drivers/net/wireless/mwl8k.c at v3.6-rc2

tjh.dev / kernel
fork
Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel os linux
fork
kernel / drivers / net / wireless / mwl8k.c
at v3.6-rc2 5904 lines 145 kB view raw
wrap content
   1/*
   2 * drivers/net/wireless/mwl8k.c
   3 * Driver for Marvell TOPDOG 802.11 Wireless cards
   4 *
   5 * Copyright (C) 2008, 2009, 2010 Marvell Semiconductor Inc.
   6 *
   7 * This file is licensed under the terms of the GNU General Public
   8 * License version 2.  This program is licensed "as is" without any
   9 * warranty of any kind, whether express or implied.
  10 */
  11
  12#include <linux/init.h>
  13#include <linux/interrupt.h>
  14#include <linux/module.h>
  15#include <linux/kernel.h>
  16#include <linux/sched.h>
  17#include <linux/spinlock.h>
  18#include <linux/list.h>
  19#include <linux/pci.h>
  20#include <linux/delay.h>
  21#include <linux/completion.h>
  22#include <linux/etherdevice.h>
  23#include <linux/slab.h>
  24#include <net/mac80211.h>
  25#include <linux/moduleparam.h>
  26#include <linux/firmware.h>
  27#include <linux/workqueue.h>
  28
  29#define MWL8K_DESC	"Marvell TOPDOG(R) 802.11 Wireless Network Driver"
  30#define MWL8K_NAME	KBUILD_MODNAME
  31#define MWL8K_VERSION	"0.13"
  32
  33/* Module parameters */
  34static bool ap_mode_default;
  35module_param(ap_mode_default, bool, 0);
  36MODULE_PARM_DESC(ap_mode_default,
  37		 "Set to 1 to make ap mode the default instead of sta mode");
  38
  39/* Register definitions */
  40#define MWL8K_HIU_GEN_PTR			0x00000c10
  41#define  MWL8K_MODE_STA				 0x0000005a
  42#define  MWL8K_MODE_AP				 0x000000a5
  43#define MWL8K_HIU_INT_CODE			0x00000c14
  44#define  MWL8K_FWSTA_READY			 0xf0f1f2f4
  45#define  MWL8K_FWAP_READY			 0xf1f2f4a5
  46#define  MWL8K_INT_CODE_CMD_FINISHED		 0x00000005
  47#define MWL8K_HIU_SCRATCH			0x00000c40
  48
  49/* Host->device communications */
  50#define MWL8K_HIU_H2A_INTERRUPT_EVENTS		0x00000c18
  51#define MWL8K_HIU_H2A_INTERRUPT_STATUS		0x00000c1c
  52#define MWL8K_HIU_H2A_INTERRUPT_MASK		0x00000c20
  53#define MWL8K_HIU_H2A_INTERRUPT_CLEAR_SEL	0x00000c24
  54#define MWL8K_HIU_H2A_INTERRUPT_STATUS_MASK	0x00000c28
  55#define  MWL8K_H2A_INT_DUMMY			 (1 << 20)
  56#define  MWL8K_H2A_INT_RESET			 (1 << 15)
  57#define  MWL8K_H2A_INT_DOORBELL			 (1 << 1)
  58#define  MWL8K_H2A_INT_PPA_READY		 (1 << 0)
  59
  60/* Device->host communications */
  61#define MWL8K_HIU_A2H_INTERRUPT_EVENTS		0x00000c2c
  62#define MWL8K_HIU_A2H_INTERRUPT_STATUS		0x00000c30
  63#define MWL8K_HIU_A2H_INTERRUPT_MASK		0x00000c34
  64#define MWL8K_HIU_A2H_INTERRUPT_CLEAR_SEL	0x00000c38
  65#define MWL8K_HIU_A2H_INTERRUPT_STATUS_MASK	0x00000c3c
  66#define  MWL8K_A2H_INT_DUMMY			 (1 << 20)
  67#define  MWL8K_A2H_INT_BA_WATCHDOG		 (1 << 14)
  68#define  MWL8K_A2H_INT_CHNL_SWITCHED		 (1 << 11)
  69#define  MWL8K_A2H_INT_QUEUE_EMPTY		 (1 << 10)
  70#define  MWL8K_A2H_INT_RADAR_DETECT		 (1 << 7)
  71#define  MWL8K_A2H_INT_RADIO_ON			 (1 << 6)
  72#define  MWL8K_A2H_INT_RADIO_OFF		 (1 << 5)
  73#define  MWL8K_A2H_INT_MAC_EVENT		 (1 << 3)
  74#define  MWL8K_A2H_INT_OPC_DONE			 (1 << 2)
  75#define  MWL8K_A2H_INT_RX_READY			 (1 << 1)
  76#define  MWL8K_A2H_INT_TX_DONE			 (1 << 0)
  77
  78/* HW micro second timer register
  79 * located at offset 0xA600. This
  80 * will be used to timestamp tx
  81 * packets.
  82 */
  83
  84#define	MWL8K_HW_TIMER_REGISTER			0x0000a600
  85
  86#define MWL8K_A2H_EVENTS	(MWL8K_A2H_INT_DUMMY | \
  87				 MWL8K_A2H_INT_CHNL_SWITCHED | \
  88				 MWL8K_A2H_INT_QUEUE_EMPTY | \
  89				 MWL8K_A2H_INT_RADAR_DETECT | \
  90				 MWL8K_A2H_INT_RADIO_ON | \
  91				 MWL8K_A2H_INT_RADIO_OFF | \
  92				 MWL8K_A2H_INT_MAC_EVENT | \
  93				 MWL8K_A2H_INT_OPC_DONE | \
  94				 MWL8K_A2H_INT_RX_READY | \
  95				 MWL8K_A2H_INT_TX_DONE | \
  96				 MWL8K_A2H_INT_BA_WATCHDOG)
  97
  98#define MWL8K_RX_QUEUES		1
  99#define MWL8K_TX_WMM_QUEUES	4
 100#define MWL8K_MAX_AMPDU_QUEUES	8
 101#define MWL8K_MAX_TX_QUEUES	(MWL8K_TX_WMM_QUEUES + MWL8K_MAX_AMPDU_QUEUES)
 102#define mwl8k_tx_queues(priv)	(MWL8K_TX_WMM_QUEUES + (priv)->num_ampdu_queues)
 103
 104struct rxd_ops {
 105	int rxd_size;
 106	void (*rxd_init)(void *rxd, dma_addr_t next_dma_addr);
 107	void (*rxd_refill)(void *rxd, dma_addr_t addr, int len);
 108	int (*rxd_process)(void *rxd, struct ieee80211_rx_status *status,
 109			   __le16 *qos, s8 *noise);
 110};
 111
 112struct mwl8k_device_info {
 113	char *part_name;
 114	char *helper_image;
 115	char *fw_image_sta;
 116	char *fw_image_ap;
 117	struct rxd_ops *ap_rxd_ops;
 118	u32 fw_api_ap;
 119};
 120
 121struct mwl8k_rx_queue {
 122	int rxd_count;
 123
 124	/* hw receives here */
 125	int head;
 126
 127	/* refill descs here */
 128	int tail;
 129
 130	void *rxd;
 131	dma_addr_t rxd_dma;
 132	struct {
 133		struct sk_buff *skb;
 134		DEFINE_DMA_UNMAP_ADDR(dma);
 135	} *buf;
 136};
 137
 138struct mwl8k_tx_queue {
 139	/* hw transmits here */
 140	int head;
 141
 142	/* sw appends here */
 143	int tail;
 144
 145	unsigned int len;
 146	struct mwl8k_tx_desc *txd;
 147	dma_addr_t txd_dma;
 148	struct sk_buff **skb;
 149};
 150
 151enum {
 152	AMPDU_NO_STREAM,
 153	AMPDU_STREAM_NEW,
 154	AMPDU_STREAM_IN_PROGRESS,
 155	AMPDU_STREAM_ACTIVE,
 156};
 157
 158struct mwl8k_ampdu_stream {
 159	struct ieee80211_sta *sta;
 160	u8 tid;
 161	u8 state;
 162	u8 idx;
 163	u8 txq_idx; /* index of this stream in priv->txq */
 164};
 165
 166struct mwl8k_priv {
 167	struct ieee80211_hw *hw;
 168	struct pci_dev *pdev;
 169	int irq;
 170
 171	struct mwl8k_device_info *device_info;
 172
 173	void __iomem *sram;
 174	void __iomem *regs;
 175
 176	/* firmware */
 177	const struct firmware *fw_helper;
 178	const struct firmware *fw_ucode;
 179
 180	/* hardware/firmware parameters */
 181	bool ap_fw;
 182	struct rxd_ops *rxd_ops;
 183	struct ieee80211_supported_band band_24;
 184	struct ieee80211_channel channels_24[14];
 185	struct ieee80211_rate rates_24[14];
 186	struct ieee80211_supported_band band_50;
 187	struct ieee80211_channel channels_50[4];
 188	struct ieee80211_rate rates_50[9];
 189	u32 ap_macids_supported;
 190	u32 sta_macids_supported;
 191
 192	/* Ampdu stream information */
 193	u8 num_ampdu_queues;
 194	spinlock_t stream_lock;
 195	struct mwl8k_ampdu_stream ampdu[MWL8K_MAX_AMPDU_QUEUES];
 196	struct work_struct watchdog_ba_handle;
 197
 198	/* firmware access */
 199	struct mutex fw_mutex;
 200	struct task_struct *fw_mutex_owner;
 201	struct task_struct *hw_restart_owner;
 202	int fw_mutex_depth;
 203	struct completion *hostcmd_wait;
 204
 205	/* lock held over TX and TX reap */
 206	spinlock_t tx_lock;
 207
 208	/* TX quiesce completion, protected by fw_mutex and tx_lock */
 209	struct completion *tx_wait;
 210
 211	/* List of interfaces.  */
 212	u32 macids_used;
 213	struct list_head vif_list;
 214
 215	/* power management status cookie from firmware */
 216	u32 *cookie;
 217	dma_addr_t cookie_dma;
 218
 219	u16 num_mcaddrs;
 220	u8 hw_rev;
 221	u32 fw_rev;
 222
 223	/*
 224	 * Running count of TX packets in flight, to avoid
 225	 * iterating over the transmit rings each time.
 226	 */
 227	int pending_tx_pkts;
 228
 229	struct mwl8k_rx_queue rxq[MWL8K_RX_QUEUES];
 230	struct mwl8k_tx_queue txq[MWL8K_MAX_TX_QUEUES];
 231	u32 txq_offset[MWL8K_MAX_TX_QUEUES];
 232
 233	bool radio_on;
 234	bool radio_short_preamble;
 235	bool sniffer_enabled;
 236	bool wmm_enabled;
 237
 238	/* XXX need to convert this to handle multiple interfaces */
 239	bool capture_beacon;
 240	u8 capture_bssid[ETH_ALEN];
 241	struct sk_buff *beacon_skb;
 242
 243	/*
 244	 * This FJ worker has to be global as it is scheduled from the
 245	 * RX handler.  At this point we don't know which interface it
 246	 * belongs to until the list of bssids waiting to complete join
 247	 * is checked.
 248	 */
 249	struct work_struct finalize_join_worker;
 250
 251	/* Tasklet to perform TX reclaim.  */
 252	struct tasklet_struct poll_tx_task;
 253
 254	/* Tasklet to perform RX.  */
 255	struct tasklet_struct poll_rx_task;
 256
 257	/* Most recently reported noise in dBm */
 258	s8 noise;
 259
 260	/*
 261	 * preserve the queue configurations so they can be restored if/when
 262	 * the firmware image is swapped.
 263	 */
 264	struct ieee80211_tx_queue_params wmm_params[MWL8K_TX_WMM_QUEUES];
 265
 266	/* To perform the task of reloading the firmware */
 267	struct work_struct fw_reload;
 268	bool hw_restart_in_progress;
 269
 270	/* async firmware loading state */
 271	unsigned fw_state;
 272	char *fw_pref;
 273	char *fw_alt;
 274	struct completion firmware_loading_complete;
 275};
 276
 277#define MAX_WEP_KEY_LEN         13
 278#define NUM_WEP_KEYS            4
 279
 280/* Per interface specific private data */
 281struct mwl8k_vif {
 282	struct list_head list;
 283	struct ieee80211_vif *vif;
 284
 285	/* Firmware macid for this vif.  */
 286	int macid;
 287
 288	/* Non AMPDU sequence number assigned by driver.  */
 289	u16 seqno;
 290
 291	/* Saved WEP keys */
 292	struct {
 293		u8 enabled;
 294		u8 key[sizeof(struct ieee80211_key_conf) + MAX_WEP_KEY_LEN];
 295	} wep_key_conf[NUM_WEP_KEYS];
 296
 297	/* BSSID */
 298	u8 bssid[ETH_ALEN];
 299
 300	/* A flag to indicate is HW crypto is enabled for this bssid */
 301	bool is_hw_crypto_enabled;
 302};
 303#define MWL8K_VIF(_vif) ((struct mwl8k_vif *)&((_vif)->drv_priv))
 304#define IEEE80211_KEY_CONF(_u8) ((struct ieee80211_key_conf *)(_u8))
 305
 306struct tx_traffic_info {
 307	u32 start_time;
 308	u32 pkts;
 309};
 310
 311#define MWL8K_MAX_TID 8
 312struct mwl8k_sta {
 313	/* Index into station database. Returned by UPDATE_STADB.  */
 314	u8 peer_id;
 315	u8 is_ampdu_allowed;
 316	struct tx_traffic_info tx_stats[MWL8K_MAX_TID];
 317};
 318#define MWL8K_STA(_sta) ((struct mwl8k_sta *)&((_sta)->drv_priv))
 319
 320static const struct ieee80211_channel mwl8k_channels_24[] = {
 321	{ .center_freq = 2412, .hw_value = 1, },
 322	{ .center_freq = 2417, .hw_value = 2, },
 323	{ .center_freq = 2422, .hw_value = 3, },
 324	{ .center_freq = 2427, .hw_value = 4, },
 325	{ .center_freq = 2432, .hw_value = 5, },
 326	{ .center_freq = 2437, .hw_value = 6, },
 327	{ .center_freq = 2442, .hw_value = 7, },
 328	{ .center_freq = 2447, .hw_value = 8, },
 329	{ .center_freq = 2452, .hw_value = 9, },
 330	{ .center_freq = 2457, .hw_value = 10, },
 331	{ .center_freq = 2462, .hw_value = 11, },
 332	{ .center_freq = 2467, .hw_value = 12, },
 333	{ .center_freq = 2472, .hw_value = 13, },
 334	{ .center_freq = 2484, .hw_value = 14, },
 335};
 336
 337static const struct ieee80211_rate mwl8k_rates_24[] = {
 338	{ .bitrate = 10, .hw_value = 2, },
 339	{ .bitrate = 20, .hw_value = 4, },
 340	{ .bitrate = 55, .hw_value = 11, },
 341	{ .bitrate = 110, .hw_value = 22, },
 342	{ .bitrate = 220, .hw_value = 44, },
 343	{ .bitrate = 60, .hw_value = 12, },
 344	{ .bitrate = 90, .hw_value = 18, },
 345	{ .bitrate = 120, .hw_value = 24, },
 346	{ .bitrate = 180, .hw_value = 36, },
 347	{ .bitrate = 240, .hw_value = 48, },
 348	{ .bitrate = 360, .hw_value = 72, },
 349	{ .bitrate = 480, .hw_value = 96, },
 350	{ .bitrate = 540, .hw_value = 108, },
 351	{ .bitrate = 720, .hw_value = 144, },
 352};
 353
 354static const struct ieee80211_channel mwl8k_channels_50[] = {
 355	{ .center_freq = 5180, .hw_value = 36, },
 356	{ .center_freq = 5200, .hw_value = 40, },
 357	{ .center_freq = 5220, .hw_value = 44, },
 358	{ .center_freq = 5240, .hw_value = 48, },
 359};
 360
 361static const struct ieee80211_rate mwl8k_rates_50[] = {
 362	{ .bitrate = 60, .hw_value = 12, },
 363	{ .bitrate = 90, .hw_value = 18, },
 364	{ .bitrate = 120, .hw_value = 24, },
 365	{ .bitrate = 180, .hw_value = 36, },
 366	{ .bitrate = 240, .hw_value = 48, },
 367	{ .bitrate = 360, .hw_value = 72, },
 368	{ .bitrate = 480, .hw_value = 96, },
 369	{ .bitrate = 540, .hw_value = 108, },
 370	{ .bitrate = 720, .hw_value = 144, },
 371};
 372
 373/* Set or get info from Firmware */
 374#define MWL8K_CMD_GET			0x0000
 375#define MWL8K_CMD_SET			0x0001
 376#define MWL8K_CMD_SET_LIST		0x0002
 377
 378/* Firmware command codes */
 379#define MWL8K_CMD_CODE_DNLD		0x0001
 380#define MWL8K_CMD_GET_HW_SPEC		0x0003
 381#define MWL8K_CMD_SET_HW_SPEC		0x0004
 382#define MWL8K_CMD_MAC_MULTICAST_ADR	0x0010
 383#define MWL8K_CMD_GET_STAT		0x0014
 384#define MWL8K_CMD_RADIO_CONTROL		0x001c
 385#define MWL8K_CMD_RF_TX_POWER		0x001e
 386#define MWL8K_CMD_TX_POWER		0x001f
 387#define MWL8K_CMD_RF_ANTENNA		0x0020
 388#define MWL8K_CMD_SET_BEACON		0x0100		/* per-vif */
 389#define MWL8K_CMD_SET_PRE_SCAN		0x0107
 390#define MWL8K_CMD_SET_POST_SCAN		0x0108
 391#define MWL8K_CMD_SET_RF_CHANNEL	0x010a
 392#define MWL8K_CMD_SET_AID		0x010d
 393#define MWL8K_CMD_SET_RATE		0x0110
 394#define MWL8K_CMD_SET_FINALIZE_JOIN	0x0111
 395#define MWL8K_CMD_RTS_THRESHOLD		0x0113
 396#define MWL8K_CMD_SET_SLOT		0x0114
 397#define MWL8K_CMD_SET_EDCA_PARAMS	0x0115
 398#define MWL8K_CMD_SET_WMM_MODE		0x0123
 399#define MWL8K_CMD_MIMO_CONFIG		0x0125
 400#define MWL8K_CMD_USE_FIXED_RATE	0x0126
 401#define MWL8K_CMD_ENABLE_SNIFFER	0x0150
 402#define MWL8K_CMD_SET_MAC_ADDR		0x0202		/* per-vif */
 403#define MWL8K_CMD_SET_RATEADAPT_MODE	0x0203
 404#define MWL8K_CMD_GET_WATCHDOG_BITMAP	0x0205
 405#define MWL8K_CMD_DEL_MAC_ADDR		0x0206		/* per-vif */
 406#define MWL8K_CMD_BSS_START		0x1100		/* per-vif */
 407#define MWL8K_CMD_SET_NEW_STN		0x1111		/* per-vif */
 408#define MWL8K_CMD_UPDATE_ENCRYPTION	0x1122		/* per-vif */
 409#define MWL8K_CMD_UPDATE_STADB		0x1123
 410#define MWL8K_CMD_BASTREAM		0x1125
 411
 412static const char *mwl8k_cmd_name(__le16 cmd, char *buf, int bufsize)
 413{
 414	u16 command = le16_to_cpu(cmd);
 415
 416#define MWL8K_CMDNAME(x)	case MWL8K_CMD_##x: do {\
 417					snprintf(buf, bufsize, "%s", #x);\
 418					return buf;\
 419					} while (0)
 420	switch (command & ~0x8000) {
 421		MWL8K_CMDNAME(CODE_DNLD);
 422		MWL8K_CMDNAME(GET_HW_SPEC);
 423		MWL8K_CMDNAME(SET_HW_SPEC);
 424		MWL8K_CMDNAME(MAC_MULTICAST_ADR);
 425		MWL8K_CMDNAME(GET_STAT);
 426		MWL8K_CMDNAME(RADIO_CONTROL);
 427		MWL8K_CMDNAME(RF_TX_POWER);
 428		MWL8K_CMDNAME(TX_POWER);
 429		MWL8K_CMDNAME(RF_ANTENNA);
 430		MWL8K_CMDNAME(SET_BEACON);
 431		MWL8K_CMDNAME(SET_PRE_SCAN);
 432		MWL8K_CMDNAME(SET_POST_SCAN);
 433		MWL8K_CMDNAME(SET_RF_CHANNEL);
 434		MWL8K_CMDNAME(SET_AID);
 435		MWL8K_CMDNAME(SET_RATE);
 436		MWL8K_CMDNAME(SET_FINALIZE_JOIN);
 437		MWL8K_CMDNAME(RTS_THRESHOLD);
 438		MWL8K_CMDNAME(SET_SLOT);
 439		MWL8K_CMDNAME(SET_EDCA_PARAMS);
 440		MWL8K_CMDNAME(SET_WMM_MODE);
 441		MWL8K_CMDNAME(MIMO_CONFIG);
 442		MWL8K_CMDNAME(USE_FIXED_RATE);
 443		MWL8K_CMDNAME(ENABLE_SNIFFER);
 444		MWL8K_CMDNAME(SET_MAC_ADDR);
 445		MWL8K_CMDNAME(SET_RATEADAPT_MODE);
 446		MWL8K_CMDNAME(BSS_START);
 447		MWL8K_CMDNAME(SET_NEW_STN);
 448		MWL8K_CMDNAME(UPDATE_ENCRYPTION);
 449		MWL8K_CMDNAME(UPDATE_STADB);
 450		MWL8K_CMDNAME(BASTREAM);
 451		MWL8K_CMDNAME(GET_WATCHDOG_BITMAP);
 452	default:
 453		snprintf(buf, bufsize, "0x%x", cmd);
 454	}
 455#undef MWL8K_CMDNAME
 456
 457	return buf;
 458}
 459
 460/* Hardware and firmware reset */
 461static void mwl8k_hw_reset(struct mwl8k_priv *priv)
 462{
 463	iowrite32(MWL8K_H2A_INT_RESET,
 464		priv->regs + MWL8K_HIU_H2A_INTERRUPT_EVENTS);
 465	iowrite32(MWL8K_H2A_INT_RESET,
 466		priv->regs + MWL8K_HIU_H2A_INTERRUPT_EVENTS);
 467	msleep(20);
 468}
 469
 470/* Release fw image */
 471static void mwl8k_release_fw(const struct firmware **fw)
 472{
 473	if (*fw == NULL)
 474		return;
 475	release_firmware(*fw);
 476	*fw = NULL;
 477}
 478
 479static void mwl8k_release_firmware(struct mwl8k_priv *priv)
 480{
 481	mwl8k_release_fw(&priv->fw_ucode);
 482	mwl8k_release_fw(&priv->fw_helper);
 483}
 484
 485/* states for asynchronous f/w loading */
 486static void mwl8k_fw_state_machine(const struct firmware *fw, void *context);
 487enum {
 488	FW_STATE_INIT = 0,
 489	FW_STATE_LOADING_PREF,
 490	FW_STATE_LOADING_ALT,
 491	FW_STATE_ERROR,
 492};
 493
 494/* Request fw image */
 495static int mwl8k_request_fw(struct mwl8k_priv *priv,
 496			    const char *fname, const struct firmware **fw,
 497			    bool nowait)
 498{
 499	/* release current image */
 500	if (*fw != NULL)
 501		mwl8k_release_fw(fw);
 502
 503	if (nowait)
 504		return request_firmware_nowait(THIS_MODULE, 1, fname,
 505					       &priv->pdev->dev, GFP_KERNEL,
 506					       priv, mwl8k_fw_state_machine);
 507	else
 508		return request_firmware(fw, fname, &priv->pdev->dev);
 509}
 510
 511static int mwl8k_request_firmware(struct mwl8k_priv *priv, char *fw_image,
 512				  bool nowait)
 513{
 514	struct mwl8k_device_info *di = priv->device_info;
 515	int rc;
 516
 517	if (di->helper_image != NULL) {
 518		if (nowait)
 519			rc = mwl8k_request_fw(priv, di->helper_image,
 520					      &priv->fw_helper, true);
 521		else
 522			rc = mwl8k_request_fw(priv, di->helper_image,
 523					      &priv->fw_helper, false);
 524		if (rc)
 525			printk(KERN_ERR "%s: Error requesting helper fw %s\n",
 526			       pci_name(priv->pdev), di->helper_image);
 527
 528		if (rc || nowait)
 529			return rc;
 530	}
 531
 532	if (nowait) {
 533		/*
 534		 * if we get here, no helper image is needed.  Skip the
 535		 * FW_STATE_INIT state.
 536		 */
 537		priv->fw_state = FW_STATE_LOADING_PREF;
 538		rc = mwl8k_request_fw(priv, fw_image,
 539				      &priv->fw_ucode,
 540				      true);
 541	} else
 542		rc = mwl8k_request_fw(priv, fw_image,
 543				      &priv->fw_ucode, false);
 544	if (rc) {
 545		printk(KERN_ERR "%s: Error requesting firmware file %s\n",
 546		       pci_name(priv->pdev), fw_image);
 547		mwl8k_release_fw(&priv->fw_helper);
 548		return rc;
 549	}
 550
 551	return 0;
 552}
 553
 554struct mwl8k_cmd_pkt {
 555	__le16	code;
 556	__le16	length;
 557	__u8	seq_num;
 558	__u8	macid;
 559	__le16	result;
 560	char	payload[0];
 561} __packed;
 562
 563/*
 564 * Firmware loading.
 565 */
 566static int
 567mwl8k_send_fw_load_cmd(struct mwl8k_priv *priv, void *data, int length)
 568{
 569	void __iomem *regs = priv->regs;
 570	dma_addr_t dma_addr;
 571	int loops;
 572
 573	dma_addr = pci_map_single(priv->pdev, data, length, PCI_DMA_TODEVICE);
 574	if (pci_dma_mapping_error(priv->pdev, dma_addr))
 575		return -ENOMEM;
 576
 577	iowrite32(dma_addr, regs + MWL8K_HIU_GEN_PTR);
 578	iowrite32(0, regs + MWL8K_HIU_INT_CODE);
 579	iowrite32(MWL8K_H2A_INT_DOORBELL,
 580		regs + MWL8K_HIU_H2A_INTERRUPT_EVENTS);
 581	iowrite32(MWL8K_H2A_INT_DUMMY,
 582		regs + MWL8K_HIU_H2A_INTERRUPT_EVENTS);
 583
 584	loops = 1000;
 585	do {
 586		u32 int_code;
 587
 588		int_code = ioread32(regs + MWL8K_HIU_INT_CODE);
 589		if (int_code == MWL8K_INT_CODE_CMD_FINISHED) {
 590			iowrite32(0, regs + MWL8K_HIU_INT_CODE);
 591			break;
 592		}
 593
 594		cond_resched();
 595		udelay(1);
 596	} while (--loops);
 597
 598	pci_unmap_single(priv->pdev, dma_addr, length, PCI_DMA_TODEVICE);
 599
 600	return loops ? 0 : -ETIMEDOUT;
 601}
 602
 603static int mwl8k_load_fw_image(struct mwl8k_priv *priv,
 604				const u8 *data, size_t length)
 605{
 606	struct mwl8k_cmd_pkt *cmd;
 607	int done;
 608	int rc = 0;
 609
 610	cmd = kmalloc(sizeof(*cmd) + 256, GFP_KERNEL);
 611	if (cmd == NULL)
 612		return -ENOMEM;
 613
 614	cmd->code = cpu_to_le16(MWL8K_CMD_CODE_DNLD);
 615	cmd->seq_num = 0;
 616	cmd->macid = 0;
 617	cmd->result = 0;
 618
 619	done = 0;
 620	while (length) {
 621		int block_size = length > 256 ? 256 : length;
 622
 623		memcpy(cmd->payload, data + done, block_size);
 624		cmd->length = cpu_to_le16(block_size);
 625
 626		rc = mwl8k_send_fw_load_cmd(priv, cmd,
 627						sizeof(*cmd) + block_size);
 628		if (rc)
 629			break;
 630
 631		done += block_size;
 632		length -= block_size;
 633	}
 634
 635	if (!rc) {
 636		cmd->length = 0;
 637		rc = mwl8k_send_fw_load_cmd(priv, cmd, sizeof(*cmd));
 638	}
 639
 640	kfree(cmd);
 641
 642	return rc;
 643}
 644
 645static int mwl8k_feed_fw_image(struct mwl8k_priv *priv,
 646				const u8 *data, size_t length)
 647{
 648	unsigned char *buffer;
 649	int may_continue, rc = 0;
 650	u32 done, prev_block_size;
 651
 652	buffer = kmalloc(1024, GFP_KERNEL);
 653	if (buffer == NULL)
 654		return -ENOMEM;
 655
 656	done = 0;
 657	prev_block_size = 0;
 658	may_continue = 1000;
 659	while (may_continue > 0) {
 660		u32 block_size;
 661
 662		block_size = ioread32(priv->regs + MWL8K_HIU_SCRATCH);
 663		if (block_size & 1) {
 664			block_size &= ~1;
 665			may_continue--;
 666		} else {
 667			done += prev_block_size;
 668			length -= prev_block_size;
 669		}
 670
 671		if (block_size > 1024 || block_size > length) {
 672			rc = -EOVERFLOW;
 673			break;
 674		}
 675
 676		if (length == 0) {
 677			rc = 0;
 678			break;
 679		}
 680
 681		if (block_size == 0) {
 682			rc = -EPROTO;
 683			may_continue--;
 684			udelay(1);
 685			continue;
 686		}
 687
 688		prev_block_size = block_size;
 689		memcpy(buffer, data + done, block_size);
 690
 691		rc = mwl8k_send_fw_load_cmd(priv, buffer, block_size);
 692		if (rc)
 693			break;
 694	}
 695
 696	if (!rc && length != 0)
 697		rc = -EREMOTEIO;
 698
 699	kfree(buffer);
 700
 701	return rc;
 702}
 703
 704static int mwl8k_load_firmware(struct ieee80211_hw *hw)
 705{
 706	struct mwl8k_priv *priv = hw->priv;
 707	const struct firmware *fw = priv->fw_ucode;
 708	int rc;
 709	int loops;
 710
 711	if (!memcmp(fw->data, "\x01\x00\x00\x00", 4)) {
 712		const struct firmware *helper = priv->fw_helper;
 713
 714		if (helper == NULL) {
 715			printk(KERN_ERR "%s: helper image needed but none "
 716			       "given\n", pci_name(priv->pdev));
 717			return -EINVAL;
 718		}
 719
 720		rc = mwl8k_load_fw_image(priv, helper->data, helper->size);
 721		if (rc) {
 722			printk(KERN_ERR "%s: unable to load firmware "
 723			       "helper image\n", pci_name(priv->pdev));
 724			return rc;
 725		}
 726		msleep(20);
 727
 728		rc = mwl8k_feed_fw_image(priv, fw->data, fw->size);
 729	} else {
 730		rc = mwl8k_load_fw_image(priv, fw->data, fw->size);
 731	}
 732
 733	if (rc) {
 734		printk(KERN_ERR "%s: unable to load firmware image\n",
 735		       pci_name(priv->pdev));
 736		return rc;
 737	}
 738
 739	iowrite32(MWL8K_MODE_STA, priv->regs + MWL8K_HIU_GEN_PTR);
 740
 741	loops = 500000;
 742	do {
 743		u32 ready_code;
 744
 745		ready_code = ioread32(priv->regs + MWL8K_HIU_INT_CODE);
 746		if (ready_code == MWL8K_FWAP_READY) {
 747			priv->ap_fw = true;
 748			break;
 749		} else if (ready_code == MWL8K_FWSTA_READY) {
 750			priv->ap_fw = false;
 751			break;
 752		}
 753
 754		cond_resched();
 755		udelay(1);
 756	} while (--loops);
 757
 758	return loops ? 0 : -ETIMEDOUT;
 759}
 760
 761
 762/* DMA header used by firmware and hardware.  */
 763struct mwl8k_dma_data {
 764	__le16 fwlen;
 765	struct ieee80211_hdr wh;
 766	char data[0];
 767} __packed;
 768
 769/* Routines to add/remove DMA header from skb.  */
 770static inline void mwl8k_remove_dma_header(struct sk_buff *skb, __le16 qos)
 771{
 772	struct mwl8k_dma_data *tr;
 773	int hdrlen;
 774
 775	tr = (struct mwl8k_dma_data *)skb->data;
 776	hdrlen = ieee80211_hdrlen(tr->wh.frame_control);
 777
 778	if (hdrlen != sizeof(tr->wh)) {
 779		if (ieee80211_is_data_qos(tr->wh.frame_control)) {
 780			memmove(tr->data - hdrlen, &tr->wh, hdrlen - 2);
 781			*((__le16 *)(tr->data - 2)) = qos;
 782		} else {
 783			memmove(tr->data - hdrlen, &tr->wh, hdrlen);
 784		}
 785	}
 786
 787	if (hdrlen != sizeof(*tr))
 788		skb_pull(skb, sizeof(*tr) - hdrlen);
 789}
 790
 791#define REDUCED_TX_HEADROOM	8
 792
 793static void
 794mwl8k_add_dma_header(struct mwl8k_priv *priv, struct sk_buff *skb,
 795						int head_pad, int tail_pad)
 796{
 797	struct ieee80211_hdr *wh;
 798	int hdrlen;
 799	int reqd_hdrlen;
 800	struct mwl8k_dma_data *tr;
 801
 802	/*
 803	 * Add a firmware DMA header; the firmware requires that we
 804	 * present a 2-byte payload length followed by a 4-address
 805	 * header (without QoS field), followed (optionally) by any
 806	 * WEP/ExtIV header (but only filled in for CCMP).
