summaryrefslogtreecommitdiffstats
path: root/drivers/net/wireless/intersil
diff options
context:
space:
mode:
Diffstat (limited to 'drivers/net/wireless/intersil')
-rw-r--r--drivers/net/wireless/intersil/Kconfig19
-rw-r--r--drivers/net/wireless/intersil/Makefile4
-rw-r--r--drivers/net/wireless/intersil/hostap/Kconfig95
-rw-r--r--drivers/net/wireless/intersil/hostap/Makefile8
-rw-r--r--drivers/net/wireless/intersil/hostap/hostap.h99
-rw-r--r--drivers/net/wireless/intersil/hostap/hostap_80211.h97
-rw-r--r--drivers/net/wireless/intersil/hostap/hostap_80211_rx.c1116
-rw-r--r--drivers/net/wireless/intersil/hostap/hostap_80211_tx.c554
-rw-r--r--drivers/net/wireless/intersil/hostap/hostap_ap.c3277
-rw-r--r--drivers/net/wireless/intersil/hostap/hostap_ap.h264
-rw-r--r--drivers/net/wireless/intersil/hostap/hostap_common.h420
-rw-r--r--drivers/net/wireless/intersil/hostap/hostap_config.h49
-rw-r--r--drivers/net/wireless/intersil/hostap/hostap_cs.c710
-rw-r--r--drivers/net/wireless/intersil/hostap/hostap_download.c811
-rw-r--r--drivers/net/wireless/intersil/hostap/hostap_hw.c3387
-rw-r--r--drivers/net/wireless/intersil/hostap/hostap_info.c509
-rw-r--r--drivers/net/wireless/intersil/hostap/hostap_ioctl.c4053
-rw-r--r--drivers/net/wireless/intersil/hostap/hostap_main.c1126
-rw-r--r--drivers/net/wireless/intersil/hostap/hostap_pci.c445
-rw-r--r--drivers/net/wireless/intersil/hostap/hostap_plx.c617
-rw-r--r--drivers/net/wireless/intersil/hostap/hostap_proc.c411
-rw-r--r--drivers/net/wireless/intersil/hostap/hostap_wlan.h1051
-rw-r--r--drivers/net/wireless/intersil/orinoco/Kconfig143
-rw-r--r--drivers/net/wireless/intersil/orinoco/Makefile15
-rw-r--r--drivers/net/wireless/intersil/orinoco/airport.c268
-rw-r--r--drivers/net/wireless/intersil/orinoco/cfg.c291
-rw-r--r--drivers/net/wireless/intersil/orinoco/cfg.h15
-rw-r--r--drivers/net/wireless/intersil/orinoco/fw.c387
-rw-r--r--drivers/net/wireless/intersil/orinoco/fw.h21
-rw-r--r--drivers/net/wireless/intersil/orinoco/hermes.c777
-rw-r--r--drivers/net/wireless/intersil/orinoco/hermes.h534
-rw-r--r--drivers/net/wireless/intersil/orinoco/hermes_dld.c477
-rw-r--r--drivers/net/wireless/intersil/orinoco/hermes_dld.h52
-rw-r--r--drivers/net/wireless/intersil/orinoco/hermes_rid.h165
-rw-r--r--drivers/net/wireless/intersil/orinoco/hw.c1362
-rw-r--r--drivers/net/wireless/intersil/orinoco/hw.h60
-rw-r--r--drivers/net/wireless/intersil/orinoco/main.c2414
-rw-r--r--drivers/net/wireless/intersil/orinoco/main.h50
-rw-r--r--drivers/net/wireless/intersil/orinoco/mic.c89
-rw-r--r--drivers/net/wireless/intersil/orinoco/mic.h23
-rw-r--r--drivers/net/wireless/intersil/orinoco/orinoco.h251
-rw-r--r--drivers/net/wireless/intersil/orinoco/orinoco_cs.c350
-rw-r--r--drivers/net/wireless/intersil/orinoco/orinoco_nortel.c314
-rw-r--r--drivers/net/wireless/intersil/orinoco/orinoco_pci.c257
-rw-r--r--drivers/net/wireless/intersil/orinoco/orinoco_pci.h54
-rw-r--r--drivers/net/wireless/intersil/orinoco/orinoco_plx.c362
-rw-r--r--drivers/net/wireless/intersil/orinoco/orinoco_tmd.c237
-rw-r--r--drivers/net/wireless/intersil/orinoco/orinoco_usb.c1787
-rw-r--r--drivers/net/wireless/intersil/orinoco/scan.c259
-rw-r--r--drivers/net/wireless/intersil/orinoco/scan.h21
-rw-r--r--drivers/net/wireless/intersil/orinoco/spectrum_cs.c328
-rw-r--r--drivers/net/wireless/intersil/orinoco/wext.c1413
-rw-r--r--drivers/net/wireless/intersil/orinoco/wext.h13
-rw-r--r--drivers/net/wireless/intersil/p54/Kconfig72
-rw-r--r--drivers/net/wireless/intersil/p54/Makefile8
-rw-r--r--drivers/net/wireless/intersil/p54/eeprom.c981
-rw-r--r--drivers/net/wireless/intersil/p54/eeprom.h242
-rw-r--r--drivers/net/wireless/intersil/p54/fwio.c759
-rw-r--r--drivers/net/wireless/intersil/p54/led.c158
-rw-r--r--drivers/net/wireless/intersil/p54/lmac.h559
-rw-r--r--drivers/net/wireless/intersil/p54/main.c861
-rw-r--r--drivers/net/wireless/intersil/p54/p54.h278
-rw-r--r--drivers/net/wireless/intersil/p54/p54pci.c708
-rw-r--r--drivers/net/wireless/intersil/p54/p54pci.h109
-rw-r--r--drivers/net/wireless/intersil/p54/p54spi.c706
-rw-r--r--drivers/net/wireless/intersil/p54/p54spi.h112
-rw-r--r--drivers/net/wireless/intersil/p54/p54spi_eeprom.h666
-rw-r--r--drivers/net/wireless/intersil/p54/p54usb.c1140
-rw-r--r--drivers/net/wireless/intersil/p54/p54usb.h159
-rw-r--r--drivers/net/wireless/intersil/p54/txrx.c942
70 files changed, 40371 insertions, 0 deletions
diff --git a/drivers/net/wireless/intersil/Kconfig b/drivers/net/wireless/intersil/Kconfig
new file mode 100644
index 000000000..bd6bf70ec
--- /dev/null
+++ b/drivers/net/wireless/intersil/Kconfig
@@ -0,0 +1,19 @@
+# SPDX-License-Identifier: GPL-2.0-only
+config WLAN_VENDOR_INTERSIL
+ bool "Intersil devices"
+ default y
+ help
+ If you have a wireless card belonging to this class, say Y.
+
+ Note that the answer to this question doesn't directly affect the
+ kernel: saying N will just cause the configurator to skip all the
+ questions about these cards. If you say Y, you will be asked for
+ your specific card in the following questions.
+
+if WLAN_VENDOR_INTERSIL
+
+source "drivers/net/wireless/intersil/hostap/Kconfig"
+source "drivers/net/wireless/intersil/orinoco/Kconfig"
+source "drivers/net/wireless/intersil/p54/Kconfig"
+
+endif # WLAN_VENDOR_INTERSIL
diff --git a/drivers/net/wireless/intersil/Makefile b/drivers/net/wireless/intersil/Makefile
new file mode 100644
index 000000000..65281d1b3
--- /dev/null
+++ b/drivers/net/wireless/intersil/Makefile
@@ -0,0 +1,4 @@
+# SPDX-License-Identifier: GPL-2.0-only
+obj-$(CONFIG_HOSTAP) += hostap/
+obj-$(CONFIG_HERMES) += orinoco/
+obj-$(CONFIG_P54_COMMON) += p54/
diff --git a/drivers/net/wireless/intersil/hostap/Kconfig b/drivers/net/wireless/intersil/hostap/Kconfig
new file mode 100644
index 000000000..c865d3156
--- /dev/null
+++ b/drivers/net/wireless/intersil/hostap/Kconfig
@@ -0,0 +1,95 @@
+# SPDX-License-Identifier: GPL-2.0-only
+config HOSTAP
+ tristate "IEEE 802.11 for Host AP (Prism2/2.5/3 and WEP/TKIP/CCMP)"
+ select WIRELESS_EXT
+ select WEXT_SPY
+ select WEXT_PRIV
+ select CRYPTO
+ select CRYPTO_MICHAEL_MIC
+ select CRC32
+ select LIB80211
+ select LIB80211_CRYPT_WEP
+ select LIB80211_CRYPT_TKIP
+ select LIB80211_CRYPT_CCMP
+ help
+ Shared driver code for IEEE 802.11b wireless cards based on
+ Intersil Prism2/2.5/3 chipset. This driver supports so called
+ Host AP mode that allows the card to act as an IEEE 802.11
+ access point.
+
+ See <http://hostap.epitest.fi/> for more information about the
+ Host AP driver configuration and tools. This site includes
+ information and tools (hostapd and wpa_supplicant) for WPA/WPA2
+ support.
+
+ This option includes the base Host AP driver code that is shared by
+ different hardware models. You will also need to enable support for
+ PLX/PCI/CS version of the driver to actually use the driver.
+
+ The driver can be compiled as a module and it will be called
+ hostap.
+
+config HOSTAP_FIRMWARE
+ bool "Support downloading firmware images with Host AP driver"
+ depends on HOSTAP
+ help
+ Configure Host AP driver to include support for firmware image
+ download. This option by itself only enables downloading to the
+ volatile memory, i.e. the card RAM. This option is required to
+ support cards that don't have firmware in flash, such as D-Link
+ DWL-520 rev E and D-Link DWL-650 rev P.
+
+ Firmware image downloading needs a user space tool, prism2_srec.
+ It is available from http://hostap.epitest.fi/.
+
+config HOSTAP_FIRMWARE_NVRAM
+ bool "Support for non-volatile firmware download"
+ depends on HOSTAP_FIRMWARE
+ help
+ Allow Host AP driver to write firmware images to the non-volatile
+ card memory, i.e. flash memory that survives power cycling.
+ Enable this option if you want to be able to change card firmware
+ permanently.
+
+ Firmware image downloading needs a user space tool, prism2_srec.
+ It is available from http://hostap.epitest.fi/.
+
+config HOSTAP_PLX
+ tristate "Host AP driver for Prism2/2.5/3 in PLX9052 PCI adaptors"
+ depends on PCI && HOSTAP
+ help
+ Host AP driver's version for Prism2/2.5/3 PC Cards in PLX9052 based
+ PCI adaptors.
+
+ "Host AP support for Prism2/2.5/3 IEEE 802.11b" is required for this
+ driver and its help text includes more information about the Host AP
+ driver.
+
+ The driver can be compiled as a module and will be named
+ hostap_plx.
+
+config HOSTAP_PCI
+ tristate "Host AP driver for Prism2.5 PCI adaptors"
+ depends on PCI && HOSTAP
+ help
+ Host AP driver's version for Prism2.5 PCI adaptors.
+
+ "Host AP support for Prism2/2.5/3 IEEE 802.11b" is required for this
+ driver and its help text includes more information about the Host AP
+ driver.
+
+ The driver can be compiled as a module and will be named
+ hostap_pci.
+
+config HOSTAP_CS
+ tristate "Host AP driver for Prism2/2.5/3 PC Cards"
+ depends on PCMCIA && HOSTAP
+ help
+ Host AP driver's version for Prism2/2.5/3 PC Cards.
+
+ "Host AP support for Prism2/2.5/3 IEEE 802.11b" is required for this
+ driver and its help text includes more information about the Host AP
+ driver.
+
+ The driver can be compiled as a module and will be named
+ hostap_cs.
diff --git a/drivers/net/wireless/intersil/hostap/Makefile b/drivers/net/wireless/intersil/hostap/Makefile
new file mode 100644
index 000000000..ae3bb73b2
--- /dev/null
+++ b/drivers/net/wireless/intersil/hostap/Makefile
@@ -0,0 +1,8 @@
+# SPDX-License-Identifier: GPL-2.0
+hostap-y := hostap_80211_rx.o hostap_80211_tx.o hostap_ap.o hostap_info.o \
+ hostap_ioctl.o hostap_main.o hostap_proc.o
+obj-$(CONFIG_HOSTAP) += hostap.o
+
+obj-$(CONFIG_HOSTAP_CS) += hostap_cs.o
+obj-$(CONFIG_HOSTAP_PLX) += hostap_plx.o
+obj-$(CONFIG_HOSTAP_PCI) += hostap_pci.o
diff --git a/drivers/net/wireless/intersil/hostap/hostap.h b/drivers/net/wireless/intersil/hostap/hostap.h
new file mode 100644
index 000000000..c17ab6dbb
--- /dev/null
+++ b/drivers/net/wireless/intersil/hostap/hostap.h
@@ -0,0 +1,99 @@
+/* SPDX-License-Identifier: GPL-2.0 */
+#ifndef HOSTAP_H
+#define HOSTAP_H
+
+#include <linux/ethtool.h>
+#include <linux/kernel.h>
+
+#include "hostap_wlan.h"
+#include "hostap_ap.h"
+
+static const long __maybe_unused freq_list[] = {
+ 2412, 2417, 2422, 2427, 2432, 2437, 2442,
+ 2447, 2452, 2457, 2462, 2467, 2472, 2484
+};
+#define FREQ_COUNT ARRAY_SIZE(freq_list)
+
+/* hostap.c */
+
+extern struct proc_dir_entry *hostap_proc;
+
+u16 hostap_tx_callback_register(local_info_t *local,
+ void (*func)(struct sk_buff *, int ok, void *),
+ void *data);
+int hostap_tx_callback_unregister(local_info_t *local, u16 idx);
+int hostap_set_word(struct net_device *dev, int rid, u16 val);
+int hostap_set_string(struct net_device *dev, int rid, const char *val);
+u16 hostap_get_porttype(local_info_t *local);
+int hostap_set_encryption(local_info_t *local);
+int hostap_set_antsel(local_info_t *local);
+int hostap_set_roaming(local_info_t *local);
+int hostap_set_auth_algs(local_info_t *local);
+void hostap_dump_rx_header(const char *name,
+ const struct hfa384x_rx_frame *rx);
+void hostap_dump_tx_header(const char *name,
+ const struct hfa384x_tx_frame *tx);
+extern const struct header_ops hostap_80211_ops;
+int hostap_80211_get_hdrlen(__le16 fc);
+struct net_device_stats *hostap_get_stats(struct net_device *dev);
+void hostap_setup_dev(struct net_device *dev, local_info_t *local,
+ int type);
+void hostap_set_multicast_list_queue(struct work_struct *work);
+int hostap_set_hostapd(local_info_t *local, int val, int rtnl_locked);
+int hostap_set_hostapd_sta(local_info_t *local, int val, int rtnl_locked);
+void hostap_cleanup(local_info_t *local);
+void hostap_cleanup_handler(void *data);
+struct net_device * hostap_add_interface(struct local_info *local,
+ int type, int rtnl_locked,
+ const char *prefix, const char *name);
+void hostap_remove_interface(struct net_device *dev, int rtnl_locked,
+ int remove_from_list);
+int prism2_update_comms_qual(struct net_device *dev);
+int prism2_sta_send_mgmt(local_info_t *local, u8 *dst, u16 stype,
+ u8 *body, size_t bodylen);
+int prism2_sta_deauth(local_info_t *local, u16 reason);
+int prism2_wds_add(local_info_t *local, u8 *remote_addr,
+ int rtnl_locked);
+int prism2_wds_del(local_info_t *local, u8 *remote_addr,
+ int rtnl_locked, int do_not_remove);
+
+
+/* hostap_ap.c */
+
+int ap_control_add_mac(struct mac_restrictions *mac_restrictions, u8 *mac);
+int ap_control_del_mac(struct mac_restrictions *mac_restrictions, u8 *mac);
+void ap_control_flush_macs(struct mac_restrictions *mac_restrictions);
+int ap_control_kick_mac(struct ap_data *ap, struct net_device *dev, u8 *mac);
+void ap_control_kickall(struct ap_data *ap);
+void * ap_crypt_get_ptrs(struct ap_data *ap, u8 *addr, int permanent,
+ struct lib80211_crypt_data ***crypt);
+int prism2_ap_get_sta_qual(local_info_t *local, struct sockaddr addr[],
+ struct iw_quality qual[], int buf_size,
+ int aplist);
+int prism2_ap_translate_scan(struct net_device *dev,
+ struct iw_request_info *info, char *buffer);
+int prism2_hostapd(struct ap_data *ap, struct prism2_hostapd_param *param);
+
+
+/* hostap_proc.c */
+
+void hostap_init_proc(local_info_t *local);
+void hostap_remove_proc(local_info_t *local);
+
+
+/* hostap_info.c */
+
+void hostap_info_init(local_info_t *local);
+void hostap_info_process(local_info_t *local, struct sk_buff *skb);
+
+
+/* hostap_ioctl.c */
+
+extern const struct iw_handler_def hostap_iw_handler_def;
+extern const struct ethtool_ops prism2_ethtool_ops;
+
+int hostap_ioctl(struct net_device *dev, struct ifreq *ifr, int cmd);
+int hostap_siocdevprivate(struct net_device *dev, struct ifreq *ifr,
+ void __user *data, int cmd);
+
+#endif /* HOSTAP_H */
diff --git a/drivers/net/wireless/intersil/hostap/hostap_80211.h b/drivers/net/wireless/intersil/hostap/hostap_80211.h
new file mode 100644
index 000000000..1452cf6ec
--- /dev/null
+++ b/drivers/net/wireless/intersil/hostap/hostap_80211.h
@@ -0,0 +1,97 @@
+/* SPDX-License-Identifier: GPL-2.0 */
+#ifndef HOSTAP_80211_H
+#define HOSTAP_80211_H
+
+#include <linux/types.h>
+#include <linux/skbuff.h>
+#include <linux/netdevice.h>
+
+struct hostap_ieee80211_mgmt {
+ __le16 frame_control;
+ __le16 duration;
+ u8 da[6];
+ u8 sa[6];
+ u8 bssid[6];
+ __le16 seq_ctrl;
+ union {
+ struct {
+ __le16 auth_alg;
+ __le16 auth_transaction;
+ __le16 status_code;
+ /* possibly followed by Challenge text */
+ u8 variable[0];
+ } __packed auth;
+ struct {
+ __le16 reason_code;
+ } __packed deauth;
+ struct {
+ __le16 capab_info;
+ __le16 listen_interval;
+ /* followed by SSID and Supported rates */
+ u8 variable[0];
+ } __packed assoc_req;
+ struct {
+ __le16 capab_info;
+ __le16 status_code;
+ __le16 aid;
+ /* followed by Supported rates */
+ u8 variable[0];
+ } __packed assoc_resp, reassoc_resp;
+ struct {
+ __le16 capab_info;
+ __le16 listen_interval;
+ u8 current_ap[6];
+ /* followed by SSID and Supported rates */
+ u8 variable[0];
+ } __packed reassoc_req;
+ struct {
+ __le16 reason_code;
+ } __packed disassoc;
+ struct {
+ } __packed probe_req;
+ struct {
+ u8 timestamp[8];
+ __le16 beacon_int;
+ __le16 capab_info;
+ /* followed by some of SSID, Supported rates,
+ * FH Params, DS Params, CF Params, IBSS Params, TIM */
+ u8 variable[0];
+ } __packed beacon, probe_resp;
+ } u;
+} __packed;
+
+
+#define IEEE80211_MGMT_HDR_LEN 24
+#define IEEE80211_DATA_HDR3_LEN 24
+#define IEEE80211_DATA_HDR4_LEN 30
+
+
+struct hostap_80211_rx_status {
+ u32 mac_time;
+ u8 signal;
+ u8 noise;
+ u16 rate; /* in 100 kbps */
+};
+
+/* prism2_rx_80211 'type' argument */
+enum {
+ PRISM2_RX_MONITOR, PRISM2_RX_MGMT, PRISM2_RX_NON_ASSOC,
+ PRISM2_RX_NULLFUNC_ACK
+};
+
+int prism2_rx_80211(struct net_device *dev, struct sk_buff *skb,
+ struct hostap_80211_rx_status *rx_stats, int type);
+void hostap_80211_rx(struct net_device *dev, struct sk_buff *skb,
+ struct hostap_80211_rx_status *rx_stats);
+void hostap_dump_rx_80211(const char *name, struct sk_buff *skb,
+ struct hostap_80211_rx_status *rx_stats);
+
+void hostap_dump_tx_80211(const char *name, struct sk_buff *skb);
+netdev_tx_t hostap_data_start_xmit(struct sk_buff *skb,
+ struct net_device *dev);
+netdev_tx_t hostap_mgmt_start_xmit(struct sk_buff *skb,
+ struct net_device *dev);
+netdev_tx_t hostap_master_start_xmit(struct sk_buff *skb,
+ struct net_device *dev);
+
+#endif /* HOSTAP_80211_H */
diff --git a/drivers/net/wireless/intersil/hostap/hostap_80211_rx.c b/drivers/net/wireless/intersil/hostap/hostap_80211_rx.c
new file mode 100644
index 000000000..61be822f9
--- /dev/null
+++ b/drivers/net/wireless/intersil/hostap/hostap_80211_rx.c
@@ -0,0 +1,1116 @@
+// SPDX-License-Identifier: GPL-2.0
+#include <linux/etherdevice.h>
+#include <linux/slab.h>
+#include <linux/export.h>
+#include <net/lib80211.h>
+#include <linux/if_arp.h>
+
+#include "hostap_80211.h"
+#include "hostap.h"
+#include "hostap_ap.h"
+
+/* See IEEE 802.1H for LLC/SNAP encapsulation/decapsulation */
+/* Ethernet-II snap header (RFC1042 for most EtherTypes) */
+static unsigned char rfc1042_header[] =
+{ 0xaa, 0xaa, 0x03, 0x00, 0x00, 0x00 };
+/* Bridge-Tunnel header (for EtherTypes ETH_P_AARP and ETH_P_IPX) */
+static unsigned char bridge_tunnel_header[] =
+{ 0xaa, 0xaa, 0x03, 0x00, 0x00, 0xf8 };
+/* No encapsulation header if EtherType < 0x600 (=length) */
+
+void hostap_dump_rx_80211(const char *name, struct sk_buff *skb,
+ struct hostap_80211_rx_status *rx_stats)
+{
+ struct ieee80211_hdr *hdr;
+ u16 fc;
+
+ hdr = (struct ieee80211_hdr *) skb->data;
+
+ printk(KERN_DEBUG "%s: RX signal=%d noise=%d rate=%d len=%d "
+ "jiffies=%ld\n",
+ name, rx_stats->signal, rx_stats->noise, rx_stats->rate,
+ skb->len, jiffies);
+
+ if (skb->len < 2)
+ return;
+
+ fc = le16_to_cpu(hdr->frame_control);
+ printk(KERN_DEBUG " FC=0x%04x (type=%d:%d)%s%s",
+ fc, (fc & IEEE80211_FCTL_FTYPE) >> 2,
+ (fc & IEEE80211_FCTL_STYPE) >> 4,
+ fc & IEEE80211_FCTL_TODS ? " [ToDS]" : "",
+ fc & IEEE80211_FCTL_FROMDS ? " [FromDS]" : "");
+
+ if (skb->len < IEEE80211_DATA_HDR3_LEN) {
+ printk("\n");
+ return;
+ }
+
+ printk(" dur=0x%04x seq=0x%04x\n", le16_to_cpu(hdr->duration_id),
+ le16_to_cpu(hdr->seq_ctrl));
+
+ printk(KERN_DEBUG " A1=%pM", hdr->addr1);
+ printk(" A2=%pM", hdr->addr2);
+ printk(" A3=%pM", hdr->addr3);
+ if (skb->len >= 30)
+ printk(" A4=%pM", hdr->addr4);
+ printk("\n");
+}
+
+
+/* Send RX frame to netif with 802.11 (and possible prism) header.
+ * Called from hardware or software IRQ context. */
+int prism2_rx_80211(struct net_device *dev, struct sk_buff *skb,
+ struct hostap_80211_rx_status *rx_stats, int type)
+{
+ struct hostap_interface *iface;
+ local_info_t *local;
+ int hdrlen, phdrlen, head_need, tail_need;
+ u16 fc;
+ int prism_header, ret;
+ struct ieee80211_hdr *fhdr;
+
+ iface = netdev_priv(dev);
+ local = iface->local;
+
+ if (dev->type == ARPHRD_IEEE80211_PRISM) {
+ if (local->monitor_type == PRISM2_MONITOR_PRISM) {
+ prism_header = 1;
+ phdrlen = sizeof(struct linux_wlan_ng_prism_hdr);
+ } else { /* local->monitor_type == PRISM2_MONITOR_CAPHDR */
+ prism_header = 2;
+ phdrlen = sizeof(struct linux_wlan_ng_cap_hdr);
+ }
+ } else if (dev->type == ARPHRD_IEEE80211_RADIOTAP) {
+ prism_header = 3;
+ phdrlen = sizeof(struct hostap_radiotap_rx);
+ } else {
+ prism_header = 0;
+ phdrlen = 0;
+ }
+
+ fhdr = (struct ieee80211_hdr *) skb->data;
+ fc = le16_to_cpu(fhdr->frame_control);
+
+ if (type == PRISM2_RX_MGMT && (fc & IEEE80211_FCTL_VERS)) {
+ printk(KERN_DEBUG "%s: dropped management frame with header "
+ "version %d\n", dev->name, fc & IEEE80211_FCTL_VERS);
+ dev_kfree_skb_any(skb);
+ return 0;
+ }
+
+ hdrlen = hostap_80211_get_hdrlen(fhdr->frame_control);
+
+ /* check if there is enough room for extra data; if not, expand skb
+ * buffer to be large enough for the changes */
+ head_need = phdrlen;
+ tail_need = 0;
+#ifdef PRISM2_ADD_BOGUS_CRC
+ tail_need += 4;
+#endif /* PRISM2_ADD_BOGUS_CRC */
+
+ head_need -= skb_headroom(skb);
+ tail_need -= skb_tailroom(skb);
+
+ if (head_need > 0 || tail_need > 0) {
+ if (pskb_expand_head(skb, head_need > 0 ? head_need : 0,
+ tail_need > 0 ? tail_need : 0,
+ GFP_ATOMIC)) {
+ printk(KERN_DEBUG "%s: prism2_rx_80211 failed to "
+ "reallocate skb buffer\n", dev->name);
+ dev_kfree_skb_any(skb);
+ return 0;
+ }
+ }
+
+ /* We now have an skb with enough head and tail room, so just insert
+ * the extra data */
+
+#ifdef PRISM2_ADD_BOGUS_CRC
+ memset(skb_put(skb, 4), 0xff, 4); /* Prism2 strips CRC */
+#endif /* PRISM2_ADD_BOGUS_CRC */
+
+ if (prism_header == 1) {
+ struct linux_wlan_ng_prism_hdr *hdr;
+ hdr = skb_push(skb, phdrlen);
+ memset(hdr, 0, phdrlen);
+ hdr->msgcode = LWNG_CAP_DID_BASE;
+ hdr->msglen = sizeof(*hdr);
+ memcpy(hdr->devname, dev->name, sizeof(hdr->devname));
+#define LWNG_SETVAL(f,i,s,l,d) \
+hdr->f.did = LWNG_CAP_DID_BASE | (i << 12); \
+hdr->f.status = s; hdr->f.len = l; hdr->f.data = d
+ LWNG_SETVAL(hosttime, 1, 0, 4, jiffies);
+ LWNG_SETVAL(mactime, 2, 0, 4, rx_stats->mac_time);
+ LWNG_SETVAL(channel, 3, 1 /* no value */, 4, 0);
+ LWNG_SETVAL(rssi, 4, 1 /* no value */, 4, 0);
+ LWNG_SETVAL(sq, 5, 1 /* no value */, 4, 0);
+ LWNG_SETVAL(signal, 6, 0, 4, rx_stats->signal);
+ LWNG_SETVAL(noise, 7, 0, 4, rx_stats->noise);
+ LWNG_SETVAL(rate, 8, 0, 4, rx_stats->rate / 5);
+ LWNG_SETVAL(istx, 9, 0, 4, 0);
+ LWNG_SETVAL(frmlen, 10, 0, 4, skb->len - phdrlen);
+#undef LWNG_SETVAL
+ } else if (prism_header == 2) {
+ struct linux_wlan_ng_cap_hdr *hdr;
+ hdr = skb_push(skb, phdrlen);
+ memset(hdr, 0, phdrlen);
+ hdr->version = htonl(LWNG_CAPHDR_VERSION);
+ hdr->length = htonl(phdrlen);
+ hdr->mactime = __cpu_to_be64(rx_stats->mac_time);
+ hdr->hosttime = __cpu_to_be64(jiffies);
+ hdr->phytype = htonl(4); /* dss_dot11_b */
+ hdr->channel = htonl(local->channel);
+ hdr->datarate = htonl(rx_stats->rate);
+ hdr->antenna = htonl(0); /* unknown */
+ hdr->priority = htonl(0); /* unknown */
+ hdr->ssi_type = htonl(3); /* raw */
+ hdr->ssi_signal = htonl(rx_stats->signal);
+ hdr->ssi_noise = htonl(rx_stats->noise);
+ hdr->preamble = htonl(0); /* unknown */
+ hdr->encoding = htonl(1); /* cck */
+ } else if (prism_header == 3) {
+ struct hostap_radiotap_rx *hdr;
+ hdr = skb_push(skb, phdrlen);
+ memset(hdr, 0, phdrlen);
+ hdr->hdr.it_len = cpu_to_le16(phdrlen);
+ hdr->hdr.it_present =
+ cpu_to_le32((1 << IEEE80211_RADIOTAP_TSFT) |
+ (1 << IEEE80211_RADIOTAP_CHANNEL) |
+ (1 << IEEE80211_RADIOTAP_RATE) |
+ (1 << IEEE80211_RADIOTAP_DBM_ANTSIGNAL) |
+ (1 << IEEE80211_RADIOTAP_DBM_ANTNOISE));
+ hdr->tsft = cpu_to_le64(rx_stats->mac_time);
+ hdr->chan_freq = cpu_to_le16(freq_list[local->channel - 1]);
+ hdr->chan_flags = cpu_to_le16(IEEE80211_CHAN_CCK |
+ IEEE80211_CHAN_2GHZ);
+ hdr->rate = rx_stats->rate / 5;
+ hdr->dbm_antsignal = rx_stats->signal;
+ hdr->dbm_antnoise = rx_stats->noise;
+ }
+
+ ret = skb->len - phdrlen;
+ skb->dev = dev;
+ skb_reset_mac_header(skb);
+ skb_pull(skb, hdrlen);
+ if (prism_header)
+ skb_pull(skb, phdrlen);
+ skb->pkt_type = PACKET_OTHERHOST;
+ skb->protocol = cpu_to_be16(ETH_P_802_2);
+ memset(skb->cb, 0, sizeof(skb->cb));
+ netif_rx(skb);
+
+ return ret;
+}
+
+
+/* Called only as a tasklet (software IRQ) */
+static void monitor_rx(struct net_device *dev, struct sk_buff *skb,
+ struct hostap_80211_rx_status *rx_stats)
+{
+ int len;
+
+ len = prism2_rx_80211(dev, skb, rx_stats, PRISM2_RX_MONITOR);
+ dev->stats.rx_packets++;
+ dev->stats.rx_bytes += len;
+}
+
+
+/* Called only as a tasklet (software IRQ) */
+static struct prism2_frag_entry *
+prism2_frag_cache_find(local_info_t *local, unsigned int seq,
+ unsigned int frag, u8 *src, u8 *dst)
+{
+ struct prism2_frag_entry *entry;
+ int i;
+
+ for (i = 0; i < PRISM2_FRAG_CACHE_LEN; i++) {
+ entry = &local->frag_cache[i];
+ if (entry->skb != NULL &&
+ time_after(jiffies, entry->first_frag_time + 2 * HZ)) {
+ printk(KERN_DEBUG "%s: expiring fragment cache entry "
+ "seq=%u last_frag=%u\n",
+ local->dev->name, entry->seq, entry->last_frag);
+ dev_kfree_skb(entry->skb);
+ entry->skb = NULL;
+ }
+
+ if (entry->skb != NULL && entry->seq == seq &&
+ (entry->last_frag + 1 == frag || frag == -1) &&
+ memcmp(entry->src_addr, src, ETH_ALEN) == 0 &&
+ memcmp(entry->dst_addr, dst, ETH_ALEN) == 0)
+ return entry;
+ }
+
+ return NULL;
+}
+
+
+/* Called only as a tasklet (software IRQ) */
+static struct sk_buff *
+prism2_frag_cache_get(local_info_t *local, struct ieee80211_hdr *hdr)
+{
+ struct sk_buff *skb = NULL;
+ u16 sc;
+ unsigned int frag, seq;
+ struct prism2_frag_entry *entry;
+
+ sc = le16_to_cpu(hdr->seq_ctrl);
+ frag = sc & IEEE80211_SCTL_FRAG;
+ seq = (sc & IEEE80211_SCTL_SEQ) >> 4;
+
+ if (frag == 0) {
+ /* Reserve enough space to fit maximum frame length */
+ skb = dev_alloc_skb(local->dev->mtu +
+ sizeof(struct ieee80211_hdr) +
+ 8 /* LLC */ +
+ 2 /* alignment */ +
+ 8 /* WEP */ + ETH_ALEN /* WDS */);
+ if (skb == NULL)
+ return NULL;
+
+ entry = &local->frag_cache[local->frag_next_idx];
+ local->frag_next_idx++;
+ if (local->frag_next_idx >= PRISM2_FRAG_CACHE_LEN)
+ local->frag_next_idx = 0;
+
+ if (entry->skb != NULL)
+ dev_kfree_skb(entry->skb);
+
+ entry->first_frag_time = jiffies;
+ entry->seq = seq;
+ entry->last_frag = frag;
+ entry->skb = skb;
+ memcpy(entry->src_addr, hdr->addr2, ETH_ALEN);
+ memcpy(entry->dst_addr, hdr->addr1, ETH_ALEN);
+ } else {
+ /* received a fragment of a frame for which the head fragment
+ * should have already been received */
+ entry = prism2_frag_cache_find(local, seq, frag, hdr->addr2,
+ hdr->addr1);
+ if (entry != NULL) {
+ entry->last_frag = frag;
+ skb = entry->skb;
+ }
+ }
+
+ return skb;
+}
+
+
+/* Called only as a tasklet (software IRQ) */
+static int prism2_frag_cache_invalidate(local_info_t *local,
+ struct ieee80211_hdr *hdr)
+{
+ u16 sc;
+ unsigned int seq;
+ struct prism2_frag_entry *entry;
+
+ sc = le16_to_cpu(hdr->seq_ctrl);
+ seq = (sc & IEEE80211_SCTL_SEQ) >> 4;
+
+ entry = prism2_frag_cache_find(local, seq, -1, hdr->addr2, hdr->addr1);
+
+ if (entry == NULL) {
+ printk(KERN_DEBUG "%s: could not invalidate fragment cache "
+ "entry (seq=%u)\n",
+ local->dev->name, seq);
+ return -1;
+ }
+
+ entry->skb = NULL;
+ return 0;
+}
+
+
+static struct hostap_bss_info *__hostap_get_bss(local_info_t *local, u8 *bssid,
+ u8 *ssid, size_t ssid_len)
+{
+ struct list_head *ptr;
+ struct hostap_bss_info *bss;
+
+ list_for_each(ptr, &local->bss_list) {
+ bss = list_entry(ptr, struct hostap_bss_info, list);
+ if (memcmp(bss->bssid, bssid, ETH_ALEN) == 0 &&
+ (ssid == NULL ||
+ (ssid_len == bss->ssid_len &&
+ memcmp(ssid, bss->ssid, ssid_len) == 0))) {
+ list_move(&bss->list, &local->bss_list);
+ return bss;
+ }
+ }
+
+ return NULL;
+}
+
+
+static struct hostap_bss_info *__hostap_add_bss(local_info_t *local, u8 *bssid,
+ u8 *ssid, size_t ssid_len)
+{
+ struct hostap_bss_info *bss;
+
+ if (local->num_bss_info >= HOSTAP_MAX_BSS_COUNT) {
+ bss = list_entry(local->bss_list.prev,
+ struct hostap_bss_info, list);
+ list_del(&bss->list);
+ local->num_bss_info--;
+ } else {
+ bss = kmalloc(sizeof(*bss), GFP_ATOMIC);
+ if (bss == NULL)
+ return NULL;
+ }
+
+ memset(bss, 0, sizeof(*bss));
+ memcpy(bss->bssid, bssid, ETH_ALEN);
+ memcpy(bss->ssid, ssid, ssid_len);
+ bss->ssid_len = ssid_len;
+ local->num_bss_info++;
+ list_add(&bss->list, &local->bss_list);
+ return bss;
+}
+
+
+static void __hostap_expire_bss(local_info_t *local)
+{
+ struct hostap_bss_info *bss;
+
+ while (local->num_bss_info > 0) {
+ bss = list_entry(local->bss_list.prev,
+ struct hostap_bss_info, list);
+ if (!time_after(jiffies, bss->last_update + 60 * HZ))
+ break;
+
+ list_del(&bss->list);
+ local->num_bss_info--;
+ kfree(bss);
+ }
+}
+
+
+/* Both IEEE 802.11 Beacon and Probe Response frames have similar structure, so
+ * the same routine can be used to parse both of them. */
+static void hostap_rx_sta_beacon(local_info_t *local, struct sk_buff *skb,
+ int stype)
+{
+ struct hostap_ieee80211_mgmt *mgmt;
+ int left, chan = 0;
+ u8 *pos;
+ u8 *ssid = NULL, *wpa = NULL, *rsn = NULL;
+ size_t ssid_len = 0, wpa_len = 0, rsn_len = 0;
+ struct hostap_bss_info *bss;
+
+ if (skb->len < IEEE80211_MGMT_HDR_LEN + sizeof(mgmt->u.beacon))
+ return;
+
+ mgmt = (struct hostap_ieee80211_mgmt *) skb->data;
+ pos = mgmt->u.beacon.variable;
+ left = skb->len - (pos - skb->data);
+
+ while (left >= 2) {
+ if (2 + pos[1] > left)
+ return; /* parse failed */
+ switch (*pos) {
+ case WLAN_EID_SSID:
+ ssid = pos + 2;
+ ssid_len = pos[1];
+ break;
+ case WLAN_EID_VENDOR_SPECIFIC:
+ if (pos[1] >= 4 &&
+ pos[2] == 0x00 && pos[3] == 0x50 &&
+ pos[4] == 0xf2 && pos[5] == 1) {
+ wpa = pos;
+ wpa_len = pos[1] + 2;
+ }
+ break;
+ case WLAN_EID_RSN:
+ rsn = pos;
+ rsn_len = pos[1] + 2;
+ break;
+ case WLAN_EID_DS_PARAMS:
+ if (pos[1] >= 1)
+ chan = pos[2];
+ break;
+ }
+ left -= 2 + pos[1];
+ pos += 2 + pos[1];
+ }
+
+ if (wpa_len > MAX_WPA_IE_LEN)
+ wpa_len = MAX_WPA_IE_LEN;
+ if (rsn_len > MAX_WPA_IE_LEN)
+ rsn_len = MAX_WPA_IE_LEN;
+ if (ssid_len > sizeof(bss->ssid))
+ ssid_len = sizeof(bss->ssid);
+
+ spin_lock(&local->lock);
+ bss = __hostap_get_bss(local, mgmt->bssid, ssid, ssid_len);
+ if (bss == NULL)
+ bss = __hostap_add_bss(local, mgmt->bssid, ssid, ssid_len);
+ if (bss) {
+ bss->last_update = jiffies;
+ bss->count++;
+ bss->capab_info = le16_to_cpu(mgmt->u.beacon.capab_info);
+ if (wpa) {
+ memcpy(bss->wpa_ie, wpa, wpa_len);
+ bss->wpa_ie_len = wpa_len;
+ } else
+ bss->wpa_ie_len = 0;
+ if (rsn) {
+ memcpy(bss->rsn_ie, rsn, rsn_len);
+ bss->rsn_ie_len = rsn_len;
+ } else
+ bss->rsn_ie_len = 0;
+ bss->chan = chan;
+ }
+ __hostap_expire_bss(local);
+ spin_unlock(&local->lock);
+}
+
+
+static int
+hostap_rx_frame_mgmt(local_info_t *local, struct sk_buff *skb,
+ struct hostap_80211_rx_status *rx_stats, u16 type,
+ u16 stype)
+{
+ if (local->iw_mode == IW_MODE_MASTER)
+ hostap_update_sta_ps(local, (struct ieee80211_hdr *) skb->data);
+
+ if (local->hostapd && type == IEEE80211_FTYPE_MGMT) {
+ if (stype == IEEE80211_STYPE_BEACON &&
+ local->iw_mode == IW_MODE_MASTER) {
+ struct sk_buff *skb2;
+ /* Process beacon frames also in kernel driver to
+ * update STA(AP) table statistics */
+ skb2 = skb_clone(skb, GFP_ATOMIC);
+ if (skb2)
+ hostap_rx(skb2->dev, skb2, rx_stats);
+ }
+
+ /* send management frames to the user space daemon for
+ * processing */
+ local->apdevstats.rx_packets++;
+ local->apdevstats.rx_bytes += skb->len;
+ if (local->apdev == NULL)
+ return -1;
+ prism2_rx_80211(local->apdev, skb, rx_stats, PRISM2_RX_MGMT);
+ return 0;
+ }
+
+ if (local->iw_mode == IW_MODE_MASTER) {
+ if (type != IEEE80211_FTYPE_MGMT &&
+ type != IEEE80211_FTYPE_CTL) {
+ printk(KERN_DEBUG "%s: unknown management frame "
+ "(type=0x%02x, stype=0x%02x) dropped\n",
+ skb->dev->name, type >> 2, stype >> 4);
+ return -1;
+ }
+
+ hostap_rx(skb->dev, skb, rx_stats);
+ return 0;
+ } else if (type == IEEE80211_FTYPE_MGMT &&
+ (stype == IEEE80211_STYPE_BEACON ||
+ stype == IEEE80211_STYPE_PROBE_RESP)) {
+ hostap_rx_sta_beacon(local, skb, stype);
+ return -1;
+ } else if (type == IEEE80211_FTYPE_MGMT &&
+ (stype == IEEE80211_STYPE_ASSOC_RESP ||
+ stype == IEEE80211_STYPE_REASSOC_RESP)) {
+ /* Ignore (Re)AssocResp silently since these are not currently
+ * needed but are still received when WPA/RSN mode is enabled.
+ */
+ return -1;
+ } else {
+ printk(KERN_DEBUG "%s: hostap_rx_frame_mgmt: dropped unhandled"
+ " management frame in non-Host AP mode (type=%d:%d)\n",
+ skb->dev->name, type >> 2, stype >> 4);
+ return -1;
+ }
+}
+
+
+/* Called only as a tasklet (software IRQ) */
+static struct net_device *prism2_rx_get_wds(local_info_t *local,
+ u8 *addr)
+{
+ struct hostap_interface *iface = NULL;
+ struct list_head *ptr;
+
+ read_lock_bh(&local->iface_lock);
+ list_for_each(ptr, &local->hostap_interfaces) {
+ iface = list_entry(ptr, struct hostap_interface, list);
+ if (iface->type == HOSTAP_INTERFACE_WDS &&
+ memcmp(iface->u.wds.remote_addr, addr, ETH_ALEN) == 0)
+ break;
+ iface = NULL;
+ }
+ read_unlock_bh(&local->iface_lock);
+
+ return iface ? iface->dev : NULL;
+}
+
+
+static int
+hostap_rx_frame_wds(local_info_t *local, struct ieee80211_hdr *hdr, u16 fc,
+ struct net_device **wds)
+{
+ /* FIX: is this really supposed to accept WDS frames only in Master
+ * mode? What about Repeater or Managed with WDS frames? */
+ if ((fc & (IEEE80211_FCTL_TODS | IEEE80211_FCTL_FROMDS)) !=
+ (IEEE80211_FCTL_TODS | IEEE80211_FCTL_FROMDS) &&
+ (local->iw_mode != IW_MODE_MASTER || !(fc & IEEE80211_FCTL_TODS)))
+ return 0; /* not a WDS frame */
+
+ /* Possible WDS frame: either IEEE 802.11 compliant (if FromDS)
+ * or own non-standard frame with 4th address after payload */
+ if (!ether_addr_equal(hdr->addr1, local->dev->dev_addr) &&
+ (hdr->addr1[0] != 0xff || hdr->addr1[1] != 0xff ||
+ hdr->addr1[2] != 0xff || hdr->addr1[3] != 0xff ||
+ hdr->addr1[4] != 0xff || hdr->addr1[5] != 0xff)) {
+ /* RA (or BSSID) is not ours - drop */
+ PDEBUG(DEBUG_EXTRA2, "%s: received WDS frame with "
+ "not own or broadcast %s=%pM\n",
+ local->dev->name,
+ fc & IEEE80211_FCTL_FROMDS ? "RA" : "BSSID",
+ hdr->addr1);
+ return -1;
+ }
+
+ /* check if the frame came from a registered WDS connection */
+ *wds = prism2_rx_get_wds(local, hdr->addr2);
+ if (*wds == NULL && fc & IEEE80211_FCTL_FROMDS &&
+ (local->iw_mode != IW_MODE_INFRA ||
+ !(local->wds_type & HOSTAP_WDS_AP_CLIENT) ||
+ memcmp(hdr->addr2, local->bssid, ETH_ALEN) != 0)) {
+ /* require that WDS link has been registered with TA or the
+ * frame is from current AP when using 'AP client mode' */
+ PDEBUG(DEBUG_EXTRA, "%s: received WDS[4 addr] frame "
+ "from unknown TA=%pM\n",
+ local->dev->name, hdr->addr2);
+ if (local->ap && local->ap->autom_ap_wds)
+ hostap_wds_link_oper(local, hdr->addr2, WDS_ADD);
+ return -1;
+ }
+
+ if (*wds && !(fc & IEEE80211_FCTL_FROMDS) && local->ap &&
+ hostap_is_sta_assoc(local->ap, hdr->addr2)) {
+ /* STA is actually associated with us even though it has a
+ * registered WDS link. Assume it is in 'AP client' mode.
+ * Since this is a 3-addr frame, assume it is not (bogus) WDS
+ * frame and process it like any normal ToDS frame from
+ * associated STA. */
+ *wds = NULL;
+ }
+
+ return 0;
+}
+
+
+static int hostap_is_eapol_frame(local_info_t *local, struct sk_buff *skb)
+{
+ struct net_device *dev = local->dev;
+ u16 fc, ethertype;
+ struct ieee80211_hdr *hdr;
+ u8 *pos;
+
+ if (skb->len < 24)
+ return 0;
+
+ hdr = (struct ieee80211_hdr *) skb->data;
+ fc = le16_to_cpu(hdr->frame_control);
+
+ /* check that the frame is unicast frame to us */
+ if ((fc & (IEEE80211_FCTL_TODS | IEEE80211_FCTL_FROMDS)) ==
+ IEEE80211_FCTL_TODS &&
+ ether_addr_equal(hdr->addr1, dev->dev_addr) &&
+ ether_addr_equal(hdr->addr3, dev->dev_addr)) {
+ /* ToDS frame with own addr BSSID and DA */
+ } else if ((fc & (IEEE80211_FCTL_TODS | IEEE80211_FCTL_FROMDS)) ==
+ IEEE80211_FCTL_FROMDS &&
+ ether_addr_equal(hdr->addr1, dev->dev_addr)) {
+ /* FromDS frame with own addr as DA */
+ } else
+ return 0;
+
+ if (skb->len < 24 + 8)
+ return 0;
+
+ /* check for port access entity Ethernet type */
+ pos = skb->data + 24;
+ ethertype = (pos[6] << 8) | pos[7];
+ if (ethertype == ETH_P_PAE)
+ return 1;
+
+ return 0;
+}
+
+
+/* Called only as a tasklet (software IRQ) */
+static int
+hostap_rx_frame_decrypt(local_info_t *local, struct sk_buff *skb,
+ struct lib80211_crypt_data *crypt)
+{
+ struct ieee80211_hdr *hdr;
+ int res, hdrlen;
+
+ if (crypt == NULL || crypt->ops->decrypt_mpdu == NULL)
+ return 0;
+
+ hdr = (struct ieee80211_hdr *) skb->data;
+ hdrlen = hostap_80211_get_hdrlen(hdr->frame_control);
+
+ if (local->tkip_countermeasures &&
+ strcmp(crypt->ops->name, "TKIP") == 0) {
+ if (net_ratelimit()) {
+ printk(KERN_DEBUG "%s: TKIP countermeasures: dropped "
+ "received packet from %pM\n",
+ local->dev->name, hdr->addr2);
+ }
+ return -1;
+ }
+
+ atomic_inc(&crypt->refcnt);
+ res = crypt->ops->decrypt_mpdu(skb, hdrlen, crypt->priv);
+ atomic_dec(&crypt->refcnt);
+ if (res < 0) {
+ printk(KERN_DEBUG "%s: decryption failed (SA=%pM) res=%d\n",
+ local->dev->name, hdr->addr2, res);
+ local->comm_tallies.rx_discards_wep_undecryptable++;
+ return -1;
+ }
+
+ return res;
+}
+
+
+/* Called only as a tasklet (software IRQ) */
+static int
+hostap_rx_frame_decrypt_msdu(local_info_t *local, struct sk_buff *skb,
+ int keyidx, struct lib80211_crypt_data *crypt)
+{
+ struct ieee80211_hdr *hdr;
+ int res, hdrlen;
+
+ if (crypt == NULL || crypt->ops->decrypt_msdu == NULL)
+ return 0;
+
+ hdr = (struct ieee80211_hdr *) skb->data;
+ hdrlen = hostap_80211_get_hdrlen(hdr->frame_control);
+
+ atomic_inc(&crypt->refcnt);
+ res = crypt->ops->decrypt_msdu(skb, keyidx, hdrlen, crypt->priv);
+ atomic_dec(&crypt->refcnt);
+ if (res < 0) {
+ printk(KERN_DEBUG "%s: MSDU decryption/MIC verification failed"
+ " (SA=%pM keyidx=%d)\n",
+ local->dev->name, hdr->addr2, keyidx);
+ return -1;
+ }
+
+ return 0;
+}
+
+
+/* All received frames are sent to this function. @skb contains the frame in
+ * IEEE 802.11 format, i.e., in the format it was sent over air.
+ * This function is called only as a tasklet (software IRQ). */
+void hostap_80211_rx(struct net_device *dev, struct sk_buff *skb,
+ struct hostap_80211_rx_status *rx_stats)
+{
+ struct hostap_interface *iface;
+ local_info_t *local;
+ struct ieee80211_hdr *hdr;
+ size_t hdrlen;
+ u16 fc, type, stype, sc;
+ struct net_device *wds = NULL;
+ unsigned int frag;
+ u8 *payload;
+ struct sk_buff *skb2 = NULL;
+ u16 ethertype;
+ int frame_authorized = 0;
+ int from_assoc_ap = 0;
+ u8 dst[ETH_ALEN];
+ u8 src[ETH_ALEN];
+ struct lib80211_crypt_data *crypt = NULL;
+ void *sta = NULL;
+ int keyidx = 0;
+
+ iface = netdev_priv(dev);
+ local = iface->local;
+ iface->stats.rx_packets++;
+ iface->stats.rx_bytes += skb->len;
+
+ /* dev is the master radio device; change this to be the default
+ * virtual interface (this may be changed to WDS device below) */
+ dev = local->ddev;
+ iface = netdev_priv(dev);
+
+ hdr = (struct ieee80211_hdr *) skb->data;
+
+ if (skb->len < 10)
+ goto rx_dropped;
+
+ fc = le16_to_cpu(hdr->frame_control);
+ type = fc & IEEE80211_FCTL_FTYPE;
+ stype = fc & IEEE80211_FCTL_STYPE;
+ sc = le16_to_cpu(hdr->seq_ctrl);
+ frag = sc & IEEE80211_SCTL_FRAG;
+ hdrlen = hostap_80211_get_hdrlen(hdr->frame_control);
+
+ /* Put this code here so that we avoid duplicating it in all
+ * Rx paths. - Jean II */
+#ifdef IW_WIRELESS_SPY /* defined in iw_handler.h */
+ /* If spy monitoring on */
+ if (iface->spy_data.spy_number > 0) {
+ struct iw_quality wstats;
+ wstats.level = rx_stats->signal;
+ wstats.noise = rx_stats->noise;
+ wstats.updated = IW_QUAL_LEVEL_UPDATED | IW_QUAL_NOISE_UPDATED
+ | IW_QUAL_QUAL_INVALID | IW_QUAL_DBM;
+ /* Update spy records */
+ wireless_spy_update(dev, hdr->addr2, &wstats);
+ }
+#endif /* IW_WIRELESS_SPY */
+ hostap_update_rx_stats(local->ap, hdr, rx_stats);
+
+ if (local->iw_mode == IW_MODE_MONITOR) {
+ monitor_rx(dev, skb, rx_stats);
+ return;
+ }
+
+ if (local->host_decrypt) {
+ int idx = 0;
+ if (skb->len >= hdrlen + 3)
+ idx = skb->data[hdrlen + 3] >> 6;
+ crypt = local->crypt_info.crypt[idx];
+ sta = NULL;
+
+ /* Use station specific key to override default keys if the
+ * receiver address is a unicast address ("individual RA"). If
+ * bcrx_sta_key parameter is set, station specific key is used
+ * even with broad/multicast targets (this is against IEEE
+ * 802.11, but makes it easier to use different keys with
+ * stations that do not support WEP key mapping). */
+
+ if (!(hdr->addr1[0] & 0x01) || local->bcrx_sta_key)
+ (void) hostap_handle_sta_crypto(local, hdr, &crypt,
+ &sta);
+
+ /* allow NULL decrypt to indicate an station specific override
+ * for default encryption */
+ if (crypt && (crypt->ops == NULL ||
+ crypt->ops->decrypt_mpdu == NULL))
+ crypt = NULL;
+
+ if (!crypt && (fc & IEEE80211_FCTL_PROTECTED)) {
+#if 0
+ /* This seems to be triggered by some (multicast?)
+ * frames from other than current BSS, so just drop the
+ * frames silently instead of filling system log with
+ * these reports. */
+ printk(KERN_DEBUG "%s: WEP decryption failed (not set)"
+ " (SA=%pM)\n",
+ local->dev->name, hdr->addr2);
+#endif
+ local->comm_tallies.rx_discards_wep_undecryptable++;
+ goto rx_dropped;
+ }
+ }
+
+ if (type != IEEE80211_FTYPE_DATA) {
+ if (type == IEEE80211_FTYPE_MGMT &&
+ stype == IEEE80211_STYPE_AUTH &&
+ fc & IEEE80211_FCTL_PROTECTED && local->host_decrypt &&
+ (keyidx = hostap_rx_frame_decrypt(local, skb, crypt)) < 0)
+ {
+ printk(KERN_DEBUG "%s: failed to decrypt mgmt::auth "
+ "from %pM\n", dev->name, hdr->addr2);
+ /* TODO: could inform hostapd about this so that it
+ * could send auth failure report */
+ goto rx_dropped;
+ }
+
+ if (hostap_rx_frame_mgmt(local, skb, rx_stats, type, stype))
+ goto rx_dropped;
+ else
+ goto rx_exit;
+ }
+
+ /* Data frame - extract src/dst addresses */
+ if (skb->len < IEEE80211_DATA_HDR3_LEN)
+ goto rx_dropped;
+
+ switch (fc & (IEEE80211_FCTL_FROMDS | IEEE80211_FCTL_TODS)) {
+ case IEEE80211_FCTL_FROMDS:
+ memcpy(dst, hdr->addr1, ETH_ALEN);
+ memcpy(src, hdr->addr3, ETH_ALEN);
+ break;
+ case IEEE80211_FCTL_TODS:
+ memcpy(dst, hdr->addr3, ETH_ALEN);
+ memcpy(src, hdr->addr2, ETH_ALEN);
+ break;
+ case IEEE80211_FCTL_FROMDS | IEEE80211_FCTL_TODS:
+ if (skb->len < IEEE80211_DATA_HDR4_LEN)
+ goto rx_dropped;
+ memcpy(dst, hdr->addr3, ETH_ALEN);
+ memcpy(src, hdr->addr4, ETH_ALEN);
+ break;
+ default:
+ memcpy(dst, hdr->addr1, ETH_ALEN);
+ memcpy(src, hdr->addr2, ETH_ALEN);
+ break;
+ }
+
+ if (hostap_rx_frame_wds(local, hdr, fc, &wds))
+ goto rx_dropped;
+ if (wds)
+ skb->dev = dev = wds;
+
+ if (local->iw_mode == IW_MODE_MASTER && !wds &&
+ (fc & (IEEE80211_FCTL_TODS | IEEE80211_FCTL_FROMDS)) ==
+ IEEE80211_FCTL_FROMDS &&
+ local->stadev &&
+ memcmp(hdr->addr2, local->assoc_ap_addr, ETH_ALEN) == 0) {
+ /* Frame from BSSID of the AP for which we are a client */
+ skb->dev = dev = local->stadev;
+ from_assoc_ap = 1;
+ }
+
+ if ((local->iw_mode == IW_MODE_MASTER ||
+ local->iw_mode == IW_MODE_REPEAT) &&
+ !from_assoc_ap) {
+ switch (hostap_handle_sta_rx(local, dev, skb, rx_stats,
+ wds != NULL)) {
+ case AP_RX_CONTINUE_NOT_AUTHORIZED:
+ frame_authorized = 0;
+ break;
+ case AP_RX_CONTINUE:
+ frame_authorized = 1;
+ break;
+ case AP_RX_DROP:
+ goto rx_dropped;
+ case AP_RX_EXIT:
+ goto rx_exit;
+ }
+ }
+
+ /* Nullfunc frames may have PS-bit set, so they must be passed to
+ * hostap_handle_sta_rx() before being dropped here. */
+ if (stype != IEEE80211_STYPE_DATA &&
+ stype != IEEE80211_STYPE_DATA_CFACK &&
+ stype != IEEE80211_STYPE_DATA_CFPOLL &&
+ stype != IEEE80211_STYPE_DATA_CFACKPOLL) {
+ if (stype != IEEE80211_STYPE_NULLFUNC)
+ printk(KERN_DEBUG "%s: RX: dropped data frame "
+ "with no data (type=0x%02x, subtype=0x%02x)\n",
+ dev->name, type >> 2, stype >> 4);
+ goto rx_dropped;
+ }
+
+ /* skb: hdr + (possibly fragmented, possibly encrypted) payload */
+
+ if (local->host_decrypt && (fc & IEEE80211_FCTL_PROTECTED) &&
+ (keyidx = hostap_rx_frame_decrypt(local, skb, crypt)) < 0)
+ goto rx_dropped;
+ hdr = (struct ieee80211_hdr *) skb->data;
+
+ /* skb: hdr + (possibly fragmented) plaintext payload */
+
+ if (local->host_decrypt && (fc & IEEE80211_FCTL_PROTECTED) &&
+ (frag != 0 || (fc & IEEE80211_FCTL_MOREFRAGS))) {
+ int flen;
+ struct sk_buff *frag_skb =
+ prism2_frag_cache_get(local, hdr);
+ if (!frag_skb) {
+ printk(KERN_DEBUG "%s: Rx cannot get skb from "
+ "fragment cache (morefrag=%d seq=%u frag=%u)\n",
+ dev->name, (fc & IEEE80211_FCTL_MOREFRAGS) != 0,
+ (sc & IEEE80211_SCTL_SEQ) >> 4, frag);
+ goto rx_dropped;
+ }
+
+ flen = skb->len;
+ if (frag != 0)
+ flen -= hdrlen;
+
+ if (frag_skb->tail + flen > frag_skb->end) {
+ printk(KERN_WARNING "%s: host decrypted and "
+ "reassembled frame did not fit skb\n",
+ dev->name);
+ prism2_frag_cache_invalidate(local, hdr);
+ goto rx_dropped;
+ }
+
+ if (frag == 0) {
+ /* copy first fragment (including full headers) into
+ * beginning of the fragment cache skb */
+ skb_copy_from_linear_data(skb, skb_put(frag_skb, flen),
+ flen);
+ } else {
+ /* append frame payload to the end of the fragment
+ * cache skb */
+ skb_copy_from_linear_data_offset(skb, hdrlen,
+ skb_put(frag_skb,
+ flen), flen);
+ }
+ dev_kfree_skb(skb);
+ skb = NULL;
+
+ if (fc & IEEE80211_FCTL_MOREFRAGS) {
+ /* more fragments expected - leave the skb in fragment
+ * cache for now; it will be delivered to upper layers
+ * after all fragments have been received */
+ goto rx_exit;
+ }
+
+ /* this was the last fragment and the frame will be
+ * delivered, so remove skb from fragment cache */
+ skb = frag_skb;
+ hdr = (struct ieee80211_hdr *) skb->data;
+ prism2_frag_cache_invalidate(local, hdr);
+ }
+
+ /* skb: hdr + (possible reassembled) full MSDU payload; possibly still
+ * encrypted/authenticated */
+
+ if (local->host_decrypt && (fc & IEEE80211_FCTL_PROTECTED) &&
+ hostap_rx_frame_decrypt_msdu(local, skb, keyidx, crypt))
+ goto rx_dropped;
+
+ hdr = (struct ieee80211_hdr *) skb->data;
+ if (crypt && !(fc & IEEE80211_FCTL_PROTECTED) && !local->open_wep) {
+ if (local->ieee_802_1x &&
+ hostap_is_eapol_frame(local, skb)) {
+ /* pass unencrypted EAPOL frames even if encryption is
+ * configured */
+ PDEBUG(DEBUG_EXTRA2, "%s: RX: IEEE 802.1X - passing "
+ "unencrypted EAPOL frame\n", local->dev->name);
+ } else {
+ printk(KERN_DEBUG "%s: encryption configured, but RX "
+ "frame not encrypted (SA=%pM)\n",
+ local->dev->name, hdr->addr2);
+ goto rx_dropped;
+ }
+ }
+
+ if (local->drop_unencrypted && !(fc & IEEE80211_FCTL_PROTECTED) &&
+ !hostap_is_eapol_frame(local, skb)) {
+ if (net_ratelimit()) {
+ printk(KERN_DEBUG "%s: dropped unencrypted RX data "
+ "frame from %pM (drop_unencrypted=1)\n",
+ dev->name, hdr->addr2);
+ }
+ goto rx_dropped;
+ }
+
+ /* skb: hdr + (possible reassembled) full plaintext payload */
+
+ payload = skb->data + hdrlen;
+ ethertype = (payload[6] << 8) | payload[7];
+
+ /* If IEEE 802.1X is used, check whether the port is authorized to send
+ * the received frame. */
+ if (local->ieee_802_1x && local->iw_mode == IW_MODE_MASTER) {
+ if (ethertype == ETH_P_PAE) {
+ PDEBUG(DEBUG_EXTRA2, "%s: RX: IEEE 802.1X frame\n",
+ dev->name);
+ if (local->hostapd && local->apdev) {
+ /* Send IEEE 802.1X frames to the user
+ * space daemon for processing */
+ prism2_rx_80211(local->apdev, skb, rx_stats,
+ PRISM2_RX_MGMT);
+ local->apdevstats.rx_packets++;
+ local->apdevstats.rx_bytes += skb->len;
+ goto rx_exit;
+ }
+ } else if (!frame_authorized) {
+ printk(KERN_DEBUG "%s: dropped frame from "
+ "unauthorized port (IEEE 802.1X): "
+ "ethertype=0x%04x\n",
+ dev->name, ethertype);
+ goto rx_dropped;
+ }
+ }
+
+ /* convert hdr + possible LLC headers into Ethernet header */
+ if (skb->len - hdrlen >= 8 &&
+ ((memcmp(payload, rfc1042_header, 6) == 0 &&
+ ethertype != ETH_P_AARP && ethertype != ETH_P_IPX) ||
+ memcmp(payload, bridge_tunnel_header, 6) == 0)) {
+ /* remove RFC1042 or Bridge-Tunnel encapsulation and
+ * replace EtherType */
+ skb_pull(skb, hdrlen + 6);
+ memcpy(skb_push(skb, ETH_ALEN), src, ETH_ALEN);
+ memcpy(skb_push(skb, ETH_ALEN), dst, ETH_ALEN);
+ } else {
+ __be16 len;
+ /* Leave Ethernet header part of hdr and full payload */
+ skb_pull(skb, hdrlen);
+ len = htons(skb->len);
+ memcpy(skb_push(skb, 2), &len, 2);
+ memcpy(skb_push(skb, ETH_ALEN), src, ETH_ALEN);
+ memcpy(skb_push(skb, ETH_ALEN), dst, ETH_ALEN);
+ }
+
+ if (wds && ((fc & (IEEE80211_FCTL_TODS | IEEE80211_FCTL_FROMDS)) ==
+ IEEE80211_FCTL_TODS) &&
+ skb->len >= ETH_HLEN + ETH_ALEN) {
+ /* Non-standard frame: get addr4 from its bogus location after
+ * the payload */
+ skb_copy_from_linear_data_offset(skb, skb->len - ETH_ALEN,
+ skb->data + ETH_ALEN,
+ ETH_ALEN);
+ skb_trim(skb, skb->len - ETH_ALEN);
+ }
+
+ dev->stats.rx_packets++;
+ dev->stats.rx_bytes += skb->len;
+
+ if (local->iw_mode == IW_MODE_MASTER && !wds &&
+ local->ap->bridge_packets) {
+ if (dst[0] & 0x01) {
+ /* copy multicast frame both to the higher layers and
+ * to the wireless media */
+ local->ap->bridged_multicast++;
+ skb2 = skb_clone(skb, GFP_ATOMIC);
+ if (skb2 == NULL)
+ printk(KERN_DEBUG "%s: skb_clone failed for "
+ "multicast frame\n", dev->name);
+ } else if (hostap_is_sta_authorized(local->ap, dst)) {
+ /* send frame directly to the associated STA using
+ * wireless media and not passing to higher layers */
+ local->ap->bridged_unicast++;
+ skb2 = skb;
+ skb = NULL;
+ }
+ }
+
+ if (skb2 != NULL) {
+ /* send to wireless media */
+ skb2->dev = dev;
+ skb2->protocol = cpu_to_be16(ETH_P_802_3);
+ skb_reset_mac_header(skb2);
+ skb_reset_network_header(skb2);
+ /* skb2->network_header += ETH_HLEN; */
+ dev_queue_xmit(skb2);
+ }
+
+ if (skb) {
+ skb->protocol = eth_type_trans(skb, dev);
+ memset(skb->cb, 0, sizeof(skb->cb));
+ netif_rx(skb);
+ }
+
+ rx_exit:
+ if (sta)
+ hostap_handle_sta_release(sta);
+ return;
+
+ rx_dropped:
+ dev_kfree_skb(skb);
+
+ dev->stats.rx_dropped++;
+ goto rx_exit;
+}
+
+
+EXPORT_SYMBOL(hostap_80211_rx);
diff --git a/drivers/net/wireless/intersil/hostap/hostap_80211_tx.c b/drivers/net/wireless/intersil/hostap/hostap_80211_tx.c
new file mode 100644
index 000000000..c47da0694
--- /dev/null
+++ b/drivers/net/wireless/intersil/hostap/hostap_80211_tx.c
@@ -0,0 +1,554 @@
+// SPDX-License-Identifier: GPL-2.0
+#include <linux/slab.h>
+#include <linux/export.h>
+#include <linux/etherdevice.h>
+
+#include "hostap_80211.h"
+#include "hostap_common.h"
+#include "hostap_wlan.h"
+#include "hostap.h"
+#include "hostap_ap.h"
+
+/* See IEEE 802.1H for LLC/SNAP encapsulation/decapsulation */
+/* Ethernet-II snap header (RFC1042 for most EtherTypes) */
+static unsigned char rfc1042_header[] =
+{ 0xaa, 0xaa, 0x03, 0x00, 0x00, 0x00 };
+/* Bridge-Tunnel header (for EtherTypes ETH_P_AARP and ETH_P_IPX) */
+static unsigned char bridge_tunnel_header[] =
+{ 0xaa, 0xaa, 0x03, 0x00, 0x00, 0xf8 };
+/* No encapsulation header if EtherType < 0x600 (=length) */
+
+void hostap_dump_tx_80211(const char *name, struct sk_buff *skb)
+{
+ struct ieee80211_hdr *hdr;
+ u16 fc;
+
+ hdr = (struct ieee80211_hdr *) skb->data;
+
+ printk(KERN_DEBUG "%s: TX len=%d jiffies=%ld\n",
+ name, skb->len, jiffies);
+
+ if (skb->len < 2)
+ return;
+
+ fc = le16_to_cpu(hdr->frame_control);
+ printk(KERN_DEBUG " FC=0x%04x (type=%d:%d)%s%s",
+ fc, (fc & IEEE80211_FCTL_FTYPE) >> 2,
+ (fc & IEEE80211_FCTL_STYPE) >> 4,
+ fc & IEEE80211_FCTL_TODS ? " [ToDS]" : "",
+ fc & IEEE80211_FCTL_FROMDS ? " [FromDS]" : "");
+
+ if (skb->len < IEEE80211_DATA_HDR3_LEN) {
+ printk("\n");
+ return;
+ }
+
+ printk(" dur=0x%04x seq=0x%04x\n", le16_to_cpu(hdr->duration_id),
+ le16_to_cpu(hdr->seq_ctrl));
+
+ printk(KERN_DEBUG " A1=%pM", hdr->addr1);
+ printk(" A2=%pM", hdr->addr2);
+ printk(" A3=%pM", hdr->addr3);
+ if (skb->len >= 30)
+ printk(" A4=%pM", hdr->addr4);
+ printk("\n");
+}
+
+
+/* hard_start_xmit function for data interfaces (wlan#, wlan#wds#, wlan#sta)
+ * Convert Ethernet header into a suitable IEEE 802.11 header depending on
+ * device configuration. */
+netdev_tx_t hostap_data_start_xmit(struct sk_buff *skb,
+ struct net_device *dev)
+{
+ struct hostap_interface *iface;
+ local_info_t *local;
+ int need_headroom, need_tailroom = 0;
+ struct ieee80211_hdr hdr;
+ u16 fc, ethertype = 0;
+ enum {
+ WDS_NO = 0, WDS_OWN_FRAME, WDS_COMPLIANT_FRAME
+ } use_wds = WDS_NO;
+ u8 *encaps_data;
+ int hdr_len, encaps_len, skip_header_bytes;
+ int to_assoc_ap = 0;
+ struct hostap_skb_tx_data *meta;
+
+ iface = netdev_priv(dev);
+ local = iface->local;
+
+ if (skb->len < ETH_HLEN) {
+ printk(KERN_DEBUG "%s: hostap_data_start_xmit: short skb "
+ "(len=%d)\n", dev->name, skb->len);
+ kfree_skb(skb);
+ return NETDEV_TX_OK;
+ }
+
+ if (local->ddev != dev) {
+ use_wds = (local->iw_mode == IW_MODE_MASTER &&
+ !(local->wds_type & HOSTAP_WDS_STANDARD_FRAME)) ?
+ WDS_OWN_FRAME : WDS_COMPLIANT_FRAME;
+ if (dev == local->stadev) {
+ to_assoc_ap = 1;
+ use_wds = WDS_NO;
+ } else if (dev == local->apdev) {
+ printk(KERN_DEBUG "%s: prism2_tx: trying to use "
+ "AP device with Ethernet net dev\n", dev->name);
+ kfree_skb(skb);
+ return NETDEV_TX_OK;
+ }
+ } else {
+ if (local->iw_mode == IW_MODE_REPEAT) {
+ printk(KERN_DEBUG "%s: prism2_tx: trying to use "
+ "non-WDS link in Repeater mode\n", dev->name);
+ kfree_skb(skb);
+ return NETDEV_TX_OK;
+ } else if (local->iw_mode == IW_MODE_INFRA &&
+ (local->wds_type & HOSTAP_WDS_AP_CLIENT) &&
+ !ether_addr_equal(skb->data + ETH_ALEN, dev->dev_addr)) {
+ /* AP client mode: send frames with foreign src addr
+ * using 4-addr WDS frames */
+ use_wds = WDS_COMPLIANT_FRAME;
+ }
+ }
+
+ /* Incoming skb->data: dst_addr[6], src_addr[6], proto[2], payload
+ * ==>
+ * Prism2 TX frame with 802.11 header:
+ * txdesc (address order depending on used mode; includes dst_addr and
+ * src_addr), possible encapsulation (RFC1042/Bridge-Tunnel;
+ * proto[2], payload {, possible addr4[6]} */
+
+ ethertype = (skb->data[12] << 8) | skb->data[13];
+
+ memset(&hdr, 0, sizeof(hdr));
+
+ /* Length of data after IEEE 802.11 header */
+ encaps_data = NULL;
+ encaps_len = 0;
+ skip_header_bytes = ETH_HLEN;
+ if (ethertype == ETH_P_AARP || ethertype == ETH_P_IPX) {
+ encaps_data = bridge_tunnel_header;
+ encaps_len = sizeof(bridge_tunnel_header);
+ skip_header_bytes -= 2;
+ } else if (ethertype >= 0x600) {
+ encaps_data = rfc1042_header;
+ encaps_len = sizeof(rfc1042_header);
+ skip_header_bytes -= 2;
+ }
+
+ fc = IEEE80211_FTYPE_DATA | IEEE80211_STYPE_DATA;
+ hdr_len = IEEE80211_DATA_HDR3_LEN;
+
+ if (use_wds != WDS_NO) {
+ /* Note! Prism2 station firmware has problems with sending real
+ * 802.11 frames with four addresses; until these problems can
+ * be fixed or worked around, 4-addr frames needed for WDS are
+ * using incompatible format: FromDS flag is not set and the
+ * fourth address is added after the frame payload; it is
+ * assumed, that the receiving station knows how to handle this
+ * frame format */
+
+ if (use_wds == WDS_COMPLIANT_FRAME) {
+ fc |= IEEE80211_FCTL_FROMDS | IEEE80211_FCTL_TODS;
+ /* From&To DS: Addr1 = RA, Addr2 = TA, Addr3 = DA,
+ * Addr4 = SA */
+ skb_copy_from_linear_data_offset(skb, ETH_ALEN,
+ &hdr.addr4, ETH_ALEN);
+ hdr_len += ETH_ALEN;
+ } else {
+ /* bogus 4-addr format to workaround Prism2 station
+ * f/w bug */
+ fc |= IEEE80211_FCTL_TODS;
+ /* From DS: Addr1 = DA (used as RA),
+ * Addr2 = BSSID (used as TA), Addr3 = SA (used as DA),
+ */
+
+ /* SA from skb->data + ETH_ALEN will be added after
+ * frame payload; use hdr.addr4 as a temporary buffer
+ */
+ skb_copy_from_linear_data_offset(skb, ETH_ALEN,
+ &hdr.addr4, ETH_ALEN);
+ need_tailroom += ETH_ALEN;
+ }
+
+ /* send broadcast and multicast frames to broadcast RA, if
+ * configured; otherwise, use unicast RA of the WDS link */
+ if ((local->wds_type & HOSTAP_WDS_BROADCAST_RA) &&
+ is_multicast_ether_addr(skb->data))
+ eth_broadcast_addr(hdr.addr1);
+ else if (iface->type == HOSTAP_INTERFACE_WDS)
+ memcpy(&hdr.addr1, iface->u.wds.remote_addr,
+ ETH_ALEN);
+ else
+ memcpy(&hdr.addr1, local->bssid, ETH_ALEN);
+ memcpy(&hdr.addr2, dev->dev_addr, ETH_ALEN);
+ skb_copy_from_linear_data(skb, &hdr.addr3, ETH_ALEN);
+ } else if (local->iw_mode == IW_MODE_MASTER && !to_assoc_ap) {
+ fc |= IEEE80211_FCTL_FROMDS;
+ /* From DS: Addr1 = DA, Addr2 = BSSID, Addr3 = SA */
+ skb_copy_from_linear_data(skb, &hdr.addr1, ETH_ALEN);
+ memcpy(&hdr.addr2, dev->dev_addr, ETH_ALEN);
+ skb_copy_from_linear_data_offset(skb, ETH_ALEN, &hdr.addr3,
+ ETH_ALEN);
+ } else if (local->iw_mode == IW_MODE_INFRA || to_assoc_ap) {
+ fc |= IEEE80211_FCTL_TODS;
+ /* To DS: Addr1 = BSSID, Addr2 = SA, Addr3 = DA */
+ memcpy(&hdr.addr1, to_assoc_ap ?
+ local->assoc_ap_addr : local->bssid, ETH_ALEN);
+ skb_copy_from_linear_data_offset(skb, ETH_ALEN, &hdr.addr2,
+ ETH_ALEN);
+ skb_copy_from_linear_data(skb, &hdr.addr3, ETH_ALEN);
+ } else if (local->iw_mode == IW_MODE_ADHOC) {
+ /* not From/To DS: Addr1 = DA, Addr2 = SA, Addr3 = BSSID */
+ skb_copy_from_linear_data(skb, &hdr.addr1, ETH_ALEN);
+ skb_copy_from_linear_data_offset(skb, ETH_ALEN, &hdr.addr2,
+ ETH_ALEN);
+ memcpy(&hdr.addr3, local->bssid, ETH_ALEN);
+ }
+
+ hdr.frame_control = cpu_to_le16(fc);
+
+ skb_pull(skb, skip_header_bytes);
+ need_headroom = local->func->need_tx_headroom + hdr_len + encaps_len;
+ if (skb_tailroom(skb) < need_tailroom) {
+ skb = skb_unshare(skb, GFP_ATOMIC);
+ if (skb == NULL) {
+ iface->stats.tx_dropped++;
+ return NETDEV_TX_OK;
+ }
+ if (pskb_expand_head(skb, need_headroom, need_tailroom,
+ GFP_ATOMIC)) {
+ kfree_skb(skb);
+ iface->stats.tx_dropped++;
+ return NETDEV_TX_OK;
+ }
+ } else if (skb_headroom(skb) < need_headroom) {
+ struct sk_buff *tmp = skb;
+ skb = skb_realloc_headroom(skb, need_headroom);
+ kfree_skb(tmp);
+ if (skb == NULL) {
+ iface->stats.tx_dropped++;
+ return NETDEV_TX_OK;
+ }
+ } else {
+ skb = skb_unshare(skb, GFP_ATOMIC);
+ if (skb == NULL) {
+ iface->stats.tx_dropped++;
+ return NETDEV_TX_OK;
+ }
+ }
+
+ if (encaps_data)
+ memcpy(skb_push(skb, encaps_len), encaps_data, encaps_len);
+ memcpy(skb_push(skb, hdr_len), &hdr, hdr_len);
+ if (use_wds == WDS_OWN_FRAME) {
+ skb_put_data(skb, &hdr.addr4, ETH_ALEN);
+ }
+
+ iface->stats.tx_packets++;
+ iface->stats.tx_bytes += skb->len;
+
+ skb_reset_mac_header(skb);
+ meta = (struct hostap_skb_tx_data *) skb->cb;
+ memset(meta, 0, sizeof(*meta));
+ meta->magic = HOSTAP_SKB_TX_DATA_MAGIC;
+ if (use_wds)
+ meta->flags |= HOSTAP_TX_FLAGS_WDS;
+ meta->ethertype = ethertype;
+ meta->iface = iface;
+
+ /* Send IEEE 802.11 encapsulated frame using the master radio device */
+ skb->dev = local->dev;
+ dev_queue_xmit(skb);
+ return NETDEV_TX_OK;
+}
+
+
+/* hard_start_xmit function for hostapd wlan#ap interfaces */
+netdev_tx_t hostap_mgmt_start_xmit(struct sk_buff *skb,
+ struct net_device *dev)
+{
+ struct hostap_interface *iface;
+ local_info_t *local;
+ struct hostap_skb_tx_data *meta;
+ struct ieee80211_hdr *hdr;
+ u16 fc;
+
+ iface = netdev_priv(dev);
+ local = iface->local;
+
+ if (skb->len < 10) {
+ printk(KERN_DEBUG "%s: hostap_mgmt_start_xmit: short skb "
+ "(len=%d)\n", dev->name, skb->len);
+ kfree_skb(skb);
+ return NETDEV_TX_OK;
+ }
+
+ iface->stats.tx_packets++;
+ iface->stats.tx_bytes += skb->len;
+
+ meta = (struct hostap_skb_tx_data *) skb->cb;
+ memset(meta, 0, sizeof(*meta));
+ meta->magic = HOSTAP_SKB_TX_DATA_MAGIC;
+ meta->iface = iface;
+
+ if (skb->len >= IEEE80211_DATA_HDR3_LEN + sizeof(rfc1042_header) + 2) {
+ hdr = (struct ieee80211_hdr *) skb->data;
+ fc = le16_to_cpu(hdr->frame_control);
+ if (ieee80211_is_data(hdr->frame_control) &&
+ (fc & IEEE80211_FCTL_STYPE) == IEEE80211_STYPE_DATA) {
+ u8 *pos = &skb->data[IEEE80211_DATA_HDR3_LEN +
+ sizeof(rfc1042_header)];
+ meta->ethertype = (pos[0] << 8) | pos[1];
+ }
+ }
+
+ /* Send IEEE 802.11 encapsulated frame using the master radio device */
+ skb->dev = local->dev;
+ dev_queue_xmit(skb);
+ return NETDEV_TX_OK;
+}
+
+
+/* Called only from software IRQ */
+static struct sk_buff * hostap_tx_encrypt(struct sk_buff *skb,
+ struct lib80211_crypt_data *crypt)
+{
+ struct hostap_interface *iface;
+ local_info_t *local;
+ struct ieee80211_hdr *hdr;
+ int prefix_len, postfix_len, hdr_len, res;
+
+ iface = netdev_priv(skb->dev);
+ local = iface->local;
+
+ if (skb->len < IEEE80211_DATA_HDR3_LEN) {
+ kfree_skb(skb);
+ return NULL;
+ }
+
+ if (local->tkip_countermeasures &&
+ strcmp(crypt->ops->name, "TKIP") == 0) {
+ hdr = (struct ieee80211_hdr *) skb->data;
+ if (net_ratelimit()) {
+ printk(KERN_DEBUG "%s: TKIP countermeasures: dropped "
+ "TX packet to %pM\n",
+ local->dev->name, hdr->addr1);
+ }
+ kfree_skb(skb);
+ return NULL;
+ }
+
+ skb = skb_unshare(skb, GFP_ATOMIC);
+ if (skb == NULL)
+ return NULL;
+
+ prefix_len = crypt->ops->extra_mpdu_prefix_len +
+ crypt->ops->extra_msdu_prefix_len;
+ postfix_len = crypt->ops->extra_mpdu_postfix_len +
+ crypt->ops->extra_msdu_postfix_len;
+ if ((skb_headroom(skb) < prefix_len ||
+ skb_tailroom(skb) < postfix_len) &&
+ pskb_expand_head(skb, prefix_len, postfix_len, GFP_ATOMIC)) {
+ kfree_skb(skb);
+ return NULL;
+ }
+
+ hdr = (struct ieee80211_hdr *) skb->data;
+ hdr_len = hostap_80211_get_hdrlen(hdr->frame_control);
+
+ /* Host-based IEEE 802.11 fragmentation for TX is not yet supported, so
+ * call both MSDU and MPDU encryption functions from here. */
+ atomic_inc(&crypt->refcnt);
+ res = 0;
+ if (crypt->ops->encrypt_msdu)
+ res = crypt->ops->encrypt_msdu(skb, hdr_len, crypt->priv);
+ if (res == 0 && crypt->ops->encrypt_mpdu)
+ res = crypt->ops->encrypt_mpdu(skb, hdr_len, crypt->priv);
+ atomic_dec(&crypt->refcnt);
+ if (res < 0) {
+ kfree_skb(skb);
+ return NULL;
+ }
+
+ return skb;
+}
+
+
+/* hard_start_xmit function for master radio interface wifi#.
+ * AP processing (TX rate control, power save buffering, etc.).
+ * Use hardware TX function to send the frame. */
+netdev_tx_t hostap_master_start_xmit(struct sk_buff *skb,
+ struct net_device *dev)
+{
+ struct hostap_interface *iface;
+ local_info_t *local;
+ netdev_tx_t ret = NETDEV_TX_BUSY;
+ u16 fc;
+ struct hostap_tx_data tx;
+ ap_tx_ret tx_ret;
+ struct hostap_skb_tx_data *meta;
+ int no_encrypt = 0;
+ struct ieee80211_hdr *hdr;
+
+ iface = netdev_priv(dev);
+ local = iface->local;
+
+ tx.skb = skb;
+ tx.sta_ptr = NULL;
+
+ meta = (struct hostap_skb_tx_data *) skb->cb;
+ if (meta->magic != HOSTAP_SKB_TX_DATA_MAGIC) {
+ printk(KERN_DEBUG "%s: invalid skb->cb magic (0x%08x, "
+ "expected 0x%08x)\n",
+ dev->name, meta->magic, HOSTAP_SKB_TX_DATA_MAGIC);
+ ret = NETDEV_TX_OK;
+ iface->stats.tx_dropped++;
+ goto fail;
+ }
+
+ if (local->host_encrypt) {
+ /* Set crypt to default algorithm and key; will be replaced in
+ * AP code if STA has own alg/key */
+ tx.crypt = local->crypt_info.crypt[local->crypt_info.tx_keyidx];
+ tx.host_encrypt = 1;
+ } else {
+ tx.crypt = NULL;
+ tx.host_encrypt = 0;
+ }
+
+ if (skb->len < 24) {
+ printk(KERN_DEBUG "%s: hostap_master_start_xmit: short skb "
+ "(len=%d)\n", dev->name, skb->len);
+ ret = NETDEV_TX_OK;
+ iface->stats.tx_dropped++;
+ goto fail;
+ }
+
+ /* FIX (?):
+ * Wi-Fi 802.11b test plan suggests that AP should ignore power save
+ * bit in authentication and (re)association frames and assume tha
+ * STA remains awake for the response. */
+ tx_ret = hostap_handle_sta_tx(local, &tx);
+ skb = tx.skb;
+ meta = (struct hostap_skb_tx_data *) skb->cb;
+ hdr = (struct ieee80211_hdr *) skb->data;
+ fc = le16_to_cpu(hdr->frame_control);
+ switch (tx_ret) {
+ case AP_TX_CONTINUE:
+ break;
+ case AP_TX_CONTINUE_NOT_AUTHORIZED:
+ if (local->ieee_802_1x &&
+ ieee80211_is_data(hdr->frame_control) &&
+ meta->ethertype != ETH_P_PAE &&
+ !(meta->flags & HOSTAP_TX_FLAGS_WDS)) {
+ printk(KERN_DEBUG "%s: dropped frame to unauthorized "
+ "port (IEEE 802.1X): ethertype=0x%04x\n",
+ dev->name, meta->ethertype);
+ hostap_dump_tx_80211(dev->name, skb);
+
+ ret = NETDEV_TX_OK; /* drop packet */
+ iface->stats.tx_dropped++;
+ goto fail;
+ }
+ break;
+ case AP_TX_DROP:
+ ret = NETDEV_TX_OK; /* drop packet */
+ iface->stats.tx_dropped++;
+ goto fail;
+ case AP_TX_RETRY:
+ goto fail;
+ case AP_TX_BUFFERED:
+ /* do not free skb here, it will be freed when the
+ * buffered frame is sent/timed out */
+ ret = NETDEV_TX_OK;
+ goto tx_exit;
+ }
+
+ /* Request TX callback if protocol version is 2 in 802.11 header;
+ * this version 2 is a special case used between hostapd and kernel
+ * driver */
+ if (((fc & IEEE80211_FCTL_VERS) == BIT(1)) &&
+ local->ap && local->ap->tx_callback_idx && meta->tx_cb_idx == 0) {
+ meta->tx_cb_idx = local->ap->tx_callback_idx;
+
+ /* remove special version from the frame header */
+ fc &= ~IEEE80211_FCTL_VERS;
+ hdr->frame_control = cpu_to_le16(fc);
+ }
+
+ if (!ieee80211_is_data(hdr->frame_control)) {
+ no_encrypt = 1;
+ tx.crypt = NULL;
+ }
+
+ if (local->ieee_802_1x && meta->ethertype == ETH_P_PAE && tx.crypt &&
+ !(fc & IEEE80211_FCTL_PROTECTED)) {
+ no_encrypt = 1;
+ PDEBUG(DEBUG_EXTRA2, "%s: TX: IEEE 802.1X - passing "
+ "unencrypted EAPOL frame\n", dev->name);
+ tx.crypt = NULL; /* no encryption for IEEE 802.1X frames */
+ }
+
+ if (tx.crypt && (!tx.crypt->ops || !tx.crypt->ops->encrypt_mpdu))
+ tx.crypt = NULL;
+ else if ((tx.crypt ||
+ local->crypt_info.crypt[local->crypt_info.tx_keyidx]) &&
+ !no_encrypt) {
+ /* Add ISWEP flag both for firmware and host based encryption
+ */
+ fc |= IEEE80211_FCTL_PROTECTED;
+ hdr->frame_control = cpu_to_le16(fc);
+ } else if (local->drop_unencrypted &&
+ ieee80211_is_data(hdr->frame_control) &&
+ meta->ethertype != ETH_P_PAE) {
+ if (net_ratelimit()) {
+ printk(KERN_DEBUG "%s: dropped unencrypted TX data "
+ "frame (drop_unencrypted=1)\n", dev->name);
+ }
+ iface->stats.tx_dropped++;
+ ret = NETDEV_TX_OK;
+ goto fail;
+ }
+
+ if (tx.crypt) {
+ skb = hostap_tx_encrypt(skb, tx.crypt);
+ if (skb == NULL) {
+ printk(KERN_DEBUG "%s: TX - encryption failed\n",
+ dev->name);
+ ret = NETDEV_TX_OK;
+ goto fail;
+ }
+ meta = (struct hostap_skb_tx_data *) skb->cb;
+ if (meta->magic != HOSTAP_SKB_TX_DATA_MAGIC) {
+ printk(KERN_DEBUG "%s: invalid skb->cb magic (0x%08x, "
+ "expected 0x%08x) after hostap_tx_encrypt\n",
+ dev->name, meta->magic,
+ HOSTAP_SKB_TX_DATA_MAGIC);
+ ret = NETDEV_TX_OK;
+ iface->stats.tx_dropped++;
+ goto fail;
+ }
+ }
+
+ if (local->func->tx == NULL || local->func->tx(skb, dev)) {
+ ret = NETDEV_TX_OK;
+ iface->stats.tx_dropped++;
+ } else {
+ ret = NETDEV_TX_OK;
+ iface->stats.tx_packets++;
+ iface->stats.tx_bytes += skb->len;
+ }
+
+ fail:
+ if (ret == NETDEV_TX_OK && skb)
+ dev_kfree_skb(skb);
+ tx_exit:
+ if (tx.sta_ptr)
+ hostap_handle_sta_release(tx.sta_ptr);
+ return ret;
+}
+
+
+EXPORT_SYMBOL(hostap_master_start_xmit);
diff --git a/drivers/net/wireless/intersil/hostap/hostap_ap.c b/drivers/net/wireless/intersil/hostap/hostap_ap.c
new file mode 100644
index 000000000..462ccc7d7
--- /dev/null
+++ b/drivers/net/wireless/intersil/hostap/hostap_ap.c
@@ -0,0 +1,3277 @@
+// SPDX-License-Identifier: GPL-2.0
+/*
+ * Intersil Prism2 driver with Host AP (software access point) support
+ * Copyright (c) 2001-2002, SSH Communications Security Corp and Jouni Malinen
+ * <j@w1.fi>
+ * Copyright (c) 2002-2005, Jouni Malinen <j@w1.fi>
+ *
+ * This file is to be included into hostap.c when S/W AP functionality is
+ * compiled.
+ *
+ * AP: FIX:
+ * - if unicast Class 2 (assoc,reassoc,disassoc) frame received from
+ * unauthenticated STA, send deauth. frame (8802.11: 5.5)
+ * - if unicast Class 3 (data with to/from DS,deauth,pspoll) frame received
+ * from authenticated, but unassoc STA, send disassoc frame (8802.11: 5.5)
+ * - if unicast Class 3 received from unauthenticated STA, send deauth. frame
+ * (8802.11: 5.5)
+ */
+
+#include <linux/proc_fs.h>
+#include <linux/seq_file.h>
+#include <linux/delay.h>
+#include <linux/random.h>
+#include <linux/if_arp.h>
+#include <linux/slab.h>
+#include <linux/export.h>
+#include <linux/moduleparam.h>
+#include <linux/etherdevice.h>
+
+#include "hostap_wlan.h"
+#include "hostap.h"
+#include "hostap_ap.h"
+
+static int other_ap_policy[MAX_PARM_DEVICES] = { AP_OTHER_AP_SKIP_ALL,
+ DEF_INTS };
+module_param_array(other_ap_policy, int, NULL, 0444);
+MODULE_PARM_DESC(other_ap_policy, "Other AP beacon monitoring policy (0-3)");
+
+static int ap_max_inactivity[MAX_PARM_DEVICES] = { AP_MAX_INACTIVITY_SEC,
+ DEF_INTS };
+module_param_array(ap_max_inactivity, int, NULL, 0444);
+MODULE_PARM_DESC(ap_max_inactivity, "AP timeout (in seconds) for station "
+ "inactivity");
+
+static int ap_bridge_packets[MAX_PARM_DEVICES] = { 1, DEF_INTS };
+module_param_array(ap_bridge_packets, int, NULL, 0444);
+MODULE_PARM_DESC(ap_bridge_packets, "Bridge packets directly between "
+ "stations");
+
+static int autom_ap_wds[MAX_PARM_DEVICES] = { 0, DEF_INTS };
+module_param_array(autom_ap_wds, int, NULL, 0444);
+MODULE_PARM_DESC(autom_ap_wds, "Add WDS connections to other APs "
+ "automatically");
+
+
+static struct sta_info* ap_get_sta(struct ap_data *ap, u8 *sta);
+static void hostap_event_expired_sta(struct net_device *dev,
+ struct sta_info *sta);
+static void handle_add_proc_queue(struct work_struct *work);
+
+#ifndef PRISM2_NO_KERNEL_IEEE80211_MGMT
+static void handle_wds_oper_queue(struct work_struct *work);
+static void prism2_send_mgmt(struct net_device *dev,
+ u16 type_subtype, char *body,
+ int body_len, u8 *addr, u16 tx_cb_idx);
+#endif /* PRISM2_NO_KERNEL_IEEE80211_MGMT */
+
+
+#if !defined(PRISM2_NO_PROCFS_DEBUG) && defined(CONFIG_PROC_FS)
+static int ap_debug_proc_show(struct seq_file *m, void *v)
+{
+ struct ap_data *ap = pde_data(file_inode(m->file));
+
+ seq_printf(m, "BridgedUnicastFrames=%u\n", ap->bridged_unicast);
+ seq_printf(m, "BridgedMulticastFrames=%u\n", ap->bridged_multicast);
+ seq_printf(m, "max_inactivity=%u\n", ap->max_inactivity / HZ);
+ seq_printf(m, "bridge_packets=%u\n", ap->bridge_packets);
+ seq_printf(m, "nullfunc_ack=%u\n", ap->nullfunc_ack);
+ seq_printf(m, "autom_ap_wds=%u\n", ap->autom_ap_wds);
+ seq_printf(m, "auth_algs=%u\n", ap->local->auth_algs);
+ seq_printf(m, "tx_drop_nonassoc=%u\n", ap->tx_drop_nonassoc);
+ return 0;
+}
+#endif
+
+static void ap_sta_hash_add(struct ap_data *ap, struct sta_info *sta)
+{
+ sta->hnext = ap->sta_hash[STA_HASH(sta->addr)];
+ ap->sta_hash[STA_HASH(sta->addr)] = sta;
+}
+
+static void ap_sta_hash_del(struct ap_data *ap, struct sta_info *sta)
+{
+ struct sta_info *s;
+
+ s = ap->sta_hash[STA_HASH(sta->addr)];
+ if (s == NULL) return;
+ if (ether_addr_equal(s->addr, sta->addr)) {
+ ap->sta_hash[STA_HASH(sta->addr)] = s->hnext;
+ return;
+ }
+
+ while (s->hnext != NULL && !ether_addr_equal(s->hnext->addr, sta->addr))
+ s = s->hnext;
+ if (s->hnext != NULL)
+ s->hnext = s->hnext->hnext;
+ else
+ printk("AP: could not remove STA %pM from hash table\n",
+ sta->addr);
+}
+
+static void ap_free_sta(struct ap_data *ap, struct sta_info *sta)
+{
+ if (sta->ap && sta->local)
+ hostap_event_expired_sta(sta->local->dev, sta);
+
+ if (ap->proc != NULL) {
+ char name[20];
+ sprintf(name, "%pM", sta->addr);
+ remove_proc_entry(name, ap->proc);
+ }
+
+ if (sta->crypt) {
+ sta->crypt->ops->deinit(sta->crypt->priv);
+ kfree(sta->crypt);
+ sta->crypt = NULL;
+ }
+
+ skb_queue_purge(&sta->tx_buf);
+
+ ap->num_sta--;
+#ifndef PRISM2_NO_KERNEL_IEEE80211_MGMT
+ if (sta->aid > 0)
+ ap->sta_aid[sta->aid - 1] = NULL;
+
+ if (!sta->ap)
+ kfree(sta->u.sta.challenge);
+ del_timer_sync(&sta->timer);
+#endif /* PRISM2_NO_KERNEL_IEEE80211_MGMT */
+
+ kfree(sta);
+}
+
+
+static void hostap_set_tim(local_info_t *local, int aid, int set)
+{
+ if (local->func->set_tim)
+ local->func->set_tim(local->dev, aid, set);
+}
+
+
+static void hostap_event_new_sta(struct net_device *dev, struct sta_info *sta)
+{
+ union iwreq_data wrqu;
+ memset(&wrqu, 0, sizeof(wrqu));
+ memcpy(wrqu.addr.sa_data, sta->addr, ETH_ALEN);
+ wrqu.addr.sa_family = ARPHRD_ETHER;
+ wireless_send_event(dev, IWEVREGISTERED, &wrqu, NULL);
+}
+
+
+static void hostap_event_expired_sta(struct net_device *dev,
+ struct sta_info *sta)
+{
+ union iwreq_data wrqu;
+ memset(&wrqu, 0, sizeof(wrqu));
+ memcpy(wrqu.addr.sa_data, sta->addr, ETH_ALEN);
+ wrqu.addr.sa_family = ARPHRD_ETHER;
+ wireless_send_event(dev, IWEVEXPIRED, &wrqu, NULL);
+}
+
+
+#ifndef PRISM2_NO_KERNEL_IEEE80211_MGMT
+
+static void ap_handle_timer(struct timer_list *t)
+{
+ struct sta_info *sta = from_timer(sta, t, timer);
+ local_info_t *local;
+ struct ap_data *ap;
+ unsigned long next_time = 0;
+ int was_assoc;
+
+ if (sta == NULL || sta->local == NULL || sta->local->ap == NULL) {
+ PDEBUG(DEBUG_AP, "ap_handle_timer() called with NULL data\n");
+ return;
+ }
+
+ local = sta->local;
+ ap = local->ap;
+ was_assoc = sta->flags & WLAN_STA_ASSOC;
+
+ if (atomic_read(&sta->users) != 0)
+ next_time = jiffies + HZ;
+ else if ((sta->flags & WLAN_STA_PERM) && !(sta->flags & WLAN_STA_AUTH))
+ next_time = jiffies + ap->max_inactivity;
+
+ if (time_before(jiffies, sta->last_rx + ap->max_inactivity)) {
+ /* station activity detected; reset timeout state */
+ sta->timeout_next = STA_NULLFUNC;
+ next_time = sta->last_rx + ap->max_inactivity;
+ } else if (sta->timeout_next == STA_DISASSOC &&
+ !(sta->flags & WLAN_STA_PENDING_POLL)) {
+ /* STA ACKed data nullfunc frame poll */
+ sta->timeout_next = STA_NULLFUNC;
+ next_time = jiffies + ap->max_inactivity;
+ }
+
+ if (next_time) {
+ sta->timer.expires = next_time;
+ add_timer(&sta->timer);
+ return;
+ }
+
+ if (sta->ap)
+ sta->timeout_next = STA_DEAUTH;
+
+ if (sta->timeout_next == STA_DEAUTH && !(sta->flags & WLAN_STA_PERM)) {
+ spin_lock(&ap->sta_table_lock);
+ ap_sta_hash_del(ap, sta);
+ list_del(&sta->list);
+ spin_unlock(&ap->sta_table_lock);
+ sta->flags &= ~(WLAN_STA_AUTH | WLAN_STA_ASSOC);
+ } else if (sta->timeout_next == STA_DISASSOC)
+ sta->flags &= ~WLAN_STA_ASSOC;
+
+ if (was_assoc && !(sta->flags & WLAN_STA_ASSOC) && !sta->ap)
+ hostap_event_expired_sta(local->dev, sta);
+
+ if (sta->timeout_next == STA_DEAUTH && sta->aid > 0 &&
+ !skb_queue_empty(&sta->tx_buf)) {
+ hostap_set_tim(local, sta->aid, 0);
+ sta->flags &= ~WLAN_STA_TIM;
+ }
+
+ if (sta->ap) {
+ if (ap->autom_ap_wds) {
+ PDEBUG(DEBUG_AP, "%s: removing automatic WDS "
+ "connection to AP %pM\n",
+ local->dev->name, sta->addr);
+ hostap_wds_link_oper(local, sta->addr, WDS_DEL);
+ }
+ } else if (sta->timeout_next == STA_NULLFUNC) {
+ /* send data frame to poll STA and check whether this frame
+ * is ACKed */
+ /* FIX: IEEE80211_STYPE_NULLFUNC would be more appropriate, but
+ * it is apparently not retried so TX Exc events are not
+ * received for it */
+ sta->flags |= WLAN_STA_PENDING_POLL;
+ prism2_send_mgmt(local->dev, IEEE80211_FTYPE_DATA |
+ IEEE80211_STYPE_DATA, NULL, 0,
+ sta->addr, ap->tx_callback_poll);
+ } else {
+ int deauth = sta->timeout_next == STA_DEAUTH;
+ __le16 resp;
+ PDEBUG(DEBUG_AP, "%s: sending %s info to STA %pM"
+ "(last=%lu, jiffies=%lu)\n",
+ local->dev->name,
+ deauth ? "deauthentication" : "disassociation",
+ sta->addr, sta->last_rx, jiffies);
+
+ resp = cpu_to_le16(deauth ? WLAN_REASON_PREV_AUTH_NOT_VALID :
+ WLAN_REASON_DISASSOC_DUE_TO_INACTIVITY);
+ prism2_send_mgmt(local->dev, IEEE80211_FTYPE_MGMT |
+ (deauth ? IEEE80211_STYPE_DEAUTH :
+ IEEE80211_STYPE_DISASSOC),
+ (char *) &resp, 2, sta->addr, 0);
+ }
+
+ if (sta->timeout_next == STA_DEAUTH) {
+ if (sta->flags & WLAN_STA_PERM) {
+ PDEBUG(DEBUG_AP, "%s: STA %pM"
+ " would have been removed, "
+ "but it has 'perm' flag\n",
+ local->dev->name, sta->addr);
+ } else
+ ap_free_sta(ap, sta);
+ return;
+ }
+
+ if (sta->timeout_next == STA_NULLFUNC) {
+ sta->timeout_next = STA_DISASSOC;
+ sta->timer.expires = jiffies + AP_DISASSOC_DELAY;
+ } else {
+ sta->timeout_next = STA_DEAUTH;
+ sta->timer.expires = jiffies + AP_DEAUTH_DELAY;
+ }
+
+ add_timer(&sta->timer);
+}
+
+
+void hostap_deauth_all_stas(struct net_device *dev, struct ap_data *ap,
+ int resend)
+{
+ u8 addr[ETH_ALEN];
+ __le16 resp;
+ int i;
+
+ PDEBUG(DEBUG_AP, "%s: Deauthenticate all stations\n", dev->name);
+ eth_broadcast_addr(addr);
+
+ resp = cpu_to_le16(WLAN_REASON_PREV_AUTH_NOT_VALID);
+
+ /* deauth message sent; try to resend it few times; the message is
+ * broadcast, so it may be delayed until next DTIM; there is not much
+ * else we can do at this point since the driver is going to be shut
+ * down */
+ for (i = 0; i < 5; i++) {
+ prism2_send_mgmt(dev, IEEE80211_FTYPE_MGMT |
+ IEEE80211_STYPE_DEAUTH,
+ (char *) &resp, 2, addr, 0);
+
+ if (!resend || ap->num_sta <= 0)
+ return;
+
+ mdelay(50);
+ }
+}
+
+
+static int ap_control_proc_show(struct seq_file *m, void *v)
+{
+ struct ap_data *ap = pde_data(file_inode(m->file));
+ char *policy_txt;
+ struct mac_entry *entry;
+
+ if (v == SEQ_START_TOKEN) {
+ switch (ap->mac_restrictions.policy) {
+ case MAC_POLICY_OPEN:
+ policy_txt = "open";
+ break;
+ case MAC_POLICY_ALLOW:
+ policy_txt = "allow";
+ break;
+ case MAC_POLICY_DENY:
+ policy_txt = "deny";
+ break;
+ default:
+ policy_txt = "unknown";
+ break;
+ }
+ seq_printf(m, "MAC policy: %s\n", policy_txt);
+ seq_printf(m, "MAC entries: %u\n", ap->mac_restrictions.entries);
+ seq_puts(m, "MAC list:\n");
+ return 0;
+ }
+
+ entry = v;
+ seq_printf(m, "%pM\n", entry->addr);
+ return 0;
+}
+
+static void *ap_control_proc_start(struct seq_file *m, loff_t *_pos)
+{
+ struct ap_data *ap = pde_data(file_inode(m->file));
+ spin_lock_bh(&ap->mac_restrictions.lock);
+ return seq_list_start_head(&ap->mac_restrictions.mac_list, *_pos);
+}
+
+static void *ap_control_proc_next(struct seq_file *m, void *v, loff_t *_pos)
+{
+ struct ap_data *ap = pde_data(file_inode(m->file));
+ return seq_list_next(v, &ap->mac_restrictions.mac_list, _pos);
+}
+
+static void ap_control_proc_stop(struct seq_file *m, void *v)
+{
+ struct ap_data *ap = pde_data(file_inode(m->file));
+ spin_unlock_bh(&ap->mac_restrictions.lock);
+}
+
+static const struct seq_operations ap_control_proc_seqops = {
+ .start = ap_control_proc_start,
+ .next = ap_control_proc_next,
+ .stop = ap_control_proc_stop,
+ .show = ap_control_proc_show,
+};
+
+int ap_control_add_mac(struct mac_restrictions *mac_restrictions, u8 *mac)
+{
+ struct mac_entry *entry;
+
+ entry = kmalloc(sizeof(struct mac_entry), GFP_KERNEL);
+ if (entry == NULL)
+ return -ENOMEM;
+
+ memcpy(entry->addr, mac, ETH_ALEN);
+
+ spin_lock_bh(&mac_restrictions->lock);
+ list_add_tail(&entry->list, &mac_restrictions->mac_list);
+ mac_restrictions->entries++;
+ spin_unlock_bh(&mac_restrictions->lock);
+
+ return 0;
+}
+
+
+int ap_control_del_mac(struct mac_restrictions *mac_restrictions, u8 *mac)
+{
+ struct list_head *ptr;
+ struct mac_entry *entry;
+
+ spin_lock_bh(&mac_restrictions->lock);
+ for (ptr = mac_restrictions->mac_list.next;
+ ptr != &mac_restrictions->mac_list; ptr = ptr->next) {
+ entry = list_entry(ptr, struct mac_entry, list);
+
+ if (ether_addr_equal(entry->addr, mac)) {
+ list_del(ptr);
+ kfree(entry);
+ mac_restrictions->entries--;
+ spin_unlock_bh(&mac_restrictions->lock);
+ return 0;
+ }
+ }
+ spin_unlock_bh(&mac_restrictions->lock);
+ return -1;
+}
+
+
+static int ap_control_mac_deny(struct mac_restrictions *mac_restrictions,
+ u8 *mac)
+{
+ struct mac_entry *entry;
+ int found = 0;
+
+ if (mac_restrictions->policy == MAC_POLICY_OPEN)
+ return 0;
+
+ spin_lock_bh(&mac_restrictions->lock);
+ list_for_each_entry(entry, &mac_restrictions->mac_list, list) {
+ if (ether_addr_equal(entry->addr, mac)) {
+ found = 1;
+ break;
+ }
+ }
+ spin_unlock_bh(&mac_restrictions->lock);
+
+ if (mac_restrictions->policy == MAC_POLICY_ALLOW)
+ return !found;
+ else
+ return found;
+}
+
+
+void ap_control_flush_macs(struct mac_restrictions *mac_restrictions)
+{
+ struct list_head *ptr, *n;
+ struct mac_entry *entry;
+
+ if (mac_restrictions->entries == 0)
+ return;
+
+ spin_lock_bh(&mac_restrictions->lock);
+ for (ptr = mac_restrictions->mac_list.next, n = ptr->next;
+ ptr != &mac_restrictions->mac_list;
+ ptr = n, n = ptr->next) {
+ entry = list_entry(ptr, struct mac_entry, list);
+ list_del(ptr);
+ kfree(entry);
+ }
+ mac_restrictions->entries = 0;
+ spin_unlock_bh(&mac_restrictions->lock);
+}
+
+
+int ap_control_kick_mac(struct ap_data *ap, struct net_device *dev, u8 *mac)
+{
+ struct sta_info *sta;
+ __le16 resp;
+
+ spin_lock_bh(&ap->sta_table_lock);
+ sta = ap_get_sta(ap, mac);
+ if (sta) {
+ ap_sta_hash_del(ap, sta);
+ list_del(&sta->list);
+ }
+ spin_unlock_bh(&ap->sta_table_lock);
+
+ if (!sta)
+ return -EINVAL;
+
+ resp = cpu_to_le16(WLAN_REASON_PREV_AUTH_NOT_VALID);
+ prism2_send_mgmt(dev, IEEE80211_FTYPE_MGMT | IEEE80211_STYPE_DEAUTH,
+ (char *) &resp, 2, sta->addr, 0);
+
+ if ((sta->flags & WLAN_STA_ASSOC) && !sta->ap)
+ hostap_event_expired_sta(dev, sta);
+
+ ap_free_sta(ap, sta);
+
+ return 0;
+}
+
+#endif /* PRISM2_NO_KERNEL_IEEE80211_MGMT */
+
+
+void ap_control_kickall(struct ap_data *ap)
+{
+ struct list_head *ptr, *n;
+ struct sta_info *sta;
+
+ spin_lock_bh(&ap->sta_table_lock);
+ for (ptr = ap->sta_list.next, n = ptr->next; ptr != &ap->sta_list;
+ ptr = n, n = ptr->next) {
+ sta = list_entry(ptr, struct sta_info, list);
+ ap_sta_hash_del(ap, sta);
+ list_del(&sta->list);
+ if ((sta->flags & WLAN_STA_ASSOC) && !sta->ap && sta->local)
+ hostap_event_expired_sta(sta->local->dev, sta);
+ ap_free_sta(ap, sta);
+ }
+ spin_unlock_bh(&ap->sta_table_lock);
+}
+
+
+#ifndef PRISM2_NO_KERNEL_IEEE80211_MGMT
+
+static int prism2_ap_proc_show(struct seq_file *m, void *v)
+{
+ struct sta_info *sta = v;
+ int i;
+
+ if (v == SEQ_START_TOKEN) {
+ seq_printf(m, "# BSSID CHAN SIGNAL NOISE RATE SSID FLAGS\n");
+ return 0;
+ }
+
+ if (!sta->ap)
+ return 0;
+
+ seq_printf(m, "%pM %d %d %d %d '",
+ sta->addr,
+ sta->u.ap.channel, sta->last_rx_signal,
+ sta->last_rx_silence, sta->last_rx_rate);
+
+ for (i = 0; i < sta->u.ap.ssid_len; i++) {
+ if (sta->u.ap.ssid[i] >= 32 && sta->u.ap.ssid[i] < 127)
+ seq_putc(m, sta->u.ap.ssid[i]);
+ else
+ seq_printf(m, "<%02x>", sta->u.ap.ssid[i]);
+ }
+
+ seq_putc(m, '\'');
+ if (sta->capability & WLAN_CAPABILITY_ESS)
+ seq_puts(m, " [ESS]");
+ if (sta->capability & WLAN_CAPABILITY_IBSS)
+ seq_puts(m, " [IBSS]");
+ if (sta->capability & WLAN_CAPABILITY_PRIVACY)
+ seq_puts(m, " [WEP]");
+ seq_putc(m, '\n');
+ return 0;
+}
+
+static void *prism2_ap_proc_start(struct seq_file *m, loff_t *_pos)
+{
+ struct ap_data *ap = pde_data(file_inode(m->file));
+ spin_lock_bh(&ap->sta_table_lock);
+ return seq_list_start_head(&ap->sta_list, *_pos);
+}
+
+static void *prism2_ap_proc_next(struct seq_file *m, void *v, loff_t *_pos)
+{
+ struct ap_data *ap = pde_data(file_inode(m->file));
+ return seq_list_next(v, &ap->sta_list, _pos);
+}
+
+static void prism2_ap_proc_stop(struct seq_file *m, void *v)
+{
+ struct ap_data *ap = pde_data(file_inode(m->file));
+ spin_unlock_bh(&ap->sta_table_lock);
+}
+
+static const struct seq_operations prism2_ap_proc_seqops = {
+ .start = prism2_ap_proc_start,
+ .next = prism2_ap_proc_next,
+ .stop = prism2_ap_proc_stop,
+ .show = prism2_ap_proc_show,
+};
+#endif /* PRISM2_NO_KERNEL_IEEE80211_MGMT */
+
+
+void hostap_check_sta_fw_version(struct ap_data *ap, int sta_fw_ver)
+{
+ if (!ap)
+ return;
+
+ if (sta_fw_ver == PRISM2_FW_VER(0,8,0)) {
+ PDEBUG(DEBUG_AP, "Using data::nullfunc ACK workaround - "
+ "firmware upgrade recommended\n");
+ ap->nullfunc_ack = 1;
+ } else
+ ap->nullfunc_ack = 0;
+
+ if (sta_fw_ver == PRISM2_FW_VER(1,4,2)) {
+ printk(KERN_WARNING "%s: Warning: secondary station firmware "
+ "version 1.4.2 does not seem to work in Host AP mode\n",
+ ap->local->dev->name);
+ }
+}
+
+
+/* Called only as a tasklet (software IRQ) */
+static void hostap_ap_tx_cb(struct sk_buff *skb, int ok, void *data)
+{
+ struct ap_data *ap = data;
+ struct ieee80211_hdr *hdr;
+
+ if (!ap->local->hostapd || !ap->local->apdev) {
+ dev_kfree_skb(skb);
+ return;
+ }
+
+ /* Pass the TX callback frame to the hostapd; use 802.11 header version
+ * 1 to indicate failure (no ACK) and 2 success (frame ACKed) */
+
+ hdr = (struct ieee80211_hdr *) skb->data;
+ hdr->frame_control &= cpu_to_le16(~IEEE80211_FCTL_VERS);
+ hdr->frame_control |= cpu_to_le16(ok ? BIT(1) : BIT(0));
+
+ skb->dev = ap->local->apdev;
+ skb_pull(skb, hostap_80211_get_hdrlen(hdr->frame_control));
+ skb->pkt_type = PACKET_OTHERHOST;
+ skb->protocol = cpu_to_be16(ETH_P_802_2);
+ memset(skb->cb, 0, sizeof(skb->cb));
+ netif_rx(skb);
+}
+
+
+#ifndef PRISM2_NO_KERNEL_IEEE80211_MGMT
+/* Called only as a tasklet (software IRQ) */
+static void hostap_ap_tx_cb_auth(struct sk_buff *skb, int ok, void *data)
+{
+ struct ap_data *ap = data;
+ struct net_device *dev = ap->local->dev;
+ struct ieee80211_hdr *hdr;
+ u16 auth_alg, auth_transaction, status;
+ __le16 *pos;
+ struct sta_info *sta = NULL;
+ char *txt = NULL;
+
+ if (ap->local->hostapd) {
+ dev_kfree_skb(skb);
+ return;
+ }
+
+ hdr = (struct ieee80211_hdr *) skb->data;
+ if (!ieee80211_is_auth(hdr->frame_control) ||
+ skb->len < IEEE80211_MGMT_HDR_LEN + 6) {
+ printk(KERN_DEBUG "%s: hostap_ap_tx_cb_auth received invalid "
+ "frame\n", dev->name);
+ dev_kfree_skb(skb);
+ return;
+ }
+
+ pos = (__le16 *) (skb->data + IEEE80211_MGMT_HDR_LEN);
+ auth_alg = le16_to_cpu(*pos++);
+ auth_transaction = le16_to_cpu(*pos++);
+ status = le16_to_cpu(*pos++);
+
+ if (!ok) {
+ txt = "frame was not ACKed";
+ goto done;
+ }
+
+ spin_lock(&ap->sta_table_lock);
+ sta = ap_get_sta(ap, hdr->addr1);
+ if (sta)
+ atomic_inc(&sta->users);
+ spin_unlock(&ap->sta_table_lock);
+
+ if (!sta) {
+ txt = "STA not found";
+ goto done;
+ }
+
+ if (status == WLAN_STATUS_SUCCESS &&
+ ((auth_alg == WLAN_AUTH_OPEN && auth_transaction == 2) ||
+ (auth_alg == WLAN_AUTH_SHARED_KEY && auth_transaction == 4))) {
+ txt = "STA authenticated";
+ sta->flags |= WLAN_STA_AUTH;
+ sta->last_auth = jiffies;
+ } else if (status != WLAN_STATUS_SUCCESS)
+ txt = "authentication failed";
+
+ done:
+ if (sta)
+ atomic_dec(&sta->users);
+ if (txt) {
+ PDEBUG(DEBUG_AP, "%s: %pM auth_cb - alg=%d "
+ "trans#=%d status=%d - %s\n",
+ dev->name, hdr->addr1,
+ auth_alg, auth_transaction, status, txt);
+ }
+ dev_kfree_skb(skb);
+}
+
+
+/* Called only as a tasklet (software IRQ) */
+static void hostap_ap_tx_cb_assoc(struct sk_buff *skb, int ok, void *data)
+{
+ struct ap_data *ap = data;
+ struct net_device *dev = ap->local->dev;
+ struct ieee80211_hdr *hdr;
+ u16 status;
+ __le16 *pos;
+ struct sta_info *sta = NULL;
+ char *txt = NULL;
+
+ if (ap->local->hostapd) {
+ dev_kfree_skb(skb);
+ return;
+ }
+
+ hdr = (struct ieee80211_hdr *) skb->data;
+ if ((!ieee80211_is_assoc_resp(hdr->frame_control) &&
+ !ieee80211_is_reassoc_resp(hdr->frame_control)) ||
+ skb->len < IEEE80211_MGMT_HDR_LEN + 4) {
+ printk(KERN_DEBUG "%s: hostap_ap_tx_cb_assoc received invalid "
+ "frame\n", dev->name);
+ dev_kfree_skb(skb);
+ return;
+ }
+
+ if (!ok) {
+ txt = "frame was not ACKed";
+ goto done;
+ }
+
+ spin_lock(&ap->sta_table_lock);
+ sta = ap_get_sta(ap, hdr->addr1);
+ if (sta)
+ atomic_inc(&sta->users);
+ spin_unlock(&ap->sta_table_lock);
+
+ if (!sta) {
+ txt = "STA not found";
+ goto done;
+ }
+
+ pos = (__le16 *) (skb->data + IEEE80211_MGMT_HDR_LEN);
+ pos++;
+ status = le16_to_cpu(*pos++);
+ if (status == WLAN_STATUS_SUCCESS) {
+ if (!(sta->flags & WLAN_STA_ASSOC))
+ hostap_event_new_sta(dev, sta);
+ txt = "STA associated";
+ sta->flags |= WLAN_STA_ASSOC;
+ sta->last_assoc = jiffies;
+ } else
+ txt = "association failed";
+
+ done:
+ if (sta)
+ atomic_dec(&sta->users);
+ if (txt) {
+ PDEBUG(DEBUG_AP, "%s: %pM assoc_cb - %s\n",
+ dev->name, hdr->addr1, txt);
+ }
+ dev_kfree_skb(skb);
+}
+
+/* Called only as a tasklet (software IRQ); TX callback for poll frames used
+ * in verifying whether the STA is still present. */
+static void hostap_ap_tx_cb_poll(struct sk_buff *skb, int ok, void *data)
+{
+ struct ap_data *ap = data;
+ struct ieee80211_hdr *hdr;
+ struct sta_info *sta;
+
+ if (skb->len < 24)
+ goto fail;
+ hdr = (struct ieee80211_hdr *) skb->data;
+ if (ok) {
+ spin_lock(&ap->sta_table_lock);
+ sta = ap_get_sta(ap, hdr->addr1);
+ if (sta)
+ sta->flags &= ~WLAN_STA_PENDING_POLL;
+ spin_unlock(&ap->sta_table_lock);
+ } else {
+ PDEBUG(DEBUG_AP,
+ "%s: STA %pM did not ACK activity poll frame\n",
+ ap->local->dev->name, hdr->addr1);
+ }
+
+ fail:
+ dev_kfree_skb(skb);
+}
+#endif /* PRISM2_NO_KERNEL_IEEE80211_MGMT */
+
+
+void hostap_init_data(local_info_t *local)
+{
+ struct ap_data *ap = local->ap;
+
+ if (ap == NULL) {
+ printk(KERN_WARNING "hostap_init_data: ap == NULL\n");
+ return;
+ }
+ memset(ap, 0, sizeof(struct ap_data));
+ ap->local = local;
+
+ ap->ap_policy = GET_INT_PARM(other_ap_policy, local->card_idx);
+ ap->bridge_packets = GET_INT_PARM(ap_bridge_packets, local->card_idx);
+ ap->max_inactivity =
+ GET_INT_PARM(ap_max_inactivity, local->card_idx) * HZ;
+ ap->autom_ap_wds = GET_INT_PARM(autom_ap_wds, local->card_idx);
+
+ spin_lock_init(&ap->sta_table_lock);
+ INIT_LIST_HEAD(&ap->sta_list);
+
+ /* Initialize task queue structure for AP management */
+ INIT_WORK(&local->ap->add_sta_proc_queue, handle_add_proc_queue);
+
+ ap->tx_callback_idx =
+ hostap_tx_callback_register(local, hostap_ap_tx_cb, ap);
+ if (ap->tx_callback_idx == 0)
+ printk(KERN_WARNING "%s: failed to register TX callback for "
+ "AP\n", local->dev->name);
+#ifndef PRISM2_NO_KERNEL_IEEE80211_MGMT
+ INIT_WORK(&local->ap->wds_oper_queue, handle_wds_oper_queue);
+
+ ap->tx_callback_auth =
+ hostap_tx_callback_register(local, hostap_ap_tx_cb_auth, ap);
+ ap->tx_callback_assoc =
+ hostap_tx_callback_register(local, hostap_ap_tx_cb_assoc, ap);
+ ap->tx_callback_poll =
+ hostap_tx_callback_register(local, hostap_ap_tx_cb_poll, ap);
+ if (ap->tx_callback_auth == 0 || ap->tx_callback_assoc == 0 ||
+ ap->tx_callback_poll == 0)
+ printk(KERN_WARNING "%s: failed to register TX callback for "
+ "AP\n", local->dev->name);
+
+ spin_lock_init(&ap->mac_restrictions.lock);
+ INIT_LIST_HEAD(&ap->mac_restrictions.mac_list);
+#endif /* PRISM2_NO_KERNEL_IEEE80211_MGMT */
+
+ ap->initialized = 1;
+}
+
+
+void hostap_init_ap_proc(local_info_t *local)
+{
+ struct ap_data *ap = local->ap;
+
+ ap->proc = local->proc;
+ if (ap->proc == NULL)
+ return;
+
+#ifndef PRISM2_NO_PROCFS_DEBUG
+ proc_create_single_data("ap_debug", 0, ap->proc, ap_debug_proc_show, ap);
+#endif /* PRISM2_NO_PROCFS_DEBUG */
+
+#ifndef PRISM2_NO_KERNEL_IEEE80211_MGMT
+ proc_create_seq_data("ap_control", 0, ap->proc, &ap_control_proc_seqops,
+ ap);
+ proc_create_seq_data("ap", 0, ap->proc, &prism2_ap_proc_seqops, ap);
+#endif /* PRISM2_NO_KERNEL_IEEE80211_MGMT */
+
+}
+
+
+void hostap_free_data(struct ap_data *ap)
+{
+ struct sta_info *n, *sta;
+
+ if (ap == NULL || !ap->initialized) {
+ printk(KERN_DEBUG "hostap_free_data: ap has not yet been "
+ "initialized - skip resource freeing\n");
+ return;
+ }
+
+ flush_work(&ap->add_sta_proc_queue);
+
+#ifndef PRISM2_NO_KERNEL_IEEE80211_MGMT
+ flush_work(&ap->wds_oper_queue);
+ if (ap->crypt)
+ ap->crypt->deinit(ap->crypt_priv);
+ ap->crypt = ap->crypt_priv = NULL;
+#endif /* PRISM2_NO_KERNEL_IEEE80211_MGMT */
+
+ list_for_each_entry_safe(sta, n, &ap->sta_list, list) {
+ ap_sta_hash_del(ap, sta);
+ list_del(&sta->list);
+ if ((sta->flags & WLAN_STA_ASSOC) && !sta->ap && sta->local)
+ hostap_event_expired_sta(sta->local->dev, sta);
+ ap_free_sta(ap, sta);
+ }
+
+#ifndef PRISM2_NO_PROCFS_DEBUG
+ if (ap->proc != NULL) {
+ remove_proc_entry("ap_debug", ap->proc);
+ }
+#endif /* PRISM2_NO_PROCFS_DEBUG */
+
+#ifndef PRISM2_NO_KERNEL_IEEE80211_MGMT
+ if (ap->proc != NULL) {
+ remove_proc_entry("ap", ap->proc);
+ remove_proc_entry("ap_control", ap->proc);
+ }
+ ap_control_flush_macs(&ap->mac_restrictions);
+#endif /* PRISM2_NO_KERNEL_IEEE80211_MGMT */
+
+ ap->initialized = 0;
+}
+
+
+/* caller should have mutex for AP STA list handling */
+static struct sta_info* ap_get_sta(struct ap_data *ap, u8 *sta)
+{
+ struct sta_info *s;
+
+ s = ap->sta_hash[STA_HASH(sta)];
+ while (s != NULL && !ether_addr_equal(s->addr, sta))
+ s = s->hnext;
+ return s;
+}
+
+
+#ifndef PRISM2_NO_KERNEL_IEEE80211_MGMT
+
+/* Called from timer handler and from scheduled AP queue handlers */
+static void prism2_send_mgmt(struct net_device *dev,
+ u16 type_subtype, char *body,
+ int body_len, u8 *addr, u16 tx_cb_idx)
+{
+ struct hostap_interface *iface;
+ local_info_t *local;
+ struct ieee80211_hdr *hdr;
+ u16 fc;
+ struct sk_buff *skb;
+ struct hostap_skb_tx_data *meta;
+ int hdrlen;
+
+ iface = netdev_priv(dev);
+ local = iface->local;
+ dev = local->dev; /* always use master radio device */
+ iface = netdev_priv(dev);
+
+ if (!(dev->flags & IFF_UP)) {
+ PDEBUG(DEBUG_AP, "%s: prism2_send_mgmt - device is not UP - "
+ "cannot send frame\n", dev->name);
+ return;
+ }
+
+ skb = dev_alloc_skb(sizeof(*hdr) + body_len);
+ if (skb == NULL) {
+ PDEBUG(DEBUG_AP, "%s: prism2_send_mgmt failed to allocate "
+ "skb\n", dev->name);
+ return;
+ }
+
+ fc = type_subtype;
+ hdrlen = hostap_80211_get_hdrlen(cpu_to_le16(type_subtype));
+ hdr = skb_put_zero(skb, hdrlen);
+ if (body)
+ skb_put_data(skb, body, body_len);
+
+ /* FIX: ctrl::ack sending used special HFA384X_TX_CTRL_802_11
+ * tx_control instead of using local->tx_control */
+
+
+ memcpy(hdr->addr1, addr, ETH_ALEN); /* DA / RA */
+ if (ieee80211_is_data(hdr->frame_control)) {
+ fc |= IEEE80211_FCTL_FROMDS;
+ memcpy(hdr->addr2, dev->dev_addr, ETH_ALEN); /* BSSID */
+ memcpy(hdr->addr3, dev->dev_addr, ETH_ALEN); /* SA */
+ } else if (ieee80211_is_ctl(hdr->frame_control)) {
+ /* control:ACK does not have addr2 or addr3 */
+ eth_zero_addr(hdr->addr2);
+ eth_zero_addr(hdr->addr3);
+ } else {
+ memcpy(hdr->addr2, dev->dev_addr, ETH_ALEN); /* SA */
+ memcpy(hdr->addr3, dev->dev_addr, ETH_ALEN); /* BSSID */
+ }
+
+ hdr->frame_control = cpu_to_le16(fc);
+
+ meta = (struct hostap_skb_tx_data *) skb->cb;
+ memset(meta, 0, sizeof(*meta));
+ meta->magic = HOSTAP_SKB_TX_DATA_MAGIC;
+ meta->iface = iface;
+ meta->tx_cb_idx = tx_cb_idx;
+
+ skb->dev = dev;
+ skb_reset_mac_header(skb);
+ skb_reset_network_header(skb);
+ dev_queue_xmit(skb);
+}
+#endif /* PRISM2_NO_KERNEL_IEEE80211_MGMT */
+
+#ifdef CONFIG_PROC_FS
+static int prism2_sta_proc_show(struct seq_file *m, void *v)
+{
+ struct sta_info *sta = m->private;
+ int i;
+
+ /* FIX: possible race condition.. the STA data could have just expired,
+ * but proc entry was still here so that the read could have started;
+ * some locking should be done here.. */
+
+ seq_printf(m,
+ "%s=%pM\nusers=%d\naid=%d\n"
+ "flags=0x%04x%s%s%s%s%s%s%s\n"
+ "capability=0x%02x\nlisten_interval=%d\nsupported_rates=",
+ sta->ap ? "AP" : "STA",
+ sta->addr, atomic_read(&sta->users), sta->aid,
+ sta->flags,
+ sta->flags & WLAN_STA_AUTH ? " AUTH" : "",
+ sta->flags & WLAN_STA_ASSOC ? " ASSOC" : "",
+ sta->flags & WLAN_STA_PS ? " PS" : "",
+ sta->flags & WLAN_STA_TIM ? " TIM" : "",
+ sta->flags & WLAN_STA_PERM ? " PERM" : "",
+ sta->flags & WLAN_STA_AUTHORIZED ? " AUTHORIZED" : "",
+ sta->flags & WLAN_STA_PENDING_POLL ? " POLL" : "",
+ sta->capability, sta->listen_interval);
+ /* supported_rates: 500 kbit/s units with msb ignored */
+ for (i = 0; i < sizeof(sta->supported_rates); i++)
+ if (sta->supported_rates[i] != 0)
+ seq_printf(m, "%d%sMbps ",
+ (sta->supported_rates[i] & 0x7f) / 2,
+ sta->supported_rates[i] & 1 ? ".5" : "");
+ seq_printf(m,
+ "\njiffies=%lu\nlast_auth=%lu\nlast_assoc=%lu\n"
+ "last_rx=%lu\nlast_tx=%lu\nrx_packets=%lu\n"
+ "tx_packets=%lu\n"
+ "rx_bytes=%lu\ntx_bytes=%lu\nbuffer_count=%d\n"
+ "last_rx: silence=%d dBm signal=%d dBm rate=%d%s Mbps\n"
+ "tx_rate=%d\ntx[1M]=%d\ntx[2M]=%d\ntx[5.5M]=%d\n"
+ "tx[11M]=%d\n"
+ "rx[1M]=%d\nrx[2M]=%d\nrx[5.5M]=%d\nrx[11M]=%d\n",
+ jiffies, sta->last_auth, sta->last_assoc, sta->last_rx,
+ sta->last_tx,
+ sta->rx_packets, sta->tx_packets, sta->rx_bytes,
+ sta->tx_bytes, skb_queue_len(&sta->tx_buf),
+ sta->last_rx_silence,
+ sta->last_rx_signal, sta->last_rx_rate / 10,
+ sta->last_rx_rate % 10 ? ".5" : "",
+ sta->tx_rate, sta->tx_count[0], sta->tx_count[1],
+ sta->tx_count[2], sta->tx_count[3], sta->rx_count[0],
+ sta->rx_count[1], sta->rx_count[2], sta->rx_count[3]);
+ if (sta->crypt && sta->crypt->ops && sta->crypt->ops->print_stats)
+ sta->crypt->ops->print_stats(m, sta->crypt->priv);
+#ifndef PRISM2_NO_KERNEL_IEEE80211_MGMT
+ if (sta->ap) {
+ if (sta->u.ap.channel >= 0)
+ seq_printf(m, "channel=%d\n", sta->u.ap.channel);
+ seq_puts(m, "ssid=");
+ for (i = 0; i < sta->u.ap.ssid_len; i++) {
+ if (sta->u.ap.ssid[i] >= 32 && sta->u.ap.ssid[i] < 127)
+ seq_putc(m, sta->u.ap.ssid[i]);
+ else
+ seq_printf(m, "<%02x>", sta->u.ap.ssid[i]);
+ }
+ seq_putc(m, '\n');
+ }
+#endif /* PRISM2_NO_KERNEL_IEEE80211_MGMT */
+
+ return 0;
+}
+#endif
+
+static void handle_add_proc_queue(struct work_struct *work)
+{
+ struct ap_data *ap = container_of(work, struct ap_data,
+ add_sta_proc_queue);
+ struct sta_info *sta;
+ char name[20];
+ struct add_sta_proc_data *entry, *prev;
+
+ entry = ap->add_sta_proc_entries;
+ ap->add_sta_proc_entries = NULL;
+
+ while (entry) {
+ spin_lock_bh(&ap->sta_table_lock);
+ sta = ap_get_sta(ap, entry->addr);
+ if (sta)
+ atomic_inc(&sta->users);
+ spin_unlock_bh(&ap->sta_table_lock);
+
+ if (sta) {
+ sprintf(name, "%pM", sta->addr);
+ sta->proc = proc_create_single_data(
+ name, 0, ap->proc,
+ prism2_sta_proc_show, sta);
+
+ atomic_dec(&sta->users);
+ }
+
+ prev = entry;
+ entry = entry->next;
+ kfree(prev);
+ }
+}
+
+
+static struct sta_info * ap_add_sta(struct ap_data *ap, u8 *addr)
+{
+ struct sta_info *sta;
+
+ sta = kzalloc(sizeof(struct sta_info), GFP_ATOMIC);
+ if (sta == NULL) {
+ PDEBUG(DEBUG_AP, "AP: kmalloc failed\n");
+ return NULL;
+ }
+
+ /* initialize STA info data */
+ sta->local = ap->local;
+ skb_queue_head_init(&sta->tx_buf);
+ memcpy(sta->addr, addr, ETH_ALEN);
+
+ atomic_inc(&sta->users);
+ spin_lock_bh(&ap->sta_table_lock);
+ list_add(&sta->list, &ap->sta_list);
+ ap->num_sta++;
+ ap_sta_hash_add(ap, sta);
+ spin_unlock_bh(&ap->sta_table_lock);
+
+ if (ap->proc) {
+ struct add_sta_proc_data *entry;
+ /* schedule a non-interrupt context process to add a procfs
+ * entry for the STA since procfs code use GFP_KERNEL */
+ entry = kmalloc(sizeof(*entry), GFP_ATOMIC);
+ if (entry) {
+ memcpy(entry->addr, sta->addr, ETH_ALEN);
+ entry->next = ap->add_sta_proc_entries;
+ ap->add_sta_proc_entries = entry;
+ schedule_work(&ap->add_sta_proc_queue);
+ } else
+ printk(KERN_DEBUG "Failed to add STA proc data\n");
+ }
+
+#ifndef PRISM2_NO_KERNEL_IEEE80211_MGMT
+ timer_setup(&sta->timer, ap_handle_timer, 0);
+ sta->timer.expires = jiffies + ap->max_inactivity;
+ if (!ap->local->hostapd)
+ add_timer(&sta->timer);
+#endif /* PRISM2_NO_KERNEL_IEEE80211_MGMT */
+
+ return sta;
+}
+
+
+static int ap_tx_rate_ok(int rateidx, struct sta_info *sta,
+ local_info_t *local)
+{
+ if (rateidx > sta->tx_max_rate ||
+ !(sta->tx_supp_rates & (1 << rateidx)))
+ return 0;
+
+ if (local->tx_rate_control != 0 &&
+ !(local->tx_rate_control & (1 << rateidx)))
+ return 0;
+
+ return 1;
+}
+
+
+static void prism2_check_tx_rates(struct sta_info *sta)
+{
+ int i;
+
+ sta->tx_supp_rates = 0;
+ for (i = 0; i < sizeof(sta->supported_rates); i++) {
+ if ((sta->supported_rates[i] & 0x7f) == 2)
+ sta->tx_supp_rates |= WLAN_RATE_1M;
+ if ((sta->supported_rates[i] & 0x7f) == 4)
+ sta->tx_supp_rates |= WLAN_RATE_2M;
+ if ((sta->supported_rates[i] & 0x7f) == 11)
+ sta->tx_supp_rates |= WLAN_RATE_5M5;
+ if ((sta->supported_rates[i] & 0x7f) == 22)
+ sta->tx_supp_rates |= WLAN_RATE_11M;
+ }
+ sta->tx_max_rate = sta->tx_rate = sta->tx_rate_idx = 0;
+ if (sta->tx_supp_rates & WLAN_RATE_1M) {
+ sta->tx_max_rate = 0;
+ if (ap_tx_rate_ok(0, sta, sta->local)) {
+ sta->tx_rate = 10;
+ sta->tx_rate_idx = 0;
+ }
+ }
+ if (sta->tx_supp_rates & WLAN_RATE_2M) {
+ sta->tx_max_rate = 1;
+ if (ap_tx_rate_ok(1, sta, sta->local)) {
+ sta->tx_rate = 20;
+ sta->tx_rate_idx = 1;
+ }
+ }
+ if (sta->tx_supp_rates & WLAN_RATE_5M5) {
+ sta->tx_max_rate = 2;
+ if (ap_tx_rate_ok(2, sta, sta->local)) {
+ sta->tx_rate = 55;
+ sta->tx_rate_idx = 2;
+ }
+ }
+ if (sta->tx_supp_rates & WLAN_RATE_11M) {
+ sta->tx_max_rate = 3;
+ if (ap_tx_rate_ok(3, sta, sta->local)) {
+ sta->tx_rate = 110;
+ sta->tx_rate_idx = 3;
+ }
+ }
+}
+
+
+#ifndef PRISM2_NO_KERNEL_IEEE80211_MGMT
+
+static void ap_crypt_init(struct ap_data *ap)
+{
+ ap->crypt = lib80211_get_crypto_ops("WEP");
+
+ if (ap->crypt) {
+ if (ap->crypt->init) {
+ ap->crypt_priv = ap->crypt->init(0);
+ if (ap->crypt_priv == NULL)
+ ap->crypt = NULL;
+ else {
+ u8 key[WEP_KEY_LEN];
+ get_random_bytes(key, WEP_KEY_LEN);
+ ap->crypt->set_key(key, WEP_KEY_LEN, NULL,
+ ap->crypt_priv);
+ }
+ }
+ }
+
+ if (ap->crypt == NULL) {
+ printk(KERN_WARNING "AP could not initialize WEP: load module "
+ "lib80211_crypt_wep.ko\n");
+ }
+}
+
+
+/* Generate challenge data for shared key authentication. IEEE 802.11 specifies
+ * that WEP algorithm is used for generating challenge. This should be unique,
+ * but otherwise there is not really need for randomness etc. Initialize WEP
+ * with pseudo random key and then use increasing IV to get unique challenge
+ * streams.
+ *
+ * Called only as a scheduled task for pending AP frames.
+ */
+static char * ap_auth_make_challenge(struct ap_data *ap)
+{
+ char *tmpbuf;
+ struct sk_buff *skb;
+
+ if (ap->crypt == NULL) {
+ ap_crypt_init(ap);
+ if (ap->crypt == NULL)
+ return NULL;
+ }
+
+ tmpbuf = kmalloc(WLAN_AUTH_CHALLENGE_LEN, GFP_ATOMIC);
+ if (tmpbuf == NULL) {
+ PDEBUG(DEBUG_AP, "AP: kmalloc failed for challenge\n");
+ return NULL;
+ }
+
+ skb = dev_alloc_skb(WLAN_AUTH_CHALLENGE_LEN +
+ ap->crypt->extra_mpdu_prefix_len +
+ ap->crypt->extra_mpdu_postfix_len);
+ if (skb == NULL) {
+ kfree(tmpbuf);
+ return NULL;
+ }
+
+ skb_reserve(skb, ap->crypt->extra_mpdu_prefix_len);
+ skb_put_zero(skb, WLAN_AUTH_CHALLENGE_LEN);
+ if (ap->crypt->encrypt_mpdu(skb, 0, ap->crypt_priv)) {
+ dev_kfree_skb(skb);
+ kfree(tmpbuf);
+ return NULL;
+ }
+
+ skb_copy_from_linear_data_offset(skb, ap->crypt->extra_mpdu_prefix_len,
+ tmpbuf, WLAN_AUTH_CHALLENGE_LEN);
+ dev_kfree_skb(skb);
+
+ return tmpbuf;
+}
+
+
+/* Called only as a scheduled task for pending AP frames. */
+static void handle_authen(local_info_t *local, struct sk_buff *skb,
+ struct hostap_80211_rx_status *rx_stats)
+{
+ struct net_device *dev = local->dev;
+ struct ieee80211_hdr *hdr = (struct ieee80211_hdr *) skb->data;
+ size_t hdrlen;
+ struct ap_data *ap = local->ap;
+ char body[8 + WLAN_AUTH_CHALLENGE_LEN], *challenge = NULL;
+ int len, olen;
+ u16 auth_alg, auth_transaction, status_code;
+ __le16 *pos;
+ u16 resp = WLAN_STATUS_SUCCESS;
+ struct sta_info *sta = NULL;
+ struct lib80211_crypt_data *crypt;
+ char *txt = "";
+
+ len = skb->len - IEEE80211_MGMT_HDR_LEN;
+
+ hdrlen = hostap_80211_get_hdrlen(hdr->frame_control);
+
+ if (len < 6) {
+ PDEBUG(DEBUG_AP, "%s: handle_authen - too short payload "
+ "(len=%d) from %pM\n", dev->name, len, hdr->addr2);
+ return;
+ }
+
+ spin_lock_bh(&local->ap->sta_table_lock);
+ sta = ap_get_sta(local->ap, hdr->addr2);
+ if (sta)
+ atomic_inc(&sta->users);
+ spin_unlock_bh(&local->ap->sta_table_lock);
+
+ if (sta && sta->crypt)
+ crypt = sta->crypt;
+ else {
+ int idx = 0;
+ if (skb->len >= hdrlen + 3)
+ idx = skb->data[hdrlen + 3] >> 6;
+ crypt = local->crypt_info.crypt[idx];
+ }
+
+ pos = (__le16 *) (skb->data + IEEE80211_MGMT_HDR_LEN);
+ auth_alg = __le16_to_cpu(*pos);
+ pos++;
+ auth_transaction = __le16_to_cpu(*pos);
+ pos++;
+ status_code = __le16_to_cpu(*pos);
+ pos++;
+
+ if (ether_addr_equal(dev->dev_addr, hdr->addr2) ||
+ ap_control_mac_deny(&ap->mac_restrictions, hdr->addr2)) {
+ txt = "authentication denied";
+ resp = WLAN_STATUS_UNSPECIFIED_FAILURE;
+ goto fail;
+ }
+
+ if (((local->auth_algs & PRISM2_AUTH_OPEN) &&
+ auth_alg == WLAN_AUTH_OPEN) ||
+ ((local->auth_algs & PRISM2_AUTH_SHARED_KEY) &&
+ crypt && auth_alg == WLAN_AUTH_SHARED_KEY)) {
+ } else {
+ txt = "unsupported algorithm";
+ resp = WLAN_STATUS_NOT_SUPPORTED_AUTH_ALG;
+ goto fail;
+ }
+
+ if (len >= 8) {
+ u8 *u = (u8 *) pos;
+ if (*u == WLAN_EID_CHALLENGE) {
+ if (*(u + 1) != WLAN_AUTH_CHALLENGE_LEN) {
+ txt = "invalid challenge len";
+ resp = WLAN_STATUS_CHALLENGE_FAIL;
+ goto fail;
+ }
+ if (len - 8 < WLAN_AUTH_CHALLENGE_LEN) {
+ txt = "challenge underflow";
+ resp = WLAN_STATUS_CHALLENGE_FAIL;
+ goto fail;
+ }
+ challenge = (char *) (u + 2);
+ }
+ }
+
+ if (sta && sta->ap) {
+ if (time_after(jiffies, sta->u.ap.last_beacon +
+ (10 * sta->listen_interval * HZ) / 1024)) {
+ PDEBUG(DEBUG_AP, "%s: no beacons received for a while,"
+ " assuming AP %pM is now STA\n",
+ dev->name, sta->addr);
+ sta->ap = 0;
+ sta->flags = 0;
+ sta->u.sta.challenge = NULL;
+ } else {
+ txt = "AP trying to authenticate?";
+ resp = WLAN_STATUS_UNSPECIFIED_FAILURE;
+ goto fail;
+ }
+ }
+
+ if ((auth_alg == WLAN_AUTH_OPEN && auth_transaction == 1) ||
+ (auth_alg == WLAN_AUTH_SHARED_KEY &&
+ (auth_transaction == 1 ||
+ (auth_transaction == 3 && sta != NULL &&
+ sta->u.sta.challenge != NULL)))) {
+ } else {
+ txt = "unknown authentication transaction number";
+ resp = WLAN_STATUS_UNKNOWN_AUTH_TRANSACTION;
+ goto fail;
+ }
+
+ if (sta == NULL) {
+ txt = "new STA";
+
+ if (local->ap->num_sta >= MAX_STA_COUNT) {
+ /* FIX: might try to remove some old STAs first? */
+ txt = "no more room for new STAs";
+ resp = WLAN_STATUS_UNSPECIFIED_FAILURE;
+ goto fail;
+ }
+
+ sta = ap_add_sta(local->ap, hdr->addr2);
+ if (sta == NULL) {
+ txt = "ap_add_sta failed";
+ resp = WLAN_STATUS_UNSPECIFIED_FAILURE;
+ goto fail;
+ }
+ }
+
+ switch (auth_alg) {
+ case WLAN_AUTH_OPEN:
+ txt = "authOK";
+ /* IEEE 802.11 standard is not completely clear about
+ * whether STA is considered authenticated after
+ * authentication OK frame has been send or after it
+ * has been ACKed. In order to reduce interoperability
+ * issues, mark the STA authenticated before ACK. */
+ sta->flags |= WLAN_STA_AUTH;
+ break;
+
+ case WLAN_AUTH_SHARED_KEY:
+ if (auth_transaction == 1) {
+ if (sta->u.sta.challenge == NULL) {
+ sta->u.sta.challenge =
+ ap_auth_make_challenge(local->ap);
+ if (sta->u.sta.challenge == NULL) {
+ resp = WLAN_STATUS_UNSPECIFIED_FAILURE;
+ goto fail;
+ }
+ }
+ } else {
+ if (sta->u.sta.challenge == NULL ||
+ challenge == NULL ||
+ memcmp(sta->u.sta.challenge, challenge,
+ WLAN_AUTH_CHALLENGE_LEN) != 0 ||
+ !ieee80211_has_protected(hdr->frame_control)) {
+ txt = "challenge response incorrect";
+ resp = WLAN_STATUS_CHALLENGE_FAIL;
+ goto fail;
+ }
+
+ txt = "challenge OK - authOK";
+ /* IEEE 802.11 standard is not completely clear about
+ * whether STA is considered authenticated after
+ * authentication OK frame has been send or after it
+ * has been ACKed. In order to reduce interoperability
+ * issues, mark the STA authenticated before ACK. */
+ sta->flags |= WLAN_STA_AUTH;
+ kfree(sta->u.sta.challenge);
+ sta->u.sta.challenge = NULL;
+ }
+ break;
+ }
+
+ fail:
+ pos = (__le16 *) body;
+ *pos = cpu_to_le16(auth_alg);
+ pos++;
+ *pos = cpu_to_le16(auth_transaction + 1);
+ pos++;
+ *pos = cpu_to_le16(resp); /* status_code */
+ pos++;
+ olen = 6;
+
+ if (resp == WLAN_STATUS_SUCCESS && sta != NULL &&
+ sta->u.sta.challenge != NULL &&
+ auth_alg == WLAN_AUTH_SHARED_KEY && auth_transaction == 1) {
+ u8 *tmp = (u8 *) pos;
+ *tmp++ = WLAN_EID_CHALLENGE;
+ *tmp++ = WLAN_AUTH_CHALLENGE_LEN;
+ pos++;
+ memcpy(pos, sta->u.sta.challenge, WLAN_AUTH_CHALLENGE_LEN);
+ olen += 2 + WLAN_AUTH_CHALLENGE_LEN;
+ }
+
+ prism2_send_mgmt(dev, IEEE80211_FTYPE_MGMT | IEEE80211_STYPE_AUTH,
+ body, olen, hdr->addr2, ap->tx_callback_auth);
+
+ if (sta) {
+ sta->last_rx = jiffies;
+ atomic_dec(&sta->users);
+ }
+
+ if (resp) {
+ PDEBUG(DEBUG_AP, "%s: %pM auth (alg=%d "
+ "trans#=%d stat=%d len=%d fc=%04x) ==> %d (%s)\n",
+ dev->name, hdr->addr2,
+ auth_alg, auth_transaction, status_code, len,
+ le16_to_cpu(hdr->frame_control), resp, txt);
+ }
+}
+
+
+/* Called only as a scheduled task for pending AP frames. */
+static void handle_assoc(local_info_t *local, struct sk_buff *skb,
+ struct hostap_80211_rx_status *rx_stats, int reassoc)
+{
+ struct net_device *dev = local->dev;
+ struct ieee80211_hdr *hdr = (struct ieee80211_hdr *) skb->data;
+ char body[12], *p, *lpos;
+ int len, left;
+ __le16 *pos;
+ u16 resp = WLAN_STATUS_SUCCESS;
+ struct sta_info *sta = NULL;
+ int send_deauth = 0;
+ char __always_unused *txt = "";
+ u8 prev_ap[ETH_ALEN];
+
+ left = len = skb->len - IEEE80211_MGMT_HDR_LEN;
+
+ if (len < (reassoc ? 10 : 4)) {
+ PDEBUG(DEBUG_AP, "%s: handle_assoc - too short payload "
+ "(len=%d, reassoc=%d) from %pM\n",
+ dev->name, len, reassoc, hdr->addr2);
+ return;
+ }
+
+ spin_lock_bh(&local->ap->sta_table_lock);
+ sta = ap_get_sta(local->ap, hdr->addr2);
+ if (sta == NULL || (sta->flags & WLAN_STA_AUTH) == 0) {
+ spin_unlock_bh(&local->ap->sta_table_lock);
+ txt = "trying to associate before authentication";
+ send_deauth = 1;
+ resp = WLAN_STATUS_UNSPECIFIED_FAILURE;
+ sta = NULL; /* do not decrement sta->users */
+ goto fail;
+ }
+ atomic_inc(&sta->users);
+ spin_unlock_bh(&local->ap->sta_table_lock);
+
+ pos = (__le16 *) (skb->data + IEEE80211_MGMT_HDR_LEN);
+ sta->capability = __le16_to_cpu(*pos);
+ pos++; left -= 2;
+ sta->listen_interval = __le16_to_cpu(*pos);
+ pos++; left -= 2;
+
+ if (reassoc) {
+ memcpy(prev_ap, pos, ETH_ALEN);
+ pos++; pos++; pos++; left -= 6;
+ } else
+ eth_zero_addr(prev_ap);
+
+ if (left >= 2) {
+ unsigned int ileft;
+ unsigned char *u = (unsigned char *) pos;
+
+ if (*u == WLAN_EID_SSID) {
+ u++; left--;
+ ileft = *u;
+ u++; left--;
+
+ if (ileft > left || ileft > MAX_SSID_LEN) {
+ txt = "SSID overflow";
+ resp = WLAN_STATUS_UNSPECIFIED_FAILURE;
+ goto fail;
+ }
+
+ if (ileft != strlen(local->essid) ||
+ memcmp(local->essid, u, ileft) != 0) {
+ txt = "not our SSID";
+ resp = WLAN_STATUS_ASSOC_DENIED_UNSPEC;
+ goto fail;
+ }
+
+ u += ileft;
+ left -= ileft;
+ }
+
+ if (left >= 2 && *u == WLAN_EID_SUPP_RATES) {
+ u++; left--;
+ ileft = *u;
+ u++; left--;
+
+ if (ileft > left || ileft == 0 ||
+ ileft > WLAN_SUPP_RATES_MAX) {
+ txt = "SUPP_RATES len error";
+ resp = WLAN_STATUS_UNSPECIFIED_FAILURE;
+ goto fail;
+ }
+
+ memset(sta->supported_rates, 0,
+ sizeof(sta->supported_rates));
+ memcpy(sta->supported_rates, u, ileft);
+ prism2_check_tx_rates(sta);
+
+ u += ileft;
+ left -= ileft;
+ }
+
+ if (left > 0) {
+ PDEBUG(DEBUG_AP, "%s: assoc from %pM"
+ " with extra data (%d bytes) [",
+ dev->name, hdr->addr2, left);
+ while (left > 0) {
+ PDEBUG2(DEBUG_AP, "<%02x>", *u);
+ u++; left--;
+ }
+ PDEBUG2(DEBUG_AP, "]\n");
+ }
+ } else {
+ txt = "frame underflow";
+ resp = WLAN_STATUS_UNSPECIFIED_FAILURE;
+ goto fail;
+ }
+
+ /* get a unique AID */
+ if (sta->aid > 0)
+ txt = "OK, old AID";
+ else {
+ spin_lock_bh(&local->ap->sta_table_lock);
+ for (sta->aid = 1; sta->aid <= MAX_AID_TABLE_SIZE; sta->aid++)
+ if (local->ap->sta_aid[sta->aid - 1] == NULL)
+ break;
+ if (sta->aid > MAX_AID_TABLE_SIZE) {
+ sta->aid = 0;
+ spin_unlock_bh(&local->ap->sta_table_lock);
+ resp = WLAN_STATUS_AP_UNABLE_TO_HANDLE_NEW_STA;
+ txt = "no room for more AIDs";
+ } else {
+ local->ap->sta_aid[sta->aid - 1] = sta;
+ spin_unlock_bh(&local->ap->sta_table_lock);
+ txt = "OK, new AID";
+ }
+ }
+
+ fail:
+ pos = (__le16 *) body;
+
+ if (send_deauth) {
+ *pos = cpu_to_le16(WLAN_REASON_STA_REQ_ASSOC_WITHOUT_AUTH);
+ pos++;
+ } else {
+ /* FIX: CF-Pollable and CF-PollReq should be set to match the
+ * values in beacons/probe responses */
+ /* FIX: how about privacy and WEP? */
+ /* capability */
+ *pos = cpu_to_le16(WLAN_CAPABILITY_ESS);
+ pos++;
+
+ /* status_code */
+ *pos = cpu_to_le16(resp);
+ pos++;
+
+ *pos = cpu_to_le16((sta && sta->aid > 0 ? sta->aid : 0) |
+ BIT(14) | BIT(15)); /* AID */
+ pos++;
+
+ /* Supported rates (Information element) */
+ p = (char *) pos;
+ *p++ = WLAN_EID_SUPP_RATES;
+ lpos = p;
+ *p++ = 0; /* len */
+ if (local->tx_rate_control & WLAN_RATE_1M) {
+ *p++ = local->basic_rates & WLAN_RATE_1M ? 0x82 : 0x02;
+ (*lpos)++;
+ }
+ if (local->tx_rate_control & WLAN_RATE_2M) {
+ *p++ = local->basic_rates & WLAN_RATE_2M ? 0x84 : 0x04;
+ (*lpos)++;
+ }
+ if (local->tx_rate_control & WLAN_RATE_5M5) {
+ *p++ = local->basic_rates & WLAN_RATE_5M5 ?
+ 0x8b : 0x0b;
+ (*lpos)++;
+ }
+ if (local->tx_rate_control & WLAN_RATE_11M) {
+ *p++ = local->basic_rates & WLAN_RATE_11M ?
+ 0x96 : 0x16;
+ (*lpos)++;
+ }
+ pos = (__le16 *) p;
+ }
+
+ prism2_send_mgmt(dev, IEEE80211_FTYPE_MGMT |
+ (send_deauth ? IEEE80211_STYPE_DEAUTH :
+ (reassoc ? IEEE80211_STYPE_REASSOC_RESP :
+ IEEE80211_STYPE_ASSOC_RESP)),
+ body, (u8 *) pos - (u8 *) body,
+ hdr->addr2,
+ send_deauth ? 0 : local->ap->tx_callback_assoc);
+
+ if (sta) {
+ if (resp == WLAN_STATUS_SUCCESS) {
+ sta->last_rx = jiffies;
+ /* STA will be marked associated from TX callback, if
+ * AssocResp is ACKed */
+ }
+ atomic_dec(&sta->users);
+ }
+
+#if 0
+ PDEBUG(DEBUG_AP, "%s: %pM %sassoc (len=%d "
+ "prev_ap=%pM) => %d(%d) (%s)\n",
+ dev->name,
+ hdr->addr2,
+ reassoc ? "re" : "", len,
+ prev_ap,
+ resp, send_deauth, txt);
+#endif
+}
+
+
+/* Called only as a scheduled task for pending AP frames. */
+static void handle_deauth(local_info_t *local, struct sk_buff *skb,
+ struct hostap_80211_rx_status *rx_stats)
+{
+ struct net_device *dev = local->dev;
+ struct ieee80211_hdr *hdr = (struct ieee80211_hdr *) skb->data;
+ char *body = (char *) (skb->data + IEEE80211_MGMT_HDR_LEN);
+ int len;
+ u16 reason_code;
+ __le16 *pos;
+ struct sta_info *sta = NULL;
+
+ len = skb->len - IEEE80211_MGMT_HDR_LEN;
+
+ if (len < 2) {
+ printk("handle_deauth - too short payload (len=%d)\n", len);
+ return;
+ }
+
+ pos = (__le16 *) body;
+ reason_code = le16_to_cpu(*pos);
+
+ PDEBUG(DEBUG_AP, "%s: deauthentication: %pM len=%d, "
+ "reason_code=%d\n", dev->name, hdr->addr2,
+ len, reason_code);
+
+ spin_lock_bh(&local->ap->sta_table_lock);
+ sta = ap_get_sta(local->ap, hdr->addr2);
+ if (sta != NULL) {
+ if ((sta->flags & WLAN_STA_ASSOC) && !sta->ap)
+ hostap_event_expired_sta(local->dev, sta);
+ sta->flags &= ~(WLAN_STA_AUTH | WLAN_STA_ASSOC);
+ }
+ spin_unlock_bh(&local->ap->sta_table_lock);
+ if (sta == NULL) {
+ printk("%s: deauthentication from %pM, "
+ "reason_code=%d, but STA not authenticated\n", dev->name,
+ hdr->addr2, reason_code);
+ }
+}
+
+
+/* Called only as a scheduled task for pending AP frames. */
+static void handle_disassoc(local_info_t *local, struct sk_buff *skb,
+ struct hostap_80211_rx_status *rx_stats)
+{
+ struct net_device *dev = local->dev;
+ struct ieee80211_hdr *hdr = (struct ieee80211_hdr *) skb->data;
+ char *body = skb->data + IEEE80211_MGMT_HDR_LEN;
+ int len;
+ u16 reason_code;
+ __le16 *pos;
+ struct sta_info *sta = NULL;
+
+ len = skb->len - IEEE80211_MGMT_HDR_LEN;
+
+ if (len < 2) {
+ printk("handle_disassoc - too short payload (len=%d)\n", len);
+ return;
+ }
+
+ pos = (__le16 *) body;
+ reason_code = le16_to_cpu(*pos);
+
+ PDEBUG(DEBUG_AP, "%s: disassociation: %pM len=%d, "
+ "reason_code=%d\n", dev->name, hdr->addr2,
+ len, reason_code);
+
+ spin_lock_bh(&local->ap->sta_table_lock);
+ sta = ap_get_sta(local->ap, hdr->addr2);
+ if (sta != NULL) {
+ if ((sta->flags & WLAN_STA_ASSOC) && !sta->ap)
+ hostap_event_expired_sta(local->dev, sta);
+ sta->flags &= ~WLAN_STA_ASSOC;
+ }
+ spin_unlock_bh(&local->ap->sta_table_lock);
+ if (sta == NULL) {
+ printk("%s: disassociation from %pM, "
+ "reason_code=%d, but STA not authenticated\n",
+ dev->name, hdr->addr2, reason_code);
+ }
+}
+
+
+/* Called only as a scheduled task for pending AP frames. */
+static void ap_handle_data_nullfunc(local_info_t *local,
+ struct ieee80211_hdr *hdr)
+{
+ struct net_device *dev = local->dev;
+
+ /* some STA f/w's seem to require control::ACK frame for
+ * data::nullfunc, but at least Prism2 station f/w version 0.8.0 does
+ * not send this..
+ * send control::ACK for the data::nullfunc */
+
+ printk(KERN_DEBUG "Sending control::ACK for data::nullfunc\n");
+ prism2_send_mgmt(dev, IEEE80211_FTYPE_CTL | IEEE80211_STYPE_ACK,
+ NULL, 0, hdr->addr2, 0);
+}
+
+
+/* Called only as a scheduled task for pending AP frames. */
+static void ap_handle_dropped_data(local_info_t *local,
+ struct ieee80211_hdr *hdr)
+{
+ struct net_device *dev = local->dev;
+ struct sta_info *sta;
+ __le16 reason;
+
+ spin_lock_bh(&local->ap->sta_table_lock);
+ sta = ap_get_sta(local->ap, hdr->addr2);
+ if (sta)
+ atomic_inc(&sta->users);
+ spin_unlock_bh(&local->ap->sta_table_lock);
+
+ if (sta != NULL && (sta->flags & WLAN_STA_ASSOC)) {
+ PDEBUG(DEBUG_AP, "ap_handle_dropped_data: STA is now okay?\n");
+ atomic_dec(&sta->users);
+ return;
+ }
+
+ reason = cpu_to_le16(WLAN_REASON_CLASS3_FRAME_FROM_NONASSOC_STA);
+ prism2_send_mgmt(dev, IEEE80211_FTYPE_MGMT |
+ ((sta == NULL || !(sta->flags & WLAN_STA_ASSOC)) ?
+ IEEE80211_STYPE_DEAUTH : IEEE80211_STYPE_DISASSOC),
+ (char *) &reason, sizeof(reason), hdr->addr2, 0);
+
+ if (sta)
+ atomic_dec(&sta->users);
+}
+
+#endif /* PRISM2_NO_KERNEL_IEEE80211_MGMT */
+
+
+/* Called only as a scheduled task for pending AP frames. */
+static void pspoll_send_buffered(local_info_t *local, struct sta_info *sta,
+ struct sk_buff *skb)
+{
+ struct hostap_skb_tx_data *meta;
+
+ if (!(sta->flags & WLAN_STA_PS)) {
+ /* Station has moved to non-PS mode, so send all buffered
+ * frames using normal device queue. */
+ dev_queue_xmit(skb);
+ return;
+ }
+
+ /* add a flag for hostap_handle_sta_tx() to know that this skb should
+ * be passed through even though STA is using PS */
+ meta = (struct hostap_skb_tx_data *) skb->cb;
+ meta->flags |= HOSTAP_TX_FLAGS_BUFFERED_FRAME;
+ if (!skb_queue_empty(&sta->tx_buf)) {
+ /* indicate to STA that more frames follow */
+ meta->flags |= HOSTAP_TX_FLAGS_ADD_MOREDATA;
+ }
+ dev_queue_xmit(skb);
+}
+
+
+/* Called only as a scheduled task for pending AP frames. */
+static void handle_pspoll(local_info_t *local,
+ struct ieee80211_hdr *hdr,
+ struct hostap_80211_rx_status *rx_stats)
+{
+ struct net_device *dev = local->dev;
+ struct sta_info *sta;
+ u16 aid;
+ struct sk_buff *skb;
+
+ PDEBUG(DEBUG_PS2, "handle_pspoll: BSSID=%pM, TA=%pM PWRMGT=%d\n",
+ hdr->addr1, hdr->addr2, !!ieee80211_has_pm(hdr->frame_control));
+
+ if (!ether_addr_equal(hdr->addr1, dev->dev_addr)) {
+ PDEBUG(DEBUG_AP,
+ "handle_pspoll - addr1(BSSID)=%pM not own MAC\n",
+ hdr->addr1);
+ return;
+ }
+
+ aid = le16_to_cpu(hdr->duration_id);
+ if ((aid & (BIT(15) | BIT(14))) != (BIT(15) | BIT(14))) {
+ PDEBUG(DEBUG_PS, " PSPOLL and AID[15:14] not set\n");
+ return;
+ }
+ aid &= ~(BIT(15) | BIT(14));
+ if (aid == 0 || aid > MAX_AID_TABLE_SIZE) {
+ PDEBUG(DEBUG_PS, " invalid aid=%d\n", aid);
+ return;
+ }
+ PDEBUG(DEBUG_PS2, " aid=%d\n", aid);
+
+ spin_lock_bh(&local->ap->sta_table_lock);
+ sta = ap_get_sta(local->ap, hdr->addr2);
+ if (sta)
+ atomic_inc(&sta->users);
+ spin_unlock_bh(&local->ap->sta_table_lock);
+
+ if (sta == NULL) {
+ PDEBUG(DEBUG_PS, " STA not found\n");
+ return;
+ }
+ if (sta->aid != aid) {
+ PDEBUG(DEBUG_PS, " received aid=%i does not match with "
+ "assoc.aid=%d\n", aid, sta->aid);
+ return;
+ }
+
+ /* FIX: todo:
+ * - add timeout for buffering (clear aid in TIM vector if buffer timed
+ * out (expiry time must be longer than ListenInterval for
+ * the corresponding STA; "8802-11: 11.2.1.9 AP aging function"
+ * - what to do, if buffered, pspolled, and sent frame is not ACKed by
+ * sta; store buffer for later use and leave TIM aid bit set? use
+ * TX event to check whether frame was ACKed?
