3915	cmd = kzalloc(sizeof(*cmd), GFP_KERNEL);
3916	if (cmd == NULL)
3917		return;
3918
3919	cmd->header.code = cpu_to_le16(MWL8K_CMD_BASTREAM);
3920	cmd->header.length = cpu_to_le16(sizeof(*cmd));
3921	cmd->action = cpu_to_le32(MWL8K_BA_DESTROY);
3922
3923	cmd->destroy_params.ba_context = cpu_to_le32(idx);
3924	mwl8k_post_cmd(hw, &cmd->header);
3925
3926	wiphy_debug(hw->wiphy, "Deleted BA stream index %d\n", idx);
3927
3928	kfree(cmd);
3929}
3930
3931/*
3932 * CMD_SET_NEW_STN.
3933 */
3934struct mwl8k_cmd_set_new_stn {
3935	struct mwl8k_cmd_pkt header;
3936	__le16 aid;
3937	__u8 mac_addr[6];
3938	__le16 stn_id;
3939	__le16 action;
3940	__le16 rsvd;
3941	__le32 legacy_rates;
3942	__u8 ht_rates[4];
3943	__le16 cap_info;
3944	__le16 ht_capabilities_info;
3945	__u8 mac_ht_param_info;
3946	__u8 rev;
3947	__u8 control_channel;
3948	__u8 add_channel;
3949	__le16 op_mode;
3950	__le16 stbc;
3951	__u8 add_qos_info;
3952	__u8 is_qos_sta;
3953	__le32 fw_sta_ptr;
3954} __packed;
3955
3956#define MWL8K_STA_ACTION_ADD		0
3957#define MWL8K_STA_ACTION_REMOVE		2
3958
3959static int mwl8k_cmd_set_new_stn_add(struct ieee80211_hw *hw,
3960				     struct ieee80211_vif *vif,
3961				     struct ieee80211_sta *sta)
3962{
3963	struct mwl8k_cmd_set_new_stn *cmd;
3964	u32 rates;
3965	int rc;
3966
3967	cmd = kzalloc(sizeof(*cmd), GFP_KERNEL);
3968	if (cmd == NULL)
3969		return -ENOMEM;
3970
3971	cmd->header.code = cpu_to_le16(MWL8K_CMD_SET_NEW_STN);
3972	cmd->header.length = cpu_to_le16(sizeof(*cmd));
3973	cmd->aid = cpu_to_le16(sta->aid);
3974	memcpy(cmd->mac_addr, sta->addr, ETH_ALEN);
3975	cmd->stn_id = cpu_to_le16(sta->aid);
3976	cmd->action = cpu_to_le16(MWL8K_STA_ACTION_ADD);
3977	if (hw->conf.chandef.chan->band == IEEE80211_BAND_2GHZ)
3978		rates = sta->supp_rates[IEEE80211_BAND_2GHZ];
3979	else
3980		rates = sta->supp_rates[IEEE80211_BAND_5GHZ] << 5;
3981	cmd->legacy_rates = cpu_to_le32(rates);
3982	if (sta->ht_cap.ht_supported) {
3983		cmd->ht_rates[0] = sta->ht_cap.mcs.rx_mask[0];
3984		cmd->ht_rates[1] = sta->ht_cap.mcs.rx_mask[1];
3985		cmd->ht_rates[2] = sta->ht_cap.mcs.rx_mask[2];
3986		cmd->ht_rates[3] = sta->ht_cap.mcs.rx_mask[3];
3987		cmd->ht_capabilities_info = cpu_to_le16(sta->ht_cap.cap);
3988		cmd->mac_ht_param_info = (sta->ht_cap.ampdu_factor & 3) |
3989			((sta->ht_cap.ampdu_density & 7) << 2);
3990		cmd->is_qos_sta = 1;
3991	}
3992
3993	rc = mwl8k_post_pervif_cmd(hw, vif, &cmd->header);
3994	kfree(cmd);
3995
3996	return rc;
3997}
3998
3999static int mwl8k_cmd_set_new_stn_add_self(struct ieee80211_hw *hw,
4000					  struct ieee80211_vif *vif)
4001{
4002	struct mwl8k_cmd_set_new_stn *cmd;
4003	int rc;
4004
4005	cmd = kzalloc(sizeof(*cmd), GFP_KERNEL);
4006	if (cmd == NULL)
4007		return -ENOMEM;
4008
4009	cmd->header.code = cpu_to_le16(MWL8K_CMD_SET_NEW_STN);
4010	cmd->header.length = cpu_to_le16(sizeof(*cmd));
4011	memcpy(cmd->mac_addr, vif->addr, ETH_ALEN);
4012
4013	rc = mwl8k_post_pervif_cmd(hw, vif, &cmd->header);
4014	kfree(cmd);
4015
4016	return rc;
4017}
4018
4019static int mwl8k_cmd_set_new_stn_del(struct ieee80211_hw *hw,
4020				     struct ieee80211_vif *vif, u8 *addr)
4021{
4022	struct mwl8k_cmd_set_new_stn *cmd;
4023	struct mwl8k_priv *priv = hw->priv;
4024	int rc, i;
4025	u8 idx;
4026
4027	spin_lock(&priv->stream_lock);
4028	/* Destroy any active ampdu streams for this sta */
4029	for (i = 0; i < MWL8K_NUM_AMPDU_STREAMS; i++) {
4030		struct mwl8k_ampdu_stream *s;
4031		s = &priv->ampdu[i];
4032		if (s->state != AMPDU_NO_STREAM) {
4033			if (memcmp(s->sta->addr, addr, ETH_ALEN) == 0) {
4034				if (s->state == AMPDU_STREAM_ACTIVE) {
4035					idx = s->idx;
4036					spin_unlock(&priv->stream_lock);
4037					mwl8k_destroy_ba(hw, idx);
4038					spin_lock(&priv->stream_lock);
4039				} else if (s->state == AMPDU_STREAM_NEW) {
4040					mwl8k_remove_stream(hw, s);
4041				}
4042			}
4043		}
4044	}
4045
4046	spin_unlock(&priv->stream_lock);
4047
4048	cmd = kzalloc(sizeof(*cmd), GFP_KERNEL);
4049	if (cmd == NULL)
4050		return -ENOMEM;
4051
4052	cmd->header.code = cpu_to_le16(MWL8K_CMD_SET_NEW_STN);
4053	cmd->header.length = cpu_to_le16(sizeof(*cmd));
4054	memcpy(cmd->mac_addr, addr, ETH_ALEN);
4055	cmd->action = cpu_to_le16(MWL8K_STA_ACTION_REMOVE);
4056
4057	rc = mwl8k_post_pervif_cmd(hw, vif, &cmd->header);
4058	kfree(cmd);
4059
4060	return rc;
4061}
4062
4063/*
4064 * CMD_UPDATE_ENCRYPTION.
4065 */
4066
4067#define MAX_ENCR_KEY_LENGTH	16
4068#define MIC_KEY_LENGTH		8
4069
4070struct mwl8k_cmd_update_encryption {
4071	struct mwl8k_cmd_pkt header;
4072
4073	__le32 action;
4074	__le32 reserved;
4075	__u8 mac_addr[6];
4076	__u8 encr_type;
4077
4078} __packed;
4079
4080struct mwl8k_cmd_set_key {
4081	struct mwl8k_cmd_pkt header;
4082
4083	__le32 action;
4084	__le32 reserved;
4085	__le16 length;
4086	__le16 key_type_id;
4087	__le32 key_info;
4088	__le32 key_id;
4089	__le16 key_len;
4090	__u8 key_material[MAX_ENCR_KEY_LENGTH];
4091	__u8 tkip_tx_mic_key[MIC_KEY_LENGTH];
4092	__u8 tkip_rx_mic_key[MIC_KEY_LENGTH];
4093	__le16 tkip_rsc_low;
4094	__le32 tkip_rsc_high;
4095	__le16 tkip_tsc_low;
4096	__le32 tkip_tsc_high;
4097	__u8 mac_addr[6];
4098} __packed;
4099
4100enum {
4101	MWL8K_ENCR_ENABLE,
4102	MWL8K_ENCR_SET_KEY,
4103	MWL8K_ENCR_REMOVE_KEY,
4104	MWL8K_ENCR_SET_GROUP_KEY,
4105};
4106
4107#define MWL8K_UPDATE_ENCRYPTION_TYPE_WEP	0
4108#define MWL8K_UPDATE_ENCRYPTION_TYPE_DISABLE	1
4109#define MWL8K_UPDATE_ENCRYPTION_TYPE_TKIP	4
4110#define MWL8K_UPDATE_ENCRYPTION_TYPE_MIXED	7
4111#define MWL8K_UPDATE_ENCRYPTION_TYPE_AES	8
4112
4113enum {
4114	MWL8K_ALG_WEP,
4115	MWL8K_ALG_TKIP,
4116	MWL8K_ALG_CCMP,
4117};
4118
4119#define MWL8K_KEY_FLAG_TXGROUPKEY	0x00000004
4120#define MWL8K_KEY_FLAG_PAIRWISE		0x00000008
4121#define MWL8K_KEY_FLAG_TSC_VALID	0x00000040
4122#define MWL8K_KEY_FLAG_WEP_TXKEY	0x01000000
4123#define MWL8K_KEY_FLAG_MICKEY_VALID	0x02000000
4124
4125static int mwl8k_cmd_update_encryption_enable(struct ieee80211_hw *hw,
4126					      struct ieee80211_vif *vif,
4127					      u8 *addr,
4128					      u8 encr_type)
4129{
4130	struct mwl8k_cmd_update_encryption *cmd;
4131	int rc;
4132
4133	cmd = kzalloc(sizeof(*cmd), GFP_KERNEL);
4134	if (cmd == NULL)
4135		return -ENOMEM;
4136
4137	cmd->header.code = cpu_to_le16(MWL8K_CMD_UPDATE_ENCRYPTION);
4138	cmd->header.length = cpu_to_le16(sizeof(*cmd));
4139	cmd->action = cpu_to_le32(MWL8K_ENCR_ENABLE);
4140	memcpy(cmd->mac_addr, addr, ETH_ALEN);
4141	cmd->encr_type = encr_type;
4142
4143	rc = mwl8k_post_pervif_cmd(hw, vif, &cmd->header);
4144	kfree(cmd);
4145
4146	return rc;
4147}
4148
4149static int mwl8k_encryption_set_cmd_info(struct mwl8k_cmd_set_key *cmd,
4150						u8 *addr,
4151						struct ieee80211_key_conf *key)
4152{
4153	cmd->header.code = cpu_to_le16(MWL8K_CMD_UPDATE_ENCRYPTION);
4154	cmd->header.length = cpu_to_le16(sizeof(*cmd));
4155	cmd->length = cpu_to_le16(sizeof(*cmd) -
4156				offsetof(struct mwl8k_cmd_set_key, length));
4157	cmd->key_id = cpu_to_le32(key->keyidx);
4158	cmd->key_len = cpu_to_le16(key->keylen);
4159	memcpy(cmd->mac_addr, addr, ETH_ALEN);
4160
4161	switch (key->cipher) {
4162	case WLAN_CIPHER_SUITE_WEP40:
4163	case WLAN_CIPHER_SUITE_WEP104:
4164		cmd->key_type_id = cpu_to_le16(MWL8K_ALG_WEP);
4165		if (key->keyidx == 0)
4166			cmd->key_info =	cpu_to_le32(MWL8K_KEY_FLAG_WEP_TXKEY);
4167
4168		break;
4169	case WLAN_CIPHER_SUITE_TKIP:
4170		cmd->key_type_id = cpu_to_le16(MWL8K_ALG_TKIP);
4171		cmd->key_info =	(key->flags & IEEE80211_KEY_FLAG_PAIRWISE)
4172			? cpu_to_le32(MWL8K_KEY_FLAG_PAIRWISE)
4173			: cpu_to_le32(MWL8K_KEY_FLAG_TXGROUPKEY);