 807	 */
 808	wh = (struct ieee80211_hdr *)skb->data;
 809
 810	hdrlen = ieee80211_hdrlen(wh->frame_control);
 811
 812	/*
 813	 * Check if skb_resize is required because of
 814	 * tx_headroom adjustment.
 815	 */
 816	if (priv->ap_fw && (hdrlen < (sizeof(struct ieee80211_cts)
 817						+ REDUCED_TX_HEADROOM))) {
 818		if (pskb_expand_head(skb, REDUCED_TX_HEADROOM, 0, GFP_ATOMIC)) {
 819
 820			wiphy_err(priv->hw->wiphy,
 821					"Failed to reallocate TX buffer\n");
 822			return;
 823		}
 824		skb->truesize += REDUCED_TX_HEADROOM;
 825	}
 826
 827	reqd_hdrlen = sizeof(*tr) + head_pad;
 828
 829	if (hdrlen != reqd_hdrlen)
 830		skb_push(skb, reqd_hdrlen - hdrlen);
 831
 832	if (ieee80211_is_data_qos(wh->frame_control))
 833		hdrlen -= IEEE80211_QOS_CTL_LEN;
 834
 835	tr = (struct mwl8k_dma_data *)skb->data;
 836	if (wh != &tr->wh)
 837		memmove(&tr->wh, wh, hdrlen);
 838	if (hdrlen != sizeof(tr->wh))
 839		memset(((void *)&tr->wh) + hdrlen, 0, sizeof(tr->wh) - hdrlen);
 840
 841	/*
 842	 * Firmware length is the length of the fully formed "802.11
 843	 * payload".  That is, everything except for the 802.11 header.
 844	 * This includes all crypto material including the MIC.
 845	 */
 846	tr->fwlen = cpu_to_le16(skb->len - sizeof(*tr) + tail_pad);
 847}
 848
 849static void mwl8k_encapsulate_tx_frame(struct mwl8k_priv *priv,
 850		struct sk_buff *skb)
 851{
 852	struct ieee80211_hdr *wh;
 853	struct ieee80211_tx_info *tx_info;
 854	struct ieee80211_key_conf *key_conf;
 855	int data_pad;
 856	int head_pad = 0;
 857
 858	wh = (struct ieee80211_hdr *)skb->data;
 859
 860	tx_info = IEEE80211_SKB_CB(skb);
 861
 862	key_conf = NULL;
 863	if (ieee80211_is_data(wh->frame_control))
 864		key_conf = tx_info->control.hw_key;
 865
 866	/*
 867	 * Make sure the packet header is in the DMA header format (4-address
 868	 * without QoS), and add head & tail padding when HW crypto is enabled.
 869	 *
 870	 * We have the following trailer padding requirements:
 871	 * - WEP: 4 trailer bytes (ICV)
 872	 * - TKIP: 12 trailer bytes (8 MIC + 4 ICV)
 873	 * - CCMP: 8 trailer bytes (MIC)
 874	 */
 875	data_pad = 0;
 876	if (key_conf != NULL) {
 877		head_pad = key_conf->iv_len;
 878		switch (key_conf->cipher) {
 879		case WLAN_CIPHER_SUITE_WEP40:
 880		case WLAN_CIPHER_SUITE_WEP104:
 881			data_pad = 4;
 882			break;
 883		case WLAN_CIPHER_SUITE_TKIP:
 884			data_pad = 12;
 885			break;
 886		case WLAN_CIPHER_SUITE_CCMP:
 887			data_pad = 8;
 888			break;
 889		}
 890	}
 891	mwl8k_add_dma_header(priv, skb, head_pad, data_pad);
 892}
 893
 894/*
 895 * Packet reception for 88w8366 AP firmware.
 896 */
 897struct mwl8k_rxd_8366_ap {
 898	__le16 pkt_len;
 899	__u8 sq2;
 900	__u8 rate;
 901	__le32 pkt_phys_addr;
 902	__le32 next_rxd_phys_addr;
 903	__le16 qos_control;
 904	__le16 htsig2;
 905	__le32 hw_rssi_info;
 906	__le32 hw_noise_floor_info;
 907	__u8 noise_floor;
 908	__u8 pad0[3];
 909	__u8 rssi;
 910	__u8 rx_status;
 911	__u8 channel;
 912	__u8 rx_ctrl;
 913} __packed;
 914
 915#define MWL8K_8366_AP_RATE_INFO_MCS_FORMAT	0x80
 916#define MWL8K_8366_AP_RATE_INFO_40MHZ		0x40
 917#define MWL8K_8366_AP_RATE_INFO_RATEID(x)	((x) & 0x3f)
 918
 919#define MWL8K_8366_AP_RX_CTRL_OWNED_BY_HOST	0x80
 920
 921/* 8366 AP rx_status bits */
 922#define MWL8K_8366_AP_RXSTAT_DECRYPT_ERR_MASK		0x80
 923#define MWL8K_8366_AP_RXSTAT_GENERAL_DECRYPT_ERR	0xFF
 924#define MWL8K_8366_AP_RXSTAT_TKIP_DECRYPT_MIC_ERR	0x02
 925#define MWL8K_8366_AP_RXSTAT_WEP_DECRYPT_ICV_ERR	0x04
 926#define MWL8K_8366_AP_RXSTAT_TKIP_DECRYPT_ICV_ERR	0x08
 927
 928static void mwl8k_rxd_8366_ap_init(void *_rxd, dma_addr_t next_dma_addr)
 929{
 930	struct mwl8k_rxd_8366_ap *rxd = _rxd;
 931
 932	rxd->next_rxd_phys_addr = cpu_to_le32(next_dma_addr);
 933	rxd->rx_ctrl = MWL8K_8366_AP_RX_CTRL_OWNED_BY_HOST;
 934}
 935
 936static void mwl8k_rxd_8366_ap_refill(void *_rxd, dma_addr_t addr, int len)
 937{
 938	struct mwl8k_rxd_8366_ap *rxd = _rxd;
 939
 940	rxd->pkt_len = cpu_to_le16(len);
 941	rxd->pkt_phys_addr = cpu_to_le32(addr);
 942	wmb();
 943	rxd->rx_ctrl = 0;
 944}
 945
 946static int
 947mwl8k_rxd_8366_ap_process(void *_rxd, struct ieee80211_rx_status *status,
 948			  __le16 *qos, s8 *noise)
 949{
 950	struct mwl8k_rxd_8366_ap *rxd = _rxd;
 951
 952	if (!(rxd->rx_ctrl & MWL8K_8366_AP_RX_CTRL_OWNED_BY_HOST))
 953		return -1;
 954	rmb();
 955
 956	memset(status, 0, sizeof(*status));
 957
 958	status->signal = -rxd->rssi;
 959	*noise = -rxd->noise_floor;
 960
 961	if (rxd->rate & MWL8K_8366_AP_RATE_INFO_MCS_FORMAT) {
 962		status->flag |= RX_FLAG_HT;
 963		if (rxd->rate & MWL8K_8366_AP_RATE_INFO_40MHZ)
 964			status->flag |= RX_FLAG_40MHZ;
 965		status->rate_idx = MWL8K_8366_AP_RATE_INFO_RATEID(rxd->rate);
 966	} else {
 967		int i;
 968
 969		for (i = 0; i < ARRAY_SIZE(mwl8k_rates_24); i++) {
 970			if (mwl8k_rates_24[i].hw_value == rxd->rate) {
 971				status->rate_idx = i;
 972				break;
 973			}
 974		}
 975	}
 976
 977	if (rxd->channel > 14) {
 978		status->band = IEEE80211_BAND_5GHZ;
 979		if (!(status->flag & RX_FLAG_HT))
 980			status->rate_idx -= 5;
 981	} else {
 982		status->band = IEEE80211_BAND_2GHZ;
 983	}
 984	status->freq = ieee80211_channel_to_frequency(rxd->channel,
 985						      status->band);
 986
 987	*qos = rxd->qos_control;
 988
 989	if ((rxd->rx_status != MWL8K_8366_AP_RXSTAT_GENERAL_DECRYPT_ERR) &&
 990	    (rxd->rx_status & MWL8K_8366_AP_RXSTAT_DECRYPT_ERR_MASK) &&
 991	    (rxd->rx_status & MWL8K_8366_AP_RXSTAT_TKIP_DECRYPT_MIC_ERR))
 992		status->flag |= RX_FLAG_MMIC_ERROR;
 993
 994	return le16_to_cpu(rxd->pkt_len);
 995}
 996
 997static struct rxd_ops rxd_8366_ap_ops = {
 998	.rxd_size	= sizeof(struct mwl8k_rxd_8366_ap),
 999	.rxd_init	= mwl8k_rxd_8366_ap_init,
1000	.rxd_refill	= mwl8k_rxd_8366_ap_refill,
1001	.rxd_process	= mwl8k_rxd_8366_ap_process,
1002};
1003
1004/*
1005 * Packet reception for STA firmware.
1006 */
1007struct mwl8k_rxd_sta {
1008	__le16 pkt_len;
1009	__u8 link_quality;
1010	__u8 noise_level;
1011	__le32 pkt_phys_addr;
1012	__le32 next_rxd_phys_addr;
1013	__le16 qos_control;
1014	__le16 rate_info;
1015	__le32 pad0[4];
1016	__u8 rssi;
1017	__u8 channel;
1018	__le16 pad1;
1019	__u8 rx_ctrl;
1020	__u8 rx_status;
1021	__u8 pad2[2];
1022} __packed;
1023
1024#define MWL8K_STA_RATE_INFO_SHORTPRE		0x8000
1025#define MWL8K_STA_RATE_INFO_ANTSELECT(x)	(((x) >> 11) & 0x3)
1026#define MWL8K_STA_RATE_INFO_RATEID(x)		(((x) >> 3) & 0x3f)
1027#define MWL8K_STA_RATE_INFO_40MHZ		0x0004
1028#define MWL8K_STA_RATE_INFO_SHORTGI		0x0002
1029#define MWL8K_STA_RATE_INFO_MCS_FORMAT		0x0001
1030
1031#define MWL8K_STA_RX_CTRL_OWNED_BY_HOST		0x02
1032#define MWL8K_STA_RX_CTRL_DECRYPT_ERROR		0x04
1033/* ICV=0 or MIC=1 */
1034#define MWL8K_STA_RX_CTRL_DEC_ERR_TYPE		0x08
1035/* Key is uploaded only in failure case */
1036#define MWL8K_STA_RX_CTRL_KEY_INDEX			0x30
1037
1038static void mwl8k_rxd_sta_init(void *_rxd, dma_addr_t next_dma_addr)
1039{
1040	struct mwl8k_rxd_sta *rxd = _rxd;
1041
1042	rxd->next_rxd_phys_addr = cpu_to_le32(next_dma_addr);
1043	rxd->rx_ctrl = MWL8K_STA_RX_CTRL_OWNED_BY_HOST;
1044}
1045
1046static void mwl8k_rxd_sta_refill(void *_rxd, dma_addr_t addr, int len)
1047{
1048	struct mwl8k_rxd_sta *rxd = _rxd;
1049
1050	rxd->pkt_len = cpu_to_le16(len);
1051	rxd->pkt_phys_addr = cpu_to_le32(addr);
1052	wmb();
1053	rxd->rx_ctrl = 0;
1054}
1055
1056static int
1057mwl8k_rxd_sta_process(void *_rxd, struct ieee80211_rx_status *status,
1058		       __le16 *qos, s8 *noise)
1059{
1060	struct mwl8k_rxd_sta *rxd = _rxd;
1061	u16 rate_info;
1062
1063	if (!(rxd->rx_ctrl & MWL8K_STA_RX_CTRL_OWNED_BY_HOST))
1064		return -1;
1065	rmb();
1066
1067	rate_info = le16_to_cpu(rxd->rate_info);
1068
1069	memset(status, 0, sizeof(*status));
1070
1071	status->signal = -rxd->rssi;
1072	*noise = -rxd->noise_level;
1073	status->antenna = MWL8K_STA_RATE_INFO_ANTSELECT(rate_info);
1074	status->rate_idx = MWL8K_STA_RATE_INFO_RATEID(rate_info);
1075
1076	if (rate_info & MWL8K_STA_RATE_INFO_SHORTPRE)
1077		status->flag |= RX_FLAG_SHORTPRE;
1078	if (rate_info & MWL8K_STA_RATE_INFO_40MHZ)
1079		status->flag |= RX_FLAG_40MHZ;
1080	if (rate_info & MWL8K_STA_RATE_INFO_SHORTGI)
1081		status->flag |= RX_FLAG_SHORT_GI;
1082	if (rate_info & MWL8K_STA_RATE_INFO_MCS_FORMAT)
1083		status->flag |= RX_FLAG_HT;
1084
1085	if (rxd->channel > 14) {
1086		status->band = IEEE80211_BAND_5GHZ;
1087		if (!(status->flag & RX_FLAG_HT))
1088			status->rate_idx -= 5;
1089	} else {
1090		status->band = IEEE80211_BAND_2GHZ;
1091	}
1092	status->freq = ieee80211_channel_to_frequency(rxd->channel,
1093						      status->band);
1094
1095	*qos = rxd->qos_control;
1096	if ((rxd->rx_ctrl & MWL8K_STA_RX_CTRL_DECRYPT_ERROR) &&
1097	    (rxd->rx_ctrl & MWL8K_STA_RX_CTRL_DEC_ERR_TYPE))
1098		status->flag |= RX_FLAG_MMIC_ERROR;
1099
1100	return le16_to_cpu(rxd->pkt_len);
1101}
1102
1103static struct rxd_ops rxd_sta_ops = {
1104	.rxd_size	= sizeof(struct mwl8k_rxd_sta),
1105	.rxd_init	= mwl8k_rxd_sta_init,
1106	.rxd_refill	= mwl8k_rxd_sta_refill,
1107	.rxd_process	= mwl8k_rxd_sta_process,
1108};
1109
1110
1111#define MWL8K_RX_DESCS		256
1112#define MWL8K_RX_MAXSZ		3800
1113
1114static int mwl8k_rxq_init(struct ieee80211_hw *hw, int index)
1115{
1116	struct mwl8k_priv *priv = hw->priv;
1117	struct mwl8k_rx_queue *rxq = priv->rxq + index;
1118	int size;
1119	int i;
1120
1121	rxq->rxd_count = 0;
1122	rxq->head = 0;
1123	rxq->tail = 0;
1124
1125	size = MWL8K_RX_DESCS * priv->rxd_ops->rxd_size;
1126
1127	rxq->rxd = pci_alloc_consistent(priv->pdev, size, &rxq->rxd_dma);
1128	if (rxq->rxd == NULL) {
1129		wiphy_err(hw->wiphy, "failed to alloc RX descriptors\n");
1130		return -ENOMEM;
1131	}
1132	memset(rxq->rxd, 0, size);
1133
1134	rxq->buf = kcalloc(MWL8K_RX_DESCS, sizeof(*rxq->buf), GFP_KERNEL);
1135	if (rxq->buf == NULL) {
1136		wiphy_err(hw->wiphy, "failed to alloc RX skbuff list\n");
1137		pci_free_consistent(priv->pdev, size, rxq->rxd, rxq->rxd_dma);
1138		return -ENOMEM;
1139	}
1140
1141	for (i = 0; i < MWL8K_RX_DESCS; i++) {
1142		int desc_size;
1143		void *rxd;
1144		int nexti;
1145		dma_addr_t next_dma_addr;
1146
1147		desc_size = priv->rxd_ops->rxd_size;
1148		rxd = rxq->rxd + (i * priv->rxd_ops->rxd_size);
1149
1150		nexti = i + 1;
1151		if (nexti == MWL8K_RX_DESCS)
1152			nexti = 0;
1153		next_dma_addr = rxq->rxd_dma + (nexti * desc_size);
1154
1155		priv->rxd_ops->rxd_init(rxd, next_dma_addr);
1156	}
1157
1158	return 0;
1159}
1160
1161static int rxq_refill(struct ieee80211_hw *hw, int index, int limit)
1162{
1163	struct mwl8k_priv *priv = hw->priv;
1164	struct mwl8k_rx_queue *rxq = priv->rxq + index;
1165	int refilled;
1166
1167	refilled = 0;
1168	while (rxq->rxd_count < MWL8K_RX_DESCS && limit--) {
1169		struct sk_buff *skb;
1170		dma_addr_t addr;
1171		int rx;
1172		void *rxd;
1173
1174		skb = dev_alloc_skb(MWL8K_RX_MAXSZ);
1175		if (skb == NULL)
1176			break;
1177
1178		addr = pci_map_single(priv->pdev, skb->data,
1179				      MWL8K_RX_MAXSZ, DMA_FROM_DEVICE);
1180
1181		rxq->rxd_count++;
1182		rx = rxq->tail++;
1183		if (rxq->tail == MWL8K_RX_DESCS)
1184			rxq->tail = 0;
1185		rxq->buf[rx].skb = skb;
1186		dma_unmap_addr_set(&rxq->buf[rx], dma, addr);
1187
1188		rxd = rxq->rxd + (rx * priv->rxd_ops->rxd_size);
1189		priv->rxd_ops->rxd_refill(rxd, addr, MWL8K_RX_MAXSZ);
1190
1191		refilled++;
1192	}
1193
1194	return refilled;
1195}
1196
1197/* Must be called only when the card's reception is completely halted */
1198static void mwl8k_rxq_deinit(struct ieee80211_hw *hw, int index)
1199{
1200	struct mwl8k_priv *priv = hw->priv;
1201	struct mwl8k_rx_queue *rxq = priv->rxq + index;
1202	int i;
1203
1204	if (rxq->rxd == NULL)
1205		return;
1206
1207	for (i = 0; i < MWL8K_RX_DESCS; i++) {
1208		if (rxq->buf[i].skb != NULL) {
1209			pci_unmap_single(priv->pdev,
1210					 dma_unmap_addr(&rxq->buf[i], dma),
1211					 MWL8K_RX_MAXSZ, PCI_DMA_FROMDEVICE);
1212			dma_unmap_addr_set(&rxq->buf[i], dma, 0);
1213
1214			kfree_skb(rxq->buf[i].skb);
1215			rxq->buf[i].skb = NULL;
1216		}
1217	}
1218
1219	kfree(rxq->buf);
1220	rxq->buf = NULL;
1221
1222	pci_free_consistent(priv->pdev,
1223			    MWL8K_RX_DESCS * priv->rxd_ops->rxd_size,
1224			    rxq->rxd, rxq->rxd_dma);
1225	rxq->rxd = NULL;
1226}
1227
1228
1229/*
1230 * Scan a list of BSSIDs to process for finalize join.
1231 * Allows for extension to process multiple BSSIDs.
1232 */
1233static inline int
1234mwl8k_capture_bssid(struct mwl8k_priv *priv, struct ieee80211_hdr *wh)
1235{
1236	return priv->capture_beacon &&
1237		ieee80211_is_beacon(wh->frame_control) &&
1238		ether_addr_equal(wh->addr3, priv->capture_bssid);
1239}
1240
1241static inline void mwl8k_save_beacon(struct ieee80211_hw *hw,
1242				     struct sk_buff *skb)
1243{
1244	struct mwl8k_priv *priv = hw->priv;
1245
1246	priv->capture_beacon = false;
1247	memset(priv->capture_bssid, 0, ETH_ALEN);
1248
1249	/*
1250	 * Use GFP_ATOMIC as rxq_process is called from
1251	 * the primary interrupt handler, memory allocation call
1252	 * must not sleep.
1253	 */
1254	priv->beacon_skb = skb_copy(skb, GFP_ATOMIC);
1255	if (priv->beacon_skb != NULL)
1256		ieee80211_queue_work(hw, &priv->finalize_join_worker);
1257}
1258
1259static inline struct mwl8k_vif *mwl8k_find_vif_bss(struct list_head *vif_list,
1260						   u8 *bssid)
1261{
1262	struct mwl8k_vif *mwl8k_vif;
1263
1264	list_for_each_entry(mwl8k_vif,
1265			    vif_list, list) {
1266		if (memcmp(bssid, mwl8k_vif->bssid,
1267			   ETH_ALEN) == 0)
1268			return mwl8k_vif;
1269	}
1270
1271	return NULL;
1272}
1273
1274static int rxq_process(struct ieee80211_hw *hw, int index, int limit)
1275{
1276	struct mwl8k_priv *priv = hw->priv;
1277	struct mwl8k_vif *mwl8k_vif = NULL;
1278	struct mwl8k_rx_queue *rxq = priv->rxq + index;
1279	int processed;
1280
1281	processed = 0;
1282	while (rxq->rxd_count && limit--) {
1283		struct sk_buff *skb;
1284		void *rxd;
1285		int pkt_len;
1286		struct ieee80211_rx_status status;
1287		struct ieee80211_hdr *wh;
1288		__le16 qos;
1289
1290		skb = rxq->buf[rxq->head].skb;
1291		if (skb == NULL)
1292			break;
1293
1294		rxd = rxq->rxd + (rxq->head * priv->rxd_ops->rxd_size);
1295
1296		pkt_len = priv->rxd_ops->rxd_process(rxd, &status, &qos,
1297							&priv->noise);
1298		if (pkt_len < 0)
1299			break;
1300
1301		rxq->buf[rxq->head].skb = NULL;
1302
1303		pci_unmap_single(priv->pdev,
1304				 dma_unmap_addr(&rxq->buf[rxq->head], dma),
1305				 MWL8K_RX_MAXSZ, PCI_DMA_FROMDEVICE);
1306		dma_unmap_addr_set(&rxq->buf[rxq->head], dma, 0);
1307
1308		rxq->head++;
1309		if (rxq->head == MWL8K_RX_DESCS)
1310			rxq->head = 0;
1311
1312		rxq->rxd_count--;
1313
1314		wh = &((struct mwl8k_dma_data *)skb->data)->wh;
1315
1316		/*
1317		 * Check for a pending join operation.  Save a
1318		 * copy of the beacon and schedule a tasklet to
1319		 * send a FINALIZE_JOIN command to the firmware.
1320		 */
1321		if (mwl8k_capture_bssid(priv, (void *)skb->data))
1322			mwl8k_save_beacon(hw, skb);
1323
1324		if (ieee80211_has_protected(wh->frame_control)) {
1325
1326			/* Check if hw crypto has been enabled for
1327			 * this bss. If yes, set the status flags
1328			 * accordingly
1329			 */
1330			mwl8k_vif = mwl8k_find_vif_bss(&priv->vif_list,
1331								wh->addr1);
1332
1333			if (mwl8k_vif != NULL &&
1334			    mwl8k_vif->is_hw_crypto_enabled) {
1335				/*
1336				 * When MMIC ERROR is encountered
1337				 * by the firmware, payload is
1338				 * dropped and only 32 bytes of
1339				 * mwl8k Firmware header is sent
1340				 * to the host.
1341				 *
1342				 * We need to add four bytes of
1343				 * key information.  In it
1344				 * MAC80211 expects keyidx set to
1345				 * 0 for triggering Counter
1346				 * Measure of MMIC failure.
1347				 */
1348				if (status.flag & RX_FLAG_MMIC_ERROR) {
1349					struct mwl8k_dma_data *tr;
1350					tr = (struct mwl8k_dma_data *)skb->data;
1351					memset((void *)&(tr->data), 0, 4);
1352					pkt_len += 4;
1353				}
1354
1355				if (!ieee80211_is_auth(wh->frame_control))
1356					status.flag |= RX_FLAG_IV_STRIPPED |
1357						       RX_FLAG_DECRYPTED |
1358						       RX_FLAG_MMIC_STRIPPED;
1359			}
1360		}
1361
1362		skb_put(skb, pkt_len);
1363		mwl8k_remove_dma_header(skb, qos);
1364		memcpy(IEEE80211_SKB_RXCB(skb), &status, sizeof(status));
1365		ieee80211_rx_irqsafe(hw, skb);
1366
1367		processed++;
1368	}
1369
1370	return processed;
1371}
1372
1373
1374/*
1375 * Packet transmission.
1376 */
1377
1378#define MWL8K_TXD_STATUS_OK			0x00000001
1379#define MWL8K_TXD_STATUS_OK_RETRY		0x00000002
1380#define MWL8K_TXD_STATUS_OK_MORE_RETRY		0x00000004
1381#define MWL8K_TXD_STATUS_MULTICAST_TX		0x00000008
1382#define MWL8K_TXD_STATUS_FW_OWNED		0x80000000
1383
1384#define MWL8K_QOS_QLEN_UNSPEC			0xff00
1385#define MWL8K_QOS_ACK_POLICY_MASK		0x0060
1386#define MWL8K_QOS_ACK_POLICY_NORMAL		0x0000
1387#define MWL8K_QOS_ACK_POLICY_BLOCKACK		0x0060
1388#define MWL8K_QOS_EOSP				0x0010
1389
1390struct mwl8k_tx_desc {
1391	__le32 status;
1392	__u8 data_rate;
1393	__u8 tx_priority;
1394	__le16 qos_control;
1395	__le32 pkt_phys_addr;
1396	__le16 pkt_len;
1397	__u8 dest_MAC_addr[ETH_ALEN];
1398	__le32 next_txd_phys_addr;
1399	__le32 timestamp;
1400	__le16 rate_info;
1401	__u8 peer_id;
1402	__u8 tx_frag_cnt;
1403} __packed;
1404
1405#define MWL8K_TX_DESCS		128
1406
1407static int mwl8k_txq_init(struct ieee80211_hw *hw, int index)
1408{
1409	struct mwl8k_priv *priv = hw->priv;
1410	struct mwl8k_tx_queue *txq = priv->txq + index;
1411	int size;
1412	int i;
1413
1414	txq->len = 0;
1415	txq->head = 0;
1416	txq->tail = 0;
1417
1418	size = MWL8K_TX_DESCS * sizeof(struct mwl8k_tx_desc);
1419
1420	txq->txd = pci_alloc_consistent(priv->pdev, size, &txq->txd_dma);
1421	if (txq->txd == NULL) {
1422		wiphy_err(hw->wiphy, "failed to alloc TX descriptors\n");
1423		return -ENOMEM;
1424	}
1425	memset(txq->txd, 0, size);
1426
1427	txq->skb = kcalloc(MWL8K_TX_DESCS, sizeof(*txq->skb), GFP_KERNEL);
1428	if (txq->skb == NULL) {
1429		wiphy_err(hw->wiphy, "failed to alloc TX skbuff list\n");
1430		pci_free_consistent(priv->pdev, size, txq->txd, txq->txd_dma);
1431		return -ENOMEM;
1432	}
1433
1434	for (i = 0; i < MWL8K_TX_DESCS; i++) {
1435		struct mwl8k_tx_desc *tx_desc;
1436		int nexti;
1437
1438		tx_desc = txq->txd + i;
1439		nexti = (i + 1) % MWL8K_TX_DESCS;
1440
1441		tx_desc->status = 0;
1442		tx_desc->next_txd_phys_addr =
1443			cpu_to_le32(txq->txd_dma + nexti * sizeof(*tx_desc));
1444	}
1445
1446	return 0;
1447}
1448
1449static inline void mwl8k_tx_start(struct mwl8k_priv *priv)
1450{
1451	iowrite32(MWL8K_H2A_INT_PPA_READY,
1452		priv->regs + MWL8K_HIU_H2A_INTERRUPT_EVENTS);
1453	iowrite32(MWL8K_H2A_INT_DUMMY,
1454		priv->regs + MWL8K_HIU_H2A_INTERRUPT_EVENTS);
1455	ioread32(priv->regs + MWL8K_HIU_INT_CODE);
1456}
1457
1458static void mwl8k_dump_tx_rings(struct ieee80211_hw *hw)
1459{
1460	struct mwl8k_priv *priv = hw->priv;
1461	int i;
1462
1463	for (i = 0; i < mwl8k_tx_queues(priv); i++) {
1464		struct mwl8k_tx_queue *txq = priv->txq + i;
1465		int fw_owned = 0;
1466		int drv_owned = 0;
1467		int unused = 0;
1468		int desc;
1469
1470		for (desc = 0; desc < MWL8K_TX_DESCS; desc++) {
1471			struct mwl8k_tx_desc *tx_desc = txq->txd + desc;
1472			u32 status;
1473
1474			status = le32_to_cpu(tx_desc->status);
1475			if (status & MWL8K_TXD_STATUS_FW_OWNED)
1476				fw_owned++;
1477			else
1478				drv_owned++;
1479
1480			if (tx_desc->pkt_len == 0)
1481				unused++;
1482		}
1483
1484		wiphy_err(hw->wiphy,
1485			  "txq[%d] len=%d head=%d tail=%d "
1486			  "fw_owned=%d drv_owned=%d unused=%d\n",
1487			  i,
1488			  txq->len, txq->head, txq->tail,
1489			  fw_owned, drv_owned, unused);
1490	}
1491}
1492
1493/*
1494 * Must be called with priv->fw_mutex held and tx queues stopped.