+ */
+
+ while ((skb = skb_dequeue(&sta->tx_buf)) != NULL) {
+ /* send buffered frame .. */
+ PDEBUG(DEBUG_PS2, "Sending buffered frame to STA after PS POLL"
+ " (buffer_count=%d)\n", skb_queue_len(&sta->tx_buf));
+
+ pspoll_send_buffered(local, sta, skb);
+
+ if (sta->flags & WLAN_STA_PS) {
+ /* send only one buffered packet per PS Poll */
+ /* FIX: should ignore further PS Polls until the
+ * buffered packet that was just sent is acknowledged
+ * (Tx or TxExc event) */
+ break;
+ }
+ }
+
+ if (skb_queue_empty(&sta->tx_buf)) {
+ /* try to clear aid from TIM */
+ if (!(sta->flags & WLAN_STA_TIM))
+ PDEBUG(DEBUG_PS2, "Re-unsetting TIM for aid %d\n",
+ aid);
+ hostap_set_tim(local, aid, 0);
+ sta->flags &= ~WLAN_STA_TIM;
+ }
+
+ atomic_dec(&sta->users);
+}
+
+
+#ifndef PRISM2_NO_KERNEL_IEEE80211_MGMT
+
+static void handle_wds_oper_queue(struct work_struct *work)
+{
+ struct ap_data *ap = container_of(work, struct ap_data,
+ wds_oper_queue);
+ local_info_t *local = ap->local;
+ struct wds_oper_data *entry, *prev;
+
+ spin_lock_bh(&local->lock);
+ entry = local->ap->wds_oper_entries;
+ local->ap->wds_oper_entries = NULL;
+ spin_unlock_bh(&local->lock);
+
+ while (entry) {
+ PDEBUG(DEBUG_AP, "%s: %s automatic WDS connection "
+ "to AP %pM\n",
+ local->dev->name,
+ entry->type == WDS_ADD ? "adding" : "removing",
+ entry->addr);
+ if (entry->type == WDS_ADD)
+ prism2_wds_add(local, entry->addr, 0);
+ else if (entry->type == WDS_DEL)
+ prism2_wds_del(local, entry->addr, 0, 1);
+
+ prev = entry;
+ entry = entry->next;
+ kfree(prev);
+ }
+}
+
+
+/* Called only as a scheduled task for pending AP frames. */
+static void handle_beacon(local_info_t *local, struct sk_buff *skb,
+ struct hostap_80211_rx_status *rx_stats)
+{
+ struct ieee80211_hdr *hdr = (struct ieee80211_hdr *) skb->data;
+ char *body = skb->data + IEEE80211_MGMT_HDR_LEN;
+ int len, left;
+ u16 beacon_int, capability;
+ __le16 *pos;
+ char *ssid = NULL;
+ unsigned char *supp_rates = NULL;
+ int ssid_len = 0, supp_rates_len = 0;
+ struct sta_info *sta = NULL;
+ int new_sta = 0, channel = -1;
+
+ len = skb->len - IEEE80211_MGMT_HDR_LEN;
+
+ if (len < 8 + 2 + 2) {
+ printk(KERN_DEBUG "handle_beacon - too short payload "
+ "(len=%d)\n", len);
+ return;
+ }
+
+ pos = (__le16 *) body;
+ left = len;
+
+ /* Timestamp (8 octets) */
+ pos += 4; left -= 8;
+ /* Beacon interval (2 octets) */
+ beacon_int = le16_to_cpu(*pos);
+ pos++; left -= 2;
+ /* Capability information (2 octets) */
+ capability = le16_to_cpu(*pos);
+ pos++; left -= 2;
+
+ if (local->ap->ap_policy != AP_OTHER_AP_EVEN_IBSS &&
+ capability & WLAN_CAPABILITY_IBSS)
+ return;
+
+ if (left >= 2) {
+ unsigned int ileft;
+ unsigned char *u = (unsigned char *) pos;
+
+ if (*u == WLAN_EID_SSID) {
+ u++; left--;
+ ileft = *u;
+ u++; left--;
+
+ if (ileft > left || ileft > MAX_SSID_LEN) {
+ PDEBUG(DEBUG_AP, "SSID: overflow\n");
+ return;
+ }
+
+ if (local->ap->ap_policy == AP_OTHER_AP_SAME_SSID &&
+ (ileft != strlen(local->essid) ||
+ memcmp(local->essid, u, ileft) != 0)) {
+ /* not our SSID */
+ return;
+ }
+
+ ssid = u;
+ ssid_len = ileft;
+
+ u += ileft;
+ left -= ileft;
+ }
+
+ if (*u == WLAN_EID_SUPP_RATES) {
+ u++; left--;
+ ileft = *u;
+ u++; left--;
+
+ if (ileft > left || ileft == 0 || ileft > 8) {
+ PDEBUG(DEBUG_AP, " - SUPP_RATES len error\n");
+ return;
+ }
+
+ supp_rates = u;
+ supp_rates_len = ileft;
+
+ u += ileft;
+ left -= ileft;
+ }
+
+ if (*u == WLAN_EID_DS_PARAMS) {
+ u++; left--;
+ ileft = *u;
+ u++; left--;
+
+ if (ileft > left || ileft != 1) {
+ PDEBUG(DEBUG_AP, " - DS_PARAMS len error\n");
+ return;
+ }
+
+ channel = *u;
+
+ u += ileft;
+ left -= ileft;
+ }
+ }
+
+ spin_lock_bh(&local->ap->sta_table_lock);
+ sta = ap_get_sta(local->ap, hdr->addr2);
+ if (sta != NULL)
+ atomic_inc(&sta->users);
+ spin_unlock_bh(&local->ap->sta_table_lock);
+
+ if (sta == NULL) {
+ /* add new AP */
+ new_sta = 1;
+ sta = ap_add_sta(local->ap, hdr->addr2);
+ if (sta == NULL) {
+ printk(KERN_INFO "prism2: kmalloc failed for AP "
+ "data structure\n");
+ return;
+ }
+ hostap_event_new_sta(local->dev, sta);
+
+ /* mark APs authentication and associated for pseudo ad-hoc
+ * style communication */
+ sta->flags = WLAN_STA_AUTH | WLAN_STA_ASSOC;
+
+ if (local->ap->autom_ap_wds) {
+ hostap_wds_link_oper(local, sta->addr, WDS_ADD);
+ }
+ }
+
+ sta->ap = 1;
+ if (ssid) {
+ sta->u.ap.ssid_len = ssid_len;
+ memcpy(sta->u.ap.ssid, ssid, ssid_len);
+ sta->u.ap.ssid[ssid_len] = '\0';
+ } else {
+ sta->u.ap.ssid_len = 0;
+ sta->u.ap.ssid[0] = '\0';
+ }
+ sta->u.ap.channel = channel;
+ sta->rx_packets++;
+ sta->rx_bytes += len;
+ sta->u.ap.last_beacon = sta->last_rx = jiffies;
+ sta->capability = capability;
+ sta->listen_interval = beacon_int;
+
+ atomic_dec(&sta->users);
+
+ if (new_sta) {
+ memset(sta->supported_rates, 0, sizeof(sta->supported_rates));
+ memcpy(sta->supported_rates, supp_rates, supp_rates_len);
+ prism2_check_tx_rates(sta);
+ }
+}
+
+#endif /* PRISM2_NO_KERNEL_IEEE80211_MGMT */
+
+
+/* Called only as a tasklet. */
+static void handle_ap_item(local_info_t *local, struct sk_buff *skb,
+ struct hostap_80211_rx_status *rx_stats)
+{
+#ifndef PRISM2_NO_KERNEL_IEEE80211_MGMT
+ struct net_device *dev = local->dev;
+#endif /* PRISM2_NO_KERNEL_IEEE80211_MGMT */
+ u16 fc, type, stype;
+ struct ieee80211_hdr *hdr;
+
+ /* FIX: should give skb->len to handler functions and check that the
+ * buffer is long enough */
+ hdr = (struct ieee80211_hdr *) skb->data;
+ fc = le16_to_cpu(hdr->frame_control);
+ type = fc & IEEE80211_FCTL_FTYPE;
+ stype = fc & IEEE80211_FCTL_STYPE;
+
+#ifndef PRISM2_NO_KERNEL_IEEE80211_MGMT
+ if (!local->hostapd && type == IEEE80211_FTYPE_DATA) {
+ PDEBUG(DEBUG_AP, "handle_ap_item - data frame\n");
+
+ if (!(fc & IEEE80211_FCTL_TODS) ||
+ (fc & IEEE80211_FCTL_FROMDS)) {
+ if (stype == IEEE80211_STYPE_NULLFUNC) {
+ /* no ToDS nullfunc seems to be used to check
+ * AP association; so send reject message to
+ * speed up re-association */
+ ap_handle_dropped_data(local, hdr);
+ goto done;
+ }
+ PDEBUG(DEBUG_AP, " not ToDS frame (fc=0x%04x)\n",
+ fc);
+ goto done;
+ }
+
+ if (!ether_addr_equal(hdr->addr1, dev->dev_addr)) {
+ PDEBUG(DEBUG_AP, "handle_ap_item - addr1(BSSID)=%pM"
+ " not own MAC\n", hdr->addr1);
+ goto done;
+ }
+
+ if (local->ap->nullfunc_ack &&
+ stype == IEEE80211_STYPE_NULLFUNC)
+ ap_handle_data_nullfunc(local, hdr);
+ else
+ ap_handle_dropped_data(local, hdr);
+ goto done;
+ }
+
+ if (type == IEEE80211_FTYPE_MGMT && stype == IEEE80211_STYPE_BEACON) {
+ handle_beacon(local, skb, rx_stats);
+ goto done;
+ }
+#endif /* PRISM2_NO_KERNEL_IEEE80211_MGMT */
+
+ if (type == IEEE80211_FTYPE_CTL && stype == IEEE80211_STYPE_PSPOLL) {
+ handle_pspoll(local, hdr, rx_stats);
+ goto done;
+ }
+
+ if (local->hostapd) {
+ PDEBUG(DEBUG_AP, "Unknown frame in AP queue: type=0x%02x "
+ "subtype=0x%02x\n", type, stype);
+ goto done;
+ }
+
+#ifndef PRISM2_NO_KERNEL_IEEE80211_MGMT
+ if (type != IEEE80211_FTYPE_MGMT) {
+ PDEBUG(DEBUG_AP, "handle_ap_item - not a management frame?\n");
+ goto done;
+ }
+
+ if (!ether_addr_equal(hdr->addr1, dev->dev_addr)) {
+ PDEBUG(DEBUG_AP, "handle_ap_item - addr1(DA)=%pM"
+ " not own MAC\n", hdr->addr1);
+ goto done;
+ }
+
+ if (!ether_addr_equal(hdr->addr3, dev->dev_addr)) {
+ PDEBUG(DEBUG_AP, "handle_ap_item - addr3(BSSID)=%pM"
+ " not own MAC\n", hdr->addr3);
+ goto done;
+ }
+
+ switch (stype) {
+ case IEEE80211_STYPE_ASSOC_REQ:
+ handle_assoc(local, skb, rx_stats, 0);
+ break;
+ case IEEE80211_STYPE_ASSOC_RESP:
+ PDEBUG(DEBUG_AP, "==> ASSOC RESP (ignored)\n");
+ break;
+ case IEEE80211_STYPE_REASSOC_REQ:
+ handle_assoc(local, skb, rx_stats, 1);
+ break;
+ case IEEE80211_STYPE_REASSOC_RESP:
+ PDEBUG(DEBUG_AP, "==> REASSOC RESP (ignored)\n");
+ break;
+ case IEEE80211_STYPE_ATIM:
+ PDEBUG(DEBUG_AP, "==> ATIM (ignored)\n");
+ break;
+ case IEEE80211_STYPE_DISASSOC:
+ handle_disassoc(local, skb, rx_stats);
+ break;
+ case IEEE80211_STYPE_AUTH:
+ handle_authen(local, skb, rx_stats);
+ break;
+ case IEEE80211_STYPE_DEAUTH:
+ handle_deauth(local, skb, rx_stats);
+ break;
+ default:
+ PDEBUG(DEBUG_AP, "Unknown mgmt frame subtype 0x%02x\n",
+ stype >> 4);
+ break;
+ }
+#endif /* PRISM2_NO_KERNEL_IEEE80211_MGMT */
+
+ done:
+ dev_kfree_skb(skb);
+}
+
+
+/* Called only as a tasklet (software IRQ) */
+void hostap_rx(struct net_device *dev, struct sk_buff *skb,
+ struct hostap_80211_rx_status *rx_stats)
+{
+ struct hostap_interface *iface;
+ local_info_t *local;
+ struct ieee80211_hdr *hdr;
+
+ iface = netdev_priv(dev);
+ local = iface->local;
+
+ if (skb->len < 16)
+ goto drop;
+
+ dev->stats.rx_packets++;
+
+ hdr = (struct ieee80211_hdr *) skb->data;
+
+ if (local->ap->ap_policy == AP_OTHER_AP_SKIP_ALL &&
+ ieee80211_is_beacon(hdr->frame_control))
+ goto drop;
+
+ skb->protocol = cpu_to_be16(ETH_P_HOSTAP);
+ handle_ap_item(local, skb, rx_stats);
+ return;
+
+ drop:
+ dev_kfree_skb(skb);
+}
+
+
+/* Called only as a tasklet (software IRQ) */
+static void schedule_packet_send(local_info_t *local, struct sta_info *sta)
+{
+ struct sk_buff *skb;
+ struct ieee80211_hdr *hdr;
+ struct hostap_80211_rx_status rx_stats;
+
+ if (skb_queue_empty(&sta->tx_buf))
+ return;
+
+ skb = dev_alloc_skb(16);
+ if (skb == NULL) {
+ printk(KERN_DEBUG "%s: schedule_packet_send: skb alloc "
+ "failed\n", local->dev->name);
+ return;
+ }
+
+ hdr = skb_put(skb, 16);
+
+ /* Generate a fake pspoll frame to start packet delivery */
+ hdr->frame_control = cpu_to_le16(
+ IEEE80211_FTYPE_CTL | IEEE80211_STYPE_PSPOLL);
+ memcpy(hdr->addr1, local->dev->dev_addr, ETH_ALEN);
+ memcpy(hdr->addr2, sta->addr, ETH_ALEN);
+ hdr->duration_id = cpu_to_le16(sta->aid | BIT(15) | BIT(14));
+
+ PDEBUG(DEBUG_PS2,
+ "%s: Scheduling buffered packet delivery for STA %pM\n",
+ local->dev->name, sta->addr);
+
+ skb->dev = local->dev;
+
+ memset(&rx_stats, 0, sizeof(rx_stats));
+ hostap_rx(local->dev, skb, &rx_stats);
+}
+
+
+int prism2_ap_get_sta_qual(local_info_t *local, struct sockaddr addr[],
+ struct iw_quality qual[], int buf_size,
+ int aplist)
+{
+ struct ap_data *ap = local->ap;
+ struct list_head *ptr;
+ int count = 0;
+
+ spin_lock_bh(&ap->sta_table_lock);
+
+ for (ptr = ap->sta_list.next; ptr != NULL && ptr != &ap->sta_list;
+ ptr = ptr->next) {
+ struct sta_info *sta = (struct sta_info *) ptr;
+
+ if (aplist && !sta->ap)
+ continue;
+ addr[count].sa_family = ARPHRD_ETHER;
+ memcpy(addr[count].sa_data, sta->addr, ETH_ALEN);
+ if (sta->last_rx_silence == 0)
+ qual[count].qual = sta->last_rx_signal < 27 ?
+ 0 : (sta->last_rx_signal - 27) * 92 / 127;
+ else
+ qual[count].qual = sta->last_rx_signal -
+ sta->last_rx_silence - 35;
+ qual[count].level = HFA384X_LEVEL_TO_dBm(sta->last_rx_signal);
+ qual[count].noise = HFA384X_LEVEL_TO_dBm(sta->last_rx_silence);
+ qual[count].updated = sta->last_rx_updated;
+
+ sta->last_rx_updated = IW_QUAL_DBM;
+
+ count++;
+ if (count >= buf_size)
+ break;
+ }
+ spin_unlock_bh(&ap->sta_table_lock);
+
+ return count;
+}
+
+
+/* Translate our list of Access Points & Stations to a card independent
+ * format that the Wireless Tools will understand - Jean II */
+int prism2_ap_translate_scan(struct net_device *dev,
+ struct iw_request_info *info, char *buffer)
+{
+ struct hostap_interface *iface;
+ local_info_t *local;
+ struct ap_data *ap;
+ struct list_head *ptr;
+ struct iw_event iwe;
+ char *current_ev = buffer;
+ char *end_buf = buffer + IW_SCAN_MAX_DATA;
+#if !defined(PRISM2_NO_KERNEL_IEEE80211_MGMT)
+ char buf[64];
+#endif
+
+ iface = netdev_priv(dev);
+ local = iface->local;
+ ap = local->ap;
+
+ spin_lock_bh(&ap->sta_table_lock);
+
+ for (ptr = ap->sta_list.next; ptr != NULL && ptr != &ap->sta_list;
+ ptr = ptr->next) {
+ struct sta_info *sta = (struct sta_info *) ptr;
+
+ /* First entry *MUST* be the AP MAC address */
+ memset(&iwe, 0, sizeof(iwe));
+ iwe.cmd = SIOCGIWAP;
+ iwe.u.ap_addr.sa_family = ARPHRD_ETHER;
+ memcpy(iwe.u.ap_addr.sa_data, sta->addr, ETH_ALEN);
+ iwe.len = IW_EV_ADDR_LEN;
+ current_ev = iwe_stream_add_event(info, current_ev, end_buf,
+ &iwe, IW_EV_ADDR_LEN);
+
+ /* Use the mode to indicate if it's a station or
+ * an Access Point */
+ memset(&iwe, 0, sizeof(iwe));
+ iwe.cmd = SIOCGIWMODE;
+ if (sta->ap)
+ iwe.u.mode = IW_MODE_MASTER;
+ else
+ iwe.u.mode = IW_MODE_INFRA;
+ iwe.len = IW_EV_UINT_LEN;
+ current_ev = iwe_stream_add_event(info, current_ev, end_buf,
+ &iwe, IW_EV_UINT_LEN);
+
+ /* Some quality */
+ memset(&iwe, 0, sizeof(iwe));
+ iwe.cmd = IWEVQUAL;
+ if (sta->last_rx_silence == 0)
+ iwe.u.qual.qual = sta->last_rx_signal < 27 ?
+ 0 : (sta->last_rx_signal - 27) * 92 / 127;
+ else
+ iwe.u.qual.qual = sta->last_rx_signal -
+ sta->last_rx_silence - 35;
+ iwe.u.qual.level = HFA384X_LEVEL_TO_dBm(sta->last_rx_signal);
+ iwe.u.qual.noise = HFA384X_LEVEL_TO_dBm(sta->last_rx_silence);
+ iwe.u.qual.updated = sta->last_rx_updated;
+ iwe.len = IW_EV_QUAL_LEN;
+ current_ev = iwe_stream_add_event(info, current_ev, end_buf,
+ &iwe, IW_EV_QUAL_LEN);
+
+#ifndef PRISM2_NO_KERNEL_IEEE80211_MGMT
+ if (sta->ap) {
+ memset(&iwe, 0, sizeof(iwe));
+ iwe.cmd = SIOCGIWESSID;
+ iwe.u.data.length = sta->u.ap.ssid_len;
+ iwe.u.data.flags = 1;
+ current_ev = iwe_stream_add_point(info, current_ev,
+ end_buf, &iwe,
+ sta->u.ap.ssid);
+
+ memset(&iwe, 0, sizeof(iwe));
+ iwe.cmd = SIOCGIWENCODE;
+ if (sta->capability & WLAN_CAPABILITY_PRIVACY)
+ iwe.u.data.flags =
+ IW_ENCODE_ENABLED | IW_ENCODE_NOKEY;
+ else
+ iwe.u.data.flags = IW_ENCODE_DISABLED;
+ current_ev = iwe_stream_add_point(info, current_ev,
+ end_buf, &iwe,
+ sta->u.ap.ssid);
+
+ if (sta->u.ap.channel > 0 &&
+ sta->u.ap.channel <= FREQ_COUNT) {
+ memset(&iwe, 0, sizeof(iwe));
+ iwe.cmd = SIOCGIWFREQ;
+ iwe.u.freq.m = freq_list[sta->u.ap.channel - 1]
+ * 100000;
+ iwe.u.freq.e = 1;
+ current_ev = iwe_stream_add_event(
+ info, current_ev, end_buf, &iwe,
+ IW_EV_FREQ_LEN);
+ }
+
+ memset(&iwe, 0, sizeof(iwe));
+ iwe.cmd = IWEVCUSTOM;
+ sprintf(buf, "beacon_interval=%d",
+ sta->listen_interval);
+ iwe.u.data.length = strlen(buf);
+ current_ev = iwe_stream_add_point(info, current_ev,
+ end_buf, &iwe, buf);
+ }
+#endif /* PRISM2_NO_KERNEL_IEEE80211_MGMT */
+
+ sta->last_rx_updated = IW_QUAL_DBM;
+
+ /* To be continued, we should make good use of IWEVCUSTOM */
+ }
+
+ spin_unlock_bh(&ap->sta_table_lock);
+
+ return current_ev - buffer;
+}
+
+
+static int prism2_hostapd_add_sta(struct ap_data *ap,
+ struct prism2_hostapd_param *param)
+{
+ struct sta_info *sta;
+
+ spin_lock_bh(&ap->sta_table_lock);
+ sta = ap_get_sta(ap, param->sta_addr);
+ if (sta)
+ atomic_inc(&sta->users);
+ spin_unlock_bh(&ap->sta_table_lock);
+
+ if (sta == NULL) {
+ sta = ap_add_sta(ap, param->sta_addr);
+ if (sta == NULL)
+ return -1;
+ }
+
+ if (!(sta->flags & WLAN_STA_ASSOC) && !sta->ap && sta->local)
+ hostap_event_new_sta(sta->local->dev, sta);
+
+ sta->flags |= WLAN_STA_AUTH | WLAN_STA_ASSOC;
+ sta->last_rx = jiffies;
+ sta->aid = param->u.add_sta.aid;
+ sta->capability = param->u.add_sta.capability;
+ sta->tx_supp_rates = param->u.add_sta.tx_supp_rates;
+ if (sta->tx_supp_rates & WLAN_RATE_1M)
+ sta->supported_rates[0] = 2;
+ if (sta->tx_supp_rates & WLAN_RATE_2M)
+ sta->supported_rates[1] = 4;
+ if (sta->tx_supp_rates & WLAN_RATE_5M5)
+ sta->supported_rates[2] = 11;
+ if (sta->tx_supp_rates & WLAN_RATE_11M)
+ sta->supported_rates[3] = 22;
+ prism2_check_tx_rates(sta);
+ atomic_dec(&sta->users);
+ return 0;
+}
+
+
+static int prism2_hostapd_remove_sta(struct ap_data *ap,
+ struct prism2_hostapd_param *param)
+{
+ struct sta_info *sta;
+
+ spin_lock_bh(&ap->sta_table_lock);
+ sta = ap_get_sta(ap, param->sta_addr);
+ if (sta) {
+ ap_sta_hash_del(ap, sta);
+ list_del(&sta->list);
+ }
+ spin_unlock_bh(&ap->sta_table_lock);
+
+ if (!sta)
+ return -ENOENT;
+
+ if ((sta->flags & WLAN_STA_ASSOC) && !sta->ap && sta->local)
+ hostap_event_expired_sta(sta->local->dev, sta);
+ ap_free_sta(ap, sta);
+
+ return 0;
+}
+
+
+static int prism2_hostapd_get_info_sta(struct ap_data *ap,
+ struct prism2_hostapd_param *param)
+{
+ struct sta_info *sta;
+
+ spin_lock_bh(&ap->sta_table_lock);
+ sta = ap_get_sta(ap, param->sta_addr);
+ if (sta)
+ atomic_inc(&sta->users);
+ spin_unlock_bh(&ap->sta_table_lock);
+
+ if (!sta)
+ return -ENOENT;
+
+ param->u.get_info_sta.inactive_sec = (jiffies - sta->last_rx) / HZ;
+
+ atomic_dec(&sta->users);
+
+ return 1;
+}
+
+
+static int prism2_hostapd_set_flags_sta(struct ap_data *ap,
+ struct prism2_hostapd_param *param)
+{
+ struct sta_info *sta;
+
+ spin_lock_bh(&ap->sta_table_lock);
+ sta = ap_get_sta(ap, param->sta_addr);
+ if (sta) {
+ sta->flags |= param->u.set_flags_sta.flags_or;
+ sta->flags &= param->u.set_flags_sta.flags_and;
+ }
+ spin_unlock_bh(&ap->sta_table_lock);
+
+ if (!sta)
+ return -ENOENT;
+
+ return 0;
+}
+
+
+static int prism2_hostapd_sta_clear_stats(struct ap_data *ap,
+ struct prism2_hostapd_param *param)
+{
+ struct sta_info *sta;
+ int rate;
+
+ spin_lock_bh(&ap->sta_table_lock);
+ sta = ap_get_sta(ap, param->sta_addr);
+ if (sta) {
+ sta->rx_packets = sta->tx_packets = 0;
+ sta->rx_bytes = sta->tx_bytes = 0;
+ for (rate = 0; rate < WLAN_RATE_COUNT; rate++) {
+ sta->tx_count[rate] = 0;
+ sta->rx_count[rate] = 0;
+ }
+ }
+ spin_unlock_bh(&ap->sta_table_lock);
+
+ if (!sta)
+ return -ENOENT;
+
+ return 0;
+}
+
+
+int prism2_hostapd(struct ap_data *ap, struct prism2_hostapd_param *param)
+{
+ switch (param->cmd) {
+ case PRISM2_HOSTAPD_FLUSH:
+ ap_control_kickall(ap);
+ return 0;
+ case PRISM2_HOSTAPD_ADD_STA:
+ return prism2_hostapd_add_sta(ap, param);
+ case PRISM2_HOSTAPD_REMOVE_STA:
+ return prism2_hostapd_remove_sta(ap, param);
+ case PRISM2_HOSTAPD_GET_INFO_STA:
+ return prism2_hostapd_get_info_sta(ap, param);
+ case PRISM2_HOSTAPD_SET_FLAGS_STA:
+ return prism2_hostapd_set_flags_sta(ap, param);
+ case PRISM2_HOSTAPD_STA_CLEAR_STATS:
+ return prism2_hostapd_sta_clear_stats(ap, param);
+ default:
+ printk(KERN_WARNING "prism2_hostapd: unknown cmd=%d\n",
+ param->cmd);
+ return -EOPNOTSUPP;
+ }
+}
+
+
+/* Update station info for host-based TX rate control and return current
+ * TX rate */
+static int ap_update_sta_tx_rate(struct sta_info *sta, struct net_device *dev)
+{
+ int ret = sta->tx_rate;
+ struct hostap_interface *iface;
+ local_info_t *local;
+
+ iface = netdev_priv(dev);
+ local = iface->local;
+
+ sta->tx_count[sta->tx_rate_idx]++;
+ sta->tx_since_last_failure++;
+ sta->tx_consecutive_exc = 0;
+ if (sta->tx_since_last_failure >= WLAN_RATE_UPDATE_COUNT &&
+ sta->tx_rate_idx < sta->tx_max_rate) {
+ /* use next higher rate */
+ int old_rate, new_rate;
+ old_rate = new_rate = sta->tx_rate_idx;
+ while (new_rate < sta->tx_max_rate) {
+ new_rate++;
+ if (ap_tx_rate_ok(new_rate, sta, local)) {
+ sta->tx_rate_idx = new_rate;
+ break;
+ }
+ }
+ if (old_rate != sta->tx_rate_idx) {
+ switch (sta->tx_rate_idx) {
+ case 0: sta->tx_rate = 10; break;
+ case 1: sta->tx_rate = 20; break;
+ case 2: sta->tx_rate = 55; break;
+ case 3: sta->tx_rate = 110; break;
+ default: sta->tx_rate = 0; break;
+ }
+ PDEBUG(DEBUG_AP, "%s: STA %pM TX rate raised to %d\n",
+ dev->name, sta->addr, sta->tx_rate);
+ }
+ sta->tx_since_last_failure = 0;
+ }
+
+ return ret;
+}
+
+
+/* Called only from software IRQ. Called for each TX frame prior possible
+ * encryption and transmit. */
+ap_tx_ret hostap_handle_sta_tx(local_info_t *local, struct hostap_tx_data *tx)
+{
+ struct sta_info *sta = NULL;
+ struct sk_buff *skb = tx->skb;
+ int set_tim, ret;
+ struct ieee80211_hdr *hdr;
+ struct hostap_skb_tx_data *meta;
+
+ meta = (struct hostap_skb_tx_data *) skb->cb;
+ ret = AP_TX_CONTINUE;
+ if (local->ap == NULL || skb->len < 10 ||
+ meta->iface->type == HOSTAP_INTERFACE_STA)
+ goto out;
+
+ hdr = (struct ieee80211_hdr *) skb->data;
+
+ if (hdr->addr1[0] & 0x01) {
+ /* broadcast/multicast frame - no AP related processing */
+ if (local->ap->num_sta <= 0)
+ ret = AP_TX_DROP;
+ goto out;
+ }
+
+ /* unicast packet - check whether destination STA is associated */
+ spin_lock(&local->ap->sta_table_lock);
+ sta = ap_get_sta(local->ap, hdr->addr1);
+ if (sta)
+ atomic_inc(&sta->users);
+ spin_unlock(&local->ap->sta_table_lock);
+
+ if (local->iw_mode == IW_MODE_MASTER && sta == NULL &&
+ !(meta->flags & HOSTAP_TX_FLAGS_WDS) &&
+ meta->iface->type != HOSTAP_INTERFACE_MASTER &&
+ meta->iface->type != HOSTAP_INTERFACE_AP) {
+#if 0
+ /* This can happen, e.g., when wlan0 is added to a bridge and
+ * bridging code does not know which port is the correct target
+ * for a unicast frame. In this case, the packet is send to all
+ * ports of the bridge. Since this is a valid scenario, do not
+ * print out any errors here. */
+ if (net_ratelimit()) {
+ printk(KERN_DEBUG "AP: drop packet to non-associated "
+ "STA %pM\n", hdr->addr1);
+ }
+#endif
+ local->ap->tx_drop_nonassoc++;
+ ret = AP_TX_DROP;
+ goto out;
+ }
+
+ if (sta == NULL)
+ goto out;
+
+ if (!(sta->flags & WLAN_STA_AUTHORIZED))
+ ret = AP_TX_CONTINUE_NOT_AUTHORIZED;
+
+ /* Set tx_rate if using host-based TX rate control */
+ if (!local->fw_tx_rate_control)
+ local->ap->last_tx_rate = meta->rate =
+ ap_update_sta_tx_rate(sta, local->dev);
+
+ if (local->iw_mode != IW_MODE_MASTER)
+ goto out;
+
+ if (!(sta->flags & WLAN_STA_PS))
+ goto out;
+
+ if (meta->flags & HOSTAP_TX_FLAGS_ADD_MOREDATA) {
+ /* indicate to STA that more frames follow */
+ hdr->frame_control |=
+ cpu_to_le16(IEEE80211_FCTL_MOREDATA);
+ }
+
+ if (meta->flags & HOSTAP_TX_FLAGS_BUFFERED_FRAME) {
+ /* packet was already buffered and now send due to
+ * PS poll, so do not rebuffer it */
+ goto out;
+ }
+
+ if (skb_queue_len(&sta->tx_buf) >= STA_MAX_TX_BUFFER) {
+ PDEBUG(DEBUG_PS, "%s: No more space in STA (%pM)'s"
+ "PS mode buffer\n",
+ local->dev->name, sta->addr);
+ /* Make sure that TIM is set for the station (it might not be
+ * after AP wlan hw reset). */
+ /* FIX: should fix hw reset to restore bits based on STA
+ * buffer state.. */
+ hostap_set_tim(local, sta->aid, 1);
+ sta->flags |= WLAN_STA_TIM;
+ ret = AP_TX_DROP;
+ goto out;
+ }
+
+ /* STA in PS mode, buffer frame for later delivery */
+ set_tim = skb_queue_empty(&sta->tx_buf);
+ skb_queue_tail(&sta->tx_buf, skb);
+ /* FIX: could save RX time to skb and expire buffered frames after
+ * some time if STA does not poll for them */
+
+ if (set_tim) {
+ if (sta->flags & WLAN_STA_TIM)
+ PDEBUG(DEBUG_PS2, "Re-setting TIM for aid %d\n",
+ sta->aid);
+ hostap_set_tim(local, sta->aid, 1);
+ sta->flags |= WLAN_STA_TIM;
+ }
+
+ ret = AP_TX_BUFFERED;
+
+ out:
+ if (sta != NULL) {
+ if (ret == AP_TX_CONTINUE ||
+ ret == AP_TX_CONTINUE_NOT_AUTHORIZED) {
+ sta->tx_packets++;
+ sta->tx_bytes += skb->len;
+ sta->last_tx = jiffies;
+ }
+
+ if ((ret == AP_TX_CONTINUE ||
+ ret == AP_TX_CONTINUE_NOT_AUTHORIZED) &&
+ sta->crypt && tx->host_encrypt) {
+ tx->crypt = sta->crypt;
+ tx->sta_ptr = sta; /* hostap_handle_sta_release() will
+ * be called to release sta info
+ * later */
+ } else
+ atomic_dec(&sta->users);
+ }
+
+ return ret;
+}
+
+
+void hostap_handle_sta_release(void *ptr)
+{
+ struct sta_info *sta = ptr;
+ atomic_dec(&sta->users);
+}
+
+
+/* Called only as a tasklet (software IRQ) */
+void hostap_handle_sta_tx_exc(local_info_t *local, struct sk_buff *skb)
+{
+ struct sta_info *sta;
+ struct ieee80211_hdr *hdr;
+ struct hostap_skb_tx_data *meta;
+
+ hdr = (struct ieee80211_hdr *) skb->data;
+ meta = (struct hostap_skb_tx_data *) skb->cb;
+
+ spin_lock(&local->ap->sta_table_lock);
+ sta = ap_get_sta(local->ap, hdr->addr1);
+ if (!sta) {
+ spin_unlock(&local->ap->sta_table_lock);
+ PDEBUG(DEBUG_AP, "%s: Could not find STA %pM"
+ " for this TX error (@%lu)\n",
+ local->dev->name, hdr->addr1, jiffies);
+ return;
+ }
+
+ sta->tx_since_last_failure = 0;
+ sta->tx_consecutive_exc++;
+
+ if (sta->tx_consecutive_exc >= WLAN_RATE_DECREASE_THRESHOLD &&
+ sta->tx_rate_idx > 0 && meta->rate <= sta->tx_rate) {
+ /* use next lower rate */
+ int old, rate;
+ old = rate = sta->tx_rate_idx;
+ while (rate > 0) {
+ rate--;
+ if (ap_tx_rate_ok(rate, sta, local)) {
+ sta->tx_rate_idx = rate;
+ break;
+ }
+ }
+ if (old != sta->tx_rate_idx) {
+ switch (sta->tx_rate_idx) {
+ case 0: sta->tx_rate = 10; break;
+ case 1: sta->tx_rate = 20; break;
+ case 2: sta->tx_rate = 55; break;
+ case 3: sta->tx_rate = 110; break;
+ default: sta->tx_rate = 0; break;
+ }
+ PDEBUG(DEBUG_AP,
+ "%s: STA %pM TX rate lowered to %d\n",
+ local->dev->name, sta->addr, sta->tx_rate);
+ }
+ sta->tx_consecutive_exc = 0;
+ }
+ spin_unlock(&local->ap->sta_table_lock);
+}
+
+
+static void hostap_update_sta_ps2(local_info_t *local, struct sta_info *sta,
+ int pwrmgt, int type, int stype)
+{
+ if (pwrmgt && !(sta->flags & WLAN_STA_PS)) {
+ sta->flags |= WLAN_STA_PS;
+ PDEBUG(DEBUG_PS2, "STA %pM changed to use PS "
+ "mode (type=0x%02X, stype=0x%02X)\n",
+ sta->addr, type >> 2, stype >> 4);
+ } else if (!pwrmgt && (sta->flags & WLAN_STA_PS)) {
+ sta->flags &= ~WLAN_STA_PS;
+ PDEBUG(DEBUG_PS2, "STA %pM changed to not use "
+ "PS mode (type=0x%02X, stype=0x%02X)\n",
+ sta->addr, type >> 2, stype >> 4);
+ if (type != IEEE80211_FTYPE_CTL ||
+ stype != IEEE80211_STYPE_PSPOLL)
+ schedule_packet_send(local, sta);
+ }
+}
+
+
+/* Called only as a tasklet (software IRQ). Called for each RX frame to update
+ * STA power saving state. pwrmgt is a flag from 802.11 frame_control field. */
+int hostap_update_sta_ps(local_info_t *local, struct ieee80211_hdr *hdr)
+{
+ struct sta_info *sta;
+ u16 fc;
+
+ spin_lock(&local->ap->sta_table_lock);
+ sta = ap_get_sta(local->ap, hdr->addr2);
+ if (sta)
+ atomic_inc(&sta->users);
+ spin_unlock(&local->ap->sta_table_lock);
+
+ if (!sta)
+ return -1;
+
+ fc = le16_to_cpu(hdr->frame_control);
+ hostap_update_sta_ps2(local, sta, fc & IEEE80211_FCTL_PM,
+ fc & IEEE80211_FCTL_FTYPE,
+ fc & IEEE80211_FCTL_STYPE);
+
+ atomic_dec(&sta->users);
+ return 0;
+}
+
+
+/* Called only as a tasklet (software IRQ). Called for each RX frame after
+ * getting RX header and payload from hardware. */
+ap_rx_ret hostap_handle_sta_rx(local_info_t *local, struct net_device *dev,
+ struct sk_buff *skb,
+ struct hostap_80211_rx_status *rx_stats,
+ int wds)
+{
+ int ret;
+ struct sta_info *sta;
+ u16 fc, type, stype;
+ struct ieee80211_hdr *hdr;
+
+ if (local->ap == NULL)
+ return AP_RX_CONTINUE;
+
+ hdr = (struct ieee80211_hdr *) skb->data;
+
+ fc = le16_to_cpu(hdr->frame_control);
+ type = fc & IEEE80211_FCTL_FTYPE;
+ stype = fc & IEEE80211_FCTL_STYPE;
+
+ spin_lock(&local->ap->sta_table_lock);
+ sta = ap_get_sta(local->ap, hdr->addr2);
+ if (sta)
+ atomic_inc(&sta->users);
+ spin_unlock(&local->ap->sta_table_lock);
+
+ if (sta && !(sta->flags & WLAN_STA_AUTHORIZED))
+ ret = AP_RX_CONTINUE_NOT_AUTHORIZED;
+ else
+ ret = AP_RX_CONTINUE;
+
+
+ if (fc & IEEE80211_FCTL_TODS) {
+ if (!wds && (sta == NULL || !(sta->flags & WLAN_STA_ASSOC))) {
+ if (local->hostapd) {
+ prism2_rx_80211(local->apdev, skb, rx_stats,
+ PRISM2_RX_NON_ASSOC);
+#ifndef PRISM2_NO_KERNEL_IEEE80211_MGMT
+ } else {
+ printk(KERN_DEBUG "%s: dropped received packet"
+ " from non-associated STA %pM"
+ " (type=0x%02x, subtype=0x%02x)\n",
+ dev->name, hdr->addr2,
+ type >> 2, stype >> 4);
+ hostap_rx(dev, skb, rx_stats);
+#endif /* PRISM2_NO_KERNEL_IEEE80211_MGMT */
+ }
+ ret = AP_RX_EXIT;
+ goto out;
+ }
+ } else if (fc & IEEE80211_FCTL_FROMDS) {
+ if (!wds) {
+ /* FromDS frame - not for us; probably
+ * broadcast/multicast in another BSS - drop */
+ if (ether_addr_equal(hdr->addr1, dev->dev_addr)) {
+ printk(KERN_DEBUG "Odd.. FromDS packet "
+ "received with own BSSID\n");
+ hostap_dump_rx_80211(dev->name, skb, rx_stats);
+ }
+ ret = AP_RX_DROP;
+ goto out;
+ }
+ } else if (stype == IEEE80211_STYPE_NULLFUNC && sta == NULL &&
+ ether_addr_equal(hdr->addr1, dev->dev_addr)) {
+
+ if (local->hostapd) {
+ prism2_rx_80211(local->apdev, skb, rx_stats,
+ PRISM2_RX_NON_ASSOC);
+#ifndef PRISM2_NO_KERNEL_IEEE80211_MGMT
+ } else {
+ /* At least Lucent f/w seems to send data::nullfunc
+ * frames with no ToDS flag when the current AP returns
+ * after being unavailable for some time. Speed up
+ * re-association by informing the station about it not
+ * being associated. */
+ printk(KERN_DEBUG "%s: rejected received nullfunc frame"
+ " without ToDS from not associated STA %pM\n",
+ dev->name, hdr->addr2);
+ hostap_rx(dev, skb, rx_stats);
+#endif /* PRISM2_NO_KERNEL_IEEE80211_MGMT */
+ }
+ ret = AP_RX_EXIT;
+ goto out;
+ } else if (stype == IEEE80211_STYPE_NULLFUNC) {
+ /* At least Lucent cards seem to send periodic nullfunc
+ * frames with ToDS. Let these through to update SQ
+ * stats and PS state. Nullfunc frames do not contain
+ * any data and they will be dropped below. */
+ } else {
+ /* If BSSID (Addr3) is foreign, this frame is a normal
+ * broadcast frame from an IBSS network. Drop it silently.
+ * If BSSID is own, report the dropping of this frame. */
+ if (ether_addr_equal(hdr->addr3, dev->dev_addr)) {
+ printk(KERN_DEBUG "%s: dropped received packet from %pM"
+ " with no ToDS flag "
+ "(type=0x%02x, subtype=0x%02x)\n", dev->name,
+ hdr->addr2, type >> 2, stype >> 4);
+ hostap_dump_rx_80211(dev->name, skb, rx_stats);
+ }
+ ret = AP_RX_DROP;
+ goto out;
+ }
+
+ if (sta) {
+ hostap_update_sta_ps2(local, sta, fc & IEEE80211_FCTL_PM,
+ type, stype);
+
+ sta->rx_packets++;
+ sta->rx_bytes += skb->len;
+ sta->last_rx = jiffies;
+ }
+
+ if (local->ap->nullfunc_ack && stype == IEEE80211_STYPE_NULLFUNC &&
+ fc & IEEE80211_FCTL_TODS) {
+ if (local->hostapd) {
+ prism2_rx_80211(local->apdev, skb, rx_stats,
+ PRISM2_RX_NULLFUNC_ACK);
+#ifndef PRISM2_NO_KERNEL_IEEE80211_MGMT
+ } else {
+ /* some STA f/w's seem to require control::ACK frame
+ * for data::nullfunc, but Prism2 f/w 0.8.0 (at least
+ * from Compaq) does not send this.. Try to generate
+ * ACK for these frames from the host driver to make
+ * power saving work with, e.g., Lucent WaveLAN f/w */
+ hostap_rx(dev, skb, rx_stats);
+#endif /* PRISM2_NO_KERNEL_IEEE80211_MGMT */
+ }
+ ret = AP_RX_EXIT;
+ goto out;
+ }
+
+ out:
+ if (sta)
+ atomic_dec(&sta->users);
+
+ return ret;
+}
+
+
+/* Called only as a tasklet (software IRQ) */
+int hostap_handle_sta_crypto(local_info_t *local,
+ struct ieee80211_hdr *hdr,
+ struct lib80211_crypt_data **crypt,
+ void **sta_ptr)
+{
+ struct sta_info *sta;
+
+ spin_lock(&local->ap->sta_table_lock);
+ sta = ap_get_sta(local->ap, hdr->addr2);
+ if (sta)
+ atomic_inc(&sta->users);
+ spin_unlock(&local->ap->sta_table_lock);
+
+ if (!sta)
+ return -1;
+
+ if (sta->crypt) {
+ *crypt = sta->crypt;
+ *sta_ptr = sta;
+ /* hostap_handle_sta_release() will be called to release STA
+ * info */
+ } else
+ atomic_dec(&sta->users);
+
+ return 0;
+}
+
+
+/* Called only as a tasklet (software IRQ) */
+int hostap_is_sta_assoc(struct ap_data *ap, u8 *sta_addr)
+{
+ struct sta_info *sta;
+ int ret = 0;
+
+ spin_lock(&ap->sta_table_lock);
+ sta = ap_get_sta(ap, sta_addr);
+ if (sta != NULL && (sta->flags & WLAN_STA_ASSOC) && !sta->ap)
+ ret = 1;
+ spin_unlock(&ap->sta_table_lock);
+
+ return ret;
+}
+
+
+/* Called only as a tasklet (software IRQ) */
+int hostap_is_sta_authorized(struct ap_data *ap, u8 *sta_addr)
+{
+ struct sta_info *sta;
+ int ret = 0;
+
+ spin_lock(&ap->sta_table_lock);
+ sta = ap_get_sta(ap, sta_addr);
+ if (sta != NULL && (sta->flags & WLAN_STA_ASSOC) && !sta->ap &&
+ ((sta->flags & WLAN_STA_AUTHORIZED) ||
+ ap->local->ieee_802_1x == 0))
+ ret = 1;
+ spin_unlock(&ap->sta_table_lock);
+
+ return ret;
+}
+
+
+/* Called only as a tasklet (software IRQ) */
+int hostap_add_sta(struct ap_data *ap, u8 *sta_addr)
+{
+ struct sta_info *sta;
+ int ret = 1;
+
+ if (!ap)
+ return -1;
+
+ spin_lock(&ap->sta_table_lock);
+ sta = ap_get_sta(ap, sta_addr);
+ if (sta)
+ ret = 0;
+ spin_unlock(&ap->sta_table_lock);
+
+ if (ret == 1) {
+ sta = ap_add_sta(ap, sta_addr);
+ if (!sta)
+ return -1;
+ sta->flags = WLAN_STA_AUTH | WLAN_STA_ASSOC;
+ sta->ap = 1;
+ memset(sta->supported_rates, 0, sizeof(sta->supported_rates));
+ /* No way of knowing which rates are supported since we did not
+ * get supported rates element from beacon/assoc req. Assume
+ * that remote end supports all 802.11b rates. */
+ sta->supported_rates[0] = 0x82;
+ sta->supported_rates[1] = 0x84;
+ sta->supported_rates[2] = 0x0b;
+ sta->supported_rates[3] = 0x16;
+ sta->tx_supp_rates = WLAN_RATE_1M | WLAN_RATE_2M |
+ WLAN_RATE_5M5 | WLAN_RATE_11M;
+ sta->tx_rate = 110;
+ sta->tx_max_rate = sta->tx_rate_idx = 3;
+ }
+
+ return ret;
+}
+
+
+/* Called only as a tasklet (software IRQ) */
+int hostap_update_rx_stats(struct ap_data *ap,
+ struct ieee80211_hdr *hdr,
+ struct hostap_80211_rx_status *rx_stats)
+{
+ struct sta_info *sta;
+
+ if (!ap)
+ return -1;
+
+ spin_lock(&ap->sta_table_lock);
+ sta = ap_get_sta(ap, hdr->addr2);
+ if (sta) {
+ sta->last_rx_silence = rx_stats->noise;
+ sta->last_rx_signal = rx_stats->signal;
+ sta->last_rx_rate = rx_stats->rate;
+ sta->last_rx_updated = IW_QUAL_ALL_UPDATED | IW_QUAL_DBM;
+ if (rx_stats->rate == 10)
+ sta->rx_count[0]++;
+ else if (rx_stats->rate == 20)
+ sta->rx_count[1]++;
+ else if (rx_stats->rate == 55)
+ sta->rx_count[2]++;
+ else if (rx_stats->rate == 110)
+ sta->rx_count[3]++;
+ }
+ spin_unlock(&ap->sta_table_lock);
+
+ return sta ? 0 : -1;
+}
+
+
+void hostap_update_rates(local_info_t *local)
+{
+ struct sta_info *sta;
+ struct ap_data *ap = local->ap;
+
+ if (!ap)
+ return;
+
+ spin_lock_bh(&ap->sta_table_lock);
+ list_for_each_entry(sta, &ap->sta_list, list) {
+ prism2_check_tx_rates(sta);
+ }
+ spin_unlock_bh(&ap->sta_table_lock);
+}
+
+
+void * ap_crypt_get_ptrs(struct ap_data *ap, u8 *addr, int permanent,
+ struct lib80211_crypt_data ***crypt)
+{
+ struct sta_info *sta;
+
+ spin_lock_bh(&ap->sta_table_lock);
+ sta = ap_get_sta(ap, addr);
+ if (sta)
+ atomic_inc(&sta->users);
+ spin_unlock_bh(&ap->sta_table_lock);
+
+ if (!sta && permanent)
+ sta = ap_add_sta(ap, addr);
+
+ if (!sta)
+ return NULL;
+
+ if (permanent)
+ sta->flags |= WLAN_STA_PERM;
+
+ *crypt = &sta->crypt;
+
+ return sta;
+}
+
+
+void hostap_add_wds_links(local_info_t *local)
+{
+ struct ap_data *ap = local->ap;
+ struct sta_info *sta;
+
+ spin_lock_bh(&ap->sta_table_lock);
+ list_for_each_entry(sta, &ap->sta_list, list) {
+ if (sta->ap)
+ hostap_wds_link_oper(local, sta->addr, WDS_ADD);
+ }
+ spin_unlock_bh(&ap->sta_table_lock);
+
+ schedule_work(&local->ap->wds_oper_queue);
+}
+
+
+void hostap_wds_link_oper(local_info_t *local, u8 *addr, wds_oper_type type)
+{
+ struct wds_oper_data *entry;
+
+ entry = kmalloc(sizeof(*entry), GFP_ATOMIC);
+ if (!entry)
+ return;
+ memcpy(entry->addr, addr, ETH_ALEN);
+ entry->type = type;
+ spin_lock_bh(&local->lock);
+ entry->next = local->ap->wds_oper_entries;
+ local->ap->wds_oper_entries = entry;
+ spin_unlock_bh(&local->lock);
+
+ schedule_work(&local->ap->wds_oper_queue);
+}
+
+
+EXPORT_SYMBOL(hostap_init_data);
+EXPORT_SYMBOL(hostap_init_ap_proc);
+EXPORT_SYMBOL(hostap_free_data);
+EXPORT_SYMBOL(hostap_check_sta_fw_version);
+EXPORT_SYMBOL(hostap_handle_sta_tx_exc);
+#ifndef PRISM2_NO_KERNEL_IEEE80211_MGMT
+#endif /* PRISM2_NO_KERNEL_IEEE80211_MGMT */
diff --git a/drivers/net/wireless/intersil/hostap/hostap_ap.h b/drivers/net/wireless/intersil/hostap/hostap_ap.h
new file mode 100644
index 000000000..b7ac9e2f1
--- /dev/null
+++ b/drivers/net/wireless/intersil/hostap/hostap_ap.h
@@ -0,0 +1,264 @@
+/* SPDX-License-Identifier: GPL-2.0 */
+#ifndef HOSTAP_AP_H
+#define HOSTAP_AP_H
+
+#include "hostap_80211.h"
+
+/* AP data structures for STAs */
+
+/* maximum number of frames to buffer per STA */
+#define STA_MAX_TX_BUFFER 32
+
+/* STA flags */
+#define WLAN_STA_AUTH BIT(0)
+#define WLAN_STA_ASSOC BIT(1)
+#define WLAN_STA_PS BIT(2)
+#define WLAN_STA_TIM BIT(3) /* TIM bit is on for PS stations */
+#define WLAN_STA_PERM BIT(4) /* permanent; do not remove entry on expiration */
+#define WLAN_STA_AUTHORIZED BIT(5) /* If 802.1X is used, this flag is
+ * controlling whether STA is authorized to
+ * send and receive non-IEEE 802.1X frames
+ */
+#define WLAN_STA_PENDING_POLL BIT(6) /* pending activity poll not ACKed */
+
+#define WLAN_RATE_1M BIT(0)
+#define WLAN_RATE_2M BIT(1)
+#define WLAN_RATE_5M5 BIT(2)
+#define WLAN_RATE_11M BIT(3)
+#define WLAN_RATE_COUNT 4
+
+/* Maximum size of Supported Rates info element. IEEE 802.11 has a limit of 8,
+ * but some pre-standard IEEE 802.11g products use longer elements. */
+#define WLAN_SUPP_RATES_MAX 32
+
+/* Try to increase TX rate after # successfully sent consecutive packets */
+#define WLAN_RATE_UPDATE_COUNT 50
+
+/* Decrease TX rate after # consecutive dropped packets */
+#define WLAN_RATE_DECREASE_THRESHOLD 2
+
+struct sta_info {
+ struct list_head list;
+ struct sta_info *hnext; /* next entry in hash table list */
+ atomic_t users; /* number of users (do not remove if > 0) */
+ struct proc_dir_entry *proc;
+
+ u8 addr[6];
+ u16 aid; /* STA's unique AID (1 .. 2007) or 0 if not yet assigned */
+ u32 flags;
+ u16 capability;
+ u16 listen_interval; /* or beacon_int for APs */
+ u8 supported_rates[WLAN_SUPP_RATES_MAX];
+
+ unsigned long last_auth;
+ unsigned long last_assoc;
+ unsigned long last_rx;
+ unsigned long last_tx;
+ unsigned long rx_packets, tx_packets;
+ unsigned long rx_bytes, tx_bytes;
+ struct sk_buff_head tx_buf;
+ /* FIX: timeout buffers with an expiry time somehow derived from
+ * listen_interval */
+
+ s8 last_rx_silence; /* Noise in dBm */
+ s8 last_rx_signal; /* Signal strength in dBm */
+ u8 last_rx_rate; /* TX rate in 0.1 Mbps */
+ u8 last_rx_updated; /* IWSPY's struct iw_quality::updated */
+
+ u8 tx_supp_rates; /* bit field of supported TX rates */
+ u8 tx_rate; /* current TX rate (in 0.1 Mbps) */
+ u8 tx_rate_idx; /* current TX rate (WLAN_RATE_*) */
+ u8 tx_max_rate; /* max TX rate (WLAN_RATE_*) */
+ u32 tx_count[WLAN_RATE_COUNT]; /* number of frames sent (per rate) */
+ u32 rx_count[WLAN_RATE_COUNT]; /* number of frames received (per rate)
+ */
+ u32 tx_since_last_failure;
+ u32 tx_consecutive_exc;
+
+ struct lib80211_crypt_data *crypt;
+
+ int ap; /* whether this station is an AP */
+
+ local_info_t *local;
+
+#ifndef PRISM2_NO_KERNEL_IEEE80211_MGMT
+ union {
+ struct {
+ char *challenge; /* shared key authentication
+ * challenge */
+ } sta;
+ struct {
+ int ssid_len;
+ unsigned char ssid[MAX_SSID_LEN + 1]; /* AP's ssid */
+ int channel;
+ unsigned long last_beacon; /* last RX beacon time */
+ } ap;
+ } u;
+
+ struct timer_list timer;
+ enum { STA_NULLFUNC = 0, STA_DISASSOC, STA_DEAUTH } timeout_next;
+#endif /* PRISM2_NO_KERNEL_IEEE80211_MGMT */
+};
+
+
+#define MAX_STA_COUNT 1024
+
+/* Maximum number of AIDs to use for STAs; must be 2007 or lower
+ * (8802.11 limitation) */
+#define MAX_AID_TABLE_SIZE 128
+
+#define STA_HASH_SIZE 256
+#define STA_HASH(sta) (sta[5])
+
+
+/* Default value for maximum station inactivity. After AP_MAX_INACTIVITY_SEC
+ * has passed since last received frame from the station, a nullfunc data
+ * frame is sent to the station. If this frame is not acknowledged and no other
+ * frames have been received, the station will be disassociated after
+ * AP_DISASSOC_DELAY. Similarly, a the station will be deauthenticated after
+ * AP_DEAUTH_DELAY. AP_TIMEOUT_RESOLUTION is the resolution that is used with
+ * max inactivity timer. */
+#define AP_MAX_INACTIVITY_SEC (5 * 60)
+#define AP_DISASSOC_DELAY (HZ)
+#define AP_DEAUTH_DELAY (HZ)
+
+/* ap_policy: whether to accept frames to/from other APs/IBSS */
+typedef enum {
+ AP_OTHER_AP_SKIP_ALL = 0,
+ AP_OTHER_AP_SAME_SSID = 1,
+ AP_OTHER_AP_ALL = 2,
+ AP_OTHER_AP_EVEN_IBSS = 3
+} ap_policy_enum;
+
+#define PRISM2_AUTH_OPEN BIT(0)
+#define PRISM2_AUTH_SHARED_KEY BIT(1)
+
+
+/* MAC address-based restrictions */
+struct mac_entry {
+ struct list_head list;
+ u8 addr[6];
+};
+
+struct mac_restrictions {
+ enum { MAC_POLICY_OPEN = 0, MAC_POLICY_ALLOW, MAC_POLICY_DENY } policy;
+ unsigned int entries;
+ struct list_head mac_list;
+ spinlock_t lock;
+};
+
+
+struct add_sta_proc_data {
+ u8 addr[ETH_ALEN];
+ struct add_sta_proc_data *next;
+};
+
+
+typedef enum { WDS_ADD, WDS_DEL } wds_oper_type;
+struct wds_oper_data {
+ wds_oper_type type;
+ u8 addr[ETH_ALEN];
+ struct wds_oper_data *next;
+};
+
+
+struct ap_data {
+ int initialized; /* whether ap_data has been initialized */
+ local_info_t *local;
+ int bridge_packets; /* send packet to associated STAs directly to the
+ * wireless media instead of higher layers in the
+ * kernel */
+ unsigned int bridged_unicast; /* number of unicast frames bridged on
+ * wireless media */
+ unsigned int bridged_multicast; /* number of non-unicast frames
+ * bridged on wireless media */
+ unsigned int tx_drop_nonassoc; /* number of unicast TX packets dropped
+ * because they were to an address that
+ * was not associated */
+ int nullfunc_ack; /* use workaround for nullfunc frame ACKs */
+
+ spinlock_t sta_table_lock;
+ int num_sta; /* number of entries in sta_list */
+ struct list_head sta_list; /* STA info list head */
+ struct sta_info *sta_hash[STA_HASH_SIZE];
+
+ struct proc_dir_entry *proc;
+
+ ap_policy_enum ap_policy;
+ unsigned int max_inactivity;
+ int autom_ap_wds;
+
+ struct mac_restrictions mac_restrictions; /* MAC-based auth */
+ int last_tx_rate;
+
+ struct work_struct add_sta_proc_queue;
+ struct add_sta_proc_data *add_sta_proc_entries;
+
+ struct work_struct wds_oper_queue;
+ struct wds_oper_data *wds_oper_entries;
+
+ u16 tx_callback_idx;
+
+#ifndef PRISM2_NO_KERNEL_IEEE80211_MGMT
+ /* pointers to STA info; based on allocated AID or NULL if AID free
+ * AID is in the range 1-2007, so sta_aid[0] corresponders to AID 1
+ * and so on
+ */
+ struct sta_info *sta_aid[MAX_AID_TABLE_SIZE];
+
+ u16 tx_callback_auth, tx_callback_assoc, tx_callback_poll;
+
+ /* WEP operations for generating challenges to be used with shared key
+ * authentication */
+ struct lib80211_crypto_ops *crypt;
+ void *crypt_priv;
+#endif /* PRISM2_NO_KERNEL_IEEE80211_MGMT */
+};
+
+
+void hostap_rx(struct net_device *dev, struct sk_buff *skb,
+ struct hostap_80211_rx_status *rx_stats);
+void hostap_init_data(local_info_t *local);
+void hostap_init_ap_proc(local_info_t *local);
+void hostap_free_data(struct ap_data *ap);
+void hostap_check_sta_fw_version(struct ap_data *ap, int sta_fw_ver);
+
+typedef enum {
+ AP_TX_CONTINUE, AP_TX_DROP, AP_TX_RETRY, AP_TX_BUFFERED,
+ AP_TX_CONTINUE_NOT_AUTHORIZED
+} ap_tx_ret;
+struct hostap_tx_data {
+ struct sk_buff *skb;
+ int host_encrypt;
+ struct lib80211_crypt_data *crypt;
+ void *sta_ptr;
+};
+ap_tx_ret hostap_handle_sta_tx(local_info_t *local, struct hostap_tx_data *tx);
+void hostap_handle_sta_release(void *ptr);
+void hostap_handle_sta_tx_exc(local_info_t *local, struct sk_buff *skb);
+int hostap_update_sta_ps(local_info_t *local, struct ieee80211_hdr *hdr);
+typedef enum {
+ AP_RX_CONTINUE, AP_RX_DROP, AP_RX_EXIT, AP_RX_CONTINUE_NOT_AUTHORIZED
+} ap_rx_ret;
+ap_rx_ret hostap_handle_sta_rx(local_info_t *local, struct net_device *dev,
+ struct sk_buff *skb,
+ struct hostap_80211_rx_status *rx_stats,
+ int wds);
+int hostap_handle_sta_crypto(local_info_t *local, struct ieee80211_hdr *hdr,
+ struct lib80211_crypt_data **crypt,
+ void **sta_ptr);
+int hostap_is_sta_assoc(struct ap_data *ap, u8 *sta_addr);
+int hostap_is_sta_authorized(struct ap_data *ap, u8 *sta_addr);
+int hostap_add_sta(struct ap_data *ap, u8 *sta_addr);
+int hostap_update_rx_stats(struct ap_data *ap, struct ieee80211_hdr *hdr,
+ struct hostap_80211_rx_status *rx_stats);
+void hostap_update_rates(local_info_t *local);
+void hostap_add_wds_links(local_info_t *local);
+void hostap_wds_link_oper(local_info_t *local, u8 *addr, wds_oper_type type);
+
+#ifndef PRISM2_NO_KERNEL_IEEE80211_MGMT
+void hostap_deauth_all_stas(struct net_device *dev, struct ap_data *ap,
+ int resend);
+#endif /* PRISM2_NO_KERNEL_IEEE80211_MGMT */
+
+#endif /* HOSTAP_AP_H */
diff --git a/drivers/net/wireless/intersil/hostap/hostap_common.h b/drivers/net/wireless/intersil/hostap/hostap_common.h
new file mode 100644
index 000000000..dd29a8e8d
--- /dev/null
+++ b/drivers/net/wireless/intersil/hostap/hostap_common.h
@@ -0,0 +1,420 @@
+/* SPDX-License-Identifier: GPL-2.0 */
+#ifndef HOSTAP_COMMON_H
+#define HOSTAP_COMMON_H
+
+#include <linux/types.h>
+#include <linux/if_ether.h>
+
+/* IEEE 802.11 defines */
+
+/* HFA384X Configuration RIDs */
+#define HFA384X_RID_CNFPORTTYPE 0xFC00
+#define HFA384X_RID_CNFOWNMACADDR 0xFC01
+#define HFA384X_RID_CNFDESIREDSSID 0xFC02
+#define HFA384X_RID_CNFOWNCHANNEL 0xFC03
+#define HFA384X_RID_CNFOWNSSID 0xFC04
+#define HFA384X_RID_CNFOWNATIMWINDOW 0xFC05
+#define HFA384X_RID_CNFSYSTEMSCALE 0xFC06
+#define HFA384X_RID_CNFMAXDATALEN 0xFC07
+#define HFA384X_RID_CNFWDSADDRESS 0xFC08
+#define HFA384X_RID_CNFPMENABLED 0xFC09
+#define HFA384X_RID_CNFPMEPS 0xFC0A
+#define HFA384X_RID_CNFMULTICASTRECEIVE 0xFC0B
+#define HFA384X_RID_CNFMAXSLEEPDURATION 0xFC0C
+#define HFA384X_RID_CNFPMHOLDOVERDURATION 0xFC0D
+#define HFA384X_RID_CNFOWNNAME 0xFC0E
+#define HFA384X_RID_CNFOWNDTIMPERIOD 0xFC10
+#define HFA384X_RID_CNFWDSADDRESS1 0xFC11 /* AP f/w only */
+#define HFA384X_RID_CNFWDSADDRESS2 0xFC12 /* AP f/w only */
+#define HFA384X_RID_CNFWDSADDRESS3 0xFC13 /* AP f/w only */
+#define HFA384X_RID_CNFWDSADDRESS4 0xFC14 /* AP f/w only */
+#define HFA384X_RID_CNFWDSADDRESS5 0xFC15 /* AP f/w only */
+#define HFA384X_RID_CNFWDSADDRESS6 0xFC16 /* AP f/w only */
+#define HFA384X_RID_CNFMULTICASTPMBUFFERING 0xFC17 /* AP f/w only */
+#define HFA384X_RID_UNKNOWN1 0xFC20
+#define HFA384X_RID_UNKNOWN2 0xFC21
+#define HFA384X_RID_CNFWEPDEFAULTKEYID 0xFC23
+#define HFA384X_RID_CNFDEFAULTKEY0 0xFC24
+#define HFA384X_RID_CNFDEFAULTKEY1 0xFC25
+#define HFA384X_RID_CNFDEFAULTKEY2 0xFC26
+#define HFA384X_RID_CNFDEFAULTKEY3 0xFC27
+#define HFA384X_RID_CNFWEPFLAGS 0xFC28
+#define HFA384X_RID_CNFWEPKEYMAPPINGTABLE 0xFC29
+#define HFA384X_RID_CNFAUTHENTICATION 0xFC2A
+#define HFA384X_RID_CNFMAXASSOCSTA 0xFC2B /* AP f/w only */
+#define HFA384X_RID_CNFTXCONTROL 0xFC2C
+#define HFA384X_RID_CNFROAMINGMODE 0xFC2D
+#define HFA384X_RID_CNFHOSTAUTHENTICATION 0xFC2E /* AP f/w only */
+#define HFA384X_RID_CNFRCVCRCERROR 0xFC30
+#define HFA384X_RID_CNFMMLIFE 0xFC31
+#define HFA384X_RID_CNFALTRETRYCOUNT 0xFC32
+#define HFA384X_RID_CNFBEACONINT 0xFC33
+#define HFA384X_RID_CNFAPPCFINFO 0xFC34 /* AP f/w only */
+#define HFA384X_RID_CNFSTAPCFINFO 0xFC35
+#define HFA384X_RID_CNFPRIORITYQUSAGE 0xFC37
+#define HFA384X_RID_CNFTIMCTRL 0xFC40
+#define HFA384X_RID_UNKNOWN3 0xFC41 /* added in STA f/w 0.7.x */
+#define HFA384X_RID_CNFTHIRTY2TALLY 0xFC42 /* added in STA f/w 0.8.0 */
+#define HFA384X_RID_CNFENHSECURITY 0xFC43 /* AP f/w or STA f/w >= 1.6.3 */
+#define HFA384X_RID_CNFDBMADJUST 0xFC46 /* added in STA f/w 1.3.1 */
+#define HFA384X_RID_GENERICELEMENT 0xFC48 /* added in STA f/w 1.7.0;
+ * write only */
+#define HFA384X_RID_PROPAGATIONDELAY 0xFC49 /* added in STA f/w 1.7.6 */
+#define HFA384X_RID_GROUPADDRESSES 0xFC80
+#define HFA384X_RID_CREATEIBSS 0xFC81
+#define HFA384X_RID_FRAGMENTATIONTHRESHOLD 0xFC82
+#define HFA384X_RID_RTSTHRESHOLD 0xFC83
+#define HFA384X_RID_TXRATECONTROL 0xFC84
+#define HFA384X_RID_PROMISCUOUSMODE 0xFC85
+#define HFA384X_RID_FRAGMENTATIONTHRESHOLD0 0xFC90 /* AP f/w only */
+#define HFA384X_RID_FRAGMENTATIONTHRESHOLD1 0xFC91 /* AP f/w only */
+#define HFA384X_RID_FRAGMENTATIONTHRESHOLD2 0xFC92 /* AP f/w only */
+#define HFA384X_RID_FRAGMENTATIONTHRESHOLD3 0xFC93 /* AP f/w only */
+#define HFA384X_RID_FRAGMENTATIONTHRESHOLD4 0xFC94 /* AP f/w only */
+#define HFA384X_RID_FRAGMENTATIONTHRESHOLD5 0xFC95 /* AP f/w only */
+#define HFA384X_RID_FRAGMENTATIONTHRESHOLD6 0xFC96 /* AP f/w only */
+#define HFA384X_RID_RTSTHRESHOLD0 0xFC97 /* AP f/w only */
+#define HFA384X_RID_RTSTHRESHOLD1 0xFC98 /* AP f/w only */
+#define HFA384X_RID_RTSTHRESHOLD2 0xFC99 /* AP f/w only */
+#define HFA384X_RID_RTSTHRESHOLD3 0xFC9A /* AP f/w only */
+#define HFA384X_RID_RTSTHRESHOLD4 0xFC9B /* AP f/w only */
+#define HFA384X_RID_RTSTHRESHOLD5 0xFC9C /* AP f/w only */
+#define HFA384X_RID_RTSTHRESHOLD6 0xFC9D /* AP f/w only */
+#define HFA384X_RID_TXRATECONTROL0 0xFC9E /* AP f/w only */
+#define HFA384X_RID_TXRATECONTROL1 0xFC9F /* AP f/w only */
+#define HFA384X_RID_TXRATECONTROL2 0xFCA0 /* AP f/w only */
+#define HFA384X_RID_TXRATECONTROL3 0xFCA1 /* AP f/w only */
+#define HFA384X_RID_TXRATECONTROL4 0xFCA2 /* AP f/w only */
+#define HFA384X_RID_TXRATECONTROL5 0xFCA3 /* AP f/w only */
+#define HFA384X_RID_TXRATECONTROL6 0xFCA4 /* AP f/w only */
+#define HFA384X_RID_CNFSHORTPREAMBLE 0xFCB0
+#define HFA384X_RID_CNFEXCLUDELONGPREAMBLE 0xFCB1
+#define HFA384X_RID_CNFAUTHENTICATIONRSPTO 0xFCB2
+#define HFA384X_RID_CNFBASICRATES 0xFCB3
+#define HFA384X_RID_CNFSUPPORTEDRATES 0xFCB4
+#define HFA384X_RID_CNFFALLBACKCTRL 0xFCB5 /* added in STA f/w 1.3.1 */
+#define HFA384X_RID_WEPKEYDISABLE 0xFCB6 /* added in STA f/w 1.3.1 */
+#define HFA384X_RID_WEPKEYMAPINDEX 0xFCB7 /* ? */
+#define HFA384X_RID_BROADCASTKEYID 0xFCB8 /* ? */
+#define HFA384X_RID_ENTSECFLAGEYID 0xFCB9 /* ? */
+#define HFA384X_RID_CNFPASSIVESCANCTRL 0xFCBA /* added in STA f/w 1.5.0 */
+#define HFA384X_RID_SSNHANDLINGMODE 0xFCBB /* added in STA f/w 1.7.0 */
+#define HFA384X_RID_MDCCONTROL 0xFCBC /* added in STA f/w 1.7.0 */
+#define HFA384X_RID_MDCCOUNTRY 0xFCBD /* added in STA f/w 1.7.0 */
+#define HFA384X_RID_TXPOWERMAX 0xFCBE /* added in STA f/w 1.7.0 */
+#define HFA384X_RID_CNFLFOENABLED 0xFCBF /* added in STA f/w 1.6.3 */
+#define HFA384X_RID_CAPINFO 0xFCC0 /* added in STA f/w 1.7.0 */
+#define HFA384X_RID_LISTENINTERVAL 0xFCC1 /* added in STA f/w 1.7.0 */
+#define HFA384X_RID_SW_ANT_DIV 0xFCC2 /* added in STA f/w 1.7.0; Prism3 */
+#define HFA384X_RID_LED_CTRL 0xFCC4 /* added in STA f/w 1.7.6 */
+#define HFA384X_RID_HFODELAY 0xFCC5 /* added in STA f/w 1.7.6 */
+#define HFA384X_RID_DISALLOWEDBSSID 0xFCC6 /* added in STA f/w 1.8.0 */
+#define HFA384X_RID_TICKTIME 0xFCE0
+#define HFA384X_RID_SCANREQUEST 0xFCE1
+#define HFA384X_RID_JOINREQUEST 0xFCE2
+#define HFA384X_RID_AUTHENTICATESTATION 0xFCE3 /* AP f/w only */
+#define HFA384X_RID_CHANNELINFOREQUEST 0xFCE4 /* AP f/w only */
+#define HFA384X_RID_HOSTSCAN 0xFCE5 /* added in STA f/w 1.3.1 */
+
+/* HFA384X Information RIDs */
+#define HFA384X_RID_MAXLOADTIME 0xFD00
+#define HFA384X_RID_DOWNLOADBUFFER 0xFD01
+#define HFA384X_RID_PRIID 0xFD02
+#define HFA384X_RID_PRISUPRANGE 0xFD03
+#define HFA384X_RID_CFIACTRANGES 0xFD04
+#define HFA384X_RID_NICSERNUM 0xFD0A
+#define HFA384X_RID_NICID 0xFD0B
+#define HFA384X_RID_MFISUPRANGE 0xFD0C
+#define HFA384X_RID_CFISUPRANGE 0xFD0D
+#define HFA384X_RID_CHANNELLIST 0xFD10
+#define HFA384X_RID_REGULATORYDOMAINS 0xFD11
+#define HFA384X_RID_TEMPTYPE 0xFD12
+#define HFA384X_RID_CIS 0xFD13
+#define HFA384X_RID_STAID 0xFD20
+#define HFA384X_RID_STASUPRANGE 0xFD21
+#define HFA384X_RID_MFIACTRANGES 0xFD22
+#define HFA384X_RID_CFIACTRANGES2 0xFD23
+#define HFA384X_RID_PRODUCTNAME 0xFD24 /* added in STA f/w 1.3.1;
+ * only Prism2.5(?) */
+#define HFA384X_RID_PORTSTATUS 0xFD40
+#define HFA384X_RID_CURRENTSSID 0xFD41
+#define HFA384X_RID_CURRENTBSSID 0xFD42
+#define HFA384X_RID_COMMSQUALITY 0xFD43
+#define HFA384X_RID_CURRENTTXRATE 0xFD44
+#define HFA384X_RID_CURRENTBEACONINTERVAL 0xFD45
+#define HFA384X_RID_CURRENTSCALETHRESHOLDS 0xFD46
+#define HFA384X_RID_PROTOCOLRSPTIME 0xFD47
+#define HFA384X_RID_SHORTRETRYLIMIT 0xFD48
+#define HFA384X_RID_LONGRETRYLIMIT 0xFD49
+#define HFA384X_RID_MAXTRANSMITLIFETIME 0xFD4A
+#define HFA384X_RID_MAXRECEIVELIFETIME 0xFD4B
+#define HFA384X_RID_CFPOLLABLE 0xFD4C
+#define HFA384X_RID_AUTHENTICATIONALGORITHMS 0xFD4D
+#define HFA384X_RID_PRIVACYOPTIONIMPLEMENTED 0xFD4F
+#define HFA384X_RID_DBMCOMMSQUALITY 0xFD51 /* added in STA f/w 1.3.1 */
+#define HFA384X_RID_CURRENTTXRATE1 0xFD80 /* AP f/w only */
+#define HFA384X_RID_CURRENTTXRATE2 0xFD81 /* AP f/w only */
+#define HFA384X_RID_CURRENTTXRATE3 0xFD82 /* AP f/w only */
+#define HFA384X_RID_CURRENTTXRATE4 0xFD83 /* AP f/w only */
+#define HFA384X_RID_CURRENTTXRATE5 0xFD84 /* AP f/w only */
+#define HFA384X_RID_CURRENTTXRATE6 0xFD85 /* AP f/w only */
+#define HFA384X_RID_OWNMACADDR 0xFD86 /* AP f/w only */
+#define HFA384X_RID_SCANRESULTSTABLE 0xFD88 /* added in STA f/w 0.8.3 */
+#define HFA384X_RID_HOSTSCANRESULTS 0xFD89 /* added in STA f/w 1.3.1 */
+#define HFA384X_RID_AUTHENTICATIONUSED 0xFD8A /* added in STA f/w 1.3.4 */
+#define HFA384X_RID_CNFFAASWITCHCTRL 0xFD8B /* added in STA f/w 1.6.3 */
+#define HFA384X_RID_ASSOCIATIONFAILURE 0xFD8D /* added in STA f/w 1.8.0 */
+#define HFA384X_RID_PHYTYPE 0xFDC0
+#define HFA384X_RID_CURRENTCHANNEL 0xFDC1
+#define HFA384X_RID_CURRENTPOWERSTATE 0xFDC2
+#define HFA384X_RID_CCAMODE 0xFDC3
+#define HFA384X_RID_SUPPORTEDDATARATES 0xFDC6
+#define HFA384X_RID_LFO_VOLT_REG_TEST_RES 0xFDC7 /* added in STA f/w 1.7.1 */
+#define HFA384X_RID_BUILDSEQ 0xFFFE
+#define HFA384X_RID_FWID 0xFFFF
+
+
+struct hfa384x_comp_ident
+{
+ __le16 id;
+ __le16 variant;
+ __le16 major;
+ __le16 minor;
+} __packed;
+
+#define HFA384X_COMP_ID_PRI 0x15
+#define HFA384X_COMP_ID_STA 0x1f
+#define HFA384X_COMP_ID_FW_AP 0x14b
+
+struct hfa384x_sup_range
+{
+ __le16 role;
+ __le16 id;
+ __le16 variant;
+ __le16 bottom;
+ __le16 top;
+} __packed;
+
+
+struct hfa384x_build_id
+{
+ __le16 pri_seq;
+ __le16 sec_seq;
+} __packed;
+
+/* FD01 - Download Buffer */
+struct hfa384x_rid_download_buffer
+{
+ __le16 page;
+ __le16 offset;
+ __le16 length;
+} __packed;
+
+/* BSS connection quality (RID FD43 range, RID FD51 dBm-normalized) */
+struct hfa384x_comms_quality {
+ __le16 comm_qual; /* 0 .. 92 */
+ __le16 signal_level; /* 27 .. 154 */
+ __le16 noise_level; /* 27 .. 154 */
+} __packed;
+
+
+/* netdevice private ioctls (used, e.g., with iwpriv from user space) */
+
+/* New wireless extensions API - SET/GET convention (even ioctl numbers are
+ * root only)
+ */
+#define PRISM2_IOCTL_PRISM2_PARAM (SIOCIWFIRSTPRIV + 0)
+#define PRISM2_IOCTL_GET_PRISM2_PARAM (SIOCIWFIRSTPRIV + 1)
+#define PRISM2_IOCTL_WRITEMIF (SIOCIWFIRSTPRIV + 2)
+#define PRISM2_IOCTL_READMIF (SIOCIWFIRSTPRIV + 3)
+#define PRISM2_IOCTL_MONITOR (SIOCIWFIRSTPRIV + 4)
+#define PRISM2_IOCTL_RESET (SIOCIWFIRSTPRIV + 6)
+#define PRISM2_IOCTL_INQUIRE (SIOCIWFIRSTPRIV + 8)
+#define PRISM2_IOCTL_WDS_ADD (SIOCIWFIRSTPRIV + 10)
+#define PRISM2_IOCTL_WDS_DEL (SIOCIWFIRSTPRIV + 12)
+#define PRISM2_IOCTL_SET_RID_WORD (SIOCIWFIRSTPRIV + 14)
+#define PRISM2_IOCTL_MACCMD (SIOCIWFIRSTPRIV + 16)
+#define PRISM2_IOCTL_ADDMAC (SIOCIWFIRSTPRIV + 18)
+#define PRISM2_IOCTL_DELMAC (SIOCIWFIRSTPRIV + 20)
+#define PRISM2_IOCTL_KICKMAC (SIOCIWFIRSTPRIV + 22)
+
+/* following are not in SIOCGIWPRIV list; check permission in the driver code
+ */
+#define PRISM2_IOCTL_DOWNLOAD (SIOCDEVPRIVATE + 13)
+#define PRISM2_IOCTL_HOSTAPD (SIOCDEVPRIVATE + 14)
+
+
+/* PRISM2_IOCTL_PRISM2_PARAM ioctl() subtypes: */
+enum {
+ /* PRISM2_PARAM_PTYPE = 1, */ /* REMOVED 2003-10-22 */
+ PRISM2_PARAM_TXRATECTRL = 2,
+ PRISM2_PARAM_BEACON_INT = 3,
+ PRISM2_PARAM_PSEUDO_IBSS = 4,
+ PRISM2_PARAM_ALC = 5,
+ /* PRISM2_PARAM_TXPOWER = 6, */ /* REMOVED 2003-10-22 */
+ PRISM2_PARAM_DUMP = 7,
+ PRISM2_PARAM_OTHER_AP_POLICY = 8,
+ PRISM2_PARAM_AP_MAX_INACTIVITY = 9,
+ PRISM2_PARAM_AP_BRIDGE_PACKETS = 10,
+ PRISM2_PARAM_DTIM_PERIOD = 11,
+ PRISM2_PARAM_AP_NULLFUNC_ACK = 12,
+ PRISM2_PARAM_MAX_WDS = 13,
+ PRISM2_PARAM_AP_AUTOM_AP_WDS = 14,
+ PRISM2_PARAM_AP_AUTH_ALGS = 15,
+ PRISM2_PARAM_MONITOR_ALLOW_FCSERR = 16,
+ PRISM2_PARAM_HOST_ENCRYPT = 17,
+ PRISM2_PARAM_HOST_DECRYPT = 18,
+ /* PRISM2_PARAM_BUS_MASTER_THRESHOLD_RX = 19, REMOVED 2005-08-14 */
+ /* PRISM2_PARAM_BUS_MASTER_THRESHOLD_TX = 20, REMOVED 2005-08-14 */
+ PRISM2_PARAM_HOST_ROAMING = 21,
+ PRISM2_PARAM_BCRX_STA_KEY = 22,
+ PRISM2_PARAM_IEEE_802_1X = 23,
+ PRISM2_PARAM_ANTSEL_TX = 24,
+ PRISM2_PARAM_ANTSEL_RX = 25,
+ PRISM2_PARAM_MONITOR_TYPE = 26,
+ PRISM2_PARAM_WDS_TYPE = 27,
+ PRISM2_PARAM_HOSTSCAN = 28,
+ PRISM2_PARAM_AP_SCAN = 29,
+ PRISM2_PARAM_ENH_SEC = 30,
+ PRISM2_PARAM_IO_DEBUG = 31,
+ PRISM2_PARAM_BASIC_RATES = 32,
+ PRISM2_PARAM_OPER_RATES = 33,
+ PRISM2_PARAM_HOSTAPD = 34,
+ PRISM2_PARAM_HOSTAPD_STA = 35,
+ PRISM2_PARAM_WPA = 36,
+ PRISM2_PARAM_PRIVACY_INVOKED = 37,
+ PRISM2_PARAM_TKIP_COUNTERMEASURES = 38,
+ PRISM2_PARAM_DROP_UNENCRYPTED = 39,
+ PRISM2_PARAM_SCAN_CHANNEL_MASK = 40,
+};
+
+enum { HOSTAP_ANTSEL_DO_NOT_TOUCH = 0, HOSTAP_ANTSEL_DIVERSITY = 1,
+ HOSTAP_ANTSEL_LOW = 2, HOSTAP_ANTSEL_HIGH = 3 };
+
+
+/* PRISM2_IOCTL_MACCMD ioctl() subcommands: */
+enum { AP_MAC_CMD_POLICY_OPEN = 0, AP_MAC_CMD_POLICY_ALLOW = 1,
+ AP_MAC_CMD_POLICY_DENY = 2, AP_MAC_CMD_FLUSH = 3,
+ AP_MAC_CMD_KICKALL = 4 };
+
+
+/* PRISM2_IOCTL_DOWNLOAD ioctl() dl_cmd: */
+enum {
+ PRISM2_DOWNLOAD_VOLATILE = 1 /* RAM */,
+ /* Note! Old versions of prism2_srec have a fatal error in CRC-16
+ * calculation, which will corrupt all non-volatile downloads.
+ * PRISM2_DOWNLOAD_NON_VOLATILE used to be 2, but it is now 3 to
+ * prevent use of old versions of prism2_srec for non-volatile
+ * download. */
+ PRISM2_DOWNLOAD_NON_VOLATILE = 3 /* FLASH */,
+ PRISM2_DOWNLOAD_VOLATILE_GENESIS = 4 /* RAM in Genesis mode */,
+ /* Persistent versions of volatile download commands (keep firmware
+ * data in memory and automatically re-download after hw_reset */
+ PRISM2_DOWNLOAD_VOLATILE_PERSISTENT = 5,
+ PRISM2_DOWNLOAD_VOLATILE_GENESIS_PERSISTENT = 6,
+};
+
+struct prism2_download_param {
+ u32 dl_cmd;
+ u32 start_addr;
+ u32 num_areas;
+ struct prism2_download_area {
+ u32 addr; /* wlan card address */
+ u32 len;
+ void __user *ptr; /* pointer to data in user space */
+ } data[];
+};
+
+#define PRISM2_MAX_DOWNLOAD_AREA_LEN 131072
+#define PRISM2_MAX_DOWNLOAD_LEN 262144
+
+
+/* PRISM2_IOCTL_HOSTAPD ioctl() cmd: */
+enum {
+ PRISM2_HOSTAPD_FLUSH = 1,
+ PRISM2_HOSTAPD_ADD_STA = 2,
+ PRISM2_HOSTAPD_REMOVE_STA = 3,
+ PRISM2_HOSTAPD_GET_INFO_STA = 4,
+ /* REMOVED: PRISM2_HOSTAPD_RESET_TXEXC_STA = 5, */
+ PRISM2_SET_ENCRYPTION = 6,
+ PRISM2_GET_ENCRYPTION = 7,
+ PRISM2_HOSTAPD_SET_FLAGS_STA = 8,
+ PRISM2_HOSTAPD_GET_RID = 9,
+ PRISM2_HOSTAPD_SET_RID = 10,
+ PRISM2_HOSTAPD_SET_ASSOC_AP_ADDR = 11,
+ PRISM2_HOSTAPD_SET_GENERIC_ELEMENT = 12,
+ PRISM2_HOSTAPD_MLME = 13,
+ PRISM2_HOSTAPD_SCAN_REQ = 14,
+ PRISM2_HOSTAPD_STA_CLEAR_STATS = 15,
+};
+
+#define PRISM2_HOSTAPD_MAX_BUF_SIZE 1024
+#define PRISM2_HOSTAPD_RID_HDR_LEN \
+offsetof(struct prism2_hostapd_param, u.rid.data)
+#define PRISM2_HOSTAPD_GENERIC_ELEMENT_HDR_LEN \
+offsetof(struct prism2_hostapd_param, u.generic_elem.data)
+
+/* Maximum length for algorithm names (-1 for nul termination) used in ioctl()
+ */
+#define HOSTAP_CRYPT_ALG_NAME_LEN 16
+
+
+struct prism2_hostapd_param {
+ u32 cmd;
+ u8 sta_addr[ETH_ALEN];
+ union {
+ struct {
+ u16 aid;
+ u16 capability;
+ u8 tx_supp_rates;
+ } add_sta;
+ struct {
+ u32 inactive_sec;
+ } get_info_sta;
+ struct {
+ u8 alg[HOSTAP_CRYPT_ALG_NAME_LEN];
+ u32 flags;
+ u32 err;
+ u8 idx;
+ u8 seq[8]; /* sequence counter (set: RX, get: TX) */
+ u16 key_len;
+ u8 key[0];
+ } crypt;
+ struct {
+ u32 flags_and;
+ u32 flags_or;
+ } set_flags_sta;
+ struct {
+ u16 rid;
+ u16 len;
+ u8 data[0];
+ } rid;
+ struct {
+ u8 len;
+ u8 data[0];
+ } generic_elem;
+ struct {
+#define MLME_STA_DEAUTH 0
+#define MLME_STA_DISASSOC 1
+ u16 cmd;
+ u16 reason_code;
+ } mlme;
+ struct {
+ u8 ssid_len;
+ u8 ssid[32];
+ } scan_req;
+ } u;
+};
+
+#define HOSTAP_CRYPT_FLAG_SET_TX_KEY BIT(0)
+#define HOSTAP_CRYPT_FLAG_PERMANENT BIT(1)
+
+#define HOSTAP_CRYPT_ERR_UNKNOWN_ALG 2
+#define HOSTAP_CRYPT_ERR_UNKNOWN_ADDR 3
+#define HOSTAP_CRYPT_ERR_CRYPT_INIT_FAILED 4
+#define HOSTAP_CRYPT_ERR_KEY_SET_FAILED 5
+#define HOSTAP_CRYPT_ERR_TX_KEY_SET_FAILED 6
+#define HOSTAP_CRYPT_ERR_CARD_CONF_FAILED 7
+
+
+#endif /* HOSTAP_COMMON_H */
diff --git a/drivers/net/wireless/intersil/hostap/hostap_config.h b/drivers/net/wireless/intersil/hostap/hostap_config.h
new file mode 100644
index 000000000..3ebd55847
--- /dev/null
+++ b/drivers/net/wireless/intersil/hostap/hostap_config.h
@@ -0,0 +1,49 @@
+/* SPDX-License-Identifier: GPL-2.0 */
+#ifndef HOSTAP_CONFIG_H
+#define HOSTAP_CONFIG_H
+
+/* In the previous versions of Host AP driver, support for user space version
+ * of IEEE 802.11 management (hostapd) used to be disabled in the default
+ * configuration. From now on, support for hostapd is always included and it is
+ * possible to disable kernel driver version of IEEE 802.11 management with a
+ * separate define, PRISM2_NO_KERNEL_IEEE80211_MGMT. */
+/* #define PRISM2_NO_KERNEL_IEEE80211_MGMT */
+
+/* Maximum number of events handler per one interrupt */
+#define PRISM2_MAX_INTERRUPT_EVENTS 20
+
+/* Include code for downloading firmware images into volatile RAM. */
+#define PRISM2_DOWNLOAD_SUPPORT
+
+/* Allow kernel configuration to enable download support. */
+#if !defined(PRISM2_DOWNLOAD_SUPPORT) && defined(CONFIG_HOSTAP_FIRMWARE)
+#define PRISM2_DOWNLOAD_SUPPORT
+#endif
+
+/* Allow kernel configuration to enable non-volatile download support. */
+#ifdef CONFIG_HOSTAP_FIRMWARE_NVRAM
+#define PRISM2_NON_VOLATILE_DOWNLOAD
+#endif
+
+/* Save low-level I/O for debugging. This should not be enabled in normal use.
+ */
+/* #define PRISM2_IO_DEBUG */
+
+/* Following defines can be used to remove unneeded parts of the driver, e.g.,
+ * to limit the size of the kernel module. Definitions can be added here in
+ * hostap_config.h or they can be added to make command with ccflags-y,
+ * e.g.,
+ * 'make pccard ccflags-y="-DPRISM2_NO_DEBUG -DPRISM2_NO_PROCFS_DEBUG"'
+ */
+
+/* Do not include debug messages into the driver */
+/* #define PRISM2_NO_DEBUG */
+
+/* Do not include /proc/net/prism2/wlan#/{registers,debug} */
+/* #define PRISM2_NO_PROCFS_DEBUG */
+
+/* Do not include station functionality (i.e., allow only Master (Host AP) mode
+ */
+/* #define PRISM2_NO_STATION_MODES */
+
+#endif /* HOSTAP_CONFIG_H */
diff --git a/drivers/net/wireless/intersil/hostap/hostap_cs.c b/drivers/net/wireless/intersil/hostap/hostap_cs.c
new file mode 100644
index 000000000..ec7db2bad
--- /dev/null
+++ b/drivers/net/wireless/intersil/hostap/hostap_cs.c
@@ -0,0 +1,710 @@
+// SPDX-License-Identifier: GPL-2.0-only
+#define PRISM2_PCCARD
+
+#include <linux/module.h>
+#include <linux/if.h>
+#include <linux/slab.h>
+#include <linux/wait.h>
+#include <linux/timer.h>
+#include <linux/skbuff.h>
+#include <linux/netdevice.h>
+#include <linux/workqueue.h>
+#include <linux/wireless.h>
+#include <net/iw_handler.h>
+
+#include <pcmcia/cistpl.h>
+#include <pcmcia/cisreg.h>
+#include <pcmcia/ds.h>
+
+#include <asm/io.h>
+
+#include "hostap_wlan.h"
+
+
+static char *dev_info = "hostap_cs";
+
+MODULE_AUTHOR("Jouni Malinen");
+MODULE_DESCRIPTION("Support for Intersil Prism2-based 802.11 wireless LAN "
+ "cards (PC Card).");
+MODULE_LICENSE("GPL");
+
+
+static int ignore_cis_vcc;
+module_param(ignore_cis_vcc, int, 0444);
+MODULE_PARM_DESC(ignore_cis_vcc, "Ignore broken CIS VCC entry");
+
+
+/* struct local_info::hw_priv */
+struct hostap_cs_priv {
+ struct pcmcia_device *link;
+ int sandisk_connectplus;
+};
+
+
+#ifdef PRISM2_IO_DEBUG
+
+static inline void hfa384x_outb_debug(struct net_device *dev, int a, u8 v)
+{
+ struct hostap_interface *iface;
+ local_info_t *local;
+ unsigned long flags;
+
+ iface = netdev_priv(dev);
+ local = iface->local;
+ spin_lock_irqsave(&local->lock, flags);
+ prism2_io_debug_add(dev, PRISM2_IO_DEBUG_CMD_OUTB, a, v);
+ outb(v, dev->base_addr + a);
+ spin_unlock_irqrestore(&local->lock, flags);
+}
+
+static inline u8 hfa384x_inb_debug(struct net_device *dev, int a)
+{
+ struct hostap_interface *iface;
+ local_info_t *local;
+ unsigned long flags;
+ u8 v;
+
+ iface = netdev_priv(dev);
+ local = iface->local;
+ spin_lock_irqsave(&local->lock, flags);
+ v = inb(dev->base_addr + a);
+ prism2_io_debug_add(dev, PRISM2_IO_DEBUG_CMD_INB, a, v);
+ spin_unlock_irqrestore(&local->lock, flags);
+ return v;
+}
+
+static inline void hfa384x_outw_debug(struct net_device *dev, int a, u16 v)
+{
+ struct hostap_interface *iface;
+ local_info_t *local;
+ unsigned long flags;
+
+ iface = netdev_priv(dev);
+ local = iface->local;
+ spin_lock_irqsave(&local->lock, flags);
+ prism2_io_debug_add(dev, PRISM2_IO_DEBUG_CMD_OUTW, a, v);
+ outw(v, dev->base_addr + a);
+ spin_unlock_irqrestore(&local->lock, flags);
+}
+
+static inline u16 hfa384x_inw_debug(struct net_device *dev, int a)
+{
+ struct hostap_interface *iface;
+ local_info_t *local;
+ unsigned long flags;
+ u16 v;
+
+ iface = netdev_priv(dev);
+ local = iface->local;
+ spin_lock_irqsave(&local->lock, flags);
+ v = inw(dev->base_addr + a);
+ prism2_io_debug_add(dev, PRISM2_IO_DEBUG_CMD_INW, a, v);
+ spin_unlock_irqrestore(&local->lock, flags);
+ return v;
+}
+
+static inline void hfa384x_outsw_debug(struct net_device *dev, int a,
+ u8 *buf, int wc)
+{
+ struct hostap_interface *iface;
+ local_info_t *local;
+ unsigned long flags;
+
+ iface = netdev_priv(dev);
+ local = iface->local;
+ spin_lock_irqsave(&local->lock, flags);
+ prism2_io_debug_add(dev, PRISM2_IO_DEBUG_CMD_OUTSW, a, wc);
+ outsw(dev->base_addr + a, buf, wc);
+ spin_unlock_irqrestore(&local->lock, flags);
+}
+
+static inline void hfa384x_insw_debug(struct net_device *dev, int a,
+ u8 *buf, int wc)
+{
+ struct hostap_interface *iface;
+ local_info_t *local;
+ unsigned long flags;
+
+ iface = netdev_priv(dev);
+ local = iface->local;
+ spin_lock_irqsave(&local->lock, flags);
+ prism2_io_debug_add(dev, PRISM2_IO_DEBUG_CMD_INSW, a, wc);
+ insw(dev->base_addr + a, buf, wc);
+ spin_unlock_irqrestore(&local->lock, flags);
+}
+
+#define HFA384X_OUTB(v,a) hfa384x_outb_debug(dev, (a), (v))
+#define HFA384X_INB(a) hfa384x_inb_debug(dev, (a))
+#define HFA384X_OUTW(v,a) hfa384x_outw_debug(dev, (a), (v))
+#define HFA384X_INW(a) hfa384x_inw_debug(dev, (a))
+#define HFA384X_OUTSW(a, buf, wc) hfa384x_outsw_debug(dev, (a), (buf), (wc))
+#define HFA384X_INSW(a, buf, wc) hfa384x_insw_debug(dev, (a), (buf), (wc))
+
+#else /* PRISM2_IO_DEBUG */
+
+#define HFA384X_OUTB(v,a) outb((v), dev->base_addr + (a))
+#define HFA384X_INB(a) inb(dev->base_addr + (a))
+#define HFA384X_OUTW(v,a) outw((v), dev->base_addr + (a))
+#define HFA384X_INW(a) inw(dev->base_addr + (a))
+#define HFA384X_INSW(a, buf, wc) insw(dev->base_addr + (a), buf, wc)
+#define HFA384X_OUTSW(a, buf, wc) outsw(dev->base_addr + (a), buf, wc)
+
+#endif /* PRISM2_IO_DEBUG */
+
+
+static int hfa384x_from_bap(struct net_device *dev, u16 bap, void *buf,
+ int len)
+{
+ u16 d_off;
+ u16 *pos;
+
+ d_off = (bap == 1) ? HFA384X_DATA1_OFF : HFA384X_DATA0_OFF;
+ pos = (u16 *) buf;
+
+ if (len / 2)
+ HFA384X_INSW(d_off, buf, len / 2);
+ pos += len / 2;
+
+ if (len & 1)
+ *((char *) pos) = HFA384X_INB(d_off);
+
+ return 0;
+}
+
+
+static int hfa384x_to_bap(struct net_device *dev, u16 bap, void *buf, int len)
+{
+ u16 d_off;
+ u16 *pos;
+
+ d_off = (bap == 1) ? HFA384X_DATA1_OFF : HFA384X_DATA0_OFF;
+ pos = (u16 *) buf;
+
+ if (len / 2)
+ HFA384X_OUTSW(d_off, buf, len / 2);
+ pos += len / 2;
+
+ if (len & 1)
+ HFA384X_OUTB(*((char *) pos), d_off);
+
+ return 0;
+}
+
+
+/* FIX: This might change at some point.. */
+#include "hostap_hw.c"
+
+
+
+static void prism2_detach(struct pcmcia_device *p_dev);
+static void prism2_release(u_long arg);
+static int prism2_config(struct pcmcia_device *link);
+
+
+static int prism2_pccard_card_present(local_info_t *local)
+{
+ struct hostap_cs_priv *hw_priv = local->hw_priv;
+ if (hw_priv != NULL && hw_priv->link != NULL && pcmcia_dev_present(hw_priv->link))
+ return 1;
+ return 0;
+}
+
+
+/*
+ * SanDisk CompactFlash WLAN Flashcard - Product Manual v1.0
+ * Document No. 20-10-00058, January 2004
+ * http://www.sandisk.com/pdf/industrial/ProdManualCFWLANv1.0.pdf
+ */
+#define SANDISK_WLAN_ACTIVATION_OFF 0x40
+#define SANDISK_HCR_OFF 0x42
+
+
+static void sandisk_set_iobase(local_info_t *local)
+{
+ int res;
+ struct hostap_cs_priv *hw_priv = local->hw_priv;
+
+ res = pcmcia_write_config_byte(hw_priv->link, 0x10,
+ hw_priv->link->resource[0]->start & 0x00ff);
+ if (res != 0) {
+ printk(KERN_DEBUG "Prism3 SanDisk - failed to set I/O base 0 -"
+ " res=%d\n", res);
+ }
+ udelay(10);
+
+ res = pcmcia_write_config_byte(hw_priv->link, 0x12,
+ (hw_priv->link->resource[0]->start >> 8) & 0x00ff);
+ if (res != 0) {
+ printk(KERN_DEBUG "Prism3 SanDisk - failed to set I/O base 1 -"
+ " res=%d\n", res);
+ }
+}
+
+
+static void sandisk_write_hcr(local_info_t *local, int hcr)
+{
+ struct net_device *dev = local->dev;
+ int i;
+
+ HFA384X_OUTB(0x80, SANDISK_WLAN_ACTIVATION_OFF);
+ udelay(50);
+ for (i = 0; i < 10; i++) {
+ HFA384X_OUTB(hcr, SANDISK_HCR_OFF);
+ }
+ udelay(55);
+ HFA384X_OUTB(0x45, SANDISK_WLAN_ACTIVATION_OFF);
+}
+
+
+static int sandisk_enable_wireless(struct net_device *dev)
+{
+ int res, ret = 0;
+ struct hostap_interface *iface = netdev_priv(dev);
+ local_info_t *local = iface->local;
+ struct hostap_cs_priv *hw_priv = local->hw_priv;
+
+ if (resource_size(hw_priv->link->resource[0]) < 0x42) {
+ /* Not enough ports to be SanDisk multi-function card */
+ ret = -ENODEV;
+ goto done;
+ }
+
+ if (hw_priv->link->manf_id != 0xd601 || hw_priv->link->card_id != 0x0101) {
+ /* No SanDisk manfid found */
+ ret = -ENODEV;
+ goto done;
+ }
+
+ if (hw_priv->link->socket->functions < 2) {
+ /* No multi-function links found */
+ ret = -ENODEV;
+ goto done;
+ }
+
+ printk(KERN_DEBUG "%s: Multi-function SanDisk ConnectPlus detected"
+ " - using vendor-specific initialization\n", dev->name);
+ hw_priv->sandisk_connectplus = 1;
+
+ res = pcmcia_write_config_byte(hw_priv->link, CISREG_COR,
+ COR_SOFT_RESET);
+ if (res != 0) {
+ printk(KERN_DEBUG "%s: SanDisk - COR sreset failed (%d)\n",
+ dev->name, res);
+ goto done;
+ }
+ mdelay(5);
+
+ /*
+ * Do not enable interrupts here to avoid some bogus events. Interrupts
+ * will be enabled during the first cor_sreset call.
+ */
+ res = pcmcia_write_config_byte(hw_priv->link, CISREG_COR,
+ (COR_LEVEL_REQ | 0x8 | COR_ADDR_DECODE |
+ COR_FUNC_ENA));
+ if (res != 0) {
+ printk(KERN_DEBUG "%s: SanDisk - COR sreset failed (%d)\n",
+ dev->name, res);
+ goto done;
+ }
+ mdelay(5);
+
+ sandisk_set_iobase(local);
+
+ HFA384X_OUTB(0xc5, SANDISK_WLAN_ACTIVATION_OFF);
+ udelay(10);
+ HFA384X_OUTB(0x4b, SANDISK_WLAN_ACTIVATION_OFF);
+ udelay(10);
+
+done:
+ return ret;
+}
+
+
+static void prism2_pccard_cor_sreset(local_info_t *local)
+{
+ int res;
+ u8 val;
+ struct hostap_cs_priv *hw_priv = local->hw_priv;
+
+ if (!prism2_pccard_card_present(local))
+ return;
+
+ res = pcmcia_read_config_byte(hw_priv->link, CISREG_COR, &val);
+ if (res != 0) {
+ printk(KERN_DEBUG "prism2_pccard_cor_sreset failed 1 (%d)\n",
+ res);
+ return;
+ }
+ printk(KERN_DEBUG "prism2_pccard_cor_sreset: original COR %02x\n",
+ val);
+
+ val |= COR_SOFT_RESET;
+ res = pcmcia_write_config_byte(hw_priv->link, CISREG_COR, val);
+ if (res != 0) {
+ printk(KERN_DEBUG "prism2_pccard_cor_sreset failed 2 (%d)\n",
+ res);
+ return;
+ }
+
+ mdelay(hw_priv->sandisk_connectplus ? 5 : 2);
+
+ val &= ~COR_SOFT_RESET;
+ if (hw_priv->sandisk_connectplus)
+ val |= COR_IREQ_ENA;
+ res = pcmcia_write_config_byte(hw_priv->link, CISREG_COR, val);
+ if (res != 0) {
+ printk(KERN_DEBUG "prism2_pccard_cor_sreset failed 3 (%d)\n",
+ res);
+ return;
+ }
+
+ mdelay(hw_priv->sandisk_connectplus ? 5 : 2);
+
+ if (hw_priv->sandisk_connectplus)
+ sandisk_set_iobase(local);
+}
+
+
+static void prism2_pccard_genesis_reset(local_info_t *local, int hcr)
+{
+ int res;
+ u8 old_cor;
+ struct hostap_cs_priv *hw_priv = local->hw_priv;
+
+ if (!prism2_pccard_card_present(local))
+ return;
+
+ if (hw_priv->sandisk_connectplus) {
+ sandisk_write_hcr(local, hcr);
+ return;
+ }
+
+ res = pcmcia_read_config_byte(hw_priv->link, CISREG_COR, &old_cor);
+ if (res != 0) {
+ printk(KERN_DEBUG "%s failed 1 (%d)\n", __func__, res);
+ return;
+ }
+ printk(KERN_DEBUG "%s: original COR %02x\n", __func__, old_cor);
+
+ res = pcmcia_write_config_byte(hw_priv->link, CISREG_COR,
+ old_cor | COR_SOFT_RESET);
+ if (res != 0) {
+ printk(KERN_DEBUG "%s failed 2 (%d)\n", __func__, res);
+ return;
+ }
+
+ mdelay(10);
+
+ /* Setup Genesis mode */
+ res = pcmcia_write_config_byte(hw_priv->link, CISREG_CCSR, hcr);
+ if (res != 0) {
+ printk(KERN_DEBUG "%s failed 3 (%d)\n", __func__, res);
+ return;
+ }
+ mdelay(10);
+
+ res = pcmcia_write_config_byte(hw_priv->link, CISREG_COR,
+ old_cor & ~COR_SOFT_RESET);
+ if (res != 0) {
+ printk(KERN_DEBUG "%s failed 4 (%d)\n", __func__, res);
+ return;
+ }
+
+ mdelay(10);
+}
+
+
+static struct prism2_helper_functions prism2_pccard_funcs =
+{
+ .card_present = prism2_pccard_card_present,
+ .cor_sreset = prism2_pccard_cor_sreset,
+ .genesis_reset = prism2_pccard_genesis_reset,
+ .hw_type = HOSTAP_HW_PCCARD,
+};
+
+
+/* allocate local data and register with CardServices
+ * initialize dev_link structure, but do not configure the card yet */
+static int hostap_cs_probe(struct pcmcia_device *p_dev)
+{
+ int ret;
+
+ PDEBUG(DEBUG_HW, "%s: setting Vcc=33 (constant)\n", dev_info);
+
+ ret = prism2_config(p_dev);
+ if (ret) {
+ PDEBUG(DEBUG_EXTRA, "prism2_config() failed\n");
+ }
+
+ return ret;
+}
+
+
+static void prism2_detach(struct pcmcia_device *link)
+{
+ PDEBUG(DEBUG_FLOW, "prism2_detach\n");
+
+ prism2_release((u_long)link);
+
+ /* release net devices */
+ if (link->priv) {
+ struct hostap_cs_priv *hw_priv;
+ struct net_device *dev;
+ struct hostap_interface *iface;
+ dev = link->priv;
+ iface = netdev_priv(dev);
+ hw_priv = iface->local->hw_priv;
+ prism2_free_local_data(dev);
+ kfree(hw_priv);
+ }
+}
+
+
+static int prism2_config_check(struct pcmcia_device *p_dev, void *priv_data)
+{
+ if (p_dev->config_index == 0)
+ return -EINVAL;
+
+ return pcmcia_request_io(p_dev);
+}
+
+static int prism2_config(struct pcmcia_device *link)
+{
+ struct net_device *dev;
+ struct hostap_interface *iface;
+ local_info_t *local;
+ int ret;
+ struct hostap_cs_priv *hw_priv;
+ unsigned long flags;
+
+ PDEBUG(DEBUG_FLOW, "prism2_config()\n");
+
+ hw_priv = kzalloc(sizeof(*hw_priv), GFP_KERNEL);
+ if (hw_priv == NULL) {
+ ret = -ENOMEM;
+ goto failed;
+ }
+
+ /* Look for an appropriate configuration table entry in the CIS */
+ link->config_flags |= CONF_AUTO_SET_VPP | CONF_AUTO_AUDIO |
+ CONF_AUTO_CHECK_VCC | CONF_AUTO_SET_IO | CONF_ENABLE_IRQ;
+ if (ignore_cis_vcc)
+ link->config_flags &= ~CONF_AUTO_CHECK_VCC;
+ ret = pcmcia_loop_config(link, prism2_config_check, NULL);
+ if (ret) {
+ if (!ignore_cis_vcc)
+ printk(KERN_ERR "GetNextTuple(): No matching "
+ "CIS configuration. Maybe you need the "
+ "ignore_cis_vcc=1 parameter.\n");
+ goto failed;
+ }
+
+ /* Need to allocate net_device before requesting IRQ handler */
+ dev = prism2_init_local_data(&prism2_pccard_funcs, 0,
+ &link->dev);
+ if (!dev) {
+ ret = -ENOMEM;
+ goto failed;
+ }
+ link->priv = dev;
+
+ iface = netdev_priv(dev);
+ local = iface->local;
+ local->hw_priv = hw_priv;
+ hw_priv->link = link;
+
+ /*
+ * We enable IRQ here, but IRQ handler will not proceed
+ * until dev->base_addr is set below. This protect us from
+ * receive interrupts when driver is not initialized.
+ */
+ ret = pcmcia_request_irq(link, prism2_interrupt);
+ if (ret)
+ goto failed;
+
+ ret = pcmcia_enable_device(link);
+ if (ret)
+ goto failed;
+
+ spin_lock_irqsave(&local->irq_init_lock, flags);
+ dev->irq = link->irq;
+ dev->base_addr = link->resource[0]->start;
+ spin_unlock_irqrestore(&local->irq_init_lock, flags);
+
+ local->shutdown = 0;
+
+ sandisk_enable_wireless(dev);
+
+ ret = prism2_hw_config(dev, 1);
+ if (!ret)
+ ret = hostap_hw_ready(dev);
+
+ return ret;
+
+ failed:
+ kfree(hw_priv);
+ prism2_release((u_long)link);
+ return ret;
+}
+
+
+static void prism2_release(u_long arg)
+{
+ struct pcmcia_device *link = (struct pcmcia_device *)arg;
+
+ PDEBUG(DEBUG_FLOW, "prism2_release\n");
+
+ if (link->priv) {
+ struct net_device *dev = link->priv;
+ struct hostap_interface *iface;
+
+ iface = netdev_priv(dev);
+ prism2_hw_shutdown(dev, 0);
+ iface->local->shutdown = 1;
+ }
+
+ pcmcia_disable_device(link);
+ PDEBUG(DEBUG_FLOW, "release - done\n");
+}
+
+static int hostap_cs_suspend(struct pcmcia_device *link)
+{
+ struct net_device *dev = (struct net_device *) link->priv;
+ int dev_open = 0;
+ struct hostap_interface *iface = NULL;
+
+ if (!dev)
+ return -ENODEV;
+
+ iface = netdev_priv(dev);
+
+ PDEBUG(DEBUG_EXTRA, "%s: CS_EVENT_PM_SUSPEND\n", dev_info);
+ if (iface && iface->local)
+ dev_open = iface->local->num_dev_open > 0;
+ if (dev_open) {
+ netif_stop_queue(dev);
+ netif_device_detach(dev);
+ }
+ prism2_suspend(dev);
+
+ return 0;
+}
+
+static int hostap_cs_resume(struct pcmcia_device *link)
+{
+ struct net_device *dev = (struct net_device *) link->priv;
+ int dev_open = 0;
+ struct hostap_interface *iface = NULL;
+
+ if (!dev)
+ return -ENODEV;
+
+ iface = netdev_priv(dev);
+
+ PDEBUG(DEBUG_EXTRA, "%s: CS_EVENT_PM_RESUME\n", dev_info);
+
+ if (iface && iface->local)
+ dev_open = iface->local->num_dev_open > 0;
+
+ prism2_hw_shutdown(dev, 1);
+ prism2_hw_config(dev, dev_open ? 0 : 1);
+ if (dev_open) {
+ netif_device_attach(dev);
+ netif_start_queue(dev);
+ }
+
+ return 0;
+}
+
+static const struct pcmcia_device_id hostap_cs_ids[] = {
+ PCMCIA_DEVICE_MANF_CARD(0x000b, 0x7100),
+ PCMCIA_DEVICE_MANF_CARD(0x000b, 0x7300),
+ PCMCIA_DEVICE_MANF_CARD(0x0101, 0x0777),
+ PCMCIA_DEVICE_MANF_CARD(0x0126, 0x8000),
+ PCMCIA_DEVICE_MANF_CARD(0x0138, 0x0002),
+ PCMCIA_DEVICE_MANF_CARD(0x01bf, 0x3301),
+ PCMCIA_DEVICE_MANF_CARD(0x0250, 0x0002),
+ PCMCIA_DEVICE_MANF_CARD(0x026f, 0x030b),
+ PCMCIA_DEVICE_MANF_CARD(0x0274, 0x1612),
+ PCMCIA_DEVICE_MANF_CARD(0x0274, 0x1613),
+ PCMCIA_DEVICE_MANF_CARD(0x028a, 0x0002),
+ PCMCIA_DEVICE_MANF_CARD(0x02aa, 0x0002),
+ PCMCIA_DEVICE_MANF_CARD(0x02d2, 0x0001),
+ PCMCIA_DEVICE_MANF_CARD(0x50c2, 0x0001),
+ PCMCIA_DEVICE_MANF_CARD(0x50c2, 0x7300),
+/* PCMCIA_DEVICE_MANF_CARD(0xc00f, 0x0000), conflict with pcnet_cs */
+ PCMCIA_DEVICE_MANF_CARD(0xc250, 0x0002),
+ PCMCIA_DEVICE_MANF_CARD(0xd601, 0x0002),
+ PCMCIA_DEVICE_MANF_CARD(0xd601, 0x0005),
+ PCMCIA_DEVICE_MANF_CARD(0xd601, 0x0010),
+ PCMCIA_DEVICE_MANF_CARD(0x0126, 0x0002),
+ PCMCIA_DEVICE_MANF_CARD_PROD_ID1(0xd601, 0x0005, "ADLINK 345 CF",
+ 0x2d858104),
+ PCMCIA_DEVICE_MANF_CARD_PROD_ID1(0x0156, 0x0002, "INTERSIL",
+ 0x74c5e40d),
+ PCMCIA_DEVICE_MANF_CARD_PROD_ID1(0x0156, 0x0002, "Intersil",
+ 0x4b801a17),
+ PCMCIA_DEVICE_MANF_CARD_PROD_ID3(0x0156, 0x0002, "Version 01.02",
+ 0x4b74baa0),
+ PCMCIA_MFC_DEVICE_PROD_ID12(0, "SanDisk", "ConnectPlus",
+ 0x7a954bd9, 0x74be00c6),
+ PCMCIA_DEVICE_PROD_ID123(
+ "Addtron", "AWP-100 Wireless PCMCIA", "Version 01.02",
+ 0xe6ec52ce, 0x08649af2, 0x4b74baa0),
+ PCMCIA_DEVICE_PROD_ID123(
+ "Canon", "Wireless LAN CF Card K30225", "Version 01.00",
+ 0x96ef6fe2, 0x263fcbab, 0xa57adb8c),
+ PCMCIA_DEVICE_PROD_ID123(
+ "D", "Link DWL-650 11Mbps WLAN Card", "Version 01.02",
+ 0x71b18589, 0xb6f1b0ab, 0x4b74baa0),
+ PCMCIA_DEVICE_PROD_ID123(
+ "Instant Wireless ", " Network PC CARD", "Version 01.02",
+ 0x11d901af, 0x6e9bd926, 0x4b74baa0),
+ PCMCIA_DEVICE_PROD_ID123(
+ "SMC", "SMC2632W", "Version 01.02",
+ 0xc4f8b18b, 0x474a1f2a, 0x4b74baa0),
+ PCMCIA_DEVICE_PROD_ID12("BUFFALO", "WLI-CF-S11G",
+ 0x2decece3, 0x82067c18),
+ PCMCIA_DEVICE_PROD_ID12("Compaq", "WL200_11Mbps_Wireless_PCI_Card",
+ 0x54f7c49c, 0x15a75e5b),
+ PCMCIA_DEVICE_PROD_ID12("INTERSIL", "HFA384x/IEEE",
+ 0x74c5e40d, 0xdb472a18),
+ PCMCIA_DEVICE_PROD_ID12("Linksys", "Wireless CompactFlash Card",
+ 0x0733cc81, 0x0c52f395),
+ PCMCIA_DEVICE_PROD_ID12(
+ "ZoomAir 11Mbps High", "Rate wireless Networking",
+ 0x273fe3db, 0x32a1eaee),
+ PCMCIA_DEVICE_PROD_ID12("NETGEAR MA401 Wireless PC", "Card",
+ 0xa37434e9, 0x9762e8f1),
+ PCMCIA_DEVICE_PROD_ID123(
+ "Pretec", "CompactWLAN Card 802.11b", "2.5",
+ 0x1cadd3e5, 0xe697636c, 0x7a5bfcf1),
+ PCMCIA_DEVICE_PROD_ID123(
+ "U.S. Robotics", "IEEE 802.11b PC-CARD", "Version 01.02",
+ 0xc7b8df9d, 0x1700d087, 0x4b74baa0),
+ PCMCIA_DEVICE_PROD_ID123(
+ "Allied Telesyn", "AT-WCL452 Wireless PCMCIA Radio",
+ "Ver. 1.00",
+ 0x5cd01705, 0x4271660f, 0x9d08ee12),
+ PCMCIA_DEVICE_PROD_ID123(
+ "Wireless LAN" , "11Mbps PC Card", "Version 01.02",
+ 0x4b8870ff, 0x70e946d1, 0x4b74baa0),
+ PCMCIA_DEVICE_PROD_ID3("HFA3863", 0x355cb092),
+ PCMCIA_DEVICE_PROD_ID3("ISL37100P", 0x630d52b2),
+ PCMCIA_DEVICE_PROD_ID3("ISL37101P-10", 0xdd97a26b),
+ PCMCIA_DEVICE_PROD_ID3("ISL37300P", 0xc9049a39),
+ PCMCIA_DEVICE_NULL
+};
+MODULE_DEVICE_TABLE(pcmcia, hostap_cs_ids);
+
+
+static struct pcmcia_driver hostap_driver = {
+ .name = "hostap_cs",
+ .probe = hostap_cs_probe,
+ .remove = prism2_detach,
+ .owner = THIS_MODULE,
+ .id_table = hostap_cs_ids,
+ .suspend = hostap_cs_suspend,
+ .resume = hostap_cs_resume,
+};
+module_pcmcia_driver(hostap_driver);
diff --git a/drivers/net/wireless/intersil/hostap/hostap_download.c b/drivers/net/wireless/intersil/hostap/hostap_download.c
new file mode 100644
index 000000000..3672291ce
--- /dev/null
+++ b/drivers/net/wireless/intersil/hostap/hostap_download.c
@@ -0,0 +1,811 @@
+// SPDX-License-Identifier: GPL-2.0
+static int prism2_enable_aux_port(struct net_device *dev, int enable)
+{
+ u16 val, reg;
+ int i, tries;
+ unsigned long flags;
+ struct hostap_interface *iface;
+ local_info_t *local;
+
+ iface = netdev_priv(dev);
+ local = iface->local;
+
+ if (local->no_pri) {
+ if (enable) {
+ PDEBUG(DEBUG_EXTRA2, "%s: no PRI f/w - assuming Aux "
+ "port is already enabled\n", dev->name);
+ }
+ return 0;
+ }
+
+ spin_lock_irqsave(&local->cmdlock, flags);
+
+ /* wait until busy bit is clear */
+ tries = HFA384X_CMD_BUSY_TIMEOUT;
+ while (HFA384X_INW(HFA384X_CMD_OFF) & HFA384X_CMD_BUSY && tries > 0) {
+ tries--;
+ udelay(1);
+ }
+ if (tries == 0) {
+ reg = HFA384X_INW(HFA384X_CMD_OFF);
+ spin_unlock_irqrestore(&local->cmdlock, flags);
+ printk("%s: prism2_enable_aux_port - timeout - reg=0x%04x\n",
+ dev->name, reg);
+ return -ETIMEDOUT;
+ }
+
+ val = HFA384X_INW(HFA384X_CONTROL_OFF);
+
+ if (enable) {
+ HFA384X_OUTW(HFA384X_AUX_MAGIC0, HFA384X_PARAM0_OFF);
+ HFA384X_OUTW(HFA384X_AUX_MAGIC1, HFA384X_PARAM1_OFF);
+ HFA384X_OUTW(HFA384X_AUX_MAGIC2, HFA384X_PARAM2_OFF);
+
+ if ((val & HFA384X_AUX_PORT_MASK) != HFA384X_AUX_PORT_DISABLED)
+ printk("prism2_enable_aux_port: was not disabled!?\n");
+ val &= ~HFA384X_AUX_PORT_MASK;
+ val |= HFA384X_AUX_PORT_ENABLE;
+ } else {
+ HFA384X_OUTW(0, HFA384X_PARAM0_OFF);
+ HFA384X_OUTW(0, HFA384X_PARAM1_OFF);
+ HFA384X_OUTW(0, HFA384X_PARAM2_OFF);
+
+ if ((val & HFA384X_AUX_PORT_MASK) != HFA384X_AUX_PORT_ENABLED)
+ printk("prism2_enable_aux_port: was not enabled!?\n");
+ val &= ~HFA384X_AUX_PORT_MASK;
+ val |= HFA384X_AUX_PORT_DISABLE;
+ }
+ HFA384X_OUTW(val, HFA384X_CONTROL_OFF);
+
+ udelay(5);
+
+ i = 10000;
+ while (i > 0) {
+ val = HFA384X_INW(HFA384X_CONTROL_OFF);
+ val &= HFA384X_AUX_PORT_MASK;
+
+ if ((enable && val == HFA384X_AUX_PORT_ENABLED) ||
+ (!enable && val == HFA384X_AUX_PORT_DISABLED))
+ break;
+
+ udelay(10);
+ i--;
+ }
+
+ spin_unlock_irqrestore(&local->cmdlock, flags);
+
+ if (i == 0) {
+ printk("prism2_enable_aux_port(%d) timed out\n",
+ enable);
+ return -ETIMEDOUT;
+ }
+
+ return 0;
+}
+
+
+static int hfa384x_from_aux(struct net_device *dev, unsigned int addr, int len,
+ void *buf)
+{
+ u16 page, offset;
+ if (addr & 1 || len & 1)
+ return -1;
+
+ page = addr >> 7;
+ offset = addr & 0x7f;
+
+ HFA384X_OUTW(page, HFA384X_AUXPAGE_OFF);
+ HFA384X_OUTW(offset, HFA384X_AUXOFFSET_OFF);
+
+ udelay(5);
+
+#ifdef PRISM2_PCI
+ {
+ __le16 *pos = (__le16 *) buf;
+ while (len > 0) {
+ *pos++ = HFA384X_INW_DATA(HFA384X_AUXDATA_OFF);
+ len -= 2;
+ }
+ }
+#else /* PRISM2_PCI */
+ HFA384X_INSW(HFA384X_AUXDATA_OFF, buf, len / 2);
+#endif /* PRISM2_PCI */
+
+ return 0;
+}
+
+
+static int hfa384x_to_aux(struct net_device *dev, unsigned int addr, int len,
+ void *buf)
+{
+ u16 page, offset;
+ if (addr & 1 || len & 1)
+ return -1;
+
+ page = addr >> 7;
+ offset = addr & 0x7f;
+
+ HFA384X_OUTW(page, HFA384X_AUXPAGE_OFF);
+ HFA384X_OUTW(offset, HFA384X_AUXOFFSET_OFF);
+
+ udelay(5);
+
+#ifdef PRISM2_PCI
+ {
+ __le16 *pos = (__le16 *) buf;
+ while (len > 0) {
+ HFA384X_OUTW_DATA(*pos++, HFA384X_AUXDATA_OFF);
+ len -= 2;
+ }
+ }
+#else /* PRISM2_PCI */
+ HFA384X_OUTSW(HFA384X_AUXDATA_OFF, buf, len / 2);
+#endif /* PRISM2_PCI */
+
+ return 0;
+}
+
+
+static int prism2_pda_ok(u8 *buf)
+{
+ __le16 *pda = (__le16 *) buf;
+ int pos;
+ u16 len, pdr;
+
+ if (buf[0] == 0xff && buf[1] == 0x00 && buf[2] == 0xff &&
+ buf[3] == 0x00)
+ return 0;
+
+ pos = 0;
+ while (pos + 1 < PRISM2_PDA_SIZE / 2) {
+ len = le16_to_cpu(pda[pos]);
+ pdr = le16_to_cpu(pda[pos + 1]);
+ if (len == 0 || pos + len > PRISM2_PDA_SIZE / 2)
+ return 0;
+
+ if (pdr == 0x0000 && len == 2) {
+ /* PDA end found */
+ return 1;
+ }
+
+ pos += len + 1;
+ }
+
+ return 0;
+}
+
+
+#define prism2_download_aux_dump_npages 65536
+
+struct prism2_download_aux_dump {
+ local_info_t *local;
+ u16 page[0x80];
+};
+
+static int prism2_download_aux_dump_proc_show(struct seq_file *m, void *v)
+{
+ struct prism2_download_aux_dump *ctx = m->private;
+
+ hfa384x_from_aux(ctx->local->dev, (unsigned long)v - 1, 0x80, ctx->page);
+ seq_write(m, ctx->page, 0x80);
+ return 0;
+}
+
+static void *prism2_download_aux_dump_proc_start(struct seq_file *m, loff_t *_pos)
+{
+ struct prism2_download_aux_dump *ctx = m->private;
+ prism2_enable_aux_port(ctx->local->dev, 1);
+ if (*_pos >= prism2_download_aux_dump_npages)
+ return NULL;
+ return (void *)((unsigned long)*_pos + 1);
+}
+
+static void *prism2_download_aux_dump_proc_next(struct seq_file *m, void *v, loff_t *_pos)
+{
+ ++*_pos;
+ if (*_pos >= prism2_download_aux_dump_npages)
+ return NULL;
+ return (void *)((unsigned long)*_pos + 1);
+}
+
+static void prism2_download_aux_dump_proc_stop(struct seq_file *m, void *v)
+{
+ struct prism2_download_aux_dump *ctx = m->private;
+ prism2_enable_aux_port(ctx->local->dev, 0);
+}
+
+static const struct seq_operations prism2_download_aux_dump_proc_seqops = {
+ .start = prism2_download_aux_dump_proc_start,
+ .next = prism2_download_aux_dump_proc_next,
+ .stop = prism2_download_aux_dump_proc_stop,
+ .show = prism2_download_aux_dump_proc_show,
+};
+
+static int prism2_download_aux_dump_proc_open(struct inode *inode, struct file *file)
+{
+ int ret = seq_open_private(file, &prism2_download_aux_dump_proc_seqops,
+ sizeof(struct prism2_download_aux_dump));
+ if (ret == 0) {
+ struct seq_file *m = file->private_data;
+ m->private = pde_data(inode);
+ }
+ return ret;
+}
+
+static const struct proc_ops prism2_download_aux_dump_proc_ops = {
+ .proc_open = prism2_download_aux_dump_proc_open,
+ .proc_read = seq_read,
+ .proc_lseek = seq_lseek,
+ .proc_release = seq_release_private,
+};
+
+
+static u8 * prism2_read_pda(struct net_device *dev)
+{
+ u8 *buf;
+ int res, i, found = 0;
+#define NUM_PDA_ADDRS 4
+ unsigned int pda_addr[NUM_PDA_ADDRS] = {
+ 0x7f0000 /* others than HFA3841 */,
+ 0x3f0000 /* HFA3841 */,
+ 0x390000 /* apparently used in older cards */,
+ 0x7f0002 /* Intel PRO/Wireless 2011B (PCI) */,
+ };
+
+ buf = kmalloc(PRISM2_PDA_SIZE, GFP_KERNEL);
+ if (buf == NULL)
+ return NULL;
+
+ /* Note: wlan card should be in initial state (just after init cmd)
+ * and no other operations should be performed concurrently. */
+
+ prism2_enable_aux_port(dev, 1);
+
+ for (i = 0; i < NUM_PDA_ADDRS; i++) {
+ PDEBUG(DEBUG_EXTRA2, "%s: trying to read PDA from 0x%08x",
+ dev->name, pda_addr[i]);
+ res = hfa384x_from_aux(dev, pda_addr[i], PRISM2_PDA_SIZE, buf);
+ if (res)
+ continue;
+ if (res == 0 && prism2_pda_ok(buf)) {
+ PDEBUG2(DEBUG_EXTRA2, ": OK\n");
+ found = 1;
+ break;
+ } else {
+ PDEBUG2(DEBUG_EXTRA2, ": failed\n");
+ }
+ }
+
+ prism2_enable_aux_port(dev, 0);
+
+ if (!found) {
+ printk(KERN_DEBUG "%s: valid PDA not found\n", dev->name);
+ kfree(buf);
+ buf = NULL;
+ }
+
+ return buf;
+}
+
+
+static int prism2_download_volatile(local_info_t *local,
+ struct prism2_download_data *param)
+{
+ struct net_device *dev = local->dev;
+ int ret = 0, i;
+ u16 param0, param1;
+
+ if (local->hw_downloading) {
+ printk(KERN_WARNING "%s: Already downloading - aborting new "
+ "request\n", dev->name);
+ return -1;
+ }
+
+ local->hw_downloading = 1;
+ if (local->pri_only) {
+ hfa384x_disable_interrupts(dev);
+ } else {
+ prism2_hw_shutdown(dev, 0);
+
+ if (prism2_hw_init(dev, 0)) {
+ printk(KERN_WARNING "%s: Could not initialize card for"
+ " download\n", dev->name);
+ ret = -1;
+ goto out;
+ }
+ }
+
+ if (prism2_enable_aux_port(dev, 1)) {
+ printk(KERN_WARNING "%s: Could not enable AUX port\n",
+ dev->name);
+ ret = -1;
+ goto out;
+ }
+
+ param0 = param->start_addr & 0xffff;
+ param1 = param->start_addr >> 16;
+
+ HFA384X_OUTW(0, HFA384X_PARAM2_OFF);
+ HFA384X_OUTW(param1, HFA384X_PARAM1_OFF);
+ if (hfa384x_cmd_wait(dev, HFA384X_CMDCODE_DOWNLOAD |
+ (HFA384X_PROGMODE_ENABLE_VOLATILE << 8),
+ param0)) {
+ printk(KERN_WARNING "%s: Download command execution failed\n",
+ dev->name);
+ ret = -1;
+ goto out;
+ }
+
+ for (i = 0; i < param->num_areas; i++) {
+ PDEBUG(DEBUG_EXTRA2, "%s: Writing %d bytes at 0x%08x\n",
+ dev->name, param->data[i].len, param->data[i].addr);
+ if (hfa384x_to_aux(dev, param->data[i].addr,
+ param->data[i].len, param->data[i].data)) {
+ printk(KERN_WARNING "%s: RAM download at 0x%08x "
+ "(len=%d) failed\n", dev->name,
+ param->data[i].addr, param->data[i].len);
+ ret = -1;
+ goto out;
+ }
+ }
+
+ HFA384X_OUTW(param1, HFA384X_PARAM1_OFF);
+ HFA384X_OUTW(0, HFA384X_PARAM2_OFF);
+ if (hfa384x_cmd_no_wait(dev, HFA384X_CMDCODE_DOWNLOAD |
+ (HFA384X_PROGMODE_DISABLE << 8), param0)) {
+ printk(KERN_WARNING "%s: Download command execution failed\n",
+ dev->name);
+ ret = -1;
+ goto out;
+ }
+ /* ProgMode disable causes the hardware to restart itself from the
+ * given starting address. Give hw some time and ACK command just in
+ * case restart did not happen. */
+ mdelay(5);
+ HFA384X_OUTW(HFA384X_EV_CMD, HFA384X_EVACK_OFF);
+
+ if (prism2_enable_aux_port(dev, 0)) {
+ printk(KERN_DEBUG "%s: Disabling AUX port failed\n",
+ dev->name);
+ /* continue anyway.. restart should have taken care of this */
+ }
+
+ mdelay(5);
+ local->hw_downloading = 0;
+ if (prism2_hw_config(dev, 2)) {
+ printk(KERN_WARNING "%s: Card configuration after RAM "
+ "download failed\n", dev->name);
+ ret = -1;
+ goto out;
+ }
+
+ out:
+ local->hw_downloading = 0;
+ return ret;
+}
+
+
+static int prism2_enable_genesis(local_info_t *local, int hcr)
+{
+ struct net_device *dev = local->dev;
+ u8 initseq[4] = { 0x00, 0xe1, 0xa1, 0xff };
+ u8 readbuf[4];
+
+ printk(KERN_DEBUG "%s: test Genesis mode with HCR 0x%02x\n",
+ dev->name, hcr);
+ local->func->cor_sreset(local);
+ hfa384x_to_aux(dev, 0x7e0038, sizeof(initseq), initseq);
+ local->func->genesis_reset(local, hcr);
+
+ /* Readback test */
+ hfa384x_from_aux(dev, 0x7e0038, sizeof(readbuf), readbuf);
+ hfa384x_to_aux(dev, 0x7e0038, sizeof(initseq), initseq);
+ hfa384x_from_aux(dev, 0x7e0038, sizeof(readbuf), readbuf);
+
+ if (memcmp(initseq, readbuf, sizeof(initseq)) == 0) {
+ printk(KERN_DEBUG "Readback test succeeded, HCR 0x%02x\n",
+ hcr);
+ return 0;
+ } else {
+ printk(KERN_DEBUG "Readback test failed, HCR 0x%02x write %4ph read %4ph\n",
+ hcr, initseq, readbuf);
+ return 1;
+ }
+}
+
+
+static int prism2_get_ram_size(local_info_t *local)
+{
+ int ret;
+
+ /* Try to enable genesis mode; 0x1F for x8 SRAM or 0x0F for x16 SRAM */
+ if (prism2_enable_genesis(local, 0x1f) == 0)
+ ret = 8;
+ else if (prism2_enable_genesis(local, 0x0f) == 0)
+ ret = 16;
+ else
+ ret = -1;
+
+ /* Disable genesis mode */
+ local->func->genesis_reset(local, ret == 16 ? 0x07 : 0x17);
+
+ return ret;
+}
+
+
+static int prism2_download_genesis(local_info_t *local,
+ struct prism2_download_data *param)
+{
+ struct net_device *dev = local->dev;
+ int ram16 = 0, i;
+ int ret = 0;
+
+ if (local->hw_downloading) {
+ printk(KERN_WARNING "%s: Already downloading - aborting new "
+ "request\n", dev->name);
+ return -EBUSY;
+ }
+
+ if (!local->func->genesis_reset || !local->func->cor_sreset) {
+ printk(KERN_INFO "%s: Genesis mode downloading not supported "
+ "with this hwmodel\n", dev->name);
+ return -EOPNOTSUPP;
+ }
+
+ local->hw_downloading = 1;
+
+ if (prism2_enable_aux_port(dev, 1)) {
+ printk(KERN_DEBUG "%s: failed to enable AUX port\n",
+ dev->name);
+ ret = -EIO;
+ goto out;
+ }
+
+ if (local->sram_type == -1) {
+ /* 0x1F for x8 SRAM or 0x0F for x16 SRAM */
+ if (prism2_enable_genesis(local, 0x1f) == 0) {
+ ram16 = 0;
+ PDEBUG(DEBUG_EXTRA2, "%s: Genesis mode OK using x8 "
+ "SRAM\n", dev->name);
+ } else if (prism2_enable_genesis(local, 0x0f) == 0) {
+ ram16 = 1;
+ PDEBUG(DEBUG_EXTRA2, "%s: Genesis mode OK using x16 "
+ "SRAM\n", dev->name);
+ } else {
+ printk(KERN_DEBUG "%s: Could not initiate genesis "
+ "mode\n", dev->name);
+ ret = -EIO;
+ goto out;
+ }
+ } else {
+ if (prism2_enable_genesis(local, local->sram_type == 8 ?
+ 0x1f : 0x0f)) {
+ printk(KERN_DEBUG "%s: Failed to set Genesis "
+ "mode (sram_type=%d)\n", dev->name,
+ local->sram_type);
+ ret = -EIO;
+ goto out;
+ }
+ ram16 = local->sram_type != 8;
+ }
+
+ for (i = 0; i < param->num_areas; i++) {
+ PDEBUG(DEBUG_EXTRA2, "%s: Writing %d bytes at 0x%08x\n",
+ dev->name, param->data[i].len, param->data[i].addr);
+ if (hfa384x_to_aux(dev, param->data[i].addr,
+ param->data[i].len, param->data[i].data)) {
+ printk(KERN_WARNING "%s: RAM download at 0x%08x "
+ "(len=%d) failed\n", dev->name,
+ param->data[i].addr, param->data[i].len);
+ ret = -EIO;
+ goto out;
+ }
+ }
+
+ PDEBUG(DEBUG_EXTRA2, "Disable genesis mode\n");
+ local->func->genesis_reset(local, ram16 ? 0x07 : 0x17);
+ if (prism2_enable_aux_port(dev, 0)) {
+ printk(KERN_DEBUG "%s: Failed to disable AUX port\n",
+ dev->name);
+ }
+
+ mdelay(5);
+ local->hw_downloading = 0;
+
+ PDEBUG(DEBUG_EXTRA2, "Trying to initialize card\n");
+ /*
+ * Make sure the INIT command does not generate a command completion
+ * event by disabling interrupts.
+ */
+ hfa384x_disable_interrupts(dev);
+ if (prism2_hw_init(dev, 1)) {
+ printk(KERN_DEBUG "%s: Initialization after genesis mode "
+ "download failed\n", dev->name);
+ ret = -EIO;
+ goto out;
+ }
+
+ PDEBUG(DEBUG_EXTRA2, "Card initialized - running PRI only\n");
+ if (prism2_hw_init2(dev, 1)) {
+ printk(KERN_DEBUG "%s: Initialization(2) after genesis mode "
+ "download failed\n", dev->name);
+ ret = -EIO;
+ goto out;
+ }
+
+ out:
+ local->hw_downloading = 0;
+ return ret;
+}
+
+
+#ifdef PRISM2_NON_VOLATILE_DOWNLOAD
+/* Note! Non-volatile downloading functionality has not yet been tested
+ * thoroughly and it may corrupt flash image and effectively kill the card that
+ * is being updated. You have been warned. */
+
+static inline int prism2_download_block(struct net_device *dev,
+ u32 addr, u8 *data,
+ u32 bufaddr, int rest_len)
+{
+ u16 param0, param1;
+ int block_len;
+
+ block_len = rest_len < 4096 ? rest_len : 4096;
+
+ param0 = addr & 0xffff;
+ param1 = addr >> 16;
+
+ HFA384X_OUTW(block_len, HFA384X_PARAM2_OFF);
+ HFA384X_OUTW(param1, HFA384X_PARAM1_OFF);
+
+ if (hfa384x_cmd_wait(dev, HFA384X_CMDCODE_DOWNLOAD |
+ (HFA384X_PROGMODE_ENABLE_NON_VOLATILE << 8),
+ param0)) {
+ printk(KERN_WARNING "%s: Flash download command execution "
+ "failed\n", dev->name);
+ return -1;
+ }
+
+ if (hfa384x_to_aux(dev, bufaddr, block_len, data)) {
+ printk(KERN_WARNING "%s: flash download at 0x%08x "
+ "(len=%d) failed\n", dev->name, addr, block_len);
+ return -1;
+ }
+
+ HFA384X_OUTW(0, HFA384X_PARAM2_OFF);
+ HFA384X_OUTW(0, HFA384X_PARAM1_OFF);
+ if (hfa384x_cmd_wait(dev, HFA384X_CMDCODE_DOWNLOAD |
+ (HFA384X_PROGMODE_PROGRAM_NON_VOLATILE << 8),
+ 0)) {
+ printk(KERN_WARNING "%s: Flash write command execution "
+ "failed\n", dev->name);
+ return -1;
+ }
+
+ return block_len;
+}
+
+
+static int prism2_download_nonvolatile(local_info_t *local,
+ struct prism2_download_data *dl)
+{
+ struct net_device *dev = local->dev;
+ int ret = 0, i;
+ struct {
+ __le16 page;
+ __le16 offset;
+ __le16 len;
+ } dlbuffer;
+ u32 bufaddr;
+
+ if (local->hw_downloading) {
+ printk(KERN_WARNING "%s: Already downloading - aborting new "
+ "request\n", dev->name);
+ return -1;
+ }
+
+ ret = local->func->get_rid(dev, HFA384X_RID_DOWNLOADBUFFER,
+ &dlbuffer, 6, 0);
+
+ if (ret < 0) {
+ printk(KERN_WARNING "%s: Could not read download buffer "
+ "parameters\n", dev->name);
+ goto out;
+ }
+
+ printk(KERN_DEBUG "Download buffer: %d bytes at 0x%04x:0x%04x\n",
+ le16_to_cpu(dlbuffer.len),
+ le16_to_cpu(dlbuffer.page),
+ le16_to_cpu(dlbuffer.offset));
+
+ bufaddr = (le16_to_cpu(dlbuffer.page) << 7) + le16_to_cpu(dlbuffer.offset);
+
+ local->hw_downloading = 1;
+
+ if (!local->pri_only) {
+ prism2_hw_shutdown(dev, 0);
+
+ if (prism2_hw_init(dev, 0)) {
+ printk(KERN_WARNING "%s: Could not initialize card for"
+ " download\n", dev->name);
+ ret = -1;
+ goto out;
+ }
+ }
+
+ hfa384x_disable_interrupts(dev);
+
+ if (prism2_enable_aux_port(dev, 1)) {
+ printk(KERN_WARNING "%s: Could not enable AUX port\n",
+ dev->name);
+ ret = -1;
+ goto out;
+ }
+
+ printk(KERN_DEBUG "%s: starting flash download\n", dev->name);
+ for (i = 0; i < dl->num_areas; i++) {
+ int rest_len = dl->data[i].len;
+ int data_off = 0;
+
+ while (rest_len > 0) {
+ int block_len;
+
+ block_len = prism2_download_block(
+ dev, dl->data[i].addr + data_off,
+ dl->data[i].data + data_off, bufaddr,
+ rest_len);
+
+ if (block_len < 0) {
+ ret = -1;
+ goto out;
+ }
+
+ rest_len -= block_len;
+ data_off += block_len;
+ }
+ }
+
+ HFA384X_OUTW(0, HFA384X_PARAM1_OFF);
+ HFA384X_OUTW(0, HFA384X_PARAM2_OFF);
+ if (hfa384x_cmd_wait(dev, HFA384X_CMDCODE_DOWNLOAD |
+ (HFA384X_PROGMODE_DISABLE << 8), 0)) {
+ printk(KERN_WARNING "%s: Download command execution failed\n",
+ dev->name);
+ ret = -1;
+ goto out;
+ }
+
+ if (prism2_enable_aux_port(dev, 0)) {
+ printk(KERN_DEBUG "%s: Disabling AUX port failed\n",
+ dev->name);
+ /* continue anyway.. restart should have taken care of this */
+ }
+
+ mdelay(5);
+
+ local->func->hw_reset(dev);
+ local->hw_downloading = 0;
+ if (prism2_hw_config(dev, 2)) {
+ printk(KERN_WARNING "%s: Card configuration after flash "
+ "download failed\n", dev->name);
+ ret = -1;
+ } else {
+ printk(KERN_INFO "%s: Card initialized successfully after "
+ "flash download\n", dev->name);
+ }
+
+ out:
+ local->hw_downloading = 0;
+ return ret;
+}
+#endif /* PRISM2_NON_VOLATILE_DOWNLOAD */
+
+
+static void prism2_download_free_data(struct prism2_download_data *dl)
+{
+ int i;
+
+ if (dl == NULL)
+ return;
+
+ for (i = 0; i < dl->num_areas; i++)
+ kfree(dl->data[i].data);
+ kfree(dl);
+}
+
+
+static int prism2_download(local_info_t *local,
+ struct prism2_download_param *param)
+{
+ int ret = 0;
+ int i;
+ u32 total_len = 0;
+ struct prism2_download_data *dl = NULL;
+
+ printk(KERN_DEBUG "prism2_download: dl_cmd=%d start_addr=0x%08x "
+ "num_areas=%d\n",
+ param->dl_cmd, param->start_addr, param->num_areas);
+
+ if (param->num_areas > 100) {
+ ret = -EINVAL;
+ goto out;
+ }
+
+ dl = kzalloc(sizeof(*dl) + param->num_areas *
+ sizeof(struct prism2_download_data_area), GFP_KERNEL);
+ if (dl == NULL) {
+ ret = -ENOMEM;
+ goto out;
+ }
+ dl->dl_cmd = param->dl_cmd;
+ dl->start_addr = param->start_addr;
+ dl->num_areas = param->num_areas;
+ for (i = 0; i < param->num_areas; i++) {
+ PDEBUG(DEBUG_EXTRA2,
+ " area %d: addr=0x%08x len=%d ptr=0x%p\n",
+ i, param->data[i].addr, param->data[i].len,
+ param->data[i].ptr);
+
+ dl->data[i].addr = param->data[i].addr;
+ dl->data[i].len = param->data[i].len;
+
+ total_len += param->data[i].len;
+ if (param->data[i].len > PRISM2_MAX_DOWNLOAD_AREA_LEN ||
+ total_len > PRISM2_MAX_DOWNLOAD_LEN) {
+ ret = -E2BIG;
+ goto out;
+ }
+
+ dl->data[i].data = kmalloc(dl->data[i].len, GFP_KERNEL);
+ if (dl->data[i].data == NULL) {
+ ret = -ENOMEM;
+ goto out;
+ }
+
+ if (copy_from_user(dl->data[i].data, param->data[i].ptr,
+ param->data[i].len)) {
+ ret = -EFAULT;
+ goto out;
+ }
+ }
+
+ switch (param->dl_cmd) {
+ case PRISM2_DOWNLOAD_VOLATILE:
+ case PRISM2_DOWNLOAD_VOLATILE_PERSISTENT:
+ ret = prism2_download_volatile(local, dl);
+ break;
+ case PRISM2_DOWNLOAD_VOLATILE_GENESIS:
+ case PRISM2_DOWNLOAD_VOLATILE_GENESIS_PERSISTENT:
+ ret = prism2_download_genesis(local, dl);
+ break;
+ case PRISM2_DOWNLOAD_NON_VOLATILE:
+#ifdef PRISM2_NON_VOLATILE_DOWNLOAD
+ ret = prism2_download_nonvolatile(local, dl);
+#else /* PRISM2_NON_VOLATILE_DOWNLOAD */
+ printk(KERN_INFO "%s: non-volatile downloading not enabled\n",
+ local->dev->name);
+ ret = -EOPNOTSUPP;
+#endif /* PRISM2_NON_VOLATILE_DOWNLOAD */
+ break;
+ default:
+ printk(KERN_DEBUG "%s: unsupported download command %d\n",
+ local->dev->name, param->dl_cmd);
+ ret = -EINVAL;
+ break;
+ }
+
+ out:
+ if (ret == 0 && dl &&
+ param->dl_cmd == PRISM2_DOWNLOAD_VOLATILE_GENESIS_PERSISTENT) {
+ prism2_download_free_data(local->dl_pri);
+ local->dl_pri = dl;
+ } else if (ret == 0 && dl &&
+ param->dl_cmd == PRISM2_DOWNLOAD_VOLATILE_PERSISTENT) {
+ prism2_download_free_data(local->dl_sec);
+ local->dl_sec = dl;
+ } else
+ prism2_download_free_data(dl);
+
+ return ret;
+}
diff --git a/drivers/net/wireless/intersil/hostap/hostap_hw.c b/drivers/net/wireless/intersil/hostap/hostap_hw.c
new file mode 100644
index 000000000..b74f4cb5d
--- /dev/null
+++ b/drivers/net/wireless/intersil/hostap/hostap_hw.c
@@ -0,0 +1,3387 @@
+// SPDX-License-Identifier: GPL-2.0-only
+/*
+ * Host AP (software wireless LAN access point) driver for
+ * Intersil Prism2/2.5/3.
+ *
+ * Copyright (c) 2001-2002, SSH Communications Security Corp and Jouni Malinen
+ * <j@w1.fi>
+ * Copyright (c) 2002-2005, Jouni Malinen <j@w1.fi>
+ *
+ * FIX:
+ * - there is currently no way of associating TX packets to correct wds device
+ * when TX Exc/OK event occurs, so all tx_packets and some
+ * tx_errors/tx_dropped are added to the main netdevice; using sw_support
+ * field in txdesc might be used to fix this (using Alloc event to increment
+ * tx_packets would need some further info in txfid table)
+ *
+ * Buffer Access Path (BAP) usage:
+ * Prism2 cards have two separate BAPs for accessing the card memory. These
+ * should allow concurrent access to two different frames and the driver
+ * previously used BAP0 for sending data and BAP1 for receiving data.
+ * However, there seems to be number of issues with concurrent access and at
+ * least one know hardware bug in using BAP0 and BAP1 concurrently with PCI
+ * Prism2.5. Therefore, the driver now only uses BAP0 for moving data between
+ * host and card memories. BAP0 accesses are protected with local->baplock
+ * (spin_lock_bh) to prevent concurrent use.
+ */
+
+
+
+#include <asm/delay.h>
+#include <linux/uaccess.h>
+
+#include <linux/slab.h>
+#include <linux/netdevice.h>
+#include <linux/etherdevice.h>
+#include <linux/proc_fs.h>
+#include <linux/seq_file.h>
+#include <linux/if_arp.h>
+#include <linux/delay.h>
+#include <linux/random.h>
+#include <linux/wait.h>
+#include <linux/sched/signal.h>
+#include <linux/rtnetlink.h>
+#include <linux/wireless.h>
+#include <net/iw_handler.h>
+#include <net/lib80211.h>
+#include <asm/irq.h>
+
+#include "hostap_80211.h"
+#include "hostap.h"
+#include "hostap_ap.h"
+
+
+/* #define final_version */
+
+static int mtu = 1500;
+module_param(mtu, int, 0444);
+MODULE_PARM_DESC(mtu, "Maximum transfer unit");
+
+static int channel[MAX_PARM_DEVICES] = { 3, DEF_INTS };
+module_param_array(channel, int, NULL, 0444);
+MODULE_PARM_DESC(channel, "Initial channel");
+
+static char essid[33] = "test";
+module_param_string(essid, essid, sizeof(essid), 0444);
+MODULE_PARM_DESC(essid, "Host AP's ESSID");
+
+static int iw_mode[MAX_PARM_DEVICES] = { IW_MODE_MASTER, DEF_INTS };
+module_param_array(iw_mode, int, NULL, 0444);
+MODULE_PARM_DESC(iw_mode, "Initial operation mode");
+
+static int beacon_int[MAX_PARM_DEVICES] = { 100, DEF_INTS };
+module_param_array(beacon_int, int, NULL, 0444);
+MODULE_PARM_DESC(beacon_int, "Beacon interval (1 = 1024 usec)");
+
+static int dtim_period[MAX_PARM_DEVICES] = { 1, DEF_INTS };
+module_param_array(dtim_period, int, NULL, 0444);
+MODULE_PARM_DESC(dtim_period, "DTIM period");
+
+static char dev_template[16] = "wlan%d";
+module_param_string(dev_template, dev_template, sizeof(dev_template), 0444);
+MODULE_PARM_DESC(dev_template, "Prefix for network device name (default: "
+ "wlan%d)");
+
+#ifdef final_version
+#define EXTRA_EVENTS_WTERR 0
+#else
+/* check WTERR events (Wait Time-out) in development versions */
+#define EXTRA_EVENTS_WTERR HFA384X_EV_WTERR
+#endif
+
+/* Events that will be using BAP0 */
+#define HFA384X_BAP0_EVENTS \
+ (HFA384X_EV_TXEXC | HFA384X_EV_RX | HFA384X_EV_INFO | HFA384X_EV_TX)
+
+/* event mask, i.e., events that will result in an interrupt */
+#define HFA384X_EVENT_MASK \
+ (HFA384X_BAP0_EVENTS | HFA384X_EV_ALLOC | HFA384X_EV_INFDROP | \
+ HFA384X_EV_CMD | HFA384X_EV_TICK | \
+ EXTRA_EVENTS_WTERR)
+
+/* Default TX control flags: use 802.11 headers and request interrupt for
+ * failed transmits. Frames that request ACK callback, will add
+ * _TX_OK flag and _ALT_RTRY flag may be used to select different retry policy.
+ */
+#define HFA384X_TX_CTRL_FLAGS \
+ (HFA384X_TX_CTRL_802_11 | HFA384X_TX_CTRL_TX_EX)
+
+
+/* ca. 1 usec */
+#define HFA384X_CMD_BUSY_TIMEOUT 5000
+#define HFA384X_BAP_BUSY_TIMEOUT 50000
+
+/* ca. 10 usec */
+#define HFA384X_CMD_COMPL_TIMEOUT 20000
+#define HFA384X_DL_COMPL_TIMEOUT 1000000
+
+/* Wait times for initialization; yield to other processes to avoid busy
+ * waiting for long time. */
+#define HFA384X_INIT_TIMEOUT (HZ / 2) /* 500 ms */
+#define HFA384X_ALLOC_COMPL_TIMEOUT (HZ / 20) /* 50 ms */
+
+
+static void prism2_hw_reset(struct net_device *dev);
+static void prism2_check_sta_fw_version(local_info_t *local);
+
+#ifdef PRISM2_DOWNLOAD_SUPPORT
+/* hostap_download.c */
+static const struct proc_ops prism2_download_aux_dump_proc_ops;
+static u8 * prism2_read_pda(struct net_device *dev);
+static int prism2_download(local_info_t *local,
+ struct prism2_download_param *param);
+static void prism2_download_free_data(struct prism2_download_data *dl);
+static int prism2_download_volatile(local_info_t *local,
+ struct prism2_download_data *param);
+static int prism2_download_genesis(local_info_t *local,
+ struct prism2_download_data *param);
+static int prism2_get_ram_size(local_info_t *local);
+#endif /* PRISM2_DOWNLOAD_SUPPORT */
+
+
+
+
+#ifndef final_version
+/* magic value written to SWSUPPORT0 reg. for detecting whether card is still
+ * present */
+#define HFA384X_MAGIC 0x8A32
+#endif
+
+static void hfa384x_read_regs(struct net_device *dev,
+ struct hfa384x_regs *regs)
+{
+ regs->cmd = HFA384X_INW(HFA384X_CMD_OFF);
+ regs->evstat = HFA384X_INW(HFA384X_EVSTAT_OFF);
+ regs->offset0 = HFA384X_INW(HFA384X_OFFSET0_OFF);
+ regs->offset1 = HFA384X_INW(HFA384X_OFFSET1_OFF);
+ regs->swsupport0 = HFA384X_INW(HFA384X_SWSUPPORT0_OFF);
+}
+
+
+/**
+ * __hostap_cmd_queue_free - Free Prism2 command queue entry (private)
+ * @local: pointer to private Host AP driver data
+ * @entry: Prism2 command queue entry to be freed
+ * @del_req: request the entry to be removed
+ *
+ * Internal helper function for freeing Prism2 command queue entries.
+ * Caller must have acquired local->cmdlock before calling this function.
+ */
+static inline void __hostap_cmd_queue_free(local_info_t *local,
+ struct hostap_cmd_queue *entry,
+ int del_req)
+{
+ if (del_req) {
+ entry->del_req = 1;
+ if (!list_empty(&entry->list)) {
+ list_del_init(&entry->list);
+ local->cmd_queue_len--;
+ }
+ }
+
+ if (refcount_dec_and_test(&entry->usecnt) && entry->del_req)
+ kfree(entry);
+}
+
+
+/**
+ * hostap_cmd_queue_free - Free Prism2 command queue entry
+ * @local: pointer to private Host AP driver data
+ * @entry: Prism2 command queue entry to be freed
+ * @del_req: request the entry to be removed
+ *
+ * Free a Prism2 command queue entry.
+ */
+static inline void hostap_cmd_queue_free(local_info_t *local,
+ struct hostap_cmd_queue *entry,
+ int del_req)
+{
+ unsigned long flags;
+
+ spin_lock_irqsave(&local->cmdlock, flags);
+ __hostap_cmd_queue_free(local, entry, del_req);
+ spin_unlock_irqrestore(&local->cmdlock, flags);
+}
+
+
+/**
+ * prism2_clear_cmd_queue - Free all pending Prism2 command queue entries
+ * @local: pointer to private Host AP driver data
+ */
+static void prism2_clear_cmd_queue(local_info_t *local)
+{
+ struct list_head *ptr, *n;
+ unsigned long flags;
+ struct hostap_cmd_queue *entry;
+
+ spin_lock_irqsave(&local->cmdlock, flags);
+ list_for_each_safe(ptr, n, &local->cmd_queue) {
+ entry = list_entry(ptr, struct hostap_cmd_queue, list);
+ refcount_inc(&entry->usecnt);
+ printk(KERN_DEBUG "%s: removed pending cmd_queue entry "
+ "(type=%d, cmd=0x%04x, param0=0x%04x)\n",
+ local->dev->name, entry->type, entry->cmd,
+ entry->param0);
+ __hostap_cmd_queue_free(local, entry, 1);
+ }
+ if (local->cmd_queue_len) {
+ /* This should not happen; print debug message and clear
+ * queue length. */
+ printk(KERN_DEBUG "%s: cmd_queue_len (%d) not zero after "
+ "flush\n", local->dev->name, local->cmd_queue_len);
+ local->cmd_queue_len = 0;
+ }
+ spin_unlock_irqrestore(&local->cmdlock, flags);
+}
+
+
+/**
+ * hfa384x_cmd_issue - Issue a Prism2 command to the hardware
+ * @dev: pointer to net_device
+ * @entry: Prism2 command queue entry to be issued
+ */
+static int hfa384x_cmd_issue(struct net_device *dev,
+ struct hostap_cmd_queue *entry)
+{
+ struct hostap_interface *iface;
+ local_info_t *local;
+ int tries;
+ u16 reg;
+ unsigned long flags;
+
+ iface = netdev_priv(dev);
+ local = iface->local;
+
+ if (local->func->card_present && !local->func->card_present(local))
+ return -ENODEV;
+
+ if (entry->issued) {
+ printk(KERN_DEBUG "%s: driver bug - re-issuing command @%p\n",
+ dev->name, entry);
+ }
+
+ /* wait until busy bit is clear; this should always be clear since the
+ * commands are serialized */
+ tries = HFA384X_CMD_BUSY_TIMEOUT;
+ while (HFA384X_INW(HFA384X_CMD_OFF) & HFA384X_CMD_BUSY && tries > 0) {
+ tries--;
+ udelay(1);
+ }
+#ifndef final_version
+ if (tries != HFA384X_CMD_BUSY_TIMEOUT) {
+ prism2_io_debug_error(dev, 1);
+ printk(KERN_DEBUG "%s: hfa384x_cmd_issue: cmd reg was busy "
+ "for %d usec\n", dev->name,
+ HFA384X_CMD_BUSY_TIMEOUT - tries);
+ }
+#endif
+ if (tries == 0) {
+ reg = HFA384X_INW(HFA384X_CMD_OFF);
+ prism2_io_debug_error(dev, 2);
+ printk(KERN_DEBUG "%s: hfa384x_cmd_issue - timeout - "
+ "reg=0x%04x\n", dev->name, reg);
+ return -ETIMEDOUT;
+ }
+
+ /* write command */
+ spin_lock_irqsave(&local->cmdlock, flags);
+ HFA384X_OUTW(entry->param0, HFA384X_PARAM0_OFF);
+ HFA384X_OUTW(entry->param1, HFA384X_PARAM1_OFF);
+ HFA384X_OUTW(entry->cmd, HFA384X_CMD_OFF);
+ entry->issued = 1;
+ spin_unlock_irqrestore(&local->cmdlock, flags);
+
+ return 0;
+}
+
+
+/**
+ * hfa384x_cmd - Issue a Prism2 command and wait (sleep) for completion
+ * @dev: pointer to net_device
+ * @cmd: Prism2 command code (HFA384X_CMD_CODE_*)
+ * @param0: value for Param0 register
+ * @param1: value for Param1 register (pointer; %NULL if not used)
+ * @resp0: pointer for Resp0 data or %NULL if Resp0 is not needed
+ *
+ * Issue given command (possibly after waiting in command queue) and sleep
+ * until the command is completed (or timed out or interrupted). This can be
+ * called only from user process context.
+ */
+static int hfa384x_cmd(struct net_device *dev, u16 cmd, u16 param0,
+ u16 *param1, u16 *resp0)
+{
+ struct hostap_interface *iface;
+ local_info_t *local;
+ int err, res, issue, issued = 0;
+ unsigned long flags;
+ struct hostap_cmd_queue *entry;
+ DECLARE_WAITQUEUE(wait, current);
+
+ iface = netdev_priv(dev);
+ local = iface->local;
+
+ if (local->cmd_queue_len >= HOSTAP_CMD_QUEUE_MAX_LEN) {
+ printk(KERN_DEBUG "%s: hfa384x_cmd: cmd_queue full\n",
+ dev->name);
+ return -1;
+ }
+
+ if (signal_pending(current))
+ return -EINTR;
+
+ entry = kzalloc(sizeof(*entry), GFP_ATOMIC);
+ if (entry == NULL)
+ return -ENOMEM;
+
+ refcount_set(&entry->usecnt, 1);
+ entry->type = CMD_SLEEP;
+ entry->cmd = cmd;
+ entry->param0 = param0;
+ if (param1)
+ entry->param1 = *param1;
+ init_waitqueue_head(&entry->compl);
+
+ /* prepare to wait for command completion event, but do not sleep yet
+ */
+ add_wait_queue(&entry->compl, &wait);
+ set_current_state(TASK_INTERRUPTIBLE);
+
+ spin_lock_irqsave(&local->cmdlock, flags);
+ issue = list_empty(&local->cmd_queue);
+ if (issue)
+ entry->issuing = 1;
+ list_add_tail(&entry->list, &local->cmd_queue);
+ local->cmd_queue_len++;
+ spin_unlock_irqrestore(&local->cmdlock, flags);
+
+ err = 0;
+ if (!issue)
+ goto wait_completion;
+
+ if (signal_pending(current))
+ err = -EINTR;
+
+ if (!err) {
+ if (hfa384x_cmd_issue(dev, entry))
+ err = -ETIMEDOUT;
+ else
+ issued = 1;
+ }
+
+ wait_completion:
+ if (!err && entry->type != CMD_COMPLETED) {
+ /* sleep until command is completed or timed out */
+ res = schedule_timeout(2 * HZ);
+ } else
+ res = -1;
+
+ if (!err && signal_pending(current))
+ err = -EINTR;
+
+ if (err && issued) {
+ /* the command was issued, so a CmdCompl event should occur
+ * soon; however, there's a pending signal and
+ * schedule_timeout() would be interrupted; wait a short period
+ * of time to avoid removing entry from the list before
+ * CmdCompl event */
+ udelay(300);
+ }
+
+ set_current_state(TASK_RUNNING);
+ remove_wait_queue(&entry->compl, &wait);
+
+ /* If entry->list is still in the list, it must be removed
+ * first and in this case prism2_cmd_ev() does not yet have
+ * local reference to it, and the data can be kfree()'d
+ * here. If the command completion event is still generated,
+ * it will be assigned to next (possibly) pending command, but
+ * the driver will reset the card anyway due to timeout
+ *
+ * If the entry is not in the list prism2_cmd_ev() has a local
+ * reference to it, but keeps cmdlock as long as the data is
+ * needed, so the data can be kfree()'d here. */
+
+ /* FIX: if the entry->list is in the list, it has not been completed
+ * yet, so removing it here is somewhat wrong.. this could cause
+ * references to freed memory and next list_del() causing NULL pointer
+ * dereference.. it would probably be better to leave the entry in the
+ * list and the list should be emptied during hw reset */
+
+ spin_lock_irqsave(&local->cmdlock, flags);
+ if (!list_empty(&entry->list)) {
+ printk(KERN_DEBUG "%s: hfa384x_cmd: entry still in list? "
+ "(entry=%p, type=%d, res=%d)\n", dev->name, entry,
+ entry->type, res);
+ list_del_init(&entry->list);
+ local->cmd_queue_len--;
+ }
+ spin_unlock_irqrestore(&local->cmdlock, flags);
+
+ if (err) {
+ printk(KERN_DEBUG "%s: hfa384x_cmd: interrupted; err=%d\n",
+ dev->name, err);
+ res = err;
+ goto done;
+ }
+
+ if (entry->type != CMD_COMPLETED) {
+ u16 reg = HFA384X_INW(HFA384X_EVSTAT_OFF);
+ printk(KERN_DEBUG "%s: hfa384x_cmd: command was not "
+ "completed (res=%d, entry=%p, type=%d, cmd=0x%04x, "
+ "param0=0x%04x, EVSTAT=%04x INTEN=%04x)\n", dev->name,
+ res, entry, entry->type, entry->cmd, entry->param0, reg,
+ HFA384X_INW(HFA384X_INTEN_OFF));
+ if (reg & HFA384X_EV_CMD) {
+ /* Command completion event is pending, but the
+ * interrupt was not delivered - probably an issue
+ * with pcmcia-cs configuration. */
+ printk(KERN_WARNING "%s: interrupt delivery does not "
+ "seem to work\n", dev->name);
+ }
+ prism2_io_debug_error(dev, 3);
+ res = -ETIMEDOUT;
+ goto done;
+ }
+
+ if (resp0 != NULL)
+ *resp0 = entry->resp0;
+#ifndef final_version
+ if (entry->res) {
+ printk(KERN_DEBUG "%s: CMD=0x%04x => res=0x%02x, "
+ "resp0=0x%04x\n",
+ dev->name, cmd, entry->res, entry->resp0);
+ }
+#endif /* final_version */
+
+ res = entry->res;
+ done:
+ hostap_cmd_queue_free(local, entry, 1);
+ return res;
+}
+
+
+/**
+ * hfa384x_cmd_callback - Issue a Prism2 command; callback when completed
+ * @dev: pointer to net_device
+ * @cmd: Prism2 command code (HFA384X_CMD_CODE_*)
+ * @param0: value for Param0 register
+ * @callback: command completion callback function (%NULL = no callback)
+ * @context: context data to be given to the callback function
+ *
+ * Issue given command (possibly after waiting in command queue) and use
+ * callback function to indicate command completion. This can be called both
+ * from user and interrupt context. The callback function will be called in
+ * hardware IRQ context. It can be %NULL, when no function is called when
+ * command is completed.
+ */
+static int hfa384x_cmd_callback(struct net_device *dev, u16 cmd, u16 param0,
+ void (*callback)(struct net_device *dev,
+ long context, u16 resp0,
+ u16 status),
+ long context)
+{
+ struct hostap_interface *iface;
+ local_info_t *local;
+ int issue, ret;
+ unsigned long flags;
+ struct hostap_cmd_queue *entry;
+
+ iface = netdev_priv(dev);
+ local = iface->local;
+
+ if (local->cmd_queue_len >= HOSTAP_CMD_QUEUE_MAX_LEN + 2) {
+ printk(KERN_DEBUG "%s: hfa384x_cmd: cmd_queue full\n",
+ dev->name);
+ return -1;
+ }
+
+ entry = kzalloc(sizeof(*entry), GFP_ATOMIC);
+ if (entry == NULL)
+ return -ENOMEM;
+
+ refcount_set(&entry->usecnt, 1);
+ entry->type = CMD_CALLBACK;
+ entry->cmd = cmd;
+ entry->param0 = param0;
+ entry->callback = callback;
+ entry->context = context;
+
+ spin_lock_irqsave(&local->cmdlock, flags);
+ issue = list_empty(&local->cmd_queue);
+ if (issue)
+ entry->issuing = 1;
+ list_add_tail(&entry->list, &local->cmd_queue);
+ local->cmd_queue_len++;
+ spin_unlock_irqrestore(&local->cmdlock, flags);
+
+ if (issue && hfa384x_cmd_issue(dev, entry))
+ ret = -ETIMEDOUT;
+ else
+ ret = 0;
+
+ hostap_cmd_queue_free(local, entry, ret);
+
+ return ret;
+}
+
+
+/**
+ * __hfa384x_cmd_no_wait - Issue a Prism2 command (private)
+ * @dev: pointer to net_device
+ * @cmd: Prism2 command code (HFA384X_CMD_CODE_*)
+ * @param0: value for Param0 register
+ * @io_debug_num: I/O debug error number
+ *
+ * Shared helper function for hfa384x_cmd_wait() and hfa384x_cmd_no_wait().
+ */
+static int __hfa384x_cmd_no_wait(struct net_device *dev, u16 cmd, u16 param0,
+ int io_debug_num)
+{
+ int tries;
+ u16 reg;
+
+ /* wait until busy bit is clear; this should always be clear since the
+ * commands are serialized */
+ tries = HFA384X_CMD_BUSY_TIMEOUT;
+ while (HFA384X_INW(HFA384X_CMD_OFF) & HFA384X_CMD_BUSY && tries > 0) {
+ tries--;
+ udelay(1);
+ }
+ if (tries == 0) {
+ reg = HFA384X_INW(HFA384X_CMD_OFF);
+ prism2_io_debug_error(dev, io_debug_num);
+ printk(KERN_DEBUG "%s: __hfa384x_cmd_no_wait(%d) - timeout - "
+ "reg=0x%04x\n", dev->name, io_debug_num, reg);
+ return -ETIMEDOUT;
+ }
+
+ /* write command */
+ HFA384X_OUTW(param0, HFA384X_PARAM0_OFF);
+ HFA384X_OUTW(cmd, HFA384X_CMD_OFF);
+
+ return 0;
+}
+
+
+/**
+ * hfa384x_cmd_wait - Issue a Prism2 command and busy wait for completion
+ * @dev: pointer to net_device
+ * @cmd: Prism2 command code (HFA384X_CMD_CODE_*)
+ * @param0: value for Param0 register
+ */
+static int hfa384x_cmd_wait(struct net_device *dev, u16 cmd, u16 param0)
+{
+ int res, tries;
+ u16 reg;
+
+ res = __hfa384x_cmd_no_wait(dev, cmd, param0, 4);
+ if (res)
+ return res;
+
+ /* wait for command completion */
+ if ((cmd & HFA384X_CMDCODE_MASK) == HFA384X_CMDCODE_DOWNLOAD)
+ tries = HFA384X_DL_COMPL_TIMEOUT;
+ else
+ tries = HFA384X_CMD_COMPL_TIMEOUT;
+
+ while (!(HFA384X_INW(HFA384X_EVSTAT_OFF) & HFA384X_EV_CMD) &&
+ tries > 0) {
+ tries--;
+ udelay(10);
+ }
+ if (tries == 0) {
+ reg = HFA384X_INW(HFA384X_EVSTAT_OFF);
+ prism2_io_debug_error(dev, 5);
+ printk(KERN_DEBUG "%s: hfa384x_cmd_wait - timeout2 - "
+ "reg=0x%04x\n", dev->name, reg);
+ return -ETIMEDOUT;
+ }
+
+ res = (HFA384X_INW(HFA384X_STATUS_OFF) &
+ (BIT(14) | BIT(13) | BIT(12) | BIT(11) | BIT(10) | BIT(9) |
+ BIT(8))) >> 8;
+#ifndef final_version
+ if (res) {
+ printk(KERN_DEBUG "%s: CMD=0x%04x => res=0x%02x\n",
+ dev->name, cmd, res);
+ }
+#endif
+
+ HFA384X_OUTW(HFA384X_EV_CMD, HFA384X_EVACK_OFF);
+
+ return res;
+}
+
+
+/**
+ * hfa384x_cmd_no_wait - Issue a Prism2 command; do not wait for completion
+ * @dev: pointer to net_device
+ * @cmd: Prism2 command code (HFA384X_CMD_CODE_*)
+ * @param0: value for Param0 register
+ */
+static inline int hfa384x_cmd_no_wait(struct net_device *dev, u16 cmd,
+ u16 param0)
+{
+ return __hfa384x_cmd_no_wait(dev, cmd, param0, 6);
+}
+
+
+/**
+ * prism2_cmd_ev - Prism2 command completion event handler
+ * @dev: pointer to net_device
+ *
+ * Interrupt handler for command completion events. Called by the main
+ * interrupt handler in hardware IRQ context. Read Resp0 and status registers
+ * from the hardware and ACK the event. Depending on the issued command type
+ * either wake up the sleeping process that is waiting for command completion
+ * or call the callback function. Issue the next command, if one is pending.