4174		cmd->key_info |= cpu_to_le32(MWL8K_KEY_FLAG_MICKEY_VALID
4175						| MWL8K_KEY_FLAG_TSC_VALID);
4176		break;
4177	case WLAN_CIPHER_SUITE_CCMP:
4178		cmd->key_type_id = cpu_to_le16(MWL8K_ALG_CCMP);
4179		cmd->key_info =	(key->flags & IEEE80211_KEY_FLAG_PAIRWISE)
4180			? cpu_to_le32(MWL8K_KEY_FLAG_PAIRWISE)
4181			: cpu_to_le32(MWL8K_KEY_FLAG_TXGROUPKEY);
4182		break;
4183	default:
4184		return -ENOTSUPP;
4185	}
4186
4187	return 0;
4188}
4189
4190static int mwl8k_cmd_encryption_set_key(struct ieee80211_hw *hw,
4191						struct ieee80211_vif *vif,
4192						u8 *addr,
4193						struct ieee80211_key_conf *key)
4194{
4195	struct mwl8k_cmd_set_key *cmd;
4196	int rc;
4197	int keymlen;
4198	u32 action;
4199	u8 idx;
4200	struct mwl8k_vif *mwl8k_vif = MWL8K_VIF(vif);
4201
4202	cmd = kzalloc(sizeof(*cmd), GFP_KERNEL);
4203	if (cmd == NULL)
4204		return -ENOMEM;
4205
4206	rc = mwl8k_encryption_set_cmd_info(cmd, addr, key);
4207	if (rc < 0)
4208		goto done;
4209
4210	idx = key->keyidx;
4211
4212	if (key->flags & IEEE80211_KEY_FLAG_PAIRWISE)
4213		action = MWL8K_ENCR_SET_KEY;
4214	else
4215		action = MWL8K_ENCR_SET_GROUP_KEY;
4216
4217	switch (key->cipher) {
4218	case WLAN_CIPHER_SUITE_WEP40:
4219	case WLAN_CIPHER_SUITE_WEP104:
4220		if (!mwl8k_vif->wep_key_conf[idx].enabled) {
4221			memcpy(mwl8k_vif->wep_key_conf[idx].key, key,
4222						sizeof(*key) + key->keylen);
4223			mwl8k_vif->wep_key_conf[idx].enabled = 1;
4224		}
4225
4226		keymlen = key->keylen;
4227		action = MWL8K_ENCR_SET_KEY;
4228		break;
4229	case WLAN_CIPHER_SUITE_TKIP:
4230		keymlen = MAX_ENCR_KEY_LENGTH + 2 * MIC_KEY_LENGTH;
4231		break;
4232	case WLAN_CIPHER_SUITE_CCMP:
4233		keymlen = key->keylen;
4234		break;
4235	default:
4236		rc = -ENOTSUPP;
4237		goto done;
4238	}
4239
4240	memcpy(cmd->key_material, key->key, keymlen);
4241	cmd->action = cpu_to_le32(action);
4242
4243	rc = mwl8k_post_pervif_cmd(hw, vif, &cmd->header);
4244done:
4245	kfree(cmd);
4246
4247	return rc;
4248}
4249
4250static int mwl8k_cmd_encryption_remove_key(struct ieee80211_hw *hw,
4251						struct ieee80211_vif *vif,
4252						u8 *addr,
4253						struct ieee80211_key_conf *key)
4254{
4255	struct mwl8k_cmd_set_key *cmd;
4256	int rc;
4257	struct mwl8k_vif *mwl8k_vif = MWL8K_VIF(vif);
4258
4259	cmd = kzalloc(sizeof(*cmd), GFP_KERNEL);
4260	if (cmd == NULL)
4261		return -ENOMEM;
4262
4263	rc = mwl8k_encryption_set_cmd_info(cmd, addr, key);
4264	if (rc < 0)
4265		goto done;
4266
4267	if (key->cipher == WLAN_CIPHER_SUITE_WEP40 ||
4268			key->cipher == WLAN_CIPHER_SUITE_WEP104)
4269		mwl8k_vif->wep_key_conf[key->keyidx].enabled = 0;
4270
4271	cmd->action = cpu_to_le32(MWL8K_ENCR_REMOVE_KEY);
4272
4273	rc = mwl8k_post_pervif_cmd(hw, vif, &cmd->header);
4274done:
4275	kfree(cmd);
4276
4277	return rc;
4278}
4279
4280static int mwl8k_set_key(struct ieee80211_hw *hw,
4281			 enum set_key_cmd cmd_param,
4282			 struct ieee80211_vif *vif,
4283			 struct ieee80211_sta *sta,
4284			 struct ieee80211_key_conf *key)
4285{
4286	int rc = 0;
4287	u8 encr_type;
4288	u8 *addr;
4289	struct mwl8k_vif *mwl8k_vif = MWL8K_VIF(vif);
4290	struct mwl8k_priv *priv = hw->priv;
4291
4292	if (vif->type == NL80211_IFTYPE_STATION && !priv->ap_fw)
4293		return -EOPNOTSUPP;
4294
4295	if (sta == NULL)
4296		addr = vif->addr;
4297	else
4298		addr = sta->addr;
4299
4300	if (cmd_param == SET_KEY) {
4301		rc = mwl8k_cmd_encryption_set_key(hw, vif, addr, key);
4302		if (rc)
4303			goto out;
4304
4305		if ((key->cipher == WLAN_CIPHER_SUITE_WEP40)
4306				|| (key->cipher == WLAN_CIPHER_SUITE_WEP104))
4307			encr_type = MWL8K_UPDATE_ENCRYPTION_TYPE_WEP;
4308		else
4309			encr_type = MWL8K_UPDATE_ENCRYPTION_TYPE_MIXED;
4310
4311		rc = mwl8k_cmd_update_encryption_enable(hw, vif, addr,
4312								encr_type);
4313		if (rc)
4314			goto out;
4315
4316		mwl8k_vif->is_hw_crypto_enabled = true;
4317
4318	} else {
4319		rc = mwl8k_cmd_encryption_remove_key(hw, vif, addr, key);
4320
4321		if (rc)
4322			goto out;
4323	}
4324out:
4325	return rc;
4326}
4327
4328/*
4329 * CMD_UPDATE_STADB.
4330 */
4331struct ewc_ht_info {
4332	__le16	control1;
4333	__le16	control2;
4334	__le16	control3;
4335} __packed;
4336
4337struct peer_capability_info {
4338	/* Peer type - AP vs. STA.  */
4339	__u8	peer_type;
4340
4341	/* Basic 802.11 capabilities from assoc resp.  */
4342	__le16	basic_caps;
4343
4344	/* Set if peer supports 802.11n high throughput (HT).  */
4345	__u8	ht_support;
4346
4347	/* Valid if HT is supported.  */
4348	__le16	ht_caps;
4349	__u8	extended_ht_caps;
4350	struct ewc_ht_info	ewc_info;
4351
4352	/* Legacy rate table. Intersection of our rates and peer rates.  */
4353	__u8	legacy_rates[12];
4354
4355	/* HT rate table. Intersection of our rates and peer rates.  */
4356	__u8	ht_rates[16];
4357	__u8	pad[16];
4358
4359	/* If set, interoperability mode, no proprietary extensions.  */
4360	__u8	interop;
4361	__u8	pad2;
4362	__u8	station_id;
4363	__le16	amsdu_enabled;
4364} __packed;
4365
4366struct mwl8k_cmd_update_stadb {
4367	struct mwl8k_cmd_pkt header;
4368
4369	/* See STADB_ACTION_TYPE */
4370	__le32	action;
4371
4372	/* Peer MAC address */
4373	__u8	peer_addr[ETH_ALEN];
4374
4375	__le32	reserved;
4376
4377	/* Peer info - valid during add/update.  */
4378	struct peer_capability_info	peer_info;
4379} __packed;
4380
4381#define MWL8K_STA_DB_MODIFY_ENTRY	1
4382#define MWL8K_STA_DB_DEL_ENTRY		2
4383
4384/* Peer Entry flags - used to define the type of the peer node */
4385#define MWL8K_PEER_TYPE_ACCESSPOINT	2
4386
4387static int mwl8k_cmd_update_stadb_add(struct ieee80211_hw *hw,
4388				      struct ieee80211_vif *vif,
4389				      struct ieee80211_sta *sta)
4390{
4391	struct mwl8k_cmd_update_stadb *cmd;
4392	struct peer_capability_info *p;
4393	u32 rates;
4394	int rc;
4395
4396	cmd = kzalloc(sizeof(*cmd), GFP_KERNEL);
4397	if (cmd == NULL)
4398		return -ENOMEM;
4399
4400	cmd->header.code = cpu_to_le16(MWL8K_CMD_UPDATE_STADB);
4401	cmd->header.length = cpu_to_le16(sizeof(*cmd));
4402	cmd->action = cpu_to_le32(MWL8K_STA_DB_MODIFY_ENTRY);
4403	memcpy(cmd->peer_addr, sta->addr, ETH_ALEN);
4404
4405	p = &cmd->peer_info;
4406	p->peer_type = MWL8K_PEER_TYPE_ACCESSPOINT;
4407	p->basic_caps = cpu_to_le16(vif->bss_conf.assoc_capability);
4408	p->ht_support = sta->ht_cap.ht_supported;
4409	p->ht_caps = cpu_to_le16(sta->ht_cap.cap);
4410	p->extended_ht_caps = (sta->ht_cap.ampdu_factor & 3) |
4411		((sta->ht_cap.ampdu_density & 7) << 2);
4412	if (hw->conf.chandef.chan->band == IEEE80211_BAND_2GHZ)
4413		rates = sta->supp_rates[IEEE80211_BAND_2GHZ];
4414	else
4415		rates = sta->supp_rates[IEEE80211_BAND_5GHZ] << 5;
4416	legacy_rate_mask_to_array(p->legacy_rates, rates);
4417	memcpy(p->ht_rates, sta->ht_cap.mcs.rx_mask, 16);
4418	p->interop = 1;
4419	p->amsdu_enabled = 0;
4420
4421	rc = mwl8k_post_cmd(hw, &cmd->header);
4422	if (!rc)
4423		rc = p->station_id;
4424	kfree(cmd);
4425
4426	return rc;
4427}
4428
4429static int mwl8k_cmd_update_stadb_del(struct ieee80211_hw *hw,
4430				      struct ieee80211_vif *vif, u8 *addr)
4431{
4432	struct mwl8k_cmd_update_stadb *cmd;
4433	int rc;
4434
4435	cmd = kzalloc(sizeof(*cmd), GFP_KERNEL);
4436	if (cmd == NULL)
4437		return -ENOMEM;
4438
4439	cmd->header.code = cpu_to_le16(MWL8K_CMD_UPDATE_STADB);
4440	cmd->header.length = cpu_to_le16(sizeof(*cmd));
4441	cmd->action = cpu_to_le32(MWL8K_STA_DB_DEL_ENTRY);
4442	memcpy(cmd->peer_addr, addr, ETH_ALEN);
4443
4444	rc = mwl8k_post_cmd(hw, &cmd->header);
4445	kfree(cmd);
4446
4447	return rc;
4448}
4449
4450
4451/*
4452 * Interrupt handling.