1495 */
1496#define MWL8K_TX_WAIT_TIMEOUT_MS	5000
1497
1498static int mwl8k_tx_wait_empty(struct ieee80211_hw *hw)
1499{
1500	struct mwl8k_priv *priv = hw->priv;
1501	DECLARE_COMPLETION_ONSTACK(tx_wait);
1502	int retry;
1503	int rc;
1504
1505	might_sleep();
1506
1507	/* Since fw restart is in progress, allow only the firmware
1508	 * commands from the restart code and block the other
1509	 * commands since they are going to fail in any case since
1510	 * the firmware has crashed
1511	 */
1512	if (priv->hw_restart_in_progress) {
1513		if (priv->hw_restart_owner == current)
1514			return 0;
1515		else
1516			return -EBUSY;
1517	}
1518
1519	/*
1520	 * The TX queues are stopped at this point, so this test
1521	 * doesn't need to take ->tx_lock.
1522	 */
1523	if (!priv->pending_tx_pkts)
1524		return 0;
1525
1526	retry = 0;
1527	rc = 0;
1528
1529	spin_lock_bh(&priv->tx_lock);
1530	priv->tx_wait = &tx_wait;
1531	while (!rc) {
1532		int oldcount;
1533		unsigned long timeout;
1534
1535		oldcount = priv->pending_tx_pkts;
1536
1537		spin_unlock_bh(&priv->tx_lock);
1538		timeout = wait_for_completion_timeout(&tx_wait,
1539			    msecs_to_jiffies(MWL8K_TX_WAIT_TIMEOUT_MS));
1540		spin_lock_bh(&priv->tx_lock);
1541
1542		if (timeout) {
1543			WARN_ON(priv->pending_tx_pkts);
1544			if (retry)
1545				wiphy_notice(hw->wiphy, "tx rings drained\n");
1546			break;
1547		}
1548
1549		if (priv->pending_tx_pkts < oldcount) {
1550			wiphy_notice(hw->wiphy,
1551				     "waiting for tx rings to drain (%d -> %d pkts)\n",
1552				     oldcount, priv->pending_tx_pkts);
1553			retry = 1;
1554			continue;
1555		}
1556
1557		priv->tx_wait = NULL;
1558
1559		wiphy_err(hw->wiphy, "tx rings stuck for %d ms\n",
1560			  MWL8K_TX_WAIT_TIMEOUT_MS);
1561		mwl8k_dump_tx_rings(hw);
1562		priv->hw_restart_in_progress = true;
1563		ieee80211_queue_work(hw, &priv->fw_reload);
1564
1565		rc = -ETIMEDOUT;
1566	}
1567	spin_unlock_bh(&priv->tx_lock);
1568
1569	return rc;
1570}
1571
1572#define MWL8K_TXD_SUCCESS(status)				\
1573	((status) & (MWL8K_TXD_STATUS_OK |			\
1574		     MWL8K_TXD_STATUS_OK_RETRY |		\
1575		     MWL8K_TXD_STATUS_OK_MORE_RETRY))
1576
1577static int mwl8k_tid_queue_mapping(u8 tid)
1578{
1579	BUG_ON(tid > 7);
1580
1581	switch (tid) {
1582	case 0:
1583	case 3:
1584		return IEEE80211_AC_BE;
1585		break;
1586	case 1:
1587	case 2:
1588		return IEEE80211_AC_BK;
1589		break;
1590	case 4:
1591	case 5:
1592		return IEEE80211_AC_VI;
1593		break;
1594	case 6:
1595	case 7:
1596		return IEEE80211_AC_VO;
1597		break;
1598	default:
1599		return -1;
1600		break;
1601	}
1602}
1603
1604/* The firmware will fill in the rate information
1605 * for each packet that gets queued in the hardware
1606 * and these macros will interpret that info.
1607 */
1608
1609#define RI_FORMAT(a)		  (a & 0x0001)
1610#define RI_RATE_ID_MCS(a)	 ((a & 0x01f8) >> 3)
1611
1612static int
1613mwl8k_txq_reclaim(struct ieee80211_hw *hw, int index, int limit, int force)
1614{
1615	struct mwl8k_priv *priv = hw->priv;
1616	struct mwl8k_tx_queue *txq = priv->txq + index;
1617	int processed;
1618
1619	processed = 0;
1620	while (txq->len > 0 && limit--) {
1621		int tx;
1622		struct mwl8k_tx_desc *tx_desc;
1623		unsigned long addr;
1624		int size;
1625		struct sk_buff *skb;
1626		struct ieee80211_tx_info *info;
1627		u32 status;
1628		struct ieee80211_sta *sta;
1629		struct mwl8k_sta *sta_info = NULL;
1630		u16 rate_info;
1631		struct ieee80211_hdr *wh;
1632
1633		tx = txq->head;
1634		tx_desc = txq->txd + tx;
1635
1636		status = le32_to_cpu(tx_desc->status);
1637
1638		if (status & MWL8K_TXD_STATUS_FW_OWNED) {
1639			if (!force)
1640				break;
1641			tx_desc->status &=
1642				~cpu_to_le32(MWL8K_TXD_STATUS_FW_OWNED);
1643		}
1644
1645		txq->head = (tx + 1) % MWL8K_TX_DESCS;
1646		BUG_ON(txq->len == 0);
1647		txq->len--;
1648		priv->pending_tx_pkts--;
1649
1650		addr = le32_to_cpu(tx_desc->pkt_phys_addr);
1651		size = le16_to_cpu(tx_desc->pkt_len);
1652		skb = txq->skb[tx];
1653		txq->skb[tx] = NULL;
1654
1655		BUG_ON(skb == NULL);
1656		pci_unmap_single(priv->pdev, addr, size, PCI_DMA_TODEVICE);
1657
1658		mwl8k_remove_dma_header(skb, tx_desc->qos_control);
1659
1660		wh = (struct ieee80211_hdr *) skb->data;
1661
1662		/* Mark descriptor as unused */
1663		tx_desc->pkt_phys_addr = 0;
1664		tx_desc->pkt_len = 0;
1665
1666		info = IEEE80211_SKB_CB(skb);
1667		if (ieee80211_is_data(wh->frame_control)) {
1668			rcu_read_lock();
1669			sta = ieee80211_find_sta_by_ifaddr(hw, wh->addr1,
1670							   wh->addr2);
1671			if (sta) {
1672				sta_info = MWL8K_STA(sta);
1673				BUG_ON(sta_info == NULL);
1674				rate_info = le16_to_cpu(tx_desc->rate_info);
1675				/* If rate is < 6.5 Mpbs for an ht station
1676				 * do not form an ampdu. If the station is a
1677				 * legacy station (format = 0), do not form an
1678				 * ampdu
1679				 */
1680				if (RI_RATE_ID_MCS(rate_info) < 1 ||
1681				    RI_FORMAT(rate_info) == 0) {
1682					sta_info->is_ampdu_allowed = false;
1683				} else {
1684					sta_info->is_ampdu_allowed = true;
1685				}
1686			}
1687			rcu_read_unlock();
1688		}
1689
1690		ieee80211_tx_info_clear_status(info);
1691
1692		/* Rate control is happening in the firmware.
1693		 * Ensure no tx rate is being reported.
1694		 */
1695		info->status.rates[0].idx = -1;
1696		info->status.rates[0].count = 1;
1697
1698		if (MWL8K_TXD_SUCCESS(status))
1699			info->flags |= IEEE80211_TX_STAT_ACK;
1700
1701		ieee80211_tx_status_irqsafe(hw, skb);
1702
1703		processed++;
1704	}
1705
1706	return processed;
1707}
1708
1709/* must be called only when the card's transmit is completely halted */
1710static void mwl8k_txq_deinit(struct ieee80211_hw *hw, int index)
1711{
1712	struct mwl8k_priv *priv = hw->priv;
1713	struct mwl8k_tx_queue *txq = priv->txq + index;
1714
1715	if (txq->txd == NULL)
1716		return;
1717
1718	mwl8k_txq_reclaim(hw, index, INT_MAX, 1);
1719
1720	kfree(txq->skb);
1721	txq->skb = NULL;
1722
1723	pci_free_consistent(priv->pdev,
1724			    MWL8K_TX_DESCS * sizeof(struct mwl8k_tx_desc),
1725			    txq->txd, txq->txd_dma);
1726	txq->txd = NULL;
1727}
1728
1729/* caller must hold priv->stream_lock when calling the stream functions */
1730static struct mwl8k_ampdu_stream *
1731mwl8k_add_stream(struct ieee80211_hw *hw, struct ieee80211_sta *sta, u8 tid)
1732{
1733	struct mwl8k_ampdu_stream *stream;
1734	struct mwl8k_priv *priv = hw->priv;
1735	int i;
1736
1737	for (i = 0; i < priv->num_ampdu_queues; i++) {
1738		stream = &priv->ampdu[i];
1739		if (stream->state == AMPDU_NO_STREAM) {
1740			stream->sta = sta;
1741			stream->state = AMPDU_STREAM_NEW;
1742			stream->tid = tid;
1743			stream->idx = i;
1744			stream->txq_idx = MWL8K_TX_WMM_QUEUES + i;
1745			wiphy_debug(hw->wiphy, "Added a new stream for %pM %d",
1746				    sta->addr, tid);
1747			return stream;
1748		}
1749	}
1750	return NULL;
1751}
1752
1753static int
1754mwl8k_start_stream(struct ieee80211_hw *hw, struct mwl8k_ampdu_stream *stream)
1755{
1756	int ret;
1757
1758	/* if the stream has already been started, don't start it again */
1759	if (stream->state != AMPDU_STREAM_NEW)
1760		return 0;
1761	ret = ieee80211_start_tx_ba_session(stream->sta, stream->tid, 0);
1762	if (ret)
1763		wiphy_debug(hw->wiphy, "Failed to start stream for %pM %d: "
1764			    "%d\n", stream->sta->addr, stream->tid, ret);
1765	else
1766		wiphy_debug(hw->wiphy, "Started stream for %pM %d\n",
1767			    stream->sta->addr, stream->tid);
1768	return ret;
1769}
1770
1771static void
1772mwl8k_remove_stream(struct ieee80211_hw *hw, struct mwl8k_ampdu_stream *stream)
1773{
1774	wiphy_debug(hw->wiphy, "Remove stream for %pM %d\n", stream->sta->addr,
1775		    stream->tid);
1776	memset(stream, 0, sizeof(*stream));
1777}
1778
1779static struct mwl8k_ampdu_stream *
1780mwl8k_lookup_stream(struct ieee80211_hw *hw, u8 *addr, u8 tid)
1781{
1782	struct mwl8k_priv *priv = hw->priv;
1783	int i;
1784
1785	for (i = 0 ; i < priv->num_ampdu_queues; i++) {
1786		struct mwl8k_ampdu_stream *stream;
1787		stream = &priv->ampdu[i];
1788		if (stream->state == AMPDU_NO_STREAM)
1789			continue;
1790		if (!memcmp(stream->sta->addr, addr, ETH_ALEN) &&
1791		    stream->tid == tid)
1792			return stream;
1793	}
1794	return NULL;
1795}
1796
1797#define MWL8K_AMPDU_PACKET_THRESHOLD 64
1798static inline bool mwl8k_ampdu_allowed(struct ieee80211_sta *sta, u8 tid)
1799{
1800	struct mwl8k_sta *sta_info = MWL8K_STA(sta);
1801	struct tx_traffic_info *tx_stats;
1802
1803	BUG_ON(tid >= MWL8K_MAX_TID);
1804	tx_stats = &sta_info->tx_stats[tid];
1805
1806	return sta_info->is_ampdu_allowed &&
1807		tx_stats->pkts > MWL8K_AMPDU_PACKET_THRESHOLD;
1808}
1809
1810static inline void mwl8k_tx_count_packet(struct ieee80211_sta *sta, u8 tid)
1811{
1812	struct mwl8k_sta *sta_info = MWL8K_STA(sta);
1813	struct tx_traffic_info *tx_stats;
1814
1815	BUG_ON(tid >= MWL8K_MAX_TID);
1816	tx_stats = &sta_info->tx_stats[tid];
1817
1818	if (tx_stats->start_time == 0)
1819		tx_stats->start_time = jiffies;
1820
1821	/* reset the packet count after each second elapses.  If the number of
1822	 * packets ever exceeds the ampdu_min_traffic threshold, we will allow
1823	 * an ampdu stream to be started.
1824	 */
1825	if (jiffies - tx_stats->start_time > HZ) {
1826		tx_stats->pkts = 0;
1827		tx_stats->start_time = 0;
1828	} else
1829		tx_stats->pkts++;
1830}
1831
1832static void
1833mwl8k_txq_xmit(struct ieee80211_hw *hw, int index, struct sk_buff *skb)
1834{
1835	struct mwl8k_priv *priv = hw->priv;
1836	struct ieee80211_tx_info *tx_info;
1837	struct mwl8k_vif *mwl8k_vif;
1838	struct ieee80211_sta *sta;
1839	struct ieee80211_hdr *wh;
1840	struct mwl8k_tx_queue *txq;
1841	struct mwl8k_tx_desc *tx;
1842	dma_addr_t dma;
1843	u32 txstatus;
1844	u8 txdatarate;
1845	u16 qos;
1846	int txpriority;
1847	u8 tid = 0;
1848	struct mwl8k_ampdu_stream *stream = NULL;
1849	bool start_ba_session = false;
1850	bool mgmtframe = false;
1851	struct ieee80211_mgmt *mgmt = (struct ieee80211_mgmt *)skb->data;
1852
1853	wh = (struct ieee80211_hdr *)skb->data;
1854	if (ieee80211_is_data_qos(wh->frame_control))
1855		qos = le16_to_cpu(*((__le16 *)ieee80211_get_qos_ctl(wh)));
1856	else
1857		qos = 0;
1858
1859	if (ieee80211_is_mgmt(wh->frame_control))
1860		mgmtframe = true;
1861
1862	if (priv->ap_fw)
1863		mwl8k_encapsulate_tx_frame(priv, skb);
1864	else
1865		mwl8k_add_dma_header(priv, skb, 0, 0);
1866
1867	wh = &((struct mwl8k_dma_data *)skb->data)->wh;
1868
1869	tx_info = IEEE80211_SKB_CB(skb);
1870	sta = tx_info->control.sta;
1871	mwl8k_vif = MWL8K_VIF(tx_info->control.vif);
1872
1873	if (tx_info->flags & IEEE80211_TX_CTL_ASSIGN_SEQ) {
1874		wh->seq_ctrl &= cpu_to_le16(IEEE80211_SCTL_FRAG);
1875		wh->seq_ctrl |= cpu_to_le16(mwl8k_vif->seqno);
1876		mwl8k_vif->seqno += 0x10;
1877	}
1878
1879	/* Setup firmware control bit fields for each frame type.  */
1880	txstatus = 0;
1881	txdatarate = 0;
1882	if (ieee80211_is_mgmt(wh->frame_control) ||
1883	    ieee80211_is_ctl(wh->frame_control)) {
1884		txdatarate = 0;
1885		qos |= MWL8K_QOS_QLEN_UNSPEC | MWL8K_QOS_EOSP;
1886	} else if (ieee80211_is_data(wh->frame_control)) {
1887		txdatarate = 1;
1888		if (is_multicast_ether_addr(wh->addr1))
1889			txstatus |= MWL8K_TXD_STATUS_MULTICAST_TX;
1890
1891		qos &= ~MWL8K_QOS_ACK_POLICY_MASK;
1892		if (tx_info->flags & IEEE80211_TX_CTL_AMPDU)
1893			qos |= MWL8K_QOS_ACK_POLICY_BLOCKACK;
1894		else
1895			qos |= MWL8K_QOS_ACK_POLICY_NORMAL;
1896	}
1897
1898	/* Queue ADDBA request in the respective data queue.  While setting up
1899	 * the ampdu stream, mac80211 queues further packets for that
1900	 * particular ra/tid pair.  However, packets piled up in the hardware
1901	 * for that ra/tid pair will still go out. ADDBA request and the
1902	 * related data packets going out from different queues asynchronously
1903	 * will cause a shift in the receiver window which might result in
1904	 * ampdu packets getting dropped at the receiver after the stream has
1905	 * been setup.
1906	 */
1907	if (unlikely(ieee80211_is_action(wh->frame_control) &&
1908	    mgmt->u.action.category == WLAN_CATEGORY_BACK &&
1909	    mgmt->u.action.u.addba_req.action_code == WLAN_ACTION_ADDBA_REQ &&
1910	    priv->ap_fw)) {
1911		u16 capab = le16_to_cpu(mgmt->u.action.u.addba_req.capab);
1912		tid = (capab & IEEE80211_ADDBA_PARAM_TID_MASK) >> 2;
1913		index = mwl8k_tid_queue_mapping(tid);
1914	}
1915
1916	txpriority = index;
1917
1918	if (priv->ap_fw && sta && sta->ht_cap.ht_supported
1919			&& skb->protocol != cpu_to_be16(ETH_P_PAE)
1920			&& ieee80211_is_data_qos(wh->frame_control)) {
1921		tid = qos & 0xf;
1922		mwl8k_tx_count_packet(sta, tid);
1923		spin_lock(&priv->stream_lock);
1924		stream = mwl8k_lookup_stream(hw, sta->addr, tid);
1925		if (stream != NULL) {
1926			if (stream->state == AMPDU_STREAM_ACTIVE) {
1927				txpriority = stream->txq_idx;
1928				index = stream->txq_idx;
1929			} else if (stream->state == AMPDU_STREAM_NEW) {
1930				/* We get here if the driver sends us packets
1931				 * after we've initiated a stream, but before
1932				 * our ampdu_action routine has been called
1933				 * with IEEE80211_AMPDU_TX_START to get the SSN
1934				 * for the ADDBA request.  So this packet can
1935				 * go out with no risk of sequence number
1936				 * mismatch.  No special handling is required.
1937				 */
1938			} else {
1939				/* Drop packets that would go out after the
1940				 * ADDBA request was sent but before the ADDBA
1941				 * response is received.  If we don't do this,
1942				 * the recipient would probably receive it
1943				 * after the ADDBA request with SSN 0.  This
1944				 * will cause the recipient's BA receive window
1945				 * to shift, which would cause the subsequent
1946				 * packets in the BA stream to be discarded.
1947				 * mac80211 queues our packets for us in this
1948				 * case, so this is really just a safety check.
1949				 */
1950				wiphy_warn(hw->wiphy,
1951					   "Cannot send packet while ADDBA "
1952					   "dialog is underway.\n");
1953				spin_unlock(&priv->stream_lock);
1954				dev_kfree_skb(skb);
1955				return;
1956			}
1957		} else {
1958			/* Defer calling mwl8k_start_stream so that the current
1959			 * skb can go out before the ADDBA request.  This
1960			 * prevents sequence number mismatch at the recepient
1961			 * as described above.
1962			 */
1963			if (mwl8k_ampdu_allowed(sta, tid)) {
1964				stream = mwl8k_add_stream(hw, sta, tid);
1965				if (stream != NULL)
1966					start_ba_session = true;
1967			}
1968		}
1969		spin_unlock(&priv->stream_lock);
1970	}
1971
1972	dma = pci_map_single(priv->pdev, skb->data,
1973				skb->len, PCI_DMA_TODEVICE);
1974
1975	if (pci_dma_mapping_error(priv->pdev, dma)) {
1976		wiphy_debug(hw->wiphy,
1977			    "failed to dma map skb, dropping TX frame.\n");
1978		if (start_ba_session) {
1979			spin_lock(&priv->stream_lock);
1980			mwl8k_remove_stream(hw, stream);
1981			spin_unlock(&priv->stream_lock);
1982		}
1983		dev_kfree_skb(skb);
1984		return;
1985	}
1986
1987	spin_lock_bh(&priv->tx_lock);
1988
1989	txq = priv->txq + index;
1990
1991	/* Mgmt frames that go out frequently are probe
1992	 * responses. Other mgmt frames got out relatively
1993	 * infrequently. Hence reserve 2 buffers so that
1994	 * other mgmt frames do not get dropped due to an
1995	 * already queued probe response in one of the
1996	 * reserved buffers.
1997	 */
1998
1999	if (txq->len >= MWL8K_TX_DESCS - 2) {
2000		if (!mgmtframe || txq->len == MWL8K_TX_DESCS) {
2001			if (start_ba_session) {
2002				spin_lock(&priv->stream_lock);
2003				mwl8k_remove_stream(hw, stream);
2004				spin_unlock(&priv->stream_lock);
2005			}
2006			spin_unlock_bh(&priv->tx_lock);
2007			dev_kfree_skb(skb);
2008			return;
2009		}
2010	}
2011
2012	BUG_ON(txq->skb[txq->tail] != NULL);
2013	txq->skb[txq->tail] = skb;
2014
2015	tx = txq->txd + txq->tail;
2016	tx->data_rate = txdatarate;
2017	tx->tx_priority = txpriority;
2018	tx->qos_control = cpu_to_le16(qos);
2019	tx->pkt_phys_addr = cpu_to_le32(dma);
2020	tx->pkt_len = cpu_to_le16(skb->len);
2021	tx->rate_info = 0;
2022	if (!priv->ap_fw && tx_info->control.sta != NULL)
2023		tx->peer_id = MWL8K_STA(tx_info->control.sta)->peer_id;
2024	else
2025		tx->peer_id = 0;
2026
2027	if (priv->ap_fw)
2028		tx->timestamp = cpu_to_le32(ioread32(priv->regs +
2029						MWL8K_HW_TIMER_REGISTER));
2030
2031	wmb();
2032	tx->status = cpu_to_le32(MWL8K_TXD_STATUS_FW_OWNED | txstatus);
2033
2034	txq->len++;
2035	priv->pending_tx_pkts++;
2036
2037	txq->tail++;
2038	if (txq->tail == MWL8K_TX_DESCS)
2039		txq->tail = 0;
2040
2041	mwl8k_tx_start(priv);
2042
2043	spin_unlock_bh(&priv->tx_lock);
2044
2045	/* Initiate the ampdu session here */
2046	if (start_ba_session) {
2047		spin_lock(&priv->stream_lock);
2048		if (mwl8k_start_stream(hw, stream))
2049			mwl8k_remove_stream(hw, stream);
2050		spin_unlock(&priv->stream_lock);
2051	}
2052}
2053
2054
2055/*
2056 * Firmware access.
2057 *
2058 * We have the following requirements for issuing firmware commands:
2059 * - Some commands require that the packet transmit path is idle when
2060 *   the command is issued.  (For simplicity, we'll just quiesce the
2061 *   transmit path for every command.)
2062 * - There are certain sequences of commands that need to be issued to
2063 *   the hardware sequentially, with no other intervening commands.
2064 *
2065 * This leads to an implementation of a "firmware lock" as a mutex that
2066 * can be taken recursively, and which is taken by both the low-level
2067 * command submission function (mwl8k_post_cmd) as well as any users of
2068 * that function that require issuing of an atomic sequence of commands,
2069 * and quiesces the transmit path whenever it's taken.
2070 */
2071static int mwl8k_fw_lock(struct ieee80211_hw *hw)
2072{
2073	struct mwl8k_priv *priv = hw->priv;
2074
2075	if (priv->fw_mutex_owner != current) {
2076		int rc;
2077
2078		mutex_lock(&priv->fw_mutex);
2079		ieee80211_stop_queues(hw);
2080
2081		rc = mwl8k_tx_wait_empty(hw);
2082		if (rc) {
2083			if (!priv->hw_restart_in_progress)
2084				ieee80211_wake_queues(hw);
2085
2086			mutex_unlock(&priv->fw_mutex);
2087
2088			return rc;
2089		}
2090
2091		priv->fw_mutex_owner = current;
2092	}
2093
2094	priv->fw_mutex_depth++;
2095
2096	return 0;
2097}
2098
2099static void mwl8k_fw_unlock(struct ieee80211_hw *hw)
2100{
2101	struct mwl8k_priv *priv = hw->priv;
2102
2103	if (!--priv->fw_mutex_depth) {
2104		if (!priv->hw_restart_in_progress)
2105			ieee80211_wake_queues(hw);
2106
2107		priv->fw_mutex_owner = NULL;
2108		mutex_unlock(&priv->fw_mutex);
2109	}
2110}
2111
2112
2113/*
2114 * Command processing.
2115 */
2116
2117/* Timeout firmware commands after 10s */
2118#define MWL8K_CMD_TIMEOUT_MS	10000
2119
2120static int mwl8k_post_cmd(struct ieee80211_hw *hw, struct mwl8k_cmd_pkt *cmd)
2121{
2122	DECLARE_COMPLETION_ONSTACK(cmd_wait);
2123	struct mwl8k_priv *priv = hw->priv;
2124	void __iomem *regs = priv->regs;
2125	dma_addr_t dma_addr;
2126	unsigned int dma_size;
2127	int rc;
2128	unsigned long timeout = 0;
2129	u8 buf[32];
2130
2131	cmd->result = (__force __le16) 0xffff;
2132	dma_size = le16_to_cpu(cmd->length);
2133	dma_addr = pci_map_single(priv->pdev, cmd, dma_size,
2134				  PCI_DMA_BIDIRECTIONAL);
2135	if (pci_dma_mapping_error(priv->pdev, dma_addr))
2136		return -ENOMEM;
2137
2138	rc = mwl8k_fw_lock(hw);
2139	if (rc) {
2140		pci_unmap_single(priv->pdev, dma_addr, dma_size,
2141						PCI_DMA_BIDIRECTIONAL);
2142		return rc;
2143	}
2144
2145	priv->hostcmd_wait = &cmd_wait;
2146	iowrite32(dma_addr, regs + MWL8K_HIU_GEN_PTR);
2147	iowrite32(MWL8K_H2A_INT_DOORBELL,
2148		regs + MWL8K_HIU_H2A_INTERRUPT_EVENTS);
2149	iowrite32(MWL8K_H2A_INT_DUMMY,
2150		regs + MWL8K_HIU_H2A_INTERRUPT_EVENTS);
2151
2152	timeout = wait_for_completion_timeout(&cmd_wait,
2153				msecs_to_jiffies(MWL8K_CMD_TIMEOUT_MS));
2154
2155	priv->hostcmd_wait = NULL;
2156
2157	mwl8k_fw_unlock(hw);
2158
2159	pci_unmap_single(priv->pdev, dma_addr, dma_size,
2160					PCI_DMA_BIDIRECTIONAL);
2161
2162	if (!timeout) {
2163		wiphy_err(hw->wiphy, "Command %s timeout after %u ms\n",
2164			  mwl8k_cmd_name(cmd->code, buf, sizeof(buf)),
2165			  MWL8K_CMD_TIMEOUT_MS);
2166		rc = -ETIMEDOUT;
2167	} else {
2168		int ms;
2169
2170		ms = MWL8K_CMD_TIMEOUT_MS - jiffies_to_msecs(timeout);
2171
2172		rc = cmd->result ? -EINVAL : 0;
2173		if (rc)
2174			wiphy_err(hw->wiphy, "Command %s error 0x%x\n",
2175				  mwl8k_cmd_name(cmd->code, buf, sizeof(buf)),
2176				  le16_to_cpu(cmd->result));
2177		else if (ms > 2000)
2178			wiphy_notice(hw->wiphy, "Command %s took %d ms\n",
2179				     mwl8k_cmd_name(cmd->code,
2180						    buf, sizeof(buf)),
2181				     ms);
2182	}
2183
2184	return rc;
2185}
2186
2187static int mwl8k_post_pervif_cmd(struct ieee80211_hw *hw,
2188				 struct ieee80211_vif *vif,
2189				 struct mwl8k_cmd_pkt *cmd)
2190{
2191	if (vif != NULL)
2192		cmd->macid = MWL8K_VIF(vif)->macid;
2193	return mwl8k_post_cmd(hw, cmd);
2194}
2195
2196/*
2197 * Setup code shared between STA and AP firmware images.