+ */
+static void prism2_cmd_ev(struct net_device *dev)
+{
+ struct hostap_interface *iface;
+ local_info_t *local;
+ struct hostap_cmd_queue *entry = NULL;
+
+ iface = netdev_priv(dev);
+ local = iface->local;
+
+ spin_lock(&local->cmdlock);
+ if (!list_empty(&local->cmd_queue)) {
+ entry = list_entry(local->cmd_queue.next,
+ struct hostap_cmd_queue, list);
+ refcount_inc(&entry->usecnt);
+ list_del_init(&entry->list);
+ local->cmd_queue_len--;
+
+ if (!entry->issued) {
+ printk(KERN_DEBUG "%s: Command completion event, but "
+ "cmd not issued\n", dev->name);
+ __hostap_cmd_queue_free(local, entry, 1);
+ entry = NULL;
+ }
+ }
+ spin_unlock(&local->cmdlock);
+
+ if (!entry) {
+ HFA384X_OUTW(HFA384X_EV_CMD, HFA384X_EVACK_OFF);
+ printk(KERN_DEBUG "%s: Command completion event, but no "
+ "pending commands\n", dev->name);
+ return;
+ }
+
+ entry->resp0 = HFA384X_INW(HFA384X_RESP0_OFF);
+ entry->res = (HFA384X_INW(HFA384X_STATUS_OFF) &
+ (BIT(14) | BIT(13) | BIT(12) | BIT(11) | BIT(10) |
+ BIT(9) | BIT(8))) >> 8;
+ HFA384X_OUTW(HFA384X_EV_CMD, HFA384X_EVACK_OFF);
+
+ /* TODO: rest of the CmdEv handling could be moved to tasklet */
+ if (entry->type == CMD_SLEEP) {
+ entry->type = CMD_COMPLETED;
+ wake_up_interruptible(&entry->compl);
+ } else if (entry->type == CMD_CALLBACK) {
+ if (entry->callback)
+ entry->callback(dev, entry->context, entry->resp0,
+ entry->res);
+ } else {
+ printk(KERN_DEBUG "%s: Invalid command completion type %d\n",
+ dev->name, entry->type);
+ }
+ hostap_cmd_queue_free(local, entry, 1);
+
+ /* issue next command, if pending */
+ entry = NULL;
+ spin_lock(&local->cmdlock);
+ if (!list_empty(&local->cmd_queue)) {
+ entry = list_entry(local->cmd_queue.next,
+ struct hostap_cmd_queue, list);
+ if (entry->issuing) {
+ /* hfa384x_cmd() has already started issuing this
+ * command, so do not start here */
+ entry = NULL;
+ }
+ if (entry)
+ refcount_inc(&entry->usecnt);
+ }
+ spin_unlock(&local->cmdlock);
+
+ if (entry) {
+ /* issue next command; if command issuing fails, remove the
+ * entry from cmd_queue */
+ int res = hfa384x_cmd_issue(dev, entry);
+ spin_lock(&local->cmdlock);
+ __hostap_cmd_queue_free(local, entry, res);
+ spin_unlock(&local->cmdlock);
+ }
+}
+
+
+static int hfa384x_wait_offset(struct net_device *dev, u16 o_off)
+{
+ int tries = HFA384X_BAP_BUSY_TIMEOUT;
+ int res = HFA384X_INW(o_off) & HFA384X_OFFSET_BUSY;
+
+ while (res && tries > 0) {
+ tries--;
+ udelay(1);
+ res = HFA384X_INW(o_off) & HFA384X_OFFSET_BUSY;
+ }
+ return res;
+}
+
+
+/* Offset must be even */
+static int hfa384x_setup_bap(struct net_device *dev, u16 bap, u16 id,
+ int offset)
+{
+ u16 o_off, s_off;
+ int ret = 0;
+
+ if (offset % 2 || bap > 1)
+ return -EINVAL;
+
+ if (bap == BAP1) {
+ o_off = HFA384X_OFFSET1_OFF;
+ s_off = HFA384X_SELECT1_OFF;
+ } else {
+ o_off = HFA384X_OFFSET0_OFF;
+ s_off = HFA384X_SELECT0_OFF;
+ }
+
+ if (hfa384x_wait_offset(dev, o_off)) {
+ prism2_io_debug_error(dev, 7);
+ printk(KERN_DEBUG "%s: hfa384x_setup_bap - timeout before\n",
+ dev->name);
+ ret = -ETIMEDOUT;
+ goto out;
+ }
+
+ HFA384X_OUTW(id, s_off);
+ HFA384X_OUTW(offset, o_off);
+
+ if (hfa384x_wait_offset(dev, o_off)) {
+ prism2_io_debug_error(dev, 8);
+ printk(KERN_DEBUG "%s: hfa384x_setup_bap - timeout after\n",
+ dev->name);
+ ret = -ETIMEDOUT;
+ goto out;
+ }
+#ifndef final_version
+ if (HFA384X_INW(o_off) & HFA384X_OFFSET_ERR) {
+ prism2_io_debug_error(dev, 9);
+ printk(KERN_DEBUG "%s: hfa384x_setup_bap - offset error "
+ "(%d,0x04%x,%d); reg=0x%04x\n",
+ dev->name, bap, id, offset, HFA384X_INW(o_off));
+ ret = -EINVAL;
+ }
+#endif
+
+ out:
+ return ret;
+}
+
+
+static int hfa384x_get_rid(struct net_device *dev, u16 rid, void *buf, int len,
+ int exact_len)
+{
+ struct hostap_interface *iface;
+ local_info_t *local;
+ int res, rlen = 0;
+ struct hfa384x_rid_hdr rec;
+
+ iface = netdev_priv(dev);
+ local = iface->local;
+
+ if (local->no_pri) {
+ printk(KERN_DEBUG "%s: cannot get RID %04x (len=%d) - no PRI "
+ "f/w\n", dev->name, rid, len);
+ return -ENOTTY; /* Well.. not really correct, but return
+ * something unique enough.. */
+ }
+
+ if ((local->func->card_present && !local->func->card_present(local)) ||
+ local->hw_downloading)
+ return -ENODEV;
+
+ res = mutex_lock_interruptible(&local->rid_bap_mtx);
+ if (res)
+ return res;
+
+ res = hfa384x_cmd(dev, HFA384X_CMDCODE_ACCESS, rid, NULL, NULL);
+ if (res) {
+ printk(KERN_DEBUG "%s: hfa384x_get_rid: CMDCODE_ACCESS failed "
+ "(res=%d, rid=%04x, len=%d)\n",
+ dev->name, res, rid, len);
+ mutex_unlock(&local->rid_bap_mtx);
+ return res;
+ }
+
+ spin_lock_bh(&local->baplock);
+
+ res = hfa384x_setup_bap(dev, BAP0, rid, 0);
+ if (res)
+ goto unlock;
+
+ res = hfa384x_from_bap(dev, BAP0, &rec, sizeof(rec));
+ if (res)
+ goto unlock;
+
+ if (le16_to_cpu(rec.len) == 0) {
+ /* RID not available */
+ res = -ENODATA;
+ goto unlock;
+ }
+
+ rlen = (le16_to_cpu(rec.len) - 1) * 2;
+ if (exact_len && rlen != len) {
+ printk(KERN_DEBUG "%s: hfa384x_get_rid - RID len mismatch: "
+ "rid=0x%04x, len=%d (expected %d)\n",
+ dev->name, rid, rlen, len);
+ res = -ENODATA;
+ }
+
+ res = hfa384x_from_bap(dev, BAP0, buf, len);
+
+unlock:
+ spin_unlock_bh(&local->baplock);
+ mutex_unlock(&local->rid_bap_mtx);
+
+ if (res) {
+ if (res != -ENODATA)
+ printk(KERN_DEBUG "%s: hfa384x_get_rid (rid=%04x, "
+ "len=%d) - failed - res=%d\n", dev->name, rid,
+ len, res);
+ if (res == -ETIMEDOUT)
+ prism2_hw_reset(dev);
+ return res;
+ }
+
+ return rlen;
+}
+
+
+static int hfa384x_set_rid(struct net_device *dev, u16 rid, void *buf, int len)
+{
+ struct hostap_interface *iface;
+ local_info_t *local;
+ struct hfa384x_rid_hdr rec;
+ int res;
+
+ iface = netdev_priv(dev);
+ local = iface->local;
+
+ if (local->no_pri) {
+ printk(KERN_DEBUG "%s: cannot set RID %04x (len=%d) - no PRI "
+ "f/w\n", dev->name, rid, len);
+ return -ENOTTY; /* Well.. not really correct, but return
+ * something unique enough.. */
+ }
+
+ if ((local->func->card_present && !local->func->card_present(local)) ||
+ local->hw_downloading)
+ return -ENODEV;
+
+ rec.rid = cpu_to_le16(rid);
+ /* RID len in words and +1 for rec.rid */
+ rec.len = cpu_to_le16(len / 2 + len % 2 + 1);
+
+ res = mutex_lock_interruptible(&local->rid_bap_mtx);
+ if (res)
+ return res;
+
+ spin_lock_bh(&local->baplock);
+ res = hfa384x_setup_bap(dev, BAP0, rid, 0);
+ if (!res)
+ res = hfa384x_to_bap(dev, BAP0, &rec, sizeof(rec));
+ if (!res)
+ res = hfa384x_to_bap(dev, BAP0, buf, len);
+ spin_unlock_bh(&local->baplock);
+
+ if (res) {
+ printk(KERN_DEBUG "%s: hfa384x_set_rid (rid=%04x, len=%d) - "
+ "failed - res=%d\n", dev->name, rid, len, res);
+ mutex_unlock(&local->rid_bap_mtx);
+ return res;
+ }
+
+ res = hfa384x_cmd(dev, HFA384X_CMDCODE_ACCESS_WRITE, rid, NULL, NULL);
+ mutex_unlock(&local->rid_bap_mtx);
+
+ if (res) {
+ printk(KERN_DEBUG "%s: hfa384x_set_rid: CMDCODE_ACCESS_WRITE "
+ "failed (res=%d, rid=%04x, len=%d)\n",
+ dev->name, res, rid, len);
+
+ if (res == -ETIMEDOUT)
+ prism2_hw_reset(dev);
+ }
+
+ return res;
+}
+
+
+static void hfa384x_disable_interrupts(struct net_device *dev)
+{
+ /* disable interrupts and clear event status */
+ HFA384X_OUTW(0, HFA384X_INTEN_OFF);
+ HFA384X_OUTW(0xffff, HFA384X_EVACK_OFF);
+}
+
+
+static void hfa384x_enable_interrupts(struct net_device *dev)
+{
+ /* ack pending events and enable interrupts from selected events */
+ HFA384X_OUTW(0xffff, HFA384X_EVACK_OFF);
+ HFA384X_OUTW(HFA384X_EVENT_MASK, HFA384X_INTEN_OFF);
+}
+
+
+static void hfa384x_events_no_bap0(struct net_device *dev)
+{
+ HFA384X_OUTW(HFA384X_EVENT_MASK & ~HFA384X_BAP0_EVENTS,
+ HFA384X_INTEN_OFF);
+}
+
+
+static void hfa384x_events_all(struct net_device *dev)
+{
+ HFA384X_OUTW(HFA384X_EVENT_MASK, HFA384X_INTEN_OFF);
+}
+
+
+static void hfa384x_events_only_cmd(struct net_device *dev)
+{
+ HFA384X_OUTW(HFA384X_EV_CMD, HFA384X_INTEN_OFF);
+}
+
+
+static u16 hfa384x_allocate_fid(struct net_device *dev, int len)
+{
+ u16 fid;
+ unsigned long delay;
+
+ /* FIX: this could be replace with hfa384x_cmd() if the Alloc event
+ * below would be handled like CmdCompl event (sleep here, wake up from
+ * interrupt handler */
+ if (hfa384x_cmd_wait(dev, HFA384X_CMDCODE_ALLOC, len)) {
+ printk(KERN_DEBUG "%s: cannot allocate fid, len=%d\n",
+ dev->name, len);
+ return 0xffff;
+ }
+
+ delay = jiffies + HFA384X_ALLOC_COMPL_TIMEOUT;
+ while (!(HFA384X_INW(HFA384X_EVSTAT_OFF) & HFA384X_EV_ALLOC) &&
+ time_before(jiffies, delay))
+ yield();
+ if (!(HFA384X_INW(HFA384X_EVSTAT_OFF) & HFA384X_EV_ALLOC)) {
+ printk("%s: fid allocate, len=%d - timeout\n", dev->name, len);
+ return 0xffff;
+ }
+
+ fid = HFA384X_INW(HFA384X_ALLOCFID_OFF);
+ HFA384X_OUTW(HFA384X_EV_ALLOC, HFA384X_EVACK_OFF);
+
+ return fid;
+}
+
+
+static int prism2_reset_port(struct net_device *dev)
+{
+ struct hostap_interface *iface;
+ local_info_t *local;
+ int res;
+
+ iface = netdev_priv(dev);
+ local = iface->local;
+
+ if (!local->dev_enabled)
+ return 0;
+
+ res = hfa384x_cmd(dev, HFA384X_CMDCODE_DISABLE, 0,
+ NULL, NULL);
+ if (res)
+ printk(KERN_DEBUG "%s: reset port failed to disable port\n",
+ dev->name);
+ else {
+ res = hfa384x_cmd(dev, HFA384X_CMDCODE_ENABLE, 0,
+ NULL, NULL);
+ if (res)
+ printk(KERN_DEBUG "%s: reset port failed to enable "
+ "port\n", dev->name);
+ }
+
+ /* It looks like at least some STA firmware versions reset
+ * fragmentation threshold back to 2346 after enable command. Restore
+ * the configured value, if it differs from this default. */
+ if (local->fragm_threshold != 2346 &&
+ hostap_set_word(dev, HFA384X_RID_FRAGMENTATIONTHRESHOLD,
+ local->fragm_threshold)) {
+ printk(KERN_DEBUG "%s: failed to restore fragmentation "
+ "threshold (%d) after Port0 enable\n",
+ dev->name, local->fragm_threshold);
+ }
+
+ /* Some firmwares lose antenna selection settings on reset */
+ (void) hostap_set_antsel(local);
+
+ return res;
+}
+
+
+static int prism2_get_version_info(struct net_device *dev, u16 rid,
+ const char *txt)
+{
+ struct hfa384x_comp_ident comp;
+ struct hostap_interface *iface;
+ local_info_t *local;
+
+ iface = netdev_priv(dev);
+ local = iface->local;
+
+ if (local->no_pri) {
+ /* PRI f/w not yet available - cannot read RIDs */
+ return -1;
+ }
+ if (hfa384x_get_rid(dev, rid, &comp, sizeof(comp), 1) < 0) {
+ printk(KERN_DEBUG "Could not get RID for component %s\n", txt);
+ return -1;
+ }
+
+ printk(KERN_INFO "%s: %s: id=0x%02x v%d.%d.%d\n", dev->name, txt,
+ __le16_to_cpu(comp.id), __le16_to_cpu(comp.major),
+ __le16_to_cpu(comp.minor), __le16_to_cpu(comp.variant));
+ return 0;
+}
+
+
+static int prism2_setup_rids(struct net_device *dev)
+{
+ struct hostap_interface *iface;
+ local_info_t *local;
+ __le16 tmp;
+ int ret = 0;
+
+ iface = netdev_priv(dev);
+ local = iface->local;
+
+ hostap_set_word(dev, HFA384X_RID_TICKTIME, 2000);
+
+ if (!local->fw_ap) {
+ u16 tmp1 = hostap_get_porttype(local);
+ ret = hostap_set_word(dev, HFA384X_RID_CNFPORTTYPE, tmp1);
+ if (ret) {
+ printk("%s: Port type setting to %d failed\n",
+ dev->name, tmp1);
+ goto fail;
+ }
+ }
+
+ /* Setting SSID to empty string seems to kill the card in Host AP mode
+ */
+ if (local->iw_mode != IW_MODE_MASTER || local->essid[0] != '\0') {
+ ret = hostap_set_string(dev, HFA384X_RID_CNFOWNSSID,
+ local->essid);
+ if (ret) {
+ printk("%s: AP own SSID setting failed\n", dev->name);
+ goto fail;
+ }
+ }
+
+ ret = hostap_set_word(dev, HFA384X_RID_CNFMAXDATALEN,
+ PRISM2_DATA_MAXLEN);
+ if (ret) {
+ printk("%s: MAC data length setting to %d failed\n",
+ dev->name, PRISM2_DATA_MAXLEN);
+ goto fail;
+ }
+
+ if (hfa384x_get_rid(dev, HFA384X_RID_CHANNELLIST, &tmp, 2, 1) < 0) {
+ printk("%s: Channel list read failed\n", dev->name);
+ ret = -EINVAL;
+ goto fail;
+ }
+ local->channel_mask = le16_to_cpu(tmp);
+
+ if (local->channel < 1 || local->channel > 14 ||
+ !(local->channel_mask & (1 << (local->channel - 1)))) {
+ printk(KERN_WARNING "%s: Channel setting out of range "
+ "(%d)!\n", dev->name, local->channel);
+ ret = -EBUSY;
+ goto fail;
+ }
+
+ ret = hostap_set_word(dev, HFA384X_RID_CNFOWNCHANNEL, local->channel);
+ if (ret) {
+ printk("%s: Channel setting to %d failed\n",
+ dev->name, local->channel);
+ goto fail;
+ }
+
+ ret = hostap_set_word(dev, HFA384X_RID_CNFBEACONINT,
+ local->beacon_int);
+ if (ret) {
+ printk("%s: Beacon interval setting to %d failed\n",
+ dev->name, local->beacon_int);
+ /* this may fail with Symbol/Lucent firmware */
+ if (ret == -ETIMEDOUT)
+ goto fail;
+ }
+
+ ret = hostap_set_word(dev, HFA384X_RID_CNFOWNDTIMPERIOD,
+ local->dtim_period);
+ if (ret) {
+ printk("%s: DTIM period setting to %d failed\n",
+ dev->name, local->dtim_period);
+ /* this may fail with Symbol/Lucent firmware */
+ if (ret == -ETIMEDOUT)
+ goto fail;
+ }
+
+ ret = hostap_set_word(dev, HFA384X_RID_PROMISCUOUSMODE,
+ local->is_promisc);
+ if (ret)
+ printk(KERN_INFO "%s: Setting promiscuous mode (%d) failed\n",
+ dev->name, local->is_promisc);
+
+ if (!local->fw_ap) {
+ ret = hostap_set_string(dev, HFA384X_RID_CNFDESIREDSSID,
+ local->essid);
+ if (ret) {
+ printk("%s: Desired SSID setting failed\n", dev->name);
+ goto fail;
+ }
+ }
+
+ /* Setup TXRateControl, defaults to allow use of 1, 2, 5.5, and
+ * 11 Mbps in automatic TX rate fallback and 1 and 2 Mbps as basic
+ * rates */
+ if (local->tx_rate_control == 0) {
+ local->tx_rate_control =
+ HFA384X_RATES_1MBPS |
+ HFA384X_RATES_2MBPS |
+ HFA384X_RATES_5MBPS |
+ HFA384X_RATES_11MBPS;
+ }
+ if (local->basic_rates == 0)
+ local->basic_rates = HFA384X_RATES_1MBPS | HFA384X_RATES_2MBPS;
+
+ if (!local->fw_ap) {
+ ret = hostap_set_word(dev, HFA384X_RID_TXRATECONTROL,
+ local->tx_rate_control);
+ if (ret) {
+ printk("%s: TXRateControl setting to %d failed\n",
+ dev->name, local->tx_rate_control);
+ goto fail;
+ }
+
+ ret = hostap_set_word(dev, HFA384X_RID_CNFSUPPORTEDRATES,
+ local->tx_rate_control);
+ if (ret) {
+ printk("%s: cnfSupportedRates setting to %d failed\n",
+ dev->name, local->tx_rate_control);
+ }
+
+ ret = hostap_set_word(dev, HFA384X_RID_CNFBASICRATES,
+ local->basic_rates);
+ if (ret) {
+ printk("%s: cnfBasicRates setting to %d failed\n",
+ dev->name, local->basic_rates);
+ }
+
+ ret = hostap_set_word(dev, HFA384X_RID_CREATEIBSS, 1);
+ if (ret) {
+ printk("%s: Create IBSS setting to 1 failed\n",
+ dev->name);
+ }
+ }
+
+ if (local->name_set)
+ (void) hostap_set_string(dev, HFA384X_RID_CNFOWNNAME,
+ local->name);
+
+ if (hostap_set_encryption(local)) {
+ printk(KERN_INFO "%s: could not configure encryption\n",
+ dev->name);
+ }
+
+ (void) hostap_set_antsel(local);
+
+ if (hostap_set_roaming(local)) {
+ printk(KERN_INFO "%s: could not set host roaming\n",
+ dev->name);
+ }
+
+ if (local->sta_fw_ver >= PRISM2_FW_VER(1,6,3) &&
+ hostap_set_word(dev, HFA384X_RID_CNFENHSECURITY, local->enh_sec))
+ printk(KERN_INFO "%s: cnfEnhSecurity setting to 0x%x failed\n",
+ dev->name, local->enh_sec);
+
+ /* 32-bit tallies were added in STA f/w 0.8.0, but they were apparently
+ * not working correctly (last seven counters report bogus values).
+ * This has been fixed in 0.8.2, so enable 32-bit tallies only
+ * beginning with that firmware version. Another bug fix for 32-bit
+ * tallies in 1.4.0; should 16-bit tallies be used for some other
+ * versions, too? */
+ if (local->sta_fw_ver >= PRISM2_FW_VER(0,8,2)) {
+ if (hostap_set_word(dev, HFA384X_RID_CNFTHIRTY2TALLY, 1)) {
+ printk(KERN_INFO "%s: cnfThirty2Tally setting "
+ "failed\n", dev->name);
+ local->tallies32 = 0;
+ } else
+ local->tallies32 = 1;
+ } else
+ local->tallies32 = 0;
+
+ hostap_set_auth_algs(local);
+
+ if (hostap_set_word(dev, HFA384X_RID_FRAGMENTATIONTHRESHOLD,
+ local->fragm_threshold)) {
+ printk(KERN_INFO "%s: setting FragmentationThreshold to %d "
+ "failed\n", dev->name, local->fragm_threshold);
+ }
+
+ if (hostap_set_word(dev, HFA384X_RID_RTSTHRESHOLD,
+ local->rts_threshold)) {
+ printk(KERN_INFO "%s: setting RTSThreshold to %d failed\n",
+ dev->name, local->rts_threshold);
+ }
+
+ if (local->manual_retry_count >= 0 &&
+ hostap_set_word(dev, HFA384X_RID_CNFALTRETRYCOUNT,
+ local->manual_retry_count)) {
+ printk(KERN_INFO "%s: setting cnfAltRetryCount to %d failed\n",
+ dev->name, local->manual_retry_count);
+ }
+
+ if (local->sta_fw_ver >= PRISM2_FW_VER(1,3,1) &&
+ hfa384x_get_rid(dev, HFA384X_RID_CNFDBMADJUST, &tmp, 2, 1) == 2) {
+ local->rssi_to_dBm = le16_to_cpu(tmp);
+ }
+
+ if (local->sta_fw_ver >= PRISM2_FW_VER(1,7,0) && local->wpa &&
+ hostap_set_word(dev, HFA384X_RID_SSNHANDLINGMODE, 1)) {
+ printk(KERN_INFO "%s: setting ssnHandlingMode to 1 failed\n",
+ dev->name);
+ }
+
+ if (local->sta_fw_ver >= PRISM2_FW_VER(1,7,0) && local->generic_elem &&
+ hfa384x_set_rid(dev, HFA384X_RID_GENERICELEMENT,
+ local->generic_elem, local->generic_elem_len)) {
+ printk(KERN_INFO "%s: setting genericElement failed\n",
+ dev->name);
+ }
+
+ fail:
+ return ret;
+}
+
+
+static int prism2_hw_init(struct net_device *dev, int initial)
+{
+ struct hostap_interface *iface;
+ local_info_t *local;
+ int ret, first = 1;
+ unsigned long start, delay;
+
+ PDEBUG(DEBUG_FLOW, "prism2_hw_init()\n");
+
+ iface = netdev_priv(dev);
+ local = iface->local;
+
+ clear_bit(HOSTAP_BITS_TRANSMIT, &local->bits);
+
+ init:
+ /* initialize HFA 384x */
+ ret = hfa384x_cmd_no_wait(dev, HFA384X_CMDCODE_INIT, 0);
+ if (ret) {
+ printk(KERN_INFO "%s: first command failed - assuming card "
+ "does not have primary firmware\n", dev_info);
+ }
+
+ if (first && (HFA384X_INW(HFA384X_EVSTAT_OFF) & HFA384X_EV_CMD)) {
+ /* EvStat has Cmd bit set in some cases, so retry once if no
+ * wait was needed */
+ HFA384X_OUTW(HFA384X_EV_CMD, HFA384X_EVACK_OFF);
+ printk(KERN_DEBUG "%s: init command completed too quickly - "
+ "retrying\n", dev->name);
+ first = 0;
+ goto init;
+ }
+
+ start = jiffies;
+ delay = jiffies + HFA384X_INIT_TIMEOUT;
+ while (!(HFA384X_INW(HFA384X_EVSTAT_OFF) & HFA384X_EV_CMD) &&
+ time_before(jiffies, delay))
+ yield();
+ if (!(HFA384X_INW(HFA384X_EVSTAT_OFF) & HFA384X_EV_CMD)) {
+ printk(KERN_DEBUG "%s: assuming no Primary image in "
+ "flash - card initialization not completed\n",
+ dev_info);
+ local->no_pri = 1;
+#ifdef PRISM2_DOWNLOAD_SUPPORT
+ if (local->sram_type == -1)
+ local->sram_type = prism2_get_ram_size(local);
+#endif /* PRISM2_DOWNLOAD_SUPPORT */
+ return 1;
+ }
+ local->no_pri = 0;
+ printk(KERN_DEBUG "prism2_hw_init: initialized in %lu ms\n",
+ (jiffies - start) * 1000 / HZ);
+ HFA384X_OUTW(HFA384X_EV_CMD, HFA384X_EVACK_OFF);
+ return 0;
+}
+
+
+static int prism2_hw_init2(struct net_device *dev, int initial)
+{
+ struct hostap_interface *iface;
+ local_info_t *local;
+ int i;
+
+ iface = netdev_priv(dev);
+ local = iface->local;
+
+#ifdef PRISM2_DOWNLOAD_SUPPORT
+ kfree(local->pda);
+ if (local->no_pri)
+ local->pda = NULL;
+ else
+ local->pda = prism2_read_pda(dev);
+#endif /* PRISM2_DOWNLOAD_SUPPORT */
+
+ hfa384x_disable_interrupts(dev);
+
+#ifndef final_version
+ HFA384X_OUTW(HFA384X_MAGIC, HFA384X_SWSUPPORT0_OFF);
+ if (HFA384X_INW(HFA384X_SWSUPPORT0_OFF) != HFA384X_MAGIC) {
+ printk("SWSUPPORT0 write/read failed: %04X != %04X\n",
+ HFA384X_INW(HFA384X_SWSUPPORT0_OFF), HFA384X_MAGIC);
+ goto failed;
+ }
+#endif
+
+ if (initial || local->pri_only) {
+ hfa384x_events_only_cmd(dev);
+ /* get card version information */
+ if (prism2_get_version_info(dev, HFA384X_RID_NICID, "NIC") ||
+ prism2_get_version_info(dev, HFA384X_RID_PRIID, "PRI")) {
+ hfa384x_disable_interrupts(dev);
+ goto failed;
+ }
+
+ if (prism2_get_version_info(dev, HFA384X_RID_STAID, "STA")) {
+ printk(KERN_DEBUG "%s: Failed to read STA f/w version "
+ "- only Primary f/w present\n", dev->name);
+ local->pri_only = 1;
+ return 0;
+ }
+ local->pri_only = 0;
+ hfa384x_disable_interrupts(dev);
+ }
+
+ /* FIX: could convert allocate_fid to use sleeping CmdCompl wait and
+ * enable interrupts before this. This would also require some sort of
+ * sleeping AllocEv waiting */
+
+ /* allocate TX FIDs */
+ local->txfid_len = PRISM2_TXFID_LEN;
+ for (i = 0; i < PRISM2_TXFID_COUNT; i++) {
+ local->txfid[i] = hfa384x_allocate_fid(dev, local->txfid_len);
+ if (local->txfid[i] == 0xffff && local->txfid_len > 1600) {
+ local->txfid[i] = hfa384x_allocate_fid(dev, 1600);
+ if (local->txfid[i] != 0xffff) {
+ printk(KERN_DEBUG "%s: Using shorter TX FID "
+ "(1600 bytes)\n", dev->name);
+ local->txfid_len = 1600;
+ }
+ }
+ if (local->txfid[i] == 0xffff)
+ goto failed;
+ local->intransmitfid[i] = PRISM2_TXFID_EMPTY;
+ }
+
+ hfa384x_events_only_cmd(dev);
+
+ if (initial) {
+ u8 addr[ETH_ALEN] = {};
+ struct list_head *ptr;
+
+ prism2_check_sta_fw_version(local);
+
+ if (hfa384x_get_rid(dev, HFA384X_RID_CNFOWNMACADDR,
+ addr, ETH_ALEN, 1) < 0) {
+ printk("%s: could not get own MAC address\n",
+ dev->name);
+ }
+ eth_hw_addr_set(dev, addr);
+ list_for_each(ptr, &local->hostap_interfaces) {
+ iface = list_entry(ptr, struct hostap_interface, list);
+ eth_hw_addr_inherit(iface->dev, dev);
+ }
+ } else if (local->fw_ap)
+ prism2_check_sta_fw_version(local);
+
+ prism2_setup_rids(dev);
+
+ /* MAC is now configured, but port 0 is not yet enabled */
+ return 0;
+
+ failed:
+ if (!local->no_pri)
+ printk(KERN_WARNING "%s: Initialization failed\n", dev_info);
+ return 1;
+}
+
+
+static int prism2_hw_enable(struct net_device *dev, int initial)
+{
+ struct hostap_interface *iface;
+ local_info_t *local;
+ int was_resetting;
+
+ iface = netdev_priv(dev);
+ local = iface->local;
+ was_resetting = local->hw_resetting;
+
+ if (hfa384x_cmd(dev, HFA384X_CMDCODE_ENABLE, 0, NULL, NULL)) {
+ printk("%s: MAC port 0 enabling failed\n", dev->name);
+ return 1;
+ }
+
+ local->hw_ready = 1;
+ local->hw_reset_tries = 0;
+ local->hw_resetting = 0;
+ hfa384x_enable_interrupts(dev);
+
+ /* at least D-Link DWL-650 seems to require additional port reset
+ * before it starts acting as an AP, so reset port automatically
+ * here just in case */
+ if (initial && prism2_reset_port(dev)) {
+ printk("%s: MAC port 0 resetting failed\n", dev->name);
+ return 1;
+ }
+
+ if (was_resetting && netif_queue_stopped(dev)) {
+ /* If hw_reset() was called during pending transmit, netif
+ * queue was stopped. Wake it up now since the wlan card has
+ * been resetted. */
+ netif_wake_queue(dev);
+ }
+
+ return 0;
+}
+
+
+static int prism2_hw_config(struct net_device *dev, int initial)
+{
+ struct hostap_interface *iface;
+ local_info_t *local;
+
+ iface = netdev_priv(dev);
+ local = iface->local;
+
+ if (local->hw_downloading)
+ return 1;
+
+ if (prism2_hw_init(dev, initial)) {
+ return local->no_pri ? 0 : 1;
+ }
+
+ if (prism2_hw_init2(dev, initial))
+ return 1;
+
+ /* Enable firmware if secondary image is loaded and at least one of the
+ * netdevices is up. */
+ if (!local->pri_only &&
+ (initial == 0 || (initial == 2 && local->num_dev_open > 0))) {
+ if (!local->dev_enabled)
+ prism2_callback(local, PRISM2_CALLBACK_ENABLE);
+ local->dev_enabled = 1;
+ return prism2_hw_enable(dev, initial);
+ }
+
+ return 0;
+}
+
+
+static void prism2_hw_shutdown(struct net_device *dev, int no_disable)
+{
+ struct hostap_interface *iface;
+ local_info_t *local;
+
+ iface = netdev_priv(dev);
+ local = iface->local;
+
+ /* Allow only command completion events during disable */
+ hfa384x_events_only_cmd(dev);
+
+ local->hw_ready = 0;
+ if (local->dev_enabled)
+ prism2_callback(local, PRISM2_CALLBACK_DISABLE);
+ local->dev_enabled = 0;
+
+ if (local->func->card_present && !local->func->card_present(local)) {
+ printk(KERN_DEBUG "%s: card already removed or not configured "
+ "during shutdown\n", dev->name);
+ return;
+ }
+
+ if ((no_disable & HOSTAP_HW_NO_DISABLE) == 0 &&
+ hfa384x_cmd(dev, HFA384X_CMDCODE_DISABLE, 0, NULL, NULL))
+ printk(KERN_WARNING "%s: Shutdown failed\n", dev_info);
+
+ hfa384x_disable_interrupts(dev);
+
+ if (no_disable & HOSTAP_HW_ENABLE_CMDCOMPL)
+ hfa384x_events_only_cmd(dev);
+ else
+ prism2_clear_cmd_queue(local);
+}
+
+
+static void prism2_hw_reset(struct net_device *dev)
+{
+ struct hostap_interface *iface;
+ local_info_t *local;
+
+#if 0
+ static long last_reset = 0;
+
+ /* do not reset card more than once per second to avoid ending up in a
+ * busy loop resetting the card */
+ if (time_before_eq(jiffies, last_reset + HZ))
+ return;
+ last_reset = jiffies;
+#endif
+
+ iface = netdev_priv(dev);
+ local = iface->local;
+
+ if (local->hw_downloading)
+ return;
+
+ if (local->hw_resetting) {
+ printk(KERN_WARNING "%s: %s: already resetting card - "
+ "ignoring reset request\n", dev_info, dev->name);
+ return;
+ }
+
+ local->hw_reset_tries++;
+ if (local->hw_reset_tries > 10) {
+ printk(KERN_WARNING "%s: too many reset tries, skipping\n",
+ dev->name);
+ return;
+ }
+
+ printk(KERN_WARNING "%s: %s: resetting card\n", dev_info, dev->name);
+ hfa384x_disable_interrupts(dev);
+ local->hw_resetting = 1;
+ if (local->func->cor_sreset) {
+ /* Host system seems to hang in some cases with high traffic
+ * load or shared interrupts during COR sreset. Disable shared
+ * interrupts during reset to avoid these crashes. COS sreset
+ * takes quite a long time, so it is unfortunate that this
+ * seems to be needed. Anyway, I do not know of any better way
+ * of avoiding the crash. */
+ disable_irq(dev->irq);
+ local->func->cor_sreset(local);
+ enable_irq(dev->irq);
+ }
+ prism2_hw_shutdown(dev, 1);
+ prism2_hw_config(dev, 0);
+ local->hw_resetting = 0;
+
+#ifdef PRISM2_DOWNLOAD_SUPPORT
+ if (local->dl_pri) {
+ printk(KERN_DEBUG "%s: persistent download of primary "
+ "firmware\n", dev->name);
+ if (prism2_download_genesis(local, local->dl_pri) < 0)
+ printk(KERN_WARNING "%s: download (PRI) failed\n",
+ dev->name);
+ }
+
+ if (local->dl_sec) {
+ printk(KERN_DEBUG "%s: persistent download of secondary "
+ "firmware\n", dev->name);
+ if (prism2_download_volatile(local, local->dl_sec) < 0)
+ printk(KERN_WARNING "%s: download (SEC) failed\n",
+ dev->name);
+ }
+#endif /* PRISM2_DOWNLOAD_SUPPORT */
+
+ /* TODO: restore beacon TIM bits for STAs that have buffered frames */
+}
+
+
+static void prism2_schedule_reset(local_info_t *local)
+{
+ schedule_work(&local->reset_queue);
+}
+
+
+/* Called only as scheduled task after noticing card timeout in interrupt
+ * context */
+static void handle_reset_queue(struct work_struct *work)
+{
+ local_info_t *local = container_of(work, local_info_t, reset_queue);
+
+ printk(KERN_DEBUG "%s: scheduled card reset\n", local->dev->name);
+ prism2_hw_reset(local->dev);
+
+ if (netif_queue_stopped(local->dev)) {
+ int i;
+
+ for (i = 0; i < PRISM2_TXFID_COUNT; i++)
+ if (local->intransmitfid[i] == PRISM2_TXFID_EMPTY) {
+ PDEBUG(DEBUG_EXTRA, "prism2_tx_timeout: "
+ "wake up queue\n");
+ netif_wake_queue(local->dev);
+ break;
+ }
+ }
+}
+
+
+static int prism2_get_txfid_idx(local_info_t *local)
+{
+ int idx, end;
+ unsigned long flags;
+
+ spin_lock_irqsave(&local->txfidlock, flags);
+ end = idx = local->next_txfid;
+ do {
+ if (local->intransmitfid[idx] == PRISM2_TXFID_EMPTY) {
+ local->intransmitfid[idx] = PRISM2_TXFID_RESERVED;
+ spin_unlock_irqrestore(&local->txfidlock, flags);
+ return idx;
+ }
+ idx++;
+ if (idx >= PRISM2_TXFID_COUNT)
+ idx = 0;
+ } while (idx != end);
+ spin_unlock_irqrestore(&local->txfidlock, flags);
+
+ PDEBUG(DEBUG_EXTRA2, "prism2_get_txfid_idx: no room in txfid buf: "
+ "packet dropped\n");
+ local->dev->stats.tx_dropped++;
+
+ return -1;
+}
+
+
+/* Called only from hardware IRQ */
+static void prism2_transmit_cb(struct net_device *dev, long context,
+ u16 resp0, u16 res)
+{
+ struct hostap_interface *iface;
+ local_info_t *local;
+ int idx = (int) context;
+
+ iface = netdev_priv(dev);
+ local = iface->local;
+
+ if (res) {
+ printk(KERN_DEBUG "%s: prism2_transmit_cb - res=0x%02x\n",
+ dev->name, res);
+ return;
+ }
+
+ if (idx < 0 || idx >= PRISM2_TXFID_COUNT) {
+ printk(KERN_DEBUG "%s: prism2_transmit_cb called with invalid "
+ "idx=%d\n", dev->name, idx);
+ return;
+ }
+
+ if (!test_and_clear_bit(HOSTAP_BITS_TRANSMIT, &local->bits)) {
+ printk(KERN_DEBUG "%s: driver bug: prism2_transmit_cb called "
+ "with no pending transmit\n", dev->name);
+ }
+
+ if (netif_queue_stopped(dev)) {
+ /* ready for next TX, so wake up queue that was stopped in
+ * prism2_transmit() */
+ netif_wake_queue(dev);
+ }
+
+ spin_lock(&local->txfidlock);
+
+ /* With reclaim, Resp0 contains new txfid for transmit; the old txfid
+ * will be automatically allocated for the next TX frame */
+ local->intransmitfid[idx] = resp0;
+
+ PDEBUG(DEBUG_FID, "%s: prism2_transmit_cb: txfid[%d]=0x%04x, "
+ "resp0=0x%04x, transmit_txfid=0x%04x\n",
+ dev->name, idx, local->txfid[idx],
+ resp0, local->intransmitfid[local->next_txfid]);
+
+ idx++;
+ if (idx >= PRISM2_TXFID_COUNT)
+ idx = 0;
+ local->next_txfid = idx;
+
+ /* check if all TX buffers are occupied */
+ do {
+ if (local->intransmitfid[idx] == PRISM2_TXFID_EMPTY) {
+ spin_unlock(&local->txfidlock);
+ return;
+ }
+ idx++;
+ if (idx >= PRISM2_TXFID_COUNT)
+ idx = 0;
+ } while (idx != local->next_txfid);
+ spin_unlock(&local->txfidlock);
+
+ /* no empty TX buffers, stop queue */
+ netif_stop_queue(dev);
+}
+
+
+/* Called only from software IRQ if PCI bus master is not used (with bus master
+ * this can be called both from software and hardware IRQ) */
+static int prism2_transmit(struct net_device *dev, int idx)
+{
+ struct hostap_interface *iface;
+ local_info_t *local;
+ int res;
+
+ iface = netdev_priv(dev);
+ local = iface->local;
+
+ /* The driver tries to stop netif queue so that there would not be
+ * more than one attempt to transmit frames going on; check that this
+ * is really the case */
+
+ if (test_and_set_bit(HOSTAP_BITS_TRANSMIT, &local->bits)) {
+ printk(KERN_DEBUG "%s: driver bug - prism2_transmit() called "
+ "when previous TX was pending\n", dev->name);
+ return -1;
+ }
+
+ /* stop the queue for the time that transmit is pending */
+ netif_stop_queue(dev);
+
+ /* transmit packet */
+ res = hfa384x_cmd_callback(
+ dev,
+ HFA384X_CMDCODE_TRANSMIT | HFA384X_CMD_TX_RECLAIM,
+ local->txfid[idx],
+ prism2_transmit_cb, (long) idx);
+
+ if (res) {
+ printk(KERN_DEBUG "%s: prism2_transmit: CMDCODE_TRANSMIT "
+ "failed (res=%d)\n", dev->name, res);
+ dev->stats.tx_dropped++;
+ netif_wake_queue(dev);
+ return -1;
+ }
+ netif_trans_update(dev);
+
+ /* Since we did not wait for command completion, the card continues
+ * to process on the background and we will finish handling when
+ * command completion event is handled (prism2_cmd_ev() function) */
+
+ return 0;
+}
+
+
+/* Send IEEE 802.11 frame (convert the header into Prism2 TX descriptor and
+ * send the payload with this descriptor) */
+/* Called only from software IRQ */
+static int prism2_tx_80211(struct sk_buff *skb, struct net_device *dev)
+{
+ struct hostap_interface *iface;
+ local_info_t *local;
+ struct hfa384x_tx_frame txdesc;
+ struct hostap_skb_tx_data *meta;
+ int hdr_len, data_len, idx, res, ret = -1;
+ u16 tx_control;
+
+ iface = netdev_priv(dev);
+ local = iface->local;
+
+ meta = (struct hostap_skb_tx_data *) skb->cb;
+
+ prism2_callback(local, PRISM2_CALLBACK_TX_START);
+
+ if ((local->func->card_present && !local->func->card_present(local)) ||
+ !local->hw_ready || local->hw_downloading || local->pri_only) {
+ if (net_ratelimit()) {
+ printk(KERN_DEBUG "%s: prism2_tx_80211: hw not ready -"
+ " skipping\n", dev->name);
+ }
+ goto fail;
+ }
+
+ memset(&txdesc, 0, sizeof(txdesc));
+
+ /* skb->data starts with txdesc->frame_control */
+ hdr_len = sizeof(txdesc.header);
+ BUILD_BUG_ON(hdr_len != 24);
+ skb_copy_from_linear_data(skb, &txdesc.header, hdr_len);
+ if (ieee80211_is_data(txdesc.frame_control) &&
+ ieee80211_has_a4(txdesc.frame_control) &&
+ skb->len >= 30) {
+ /* Addr4 */
+ skb_copy_from_linear_data_offset(skb, hdr_len, txdesc.addr4,
+ ETH_ALEN);
+ hdr_len += ETH_ALEN;
+ }
+
+ tx_control = local->tx_control;
+ if (meta->tx_cb_idx) {
+ tx_control |= HFA384X_TX_CTRL_TX_OK;
+ txdesc.sw_support = cpu_to_le32(meta->tx_cb_idx);
+ }
+ txdesc.tx_control = cpu_to_le16(tx_control);
+ txdesc.tx_rate = meta->rate;
+
+ data_len = skb->len - hdr_len;
+ txdesc.data_len = cpu_to_le16(data_len);
+ txdesc.len = cpu_to_be16(data_len);
+
+ idx = prism2_get_txfid_idx(local);
+ if (idx < 0)
+ goto fail;
+
+ if (local->frame_dump & PRISM2_DUMP_TX_HDR)
+ hostap_dump_tx_header(dev->name, &txdesc);
+
+ spin_lock(&local->baplock);
+ res = hfa384x_setup_bap(dev, BAP0, local->txfid[idx], 0);
+
+ if (!res)
+ res = hfa384x_to_bap(dev, BAP0, &txdesc, sizeof(txdesc));
+ if (!res)
+ res = hfa384x_to_bap(dev, BAP0, skb->data + hdr_len,
+ skb->len - hdr_len);
+ spin_unlock(&local->baplock);
+
+ if (!res)
+ res = prism2_transmit(dev, idx);
+ if (res) {
+ printk(KERN_DEBUG "%s: prism2_tx_80211 - to BAP0 failed\n",
+ dev->name);
+ local->intransmitfid[idx] = PRISM2_TXFID_EMPTY;
+ schedule_work(&local->reset_queue);
+ goto fail;
+ }
+
+ ret = 0;
+
+fail:
+ prism2_callback(local, PRISM2_CALLBACK_TX_END);
+ return ret;
+}
+
+
+/* Some SMP systems have reported number of odd errors with hostap_pci. fid
+ * register has changed values between consecutive reads for an unknown reason.
+ * This should really not happen, so more debugging is needed. This test
+ * version is a bit slower, but it will detect most of such register changes
+ * and will try to get the correct fid eventually. */
+#define EXTRA_FID_READ_TESTS
+
+static u16 prism2_read_fid_reg(struct net_device *dev, u16 reg)
+{
+#ifdef EXTRA_FID_READ_TESTS
+ u16 val, val2, val3;
+ int i;
+
+ for (i = 0; i < 10; i++) {
+ val = HFA384X_INW(reg);
+ val2 = HFA384X_INW(reg);
+ val3 = HFA384X_INW(reg);
+
+ if (val == val2 && val == val3)
+ return val;
+
+ printk(KERN_DEBUG "%s: detected fid change (try=%d, reg=%04x):"
+ " %04x %04x %04x\n",
+ dev->name, i, reg, val, val2, val3);
+ if ((val == val2 || val == val3) && val != 0)
+ return val;
+ if (val2 == val3 && val2 != 0)
+ return val2;
+ }
+ printk(KERN_WARNING "%s: Uhhuh.. could not read good fid from reg "
+ "%04x (%04x %04x %04x)\n", dev->name, reg, val, val2, val3);
+ return val;
+#else /* EXTRA_FID_READ_TESTS */
+ return HFA384X_INW(reg);
+#endif /* EXTRA_FID_READ_TESTS */
+}
+
+
+/* Called only as a tasklet (software IRQ) */
+static void prism2_rx(local_info_t *local)
+{
+ struct net_device *dev = local->dev;
+ int res, rx_pending = 0;
+ u16 len, hdr_len, rxfid, status, macport;
+ struct hfa384x_rx_frame rxdesc;
+ struct sk_buff *skb = NULL;
+
+ prism2_callback(local, PRISM2_CALLBACK_RX_START);
+
+ rxfid = prism2_read_fid_reg(dev, HFA384X_RXFID_OFF);
+#ifndef final_version
+ if (rxfid == 0) {
+ rxfid = HFA384X_INW(HFA384X_RXFID_OFF);
+ printk(KERN_DEBUG "prism2_rx: rxfid=0 (next 0x%04x)\n",
+ rxfid);
+ if (rxfid == 0) {
+ schedule_work(&local->reset_queue);
+ goto rx_dropped;
+ }
+ /* try to continue with the new rxfid value */
+ }
+#endif
+
+ spin_lock(&local->baplock);
+ res = hfa384x_setup_bap(dev, BAP0, rxfid, 0);
+ if (!res)
+ res = hfa384x_from_bap(dev, BAP0, &rxdesc, sizeof(rxdesc));
+
+ if (res) {
+ spin_unlock(&local->baplock);
+ printk(KERN_DEBUG "%s: copy from BAP0 failed %d\n", dev->name,
+ res);
+ if (res == -ETIMEDOUT) {
+ schedule_work(&local->reset_queue);
+ }
+ goto rx_dropped;
+ }
+
+ len = le16_to_cpu(rxdesc.data_len);
+ hdr_len = sizeof(rxdesc);
+ status = le16_to_cpu(rxdesc.status);
+ macport = (status >> 8) & 0x07;
+
+ /* Drop frames with too large reported payload length. Monitor mode
+ * seems to sometimes pass frames (e.g., ctrl::ack) with signed and
+ * negative value, so allow also values 65522 .. 65534 (-14 .. -2) for
+ * macport 7 */
+ if (len > PRISM2_DATA_MAXLEN + 8 /* WEP */) {
+ if (macport == 7 && local->iw_mode == IW_MODE_MONITOR) {
+ if (len >= (u16) -14) {
+ hdr_len -= 65535 - len;
+ hdr_len--;
+ }
+ len = 0;
+ } else {
+ spin_unlock(&local->baplock);
+ printk(KERN_DEBUG "%s: Received frame with invalid "
+ "length 0x%04x\n", dev->name, len);
+ hostap_dump_rx_header(dev->name, &rxdesc);
+ goto rx_dropped;
+ }
+ }
+
+ skb = dev_alloc_skb(len + hdr_len);
+ if (!skb) {
+ spin_unlock(&local->baplock);
+ printk(KERN_DEBUG "%s: RX failed to allocate skb\n",
+ dev->name);
+ goto rx_dropped;
+ }
+ skb->dev = dev;
+ skb_put_data(skb, &rxdesc, hdr_len);
+
+ if (len > 0)
+ res = hfa384x_from_bap(dev, BAP0, skb_put(skb, len), len);
+ spin_unlock(&local->baplock);
+ if (res) {
+ printk(KERN_DEBUG "%s: RX failed to read "
+ "frame data\n", dev->name);
+ goto rx_dropped;
+ }
+
+ skb_queue_tail(&local->rx_list, skb);
+ tasklet_schedule(&local->rx_tasklet);
+
+ rx_exit:
+ prism2_callback(local, PRISM2_CALLBACK_RX_END);
+ if (!rx_pending) {
+ HFA384X_OUTW(HFA384X_EV_RX, HFA384X_EVACK_OFF);
+ }
+
+ return;
+
+ rx_dropped:
+ dev->stats.rx_dropped++;
+ if (skb)
+ dev_kfree_skb(skb);
+ goto rx_exit;
+}
+
+
+/* Called only as a tasklet (software IRQ) */
+static void hostap_rx_skb(local_info_t *local, struct sk_buff *skb)
+{
+ struct hfa384x_rx_frame *rxdesc;
+ struct net_device *dev = skb->dev;
+ struct hostap_80211_rx_status stats;
+ int hdrlen, rx_hdrlen;
+
+ rx_hdrlen = sizeof(*rxdesc);
+ if (skb->len < sizeof(*rxdesc)) {
+ /* Allow monitor mode to receive shorter frames */
+ if (local->iw_mode == IW_MODE_MONITOR &&
+ skb->len >= sizeof(*rxdesc) - 30) {
+ rx_hdrlen = skb->len;
+ } else {
+ dev_kfree_skb(skb);
+ return;
+ }
+ }
+
+ rxdesc = (struct hfa384x_rx_frame *) skb->data;
+
+ if (local->frame_dump & PRISM2_DUMP_RX_HDR &&
+ skb->len >= sizeof(*rxdesc))
+ hostap_dump_rx_header(dev->name, rxdesc);
+
+ if (le16_to_cpu(rxdesc->status) & HFA384X_RX_STATUS_FCSERR &&
+ (!local->monitor_allow_fcserr ||
+ local->iw_mode != IW_MODE_MONITOR))
+ goto drop;
+
+ if (skb->len > PRISM2_DATA_MAXLEN) {
+ printk(KERN_DEBUG "%s: RX: len(%d) > MAX(%d)\n",
+ dev->name, skb->len, PRISM2_DATA_MAXLEN);
+ goto drop;
+ }
+
+ stats.mac_time = le32_to_cpu(rxdesc->time);
+ stats.signal = rxdesc->signal - local->rssi_to_dBm;
+ stats.noise = rxdesc->silence - local->rssi_to_dBm;
+ stats.rate = rxdesc->rate;
+
+ /* Convert Prism2 RX structure into IEEE 802.11 header */
+ hdrlen = hostap_80211_get_hdrlen(rxdesc->frame_control);
+ if (hdrlen > rx_hdrlen)
+ hdrlen = rx_hdrlen;
+
+ memmove(skb_pull(skb, rx_hdrlen - hdrlen),
+ &rxdesc->frame_control, hdrlen);
+
+ hostap_80211_rx(dev, skb, &stats);
+ return;
+
+ drop:
+ dev_kfree_skb(skb);
+}
+
+
+/* Called only as a tasklet (software IRQ) */
+static void hostap_rx_tasklet(struct tasklet_struct *t)
+{
+ local_info_t *local = from_tasklet(local, t, rx_tasklet);
+ struct sk_buff *skb;
+
+ while ((skb = skb_dequeue(&local->rx_list)) != NULL)
+ hostap_rx_skb(local, skb);
+}
+
+
+/* Called only from hardware IRQ */
+static void prism2_alloc_ev(struct net_device *dev)
+{
+ struct hostap_interface *iface;
+ local_info_t *local;
+ int idx;
+ u16 fid;
+
+ iface = netdev_priv(dev);
+ local = iface->local;
+
+ fid = prism2_read_fid_reg(dev, HFA384X_ALLOCFID_OFF);
+
+ PDEBUG(DEBUG_FID, "FID: interrupt: ALLOC - fid=0x%04x\n", fid);
+
+ spin_lock(&local->txfidlock);
+ idx = local->next_alloc;
+
+ do {
+ if (local->txfid[idx] == fid) {
+ PDEBUG(DEBUG_FID, "FID: found matching txfid[%d]\n",
+ idx);
+
+#ifndef final_version
+ if (local->intransmitfid[idx] == PRISM2_TXFID_EMPTY)
+ printk("Already released txfid found at idx "
+ "%d\n", idx);
+ if (local->intransmitfid[idx] == PRISM2_TXFID_RESERVED)
+ printk("Already reserved txfid found at idx "
+ "%d\n", idx);
+#endif
+ local->intransmitfid[idx] = PRISM2_TXFID_EMPTY;
+ idx++;
+ local->next_alloc = idx >= PRISM2_TXFID_COUNT ? 0 :
+ idx;
+
+ if (!test_bit(HOSTAP_BITS_TRANSMIT, &local->bits) &&
+ netif_queue_stopped(dev))
+ netif_wake_queue(dev);
+
+ spin_unlock(&local->txfidlock);
+ return;
+ }
+
+ idx++;
+ if (idx >= PRISM2_TXFID_COUNT)
+ idx = 0;
+ } while (idx != local->next_alloc);
+
+ printk(KERN_WARNING "%s: could not find matching txfid (0x%04x, new "
+ "read 0x%04x) for alloc event\n", dev->name, fid,
+ HFA384X_INW(HFA384X_ALLOCFID_OFF));
+ printk(KERN_DEBUG "TXFIDs:");
+ for (idx = 0; idx < PRISM2_TXFID_COUNT; idx++)
+ printk(" %04x[%04x]", local->txfid[idx],
+ local->intransmitfid[idx]);
+ printk("\n");
+ spin_unlock(&local->txfidlock);
+
+ /* FIX: should probably schedule reset; reference to one txfid was lost
+ * completely.. Bad things will happen if we run out of txfids
+ * Actually, this will cause netdev watchdog to notice TX timeout and
+ * then card reset after all txfids have been leaked. */
+}
+
+
+/* Called only as a tasklet (software IRQ) */
+static void hostap_tx_callback(local_info_t *local,
+ struct hfa384x_tx_frame *txdesc, int ok,
+ char *payload)
+{
+ u16 sw_support, hdrlen, len;
+ struct sk_buff *skb;
+ struct hostap_tx_callback_info *cb;
+
+ /* Make sure that frame was from us. */
+ if (!ether_addr_equal(txdesc->addr2, local->dev->dev_addr)) {
+ printk(KERN_DEBUG "%s: TX callback - foreign frame\n",
+ local->dev->name);
+ return;
+ }
+
+ sw_support = le32_to_cpu(txdesc->sw_support);
+
+ spin_lock(&local->lock);
+ cb = local->tx_callback;
+ while (cb != NULL && cb->idx != sw_support)
+ cb = cb->next;
+ spin_unlock(&local->lock);
+
+ if (cb == NULL) {
+ printk(KERN_DEBUG "%s: could not find TX callback (idx %d)\n",
+ local->dev->name, sw_support);
+ return;
+ }
+
+ hdrlen = hostap_80211_get_hdrlen(txdesc->frame_control);
+ len = le16_to_cpu(txdesc->data_len);
+ skb = dev_alloc_skb(hdrlen + len);
+ if (skb == NULL) {
+ printk(KERN_DEBUG "%s: hostap_tx_callback failed to allocate "
+ "skb\n", local->dev->name);
+ return;
+ }
+
+ skb_put_data(skb, (void *)&txdesc->frame_control, hdrlen);
+ if (payload)
+ skb_put_data(skb, payload, len);
+
+ skb->dev = local->dev;
+ skb_reset_mac_header(skb);
+
+ cb->func(skb, ok, cb->data);
+}
+
+
+/* Called only as a tasklet (software IRQ) */
+static int hostap_tx_compl_read(local_info_t *local, int error,
+ struct hfa384x_tx_frame *txdesc,
+ char **payload)
+{
+ u16 fid, len;
+ int res, ret = 0;
+ struct net_device *dev = local->dev;
+
+ fid = prism2_read_fid_reg(dev, HFA384X_TXCOMPLFID_OFF);
+
+ PDEBUG(DEBUG_FID, "interrupt: TX (err=%d) - fid=0x%04x\n", fid, error);
+
+ spin_lock(&local->baplock);
+ res = hfa384x_setup_bap(dev, BAP0, fid, 0);
+ if (!res)
+ res = hfa384x_from_bap(dev, BAP0, txdesc, sizeof(*txdesc));
+ if (res) {
+ PDEBUG(DEBUG_EXTRA, "%s: TX (err=%d) - fid=0x%04x - could not "
+ "read txdesc\n", dev->name, error, fid);
+ if (res == -ETIMEDOUT) {
+ schedule_work(&local->reset_queue);
+ }
+ ret = -1;
+ goto fail;
+ }
+ if (txdesc->sw_support) {
+ len = le16_to_cpu(txdesc->data_len);
+ if (len < PRISM2_DATA_MAXLEN) {
+ *payload = kmalloc(len, GFP_ATOMIC);
+ if (*payload == NULL ||
+ hfa384x_from_bap(dev, BAP0, *payload, len)) {
+ PDEBUG(DEBUG_EXTRA, "%s: could not read TX "
+ "frame payload\n", dev->name);
+ kfree(*payload);
+ *payload = NULL;
+ ret = -1;
+ goto fail;
+ }
+ }
+ }
+
+ fail:
+ spin_unlock(&local->baplock);
+
+ return ret;
+}
+
+
+/* Called only as a tasklet (software IRQ) */
+static void prism2_tx_ev(local_info_t *local)
+{
+ struct net_device *dev = local->dev;
+ char *payload = NULL;
+ struct hfa384x_tx_frame txdesc;
+
+ if (hostap_tx_compl_read(local, 0, &txdesc, &payload))
+ goto fail;
+
+ if (local->frame_dump & PRISM2_DUMP_TX_HDR) {
+ PDEBUG(DEBUG_EXTRA, "%s: TX - status=0x%04x "
+ "retry_count=%d tx_rate=%d seq_ctrl=%d "
+ "duration_id=%d\n",
+ dev->name, le16_to_cpu(txdesc.status),
+ txdesc.retry_count, txdesc.tx_rate,
+ le16_to_cpu(txdesc.seq_ctrl),
+ le16_to_cpu(txdesc.duration_id));
+ }
+
+ if (txdesc.sw_support)
+ hostap_tx_callback(local, &txdesc, 1, payload);
+ kfree(payload);
+
+ fail:
+ HFA384X_OUTW(HFA384X_EV_TX, HFA384X_EVACK_OFF);
+}
+
+
+/* Called only as a tasklet (software IRQ) */
+static void hostap_sta_tx_exc_tasklet(struct tasklet_struct *t)
+{
+ local_info_t *local = from_tasklet(local, t, sta_tx_exc_tasklet);
+ struct sk_buff *skb;
+
+ while ((skb = skb_dequeue(&local->sta_tx_exc_list)) != NULL) {
+ struct hfa384x_tx_frame *txdesc =
+ (struct hfa384x_tx_frame *) skb->data;
+
+ if (skb->len >= sizeof(*txdesc)) {
+ /* Convert Prism2 RX structure into IEEE 802.11 header
+ */
+ int hdrlen = hostap_80211_get_hdrlen(txdesc->frame_control);
+ memmove(skb_pull(skb, sizeof(*txdesc) - hdrlen),
+ &txdesc->frame_control, hdrlen);
+
+ hostap_handle_sta_tx_exc(local, skb);
+ }
+ dev_kfree_skb(skb);
+ }
+}
+
+
+/* Called only as a tasklet (software IRQ) */
+static void prism2_txexc(local_info_t *local)
+{
+ struct net_device *dev = local->dev;
+ u16 status, fc;
+ int show_dump, res;
+ char *payload = NULL;
+ struct hfa384x_tx_frame txdesc;
+
+ show_dump = local->frame_dump & PRISM2_DUMP_TXEXC_HDR;
+ dev->stats.tx_errors++;
+
+ res = hostap_tx_compl_read(local, 1, &txdesc, &payload);
+ HFA384X_OUTW(HFA384X_EV_TXEXC, HFA384X_EVACK_OFF);
+ if (res)
+ return;
+
+ status = le16_to_cpu(txdesc.status);
+
+ /* We produce a TXDROP event only for retry or lifetime
+ * exceeded, because that's the only status that really mean
+ * that this particular node went away.
+ * Other errors means that *we* screwed up. - Jean II */
+ if (status & (HFA384X_TX_STATUS_RETRYERR | HFA384X_TX_STATUS_AGEDERR))
+ {
+ union iwreq_data wrqu;
+
+ /* Copy 802.11 dest address. */
+ memcpy(wrqu.addr.sa_data, txdesc.addr1, ETH_ALEN);
+ wrqu.addr.sa_family = ARPHRD_ETHER;
+ wireless_send_event(dev, IWEVTXDROP, &wrqu, NULL);
+ } else
+ show_dump = 1;
+
+ if (local->iw_mode == IW_MODE_MASTER ||
+ local->iw_mode == IW_MODE_REPEAT ||
+ local->wds_type & HOSTAP_WDS_AP_CLIENT) {
+ struct sk_buff *skb;
+ skb = dev_alloc_skb(sizeof(txdesc));
+ if (skb) {
+ skb_put_data(skb, &txdesc, sizeof(txdesc));
+ skb_queue_tail(&local->sta_tx_exc_list, skb);
+ tasklet_schedule(&local->sta_tx_exc_tasklet);
+ }
+ }
+
+ if (txdesc.sw_support)
+ hostap_tx_callback(local, &txdesc, 0, payload);
+ kfree(payload);
+
+ if (!show_dump)
+ return;
+
+ PDEBUG(DEBUG_EXTRA, "%s: TXEXC - status=0x%04x (%s%s%s%s)"
+ " tx_control=%04x\n",
+ dev->name, status,
+ status & HFA384X_TX_STATUS_RETRYERR ? "[RetryErr]" : "",
+ status & HFA384X_TX_STATUS_AGEDERR ? "[AgedErr]" : "",
+ status & HFA384X_TX_STATUS_DISCON ? "[Discon]" : "",
+ status & HFA384X_TX_STATUS_FORMERR ? "[FormErr]" : "",
+ le16_to_cpu(txdesc.tx_control));
+
+ fc = le16_to_cpu(txdesc.frame_control);
+ PDEBUG(DEBUG_EXTRA, " retry_count=%d tx_rate=%d fc=0x%04x "
+ "(%s%s%s::%d%s%s)\n",
+ txdesc.retry_count, txdesc.tx_rate, fc,
+ ieee80211_is_mgmt(txdesc.frame_control) ? "Mgmt" : "",
+ ieee80211_is_ctl(txdesc.frame_control) ? "Ctrl" : "",
+ ieee80211_is_data(txdesc.frame_control) ? "Data" : "",
+ (fc & IEEE80211_FCTL_STYPE) >> 4,
+ ieee80211_has_tods(txdesc.frame_control) ? " ToDS" : "",
+ ieee80211_has_fromds(txdesc.frame_control) ? " FromDS" : "");
+ PDEBUG(DEBUG_EXTRA, " A1=%pM A2=%pM A3=%pM A4=%pM\n",
+ txdesc.addr1, txdesc.addr2,
+ txdesc.addr3, txdesc.addr4);
+}
+
+
+/* Called only as a tasklet (software IRQ) */
+static void hostap_info_tasklet(struct tasklet_struct *t)
+{
+ local_info_t *local = from_tasklet(local, t, info_tasklet);
+ struct sk_buff *skb;
+
+ while ((skb = skb_dequeue(&local->info_list)) != NULL) {
+ hostap_info_process(local, skb);
+ dev_kfree_skb(skb);
+ }
+}
+
+
+/* Called only as a tasklet (software IRQ) */
+static void prism2_info(local_info_t *local)
+{
+ struct net_device *dev = local->dev;
+ u16 fid;
+ int res, left;
+ struct hfa384x_info_frame info;
+ struct sk_buff *skb;
+
+ fid = HFA384X_INW(HFA384X_INFOFID_OFF);
+
+ spin_lock(&local->baplock);
+ res = hfa384x_setup_bap(dev, BAP0, fid, 0);
+ if (!res)
+ res = hfa384x_from_bap(dev, BAP0, &info, sizeof(info));
+ if (res) {
+ spin_unlock(&local->baplock);
+ printk(KERN_DEBUG "Could not get info frame (fid=0x%04x)\n",
+ fid);
+ if (res == -ETIMEDOUT) {
+ schedule_work(&local->reset_queue);
+ }
+ goto out;
+ }
+
+ left = (le16_to_cpu(info.len) - 1) * 2;
+
+ if (info.len & cpu_to_le16(0x8000) || info.len == 0 || left > 2060) {
+ /* data register seems to give 0x8000 in some error cases even
+ * though busy bit is not set in offset register;
+ * in addition, length must be at least 1 due to type field */
+ spin_unlock(&local->baplock);
+ printk(KERN_DEBUG "%s: Received info frame with invalid "
+ "length 0x%04x (type 0x%04x)\n", dev->name,
+ le16_to_cpu(info.len), le16_to_cpu(info.type));
+ goto out;
+ }
+
+ skb = dev_alloc_skb(sizeof(info) + left);
+ if (skb == NULL) {
+ spin_unlock(&local->baplock);
+ printk(KERN_DEBUG "%s: Could not allocate skb for info "
+ "frame\n", dev->name);
+ goto out;
+ }
+
+ skb_put_data(skb, &info, sizeof(info));
+ if (left > 0 && hfa384x_from_bap(dev, BAP0, skb_put(skb, left), left))
+ {
+ spin_unlock(&local->baplock);
+ printk(KERN_WARNING "%s: Info frame read failed (fid=0x%04x, "
+ "len=0x%04x, type=0x%04x\n", dev->name, fid,
+ le16_to_cpu(info.len), le16_to_cpu(info.type));
+ dev_kfree_skb(skb);
+ goto out;
+ }
+ spin_unlock(&local->baplock);
+
+ skb_queue_tail(&local->info_list, skb);
+ tasklet_schedule(&local->info_tasklet);
+
+ out:
+ HFA384X_OUTW(HFA384X_EV_INFO, HFA384X_EVACK_OFF);
+}
+
+
+/* Called only as a tasklet (software IRQ) */
+static void hostap_bap_tasklet(struct tasklet_struct *t)
+{
+ local_info_t *local = from_tasklet(local, t, bap_tasklet);
+ struct net_device *dev = local->dev;
+ u16 ev;
+ int frames = 30;
+
+ if (local->func->card_present && !local->func->card_present(local))
+ return;
+
+ set_bit(HOSTAP_BITS_BAP_TASKLET, &local->bits);
+
+ /* Process all pending BAP events without generating new interrupts
+ * for them */
+ while (frames-- > 0) {
+ ev = HFA384X_INW(HFA384X_EVSTAT_OFF);
+ if (ev == 0xffff || !(ev & HFA384X_BAP0_EVENTS))
+ break;
+ if (ev & HFA384X_EV_RX)
+ prism2_rx(local);
+ if (ev & HFA384X_EV_INFO)
+ prism2_info(local);
+ if (ev & HFA384X_EV_TX)
+ prism2_tx_ev(local);
+ if (ev & HFA384X_EV_TXEXC)
+ prism2_txexc(local);
+ }
+
+ set_bit(HOSTAP_BITS_BAP_TASKLET2, &local->bits);
+ clear_bit(HOSTAP_BITS_BAP_TASKLET, &local->bits);
+
+ /* Enable interrupts for new BAP events */
+ hfa384x_events_all(dev);
+ clear_bit(HOSTAP_BITS_BAP_TASKLET2, &local->bits);
+}
+
+
+/* Called only from hardware IRQ */
+static void prism2_infdrop(struct net_device *dev)
+{
+ static unsigned long last_inquire = 0;
+
+ PDEBUG(DEBUG_EXTRA, "%s: INFDROP event\n", dev->name);
+
+ /* some firmware versions seem to get stuck with
+ * full CommTallies in high traffic load cases; every
+ * packet will then cause INFDROP event and CommTallies
+ * info frame will not be sent automatically. Try to
+ * get out of this state by inquiring CommTallies. */
+ if (!last_inquire || time_after(jiffies, last_inquire + HZ)) {
+ hfa384x_cmd_callback(dev, HFA384X_CMDCODE_INQUIRE,
+ HFA384X_INFO_COMMTALLIES, NULL, 0);
+ last_inquire = jiffies;
+ }
+}
+
+
+/* Called only from hardware IRQ */
+static void prism2_ev_tick(struct net_device *dev)
+{
+ struct hostap_interface *iface;
+ local_info_t *local;
+ u16 evstat, inten;
+ static int prev_stuck = 0;
+
+ iface = netdev_priv(dev);
+ local = iface->local;
+
+ if (time_after(jiffies, local->last_tick_timer + 5 * HZ) &&
+ local->last_tick_timer) {
+ evstat = HFA384X_INW(HFA384X_EVSTAT_OFF);
+ inten = HFA384X_INW(HFA384X_INTEN_OFF);
+ if (!prev_stuck) {
+ printk(KERN_INFO "%s: SW TICK stuck? "
+ "bits=0x%lx EvStat=%04x IntEn=%04x\n",
+ dev->name, local->bits, evstat, inten);
+ }
+ local->sw_tick_stuck++;
+ if ((evstat & HFA384X_BAP0_EVENTS) &&
+ (inten & HFA384X_BAP0_EVENTS)) {
+ printk(KERN_INFO "%s: trying to recover from IRQ "
+ "hang\n", dev->name);
+ hfa384x_events_no_bap0(dev);
+ }
+ prev_stuck = 1;
+ } else
+ prev_stuck = 0;
+}
+
+
+/* Called only from hardware IRQ */
+static void prism2_check_magic(local_info_t *local)
+{
+ /* at least PCI Prism2.5 with bus mastering seems to sometimes
+ * return 0x0000 in SWSUPPORT0 for unknown reason, but re-reading the
+ * register once or twice seems to get the correct value.. PCI cards
+ * cannot anyway be removed during normal operation, so there is not
+ * really any need for this verification with them. */
+
+#ifndef PRISM2_PCI
+#ifndef final_version
+ static unsigned long last_magic_err = 0;
+ struct net_device *dev = local->dev;
+
+ if (HFA384X_INW(HFA384X_SWSUPPORT0_OFF) != HFA384X_MAGIC) {
+ if (!local->hw_ready)
+ return;
+ HFA384X_OUTW(0xffff, HFA384X_EVACK_OFF);
+ if (time_after(jiffies, last_magic_err + 10 * HZ)) {
+ printk("%s: Interrupt, but SWSUPPORT0 does not match: "
+ "%04X != %04X - card removed?\n", dev->name,
+ HFA384X_INW(HFA384X_SWSUPPORT0_OFF),
+ HFA384X_MAGIC);
+ last_magic_err = jiffies;
+ } else if (net_ratelimit()) {
+ printk(KERN_DEBUG "%s: interrupt - SWSUPPORT0=%04x "
+ "MAGIC=%04x\n", dev->name,
+ HFA384X_INW(HFA384X_SWSUPPORT0_OFF),
+ HFA384X_MAGIC);
+ }
+ if (HFA384X_INW(HFA384X_SWSUPPORT0_OFF) != 0xffff)
+ schedule_work(&local->reset_queue);
+ return;
+ }
+#endif /* final_version */
+#endif /* !PRISM2_PCI */
+}
+
+
+/* Called only from hardware IRQ */
+static irqreturn_t prism2_interrupt(int irq, void *dev_id)
+{
+ struct net_device *dev = dev_id;
+ struct hostap_interface *iface;
+ local_info_t *local;
+ int events = 0;
+ u16 ev;
+
+ iface = netdev_priv(dev);
+ local = iface->local;
+
+ /* Detect early interrupt before driver is fully configured */
+ spin_lock(&local->irq_init_lock);
+ if (!dev->base_addr) {
+ if (net_ratelimit()) {
+ printk(KERN_DEBUG "%s: Interrupt, but dev not configured\n",
+ dev->name);
+ }
+ spin_unlock(&local->irq_init_lock);
+ return IRQ_HANDLED;
+ }
+ spin_unlock(&local->irq_init_lock);
+
+ prism2_io_debug_add(dev, PRISM2_IO_DEBUG_CMD_INTERRUPT, 0, 0);
+
+ if (local->func->card_present && !local->func->card_present(local)) {
+ if (net_ratelimit()) {
+ printk(KERN_DEBUG "%s: Interrupt, but dev not OK\n",
+ dev->name);
+ }
+ return IRQ_HANDLED;
+ }
+
+ prism2_check_magic(local);
+
+ for (;;) {
+ ev = HFA384X_INW(HFA384X_EVSTAT_OFF);
+ if (ev == 0xffff) {
+ if (local->shutdown)
+ return IRQ_HANDLED;
+ HFA384X_OUTW(0xffff, HFA384X_EVACK_OFF);
+ printk(KERN_DEBUG "%s: prism2_interrupt: ev=0xffff\n",
+ dev->name);
+ return IRQ_HANDLED;
+ }
+
+ ev &= HFA384X_INW(HFA384X_INTEN_OFF);
+ if (ev == 0)
+ break;
+
+ if (ev & HFA384X_EV_CMD) {
+ prism2_cmd_ev(dev);
+ }
+
+ /* Above events are needed even before hw is ready, but other
+ * events should be skipped during initialization. This may
+ * change for AllocEv if allocate_fid is implemented without
+ * busy waiting. */
+ if (!local->hw_ready || local->hw_resetting ||
+ !local->dev_enabled) {
+ ev = HFA384X_INW(HFA384X_EVSTAT_OFF);
+ if (ev & HFA384X_EV_CMD)
+ goto next_event;
+ if ((ev & HFA384X_EVENT_MASK) == 0)
+ return IRQ_HANDLED;
+ if (local->dev_enabled && (ev & ~HFA384X_EV_TICK) &&
+ net_ratelimit()) {
+ printk(KERN_DEBUG "%s: prism2_interrupt: hw "
+ "not ready; skipping events 0x%04x "
+ "(IntEn=0x%04x)%s%s%s\n",
+ dev->name, ev,
+ HFA384X_INW(HFA384X_INTEN_OFF),
+ !local->hw_ready ? " (!hw_ready)" : "",
+ local->hw_resetting ?
+ " (hw_resetting)" : "",
+ !local->dev_enabled ?
+ " (!dev_enabled)" : "");
+ }
+ HFA384X_OUTW(ev, HFA384X_EVACK_OFF);
+ return IRQ_HANDLED;
+ }
+
+ if (ev & HFA384X_EV_TICK) {
+ prism2_ev_tick(dev);
+ HFA384X_OUTW(HFA384X_EV_TICK, HFA384X_EVACK_OFF);
+ }
+
+ if (ev & HFA384X_EV_ALLOC) {
+ prism2_alloc_ev(dev);
+ HFA384X_OUTW(HFA384X_EV_ALLOC, HFA384X_EVACK_OFF);
+ }
+
+ /* Reading data from the card is quite time consuming, so do it
+ * in tasklets. TX, TXEXC, RX, and INFO events will be ACKed
+ * and unmasked after needed data has been read completely. */
+ if (ev & HFA384X_BAP0_EVENTS) {
+ hfa384x_events_no_bap0(dev);
+ tasklet_schedule(&local->bap_tasklet);
+ }
+
+#ifndef final_version
+ if (ev & HFA384X_EV_WTERR) {
+ PDEBUG(DEBUG_EXTRA, "%s: WTERR event\n", dev->name);
+ HFA384X_OUTW(HFA384X_EV_WTERR, HFA384X_EVACK_OFF);
+ }
+#endif /* final_version */
+
+ if (ev & HFA384X_EV_INFDROP) {
+ prism2_infdrop(dev);
+ HFA384X_OUTW(HFA384X_EV_INFDROP, HFA384X_EVACK_OFF);
+ }
+
+ next_event:
+ events++;
+ if (events >= PRISM2_MAX_INTERRUPT_EVENTS) {
+ PDEBUG(DEBUG_EXTRA, "prism2_interrupt: >%d events "
+ "(EvStat=0x%04x)\n",
+ PRISM2_MAX_INTERRUPT_EVENTS,
+ HFA384X_INW(HFA384X_EVSTAT_OFF));
+ break;
+ }
+ }
+ prism2_io_debug_add(dev, PRISM2_IO_DEBUG_CMD_INTERRUPT, 0, 1);
+ return IRQ_RETVAL(events);
+}
+
+
+static void prism2_check_sta_fw_version(local_info_t *local)
+{
+ struct hfa384x_comp_ident comp;
+ int id, variant, major, minor;
+
+ if (hfa384x_get_rid(local->dev, HFA384X_RID_STAID,
+ &comp, sizeof(comp), 1) < 0)
+ return;
+
+ local->fw_ap = 0;
+ id = le16_to_cpu(comp.id);
+ if (id != HFA384X_COMP_ID_STA) {
+ if (id == HFA384X_COMP_ID_FW_AP)
+ local->fw_ap = 1;
+ return;
+ }
+
+ major = __le16_to_cpu(comp.major);
+ minor = __le16_to_cpu(comp.minor);
+ variant = __le16_to_cpu(comp.variant);
+ local->sta_fw_ver = PRISM2_FW_VER(major, minor, variant);
+
+ /* Station firmware versions before 1.4.x seem to have a bug in
+ * firmware-based WEP encryption when using Host AP mode, so use
+ * host_encrypt as a default for them. Firmware version 1.4.9 is the
+ * first one that has been seen to produce correct encryption, but the
+ * bug might be fixed before that (although, at least 1.4.2 is broken).
+ */
+ local->fw_encrypt_ok = local->sta_fw_ver >= PRISM2_FW_VER(1,4,9);
+
+ if (local->iw_mode == IW_MODE_MASTER && !local->host_encrypt &&
+ !local->fw_encrypt_ok) {
+ printk(KERN_DEBUG "%s: defaulting to host-based encryption as "
+ "a workaround for firmware bug in Host AP mode WEP\n",
+ local->dev->name);
+ local->host_encrypt = 1;
+ }
+
+ /* IEEE 802.11 standard compliant WDS frames (4 addresses) were broken
+ * in station firmware versions before 1.5.x. With these versions, the
+ * driver uses a workaround with bogus frame format (4th address after
+ * the payload). This is not compatible with other AP devices. Since
+ * the firmware bug is fixed in the latest station firmware versions,
+ * automatically enable standard compliant mode for cards using station
+ * firmware version 1.5.0 or newer. */
+ if (local->sta_fw_ver >= PRISM2_FW_VER(1,5,0))
+ local->wds_type |= HOSTAP_WDS_STANDARD_FRAME;
+ else {
+ printk(KERN_DEBUG "%s: defaulting to bogus WDS frame as a "
+ "workaround for firmware bug in Host AP mode WDS\n",
+ local->dev->name);
+ }
+
+ hostap_check_sta_fw_version(local->ap, local->sta_fw_ver);
+}
+
+
+static void hostap_passive_scan(struct timer_list *t)
+{
+ local_info_t *local = from_timer(local, t, passive_scan_timer);
+ struct net_device *dev = local->dev;
+ u16 chan;
+
+ if (local->passive_scan_interval <= 0)
+ return;
+
+ if (local->passive_scan_state == PASSIVE_SCAN_LISTEN) {
+ int max_tries = 16;
+
+ /* Even though host system does not really know when the WLAN
+ * MAC is sending frames, try to avoid changing channels for
+ * passive scanning when a host-generated frame is being
+ * transmitted */
+ if (test_bit(HOSTAP_BITS_TRANSMIT, &local->bits)) {
+ printk(KERN_DEBUG "%s: passive scan detected pending "
+ "TX - delaying\n", dev->name);
+ local->passive_scan_timer.expires = jiffies + HZ / 10;
+ add_timer(&local->passive_scan_timer);
+ return;
+ }
+
+ do {
+ local->passive_scan_channel++;
+ if (local->passive_scan_channel > 14)
+ local->passive_scan_channel = 1;
+ max_tries--;
+ } while (!(local->channel_mask &
+ (1 << (local->passive_scan_channel - 1))) &&
+ max_tries > 0);
+
+ if (max_tries == 0) {
+ printk(KERN_INFO "%s: no allowed passive scan channels"
+ " found\n", dev->name);
+ return;
+ }
+
+ printk(KERN_DEBUG "%s: passive scan channel %d\n",
+ dev->name, local->passive_scan_channel);
+ chan = local->passive_scan_channel;
+ local->passive_scan_state = PASSIVE_SCAN_WAIT;
+ local->passive_scan_timer.expires = jiffies + HZ / 10;
+ } else {
+ chan = local->channel;
+ local->passive_scan_state = PASSIVE_SCAN_LISTEN;
+ local->passive_scan_timer.expires = jiffies +
+ local->passive_scan_interval * HZ;
+ }
+
+ if (hfa384x_cmd_callback(dev, HFA384X_CMDCODE_TEST |
+ (HFA384X_TEST_CHANGE_CHANNEL << 8),
+ chan, NULL, 0))
+ printk(KERN_ERR "%s: passive scan channel set %d "
+ "failed\n", dev->name, chan);
+
+ add_timer(&local->passive_scan_timer);
+}
+
+
+/* Called only as a scheduled task when communications quality values should
+ * be updated. */
+static void handle_comms_qual_update(struct work_struct *work)
+{
+ local_info_t *local =
+ container_of(work, local_info_t, comms_qual_update);
+ prism2_update_comms_qual(local->dev);
+}
+
+
+/* Software watchdog - called as a timer. Hardware interrupt (Tick event) is
+ * used to monitor that local->last_tick_timer is being updated. If not,
+ * interrupt busy-loop is assumed and driver tries to recover by masking out
+ * some events. */
+static void hostap_tick_timer(struct timer_list *t)
+{
+ static unsigned long last_inquire = 0;
+ local_info_t *local = from_timer(local, t, tick_timer);
+ local->last_tick_timer = jiffies;
+
+ /* Inquire CommTallies every 10 seconds to keep the statistics updated
+ * more often during low load and when using 32-bit tallies. */
+ if ((!last_inquire || time_after(jiffies, last_inquire + 10 * HZ)) &&
+ !local->hw_downloading && local->hw_ready &&
+ !local->hw_resetting && local->dev_enabled) {
+ hfa384x_cmd_callback(local->dev, HFA384X_CMDCODE_INQUIRE,
+ HFA384X_INFO_COMMTALLIES, NULL, 0);
+ last_inquire = jiffies;
+ }
+
+ if ((local->last_comms_qual_update == 0 ||
+ time_after(jiffies, local->last_comms_qual_update + 10 * HZ)) &&
+ (local->iw_mode == IW_MODE_INFRA ||
+ local->iw_mode == IW_MODE_ADHOC)) {
+ schedule_work(&local->comms_qual_update);
+ }
+
+ local->tick_timer.expires = jiffies + 2 * HZ;
+ add_timer(&local->tick_timer);
+}
+
+
+#if !defined(PRISM2_NO_PROCFS_DEBUG) && defined(CONFIG_PROC_FS)
+static u16 hfa384x_read_reg(struct net_device *dev, u16 reg)
+{
+ return HFA384X_INW(reg);
+}
+
+static int prism2_registers_proc_show(struct seq_file *m, void *v)
+{
+ local_info_t *local = m->private;
+
+#define SHOW_REG(n) \
+ seq_printf(m, #n "=%04x\n", hfa384x_read_reg(local->dev, HFA384X_##n##_OFF))
+
+ SHOW_REG(CMD);
+ SHOW_REG(PARAM0);
+ SHOW_REG(PARAM1);
+ SHOW_REG(PARAM2);
+ SHOW_REG(STATUS);
+ SHOW_REG(RESP0);
+ SHOW_REG(RESP1);
+ SHOW_REG(RESP2);
+ SHOW_REG(INFOFID);
+ SHOW_REG(CONTROL);
+ SHOW_REG(SELECT0);
+ SHOW_REG(SELECT1);
+ SHOW_REG(OFFSET0);
+ SHOW_REG(OFFSET1);
+ SHOW_REG(RXFID);
+ SHOW_REG(ALLOCFID);
+ SHOW_REG(TXCOMPLFID);
+ SHOW_REG(SWSUPPORT0);
+ SHOW_REG(SWSUPPORT1);
+ SHOW_REG(SWSUPPORT2);
+ SHOW_REG(EVSTAT);
+ SHOW_REG(INTEN);
+ SHOW_REG(EVACK);
+ /* Do not read data registers, because they change the state of the
+ * MAC (offset += 2) */
+ /* SHOW_REG(DATA0); */
+ /* SHOW_REG(DATA1); */
+ SHOW_REG(AUXPAGE);
+ SHOW_REG(AUXOFFSET);
+ /* SHOW_REG(AUXDATA); */
+#ifdef PRISM2_PCI
+ SHOW_REG(PCICOR);
+ SHOW_REG(PCIHCR);
+ SHOW_REG(PCI_M0_ADDRH);
+ SHOW_REG(PCI_M0_ADDRL);
+ SHOW_REG(PCI_M0_LEN);
+ SHOW_REG(PCI_M0_CTL);
+ SHOW_REG(PCI_STATUS);
+ SHOW_REG(PCI_M1_ADDRH);
+ SHOW_REG(PCI_M1_ADDRL);
+ SHOW_REG(PCI_M1_LEN);
+ SHOW_REG(PCI_M1_CTL);
+#endif /* PRISM2_PCI */
+
+ return 0;
+}
+#endif
+
+struct set_tim_data {
+ struct list_head list;
+ int aid;
+ int set;
+};
+
+static int prism2_set_tim(struct net_device *dev, int aid, int set)
+{
+ struct list_head *ptr;
+ struct set_tim_data *new_entry;
+ struct hostap_interface *iface;
+ local_info_t *local;
+
+ iface = netdev_priv(dev);
+ local = iface->local;
+
+ new_entry = kzalloc(sizeof(*new_entry), GFP_ATOMIC);
+ if (new_entry == NULL)
+ return -ENOMEM;
+
+ new_entry->aid = aid;
+ new_entry->set = set;
+
+ spin_lock_bh(&local->set_tim_lock);
+ list_for_each(ptr, &local->set_tim_list) {
+ struct set_tim_data *entry =
+ list_entry(ptr, struct set_tim_data, list);
+ if (entry->aid == aid) {
+ PDEBUG(DEBUG_PS2, "%s: prism2_set_tim: aid=%d "
+ "set=%d ==> %d\n",
+ local->dev->name, aid, entry->set, set);
+ entry->set = set;
+ kfree(new_entry);
+ new_entry = NULL;
+ break;
+ }
+ }
+ if (new_entry)
+ list_add_tail(&new_entry->list, &local->set_tim_list);
+ spin_unlock_bh(&local->set_tim_lock);
+
+ schedule_work(&local->set_tim_queue);
+
+ return 0;
+}
+
+
+static void handle_set_tim_queue(struct work_struct *work)
+{
+ local_info_t *local = container_of(work, local_info_t, set_tim_queue);
+ struct set_tim_data *entry;
+ u16 val;
+
+ for (;;) {
+ entry = NULL;
+ spin_lock_bh(&local->set_tim_lock);
+ if (!list_empty(&local->set_tim_list)) {
+ entry = list_entry(local->set_tim_list.next,
+ struct set_tim_data, list);
+ list_del(&entry->list);
+ }
+ spin_unlock_bh(&local->set_tim_lock);
+ if (!entry)
+ break;
+
+ PDEBUG(DEBUG_PS2, "%s: handle_set_tim_queue: aid=%d set=%d\n",
+ local->dev->name, entry->aid, entry->set);
+
+ val = entry->aid;
+ if (entry->set)
+ val |= 0x8000;
+ if (hostap_set_word(local->dev, HFA384X_RID_CNFTIMCTRL, val)) {
+ printk(KERN_DEBUG "%s: set_tim failed (aid=%d "
+ "set=%d)\n",
+ local->dev->name, entry->aid, entry->set);
+ }
+
+ kfree(entry);
+ }
+}
+
+
+static void prism2_clear_set_tim_queue(local_info_t *local)
+{
+ struct list_head *ptr, *n;
+
+ list_for_each_safe(ptr, n, &local->set_tim_list) {
+ struct set_tim_data *entry;
+ entry = list_entry(ptr, struct set_tim_data, list);
+ list_del(&entry->list);
+ kfree(entry);
+ }
+}
+
+
+/*
+ * HostAP uses two layers of net devices, where the inner
+ * layer gets called all the time from the outer layer.
+ * This is a natural nesting, which needs a split lock type.
+ */
+static struct lock_class_key hostap_netdev_xmit_lock_key;
+static struct lock_class_key hostap_netdev_addr_lock_key;
+
+static void prism2_set_lockdep_class_one(struct net_device *dev,
+ struct netdev_queue *txq,
+ void *_unused)
+{
+ lockdep_set_class(&txq->_xmit_lock,
+ &hostap_netdev_xmit_lock_key);
+}
+
+static void prism2_set_lockdep_class(struct net_device *dev)
+{
+ lockdep_set_class(&dev->addr_list_lock,
+ &hostap_netdev_addr_lock_key);
+ netdev_for_each_tx_queue(dev, prism2_set_lockdep_class_one, NULL);
+}
+
+static struct net_device *
+prism2_init_local_data(struct prism2_helper_functions *funcs, int card_idx,
+ struct device *sdev)
+{
+ struct net_device *dev;
+ struct hostap_interface *iface;
+ struct local_info *local;
+ int len, i, ret;
+
+ if (funcs == NULL)
+ return NULL;
+
+ len = strlen(dev_template);
+ if (len >= IFNAMSIZ || strstr(dev_template, "%d") == NULL) {
+ printk(KERN_WARNING "hostap: Invalid dev_template='%s'\n",
+ dev_template);
+ return NULL;
+ }
+
+ len = sizeof(struct hostap_interface) +
+ 3 + sizeof(struct local_info) +
+ 3 + sizeof(struct ap_data);
+
+ dev = alloc_etherdev(len);
+ if (dev == NULL)
+ return NULL;
+
+ iface = netdev_priv(dev);
+ local = (struct local_info *) ((((long) (iface + 1)) + 3) & ~3);
+ local->ap = (struct ap_data *) ((((long) (local + 1)) + 3) & ~3);
+ local->dev = iface->dev = dev;
+ iface->local = local;
+ iface->type = HOSTAP_INTERFACE_MASTER;
+ INIT_LIST_HEAD(&local->hostap_interfaces);
+
+ local->hw_module = THIS_MODULE;
+
+#ifdef PRISM2_IO_DEBUG
+ local->io_debug_enabled = 1;
+#endif /* PRISM2_IO_DEBUG */
+
+ local->func = funcs;
+ local->func->cmd = hfa384x_cmd;
+ local->func->read_regs = hfa384x_read_regs;
+ local->func->get_rid = hfa384x_get_rid;
+ local->func->set_rid = hfa384x_set_rid;
+ local->func->hw_enable = prism2_hw_enable;
+ local->func->hw_config = prism2_hw_config;
+ local->func->hw_reset = prism2_hw_reset;
+ local->func->hw_shutdown = prism2_hw_shutdown;
+ local->func->reset_port = prism2_reset_port;
+ local->func->schedule_reset = prism2_schedule_reset;
+#ifdef PRISM2_DOWNLOAD_SUPPORT
+ local->func->read_aux_proc_ops = &prism2_download_aux_dump_proc_ops;
+ local->func->download = prism2_download;
+#endif /* PRISM2_DOWNLOAD_SUPPORT */
+ local->func->tx = prism2_tx_80211;
+ local->func->set_tim = prism2_set_tim;
+ local->func->need_tx_headroom = 0; /* no need to add txdesc in
+ * skb->data (FIX: maybe for DMA bus
+ * mastering? */
+
+ local->mtu = mtu;
+
+ rwlock_init(&local->iface_lock);
+ spin_lock_init(&local->txfidlock);
+ spin_lock_init(&local->cmdlock);
+ spin_lock_init(&local->baplock);
+ spin_lock_init(&local->lock);
+ spin_lock_init(&local->irq_init_lock);
+ mutex_init(&local->rid_bap_mtx);
+
+ if (card_idx < 0 || card_idx >= MAX_PARM_DEVICES)
+ card_idx = 0;
+ local->card_idx = card_idx;
+
+ len = strlen(essid);
+ memcpy(local->essid, essid,
+ len > MAX_SSID_LEN ? MAX_SSID_LEN : len);
+ local->essid[MAX_SSID_LEN] = '\0';
+ i = GET_INT_PARM(iw_mode, card_idx);
+ if ((i >= IW_MODE_ADHOC && i <= IW_MODE_REPEAT) ||
+ i == IW_MODE_MONITOR) {
+ local->iw_mode = i;
+ } else {
+ printk(KERN_WARNING "prism2: Unknown iw_mode %d; using "
+ "IW_MODE_MASTER\n", i);
+ local->iw_mode = IW_MODE_MASTER;
+ }
+ local->channel = GET_INT_PARM(channel, card_idx);
+ local->beacon_int = GET_INT_PARM(beacon_int, card_idx);
+ local->dtim_period = GET_INT_PARM(dtim_period, card_idx);
+ local->wds_max_connections = 16;
+ local->tx_control = HFA384X_TX_CTRL_FLAGS;
+ local->manual_retry_count = -1;
+ local->rts_threshold = 2347;
+ local->fragm_threshold = 2346;
+ local->rssi_to_dBm = 100; /* default; to be overriden by
+ * cnfDbmAdjust, if available */
+ local->auth_algs = PRISM2_AUTH_OPEN | PRISM2_AUTH_SHARED_KEY;
+ local->sram_type = -1;
+ local->scan_channel_mask = 0xffff;
+ local->monitor_type = PRISM2_MONITOR_RADIOTAP;
+
+ /* Initialize task queue structures */
+ INIT_WORK(&local->reset_queue, handle_reset_queue);
+ INIT_WORK(&local->set_multicast_list_queue,
+ hostap_set_multicast_list_queue);
+
+ INIT_WORK(&local->set_tim_queue, handle_set_tim_queue);
+ INIT_LIST_HEAD(&local->set_tim_list);
+ spin_lock_init(&local->set_tim_lock);
+
+ INIT_WORK(&local->comms_qual_update, handle_comms_qual_update);
+
+ /* Initialize tasklets for handling hardware IRQ related operations
+ * outside hw IRQ handler */
+ tasklet_setup(&local->bap_tasklet, hostap_bap_tasklet);
+ tasklet_setup(&local->info_tasklet, hostap_info_tasklet);
+ hostap_info_init(local);
+
+ tasklet_setup(&local->rx_tasklet, hostap_rx_tasklet);
+ skb_queue_head_init(&local->rx_list);
+
+ tasklet_setup(&local->sta_tx_exc_tasklet,
+ hostap_sta_tx_exc_tasklet);
+ skb_queue_head_init(&local->sta_tx_exc_list);
+
+ INIT_LIST_HEAD(&local->cmd_queue);
+ init_waitqueue_head(&local->hostscan_wq);
+
+ lib80211_crypt_info_init(&local->crypt_info, dev->name, &local->lock);
+
+ timer_setup(&local->passive_scan_timer, hostap_passive_scan, 0);
+ timer_setup(&local->tick_timer, hostap_tick_timer, 0);
+ local->tick_timer.expires = jiffies + 2 * HZ;
+ add_timer(&local->tick_timer);
+
+ INIT_LIST_HEAD(&local->bss_list);
+
+ hostap_setup_dev(dev, local, HOSTAP_INTERFACE_MASTER);
+
+ dev->type = ARPHRD_IEEE80211;
+ dev->header_ops = &hostap_80211_ops;
+
+ rtnl_lock();
+ ret = dev_alloc_name(dev, "wifi%d");
+ SET_NETDEV_DEV(dev, sdev);
+ if (ret >= 0)
+ ret = register_netdevice(dev);
+
+ prism2_set_lockdep_class(dev);
+ rtnl_unlock();
+ if (ret < 0) {
+ printk(KERN_WARNING "%s: register netdevice failed!\n",
+ dev_info);
+ goto fail;
+ }
+ printk(KERN_INFO "%s: Registered netdevice %s\n", dev_info, dev->name);
+
+ hostap_init_data(local);
+ return dev;
+
+ fail:
+ free_netdev(dev);
+ return NULL;
+}
+
+
+static int hostap_hw_ready(struct net_device *dev)
+{
+ struct hostap_interface *iface;
+ struct local_info *local;
+
+ iface = netdev_priv(dev);
+ local = iface->local;
+ local->ddev = hostap_add_interface(local, HOSTAP_INTERFACE_MAIN, 0,
+ "", dev_template);
+
+ if (local->ddev) {
+ if (local->iw_mode == IW_MODE_INFRA ||
+ local->iw_mode == IW_MODE_ADHOC) {
+ netif_carrier_off(local->dev);
+ netif_carrier_off(local->ddev);
+ }
+ hostap_init_proc(local);
+#ifndef PRISM2_NO_PROCFS_DEBUG
+ proc_create_single_data("registers", 0, local->proc,
+ prism2_registers_proc_show, local);
+#endif /* PRISM2_NO_PROCFS_DEBUG */
+ hostap_init_ap_proc(local);
+ return 0;
+ }
+
+ return -1;
+}
+
+
+static void prism2_free_local_data(struct net_device *dev)
+{
+ struct hostap_tx_callback_info *tx_cb, *tx_cb_prev;
+ int i;
+ struct hostap_interface *iface;
+ struct local_info *local;
+ struct list_head *ptr, *n;
+
+ if (dev == NULL)
+ return;
+
+ iface = netdev_priv(dev);
+ local = iface->local;
+
+ /* Unregister all netdevs before freeing local data. */
+ list_for_each_safe(ptr, n, &local->hostap_interfaces) {
+ iface = list_entry(ptr, struct hostap_interface, list);
+ if (iface->type == HOSTAP_INTERFACE_MASTER) {
+ /* special handling for this interface below */
+ continue;
+ }
+ hostap_remove_interface(iface->dev, 0, 1);
+ }
+
+ unregister_netdev(local->dev);
+
+ flush_work(&local->reset_queue);
+ flush_work(&local->set_multicast_list_queue);
+ flush_work(&local->set_tim_queue);
+#ifndef PRISM2_NO_STATION_MODES
+ flush_work(&local->info_queue);
+#endif
+ flush_work(&local->comms_qual_update);
+
+ lib80211_crypt_info_free(&local->crypt_info);
+
+ if (timer_pending(&local->passive_scan_timer))
+ del_timer(&local->passive_scan_timer);
+
+ if (timer_pending(&local->tick_timer))
+ del_timer(&local->tick_timer);
+
+ prism2_clear_cmd_queue(local);
+
+ skb_queue_purge(&local->info_list);
+ skb_queue_purge(&local->rx_list);
+ skb_queue_purge(&local->sta_tx_exc_list);
+
+ if (local->dev_enabled)
+ prism2_callback(local, PRISM2_CALLBACK_DISABLE);
+
+ if (local->ap != NULL)
+ hostap_free_data(local->ap);
+
+#ifndef PRISM2_NO_PROCFS_DEBUG
+ if (local->proc != NULL)
+ remove_proc_entry("registers", local->proc);
+#endif /* PRISM2_NO_PROCFS_DEBUG */
+ hostap_remove_proc(local);
+
+ tx_cb = local->tx_callback;
+ while (tx_cb != NULL) {
+ tx_cb_prev = tx_cb;
+ tx_cb = tx_cb->next;
+ kfree(tx_cb_prev);
+ }
+
+ hostap_set_hostapd(local, 0, 0);
+ hostap_set_hostapd_sta(local, 0, 0);
+
+ for (i = 0; i < PRISM2_FRAG_CACHE_LEN; i++) {
+ if (local->frag_cache[i].skb != NULL)
+ dev_kfree_skb(local->frag_cache[i].skb);
+ }
+
+#ifdef PRISM2_DOWNLOAD_SUPPORT
+ prism2_download_free_data(local->dl_pri);
+ prism2_download_free_data(local->dl_sec);
+#endif /* PRISM2_DOWNLOAD_SUPPORT */
+
+ prism2_clear_set_tim_queue(local);
+
+ list_for_each_safe(ptr, n, &local->bss_list) {
+ struct hostap_bss_info *bss =
+ list_entry(ptr, struct hostap_bss_info, list);
+ kfree(bss);
+ }
+
+ kfree(local->pda);
+ kfree(local->last_scan_results);
+ kfree(local->generic_elem);
+
+ free_netdev(local->dev);
+}
+
+
+#if defined(PRISM2_PCI) || defined(PRISM2_PCCARD)
+static void __maybe_unused prism2_suspend(struct net_device *dev)
+{
+ struct hostap_interface *iface;
+ struct local_info *local;
+ union iwreq_data wrqu;
+
+ iface = netdev_priv(dev);
+ local = iface->local;
+
+ /* Send disconnect event, e.g., to trigger reassociation after resume
+ * if wpa_supplicant is used. */
+ memset(&wrqu, 0, sizeof(wrqu));
+ wrqu.ap_addr.sa_family = ARPHRD_ETHER;
+ wireless_send_event(local->dev, SIOCGIWAP, &wrqu, NULL);
+
+ /* Disable hardware and firmware */
+ prism2_hw_shutdown(dev, 0);
+}
+#endif /* PRISM2_PCI || PRISM2_PCCARD */
+
+
+/* These might at some point be compiled separately and used as separate
+ * kernel modules or linked into one */
+#ifdef PRISM2_DOWNLOAD_SUPPORT
+#include "hostap_download.c"
+#endif /* PRISM2_DOWNLOAD_SUPPORT */
+
+#ifdef PRISM2_CALLBACK
+/* External hostap_callback.c file can be used to, e.g., blink activity led.
+ * This can use platform specific code and must define prism2_callback()
+ * function (if PRISM2_CALLBACK is not defined, these function calls are not
+ * used. */
+#include "hostap_callback.c"
+#endif /* PRISM2_CALLBACK */
diff --git a/drivers/net/wireless/intersil/hostap/hostap_info.c b/drivers/net/wireless/intersil/hostap/hostap_info.c
new file mode 100644
index 000000000..da8c30f10
--- /dev/null
+++ b/drivers/net/wireless/intersil/hostap/hostap_info.c
@@ -0,0 +1,509 @@
+// SPDX-License-Identifier: GPL-2.0
+/* Host AP driver Info Frame processing (part of hostap.o module) */
+
+#include <linux/if_arp.h>
+#include <linux/sched.h>
+#include <linux/slab.h>
+#include <linux/export.h>
+#include <linux/etherdevice.h>
+#include "hostap_wlan.h"
+#include "hostap.h"
+#include "hostap_ap.h"
+
+/* Called only as a tasklet (software IRQ) */
+static void prism2_info_commtallies16(local_info_t *local, unsigned char *buf,
+ int left)
+{
+ struct hfa384x_comm_tallies *tallies;
+
+ if (left < sizeof(struct hfa384x_comm_tallies)) {
+ printk(KERN_DEBUG "%s: too short (len=%d) commtallies "
+ "info frame\n", local->dev->name, left);
+ return;
+ }
+
+ tallies = (struct hfa384x_comm_tallies *) buf;
+#define ADD_COMM_TALLIES(name) \
+local->comm_tallies.name += le16_to_cpu(tallies->name)
+ ADD_COMM_TALLIES(tx_unicast_frames);
+ ADD_COMM_TALLIES(tx_multicast_frames);
+ ADD_COMM_TALLIES(tx_fragments);
+ ADD_COMM_TALLIES(tx_unicast_octets);
+ ADD_COMM_TALLIES(tx_multicast_octets);
+ ADD_COMM_TALLIES(tx_deferred_transmissions);
+ ADD_COMM_TALLIES(tx_single_retry_frames);
+ ADD_COMM_TALLIES(tx_multiple_retry_frames);
+ ADD_COMM_TALLIES(tx_retry_limit_exceeded);
+ ADD_COMM_TALLIES(tx_discards);
+ ADD_COMM_TALLIES(rx_unicast_frames);
+ ADD_COMM_TALLIES(rx_multicast_frames);
+ ADD_COMM_TALLIES(rx_fragments);
+ ADD_COMM_TALLIES(rx_unicast_octets);
+ ADD_COMM_TALLIES(rx_multicast_octets);
+ ADD_COMM_TALLIES(rx_fcs_errors);
+ ADD_COMM_TALLIES(rx_discards_no_buffer);
+ ADD_COMM_TALLIES(tx_discards_wrong_sa);
+ ADD_COMM_TALLIES(rx_discards_wep_undecryptable);
+ ADD_COMM_TALLIES(rx_message_in_msg_fragments);
+ ADD_COMM_TALLIES(rx_message_in_bad_msg_fragments);
+#undef ADD_COMM_TALLIES
+}
+
+
+/* Called only as a tasklet (software IRQ) */
+static void prism2_info_commtallies32(local_info_t *local, unsigned char *buf,
+ int left)
+{
+ struct hfa384x_comm_tallies32 *tallies;
+
+ if (left < sizeof(struct hfa384x_comm_tallies32)) {
+ printk(KERN_DEBUG "%s: too short (len=%d) commtallies32 "
+ "info frame\n", local->dev->name, left);
+ return;
+ }
+
+ tallies = (struct hfa384x_comm_tallies32 *) buf;
+#define ADD_COMM_TALLIES(name) \
+local->comm_tallies.name += le32_to_cpu(tallies->name)
+ ADD_COMM_TALLIES(tx_unicast_frames);
+ ADD_COMM_TALLIES(tx_multicast_frames);
+ ADD_COMM_TALLIES(tx_fragments);
+ ADD_COMM_TALLIES(tx_unicast_octets);
+ ADD_COMM_TALLIES(tx_multicast_octets);
+ ADD_COMM_TALLIES(tx_deferred_transmissions);
+ ADD_COMM_TALLIES(tx_single_retry_frames);
+ ADD_COMM_TALLIES(tx_multiple_retry_frames);
+ ADD_COMM_TALLIES(tx_retry_limit_exceeded);
+ ADD_COMM_TALLIES(tx_discards);
+ ADD_COMM_TALLIES(rx_unicast_frames);
+ ADD_COMM_TALLIES(rx_multicast_frames);
+ ADD_COMM_TALLIES(rx_fragments);
+ ADD_COMM_TALLIES(rx_unicast_octets);
+ ADD_COMM_TALLIES(rx_multicast_octets);
+ ADD_COMM_TALLIES(rx_fcs_errors);
+ ADD_COMM_TALLIES(rx_discards_no_buffer);
+ ADD_COMM_TALLIES(tx_discards_wrong_sa);
+ ADD_COMM_TALLIES(rx_discards_wep_undecryptable);
+ ADD_COMM_TALLIES(rx_message_in_msg_fragments);
+ ADD_COMM_TALLIES(rx_message_in_bad_msg_fragments);
+#undef ADD_COMM_TALLIES
+}
+
+
+/* Called only as a tasklet (software IRQ) */
+static void prism2_info_commtallies(local_info_t *local, unsigned char *buf,
+ int left)
+{
+ if (local->tallies32)
+ prism2_info_commtallies32(local, buf, left);
+ else
+ prism2_info_commtallies16(local, buf, left);
+}
+
+
+#ifndef PRISM2_NO_STATION_MODES
+#ifndef PRISM2_NO_DEBUG
+static const char* hfa384x_linkstatus_str(u16 linkstatus)
+{
+ switch (linkstatus) {
+ case HFA384X_LINKSTATUS_CONNECTED:
+ return "Connected";
+ case HFA384X_LINKSTATUS_DISCONNECTED:
+ return "Disconnected";
+ case HFA384X_LINKSTATUS_AP_CHANGE:
+ return "Access point change";
+ case HFA384X_LINKSTATUS_AP_OUT_OF_RANGE:
+ return "Access point out of range";
+ case HFA384X_LINKSTATUS_AP_IN_RANGE:
+ return "Access point in range";
+ case HFA384X_LINKSTATUS_ASSOC_FAILED:
+ return "Association failed";
+ default:
+ return "Unknown";
+ }
+}
+#endif /* PRISM2_NO_DEBUG */
+
+
+/* Called only as a tasklet (software IRQ) */
+static void prism2_info_linkstatus(local_info_t *local, unsigned char *buf,
+ int left)
+{
+ u16 val;
+ int non_sta_mode;
+
+ /* Alloc new JoinRequests to occur since LinkStatus for the previous
+ * has been received */
+ local->last_join_time = 0;
+
+ if (left != 2) {
+ printk(KERN_DEBUG "%s: invalid linkstatus info frame "
+ "length %d\n", local->dev->name, left);
+ return;
+ }
+
+ non_sta_mode = local->iw_mode == IW_MODE_MASTER ||
+ local->iw_mode == IW_MODE_REPEAT ||
+ local->iw_mode == IW_MODE_MONITOR;
+
+ val = buf[0] | (buf[1] << 8);
+ if (!non_sta_mode || val != HFA384X_LINKSTATUS_DISCONNECTED) {
+ PDEBUG(DEBUG_EXTRA, "%s: LinkStatus=%d (%s)\n",
+ local->dev->name, val, hfa384x_linkstatus_str(val));
+ }
+
+ if (non_sta_mode) {
+ netif_carrier_on(local->dev);
+ netif_carrier_on(local->ddev);
+ return;
+ }
+
+ /* Get current BSSID later in scheduled task */
+ set_bit(PRISM2_INFO_PENDING_LINKSTATUS, &local->pending_info);
+ local->prev_link_status = val;
+ schedule_work(&local->info_queue);
+}
+
+
+static void prism2_host_roaming(local_info_t *local)
+{
+ struct hfa384x_join_request req;
+ struct net_device *dev = local->dev;
+ struct hfa384x_hostscan_result *selected, *entry;
+ int i;
+ unsigned long flags;
+
+ if (local->last_join_time &&
+ time_before(jiffies, local->last_join_time + 10 * HZ)) {
+ PDEBUG(DEBUG_EXTRA, "%s: last join request has not yet been "
+ "completed - waiting for it before issuing new one\n",
+ dev->name);
+ return;
+ }
+
+ /* ScanResults are sorted: first ESS results in decreasing signal
+ * quality then IBSS results in similar order.
+ * Trivial roaming policy: just select the first entry.
+ * This could probably be improved by adding hysteresis to limit
+ * number of handoffs, etc.
+ *
+ * Could do periodic RID_SCANREQUEST or Inquire F101 to get new
+ * ScanResults */
+ spin_lock_irqsave(&local->lock, flags);
+ if (local->last_scan_results == NULL ||
+ local->last_scan_results_count == 0) {
+ spin_unlock_irqrestore(&local->lock, flags);
+ PDEBUG(DEBUG_EXTRA, "%s: no scan results for host roaming\n",
+ dev->name);
+ return;
+ }
+
+ selected = &local->last_scan_results[0];
+
+ if (local->preferred_ap[0] || local->preferred_ap[1] ||
+ local->preferred_ap[2] || local->preferred_ap[3] ||
+ local->preferred_ap[4] || local->preferred_ap[5]) {
+ /* Try to find preferred AP */
+ PDEBUG(DEBUG_EXTRA, "%s: Preferred AP BSSID %pM\n",
+ dev->name, local->preferred_ap);
+ for (i = 0; i < local->last_scan_results_count; i++) {
+ entry = &local->last_scan_results[i];
+ if (memcmp(local->preferred_ap, entry->bssid, 6) == 0)
+ {
+ PDEBUG(DEBUG_EXTRA, "%s: using preferred AP "
+ "selection\n", dev->name);
+ selected = entry;
+ break;
+ }
+ }
+ }
+
+ memcpy(req.bssid, selected->bssid, ETH_ALEN);
+ req.channel = selected->chid;
+ spin_unlock_irqrestore(&local->lock, flags);
+
+ PDEBUG(DEBUG_EXTRA, "%s: JoinRequest: BSSID=%pM"
+ " channel=%d\n",
+ dev->name, req.bssid, le16_to_cpu(req.channel));
+ if (local->func->set_rid(dev, HFA384X_RID_JOINREQUEST, &req,
+ sizeof(req))) {
+ printk(KERN_DEBUG "%s: JoinRequest failed\n", dev->name);
+ }
+ local->last_join_time = jiffies;
+}
+
+
+static void hostap_report_scan_complete(local_info_t *local)
+{
+ union iwreq_data wrqu;
+
+ /* Inform user space about new scan results (just empty event,
+ * SIOCGIWSCAN can be used to fetch data */
+ wrqu.data.length = 0;
+ wrqu.data.flags = 0;
+ wireless_send_event(local->dev, SIOCGIWSCAN, &wrqu, NULL);
+
+ /* Allow SIOCGIWSCAN handling to occur since we have received
+ * scanning result */
+ local->scan_timestamp = 0;
+}
+
+
+/* Called only as a tasklet (software IRQ) */
+static void prism2_info_scanresults(local_info_t *local, unsigned char *buf,
+ int left)
+{
+ u16 *pos;
+ int new_count, i;
+ unsigned long flags;
+ struct hfa384x_scan_result *res;
+ struct hfa384x_hostscan_result *results, *prev;
+
+ if (left < 4) {
+ printk(KERN_DEBUG "%s: invalid scanresult info frame "
+ "length %d\n", local->dev->name, left);
+ return;
+ }
+
+ pos = (u16 *) buf;
+ pos++;
+ pos++;
+ left -= 4;
+
+ new_count = left / sizeof(struct hfa384x_scan_result);
+ results = kmalloc_array(new_count,
+ sizeof(struct hfa384x_hostscan_result),
+ GFP_ATOMIC);
+ if (results == NULL)
+ return;
+
+ /* Convert to hostscan result format. */
+ res = (struct hfa384x_scan_result *) pos;
+ for (i = 0; i < new_count; i++) {
+ memcpy(&results[i], &res[i],
+ sizeof(struct hfa384x_scan_result));
+ results[i].atim = 0;
+ }
+
+ spin_lock_irqsave(&local->lock, flags);
+ local->last_scan_type = PRISM2_SCAN;
+ prev = local->last_scan_results;
+ local->last_scan_results = results;
+ local->last_scan_results_count = new_count;
+ spin_unlock_irqrestore(&local->lock, flags);
+ kfree(prev);
+
+ hostap_report_scan_complete(local);
+
+ /* Perform rest of ScanResults handling later in scheduled task */
+ set_bit(PRISM2_INFO_PENDING_SCANRESULTS, &local->pending_info);
+ schedule_work(&local->info_queue);
+}
+
+
+/* Called only as a tasklet (software IRQ) */
+static void prism2_info_hostscanresults(local_info_t *local,
+ unsigned char *buf, int left)
+{
+ int i, result_size, copy_len, new_count;
+ struct hfa384x_hostscan_result *results, *prev;
+ unsigned long flags;
+ __le16 *pos;
+ u8 *ptr;
+
+ wake_up_interruptible(&local->hostscan_wq);
+
+ if (left < 4) {
+ printk(KERN_DEBUG "%s: invalid hostscanresult info frame "
+ "length %d\n", local->dev->name, left);
+ return;
+ }
+
+ pos = (__le16 *) buf;
+ copy_len = result_size = le16_to_cpu(*pos);
+ if (result_size == 0) {
+ printk(KERN_DEBUG "%s: invalid result_size (0) in "
+ "hostscanresults\n", local->dev->name);
+ return;
+ }
+ if (copy_len > sizeof(struct hfa384x_hostscan_result))
+ copy_len = sizeof(struct hfa384x_hostscan_result);
+
+ pos++;
+ pos++;
+ left -= 4;
+ ptr = (u8 *) pos;
+
+ new_count = left / result_size;
+ results = kcalloc(new_count, sizeof(struct hfa384x_hostscan_result),
+ GFP_ATOMIC);
+ if (results == NULL)
+ return;
+
+ for (i = 0; i < new_count; i++) {
+ memcpy(&results[i], ptr, copy_len);
+ ptr += result_size;
+ left -= result_size;
+ }
+
+ if (left) {
+ printk(KERN_DEBUG "%s: short HostScan result entry (%d/%d)\n",
+ local->dev->name, left, result_size);
+ }
+
+ spin_lock_irqsave(&local->lock, flags);
+ local->last_scan_type = PRISM2_HOSTSCAN;
+ prev = local->last_scan_results;
+ local->last_scan_results = results;
+ local->last_scan_results_count = new_count;
+ spin_unlock_irqrestore(&local->lock, flags);
+ kfree(prev);
+
+ hostap_report_scan_complete(local);
+}
+#endif /* PRISM2_NO_STATION_MODES */
+
+
+/* Called only as a tasklet (software IRQ) */
+void hostap_info_process(local_info_t *local, struct sk_buff *skb)
+{
+ struct hfa384x_info_frame *info;
+ unsigned char *buf;
+ int left;
+#ifndef PRISM2_NO_DEBUG
+ int i;
+#endif /* PRISM2_NO_DEBUG */
+
+ info = (struct hfa384x_info_frame *) skb->data;
+ buf = skb->data + sizeof(*info);
+ left = skb->len - sizeof(*info);
+
+ switch (le16_to_cpu(info->type)) {
+ case HFA384X_INFO_COMMTALLIES:
+ prism2_info_commtallies(local, buf, left);
+ break;
+
+#ifndef PRISM2_NO_STATION_MODES
+ case HFA384X_INFO_LINKSTATUS:
+ prism2_info_linkstatus(local, buf, left);
+ break;
+
+ case HFA384X_INFO_SCANRESULTS:
+ prism2_info_scanresults(local, buf, left);
+ break;
+
+ case HFA384X_INFO_HOSTSCANRESULTS:
+ prism2_info_hostscanresults(local, buf, left);
+ break;
+#endif /* PRISM2_NO_STATION_MODES */
+
+#ifndef PRISM2_NO_DEBUG
+ default:
+ PDEBUG(DEBUG_EXTRA, "%s: INFO - len=%d type=0x%04x\n",
+ local->dev->name, le16_to_cpu(info->len),
+ le16_to_cpu(info->type));
+ PDEBUG(DEBUG_EXTRA, "Unknown info frame:");
+ for (i = 0; i < (left < 100 ? left : 100); i++)
+ PDEBUG2(DEBUG_EXTRA, " %02x", buf[i]);
+ PDEBUG2(DEBUG_EXTRA, "\n");
+ break;
+#endif /* PRISM2_NO_DEBUG */
+ }
+}
+
+
+#ifndef PRISM2_NO_STATION_MODES
+static void handle_info_queue_linkstatus(local_info_t *local)
+{
+ int val = local->prev_link_status;
+ int connected;
+ union iwreq_data wrqu;
+
+ connected =
+ val == HFA384X_LINKSTATUS_CONNECTED ||
+ val == HFA384X_LINKSTATUS_AP_CHANGE ||
+ val == HFA384X_LINKSTATUS_AP_IN_RANGE;
+
+ if (local->func->get_rid(local->dev, HFA384X_RID_CURRENTBSSID,
+ local->bssid, ETH_ALEN, 1) < 0) {
+ printk(KERN_DEBUG "%s: could not read CURRENTBSSID after "
+ "LinkStatus event\n", local->dev->name);
+ } else {
+ PDEBUG(DEBUG_EXTRA, "%s: LinkStatus: BSSID=%pM\n",
+ local->dev->name,
+ (unsigned char *) local->bssid);
+ if (local->wds_type & HOSTAP_WDS_AP_CLIENT)
+ hostap_add_sta(local->ap, local->bssid);
+ }
+
+ /* Get BSSID if we have a valid AP address */
+ if (connected) {
+ netif_carrier_on(local->dev);
+ netif_carrier_on(local->ddev);
+ memcpy(wrqu.ap_addr.sa_data, local->bssid, ETH_ALEN);
+ } else {
+ netif_carrier_off(local->dev);
+ netif_carrier_off(local->ddev);
+ eth_zero_addr(wrqu.ap_addr.sa_data);
+ }
+ wrqu.ap_addr.sa_family = ARPHRD_ETHER;
+
+ /*
+ * Filter out sequential disconnect events in order not to cause a
+ * flood of SIOCGIWAP events that have a race condition with EAPOL
+ * frames and can confuse wpa_supplicant about the current association
+ * status.
+ */
+ if (connected || local->prev_linkstatus_connected)
+ wireless_send_event(local->dev, SIOCGIWAP, &wrqu, NULL);
+ local->prev_linkstatus_connected = connected;
+}
+
+
+static void handle_info_queue_scanresults(local_info_t *local)
+{
+ if (local->host_roaming == 1 && local->iw_mode == IW_MODE_INFRA)
+ prism2_host_roaming(local);
+
+ if (local->host_roaming == 2 && local->iw_mode == IW_MODE_INFRA &&
+ !is_zero_ether_addr(local->preferred_ap)) {
+ /*
+ * Firmware seems to be getting into odd state in host_roaming
+ * mode 2 when hostscan is used without join command, so try
+ * to fix this by re-joining the current AP. This does not
+ * actually trigger a new association if the current AP is
+ * still in the scan results.
+ */
+ prism2_host_roaming(local);
+ }
+}
+
+
+/* Called only as scheduled task after receiving info frames (used to avoid
+ * pending too much time in HW IRQ handler). */
+static void handle_info_queue(struct work_struct *work)
+{
+ local_info_t *local = container_of(work, local_info_t, info_queue);
+
+ if (test_and_clear_bit(PRISM2_INFO_PENDING_LINKSTATUS,
+ &local->pending_info))
+ handle_info_queue_linkstatus(local);
+
+ if (test_and_clear_bit(PRISM2_INFO_PENDING_SCANRESULTS,
+ &local->pending_info))
+ handle_info_queue_scanresults(local);
+}
+#endif /* PRISM2_NO_STATION_MODES */
+
+
+void hostap_info_init(local_info_t *local)
+{
+ skb_queue_head_init(&local->info_list);
+#ifndef PRISM2_NO_STATION_MODES
+ INIT_WORK(&local->info_queue, handle_info_queue);
+#endif /* PRISM2_NO_STATION_MODES */
+}
+
+
+EXPORT_SYMBOL(hostap_info_init);
+EXPORT_SYMBOL(hostap_info_process);
diff --git a/drivers/net/wireless/intersil/hostap/hostap_ioctl.c b/drivers/net/wireless/intersil/hostap/hostap_ioctl.c
new file mode 100644
index 000000000..4e0a0c881
--- /dev/null
+++ b/drivers/net/wireless/intersil/hostap/hostap_ioctl.c
@@ -0,0 +1,4053 @@
+// SPDX-License-Identifier: GPL-2.0
+/* ioctl() (mostly Linux Wireless Extensions) routines for Host AP driver */
+
+#include <linux/slab.h>
+#include <linux/types.h>
+#include <linux/sched/signal.h>
+#include <linux/ethtool.h>
+#include <linux/if_arp.h>
+#include <linux/module.h>
+#include <linux/etherdevice.h>
+#include <net/lib80211.h>
+
+#include "hostap_wlan.h"
+#include "hostap.h"
+#include "hostap_ap.h"
+
+static struct iw_statistics *hostap_get_wireless_stats(struct net_device *dev)
+{
+ struct hostap_interface *iface;
+ local_info_t *local;
+ struct iw_statistics *wstats;
+
+ iface = netdev_priv(dev);
+ local = iface->local;
+
+ /* Why are we doing that ? Jean II */
+ if (iface->type != HOSTAP_INTERFACE_MAIN)
+ return NULL;
+
+ wstats = &local->wstats;
+
+ wstats->status = 0;
+ wstats->discard.code =
+ local->comm_tallies.rx_discards_wep_undecryptable;
+ wstats->discard.misc =
+ local->comm_tallies.rx_fcs_errors +
+ local->comm_tallies.rx_discards_no_buffer +
+ local->comm_tallies.tx_discards_wrong_sa;
+
+ wstats->discard.retries =
+ local->comm_tallies.tx_retry_limit_exceeded;
+ wstats->discard.fragment =
+ local->comm_tallies.rx_message_in_bad_msg_fragments;
+
+ if (local->iw_mode != IW_MODE_MASTER &&
+ local->iw_mode != IW_MODE_REPEAT) {
+
+ if (prism2_update_comms_qual(dev) == 0)
+ wstats->qual.updated = IW_QUAL_ALL_UPDATED |
+ IW_QUAL_DBM;
+
+ wstats->qual.qual = local->comms_qual;
+ wstats->qual.level = local->avg_signal;
+ wstats->qual.noise = local->avg_noise;
+ } else {
+ wstats->qual.qual = 0;
+ wstats->qual.level = 0;
+ wstats->qual.noise = 0;
+ wstats->qual.updated = IW_QUAL_ALL_INVALID;
+ }
+
+ return wstats;
+}
+
+
+static int prism2_get_datarates(struct net_device *dev, u8 *rates)
+{
+ struct hostap_interface *iface;
+ local_info_t *local;
+ u8 buf[12];
+ int len;
+ u16 val;
+
+ iface = netdev_priv(dev);
+ local = iface->local;
+
+ len = local->func->get_rid(dev, HFA384X_RID_SUPPORTEDDATARATES, buf,
+ sizeof(buf), 0);
+ if (len < 2)
+ return 0;
+
+ val = le16_to_cpu(*(__le16 *) buf); /* string length */
+
+ if (len - 2 < val || val > 10)
+ return 0;
+
+ memcpy(rates, buf + 2, val);
+ return val;
+}
+
+
+static int prism2_get_name(struct net_device *dev,
+ struct iw_request_info *info,
+ char *name, char *extra)
+{
+ u8 rates[10];
+ int len, i, over2 = 0;
+
+ len = prism2_get_datarates(dev, rates);
+
+ for (i = 0; i < len; i++) {
+ if (rates[i] == 0x0b || rates[i] == 0x16) {
+ over2 = 1;
+ break;
+ }
+ }
+
+ strcpy(name, over2 ? "IEEE 802.11b" : "IEEE 802.11-DS");
+
+ return 0;
+}
+
+
+static int prism2_ioctl_siwencode(struct net_device *dev,
+ struct iw_request_info *info,
+ struct iw_point *erq, char *keybuf)
+{
+ struct hostap_interface *iface;
+ local_info_t *local;
+ int i;
+ struct lib80211_crypt_data **crypt;
+
+ iface = netdev_priv(dev);
+ local = iface->local;
+
+ i = erq->flags & IW_ENCODE_INDEX;
+ if (i < 1 || i > 4)
+ i = local->crypt_info.tx_keyidx;
+ else
+ i--;
+ if (i < 0 || i >= WEP_KEYS)
+ return -EINVAL;
+
+ crypt = &local->crypt_info.crypt[i];
+
+ if (erq->flags & IW_ENCODE_DISABLED) {
+ if (*crypt)
+ lib80211_crypt_delayed_deinit(&local->crypt_info, crypt);
+ goto done;
+ }
+
+ if (*crypt != NULL && (*crypt)->ops != NULL &&
+ strcmp((*crypt)->ops->name, "WEP") != 0) {
+ /* changing to use WEP; deinit previously used algorithm */
+ lib80211_crypt_delayed_deinit(&local->crypt_info, crypt);
+ }
+
+ if (*crypt == NULL) {
+ struct lib80211_crypt_data *new_crypt;
+
+ /* take WEP into use */
+ new_crypt = kzalloc(sizeof(struct lib80211_crypt_data),
+ GFP_KERNEL);
+ if (new_crypt == NULL)
+ return -ENOMEM;
+ new_crypt->ops = lib80211_get_crypto_ops("WEP");
+ if (!new_crypt->ops) {
+ request_module("lib80211_crypt_wep");
+ new_crypt->ops = lib80211_get_crypto_ops("WEP");
+ }
+ if (new_crypt->ops && try_module_get(new_crypt->ops->owner))
+ new_crypt->priv = new_crypt->ops->init(i);
+ if (!new_crypt->ops || !new_crypt->priv) {
+ kfree(new_crypt);
+ new_crypt = NULL;
+
+ printk(KERN_WARNING "%s: could not initialize WEP: "
+ "load module hostap_crypt_wep.o\n",
+ dev->name);
+ return -EOPNOTSUPP;
+ }
+ *crypt = new_crypt;
+ }
+
+ if (erq->length > 0) {
+ int len = erq->length <= 5 ? 5 : 13;
+ int first = 1, j;
+ if (len > erq->length)
+ memset(keybuf + erq->length, 0, len - erq->length);
+ (*crypt)->ops->set_key(keybuf, len, NULL, (*crypt)->priv);
+ for (j = 0; j < WEP_KEYS; j++) {
+ if (j != i && local->crypt_info.crypt[j]) {
+ first = 0;
+ break;
+ }
+ }
+ if (first)
+ local->crypt_info.tx_keyidx = i;
+ } else {
+ /* No key data - just set the default TX key index */
+ local->crypt_info.tx_keyidx = i;
+ }
+
+ done:
+ local->open_wep = erq->flags & IW_ENCODE_OPEN;
+
+ if (hostap_set_encryption(local)) {
+ printk(KERN_DEBUG "%s: set_encryption failed\n", dev->name);
+ return -EINVAL;
+ }
+
+ /* Do not reset port0 if card is in Managed mode since resetting will
+ * generate new IEEE 802.11 authentication which may end up in looping
+ * with IEEE 802.1X. Prism2 documentation seem to require port reset
+ * after WEP configuration. However, keys are apparently changed at
+ * least in Managed mode. */
+ if (local->iw_mode != IW_MODE_INFRA && local->func->reset_port(dev)) {
+ printk(KERN_DEBUG "%s: reset_port failed\n", dev->name);
+ return -EINVAL;
+ }
+
+ return 0;
+}
+
+
+static int prism2_ioctl_giwencode(struct net_device *dev,
+ struct iw_request_info *info,
+ struct iw_point *erq, char *key)
+{
+ struct hostap_interface *iface;
+ local_info_t *local;
+ int i, len;
+ u16 val;
+ struct lib80211_crypt_data *crypt;
+
+ iface = netdev_priv(dev);
+ local = iface->local;
+
+ i = erq->flags & IW_ENCODE_INDEX;
+ if (i < 1 || i > 4)
+ i = local->crypt_info.tx_keyidx;
+ else
+ i--;
+ if (i < 0 || i >= WEP_KEYS)
+ return -EINVAL;
+
+ crypt = local->crypt_info.crypt[i];
+ erq->flags = i + 1;
+
+ if (crypt == NULL || crypt->ops == NULL) {
+ erq->length = 0;
+ erq->flags |= IW_ENCODE_DISABLED;
+ return 0;
+ }
+
+ if (strcmp(crypt->ops->name, "WEP") != 0) {
+ /* only WEP is supported with wireless extensions, so just
+ * report that encryption is used */
+ erq->length = 0;
+ erq->flags |= IW_ENCODE_ENABLED;
+ return 0;
+ }
+
+ /* Reads from HFA384X_RID_CNFDEFAULTKEY* return bogus values, so show
+ * the keys from driver buffer */
+ len = crypt->ops->get_key(key, WEP_KEY_LEN, NULL, crypt->priv);
+ erq->length = (len >= 0 ? len : 0);
+
+ if (local->func->get_rid(dev, HFA384X_RID_CNFWEPFLAGS, &val, 2, 1) < 0)
+ {
+ printk("CNFWEPFLAGS reading failed\n");
+ return -EOPNOTSUPP;
+ }
+ le16_to_cpus(&val);
+ if (val & HFA384X_WEPFLAGS_PRIVACYINVOKED)
+ erq->flags |= IW_ENCODE_ENABLED;
+ else
+ erq->flags |= IW_ENCODE_DISABLED;
+ if (val & HFA384X_WEPFLAGS_EXCLUDEUNENCRYPTED)
+ erq->flags |= IW_ENCODE_RESTRICTED;
+ else
+ erq->flags |= IW_ENCODE_OPEN;
+
+ return 0;
+}
+
+
+static int hostap_set_rate(struct net_device *dev)
+{
+ struct hostap_interface *iface;
+ local_info_t *local;
+ int ret, basic_rates;
+
+ iface = netdev_priv(dev);
+ local = iface->local;
+
+ basic_rates = local->basic_rates & local->tx_rate_control;
+ if (!basic_rates || basic_rates != local->basic_rates) {
+ printk(KERN_INFO "%s: updating basic rate set automatically "
+ "to match with the new supported rate set\n",
+ dev->name);
+ if (!basic_rates)
+ basic_rates = local->tx_rate_control;
+
+ local->basic_rates = basic_rates;
+ if (hostap_set_word(dev, HFA384X_RID_CNFBASICRATES,
+ basic_rates))
+ printk(KERN_WARNING "%s: failed to set "
+ "cnfBasicRates\n", dev->name);
+ }
+
+ ret = (hostap_set_word(dev, HFA384X_RID_TXRATECONTROL,
+ local->tx_rate_control) ||
+ hostap_set_word(dev, HFA384X_RID_CNFSUPPORTEDRATES,
+ local->tx_rate_control) ||
+ local->func->reset_port(dev));
+
+ if (ret) {
+ printk(KERN_WARNING "%s: TXRateControl/cnfSupportedRates "
+ "setting to 0x%x failed\n",
+ dev->name, local->tx_rate_control);
+ }
+
+ /* Update TX rate configuration for all STAs based on new operational
+ * rate set. */
+ hostap_update_rates(local);
+
+ return ret;
+}
+
+
+static int prism2_ioctl_siwrate(struct net_device *dev,
+ struct iw_request_info *info,
+ struct iw_param *rrq, char *extra)
+{
+ struct hostap_interface *iface;
+ local_info_t *local;
+
+ iface = netdev_priv(dev);
+ local = iface->local;
+
+ if (rrq->fixed) {
+ switch (rrq->value) {
+ case 11000000:
+ local->tx_rate_control = HFA384X_RATES_11MBPS;
+ break;
+ case 5500000:
+ local->tx_rate_control = HFA384X_RATES_5MBPS;
+ break;
+ case 2000000:
+ local->tx_rate_control = HFA384X_RATES_2MBPS;
+ break;
+ case 1000000:
+ local->tx_rate_control = HFA384X_RATES_1MBPS;
+ break;
+ default:
+ local->tx_rate_control = HFA384X_RATES_1MBPS |
+ HFA384X_RATES_2MBPS | HFA384X_RATES_5MBPS |
+ HFA384X_RATES_11MBPS;
+ break;
+ }
+ } else {
+ switch (rrq->value) {
+ case 11000000:
+ local->tx_rate_control = HFA384X_RATES_1MBPS |
+ HFA384X_RATES_2MBPS | HFA384X_RATES_5MBPS |
+ HFA384X_RATES_11MBPS;
+ break;
+ case 5500000:
+ local->tx_rate_control = HFA384X_RATES_1MBPS |
+ HFA384X_RATES_2MBPS | HFA384X_RATES_5MBPS;
+ break;
+ case 2000000:
+ local->tx_rate_control = HFA384X_RATES_1MBPS |
+ HFA384X_RATES_2MBPS;
+ break;
+ case 1000000:
+ local->tx_rate_control = HFA384X_RATES_1MBPS;
+ break;
+ default:
+ local->tx_rate_control = HFA384X_RATES_1MBPS |
+ HFA384X_RATES_2MBPS | HFA384X_RATES_5MBPS |
+ HFA384X_RATES_11MBPS;
+ break;
+ }
+ }
+
+ return hostap_set_rate(dev);
+}
+
+
+static int prism2_ioctl_giwrate(struct net_device *dev,
+ struct iw_request_info *info,
+ struct iw_param *rrq, char *extra)
+{
+ u16 val;
+ struct hostap_interface *iface;
+ local_info_t *local;
+ int ret = 0;
+
+ iface = netdev_priv(dev);
+ local = iface->local;
+
+ if (local->func->get_rid(dev, HFA384X_RID_TXRATECONTROL, &val, 2, 1) <
+ 0)
+ return -EINVAL;
+
+ if ((val & 0x1) && (val > 1))
+ rrq->fixed = 0;
+ else
+ rrq->fixed = 1;
+
+ if (local->iw_mode == IW_MODE_MASTER && local->ap != NULL &&
+ !local->fw_tx_rate_control) {
+ /* HFA384X_RID_CURRENTTXRATE seems to always be 2 Mbps in
+ * Host AP mode, so use the recorded TX rate of the last sent
+ * frame */
+ rrq->value = local->ap->last_tx_rate > 0 ?
+ local->ap->last_tx_rate * 100000 : 11000000;
+ return 0;
+ }
+
+ if (local->func->get_rid(dev, HFA384X_RID_CURRENTTXRATE, &val, 2, 1) <
+ 0)
+ return -EINVAL;
+
+ switch (val) {
+ case HFA384X_RATES_1MBPS:
+ rrq->value = 1000000;
+ break;
+ case HFA384X_RATES_2MBPS:
+ rrq->value = 2000000;
+ break;
+ case HFA384X_RATES_5MBPS:
+ rrq->value = 5500000;
+ break;
+ case HFA384X_RATES_11MBPS:
+ rrq->value = 11000000;
+ break;
+ default:
+ /* should not happen */
+ rrq->value = 11000000;
+ ret = -EINVAL;
+ break;
+ }
+
+ return ret;
+}
+
+
+static int prism2_ioctl_siwsens(struct net_device *dev,
+ struct iw_request_info *info,
+ struct iw_param *sens, char *extra)
+{
+ struct hostap_interface *iface;
+ local_info_t *local;
+
+ iface = netdev_priv(dev);
+ local = iface->local;
+
+ /* Set the desired AP density */
+ if (sens->value < 1 || sens->value > 3)
+ return -EINVAL;
+
+ if (hostap_set_word(dev, HFA384X_RID_CNFSYSTEMSCALE, sens->value) ||
+ local->func->reset_port(dev))
+ return -EINVAL;
+
+ return 0;
+}
+
+static int prism2_ioctl_giwsens(struct net_device *dev,
+ struct iw_request_info *info,
+ struct iw_param *sens, char *extra)
+{
+ struct hostap_interface *iface;
+ local_info_t *local;
+ __le16 val;
+
+ iface = netdev_priv(dev);
+ local = iface->local;
+
+ /* Get the current AP density */
+ if (local->func->get_rid(dev, HFA384X_RID_CNFSYSTEMSCALE, &val, 2, 1) <
+ 0)
+ return -EINVAL;
+
+ sens->value = le16_to_cpu(val);
+ sens->fixed = 1;
+
+ return 0;
+}
+
+
+/* Deprecated in new wireless extension API */
+static int prism2_ioctl_giwaplist(struct net_device *dev,
+ struct iw_request_info *info,
+ struct iw_point *data, char *extra)
+{
+ struct hostap_interface *iface;
+ local_info_t *local;
+ struct sockaddr *addr;
+ struct iw_quality *qual;
+
+ iface = netdev_priv(dev);
+ local = iface->local;
+
+ if (local->iw_mode != IW_MODE_MASTER) {
+ printk(KERN_DEBUG "SIOCGIWAPLIST is currently only supported "
+ "in Host AP mode\n");
+ data->length = 0;
+ return -EOPNOTSUPP;
+ }
+
+ addr = kmalloc_array(IW_MAX_AP, sizeof(struct sockaddr), GFP_KERNEL);
+ qual = kmalloc_array(IW_MAX_AP, sizeof(struct iw_quality), GFP_KERNEL);
+ if (addr == NULL || qual == NULL) {
+ kfree(addr);
+ kfree(qual);
+ data->length = 0;
+ return -ENOMEM;
+ }
+
+ data->length = prism2_ap_get_sta_qual(local, addr, qual, IW_MAX_AP, 1);
+
+ memcpy(extra, addr, sizeof(struct sockaddr) * data->length);
+ data->flags = 1; /* has quality information */
+ memcpy(extra + sizeof(struct sockaddr) * data->length, qual,
+ sizeof(struct iw_quality) * data->length);
+
+ kfree(addr);
+ kfree(qual);
+ return 0;
+}
+
+
+static int prism2_ioctl_siwrts(struct net_device *dev,
+ struct iw_request_info *info,
+ struct iw_param *rts, char *extra)
+{
+ struct hostap_interface *iface;
+ local_info_t *local;
+ __le16 val;
+
+ iface = netdev_priv(dev);
+ local = iface->local;
+
+ if (rts->disabled)
+ val = cpu_to_le16(2347);
+ else if (rts->value < 0 || rts->value > 2347)
+ return -EINVAL;
+ else
+ val = cpu_to_le16(rts->value);
+
+ if (local->func->set_rid(dev, HFA384X_RID_RTSTHRESHOLD, &val, 2) ||
+ local->func->reset_port(dev))
+ return -EINVAL;
+
+ local->rts_threshold = rts->value;
+
+ return 0;
+}
+
+static int prism2_ioctl_giwrts(struct net_device *dev,
+ struct iw_request_info *info,
+ struct iw_param *rts, char *extra)
+{
+ struct hostap_interface *iface;
+ local_info_t *local;
+ __le16 val;
+
+ iface = netdev_priv(dev);
+ local = iface->local;
+
+ if (local->func->get_rid(dev, HFA384X_RID_RTSTHRESHOLD, &val, 2, 1) <
+ 0)
+ return -EINVAL;
+
+ rts->value = le16_to_cpu(val);
+ rts->disabled = (rts->value == 2347);
+ rts->fixed = 1;
+
+ return 0;
+}
+
+
+static int prism2_ioctl_siwfrag(struct net_device *dev,
+ struct iw_request_info *info,
+ struct iw_param *rts, char *extra)
+{
+ struct hostap_interface *iface;
+ local_info_t *local;
+ __le16 val;
+
+ iface = netdev_priv(dev);
+ local = iface->local;
+
+ if (rts->disabled)
+ val = cpu_to_le16(2346);
+ else if (rts->value < 256 || rts->value > 2346)
+ return -EINVAL;
+ else
+ val = cpu_to_le16(rts->value & ~0x1); /* even numbers only */
+
+ local->fragm_threshold = rts->value & ~0x1;
+ if (local->func->set_rid(dev, HFA384X_RID_FRAGMENTATIONTHRESHOLD, &val,
+ 2)
+ || local->func->reset_port(dev))
+ return -EINVAL;
+
+ return 0;
+}
+
+static int prism2_ioctl_giwfrag(struct net_device *dev,
+ struct iw_request_info *info,
+ struct iw_param *rts, char *extra)
+{
+ struct hostap_interface *iface;
+ local_info_t *local;
+ __le16 val;
+
+ iface = netdev_priv(dev);
+ local = iface->local;
+
+ if (local->func->get_rid(dev, HFA384X_RID_FRAGMENTATIONTHRESHOLD,
+ &val, 2, 1) < 0)
+ return -EINVAL;
+
+ rts->value = le16_to_cpu(val);
+ rts->disabled = (rts->value == 2346);
+ rts->fixed = 1;
+
+ return 0;
+}
+
+
+#ifndef PRISM2_NO_STATION_MODES
+static int hostap_join_ap(struct net_device *dev)
+{
+ struct hostap_interface *iface;
+ local_info_t *local;
+ struct hfa384x_join_request req;
+ unsigned long flags;
+ int i;
+ struct hfa384x_hostscan_result *entry;
+
+ iface = netdev_priv(dev);
+ local = iface->local;
+
+ memcpy(req.bssid, local->preferred_ap, ETH_ALEN);
+ req.channel = 0;
+
+ spin_lock_irqsave(&local->lock, flags);
+ for (i = 0; i < local->last_scan_results_count; i++) {
+ if (!local->last_scan_results)
+ break;
+ entry = &local->last_scan_results[i];
+ if (ether_addr_equal(local->preferred_ap, entry->bssid)) {
+ req.channel = entry->chid;
+ break;
+ }
+ }
+ spin_unlock_irqrestore(&local->lock, flags);
+
+ if (local->func->set_rid(dev, HFA384X_RID_JOINREQUEST, &req,
+ sizeof(req))) {
+ printk(KERN_DEBUG "%s: JoinRequest %pM failed\n",
+ dev->name, local->preferred_ap);
+ return -1;
+ }
+
+ printk(KERN_DEBUG "%s: Trying to join BSSID %pM\n",
+ dev->name, local->preferred_ap);
+
+ return 0;
+}
+#endif /* PRISM2_NO_STATION_MODES */
+
+
+static int prism2_ioctl_siwap(struct net_device *dev,
+ struct iw_request_info *info,
+ struct sockaddr *ap_addr, char *extra)
+{
+#ifdef PRISM2_NO_STATION_MODES
+ return -EOPNOTSUPP;
+#else /* PRISM2_NO_STATION_MODES */
+ struct hostap_interface *iface;
+ local_info_t *local;
+
+ iface = netdev_priv(dev);
+ local = iface->local;
+
+ memcpy(local->preferred_ap, &ap_addr->sa_data, ETH_ALEN);
+
+ if (local->host_roaming == 1 && local->iw_mode == IW_MODE_INFRA) {
+ struct hfa384x_scan_request scan_req;
+ memset(&scan_req, 0, sizeof(scan_req));
+ scan_req.channel_list = cpu_to_le16(0x3fff);
+ scan_req.txrate = cpu_to_le16(HFA384X_RATES_1MBPS);
+ if (local->func->set_rid(dev, HFA384X_RID_SCANREQUEST,
+ &scan_req, sizeof(scan_req))) {
+ printk(KERN_DEBUG "%s: ScanResults request failed - "
+ "preferred AP delayed to next unsolicited "
+ "scan\n", dev->name);
+ }
+ } else if (local->host_roaming == 2 &&
+ local->iw_mode == IW_MODE_INFRA) {
+ if (hostap_join_ap(dev))
+ return -EINVAL;
+ } else {
+ printk(KERN_DEBUG "%s: Preferred AP (SIOCSIWAP) is used only "
+ "in Managed mode when host_roaming is enabled\n",
+ dev->name);
+ }
+
+ return 0;
+#endif /* PRISM2_NO_STATION_MODES */
+}
+
+static int prism2_ioctl_giwap(struct net_device *dev,
+ struct iw_request_info *info,
+ struct sockaddr *ap_addr, char *extra)
+{
+ struct hostap_interface *iface;
+ local_info_t *local;
+
+ iface = netdev_priv(dev);
+ local = iface->local;
+
+ ap_addr->sa_family = ARPHRD_ETHER;
+ switch (iface->type) {
+ case HOSTAP_INTERFACE_AP:
+ memcpy(&ap_addr->sa_data, dev->dev_addr, ETH_ALEN);
+ break;
+ case HOSTAP_INTERFACE_STA:
+ memcpy(&ap_addr->sa_data, local->assoc_ap_addr, ETH_ALEN);
+ break;
+ case HOSTAP_INTERFACE_WDS:
+ memcpy(&ap_addr->sa_data, iface->u.wds.remote_addr, ETH_ALEN);
+ break;
+ default:
+ if (local->func->get_rid(dev, HFA384X_RID_CURRENTBSSID,
+ &ap_addr->sa_data, ETH_ALEN, 1) < 0)
+ return -EOPNOTSUPP;
+
+ /* local->bssid is also updated in LinkStatus handler when in
+ * station mode */
+ memcpy(local->bssid, &ap_addr->sa_data, ETH_ALEN);
+ break;
+ }
+
+ return 0;
+}
+
+
+static int prism2_ioctl_siwnickn(struct net_device *dev,
+ struct iw_request_info *info,
+ struct iw_point *data, char *nickname)
+{
+ struct hostap_interface *iface;
+ local_info_t *local;
+
+ iface = netdev_priv(dev);
+ local = iface->local;
+
+ memset(local->name, 0, sizeof(local->name));
+ memcpy(local->name, nickname, data->length);
+ local->name_set = 1;
+
+ if (hostap_set_string(dev, HFA384X_RID_CNFOWNNAME, local->name) ||
+ local->func->reset_port(dev))
+ return -EINVAL;
+
+ return 0;
+}
+
+static int prism2_ioctl_giwnickn(struct net_device *dev,
+ struct iw_request_info *info,
+ struct iw_point *data, char *nickname)
+{
+ struct hostap_interface *iface;
+ local_info_t *local;
+ int len;
+ char name[MAX_NAME_LEN + 3];
+ u16 val;
+
+ iface = netdev_priv(dev);
+ local = iface->local;
+
+ len = local->func->get_rid(dev, HFA384X_RID_CNFOWNNAME,
+ &name, MAX_NAME_LEN + 2, 0);
+ val = le16_to_cpu(*(__le16 *) name);
+ if (len > MAX_NAME_LEN + 2 || len < 0 || val > MAX_NAME_LEN)
+ return -EOPNOTSUPP;
+
+ name[val + 2] = '\0';
+ data->length = val + 1;
+ memcpy(nickname, name + 2, val + 1);
+
+ return 0;
+}
+
+
+static int prism2_ioctl_siwfreq(struct net_device *dev,
+ struct iw_request_info *info,
+ struct iw_freq *freq, char *extra)
+{
+ struct hostap_interface *iface;
+ local_info_t *local;
+
+ iface = netdev_priv(dev);
+ local = iface->local;
+
+ /* freq => chan. */
+ if (freq->e == 1 &&
+ freq->m / 100000 >= freq_list[0] &&
+ freq->m / 100000 <= freq_list[FREQ_COUNT - 1]) {
+ int ch;
+ int fr = freq->m / 100000;
+ for (ch = 0; ch < FREQ_COUNT; ch++) {
+ if (fr == freq_list[ch]) {
+ freq->e = 0;
+ freq->m = ch + 1;
+ break;
+ }
+ }
+ }
+
+ if (freq->e != 0 || freq->m < 1 || freq->m > FREQ_COUNT ||
+ !(local->channel_mask & (1 << (freq->m - 1))))
+ return -EINVAL;
+
+ local->channel = freq->m; /* channel is used in prism2_setup_rids() */
+ if (hostap_set_word(dev, HFA384X_RID_CNFOWNCHANNEL, local->channel) ||
+ local->func->reset_port(dev))
+ return -EINVAL;
+
+ return 0;
+}
+
+static int prism2_ioctl_giwfreq(struct net_device *dev,
+ struct iw_request_info *info,
+ struct iw_freq *freq, char *extra)
+{
+ struct hostap_interface *iface;
+ local_info_t *local;
+ u16 val;
+
+ iface = netdev_priv(dev);
+ local = iface->local;
+
+ if (local->func->get_rid(dev, HFA384X_RID_CURRENTCHANNEL, &val, 2, 1) <
+ 0)
+ return -EINVAL;
+
+ le16_to_cpus(&val);
+ if (val < 1 || val > FREQ_COUNT)
+ return -EINVAL;
+
+ freq->m = freq_list[val - 1] * 100000;
+ freq->e = 1;
+
+ return 0;
+}
+
+
+static void hostap_monitor_set_type(local_info_t *local)
+{
+ struct net_device *dev = local->ddev;
+
+ if (dev == NULL)
+ return;
+
+ if (local->monitor_type == PRISM2_MONITOR_PRISM ||
+ local->monitor_type == PRISM2_MONITOR_CAPHDR) {
+ dev->type = ARPHRD_IEEE80211_PRISM;
+ } else if (local->monitor_type == PRISM2_MONITOR_RADIOTAP) {
+ dev->type = ARPHRD_IEEE80211_RADIOTAP;
+ } else {
+ dev->type = ARPHRD_IEEE80211;
+ }
+}
+
+
+static int prism2_ioctl_siwessid(struct net_device *dev,
+ struct iw_request_info *info,
+ struct iw_point *data, char *ssid)
+{
+ struct hostap_interface *iface;
+ local_info_t *local;
+
+ iface = netdev_priv(dev);
+ local = iface->local;
+
+ if (iface->type == HOSTAP_INTERFACE_WDS)
+ return -EOPNOTSUPP;
+
+ if (data->flags == 0)
+ ssid[0] = '\0'; /* ANY */
+
+ if (local->iw_mode == IW_MODE_MASTER && ssid[0] == '\0') {
+ /* Setting SSID to empty string seems to kill the card in
+ * Host AP mode */
+ printk(KERN_DEBUG "%s: Host AP mode does not support "
+ "'Any' essid\n", dev->name);
+ return -EINVAL;
+ }
+
+ memcpy(local->essid, ssid, data->length);
+ local->essid[data->length] = '\0';
+
+ if ((!local->fw_ap &&
+ hostap_set_string(dev, HFA384X_RID_CNFDESIREDSSID, local->essid))
+ || hostap_set_string(dev, HFA384X_RID_CNFOWNSSID, local->essid) ||
+ local->func->reset_port(dev))
+ return -EINVAL;
+
+ return 0;
+}
+
+static int prism2_ioctl_giwessid(struct net_device *dev,
+ struct iw_request_info *info,
+ struct iw_point *data, char *essid)
+{
+ struct hostap_interface *iface;
+ local_info_t *local;
+ u16 val;
+
+ iface = netdev_priv(dev);
+ local = iface->local;
+
+ if (iface->type == HOSTAP_INTERFACE_WDS)
+ return -EOPNOTSUPP;
+
+ data->flags = 1; /* active */
+ if (local->iw_mode == IW_MODE_MASTER) {
+ data->length = strlen(local->essid);
+ memcpy(essid, local->essid, IW_ESSID_MAX_SIZE);
+ } else {
+ int len;
+ char ssid[MAX_SSID_LEN + 2];
+ memset(ssid, 0, sizeof(ssid));
+ len = local->func->get_rid(dev, HFA384X_RID_CURRENTSSID,
+ &ssid, MAX_SSID_LEN + 2, 0);
+ val = le16_to_cpu(*(__le16 *) ssid);
+ if (len > MAX_SSID_LEN + 2 || len < 0 || val > MAX_SSID_LEN) {
+ return -EOPNOTSUPP;
+ }
+ data->length = val;
+ memcpy(essid, ssid + 2, IW_ESSID_MAX_SIZE);
+ }
+
+ return 0;
+}
+
+
+static int prism2_ioctl_giwrange(struct net_device *dev,
+ struct iw_request_info *info,
+ struct iw_point *data, char *extra)
+{
+ struct hostap_interface *iface;
+ local_info_t *local;
+ struct iw_range *range = (struct iw_range *) extra;
+ u8 rates[10];
+ u16 val;
+ int i, len, over2;
+
+ iface = netdev_priv(dev);
+ local = iface->local;
+
+ data->length = sizeof(struct iw_range);
+ memset(range, 0, sizeof(struct iw_range));
+
+ /* TODO: could fill num_txpower and txpower array with
+ * something; however, there are 128 different values.. */
+
+ range->txpower_capa = IW_TXPOW_DBM;
+
+ if (local->iw_mode == IW_MODE_INFRA || local->iw_mode == IW_MODE_ADHOC)
+ {
+ range->min_pmp = 1 * 1024;
+ range->max_pmp = 65535 * 1024;
+ range->min_pmt = 1 * 1024;
+ range->max_pmt = 1000 * 1024;
+ range->pmp_flags = IW_POWER_PERIOD;
+ range->pmt_flags = IW_POWER_TIMEOUT;
+ range->pm_capa = IW_POWER_PERIOD | IW_POWER_TIMEOUT |
+ IW_POWER_UNICAST_R | IW_POWER_ALL_R;
+ }
+
+ range->we_version_compiled = WIRELESS_EXT;
+ range->we_version_source = 18;
+
+ range->retry_capa = IW_RETRY_LIMIT;
+ range->retry_flags = IW_RETRY_LIMIT;
+ range->min_retry = 0;
+ range->max_retry = 255;
+
+ range->num_channels = FREQ_COUNT;
+
+ val = 0;
+ for (i = 0; i < FREQ_COUNT; i++) {
+ if (local->channel_mask & (1 << i)) {
+ range->freq[val].i = i + 1;
+ range->freq[val].m = freq_list[i] * 100000;
+ range->freq[val].e = 1;
+ val++;
+ }
+ if (val == IW_MAX_FREQUENCIES)
+ break;
+ }
+ range->num_frequency = val;
+
+ if (local->sta_fw_ver >= PRISM2_FW_VER(1,3,1)) {
+ range->max_qual.qual = 70; /* what is correct max? This was not
+ * documented exactly. At least
+ * 69 has been observed. */
+ range->max_qual.level = 0; /* dB */
+ range->max_qual.noise = 0; /* dB */
+
+ /* What would be suitable values for "average/typical" qual? */
+ range->avg_qual.qual = 20;
+ range->avg_qual.level = -60;
+ range->avg_qual.noise = -95;
+ } else {
+ range->max_qual.qual = 92; /* 0 .. 92 */
+ range->max_qual.level = 154; /* 27 .. 154 */
+ range->max_qual.noise = 154; /* 27 .. 154 */
+ }
+ range->sensitivity = 3;
+
+ range->max_encoding_tokens = WEP_KEYS;
+ range->num_encoding_sizes = 2;
+ range->encoding_size[0] = 5;
+ range->encoding_size[1] = 13;
+
+ over2 = 0;
+ len = prism2_get_datarates(dev, rates);
+ range->num_bitrates = 0;
+ for (i = 0; i < len; i++) {
+ if (range->num_bitrates < IW_MAX_BITRATES) {
+ range->bitrate[range->num_bitrates] =
+ rates[i] * 500000;
+ range->num_bitrates++;
+ }
+ if (rates[i] == 0x0b || rates[i] == 0x16)
+ over2 = 1;
+ }
+ /* estimated maximum TCP throughput values (bps) */
+ range->throughput = over2 ? 5500000 : 1500000;
+
+ range->min_rts = 0;
+ range->max_rts = 2347;
+ range->min_frag = 256;
+ range->max_frag = 2346;
+
+ /* Event capability (kernel + driver) */
+ range->event_capa[0] = (IW_EVENT_CAPA_K_0 |
+ IW_EVENT_CAPA_MASK(SIOCGIWTHRSPY) |
+ IW_EVENT_CAPA_MASK(SIOCGIWAP) |
+ IW_EVENT_CAPA_MASK(SIOCGIWSCAN));
+ range->event_capa[1] = IW_EVENT_CAPA_K_1;
+ range->event_capa[4] = (IW_EVENT_CAPA_MASK(IWEVTXDROP) |
+ IW_EVENT_CAPA_MASK(IWEVCUSTOM) |
+ IW_EVENT_CAPA_MASK(IWEVREGISTERED) |
+ IW_EVENT_CAPA_MASK(IWEVEXPIRED));
+
+ range->enc_capa = IW_ENC_CAPA_WPA | IW_ENC_CAPA_WPA2 |
+ IW_ENC_CAPA_CIPHER_TKIP | IW_ENC_CAPA_CIPHER_CCMP;
+
+ if (local->sta_fw_ver >= PRISM2_FW_VER(1,3,1))
+ range->scan_capa = IW_SCAN_CAPA_ESSID;
+
+ return 0;
+}
+
+
+static int hostap_monitor_mode_enable(local_info_t *local)
+{
+ struct net_device *dev = local->dev;
+
+ printk(KERN_DEBUG "Enabling monitor mode\n");
+ hostap_monitor_set_type(local);
+
+ if (hostap_set_word(dev, HFA384X_RID_CNFPORTTYPE,
+ HFA384X_PORTTYPE_PSEUDO_IBSS)) {
+ printk(KERN_DEBUG "Port type setting for monitor mode "
+ "failed\n");
+ return -EOPNOTSUPP;
+ }
+
+ /* Host decrypt is needed to get the IV and ICV fields;
+ * however, monitor mode seems to remove WEP flag from frame
+ * control field */
+ if (hostap_set_word(dev, HFA384X_RID_CNFWEPFLAGS,
+ HFA384X_WEPFLAGS_HOSTENCRYPT |
+ HFA384X_WEPFLAGS_HOSTDECRYPT)) {
+ printk(KERN_DEBUG "WEP flags setting failed\n");
+ return -EOPNOTSUPP;
+ }
+
+ if (local->func->reset_port(dev) ||
+ local->func->cmd(dev, HFA384X_CMDCODE_TEST |
+ (HFA384X_TEST_MONITOR << 8),
+ 0, NULL, NULL)) {
+ printk(KERN_DEBUG "Setting monitor mode failed\n");
+ return -EOPNOTSUPP;
+ }
+
+ return 0;
+}
+
+
+static int hostap_monitor_mode_disable(local_info_t *local)
+{
+ struct net_device *dev = local->ddev;
+
+ if (dev == NULL)
+ return -1;
+
+ printk(KERN_DEBUG "%s: Disabling monitor mode\n", dev->name);
+ dev->type = ARPHRD_ETHER;
+
+ if (local->func->cmd(dev, HFA384X_CMDCODE_TEST |
+ (HFA384X_TEST_STOP << 8),
+ 0, NULL, NULL))
+ return -1;
+ return hostap_set_encryption(local);
+}
+
+
+static int prism2_ioctl_siwmode(struct net_device *dev,
+ struct iw_request_info *info,
+ __u32 *mode, char *extra)
+{
+ struct hostap_interface *iface;
+ local_info_t *local;
+ int double_reset = 0;
+
+ iface = netdev_priv(dev);
+ local = iface->local;
+
+ if (*mode != IW_MODE_ADHOC && *mode != IW_MODE_INFRA &&
+ *mode != IW_MODE_MASTER && *mode != IW_MODE_REPEAT &&
+ *mode != IW_MODE_MONITOR)
+ return -EOPNOTSUPP;
+
+#ifdef PRISM2_NO_STATION_MODES
+ if (*mode == IW_MODE_ADHOC || *mode == IW_MODE_INFRA)
+ return -EOPNOTSUPP;
+#endif /* PRISM2_NO_STATION_MODES */
+
+ if (*mode == local->iw_mode)
+ return 0;
+
+ if (*mode == IW_MODE_MASTER && local->essid[0] == '\0') {
+ printk(KERN_WARNING "%s: empty SSID not allowed in Master "
+ "mode\n", dev->name);
+ return -EINVAL;
+ }
+
+ if (local->iw_mode == IW_MODE_MONITOR)
+ hostap_monitor_mode_disable(local);
+
+ if ((local->iw_mode == IW_MODE_ADHOC ||
+ local->iw_mode == IW_MODE_MONITOR) && *mode == IW_MODE_MASTER) {
+ /* There seems to be a firmware bug in at least STA f/w v1.5.6
+ * that leaves beacon frames to use IBSS type when moving from
+ * IBSS to Host AP mode. Doing double Port0 reset seems to be
+ * enough to workaround this. */
+ double_reset = 1;
+ }
+
+ printk(KERN_DEBUG "prism2: %s: operating mode changed "
+ "%d -> %d\n", dev->name, local->iw_mode, *mode);
+ local->iw_mode = *mode;
+
+ if (local->iw_mode == IW_MODE_MONITOR)
+ hostap_monitor_mode_enable(local);
+ else if (local->iw_mode == IW_MODE_MASTER && !local->host_encrypt &&
+ !local->fw_encrypt_ok) {
+ printk(KERN_DEBUG "%s: defaulting to host-based encryption as "
+ "a workaround for firmware bug in Host AP mode WEP\n",
+ dev->name);
+ local->host_encrypt = 1;
+ }
+
+ if (hostap_set_word(dev, HFA384X_RID_CNFPORTTYPE,
+ hostap_get_porttype(local)))
+ return -EOPNOTSUPP;
+
+ if (local->func->reset_port(dev))
+ return -EINVAL;
+ if (double_reset && local->func->reset_port(dev))
+ return -EINVAL;
+
+ if (local->iw_mode != IW_MODE_INFRA && local->iw_mode != IW_MODE_ADHOC)
+ {
+ /* netif_carrier is used only in client modes for now, so make
+ * sure carrier is on when moving to non-client modes. */
+ netif_carrier_on(local->dev);
+ netif_carrier_on(local->ddev);
+ }
+ return 0;
+}
+
+
+static int prism2_ioctl_giwmode(struct net_device *dev,
+ struct iw_request_info *info,
+ __u32 *mode, char *extra)
+{
+ struct hostap_interface *iface;
+ local_info_t *local;
+
+ iface = netdev_priv(dev);
+ local = iface->local;
+
+ switch (iface->type) {
+ case HOSTAP_INTERFACE_STA:
+ *mode = IW_MODE_INFRA;
+ break;
+ case HOSTAP_INTERFACE_WDS:
+ *mode = IW_MODE_REPEAT;
+ break;
+ default:
+ *mode = local->iw_mode;
+ break;
+ }
+ return 0;
+}
+
+
+static int prism2_ioctl_siwpower(struct net_device *dev,
+ struct iw_request_info *info,
+ struct iw_param *wrq, char *extra)
+{
+#ifdef PRISM2_NO_STATION_MODES
+ return -EOPNOTSUPP;
+#else /* PRISM2_NO_STATION_MODES */
+ int ret = 0;
+
+ if (wrq->disabled)
+ return hostap_set_word(dev, HFA384X_RID_CNFPMENABLED, 0);
+
+ switch (wrq->flags & IW_POWER_MODE) {
+ case IW_POWER_UNICAST_R:
+ ret = hostap_set_word(dev, HFA384X_RID_CNFMULTICASTRECEIVE, 0);
+ if (ret)
+ return ret;
+ ret = hostap_set_word(dev, HFA384X_RID_CNFPMENABLED, 1);
+ if (ret)
+ return ret;
+ break;
+ case IW_POWER_ALL_R:
+ ret = hostap_set_word(dev, HFA384X_RID_CNFMULTICASTRECEIVE, 1);
+ if (ret)
+ return ret;
+ ret = hostap_set_word(dev, HFA384X_RID_CNFPMENABLED, 1);
+ if (ret)
+ return ret;
+ break;
+ case IW_POWER_ON:
+ break;
+ default:
+ return -EINVAL;
+ }
+
+ if (wrq->flags & IW_POWER_TIMEOUT) {
+ ret = hostap_set_word(dev, HFA384X_RID_CNFPMENABLED, 1);
+ if (ret)
+ return ret;
+ ret = hostap_set_word(dev, HFA384X_RID_CNFPMHOLDOVERDURATION,
+ wrq->value / 1024);
+ if (ret)
+ return ret;
+ }
+ if (wrq->flags & IW_POWER_PERIOD) {
+ ret = hostap_set_word(dev, HFA384X_RID_CNFPMENABLED, 1);
+ if (ret)
+ return ret;
+ ret = hostap_set_word(dev, HFA384X_RID_CNFMAXSLEEPDURATION,
+ wrq->value / 1024);
+ if (ret)
+ return ret;
+ }
+
+ return ret;
+#endif /* PRISM2_NO_STATION_MODES */
+}
+
+
+static int prism2_ioctl_giwpower(struct net_device *dev,
+ struct iw_request_info *info,
+ struct iw_param *rrq, char *extra)
+{
+#ifdef PRISM2_NO_STATION_MODES
+ return -EOPNOTSUPP;
+#else /* PRISM2_NO_STATION_MODES */
+ struct hostap_interface *iface;
+ local_info_t *local;
+ __le16 enable, mcast;
+
+ iface = netdev_priv(dev);
+ local = iface->local;
+
+ if (local->func->get_rid(dev, HFA384X_RID_CNFPMENABLED, &enable, 2, 1)
+ < 0)
+ return -EINVAL;
+
+ if (!le16_to_cpu(enable)) {
+ rrq->disabled = 1;
+ return 0;
+ }
+
+ rrq->disabled = 0;
+
+ if ((rrq->flags & IW_POWER_TYPE) == IW_POWER_TIMEOUT) {
+ __le16 timeout;
+ if (local->func->get_rid(dev,
+ HFA384X_RID_CNFPMHOLDOVERDURATION,
+ &timeout, 2, 1) < 0)
+ return -EINVAL;
+
+ rrq->flags = IW_POWER_TIMEOUT;
+ rrq->value = le16_to_cpu(timeout) * 1024;
+ } else {
+ __le16 period;
+ if (local->func->get_rid(dev, HFA384X_RID_CNFMAXSLEEPDURATION,
+ &period, 2, 1) < 0)
+ return -EINVAL;
+
+ rrq->flags = IW_POWER_PERIOD;
+ rrq->value = le16_to_cpu(period) * 1024;
+ }
+
+ if (local->func->get_rid(dev, HFA384X_RID_CNFMULTICASTRECEIVE, &mcast,
+ 2, 1) < 0)
+ return -EINVAL;
+
+ if (le16_to_cpu(mcast))
+ rrq->flags |= IW_POWER_ALL_R;
+ else
+ rrq->flags |= IW_POWER_UNICAST_R;
+
+ return 0;
+#endif /* PRISM2_NO_STATION_MODES */
+}
+
+
+static int prism2_ioctl_siwretry(struct net_device *dev,
+ struct iw_request_info *info,
+ struct iw_param *rrq, char *extra)
+{
+ struct hostap_interface *iface;
+ local_info_t *local;
+
+ iface = netdev_priv(dev);
+ local = iface->local;
+
+ if (rrq->disabled)
+ return -EINVAL;
+
+ /* setting retry limits is not supported with the current station
+ * firmware code; simulate this with alternative retry count for now */
+ if (rrq->flags == IW_RETRY_LIMIT) {
+ if (rrq->value < 0) {
+ /* disable manual retry count setting and use firmware
+ * defaults */
+ local->manual_retry_count = -1;
+ local->tx_control &= ~HFA384X_TX_CTRL_ALT_RTRY;
+ } else {
+ if (hostap_set_word(dev, HFA384X_RID_CNFALTRETRYCOUNT,
+ rrq->value)) {
+ printk(KERN_DEBUG "%s: Alternate retry count "
+ "setting to %d failed\n",
+ dev->name, rrq->value);
+ return -EOPNOTSUPP;
+ }
+
+ local->manual_retry_count = rrq->value;
+ local->tx_control |= HFA384X_TX_CTRL_ALT_RTRY;
+ }
+ return 0;
+ }
+
+ return -EOPNOTSUPP;
+
+#if 0
+ /* what could be done, if firmware would support this.. */
+
+ if (rrq->flags & IW_RETRY_LIMIT) {
+ if (rrq->flags & IW_RETRY_LONG)
+ HFA384X_RID_LONGRETRYLIMIT = rrq->value;
+ else if (rrq->flags & IW_RETRY_SHORT)
+ HFA384X_RID_SHORTRETRYLIMIT = rrq->value;
+ else {
+ HFA384X_RID_LONGRETRYLIMIT = rrq->value;
+ HFA384X_RID_SHORTRETRYLIMIT = rrq->value;
+ }
+
+ }
+
+ if (rrq->flags & IW_RETRY_LIFETIME) {
+ HFA384X_RID_MAXTRANSMITLIFETIME = rrq->value / 1024;
+ }
+
+ return 0;
+#endif /* 0 */
+}
+
+static int prism2_ioctl_giwretry(struct net_device *dev,
+ struct iw_request_info *info,
+ struct iw_param *rrq, char *extra)
+{
+ struct hostap_interface *iface;
+ local_info_t *local;
+ __le16 shortretry, longretry, lifetime, altretry;
+
+ iface = netdev_priv(dev);
+ local = iface->local;
+
+ if (local->func->get_rid(dev, HFA384X_RID_SHORTRETRYLIMIT, &shortretry,
+ 2, 1) < 0 ||
+ local->func->get_rid(dev, HFA384X_RID_LONGRETRYLIMIT, &longretry,
+ 2, 1) < 0 ||
+ local->func->get_rid(dev, HFA384X_RID_MAXTRANSMITLIFETIME,
+ &lifetime, 2, 1) < 0)
+ return -EINVAL;
+
+ rrq->disabled = 0;
+
+ if ((rrq->flags & IW_RETRY_TYPE) == IW_RETRY_LIFETIME) {
+ rrq->flags = IW_RETRY_LIFETIME;
+ rrq->value = le16_to_cpu(lifetime) * 1024;
+ } else {
+ if (local->manual_retry_count >= 0) {
+ rrq->flags = IW_RETRY_LIMIT;
+ if (local->func->get_rid(dev,
+ HFA384X_RID_CNFALTRETRYCOUNT,
+ &altretry, 2, 1) >= 0)
+ rrq->value = le16_to_cpu(altretry);
+ else
+ rrq->value = local->manual_retry_count;
+ } else if ((rrq->flags & IW_RETRY_LONG)) {
+ rrq->flags = IW_RETRY_LIMIT | IW_RETRY_LONG;
+ rrq->value = le16_to_cpu(longretry);
+ } else {
+ rrq->flags = IW_RETRY_LIMIT;
+ rrq->value = le16_to_cpu(shortretry);
+ if (shortretry != longretry)
+ rrq->flags |= IW_RETRY_SHORT;
+ }
+ }
+ return 0;
+}
+
+
+/* Note! This TX power controlling is experimental and should not be used in
+ * production use. It just sets raw power register and does not use any kind of
+ * feedback information from the measured TX power (CR58). This is now
+ * commented out to make sure that it is not used by accident. TX power
+ * configuration will be enabled again after proper algorithm using feedback
+ * has been implemented. */
+
+#ifdef RAW_TXPOWER_SETTING
+/* Map HFA386x's CR31 to and from dBm with some sort of ad hoc mapping..