4453 */
4454static irqreturn_t mwl8k_interrupt(int irq, void *dev_id)
4455{
4456	struct ieee80211_hw *hw = dev_id;
4457	struct mwl8k_priv *priv = hw->priv;
4458	u32 status;
4459
4460	status = ioread32(priv->regs + MWL8K_HIU_A2H_INTERRUPT_STATUS);
4461	if (!status)
4462		return IRQ_NONE;
4463
4464	if (status & MWL8K_A2H_INT_TX_DONE) {
4465		status &= ~MWL8K_A2H_INT_TX_DONE;
4466		tasklet_schedule(&priv->poll_tx_task);
4467	}
4468
4469	if (status & MWL8K_A2H_INT_RX_READY) {
4470		status &= ~MWL8K_A2H_INT_RX_READY;
4471		tasklet_schedule(&priv->poll_rx_task);
4472	}
4473
4474	if (status & MWL8K_A2H_INT_BA_WATCHDOG) {
4475		iowrite32(~MWL8K_A2H_INT_BA_WATCHDOG,
4476			  priv->regs + MWL8K_HIU_A2H_INTERRUPT_STATUS_MASK);
4477
4478		atomic_inc(&priv->watchdog_event_pending);
4479		status &= ~MWL8K_A2H_INT_BA_WATCHDOG;
4480		ieee80211_queue_work(hw, &priv->watchdog_ba_handle);
4481	}
4482
4483	if (status)
4484		iowrite32(~status, priv->regs + MWL8K_HIU_A2H_INTERRUPT_STATUS);
4485
4486	if (status & MWL8K_A2H_INT_OPC_DONE) {
4487		if (priv->hostcmd_wait != NULL)
4488			complete(priv->hostcmd_wait);
4489	}
4490
4491	if (status & MWL8K_A2H_INT_QUEUE_EMPTY) {
4492		if (!mutex_is_locked(&priv->fw_mutex) &&
4493		    priv->radio_on && priv->pending_tx_pkts)
4494			mwl8k_tx_start(priv);
4495	}
4496
4497	return IRQ_HANDLED;
4498}
4499
4500static void mwl8k_tx_poll(unsigned long data)
4501{
4502	struct ieee80211_hw *hw = (struct ieee80211_hw *)data;
4503	struct mwl8k_priv *priv = hw->priv;
4504	int limit;
4505	int i;
4506
4507	limit = 32;
4508
4509	spin_lock_bh(&priv->tx_lock);
4510
4511	for (i = 0; i < mwl8k_tx_queues(priv); i++)
4512		limit -= mwl8k_txq_reclaim(hw, i, limit, 0);
4513
4514	if (!priv->pending_tx_pkts && priv->tx_wait != NULL) {
4515		complete(priv->tx_wait);
4516		priv->tx_wait = NULL;
4517	}
4518
4519	spin_unlock_bh(&priv->tx_lock);
4520
4521	if (limit) {
4522		writel(~MWL8K_A2H_INT_TX_DONE,
4523		       priv->regs + MWL8K_HIU_A2H_INTERRUPT_STATUS);
4524	} else {
4525		tasklet_schedule(&priv->poll_tx_task);
4526	}
4527}
4528
4529static void mwl8k_rx_poll(unsigned long data)
4530{
4531	struct ieee80211_hw *hw = (struct ieee80211_hw *)data;
4532	struct mwl8k_priv *priv = hw->priv;
4533	int limit;
4534
4535	limit = 32;
4536	limit -= rxq_process(hw, 0, limit);
4537	limit -= rxq_refill(hw, 0, limit);
4538
4539	if (limit) {
4540		writel(~MWL8K_A2H_INT_RX_READY,
4541		       priv->regs + MWL8K_HIU_A2H_INTERRUPT_STATUS);
4542	} else {
4543		tasklet_schedule(&priv->poll_rx_task);
4544	}
4545}
4546
4547
4548/*
4549 * Core driver operations.
4550 */
4551static void mwl8k_tx(struct ieee80211_hw *hw,
4552		     struct ieee80211_tx_control *control,
4553		     struct sk_buff *skb)
4554{
4555	struct mwl8k_priv *priv = hw->priv;
4556	int index = skb_get_queue_mapping(skb);
4557
4558	if (!priv->radio_on) {
4559		wiphy_debug(hw->wiphy,
4560			    "dropped TX frame since radio disabled\n");
4561		dev_kfree_skb(skb);
4562		return;
4563	}
4564
4565	mwl8k_txq_xmit(hw, index, control->sta, skb);
4566}
4567
4568static int mwl8k_start(struct ieee80211_hw *hw)
4569{
4570	struct mwl8k_priv *priv = hw->priv;
4571	int rc;
4572
4573	rc = request_irq(priv->pdev->irq, mwl8k_interrupt,
4574			 IRQF_SHARED, MWL8K_NAME, hw);
4575	if (rc) {
4576		priv->irq = -1;
4577		wiphy_err(hw->wiphy, "failed to register IRQ handler\n");
4578		return -EIO;
4579	}
4580	priv->irq = priv->pdev->irq;
4581
4582	/* Enable TX reclaim and RX tasklets.  */
4583	tasklet_enable(&priv->poll_tx_task);
4584	tasklet_enable(&priv->poll_rx_task);
4585
4586	/* Enable interrupts */
4587	iowrite32(MWL8K_A2H_EVENTS, priv->regs + MWL8K_HIU_A2H_INTERRUPT_MASK);
4588	iowrite32(MWL8K_A2H_EVENTS,
4589		  priv->regs + MWL8K_HIU_A2H_INTERRUPT_STATUS_MASK);
4590
4591	rc = mwl8k_fw_lock(hw);
4592	if (!rc) {
4593		rc = mwl8k_cmd_radio_enable(hw);
4594
4595		if (!priv->ap_fw) {
4596			if (!rc)
4597				rc = mwl8k_cmd_enable_sniffer(hw, 0);
4598
4599			if (!rc)
4600				rc = mwl8k_cmd_set_pre_scan(hw);
4601
4602			if (!rc)
4603				rc = mwl8k_cmd_set_post_scan(hw,
4604						"\x00\x00\x00\x00\x00\x00");
4605		}
4606
4607		if (!rc)
4608			rc = mwl8k_cmd_set_rateadapt_mode(hw, 0);
4609
4610		if (!rc)
4611			rc = mwl8k_cmd_set_wmm_mode(hw, 0);
4612
4613		mwl8k_fw_unlock(hw);
4614	}
4615
4616	if (rc) {
4617		iowrite32(0, priv->regs + MWL8K_HIU_A2H_INTERRUPT_MASK);
4618		free_irq(priv->pdev->irq, hw);
4619		priv->irq = -1;
4620		tasklet_disable(&priv->poll_tx_task);
4621		tasklet_disable(&priv->poll_rx_task);
4622	} else {
4623		ieee80211_wake_queues(hw);
4624	}
4625
4626	return rc;
4627}
4628
4629static void mwl8k_stop(struct ieee80211_hw *hw)
4630{
4631	struct mwl8k_priv *priv = hw->priv;
4632	int i;
4633
4634	if (!priv->hw_restart_in_progress)
4635		mwl8k_cmd_radio_disable(hw);
4636
4637	ieee80211_stop_queues(hw);
4638
4639	/* Disable interrupts */
4640	iowrite32(0, priv->regs + MWL8K_HIU_A2H_INTERRUPT_MASK);
4641	if (priv->irq != -1) {
4642		free_irq(priv->pdev->irq, hw);
4643		priv->irq = -1;
4644	}
4645
4646	/* Stop finalize join worker */
4647	cancel_work_sync(&priv->finalize_join_worker);
4648	cancel_work_sync(&priv->watchdog_ba_handle);
4649	if (priv->beacon_skb != NULL)
4650		dev_kfree_skb(priv->beacon_skb);
4651
4652	/* Stop TX reclaim and RX tasklets.  */
4653	tasklet_disable(&priv->poll_tx_task);
4654	tasklet_disable(&priv->poll_rx_task);
4655
4656	/* Return all skbs to mac80211 */
4657	for (i = 0; i < mwl8k_tx_queues(priv); i++)
4658		mwl8k_txq_reclaim(hw, i, INT_MAX, 1);
4659}
4660
4661static int mwl8k_reload_firmware(struct ieee80211_hw *hw, char *fw_image);
4662
4663static int mwl8k_add_interface(struct ieee80211_hw *hw,
4664			       struct ieee80211_vif *vif)
4665{
4666	struct mwl8k_priv *priv = hw->priv;
4667	struct mwl8k_vif *mwl8k_vif;
4668	u32 macids_supported;
4669	int macid, rc;
4670	struct mwl8k_device_info *di;
4671
4672	/*
4673	 * Reject interface creation if sniffer mode is active, as
4674	 * STA operation is mutually exclusive with hardware sniffer
4675	 * mode.  (Sniffer mode is only used on STA firmware.)
4676	 */
4677	if (priv->sniffer_enabled) {
4678		wiphy_info(hw->wiphy,
4679			   "unable to create STA interface because sniffer mode is enabled\n");
4680		return -EINVAL;
4681	}
4682
4683	di = priv->device_info;
4684	switch (vif->type) {
4685	case NL80211_IFTYPE_AP:
4686		if (!priv->ap_fw && di->fw_image_ap) {
4687			/* we must load the ap fw to meet this request */
4688			if (!list_empty(&priv->vif_list))
4689				return -EBUSY;
4690			rc = mwl8k_reload_firmware(hw, di->fw_image_ap);
4691			if (rc)
4692				return rc;
4693		}
4694		macids_supported = priv->ap_macids_supported;
4695		break;
4696	case NL80211_IFTYPE_STATION:
4697		if (priv->ap_fw && di->fw_image_sta) {
4698			if (!list_empty(&priv->vif_list)) {
4699				wiphy_warn(hw->wiphy, "AP interface is running.\n"
4700					   "Adding STA interface for WDS");
4701			} else {
4702				/* we must load the sta fw to
4703				 * meet this request.