2198 */
2199static void mwl8k_setup_2ghz_band(struct ieee80211_hw *hw)
2200{
2201	struct mwl8k_priv *priv = hw->priv;
2202
2203	BUILD_BUG_ON(sizeof(priv->channels_24) != sizeof(mwl8k_channels_24));
2204	memcpy(priv->channels_24, mwl8k_channels_24, sizeof(mwl8k_channels_24));
2205
2206	BUILD_BUG_ON(sizeof(priv->rates_24) != sizeof(mwl8k_rates_24));
2207	memcpy(priv->rates_24, mwl8k_rates_24, sizeof(mwl8k_rates_24));
2208
2209	priv->band_24.band = IEEE80211_BAND_2GHZ;
2210	priv->band_24.channels = priv->channels_24;
2211	priv->band_24.n_channels = ARRAY_SIZE(mwl8k_channels_24);
2212	priv->band_24.bitrates = priv->rates_24;
2213	priv->band_24.n_bitrates = ARRAY_SIZE(mwl8k_rates_24);
2214
2215	hw->wiphy->bands[IEEE80211_BAND_2GHZ] = &priv->band_24;
2216}
2217
2218static void mwl8k_setup_5ghz_band(struct ieee80211_hw *hw)
2219{
2220	struct mwl8k_priv *priv = hw->priv;
2221
2222	BUILD_BUG_ON(sizeof(priv->channels_50) != sizeof(mwl8k_channels_50));
2223	memcpy(priv->channels_50, mwl8k_channels_50, sizeof(mwl8k_channels_50));
2224
2225	BUILD_BUG_ON(sizeof(priv->rates_50) != sizeof(mwl8k_rates_50));
2226	memcpy(priv->rates_50, mwl8k_rates_50, sizeof(mwl8k_rates_50));
2227
2228	priv->band_50.band = IEEE80211_BAND_5GHZ;
2229	priv->band_50.channels = priv->channels_50;
2230	priv->band_50.n_channels = ARRAY_SIZE(mwl8k_channels_50);
2231	priv->band_50.bitrates = priv->rates_50;
2232	priv->band_50.n_bitrates = ARRAY_SIZE(mwl8k_rates_50);
2233
2234	hw->wiphy->bands[IEEE80211_BAND_5GHZ] = &priv->band_50;
2235}
2236
2237/*
2238 * CMD_GET_HW_SPEC (STA version).
2239 */
2240struct mwl8k_cmd_get_hw_spec_sta {
2241	struct mwl8k_cmd_pkt header;
2242	__u8 hw_rev;
2243	__u8 host_interface;
2244	__le16 num_mcaddrs;
2245	__u8 perm_addr[ETH_ALEN];
2246	__le16 region_code;
2247	__le32 fw_rev;
2248	__le32 ps_cookie;
2249	__le32 caps;
2250	__u8 mcs_bitmap[16];
2251	__le32 rx_queue_ptr;
2252	__le32 num_tx_queues;
2253	__le32 tx_queue_ptrs[MWL8K_TX_WMM_QUEUES];
2254	__le32 caps2;
2255	__le32 num_tx_desc_per_queue;
2256	__le32 total_rxd;
2257} __packed;
2258
2259#define MWL8K_CAP_MAX_AMSDU		0x20000000
2260#define MWL8K_CAP_GREENFIELD		0x08000000
2261#define MWL8K_CAP_AMPDU			0x04000000
2262#define MWL8K_CAP_RX_STBC		0x01000000
2263#define MWL8K_CAP_TX_STBC		0x00800000
2264#define MWL8K_CAP_SHORTGI_40MHZ		0x00400000
2265#define MWL8K_CAP_SHORTGI_20MHZ		0x00200000
2266#define MWL8K_CAP_RX_ANTENNA_MASK	0x000e0000
2267#define MWL8K_CAP_TX_ANTENNA_MASK	0x0001c000
2268#define MWL8K_CAP_DELAY_BA		0x00003000
2269#define MWL8K_CAP_MIMO			0x00000200
2270#define MWL8K_CAP_40MHZ			0x00000100
2271#define MWL8K_CAP_BAND_MASK		0x00000007
2272#define MWL8K_CAP_5GHZ			0x00000004
2273#define MWL8K_CAP_2GHZ4			0x00000001
2274
2275static void
2276mwl8k_set_ht_caps(struct ieee80211_hw *hw,
2277		  struct ieee80211_supported_band *band, u32 cap)
2278{
2279	int rx_streams;
2280	int tx_streams;
2281
2282	band->ht_cap.ht_supported = 1;
2283
2284	if (cap & MWL8K_CAP_MAX_AMSDU)
2285		band->ht_cap.cap |= IEEE80211_HT_CAP_MAX_AMSDU;
2286	if (cap & MWL8K_CAP_GREENFIELD)
2287		band->ht_cap.cap |= IEEE80211_HT_CAP_GRN_FLD;
2288	if (cap & MWL8K_CAP_AMPDU) {
2289		hw->flags |= IEEE80211_HW_AMPDU_AGGREGATION;
2290		band->ht_cap.ampdu_factor = IEEE80211_HT_MAX_AMPDU_64K;
2291		band->ht_cap.ampdu_density = IEEE80211_HT_MPDU_DENSITY_NONE;
2292	}
2293	if (cap & MWL8K_CAP_RX_STBC)
2294		band->ht_cap.cap |= IEEE80211_HT_CAP_RX_STBC;
2295	if (cap & MWL8K_CAP_TX_STBC)
2296		band->ht_cap.cap |= IEEE80211_HT_CAP_TX_STBC;
2297	if (cap & MWL8K_CAP_SHORTGI_40MHZ)
2298		band->ht_cap.cap |= IEEE80211_HT_CAP_SGI_40;
2299	if (cap & MWL8K_CAP_SHORTGI_20MHZ)
2300		band->ht_cap.cap |= IEEE80211_HT_CAP_SGI_20;
2301	if (cap & MWL8K_CAP_DELAY_BA)
2302		band->ht_cap.cap |= IEEE80211_HT_CAP_DELAY_BA;
2303	if (cap & MWL8K_CAP_40MHZ)
2304		band->ht_cap.cap |= IEEE80211_HT_CAP_SUP_WIDTH_20_40;
2305
2306	rx_streams = hweight32(cap & MWL8K_CAP_RX_ANTENNA_MASK);
2307	tx_streams = hweight32(cap & MWL8K_CAP_TX_ANTENNA_MASK);
2308
2309	band->ht_cap.mcs.rx_mask[0] = 0xff;
2310	if (rx_streams >= 2)
2311		band->ht_cap.mcs.rx_mask[1] = 0xff;
2312	if (rx_streams >= 3)
2313		band->ht_cap.mcs.rx_mask[2] = 0xff;
2314	band->ht_cap.mcs.rx_mask[4] = 0x01;
2315	band->ht_cap.mcs.tx_params = IEEE80211_HT_MCS_TX_DEFINED;
2316
2317	if (rx_streams != tx_streams) {
2318		band->ht_cap.mcs.tx_params |= IEEE80211_HT_MCS_TX_RX_DIFF;
2319		band->ht_cap.mcs.tx_params |= (tx_streams - 1) <<
2320				IEEE80211_HT_MCS_TX_MAX_STREAMS_SHIFT;
2321	}
2322}
2323
2324static void
2325mwl8k_set_caps(struct ieee80211_hw *hw, u32 caps)
2326{
2327	struct mwl8k_priv *priv = hw->priv;
2328
2329	if ((caps & MWL8K_CAP_2GHZ4) || !(caps & MWL8K_CAP_BAND_MASK)) {
2330		mwl8k_setup_2ghz_band(hw);
2331		if (caps & MWL8K_CAP_MIMO)
2332			mwl8k_set_ht_caps(hw, &priv->band_24, caps);
2333	}
2334
2335	if (caps & MWL8K_CAP_5GHZ) {
2336		mwl8k_setup_5ghz_band(hw);
2337		if (caps & MWL8K_CAP_MIMO)
2338			mwl8k_set_ht_caps(hw, &priv->band_50, caps);
2339	}
2340}
2341
2342static int mwl8k_cmd_get_hw_spec_sta(struct ieee80211_hw *hw)
2343{
2344	struct mwl8k_priv *priv = hw->priv;
2345	struct mwl8k_cmd_get_hw_spec_sta *cmd;
2346	int rc;
2347	int i;
2348
2349	cmd = kzalloc(sizeof(*cmd), GFP_KERNEL);
2350	if (cmd == NULL)
2351		return -ENOMEM;
2352
2353	cmd->header.code = cpu_to_le16(MWL8K_CMD_GET_HW_SPEC);
2354	cmd->header.length = cpu_to_le16(sizeof(*cmd));
2355
2356	memset(cmd->perm_addr, 0xff, sizeof(cmd->perm_addr));
2357	cmd->ps_cookie = cpu_to_le32(priv->cookie_dma);
2358	cmd->rx_queue_ptr = cpu_to_le32(priv->rxq[0].rxd_dma);
2359	cmd->num_tx_queues = cpu_to_le32(mwl8k_tx_queues(priv));
2360	for (i = 0; i < mwl8k_tx_queues(priv); i++)
2361		cmd->tx_queue_ptrs[i] = cpu_to_le32(priv->txq[i].txd_dma);
2362	cmd->num_tx_desc_per_queue = cpu_to_le32(MWL8K_TX_DESCS);
2363	cmd->total_rxd = cpu_to_le32(MWL8K_RX_DESCS);
2364
2365	rc = mwl8k_post_cmd(hw, &cmd->header);
2366
2367	if (!rc) {
2368		SET_IEEE80211_PERM_ADDR(hw, cmd->perm_addr);
2369		priv->num_mcaddrs = le16_to_cpu(cmd->num_mcaddrs);
2370		priv->fw_rev = le32_to_cpu(cmd->fw_rev);
2371		priv->hw_rev = cmd->hw_rev;
2372		mwl8k_set_caps(hw, le32_to_cpu(cmd->caps));
2373		priv->ap_macids_supported = 0x00000000;
2374		priv->sta_macids_supported = 0x00000001;
2375	}
2376
2377	kfree(cmd);
2378	return rc;
2379}
2380
2381/*
2382 * CMD_GET_HW_SPEC (AP version).
2383 */
2384struct mwl8k_cmd_get_hw_spec_ap {
2385	struct mwl8k_cmd_pkt header;
2386	__u8 hw_rev;
2387	__u8 host_interface;
2388	__le16 num_wcb;
2389	__le16 num_mcaddrs;
2390	__u8 perm_addr[ETH_ALEN];
2391	__le16 region_code;
2392	__le16 num_antenna;
2393	__le32 fw_rev;
2394	__le32 wcbbase0;
2395	__le32 rxwrptr;
2396	__le32 rxrdptr;
2397	__le32 ps_cookie;
2398	__le32 wcbbase1;
2399	__le32 wcbbase2;
2400	__le32 wcbbase3;
2401	__le32 fw_api_version;
2402	__le32 caps;
2403	__le32 num_of_ampdu_queues;
2404	__le32 wcbbase_ampdu[MWL8K_MAX_AMPDU_QUEUES];
2405} __packed;
2406
2407static int mwl8k_cmd_get_hw_spec_ap(struct ieee80211_hw *hw)
2408{
2409	struct mwl8k_priv *priv = hw->priv;
2410	struct mwl8k_cmd_get_hw_spec_ap *cmd;
2411	int rc, i;
2412	u32 api_version;
2413
2414	cmd = kzalloc(sizeof(*cmd), GFP_KERNEL);
2415	if (cmd == NULL)
2416		return -ENOMEM;
2417
2418	cmd->header.code = cpu_to_le16(MWL8K_CMD_GET_HW_SPEC);
2419	cmd->header.length = cpu_to_le16(sizeof(*cmd));
2420
2421	memset(cmd->perm_addr, 0xff, sizeof(cmd->perm_addr));
2422	cmd->ps_cookie = cpu_to_le32(priv->cookie_dma);
2423
2424	rc = mwl8k_post_cmd(hw, &cmd->header);
2425
2426	if (!rc) {
2427		int off;
2428
2429		api_version = le32_to_cpu(cmd->fw_api_version);
2430		if (priv->device_info->fw_api_ap != api_version) {
2431			printk(KERN_ERR "%s: Unsupported fw API version for %s."
2432			       "  Expected %d got %d.\n", MWL8K_NAME,
2433			       priv->device_info->part_name,
2434			       priv->device_info->fw_api_ap,
2435			       api_version);
2436			rc = -EINVAL;
2437			goto done;
2438		}
2439		SET_IEEE80211_PERM_ADDR(hw, cmd->perm_addr);
2440		priv->num_mcaddrs = le16_to_cpu(cmd->num_mcaddrs);
2441		priv->fw_rev = le32_to_cpu(cmd->fw_rev);
2442		priv->hw_rev = cmd->hw_rev;
2443		mwl8k_set_caps(hw, le32_to_cpu(cmd->caps));
2444		priv->ap_macids_supported = 0x000000ff;
2445		priv->sta_macids_supported = 0x00000000;
2446		priv->num_ampdu_queues = le32_to_cpu(cmd->num_of_ampdu_queues);
2447		if (priv->num_ampdu_queues > MWL8K_MAX_AMPDU_QUEUES) {
2448			wiphy_warn(hw->wiphy, "fw reported %d ampdu queues"
2449				   " but we only support %d.\n",
2450				   priv->num_ampdu_queues,
2451				   MWL8K_MAX_AMPDU_QUEUES);
2452			priv->num_ampdu_queues = MWL8K_MAX_AMPDU_QUEUES;
2453		}
2454		off = le32_to_cpu(cmd->rxwrptr) & 0xffff;
2455		iowrite32(priv->rxq[0].rxd_dma, priv->sram + off);
2456
2457		off = le32_to_cpu(cmd->rxrdptr) & 0xffff;
2458		iowrite32(priv->rxq[0].rxd_dma, priv->sram + off);
2459
2460		priv->txq_offset[0] = le32_to_cpu(cmd->wcbbase0) & 0xffff;
2461		priv->txq_offset[1] = le32_to_cpu(cmd->wcbbase1) & 0xffff;
2462		priv->txq_offset[2] = le32_to_cpu(cmd->wcbbase2) & 0xffff;
2463		priv->txq_offset[3] = le32_to_cpu(cmd->wcbbase3) & 0xffff;
2464
2465		for (i = 0; i < priv->num_ampdu_queues; i++)
2466			priv->txq_offset[i + MWL8K_TX_WMM_QUEUES] =
2467				le32_to_cpu(cmd->wcbbase_ampdu[i]) & 0xffff;
2468	}
2469
2470done:
2471	kfree(cmd);
2472	return rc;
2473}
2474
2475/*
2476 * CMD_SET_HW_SPEC.
2477 */
2478struct mwl8k_cmd_set_hw_spec {
2479	struct mwl8k_cmd_pkt header;
2480	__u8 hw_rev;
2481	__u8 host_interface;
2482	__le16 num_mcaddrs;
2483	__u8 perm_addr[ETH_ALEN];
2484	__le16 region_code;
2485	__le32 fw_rev;
2486	__le32 ps_cookie;
2487	__le32 caps;
2488	__le32 rx_queue_ptr;
2489	__le32 num_tx_queues;
2490	__le32 tx_queue_ptrs[MWL8K_MAX_TX_QUEUES];
2491	__le32 flags;
2492	__le32 num_tx_desc_per_queue;
2493	__le32 total_rxd;
2494} __packed;
2495
2496/* If enabled, MWL8K_SET_HW_SPEC_FLAG_ENABLE_LIFE_TIME_EXPIRY will cause
2497 * packets to expire 500 ms after the timestamp in the tx descriptor.  That is,
2498 * the packets that are queued for more than 500ms, will be dropped in the
2499 * hardware. This helps minimizing the issues caused due to head-of-line
2500 * blocking where a slow client can hog the bandwidth and affect traffic to a
2501 * faster client.
2502 */
2503#define MWL8K_SET_HW_SPEC_FLAG_ENABLE_LIFE_TIME_EXPIRY	0x00000400
2504#define MWL8K_SET_HW_SPEC_FLAG_GENERATE_CCMP_HDR	0x00000200
2505#define MWL8K_SET_HW_SPEC_FLAG_HOST_DECR_MGMT		0x00000080
2506#define MWL8K_SET_HW_SPEC_FLAG_HOSTFORM_PROBERESP	0x00000020
2507#define MWL8K_SET_HW_SPEC_FLAG_HOSTFORM_BEACON		0x00000010
2508
2509static int mwl8k_cmd_set_hw_spec(struct ieee80211_hw *hw)
2510{
2511	struct mwl8k_priv *priv = hw->priv;
2512	struct mwl8k_cmd_set_hw_spec *cmd;
2513	int rc;
2514	int i;
2515
2516	cmd = kzalloc(sizeof(*cmd), GFP_KERNEL);
2517	if (cmd == NULL)
2518		return -ENOMEM;
2519
2520	cmd->header.code = cpu_to_le16(MWL8K_CMD_SET_HW_SPEC);
2521	cmd->header.length = cpu_to_le16(sizeof(*cmd));
2522
2523	cmd->ps_cookie = cpu_to_le32(priv->cookie_dma);
2524	cmd->rx_queue_ptr = cpu_to_le32(priv->rxq[0].rxd_dma);
2525	cmd->num_tx_queues = cpu_to_le32(mwl8k_tx_queues(priv));
2526
2527	/*
2528	 * Mac80211 stack has Q0 as highest priority and Q3 as lowest in
2529	 * that order. Firmware has Q3 as highest priority and Q0 as lowest
2530	 * in that order. Map Q3 of mac80211 to Q0 of firmware so that the
2531	 * priority is interpreted the right way in firmware.
2532	 */
2533	for (i = 0; i < mwl8k_tx_queues(priv); i++) {
2534		int j = mwl8k_tx_queues(priv) - 1 - i;
2535		cmd->tx_queue_ptrs[i] = cpu_to_le32(priv->txq[j].txd_dma);
2536	}
2537
2538	cmd->flags = cpu_to_le32(MWL8K_SET_HW_SPEC_FLAG_HOST_DECR_MGMT |
2539				 MWL8K_SET_HW_SPEC_FLAG_HOSTFORM_PROBERESP |
2540				 MWL8K_SET_HW_SPEC_FLAG_HOSTFORM_BEACON |
2541				 MWL8K_SET_HW_SPEC_FLAG_ENABLE_LIFE_TIME_EXPIRY |
2542				 MWL8K_SET_HW_SPEC_FLAG_GENERATE_CCMP_HDR);
2543	cmd->num_tx_desc_per_queue = cpu_to_le32(MWL8K_TX_DESCS);
2544	cmd->total_rxd = cpu_to_le32(MWL8K_RX_DESCS);
2545
2546	rc = mwl8k_post_cmd(hw, &cmd->header);
2547	kfree(cmd);
2548
2549	return rc;
2550}
2551
2552/*
2553 * CMD_MAC_MULTICAST_ADR.
2554 */
2555struct mwl8k_cmd_mac_multicast_adr {
2556	struct mwl8k_cmd_pkt header;
2557	__le16 action;
2558	__le16 numaddr;
2559	__u8 addr[0][ETH_ALEN];
2560};
2561
2562#define MWL8K_ENABLE_RX_DIRECTED	0x0001
2563#define MWL8K_ENABLE_RX_MULTICAST	0x0002
2564#define MWL8K_ENABLE_RX_ALL_MULTICAST	0x0004
2565#define MWL8K_ENABLE_RX_BROADCAST	0x0008
2566
2567static struct mwl8k_cmd_pkt *
2568__mwl8k_cmd_mac_multicast_adr(struct ieee80211_hw *hw, int allmulti,
2569			      struct netdev_hw_addr_list *mc_list)
2570{
2571	struct mwl8k_priv *priv = hw->priv;
2572	struct mwl8k_cmd_mac_multicast_adr *cmd;
2573	int size;
2574	int mc_count = 0;
2575
2576	if (mc_list)
2577		mc_count = netdev_hw_addr_list_count(mc_list);
2578
2579	if (allmulti || mc_count > priv->num_mcaddrs) {
2580		allmulti = 1;
2581		mc_count = 0;
2582	}
2583
2584	size = sizeof(*cmd) + mc_count * ETH_ALEN;
2585
2586	cmd = kzalloc(size, GFP_ATOMIC);
2587	if (cmd == NULL)
2588		return NULL;
2589
2590	cmd->header.code = cpu_to_le16(MWL8K_CMD_MAC_MULTICAST_ADR);
2591	cmd->header.length = cpu_to_le16(size);
2592	cmd->action = cpu_to_le16(MWL8K_ENABLE_RX_DIRECTED |
2593				  MWL8K_ENABLE_RX_BROADCAST);
2594
2595	if (allmulti) {
2596		cmd->action |= cpu_to_le16(MWL8K_ENABLE_RX_ALL_MULTICAST);
2597	} else if (mc_count) {
2598		struct netdev_hw_addr *ha;
2599		int i = 0;
2600
2601		cmd->action |= cpu_to_le16(MWL8K_ENABLE_RX_MULTICAST);
2602		cmd->numaddr = cpu_to_le16(mc_count);
2603		netdev_hw_addr_list_for_each(ha, mc_list) {
2604			memcpy(cmd->addr[i], ha->addr, ETH_ALEN);
2605		}
2606	}
2607
2608	return &cmd->header;
2609}
2610
2611/*
2612 * CMD_GET_STAT.
2613 */
2614struct mwl8k_cmd_get_stat {
2615	struct mwl8k_cmd_pkt header;
2616	__le32 stats[64];
2617} __packed;
2618
2619#define MWL8K_STAT_ACK_FAILURE	9
2620#define MWL8K_STAT_RTS_FAILURE	12
2621#define MWL8K_STAT_FCS_ERROR	24
2622#define MWL8K_STAT_RTS_SUCCESS	11
2623
2624static int mwl8k_cmd_get_stat(struct ieee80211_hw *hw,
2625			      struct ieee80211_low_level_stats *stats)
2626{
2627	struct mwl8k_cmd_get_stat *cmd;
2628	int rc;
2629
2630	cmd = kzalloc(sizeof(*cmd), GFP_KERNEL);
2631	if (cmd == NULL)
2632		return -ENOMEM;
2633
2634	cmd->header.code = cpu_to_le16(MWL8K_CMD_GET_STAT);
2635	cmd->header.length = cpu_to_le16(sizeof(*cmd));
2636
2637	rc = mwl8k_post_cmd(hw, &cmd->header);
2638	if (!rc) {
2639		stats->dot11ACKFailureCount =
2640			le32_to_cpu(cmd->stats[MWL8K_STAT_ACK_FAILURE]);
2641		stats->dot11RTSFailureCount =
2642			le32_to_cpu(cmd->stats[MWL8K_STAT_RTS_FAILURE]);
2643		stats->dot11FCSErrorCount =
2644			le32_to_cpu(cmd->stats[MWL8K_STAT_FCS_ERROR]);
2645		stats->dot11RTSSuccessCount =
2646			le32_to_cpu(cmd->stats[MWL8K_STAT_RTS_SUCCESS]);
2647	}
2648	kfree(cmd);
2649
2650	return rc;
2651}
2652
2653/*
2654 * CMD_RADIO_CONTROL.
2655 */
2656struct mwl8k_cmd_radio_control {
2657	struct mwl8k_cmd_pkt header;
2658	__le16 action;
2659	__le16 control;
2660	__le16 radio_on;
2661} __packed;
2662
2663static int
2664mwl8k_cmd_radio_control(struct ieee80211_hw *hw, bool enable, bool force)
2665{
2666	struct mwl8k_priv *priv = hw->priv;
2667	struct mwl8k_cmd_radio_control *cmd;
2668	int rc;
2669
2670	if (enable == priv->radio_on && !force)
2671		return 0;
2672
2673	cmd = kzalloc(sizeof(*cmd), GFP_KERNEL);
2674	if (cmd == NULL)
2675		return -ENOMEM;
2676
2677	cmd->header.code = cpu_to_le16(MWL8K_CMD_RADIO_CONTROL);
2678	cmd->header.length = cpu_to_le16(sizeof(*cmd));
2679	cmd->action = cpu_to_le16(MWL8K_CMD_SET);
2680	cmd->control = cpu_to_le16(priv->radio_short_preamble ? 3 : 1);
2681	cmd->radio_on = cpu_to_le16(enable ? 0x0001 : 0x0000);
2682
2683	rc = mwl8k_post_cmd(hw, &cmd->header);
2684	kfree(cmd);
2685
2686	if (!rc)
2687		priv->radio_on = enable;
2688
2689	return rc;
2690}
2691
2692static int mwl8k_cmd_radio_disable(struct ieee80211_hw *hw)
2693{
2694	return mwl8k_cmd_radio_control(hw, 0, 0);
2695}
2696
2697static int mwl8k_cmd_radio_enable(struct ieee80211_hw *hw)
2698{
2699	return mwl8k_cmd_radio_control(hw, 1, 0);
2700}
2701
2702static int
2703mwl8k_set_radio_preamble(struct ieee80211_hw *hw, bool short_preamble)
2704{
2705	struct mwl8k_priv *priv = hw->priv;
2706
2707	priv->radio_short_preamble = short_preamble;
2708
2709	return mwl8k_cmd_radio_control(hw, 1, 1);
2710}
2711
2712/*
2713 * CMD_RF_TX_POWER.
2714 */
2715#define MWL8K_RF_TX_POWER_LEVEL_TOTAL	8
2716
2717struct mwl8k_cmd_rf_tx_power {
2718	struct mwl8k_cmd_pkt header;
2719	__le16 action;
2720	__le16 support_level;
2721	__le16 current_level;
2722	__le16 reserved;
2723	__le16 power_level_list[MWL8K_RF_TX_POWER_LEVEL_TOTAL];
2724} __packed;
2725
2726static int mwl8k_cmd_rf_tx_power(struct ieee80211_hw *hw, int dBm)
2727{
2728	struct mwl8k_cmd_rf_tx_power *cmd;
2729	int rc;
2730
2731	cmd = kzalloc(sizeof(*cmd), GFP_KERNEL);
2732	if (cmd == NULL)
2733		return -ENOMEM;
2734
2735	cmd->header.code = cpu_to_le16(MWL8K_CMD_RF_TX_POWER);
2736	cmd->header.length = cpu_to_le16(sizeof(*cmd));
2737	cmd->action = cpu_to_le16(MWL8K_CMD_SET);
2738	cmd->support_level = cpu_to_le16(dBm);
2739
2740	rc = mwl8k_post_cmd(hw, &cmd->header);
2741	kfree(cmd);
2742
2743	return rc;
2744}
2745
2746/*
2747 * CMD_TX_POWER.
2748 */
2749#define MWL8K_TX_POWER_LEVEL_TOTAL      12
2750
2751struct mwl8k_cmd_tx_power {
2752	struct mwl8k_cmd_pkt header;
2753	__le16 action;
2754	__le16 band;
2755	__le16 channel;
2756	__le16 bw;
2757	__le16 sub_ch;
2758	__le16 power_level_list[MWL8K_TX_POWER_LEVEL_TOTAL];
2759} __packed;
2760
2761static int mwl8k_cmd_tx_power(struct ieee80211_hw *hw,
2762				     struct ieee80211_conf *conf,
2763				     unsigned short pwr)
2764{
2765	struct ieee80211_channel *channel = conf->channel;
2766	struct mwl8k_cmd_tx_power *cmd;
2767	int rc;
2768	int i;
2769
2770	cmd = kzalloc(sizeof(*cmd), GFP_KERNEL);
2771	if (cmd == NULL)
2772		return -ENOMEM;
2773
2774	cmd->header.code = cpu_to_le16(MWL8K_CMD_TX_POWER);
2775	cmd->header.length = cpu_to_le16(sizeof(*cmd));
2776	cmd->action = cpu_to_le16(MWL8K_CMD_SET_LIST);
2777
2778	if (channel->band == IEEE80211_BAND_2GHZ)
2779		cmd->band = cpu_to_le16(0x1);
2780	else if (channel->band == IEEE80211_BAND_5GHZ)
2781		cmd->band = cpu_to_le16(0x4);
2782
2783	cmd->channel = cpu_to_le16(channel->hw_value);
2784
2785	if (conf->channel_type == NL80211_CHAN_NO_HT ||
2786	    conf->channel_type == NL80211_CHAN_HT20) {
2787		cmd->bw = cpu_to_le16(0x2);
2788	} else {
2789		cmd->bw = cpu_to_le16(0x4);
2790		if (conf->channel_type == NL80211_CHAN_HT40MINUS)
2791			cmd->sub_ch = cpu_to_le16(0x3);
2792		else if (conf->channel_type == NL80211_CHAN_HT40PLUS)
2793			cmd->sub_ch = cpu_to_le16(0x1);
2794	}
2795
2796	for (i = 0; i < MWL8K_TX_POWER_LEVEL_TOTAL; i++)
2797		cmd->power_level_list[i] = cpu_to_le16(pwr);
2798
2799	rc = mwl8k_post_cmd(hw, &cmd->header);
2800	kfree(cmd);
2801
2802	return rc;
2803}
2804
2805/*
2806 * CMD_RF_ANTENNA.
2807 */
2808struct mwl8k_cmd_rf_antenna {
2809	struct mwl8k_cmd_pkt header;
2810	__le16 antenna;
2811	__le16 mode;
2812} __packed;
2813
2814#define MWL8K_RF_ANTENNA_RX		1
2815#define MWL8K_RF_ANTENNA_TX		2
2816
2817static int
2818mwl8k_cmd_rf_antenna(struct ieee80211_hw *hw, int antenna, int mask)
2819{
2820	struct mwl8k_cmd_rf_antenna *cmd;
2821	int rc;
2822
2823	cmd = kzalloc(sizeof(*cmd), GFP_KERNEL);
2824	if (cmd == NULL)
2825		return -ENOMEM;
2826
2827	cmd->header.code = cpu_to_le16(MWL8K_CMD_RF_ANTENNA);
2828	cmd->header.length = cpu_to_le16(sizeof(*cmd));
2829	cmd->antenna = cpu_to_le16(antenna);
2830	cmd->mode = cpu_to_le16(mask);
2831
2832	rc = mwl8k_post_cmd(hw, &cmd->header);
2833	kfree(cmd);
2834
2835	return rc;
2836}
2837
2838/*
2839 * CMD_SET_BEACON.