+ * This version assumes following mapping:
+ * CR31 is 7-bit value with -64 to +63 range.
+ * -64 is mapped into +20dBm and +63 into -43dBm.
+ * This is certainly not an exact mapping for every card, but at least
+ * increasing dBm value should correspond to increasing TX power.
+ */
+
+static int prism2_txpower_hfa386x_to_dBm(u16 val)
+{
+ signed char tmp;
+
+ if (val > 255)
+ val = 255;
+
+ tmp = val;
+ tmp >>= 2;
+
+ return -12 - tmp;
+}
+
+static u16 prism2_txpower_dBm_to_hfa386x(int val)
+{
+ signed char tmp;
+
+ if (val > 20)
+ return 128;
+ else if (val < -43)
+ return 127;
+
+ tmp = val;
+ tmp = -12 - tmp;
+ tmp <<= 2;
+
+ return (unsigned char) tmp;
+}
+#endif /* RAW_TXPOWER_SETTING */
+
+
+static int prism2_ioctl_siwtxpow(struct net_device *dev,
+ struct iw_request_info *info,
+ struct iw_param *rrq, char *extra)
+{
+ struct hostap_interface *iface;
+ local_info_t *local;
+#ifdef RAW_TXPOWER_SETTING
+ char *tmp;
+#endif
+ u16 val;
+ int ret = 0;
+
+ iface = netdev_priv(dev);
+ local = iface->local;
+
+ if (rrq->disabled) {
+ if (local->txpower_type != PRISM2_TXPOWER_OFF) {
+ val = 0xff; /* use all standby and sleep modes */
+ ret = local->func->cmd(dev, HFA384X_CMDCODE_WRITEMIF,
+ HFA386X_CR_A_D_TEST_MODES2,
+ &val, NULL);
+ printk(KERN_DEBUG "%s: Turning radio off: %s\n",
+ dev->name, ret ? "failed" : "OK");
+ local->txpower_type = PRISM2_TXPOWER_OFF;
+ }
+ return (ret ? -EOPNOTSUPP : 0);
+ }
+
+ if (local->txpower_type == PRISM2_TXPOWER_OFF) {
+ val = 0; /* disable all standby and sleep modes */
+ ret = local->func->cmd(dev, HFA384X_CMDCODE_WRITEMIF,
+ HFA386X_CR_A_D_TEST_MODES2, &val, NULL);
+ printk(KERN_DEBUG "%s: Turning radio on: %s\n",
+ dev->name, ret ? "failed" : "OK");
+ local->txpower_type = PRISM2_TXPOWER_UNKNOWN;
+ }
+
+#ifdef RAW_TXPOWER_SETTING
+ if (!rrq->fixed && local->txpower_type != PRISM2_TXPOWER_AUTO) {
+ printk(KERN_DEBUG "Setting ALC on\n");
+ val = HFA384X_TEST_CFG_BIT_ALC;
+ local->func->cmd(dev, HFA384X_CMDCODE_TEST |
+ (HFA384X_TEST_CFG_BITS << 8), 1, &val, NULL);
+ local->txpower_type = PRISM2_TXPOWER_AUTO;
+ return 0;
+ }
+
+ if (local->txpower_type != PRISM2_TXPOWER_FIXED) {
+ printk(KERN_DEBUG "Setting ALC off\n");
+ val = HFA384X_TEST_CFG_BIT_ALC;
+ local->func->cmd(dev, HFA384X_CMDCODE_TEST |
+ (HFA384X_TEST_CFG_BITS << 8), 0, &val, NULL);
+ local->txpower_type = PRISM2_TXPOWER_FIXED;
+ }
+
+ if (rrq->flags == IW_TXPOW_DBM)
+ tmp = "dBm";
+ else if (rrq->flags == IW_TXPOW_MWATT)
+ tmp = "mW";
+ else
+ tmp = "UNKNOWN";
+ printk(KERN_DEBUG "Setting TX power to %d %s\n", rrq->value, tmp);
+
+ if (rrq->flags != IW_TXPOW_DBM) {
+ printk("SIOCSIWTXPOW with mW is not supported; use dBm\n");
+ return -EOPNOTSUPP;
+ }
+
+ local->txpower = rrq->value;
+ val = prism2_txpower_dBm_to_hfa386x(local->txpower);
+ if (local->func->cmd(dev, HFA384X_CMDCODE_WRITEMIF,
+ HFA386X_CR_MANUAL_TX_POWER, &val, NULL))
+ ret = -EOPNOTSUPP;
+#else /* RAW_TXPOWER_SETTING */
+ if (rrq->fixed)
+ ret = -EOPNOTSUPP;
+#endif /* RAW_TXPOWER_SETTING */
+
+ return ret;
+}
+
+static int prism2_ioctl_giwtxpow(struct net_device *dev,
+ struct iw_request_info *info,
+ struct iw_param *rrq, char *extra)
+{
+#ifdef RAW_TXPOWER_SETTING
+ struct hostap_interface *iface;
+ local_info_t *local;
+ u16 resp0;
+
+ iface = netdev_priv(dev);
+ local = iface->local;
+
+ rrq->flags = IW_TXPOW_DBM;
+ rrq->disabled = 0;
+ rrq->fixed = 0;
+
+ if (local->txpower_type == PRISM2_TXPOWER_AUTO) {
+ if (local->func->cmd(dev, HFA384X_CMDCODE_READMIF,
+ HFA386X_CR_MANUAL_TX_POWER,
+ NULL, &resp0) == 0) {
+ rrq->value = prism2_txpower_hfa386x_to_dBm(resp0);
+ } else {
+ /* Could not get real txpower; guess 15 dBm */
+ rrq->value = 15;
+ }
+ } else if (local->txpower_type == PRISM2_TXPOWER_OFF) {
+ rrq->value = 0;
+ rrq->disabled = 1;
+ } else if (local->txpower_type == PRISM2_TXPOWER_FIXED) {
+ rrq->value = local->txpower;
+ rrq->fixed = 1;
+ } else {
+ printk("SIOCGIWTXPOW - unknown txpower_type=%d\n",
+ local->txpower_type);
+ }
+ return 0;
+#else /* RAW_TXPOWER_SETTING */
+ return -EOPNOTSUPP;
+#endif /* RAW_TXPOWER_SETTING */
+}
+
+
+#ifndef PRISM2_NO_STATION_MODES
+
+/* HostScan request works with and without host_roaming mode. In addition, it
+ * does not break current association. However, it requires newer station
+ * firmware version (>= 1.3.1) than scan request. */
+static int prism2_request_hostscan(struct net_device *dev,
+ u8 *ssid, u8 ssid_len)
+{
+ struct hostap_interface *iface;
+ local_info_t *local;
+ struct hfa384x_hostscan_request scan_req;
+
+ iface = netdev_priv(dev);
+ local = iface->local;
+
+ memset(&scan_req, 0, sizeof(scan_req));
+ scan_req.channel_list = cpu_to_le16(local->channel_mask &
+ local->scan_channel_mask);
+ scan_req.txrate = cpu_to_le16(HFA384X_RATES_1MBPS);
+ if (ssid) {
+ if (ssid_len > 32)
+ return -EINVAL;
+ scan_req.target_ssid_len = cpu_to_le16(ssid_len);
+ memcpy(scan_req.target_ssid, ssid, ssid_len);
+ }
+
+ if (local->func->set_rid(dev, HFA384X_RID_HOSTSCAN, &scan_req,
+ sizeof(scan_req))) {
+ printk(KERN_DEBUG "%s: HOSTSCAN failed\n", dev->name);
+ return -EINVAL;
+ }
+ return 0;
+}
+
+
+static int prism2_request_scan(struct net_device *dev)
+{
+ struct hostap_interface *iface;
+ local_info_t *local;
+ struct hfa384x_scan_request scan_req;
+ int ret = 0;
+
+ iface = netdev_priv(dev);
+ local = iface->local;
+
+ memset(&scan_req, 0, sizeof(scan_req));
+ scan_req.channel_list = cpu_to_le16(local->channel_mask &
+ local->scan_channel_mask);
+ scan_req.txrate = cpu_to_le16(HFA384X_RATES_1MBPS);
+
+ /* FIX:
+ * It seems to be enough to set roaming mode for a short moment to
+ * host-based and then setup scanrequest data and return the mode to
+ * firmware-based.
+ *
+ * Master mode would need to drop to Managed mode for a short while
+ * to make scanning work.. Or sweep through the different channels and
+ * use passive scan based on beacons. */
+
+ if (!local->host_roaming)
+ hostap_set_word(dev, HFA384X_RID_CNFROAMINGMODE,
+ HFA384X_ROAMING_HOST);
+
+ if (local->func->set_rid(dev, HFA384X_RID_SCANREQUEST, &scan_req,
+ sizeof(scan_req))) {
+ printk(KERN_DEBUG "SCANREQUEST failed\n");
+ ret = -EINVAL;
+ }
+
+ if (!local->host_roaming)
+ hostap_set_word(dev, HFA384X_RID_CNFROAMINGMODE,
+ HFA384X_ROAMING_FIRMWARE);
+
+ return ret;
+}
+
+#else /* !PRISM2_NO_STATION_MODES */
+
+static inline int prism2_request_hostscan(struct net_device *dev,
+ u8 *ssid, u8 ssid_len)
+{
+ return -EOPNOTSUPP;
+}
+
+
+static inline int prism2_request_scan(struct net_device *dev)
+{
+ return -EOPNOTSUPP;
+}
+
+#endif /* !PRISM2_NO_STATION_MODES */
+
+
+static int prism2_ioctl_siwscan(struct net_device *dev,
+ struct iw_request_info *info,
+ struct iw_point *data, char *extra)
+{
+ struct hostap_interface *iface;
+ local_info_t *local;
+ int ret;
+ u8 *ssid = NULL, ssid_len = 0;
+ struct iw_scan_req *req = (struct iw_scan_req *) extra;
+
+ iface = netdev_priv(dev);
+ local = iface->local;
+
+ if (data->length < sizeof(struct iw_scan_req))
+ req = NULL;
+
+ if (local->iw_mode == IW_MODE_MASTER) {
+ /* In master mode, we just return the results of our local
+ * tables, so we don't need to start anything...
+ * Jean II */
+ data->length = 0;
+ return 0;
+ }
+
+ if (!local->dev_enabled)
+ return -ENETDOWN;
+
+ if (req && data->flags & IW_SCAN_THIS_ESSID) {
+ ssid = req->essid;
+ ssid_len = req->essid_len;
+
+ if (ssid_len &&
+ ((local->iw_mode != IW_MODE_INFRA &&
+ local->iw_mode != IW_MODE_ADHOC) ||
+ (local->sta_fw_ver < PRISM2_FW_VER(1,3,1))))
+ return -EOPNOTSUPP;
+ }
+
+ if (local->sta_fw_ver >= PRISM2_FW_VER(1,3,1))
+ ret = prism2_request_hostscan(dev, ssid, ssid_len);
+ else
+ ret = prism2_request_scan(dev);
+
+ if (ret == 0)
+ local->scan_timestamp = jiffies;
+
+ /* Could inquire F101, F103 or wait for SIOCGIWSCAN and read RID */
+
+ return ret;
+}
+
+
+#ifndef PRISM2_NO_STATION_MODES
+static char * __prism2_translate_scan(local_info_t *local,
+ struct iw_request_info *info,
+ struct hfa384x_hostscan_result *scan,
+ struct hostap_bss_info *bss,
+ char *current_ev, char *end_buf)
+{
+ int i, chan;
+ struct iw_event iwe;
+ char *current_val;
+ u16 capabilities;
+ u8 *pos;
+ u8 *ssid, *bssid;
+ size_t ssid_len;
+ char *buf;
+
+ if (bss) {
+ ssid = bss->ssid;
+ ssid_len = bss->ssid_len;
+ bssid = bss->bssid;
+ } else {
+ ssid = scan->ssid;
+ ssid_len = le16_to_cpu(scan->ssid_len);
+ bssid = scan->bssid;
+ }
+ if (ssid_len > 32)
+ ssid_len = 32;
+
+ /* First entry *MUST* be the AP MAC address */
+ memset(&iwe, 0, sizeof(iwe));
+ iwe.cmd = SIOCGIWAP;
+ iwe.u.ap_addr.sa_family = ARPHRD_ETHER;
+ memcpy(iwe.u.ap_addr.sa_data, bssid, ETH_ALEN);
+ current_ev = iwe_stream_add_event(info, current_ev, end_buf, &iwe,
+ IW_EV_ADDR_LEN);
+
+ /* Other entries will be displayed in the order we give them */
+
+ memset(&iwe, 0, sizeof(iwe));
+ iwe.cmd = SIOCGIWESSID;
+ iwe.u.data.length = ssid_len;
+ iwe.u.data.flags = 1;
+ current_ev = iwe_stream_add_point(info, current_ev, end_buf,
+ &iwe, ssid);
+
+ memset(&iwe, 0, sizeof(iwe));
+ iwe.cmd = SIOCGIWMODE;
+ if (bss) {
+ capabilities = bss->capab_info;
+ } else {
+ capabilities = le16_to_cpu(scan->capability);
+ }
+ if (capabilities & (WLAN_CAPABILITY_ESS |
+ WLAN_CAPABILITY_IBSS)) {
+ if (capabilities & WLAN_CAPABILITY_ESS)
+ iwe.u.mode = IW_MODE_MASTER;
+ else
+ iwe.u.mode = IW_MODE_ADHOC;
+ current_ev = iwe_stream_add_event(info, current_ev, end_buf,
+ &iwe, IW_EV_UINT_LEN);
+ }
+
+ memset(&iwe, 0, sizeof(iwe));
+ iwe.cmd = SIOCGIWFREQ;
+ if (scan) {
+ chan = le16_to_cpu(scan->chid);
+ } else if (bss) {
+ chan = bss->chan;
+ } else {
+ chan = 0;
+ }
+
+ if (chan > 0) {
+ iwe.u.freq.m = freq_list[chan - 1] * 100000;
+ iwe.u.freq.e = 1;
+ current_ev = iwe_stream_add_event(info, current_ev, end_buf,
+ &iwe, IW_EV_FREQ_LEN);
+ }
+
+ if (scan) {
+ memset(&iwe, 0, sizeof(iwe));
+ iwe.cmd = IWEVQUAL;
+ if (local->last_scan_type == PRISM2_HOSTSCAN) {
+ iwe.u.qual.level = le16_to_cpu(scan->sl);
+ iwe.u.qual.noise = le16_to_cpu(scan->anl);
+ } else {
+ iwe.u.qual.level =
+ HFA384X_LEVEL_TO_dBm(le16_to_cpu(scan->sl));
+ iwe.u.qual.noise =
+ HFA384X_LEVEL_TO_dBm(le16_to_cpu(scan->anl));
+ }
+ iwe.u.qual.updated = IW_QUAL_LEVEL_UPDATED
+ | IW_QUAL_NOISE_UPDATED
+ | IW_QUAL_QUAL_INVALID
+ | IW_QUAL_DBM;
+ current_ev = iwe_stream_add_event(info, current_ev, end_buf,
+ &iwe, IW_EV_QUAL_LEN);
+ }
+
+ memset(&iwe, 0, sizeof(iwe));
+ iwe.cmd = SIOCGIWENCODE;
+ if (capabilities & WLAN_CAPABILITY_PRIVACY)
+ iwe.u.data.flags = IW_ENCODE_ENABLED | IW_ENCODE_NOKEY;
+ else
+ iwe.u.data.flags = IW_ENCODE_DISABLED;
+ iwe.u.data.length = 0;
+ current_ev = iwe_stream_add_point(info, current_ev, end_buf, &iwe, "");
+
+ /* TODO: add SuppRates into BSS table */
+ if (scan) {
+ memset(&iwe, 0, sizeof(iwe));
+ iwe.cmd = SIOCGIWRATE;
+ current_val = current_ev + iwe_stream_lcp_len(info);
+ pos = scan->sup_rates;
+ for (i = 0; i < sizeof(scan->sup_rates); i++) {
+ if (pos[i] == 0)
+ break;
+ /* Bit rate given in 500 kb/s units (+ 0x80) */
+ iwe.u.bitrate.value = ((pos[i] & 0x7f) * 500000);
+ current_val = iwe_stream_add_value(
+ info, current_ev, current_val, end_buf, &iwe,
+ IW_EV_PARAM_LEN);
+ }
+ /* Check if we added any event */
+ if ((current_val - current_ev) > iwe_stream_lcp_len(info))
+ current_ev = current_val;
+ }
+
+ /* TODO: add BeaconInt,resp_rate,atim into BSS table */
+ buf = kmalloc(MAX_WPA_IE_LEN * 2 + 30, GFP_ATOMIC);
+ if (buf && scan) {
+ memset(&iwe, 0, sizeof(iwe));
+ iwe.cmd = IWEVCUSTOM;
+ sprintf(buf, "bcn_int=%d", le16_to_cpu(scan->beacon_interval));
+ iwe.u.data.length = strlen(buf);
+ current_ev = iwe_stream_add_point(info, current_ev, end_buf,
+ &iwe, buf);
+
+ memset(&iwe, 0, sizeof(iwe));
+ iwe.cmd = IWEVCUSTOM;
+ sprintf(buf, "resp_rate=%d", le16_to_cpu(scan->rate));
+ iwe.u.data.length = strlen(buf);
+ current_ev = iwe_stream_add_point(info, current_ev, end_buf,
+ &iwe, buf);
+
+ if (local->last_scan_type == PRISM2_HOSTSCAN &&
+ (capabilities & WLAN_CAPABILITY_IBSS)) {
+ memset(&iwe, 0, sizeof(iwe));
+ iwe.cmd = IWEVCUSTOM;
+ sprintf(buf, "atim=%d", le16_to_cpu(scan->atim));
+ iwe.u.data.length = strlen(buf);
+ current_ev = iwe_stream_add_point(info, current_ev,
+ end_buf, &iwe, buf);
+ }
+ }
+ kfree(buf);
+
+ if (bss && bss->wpa_ie_len > 0 && bss->wpa_ie_len <= MAX_WPA_IE_LEN) {
+ memset(&iwe, 0, sizeof(iwe));
+ iwe.cmd = IWEVGENIE;
+ iwe.u.data.length = bss->wpa_ie_len;
+ current_ev = iwe_stream_add_point(info, current_ev, end_buf,
+ &iwe, bss->wpa_ie);
+ }
+
+ if (bss && bss->rsn_ie_len > 0 && bss->rsn_ie_len <= MAX_WPA_IE_LEN) {
+ memset(&iwe, 0, sizeof(iwe));
+ iwe.cmd = IWEVGENIE;
+ iwe.u.data.length = bss->rsn_ie_len;
+ current_ev = iwe_stream_add_point(info, current_ev, end_buf,
+ &iwe, bss->rsn_ie);
+ }
+
+ return current_ev;
+}
+
+
+/* Translate scan data returned from the card to a card independent
+ * format that the Wireless Tools will understand - Jean II */
+static inline int prism2_translate_scan(local_info_t *local,
+ struct iw_request_info *info,
+ char *buffer, int buflen)
+{
+ struct hfa384x_hostscan_result *scan;
+ int entry;
+ char *current_ev = buffer;
+ char *end_buf = buffer + buflen;
+ struct list_head *ptr;
+
+ spin_lock_bh(&local->lock);
+
+ list_for_each(ptr, &local->bss_list) {
+ struct hostap_bss_info *bss;
+ bss = list_entry(ptr, struct hostap_bss_info, list);
+ bss->included = 0;
+ }
+
+ for (entry = 0; entry < local->last_scan_results_count; entry++) {
+ int found = 0;
+ scan = &local->last_scan_results[entry];
+
+ /* Report every SSID if the AP is using multiple SSIDs. If no
+ * BSS record is found (e.g., when WPA mode is disabled),
+ * report the AP once. */
+ list_for_each(ptr, &local->bss_list) {
+ struct hostap_bss_info *bss;
+ bss = list_entry(ptr, struct hostap_bss_info, list);
+ if (ether_addr_equal(bss->bssid, scan->bssid)) {
+ bss->included = 1;
+ current_ev = __prism2_translate_scan(
+ local, info, scan, bss, current_ev,
+ end_buf);
+ found++;
+ }
+ }
+ if (!found) {
+ current_ev = __prism2_translate_scan(
+ local, info, scan, NULL, current_ev, end_buf);
+ }
+ /* Check if there is space for one more entry */
+ if ((end_buf - current_ev) <= IW_EV_ADDR_LEN) {
+ /* Ask user space to try again with a bigger buffer */
+ spin_unlock_bh(&local->lock);
+ return -E2BIG;
+ }
+ }
+
+ /* Prism2 firmware has limits (32 at least in some versions) for number
+ * of BSSes in scan results. Extend this limit by using local BSS list.
+ */
+ list_for_each(ptr, &local->bss_list) {
+ struct hostap_bss_info *bss;
+ bss = list_entry(ptr, struct hostap_bss_info, list);
+ if (bss->included)
+ continue;
+ current_ev = __prism2_translate_scan(local, info, NULL, bss,
+ current_ev, end_buf);
+ /* Check if there is space for one more entry */
+ if ((end_buf - current_ev) <= IW_EV_ADDR_LEN) {
+ /* Ask user space to try again with a bigger buffer */
+ spin_unlock_bh(&local->lock);
+ return -E2BIG;
+ }
+ }
+
+ spin_unlock_bh(&local->lock);
+
+ return current_ev - buffer;
+}
+#endif /* PRISM2_NO_STATION_MODES */
+
+
+static inline int prism2_ioctl_giwscan_sta(struct net_device *dev,
+ struct iw_request_info *info,
+ struct iw_point *data, char *extra)
+{
+#ifdef PRISM2_NO_STATION_MODES
+ return -EOPNOTSUPP;
+#else /* PRISM2_NO_STATION_MODES */
+ struct hostap_interface *iface;
+ local_info_t *local;
+ int res;
+
+ iface = netdev_priv(dev);
+ local = iface->local;
+
+ /* Wait until the scan is finished. We can probably do better
+ * than that - Jean II */
+ if (local->scan_timestamp &&
+ time_before(jiffies, local->scan_timestamp + 3 * HZ)) {
+ /* Important note : we don't want to block the caller
+ * until results are ready for various reasons.
+ * First, managing wait queues is complex and racy
+ * (there may be multiple simultaneous callers).
+ * Second, we grab some rtnetlink lock before coming
+ * here (in dev_ioctl()).
+ * Third, the caller can wait on the Wireless Event
+ * - Jean II */
+ return -EAGAIN;
+ }
+ local->scan_timestamp = 0;
+
+ res = prism2_translate_scan(local, info, extra, data->length);
+
+ if (res >= 0) {
+ data->length = res;
+ return 0;
+ } else {
+ data->length = 0;
+ return res;
+ }
+#endif /* PRISM2_NO_STATION_MODES */
+}
+
+
+static int prism2_ioctl_giwscan(struct net_device *dev,
+ struct iw_request_info *info,
+ struct iw_point *data, char *extra)
+{
+ struct hostap_interface *iface;
+ local_info_t *local;
+ int res;
+
+ iface = netdev_priv(dev);
+ local = iface->local;
+
+ if (local->iw_mode == IW_MODE_MASTER) {
+ /* In MASTER mode, it doesn't make sense to go around
+ * scanning the frequencies and make the stations we serve
+ * wait when what the user is really interested about is the
+ * list of stations and access points we are talking to.
+ * So, just extract results from our cache...
+ * Jean II */
+
+ /* Translate to WE format */
+ res = prism2_ap_translate_scan(dev, info, extra);
+ if (res >= 0) {
+ printk(KERN_DEBUG "Scan result translation succeeded "
+ "(length=%d)\n", res);
+ data->length = res;
+ return 0;
+ } else {
+ printk(KERN_DEBUG
+ "Scan result translation failed (res=%d)\n",
+ res);
+ data->length = 0;
+ return res;
+ }
+ } else {
+ /* Station mode */
+ return prism2_ioctl_giwscan_sta(dev, info, data, extra);
+ }
+}
+
+
+static const struct iw_priv_args prism2_priv[] = {
+ { PRISM2_IOCTL_MONITOR,
+ IW_PRIV_TYPE_INT | IW_PRIV_SIZE_FIXED | 1, 0, "monitor" },
+ { PRISM2_IOCTL_READMIF,
+ IW_PRIV_TYPE_BYTE | IW_PRIV_SIZE_FIXED | 1,
+ IW_PRIV_TYPE_BYTE | IW_PRIV_SIZE_FIXED | 1, "readmif" },
+ { PRISM2_IOCTL_WRITEMIF,
+ IW_PRIV_TYPE_BYTE | IW_PRIV_SIZE_FIXED | 2, 0, "writemif" },
+ { PRISM2_IOCTL_RESET,
+ IW_PRIV_TYPE_INT | IW_PRIV_SIZE_FIXED | 1, 0, "reset" },
+ { PRISM2_IOCTL_INQUIRE,
+ IW_PRIV_TYPE_INT | IW_PRIV_SIZE_FIXED | 1, 0, "inquire" },
+ { PRISM2_IOCTL_SET_RID_WORD,
+ IW_PRIV_TYPE_INT | IW_PRIV_SIZE_FIXED | 2, 0, "set_rid_word" },
+ { PRISM2_IOCTL_MACCMD,
+ IW_PRIV_TYPE_INT | IW_PRIV_SIZE_FIXED | 1, 0, "maccmd" },
+ { PRISM2_IOCTL_WDS_ADD,
+ IW_PRIV_TYPE_ADDR | IW_PRIV_SIZE_FIXED | 1, 0, "wds_add" },
+ { PRISM2_IOCTL_WDS_DEL,
+ IW_PRIV_TYPE_ADDR | IW_PRIV_SIZE_FIXED | 1, 0, "wds_del" },
+ { PRISM2_IOCTL_ADDMAC,
+ IW_PRIV_TYPE_ADDR | IW_PRIV_SIZE_FIXED | 1, 0, "addmac" },
+ { PRISM2_IOCTL_DELMAC,
+ IW_PRIV_TYPE_ADDR | IW_PRIV_SIZE_FIXED | 1, 0, "delmac" },
+ { PRISM2_IOCTL_KICKMAC,
+ IW_PRIV_TYPE_ADDR | IW_PRIV_SIZE_FIXED | 1, 0, "kickmac" },
+ /* --- raw access to sub-ioctls --- */
+ { PRISM2_IOCTL_PRISM2_PARAM,
+ IW_PRIV_TYPE_INT | IW_PRIV_SIZE_FIXED | 2, 0, "prism2_param" },
+ { PRISM2_IOCTL_GET_PRISM2_PARAM,
+ IW_PRIV_TYPE_INT | IW_PRIV_SIZE_FIXED | 1,
+ IW_PRIV_TYPE_INT | IW_PRIV_SIZE_FIXED | 1, "getprism2_param" },
+ /* --- sub-ioctls handlers --- */
+ { PRISM2_IOCTL_PRISM2_PARAM,
+ IW_PRIV_TYPE_INT | IW_PRIV_SIZE_FIXED | 1, 0, "" },
+ { PRISM2_IOCTL_GET_PRISM2_PARAM,
+ 0, IW_PRIV_TYPE_INT | IW_PRIV_SIZE_FIXED | 1, "" },
+ /* --- sub-ioctls definitions --- */
+ { PRISM2_PARAM_TXRATECTRL,
+ IW_PRIV_TYPE_INT | IW_PRIV_SIZE_FIXED | 1, 0, "txratectrl" },
+ { PRISM2_PARAM_TXRATECTRL,
+ 0, IW_PRIV_TYPE_INT | IW_PRIV_SIZE_FIXED | 1, "gettxratectrl" },
+ { PRISM2_PARAM_BEACON_INT,
+ IW_PRIV_TYPE_INT | IW_PRIV_SIZE_FIXED | 1, 0, "beacon_int" },
+ { PRISM2_PARAM_BEACON_INT,
+ 0, IW_PRIV_TYPE_INT | IW_PRIV_SIZE_FIXED | 1, "getbeacon_int" },
+#ifndef PRISM2_NO_STATION_MODES
+ { PRISM2_PARAM_PSEUDO_IBSS,
+ IW_PRIV_TYPE_INT | IW_PRIV_SIZE_FIXED | 1, 0, "pseudo_ibss" },
+ { PRISM2_PARAM_PSEUDO_IBSS,
+ 0, IW_PRIV_TYPE_INT | IW_PRIV_SIZE_FIXED | 1, "getpseudo_ibss" },
+#endif /* PRISM2_NO_STATION_MODES */
+ { PRISM2_PARAM_ALC,
+ IW_PRIV_TYPE_INT | IW_PRIV_SIZE_FIXED | 1, 0, "alc" },
+ { PRISM2_PARAM_ALC,
+ 0, IW_PRIV_TYPE_INT | IW_PRIV_SIZE_FIXED | 1, "getalc" },
+ { PRISM2_PARAM_DUMP,
+ IW_PRIV_TYPE_INT | IW_PRIV_SIZE_FIXED | 1, 0, "dump" },
+ { PRISM2_PARAM_DUMP,
+ 0, IW_PRIV_TYPE_INT | IW_PRIV_SIZE_FIXED | 1, "getdump" },
+ { PRISM2_PARAM_OTHER_AP_POLICY,
+ IW_PRIV_TYPE_INT | IW_PRIV_SIZE_FIXED | 1, 0, "other_ap_policy" },
+ { PRISM2_PARAM_OTHER_AP_POLICY,
+ 0, IW_PRIV_TYPE_INT | IW_PRIV_SIZE_FIXED | 1, "getother_ap_pol" },
+ { PRISM2_PARAM_AP_MAX_INACTIVITY,
+ IW_PRIV_TYPE_INT | IW_PRIV_SIZE_FIXED | 1, 0, "max_inactivity" },
+ { PRISM2_PARAM_AP_MAX_INACTIVITY,
+ 0, IW_PRIV_TYPE_INT | IW_PRIV_SIZE_FIXED | 1, "getmax_inactivi" },
+ { PRISM2_PARAM_AP_BRIDGE_PACKETS,
+ IW_PRIV_TYPE_INT | IW_PRIV_SIZE_FIXED | 1, 0, "bridge_packets" },
+ { PRISM2_PARAM_AP_BRIDGE_PACKETS,
+ 0, IW_PRIV_TYPE_INT | IW_PRIV_SIZE_FIXED | 1, "getbridge_packe" },
+ { PRISM2_PARAM_DTIM_PERIOD,
+ IW_PRIV_TYPE_INT | IW_PRIV_SIZE_FIXED | 1, 0, "dtim_period" },
+ { PRISM2_PARAM_DTIM_PERIOD,
+ 0, IW_PRIV_TYPE_INT | IW_PRIV_SIZE_FIXED | 1, "getdtim_period" },
+ { PRISM2_PARAM_AP_NULLFUNC_ACK,
+ IW_PRIV_TYPE_INT | IW_PRIV_SIZE_FIXED | 1, 0, "nullfunc_ack" },
+ { PRISM2_PARAM_AP_NULLFUNC_ACK,
+ 0, IW_PRIV_TYPE_INT | IW_PRIV_SIZE_FIXED | 1, "getnullfunc_ack" },
+ { PRISM2_PARAM_MAX_WDS,
+ IW_PRIV_TYPE_INT | IW_PRIV_SIZE_FIXED | 1, 0, "max_wds" },
+ { PRISM2_PARAM_MAX_WDS,
+ 0, IW_PRIV_TYPE_INT | IW_PRIV_SIZE_FIXED | 1, "getmax_wds" },
+ { PRISM2_PARAM_AP_AUTOM_AP_WDS,
+ IW_PRIV_TYPE_INT | IW_PRIV_SIZE_FIXED | 1, 0, "autom_ap_wds" },
+ { PRISM2_PARAM_AP_AUTOM_AP_WDS,
+ 0, IW_PRIV_TYPE_INT | IW_PRIV_SIZE_FIXED | 1, "getautom_ap_wds" },
+ { PRISM2_PARAM_AP_AUTH_ALGS,
+ IW_PRIV_TYPE_INT | IW_PRIV_SIZE_FIXED | 1, 0, "ap_auth_algs" },
+ { PRISM2_PARAM_AP_AUTH_ALGS,
+ 0, IW_PRIV_TYPE_INT | IW_PRIV_SIZE_FIXED | 1, "getap_auth_algs" },
+ { PRISM2_PARAM_MONITOR_ALLOW_FCSERR,
+ IW_PRIV_TYPE_INT | IW_PRIV_SIZE_FIXED | 1, 0, "allow_fcserr" },
+ { PRISM2_PARAM_MONITOR_ALLOW_FCSERR,
+ 0, IW_PRIV_TYPE_INT | IW_PRIV_SIZE_FIXED | 1, "getallow_fcserr" },
+ { PRISM2_PARAM_HOST_ENCRYPT,
+ IW_PRIV_TYPE_INT | IW_PRIV_SIZE_FIXED | 1, 0, "host_encrypt" },
+ { PRISM2_PARAM_HOST_ENCRYPT,
+ 0, IW_PRIV_TYPE_INT | IW_PRIV_SIZE_FIXED | 1, "gethost_encrypt" },
+ { PRISM2_PARAM_HOST_DECRYPT,
+ IW_PRIV_TYPE_INT | IW_PRIV_SIZE_FIXED | 1, 0, "host_decrypt" },
+ { PRISM2_PARAM_HOST_DECRYPT,
+ 0, IW_PRIV_TYPE_INT | IW_PRIV_SIZE_FIXED | 1, "gethost_decrypt" },
+#ifndef PRISM2_NO_STATION_MODES
+ { PRISM2_PARAM_HOST_ROAMING,
+ IW_PRIV_TYPE_INT | IW_PRIV_SIZE_FIXED | 1, 0, "host_roaming" },
+ { PRISM2_PARAM_HOST_ROAMING,
+ 0, IW_PRIV_TYPE_INT | IW_PRIV_SIZE_FIXED | 1, "gethost_roaming" },
+#endif /* PRISM2_NO_STATION_MODES */
+ { PRISM2_PARAM_BCRX_STA_KEY,
+ IW_PRIV_TYPE_INT | IW_PRIV_SIZE_FIXED | 1, 0, "bcrx_sta_key" },
+ { PRISM2_PARAM_BCRX_STA_KEY,
+ 0, IW_PRIV_TYPE_INT | IW_PRIV_SIZE_FIXED | 1, "getbcrx_sta_key" },
+ { PRISM2_PARAM_IEEE_802_1X,
+ IW_PRIV_TYPE_INT | IW_PRIV_SIZE_FIXED | 1, 0, "ieee_802_1x" },
+ { PRISM2_PARAM_IEEE_802_1X,
+ 0, IW_PRIV_TYPE_INT | IW_PRIV_SIZE_FIXED | 1, "getieee_802_1x" },
+ { PRISM2_PARAM_ANTSEL_TX,
+ IW_PRIV_TYPE_INT | IW_PRIV_SIZE_FIXED | 1, 0, "antsel_tx" },
+ { PRISM2_PARAM_ANTSEL_TX,
+ 0, IW_PRIV_TYPE_INT | IW_PRIV_SIZE_FIXED | 1, "getantsel_tx" },
+ { PRISM2_PARAM_ANTSEL_RX,
+ IW_PRIV_TYPE_INT | IW_PRIV_SIZE_FIXED | 1, 0, "antsel_rx" },
+ { PRISM2_PARAM_ANTSEL_RX,
+ 0, IW_PRIV_TYPE_INT | IW_PRIV_SIZE_FIXED | 1, "getantsel_rx" },
+ { PRISM2_PARAM_MONITOR_TYPE,
+ IW_PRIV_TYPE_INT | IW_PRIV_SIZE_FIXED | 1, 0, "monitor_type" },
+ { PRISM2_PARAM_MONITOR_TYPE,
+ 0, IW_PRIV_TYPE_INT | IW_PRIV_SIZE_FIXED | 1, "getmonitor_type" },
+ { PRISM2_PARAM_WDS_TYPE,
+ IW_PRIV_TYPE_INT | IW_PRIV_SIZE_FIXED | 1, 0, "wds_type" },
+ { PRISM2_PARAM_WDS_TYPE,
+ 0, IW_PRIV_TYPE_INT | IW_PRIV_SIZE_FIXED | 1, "getwds_type" },
+ { PRISM2_PARAM_HOSTSCAN,
+ IW_PRIV_TYPE_INT | IW_PRIV_SIZE_FIXED | 1, 0, "hostscan" },
+ { PRISM2_PARAM_HOSTSCAN,
+ 0, IW_PRIV_TYPE_INT | IW_PRIV_SIZE_FIXED | 1, "gethostscan" },
+ { PRISM2_PARAM_AP_SCAN,
+ IW_PRIV_TYPE_INT | IW_PRIV_SIZE_FIXED | 1, 0, "ap_scan" },
+ { PRISM2_PARAM_AP_SCAN,
+ 0, IW_PRIV_TYPE_INT | IW_PRIV_SIZE_FIXED | 1, "getap_scan" },
+ { PRISM2_PARAM_ENH_SEC,
+ IW_PRIV_TYPE_INT | IW_PRIV_SIZE_FIXED | 1, 0, "enh_sec" },
+ { PRISM2_PARAM_ENH_SEC,
+ 0, IW_PRIV_TYPE_INT | IW_PRIV_SIZE_FIXED | 1, "getenh_sec" },
+#ifdef PRISM2_IO_DEBUG
+ { PRISM2_PARAM_IO_DEBUG,
+ IW_PRIV_TYPE_INT | IW_PRIV_SIZE_FIXED | 1, 0, "io_debug" },
+ { PRISM2_PARAM_IO_DEBUG,
+ 0, IW_PRIV_TYPE_INT | IW_PRIV_SIZE_FIXED | 1, "getio_debug" },
+#endif /* PRISM2_IO_DEBUG */
+ { PRISM2_PARAM_BASIC_RATES,
+ IW_PRIV_TYPE_INT | IW_PRIV_SIZE_FIXED | 1, 0, "basic_rates" },
+ { PRISM2_PARAM_BASIC_RATES,
+ 0, IW_PRIV_TYPE_INT | IW_PRIV_SIZE_FIXED | 1, "getbasic_rates" },
+ { PRISM2_PARAM_OPER_RATES,
+ IW_PRIV_TYPE_INT | IW_PRIV_SIZE_FIXED | 1, 0, "oper_rates" },
+ { PRISM2_PARAM_OPER_RATES,
+ 0, IW_PRIV_TYPE_INT | IW_PRIV_SIZE_FIXED | 1, "getoper_rates" },
+ { PRISM2_PARAM_HOSTAPD,
+ IW_PRIV_TYPE_INT | IW_PRIV_SIZE_FIXED | 1, 0, "hostapd" },
+ { PRISM2_PARAM_HOSTAPD,
+ 0, IW_PRIV_TYPE_INT | IW_PRIV_SIZE_FIXED | 1, "gethostapd" },
+ { PRISM2_PARAM_HOSTAPD_STA,
+ IW_PRIV_TYPE_INT | IW_PRIV_SIZE_FIXED | 1, 0, "hostapd_sta" },
+ { PRISM2_PARAM_HOSTAPD_STA,
+ 0, IW_PRIV_TYPE_INT | IW_PRIV_SIZE_FIXED | 1, "gethostapd_sta" },
+ { PRISM2_PARAM_WPA,
+ IW_PRIV_TYPE_INT | IW_PRIV_SIZE_FIXED | 1, 0, "wpa" },
+ { PRISM2_PARAM_WPA,
+ 0, IW_PRIV_TYPE_INT | IW_PRIV_SIZE_FIXED | 1, "getwpa" },
+ { PRISM2_PARAM_PRIVACY_INVOKED,
+ IW_PRIV_TYPE_INT | IW_PRIV_SIZE_FIXED | 1, 0, "privacy_invoked" },
+ { PRISM2_PARAM_PRIVACY_INVOKED,
+ 0, IW_PRIV_TYPE_INT | IW_PRIV_SIZE_FIXED | 1, "getprivacy_invo" },
+ { PRISM2_PARAM_TKIP_COUNTERMEASURES,
+ IW_PRIV_TYPE_INT | IW_PRIV_SIZE_FIXED | 1, 0, "tkip_countermea" },
+ { PRISM2_PARAM_TKIP_COUNTERMEASURES,
+ 0, IW_PRIV_TYPE_INT | IW_PRIV_SIZE_FIXED | 1, "gettkip_counter" },
+ { PRISM2_PARAM_DROP_UNENCRYPTED,
+ IW_PRIV_TYPE_INT | IW_PRIV_SIZE_FIXED | 1, 0, "drop_unencrypte" },
+ { PRISM2_PARAM_DROP_UNENCRYPTED,
+ 0, IW_PRIV_TYPE_INT | IW_PRIV_SIZE_FIXED | 1, "getdrop_unencry" },
+ { PRISM2_PARAM_SCAN_CHANNEL_MASK,
+ IW_PRIV_TYPE_INT | IW_PRIV_SIZE_FIXED | 1, 0, "scan_channels" },
+ { PRISM2_PARAM_SCAN_CHANNEL_MASK,
+ 0, IW_PRIV_TYPE_INT | IW_PRIV_SIZE_FIXED | 1, "getscan_channel" },
+};
+
+
+static int prism2_ioctl_priv_inquire(struct net_device *dev, int *i)
+{
+ struct hostap_interface *iface;
+ local_info_t *local;
+
+ iface = netdev_priv(dev);
+ local = iface->local;
+
+ if (local->func->cmd(dev, HFA384X_CMDCODE_INQUIRE, *i, NULL, NULL))
+ return -EOPNOTSUPP;
+
+ return 0;
+}
+
+
+static int prism2_ioctl_priv_prism2_param(struct net_device *dev,
+ struct iw_request_info *info,
+ void *wrqu, char *extra)
+{
+ struct hostap_interface *iface;
+ local_info_t *local;
+ int *i = (int *) extra;
+ int param = *i;
+ int value = *(i + 1);
+ int ret = 0;
+ u16 val;
+
+ iface = netdev_priv(dev);
+ local = iface->local;
+
+ switch (param) {
+ case PRISM2_PARAM_TXRATECTRL:
+ local->fw_tx_rate_control = value;
+ break;
+
+ case PRISM2_PARAM_BEACON_INT:
+ if (hostap_set_word(dev, HFA384X_RID_CNFBEACONINT, value) ||
+ local->func->reset_port(dev))
+ ret = -EINVAL;
+ else
+ local->beacon_int = value;
+ break;
+
+#ifndef PRISM2_NO_STATION_MODES
+ case PRISM2_PARAM_PSEUDO_IBSS:
+ if (value == local->pseudo_adhoc)
+ break;
+
+ if (value != 0 && value != 1) {
+ ret = -EINVAL;
+ break;
+ }
+
+ printk(KERN_DEBUG "prism2: %s: pseudo IBSS change %d -> %d\n",
+ dev->name, local->pseudo_adhoc, value);
+ local->pseudo_adhoc = value;
+ if (local->iw_mode != IW_MODE_ADHOC)
+ break;
+
+ if (hostap_set_word(dev, HFA384X_RID_CNFPORTTYPE,
+ hostap_get_porttype(local))) {
+ ret = -EOPNOTSUPP;
+ break;
+ }
+
+ if (local->func->reset_port(dev))
+ ret = -EINVAL;
+ break;
+#endif /* PRISM2_NO_STATION_MODES */
+
+ case PRISM2_PARAM_ALC:
+ printk(KERN_DEBUG "%s: %s ALC\n", dev->name,
+ value == 0 ? "Disabling" : "Enabling");
+ val = HFA384X_TEST_CFG_BIT_ALC;
+ local->func->cmd(dev, HFA384X_CMDCODE_TEST |
+ (HFA384X_TEST_CFG_BITS << 8),
+ value == 0 ? 0 : 1, &val, NULL);
+ break;
+
+ case PRISM2_PARAM_DUMP:
+ local->frame_dump = value;
+ break;
+
+ case PRISM2_PARAM_OTHER_AP_POLICY:
+ if (value < 0 || value > 3) {
+ ret = -EINVAL;
+ break;
+ }
+ if (local->ap != NULL)
+ local->ap->ap_policy = value;
+ break;
+
+ case PRISM2_PARAM_AP_MAX_INACTIVITY:
+ if (value < 0 || value > 7 * 24 * 60 * 60) {
+ ret = -EINVAL;
+ break;
+ }
+ if (local->ap != NULL)
+ local->ap->max_inactivity = value * HZ;
+ break;
+
+ case PRISM2_PARAM_AP_BRIDGE_PACKETS:
+ if (local->ap != NULL)
+ local->ap->bridge_packets = value;
+ break;
+
+ case PRISM2_PARAM_DTIM_PERIOD:
+ if (value < 0 || value > 65535) {
+ ret = -EINVAL;
+ break;
+ }
+ if (hostap_set_word(dev, HFA384X_RID_CNFOWNDTIMPERIOD, value)
+ || local->func->reset_port(dev))
+ ret = -EINVAL;
+ else
+ local->dtim_period = value;
+ break;
+
+ case PRISM2_PARAM_AP_NULLFUNC_ACK:
+ if (local->ap != NULL)
+ local->ap->nullfunc_ack = value;
+ break;
+
+ case PRISM2_PARAM_MAX_WDS:
+ local->wds_max_connections = value;
+ break;
+
+ case PRISM2_PARAM_AP_AUTOM_AP_WDS:
+ if (local->ap != NULL) {
+ if (!local->ap->autom_ap_wds && value) {
+ /* add WDS link to all APs in STA table */
+ hostap_add_wds_links(local);
+ }
+ local->ap->autom_ap_wds = value;
+ }
+ break;
+
+ case PRISM2_PARAM_AP_AUTH_ALGS:
+ local->auth_algs = value;
+ if (hostap_set_auth_algs(local))
+ ret = -EINVAL;
+ break;
+
+ case PRISM2_PARAM_MONITOR_ALLOW_FCSERR:
+ local->monitor_allow_fcserr = value;
+ break;
+
+ case PRISM2_PARAM_HOST_ENCRYPT:
+ local->host_encrypt = value;
+ if (hostap_set_encryption(local) ||
+ local->func->reset_port(dev))
+ ret = -EINVAL;
+ break;
+
+ case PRISM2_PARAM_HOST_DECRYPT:
+ local->host_decrypt = value;
+ if (hostap_set_encryption(local) ||
+ local->func->reset_port(dev))
+ ret = -EINVAL;
+ break;
+
+#ifndef PRISM2_NO_STATION_MODES
+ case PRISM2_PARAM_HOST_ROAMING:
+ if (value < 0 || value > 2) {
+ ret = -EINVAL;
+ break;
+ }
+ local->host_roaming = value;
+ if (hostap_set_roaming(local) || local->func->reset_port(dev))
+ ret = -EINVAL;
+ break;
+#endif /* PRISM2_NO_STATION_MODES */
+
+ case PRISM2_PARAM_BCRX_STA_KEY:
+ local->bcrx_sta_key = value;
+ break;
+
+ case PRISM2_PARAM_IEEE_802_1X:
+ local->ieee_802_1x = value;
+ break;
+
+ case PRISM2_PARAM_ANTSEL_TX:
+ if (value < 0 || value > HOSTAP_ANTSEL_HIGH) {
+ ret = -EINVAL;
+ break;
+ }
+ local->antsel_tx = value;
+ hostap_set_antsel(local);
+ break;
+
+ case PRISM2_PARAM_ANTSEL_RX:
+ if (value < 0 || value > HOSTAP_ANTSEL_HIGH) {
+ ret = -EINVAL;
+ break;
+ }
+ local->antsel_rx = value;
+ hostap_set_antsel(local);
+ break;
+
+ case PRISM2_PARAM_MONITOR_TYPE:
+ if (value != PRISM2_MONITOR_80211 &&
+ value != PRISM2_MONITOR_CAPHDR &&
+ value != PRISM2_MONITOR_PRISM &&
+ value != PRISM2_MONITOR_RADIOTAP) {
+ ret = -EINVAL;
+ break;
+ }
+ local->monitor_type = value;
+ if (local->iw_mode == IW_MODE_MONITOR)
+ hostap_monitor_set_type(local);
+ break;
+
+ case PRISM2_PARAM_WDS_TYPE:
+ local->wds_type = value;
+ break;
+
+ case PRISM2_PARAM_HOSTSCAN:
+ {
+ struct hfa384x_hostscan_request scan_req;
+ u16 rate;
+
+ memset(&scan_req, 0, sizeof(scan_req));
+ scan_req.channel_list = cpu_to_le16(0x3fff);
+ switch (value) {
+ case 1: rate = HFA384X_RATES_1MBPS; break;
+ case 2: rate = HFA384X_RATES_2MBPS; break;
+ case 3: rate = HFA384X_RATES_5MBPS; break;
+ case 4: rate = HFA384X_RATES_11MBPS; break;
+ default: rate = HFA384X_RATES_1MBPS; break;
+ }
+ scan_req.txrate = cpu_to_le16(rate);
+ /* leave SSID empty to accept all SSIDs */
+
+ if (local->iw_mode == IW_MODE_MASTER) {
+ if (hostap_set_word(dev, HFA384X_RID_CNFPORTTYPE,
+ HFA384X_PORTTYPE_BSS) ||
+ local->func->reset_port(dev))
+ printk(KERN_DEBUG "Leaving Host AP mode "
+ "for HostScan failed\n");
+ }
+
+ if (local->func->set_rid(dev, HFA384X_RID_HOSTSCAN, &scan_req,
+ sizeof(scan_req))) {
+ printk(KERN_DEBUG "HOSTSCAN failed\n");
+ ret = -EINVAL;
+ }
+ if (local->iw_mode == IW_MODE_MASTER) {
+ wait_queue_entry_t __wait;
+ init_waitqueue_entry(&__wait, current);
+ add_wait_queue(&local->hostscan_wq, &__wait);
+ set_current_state(TASK_INTERRUPTIBLE);
+ schedule_timeout(HZ);
+ if (signal_pending(current))
+ ret = -EINTR;
+ set_current_state(TASK_RUNNING);
+ remove_wait_queue(&local->hostscan_wq, &__wait);
+
+ if (hostap_set_word(dev, HFA384X_RID_CNFPORTTYPE,
+ HFA384X_PORTTYPE_HOSTAP) ||
+ local->func->reset_port(dev))
+ printk(KERN_DEBUG "Returning to Host AP mode "
+ "after HostScan failed\n");
+ }
+ break;
+ }
+
+ case PRISM2_PARAM_AP_SCAN:
+ local->passive_scan_interval = value;
+ if (timer_pending(&local->passive_scan_timer))
+ del_timer(&local->passive_scan_timer);
+ if (value > 0 && value < INT_MAX / HZ) {
+ local->passive_scan_timer.expires = jiffies +
+ local->passive_scan_interval * HZ;
+ add_timer(&local->passive_scan_timer);
+ }
+ break;
+
+ case PRISM2_PARAM_ENH_SEC:
+ if (value < 0 || value > 3) {
+ ret = -EINVAL;
+ break;
+ }
+ local->enh_sec = value;
+ if (hostap_set_word(dev, HFA384X_RID_CNFENHSECURITY,
+ local->enh_sec) ||
+ local->func->reset_port(dev)) {
+ printk(KERN_INFO "%s: cnfEnhSecurity requires STA f/w "
+ "1.6.3 or newer\n", dev->name);
+ ret = -EOPNOTSUPP;
+ }
+ break;
+
+#ifdef PRISM2_IO_DEBUG
+ case PRISM2_PARAM_IO_DEBUG:
+ local->io_debug_enabled = value;
+ break;
+#endif /* PRISM2_IO_DEBUG */
+
+ case PRISM2_PARAM_BASIC_RATES:
+ if ((value & local->tx_rate_control) != value || value == 0) {
+ printk(KERN_INFO "%s: invalid basic rate set - basic "
+ "rates must be in supported rate set\n",
+ dev->name);
+ ret = -EINVAL;
+ break;
+ }
+ local->basic_rates = value;
+ if (hostap_set_word(dev, HFA384X_RID_CNFBASICRATES,
+ local->basic_rates) ||
+ local->func->reset_port(dev))
+ ret = -EINVAL;
+ break;
+
+ case PRISM2_PARAM_OPER_RATES:
+ local->tx_rate_control = value;
+ if (hostap_set_rate(dev))
+ ret = -EINVAL;
+ break;
+
+ case PRISM2_PARAM_HOSTAPD:
+ ret = hostap_set_hostapd(local, value, 1);
+ break;
+
+ case PRISM2_PARAM_HOSTAPD_STA:
+ ret = hostap_set_hostapd_sta(local, value, 1);
+ break;
+
+ case PRISM2_PARAM_WPA:
+ local->wpa = value;
+ if (local->sta_fw_ver < PRISM2_FW_VER(1,7,0))
+ ret = -EOPNOTSUPP;
+ else if (hostap_set_word(dev, HFA384X_RID_SSNHANDLINGMODE,
+ value ? 1 : 0))
+ ret = -EINVAL;
+ break;
+
+ case PRISM2_PARAM_PRIVACY_INVOKED:
+ local->privacy_invoked = value;
+ if (hostap_set_encryption(local) ||
+ local->func->reset_port(dev))
+ ret = -EINVAL;
+ break;
+
+ case PRISM2_PARAM_TKIP_COUNTERMEASURES:
+ local->tkip_countermeasures = value;
+ break;
+
+ case PRISM2_PARAM_DROP_UNENCRYPTED:
+ local->drop_unencrypted = value;
+ break;
+
+ case PRISM2_PARAM_SCAN_CHANNEL_MASK:
+ local->scan_channel_mask = value;
+ break;
+
+ default:
+ printk(KERN_DEBUG "%s: prism2_param: unknown param %d\n",
+ dev->name, param);
+ ret = -EOPNOTSUPP;
+ break;
+ }
+
+ return ret;
+}
+
+
+static int prism2_ioctl_priv_get_prism2_param(struct net_device *dev,
+ struct iw_request_info *info,
+ void *wrqu, char *extra)
+{
+ struct hostap_interface *iface;
+ local_info_t *local;
+ int *param = (int *) extra;
+ int ret = 0;
+
+ iface = netdev_priv(dev);
+ local = iface->local;
+
+ switch (*param) {
+ case PRISM2_PARAM_TXRATECTRL:
+ *param = local->fw_tx_rate_control;
+ break;
+
+ case PRISM2_PARAM_BEACON_INT:
+ *param = local->beacon_int;
+ break;
+
+ case PRISM2_PARAM_PSEUDO_IBSS:
+ *param = local->pseudo_adhoc;
+ break;
+
+ case PRISM2_PARAM_ALC:
+ ret = -EOPNOTSUPP; /* FIX */
+ break;
+
+ case PRISM2_PARAM_DUMP:
+ *param = local->frame_dump;
+ break;
+
+ case PRISM2_PARAM_OTHER_AP_POLICY:
+ if (local->ap != NULL)
+ *param = local->ap->ap_policy;
+ else
+ ret = -EOPNOTSUPP;
+ break;
+
+ case PRISM2_PARAM_AP_MAX_INACTIVITY:
+ if (local->ap != NULL)
+ *param = local->ap->max_inactivity / HZ;
+ else
+ ret = -EOPNOTSUPP;
+ break;
+
+ case PRISM2_PARAM_AP_BRIDGE_PACKETS:
+ if (local->ap != NULL)
+ *param = local->ap->bridge_packets;
+ else
+ ret = -EOPNOTSUPP;
+ break;
+
+ case PRISM2_PARAM_DTIM_PERIOD:
+ *param = local->dtim_period;
+ break;
+
+ case PRISM2_PARAM_AP_NULLFUNC_ACK:
+ if (local->ap != NULL)
+ *param = local->ap->nullfunc_ack;
+ else
+ ret = -EOPNOTSUPP;
+ break;
+
+ case PRISM2_PARAM_MAX_WDS:
+ *param = local->wds_max_connections;
+ break;
+
+ case PRISM2_PARAM_AP_AUTOM_AP_WDS:
+ if (local->ap != NULL)
+ *param = local->ap->autom_ap_wds;
+ else
+ ret = -EOPNOTSUPP;
+ break;
+
+ case PRISM2_PARAM_AP_AUTH_ALGS:
+ *param = local->auth_algs;
+ break;
+
+ case PRISM2_PARAM_MONITOR_ALLOW_FCSERR:
+ *param = local->monitor_allow_fcserr;
+ break;
+
+ case PRISM2_PARAM_HOST_ENCRYPT:
+ *param = local->host_encrypt;
+ break;
+
+ case PRISM2_PARAM_HOST_DECRYPT:
+ *param = local->host_decrypt;
+ break;
+
+ case PRISM2_PARAM_HOST_ROAMING:
+ *param = local->host_roaming;
+ break;
+
+ case PRISM2_PARAM_BCRX_STA_KEY:
+ *param = local->bcrx_sta_key;
+ break;
+
+ case PRISM2_PARAM_IEEE_802_1X:
+ *param = local->ieee_802_1x;
+ break;
+
+ case PRISM2_PARAM_ANTSEL_TX:
+ *param = local->antsel_tx;
+ break;
+
+ case PRISM2_PARAM_ANTSEL_RX:
+ *param = local->antsel_rx;
+ break;
+
+ case PRISM2_PARAM_MONITOR_TYPE:
+ *param = local->monitor_type;
+ break;
+
+ case PRISM2_PARAM_WDS_TYPE:
+ *param = local->wds_type;
+ break;
+
+ case PRISM2_PARAM_HOSTSCAN:
+ ret = -EOPNOTSUPP;
+ break;
+
+ case PRISM2_PARAM_AP_SCAN:
+ *param = local->passive_scan_interval;
+ break;
+
+ case PRISM2_PARAM_ENH_SEC:
+ *param = local->enh_sec;
+ break;
+
+#ifdef PRISM2_IO_DEBUG
+ case PRISM2_PARAM_IO_DEBUG:
+ *param = local->io_debug_enabled;
+ break;
+#endif /* PRISM2_IO_DEBUG */
+
+ case PRISM2_PARAM_BASIC_RATES:
+ *param = local->basic_rates;
+ break;
+
+ case PRISM2_PARAM_OPER_RATES:
+ *param = local->tx_rate_control;
+ break;
+
+ case PRISM2_PARAM_HOSTAPD:
+ *param = local->hostapd;
+ break;
+
+ case PRISM2_PARAM_HOSTAPD_STA:
+ *param = local->hostapd_sta;
+ break;
+
+ case PRISM2_PARAM_WPA:
+ if (local->sta_fw_ver < PRISM2_FW_VER(1,7,0))
+ ret = -EOPNOTSUPP;
+ *param = local->wpa;
+ break;
+
+ case PRISM2_PARAM_PRIVACY_INVOKED:
+ *param = local->privacy_invoked;
+ break;
+
+ case PRISM2_PARAM_TKIP_COUNTERMEASURES:
+ *param = local->tkip_countermeasures;
+ break;
+
+ case PRISM2_PARAM_DROP_UNENCRYPTED:
+ *param = local->drop_unencrypted;
+ break;
+
+ case PRISM2_PARAM_SCAN_CHANNEL_MASK:
+ *param = local->scan_channel_mask;
+ break;
+
+ default:
+ printk(KERN_DEBUG "%s: get_prism2_param: unknown param %d\n",
+ dev->name, *param);
+ ret = -EOPNOTSUPP;
+ break;
+ }
+
+ return ret;
+}
+
+
+static int prism2_ioctl_priv_readmif(struct net_device *dev,
+ struct iw_request_info *info,
+ void *wrqu, char *extra)
+{
+ struct hostap_interface *iface;
+ local_info_t *local;
+ u16 resp0;
+
+ iface = netdev_priv(dev);
+ local = iface->local;
+
+ if (local->func->cmd(dev, HFA384X_CMDCODE_READMIF, *extra, NULL,
+ &resp0))
+ return -EOPNOTSUPP;
+ else
+ *extra = resp0;
+
+ return 0;
+}
+
+
+static int prism2_ioctl_priv_writemif(struct net_device *dev,
+ struct iw_request_info *info,
+ void *wrqu, char *extra)
+{
+ struct hostap_interface *iface;
+ local_info_t *local;
+ u16 cr, val;
+
+ iface = netdev_priv(dev);
+ local = iface->local;
+
+ cr = *extra;
+ val = *(extra + 1);
+ if (local->func->cmd(dev, HFA384X_CMDCODE_WRITEMIF, cr, &val, NULL))
+ return -EOPNOTSUPP;
+
+ return 0;
+}
+
+
+static int prism2_ioctl_priv_monitor(struct net_device *dev, int *i)
+{
+ struct hostap_interface *iface;
+ local_info_t *local;
+ int ret = 0;
+ u32 mode;
+
+ iface = netdev_priv(dev);
+ local = iface->local;
+
+ printk(KERN_DEBUG "%s: process %d (%s) used deprecated iwpriv monitor "
+ "- update software to use iwconfig mode monitor\n",
+ dev->name, task_pid_nr(current), current->comm);
+
+ /* Backward compatibility code - this can be removed at some point */
+
+ if (*i == 0) {
+ /* Disable monitor mode - old mode was not saved, so go to
+ * Master mode */
+ mode = IW_MODE_MASTER;
+ ret = prism2_ioctl_siwmode(dev, NULL, &mode, NULL);
+ } else if (*i == 1) {
+ /* netlink socket mode is not supported anymore since it did
+ * not separate different devices from each other and was not
+ * best method for delivering large amount of packets to
+ * user space */
+ ret = -EOPNOTSUPP;
+ } else if (*i == 2 || *i == 3) {
+ switch (*i) {
+ case 2:
+ local->monitor_type = PRISM2_MONITOR_80211;
+ break;
+ case 3:
+ local->monitor_type = PRISM2_MONITOR_PRISM;
+ break;
+ }
+ mode = IW_MODE_MONITOR;
+ ret = prism2_ioctl_siwmode(dev, NULL, &mode, NULL);
+ hostap_monitor_mode_enable(local);
+ } else
+ ret = -EINVAL;
+
+ return ret;
+}
+
+
+static int prism2_ioctl_priv_reset(struct net_device *dev, int *i)
+{
+ struct hostap_interface *iface;
+ local_info_t *local;
+
+ iface = netdev_priv(dev);
+ local = iface->local;
+
+ printk(KERN_DEBUG "%s: manual reset request(%d)\n", dev->name, *i);
+ switch (*i) {
+ case 0:
+ /* Disable and enable card */
+ local->func->hw_shutdown(dev, 1);
+ local->func->hw_config(dev, 0);
+ break;
+
+ case 1:
+ /* COR sreset */
+ local->func->hw_reset(dev);
+ break;
+
+ case 2:
+ /* Disable and enable port 0 */
+ local->func->reset_port(dev);
+ break;
+
+ case 3:
+ prism2_sta_deauth(local, WLAN_REASON_DEAUTH_LEAVING);
+ if (local->func->cmd(dev, HFA384X_CMDCODE_DISABLE, 0, NULL,
+ NULL))
+ return -EINVAL;
+ break;
+
+ case 4:
+ if (local->func->cmd(dev, HFA384X_CMDCODE_ENABLE, 0, NULL,
+ NULL))
+ return -EINVAL;
+ break;
+
+ default:
+ printk(KERN_DEBUG "Unknown reset request %d\n", *i);
+ return -EOPNOTSUPP;
+ }
+
+ return 0;
+}
+
+
+static int prism2_ioctl_priv_set_rid_word(struct net_device *dev, int *i)
+{
+ int rid = *i;
+ int value = *(i + 1);
+
+ printk(KERN_DEBUG "%s: Set RID[0x%X] = %d\n", dev->name, rid, value);
+
+ if (hostap_set_word(dev, rid, value))
+ return -EINVAL;
+
+ return 0;
+}
+
+
+#ifndef PRISM2_NO_KERNEL_IEEE80211_MGMT
+static int ap_mac_cmd_ioctl(local_info_t *local, int *cmd)
+{
+ int ret = 0;
+
+ switch (*cmd) {
+ case AP_MAC_CMD_POLICY_OPEN:
+ local->ap->mac_restrictions.policy = MAC_POLICY_OPEN;
+ break;
+ case AP_MAC_CMD_POLICY_ALLOW:
+ local->ap->mac_restrictions.policy = MAC_POLICY_ALLOW;
+ break;
+ case AP_MAC_CMD_POLICY_DENY:
+ local->ap->mac_restrictions.policy = MAC_POLICY_DENY;
+ break;
+ case AP_MAC_CMD_FLUSH:
+ ap_control_flush_macs(&local->ap->mac_restrictions);
+ break;
+ case AP_MAC_CMD_KICKALL:
+ ap_control_kickall(local->ap);
+ hostap_deauth_all_stas(local->dev, local->ap, 0);
+ break;
+ default:
+ ret = -EOPNOTSUPP;
+ break;
+ }
+
+ return ret;
+}
+#endif /* PRISM2_NO_KERNEL_IEEE80211_MGMT */
+
+
+#ifdef PRISM2_DOWNLOAD_SUPPORT
+static int prism2_ioctl_priv_download(local_info_t *local, struct iw_point *p)
+{
+ struct prism2_download_param *param;
+ int ret = 0;
+
+ if (p->length < sizeof(struct prism2_download_param) ||
+ p->length > 1024 || !p->pointer)
+ return -EINVAL;
+
+ param = memdup_user(p->pointer, p->length);
+ if (IS_ERR(param)) {
+ return PTR_ERR(param);
+ }
+
+ if (p->length < sizeof(struct prism2_download_param) +
+ param->num_areas * sizeof(struct prism2_download_area)) {
+ ret = -EINVAL;
+ goto out;
+ }
+
+ ret = local->func->download(local, param);
+
+ out:
+ kfree(param);
+ return ret;
+}
+#endif /* PRISM2_DOWNLOAD_SUPPORT */
+
+
+static int prism2_set_genericelement(struct net_device *dev, u8 *elem,
+ size_t len)
+{
+ struct hostap_interface *iface = netdev_priv(dev);
+ local_info_t *local = iface->local;
+ u8 *buf;
+
+ /*
+ * Add 16-bit length in the beginning of the buffer because Prism2 RID
+ * includes it.
+ */
+ buf = kmalloc(len + 2, GFP_KERNEL);
+ if (buf == NULL)
+ return -ENOMEM;
+
+ *((__le16 *) buf) = cpu_to_le16(len);
+ memcpy(buf + 2, elem, len);
+
+ kfree(local->generic_elem);
+ local->generic_elem = buf;
+ local->generic_elem_len = len + 2;
+
+ return local->func->set_rid(local->dev, HFA384X_RID_GENERICELEMENT,
+ buf, len + 2);
+}
+
+
+static int prism2_ioctl_siwauth(struct net_device *dev,
+ struct iw_request_info *info,
+ struct iw_param *data, char *extra)
+{
+ struct hostap_interface *iface = netdev_priv(dev);
+ local_info_t *local = iface->local;
+
+ switch (data->flags & IW_AUTH_INDEX) {
+ case IW_AUTH_WPA_VERSION:
+ case IW_AUTH_CIPHER_PAIRWISE:
+ case IW_AUTH_CIPHER_GROUP:
+ case IW_AUTH_KEY_MGMT:
+ /*
+ * Host AP driver does not use these parameters and allows
+ * wpa_supplicant to control them internally.
+ */
+ break;
+ case IW_AUTH_TKIP_COUNTERMEASURES:
+ local->tkip_countermeasures = data->value;
+ break;
+ case IW_AUTH_DROP_UNENCRYPTED:
+ local->drop_unencrypted = data->value;
+ break;
+ case IW_AUTH_80211_AUTH_ALG:
+ local->auth_algs = data->value;
+ break;
+ case IW_AUTH_WPA_ENABLED:
+ if (data->value == 0) {
+ local->wpa = 0;
+ if (local->sta_fw_ver < PRISM2_FW_VER(1,7,0))
+ break;
+ prism2_set_genericelement(dev, "", 0);
+ local->host_roaming = 0;
+ local->privacy_invoked = 0;
+ if (hostap_set_word(dev, HFA384X_RID_SSNHANDLINGMODE,
+ 0) ||
+ hostap_set_roaming(local) ||
+ hostap_set_encryption(local) ||
+ local->func->reset_port(dev))
+ return -EINVAL;
+ break;
+ }
+ if (local->sta_fw_ver < PRISM2_FW_VER(1,7,0))
+ return -EOPNOTSUPP;
+ local->host_roaming = 2;
+ local->privacy_invoked = 1;
+ local->wpa = 1;
+ if (hostap_set_word(dev, HFA384X_RID_SSNHANDLINGMODE, 1) ||
+ hostap_set_roaming(local) ||
+ hostap_set_encryption(local) ||
+ local->func->reset_port(dev))
+ return -EINVAL;
+ break;
+ case IW_AUTH_RX_UNENCRYPTED_EAPOL:
+ local->ieee_802_1x = data->value;
+ break;
+ case IW_AUTH_PRIVACY_INVOKED:
+ local->privacy_invoked = data->value;
+ break;
+ default:
+ return -EOPNOTSUPP;
+ }
+ return 0;
+}
+
+
+static int prism2_ioctl_giwauth(struct net_device *dev,
+ struct iw_request_info *info,
+ struct iw_param *data, char *extra)
+{
+ struct hostap_interface *iface = netdev_priv(dev);
+ local_info_t *local = iface->local;
+
+ switch (data->flags & IW_AUTH_INDEX) {
+ case IW_AUTH_WPA_VERSION:
+ case IW_AUTH_CIPHER_PAIRWISE:
+ case IW_AUTH_CIPHER_GROUP:
+ case IW_AUTH_KEY_MGMT:
+ /*
+ * Host AP driver does not use these parameters and allows
+ * wpa_supplicant to control them internally.
+ */
+ return -EOPNOTSUPP;
+ case IW_AUTH_TKIP_COUNTERMEASURES:
+ data->value = local->tkip_countermeasures;
+ break;
+ case IW_AUTH_DROP_UNENCRYPTED:
+ data->value = local->drop_unencrypted;
+ break;
+ case IW_AUTH_80211_AUTH_ALG:
+ data->value = local->auth_algs;
+ break;
+ case IW_AUTH_WPA_ENABLED:
+ data->value = local->wpa;
+ break;
+ case IW_AUTH_RX_UNENCRYPTED_EAPOL:
+ data->value = local->ieee_802_1x;
+ break;
+ default:
+ return -EOPNOTSUPP;
+ }
+ return 0;
+}
+
+
+static int prism2_ioctl_siwencodeext(struct net_device *dev,
+ struct iw_request_info *info,
+ struct iw_point *erq, char *extra)
+{
+ struct hostap_interface *iface = netdev_priv(dev);
+ local_info_t *local = iface->local;
+ struct iw_encode_ext *ext = (struct iw_encode_ext *) extra;
+ int i, ret = 0;
+ struct lib80211_crypto_ops *ops;
+ struct lib80211_crypt_data **crypt;
+ void *sta_ptr;
+ u8 *addr;
+ const char *alg, *module;
+
+ i = erq->flags & IW_ENCODE_INDEX;
+ if (i > WEP_KEYS)
+ return -EINVAL;
+ if (i < 1 || i > WEP_KEYS)
+ i = local->crypt_info.tx_keyidx;
+ else
+ i--;
+ if (i < 0 || i >= WEP_KEYS)
+ return -EINVAL;
+
+ addr = ext->addr.sa_data;
+ if (is_broadcast_ether_addr(addr)) {
+ sta_ptr = NULL;
+ crypt = &local->crypt_info.crypt[i];
+ } else {
+ if (i != 0)
+ return -EINVAL;
+ sta_ptr = ap_crypt_get_ptrs(local->ap, addr, 0, &crypt);
+ if (sta_ptr == NULL) {
+ if (local->iw_mode == IW_MODE_INFRA) {
+ /*
+ * TODO: add STA entry for the current AP so
+ * that unicast key can be used. For now, this
+ * is emulated by using default key idx 0.
+ */
+ i = 0;
+ crypt = &local->crypt_info.crypt[i];
+ } else
+ return -EINVAL;
+ }
+ }
+
+ if ((erq->flags & IW_ENCODE_DISABLED) ||
+ ext->alg == IW_ENCODE_ALG_NONE) {
+ if (*crypt)
+ lib80211_crypt_delayed_deinit(&local->crypt_info, crypt);
+ goto done;
+ }
+
+ switch (ext->alg) {
+ case IW_ENCODE_ALG_WEP:
+ alg = "WEP";
+ module = "lib80211_crypt_wep";
+ break;
+ case IW_ENCODE_ALG_TKIP:
+ alg = "TKIP";
+ module = "lib80211_crypt_tkip";
+ break;
+ case IW_ENCODE_ALG_CCMP:
+ alg = "CCMP";
+ module = "lib80211_crypt_ccmp";
+ break;
+ default:
+ printk(KERN_DEBUG "%s: unsupported algorithm %d\n",
+ local->dev->name, ext->alg);
+ ret = -EOPNOTSUPP;
+ goto done;
+ }
+
+ ops = lib80211_get_crypto_ops(alg);
+ if (ops == NULL) {
+ request_module(module);
+ ops = lib80211_get_crypto_ops(alg);
+ }
+ if (ops == NULL) {
+ printk(KERN_DEBUG "%s: unknown crypto alg '%s'\n",
+ local->dev->name, alg);
+ ret = -EOPNOTSUPP;
+ goto done;
+ }
+
+ if (sta_ptr || ext->alg != IW_ENCODE_ALG_WEP) {
+ /*
+ * Per station encryption and other than WEP algorithms
+ * require host-based encryption, so force them on
+ * automatically.
+ */
+ local->host_decrypt = local->host_encrypt = 1;
+ }
+
+ if (*crypt == NULL || (*crypt)->ops != ops) {
+ struct lib80211_crypt_data *new_crypt;
+
+ lib80211_crypt_delayed_deinit(&local->crypt_info, crypt);
+
+ new_crypt = kzalloc(sizeof(struct lib80211_crypt_data),
+ GFP_KERNEL);
+ if (new_crypt == NULL) {
+ ret = -ENOMEM;
+ goto done;
+ }
+ new_crypt->ops = ops;
+ if (new_crypt->ops && try_module_get(new_crypt->ops->owner))
+ new_crypt->priv = new_crypt->ops->init(i);
+ if (new_crypt->priv == NULL) {
+ kfree(new_crypt);
+ ret = -EINVAL;
+ goto done;
+ }
+
+ *crypt = new_crypt;
+ }
+
+ /*
+ * TODO: if ext_flags does not have IW_ENCODE_EXT_RX_SEQ_VALID, the
+ * existing seq# should not be changed.
+ * TODO: if ext_flags has IW_ENCODE_EXT_TX_SEQ_VALID, next TX seq#
+ * should be changed to something else than zero.
+ */
+ if ((!(ext->ext_flags & IW_ENCODE_EXT_SET_TX_KEY) || ext->key_len > 0)
+ && (*crypt)->ops->set_key &&
+ (*crypt)->ops->set_key(ext->key, ext->key_len, ext->rx_seq,
+ (*crypt)->priv) < 0) {
+ printk(KERN_DEBUG "%s: key setting failed\n",
+ local->dev->name);
+ ret = -EINVAL;
+ goto done;
+ }
+
+ if (ext->ext_flags & IW_ENCODE_EXT_SET_TX_KEY) {
+ if (!sta_ptr)
+ local->crypt_info.tx_keyidx = i;
+ }
+
+
+ if (sta_ptr == NULL && ext->key_len > 0) {
+ int first = 1, j;
+ for (j = 0; j < WEP_KEYS; j++) {
+ if (j != i && local->crypt_info.crypt[j]) {
+ first = 0;
+ break;
+ }
+ }
+ if (first)
+ local->crypt_info.tx_keyidx = i;
+ }
+
+ done:
+ if (sta_ptr)
+ hostap_handle_sta_release(sta_ptr);
+
+ local->open_wep = erq->flags & IW_ENCODE_OPEN;
+
+ /*
+ * Do not reset port0 if card is in Managed mode since resetting will
+ * generate new IEEE 802.11 authentication which may end up in looping
+ * with IEEE 802.1X. Prism2 documentation seem to require port reset
+ * after WEP configuration. However, keys are apparently changed at
+ * least in Managed mode.
+ */
+ if (ret == 0 &&
+ (hostap_set_encryption(local) ||
+ (local->iw_mode != IW_MODE_INFRA &&
+ local->func->reset_port(local->dev))))
+ ret = -EINVAL;
+
+ return ret;
+}
+
+
+static int prism2_ioctl_giwencodeext(struct net_device *dev,
+ struct iw_request_info *info,
+ struct iw_point *erq, char *extra)
+{
+ struct hostap_interface *iface = netdev_priv(dev);
+ local_info_t *local = iface->local;
+ struct lib80211_crypt_data **crypt;
+ void *sta_ptr;
+ int max_key_len, i;
+ struct iw_encode_ext *ext = (struct iw_encode_ext *) extra;
+ u8 *addr;
+
+ max_key_len = erq->length - sizeof(*ext);
+ if (max_key_len < 0)
+ return -EINVAL;
+
+ i = erq->flags & IW_ENCODE_INDEX;
+ if (i < 1 || i > WEP_KEYS)
+ i = local->crypt_info.tx_keyidx;
+ else
+ i--;
+
+ addr = ext->addr.sa_data;
+ if (is_broadcast_ether_addr(addr)) {
+ sta_ptr = NULL;
+ crypt = &local->crypt_info.crypt[i];
+ } else {
+ i = 0;
+ sta_ptr = ap_crypt_get_ptrs(local->ap, addr, 0, &crypt);
+ if (sta_ptr == NULL)
+ return -EINVAL;
+ }
+ erq->flags = i + 1;
+ memset(ext, 0, sizeof(*ext));
+
+ if (*crypt == NULL || (*crypt)->ops == NULL) {
+ ext->alg = IW_ENCODE_ALG_NONE;
+ ext->key_len = 0;
+ erq->flags |= IW_ENCODE_DISABLED;
+ } else {
+ if (strcmp((*crypt)->ops->name, "WEP") == 0)
+ ext->alg = IW_ENCODE_ALG_WEP;
+ else if (strcmp((*crypt)->ops->name, "TKIP") == 0)
+ ext->alg = IW_ENCODE_ALG_TKIP;
+ else if (strcmp((*crypt)->ops->name, "CCMP") == 0)
+ ext->alg = IW_ENCODE_ALG_CCMP;
+ else
+ return -EINVAL;
+
+ if ((*crypt)->ops->get_key) {
+ ext->key_len =
+ (*crypt)->ops->get_key(ext->key,
+ max_key_len,
+ ext->tx_seq,
+ (*crypt)->priv);
+ if (ext->key_len &&
+ (ext->alg == IW_ENCODE_ALG_TKIP ||
+ ext->alg == IW_ENCODE_ALG_CCMP))
+ ext->ext_flags |= IW_ENCODE_EXT_TX_SEQ_VALID;
+ }
+ }
+
+ if (sta_ptr)
+ hostap_handle_sta_release(sta_ptr);
+
+ return 0;
+}
+
+
+static int prism2_ioctl_set_encryption(local_info_t *local,
+ struct prism2_hostapd_param *param,
+ int param_len)
+{
+ int ret = 0;
+ struct lib80211_crypto_ops *ops;
+ struct lib80211_crypt_data **crypt;
+ void *sta_ptr;
+
+ param->u.crypt.err = 0;
+ param->u.crypt.alg[HOSTAP_CRYPT_ALG_NAME_LEN - 1] = '\0';
+
+ if (param_len !=
+ (int) ((char *) param->u.crypt.key - (char *) param) +
+ param->u.crypt.key_len)
+ return -EINVAL;
+
+ if (is_broadcast_ether_addr(param->sta_addr)) {
+ if (param->u.crypt.idx >= WEP_KEYS)
+ return -EINVAL;
+ sta_ptr = NULL;
+ crypt = &local->crypt_info.crypt[param->u.crypt.idx];
+ } else {
+ if (param->u.crypt.idx)
+ return -EINVAL;
+ sta_ptr = ap_crypt_get_ptrs(
+ local->ap, param->sta_addr,
+ (param->u.crypt.flags & HOSTAP_CRYPT_FLAG_PERMANENT),
+ &crypt);
+
+ if (sta_ptr == NULL) {
+ param->u.crypt.err = HOSTAP_CRYPT_ERR_UNKNOWN_ADDR;
+ return -EINVAL;
+ }
+ }
+
+ if (strcmp(param->u.crypt.alg, "none") == 0) {
+ if (crypt)
+ lib80211_crypt_delayed_deinit(&local->crypt_info, crypt);
+ goto done;
+ }
+
+ ops = lib80211_get_crypto_ops(param->u.crypt.alg);
+ if (ops == NULL && strcmp(param->u.crypt.alg, "WEP") == 0) {
+ request_module("lib80211_crypt_wep");
+ ops = lib80211_get_crypto_ops(param->u.crypt.alg);
+ } else if (ops == NULL && strcmp(param->u.crypt.alg, "TKIP") == 0) {
+ request_module("lib80211_crypt_tkip");
+ ops = lib80211_get_crypto_ops(param->u.crypt.alg);
+ } else if (ops == NULL && strcmp(param->u.crypt.alg, "CCMP") == 0) {
+ request_module("lib80211_crypt_ccmp");
+ ops = lib80211_get_crypto_ops(param->u.crypt.alg);
+ }
+ if (ops == NULL) {
+ printk(KERN_DEBUG "%s: unknown crypto alg '%s'\n",
+ local->dev->name, param->u.crypt.alg);
+ param->u.crypt.err = HOSTAP_CRYPT_ERR_UNKNOWN_ALG;
+ ret = -EINVAL;
+ goto done;
+ }
+
+ /* station based encryption and other than WEP algorithms require
+ * host-based encryption, so force them on automatically */
+ local->host_decrypt = local->host_encrypt = 1;
+
+ if (*crypt == NULL || (*crypt)->ops != ops) {
+ struct lib80211_crypt_data *new_crypt;
+
+ lib80211_crypt_delayed_deinit(&local->crypt_info, crypt);
+
+ new_crypt = kzalloc(sizeof(struct lib80211_crypt_data),
+ GFP_KERNEL);
+ if (new_crypt == NULL) {
+ ret = -ENOMEM;
+ goto done;
+ }
+ new_crypt->ops = ops;
+ new_crypt->priv = new_crypt->ops->init(param->u.crypt.idx);
+ if (new_crypt->priv == NULL) {
+ kfree(new_crypt);
+ param->u.crypt.err =
+ HOSTAP_CRYPT_ERR_CRYPT_INIT_FAILED;
+ ret = -EINVAL;
+ goto done;
+ }
+
+ *crypt = new_crypt;
+ }
+
+ if ((!(param->u.crypt.flags & HOSTAP_CRYPT_FLAG_SET_TX_KEY) ||
+ param->u.crypt.key_len > 0) && (*crypt)->ops->set_key &&
+ (*crypt)->ops->set_key(param->u.crypt.key,
+ param->u.crypt.key_len, param->u.crypt.seq,
+ (*crypt)->priv) < 0) {
+ printk(KERN_DEBUG "%s: key setting failed\n",
+ local->dev->name);
+ param->u.crypt.err = HOSTAP_CRYPT_ERR_KEY_SET_FAILED;
+ ret = -EINVAL;
+ goto done;
+ }
+
+ if (param->u.crypt.flags & HOSTAP_CRYPT_FLAG_SET_TX_KEY) {
+ if (!sta_ptr)
+ local->crypt_info.tx_keyidx = param->u.crypt.idx;
+ else if (param->u.crypt.idx) {
+ printk(KERN_DEBUG "%s: TX key idx setting failed\n",
+ local->dev->name);
+ param->u.crypt.err =
+ HOSTAP_CRYPT_ERR_TX_KEY_SET_FAILED;
+ ret = -EINVAL;
+ goto done;
+ }
+ }
+
+ done:
+ if (sta_ptr)
+ hostap_handle_sta_release(sta_ptr);
+
+ /* Do not reset port0 if card is in Managed mode since resetting will
+ * generate new IEEE 802.11 authentication which may end up in looping
+ * with IEEE 802.1X. Prism2 documentation seem to require port reset
+ * after WEP configuration. However, keys are apparently changed at
+ * least in Managed mode. */
+ if (ret == 0 &&
+ (hostap_set_encryption(local) ||
+ (local->iw_mode != IW_MODE_INFRA &&
+ local->func->reset_port(local->dev)))) {
+ param->u.crypt.err = HOSTAP_CRYPT_ERR_CARD_CONF_FAILED;
+ return -EINVAL;
+ }
+
+ return ret;
+}
+
+
+static int prism2_ioctl_get_encryption(local_info_t *local,
+ struct prism2_hostapd_param *param,
+ int param_len)
+{
+ struct lib80211_crypt_data **crypt;
+ void *sta_ptr;
+ int max_key_len;
+
+ param->u.crypt.err = 0;
+
+ max_key_len = param_len -
+ (int) ((char *) param->u.crypt.key - (char *) param);
+ if (max_key_len < 0)
+ return -EINVAL;
+
+ if (is_broadcast_ether_addr(param->sta_addr)) {
+ sta_ptr = NULL;
+ if (param->u.crypt.idx >= WEP_KEYS)
+ param->u.crypt.idx = local->crypt_info.tx_keyidx;
+ crypt = &local->crypt_info.crypt[param->u.crypt.idx];
+ } else {
+ param->u.crypt.idx = 0;
+ sta_ptr = ap_crypt_get_ptrs(local->ap, param->sta_addr, 0,
+ &crypt);
+
+ if (sta_ptr == NULL) {
+ param->u.crypt.err = HOSTAP_CRYPT_ERR_UNKNOWN_ADDR;
+ return -EINVAL;
+ }
+ }
+
+ if (*crypt == NULL || (*crypt)->ops == NULL) {
+ memcpy(param->u.crypt.alg, "none", 5);
+ param->u.crypt.key_len = 0;
+ param->u.crypt.idx = 0xff;
+ } else {
+ strncpy(param->u.crypt.alg, (*crypt)->ops->name,
+ HOSTAP_CRYPT_ALG_NAME_LEN);
+ param->u.crypt.key_len = 0;
+
+ memset(param->u.crypt.seq, 0, 8);
+ if ((*crypt)->ops->get_key) {
+ param->u.crypt.key_len =
+ (*crypt)->ops->get_key(param->u.crypt.key,
+ max_key_len,
+ param->u.crypt.seq,
+ (*crypt)->priv);
+ }
+ }
+
+ if (sta_ptr)
+ hostap_handle_sta_release(sta_ptr);
+
+ return 0;
+}
+
+
+static int prism2_ioctl_get_rid(local_info_t *local,
+ struct prism2_hostapd_param *param,
+ int param_len)
+{
+ int max_len, res;
+
+ max_len = param_len - PRISM2_HOSTAPD_RID_HDR_LEN;
+ if (max_len < 0)
+ return -EINVAL;
+
+ res = local->func->get_rid(local->dev, param->u.rid.rid,
+ param->u.rid.data, param->u.rid.len, 0);
+ if (res >= 0) {
+ param->u.rid.len = res;
+ return 0;
+ }
+
+ return res;
+}
+
+
+static int prism2_ioctl_set_rid(local_info_t *local,
+ struct prism2_hostapd_param *param,
+ int param_len)
+{
+ int max_len;
+
+ max_len = param_len - PRISM2_HOSTAPD_RID_HDR_LEN;
+ if (max_len < 0 || max_len < param->u.rid.len)
+ return -EINVAL;
+
+ return local->func->set_rid(local->dev, param->u.rid.rid,
+ param->u.rid.data, param->u.rid.len);
+}
+
+
+static int prism2_ioctl_set_assoc_ap_addr(local_info_t *local,
+ struct prism2_hostapd_param *param,
+ int param_len)
+{
+ printk(KERN_DEBUG "%ssta: associated as client with AP %pM\n",
+ local->dev->name, param->sta_addr);
+ memcpy(local->assoc_ap_addr, param->sta_addr, ETH_ALEN);
+ return 0;
+}
+
+
+static int prism2_ioctl_siwgenie(struct net_device *dev,
+ struct iw_request_info *info,
+ struct iw_point *data, char *extra)
+{
+ return prism2_set_genericelement(dev, extra, data->length);
+}
+
+
+static int prism2_ioctl_giwgenie(struct net_device *dev,
+ struct iw_request_info *info,
+ struct iw_point *data, char *extra)
+{
+ struct hostap_interface *iface = netdev_priv(dev);
+ local_info_t *local = iface->local;
+ int len = local->generic_elem_len - 2;
+
+ if (len <= 0 || local->generic_elem == NULL) {
+ data->length = 0;
+ return 0;
+ }
+
+ if (data->length < len)
+ return -E2BIG;
+
+ data->length = len;
+ memcpy(extra, local->generic_elem + 2, len);
+
+ return 0;
+}
+
+
+static int prism2_ioctl_set_generic_element(local_info_t *local,
+ struct prism2_hostapd_param *param,
+ int param_len)
+{
+ int max_len, len;
+
+ len = param->u.generic_elem.len;
+ max_len = param_len - PRISM2_HOSTAPD_GENERIC_ELEMENT_HDR_LEN;
+ if (max_len < 0 || max_len < len)
+ return -EINVAL;
+
+ return prism2_set_genericelement(local->dev,
+ param->u.generic_elem.data, len);
+}
+
+
+static int prism2_ioctl_siwmlme(struct net_device *dev,
+ struct iw_request_info *info,
+ struct iw_point *data, char *extra)
+{
+ struct hostap_interface *iface = netdev_priv(dev);
+ local_info_t *local = iface->local;
+ struct iw_mlme *mlme = (struct iw_mlme *) extra;
+ __le16 reason;
+
+ reason = cpu_to_le16(mlme->reason_code);
+
+ switch (mlme->cmd) {
+ case IW_MLME_DEAUTH:
+ return prism2_sta_send_mgmt(local, mlme->addr.sa_data,
+ IEEE80211_STYPE_DEAUTH,
+ (u8 *) &reason, 2);
+ case IW_MLME_DISASSOC:
+ return prism2_sta_send_mgmt(local, mlme->addr.sa_data,
+ IEEE80211_STYPE_DISASSOC,
+ (u8 *) &reason, 2);
+ default:
+ return -EOPNOTSUPP;
+ }
+}
+
+
+static int prism2_ioctl_mlme(local_info_t *local,
+ struct prism2_hostapd_param *param)
+{
+ __le16 reason;
+
+ reason = cpu_to_le16(param->u.mlme.reason_code);
+ switch (param->u.mlme.cmd) {
+ case MLME_STA_DEAUTH:
+ return prism2_sta_send_mgmt(local, param->sta_addr,
+ IEEE80211_STYPE_DEAUTH,
+ (u8 *) &reason, 2);
+ case MLME_STA_DISASSOC:
+ return prism2_sta_send_mgmt(local, param->sta_addr,
+ IEEE80211_STYPE_DISASSOC,
+ (u8 *) &reason, 2);
+ default:
+ return -EOPNOTSUPP;
+ }
+}
+
+
+static int prism2_ioctl_scan_req(local_info_t *local,
+ struct prism2_hostapd_param *param)
+{
+#ifndef PRISM2_NO_STATION_MODES
+ if ((local->iw_mode != IW_MODE_INFRA &&
+ local->iw_mode != IW_MODE_ADHOC) ||
+ (local->sta_fw_ver < PRISM2_FW_VER(1,3,1)))
+ return -EOPNOTSUPP;
+
+ if (!local->dev_enabled)
+ return -ENETDOWN;
+
+ return prism2_request_hostscan(local->dev, param->u.scan_req.ssid,
+ param->u.scan_req.ssid_len);
+#else /* PRISM2_NO_STATION_MODES */
+ return -EOPNOTSUPP;
+#endif /* PRISM2_NO_STATION_MODES */
+}
+
+
+static int prism2_ioctl_priv_hostapd(local_info_t *local, struct iw_point *p)
+{
+ struct prism2_hostapd_param *param;
+ int ret = 0;
+ int ap_ioctl = 0;
+
+ if (p->length < sizeof(struct prism2_hostapd_param) ||
+ p->length > PRISM2_HOSTAPD_MAX_BUF_SIZE || !p->pointer)
+ return -EINVAL;
+
+ param = memdup_user(p->pointer, p->length);
+ if (IS_ERR(param)) {
+ return PTR_ERR(param);
+ }
+
+ switch (param->cmd) {
+ case PRISM2_SET_ENCRYPTION:
+ ret = prism2_ioctl_set_encryption(local, param, p->length);
+ break;
+ case PRISM2_GET_ENCRYPTION:
+ ret = prism2_ioctl_get_encryption(local, param, p->length);
+ break;
+ case PRISM2_HOSTAPD_GET_RID:
+ ret = prism2_ioctl_get_rid(local, param, p->length);
+ break;
+ case PRISM2_HOSTAPD_SET_RID:
+ ret = prism2_ioctl_set_rid(local, param, p->length);
+ break;
+ case PRISM2_HOSTAPD_SET_ASSOC_AP_ADDR:
+ ret = prism2_ioctl_set_assoc_ap_addr(local, param, p->length);
+ break;
+ case PRISM2_HOSTAPD_SET_GENERIC_ELEMENT:
+ ret = prism2_ioctl_set_generic_element(local, param,
+ p->length);
+ break;
+ case PRISM2_HOSTAPD_MLME:
+ ret = prism2_ioctl_mlme(local, param);
+ break;
+ case PRISM2_HOSTAPD_SCAN_REQ:
+ ret = prism2_ioctl_scan_req(local, param);
+ break;
+ default:
+ ret = prism2_hostapd(local->ap, param);
+ ap_ioctl = 1;
+ break;
+ }
+
+ if (ret == 1 || !ap_ioctl) {
+ if (copy_to_user(p->pointer, param, p->length)) {
+ ret = -EFAULT;
+ goto out;
+ } else if (ap_ioctl)
+ ret = 0;
+ }
+
+ out:
+ kfree(param);
+ return ret;
+}
+
+
+static void prism2_get_drvinfo(struct net_device *dev,
+ struct ethtool_drvinfo *info)
+{
+ struct hostap_interface *iface;
+ local_info_t *local;
+
+ iface = netdev_priv(dev);
+ local = iface->local;
+
+ strscpy(info->driver, "hostap", sizeof(info->driver));
+ snprintf(info->fw_version, sizeof(info->fw_version),
+ "%d.%d.%d", (local->sta_fw_ver >> 16) & 0xff,
+ (local->sta_fw_ver >> 8) & 0xff,
+ local->sta_fw_ver & 0xff);
+}
+
+const struct ethtool_ops prism2_ethtool_ops = {
+ .get_drvinfo = prism2_get_drvinfo
+};
+
+
+/* Structures to export the Wireless Handlers */
+
+static const iw_handler prism2_handler[] =
+{
+ (iw_handler) NULL, /* SIOCSIWCOMMIT */
+ (iw_handler) prism2_get_name, /* SIOCGIWNAME */
+ (iw_handler) NULL, /* SIOCSIWNWID */
+ (iw_handler) NULL, /* SIOCGIWNWID */
+ (iw_handler) prism2_ioctl_siwfreq, /* SIOCSIWFREQ */
+ (iw_handler) prism2_ioctl_giwfreq, /* SIOCGIWFREQ */
+ (iw_handler) prism2_ioctl_siwmode, /* SIOCSIWMODE */
+ (iw_handler) prism2_ioctl_giwmode, /* SIOCGIWMODE */
+ (iw_handler) prism2_ioctl_siwsens, /* SIOCSIWSENS */
+ (iw_handler) prism2_ioctl_giwsens, /* SIOCGIWSENS */
+ (iw_handler) NULL /* not used */, /* SIOCSIWRANGE */
+ (iw_handler) prism2_ioctl_giwrange, /* SIOCGIWRANGE */
+ (iw_handler) NULL /* not used */, /* SIOCSIWPRIV */
+ (iw_handler) NULL /* kernel code */, /* SIOCGIWPRIV */
+ (iw_handler) NULL /* not used */, /* SIOCSIWSTATS */
+ (iw_handler) NULL /* kernel code */, /* SIOCGIWSTATS */
+ iw_handler_set_spy, /* SIOCSIWSPY */
+ iw_handler_get_spy, /* SIOCGIWSPY */
+ iw_handler_set_thrspy, /* SIOCSIWTHRSPY */
+ iw_handler_get_thrspy, /* SIOCGIWTHRSPY */
+ (iw_handler) prism2_ioctl_siwap, /* SIOCSIWAP */
+ (iw_handler) prism2_ioctl_giwap, /* SIOCGIWAP */
+ (iw_handler) prism2_ioctl_siwmlme, /* SIOCSIWMLME */
+ (iw_handler) prism2_ioctl_giwaplist, /* SIOCGIWAPLIST */
+ (iw_handler) prism2_ioctl_siwscan, /* SIOCSIWSCAN */
+ (iw_handler) prism2_ioctl_giwscan, /* SIOCGIWSCAN */
+ (iw_handler) prism2_ioctl_siwessid, /* SIOCSIWESSID */
+ (iw_handler) prism2_ioctl_giwessid, /* SIOCGIWESSID */
+ (iw_handler) prism2_ioctl_siwnickn, /* SIOCSIWNICKN */
+ (iw_handler) prism2_ioctl_giwnickn, /* SIOCGIWNICKN */
+ (iw_handler) NULL, /* -- hole -- */
+ (iw_handler) NULL, /* -- hole -- */
+ (iw_handler) prism2_ioctl_siwrate, /* SIOCSIWRATE */
+ (iw_handler) prism2_ioctl_giwrate, /* SIOCGIWRATE */
+ (iw_handler) prism2_ioctl_siwrts, /* SIOCSIWRTS */
+ (iw_handler) prism2_ioctl_giwrts, /* SIOCGIWRTS */
+ (iw_handler) prism2_ioctl_siwfrag, /* SIOCSIWFRAG */
+ (iw_handler) prism2_ioctl_giwfrag, /* SIOCGIWFRAG */
+ (iw_handler) prism2_ioctl_siwtxpow, /* SIOCSIWTXPOW */
+ (iw_handler) prism2_ioctl_giwtxpow, /* SIOCGIWTXPOW */
+ (iw_handler) prism2_ioctl_siwretry, /* SIOCSIWRETRY */
+ (iw_handler) prism2_ioctl_giwretry, /* SIOCGIWRETRY */
+ (iw_handler) prism2_ioctl_siwencode, /* SIOCSIWENCODE */
+ (iw_handler) prism2_ioctl_giwencode, /* SIOCGIWENCODE */
+ (iw_handler) prism2_ioctl_siwpower, /* SIOCSIWPOWER */
+ (iw_handler) prism2_ioctl_giwpower, /* SIOCGIWPOWER */
+ (iw_handler) NULL, /* -- hole -- */
+ (iw_handler) NULL, /* -- hole -- */
+ (iw_handler) prism2_ioctl_siwgenie, /* SIOCSIWGENIE */
+ (iw_handler) prism2_ioctl_giwgenie, /* SIOCGIWGENIE */
+ (iw_handler) prism2_ioctl_siwauth, /* SIOCSIWAUTH */
+ (iw_handler) prism2_ioctl_giwauth, /* SIOCGIWAUTH */
+ (iw_handler) prism2_ioctl_siwencodeext, /* SIOCSIWENCODEEXT */
+ (iw_handler) prism2_ioctl_giwencodeext, /* SIOCGIWENCODEEXT */
+ (iw_handler) NULL, /* SIOCSIWPMKSA */
+ (iw_handler) NULL, /* -- hole -- */
+};
+
+static const iw_handler prism2_private_handler[] =
+{ /* SIOCIWFIRSTPRIV + */
+ (iw_handler) prism2_ioctl_priv_prism2_param, /* 0 */
+ (iw_handler) prism2_ioctl_priv_get_prism2_param, /* 1 */
+ (iw_handler) prism2_ioctl_priv_writemif, /* 2 */
+ (iw_handler) prism2_ioctl_priv_readmif, /* 3 */
+};
+
+const struct iw_handler_def hostap_iw_handler_def =
+{
+ .num_standard = ARRAY_SIZE(prism2_handler),
+ .num_private = ARRAY_SIZE(prism2_private_handler),
+ .num_private_args = ARRAY_SIZE(prism2_priv),
+ .standard = (iw_handler *) prism2_handler,
+ .private = (iw_handler *) prism2_private_handler,
+ .private_args = (struct iw_priv_args *) prism2_priv,
+ .get_wireless_stats = hostap_get_wireless_stats,
+};
+
+/* Private ioctls (iwpriv) that have not yet been converted
+ * into new wireless extensions API */
+int hostap_ioctl(struct net_device *dev, struct ifreq *ifr, int cmd)
+{
+ struct iwreq *wrq = (struct iwreq *) ifr;
+ struct hostap_interface *iface;
+ local_info_t *local;
+ int ret = 0;
+
+ iface = netdev_priv(dev);
+ local = iface->local;
+
+ switch (cmd) {
+ case PRISM2_IOCTL_INQUIRE:
+ if (!capable(CAP_NET_ADMIN)) ret = -EPERM;
+ else ret = prism2_ioctl_priv_inquire(dev, (int *) wrq->u.name);
+ break;
+
+ case PRISM2_IOCTL_MONITOR:
+ if (!capable(CAP_NET_ADMIN)) ret = -EPERM;
+ else ret = prism2_ioctl_priv_monitor(dev, (int *) wrq->u.name);
+ break;
+
+ case PRISM2_IOCTL_RESET:
+ if (!capable(CAP_NET_ADMIN)) ret = -EPERM;
+ else ret = prism2_ioctl_priv_reset(dev, (int *) wrq->u.name);
+ break;
+
+ case PRISM2_IOCTL_WDS_ADD:
+ if (!capable(CAP_NET_ADMIN)) ret = -EPERM;
+ else ret = prism2_wds_add(local, wrq->u.ap_addr.sa_data, 1);
+ break;
+
+ case PRISM2_IOCTL_WDS_DEL:
+ if (!capable(CAP_NET_ADMIN)) ret = -EPERM;
+ else ret = prism2_wds_del(local, wrq->u.ap_addr.sa_data, 1, 0);
+ break;
+
+ case PRISM2_IOCTL_SET_RID_WORD:
+ if (!capable(CAP_NET_ADMIN)) ret = -EPERM;
+ else ret = prism2_ioctl_priv_set_rid_word(dev,
+ (int *) wrq->u.name);
+ break;
+
+#ifndef PRISM2_NO_KERNEL_IEEE80211_MGMT
+ case PRISM2_IOCTL_MACCMD:
+ if (!capable(CAP_NET_ADMIN)) ret = -EPERM;
+ else ret = ap_mac_cmd_ioctl(local, (int *) wrq->u.name);
+ break;
+
+ case PRISM2_IOCTL_ADDMAC:
+ if (!capable(CAP_NET_ADMIN)) ret = -EPERM;
+ else ret = ap_control_add_mac(&local->ap->mac_restrictions,
+ wrq->u.ap_addr.sa_data);
+ break;
+ case PRISM2_IOCTL_DELMAC:
+ if (!capable(CAP_NET_ADMIN)) ret = -EPERM;
+ else ret = ap_control_del_mac(&local->ap->mac_restrictions,
+ wrq->u.ap_addr.sa_data);
+ break;
+ case PRISM2_IOCTL_KICKMAC:
+ if (!capable(CAP_NET_ADMIN)) ret = -EPERM;
+ else ret = ap_control_kick_mac(local->ap, local->dev,
+ wrq->u.ap_addr.sa_data);
+ break;
+#endif /* PRISM2_NO_KERNEL_IEEE80211_MGMT */
+ default:
+ ret = -EOPNOTSUPP;
+ break;
+ }
+
+ return ret;
+}
+
+/* Private ioctls that are not used with iwpriv;
+ * in SIOCDEVPRIVATE range */
+int hostap_siocdevprivate(struct net_device *dev, struct ifreq *ifr,
+ void __user *data, int cmd)
+{
+ struct iwreq *wrq = (struct iwreq *)ifr;
+ struct hostap_interface *iface;
+ local_info_t *local;
+ int ret = 0;
+
+ iface = netdev_priv(dev);
+ local = iface->local;
+
+ if (in_compat_syscall()) /* not implemented yet */
+ return -EOPNOTSUPP;
+
+ switch (cmd) {
+#ifdef PRISM2_DOWNLOAD_SUPPORT
+ case PRISM2_IOCTL_DOWNLOAD:
+ if (!capable(CAP_NET_ADMIN)) ret = -EPERM;
+ else ret = prism2_ioctl_priv_download(local, &wrq->u.data);
+ break;
+#endif /* PRISM2_DOWNLOAD_SUPPORT */
+
+ case PRISM2_IOCTL_HOSTAPD:
+ if (!capable(CAP_NET_ADMIN)) ret = -EPERM;
+ else ret = prism2_ioctl_priv_hostapd(local, &wrq->u.data);
+ break;
+
+ default:
+ ret = -EOPNOTSUPP;
+ break;
+ }
+
+ return ret;
+}
diff --git a/drivers/net/wireless/intersil/hostap/hostap_main.c b/drivers/net/wireless/intersil/hostap/hostap_main.c
new file mode 100644
index 000000000..787f685e7
--- /dev/null
+++ b/drivers/net/wireless/intersil/hostap/hostap_main.c
@@ -0,0 +1,1126 @@
+// SPDX-License-Identifier: GPL-2.0-only
+/*
+ * Host AP (software wireless LAN access point) driver for
+ * Intersil Prism2/2.5/3 - hostap.o module, common routines
+ *
+ * Copyright (c) 2001-2002, SSH Communications Security Corp and Jouni Malinen
+ * <j@w1.fi>
+ * Copyright (c) 2002-2005, Jouni Malinen <j@w1.fi>
+ */
+
+#include <linux/module.h>
+#include <linux/init.h>
+#include <linux/slab.h>
+#include <linux/proc_fs.h>
+#include <linux/if_arp.h>
+#include <linux/delay.h>
+#include <linux/random.h>
+#include <linux/workqueue.h>
+#include <linux/kmod.h>
+#include <linux/rtnetlink.h>
+#include <linux/wireless.h>
+#include <linux/etherdevice.h>
+#include <net/net_namespace.h>
+#include <net/iw_handler.h>
+#include <net/lib80211.h>
+#include <linux/uaccess.h>
+
+#include "hostap_wlan.h"
+#include "hostap_80211.h"
+#include "hostap_ap.h"
+#include "hostap.h"
+
+MODULE_AUTHOR("Jouni Malinen");
+MODULE_DESCRIPTION("Host AP common routines");
+MODULE_LICENSE("GPL");
+
+#define TX_TIMEOUT (2 * HZ)
+
+#define PRISM2_MAX_FRAME_SIZE 2304
+#define PRISM2_MIN_MTU 256
+/* FIX: */
+#define PRISM2_MAX_MTU (PRISM2_MAX_FRAME_SIZE - (6 /* LLC */ + 8 /* WEP */))
+
+
+struct net_device * hostap_add_interface(struct local_info *local,
+ int type, int rtnl_locked,
+ const char *prefix,
+ const char *name)
+{
+ struct net_device *dev, *mdev;
+ struct hostap_interface *iface;
+ int ret;
+
+ dev = alloc_etherdev(sizeof(struct hostap_interface));
+ if (dev == NULL)
+ return NULL;
+
+ iface = netdev_priv(dev);
+ iface->dev = dev;
+ iface->local = local;
+ iface->type = type;
+ list_add(&iface->list, &local->hostap_interfaces);
+
+ mdev = local->dev;
+ eth_hw_addr_inherit(dev, mdev);
+ dev->base_addr = mdev->base_addr;
+ dev->irq = mdev->irq;
+ dev->mem_start = mdev->mem_start;
+ dev->mem_end = mdev->mem_end;
+
+ hostap_setup_dev(dev, local, type);
+ dev->needs_free_netdev = true;
+
+ sprintf(dev->name, "%s%s", prefix, name);
+ if (!rtnl_locked)
+ rtnl_lock();
+
+ SET_NETDEV_DEV(dev, mdev->dev.parent);
+ ret = register_netdevice(dev);
+
+ if (!rtnl_locked)
+ rtnl_unlock();
+
+ if (ret < 0) {
+ printk(KERN_WARNING "%s: failed to add new netdevice!\n",
+ dev->name);
+ free_netdev(dev);
+ return NULL;
+ }
+
+ printk(KERN_DEBUG "%s: registered netdevice %s\n",
+ mdev->name, dev->name);
+
+ return dev;
+}
+
+
+void hostap_remove_interface(struct net_device *dev, int rtnl_locked,
+ int remove_from_list)
+{
+ struct hostap_interface *iface;
+
+ if (!dev)
+ return;
+
+ iface = netdev_priv(dev);
+
+ if (remove_from_list) {
+ list_del(&iface->list);
+ }
+
+ if (dev == iface->local->ddev)
+ iface->local->ddev = NULL;
+ else if (dev == iface->local->apdev)
+ iface->local->apdev = NULL;
+ else if (dev == iface->local->stadev)
+ iface->local->stadev = NULL;
+
+ if (rtnl_locked)
+ unregister_netdevice(dev);
+ else
+ unregister_netdev(dev);
+
+ /* 'dev->needs_free_netdev = true' implies device data, including
+ * private data, will be freed when the device is removed */
+}
+
+
+static inline int prism2_wds_special_addr(u8 *addr)
+{
+ if (addr[0] || addr[1] || addr[2] || addr[3] || addr[4] || addr[5])
+ return 0;
+
+ return 1;
+}
+
+
+int prism2_wds_add(local_info_t *local, u8 *remote_addr,
+ int rtnl_locked)
+{
+ struct net_device *dev;
+ struct list_head *ptr;
+ struct hostap_interface *iface, *empty, *match;
+
+ empty = match = NULL;
+ read_lock_bh(&local->iface_lock);
+ list_for_each(ptr, &local->hostap_interfaces) {
+ iface = list_entry(ptr, struct hostap_interface, list);
+ if (iface->type != HOSTAP_INTERFACE_WDS)
+ continue;
+
+ if (prism2_wds_special_addr(iface->u.wds.remote_addr))
+ empty = iface;
+ else if (ether_addr_equal(iface->u.wds.remote_addr, remote_addr)) {
+ match = iface;
+ break;
+ }
+ }
+ if (!match && empty && !prism2_wds_special_addr(remote_addr)) {
+ /* take pre-allocated entry into use */
+ memcpy(empty->u.wds.remote_addr, remote_addr, ETH_ALEN);
+ read_unlock_bh(&local->iface_lock);
+ printk(KERN_DEBUG "%s: using pre-allocated WDS netdevice %s\n",
+ local->dev->name, empty->dev->name);
+ return 0;
+ }
+ read_unlock_bh(&local->iface_lock);
+
+ if (!prism2_wds_special_addr(remote_addr)) {
+ if (match)
+ return -EEXIST;
+ hostap_add_sta(local->ap, remote_addr);
+ }
+
+ if (local->wds_connections >= local->wds_max_connections)
+ return -ENOBUFS;
+
+ /* verify that there is room for wds# postfix in the interface name */
+ if (strlen(local->dev->name) >= IFNAMSIZ - 5) {
+ printk(KERN_DEBUG "'%s' too long base device name\n",
+ local->dev->name);
+ return -EINVAL;
+ }
+
+ dev = hostap_add_interface(local, HOSTAP_INTERFACE_WDS, rtnl_locked,
+ local->ddev->name, "wds%d");
+ if (dev == NULL)
+ return -ENOMEM;
+
+ iface = netdev_priv(dev);
+ memcpy(iface->u.wds.remote_addr, remote_addr, ETH_ALEN);
+
+ local->wds_connections++;
+
+ return 0;
+}
+
+
+int prism2_wds_del(local_info_t *local, u8 *remote_addr,
+ int rtnl_locked, int do_not_remove)
+{
+ unsigned long flags;
+ struct list_head *ptr;
+ struct hostap_interface *iface, *selected = NULL;
+
+ write_lock_irqsave(&local->iface_lock, flags);
+ list_for_each(ptr, &local->hostap_interfaces) {
+ iface = list_entry(ptr, struct hostap_interface, list);
+ if (iface->type != HOSTAP_INTERFACE_WDS)
+ continue;
+
+ if (ether_addr_equal(iface->u.wds.remote_addr, remote_addr)) {
+ selected = iface;
+ break;
+ }
+ }
+ if (selected && !do_not_remove)
+ list_del(&selected->list);
+ write_unlock_irqrestore(&local->iface_lock, flags);
+
+ if (selected) {
+ if (do_not_remove)
+ eth_zero_addr(selected->u.wds.remote_addr);
+ else {
+ hostap_remove_interface(selected->dev, rtnl_locked, 0);
+ local->wds_connections--;
+ }
+ }
+
+ return selected ? 0 : -ENODEV;
+}
+
+
+u16 hostap_tx_callback_register(local_info_t *local,
+ void (*func)(struct sk_buff *, int ok, void *),
+ void *data)
+{
+ unsigned long flags;
+ struct hostap_tx_callback_info *entry;
+
+ entry = kmalloc(sizeof(*entry), GFP_KERNEL);
+ if (entry == NULL)
+ return 0;
+
+ entry->func = func;
+ entry->data = data;
+
+ spin_lock_irqsave(&local->lock, flags);
+ entry->idx = local->tx_callback ? local->tx_callback->idx + 1 : 1;
+ entry->next = local->tx_callback;
+ local->tx_callback = entry;
+ spin_unlock_irqrestore(&local->lock, flags);
+
+ return entry->idx;
+}
+
+
+int hostap_tx_callback_unregister(local_info_t *local, u16 idx)
+{
+ unsigned long flags;
+ struct hostap_tx_callback_info *cb, *prev = NULL;
+
+ spin_lock_irqsave(&local->lock, flags);
+ cb = local->tx_callback;
+ while (cb != NULL && cb->idx != idx) {
+ prev = cb;
+ cb = cb->next;
+ }
+ if (cb) {
+ if (prev == NULL)
+ local->tx_callback = cb->next;
+ else
+ prev->next = cb->next;
+ kfree(cb);
+ }
+ spin_unlock_irqrestore(&local->lock, flags);
+
+ return cb ? 0 : -1;
+}
+
+
+/* val is in host byte order */
+int hostap_set_word(struct net_device *dev, int rid, u16 val)
+{
+ struct hostap_interface *iface;
+ __le16 tmp = cpu_to_le16(val);
+ iface = netdev_priv(dev);
+ return iface->local->func->set_rid(dev, rid, &tmp, 2);
+}
+
+
+int hostap_set_string(struct net_device *dev, int rid, const char *val)
+{
+ struct hostap_interface *iface;
+ char buf[MAX_SSID_LEN + 2];
+ int len;
+
+ iface = netdev_priv(dev);
+ len = strlen(val);
+ if (len > MAX_SSID_LEN)
+ return -1;
+ memset(buf, 0, sizeof(buf));
+ buf[0] = len; /* little endian 16 bit word */
+ memcpy(buf + 2, val, len);
+
+ return iface->local->func->set_rid(dev, rid, &buf, MAX_SSID_LEN + 2);
+}
+
+
+u16 hostap_get_porttype(local_info_t *local)
+{
+ if (local->iw_mode == IW_MODE_ADHOC && local->pseudo_adhoc)
+ return HFA384X_PORTTYPE_PSEUDO_IBSS;
+ if (local->iw_mode == IW_MODE_ADHOC)
+ return HFA384X_PORTTYPE_IBSS;
+ if (local->iw_mode == IW_MODE_INFRA)
+ return HFA384X_PORTTYPE_BSS;
+ if (local->iw_mode == IW_MODE_REPEAT)
+ return HFA384X_PORTTYPE_WDS;
+ if (local->iw_mode == IW_MODE_MONITOR)
+ return HFA384X_PORTTYPE_PSEUDO_IBSS;
+ return HFA384X_PORTTYPE_HOSTAP;
+}
+
+
+int hostap_set_encryption(local_info_t *local)
+{
+ u16 val, old_val;
+ int i, keylen, len, idx;
+ char keybuf[WEP_KEY_LEN + 1];
+ enum { NONE, WEP, OTHER } encrypt_type;
+
+ idx = local->crypt_info.tx_keyidx;
+ if (local->crypt_info.crypt[idx] == NULL ||
+ local->crypt_info.crypt[idx]->ops == NULL)
+ encrypt_type = NONE;
+ else if (strcmp(local->crypt_info.crypt[idx]->ops->name, "WEP") == 0)
+ encrypt_type = WEP;
+ else
+ encrypt_type = OTHER;
+
+ if (local->func->get_rid(local->dev, HFA384X_RID_CNFWEPFLAGS, &val, 2,
+ 1) < 0) {
+ printk(KERN_DEBUG "Could not read current WEP flags.\n");
+ goto fail;
+ }
+ le16_to_cpus(&val);
+ old_val = val;
+
+ if (encrypt_type != NONE || local->privacy_invoked)
+ val |= HFA384X_WEPFLAGS_PRIVACYINVOKED;
+ else
+ val &= ~HFA384X_WEPFLAGS_PRIVACYINVOKED;
+
+ if (local->open_wep || encrypt_type == NONE ||
+ ((local->ieee_802_1x || local->wpa) && local->host_decrypt))
+ val &= ~HFA384X_WEPFLAGS_EXCLUDEUNENCRYPTED;
+ else
+ val |= HFA384X_WEPFLAGS_EXCLUDEUNENCRYPTED;
+
+ if ((encrypt_type != NONE || local->privacy_invoked) &&
+ (encrypt_type == OTHER || local->host_encrypt))
+ val |= HFA384X_WEPFLAGS_HOSTENCRYPT;
+ else
+ val &= ~HFA384X_WEPFLAGS_HOSTENCRYPT;
+ if ((encrypt_type != NONE || local->privacy_invoked) &&
+ (encrypt_type == OTHER || local->host_decrypt))
+ val |= HFA384X_WEPFLAGS_HOSTDECRYPT;
+ else
+ val &= ~HFA384X_WEPFLAGS_HOSTDECRYPT;
+
+ if (val != old_val &&
+ hostap_set_word(local->dev, HFA384X_RID_CNFWEPFLAGS, val)) {
+ printk(KERN_DEBUG "Could not write new WEP flags (0x%x)\n",
+ val);
+ goto fail;
+ }
+
+ if (encrypt_type != WEP)
+ return 0;
+
+ /* 104-bit support seems to require that all the keys are set to the
+ * same keylen */
+ keylen = 6; /* first 5 octets */
+ len = local->crypt_info.crypt[idx]->ops->get_key(keybuf, sizeof(keybuf), NULL,
+ local->crypt_info.crypt[idx]->priv);
+ if (idx >= 0 && idx < WEP_KEYS && len > 5)
+ keylen = WEP_KEY_LEN + 1; /* first 13 octets */
+
+ for (i = 0; i < WEP_KEYS; i++) {
+ memset(keybuf, 0, sizeof(keybuf));
+ if (local->crypt_info.crypt[i]) {
+ (void) local->crypt_info.crypt[i]->ops->get_key(
+ keybuf, sizeof(keybuf),
+ NULL, local->crypt_info.crypt[i]->priv);
+ }
+ if (local->func->set_rid(local->dev,
+ HFA384X_RID_CNFDEFAULTKEY0 + i,
+ keybuf, keylen)) {
+ printk(KERN_DEBUG "Could not set key %d (len=%d)\n",
+ i, keylen);
+ goto fail;
+ }
+ }
+ if (hostap_set_word(local->dev, HFA384X_RID_CNFWEPDEFAULTKEYID, idx)) {
+ printk(KERN_DEBUG "Could not set default keyid %d\n", idx);
+ goto fail;
+ }
+
+ return 0;
+
+ fail:
+ printk(KERN_DEBUG "%s: encryption setup failed\n", local->dev->name);
+ return -1;
+}
+
+
+int hostap_set_antsel(local_info_t *local)
+{
+ u16 val;
+ int ret = 0;
+
+ if (local->antsel_tx != HOSTAP_ANTSEL_DO_NOT_TOUCH &&
+ local->func->cmd(local->dev, HFA384X_CMDCODE_READMIF,
+ HFA386X_CR_TX_CONFIGURE,
+ NULL, &val) == 0) {
+ val &= ~(BIT(2) | BIT(1));
+ switch (local->antsel_tx) {
+ case HOSTAP_ANTSEL_DIVERSITY:
+ val |= BIT(1);
+ break;
+ case HOSTAP_ANTSEL_LOW:
+ break;
+ case HOSTAP_ANTSEL_HIGH:
+ val |= BIT(2);
+ break;
+ }
+
+ if (local->func->cmd(local->dev, HFA384X_CMDCODE_WRITEMIF,
+ HFA386X_CR_TX_CONFIGURE, &val, NULL)) {
+ printk(KERN_INFO "%s: setting TX AntSel failed\n",
+ local->dev->name);
+ ret = -1;
+ }
+ }
+
+ if (local->antsel_rx != HOSTAP_ANTSEL_DO_NOT_TOUCH &&
+ local->func->cmd(local->dev, HFA384X_CMDCODE_READMIF,
+ HFA386X_CR_RX_CONFIGURE,
+ NULL, &val) == 0) {
+ val &= ~(BIT(1) | BIT(0));
+ switch (local->antsel_rx) {
+ case HOSTAP_ANTSEL_DIVERSITY:
+ break;
+ case HOSTAP_ANTSEL_LOW:
+ val |= BIT(0);
+ break;
+ case HOSTAP_ANTSEL_HIGH:
+ val |= BIT(0) | BIT(1);
+ break;
+ }
+
+ if (local->func->cmd(local->dev, HFA384X_CMDCODE_WRITEMIF,
+ HFA386X_CR_RX_CONFIGURE, &val, NULL)) {
+ printk(KERN_INFO "%s: setting RX AntSel failed\n",
+ local->dev->name);
+ ret = -1;
+ }
+ }
+
+ return ret;
+}
+
+
+int hostap_set_roaming(local_info_t *local)
+{
+ u16 val;
+
+ switch (local->host_roaming) {
+ case 1:
+ val = HFA384X_ROAMING_HOST;
+ break;
+ case 2:
+ val = HFA384X_ROAMING_DISABLED;
+ break;
+ case 0:
+ default:
+ val = HFA384X_ROAMING_FIRMWARE;
+ break;
+ }
+
+ return hostap_set_word(local->dev, HFA384X_RID_CNFROAMINGMODE, val);
+}
+
+
+int hostap_set_auth_algs(local_info_t *local)
+{
+ int val = local->auth_algs;
+ /* At least STA f/w v0.6.2 seems to have issues with cnfAuthentication
+ * set to include both Open and Shared Key flags. It tries to use
+ * Shared Key authentication in that case even if WEP keys are not
+ * configured.. STA f/w v0.7.6 is able to handle such configuration,
+ * but it is unknown when this was fixed between 0.6.2 .. 0.7.6. */
+ if (local->sta_fw_ver < PRISM2_FW_VER(0,7,0) &&
+ val != PRISM2_AUTH_OPEN && val != PRISM2_AUTH_SHARED_KEY)
+ val = PRISM2_AUTH_OPEN;
+
+ if (hostap_set_word(local->dev, HFA384X_RID_CNFAUTHENTICATION, val)) {
+ printk(KERN_INFO "%s: cnfAuthentication setting to 0x%x "
+ "failed\n", local->dev->name, local->auth_algs);
+ return -EINVAL;
+ }
+
+ return 0;
+}
+
+
+void hostap_dump_rx_header(const char *name, const struct hfa384x_rx_frame *rx)
+{
+ u16 status, fc;
+
+ status = __le16_to_cpu(rx->status);
+
+ printk(KERN_DEBUG "%s: RX status=0x%04x (port=%d, type=%d, "
+ "fcserr=%d) silence=%d signal=%d rate=%d rxflow=%d; "
+ "jiffies=%ld\n",
+ name, status, (status >> 8) & 0x07, status >> 13, status & 1,
+ rx->silence, rx->signal, rx->rate, rx->rxflow, jiffies);
+
+ fc = __le16_to_cpu(rx->frame_control);
+ printk(KERN_DEBUG " FC=0x%04x (type=%d:%d) dur=0x%04x seq=0x%04x "
+ "data_len=%d%s%s\n",
+ fc, (fc & IEEE80211_FCTL_FTYPE) >> 2,
+ (fc & IEEE80211_FCTL_STYPE) >> 4,
+ __le16_to_cpu(rx->duration_id), __le16_to_cpu(rx->seq_ctrl),
+ __le16_to_cpu(rx->data_len),
+ fc & IEEE80211_FCTL_TODS ? " [ToDS]" : "",
+ fc & IEEE80211_FCTL_FROMDS ? " [FromDS]" : "");
+
+ printk(KERN_DEBUG " A1=%pM A2=%pM A3=%pM A4=%pM\n",
+ rx->addr1, rx->addr2, rx->addr3, rx->addr4);
+
+ printk(KERN_DEBUG " dst=%pM src=%pM len=%d\n",
+ rx->dst_addr, rx->src_addr,
+ __be16_to_cpu(rx->len));
+}
+
+
+void hostap_dump_tx_header(const char *name, const struct hfa384x_tx_frame *tx)
+{
+ u16 fc;
+
+ printk(KERN_DEBUG "%s: TX status=0x%04x retry_count=%d tx_rate=%d "
+ "tx_control=0x%04x; jiffies=%ld\n",
+ name, __le16_to_cpu(tx->status), tx->retry_count, tx->tx_rate,
+ __le16_to_cpu(tx->tx_control), jiffies);
+
+ fc = __le16_to_cpu(tx->frame_control);
+ printk(KERN_DEBUG " FC=0x%04x (type=%d:%d) dur=0x%04x seq=0x%04x "
+ "data_len=%d%s%s\n",
+ fc, (fc & IEEE80211_FCTL_FTYPE) >> 2,
+ (fc & IEEE80211_FCTL_STYPE) >> 4,
+ __le16_to_cpu(tx->duration_id), __le16_to_cpu(tx->seq_ctrl),
+ __le16_to_cpu(tx->data_len),
+ fc & IEEE80211_FCTL_TODS ? " [ToDS]" : "",
+ fc & IEEE80211_FCTL_FROMDS ? " [FromDS]" : "");
+
+ printk(KERN_DEBUG " A1=%pM A2=%pM A3=%pM A4=%pM\n",
+ tx->addr1, tx->addr2, tx->addr3, tx->addr4);
+
+ printk(KERN_DEBUG " dst=%pM src=%pM len=%d\n",
+ tx->dst_addr, tx->src_addr,
+ __be16_to_cpu(tx->len));
+}
+
+
+static int hostap_80211_header_parse(const struct sk_buff *skb,
+ unsigned char *haddr)
+{
+ memcpy(haddr, skb_mac_header(skb) + 10, ETH_ALEN); /* addr2 */
+ return ETH_ALEN;
+}
+
+
+int hostap_80211_get_hdrlen(__le16 fc)
+{
+ if (ieee80211_is_data(fc) && ieee80211_has_a4 (fc))
+ return 30; /* Addr4 */
+ else if (ieee80211_is_cts(fc) || ieee80211_is_ack(fc))
+ return 10;
+ else if (ieee80211_is_ctl(fc))
+ return 16;
+
+ return 24;
+}
+
+
+static int prism2_close(struct net_device *dev)
+{
+ struct hostap_interface *iface;
+ local_info_t *local;
+
+ PDEBUG(DEBUG_FLOW, "%s: prism2_close\n", dev->name);
+
+ iface = netdev_priv(dev);
+ local = iface->local;
+
+ if (dev == local->ddev) {
+ prism2_sta_deauth(local, WLAN_REASON_DEAUTH_LEAVING);
+ }
+#ifndef PRISM2_NO_KERNEL_IEEE80211_MGMT
+ if (!local->hostapd && dev == local->dev &&
+ (!local->func->card_present || local->func->card_present(local)) &&
+ local->hw_ready && local->ap && local->iw_mode == IW_MODE_MASTER)
+ hostap_deauth_all_stas(dev, local->ap, 1);
+#endif /* PRISM2_NO_KERNEL_IEEE80211_MGMT */
+
+ if (dev == local->dev) {
+ local->func->hw_shutdown(dev, HOSTAP_HW_ENABLE_CMDCOMPL);
+ }
+
+ if (netif_running(dev)) {
+ netif_stop_queue(dev);
+ netif_device_detach(dev);
+ }
+
+ cancel_work_sync(&local->reset_queue);
+ cancel_work_sync(&local->set_multicast_list_queue);
+ cancel_work_sync(&local->set_tim_queue);
+#ifndef PRISM2_NO_STATION_MODES
+ cancel_work_sync(&local->info_queue);
+#endif
+ cancel_work_sync(&local->comms_qual_update);
+
+ module_put(local->hw_module);
+
+ local->num_dev_open--;
+
+ if (dev != local->dev && local->dev->flags & IFF_UP &&
+ local->master_dev_auto_open && local->num_dev_open == 1) {
+ /* Close master radio interface automatically if it was also
+ * opened automatically and we are now closing the last
+ * remaining non-master device. */
+ dev_close(local->dev);
+ }
+
+ return 0;
+}
+
+
+static int prism2_open(struct net_device *dev)
+{
+ struct hostap_interface *iface;
+ local_info_t *local;
+
+ PDEBUG(DEBUG_FLOW, "%s: prism2_open\n", dev->name);
+
+ iface = netdev_priv(dev);
+ local = iface->local;
+
+ if (local->no_pri) {
+ printk(KERN_DEBUG "%s: could not set interface UP - no PRI "
+ "f/w\n", dev->name);
+ return -ENODEV;
+ }
+
+ if ((local->func->card_present && !local->func->card_present(local)) ||
+ local->hw_downloading)
+ return -ENODEV;
+
+ if (!try_module_get(local->hw_module))
+ return -ENODEV;
+ local->num_dev_open++;
+
+ if (!local->dev_enabled && local->func->hw_enable(dev, 1)) {
+ printk(KERN_WARNING "%s: could not enable MAC port\n",
+ dev->name);
+ prism2_close(dev);
+ return -ENODEV;
+ }
+ if (!local->dev_enabled)
+ prism2_callback(local, PRISM2_CALLBACK_ENABLE);
+ local->dev_enabled = 1;
+
+ if (dev != local->dev && !(local->dev->flags & IFF_UP)) {
+ /* Master radio interface is needed for all operation, so open
+ * it automatically when any virtual net_device is opened. */
+ local->master_dev_auto_open = 1;
+ dev_open(local->dev, NULL);
+ }
+
+ netif_device_attach(dev);
+ netif_start_queue(dev);
+
+ return 0;
+}
+
+
+static int prism2_set_mac_address(struct net_device *dev, void *p)
+{
+ struct hostap_interface *iface;
+ local_info_t *local;
+ struct list_head *ptr;
+ struct sockaddr *addr = p;
+
+ iface = netdev_priv(dev);
+ local = iface->local;
+
+ if (local->func->set_rid(dev, HFA384X_RID_CNFOWNMACADDR, addr->sa_data,
+ ETH_ALEN) < 0 || local->func->reset_port(dev))
+ return -EINVAL;
+
+ read_lock_bh(&local->iface_lock);
+ list_for_each(ptr, &local->hostap_interfaces) {
+ iface = list_entry(ptr, struct hostap_interface, list);
+ eth_hw_addr_set(iface->dev, addr->sa_data);
+ }
+ eth_hw_addr_set(local->dev, addr->sa_data);
+ read_unlock_bh(&local->iface_lock);
+
+ return 0;
+}
+
+
+/* TODO: to be further implemented as soon as Prism2 fully supports
+ * GroupAddresses and correct documentation is available */
+void hostap_set_multicast_list_queue(struct work_struct *work)
+{
+ local_info_t *local =
+ container_of(work, local_info_t, set_multicast_list_queue);
+ struct net_device *dev = local->dev;
+
+ if (hostap_set_word(dev, HFA384X_RID_PROMISCUOUSMODE,
+ local->is_promisc)) {
+ printk(KERN_INFO "%s: %sabling promiscuous mode failed\n",
+ dev->name, local->is_promisc ? "en" : "dis");
+ }
+}
+
+
+static void hostap_set_multicast_list(struct net_device *dev)
+{
+#if 0
+ /* FIX: promiscuous mode seems to be causing a lot of problems with
+ * some station firmware versions (FCSErr frames, invalid MACPort, etc.
+ * corrupted incoming frames). This code is now commented out while the
+ * problems are investigated. */
+ struct hostap_interface *iface;
+ local_info_t *local;
+
+ iface = netdev_priv(dev);
+ local = iface->local;
+ if ((dev->flags & IFF_ALLMULTI) || (dev->flags & IFF_PROMISC)) {
+ local->is_promisc = 1;
+ } else {
+ local->is_promisc = 0;
+ }
+
+ schedule_work(&local->set_multicast_list_queue);
+#endif
+}
+
+
+static void prism2_tx_timeout(struct net_device *dev, unsigned int txqueue)
+{
+ struct hostap_interface *iface;
+ local_info_t *local;
+ struct hfa384x_regs regs;
+
+ iface = netdev_priv(dev);
+ local = iface->local;
+
+ printk(KERN_WARNING "%s Tx timed out! Resetting card\n", dev->name);
+ netif_stop_queue(local->dev);
+
+ local->func->read_regs(dev, &regs);
+ printk(KERN_DEBUG "%s: CMD=%04x EVSTAT=%04x "
+ "OFFSET0=%04x OFFSET1=%04x SWSUPPORT0=%04x\n",
+ dev->name, regs.cmd, regs.evstat, regs.offset0, regs.offset1,
+ regs.swsupport0);
+
+ local->func->schedule_reset(local);
+}
+
+const struct header_ops hostap_80211_ops = {
+ .create = eth_header,
+ .cache = eth_header_cache,
+ .cache_update = eth_header_cache_update,
+ .parse = hostap_80211_header_parse,
+};
+EXPORT_SYMBOL(hostap_80211_ops);
+
+
+static const struct net_device_ops hostap_netdev_ops = {
+ .ndo_start_xmit = hostap_data_start_xmit,
+
+ .ndo_open = prism2_open,
+ .ndo_stop = prism2_close,
+ .ndo_do_ioctl = hostap_ioctl,
+ .ndo_siocdevprivate = hostap_siocdevprivate,
+ .ndo_set_mac_address = prism2_set_mac_address,
+ .ndo_set_rx_mode = hostap_set_multicast_list,
+ .ndo_tx_timeout = prism2_tx_timeout,
+ .ndo_validate_addr = eth_validate_addr,
+};
+
+static const struct net_device_ops hostap_mgmt_netdev_ops = {
+ .ndo_start_xmit = hostap_mgmt_start_xmit,
+
+ .ndo_open = prism2_open,
+ .ndo_stop = prism2_close,
+ .ndo_do_ioctl = hostap_ioctl,
+ .ndo_siocdevprivate = hostap_siocdevprivate,
+ .ndo_set_mac_address = prism2_set_mac_address,
+ .ndo_set_rx_mode = hostap_set_multicast_list,
+ .ndo_tx_timeout = prism2_tx_timeout,
+ .ndo_validate_addr = eth_validate_addr,
+};
+
+static const struct net_device_ops hostap_master_ops = {
+ .ndo_start_xmit = hostap_master_start_xmit,
+
+ .ndo_open = prism2_open,
+ .ndo_stop = prism2_close,
+ .ndo_do_ioctl = hostap_ioctl,
+ .ndo_siocdevprivate = hostap_siocdevprivate,
+ .ndo_set_mac_address = prism2_set_mac_address,
+ .ndo_set_rx_mode = hostap_set_multicast_list,
+ .ndo_tx_timeout = prism2_tx_timeout,
+ .ndo_validate_addr = eth_validate_addr,
+};
+
+void hostap_setup_dev(struct net_device *dev, local_info_t *local,
+ int type)
+{
+ struct hostap_interface *iface;
+
+ iface = netdev_priv(dev);
+ ether_setup(dev);
+ dev->min_mtu = PRISM2_MIN_MTU;
+ dev->max_mtu = PRISM2_MAX_MTU;
+ dev->priv_flags &= ~IFF_TX_SKB_SHARING;
+
+ /* kernel callbacks */
+ if (iface) {
+ /* Currently, we point to the proper spy_data only on
+ * the main_dev. This could be fixed. Jean II */
+ iface->wireless_data.spy_data = &iface->spy_data;
+ dev->wireless_data = &iface->wireless_data;
+ }
+ dev->wireless_handlers = &hostap_iw_handler_def;
+ dev->watchdog_timeo = TX_TIMEOUT;
+
+ switch(type) {
+ case HOSTAP_INTERFACE_AP:
+ dev->priv_flags |= IFF_NO_QUEUE; /* use main radio device queue */
+ dev->netdev_ops = &hostap_mgmt_netdev_ops;
+ dev->type = ARPHRD_IEEE80211;
+ dev->header_ops = &hostap_80211_ops;
+ break;
+ case HOSTAP_INTERFACE_MASTER:
+ dev->netdev_ops = &hostap_master_ops;
+ break;
+ default:
+ dev->priv_flags |= IFF_NO_QUEUE; /* use main radio device queue */
+ dev->netdev_ops = &hostap_netdev_ops;
+ }
+
+ dev->mtu = local->mtu;
+
+
+ dev->ethtool_ops = &prism2_ethtool_ops;
+
+}
+
+static int hostap_enable_hostapd(local_info_t *local, int rtnl_locked)
+{
+ struct net_device *dev = local->dev;
+
+ if (local->apdev)
+ return -EEXIST;
+
+ printk(KERN_DEBUG "%s: enabling hostapd mode\n", dev->name);
+
+ local->apdev = hostap_add_interface(local, HOSTAP_INTERFACE_AP,
+ rtnl_locked, local->ddev->name,
+ "ap");
+ if (local->apdev == NULL)
+ return -ENOMEM;
+
+ return 0;
+}
+
+
+static int hostap_disable_hostapd(local_info_t *local, int rtnl_locked)
+{
+ struct net_device *dev = local->dev;
+
+ printk(KERN_DEBUG "%s: disabling hostapd mode\n", dev->name);
+
+ hostap_remove_interface(local->apdev, rtnl_locked, 1);
+ local->apdev = NULL;
+
+ return 0;
+}
+
+
+static int hostap_enable_hostapd_sta(local_info_t *local, int rtnl_locked)
+{
+ struct net_device *dev = local->dev;
+
+ if (local->stadev)
+ return -EEXIST;
+
+ printk(KERN_DEBUG "%s: enabling hostapd STA mode\n", dev->name);
+
+ local->stadev = hostap_add_interface(local, HOSTAP_INTERFACE_STA,
+ rtnl_locked, local->ddev->name,
+ "sta");
+ if (local->stadev == NULL)
+ return -ENOMEM;
+
+ return 0;
+}
+
+
+static int hostap_disable_hostapd_sta(local_info_t *local, int rtnl_locked)
+{
+ struct net_device *dev = local->dev;
+
+ printk(KERN_DEBUG "%s: disabling hostapd mode\n", dev->name);
+
+ hostap_remove_interface(local->stadev, rtnl_locked, 1);
+ local->stadev = NULL;
+
+ return 0;
+}
+
+
+int hostap_set_hostapd(local_info_t *local, int val, int rtnl_locked)
+{
+ int ret;
+
+ if (val < 0 || val > 1)
+ return -EINVAL;
+
+ if (local->hostapd == val)
+ return 0;
+
+ if (val) {
+ ret = hostap_enable_hostapd(local, rtnl_locked);
+ if (ret == 0)
+ local->hostapd = 1;
+ } else {
+ local->hostapd = 0;
+ ret = hostap_disable_hostapd(local, rtnl_locked);
+ if (ret != 0)
+ local->hostapd = 1;
+ }
+
+ return ret;
+}
+
+
+int hostap_set_hostapd_sta(local_info_t *local, int val, int rtnl_locked)
+{
+ int ret;
+
+ if (val < 0 || val > 1)
+ return -EINVAL;
+
+ if (local->hostapd_sta == val)
+ return 0;
+
+ if (val) {
+ ret = hostap_enable_hostapd_sta(local, rtnl_locked);
+ if (ret == 0)
+ local->hostapd_sta = 1;
+ } else {
+ local->hostapd_sta = 0;
+ ret = hostap_disable_hostapd_sta(local, rtnl_locked);
+ if (ret != 0)
+ local->hostapd_sta = 1;
+ }
+
+
+ return ret;
+}
+
+
+int prism2_update_comms_qual(struct net_device *dev)
+{
+ struct hostap_interface *iface;
+ local_info_t *local;
+ int ret = 0;
+ struct hfa384x_comms_quality sq;
+
+ iface = netdev_priv(dev);
+ local = iface->local;
+ if (!local->sta_fw_ver)
+ ret = -1;
+ else if (local->sta_fw_ver >= PRISM2_FW_VER(1,3,1)) {
+ if (local->func->get_rid(local->dev,
+ HFA384X_RID_DBMCOMMSQUALITY,
+ &sq, sizeof(sq), 1) >= 0) {
+ local->comms_qual = (s16) le16_to_cpu(sq.comm_qual);
+ local->avg_signal = (s16) le16_to_cpu(sq.signal_level);
+ local->avg_noise = (s16) le16_to_cpu(sq.noise_level);
+ local->last_comms_qual_update = jiffies;
+ } else
+ ret = -1;
+ } else {
+ if (local->func->get_rid(local->dev, HFA384X_RID_COMMSQUALITY,
+ &sq, sizeof(sq), 1) >= 0) {
+ local->comms_qual = le16_to_cpu(sq.comm_qual);
+ local->avg_signal = HFA384X_LEVEL_TO_dBm(
+ le16_to_cpu(sq.signal_level));
+ local->avg_noise = HFA384X_LEVEL_TO_dBm(
+ le16_to_cpu(sq.noise_level));
+ local->last_comms_qual_update = jiffies;
+ } else
+ ret = -1;
+ }
+
+ return ret;
+}
+
+
+int prism2_sta_send_mgmt(local_info_t *local, u8 *dst, u16 stype,
+ u8 *body, size_t bodylen)
+{
+ struct sk_buff *skb;
+ struct hostap_ieee80211_mgmt *mgmt;
+ struct hostap_skb_tx_data *meta;
+ struct net_device *dev = local->dev;
+
+ skb = dev_alloc_skb(IEEE80211_MGMT_HDR_LEN + bodylen);
+ if (skb == NULL)
+ return -ENOMEM;
+
+ mgmt = skb_put_zero(skb, IEEE80211_MGMT_HDR_LEN);
+ mgmt->frame_control = cpu_to_le16(IEEE80211_FTYPE_MGMT | stype);
+ memcpy(mgmt->da, dst, ETH_ALEN);
+ memcpy(mgmt->sa, dev->dev_addr, ETH_ALEN);
+ memcpy(mgmt->bssid, dst, ETH_ALEN);
+ if (body)
+ skb_put_data(skb, body, bodylen);
+
+ meta = (struct hostap_skb_tx_data *) skb->cb;
+ memset(meta, 0, sizeof(*meta));
+ meta->magic = HOSTAP_SKB_TX_DATA_MAGIC;
+ meta->iface = netdev_priv(dev);
+
+ skb->dev = dev;
+ skb_reset_mac_header(skb);
+ skb_reset_network_header(skb);
+ dev_queue_xmit(skb);
+
+ return 0;
+}
+
+
+int prism2_sta_deauth(local_info_t *local, u16 reason)
+{
+ union iwreq_data wrqu;
+ int ret;
+ __le16 val = cpu_to_le16(reason);
+
+ if (local->iw_mode != IW_MODE_INFRA ||
+ is_zero_ether_addr(local->bssid) ||
+ ether_addr_equal(local->bssid, "\x44\x44\x44\x44\x44\x44"))
+ return 0;
+
+ ret = prism2_sta_send_mgmt(local, local->bssid, IEEE80211_STYPE_DEAUTH,
+ (u8 *) &val, 2);
+ eth_zero_addr(wrqu.ap_addr.sa_data);
+ wireless_send_event(local->dev, SIOCGIWAP, &wrqu, NULL);
+ return ret;
+}
+
+
+struct proc_dir_entry *hostap_proc;
+
+static int __init hostap_init(void)
+{
+ if (init_net.proc_net != NULL) {
+ hostap_proc = proc_mkdir("hostap", init_net.proc_net);
+ if (!hostap_proc)
+ printk(KERN_WARNING "Failed to mkdir "
+ "/proc/net/hostap\n");
+ } else
+ hostap_proc = NULL;
+
+ return 0;
+}
+
+
+static void __exit hostap_exit(void)
+{
+ if (hostap_proc != NULL) {
+ hostap_proc = NULL;
+ remove_proc_entry("hostap", init_net.proc_net);
+ }
+}
+
+
+EXPORT_SYMBOL(hostap_set_word);
+EXPORT_SYMBOL(hostap_set_string);
+EXPORT_SYMBOL(hostap_get_porttype);
+EXPORT_SYMBOL(hostap_set_encryption);
+EXPORT_SYMBOL(hostap_set_antsel);
+EXPORT_SYMBOL(hostap_set_roaming);
+EXPORT_SYMBOL(hostap_set_auth_algs);
+EXPORT_SYMBOL(hostap_dump_rx_header);
+EXPORT_SYMBOL(hostap_dump_tx_header);
+EXPORT_SYMBOL(hostap_80211_get_hdrlen);
+EXPORT_SYMBOL(hostap_setup_dev);
+EXPORT_SYMBOL(hostap_set_multicast_list_queue);
+EXPORT_SYMBOL(hostap_set_hostapd);
+EXPORT_SYMBOL(hostap_set_hostapd_sta);
+EXPORT_SYMBOL(hostap_add_interface);
+EXPORT_SYMBOL(hostap_remove_interface);
+EXPORT_SYMBOL(prism2_update_comms_qual);
+
+module_init(hostap_init);
+module_exit(hostap_exit);
diff --git a/drivers/net/wireless/intersil/hostap/hostap_pci.c b/drivers/net/wireless/intersil/hostap/hostap_pci.c
new file mode 100644
index 000000000..52d77506e
--- /dev/null
+++ b/drivers/net/wireless/intersil/hostap/hostap_pci.c
@@ -0,0 +1,445 @@
+// SPDX-License-Identifier: GPL-2.0-only
+#define PRISM2_PCI
+
+/* Host AP driver's support for Intersil Prism2.5 PCI cards is based on
+ * driver patches from Reyk Floeter <reyk@vantronix.net> and
+ * Andy Warner <andyw@pobox.com> */
+
+#include <linux/module.h>
+#include <linux/if.h>
+#include <linux/skbuff.h>
+#include <linux/netdevice.h>
+#include <linux/slab.h>
+#include <linux/workqueue.h>
+#include <linux/wireless.h>
+#include <net/iw_handler.h>
+
+#include <linux/ioport.h>
+#include <linux/pci.h>
+#include <asm/io.h>
+
+#include "hostap_wlan.h"
+
+
+static char *dev_info = "hostap_pci";
+
+
+MODULE_AUTHOR("Jouni Malinen");
+MODULE_DESCRIPTION("Support for Intersil Prism2.5-based 802.11 wireless LAN "
+ "PCI cards.");
+MODULE_LICENSE("GPL");
+
+
+/* struct local_info::hw_priv */
+struct hostap_pci_priv {
+ void __iomem *mem_start;
+};
+
+
+/* FIX: do we need mb/wmb/rmb with memory operations? */
+
+
+static const struct pci_device_id prism2_pci_id_table[] = {
+ /* Intersil Prism3 ISL3872 11Mb/s WLAN Controller */
+ { 0x1260, 0x3872, PCI_ANY_ID, PCI_ANY_ID },
+ /* Intersil Prism2.5 ISL3874 11Mb/s WLAN Controller */
+ { 0x1260, 0x3873, PCI_ANY_ID, PCI_ANY_ID },
+ /* Samsung MagicLAN SWL-2210P */
+ { 0x167d, 0xa000, PCI_ANY_ID, PCI_ANY_ID },
+ { 0 }
+};
+
+
+#ifdef PRISM2_IO_DEBUG
+
+static inline void hfa384x_outb_debug(struct net_device *dev, int a, u8 v)
+{
+ struct hostap_interface *iface;
+ struct hostap_pci_priv *hw_priv;
+ local_info_t *local;
+ unsigned long flags;
+
+ iface = netdev_priv(dev);
+ local = iface->local;
+ hw_priv = local->hw_priv;
+
+ spin_lock_irqsave(&local->lock, flags);
+ prism2_io_debug_add(dev, PRISM2_IO_DEBUG_CMD_OUTB, a, v);
+ writeb(v, hw_priv->mem_start + a);
+ spin_unlock_irqrestore(&local->lock, flags);
+}
+
+static inline u8 hfa384x_inb_debug(struct net_device *dev, int a)
+{
+ struct hostap_interface *iface;
+ struct hostap_pci_priv *hw_priv;
+ local_info_t *local;
+ unsigned long flags;
+ u8 v;
+
+ iface = netdev_priv(dev);
+ local = iface->local;
+ hw_priv = local->hw_priv;
+
+ spin_lock_irqsave(&local->lock, flags);
+ v = readb(hw_priv->mem_start + a);
+ prism2_io_debug_add(dev, PRISM2_IO_DEBUG_CMD_INB, a, v);
+ spin_unlock_irqrestore(&local->lock, flags);
+ return v;
+}
+
+static inline void hfa384x_outw_debug(struct net_device *dev, int a, u16 v)
+{
+ struct hostap_interface *iface;
+ struct hostap_pci_priv *hw_priv;
+ local_info_t *local;
+ unsigned long flags;
+
+ iface = netdev_priv(dev);
+ local = iface->local;
+ hw_priv = local->hw_priv;
+
+ spin_lock_irqsave(&local->lock, flags);
+ prism2_io_debug_add(dev, PRISM2_IO_DEBUG_CMD_OUTW, a, v);
+ writew(v, hw_priv->mem_start + a);
+ spin_unlock_irqrestore(&local->lock, flags);
+}
+
+static inline u16 hfa384x_inw_debug(struct net_device *dev, int a)
+{
+ struct hostap_interface *iface;
+ struct hostap_pci_priv *hw_priv;
+ local_info_t *local;
+ unsigned long flags;
+ u16 v;
+
+ iface = netdev_priv(dev);
+ local = iface->local;
+ hw_priv = local->hw_priv;
+
+ spin_lock_irqsave(&local->lock, flags);
+ v = readw(hw_priv->mem_start + a);
+ prism2_io_debug_add(dev, PRISM2_IO_DEBUG_CMD_INW, a, v);
+ spin_unlock_irqrestore(&local->lock, flags);
+ return v;
+}
+
+#define HFA384X_OUTB(v,a) hfa384x_outb_debug(dev, (a), (v))
+#define HFA384X_INB(a) hfa384x_inb_debug(dev, (a))
+#define HFA384X_OUTW(v,a) hfa384x_outw_debug(dev, (a), (v))
+#define HFA384X_INW(a) hfa384x_inw_debug(dev, (a))
+#define HFA384X_OUTW_DATA(v,a) hfa384x_outw_debug(dev, (a), le16_to_cpu((v)))
+#define HFA384X_INW_DATA(a) cpu_to_le16(hfa384x_inw_debug(dev, (a)))
+
+#else /* PRISM2_IO_DEBUG */
+
+static inline void hfa384x_outb(struct net_device *dev, int a, u8 v)
+{
+ struct hostap_interface *iface;
+ struct hostap_pci_priv *hw_priv;
+ iface = netdev_priv(dev);
+ hw_priv = iface->local->hw_priv;
+ writeb(v, hw_priv->mem_start + a);
+}
+
+static inline u8 hfa384x_inb(struct net_device *dev, int a)
+{
+ struct hostap_interface *iface;
+ struct hostap_pci_priv *hw_priv;
+ iface = netdev_priv(dev);
+ hw_priv = iface->local->hw_priv;
+ return readb(hw_priv->mem_start + a);
+}
+
+static inline void hfa384x_outw(struct net_device *dev, int a, u16 v)
+{
+ struct hostap_interface *iface;
+ struct hostap_pci_priv *hw_priv;
+ iface = netdev_priv(dev);
+ hw_priv = iface->local->hw_priv;
+ writew(v, hw_priv->mem_start + a);
+}
+
+static inline u16 hfa384x_inw(struct net_device *dev, int a)
+{
+ struct hostap_interface *iface;
+ struct hostap_pci_priv *hw_priv;
+ iface = netdev_priv(dev);
+ hw_priv = iface->local->hw_priv;
+ return readw(hw_priv->mem_start + a);
+}
+
+#define HFA384X_OUTB(v,a) hfa384x_outb(dev, (a), (v))
+#define HFA384X_INB(a) hfa384x_inb(dev, (a))
+#define HFA384X_OUTW(v,a) hfa384x_outw(dev, (a), (v))
+#define HFA384X_INW(a) hfa384x_inw(dev, (a))
+#define HFA384X_OUTW_DATA(v,a) hfa384x_outw(dev, (a), le16_to_cpu((v)))
+#define HFA384X_INW_DATA(a) cpu_to_le16(hfa384x_inw(dev, (a)))
+
+#endif /* PRISM2_IO_DEBUG */
+
+
+static int hfa384x_from_bap(struct net_device *dev, u16 bap, void *buf,
+ int len)
+{
+ u16 d_off;
+ __le16 *pos;
+
+ d_off = (bap == 1) ? HFA384X_DATA1_OFF : HFA384X_DATA0_OFF;
+ pos = (__le16 *) buf;
+
+ for ( ; len > 1; len -= 2)
+ *pos++ = HFA384X_INW_DATA(d_off);
+
+ if (len & 1)
+ *((char *) pos) = HFA384X_INB(d_off);
+
+ return 0;
+}
+
+
+static int hfa384x_to_bap(struct net_device *dev, u16 bap, void *buf, int len)
+{
+ u16 d_off;
+ __le16 *pos;
+
+ d_off = (bap == 1) ? HFA384X_DATA1_OFF : HFA384X_DATA0_OFF;
+ pos = (__le16 *) buf;
+
+ for ( ; len > 1; len -= 2)
+ HFA384X_OUTW_DATA(*pos++, d_off);
+
+ if (len & 1)
+ HFA384X_OUTB(*((char *) pos), d_off);
+
+ return 0;
+}
+
+
+/* FIX: This might change at some point.. */
+#include "hostap_hw.c"
+
+static void prism2_pci_cor_sreset(local_info_t *local)
+{
+ struct net_device *dev = local->dev;
+ u16 reg;
+
+ reg = HFA384X_INB(HFA384X_PCICOR_OFF);
+ printk(KERN_DEBUG "%s: Original COR value: 0x%0x\n", dev->name, reg);
+
+ /* linux-wlan-ng uses extremely long hold and settle times for
+ * COR sreset. A comment in the driver code mentions that the long
+ * delays appear to be necessary. However, at least IBM 22P6901 seems
+ * to work fine with shorter delays.
+ *
+ * Longer delays can be configured by uncommenting following line: */
+/* #define PRISM2_PCI_USE_LONG_DELAYS */
+
+#ifdef PRISM2_PCI_USE_LONG_DELAYS
+ int i;
+
+ HFA384X_OUTW(reg | 0x0080, HFA384X_PCICOR_OFF);
+ mdelay(250);
+
+ HFA384X_OUTW(reg & ~0x0080, HFA384X_PCICOR_OFF);
+ mdelay(500);
+
+ /* Wait for f/w to complete initialization (CMD:BUSY == 0) */
+ i = 2000000 / 10;
+ while ((HFA384X_INW(HFA384X_CMD_OFF) & HFA384X_CMD_BUSY) && --i)
+ udelay(10);
+
+#else /* PRISM2_PCI_USE_LONG_DELAYS */
+
+ HFA384X_OUTW(reg | 0x0080, HFA384X_PCICOR_OFF);
+ mdelay(2);
+ HFA384X_OUTW(reg & ~0x0080, HFA384X_PCICOR_OFF);
+ mdelay(2);
+
+#endif /* PRISM2_PCI_USE_LONG_DELAYS */
+
+ if (HFA384X_INW(HFA384X_CMD_OFF) & HFA384X_CMD_BUSY) {
+ printk(KERN_DEBUG "%s: COR sreset timeout\n", dev->name);
+ }
+}
+
+
+static void prism2_pci_genesis_reset(local_info_t *local, int hcr)
+{
+ struct net_device *dev = local->dev;
+
+ HFA384X_OUTW(0x00C5, HFA384X_PCICOR_OFF);
+ mdelay(10);
+ HFA384X_OUTW(hcr, HFA384X_PCIHCR_OFF);
+ mdelay(10);
+ HFA384X_OUTW(0x0045, HFA384X_PCICOR_OFF);
+ mdelay(10);
+}
+
+
+static struct prism2_helper_functions prism2_pci_funcs =
+{
+ .card_present = NULL,
+ .cor_sreset = prism2_pci_cor_sreset,
+ .genesis_reset = prism2_pci_genesis_reset,
+ .hw_type = HOSTAP_HW_PCI,
+};
+
+
+static int prism2_pci_probe(struct pci_dev *pdev,
+ const struct pci_device_id *id)
+{
+ unsigned long phymem;
+ void __iomem *mem = NULL;
+ local_info_t *local = NULL;
+ struct net_device *dev = NULL;
+ static int cards_found /* = 0 */;
+ int irq_registered = 0;
+ struct hostap_interface *iface;
+ struct hostap_pci_priv *hw_priv;
+
+ hw_priv = kzalloc(sizeof(*hw_priv), GFP_KERNEL);
+ if (hw_priv == NULL)
+ return -ENOMEM;
+
+ if (pci_enable_device(pdev))
+ goto err_out_free;
+
+ phymem = pci_resource_start(pdev, 0);
+
+ if (!request_mem_region(phymem, pci_resource_len(pdev, 0), "Prism2")) {
+ printk(KERN_ERR "prism2: Cannot reserve PCI memory region\n");
+ goto err_out_disable;
+ }
+
+ mem = pci_ioremap_bar(pdev, 0);
+ if (mem == NULL) {
+ printk(KERN_ERR "prism2: Cannot remap PCI memory region\n") ;
+ goto fail;
+ }
+
+ dev = prism2_init_local_data(&prism2_pci_funcs, cards_found,
+ &pdev->dev);
+ if (dev == NULL)
+ goto fail;
+ iface = netdev_priv(dev);
+ local = iface->local;
+ local->hw_priv = hw_priv;
+ cards_found++;
+
+ dev->irq = pdev->irq;
+ hw_priv->mem_start = mem;
+ dev->base_addr = (unsigned long) mem;
+
+ prism2_pci_cor_sreset(local);
+
+ pci_set_drvdata(pdev, dev);
+
+ if (request_irq(dev->irq, prism2_interrupt, IRQF_SHARED, dev->name,
+ dev)) {
+ printk(KERN_WARNING "%s: request_irq failed\n", dev->name);
+ goto fail;
+ } else
+ irq_registered = 1;
+
+ if (!local->pri_only && prism2_hw_config(dev, 1)) {
+ printk(KERN_DEBUG "%s: hardware initialization failed\n",
+ dev_info);
+ goto fail;
+ }
+
+ printk(KERN_INFO "%s: Intersil Prism2.5 PCI: "
+ "mem=0x%lx, irq=%d\n", dev->name, phymem, dev->irq);
+
+ return hostap_hw_ready(dev);
+
+ fail:
+ if (irq_registered && dev)
+ free_irq(dev->irq, dev);
+
+ if (mem)
+ iounmap(mem);
+
+ release_mem_region(phymem, pci_resource_len(pdev, 0));
+
+ err_out_disable:
+ pci_disable_device(pdev);
+ prism2_free_local_data(dev);
+
+ err_out_free:
+ kfree(hw_priv);
+
+ return -ENODEV;
+}
+
+
+static void prism2_pci_remove(struct pci_dev *pdev)
+{
+ struct net_device *dev;
+ struct hostap_interface *iface;
+ void __iomem *mem_start;
+ struct hostap_pci_priv *hw_priv;
+
+ dev = pci_get_drvdata(pdev);
+ iface = netdev_priv(dev);
+ hw_priv = iface->local->hw_priv;
+
+ /* Reset the hardware, and ensure interrupts are disabled. */
+ prism2_pci_cor_sreset(iface->local);
+ hfa384x_disable_interrupts(dev);
+
+ if (dev->irq)
+ free_irq(dev->irq, dev);
+
+ mem_start = hw_priv->mem_start;
+ prism2_free_local_data(dev);
+ kfree(hw_priv);
+
+ iounmap(mem_start);
+
+ release_mem_region(pci_resource_start(pdev, 0),
+ pci_resource_len(pdev, 0));
+ pci_disable_device(pdev);
+}
+
+static int __maybe_unused prism2_pci_suspend(struct device *dev_d)
+{
+ struct net_device *dev = dev_get_drvdata(dev_d);
+
+ if (netif_running(dev)) {
+ netif_stop_queue(dev);
+ netif_device_detach(dev);
+ }
+ prism2_suspend(dev);
+
+ return 0;
+}
+
+static int __maybe_unused prism2_pci_resume(struct device *dev_d)
+{
+ struct net_device *dev = dev_get_drvdata(dev_d);
+
+ prism2_hw_config(dev, 0);
+ if (netif_running(dev)) {
+ netif_device_attach(dev);
+ netif_start_queue(dev);
+ }
+
+ return 0;
+}
+
+MODULE_DEVICE_TABLE(pci, prism2_pci_id_table);
+
+static SIMPLE_DEV_PM_OPS(prism2_pci_pm_ops,
+ prism2_pci_suspend,
+ prism2_pci_resume);
+
+static struct pci_driver prism2_pci_driver = {
+ .name = "hostap_pci",
+ .id_table = prism2_pci_id_table,
+ .probe = prism2_pci_probe,
+ .remove = prism2_pci_remove,
+ .driver.pm = &prism2_pci_pm_ops,
+};
+
+module_pci_driver(prism2_pci_driver);
diff --git a/drivers/net/wireless/intersil/hostap/hostap_plx.c b/drivers/net/wireless/intersil/hostap/hostap_plx.c
new file mode 100644
index 000000000..58247290f
--- /dev/null
+++ b/drivers/net/wireless/intersil/hostap/hostap_plx.c
@@ -0,0 +1,617 @@
+// SPDX-License-Identifier: GPL-2.0-only
+#define PRISM2_PLX
+
+/* Host AP driver's support for PC Cards on PCI adapters using PLX9052 is
+ * based on:
+ * - Host AP driver patch from james@madingley.org
+ * - linux-wlan-ng driver, Copyright (C) AbsoluteValue Systems, Inc.