4704				 */
4705				rc = mwl8k_reload_firmware(hw,
4706							   di->fw_image_sta);
4707				if (rc)
4708					return rc;
4709			}
4710		}
4711		macids_supported = priv->sta_macids_supported;
4712		break;
4713	default:
4714		return -EINVAL;
4715	}
4716
4717	macid = ffs(macids_supported & ~priv->macids_used);
4718	if (!macid--)
4719		return -EBUSY;
4720
4721	/* Setup driver private area. */
4722	mwl8k_vif = MWL8K_VIF(vif);
4723	memset(mwl8k_vif, 0, sizeof(*mwl8k_vif));
4724	mwl8k_vif->vif = vif;
4725	mwl8k_vif->macid = macid;
4726	mwl8k_vif->seqno = 0;
4727	memcpy(mwl8k_vif->bssid, vif->addr, ETH_ALEN);
4728	mwl8k_vif->is_hw_crypto_enabled = false;
4729
4730	/* Set the mac address.  */
4731	mwl8k_cmd_set_mac_addr(hw, vif, vif->addr);
4732
4733	if (vif->type == NL80211_IFTYPE_AP)
4734		mwl8k_cmd_set_new_stn_add_self(hw, vif);
4735
4736	priv->macids_used |= 1 << mwl8k_vif->macid;
4737	list_add_tail(&mwl8k_vif->list, &priv->vif_list);
4738
4739	return 0;
4740}
4741
4742static void mwl8k_remove_vif(struct mwl8k_priv *priv, struct mwl8k_vif *vif)
4743{
4744	/* Has ieee80211_restart_hw re-added the removed interfaces? */
4745	if (!priv->macids_used)
4746		return;
4747
4748	priv->macids_used &= ~(1 << vif->macid);
4749	list_del(&vif->list);
4750}
4751
4752static void mwl8k_remove_interface(struct ieee80211_hw *hw,
4753				   struct ieee80211_vif *vif)
4754{
4755	struct mwl8k_priv *priv = hw->priv;
4756	struct mwl8k_vif *mwl8k_vif = MWL8K_VIF(vif);
4757
4758	if (vif->type == NL80211_IFTYPE_AP)
4759		mwl8k_cmd_set_new_stn_del(hw, vif, vif->addr);
4760
4761	mwl8k_cmd_del_mac_addr(hw, vif, vif->addr);
4762
4763	mwl8k_remove_vif(priv, mwl8k_vif);
4764}
4765
4766static void mwl8k_hw_restart_work(struct work_struct *work)
4767{
4768	struct mwl8k_priv *priv =
4769		container_of(work, struct mwl8k_priv, fw_reload);
4770	struct ieee80211_hw *hw = priv->hw;
4771	struct mwl8k_device_info *di;
4772	int rc;
4773
4774	/* If some command is waiting for a response, clear it */
4775	if (priv->hostcmd_wait != NULL) {
4776		complete(priv->hostcmd_wait);
4777		priv->hostcmd_wait = NULL;
4778	}
4779
4780	priv->hw_restart_owner = current;
4781	di = priv->device_info;
4782	mwl8k_fw_lock(hw);
4783
4784	if (priv->ap_fw)
4785		rc = mwl8k_reload_firmware(hw, di->fw_image_ap);
4786	else
4787		rc = mwl8k_reload_firmware(hw, di->fw_image_sta);
4788
4789	if (rc)
4790		goto fail;
4791
4792	priv->hw_restart_owner = NULL;
4793	priv->hw_restart_in_progress = false;
4794
4795	/*
4796	 * This unlock will wake up the queues and
4797	 * also opens the command path for other
4798	 * commands
4799	 */
4800	mwl8k_fw_unlock(hw);
4801
4802	ieee80211_restart_hw(hw);
4803
4804	wiphy_err(hw->wiphy, "Firmware restarted successfully\n");
4805
4806	return;
4807fail:
4808	mwl8k_fw_unlock(hw);
4809
4810	wiphy_err(hw->wiphy, "Firmware restart failed\n");
4811}
4812
4813static int mwl8k_config(struct ieee80211_hw *hw, u32 changed)
4814{
4815	struct ieee80211_conf *conf = &hw->conf;
4816	struct mwl8k_priv *priv = hw->priv;
4817	int rc;
4818
4819	rc = mwl8k_fw_lock(hw);
4820	if (rc)
4821		return rc;
4822
4823	if (conf->flags & IEEE80211_CONF_IDLE)
4824		rc = mwl8k_cmd_radio_disable(hw);
4825	else
4826		rc = mwl8k_cmd_radio_enable(hw);
4827	if (rc)
4828		goto out;
4829
4830	if (changed & IEEE80211_CONF_CHANGE_CHANNEL) {
4831		rc = mwl8k_cmd_set_rf_channel(hw, conf);
4832		if (rc)
4833			goto out;
4834	}
4835
4836	if (conf->power_level > 18)
4837		conf->power_level = 18;
4838
4839	if (priv->ap_fw) {
4840
4841		if (conf->flags & IEEE80211_CONF_CHANGE_POWER) {
4842			rc = mwl8k_cmd_tx_power(hw, conf, conf->power_level);
4843			if (rc)
4844				goto out;
4845		}
4846
4847
4848	} else {
4849		rc = mwl8k_cmd_rf_tx_power(hw, conf->power_level);
4850		if (rc)
4851			goto out;
4852		rc = mwl8k_cmd_mimo_config(hw, 0x7, 0x7);
4853	}
4854
4855out:
4856	mwl8k_fw_unlock(hw);
4857
4858	return rc;
4859}
4860
4861static void
4862mwl8k_bss_info_changed_sta(struct ieee80211_hw *hw, struct ieee80211_vif *vif,
4863			   struct ieee80211_bss_conf *info, u32 changed)
4864{
4865	struct mwl8k_priv *priv = hw->priv;
4866	u32 ap_legacy_rates = 0;
4867	u8 ap_mcs_rates[16];
4868	int rc;
4869
4870	if (mwl8k_fw_lock(hw))
4871		return;
4872
4873	/*
4874	 * No need to capture a beacon if we're no longer associated.
4875	 */
4876	if ((changed & BSS_CHANGED_ASSOC) && !vif->bss_conf.assoc)
4877		priv->capture_beacon = false;
4878
4879	/*
4880	 * Get the AP's legacy and MCS rates.
4881	 */
4882	if (vif->bss_conf.assoc) {
4883		struct ieee80211_sta *ap;
4884
4885		rcu_read_lock();
4886
4887		ap = ieee80211_find_sta(vif, vif->bss_conf.bssid);
4888		if (ap == NULL) {
4889			rcu_read_unlock();
4890			goto out;
4891		}
4892
4893		if (hw->conf.chandef.chan->band == IEEE80211_BAND_2GHZ) {
4894			ap_legacy_rates = ap->supp_rates[IEEE80211_BAND_2GHZ];
4895		} else {
4896			ap_legacy_rates =
4897				ap->supp_rates[IEEE80211_BAND_5GHZ] << 5;
4898		}
4899		memcpy(ap_mcs_rates, ap->ht_cap.mcs.rx_mask, 16);
4900
4901		rcu_read_unlock();
4902	}
4903
4904	if ((changed & BSS_CHANGED_ASSOC) && vif->bss_conf.assoc &&
4905	    !priv->ap_fw) {
4906		rc = mwl8k_cmd_set_rate(hw, vif, ap_legacy_rates, ap_mcs_rates);
4907		if (rc)
4908			goto out;
4909
4910		rc = mwl8k_cmd_use_fixed_rate_sta(hw);
4911		if (rc)
4912			goto out;
4913	} else {
4914		if ((changed & BSS_CHANGED_ASSOC) && vif->bss_conf.assoc &&
4915		    priv->ap_fw) {
4916			int idx;
4917			int rate;
4918
4919			/* Use AP firmware specific rate command.
4920			 */
4921			idx = ffs(vif->bss_conf.basic_rates);
4922			if (idx)
4923				idx--;
4924
4925			if (hw->conf.chandef.chan->band == IEEE80211_BAND_2GHZ)
4926				rate = mwl8k_rates_24[idx].hw_value;
4927			else
4928				rate = mwl8k_rates_50[idx].hw_value;
4929
4930			mwl8k_cmd_use_fixed_rate_ap(hw, rate, rate);
4931		}
4932	}
4933
4934	if (changed & BSS_CHANGED_ERP_PREAMBLE) {
4935		rc = mwl8k_set_radio_preamble(hw,
4936				vif->bss_conf.use_short_preamble);
4937		if (rc)
4938			goto out;
4939	}
4940
4941	if ((changed & BSS_CHANGED_ERP_SLOT) && !priv->ap_fw)  {
4942		rc = mwl8k_cmd_set_slot(hw, vif->bss_conf.use_short_slot);
4943		if (rc)
4944			goto out;
4945	}
4946
4947	if (vif->bss_conf.assoc && !priv->ap_fw &&
4948	    (changed & (BSS_CHANGED_ASSOC | BSS_CHANGED_ERP_CTS_PROT |
4949			BSS_CHANGED_HT))) {
4950		rc = mwl8k_cmd_set_aid(hw, vif, ap_legacy_rates);
4951		if (rc)
4952			goto out;
4953	}
4954
4955	if (vif->bss_conf.assoc &&
4956	    (changed & (BSS_CHANGED_ASSOC | BSS_CHANGED_BEACON_INT))) {
4957		/*
4958		 * Finalize the join.  Tell rx handler to process
4959		 * next beacon from our BSSID.
4960		 */
4961		memcpy(priv->capture_bssid, vif->bss_conf.bssid, ETH_ALEN);
4962		priv->capture_beacon = true;
4963	}
4964
4965out:
4966	mwl8k_fw_unlock(hw);
4967}
4968
4969static void
4970mwl8k_bss_info_changed_ap(struct ieee80211_hw *hw, struct ieee80211_vif *vif,
4971			  struct ieee80211_bss_conf *info, u32 changed)
4972{
4973	int rc;
4974
4975	if (mwl8k_fw_lock(hw))
4976		return;
4977
4978	if (changed & BSS_CHANGED_ERP_PREAMBLE) {
4979		rc = mwl8k_set_radio_preamble(hw,
4980				vif->bss_conf.use_short_preamble);
4981		if (rc)
4982			goto out;
4983	}
4984
4985	if (changed & BSS_CHANGED_BASIC_RATES) {
4986		int idx;
4987		int rate;
4988
4989		/*
4990		 * Use lowest supported basic rate for multicasts
4991		 * and management frames (such as probe responses --
4992		 * beacons will always go out at 1 Mb/s).
4993		 */
4994		idx = ffs(vif->bss_conf.basic_rates);
4995		if (idx)
4996			idx--;
4997
4998		if (hw->conf.chandef.chan->band == IEEE80211_BAND_2GHZ)
4999			rate = mwl8k_rates_24[idx].hw_value;
5000		else
5001			rate = mwl8k_rates_50[idx].hw_value;
5002
5003		mwl8k_cmd_use_fixed_rate_ap(hw, rate, rate);
5004	}
5005
5006	if (changed & (BSS_CHANGED_BEACON_INT | BSS_CHANGED_BEACON)) {
5007		struct sk_buff *skb;
5008
5009		skb = ieee80211_beacon_get(hw, vif);
5010		if (skb != NULL) {
5011			mwl8k_cmd_set_beacon(hw, vif, skb->data, skb->len);
5012			kfree_skb(skb);
5013		}
5014	}
5015
5016	if (changed & BSS_CHANGED_BEACON_ENABLED)
5017		mwl8k_cmd_bss_start(hw, vif, info->enable_beacon);
5018
5019out:
5020	mwl8k_fw_unlock(hw);
5021}
5022
5023static void
5024mwl8k_bss_info_changed(struct ieee80211_hw *hw, struct ieee80211_vif *vif,
5025		       struct ieee80211_bss_conf *info, u32 changed)
5026{
5027	if (vif->type == NL80211_IFTYPE_STATION)
5028		mwl8k_bss_info_changed_sta(hw, vif, info, changed);
5029	if (vif->type == NL80211_IFTYPE_AP)
5030		mwl8k_bss_info_changed_ap(hw, vif, info, changed);
5031}
5032
5033static u64 mwl8k_prepare_multicast(struct ieee80211_hw *hw,
5034				   struct netdev_hw_addr_list *mc_list)
5035{
5036	struct mwl8k_cmd_pkt *cmd;
5037
5038	/*
5039	 * Synthesize and return a command packet that programs the
5040	 * hardware multicast address filter.  At this point we don't
5041	 * know whether FIF_ALLMULTI is being requested, but if it is,
5042	 * we'll end up throwing this packet away and creating a new
5043	 * one in mwl8k_configure_filter().