2840 */
2841struct mwl8k_cmd_set_beacon {
2842	struct mwl8k_cmd_pkt header;
2843	__le16 beacon_len;
2844	__u8 beacon[0];
2845};
2846
2847static int mwl8k_cmd_set_beacon(struct ieee80211_hw *hw,
2848				struct ieee80211_vif *vif, u8 *beacon, int len)
2849{
2850	struct mwl8k_cmd_set_beacon *cmd;
2851	int rc;
2852
2853	cmd = kzalloc(sizeof(*cmd) + len, GFP_KERNEL);
2854	if (cmd == NULL)
2855		return -ENOMEM;
2856
2857	cmd->header.code = cpu_to_le16(MWL8K_CMD_SET_BEACON);
2858	cmd->header.length = cpu_to_le16(sizeof(*cmd) + len);
2859	cmd->beacon_len = cpu_to_le16(len);
2860	memcpy(cmd->beacon, beacon, len);
2861
2862	rc = mwl8k_post_pervif_cmd(hw, vif, &cmd->header);
2863	kfree(cmd);
2864
2865	return rc;
2866}
2867
2868/*
2869 * CMD_SET_PRE_SCAN.
2870 */
2871struct mwl8k_cmd_set_pre_scan {
2872	struct mwl8k_cmd_pkt header;
2873} __packed;
2874
2875static int mwl8k_cmd_set_pre_scan(struct ieee80211_hw *hw)
2876{
2877	struct mwl8k_cmd_set_pre_scan *cmd;
2878	int rc;
2879
2880	cmd = kzalloc(sizeof(*cmd), GFP_KERNEL);
2881	if (cmd == NULL)
2882		return -ENOMEM;
2883
2884	cmd->header.code = cpu_to_le16(MWL8K_CMD_SET_PRE_SCAN);
2885	cmd->header.length = cpu_to_le16(sizeof(*cmd));
2886
2887	rc = mwl8k_post_cmd(hw, &cmd->header);
2888	kfree(cmd);
2889
2890	return rc;
2891}
2892
2893/*
2894 * CMD_SET_POST_SCAN.
2895 */
2896struct mwl8k_cmd_set_post_scan {
2897	struct mwl8k_cmd_pkt header;
2898	__le32 isibss;
2899	__u8 bssid[ETH_ALEN];
2900} __packed;
2901
2902static int
2903mwl8k_cmd_set_post_scan(struct ieee80211_hw *hw, const __u8 *mac)
2904{
2905	struct mwl8k_cmd_set_post_scan *cmd;
2906	int rc;
2907
2908	cmd = kzalloc(sizeof(*cmd), GFP_KERNEL);
2909	if (cmd == NULL)
2910		return -ENOMEM;
2911
2912	cmd->header.code = cpu_to_le16(MWL8K_CMD_SET_POST_SCAN);
2913	cmd->header.length = cpu_to_le16(sizeof(*cmd));
2914	cmd->isibss = 0;
2915	memcpy(cmd->bssid, mac, ETH_ALEN);
2916
2917	rc = mwl8k_post_cmd(hw, &cmd->header);
2918	kfree(cmd);
2919
2920	return rc;
2921}
2922
2923/*
2924 * CMD_SET_RF_CHANNEL.
2925 */
2926struct mwl8k_cmd_set_rf_channel {
2927	struct mwl8k_cmd_pkt header;
2928	__le16 action;
2929	__u8 current_channel;
2930	__le32 channel_flags;
2931} __packed;
2932
2933static int mwl8k_cmd_set_rf_channel(struct ieee80211_hw *hw,
2934				    struct ieee80211_conf *conf)
2935{
2936	struct ieee80211_channel *channel = conf->channel;
2937	struct mwl8k_cmd_set_rf_channel *cmd;
2938	int rc;
2939
2940	cmd = kzalloc(sizeof(*cmd), GFP_KERNEL);
2941	if (cmd == NULL)
2942		return -ENOMEM;
2943
2944	cmd->header.code = cpu_to_le16(MWL8K_CMD_SET_RF_CHANNEL);
2945	cmd->header.length = cpu_to_le16(sizeof(*cmd));
2946	cmd->action = cpu_to_le16(MWL8K_CMD_SET);
2947	cmd->current_channel = channel->hw_value;
2948
2949	if (channel->band == IEEE80211_BAND_2GHZ)
2950		cmd->channel_flags |= cpu_to_le32(0x00000001);
2951	else if (channel->band == IEEE80211_BAND_5GHZ)
2952		cmd->channel_flags |= cpu_to_le32(0x00000004);
2953
2954	if (conf->channel_type == NL80211_CHAN_NO_HT ||
2955	    conf->channel_type == NL80211_CHAN_HT20)
2956		cmd->channel_flags |= cpu_to_le32(0x00000080);
2957	else if (conf->channel_type == NL80211_CHAN_HT40MINUS)
2958		cmd->channel_flags |= cpu_to_le32(0x000001900);
2959	else if (conf->channel_type == NL80211_CHAN_HT40PLUS)
2960		cmd->channel_flags |= cpu_to_le32(0x000000900);
2961
2962	rc = mwl8k_post_cmd(hw, &cmd->header);
2963	kfree(cmd);
2964
2965	return rc;
2966}
2967
2968/*
2969 * CMD_SET_AID.
2970 */
2971#define MWL8K_FRAME_PROT_DISABLED			0x00
2972#define MWL8K_FRAME_PROT_11G				0x07
2973#define MWL8K_FRAME_PROT_11N_HT_40MHZ_ONLY		0x02
2974#define MWL8K_FRAME_PROT_11N_HT_ALL			0x06
2975
2976struct mwl8k_cmd_update_set_aid {
2977	struct	mwl8k_cmd_pkt header;
2978	__le16	aid;
2979
2980	 /* AP's MAC address (BSSID) */
2981	__u8	bssid[ETH_ALEN];
2982	__le16	protection_mode;
2983	__u8	supp_rates[14];
2984} __packed;
2985
2986static void legacy_rate_mask_to_array(u8 *rates, u32 mask)
2987{
2988	int i;
2989	int j;
2990
2991	/*
2992	 * Clear nonstandard rates 4 and 13.
2993	 */
2994	mask &= 0x1fef;
2995
2996	for (i = 0, j = 0; i < 14; i++) {
2997		if (mask & (1 << i))
2998			rates[j++] = mwl8k_rates_24[i].hw_value;
2999	}
3000}
3001
3002static int
3003mwl8k_cmd_set_aid(struct ieee80211_hw *hw,
3004		  struct ieee80211_vif *vif, u32 legacy_rate_mask)
3005{
3006	struct mwl8k_cmd_update_set_aid *cmd;
3007	u16 prot_mode;
3008	int rc;
3009
3010	cmd = kzalloc(sizeof(*cmd), GFP_KERNEL);
3011	if (cmd == NULL)
3012		return -ENOMEM;
3013
3014	cmd->header.code = cpu_to_le16(MWL8K_CMD_SET_AID);
3015	cmd->header.length = cpu_to_le16(sizeof(*cmd));
3016	cmd->aid = cpu_to_le16(vif->bss_conf.aid);
3017	memcpy(cmd->bssid, vif->bss_conf.bssid, ETH_ALEN);
3018
3019	if (vif->bss_conf.use_cts_prot) {
3020		prot_mode = MWL8K_FRAME_PROT_11G;
3021	} else {
3022		switch (vif->bss_conf.ht_operation_mode &
3023			IEEE80211_HT_OP_MODE_PROTECTION) {
3024		case IEEE80211_HT_OP_MODE_PROTECTION_20MHZ:
3025			prot_mode = MWL8K_FRAME_PROT_11N_HT_40MHZ_ONLY;
3026			break;
3027		case IEEE80211_HT_OP_MODE_PROTECTION_NONHT_MIXED:
3028			prot_mode = MWL8K_FRAME_PROT_11N_HT_ALL;
3029			break;
3030		default:
3031			prot_mode = MWL8K_FRAME_PROT_DISABLED;
3032			break;
3033		}
3034	}
3035	cmd->protection_mode = cpu_to_le16(prot_mode);
3036
3037	legacy_rate_mask_to_array(cmd->supp_rates, legacy_rate_mask);
3038
3039	rc = mwl8k_post_cmd(hw, &cmd->header);
3040	kfree(cmd);
3041
3042	return rc;
3043}
3044
3045/*
3046 * CMD_SET_RATE.
3047 */
3048struct mwl8k_cmd_set_rate {
3049	struct	mwl8k_cmd_pkt header;
3050	__u8	legacy_rates[14];
3051
3052	/* Bitmap for supported MCS codes.  */
3053	__u8	mcs_set[16];
3054	__u8	reserved[16];
3055} __packed;
3056
3057static int
3058mwl8k_cmd_set_rate(struct ieee80211_hw *hw, struct ieee80211_vif *vif,
3059		   u32 legacy_rate_mask, u8 *mcs_rates)
3060{
3061	struct mwl8k_cmd_set_rate *cmd;
3062	int rc;
3063
3064	cmd = kzalloc(sizeof(*cmd), GFP_KERNEL);
3065	if (cmd == NULL)
3066		return -ENOMEM;
3067
3068	cmd->header.code = cpu_to_le16(MWL8K_CMD_SET_RATE);
3069	cmd->header.length = cpu_to_le16(sizeof(*cmd));
3070	legacy_rate_mask_to_array(cmd->legacy_rates, legacy_rate_mask);
3071	memcpy(cmd->mcs_set, mcs_rates, 16);
3072
3073	rc = mwl8k_post_cmd(hw, &cmd->header);
3074	kfree(cmd);
3075
3076	return rc;
3077}
3078
3079/*
3080 * CMD_FINALIZE_JOIN.
3081 */
3082#define MWL8K_FJ_BEACON_MAXLEN	128
3083
3084struct mwl8k_cmd_finalize_join {
3085	struct mwl8k_cmd_pkt header;
3086	__le32 sleep_interval;	/* Number of beacon periods to sleep */
3087	__u8 beacon_data[MWL8K_FJ_BEACON_MAXLEN];
3088} __packed;
3089
3090static int mwl8k_cmd_finalize_join(struct ieee80211_hw *hw, void *frame,
3091				   int framelen, int dtim)
3092{
3093	struct mwl8k_cmd_finalize_join *cmd;
3094	struct ieee80211_mgmt *payload = frame;
3095	int payload_len;
3096	int rc;
3097
3098	cmd = kzalloc(sizeof(*cmd), GFP_KERNEL);
3099	if (cmd == NULL)
3100		return -ENOMEM;
3101
3102	cmd->header.code = cpu_to_le16(MWL8K_CMD_SET_FINALIZE_JOIN);
3103	cmd->header.length = cpu_to_le16(sizeof(*cmd));
3104	cmd->sleep_interval = cpu_to_le32(dtim ? dtim : 1);
3105
3106	payload_len = framelen - ieee80211_hdrlen(payload->frame_control);
3107	if (payload_len < 0)
3108		payload_len = 0;
3109	else if (payload_len > MWL8K_FJ_BEACON_MAXLEN)
3110		payload_len = MWL8K_FJ_BEACON_MAXLEN;
3111
3112	memcpy(cmd->beacon_data, &payload->u.beacon, payload_len);
3113
3114	rc = mwl8k_post_cmd(hw, &cmd->header);
3115	kfree(cmd);
3116
3117	return rc;
3118}
3119
3120/*
3121 * CMD_SET_RTS_THRESHOLD.
3122 */
3123struct mwl8k_cmd_set_rts_threshold {
3124	struct mwl8k_cmd_pkt header;
3125	__le16 action;
3126	__le16 threshold;
3127} __packed;
3128
3129static int
3130mwl8k_cmd_set_rts_threshold(struct ieee80211_hw *hw, int rts_thresh)
3131{
3132	struct mwl8k_cmd_set_rts_threshold *cmd;
3133	int rc;
3134
3135	cmd = kzalloc(sizeof(*cmd), GFP_KERNEL);
3136	if (cmd == NULL)
3137		return -ENOMEM;
3138
3139	cmd->header.code = cpu_to_le16(MWL8K_CMD_RTS_THRESHOLD);
3140	cmd->header.length = cpu_to_le16(sizeof(*cmd));
3141	cmd->action = cpu_to_le16(MWL8K_CMD_SET);
3142	cmd->threshold = cpu_to_le16(rts_thresh);
3143
3144	rc = mwl8k_post_cmd(hw, &cmd->header);
3145	kfree(cmd);
3146
3147	return rc;
3148}
3149
3150/*
3151 * CMD_SET_SLOT.
3152 */
3153struct mwl8k_cmd_set_slot {
3154	struct mwl8k_cmd_pkt header;
3155	__le16 action;
3156	__u8 short_slot;
3157} __packed;
3158
3159static int mwl8k_cmd_set_slot(struct ieee80211_hw *hw, bool short_slot_time)
3160{
3161	struct mwl8k_cmd_set_slot *cmd;
3162	int rc;
3163
3164	cmd = kzalloc(sizeof(*cmd), GFP_KERNEL);
3165	if (cmd == NULL)
3166		return -ENOMEM;
3167
3168	cmd->header.code = cpu_to_le16(MWL8K_CMD_SET_SLOT);
3169	cmd->header.length = cpu_to_le16(sizeof(*cmd));
3170	cmd->action = cpu_to_le16(MWL8K_CMD_SET);
3171	cmd->short_slot = short_slot_time;
3172
3173	rc = mwl8k_post_cmd(hw, &cmd->header);
3174	kfree(cmd);
3175
3176	return rc;
3177}
3178
3179/*
3180 * CMD_SET_EDCA_PARAMS.
3181 */
3182struct mwl8k_cmd_set_edca_params {
3183	struct mwl8k_cmd_pkt header;
3184
3185	/* See MWL8K_SET_EDCA_XXX below */
3186	__le16 action;
3187
3188	/* TX opportunity in units of 32 us */
3189	__le16 txop;
3190
3191	union {
3192		struct {
3193			/* Log exponent of max contention period: 0...15 */
3194			__le32 log_cw_max;
3195
3196			/* Log exponent of min contention period: 0...15 */
3197			__le32 log_cw_min;
3198
3199			/* Adaptive interframe spacing in units of 32us */
3200			__u8 aifs;
3201
3202			/* TX queue to configure */
3203			__u8 txq;
3204		} ap;
3205		struct {
3206			/* Log exponent of max contention period: 0...15 */
3207			__u8 log_cw_max;
3208
3209			/* Log exponent of min contention period: 0...15 */
3210			__u8 log_cw_min;
3211
3212			/* Adaptive interframe spacing in units of 32us */
3213			__u8 aifs;
3214
3215			/* TX queue to configure */
3216			__u8 txq;
3217		} sta;
3218	};
3219} __packed;
3220
3221#define MWL8K_SET_EDCA_CW	0x01
3222#define MWL8K_SET_EDCA_TXOP	0x02
3223#define MWL8K_SET_EDCA_AIFS	0x04
3224
3225#define MWL8K_SET_EDCA_ALL	(MWL8K_SET_EDCA_CW | \
3226				 MWL8K_SET_EDCA_TXOP | \
3227				 MWL8K_SET_EDCA_AIFS)
3228
3229static int
3230mwl8k_cmd_set_edca_params(struct ieee80211_hw *hw, __u8 qnum,
3231			  __u16 cw_min, __u16 cw_max,
3232			  __u8 aifs, __u16 txop)
3233{
3234	struct mwl8k_priv *priv = hw->priv;
3235	struct mwl8k_cmd_set_edca_params *cmd;
3236	int rc;
3237
3238	cmd = kzalloc(sizeof(*cmd), GFP_KERNEL);
3239	if (cmd == NULL)
3240		return -ENOMEM;
3241
3242	cmd->header.code = cpu_to_le16(MWL8K_CMD_SET_EDCA_PARAMS);
3243	cmd->header.length = cpu_to_le16(sizeof(*cmd));
3244	cmd->action = cpu_to_le16(MWL8K_SET_EDCA_ALL);
3245	cmd->txop = cpu_to_le16(txop);
3246	if (priv->ap_fw) {
3247		cmd->ap.log_cw_max = cpu_to_le32(ilog2(cw_max + 1));
3248		cmd->ap.log_cw_min = cpu_to_le32(ilog2(cw_min + 1));
3249		cmd->ap.aifs = aifs;
3250		cmd->ap.txq = qnum;
3251	} else {
3252		cmd->sta.log_cw_max = (u8)ilog2(cw_max + 1);
3253		cmd->sta.log_cw_min = (u8)ilog2(cw_min + 1);
3254		cmd->sta.aifs = aifs;
3255		cmd->sta.txq = qnum;
3256	}
3257
3258	rc = mwl8k_post_cmd(hw, &cmd->header);
3259	kfree(cmd);
3260
3261	return rc;
3262}
3263
3264/*
3265 * CMD_SET_WMM_MODE.
3266 */
3267struct mwl8k_cmd_set_wmm_mode {
3268	struct mwl8k_cmd_pkt header;
3269	__le16 action;
3270} __packed;
3271
3272static int mwl8k_cmd_set_wmm_mode(struct ieee80211_hw *hw, bool enable)
3273{
3274	struct mwl8k_priv *priv = hw->priv;
3275	struct mwl8k_cmd_set_wmm_mode *cmd;
3276	int rc;
3277
3278	cmd = kzalloc(sizeof(*cmd), GFP_KERNEL);
3279	if (cmd == NULL)
3280		return -ENOMEM;
3281
3282	cmd->header.code = cpu_to_le16(MWL8K_CMD_SET_WMM_MODE);
3283	cmd->header.length = cpu_to_le16(sizeof(*cmd));
3284	cmd->action = cpu_to_le16(!!enable);
3285
3286	rc = mwl8k_post_cmd(hw, &cmd->header);
3287	kfree(cmd);
3288
3289	if (!rc)
3290		priv->wmm_enabled = enable;
3291
3292	return rc;
3293}
3294
3295/*
3296 * CMD_MIMO_CONFIG.
3297 */
3298struct mwl8k_cmd_mimo_config {
3299	struct mwl8k_cmd_pkt header;
3300	__le32 action;
3301	__u8 rx_antenna_map;
3302	__u8 tx_antenna_map;
3303} __packed;
3304
3305static int mwl8k_cmd_mimo_config(struct ieee80211_hw *hw, __u8 rx, __u8 tx)
3306{
3307	struct mwl8k_cmd_mimo_config *cmd;
3308	int rc;
3309
3310	cmd = kzalloc(sizeof(*cmd), GFP_KERNEL);
3311	if (cmd == NULL)
3312		return -ENOMEM;
3313
3314	cmd->header.code = cpu_to_le16(MWL8K_CMD_MIMO_CONFIG);
3315	cmd->header.length = cpu_to_le16(sizeof(*cmd));
3316	cmd->action = cpu_to_le32((u32)MWL8K_CMD_SET);
3317	cmd->rx_antenna_map = rx;
3318	cmd->tx_antenna_map = tx;
3319
3320	rc = mwl8k_post_cmd(hw, &cmd->header);
3321	kfree(cmd);
3322
3323	return rc;
3324}
3325
3326/*
3327 * CMD_USE_FIXED_RATE (STA version).
3328 */
3329struct mwl8k_cmd_use_fixed_rate_sta {
3330	struct mwl8k_cmd_pkt header;
3331	__le32 action;
3332	__le32 allow_rate_drop;
3333	__le32 num_rates;
3334	struct {
3335		__le32 is_ht_rate;
3336		__le32 enable_retry;
3337		__le32 rate;
3338		__le32 retry_count;
3339	} rate_entry[8];
3340	__le32 rate_type;
3341	__le32 reserved1;
3342	__le32 reserved2;
3343} __packed;
3344
3345#define MWL8K_USE_AUTO_RATE	0x0002
3346#define MWL8K_UCAST_RATE	0
3347
3348static int mwl8k_cmd_use_fixed_rate_sta(struct ieee80211_hw *hw)
3349{
3350	struct mwl8k_cmd_use_fixed_rate_sta *cmd;
3351	int rc;
3352
3353	cmd = kzalloc(sizeof(*cmd), GFP_KERNEL);
3354	if (cmd == NULL)
3355		return -ENOMEM;
3356
3357	cmd->header.code = cpu_to_le16(MWL8K_CMD_USE_FIXED_RATE);
3358	cmd->header.length = cpu_to_le16(sizeof(*cmd));
3359	cmd->action = cpu_to_le32(MWL8K_USE_AUTO_RATE);
3360	cmd->rate_type = cpu_to_le32(MWL8K_UCAST_RATE);
3361
3362	rc = mwl8k_post_cmd(hw, &cmd->header);
3363	kfree(cmd);
3364
3365	return rc;
3366}
3367
3368/*
3369 * CMD_USE_FIXED_RATE (AP version).
3370 */
3371struct mwl8k_cmd_use_fixed_rate_ap {
3372	struct mwl8k_cmd_pkt header;
3373	__le32 action;
3374	__le32 allow_rate_drop;
3375	__le32 num_rates;
3376	struct mwl8k_rate_entry_ap {
3377		__le32 is_ht_rate;
3378		__le32 enable_retry;
3379		__le32 rate;
3380		__le32 retry_count;
3381	} rate_entry[4];
3382	u8 multicast_rate;
3383	u8 multicast_rate_type;
3384	u8 management_rate;
3385} __packed;
3386
3387static int
3388mwl8k_cmd_use_fixed_rate_ap(struct ieee80211_hw *hw, int mcast, int mgmt)
3389{
3390	struct mwl8k_cmd_use_fixed_rate_ap *cmd;
3391	int rc;
3392
3393	cmd = kzalloc(sizeof(*cmd), GFP_KERNEL);
3394	if (cmd == NULL)
3395		return -ENOMEM;
3396
3397	cmd->header.code = cpu_to_le16(MWL8K_CMD_USE_FIXED_RATE);
3398	cmd->header.length = cpu_to_le16(sizeof(*cmd));
3399	cmd->action = cpu_to_le32(MWL8K_USE_AUTO_RATE);
3400	cmd->multicast_rate = mcast;
3401	cmd->management_rate = mgmt;
3402
3403	rc = mwl8k_post_cmd(hw, &cmd->header);
3404	kfree(cmd);
3405
3406	return rc;
3407}
3408
3409/*
3410 * CMD_ENABLE_SNIFFER.
3411 */
3412struct mwl8k_cmd_enable_sniffer {
3413	struct mwl8k_cmd_pkt header;
3414	__le32 action;
3415} __packed;
3416
3417static int mwl8k_cmd_enable_sniffer(struct ieee80211_hw *hw, bool enable)
3418{
3419	struct mwl8k_cmd_enable_sniffer *cmd;
3420	int rc;
3421
3422	cmd = kzalloc(sizeof(*cmd), GFP_KERNEL);
3423	if (cmd == NULL)
3424		return -ENOMEM;
3425
3426	cmd->header.code = cpu_to_le16(MWL8K_CMD_ENABLE_SNIFFER);
3427	cmd->header.length = cpu_to_le16(sizeof(*cmd));
3428	cmd->action = cpu_to_le32(!!enable);
3429
3430	rc = mwl8k_post_cmd(hw, &cmd->header);
3431	kfree(cmd);
3432
3433	return rc;
3434}
3435
3436struct mwl8k_cmd_update_mac_addr {
3437	struct mwl8k_cmd_pkt header;
3438	union {
3439		struct {
3440			__le16 mac_type;
3441			__u8 mac_addr[ETH_ALEN];
3442		} mbss;
3443		__u8 mac_addr[ETH_ALEN];
3444	};
3445} __packed;
3446
3447#define MWL8K_MAC_TYPE_PRIMARY_CLIENT		0
3448#define MWL8K_MAC_TYPE_SECONDARY_CLIENT		1
3449#define MWL8K_MAC_TYPE_PRIMARY_AP		2
3450#define MWL8K_MAC_TYPE_SECONDARY_AP		3
3451
3452static int mwl8k_cmd_update_mac_addr(struct ieee80211_hw *hw,
3453				  struct ieee80211_vif *vif, u8 *mac, bool set)
3454{
3455	struct mwl8k_priv *priv = hw->priv;
3456	struct mwl8k_vif *mwl8k_vif = MWL8K_VIF(vif);
3457	struct mwl8k_cmd_update_mac_addr *cmd;
3458	int mac_type;
3459	int rc;
3460
3461	mac_type = MWL8K_MAC_TYPE_PRIMARY_AP;
3462	if (vif != NULL && vif->type == NL80211_IFTYPE_STATION) {
3463		if (mwl8k_vif->macid + 1 == ffs(priv->sta_macids_supported))
3464			mac_type = MWL8K_MAC_TYPE_PRIMARY_CLIENT;
3465		else
3466			mac_type = MWL8K_MAC_TYPE_SECONDARY_CLIENT;
3467	} else if (vif != NULL && vif->type == NL80211_IFTYPE_AP) {
3468		if (mwl8k_vif->macid + 1 == ffs(priv->ap_macids_supported))
3469			mac_type = MWL8K_MAC_TYPE_PRIMARY_AP;
3470		else
3471			mac_type = MWL8K_MAC_TYPE_SECONDARY_AP;
3472	}
3473
3474	cmd = kzalloc(sizeof(*cmd), GFP_KERNEL);
3475	if (cmd == NULL)
3476		return -ENOMEM;
3477
3478	if (set)
3479		cmd->header.code = cpu_to_le16(MWL8K_CMD_SET_MAC_ADDR);
3480	else
3481		cmd->header.code = cpu_to_le16(MWL8K_CMD_DEL_MAC_ADDR);
3482
3483	cmd->header.length = cpu_to_le16(sizeof(*cmd));
3484	if (priv->ap_fw) {
3485		cmd->mbss.mac_type = cpu_to_le16(mac_type);
3486		memcpy(cmd->mbss.mac_addr, mac, ETH_ALEN);
3487	} else {
3488		memcpy(cmd->mac_addr, mac, ETH_ALEN);
3489	}
3490
3491	rc = mwl8k_post_pervif_cmd(hw, vif, &cmd->header);
3492	kfree(cmd);
3493
3494	return rc;
3495}
3496
3497/*
3498 * MWL8K_CMD_SET_MAC_ADDR.
3499 */
3500static inline int mwl8k_cmd_set_mac_addr(struct ieee80211_hw *hw,
3501				  struct ieee80211_vif *vif, u8 *mac)
3502{
3503	return mwl8k_cmd_update_mac_addr(hw, vif, mac, true);
3504}
3505
3506/*
3507 * MWL8K_CMD_DEL_MAC_ADDR.
3508 */
3509static inline int mwl8k_cmd_del_mac_addr(struct ieee80211_hw *hw,
3510				  struct ieee80211_vif *vif, u8 *mac)
3511{
3512	return mwl8k_cmd_update_mac_addr(hw, vif, mac, false);
3513}
3514
3515/*
3516 * CMD_SET_RATEADAPT_MODE.
3517 */
3518struct mwl8k_cmd_set_rate_adapt_mode {
3519	struct mwl8k_cmd_pkt header;
3520	__le16 action;
3521	__le16 mode;
3522} __packed;
3523
3524static int mwl8k_cmd_set_rateadapt_mode(struct ieee80211_hw *hw, __u16 mode)
3525{
3526	struct mwl8k_cmd_set_rate_adapt_mode *cmd;
3527	int rc;
3528
3529	cmd = kzalloc(sizeof(*cmd), GFP_KERNEL);
3530	if (cmd == NULL)
3531		return -ENOMEM;
3532
3533	cmd->header.code = cpu_to_le16(MWL8K_CMD_SET_RATEADAPT_MODE);
3534	cmd->header.length = cpu_to_le16(sizeof(*cmd));
3535	cmd->action = cpu_to_le16(MWL8K_CMD_SET);
3536	cmd->mode = cpu_to_le16(mode);
3537
3538	rc = mwl8k_post_cmd(hw, &cmd->header);
3539	kfree(cmd);
3540
3541	return rc;
3542}
3543
3544/*
3545 * CMD_GET_WATCHDOG_BITMAP.
3546 */
3547struct mwl8k_cmd_get_watchdog_bitmap {
3548	struct mwl8k_cmd_pkt header;
3549	u8	bitmap;
3550} __packed;
3551
3552static int mwl8k_cmd_get_watchdog_bitmap(struct ieee80211_hw *hw, u8 *bitmap)
3553{
3554	struct mwl8k_cmd_get_watchdog_bitmap *cmd;
3555	int rc;
3556
3557	cmd = kzalloc(sizeof(*cmd), GFP_KERNEL);
3558	if (cmd == NULL)
3559		return -ENOMEM;
3560
3561	cmd->header.code = cpu_to_le16(MWL8K_CMD_GET_WATCHDOG_BITMAP);
3562	cmd->header.length = cpu_to_le16(sizeof(*cmd));
3563
3564	rc = mwl8k_post_cmd(hw, &cmd->header);
3565	if (!rc)
3566		*bitmap = cmd->bitmap;
3567
3568	kfree(cmd);
3569
3570	return rc;
3571}
3572
3573#define INVALID_BA	0xAA
3574static void mwl8k_watchdog_ba_events(struct work_struct *work)
3575{
3576	int rc;
3577	u8 bitmap = 0, stream_index;
3578	struct mwl8k_ampdu_stream *streams;
3579	struct mwl8k_priv *priv =
3580		container_of(work, struct mwl8k_priv, watchdog_ba_handle);
3581
3582	rc = mwl8k_cmd_get_watchdog_bitmap(priv->hw, &bitmap);
3583	if (rc)
3584		return;
3585
3586	if (bitmap == INVALID_BA)
3587		return;
3588
3589	/* the bitmap is the hw queue number.  Map it to the ampdu queue. */
3590	stream_index = bitmap - MWL8K_TX_WMM_QUEUES;
3591
3592	BUG_ON(stream_index >= priv->num_ampdu_queues);
3593
3594	streams = &priv->ampdu[stream_index];
3595
3596	if (streams->state == AMPDU_STREAM_ACTIVE)
3597		ieee80211_stop_tx_ba_session(streams->sta, streams->tid);
3598
3599	return;
3600}
3601
3602
3603/*
3604 * CMD_BSS_START.
3605 */
3606struct mwl8k_cmd_bss_start {
3607	struct mwl8k_cmd_pkt header;
3608	__le32 enable;
3609} __packed;
3610
3611static int mwl8k_cmd_bss_start(struct ieee80211_hw *hw,
3612			       struct ieee80211_vif *vif, int enable)
3613{
3614	struct mwl8k_cmd_bss_start *cmd;
3615	int rc;
3616
3617	cmd = kzalloc(sizeof(*cmd), GFP_KERNEL);
3618	if (cmd == NULL)
3619		return -ENOMEM;
3620
3621	cmd->header.code = cpu_to_le16(MWL8K_CMD_BSS_START);
3622	cmd->header.length = cpu_to_le16(sizeof(*cmd));
3623	cmd->enable = cpu_to_le32(enable);
3624
3625	rc = mwl8k_post_pervif_cmd(hw, vif, &cmd->header);
3626	kfree(cmd);
3627
3628	return rc;
3629}
3630
3631/*
3632 * CMD_BASTREAM.