+ */
+
+
+#include <linux/module.h>
+#include <linux/if.h>
+#include <linux/skbuff.h>
+#include <linux/netdevice.h>
+#include <linux/slab.h>
+#include <linux/workqueue.h>
+#include <linux/wireless.h>
+#include <net/iw_handler.h>
+
+#include <linux/ioport.h>
+#include <linux/pci.h>
+#include <asm/io.h>
+
+#include "hostap_wlan.h"
+
+
+static char *dev_info = "hostap_plx";
+
+
+MODULE_AUTHOR("Jouni Malinen");
+MODULE_DESCRIPTION("Support for Intersil Prism2-based 802.11 wireless LAN "
+ "cards (PLX).");
+MODULE_LICENSE("GPL");
+
+
+static int ignore_cis;
+module_param(ignore_cis, int, 0444);
+MODULE_PARM_DESC(ignore_cis, "Do not verify manfid information in CIS");
+
+
+/* struct local_info::hw_priv */
+struct hostap_plx_priv {
+ void __iomem *attr_mem;
+ unsigned int cor_offset;
+};
+
+
+#define PLX_MIN_ATTR_LEN 512 /* at least 2 x 256 is needed for CIS */
+#define COR_SRESET 0x80
+#define COR_LEVLREQ 0x40
+#define COR_ENABLE_FUNC 0x01
+/* PCI Configuration Registers */
+#define PLX_PCIIPR 0x3d /* PCI Interrupt Pin */
+/* Local Configuration Registers */
+#define PLX_INTCSR 0x4c /* Interrupt Control/Status Register */
+#define PLX_INTCSR_PCI_INTEN BIT(6) /* PCI Interrupt Enable */
+#define PLX_CNTRL 0x50
+#define PLX_CNTRL_SERIAL_EEPROM_PRESENT BIT(28)
+
+
+#define PLXDEV(vendor,dev,str) { vendor, dev, PCI_ANY_ID, PCI_ANY_ID }
+
+static const struct pci_device_id prism2_plx_id_table[] = {
+ PLXDEV(0x10b7, 0x7770, "3Com AirConnect PCI 777A"),
+ PLXDEV(0x111a, 0x1023, "Siemens SpeedStream SS1023"),
+ PLXDEV(0x126c, 0x8030, "Nortel emobility"),
+ PLXDEV(0x1562, 0x0001, "Symbol LA-4123"),
+ PLXDEV(0x1385, 0x4100, "Netgear MA301"),
+ PLXDEV(0x15e8, 0x0130, "National Datacomm NCP130 (PLX9052)"),
+ PLXDEV(0x15e8, 0x0131, "National Datacomm NCP130 (TMD7160)"),
+ PLXDEV(0x1638, 0x1100, "Eumitcom WL11000"),
+ PLXDEV(0x16ab, 0x1100, "Global Sun Tech GL24110P"),
+ PLXDEV(0x16ab, 0x1101, "Global Sun Tech GL24110P (?)"),
+ PLXDEV(0x16ab, 0x1102, "Linksys WPC11 with WDT11"),
+ PLXDEV(0x16ab, 0x1103, "Longshine 8031"),
+ PLXDEV(0x16ec, 0x3685, "US Robotics USR2415"),
+ PLXDEV(0xec80, 0xec00, "Belkin F5D6000"),
+ { 0 }
+};
+
+
+/* Array of known Prism2/2.5 PC Card manufactured ids. If your card's manfid
+ * is not listed here, you will need to add it here to get the driver
+ * initialized. */
+static struct prism2_plx_manfid {
+ u16 manfid1, manfid2;
+} prism2_plx_known_manfids[] = {
+ { 0x000b, 0x7110 } /* D-Link DWL-650 Rev. P1 */,
+ { 0x000b, 0x7300 } /* Philips 802.11b WLAN PCMCIA */,
+ { 0x0101, 0x0777 } /* 3Com AirConnect PCI 777A */,
+ { 0x0126, 0x8000 } /* Proxim RangeLAN */,
+ { 0x0138, 0x0002 } /* Compaq WL100 */,
+ { 0x0156, 0x0002 } /* Intersil Prism II Ref. Design (and others) */,
+ { 0x026f, 0x030b } /* Buffalo WLI-CF-S11G */,
+ { 0x0274, 0x1612 } /* Linksys WPC11 Ver 2.5 */,
+ { 0x0274, 0x1613 } /* Linksys WPC11 Ver 3 */,
+ { 0x028a, 0x0002 } /* D-Link DRC-650 */,
+ { 0x0250, 0x0002 } /* Samsung SWL2000-N */,
+ { 0xc250, 0x0002 } /* EMTAC A2424i */,
+ { 0xd601, 0x0002 } /* Z-Com XI300 */,
+ { 0xd601, 0x0005 } /* Zcomax XI-325H 200mW */,
+ { 0, 0}
+};
+
+
+#ifdef PRISM2_IO_DEBUG
+
+static inline void hfa384x_outb_debug(struct net_device *dev, int a, u8 v)
+{
+ struct hostap_interface *iface;
+ local_info_t *local;
+ unsigned long flags;
+
+ iface = netdev_priv(dev);
+ local = iface->local;
+
+ spin_lock_irqsave(&local->lock, flags);
+ prism2_io_debug_add(dev, PRISM2_IO_DEBUG_CMD_OUTB, a, v);
+ outb(v, dev->base_addr + a);
+ spin_unlock_irqrestore(&local->lock, flags);
+}
+
+static inline u8 hfa384x_inb_debug(struct net_device *dev, int a)
+{
+ struct hostap_interface *iface;
+ local_info_t *local;
+ unsigned long flags;
+ u8 v;
+
+ iface = netdev_priv(dev);
+ local = iface->local;
+
+ spin_lock_irqsave(&local->lock, flags);
+ v = inb(dev->base_addr + a);
+ prism2_io_debug_add(dev, PRISM2_IO_DEBUG_CMD_INB, a, v);
+ spin_unlock_irqrestore(&local->lock, flags);
+ return v;
+}
+
+static inline void hfa384x_outw_debug(struct net_device *dev, int a, u16 v)
+{
+ struct hostap_interface *iface;
+ local_info_t *local;
+ unsigned long flags;
+
+ iface = netdev_priv(dev);
+ local = iface->local;
+
+ spin_lock_irqsave(&local->lock, flags);
+ prism2_io_debug_add(dev, PRISM2_IO_DEBUG_CMD_OUTW, a, v);
+ outw(v, dev->base_addr + a);
+ spin_unlock_irqrestore(&local->lock, flags);
+}
+
+static inline u16 hfa384x_inw_debug(struct net_device *dev, int a)
+{
+ struct hostap_interface *iface;
+ local_info_t *local;
+ unsigned long flags;
+ u16 v;
+
+ iface = netdev_priv(dev);
+ local = iface->local;
+
+ spin_lock_irqsave(&local->lock, flags);
+ v = inw(dev->base_addr + a);
+ prism2_io_debug_add(dev, PRISM2_IO_DEBUG_CMD_INW, a, v);
+ spin_unlock_irqrestore(&local->lock, flags);
+ return v;
+}
+
+static inline void hfa384x_outsw_debug(struct net_device *dev, int a,
+ u8 *buf, int wc)
+{
+ struct hostap_interface *iface;
+ local_info_t *local;
+ unsigned long flags;
+
+ iface = netdev_priv(dev);
+ local = iface->local;
+
+ spin_lock_irqsave(&local->lock, flags);
+ prism2_io_debug_add(dev, PRISM2_IO_DEBUG_CMD_OUTSW, a, wc);
+ outsw(dev->base_addr + a, buf, wc);
+ spin_unlock_irqrestore(&local->lock, flags);
+}
+
+static inline void hfa384x_insw_debug(struct net_device *dev, int a,
+ u8 *buf, int wc)
+{
+ struct hostap_interface *iface;
+ local_info_t *local;
+ unsigned long flags;
+
+ iface = netdev_priv(dev);
+ local = iface->local;
+
+ spin_lock_irqsave(&local->lock, flags);
+ prism2_io_debug_add(dev, PRISM2_IO_DEBUG_CMD_INSW, a, wc);
+ insw(dev->base_addr + a, buf, wc);
+ spin_unlock_irqrestore(&local->lock, flags);
+}
+
+#define HFA384X_OUTB(v,a) hfa384x_outb_debug(dev, (a), (v))
+#define HFA384X_INB(a) hfa384x_inb_debug(dev, (a))
+#define HFA384X_OUTW(v,a) hfa384x_outw_debug(dev, (a), (v))
+#define HFA384X_INW(a) hfa384x_inw_debug(dev, (a))
+#define HFA384X_OUTSW(a, buf, wc) hfa384x_outsw_debug(dev, (a), (buf), (wc))
+#define HFA384X_INSW(a, buf, wc) hfa384x_insw_debug(dev, (a), (buf), (wc))
+
+#else /* PRISM2_IO_DEBUG */
+
+#define HFA384X_OUTB(v,a) outb((v), dev->base_addr + (a))
+#define HFA384X_INB(a) inb(dev->base_addr + (a))
+#define HFA384X_OUTW(v,a) outw((v), dev->base_addr + (a))
+#define HFA384X_INW(a) inw(dev->base_addr + (a))
+#define HFA384X_INSW(a, buf, wc) insw(dev->base_addr + (a), buf, wc)
+#define HFA384X_OUTSW(a, buf, wc) outsw(dev->base_addr + (a), buf, wc)
+
+#endif /* PRISM2_IO_DEBUG */
+
+
+static int hfa384x_from_bap(struct net_device *dev, u16 bap, void *buf,
+ int len)
+{
+ u16 d_off;
+ u16 *pos;
+
+ d_off = (bap == 1) ? HFA384X_DATA1_OFF : HFA384X_DATA0_OFF;
+ pos = (u16 *) buf;
+
+ if (len / 2)
+ HFA384X_INSW(d_off, buf, len / 2);
+ pos += len / 2;
+
+ if (len & 1)
+ *((char *) pos) = HFA384X_INB(d_off);
+
+ return 0;
+}
+
+
+static int hfa384x_to_bap(struct net_device *dev, u16 bap, void *buf, int len)
+{
+ u16 d_off;
+ u16 *pos;
+
+ d_off = (bap == 1) ? HFA384X_DATA1_OFF : HFA384X_DATA0_OFF;
+ pos = (u16 *) buf;
+
+ if (len / 2)
+ HFA384X_OUTSW(d_off, buf, len / 2);
+ pos += len / 2;
+
+ if (len & 1)
+ HFA384X_OUTB(*((char *) pos), d_off);
+
+ return 0;
+}
+
+
+/* FIX: This might change at some point.. */
+#include "hostap_hw.c"
+
+
+static void prism2_plx_cor_sreset(local_info_t *local)
+{
+ unsigned char corsave;
+ struct hostap_plx_priv *hw_priv = local->hw_priv;
+
+ printk(KERN_DEBUG "%s: Doing reset via direct COR access.\n",
+ dev_info);
+
+ /* Set sreset bit of COR and clear it after hold time */
+
+ if (hw_priv->attr_mem == NULL) {
+ /* TMD7160 - COR at card's first I/O addr */
+ corsave = inb(hw_priv->cor_offset);
+ outb(corsave | COR_SRESET, hw_priv->cor_offset);
+ mdelay(2);
+ outb(corsave & ~COR_SRESET, hw_priv->cor_offset);
+ mdelay(2);
+ } else {
+ /* PLX9052 */
+ corsave = readb(hw_priv->attr_mem + hw_priv->cor_offset);
+ writeb(corsave | COR_SRESET,
+ hw_priv->attr_mem + hw_priv->cor_offset);
+ mdelay(2);
+ writeb(corsave & ~COR_SRESET,
+ hw_priv->attr_mem + hw_priv->cor_offset);
+ mdelay(2);
+ }
+}
+
+
+static void prism2_plx_genesis_reset(local_info_t *local, int hcr)
+{
+ unsigned char corsave;
+ struct hostap_plx_priv *hw_priv = local->hw_priv;
+
+ if (hw_priv->attr_mem == NULL) {
+ /* TMD7160 - COR at card's first I/O addr */
+ corsave = inb(hw_priv->cor_offset);
+ outb(corsave | COR_SRESET, hw_priv->cor_offset);
+ mdelay(10);
+ outb(hcr, hw_priv->cor_offset + 2);
+ mdelay(10);
+ outb(corsave & ~COR_SRESET, hw_priv->cor_offset);
+ mdelay(10);
+ } else {
+ /* PLX9052 */
+ corsave = readb(hw_priv->attr_mem + hw_priv->cor_offset);
+ writeb(corsave | COR_SRESET,
+ hw_priv->attr_mem + hw_priv->cor_offset);
+ mdelay(10);
+ writeb(hcr, hw_priv->attr_mem + hw_priv->cor_offset + 2);
+ mdelay(10);
+ writeb(corsave & ~COR_SRESET,
+ hw_priv->attr_mem + hw_priv->cor_offset);
+ mdelay(10);
+ }
+}
+
+
+static struct prism2_helper_functions prism2_plx_funcs =
+{
+ .card_present = NULL,
+ .cor_sreset = prism2_plx_cor_sreset,
+ .genesis_reset = prism2_plx_genesis_reset,
+ .hw_type = HOSTAP_HW_PLX,
+};
+
+
+static int prism2_plx_check_cis(void __iomem *attr_mem, int attr_len,
+ unsigned int *cor_offset,
+ unsigned int *cor_index)
+{
+#define CISTPL_CONFIG 0x1A
+#define CISTPL_MANFID 0x20
+#define CISTPL_END 0xFF
+#define CIS_MAX_LEN 256
+ u8 *cis;
+ int i, pos;
+ unsigned int rmsz, rasz, manfid1, manfid2;
+ struct prism2_plx_manfid *manfid;
+
+ cis = kmalloc(CIS_MAX_LEN, GFP_KERNEL);
+ if (cis == NULL)
+ return -ENOMEM;
+
+ /* read CIS; it is in even offsets in the beginning of attr_mem */
+ for (i = 0; i < CIS_MAX_LEN; i++)
+ cis[i] = readb(attr_mem + 2 * i);
+ printk(KERN_DEBUG "%s: CIS: %6ph ...\n", dev_info, cis);
+
+ /* set reasonable defaults for Prism2 cards just in case CIS parsing
+ * fails */
+ *cor_offset = 0x3e0;
+ *cor_index = 0x01;
+ manfid1 = manfid2 = 0;
+
+ pos = 0;
+ while (pos < CIS_MAX_LEN - 1 && cis[pos] != CISTPL_END) {
+ if (pos + 2 + cis[pos + 1] > CIS_MAX_LEN)
+ goto cis_error;
+
+ switch (cis[pos]) {
+ case CISTPL_CONFIG:
+ if (cis[pos + 1] < 2)
+ goto cis_error;
+ rmsz = (cis[pos + 2] & 0x3c) >> 2;
+ rasz = cis[pos + 2] & 0x03;
+ if (4 + rasz + rmsz > cis[pos + 1])
+ goto cis_error;
+ *cor_index = cis[pos + 3] & 0x3F;
+ *cor_offset = 0;
+ for (i = 0; i <= rasz; i++)
+ *cor_offset += cis[pos + 4 + i] << (8 * i);
+ printk(KERN_DEBUG "%s: cor_index=0x%x "
+ "cor_offset=0x%x\n", dev_info,
+ *cor_index, *cor_offset);
+ if (*cor_offset > attr_len) {
+ printk(KERN_ERR "%s: COR offset not within "
+ "attr_mem\n", dev_info);
+ kfree(cis);
+ return -1;
+ }
+ break;
+
+ case CISTPL_MANFID:
+ if (cis[pos + 1] < 4)
+ goto cis_error;
+ manfid1 = cis[pos + 2] + (cis[pos + 3] << 8);
+ manfid2 = cis[pos + 4] + (cis[pos + 5] << 8);
+ printk(KERN_DEBUG "%s: manfid=0x%04x, 0x%04x\n",
+ dev_info, manfid1, manfid2);
+ break;
+ }
+
+ pos += cis[pos + 1] + 2;
+ }
+
+ if (pos >= CIS_MAX_LEN || cis[pos] != CISTPL_END)
+ goto cis_error;
+
+ for (manfid = prism2_plx_known_manfids; manfid->manfid1 != 0; manfid++)
+ if (manfid1 == manfid->manfid1 && manfid2 == manfid->manfid2) {
+ kfree(cis);
+ return 0;
+ }
+
+ printk(KERN_INFO "%s: unknown manfid 0x%04x, 0x%04x - assuming this is"
+ " not supported card\n", dev_info, manfid1, manfid2);
+ goto fail;
+
+ cis_error:
+ printk(KERN_WARNING "%s: invalid CIS data\n", dev_info);
+
+ fail:
+ kfree(cis);
+ if (ignore_cis) {
+ printk(KERN_INFO "%s: ignore_cis parameter set - ignoring "
+ "errors during CIS verification\n", dev_info);
+ return 0;
+ }
+ return -1;
+}
+
+
+static int prism2_plx_probe(struct pci_dev *pdev,
+ const struct pci_device_id *id)
+{
+ unsigned int pccard_ioaddr, plx_ioaddr;
+ unsigned long pccard_attr_mem;
+ unsigned int pccard_attr_len;
+ void __iomem *attr_mem = NULL;
+ unsigned int cor_offset = 0, cor_index = 0;
+ u32 reg;
+ local_info_t *local = NULL;
+ struct net_device *dev = NULL;
+ struct hostap_interface *iface;
+ static int cards_found /* = 0 */;
+ int irq_registered = 0;
+ int tmd7160;
+ struct hostap_plx_priv *hw_priv;
+
+ hw_priv = kzalloc(sizeof(*hw_priv), GFP_KERNEL);
+ if (hw_priv == NULL)
+ return -ENOMEM;
+
+ if (pci_enable_device(pdev))
+ goto err_out_free;
+
+ /* National Datacomm NCP130 based on TMD7160, not PLX9052. */
+ tmd7160 = (pdev->vendor == 0x15e8) && (pdev->device == 0x0131);
+
+ plx_ioaddr = pci_resource_start(pdev, 1);
+ pccard_ioaddr = pci_resource_start(pdev, tmd7160 ? 2 : 3);
+
+ if (tmd7160) {
+ /* TMD7160 */
+ attr_mem = NULL; /* no access to PC Card attribute memory */
+
+ printk(KERN_INFO "TMD7160 PCI/PCMCIA adapter: io=0x%x, "
+ "irq=%d, pccard_io=0x%x\n",
+ plx_ioaddr, pdev->irq, pccard_ioaddr);
+
+ cor_offset = plx_ioaddr;
+ cor_index = 0x04;
+
+ outb(cor_index | COR_LEVLREQ | COR_ENABLE_FUNC, plx_ioaddr);
+ mdelay(1);
+ reg = inb(plx_ioaddr);
+ if (reg != (cor_index | COR_LEVLREQ | COR_ENABLE_FUNC)) {
+ printk(KERN_ERR "%s: Error setting COR (expected="
+ "0x%02x, was=0x%02x)\n", dev_info,
+ cor_index | COR_LEVLREQ | COR_ENABLE_FUNC, reg);
+ goto fail;
+ }
+ } else {
+ /* PLX9052 */
+ pccard_attr_mem = pci_resource_start(pdev, 2);
+ pccard_attr_len = pci_resource_len(pdev, 2);
+ if (pccard_attr_len < PLX_MIN_ATTR_LEN)
+ goto fail;
+
+
+ attr_mem = ioremap(pccard_attr_mem, pccard_attr_len);
+ if (attr_mem == NULL) {
+ printk(KERN_ERR "%s: cannot remap attr_mem\n",
+ dev_info);
+ goto fail;
+ }
+
+ printk(KERN_INFO "PLX9052 PCI/PCMCIA adapter: "
+ "mem=0x%lx, plx_io=0x%x, irq=%d, pccard_io=0x%x\n",
+ pccard_attr_mem, plx_ioaddr, pdev->irq, pccard_ioaddr);
+
+ if (prism2_plx_check_cis(attr_mem, pccard_attr_len,
+ &cor_offset, &cor_index)) {
+ printk(KERN_INFO "Unknown PC Card CIS - not a "
+ "Prism2/2.5 card?\n");
+ goto fail;
+ }
+
+ printk(KERN_DEBUG "Prism2/2.5 PC Card detected in PLX9052 "
+ "adapter\n");
+
+ /* Write COR to enable PC Card */
+ writeb(cor_index | COR_LEVLREQ | COR_ENABLE_FUNC,
+ attr_mem + cor_offset);
+
+ /* Enable PCI interrupts if they are not already enabled */
+ reg = inl(plx_ioaddr + PLX_INTCSR);
+ printk(KERN_DEBUG "PLX_INTCSR=0x%x\n", reg);
+ if (!(reg & PLX_INTCSR_PCI_INTEN)) {
+ outl(reg | PLX_INTCSR_PCI_INTEN,
+ plx_ioaddr + PLX_INTCSR);
+ if (!(inl(plx_ioaddr + PLX_INTCSR) &
+ PLX_INTCSR_PCI_INTEN)) {
+ printk(KERN_WARNING "%s: Could not enable "
+ "Local Interrupts\n", dev_info);
+ goto fail;
+ }
+ }
+
+ reg = inl(plx_ioaddr + PLX_CNTRL);
+ printk(KERN_DEBUG "PLX_CNTRL=0x%x (Serial EEPROM "
+ "present=%d)\n",
+ reg, (reg & PLX_CNTRL_SERIAL_EEPROM_PRESENT) != 0);
+ /* should set PLX_PCIIPR to 0x01 (INTA#) if Serial EEPROM is
+ * not present; but are there really such cards in use(?) */
+ }
+
+ dev = prism2_init_local_data(&prism2_plx_funcs, cards_found,
+ &pdev->dev);
+ if (dev == NULL)
+ goto fail;
+ iface = netdev_priv(dev);
+ local = iface->local;
+ local->hw_priv = hw_priv;
+ cards_found++;
+
+ dev->irq = pdev->irq;
+ dev->base_addr = pccard_ioaddr;
+ hw_priv->attr_mem = attr_mem;
+ hw_priv->cor_offset = cor_offset;
+
+ pci_set_drvdata(pdev, dev);
+
+ if (request_irq(dev->irq, prism2_interrupt, IRQF_SHARED, dev->name,
+ dev)) {
+ printk(KERN_WARNING "%s: request_irq failed\n", dev->name);
+ goto fail;
+ } else
+ irq_registered = 1;
+
+ if (prism2_hw_config(dev, 1)) {
+ printk(KERN_DEBUG "%s: hardware initialization failed\n",
+ dev_info);
+ goto fail;
+ }
+
+ return hostap_hw_ready(dev);
+
+ fail:
+ if (irq_registered && dev)
+ free_irq(dev->irq, dev);
+
+ if (attr_mem)
+ iounmap(attr_mem);
+
+ pci_disable_device(pdev);
+ prism2_free_local_data(dev);
+
+ err_out_free:
+ kfree(hw_priv);
+
+ return -ENODEV;
+}
+
+
+static void prism2_plx_remove(struct pci_dev *pdev)
+{
+ struct net_device *dev;
+ struct hostap_interface *iface;
+ struct hostap_plx_priv *hw_priv;
+
+ dev = pci_get_drvdata(pdev);
+ iface = netdev_priv(dev);
+ hw_priv = iface->local->hw_priv;
+
+ /* Reset the hardware, and ensure interrupts are disabled. */
+ prism2_plx_cor_sreset(iface->local);
+ hfa384x_disable_interrupts(dev);
+
+ if (hw_priv->attr_mem)
+ iounmap(hw_priv->attr_mem);
+ if (dev->irq)
+ free_irq(dev->irq, dev);
+
+ prism2_free_local_data(dev);
+ kfree(hw_priv);
+ pci_disable_device(pdev);
+}
+
+
+MODULE_DEVICE_TABLE(pci, prism2_plx_id_table);
+
+static struct pci_driver prism2_plx_driver = {
+ .name = "hostap_plx",
+ .id_table = prism2_plx_id_table,
+ .probe = prism2_plx_probe,
+ .remove = prism2_plx_remove,
+};
+
+module_pci_driver(prism2_plx_driver);
diff --git a/drivers/net/wireless/intersil/hostap/hostap_proc.c b/drivers/net/wireless/intersil/hostap/hostap_proc.c
new file mode 100644
index 000000000..61f687860
--- /dev/null
+++ b/drivers/net/wireless/intersil/hostap/hostap_proc.c
@@ -0,0 +1,411 @@
+// SPDX-License-Identifier: GPL-2.0
+/* /proc routines for Host AP driver */
+
+#include <linux/types.h>
+#include <linux/proc_fs.h>
+#include <linux/export.h>
+#include <net/lib80211.h>
+
+#include "hostap_wlan.h"
+#include "hostap.h"
+
+#define PROC_LIMIT (PAGE_SIZE - 80)
+
+#if !defined(PRISM2_NO_PROCFS_DEBUG) && defined(CONFIG_PROC_FS)
+static int prism2_debug_proc_show(struct seq_file *m, void *v)
+{
+ local_info_t *local = m->private;
+ int i;
+
+ seq_printf(m, "next_txfid=%d next_alloc=%d\n",
+ local->next_txfid, local->next_alloc);
+ for (i = 0; i < PRISM2_TXFID_COUNT; i++)
+ seq_printf(m, "FID: tx=%04X intransmit=%04X\n",
+ local->txfid[i], local->intransmitfid[i]);
+ seq_printf(m, "FW TX rate control: %d\n", local->fw_tx_rate_control);
+ seq_printf(m, "beacon_int=%d\n", local->beacon_int);
+ seq_printf(m, "dtim_period=%d\n", local->dtim_period);
+ seq_printf(m, "wds_max_connections=%d\n", local->wds_max_connections);
+ seq_printf(m, "dev_enabled=%d\n", local->dev_enabled);
+ seq_printf(m, "sw_tick_stuck=%d\n", local->sw_tick_stuck);
+ for (i = 0; i < WEP_KEYS; i++) {
+ if (local->crypt_info.crypt[i] &&
+ local->crypt_info.crypt[i]->ops) {
+ seq_printf(m, "crypt[%d]=%s\n", i,
+ local->crypt_info.crypt[i]->ops->name);
+ }
+ }
+ seq_printf(m, "pri_only=%d\n", local->pri_only);
+ seq_printf(m, "pci=%d\n", local->func->hw_type == HOSTAP_HW_PCI);
+ seq_printf(m, "sram_type=%d\n", local->sram_type);
+ seq_printf(m, "no_pri=%d\n", local->no_pri);
+
+ return 0;
+}
+#endif
+
+#ifdef CONFIG_PROC_FS
+static int prism2_stats_proc_show(struct seq_file *m, void *v)
+{
+ local_info_t *local = m->private;
+ struct comm_tallies_sums *sums = &local->comm_tallies;
+
+ seq_printf(m, "TxUnicastFrames=%u\n", sums->tx_unicast_frames);
+ seq_printf(m, "TxMulticastframes=%u\n", sums->tx_multicast_frames);
+ seq_printf(m, "TxFragments=%u\n", sums->tx_fragments);
+ seq_printf(m, "TxUnicastOctets=%u\n", sums->tx_unicast_octets);
+ seq_printf(m, "TxMulticastOctets=%u\n", sums->tx_multicast_octets);
+ seq_printf(m, "TxDeferredTransmissions=%u\n",
+ sums->tx_deferred_transmissions);
+ seq_printf(m, "TxSingleRetryFrames=%u\n", sums->tx_single_retry_frames);
+ seq_printf(m, "TxMultipleRetryFrames=%u\n",
+ sums->tx_multiple_retry_frames);
+ seq_printf(m, "TxRetryLimitExceeded=%u\n",
+ sums->tx_retry_limit_exceeded);
+ seq_printf(m, "TxDiscards=%u\n", sums->tx_discards);
+ seq_printf(m, "RxUnicastFrames=%u\n", sums->rx_unicast_frames);
+ seq_printf(m, "RxMulticastFrames=%u\n", sums->rx_multicast_frames);
+ seq_printf(m, "RxFragments=%u\n", sums->rx_fragments);
+ seq_printf(m, "RxUnicastOctets=%u\n", sums->rx_unicast_octets);
+ seq_printf(m, "RxMulticastOctets=%u\n", sums->rx_multicast_octets);
+ seq_printf(m, "RxFCSErrors=%u\n", sums->rx_fcs_errors);
+ seq_printf(m, "RxDiscardsNoBuffer=%u\n", sums->rx_discards_no_buffer);
+ seq_printf(m, "TxDiscardsWrongSA=%u\n", sums->tx_discards_wrong_sa);
+ seq_printf(m, "RxDiscardsWEPUndecryptable=%u\n",
+ sums->rx_discards_wep_undecryptable);
+ seq_printf(m, "RxMessageInMsgFragments=%u\n",
+ sums->rx_message_in_msg_fragments);
+ seq_printf(m, "RxMessageInBadMsgFragments=%u\n",
+ sums->rx_message_in_bad_msg_fragments);
+ /* FIX: this may grow too long for one page(?) */
+
+ return 0;
+}
+#endif
+
+static int prism2_wds_proc_show(struct seq_file *m, void *v)
+{
+ struct list_head *ptr = v;
+ struct hostap_interface *iface;
+
+ iface = list_entry(ptr, struct hostap_interface, list);
+ if (iface->type == HOSTAP_INTERFACE_WDS)
+ seq_printf(m, "%s\t%pM\n",
+ iface->dev->name, iface->u.wds.remote_addr);
+ return 0;
+}
+
+static void *prism2_wds_proc_start(struct seq_file *m, loff_t *_pos)
+{
+ local_info_t *local = pde_data(file_inode(m->file));
+ read_lock_bh(&local->iface_lock);
+ return seq_list_start(&local->hostap_interfaces, *_pos);
+}
+
+static void *prism2_wds_proc_next(struct seq_file *m, void *v, loff_t *_pos)
+{
+ local_info_t *local = pde_data(file_inode(m->file));
+ return seq_list_next(v, &local->hostap_interfaces, _pos);
+}
+
+static void prism2_wds_proc_stop(struct seq_file *m, void *v)
+{
+ local_info_t *local = pde_data(file_inode(m->file));
+ read_unlock_bh(&local->iface_lock);
+}
+
+static const struct seq_operations prism2_wds_proc_seqops = {
+ .start = prism2_wds_proc_start,
+ .next = prism2_wds_proc_next,
+ .stop = prism2_wds_proc_stop,
+ .show = prism2_wds_proc_show,
+};
+
+static int prism2_bss_list_proc_show(struct seq_file *m, void *v)
+{
+ local_info_t *local = pde_data(file_inode(m->file));
+ struct list_head *ptr = v;
+ struct hostap_bss_info *bss;
+
+ if (ptr == &local->bss_list) {
+ seq_printf(m, "#BSSID\tlast_update\tcount\tcapab_info\tSSID(txt)\t"
+ "SSID(hex)\tWPA IE\n");
+ return 0;
+ }
+
+ bss = list_entry(ptr, struct hostap_bss_info, list);
+ seq_printf(m, "%pM\t%lu\t%u\t0x%x\t",
+ bss->bssid, bss->last_update,
+ bss->count, bss->capab_info);
+
+ seq_printf(m, "%*pE", (int)bss->ssid_len, bss->ssid);
+
+ seq_putc(m, '\t');
+ seq_printf(m, "%*phN", (int)bss->ssid_len, bss->ssid);
+ seq_putc(m, '\t');
+ seq_printf(m, "%*phN", (int)bss->wpa_ie_len, bss->wpa_ie);
+ seq_putc(m, '\n');
+ return 0;
+}
+
+static void *prism2_bss_list_proc_start(struct seq_file *m, loff_t *_pos)
+ __acquires(&local->lock)
+{
+ local_info_t *local = pde_data(file_inode(m->file));
+ spin_lock_bh(&local->lock);
+ return seq_list_start_head(&local->bss_list, *_pos);
+}
+
+static void *prism2_bss_list_proc_next(struct seq_file *m, void *v, loff_t *_pos)
+{
+ local_info_t *local = pde_data(file_inode(m->file));
+ return seq_list_next(v, &local->bss_list, _pos);
+}
+
+static void prism2_bss_list_proc_stop(struct seq_file *m, void *v)
+ __releases(&local->lock)
+{
+ local_info_t *local = pde_data(file_inode(m->file));
+ spin_unlock_bh(&local->lock);
+}
+
+static const struct seq_operations prism2_bss_list_proc_seqops = {
+ .start = prism2_bss_list_proc_start,
+ .next = prism2_bss_list_proc_next,
+ .stop = prism2_bss_list_proc_stop,
+ .show = prism2_bss_list_proc_show,
+};
+
+#ifdef CONFIG_PROC_FS
+static int prism2_crypt_proc_show(struct seq_file *m, void *v)
+{
+ local_info_t *local = m->private;
+ int i;
+
+ seq_printf(m, "tx_keyidx=%d\n", local->crypt_info.tx_keyidx);
+ for (i = 0; i < WEP_KEYS; i++) {
+ if (local->crypt_info.crypt[i] &&
+ local->crypt_info.crypt[i]->ops &&
+ local->crypt_info.crypt[i]->ops->print_stats) {
+ local->crypt_info.crypt[i]->ops->print_stats(
+ m, local->crypt_info.crypt[i]->priv);
+ }
+ }
+ return 0;
+}
+#endif
+
+static ssize_t prism2_pda_proc_read(struct file *file, char __user *buf,
+ size_t count, loff_t *_pos)
+{
+ local_info_t *local = pde_data(file_inode(file));
+ size_t off;
+
+ if (local->pda == NULL || *_pos >= PRISM2_PDA_SIZE)
+ return 0;
+
+ off = *_pos;
+ if (count > PRISM2_PDA_SIZE - off)
+ count = PRISM2_PDA_SIZE - off;
+ if (copy_to_user(buf, local->pda + off, count) != 0)
+ return -EFAULT;
+ *_pos += count;
+ return count;
+}
+
+static const struct proc_ops prism2_pda_proc_ops = {
+ .proc_read = prism2_pda_proc_read,
+ .proc_lseek = generic_file_llseek,
+};
+
+
+static ssize_t prism2_aux_dump_proc_no_read(struct file *file, char __user *buf,
+ size_t bufsize, loff_t *_pos)
+{
+ return 0;
+}
+
+static const struct proc_ops prism2_aux_dump_proc_ops = {
+ .proc_read = prism2_aux_dump_proc_no_read,
+ .proc_lseek = default_llseek,
+};
+
+
+#ifdef PRISM2_IO_DEBUG
+static int prism2_io_debug_proc_read(char *page, char **start, off_t off,
+ int count, int *eof, void *data)
+{
+ local_info_t *local = (local_info_t *) data;
+ int head = local->io_debug_head;
+ int start_bytes, left, copy;
+
+ if (off + count > PRISM2_IO_DEBUG_SIZE * 4) {
+ *eof = 1;
+ if (off >= PRISM2_IO_DEBUG_SIZE * 4)
+ return 0;
+ count = PRISM2_IO_DEBUG_SIZE * 4 - off;
+ }
+
+ start_bytes = (PRISM2_IO_DEBUG_SIZE - head) * 4;
+ left = count;
+
+ if (off < start_bytes) {
+ copy = start_bytes - off;
+ if (copy > count)
+ copy = count;
+ memcpy(page, ((u8 *) &local->io_debug[head]) + off, copy);
+ left -= copy;
+ if (left > 0)
+ memcpy(&page[copy], local->io_debug, left);
+ } else {
+ memcpy(page, ((u8 *) local->io_debug) + (off - start_bytes),
+ left);
+ }
+
+ *start = page;
+
+ return count;
+}
+#endif /* PRISM2_IO_DEBUG */
+
+
+#ifndef PRISM2_NO_STATION_MODES
+static int prism2_scan_results_proc_show(struct seq_file *m, void *v)
+{
+ local_info_t *local = pde_data(file_inode(m->file));
+ unsigned long entry;
+ int i, len;
+ struct hfa384x_hostscan_result *scanres;
+ u8 *p;
+
+ if (v == SEQ_START_TOKEN) {
+ seq_printf(m,
+ "CHID ANL SL BcnInt Capab Rate BSSID ATIM SupRates SSID\n");
+ return 0;
+ }
+
+ entry = (unsigned long)v - 2;
+ scanres = &local->last_scan_results[entry];
+
+ seq_printf(m, "%d %d %d %d 0x%02x %d %pM %d ",
+ le16_to_cpu(scanres->chid),
+ (s16) le16_to_cpu(scanres->anl),
+ (s16) le16_to_cpu(scanres->sl),
+ le16_to_cpu(scanres->beacon_interval),
+ le16_to_cpu(scanres->capability),
+ le16_to_cpu(scanres->rate),
+ scanres->bssid,
+ le16_to_cpu(scanres->atim));
+
+ p = scanres->sup_rates;
+ for (i = 0; i < sizeof(scanres->sup_rates); i++) {
+ if (p[i] == 0)
+ break;
+ seq_printf(m, "<%02x>", p[i]);
+ }
+ seq_putc(m, ' ');
+
+ p = scanres->ssid;
+ len = le16_to_cpu(scanres->ssid_len);
+ if (len > 32)
+ len = 32;
+ for (i = 0; i < len; i++) {
+ unsigned char c = p[i];
+ if (c >= 32 && c < 127)
+ seq_putc(m, c);
+ else
+ seq_printf(m, "<%02x>", c);
+ }
+ seq_putc(m, '\n');
+ return 0;
+}
+
+static void *prism2_scan_results_proc_start(struct seq_file *m, loff_t *_pos)
+{
+ local_info_t *local = pde_data(file_inode(m->file));
+ spin_lock_bh(&local->lock);
+
+ /* We have a header (pos 0) + N results to show (pos 1...N) */
+ if (*_pos > local->last_scan_results_count)
+ return NULL;
+ return (void *)(unsigned long)(*_pos + 1); /* 0 would be EOF */
+}
+
+static void *prism2_scan_results_proc_next(struct seq_file *m, void *v, loff_t *_pos)
+{
+ local_info_t *local = pde_data(file_inode(m->file));
+
+ ++*_pos;
+ if (*_pos > local->last_scan_results_count)
+ return NULL;
+ return (void *)(unsigned long)(*_pos + 1); /* 0 would be EOF */
+}
+
+static void prism2_scan_results_proc_stop(struct seq_file *m, void *v)
+{
+ local_info_t *local = pde_data(file_inode(m->file));
+ spin_unlock_bh(&local->lock);
+}
+
+static const struct seq_operations prism2_scan_results_proc_seqops = {
+ .start = prism2_scan_results_proc_start,
+ .next = prism2_scan_results_proc_next,
+ .stop = prism2_scan_results_proc_stop,
+ .show = prism2_scan_results_proc_show,
+};
+#endif /* PRISM2_NO_STATION_MODES */
+
+
+void hostap_init_proc(local_info_t *local)
+{
+ local->proc = NULL;
+
+ if (hostap_proc == NULL) {
+ printk(KERN_WARNING "%s: hostap proc directory not created\n",
+ local->dev->name);
+ return;
+ }
+
+ local->proc = proc_mkdir(local->ddev->name, hostap_proc);
+ if (local->proc == NULL) {
+ printk(KERN_INFO "/proc/net/hostap/%s creation failed\n",
+ local->ddev->name);
+ return;
+ }
+
+#ifndef PRISM2_NO_PROCFS_DEBUG
+ proc_create_single_data("debug", 0, local->proc,
+ prism2_debug_proc_show, local);
+#endif /* PRISM2_NO_PROCFS_DEBUG */
+ proc_create_single_data("stats", 0, local->proc, prism2_stats_proc_show,
+ local);
+ proc_create_seq_data("wds", 0, local->proc,
+ &prism2_wds_proc_seqops, local);
+ proc_create_data("pda", 0, local->proc,
+ &prism2_pda_proc_ops, local);
+ proc_create_data("aux_dump", 0, local->proc,
+ local->func->read_aux_proc_ops ?: &prism2_aux_dump_proc_ops,
+ local);
+ proc_create_seq_data("bss_list", 0, local->proc,
+ &prism2_bss_list_proc_seqops, local);
+ proc_create_single_data("crypt", 0, local->proc, prism2_crypt_proc_show,
+ local);
+#ifdef PRISM2_IO_DEBUG
+ proc_create_single_data("io_debug", 0, local->proc,
+ prism2_debug_proc_show, local);
+#endif /* PRISM2_IO_DEBUG */
+#ifndef PRISM2_NO_STATION_MODES
+ proc_create_seq_data("scan_results", 0, local->proc,
+ &prism2_scan_results_proc_seqops, local);
+#endif /* PRISM2_NO_STATION_MODES */
+}
+
+
+void hostap_remove_proc(local_info_t *local)
+{
+ proc_remove(local->proc);
+}
+
+
+EXPORT_SYMBOL(hostap_init_proc);
+EXPORT_SYMBOL(hostap_remove_proc);
diff --git a/drivers/net/wireless/intersil/hostap/hostap_wlan.h b/drivers/net/wireless/intersil/hostap/hostap_wlan.h
new file mode 100644
index 000000000..c25cd21d1
--- /dev/null
+++ b/drivers/net/wireless/intersil/hostap/hostap_wlan.h
@@ -0,0 +1,1051 @@
+/* SPDX-License-Identifier: GPL-2.0 */
+#ifndef HOSTAP_WLAN_H
+#define HOSTAP_WLAN_H
+
+#include <linux/interrupt.h>
+#include <linux/wireless.h>
+#include <linux/netdevice.h>
+#include <linux/etherdevice.h>
+#include <linux/mutex.h>
+#include <linux/refcount.h>
+#include <net/iw_handler.h>
+#include <net/ieee80211_radiotap.h>
+#include <net/lib80211.h>
+
+#include "hostap_config.h"
+#include "hostap_common.h"
+
+#define MAX_PARM_DEVICES 8
+#define PARM_MIN_MAX "1-" __MODULE_STRING(MAX_PARM_DEVICES)
+#define DEF_INTS -1, -1, -1, -1, -1, -1, -1
+#define GET_INT_PARM(var,idx) var[var[idx] < 0 ? 0 : idx]
+
+
+/* Specific skb->protocol value that indicates that the packet already contains
+ * txdesc header.
+ * FIX: This might need own value that would be allocated especially for Prism2
+ * txdesc; ETH_P_CONTROL is commented as "Card specific control frames".
+ * However, these skb's should have only minimal path in the kernel side since
+ * prism2_send_mgmt() sends these with dev_queue_xmit() to prism2_tx(). */
+#define ETH_P_HOSTAP ETH_P_CONTROL
+
+/* ARPHRD_IEEE80211_PRISM uses a bloated version of Prism2 RX frame header
+ * (from linux-wlan-ng) */
+struct linux_wlan_ng_val {
+ u32 did;
+ u16 status, len;
+ u32 data;
+} __packed;
+
+struct linux_wlan_ng_prism_hdr {
+ u32 msgcode, msglen;
+ char devname[16];
+ struct linux_wlan_ng_val hosttime, mactime, channel, rssi, sq, signal,
+ noise, rate, istx, frmlen;
+} __packed;
+
+struct linux_wlan_ng_cap_hdr {
+ __be32 version;
+ __be32 length;
+ __be64 mactime;
+ __be64 hosttime;
+ __be32 phytype;
+ __be32 channel;
+ __be32 datarate;
+ __be32 antenna;
+ __be32 priority;
+ __be32 ssi_type;
+ __be32 ssi_signal;
+ __be32 ssi_noise;
+ __be32 preamble;
+ __be32 encoding;
+} __packed;
+
+struct hostap_radiotap_rx {
+ struct ieee80211_radiotap_header hdr;
+ __le64 tsft;
+ u8 rate;
+ u8 padding;
+ __le16 chan_freq;
+ __le16 chan_flags;
+ s8 dbm_antsignal;
+ s8 dbm_antnoise;
+} __packed;
+
+#define LWNG_CAP_DID_BASE (4 | (1 << 6)) /* section 4, group 1 */
+#define LWNG_CAPHDR_VERSION 0x80211001
+
+struct hfa384x_rx_frame {
+ /* HFA384X RX frame descriptor */
+ __le16 status; /* HFA384X_RX_STATUS_ flags */
+ __le32 time; /* timestamp, 1 microsecond resolution */
+ u8 silence; /* 27 .. 154; seems to be 0 */
+ u8 signal; /* 27 .. 154 */
+ u8 rate; /* 10, 20, 55, or 110 */
+ u8 rxflow;
+ __le32 reserved;
+
+ /* 802.11 */
+ __le16 frame_control;
+ __le16 duration_id;
+ u8 addr1[ETH_ALEN];
+ u8 addr2[ETH_ALEN];
+ u8 addr3[ETH_ALEN];
+ __le16 seq_ctrl;
+ u8 addr4[ETH_ALEN];
+ __le16 data_len;
+
+ /* 802.3 */
+ u8 dst_addr[ETH_ALEN];
+ u8 src_addr[ETH_ALEN];
+ __be16 len;
+
+ /* followed by frame data; max 2304 bytes */
+} __packed;
+
+
+struct hfa384x_tx_frame {
+ /* HFA384X TX frame descriptor */
+ __le16 status; /* HFA384X_TX_STATUS_ flags */
+ __le16 reserved1;
+ __le16 reserved2;
+ __le32 sw_support;
+ u8 retry_count; /* not yet implemented */
+ u8 tx_rate; /* Host AP only; 0 = firmware, or 10, 20, 55, 110 */
+ __le16 tx_control; /* HFA384X_TX_CTRL_ flags */
+
+ /* 802.11 */
+ struct_group(header,
+ __le16 frame_control; /* parts not used */
+ __le16 duration_id;
+ u8 addr1[ETH_ALEN];
+ u8 addr2[ETH_ALEN]; /* filled by firmware */
+ u8 addr3[ETH_ALEN];
+ __le16 seq_ctrl; /* filled by firmware */
+ );
+ u8 addr4[ETH_ALEN];
+ __le16 data_len;
+
+ /* 802.3 */
+ u8 dst_addr[ETH_ALEN];
+ u8 src_addr[ETH_ALEN];
+ __be16 len;
+
+ /* followed by frame data; max 2304 bytes */
+} __packed;
+
+
+struct hfa384x_rid_hdr
+{
+ __le16 len;
+ __le16 rid;
+} __packed;
+
+
+/* Macro for converting signal levels (range 27 .. 154) to wireless ext
+ * dBm value with some accuracy */
+#define HFA384X_LEVEL_TO_dBm(v) 0x100 + (v) * 100 / 255 - 100
+
+#define HFA384X_LEVEL_TO_dBm_sign(v) (v) * 100 / 255 - 100
+
+struct hfa384x_scan_request {
+ __le16 channel_list;
+ __le16 txrate; /* HFA384X_RATES_* */
+} __packed;
+
+struct hfa384x_hostscan_request {
+ __le16 channel_list;
+ __le16 txrate;
+ __le16 target_ssid_len;
+ u8 target_ssid[32];
+} __packed;
+
+struct hfa384x_join_request {
+ u8 bssid[ETH_ALEN];
+ __le16 channel;
+} __packed;
+
+struct hfa384x_info_frame {
+ __le16 len;
+ __le16 type;
+} __packed;
+
+struct hfa384x_comm_tallies {
+ __le16 tx_unicast_frames;
+ __le16 tx_multicast_frames;
+ __le16 tx_fragments;
+ __le16 tx_unicast_octets;
+ __le16 tx_multicast_octets;
+ __le16 tx_deferred_transmissions;
+ __le16 tx_single_retry_frames;
+ __le16 tx_multiple_retry_frames;
+ __le16 tx_retry_limit_exceeded;
+ __le16 tx_discards;
+ __le16 rx_unicast_frames;
+ __le16 rx_multicast_frames;
+ __le16 rx_fragments;
+ __le16 rx_unicast_octets;
+ __le16 rx_multicast_octets;
+ __le16 rx_fcs_errors;
+ __le16 rx_discards_no_buffer;
+ __le16 tx_discards_wrong_sa;
+ __le16 rx_discards_wep_undecryptable;
+ __le16 rx_message_in_msg_fragments;
+ __le16 rx_message_in_bad_msg_fragments;
+} __packed;
+
+struct hfa384x_comm_tallies32 {
+ __le32 tx_unicast_frames;
+ __le32 tx_multicast_frames;
+ __le32 tx_fragments;
+ __le32 tx_unicast_octets;
+ __le32 tx_multicast_octets;
+ __le32 tx_deferred_transmissions;
+ __le32 tx_single_retry_frames;
+ __le32 tx_multiple_retry_frames;
+ __le32 tx_retry_limit_exceeded;
+ __le32 tx_discards;
+ __le32 rx_unicast_frames;
+ __le32 rx_multicast_frames;
+ __le32 rx_fragments;
+ __le32 rx_unicast_octets;
+ __le32 rx_multicast_octets;
+ __le32 rx_fcs_errors;
+ __le32 rx_discards_no_buffer;
+ __le32 tx_discards_wrong_sa;
+ __le32 rx_discards_wep_undecryptable;
+ __le32 rx_message_in_msg_fragments;
+ __le32 rx_message_in_bad_msg_fragments;
+} __packed;
+
+struct hfa384x_scan_result_hdr {
+ __le16 reserved;
+ __le16 scan_reason;
+#define HFA384X_SCAN_IN_PROGRESS 0 /* no results available yet */
+#define HFA384X_SCAN_HOST_INITIATED 1
+#define HFA384X_SCAN_FIRMWARE_INITIATED 2
+#define HFA384X_SCAN_INQUIRY_FROM_HOST 3
+} __packed;
+
+#define HFA384X_SCAN_MAX_RESULTS 32
+
+struct hfa384x_scan_result {
+ __le16 chid;
+ __le16 anl;
+ __le16 sl;
+ u8 bssid[ETH_ALEN];
+ __le16 beacon_interval;
+ __le16 capability;
+ __le16 ssid_len;
+ u8 ssid[32];
+ u8 sup_rates[10];
+ __le16 rate;
+} __packed;
+
+struct hfa384x_hostscan_result {
+ __le16 chid;
+ __le16 anl;
+ __le16 sl;
+ u8 bssid[ETH_ALEN];
+ __le16 beacon_interval;
+ __le16 capability;
+ __le16 ssid_len;
+ u8 ssid[32];
+ u8 sup_rates[10];
+ __le16 rate;
+ __le16 atim;
+} __packed;
+
+struct comm_tallies_sums {
+ unsigned int tx_unicast_frames;
+ unsigned int tx_multicast_frames;
+ unsigned int tx_fragments;
+ unsigned int tx_unicast_octets;
+ unsigned int tx_multicast_octets;
+ unsigned int tx_deferred_transmissions;
+ unsigned int tx_single_retry_frames;
+ unsigned int tx_multiple_retry_frames;
+ unsigned int tx_retry_limit_exceeded;
+ unsigned int tx_discards;
+ unsigned int rx_unicast_frames;
+ unsigned int rx_multicast_frames;
+ unsigned int rx_fragments;
+ unsigned int rx_unicast_octets;
+ unsigned int rx_multicast_octets;
+ unsigned int rx_fcs_errors;
+ unsigned int rx_discards_no_buffer;
+ unsigned int tx_discards_wrong_sa;
+ unsigned int rx_discards_wep_undecryptable;
+ unsigned int rx_message_in_msg_fragments;
+ unsigned int rx_message_in_bad_msg_fragments;
+};
+
+
+struct hfa384x_regs {
+ u16 cmd;
+ u16 evstat;
+ u16 offset0;
+ u16 offset1;
+ u16 swsupport0;
+};
+
+
+#if defined(PRISM2_PCCARD) || defined(PRISM2_PLX)
+/* I/O ports for HFA384X Controller access */
+#define HFA384X_CMD_OFF 0x00
+#define HFA384X_PARAM0_OFF 0x02
+#define HFA384X_PARAM1_OFF 0x04
+#define HFA384X_PARAM2_OFF 0x06
+#define HFA384X_STATUS_OFF 0x08
+#define HFA384X_RESP0_OFF 0x0A
+#define HFA384X_RESP1_OFF 0x0C
+#define HFA384X_RESP2_OFF 0x0E
+#define HFA384X_INFOFID_OFF 0x10
+#define HFA384X_CONTROL_OFF 0x14
+#define HFA384X_SELECT0_OFF 0x18
+#define HFA384X_SELECT1_OFF 0x1A
+#define HFA384X_OFFSET0_OFF 0x1C
+#define HFA384X_OFFSET1_OFF 0x1E
+#define HFA384X_RXFID_OFF 0x20
+#define HFA384X_ALLOCFID_OFF 0x22
+#define HFA384X_TXCOMPLFID_OFF 0x24
+#define HFA384X_SWSUPPORT0_OFF 0x28
+#define HFA384X_SWSUPPORT1_OFF 0x2A
+#define HFA384X_SWSUPPORT2_OFF 0x2C
+#define HFA384X_EVSTAT_OFF 0x30
+#define HFA384X_INTEN_OFF 0x32
+#define HFA384X_EVACK_OFF 0x34
+#define HFA384X_DATA0_OFF 0x36
+#define HFA384X_DATA1_OFF 0x38
+#define HFA384X_AUXPAGE_OFF 0x3A
+#define HFA384X_AUXOFFSET_OFF 0x3C
+#define HFA384X_AUXDATA_OFF 0x3E
+#endif /* PRISM2_PCCARD || PRISM2_PLX */
+
+#ifdef PRISM2_PCI
+/* Memory addresses for ISL3874 controller access */
+#define HFA384X_CMD_OFF 0x00
+#define HFA384X_PARAM0_OFF 0x04
+#define HFA384X_PARAM1_OFF 0x08
+#define HFA384X_PARAM2_OFF 0x0C
+#define HFA384X_STATUS_OFF 0x10
+#define HFA384X_RESP0_OFF 0x14
+#define HFA384X_RESP1_OFF 0x18
+#define HFA384X_RESP2_OFF 0x1C
+#define HFA384X_INFOFID_OFF 0x20
+#define HFA384X_CONTROL_OFF 0x28
+#define HFA384X_SELECT0_OFF 0x30
+#define HFA384X_SELECT1_OFF 0x34
+#define HFA384X_OFFSET0_OFF 0x38
+#define HFA384X_OFFSET1_OFF 0x3C
+#define HFA384X_RXFID_OFF 0x40
+#define HFA384X_ALLOCFID_OFF 0x44
+#define HFA384X_TXCOMPLFID_OFF 0x48
+#define HFA384X_PCICOR_OFF 0x4C
+#define HFA384X_SWSUPPORT0_OFF 0x50
+#define HFA384X_SWSUPPORT1_OFF 0x54
+#define HFA384X_SWSUPPORT2_OFF 0x58
+#define HFA384X_PCIHCR_OFF 0x5C
+#define HFA384X_EVSTAT_OFF 0x60
+#define HFA384X_INTEN_OFF 0x64
+#define HFA384X_EVACK_OFF 0x68
+#define HFA384X_DATA0_OFF 0x6C
+#define HFA384X_DATA1_OFF 0x70
+#define HFA384X_AUXPAGE_OFF 0x74
+#define HFA384X_AUXOFFSET_OFF 0x78
+#define HFA384X_AUXDATA_OFF 0x7C
+#define HFA384X_PCI_M0_ADDRH_OFF 0x80
+#define HFA384X_PCI_M0_ADDRL_OFF 0x84
+#define HFA384X_PCI_M0_LEN_OFF 0x88
+#define HFA384X_PCI_M0_CTL_OFF 0x8C
+#define HFA384X_PCI_STATUS_OFF 0x98
+#define HFA384X_PCI_M1_ADDRH_OFF 0xA0
+#define HFA384X_PCI_M1_ADDRL_OFF 0xA4
+#define HFA384X_PCI_M1_LEN_OFF 0xA8
+#define HFA384X_PCI_M1_CTL_OFF 0xAC
+
+/* PCI bus master control bits (these are undocumented; based on guessing and
+ * experimenting..) */
+#define HFA384X_PCI_CTL_FROM_BAP (BIT(5) | BIT(1) | BIT(0))
+#define HFA384X_PCI_CTL_TO_BAP (BIT(5) | BIT(0))
+
+#endif /* PRISM2_PCI */
+
+
+/* Command codes for CMD reg. */
+#define HFA384X_CMDCODE_INIT 0x00
+#define HFA384X_CMDCODE_ENABLE 0x01
+#define HFA384X_CMDCODE_DISABLE 0x02
+#define HFA384X_CMDCODE_ALLOC 0x0A
+#define HFA384X_CMDCODE_TRANSMIT 0x0B
+#define HFA384X_CMDCODE_INQUIRE 0x11
+#define HFA384X_CMDCODE_ACCESS 0x21
+#define HFA384X_CMDCODE_ACCESS_WRITE (0x21 | BIT(8))
+#define HFA384X_CMDCODE_DOWNLOAD 0x22
+#define HFA384X_CMDCODE_READMIF 0x30
+#define HFA384X_CMDCODE_WRITEMIF 0x31
+#define HFA384X_CMDCODE_TEST 0x38
+
+#define HFA384X_CMDCODE_MASK 0x3F
+
+/* Test mode operations */
+#define HFA384X_TEST_CHANGE_CHANNEL 0x08
+#define HFA384X_TEST_MONITOR 0x0B
+#define HFA384X_TEST_STOP 0x0F
+#define HFA384X_TEST_CFG_BITS 0x15
+#define HFA384X_TEST_CFG_BIT_ALC BIT(3)
+
+#define HFA384X_CMD_BUSY BIT(15)
+
+#define HFA384X_CMD_TX_RECLAIM BIT(8)
+
+#define HFA384X_OFFSET_ERR BIT(14)
+#define HFA384X_OFFSET_BUSY BIT(15)
+
+
+/* ProgMode for download command */
+#define HFA384X_PROGMODE_DISABLE 0
+#define HFA384X_PROGMODE_ENABLE_VOLATILE 1
+#define HFA384X_PROGMODE_ENABLE_NON_VOLATILE 2
+#define HFA384X_PROGMODE_PROGRAM_NON_VOLATILE 3
+
+#define HFA384X_AUX_MAGIC0 0xfe01
+#define HFA384X_AUX_MAGIC1 0xdc23
+#define HFA384X_AUX_MAGIC2 0xba45
+
+#define HFA384X_AUX_PORT_DISABLED 0
+#define HFA384X_AUX_PORT_DISABLE BIT(14)
+#define HFA384X_AUX_PORT_ENABLE BIT(15)
+#define HFA384X_AUX_PORT_ENABLED (BIT(14) | BIT(15))
+#define HFA384X_AUX_PORT_MASK (BIT(14) | BIT(15))
+
+#define PRISM2_PDA_SIZE 1024
+
+
+/* Events; EvStat, Interrupt mask (IntEn), and acknowledge bits (EvAck) */
+#define HFA384X_EV_TICK BIT(15)
+#define HFA384X_EV_WTERR BIT(14)
+#define HFA384X_EV_INFDROP BIT(13)
+#ifdef PRISM2_PCI
+#define HFA384X_EV_PCI_M1 BIT(9)
+#define HFA384X_EV_PCI_M0 BIT(8)
+#endif /* PRISM2_PCI */
+#define HFA384X_EV_INFO BIT(7)
+#define HFA384X_EV_DTIM BIT(5)
+#define HFA384X_EV_CMD BIT(4)
+#define HFA384X_EV_ALLOC BIT(3)
+#define HFA384X_EV_TXEXC BIT(2)
+#define HFA384X_EV_TX BIT(1)
+#define HFA384X_EV_RX BIT(0)
+
+
+/* HFA384X Information frames */
+#define HFA384X_INFO_HANDOVERADDR 0xF000 /* AP f/w ? */
+#define HFA384X_INFO_HANDOVERDEAUTHADDR 0xF001 /* AP f/w 1.3.7 */
+#define HFA384X_INFO_COMMTALLIES 0xF100
+#define HFA384X_INFO_SCANRESULTS 0xF101
+#define HFA384X_INFO_CHANNELINFORESULTS 0xF102 /* AP f/w only */
+#define HFA384X_INFO_HOSTSCANRESULTS 0xF103
+#define HFA384X_INFO_LINKSTATUS 0xF200
+#define HFA384X_INFO_ASSOCSTATUS 0xF201 /* ? */
+#define HFA384X_INFO_AUTHREQ 0xF202 /* ? */
+#define HFA384X_INFO_PSUSERCNT 0xF203 /* ? */
+#define HFA384X_INFO_KEYIDCHANGED 0xF204 /* ? */
+
+enum { HFA384X_LINKSTATUS_CONNECTED = 1,
+ HFA384X_LINKSTATUS_DISCONNECTED = 2,
+ HFA384X_LINKSTATUS_AP_CHANGE = 3,
+ HFA384X_LINKSTATUS_AP_OUT_OF_RANGE = 4,
+ HFA384X_LINKSTATUS_AP_IN_RANGE = 5,
+ HFA384X_LINKSTATUS_ASSOC_FAILED = 6 };
+
+enum { HFA384X_PORTTYPE_BSS = 1, HFA384X_PORTTYPE_WDS = 2,
+ HFA384X_PORTTYPE_PSEUDO_IBSS = 3, HFA384X_PORTTYPE_IBSS = 0,
+ HFA384X_PORTTYPE_HOSTAP = 6 };
+
+#define HFA384X_RATES_1MBPS BIT(0)
+#define HFA384X_RATES_2MBPS BIT(1)
+#define HFA384X_RATES_5MBPS BIT(2)
+#define HFA384X_RATES_11MBPS BIT(3)
+
+#define HFA384X_ROAMING_FIRMWARE 1
+#define HFA384X_ROAMING_HOST 2
+#define HFA384X_ROAMING_DISABLED 3
+
+#define HFA384X_WEPFLAGS_PRIVACYINVOKED BIT(0)
+#define HFA384X_WEPFLAGS_EXCLUDEUNENCRYPTED BIT(1)
+#define HFA384X_WEPFLAGS_HOSTENCRYPT BIT(4)
+#define HFA384X_WEPFLAGS_HOSTDECRYPT BIT(7)
+
+#define HFA384X_RX_STATUS_MSGTYPE (BIT(15) | BIT(14) | BIT(13))
+#define HFA384X_RX_STATUS_PCF BIT(12)
+#define HFA384X_RX_STATUS_MACPORT (BIT(10) | BIT(9) | BIT(8))
+#define HFA384X_RX_STATUS_UNDECR BIT(1)
+#define HFA384X_RX_STATUS_FCSERR BIT(0)
+
+#define HFA384X_RX_STATUS_GET_MSGTYPE(s) \
+(((s) & HFA384X_RX_STATUS_MSGTYPE) >> 13)
+#define HFA384X_RX_STATUS_GET_MACPORT(s) \
+(((s) & HFA384X_RX_STATUS_MACPORT) >> 8)
+
+enum { HFA384X_RX_MSGTYPE_NORMAL = 0, HFA384X_RX_MSGTYPE_RFC1042 = 1,
+ HFA384X_RX_MSGTYPE_BRIDGETUNNEL = 2, HFA384X_RX_MSGTYPE_MGMT = 4 };
+
+
+#define HFA384X_TX_CTRL_ALT_RTRY BIT(5)
+#define HFA384X_TX_CTRL_802_11 BIT(3)
+#define HFA384X_TX_CTRL_802_3 0
+#define HFA384X_TX_CTRL_TX_EX BIT(2)
+#define HFA384X_TX_CTRL_TX_OK BIT(1)
+
+#define HFA384X_TX_STATUS_RETRYERR BIT(0)
+#define HFA384X_TX_STATUS_AGEDERR BIT(1)
+#define HFA384X_TX_STATUS_DISCON BIT(2)
+#define HFA384X_TX_STATUS_FORMERR BIT(3)
+
+/* HFA3861/3863 (BBP) Control Registers */
+#define HFA386X_CR_TX_CONFIGURE 0x12 /* CR9 */
+#define HFA386X_CR_RX_CONFIGURE 0x14 /* CR10 */
+#define HFA386X_CR_A_D_TEST_MODES2 0x1A /* CR13 */
+#define HFA386X_CR_MANUAL_TX_POWER 0x3E /* CR31 */
+#define HFA386X_CR_MEASURED_TX_POWER 0x74 /* CR58 */
+
+
+#ifdef __KERNEL__
+
+#define PRISM2_TXFID_COUNT 8
+#define PRISM2_DATA_MAXLEN 2304
+#define PRISM2_TXFID_LEN (PRISM2_DATA_MAXLEN + sizeof(struct hfa384x_tx_frame))
+#define PRISM2_TXFID_EMPTY 0xffff
+#define PRISM2_TXFID_RESERVED 0xfffe
+#define PRISM2_DUMMY_FID 0xffff
+#define MAX_SSID_LEN 32
+#define MAX_NAME_LEN 32 /* this is assumed to be equal to MAX_SSID_LEN */
+
+#define PRISM2_DUMP_RX_HDR BIT(0)
+#define PRISM2_DUMP_TX_HDR BIT(1)
+#define PRISM2_DUMP_TXEXC_HDR BIT(2)
+
+struct hostap_tx_callback_info {
+ u16 idx;
+ void (*func)(struct sk_buff *, int ok, void *);
+ void *data;
+ struct hostap_tx_callback_info *next;
+};
+
+
+/* IEEE 802.11 requires that STA supports concurrent reception of at least
+ * three fragmented frames. This define can be increased to support more
+ * concurrent frames, but it should be noted that each entry can consume about
+ * 2 kB of RAM and increasing cache size will slow down frame reassembly. */
+#define PRISM2_FRAG_CACHE_LEN 4
+
+struct prism2_frag_entry {
+ unsigned long first_frag_time;
+ unsigned int seq;
+ unsigned int last_frag;
+ struct sk_buff *skb;
+ u8 src_addr[ETH_ALEN];
+ u8 dst_addr[ETH_ALEN];
+};
+
+
+struct hostap_cmd_queue {
+ struct list_head list;
+ wait_queue_head_t compl;
+ volatile enum { CMD_SLEEP, CMD_CALLBACK, CMD_COMPLETED } type;
+ void (*callback)(struct net_device *dev, long context, u16 resp0,
+ u16 res);
+ long context;
+ u16 cmd, param0, param1;
+ u16 resp0, res;
+ volatile int issued, issuing;
+
+ refcount_t usecnt;
+ int del_req;
+};
+
+/* options for hw_shutdown */
+#define HOSTAP_HW_NO_DISABLE BIT(0)
+#define HOSTAP_HW_ENABLE_CMDCOMPL BIT(1)
+
+typedef struct local_info local_info_t;
+
+struct prism2_helper_functions {
+ /* these functions are defined in hardware model specific files
+ * (hostap_{cs,plx,pci}.c */
+ int (*card_present)(local_info_t *local);
+ void (*cor_sreset)(local_info_t *local);
+ void (*genesis_reset)(local_info_t *local, int hcr);
+
+ /* the following functions are from hostap_hw.c, but they may have some
+ * hardware model specific code */
+
+ /* FIX: low-level commands like cmd might disappear at some point to
+ * make it easier to change them if needed (e.g., cmd would be replaced
+ * with write_mif/read_mif/testcmd/inquire); at least get_rid and
+ * set_rid might move to hostap_{cs,plx,pci}.c */
+ int (*cmd)(struct net_device *dev, u16 cmd, u16 param0, u16 *param1,
+ u16 *resp0);
+ void (*read_regs)(struct net_device *dev, struct hfa384x_regs *regs);
+ int (*get_rid)(struct net_device *dev, u16 rid, void *buf, int len,
+ int exact_len);
+ int (*set_rid)(struct net_device *dev, u16 rid, void *buf, int len);
+ int (*hw_enable)(struct net_device *dev, int initial);
+ int (*hw_config)(struct net_device *dev, int initial);
+ void (*hw_reset)(struct net_device *dev);
+ void (*hw_shutdown)(struct net_device *dev, int no_disable);
+ int (*reset_port)(struct net_device *dev);
+ void (*schedule_reset)(local_info_t *local);
+ int (*download)(local_info_t *local,
+ struct prism2_download_param *param);
+ int (*tx)(struct sk_buff *skb, struct net_device *dev);
+ int (*set_tim)(struct net_device *dev, int aid, int set);
+ const struct proc_ops *read_aux_proc_ops;
+
+ int need_tx_headroom; /* number of bytes of headroom needed before
+ * IEEE 802.11 header */
+ enum { HOSTAP_HW_PCCARD, HOSTAP_HW_PLX, HOSTAP_HW_PCI } hw_type;
+};
+
+
+struct prism2_download_data {
+ u32 dl_cmd;
+ u32 start_addr;
+ u32 num_areas;
+ struct prism2_download_data_area {
+ u32 addr; /* wlan card address */
+ u32 len;
+ u8 *data; /* allocated data */
+ } data[];
+};
+
+
+#define HOSTAP_MAX_BSS_COUNT 64
+#define MAX_WPA_IE_LEN 64
+
+struct hostap_bss_info {
+ struct list_head list;
+ unsigned long last_update;
+ unsigned int count;
+ u8 bssid[ETH_ALEN];
+ u16 capab_info;
+ u8 ssid[32];
+ size_t ssid_len;
+ u8 wpa_ie[MAX_WPA_IE_LEN];
+ size_t wpa_ie_len;
+ u8 rsn_ie[MAX_WPA_IE_LEN];
+ size_t rsn_ie_len;
+ int chan;
+ int included;
+};
+
+
+/* Per radio private Host AP data - shared by all net devices interfaces used
+ * by each radio (wlan#, wlan#ap, wlan#sta, WDS).
+ * ((struct hostap_interface *) netdev_priv(dev))->local points to this
+ * structure. */
+struct local_info {
+ struct module *hw_module;
+ int card_idx;
+ int dev_enabled;
+ int master_dev_auto_open; /* was master device opened automatically */
+ int num_dev_open; /* number of open devices */
+ struct net_device *dev; /* master radio device */
+ struct net_device *ddev; /* main data device */
+ struct list_head hostap_interfaces; /* Host AP interface list (contains
+ * struct hostap_interface entries)
+ */
+ rwlock_t iface_lock; /* hostap_interfaces read lock; use write lock
+ * when removing entries from the list.
+ * TX and RX paths can use read lock. */
+ spinlock_t cmdlock, baplock, lock, irq_init_lock;
+ struct mutex rid_bap_mtx;
+ u16 infofid; /* MAC buffer id for info frame */
+ /* txfid, intransmitfid, next_txtid, and next_alloc are protected by
+ * txfidlock */
+ spinlock_t txfidlock;
+ int txfid_len; /* length of allocated TX buffers */
+ u16 txfid[PRISM2_TXFID_COUNT]; /* buffer IDs for TX frames */
+ /* buffer IDs for intransmit frames or PRISM2_TXFID_EMPTY if
+ * corresponding txfid is free for next TX frame */
+ u16 intransmitfid[PRISM2_TXFID_COUNT];
+ int next_txfid; /* index to the next txfid to be checked for
+ * availability */
+ int next_alloc; /* index to the next intransmitfid to be checked for
+ * allocation events */
+
+ /* bitfield for atomic bitops */
+#define HOSTAP_BITS_TRANSMIT 0
+#define HOSTAP_BITS_BAP_TASKLET 1
+#define HOSTAP_BITS_BAP_TASKLET2 2
+ unsigned long bits;
+
+ struct ap_data *ap;
+
+ char essid[MAX_SSID_LEN + 1];
+ char name[MAX_NAME_LEN + 1];
+ int name_set;
+ u16 channel_mask; /* mask of allowed channels */
+ u16 scan_channel_mask; /* mask of channels to be scanned */
+ struct comm_tallies_sums comm_tallies;
+ struct proc_dir_entry *proc;
+ int iw_mode; /* operating mode (IW_MODE_*) */
+ int pseudo_adhoc; /* 0: IW_MODE_ADHOC is real 802.11 compliant IBSS
+ * 1: IW_MODE_ADHOC is "pseudo IBSS" */
+ char bssid[ETH_ALEN];
+ int channel;
+ int beacon_int;
+ int dtim_period;
+ int mtu;
+ int frame_dump; /* dump RX/TX frame headers, PRISM2_DUMP_ flags */
+ int fw_tx_rate_control;
+ u16 tx_rate_control;
+ u16 basic_rates;
+ int hw_resetting;
+ int hw_ready;
+ int hw_reset_tries; /* how many times reset has been tried */
+ int hw_downloading;
+ int shutdown;
+ int pri_only;
+ int no_pri; /* no PRI f/w present */
+ int sram_type; /* 8 = x8 SRAM, 16 = x16 SRAM, -1 = unknown */
+
+ enum {
+ PRISM2_TXPOWER_AUTO = 0, PRISM2_TXPOWER_OFF,
+ PRISM2_TXPOWER_FIXED, PRISM2_TXPOWER_UNKNOWN
+ } txpower_type;
+ int txpower; /* if txpower_type == PRISM2_TXPOWER_FIXED */
+
+ /* command queue for hfa384x_cmd(); protected with cmdlock */
+ struct list_head cmd_queue;
+ /* max_len for cmd_queue; in addition, cmd_callback can use two
+ * additional entries to prevent sleeping commands from stopping
+ * transmits */
+#define HOSTAP_CMD_QUEUE_MAX_LEN 16
+ int cmd_queue_len; /* number of entries in cmd_queue */
+
+ /* if card timeout is detected in interrupt context, reset_queue is
+ * used to schedule card reseting to be done in user context */
+ struct work_struct reset_queue;
+
+ /* For scheduling a change of the promiscuous mode RID */
+ int is_promisc;
+ struct work_struct set_multicast_list_queue;
+
+ struct work_struct set_tim_queue;
+ struct list_head set_tim_list;
+ spinlock_t set_tim_lock;
+
+ int wds_max_connections;
+ int wds_connections;
+#define HOSTAP_WDS_BROADCAST_RA BIT(0)
+#define HOSTAP_WDS_AP_CLIENT BIT(1)
+#define HOSTAP_WDS_STANDARD_FRAME BIT(2)
+ u32 wds_type;
+ u16 tx_control; /* flags to be used in TX description */
+ int manual_retry_count; /* -1 = use f/w default; otherwise retry count
+ * to be used with all frames */
+
+ struct iw_statistics wstats;
+ unsigned long scan_timestamp; /* Time started to scan */
+ enum {
+ PRISM2_MONITOR_80211 = 0, PRISM2_MONITOR_PRISM = 1,
+ PRISM2_MONITOR_CAPHDR = 2, PRISM2_MONITOR_RADIOTAP = 3
+ } monitor_type;
+ int monitor_allow_fcserr;
+
+ int hostapd; /* whether user space daemon, hostapd, is used for AP
+ * management */
+ int hostapd_sta; /* whether hostapd is used with an extra STA interface
+ */
+ struct net_device *apdev;
+ struct net_device_stats apdevstats;
+
+ char assoc_ap_addr[ETH_ALEN];
+ struct net_device *stadev;
+ struct net_device_stats stadevstats;
+
+#define WEP_KEYS 4
+#define WEP_KEY_LEN 13
+ struct lib80211_crypt_info crypt_info;
+
+ int open_wep; /* allow unencrypted frames */
+ int host_encrypt;
+ int host_decrypt;
+ int privacy_invoked; /* force privacy invoked flag even if no keys are
+ * configured */
+ int fw_encrypt_ok; /* whether firmware-based WEP encrypt is working
+ * in Host AP mode (STA f/w 1.4.9 or newer) */
+ int bcrx_sta_key; /* use individual keys to override default keys even
+ * with RX of broad/multicast frames */
+
+ struct prism2_frag_entry frag_cache[PRISM2_FRAG_CACHE_LEN];
+ unsigned int frag_next_idx;
+
+ int ieee_802_1x; /* is IEEE 802.1X used */
+
+ int antsel_tx, antsel_rx;
+ int rts_threshold; /* dot11RTSThreshold */
+ int fragm_threshold; /* dot11FragmentationThreshold */
+ int auth_algs; /* PRISM2_AUTH_ flags */
+
+ int enh_sec; /* cnfEnhSecurity options (broadcast SSID hide/ignore) */
+ int tallies32; /* 32-bit tallies in use */
+
+ struct prism2_helper_functions *func;
+
+ u8 *pda;
+ int fw_ap;
+#define PRISM2_FW_VER(major, minor, variant) \
+(((major) << 16) | ((minor) << 8) | variant)
+ u32 sta_fw_ver;
+
+ /* Tasklets for handling hardware IRQ related operations outside hw IRQ
+ * handler */
+ struct tasklet_struct bap_tasklet;
+
+ struct tasklet_struct info_tasklet;
+ struct sk_buff_head info_list; /* info frames as skb's for
+ * info_tasklet */
+
+ struct hostap_tx_callback_info *tx_callback; /* registered TX callbacks
+ */
+
+ struct tasklet_struct rx_tasklet;
+ struct sk_buff_head rx_list;
+
+ struct tasklet_struct sta_tx_exc_tasklet;
+ struct sk_buff_head sta_tx_exc_list;
+
+ int host_roaming;
+ unsigned long last_join_time; /* time of last JoinRequest */
+ struct hfa384x_hostscan_result *last_scan_results;
+ int last_scan_results_count;
+ enum { PRISM2_SCAN, PRISM2_HOSTSCAN } last_scan_type;
+ struct work_struct info_queue;
+ unsigned long pending_info; /* bit field of pending info_queue items */
+#define PRISM2_INFO_PENDING_LINKSTATUS 0
+#define PRISM2_INFO_PENDING_SCANRESULTS 1
+ int prev_link_status; /* previous received LinkStatus info */
+ int prev_linkstatus_connected;
+ u8 preferred_ap[ETH_ALEN]; /* use this AP if possible */
+
+#ifdef PRISM2_CALLBACK
+ void *callback_data; /* Can be used in callbacks; e.g., allocate
+ * on enable event and free on disable event.
+ * Host AP driver code does not touch this. */
+#endif /* PRISM2_CALLBACK */
+
+ wait_queue_head_t hostscan_wq;
+
+ /* Passive scan in Host AP mode */
+ struct timer_list passive_scan_timer;
+ int passive_scan_interval; /* in seconds, 0 = disabled */
+ int passive_scan_channel;
+ enum { PASSIVE_SCAN_WAIT, PASSIVE_SCAN_LISTEN } passive_scan_state;
+
+ struct timer_list tick_timer;
+ unsigned long last_tick_timer;
+ unsigned int sw_tick_stuck;
+
+ /* commsQuality / dBmCommsQuality data from periodic polling; only
+ * valid for Managed and Ad-hoc modes */
+ unsigned long last_comms_qual_update;
+ int comms_qual; /* in some odd unit.. */
+ int avg_signal; /* in dB (note: negative) */
+ int avg_noise; /* in dB (note: negative) */
+ struct work_struct comms_qual_update;
+
+ /* RSSI to dBm adjustment (for RX descriptor fields) */
+ int rssi_to_dBm; /* subtract from RSSI to get approximate dBm value */
+
+ /* BSS list / protected by local->lock */
+ struct list_head bss_list;
+ int num_bss_info;
+ int wpa; /* WPA support enabled */
+ int tkip_countermeasures;
+ int drop_unencrypted;
+ /* Generic IEEE 802.11 info element to be added to
+ * ProbeResp/Beacon/(Re)AssocReq */
+ u8 *generic_elem;
+ size_t generic_elem_len;
+
+#ifdef PRISM2_DOWNLOAD_SUPPORT
+ /* Persistent volatile download data */
+ struct prism2_download_data *dl_pri;
+ struct prism2_download_data *dl_sec;
+#endif /* PRISM2_DOWNLOAD_SUPPORT */
+
+#ifdef PRISM2_IO_DEBUG
+#define PRISM2_IO_DEBUG_SIZE 10000
+ u32 io_debug[PRISM2_IO_DEBUG_SIZE];
+ int io_debug_head;
+ int io_debug_enabled;
+#endif /* PRISM2_IO_DEBUG */
+
+ /* Pointer to hardware model specific (cs,pci,plx) private data. */
+ void *hw_priv;
+};
+
+
+/* Per interface private Host AP data
+ * Allocated for each net device that Host AP uses (wlan#, wlan#ap, wlan#sta,
+ * WDS) and netdev_priv(dev) points to this structure. */
+struct hostap_interface {
+ struct list_head list; /* list entry in Host AP interface list */
+ struct net_device *dev; /* pointer to this device */
+ struct local_info *local; /* pointer to shared private data */
+ struct net_device_stats stats;
+ struct iw_spy_data spy_data; /* iwspy support */
+ struct iw_public_data wireless_data;
+
+ enum {
+ HOSTAP_INTERFACE_MASTER,
+ HOSTAP_INTERFACE_MAIN,
+ HOSTAP_INTERFACE_AP,
+ HOSTAP_INTERFACE_STA,
+ HOSTAP_INTERFACE_WDS,
+ } type;
+
+ union {
+ struct hostap_interface_wds {
+ u8 remote_addr[ETH_ALEN];
+ } wds;
+ } u;
+};
+
+
+#define HOSTAP_SKB_TX_DATA_MAGIC 0xf08a36a2
+
+/*
+ * TX meta data - stored in skb->cb buffer, so this must not be increased over
+ * the 48-byte limit.
+ * THE PADDING THIS STARTS WITH IS A HORRIBLE HACK THAT SHOULD NOT LIVE
+ * TO SEE THE DAY.
+ */
+struct hostap_skb_tx_data {
+ unsigned int __padding_for_default_qdiscs;
+ u32 magic; /* HOSTAP_SKB_TX_DATA_MAGIC */
+ u8 rate; /* transmit rate */
+#define HOSTAP_TX_FLAGS_WDS BIT(0)
+#define HOSTAP_TX_FLAGS_BUFFERED_FRAME BIT(1)
+#define HOSTAP_TX_FLAGS_ADD_MOREDATA BIT(2)
+ u8 flags; /* HOSTAP_TX_FLAGS_* */
+ u16 tx_cb_idx;
+ struct hostap_interface *iface;
+ unsigned long jiffies; /* queueing timestamp */
+ unsigned short ethertype;
+};
+
+
+#ifndef PRISM2_NO_DEBUG
+
+#define DEBUG_FID BIT(0)
+#define DEBUG_PS BIT(1)
+#define DEBUG_FLOW BIT(2)
+#define DEBUG_AP BIT(3)
+#define DEBUG_HW BIT(4)
+#define DEBUG_EXTRA BIT(5)
+#define DEBUG_EXTRA2 BIT(6)
+#define DEBUG_PS2 BIT(7)
+#define DEBUG_MASK (DEBUG_PS | DEBUG_AP | DEBUG_HW | DEBUG_EXTRA)
+#define PDEBUG(n, args...) \
+do { if ((n) & DEBUG_MASK) printk(KERN_DEBUG args); } while (0)
+#define PDEBUG2(n, args...) \
+do { if ((n) & DEBUG_MASK) printk(args); } while (0)
+
+#else /* PRISM2_NO_DEBUG */
+
+#define PDEBUG(n, args...)
+#define PDEBUG2(n, args...)
+
+#endif /* PRISM2_NO_DEBUG */
+
+enum { BAP0 = 0, BAP1 = 1 };
+
+#define PRISM2_IO_DEBUG_CMD_INB 0
+#define PRISM2_IO_DEBUG_CMD_INW 1
+#define PRISM2_IO_DEBUG_CMD_INSW 2
+#define PRISM2_IO_DEBUG_CMD_OUTB 3
+#define PRISM2_IO_DEBUG_CMD_OUTW 4
+#define PRISM2_IO_DEBUG_CMD_OUTSW 5
+#define PRISM2_IO_DEBUG_CMD_ERROR 6
+#define PRISM2_IO_DEBUG_CMD_INTERRUPT 7
+
+#ifdef PRISM2_IO_DEBUG
+
+#define PRISM2_IO_DEBUG_ENTRY(cmd, reg, value) \
+(((cmd) << 24) | ((reg) << 16) | value)
+
+static inline void prism2_io_debug_add(struct net_device *dev, int cmd,
+ int reg, int value)
+{
+ struct hostap_interface *iface = netdev_priv(dev);
+ local_info_t *local = iface->local;
+
+ if (!local->io_debug_enabled)
+ return;
+
+ local->io_debug[local->io_debug_head] = jiffies & 0xffffffff;
+ if (++local->io_debug_head >= PRISM2_IO_DEBUG_SIZE)
+ local->io_debug_head = 0;
+ local->io_debug[local->io_debug_head] =
+ PRISM2_IO_DEBUG_ENTRY(cmd, reg, value);
+ if (++local->io_debug_head >= PRISM2_IO_DEBUG_SIZE)
+ local->io_debug_head = 0;
+}
+
+
+static inline void prism2_io_debug_error(struct net_device *dev, int err)
+{
+ struct hostap_interface *iface = netdev_priv(dev);
+ local_info_t *local = iface->local;
+ unsigned long flags;
+
+ if (!local->io_debug_enabled)
+ return;
+
+ spin_lock_irqsave(&local->lock, flags);
+ prism2_io_debug_add(dev, PRISM2_IO_DEBUG_CMD_ERROR, 0, err);
+ if (local->io_debug_enabled == 1) {
+ local->io_debug_enabled = 0;
+ printk(KERN_DEBUG "%s: I/O debug stopped\n", dev->name);
+ }
+ spin_unlock_irqrestore(&local->lock, flags);
+}
+
+#else /* PRISM2_IO_DEBUG */
+
+static inline void prism2_io_debug_add(struct net_device *dev, int cmd,
+ int reg, int value)
+{
+}
+
+static inline void prism2_io_debug_error(struct net_device *dev, int err)
+{
+}
+
+#endif /* PRISM2_IO_DEBUG */
+
+
+#ifdef PRISM2_CALLBACK
+enum {
+ /* Called when card is enabled */
+ PRISM2_CALLBACK_ENABLE,
+
+ /* Called when card is disabled */
+ PRISM2_CALLBACK_DISABLE,
+
+ /* Called when RX/TX starts/ends */
+ PRISM2_CALLBACK_RX_START, PRISM2_CALLBACK_RX_END,
+ PRISM2_CALLBACK_TX_START, PRISM2_CALLBACK_TX_END
+};
+void prism2_callback(local_info_t *local, int event);
+#else /* PRISM2_CALLBACK */
+#define prism2_callback(d, e) do { } while (0)
+#endif /* PRISM2_CALLBACK */
+
+#endif /* __KERNEL__ */
+
+#endif /* HOSTAP_WLAN_H */
diff --git a/drivers/net/wireless/intersil/orinoco/Kconfig b/drivers/net/wireless/intersil/orinoco/Kconfig
new file mode 100644
index 000000000..f62730aa7
--- /dev/null
+++ b/drivers/net/wireless/intersil/orinoco/Kconfig
@@ -0,0 +1,143 @@
+# SPDX-License-Identifier: GPL-2.0-only
+config HERMES
+ tristate "Hermes chipset 802.11b support (Orinoco/Prism2/Symbol)"
+ depends on (PPC_PMAC || PCI || PCMCIA)
+ depends on CFG80211
+ select CFG80211_WEXT_EXPORT
+ select WIRELESS_EXT
+ select WEXT_SPY
+ select WEXT_PRIV
+ select FW_LOADER
+ select CRYPTO
+ select CRYPTO_MICHAEL_MIC
+ help
+ A driver for 802.11b wireless cards based on the "Hermes" or
+ Intersil HFA384x (Prism 2) MAC controller. This includes the vast
+ majority of the PCMCIA 802.11b cards (which are nearly all rebadges)
+ - except for the Cisco/Aironet cards. Cards supported include the
+ Apple Airport (not a PCMCIA card), WavelanIEEE/Orinoco,
+ Cabletron/EnteraSys Roamabout, ELSA AirLancer, MELCO Buffalo, Avaya,
+ IBM High Rate Wireless, Farralon Syyline, Samsung MagicLAN, Netgear
+ MA401, LinkSys WPC-11, D-Link DWL-650, 3Com AirConnect, Intel
+ IPW2011, and Symbol Spectrum24 High Rate amongst others.
+
+ This option includes the guts of the driver, but in order to
+ actually use a card you will also need to enable support for PCMCIA
+ Hermes cards, PLX9052 based PCI adaptors or the Apple Airport below.
+
+ You will also very likely also need the Wireless Tools in order to
+ configure your card and that /etc/pcmcia/wireless.opts works :
+ <https://www.hpl.hp.com/personal/Jean_Tourrilhes/Linux/Tools.html>
+
+config HERMES_PRISM
+ bool "Support Prism 2/2.5 chipset"
+ depends on HERMES
+ help
+
+ Say Y to enable support for Prism 2 and 2.5 chipsets. These
+ chipsets are better handled by the hostap driver. This driver
+ would not support WPA or firmware download for Prism chipset.
+
+ If you are not sure, say N.
+
+config HERMES_CACHE_FW_ON_INIT
+ bool "Cache Hermes firmware on driver initialisation"
+ depends on HERMES
+ default y
+ help
+ Say Y to cache any firmware required by the Hermes drivers
+ on startup. The firmware will remain cached until the
+ driver is unloaded. The cache uses 64K of RAM.
+
+ Otherwise load the firmware from userspace as required. In
+ this case the driver should be unloaded and restarted
+ whenever the firmware is changed.
+
+ If you are not sure, say Y.
+
+config APPLE_AIRPORT
+ tristate "Apple Airport support (built-in)"
+ depends on PPC_PMAC && HERMES
+ help
+ Say Y here to support the Airport 802.11b wireless Ethernet hardware
+ built into the Macintosh iBook and other recent PowerPC-based
+ Macintosh machines. This is essentially a Lucent Orinoco card with
+ a non-standard interface.
+
+ This driver does not support the Airport Extreme (802.11b/g). Use
+ the BCM43xx driver for Airport Extreme cards.
+
+config PLX_HERMES
+ tristate "Hermes in PLX9052 based PCI adaptor support (Netgear MA301 etc.)"
+ depends on PCI && HERMES
+ help
+ Enable support for PCMCIA cards supported by the "Hermes" (aka
+ orinoco) driver when used in PLX9052 based PCI adaptors. These
+ adaptors are not a full PCMCIA controller but act as a more limited
+ PCI <-> PCMCIA bridge. Several vendors sell such adaptors so that
+ 802.11b PCMCIA cards can be used in desktop machines. The Netgear
+ MA301 is such an adaptor.
+
+config TMD_HERMES
+ tristate "Hermes in TMD7160 based PCI adaptor support"
+ depends on PCI && HERMES
+ help
+ Enable support for PCMCIA cards supported by the "Hermes" (aka
+ orinoco) driver when used in TMD7160 based PCI adaptors. These
+ adaptors are not a full PCMCIA controller but act as a more limited
+ PCI <-> PCMCIA bridge. Several vendors sell such adaptors so that
+ 802.11b PCMCIA cards can be used in desktop machines.
+
+config NORTEL_HERMES
+ tristate "Nortel emobility PCI adaptor support"
+ depends on PCI && HERMES
+ help
+ Enable support for PCMCIA cards supported by the "Hermes" (aka
+ orinoco) driver when used in Nortel emobility PCI adaptors. These
+ adaptors are not full PCMCIA controllers, but act as a more limited
+ PCI <-> PCMCIA bridge.
+
+config PCI_HERMES
+ tristate "Prism 2.5 PCI 802.11b adaptor support"
+ depends on PCI && HERMES && HERMES_PRISM
+ help
+ Enable support for PCI and mini-PCI 802.11b wireless NICs based on
+ the Prism 2.5 chipset. These are true PCI cards, not the 802.11b
+ PCMCIA cards bundled with PCI<->PCMCIA adaptors which are also
+ common. Some of the built-in wireless adaptors in laptops are of
+ this variety.
+
+config PCMCIA_HERMES
+ tristate "Hermes PCMCIA card support"
+ depends on PCMCIA && HERMES && HAS_IOPORT_MAP
+ help
+ A driver for "Hermes" chipset based PCMCIA wireless adaptors, such
+ as the Lucent WavelanIEEE/Orinoco cards and their OEM (Cabletron/
+ EnteraSys RoamAbout 802.11, ELSA Airlancer, Melco Buffalo and
+ others). It should also be usable on various Prism II based cards
+ such as the Linksys, D-Link and Farallon Skyline. It should also
+ work on Symbol cards such as the 3Com AirConnect and Ericsson WLAN.
+
+ You will very likely need the Wireless Tools in order to
+ configure your card and that /etc/pcmcia/wireless.opts works:
+ <https://www.hpl.hp.com/personal/Jean_Tourrilhes/Linux/Tools.html>.
+
+config PCMCIA_SPECTRUM
+ tristate "Symbol Spectrum24 Trilogy PCMCIA card support"
+ depends on PCMCIA && HERMES && HAS_IOPORT_MAP
+ help
+
+ This is a driver for 802.11b cards using RAM-loadable Symbol
+ firmware, such as Symbol Wireless Networker LA4100, CompactFlash
+ cards by Socket Communications and Intel PRO/Wireless 2011B.
+
+ This driver requires firmware download on startup. Utilities
+ for downloading Symbol firmware are available at
+ <http://sourceforge.net/projects/orinoco/>
+
+config ORINOCO_USB
+ tristate "Agere Orinoco USB support"
+ depends on USB && HERMES
+ select FW_LOADER
+ help
+ This driver is for USB versions of the Agere Orinoco card.
diff --git a/drivers/net/wireless/intersil/orinoco/Makefile b/drivers/net/wireless/intersil/orinoco/Makefile
new file mode 100644
index 000000000..0c29c56c8
--- /dev/null
+++ b/drivers/net/wireless/intersil/orinoco/Makefile
@@ -0,0 +1,15 @@
+# SPDX-License-Identifier: GPL-2.0
+#
+# Makefile for the orinoco wireless device drivers.
+#
+orinoco-objs := main.o fw.o hw.o mic.o scan.o wext.o hermes_dld.o hermes.o cfg.o
+
+obj-$(CONFIG_HERMES) += orinoco.o
+obj-$(CONFIG_PCMCIA_HERMES) += orinoco_cs.o
+obj-$(CONFIG_APPLE_AIRPORT) += airport.o
+obj-$(CONFIG_PLX_HERMES) += orinoco_plx.o
+obj-$(CONFIG_PCI_HERMES) += orinoco_pci.o
+obj-$(CONFIG_TMD_HERMES) += orinoco_tmd.o
+obj-$(CONFIG_NORTEL_HERMES) += orinoco_nortel.o
+obj-$(CONFIG_PCMCIA_SPECTRUM) += spectrum_cs.o
+obj-$(CONFIG_ORINOCO_USB) += orinoco_usb.o
diff --git a/drivers/net/wireless/intersil/orinoco/airport.c b/drivers/net/wireless/intersil/orinoco/airport.c
new file mode 100644
index 000000000..a890bfa0d
--- /dev/null
+++ b/drivers/net/wireless/intersil/orinoco/airport.c
@@ -0,0 +1,268 @@
+/* airport.c
+ *
+ * A driver for "Hermes" chipset based Apple Airport wireless
+ * card.
+ *
+ * Copyright notice & release notes in file main.c
+ *
+ * Note specific to airport stub:
+ *
+ * 0.05 : first version of the new split driver
+ * 0.06 : fix possible hang on powerup, add sleep support
+ */
+
+#define DRIVER_NAME "airport"
+#define PFX DRIVER_NAME ": "
+
+#include <linux/module.h>
+#include <linux/kernel.h>
+#include <linux/init.h>
+#include <linux/delay.h>
+#include <linux/of_device.h>
+#include <asm/pmac_feature.h>
+
+#include "orinoco.h"
+
+#define AIRPORT_IO_LEN (0x1000) /* one page */
+
+struct airport {
+ struct macio_dev *mdev;
+ void __iomem *vaddr;
+ unsigned int irq;
+ int irq_requested;
+ int ndev_registered;
+};
+
+static int
+airport_suspend(struct macio_dev *mdev, pm_message_t state)
+{
+ struct orinoco_private *priv = dev_get_drvdata(&mdev->ofdev.dev);
+ struct net_device *dev = priv->ndev;
+ struct airport *card = priv->card;
+ unsigned long flags;
+ int err;
+
+ printk(KERN_DEBUG "%s: Airport entering sleep mode\n", dev->name);
+
+ err = orinoco_lock(priv, &flags);
+ if (err) {
+ printk(KERN_ERR "%s: hw_unavailable on PBOOK_SLEEP_NOW\n",
+ dev->name);
+ return 0;
+ }
+
+ orinoco_down(priv);
+ orinoco_unlock(priv, &flags);
+
+ disable_irq(card->irq);
+ pmac_call_feature(PMAC_FTR_AIRPORT_ENABLE,
+ macio_get_of_node(mdev), 0, 0);
+
+ return 0;
+}
+
+static int
+airport_resume(struct macio_dev *mdev)
+{
+ struct orinoco_private *priv = dev_get_drvdata(&mdev->ofdev.dev);
+ struct net_device *dev = priv->ndev;
+ struct airport *card = priv->card;
+ unsigned long flags;
+ int err;
+
+ printk(KERN_DEBUG "%s: Airport waking up\n", dev->name);
+
+ pmac_call_feature(PMAC_FTR_AIRPORT_ENABLE,
+ macio_get_of_node(mdev), 0, 1);
+ msleep(200);
+
+ enable_irq(card->irq);
+
+ priv->hw.ops->lock_irqsave(&priv->lock, &flags);
+ err = orinoco_up(priv);
+ priv->hw.ops->unlock_irqrestore(&priv->lock, &flags);
+
+ return err;
+}
+
+static int
+airport_detach(struct macio_dev *mdev)
+{
+ struct orinoco_private *priv = dev_get_drvdata(&mdev->ofdev.dev);
+ struct airport *card = priv->card;
+
+ if (card->ndev_registered)
+ orinoco_if_del(priv);
+ card->ndev_registered = 0;
+
+ if (card->irq_requested)
+ free_irq(card->irq, priv);
+ card->irq_requested = 0;
+
+ if (card->vaddr)
+ iounmap(card->vaddr);
+ card->vaddr = NULL;
+
+ macio_release_resource(mdev, 0);
+
+ pmac_call_feature(PMAC_FTR_AIRPORT_ENABLE,
+ macio_get_of_node(mdev), 0, 0);
+ ssleep(1);
+
+ macio_set_drvdata(mdev, NULL);
+ free_orinocodev(priv);
+
+ return 0;
+}
+
+static int airport_hard_reset(struct orinoco_private *priv)
+{
+ /* It would be nice to power cycle the Airport for a real hard
+ * reset, but for some reason although it appears to
+ * re-initialize properly, it falls in a screaming heap
+ * shortly afterwards. */
+#if 0
+ struct airport *card = priv->card;
+
+ /* Vitally important. If we don't do this it seems we get an
+ * interrupt somewhere during the power cycle, since
+ * hw_unavailable is already set it doesn't get ACKed, we get
+ * into an interrupt loop and the PMU decides to turn us
+ * off. */
+ disable_irq(card->irq);
+
+ pmac_call_feature(PMAC_FTR_AIRPORT_ENABLE,
+ macio_get_of_node(card->mdev), 0, 0);
+ ssleep(1);
+ pmac_call_feature(PMAC_FTR_AIRPORT_ENABLE,
+ macio_get_of_node(card->mdev), 0, 1);
+ ssleep(1);
+
+ enable_irq(card->irq);
+ ssleep(1);
+#endif
+
+ return 0;
+}
+
+static int
+airport_attach(struct macio_dev *mdev, const struct of_device_id *match)
+{
+ struct orinoco_private *priv;
+ struct airport *card;
+ unsigned long phys_addr;
+ struct hermes *hw;
+
+ if (macio_resource_count(mdev) < 1 || macio_irq_count(mdev) < 1) {
+ printk(KERN_ERR PFX "Wrong interrupt/addresses in OF tree\n");
+ return -ENODEV;
+ }
+
+ /* Allocate space for private device-specific data */
+ priv = alloc_orinocodev(sizeof(*card), &mdev->ofdev.dev,
+ airport_hard_reset, NULL);
+ if (!priv) {
+ printk(KERN_ERR PFX "Cannot allocate network device\n");
+ return -ENODEV;
+ }
+ card = priv->card;
+
+ hw = &priv->hw;
+ card->mdev = mdev;
+
+ if (macio_request_resource(mdev, 0, DRIVER_NAME)) {
+ printk(KERN_ERR PFX "can't request IO resource !\n");
+ free_orinocodev(priv);
+ return -EBUSY;
+ }
+
+ macio_set_drvdata(mdev, priv);
+
+ /* Setup interrupts & base address */
+ card->irq = macio_irq(mdev, 0);
+ phys_addr = macio_resource_start(mdev, 0); /* Physical address */
+ printk(KERN_DEBUG PFX "Physical address %lx\n", phys_addr);
+ card->vaddr = ioremap(phys_addr, AIRPORT_IO_LEN);
+ if (!card->vaddr) {
+ printk(KERN_ERR PFX "ioremap() failed\n");
+ goto failed;
+ }
+
+ hermes_struct_init(hw, card->vaddr, HERMES_16BIT_REGSPACING);
+
+ /* Power up card */
+ pmac_call_feature(PMAC_FTR_AIRPORT_ENABLE,
+ macio_get_of_node(mdev), 0, 1);
+ ssleep(1);
+
+ /* Reset it before we get the interrupt */
+ hw->ops->init(hw);
+
+ if (request_irq(card->irq, orinoco_interrupt, 0, DRIVER_NAME, priv)) {
+ printk(KERN_ERR PFX "Couldn't get IRQ %d\n", card->irq);
+ goto failed;
+ }
+ card->irq_requested = 1;
+
+ /* Initialise the main driver */
+ if (orinoco_init(priv) != 0) {
+ printk(KERN_ERR PFX "orinoco_init() failed\n");
+ goto failed;
+ }
+
+ /* Register an interface with the stack */
+ if (orinoco_if_add(priv, phys_addr, card->irq, NULL) != 0) {
+ printk(KERN_ERR PFX "orinoco_if_add() failed\n");
+ goto failed;
+ }
+ card->ndev_registered = 1;
+ return 0;
+ failed:
+ airport_detach(mdev);
+ return -ENODEV;
+} /* airport_attach */
+
+
+static char version[] __initdata = DRIVER_NAME " " DRIVER_VERSION
+ " (Benjamin Herrenschmidt <benh@kernel.crashing.org>)";
+MODULE_AUTHOR("Benjamin Herrenschmidt <benh@kernel.crashing.org>");
+MODULE_DESCRIPTION("Driver for the Apple Airport wireless card.");
+MODULE_LICENSE("Dual MPL/GPL");
+
+static const struct of_device_id airport_match[] = {
+ {
+ .name = "radio",
+ },
+ {},
+};
+
+MODULE_DEVICE_TABLE(of, airport_match);
+
+static struct macio_driver airport_driver = {
+ .driver = {
+ .name = DRIVER_NAME,
+ .owner = THIS_MODULE,
+ .of_match_table = airport_match,
+ },
+ .probe = airport_attach,
+ .remove = airport_detach,
+ .suspend = airport_suspend,
+ .resume = airport_resume,
+};
+
+static int __init
+init_airport(void)
+{
+ printk(KERN_DEBUG "%s\n", version);
+
+ return macio_register_driver(&airport_driver);
+}
+
+static void __exit
+exit_airport(void)
+{
+ macio_unregister_driver(&airport_driver);
+}
+
+module_init(init_airport);
+module_exit(exit_airport);
diff --git a/drivers/net/wireless/intersil/orinoco/cfg.c b/drivers/net/wireless/intersil/orinoco/cfg.c
new file mode 100644
index 000000000..b2d5ec863
--- /dev/null
+++ b/drivers/net/wireless/intersil/orinoco/cfg.c
@@ -0,0 +1,291 @@
+/* cfg80211 support
+ *
+ * See copyright notice in main.c
+ */
+#include <linux/ieee80211.h>
+#include <net/cfg80211.h>
+#include "hw.h"
+#include "main.h"
+#include "orinoco.h"
+
+#include "cfg.h"
+
+/* Supported bitrates. Must agree with hw.c */
+static struct ieee80211_rate orinoco_rates[] = {
+ { .bitrate = 10 },
+ { .bitrate = 20 },
+ { .bitrate = 55 },
+ { .bitrate = 110 },
+};
+
+static const void * const orinoco_wiphy_privid = &orinoco_wiphy_privid;
+
+/* Called after orinoco_private is allocated. */
+void orinoco_wiphy_init(struct wiphy *wiphy)
+{
+ struct orinoco_private *priv = wiphy_priv(wiphy);
+
+ wiphy->privid = orinoco_wiphy_privid;
+
+ set_wiphy_dev(wiphy, priv->dev);
+}
+
+/* Called after firmware is initialised */
+int orinoco_wiphy_register(struct wiphy *wiphy)
+{
+ struct orinoco_private *priv = wiphy_priv(wiphy);
+ int i, channels = 0;
+
+ if (priv->firmware_type == FIRMWARE_TYPE_AGERE)
+ wiphy->max_scan_ssids = 1;
+ else
+ wiphy->max_scan_ssids = 0;
+
+ wiphy->interface_modes = BIT(NL80211_IFTYPE_STATION);
+
+ /* TODO: should we set if we only have demo ad-hoc?
+ * (priv->has_port3)
+ */
+ if (priv->has_ibss)
+ wiphy->interface_modes |= BIT(NL80211_IFTYPE_ADHOC);
+
+ if (!priv->broken_monitor || force_monitor)
+ wiphy->interface_modes |= BIT(NL80211_IFTYPE_MONITOR);
+
+ priv->band.bitrates = orinoco_rates;
+ priv->band.n_bitrates = ARRAY_SIZE(orinoco_rates);
+
+ /* Only support channels allowed by the card EEPROM */
+ for (i = 0; i < NUM_CHANNELS; i++) {
+ if (priv->channel_mask & (1 << i)) {
+ priv->channels[i].center_freq =
+ ieee80211_channel_to_frequency(i + 1,
+ NL80211_BAND_2GHZ);
+ channels++;
+ }
+ }
+ priv->band.channels = priv->channels;
+ priv->band.n_channels = channels;
+
+ wiphy->bands[NL80211_BAND_2GHZ] = &priv->band;
+ wiphy->signal_type = CFG80211_SIGNAL_TYPE_MBM;
+
+ i = 0;
+ if (priv->has_wep) {
+ priv->cipher_suites[i] = WLAN_CIPHER_SUITE_WEP40;
+ i++;
+
+ if (priv->has_big_wep) {
+ priv->cipher_suites[i] = WLAN_CIPHER_SUITE_WEP104;
+ i++;
+ }
+ }
+ if (priv->has_wpa) {
+ priv->cipher_suites[i] = WLAN_CIPHER_SUITE_TKIP;
+ i++;
+ }
+ wiphy->cipher_suites = priv->cipher_suites;
+ wiphy->n_cipher_suites = i;
+
+ wiphy->rts_threshold = priv->rts_thresh;
+ if (!priv->has_mwo)
+ wiphy->frag_threshold = priv->frag_thresh + 1;
+ wiphy->retry_short = priv->short_retry_limit;
+ wiphy->retry_long = priv->long_retry_limit;
+
+ return wiphy_register(wiphy);
+}
+
+static int orinoco_change_vif(struct wiphy *wiphy, struct net_device *dev,
+ enum nl80211_iftype type,
+ struct vif_params *params)
+{
+ struct orinoco_private *priv = wiphy_priv(wiphy);
+ int err = 0;
+ unsigned long lock;
+
+ if (orinoco_lock(priv, &lock) != 0)
+ return -EBUSY;
+
+ switch (type) {
+ case NL80211_IFTYPE_ADHOC:
+ if (!priv->has_ibss && !priv->has_port3)
+ err = -EINVAL;
+ break;
+
+ case NL80211_IFTYPE_STATION:
+ break;
+
+ case NL80211_IFTYPE_MONITOR:
+ if (priv->broken_monitor && !force_monitor) {
+ wiphy_warn(wiphy,
+ "Monitor mode support is buggy in this firmware, not enabling\n");
+ err = -EINVAL;
+ }
+ break;
+
+ default:
+ err = -EINVAL;
+ }
+
+ if (!err) {
+ priv->iw_mode = type;
+ set_port_type(priv);
+ err = orinoco_commit(priv);
+ }
+
+ orinoco_unlock(priv, &lock);
+
+ return err;
+}
+
+static int orinoco_scan(struct wiphy *wiphy,
+ struct cfg80211_scan_request *request)
+{
+ struct orinoco_private *priv = wiphy_priv(wiphy);
+ int err;
+
+ if (!request)
+ return -EINVAL;
+
+ if (priv->scan_request && priv->scan_request != request)
+ return -EBUSY;
+
+ priv->scan_request = request;
+
+ err = orinoco_hw_trigger_scan(priv, request->ssids);
+ /* On error the we aren't processing the request */
+ if (err)
+ priv->scan_request = NULL;
+
+ return err;
+}
+
+static int orinoco_set_monitor_channel(struct wiphy *wiphy,
+ struct cfg80211_chan_def *chandef)
+{
+ struct orinoco_private *priv = wiphy_priv(wiphy);
+ int err = 0;
+ unsigned long flags;
+ int channel;
+
+ if (!chandef->chan)
+ return -EINVAL;
+
+ if (cfg80211_get_chandef_type(chandef) != NL80211_CHAN_NO_HT)
+ return -EINVAL;
+
+ if (chandef->chan->band != NL80211_BAND_2GHZ)
+ return -EINVAL;
+
+ channel = ieee80211_frequency_to_channel(chandef->chan->center_freq);
+
+ if ((channel < 1) || (channel > NUM_CHANNELS) ||
+ !(priv->channel_mask & (1 << (channel - 1))))
+ return -EINVAL;
+
+ if (orinoco_lock(priv, &flags) != 0)
+ return -EBUSY;
+
+ priv->channel = channel;
+ if (priv->iw_mode == NL80211_IFTYPE_MONITOR) {
+ /* Fast channel change - no commit if successful */
+ struct hermes *hw = &priv->hw;
+ err = hw->ops->cmd_wait(hw, HERMES_CMD_TEST |
+ HERMES_TEST_SET_CHANNEL,
+ channel, NULL);
+ }
+ orinoco_unlock(priv, &flags);
+
+ return err;
+}
+
+static int orinoco_set_wiphy_params(struct wiphy *wiphy, u32 changed)
+{
+ struct orinoco_private *priv = wiphy_priv(wiphy);
+ int frag_value = -1;
+ int rts_value = -1;
+ int err = 0;
+
+ if (changed & WIPHY_PARAM_RETRY_SHORT) {
+ /* Setting short retry not supported */
+ err = -EINVAL;
+ }
+
+ if (changed & WIPHY_PARAM_RETRY_LONG) {
+ /* Setting long retry not supported */
+ err = -EINVAL;
+ }
+
+ if (changed & WIPHY_PARAM_FRAG_THRESHOLD) {
+ /* Set fragmentation */
+ if (priv->has_mwo) {
+ if (wiphy->frag_threshold == -1)
+ frag_value = 0;
+ else {
+ printk(KERN_WARNING "%s: Fixed fragmentation "
+ "is not supported on this firmware. "
+ "Using MWO robust instead.\n",
+ priv->ndev->name);
+ frag_value = 1;
+ }
+ } else {
+ if (wiphy->frag_threshold == -1)
+ frag_value = 2346;
+ else if ((wiphy->frag_threshold < 257) ||
+ (wiphy->frag_threshold > 2347))
+ err = -EINVAL;
+ else
+ /* cfg80211 value is 257-2347 (odd only)
+ * orinoco rid has range 256-2346 (even only) */
+ frag_value = wiphy->frag_threshold & ~0x1;
+ }
+ }
+
+ if (changed & WIPHY_PARAM_RTS_THRESHOLD) {
+ /* Set RTS.
+ *
+ * Prism documentation suggests default of 2432,
+ * and a range of 0-3000.
+ *
+ * Current implementation uses 2347 as the default and
+ * the upper limit.
+ */
+
+ if (wiphy->rts_threshold == -1)
+ rts_value = 2347;
+ else if (wiphy->rts_threshold > 2347)
+ err = -EINVAL;
+ else
+ rts_value = wiphy->rts_threshold;
+ }
+
+ if (!err) {
+ unsigned long flags;
+
+ if (orinoco_lock(priv, &flags) != 0)
+ return -EBUSY;
+
+ if (frag_value >= 0) {
+ if (priv->has_mwo)
+ priv->mwo_robust = frag_value;
+ else
+ priv->frag_thresh = frag_value;
+ }
+ if (rts_value >= 0)
+ priv->rts_thresh = rts_value;
+
+ err = orinoco_commit(priv);
+
+ orinoco_unlock(priv, &flags);
+ }
+
+ return err;
+}
+
+const struct cfg80211_ops orinoco_cfg_ops = {
+ .change_virtual_intf = orinoco_change_vif,
+ .set_monitor_channel = orinoco_set_monitor_channel,
+ .scan = orinoco_scan,
+ .set_wiphy_params = orinoco_set_wiphy_params,
+};
diff --git a/drivers/net/wireless/intersil/orinoco/cfg.h b/drivers/net/wireless/intersil/orinoco/cfg.h
new file mode 100644
index 000000000..3ddc96a06
--- /dev/null
+++ b/drivers/net/wireless/intersil/orinoco/cfg.h
@@ -0,0 +1,15 @@
+/* cfg80211 support.
+ *
+ * See copyright notice in main.c
+ */
+#ifndef ORINOCO_CFG_H
+#define ORINOCO_CFG_H
+
+#include <net/cfg80211.h>
+
+extern const struct cfg80211_ops orinoco_cfg_ops;
+
+void orinoco_wiphy_init(struct wiphy *wiphy);
+int orinoco_wiphy_register(struct wiphy *wiphy);
+
+#endif /* ORINOCO_CFG_H */
diff --git a/drivers/net/wireless/intersil/orinoco/fw.c b/drivers/net/wireless/intersil/orinoco/fw.c
new file mode 100644
index 000000000..015af7828
--- /dev/null
+++ b/drivers/net/wireless/intersil/orinoco/fw.c
@@ -0,0 +1,387 @@
+/* Firmware file reading and download helpers
+ *
+ * See copyright notice in main.c
+ */
+#include <linux/kernel.h>
+#include <linux/slab.h>
+#include <linux/firmware.h>
+#include <linux/device.h>
+#include <linux/module.h>
+
+#include "hermes.h"
+#include "hermes_dld.h"
+#include "orinoco.h"
+
+#include "fw.h"
+
+/* End markers (for Symbol firmware only) */
+#define TEXT_END 0x1A /* End of text header */
+
+struct fw_info {
+ char *pri_fw;
+ char *sta_fw;
+ char *ap_fw;
+ u32 pda_addr;
+ u16 pda_size;
+};
+
+static const struct fw_info orinoco_fw[] = {
+ { NULL, "agere_sta_fw.bin", "agere_ap_fw.bin", 0x00390000, 1000 },
+ { NULL, "prism_sta_fw.bin", "prism_ap_fw.bin", 0, 1024 },
+ { "symbol_sp24t_prim_fw", "symbol_sp24t_sec_fw", NULL, 0x00003100, 512 }
+};
+MODULE_FIRMWARE("agere_sta_fw.bin");
+MODULE_FIRMWARE("agere_ap_fw.bin");
+MODULE_FIRMWARE("prism_sta_fw.bin");
+MODULE_FIRMWARE("prism_ap_fw.bin");
+MODULE_FIRMWARE("symbol_sp24t_prim_fw");
+MODULE_FIRMWARE("symbol_sp24t_sec_fw");
+
+/* Structure used to access fields in FW
+ * Make sure LE decoding macros are used
+ */
+struct orinoco_fw_header {
+ char hdr_vers[6]; /* ASCII string for header version */
+ __le16 headersize; /* Total length of header */
+ __le32 entry_point; /* NIC entry point */
+ __le32 blocks; /* Number of blocks to program */
+ __le32 block_offset; /* Offset of block data from eof header */
+ __le32 pdr_offset; /* Offset to PDR data from eof header */
+ __le32 pri_offset; /* Offset to primary plug data */
+ __le32 compat_offset; /* Offset to compatibility data*/
+ char signature[]; /* FW signature length headersize-20 */
+} __packed;
+
+/* Check the range of various header entries. Return a pointer to a
+ * description of the problem, or NULL if everything checks out. */
+static const char *validate_fw(const struct orinoco_fw_header *hdr, size_t len)
+{
+ u16 hdrsize;
+
+ if (len < sizeof(*hdr))
+ return "image too small";
+ if (memcmp(hdr->hdr_vers, "HFW", 3) != 0)
+ return "format not recognised";
+
+ hdrsize = le16_to_cpu(hdr->headersize);
+ if (hdrsize > len)
+ return "bad headersize";
+ if ((hdrsize + le32_to_cpu(hdr->block_offset)) > len)
+ return "bad block offset";
+ if ((hdrsize + le32_to_cpu(hdr->pdr_offset)) > len)
+ return "bad PDR offset";
+ if ((hdrsize + le32_to_cpu(hdr->pri_offset)) > len)
+ return "bad PRI offset";
+ if ((hdrsize + le32_to_cpu(hdr->compat_offset)) > len)
+ return "bad compat offset";
+
+ /* TODO: consider adding a checksum or CRC to the firmware format */
+ return NULL;
+}
+
+#if defined(CONFIG_HERMES_CACHE_FW_ON_INIT) || defined(CONFIG_PM_SLEEP)
+static inline const struct firmware *
+orinoco_cached_fw_get(struct orinoco_private *priv, bool primary)
+{
+ if (primary)
+ return priv->cached_pri_fw;
+ else
+ return priv->cached_fw;
+}
+#else
+#define orinoco_cached_fw_get(priv, primary) (NULL)
+#endif
+
+/* Download either STA or AP firmware into the card. */
+static int
+orinoco_dl_firmware(struct orinoco_private *priv,
+ const struct fw_info *fw,
+ int ap)
+{
+ /* Plug Data Area (PDA) */
+ __le16 *pda;
+
+ struct hermes *hw = &priv->hw;
+ const struct firmware *fw_entry;
+ const struct orinoco_fw_header *hdr;
+ const unsigned char *first_block;
+ const void *end;
+ const char *firmware;
+ const char *fw_err;
+ struct device *dev = priv->dev;
+ int err = 0;
+
+ pda = kzalloc(fw->pda_size, GFP_KERNEL);
+ if (!pda)
+ return -ENOMEM;
+
+ if (ap)
+ firmware = fw->ap_fw;
+ else
+ firmware = fw->sta_fw;
+
+ dev_dbg(dev, "Attempting to download firmware %s\n", firmware);
+
+ /* Read current plug data */
+ err = hw->ops->read_pda(hw, pda, fw->pda_addr, fw->pda_size);
+ dev_dbg(dev, "Read PDA returned %d\n", err);
+ if (err)
+ goto free;
+
+ if (!orinoco_cached_fw_get(priv, false)) {
+ err = request_firmware(&fw_entry, firmware, priv->dev);
+
+ if (err) {
+ dev_err(dev, "Cannot find firmware %s\n", firmware);
+ err = -ENOENT;
+ goto free;
+ }
+ } else
+ fw_entry = orinoco_cached_fw_get(priv, false);
+
+ hdr = (const struct orinoco_fw_header *) fw_entry->data;
+
+ fw_err = validate_fw(hdr, fw_entry->size);
+ if (fw_err) {
+ dev_warn(dev, "Invalid firmware image detected (%s). "
+ "Aborting download\n", fw_err);
+ err = -EINVAL;
+ goto abort;
+ }
+
+ /* Enable aux port to allow programming */
+ err = hw->ops->program_init(hw, le32_to_cpu(hdr->entry_point));
+ dev_dbg(dev, "Program init returned %d\n", err);
+ if (err != 0)
+ goto abort;
+
+ /* Program data */
+ first_block = (fw_entry->data +
+ le16_to_cpu(hdr->headersize) +
+ le32_to_cpu(hdr->block_offset));
+ end = fw_entry->data + fw_entry->size;
+
+ err = hermes_program(hw, first_block, end);
+ dev_dbg(dev, "Program returned %d\n", err);
+ if (err != 0)
+ goto abort;
+
+ /* Update production data */
+ first_block = (fw_entry->data +
+ le16_to_cpu(hdr->headersize) +
+ le32_to_cpu(hdr->pdr_offset));
+
+ err = hermes_apply_pda_with_defaults(hw, first_block, end, pda,
+ &pda[fw->pda_size / sizeof(*pda)]);
+ dev_dbg(dev, "Apply PDA returned %d\n", err);
+ if (err)
+ goto abort;
+
+ /* Tell card we've finished */
+ err = hw->ops->program_end(hw);
+ dev_dbg(dev, "Program end returned %d\n", err);
+ if (err != 0)
+ goto abort;
+
+ /* Check if we're running */
+ dev_dbg(dev, "hermes_present returned %d\n", hermes_present(hw));
+
+abort:
+ /* If we requested the firmware, release it. */
+ if (!orinoco_cached_fw_get(priv, false))
+ release_firmware(fw_entry);
+
+free:
+ kfree(pda);
+ return err;
+}
+
+/*
+ * Process a firmware image - stop the card, load the firmware, reset
+ * the card and make sure it responds. For the secondary firmware take
+ * care of the PDA - read it and then write it on top of the firmware.
+ */
+static int
+symbol_dl_image(struct orinoco_private *priv, const struct fw_info *fw,
+ const unsigned char *image, const void *end,
+ int secondary)
+{
+ struct hermes *hw = &priv->hw;
+ int ret = 0;
+ const unsigned char *ptr;
+ const unsigned char *first_block;
+
+ /* Plug Data Area (PDA) */
+ __le16 *pda = NULL;
+
+ /* Binary block begins after the 0x1A marker */
+ ptr = image;
+ while (*ptr++ != TEXT_END);
+ first_block = ptr;
+
+ /* Read the PDA from EEPROM */
+ if (secondary) {
+ pda = kzalloc(fw->pda_size, GFP_KERNEL);
+ if (!pda)
+ return -ENOMEM;
+
+ ret = hw->ops->read_pda(hw, pda, fw->pda_addr, fw->pda_size);
+ if (ret)
+ goto free;
+ }
+
+ /* Stop the firmware, so that it can be safely rewritten */
+ if (priv->stop_fw) {
+ ret = priv->stop_fw(priv, 1);
+ if (ret)
+ goto free;
+ }
+
+ /* Program the adapter with new firmware */
+ ret = hermes_program(hw, first_block, end);
+ if (ret)
+ goto free;
+
+ /* Write the PDA to the adapter */
+ if (secondary) {
+ size_t len = hermes_blocks_length(first_block, end);
+ ptr = first_block + len;
+ ret = hermes_apply_pda(hw, ptr, end, pda,
+ &pda[fw->pda_size / sizeof(*pda)]);
+ kfree(pda);
+ if (ret)
+ return ret;
+ }
+
+ /* Run the firmware */
+ if (priv->stop_fw) {
+ ret = priv->stop_fw(priv, 0);
+ if (ret)
+ return ret;
+ }
+
+ /* Reset hermes chip and make sure it responds */
+ ret = hw->ops->init(hw);
+
+ /* hermes_reset() should return 0 with the secondary firmware */
+ if (secondary && ret != 0)
+ return -ENODEV;
+
+ /* And this should work with any firmware */
+ if (!hermes_present(hw))
+ return -ENODEV;
+
+ return 0;
+
+free:
+ kfree(pda);
+ return ret;
+}
+
+
+/*
+ * Download the firmware into the card, this also does a PCMCIA soft
+ * reset on the card, to make sure it's in a sane state.
+ */
+static int
+symbol_dl_firmware(struct orinoco_private *priv,
+ const struct fw_info *fw)
+{
+ struct device *dev = priv->dev;
+ int ret;
+ const struct firmware *fw_entry;
+
+ if (!orinoco_cached_fw_get(priv, true)) {
+ if (request_firmware(&fw_entry, fw->pri_fw, priv->dev) != 0) {
+ dev_err(dev, "Cannot find firmware: %s\n", fw->pri_fw);
+ return -ENOENT;
+ }
+ } else
+ fw_entry = orinoco_cached_fw_get(priv, true);
+
+ /* Load primary firmware */
+ ret = symbol_dl_image(priv, fw, fw_entry->data,
+ fw_entry->data + fw_entry->size, 0);
+
+ if (!orinoco_cached_fw_get(priv, true))
+ release_firmware(fw_entry);
+ if (ret) {
+ dev_err(dev, "Primary firmware download failed\n");
+ return ret;
+ }
+
+ if (!orinoco_cached_fw_get(priv, false)) {
+ if (request_firmware(&fw_entry, fw->sta_fw, priv->dev) != 0) {
+ dev_err(dev, "Cannot find firmware: %s\n", fw->sta_fw);
+ return -ENOENT;
+ }
+ } else
+ fw_entry = orinoco_cached_fw_get(priv, false);
+
+ /* Load secondary firmware */
+ ret = symbol_dl_image(priv, fw, fw_entry->data,
+ fw_entry->data + fw_entry->size, 1);
+ if (!orinoco_cached_fw_get(priv, false))
+ release_firmware(fw_entry);
+ if (ret)
+ dev_err(dev, "Secondary firmware download failed\n");
+
+ return ret;
+}
+
+int orinoco_download(struct orinoco_private *priv)
+{
+ int err = 0;
+ /* Reload firmware */
+ switch (priv->firmware_type) {
+ case FIRMWARE_TYPE_AGERE:
+ /* case FIRMWARE_TYPE_INTERSIL: */
+ err = orinoco_dl_firmware(priv,
+ &orinoco_fw[priv->firmware_type], 0);
+ break;
+
+ case FIRMWARE_TYPE_SYMBOL:
+ err = symbol_dl_firmware(priv,
+ &orinoco_fw[priv->firmware_type]);
+ break;
+ case FIRMWARE_TYPE_INTERSIL:
+ break;
+ }
+ /* TODO: if we fail we probably need to reinitialise
+ * the driver */
+
+ return err;
+}
+
+#if defined(CONFIG_HERMES_CACHE_FW_ON_INIT) || defined(CONFIG_PM_SLEEP)
+void orinoco_cache_fw(struct orinoco_private *priv, int ap)
+{
+ const struct firmware *fw_entry = NULL;
+ const char *pri_fw;
+ const char *fw;
+
+ pri_fw = orinoco_fw[priv->firmware_type].pri_fw;
+ if (ap)
+ fw = orinoco_fw[priv->firmware_type].ap_fw;
+ else
+ fw = orinoco_fw[priv->firmware_type].sta_fw;
+
+ if (pri_fw) {
+ if (request_firmware(&fw_entry, pri_fw, priv->dev) == 0)
+ priv->cached_pri_fw = fw_entry;
+ }
+
+ if (fw) {
+ if (request_firmware(&fw_entry, fw, priv->dev) == 0)
+ priv->cached_fw = fw_entry;
+ }
+}
+
+void orinoco_uncache_fw(struct orinoco_private *priv)
+{
+ release_firmware(priv->cached_pri_fw);
+ release_firmware(priv->cached_fw);
+ priv->cached_pri_fw = NULL;
+ priv->cached_fw = NULL;
+}
+#endif
diff --git a/drivers/net/wireless/intersil/orinoco/fw.h b/drivers/net/wireless/intersil/orinoco/fw.h
new file mode 100644
index 000000000..aca63e3c4
--- /dev/null
+++ b/drivers/net/wireless/intersil/orinoco/fw.h
@@ -0,0 +1,21 @@
+/* Firmware file reading and download helpers
+ *
+ * See copyright notice in main.c
+ */
+#ifndef _ORINOCO_FW_H_
+#define _ORINOCO_FW_H_
+
+/* Forward declations */
+struct orinoco_private;
+
+int orinoco_download(struct orinoco_private *priv);
+
+#if defined(CONFIG_HERMES_CACHE_FW_ON_INIT) || defined(CONFIG_PM_SLEEP)
+void orinoco_cache_fw(struct orinoco_private *priv, int ap);
+void orinoco_uncache_fw(struct orinoco_private *priv);
+#else
+#define orinoco_cache_fw(priv, ap) do { } while (0)
+#define orinoco_uncache_fw(priv) do { } while (0)
+#endif
+
+#endif /* _ORINOCO_FW_H_ */
diff --git a/drivers/net/wireless/intersil/orinoco/hermes.c b/drivers/net/wireless/intersil/orinoco/hermes.c
new file mode 100644
index 000000000..256946552
--- /dev/null
+++ b/drivers/net/wireless/intersil/orinoco/hermes.c
@@ -0,0 +1,777 @@
+/* hermes.c
+ *
+ * Driver core for the "Hermes" wireless MAC controller, as used in
+ * the Lucent Orinoco and Cabletron RoamAbout cards. It should also
+ * work on the hfa3841 and hfa3842 MAC controller chips used in the
+ * Prism II chipsets.
+ *
+ * This is not a complete driver, just low-level access routines for
+ * the MAC controller itself.
+ *
+ * Based on the prism2 driver from Absolute Value Systems' linux-wlan
+ * project, the Linux wvlan_cs driver, Lucent's HCF-Light
+ * (wvlan_hcf.c) library, and the NetBSD wireless driver (in no
+ * particular order).
+ *
+ * Copyright (C) 2000, David Gibson, Linuxcare Australia.
+ * (C) Copyright David Gibson, IBM Corp. 2001-2003.
+ *
+ * The contents of this file are subject to the Mozilla Public License
+ * Version 1.1 (the "License"); you may not use this file except in
+ * compliance with the License. You may obtain a copy of the License
+ * at http://www.mozilla.org/MPL/
+ *
+ * Software distributed under the License is distributed on an "AS IS"
+ * basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See
+ * the License for the specific language governing rights and
+ * limitations under the License.
+ *
+ * Alternatively, the contents of this file may be used under the
+ * terms of the GNU General Public License version 2 (the "GPL"), in
+ * which case the provisions of the GPL are applicable instead of the
+ * above. If you wish to allow the use of your version of this file
+ * only under the terms of the GPL and not to allow others to use your
+ * version of this file under the MPL, indicate your decision by
+ * deleting the provisions above and replace them with the notice and
+ * other provisions required by the GPL. If you do not delete the
+ * provisions above, a recipient may use your version of this file
+ * under either the MPL or the GPL.
+ */
+
+#include <linux/module.h>
+#include <linux/kernel.h>
+#include <linux/delay.h>
+
+#include "hermes.h"
+
+/* These are maximum timeouts. Most often, card wil react much faster */
+#define CMD_BUSY_TIMEOUT (100) /* In iterations of ~1us */
+#define CMD_INIT_TIMEOUT (50000) /* in iterations of ~10us */
+#define CMD_COMPL_TIMEOUT (20000) /* in iterations of ~10us */
+#define ALLOC_COMPL_TIMEOUT (1000) /* in iterations of ~10us */
+
+/*
+ * AUX port access. To unlock the AUX port write the access keys to the
+ * PARAM0-2 registers, then write HERMES_AUX_ENABLE to the HERMES_CONTROL
+ * register. Then read it and make sure it's HERMES_AUX_ENABLED.
+ */
+#define HERMES_AUX_ENABLE 0x8000 /* Enable auxiliary port access */
+#define HERMES_AUX_DISABLE 0x4000 /* Disable to auxiliary port access */
+#define HERMES_AUX_ENABLED 0xC000 /* Auxiliary port is open */
+#define HERMES_AUX_DISABLED 0x0000 /* Auxiliary port is closed */
+
+#define HERMES_AUX_PW0 0xFE01
+#define HERMES_AUX_PW1 0xDC23
+#define HERMES_AUX_PW2 0xBA45
+
+/* HERMES_CMD_DOWNLD */
+#define HERMES_PROGRAM_DISABLE (0x0000 | HERMES_CMD_DOWNLD)
+#define HERMES_PROGRAM_ENABLE_VOLATILE (0x0100 | HERMES_CMD_DOWNLD)
+#define HERMES_PROGRAM_ENABLE_NON_VOLATILE (0x0200 | HERMES_CMD_DOWNLD)
+#define HERMES_PROGRAM_NON_VOLATILE (0x0300 | HERMES_CMD_DOWNLD)
+
+/*
+ * Debugging helpers
+ */
+
+#define DMSG(stuff...) do {printk(KERN_DEBUG "hermes @ %p: " , hw->iobase); \
+ printk(stuff); } while (0)
+
+#undef HERMES_DEBUG
+#ifdef HERMES_DEBUG
+
+#define DEBUG(lvl, stuff...) if ((lvl) <= HERMES_DEBUG) DMSG(stuff)
+
+#else /* ! HERMES_DEBUG */
+
+#define DEBUG(lvl, stuff...) do { } while (0)
+
+#endif /* ! HERMES_DEBUG */
+
+static const struct hermes_ops hermes_ops_local;
+
+/*
+ * Internal functions
+ */
+
+/* Issue a command to the chip. Waiting for it to complete is the caller's
+ problem.
+
+ Returns -EBUSY if the command register is busy, 0 on success.
+
+ Callable from any context.
+*/
+static int hermes_issue_cmd(struct hermes *hw, u16 cmd, u16 param0,
+ u16 param1, u16 param2)
+{
+ int k = CMD_BUSY_TIMEOUT;
+ u16 reg;
+
+ /* First wait for the command register to unbusy */
+ reg = hermes_read_regn(hw, CMD);
+ while ((reg & HERMES_CMD_BUSY) && k) {
+ k--;
+ udelay(1);
+ reg = hermes_read_regn(hw, CMD);
+ }
+ if (reg & HERMES_CMD_BUSY)
+ return -EBUSY;
+
+ hermes_write_regn(hw, PARAM2, param2);
+ hermes_write_regn(hw, PARAM1, param1);
+ hermes_write_regn(hw, PARAM0, param0);
+ hermes_write_regn(hw, CMD, cmd);
+
+ return 0;
+}
+
+/*
+ * Function definitions
+ */
+
+/* For doing cmds that wipe the magic constant in SWSUPPORT0 */
+static int hermes_doicmd_wait(struct hermes *hw, u16 cmd,
+ u16 parm0, u16 parm1, u16 parm2,
+ struct hermes_response *resp)
+{
+ int err = 0;
+ int k;
+ u16 status, reg;
+
+ err = hermes_issue_cmd(hw, cmd, parm0, parm1, parm2);
+ if (err)
+ return err;
+
+ reg = hermes_read_regn(hw, EVSTAT);
+ k = CMD_INIT_TIMEOUT;
+ while ((!(reg & HERMES_EV_CMD)) && k) {
+ k--;
+ udelay(10);
+ reg = hermes_read_regn(hw, EVSTAT);
+ }
+
+ hermes_write_regn(hw, SWSUPPORT0, HERMES_MAGIC);
+
+ if (!hermes_present(hw)) {
+ DEBUG(0, "hermes @ 0x%x: Card removed during reset.\n",
+ hw->iobase);
+ err = -ENODEV;
+ goto out;
+ }
+
+ if (!(reg & HERMES_EV_CMD)) {
+ printk(KERN_ERR "hermes @ %p: "
+ "Timeout waiting for card to reset (reg=0x%04x)!\n",
+ hw->iobase, reg);
+ err = -ETIMEDOUT;
+ goto out;
+ }
+
+ status = hermes_read_regn(hw, STATUS);
+ if (resp) {
+ resp->status = status;
+ resp->resp0 = hermes_read_regn(hw, RESP0);
+ resp->resp1 = hermes_read_regn(hw, RESP1);
+ resp->resp2 = hermes_read_regn(hw, RESP2);
+ }
+
+ hermes_write_regn(hw, EVACK, HERMES_EV_CMD);
+
+ if (status & HERMES_STATUS_RESULT)
+ err = -EIO;
+out:
+ return err;
+}
+
+void hermes_struct_init(struct hermes *hw, void __iomem *address,
+ int reg_spacing)
+{
+ hw->iobase = address;
+ hw->reg_spacing = reg_spacing;
+ hw->inten = 0x0;
+ hw->eeprom_pda = false;
+ hw->ops = &hermes_ops_local;
+}
+EXPORT_SYMBOL(hermes_struct_init);
+
+static int hermes_init(struct hermes *hw)
+{
+ u16 reg;
+ int err = 0;
+ int k;
+
+ /* We don't want to be interrupted while resetting the chipset */
+ hw->inten = 0x0;
+ hermes_write_regn(hw, INTEN, 0);
+ hermes_write_regn(hw, EVACK, 0xffff);
+
+ /* Normally it's a "can't happen" for the command register to
+ be busy when we go to issue a command because we are
+ serializing all commands. However we want to have some
+ chance of resetting the card even if it gets into a stupid
+ state, so we actually wait to see if the command register
+ will unbusy itself here. */
+ k = CMD_BUSY_TIMEOUT;
+ reg = hermes_read_regn(hw, CMD);
+ while (k && (reg & HERMES_CMD_BUSY)) {
+ if (reg == 0xffff) /* Special case - the card has probably been
+ removed, so don't wait for the timeout */
+ return -ENODEV;
+
+ k--;
+ udelay(1);
+ reg = hermes_read_regn(hw, CMD);
+ }
+
+ /* No need to explicitly handle the timeout - if we've timed
+ out hermes_issue_cmd() will probably return -EBUSY below */
+
+ /* According to the documentation, EVSTAT may contain
+ obsolete event occurrence information. We have to acknowledge
+ it by writing EVACK. */
+ reg = hermes_read_regn(hw, EVSTAT);
+ hermes_write_regn(hw, EVACK, reg);
+
+ /* We don't use hermes_docmd_wait here, because the reset wipes
+ the magic constant in SWSUPPORT0 away, and it gets confused */
+ err = hermes_doicmd_wait(hw, HERMES_CMD_INIT, 0, 0, 0, NULL);
+
+ return err;
+}
+
+/* Issue a command to the chip, and (busy!) wait for it to
+ * complete.
+ *
+ * Returns:
+ * < 0 on internal error
+ * 0 on success
+ * > 0 on error returned by the firmware
+ *
+ * Callable from any context, but locking is your problem. */
+static int hermes_docmd_wait(struct hermes *hw, u16 cmd, u16 parm0,
+ struct hermes_response *resp)
+{
+ int err;
+ int k;
+ u16 reg;
+ u16 status;
+
+ err = hermes_issue_cmd(hw, cmd, parm0, 0, 0);
+ if (err) {
+ if (!hermes_present(hw)) {
+ if (net_ratelimit())
+ printk(KERN_WARNING "hermes @ %p: "
+ "Card removed while issuing command "
+ "0x%04x.\n", hw->iobase, cmd);
+ err = -ENODEV;
+ } else
+ if (net_ratelimit())
+ printk(KERN_ERR "hermes @ %p: "
+ "Error %d issuing command 0x%04x.\n",
+ hw->iobase, err, cmd);
+ goto out;
+ }
+
+ reg = hermes_read_regn(hw, EVSTAT);
+ k = CMD_COMPL_TIMEOUT;
+ while ((!(reg & HERMES_EV_CMD)) && k) {
+ k--;
+ udelay(10);
+ reg = hermes_read_regn(hw, EVSTAT);
+ }
+
+ if (!hermes_present(hw)) {
+ printk(KERN_WARNING "hermes @ %p: Card removed "
+ "while waiting for command 0x%04x completion.\n",
+ hw->iobase, cmd);
+ err = -ENODEV;
+ goto out;
+ }
+
+ if (!(reg & HERMES_EV_CMD)) {
+ printk(KERN_ERR "hermes @ %p: Timeout waiting for "
+ "command 0x%04x completion.\n", hw->iobase, cmd);
+ err = -ETIMEDOUT;
+ goto out;
+ }
+
+ status = hermes_read_regn(hw, STATUS);
+ if (resp) {
+ resp->status = status;
+ resp->resp0 = hermes_read_regn(hw, RESP0);
+ resp->resp1 = hermes_read_regn(hw, RESP1);
+ resp->resp2 = hermes_read_regn(hw, RESP2);
+ }
+
+ hermes_write_regn(hw, EVACK, HERMES_EV_CMD);
+
+ if (status & HERMES_STATUS_RESULT)
+ err = -EIO;
+
+ out:
+ return err;
+}
+
+static int hermes_allocate(struct hermes *hw, u16 size, u16 *fid)
+{
+ int err = 0;
+ int k;
+ u16 reg;
+
+ if ((size < HERMES_ALLOC_LEN_MIN) || (size > HERMES_ALLOC_LEN_MAX))
+ return -EINVAL;
+
+ err = hermes_docmd_wait(hw, HERMES_CMD_ALLOC, size, NULL);
+ if (err)
+ return err;
+
+ reg = hermes_read_regn(hw, EVSTAT);
+ k = ALLOC_COMPL_TIMEOUT;
+ while ((!(reg & HERMES_EV_ALLOC)) && k) {
+ k--;
+ udelay(10);
+ reg = hermes_read_regn(hw, EVSTAT);
+ }
+
+ if (!hermes_present(hw)) {
+ printk(KERN_WARNING "hermes @ %p: "
+ "Card removed waiting for frame allocation.\n",
+ hw->iobase);
+ return -ENODEV;
+ }
+
+ if (!(reg & HERMES_EV_ALLOC)) {
+ printk(KERN_ERR "hermes @ %p: "
+ "Timeout waiting for frame allocation\n",
+ hw->iobase);
+ return -ETIMEDOUT;
+ }
+
+ *fid = hermes_read_regn(hw, ALLOCFID);
+ hermes_write_regn(hw, EVACK, HERMES_EV_ALLOC);
+
+ return 0;
+}
+
+/* Set up a BAP to read a particular chunk of data from card's internal buffer.
+ *
+ * Returns:
+ * < 0 on internal failure (errno)
+ * 0 on success
+ * > 0 on error
+ * from firmware
+ *
+ * Callable from any context */
+static int hermes_bap_seek(struct hermes *hw, int bap, u16 id, u16 offset)
+{
+ int sreg = bap ? HERMES_SELECT1 : HERMES_SELECT0;
+ int oreg = bap ? HERMES_OFFSET1 : HERMES_OFFSET0;
+ int k;
+ u16 reg;
+
+ /* Paranoia.. */
+ if ((offset > HERMES_BAP_OFFSET_MAX) || (offset % 2))
+ return -EINVAL;
+
+ k = HERMES_BAP_BUSY_TIMEOUT;
+ reg = hermes_read_reg(hw, oreg);
+ while ((reg & HERMES_OFFSET_BUSY) && k) {
+ k--;
+ udelay(1);
+ reg = hermes_read_reg(hw, oreg);
+ }
+
+ if (reg & HERMES_OFFSET_BUSY)
+ return -ETIMEDOUT;
+
+ /* Now we actually set up the transfer */
+ hermes_write_reg(hw, sreg, id);
+ hermes_write_reg(hw, oreg, offset);
+
+ /* Wait for the BAP to be ready */
+ k = HERMES_BAP_BUSY_TIMEOUT;
+ reg = hermes_read_reg(hw, oreg);
+ while ((reg & (HERMES_OFFSET_BUSY | HERMES_OFFSET_ERR)) && k) {
+ k--;
+ udelay(1);
+ reg = hermes_read_reg(hw, oreg);
+ }
+
+ if (reg != offset) {
+ printk(KERN_ERR "hermes @ %p: BAP%d offset %s: "
+ "reg=0x%x id=0x%x offset=0x%x\n", hw->iobase, bap,
+ (reg & HERMES_OFFSET_BUSY) ? "timeout" : "error",
+ reg, id, offset);
+
+ if (reg & HERMES_OFFSET_BUSY)
+ return -ETIMEDOUT;
+
+ return -EIO; /* error or wrong offset */
+ }
+
+ return 0;
+}
+
+/* Read a block of data from the chip's buffer, via the
+ * BAP. Synchronization/serialization is the caller's problem. len
+ * must be even.
+ *
+ * Returns:
+ * < 0 on internal failure (errno)
+ * 0 on success
+ * > 0 on error from firmware
+ */
+static int hermes_bap_pread(struct hermes *hw, int bap, void *buf, int len,
+ u16 id, u16 offset)
+{
+ int dreg = bap ? HERMES_DATA1 : HERMES_DATA0;
+ int err = 0;
+
+ if ((len < 0) || (len % 2))
+ return -EINVAL;
+
+ err = hermes_bap_seek(hw, bap, id, offset);
+ if (err)
+ goto out;
+
+ /* Actually do the transfer */
+ hermes_read_words(hw, dreg, buf, len / 2);
+
+ out:
+ return err;
+}
+
+/* Write a block of data to the chip's buffer, via the
+ * BAP. Synchronization/serialization is the caller's problem.
+ *
+ * Returns:
+ * < 0 on internal failure (errno)
+ * 0 on success
+ * > 0 on error from firmware
+ */
+static int hermes_bap_pwrite(struct hermes *hw, int bap, const void *buf,
+ int len, u16 id, u16 offset)
+{
+ int dreg = bap ? HERMES_DATA1 : HERMES_DATA0;
+ int err = 0;
+
+ if (len < 0)
+ return -EINVAL;
+
+ err = hermes_bap_seek(hw, bap, id, offset);
+ if (err)
+ goto out;
+
+ /* Actually do the transfer */
+ hermes_write_bytes(hw, dreg, buf, len);
+
+ out:
+ return err;
+}
+
+/* Read a Length-Type-Value record from the card.
+ *
+ * If length is NULL, we ignore the length read from the card, and
+ * read the entire buffer regardless. This is useful because some of
+ * the configuration records appear to have incorrect lengths in
+ * practice.
+ *
+ * Callable from user or bh context. */
+static int hermes_read_ltv(struct hermes *hw, int bap, u16 rid,
+ unsigned bufsize, u16 *length, void *buf)
+{
+ int err = 0;
+ int dreg = bap ? HERMES_DATA1 : HERMES_DATA0;
+ u16 rlength, rtype;
+ unsigned nwords;
+
+ if (bufsize % 2)
+ return -EINVAL;
+
+ err = hermes_docmd_wait(hw, HERMES_CMD_ACCESS, rid, NULL);
+ if (err)
+ return err;
+
+ err = hermes_bap_seek(hw, bap, rid, 0);
+ if (err)
+ return err;
+
+ rlength = hermes_read_reg(hw, dreg);
+
+ if (!rlength)
+ return -ENODATA;
+
+ rtype = hermes_read_reg(hw, dreg);
+
+ if (length)
+ *length = rlength;
+
+ if (rtype != rid)
+ printk(KERN_WARNING "hermes @ %p: %s(): "
+ "rid (0x%04x) does not match type (0x%04x)\n",
+ hw->iobase, __func__, rid, rtype);
+ if (HERMES_RECLEN_TO_BYTES(rlength) > bufsize)
+ printk(KERN_WARNING "hermes @ %p: "
+ "Truncating LTV record from %d to %d bytes. "
+ "(rid=0x%04x, len=0x%04x)\n", hw->iobase,
+ HERMES_RECLEN_TO_BYTES(rlength), bufsize, rid, rlength);
+
+ nwords = min((unsigned)rlength - 1, bufsize / 2);
+ hermes_read_words(hw, dreg, buf, nwords);
+
+ return 0;
+}
+
+static int hermes_write_ltv(struct hermes *hw, int bap, u16 rid,
+ u16 length, const void *value)
+{
+ int dreg = bap ? HERMES_DATA1 : HERMES_DATA0;
+ int err = 0;
+ unsigned count;
+
+ if (length == 0)
+ return -EINVAL;
+
+ err = hermes_bap_seek(hw, bap, rid, 0);
+ if (err)
+ return err;
+
+ hermes_write_reg(hw, dreg, length);
+ hermes_write_reg(hw, dreg, rid);
+
+ count = length - 1;
+
+ hermes_write_bytes(hw, dreg, value, count << 1);
+
+ err = hermes_docmd_wait(hw, HERMES_CMD_ACCESS | HERMES_CMD_WRITE,
+ rid, NULL);
+
+ return err;
+}
+
+/*** Hermes AUX control ***/
+
+static inline void
+hermes_aux_setaddr(struct hermes *hw, u32 addr)
+{
+ hermes_write_reg(hw, HERMES_AUXPAGE, (u16) (addr >> 7));
+ hermes_write_reg(hw, HERMES_AUXOFFSET, (u16) (addr & 0x7F));
+}
+
+static inline int
+hermes_aux_control(struct hermes *hw, int enabled)
+{
+ int desired_state = enabled ? HERMES_AUX_ENABLED : HERMES_AUX_DISABLED;
+ int action = enabled ? HERMES_AUX_ENABLE : HERMES_AUX_DISABLE;
+ int i;
+
+ /* Already open? */
+ if (hermes_read_reg(hw, HERMES_CONTROL) == desired_state)
+ return 0;
+
+ hermes_write_reg(hw, HERMES_PARAM0, HERMES_AUX_PW0);
+ hermes_write_reg(hw, HERMES_PARAM1, HERMES_AUX_PW1);
+ hermes_write_reg(hw, HERMES_PARAM2, HERMES_AUX_PW2);
+ hermes_write_reg(hw, HERMES_CONTROL, action);
+
+ for (i = 0; i < 20; i++) {
+ udelay(10);
+ if (hermes_read_reg(hw, HERMES_CONTROL) ==
+ desired_state)
+ return 0;
+ }
+
+ return -EBUSY;
+}
+
+/*** Hermes programming ***/
+
+/* About to start programming data (Hermes I)
+ * offset is the entry point
+ *
+ * Spectrum_cs' Symbol fw does not require this
+ * wl_lkm Agere fw does
+ * Don't know about intersil
+ */
+static int hermesi_program_init(struct hermes *hw, u32 offset)
+{
+ int err;
+
+ /* Disable interrupts?*/
+ /*hw->inten = 0x0;*/
+ /*hermes_write_regn(hw, INTEN, 0);*/
+ /*hermes_set_irqmask(hw, 0);*/
+
+ /* Acknowledge any outstanding command */
+ hermes_write_regn(hw, EVACK, 0xFFFF);
+
+ /* Using init_cmd_wait rather than cmd_wait */
+ err = hw->ops->init_cmd_wait(hw,
+ 0x0100 | HERMES_CMD_INIT,
+ 0, 0, 0, NULL);
+ if (err)
+ return err;
+
+ err = hw->ops->init_cmd_wait(hw,
+ 0x0000 | HERMES_CMD_INIT,
+ 0, 0, 0, NULL);
+ if (err)
+ return err;
+
+ err = hermes_aux_control(hw, 1);
+ pr_debug("AUX enable returned %d\n", err);
+
+ if (err)
+ return err;
+
+ pr_debug("Enabling volatile, EP 0x%08x\n", offset);
+ err = hw->ops->init_cmd_wait(hw,
+ HERMES_PROGRAM_ENABLE_VOLATILE,
+ offset & 0xFFFFu,
+ offset >> 16,
+ 0,
+ NULL);
+ pr_debug("PROGRAM_ENABLE returned %d\n", err);
+
+ return err;
+}
+
+/* Done programming data (Hermes I)
+ *
+ * Spectrum_cs' Symbol fw does not require this
+ * wl_lkm Agere fw does
+ * Don't know about intersil
+ */
+static int hermesi_program_end(struct hermes *hw)
+{
+ struct hermes_response resp;
+ int rc = 0;
+ int err;
+
+ rc = hw->ops->cmd_wait(hw, HERMES_PROGRAM_DISABLE, 0, &resp);
+
+ pr_debug("PROGRAM_DISABLE returned %d, "
+ "r0 0x%04x, r1 0x%04x, r2 0x%04x\n",
+ rc, resp.resp0, resp.resp1, resp.resp2);
+
+ if ((rc == 0) &&
+ ((resp.status & HERMES_STATUS_CMDCODE) != HERMES_CMD_DOWNLD))
+ rc = -EIO;
+
+ err = hermes_aux_control(hw, 0);
+ pr_debug("AUX disable returned %d\n", err);
+
+ /* Acknowledge any outstanding command */
+ hermes_write_regn(hw, EVACK, 0xFFFF);
+
+ /* Reinitialise, ignoring return */
+ (void) hw->ops->init_cmd_wait(hw, 0x0000 | HERMES_CMD_INIT,
+ 0, 0, 0, NULL);
+
+ return rc ? rc : err;
+}
+
+static int hermes_program_bytes(struct hermes *hw, const char *data,
+ u32 addr, u32 len)
+{
+ /* wl lkm splits the programming into chunks of 2000 bytes.
+ * This restriction appears to come from USB. The PCMCIA
+ * adapters can program the whole lot in one go */
+ hermes_aux_setaddr(hw, addr);
+ hermes_write_bytes(hw, HERMES_AUXDATA, data, len);
+ return 0;
+}
+
+/* Read PDA from the adapter */
+static int hermes_read_pda(struct hermes *hw, __le16 *pda, u32 pda_addr,
+ u16 pda_len)
+{
+ int ret;
+ u16 pda_size;
+ u16 data_len = pda_len;
+ __le16 *data = pda;
+
+ if (hw->eeprom_pda) {
+ /* PDA of spectrum symbol is in eeprom */
+
+ /* Issue command to read EEPROM */
+ ret = hw->ops->cmd_wait(hw, HERMES_CMD_READMIF, 0, NULL);
+ if (ret)
+ return ret;
+ } else {
+ /* wl_lkm does not include PDA size in the PDA area.
+ * We will pad the information into pda, so other routines
+ * don't have to be modified */
+ pda[0] = cpu_to_le16(pda_len - 2);
+ /* Includes CFG_PROD_DATA but not itself */
+ pda[1] = cpu_to_le16(0x0800); /* CFG_PROD_DATA */
+ data_len = pda_len - 4;
+ data = pda + 2;
+ }
+
+ /* Open auxiliary port */
+ ret = hermes_aux_control(hw, 1);
+ pr_debug("AUX enable returned %d\n", ret);
+ if (ret)
+ return ret;
+
+ /* Read PDA */
+ hermes_aux_setaddr(hw, pda_addr);
+ hermes_read_words(hw, HERMES_AUXDATA, data, data_len / 2);
+
+ /* Close aux port */
+ ret = hermes_aux_control(hw, 0);
+ pr_debug("AUX disable returned %d\n", ret);
+
+ /* Check PDA length */
+ pda_size = le16_to_cpu(pda[0]);
+ pr_debug("Actual PDA length %d, Max allowed %d\n",
+ pda_size, pda_len);
+ if (pda_size > pda_len)
+ return -EINVAL;
+
+ return 0;
+}
+
+static void hermes_lock_irqsave(spinlock_t *lock,
+ unsigned long *flags) __acquires(lock)
+{
+ spin_lock_irqsave(lock, *flags);
+}
+
+static void hermes_unlock_irqrestore(spinlock_t *lock,
+ unsigned long *flags) __releases(lock)
+{
+ spin_unlock_irqrestore(lock, *flags);
+}
+
+static void hermes_lock_irq(spinlock_t *lock) __acquires(lock)
+{
+ spin_lock_irq(lock);
+}
+
+static void hermes_unlock_irq(spinlock_t *lock) __releases(lock)
+{
+ spin_unlock_irq(lock);
+}
+
+/* Hermes operations for local buses */
+static const struct hermes_ops hermes_ops_local = {
+ .init = hermes_init,
+ .cmd_wait = hermes_docmd_wait,
+ .init_cmd_wait = hermes_doicmd_wait,
+ .allocate = hermes_allocate,
+ .read_ltv = hermes_read_ltv,
+ .read_ltv_pr = hermes_read_ltv,
+ .write_ltv = hermes_write_ltv,
+ .bap_pread = hermes_bap_pread,
+ .bap_pwrite = hermes_bap_pwrite,
+ .read_pda = hermes_read_pda,
+ .program_init = hermesi_program_init,
+ .program_end = hermesi_program_end,
+ .program = hermes_program_bytes,
+ .lock_irqsave = hermes_lock_irqsave,
+ .unlock_irqrestore = hermes_unlock_irqrestore,
+ .lock_irq = hermes_lock_irq,
+ .unlock_irq = hermes_unlock_irq,
+};
diff --git a/drivers/net/wireless/intersil/orinoco/hermes.h b/drivers/net/wireless/intersil/orinoco/hermes.h
new file mode 100644
index 000000000..3dc561a5c
--- /dev/null
+++ b/drivers/net/wireless/intersil/orinoco/hermes.h
@@ -0,0 +1,534 @@
+/* SPDX-License-Identifier: GPL-2.0-only */
+/* hermes.h
+ *
+ * Driver core for the "Hermes" wireless MAC controller, as used in
+ * the Lucent Orinoco and Cabletron RoamAbout cards. It should also
+ * work on the hfa3841 and hfa3842 MAC controller chips used in the
+ * Prism I & II chipsets.
+ *
+ * This is not a complete driver, just low-level access routines for
+ * the MAC controller itself.
+ *
+ * Based on the prism2 driver from Absolute Value Systems' linux-wlan
+ * project, the Linux wvlan_cs driver, Lucent's HCF-Light
+ * (wvlan_hcf.c) library, and the NetBSD wireless driver.
+ *
+ * Copyright (C) 2000, David Gibson, Linuxcare Australia.
+ * (C) Copyright David Gibson, IBM Corp. 2001-2003.
+ *
+ * Portions taken from hfa384x.h.
+ * Copyright (C) 1999 AbsoluteValue Systems, Inc. All Rights Reserved.
+ */
+
+#ifndef _HERMES_H
+#define _HERMES_H
+
+/* Notes on locking:
+ *
+ * As a module of low level hardware access routines, there is no
+ * locking. Users of this module should ensure that they serialize
+ * access to the hermes structure, and to the hardware
+*/
+
+#include <linux/if_ether.h>
+#include <linux/io.h>
+
+/*
+ * Limits and constants
+ */
+#define HERMES_ALLOC_LEN_MIN (4)
+#define HERMES_ALLOC_LEN_MAX (2400)
+#define HERMES_LTV_LEN_MAX (34)
+#define HERMES_BAP_DATALEN_MAX (4096)
+#define HERMES_BAP_OFFSET_MAX (4096)
+#define HERMES_PORTID_MAX (7)
+#define HERMES_NUMPORTS_MAX (HERMES_PORTID_MAX + 1)
+#define HERMES_PDR_LEN_MAX (260) /* in bytes, from EK */
+#define HERMES_PDA_RECS_MAX (200) /* a guess */
+#define HERMES_PDA_LEN_MAX (1024) /* in bytes, from EK */
+#define HERMES_SCANRESULT_MAX (35)
+#define HERMES_CHINFORESULT_MAX (8)
+#define HERMES_MAX_MULTICAST (16)
+#define HERMES_MAGIC (0x7d1f)
+
+/*
+ * Hermes register offsets
+ */
+#define HERMES_CMD (0x00)
+#define HERMES_PARAM0 (0x02)
+#define HERMES_PARAM1 (0x04)
+#define HERMES_PARAM2 (0x06)
+#define HERMES_STATUS (0x08)
+#define HERMES_RESP0 (0x0A)
+#define HERMES_RESP1 (0x0C)
+#define HERMES_RESP2 (0x0E)
+#define HERMES_INFOFID (0x10)
+#define HERMES_RXFID (0x20)
+#define HERMES_ALLOCFID (0x22)
+#define HERMES_TXCOMPLFID (0x24)
+#define HERMES_SELECT0 (0x18)
+#define HERMES_OFFSET0 (0x1C)
+#define HERMES_DATA0 (0x36)
+#define HERMES_SELECT1 (0x1A)
+#define HERMES_OFFSET1 (0x1E)
+#define HERMES_DATA1 (0x38)
+#define HERMES_EVSTAT (0x30)
+#define HERMES_INTEN (0x32)
+#define HERMES_EVACK (0x34)
+#define HERMES_CONTROL (0x14)
+#define HERMES_SWSUPPORT0 (0x28)
+#define HERMES_SWSUPPORT1 (0x2A)
+#define HERMES_SWSUPPORT2 (0x2C)
+#define HERMES_AUXPAGE (0x3A)
+#define HERMES_AUXOFFSET (0x3C)
+#define HERMES_AUXDATA (0x3E)
+
+/*
+ * CMD register bitmasks
+ */
+#define HERMES_CMD_BUSY (0x8000)
+#define HERMES_CMD_AINFO (0x7f00)
+#define HERMES_CMD_MACPORT (0x0700)
+#define HERMES_CMD_RECL (0x0100)
+#define HERMES_CMD_WRITE (0x0100)
+#define HERMES_CMD_PROGMODE (0x0300)
+#define HERMES_CMD_CMDCODE (0x003f)
+
+/*
+ * STATUS register bitmasks
+ */
+#define HERMES_STATUS_RESULT (0x7f00)
+#define HERMES_STATUS_CMDCODE (0x003f)
+
+/*
+ * OFFSET register bitmasks
+ */
+#define HERMES_OFFSET_BUSY (0x8000)
+#define HERMES_OFFSET_ERR (0x4000)
+#define HERMES_OFFSET_DATAOFF (0x0ffe)
+
+/*
+ * Event register bitmasks (INTEN, EVSTAT, EVACK)
+ */
+#define HERMES_EV_TICK (0x8000)
+#define HERMES_EV_WTERR (0x4000)
+#define HERMES_EV_INFDROP (0x2000)
+#define HERMES_EV_INFO (0x0080)
+#define HERMES_EV_DTIM (0x0020)
+#define HERMES_EV_CMD (0x0010)
+#define HERMES_EV_ALLOC (0x0008)
+#define HERMES_EV_TXEXC (0x0004)
+#define HERMES_EV_TX (0x0002)
+#define HERMES_EV_RX (0x0001)
+
+/*
+ * Command codes
+ */
+/*--- Controller Commands ----------------------------*/
+#define HERMES_CMD_INIT (0x0000)
+#define HERMES_CMD_ENABLE (0x0001)
+#define HERMES_CMD_DISABLE (0x0002)
+#define HERMES_CMD_DIAG (0x0003)
+
+/*--- Buffer Mgmt Commands ---------------------------*/
+#define HERMES_CMD_ALLOC (0x000A)
+#define HERMES_CMD_TX (0x000B)
+
+/*--- Regulate Commands ------------------------------*/
+#define HERMES_CMD_NOTIFY (0x0010)
+#define HERMES_CMD_INQUIRE (0x0011)
+
+/*--- Configure Commands -----------------------------*/
+#define HERMES_CMD_ACCESS (0x0021)
+#define HERMES_CMD_DOWNLD (0x0022)
+
+/*--- Serial I/O Commands ----------------------------*/
+#define HERMES_CMD_READMIF (0x0030)
+#define HERMES_CMD_WRITEMIF (0x0031)
+
+/*--- Debugging Commands -----------------------------*/
+#define HERMES_CMD_TEST (0x0038)
+
+
+/* Test command arguments */
+#define HERMES_TEST_SET_CHANNEL 0x0800
+#define HERMES_TEST_MONITOR 0x0b00
+#define HERMES_TEST_STOP 0x0f00
+
+/* Authentication algorithms */
+#define HERMES_AUTH_OPEN 1
+#define HERMES_AUTH_SHARED_KEY 2
+
+/* WEP settings */
+#define HERMES_WEP_PRIVACY_INVOKED 0x0001
+#define HERMES_WEP_EXCL_UNENCRYPTED 0x0002
+#define HERMES_WEP_HOST_ENCRYPT 0x0010
+#define HERMES_WEP_HOST_DECRYPT 0x0080
+
+/* Symbol hostscan options */
+#define HERMES_HOSTSCAN_SYMBOL_5SEC 0x0001
+#define HERMES_HOSTSCAN_SYMBOL_ONCE 0x0002
+#define HERMES_HOSTSCAN_SYMBOL_PASSIVE 0x0040
+#define HERMES_HOSTSCAN_SYMBOL_BCAST 0x0080
+
+/*
+ * Frame structures and constants
+ */
+
+#define HERMES_DESCRIPTOR_OFFSET 0
+#define HERMES_802_11_OFFSET (14)
+#define HERMES_802_3_OFFSET (14 + 32)
+#define HERMES_802_2_OFFSET (14 + 32 + 14)
+#define HERMES_TXCNTL2_OFFSET (HERMES_802_3_OFFSET - 2)
+
+#define HERMES_RXSTAT_ERR (0x0003)
+#define HERMES_RXSTAT_BADCRC (0x0001)
+#define HERMES_RXSTAT_UNDECRYPTABLE (0x0002)
+#define HERMES_RXSTAT_MIC (0x0010) /* Frame contains MIC */
+#define HERMES_RXSTAT_MACPORT (0x0700)
+#define HERMES_RXSTAT_PCF (0x1000) /* Frame was received in CF period */
+#define HERMES_RXSTAT_MIC_KEY_ID (0x1800) /* MIC key used */
+#define HERMES_RXSTAT_MSGTYPE (0xE000)
+#define HERMES_RXSTAT_1042 (0x2000) /* RFC-1042 frame */
+#define HERMES_RXSTAT_TUNNEL (0x4000) /* bridge-tunnel encoded frame */
+#define HERMES_RXSTAT_WMP (0x6000) /* Wavelan-II Management Protocol frame */
+
+/* Shift amount for key ID in RXSTAT and TXCTRL */
+#define HERMES_MIC_KEY_ID_SHIFT 11
+
+struct hermes_tx_descriptor {
+ __le16 status;
+ __le16 reserved1;
+ __le16 reserved2;
+ __le32 sw_support;
+ u8 retry_count;
+ u8 tx_rate;
+ __le16 tx_control;
+} __packed;
+
+#define HERMES_TXSTAT_RETRYERR (0x0001)
+#define HERMES_TXSTAT_AGEDERR (0x0002)
+#define HERMES_TXSTAT_DISCON (0x0004)
+#define HERMES_TXSTAT_FORMERR (0x0008)
+
+#define HERMES_TXCTRL_TX_OK (0x0002) /* ?? interrupt on Tx complete */
+#define HERMES_TXCTRL_TX_EX (0x0004) /* ?? interrupt on Tx exception */
+#define HERMES_TXCTRL_802_11 (0x0008) /* We supply 802.11 header */
+#define HERMES_TXCTRL_MIC (0x0010) /* 802.3 + TKIP */
+#define HERMES_TXCTRL_MIC_KEY_ID (0x1800) /* MIC Key ID mask */
+#define HERMES_TXCTRL_ALT_RTRY (0x0020)
+
+/* Inquiry constants and data types */
+
+#define HERMES_INQ_TALLIES (0xF100)
+#define HERMES_INQ_SCAN (0xF101)
+#define HERMES_INQ_CHANNELINFO (0xF102)
+#define HERMES_INQ_HOSTSCAN (0xF103)
+#define HERMES_INQ_HOSTSCAN_SYMBOL (0xF104)
+#define HERMES_INQ_LINKSTATUS (0xF200)
+#define HERMES_INQ_SEC_STAT_AGERE (0xF202)
+
+struct hermes_tallies_frame {
+ __le16 TxUnicastFrames;
+ __le16 TxMulticastFrames;
+ __le16 TxFragments;
+ __le16 TxUnicastOctets;
+ __le16 TxMulticastOctets;
+ __le16 TxDeferredTransmissions;
+ __le16 TxSingleRetryFrames;
+ __le16 TxMultipleRetryFrames;
+ __le16 TxRetryLimitExceeded;
+ __le16 TxDiscards;
+ __le16 RxUnicastFrames;
+ __le16 RxMulticastFrames;
+ __le16 RxFragments;
+ __le16 RxUnicastOctets;
+ __le16 RxMulticastOctets;
+ __le16 RxFCSErrors;
+ __le16 RxDiscards_NoBuffer;
+ __le16 TxDiscardsWrongSA;
+ __le16 RxWEPUndecryptable;
+ __le16 RxMsgInMsgFragments;
+ __le16 RxMsgInBadMsgFragments;
+ /* Those last are probably not available in very old firmwares */
+ __le16 RxDiscards_WEPICVError;
+ __le16 RxDiscards_WEPExcluded;
+} __packed;
+
+/* Grabbed from wlan-ng - Thanks Mark... - Jean II
+ * This is the result of a scan inquiry command */
+/* Structure describing info about an Access Point */
+struct prism2_scan_apinfo {
+ __le16 channel; /* Channel where the AP sits */
+ __le16 noise; /* Noise level */
+ __le16 level; /* Signal level */
+ u8 bssid[ETH_ALEN]; /* MAC address of the Access Point */
+ __le16 beacon_interv; /* Beacon interval */
+ __le16 capabilities; /* Capabilities */
+ __le16 essid_len; /* ESSID length */
+ u8 essid[32]; /* ESSID of the network */
+ u8 rates[10]; /* Bit rate supported */
+ __le16 proberesp_rate; /* Data rate of the response frame */
+ __le16 atim; /* ATIM window time, Kus (hostscan only) */
+} __packed;
+
+/* Same stuff for the Lucent/Agere card.
+ * Thanks to h1kari <h1kari AT dachb0den.com> - Jean II */
+struct agere_scan_apinfo {
+ __le16 channel; /* Channel where the AP sits */
+ __le16 noise; /* Noise level */
+ __le16 level; /* Signal level */
+ u8 bssid[ETH_ALEN]; /* MAC address of the Access Point */
+ __le16 beacon_interv; /* Beacon interval */
+ __le16 capabilities; /* Capabilities */
+ /* bits: 0-ess, 1-ibss, 4-privacy [wep] */
+ __le16 essid_len; /* ESSID length */
+ u8 essid[32]; /* ESSID of the network */
+} __packed;
+
+/* Moustafa: Scan structure for Symbol cards */
+struct symbol_scan_apinfo {
+ u8 channel; /* Channel where the AP sits */
+ u8 unknown1; /* 8 in 2.9x and 3.9x f/w, 0 otherwise */
+ __le16 noise; /* Noise level */
+ __le16 level; /* Signal level */
+ u8 bssid[ETH_ALEN]; /* MAC address of the Access Point */
+ __le16 beacon_interv; /* Beacon interval */
+ __le16 capabilities; /* Capabilities */
+ /* bits: 0-ess, 1-ibss, 4-privacy [wep] */
+ __le16 essid_len; /* ESSID length */
+ u8 essid[32]; /* ESSID of the network */
+ __le16 rates[5]; /* Bit rate supported */
+ __le16 basic_rates; /* Basic rates bitmask */
+ u8 unknown2[6]; /* Always FF:FF:FF:FF:00:00 */
+ u8 unknown3[8]; /* Always 0, appeared in f/w 3.91-68 */
+} __packed;
+
+union hermes_scan_info {
+ struct agere_scan_apinfo a;
+ struct prism2_scan_apinfo p;
+ struct symbol_scan_apinfo s;
+};
+
+/* Extended scan struct for HERMES_INQ_CHANNELINFO.
+ * wl_lkm calls this an ACS scan (Automatic Channel Select).
+ * Keep out of union hermes_scan_info because it is much bigger than
+ * the older scan structures. */
+struct agere_ext_scan_info {
+ __le16 reserved0;
+
+ u8 noise;
+ u8 level;
+ u8 rx_flow;
+ u8 rate;
+ __le16 reserved1[2];
+
+ __le16 frame_control;
+ __le16 dur_id;
+ u8 addr1[ETH_ALEN];
+ u8 addr2[ETH_ALEN];
+ u8 bssid[ETH_ALEN];
+ __le16 sequence;
+ u8 addr4[ETH_ALEN];
+
+ __le16 data_length;
+
+ /* Next 3 fields do not get filled in. */
+ u8 daddr[ETH_ALEN];
+ u8 saddr[ETH_ALEN];
+ __le16 len_type;
+
+ __le64 timestamp;
+ __le16 beacon_interval;
+ __le16 capabilities;
+ u8 data[];
+} __packed;
+
+#define HERMES_LINKSTATUS_NOT_CONNECTED (0x0000)
+#define HERMES_LINKSTATUS_CONNECTED (0x0001)
+#define HERMES_LINKSTATUS_DISCONNECTED (0x0002)
+#define HERMES_LINKSTATUS_AP_CHANGE (0x0003)
+#define HERMES_LINKSTATUS_AP_OUT_OF_RANGE (0x0004)
+#define HERMES_LINKSTATUS_AP_IN_RANGE (0x0005)
+#define HERMES_LINKSTATUS_ASSOC_FAILED (0x0006)
+
+struct hermes_linkstatus {
+ __le16 linkstatus; /* Link status */
+} __packed;
+
+struct hermes_response {
+ u16 status, resp0, resp1, resp2;
+};
+
+/* "ID" structure - used for ESSID and station nickname */
+struct hermes_idstring {
+ __le16 len;
+ __le16 val[16];
+} __packed;
+
+struct hermes_multicast {
+ u8 addr[HERMES_MAX_MULTICAST][ETH_ALEN];
+} __packed;
+
+/* Timeouts */
+#define HERMES_BAP_BUSY_TIMEOUT (10000) /* In iterations of ~1us */
+
+struct hermes;
+
+/* Functions to access hardware */
+struct hermes_ops {
+ int (*init)(struct hermes *hw);
+ int (*cmd_wait)(struct hermes *hw, u16 cmd, u16 parm0,
+ struct hermes_response *resp);
+ int (*init_cmd_wait)(struct hermes *hw, u16 cmd,
+ u16 parm0, u16 parm1, u16 parm2,
+ struct hermes_response *resp);
+ int (*allocate)(struct hermes *hw, u16 size, u16 *fid);
+ int (*read_ltv)(struct hermes *hw, int bap, u16 rid, unsigned buflen,
+ u16 *length, void *buf);
+ int (*read_ltv_pr)(struct hermes *hw, int bap, u16 rid,
+ unsigned buflen, u16 *length, void *buf);
+ int (*write_ltv)(struct hermes *hw, int bap, u16 rid,
+ u16 length, const void *value);
+ int (*bap_pread)(struct hermes *hw, int bap, void *buf, int len,
+ u16 id, u16 offset);
+ int (*bap_pwrite)(struct hermes *hw, int bap, const void *buf,
+ int len, u16 id, u16 offset);
+ int (*read_pda)(struct hermes *hw, __le16 *pda,
+ u32 pda_addr, u16 pda_len);
+ int (*program_init)(struct hermes *hw, u32 entry_point);
+ int (*program_end)(struct hermes *hw);
+ int (*program)(struct hermes *hw, const char *buf,
+ u32 addr, u32 len);
+ void (*lock_irqsave)(spinlock_t *lock, unsigned long *flags);
+ void (*unlock_irqrestore)(spinlock_t *lock, unsigned long *flags);
+ void (*lock_irq)(spinlock_t *lock);
+ void (*unlock_irq)(spinlock_t *lock);
+};
+
+/* Basic control structure */
+struct hermes {
+ void __iomem *iobase;
+ int reg_spacing;
+#define HERMES_16BIT_REGSPACING 0
+#define HERMES_32BIT_REGSPACING 1
+ u16 inten; /* Which interrupts should be enabled? */
+ bool eeprom_pda;
+ const struct hermes_ops *ops;
+ void *priv;
+};
+
+/* Register access convenience macros */
+#define hermes_read_reg(hw, off) \
+ (ioread16((hw)->iobase + ((off) << (hw)->reg_spacing)))
+#define hermes_write_reg(hw, off, val) \
+ (iowrite16((val), (hw)->iobase + ((off) << (hw)->reg_spacing)))
+#define hermes_read_regn(hw, name) hermes_read_reg((hw), HERMES_##name)
+#define hermes_write_regn(hw, name, val) \
+ hermes_write_reg((hw), HERMES_##name, (val))
+
+/* Function prototypes */
+void hermes_struct_init(struct hermes *hw, void __iomem *address,
+ int reg_spacing);
+
+/* Inline functions */
+
+static inline int hermes_present(struct hermes *hw)
+{
+ return hermes_read_regn(hw, SWSUPPORT0) == HERMES_MAGIC;
+}
+
+static inline void hermes_set_irqmask(struct hermes *hw, u16 events)
+{
+ hw->inten = events;
+ hermes_write_regn(hw, INTEN, events);
+}
+
+static inline int hermes_enable_port(struct hermes *hw, int port)
+{
+ return hw->ops->cmd_wait(hw, HERMES_CMD_ENABLE | (port << 8),
+ 0, NULL);
+}
+
+static inline int hermes_disable_port(struct hermes *hw, int port)
+{
+ return hw->ops->cmd_wait(hw, HERMES_CMD_DISABLE | (port << 8),
+ 0, NULL);
+}
+
+/* Initiate an INQUIRE command (tallies or scan). The result will come as an
+ * information frame in __orinoco_ev_info() */
+static inline int hermes_inquire(struct hermes *hw, u16 rid)
+{
+ return hw->ops->cmd_wait(hw, HERMES_CMD_INQUIRE, rid, NULL);
+}
+
+#define HERMES_BYTES_TO_RECLEN(n) ((((n) + 1) / 2) + 1)
+#define HERMES_RECLEN_TO_BYTES(n) (((n) - 1) * 2)
+
+/* Note that for the next two, the count is in 16-bit words, not bytes */
+static inline void hermes_read_words(struct hermes *hw, int off,
+ void *buf, unsigned count)
+{
+ off = off << hw->reg_spacing;
+ ioread16_rep(hw->iobase + off, buf, count);
+}
+
+static inline void hermes_write_bytes(struct hermes *hw, int off,
+ const char *buf, unsigned count)
+{
+ off = off << hw->reg_spacing;
+ iowrite16_rep(hw->iobase + off, buf, count >> 1);
+ if (unlikely(count & 1))
+ iowrite8(buf[count - 1], hw->iobase + off);
+}
+
+static inline void hermes_clear_words(struct hermes *hw, int off,
+ unsigned count)
+{
+ unsigned i;
+
+ off = off << hw->reg_spacing;
+
+ for (i = 0; i < count; i++)
+ iowrite16(0, hw->iobase + off);
+}
+
+#define HERMES_READ_RECORD(hw, bap, rid, buf) \
+ (hw->ops->read_ltv((hw), (bap), (rid), sizeof(*buf), NULL, (buf)))
+#define HERMES_READ_RECORD_PR(hw, bap, rid, buf) \
+ (hw->ops->read_ltv_pr((hw), (bap), (rid), sizeof(*buf), NULL, (buf)))
+#define HERMES_WRITE_RECORD(hw, bap, rid, buf) \
+ (hw->ops->write_ltv((hw), (bap), (rid), \
+ HERMES_BYTES_TO_RECLEN(sizeof(*buf)), (buf)))
+
+static inline int hermes_read_wordrec(struct hermes *hw, int bap, u16 rid,
+ u16 *word)
+{
+ __le16 rec;
+ int err;
+
+ err = HERMES_READ_RECORD(hw, bap, rid, &rec);
+ *word = le16_to_cpu(rec);
+ return err;
+}
+
+static inline int hermes_read_wordrec_pr(struct hermes *hw, int bap, u16 rid,
+ u16 *word)
+{
+ __le16 rec;
+ int err;
+
+ err = HERMES_READ_RECORD_PR(hw, bap, rid, &rec);
+ *word = le16_to_cpu(rec);
+ return err;
+}
+
+static inline int hermes_write_wordrec(struct hermes *hw, int bap, u16 rid,
+ u16 word)
+{
+ __le16 rec = cpu_to_le16(word);
+ return HERMES_WRITE_RECORD(hw, bap, rid, &rec);
+}
+
+#endif /* _HERMES_H */
diff --git a/drivers/net/wireless/intersil/orinoco/hermes_dld.c b/drivers/net/wireless/intersil/orinoco/hermes_dld.c
new file mode 100644
index 000000000..dbeadfcfe
--- /dev/null
+++ b/drivers/net/wireless/intersil/orinoco/hermes_dld.c
@@ -0,0 +1,477 @@
+/*
+ * Hermes download helper.