5044	 */
5045	cmd = __mwl8k_cmd_mac_multicast_adr(hw, 0, mc_list);
5046
5047	return (unsigned long)cmd;
5048}
5049
5050static int
5051mwl8k_configure_filter_sniffer(struct ieee80211_hw *hw,
5052			       unsigned int changed_flags,
5053			       unsigned int *total_flags)
5054{
5055	struct mwl8k_priv *priv = hw->priv;
5056
5057	/*
5058	 * Hardware sniffer mode is mutually exclusive with STA
5059	 * operation, so refuse to enable sniffer mode if a STA
5060	 * interface is active.
5061	 */
5062	if (!list_empty(&priv->vif_list)) {
5063		if (net_ratelimit())
5064			wiphy_info(hw->wiphy,
5065				   "not enabling sniffer mode because STA interface is active\n");
5066		return 0;
5067	}
5068
5069	if (!priv->sniffer_enabled) {
5070		if (mwl8k_cmd_enable_sniffer(hw, 1))
5071			return 0;
5072		priv->sniffer_enabled = true;
5073	}
5074
5075	*total_flags &=	FIF_PROMISC_IN_BSS | FIF_ALLMULTI |
5076			FIF_BCN_PRBRESP_PROMISC | FIF_CONTROL |
5077			FIF_OTHER_BSS;
5078
5079	return 1;
5080}
5081
5082static struct mwl8k_vif *mwl8k_first_vif(struct mwl8k_priv *priv)
5083{
5084	if (!list_empty(&priv->vif_list))
5085		return list_entry(priv->vif_list.next, struct mwl8k_vif, list);
5086
5087	return NULL;
5088}
5089
5090static void mwl8k_configure_filter(struct ieee80211_hw *hw,
5091				   unsigned int changed_flags,
5092				   unsigned int *total_flags,
5093				   u64 multicast)
5094{
5095	struct mwl8k_priv *priv = hw->priv;
5096	struct mwl8k_cmd_pkt *cmd = (void *)(unsigned long)multicast;
5097
5098	/*
5099	 * AP firmware doesn't allow fine-grained control over
5100	 * the receive filter.
5101	 */
5102	if (priv->ap_fw) {
5103		*total_flags &= FIF_ALLMULTI | FIF_BCN_PRBRESP_PROMISC;
5104		kfree(cmd);
5105		return;
5106	}
5107
5108	/*
5109	 * Enable hardware sniffer mode if FIF_CONTROL or
5110	 * FIF_OTHER_BSS is requested.
5111	 */
5112	if (*total_flags & (FIF_CONTROL | FIF_OTHER_BSS) &&
5113	    mwl8k_configure_filter_sniffer(hw, changed_flags, total_flags)) {
5114		kfree(cmd);
5115		return;
5116	}
5117
5118	/* Clear unsupported feature flags */
5119	*total_flags &= FIF_ALLMULTI | FIF_BCN_PRBRESP_PROMISC;
5120
5121	if (mwl8k_fw_lock(hw)) {
5122		kfree(cmd);
5123		return;
5124	}
5125
5126	if (priv->sniffer_enabled) {
5127		mwl8k_cmd_enable_sniffer(hw, 0);
5128		priv->sniffer_enabled = false;
5129	}
5130
5131	if (changed_flags & FIF_BCN_PRBRESP_PROMISC) {
5132		if (*total_flags & FIF_BCN_PRBRESP_PROMISC) {
5133			/*
5134			 * Disable the BSS filter.
5135			 */
5136			mwl8k_cmd_set_pre_scan(hw);
5137		} else {
5138			struct mwl8k_vif *mwl8k_vif;
5139			const u8 *bssid;
5140
5141			/*
5142			 * Enable the BSS filter.
5143			 *
5144			 * If there is an active STA interface, use that
5145			 * interface's BSSID, otherwise use a dummy one
5146			 * (where the OUI part needs to be nonzero for
5147			 * the BSSID to be accepted by POST_SCAN).
5148			 */
5149			mwl8k_vif = mwl8k_first_vif(priv);
5150			if (mwl8k_vif != NULL)
5151				bssid = mwl8k_vif->vif->bss_conf.bssid;
5152			else
5153				bssid = "\x01\x00\x00\x00\x00\x00";
5154
5155			mwl8k_cmd_set_post_scan(hw, bssid);
5156		}
5157	}
5158
5159	/*
5160	 * If FIF_ALLMULTI is being requested, throw away the command
5161	 * packet that ->prepare_multicast() built and replace it with
5162	 * a command packet that enables reception of all multicast
5163	 * packets.
5164	 */
5165	if (*total_flags & FIF_ALLMULTI) {
5166		kfree(cmd);
5167		cmd = __mwl8k_cmd_mac_multicast_adr(hw, 1, NULL);
5168	}
5169
5170	if (cmd != NULL) {
5171		mwl8k_post_cmd(hw, cmd);
5172		kfree(cmd);
5173	}
5174
5175	mwl8k_fw_unlock(hw);
5176}
5177
5178static int mwl8k_set_rts_threshold(struct ieee80211_hw *hw, u32 value)
5179{
5180	return mwl8k_cmd_set_rts_threshold(hw, value);
5181}
5182
5183static int mwl8k_sta_remove(struct ieee80211_hw *hw,
5184			    struct ieee80211_vif *vif,
5185			    struct ieee80211_sta *sta)
5186{
5187	struct mwl8k_priv *priv = hw->priv;
5188
5189	if (priv->ap_fw)
5190		return mwl8k_cmd_set_new_stn_del(hw, vif, sta->addr);
5191	else
5192		return mwl8k_cmd_update_stadb_del(hw, vif, sta->addr);
5193}
5194
5195static int mwl8k_sta_add(struct ieee80211_hw *hw,
5196			 struct ieee80211_vif *vif,
5197			 struct ieee80211_sta *sta)
5198{
5199	struct mwl8k_priv *priv = hw->priv;
5200	int ret;
5201	int i;
5202	struct mwl8k_vif *mwl8k_vif = MWL8K_VIF(vif);
5203	struct ieee80211_key_conf *key;
5204
5205	if (!priv->ap_fw) {
5206		ret = mwl8k_cmd_update_stadb_add(hw, vif, sta);
5207		if (ret >= 0) {
5208			MWL8K_STA(sta)->peer_id = ret;
5209			if (sta->ht_cap.ht_supported)
5210				MWL8K_STA(sta)->is_ampdu_allowed = true;
5211			ret = 0;
5212		}
5213
5214	} else {
5215		ret = mwl8k_cmd_set_new_stn_add(hw, vif, sta);
5216	}
5217
5218	for (i = 0; i < NUM_WEP_KEYS; i++) {
5219		key = IEEE80211_KEY_CONF(mwl8k_vif->wep_key_conf[i].key);
5220		if (mwl8k_vif->wep_key_conf[i].enabled)
5221			mwl8k_set_key(hw, SET_KEY, vif, sta, key);
5222	}
5223	return ret;
5224}
5225
5226static int mwl8k_conf_tx(struct ieee80211_hw *hw,
5227			 struct ieee80211_vif *vif, u16 queue,
5228			 const struct ieee80211_tx_queue_params *params)
5229{
5230	struct mwl8k_priv *priv = hw->priv;
5231	int rc;
5232
5233	rc = mwl8k_fw_lock(hw);
5234	if (!rc) {
5235		BUG_ON(queue > MWL8K_TX_WMM_QUEUES - 1);
5236		memcpy(&priv->wmm_params[queue], params, sizeof(*params));
5237
5238		if (!priv->wmm_enabled)
5239			rc = mwl8k_cmd_set_wmm_mode(hw, 1);
5240
5241		if (!rc) {
5242			int q = MWL8K_TX_WMM_QUEUES - 1 - queue;
5243			rc = mwl8k_cmd_set_edca_params(hw, q,
5244						       params->cw_min,
5245						       params->cw_max,
5246						       params->aifs,
5247						       params->txop);
5248		}
5249
5250		mwl8k_fw_unlock(hw);
5251	}
5252
5253	return rc;
5254}
5255
5256static int mwl8k_get_stats(struct ieee80211_hw *hw,
5257			   struct ieee80211_low_level_stats *stats)
5258{
5259	return mwl8k_cmd_get_stat(hw, stats);
5260}
5261
5262static int mwl8k_get_survey(struct ieee80211_hw *hw, int idx,
5263				struct survey_info *survey)
5264{
5265	struct mwl8k_priv *priv = hw->priv;
5266	struct ieee80211_conf *conf = &hw->conf;
5267
5268	if (idx != 0)
5269		return -ENOENT;
5270
5271	survey->channel = conf->chandef.chan;
5272	survey->filled = SURVEY_INFO_NOISE_DBM;
5273	survey->noise = priv->noise;
5274
5275	return 0;
5276}
5277
5278#define MAX_AMPDU_ATTEMPTS 5
5279
5280static int
5281mwl8k_ampdu_action(struct ieee80211_hw *hw, struct ieee80211_vif *vif,
5282		   enum ieee80211_ampdu_mlme_action action,
5283		   struct ieee80211_sta *sta, u16 tid, u16 *ssn,
5284		   u8 buf_size)
5285{
5286
5287	int i, rc = 0;
5288	struct mwl8k_priv *priv = hw->priv;
5289	struct mwl8k_ampdu_stream *stream;
5290	u8 *addr = sta->addr, idx;
5291	struct mwl8k_sta *sta_info = MWL8K_STA(sta);
5292
5293	if (!(hw->flags & IEEE80211_HW_AMPDU_AGGREGATION))
5294		return -ENOTSUPP;
5295
5296	spin_lock(&priv->stream_lock);
5297	stream = mwl8k_lookup_stream(hw, addr, tid);
5298
5299	switch (action) {
5300	case IEEE80211_AMPDU_RX_START:
5301	case IEEE80211_AMPDU_RX_STOP:
5302		break;
5303	case IEEE80211_AMPDU_TX_START:
5304		/* By the time we get here the hw queues may contain outgoing
5305		 * packets for this RA/TID that are not part of this BA
5306		 * session.  The hw will assign sequence numbers to these
5307		 * packets as they go out.  So if we query the hw for its next
5308		 * sequence number and use that for the SSN here, it may end up
5309		 * being wrong, which will lead to sequence number mismatch at
5310		 * the recipient.  To avoid this, we reset the sequence number
5311		 * to O for the first MPDU in this BA stream.
5312		 */
5313		*ssn = 0;
5314		if (stream == NULL) {
5315			/* This means that somebody outside this driver called
5316			 * ieee80211_start_tx_ba_session.  This is unexpected
5317			 * because we do our own rate control.  Just warn and
5318			 * move on.