3633 */
3634
3635/*
3636 * UPSTREAM is tx direction
3637 */
3638#define BASTREAM_FLAG_DIRECTION_UPSTREAM	0x00
3639#define BASTREAM_FLAG_IMMEDIATE_TYPE		0x01
3640
3641enum ba_stream_action_type {
3642	MWL8K_BA_CREATE,
3643	MWL8K_BA_UPDATE,
3644	MWL8K_BA_DESTROY,
3645	MWL8K_BA_FLUSH,
3646	MWL8K_BA_CHECK,
3647};
3648
3649
3650struct mwl8k_create_ba_stream {
3651	__le32	flags;
3652	__le32	idle_thrs;
3653	__le32	bar_thrs;
3654	__le32	window_size;
3655	u8	peer_mac_addr[6];
3656	u8	dialog_token;
3657	u8	tid;
3658	u8	queue_id;
3659	u8	param_info;
3660	__le32	ba_context;
3661	u8	reset_seq_no_flag;
3662	__le16	curr_seq_no;
3663	u8	sta_src_mac_addr[6];
3664} __packed;
3665
3666struct mwl8k_destroy_ba_stream {
3667	__le32	flags;
3668	__le32	ba_context;
3669} __packed;
3670
3671struct mwl8k_cmd_bastream {
3672	struct mwl8k_cmd_pkt	header;
3673	__le32	action;
3674	union {
3675		struct mwl8k_create_ba_stream	create_params;
3676		struct mwl8k_destroy_ba_stream	destroy_params;
3677	};
3678} __packed;
3679
3680static int
3681mwl8k_check_ba(struct ieee80211_hw *hw, struct mwl8k_ampdu_stream *stream)
3682{
3683	struct mwl8k_cmd_bastream *cmd;
3684	int rc;
3685
3686	cmd = kzalloc(sizeof(*cmd), GFP_KERNEL);
3687	if (cmd == NULL)
3688		return -ENOMEM;
3689
3690	cmd->header.code = cpu_to_le16(MWL8K_CMD_BASTREAM);
3691	cmd->header.length = cpu_to_le16(sizeof(*cmd));
3692
3693	cmd->action = cpu_to_le32(MWL8K_BA_CHECK);
3694
3695	cmd->create_params.queue_id = stream->idx;
3696	memcpy(&cmd->create_params.peer_mac_addr[0], stream->sta->addr,
3697	       ETH_ALEN);
3698	cmd->create_params.tid = stream->tid;
3699
3700	cmd->create_params.flags =
3701		cpu_to_le32(BASTREAM_FLAG_IMMEDIATE_TYPE) |
3702		cpu_to_le32(BASTREAM_FLAG_DIRECTION_UPSTREAM);
3703
3704	rc = mwl8k_post_cmd(hw, &cmd->header);
3705
3706	kfree(cmd);
3707
3708	return rc;
3709}
3710
3711static int
3712mwl8k_create_ba(struct ieee80211_hw *hw, struct mwl8k_ampdu_stream *stream,
3713		u8 buf_size)
3714{
3715	struct mwl8k_cmd_bastream *cmd;
3716	int rc;
3717
3718	cmd = kzalloc(sizeof(*cmd), GFP_KERNEL);
3719	if (cmd == NULL)
3720		return -ENOMEM;
3721
3722
3723	cmd->header.code = cpu_to_le16(MWL8K_CMD_BASTREAM);
3724	cmd->header.length = cpu_to_le16(sizeof(*cmd));
3725
3726	cmd->action = cpu_to_le32(MWL8K_BA_CREATE);
3727
3728	cmd->create_params.bar_thrs = cpu_to_le32((u32)buf_size);
3729	cmd->create_params.window_size = cpu_to_le32((u32)buf_size);
3730	cmd->create_params.queue_id = stream->idx;
3731
3732	memcpy(cmd->create_params.peer_mac_addr, stream->sta->addr, ETH_ALEN);
3733	cmd->create_params.tid = stream->tid;
3734	cmd->create_params.curr_seq_no = cpu_to_le16(0);
3735	cmd->create_params.reset_seq_no_flag = 1;
3736
3737	cmd->create_params.param_info =
3738		(stream->sta->ht_cap.ampdu_factor &
3739		 IEEE80211_HT_AMPDU_PARM_FACTOR) |
3740		((stream->sta->ht_cap.ampdu_density << 2) &
3741		 IEEE80211_HT_AMPDU_PARM_DENSITY);
3742
3743	cmd->create_params.flags =
3744		cpu_to_le32(BASTREAM_FLAG_IMMEDIATE_TYPE |
3745					BASTREAM_FLAG_DIRECTION_UPSTREAM);
3746
3747	rc = mwl8k_post_cmd(hw, &cmd->header);
3748
3749	wiphy_debug(hw->wiphy, "Created a BA stream for %pM : tid %d\n",
3750		stream->sta->addr, stream->tid);
3751	kfree(cmd);
3752
3753	return rc;
3754}
3755
3756static void mwl8k_destroy_ba(struct ieee80211_hw *hw,
3757			     struct mwl8k_ampdu_stream *stream)
3758{
3759	struct mwl8k_cmd_bastream *cmd;
3760
3761	cmd = kzalloc(sizeof(*cmd), GFP_KERNEL);
3762	if (cmd == NULL)
3763		return;
3764
3765	cmd->header.code = cpu_to_le16(MWL8K_CMD_BASTREAM);
3766	cmd->header.length = cpu_to_le16(sizeof(*cmd));
3767	cmd->action = cpu_to_le32(MWL8K_BA_DESTROY);
3768
3769	cmd->destroy_params.ba_context = cpu_to_le32(stream->idx);
3770	mwl8k_post_cmd(hw, &cmd->header);
3771
3772	wiphy_debug(hw->wiphy, "Deleted BA stream index %d\n", stream->idx);
3773
3774	kfree(cmd);
3775}
3776
3777/*
3778 * CMD_SET_NEW_STN.
3779 */
3780struct mwl8k_cmd_set_new_stn {
3781	struct mwl8k_cmd_pkt header;
3782	__le16 aid;
3783	__u8 mac_addr[6];
3784	__le16 stn_id;
3785	__le16 action;
3786	__le16 rsvd;
3787	__le32 legacy_rates;
3788	__u8 ht_rates[4];
3789	__le16 cap_info;
3790	__le16 ht_capabilities_info;
3791	__u8 mac_ht_param_info;
3792	__u8 rev;
3793	__u8 control_channel;
3794	__u8 add_channel;
3795	__le16 op_mode;
3796	__le16 stbc;
3797	__u8 add_qos_info;
3798	__u8 is_qos_sta;
3799	__le32 fw_sta_ptr;
3800} __packed;
3801
3802#define MWL8K_STA_ACTION_ADD		0
3803#define MWL8K_STA_ACTION_REMOVE		2
3804
3805static int mwl8k_cmd_set_new_stn_add(struct ieee80211_hw *hw,
3806				     struct ieee80211_vif *vif,
3807				     struct ieee80211_sta *sta)
3808{
3809	struct mwl8k_cmd_set_new_stn *cmd;
3810	u32 rates;
3811	int rc;
3812
3813	cmd = kzalloc(sizeof(*cmd), GFP_KERNEL);
3814	if (cmd == NULL)
3815		return -ENOMEM;
3816
3817	cmd->header.code = cpu_to_le16(MWL8K_CMD_SET_NEW_STN);
3818	cmd->header.length = cpu_to_le16(sizeof(*cmd));
3819	cmd->aid = cpu_to_le16(sta->aid);
3820	memcpy(cmd->mac_addr, sta->addr, ETH_ALEN);
3821	cmd->stn_id = cpu_to_le16(sta->aid);
3822	cmd->action = cpu_to_le16(MWL8K_STA_ACTION_ADD);
3823	if (hw->conf.channel->band == IEEE80211_BAND_2GHZ)
3824		rates = sta->supp_rates[IEEE80211_BAND_2GHZ];
3825	else
3826		rates = sta->supp_rates[IEEE80211_BAND_5GHZ] << 5;
3827	cmd->legacy_rates = cpu_to_le32(rates);
3828	if (sta->ht_cap.ht_supported) {
3829		cmd->ht_rates[0] = sta->ht_cap.mcs.rx_mask[0];
3830		cmd->ht_rates[1] = sta->ht_cap.mcs.rx_mask[1];
3831		cmd->ht_rates[2] = sta->ht_cap.mcs.rx_mask[2];
3832		cmd->ht_rates[3] = sta->ht_cap.mcs.rx_mask[3];
3833		cmd->ht_capabilities_info = cpu_to_le16(sta->ht_cap.cap);
3834		cmd->mac_ht_param_info = (sta->ht_cap.ampdu_factor & 3) |
3835			((sta->ht_cap.ampdu_density & 7) << 2);
3836		cmd->is_qos_sta = 1;
3837	}
3838
3839	rc = mwl8k_post_pervif_cmd(hw, vif, &cmd->header);
3840	kfree(cmd);
3841
3842	return rc;
3843}
3844
3845static int mwl8k_cmd_set_new_stn_add_self(struct ieee80211_hw *hw,
3846					  struct ieee80211_vif *vif)
3847{
3848	struct mwl8k_cmd_set_new_stn *cmd;
3849	int rc;
3850
3851	cmd = kzalloc(sizeof(*cmd), GFP_KERNEL);
3852	if (cmd == NULL)
3853		return -ENOMEM;
3854
3855	cmd->header.code = cpu_to_le16(MWL8K_CMD_SET_NEW_STN);
3856	cmd->header.length = cpu_to_le16(sizeof(*cmd));
3857	memcpy(cmd->mac_addr, vif->addr, ETH_ALEN);
3858
3859	rc = mwl8k_post_pervif_cmd(hw, vif, &cmd->header);
3860	kfree(cmd);
3861
3862	return rc;
3863}
3864
3865static int mwl8k_cmd_set_new_stn_del(struct ieee80211_hw *hw,
3866				     struct ieee80211_vif *vif, u8 *addr)
3867{
3868	struct mwl8k_cmd_set_new_stn *cmd;
3869	int rc;
3870
3871	cmd = kzalloc(sizeof(*cmd), GFP_KERNEL);
3872	if (cmd == NULL)
3873		return -ENOMEM;
3874
3875	cmd->header.code = cpu_to_le16(MWL8K_CMD_SET_NEW_STN);
3876	cmd->header.length = cpu_to_le16(sizeof(*cmd));
3877	memcpy(cmd->mac_addr, addr, ETH_ALEN);
3878	cmd->action = cpu_to_le16(MWL8K_STA_ACTION_REMOVE);
3879
3880	rc = mwl8k_post_pervif_cmd(hw, vif, &cmd->header);
3881	kfree(cmd);
3882
3883	return rc;
3884}
3885
3886/*
3887 * CMD_UPDATE_ENCRYPTION.
3888 */
3889
3890#define MAX_ENCR_KEY_LENGTH	16
3891#define MIC_KEY_LENGTH		8
3892
3893struct mwl8k_cmd_update_encryption {
3894	struct mwl8k_cmd_pkt header;
3895
3896	__le32 action;
3897	__le32 reserved;
3898	__u8 mac_addr[6];
3899	__u8 encr_type;
3900
3901} __packed;
3902
3903struct mwl8k_cmd_set_key {
3904	struct mwl8k_cmd_pkt header;
3905
3906	__le32 action;
3907	__le32 reserved;
3908	__le16 length;
3909	__le16 key_type_id;
3910	__le32 key_info;
3911	__le32 key_id;
3912	__le16 key_len;
3913	__u8 key_material[MAX_ENCR_KEY_LENGTH];
3914	__u8 tkip_tx_mic_key[MIC_KEY_LENGTH];
3915	__u8 tkip_rx_mic_key[MIC_KEY_LENGTH];
3916	__le16 tkip_rsc_low;
3917	__le32 tkip_rsc_high;
3918	__le16 tkip_tsc_low;
3919	__le32 tkip_tsc_high;
3920	__u8 mac_addr[6];
3921} __packed;
3922
3923enum {
3924	MWL8K_ENCR_ENABLE,
3925	MWL8K_ENCR_SET_KEY,
3926	MWL8K_ENCR_REMOVE_KEY,
3927	MWL8K_ENCR_SET_GROUP_KEY,
3928};
3929
3930#define MWL8K_UPDATE_ENCRYPTION_TYPE_WEP	0
3931#define MWL8K_UPDATE_ENCRYPTION_TYPE_DISABLE	1
3932#define MWL8K_UPDATE_ENCRYPTION_TYPE_TKIP	4
3933#define MWL8K_UPDATE_ENCRYPTION_TYPE_MIXED	7
3934#define MWL8K_UPDATE_ENCRYPTION_TYPE_AES	8
3935
3936enum {
3937	MWL8K_ALG_WEP,
3938	MWL8K_ALG_TKIP,
3939	MWL8K_ALG_CCMP,
3940};
3941
3942#define MWL8K_KEY_FLAG_TXGROUPKEY	0x00000004
3943#define MWL8K_KEY_FLAG_PAIRWISE		0x00000008
3944#define MWL8K_KEY_FLAG_TSC_VALID	0x00000040
3945#define MWL8K_KEY_FLAG_WEP_TXKEY	0x01000000
3946#define MWL8K_KEY_FLAG_MICKEY_VALID	0x02000000
3947
3948static int mwl8k_cmd_update_encryption_enable(struct ieee80211_hw *hw,
3949					      struct ieee80211_vif *vif,
3950					      u8 *addr,
3951					      u8 encr_type)
3952{
3953	struct mwl8k_cmd_update_encryption *cmd;
3954	int rc;
3955
3956	cmd = kzalloc(sizeof(*cmd), GFP_KERNEL);
3957	if (cmd == NULL)
3958		return -ENOMEM;
3959
3960	cmd->header.code = cpu_to_le16(MWL8K_CMD_UPDATE_ENCRYPTION);
3961	cmd->header.length = cpu_to_le16(sizeof(*cmd));
3962	cmd->action = cpu_to_le32(MWL8K_ENCR_ENABLE);
3963	memcpy(cmd->mac_addr, addr, ETH_ALEN);
3964	cmd->encr_type = encr_type;
3965
3966	rc = mwl8k_post_pervif_cmd(hw, vif, &cmd->header);
3967	kfree(cmd);
3968
3969	return rc;
3970}
3971
3972static int mwl8k_encryption_set_cmd_info(struct mwl8k_cmd_set_key *cmd,
3973						u8 *addr,
3974						struct ieee80211_key_conf *key)
3975{
3976	cmd->header.code = cpu_to_le16(MWL8K_CMD_UPDATE_ENCRYPTION);
3977	cmd->header.length = cpu_to_le16(sizeof(*cmd));
3978	cmd->length = cpu_to_le16(sizeof(*cmd) -
3979				offsetof(struct mwl8k_cmd_set_key, length));
3980	cmd->key_id = cpu_to_le32(key->keyidx);
3981	cmd->key_len = cpu_to_le16(key->keylen);
3982	memcpy(cmd->mac_addr, addr, ETH_ALEN);
3983
3984	switch (key->cipher) {
3985	case WLAN_CIPHER_SUITE_WEP40:
3986	case WLAN_CIPHER_SUITE_WEP104:
3987		cmd->key_type_id = cpu_to_le16(MWL8K_ALG_WEP);
3988		if (key->keyidx == 0)
3989			cmd->key_info =	cpu_to_le32(MWL8K_KEY_FLAG_WEP_TXKEY);
3990
3991		break;
3992	case WLAN_CIPHER_SUITE_TKIP:
3993		cmd->key_type_id = cpu_to_le16(MWL8K_ALG_TKIP);
3994		cmd->key_info =	(key->flags & IEEE80211_KEY_FLAG_PAIRWISE)
3995			? cpu_to_le32(MWL8K_KEY_FLAG_PAIRWISE)
3996			: cpu_to_le32(MWL8K_KEY_FLAG_TXGROUPKEY);
3997		cmd->key_info |= cpu_to_le32(MWL8K_KEY_FLAG_MICKEY_VALID
3998						| MWL8K_KEY_FLAG_TSC_VALID);
3999		break;
4000	case WLAN_CIPHER_SUITE_CCMP:
4001		cmd->key_type_id = cpu_to_le16(MWL8K_ALG_CCMP);
4002		cmd->key_info =	(key->flags & IEEE80211_KEY_FLAG_PAIRWISE)
4003			? cpu_to_le32(MWL8K_KEY_FLAG_PAIRWISE)
4004			: cpu_to_le32(MWL8K_KEY_FLAG_TXGROUPKEY);
4005		break;
4006	default:
4007		return -ENOTSUPP;
4008	}
4009
4010	return 0;
4011}
4012
4013static int mwl8k_cmd_encryption_set_key(struct ieee80211_hw *hw,
4014						struct ieee80211_vif *vif,
4015						u8 *addr,
4016						struct ieee80211_key_conf *key)
4017{
4018	struct mwl8k_cmd_set_key *cmd;
4019	int rc;
4020	int keymlen;
4021	u32 action;
4022	u8 idx;
4023	struct mwl8k_vif *mwl8k_vif = MWL8K_VIF(vif);
4024
4025	cmd = kzalloc(sizeof(*cmd), GFP_KERNEL);
4026	if (cmd == NULL)
4027		return -ENOMEM;
4028
4029	rc = mwl8k_encryption_set_cmd_info(cmd, addr, key);
4030	if (rc < 0)
4031		goto done;
4032
4033	idx = key->keyidx;
4034
4035	if (key->flags & IEEE80211_KEY_FLAG_PAIRWISE)
4036		action = MWL8K_ENCR_SET_KEY;
4037	else
4038		action = MWL8K_ENCR_SET_GROUP_KEY;
4039
4040	switch (key->cipher) {
4041	case WLAN_CIPHER_SUITE_WEP40:
4042	case WLAN_CIPHER_SUITE_WEP104:
4043		if (!mwl8k_vif->wep_key_conf[idx].enabled) {
4044			memcpy(mwl8k_vif->wep_key_conf[idx].key, key,
4045						sizeof(*key) + key->keylen);
4046			mwl8k_vif->wep_key_conf[idx].enabled = 1;
4047		}
4048
4049		keymlen = key->keylen;
4050		action = MWL8K_ENCR_SET_KEY;
4051		break;
4052	case WLAN_CIPHER_SUITE_TKIP:
4053		keymlen = MAX_ENCR_KEY_LENGTH + 2 * MIC_KEY_LENGTH;
4054		break;
4055	case WLAN_CIPHER_SUITE_CCMP:
4056		keymlen = key->keylen;
4057		break;
4058	default:
4059		rc = -ENOTSUPP;
4060		goto done;
4061	}
4062
4063	memcpy(cmd->key_material, key->key, keymlen);
4064	cmd->action = cpu_to_le32(action);
4065
4066	rc = mwl8k_post_pervif_cmd(hw, vif, &cmd->header);
4067done:
4068	kfree(cmd);
4069
4070	return rc;
4071}
4072
4073static int mwl8k_cmd_encryption_remove_key(struct ieee80211_hw *hw,
4074						struct ieee80211_vif *vif,
4075						u8 *addr,
4076						struct ieee80211_key_conf *key)
4077{
4078	struct mwl8k_cmd_set_key *cmd;
4079	int rc;
4080	struct mwl8k_vif *mwl8k_vif = MWL8K_VIF(vif);
4081
4082	cmd = kzalloc(sizeof(*cmd), GFP_KERNEL);
4083	if (cmd == NULL)
4084		return -ENOMEM;
4085
4086	rc = mwl8k_encryption_set_cmd_info(cmd, addr, key);
4087	if (rc < 0)
4088		goto done;
4089
4090	if (key->cipher == WLAN_CIPHER_SUITE_WEP40 ||
4091			key->cipher == WLAN_CIPHER_SUITE_WEP104)
4092		mwl8k_vif->wep_key_conf[key->keyidx].enabled = 0;
4093
4094	cmd->action = cpu_to_le32(MWL8K_ENCR_REMOVE_KEY);
4095
4096	rc = mwl8k_post_pervif_cmd(hw, vif, &cmd->header);
4097done:
4098	kfree(cmd);
4099
4100	return rc;
4101}
4102
4103static int mwl8k_set_key(struct ieee80211_hw *hw,
4104			 enum set_key_cmd cmd_param,
4105			 struct ieee80211_vif *vif,
4106			 struct ieee80211_sta *sta,
4107			 struct ieee80211_key_conf *key)
4108{
4109	int rc = 0;
4110	u8 encr_type;
4111	u8 *addr;
4112	struct mwl8k_vif *mwl8k_vif = MWL8K_VIF(vif);
4113
4114	if (vif->type == NL80211_IFTYPE_STATION)
4115		return -EOPNOTSUPP;
4116
4117	if (sta == NULL)
4118		addr = vif->addr;
4119	else
4120		addr = sta->addr;
4121
4122	if (cmd_param == SET_KEY) {
4123		rc = mwl8k_cmd_encryption_set_key(hw, vif, addr, key);
4124		if (rc)
4125			goto out;
4126
4127		if ((key->cipher == WLAN_CIPHER_SUITE_WEP40)
4128				|| (key->cipher == WLAN_CIPHER_SUITE_WEP104))
4129			encr_type = MWL8K_UPDATE_ENCRYPTION_TYPE_WEP;
4130		else
4131			encr_type = MWL8K_UPDATE_ENCRYPTION_TYPE_MIXED;
4132
4133		rc = mwl8k_cmd_update_encryption_enable(hw, vif, addr,
4134								encr_type);
4135		if (rc)
4136			goto out;
4137
4138		mwl8k_vif->is_hw_crypto_enabled = true;
4139
4140	} else {
4141		rc = mwl8k_cmd_encryption_remove_key(hw, vif, addr, key);
4142
4143		if (rc)
4144			goto out;
4145	}
4146out:
4147	return rc;
4148}
4149
4150/*
4151 * CMD_UPDATE_STADB.
4152 */
4153struct ewc_ht_info {
4154	__le16	control1;
4155	__le16	control2;
4156	__le16	control3;
4157} __packed;
4158
4159struct peer_capability_info {
4160	/* Peer type - AP vs. STA.  */
4161	__u8	peer_type;
4162
4163	/* Basic 802.11 capabilities from assoc resp.  */
4164	__le16	basic_caps;
4165
4166	/* Set if peer supports 802.11n high throughput (HT).  */
4167	__u8	ht_support;
4168
4169	/* Valid if HT is supported.  */
4170	__le16	ht_caps;
4171	__u8	extended_ht_caps;
4172	struct ewc_ht_info	ewc_info;
4173
4174	/* Legacy rate table. Intersection of our rates and peer rates.  */
4175	__u8	legacy_rates[12];
4176
4177	/* HT rate table. Intersection of our rates and peer rates.  */
4178	__u8	ht_rates[16];
4179	__u8	pad[16];
4180
4181	/* If set, interoperability mode, no proprietary extensions.  */
4182	__u8	interop;
4183	__u8	pad2;
4184	__u8	station_id;
4185	__le16	amsdu_enabled;
4186} __packed;
4187
4188struct mwl8k_cmd_update_stadb {
4189	struct mwl8k_cmd_pkt header;
4190
4191	/* See STADB_ACTION_TYPE */
4192	__le32	action;
4193
4194	/* Peer MAC address */
4195	__u8	peer_addr[ETH_ALEN];
4196
4197	__le32	reserved;
4198
4199	/* Peer info - valid during add/update.  */
4200	struct peer_capability_info	peer_info;
4201} __packed;
4202
4203#define MWL8K_STA_DB_MODIFY_ENTRY	1
4204#define MWL8K_STA_DB_DEL_ENTRY		2
4205
4206/* Peer Entry flags - used to define the type of the peer node */
4207#define MWL8K_PEER_TYPE_ACCESSPOINT	2
4208
4209static int mwl8k_cmd_update_stadb_add(struct ieee80211_hw *hw,
4210				      struct ieee80211_vif *vif,
4211				      struct ieee80211_sta *sta)
4212{
4213	struct mwl8k_cmd_update_stadb *cmd;
4214	struct peer_capability_info *p;
4215	u32 rates;
4216	int rc;
4217
4218	cmd = kzalloc(sizeof(*cmd), GFP_KERNEL);
4219	if (cmd == NULL)
4220		return -ENOMEM;
4221
4222	cmd->header.code = cpu_to_le16(MWL8K_CMD_UPDATE_STADB);
4223	cmd->header.length = cpu_to_le16(sizeof(*cmd));
4224	cmd->action = cpu_to_le32(MWL8K_STA_DB_MODIFY_ENTRY);
4225	memcpy(cmd->peer_addr, sta->addr, ETH_ALEN);
4226
4227	p = &cmd->peer_info;
4228	p->peer_type = MWL8K_PEER_TYPE_ACCESSPOINT;
4229	p->basic_caps = cpu_to_le16(vif->bss_conf.assoc_capability);
4230	p->ht_support = sta->ht_cap.ht_supported;
4231	p->ht_caps = cpu_to_le16(sta->ht_cap.cap);
4232	p->extended_ht_caps = (sta->ht_cap.ampdu_factor & 3) |
4233		((sta->ht_cap.ampdu_density & 7) << 2);
4234	if (hw->conf.channel->band == IEEE80211_BAND_2GHZ)
4235		rates = sta->supp_rates[IEEE80211_BAND_2GHZ];
4236	else
4237		rates = sta->supp_rates[IEEE80211_BAND_5GHZ] << 5;
4238	legacy_rate_mask_to_array(p->legacy_rates, rates);
4239	memcpy(p->ht_rates, sta->ht_cap.mcs.rx_mask, 16);
4240	p->interop = 1;
4241	p->amsdu_enabled = 0;
4242
4243	rc = mwl8k_post_cmd(hw, &cmd->header);
4244	kfree(cmd);
4245
4246	return rc ? rc : p->station_id;
4247}
4248
4249static int mwl8k_cmd_update_stadb_del(struct ieee80211_hw *hw,
4250				      struct ieee80211_vif *vif, u8 *addr)
4251{
4252	struct mwl8k_cmd_update_stadb *cmd;
4253	int rc;
4254
4255	cmd = kzalloc(sizeof(*cmd), GFP_KERNEL);
4256	if (cmd == NULL)
4257		return -ENOMEM;
4258
4259	cmd->header.code = cpu_to_le16(MWL8K_CMD_UPDATE_STADB);
4260	cmd->header.length = cpu_to_le16(sizeof(*cmd));
4261	cmd->action = cpu_to_le32(MWL8K_STA_DB_DEL_ENTRY);
4262	memcpy(cmd->peer_addr, addr, ETH_ALEN);
4263
4264	rc = mwl8k_post_cmd(hw, &cmd->header);
4265	kfree(cmd);
4266
4267	return rc;
4268}
4269
4270
4271/*
4272 * Interrupt handling.
4273 */
4274static irqreturn_t mwl8k_interrupt(int irq, void *dev_id)
4275{
4276	struct ieee80211_hw *hw = dev_id;
4277	struct mwl8k_priv *priv = hw->priv;
4278	u32 status;
4279
4280	status = ioread32(priv->regs + MWL8K_HIU_A2H_INTERRUPT_STATUS);
4281	if (!status)
4282		return IRQ_NONE;
4283
4284	if (status & MWL8K_A2H_INT_TX_DONE) {
4285		status &= ~MWL8K_A2H_INT_TX_DONE;
4286		tasklet_schedule(&priv->poll_tx_task);
4287	}
4288
4289	if (status & MWL8K_A2H_INT_RX_READY) {
4290		status &= ~MWL8K_A2H_INT_RX_READY;
4291		tasklet_schedule(&priv->poll_rx_task);
4292	}
4293
4294	if (status & MWL8K_A2H_INT_BA_WATCHDOG) {
4295		status &= ~MWL8K_A2H_INT_BA_WATCHDOG;
4296		ieee80211_queue_work(hw, &priv->watchdog_ba_handle);
4297	}
4298
4299	if (status)
4300		iowrite32(~status, priv->regs + MWL8K_HIU_A2H_INTERRUPT_STATUS);
4301
4302	if (status & MWL8K_A2H_INT_OPC_DONE) {
4303		if (priv->hostcmd_wait != NULL)
4304			complete(priv->hostcmd_wait);
4305	}
4306
4307	if (status & MWL8K_A2H_INT_QUEUE_EMPTY) {
4308		if (!mutex_is_locked(&priv->fw_mutex) &&
4309		    priv->radio_on && priv->pending_tx_pkts)
4310			mwl8k_tx_start(priv);
4311	}
4312
4313	return IRQ_HANDLED;
4314}
4315
4316static void mwl8k_tx_poll(unsigned long data)
4317{
4318	struct ieee80211_hw *hw = (struct ieee80211_hw *)data;
4319	struct mwl8k_priv *priv = hw->priv;
4320	int limit;
4321	int i;
4322
4323	limit = 32;
4324
4325	spin_lock_bh(&priv->tx_lock);
4326
4327	for (i = 0; i < mwl8k_tx_queues(priv); i++)
4328		limit -= mwl8k_txq_reclaim(hw, i, limit, 0);
4329
4330	if (!priv->pending_tx_pkts && priv->tx_wait != NULL) {
4331		complete(priv->tx_wait);
4332		priv->tx_wait = NULL;
4333	}
4334
4335	spin_unlock_bh(&priv->tx_lock);
4336
4337	if (limit) {
4338		writel(~MWL8K_A2H_INT_TX_DONE,
4339		       priv->regs + MWL8K_HIU_A2H_INTERRUPT_STATUS);
4340	} else {
4341		tasklet_schedule(&priv->poll_tx_task);
4342	}
4343}
4344
4345static void mwl8k_rx_poll(unsigned long data)
4346{
4347	struct ieee80211_hw *hw = (struct ieee80211_hw *)data;
4348	struct mwl8k_priv *priv = hw->priv;
4349	int limit;
4350
4351	limit = 32;
4352	limit -= rxq_process(hw, 0, limit);
4353	limit -= rxq_refill(hw, 0, limit);
4354
4355	if (limit) {
4356		writel(~MWL8K_A2H_INT_RX_READY,
4357		       priv->regs + MWL8K_HIU_A2H_INTERRUPT_STATUS);
4358	} else {
4359		tasklet_schedule(&priv->poll_rx_task);
4360	}
4361}
4362
4363
4364/*
4365 * Core driver operations.