+ *
+ * This helper:
+ * - is capable of writing to the volatile area of the hermes device
+ * - is currently not capable of writing to non-volatile areas
+ * - provide helpers to identify and update plugin data
+ * - is not capable of interpreting a fw image directly. That is up to
+ * the main card driver.
+ * - deals with Hermes I devices. It can probably be modified to deal
+ * with Hermes II devices
+ *
+ * Copyright (C) 2007, David Kilroy
+ *
+ * Plug data code slightly modified from spectrum_cs driver
+ * Copyright (C) 2002-2005 Pavel Roskin <proski@gnu.org>
+ * Portions based on information in wl_lkm_718 Agere driver
+ * COPYRIGHT (C) 2001-2004 by Agere Systems Inc. All Rights Reserved
+ *
+ * The contents of this file are subject to the Mozilla Public License
+ * Version 1.1 (the "License"); you may not use this file except in
+ * compliance with the License. You may obtain a copy of the License
+ * at http://www.mozilla.org/MPL/
+ *
+ * Software distributed under the License is distributed on an "AS IS"
+ * basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See
+ * the License for the specific language governing rights and
+ * limitations under the License.
+ *
+ * Alternatively, the contents of this file may be used under the
+ * terms of the GNU General Public License version 2 (the "GPL"), in
+ * which case the provisions of the GPL are applicable instead of the
+ * above. If you wish to allow the use of your version of this file
+ * only under the terms of the GPL and not to allow others to use your
+ * version of this file under the MPL, indicate your decision by
+ * deleting the provisions above and replace them with the notice and
+ * other provisions required by the GPL. If you do not delete the
+ * provisions above, a recipient may use your version of this file
+ * under either the MPL or the GPL.
+ */
+
+#include <linux/module.h>
+#include <linux/delay.h>
+#include "hermes.h"
+#include "hermes_dld.h"
+
+#define PFX "hermes_dld: "
+
+/* End markers used in dblocks */
+#define PDI_END 0x00000000 /* End of PDA */
+#define BLOCK_END 0xFFFFFFFF /* Last image block */
+#define TEXT_END 0x1A /* End of text header */
+
+/*
+ * The following structures have little-endian fields denoted by
+ * the leading underscore. Don't access them directly - use inline
+ * functions defined below.
+ */
+
+/*
+ * The binary image to be downloaded consists of series of data blocks.
+ * Each block has the following structure.
+ */
+struct dblock {
+ __le32 addr; /* adapter address where to write the block */
+ __le16 len; /* length of the data only, in bytes */
+ char data[]; /* data to be written */
+} __packed;
+
+/*
+ * Plug Data References are located in the image after the last data
+ * block. They refer to areas in the adapter memory where the plug data
+ * items with matching ID should be written.
+ */
+struct pdr {
+ __le32 id; /* record ID */
+ __le32 addr; /* adapter address where to write the data */
+ __le32 len; /* expected length of the data, in bytes */
+ char next[]; /* next PDR starts here */
+} __packed;
+
+/*
+ * Plug Data Items are located in the EEPROM read from the adapter by
+ * primary firmware. They refer to the device-specific data that should
+ * be plugged into the secondary firmware.
+ */
+struct pdi {
+ __le16 len; /* length of ID and data, in words */
+ __le16 id; /* record ID */
+ char data[]; /* plug data */
+} __packed;
+
+/*** FW data block access functions ***/
+
+static inline u32
+dblock_addr(const struct dblock *blk)
+{
+ return le32_to_cpu(blk->addr);
+}
+
+static inline u32
+dblock_len(const struct dblock *blk)
+{
+ return le16_to_cpu(blk->len);
+}
+
+/*** PDR Access functions ***/
+
+static inline u32
+pdr_id(const struct pdr *pdr)
+{
+ return le32_to_cpu(pdr->id);
+}
+
+static inline u32
+pdr_addr(const struct pdr *pdr)
+{
+ return le32_to_cpu(pdr->addr);
+}
+
+static inline u32
+pdr_len(const struct pdr *pdr)
+{
+ return le32_to_cpu(pdr->len);
+}
+
+/*** PDI Access functions ***/
+
+static inline u32
+pdi_id(const struct pdi *pdi)
+{
+ return le16_to_cpu(pdi->id);
+}
+
+/* Return length of the data only, in bytes */
+static inline u32
+pdi_len(const struct pdi *pdi)
+{
+ return 2 * (le16_to_cpu(pdi->len) - 1);
+}
+
+/*** Plug Data Functions ***/
+
+/*
+ * Scan PDR for the record with the specified RECORD_ID.
+ * If it's not found, return NULL.
+ */
+static const struct pdr *
+hermes_find_pdr(const struct pdr *first_pdr, u32 record_id, const void *end)
+{
+ const struct pdr *pdr = first_pdr;
+
+ end -= sizeof(struct pdr);
+
+ while (((void *) pdr <= end) &&
+ (pdr_id(pdr) != PDI_END)) {
+ /*
+ * PDR area is currently not terminated by PDI_END.
+ * It's followed by CRC records, which have the type
+ * field where PDR has length. The type can be 0 or 1.
+ */
+ if (pdr_len(pdr) < 2)
+ return NULL;
+
+ /* If the record ID matches, we are done */
+ if (pdr_id(pdr) == record_id)
+ return pdr;
+
+ pdr = (struct pdr *) pdr->next;
+ }
+ return NULL;
+}
+
+/* Scan production data items for a particular entry */
+static const struct pdi *
+hermes_find_pdi(const struct pdi *first_pdi, u32 record_id, const void *end)
+{
+ const struct pdi *pdi = first_pdi;
+
+ end -= sizeof(struct pdi);
+
+ while (((void *) pdi <= end) &&
+ (pdi_id(pdi) != PDI_END)) {
+
+ /* If the record ID matches, we are done */
+ if (pdi_id(pdi) == record_id)
+ return pdi;
+
+ pdi = (struct pdi *) &pdi->data[pdi_len(pdi)];
+ }
+ return NULL;
+}
+
+/* Process one Plug Data Item - find corresponding PDR and plug it */
+static int
+hermes_plug_pdi(struct hermes *hw, const struct pdr *first_pdr,
+ const struct pdi *pdi, const void *pdr_end)
+{
+ const struct pdr *pdr;
+
+ /* Find the PDR corresponding to this PDI */
+ pdr = hermes_find_pdr(first_pdr, pdi_id(pdi), pdr_end);
+
+ /* No match is found, safe to ignore */
+ if (!pdr)
+ return 0;
+
+ /* Lengths of the data in PDI and PDR must match */
+ if (pdi_len(pdi) != pdr_len(pdr))
+ return -EINVAL;
+
+ /* do the actual plugging */
+ hw->ops->program(hw, pdi->data, pdr_addr(pdr), pdi_len(pdi));
+
+ return 0;
+}
+
+/* Parse PDA and write the records into the adapter
+ *
+ * Attempt to write every records that is in the specified pda
+ * which also has a valid production data record for the firmware.
+ */
+int hermes_apply_pda(struct hermes *hw,
+ const char *first_pdr,
+ const void *pdr_end,
+ const __le16 *pda,
+ const void *pda_end)
+{
+ int ret;
+ const struct pdi *pdi;
+ const struct pdr *pdr;
+
+ pdr = (const struct pdr *) first_pdr;
+ pda_end -= sizeof(struct pdi);
+
+ /* Go through every PDI and plug them into the adapter */
+ pdi = (const struct pdi *) (pda + 2);
+ while (((void *) pdi <= pda_end) &&
+ (pdi_id(pdi) != PDI_END)) {
+ ret = hermes_plug_pdi(hw, pdr, pdi, pdr_end);
+ if (ret)
+ return ret;
+
+ /* Increment to the next PDI */
+ pdi = (const struct pdi *) &pdi->data[pdi_len(pdi)];
+ }
+ return 0;
+}
+
+/* Identify the total number of bytes in all blocks
+ * including the header data.
+ */
+size_t
+hermes_blocks_length(const char *first_block, const void *end)
+{
+ const struct dblock *blk = (const struct dblock *) first_block;
+ int total_len = 0;
+ int len;
+
+ end -= sizeof(*blk);
+
+ /* Skip all blocks to locate Plug Data References
+ * (Spectrum CS) */
+ while (((void *) blk <= end) &&
+ (dblock_addr(blk) != BLOCK_END)) {
+ len = dblock_len(blk);
+ total_len += sizeof(*blk) + len;
+ blk = (struct dblock *) &blk->data[len];
+ }
+
+ return total_len;
+}
+
+/*** Hermes programming ***/
+
+/* Program the data blocks */
+int hermes_program(struct hermes *hw, const char *first_block, const void *end)
+{
+ const struct dblock *blk;
+ u32 blkaddr;
+ u32 blklen;
+ int err = 0;
+
+ blk = (const struct dblock *) first_block;
+
+ if ((void *) blk > (end - sizeof(*blk)))
+ return -EIO;
+
+ blkaddr = dblock_addr(blk);
+ blklen = dblock_len(blk);
+
+ while ((blkaddr != BLOCK_END) &&
+ (((void *) blk + blklen) <= end)) {
+ pr_debug(PFX "Programming block of length %d "
+ "to address 0x%08x\n", blklen, blkaddr);
+
+ err = hw->ops->program(hw, blk->data, blkaddr, blklen);
+ if (err)
+ break;
+
+ blk = (const struct dblock *) &blk->data[blklen];
+
+ if ((void *) blk > (end - sizeof(*blk)))
+ return -EIO;
+
+ blkaddr = dblock_addr(blk);
+ blklen = dblock_len(blk);
+ }
+ return err;
+}
+
+/*** Default plugging data for Hermes I ***/
+/* Values from wl_lkm_718/hcf/dhf.c */
+
+#define DEFINE_DEFAULT_PDR(pid, length, data) \
+static const struct { \
+ __le16 len; \
+ __le16 id; \
+ u8 val[length]; \
+} __packed default_pdr_data_##pid = { \
+ cpu_to_le16((sizeof(default_pdr_data_##pid)/ \
+ sizeof(__le16)) - 1), \
+ cpu_to_le16(pid), \
+ data \
+}
+
+#define DEFAULT_PDR(pid) default_pdr_data_##pid
+
+/* HWIF Compatibility */
+DEFINE_DEFAULT_PDR(0x0005, 10, "\x00\x00\x06\x00\x01\x00\x01\x00\x01\x00");
+
+/* PPPPSign */
+DEFINE_DEFAULT_PDR(0x0108, 4, "\x00\x00\x00\x00");
+
+/* PPPPProf */
+DEFINE_DEFAULT_PDR(0x0109, 10, "\x00\x00\x00\x00\x03\x00\x00\x00\x00\x00");
+
+/* Antenna diversity */
+DEFINE_DEFAULT_PDR(0x0150, 2, "\x00\x3F");
+
+/* Modem VCO band Set-up */
+DEFINE_DEFAULT_PDR(0x0160, 28,
+ "\x00\x00\x00\x00\x00\x00\x00\x00"
+ "\x00\x00\x00\x00\x00\x00\x00\x00"
+ "\x00\x00\x00\x00\x00\x00\x00\x00"
+ "\x00\x00\x00\x00");
+
+/* Modem Rx Gain Table Values */
+DEFINE_DEFAULT_PDR(0x0161, 256,
+ "\x3F\x01\x3F\01\x3F\x01\x3F\x01"
+ "\x3F\x01\x3F\01\x3F\x01\x3F\x01"
+ "\x3F\x01\x3F\01\x3F\x01\x3F\x01"
+ "\x3F\x01\x3F\01\x3F\x01\x3F\x01"
+ "\x3F\x01\x3E\01\x3E\x01\x3D\x01"
+ "\x3D\x01\x3C\01\x3C\x01\x3B\x01"
+ "\x3B\x01\x3A\01\x3A\x01\x39\x01"
+ "\x39\x01\x38\01\x38\x01\x37\x01"
+ "\x37\x01\x36\01\x36\x01\x35\x01"
+ "\x35\x01\x34\01\x34\x01\x33\x01"
+ "\x33\x01\x32\x01\x32\x01\x31\x01"
+ "\x31\x01\x30\x01\x30\x01\x7B\x01"
+ "\x7B\x01\x7A\x01\x7A\x01\x79\x01"
+ "\x79\x01\x78\x01\x78\x01\x77\x01"
+ "\x77\x01\x76\x01\x76\x01\x75\x01"
+ "\x75\x01\x74\x01\x74\x01\x73\x01"
+ "\x73\x01\x72\x01\x72\x01\x71\x01"
+ "\x71\x01\x70\x01\x70\x01\x68\x01"
+ "\x68\x01\x67\x01\x67\x01\x66\x01"
+ "\x66\x01\x65\x01\x65\x01\x57\x01"
+ "\x57\x01\x56\x01\x56\x01\x55\x01"
+ "\x55\x01\x54\x01\x54\x01\x53\x01"
+ "\x53\x01\x52\x01\x52\x01\x51\x01"
+ "\x51\x01\x50\x01\x50\x01\x48\x01"
+ "\x48\x01\x47\x01\x47\x01\x46\x01"
+ "\x46\x01\x45\x01\x45\x01\x44\x01"
+ "\x44\x01\x43\x01\x43\x01\x42\x01"
+ "\x42\x01\x41\x01\x41\x01\x40\x01"
+ "\x40\x01\x40\x01\x40\x01\x40\x01"
+ "\x40\x01\x40\x01\x40\x01\x40\x01"
+ "\x40\x01\x40\x01\x40\x01\x40\x01"
+ "\x40\x01\x40\x01\x40\x01\x40\x01");
+
+/* Write PDA according to certain rules.
+ *
+ * For every production data record, look for a previous setting in
+ * the pda, and use that.
+ *
+ * For certain records, use defaults if they are not found in pda.
+ */
+int hermes_apply_pda_with_defaults(struct hermes *hw,
+ const char *first_pdr,
+ const void *pdr_end,
+ const __le16 *pda,
+ const void *pda_end)
+{
+ const struct pdr *pdr = (const struct pdr *) first_pdr;
+ const struct pdi *first_pdi = (const struct pdi *) &pda[2];
+ const struct pdi *pdi;
+ const struct pdi *default_pdi = NULL;
+ const struct pdi *outdoor_pdi;
+ int record_id;
+
+ pdr_end -= sizeof(struct pdr);
+
+ while (((void *) pdr <= pdr_end) &&
+ (pdr_id(pdr) != PDI_END)) {
+ /*
+ * For spectrum_cs firmwares,
+ * PDR area is currently not terminated by PDI_END.
+ * It's followed by CRC records, which have the type
+ * field where PDR has length. The type can be 0 or 1.
+ */
+ if (pdr_len(pdr) < 2)
+ break;
+ record_id = pdr_id(pdr);
+
+ pdi = hermes_find_pdi(first_pdi, record_id, pda_end);
+ if (pdi)
+ pr_debug(PFX "Found record 0x%04x at %p\n",
+ record_id, pdi);
+
+ switch (record_id) {
+ case 0x110: /* Modem REFDAC values */
+ case 0x120: /* Modem VGDAC values */
+ outdoor_pdi = hermes_find_pdi(first_pdi, record_id + 1,
+ pda_end);
+ default_pdi = NULL;
+ if (outdoor_pdi) {
+ pdi = outdoor_pdi;
+ pr_debug(PFX
+ "Using outdoor record 0x%04x at %p\n",
+ record_id + 1, pdi);
+ }
+ break;
+ case 0x5: /* HWIF Compatibility */
+ default_pdi = (struct pdi *) &DEFAULT_PDR(0x0005);
+ break;
+ case 0x108: /* PPPPSign */
+ default_pdi = (struct pdi *) &DEFAULT_PDR(0x0108);
+ break;
+ case 0x109: /* PPPPProf */
+ default_pdi = (struct pdi *) &DEFAULT_PDR(0x0109);
+ break;
+ case 0x150: /* Antenna diversity */
+ default_pdi = (struct pdi *) &DEFAULT_PDR(0x0150);
+ break;
+ case 0x160: /* Modem VCO band Set-up */
+ default_pdi = (struct pdi *) &DEFAULT_PDR(0x0160);
+ break;
+ case 0x161: /* Modem Rx Gain Table Values */
+ default_pdi = (struct pdi *) &DEFAULT_PDR(0x0161);
+ break;
+ default:
+ default_pdi = NULL;
+ break;
+ }
+ if (!pdi && default_pdi) {
+ /* Use default */
+ pdi = default_pdi;
+ pr_debug(PFX "Using default record 0x%04x at %p\n",
+ record_id, pdi);
+ }
+
+ if (pdi) {
+ /* Lengths of the data in PDI and PDR must match */
+ if ((pdi_len(pdi) == pdr_len(pdr)) &&
+ ((void *) pdi->data + pdi_len(pdi) < pda_end)) {
+ /* do the actual plugging */
+ hw->ops->program(hw, pdi->data, pdr_addr(pdr),
+ pdi_len(pdi));
+ }
+ }
+
+ pdr++;
+ }
+ return 0;
+}
diff --git a/drivers/net/wireless/intersil/orinoco/hermes_dld.h b/drivers/net/wireless/intersil/orinoco/hermes_dld.h
new file mode 100644
index 000000000..b5377e232
--- /dev/null
+++ b/drivers/net/wireless/intersil/orinoco/hermes_dld.h
@@ -0,0 +1,52 @@
+/*
+ * Copyright (C) 2007, David Kilroy
+ *
+ * The contents of this file are subject to the Mozilla Public License
+ * Version 1.1 (the "License"); you may not use this file except in
+ * compliance with the License. You may obtain a copy of the License
+ * at http://www.mozilla.org/MPL/
+ *
+ * Software distributed under the License is distributed on an "AS IS"
+ * basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See
+ * the License for the specific language governing rights and
+ * limitations under the License.
+ *
+ * Alternatively, the contents of this file may be used under the
+ * terms of the GNU General Public License version 2 (the "GPL"), in
+ * which case the provisions of the GPL are applicable instead of the
+ * above. If you wish to allow the use of your version of this file
+ * only under the terms of the GPL and not to allow others to use your
+ * version of this file under the MPL, indicate your decision by
+ * deleting the provisions above and replace them with the notice and
+ * other provisions required by the GPL. If you do not delete the
+ * provisions above, a recipient may use your version of this file
+ * under either the MPL or the GPL.
+ */
+#ifndef _HERMES_DLD_H
+#define _HERMES_DLD_H
+
+#include "hermes.h"
+
+int hermesi_program_init(struct hermes *hw, u32 offset);
+int hermesi_program_end(struct hermes *hw);
+int hermes_program(struct hermes *hw, const char *first_block, const void *end);
+
+int hermes_read_pda(struct hermes *hw,
+ __le16 *pda,
+ u32 pda_addr,
+ u16 pda_len,
+ int use_eeprom);
+int hermes_apply_pda(struct hermes *hw,
+ const char *first_pdr,
+ const void *pdr_end,
+ const __le16 *pda,
+ const void *pda_end);
+int hermes_apply_pda_with_defaults(struct hermes *hw,
+ const char *first_pdr,
+ const void *pdr_end,
+ const __le16 *pda,
+ const void *pda_end);
+
+size_t hermes_blocks_length(const char *first_block, const void *end);
+
+#endif /* _HERMES_DLD_H */
diff --git a/drivers/net/wireless/intersil/orinoco/hermes_rid.h b/drivers/net/wireless/intersil/orinoco/hermes_rid.h
new file mode 100644
index 000000000..42eb67dea
--- /dev/null
+++ b/drivers/net/wireless/intersil/orinoco/hermes_rid.h
@@ -0,0 +1,165 @@
+#ifndef _HERMES_RID_H
+#define _HERMES_RID_H
+
+/*
+ * Configuration RIDs
+ */
+#define HERMES_RID_CNFPORTTYPE 0xFC00
+#define HERMES_RID_CNFOWNMACADDR 0xFC01
+#define HERMES_RID_CNFDESIREDSSID 0xFC02
+#define HERMES_RID_CNFOWNCHANNEL 0xFC03
+#define HERMES_RID_CNFOWNSSID 0xFC04
+#define HERMES_RID_CNFOWNATIMWINDOW 0xFC05
+#define HERMES_RID_CNFSYSTEMSCALE 0xFC06
+#define HERMES_RID_CNFMAXDATALEN 0xFC07
+#define HERMES_RID_CNFWDSADDRESS 0xFC08
+#define HERMES_RID_CNFPMENABLED 0xFC09
+#define HERMES_RID_CNFPMEPS 0xFC0A
+#define HERMES_RID_CNFMULTICASTRECEIVE 0xFC0B
+#define HERMES_RID_CNFMAXSLEEPDURATION 0xFC0C
+#define HERMES_RID_CNFPMHOLDOVERDURATION 0xFC0D
+#define HERMES_RID_CNFOWNNAME 0xFC0E
+#define HERMES_RID_CNFOWNDTIMPERIOD 0xFC10
+#define HERMES_RID_CNFWDSADDRESS1 0xFC11
+#define HERMES_RID_CNFWDSADDRESS2 0xFC12
+#define HERMES_RID_CNFWDSADDRESS3 0xFC13
+#define HERMES_RID_CNFWDSADDRESS4 0xFC14
+#define HERMES_RID_CNFWDSADDRESS5 0xFC15
+#define HERMES_RID_CNFWDSADDRESS6 0xFC16
+#define HERMES_RID_CNFMULTICASTPMBUFFERING 0xFC17
+#define HERMES_RID_CNFWEPENABLED_AGERE 0xFC20
+#define HERMES_RID_CNFAUTHENTICATION_AGERE 0xFC21
+#define HERMES_RID_CNFMANDATORYBSSID_SYMBOL 0xFC21
+#define HERMES_RID_CNFDROPUNENCRYPTED 0xFC22
+#define HERMES_RID_CNFWEPDEFAULTKEYID 0xFC23
+#define HERMES_RID_CNFDEFAULTKEY0 0xFC24
+#define HERMES_RID_CNFDEFAULTKEY1 0xFC25
+#define HERMES_RID_CNFMWOROBUST_AGERE 0xFC25
+#define HERMES_RID_CNFDEFAULTKEY2 0xFC26
+#define HERMES_RID_CNFDEFAULTKEY3 0xFC27
+#define HERMES_RID_CNFWEPFLAGS_INTERSIL 0xFC28
+#define HERMES_RID_CNFWEPKEYMAPPINGTABLE 0xFC29
+#define HERMES_RID_CNFAUTHENTICATION 0xFC2A
+#define HERMES_RID_CNFMAXASSOCSTA 0xFC2B
+#define HERMES_RID_CNFKEYLENGTH_SYMBOL 0xFC2B
+#define HERMES_RID_CNFTXCONTROL 0xFC2C
+#define HERMES_RID_CNFROAMINGMODE 0xFC2D
+#define HERMES_RID_CNFHOSTAUTHENTICATION 0xFC2E
+#define HERMES_RID_CNFRCVCRCERROR 0xFC30
+#define HERMES_RID_CNFMMLIFE 0xFC31
+#define HERMES_RID_CNFALTRETRYCOUNT 0xFC32
+#define HERMES_RID_CNFBEACONINT 0xFC33
+#define HERMES_RID_CNFAPPCFINFO 0xFC34
+#define HERMES_RID_CNFSTAPCFINFO 0xFC35
+#define HERMES_RID_CNFPRIORITYQUSAGE 0xFC37
+#define HERMES_RID_CNFTIMCTRL 0xFC40
+#define HERMES_RID_CNFTHIRTY2TALLY 0xFC42
+#define HERMES_RID_CNFENHSECURITY 0xFC43
+#define HERMES_RID_CNFGROUPADDRESSES 0xFC80
+#define HERMES_RID_CNFCREATEIBSS 0xFC81
+#define HERMES_RID_CNFFRAGMENTATIONTHRESHOLD 0xFC82
+#define HERMES_RID_CNFRTSTHRESHOLD 0xFC83
+#define HERMES_RID_CNFTXRATECONTROL 0xFC84
+#define HERMES_RID_CNFPROMISCUOUSMODE 0xFC85
+#define HERMES_RID_CNFBASICRATES_SYMBOL 0xFC8A
+#define HERMES_RID_CNFPREAMBLE_SYMBOL 0xFC8C
+#define HERMES_RID_CNFFRAGMENTATIONTHRESHOLD0 0xFC90
+#define HERMES_RID_CNFFRAGMENTATIONTHRESHOLD1 0xFC91
+#define HERMES_RID_CNFFRAGMENTATIONTHRESHOLD2 0xFC92
+#define HERMES_RID_CNFFRAGMENTATIONTHRESHOLD3 0xFC93
+#define HERMES_RID_CNFFRAGMENTATIONTHRESHOLD4 0xFC94
+#define HERMES_RID_CNFFRAGMENTATIONTHRESHOLD5 0xFC95
+#define HERMES_RID_CNFFRAGMENTATIONTHRESHOLD6 0xFC96
+#define HERMES_RID_CNFRTSTHRESHOLD0 0xFC97
+#define HERMES_RID_CNFRTSTHRESHOLD1 0xFC98
+#define HERMES_RID_CNFRTSTHRESHOLD2 0xFC99
+#define HERMES_RID_CNFRTSTHRESHOLD3 0xFC9A
+#define HERMES_RID_CNFRTSTHRESHOLD4 0xFC9B
+#define HERMES_RID_CNFRTSTHRESHOLD5 0xFC9C
+#define HERMES_RID_CNFRTSTHRESHOLD6 0xFC9D
+#define HERMES_RID_CNFHOSTSCAN_SYMBOL 0xFCAB
+#define HERMES_RID_CNFSHORTPREAMBLE 0xFCB0
+#define HERMES_RID_CNFWEPKEYS_AGERE 0xFCB0
+#define HERMES_RID_CNFEXCLUDELONGPREAMBLE 0xFCB1
+#define HERMES_RID_CNFTXKEY_AGERE 0xFCB1
+#define HERMES_RID_CNFAUTHENTICATIONRSPTO 0xFCB2
+#define HERMES_RID_CNFSCANSSID_AGERE 0xFCB2
+#define HERMES_RID_CNFBASICRATES 0xFCB3
+#define HERMES_RID_CNFSUPPORTEDRATES 0xFCB4
+#define HERMES_RID_CNFADDDEFAULTTKIPKEY_AGERE 0xFCB4
+#define HERMES_RID_CNFSETWPAAUTHMGMTSUITE_AGERE 0xFCB5
+#define HERMES_RID_CNFREMDEFAULTTKIPKEY_AGERE 0xFCB6
+#define HERMES_RID_CNFADDMAPPEDTKIPKEY_AGERE 0xFCB7
+#define HERMES_RID_CNFREMMAPPEDTKIPKEY_AGERE 0xFCB8
+#define HERMES_RID_CNFSETWPACAPABILITIES_AGERE 0xFCB9
+#define HERMES_RID_CNFCACHEDPMKADDRESS 0xFCBA
+#define HERMES_RID_CNFREMOVEPMKADDRESS 0xFCBB
+#define HERMES_RID_CNFSCANCHANNELS2GHZ 0xFCC2
+#define HERMES_RID_CNFDISASSOCIATE 0xFCC8
+#define HERMES_RID_CNFTICKTIME 0xFCE0
+#define HERMES_RID_CNFSCANREQUEST 0xFCE1
+#define HERMES_RID_CNFJOINREQUEST 0xFCE2
+#define HERMES_RID_CNFAUTHENTICATESTATION 0xFCE3
+#define HERMES_RID_CNFCHANNELINFOREQUEST 0xFCE4
+#define HERMES_RID_CNFHOSTSCAN 0xFCE5
+
+/*
+ * Information RIDs
+ */
+#define HERMES_RID_MAXLOADTIME 0xFD00
+#define HERMES_RID_DOWNLOADBUFFER 0xFD01
+#define HERMES_RID_PRIID 0xFD02
+#define HERMES_RID_PRISUPRANGE 0xFD03
+#define HERMES_RID_CFIACTRANGES 0xFD04
+#define HERMES_RID_NICSERNUM 0xFD0A
+#define HERMES_RID_NICID 0xFD0B
+#define HERMES_RID_MFISUPRANGE 0xFD0C
+#define HERMES_RID_CFISUPRANGE 0xFD0D
+#define HERMES_RID_CHANNELLIST 0xFD10
+#define HERMES_RID_REGULATORYDOMAINS 0xFD11
+#define HERMES_RID_TEMPTYPE 0xFD12
+#define HERMES_RID_CIS 0xFD13
+#define HERMES_RID_STAID 0xFD20
+#define HERMES_RID_STASUPRANGE 0xFD21
+#define HERMES_RID_MFIACTRANGES 0xFD22
+#define HERMES_RID_CFIACTRANGES2 0xFD23
+#define HERMES_RID_SECONDARYVERSION_SYMBOL 0xFD24
+#define HERMES_RID_PORTSTATUS 0xFD40
+#define HERMES_RID_CURRENTSSID 0xFD41
+#define HERMES_RID_CURRENTBSSID 0xFD42
+#define HERMES_RID_COMMSQUALITY 0xFD43
+#define HERMES_RID_CURRENTTXRATE 0xFD44
+#define HERMES_RID_CURRENTBEACONINTERVAL 0xFD45
+#define HERMES_RID_CURRENTSCALETHRESHOLDS 0xFD46
+#define HERMES_RID_PROTOCOLRSPTIME 0xFD47
+#define HERMES_RID_SHORTRETRYLIMIT 0xFD48
+#define HERMES_RID_LONGRETRYLIMIT 0xFD49
+#define HERMES_RID_MAXTRANSMITLIFETIME 0xFD4A
+#define HERMES_RID_MAXRECEIVELIFETIME 0xFD4B
+#define HERMES_RID_CFPOLLABLE 0xFD4C
+#define HERMES_RID_AUTHENTICATIONALGORITHMS 0xFD4D
+#define HERMES_RID_PRIVACYOPTIONIMPLEMENTED 0xFD4F
+#define HERMES_RID_DBMCOMMSQUALITY_INTERSIL 0xFD51
+#define HERMES_RID_CURRENTTXRATE1 0xFD80
+#define HERMES_RID_CURRENTTXRATE2 0xFD81
+#define HERMES_RID_CURRENTTXRATE3 0xFD82
+#define HERMES_RID_CURRENTTXRATE4 0xFD83
+#define HERMES_RID_CURRENTTXRATE5 0xFD84
+#define HERMES_RID_CURRENTTXRATE6 0xFD85
+#define HERMES_RID_OWNMACADDR 0xFD86
+#define HERMES_RID_SCANRESULTSTABLE 0xFD88
+#define HERMES_RID_CURRENT_COUNTRY_INFO 0xFD89
+#define HERMES_RID_CURRENT_WPA_IE 0xFD8A
+#define HERMES_RID_CURRENT_TKIP_IV 0xFD8B
+#define HERMES_RID_CURRENT_ASSOC_REQ_INFO 0xFD8C
+#define HERMES_RID_CURRENT_ASSOC_RESP_INFO 0xFD8D
+#define HERMES_RID_TXQUEUEEMPTY 0xFD91
+#define HERMES_RID_PHYTYPE 0xFDC0
+#define HERMES_RID_CURRENTCHANNEL 0xFDC1
+#define HERMES_RID_CURRENTPOWERSTATE 0xFDC2
+#define HERMES_RID_CCAMODE 0xFDC3
+#define HERMES_RID_SUPPORTEDDATARATES 0xFDC6
+#define HERMES_RID_BUILDSEQ 0xFFFE
+#define HERMES_RID_FWID 0xFFFF
+
+#endif
diff --git a/drivers/net/wireless/intersil/orinoco/hw.c b/drivers/net/wireless/intersil/orinoco/hw.c
new file mode 100644
index 000000000..4fcca08e5
--- /dev/null
+++ b/drivers/net/wireless/intersil/orinoco/hw.c
@@ -0,0 +1,1362 @@
+/* Encapsulate basic setting changes and retrieval on Hermes hardware
+ *
+ * See copyright notice in main.c
+ */
+#include <linux/kernel.h>
+#include <linux/device.h>
+#include <linux/if_arp.h>
+#include <linux/ieee80211.h>
+#include <linux/wireless.h>
+#include <net/cfg80211.h>
+#include "hermes.h"
+#include "hermes_rid.h"
+#include "orinoco.h"
+
+#include "hw.h"
+
+#define SYMBOL_MAX_VER_LEN (14)
+
+/* Symbol firmware has a bug allocating buffers larger than this */
+#define TX_NICBUF_SIZE_BUG 1585
+
+/********************************************************************/
+/* Data tables */
+/********************************************************************/
+
+/* This tables gives the actual meanings of the bitrate IDs returned
+ * by the firmware. */
+static const struct {
+ int bitrate; /* in 100s of kilobits */
+ int automatic;
+ u16 agere_txratectrl;
+ u16 intersil_txratectrl;
+} bitrate_table[] = {
+ {110, 1, 3, 15}, /* Entry 0 is the default */
+ {10, 0, 1, 1},
+ {10, 1, 1, 1},
+ {20, 0, 2, 2},
+ {20, 1, 6, 3},
+ {55, 0, 4, 4},
+ {55, 1, 7, 7},
+ {110, 0, 5, 8},
+};
+#define BITRATE_TABLE_SIZE ARRAY_SIZE(bitrate_table)
+
+/* Firmware version encoding */
+struct comp_id {
+ u16 id, variant, major, minor;
+} __packed;
+
+static inline enum fwtype determine_firmware_type(struct comp_id *nic_id)
+{
+ if (nic_id->id < 0x8000)
+ return FIRMWARE_TYPE_AGERE;
+ else if (nic_id->id == 0x8000 && nic_id->major == 0)
+ return FIRMWARE_TYPE_SYMBOL;
+ else
+ return FIRMWARE_TYPE_INTERSIL;
+}
+
+/* Set priv->firmware type, determine firmware properties
+ * This function can be called before we have registerred with netdev,
+ * so all errors go out with dev_* rather than printk
+ *
+ * If non-NULL stores a firmware description in fw_name.
+ * If non-NULL stores a HW version in hw_ver
+ *
+ * These are output via generic cfg80211 ethtool support.
+ */
+int determine_fw_capabilities(struct orinoco_private *priv,
+ char *fw_name, size_t fw_name_len,
+ u32 *hw_ver)
+{
+ struct device *dev = priv->dev;
+ struct hermes *hw = &priv->hw;
+ int err;
+ struct comp_id nic_id, sta_id;
+ unsigned int firmver;
+ char tmp[SYMBOL_MAX_VER_LEN + 1] __attribute__((aligned(2)));
+
+ /* Get the hardware version */
+ err = HERMES_READ_RECORD_PR(hw, USER_BAP, HERMES_RID_NICID, &nic_id);
+ if (err) {
+ dev_err(dev, "Cannot read hardware identity: error %d\n",
+ err);
+ return err;
+ }
+
+ le16_to_cpus(&nic_id.id);
+ le16_to_cpus(&nic_id.variant);
+ le16_to_cpus(&nic_id.major);
+ le16_to_cpus(&nic_id.minor);
+ dev_info(dev, "Hardware identity %04x:%04x:%04x:%04x\n",
+ nic_id.id, nic_id.variant, nic_id.major, nic_id.minor);
+
+ if (hw_ver)
+ *hw_ver = (((nic_id.id & 0xff) << 24) |
+ ((nic_id.variant & 0xff) << 16) |
+ ((nic_id.major & 0xff) << 8) |
+ (nic_id.minor & 0xff));
+
+ priv->firmware_type = determine_firmware_type(&nic_id);
+
+ /* Get the firmware version */
+ err = HERMES_READ_RECORD_PR(hw, USER_BAP, HERMES_RID_STAID, &sta_id);
+ if (err) {
+ dev_err(dev, "Cannot read station identity: error %d\n",
+ err);
+ return err;
+ }
+
+ le16_to_cpus(&sta_id.id);
+ le16_to_cpus(&sta_id.variant);
+ le16_to_cpus(&sta_id.major);
+ le16_to_cpus(&sta_id.minor);
+ dev_info(dev, "Station identity %04x:%04x:%04x:%04x\n",
+ sta_id.id, sta_id.variant, sta_id.major, sta_id.minor);
+
+ switch (sta_id.id) {
+ case 0x15:
+ dev_err(dev, "Primary firmware is active\n");
+ return -ENODEV;
+ case 0x14b:
+ dev_err(dev, "Tertiary firmware is active\n");
+ return -ENODEV;
+ case 0x1f: /* Intersil, Agere, Symbol Spectrum24 */
+ case 0x21: /* Symbol Spectrum24 Trilogy */
+ break;
+ default:
+ dev_notice(dev, "Unknown station ID, please report\n");
+ break;
+ }
+
+ /* Default capabilities */
+ priv->has_sensitivity = 1;
+ priv->has_mwo = 0;
+ priv->has_preamble = 0;
+ priv->has_port3 = 1;
+ priv->has_ibss = 1;
+ priv->has_wep = 0;
+ priv->has_big_wep = 0;
+ priv->has_alt_txcntl = 0;
+ priv->has_ext_scan = 0;
+ priv->has_wpa = 0;
+ priv->do_fw_download = 0;
+
+ /* Determine capabilities from the firmware version */
+ switch (priv->firmware_type) {
+ case FIRMWARE_TYPE_AGERE:
+ /* Lucent Wavelan IEEE, Lucent Orinoco, Cabletron RoamAbout,
+ ELSA, Melco, HP, IBM, Dell 1150, Compaq 110/210 */
+ if (fw_name)
+ snprintf(fw_name, fw_name_len, "Lucent/Agere %d.%02d",
+ sta_id.major, sta_id.minor);
+
+ firmver = ((unsigned long)sta_id.major << 16) | sta_id.minor;
+
+ priv->has_ibss = (firmver >= 0x60006);
+ priv->has_wep = (firmver >= 0x40020);
+ priv->has_big_wep = 1; /* FIXME: this is wrong - how do we tell
+ Gold cards from the others? */
+ priv->has_mwo = (firmver >= 0x60000);
+ priv->has_pm = (firmver >= 0x40020); /* Don't work in 7.52 ? */
+ priv->ibss_port = 1;
+ priv->has_hostscan = (firmver >= 0x8000a);
+ priv->do_fw_download = 1;
+ priv->broken_monitor = (firmver >= 0x80000);
+ priv->has_alt_txcntl = (firmver >= 0x90000); /* All 9.x ? */
+ priv->has_ext_scan = (firmver >= 0x90000); /* All 9.x ? */
+ priv->has_wpa = (firmver >= 0x9002a);
+ /* Tested with Agere firmware :
+ * 1.16 ; 4.08 ; 4.52 ; 6.04 ; 6.16 ; 7.28 => Jean II
+ * Tested CableTron firmware : 4.32 => Anton */
+ break;
+ case FIRMWARE_TYPE_SYMBOL:
+ /* Symbol , 3Com AirConnect, Intel, Ericsson WLAN */
+ /* Intel MAC : 00:02:B3:* */
+ /* 3Com MAC : 00:50:DA:* */
+ memset(tmp, 0, sizeof(tmp));
+ /* Get the Symbol firmware version */
+ err = hw->ops->read_ltv_pr(hw, USER_BAP,
+ HERMES_RID_SECONDARYVERSION_SYMBOL,
+ SYMBOL_MAX_VER_LEN, NULL, &tmp);
+ if (err) {
+ dev_warn(dev, "Error %d reading Symbol firmware info. "
+ "Wildly guessing capabilities...\n", err);
+ firmver = 0;
+ tmp[0] = '\0';
+ } else {
+ /* The firmware revision is a string, the format is
+ * something like : "V2.20-01".
+ * Quick and dirty parsing... - Jean II
+ */
+ firmver = ((tmp[1] - '0') << 16)
+ | ((tmp[3] - '0') << 12)
+ | ((tmp[4] - '0') << 8)
+ | ((tmp[6] - '0') << 4)
+ | (tmp[7] - '0');
+
+ tmp[SYMBOL_MAX_VER_LEN] = '\0';
+ }
+
+ if (fw_name)
+ snprintf(fw_name, fw_name_len, "Symbol %s", tmp);
+
+ priv->has_ibss = (firmver >= 0x20000);
+ priv->has_wep = (firmver >= 0x15012);
+ priv->has_big_wep = (firmver >= 0x20000);
+ priv->has_pm = (firmver >= 0x20000 && firmver < 0x22000) ||
+ (firmver >= 0x29000 && firmver < 0x30000) ||
+ firmver >= 0x31000;
+ priv->has_preamble = (firmver >= 0x20000);
+ priv->ibss_port = 4;
+
+ /* Symbol firmware is found on various cards, but
+ * there has been no attempt to check firmware
+ * download on non-spectrum_cs based cards.
+ *
+ * Given that the Agere firmware download works
+ * differently, we should avoid doing a firmware
+ * download with the Symbol algorithm on non-spectrum
+ * cards.
+ *
+ * For now we can identify a spectrum_cs based card
+ * because it has a firmware reset function.
+ */
+ priv->do_fw_download = (priv->stop_fw != NULL);
+
+ priv->broken_disableport = (firmver == 0x25013) ||
+ (firmver >= 0x30000 && firmver <= 0x31000);
+ priv->has_hostscan = (firmver >= 0x31001) ||
+ (firmver >= 0x29057 && firmver < 0x30000);
+ /* Tested with Intel firmware : 0x20015 => Jean II */
+ /* Tested with 3Com firmware : 0x15012 & 0x22001 => Jean II */
+ break;
+ case FIRMWARE_TYPE_INTERSIL:
+ /* D-Link, Linksys, Adtron, ZoomAir, and many others...
+ * Samsung, Compaq 100/200 and Proxim are slightly
+ * different and less well tested */
+ /* D-Link MAC : 00:40:05:* */
+ /* Addtron MAC : 00:90:D1:* */
+ if (fw_name)
+ snprintf(fw_name, fw_name_len, "Intersil %d.%d.%d",
+ sta_id.major, sta_id.minor, sta_id.variant);
+
+ firmver = ((unsigned long)sta_id.major << 16) |
+ ((unsigned long)sta_id.minor << 8) | sta_id.variant;
+
+ priv->has_ibss = (firmver >= 0x000700); /* FIXME */
+ priv->has_big_wep = priv->has_wep = (firmver >= 0x000800);
+ priv->has_pm = (firmver >= 0x000700);
+ priv->has_hostscan = (firmver >= 0x010301);
+
+ if (firmver >= 0x000800)
+ priv->ibss_port = 0;
+ else {
+ dev_notice(dev, "Intersil firmware earlier than v0.8.x"
+ " - several features not supported\n");
+ priv->ibss_port = 1;
+ }
+ break;
+ }
+ if (fw_name)
+ dev_info(dev, "Firmware determined as %s\n", fw_name);
+
+#ifndef CONFIG_HERMES_PRISM
+ if (priv->firmware_type == FIRMWARE_TYPE_INTERSIL) {
+ dev_err(dev, "Support for Prism chipset is not enabled\n");
+ return -ENODEV;
+ }
+#endif
+
+ return 0;
+}
+
+/* Read settings from EEPROM into our private structure.
+ * MAC address gets dropped into callers buffer
+ * Can be called before netdev registration.
+ */
+int orinoco_hw_read_card_settings(struct orinoco_private *priv, u8 *dev_addr)
+{
+ struct device *dev = priv->dev;
+ struct hermes_idstring nickbuf;
+ struct hermes *hw = &priv->hw;
+ int len;
+ int err;
+ u16 reclen;
+
+ /* Get the MAC address */
+ err = hw->ops->read_ltv_pr(hw, USER_BAP, HERMES_RID_CNFOWNMACADDR,
+ ETH_ALEN, NULL, dev_addr);
+ if (err) {
+ dev_warn(dev, "Failed to read MAC address!\n");
+ goto out;
+ }
+
+ dev_dbg(dev, "MAC address %pM\n", dev_addr);
+
+ /* Get the station name */
+ err = hw->ops->read_ltv_pr(hw, USER_BAP, HERMES_RID_CNFOWNNAME,
+ sizeof(nickbuf), &reclen, &nickbuf);
+ if (err) {
+ dev_err(dev, "failed to read station name\n");
+ goto out;
+ }
+ if (nickbuf.len)
+ len = min(IW_ESSID_MAX_SIZE, (int)le16_to_cpu(nickbuf.len));
+ else
+ len = min(IW_ESSID_MAX_SIZE, 2 * reclen);
+ memcpy(priv->nick, &nickbuf.val, len);
+ priv->nick[len] = '\0';
+
+ dev_dbg(dev, "Station name \"%s\"\n", priv->nick);
+
+ /* Get allowed channels */
+ err = hermes_read_wordrec_pr(hw, USER_BAP, HERMES_RID_CHANNELLIST,
+ &priv->channel_mask);
+ if (err) {
+ dev_err(dev, "Failed to read channel list!\n");
+ goto out;
+ }
+
+ /* Get initial AP density */
+ err = hermes_read_wordrec_pr(hw, USER_BAP, HERMES_RID_CNFSYSTEMSCALE,
+ &priv->ap_density);
+ if (err || priv->ap_density < 1 || priv->ap_density > 3)
+ priv->has_sensitivity = 0;
+
+ /* Get initial RTS threshold */
+ err = hermes_read_wordrec_pr(hw, USER_BAP, HERMES_RID_CNFRTSTHRESHOLD,
+ &priv->rts_thresh);
+ if (err) {
+ dev_err(dev, "Failed to read RTS threshold!\n");
+ goto out;
+ }
+
+ /* Get initial fragmentation settings */
+ if (priv->has_mwo)
+ err = hermes_read_wordrec_pr(hw, USER_BAP,
+ HERMES_RID_CNFMWOROBUST_AGERE,
+ &priv->mwo_robust);
+ else
+ err = hermes_read_wordrec_pr(hw, USER_BAP,
+ HERMES_RID_CNFFRAGMENTATIONTHRESHOLD,
+ &priv->frag_thresh);
+ if (err) {
+ dev_err(dev, "Failed to read fragmentation settings!\n");
+ goto out;
+ }
+
+ /* Power management setup */
+ if (priv->has_pm) {
+ priv->pm_on = 0;
+ priv->pm_mcast = 1;
+ err = hermes_read_wordrec_pr(hw, USER_BAP,
+ HERMES_RID_CNFMAXSLEEPDURATION,
+ &priv->pm_period);
+ if (err) {
+ dev_err(dev, "Failed to read power management "
+ "period!\n");
+ goto out;
+ }
+ err = hermes_read_wordrec_pr(hw, USER_BAP,
+ HERMES_RID_CNFPMHOLDOVERDURATION,
+ &priv->pm_timeout);
+ if (err) {
+ dev_err(dev, "Failed to read power management "
+ "timeout!\n");
+ goto out;
+ }
+ }
+
+ /* Preamble setup */
+ if (priv->has_preamble) {
+ err = hermes_read_wordrec_pr(hw, USER_BAP,
+ HERMES_RID_CNFPREAMBLE_SYMBOL,
+ &priv->preamble);
+ if (err) {
+ dev_err(dev, "Failed to read preamble setup\n");
+ goto out;
+ }
+ }
+
+ /* Retry settings */
+ err = hermes_read_wordrec_pr(hw, USER_BAP, HERMES_RID_SHORTRETRYLIMIT,
+ &priv->short_retry_limit);
+ if (err) {
+ dev_err(dev, "Failed to read short retry limit\n");
+ goto out;
+ }
+
+ err = hermes_read_wordrec_pr(hw, USER_BAP, HERMES_RID_LONGRETRYLIMIT,
+ &priv->long_retry_limit);
+ if (err) {
+ dev_err(dev, "Failed to read long retry limit\n");
+ goto out;
+ }
+
+ err = hermes_read_wordrec_pr(hw, USER_BAP, HERMES_RID_MAXTRANSMITLIFETIME,
+ &priv->retry_lifetime);
+ if (err) {
+ dev_err(dev, "Failed to read max retry lifetime\n");
+ goto out;
+ }
+
+out:
+ return err;
+}
+
+/* Can be called before netdev registration */
+int orinoco_hw_allocate_fid(struct orinoco_private *priv)
+{
+ struct device *dev = priv->dev;
+ struct hermes *hw = &priv->hw;
+ int err;
+
+ err = hw->ops->allocate(hw, priv->nicbuf_size, &priv->txfid);
+ if (err == -EIO && priv->nicbuf_size > TX_NICBUF_SIZE_BUG) {
+ /* Try workaround for old Symbol firmware bug */
+ priv->nicbuf_size = TX_NICBUF_SIZE_BUG;
+ err = hw->ops->allocate(hw, priv->nicbuf_size, &priv->txfid);
+
+ dev_warn(dev, "Firmware ALLOC bug detected "
+ "(old Symbol firmware?). Work around %s\n",
+ err ? "failed!" : "ok.");
+ }
+
+ return err;
+}
+
+int orinoco_get_bitratemode(int bitrate, int automatic)
+{
+ int ratemode = -1;
+ int i;
+
+ if ((bitrate != 10) && (bitrate != 20) &&
+ (bitrate != 55) && (bitrate != 110))
+ return ratemode;
+
+ for (i = 0; i < BITRATE_TABLE_SIZE; i++) {
+ if ((bitrate_table[i].bitrate == bitrate) &&
+ (bitrate_table[i].automatic == automatic)) {
+ ratemode = i;
+ break;
+ }
+ }
+ return ratemode;
+}
+
+void orinoco_get_ratemode_cfg(int ratemode, int *bitrate, int *automatic)
+{
+ BUG_ON((ratemode < 0) || (ratemode >= BITRATE_TABLE_SIZE));
+
+ *bitrate = bitrate_table[ratemode].bitrate * 100000;
+ *automatic = bitrate_table[ratemode].automatic;
+}
+
+int orinoco_hw_program_rids(struct orinoco_private *priv)
+{
+ struct net_device *dev = priv->ndev;
+ struct wireless_dev *wdev = netdev_priv(dev);
+ struct hermes *hw = &priv->hw;
+ int err;
+ struct hermes_idstring idbuf;
+
+ /* Set the MAC address */
+ err = hw->ops->write_ltv(hw, USER_BAP, HERMES_RID_CNFOWNMACADDR,
+ HERMES_BYTES_TO_RECLEN(ETH_ALEN),
+ dev->dev_addr);
+ if (err) {
+ printk(KERN_ERR "%s: Error %d setting MAC address\n",
+ dev->name, err);
+ return err;
+ }
+
+ /* Set up the link mode */
+ err = hermes_write_wordrec(hw, USER_BAP, HERMES_RID_CNFPORTTYPE,
+ priv->port_type);
+ if (err) {
+ printk(KERN_ERR "%s: Error %d setting port type\n",
+ dev->name, err);
+ return err;
+ }
+ /* Set the channel/frequency */
+ if (priv->channel != 0 && priv->iw_mode != NL80211_IFTYPE_STATION) {
+ err = hermes_write_wordrec(hw, USER_BAP,
+ HERMES_RID_CNFOWNCHANNEL,
+ priv->channel);
+ if (err) {
+ printk(KERN_ERR "%s: Error %d setting channel %d\n",
+ dev->name, err, priv->channel);
+ return err;
+ }
+ }
+
+ if (priv->has_ibss) {
+ u16 createibss;
+
+ if ((strlen(priv->desired_essid) == 0) && (priv->createibss)) {
+ printk(KERN_WARNING "%s: This firmware requires an "
+ "ESSID in IBSS-Ad-Hoc mode.\n", dev->name);
+ /* With wvlan_cs, in this case, we would crash.
+ * hopefully, this driver will behave better...
+ * Jean II */
+ createibss = 0;
+ } else {
+ createibss = priv->createibss;
+ }
+
+ err = hermes_write_wordrec(hw, USER_BAP,
+ HERMES_RID_CNFCREATEIBSS,
+ createibss);
+ if (err) {
+ printk(KERN_ERR "%s: Error %d setting CREATEIBSS\n",
+ dev->name, err);
+ return err;
+ }
+ }
+
+ /* Set the desired BSSID */
+ err = __orinoco_hw_set_wap(priv);
+ if (err) {
+ printk(KERN_ERR "%s: Error %d setting AP address\n",
+ dev->name, err);
+ return err;
+ }
+
+ /* Set the desired ESSID */
+ idbuf.len = cpu_to_le16(strlen(priv->desired_essid));
+ memcpy(&idbuf.val, priv->desired_essid, sizeof(idbuf.val));
+ /* WinXP wants partner to configure OWNSSID even in IBSS mode. (jimc) */
+ err = hw->ops->write_ltv(hw, USER_BAP, HERMES_RID_CNFOWNSSID,
+ HERMES_BYTES_TO_RECLEN(strlen(priv->desired_essid) + 2),
+ &idbuf);
+ if (err) {
+ printk(KERN_ERR "%s: Error %d setting OWNSSID\n",
+ dev->name, err);
+ return err;
+ }
+ err = hw->ops->write_ltv(hw, USER_BAP, HERMES_RID_CNFDESIREDSSID,
+ HERMES_BYTES_TO_RECLEN(strlen(priv->desired_essid) + 2),
+ &idbuf);
+ if (err) {
+ printk(KERN_ERR "%s: Error %d setting DESIREDSSID\n",
+ dev->name, err);
+ return err;
+ }
+
+ /* Set the station name */
+ idbuf.len = cpu_to_le16(strlen(priv->nick));
+ memcpy(&idbuf.val, priv->nick, sizeof(idbuf.val));
+ err = hw->ops->write_ltv(hw, USER_BAP, HERMES_RID_CNFOWNNAME,
+ HERMES_BYTES_TO_RECLEN(strlen(priv->nick) + 2),
+ &idbuf);
+ if (err) {
+ printk(KERN_ERR "%s: Error %d setting nickname\n",
+ dev->name, err);
+ return err;
+ }
+
+ /* Set AP density */
+ if (priv->has_sensitivity) {
+ err = hermes_write_wordrec(hw, USER_BAP,
+ HERMES_RID_CNFSYSTEMSCALE,
+ priv->ap_density);
+ if (err) {
+ printk(KERN_WARNING "%s: Error %d setting SYSTEMSCALE. "
+ "Disabling sensitivity control\n",
+ dev->name, err);
+
+ priv->has_sensitivity = 0;
+ }
+ }
+
+ /* Set RTS threshold */
+ err = hermes_write_wordrec(hw, USER_BAP, HERMES_RID_CNFRTSTHRESHOLD,
+ priv->rts_thresh);
+ if (err) {
+ printk(KERN_ERR "%s: Error %d setting RTS threshold\n",
+ dev->name, err);
+ return err;
+ }
+
+ /* Set fragmentation threshold or MWO robustness */
+ if (priv->has_mwo)
+ err = hermes_write_wordrec(hw, USER_BAP,
+ HERMES_RID_CNFMWOROBUST_AGERE,
+ priv->mwo_robust);
+ else
+ err = hermes_write_wordrec(hw, USER_BAP,
+ HERMES_RID_CNFFRAGMENTATIONTHRESHOLD,
+ priv->frag_thresh);
+ if (err) {
+ printk(KERN_ERR "%s: Error %d setting fragmentation\n",
+ dev->name, err);
+ return err;
+ }
+
+ /* Set bitrate */
+ err = __orinoco_hw_set_bitrate(priv);
+ if (err) {
+ printk(KERN_ERR "%s: Error %d setting bitrate\n",
+ dev->name, err);
+ return err;
+ }
+
+ /* Set power management */
+ if (priv->has_pm) {
+ err = hermes_write_wordrec(hw, USER_BAP,
+ HERMES_RID_CNFPMENABLED,
+ priv->pm_on);
+ if (err) {
+ printk(KERN_ERR "%s: Error %d setting up PM\n",
+ dev->name, err);
+ return err;
+ }
+
+ err = hermes_write_wordrec(hw, USER_BAP,
+ HERMES_RID_CNFMULTICASTRECEIVE,
+ priv->pm_mcast);
+ if (err) {
+ printk(KERN_ERR "%s: Error %d setting up PM\n",
+ dev->name, err);
+ return err;
+ }
+ err = hermes_write_wordrec(hw, USER_BAP,
+ HERMES_RID_CNFMAXSLEEPDURATION,
+ priv->pm_period);
+ if (err) {
+ printk(KERN_ERR "%s: Error %d setting up PM\n",
+ dev->name, err);
+ return err;
+ }
+ err = hermes_write_wordrec(hw, USER_BAP,
+ HERMES_RID_CNFPMHOLDOVERDURATION,
+ priv->pm_timeout);
+ if (err) {
+ printk(KERN_ERR "%s: Error %d setting up PM\n",
+ dev->name, err);
+ return err;
+ }
+ }
+
+ /* Set preamble - only for Symbol so far... */
+ if (priv->has_preamble) {
+ err = hermes_write_wordrec(hw, USER_BAP,
+ HERMES_RID_CNFPREAMBLE_SYMBOL,
+ priv->preamble);
+ if (err) {
+ printk(KERN_ERR "%s: Error %d setting preamble\n",
+ dev->name, err);
+ return err;
+ }
+ }
+
+ /* Set up encryption */
+ if (priv->has_wep || priv->has_wpa) {
+ err = __orinoco_hw_setup_enc(priv);
+ if (err) {
+ printk(KERN_ERR "%s: Error %d activating encryption\n",
+ dev->name, err);
+ return err;
+ }
+ }
+
+ if (priv->iw_mode == NL80211_IFTYPE_MONITOR) {
+ /* Enable monitor mode */
+ dev->type = ARPHRD_IEEE80211;
+ err = hw->ops->cmd_wait(hw, HERMES_CMD_TEST |
+ HERMES_TEST_MONITOR, 0, NULL);
+ } else {
+ /* Disable monitor mode */
+ dev->type = ARPHRD_ETHER;
+ err = hw->ops->cmd_wait(hw, HERMES_CMD_TEST |
+ HERMES_TEST_STOP, 0, NULL);
+ }
+ if (err)
+ return err;
+
+ /* Reset promiscuity / multicast*/
+ priv->promiscuous = 0;
+ priv->mc_count = 0;
+
+ /* Record mode change */
+ wdev->iftype = priv->iw_mode;
+
+ return 0;
+}
+
+/* Get tsc from the firmware */
+int orinoco_hw_get_tkip_iv(struct orinoco_private *priv, int key, u8 *tsc)
+{
+ struct hermes *hw = &priv->hw;
+ int err = 0;
+ u8 tsc_arr[4][ORINOCO_SEQ_LEN];
+
+ if ((key < 0) || (key >= 4))
+ return -EINVAL;
+
+ err = hw->ops->read_ltv(hw, USER_BAP, HERMES_RID_CURRENT_TKIP_IV,
+ sizeof(tsc_arr), NULL, &tsc_arr);
+ if (!err)
+ memcpy(tsc, &tsc_arr[key][0], sizeof(tsc_arr[0]));
+
+ return err;
+}
+
+int __orinoco_hw_set_bitrate(struct orinoco_private *priv)
+{
+ struct hermes *hw = &priv->hw;
+ int ratemode = priv->bitratemode;
+ int err = 0;
+
+ if (ratemode >= BITRATE_TABLE_SIZE) {
+ printk(KERN_ERR "%s: BUG: Invalid bitrate mode %d\n",
+ priv->ndev->name, ratemode);
+ return -EINVAL;
+ }
+
+ switch (priv->firmware_type) {
+ case FIRMWARE_TYPE_AGERE:
+ err = hermes_write_wordrec(hw, USER_BAP,
+ HERMES_RID_CNFTXRATECONTROL,
+ bitrate_table[ratemode].agere_txratectrl);
+ break;
+ case FIRMWARE_TYPE_INTERSIL:
+ case FIRMWARE_TYPE_SYMBOL:
+ err = hermes_write_wordrec(hw, USER_BAP,
+ HERMES_RID_CNFTXRATECONTROL,
+ bitrate_table[ratemode].intersil_txratectrl);
+ break;
+ default:
+ BUG();
+ }
+
+ return err;
+}
+
+int orinoco_hw_get_act_bitrate(struct orinoco_private *priv, int *bitrate)
+{
+ struct hermes *hw = &priv->hw;
+ int i;
+ int err = 0;
+ u16 val;
+
+ err = hermes_read_wordrec(hw, USER_BAP,
+ HERMES_RID_CURRENTTXRATE, &val);
+ if (err)
+ return err;
+
+ switch (priv->firmware_type) {
+ case FIRMWARE_TYPE_AGERE: /* Lucent style rate */
+ /* Note : in Lucent firmware, the return value of
+ * HERMES_RID_CURRENTTXRATE is the bitrate in Mb/s,
+ * and therefore is totally different from the
+ * encoding of HERMES_RID_CNFTXRATECONTROL.
+ * Don't forget that 6Mb/s is really 5.5Mb/s */
+ if (val == 6)
+ *bitrate = 5500000;
+ else
+ *bitrate = val * 1000000;
+ break;
+ case FIRMWARE_TYPE_INTERSIL: /* Intersil style rate */
+ case FIRMWARE_TYPE_SYMBOL: /* Symbol style rate */
+ for (i = 0; i < BITRATE_TABLE_SIZE; i++)
+ if (bitrate_table[i].intersil_txratectrl == val) {
+ *bitrate = bitrate_table[i].bitrate * 100000;
+ break;
+ }
+
+ if (i >= BITRATE_TABLE_SIZE) {
+ printk(KERN_INFO "%s: Unable to determine current bitrate (0x%04hx)\n",
+ priv->ndev->name, val);
+ err = -EIO;
+ }
+
+ break;
+ default:
+ BUG();
+ }
+
+ return err;
+}
+
+/* Set fixed AP address */
+int __orinoco_hw_set_wap(struct orinoco_private *priv)
+{
+ int roaming_flag;
+ int err = 0;
+ struct hermes *hw = &priv->hw;
+
+ switch (priv->firmware_type) {
+ case FIRMWARE_TYPE_AGERE:
+ /* not supported */
+ break;
+ case FIRMWARE_TYPE_INTERSIL:
+ if (priv->bssid_fixed)
+ roaming_flag = 2;
+ else
+ roaming_flag = 1;
+
+ err = hermes_write_wordrec(hw, USER_BAP,
+ HERMES_RID_CNFROAMINGMODE,
+ roaming_flag);
+ break;
+ case FIRMWARE_TYPE_SYMBOL:
+ err = HERMES_WRITE_RECORD(hw, USER_BAP,
+ HERMES_RID_CNFMANDATORYBSSID_SYMBOL,
+ &priv->desired_bssid);
+ break;
+ }
+ return err;
+}
+
+/* Change the WEP keys and/or the current keys. Can be called
+ * either from __orinoco_hw_setup_enc() or directly from
+ * orinoco_ioctl_setiwencode(). In the later case the association
+ * with the AP is not broken (if the firmware can handle it),
+ * which is needed for 802.1x implementations. */
+int __orinoco_hw_setup_wepkeys(struct orinoco_private *priv)
+{
+ struct hermes *hw = &priv->hw;
+ int err = 0;
+ int i;
+
+ switch (priv->firmware_type) {
+ case FIRMWARE_TYPE_AGERE:
+ {
+ struct orinoco_key keys[ORINOCO_MAX_KEYS];
+
+ memset(&keys, 0, sizeof(keys));
+ for (i = 0; i < ORINOCO_MAX_KEYS; i++) {
+ int len = min(priv->keys[i].key_len,
+ ORINOCO_MAX_KEY_SIZE);
+ memcpy(&keys[i].data, priv->keys[i].key, len);
+ if (len > SMALL_KEY_SIZE)
+ keys[i].len = cpu_to_le16(LARGE_KEY_SIZE);
+ else if (len > 0)
+ keys[i].len = cpu_to_le16(SMALL_KEY_SIZE);
+ else
+ keys[i].len = cpu_to_le16(0);
+ }
+
+ err = HERMES_WRITE_RECORD(hw, USER_BAP,
+ HERMES_RID_CNFWEPKEYS_AGERE,
+ &keys);
+ if (err)
+ return err;
+ err = hermes_write_wordrec(hw, USER_BAP,
+ HERMES_RID_CNFTXKEY_AGERE,
+ priv->tx_key);
+ if (err)
+ return err;
+ break;
+ }
+ case FIRMWARE_TYPE_INTERSIL:
+ case FIRMWARE_TYPE_SYMBOL:
+ {
+ int keylen;
+
+ /* Force uniform key length to work around
+ * firmware bugs */
+ keylen = priv->keys[priv->tx_key].key_len;
+
+ if (keylen > LARGE_KEY_SIZE) {
+ printk(KERN_ERR "%s: BUG: Key %d has oversize length %d.\n",
+ priv->ndev->name, priv->tx_key, keylen);
+ return -E2BIG;
+ } else if (keylen > SMALL_KEY_SIZE)
+ keylen = LARGE_KEY_SIZE;
+ else if (keylen > 0)
+ keylen = SMALL_KEY_SIZE;
+ else
+ keylen = 0;
+
+ /* Write all 4 keys */
+ for (i = 0; i < ORINOCO_MAX_KEYS; i++) {
+ u8 key[LARGE_KEY_SIZE] = { 0 };
+
+ memcpy(key, priv->keys[i].key,
+ priv->keys[i].key_len);
+
+ err = hw->ops->write_ltv(hw, USER_BAP,
+ HERMES_RID_CNFDEFAULTKEY0 + i,
+ HERMES_BYTES_TO_RECLEN(keylen),
+ key);
+ if (err)
+ return err;
+ }
+
+ /* Write the index of the key used in transmission */
+ err = hermes_write_wordrec(hw, USER_BAP,
+ HERMES_RID_CNFWEPDEFAULTKEYID,
+ priv->tx_key);
+ if (err)
+ return err;
+ }
+ break;
+ }
+
+ return 0;
+}
+
+int __orinoco_hw_setup_enc(struct orinoco_private *priv)
+{
+ struct hermes *hw = &priv->hw;
+ int err = 0;
+ int master_wep_flag;
+ int auth_flag;
+ int enc_flag;
+
+ /* Setup WEP keys */
+ if (priv->encode_alg == ORINOCO_ALG_WEP)
+ __orinoco_hw_setup_wepkeys(priv);
+
+ if (priv->wep_restrict)
+ auth_flag = HERMES_AUTH_SHARED_KEY;
+ else
+ auth_flag = HERMES_AUTH_OPEN;
+
+ if (priv->wpa_enabled)
+ enc_flag = 2;
+ else if (priv->encode_alg == ORINOCO_ALG_WEP)
+ enc_flag = 1;
+ else
+ enc_flag = 0;
+
+ switch (priv->firmware_type) {
+ case FIRMWARE_TYPE_AGERE: /* Agere style WEP */
+ if (priv->encode_alg == ORINOCO_ALG_WEP) {
+ /* Enable the shared-key authentication. */
+ err = hermes_write_wordrec(hw, USER_BAP,
+ HERMES_RID_CNFAUTHENTICATION_AGERE,
+ auth_flag);
+ if (err)
+ return err;
+ }
+ err = hermes_write_wordrec(hw, USER_BAP,
+ HERMES_RID_CNFWEPENABLED_AGERE,
+ enc_flag);
+ if (err)
+ return err;
+
+ if (priv->has_wpa) {
+ /* Set WPA key management */
+ err = hermes_write_wordrec(hw, USER_BAP,
+ HERMES_RID_CNFSETWPAAUTHMGMTSUITE_AGERE,
+ priv->key_mgmt);
+ if (err)
+ return err;
+ }
+
+ break;
+
+ case FIRMWARE_TYPE_INTERSIL: /* Intersil style WEP */
+ case FIRMWARE_TYPE_SYMBOL: /* Symbol style WEP */
+ if (priv->encode_alg == ORINOCO_ALG_WEP) {
+ if (priv->wep_restrict ||
+ (priv->firmware_type == FIRMWARE_TYPE_SYMBOL))
+ master_wep_flag = HERMES_WEP_PRIVACY_INVOKED |
+ HERMES_WEP_EXCL_UNENCRYPTED;
+ else
+ master_wep_flag = HERMES_WEP_PRIVACY_INVOKED;
+
+ err = hermes_write_wordrec(hw, USER_BAP,
+ HERMES_RID_CNFAUTHENTICATION,
+ auth_flag);
+ if (err)
+ return err;
+ } else
+ master_wep_flag = 0;
+
+ if (priv->iw_mode == NL80211_IFTYPE_MONITOR)
+ master_wep_flag |= HERMES_WEP_HOST_DECRYPT;
+
+ /* Master WEP setting : on/off */
+ err = hermes_write_wordrec(hw, USER_BAP,
+ HERMES_RID_CNFWEPFLAGS_INTERSIL,
+ master_wep_flag);
+ if (err)
+ return err;
+
+ break;
+ }
+
+ return 0;
+}
+
+/* key must be 32 bytes, including the tx and rx MIC keys.
+ * rsc must be NULL or up to 8 bytes
+ * tsc must be NULL or up to 8 bytes
+ */
+int __orinoco_hw_set_tkip_key(struct orinoco_private *priv, int key_idx,
+ int set_tx, const u8 *key, size_t key_len,
+ const u8 *rsc, size_t rsc_len,
+ const u8 *tsc, size_t tsc_len)
+{
+ struct {
+ __le16 idx;
+ u8 rsc[ORINOCO_SEQ_LEN];
+ struct {
+ u8 key[TKIP_KEYLEN];
+ u8 tx_mic[MIC_KEYLEN];
+ u8 rx_mic[MIC_KEYLEN];
+ } tkip;
+ u8 tsc[ORINOCO_SEQ_LEN];
+ } __packed buf;
+ struct hermes *hw = &priv->hw;
+ int ret;
+ int err;
+ int k;
+ u16 xmitting;
+
+ key_idx &= 0x3;
+
+ if (set_tx)
+ key_idx |= 0x8000;
+
+ buf.idx = cpu_to_le16(key_idx);
+ if (key_len != sizeof(buf.tkip))
+ return -EINVAL;
+ memcpy(&buf.tkip, key, sizeof(buf.tkip));
+
+ if (rsc_len > sizeof(buf.rsc))
+ rsc_len = sizeof(buf.rsc);
+
+ if (tsc_len > sizeof(buf.tsc))
+ tsc_len = sizeof(buf.tsc);
+
+ memset(buf.rsc, 0, sizeof(buf.rsc));
+ memset(buf.tsc, 0, sizeof(buf.tsc));
+
+ if (rsc != NULL)
+ memcpy(buf.rsc, rsc, rsc_len);
+
+ if (tsc != NULL)
+ memcpy(buf.tsc, tsc, tsc_len);
+ else
+ buf.tsc[4] = 0x10;
+
+ /* Wait up to 100ms for tx queue to empty */
+ for (k = 100; k > 0; k--) {
+ udelay(1000);
+ ret = hermes_read_wordrec(hw, USER_BAP, HERMES_RID_TXQUEUEEMPTY,
+ &xmitting);
+ if (ret || !xmitting)
+ break;
+ }
+
+ if (k == 0)
+ ret = -ETIMEDOUT;
+
+ err = HERMES_WRITE_RECORD(hw, USER_BAP,
+ HERMES_RID_CNFADDDEFAULTTKIPKEY_AGERE,
+ &buf);
+
+ return ret ? ret : err;
+}
+
+int orinoco_clear_tkip_key(struct orinoco_private *priv, int key_idx)
+{
+ struct hermes *hw = &priv->hw;
+ int err;
+
+ err = hermes_write_wordrec(hw, USER_BAP,
+ HERMES_RID_CNFREMDEFAULTTKIPKEY_AGERE,
+ key_idx);
+ if (err)
+ printk(KERN_WARNING "%s: Error %d clearing TKIP key %d\n",
+ priv->ndev->name, err, key_idx);
+ return err;
+}
+
+int __orinoco_hw_set_multicast_list(struct orinoco_private *priv,
+ struct net_device *dev,
+ int mc_count, int promisc)
+{
+ struct hermes *hw = &priv->hw;
+ int err = 0;
+
+ if (promisc != priv->promiscuous) {
+ err = hermes_write_wordrec(hw, USER_BAP,
+ HERMES_RID_CNFPROMISCUOUSMODE,
+ promisc);
+ if (err) {
+ printk(KERN_ERR "%s: Error %d setting PROMISCUOUSMODE to 1.\n",
+ priv->ndev->name, err);
+ } else
+ priv->promiscuous = promisc;
+ }
+
+ /* If we're not in promiscuous mode, then we need to set the
+ * group address if either we want to multicast, or if we were
+ * multicasting and want to stop */
+ if (!promisc && (mc_count || priv->mc_count)) {
+ struct netdev_hw_addr *ha;
+ struct hermes_multicast mclist;
+ int i = 0;
+
+ netdev_for_each_mc_addr(ha, dev) {
+ if (i == mc_count)
+ break;
+ memcpy(mclist.addr[i++], ha->addr, ETH_ALEN);
+ }
+
+ err = hw->ops->write_ltv(hw, USER_BAP,
+ HERMES_RID_CNFGROUPADDRESSES,
+ HERMES_BYTES_TO_RECLEN(mc_count * ETH_ALEN),
+ &mclist);
+ if (err)
+ printk(KERN_ERR "%s: Error %d setting multicast list.\n",
+ priv->ndev->name, err);
+ else
+ priv->mc_count = mc_count;
+ }
+ return err;
+}
+
+/* Return : < 0 -> error code ; >= 0 -> length */
+int orinoco_hw_get_essid(struct orinoco_private *priv, int *active,
+ char buf[IW_ESSID_MAX_SIZE + 1])
+{
+ struct hermes *hw = &priv->hw;
+ int err = 0;
+ struct hermes_idstring essidbuf;
+ char *p = (char *)(&essidbuf.val);
+ int len;
+ unsigned long flags;
+
+ if (orinoco_lock(priv, &flags) != 0)
+ return -EBUSY;
+
+ if (strlen(priv->desired_essid) > 0) {
+ /* We read the desired SSID from the hardware rather
+ than from priv->desired_essid, just in case the
+ firmware is allowed to change it on us. I'm not
+ sure about this */
+ /* My guess is that the OWNSSID should always be whatever
+ * we set to the card, whereas CURRENT_SSID is the one that
+ * may change... - Jean II */
+ u16 rid;
+
+ *active = 1;
+
+ rid = (priv->port_type == 3) ? HERMES_RID_CNFOWNSSID :
+ HERMES_RID_CNFDESIREDSSID;
+
+ err = hw->ops->read_ltv(hw, USER_BAP, rid, sizeof(essidbuf),
+ NULL, &essidbuf);
+ if (err)
+ goto fail_unlock;
+ } else {
+ *active = 0;
+
+ err = hw->ops->read_ltv(hw, USER_BAP, HERMES_RID_CURRENTSSID,
+ sizeof(essidbuf), NULL, &essidbuf);
+ if (err)
+ goto fail_unlock;
+ }
+
+ len = le16_to_cpu(essidbuf.len);
+ BUG_ON(len > IW_ESSID_MAX_SIZE);
+
+ memset(buf, 0, IW_ESSID_MAX_SIZE);
+ memcpy(buf, p, len);
+ err = len;
+
+ fail_unlock:
+ orinoco_unlock(priv, &flags);
+
+ return err;
+}
+
+int orinoco_hw_get_freq(struct orinoco_private *priv)
+{
+ struct hermes *hw = &priv->hw;
+ int err = 0;
+ u16 channel;
+ int freq = 0;
+ unsigned long flags;
+
+ if (orinoco_lock(priv, &flags) != 0)
+ return -EBUSY;
+
+ err = hermes_read_wordrec(hw, USER_BAP, HERMES_RID_CURRENTCHANNEL,
+ &channel);
+ if (err)
+ goto out;
+
+ /* Intersil firmware 1.3.5 returns 0 when the interface is down */
+ if (channel == 0) {
+ err = -EBUSY;
+ goto out;
+ }
+
+ if ((channel < 1) || (channel > NUM_CHANNELS)) {
+ printk(KERN_WARNING "%s: Channel out of range (%d)!\n",
+ priv->ndev->name, channel);
+ err = -EBUSY;
+ goto out;
+
+ }
+ freq = ieee80211_channel_to_frequency(channel, NL80211_BAND_2GHZ);
+
+ out:
+ orinoco_unlock(priv, &flags);
+
+ if (err > 0)
+ err = -EBUSY;
+ return err ? err : freq;
+}
+
+int orinoco_hw_get_bitratelist(struct orinoco_private *priv,
+ int *numrates, s32 *rates, int max)
+{
+ struct hermes *hw = &priv->hw;
+ struct hermes_idstring list;
+ unsigned char *p = (unsigned char *)&list.val;
+ int err = 0;
+ int num;
+ int i;
+ unsigned long flags;
+
+ if (orinoco_lock(priv, &flags) != 0)
+ return -EBUSY;
+
+ err = hw->ops->read_ltv(hw, USER_BAP, HERMES_RID_SUPPORTEDDATARATES,
+ sizeof(list), NULL, &list);
+ orinoco_unlock(priv, &flags);
+
+ if (err)
+ return err;
+
+ num = le16_to_cpu(list.len);
+ *numrates = num;
+ num = min(num, max);
+
+ for (i = 0; i < num; i++)
+ rates[i] = (p[i] & 0x7f) * 500000; /* convert to bps */
+
+ return 0;
+}
+
+int orinoco_hw_trigger_scan(struct orinoco_private *priv,
+ const struct cfg80211_ssid *ssid)
+{
+ struct net_device *dev = priv->ndev;
+ struct hermes *hw = &priv->hw;
+ unsigned long flags;
+ int err = 0;
+
+ if (orinoco_lock(priv, &flags) != 0)
+ return -EBUSY;
+
+ /* Scanning with port 0 disabled would fail */
+ if (!netif_running(dev)) {
+ err = -ENETDOWN;
+ goto out;
+ }
+
+ /* In monitor mode, the scan results are always empty.
+ * Probe responses are passed to the driver as received
+ * frames and could be processed in software. */
+ if (priv->iw_mode == NL80211_IFTYPE_MONITOR) {
+ err = -EOPNOTSUPP;
+ goto out;
+ }
+
+ if (priv->has_hostscan) {
+ switch (priv->firmware_type) {
+ case FIRMWARE_TYPE_SYMBOL:
+ err = hermes_write_wordrec(hw, USER_BAP,
+ HERMES_RID_CNFHOSTSCAN_SYMBOL,
+ HERMES_HOSTSCAN_SYMBOL_ONCE |
+ HERMES_HOSTSCAN_SYMBOL_BCAST);
+ break;
+ case FIRMWARE_TYPE_INTERSIL: {
+ __le16 req[3];
+
+ req[0] = cpu_to_le16(0x3fff); /* All channels */
+ req[1] = cpu_to_le16(0x0001); /* rate 1 Mbps */
+ req[2] = 0; /* Any ESSID */
+ err = HERMES_WRITE_RECORD(hw, USER_BAP,
+ HERMES_RID_CNFHOSTSCAN, &req);
+ break;
+ }
+ case FIRMWARE_TYPE_AGERE:
+ if (ssid->ssid_len > 0) {
+ struct hermes_idstring idbuf;
+ size_t len = ssid->ssid_len;
+
+ idbuf.len = cpu_to_le16(len);
+ memcpy(idbuf.val, ssid->ssid, len);
+
+ err = hw->ops->write_ltv(hw, USER_BAP,
+ HERMES_RID_CNFSCANSSID_AGERE,
+ HERMES_BYTES_TO_RECLEN(len + 2),
+ &idbuf);
+ } else
+ err = hermes_write_wordrec(hw, USER_BAP,
+ HERMES_RID_CNFSCANSSID_AGERE,
+ 0); /* Any ESSID */
+ if (err)
+ break;
+
+ if (priv->has_ext_scan) {
+ err = hermes_write_wordrec(hw, USER_BAP,
+ HERMES_RID_CNFSCANCHANNELS2GHZ,
+ 0x7FFF);
+ if (err)
+ goto out;
+
+ err = hermes_inquire(hw,
+ HERMES_INQ_CHANNELINFO);
+ } else
+ err = hermes_inquire(hw, HERMES_INQ_SCAN);
+
+ break;
+ }
+ } else
+ err = hermes_inquire(hw, HERMES_INQ_SCAN);
+
+ out:
+ orinoco_unlock(priv, &flags);
+
+ return err;
+}
+
+/* Disassociate from node with BSSID addr */
+int orinoco_hw_disassociate(struct orinoco_private *priv,
+ u8 *addr, u16 reason_code)
+{
+ struct hermes *hw = &priv->hw;
+ int err;
+
+ struct {
+ u8 addr[ETH_ALEN];
+ __le16 reason_code;
+ } __packed buf;
+
+ /* Currently only supported by WPA enabled Agere fw */
+ if (!priv->has_wpa)
+ return -EOPNOTSUPP;
+
+ memcpy(buf.addr, addr, ETH_ALEN);
+ buf.reason_code = cpu_to_le16(reason_code);
+ err = HERMES_WRITE_RECORD(hw, USER_BAP,
+ HERMES_RID_CNFDISASSOCIATE,
+ &buf);
+ return err;
+}
+
+int orinoco_hw_get_current_bssid(struct orinoco_private *priv,
+ u8 *addr)
+{
+ struct hermes *hw = &priv->hw;
+ int err;
+
+ err = hw->ops->read_ltv(hw, USER_BAP, HERMES_RID_CURRENTBSSID,
+ ETH_ALEN, NULL, addr);
+
+ return err;
+}
diff --git a/drivers/net/wireless/intersil/orinoco/hw.h b/drivers/net/wireless/intersil/orinoco/hw.h
new file mode 100644
index 000000000..da5804dbd
--- /dev/null
+++ b/drivers/net/wireless/intersil/orinoco/hw.h
@@ -0,0 +1,60 @@
+/* Encapsulate basic setting changes on Hermes hardware
+ *
+ * See copyright notice in main.c
+ */
+#ifndef _ORINOCO_HW_H_
+#define _ORINOCO_HW_H_
+
+#include <linux/types.h>
+#include <linux/wireless.h>
+#include <net/cfg80211.h>
+
+/* Hardware BAPs */
+#define USER_BAP 0
+#define IRQ_BAP 1
+
+/* WEP key sizes */
+#define SMALL_KEY_SIZE 5
+#define LARGE_KEY_SIZE 13
+
+/* Number of supported channels */
+#define NUM_CHANNELS 14
+
+/* Forward declarations */
+struct orinoco_private;
+
+int determine_fw_capabilities(struct orinoco_private *priv, char *fw_name,
+ size_t fw_name_len, u32 *hw_ver);
+int orinoco_hw_read_card_settings(struct orinoco_private *priv, u8 *dev_addr);
+int orinoco_hw_allocate_fid(struct orinoco_private *priv);
+int orinoco_get_bitratemode(int bitrate, int automatic);
+void orinoco_get_ratemode_cfg(int ratemode, int *bitrate, int *automatic);
+
+int orinoco_hw_program_rids(struct orinoco_private *priv);
+int orinoco_hw_get_tkip_iv(struct orinoco_private *priv, int key, u8 *tsc);
+int __orinoco_hw_set_bitrate(struct orinoco_private *priv);
+int orinoco_hw_get_act_bitrate(struct orinoco_private *priv, int *bitrate);
+int __orinoco_hw_set_wap(struct orinoco_private *priv);
+int __orinoco_hw_setup_wepkeys(struct orinoco_private *priv);
+int __orinoco_hw_setup_enc(struct orinoco_private *priv);
+int __orinoco_hw_set_tkip_key(struct orinoco_private *priv, int key_idx,
+ int set_tx, const u8 *key, size_t key_len,
+ const u8 *rsc, size_t rsc_len,
+ const u8 *tsc, size_t tsc_len);
+int orinoco_clear_tkip_key(struct orinoco_private *priv, int key_idx);
+int __orinoco_hw_set_multicast_list(struct orinoco_private *priv,
+ struct net_device *dev,
+ int mc_count, int promisc);
+int orinoco_hw_get_essid(struct orinoco_private *priv, int *active,
+ char buf[IW_ESSID_MAX_SIZE + 1]);
+int orinoco_hw_get_freq(struct orinoco_private *priv);
+int orinoco_hw_get_bitratelist(struct orinoco_private *priv,
+ int *numrates, s32 *rates, int max);
+int orinoco_hw_trigger_scan(struct orinoco_private *priv,
+ const struct cfg80211_ssid *ssid);
+int orinoco_hw_disassociate(struct orinoco_private *priv,
+ u8 *addr, u16 reason_code);
+int orinoco_hw_get_current_bssid(struct orinoco_private *priv,
+ u8 *addr);
+
+#endif /* _ORINOCO_HW_H_ */
diff --git a/drivers/net/wireless/intersil/orinoco/main.c b/drivers/net/wireless/intersil/orinoco/main.c
new file mode 100644
index 000000000..7df88d20f
--- /dev/null
+++ b/drivers/net/wireless/intersil/orinoco/main.c
@@ -0,0 +1,2414 @@
+/* main.c - (formerly known as dldwd_cs.c, orinoco_cs.c and orinoco.c)
+ *
+ * A driver for Hermes or Prism 2 chipset based PCMCIA wireless
+ * adaptors, with Lucent/Agere, Intersil or Symbol firmware.
+ *
+ * Current maintainers (as of 29 September 2003) are:
+ * Pavel Roskin <proski AT gnu.org>
+ * and David Gibson <hermes AT gibson.dropbear.id.au>
+ *
+ * (C) Copyright David Gibson, IBM Corporation 2001-2003.
+ * Copyright (C) 2000 David Gibson, Linuxcare Australia.
+ * With some help from :
+ * Copyright (C) 2001 Jean Tourrilhes, HP Labs
+ * Copyright (C) 2001 Benjamin Herrenschmidt
+ *
+ * Based on dummy_cs.c 1.27 2000/06/12 21:27:25
+ *
+ * Portions based on wvlan_cs.c 1.0.6, Copyright Andreas Neuhaus <andy
+ * AT fasta.fh-dortmund.de>
+ * http://www.stud.fh-dortmund.de/~andy/wvlan/
+ *
+ * The contents of this file are subject to the Mozilla Public License
+ * Version 1.1 (the "License"); you may not use this file except in
+ * compliance with the License. You may obtain a copy of the License
+ * at http://www.mozilla.org/MPL/
+ *
+ * Software distributed under the License is distributed on an "AS IS"
+ * basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See
+ * the License for the specific language governing rights and
+ * limitations under the License.
+ *
+ * The initial developer of the original code is David A. Hinds
+ * <dahinds AT users.sourceforge.net>. Portions created by David
+ * A. Hinds are Copyright (C) 1999 David A. Hinds. All Rights
+ * Reserved.
+ *
+ * Alternatively, the contents of this file may be used under the
+ * terms of the GNU General Public License version 2 (the "GPL"), in
+ * which case the provisions of the GPL are applicable instead of the
+ * above. If you wish to allow the use of your version of this file
+ * only under the terms of the GPL and not to allow others to use your
+ * version of this file under the MPL, indicate your decision by
+ * deleting the provisions above and replace them with the notice and
+ * other provisions required by the GPL. If you do not delete the
+ * provisions above, a recipient may use your version of this file
+ * under either the MPL or the GPL. */
+
+/*
+ * TODO
+ * o Handle de-encapsulation within network layer, provide 802.11
+ * headers (patch from Thomas 'Dent' Mirlacher)
+ * o Fix possible races in SPY handling.
+ * o Disconnect wireless extensions from fundamental configuration.
+ * o (maybe) Software WEP support (patch from Stano Meduna).
+ * o (maybe) Use multiple Tx buffers - driver handling queue
+ * rather than firmware.
+ */
+
+/* Locking and synchronization:
+ *
+ * The basic principle is that everything is serialized through a
+ * single spinlock, priv->lock. The lock is used in user, bh and irq
+ * context, so when taken outside hardirq context it should always be
+ * taken with interrupts disabled. The lock protects both the
+ * hardware and the struct orinoco_private.
+ *
+ * Another flag, priv->hw_unavailable indicates that the hardware is
+ * unavailable for an extended period of time (e.g. suspended, or in
+ * the middle of a hard reset). This flag is protected by the
+ * spinlock. All code which touches the hardware should check the
+ * flag after taking the lock, and if it is set, give up on whatever
+ * they are doing and drop the lock again. The orinoco_lock()
+ * function handles this (it unlocks and returns -EBUSY if
+ * hw_unavailable is non-zero).
+ */
+
+#define DRIVER_NAME "orinoco"
+
+#include <linux/module.h>
+#include <linux/kernel.h>
+#include <linux/slab.h>
+#include <linux/init.h>
+#include <linux/delay.h>
+#include <linux/device.h>
+#include <linux/netdevice.h>
+#include <linux/etherdevice.h>
+#include <linux/suspend.h>
+#include <linux/if_arp.h>
+#include <linux/wireless.h>
+#include <linux/ieee80211.h>
+#include <net/iw_handler.h>
+#include <net/cfg80211.h>
+
+#include "hermes_rid.h"
+#include "hermes_dld.h"
+#include "hw.h"
+#include "scan.h"
+#include "mic.h"
+#include "fw.h"
+#include "wext.h"
+#include "cfg.h"
+#include "main.h"
+
+#include "orinoco.h"
+
+/********************************************************************/
+/* Module information */
+/********************************************************************/
+
+MODULE_AUTHOR("Pavel Roskin <proski@gnu.org> & "
+ "David Gibson <hermes@gibson.dropbear.id.au>");
+MODULE_DESCRIPTION("Driver for Lucent Orinoco, Prism II based "
+ "and similar wireless cards");
+MODULE_LICENSE("Dual MPL/GPL");
+
+/* Level of debugging. Used in the macros in orinoco.h */
+#ifdef ORINOCO_DEBUG
+int orinoco_debug = ORINOCO_DEBUG;
+EXPORT_SYMBOL(orinoco_debug);
+module_param(orinoco_debug, int, 0644);
+MODULE_PARM_DESC(orinoco_debug, "Debug level");
+#endif
+
+static bool suppress_linkstatus; /* = 0 */
+module_param(suppress_linkstatus, bool, 0644);
+MODULE_PARM_DESC(suppress_linkstatus, "Don't log link status changes");
+
+static int ignore_disconnect; /* = 0 */
+module_param(ignore_disconnect, int, 0644);
+MODULE_PARM_DESC(ignore_disconnect,
+ "Don't report lost link to the network layer");
+
+int force_monitor; /* = 0 */
+module_param(force_monitor, int, 0644);
+MODULE_PARM_DESC(force_monitor, "Allow monitor mode for all firmware versions");
+
+/********************************************************************/
+/* Internal constants */
+/********************************************************************/
+
+/* 802.2 LLC/SNAP header used for Ethernet encapsulation over 802.11 */
+static const u8 encaps_hdr[] = {0xaa, 0xaa, 0x03, 0x00, 0x00, 0x00};
+#define ENCAPS_OVERHEAD (sizeof(encaps_hdr) + 2)
+
+#define ORINOCO_MIN_MTU 256
+#define ORINOCO_MAX_MTU (IEEE80211_MAX_DATA_LEN - ENCAPS_OVERHEAD)
+
+#define MAX_IRQLOOPS_PER_IRQ 10
+#define MAX_IRQLOOPS_PER_JIFFY (20000 / HZ) /* Based on a guestimate of
+ * how many events the
+ * device could
+ * legitimately generate */
+
+#define DUMMY_FID 0xFFFF
+
+/*#define MAX_MULTICAST(priv) (priv->firmware_type == FIRMWARE_TYPE_AGERE ? \
+ HERMES_MAX_MULTICAST : 0)*/
+#define MAX_MULTICAST(priv) (HERMES_MAX_MULTICAST)
+
+#define ORINOCO_INTEN (HERMES_EV_RX | HERMES_EV_ALLOC \
+ | HERMES_EV_TX | HERMES_EV_TXEXC \
+ | HERMES_EV_WTERR | HERMES_EV_INFO \
+ | HERMES_EV_INFDROP)
+
+/********************************************************************/
+/* Data types */
+/********************************************************************/
+
+/* Beginning of the Tx descriptor, used in TxExc handling */
+struct hermes_txexc_data {
+ struct hermes_tx_descriptor desc;
+ __le16 frame_ctl;
+ __le16 duration_id;
+ u8 addr1[ETH_ALEN];
+} __packed;
+
+/* Rx frame header except compatibility 802.3 header */
+struct hermes_rx_descriptor {
+ /* Control */
+ __le16 status;
+ __le32 time;
+ u8 silence;
+ u8 signal;
+ u8 rate;
+ u8 rxflow;
+ __le32 reserved;
+
+ /* 802.11 header */
+ __le16 frame_ctl;
+ __le16 duration_id;
+ u8 addr1[ETH_ALEN];
+ u8 addr2[ETH_ALEN];
+ u8 addr3[ETH_ALEN];
+ __le16 seq_ctl;
+ u8 addr4[ETH_ALEN];
+
+ /* Data length */
+ __le16 data_len;
+} __packed;
+
+struct orinoco_rx_data {
+ struct hermes_rx_descriptor *desc;
+ struct sk_buff *skb;
+ struct list_head list;
+};
+
+struct orinoco_scan_data {
+ void *buf;
+ size_t len;
+ int type;
+ struct list_head list;
+};
+
+/********************************************************************/
+/* Function prototypes */
+/********************************************************************/
+
+static int __orinoco_set_multicast_list(struct net_device *dev);
+static int __orinoco_up(struct orinoco_private *priv);
+static int __orinoco_down(struct orinoco_private *priv);
+static int __orinoco_commit(struct orinoco_private *priv);
+
+/********************************************************************/
+/* Internal helper functions */
+/********************************************************************/
+
+void set_port_type(struct orinoco_private *priv)
+{
+ switch (priv->iw_mode) {
+ case NL80211_IFTYPE_STATION:
+ priv->port_type = 1;
+ priv->createibss = 0;
+ break;
+ case NL80211_IFTYPE_ADHOC:
+ if (priv->prefer_port3) {
+ priv->port_type = 3;
+ priv->createibss = 0;
+ } else {
+ priv->port_type = priv->ibss_port;
+ priv->createibss = 1;
+ }
+ break;
+ case NL80211_IFTYPE_MONITOR:
+ priv->port_type = 3;
+ priv->createibss = 0;
+ break;
+ default:
+ printk(KERN_ERR "%s: Invalid priv->iw_mode in set_port_type()\n",
+ priv->ndev->name);
+ }
+}
+
+/********************************************************************/
+/* Device methods */
+/********************************************************************/
+
+int orinoco_open(struct net_device *dev)
+{
+ struct orinoco_private *priv = ndev_priv(dev);
+ unsigned long flags;
+ int err;
+
+ if (orinoco_lock(priv, &flags) != 0)
+ return -EBUSY;
+
+ err = __orinoco_up(priv);
+
+ if (!err)
+ priv->open = 1;
+
+ orinoco_unlock(priv, &flags);
+
+ return err;
+}
+EXPORT_SYMBOL(orinoco_open);
+
+int orinoco_stop(struct net_device *dev)
+{
+ struct orinoco_private *priv = ndev_priv(dev);
+ int err = 0;
+
+ /* We mustn't use orinoco_lock() here, because we need to be
+ able to close the interface even if hw_unavailable is set
+ (e.g. as we're released after a PC Card removal) */
+ orinoco_lock_irq(priv);
+
+ priv->open = 0;
+
+ err = __orinoco_down(priv);
+
+ orinoco_unlock_irq(priv);
+
+ return err;
+}
+EXPORT_SYMBOL(orinoco_stop);
+
+void orinoco_set_multicast_list(struct net_device *dev)
+{
+ struct orinoco_private *priv = ndev_priv(dev);
+ unsigned long flags;
+
+ if (orinoco_lock(priv, &flags) != 0) {
+ printk(KERN_DEBUG "%s: orinoco_set_multicast_list() "
+ "called when hw_unavailable\n", dev->name);
+ return;
+ }
+
+ __orinoco_set_multicast_list(dev);
+ orinoco_unlock(priv, &flags);
+}
+EXPORT_SYMBOL(orinoco_set_multicast_list);
+
+int orinoco_change_mtu(struct net_device *dev, int new_mtu)
+{
+ struct orinoco_private *priv = ndev_priv(dev);
+
+ /* MTU + encapsulation + header length */
+ if ((new_mtu + ENCAPS_OVERHEAD + sizeof(struct ieee80211_hdr)) >
+ (priv->nicbuf_size - ETH_HLEN))
+ return -EINVAL;
+
+ dev->mtu = new_mtu;
+
+ return 0;
+}
+EXPORT_SYMBOL(orinoco_change_mtu);
+
+/********************************************************************/
+/* Tx path */
+/********************************************************************/
+
+/* Add encapsulation and MIC to the existing SKB.
+ * The main xmit routine will then send the whole lot to the card.
+ * Need 8 bytes headroom
+ * Need 8 bytes tailroom
+ *
+ * With encapsulated ethernet II frame
+ * --------
+ * 803.3 header (14 bytes)
+ * dst[6]
+ * -------- src[6]
+ * 803.3 header (14 bytes) len[2]
+ * dst[6] 803.2 header (8 bytes)
+ * src[6] encaps[6]
+ * len[2] <- leave alone -> len[2]
+ * -------- -------- <-- 0
+ * Payload Payload
+ * ... ...
+ *
+ * -------- --------
+ * MIC (8 bytes)
+ * --------
+ *
+ * returns 0 on success, -ENOMEM on error.
+ */
+int orinoco_process_xmit_skb(struct sk_buff *skb,
+ struct net_device *dev,
+ struct orinoco_private *priv,
+ int *tx_control,
+ u8 *mic_buf)
+{
+ struct orinoco_tkip_key *key;
+ struct ethhdr *eh;
+ int do_mic;
+
+ key = (struct orinoco_tkip_key *) priv->keys[priv->tx_key].key;
+
+ do_mic = ((priv->encode_alg == ORINOCO_ALG_TKIP) &&
+ (key != NULL));
+
+ if (do_mic)
+ *tx_control |= (priv->tx_key << HERMES_MIC_KEY_ID_SHIFT) |
+ HERMES_TXCTRL_MIC;
+
+ eh = (struct ethhdr *)skb->data;
+
+ /* Encapsulate Ethernet-II frames */
+ if (ntohs(eh->h_proto) > ETH_DATA_LEN) { /* Ethernet-II frame */
+ struct header_struct {
+ struct ethhdr eth; /* 802.3 header */
+ u8 encap[6]; /* 802.2 header */
+ } __packed hdr;
+ int len = skb->len + sizeof(encaps_hdr) - (2 * ETH_ALEN);
+
+ if (skb_headroom(skb) < ENCAPS_OVERHEAD) {
+ if (net_ratelimit())
+ printk(KERN_ERR
+ "%s: Not enough headroom for 802.2 headers %d\n",
+ dev->name, skb_headroom(skb));
+ return -ENOMEM;
+ }
+
+ /* Fill in new header */
+ memcpy(&hdr.eth, eh, 2 * ETH_ALEN);
+ hdr.eth.h_proto = htons(len);
+ memcpy(hdr.encap, encaps_hdr, sizeof(encaps_hdr));
+
+ /* Make room for the new header, and copy it in */
+ eh = skb_push(skb, ENCAPS_OVERHEAD);
+ memcpy(eh, &hdr, sizeof(hdr));
+ }
+
+ /* Calculate Michael MIC */
+ if (do_mic) {
+ size_t len = skb->len - ETH_HLEN;
+ u8 *mic = &mic_buf[0];
+
+ /* Have to write to an even address, so copy the spare
+ * byte across */
+ if (skb->len % 2) {
+ *mic = skb->data[skb->len - 1];
+ mic++;
+ }
+
+ orinoco_mic(priv->tx_tfm_mic, key->tx_mic,
+ eh->h_dest, eh->h_source, 0 /* priority */,
+ skb->data + ETH_HLEN,
+ len, mic);
+ }
+
+ return 0;
+}
+EXPORT_SYMBOL(orinoco_process_xmit_skb);
+
+static netdev_tx_t orinoco_xmit(struct sk_buff *skb, struct net_device *dev)
+{
+ struct orinoco_private *priv = ndev_priv(dev);
+ struct net_device_stats *stats = &dev->stats;
+ struct hermes *hw = &priv->hw;
+ int err = 0;
+ u16 txfid = priv->txfid;
+ int tx_control;
+ unsigned long flags;
+ u8 mic_buf[MICHAEL_MIC_LEN + 1];
+
+ if (!netif_running(dev)) {
+ printk(KERN_ERR "%s: Tx on stopped device!\n",
+ dev->name);
+ return NETDEV_TX_BUSY;
+ }
+
+ if (netif_queue_stopped(dev)) {
+ printk(KERN_DEBUG "%s: Tx while transmitter busy!\n",
+ dev->name);
+ return NETDEV_TX_BUSY;
+ }
+
+ if (orinoco_lock(priv, &flags) != 0) {
+ printk(KERN_ERR "%s: orinoco_xmit() called while hw_unavailable\n",
+ dev->name);
+ return NETDEV_TX_BUSY;
+ }
+
+ if (!netif_carrier_ok(dev) ||
+ (priv->iw_mode == NL80211_IFTYPE_MONITOR)) {
+ /* Oops, the firmware hasn't established a connection,
+ silently drop the packet (this seems to be the
+ safest approach). */
+ goto drop;
+ }
+
+ /* Check packet length */
+ if (skb->len < ETH_HLEN)
+ goto drop;
+
+ tx_control = HERMES_TXCTRL_TX_OK | HERMES_TXCTRL_TX_EX;
+
+ err = orinoco_process_xmit_skb(skb, dev, priv, &tx_control,
+ &mic_buf[0]);
+ if (err)
+ goto drop;
+
+ if (priv->has_alt_txcntl) {
+ /* WPA enabled firmwares have tx_cntl at the end of
+ * the 802.11 header. So write zeroed descriptor and
+ * 802.11 header at the same time
+ */
+ char desc[HERMES_802_3_OFFSET];
+ __le16 *txcntl = (__le16 *) &desc[HERMES_TXCNTL2_OFFSET];
+
+ memset(&desc, 0, sizeof(desc));
+
+ *txcntl = cpu_to_le16(tx_control);
+ err = hw->ops->bap_pwrite(hw, USER_BAP, &desc, sizeof(desc),
+ txfid, 0);
+ if (err) {
+ if (net_ratelimit())
+ printk(KERN_ERR "%s: Error %d writing Tx "
+ "descriptor to BAP\n", dev->name, err);
+ goto busy;
+ }
+ } else {
+ struct hermes_tx_descriptor desc;
+
+ memset(&desc, 0, sizeof(desc));
+
+ desc.tx_control = cpu_to_le16(tx_control);
+ err = hw->ops->bap_pwrite(hw, USER_BAP, &desc, sizeof(desc),
+ txfid, 0);
+ if (err) {
+ if (net_ratelimit())
+ printk(KERN_ERR "%s: Error %d writing Tx "
+ "descriptor to BAP\n", dev->name, err);
+ goto busy;
+ }
+
+ /* Clear the 802.11 header and data length fields - some
+ * firmwares (e.g. Lucent/Agere 8.xx) appear to get confused
+ * if this isn't done. */
+ hermes_clear_words(hw, HERMES_DATA0,
+ HERMES_802_3_OFFSET - HERMES_802_11_OFFSET);
+ }
+
+ err = hw->ops->bap_pwrite(hw, USER_BAP, skb->data, skb->len,
+ txfid, HERMES_802_3_OFFSET);
+ if (err) {
+ printk(KERN_ERR "%s: Error %d writing packet to BAP\n",
+ dev->name, err);
+ goto busy;
+ }
+
+ if (tx_control & HERMES_TXCTRL_MIC) {
+ size_t offset = HERMES_802_3_OFFSET + skb->len;
+ size_t len = MICHAEL_MIC_LEN;
+
+ if (offset % 2) {
+ offset--;
+ len++;
+ }
+ err = hw->ops->bap_pwrite(hw, USER_BAP, &mic_buf[0], len,
+ txfid, offset);
+ if (err) {
+ printk(KERN_ERR "%s: Error %d writing MIC to BAP\n",
+ dev->name, err);
+ goto busy;
+ }
+ }
+
+ /* Finally, we actually initiate the send */
+ netif_stop_queue(dev);
+
+ err = hw->ops->cmd_wait(hw, HERMES_CMD_TX | HERMES_CMD_RECL,
+ txfid, NULL);
+ if (err) {
+ netif_start_queue(dev);
+ if (net_ratelimit())
+ printk(KERN_ERR "%s: Error %d transmitting packet\n",
+ dev->name, err);
+ goto busy;
+ }
+
+ stats->tx_bytes += HERMES_802_3_OFFSET + skb->len;
+ goto ok;
+
+ drop:
+ stats->tx_errors++;
+ stats->tx_dropped++;
+
+ ok:
+ orinoco_unlock(priv, &flags);
+ dev_kfree_skb(skb);
+ return NETDEV_TX_OK;
+
+ busy:
+ if (err == -EIO)
+ schedule_work(&priv->reset_work);
+ orinoco_unlock(priv, &flags);
+ return NETDEV_TX_BUSY;
+}
+
+static void __orinoco_ev_alloc(struct net_device *dev, struct hermes *hw)
+{
+ struct orinoco_private *priv = ndev_priv(dev);
+ u16 fid = hermes_read_regn(hw, ALLOCFID);
+
+ if (fid != priv->txfid) {
+ if (fid != DUMMY_FID)
+ printk(KERN_WARNING "%s: Allocate event on unexpected fid (%04X)\n",
+ dev->name, fid);
+ return;
+ }
+
+ hermes_write_regn(hw, ALLOCFID, DUMMY_FID);
+}
+
+static void __orinoco_ev_tx(struct net_device *dev, struct hermes *hw)
+{
+ dev->stats.tx_packets++;
+
+ netif_wake_queue(dev);
+
+ hermes_write_regn(hw, TXCOMPLFID, DUMMY_FID);
+}
+
+static void __orinoco_ev_txexc(struct net_device *dev, struct hermes *hw)
+{
+ struct net_device_stats *stats = &dev->stats;
+ u16 fid = hermes_read_regn(hw, TXCOMPLFID);
+ u16 status;
+ struct hermes_txexc_data hdr;
+ int err = 0;
+
+ if (fid == DUMMY_FID)
+ return; /* Nothing's really happened */
+
+ /* Read part of the frame header - we need status and addr1 */
+ err = hw->ops->bap_pread(hw, IRQ_BAP, &hdr,
+ sizeof(struct hermes_txexc_data),
+ fid, 0);
+
+ hermes_write_regn(hw, TXCOMPLFID, DUMMY_FID);
+ stats->tx_errors++;
+
+ if (err) {
+ printk(KERN_WARNING "%s: Unable to read descriptor on Tx error "
+ "(FID=%04X error %d)\n",
+ dev->name, fid, err);
+ return;
+ }
+
+ DEBUG(1, "%s: Tx error, err %d (FID=%04X)\n", dev->name,
+ err, fid);
+
+ /* We produce a TXDROP event only for retry or lifetime
+ * exceeded, because that's the only status that really mean
+ * that this particular node went away.
+ * Other errors means that *we* screwed up. - Jean II */
+ status = le16_to_cpu(hdr.desc.status);
+ if (status & (HERMES_TXSTAT_RETRYERR | HERMES_TXSTAT_AGEDERR)) {
+ union iwreq_data wrqu;
+
+ /* Copy 802.11 dest address.
+ * We use the 802.11 header because the frame may
+ * not be 802.3 or may be mangled...
+ * In Ad-Hoc mode, it will be the node address.
+ * In managed mode, it will be most likely the AP addr
+ * User space will figure out how to convert it to
+ * whatever it needs (IP address or else).
+ * - Jean II */
+ memcpy(wrqu.addr.sa_data, hdr.addr1, ETH_ALEN);
+ wrqu.addr.sa_family = ARPHRD_ETHER;
+
+ /* Send event to user space */
+ wireless_send_event(dev, IWEVTXDROP, &wrqu, NULL);
+ }
+
+ netif_wake_queue(dev);
+}
+
+void orinoco_tx_timeout(struct net_device *dev, unsigned int txqueue)
+{
+ struct orinoco_private *priv = ndev_priv(dev);
+ struct net_device_stats *stats = &dev->stats;
+ struct hermes *hw = &priv->hw;
+
+ printk(KERN_WARNING "%s: Tx timeout! "
+ "ALLOCFID=%04x, TXCOMPLFID=%04x, EVSTAT=%04x\n",
+ dev->name, hermes_read_regn(hw, ALLOCFID),
+ hermes_read_regn(hw, TXCOMPLFID), hermes_read_regn(hw, EVSTAT));
+
+ stats->tx_errors++;
+
+ schedule_work(&priv->reset_work);
+}
+EXPORT_SYMBOL(orinoco_tx_timeout);
+
+/********************************************************************/
+/* Rx path (data frames) */
+/********************************************************************/
+
+/* Does the frame have a SNAP header indicating it should be
+ * de-encapsulated to Ethernet-II? */
+static inline int is_ethersnap(void *_hdr)
+{
+ u8 *hdr = _hdr;
+
+ /* We de-encapsulate all packets which, a) have SNAP headers
+ * (i.e. SSAP=DSAP=0xaa and CTRL=0x3 in the 802.2 LLC header
+ * and where b) the OUI of the SNAP header is 00:00:00 or
+ * 00:00:f8 - we need both because different APs appear to use
+ * different OUIs for some reason */
+ return (memcmp(hdr, &encaps_hdr, 5) == 0)
+ && ((hdr[5] == 0x00) || (hdr[5] == 0xf8));
+}
+
+static inline void orinoco_spy_gather(struct net_device *dev, u_char *mac,
+ int level, int noise)
+{
+ struct iw_quality wstats;
+ wstats.level = level - 0x95;
+ wstats.noise = noise - 0x95;
+ wstats.qual = (level > noise) ? (level - noise) : 0;
+ wstats.updated = IW_QUAL_ALL_UPDATED | IW_QUAL_DBM;
+ /* Update spy records */
+ wireless_spy_update(dev, mac, &wstats);
+}
+
+static void orinoco_stat_gather(struct net_device *dev,
+ struct sk_buff *skb,
+ struct hermes_rx_descriptor *desc)
+{
+ struct orinoco_private *priv = ndev_priv(dev);
+
+ /* Using spy support with lots of Rx packets, like in an
+ * infrastructure (AP), will really slow down everything, because
+ * the MAC address must be compared to each entry of the spy list.
+ * If the user really asks for it (set some address in the
+ * spy list), we do it, but he will pay the price.
+ * Note that to get here, you need both WIRELESS_SPY
+ * compiled in AND some addresses in the list !!!
+ */
+ /* Note : gcc will optimise the whole section away if
+ * WIRELESS_SPY is not defined... - Jean II */
+ if (SPY_NUMBER(priv)) {
+ orinoco_spy_gather(dev, skb_mac_header(skb) + ETH_ALEN,
+ desc->signal, desc->silence);
+ }
+}
+
+/*
+ * orinoco_rx_monitor - handle received monitor frames.
+ *
+ * Arguments:
+ * dev network device
+ * rxfid received FID
+ * desc rx descriptor of the frame
+ *
+ * Call context: interrupt
+ */
+static void orinoco_rx_monitor(struct net_device *dev, u16 rxfid,
+ struct hermes_rx_descriptor *desc)
+{
+ u32 hdrlen = 30; /* return full header by default */
+ u32 datalen = 0;
+ u16 fc;
+ int err;
+ int len;
+ struct sk_buff *skb;
+ struct orinoco_private *priv = ndev_priv(dev);
+ struct net_device_stats *stats = &dev->stats;
+ struct hermes *hw = &priv->hw;
+
+ len = le16_to_cpu(desc->data_len);
+
+ /* Determine the size of the header and the data */
+ fc = le16_to_cpu(desc->frame_ctl);
+ switch (fc & IEEE80211_FCTL_FTYPE) {
+ case IEEE80211_FTYPE_DATA:
+ if ((fc & IEEE80211_FCTL_TODS)
+ && (fc & IEEE80211_FCTL_FROMDS))
+ hdrlen = 30;
+ else
+ hdrlen = 24;
+ datalen = len;
+ break;
+ case IEEE80211_FTYPE_MGMT:
+ hdrlen = 24;
+ datalen = len;
+ break;
+ case IEEE80211_FTYPE_CTL:
+ switch (fc & IEEE80211_FCTL_STYPE) {
+ case IEEE80211_STYPE_PSPOLL:
+ case IEEE80211_STYPE_RTS:
+ case IEEE80211_STYPE_CFEND:
+ case IEEE80211_STYPE_CFENDACK:
+ hdrlen = 16;
+ break;
+ case IEEE80211_STYPE_CTS:
+ case IEEE80211_STYPE_ACK:
+ hdrlen = 10;
+ break;
+ }
+ break;
+ default:
+ /* Unknown frame type */
+ break;
+ }
+
+ /* sanity check the length */
+ if (datalen > IEEE80211_MAX_DATA_LEN + 12) {
+ printk(KERN_DEBUG "%s: oversized monitor frame, "
+ "data length = %d\n", dev->name, datalen);
+ stats->rx_length_errors++;
+ goto update_stats;
+ }
+
+ skb = dev_alloc_skb(hdrlen + datalen);
+ if (!skb) {
+ printk(KERN_WARNING "%s: Cannot allocate skb for monitor frame\n",
+ dev->name);
+ goto update_stats;
+ }
+
+ /* Copy the 802.11 header to the skb */
+ skb_put_data(skb, &(desc->frame_ctl), hdrlen);
+ skb_reset_mac_header(skb);
+
+ /* If any, copy the data from the card to the skb */
+ if (datalen > 0) {
+ err = hw->ops->bap_pread(hw, IRQ_BAP, skb_put(skb, datalen),
+ ALIGN(datalen, 2), rxfid,
+ HERMES_802_2_OFFSET);
+ if (err) {
+ printk(KERN_ERR "%s: error %d reading monitor frame\n",
+ dev->name, err);
+ goto drop;
+ }
+ }
+
+ skb->dev = dev;
+ skb->ip_summed = CHECKSUM_NONE;
+ skb->pkt_type = PACKET_OTHERHOST;
+ skb->protocol = cpu_to_be16(ETH_P_802_2);
+
+ stats->rx_packets++;
+ stats->rx_bytes += skb->len;
+
+ netif_rx(skb);
+ return;
+
+ drop:
+ dev_kfree_skb_irq(skb);
+ update_stats:
+ stats->rx_errors++;
+ stats->rx_dropped++;
+}
+
+void __orinoco_ev_rx(struct net_device *dev, struct hermes *hw)
+{
+ struct orinoco_private *priv = ndev_priv(dev);
+ struct net_device_stats *stats = &dev->stats;
+ struct iw_statistics *wstats = &priv->wstats;
+ struct sk_buff *skb = NULL;
+ u16 rxfid, status;
+ int length;
+ struct hermes_rx_descriptor *desc;
+ struct orinoco_rx_data *rx_data;
+ int err;
+
+ desc = kmalloc(sizeof(*desc), GFP_ATOMIC);
+ if (!desc)
+ goto update_stats;
+
+ rxfid = hermes_read_regn(hw, RXFID);
+
+ err = hw->ops->bap_pread(hw, IRQ_BAP, desc, sizeof(*desc),
+ rxfid, 0);
+ if (err) {
+ printk(KERN_ERR "%s: error %d reading Rx descriptor. "
+ "Frame dropped.\n", dev->name, err);
+ goto update_stats;
+ }
+
+ status = le16_to_cpu(desc->status);
+
+ if (status & HERMES_RXSTAT_BADCRC) {
+ DEBUG(1, "%s: Bad CRC on Rx. Frame dropped.\n",
+ dev->name);
+ stats->rx_crc_errors++;
+ goto update_stats;
+ }
+
+ /* Handle frames in monitor mode */
+ if (priv->iw_mode == NL80211_IFTYPE_MONITOR) {
+ orinoco_rx_monitor(dev, rxfid, desc);
+ goto out;
+ }
+
+ if (status & HERMES_RXSTAT_UNDECRYPTABLE) {
+ DEBUG(1, "%s: Undecryptable frame on Rx. Frame dropped.\n",
+ dev->name);
+ wstats->discard.code++;
+ goto update_stats;
+ }
+
+ length = le16_to_cpu(desc->data_len);
+
+ /* Sanity checks */
+ if (length < 3) { /* No for even an 802.2 LLC header */
+ /* At least on Symbol firmware with PCF we get quite a
+ lot of these legitimately - Poll frames with no
+ data. */
+ goto out;
+ }
+ if (length > IEEE80211_MAX_DATA_LEN) {
+ printk(KERN_WARNING "%s: Oversized frame received (%d bytes)\n",
+ dev->name, length);
+ stats->rx_length_errors++;
+ goto update_stats;
+ }
+
+ /* Payload size does not include Michael MIC. Increase payload
+ * size to read it together with the data. */
+ if (status & HERMES_RXSTAT_MIC)
+ length += MICHAEL_MIC_LEN;
+
+ /* We need space for the packet data itself, plus an ethernet
+ header, plus 2 bytes so we can align the IP header on a
+ 32bit boundary, plus 1 byte so we can read in odd length
+ packets from the card, which has an IO granularity of 16
+ bits */
+ skb = dev_alloc_skb(length + ETH_HLEN + 2 + 1);
+ if (!skb) {
+ printk(KERN_WARNING "%s: Can't allocate skb for Rx\n",
+ dev->name);
+ goto update_stats;
+ }
+
+ /* We'll prepend the header, so reserve space for it. The worst
+ case is no decapsulation, when 802.3 header is prepended and
+ nothing is removed. 2 is for aligning the IP header. */
+ skb_reserve(skb, ETH_HLEN + 2);
+
+ err = hw->ops->bap_pread(hw, IRQ_BAP, skb_put(skb, length),
+ ALIGN(length, 2), rxfid,
+ HERMES_802_2_OFFSET);
+ if (err) {
+ printk(KERN_ERR "%s: error %d reading frame. "
+ "Frame dropped.\n", dev->name, err);
+ goto drop;
+ }
+
+ /* Add desc and skb to rx queue */
+ rx_data = kzalloc(sizeof(*rx_data), GFP_ATOMIC);
+ if (!rx_data)
+ goto drop;
+
+ rx_data->desc = desc;
+ rx_data->skb = skb;
+ list_add_tail(&rx_data->list, &priv->rx_list);
+ tasklet_schedule(&priv->rx_tasklet);
+
+ return;
+
+drop:
+ dev_kfree_skb_irq(skb);
+update_stats:
+ stats->rx_errors++;
+ stats->rx_dropped++;
+out:
+ kfree(desc);
+}
+EXPORT_SYMBOL(__orinoco_ev_rx);
+
+static void orinoco_rx(struct net_device *dev,
+ struct hermes_rx_descriptor *desc,
+ struct sk_buff *skb)
+{
+ struct orinoco_private *priv = ndev_priv(dev);
+ struct net_device_stats *stats = &dev->stats;
+ u16 status, fc;
+ int length;
+ struct ethhdr *hdr;
+
+ status = le16_to_cpu(desc->status);
+ length = le16_to_cpu(desc->data_len);
+ fc = le16_to_cpu(desc->frame_ctl);
+
+ /* Calculate and check MIC */
+ if (status & HERMES_RXSTAT_MIC) {
+ struct orinoco_tkip_key *key;
+ int key_id = ((status & HERMES_RXSTAT_MIC_KEY_ID) >>
+ HERMES_MIC_KEY_ID_SHIFT);
+ u8 mic[MICHAEL_MIC_LEN];
+ u8 *rxmic;
+ u8 *src = (fc & IEEE80211_FCTL_FROMDS) ?
+ desc->addr3 : desc->addr2;
+
+ /* Extract Michael MIC from payload */
+ rxmic = skb->data + skb->len - MICHAEL_MIC_LEN;
+
+ skb_trim(skb, skb->len - MICHAEL_MIC_LEN);
+ length -= MICHAEL_MIC_LEN;
+
+ key = (struct orinoco_tkip_key *) priv->keys[key_id].key;
+
+ if (!key) {
+ printk(KERN_WARNING "%s: Received encrypted frame from "
+ "%pM using key %i, but key is not installed\n",
+ dev->name, src, key_id);
+ goto drop;
+ }
+
+ orinoco_mic(priv->rx_tfm_mic, key->rx_mic, desc->addr1, src,
+ 0, /* priority or QoS? */
+ skb->data, skb->len, &mic[0]);
+
+ if (memcmp(mic, rxmic,
+ MICHAEL_MIC_LEN)) {
+ union iwreq_data wrqu;
+ struct iw_michaelmicfailure wxmic;
+
+ printk(KERN_WARNING "%s: "
+ "Invalid Michael MIC in data frame from %pM, "
+ "using key %i\n",
+ dev->name, src, key_id);
+
+ /* TODO: update stats */
+
+ /* Notify userspace */
+ memset(&wxmic, 0, sizeof(wxmic));
+ wxmic.flags = key_id & IW_MICFAILURE_KEY_ID;
+ wxmic.flags |= (desc->addr1[0] & 1) ?
+ IW_MICFAILURE_GROUP : IW_MICFAILURE_PAIRWISE;
+ wxmic.src_addr.sa_family = ARPHRD_ETHER;
+ memcpy(wxmic.src_addr.sa_data, src, ETH_ALEN);
+
+ (void) orinoco_hw_get_tkip_iv(priv, key_id,
+ &wxmic.tsc[0]);
+
+ memset(&wrqu, 0, sizeof(wrqu));
+ wrqu.data.length = sizeof(wxmic);
+ wireless_send_event(dev, IWEVMICHAELMICFAILURE, &wrqu,
+ (char *) &wxmic);
+
+ goto drop;
+ }
+ }
+
+ /* Handle decapsulation
+ * In most cases, the firmware tell us about SNAP frames.
+ * For some reason, the SNAP frames sent by LinkSys APs
+ * are not properly recognised by most firmwares.
+ * So, check ourselves */
+ if (length >= ENCAPS_OVERHEAD &&
+ (((status & HERMES_RXSTAT_MSGTYPE) == HERMES_RXSTAT_1042) ||
+ ((status & HERMES_RXSTAT_MSGTYPE) == HERMES_RXSTAT_TUNNEL) ||
+ is_ethersnap(skb->data))) {
+ /* These indicate a SNAP within 802.2 LLC within
+ 802.11 frame which we'll need to de-encapsulate to
+ the original EthernetII frame. */
+ hdr = skb_push(skb, ETH_HLEN - ENCAPS_OVERHEAD);
+ } else {
+ /* 802.3 frame - prepend 802.3 header as is */
+ hdr = skb_push(skb, ETH_HLEN);
+ hdr->h_proto = htons(length);
+ }
+ memcpy(hdr->h_dest, desc->addr1, ETH_ALEN);
+ if (fc & IEEE80211_FCTL_FROMDS)
+ memcpy(hdr->h_source, desc->addr3, ETH_ALEN);
+ else
+ memcpy(hdr->h_source, desc->addr2, ETH_ALEN);
+
+ skb->protocol = eth_type_trans(skb, dev);
+ skb->ip_summed = CHECKSUM_NONE;
+ if (fc & IEEE80211_FCTL_TODS)
+ skb->pkt_type = PACKET_OTHERHOST;
+
+ /* Process the wireless stats if needed */
+ orinoco_stat_gather(dev, skb, desc);
+
+ /* Pass the packet to the networking stack */
+ netif_rx(skb);
+ stats->rx_packets++;
+ stats->rx_bytes += length;
+
+ return;
+
+ drop:
+ dev_kfree_skb(skb);
+ stats->rx_errors++;
+ stats->rx_dropped++;
+}
+
+static void orinoco_rx_isr_tasklet(struct tasklet_struct *t)
+{
+ struct orinoco_private *priv = from_tasklet(priv, t, rx_tasklet);
+ struct net_device *dev = priv->ndev;
+ struct orinoco_rx_data *rx_data, *temp;
+ struct hermes_rx_descriptor *desc;
+ struct sk_buff *skb;
+ unsigned long flags;
+
+ /* orinoco_rx requires the driver lock, and we also need to
+ * protect priv->rx_list, so just hold the lock over the
+ * lot.
+ *
+ * If orinoco_lock fails, we've unplugged the card. In this
+ * case just abort. */
+ if (orinoco_lock(priv, &flags) != 0)
+ return;
+
+ /* extract desc and skb from queue */
+ list_for_each_entry_safe(rx_data, temp, &priv->rx_list, list) {
+ desc = rx_data->desc;
+ skb = rx_data->skb;
+ list_del(&rx_data->list);
+ kfree(rx_data);
+
+ orinoco_rx(dev, desc, skb);
+
+ kfree(desc);
+ }
+
+ orinoco_unlock(priv, &flags);
+}
+
+/********************************************************************/
+/* Rx path (info frames) */
+/********************************************************************/
+
+static void print_linkstatus(struct net_device *dev, u16 status)
+{
+ char *s;
+
+ if (suppress_linkstatus)
+ return;
+
+ switch (status) {
+ case HERMES_LINKSTATUS_NOT_CONNECTED:
+ s = "Not Connected";
+ break;
+ case HERMES_LINKSTATUS_CONNECTED:
+ s = "Connected";
+ break;
+ case HERMES_LINKSTATUS_DISCONNECTED:
+ s = "Disconnected";
+ break;
+ case HERMES_LINKSTATUS_AP_CHANGE:
+ s = "AP Changed";
+ break;
+ case HERMES_LINKSTATUS_AP_OUT_OF_RANGE:
+ s = "AP Out of Range";
+ break;
+ case HERMES_LINKSTATUS_AP_IN_RANGE:
+ s = "AP In Range";
+ break;
+ case HERMES_LINKSTATUS_ASSOC_FAILED:
+ s = "Association Failed";
+ break;
+ default:
+ s = "UNKNOWN";
+ }
+
+ printk(KERN_DEBUG "%s: New link status: %s (%04x)\n",
+ dev->name, s, status);
+}
+
+/* Search scan results for requested BSSID, join it if found */
+static void orinoco_join_ap(struct work_struct *work)
+{
+ struct orinoco_private *priv =
+ container_of(work, struct orinoco_private, join_work);
+ struct net_device *dev = priv->ndev;
+ struct hermes *hw = &priv->hw;
+ int err;
+ unsigned long flags;
+ struct join_req {
+ u8 bssid[ETH_ALEN];
+ __le16 channel;
+ } __packed req;
+ const int atom_len = offsetof(struct prism2_scan_apinfo, atim);
+ struct prism2_scan_apinfo *atom = NULL;
+ int offset = 4;
+ int found = 0;
+ u8 *buf;
+ u16 len;
+
+ /* Allocate buffer for scan results */
+ buf = kmalloc(MAX_SCAN_LEN, GFP_KERNEL);
+ if (!buf)
+ return;
+
+ if (orinoco_lock(priv, &flags) != 0)
+ goto fail_lock;
+
+ /* Sanity checks in case user changed something in the meantime */
+ if (!priv->bssid_fixed)
+ goto out;
+
+ if (strlen(priv->desired_essid) == 0)
+ goto out;
+
+ /* Read scan results from the firmware */
+ err = hw->ops->read_ltv(hw, USER_BAP,
+ HERMES_RID_SCANRESULTSTABLE,
+ MAX_SCAN_LEN, &len, buf);
+ if (err) {
+ printk(KERN_ERR "%s: Cannot read scan results\n",
+ dev->name);
+ goto out;
+ }
+
+ len = HERMES_RECLEN_TO_BYTES(len);
+
+ /* Go through the scan results looking for the channel of the AP
+ * we were requested to join */
+ for (; offset + atom_len <= len; offset += atom_len) {
+ atom = (struct prism2_scan_apinfo *) (buf + offset);
+ if (memcmp(&atom->bssid, priv->desired_bssid, ETH_ALEN) == 0) {
+ found = 1;
+ break;
+ }
+ }
+
+ if (!found) {
+ DEBUG(1, "%s: Requested AP not found in scan results\n",
+ dev->name);
+ goto out;
+ }
+
+ memcpy(req.bssid, priv->desired_bssid, ETH_ALEN);
+ req.channel = atom->channel; /* both are little-endian */
+ err = HERMES_WRITE_RECORD(hw, USER_BAP, HERMES_RID_CNFJOINREQUEST,
+ &req);
+ if (err)
+ printk(KERN_ERR "%s: Error issuing join request\n", dev->name);
+
+ out:
+ orinoco_unlock(priv, &flags);
+
+ fail_lock:
+ kfree(buf);
+}
+
+/* Send new BSSID to userspace */
+static void orinoco_send_bssid_wevent(struct orinoco_private *priv)
+{
+ struct net_device *dev = priv->ndev;
+ struct hermes *hw = &priv->hw;
+ union iwreq_data wrqu;
+ int err;
+
+ err = hw->ops->read_ltv(hw, USER_BAP, HERMES_RID_CURRENTBSSID,
+ ETH_ALEN, NULL, wrqu.ap_addr.sa_data);
+ if (err != 0)
+ return;
+
+ wrqu.ap_addr.sa_family = ARPHRD_ETHER;
+
+ /* Send event to user space */
+ wireless_send_event(dev, SIOCGIWAP, &wrqu, NULL);
+}
+
+static void orinoco_send_assocreqie_wevent(struct orinoco_private *priv)
+{
+ struct net_device *dev = priv->ndev;
+ struct hermes *hw = &priv->hw;
+ union iwreq_data wrqu;
+ int err;
+ u8 buf[88];
+ u8 *ie;
+
+ if (!priv->has_wpa)
+ return;
+
+ err = hw->ops->read_ltv(hw, USER_BAP, HERMES_RID_CURRENT_ASSOC_REQ_INFO,
+ sizeof(buf), NULL, &buf);
+ if (err != 0)
+ return;
+
+ ie = orinoco_get_wpa_ie(buf, sizeof(buf));
+ if (ie) {
+ int rem = sizeof(buf) - (ie - &buf[0]);
+ wrqu.data.length = ie[1] + 2;
+ if (wrqu.data.length > rem)
+ wrqu.data.length = rem;
+
+ if (wrqu.data.length)
+ /* Send event to user space */
+ wireless_send_event(dev, IWEVASSOCREQIE, &wrqu, ie);
+ }
+}
+
+static void orinoco_send_assocrespie_wevent(struct orinoco_private *priv)
+{
+ struct net_device *dev = priv->ndev;
+ struct hermes *hw = &priv->hw;
+ union iwreq_data wrqu;
+ int err;
+ u8 buf[88]; /* TODO: verify max size or IW_GENERIC_IE_MAX */
+ u8 *ie;
+
+ if (!priv->has_wpa)
+ return;
+
+ err = hw->ops->read_ltv(hw, USER_BAP,
+ HERMES_RID_CURRENT_ASSOC_RESP_INFO,
+ sizeof(buf), NULL, &buf);
+ if (err != 0)
+ return;
+
+ ie = orinoco_get_wpa_ie(buf, sizeof(buf));
+ if (ie) {
+ int rem = sizeof(buf) - (ie - &buf[0]);
+ wrqu.data.length = ie[1] + 2;
+ if (wrqu.data.length > rem)
+ wrqu.data.length = rem;
+
+ if (wrqu.data.length)
+ /* Send event to user space */
+ wireless_send_event(dev, IWEVASSOCRESPIE, &wrqu, ie);
+ }
+}
+
+static void orinoco_send_wevents(struct work_struct *work)
+{
+ struct orinoco_private *priv =
+ container_of(work, struct orinoco_private, wevent_work);
+ unsigned long flags;
+
+ if (orinoco_lock(priv, &flags) != 0)
+ return;
+
+ orinoco_send_assocreqie_wevent(priv);
+ orinoco_send_assocrespie_wevent(priv);
+ orinoco_send_bssid_wevent(priv);
+
+ orinoco_unlock(priv, &flags);
+}
+
+static void qbuf_scan(struct orinoco_private *priv, void *buf,
+ int len, int type)
+{
+ struct orinoco_scan_data *sd;
+ unsigned long flags;
+
+ sd = kmalloc(sizeof(*sd), GFP_ATOMIC);
+ if (!sd)
+ return;
+
+ sd->buf = buf;
+ sd->len = len;
+ sd->type = type;
+
+ spin_lock_irqsave(&priv->scan_lock, flags);
+ list_add_tail(&sd->list, &priv->scan_list);
+ spin_unlock_irqrestore(&priv->scan_lock, flags);
+
+ schedule_work(&priv->process_scan);
+}
+
+static void qabort_scan(struct orinoco_private *priv)
+{
+ struct orinoco_scan_data *sd;
+ unsigned long flags;
+
+ sd = kmalloc(sizeof(*sd), GFP_ATOMIC);
+ if (!sd)
+ return;
+
+ sd->len = -1; /* Abort */
+
+ spin_lock_irqsave(&priv->scan_lock, flags);
+ list_add_tail(&sd->list, &priv->scan_list);
+ spin_unlock_irqrestore(&priv->scan_lock, flags);
+
+ schedule_work(&priv->process_scan);
+}
+
+static void orinoco_process_scan_results(struct work_struct *work)
+{
+ struct orinoco_private *priv =
+ container_of(work, struct orinoco_private, process_scan);
+ struct orinoco_scan_data *sd, *temp;
+ unsigned long flags;
+ void *buf;
+ int len;
+ int type;
+
+ spin_lock_irqsave(&priv->scan_lock, flags);
+ list_for_each_entry_safe(sd, temp, &priv->scan_list, list) {
+
+ buf = sd->buf;
+ len = sd->len;
+ type = sd->type;
+
+ list_del(&sd->list);
+ spin_unlock_irqrestore(&priv->scan_lock, flags);
+ kfree(sd);
+
+ if (len > 0) {
+ if (type == HERMES_INQ_CHANNELINFO)
+ orinoco_add_extscan_result(priv, buf, len);
+ else
+ orinoco_add_hostscan_results(priv, buf, len);
+
+ kfree(buf);
+ } else {
+ /* Either abort or complete the scan */
+ orinoco_scan_done(priv, (len < 0));
+ }
+
+ spin_lock_irqsave(&priv->scan_lock, flags);
+ }
+ spin_unlock_irqrestore(&priv->scan_lock, flags);
+}
+
+void __orinoco_ev_info(struct net_device *dev, struct hermes *hw)
+{
+ struct orinoco_private *priv = ndev_priv(dev);
+ u16 infofid;
+ struct {
+ __le16 len;
+ __le16 type;
+ } __packed info;
+ int len, type;
+ int err;
+
+ /* This is an answer to an INQUIRE command that we did earlier,
+ * or an information "event" generated by the card
+ * The controller return to us a pseudo frame containing
+ * the information in question - Jean II */
+ infofid = hermes_read_regn(hw, INFOFID);
+
+ /* Read the info frame header - don't try too hard */
+ err = hw->ops->bap_pread(hw, IRQ_BAP, &info, sizeof(info),
+ infofid, 0);
+ if (err) {
+ printk(KERN_ERR "%s: error %d reading info frame. "
+ "Frame dropped.\n", dev->name, err);
+ return;
+ }
+
+ len = HERMES_RECLEN_TO_BYTES(le16_to_cpu(info.len));
+ type = le16_to_cpu(info.type);
+
+ switch (type) {
+ case HERMES_INQ_TALLIES: {
+ struct hermes_tallies_frame tallies;
+ struct iw_statistics *wstats = &priv->wstats;
+
+ if (len > sizeof(tallies)) {
+ printk(KERN_WARNING "%s: Tallies frame too long (%d bytes)\n",
+ dev->name, len);
+ len = sizeof(tallies);
+ }
+
+ err = hw->ops->bap_pread(hw, IRQ_BAP, &tallies, len,
+ infofid, sizeof(info));
+ if (err)
+ break;
+
+ /* Increment our various counters */
+ /* wstats->discard.nwid - no wrong BSSID stuff */
+ wstats->discard.code +=
+ le16_to_cpu(tallies.RxWEPUndecryptable);
+ if (len == sizeof(tallies))
+ wstats->discard.code +=
+ le16_to_cpu(tallies.RxDiscards_WEPICVError) +
+ le16_to_cpu(tallies.RxDiscards_WEPExcluded);
+ wstats->discard.misc +=
+ le16_to_cpu(tallies.TxDiscardsWrongSA);
+ wstats->discard.fragment +=
+ le16_to_cpu(tallies.RxMsgInBadMsgFragments);
+ wstats->discard.retries +=
+ le16_to_cpu(tallies.TxRetryLimitExceeded);
+ /* wstats->miss.beacon - no match */
+ }
+ break;
+ case HERMES_INQ_LINKSTATUS: {
+ struct hermes_linkstatus linkstatus;
+ u16 newstatus;
+ int connected;
+
+ if (priv->iw_mode == NL80211_IFTYPE_MONITOR)
+ break;
+
+ if (len != sizeof(linkstatus)) {
+ printk(KERN_WARNING "%s: Unexpected size for linkstatus frame (%d bytes)\n",
+ dev->name, len);
+ break;
+ }
+
+ err = hw->ops->bap_pread(hw, IRQ_BAP, &linkstatus, len,
+ infofid, sizeof(info));
+ if (err)
+ break;
+ newstatus = le16_to_cpu(linkstatus.linkstatus);
+
+ /* Symbol firmware uses "out of range" to signal that
+ * the hostscan frame can be requested. */
+ if (newstatus == HERMES_LINKSTATUS_AP_OUT_OF_RANGE &&
+ priv->firmware_type == FIRMWARE_TYPE_SYMBOL &&
+ priv->has_hostscan && priv->scan_request) {
+ hermes_inquire(hw, HERMES_INQ_HOSTSCAN_SYMBOL);
+ break;
+ }
+
+ connected = (newstatus == HERMES_LINKSTATUS_CONNECTED)
+ || (newstatus == HERMES_LINKSTATUS_AP_CHANGE)
+ || (newstatus == HERMES_LINKSTATUS_AP_IN_RANGE);
+
+ if (connected)
+ netif_carrier_on(dev);
+ else if (!ignore_disconnect)
+ netif_carrier_off(dev);
+
+ if (newstatus != priv->last_linkstatus) {
+ priv->last_linkstatus = newstatus;
+ print_linkstatus(dev, newstatus);
+ /* The info frame contains only one word which is the
+ * status (see hermes.h). The status is pretty boring
+ * in itself, that's why we export the new BSSID...
+ * Jean II */
+ schedule_work(&priv->wevent_work);
+ }
+ }
+ break;
+ case HERMES_INQ_SCAN:
+ if (!priv->scan_request && priv->bssid_fixed &&
+ priv->firmware_type == FIRMWARE_TYPE_INTERSIL) {
+ schedule_work(&priv->join_work);
+ break;
+ }
+ fallthrough;
+ case HERMES_INQ_HOSTSCAN:
+ case HERMES_INQ_HOSTSCAN_SYMBOL: {
+ /* Result of a scanning. Contains information about
+ * cells in the vicinity - Jean II */
+ unsigned char *buf;
+
+ /* Sanity check */
+ if (len > 4096) {
+ printk(KERN_WARNING "%s: Scan results too large (%d bytes)\n",
+ dev->name, len);
+ qabort_scan(priv);
+ break;
+ }
+
+ /* Allocate buffer for results */
+ buf = kmalloc(len, GFP_ATOMIC);
+ if (buf == NULL) {
+ /* No memory, so can't printk()... */
+ qabort_scan(priv);
+ break;
+ }
+
+ /* Read scan data */
+ err = hw->ops->bap_pread(hw, IRQ_BAP, (void *) buf, len,
+ infofid, sizeof(info));
+ if (err) {
+ kfree(buf);
+ qabort_scan(priv);
+ break;
+ }
+
+#ifdef ORINOCO_DEBUG
+ {
+ int i;
+ printk(KERN_DEBUG "Scan result [%02X", buf[0]);
+ for (i = 1; i < (len * 2); i++)
+ printk(":%02X", buf[i]);
+ printk("]\n");
+ }
+#endif /* ORINOCO_DEBUG */
+
+ qbuf_scan(priv, buf, len, type);
+ }
+ break;
+ case HERMES_INQ_CHANNELINFO:
+ {
+ struct agere_ext_scan_info *bss;
+
+ if (!priv->scan_request) {
+ printk(KERN_DEBUG "%s: Got chaninfo without scan, "
+ "len=%d\n", dev->name, len);
+ break;
+ }
+
+ /* An empty result indicates that the scan is complete */
+ if (len == 0) {
+ qbuf_scan(priv, NULL, len, type);
+ break;
+ }
+
+ /* Sanity check */
+ else if (len < (offsetof(struct agere_ext_scan_info,
+ data) + 2)) {
+ /* Drop this result now so we don't have to
+ * keep checking later */
+ printk(KERN_WARNING
+ "%s: Ext scan results too short (%d bytes)\n",
+ dev->name, len);
+ break;
+ }
+
+ bss = kmalloc(len, GFP_ATOMIC);
+ if (bss == NULL)
+ break;
+
+ /* Read scan data */
+ err = hw->ops->bap_pread(hw, IRQ_BAP, (void *) bss, len,
+ infofid, sizeof(info));
+ if (err)
+ kfree(bss);
+ else
+ qbuf_scan(priv, bss, len, type);
+
+ break;
+ }
+ case HERMES_INQ_SEC_STAT_AGERE:
+ /* Security status (Agere specific) */
+ /* Ignore this frame for now */
+ if (priv->firmware_type == FIRMWARE_TYPE_AGERE)
+ break;
+ fallthrough;
+ default:
+ printk(KERN_DEBUG "%s: Unknown information frame received: "
+ "type 0x%04x, length %d\n", dev->name, type, len);
+ /* We don't actually do anything about it */
+ break;
+ }
+}
+EXPORT_SYMBOL(__orinoco_ev_info);
+
+static void __orinoco_ev_infdrop(struct net_device *dev, struct hermes *hw)
+{
+ if (net_ratelimit())
+ printk(KERN_DEBUG "%s: Information frame lost.\n", dev->name);
+}
+
+/********************************************************************/
+/* Internal hardware control routines */
+/********************************************************************/
+
+static int __orinoco_up(struct orinoco_private *priv)
+{
+ struct net_device *dev = priv->ndev;
+ struct hermes *hw = &priv->hw;
+ int err;
+
+ netif_carrier_off(dev); /* just to make sure */
+
+ err = __orinoco_commit(priv);
+ if (err) {
+ printk(KERN_ERR "%s: Error %d configuring card\n",
+ dev->name, err);
+ return err;
+ }
+
+ /* Fire things up again */
+ hermes_set_irqmask(hw, ORINOCO_INTEN);
+ err = hermes_enable_port(hw, 0);
+ if (err) {
+ printk(KERN_ERR "%s: Error %d enabling MAC port\n",
+ dev->name, err);
+ return err;
+ }
+
+ netif_start_queue(dev);
+
+ return 0;
+}
+
+static int __orinoco_down(struct orinoco_private *priv)
+{
+ struct net_device *dev = priv->ndev;
+ struct hermes *hw = &priv->hw;
+ int err;
+
+ netif_stop_queue(dev);
+
+ if (!priv->hw_unavailable) {
+ if (!priv->broken_disableport) {
+ err = hermes_disable_port(hw, 0);
+ if (err) {
+ /* Some firmwares (e.g. Intersil 1.3.x) seem
+ * to have problems disabling the port, oh
+ * well, too bad. */
+ printk(KERN_WARNING "%s: Error %d disabling MAC port\n",
+ dev->name, err);
+ priv->broken_disableport = 1;
+ }
+ }
+ hermes_set_irqmask(hw, 0);
+ hermes_write_regn(hw, EVACK, 0xffff);
+ }
+
+ orinoco_scan_done(priv, true);
+
+ /* firmware will have to reassociate */
+ netif_carrier_off(dev);
+ priv->last_linkstatus = 0xffff;
+
+ return 0;
+}
+
+static int orinoco_reinit_firmware(struct orinoco_private *priv)
+{
+ struct hermes *hw = &priv->hw;
+ int err;
+
+ err = hw->ops->init(hw);
+ if (priv->do_fw_download && !err) {
+ err = orinoco_download(priv);
+ if (err)
+ priv->do_fw_download = 0;
+ }
+ if (!err)
+ err = orinoco_hw_allocate_fid(priv);
+
+ return err;
+}
+
+static int
+__orinoco_set_multicast_list(struct net_device *dev)
+{
+ struct orinoco_private *priv = ndev_priv(dev);
+ int err = 0;
+ int promisc, mc_count;
+
+ /* The Hermes doesn't seem to have an allmulti mode, so we go
+ * into promiscuous mode and let the upper levels deal. */
+ if ((dev->flags & IFF_PROMISC) || (dev->flags & IFF_ALLMULTI) ||
+ (netdev_mc_count(dev) > MAX_MULTICAST(priv))) {
+ promisc = 1;
+ mc_count = 0;
+ } else {
+ promisc = 0;
+ mc_count = netdev_mc_count(dev);
+ }
+
+ err = __orinoco_hw_set_multicast_list(priv, dev, mc_count, promisc);
+
+ return err;
+}
+
+/* This must be called from user context, without locks held - use
+ * schedule_work() */
+void orinoco_reset(struct work_struct *work)
+{
+ struct orinoco_private *priv =
+ container_of(work, struct orinoco_private, reset_work);
+ struct net_device *dev = priv->ndev;
+ struct hermes *hw = &priv->hw;
+ int err;
+ unsigned long flags;
+
+ if (orinoco_lock(priv, &flags) != 0)
+ /* When the hardware becomes available again, whatever
+ * detects that is responsible for re-initializing
+ * it. So no need for anything further */
+ return;
+
+ netif_stop_queue(dev);
+
+ /* Shut off interrupts. Depending on what state the hardware
+ * is in, this might not work, but we'll try anyway */
+ hermes_set_irqmask(hw, 0);
+ hermes_write_regn(hw, EVACK, 0xffff);
+
+ priv->hw_unavailable++;
+ priv->last_linkstatus = 0xffff; /* firmware will have to reassociate */
+ netif_carrier_off(dev);
+
+ orinoco_unlock(priv, &flags);
+
+ /* Scanning support: Notify scan cancellation */
+ orinoco_scan_done(priv, true);
+
+ if (priv->hard_reset) {
+ err = (*priv->hard_reset)(priv);
+ if (err) {
+ printk(KERN_ERR "%s: orinoco_reset: Error %d "
+ "performing hard reset\n", dev->name, err);
+ goto disable;
+ }
+ }
+
+ err = orinoco_reinit_firmware(priv);
+ if (err) {
+ printk(KERN_ERR "%s: orinoco_reset: Error %d re-initializing firmware\n",
+ dev->name, err);
+ goto disable;
+ }
+
+ /* This has to be called from user context */
+ orinoco_lock_irq(priv);
+
+ priv->hw_unavailable--;
+
+ /* priv->open or priv->hw_unavailable might have changed while
+ * we dropped the lock */
+ if (priv->open && (!priv->hw_unavailable)) {
+ err = __orinoco_up(priv);
+ if (err) {
+ printk(KERN_ERR "%s: orinoco_reset: Error %d reenabling card\n",
+ dev->name, err);
+ } else
+ netif_trans_update(dev);
+ }
+
+ orinoco_unlock_irq(priv);
+
+ return;
+ disable:
+ hermes_set_irqmask(hw, 0);
+ netif_device_detach(dev);
+ printk(KERN_ERR "%s: Device has been disabled!\n", dev->name);
+}
+
+static int __orinoco_commit(struct orinoco_private *priv)
+{
+ struct net_device *dev = priv->ndev;
+ int err = 0;
+
+ /* If we've called commit, we are reconfiguring or bringing the
+ * interface up. Maintaining countermeasures across this would
+ * be confusing, so note that we've disabled them. The port will
+ * be enabled later in orinoco_commit or __orinoco_up. */
+ priv->tkip_cm_active = 0;
+
+ err = orinoco_hw_program_rids(priv);
+
+ /* FIXME: what about netif_tx_lock */
+ (void) __orinoco_set_multicast_list(dev);
+
+ return err;
+}
+
+/* Ensures configuration changes are applied. May result in a reset.
+ * The caller should hold priv->lock
+ */
+int orinoco_commit(struct orinoco_private *priv)
+{
+ struct net_device *dev = priv->ndev;
+ struct hermes *hw = &priv->hw;
+ int err;
+
+ if (priv->broken_disableport) {
+ schedule_work(&priv->reset_work);
+ return 0;
+ }
+
+ err = hermes_disable_port(hw, 0);
+ if (err) {
+ printk(KERN_WARNING "%s: Unable to disable port "
+ "while reconfiguring card\n", dev->name);
+ priv->broken_disableport = 1;
+ goto out;
+ }
+
+ err = __orinoco_commit(priv);
+ if (err) {
+ printk(KERN_WARNING "%s: Unable to reconfigure card\n",
+ dev->name);
+ goto out;
+ }
+
+ err = hermes_enable_port(hw, 0);
+ if (err) {
+ printk(KERN_WARNING "%s: Unable to enable port while reconfiguring card\n",
+ dev->name);
+ goto out;
+ }
+
+ out:
+ if (err) {
+ printk(KERN_WARNING "%s: Resetting instead...\n", dev->name);
+ schedule_work(&priv->reset_work);
+ err = 0;
+ }
+ return err;
+}
+
+/********************************************************************/
+/* Interrupt handler */
+/********************************************************************/
+
+static void __orinoco_ev_tick(struct net_device *dev, struct hermes *hw)
+{
+ printk(KERN_DEBUG "%s: TICK\n", dev->name);
+}
+
+static void __orinoco_ev_wterr(struct net_device *dev, struct hermes *hw)
+{
+ /* This seems to happen a fair bit under load, but ignoring it
+ seems to work fine...*/
+ printk(KERN_DEBUG "%s: MAC controller error (WTERR). Ignoring.\n",
+ dev->name);
+}
+
+irqreturn_t orinoco_interrupt(int irq, void *dev_id)
+{
+ struct orinoco_private *priv = dev_id;
+ struct net_device *dev = priv->ndev;
+ struct hermes *hw = &priv->hw;
+ int count = MAX_IRQLOOPS_PER_IRQ;
+ u16 evstat, events;
+ /* These are used to detect a runaway interrupt situation.
+ *
+ * If we get more than MAX_IRQLOOPS_PER_JIFFY iterations in a jiffy,
+ * we panic and shut down the hardware
+ */
+ /* jiffies value the last time we were called */
+ static int last_irq_jiffy; /* = 0 */
+ static int loops_this_jiffy; /* = 0 */
+ unsigned long flags;
+
+ if (orinoco_lock(priv, &flags) != 0) {
+ /* If hw is unavailable - we don't know if the irq was
+ * for us or not */
+ return IRQ_HANDLED;
+ }
+
+ evstat = hermes_read_regn(hw, EVSTAT);
+ events = evstat & hw->inten;
+ if (!events) {
+ orinoco_unlock(priv, &flags);
+ return IRQ_NONE;
+ }
+
+ if (jiffies != last_irq_jiffy)
+ loops_this_jiffy = 0;
+ last_irq_jiffy = jiffies;
+
+ while (events && count--) {
+ if (++loops_this_jiffy > MAX_IRQLOOPS_PER_JIFFY) {
+ printk(KERN_WARNING "%s: IRQ handler is looping too "
+ "much! Resetting.\n", dev->name);
+ /* Disable interrupts for now */
+ hermes_set_irqmask(hw, 0);
+ schedule_work(&priv->reset_work);
+ break;
+ }
+
+ /* Check the card hasn't been removed */
+ if (!hermes_present(hw)) {
+ DEBUG(0, "orinoco_interrupt(): card removed\n");
+ break;
+ }
+
+ if (events & HERMES_EV_TICK)
+ __orinoco_ev_tick(dev, hw);
+ if (events & HERMES_EV_WTERR)
+ __orinoco_ev_wterr(dev, hw);
+ if (events & HERMES_EV_INFDROP)
+ __orinoco_ev_infdrop(dev, hw);
+ if (events & HERMES_EV_INFO)
+ __orinoco_ev_info(dev, hw);
+ if (events & HERMES_EV_RX)
+ __orinoco_ev_rx(dev, hw);
+ if (events & HERMES_EV_TXEXC)
+ __orinoco_ev_txexc(dev, hw);
+ if (events & HERMES_EV_TX)
+ __orinoco_ev_tx(dev, hw);
+ if (events & HERMES_EV_ALLOC)
+ __orinoco_ev_alloc(dev, hw);
+
+ hermes_write_regn(hw, EVACK, evstat);
+
+ evstat = hermes_read_regn(hw, EVSTAT);
+ events = evstat & hw->inten;
+ }
+
+ orinoco_unlock(priv, &flags);
+ return IRQ_HANDLED;
+}
+EXPORT_SYMBOL(orinoco_interrupt);
+
+/********************************************************************/
+/* Power management */
+/********************************************************************/
+#if defined(CONFIG_PM_SLEEP) && !defined(CONFIG_HERMES_CACHE_FW_ON_INIT)
+static int orinoco_pm_notifier(struct notifier_block *notifier,
+ unsigned long pm_event,
+ void *unused)
+{
+ struct orinoco_private *priv = container_of(notifier,
+ struct orinoco_private,
+ pm_notifier);
+
+ /* All we need to do is cache the firmware before suspend, and
+ * release it when we come out.
+ *
+ * Only need to do this if we're downloading firmware. */
+ if (!priv->do_fw_download)
+ return NOTIFY_DONE;
+
+ switch (pm_event) {
+ case PM_HIBERNATION_PREPARE:
+ case PM_SUSPEND_PREPARE:
+ orinoco_cache_fw(priv, 0);
+ break;
+
+ case PM_POST_RESTORE:
+ /* Restore from hibernation failed. We need to clean
+ * up in exactly the same way, so fall through. */
+ case PM_POST_HIBERNATION:
+ case PM_POST_SUSPEND:
+ orinoco_uncache_fw(priv);
+ break;
+
+ case PM_RESTORE_PREPARE:
+ default:
+ break;
+ }
+
+ return NOTIFY_DONE;
+}
+
+static void orinoco_register_pm_notifier(struct orinoco_private *priv)
+{
+ priv->pm_notifier.notifier_call = orinoco_pm_notifier;
+ register_pm_notifier(&priv->pm_notifier);
+}
+
+static void orinoco_unregister_pm_notifier(struct orinoco_private *priv)
+{
+ unregister_pm_notifier(&priv->pm_notifier);
+}
+#else /* !PM_SLEEP || HERMES_CACHE_FW_ON_INIT */
+#define orinoco_register_pm_notifier(priv) do { } while (0)
+#define orinoco_unregister_pm_notifier(priv) do { } while (0)
+#endif
+
+/********************************************************************/
+/* Initialization */
+/********************************************************************/
+
+int orinoco_init(struct orinoco_private *priv)
+{
+ struct device *dev = priv->dev;
+ struct wiphy *wiphy = priv_to_wiphy(priv);
+ struct hermes *hw = &priv->hw;
+ int err = 0;
+
+ /* No need to lock, the hw_unavailable flag is already set in
+ * alloc_orinocodev() */
+ priv->nicbuf_size = IEEE80211_MAX_FRAME_LEN + ETH_HLEN;
+
+ /* Initialize the firmware */
+ err = hw->ops->init(hw);
+ if (err != 0) {
+ dev_err(dev, "Failed to initialize firmware (err = %d)\n",
+ err);
+ goto out;
+ }
+
+ err = determine_fw_capabilities(priv, wiphy->fw_version,
+ sizeof(wiphy->fw_version),
+ &wiphy->hw_version);
+ if (err != 0) {
+ dev_err(dev, "Incompatible firmware, aborting\n");
+ goto out;
+ }
+
+ if (priv->do_fw_download) {
+#ifdef CONFIG_HERMES_CACHE_FW_ON_INIT
+ orinoco_cache_fw(priv, 0);
+#endif
+
+ err = orinoco_download(priv);
+ if (err)
+ priv->do_fw_download = 0;
+
+ /* Check firmware version again */
+ err = determine_fw_capabilities(priv, wiphy->fw_version,
+ sizeof(wiphy->fw_version),
+ &wiphy->hw_version);
+ if (err != 0) {
+ dev_err(dev, "Incompatible firmware, aborting\n");
+ goto out;
+ }
+ }
+
+ if (priv->has_port3)
+ dev_info(dev, "Ad-hoc demo mode supported\n");
+ if (priv->has_ibss)
+ dev_info(dev, "IEEE standard IBSS ad-hoc mode supported\n");
+ if (priv->has_wep)
+ dev_info(dev, "WEP supported, %s-bit key\n",
+ priv->has_big_wep ? "104" : "40");
+ if (priv->has_wpa) {
+ dev_info(dev, "WPA-PSK supported\n");
+ if (orinoco_mic_init(priv)) {
+ dev_err(dev, "Failed to setup MIC crypto algorithm. "
+ "Disabling WPA support\n");
+ priv->has_wpa = 0;
+ }
+ }
+
+ err = orinoco_hw_read_card_settings(priv, wiphy->perm_addr);
+ if (err)
+ goto out;
+
+ err = orinoco_hw_allocate_fid(priv);
+ if (err) {
+ dev_err(dev, "Failed to allocate NIC buffer!\n");
+ goto out;
+ }
+
+ /* Set up the default configuration */
+ priv->iw_mode = NL80211_IFTYPE_STATION;
+ /* By default use IEEE/IBSS ad-hoc mode if we have it */
+ priv->prefer_port3 = priv->has_port3 && (!priv->has_ibss);
+ set_port_type(priv);
+ priv->channel = 0; /* use firmware default */
+
+ priv->promiscuous = 0;
+ priv->encode_alg = ORINOCO_ALG_NONE;
+ priv->tx_key = 0;
+ priv->wpa_enabled = 0;
+ priv->tkip_cm_active = 0;
+ priv->key_mgmt = 0;
+ priv->wpa_ie_len = 0;
+ priv->wpa_ie = NULL;
+
+ if (orinoco_wiphy_register(wiphy)) {
+ err = -ENODEV;
+ goto out;
+ }
+
+ /* Make the hardware available, as long as it hasn't been
+ * removed elsewhere (e.g. by PCMCIA hot unplug) */
+ orinoco_lock_irq(priv);
+ priv->hw_unavailable--;
+ orinoco_unlock_irq(priv);
+
+ dev_dbg(dev, "Ready\n");
+
+ out:
+ return err;
+}
+EXPORT_SYMBOL(orinoco_init);
+
+static const struct net_device_ops orinoco_netdev_ops = {
+ .ndo_open = orinoco_open,
+ .ndo_stop = orinoco_stop,
+ .ndo_start_xmit = orinoco_xmit,
+ .ndo_set_rx_mode = orinoco_set_multicast_list,
+ .ndo_change_mtu = orinoco_change_mtu,
+ .ndo_set_mac_address = eth_mac_addr,
+ .ndo_validate_addr = eth_validate_addr,
+ .ndo_tx_timeout = orinoco_tx_timeout,
+};
+
+/* Allocate private data.
+ *
+ * This driver has a number of structures associated with it
+ * netdev - Net device structure for each network interface
+ * wiphy - structure associated with wireless phy
+ * wireless_dev (wdev) - structure for each wireless interface
+ * hw - structure for hermes chip info
+ * card - card specific structure for use by the card driver
+ * (airport, orinoco_cs)
+ * priv - orinoco private data
+ * device - generic linux device structure
+ *
+ * +---------+ +---------+
+ * | wiphy | | netdev |
+ * | +-------+ | +-------+
+ * | | priv | | | wdev |
+ * | | +-----+ +-+-------+
+ * | | | hw |
+ * | +-+-----+
+ * | | card |
+ * +-+-------+
+ *
+ * priv has a link to netdev and device
+ * wdev has a link to wiphy
+ */
+struct orinoco_private
+*alloc_orinocodev(int sizeof_card,
+ struct device *device,
+ int (*hard_reset)(struct orinoco_private *),
+ int (*stop_fw)(struct orinoco_private *, int))
+{
+ struct orinoco_private *priv;
+ struct wiphy *wiphy;
+
+ /* allocate wiphy
+ * NOTE: We only support a single virtual interface
+ * but this may change when monitor mode is added
+ */
+ wiphy = wiphy_new(&orinoco_cfg_ops,
+ sizeof(struct orinoco_private) + sizeof_card);
+ if (!wiphy)
+ return NULL;
+
+ priv = wiphy_priv(wiphy);
+ priv->dev = device;
+
+ if (sizeof_card)
+ priv->card = (void *)((unsigned long)priv
+ + sizeof(struct orinoco_private));
+ else
+ priv->card = NULL;
+
+ orinoco_wiphy_init(wiphy);
+
+#ifdef WIRELESS_SPY
+ priv->wireless_data.spy_data = &priv->spy_data;
+#endif
+
+ /* Set up default callbacks */
+ priv->hard_reset = hard_reset;
+ priv->stop_fw = stop_fw;
+
+ spin_lock_init(&priv->lock);
+ priv->open = 0;
+ priv->hw_unavailable = 1; /* orinoco_init() must clear this
+ * before anything else touches the
+ * hardware */
+ INIT_WORK(&priv->reset_work, orinoco_reset);
+ INIT_WORK(&priv->join_work, orinoco_join_ap);
+ INIT_WORK(&priv->wevent_work, orinoco_send_wevents);
+
+ INIT_LIST_HEAD(&priv->rx_list);
+ tasklet_setup(&priv->rx_tasklet, orinoco_rx_isr_tasklet);
+
+ spin_lock_init(&priv->scan_lock);
+ INIT_LIST_HEAD(&priv->scan_list);
+ INIT_WORK(&priv->process_scan, orinoco_process_scan_results);
+
+ priv->last_linkstatus = 0xffff;
+
+#if defined(CONFIG_HERMES_CACHE_FW_ON_INIT) || defined(CONFIG_PM_SLEEP)
+ priv->cached_pri_fw = NULL;
+ priv->cached_fw = NULL;
+#endif
+
+ /* Register PM notifiers */
+ orinoco_register_pm_notifier(priv);
+
+ return priv;
+}
+EXPORT_SYMBOL(alloc_orinocodev);
+
+/* We can only support a single interface. We provide a separate
+ * function to set it up to distinguish between hardware
+ * initialisation and interface setup.
+ *
+ * The base_addr and irq parameters are passed on to netdev for use
+ * with SIOCGIFMAP.