5319			 */
5320			wiphy_warn(hw->wiphy, "Unexpected call to %s.  "
5321				   "Proceeding anyway.\n", __func__);
5322			stream = mwl8k_add_stream(hw, sta, tid);
5323		}
5324		if (stream == NULL) {
5325			wiphy_debug(hw->wiphy, "no free AMPDU streams\n");
5326			rc = -EBUSY;
5327			break;
5328		}
5329		stream->state = AMPDU_STREAM_IN_PROGRESS;
5330
5331		/* Release the lock before we do the time consuming stuff */
5332		spin_unlock(&priv->stream_lock);
5333		for (i = 0; i < MAX_AMPDU_ATTEMPTS; i++) {
5334
5335			/* Check if link is still valid */
5336			if (!sta_info->is_ampdu_allowed) {
5337				spin_lock(&priv->stream_lock);
5338				mwl8k_remove_stream(hw, stream);
5339				spin_unlock(&priv->stream_lock);
5340				return -EBUSY;
5341			}
5342
5343			rc = mwl8k_check_ba(hw, stream, vif);
5344
5345			/* If HW restart is in progress mwl8k_post_cmd will
5346			 * return -EBUSY. Avoid retrying mwl8k_check_ba in
5347			 * such cases
5348			 */
5349			if (!rc || rc == -EBUSY)
5350				break;
5351			/*
5352			 * HW queues take time to be flushed, give them
5353			 * sufficient time
5354			 */
5355
5356			msleep(1000);
5357		}
5358		spin_lock(&priv->stream_lock);
5359		if (rc) {
5360			wiphy_err(hw->wiphy, "Stream for tid %d busy after %d"
5361				" attempts\n", tid, MAX_AMPDU_ATTEMPTS);
5362			mwl8k_remove_stream(hw, stream);
5363			rc = -EBUSY;
5364			break;
5365		}
5366		ieee80211_start_tx_ba_cb_irqsafe(vif, addr, tid);
5367		break;
5368	case IEEE80211_AMPDU_TX_STOP_CONT:
5369	case IEEE80211_AMPDU_TX_STOP_FLUSH:
5370	case IEEE80211_AMPDU_TX_STOP_FLUSH_CONT:
5371		if (stream) {
5372			if (stream->state == AMPDU_STREAM_ACTIVE) {
5373				idx = stream->idx;
5374				spin_unlock(&priv->stream_lock);
5375				mwl8k_destroy_ba(hw, idx);
5376				spin_lock(&priv->stream_lock);
5377			}
5378			mwl8k_remove_stream(hw, stream);
5379		}
5380		ieee80211_stop_tx_ba_cb_irqsafe(vif, addr, tid);
5381		break;
5382	case IEEE80211_AMPDU_TX_OPERATIONAL:
5383		BUG_ON(stream == NULL);
5384		BUG_ON(stream->state != AMPDU_STREAM_IN_PROGRESS);
5385		spin_unlock(&priv->stream_lock);
5386		rc = mwl8k_create_ba(hw, stream, buf_size, vif);
5387		spin_lock(&priv->stream_lock);
5388		if (!rc)
5389			stream->state = AMPDU_STREAM_ACTIVE;
5390		else {
5391			idx = stream->idx;
5392			spin_unlock(&priv->stream_lock);
5393			mwl8k_destroy_ba(hw, idx);
5394			spin_lock(&priv->stream_lock);
5395			wiphy_debug(hw->wiphy,
5396				"Failed adding stream for sta %pM tid %d\n",
5397				addr, tid);
5398			mwl8k_remove_stream(hw, stream);
5399		}
5400		break;
5401
5402	default:
5403		rc = -ENOTSUPP;
5404	}
5405
5406	spin_unlock(&priv->stream_lock);
5407	return rc;
5408}
5409
5410static const struct ieee80211_ops mwl8k_ops = {
5411	.tx			= mwl8k_tx,
5412	.start			= mwl8k_start,
5413	.stop			= mwl8k_stop,
5414	.add_interface		= mwl8k_add_interface,
5415	.remove_interface	= mwl8k_remove_interface,
5416	.config			= mwl8k_config,
5417	.bss_info_changed	= mwl8k_bss_info_changed,
5418	.prepare_multicast	= mwl8k_prepare_multicast,
5419	.configure_filter	= mwl8k_configure_filter,
5420	.set_key                = mwl8k_set_key,
5421	.set_rts_threshold	= mwl8k_set_rts_threshold,
5422	.sta_add		= mwl8k_sta_add,
5423	.sta_remove		= mwl8k_sta_remove,
5424	.conf_tx		= mwl8k_conf_tx,
5425	.get_stats		= mwl8k_get_stats,
5426	.get_survey		= mwl8k_get_survey,
5427	.ampdu_action		= mwl8k_ampdu_action,
5428};
5429
5430static void mwl8k_finalize_join_worker(struct work_struct *work)
5431{
5432	struct mwl8k_priv *priv =
5433		container_of(work, struct mwl8k_priv, finalize_join_worker);
5434	struct sk_buff *skb = priv->beacon_skb;
5435	struct ieee80211_mgmt *mgmt = (void *)skb->data;
5436	int len = skb->len - offsetof(struct ieee80211_mgmt, u.beacon.variable);
5437	const u8 *tim = cfg80211_find_ie(WLAN_EID_TIM,
5438					 mgmt->u.beacon.variable, len);
5439	int dtim_period = 1;
5440
5441	if (tim && tim[1] >= 2)
5442		dtim_period = tim[3];
5443
5444	mwl8k_cmd_finalize_join(priv->hw, skb->data, skb->len, dtim_period);
5445
5446	dev_kfree_skb(skb);
5447	priv->beacon_skb = NULL;
5448}
5449
5450enum {
5451	MWL8363 = 0,
5452	MWL8687,
5453	MWL8366,
5454	MWL8764,
5455};
5456
5457#define MWL8K_8366_AP_FW_API 3
5458#define _MWL8K_8366_AP_FW(api) "mwl8k/fmimage_8366_ap-" #api ".fw"
5459#define MWL8K_8366_AP_FW(api) _MWL8K_8366_AP_FW(api)
5460
5461#define MWL8K_8764_AP_FW_API 1
5462#define _MWL8K_8764_AP_FW(api) "mwl8k/fmimage_8764_ap-" #api ".fw"
5463#define MWL8K_8764_AP_FW(api) _MWL8K_8764_AP_FW(api)
5464
5465static struct mwl8k_device_info mwl8k_info_tbl[] = {
5466	[MWL8363] = {
5467		.part_name	= "88w8363",
5468		.helper_image	= "mwl8k/helper_8363.fw",
5469		.fw_image_sta	= "mwl8k/fmimage_8363.fw",
5470	},
5471	[MWL8687] = {
5472		.part_name	= "88w8687",
5473		.helper_image	= "mwl8k/helper_8687.fw",
5474		.fw_image_sta	= "mwl8k/fmimage_8687.fw",
5475	},
5476	[MWL8366] = {
5477		.part_name	= "88w8366",
5478		.helper_image	= "mwl8k/helper_8366.fw",
5479		.fw_image_sta	= "mwl8k/fmimage_8366.fw",
5480		.fw_image_ap	= MWL8K_8366_AP_FW(MWL8K_8366_AP_FW_API),
5481		.fw_api_ap	= MWL8K_8366_AP_FW_API,
5482		.ap_rxd_ops	= &rxd_ap_ops,
5483	},
5484	[MWL8764] = {
5485		.part_name	= "88w8764",
5486		.fw_image_ap	= MWL8K_8764_AP_FW(MWL8K_8764_AP_FW_API),
5487		.fw_api_ap	= MWL8K_8764_AP_FW_API,
5488		.ap_rxd_ops	= &rxd_ap_ops,
5489	},
5490};
5491
5492MODULE_FIRMWARE("mwl8k/helper_8363.fw");
5493MODULE_FIRMWARE("mwl8k/fmimage_8363.fw");
5494MODULE_FIRMWARE("mwl8k/helper_8687.fw");
5495MODULE_FIRMWARE("mwl8k/fmimage_8687.fw");
5496MODULE_FIRMWARE("mwl8k/helper_8366.fw");
5497MODULE_FIRMWARE("mwl8k/fmimage_8366.fw");
5498MODULE_FIRMWARE(MWL8K_8366_AP_FW(MWL8K_8366_AP_FW_API));
5499
5500static DEFINE_PCI_DEVICE_TABLE(mwl8k_pci_id_table) = {
5501	{ PCI_VDEVICE(MARVELL, 0x2a0a), .driver_data = MWL8363, },
5502	{ PCI_VDEVICE(MARVELL, 0x2a0c), .driver_data = MWL8363, },
5503	{ PCI_VDEVICE(MARVELL, 0x2a24), .driver_data = MWL8363, },
5504	{ PCI_VDEVICE(MARVELL, 0x2a2b), .driver_data = MWL8687, },
5505	{ PCI_VDEVICE(MARVELL, 0x2a30), .driver_data = MWL8687, },
5506	{ PCI_VDEVICE(MARVELL, 0x2a40), .driver_data = MWL8366, },
5507	{ PCI_VDEVICE(MARVELL, 0x2a41), .driver_data = MWL8366, },
5508	{ PCI_VDEVICE(MARVELL, 0x2a42), .driver_data = MWL8366, },
5509	{ PCI_VDEVICE(MARVELL, 0x2a43), .driver_data = MWL8366, },
5510	{ PCI_VDEVICE(MARVELL, 0x2b36), .driver_data = MWL8764, },
5511	{ },
5512};
5513MODULE_DEVICE_TABLE(pci, mwl8k_pci_id_table);
5514
5515static int mwl8k_request_alt_fw(struct mwl8k_priv *priv)
5516{
5517	int rc;
5518	printk(KERN_ERR "%s: Error requesting preferred fw %s.\n"
5519	       "Trying alternative firmware %s\n", pci_name(priv->pdev),
5520	       priv->fw_pref, priv->fw_alt);
5521	rc = mwl8k_request_fw(priv, priv->fw_alt, &priv->fw_ucode, true);
5522	if (rc) {
5523		printk(KERN_ERR "%s: Error requesting alt fw %s\n",
5524		       pci_name(priv->pdev), priv->fw_alt);
5525		return rc;
5526	}
5527	return 0;
5528}
5529
5530static int mwl8k_firmware_load_success(struct mwl8k_priv *priv);
5531static void mwl8k_fw_state_machine(const struct firmware *fw, void *context)
5532{
5533	struct mwl8k_priv *priv = context;
5534	struct mwl8k_device_info *di = priv->device_info;
5535	int rc;
5536
5537	switch (priv->fw_state) {
5538	case FW_STATE_INIT:
5539		if (!fw) {
5540			printk(KERN_ERR "%s: Error requesting helper fw %s\n",
5541			       pci_name(priv->pdev), di->helper_image);
5542			goto fail;
5543		}
5544		priv->fw_helper = fw;
5545		rc = mwl8k_request_fw(priv, priv->fw_pref, &priv->fw_ucode,
5546				      true);
5547		if (rc && priv->fw_alt) {
5548			rc = mwl8k_request_alt_fw(priv);
5549			if (rc)
5550				goto fail;
5551			priv->fw_state = FW_STATE_LOADING_ALT;
5552		} else if (rc)
5553			goto fail;
5554		else
5555			priv->fw_state = FW_STATE_LOADING_PREF;
5556		break;
5557
5558	case FW_STATE_LOADING_PREF:
5559		if (!fw) {
5560			if (priv->fw_alt) {
5561				rc = mwl8k_request_alt_fw(priv);
5562				if (rc)
5563					goto fail;
5564				priv->fw_state = FW_STATE_LOADING_ALT;
5565			} else
5566				goto fail;
5567		} else {
5568			priv->fw_ucode = fw;
5569			rc = mwl8k_firmware_load_success(priv);
5570			if (rc)
5571				goto fail;
5572			else
5573				complete(&priv->firmware_loading_complete);
5574		}
5575		break;
5576
5577	case FW_STATE_LOADING_ALT:
5578		if (!fw) {
5579			printk(KERN_ERR "%s: Error requesting alt fw %s\n",
5580			       pci_name(priv->pdev), di->helper_image);
5581			goto fail;
5582		}
5583		priv->fw_ucode = fw;
5584		rc = mwl8k_firmware_load_success(priv);
5585		if (rc)