4366 */
4367static void mwl8k_tx(struct ieee80211_hw *hw, struct sk_buff *skb)
4368{
4369	struct mwl8k_priv *priv = hw->priv;
4370	int index = skb_get_queue_mapping(skb);
4371
4372	if (!priv->radio_on) {
4373		wiphy_debug(hw->wiphy,
4374			    "dropped TX frame since radio disabled\n");
4375		dev_kfree_skb(skb);
4376		return;
4377	}
4378
4379	mwl8k_txq_xmit(hw, index, skb);
4380}
4381
4382static int mwl8k_start(struct ieee80211_hw *hw)
4383{
4384	struct mwl8k_priv *priv = hw->priv;
4385	int rc;
4386
4387	rc = request_irq(priv->pdev->irq, mwl8k_interrupt,
4388			 IRQF_SHARED, MWL8K_NAME, hw);
4389	if (rc) {
4390		priv->irq = -1;
4391		wiphy_err(hw->wiphy, "failed to register IRQ handler\n");
4392		return -EIO;
4393	}
4394	priv->irq = priv->pdev->irq;
4395
4396	/* Enable TX reclaim and RX tasklets.  */
4397	tasklet_enable(&priv->poll_tx_task);
4398	tasklet_enable(&priv->poll_rx_task);
4399
4400	/* Enable interrupts */
4401	iowrite32(MWL8K_A2H_EVENTS, priv->regs + MWL8K_HIU_A2H_INTERRUPT_MASK);
4402	iowrite32(MWL8K_A2H_EVENTS,
4403		  priv->regs + MWL8K_HIU_A2H_INTERRUPT_STATUS_MASK);
4404
4405	rc = mwl8k_fw_lock(hw);
4406	if (!rc) {
4407		rc = mwl8k_cmd_radio_enable(hw);
4408
4409		if (!priv->ap_fw) {
4410			if (!rc)
4411				rc = mwl8k_cmd_enable_sniffer(hw, 0);
4412
4413			if (!rc)
4414				rc = mwl8k_cmd_set_pre_scan(hw);
4415
4416			if (!rc)
4417				rc = mwl8k_cmd_set_post_scan(hw,
4418						"\x00\x00\x00\x00\x00\x00");
4419		}
4420
4421		if (!rc)
4422			rc = mwl8k_cmd_set_rateadapt_mode(hw, 0);
4423
4424		if (!rc)
4425			rc = mwl8k_cmd_set_wmm_mode(hw, 0);
4426
4427		mwl8k_fw_unlock(hw);
4428	}
4429
4430	if (rc) {
4431		iowrite32(0, priv->regs + MWL8K_HIU_A2H_INTERRUPT_MASK);
4432		free_irq(priv->pdev->irq, hw);
4433		priv->irq = -1;
4434		tasklet_disable(&priv->poll_tx_task);
4435		tasklet_disable(&priv->poll_rx_task);
4436	}
4437
4438	return rc;
4439}
4440
4441static void mwl8k_stop(struct ieee80211_hw *hw)
4442{
4443	struct mwl8k_priv *priv = hw->priv;
4444	int i;
4445
4446	if (!priv->hw_restart_in_progress)
4447		mwl8k_cmd_radio_disable(hw);
4448
4449	ieee80211_stop_queues(hw);
4450
4451	/* Disable interrupts */
4452	iowrite32(0, priv->regs + MWL8K_HIU_A2H_INTERRUPT_MASK);
4453	if (priv->irq != -1) {
4454		free_irq(priv->pdev->irq, hw);
4455		priv->irq = -1;
4456	}
4457
4458	/* Stop finalize join worker */
4459	cancel_work_sync(&priv->finalize_join_worker);
4460	cancel_work_sync(&priv->watchdog_ba_handle);
4461	if (priv->beacon_skb != NULL)
4462		dev_kfree_skb(priv->beacon_skb);
4463
4464	/* Stop TX reclaim and RX tasklets.  */
4465	tasklet_disable(&priv->poll_tx_task);
4466	tasklet_disable(&priv->poll_rx_task);
4467
4468	/* Return all skbs to mac80211 */
4469	for (i = 0; i < mwl8k_tx_queues(priv); i++)
4470		mwl8k_txq_reclaim(hw, i, INT_MAX, 1);
4471}
4472
4473static int mwl8k_reload_firmware(struct ieee80211_hw *hw, char *fw_image);
4474
4475static int mwl8k_add_interface(struct ieee80211_hw *hw,
4476			       struct ieee80211_vif *vif)
4477{
4478	struct mwl8k_priv *priv = hw->priv;
4479	struct mwl8k_vif *mwl8k_vif;
4480	u32 macids_supported;
4481	int macid, rc;
4482	struct mwl8k_device_info *di;
4483
4484	/*
4485	 * Reject interface creation if sniffer mode is active, as
4486	 * STA operation is mutually exclusive with hardware sniffer
4487	 * mode.  (Sniffer mode is only used on STA firmware.)
4488	 */
4489	if (priv->sniffer_enabled) {
4490		wiphy_info(hw->wiphy,
4491			   "unable to create STA interface because sniffer mode is enabled\n");
4492		return -EINVAL;
4493	}
4494
4495	di = priv->device_info;
4496	switch (vif->type) {
4497	case NL80211_IFTYPE_AP:
4498		if (!priv->ap_fw && di->fw_image_ap) {
4499			/* we must load the ap fw to meet this request */
4500			if (!list_empty(&priv->vif_list))
4501				return -EBUSY;
4502			rc = mwl8k_reload_firmware(hw, di->fw_image_ap);
4503			if (rc)
4504				return rc;
4505		}
4506		macids_supported = priv->ap_macids_supported;
4507		break;
4508	case NL80211_IFTYPE_STATION:
4509		if (priv->ap_fw && di->fw_image_sta) {
4510			/* we must load the sta fw to meet this request */
4511			if (!list_empty(&priv->vif_list))
4512				return -EBUSY;
4513			rc = mwl8k_reload_firmware(hw, di->fw_image_sta);
4514			if (rc)
4515				return rc;
4516		}
4517		macids_supported = priv->sta_macids_supported;
4518		break;
4519	default:
4520		return -EINVAL;
4521	}
4522
4523	macid = ffs(macids_supported & ~priv->macids_used);
4524	if (!macid--)
4525		return -EBUSY;
4526
4527	/* Setup driver private area. */
4528	mwl8k_vif = MWL8K_VIF(vif);
4529	memset(mwl8k_vif, 0, sizeof(*mwl8k_vif));
4530	mwl8k_vif->vif = vif;
4531	mwl8k_vif->macid = macid;
4532	mwl8k_vif->seqno = 0;
4533	memcpy(mwl8k_vif->bssid, vif->addr, ETH_ALEN);
4534	mwl8k_vif->is_hw_crypto_enabled = false;
4535
4536	/* Set the mac address.  */
4537	mwl8k_cmd_set_mac_addr(hw, vif, vif->addr);
4538
4539	if (priv->ap_fw)
4540		mwl8k_cmd_set_new_stn_add_self(hw, vif);
4541
4542	priv->macids_used |= 1 << mwl8k_vif->macid;
4543	list_add_tail(&mwl8k_vif->list, &priv->vif_list);
4544
4545	return 0;
4546}
4547
4548static void mwl8k_remove_vif(struct mwl8k_priv *priv, struct mwl8k_vif *vif)
4549{
4550	/* Has ieee80211_restart_hw re-added the removed interfaces? */
4551	if (!priv->macids_used)
4552		return;
4553
4554	priv->macids_used &= ~(1 << vif->macid);
4555	list_del(&vif->list);
4556}
4557
4558static void mwl8k_remove_interface(struct ieee80211_hw *hw,
4559				   struct ieee80211_vif *vif)
4560{
4561	struct mwl8k_priv *priv = hw->priv;
4562	struct mwl8k_vif *mwl8k_vif = MWL8K_VIF(vif);
4563
4564	if (priv->ap_fw)
4565		mwl8k_cmd_set_new_stn_del(hw, vif, vif->addr);
4566
4567	mwl8k_cmd_del_mac_addr(hw, vif, vif->addr);
4568
4569	mwl8k_remove_vif(priv, mwl8k_vif);
4570}
4571
4572static void mwl8k_hw_restart_work(struct work_struct *work)
4573{
4574	struct mwl8k_priv *priv =
4575		container_of(work, struct mwl8k_priv, fw_reload);
4576	struct ieee80211_hw *hw = priv->hw;
4577	struct mwl8k_device_info *di;
4578	int rc;
4579
4580	/* If some command is waiting for a response, clear it */
4581	if (priv->hostcmd_wait != NULL) {
4582		complete(priv->hostcmd_wait);
4583		priv->hostcmd_wait = NULL;
4584	}
4585
4586	priv->hw_restart_owner = current;
4587	di = priv->device_info;
4588	mwl8k_fw_lock(hw);
4589
4590	if (priv->ap_fw)
4591		rc = mwl8k_reload_firmware(hw, di->fw_image_ap);
4592	else
4593		rc = mwl8k_reload_firmware(hw, di->fw_image_sta);
4594
4595	if (rc)
4596		goto fail;
4597
4598	priv->hw_restart_owner = NULL;
4599	priv->hw_restart_in_progress = false;
4600
4601	/*
4602	 * This unlock will wake up the queues and
4603	 * also opens the command path for other
4604	 * commands
4605	 */
4606	mwl8k_fw_unlock(hw);
4607
4608	ieee80211_restart_hw(hw);
4609
4610	wiphy_err(hw->wiphy, "Firmware restarted successfully\n");
4611
4612	return;
4613fail:
4614	mwl8k_fw_unlock(hw);
4615
4616	wiphy_err(hw->wiphy, "Firmware restart failed\n");
4617}
4618
4619static int mwl8k_config(struct ieee80211_hw *hw, u32 changed)
4620{
4621	struct ieee80211_conf *conf = &hw->conf;
4622	struct mwl8k_priv *priv = hw->priv;
4623	int rc;
4624
4625	if (conf->flags & IEEE80211_CONF_IDLE) {
4626		mwl8k_cmd_radio_disable(hw);
4627		return 0;
4628	}
4629
4630	rc = mwl8k_fw_lock(hw);
4631	if (rc)
4632		return rc;
4633
4634	rc = mwl8k_cmd_radio_enable(hw);
4635	if (rc)
4636		goto out;
4637
4638	rc = mwl8k_cmd_set_rf_channel(hw, conf);
4639	if (rc)
4640		goto out;
4641
4642	if (conf->power_level > 18)
4643		conf->power_level = 18;
4644
4645	if (priv->ap_fw) {
4646
4647		if (conf->flags & IEEE80211_CONF_CHANGE_POWER) {
4648			rc = mwl8k_cmd_tx_power(hw, conf, conf->power_level);
4649			if (rc)
4650				goto out;
4651		}
4652
4653		rc = mwl8k_cmd_rf_antenna(hw, MWL8K_RF_ANTENNA_RX, 0x3);
4654		if (rc)
4655			wiphy_warn(hw->wiphy, "failed to set # of RX antennas");
4656		rc = mwl8k_cmd_rf_antenna(hw, MWL8K_RF_ANTENNA_TX, 0x7);
4657		if (rc)
4658			wiphy_warn(hw->wiphy, "failed to set # of TX antennas");
4659
4660	} else {
4661		rc = mwl8k_cmd_rf_tx_power(hw, conf->power_level);
4662		if (rc)
4663			goto out;
4664		rc = mwl8k_cmd_mimo_config(hw, 0x7, 0x7);
4665	}
4666
4667out:
4668	mwl8k_fw_unlock(hw);
4669
4670	return rc;
4671}
4672
4673static void
4674mwl8k_bss_info_changed_sta(struct ieee80211_hw *hw, struct ieee80211_vif *vif,
4675			   struct ieee80211_bss_conf *info, u32 changed)
4676{
4677	struct mwl8k_priv *priv = hw->priv;
4678	u32 ap_legacy_rates = 0;
4679	u8 ap_mcs_rates[16];
4680	int rc;
4681
4682	if (mwl8k_fw_lock(hw))
4683		return;
4684
4685	/*
4686	 * No need to capture a beacon if we're no longer associated.
4687	 */
4688	if ((changed & BSS_CHANGED_ASSOC) && !vif->bss_conf.assoc)
4689		priv->capture_beacon = false;
4690
4691	/*
4692	 * Get the AP's legacy and MCS rates.
4693	 */
4694	if (vif->bss_conf.assoc) {
4695		struct ieee80211_sta *ap;
4696
4697		rcu_read_lock();
4698
4699		ap = ieee80211_find_sta(vif, vif->bss_conf.bssid);
4700		if (ap == NULL) {
4701			rcu_read_unlock();
4702			goto out;
4703		}
4704
4705		if (hw->conf.channel->band == IEEE80211_BAND_2GHZ) {
4706			ap_legacy_rates = ap->supp_rates[IEEE80211_BAND_2GHZ];
4707		} else {
4708			ap_legacy_rates =
4709				ap->supp_rates[IEEE80211_BAND_5GHZ] << 5;
4710		}
4711		memcpy(ap_mcs_rates, ap->ht_cap.mcs.rx_mask, 16);
4712
4713		rcu_read_unlock();
4714	}
4715
4716	if ((changed & BSS_CHANGED_ASSOC) && vif->bss_conf.assoc) {
4717		rc = mwl8k_cmd_set_rate(hw, vif, ap_legacy_rates, ap_mcs_rates);
4718		if (rc)
4719			goto out;
4720
4721		rc = mwl8k_cmd_use_fixed_rate_sta(hw);
4722		if (rc)
4723			goto out;
4724	}
4725
4726	if (changed & BSS_CHANGED_ERP_PREAMBLE) {
4727		rc = mwl8k_set_radio_preamble(hw,
4728				vif->bss_conf.use_short_preamble);
4729		if (rc)
4730			goto out;
4731	}
4732
4733	if (changed & BSS_CHANGED_ERP_SLOT) {
4734		rc = mwl8k_cmd_set_slot(hw, vif->bss_conf.use_short_slot);
4735		if (rc)
4736			goto out;
4737	}
4738
4739	if (vif->bss_conf.assoc &&
4740	    (changed & (BSS_CHANGED_ASSOC | BSS_CHANGED_ERP_CTS_PROT |
4741			BSS_CHANGED_HT))) {
4742		rc = mwl8k_cmd_set_aid(hw, vif, ap_legacy_rates);
4743		if (rc)
4744			goto out;
4745	}
4746
4747	if (vif->bss_conf.assoc &&
4748	    (changed & (BSS_CHANGED_ASSOC | BSS_CHANGED_BEACON_INT))) {
4749		/*
4750		 * Finalize the join.  Tell rx handler to process
4751		 * next beacon from our BSSID.
4752		 */
4753		memcpy(priv->capture_bssid, vif->bss_conf.bssid, ETH_ALEN);
4754		priv->capture_beacon = true;
4755	}
4756
4757out:
4758	mwl8k_fw_unlock(hw);
4759}
4760
4761static void
4762mwl8k_bss_info_changed_ap(struct ieee80211_hw *hw, struct ieee80211_vif *vif,
4763			  struct ieee80211_bss_conf *info, u32 changed)
4764{
4765	int rc;
4766
4767	if (mwl8k_fw_lock(hw))
4768		return;
4769
4770	if (changed & BSS_CHANGED_ERP_PREAMBLE) {
4771		rc = mwl8k_set_radio_preamble(hw,
4772				vif->bss_conf.use_short_preamble);
4773		if (rc)
4774			goto out;
4775	}
4776
4777	if (changed & BSS_CHANGED_BASIC_RATES) {
4778		int idx;
4779		int rate;
4780
4781		/*
4782		 * Use lowest supported basic rate for multicasts
4783		 * and management frames (such as probe responses --
4784		 * beacons will always go out at 1 Mb/s).
4785		 */
4786		idx = ffs(vif->bss_conf.basic_rates);
4787		if (idx)
4788			idx--;
4789
4790		if (hw->conf.channel->band == IEEE80211_BAND_2GHZ)
4791			rate = mwl8k_rates_24[idx].hw_value;
4792		else
4793			rate = mwl8k_rates_50[idx].hw_value;
4794
4795		mwl8k_cmd_use_fixed_rate_ap(hw, rate, rate);
4796	}
4797
4798	if (changed & (BSS_CHANGED_BEACON_INT | BSS_CHANGED_BEACON)) {
4799		struct sk_buff *skb;
4800
4801		skb = ieee80211_beacon_get(hw, vif);
4802		if (skb != NULL) {
4803			mwl8k_cmd_set_beacon(hw, vif, skb->data, skb->len);
4804			kfree_skb(skb);
4805		}
4806	}
4807
4808	if (changed & BSS_CHANGED_BEACON_ENABLED)
4809		mwl8k_cmd_bss_start(hw, vif, info->enable_beacon);
4810
4811out:
4812	mwl8k_fw_unlock(hw);
4813}
4814
4815static void
4816mwl8k_bss_info_changed(struct ieee80211_hw *hw, struct ieee80211_vif *vif,
4817		       struct ieee80211_bss_conf *info, u32 changed)
4818{
4819	struct mwl8k_priv *priv = hw->priv;
4820
4821	if (!priv->ap_fw)
4822		mwl8k_bss_info_changed_sta(hw, vif, info, changed);
4823	else
4824		mwl8k_bss_info_changed_ap(hw, vif, info, changed);
4825}
4826
4827static u64 mwl8k_prepare_multicast(struct ieee80211_hw *hw,
4828				   struct netdev_hw_addr_list *mc_list)
4829{
4830	struct mwl8k_cmd_pkt *cmd;
4831
4832	/*
4833	 * Synthesize and return a command packet that programs the
4834	 * hardware multicast address filter.  At this point we don't
4835	 * know whether FIF_ALLMULTI is being requested, but if it is,
4836	 * we'll end up throwing this packet away and creating a new
4837	 * one in mwl8k_configure_filter().
4838	 */
4839	cmd = __mwl8k_cmd_mac_multicast_adr(hw, 0, mc_list);
4840
4841	return (unsigned long)cmd;
4842}
4843
4844static int
4845mwl8k_configure_filter_sniffer(struct ieee80211_hw *hw,
4846			       unsigned int changed_flags,
4847			       unsigned int *total_flags)
4848{
4849	struct mwl8k_priv *priv = hw->priv;
4850
4851	/*
4852	 * Hardware sniffer mode is mutually exclusive with STA
4853	 * operation, so refuse to enable sniffer mode if a STA
4854	 * interface is active.
4855	 */
4856	if (!list_empty(&priv->vif_list)) {
4857		if (net_ratelimit())
4858			wiphy_info(hw->wiphy,
4859				   "not enabling sniffer mode because STA interface is active\n");
4860		return 0;
4861	}
4862
4863	if (!priv->sniffer_enabled) {
4864		if (mwl8k_cmd_enable_sniffer(hw, 1))
4865			return 0;
4866		priv->sniffer_enabled = true;
4867	}
4868
4869	*total_flags &=	FIF_PROMISC_IN_BSS | FIF_ALLMULTI |
4870			FIF_BCN_PRBRESP_PROMISC | FIF_CONTROL |
4871			FIF_OTHER_BSS;
4872
4873	return 1;
4874}
4875
4876static struct mwl8k_vif *mwl8k_first_vif(struct mwl8k_priv *priv)
4877{
4878	if (!list_empty(&priv->vif_list))
4879		return list_entry(priv->vif_list.next, struct mwl8k_vif, list);
4880
4881	return NULL;
4882}
4883
4884static void mwl8k_configure_filter(struct ieee80211_hw *hw,
4885				   unsigned int changed_flags,
4886				   unsigned int *total_flags,
4887				   u64 multicast)
4888{
4889	struct mwl8k_priv *priv = hw->priv;
4890	struct mwl8k_cmd_pkt *cmd = (void *)(unsigned long)multicast;
4891
4892	/*
4893	 * AP firmware doesn't allow fine-grained control over
4894	 * the receive filter.
4895	 */
4896	if (priv->ap_fw) {
4897		*total_flags &= FIF_ALLMULTI | FIF_BCN_PRBRESP_PROMISC;
4898		kfree(cmd);
4899		return;
4900	}
4901
4902	/*
4903	 * Enable hardware sniffer mode if FIF_CONTROL or
4904	 * FIF_OTHER_BSS is requested.
4905	 */
4906	if (*total_flags & (FIF_CONTROL | FIF_OTHER_BSS) &&
4907	    mwl8k_configure_filter_sniffer(hw, changed_flags, total_flags)) {
4908		kfree(cmd);
4909		return;
4910	}
4911
4912	/* Clear unsupported feature flags */
4913	*total_flags &= FIF_ALLMULTI | FIF_BCN_PRBRESP_PROMISC;
4914
4915	if (mwl8k_fw_lock(hw)) {
4916		kfree(cmd);
4917		return;
4918	}
4919
4920	if (priv->sniffer_enabled) {
4921		mwl8k_cmd_enable_sniffer(hw, 0);
4922		priv->sniffer_enabled = false;
4923	}
4924
4925	if (changed_flags & FIF_BCN_PRBRESP_PROMISC) {
4926		if (*total_flags & FIF_BCN_PRBRESP_PROMISC) {
4927			/*
4928			 * Disable the BSS filter.
4929			 */
4930			mwl8k_cmd_set_pre_scan(hw);
4931		} else {
4932			struct mwl8k_vif *mwl8k_vif;
4933			const u8 *bssid;
4934
4935			/*
4936			 * Enable the BSS filter.
4937			 *
4938			 * If there is an active STA interface, use that
4939			 * interface's BSSID, otherwise use a dummy one
4940			 * (where the OUI part needs to be nonzero for
4941			 * the BSSID to be accepted by POST_SCAN).
4942			 */
4943			mwl8k_vif = mwl8k_first_vif(priv);
4944			if (mwl8k_vif != NULL)
4945				bssid = mwl8k_vif->vif->bss_conf.bssid;
4946			else
4947				bssid = "\x01\x00\x00\x00\x00\x00";
4948
4949			mwl8k_cmd_set_post_scan(hw, bssid);
4950		}
4951	}
4952
4953	/*
4954	 * If FIF_ALLMULTI is being requested, throw away the command
4955	 * packet that ->prepare_multicast() built and replace it with
4956	 * a command packet that enables reception of all multicast
4957	 * packets.
4958	 */
4959	if (*total_flags & FIF_ALLMULTI) {
4960		kfree(cmd);
4961		cmd = __mwl8k_cmd_mac_multicast_adr(hw, 1, NULL);
4962	}
4963
4964	if (cmd != NULL) {
4965		mwl8k_post_cmd(hw, cmd);
4966		kfree(cmd);
4967	}
4968
4969	mwl8k_fw_unlock(hw);
4970}
4971
4972static int mwl8k_set_rts_threshold(struct ieee80211_hw *hw, u32 value)
4973{
4974	return mwl8k_cmd_set_rts_threshold(hw, value);
4975}
4976
4977static int mwl8k_sta_remove(struct ieee80211_hw *hw,
4978			    struct ieee80211_vif *vif,
4979			    struct ieee80211_sta *sta)
4980{
4981	struct mwl8k_priv *priv = hw->priv;
4982
4983	if (priv->ap_fw)
4984		return mwl8k_cmd_set_new_stn_del(hw, vif, sta->addr);
4985	else
4986		return mwl8k_cmd_update_stadb_del(hw, vif, sta->addr);
4987}
4988
4989static int mwl8k_sta_add(struct ieee80211_hw *hw,
4990			 struct ieee80211_vif *vif,
4991			 struct ieee80211_sta *sta)
4992{
4993	struct mwl8k_priv *priv = hw->priv;
4994	int ret;
4995	int i;
4996	struct mwl8k_vif *mwl8k_vif = MWL8K_VIF(vif);
4997	struct ieee80211_key_conf *key;
4998
4999	if (!priv->ap_fw) {
5000		ret = mwl8k_cmd_update_stadb_add(hw, vif, sta);
5001		if (ret >= 0) {
5002			MWL8K_STA(sta)->peer_id = ret;
5003			if (sta->ht_cap.ht_supported)
5004				MWL8K_STA(sta)->is_ampdu_allowed = true;
5005			ret = 0;
5006		}
5007
5008	} else {
5009		ret = mwl8k_cmd_set_new_stn_add(hw, vif, sta);
5010	}
5011
5012	for (i = 0; i < NUM_WEP_KEYS; i++) {
5013		key = IEEE80211_KEY_CONF(mwl8k_vif->wep_key_conf[i].key);
5014		if (mwl8k_vif->wep_key_conf[i].enabled)
5015			mwl8k_set_key(hw, SET_KEY, vif, sta, key);
5016	}
5017	return ret;
5018}
5019
5020static int mwl8k_conf_tx(struct ieee80211_hw *hw,
5021			 struct ieee80211_vif *vif, u16 queue,
5022			 const struct ieee80211_tx_queue_params *params)
5023{
5024	struct mwl8k_priv *priv = hw->priv;
5025	int rc;
5026
5027	rc = mwl8k_fw_lock(hw);
5028	if (!rc) {
5029		BUG_ON(queue > MWL8K_TX_WMM_QUEUES - 1);
5030		memcpy(&priv->wmm_params[queue], params, sizeof(*params));
5031
5032		if (!priv->wmm_enabled)
5033			rc = mwl8k_cmd_set_wmm_mode(hw, 1);
5034
5035		if (!rc) {
5036			int q = MWL8K_TX_WMM_QUEUES - 1 - queue;
5037			rc = mwl8k_cmd_set_edca_params(hw, q,
5038						       params->cw_min,
5039						       params->cw_max,
5040						       params->aifs,
5041						       params->txop);
5042		}
5043
5044		mwl8k_fw_unlock(hw);
5045	}
5046
5047	return rc;
5048}
5049
5050static int mwl8k_get_stats(struct ieee80211_hw *hw,
5051			   struct ieee80211_low_level_stats *stats)
5052{
5053	return mwl8k_cmd_get_stat(hw, stats);
5054}
5055
5056static int mwl8k_get_survey(struct ieee80211_hw *hw, int idx,
5057				struct survey_info *survey)
5058{
5059	struct mwl8k_priv *priv = hw->priv;
5060	struct ieee80211_conf *conf = &hw->conf;
5061
5062	if (idx != 0)
5063		return -ENOENT;
5064
5065	survey->channel = conf->channel;
5066	survey->filled = SURVEY_INFO_NOISE_DBM;
5067	survey->noise = priv->noise;
5068
5069	return 0;
5070}
5071
5072#define MAX_AMPDU_ATTEMPTS 5
5073
5074static int
5075mwl8k_ampdu_action(struct ieee80211_hw *hw, struct ieee80211_vif *vif,
5076		   enum ieee80211_ampdu_mlme_action action,
5077		   struct ieee80211_sta *sta, u16 tid, u16 *ssn,
5078		   u8 buf_size)
5079{
5080
5081	int i, rc = 0;
5082	struct mwl8k_priv *priv = hw->priv;
5083	struct mwl8k_ampdu_stream *stream;
5084	u8 *addr = sta->addr;
5085
5086	if (!(hw->flags & IEEE80211_HW_AMPDU_AGGREGATION))
5087		return -ENOTSUPP;
5088
5089	spin_lock(&priv->stream_lock);
5090	stream = mwl8k_lookup_stream(hw, addr, tid);
5091
5092	switch (action) {
5093	case IEEE80211_AMPDU_RX_START:
5094	case IEEE80211_AMPDU_RX_STOP:
5095		break;
5096	case IEEE80211_AMPDU_TX_START:
5097		/* By the time we get here the hw queues may contain outgoing
5098		 * packets for this RA/TID that are not part of this BA
5099		 * session.  The hw will assign sequence numbers to these
5100		 * packets as they go out.  So if we query the hw for its next
5101		 * sequence number and use that for the SSN here, it may end up
5102		 * being wrong, which will lead to sequence number mismatch at
5103		 * the recipient.  To avoid this, we reset the sequence number
5104		 * to O for the first MPDU in this BA stream.
5105		 */
5106		*ssn = 0;
5107		if (stream == NULL) {
5108			/* This means that somebody outside this driver called
5109			 * ieee80211_start_tx_ba_session.  This is unexpected
5110			 * because we do our own rate control.  Just warn and
5111			 * move on.