+ */
+int orinoco_if_add(struct orinoco_private *priv,
+ unsigned long base_addr,
+ unsigned int irq,
+ const struct net_device_ops *ops)
+{
+ struct wiphy *wiphy = priv_to_wiphy(priv);
+ struct wireless_dev *wdev;
+ struct net_device *dev;
+ int ret;
+
+ dev = alloc_etherdev(sizeof(struct wireless_dev));
+
+ if (!dev)
+ return -ENOMEM;
+
+ /* Initialise wireless_dev */
+ wdev = netdev_priv(dev);
+ wdev->wiphy = wiphy;
+ wdev->iftype = NL80211_IFTYPE_STATION;
+
+ /* Setup / override net_device fields */
+ dev->ieee80211_ptr = wdev;
+ dev->watchdog_timeo = HZ; /* 1 second timeout */
+ dev->wireless_handlers = &orinoco_handler_def;
+#ifdef WIRELESS_SPY
+ dev->wireless_data = &priv->wireless_data;
+#endif
+ /* Default to standard ops if not set */
+ if (ops)
+ dev->netdev_ops = ops;
+ else
+ dev->netdev_ops = &orinoco_netdev_ops;
+
+ /* we use the default eth_mac_addr for setting the MAC addr */
+
+ /* Reserve space in skb for the SNAP header */
+ dev->needed_headroom = ENCAPS_OVERHEAD;
+
+ netif_carrier_off(dev);
+
+ eth_hw_addr_set(dev, wiphy->perm_addr);
+
+ dev->base_addr = base_addr;
+ dev->irq = irq;
+
+ dev->min_mtu = ORINOCO_MIN_MTU;
+ dev->max_mtu = ORINOCO_MAX_MTU;
+
+ SET_NETDEV_DEV(dev, priv->dev);
+ ret = register_netdev(dev);
+ if (ret)
+ goto fail;
+
+ priv->ndev = dev;
+
+ /* Report what we've done */
+ dev_dbg(priv->dev, "Registered interface %s.\n", dev->name);
+
+ return 0;
+
+ fail:
+ free_netdev(dev);
+ return ret;
+}
+EXPORT_SYMBOL(orinoco_if_add);
+
+void orinoco_if_del(struct orinoco_private *priv)
+{
+ struct net_device *dev = priv->ndev;
+
+ unregister_netdev(dev);
+ free_netdev(dev);
+}
+EXPORT_SYMBOL(orinoco_if_del);
+
+void free_orinocodev(struct orinoco_private *priv)
+{
+ struct wiphy *wiphy = priv_to_wiphy(priv);
+ struct orinoco_rx_data *rx_data, *temp;
+ struct orinoco_scan_data *sd, *sdtemp;
+
+ /* If the tasklet is scheduled when we call tasklet_kill it
+ * will run one final time. However the tasklet will only
+ * drain priv->rx_list if the hw is still available. */
+ tasklet_kill(&priv->rx_tasklet);
+
+ /* Explicitly drain priv->rx_list */
+ list_for_each_entry_safe(rx_data, temp, &priv->rx_list, list) {
+ list_del(&rx_data->list);
+
+ dev_kfree_skb(rx_data->skb);
+ kfree(rx_data->desc);
+ kfree(rx_data);
+ }
+
+ cancel_work_sync(&priv->process_scan);
+ /* Explicitly drain priv->scan_list */
+ list_for_each_entry_safe(sd, sdtemp, &priv->scan_list, list) {
+ list_del(&sd->list);
+
+ if (sd->len > 0)
+ kfree(sd->buf);
+ kfree(sd);
+ }
+
+ orinoco_unregister_pm_notifier(priv);
+ orinoco_uncache_fw(priv);
+
+ priv->wpa_ie_len = 0;
+ kfree(priv->wpa_ie);
+ orinoco_mic_free(priv);
+ wiphy_free(wiphy);
+}
+EXPORT_SYMBOL(free_orinocodev);
+
+int orinoco_up(struct orinoco_private *priv)
+{
+ struct net_device *dev = priv->ndev;
+ unsigned long flags;
+ int err;
+
+ priv->hw.ops->lock_irqsave(&priv->lock, &flags);
+
+ err = orinoco_reinit_firmware(priv);
+ if (err) {
+ printk(KERN_ERR "%s: Error %d re-initializing firmware\n",
+ dev->name, err);
+ goto exit;
+ }
+
+ netif_device_attach(dev);
+ priv->hw_unavailable--;
+
+ if (priv->open && !priv->hw_unavailable) {
+ err = __orinoco_up(priv);
+ if (err)
+ printk(KERN_ERR "%s: Error %d restarting card\n",
+ dev->name, err);
+ }
+
+exit:
+ priv->hw.ops->unlock_irqrestore(&priv->lock, &flags);
+
+ return 0;
+}
+EXPORT_SYMBOL(orinoco_up);
+
+void orinoco_down(struct orinoco_private *priv)
+{
+ struct net_device *dev = priv->ndev;
+ unsigned long flags;
+ int err;
+
+ priv->hw.ops->lock_irqsave(&priv->lock, &flags);
+ err = __orinoco_down(priv);
+ if (err)
+ printk(KERN_WARNING "%s: Error %d downing interface\n",
+ dev->name, err);
+
+ netif_device_detach(dev);
+ priv->hw_unavailable++;
+ priv->hw.ops->unlock_irqrestore(&priv->lock, &flags);
+}
+EXPORT_SYMBOL(orinoco_down);
+
+/********************************************************************/
+/* Module initialization */
+/********************************************************************/
+
+/* Can't be declared "const" or the whole __initdata section will
+ * become const */
+static char version[] __initdata = DRIVER_NAME " " DRIVER_VERSION
+ " (David Gibson <hermes@gibson.dropbear.id.au>, "
+ "Pavel Roskin <proski@gnu.org>, et al)";
+
+static int __init init_orinoco(void)
+{
+ printk(KERN_DEBUG "%s\n", version);
+ return 0;
+}
+
+static void __exit exit_orinoco(void)
+{
+}
+
+module_init(init_orinoco);
+module_exit(exit_orinoco);
diff --git a/drivers/net/wireless/intersil/orinoco/main.h b/drivers/net/wireless/intersil/orinoco/main.h
new file mode 100644
index 000000000..5a8fec261
--- /dev/null
+++ b/drivers/net/wireless/intersil/orinoco/main.h
@@ -0,0 +1,50 @@
+/* Exports from main to helper modules
+ *
+ * See copyright notice in main.c
+ */
+#ifndef _ORINOCO_MAIN_H_
+#define _ORINOCO_MAIN_H_
+
+#include <linux/ieee80211.h>
+#include "orinoco.h"
+
+/********************************************************************/
+/* Compile time configuration and compatibility stuff */
+/********************************************************************/
+
+/* We do this this way to avoid ifdefs in the actual code */
+#ifdef WIRELESS_SPY
+#define SPY_NUMBER(priv) (priv->spy_data.spy_number)
+#else
+#define SPY_NUMBER(priv) 0
+#endif /* WIRELESS_SPY */
+
+/********************************************************************/
+
+/* Export module parameter */
+extern int force_monitor;
+
+/* Forward declarations */
+struct net_device;
+struct work_struct;
+
+void set_port_type(struct orinoco_private *priv);
+int orinoco_commit(struct orinoco_private *priv);
+void orinoco_reset(struct work_struct *work);
+
+/* Information element helpers - find a home for these... */
+#define WPA_OUI_TYPE "\x00\x50\xF2\x01"
+#define WPA_SELECTOR_LEN 4
+static inline u8 *orinoco_get_wpa_ie(u8 *data, size_t len)
+{
+ u8 *p = data;
+ while ((p + 2 + WPA_SELECTOR_LEN) < (data + len)) {
+ if ((p[0] == WLAN_EID_VENDOR_SPECIFIC) &&
+ (memcmp(&p[2], WPA_OUI_TYPE, WPA_SELECTOR_LEN) == 0))
+ return p;
+ p += p[1] + 2;
+ }
+ return NULL;
+}
+
+#endif /* _ORINOCO_MAIN_H_ */
diff --git a/drivers/net/wireless/intersil/orinoco/mic.c b/drivers/net/wireless/intersil/orinoco/mic.c
new file mode 100644
index 000000000..a324bc4b7
--- /dev/null
+++ b/drivers/net/wireless/intersil/orinoco/mic.c
@@ -0,0 +1,89 @@
+/* Orinoco MIC helpers
+ *
+ * See copyright notice in main.c
+ */
+#include <linux/kernel.h>
+#include <linux/string.h>
+#include <linux/if_ether.h>
+#include <linux/scatterlist.h>
+#include <crypto/hash.h>
+
+#include "orinoco.h"
+#include "mic.h"
+
+/********************************************************************/
+/* Michael MIC crypto setup */
+/********************************************************************/
+int orinoco_mic_init(struct orinoco_private *priv)
+{
+ priv->tx_tfm_mic = crypto_alloc_shash("michael_mic", 0, 0);
+ if (IS_ERR(priv->tx_tfm_mic)) {
+ printk(KERN_DEBUG "%s: could not allocate "
+ "crypto API michael_mic\n", __func__);
+ priv->tx_tfm_mic = NULL;
+ return -ENOMEM;
+ }
+
+ priv->rx_tfm_mic = crypto_alloc_shash("michael_mic", 0, 0);
+ if (IS_ERR(priv->rx_tfm_mic)) {
+ printk(KERN_DEBUG "%s: could not allocate "
+ "crypto API michael_mic\n", __func__);
+ priv->rx_tfm_mic = NULL;
+ return -ENOMEM;
+ }
+
+ return 0;
+}
+
+void orinoco_mic_free(struct orinoco_private *priv)
+{
+ if (priv->tx_tfm_mic)
+ crypto_free_shash(priv->tx_tfm_mic);
+ if (priv->rx_tfm_mic)
+ crypto_free_shash(priv->rx_tfm_mic);
+}
+
+int orinoco_mic(struct crypto_shash *tfm_michael, u8 *key,
+ u8 *da, u8 *sa, u8 priority,
+ u8 *data, size_t data_len, u8 *mic)
+{
+ SHASH_DESC_ON_STACK(desc, tfm_michael);
+ u8 hdr[ETH_HLEN + 2]; /* size of header + padding */
+ int err;
+
+ if (tfm_michael == NULL) {
+ printk(KERN_WARNING "%s: tfm_michael == NULL\n", __func__);
+ return -1;
+ }
+
+ /* Copy header into buffer. We need the padding on the end zeroed */
+ memcpy(&hdr[0], da, ETH_ALEN);
+ memcpy(&hdr[ETH_ALEN], sa, ETH_ALEN);
+ hdr[ETH_ALEN * 2] = priority;
+ hdr[ETH_ALEN * 2 + 1] = 0;
+ hdr[ETH_ALEN * 2 + 2] = 0;
+ hdr[ETH_ALEN * 2 + 3] = 0;
+
+ desc->tfm = tfm_michael;
+
+ err = crypto_shash_setkey(tfm_michael, key, MIC_KEYLEN);
+ if (err)
+ return err;
+
+ err = crypto_shash_init(desc);
+ if (err)
+ return err;
+
+ err = crypto_shash_update(desc, hdr, sizeof(hdr));
+ if (err)
+ return err;
+
+ err = crypto_shash_update(desc, data, data_len);
+ if (err)
+ return err;
+
+ err = crypto_shash_final(desc, mic);
+ shash_desc_zero(desc);
+
+ return err;
+}
diff --git a/drivers/net/wireless/intersil/orinoco/mic.h b/drivers/net/wireless/intersil/orinoco/mic.h
new file mode 100644
index 000000000..e8724e889
--- /dev/null
+++ b/drivers/net/wireless/intersil/orinoco/mic.h
@@ -0,0 +1,23 @@
+/* Orinoco MIC helpers
+ *
+ * See copyright notice in main.c
+ */
+#ifndef _ORINOCO_MIC_H_
+#define _ORINOCO_MIC_H_
+
+#include <linux/types.h>
+#include <crypto/hash.h>
+
+#define MICHAEL_MIC_LEN 8
+
+/* Forward declarations */
+struct orinoco_private;
+struct crypto_ahash;
+
+int orinoco_mic_init(struct orinoco_private *priv);
+void orinoco_mic_free(struct orinoco_private *priv);
+int orinoco_mic(struct crypto_shash *tfm_michael, u8 *key,
+ u8 *da, u8 *sa, u8 priority,
+ u8 *data, size_t data_len, u8 *mic);
+
+#endif /* ORINOCO_MIC_H */
diff --git a/drivers/net/wireless/intersil/orinoco/orinoco.h b/drivers/net/wireless/intersil/orinoco/orinoco.h
new file mode 100644
index 000000000..cdd026af1
--- /dev/null
+++ b/drivers/net/wireless/intersil/orinoco/orinoco.h
@@ -0,0 +1,251 @@
+/* orinoco.h
+ *
+ * Common definitions to all pieces of the various orinoco
+ * drivers
+ */
+
+#ifndef _ORINOCO_H
+#define _ORINOCO_H
+
+#define DRIVER_VERSION "0.15"
+
+#include <linux/interrupt.h>
+#include <linux/suspend.h>
+#include <linux/netdevice.h>
+#include <linux/wireless.h>
+#include <net/iw_handler.h>
+#include <net/cfg80211.h>
+
+#include "hermes.h"
+
+/* To enable debug messages */
+/*#define ORINOCO_DEBUG 3*/
+
+#define WIRELESS_SPY /* enable iwspy support */
+
+#define MAX_SCAN_LEN 4096
+
+#define ORINOCO_SEQ_LEN 8
+#define ORINOCO_MAX_KEY_SIZE 14
+#define ORINOCO_MAX_KEYS 4
+
+struct orinoco_key {
+ __le16 len; /* always stored as little-endian */
+ char data[ORINOCO_MAX_KEY_SIZE];
+} __packed;
+
+#define TKIP_KEYLEN 16
+#define MIC_KEYLEN 8
+
+struct orinoco_tkip_key {
+ u8 tkip[TKIP_KEYLEN];
+ u8 tx_mic[MIC_KEYLEN];
+ u8 rx_mic[MIC_KEYLEN];
+};
+
+enum orinoco_alg {
+ ORINOCO_ALG_NONE,
+ ORINOCO_ALG_WEP,
+ ORINOCO_ALG_TKIP
+};
+
+enum fwtype {
+ FIRMWARE_TYPE_AGERE,
+ FIRMWARE_TYPE_INTERSIL,
+ FIRMWARE_TYPE_SYMBOL
+};
+
+struct firmware;
+
+struct orinoco_private {
+ void *card; /* Pointer to card dependent structure */
+ struct device *dev;
+ int (*hard_reset)(struct orinoco_private *);
+ int (*stop_fw)(struct orinoco_private *, int);
+
+ struct ieee80211_supported_band band;
+ struct ieee80211_channel channels[14];
+ u32 cipher_suites[3];
+
+ /* Synchronisation stuff */
+ spinlock_t lock;
+ int hw_unavailable;
+ struct work_struct reset_work;
+
+ /* Interrupt tasklets */
+ struct tasklet_struct rx_tasklet;
+ struct list_head rx_list;
+
+ /* driver state */
+ int open;
+ u16 last_linkstatus;
+ struct work_struct join_work;
+ struct work_struct wevent_work;
+
+ /* Net device stuff */
+ struct net_device *ndev;
+ struct iw_statistics wstats;
+
+ /* Hardware control variables */
+ struct hermes hw;
+ u16 txfid;
+
+ /* Capabilities of the hardware/firmware */
+ enum fwtype firmware_type;
+ int ibss_port;
+ int nicbuf_size;
+ u16 channel_mask;
+
+ /* Boolean capabilities */
+ unsigned int has_ibss:1;
+ unsigned int has_port3:1;
+ unsigned int has_wep:1;
+ unsigned int has_big_wep:1;
+ unsigned int has_mwo:1;
+ unsigned int has_pm:1;
+ unsigned int has_preamble:1;
+ unsigned int has_sensitivity:1;
+ unsigned int has_hostscan:1;
+ unsigned int has_alt_txcntl:1;
+ unsigned int has_ext_scan:1;
+ unsigned int has_wpa:1;
+ unsigned int do_fw_download:1;
+ unsigned int broken_disableport:1;
+ unsigned int broken_monitor:1;
+ unsigned int prefer_port3:1;
+
+ /* Configuration paramaters */
+ enum nl80211_iftype iw_mode;
+ enum orinoco_alg encode_alg;
+ u16 wep_restrict, tx_key;
+ struct key_params keys[ORINOCO_MAX_KEYS];
+
+ int bitratemode;
+ char nick[IW_ESSID_MAX_SIZE + 1];
+ char desired_essid[IW_ESSID_MAX_SIZE + 1];
+ char desired_bssid[ETH_ALEN];
+ int bssid_fixed;
+ u16 frag_thresh, mwo_robust;
+ u16 channel;
+ u16 ap_density, rts_thresh;
+ u16 pm_on, pm_mcast, pm_period, pm_timeout;
+ u16 preamble;
+ u16 short_retry_limit, long_retry_limit;
+ u16 retry_lifetime;
+#ifdef WIRELESS_SPY
+ struct iw_spy_data spy_data; /* iwspy support */
+ struct iw_public_data wireless_data;
+#endif
+
+ /* Configuration dependent variables */
+ int port_type, createibss;
+ int promiscuous, mc_count;
+
+ /* Scanning support */
+ struct cfg80211_scan_request *scan_request;
+ struct work_struct process_scan;
+ struct list_head scan_list;
+ spinlock_t scan_lock; /* protects the scan list */
+
+ /* WPA support */
+ u8 *wpa_ie;
+ int wpa_ie_len;
+
+ struct crypto_shash *rx_tfm_mic;
+ struct crypto_shash *tx_tfm_mic;
+
+ unsigned int wpa_enabled:1;
+ unsigned int tkip_cm_active:1;
+ unsigned int key_mgmt:3;
+
+#if defined(CONFIG_HERMES_CACHE_FW_ON_INIT) || defined(CONFIG_PM_SLEEP)
+ /* Cached in memory firmware to use during ->resume. */
+ const struct firmware *cached_pri_fw;
+ const struct firmware *cached_fw;
+#endif
+
+ struct notifier_block pm_notifier;
+};
+
+#ifdef ORINOCO_DEBUG
+extern int orinoco_debug;
+#define DEBUG(n, args...) do { \
+ if (orinoco_debug > (n)) \
+ printk(KERN_DEBUG args); \
+} while (0)
+#else
+#define DEBUG(n, args...) do { } while (0)
+#endif /* ORINOCO_DEBUG */
+
+/********************************************************************/
+/* Exported prototypes */
+/********************************************************************/
+
+struct orinoco_private *alloc_orinocodev(int sizeof_card, struct device *device,
+ int (*hard_reset)(struct orinoco_private *),
+ int (*stop_fw)(struct orinoco_private *, int));
+void free_orinocodev(struct orinoco_private *priv);
+int orinoco_init(struct orinoco_private *priv);
+int orinoco_if_add(struct orinoco_private *priv, unsigned long base_addr,
+ unsigned int irq, const struct net_device_ops *ops);
+void orinoco_if_del(struct orinoco_private *priv);
+int orinoco_up(struct orinoco_private *priv);
+void orinoco_down(struct orinoco_private *priv);
+irqreturn_t orinoco_interrupt(int irq, void *dev_id);
+
+void __orinoco_ev_info(struct net_device *dev, struct hermes *hw);
+void __orinoco_ev_rx(struct net_device *dev, struct hermes *hw);
+
+int orinoco_process_xmit_skb(struct sk_buff *skb,
+ struct net_device *dev,
+ struct orinoco_private *priv,
+ int *tx_control,
+ u8 *mic);
+
+/* Common ndo functions exported for reuse by orinoco_usb */
+int orinoco_open(struct net_device *dev);
+int orinoco_stop(struct net_device *dev);
+void orinoco_set_multicast_list(struct net_device *dev);
+int orinoco_change_mtu(struct net_device *dev, int new_mtu);
+void orinoco_tx_timeout(struct net_device *dev, unsigned int txqueue);
+
+/********************************************************************/
+/* Locking and synchronization functions */
+/********************************************************************/
+
+static inline int orinoco_lock(struct orinoco_private *priv,
+ unsigned long *flags)
+{
+ priv->hw.ops->lock_irqsave(&priv->lock, flags);
+ if (priv->hw_unavailable) {
+ DEBUG(1, "orinoco_lock() called with hw_unavailable (dev=%p)\n",
+ priv->ndev);
+ priv->hw.ops->unlock_irqrestore(&priv->lock, flags);
+ return -EBUSY;
+ }
+ return 0;
+}
+
+static inline void orinoco_unlock(struct orinoco_private *priv,
+ unsigned long *flags)
+{
+ priv->hw.ops->unlock_irqrestore(&priv->lock, flags);
+}
+
+static inline void orinoco_lock_irq(struct orinoco_private *priv)
+{
+ priv->hw.ops->lock_irq(&priv->lock);
+}
+
+static inline void orinoco_unlock_irq(struct orinoco_private *priv)
+{
+ priv->hw.ops->unlock_irq(&priv->lock);
+}
+
+/*** Navigate from net_device to orinoco_private ***/
+static inline struct orinoco_private *ndev_priv(struct net_device *dev)
+{
+ struct wireless_dev *wdev = netdev_priv(dev);
+ return wdev_priv(wdev);
+}
+#endif /* _ORINOCO_H */
diff --git a/drivers/net/wireless/intersil/orinoco/orinoco_cs.c b/drivers/net/wireless/intersil/orinoco/orinoco_cs.c
new file mode 100644
index 000000000..03bfd2482
--- /dev/null
+++ b/drivers/net/wireless/intersil/orinoco/orinoco_cs.c
@@ -0,0 +1,350 @@
+/* orinoco_cs.c (formerly known as dldwd_cs.c)
+ *
+ * A driver for "Hermes" chipset based PCMCIA wireless adaptors, such
+ * as the Lucent WavelanIEEE/Orinoco cards and their OEM (Cabletron/
+ * EnteraSys RoamAbout 802.11, ELSA Airlancer, Melco Buffalo and others).
+ * It should also be usable on various Prism II based cards such as the
+ * Linksys, D-Link and Farallon Skyline. It should also work on Symbol
+ * cards such as the 3Com AirConnect and Ericsson WLAN.
+ *
+ * Copyright notice & release notes in file main.c
+ */
+
+#define DRIVER_NAME "orinoco_cs"
+#define PFX DRIVER_NAME ": "
+
+#include <linux/module.h>
+#include <linux/kernel.h>
+#include <linux/delay.h>
+#include <pcmcia/cistpl.h>
+#include <pcmcia/cisreg.h>
+#include <pcmcia/ds.h>
+
+#include "orinoco.h"
+
+/********************************************************************/
+/* Module stuff */
+/********************************************************************/
+
+MODULE_AUTHOR("David Gibson <hermes@gibson.dropbear.id.au>");
+MODULE_DESCRIPTION("Driver for PCMCIA Lucent Orinoco,"
+ " Prism II based and similar wireless cards");
+MODULE_LICENSE("Dual MPL/GPL");
+
+/* Module parameters */
+
+/* Some D-Link cards have buggy CIS. They do work at 5v properly, but
+ * don't have any CIS entry for it. This workaround it... */
+static int ignore_cis_vcc; /* = 0 */
+module_param(ignore_cis_vcc, int, 0);
+MODULE_PARM_DESC(ignore_cis_vcc, "Allow voltage mismatch between card and socket");
+
+/********************************************************************/
+/* Data structures */
+/********************************************************************/
+
+/* PCMCIA specific device information (goes in the card field of
+ * struct orinoco_private */
+struct orinoco_pccard {
+ struct pcmcia_device *p_dev;
+
+ /* Used to handle hard reset */
+ /* yuck, we need this hack to work around the insanity of the
+ * PCMCIA layer */
+ unsigned long hard_reset_in_progress;
+};
+
+
+/********************************************************************/
+/* Function prototypes */
+/********************************************************************/
+
+static int orinoco_cs_config(struct pcmcia_device *link);
+static void orinoco_cs_release(struct pcmcia_device *link);
+static void orinoco_cs_detach(struct pcmcia_device *p_dev);
+
+/********************************************************************/
+/* Device methods */
+/********************************************************************/
+
+static int
+orinoco_cs_hard_reset(struct orinoco_private *priv)
+{
+ struct orinoco_pccard *card = priv->card;
+ struct pcmcia_device *link = card->p_dev;
+ int err;
+
+ /* We need atomic ops here, because we're not holding the lock */
+ set_bit(0, &card->hard_reset_in_progress);
+
+ err = pcmcia_reset_card(link->socket);
+ if (err)
+ return err;
+
+ msleep(100);
+ clear_bit(0, &card->hard_reset_in_progress);
+
+ return 0;
+}
+
+/********************************************************************/
+/* PCMCIA stuff */
+/********************************************************************/
+
+static int
+orinoco_cs_probe(struct pcmcia_device *link)
+{
+ struct orinoco_private *priv;
+ struct orinoco_pccard *card;
+ int ret;
+
+ priv = alloc_orinocodev(sizeof(*card), &link->dev,
+ orinoco_cs_hard_reset, NULL);
+ if (!priv)
+ return -ENOMEM;
+ card = priv->card;
+
+ /* Link both structures together */
+ card->p_dev = link;
+ link->priv = priv;
+
+ ret = orinoco_cs_config(link);
+ if (ret)
+ goto err_free_orinocodev;
+
+ return 0;
+
+err_free_orinocodev:
+ free_orinocodev(priv);
+ return ret;
+}
+
+static void orinoco_cs_detach(struct pcmcia_device *link)
+{
+ struct orinoco_private *priv = link->priv;
+
+ orinoco_if_del(priv);
+
+ orinoco_cs_release(link);
+
+ wiphy_unregister(priv_to_wiphy(priv));
+ free_orinocodev(priv);
+} /* orinoco_cs_detach */
+
+static int orinoco_cs_config_check(struct pcmcia_device *p_dev, void *priv_data)
+{
+ if (p_dev->config_index == 0)
+ return -EINVAL;
+
+ return pcmcia_request_io(p_dev);
+};
+
+static int
+orinoco_cs_config(struct pcmcia_device *link)
+{
+ struct orinoco_private *priv = link->priv;
+ struct hermes *hw = &priv->hw;
+ int ret;
+ void __iomem *mem;
+
+ link->config_flags |= CONF_AUTO_SET_VPP | CONF_AUTO_CHECK_VCC |
+ CONF_AUTO_SET_IO | CONF_ENABLE_IRQ;
+ if (ignore_cis_vcc)
+ link->config_flags &= ~CONF_AUTO_CHECK_VCC;
+ ret = pcmcia_loop_config(link, orinoco_cs_config_check, NULL);
+ if (ret) {
+ if (!ignore_cis_vcc)
+ printk(KERN_ERR PFX "GetNextTuple(): No matching "
+ "CIS configuration. Maybe you need the "
+ "ignore_cis_vcc=1 parameter.\n");
+ goto failed;
+ }
+
+ mem = ioport_map(link->resource[0]->start,
+ resource_size(link->resource[0]));
+ if (!mem)
+ goto failed;
+
+ /* We initialize the hermes structure before completing PCMCIA
+ * configuration just in case the interrupt handler gets
+ * called. */
+ hermes_struct_init(hw, mem, HERMES_16BIT_REGSPACING);
+
+ ret = pcmcia_request_irq(link, orinoco_interrupt);
+ if (ret)
+ goto failed;
+
+ ret = pcmcia_enable_device(link);
+ if (ret)
+ goto failed;
+
+ /* Initialise the main driver */
+ if (orinoco_init(priv) != 0) {
+ printk(KERN_ERR PFX "orinoco_init() failed\n");
+ goto failed;
+ }
+
+ /* Register an interface with the stack */
+ if (orinoco_if_add(priv, link->resource[0]->start,
+ link->irq, NULL) != 0) {
+ printk(KERN_ERR PFX "orinoco_if_add() failed\n");
+ goto failed;
+ }
+
+ return 0;
+
+ failed:
+ orinoco_cs_release(link);
+ return -ENODEV;
+} /* orinoco_cs_config */
+
+static void
+orinoco_cs_release(struct pcmcia_device *link)
+{
+ struct orinoco_private *priv = link->priv;
+ unsigned long flags;
+
+ /* We're committed to taking the device away now, so mark the
+ * hardware as unavailable */
+ priv->hw.ops->lock_irqsave(&priv->lock, &flags);
+ priv->hw_unavailable++;
+ priv->hw.ops->unlock_irqrestore(&priv->lock, &flags);
+
+ pcmcia_disable_device(link);
+ if (priv->hw.iobase)
+ ioport_unmap(priv->hw.iobase);
+} /* orinoco_cs_release */
+
+static int orinoco_cs_suspend(struct pcmcia_device *link)
+{
+ struct orinoco_private *priv = link->priv;
+ struct orinoco_pccard *card = priv->card;
+
+ /* This is probably racy, but I can't think of
+ a better way, short of rewriting the PCMCIA
+ layer to not suck :-( */
+ if (!test_bit(0, &card->hard_reset_in_progress))
+ orinoco_down(priv);
+
+ return 0;
+}
+
+static int orinoco_cs_resume(struct pcmcia_device *link)
+{
+ struct orinoco_private *priv = link->priv;
+ struct orinoco_pccard *card = priv->card;
+ int err = 0;
+
+ if (!test_bit(0, &card->hard_reset_in_progress))
+ err = orinoco_up(priv);
+
+ return err;
+}
+
+
+/********************************************************************/
+/* Module initialization */
+/********************************************************************/
+
+static const struct pcmcia_device_id orinoco_cs_ids[] = {
+ PCMCIA_DEVICE_MANF_CARD(0x0101, 0x0777), /* 3Com AirConnect PCI 777A */
+ PCMCIA_DEVICE_MANF_CARD(0x016b, 0x0001), /* Ericsson WLAN Card C11 */
+ PCMCIA_DEVICE_MANF_CARD(0x01eb, 0x080a), /* Nortel Networks eMobility 802.11 Wireless Adapter */
+ PCMCIA_DEVICE_MANF_CARD(0x0261, 0x0002), /* AirWay 802.11 Adapter (PCMCIA) */
+ PCMCIA_DEVICE_MANF_CARD(0x0268, 0x0001), /* ARtem Onair */
+ PCMCIA_DEVICE_MANF_CARD(0x0268, 0x0003), /* ARtem Onair Comcard 11 */
+ PCMCIA_DEVICE_MANF_CARD(0x026f, 0x0305), /* Buffalo WLI-PCM-S11 */
+ PCMCIA_DEVICE_MANF_CARD(0x02aa, 0x0002), /* ASUS SpaceLink WL-100 */
+ PCMCIA_DEVICE_MANF_CARD(0x02ac, 0x0002), /* SpeedStream SS1021 Wireless Adapter */
+ PCMCIA_DEVICE_MANF_CARD(0x02ac, 0x3021), /* SpeedStream Wireless Adapter */
+ PCMCIA_DEVICE_MANF_CARD(0x14ea, 0xb001), /* PLANEX RoadLannerWave GW-NS11H */
+ PCMCIA_DEVICE_PROD_ID12("3Com", "3CRWE737A AirConnect Wireless LAN PC Card", 0x41240e5b, 0x56010af3),
+ PCMCIA_DEVICE_PROD_ID12("Allied Telesyn", "AT-WCL452 Wireless PCMCIA Radio", 0x5cd01705, 0x4271660f),
+ PCMCIA_DEVICE_PROD_ID12("ASUS", "802_11B_CF_CARD_25", 0x78fc06ee, 0x45a50c1e),
+ PCMCIA_DEVICE_PROD_ID12("ASUS", "802_11b_PC_CARD_25", 0x78fc06ee, 0xdb9aa842),
+ PCMCIA_DEVICE_PROD_ID12("Avaya Communication", "Avaya Wireless PC Card", 0xd8a43b78, 0x0d341169),
+ PCMCIA_DEVICE_PROD_ID12("BENQ", "AWL100 PCMCIA ADAPTER", 0x35dadc74, 0x01f7fedb),
+ PCMCIA_DEVICE_PROD_ID12("Cabletron", "RoamAbout 802.11 DS", 0x32d445f5, 0xedeffd90),
+ PCMCIA_DEVICE_PROD_ID12("D-Link Corporation", "D-Link DWL-650H 11Mbps WLAN Adapter", 0xef544d24, 0xcd8ea916),
+ PCMCIA_DEVICE_PROD_ID12("ELSA", "AirLancer MC-11", 0x4507a33a, 0xef54f0e3),
+ PCMCIA_DEVICE_PROD_ID12("HyperLink", "Wireless PC Card 11Mbps", 0x56cc3f1a, 0x0bcf220c),
+ PCMCIA_DEVICE_PROD_ID12("Intel", "PRO/Wireless 2011 LAN PC Card", 0x816cc815, 0x07f58077),
+ PCMCIA_DEVICE_PROD_ID12("LeArtery", "SYNCBYAIR 11Mbps Wireless LAN PC Card", 0x7e3b326a, 0x49893e92),
+ PCMCIA_DEVICE_PROD_ID12("Lucent Technologies", "WaveLAN/IEEE", 0x23eb9949, 0xc562e72a),
+ PCMCIA_DEVICE_PROD_ID12("MELCO", "WLI-PCM-L11", 0x481e0094, 0x7360e410),
+ PCMCIA_DEVICE_PROD_ID12("MELCO", "WLI-PCM-L11G", 0x481e0094, 0xf57ca4b3),
+ PCMCIA_DEVICE_PROD_ID12("NCR", "WaveLAN/IEEE", 0x24358cd4, 0xc562e72a),
+ PCMCIA_DEVICE_PROD_ID12("Nortel Networks", "emobility 802.11 Wireless LAN PC Card", 0x2d617ea0, 0x88cd5767),
+ PCMCIA_DEVICE_PROD_ID12("OTC", "Wireless AirEZY 2411-PCC WLAN Card", 0x4ac44287, 0x235a6bed),
+ PCMCIA_DEVICE_PROD_ID12("PROXIM", "LAN PC CARD HARMONY 80211B", 0xc6536a5e, 0x090c3cd9),
+ PCMCIA_DEVICE_PROD_ID12("PROXIM", "LAN PCI CARD HARMONY 80211B", 0xc6536a5e, 0x9f494e26),
+ PCMCIA_DEVICE_PROD_ID12("SAMSUNG", "11Mbps WLAN Card", 0x43d74cb4, 0x579bd91b),
+ PCMCIA_DEVICE_PROD_ID12("Symbol Technologies", "LA4111 Spectrum24 Wireless LAN PC Card", 0x3f02b4d6, 0x3663cb0e),
+ PCMCIA_DEVICE_MANF_CARD_PROD_ID3(0x0156, 0x0002, "Version 01.01", 0xd27deb1a), /* Lucent Orinoco */
+#ifdef CONFIG_HERMES_PRISM
+ /* Only entries that certainly identify Prism chipset */
+ PCMCIA_DEVICE_MANF_CARD(0x000b, 0x7100), /* SonicWALL Long Range Wireless Card */
+ PCMCIA_DEVICE_MANF_CARD(0x000b, 0x7300), /* Sohoware NCP110, Philips 802.11b */
+ PCMCIA_DEVICE_MANF_CARD(0x0089, 0x0002), /* AnyPoint(TM) Wireless II PC Card */
+ PCMCIA_DEVICE_MANF_CARD(0x0126, 0x8000), /* PROXIM RangeLAN-DS/LAN PC CARD */
+ PCMCIA_DEVICE_MANF_CARD(0x0138, 0x0002), /* Compaq WL100 11 Mbps Wireless Adapter */
+ PCMCIA_DEVICE_MANF_CARD(0x01ff, 0x0008), /* Intermec MobileLAN 11Mbps 802.11b WLAN Card */
+ PCMCIA_DEVICE_MANF_CARD(0x0250, 0x0002), /* Samsung SWL2000-N 11Mb/s WLAN Card */
+ PCMCIA_DEVICE_MANF_CARD(0x0274, 0x1612), /* Linksys WPC11 Version 2.5 */
+ PCMCIA_DEVICE_MANF_CARD(0x0274, 0x1613), /* Linksys WPC11 Version 3 */
+ PCMCIA_DEVICE_MANF_CARD(0x028a, 0x0002), /* Compaq HNW-100 11 Mbps Wireless Adapter */
+ PCMCIA_DEVICE_MANF_CARD(0x028a, 0x0673), /* Linksys WCF12 Wireless CompactFlash Card */
+ PCMCIA_DEVICE_MANF_CARD(0x50c2, 0x7300), /* Airvast WN-100 */
+ PCMCIA_DEVICE_MANF_CARD(0x9005, 0x0021), /* Adaptec Ultra Wireless ANW-8030 */
+ PCMCIA_DEVICE_MANF_CARD(0xc001, 0x0008), /* CONTEC FLEXSCAN/FX-DDS110-PCC */
+ PCMCIA_DEVICE_MANF_CARD(0xc250, 0x0002), /* Conceptronic CON11Cpro, EMTAC A2424i */
+ PCMCIA_DEVICE_MANF_CARD(0xd601, 0x0002), /* Safeway 802.11b, ZCOMAX AirRunner/XI-300 */
+ PCMCIA_DEVICE_MANF_CARD(0xd601, 0x0005), /* D-Link DCF660, Sandisk Connect SDWCFB-000 */
+ PCMCIA_DEVICE_PROD_ID123("Instant Wireless ", " Network PC CARD", "Version 01.02", 0x11d901af, 0x6e9bd926, 0x4b74baa0),
+ PCMCIA_DEVICE_PROD_ID12("ACTIONTEC", "PRISM Wireless LAN PC Card", 0x393089da, 0xa71e69d5),
+ PCMCIA_DEVICE_PROD_ID12("Addtron", "AWP-100 Wireless PCMCIA", 0xe6ec52ce, 0x08649af2),
+ PCMCIA_DEVICE_PROD_ID12("BUFFALO", "WLI-CF-S11G", 0x2decece3, 0x82067c18),
+ PCMCIA_DEVICE_PROD_ID12("BUFFALO", "WLI-PCM-L11G", 0x2decece3, 0xf57ca4b3),
+ PCMCIA_DEVICE_PROD_ID12("Compaq", "WL200_11Mbps_Wireless_PCI_Card", 0x54f7c49c, 0x15a75e5b),
+ PCMCIA_DEVICE_PROD_ID12("corega K.K.", "Wireless LAN PCC-11", 0x5261440f, 0xa6405584),
+ PCMCIA_DEVICE_PROD_ID12("corega K.K.", "Wireless LAN PCCA-11", 0x5261440f, 0xdf6115f9),
+ PCMCIA_DEVICE_PROD_ID12("corega_K.K.", "Wireless_LAN_PCCB-11", 0x29e33311, 0xee7a27ae),
+ PCMCIA_DEVICE_PROD_ID12("Digital Data Communications", "WPC-0100", 0xfdd73470, 0xe0b6f146),
+ PCMCIA_DEVICE_PROD_ID12("D", "Link DRC-650 11Mbps WLAN Card", 0x71b18589, 0xf144e3ac),
+ PCMCIA_DEVICE_PROD_ID12("D", "Link DWL-650 11Mbps WLAN Card", 0x71b18589, 0xb6f1b0ab),
+ PCMCIA_DEVICE_PROD_ID12(" ", "IEEE 802.11 Wireless LAN/PC Card", 0x3b6e20c8, 0xefccafe9),
+ PCMCIA_DEVICE_PROD_ID12("INTERSIL", "HFA384x/IEEE", 0x74c5e40d, 0xdb472a18),
+ PCMCIA_DEVICE_PROD_ID12("INTERSIL", "I-GATE 11M PC Card / PC Card plus", 0x74c5e40d, 0x8304ff77),
+ PCMCIA_DEVICE_PROD_ID12("Intersil", "PRISM 2_5 PCMCIA ADAPTER", 0x4b801a17, 0x6345a0bf),
+ PCMCIA_DEVICE_PROD_ID12("Linksys", "Wireless CompactFlash Card", 0x0733cc81, 0x0c52f395),
+ PCMCIA_DEVICE_PROD_ID12("Microsoft", "Wireless Notebook Adapter MN-520", 0x5961bf85, 0x6eec8c01),
+ PCMCIA_DEVICE_PROD_ID12("NETGEAR MA401RA Wireless PC", "Card", 0x0306467f, 0x9762e8f1),
+ PCMCIA_DEVICE_PROD_ID12("NETGEAR MA401 Wireless PC", "Card", 0xa37434e9, 0x9762e8f1),
+ PCMCIA_DEVICE_PROD_ID12("OEM", "PRISM2 IEEE 802.11 PC-Card", 0xfea54c90, 0x48f2bdd6),
+ PCMCIA_DEVICE_PROD_ID12("PLANEX", "GeoWave/GW-CF110", 0x209f40ab, 0xd9715264),
+ PCMCIA_DEVICE_PROD_ID12("PLANEX", "GeoWave/GW-NS110", 0x209f40ab, 0x46263178),
+ PCMCIA_DEVICE_PROD_ID12("SMC", "SMC2532W-B EliteConnect Wireless Adapter", 0xc4f8b18b, 0x196bd757),
+ PCMCIA_DEVICE_PROD_ID12("SMC", "SMC2632W", 0xc4f8b18b, 0x474a1f2a),
+ PCMCIA_DEVICE_PROD_ID12("ZoomAir 11Mbps High", "Rate wireless Networking", 0x273fe3db, 0x32a1eaee),
+ PCMCIA_DEVICE_PROD_ID3("HFA3863", 0x355cb092),
+ PCMCIA_DEVICE_PROD_ID3("ISL37100P", 0x630d52b2),
+ PCMCIA_DEVICE_PROD_ID3("ISL37101P-10", 0xdd97a26b),
+ PCMCIA_DEVICE_PROD_ID3("ISL37300P", 0xc9049a39),
+
+ /* This may be Agere or Intersil Firmware */
+ PCMCIA_DEVICE_MANF_CARD(0x0156, 0x0002),
+#endif
+ PCMCIA_DEVICE_NULL,
+};
+MODULE_DEVICE_TABLE(pcmcia, orinoco_cs_ids);
+
+static struct pcmcia_driver orinoco_driver = {
+ .owner = THIS_MODULE,
+ .name = DRIVER_NAME,
+ .probe = orinoco_cs_probe,
+ .remove = orinoco_cs_detach,
+ .id_table = orinoco_cs_ids,
+ .suspend = orinoco_cs_suspend,
+ .resume = orinoco_cs_resume,
+};
+module_pcmcia_driver(orinoco_driver);
diff --git a/drivers/net/wireless/intersil/orinoco/orinoco_nortel.c b/drivers/net/wireless/intersil/orinoco/orinoco_nortel.c
new file mode 100644
index 000000000..18bd0d987
--- /dev/null
+++ b/drivers/net/wireless/intersil/orinoco/orinoco_nortel.c
@@ -0,0 +1,314 @@
+/* orinoco_nortel.c
+ *
+ * Driver for Prism II devices which would usually be driven by orinoco_cs,
+ * but are connected to the PCI bus by a PCI-to-PCMCIA adapter used in
+ * Nortel emobility, Symbol LA-4113 and Symbol LA-4123.
+ *
+ * Copyright (C) 2002 Tobias Hoffmann
+ * (C) 2003 Christoph Jungegger <disdos@traum404.de>
+ *
+ * Some of this code is borrowed from orinoco_plx.c
+ * Copyright (C) 2001 Daniel Barlow
+ * Some of this code is borrowed from orinoco_pci.c
+ * Copyright (C) 2001 Jean Tourrilhes
+ * Some of this code is "inspired" by linux-wlan-ng-0.1.10, but nothing
+ * has been copied from it. linux-wlan-ng-0.1.10 is originally :
+ * Copyright (C) 1999 AbsoluteValue Systems, Inc. All Rights Reserved.
+ *
+ * The contents of this file are subject to the Mozilla Public License
+ * Version 1.1 (the "License"); you may not use this file except in
+ * compliance with the License. You may obtain a copy of the License
+ * at http://www.mozilla.org/MPL/
+ *
+ * Software distributed under the License is distributed on an "AS IS"
+ * basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See
+ * the License for the specific language governing rights and
+ * limitations under the License.
+ *
+ * Alternatively, the contents of this file may be used under the
+ * terms of the GNU General Public License version 2 (the "GPL"), in
+ * which case the provisions of the GPL are applicable instead of the
+ * above. If you wish to allow the use of your version of this file
+ * only under the terms of the GPL and not to allow others to use your
+ * version of this file under the MPL, indicate your decision by
+ * deleting the provisions above and replace them with the notice and
+ * other provisions required by the GPL. If you do not delete the
+ * provisions above, a recipient may use your version of this file
+ * under either the MPL or the GPL.
+ */
+
+#define DRIVER_NAME "orinoco_nortel"
+#define PFX DRIVER_NAME ": "
+
+#include <linux/module.h>
+#include <linux/kernel.h>
+#include <linux/init.h>
+#include <linux/delay.h>
+#include <linux/pci.h>
+#include <pcmcia/cisreg.h>
+
+#include "orinoco.h"
+#include "orinoco_pci.h"
+
+#define COR_OFFSET (0xe0) /* COR attribute offset of Prism2 PC card */
+#define COR_VALUE (COR_LEVEL_REQ | COR_FUNC_ENA) /* Enable PC card with interrupt in level trigger */
+
+
+/*
+ * Do a soft reset of the card using the Configuration Option Register
+ * We need this to get going...
+ * This is the part of the code that is strongly inspired from wlan-ng
+ *
+ * Note bis : Don't try to access HERMES_CMD during the reset phase.
+ * It just won't work !
+ */
+static int orinoco_nortel_cor_reset(struct orinoco_private *priv)
+{
+ struct orinoco_pci_card *card = priv->card;
+
+ /* Assert the reset until the card notices */
+ iowrite16(8, card->bridge_io + 2);
+ ioread16(card->attr_io + COR_OFFSET);
+ iowrite16(0x80, card->attr_io + COR_OFFSET);
+ mdelay(1);
+
+ /* Give time for the card to recover from this hard effort */
+ iowrite16(0, card->attr_io + COR_OFFSET);
+ iowrite16(0, card->attr_io + COR_OFFSET);
+ mdelay(1);
+
+ /* Set COR as usual */
+ iowrite16(COR_VALUE, card->attr_io + COR_OFFSET);
+ iowrite16(COR_VALUE, card->attr_io + COR_OFFSET);
+ mdelay(1);
+
+ iowrite16(0x228, card->bridge_io + 2);
+
+ return 0;
+}
+
+static int orinoco_nortel_hw_init(struct orinoco_pci_card *card)
+{
+ int i;
+ u32 reg;
+
+ /* Setup bridge */
+ if (ioread16(card->bridge_io) & 1) {
+ printk(KERN_ERR PFX "brg1 answer1 wrong\n");
+ return -EBUSY;
+ }
+ iowrite16(0x118, card->bridge_io + 2);
+ iowrite16(0x108, card->bridge_io + 2);
+ mdelay(30);
+ iowrite16(0x8, card->bridge_io + 2);
+ for (i = 0; i < 30; i++) {
+ mdelay(30);
+ if (ioread16(card->bridge_io) & 0x10)
+ break;
+ }
+ if (i == 30) {
+ printk(KERN_ERR PFX "brg1 timed out\n");
+ return -EBUSY;
+ }
+ if (ioread16(card->attr_io + COR_OFFSET) & 1) {
+ printk(KERN_ERR PFX "brg2 answer1 wrong\n");
+ return -EBUSY;
+ }
+ if (ioread16(card->attr_io + COR_OFFSET + 2) & 1) {
+ printk(KERN_ERR PFX "brg2 answer2 wrong\n");
+ return -EBUSY;
+ }
+ if (ioread16(card->attr_io + COR_OFFSET + 4) & 1) {
+ printk(KERN_ERR PFX "brg2 answer3 wrong\n");
+ return -EBUSY;
+ }
+
+ /* Set the PCMCIA COR register */
+ iowrite16(COR_VALUE, card->attr_io + COR_OFFSET);
+ mdelay(1);
+ reg = ioread16(card->attr_io + COR_OFFSET);
+ if (reg != COR_VALUE) {
+ printk(KERN_ERR PFX "Error setting COR value (reg=%x)\n",
+ reg);
+ return -EBUSY;
+ }
+
+ /* Set LEDs */
+ iowrite16(1, card->bridge_io + 10);
+ return 0;
+}
+
+static int orinoco_nortel_init_one(struct pci_dev *pdev,
+ const struct pci_device_id *ent)
+{
+ int err;
+ struct orinoco_private *priv;
+ struct orinoco_pci_card *card;
+ void __iomem *hermes_io, *bridge_io, *attr_io;
+
+ err = pci_enable_device(pdev);
+ if (err) {
+ printk(KERN_ERR PFX "Cannot enable PCI device\n");
+ return err;
+ }
+
+ err = pci_request_regions(pdev, DRIVER_NAME);
+ if (err) {
+ printk(KERN_ERR PFX "Cannot obtain PCI resources\n");
+ goto fail_resources;
+ }
+
+ bridge_io = pci_iomap(pdev, 0, 0);
+ if (!bridge_io) {
+ printk(KERN_ERR PFX "Cannot map bridge registers\n");
+ err = -EIO;
+ goto fail_map_bridge;
+ }
+
+ attr_io = pci_iomap(pdev, 1, 0);
+ if (!attr_io) {
+ printk(KERN_ERR PFX "Cannot map PCMCIA attributes\n");
+ err = -EIO;
+ goto fail_map_attr;
+ }
+
+ hermes_io = pci_iomap(pdev, 2, 0);
+ if (!hermes_io) {
+ printk(KERN_ERR PFX "Cannot map chipset registers\n");
+ err = -EIO;
+ goto fail_map_hermes;
+ }
+
+ /* Allocate network device */
+ priv = alloc_orinocodev(sizeof(*card), &pdev->dev,
+ orinoco_nortel_cor_reset, NULL);
+ if (!priv) {
+ printk(KERN_ERR PFX "Cannot allocate network device\n");
+ err = -ENOMEM;
+ goto fail_alloc;
+ }
+
+ card = priv->card;
+ card->bridge_io = bridge_io;
+ card->attr_io = attr_io;
+
+ hermes_struct_init(&priv->hw, hermes_io, HERMES_16BIT_REGSPACING);
+
+ err = request_irq(pdev->irq, orinoco_interrupt, IRQF_SHARED,
+ DRIVER_NAME, priv);
+ if (err) {
+ printk(KERN_ERR PFX "Cannot allocate IRQ %d\n", pdev->irq);
+ err = -EBUSY;
+ goto fail_irq;
+ }
+
+ err = orinoco_nortel_hw_init(card);
+ if (err) {
+ printk(KERN_ERR PFX "Hardware initialization failed\n");
+ goto fail;
+ }
+
+ err = orinoco_nortel_cor_reset(priv);
+ if (err) {
+ printk(KERN_ERR PFX "Initial reset failed\n");
+ goto fail;
+ }
+
+ err = orinoco_init(priv);
+ if (err) {
+ printk(KERN_ERR PFX "orinoco_init() failed\n");
+ goto fail;
+ }
+
+ err = orinoco_if_add(priv, 0, 0, NULL);
+ if (err) {
+ printk(KERN_ERR PFX "orinoco_if_add() failed\n");
+ goto fail_wiphy;
+ }
+
+ pci_set_drvdata(pdev, priv);
+
+ return 0;
+
+ fail_wiphy:
+ wiphy_unregister(priv_to_wiphy(priv));
+ fail:
+ free_irq(pdev->irq, priv);
+
+ fail_irq:
+ free_orinocodev(priv);
+
+ fail_alloc:
+ pci_iounmap(pdev, hermes_io);
+
+ fail_map_hermes:
+ pci_iounmap(pdev, attr_io);
+
+ fail_map_attr:
+ pci_iounmap(pdev, bridge_io);
+
+ fail_map_bridge:
+ pci_release_regions(pdev);
+
+ fail_resources:
+ pci_disable_device(pdev);
+
+ return err;
+}
+
+static void orinoco_nortel_remove_one(struct pci_dev *pdev)
+{
+ struct orinoco_private *priv = pci_get_drvdata(pdev);
+ struct orinoco_pci_card *card = priv->card;
+
+ /* Clear LEDs */
+ iowrite16(0, card->bridge_io + 10);
+
+ orinoco_if_del(priv);
+ wiphy_unregister(priv_to_wiphy(priv));
+ free_irq(pdev->irq, priv);
+ free_orinocodev(priv);
+ pci_iounmap(pdev, priv->hw.iobase);
+ pci_iounmap(pdev, card->attr_io);
+ pci_iounmap(pdev, card->bridge_io);
+ pci_release_regions(pdev);
+ pci_disable_device(pdev);
+}
+
+static const struct pci_device_id orinoco_nortel_id_table[] = {
+ /* Nortel emobility PCI */
+ {0x126c, 0x8030, PCI_ANY_ID, PCI_ANY_ID,},
+ /* Symbol LA-4123 PCI */
+ {0x1562, 0x0001, PCI_ANY_ID, PCI_ANY_ID,},
+ {0,},
+};
+
+MODULE_DEVICE_TABLE(pci, orinoco_nortel_id_table);
+
+static struct pci_driver orinoco_nortel_driver = {
+ .name = DRIVER_NAME,
+ .id_table = orinoco_nortel_id_table,
+ .probe = orinoco_nortel_init_one,
+ .remove = orinoco_nortel_remove_one,
+ .driver.pm = &orinoco_pci_pm_ops,
+};
+
+static char version[] __initdata = DRIVER_NAME " " DRIVER_VERSION
+ " (Tobias Hoffmann & Christoph Jungegger <disdos@traum404.de>)";
+MODULE_AUTHOR("Christoph Jungegger <disdos@traum404.de>");
+MODULE_DESCRIPTION("Driver for wireless LAN cards using the Nortel PCI bridge");
+MODULE_LICENSE("Dual MPL/GPL");
+
+static int __init orinoco_nortel_init(void)
+{
+ printk(KERN_DEBUG "%s\n", version);
+ return pci_register_driver(&orinoco_nortel_driver);
+}
+
+static void __exit orinoco_nortel_exit(void)
+{
+ pci_unregister_driver(&orinoco_nortel_driver);
+}
+
+module_init(orinoco_nortel_init);
+module_exit(orinoco_nortel_exit);
diff --git a/drivers/net/wireless/intersil/orinoco/orinoco_pci.c b/drivers/net/wireless/intersil/orinoco/orinoco_pci.c
new file mode 100644
index 000000000..7e3a6dd60
--- /dev/null
+++ b/drivers/net/wireless/intersil/orinoco/orinoco_pci.c
@@ -0,0 +1,257 @@
+/* orinoco_pci.c
+ *
+ * Driver for Prism 2.5/3 devices that have a direct PCI interface
+ * (i.e. these are not PCMCIA cards in a PCMCIA-to-PCI bridge).
+ * The card contains only one PCI region, which contains all the usual
+ * hermes registers, as well as the COR register.
+ *
+ * Current maintainers are:
+ * Pavel Roskin <proski AT gnu.org>
+ * and David Gibson <hermes AT gibson.dropbear.id.au>
+ *
+ * Some of this code is borrowed from orinoco_plx.c
+ * Copyright (C) 2001 Daniel Barlow <dan AT telent.net>
+ * Some of this code is "inspired" by linux-wlan-ng-0.1.10, but nothing
+ * has been copied from it. linux-wlan-ng-0.1.10 is originally :
+ * Copyright (C) 1999 AbsoluteValue Systems, Inc. All Rights Reserved.
+ * This file originally written by:
+ * Copyright (C) 2001 Jean Tourrilhes <jt AT hpl.hp.com>
+ * And is now maintained by:
+ * (C) Copyright David Gibson, IBM Corp. 2002-2003.
+ *
+ * The contents of this file are subject to the Mozilla Public License
+ * Version 1.1 (the "License"); you may not use this file except in
+ * compliance with the License. You may obtain a copy of the License
+ * at http://www.mozilla.org/MPL/
+ *
+ * Software distributed under the License is distributed on an "AS IS"
+ * basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See
+ * the License for the specific language governing rights and
+ * limitations under the License.
+ *
+ * Alternatively, the contents of this file may be used under the
+ * terms of the GNU General Public License version 2 (the "GPL"), in
+ * which case the provisions of the GPL are applicable instead of the
+ * above. If you wish to allow the use of your version of this file
+ * only under the terms of the GPL and not to allow others to use your
+ * version of this file under the MPL, indicate your decision by
+ * deleting the provisions above and replace them with the notice and
+ * other provisions required by the GPL. If you do not delete the
+ * provisions above, a recipient may use your version of this file
+ * under either the MPL or the GPL.
+ */
+
+#define DRIVER_NAME "orinoco_pci"
+#define PFX DRIVER_NAME ": "
+
+#include <linux/module.h>
+#include <linux/kernel.h>
+#include <linux/init.h>
+#include <linux/delay.h>
+#include <linux/pci.h>
+
+#include "orinoco.h"
+#include "orinoco_pci.h"
+
+/* Offset of the COR register of the PCI card */
+#define HERMES_PCI_COR (0x26)
+
+/* Bitmask to reset the card */
+#define HERMES_PCI_COR_MASK (0x0080)
+
+/* Magic timeouts for doing the reset.
+ * Those times are straight from wlan-ng, and it is claimed that they
+ * are necessary. Alan will kill me. Take your time and grab a coffee. */
+#define HERMES_PCI_COR_ONT (250) /* ms */
+#define HERMES_PCI_COR_OFFT (500) /* ms */
+#define HERMES_PCI_COR_BUSYT (500) /* ms */
+
+/*
+ * Do a soft reset of the card using the Configuration Option Register
+ * We need this to get going...
+ * This is the part of the code that is strongly inspired from wlan-ng
+ *
+ * Note : This code is done with irq enabled. This mean that many
+ * interrupts will occur while we are there. This is why we use the
+ * jiffies to regulate time instead of a straight mdelay(). Usually we
+ * need only around 245 iteration of the loop to do 250 ms delay.
+ *
+ * Note bis : Don't try to access HERMES_CMD during the reset phase.
+ * It just won't work !
+ */
+static int orinoco_pci_cor_reset(struct orinoco_private *priv)
+{
+ struct hermes *hw = &priv->hw;
+ unsigned long timeout;
+ u16 reg;
+
+ /* Assert the reset until the card notices */
+ hermes_write_regn(hw, PCI_COR, HERMES_PCI_COR_MASK);
+ mdelay(HERMES_PCI_COR_ONT);
+
+ /* Give time for the card to recover from this hard effort */
+ hermes_write_regn(hw, PCI_COR, 0x0000);
+ mdelay(HERMES_PCI_COR_OFFT);
+
+ /* The card is ready when it's no longer busy */
+ timeout = jiffies + msecs_to_jiffies(HERMES_PCI_COR_BUSYT);
+ reg = hermes_read_regn(hw, CMD);
+ while (time_before(jiffies, timeout) && (reg & HERMES_CMD_BUSY)) {
+ mdelay(1);
+ reg = hermes_read_regn(hw, CMD);
+ }
+
+ /* Still busy? */
+ if (reg & HERMES_CMD_BUSY) {
+ printk(KERN_ERR PFX "Busy timeout\n");
+ return -ETIMEDOUT;
+ }
+
+ return 0;
+}
+
+static int orinoco_pci_init_one(struct pci_dev *pdev,
+ const struct pci_device_id *ent)
+{
+ int err;
+ struct orinoco_private *priv;
+ struct orinoco_pci_card *card;
+ void __iomem *hermes_io;
+
+ err = pci_enable_device(pdev);
+ if (err) {
+ printk(KERN_ERR PFX "Cannot enable PCI device\n");
+ return err;
+ }
+
+ err = pci_request_regions(pdev, DRIVER_NAME);
+ if (err) {
+ printk(KERN_ERR PFX "Cannot obtain PCI resources\n");
+ goto fail_resources;
+ }
+
+ hermes_io = pci_iomap(pdev, 0, 0);
+ if (!hermes_io) {
+ printk(KERN_ERR PFX "Cannot remap chipset registers\n");
+ err = -EIO;
+ goto fail_map_hermes;
+ }
+
+ /* Allocate network device */
+ priv = alloc_orinocodev(sizeof(*card), &pdev->dev,
+ orinoco_pci_cor_reset, NULL);
+ if (!priv) {
+ printk(KERN_ERR PFX "Cannot allocate network device\n");
+ err = -ENOMEM;
+ goto fail_alloc;
+ }
+
+ card = priv->card;
+
+ hermes_struct_init(&priv->hw, hermes_io, HERMES_32BIT_REGSPACING);
+
+ err = request_irq(pdev->irq, orinoco_interrupt, IRQF_SHARED,
+ DRIVER_NAME, priv);
+ if (err) {
+ printk(KERN_ERR PFX "Cannot allocate IRQ %d\n", pdev->irq);
+ err = -EBUSY;
+ goto fail_irq;
+ }
+
+ err = orinoco_pci_cor_reset(priv);
+ if (err) {
+ printk(KERN_ERR PFX "Initial reset failed\n");
+ goto fail;
+ }
+
+ err = orinoco_init(priv);
+ if (err) {
+ printk(KERN_ERR PFX "orinoco_init() failed\n");
+ goto fail;
+ }
+
+ err = orinoco_if_add(priv, 0, 0, NULL);
+ if (err) {
+ printk(KERN_ERR PFX "orinoco_if_add() failed\n");
+ goto fail_wiphy;
+ }
+
+ pci_set_drvdata(pdev, priv);
+
+ return 0;
+
+ fail_wiphy:
+ wiphy_unregister(priv_to_wiphy(priv));
+ fail:
+ free_irq(pdev->irq, priv);
+
+ fail_irq:
+ free_orinocodev(priv);
+
+ fail_alloc:
+ pci_iounmap(pdev, hermes_io);
+
+ fail_map_hermes:
+ pci_release_regions(pdev);
+
+ fail_resources:
+ pci_disable_device(pdev);
+
+ return err;
+}
+
+static void orinoco_pci_remove_one(struct pci_dev *pdev)
+{
+ struct orinoco_private *priv = pci_get_drvdata(pdev);
+
+ orinoco_if_del(priv);
+ wiphy_unregister(priv_to_wiphy(priv));
+ free_irq(pdev->irq, priv);
+ free_orinocodev(priv);
+ pci_iounmap(pdev, priv->hw.iobase);
+ pci_release_regions(pdev);
+ pci_disable_device(pdev);
+}
+
+static const struct pci_device_id orinoco_pci_id_table[] = {
+ /* Intersil Prism 3 */
+ {0x1260, 0x3872, PCI_ANY_ID, PCI_ANY_ID,},
+ /* Intersil Prism 2.5 */
+ {0x1260, 0x3873, PCI_ANY_ID, PCI_ANY_ID,},
+ /* Samsung MagicLAN SWL-2210P */
+ {0x167d, 0xa000, PCI_ANY_ID, PCI_ANY_ID,},
+ {0,},
+};
+
+MODULE_DEVICE_TABLE(pci, orinoco_pci_id_table);
+
+static struct pci_driver orinoco_pci_driver = {
+ .name = DRIVER_NAME,
+ .id_table = orinoco_pci_id_table,
+ .probe = orinoco_pci_init_one,
+ .remove = orinoco_pci_remove_one,
+ .driver.pm = &orinoco_pci_pm_ops,
+};
+
+static char version[] __initdata = DRIVER_NAME " " DRIVER_VERSION
+ " (Pavel Roskin <proski@gnu.org>,"
+ " David Gibson <hermes@gibson.dropbear.id.au> &"
+ " Jean Tourrilhes <jt@hpl.hp.com>)";
+MODULE_AUTHOR("Pavel Roskin <proski@gnu.org> &"
+ " David Gibson <hermes@gibson.dropbear.id.au>");
+MODULE_DESCRIPTION("Driver for wireless LAN cards using direct PCI interface");
+MODULE_LICENSE("Dual MPL/GPL");
+
+static int __init orinoco_pci_init(void)
+{
+ printk(KERN_DEBUG "%s\n", version);
+ return pci_register_driver(&orinoco_pci_driver);
+}
+
+static void __exit orinoco_pci_exit(void)
+{
+ pci_unregister_driver(&orinoco_pci_driver);
+}
+
+module_init(orinoco_pci_init);
+module_exit(orinoco_pci_exit);
diff --git a/drivers/net/wireless/intersil/orinoco/orinoco_pci.h b/drivers/net/wireless/intersil/orinoco/orinoco_pci.h
new file mode 100644
index 000000000..d49d94086
--- /dev/null
+++ b/drivers/net/wireless/intersil/orinoco/orinoco_pci.h
@@ -0,0 +1,54 @@
+/* orinoco_pci.h
+ *
+ * Common code for all Orinoco drivers for PCI devices, including
+ * both native PCI and PCMCIA-to-PCI bridges.
+ *
+ * Copyright (C) 2005, Pavel Roskin.
+ * See main.c for license.
+ */
+
+#ifndef _ORINOCO_PCI_H
+#define _ORINOCO_PCI_H
+
+#include <linux/netdevice.h>
+
+/* Driver specific data */
+struct orinoco_pci_card {
+ void __iomem *bridge_io;
+ void __iomem *attr_io;
+};
+
+static int __maybe_unused orinoco_pci_suspend(struct device *dev_d)
+{
+ struct pci_dev *pdev = to_pci_dev(dev_d);
+ struct orinoco_private *priv = pci_get_drvdata(pdev);
+
+ orinoco_down(priv);
+ free_irq(pdev->irq, priv);
+
+ return 0;
+}
+
+static int __maybe_unused orinoco_pci_resume(struct device *dev_d)
+{
+ struct pci_dev *pdev = to_pci_dev(dev_d);
+ struct orinoco_private *priv = pci_get_drvdata(pdev);
+ struct net_device *dev = priv->ndev;
+ int err;
+
+ err = request_irq(pdev->irq, orinoco_interrupt, IRQF_SHARED,
+ dev->name, priv);
+ if (err) {
+ printk(KERN_ERR "%s: cannot re-allocate IRQ on resume\n",
+ dev->name);
+ return -EBUSY;
+ }
+
+ return orinoco_up(priv);
+}
+
+static SIMPLE_DEV_PM_OPS(orinoco_pci_pm_ops,
+ orinoco_pci_suspend,
+ orinoco_pci_resume);
+
+#endif /* _ORINOCO_PCI_H */
diff --git a/drivers/net/wireless/intersil/orinoco/orinoco_plx.c b/drivers/net/wireless/intersil/orinoco/orinoco_plx.c
new file mode 100644
index 000000000..73e6ae124
--- /dev/null
+++ b/drivers/net/wireless/intersil/orinoco/orinoco_plx.c
@@ -0,0 +1,362 @@
+/* orinoco_plx.c
+ *
+ * Driver for Prism II devices which would usually be driven by orinoco_cs,
+ * but are connected to the PCI bus by a PLX9052.
+ *
+ * Current maintainers are:
+ * Pavel Roskin <proski AT gnu.org>
+ * and David Gibson <hermes AT gibson.dropbear.id.au>
+ *
+ * (C) Copyright David Gibson, IBM Corp. 2001-2003.
+ * Copyright (C) 2001 Daniel Barlow
+ *
+ * The contents of this file are subject to the Mozilla Public License
+ * Version 1.1 (the "License"); you may not use this file except in
+ * compliance with the License. You may obtain a copy of the License
+ * at http://www.mozilla.org/MPL/
+ *
+ * Software distributed under the License is distributed on an "AS IS"
+ * basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See
+ * the License for the specific language governing rights and
+ * limitations under the License.
+ *
+ * Alternatively, the contents of this file may be used under the
+ * terms of the GNU General Public License version 2 (the "GPL"), in
+ * which case the provisions of the GPL are applicable instead of the
+ * above. If you wish to allow the use of your version of this file
+ * only under the terms of the GPL and not to allow others to use your
+ * version of this file under the MPL, indicate your decision by
+ * deleting the provisions above and replace them with the notice and
+ * other provisions required by the GPL. If you do not delete the
+ * provisions above, a recipient may use your version of this file
+ * under either the MPL or the GPL.
+ *
+ * Here's the general details on how the PLX9052 adapter works:
+ *
+ * - Two PCI I/O address spaces, one 0x80 long which contains the
+ * PLX9052 registers, and one that's 0x40 long mapped to the PCMCIA
+ * slot I/O address space.
+ *
+ * - One PCI memory address space, mapped to the PCMCIA attribute space
+ * (containing the CIS).
+ *
+ * Using the later, you can read through the CIS data to make sure the
+ * card is compatible with the driver. Keep in mind that the PCMCIA
+ * spec specifies the CIS as the lower 8 bits of each word read from
+ * the CIS, so to read the bytes of the CIS, read every other byte
+ * (0,2,4,...). Passing that test, you need to enable the I/O address
+ * space on the PCMCIA card via the PCMCIA COR register. This is the
+ * first byte following the CIS. In my case (which may not have any
+ * relation to what's on the PRISM2 cards), COR was at offset 0x800
+ * within the PCI memory space. Write 0x41 to the COR register to
+ * enable I/O mode and to select level triggered interrupts. To
+ * confirm you actually succeeded, read the COR register back and make
+ * sure it actually got set to 0x41, in case you have an unexpected
+ * card inserted.
+ *
+ * Following that, you can treat the second PCI I/O address space (the
+ * one that's not 0x80 in length) as the PCMCIA I/O space.
+ *
+ * Note that in the Eumitcom's source for their drivers, they register
+ * the interrupt as edge triggered when registering it with the
+ * Windows kernel. I don't recall how to register edge triggered on
+ * Linux (if it can be done at all). But in some experimentation, I
+ * don't see much operational difference between using either
+ * interrupt mode. Don't mess with the interrupt mode in the COR
+ * register though, as the PLX9052 wants level triggers with the way
+ * the serial EEPROM configures it on the WL11000.
+ *
+ * There's some other little quirks related to timing that I bumped
+ * into, but I don't recall right now. Also, there's two variants of
+ * the WL11000 I've seen, revision A1 and T2. These seem to differ
+ * slightly in the timings configured in the wait-state generator in
+ * the PLX9052. There have also been some comments from Eumitcom that
+ * cards shouldn't be hot swapped, apparently due to risk of cooking
+ * the PLX9052. I'm unsure why they believe this, as I can't see
+ * anything in the design that would really cause a problem, except
+ * for crashing drivers not written to expect it. And having developed
+ * drivers for the WL11000, I'd say it's quite tricky to write code
+ * that will successfully deal with a hot unplug. Very odd things
+ * happen on the I/O side of things. But anyway, be warned. Despite
+ * that, I've hot-swapped a number of times during debugging and
+ * driver development for various reasons (stuck WAIT# line after the
+ * radio card's firmware locks up).
+ */
+
+#define DRIVER_NAME "orinoco_plx"
+#define PFX DRIVER_NAME ": "
+
+#include <linux/module.h>
+#include <linux/kernel.h>
+#include <linux/init.h>
+#include <linux/delay.h>
+#include <linux/pci.h>
+#include <pcmcia/cisreg.h>
+
+#include "orinoco.h"
+#include "orinoco_pci.h"
+
+#define COR_OFFSET (0x3e0) /* COR attribute offset of Prism2 PC card */
+#define COR_VALUE (COR_LEVEL_REQ | COR_FUNC_ENA) /* Enable PC card with interrupt in level trigger */
+#define COR_RESET (0x80) /* reset bit in the COR register */
+#define PLX_RESET_TIME (500) /* milliseconds */
+
+#define PLX_INTCSR 0x4c /* Interrupt Control & Status Register */
+#define PLX_INTCSR_INTEN (1 << 6) /* Interrupt Enable bit */
+
+/*
+ * Do a soft reset of the card using the Configuration Option Register
+ */
+static int orinoco_plx_cor_reset(struct orinoco_private *priv)
+{
+ struct hermes *hw = &priv->hw;
+ struct orinoco_pci_card *card = priv->card;
+ unsigned long timeout;
+ u16 reg;
+
+ iowrite8(COR_VALUE | COR_RESET, card->attr_io + COR_OFFSET);
+ mdelay(1);
+
+ iowrite8(COR_VALUE, card->attr_io + COR_OFFSET);
+ mdelay(1);
+
+ /* Just in case, wait more until the card is no longer busy */
+ timeout = jiffies + msecs_to_jiffies(PLX_RESET_TIME);
+ reg = hermes_read_regn(hw, CMD);
+ while (time_before(jiffies, timeout) && (reg & HERMES_CMD_BUSY)) {
+ mdelay(1);
+ reg = hermes_read_regn(hw, CMD);
+ }
+
+ /* Still busy? */
+ if (reg & HERMES_CMD_BUSY) {
+ printk(KERN_ERR PFX "Busy timeout\n");
+ return -ETIMEDOUT;
+ }
+
+ return 0;
+}
+
+static int orinoco_plx_hw_init(struct orinoco_pci_card *card)
+{
+ int i;
+ u32 csr_reg;
+ static const u8 cis_magic[] = {
+ 0x01, 0x03, 0x00, 0x00, 0xff, 0x17, 0x04, 0x67
+ };
+
+ printk(KERN_DEBUG PFX "CIS: ");
+ for (i = 0; i < 16; i++)
+ printk("%02X:", ioread8(card->attr_io + (i << 1)));
+ printk("\n");
+
+ /* Verify whether a supported PC card is present */
+ /* FIXME: we probably need to be smarted about this */
+ for (i = 0; i < sizeof(cis_magic); i++) {
+ if (cis_magic[i] != ioread8(card->attr_io + (i << 1))) {
+ printk(KERN_ERR PFX "The CIS value of Prism2 PC "
+ "card is unexpected\n");
+ return -ENODEV;
+ }
+ }
+
+ /* bjoern: We need to tell the card to enable interrupts, in
+ case the serial eprom didn't do this already. See the
+ PLX9052 data book, p8-1 and 8-24 for reference. */
+ csr_reg = ioread32(card->bridge_io + PLX_INTCSR);
+ if (!(csr_reg & PLX_INTCSR_INTEN)) {
+ csr_reg |= PLX_INTCSR_INTEN;
+ iowrite32(csr_reg, card->bridge_io + PLX_INTCSR);
+ csr_reg = ioread32(card->bridge_io + PLX_INTCSR);
+ if (!(csr_reg & PLX_INTCSR_INTEN)) {
+ printk(KERN_ERR PFX "Cannot enable interrupts\n");
+ return -EIO;
+ }
+ }
+
+ return 0;
+}
+
+static int orinoco_plx_init_one(struct pci_dev *pdev,
+ const struct pci_device_id *ent)
+{
+ int err;
+ struct orinoco_private *priv;
+ struct orinoco_pci_card *card;
+ void __iomem *hermes_io, *attr_io, *bridge_io;
+
+ err = pci_enable_device(pdev);
+ if (err) {
+ printk(KERN_ERR PFX "Cannot enable PCI device\n");
+ return err;
+ }
+
+ err = pci_request_regions(pdev, DRIVER_NAME);
+ if (err) {
+ printk(KERN_ERR PFX "Cannot obtain PCI resources\n");
+ goto fail_resources;
+ }
+
+ bridge_io = pci_iomap(pdev, 1, 0);
+ if (!bridge_io) {
+ printk(KERN_ERR PFX "Cannot map bridge registers\n");
+ err = -EIO;
+ goto fail_map_bridge;
+ }
+
+ attr_io = pci_iomap(pdev, 2, 0);
+ if (!attr_io) {
+ printk(KERN_ERR PFX "Cannot map PCMCIA attributes\n");
+ err = -EIO;
+ goto fail_map_attr;
+ }
+
+ hermes_io = pci_iomap(pdev, 3, 0);
+ if (!hermes_io) {
+ printk(KERN_ERR PFX "Cannot map chipset registers\n");
+ err = -EIO;
+ goto fail_map_hermes;
+ }
+
+ /* Allocate network device */
+ priv = alloc_orinocodev(sizeof(*card), &pdev->dev,
+ orinoco_plx_cor_reset, NULL);
+ if (!priv) {
+ printk(KERN_ERR PFX "Cannot allocate network device\n");
+ err = -ENOMEM;
+ goto fail_alloc;
+ }
+
+ card = priv->card;
+ card->bridge_io = bridge_io;
+ card->attr_io = attr_io;
+
+ hermes_struct_init(&priv->hw, hermes_io, HERMES_16BIT_REGSPACING);
+
+ err = request_irq(pdev->irq, orinoco_interrupt, IRQF_SHARED,
+ DRIVER_NAME, priv);
+ if (err) {
+ printk(KERN_ERR PFX "Cannot allocate IRQ %d\n", pdev->irq);
+ err = -EBUSY;
+ goto fail_irq;
+ }
+
+ err = orinoco_plx_hw_init(card);
+ if (err) {
+ printk(KERN_ERR PFX "Hardware initialization failed\n");
+ goto fail;
+ }
+
+ err = orinoco_plx_cor_reset(priv);
+ if (err) {
+ printk(KERN_ERR PFX "Initial reset failed\n");
+ goto fail;
+ }
+
+ err = orinoco_init(priv);
+ if (err) {
+ printk(KERN_ERR PFX "orinoco_init() failed\n");
+ goto fail;
+ }
+
+ err = orinoco_if_add(priv, 0, 0, NULL);
+ if (err) {
+ printk(KERN_ERR PFX "orinoco_if_add() failed\n");
+ goto fail_wiphy;
+ }
+
+ pci_set_drvdata(pdev, priv);
+
+ return 0;
+
+ fail_wiphy:
+ wiphy_unregister(priv_to_wiphy(priv));
+ fail:
+ free_irq(pdev->irq, priv);
+
+ fail_irq:
+ free_orinocodev(priv);
+
+ fail_alloc:
+ pci_iounmap(pdev, hermes_io);
+
+ fail_map_hermes:
+ pci_iounmap(pdev, attr_io);
+
+ fail_map_attr:
+ pci_iounmap(pdev, bridge_io);
+
+ fail_map_bridge:
+ pci_release_regions(pdev);
+
+ fail_resources:
+ pci_disable_device(pdev);
+
+ return err;
+}
+
+static void orinoco_plx_remove_one(struct pci_dev *pdev)
+{
+ struct orinoco_private *priv = pci_get_drvdata(pdev);
+ struct orinoco_pci_card *card = priv->card;
+
+ orinoco_if_del(priv);
+ wiphy_unregister(priv_to_wiphy(priv));
+ free_irq(pdev->irq, priv);
+ free_orinocodev(priv);
+ pci_iounmap(pdev, priv->hw.iobase);
+ pci_iounmap(pdev, card->attr_io);
+ pci_iounmap(pdev, card->bridge_io);
+ pci_release_regions(pdev);
+ pci_disable_device(pdev);
+}
+
+static const struct pci_device_id orinoco_plx_id_table[] = {
+ {0x111a, 0x1023, PCI_ANY_ID, PCI_ANY_ID,}, /* Siemens SpeedStream SS1023 */
+ {0x1385, 0x4100, PCI_ANY_ID, PCI_ANY_ID,}, /* Netgear MA301 */
+ {0x15e8, 0x0130, PCI_ANY_ID, PCI_ANY_ID,}, /* Correga - does this work? */
+ {0x1638, 0x1100, PCI_ANY_ID, PCI_ANY_ID,}, /* SMC EZConnect SMC2602W,
+ Eumitcom PCI WL11000,
+ Addtron AWA-100 */
+ {0x16ab, 0x1100, PCI_ANY_ID, PCI_ANY_ID,}, /* Global Sun Tech GL24110P */
+ {0x16ab, 0x1101, PCI_ANY_ID, PCI_ANY_ID,}, /* Reported working, but unknown */
+ {0x16ab, 0x1102, PCI_ANY_ID, PCI_ANY_ID,}, /* Linksys WDT11 */
+ {0x16ec, 0x3685, PCI_ANY_ID, PCI_ANY_ID,}, /* USR 2415 */
+ {0xec80, 0xec00, PCI_ANY_ID, PCI_ANY_ID,}, /* Belkin F5D6000 tested by
+ Brendan W. McAdams <rit AT jacked-in.org> */
+ {0x10b7, 0x7770, PCI_ANY_ID, PCI_ANY_ID,}, /* 3Com AirConnect PCI tested by
+ Damien Persohn <damien AT persohn.net> */
+ {0,},
+};
+
+MODULE_DEVICE_TABLE(pci, orinoco_plx_id_table);
+
+static struct pci_driver orinoco_plx_driver = {
+ .name = DRIVER_NAME,
+ .id_table = orinoco_plx_id_table,
+ .probe = orinoco_plx_init_one,
+ .remove = orinoco_plx_remove_one,
+ .driver.pm = &orinoco_pci_pm_ops,
+};
+
+static char version[] __initdata = DRIVER_NAME " " DRIVER_VERSION
+ " (Pavel Roskin <proski@gnu.org>,"
+ " David Gibson <hermes@gibson.dropbear.id.au>,"
+ " Daniel Barlow <dan@telent.net>)";
+MODULE_AUTHOR("Daniel Barlow <dan@telent.net>");
+MODULE_DESCRIPTION("Driver for wireless LAN cards using the PLX9052 PCI bridge");
+MODULE_LICENSE("Dual MPL/GPL");
+
+static int __init orinoco_plx_init(void)
+{
+ printk(KERN_DEBUG "%s\n", version);
+ return pci_register_driver(&orinoco_plx_driver);
+}
+
+static void __exit orinoco_plx_exit(void)
+{
+ pci_unregister_driver(&orinoco_plx_driver);
+}
+
+module_init(orinoco_plx_init);
+module_exit(orinoco_plx_exit);
diff --git a/drivers/net/wireless/intersil/orinoco/orinoco_tmd.c b/drivers/net/wireless/intersil/orinoco/orinoco_tmd.c
new file mode 100644
index 000000000..939d5a1dc
--- /dev/null
+++ b/drivers/net/wireless/intersil/orinoco/orinoco_tmd.c
@@ -0,0 +1,237 @@
+/* orinoco_tmd.c
+ *
+ * Driver for Prism II devices which would usually be driven by orinoco_cs,
+ * but are connected to the PCI bus by a TMD7160.
+ *
+ * Copyright (C) 2003 Joerg Dorchain <joerg AT dorchain.net>
+ * based heavily upon orinoco_plx.c Copyright (C) 2001 Daniel Barlow
+ *
+ * The contents of this file are subject to the Mozilla Public License
+ * Version 1.1 (the "License"); you may not use this file except in
+ * compliance with the License. You may obtain a copy of the License
+ * at http://www.mozilla.org/MPL/
+ *
+ * Software distributed under the License is distributed on an "AS IS"
+ * basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See
+ * the License for the specific language governing rights and
+ * limitations under the License.
+ *
+ * Alternatively, the contents of this file may be used under the
+ * terms of the GNU General Public License version 2 (the "GPL"), in
+ * which case the provisions of the GPL are applicable instead of the
+ * above. If you wish to allow the use of your version of this file
+ * only under the terms of the GPL and not to allow others to use your
+ * version of this file under the MPL, indicate your decision by
+ * deleting the provisions above and replace them with the notice and
+ * other provisions required by the GPL. If you do not delete the
+ * provisions above, a recipient may use your version of this file
+ * under either the MPL or the GPL.
+ *
+ * The actual driving is done by main.c, this is just resource
+ * allocation stuff.
+ *
+ * This driver is modeled after the orinoco_plx driver. The main
+ * difference is that the TMD chip has only IO port ranges and doesn't
+ * provide access to the PCMCIA attribute space.
+ *
+ * Pheecom sells cards with the TMD chip as "ASIC version"
+ */
+
+#define DRIVER_NAME "orinoco_tmd"
+#define PFX DRIVER_NAME ": "
+
+#include <linux/module.h>
+#include <linux/kernel.h>
+#include <linux/init.h>
+#include <linux/delay.h>
+#include <linux/pci.h>
+#include <pcmcia/cisreg.h>
+
+#include "orinoco.h"
+#include "orinoco_pci.h"
+
+#define COR_VALUE (COR_LEVEL_REQ | COR_FUNC_ENA) /* Enable PC card with interrupt in level trigger */
+#define COR_RESET (0x80) /* reset bit in the COR register */
+#define TMD_RESET_TIME (500) /* milliseconds */
+
+/*
+ * Do a soft reset of the card using the Configuration Option Register
+ */
+static int orinoco_tmd_cor_reset(struct orinoco_private *priv)
+{
+ struct hermes *hw = &priv->hw;
+ struct orinoco_pci_card *card = priv->card;
+ unsigned long timeout;
+ u16 reg;
+
+ iowrite8(COR_VALUE | COR_RESET, card->bridge_io);
+ mdelay(1);
+
+ iowrite8(COR_VALUE, card->bridge_io);
+ mdelay(1);
+
+ /* Just in case, wait more until the card is no longer busy */
+ timeout = jiffies + msecs_to_jiffies(TMD_RESET_TIME);
+ reg = hermes_read_regn(hw, CMD);
+ while (time_before(jiffies, timeout) && (reg & HERMES_CMD_BUSY)) {
+ mdelay(1);
+ reg = hermes_read_regn(hw, CMD);
+ }
+
+ /* Still busy? */
+ if (reg & HERMES_CMD_BUSY) {
+ printk(KERN_ERR PFX "Busy timeout\n");
+ return -ETIMEDOUT;
+ }
+
+ return 0;
+}
+
+
+static int orinoco_tmd_init_one(struct pci_dev *pdev,
+ const struct pci_device_id *ent)
+{
+ int err;
+ struct orinoco_private *priv;
+ struct orinoco_pci_card *card;
+ void __iomem *hermes_io, *bridge_io;
+
+ err = pci_enable_device(pdev);
+ if (err) {
+ printk(KERN_ERR PFX "Cannot enable PCI device\n");
+ return err;
+ }
+
+ err = pci_request_regions(pdev, DRIVER_NAME);
+ if (err) {
+ printk(KERN_ERR PFX "Cannot obtain PCI resources\n");
+ goto fail_resources;
+ }
+
+ bridge_io = pci_iomap(pdev, 1, 0);
+ if (!bridge_io) {
+ printk(KERN_ERR PFX "Cannot map bridge registers\n");
+ err = -EIO;
+ goto fail_map_bridge;
+ }
+
+ hermes_io = pci_iomap(pdev, 2, 0);
+ if (!hermes_io) {
+ printk(KERN_ERR PFX "Cannot map chipset registers\n");
+ err = -EIO;
+ goto fail_map_hermes;
+ }
+
+ /* Allocate network device */
+ priv = alloc_orinocodev(sizeof(*card), &pdev->dev,
+ orinoco_tmd_cor_reset, NULL);
+ if (!priv) {
+ printk(KERN_ERR PFX "Cannot allocate network device\n");
+ err = -ENOMEM;
+ goto fail_alloc;
+ }
+
+ card = priv->card;
+ card->bridge_io = bridge_io;
+
+ hermes_struct_init(&priv->hw, hermes_io, HERMES_16BIT_REGSPACING);
+
+ err = request_irq(pdev->irq, orinoco_interrupt, IRQF_SHARED,
+ DRIVER_NAME, priv);
+ if (err) {
+ printk(KERN_ERR PFX "Cannot allocate IRQ %d\n", pdev->irq);
+ err = -EBUSY;
+ goto fail_irq;
+ }
+
+ err = orinoco_tmd_cor_reset(priv);
+ if (err) {
+ printk(KERN_ERR PFX "Initial reset failed\n");
+ goto fail;
+ }
+
+ err = orinoco_init(priv);
+ if (err) {
+ printk(KERN_ERR PFX "orinoco_init() failed\n");
+ goto fail;
+ }
+
+ err = orinoco_if_add(priv, 0, 0, NULL);
+ if (err) {
+ printk(KERN_ERR PFX "orinoco_if_add() failed\n");
+ goto fail;
+ }
+
+ pci_set_drvdata(pdev, priv);
+
+ return 0;
+
+ fail:
+ free_irq(pdev->irq, priv);
+
+ fail_irq:
+ free_orinocodev(priv);
+
+ fail_alloc:
+ pci_iounmap(pdev, hermes_io);
+
+ fail_map_hermes:
+ pci_iounmap(pdev, bridge_io);
+
+ fail_map_bridge:
+ pci_release_regions(pdev);
+
+ fail_resources:
+ pci_disable_device(pdev);
+
+ return err;
+}
+
+static void orinoco_tmd_remove_one(struct pci_dev *pdev)
+{
+ struct orinoco_private *priv = pci_get_drvdata(pdev);
+ struct orinoco_pci_card *card = priv->card;
+
+ orinoco_if_del(priv);
+ free_irq(pdev->irq, priv);
+ free_orinocodev(priv);
+ pci_iounmap(pdev, priv->hw.iobase);
+ pci_iounmap(pdev, card->bridge_io);
+ pci_release_regions(pdev);
+ pci_disable_device(pdev);
+}
+
+static const struct pci_device_id orinoco_tmd_id_table[] = {
+ {0x15e8, 0x0131, PCI_ANY_ID, PCI_ANY_ID,}, /* NDC and OEMs, e.g. pheecom */
+ {0,},
+};
+
+MODULE_DEVICE_TABLE(pci, orinoco_tmd_id_table);
+
+static struct pci_driver orinoco_tmd_driver = {
+ .name = DRIVER_NAME,
+ .id_table = orinoco_tmd_id_table,
+ .probe = orinoco_tmd_init_one,
+ .remove = orinoco_tmd_remove_one,
+ .driver.pm = &orinoco_pci_pm_ops,
+};
+
+static char version[] __initdata = DRIVER_NAME " " DRIVER_VERSION
+ " (Joerg Dorchain <joerg@dorchain.net>)";
+MODULE_AUTHOR("Joerg Dorchain <joerg@dorchain.net>");
+MODULE_DESCRIPTION("Driver for wireless LAN cards using the TMD7160 PCI bridge");
+MODULE_LICENSE("Dual MPL/GPL");
+
+static int __init orinoco_tmd_init(void)
+{
+ printk(KERN_DEBUG "%s\n", version);
+ return pci_register_driver(&orinoco_tmd_driver);
+}
+
+static void __exit orinoco_tmd_exit(void)
+{
+ pci_unregister_driver(&orinoco_tmd_driver);
+}
+
+module_init(orinoco_tmd_init);
+module_exit(orinoco_tmd_exit);
diff --git a/drivers/net/wireless/intersil/orinoco/orinoco_usb.c b/drivers/net/wireless/intersil/orinoco/orinoco_usb.c
new file mode 100644
index 000000000..dd3192926
--- /dev/null
+++ b/drivers/net/wireless/intersil/orinoco/orinoco_usb.c
@@ -0,0 +1,1787 @@
+/*
+ * USB Orinoco driver
+ *
+ * Copyright (c) 2003 Manuel Estrada Sainz
+ *
+ * The contents of this file are subject to the Mozilla Public License
+ * Version 1.1 (the "License"); you may not use this file except in
+ * compliance with the License. You may obtain a copy of the License
+ * at http://www.mozilla.org/MPL/
+ *
+ * Software distributed under the License is distributed on an "AS IS"
+ * basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See
+ * the License for the specific language governing rights and
+ * limitations under the License.
+ *
+ * Alternatively, the contents of this file may be used under the
+ * terms of the GNU General Public License version 2 (the "GPL"), in
+ * which case the provisions of the GPL are applicable instead of the
+ * above. If you wish to allow the use of your version of this file
+ * only under the terms of the GPL and not to allow others to use your
+ * version of this file under the MPL, indicate your decision by
+ * deleting the provisions above and replace them with the notice and
+ * other provisions required by the GPL. If you do not delete the
+ * provisions above, a recipient may use your version of this file
+ * under either the MPL or the GPL.
+ *
+ * Queueing code based on linux-wlan-ng 0.2.1-pre5
+ *
+ * Copyright (C) 1999 AbsoluteValue Systems, Inc. All Rights Reserved.
+ *
+ * The license is the same as above.
+ *
+ * Initialy based on USB Skeleton driver - 0.7
+ *
+ * Copyright (c) 2001 Greg Kroah-Hartman (greg@kroah.com)
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU General Public License as
+ * published by the Free Software Foundation; either version 2 of
+ * the License, or (at your option) any later version.
+ *
+ * NOTE: The original USB Skeleton driver is GPL, but all that code is
+ * gone so MPL/GPL applies.
+ */
+
+#define DRIVER_NAME "orinoco_usb"
+#define PFX DRIVER_NAME ": "
+
+#include <linux/module.h>
+#include <linux/kernel.h>
+#include <linux/sched.h>
+#include <linux/signal.h>
+#include <linux/errno.h>
+#include <linux/poll.h>
+#include <linux/slab.h>
+#include <linux/fcntl.h>
+#include <linux/spinlock.h>
+#include <linux/list.h>
+#include <linux/usb.h>
+#include <linux/timer.h>
+
+#include <linux/netdevice.h>
+#include <linux/if_arp.h>
+#include <linux/etherdevice.h>
+#include <linux/wireless.h>
+#include <linux/firmware.h>
+#include <linux/refcount.h>
+
+#include "mic.h"
+#include "orinoco.h"
+
+#ifndef URB_ASYNC_UNLINK
+#define URB_ASYNC_UNLINK 0
+#endif
+
+struct header_struct {
+ /* 802.3 */
+ u8 dest[ETH_ALEN];
+ u8 src[ETH_ALEN];
+ __be16 len;
+ /* 802.2 */
+ u8 dsap;
+ u8 ssap;
+ u8 ctrl;
+ /* SNAP */
+ u8 oui[3];
+ __be16 ethertype;
+} __packed;
+
+struct ez_usb_fw {
+ u16 size;
+ const u8 *code;
+};
+
+static struct ez_usb_fw firmware = {
+ .size = 0,
+ .code = NULL,
+};
+
+/* Debugging macros */
+#undef err
+#define err(format, arg...) \
+ do { printk(KERN_ERR PFX format "\n", ## arg); } while (0)
+
+MODULE_FIRMWARE("orinoco_ezusb_fw");
+
+/*
+ * Under some conditions, the card gets stuck and stops paying attention
+ * to the world (i.e. data communication stalls) until we do something to
+ * it. Sending an INQ_TALLIES command seems to be enough and should be
+ * harmless otherwise. This behaviour has been observed when using the
+ * driver on a systemimager client during installation. In the past a
+ * timer was used to send INQ_TALLIES commands when there was no other
+ * activity, but it was troublesome and was removed.
+ */
+
+#define USB_COMPAQ_VENDOR_ID 0x049f /* Compaq Computer Corp. */
+#define USB_COMPAQ_WL215_ID 0x001f /* Compaq WL215 USB Adapter */
+#define USB_COMPAQ_W200_ID 0x0076 /* Compaq W200 USB Adapter */
+#define USB_HP_WL215_ID 0x0082 /* Compaq WL215 USB Adapter */
+
+#define USB_MELCO_VENDOR_ID 0x0411
+#define USB_BUFFALO_L11_ID 0x0006 /* BUFFALO WLI-USB-L11 */
+#define USB_BUFFALO_L11G_WR_ID 0x000B /* BUFFALO WLI-USB-L11G-WR */
+#define USB_BUFFALO_L11G_ID 0x000D /* BUFFALO WLI-USB-L11G */
+
+#define USB_LUCENT_VENDOR_ID 0x047E /* Lucent Technologies */
+#define USB_LUCENT_ORINOCO_ID 0x0300 /* Lucent/Agere Orinoco USB Client */
+
+#define USB_AVAYA8_VENDOR_ID 0x0D98
+#define USB_AVAYAE_VENDOR_ID 0x0D9E
+#define USB_AVAYA_WIRELESS_ID 0x0300 /* Avaya Wireless USB Card */
+
+#define USB_AGERE_VENDOR_ID 0x0D4E /* Agere Systems */
+#define USB_AGERE_MODEL0801_ID 0x1000 /* Wireless USB Card Model 0801 */
+#define USB_AGERE_MODEL0802_ID 0x1001 /* Wireless USB Card Model 0802 */
+#define USB_AGERE_REBRANDED_ID 0x047A /* WLAN USB Card */
+
+#define USB_ELSA_VENDOR_ID 0x05CC
+#define USB_ELSA_AIRLANCER_ID 0x3100 /* ELSA AirLancer USB-11 */
+
+#define USB_LEGEND_VENDOR_ID 0x0E7C
+#define USB_LEGEND_JOYNET_ID 0x0300 /* Joynet WLAN USB Card */
+
+#define USB_SAMSUNG_VENDOR_ID 0x04E8
+#define USB_SAMSUNG_SEW2001U1_ID 0x5002 /* Samsung SEW-2001u Card */
+#define USB_SAMSUNG_SEW2001U2_ID 0x5B11 /* Samsung SEW-2001u Card */
+#define USB_SAMSUNG_SEW2003U_ID 0x7011 /* Samsung SEW-2003U Card */
+
+#define USB_IGATE_VENDOR_ID 0x0681
+#define USB_IGATE_IGATE_11M_ID 0x0012 /* I-GATE 11M USB Card */
+
+#define USB_FUJITSU_VENDOR_ID 0x0BF8
+#define USB_FUJITSU_E1100_ID 0x1002 /* connect2AIR WLAN E-1100 USB */
+
+#define USB_2WIRE_VENDOR_ID 0x1630
+#define USB_2WIRE_WIRELESS_ID 0xff81 /* 2Wire Wireless USB adapter */
+
+
+#define EZUSB_REQUEST_FW_TRANS 0xA0
+#define EZUSB_REQUEST_TRIGGER 0xAA
+#define EZUSB_REQUEST_TRIG_AC 0xAC
+#define EZUSB_CPUCS_REG 0x7F92
+
+#define EZUSB_RID_TX 0x0700
+#define EZUSB_RID_RX 0x0701
+#define EZUSB_RID_INIT1 0x0702
+#define EZUSB_RID_ACK 0x0710
+#define EZUSB_RID_READ_PDA 0x0800
+#define EZUSB_RID_PROG_INIT 0x0852
+#define EZUSB_RID_PROG_SET_ADDR 0x0853
+#define EZUSB_RID_PROG_BYTES 0x0854
+#define EZUSB_RID_PROG_END 0x0855
+#define EZUSB_RID_DOCMD 0x0860
+
+/* Recognize info frames */
+#define EZUSB_IS_INFO(id) ((id >= 0xF000) && (id <= 0xF2FF))
+
+#define EZUSB_MAGIC 0x0210
+
+#define EZUSB_FRAME_DATA 1
+#define EZUSB_FRAME_CONTROL 2
+
+#define DEF_TIMEOUT (3 * HZ)
+
+#define BULK_BUF_SIZE 2048
+
+#define MAX_DL_SIZE (BULK_BUF_SIZE - sizeof(struct ezusb_packet))
+
+#define FW_BUF_SIZE 64
+#define FW_VAR_OFFSET_PTR 0x359
+#define FW_VAR_VALUE 0
+#define FW_HOLE_START 0x100
+#define FW_HOLE_END 0x300
+
+struct ezusb_packet {
+ __le16 magic; /* 0x0210 */
+ u8 req_reply_count;
+ u8 ans_reply_count;
+ __le16 frame_type; /* 0x01 for data frames, 0x02 otherwise */
+ __le16 size; /* transport size */
+ __le16 crc; /* CRC up to here */
+ __le16 hermes_len;
+ __le16 hermes_rid;
+ u8 data[];
+} __packed;
+
+/* Table of devices that work or may work with this driver */
+static const struct usb_device_id ezusb_table[] = {
+ {USB_DEVICE(USB_COMPAQ_VENDOR_ID, USB_COMPAQ_WL215_ID)},
+ {USB_DEVICE(USB_COMPAQ_VENDOR_ID, USB_HP_WL215_ID)},
+ {USB_DEVICE(USB_COMPAQ_VENDOR_ID, USB_COMPAQ_W200_ID)},
+ {USB_DEVICE(USB_MELCO_VENDOR_ID, USB_BUFFALO_L11_ID)},
+ {USB_DEVICE(USB_MELCO_VENDOR_ID, USB_BUFFALO_L11G_WR_ID)},
+ {USB_DEVICE(USB_MELCO_VENDOR_ID, USB_BUFFALO_L11G_ID)},
+ {USB_DEVICE(USB_LUCENT_VENDOR_ID, USB_LUCENT_ORINOCO_ID)},
+ {USB_DEVICE(USB_AVAYA8_VENDOR_ID, USB_AVAYA_WIRELESS_ID)},
+ {USB_DEVICE(USB_AVAYAE_VENDOR_ID, USB_AVAYA_WIRELESS_ID)},
+ {USB_DEVICE(USB_AGERE_VENDOR_ID, USB_AGERE_MODEL0801_ID)},
+ {USB_DEVICE(USB_AGERE_VENDOR_ID, USB_AGERE_MODEL0802_ID)},
+ {USB_DEVICE(USB_ELSA_VENDOR_ID, USB_ELSA_AIRLANCER_ID)},
+ {USB_DEVICE(USB_LEGEND_VENDOR_ID, USB_LEGEND_JOYNET_ID)},
+ {USB_DEVICE_VER(USB_SAMSUNG_VENDOR_ID, USB_SAMSUNG_SEW2001U1_ID,
+ 0, 0)},
+ {USB_DEVICE(USB_SAMSUNG_VENDOR_ID, USB_SAMSUNG_SEW2001U2_ID)},
+ {USB_DEVICE(USB_SAMSUNG_VENDOR_ID, USB_SAMSUNG_SEW2003U_ID)},
+ {USB_DEVICE(USB_IGATE_VENDOR_ID, USB_IGATE_IGATE_11M_ID)},
+ {USB_DEVICE(USB_FUJITSU_VENDOR_ID, USB_FUJITSU_E1100_ID)},
+ {USB_DEVICE(USB_2WIRE_VENDOR_ID, USB_2WIRE_WIRELESS_ID)},
+ {USB_DEVICE(USB_AGERE_VENDOR_ID, USB_AGERE_REBRANDED_ID)},
+ {} /* Terminating entry */
+};
+
+MODULE_DEVICE_TABLE(usb, ezusb_table);
+
+/* Structure to hold all of our device specific stuff */
+struct ezusb_priv {
+ struct usb_device *udev;
+ struct net_device *dev;
+ struct mutex mtx;
+ spinlock_t req_lock;
+ struct list_head req_pending;
+ struct list_head req_active;
+ spinlock_t reply_count_lock;
+ u16 hermes_reg_fake[0x40];
+ u8 *bap_buf;
+ struct urb *read_urb;
+ int read_pipe;
+ int write_pipe;
+ u8 reply_count;
+};
+
+enum ezusb_state {
+ EZUSB_CTX_START,
+ EZUSB_CTX_QUEUED,
+ EZUSB_CTX_REQ_SUBMITTED,
+ EZUSB_CTX_REQ_COMPLETE,
+ EZUSB_CTX_RESP_RECEIVED,
+ EZUSB_CTX_REQ_TIMEOUT,
+ EZUSB_CTX_REQ_FAILED,
+ EZUSB_CTX_RESP_TIMEOUT,
+ EZUSB_CTX_REQSUBMIT_FAIL,
+ EZUSB_CTX_COMPLETE,
+};
+
+struct request_context {
+ struct list_head list;
+ refcount_t refcount;
+ struct completion done; /* Signals that CTX is dead */
+ int killed;
+ struct urb *outurb; /* OUT for req pkt */
+ struct ezusb_priv *upriv;
+ struct ezusb_packet *buf;
+ int buf_length;
+ struct timer_list timer; /* Timeout handling */
+ enum ezusb_state state; /* Current state */
+ /* the RID that we will wait for */
+ u16 out_rid;
+ u16 in_rid;
+};
+
+
+/* Forward declarations */
+static void ezusb_ctx_complete(struct request_context *ctx);
+static void ezusb_req_queue_run(struct ezusb_priv *upriv);
+static void ezusb_bulk_in_callback(struct urb *urb);
+
+static inline u8 ezusb_reply_inc(u8 count)
+{
+ if (count < 0x7F)
+ return count + 1;
+ else
+ return 1;
+}
+
+static void ezusb_request_context_put(struct request_context *ctx)
+{
+ if (!refcount_dec_and_test(&ctx->refcount))
+ return;
+
+ WARN_ON(!ctx->done.done);
+ BUG_ON(ctx->outurb->status == -EINPROGRESS);
+ BUG_ON(timer_pending(&ctx->timer));
+ usb_free_urb(ctx->outurb);
+ kfree(ctx->buf);
+ kfree(ctx);
+}
+
+static inline void ezusb_mod_timer(struct ezusb_priv *upriv,
+ struct timer_list *timer,
+ unsigned long expire)
+{
+ if (!upriv->udev)
+ return;
+ mod_timer(timer, expire);
+}
+
+static void ezusb_request_timerfn(struct timer_list *t)
+{
+ struct request_context *ctx = from_timer(ctx, t, timer);
+
+ ctx->outurb->transfer_flags |= URB_ASYNC_UNLINK;
+ if (usb_unlink_urb(ctx->outurb) == -EINPROGRESS) {
+ ctx->state = EZUSB_CTX_REQ_TIMEOUT;
+ } else {
+ ctx->state = EZUSB_CTX_RESP_TIMEOUT;
+ dev_dbg(&ctx->outurb->dev->dev, "couldn't unlink\n");
+ refcount_inc(&ctx->refcount);
+ ctx->killed = 1;
+ ezusb_ctx_complete(ctx);
+ ezusb_request_context_put(ctx);
+ }
+};
+
+static struct request_context *ezusb_alloc_ctx(struct ezusb_priv *upriv,
+ u16 out_rid, u16 in_rid)
+{
+ struct request_context *ctx;
+
+ ctx = kzalloc(sizeof(*ctx), GFP_ATOMIC);
+ if (!ctx)
+ return NULL;
+
+ ctx->buf = kmalloc(BULK_BUF_SIZE, GFP_ATOMIC);
+ if (!ctx->buf) {
+ kfree(ctx);
+ return NULL;
+ }
+ ctx->outurb = usb_alloc_urb(0, GFP_ATOMIC);
+ if (!ctx->outurb) {
+ kfree(ctx->buf);
+ kfree(ctx);
+ return NULL;
+ }
+
+ ctx->upriv = upriv;
+ ctx->state = EZUSB_CTX_START;
+ ctx->out_rid = out_rid;
+ ctx->in_rid = in_rid;
+
+ refcount_set(&ctx->refcount, 1);
+ init_completion(&ctx->done);
+
+ timer_setup(&ctx->timer, ezusb_request_timerfn, 0);
+ return ctx;
+}
+
+static void ezusb_ctx_complete(struct request_context *ctx)
+{
+ struct ezusb_priv *upriv = ctx->upriv;
+ unsigned long flags;
+
+ spin_lock_irqsave(&upriv->req_lock, flags);
+
+ list_del_init(&ctx->list);
+ if (upriv->udev) {
+ spin_unlock_irqrestore(&upriv->req_lock, flags);
+ ezusb_req_queue_run(upriv);
+ spin_lock_irqsave(&upriv->req_lock, flags);
+ }
+
+ switch (ctx->state) {
+ case EZUSB_CTX_COMPLETE:
+ case EZUSB_CTX_REQSUBMIT_FAIL:
+ case EZUSB_CTX_REQ_FAILED:
+ case EZUSB_CTX_REQ_TIMEOUT:
+ case EZUSB_CTX_RESP_TIMEOUT:
+ spin_unlock_irqrestore(&upriv->req_lock, flags);
+
+ if ((ctx->out_rid == EZUSB_RID_TX) && upriv->dev) {
+ struct net_device *dev = upriv->dev;
+ struct net_device_stats *stats = &dev->stats;
+
+ if (ctx->state != EZUSB_CTX_COMPLETE)
+ stats->tx_errors++;
+ else
+ stats->tx_packets++;
+
+ netif_wake_queue(dev);
+ }
+ complete_all(&ctx->done);
+ ezusb_request_context_put(ctx);
+ break;
+
+ default:
+ spin_unlock_irqrestore(&upriv->req_lock, flags);
+ if (!upriv->udev) {
+ /* This is normal, as all request contexts get flushed
+ * when the device is disconnected */
+ err("Called, CTX not terminating, but device gone");
+ complete_all(&ctx->done);
+ ezusb_request_context_put(ctx);
+ break;
+ }
+
+ err("Called, CTX not in terminating state.");
+ /* Things are really bad if this happens. Just leak
+ * the CTX because it may still be linked to the
+ * queue or the OUT urb may still be active.
+ * Just leaking at least prevents an Oops or Panic.
+ */
+ break;
+ }
+}
+
+/*
+ * ezusb_req_queue_run:
+ * Description:
+ * Note: Only one active CTX at any one time, because there's no
+ * other (reliable) way to match the response URB to the correct
+ * CTX.
+ */
+static void ezusb_req_queue_run(struct ezusb_priv *upriv)
+{
+ unsigned long flags;
+ struct request_context *ctx;
+ int result;
+
+ spin_lock_irqsave(&upriv->req_lock, flags);
+
+ if (!list_empty(&upriv->req_active))
+ goto unlock;
+
+ if (list_empty(&upriv->req_pending))
+ goto unlock;
+
+ ctx =
+ list_entry(upriv->req_pending.next, struct request_context,
+ list);
+
+ if (!ctx->upriv->udev)
+ goto unlock;
+
+ /* We need to split this off to avoid a race condition */
+ list_move_tail(&ctx->list, &upriv->req_active);
+
+ if (ctx->state == EZUSB_CTX_QUEUED) {
+ refcount_inc(&ctx->refcount);
+ result = usb_submit_urb(ctx->outurb, GFP_ATOMIC);
+ if (result) {
+ ctx->state = EZUSB_CTX_REQSUBMIT_FAIL;
+
+ spin_unlock_irqrestore(&upriv->req_lock, flags);
+
+ err("Fatal, failed to submit command urb."
+ " error=%d\n", result);
+
+ ezusb_ctx_complete(ctx);
+ ezusb_request_context_put(ctx);
+ goto done;
+ }
+
+ ctx->state = EZUSB_CTX_REQ_SUBMITTED;
+ ezusb_mod_timer(ctx->upriv, &ctx->timer,
+ jiffies + DEF_TIMEOUT);
+ }
+
+ unlock:
+ spin_unlock_irqrestore(&upriv->req_lock, flags);
+
+ done:
+ return;
+}
+
+static void ezusb_req_enqueue_run(struct ezusb_priv *upriv,
+ struct request_context *ctx)
+{
+ unsigned long flags;
+
+ spin_lock_irqsave(&upriv->req_lock, flags);
+
+ if (!ctx->upriv->udev) {
+ spin_unlock_irqrestore(&upriv->req_lock, flags);
+ goto done;
+ }
+ refcount_inc(&ctx->refcount);
+ list_add_tail(&ctx->list, &upriv->req_pending);
+ spin_unlock_irqrestore(&upriv->req_lock, flags);
+
+ ctx->state = EZUSB_CTX_QUEUED;
+ ezusb_req_queue_run(upriv);
+
+ done:
+ return;
+}
+
+static void ezusb_request_out_callback(struct urb *urb)
+{
+ unsigned long flags;
+ enum ezusb_state state;
+ struct request_context *ctx = urb->context;
+ struct ezusb_priv *upriv = ctx->upriv;
+
+ spin_lock_irqsave(&upriv->req_lock, flags);
+
+ del_timer(&ctx->timer);
+
+ if (ctx->killed) {
+ spin_unlock_irqrestore(&upriv->req_lock, flags);
+ pr_warn("interrupt called with dead ctx\n");
+ goto out;
+ }
+
+ state = ctx->state;
+
+ if (urb->status == 0) {
+ switch (state) {
+ case EZUSB_CTX_REQ_SUBMITTED:
+ if (ctx->in_rid) {
+ ctx->state = EZUSB_CTX_REQ_COMPLETE;
+ /* reply URB still pending */
+ ezusb_mod_timer(upriv, &ctx->timer,
+ jiffies + DEF_TIMEOUT);
+ spin_unlock_irqrestore(&upriv->req_lock,
+ flags);
+ break;
+ }
+ fallthrough;
+ case EZUSB_CTX_RESP_RECEIVED:
+ /* IN already received before this OUT-ACK */
+ ctx->state = EZUSB_CTX_COMPLETE;
+ spin_unlock_irqrestore(&upriv->req_lock, flags);
+ ezusb_ctx_complete(ctx);
+ break;
+
+ default:
+ spin_unlock_irqrestore(&upriv->req_lock, flags);
+ err("Unexpected state(0x%x, %d) in OUT URB",
+ state, urb->status);
+ break;
+ }
+ } else {
+ /* If someone cancels the OUT URB then its status
+ * should be either -ECONNRESET or -ENOENT.
+ */
+ switch (state) {
+ case EZUSB_CTX_REQ_SUBMITTED:
+ case EZUSB_CTX_RESP_RECEIVED:
+ ctx->state = EZUSB_CTX_REQ_FAILED;
+ fallthrough;
+
+ case EZUSB_CTX_REQ_FAILED:
+ case EZUSB_CTX_REQ_TIMEOUT:
+ spin_unlock_irqrestore(&upriv->req_lock, flags);
+
+ ezusb_ctx_complete(ctx);
+ break;
+
+ default:
+ spin_unlock_irqrestore(&upriv->req_lock, flags);
+
+ err("Unexpected state(0x%x, %d) in OUT URB",
+ state, urb->status);
+ break;
+ }
+ }
+ out:
+ ezusb_request_context_put(ctx);
+}
+
+static void ezusb_request_in_callback(struct ezusb_priv *upriv,
+ struct urb *urb)
+{
+ struct ezusb_packet *ans = urb->transfer_buffer;
+ struct request_context *ctx = NULL;
+ enum ezusb_state state;
+ unsigned long flags;
+
+ /* Find the CTX on the active queue that requested this URB */
+ spin_lock_irqsave(&upriv->req_lock, flags);
+ if (upriv->udev) {
+ struct list_head *item;
+
+ list_for_each(item, &upriv->req_active) {
+ struct request_context *c;
+ int reply_count;
+
+ c = list_entry(item, struct request_context, list);
+ reply_count =
+ ezusb_reply_inc(c->buf->req_reply_count);
+ if ((ans->ans_reply_count == reply_count)
+ && (le16_to_cpu(ans->hermes_rid) == c->in_rid)) {
+ ctx = c;
+ break;
+ }
+ netdev_dbg(upriv->dev, "Skipped (0x%x/0x%x) (%d/%d)\n",
+ le16_to_cpu(ans->hermes_rid), c->in_rid,
+ ans->ans_reply_count, reply_count);
+ }
+ }
+
+ if (ctx == NULL) {
+ spin_unlock_irqrestore(&upriv->req_lock, flags);
+ err("%s: got unexpected RID: 0x%04X", __func__,
+ le16_to_cpu(ans->hermes_rid));
+ ezusb_req_queue_run(upriv);
+ return;
+ }
+
+ /* The data we want is in the in buffer, exchange */
+ urb->transfer_buffer = ctx->buf;
+ ctx->buf = (void *) ans;
+ ctx->buf_length = urb->actual_length;
+
+ state = ctx->state;
+ switch (state) {
+ case EZUSB_CTX_REQ_SUBMITTED:
+ /* We have received our response URB before
+ * our request has been acknowledged. Do NOT
+ * destroy our CTX yet, because our OUT URB
+ * is still alive ...
+ */
+ ctx->state = EZUSB_CTX_RESP_RECEIVED;
+ spin_unlock_irqrestore(&upriv->req_lock, flags);
+
+ /* Let the machine continue running. */
+ break;
+
+ case EZUSB_CTX_REQ_COMPLETE:
+ /* This is the usual path: our request
+ * has already been acknowledged, and
+ * we have now received the reply.
+ */
+ ctx->state = EZUSB_CTX_COMPLETE;
+
+ /* Stop the intimer */
+ del_timer(&ctx->timer);
+ spin_unlock_irqrestore(&upriv->req_lock, flags);
+
+ /* Call the completion handler */
+ ezusb_ctx_complete(ctx);
+ break;
+
+ default:
+ spin_unlock_irqrestore(&upriv->req_lock, flags);
+
+ pr_warn("Matched IN URB, unexpected context state(0x%x)\n",
+ state);
+ /* Throw this CTX away and try submitting another */
+ del_timer(&ctx->timer);
+ ctx->outurb->transfer_flags |= URB_ASYNC_UNLINK;
+ usb_unlink_urb(ctx->outurb);
+ ezusb_req_queue_run(upriv);
+ break;
+ } /* switch */
+}
+
+typedef void (*ezusb_ctx_wait)(struct ezusb_priv *, struct request_context *);
+
+static void ezusb_req_ctx_wait_compl(struct ezusb_priv *upriv,
+ struct request_context *ctx)
+{
+ switch (ctx->state) {
+ case EZUSB_CTX_QUEUED:
+ case EZUSB_CTX_REQ_SUBMITTED:
+ case EZUSB_CTX_REQ_COMPLETE:
+ case EZUSB_CTX_RESP_RECEIVED:
+ wait_for_completion(&ctx->done);
+ break;
+ default:
+ /* Done or failed - nothing to wait for */
+ break;
+ }
+}
+
+static void ezusb_req_ctx_wait_poll(struct ezusb_priv *upriv,
+ struct request_context *ctx)
+{
+ int msecs;
+
+ switch (ctx->state) {
+ case EZUSB_CTX_QUEUED:
+ case EZUSB_CTX_REQ_SUBMITTED:
+ case EZUSB_CTX_REQ_COMPLETE:
+ case EZUSB_CTX_RESP_RECEIVED:
+ /* If we get called from a timer or with our lock acquired, then
+ * we can't wait for the completion and have to poll. This won't
+ * happen if the USB controller completes the URB requests in
+ * BH.
+ */
+ msecs = DEF_TIMEOUT * (1000 / HZ);
+
+ while (!try_wait_for_completion(&ctx->done) && msecs--)
+ udelay(1000);
+ break;
+ default:
+ /* Done or failed - nothing to wait for */
+ break;
+ }
+}
+
+static void ezusb_req_ctx_wait_skip(struct ezusb_priv *upriv,
+ struct request_context *ctx)
+{
+ WARN(1, "Shouldn't be invoked for in_rid\n");
+}
+
+static inline u16 build_crc(struct ezusb_packet *data)
+{
+ u16 crc = 0;
+ u8 *bytes = (u8 *)data;
+ int i;
+
+ for (i = 0; i < 8; i++)
+ crc = (crc << 1) + bytes[i];
+
+ return crc;
+}
+
+/*
+ * ezusb_fill_req:
+ *
+ * if data == NULL and length > 0 the data is assumed to be already in
+ * the target buffer and only the header is filled.
+ *
+ */
+static int ezusb_fill_req(struct ezusb_packet *req, u16 length, u16 rid,
+ const void *data, u16 frame_type, u8 reply_count)
+{
+ int total_size = sizeof(*req) + length;
+
+ BUG_ON(total_size > BULK_BUF_SIZE);
+
+ req->magic = cpu_to_le16(EZUSB_MAGIC);
+ req->req_reply_count = reply_count;
+ req->ans_reply_count = 0;
+ req->frame_type = cpu_to_le16(frame_type);
+ req->size = cpu_to_le16(length + 4);
+ req->crc = cpu_to_le16(build_crc(req));
+ req->hermes_len = cpu_to_le16(HERMES_BYTES_TO_RECLEN(length));
+ req->hermes_rid = cpu_to_le16(rid);
+ if (data)
+ memcpy(req->data, data, length);
+ return total_size;
+}
+
+static int ezusb_submit_in_urb(struct ezusb_priv *upriv)
+{
+ int retval = 0;
+ void *cur_buf = upriv->read_urb->transfer_buffer;
+
+ if (upriv->read_urb->status == -EINPROGRESS) {
+ netdev_dbg(upriv->dev, "urb busy, not resubmiting\n");
+ retval = -EBUSY;
+ goto exit;
+ }
+ usb_fill_bulk_urb(upriv->read_urb, upriv->udev, upriv->read_pipe,
+ cur_buf, BULK_BUF_SIZE,
+ ezusb_bulk_in_callback, upriv);
+ upriv->read_urb->transfer_flags = 0;
+ retval = usb_submit_urb(upriv->read_urb, GFP_ATOMIC);
+ if (retval)
+ err("%s submit failed %d", __func__, retval);
+
+ exit:
+ return retval;
+}
+
+static inline int ezusb_8051_cpucs(struct ezusb_priv *upriv, int reset)
+{
+ int ret;
+ u8 *res_val = NULL;
+
+ if (!upriv->udev) {
+ err("%s: !upriv->udev", __func__);
+ return -EFAULT;
+ }
+
+ res_val = kmalloc(sizeof(*res_val), GFP_KERNEL);
+
+ if (!res_val)
+ return -ENOMEM;
+
+ *res_val = reset; /* avoid argument promotion */
+
+ ret = usb_control_msg(upriv->udev,
+ usb_sndctrlpipe(upriv->udev, 0),
+ EZUSB_REQUEST_FW_TRANS,
+ USB_TYPE_VENDOR | USB_RECIP_DEVICE |
+ USB_DIR_OUT, EZUSB_CPUCS_REG, 0, res_val,
+ sizeof(*res_val), DEF_TIMEOUT);
+
+ kfree(res_val);
+
+ return ret;
+}
+
+static int ezusb_firmware_download(struct ezusb_priv *upriv,
+ struct ez_usb_fw *fw)
+{
+ u8 *fw_buffer;
+ int retval, addr;
+ int variant_offset;
+
+ fw_buffer = kmalloc(FW_BUF_SIZE, GFP_KERNEL);
+ if (!fw_buffer) {
+ printk(KERN_ERR PFX "Out of memory for firmware buffer.\n");
+ return -ENOMEM;
+ }
+ /*
+ * This byte is 1 and should be replaced with 0. The offset is
+ * 0x10AD in version 0.0.6. The byte in question should follow
+ * the end of the code pointed to by the jump in the beginning
+ * of the firmware. Also, it is read by code located at 0x358.
+ */
+ variant_offset = be16_to_cpup((__be16 *) &fw->code[FW_VAR_OFFSET_PTR]);
+ if (variant_offset >= fw->size) {
+ printk(KERN_ERR PFX "Invalid firmware variant offset: "
+ "0x%04x\n", variant_offset);
+ retval = -EINVAL;
+ goto fail;
+ }
+
+ retval = ezusb_8051_cpucs(upriv, 1);
+ if (retval < 0)
+ goto fail;
+ for (addr = 0; addr < fw->size; addr += FW_BUF_SIZE) {
+ /* 0x100-0x300 should be left alone, it contains card
+ * specific data, like USB enumeration information */
+ if ((addr >= FW_HOLE_START) && (addr < FW_HOLE_END))
+ continue;
+
+ memcpy(fw_buffer, &fw->code[addr], FW_BUF_SIZE);
+ if (variant_offset >= addr &&
+ variant_offset < addr + FW_BUF_SIZE) {
+ netdev_dbg(upriv->dev,
+ "Patching card_variant byte at 0x%04X\n",
+ variant_offset);
+ fw_buffer[variant_offset - addr] = FW_VAR_VALUE;
+ }
+ retval = usb_control_msg(upriv->udev,
+ usb_sndctrlpipe(upriv->udev, 0),
+ EZUSB_REQUEST_FW_TRANS,
+ USB_TYPE_VENDOR | USB_RECIP_DEVICE
+ | USB_DIR_OUT,
+ addr, 0x0,
+ fw_buffer, FW_BUF_SIZE,
+ DEF_TIMEOUT);
+
+ if (retval < 0)
+ goto fail;
+ }
+ retval = ezusb_8051_cpucs(upriv, 0);
+ if (retval < 0)
+ goto fail;
+
+ goto exit;
+ fail:
+ printk(KERN_ERR PFX "Firmware download failed, error %d\n",
+ retval);
+ exit:
+ kfree(fw_buffer);
+ return retval;
+}
+
+static int ezusb_access_ltv(struct ezusb_priv *upriv,
+ struct request_context *ctx,
+ u16 length, const void *data, u16 frame_type,
+ void *ans_buff, unsigned ans_size, u16 *ans_length,
+ ezusb_ctx_wait ezusb_ctx_wait_func)
+{
+ int req_size;
+ int retval = 0;
+ enum ezusb_state state;
+
+ if (!upriv->udev) {
+ retval = -ENODEV;
+ goto exit;
+ }
+
+ if (upriv->read_urb->status != -EINPROGRESS)
+ err("%s: in urb not pending", __func__);
+
+ /* protect upriv->reply_count, guarantee sequential numbers */
+ spin_lock_bh(&upriv->reply_count_lock);
+ req_size = ezusb_fill_req(ctx->buf, length, ctx->out_rid, data,
+ frame_type, upriv->reply_count);
+ usb_fill_bulk_urb(ctx->outurb, upriv->udev, upriv->write_pipe,
+ ctx->buf, req_size,
+ ezusb_request_out_callback, ctx);
+
+ if (ctx->in_rid)
+ upriv->reply_count = ezusb_reply_inc(upriv->reply_count);
+
+ ezusb_req_enqueue_run(upriv, ctx);
+
+ spin_unlock_bh(&upriv->reply_count_lock);
+
+ if (ctx->in_rid)
+ ezusb_ctx_wait_func(upriv, ctx);
+
+ state = ctx->state;
+ switch (state) {
+ case EZUSB_CTX_COMPLETE:
+ retval = ctx->outurb->status;
+ break;
+
+ case EZUSB_CTX_QUEUED:
+ case EZUSB_CTX_REQ_SUBMITTED:
+ if (!ctx->in_rid)
+ break;
+ fallthrough;
+ default:
+ err("%s: Unexpected context state %d", __func__,
+ state);
+ fallthrough;
+ case EZUSB_CTX_REQ_TIMEOUT:
+ case EZUSB_CTX_REQ_FAILED:
+ case EZUSB_CTX_RESP_TIMEOUT:
+ case EZUSB_CTX_REQSUBMIT_FAIL:
+ printk(KERN_ERR PFX "Access failed, resetting (state %d,"
+ " reply_count %d)\n", state, upriv->reply_count);
+ upriv->reply_count = 0;
+ if (state == EZUSB_CTX_REQ_TIMEOUT
+ || state == EZUSB_CTX_RESP_TIMEOUT) {
+ printk(KERN_ERR PFX "ctx timed out\n");
+ retval = -ETIMEDOUT;
+ } else {
+ printk(KERN_ERR PFX "ctx failed\n");
+ retval = -EFAULT;
+ }
+ goto exit;
+ }
+ if (ctx->in_rid) {
+ struct ezusb_packet *ans = ctx->buf;
+ unsigned exp_len;
+
+ if (ans->hermes_len != 0)
+ exp_len = le16_to_cpu(ans->hermes_len) * 2 + 12;
+ else
+ exp_len = 14;
+
+ if (exp_len != ctx->buf_length) {
+ err("%s: length mismatch for RID 0x%04x: "
+ "expected %d, got %d", __func__,
+ ctx->in_rid, exp_len, ctx->buf_length);
+ retval = -EIO;
+ goto exit;
+ }
+
+ if (ans_buff)
+ memcpy(ans_buff, ans->data, min(exp_len, ans_size));
+ if (ans_length)
+ *ans_length = le16_to_cpu(ans->hermes_len);
+ }
+ exit:
+ ezusb_request_context_put(ctx);
+ return retval;
+}
+
+static int __ezusb_write_ltv(struct hermes *hw, int bap, u16 rid,
+ u16 length, const void *data,
+ ezusb_ctx_wait ezusb_ctx_wait_func)
+{
+ struct ezusb_priv *upriv = hw->priv;
+ u16 frame_type;
+ struct request_context *ctx;
+
+ if (length == 0)
+ return -EINVAL;
+
+ length = HERMES_RECLEN_TO_BYTES(length);
+
+ /* On memory mapped devices HERMES_RID_CNFGROUPADDRESSES can be
+ * set to be empty, but the USB bridge doesn't like it */
+ if (length == 0)
+ return 0;
+
+ ctx = ezusb_alloc_ctx(upriv, rid, EZUSB_RID_ACK);
+ if (!ctx)
+ return -ENOMEM;
+
+ if (rid == EZUSB_RID_TX)
+ frame_type = EZUSB_FRAME_DATA;
+ else
+ frame_type = EZUSB_FRAME_CONTROL;
+
+ return ezusb_access_ltv(upriv, ctx, length, data, frame_type,
+ NULL, 0, NULL, ezusb_ctx_wait_func);
+}
+
+static int ezusb_write_ltv(struct hermes *hw, int bap, u16 rid,
+ u16 length, const void *data)
+{
+ return __ezusb_write_ltv(hw, bap, rid, length, data,
+ ezusb_req_ctx_wait_poll);
+}
+
+static int __ezusb_read_ltv(struct hermes *hw, int bap, u16 rid,
+ unsigned bufsize, u16 *length, void *buf,
+ ezusb_ctx_wait ezusb_ctx_wait_func)
+
+{
+ struct ezusb_priv *upriv = hw->priv;
+ struct request_context *ctx;
+
+ if (bufsize % 2)
+ return -EINVAL;
+
+ ctx = ezusb_alloc_ctx(upriv, rid, rid);
+ if (!ctx)
+ return -ENOMEM;
+
+ return ezusb_access_ltv(upriv, ctx, 0, NULL, EZUSB_FRAME_CONTROL,
+ buf, bufsize, length, ezusb_req_ctx_wait_poll);
+}
+
+static int ezusb_read_ltv(struct hermes *hw, int bap, u16 rid,
+ unsigned bufsize, u16 *length, void *buf)
+{
+ return __ezusb_read_ltv(hw, bap, rid, bufsize, length, buf,
+ ezusb_req_ctx_wait_poll);
+}
+
+static int ezusb_read_ltv_preempt(struct hermes *hw, int bap, u16 rid,
+ unsigned bufsize, u16 *length, void *buf)
+{
+ return __ezusb_read_ltv(hw, bap, rid, bufsize, length, buf,
+ ezusb_req_ctx_wait_compl);
+}
+
+static int ezusb_doicmd_wait(struct hermes *hw, u16 cmd, u16 parm0, u16 parm1,
+ u16 parm2, struct hermes_response *resp)
+{
+ WARN_ON_ONCE(1);
+ return -EINVAL;
+}
+
+static int __ezusb_docmd_wait(struct hermes *hw, u16 cmd, u16 parm0,
+ struct hermes_response *resp,
+ ezusb_ctx_wait ezusb_ctx_wait_func)
+{
+ struct ezusb_priv *upriv = hw->priv;
+ struct request_context *ctx;
+
+ __le16 data[4] = {
+ cpu_to_le16(cmd),
+ cpu_to_le16(parm0),
+ 0,
+ 0,
+ };
+ netdev_dbg(upriv->dev, "0x%04X, parm0 0x%04X\n", cmd, parm0);
+ ctx = ezusb_alloc_ctx(upriv, EZUSB_RID_DOCMD, EZUSB_RID_ACK);
+ if (!ctx)
+ return -ENOMEM;
+
+ return ezusb_access_ltv(upriv, ctx, sizeof(data), &data,
+ EZUSB_FRAME_CONTROL, NULL, 0, NULL,
+ ezusb_ctx_wait_func);
+}
+
+static int ezusb_docmd_wait(struct hermes *hw, u16 cmd, u16 parm0,
+ struct hermes_response *resp)
+{
+ return __ezusb_docmd_wait(hw, cmd, parm0, resp, ezusb_req_ctx_wait_poll);
+}
+
+static int ezusb_bap_pread(struct hermes *hw, int bap,
+ void *buf, int len, u16 id, u16 offset)
+{
+ struct ezusb_priv *upriv = hw->priv;
+ struct ezusb_packet *ans = (void *) upriv->read_urb->transfer_buffer;
+ int actual_length = upriv->read_urb->actual_length;
+
+ if (id == EZUSB_RID_RX) {
+ if ((sizeof(*ans) + offset + len) > actual_length) {
+ printk(KERN_ERR PFX "BAP read beyond buffer end "
+ "in rx frame\n");
+ return -EINVAL;
+ }
+ memcpy(buf, ans->data + offset, len);
+ return 0;
+ }
+
+ if (EZUSB_IS_INFO(id)) {
+ /* Include 4 bytes for length/type */
+ if ((sizeof(*ans) + offset + len - 4) > actual_length) {
+ printk(KERN_ERR PFX "BAP read beyond buffer end "
+ "in info frame\n");
+ return -EFAULT;
+ }
+ memcpy(buf, ans->data + offset - 4, len);
+ } else {
+ printk(KERN_ERR PFX "Unexpected fid 0x%04x\n", id);
+ return -EINVAL;
+ }
+
+ return 0;
+}
+
+static int ezusb_read_pda(struct hermes *hw, __le16 *pda,
+ u32 pda_addr, u16 pda_len)
+{
+ struct ezusb_priv *upriv = hw->priv;
+ struct request_context *ctx;
+ __le16 data[] = {
+ cpu_to_le16(pda_addr & 0xffff),
+ cpu_to_le16(pda_len - 4)
+ };
+ ctx = ezusb_alloc_ctx(upriv, EZUSB_RID_READ_PDA, EZUSB_RID_READ_PDA);
+ if (!ctx)
+ return -ENOMEM;
+
+ /* wl_lkm does not include PDA size in the PDA area.
+ * We will pad the information into pda, so other routines
+ * don't have to be modified */
+ pda[0] = cpu_to_le16(pda_len - 2);
+ /* Includes CFG_PROD_DATA but not itself */
+ pda[1] = cpu_to_le16(0x0800); /* CFG_PROD_DATA */
+
+ return ezusb_access_ltv(upriv, ctx, sizeof(data), &data,
+ EZUSB_FRAME_CONTROL, &pda[2], pda_len - 4,
+ NULL, ezusb_req_ctx_wait_compl);
+}
+
+static int ezusb_program_init(struct hermes *hw, u32 entry_point)
+{
+ struct ezusb_priv *upriv = hw->priv;
+ struct request_context *ctx;
+ __le32 data = cpu_to_le32(entry_point);
+
+ ctx = ezusb_alloc_ctx(upriv, EZUSB_RID_PROG_INIT, EZUSB_RID_ACK);
+ if (!ctx)
+ return -ENOMEM;
+
+ return ezusb_access_ltv(upriv, ctx, sizeof(data), &data,
+ EZUSB_FRAME_CONTROL, NULL, 0, NULL,
+ ezusb_req_ctx_wait_compl);
+}
+
+static int ezusb_program_end(struct hermes *hw)
+{
+ struct ezusb_priv *upriv = hw->priv;
+ struct request_context *ctx;
+
+ ctx = ezusb_alloc_ctx(upriv, EZUSB_RID_PROG_END, EZUSB_RID_ACK);
+ if (!ctx)
+ return -ENOMEM;
+
+ return ezusb_access_ltv(upriv, ctx, 0, NULL,
+ EZUSB_FRAME_CONTROL, NULL, 0, NULL,
+ ezusb_req_ctx_wait_compl);
+}
+
+static int ezusb_program_bytes(struct hermes *hw, const char *buf,
+ u32 addr, u32 len)
+{
+ struct ezusb_priv *upriv = hw->priv;
+ struct request_context *ctx;
+ __le32 data = cpu_to_le32(addr);
+ int err;
+
+ ctx = ezusb_alloc_ctx(upriv, EZUSB_RID_PROG_SET_ADDR, EZUSB_RID_ACK);
+ if (!ctx)
+ return -ENOMEM;
+
+ err = ezusb_access_ltv(upriv, ctx, sizeof(data), &data,
+ EZUSB_FRAME_CONTROL, NULL, 0, NULL,
+ ezusb_req_ctx_wait_compl);
+ if (err)
+ return err;
+
+ ctx = ezusb_alloc_ctx(upriv, EZUSB_RID_PROG_BYTES, EZUSB_RID_ACK);
+ if (!ctx)
+ return -ENOMEM;
+
+ return ezusb_access_ltv(upriv, ctx, len, buf,
+ EZUSB_FRAME_CONTROL, NULL, 0, NULL,
+ ezusb_req_ctx_wait_compl);
+}
+
+static int ezusb_program(struct hermes *hw, const char *buf,
+ u32 addr, u32 len)
+{
+ u32 ch_addr;
+ u32 ch_len;
+ int err = 0;
+
+ /* We can only send 2048 bytes out of the bulk xmit at a time,
+ * so we have to split any programming into chunks of <2048
+ * bytes. */
+
+ ch_len = (len < MAX_DL_SIZE) ? len : MAX_DL_SIZE;
+ ch_addr = addr;
+
+ while (ch_addr < (addr + len)) {
+ pr_debug("Programming subblock of length %d "
+ "to address 0x%08x. Data @ %p\n",
+ ch_len, ch_addr, &buf[ch_addr - addr]);
+
+ err = ezusb_program_bytes(hw, &buf[ch_addr - addr],
+ ch_addr, ch_len);
+ if (err)
+ break;
+
+ ch_addr += ch_len;
+ ch_len = ((addr + len - ch_addr) < MAX_DL_SIZE) ?
+ (addr + len - ch_addr) : MAX_DL_SIZE;
+ }
+
+ return err;
+}
+
+static netdev_tx_t ezusb_xmit(struct sk_buff *skb, struct net_device *dev)
+{
+ struct orinoco_private *priv = ndev_priv(dev);
+ struct net_device_stats *stats = &dev->stats;
+ struct ezusb_priv *upriv = priv->card;
+ u8 mic[MICHAEL_MIC_LEN + 1];
+ int err = 0;
+ int tx_control;
+ unsigned long flags;
+ struct request_context *ctx;
+ u8 *buf;
+ int tx_size;
+
+ if (!netif_running(dev)) {
+ printk(KERN_ERR "%s: Tx on stopped device!\n",
+ dev->name);
+ return NETDEV_TX_BUSY;
+ }
+
+ if (netif_queue_stopped(dev)) {
+ printk(KERN_DEBUG "%s: Tx while transmitter busy!\n",
+ dev->name);
+ return NETDEV_TX_BUSY;
+ }
+
+ if (orinoco_lock(priv, &flags) != 0) {
+ printk(KERN_ERR
+ "%s: ezusb_xmit() called while hw_unavailable\n",
+ dev->name);
+ return NETDEV_TX_BUSY;
+ }
+
+ if (!netif_carrier_ok(dev) ||
+ (priv->iw_mode == NL80211_IFTYPE_MONITOR)) {
+ /* Oops, the firmware hasn't established a connection,
+ silently drop the packet (this seems to be the
+ safest approach). */
+ goto drop;
+ }
+
+ /* Check packet length */
+ if (skb->len < ETH_HLEN)
+ goto drop;
+
+ tx_control = 0;
+
+ err = orinoco_process_xmit_skb(skb, dev, priv, &tx_control,
+ &mic[0]);
+ if (err)
+ goto drop;
+
+ ctx = ezusb_alloc_ctx(upriv, EZUSB_RID_TX, 0);
+ if (!ctx)
+ goto drop;
+
+ memset(ctx->buf, 0, BULK_BUF_SIZE);
+ buf = ctx->buf->data;
+
+ {
+ __le16 *tx_cntl = (__le16 *)buf;
+ *tx_cntl = cpu_to_le16(tx_control);
+ buf += sizeof(*tx_cntl);
+ }
+
+ memcpy(buf, skb->data, skb->len);
+ buf += skb->len;
+
+ if (tx_control & HERMES_TXCTRL_MIC) {
+ u8 *m = mic;
+ /* Mic has been offset so it can be copied to an even
+ * address. We're copying eveything anyway, so we
+ * don't need to copy that first byte. */
+ if (skb->len % 2)
+ m++;
+ memcpy(buf, m, MICHAEL_MIC_LEN);
+ buf += MICHAEL_MIC_LEN;
+ }
+
+ /* Finally, we actually initiate the send */
+ netif_stop_queue(dev);
+
+ /* The card may behave better if we send evenly sized usb transfers */
+ tx_size = ALIGN(buf - ctx->buf->data, 2);
+
+ err = ezusb_access_ltv(upriv, ctx, tx_size, NULL,
+ EZUSB_FRAME_DATA, NULL, 0, NULL,
+ ezusb_req_ctx_wait_skip);
+
+ if (err) {
+ netif_start_queue(dev);
+ if (net_ratelimit())
+ printk(KERN_ERR "%s: Error %d transmitting packet\n",
+ dev->name, err);
+ goto busy;
+ }
+
+ netif_trans_update(dev);
+ stats->tx_bytes += skb->len;
+ goto ok;
+
+ drop:
+ stats->tx_errors++;
+ stats->tx_dropped++;
+
+ ok:
+ orinoco_unlock(priv, &flags);
+ dev_kfree_skb(skb);
+ return NETDEV_TX_OK;
+
+ busy:
+ orinoco_unlock(priv, &flags);
+ return NETDEV_TX_BUSY;
+}
+
+static int ezusb_allocate(struct hermes *hw, u16 size, u16 *fid)
+{
+ *fid = EZUSB_RID_TX;
+ return 0;
+}
+
+
+static int ezusb_hard_reset(struct orinoco_private *priv)
+{
+ struct ezusb_priv *upriv = priv->card;
+ int retval = ezusb_8051_cpucs(upriv, 1);
+
+ if (retval < 0) {
+ err("Failed to reset");
+ return retval;
+ }
+
+ retval = ezusb_8051_cpucs(upriv, 0);
+ if (retval < 0) {
+ err("Failed to unreset");
+ return retval;
+ }
+
+ netdev_dbg(upriv->dev, "sending control message\n");
+ retval = usb_control_msg(upriv->udev,
+ usb_sndctrlpipe(upriv->udev, 0),
+ EZUSB_REQUEST_TRIGGER,
+ USB_TYPE_VENDOR | USB_RECIP_DEVICE |
+ USB_DIR_OUT, 0x0, 0x0, NULL, 0,
+ DEF_TIMEOUT);
+ if (retval < 0) {
+ err("EZUSB_REQUEST_TRIGGER failed retval %d", retval);
+ return retval;
+ }
+#if 0
+ dbg("Sending EZUSB_REQUEST_TRIG_AC");
+ retval = usb_control_msg(upriv->udev,
+ usb_sndctrlpipe(upriv->udev, 0),
+ EZUSB_REQUEST_TRIG_AC,
+ USB_TYPE_VENDOR | USB_RECIP_DEVICE |
+ USB_DIR_OUT, 0x00FA, 0x0, NULL, 0,
+ DEF_TIMEOUT);
+ if (retval < 0) {
+ err("EZUSB_REQUEST_TRIG_AC failed retval %d", retval);
+ return retval;
+ }
+#endif
+
+ return 0;
+}
+
+
+static int ezusb_init(struct hermes *hw)
+{
+ struct ezusb_priv *upriv = hw->priv;
+ int retval;
+
+ if (!upriv)
+ return -EINVAL;
+
+ upriv->reply_count = 0;
+ /* Write the MAGIC number on the simulated registers to keep
+ * orinoco.c happy */
+ hermes_write_regn(hw, SWSUPPORT0, HERMES_MAGIC);
+ hermes_write_regn(hw, RXFID, EZUSB_RID_RX);
+
+ usb_kill_urb(upriv->read_urb);
+ ezusb_submit_in_urb(upriv);
+
+ retval = __ezusb_write_ltv(hw, 0, EZUSB_RID_INIT1,
+ HERMES_BYTES_TO_RECLEN(2), "\x10\x00",
+ ezusb_req_ctx_wait_compl);
+ if (retval < 0) {
+ printk(KERN_ERR PFX "EZUSB_RID_INIT1 error %d\n", retval);
+ return retval;
+ }
+
+ retval = __ezusb_docmd_wait(hw, HERMES_CMD_INIT, 0, NULL,
+ ezusb_req_ctx_wait_compl);
+ if (retval < 0) {
+ printk(KERN_ERR PFX "HERMES_CMD_INIT error %d\n", retval);
+ return retval;
+ }
+
+ return 0;
+}
+
+static void ezusb_bulk_in_callback(struct urb *urb)
+{
+ struct ezusb_priv *upriv = (struct ezusb_priv *) urb->context;
+ struct ezusb_packet *ans = urb->transfer_buffer;
+ u16 crc;
+ u16 hermes_rid;
+
+ if (upriv->udev == NULL)
+ return;
+
+ if (urb->status == -ETIMEDOUT) {
+ /* When a device gets unplugged we get this every time
+ * we resubmit, flooding the logs. Since we don't use
+ * USB timeouts, it shouldn't happen any other time*/
+ pr_warn("%s: urb timed out, not resubmitting\n", __func__);
+ return;
+ }
+ if (urb->status == -ECONNABORTED) {
+ pr_warn("%s: connection abort, resubmitting urb\n",
+ __func__);
+ goto resubmit;
+ }
+ if ((urb->status == -EILSEQ)
+ || (urb->status == -ENOENT)
+ || (urb->status == -ECONNRESET)) {
+ netdev_dbg(upriv->dev, "status %d, not resubmiting\n",
+ urb->status);
+ return;
+ }
+ if (urb->status)
+ netdev_dbg(upriv->dev, "status: %d length: %d\n",
+ urb->status, urb->actual_length);
+ if (urb->actual_length < sizeof(*ans)) {
+ err("%s: short read, ignoring", __func__);
+ goto resubmit;
+ }
+ crc = build_crc(ans);
+ if (le16_to_cpu(ans->crc) != crc) {
+ err("CRC error, ignoring packet");
+ goto resubmit;
+ }
+
+ hermes_rid = le16_to_cpu(ans->hermes_rid);
+ if ((hermes_rid != EZUSB_RID_RX) && !EZUSB_IS_INFO(hermes_rid)) {
+ ezusb_request_in_callback(upriv, urb);
+ } else if (upriv->dev) {
+ struct net_device *dev = upriv->dev;
+ struct orinoco_private *priv = ndev_priv(dev);
+ struct hermes *hw = &priv->hw;
+
+ if (hermes_rid == EZUSB_RID_RX) {
+ __orinoco_ev_rx(dev, hw);
+ } else {
+ hermes_write_regn(hw, INFOFID,
+ le16_to_cpu(ans->hermes_rid));
+ __orinoco_ev_info(dev, hw);
+ }
+ }
+
+ resubmit:
+ if (upriv->udev)
+ ezusb_submit_in_urb(upriv);
+}
+
+static inline void ezusb_delete(struct ezusb_priv *upriv)
+{
+ struct list_head *item;
+ struct list_head *tmp_item;
+ unsigned long flags;
+
+ BUG_ON(!upriv);
+
+ mutex_lock(&upriv->mtx);
+
+ upriv->udev = NULL; /* No timer will be rearmed from here */
+
+ usb_kill_urb(upriv->read_urb);
+
+ spin_lock_irqsave(&upriv->req_lock, flags);
+ list_for_each_safe(item, tmp_item, &upriv->req_active) {
+ struct request_context *ctx;
+ int err;
+
+ ctx = list_entry(item, struct request_context, list);
+ refcount_inc(&ctx->refcount);
+
+ ctx->outurb->transfer_flags |= URB_ASYNC_UNLINK;
+ err = usb_unlink_urb(ctx->outurb);
+
+ spin_unlock_irqrestore(&upriv->req_lock, flags);
+ if (err == -EINPROGRESS)
+ wait_for_completion(&ctx->done);
+
+ del_timer_sync(&ctx->timer);
+ /* FIXME: there is an slight chance for the irq handler to
+ * be running */
+ if (!list_empty(&ctx->list))
+ ezusb_ctx_complete(ctx);
+
+ ezusb_request_context_put(ctx);
+ spin_lock_irqsave(&upriv->req_lock, flags);
+ }
+ spin_unlock_irqrestore(&upriv->req_lock, flags);
+
+ list_for_each_safe(item, tmp_item, &upriv->req_pending)
+ ezusb_ctx_complete(list_entry(item,
+ struct request_context, list));
+
+ if (upriv->read_urb && upriv->read_urb->status == -EINPROGRESS)
+ printk(KERN_ERR PFX "Some URB in progress\n");
+
+ mutex_unlock(&upriv->mtx);
+
+ if (upriv->read_urb) {
+ kfree(upriv->read_urb->transfer_buffer);
+ usb_free_urb(upriv->read_urb);
+ }
+ kfree(upriv->bap_buf);
+ if (upriv->dev) {
+ struct orinoco_private *priv = ndev_priv(upriv->dev);
+ orinoco_if_del(priv);
+ wiphy_unregister(priv_to_wiphy(upriv));
+ free_orinocodev(priv);
+ }
+}
+
+static void ezusb_lock_irqsave(spinlock_t *lock,
+ unsigned long *flags) __acquires(lock)
+{
+ spin_lock_bh(lock);
+}
+
+static void ezusb_unlock_irqrestore(spinlock_t *lock,
+ unsigned long *flags) __releases(lock)
+{
+ spin_unlock_bh(lock);
+}
+
+static void ezusb_lock_irq(spinlock_t *lock) __acquires(lock)
+{
+ spin_lock_bh(lock);
+}
+
+static void ezusb_unlock_irq(spinlock_t *lock) __releases(lock)
+{
+ spin_unlock_bh(lock);
+}
+
+static const struct hermes_ops ezusb_ops = {
+ .init = ezusb_init,
+ .cmd_wait = ezusb_docmd_wait,
+ .init_cmd_wait = ezusb_doicmd_wait,
+ .allocate = ezusb_allocate,
+ .read_ltv = ezusb_read_ltv,
+ .read_ltv_pr = ezusb_read_ltv_preempt,
+ .write_ltv = ezusb_write_ltv,
+ .bap_pread = ezusb_bap_pread,
+ .read_pda = ezusb_read_pda,
+ .program_init = ezusb_program_init,
+ .program_end = ezusb_program_end,
+ .program = ezusb_program,
+ .lock_irqsave = ezusb_lock_irqsave,
+ .unlock_irqrestore = ezusb_unlock_irqrestore,
+ .lock_irq = ezusb_lock_irq,
+ .unlock_irq = ezusb_unlock_irq,
+};
+
+static const struct net_device_ops ezusb_netdev_ops = {
+ .ndo_open = orinoco_open,
+ .ndo_stop = orinoco_stop,
+ .ndo_start_xmit = ezusb_xmit,
+ .ndo_set_rx_mode = orinoco_set_multicast_list,
+ .ndo_change_mtu = orinoco_change_mtu,
+ .ndo_set_mac_address = eth_mac_addr,
+ .ndo_validate_addr = eth_validate_addr,
+ .ndo_tx_timeout = orinoco_tx_timeout,
+};
+
+static int ezusb_probe(struct usb_interface *interface,
+ const struct usb_device_id *id)
+{
+ struct usb_device *udev = interface_to_usbdev(interface);
+ struct orinoco_private *priv;
+ struct hermes *hw;
+ struct ezusb_priv *upriv = NULL;
+ struct usb_interface_descriptor *iface_desc;
+ struct usb_endpoint_descriptor *ep;
+ const struct firmware *fw_entry = NULL;
+ int retval = 0;
+ int i;
+
+ priv = alloc_orinocodev(sizeof(*upriv), &udev->dev,
+ ezusb_hard_reset, NULL);
+ if (!priv) {
+ err("Couldn't allocate orinocodev");
+ retval = -ENOMEM;
+ goto exit;
+ }
+
+ hw = &priv->hw;
+
+ upriv = priv->card;
+
+ mutex_init(&upriv->mtx);
+ spin_lock_init(&upriv->reply_count_lock);
+
+ spin_lock_init(&upriv->req_lock);
+ INIT_LIST_HEAD(&upriv->req_pending);
+ INIT_LIST_HEAD(&upriv->req_active);
+
+ upriv->udev = udev;
+
+ hw->iobase = (void __force __iomem *) &upriv->hermes_reg_fake;
+ hw->reg_spacing = HERMES_16BIT_REGSPACING;
+ hw->priv = upriv;
+ hw->ops = &ezusb_ops;
+
+ /* set up the endpoint information */
+ /* check out the endpoints */
+
+ iface_desc = &interface->cur_altsetting->desc;
+ for (i = 0; i < iface_desc->bNumEndpoints; ++i) {
+ ep = &interface->cur_altsetting->endpoint[i].desc;
+
+ if (usb_endpoint_is_bulk_in(ep)) {
+ /* we found a bulk in endpoint */
+ if (upriv->read_urb != NULL) {
+ pr_warn("Found a second bulk in ep, ignored\n");
+ continue;
+ }
+
+ upriv->read_urb = usb_alloc_urb(0, GFP_KERNEL);
+ if (!upriv->read_urb)
+ goto error;
+ if (le16_to_cpu(ep->wMaxPacketSize) != 64)
+ pr_warn("bulk in: wMaxPacketSize!= 64\n");
+ if (ep->bEndpointAddress != (2 | USB_DIR_IN))
+ pr_warn("bulk in: bEndpointAddress: %d\n",
+ ep->bEndpointAddress);
+ upriv->read_pipe = usb_rcvbulkpipe(udev,
+ ep->
+ bEndpointAddress);
+ upriv->read_urb->transfer_buffer =
+ kmalloc(BULK_BUF_SIZE, GFP_KERNEL);
+ if (!upriv->read_urb->transfer_buffer) {
+ err("Couldn't allocate IN buffer");
+ goto error;
+ }
+ }
+
+ if (usb_endpoint_is_bulk_out(ep)) {
+ /* we found a bulk out endpoint */
+ if (upriv->bap_buf != NULL) {
+ pr_warn("Found a second bulk out ep, ignored\n");
+ continue;
+ }
+
+ if (le16_to_cpu(ep->wMaxPacketSize) != 64)
+ pr_warn("bulk out: wMaxPacketSize != 64\n");
+ if (ep->bEndpointAddress != 2)
+ pr_warn("bulk out: bEndpointAddress: %d\n",
+ ep->bEndpointAddress);
+ upriv->write_pipe = usb_sndbulkpipe(udev,
+ ep->
+ bEndpointAddress);
+ upriv->bap_buf = kmalloc(BULK_BUF_SIZE, GFP_KERNEL);
+ if (!upriv->bap_buf) {
+ err("Couldn't allocate bulk_out_buffer");
+ goto error;
+ }
+ }
+ }
+ if (!upriv->bap_buf || !upriv->read_urb) {
+ err("Didn't find the required bulk endpoints");
+ goto error;
+ }
+
+ if (request_firmware(&fw_entry, "orinoco_ezusb_fw",
+ &interface->dev) == 0) {
+ firmware.size = fw_entry->size;
+ firmware.code = fw_entry->data;
+ }
+ if (firmware.size && firmware.code) {
+ if (ezusb_firmware_download(upriv, &firmware) < 0)
+ goto error;
+ } else {
+ err("No firmware to download");
+ goto error;
+ }
+
+ if (ezusb_hard_reset(priv) < 0) {
+ err("Cannot reset the device");
+ goto error;
+ }
+
+ /* If the firmware is already downloaded orinoco.c will call
+ * ezusb_init but if the firmware is not already there, that will make
+ * the kernel very unstable, so we try initializing here and quit in
+ * case of error */
+ if (ezusb_init(hw) < 0) {
+ err("Couldn't initialize the device");
+ err("Firmware may not be downloaded or may be wrong.");
+ goto error;
+ }
+
+ /* Initialise the main driver */
+ if (orinoco_init(priv) != 0) {
+ err("orinoco_init() failed\n");
+ goto error;
+ }
+
+ if (orinoco_if_add(priv, 0, 0, &ezusb_netdev_ops) != 0) {
+ upriv->dev = NULL;
+ err("%s: orinoco_if_add() failed", __func__);
+ wiphy_unregister(priv_to_wiphy(priv));
+ goto error;
+ }
+ upriv->dev = priv->ndev;
+
+ goto exit;
+
+ error:
+ ezusb_delete(upriv);
+ if (upriv->dev) {
+ /* upriv->dev was 0, so ezusb_delete() didn't free it */
+ free_orinocodev(priv);
+ }
+ upriv = NULL;
+ retval = -EFAULT;
+ exit:
+ if (fw_entry) {
+ firmware.code = NULL;
+ firmware.size = 0;
+ release_firmware(fw_entry);
+ }
+ usb_set_intfdata(interface, upriv);
+ return retval;
+}
+
+
+static void ezusb_disconnect(struct usb_interface *intf)
+{
+ struct ezusb_priv *upriv = usb_get_intfdata(intf);
+ usb_set_intfdata(intf, NULL);
+ ezusb_delete(upriv);
+ printk(KERN_INFO PFX "Disconnected\n");
+}
+
+
+/* usb specific object needed to register this driver with the usb subsystem */
+static struct usb_driver orinoco_driver = {
+ .name = DRIVER_NAME,
+ .probe = ezusb_probe,
+ .disconnect = ezusb_disconnect,
+ .id_table = ezusb_table,
+ .disable_hub_initiated_lpm = 1,
+};
+
+module_usb_driver(orinoco_driver);
+
+MODULE_AUTHOR("Manuel Estrada Sainz");
+MODULE_DESCRIPTION("Driver for Orinoco wireless LAN cards using EZUSB bridge");
+MODULE_LICENSE("Dual MPL/GPL");
diff --git a/drivers/net/wireless/intersil/orinoco/scan.c b/drivers/net/wireless/intersil/orinoco/scan.c
new file mode 100644
index 000000000..6d1d08485
--- /dev/null
+++ b/drivers/net/wireless/intersil/orinoco/scan.c
@@ -0,0 +1,259 @@
+/* Helpers for managing scan queues
+ *
+ * See copyright notice in main.c
+ */
+
+#include <linux/gfp.h>
+#include <linux/kernel.h>
+#include <linux/string.h>
+#include <linux/ieee80211.h>
+#include <net/cfg80211.h>
+
+#include "hermes.h"
+#include "orinoco.h"
+#include "main.h"
+
+#include "scan.h"
+
+#define ZERO_DBM_OFFSET 0x95
+#define MAX_SIGNAL_LEVEL 0x8A
+#define MIN_SIGNAL_LEVEL 0x2F
+
+#define SIGNAL_TO_DBM(x) \
+ (clamp_t(s32, (x), MIN_SIGNAL_LEVEL, MAX_SIGNAL_LEVEL) \
+ - ZERO_DBM_OFFSET)
+#define SIGNAL_TO_MBM(x) (SIGNAL_TO_DBM(x) * 100)
+
+static int symbol_build_supp_rates(u8 *buf, const __le16 *rates)
+{
+ int i;
+ u8 rate;
+
+ buf[0] = WLAN_EID_SUPP_RATES;
+ for (i = 0; i < 5; i++) {
+ rate = le16_to_cpu(rates[i]);
+ /* NULL terminated */
+ if (rate == 0x0)
+ break;
+ buf[i + 2] = rate;
+ }
+ buf[1] = i;
+
+ return i + 2;
+}
+
+static int prism_build_supp_rates(u8 *buf, const u8 *rates)
+{
+ int i;
+
+ buf[0] = WLAN_EID_SUPP_RATES;
+ for (i = 0; i < 8; i++) {
+ /* NULL terminated */
+ if (rates[i] == 0x0)
+ break;
+ buf[i + 2] = rates[i];
+ }
+ buf[1] = i;
+
+ /* We might still have another 2 rates, which need to go in
+ * extended supported rates */
+ if (i == 8 && rates[i] > 0) {
+ buf[10] = WLAN_EID_EXT_SUPP_RATES;
+ for (; i < 10; i++) {
+ /* NULL terminated */
+ if (rates[i] == 0x0)
+ break;
+ buf[i + 2] = rates[i];
+ }
+ buf[11] = i - 8;
+ }
+
+ return (i < 8) ? i + 2 : i + 4;
+}
+
+static void orinoco_add_hostscan_result(struct orinoco_private *priv,
+ const union hermes_scan_info *bss)
+{
+ struct wiphy *wiphy = priv_to_wiphy(priv);
+ struct ieee80211_channel *channel;
+ struct cfg80211_bss *cbss;
+ u8 *ie;
+ u8 ie_buf[46];
+ u64 timestamp;
+ s32 signal;
+ u16 capability;
+ u16 beacon_interval;
+ int ie_len;
+ int freq;
+ int len;
+
+ len = le16_to_cpu(bss->a.essid_len);
+
+ /* Reconstruct SSID and bitrate IEs to pass up */
+ ie_buf[0] = WLAN_EID_SSID;
+ ie_buf[1] = len;
+ memcpy(&ie_buf[2], bss->a.essid, len);
+
+ ie = ie_buf + len + 2;
+ ie_len = ie_buf[1] + 2;
+ switch (priv->firmware_type) {
+ case FIRMWARE_TYPE_SYMBOL:
+ ie_len += symbol_build_supp_rates(ie, bss->s.rates);
+ break;
+
+ case FIRMWARE_TYPE_INTERSIL:
+ ie_len += prism_build_supp_rates(ie, bss->p.rates);
+ break;
+
+ case FIRMWARE_TYPE_AGERE:
+ default:
+ break;
+ }
+
+ freq = ieee80211_channel_to_frequency(
+ le16_to_cpu(bss->a.channel), NL80211_BAND_2GHZ);
+ channel = ieee80211_get_channel(wiphy, freq);
+ if (!channel) {
+ printk(KERN_DEBUG "Invalid channel designation %04X(%04X)",
+ bss->a.channel, freq);
+ return; /* Then ignore it for now */
+ }
+ timestamp = 0;
+ capability = le16_to_cpu(bss->a.capabilities);
+ beacon_interval = le16_to_cpu(bss->a.beacon_interv);
+ signal = SIGNAL_TO_MBM(le16_to_cpu(bss->a.level));
+
+ cbss = cfg80211_inform_bss(wiphy, channel, CFG80211_BSS_FTYPE_UNKNOWN,
+ bss->a.bssid, timestamp, capability,
+ beacon_interval, ie_buf, ie_len, signal,
+ GFP_KERNEL);
+ cfg80211_put_bss(wiphy, cbss);
+}
+
+void orinoco_add_extscan_result(struct orinoco_private *priv,
+ struct agere_ext_scan_info *bss,
+ size_t len)
+{
+ struct wiphy *wiphy = priv_to_wiphy(priv);
+ struct ieee80211_channel *channel;
+ struct cfg80211_bss *cbss;
+ const u8 *ie;
+ u64 timestamp;
+ s32 signal;
+ u16 capability;
+ u16 beacon_interval;
+ size_t ie_len;
+ int chan, freq;
+
+ ie_len = len - sizeof(*bss);
+ ie = cfg80211_find_ie(WLAN_EID_DS_PARAMS, bss->data, ie_len);
+ chan = ie ? ie[2] : 0;
+ freq = ieee80211_channel_to_frequency(chan, NL80211_BAND_2GHZ);
+ channel = ieee80211_get_channel(wiphy, freq);
+
+ timestamp = le64_to_cpu(bss->timestamp);
+ capability = le16_to_cpu(bss->capabilities);
+ beacon_interval = le16_to_cpu(bss->beacon_interval);
+ ie = bss->data;
+ signal = SIGNAL_TO_MBM(bss->level);
+
+ cbss = cfg80211_inform_bss(wiphy, channel, CFG80211_BSS_FTYPE_UNKNOWN,
+ bss->bssid, timestamp, capability,
+ beacon_interval, ie, ie_len, signal,
+ GFP_KERNEL);
+ cfg80211_put_bss(wiphy, cbss);
+}
+
+void orinoco_add_hostscan_results(struct orinoco_private *priv,
+ unsigned char *buf,
+ size_t len)
+{
+ int offset; /* In the scan data */
+ size_t atom_len;
+ bool abort = false;
+
+ switch (priv->firmware_type) {
+ case FIRMWARE_TYPE_AGERE:
+ atom_len = sizeof(struct agere_scan_apinfo);
+ offset = 0;
+ break;
+
+ case FIRMWARE_TYPE_SYMBOL:
+ /* Lack of documentation necessitates this hack.
+ * Different firmwares have 68 or 76 byte long atoms.
+ * We try modulo first. If the length divides by both,
+ * we check what would be the channel in the second
+ * frame for a 68-byte atom. 76-byte atoms have 0 there.
+ * Valid channel cannot be 0. */
+ if (len % 76)
+ atom_len = 68;
+ else if (len % 68)
+ atom_len = 76;
+ else if (len >= 1292 && buf[68] == 0)
+ atom_len = 76;
+ else
+ atom_len = 68;
+ offset = 0;
+ break;
+
+ case FIRMWARE_TYPE_INTERSIL:
+ offset = 4;
+ if (priv->has_hostscan) {
+ atom_len = le16_to_cpup((__le16 *)buf);
+ /* Sanity check for atom_len */
+ if (atom_len < sizeof(struct prism2_scan_apinfo)) {
+ printk(KERN_ERR "%s: Invalid atom_len in scan "
+ "data: %zu\n", priv->ndev->name,
+ atom_len);
+ abort = true;
+ goto scan_abort;
+ }
+ } else
+ atom_len = offsetof(struct prism2_scan_apinfo, atim);
+ break;
+
+ default:
+ abort = true;
+ goto scan_abort;
+ }
+
+ /* Check that we got an whole number of atoms */
+ if ((len - offset) % atom_len) {
+ printk(KERN_ERR "%s: Unexpected scan data length %zu, "
+ "atom_len %zu, offset %d\n", priv->ndev->name, len,
+ atom_len, offset);
+ abort = true;
+ goto scan_abort;
+ }
+
+ /* Process the entries one by one */
+ for (; offset + atom_len <= len; offset += atom_len) {
+ union hermes_scan_info *atom;
+
+ atom = (union hermes_scan_info *) (buf + offset);
+
+ orinoco_add_hostscan_result(priv, atom);
+ }
+
+ scan_abort:
+ if (priv->scan_request) {
+ struct cfg80211_scan_info info = {
+ .aborted = abort,
+ };
+
+ cfg80211_scan_done(priv->scan_request, &info);
+ priv->scan_request = NULL;
+ }
+}
+
+void orinoco_scan_done(struct orinoco_private *priv, bool abort)
+{
+ if (priv->scan_request) {
+ struct cfg80211_scan_info info = {
+ .aborted = abort,
+ };
+
+ cfg80211_scan_done(priv->scan_request, &info);
+ priv->scan_request = NULL;
+ }
+}
diff --git a/drivers/net/wireless/intersil/orinoco/scan.h b/drivers/net/wireless/intersil/orinoco/scan.h
new file mode 100644
index 000000000..27281fb0a
--- /dev/null
+++ b/drivers/net/wireless/intersil/orinoco/scan.h
@@ -0,0 +1,21 @@
+/* Helpers for managing scan queues
+ *
+ * See copyright notice in main.c
+ */
+#ifndef _ORINOCO_SCAN_H_
+#define _ORINOCO_SCAN_H_
+
+/* Forward declarations */
+struct orinoco_private;
+struct agere_ext_scan_info;
+
+/* Add scan results */
+void orinoco_add_extscan_result(struct orinoco_private *priv,
+ struct agere_ext_scan_info *atom,
+ size_t len);
+void orinoco_add_hostscan_results(struct orinoco_private *dev,
+ unsigned char *buf,
+ size_t len);
+void orinoco_scan_done(struct orinoco_private *priv, bool abort);
+
+#endif /* _ORINOCO_SCAN_H_ */
diff --git a/drivers/net/wireless/intersil/orinoco/spectrum_cs.c b/drivers/net/wireless/intersil/orinoco/spectrum_cs.c
new file mode 100644
index 000000000..841d623c6
--- /dev/null
+++ b/drivers/net/wireless/intersil/orinoco/spectrum_cs.c
@@ -0,0 +1,328 @@
+/*
+ * Driver for 802.11b cards using RAM-loadable Symbol firmware, such as
+ * Symbol Wireless Networker LA4137, CompactFlash cards by Socket
+ * Communications and Intel PRO/Wireless 2011B.
+ *
+ * The driver implements Symbol firmware download. The rest is handled
+ * in hermes.c and main.c.
+ *
+ * Utilities for downloading the Symbol firmware are available at
+ * http://sourceforge.net/projects/orinoco/
+ *
+ * Copyright (C) 2002-2005 Pavel Roskin <proski@gnu.org>
+ * Portions based on orinoco_cs.c:
+ * Copyright (C) David Gibson, Linuxcare Australia
+ * Portions based on Spectrum24tDnld.c from original spectrum24 driver:
+ * Copyright (C) Symbol Technologies.
+ *
+ * See copyright notice in file main.c.
+ */
+
+#define DRIVER_NAME "spectrum_cs"
+#define PFX DRIVER_NAME ": "
+
+#include <linux/module.h>
+#include <linux/kernel.h>
+#include <linux/delay.h>
+#include <pcmcia/cistpl.h>
+#include <pcmcia/cisreg.h>
+#include <pcmcia/ds.h>
+
+#include "orinoco.h"
+
+/********************************************************************/
+/* Module stuff */
+/********************************************************************/
+
+MODULE_AUTHOR("Pavel Roskin <proski@gnu.org>");
+MODULE_DESCRIPTION("Driver for Symbol Spectrum24 Trilogy cards with firmware downloader");
+MODULE_LICENSE("Dual MPL/GPL");
+
+/* Module parameters */
+
+/* Some D-Link cards have buggy CIS. They do work at 5v properly, but
+ * don't have any CIS entry for it. This workaround it... */
+static int ignore_cis_vcc; /* = 0 */
+module_param(ignore_cis_vcc, int, 0);
+MODULE_PARM_DESC(ignore_cis_vcc, "Allow voltage mismatch between card and socket");
+
+/********************************************************************/
+/* Data structures */
+/********************************************************************/
+
+/* PCMCIA specific device information (goes in the card field of
+ * struct orinoco_private */
+struct orinoco_pccard {
+ struct pcmcia_device *p_dev;
+};
+
+/********************************************************************/
+/* Function prototypes */
+/********************************************************************/
+
+static int spectrum_cs_config(struct pcmcia_device *link);
+static void spectrum_cs_release(struct pcmcia_device *link);
+
+/* Constants for the CISREG_CCSR register */
+#define HCR_RUN 0x07 /* run firmware after reset */
+#define HCR_IDLE 0x0E /* don't run firmware after reset */
+#define HCR_MEM16 0x10 /* memory width bit, should be preserved */
+
+
+/*
+ * Reset the card using configuration registers COR and CCSR.
+ * If IDLE is 1, stop the firmware, so that it can be safely rewritten.
+ */
+static int
+spectrum_reset(struct pcmcia_device *link, int idle)
+{
+ int ret;
+ u8 save_cor;
+ u8 ccsr;
+
+ /* Doing it if hardware is gone is guaranteed crash */
+ if (!pcmcia_dev_present(link))
+ return -ENODEV;
+
+ /* Save original COR value */
+ ret = pcmcia_read_config_byte(link, CISREG_COR, &save_cor);
+ if (ret)
+ goto failed;
+
+ /* Soft-Reset card */
+ ret = pcmcia_write_config_byte(link, CISREG_COR,
+ (save_cor | COR_SOFT_RESET));
+ if (ret)
+ goto failed;
+ udelay(1000);
+
+ /* Read CCSR */
+ ret = pcmcia_read_config_byte(link, CISREG_CCSR, &ccsr);
+ if (ret)
+ goto failed;
+
+ /*
+ * Start or stop the firmware. Memory width bit should be
+ * preserved from the value we've just read.
+ */
+ ccsr = (idle ? HCR_IDLE : HCR_RUN) | (ccsr & HCR_MEM16);
+ ret = pcmcia_write_config_byte(link, CISREG_CCSR, ccsr);
+ if (ret)
+ goto failed;
+ udelay(1000);
+
+ /* Restore original COR configuration index */
+ ret = pcmcia_write_config_byte(link, CISREG_COR,
+ (save_cor & ~COR_SOFT_RESET));
+ if (ret)
+ goto failed;
+ udelay(1000);
+ return 0;
+
+failed:
+ return -ENODEV;
+}
+
+/********************************************************************/
+/* Device methods */
+/********************************************************************/
+
+static int
+spectrum_cs_hard_reset(struct orinoco_private *priv)
+{
+ struct orinoco_pccard *card = priv->card;
+ struct pcmcia_device *link = card->p_dev;
+
+ /* Soft reset using COR and HCR */
+ spectrum_reset(link, 0);
+
+ return 0;
+}
+
+static int
+spectrum_cs_stop_firmware(struct orinoco_private *priv, int idle)
+{
+ struct orinoco_pccard *card = priv->card;
+ struct pcmcia_device *link = card->p_dev;
+
+ return spectrum_reset(link, idle);
+}
+
+/********************************************************************/
+/* PCMCIA stuff */
+/********************************************************************/
+
+static int
+spectrum_cs_probe(struct pcmcia_device *link)
+{
+ struct orinoco_private *priv;
+ struct orinoco_pccard *card;
+ int ret;
+
+ priv = alloc_orinocodev(sizeof(*card), &link->dev,
+ spectrum_cs_hard_reset,
+ spectrum_cs_stop_firmware);
+ if (!priv)
+ return -ENOMEM;
+ card = priv->card;
+
+ /* Link both structures together */
+ card->p_dev = link;
+ link->priv = priv;
+
+ ret = spectrum_cs_config(link);
+ if (ret)
+ goto err_free_orinocodev;
+
+ return 0;
+
+err_free_orinocodev:
+ free_orinocodev(priv);
+ return ret;
+}
+
+static void spectrum_cs_detach(struct pcmcia_device *link)
+{
+ struct orinoco_private *priv = link->priv;
+
+ orinoco_if_del(priv);
+
+ spectrum_cs_release(link);
+
+ free_orinocodev(priv);
+} /* spectrum_cs_detach */
+
+static int spectrum_cs_config_check(struct pcmcia_device *p_dev,
+ void *priv_data)
+{
+ if (p_dev->config_index == 0)
+ return -EINVAL;
+
+ return pcmcia_request_io(p_dev);
+};
+
+static int
+spectrum_cs_config(struct pcmcia_device *link)
+{
+ struct orinoco_private *priv = link->priv;
+ struct hermes *hw = &priv->hw;
+ int ret;
+ void __iomem *mem;
+
+ link->config_flags |= CONF_AUTO_SET_VPP | CONF_AUTO_CHECK_VCC |
+ CONF_AUTO_SET_IO | CONF_ENABLE_IRQ;
+ if (ignore_cis_vcc)
+ link->config_flags &= ~CONF_AUTO_CHECK_VCC;
+ ret = pcmcia_loop_config(link, spectrum_cs_config_check, NULL);
+ if (ret) {
+ if (!ignore_cis_vcc)
+ printk(KERN_ERR PFX "GetNextTuple(): No matching "
+ "CIS configuration. Maybe you need the "
+ "ignore_cis_vcc=1 parameter.\n");
+ goto failed;
+ }
+
+ mem = ioport_map(link->resource[0]->start,
+ resource_size(link->resource[0]));
+ if (!mem)
+ goto failed;
+
+ /* We initialize the hermes structure before completing PCMCIA
+ * configuration just in case the interrupt handler gets
+ * called. */
+ hermes_struct_init(hw, mem, HERMES_16BIT_REGSPACING);
+ hw->eeprom_pda = true;
+
+ ret = pcmcia_request_irq(link, orinoco_interrupt);
+ if (ret)
+ goto failed;
+
+ ret = pcmcia_enable_device(link);
+ if (ret)
+ goto failed;
+
+ /* Reset card */
+ if (spectrum_cs_hard_reset(priv) != 0)
+ goto failed;
+
+ /* Initialise the main driver */
+ if (orinoco_init(priv) != 0) {
+ printk(KERN_ERR PFX "orinoco_init() failed\n");
+ goto failed;
+ }
+
+ /* Register an interface with the stack */
+ if (orinoco_if_add(priv, link->resource[0]->start,
+ link->irq, NULL) != 0) {
+ printk(KERN_ERR PFX "orinoco_if_add() failed\n");
+ goto failed;
+ }
+
+ return 0;
+
+ failed:
+ spectrum_cs_release(link);
+ return -ENODEV;
+} /* spectrum_cs_config */
+
+static void
+spectrum_cs_release(struct pcmcia_device *link)
+{
+ struct orinoco_private *priv = link->priv;
+ unsigned long flags;
+
+ /* We're committed to taking the device away now, so mark the
+ * hardware as unavailable */
+ priv->hw.ops->lock_irqsave(&priv->lock, &flags);
+ priv->hw_unavailable++;
+ priv->hw.ops->unlock_irqrestore(&priv->lock, &flags);
+
+ pcmcia_disable_device(link);
+ if (priv->hw.iobase)
+ ioport_unmap(priv->hw.iobase);
+} /* spectrum_cs_release */
+
+
+static int
+spectrum_cs_suspend(struct pcmcia_device *link)
+{
+ struct orinoco_private *priv = link->priv;
+
+ /* Mark the device as stopped, to block IO until later */
+ orinoco_down(priv);
+
+ return 0;
+}
+
+static int
+spectrum_cs_resume(struct pcmcia_device *link)
+{
+ struct orinoco_private *priv = link->priv;
+ int err = orinoco_up(priv);
+
+ return err;
+}
+
+
+/********************************************************************/
+/* Module initialization */
+/********************************************************************/
+
+static const struct pcmcia_device_id spectrum_cs_ids[] = {
+ PCMCIA_DEVICE_MANF_CARD(0x026c, 0x0001), /* Symbol Spectrum24 LA4137 */
+ PCMCIA_DEVICE_MANF_CARD(0x0104, 0x0001), /* Socket Communications CF */
+ PCMCIA_DEVICE_PROD_ID12("Intel", "PRO/Wireless LAN PC Card", 0x816cc815, 0x6fbf459a), /* 2011B, not 2011 */
+ PCMCIA_DEVICE_NULL,
+};
+MODULE_DEVICE_TABLE(pcmcia, spectrum_cs_ids);
+
+static struct pcmcia_driver orinoco_driver = {
+ .owner = THIS_MODULE,
+ .name = DRIVER_NAME,
+ .probe = spectrum_cs_probe,
+ .remove = spectrum_cs_detach,
+ .suspend = spectrum_cs_suspend,
+ .resume = spectrum_cs_resume,
+ .id_table = spectrum_cs_ids,
+};
+module_pcmcia_driver(orinoco_driver);
diff --git a/drivers/net/wireless/intersil/orinoco/wext.c b/drivers/net/wireless/intersil/orinoco/wext.c
new file mode 100644
index 000000000..4a0126002
--- /dev/null
+++ b/drivers/net/wireless/intersil/orinoco/wext.c
@@ -0,0 +1,1413 @@
+/* Wireless extensions support.
+ *
+ * See copyright notice in main.c
+ */
+#include <linux/slab.h>
+#include <linux/kernel.h>
+#include <linux/if_arp.h>
+#include <linux/wireless.h>
+#include <linux/ieee80211.h>
+#include <linux/etherdevice.h>
+#include <net/iw_handler.h>
+#include <net/cfg80211.h>
+#include <net/cfg80211-wext.h>
+
+#include "hermes.h"
+#include "hermes_rid.h"
+#include "orinoco.h"
+
+#include "hw.h"
+#include "mic.h"
+#include "scan.h"
+#include "main.h"
+
+#include "wext.h"
+
+#define MAX_RID_LEN 1024
+
+/* Helper routine to record keys
+ * It is called under orinoco_lock so it may not sleep */
+static int orinoco_set_key(struct orinoco_private *priv, int index,
+ enum orinoco_alg alg, const u8 *key, int key_len,
+ const u8 *seq, int seq_len)
+{
+ kfree_sensitive(priv->keys[index].key);
+ kfree_sensitive(priv->keys[index].seq);
+
+ if (key_len) {
+ priv->keys[index].key = kzalloc(key_len, GFP_ATOMIC);
+ if (!priv->keys[index].key)
+ goto nomem;
+ } else
+ priv->keys[index].key = NULL;
+
+ if (seq_len) {
+ priv->keys[index].seq = kzalloc(seq_len, GFP_ATOMIC);
+ if (!priv->keys[index].seq)
+ goto free_key;
+ } else
+ priv->keys[index].seq = NULL;
+
+ priv->keys[index].key_len = key_len;
+ priv->keys[index].seq_len = seq_len;
+
+ if (key_len)
+ memcpy((void *)priv->keys[index].key, key, key_len);
+ if (seq_len)
+ memcpy((void *)priv->keys[index].seq, seq, seq_len);
+
+ switch (alg) {
+ case ORINOCO_ALG_TKIP:
+ priv->keys[index].cipher = WLAN_CIPHER_SUITE_TKIP;
+ break;
+
+ case ORINOCO_ALG_WEP:
+ priv->keys[index].cipher = (key_len > SMALL_KEY_SIZE) ?