5586			goto fail;
5587		else
5588			complete(&priv->firmware_loading_complete);
5589		break;
5590
5591	default:
5592		printk(KERN_ERR "%s: Unexpected firmware loading state: %d\n",
5593		       MWL8K_NAME, priv->fw_state);
5594		BUG_ON(1);
5595	}
5596
5597	return;
5598
5599fail:
5600	priv->fw_state = FW_STATE_ERROR;
5601	complete(&priv->firmware_loading_complete);
5602	device_release_driver(&priv->pdev->dev);
5603	mwl8k_release_firmware(priv);
5604}
5605
5606#define MAX_RESTART_ATTEMPTS 1
5607static int mwl8k_init_firmware(struct ieee80211_hw *hw, char *fw_image,
5608			       bool nowait)
5609{
5610	struct mwl8k_priv *priv = hw->priv;
5611	int rc;
5612	int count = MAX_RESTART_ATTEMPTS;
5613
5614retry:
5615	/* Reset firmware and hardware */
5616	mwl8k_hw_reset(priv);
5617
5618	/* Ask userland hotplug daemon for the device firmware */
5619	rc = mwl8k_request_firmware(priv, fw_image, nowait);
5620	if (rc) {
5621		wiphy_err(hw->wiphy, "Firmware files not found\n");
5622		return rc;
5623	}
5624
5625	if (nowait)
5626		return rc;
5627
5628	/* Load firmware into hardware */
5629	rc = mwl8k_load_firmware(hw);
5630	if (rc)
5631		wiphy_err(hw->wiphy, "Cannot start firmware\n");
5632
5633	/* Reclaim memory once firmware is successfully loaded */
5634	mwl8k_release_firmware(priv);
5635
5636	if (rc && count) {
5637		/* FW did not start successfully;
5638		 * lets try one more time
5639		 */
5640		count--;
5641		wiphy_err(hw->wiphy, "Trying to reload the firmware again\n");
5642		msleep(20);
5643		goto retry;
5644	}
5645
5646	return rc;
5647}
5648
5649static int mwl8k_init_txqs(struct ieee80211_hw *hw)
5650{
5651	struct mwl8k_priv *priv = hw->priv;
5652	int rc = 0;
5653	int i;
5654
5655	for (i = 0; i < mwl8k_tx_queues(priv); i++) {
5656		rc = mwl8k_txq_init(hw, i);
5657		if (rc)
5658			break;
5659		if (priv->ap_fw)
5660			iowrite32(priv->txq[i].txd_dma,
5661				  priv->sram + priv->txq_offset[i]);
5662	}
5663	return rc;
5664}
5665
5666/* initialize hw after successfully loading a firmware image */
5667static int mwl8k_probe_hw(struct ieee80211_hw *hw)
5668{
5669	struct mwl8k_priv *priv = hw->priv;
5670	int rc = 0;
5671	int i;
5672
5673	if (priv->ap_fw) {
5674		priv->rxd_ops = priv->device_info->ap_rxd_ops;
5675		if (priv->rxd_ops == NULL) {
5676			wiphy_err(hw->wiphy,
5677				  "Driver does not have AP firmware image support for this hardware\n");
5678			rc = -ENOENT;
5679			goto err_stop_firmware;
5680		}
5681	} else {
5682		priv->rxd_ops = &rxd_sta_ops;
5683	}
5684
5685	priv->sniffer_enabled = false;
5686	priv->wmm_enabled = false;
5687	priv->pending_tx_pkts = 0;
5688	atomic_set(&priv->watchdog_event_pending, 0);
5689
5690	rc = mwl8k_rxq_init(hw, 0);
5691	if (rc)
5692		goto err_stop_firmware;
5693	rxq_refill(hw, 0, INT_MAX);
5694
5695	/* For the sta firmware, we need to know the dma addresses of tx queues
5696	 * before sending MWL8K_CMD_GET_HW_SPEC.  So we must initialize them
5697	 * prior to issuing this command.  But for the AP case, we learn the
5698	 * total number of queues from the result CMD_GET_HW_SPEC, so for this
5699	 * case we must initialize the tx queues after.
5700	 */
5701	priv->num_ampdu_queues = 0;
5702	if (!priv->ap_fw) {
5703		rc = mwl8k_init_txqs(hw);
5704		if (rc)
5705			goto err_free_queues;
5706	}
5707
5708	iowrite32(0, priv->regs + MWL8K_HIU_A2H_INTERRUPT_STATUS);
5709	iowrite32(0, priv->regs + MWL8K_HIU_A2H_INTERRUPT_MASK);
5710	iowrite32(MWL8K_A2H_INT_TX_DONE|MWL8K_A2H_INT_RX_READY|
5711		  MWL8K_A2H_INT_BA_WATCHDOG,
5712		  priv->regs + MWL8K_HIU_A2H_INTERRUPT_CLEAR_SEL);
5713	iowrite32(MWL8K_A2H_INT_OPC_DONE,
5714		  priv->regs + MWL8K_HIU_A2H_INTERRUPT_STATUS_MASK);
5715
5716	rc = request_irq(priv->pdev->irq, mwl8k_interrupt,
5717			 IRQF_SHARED, MWL8K_NAME, hw);
5718	if (rc) {
5719		wiphy_err(hw->wiphy, "failed to register IRQ handler\n");
5720		goto err_free_queues;
5721	}
5722
5723	/*
5724	 * When hw restart is requested,
5725	 * mac80211 will take care of clearing
5726	 * the ampdu streams, so do not clear
5727	 * the ampdu state here
5728	 */
5729	if (!priv->hw_restart_in_progress)
5730		memset(priv->ampdu, 0, sizeof(priv->ampdu));
5731
5732	/*
5733	 * Temporarily enable interrupts.  Initial firmware host
5734	 * commands use interrupts and avoid polling.  Disable
5735	 * interrupts when done.
5736	 */
5737	iowrite32(MWL8K_A2H_EVENTS, priv->regs + MWL8K_HIU_A2H_INTERRUPT_MASK);
5738
5739	/* Get config data, mac addrs etc */
5740	if (priv->ap_fw) {
5741		rc = mwl8k_cmd_get_hw_spec_ap(hw);
5742		if (!rc)
5743			rc = mwl8k_init_txqs(hw);
5744		if (!rc)
5745			rc = mwl8k_cmd_set_hw_spec(hw);
5746	} else {
5747		rc = mwl8k_cmd_get_hw_spec_sta(hw);
5748	}
5749	if (rc) {
5750		wiphy_err(hw->wiphy, "Cannot initialise firmware\n");
5751		goto err_free_irq;
5752	}
5753
5754	/* Turn radio off */
5755	rc = mwl8k_cmd_radio_disable(hw);
5756	if (rc) {
5757		wiphy_err(hw->wiphy, "Cannot disable\n");
5758		goto err_free_irq;
5759	}
5760
5761	/* Clear MAC address */
5762	rc = mwl8k_cmd_set_mac_addr(hw, NULL, "\x00\x00\x00\x00\x00\x00");
5763	if (rc) {
5764		wiphy_err(hw->wiphy, "Cannot clear MAC address\n");
5765		goto err_free_irq;
5766	}
5767
5768	/* Configure Antennas */
5769	rc = mwl8k_cmd_rf_antenna(hw, MWL8K_RF_ANTENNA_RX, 0x3);
5770	if (rc)
5771		wiphy_warn(hw->wiphy, "failed to set # of RX antennas");
5772	rc = mwl8k_cmd_rf_antenna(hw, MWL8K_RF_ANTENNA_TX, 0x7);
5773	if (rc)
5774		wiphy_warn(hw->wiphy, "failed to set # of TX antennas");
5775
5776
5777	/* Disable interrupts */
5778	iowrite32(0, priv->regs + MWL8K_HIU_A2H_INTERRUPT_MASK);
5779	free_irq(priv->pdev->irq, hw);
5780
5781	wiphy_info(hw->wiphy, "%s v%d, %pm, %s firmware %u.%u.%u.%u\n",
5782		   priv->device_info->part_name,
5783		   priv->hw_rev, hw->wiphy->perm_addr,
5784		   priv->ap_fw ? "AP" : "STA",
5785		   (priv->fw_rev >> 24) & 0xff, (priv->fw_rev >> 16) & 0xff,
5786		   (priv->fw_rev >> 8) & 0xff, priv->fw_rev & 0xff);
5787
5788	return 0;
5789
5790err_free_irq:
5791	iowrite32(0, priv->regs + MWL8K_HIU_A2H_INTERRUPT_MASK);
5792	free_irq(priv->pdev->irq, hw);
5793
5794err_free_queues:
5795	for (i = 0; i < mwl8k_tx_queues(priv); i++)
5796		mwl8k_txq_deinit(hw, i);
5797	mwl8k_rxq_deinit(hw, 0);
5798
5799err_stop_firmware:
5800	mwl8k_hw_reset(priv);
5801
5802	return rc;
5803}
5804
5805/*
5806 * invoke mwl8k_reload_firmware to change the firmware image after the device
5807 * has already been registered
5808 */
5809static int mwl8k_reload_firmware(struct ieee80211_hw *hw, char *fw_image)
5810{
5811	int i, rc = 0;
5812	struct mwl8k_priv *priv = hw->priv;
5813	struct mwl8k_vif *vif, *tmp_vif;
5814
5815	mwl8k_stop(hw);
5816	mwl8k_rxq_deinit(hw, 0);
5817
5818	/*
5819	 * All the existing interfaces are re-added by the ieee80211_reconfig;
5820	 * which means driver should remove existing interfaces before calling
5821	 * ieee80211_restart_hw
5822	 */
5823	if (priv->hw_restart_in_progress)
5824		list_for_each_entry_safe(vif, tmp_vif, &priv->vif_list, list)
5825			mwl8k_remove_vif(priv, vif);
5826
5827	for (i = 0; i < mwl8k_tx_queues(priv); i++)
5828		mwl8k_txq_deinit(hw, i);
5829
5830	rc = mwl8k_init_firmware(hw, fw_image, false);
5831	if (rc)
5832		goto fail;
5833
5834	rc = mwl8k_probe_hw(hw);
5835	if (rc)
5836		goto fail;
5837
5838	if (priv->hw_restart_in_progress)
5839		return rc;
5840
5841	rc = mwl8k_start(hw);
5842	if (rc)
5843		goto fail;
5844
5845	rc = mwl8k_config(hw, ~0);
5846	if (rc)
5847		goto fail;
5848
5849	for (i = 0; i < MWL8K_TX_WMM_QUEUES; i++) {
5850		rc = mwl8k_conf_tx(hw, NULL, i, &priv->wmm_params[i]);
5851		if (rc)
5852			goto fail;
5853	}
5854
5855	return rc;
5856
5857fail:
5858	printk(KERN_WARNING "mwl8k: Failed to reload firmware image.\n");
5859	return rc;
5860}
5861
5862static const struct ieee80211_iface_limit ap_if_limits[] = {
5863	{ .max = 8,	.types = BIT(NL80211_IFTYPE_AP) },
5864	{ .max = 1,	.types = BIT(NL80211_IFTYPE_STATION) },
5865};
5866
5867static const struct ieee80211_iface_combination ap_if_comb = {
5868	.limits = ap_if_limits,
5869	.n_limits = ARRAY_SIZE(ap_if_limits),
5870	.max_interfaces = 8,
5871	.num_different_channels = 1,
5872};
5873
5874
5875static int mwl8k_firmware_load_success(struct mwl8k_priv *priv)
5876{
5877	struct ieee80211_hw *hw = priv->hw;
5878	int i, rc;
5879
5880	rc = mwl8k_load_firmware(hw);
5881	mwl8k_release_firmware(priv);
5882	if (rc) {
5883		wiphy_err(hw->wiphy, "Cannot start firmware\n");
5884		return rc;
5885	}
5886
5887	/*
5888	 * Extra headroom is the size of the required DMA header
5889	 * minus the size of the smallest 802.11 frame (CTS frame).