5112			 */
5113			wiphy_warn(hw->wiphy, "Unexpected call to %s.  "
5114				   "Proceeding anyway.\n", __func__);
5115			stream = mwl8k_add_stream(hw, sta, tid);
5116		}
5117		if (stream == NULL) {
5118			wiphy_debug(hw->wiphy, "no free AMPDU streams\n");
5119			rc = -EBUSY;
5120			break;
5121		}
5122		stream->state = AMPDU_STREAM_IN_PROGRESS;
5123
5124		/* Release the lock before we do the time consuming stuff */
5125		spin_unlock(&priv->stream_lock);
5126		for (i = 0; i < MAX_AMPDU_ATTEMPTS; i++) {
5127			rc = mwl8k_check_ba(hw, stream);
5128
5129			/* If HW restart is in progress mwl8k_post_cmd will
5130			 * return -EBUSY. Avoid retrying mwl8k_check_ba in
5131			 * such cases
5132			 */
5133			if (!rc || rc == -EBUSY)
5134				break;
5135			/*
5136			 * HW queues take time to be flushed, give them
5137			 * sufficient time
5138			 */
5139
5140			msleep(1000);
5141		}
5142		spin_lock(&priv->stream_lock);
5143		if (rc) {
5144			wiphy_err(hw->wiphy, "Stream for tid %d busy after %d"
5145				" attempts\n", tid, MAX_AMPDU_ATTEMPTS);
5146			mwl8k_remove_stream(hw, stream);
5147			rc = -EBUSY;
5148			break;
5149		}
5150		ieee80211_start_tx_ba_cb_irqsafe(vif, addr, tid);
5151		break;
5152	case IEEE80211_AMPDU_TX_STOP:
5153		if (stream) {
5154			if (stream->state == AMPDU_STREAM_ACTIVE) {
5155				spin_unlock(&priv->stream_lock);
5156				mwl8k_destroy_ba(hw, stream);
5157				spin_lock(&priv->stream_lock);
5158			}
5159			mwl8k_remove_stream(hw, stream);
5160		}
5161		ieee80211_stop_tx_ba_cb_irqsafe(vif, addr, tid);
5162		break;
5163	case IEEE80211_AMPDU_TX_OPERATIONAL:
5164		BUG_ON(stream == NULL);
5165		BUG_ON(stream->state != AMPDU_STREAM_IN_PROGRESS);
5166		spin_unlock(&priv->stream_lock);
5167		rc = mwl8k_create_ba(hw, stream, buf_size);
5168		spin_lock(&priv->stream_lock);
5169		if (!rc)
5170			stream->state = AMPDU_STREAM_ACTIVE;
5171		else {
5172			spin_unlock(&priv->stream_lock);
5173			mwl8k_destroy_ba(hw, stream);
5174			spin_lock(&priv->stream_lock);
5175			wiphy_debug(hw->wiphy,
5176				"Failed adding stream for sta %pM tid %d\n",
5177				addr, tid);
5178			mwl8k_remove_stream(hw, stream);
5179		}
5180		break;
5181
5182	default:
5183		rc = -ENOTSUPP;
5184	}
5185
5186	spin_unlock(&priv->stream_lock);
5187	return rc;
5188}
5189
5190static const struct ieee80211_ops mwl8k_ops = {
5191	.tx			= mwl8k_tx,
5192	.start			= mwl8k_start,
5193	.stop			= mwl8k_stop,
5194	.add_interface		= mwl8k_add_interface,
5195	.remove_interface	= mwl8k_remove_interface,
5196	.config			= mwl8k_config,
5197	.bss_info_changed	= mwl8k_bss_info_changed,
5198	.prepare_multicast	= mwl8k_prepare_multicast,
5199	.configure_filter	= mwl8k_configure_filter,
5200	.set_key                = mwl8k_set_key,
5201	.set_rts_threshold	= mwl8k_set_rts_threshold,
5202	.sta_add		= mwl8k_sta_add,
5203	.sta_remove		= mwl8k_sta_remove,
5204	.conf_tx		= mwl8k_conf_tx,
5205	.get_stats		= mwl8k_get_stats,
5206	.get_survey		= mwl8k_get_survey,
5207	.ampdu_action		= mwl8k_ampdu_action,
5208};
5209
5210static void mwl8k_finalize_join_worker(struct work_struct *work)
5211{
5212	struct mwl8k_priv *priv =
5213		container_of(work, struct mwl8k_priv, finalize_join_worker);
5214	struct sk_buff *skb = priv->beacon_skb;
5215	struct ieee80211_mgmt *mgmt = (void *)skb->data;
5216	int len = skb->len - offsetof(struct ieee80211_mgmt, u.beacon.variable);
5217	const u8 *tim = cfg80211_find_ie(WLAN_EID_TIM,
5218					 mgmt->u.beacon.variable, len);
5219	int dtim_period = 1;
5220
5221	if (tim && tim[1] >= 2)
5222		dtim_period = tim[3];
5223
5224	mwl8k_cmd_finalize_join(priv->hw, skb->data, skb->len, dtim_period);
5225
5226	dev_kfree_skb(skb);
5227	priv->beacon_skb = NULL;
5228}
5229
5230enum {
5231	MWL8363 = 0,
5232	MWL8687,
5233	MWL8366,
5234};
5235
5236#define MWL8K_8366_AP_FW_API 2
5237#define _MWL8K_8366_AP_FW(api) "mwl8k/fmimage_8366_ap-" #api ".fw"
5238#define MWL8K_8366_AP_FW(api) _MWL8K_8366_AP_FW(api)
5239
5240static struct mwl8k_device_info mwl8k_info_tbl[] __devinitdata = {
5241	[MWL8363] = {
5242		.part_name	= "88w8363",
5243		.helper_image	= "mwl8k/helper_8363.fw",
5244		.fw_image_sta	= "mwl8k/fmimage_8363.fw",
5245	},
5246	[MWL8687] = {
5247		.part_name	= "88w8687",
5248		.helper_image	= "mwl8k/helper_8687.fw",
5249		.fw_image_sta	= "mwl8k/fmimage_8687.fw",
5250	},
5251	[MWL8366] = {
5252		.part_name	= "88w8366",
5253		.helper_image	= "mwl8k/helper_8366.fw",
5254		.fw_image_sta	= "mwl8k/fmimage_8366.fw",
5255		.fw_image_ap	= MWL8K_8366_AP_FW(MWL8K_8366_AP_FW_API),
5256		.fw_api_ap	= MWL8K_8366_AP_FW_API,
5257		.ap_rxd_ops	= &rxd_8366_ap_ops,
5258	},
5259};
5260
5261MODULE_FIRMWARE("mwl8k/helper_8363.fw");
5262MODULE_FIRMWARE("mwl8k/fmimage_8363.fw");
5263MODULE_FIRMWARE("mwl8k/helper_8687.fw");
5264MODULE_FIRMWARE("mwl8k/fmimage_8687.fw");
5265MODULE_FIRMWARE("mwl8k/helper_8366.fw");
5266MODULE_FIRMWARE("mwl8k/fmimage_8366.fw");
5267MODULE_FIRMWARE(MWL8K_8366_AP_FW(MWL8K_8366_AP_FW_API));
5268
5269static DEFINE_PCI_DEVICE_TABLE(mwl8k_pci_id_table) = {
5270	{ PCI_VDEVICE(MARVELL, 0x2a0a), .driver_data = MWL8363, },
5271	{ PCI_VDEVICE(MARVELL, 0x2a0c), .driver_data = MWL8363, },
5272	{ PCI_VDEVICE(MARVELL, 0x2a24), .driver_data = MWL8363, },
5273	{ PCI_VDEVICE(MARVELL, 0x2a2b), .driver_data = MWL8687, },
5274	{ PCI_VDEVICE(MARVELL, 0x2a30), .driver_data = MWL8687, },
5275	{ PCI_VDEVICE(MARVELL, 0x2a40), .driver_data = MWL8366, },
5276	{ PCI_VDEVICE(MARVELL, 0x2a43), .driver_data = MWL8366, },
5277	{ },
5278};
5279MODULE_DEVICE_TABLE(pci, mwl8k_pci_id_table);
5280
5281static int mwl8k_request_alt_fw(struct mwl8k_priv *priv)
5282{
5283	int rc;
5284	printk(KERN_ERR "%s: Error requesting preferred fw %s.\n"
5285	       "Trying alternative firmware %s\n", pci_name(priv->pdev),
5286	       priv->fw_pref, priv->fw_alt);
5287	rc = mwl8k_request_fw(priv, priv->fw_alt, &priv->fw_ucode, true);
5288	if (rc) {
5289		printk(KERN_ERR "%s: Error requesting alt fw %s\n",
5290		       pci_name(priv->pdev), priv->fw_alt);
5291		return rc;
5292	}
5293	return 0;
5294}
5295
5296static int mwl8k_firmware_load_success(struct mwl8k_priv *priv);
5297static void mwl8k_fw_state_machine(const struct firmware *fw, void *context)
5298{
5299	struct mwl8k_priv *priv = context;
5300	struct mwl8k_device_info *di = priv->device_info;
5301	int rc;
5302
5303	switch (priv->fw_state) {
5304	case FW_STATE_INIT:
5305		if (!fw) {
5306			printk(KERN_ERR "%s: Error requesting helper fw %s\n",
5307			       pci_name(priv->pdev), di->helper_image);
5308			goto fail;
5309		}
5310		priv->fw_helper = fw;
5311		rc = mwl8k_request_fw(priv, priv->fw_pref, &priv->fw_ucode,
5312				      true);
5313		if (rc && priv->fw_alt) {
5314			rc = mwl8k_request_alt_fw(priv);
5315			if (rc)
5316				goto fail;
5317			priv->fw_state = FW_STATE_LOADING_ALT;
5318		} else if (rc)
5319			goto fail;
5320		else
5321			priv->fw_state = FW_STATE_LOADING_PREF;
5322		break;
5323
5324	case FW_STATE_LOADING_PREF:
5325		if (!fw) {
5326			if (priv->fw_alt) {
5327				rc = mwl8k_request_alt_fw(priv);
5328				if (rc)
5329					goto fail;
5330				priv->fw_state = FW_STATE_LOADING_ALT;
5331			} else
5332				goto fail;
5333		} else {
5334			priv->fw_ucode = fw;
5335			rc = mwl8k_firmware_load_success(priv);
5336			if (rc)
5337				goto fail;
5338			else
5339				complete(&priv->firmware_loading_complete);
5340		}
5341		break;
5342
5343	case FW_STATE_LOADING_ALT:
5344		if (!fw) {
5345			printk(KERN_ERR "%s: Error requesting alt fw %s\n",
5346			       pci_name(priv->pdev), di->helper_image);
5347			goto fail;
5348		}
5349		priv->fw_ucode = fw;
5350		rc = mwl8k_firmware_load_success(priv);
5351		if (rc)
5352			goto fail;
5353		else
5354			complete(&priv->firmware_loading_complete);
5355		break;
5356
5357	default:
5358		printk(KERN_ERR "%s: Unexpected firmware loading state: %d\n",
5359		       MWL8K_NAME, priv->fw_state);
5360		BUG_ON(1);
5361	}
5362
5363	return;
5364
5365fail:
5366	priv->fw_state = FW_STATE_ERROR;
5367	complete(&priv->firmware_loading_complete);
5368	device_release_driver(&priv->pdev->dev);
5369	mwl8k_release_firmware(priv);
5370}
5371
5372#define MAX_RESTART_ATTEMPTS 1
5373static int mwl8k_init_firmware(struct ieee80211_hw *hw, char *fw_image,
5374			       bool nowait)
5375{
5376	struct mwl8k_priv *priv = hw->priv;
5377	int rc;
5378	int count = MAX_RESTART_ATTEMPTS;
5379
5380retry:
5381	/* Reset firmware and hardware */
5382	mwl8k_hw_reset(priv);
5383
5384	/* Ask userland hotplug daemon for the device firmware */
5385	rc = mwl8k_request_firmware(priv, fw_image, nowait);
5386	if (rc) {
5387		wiphy_err(hw->wiphy, "Firmware files not found\n");
5388		return rc;
5389	}
5390
5391	if (nowait)
5392		return rc;
5393
5394	/* Load firmware into hardware */
5395	rc = mwl8k_load_firmware(hw);
5396	if (rc)
5397		wiphy_err(hw->wiphy, "Cannot start firmware\n");
5398
5399	/* Reclaim memory once firmware is successfully loaded */
5400	mwl8k_release_firmware(priv);
5401
5402	if (rc && count) {
5403		/* FW did not start successfully;
5404		 * lets try one more time
5405		 */
5406		count--;
5407		wiphy_err(hw->wiphy, "Trying to reload the firmware again\n");
5408		msleep(20);
5409		goto retry;
5410	}
5411
5412	return rc;
5413}
5414
5415static int mwl8k_init_txqs(struct ieee80211_hw *hw)
5416{
5417	struct mwl8k_priv *priv = hw->priv;
5418	int rc = 0;
5419	int i;
5420
5421	for (i = 0; i < mwl8k_tx_queues(priv); i++) {
5422		rc = mwl8k_txq_init(hw, i);
5423		if (rc)
5424			break;
5425		if (priv->ap_fw)
5426			iowrite32(priv->txq[i].txd_dma,
5427				  priv->sram + priv->txq_offset[i]);
5428	}
5429	return rc;
5430}
5431
5432/* initialize hw after successfully loading a firmware image */
5433static int mwl8k_probe_hw(struct ieee80211_hw *hw)
5434{
5435	struct mwl8k_priv *priv = hw->priv;
5436	int rc = 0;
5437	int i;
5438
5439	if (priv->ap_fw) {
5440		priv->rxd_ops = priv->device_info->ap_rxd_ops;
5441		if (priv->rxd_ops == NULL) {
5442			wiphy_err(hw->wiphy,
5443				  "Driver does not have AP firmware image support for this hardware\n");
5444			goto err_stop_firmware;
5445		}
5446	} else {
5447		priv->rxd_ops = &rxd_sta_ops;
5448	}
5449
5450	priv->sniffer_enabled = false;
5451	priv->wmm_enabled = false;
5452	priv->pending_tx_pkts = 0;
5453
5454	rc = mwl8k_rxq_init(hw, 0);
5455	if (rc)
5456		goto err_stop_firmware;
5457	rxq_refill(hw, 0, INT_MAX);
5458
5459	/* For the sta firmware, we need to know the dma addresses of tx queues
5460	 * before sending MWL8K_CMD_GET_HW_SPEC.  So we must initialize them
5461	 * prior to issuing this command.  But for the AP case, we learn the
5462	 * total number of queues from the result CMD_GET_HW_SPEC, so for this
5463	 * case we must initialize the tx queues after.
5464	 */
5465	priv->num_ampdu_queues = 0;
5466	if (!priv->ap_fw) {
5467		rc = mwl8k_init_txqs(hw);
5468		if (rc)
5469			goto err_free_queues;
5470	}
5471
5472	iowrite32(0, priv->regs + MWL8K_HIU_A2H_INTERRUPT_STATUS);
5473	iowrite32(0, priv->regs + MWL8K_HIU_A2H_INTERRUPT_MASK);
5474	iowrite32(MWL8K_A2H_INT_TX_DONE|MWL8K_A2H_INT_RX_READY|
5475		  MWL8K_A2H_INT_BA_WATCHDOG,
5476		  priv->regs + MWL8K_HIU_A2H_INTERRUPT_CLEAR_SEL);
5477	iowrite32(MWL8K_A2H_INT_OPC_DONE,
5478		  priv->regs + MWL8K_HIU_A2H_INTERRUPT_STATUS_MASK);
5479
5480	rc = request_irq(priv->pdev->irq, mwl8k_interrupt,
5481			 IRQF_SHARED, MWL8K_NAME, hw);
5482	if (rc) {
5483		wiphy_err(hw->wiphy, "failed to register IRQ handler\n");
5484		goto err_free_queues;
5485	}
5486
5487	/*
5488	 * When hw restart is requested,
5489	 * mac80211 will take care of clearing
5490	 * the ampdu streams, so do not clear
5491	 * the ampdu state here
5492	 */
5493	if (!priv->hw_restart_in_progress)
5494		memset(priv->ampdu, 0, sizeof(priv->ampdu));
5495
5496	/*
5497	 * Temporarily enable interrupts.  Initial firmware host
5498	 * commands use interrupts and avoid polling.  Disable
5499	 * interrupts when done.
5500	 */
5501	iowrite32(MWL8K_A2H_EVENTS, priv->regs + MWL8K_HIU_A2H_INTERRUPT_MASK);
5502
5503	/* Get config data, mac addrs etc */
5504	if (priv->ap_fw) {
5505		rc = mwl8k_cmd_get_hw_spec_ap(hw);
5506		if (!rc)
5507			rc = mwl8k_init_txqs(hw);
5508		if (!rc)
5509			rc = mwl8k_cmd_set_hw_spec(hw);
5510	} else {
5511		rc = mwl8k_cmd_get_hw_spec_sta(hw);
5512	}
5513	if (rc) {
5514		wiphy_err(hw->wiphy, "Cannot initialise firmware\n");
5515		goto err_free_irq;
5516	}
5517
5518	/* Turn radio off */
5519	rc = mwl8k_cmd_radio_disable(hw);
5520	if (rc) {
5521		wiphy_err(hw->wiphy, "Cannot disable\n");
5522		goto err_free_irq;
5523	}
5524
5525	/* Clear MAC address */
5526	rc = mwl8k_cmd_set_mac_addr(hw, NULL, "\x00\x00\x00\x00\x00\x00");
5527	if (rc) {
5528		wiphy_err(hw->wiphy, "Cannot clear MAC address\n");
5529		goto err_free_irq;
5530	}
5531
5532	/* Disable interrupts */
5533	iowrite32(0, priv->regs + MWL8K_HIU_A2H_INTERRUPT_MASK);
5534	free_irq(priv->pdev->irq, hw);
5535
5536	wiphy_info(hw->wiphy, "%s v%d, %pm, %s firmware %u.%u.%u.%u\n",
5537		   priv->device_info->part_name,
5538		   priv->hw_rev, hw->wiphy->perm_addr,
5539		   priv->ap_fw ? "AP" : "STA",
5540		   (priv->fw_rev >> 24) & 0xff, (priv->fw_rev >> 16) & 0xff,
5541		   (priv->fw_rev >> 8) & 0xff, priv->fw_rev & 0xff);
5542
5543	return 0;
5544
5545err_free_irq:
5546	iowrite32(0, priv->regs + MWL8K_HIU_A2H_INTERRUPT_MASK);
5547	free_irq(priv->pdev->irq, hw);
5548
5549err_free_queues:
5550	for (i = 0; i < mwl8k_tx_queues(priv); i++)
5551		mwl8k_txq_deinit(hw, i);
5552	mwl8k_rxq_deinit(hw, 0);
5553
5554err_stop_firmware:
5555	mwl8k_hw_reset(priv);
5556
5557	return rc;
5558}
5559
5560/*
5561 * invoke mwl8k_reload_firmware to change the firmware image after the device
5562 * has already been registered
5563 */
5564static int mwl8k_reload_firmware(struct ieee80211_hw *hw, char *fw_image)
5565{
5566	int i, rc = 0;
5567	struct mwl8k_priv *priv = hw->priv;
5568	struct mwl8k_vif *vif, *tmp_vif;
5569
5570	mwl8k_stop(hw);
5571	mwl8k_rxq_deinit(hw, 0);
5572
5573	/*
5574	 * All the existing interfaces are re-added by the ieee80211_reconfig;
5575	 * which means driver should remove existing interfaces before calling
5576	 * ieee80211_restart_hw
5577	 */
5578	if (priv->hw_restart_in_progress)
5579		list_for_each_entry_safe(vif, tmp_vif, &priv->vif_list, list)
5580			mwl8k_remove_vif(priv, vif);
5581
5582	for (i = 0; i < mwl8k_tx_queues(priv); i++)
5583		mwl8k_txq_deinit(hw, i);
5584
5585	rc = mwl8k_init_firmware(hw, fw_image, false);
5586	if (rc)
5587		goto fail;
5588
5589	rc = mwl8k_probe_hw(hw);
5590	if (rc)
5591		goto fail;
5592
5593	if (priv->hw_restart_in_progress)
5594		return rc;
5595
5596	rc = mwl8k_start(hw);
5597	if (rc)
5598		goto fail;
5599
5600	rc = mwl8k_config(hw, ~0);
5601	if (rc)
5602		goto fail;
5603
5604	for (i = 0; i < MWL8K_TX_WMM_QUEUES; i++) {
5605		rc = mwl8k_conf_tx(hw, NULL, i, &priv->wmm_params[i]);
5606		if (rc)
5607			goto fail;
5608	}
5609
5610	return rc;
5611
5612fail:
5613	printk(KERN_WARNING "mwl8k: Failed to reload firmware image.\n");
5614	return rc;
5615}
5616
5617static int mwl8k_firmware_load_success(struct mwl8k_priv *priv)
5618{
5619	struct ieee80211_hw *hw = priv->hw;
5620	int i, rc;
5621
5622	rc = mwl8k_load_firmware(hw);
5623	mwl8k_release_firmware(priv);
5624	if (rc) {
5625		wiphy_err(hw->wiphy, "Cannot start firmware\n");
5626		return rc;
5627	}
5628
5629	/*
5630	 * Extra headroom is the size of the required DMA header
5631	 * minus the size of the smallest 802.11 frame (CTS frame).
5632	 */
5633	hw->extra_tx_headroom =
5634		sizeof(struct mwl8k_dma_data) - sizeof(struct ieee80211_cts);
5635
5636	hw->extra_tx_headroom -= priv->ap_fw ? REDUCED_TX_HEADROOM : 0;
5637
5638	hw->channel_change_time = 10;
5639
5640	hw->queues = MWL8K_TX_WMM_QUEUES;
5641
5642	/* Set rssi values to dBm */
5643	hw->flags |= IEEE80211_HW_SIGNAL_DBM | IEEE80211_HW_HAS_RATE_CONTROL;
5644
5645	/*
5646	 * Ask mac80211 to not to trigger PS mode
5647	 * based on PM bit of incoming frames.
5648	 */
5649	if (priv->ap_fw)
5650		hw->flags |= IEEE80211_HW_AP_LINK_PS;
5651
5652	hw->vif_data_size = sizeof(struct mwl8k_vif);
5653	hw->sta_data_size = sizeof(struct mwl8k_sta);
5654
5655	priv->macids_used = 0;
5656	INIT_LIST_HEAD(&priv->vif_list);
5657
5658	/* Set default radio state and preamble */
5659	priv->radio_on = false;
5660	priv->radio_short_preamble = false;
5661
5662	/* Finalize join worker */
5663	INIT_WORK(&priv->finalize_join_worker, mwl8k_finalize_join_worker);
5664	/* Handle watchdog ba events */
5665	INIT_WORK(&priv->watchdog_ba_handle, mwl8k_watchdog_ba_events);
5666	/* To reload the firmware if it crashes */
5667	INIT_WORK(&priv->fw_reload, mwl8k_hw_restart_work);
5668
5669	/* TX reclaim and RX tasklets.  */
5670	tasklet_init(&priv->poll_tx_task, mwl8k_tx_poll, (unsigned long)hw);
5671	tasklet_disable(&priv->poll_tx_task);
5672	tasklet_init(&priv->poll_rx_task, mwl8k_rx_poll, (unsigned long)hw);
5673	tasklet_disable(&priv->poll_rx_task);
5674
5675	/* Power management cookie */
5676	priv->cookie = pci_alloc_consistent(priv->pdev, 4, &priv->cookie_dma);
5677	if (priv->cookie == NULL)
5678		return -ENOMEM;
5679
5680	mutex_init(&priv->fw_mutex);
5681	priv->fw_mutex_owner = NULL;
5682	priv->fw_mutex_depth = 0;
5683	priv->hostcmd_wait = NULL;
5684
5685	spin_lock_init(&priv->tx_lock);
5686
5687	spin_lock_init(&priv->stream_lock);
5688
5689	priv->tx_wait = NULL;
5690
5691	rc = mwl8k_probe_hw(hw);
5692	if (rc)
5693		goto err_free_cookie;
5694
5695	hw->wiphy->interface_modes = 0;
5696	if (priv->ap_macids_supported || priv->device_info->fw_image_ap)
5697		hw->wiphy->interface_modes |= BIT(NL80211_IFTYPE_AP);
5698	if (priv->sta_macids_supported || priv->device_info->fw_image_sta)
5699		hw->wiphy->interface_modes |= BIT(NL80211_IFTYPE_STATION);
5700
5701	rc = ieee80211_register_hw(hw);
5702	if (rc) {
5703		wiphy_err(hw->wiphy, "Cannot register device\n");
5704		goto err_unprobe_hw;
5705	}
5706
5707	return 0;
5708
5709err_unprobe_hw:
5710	for (i = 0; i < mwl8k_tx_queues(priv); i++)
5711		mwl8k_txq_deinit(hw, i);
5712	mwl8k_rxq_deinit(hw, 0);
5713
5714err_free_cookie:
5715	if (priv->cookie != NULL)
5716		pci_free_consistent(priv->pdev, 4,
5717				priv->cookie, priv->cookie_dma);
5718
5719	return rc;
5720}
5721static int __devinit mwl8k_probe(struct pci_dev *pdev,
5722				 const struct pci_device_id *id)
5723{
5724	static int printed_version;
5725	struct ieee80211_hw *hw;
5726	struct mwl8k_priv *priv;
5727	struct mwl8k_device_info *di;
5728	int rc;
5729
5730	if (!printed_version) {
5731		printk(KERN_INFO "%s version %s\n", MWL8K_DESC, MWL8K_VERSION);
5732		printed_version = 1;
5733	}
5734
5735
5736	rc = pci_enable_device(pdev);
5737	if (rc) {
5738		printk(KERN_ERR "%s: Cannot enable new PCI device\n",
5739		       MWL8K_NAME);
5740		return rc;
5741	}
5742
5743	rc = pci_request_regions(pdev, MWL8K_NAME);
5744	if (rc) {
5745		printk(KERN_ERR "%s: Cannot obtain PCI resources\n",
5746		       MWL8K_NAME);
5747		goto err_disable_device;
5748	}
5749
5750	pci_set_master(pdev);
5751
5752
5753	hw = ieee80211_alloc_hw(sizeof(*priv), &mwl8k_ops);
5754	if (hw == NULL) {
5755		printk(KERN_ERR "%s: ieee80211 alloc failed\n", MWL8K_NAME);
5756		rc = -ENOMEM;
5757		goto err_free_reg;
5758	}
5759
5760	SET_IEEE80211_DEV(hw, &pdev->dev);
5761	pci_set_drvdata(pdev, hw);
5762
5763	priv = hw->priv;
5764	priv->hw = hw;
5765	priv->pdev = pdev;
5766	priv->device_info = &mwl8k_info_tbl[id->driver_data];
5767
5768
5769	priv->sram = pci_iomap(pdev, 0, 0x10000);
5770	if (priv->sram == NULL) {
5771		wiphy_err(hw->wiphy, "Cannot map device SRAM\n");
5772		goto err_iounmap;
5773	}
5774
5775	/*
5776	 * If BAR0 is a 32 bit BAR, the register BAR will be BAR1.
5777	 * If BAR0 is a 64 bit BAR, the register BAR will be BAR2.
5778	 */
5779	priv->regs = pci_iomap(pdev, 1, 0x10000);
5780	if (priv->regs == NULL) {
5781		priv->regs = pci_iomap(pdev, 2, 0x10000);
5782		if (priv->regs == NULL) {
5783			wiphy_err(hw->wiphy, "Cannot map device registers\n");
5784			goto err_iounmap;
5785		}
5786	}
5787
5788	/*
5789	 * Choose the initial fw image depending on user input.  If a second
5790	 * image is available, make it the alternative image that will be
5791	 * loaded if the first one fails.
5792	 */
5793	init_completion(&priv->firmware_loading_complete);
5794	di = priv->device_info;
5795	if (ap_mode_default && di->fw_image_ap) {
5796		priv->fw_pref = di->fw_image_ap;
5797		priv->fw_alt = di->fw_image_sta;
5798	} else if (!ap_mode_default && di->fw_image_sta) {
5799		priv->fw_pref = di->fw_image_sta;
5800		priv->fw_alt = di->fw_image_ap;
5801	} else if (ap_mode_default && !di->fw_image_ap && di->fw_image_sta) {
5802		printk(KERN_WARNING "AP fw is unavailable.  Using STA fw.");
5803		priv->fw_pref = di->fw_image_sta;
5804	} else if (!ap_mode_default && !di->fw_image_sta && di->fw_image_ap) {
5805		printk(KERN_WARNING "STA fw is unavailable.  Using AP fw.");
5806		priv->fw_pref = di->fw_image_ap;
5807	}
5808	rc = mwl8k_init_firmware(hw, priv->fw_pref, true);
5809	if (rc)
5810		goto err_stop_firmware;
5811
5812	priv->hw_restart_in_progress = false;
5813
5814	return rc;
5815
5816err_stop_firmware:
5817	mwl8k_hw_reset(priv);
5818
5819err_iounmap:
5820	if (priv->regs != NULL)
5821		pci_iounmap(pdev, priv->regs);
5822
5823	if (priv->sram != NULL)
5824		pci_iounmap(pdev, priv->sram);
5825
5826	pci_set_drvdata(pdev, NULL);
5827	ieee80211_free_hw(hw);
5828
5829err_free_reg:
5830	pci_release_regions(pdev);
5831
5832err_disable_device:
5833	pci_disable_device(pdev);
5834
5835	return rc;
5836}
5837
5838static void __devexit mwl8k_shutdown(struct pci_dev *pdev)
5839{
5840	printk(KERN_ERR "===>%s(%u)\n", __func__, __LINE__);
5841}
5842
5843static void __devexit mwl8k_remove(struct pci_dev *pdev)
5844{
5845	struct ieee80211_hw *hw = pci_get_drvdata(pdev);
5846	struct mwl8k_priv *priv;
5847	int i;
5848
5849	if (hw == NULL)
5850		return;
5851	priv = hw->priv;
5852
5853	wait_for_completion(&priv->firmware_loading_complete);
5854
5855	if (priv->fw_state == FW_STATE_ERROR) {
5856		mwl8k_hw_reset(priv);
5857		goto unmap;
5858	}
5859
5860	ieee80211_stop_queues(hw);
5861
5862	ieee80211_unregister_hw(hw);
5863
5864	/* Remove TX reclaim and RX tasklets.  */
5865	tasklet_kill(&priv->poll_tx_task);
5866	tasklet_kill(&priv->poll_rx_task);
5867
5868	/* Stop hardware */
5869	mwl8k_hw_reset(priv);
5870
5871	/* Return all skbs to mac80211 */
5872	for (i = 0; i < mwl8k_tx_queues(priv); i++)
5873		mwl8k_txq_reclaim(hw, i, INT_MAX, 1);
5874
5875	for (i = 0; i < mwl8k_tx_queues(priv); i++)
5876		mwl8k_txq_deinit(hw, i);
5877
5878	mwl8k_rxq_deinit(hw, 0);
5879
5880	pci_free_consistent(priv->pdev, 4, priv->cookie, priv->cookie_dma);
5881
5882unmap:
5883	pci_iounmap(pdev, priv->regs);
5884	pci_iounmap(pdev, priv->sram);
5885	pci_set_drvdata(pdev, NULL);
5886	ieee80211_free_hw(hw);
5887	pci_release_regions(pdev);
5888	pci_disable_device(pdev);
5889}
5890
5891static struct pci_driver mwl8k_driver = {
5892	.name		= MWL8K_NAME,
5893	.id_table	= mwl8k_pci_id_table,
5894	.probe		= mwl8k_probe,
5895	.remove		= __devexit_p(mwl8k_remove),
5896	.shutdown	= __devexit_p(mwl8k_shutdown),
5897};
5898
5899module_pci_driver(mwl8k_driver);
5900
5901MODULE_DESCRIPTION(MWL8K_DESC);
5902MODULE_VERSION(MWL8K_VERSION);
5903MODULE_AUTHOR("Lennert Buytenhek <buytenh@marvell.com>");
5904MODULE_LICENSE("GPL");
Configure Feed

Configure Feed