5890	 */
5891	hw->extra_tx_headroom =
5892		sizeof(struct mwl8k_dma_data) - sizeof(struct ieee80211_cts);
5893
5894	hw->extra_tx_headroom -= priv->ap_fw ? REDUCED_TX_HEADROOM : 0;
5895
5896	hw->channel_change_time = 10;
5897
5898	hw->queues = MWL8K_TX_WMM_QUEUES;
5899
5900	/* Set rssi values to dBm */
5901	hw->flags |= IEEE80211_HW_SIGNAL_DBM | IEEE80211_HW_HAS_RATE_CONTROL;
5902
5903	/*
5904	 * Ask mac80211 to not to trigger PS mode
5905	 * based on PM bit of incoming frames.
5906	 */
5907	if (priv->ap_fw)
5908		hw->flags |= IEEE80211_HW_AP_LINK_PS;
5909
5910	hw->vif_data_size = sizeof(struct mwl8k_vif);
5911	hw->sta_data_size = sizeof(struct mwl8k_sta);
5912
5913	priv->macids_used = 0;
5914	INIT_LIST_HEAD(&priv->vif_list);
5915
5916	/* Set default radio state and preamble */
5917	priv->radio_on = false;
5918	priv->radio_short_preamble = false;
5919
5920	/* Finalize join worker */
5921	INIT_WORK(&priv->finalize_join_worker, mwl8k_finalize_join_worker);
5922	/* Handle watchdog ba events */
5923	INIT_WORK(&priv->watchdog_ba_handle, mwl8k_watchdog_ba_events);
5924	/* To reload the firmware if it crashes */
5925	INIT_WORK(&priv->fw_reload, mwl8k_hw_restart_work);
5926
5927	/* TX reclaim and RX tasklets.  */
5928	tasklet_init(&priv->poll_tx_task, mwl8k_tx_poll, (unsigned long)hw);
5929	tasklet_disable(&priv->poll_tx_task);
5930	tasklet_init(&priv->poll_rx_task, mwl8k_rx_poll, (unsigned long)hw);
5931	tasklet_disable(&priv->poll_rx_task);
5932
5933	/* Power management cookie */
5934	priv->cookie = pci_alloc_consistent(priv->pdev, 4, &priv->cookie_dma);
5935	if (priv->cookie == NULL)
5936		return -ENOMEM;
5937
5938	mutex_init(&priv->fw_mutex);
5939	priv->fw_mutex_owner = NULL;
5940	priv->fw_mutex_depth = 0;
5941	priv->hostcmd_wait = NULL;
5942
5943	spin_lock_init(&priv->tx_lock);
5944
5945	spin_lock_init(&priv->stream_lock);
5946
5947	priv->tx_wait = NULL;
5948
5949	rc = mwl8k_probe_hw(hw);
5950	if (rc)
5951		goto err_free_cookie;
5952
5953	hw->wiphy->interface_modes = 0;
5954
5955	if (priv->ap_macids_supported || priv->device_info->fw_image_ap) {
5956		hw->wiphy->interface_modes |= BIT(NL80211_IFTYPE_AP);
5957		hw->wiphy->interface_modes |= BIT(NL80211_IFTYPE_STATION);
5958		hw->wiphy->iface_combinations = &ap_if_comb;
5959		hw->wiphy->n_iface_combinations = 1;
5960	}
5961
5962	if (priv->sta_macids_supported || priv->device_info->fw_image_sta)
5963		hw->wiphy->interface_modes |= BIT(NL80211_IFTYPE_STATION);
5964
5965	rc = ieee80211_register_hw(hw);
5966	if (rc) {
5967		wiphy_err(hw->wiphy, "Cannot register device\n");
5968		goto err_unprobe_hw;
5969	}
5970
5971	return 0;
5972
5973err_unprobe_hw:
5974	for (i = 0; i < mwl8k_tx_queues(priv); i++)
5975		mwl8k_txq_deinit(hw, i);
5976	mwl8k_rxq_deinit(hw, 0);
5977
5978err_free_cookie:
5979	if (priv->cookie != NULL)
5980		pci_free_consistent(priv->pdev, 4,
5981				priv->cookie, priv->cookie_dma);
5982
5983	return rc;
5984}
5985static int mwl8k_probe(struct pci_dev *pdev,
5986				 const struct pci_device_id *id)
5987{
5988	static int printed_version;
5989	struct ieee80211_hw *hw;
5990	struct mwl8k_priv *priv;
5991	struct mwl8k_device_info *di;
5992	int rc;
5993
5994	if (!printed_version) {
5995		printk(KERN_INFO "%s version %s\n", MWL8K_DESC, MWL8K_VERSION);
5996		printed_version = 1;
5997	}
5998
5999
6000	rc = pci_enable_device(pdev);
6001	if (rc) {
6002		printk(KERN_ERR "%s: Cannot enable new PCI device\n",
6003		       MWL8K_NAME);
6004		return rc;
6005	}
6006
6007	rc = pci_request_regions(pdev, MWL8K_NAME);
6008	if (rc) {
6009		printk(KERN_ERR "%s: Cannot obtain PCI resources\n",
6010		       MWL8K_NAME);
6011		goto err_disable_device;
6012	}
6013
6014	pci_set_master(pdev);
6015
6016
6017	hw = ieee80211_alloc_hw(sizeof(*priv), &mwl8k_ops);
6018	if (hw == NULL) {
6019		printk(KERN_ERR "%s: ieee80211 alloc failed\n", MWL8K_NAME);
6020		rc = -ENOMEM;
6021		goto err_free_reg;
6022	}
6023
6024	SET_IEEE80211_DEV(hw, &pdev->dev);
6025	pci_set_drvdata(pdev, hw);
6026
6027	priv = hw->priv;
6028	priv->hw = hw;
6029	priv->pdev = pdev;
6030	priv->device_info = &mwl8k_info_tbl[id->driver_data];
6031
6032	if (id->driver_data == MWL8764)
6033		priv->is_8764 = true;
6034
6035	priv->sram = pci_iomap(pdev, 0, 0x10000);
6036	if (priv->sram == NULL) {
6037		wiphy_err(hw->wiphy, "Cannot map device SRAM\n");
6038		rc = -EIO;
6039		goto err_iounmap;
6040	}
6041
6042	/*
6043	 * If BAR0 is a 32 bit BAR, the register BAR will be BAR1.
6044	 * If BAR0 is a 64 bit BAR, the register BAR will be BAR2.
6045	 */
6046	priv->regs = pci_iomap(pdev, 1, 0x10000);
6047	if (priv->regs == NULL) {
6048		priv->regs = pci_iomap(pdev, 2, 0x10000);
6049		if (priv->regs == NULL) {
6050			wiphy_err(hw->wiphy, "Cannot map device registers\n");
6051			rc = -EIO;
6052			goto err_iounmap;
6053		}
6054	}
6055
6056	/*
6057	 * Choose the initial fw image depending on user input.  If a second
6058	 * image is available, make it the alternative image that will be
6059	 * loaded if the first one fails.
6060	 */
6061	init_completion(&priv->firmware_loading_complete);
6062	di = priv->device_info;
6063	if (ap_mode_default && di->fw_image_ap) {
6064		priv->fw_pref = di->fw_image_ap;
6065		priv->fw_alt = di->fw_image_sta;
6066	} else if (!ap_mode_default && di->fw_image_sta) {
6067		priv->fw_pref = di->fw_image_sta;
6068		priv->fw_alt = di->fw_image_ap;
6069	} else if (ap_mode_default && !di->fw_image_ap && di->fw_image_sta) {
6070		printk(KERN_WARNING "AP fw is unavailable.  Using STA fw.");
6071		priv->fw_pref = di->fw_image_sta;
6072	} else if (!ap_mode_default && !di->fw_image_sta && di->fw_image_ap) {
6073		printk(KERN_WARNING "STA fw is unavailable.  Using AP fw.");
6074		priv->fw_pref = di->fw_image_ap;
6075	}
6076	rc = mwl8k_init_firmware(hw, priv->fw_pref, true);
6077	if (rc)
6078		goto err_stop_firmware;
6079
6080	priv->hw_restart_in_progress = false;
6081
6082	priv->running_bsses = 0;
6083
6084	return rc;
6085
6086err_stop_firmware:
6087	mwl8k_hw_reset(priv);
6088
6089err_iounmap:
6090	if (priv->regs != NULL)
6091		pci_iounmap(pdev, priv->regs);
6092
6093	if (priv->sram != NULL)
6094		pci_iounmap(pdev, priv->sram);
6095
6096	ieee80211_free_hw(hw);
6097
6098err_free_reg:
6099	pci_release_regions(pdev);
6100
6101err_disable_device:
6102	pci_disable_device(pdev);
6103
6104	return rc;
6105}
6106
6107static void mwl8k_remove(struct pci_dev *pdev)
6108{
6109	struct ieee80211_hw *hw = pci_get_drvdata(pdev);
6110	struct mwl8k_priv *priv;
6111	int i;
6112
6113	if (hw == NULL)
6114		return;
6115	priv = hw->priv;
6116
6117	wait_for_completion(&priv->firmware_loading_complete);
6118
6119	if (priv->fw_state == FW_STATE_ERROR) {
6120		mwl8k_hw_reset(priv);
6121		goto unmap;
6122	}
6123
6124	ieee80211_stop_queues(hw);
6125
6126	ieee80211_unregister_hw(hw);
6127
6128	/* Remove TX reclaim and RX tasklets.  */
6129	tasklet_kill(&priv->poll_tx_task);
6130	tasklet_kill(&priv->poll_rx_task);
6131
6132	/* Stop hardware */
6133	mwl8k_hw_reset(priv);
6134
6135	/* Return all skbs to mac80211 */
6136	for (i = 0; i < mwl8k_tx_queues(priv); i++)
6137		mwl8k_txq_reclaim(hw, i, INT_MAX, 1);
6138
6139	for (i = 0; i < mwl8k_tx_queues(priv); i++)
6140		mwl8k_txq_deinit(hw, i);
6141
6142	mwl8k_rxq_deinit(hw, 0);
6143
6144	pci_free_consistent(priv->pdev, 4, priv->cookie, priv->cookie_dma);
6145
6146unmap:
6147	pci_iounmap(pdev, priv->regs);
6148	pci_iounmap(pdev, priv->sram);
6149	ieee80211_free_hw(hw);
6150	pci_release_regions(pdev);
6151	pci_disable_device(pdev);
6152}
6153
6154static struct pci_driver mwl8k_driver = {
6155	.name		= MWL8K_NAME,
6156	.id_table	= mwl8k_pci_id_table,
6157	.probe		= mwl8k_probe,
6158	.remove		= mwl8k_remove,
6159};
6160
6161module_pci_driver(mwl8k_driver);
6162
6163MODULE_DESCRIPTION(MWL8K_DESC);
6164MODULE_VERSION(MWL8K_VERSION);
6165MODULE_AUTHOR("Lennert Buytenhek <buytenh@marvell.com>");
6166MODULE_LICENSE("GPL");
Configure Feed

Configure Feed