+ WLAN_CIPHER_SUITE_WEP104 : WLAN_CIPHER_SUITE_WEP40;
+ break;
+
+ case ORINOCO_ALG_NONE:
+ default:
+ priv->keys[index].cipher = 0;
+ break;
+ }
+
+ return 0;
+
+free_key:
+ kfree(priv->keys[index].key);
+ priv->keys[index].key = NULL;
+
+nomem:
+ priv->keys[index].key_len = 0;
+ priv->keys[index].seq_len = 0;
+ priv->keys[index].cipher = 0;
+
+ return -ENOMEM;
+}
+
+static struct iw_statistics *orinoco_get_wireless_stats(struct net_device *dev)
+{
+ struct orinoco_private *priv = ndev_priv(dev);
+ struct hermes *hw = &priv->hw;
+ struct iw_statistics *wstats = &priv->wstats;
+ int err;
+ unsigned long flags;
+
+ if (!netif_device_present(dev)) {
+ printk(KERN_WARNING "%s: get_wireless_stats() called while device not present\n",
+ dev->name);
+ return NULL; /* FIXME: Can we do better than this? */
+ }
+
+ /* If busy, return the old stats. Returning NULL may cause
+ * the interface to disappear from /proc/net/wireless */
+ if (orinoco_lock(priv, &flags) != 0)
+ return wstats;
+
+ /* We can't really wait for the tallies inquiry command to
+ * complete, so we just use the previous results and trigger
+ * a new tallies inquiry command for next time - Jean II */
+ /* FIXME: Really we should wait for the inquiry to come back -
+ * as it is the stats we give don't make a whole lot of sense.
+ * Unfortunately, it's not clear how to do that within the
+ * wireless extensions framework: I think we're in user
+ * context, but a lock seems to be held by the time we get in
+ * here so we're not safe to sleep here. */
+ hermes_inquire(hw, HERMES_INQ_TALLIES);
+
+ if (priv->iw_mode == NL80211_IFTYPE_ADHOC) {
+ memset(&wstats->qual, 0, sizeof(wstats->qual));
+ /* If a spy address is defined, we report stats of the
+ * first spy address - Jean II */
+ if (SPY_NUMBER(priv)) {
+ wstats->qual.qual = priv->spy_data.spy_stat[0].qual;
+ wstats->qual.level = priv->spy_data.spy_stat[0].level;
+ wstats->qual.noise = priv->spy_data.spy_stat[0].noise;
+ wstats->qual.updated =
+ priv->spy_data.spy_stat[0].updated;
+ }
+ } else {
+ struct {
+ __le16 qual, signal, noise, unused;
+ } __packed cq;
+
+ err = HERMES_READ_RECORD(hw, USER_BAP,
+ HERMES_RID_COMMSQUALITY, &cq);
+
+ if (!err) {
+ wstats->qual.qual = (int)le16_to_cpu(cq.qual);
+ wstats->qual.level = (int)le16_to_cpu(cq.signal) - 0x95;
+ wstats->qual.noise = (int)le16_to_cpu(cq.noise) - 0x95;
+ wstats->qual.updated =
+ IW_QUAL_ALL_UPDATED | IW_QUAL_DBM;
+ }
+ }
+
+ orinoco_unlock(priv, &flags);
+ return wstats;
+}
+
+/********************************************************************/
+/* Wireless extensions */
+/********************************************************************/
+
+static int orinoco_ioctl_setwap(struct net_device *dev,
+ struct iw_request_info *info,
+ struct sockaddr *ap_addr,
+ char *extra)
+{
+ struct orinoco_private *priv = ndev_priv(dev);
+ int err = -EINPROGRESS; /* Call commit handler */
+ unsigned long flags;
+
+ if (orinoco_lock(priv, &flags) != 0)
+ return -EBUSY;
+
+ /* Enable automatic roaming - no sanity checks are needed */
+ if (is_zero_ether_addr(ap_addr->sa_data) ||
+ is_broadcast_ether_addr(ap_addr->sa_data)) {
+ priv->bssid_fixed = 0;
+ eth_zero_addr(priv->desired_bssid);
+
+ /* "off" means keep existing connection */
+ if (ap_addr->sa_data[0] == 0) {
+ __orinoco_hw_set_wap(priv);
+ err = 0;
+ }
+ goto out;
+ }
+
+ if (priv->firmware_type == FIRMWARE_TYPE_AGERE) {
+ printk(KERN_WARNING "%s: Lucent/Agere firmware doesn't "
+ "support manual roaming\n",
+ dev->name);
+ err = -EOPNOTSUPP;
+ goto out;
+ }
+
+ if (priv->iw_mode != NL80211_IFTYPE_STATION) {
+ printk(KERN_WARNING "%s: Manual roaming supported only in "
+ "managed mode\n", dev->name);
+ err = -EOPNOTSUPP;
+ goto out;
+ }
+
+ /* Intersil firmware hangs without Desired ESSID */
+ if (priv->firmware_type == FIRMWARE_TYPE_INTERSIL &&
+ strlen(priv->desired_essid) == 0) {
+ printk(KERN_WARNING "%s: Desired ESSID must be set for "
+ "manual roaming\n", dev->name);
+ err = -EOPNOTSUPP;
+ goto out;
+ }
+
+ /* Finally, enable manual roaming */
+ priv->bssid_fixed = 1;
+ memcpy(priv->desired_bssid, &ap_addr->sa_data, ETH_ALEN);
+
+ out:
+ orinoco_unlock(priv, &flags);
+ return err;
+}
+
+static int orinoco_ioctl_getwap(struct net_device *dev,
+ struct iw_request_info *info,
+ struct sockaddr *ap_addr,
+ char *extra)
+{
+ struct orinoco_private *priv = ndev_priv(dev);
+
+ int err = 0;
+ unsigned long flags;
+
+ if (orinoco_lock(priv, &flags) != 0)
+ return -EBUSY;
+
+ ap_addr->sa_family = ARPHRD_ETHER;
+ err = orinoco_hw_get_current_bssid(priv, ap_addr->sa_data);
+
+ orinoco_unlock(priv, &flags);
+
+ return err;
+}
+
+static int orinoco_ioctl_setiwencode(struct net_device *dev,
+ struct iw_request_info *info,
+ struct iw_point *erq,
+ char *keybuf)
+{
+ struct orinoco_private *priv = ndev_priv(dev);
+ int index = (erq->flags & IW_ENCODE_INDEX) - 1;
+ int setindex = priv->tx_key;
+ enum orinoco_alg encode_alg = priv->encode_alg;
+ int restricted = priv->wep_restrict;
+ int err = -EINPROGRESS; /* Call commit handler */
+ unsigned long flags;
+
+ if (!priv->has_wep)
+ return -EOPNOTSUPP;
+
+ if (erq->pointer) {
+ /* We actually have a key to set - check its length */
+ if (erq->length > LARGE_KEY_SIZE)
+ return -E2BIG;
+
+ if ((erq->length > SMALL_KEY_SIZE) && !priv->has_big_wep)
+ return -E2BIG;
+ }
+
+ if (orinoco_lock(priv, &flags) != 0)
+ return -EBUSY;
+
+ /* Clear any TKIP key we have */
+ if ((priv->has_wpa) && (priv->encode_alg == ORINOCO_ALG_TKIP))
+ (void) orinoco_clear_tkip_key(priv, setindex);
+
+ if (erq->length > 0) {
+ if ((index < 0) || (index >= ORINOCO_MAX_KEYS))
+ index = priv->tx_key;
+
+ /* Switch on WEP if off */
+ if (encode_alg != ORINOCO_ALG_WEP) {
+ setindex = index;
+ encode_alg = ORINOCO_ALG_WEP;
+ }
+ } else {
+ /* Important note : if the user do "iwconfig eth0 enc off",
+ * we will arrive there with an index of -1. This is valid
+ * but need to be taken care off... Jean II */
+ if ((index < 0) || (index >= ORINOCO_MAX_KEYS)) {
+ if ((index != -1) || (erq->flags == 0)) {
+ err = -EINVAL;
+ goto out;
+ }
+ } else {
+ /* Set the index : Check that the key is valid */
+ if (priv->keys[index].key_len == 0) {
+ err = -EINVAL;
+ goto out;
+ }
+ setindex = index;
+ }
+ }
+
+ if (erq->flags & IW_ENCODE_DISABLED)
+ encode_alg = ORINOCO_ALG_NONE;
+ if (erq->flags & IW_ENCODE_OPEN)
+ restricted = 0;
+ if (erq->flags & IW_ENCODE_RESTRICTED)
+ restricted = 1;
+
+ if (erq->pointer && erq->length > 0) {
+ err = orinoco_set_key(priv, index, ORINOCO_ALG_WEP, keybuf,
+ erq->length, NULL, 0);
+ }
+ priv->tx_key = setindex;
+
+ /* Try fast key change if connected and only keys are changed */
+ if ((priv->encode_alg == encode_alg) &&
+ (priv->wep_restrict == restricted) &&
+ netif_carrier_ok(dev)) {
+ err = __orinoco_hw_setup_wepkeys(priv);
+ /* No need to commit if successful */
+ goto out;
+ }
+
+ priv->encode_alg = encode_alg;
+ priv->wep_restrict = restricted;
+
+ out:
+ orinoco_unlock(priv, &flags);
+
+ return err;
+}
+
+static int orinoco_ioctl_getiwencode(struct net_device *dev,
+ struct iw_request_info *info,
+ struct iw_point *erq,
+ char *keybuf)
+{
+ struct orinoco_private *priv = ndev_priv(dev);
+ int index = (erq->flags & IW_ENCODE_INDEX) - 1;
+ unsigned long flags;
+
+ if (!priv->has_wep)
+ return -EOPNOTSUPP;
+
+ if (orinoco_lock(priv, &flags) != 0)
+ return -EBUSY;
+
+ if ((index < 0) || (index >= ORINOCO_MAX_KEYS))
+ index = priv->tx_key;
+
+ erq->flags = 0;
+ if (!priv->encode_alg)
+ erq->flags |= IW_ENCODE_DISABLED;
+ erq->flags |= index + 1;
+
+ if (priv->wep_restrict)
+ erq->flags |= IW_ENCODE_RESTRICTED;
+ else
+ erq->flags |= IW_ENCODE_OPEN;
+
+ erq->length = priv->keys[index].key_len;
+
+ memcpy(keybuf, priv->keys[index].key, erq->length);
+
+ orinoco_unlock(priv, &flags);
+ return 0;
+}
+
+static int orinoco_ioctl_setessid(struct net_device *dev,
+ struct iw_request_info *info,
+ struct iw_point *erq,
+ char *essidbuf)
+{
+ struct orinoco_private *priv = ndev_priv(dev);
+ unsigned long flags;
+
+ /* Note : ESSID is ignored in Ad-Hoc demo mode, but we can set it
+ * anyway... - Jean II */
+
+ /* Hum... Should not use Wireless Extension constant (may change),
+ * should use our own... - Jean II */
+ if (erq->length > IW_ESSID_MAX_SIZE)
+ return -E2BIG;
+
+ if (orinoco_lock(priv, &flags) != 0)
+ return -EBUSY;
+
+ /* NULL the string (for NULL termination & ESSID = ANY) - Jean II */
+ memset(priv->desired_essid, 0, sizeof(priv->desired_essid));
+
+ /* If not ANY, get the new ESSID */
+ if (erq->flags)
+ memcpy(priv->desired_essid, essidbuf, erq->length);
+
+ orinoco_unlock(priv, &flags);
+
+ return -EINPROGRESS; /* Call commit handler */
+}
+
+static int orinoco_ioctl_getessid(struct net_device *dev,
+ struct iw_request_info *info,
+ struct iw_point *erq,
+ char *essidbuf)
+{
+ struct orinoco_private *priv = ndev_priv(dev);
+ int active;
+ int err = 0;
+ unsigned long flags;
+
+ if (netif_running(dev)) {
+ err = orinoco_hw_get_essid(priv, &active, essidbuf);
+ if (err < 0)
+ return err;
+ erq->length = err;
+ } else {
+ if (orinoco_lock(priv, &flags) != 0)
+ return -EBUSY;
+ memcpy(essidbuf, priv->desired_essid, IW_ESSID_MAX_SIZE);
+ erq->length = strlen(priv->desired_essid);
+ orinoco_unlock(priv, &flags);
+ }
+
+ erq->flags = 1;
+
+ return 0;
+}
+
+static int orinoco_ioctl_setfreq(struct net_device *dev,
+ struct iw_request_info *info,
+ struct iw_freq *frq,
+ char *extra)
+{
+ struct orinoco_private *priv = ndev_priv(dev);
+ int chan = -1;
+ unsigned long flags;
+ int err = -EINPROGRESS; /* Call commit handler */
+
+ /* In infrastructure mode the AP sets the channel */
+ if (priv->iw_mode == NL80211_IFTYPE_STATION)
+ return -EBUSY;
+
+ if ((frq->e == 0) && (frq->m <= 1000)) {
+ /* Setting by channel number */
+ chan = frq->m;
+ } else {
+ /* Setting by frequency */
+ int denom = 1;
+ int i;
+
+ /* Calculate denominator to rescale to MHz */
+ for (i = 0; i < (6 - frq->e); i++)
+ denom *= 10;
+
+ chan = ieee80211_frequency_to_channel(frq->m / denom);
+ }
+
+ if ((chan < 1) || (chan > NUM_CHANNELS) ||
+ !(priv->channel_mask & (1 << (chan - 1))))
+ return -EINVAL;
+
+ if (orinoco_lock(priv, &flags) != 0)
+ return -EBUSY;
+
+ priv->channel = chan;
+ if (priv->iw_mode == NL80211_IFTYPE_MONITOR) {
+ /* Fast channel change - no commit if successful */
+ struct hermes *hw = &priv->hw;
+ err = hw->ops->cmd_wait(hw, HERMES_CMD_TEST |
+ HERMES_TEST_SET_CHANNEL,
+ chan, NULL);
+ }
+ orinoco_unlock(priv, &flags);
+
+ return err;
+}
+
+static int orinoco_ioctl_getfreq(struct net_device *dev,
+ struct iw_request_info *info,
+ struct iw_freq *frq,
+ char *extra)
+{
+ struct orinoco_private *priv = ndev_priv(dev);
+ int tmp;
+
+ /* Locking done in there */
+ tmp = orinoco_hw_get_freq(priv);
+ if (tmp < 0)
+ return tmp;
+
+ frq->m = tmp * 100000;
+ frq->e = 1;
+
+ return 0;
+}
+
+static int orinoco_ioctl_getsens(struct net_device *dev,
+ struct iw_request_info *info,
+ struct iw_param *srq,
+ char *extra)
+{
+ struct orinoco_private *priv = ndev_priv(dev);
+ struct hermes *hw = &priv->hw;
+ u16 val;
+ int err;
+ unsigned long flags;
+
+ if (!priv->has_sensitivity)
+ return -EOPNOTSUPP;
+
+ if (orinoco_lock(priv, &flags) != 0)
+ return -EBUSY;
+ err = hermes_read_wordrec(hw, USER_BAP,
+ HERMES_RID_CNFSYSTEMSCALE, &val);
+ orinoco_unlock(priv, &flags);
+
+ if (err)
+ return err;
+
+ srq->value = val;
+ srq->fixed = 0; /* auto */
+
+ return 0;
+}
+
+static int orinoco_ioctl_setsens(struct net_device *dev,
+ struct iw_request_info *info,
+ struct iw_param *srq,
+ char *extra)
+{
+ struct orinoco_private *priv = ndev_priv(dev);
+ int val = srq->value;
+ unsigned long flags;
+
+ if (!priv->has_sensitivity)
+ return -EOPNOTSUPP;
+
+ if ((val < 1) || (val > 3))
+ return -EINVAL;
+
+ if (orinoco_lock(priv, &flags) != 0)
+ return -EBUSY;
+ priv->ap_density = val;
+ orinoco_unlock(priv, &flags);
+
+ return -EINPROGRESS; /* Call commit handler */
+}
+
+static int orinoco_ioctl_setrate(struct net_device *dev,
+ struct iw_request_info *info,
+ struct iw_param *rrq,
+ char *extra)
+{
+ struct orinoco_private *priv = ndev_priv(dev);
+ int ratemode;
+ int bitrate; /* 100s of kilobits */
+ unsigned long flags;
+
+ /* As the user space doesn't know our highest rate, it uses -1
+ * to ask us to set the highest rate. Test it using "iwconfig
+ * ethX rate auto" - Jean II */
+ if (rrq->value == -1)
+ bitrate = 110;
+ else {
+ if (rrq->value % 100000)
+ return -EINVAL;
+ bitrate = rrq->value / 100000;
+ }
+
+ ratemode = orinoco_get_bitratemode(bitrate, !rrq->fixed);
+
+ if (ratemode == -1)
+ return -EINVAL;
+
+ if (orinoco_lock(priv, &flags) != 0)
+ return -EBUSY;
+ priv->bitratemode = ratemode;
+ orinoco_unlock(priv, &flags);
+
+ return -EINPROGRESS;
+}
+
+static int orinoco_ioctl_getrate(struct net_device *dev,
+ struct iw_request_info *info,
+ struct iw_param *rrq,
+ char *extra)
+{
+ struct orinoco_private *priv = ndev_priv(dev);
+ int err = 0;
+ int bitrate, automatic;
+ unsigned long flags;
+
+ if (orinoco_lock(priv, &flags) != 0)
+ return -EBUSY;
+
+ orinoco_get_ratemode_cfg(priv->bitratemode, &bitrate, &automatic);
+
+ /* If the interface is running we try to find more about the
+ current mode */
+ if (netif_running(dev)) {
+ int act_bitrate;
+ int lerr;
+
+ /* Ignore errors if we can't get the actual bitrate */
+ lerr = orinoco_hw_get_act_bitrate(priv, &act_bitrate);
+ if (!lerr)
+ bitrate = act_bitrate;
+ }
+
+ orinoco_unlock(priv, &flags);
+
+ rrq->value = bitrate;
+ rrq->fixed = !automatic;
+ rrq->disabled = 0;
+
+ return err;
+}
+
+static int orinoco_ioctl_setpower(struct net_device *dev,
+ struct iw_request_info *info,
+ struct iw_param *prq,
+ char *extra)
+{
+ struct orinoco_private *priv = ndev_priv(dev);
+ int err = -EINPROGRESS; /* Call commit handler */
+ unsigned long flags;
+
+ if (orinoco_lock(priv, &flags) != 0)
+ return -EBUSY;
+
+ if (prq->disabled) {
+ priv->pm_on = 0;
+ } else {
+ switch (prq->flags & IW_POWER_MODE) {
+ case IW_POWER_UNICAST_R:
+ priv->pm_mcast = 0;
+ priv->pm_on = 1;
+ break;
+ case IW_POWER_ALL_R:
+ priv->pm_mcast = 1;
+ priv->pm_on = 1;
+ break;
+ case IW_POWER_ON:
+ /* No flags : but we may have a value - Jean II */
+ break;
+ default:
+ err = -EINVAL;
+ goto out;
+ }
+
+ if (prq->flags & IW_POWER_TIMEOUT) {
+ priv->pm_on = 1;
+ priv->pm_timeout = prq->value / 1000;
+ }
+ if (prq->flags & IW_POWER_PERIOD) {
+ priv->pm_on = 1;
+ priv->pm_period = prq->value / 1000;
+ }
+ /* It's valid to not have a value if we are just toggling
+ * the flags... Jean II */
+ if (!priv->pm_on) {
+ err = -EINVAL;
+ goto out;
+ }
+ }
+
+ out:
+ orinoco_unlock(priv, &flags);
+
+ return err;
+}
+
+static int orinoco_ioctl_getpower(struct net_device *dev,
+ struct iw_request_info *info,
+ struct iw_param *prq,
+ char *extra)
+{
+ struct orinoco_private *priv = ndev_priv(dev);
+ struct hermes *hw = &priv->hw;
+ int err = 0;
+ u16 enable, period, timeout, mcast;
+ unsigned long flags;
+
+ if (orinoco_lock(priv, &flags) != 0)
+ return -EBUSY;
+
+ err = hermes_read_wordrec(hw, USER_BAP,
+ HERMES_RID_CNFPMENABLED, &enable);
+ if (err)
+ goto out;
+
+ err = hermes_read_wordrec(hw, USER_BAP,
+ HERMES_RID_CNFMAXSLEEPDURATION, &period);
+ if (err)
+ goto out;
+
+ err = hermes_read_wordrec(hw, USER_BAP,
+ HERMES_RID_CNFPMHOLDOVERDURATION, &timeout);
+ if (err)
+ goto out;
+
+ err = hermes_read_wordrec(hw, USER_BAP,
+ HERMES_RID_CNFMULTICASTRECEIVE, &mcast);
+ if (err)
+ goto out;
+
+ prq->disabled = !enable;
+ /* Note : by default, display the period */
+ if ((prq->flags & IW_POWER_TYPE) == IW_POWER_TIMEOUT) {
+ prq->flags = IW_POWER_TIMEOUT;
+ prq->value = timeout * 1000;
+ } else {
+ prq->flags = IW_POWER_PERIOD;
+ prq->value = period * 1000;
+ }
+ if (mcast)
+ prq->flags |= IW_POWER_ALL_R;
+ else
+ prq->flags |= IW_POWER_UNICAST_R;
+
+ out:
+ orinoco_unlock(priv, &flags);
+
+ return err;
+}
+
+static int orinoco_ioctl_set_encodeext(struct net_device *dev,
+ struct iw_request_info *info,
+ union iwreq_data *wrqu,
+ char *extra)
+{
+ struct orinoco_private *priv = ndev_priv(dev);
+ struct iw_point *encoding = &wrqu->encoding;
+ struct iw_encode_ext *ext = (struct iw_encode_ext *)extra;
+ int idx, alg = ext->alg, set_key = 1;
+ unsigned long flags;
+ int err = -EINVAL;
+
+ if (orinoco_lock(priv, &flags) != 0)
+ return -EBUSY;
+
+ /* Determine and validate the key index */
+ idx = encoding->flags & IW_ENCODE_INDEX;
+ if (idx) {
+ if ((idx < 1) || (idx > 4))
+ goto out;
+ idx--;
+ } else
+ idx = priv->tx_key;
+
+ if (encoding->flags & IW_ENCODE_DISABLED)
+ alg = IW_ENCODE_ALG_NONE;
+
+ if (priv->has_wpa && (alg != IW_ENCODE_ALG_TKIP)) {
+ /* Clear any TKIP TX key we had */
+ (void) orinoco_clear_tkip_key(priv, priv->tx_key);
+ }
+
+ if (ext->ext_flags & IW_ENCODE_EXT_SET_TX_KEY) {
+ priv->tx_key = idx;
+ set_key = ((alg == IW_ENCODE_ALG_TKIP) ||
+ (ext->key_len > 0)) ? 1 : 0;
+ }
+
+ if (set_key) {
+ /* Set the requested key first */
+ switch (alg) {
+ case IW_ENCODE_ALG_NONE:
+ priv->encode_alg = ORINOCO_ALG_NONE;
+ err = orinoco_set_key(priv, idx, ORINOCO_ALG_NONE,
+ NULL, 0, NULL, 0);
+ break;
+
+ case IW_ENCODE_ALG_WEP:
+ if (ext->key_len <= 0)
+ goto out;
+
+ priv->encode_alg = ORINOCO_ALG_WEP;
+ err = orinoco_set_key(priv, idx, ORINOCO_ALG_WEP,
+ ext->key, ext->key_len, NULL, 0);
+ break;
+
+ case IW_ENCODE_ALG_TKIP:
+ {
+ u8 *tkip_iv = NULL;
+
+ if (!priv->has_wpa ||
+ (ext->key_len > sizeof(struct orinoco_tkip_key)))
+ goto out;
+
+ priv->encode_alg = ORINOCO_ALG_TKIP;
+
+ if (ext->ext_flags & IW_ENCODE_EXT_RX_SEQ_VALID)
+ tkip_iv = &ext->rx_seq[0];
+
+ err = orinoco_set_key(priv, idx, ORINOCO_ALG_TKIP,
+ ext->key, ext->key_len, tkip_iv,
+ ORINOCO_SEQ_LEN);
+
+ err = __orinoco_hw_set_tkip_key(priv, idx,
+ ext->ext_flags & IW_ENCODE_EXT_SET_TX_KEY,
+ priv->keys[idx].key, priv->keys[idx].key_len,
+ tkip_iv, ORINOCO_SEQ_LEN, NULL, 0);
+ if (err)
+ printk(KERN_ERR "%s: Error %d setting TKIP key"
+ "\n", dev->name, err);
+
+ goto out;
+ }
+ default:
+ goto out;
+ }
+ }
+ err = -EINPROGRESS;
+ out:
+ orinoco_unlock(priv, &flags);
+
+ return err;
+}
+
+static int orinoco_ioctl_get_encodeext(struct net_device *dev,
+ struct iw_request_info *info,
+ union iwreq_data *wrqu,
+ char *extra)
+{
+ struct orinoco_private *priv = ndev_priv(dev);
+ struct iw_point *encoding = &wrqu->encoding;
+ struct iw_encode_ext *ext = (struct iw_encode_ext *)extra;
+ int idx, max_key_len;
+ unsigned long flags;
+ int err;
+
+ if (orinoco_lock(priv, &flags) != 0)
+ return -EBUSY;
+
+ err = -EINVAL;
+ max_key_len = encoding->length - sizeof(*ext);
+ if (max_key_len < 0)
+ goto out;
+
+ idx = encoding->flags & IW_ENCODE_INDEX;
+ if (idx) {
+ if ((idx < 1) || (idx > 4))
+ goto out;
+ idx--;
+ } else
+ idx = priv->tx_key;
+
+ encoding->flags = idx + 1;
+ memset(ext, 0, sizeof(*ext));
+
+ switch (priv->encode_alg) {
+ case ORINOCO_ALG_NONE:
+ ext->alg = IW_ENCODE_ALG_NONE;
+ ext->key_len = 0;
+ encoding->flags |= IW_ENCODE_DISABLED;
+ break;
+ case ORINOCO_ALG_WEP:
+ ext->alg = IW_ENCODE_ALG_WEP;
+ ext->key_len = min(priv->keys[idx].key_len, max_key_len);
+ memcpy(ext->key, priv->keys[idx].key, ext->key_len);
+ encoding->flags |= IW_ENCODE_ENABLED;
+ break;
+ case ORINOCO_ALG_TKIP:
+ ext->alg = IW_ENCODE_ALG_TKIP;
+ ext->key_len = min(priv->keys[idx].key_len, max_key_len);
+ memcpy(ext->key, priv->keys[idx].key, ext->key_len);
+ encoding->flags |= IW_ENCODE_ENABLED;
+ break;
+ }
+
+ err = 0;
+ out:
+ orinoco_unlock(priv, &flags);
+
+ return err;
+}
+
+static int orinoco_ioctl_set_auth(struct net_device *dev,
+ struct iw_request_info *info,
+ union iwreq_data *wrqu, char *extra)
+{
+ struct orinoco_private *priv = ndev_priv(dev);
+ struct hermes *hw = &priv->hw;
+ struct iw_param *param = &wrqu->param;
+ unsigned long flags;
+ int ret = -EINPROGRESS;
+
+ if (orinoco_lock(priv, &flags) != 0)
+ return -EBUSY;
+
+ switch (param->flags & IW_AUTH_INDEX) {
+ case IW_AUTH_WPA_VERSION:
+ case IW_AUTH_CIPHER_PAIRWISE:
+ case IW_AUTH_CIPHER_GROUP:
+ case IW_AUTH_RX_UNENCRYPTED_EAPOL:
+ case IW_AUTH_PRIVACY_INVOKED:
+ case IW_AUTH_DROP_UNENCRYPTED:
+ /*
+ * orinoco does not use these parameters
+ */
+ break;
+
+ case IW_AUTH_MFP:
+ /* Management Frame Protection not supported.
+ * Only fail if set to required.
+ */
+ if (param->value == IW_AUTH_MFP_REQUIRED)
+ ret = -EINVAL;
+ break;
+
+ case IW_AUTH_KEY_MGMT:
+ /* wl_lkm implies value 2 == PSK for Hermes I
+ * which ties in with WEXT
+ * no other hints tho :(
+ */
+ priv->key_mgmt = param->value;
+ break;
+
+ case IW_AUTH_TKIP_COUNTERMEASURES:
+ /* When countermeasures are enabled, shut down the
+ * card; when disabled, re-enable the card. This must
+ * take effect immediately.
+ *
+ * TODO: Make sure that the EAPOL message is getting
+ * out before card disabled
+ */
+ if (param->value) {
+ priv->tkip_cm_active = 1;
+ ret = hermes_disable_port(hw, 0);
+ } else {
+ priv->tkip_cm_active = 0;
+ ret = hermes_enable_port(hw, 0);
+ }
+ break;
+
+ case IW_AUTH_80211_AUTH_ALG:
+ if (param->value & IW_AUTH_ALG_SHARED_KEY)
+ priv->wep_restrict = 1;
+ else if (param->value & IW_AUTH_ALG_OPEN_SYSTEM)
+ priv->wep_restrict = 0;
+ else
+ ret = -EINVAL;
+ break;
+
+ case IW_AUTH_WPA_ENABLED:
+ if (priv->has_wpa) {
+ priv->wpa_enabled = param->value ? 1 : 0;
+ } else {
+ if (param->value)
+ ret = -EOPNOTSUPP;
+ /* else silently accept disable of WPA */
+ priv->wpa_enabled = 0;
+ }
+ break;
+
+ default:
+ ret = -EOPNOTSUPP;
+ }
+
+ orinoco_unlock(priv, &flags);
+ return ret;
+}
+
+static int orinoco_ioctl_get_auth(struct net_device *dev,
+ struct iw_request_info *info,
+ union iwreq_data *wrqu, char *extra)
+{
+ struct orinoco_private *priv = ndev_priv(dev);
+ struct iw_param *param = &wrqu->param;
+ unsigned long flags;
+ int ret = 0;
+
+ if (orinoco_lock(priv, &flags) != 0)
+ return -EBUSY;
+
+ switch (param->flags & IW_AUTH_INDEX) {
+ case IW_AUTH_KEY_MGMT:
+ param->value = priv->key_mgmt;
+ break;
+
+ case IW_AUTH_TKIP_COUNTERMEASURES:
+ param->value = priv->tkip_cm_active;
+ break;
+
+ case IW_AUTH_80211_AUTH_ALG:
+ if (priv->wep_restrict)
+ param->value = IW_AUTH_ALG_SHARED_KEY;
+ else
+ param->value = IW_AUTH_ALG_OPEN_SYSTEM;
+ break;
+
+ case IW_AUTH_WPA_ENABLED:
+ param->value = priv->wpa_enabled;
+ break;
+
+ default:
+ ret = -EOPNOTSUPP;
+ }
+
+ orinoco_unlock(priv, &flags);
+ return ret;
+}
+
+static int orinoco_ioctl_set_genie(struct net_device *dev,
+ struct iw_request_info *info,
+ union iwreq_data *wrqu, char *extra)
+{
+ struct orinoco_private *priv = ndev_priv(dev);
+ u8 *buf;
+ unsigned long flags;
+
+ /* cut off at IEEE80211_MAX_DATA_LEN */
+ if ((wrqu->data.length > IEEE80211_MAX_DATA_LEN) ||
+ (wrqu->data.length && (extra == NULL)))
+ return -EINVAL;
+
+ if (wrqu->data.length) {
+ buf = kmemdup(extra, wrqu->data.length, GFP_KERNEL);
+ if (buf == NULL)
+ return -ENOMEM;
+ } else
+ buf = NULL;
+
+ if (orinoco_lock(priv, &flags) != 0) {
+ kfree(buf);
+ return -EBUSY;
+ }
+
+ kfree(priv->wpa_ie);
+ priv->wpa_ie = buf;
+ priv->wpa_ie_len = wrqu->data.length;
+
+ if (priv->wpa_ie) {
+ /* Looks like wl_lkm wants to check the auth alg, and
+ * somehow pass it to the firmware.
+ * Instead it just calls the key mgmt rid
+ * - we do this in set auth.
+ */
+ }
+
+ orinoco_unlock(priv, &flags);
+ return 0;
+}
+
+static int orinoco_ioctl_get_genie(struct net_device *dev,
+ struct iw_request_info *info,
+ union iwreq_data *wrqu, char *extra)
+{
+ struct orinoco_private *priv = ndev_priv(dev);
+ unsigned long flags;
+ int err = 0;
+
+ if (orinoco_lock(priv, &flags) != 0)
+ return -EBUSY;
+
+ if ((priv->wpa_ie_len == 0) || (priv->wpa_ie == NULL)) {
+ wrqu->data.length = 0;
+ goto out;
+ }
+
+ if (wrqu->data.length < priv->wpa_ie_len) {
+ err = -E2BIG;
+ goto out;
+ }
+
+ wrqu->data.length = priv->wpa_ie_len;
+ memcpy(extra, priv->wpa_ie, priv->wpa_ie_len);
+
+out:
+ orinoco_unlock(priv, &flags);
+ return err;
+}
+
+static int orinoco_ioctl_set_mlme(struct net_device *dev,
+ struct iw_request_info *info,
+ union iwreq_data *wrqu, char *extra)
+{
+ struct orinoco_private *priv = ndev_priv(dev);
+ struct iw_mlme *mlme = (struct iw_mlme *)extra;
+ unsigned long flags;
+ int ret = 0;
+
+ if (orinoco_lock(priv, &flags) != 0)
+ return -EBUSY;
+
+ switch (mlme->cmd) {
+ case IW_MLME_DEAUTH:
+ /* silently ignore */
+ break;
+
+ case IW_MLME_DISASSOC:
+
+ ret = orinoco_hw_disassociate(priv, mlme->addr.sa_data,
+ mlme->reason_code);
+ break;
+
+ default:
+ ret = -EOPNOTSUPP;
+ }
+
+ orinoco_unlock(priv, &flags);
+ return ret;
+}
+
+static int orinoco_ioctl_reset(struct net_device *dev,
+ struct iw_request_info *info,
+ void *wrqu,
+ char *extra)
+{
+ struct orinoco_private *priv = ndev_priv(dev);
+
+ if (!capable(CAP_NET_ADMIN))
+ return -EPERM;
+
+ if (info->cmd == (SIOCIWFIRSTPRIV + 0x1)) {
+ printk(KERN_DEBUG "%s: Forcing reset!\n", dev->name);
+
+ /* Firmware reset */
+ orinoco_reset(&priv->reset_work);
+ } else {
+ printk(KERN_DEBUG "%s: Force scheduling reset!\n", dev->name);
+
+ schedule_work(&priv->reset_work);
+ }
+
+ return 0;
+}
+
+static int orinoco_ioctl_setibssport(struct net_device *dev,
+ struct iw_request_info *info,
+ void *wrqu,
+ char *extra)
+
+{
+ struct orinoco_private *priv = ndev_priv(dev);
+ int val = *((int *) extra);
+ unsigned long flags;
+
+ if (orinoco_lock(priv, &flags) != 0)
+ return -EBUSY;
+
+ priv->ibss_port = val;
+
+ /* Actually update the mode we are using */
+ set_port_type(priv);
+
+ orinoco_unlock(priv, &flags);
+ return -EINPROGRESS; /* Call commit handler */
+}
+
+static int orinoco_ioctl_getibssport(struct net_device *dev,
+ struct iw_request_info *info,
+ void *wrqu,
+ char *extra)
+{
+ struct orinoco_private *priv = ndev_priv(dev);
+ int *val = (int *) extra;
+
+ *val = priv->ibss_port;
+ return 0;
+}
+
+static int orinoco_ioctl_setport3(struct net_device *dev,
+ struct iw_request_info *info,
+ void *wrqu,
+ char *extra)
+{
+ struct orinoco_private *priv = ndev_priv(dev);
+ int val = *((int *) extra);
+ int err = 0;
+ unsigned long flags;
+
+ if (orinoco_lock(priv, &flags) != 0)
+ return -EBUSY;
+
+ switch (val) {
+ case 0: /* Try to do IEEE ad-hoc mode */
+ if (!priv->has_ibss) {
+ err = -EINVAL;
+ break;
+ }
+ priv->prefer_port3 = 0;
+
+ break;
+
+ case 1: /* Try to do Lucent proprietary ad-hoc mode */
+ if (!priv->has_port3) {
+ err = -EINVAL;
+ break;
+ }
+ priv->prefer_port3 = 1;
+ break;
+
+ default:
+ err = -EINVAL;
+ }
+
+ if (!err) {
+ /* Actually update the mode we are using */
+ set_port_type(priv);
+ err = -EINPROGRESS;
+ }
+
+ orinoco_unlock(priv, &flags);
+
+ return err;
+}
+
+static int orinoco_ioctl_getport3(struct net_device *dev,
+ struct iw_request_info *info,
+ void *wrqu,
+ char *extra)
+{
+ struct orinoco_private *priv = ndev_priv(dev);
+ int *val = (int *) extra;
+
+ *val = priv->prefer_port3;
+ return 0;
+}
+
+static int orinoco_ioctl_setpreamble(struct net_device *dev,
+ struct iw_request_info *info,
+ void *wrqu,
+ char *extra)
+{
+ struct orinoco_private *priv = ndev_priv(dev);
+ unsigned long flags;
+ int val;
+
+ if (!priv->has_preamble)
+ return -EOPNOTSUPP;
+
+ /* 802.11b has recently defined some short preamble.
+ * Basically, the Phy header has been reduced in size.
+ * This increase performance, especially at high rates
+ * (the preamble is transmitted at 1Mb/s), unfortunately
+ * this give compatibility troubles... - Jean II */
+ val = *((int *) extra);
+
+ if (orinoco_lock(priv, &flags) != 0)
+ return -EBUSY;
+
+ if (val)
+ priv->preamble = 1;
+ else
+ priv->preamble = 0;
+
+ orinoco_unlock(priv, &flags);
+
+ return -EINPROGRESS; /* Call commit handler */
+}
+
+static int orinoco_ioctl_getpreamble(struct net_device *dev,
+ struct iw_request_info *info,
+ void *wrqu,
+ char *extra)
+{
+ struct orinoco_private *priv = ndev_priv(dev);
+ int *val = (int *) extra;
+
+ if (!priv->has_preamble)
+ return -EOPNOTSUPP;
+
+ *val = priv->preamble;
+ return 0;
+}
+
+/* ioctl interface to hermes_read_ltv()
+ * To use with iwpriv, pass the RID as the token argument, e.g.
+ * iwpriv get_rid [0xfc00]
+ * At least Wireless Tools 25 is required to use iwpriv.
+ * For Wireless Tools 25 and 26 append "dummy" are the end. */
+static int orinoco_ioctl_getrid(struct net_device *dev,
+ struct iw_request_info *info,
+ struct iw_point *data,
+ char *extra)
+{
+ struct orinoco_private *priv = ndev_priv(dev);
+ struct hermes *hw = &priv->hw;
+ int rid = data->flags;
+ u16 length;
+ int err;
+ unsigned long flags;
+
+ /* It's a "get" function, but we don't want users to access the
+ * WEP key and other raw firmware data */
+ if (!capable(CAP_NET_ADMIN))
+ return -EPERM;
+
+ if (rid < 0xfc00 || rid > 0xffff)
+ return -EINVAL;
+
+ if (orinoco_lock(priv, &flags) != 0)
+ return -EBUSY;
+
+ err = hw->ops->read_ltv(hw, USER_BAP, rid, MAX_RID_LEN, &length,
+ extra);
+ if (err)
+ goto out;
+
+ data->length = min_t(u16, HERMES_RECLEN_TO_BYTES(length),
+ MAX_RID_LEN);
+
+ out:
+ orinoco_unlock(priv, &flags);
+ return err;
+}
+
+
+/* Commit handler, called after set operations */
+static int orinoco_ioctl_commit(struct net_device *dev,
+ struct iw_request_info *info,
+ void *wrqu,
+ char *extra)
+{
+ struct orinoco_private *priv = ndev_priv(dev);
+ unsigned long flags;
+ int err = 0;
+
+ if (!priv->open)
+ return 0;
+
+ if (orinoco_lock(priv, &flags) != 0)
+ return err;
+
+ err = orinoco_commit(priv);
+
+ orinoco_unlock(priv, &flags);
+ return err;
+}
+
+static const struct iw_priv_args orinoco_privtab[] = {
+ { SIOCIWFIRSTPRIV + 0x0, 0, 0, "force_reset" },
+ { SIOCIWFIRSTPRIV + 0x1, 0, 0, "card_reset" },
+ { SIOCIWFIRSTPRIV + 0x2, IW_PRIV_TYPE_INT | IW_PRIV_SIZE_FIXED | 1,
+ 0, "set_port3" },
+ { SIOCIWFIRSTPRIV + 0x3, 0, IW_PRIV_TYPE_INT | IW_PRIV_SIZE_FIXED | 1,
+ "get_port3" },
+ { SIOCIWFIRSTPRIV + 0x4, IW_PRIV_TYPE_INT | IW_PRIV_SIZE_FIXED | 1,
+ 0, "set_preamble" },
+ { SIOCIWFIRSTPRIV + 0x5, 0, IW_PRIV_TYPE_INT | IW_PRIV_SIZE_FIXED | 1,
+ "get_preamble" },
+ { SIOCIWFIRSTPRIV + 0x6, IW_PRIV_TYPE_INT | IW_PRIV_SIZE_FIXED | 1,
+ 0, "set_ibssport" },
+ { SIOCIWFIRSTPRIV + 0x7, 0, IW_PRIV_TYPE_INT | IW_PRIV_SIZE_FIXED | 1,
+ "get_ibssport" },
+ { SIOCIWFIRSTPRIV + 0x9, 0, IW_PRIV_TYPE_BYTE | MAX_RID_LEN,
+ "get_rid" },
+};
+
+
+/*
+ * Structures to export the Wireless Handlers
+ */
+
+static const iw_handler orinoco_handler[] = {
+ IW_HANDLER(SIOCSIWCOMMIT, (iw_handler)orinoco_ioctl_commit),
+ IW_HANDLER(SIOCGIWNAME, (iw_handler)cfg80211_wext_giwname),
+ IW_HANDLER(SIOCSIWFREQ, (iw_handler)orinoco_ioctl_setfreq),
+ IW_HANDLER(SIOCGIWFREQ, (iw_handler)orinoco_ioctl_getfreq),
+ IW_HANDLER(SIOCSIWMODE, (iw_handler)cfg80211_wext_siwmode),
+ IW_HANDLER(SIOCGIWMODE, (iw_handler)cfg80211_wext_giwmode),
+ IW_HANDLER(SIOCSIWSENS, (iw_handler)orinoco_ioctl_setsens),
+ IW_HANDLER(SIOCGIWSENS, (iw_handler)orinoco_ioctl_getsens),
+ IW_HANDLER(SIOCGIWRANGE, (iw_handler)cfg80211_wext_giwrange),
+ IW_HANDLER(SIOCSIWSPY, iw_handler_set_spy),
+ IW_HANDLER(SIOCGIWSPY, iw_handler_get_spy),
+ IW_HANDLER(SIOCSIWTHRSPY, iw_handler_set_thrspy),
+ IW_HANDLER(SIOCGIWTHRSPY, iw_handler_get_thrspy),
+ IW_HANDLER(SIOCSIWAP, (iw_handler)orinoco_ioctl_setwap),
+ IW_HANDLER(SIOCGIWAP, (iw_handler)orinoco_ioctl_getwap),
+ IW_HANDLER(SIOCSIWSCAN, (iw_handler)cfg80211_wext_siwscan),
+ IW_HANDLER(SIOCGIWSCAN, (iw_handler)cfg80211_wext_giwscan),
+ IW_HANDLER(SIOCSIWESSID, (iw_handler)orinoco_ioctl_setessid),
+ IW_HANDLER(SIOCGIWESSID, (iw_handler)orinoco_ioctl_getessid),
+ IW_HANDLER(SIOCSIWRATE, (iw_handler)orinoco_ioctl_setrate),
+ IW_HANDLER(SIOCGIWRATE, (iw_handler)orinoco_ioctl_getrate),
+ IW_HANDLER(SIOCSIWRTS, (iw_handler)cfg80211_wext_siwrts),
+ IW_HANDLER(SIOCGIWRTS, (iw_handler)cfg80211_wext_giwrts),
+ IW_HANDLER(SIOCSIWFRAG, (iw_handler)cfg80211_wext_siwfrag),
+ IW_HANDLER(SIOCGIWFRAG, (iw_handler)cfg80211_wext_giwfrag),
+ IW_HANDLER(SIOCGIWRETRY, (iw_handler)cfg80211_wext_giwretry),
+ IW_HANDLER(SIOCSIWENCODE, (iw_handler)orinoco_ioctl_setiwencode),
+ IW_HANDLER(SIOCGIWENCODE, (iw_handler)orinoco_ioctl_getiwencode),
+ IW_HANDLER(SIOCSIWPOWER, (iw_handler)orinoco_ioctl_setpower),
+ IW_HANDLER(SIOCGIWPOWER, (iw_handler)orinoco_ioctl_getpower),
+ IW_HANDLER(SIOCSIWGENIE, orinoco_ioctl_set_genie),
+ IW_HANDLER(SIOCGIWGENIE, orinoco_ioctl_get_genie),
+ IW_HANDLER(SIOCSIWMLME, orinoco_ioctl_set_mlme),
+ IW_HANDLER(SIOCSIWAUTH, orinoco_ioctl_set_auth),
+ IW_HANDLER(SIOCGIWAUTH, orinoco_ioctl_get_auth),
+ IW_HANDLER(SIOCSIWENCODEEXT, orinoco_ioctl_set_encodeext),
+ IW_HANDLER(SIOCGIWENCODEEXT, orinoco_ioctl_get_encodeext),
+};
+
+
+/*
+ Added typecasting since we no longer use iwreq_data -- Moustafa
+ */
+static const iw_handler orinoco_private_handler[] = {
+ [0] = (iw_handler)orinoco_ioctl_reset,
+ [1] = (iw_handler)orinoco_ioctl_reset,
+ [2] = (iw_handler)orinoco_ioctl_setport3,
+ [3] = (iw_handler)orinoco_ioctl_getport3,
+ [4] = (iw_handler)orinoco_ioctl_setpreamble,
+ [5] = (iw_handler)orinoco_ioctl_getpreamble,
+ [6] = (iw_handler)orinoco_ioctl_setibssport,
+ [7] = (iw_handler)orinoco_ioctl_getibssport,
+ [9] = (iw_handler)orinoco_ioctl_getrid,
+};
+
+const struct iw_handler_def orinoco_handler_def = {
+ .num_standard = ARRAY_SIZE(orinoco_handler),
+ .num_private = ARRAY_SIZE(orinoco_private_handler),
+ .num_private_args = ARRAY_SIZE(orinoco_privtab),
+ .standard = orinoco_handler,
+ .private = orinoco_private_handler,
+ .private_args = orinoco_privtab,
+ .get_wireless_stats = orinoco_get_wireless_stats,
+};
diff --git a/drivers/net/wireless/intersil/orinoco/wext.h b/drivers/net/wireless/intersil/orinoco/wext.h
new file mode 100644
index 000000000..1479f4e26
--- /dev/null
+++ b/drivers/net/wireless/intersil/orinoco/wext.h
@@ -0,0 +1,13 @@
+/* Wireless extensions support.
+ *
+ * See copyright notice in main.c
+ */
+#ifndef _ORINOCO_WEXT_H_
+#define _ORINOCO_WEXT_H_
+
+#include <net/iw_handler.h>
+
+/* Structure defining all our WEXT handlers */
+extern const struct iw_handler_def orinoco_handler_def;
+
+#endif /* _ORINOCO_WEXT_H_ */
diff --git a/drivers/net/wireless/intersil/p54/Kconfig b/drivers/net/wireless/intersil/p54/Kconfig
new file mode 100644
index 000000000..003c378ed
--- /dev/null
+++ b/drivers/net/wireless/intersil/p54/Kconfig
@@ -0,0 +1,72 @@
+# SPDX-License-Identifier: GPL-2.0-only
+config P54_COMMON
+ tristate "Softmac Prism54 support"
+ depends on MAC80211
+ select FW_LOADER
+ select CRC_CCITT
+ help
+ This is common code for isl38xx/stlc45xx based modules.
+ This module does nothing by itself - the USB/PCI/SPI front-ends
+ also need to be enabled in order to support any devices.
+
+ These devices require softmac firmware which can be found at
+ <http://wireless.wiki.kernel.org/en/users/Drivers/p54>
+
+ If you choose to build a module, it'll be called p54common.
+
+config P54_USB
+ tristate "Prism54 USB support"
+ depends on P54_COMMON && USB
+ select CRC32
+ help
+ This driver is for USB isl38xx based wireless cards.
+
+ These devices require softmac firmware which can be found at
+ <http://wireless.wiki.kernel.org/en/users/Drivers/p54>
+
+ If you choose to build a module, it'll be called p54usb.
+
+config P54_PCI
+ tristate "Prism54 PCI support"
+ depends on P54_COMMON && PCI
+ help
+ This driver is for PCI isl38xx based wireless cards.
+ This driver supports most devices that are supported by the
+ fullmac prism54 driver plus many devices which are not
+ supported by the fullmac driver/firmware.
+
+ This driver requires softmac firmware which can be found at
+ <http://wireless.wiki.kernel.org/en/users/Drivers/p54>
+
+ If you choose to build a module, it'll be called p54pci.
+
+config P54_SPI
+ tristate "Prism54 SPI (stlc45xx) support"
+ depends on P54_COMMON && SPI_MASTER
+ help
+ This driver is for stlc4550 or stlc4560 based wireless chips
+ such as Nokia's N800/N810 Portable Internet Tablet.
+
+ If you choose to build a module, it'll be called p54spi.
+
+config P54_SPI_DEFAULT_EEPROM
+ bool "Include fallback EEPROM blob"
+ depends on P54_SPI
+ default n
+ help
+ Unlike the PCI or USB devices, the SPI variants don't have
+ a dedicated EEPROM chip to store all device specific values
+ for calibration, country and interface settings.
+
+ The driver will try to load the image "3826.eeprom", if the
+ file is put at the right place. (usually /lib/firmware.)
+
+ Only if this request fails, this option will provide a
+ backup set of generic values to get the device working.
+
+ Enabling this option adds about 4k to p54spi.
+
+config P54_LEDS
+ bool
+ depends on P54_COMMON && MAC80211_LEDS && (LEDS_CLASS = y || LEDS_CLASS = P54_COMMON)
+ default y
diff --git a/drivers/net/wireless/intersil/p54/Makefile b/drivers/net/wireless/intersil/p54/Makefile
new file mode 100644
index 000000000..d71651ff9
--- /dev/null
+++ b/drivers/net/wireless/intersil/p54/Makefile
@@ -0,0 +1,8 @@
+# SPDX-License-Identifier: GPL-2.0
+p54common-objs := eeprom.o fwio.o txrx.o main.o
+p54common-$(CONFIG_P54_LEDS) += led.o
+
+obj-$(CONFIG_P54_COMMON) += p54common.o
+obj-$(CONFIG_P54_USB) += p54usb.o
+obj-$(CONFIG_P54_PCI) += p54pci.o
+obj-$(CONFIG_P54_SPI) += p54spi.o
diff --git a/drivers/net/wireless/intersil/p54/eeprom.c b/drivers/net/wireless/intersil/p54/eeprom.c
new file mode 100644
index 000000000..5bd35c147
--- /dev/null
+++ b/drivers/net/wireless/intersil/p54/eeprom.c
@@ -0,0 +1,981 @@
+// SPDX-License-Identifier: GPL-2.0-only
+/*
+ * EEPROM parser code for mac80211 Prism54 drivers
+ *
+ * Copyright (c) 2006, Michael Wu <flamingice@sourmilk.net>
+ * Copyright (c) 2007-2009, Christian Lamparter <chunkeey@web.de>
+ * Copyright 2008, Johannes Berg <johannes@sipsolutions.net>
+ *
+ * Based on:
+ * - the islsm (softmac prism54) driver, which is:
+ * Copyright 2004-2006 Jean-Baptiste Note <jbnote@gmail.com>, et al.
+ * - stlc45xx driver
+ * Copyright (C) 2008 Nokia Corporation and/or its subsidiary(-ies).
+ */
+
+#include <linux/firmware.h>
+#include <linux/etherdevice.h>
+#include <linux/sort.h>
+#include <linux/slab.h>
+
+#include <net/mac80211.h>
+#include <linux/crc-ccitt.h>
+#include <linux/export.h>
+
+#include "p54.h"
+#include "eeprom.h"
+#include "lmac.h"
+
+static struct ieee80211_rate p54_bgrates[] = {
+ { .bitrate = 10, .hw_value = 0, },
+ { .bitrate = 20, .hw_value = 1, .flags = IEEE80211_RATE_SHORT_PREAMBLE },
+ { .bitrate = 55, .hw_value = 2, .flags = IEEE80211_RATE_SHORT_PREAMBLE },
+ { .bitrate = 110, .hw_value = 3, .flags = IEEE80211_RATE_SHORT_PREAMBLE },
+ { .bitrate = 60, .hw_value = 4, },
+ { .bitrate = 90, .hw_value = 5, },
+ { .bitrate = 120, .hw_value = 6, },
+ { .bitrate = 180, .hw_value = 7, },
+ { .bitrate = 240, .hw_value = 8, },
+ { .bitrate = 360, .hw_value = 9, },
+ { .bitrate = 480, .hw_value = 10, },
+ { .bitrate = 540, .hw_value = 11, },
+};
+
+static struct ieee80211_rate p54_arates[] = {
+ { .bitrate = 60, .hw_value = 4, },
+ { .bitrate = 90, .hw_value = 5, },
+ { .bitrate = 120, .hw_value = 6, },
+ { .bitrate = 180, .hw_value = 7, },
+ { .bitrate = 240, .hw_value = 8, },
+ { .bitrate = 360, .hw_value = 9, },
+ { .bitrate = 480, .hw_value = 10, },
+ { .bitrate = 540, .hw_value = 11, },
+};
+
+static struct p54_rssi_db_entry p54_rssi_default = {
+ /*
+ * The defaults are taken from usb-logs of the
+ * vendor driver. So, they should be safe to
+ * use in case we can't get a match from the
+ * rssi <-> dBm conversion database.
+ */
+ .mul = 130,
+ .add = -398,
+};
+
+#define CHAN_HAS_CAL BIT(0)
+#define CHAN_HAS_LIMIT BIT(1)
+#define CHAN_HAS_CURVE BIT(2)
+#define CHAN_HAS_ALL (CHAN_HAS_CAL | CHAN_HAS_LIMIT | CHAN_HAS_CURVE)
+
+struct p54_channel_entry {
+ u16 freq;
+ u16 data;
+ int index;
+ int max_power;
+ enum nl80211_band band;
+};
+
+struct p54_channel_list {
+ struct p54_channel_entry *channels;
+ size_t entries;
+ size_t max_entries;
+ size_t band_channel_num[NUM_NL80211_BANDS];
+};
+
+static int p54_get_band_from_freq(u16 freq)
+{
+ /* FIXME: sync these values with the 802.11 spec */
+
+ if ((freq >= 2412) && (freq <= 2484))
+ return NL80211_BAND_2GHZ;
+
+ if ((freq >= 4920) && (freq <= 5825))
+ return NL80211_BAND_5GHZ;
+
+ return -1;
+}
+
+static int same_band(u16 freq, u16 freq2)
+{
+ return p54_get_band_from_freq(freq) == p54_get_band_from_freq(freq2);
+}
+
+static int p54_compare_channels(const void *_a,
+ const void *_b)
+{
+ const struct p54_channel_entry *a = _a;
+ const struct p54_channel_entry *b = _b;
+
+ return a->freq - b->freq;
+}
+
+static int p54_compare_rssichan(const void *_a,
+ const void *_b)
+{
+ const struct p54_rssi_db_entry *a = _a;
+ const struct p54_rssi_db_entry *b = _b;
+
+ return a->freq - b->freq;
+}
+
+static int p54_fill_band_bitrates(struct ieee80211_hw *dev,
+ struct ieee80211_supported_band *band_entry,
+ enum nl80211_band band)
+{
+ /* TODO: generate rate array dynamically */
+
+ switch (band) {
+ case NL80211_BAND_2GHZ:
+ band_entry->bitrates = p54_bgrates;
+ band_entry->n_bitrates = ARRAY_SIZE(p54_bgrates);
+ break;
+ case NL80211_BAND_5GHZ:
+ band_entry->bitrates = p54_arates;
+ band_entry->n_bitrates = ARRAY_SIZE(p54_arates);
+ break;
+ default:
+ return -EINVAL;
+ }
+
+ return 0;
+}
+
+static int p54_generate_band(struct ieee80211_hw *dev,
+ struct p54_channel_list *list,
+ unsigned int *chan_num,
+ enum nl80211_band band)
+{
+ struct p54_common *priv = dev->priv;
+ struct ieee80211_supported_band *tmp, *old;
+ unsigned int i, j;
+ int ret = -ENOMEM;
+
+ if ((!list->entries) || (!list->band_channel_num[band]))
+ return -EINVAL;
+
+ tmp = kzalloc(sizeof(*tmp), GFP_KERNEL);
+ if (!tmp)
+ goto err_out;
+
+ tmp->channels = kcalloc(list->band_channel_num[band],
+ sizeof(struct ieee80211_channel),
+ GFP_KERNEL);
+ if (!tmp->channels)
+ goto err_out;
+
+ ret = p54_fill_band_bitrates(dev, tmp, band);
+ if (ret)
+ goto err_out;
+
+ for (i = 0, j = 0; (j < list->band_channel_num[band]) &&
+ (i < list->entries); i++) {
+ struct p54_channel_entry *chan = &list->channels[i];
+ struct ieee80211_channel *dest = &tmp->channels[j];
+
+ if (chan->band != band)
+ continue;
+
+ if (chan->data != CHAN_HAS_ALL) {
+ wiphy_err(dev->wiphy, "%s%s%s is/are missing for "
+ "channel:%d [%d MHz].\n",
+ (chan->data & CHAN_HAS_CAL ? "" :
+ " [iqauto calibration data]"),
+ (chan->data & CHAN_HAS_LIMIT ? "" :
+ " [output power limits]"),
+ (chan->data & CHAN_HAS_CURVE ? "" :
+ " [curve data]"),
+ chan->index, chan->freq);
+ continue;
+ }
+
+ dest->band = chan->band;
+ dest->center_freq = chan->freq;
+ dest->max_power = chan->max_power;
+ priv->survey[*chan_num].channel = &tmp->channels[j];
+ priv->survey[*chan_num].filled = SURVEY_INFO_NOISE_DBM |
+ SURVEY_INFO_TIME |
+ SURVEY_INFO_TIME_BUSY |
+ SURVEY_INFO_TIME_TX;
+ dest->hw_value = (*chan_num);
+ j++;
+ (*chan_num)++;
+ }
+
+ if (j == 0) {
+ wiphy_err(dev->wiphy, "Disabling totally damaged %d GHz band\n",
+ (band == NL80211_BAND_2GHZ) ? 2 : 5);
+
+ ret = -ENODATA;
+ goto err_out;
+ }
+
+ tmp->n_channels = j;
+ old = priv->band_table[band];
+ priv->band_table[band] = tmp;
+ if (old) {
+ kfree(old->channels);
+ kfree(old);
+ }
+
+ return 0;
+
+err_out:
+ if (tmp) {
+ kfree(tmp->channels);
+ kfree(tmp);
+ }
+
+ return ret;
+}
+
+static struct p54_channel_entry *p54_update_channel_param(struct p54_channel_list *list,
+ u16 freq, u16 data)
+{
+ int i;
+ struct p54_channel_entry *entry = NULL;
+
+ /*
+ * usually all lists in the eeprom are mostly sorted.
+ * so it's very likely that the entry we are looking for
+ * is right at the end of the list
+ */
+ for (i = list->entries; i >= 0; i--) {
+ if (freq == list->channels[i].freq) {
+ entry = &list->channels[i];
+ break;
+ }
+ }
+
+ if ((i < 0) && (list->entries < list->max_entries)) {
+ /* entry does not exist yet. Initialize a new one. */
+ int band = p54_get_band_from_freq(freq);
+
+ /*
+ * filter out frequencies which don't belong into
+ * any supported band.
+ */
+ if (band >= 0) {
+ i = list->entries++;
+ list->band_channel_num[band]++;
+
+ entry = &list->channels[i];
+ entry->freq = freq;
+ entry->band = band;
+ entry->index = ieee80211_frequency_to_channel(freq);
+ entry->max_power = 0;
+ entry->data = 0;
+ }
+ }
+
+ if (entry)
+ entry->data |= data;
+
+ return entry;
+}
+
+static int p54_get_maxpower(struct p54_common *priv, void *data)
+{
+ switch (priv->rxhw & PDR_SYNTH_FRONTEND_MASK) {
+ case PDR_SYNTH_FRONTEND_LONGBOW: {
+ struct pda_channel_output_limit_longbow *pda = data;
+ int j;
+ u16 rawpower = 0;
+ pda = data;
+ for (j = 0; j < ARRAY_SIZE(pda->point); j++) {
+ struct pda_channel_output_limit_point_longbow *point =
+ &pda->point[j];
+ rawpower = max_t(u16,
+ rawpower, le16_to_cpu(point->val_qpsk));
+ rawpower = max_t(u16,
+ rawpower, le16_to_cpu(point->val_bpsk));
+ rawpower = max_t(u16,
+ rawpower, le16_to_cpu(point->val_16qam));
+ rawpower = max_t(u16,
+ rawpower, le16_to_cpu(point->val_64qam));
+ }
+ /* longbow seems to use 1/16 dBm units */
+ return rawpower / 16;
+ }
+
+ case PDR_SYNTH_FRONTEND_DUETTE3:
+ case PDR_SYNTH_FRONTEND_DUETTE2:
+ case PDR_SYNTH_FRONTEND_FRISBEE:
+ case PDR_SYNTH_FRONTEND_XBOW: {
+ struct pda_channel_output_limit *pda = data;
+ u8 rawpower = 0;
+ rawpower = max(rawpower, pda->val_qpsk);
+ rawpower = max(rawpower, pda->val_bpsk);
+ rawpower = max(rawpower, pda->val_16qam);
+ rawpower = max(rawpower, pda->val_64qam);
+ /* raw values are in 1/4 dBm units */
+ return rawpower / 4;
+ }
+
+ default:
+ return 20;
+ }
+}
+
+static int p54_generate_channel_lists(struct ieee80211_hw *dev)
+{
+ struct p54_common *priv = dev->priv;
+ struct p54_channel_list *list;
+ unsigned int i, j, k, max_channel_num;
+ int ret = 0;
+ u16 freq;
+
+ if ((priv->iq_autocal_len != priv->curve_data->entries) ||
+ (priv->iq_autocal_len != priv->output_limit->entries))
+ wiphy_err(dev->wiphy,
+ "Unsupported or damaged EEPROM detected. "
+ "You may not be able to use all channels.\n");
+
+ max_channel_num = max_t(unsigned int, priv->output_limit->entries,
+ priv->iq_autocal_len);
+ max_channel_num = max_t(unsigned int, max_channel_num,
+ priv->curve_data->entries);
+
+ list = kzalloc(sizeof(*list), GFP_KERNEL);
+ if (!list) {
+ ret = -ENOMEM;
+ goto free;
+ }
+ priv->chan_num = max_channel_num;
+ priv->survey = kcalloc(max_channel_num, sizeof(struct survey_info),
+ GFP_KERNEL);
+ if (!priv->survey) {
+ ret = -ENOMEM;
+ goto free;
+ }
+
+ list->max_entries = max_channel_num;
+ list->channels = kcalloc(max_channel_num,
+ sizeof(struct p54_channel_entry),
+ GFP_KERNEL);
+ if (!list->channels) {
+ ret = -ENOMEM;
+ goto free;
+ }
+
+ for (i = 0; i < max_channel_num; i++) {
+ if (i < priv->iq_autocal_len) {
+ freq = le16_to_cpu(priv->iq_autocal[i].freq);
+ p54_update_channel_param(list, freq, CHAN_HAS_CAL);
+ }
+
+ if (i < priv->output_limit->entries) {
+ struct p54_channel_entry *tmp;
+
+ void *data = (void *) ((unsigned long) i *
+ priv->output_limit->entry_size +
+ priv->output_limit->offset +
+ priv->output_limit->data);
+
+ freq = le16_to_cpup((__le16 *) data);
+ tmp = p54_update_channel_param(list, freq,
+ CHAN_HAS_LIMIT);
+ if (tmp) {
+ tmp->max_power = p54_get_maxpower(priv, data);
+ }
+ }
+
+ if (i < priv->curve_data->entries) {
+ freq = le16_to_cpup((__le16 *) (i *
+ priv->curve_data->entry_size +
+ priv->curve_data->offset +
+ priv->curve_data->data));
+
+ p54_update_channel_param(list, freq, CHAN_HAS_CURVE);
+ }
+ }
+
+ /* sort the channel list by frequency */
+ sort(list->channels, list->entries, sizeof(struct p54_channel_entry),
+ p54_compare_channels, NULL);
+
+ k = 0;
+ for (i = 0, j = 0; i < NUM_NL80211_BANDS; i++) {
+ if (p54_generate_band(dev, list, &k, i) == 0)
+ j++;
+ }
+ if (j == 0) {
+ /* no useable band available. */
+ ret = -EINVAL;
+ }
+
+free:
+ if (list) {
+ kfree(list->channels);
+ kfree(list);
+ }
+ if (ret) {
+ kfree(priv->survey);
+ priv->survey = NULL;
+ }
+
+ return ret;
+}
+
+static int p54_convert_rev0(struct ieee80211_hw *dev,
+ struct pda_pa_curve_data *curve_data)
+{
+ struct p54_common *priv = dev->priv;
+ struct p54_pa_curve_data_sample *dst;
+ struct pda_pa_curve_data_sample_rev0 *src;
+ size_t cd_len = sizeof(*curve_data) +
+ (curve_data->points_per_channel*sizeof(*dst) + 2) *
+ curve_data->channels;
+ unsigned int i, j;
+ void *source, *target;
+
+ priv->curve_data = kmalloc(sizeof(*priv->curve_data) + cd_len,
+ GFP_KERNEL);
+ if (!priv->curve_data)
+ return -ENOMEM;
+
+ priv->curve_data->entries = curve_data->channels;
+ priv->curve_data->entry_size = sizeof(__le16) +
+ sizeof(*dst) * curve_data->points_per_channel;
+ priv->curve_data->offset = offsetof(struct pda_pa_curve_data, data);
+ priv->curve_data->len = cd_len;
+ memcpy(priv->curve_data->data, curve_data, sizeof(*curve_data));
+ source = curve_data->data;
+ target = ((struct pda_pa_curve_data *) priv->curve_data->data)->data;
+ for (i = 0; i < curve_data->channels; i++) {
+ __le16 *freq = source;
+ source += sizeof(__le16);
+ *((__le16 *)target) = *freq;
+ target += sizeof(__le16);
+ for (j = 0; j < curve_data->points_per_channel; j++) {
+ dst = target;
+ src = source;
+
+ dst->rf_power = src->rf_power;
+ dst->pa_detector = src->pa_detector;
+ dst->data_64qam = src->pcv;
+ /* "invent" the points for the other modulations */
+#define SUB(x, y) (u8)(((x) - (y)) > (x) ? 0 : (x) - (y))
+ dst->data_16qam = SUB(src->pcv, 12);
+ dst->data_qpsk = SUB(dst->data_16qam, 12);
+ dst->data_bpsk = SUB(dst->data_qpsk, 12);
+ dst->data_barker = SUB(dst->data_bpsk, 14);
+#undef SUB
+ target += sizeof(*dst);
+ source += sizeof(*src);
+ }
+ }
+
+ return 0;
+}
+
+static int p54_convert_rev1(struct ieee80211_hw *dev,
+ struct pda_pa_curve_data *curve_data)
+{
+ struct p54_common *priv = dev->priv;
+ struct p54_pa_curve_data_sample *dst;
+ struct pda_pa_curve_data_sample_rev1 *src;
+ size_t cd_len = sizeof(*curve_data) +
+ (curve_data->points_per_channel*sizeof(*dst) + 2) *
+ curve_data->channels;
+ unsigned int i, j;
+ void *source, *target;
+
+ priv->curve_data = kzalloc(cd_len + sizeof(*priv->curve_data),
+ GFP_KERNEL);
+ if (!priv->curve_data)
+ return -ENOMEM;
+
+ priv->curve_data->entries = curve_data->channels;
+ priv->curve_data->entry_size = sizeof(__le16) +
+ sizeof(*dst) * curve_data->points_per_channel;
+ priv->curve_data->offset = offsetof(struct pda_pa_curve_data, data);
+ priv->curve_data->len = cd_len;
+ memcpy(priv->curve_data->data, curve_data, sizeof(*curve_data));
+ source = curve_data->data;
+ target = ((struct pda_pa_curve_data *) priv->curve_data->data)->data;
+ for (i = 0; i < curve_data->channels; i++) {
+ __le16 *freq = source;
+ source += sizeof(__le16);
+ *((__le16 *)target) = *freq;
+ target += sizeof(__le16);
+ for (j = 0; j < curve_data->points_per_channel; j++) {
+ memcpy(target, source, sizeof(*src));
+
+ target += sizeof(*dst);
+ source += sizeof(*src);
+ }
+ source++;
+ }
+
+ return 0;
+}
+
+static const char *p54_rf_chips[] = { "INVALID-0", "Duette3", "Duette2",
+ "Frisbee", "Xbow", "Longbow", "INVALID-6", "INVALID-7" };
+
+static int p54_parse_rssical(struct ieee80211_hw *dev,
+ u8 *data, int len, u16 type)
+{
+ struct p54_common *priv = dev->priv;
+ struct p54_rssi_db_entry *entry;
+ size_t db_len, entries;
+ int offset = 0, i;
+
+ if (type != PDR_RSSI_LINEAR_APPROXIMATION_EXTENDED) {
+ entries = (type == PDR_RSSI_LINEAR_APPROXIMATION) ? 1 : 2;
+ if (len != sizeof(struct pda_rssi_cal_entry) * entries) {
+ wiphy_err(dev->wiphy, "rssical size mismatch.\n");
+ goto err_data;
+ }
+ } else {
+ /*
+ * Some devices (Dell 1450 USB, Xbow 5GHz card, etc...)
+ * have an empty two byte header.
+ */
+ if (*((__le16 *)&data[offset]) == cpu_to_le16(0))
+ offset += 2;
+
+ entries = (len - offset) /
+ sizeof(struct pda_rssi_cal_ext_entry);
+
+ if (len < offset ||
+ (len - offset) % sizeof(struct pda_rssi_cal_ext_entry) ||
+ entries == 0) {
+ wiphy_err(dev->wiphy, "invalid rssi database.\n");
+ goto err_data;
+ }
+ }
+
+ db_len = sizeof(*entry) * entries;
+ priv->rssi_db = kzalloc(db_len + sizeof(*priv->rssi_db), GFP_KERNEL);
+ if (!priv->rssi_db)
+ return -ENOMEM;
+
+ priv->rssi_db->offset = 0;
+ priv->rssi_db->entries = entries;
+ priv->rssi_db->entry_size = sizeof(*entry);
+ priv->rssi_db->len = db_len;
+
+ entry = (void *)((unsigned long)priv->rssi_db->data + priv->rssi_db->offset);
+ if (type == PDR_RSSI_LINEAR_APPROXIMATION_EXTENDED) {
+ struct pda_rssi_cal_ext_entry *cal = (void *) &data[offset];
+
+ for (i = 0; i < entries; i++) {
+ entry[i].freq = le16_to_cpu(cal[i].freq);
+ entry[i].mul = (s16) le16_to_cpu(cal[i].mul);
+ entry[i].add = (s16) le16_to_cpu(cal[i].add);
+ }
+ } else {
+ struct pda_rssi_cal_entry *cal = (void *) &data[offset];
+
+ for (i = 0; i < entries; i++) {
+ u16 freq = 0;
+ switch (i) {
+ case NL80211_BAND_2GHZ:
+ freq = 2437;
+ break;
+ case NL80211_BAND_5GHZ:
+ freq = 5240;
+ break;
+ }
+
+ entry[i].freq = freq;
+ entry[i].mul = (s16) le16_to_cpu(cal[i].mul);
+ entry[i].add = (s16) le16_to_cpu(cal[i].add);
+ }
+ }
+
+ /* sort the list by channel frequency */
+ sort(entry, entries, sizeof(*entry), p54_compare_rssichan, NULL);
+ return 0;
+
+err_data:
+ wiphy_err(dev->wiphy,
+ "rssi calibration data packing type:(%x) len:%d.\n",
+ type, len);
+
+ print_hex_dump_bytes("rssical:", DUMP_PREFIX_NONE, data, len);
+
+ wiphy_err(dev->wiphy, "please report this issue.\n");
+ return -EINVAL;
+}
+
+struct p54_rssi_db_entry *p54_rssi_find(struct p54_common *priv, const u16 freq)
+{
+ struct p54_rssi_db_entry *entry;
+ int i, found = -1;
+
+ if (!priv->rssi_db)
+ return &p54_rssi_default;
+
+ entry = (void *)(priv->rssi_db->data + priv->rssi_db->offset);
+ for (i = 0; i < priv->rssi_db->entries; i++) {
+ if (!same_band(freq, entry[i].freq))
+ continue;
+
+ if (found == -1) {
+ found = i;
+ continue;
+ }
+
+ /* nearest match */
+ if (abs(freq - entry[i].freq) <
+ abs(freq - entry[found].freq)) {
+ found = i;
+ continue;
+ } else {
+ break;
+ }
+ }
+
+ return found < 0 ? &p54_rssi_default : &entry[found];
+}
+
+static void p54_parse_default_country(struct ieee80211_hw *dev,
+ void *data, int len)
+{
+ struct pda_country *country;
+
+ if (len != sizeof(*country)) {
+ wiphy_err(dev->wiphy,
+ "found possible invalid default country eeprom entry. (entry size: %d)\n",
+ len);
+
+ print_hex_dump_bytes("country:", DUMP_PREFIX_NONE,
+ data, len);
+
+ wiphy_err(dev->wiphy, "please report this issue.\n");
+ return;
+ }
+
+ country = (struct pda_country *) data;
+ if (country->flags == PDR_COUNTRY_CERT_CODE_PSEUDO)
+ regulatory_hint(dev->wiphy, country->alpha2);
+ else {
+ /* TODO:
+ * write a shared/common function that converts
+ * "Regulatory domain codes" (802.11-2007 14.8.2.2)
+ * into ISO/IEC 3166-1 alpha2 for regulatory_hint.
+ */
+ }
+}
+
+static int p54_convert_output_limits(struct ieee80211_hw *dev,
+ u8 *data, size_t len)
+{
+ struct p54_common *priv = dev->priv;
+
+ if (len < 2)
+ return -EINVAL;
+
+ if (data[0] != 0) {
+ wiphy_err(dev->wiphy, "unknown output power db revision:%x\n",
+ data[0]);
+ return -EINVAL;
+ }
+
+ if (2 + data[1] * sizeof(struct pda_channel_output_limit) > len)
+ return -EINVAL;
+
+ priv->output_limit = kmalloc(data[1] *
+ sizeof(struct pda_channel_output_limit) +
+ sizeof(*priv->output_limit), GFP_KERNEL);
+
+ if (!priv->output_limit)
+ return -ENOMEM;
+
+ priv->output_limit->offset = 0;
+ priv->output_limit->entries = data[1];
+ priv->output_limit->entry_size =
+ sizeof(struct pda_channel_output_limit);
+ priv->output_limit->len = priv->output_limit->entry_size *
+ priv->output_limit->entries +
+ priv->output_limit->offset;
+
+ memcpy(priv->output_limit->data, &data[2],
+ data[1] * sizeof(struct pda_channel_output_limit));
+
+ return 0;
+}
+
+static struct p54_cal_database *p54_convert_db(struct pda_custom_wrapper *src,
+ size_t total_len)
+{
+ struct p54_cal_database *dst;
+ size_t payload_len, entries, entry_size, offset;
+
+ payload_len = le16_to_cpu(src->len);
+ entries = le16_to_cpu(src->entries);
+ entry_size = le16_to_cpu(src->entry_size);
+ offset = le16_to_cpu(src->offset);
+ if (((entries * entry_size + offset) != payload_len) ||
+ (payload_len + sizeof(*src) != total_len))
+ return NULL;
+
+ dst = kmalloc(sizeof(*dst) + payload_len, GFP_KERNEL);
+ if (!dst)
+ return NULL;
+
+ dst->entries = entries;
+ dst->entry_size = entry_size;
+ dst->offset = offset;
+ dst->len = payload_len;
+
+ memcpy(dst->data, src->data, payload_len);
+ return dst;
+}
+
+int p54_parse_eeprom(struct ieee80211_hw *dev, void *eeprom, int len)
+{
+ struct p54_common *priv = dev->priv;
+ struct eeprom_pda_wrap *wrap;
+ struct pda_entry *entry;
+ unsigned int data_len, entry_len;
+ void *tmp;
+ int err;
+ u8 *end = (u8 *)eeprom + len;
+ u16 synth = 0;
+ u16 crc16 = ~0;
+
+ wrap = (struct eeprom_pda_wrap *) eeprom;
+ entry = (void *)wrap->data + le16_to_cpu(wrap->len);
+
+ /* verify that at least the entry length/code fits */
+ while ((u8 *)entry <= end - sizeof(*entry)) {
+ entry_len = le16_to_cpu(entry->len);
+ data_len = ((entry_len - 1) << 1);
+
+ /* abort if entry exceeds whole structure */
+ if ((u8 *)entry + sizeof(*entry) + data_len > end)
+ break;
+
+ switch (le16_to_cpu(entry->code)) {
+ case PDR_MAC_ADDRESS:
+ if (data_len != ETH_ALEN)
+ break;
+ SET_IEEE80211_PERM_ADDR(dev, entry->data);
+ break;
+ case PDR_PRISM_PA_CAL_OUTPUT_POWER_LIMITS:
+ if (priv->output_limit)
+ break;
+ err = p54_convert_output_limits(dev, entry->data,
+ data_len);
+ if (err)
+ goto err;
+ break;
+ case PDR_PRISM_PA_CAL_CURVE_DATA: {
+ struct pda_pa_curve_data *curve_data =
+ (struct pda_pa_curve_data *)entry->data;
+ if (data_len < sizeof(*curve_data)) {
+ err = -EINVAL;
+ goto err;
+ }
+
+ switch (curve_data->cal_method_rev) {
+ case 0:
+ err = p54_convert_rev0(dev, curve_data);
+ break;
+ case 1:
+ err = p54_convert_rev1(dev, curve_data);
+ break;
+ default:
+ wiphy_err(dev->wiphy,
+ "unknown curve data revision %d\n",
+ curve_data->cal_method_rev);
+ err = -ENODEV;
+ break;
+ }
+ if (err)
+ goto err;
+ }
+ break;
+ case PDR_PRISM_ZIF_TX_IQ_CALIBRATION:
+ priv->iq_autocal = kmemdup(entry->data, data_len,
+ GFP_KERNEL);
+ if (!priv->iq_autocal) {
+ err = -ENOMEM;
+ goto err;
+ }
+
+ priv->iq_autocal_len = data_len / sizeof(struct pda_iq_autocal_entry);
+ break;
+ case PDR_DEFAULT_COUNTRY:
+ p54_parse_default_country(dev, entry->data, data_len);
+ break;
+ case PDR_INTERFACE_LIST:
+ tmp = entry->data;
+ while ((u8 *)tmp < entry->data + data_len) {
+ struct exp_if *exp_if = tmp;
+ if (exp_if->if_id == cpu_to_le16(IF_ID_ISL39000))
+ synth = le16_to_cpu(exp_if->variant);
+ tmp += sizeof(*exp_if);
+ }
+ break;
+ case PDR_HARDWARE_PLATFORM_COMPONENT_ID:
+ if (data_len < 2)
+ break;
+ priv->version = *(u8 *)(entry->data + 1);
+ break;
+ case PDR_RSSI_LINEAR_APPROXIMATION:
+ case PDR_RSSI_LINEAR_APPROXIMATION_DUAL_BAND:
+ case PDR_RSSI_LINEAR_APPROXIMATION_EXTENDED:
+ err = p54_parse_rssical(dev, entry->data, data_len,
+ le16_to_cpu(entry->code));
+ if (err)
+ goto err;
+ break;
+ case PDR_RSSI_LINEAR_APPROXIMATION_CUSTOMV2: {
+ struct pda_custom_wrapper *pda = (void *) entry->data;
+ __le16 *src;
+ u16 *dst;
+ int i;
+
+ if (priv->rssi_db || data_len < sizeof(*pda))
+ break;
+
+ priv->rssi_db = p54_convert_db(pda, data_len);
+ if (!priv->rssi_db)
+ break;
+
+ src = (void *) priv->rssi_db->data;
+ dst = (void *) priv->rssi_db->data;
+
+ for (i = 0; i < priv->rssi_db->entries; i++)
+ *(dst++) = (s16) le16_to_cpu(*(src++));
+
+ }
+ break;
+ case PDR_PRISM_PA_CAL_OUTPUT_POWER_LIMITS_CUSTOM: {
+ struct pda_custom_wrapper *pda = (void *) entry->data;
+ if (priv->output_limit || data_len < sizeof(*pda))
+ break;
+ priv->output_limit = p54_convert_db(pda, data_len);
+ }
+ break;
+ case PDR_PRISM_PA_CAL_CURVE_DATA_CUSTOM: {
+ struct pda_custom_wrapper *pda = (void *) entry->data;
+ if (priv->curve_data || data_len < sizeof(*pda))
+ break;
+ priv->curve_data = p54_convert_db(pda, data_len);
+ }
+ break;
+ case PDR_END:
+ crc16 = ~crc_ccitt(crc16, (u8 *) entry, sizeof(*entry));
+ if (crc16 != le16_to_cpup((__le16 *)entry->data)) {
+ wiphy_err(dev->wiphy, "eeprom failed checksum "
+ "test!\n");
+ err = -ENOMSG;
+ goto err;
+ } else {
+ goto good_eeprom;
+ }
+ break;
+ default:
+ break;
+ }
+
+ crc16 = crc_ccitt(crc16, (u8 *)entry, (entry_len + 1) * 2);
+ entry = (void *)entry + (entry_len + 1) * 2;
+ }
+
+ wiphy_err(dev->wiphy, "unexpected end of eeprom data.\n");
+ err = -ENODATA;
+ goto err;
+
+good_eeprom:
+ if (!synth || !priv->iq_autocal || !priv->output_limit ||
+ !priv->curve_data) {
+ wiphy_err(dev->wiphy,
+ "not all required entries found in eeprom!\n");
+ err = -EINVAL;
+ goto err;
+ }
+
+ priv->rxhw = synth & PDR_SYNTH_FRONTEND_MASK;
+
+ err = p54_generate_channel_lists(dev);
+ if (err)
+ goto err;
+
+ if (priv->rxhw == PDR_SYNTH_FRONTEND_XBOW)
+ p54_init_xbow_synth(priv);
+ if (!(synth & PDR_SYNTH_24_GHZ_DISABLED))
+ dev->wiphy->bands[NL80211_BAND_2GHZ] =
+ priv->band_table[NL80211_BAND_2GHZ];
+ if (!(synth & PDR_SYNTH_5_GHZ_DISABLED))
+ dev->wiphy->bands[NL80211_BAND_5GHZ] =
+ priv->band_table[NL80211_BAND_5GHZ];
+ if ((synth & PDR_SYNTH_RX_DIV_MASK) == PDR_SYNTH_RX_DIV_SUPPORTED)
+ priv->rx_diversity_mask = 3;
+ if ((synth & PDR_SYNTH_TX_DIV_MASK) == PDR_SYNTH_TX_DIV_SUPPORTED)
+ priv->tx_diversity_mask = 3;
+
+ if (!is_valid_ether_addr(dev->wiphy->perm_addr)) {
+ u8 perm_addr[ETH_ALEN];
+
+ wiphy_warn(dev->wiphy,
+ "Invalid hwaddr! Using randomly generated MAC addr\n");
+ eth_random_addr(perm_addr);
+ SET_IEEE80211_PERM_ADDR(dev, perm_addr);
+ }
+
+ priv->cur_rssi = &p54_rssi_default;
+
+ wiphy_info(dev->wiphy, "hwaddr %pM, MAC:isl38%02x RF:%s\n",
+ dev->wiphy->perm_addr, priv->version,
+ p54_rf_chips[priv->rxhw]);
+
+ return 0;
+
+err:
+ kfree(priv->iq_autocal);
+ kfree(priv->output_limit);
+ kfree(priv->curve_data);
+ kfree(priv->rssi_db);
+ kfree(priv->survey);
+ priv->iq_autocal = NULL;
+ priv->output_limit = NULL;
+ priv->curve_data = NULL;
+ priv->rssi_db = NULL;
+ priv->survey = NULL;
+
+ wiphy_err(dev->wiphy, "eeprom parse failed!\n");
+ return err;
+}
+EXPORT_SYMBOL_GPL(p54_parse_eeprom);
+
+int p54_read_eeprom(struct ieee80211_hw *dev)
+{
+ struct p54_common *priv = dev->priv;
+ size_t eeprom_size = 0x2020, offset = 0, blocksize, maxblocksize;
+ int ret = -ENOMEM;
+ void *eeprom;
+
+ maxblocksize = EEPROM_READBACK_LEN;
+ if (priv->fw_var >= 0x509)
+ maxblocksize -= 0xc;
+ else
+ maxblocksize -= 0x4;
+
+ eeprom = kzalloc(eeprom_size, GFP_KERNEL);
+ if (unlikely(!eeprom))
+ goto free;
+
+ while (eeprom_size) {
+ blocksize = min(eeprom_size, maxblocksize);
+ ret = p54_download_eeprom(priv, eeprom + offset,
+ offset, blocksize);
+ if (unlikely(ret))
+ goto free;
+
+ offset += blocksize;
+ eeprom_size -= blocksize;
+ }
+
+ ret = p54_parse_eeprom(dev, eeprom, offset);
+free:
+ kfree(eeprom);
+ return ret;
+}
+EXPORT_SYMBOL_GPL(p54_read_eeprom);
diff --git a/drivers/net/wireless/intersil/p54/eeprom.h b/drivers/net/wireless/intersil/p54/eeprom.h
new file mode 100644
index 000000000..1d0aaf543
--- /dev/null
+++ b/drivers/net/wireless/intersil/p54/eeprom.h
@@ -0,0 +1,242 @@
+/* SPDX-License-Identifier: GPL-2.0-only */
+/*
+ * eeprom specific definitions for mac80211 Prism54 drivers
+ *
+ * Copyright (c) 2006, Michael Wu <flamingice@sourmilk.net>
+ * Copyright (c) 2007-2009, Christian Lamparter <chunkeey@web.de>
+ *
+ * Based on:
+ * - the islsm (softmac prism54) driver, which is:
+ * Copyright 2004-2006 Jean-Baptiste Note <jbnote@gmail.com>, et al.
+ *
+ * - LMAC API interface header file for STLC4560 (lmac_longbow.h)
+ * Copyright (C) 2007 Conexant Systems, Inc.
+ *
+ * - islmvc driver
+ * Copyright (C) 2001 Intersil Americas Inc.
+ */
+
+#ifndef EEPROM_H
+#define EEPROM_H
+
+/* PDA defines are Copyright (C) 2005 Nokia Corporation (taken from islsm_pda.h) */
+
+struct pda_entry {
+ __le16 len; /* includes both code and data */
+ __le16 code;
+ u8 data[];
+} __packed;
+
+struct eeprom_pda_wrap {
+ __le32 magic;
+ __le16 pad;
+ __le16 len;
+ __le32 arm_opcode;
+ u8 data[];
+} __packed;
+
+struct p54_iq_autocal_entry {
+ __le16 iq_param[4];
+} __packed;
+
+struct pda_iq_autocal_entry {
+ __le16 freq;
+ struct p54_iq_autocal_entry params;
+} __packed;
+
+struct pda_channel_output_limit {
+ __le16 freq;
+ u8 val_bpsk;
+ u8 val_qpsk;
+ u8 val_16qam;
+ u8 val_64qam;
+ u8 rate_set_mask;
+ u8 rate_set_size;
+} __packed;
+
+struct pda_channel_output_limit_point_longbow {
+ __le16 val_bpsk;
+ __le16 val_qpsk;
+ __le16 val_16qam;
+ __le16 val_64qam;
+} __packed;
+
+struct pda_channel_output_limit_longbow {
+ __le16 freq;
+ struct pda_channel_output_limit_point_longbow point[3];
+} __packed;
+
+struct pda_pa_curve_data_sample_rev0 {
+ u8 rf_power;
+ u8 pa_detector;
+ u8 pcv;
+} __packed;
+
+struct pda_pa_curve_data_sample_rev1 {
+ u8 rf_power;
+ u8 pa_detector;
+ u8 data_barker;
+ u8 data_bpsk;
+ u8 data_qpsk;
+ u8 data_16qam;
+ u8 data_64qam;
+} __packed;
+
+struct pda_pa_curve_data {
+ u8 cal_method_rev;
+ u8 channels;
+ u8 points_per_channel;
+ u8 padding;
+ u8 data[];
+} __packed;
+
+struct pda_rssi_cal_ext_entry {
+ __le16 freq;
+ __le16 mul;
+ __le16 add;
+} __packed;
+
+struct pda_rssi_cal_entry {
+ __le16 mul;
+ __le16 add;
+} __packed;
+
+struct pda_country {
+ u8 regdomain;
+ u8 alpha2[2];
+ u8 flags;
+} __packed;
+
+struct pda_antenna_gain {
+ struct {
+ u8 gain_5GHz; /* 0.25 dBi units */
+ u8 gain_2GHz; /* 0.25 dBi units */
+ } __packed antenna[0];
+} __packed;
+
+struct pda_custom_wrapper {
+ __le16 entries;
+ __le16 entry_size;
+ __le16 offset;
+ __le16 len;
+ u8 data[];
+} __packed;
+
+/*
+ * this defines the PDR codes used to build PDAs as defined in document
+ * number 553155. The current implementation mirrors version 1.1 of the
+ * document and lists only PDRs supported by the ARM platform.
+ */
+
+/* common and choice range (0x0000 - 0x0fff) */
+#define PDR_END 0x0000
+#define PDR_MANUFACTURING_PART_NUMBER 0x0001
+#define PDR_PDA_VERSION 0x0002
+#define PDR_NIC_SERIAL_NUMBER 0x0003
+#define PDR_NIC_RAM_SIZE 0x0005
+#define PDR_RFMODEM_SUP_RANGE 0x0006
+#define PDR_PRISM_MAC_SUP_RANGE 0x0007
+#define PDR_NIC_ID 0x0008
+
+#define PDR_MAC_ADDRESS 0x0101
+#define PDR_REGULATORY_DOMAIN_LIST 0x0103 /* obsolete */
+#define PDR_ALLOWED_CHAN_SET 0x0104
+#define PDR_DEFAULT_CHAN 0x0105
+#define PDR_TEMPERATURE_TYPE 0x0107
+
+#define PDR_IFR_SETTING 0x0200
+#define PDR_RFR_SETTING 0x0201
+#define PDR_3861_BASELINE_REG_SETTINGS 0x0202
+#define PDR_3861_SHADOW_REG_SETTINGS 0x0203
+#define PDR_3861_IFRF_REG_SETTINGS 0x0204
+
+#define PDR_3861_CHAN_CALIB_SET_POINTS 0x0300
+#define PDR_3861_CHAN_CALIB_INTEGRATOR 0x0301
+
+#define PDR_3842_PRISM_II_NIC_CONFIG 0x0400
+#define PDR_PRISM_USB_ID 0x0401
+#define PDR_PRISM_PCI_ID 0x0402
+#define PDR_PRISM_PCI_IF_CONFIG 0x0403
+#define PDR_PRISM_PCI_PM_CONFIG 0x0404
+
+#define PDR_3861_MF_TEST_CHAN_SET_POINTS 0x0900
+#define PDR_3861_MF_TEST_CHAN_INTEGRATORS 0x0901
+
+/* ARM range (0x1000 - 0x1fff) */
+#define PDR_COUNTRY_INFORMATION 0x1000 /* obsolete */
+#define PDR_INTERFACE_LIST 0x1001
+#define PDR_HARDWARE_PLATFORM_COMPONENT_ID 0x1002
+#define PDR_OEM_NAME 0x1003
+#define PDR_PRODUCT_NAME 0x1004
+#define PDR_UTF8_OEM_NAME 0x1005
+#define PDR_UTF8_PRODUCT_NAME 0x1006
+#define PDR_COUNTRY_LIST 0x1007
+#define PDR_DEFAULT_COUNTRY 0x1008
+
+#define PDR_ANTENNA_GAIN 0x1100
+
+#define PDR_PRISM_INDIGO_PA_CALIBRATION_DATA 0x1901
+#define PDR_RSSI_LINEAR_APPROXIMATION 0x1902
+#define PDR_PRISM_PA_CAL_OUTPUT_POWER_LIMITS 0x1903
+#define PDR_PRISM_PA_CAL_CURVE_DATA 0x1904
+#define PDR_RSSI_LINEAR_APPROXIMATION_DUAL_BAND 0x1905
+#define PDR_PRISM_ZIF_TX_IQ_CALIBRATION 0x1906
+#define PDR_REGULATORY_POWER_LIMITS 0x1907
+#define PDR_RSSI_LINEAR_APPROXIMATION_EXTENDED 0x1908
+#define PDR_RADIATED_TRANSMISSION_CORRECTION 0x1909
+#define PDR_PRISM_TX_IQ_CALIBRATION 0x190a
+
+/* reserved range (0x2000 - 0x7fff) */
+
+/* customer range (0x8000 - 0xffff) */
+#define PDR_BASEBAND_REGISTERS 0x8000
+#define PDR_PER_CHANNEL_BASEBAND_REGISTERS 0x8001
+
+/* used by our modificated eeprom image */
+#define PDR_RSSI_LINEAR_APPROXIMATION_CUSTOM 0xDEAD
+#define PDR_RSSI_LINEAR_APPROXIMATION_CUSTOMV2 0xCAFF
+#define PDR_PRISM_PA_CAL_OUTPUT_POWER_LIMITS_CUSTOM 0xBEEF
+#define PDR_PRISM_PA_CAL_CURVE_DATA_CUSTOM 0xB05D
+
+/* Interface Definitions */
+#define PDR_INTERFACE_ROLE_SERVER 0x0000
+#define PDR_INTERFACE_ROLE_CLIENT 0x0001
+
+/* PDR definitions for default country & country list */
+#define PDR_COUNTRY_CERT_CODE 0x80
+#define PDR_COUNTRY_CERT_CODE_REAL 0x00
+#define PDR_COUNTRY_CERT_CODE_PSEUDO 0x80
+#define PDR_COUNTRY_CERT_BAND 0x40
+#define PDR_COUNTRY_CERT_BAND_2GHZ 0x00
+#define PDR_COUNTRY_CERT_BAND_5GHZ 0x40
+#define PDR_COUNTRY_CERT_IODOOR 0x30
+#define PDR_COUNTRY_CERT_IODOOR_BOTH 0x00
+#define PDR_COUNTRY_CERT_IODOOR_INDOOR 0x20
+#define PDR_COUNTRY_CERT_IODOOR_OUTDOOR 0x30
+#define PDR_COUNTRY_CERT_INDEX 0x0f
+
+/* Specific LMAC FW/HW variant definitions */
+#define PDR_SYNTH_FRONTEND_MASK 0x0007
+#define PDR_SYNTH_FRONTEND_DUETTE3 0x0001
+#define PDR_SYNTH_FRONTEND_DUETTE2 0x0002
+#define PDR_SYNTH_FRONTEND_FRISBEE 0x0003
+#define PDR_SYNTH_FRONTEND_XBOW 0x0004
+#define PDR_SYNTH_FRONTEND_LONGBOW 0x0005
+#define PDR_SYNTH_IQ_CAL_MASK 0x0018
+#define PDR_SYNTH_IQ_CAL_PA_DETECTOR 0x0000
+#define PDR_SYNTH_IQ_CAL_DISABLED 0x0008
+#define PDR_SYNTH_IQ_CAL_ZIF 0x0010
+#define PDR_SYNTH_FAA_SWITCH_MASK 0x0020
+#define PDR_SYNTH_FAA_SWITCH_ENABLED 0x0020
+#define PDR_SYNTH_24_GHZ_MASK 0x0040
+#define PDR_SYNTH_24_GHZ_DISABLED 0x0040
+#define PDR_SYNTH_5_GHZ_MASK 0x0080
+#define PDR_SYNTH_5_GHZ_DISABLED 0x0080
+#define PDR_SYNTH_RX_DIV_MASK 0x0100
+#define PDR_SYNTH_RX_DIV_SUPPORTED 0x0100
+#define PDR_SYNTH_TX_DIV_MASK 0x0200
+#define PDR_SYNTH_TX_DIV_SUPPORTED 0x0200
+#define PDR_SYNTH_ASM_MASK 0x0400
+#define PDR_SYNTH_ASM_XSWON 0x0400
+
+#endif /* EEPROM_H */
diff --git a/drivers/net/wireless/intersil/p54/fwio.c b/drivers/net/wireless/intersil/p54/fwio.c
new file mode 100644
index 000000000..b52cce381
--- /dev/null
+++ b/drivers/net/wireless/intersil/p54/fwio.c
@@ -0,0 +1,759 @@
+// SPDX-License-Identifier: GPL-2.0-only
+/*
+ * Firmware I/O code for mac80211 Prism54 drivers
+ *
+ * Copyright (c) 2006, Michael Wu <flamingice@sourmilk.net>
+ * Copyright (c) 2007-2009, Christian Lamparter <chunkeey@web.de>
+ * Copyright 2008, Johannes Berg <johannes@sipsolutions.net>
+ *
+ * Based on:
+ * - the islsm (softmac prism54) driver, which is:
+ * Copyright 2004-2006 Jean-Baptiste Note <jbnote@gmail.com>, et al.
+ * - stlc45xx driver
+ * Copyright (C) 2008 Nokia Corporation and/or its subsidiary(-ies).
+ */
+
+#include <linux/slab.h>
+#include <linux/firmware.h>
+#include <linux/etherdevice.h>
+#include <linux/export.h>
+
+#include <net/mac80211.h>
+
+#include "p54.h"
+#include "eeprom.h"
+#include "lmac.h"
+
+int p54_parse_firmware(struct ieee80211_hw *dev, const struct firmware *fw)
+{
+ struct p54_common *priv = dev->priv;
+ struct exp_if *exp_if;
+ struct bootrec *bootrec;
+ u32 *data = (u32 *)fw->data;
+ u32 *end_data = (u32 *)fw->data + (fw->size >> 2);
+ u8 *fw_version = NULL;
+ size_t len;
+ int i;
+ int maxlen;
+
+ if (priv->rx_start)
+ return 0;
+
+ while (data < end_data && *data)
+ data++;
+
+ while (data < end_data && !*data)
+ data++;
+
+ bootrec = (struct bootrec *) data;
+
+ while (bootrec->data <= end_data && (bootrec->data +
+ (len = le32_to_cpu(bootrec->len))) <= end_data) {
+ u32 code = le32_to_cpu(bootrec->code);
+ switch (code) {
+ case BR_CODE_COMPONENT_ID:
+ priv->fw_interface = be32_to_cpup((__be32 *)
+ bootrec->data);
+ switch (priv->fw_interface) {
+ case FW_LM86:
+ case FW_LM20:
+ case FW_LM87: {
+ char *iftype = (char *)bootrec->data;
+ wiphy_info(priv->hw->wiphy,
+ "p54 detected a LM%c%c firmware\n",
+ iftype[2], iftype[3]);
+ break;
+ }
+ case FW_FMAC:
+ default:
+ wiphy_err(priv->hw->wiphy,
+ "unsupported firmware\n");
+ return -ENODEV;
+ }
+ break;
+ case BR_CODE_COMPONENT_VERSION:
+ /* 24 bytes should be enough for all firmwares */
+ if (strnlen((unsigned char *) bootrec->data, 24) < 24)
+ fw_version = (unsigned char *) bootrec->data;
+ break;
+ case BR_CODE_DESCR: {
+ struct bootrec_desc *desc =
+ (struct bootrec_desc *)bootrec->data;
+ priv->rx_start = le32_to_cpu(desc->rx_start);
+ /* FIXME add sanity checking */
+ priv->rx_end = le32_to_cpu(desc->rx_end) - 0x3500;
+ priv->headroom = desc->headroom;
+ priv->tailroom = desc->tailroom;
+ priv->privacy_caps = desc->privacy_caps;
+ priv->rx_keycache_size = desc->rx_keycache_size;
+ if (le32_to_cpu(bootrec->len) == 11)
+ priv->rx_mtu = le16_to_cpu(desc->rx_mtu);
+ else
+ priv->rx_mtu = (size_t)
+ 0x620 - priv->tx_hdr_len;
+ maxlen = priv->tx_hdr_len + /* USB devices */
+ sizeof(struct p54_rx_data) +
+ 4 + /* rx alignment */
+ IEEE80211_MAX_FRAG_THRESHOLD;
+ if (priv->rx_mtu > maxlen && PAGE_SIZE == 4096) {
+ printk(KERN_INFO "p54: rx_mtu reduced from %d "
+ "to %d\n", priv->rx_mtu, maxlen);
+ priv->rx_mtu = maxlen;
+ }
+ break;
+ }
+ case BR_CODE_EXPOSED_IF:
+ exp_if = (struct exp_if *) bootrec->data;
+ for (i = 0; i < (len * sizeof(*exp_if) / 4); i++)
+ if (exp_if[i].if_id == cpu_to_le16(IF_ID_LMAC))
+ priv->fw_var = le16_to_cpu(exp_if[i].variant);
+ break;
+ case BR_CODE_DEPENDENT_IF:
+ break;
+ case BR_CODE_END_OF_BRA:
+ case LEGACY_BR_CODE_END_OF_BRA:
+ end_data = NULL;
+ break;
+ default:
+ break;
+ }
+ bootrec = (struct bootrec *)&bootrec->data[len];
+ }
+
+ if (fw_version) {
+ wiphy_info(priv->hw->wiphy,
+ "FW rev %s - Softmac protocol %x.%x\n",
+ fw_version, priv->fw_var >> 8, priv->fw_var & 0xff);
+ snprintf(dev->wiphy->fw_version, sizeof(dev->wiphy->fw_version),
+ "%s - %x.%x", fw_version,
+ priv->fw_var >> 8, priv->fw_var & 0xff);
+ }
+
+ if (priv->fw_var < 0x500)
+ wiphy_info(priv->hw->wiphy,
+ "you are using an obsolete firmware. "
+ "visit http://wireless.wiki.kernel.org/en/users/Drivers/p54 "
+ "and grab one for \"kernel >= 2.6.28\"!\n");
+
+ if (priv->fw_var >= 0x300) {
+ /* Firmware supports QoS, use it! */
+
+ if (priv->fw_var >= 0x500) {
+ priv->tx_stats[P54_QUEUE_AC_VO].limit = 16;
+ priv->tx_stats[P54_QUEUE_AC_VI].limit = 16;
+ priv->tx_stats[P54_QUEUE_AC_BE].limit = 16;
+ priv->tx_stats[P54_QUEUE_AC_BK].limit = 16;
+ } else {
+ priv->tx_stats[P54_QUEUE_AC_VO].limit = 3;
+ priv->tx_stats[P54_QUEUE_AC_VI].limit = 4;
+ priv->tx_stats[P54_QUEUE_AC_BE].limit = 3;
+ priv->tx_stats[P54_QUEUE_AC_BK].limit = 2;
+ }
+ priv->hw->queues = P54_QUEUE_AC_NUM;
+ }
+
+ wiphy_info(priv->hw->wiphy,
+ "cryptographic accelerator WEP:%s, TKIP:%s, CCMP:%s\n",
+ (priv->privacy_caps & BR_DESC_PRIV_CAP_WEP) ? "YES" : "no",
+ (priv->privacy_caps &
+ (BR_DESC_PRIV_CAP_TKIP | BR_DESC_PRIV_CAP_MICHAEL))
+ ? "YES" : "no",
+ (priv->privacy_caps & BR_DESC_PRIV_CAP_AESCCMP)
+ ? "YES" : "no");
+
+ if (priv->rx_keycache_size) {
+ /*
+ * NOTE:
+ *
+ * The firmware provides at most 255 (0 - 254) slots
+ * for keys which are then used to offload decryption.
+ * As a result the 255 entry (aka 0xff) can be used
+ * safely by the driver to mark keys that didn't fit
+ * into the full cache. This trick saves us from
+ * keeping a extra list for uploaded keys.
+ */
+
+ priv->used_rxkeys = bitmap_zalloc(priv->rx_keycache_size,
+ GFP_KERNEL);
+ if (!priv->used_rxkeys)
+ return -ENOMEM;
+ }
+
+ return 0;
+}
+EXPORT_SYMBOL_GPL(p54_parse_firmware);
+
+static struct sk_buff *p54_alloc_skb(struct p54_common *priv, u16 hdr_flags,
+ u16 payload_len, u16 type, gfp_t memflags)
+{
+ struct p54_hdr *hdr;
+ struct sk_buff *skb;
+ size_t frame_len = sizeof(*hdr) + payload_len;
+
+ if (frame_len > P54_MAX_CTRL_FRAME_LEN)
+ return NULL;
+
+ if (unlikely(skb_queue_len(&priv->tx_pending) > 64))
+ return NULL;
+
+ skb = __dev_alloc_skb(priv->tx_hdr_len + frame_len, memflags);
+ if (!skb)
+ return NULL;
+ skb_reserve(skb, priv->tx_hdr_len);
+
+ hdr = skb_put(skb, sizeof(*hdr));
+ hdr->flags = cpu_to_le16(hdr_flags);
+ hdr->len = cpu_to_le16(payload_len);
+ hdr->type = cpu_to_le16(type);
+ hdr->tries = hdr->rts_tries = 0;
+ return skb;
+}
+
+int p54_download_eeprom(struct p54_common *priv, void *buf,
+ u16 offset, u16 len)
+{
+ struct p54_eeprom_lm86 *eeprom_hdr;
+ struct sk_buff *skb;
+ size_t eeprom_hdr_size;
+ int ret = 0;
+ long timeout;
+
+ if (priv->fw_var >= 0x509)
+ eeprom_hdr_size = sizeof(*eeprom_hdr);
+ else
+ eeprom_hdr_size = 0x4;
+
+ skb = p54_alloc_skb(priv, P54_HDR_FLAG_CONTROL, eeprom_hdr_size +
+ len, P54_CONTROL_TYPE_EEPROM_READBACK,
+ GFP_KERNEL);
+ if (unlikely(!skb))
+ return -ENOMEM;
+
+ mutex_lock(&priv->eeprom_mutex);
+ priv->eeprom = buf;
+ eeprom_hdr = skb_put(skb, eeprom_hdr_size + len);
+
+ if (priv->fw_var < 0x509) {
+ eeprom_hdr->v1.offset = cpu_to_le16(offset);
+ eeprom_hdr->v1.len = cpu_to_le16(len);
+ } else {
+ eeprom_hdr->v2.offset = cpu_to_le32(offset);
+ eeprom_hdr->v2.len = cpu_to_le16(len);
+ eeprom_hdr->v2.magic2 = 0xf;
+ memcpy(eeprom_hdr->v2.magic, (const char *)"LOCK", 4);
+ }
+
+ p54_tx(priv, skb);
+
+ timeout = wait_for_completion_interruptible_timeout(
+ &priv->eeprom_comp, HZ);
+ if (timeout <= 0) {
+ wiphy_err(priv->hw->wiphy,
+ "device does not respond or signal received!\n");
+ ret = -EBUSY;
+ }
+ priv->eeprom = NULL;
+ mutex_unlock(&priv->eeprom_mutex);
+ return ret;
+}
+
+int p54_update_beacon_tim(struct p54_common *priv, u16 aid, bool set)
+{
+ struct sk_buff *skb;
+ struct p54_tim *tim;
+
+ skb = p54_alloc_skb(priv, P54_HDR_FLAG_CONTROL_OPSET, sizeof(*tim),
+ P54_CONTROL_TYPE_TIM, GFP_ATOMIC);
+ if (unlikely(!skb))
+ return -ENOMEM;
+
+ tim = skb_put(skb, sizeof(*tim));
+ tim->count = 1;
+ tim->entry[0] = cpu_to_le16(set ? (aid | 0x8000) : aid);
+ p54_tx(priv, skb);
+ return 0;
+}
+
+int p54_sta_unlock(struct p54_common *priv, u8 *addr)
+{
+ struct sk_buff *skb;
+ struct p54_sta_unlock *sta;
+
+ skb = p54_alloc_skb(priv, P54_HDR_FLAG_CONTROL_OPSET, sizeof(*sta),
+ P54_CONTROL_TYPE_PSM_STA_UNLOCK, GFP_ATOMIC);
+ if (unlikely(!skb))
+ return -ENOMEM;
+
+ sta = skb_put(skb, sizeof(*sta));
+ memcpy(sta->addr, addr, ETH_ALEN);
+ p54_tx(priv, skb);
+ return 0;
+}
+
+int p54_tx_cancel(struct p54_common *priv, __le32 req_id)
+{
+ struct sk_buff *skb;
+ struct p54_txcancel *cancel;
+ u32 _req_id = le32_to_cpu(req_id);
+
+ if (unlikely(_req_id < priv->rx_start || _req_id > priv->rx_end))
+ return -EINVAL;
+
+ skb = p54_alloc_skb(priv, P54_HDR_FLAG_CONTROL_OPSET, sizeof(*cancel),
+ P54_CONTROL_TYPE_TXCANCEL, GFP_ATOMIC);
+ if (unlikely(!skb))
+ return -ENOMEM;
+
+ cancel = skb_put(skb, sizeof(*cancel));
+ cancel->req_id = req_id;
+ p54_tx(priv, skb);
+ return 0;
+}
+
+int p54_setup_mac(struct p54_common *priv)
+{
+ struct sk_buff *skb;
+ struct p54_setup_mac *setup;
+ u16 mode;
+
+ skb = p54_alloc_skb(priv, P54_HDR_FLAG_CONTROL_OPSET, sizeof(*setup),
+ P54_CONTROL_TYPE_SETUP, GFP_ATOMIC);
+ if (!skb)
+ return -ENOMEM;
+
+ setup = skb_put(skb, sizeof(*setup));
+ if (!(priv->hw->conf.flags & IEEE80211_CONF_IDLE)) {
+ switch (priv->mode) {
+ case NL80211_IFTYPE_STATION:
+ mode = P54_FILTER_TYPE_STATION;
+ break;
+ case NL80211_IFTYPE_AP:
+ mode = P54_FILTER_TYPE_AP;
+ break;
+ case NL80211_IFTYPE_ADHOC:
+ case NL80211_IFTYPE_MESH_POINT:
+ mode = P54_FILTER_TYPE_IBSS;
+ break;
+ case NL80211_IFTYPE_MONITOR:
+ mode = P54_FILTER_TYPE_PROMISCUOUS;
+ break;
+ default:
+ mode = P54_FILTER_TYPE_HIBERNATE;
+ break;
+ }
+
+ /*
+ * "TRANSPARENT and PROMISCUOUS are mutually exclusive"
+ * STSW45X0C LMAC API - page 12
+ */
+ if (priv->filter_flags & FIF_OTHER_BSS &&
+ (mode != P54_FILTER_TYPE_PROMISCUOUS))
+ mode |= P54_FILTER_TYPE_TRANSPARENT;
+ } else {
+ mode = P54_FILTER_TYPE_HIBERNATE;
+ }
+
+ setup->mac_mode = cpu_to_le16(mode);
+ memcpy(setup->mac_addr, priv->mac_addr, ETH_ALEN);
+ memcpy(setup->bssid, priv->bssid, ETH_ALEN);
+ setup->rx_antenna = 2 & priv->rx_diversity_mask; /* automatic */
+ setup->rx_align = 0;
+ if (priv->fw_var < 0x500) {
+ setup->v1.basic_rate_mask = cpu_to_le32(priv->basic_rate_mask);
+ memset(setup->v1.rts_rates, 0, 8);
+ setup->v1.rx_addr = cpu_to_le32(priv->rx_end);
+ setup->v1.max_rx = cpu_to_le16(priv->rx_mtu);
+ setup->v1.rxhw = cpu_to_le16(priv->rxhw);
+ setup->v1.wakeup_timer = cpu_to_le16(priv->wakeup_timer);
+ setup->v1.unalloc0 = cpu_to_le16(0);
+ } else {
+ setup->v2.rx_addr = cpu_to_le32(priv->rx_end);
+ setup->v2.max_rx = cpu_to_le16(priv->rx_mtu);
+ setup->v2.rxhw = cpu_to_le16(priv->rxhw);
+ setup->v2.timer = cpu_to_le16(priv->wakeup_timer);
+ setup->v2.truncate = cpu_to_le16(48896);
+ setup->v2.basic_rate_mask = cpu_to_le32(priv->basic_rate_mask);
+ setup->v2.sbss_offset = 0;
+ setup->v2.mcast_window = 0;
+ setup->v2.rx_rssi_threshold = 0;
+ setup->v2.rx_ed_threshold = 0;
+ setup->v2.ref_clock = cpu_to_le32(644245094);
+ setup->v2.lpf_bandwidth = cpu_to_le16(65535);
+ setup->v2.osc_start_delay = cpu_to_le16(65535);
+ }
+ p54_tx(priv, skb);
+ priv->phy_idle = mode == P54_FILTER_TYPE_HIBERNATE;
+ return 0;
+}
+
+int p54_scan(struct p54_common *priv, u16 mode, u16 dwell)
+{
+ struct sk_buff *skb;
+ struct p54_hdr *hdr;
+ struct p54_scan_head *head;
+ struct p54_iq_autocal_entry *iq_autocal;
+ union p54_scan_body_union *body;
+ struct p54_scan_tail_rate *rate;
+ struct pda_rssi_cal_entry *rssi;
+ struct p54_rssi_db_entry *rssi_data;
+ unsigned int i;
+ void *entry;
+ __le16 freq = cpu_to_le16(priv->hw->conf.chandef.chan->center_freq);
+
+ skb = p54_alloc_skb(priv, P54_HDR_FLAG_CONTROL_OPSET, sizeof(*head) +
+ 2 + sizeof(*iq_autocal) + sizeof(*body) +
+ sizeof(*rate) + 2 * sizeof(*rssi),
+ P54_CONTROL_TYPE_SCAN, GFP_ATOMIC);
+ if (!skb)
+ return -ENOMEM;
+
+ head = skb_put(skb, sizeof(*head));
+ memset(head->scan_params, 0, sizeof(head->scan_params));
+ head->mode = cpu_to_le16(mode);
+ head->dwell = cpu_to_le16(dwell);
+ head->freq = freq;
+
+ if (priv->rxhw == PDR_SYNTH_FRONTEND_LONGBOW) {
+ __le16 *pa_power_points = skb_put(skb, 2);
+ *pa_power_points = cpu_to_le16(0x0c);
+ }
+
+ iq_autocal = skb_put(skb, sizeof(*iq_autocal));
+ for (i = 0; i < priv->iq_autocal_len; i++) {
+ if (priv->iq_autocal[i].freq != freq)
+ continue;
+
+ memcpy(iq_autocal, &priv->iq_autocal[i].params,
+ sizeof(struct p54_iq_autocal_entry));
+ break;
+ }
+ if (i == priv->iq_autocal_len)
+ goto err;
+
+ if (priv->rxhw == PDR_SYNTH_FRONTEND_LONGBOW)
+ body = skb_put(skb, sizeof(body->longbow));
+ else
+ body = skb_put(skb, sizeof(body->normal));
+
+ for (i = 0; i < priv->output_limit->entries; i++) {
+ __le16 *entry_freq = (void *) (priv->output_limit->data +
+ priv->output_limit->entry_size * i);
+
+ if (*entry_freq != freq)
+ continue;
+
+ if (priv->rxhw == PDR_SYNTH_FRONTEND_LONGBOW) {
+ memcpy(&body->longbow.power_limits,
+ (void *) entry_freq + sizeof(__le16),
+ priv->output_limit->entry_size);
+ } else {
+ struct pda_channel_output_limit *limits =
+ (void *) entry_freq;
+
+ body->normal.val_barker = 0x38;
+ body->normal.val_bpsk = body->normal.dup_bpsk =
+ limits->val_bpsk;
+ body->normal.val_qpsk = body->normal.dup_qpsk =
+ limits->val_qpsk;
+ body->normal.val_16qam = body->normal.dup_16qam =
+ limits->val_16qam;
+ body->normal.val_64qam = body->normal.dup_64qam =
+ limits->val_64qam;
+ }
+ break;
+ }
+ if (i == priv->output_limit->entries)
+ goto err;
+
+ entry = (void *)(priv->curve_data->data + priv->curve_data->offset);
+ for (i = 0; i < priv->curve_data->entries; i++) {
+ if (*((__le16 *)entry) != freq) {
+ entry += priv->curve_data->entry_size;
+ continue;
+ }
+
+ if (priv->rxhw == PDR_SYNTH_FRONTEND_LONGBOW) {
+ memcpy(&body->longbow.curve_data,
+ entry + sizeof(__le16),
+ priv->curve_data->entry_size);
+ } else {
+ struct p54_scan_body *chan = &body->normal;
+ struct pda_pa_curve_data *curve_data =
+ (void *) priv->curve_data->data;
+
+ entry += sizeof(__le16);
+ chan->pa_points_per_curve = 8;
+ memset(chan->curve_data, 0, sizeof(chan->curve_data));
+ memcpy(chan->curve_data, entry,
+ sizeof(struct p54_pa_curve_data_sample) *
+ min((u8)8, curve_data->points_per_channel));
+ }
+ break;
+ }
+ if (i == priv->curve_data->entries)
+ goto err;
+
+ if ((priv->fw_var >= 0x500) && (priv->fw_var < 0x509)) {
+ rate = skb_put(skb, sizeof(*rate));
+ rate->basic_rate_mask = cpu_to_le32(priv->basic_rate_mask);
+ for (i = 0; i < sizeof(rate->rts_rates); i++)
+ rate->rts_rates[i] = i;
+ }
+
+ rssi = skb_put(skb, sizeof(*rssi));
+ rssi_data = p54_rssi_find(priv, le16_to_cpu(freq));
+ rssi->mul = cpu_to_le16(rssi_data->mul);
+ rssi->add = cpu_to_le16(rssi_data->add);
+ if (priv->rxhw == PDR_SYNTH_FRONTEND_LONGBOW) {
+ /* Longbow frontend needs ever more */
+ rssi = skb_put(skb, sizeof(*rssi));
+ rssi->mul = cpu_to_le16(rssi_data->longbow_unkn);
+ rssi->add = cpu_to_le16(rssi_data->longbow_unk2);
+ }
+
+ if (priv->fw_var >= 0x509) {
+ rate = skb_put(skb, sizeof(*rate));
+ rate->basic_rate_mask = cpu_to_le32(priv->basic_rate_mask);
+ for (i = 0; i < sizeof(rate->rts_rates); i++)
+ rate->rts_rates[i] = i;
+ }
+
+ hdr = (struct p54_hdr *) skb->data;
+ hdr->len = cpu_to_le16(skb->len - sizeof(*hdr));
+
+ p54_tx(priv, skb);
+ priv->cur_rssi = rssi_data;
+ return 0;
+
+err:
+ wiphy_err(priv->hw->wiphy, "frequency change to channel %d failed.\n",
+ ieee80211_frequency_to_channel(
+ priv->hw->conf.chandef.chan->center_freq));
+
+ dev_kfree_skb_any(skb);
+ return -EINVAL;
+}
+
+int p54_set_leds(struct p54_common *priv)
+{
+ struct sk_buff *skb;
+ struct p54_led *led;
+
+ skb = p54_alloc_skb(priv, P54_HDR_FLAG_CONTROL_OPSET, sizeof(*led),
+ P54_CONTROL_TYPE_LED, GFP_ATOMIC);
+ if (unlikely(!skb))
+ return -ENOMEM;
+
+ led = skb_put(skb, sizeof(*led));
+ led->flags = cpu_to_le16(0x0003);
+ led->mask[0] = led->mask[1] = cpu_to_le16(priv->softled_state);
+ led->delay[0] = cpu_to_le16(1);
+ led->delay[1] = cpu_to_le16(0);
+ p54_tx(priv, skb);
+ return 0;
+}
+
+int p54_set_edcf(struct p54_common *priv)
+{
+ struct sk_buff *skb;
+ struct p54_edcf *edcf;
+ u8 rtd;
+
+ skb = p54_alloc_skb(priv, P54_HDR_FLAG_CONTROL_OPSET, sizeof(*edcf),
+ P54_CONTROL_TYPE_DCFINIT, GFP_ATOMIC);
+ if (unlikely(!skb))
+ return -ENOMEM;
+
+ edcf = skb_put(skb, sizeof(*edcf));
+ if (priv->use_short_slot) {
+ edcf->slottime = 9;
+ edcf->sifs = 0x10;
+ edcf->eofpad = 0x00;
+ } else {
+ edcf->slottime = 20;
+ edcf->sifs = 0x0a;
+ edcf->eofpad = 0x06;
+ }
+ /*
+ * calculate the extra round trip delay according to the
+ * formula from 802.11-2007 17.3.8.6.
+ */
+ rtd = 3 * priv->coverage_class;
+ edcf->slottime += rtd;
+ edcf->round_trip_delay = cpu_to_le16(rtd);
+ /* (see prism54/isl_oid.h for further details) */
+ edcf->frameburst = cpu_to_le16(0);
+ edcf->flags = 0;
+ memset(edcf->mapping, 0, sizeof(edcf->mapping));
+ memcpy(edcf->queue, priv->qos_params, sizeof(edcf->queue));
+ p54_tx(priv, skb);
+ return 0;
+}
+
+int p54_set_ps(struct p54_common *priv)
+{
+ struct sk_buff *skb;
+ struct p54_psm *psm;
+ unsigned int i;
+ u16 mode;
+
+ if (priv->hw->conf.flags & IEEE80211_CONF_PS &&
+ !priv->powersave_override)
+ mode = P54_PSM | P54_PSM_BEACON_TIMEOUT | P54_PSM_DTIM |
+ P54_PSM_CHECKSUM | P54_PSM_MCBC;
+ else
+ mode = P54_PSM_CAM;
+
+ skb = p54_alloc_skb(priv, P54_HDR_FLAG_CONTROL_OPSET, sizeof(*psm),
+ P54_CONTROL_TYPE_PSM, GFP_ATOMIC);
+ if (!skb)
+ return -ENOMEM;
+
+ psm = skb_put(skb, sizeof(*psm));
+ psm->mode = cpu_to_le16(mode);
+ psm->aid = cpu_to_le16(priv->aid);
+ for (i = 0; i < ARRAY_SIZE(psm->intervals); i++) {
+ psm->intervals[i].interval =
+ cpu_to_le16(priv->hw->conf.listen_interval);
+ psm->intervals[i].periods = cpu_to_le16(1);
+ }
+
+ psm->beacon_rssi_skip_max = 200;
+ psm->rssi_delta_threshold = 0;
+ psm->nr = 1;
+ psm->exclude[0] = WLAN_EID_TIM;
+
+ p54_tx(priv, skb);
+ priv->phy_ps = mode != P54_PSM_CAM;
+ return 0;
+}
+
+int p54_init_xbow_synth(struct p54_common *priv)
+{
+ struct sk_buff *skb;
+ struct p54_xbow_synth *xbow;
+
+ skb = p54_alloc_skb(priv, P54_HDR_FLAG_CONTROL_OPSET, sizeof(*xbow),
+ P54_CONTROL_TYPE_XBOW_SYNTH_CFG, GFP_KERNEL);
+ if (unlikely(!skb))
+ return -ENOMEM;
+
+ xbow = skb_put(skb, sizeof(*xbow));
+ xbow->magic1 = cpu_to_le16(0x1);
+ xbow->magic2 = cpu_to_le16(0x2);
+ xbow->freq = cpu_to_le16(5390);
+ memset(xbow->padding, 0, sizeof(xbow->padding));
+ p54_tx(priv, skb);
+ return 0;
+}
+
+int p54_upload_key(struct p54_common *priv, u8 algo, int slot, u8 idx, u8 len,
+ u8 *addr, u8* key)
+{
+ struct sk_buff *skb;
+ struct p54_keycache *rxkey;
+
+ skb = p54_alloc_skb(priv, P54_HDR_FLAG_CONTROL_OPSET, sizeof(*rxkey),
+ P54_CONTROL_TYPE_RX_KEYCACHE, GFP_KERNEL);
+ if (unlikely(!skb))
+ return -ENOMEM;
+
+ rxkey = skb_put(skb, sizeof(*rxkey));
+ rxkey->entry = slot;
+ rxkey->key_id = idx;
+ rxkey->key_type = algo;
+ if (addr)
+ memcpy(rxkey->mac, addr, ETH_ALEN);
+ else
+ eth_broadcast_addr(rxkey->mac);
+
+ switch (algo) {
+ case P54_CRYPTO_WEP:
+ case P54_CRYPTO_AESCCMP:
+ rxkey->key_len = min_t(u8, 16, len);
+ memcpy(rxkey->key, key, rxkey->key_len);
+ break;
+
+ case P54_CRYPTO_TKIPMICHAEL:
+ rxkey->key_len = 24;
+ memcpy(rxkey->key, key, 16);
+ memcpy(&(rxkey->key[16]), &(key
+ [NL80211_TKIP_DATA_OFFSET_RX_MIC_KEY]), 8);
+ break;
+
+ case P54_CRYPTO_NONE:
+ rxkey->key_len = 0;
+ memset(rxkey->key, 0, sizeof(rxkey->key));
+ break;
+
+ default:
+ wiphy_err(priv->hw->wiphy,
+ "invalid cryptographic algorithm: %d\n", algo);
+ dev_kfree_skb(skb);
+ return -EINVAL;
+ }
+
+ p54_tx(priv, skb);
+ return 0;
+}
+
+int p54_fetch_statistics(struct p54_common *priv)
+{
+ struct ieee80211_tx_info *txinfo;
+ struct p54_tx_info *p54info;
+ struct sk_buff *skb;
+
+ skb = p54_alloc_skb(priv, P54_HDR_FLAG_CONTROL,
+ sizeof(struct p54_statistics),
+ P54_CONTROL_TYPE_STAT_READBACK, GFP_KERNEL);
+ if (!skb)
+ return -ENOMEM;
+
+ /*
+ * The statistic feedback causes some extra headaches here, if it
+ * is not to crash/corrupt the firmware data structures.
+ *
+ * Unlike all other Control Get OIDs we can not use helpers like
+ * skb_put to reserve the space for the data we're requesting.
+ * Instead the extra frame length -which will hold the results later-
+ * will only be told to the p54_assign_address, so that following
+ * frames won't be placed into the allegedly empty area.
+ */
+ txinfo = IEEE80211_SKB_CB(skb);
+ p54info = (void *) txinfo->rate_driver_data;
+ p54info->extra_len = sizeof(struct p54_statistics);
+
+ p54_tx(priv, skb);
+ return 0;
+}
+
+int p54_set_groupfilter(struct p54_common *priv)
+{
+ struct p54_group_address_table *grp;
+ struct sk_buff *skb;
+ bool on = false;
+
+ skb = p54_alloc_skb(priv, P54_HDR_FLAG_CONTROL_OPSET, sizeof(*grp),
+ P54_CONTROL_TYPE_GROUP_ADDRESS_TABLE, GFP_KERNEL);
+ if (!skb)
+ return -ENOMEM;
+
+ grp = skb_put(skb, sizeof(*grp));
+
+ on = !(priv->filter_flags & FIF_ALLMULTI) &&
+ (priv->mc_maclist_num > 0 &&
+ priv->mc_maclist_num <= MC_FILTER_ADDRESS_NUM);
+
+ if (on) {
+ grp->filter_enable = cpu_to_le16(1);
+ grp->num_address = cpu_to_le16(priv->mc_maclist_num);
+ memcpy(grp->mac_list, priv->mc_maclist, sizeof(grp->mac_list));
+ } else {
+ grp->filter_enable = cpu_to_le16(0);
+ grp->num_address = cpu_to_le16(0);
+ memset(grp->mac_list, 0, sizeof(grp->mac_list));
+ }
+
+ p54_tx(priv, skb);
+ return 0;
+}
diff --git a/drivers/net/wireless/intersil/p54/led.c b/drivers/net/wireless/intersil/p54/led.c
new file mode 100644
index 000000000..4bc77010f
--- /dev/null
+++ b/drivers/net/wireless/intersil/p54/led.c
@@ -0,0 +1,158 @@
+// SPDX-License-Identifier: GPL-2.0-only
+/*
+ * Common code for mac80211 Prism54 drivers
+ *
+ * Copyright (c) 2006, Michael Wu <flamingice@sourmilk.net>
+ * Copyright (c) 2007-2009, Christian Lamparter <chunkeey@web.de>
+ * Copyright 2008, Johannes Berg <johannes@sipsolutions.net>
+ *
+ * Based on:
+ * - the islsm (softmac prism54) driver, which is:
+ * Copyright 2004-2006 Jean-Baptiste Note <jbnote@gmail.com>, et al.
+ * - stlc45xx driver
+ * Copyright (C) 2008 Nokia Corporation and/or its subsidiary(-ies).
+ */
+
+#include <linux/firmware.h>
+#include <linux/etherdevice.h>
+
+#include <net/mac80211.h>
+#ifdef CONFIG_P54_LEDS
+#include <linux/leds.h>
+#endif /* CONFIG_P54_LEDS */
+
+#include "p54.h"
+#include "lmac.h"
+
+static void p54_update_leds(struct work_struct *work)
+{
+ struct p54_common *priv = container_of(work, struct p54_common,
+ led_work.work);
+ int err, i, tmp, blink_delay = 400;
+ bool rerun = false;
+
+ /* Don't toggle the LED, when the device is down. */
+ if (priv->mode == NL80211_IFTYPE_UNSPECIFIED)
+ return ;
+
+ for (i = 0; i < ARRAY_SIZE(priv->leds); i++)
+ if (priv->leds[i].toggled) {
+ priv->softled_state |= BIT(i);
+
+ tmp = 70 + 200 / (priv->leds[i].toggled);
+ if (tmp < blink_delay)
+ blink_delay = tmp;
+
+ if (priv->leds[i].led_dev.brightness == LED_OFF)
+ rerun = true;
+
+ priv->leds[i].toggled =
+ !!priv->leds[i].led_dev.brightness;
+ } else
+ priv->softled_state &= ~BIT(i);
+
+ err = p54_set_leds(priv);
+ if (err && net_ratelimit())
+ wiphy_err(priv->hw->wiphy,
+ "failed to update LEDs (%d).\n", err);
+
+ if (rerun)
+ ieee80211_queue_delayed_work(priv->hw, &priv->led_work,
+ msecs_to_jiffies(blink_delay));
+}
+
+static void p54_led_brightness_set(struct led_classdev *led_dev,
+ enum led_brightness brightness)
+{
+ struct p54_led_dev *led = container_of(led_dev, struct p54_led_dev,
+ led_dev);
+ struct ieee80211_hw *dev = led->hw_dev;
+ struct p54_common *priv = dev->priv;
+
+ if (priv->mode == NL80211_IFTYPE_UNSPECIFIED)
+ return ;
+
+ if ((brightness) && (led->registered)) {
+ led->toggled++;
+ ieee80211_queue_delayed_work(priv->hw, &priv->led_work, HZ/10);
+ }
+}
+
+static int p54_register_led(struct p54_common *priv,
+ unsigned int led_index,
+ char *name, const char *trigger)
+{
+ struct p54_led_dev *led = &priv->leds[led_index];
+ int err;
+
+ if (led->registered)
+ return -EEXIST;
+
+ snprintf(led->name, sizeof(led->name), "p54-%s::%s",
+ wiphy_name(priv->hw->wiphy), name);
+ led->hw_dev = priv->hw;
+ led->index = led_index;
+ led->led_dev.name = led->name;
+ led->led_dev.default_trigger = trigger;
+ led->led_dev.brightness_set = p54_led_brightness_set;
+
+ err = led_classdev_register(wiphy_dev(priv->hw->wiphy), &led->led_dev);
+ if (err)
+ wiphy_err(priv->hw->wiphy,
+ "Failed to register %s LED.\n", name);
+ else
+ led->registered = 1;
+
+ return err;
+}
+
+int p54_init_leds(struct p54_common *priv)
+{
+ int err;
+
+ /*
+ * TODO:
+ * Figure out if the EEPROM contains some hints about the number
+ * of available/programmable LEDs of the device.
+ */
+
+ INIT_DELAYED_WORK(&priv->led_work, p54_update_leds);
+
+ err = p54_register_led(priv, 0, "assoc",
+ ieee80211_get_assoc_led_name(priv->hw));
+ if (err)
+ return err;
+
+ err = p54_register_led(priv, 1, "tx",
+ ieee80211_get_tx_led_name(priv->hw));
+ if (err)
+ return err;
+
+ err = p54_register_led(priv, 2, "rx",
+ ieee80211_get_rx_led_name(priv->hw));
+ if (err)
+ return err;
+
+ err = p54_register_led(priv, 3, "radio",
+ ieee80211_get_radio_led_name(priv->hw));
+ if (err)
+ return err;
+
+ err = p54_set_leds(priv);
+ return err;
+}
+
+void p54_unregister_leds(struct p54_common *priv)
+{
+ int i;
+
+ for (i = 0; i < ARRAY_SIZE(priv->leds); i++) {
+ if (priv->leds[i].registered) {
+ priv->leds[i].registered = false;
+ priv->leds[i].toggled = 0;
+ led_classdev_unregister(&priv->leds[i].led_dev);
+ }
+ }
+
+ cancel_delayed_work_sync(&priv->led_work);
+}
diff --git a/drivers/net/wireless/intersil/p54/lmac.h b/drivers/net/wireless/intersil/p54/lmac.h
new file mode 100644
index 000000000..8adde6ba3
--- /dev/null
+++ b/drivers/net/wireless/intersil/p54/lmac.h
@@ -0,0 +1,559 @@
+/* SPDX-License-Identifier: GPL-2.0-only */
+/*
+ * LMAC Interface specific definitions for mac80211 Prism54 drivers
+ *
+ * Copyright (c) 2006, Michael Wu <flamingice@sourmilk.net>
+ * Copyright (c) 2007 - 2009, Christian Lamparter <chunkeey@web.de>
+ *
+ * Based on:
+ * - the islsm (softmac prism54) driver, which is:
+ * Copyright 2004-2006 Jean-Baptiste Note <jbnote@gmail.com>, et al.
+ *
+ * - LMAC API interface header file for STLC4560 (lmac_longbow.h)
+ * Copyright (C) 2007 Conexant Systems, Inc.
+ */
+
+#ifndef LMAC_H
+#define LMAC_H
+
+enum p54_control_frame_types {
+ P54_CONTROL_TYPE_SETUP = 0,
+ P54_CONTROL_TYPE_SCAN,
+ P54_CONTROL_TYPE_TRAP,
+ P54_CONTROL_TYPE_DCFINIT,
+ P54_CONTROL_TYPE_RX_KEYCACHE,
+ P54_CONTROL_TYPE_TIM,
+ P54_CONTROL_TYPE_PSM,
+ P54_CONTROL_TYPE_TXCANCEL,
+ P54_CONTROL_TYPE_TXDONE,
+ P54_CONTROL_TYPE_BURST,
+ P54_CONTROL_TYPE_STAT_READBACK,
+ P54_CONTROL_TYPE_BBP,
+ P54_CONTROL_TYPE_EEPROM_READBACK,
+ P54_CONTROL_TYPE_LED,
+ P54_CONTROL_TYPE_GPIO,
+ P54_CONTROL_TYPE_TIMER,
+ P54_CONTROL_TYPE_MODULATION,
+ P54_CONTROL_TYPE_SYNTH_CONFIG,
+ P54_CONTROL_TYPE_DETECTOR_VALUE,
+ P54_CONTROL_TYPE_XBOW_SYNTH_CFG,
+ P54_CONTROL_TYPE_CCE_QUIET,
+ P54_CONTROL_TYPE_PSM_STA_UNLOCK,
+ P54_CONTROL_TYPE_PCS,
+ P54_CONTROL_TYPE_BT_BALANCER = 28,
+ P54_CONTROL_TYPE_GROUP_ADDRESS_TABLE = 30,
+ P54_CONTROL_TYPE_ARPTABLE = 31,
+ P54_CONTROL_TYPE_BT_OPTIONS = 35,
+};
+
+#define P54_HDR_FLAG_CONTROL BIT(15)
+#define P54_HDR_FLAG_CONTROL_OPSET (BIT(15) + BIT(0))
+#define P54_HDR_FLAG_DATA_ALIGN BIT(14)
+
+#define P54_HDR_FLAG_DATA_OUT_PROMISC BIT(0)
+#define P54_HDR_FLAG_DATA_OUT_TIMESTAMP BIT(1)
+#define P54_HDR_FLAG_DATA_OUT_SEQNR BIT(2)
+#define P54_HDR_FLAG_DATA_OUT_BIT3 BIT(3)
+#define P54_HDR_FLAG_DATA_OUT_BURST BIT(4)
+#define P54_HDR_FLAG_DATA_OUT_NOCANCEL BIT(5)
+#define P54_HDR_FLAG_DATA_OUT_CLEARTIM BIT(6)
+#define P54_HDR_FLAG_DATA_OUT_HITCHHIKE BIT(7)
+#define P54_HDR_FLAG_DATA_OUT_COMPRESS BIT(8)
+#define P54_HDR_FLAG_DATA_OUT_CONCAT BIT(9)
+#define P54_HDR_FLAG_DATA_OUT_PCS_ACCEPT BIT(10)
+#define P54_HDR_FLAG_DATA_OUT_WAITEOSP BIT(11)
+
+#define P54_HDR_FLAG_DATA_IN_FCS_GOOD BIT(0)
+#define P54_HDR_FLAG_DATA_IN_MATCH_MAC BIT(1)
+#define P54_HDR_FLAG_DATA_IN_MCBC BIT(2)
+#define P54_HDR_FLAG_DATA_IN_BEACON BIT(3)
+#define P54_HDR_FLAG_DATA_IN_MATCH_BSS BIT(4)
+#define P54_HDR_FLAG_DATA_IN_BCAST_BSS BIT(5)
+#define P54_HDR_FLAG_DATA_IN_DATA BIT(6)
+#define P54_HDR_FLAG_DATA_IN_TRUNCATED BIT(7)
+#define P54_HDR_FLAG_DATA_IN_BIT8 BIT(8)
+#define P54_HDR_FLAG_DATA_IN_TRANSPARENT BIT(9)
+
+struct p54_hdr {
+ __le16 flags;
+ __le16 len;
+ __le32 req_id;
+ __le16 type; /* enum p54_control_frame_types */
+ u8 rts_tries;
+ u8 tries;
+ u8 data[];
+} __packed;
+
+#define GET_REQ_ID(skb) \
+ (((struct p54_hdr *) ((struct sk_buff *) skb)->data)->req_id) \
+
+#define FREE_AFTER_TX(skb) \
+ ((((struct p54_hdr *) ((struct sk_buff *) skb)->data)-> \
+ flags) == cpu_to_le16(P54_HDR_FLAG_CONTROL_OPSET))
+
+#define IS_DATA_FRAME(skb) \
+ (!((((struct p54_hdr *) ((struct sk_buff *) skb)->data)-> \
+ flags) & cpu_to_le16(P54_HDR_FLAG_CONTROL)))
+
+#define GET_HW_QUEUE(skb) \
+ (((struct p54_tx_data *)((struct p54_hdr *) \
+ skb->data)->data)->hw_queue)
+
+/*
+ * shared interface ID definitions
+ * The interface ID is a unique identification of a specific interface.
+ * The following values are reserved: 0x0000, 0x0002, 0x0012, 0x0014, 0x0015
+ */
+#define IF_ID_ISL36356A 0x0001 /* ISL36356A <-> Firmware */
+#define IF_ID_MVC 0x0003 /* MAC Virtual Coprocessor */
+#define IF_ID_DEBUG 0x0008 /* PolDebug Interface */
+#define IF_ID_PRODUCT 0x0009
+#define IF_ID_OEM 0x000a
+#define IF_ID_PCI3877 0x000b /* 3877 <-> Host PCI */
+#define IF_ID_ISL37704C 0x000c /* ISL37704C <-> Fw */
+#define IF_ID_ISL39000 0x000f /* ISL39000 <-> Fw */
+#define IF_ID_ISL39300A 0x0010 /* ISL39300A <-> Fw */
+#define IF_ID_ISL37700_UAP 0x0016 /* ISL37700 uAP Fw <-> Fw */
+#define IF_ID_ISL39000_UAP 0x0017 /* ISL39000 uAP Fw <-> Fw */
+#define IF_ID_LMAC 0x001a /* Interface exposed by LMAC */
+
+struct exp_if {
+ __le16 role;
+ __le16 if_id;
+ __le16 variant;
+ __le16 btm_compat;
+ __le16 top_compat;
+} __packed;
+
+struct dep_if {
+ __le16 role;
+ __le16 if_id;
+ __le16 variant;
+} __packed;
+
+/* driver <-> lmac definitions */
+struct p54_eeprom_lm86 {
+ union {
+ struct {
+ __le16 offset;
+ __le16 len;
+ u8 data[0];
+ } __packed v1;
+ struct {
+ __le32 offset;
+ __le16 len;
+ u8 magic2;
+ u8 pad;
+ u8 magic[4];
+ u8 data[0];
+ } __packed v2;
+ } __packed;
+} __packed;
+
+enum p54_rx_decrypt_status {
+ P54_DECRYPT_NONE = 0,
+ P54_DECRYPT_OK,
+ P54_DECRYPT_NOKEY,
+ P54_DECRYPT_NOMICHAEL,
+ P54_DECRYPT_NOCKIPMIC,
+ P54_DECRYPT_FAIL_WEP,
+ P54_DECRYPT_FAIL_TKIP,
+ P54_DECRYPT_FAIL_MICHAEL,
+ P54_DECRYPT_FAIL_CKIPKP,
+ P54_DECRYPT_FAIL_CKIPMIC,
+ P54_DECRYPT_FAIL_AESCCMP
+};
+
+struct p54_rx_data {
+ __le16 flags;
+ __le16 len;
+ __le16 freq;
+ u8 antenna;
+ u8 rate;
+ u8 rssi;
+ u8 quality;
+ u8 decrypt_status;
+ u8 rssi_raw;
+ __le32 tsf32;
+ __le32 unalloc0;
+ u8 align[];
+} __packed;
+
+enum p54_trap_type {
+ P54_TRAP_SCAN = 0,
+ P54_TRAP_TIMER,
+ P54_TRAP_BEACON_TX,
+ P54_TRAP_FAA_RADIO_ON,
+ P54_TRAP_FAA_RADIO_OFF,
+ P54_TRAP_RADAR,
+ P54_TRAP_NO_BEACON,
+ P54_TRAP_TBTT,
+ P54_TRAP_SCO_ENTER,
+ P54_TRAP_SCO_EXIT
+};
+
+struct p54_trap {
+ __le16 event;
+ __le16 frequency;
+} __packed;
+
+enum p54_frame_sent_status {
+ P54_TX_OK = 0,
+ P54_TX_FAILED,
+ P54_TX_PSM,
+ P54_TX_PSM_CANCELLED = 4
+};
+
+struct p54_frame_sent {
+ u8 status;
+ u8 tries;
+ u8 ack_rssi;
+ u8 quality;
+ __le16 seq;
+ u8 antenna;
+ u8 padding;
+} __packed;
+
+enum p54_tx_data_crypt {
+ P54_CRYPTO_NONE = 0,
+ P54_CRYPTO_WEP,
+ P54_CRYPTO_TKIP,
+ P54_CRYPTO_TKIPMICHAEL,
+ P54_CRYPTO_CCX_WEPMIC,
+ P54_CRYPTO_CCX_KPMIC,
+ P54_CRYPTO_CCX_KP,
+ P54_CRYPTO_AESCCMP
+};
+
+enum p54_tx_data_queue {
+ P54_QUEUE_BEACON = 0,
+ P54_QUEUE_FWSCAN = 1,
+ P54_QUEUE_MGMT = 2,
+ P54_QUEUE_CAB = 3,
+ P54_QUEUE_DATA = 4,
+
+ P54_QUEUE_AC_NUM = 4,
+ P54_QUEUE_AC_VO = 4,
+ P54_QUEUE_AC_VI = 5,
+ P54_QUEUE_AC_BE = 6,
+ P54_QUEUE_AC_BK = 7,
+
+ /* keep last */
+ P54_QUEUE_NUM = 8,
+};
+
+#define IS_QOS_QUEUE(n) (n >= P54_QUEUE_DATA)
+
+struct p54_tx_data {
+ u8 rateset[8];
+ u8 rts_rate_idx;
+ u8 crypt_offset;
+ u8 key_type;
+ u8 key_len;
+ u8 key[16];
+ u8 hw_queue;
+ u8 backlog;
+ __le16 durations[4];
+ u8 tx_antenna;
+ union {
+ struct {
+ u8 cts_rate;
+ __le16 output_power;
+ } __packed longbow;
+ struct {
+ u8 output_power;
+ u8 cts_rate;
+ u8 unalloc;
+ } __packed normal;
+ } __packed;
+ u8 unalloc2[2];
+ u8 align[];
+} __packed;
+
+/* unit is ms */
+#define P54_TX_FRAME_LIFETIME 2000
+#define P54_TX_TIMEOUT 4000
+#define P54_STATISTICS_UPDATE 5000
+
+#define P54_FILTER_TYPE_NONE 0
+#define P54_FILTER_TYPE_STATION BIT(0)
+#define P54_FILTER_TYPE_IBSS BIT(1)
+#define P54_FILTER_TYPE_AP BIT(2)
+#define P54_FILTER_TYPE_TRANSPARENT BIT(3)
+#define P54_FILTER_TYPE_PROMISCUOUS BIT(4)
+#define P54_FILTER_TYPE_HIBERNATE BIT(5)
+#define P54_FILTER_TYPE_NOACK BIT(6)
+#define P54_FILTER_TYPE_RX_DISABLED BIT(7)
+
+struct p54_setup_mac {
+ __le16 mac_mode;
+ u8 mac_addr[ETH_ALEN];
+ u8 bssid[ETH_ALEN];
+ u8 rx_antenna;
+ u8 rx_align;
+ union {
+ struct {
+ __le32 basic_rate_mask;
+ u8 rts_rates[8];
+ __le32 rx_addr;
+ __le16 max_rx;
+ __le16 rxhw;
+ __le16 wakeup_timer;
+ __le16 unalloc0;
+ } __packed v1;
+ struct {
+ __le32 rx_addr;
+ __le16 max_rx;
+ __le16 rxhw;
+ __le16 timer;
+ __le16 truncate;
+ __le32 basic_rate_mask;
+ u8 sbss_offset;
+ u8 mcast_window;
+ u8 rx_rssi_threshold;
+ u8 rx_ed_threshold;
+ __le32 ref_clock;
+ __le16 lpf_bandwidth;
+ __le16 osc_start_delay;
+ } __packed v2;
+ } __packed;
+} __packed;
+
+#define P54_SETUP_V1_LEN 40
+#define P54_SETUP_V2_LEN (sizeof(struct p54_setup_mac))
+
+#define P54_SCAN_EXIT BIT(0)
+#define P54_SCAN_TRAP BIT(1)
+#define P54_SCAN_ACTIVE BIT(2)
+#define P54_SCAN_FILTER BIT(3)
+
+struct p54_scan_head {
+ __le16 mode;
+ __le16 dwell;
+ u8 scan_params[20];
+ __le16 freq;
+} __packed;
+
+struct p54_pa_curve_data_sample {
+ u8 rf_power;
+ u8 pa_detector;
+ u8 data_barker;
+ u8 data_bpsk;
+ u8 data_qpsk;
+ u8 data_16qam;
+ u8 data_64qam;
+ u8 padding;
+} __packed;
+
+struct p54_scan_body {
+ u8 pa_points_per_curve;
+ u8 val_barker;
+ u8 val_bpsk;
+ u8 val_qpsk;
+ u8 val_16qam;
+ u8 val_64qam;
+ struct p54_pa_curve_data_sample curve_data[8];
+ u8 dup_bpsk;
+ u8 dup_qpsk;
+ u8 dup_16qam;
+ u8 dup_64qam;
+} __packed;
+
+/*
+ * Warning: Longbow's structures are bogus.
+ */
+struct p54_channel_output_limit_longbow {
+ __le16 rf_power_points[12];
+} __packed;
+
+struct p54_pa_curve_data_sample_longbow {
+ __le16 rf_power;
+ __le16 pa_detector;
+ struct {
+ __le16 data[4];
+ } points[3] __packed;
+} __packed;
+
+struct p54_scan_body_longbow {
+ struct p54_channel_output_limit_longbow power_limits;
+ struct p54_pa_curve_data_sample_longbow curve_data[8];
+ __le16 unkn[6]; /* maybe more power_limits or rate_mask */
+} __packed;
+
+union p54_scan_body_union {
+ struct p54_scan_body normal;
+ struct p54_scan_body_longbow longbow;
+} __packed;
+
+struct p54_scan_tail_rate {
+ __le32 basic_rate_mask;
+ u8 rts_rates[8];
+} __packed;
+
+struct p54_led {
+ __le16 flags;
+ __le16 mask[2];
+ __le16 delay[2];
+} __packed;
+
+struct p54_edcf {
+ u8 flags;
+ u8 slottime;
+ u8 sifs;
+ u8 eofpad;
+ struct p54_edcf_queue_param queue[8];
+ u8 mapping[4];
+ __le16 frameburst;
+ __le16 round_trip_delay;
+} __packed;
+
+struct p54_statistics {
+ __le32 rx_success;
+ __le32 rx_bad_fcs;
+ __le32 rx_abort;
+ __le32 rx_abort_phy;
+ __le32 rts_success;
+ __le32 rts_fail;
+ __le32 tsf32;
+ __le32 airtime;
+ __le32 noise;
+ __le32 sample_noise[8];
+ __le32 sample_cca;
+ __le32 sample_tx;
+} __packed;
+
+struct p54_xbow_synth {
+ __le16 magic1;
+ __le16 magic2;
+ __le16 freq;
+ u32 padding[5];
+} __packed;
+
+struct p54_timer {
+ __le32 interval;
+} __packed;
+
+struct p54_keycache {
+ u8 entry;
+ u8 key_id;
+ u8 mac[ETH_ALEN];
+ u8 padding[2];
+ u8 key_type;
+ u8 key_len;
+ u8 key[24];
+} __packed;
+
+struct p54_burst {
+ u8 flags;
+ u8 queue;
+ u8 backlog;
+ u8 pad;
+ __le16 durations[32];
+} __packed;
+
+struct p54_psm_interval {
+ __le16 interval;
+ __le16 periods;
+} __packed;
+
+#define P54_PSM_CAM 0
+#define P54_PSM BIT(0)
+#define P54_PSM_DTIM BIT(1)
+#define P54_PSM_MCBC BIT(2)
+#define P54_PSM_CHECKSUM BIT(3)
+#define P54_PSM_SKIP_MORE_DATA BIT(4)
+#define P54_PSM_BEACON_TIMEOUT BIT(5)
+#define P54_PSM_HFOSLEEP BIT(6)
+#define P54_PSM_AUTOSWITCH_SLEEP BIT(7)
+#define P54_PSM_LPIT BIT(8)
+#define P54_PSM_BF_UCAST_SKIP BIT(9)
+#define P54_PSM_BF_MCAST_SKIP BIT(10)
+
+struct p54_psm {
+ __le16 mode;
+ __le16 aid;
+ struct p54_psm_interval intervals[4];
+ u8 beacon_rssi_skip_max;
+ u8 rssi_delta_threshold;
+ u8 nr;
+ u8 exclude[1];
+} __packed;
+
+#define MC_FILTER_ADDRESS_NUM 4
+
+struct p54_group_address_table {
+ __le16 filter_enable;
+ __le16 num_address;
+ u8 mac_list[MC_FILTER_ADDRESS_NUM][ETH_ALEN];
+} __packed;
+
+struct p54_txcancel {
+ __le32 req_id;
+} __packed;
+
+struct p54_sta_unlock {
+ u8 addr[ETH_ALEN];
+ u16 padding;
+} __packed;
+
+#define P54_TIM_CLEAR BIT(15)
+struct p54_tim {
+ u8 count;
+ u8 padding[3];
+ __le16 entry[8];
+} __packed;
+
+struct p54_cce_quiet {
+ __le32 period;
+} __packed;
+
+struct p54_bt_balancer {
+ __le16 prio_thresh;
+ __le16 acl_thresh;
+} __packed;
+
+struct p54_arp_table {
+ __le16 filter_enable;
+ u8 ipv4_addr[4];
+} __packed;
+
+/* LED control */
+int p54_set_leds(struct p54_common *priv);
+int p54_init_leds(struct p54_common *priv);
+void p54_unregister_leds(struct p54_common *priv);
+
+/* xmit functions */
+void p54_tx_80211(struct ieee80211_hw *dev,
+ struct ieee80211_tx_control *control,
+ struct sk_buff *skb);
+int p54_tx_cancel(struct p54_common *priv, __le32 req_id);
+void p54_tx(struct p54_common *priv, struct sk_buff *skb);
+
+/* synth/phy configuration */
+int p54_init_xbow_synth(struct p54_common *priv);
+int p54_scan(struct p54_common *priv, u16 mode, u16 dwell);
+
+/* MAC */
+int p54_sta_unlock(struct p54_common *priv, u8 *addr);
+int p54_update_beacon_tim(struct p54_common *priv, u16 aid, bool set);
+int p54_setup_mac(struct p54_common *priv);
+int p54_set_ps(struct p54_common *priv);
+int p54_fetch_statistics(struct p54_common *priv);
+int p54_set_groupfilter(struct p54_common *priv);
+
+/* e/v DCF setup */
+int p54_set_edcf(struct p54_common *priv);
+
+/* cryptographic engine */
+int p54_upload_key(struct p54_common *priv, u8 algo, int slot,
+ u8 idx, u8 len, u8 *addr, u8* key);
+
+/* eeprom */
+int p54_download_eeprom(struct p54_common *priv, void *buf,
+ u16 offset, u16 len);
+struct p54_rssi_db_entry *p54_rssi_find(struct p54_common *p, const u16 freq);
+
+/* utility */
+u8 *p54_find_ie(struct sk_buff *skb, u8 ie);
+
+#endif /* LMAC_H */
diff --git a/drivers/net/wireless/intersil/p54/main.c b/drivers/net/wireless/intersil/p54/main.c
new file mode 100644
index 000000000..e127453ab
--- /dev/null
+++ b/drivers/net/wireless/intersil/p54/main.c
@@ -0,0 +1,861 @@
+// SPDX-License-Identifier: GPL-2.0-only
+/*
+ * mac80211 glue code for mac80211 Prism54 drivers
+ *
+ * Copyright (c) 2006, Michael Wu <flamingice@sourmilk.net>
+ * Copyright (c) 2007-2009, Christian Lamparter <chunkeey@web.de>
+ * Copyright 2008, Johannes Berg <johannes@sipsolutions.net>
+ *
+ * Based on:
+ * - the islsm (softmac prism54) driver, which is:
+ * Copyright 2004-2006 Jean-Baptiste Note <jbnote@gmail.com>, et al.
+ * - stlc45xx driver
+ * Copyright (C) 2008 Nokia Corporation and/or its subsidiary(-ies).
+ */
+
+#include <linux/slab.h>
+#include <linux/firmware.h>
+#include <linux/etherdevice.h>
+#include <linux/module.h>
+
+#include <net/mac80211.h>
+
+#include "p54.h"
+#include "lmac.h"
+
+static bool modparam_nohwcrypt;
+module_param_named(nohwcrypt, modparam_nohwcrypt, bool, 0444);
+MODULE_PARM_DESC(nohwcrypt, "Disable hardware encryption.");
+MODULE_AUTHOR("Michael Wu <flamingice@sourmilk.net>");
+MODULE_DESCRIPTION("Softmac Prism54 common code");
+MODULE_LICENSE("GPL");
+MODULE_ALIAS("prism54common");
+
+static int p54_sta_add_remove(struct ieee80211_hw *hw,
+ struct ieee80211_vif *vif,
+ struct ieee80211_sta *sta)
+{
+ struct p54_common *priv = hw->priv;
+
+ /*
+ * Notify the firmware that we don't want or we don't
+ * need to buffer frames for this station anymore.
+ */
+
+ p54_sta_unlock(priv, sta->addr);
+
+ return 0;
+}
+
+static void p54_sta_notify(struct ieee80211_hw *dev, struct ieee80211_vif *vif,
+ enum sta_notify_cmd notify_cmd,
+ struct ieee80211_sta *sta)
+{
+ struct p54_common *priv = dev->priv;
+
+ switch (notify_cmd) {
+ case STA_NOTIFY_AWAKE:
+ /* update the firmware's filter table */
+ p54_sta_unlock(priv, sta->addr);
+ break;
+ default:
+ break;
+ }
+}
+
+static int p54_set_tim(struct ieee80211_hw *dev, struct ieee80211_sta *sta,
+ bool set)
+{
+ struct p54_common *priv = dev->priv;
+
+ return p54_update_beacon_tim(priv, sta->aid, set);
+}
+
+u8 *p54_find_ie(struct sk_buff *skb, u8 ie)
+{
+ struct ieee80211_mgmt *mgmt = (void *)skb->data;
+ u8 *pos, *end;
+
+ if (skb->len <= sizeof(mgmt))
+ return NULL;
+
+ pos = (u8 *)mgmt->u.beacon.variable;
+ end = skb->data + skb->len;
+ while (pos < end) {
+ if (pos + 2 + pos[1] > end)
+ return NULL;
+
+ if (pos[0] == ie)
+ return pos;
+
+ pos += 2 + pos[1];
+ }
+ return NULL;
+}
+
+static int p54_beacon_format_ie_tim(struct sk_buff *skb)
+{
+ /*
+ * the good excuse for this mess is ... the firmware.
+ * The dummy TIM MUST be at the end of the beacon frame,
+ * because it'll be overwritten!
+ */
+ u8 *tim;
+ u8 dtim_len;
+ u8 dtim_period;
+ u8 *next;
+
+ tim = p54_find_ie(skb, WLAN_EID_TIM);
+ if (!tim)
+ return 0;
+
+ dtim_len = tim[1];
+ dtim_period = tim[3];
+ next = tim + 2 + dtim_len;
+
+ if (dtim_len < 3)
+ return -EINVAL;
+
+ memmove(tim, next, skb_tail_pointer(skb) - next);
+ tim = skb_tail_pointer(skb) - (dtim_len + 2);
+
+ /* add the dummy at the end */
+ tim[0] = WLAN_EID_TIM;
+ tim[1] = 3;
+ tim[2] = 0;
+ tim[3] = dtim_period;
+ tim[4] = 0;
+
+ if (dtim_len > 3)
+ skb_trim(skb, skb->len - (dtim_len - 3));
+
+ return 0;
+}
+
+static int p54_beacon_update(struct p54_common *priv,
+ struct ieee80211_vif *vif)
+{
+ struct ieee80211_tx_control control = { };
+ struct sk_buff *beacon;
+ int ret;
+
+ beacon = ieee80211_beacon_get(priv->hw, vif, 0);
+ if (!beacon)
+ return -ENOMEM;
+ ret = p54_beacon_format_ie_tim(beacon);
+ if (ret)
+ return ret;
+
+ /*
+ * During operation, the firmware takes care of beaconing.
+ * The driver only needs to upload a new beacon template, once
+ * the template was changed by the stack or userspace.
+ *
+ * LMAC API 3.2.2 also specifies that the driver does not need
+ * to cancel the old beacon template by hand, instead the firmware
+ * will release the previous one through the feedback mechanism.
+ */
+ p54_tx_80211(priv->hw, &control, beacon);
+ priv->tsf_high32 = 0;
+ priv->tsf_low32 = 0;
+
+ return 0;
+}
+
+static int p54_start(struct ieee80211_hw *dev)
+{
+ struct p54_common *priv = dev->priv;
+ int err;
+
+ mutex_lock(&priv->conf_mutex);
+ err = priv->open(dev);
+ if (err)
+ goto out;
+ P54_SET_QUEUE(priv->qos_params[0], 0x0002, 0x0003, 0x0007, 47);
+ P54_SET_QUEUE(priv->qos_params[1], 0x0002, 0x0007, 0x000f, 94);
+ P54_SET_QUEUE(priv->qos_params[2], 0x0003, 0x000f, 0x03ff, 0);
+ P54_SET_QUEUE(priv->qos_params[3], 0x0007, 0x000f, 0x03ff, 0);
+ err = p54_set_edcf(priv);
+ if (err)
+ goto out;
+
+ eth_broadcast_addr(priv->bssid);
+ priv->mode = NL80211_IFTYPE_MONITOR;
+ err = p54_setup_mac(priv);
+ if (err) {
+ priv->mode = NL80211_IFTYPE_UNSPECIFIED;
+ goto out;
+ }
+
+ ieee80211_queue_delayed_work(dev, &priv->work, 0);
+
+ priv->softled_state = 0;
+ err = p54_set_leds(priv);
+
+out:
+ mutex_unlock(&priv->conf_mutex);
+ return err;
+}
+
+static void p54_stop(struct ieee80211_hw *dev)
+{
+ struct p54_common *priv = dev->priv;
+ int i;
+
+ priv->mode = NL80211_IFTYPE_UNSPECIFIED;
+ priv->softled_state = 0;
+ cancel_delayed_work_sync(&priv->work);
+ mutex_lock(&priv->conf_mutex);
+ p54_set_leds(priv);
+ priv->stop(dev);
+ skb_queue_purge(&priv->tx_pending);
+ skb_queue_purge(&priv->tx_queue);
+ for (i = 0; i < P54_QUEUE_NUM; i++) {
+ priv->tx_stats[i].count = 0;
+ priv->tx_stats[i].len = 0;
+ }
+
+ priv->beacon_req_id = cpu_to_le32(0);
+ priv->tsf_high32 = priv->tsf_low32 = 0;
+ mutex_unlock(&priv->conf_mutex);
+}
+
+static int p54_add_interface(struct ieee80211_hw *dev,
+ struct ieee80211_vif *vif)
+{
+ struct p54_common *priv = dev->priv;
+ int err;
+
+ vif->driver_flags |= IEEE80211_VIF_BEACON_FILTER;
+
+ mutex_lock(&priv->conf_mutex);
+ if (priv->mode != NL80211_IFTYPE_MONITOR) {
+ mutex_unlock(&priv->conf_mutex);
+ return -EOPNOTSUPP;
+ }
+
+ priv->vif = vif;
+
+ switch (vif->type) {
+ case NL80211_IFTYPE_STATION:
+ case NL80211_IFTYPE_ADHOC:
+ case NL80211_IFTYPE_AP:
+ case NL80211_IFTYPE_MESH_POINT:
+ priv->mode = vif->type;
+ break;
+ default:
+ mutex_unlock(&priv->conf_mutex);
+ return -EOPNOTSUPP;
+ }
+
+ memcpy(priv->mac_addr, vif->addr, ETH_ALEN);
+ err = p54_setup_mac(priv);
+ mutex_unlock(&priv->conf_mutex);
+ return err;
+}
+
+static void p54_remove_interface(struct ieee80211_hw *dev,
+ struct ieee80211_vif *vif)
+{
+ struct p54_common *priv = dev->priv;
+
+ mutex_lock(&priv->conf_mutex);
+ priv->vif = NULL;
+
+ /*
+ * LMAC API 3.2.2 states that any active beacon template must be
+ * canceled by the driver before attempting a mode transition.
+ */
+ if (le32_to_cpu(priv->beacon_req_id) != 0) {
+ p54_tx_cancel(priv, priv->beacon_req_id);
+ wait_for_completion_interruptible_timeout(&priv->beacon_comp, HZ);
+ }
+ priv->mode = NL80211_IFTYPE_MONITOR;
+ eth_zero_addr(priv->mac_addr);
+ eth_zero_addr(priv->bssid);
+ p54_setup_mac(priv);
+ mutex_unlock(&priv->conf_mutex);
+}
+
+static int p54_wait_for_stats(struct ieee80211_hw *dev)
+{
+ struct p54_common *priv = dev->priv;
+ int ret;
+
+ priv->update_stats = true;
+ ret = p54_fetch_statistics(priv);
+ if (ret)
+ return ret;
+
+ ret = wait_for_completion_interruptible_timeout(&priv->stat_comp, HZ);
+ if (ret == 0)
+ return -ETIMEDOUT;
+
+ return 0;
+}
+
+static void p54_reset_stats(struct p54_common *priv)
+{
+ struct ieee80211_channel *chan = priv->curchan;
+
+ if (chan) {
+ struct survey_info *info = &priv->survey[chan->hw_value];
+
+ /* only reset channel statistics, don't touch .filled, etc. */
+ info->time = 0;
+ info->time_busy = 0;
+ info->time_tx = 0;
+ }
+
+ priv->update_stats = true;
+ priv->survey_raw.active = 0;
+ priv->survey_raw.cca = 0;
+ priv->survey_raw.tx = 0;
+}
+
+static int p54_config(struct ieee80211_hw *dev, u32 changed)
+{
+ int ret = 0;
+ struct p54_common *priv = dev->priv;
+ struct ieee80211_conf *conf = &dev->conf;
+
+ mutex_lock(&priv->conf_mutex);
+ if (changed & IEEE80211_CONF_CHANGE_POWER)
+ priv->output_power = conf->power_level << 2;
+ if (changed & IEEE80211_CONF_CHANGE_CHANNEL) {
+ struct ieee80211_channel *oldchan;
+ WARN_ON(p54_wait_for_stats(dev));
+ oldchan = priv->curchan;
+ priv->curchan = NULL;
+ ret = p54_scan(priv, P54_SCAN_EXIT, 0);
+ if (ret) {
+ priv->curchan = oldchan;
+ goto out;
+ }
+ /*
+ * TODO: Use the LM_SCAN_TRAP to determine the current
+ * operating channel.
+ */
+ priv->curchan = priv->hw->conf.chandef.chan;
+ p54_reset_stats(priv);
+ WARN_ON(p54_fetch_statistics(priv));
+ }
+ if (changed & IEEE80211_CONF_CHANGE_PS) {
+ WARN_ON(p54_wait_for_stats(dev));
+ ret = p54_set_ps(priv);
+ if (ret)
+ goto out;
+ WARN_ON(p54_wait_for_stats(dev));
+ }
+ if (changed & IEEE80211_CONF_CHANGE_IDLE) {
+ WARN_ON(p54_wait_for_stats(dev));
+ ret = p54_setup_mac(priv);
+ if (ret)
+ goto out;
+ WARN_ON(p54_wait_for_stats(dev));
+ }
+
+out:
+ mutex_unlock(&priv->conf_mutex);
+ return ret;
+}
+
+static u64 p54_prepare_multicast(struct ieee80211_hw *dev,
+ struct netdev_hw_addr_list *mc_list)
+{
+ struct p54_common *priv = dev->priv;
+ struct netdev_hw_addr *ha;
+ int i;
+
+ BUILD_BUG_ON(ARRAY_SIZE(priv->mc_maclist) !=
+ ARRAY_SIZE(((struct p54_group_address_table *)NULL)->mac_list));
+ /*
+ * The first entry is reserved for the global broadcast MAC.
+ * Otherwise the firmware will drop it and ARP will no longer work.
+ */
+ i = 1;
+ priv->mc_maclist_num = netdev_hw_addr_list_count(mc_list) + i;
+ netdev_hw_addr_list_for_each(ha, mc_list) {
+ memcpy(&priv->mc_maclist[i], ha->addr, ETH_ALEN);
+ i++;
+ if (i >= ARRAY_SIZE(priv->mc_maclist))
+ break;
+ }
+
+ return 1; /* update */
+}
+
+static void p54_configure_filter(struct ieee80211_hw *dev,
+ unsigned int changed_flags,
+ unsigned int *total_flags,
+ u64 multicast)
+{
+ struct p54_common *priv = dev->priv;
+
+ *total_flags &= FIF_ALLMULTI | FIF_OTHER_BSS;
+
+ priv->filter_flags = *total_flags;
+
+ if (changed_flags & FIF_OTHER_BSS)
+ p54_setup_mac(priv);
+
+ if (changed_flags & FIF_ALLMULTI || multicast)
+ p54_set_groupfilter(priv);
+}
+
+static int p54_conf_tx(struct ieee80211_hw *dev,
+ struct ieee80211_vif *vif,
+ unsigned int link_id, u16 queue,
+ const struct ieee80211_tx_queue_params *params)
+{
+ struct p54_common *priv = dev->priv;
+ int ret;
+
+ mutex_lock(&priv->conf_mutex);
+ P54_SET_QUEUE(priv->qos_params[queue], params->aifs,
+ params->cw_min, params->cw_max, params->txop);
+ ret = p54_set_edcf(priv);
+ mutex_unlock(&priv->conf_mutex);
+ return ret;
+}
+
+static void p54_work(struct work_struct *work)
+{
+ struct p54_common *priv = container_of(work, struct p54_common,
+ work.work);
+
+ if (unlikely(priv->mode == NL80211_IFTYPE_UNSPECIFIED))
+ return ;
+
+ /*
+ * TODO: walk through tx_queue and do the following tasks
+ * 1. initiate bursts.
+ * 2. cancel stuck frames / reset the device if necessary.
+ */
+
+ mutex_lock(&priv->conf_mutex);
+ WARN_ON_ONCE(p54_fetch_statistics(priv));
+ mutex_unlock(&priv->conf_mutex);
+}
+
+static int p54_get_stats(struct ieee80211_hw *dev,
+ struct ieee80211_low_level_stats *stats)
+{
+ struct p54_common *priv = dev->priv;
+
+ memcpy(stats, &priv->stats, sizeof(*stats));
+ return 0;
+}
+
+static void p54_bss_info_changed(struct ieee80211_hw *dev,
+ struct ieee80211_vif *vif,
+ struct ieee80211_bss_conf *info,
+ u64 changed)
+{
+ struct p54_common *priv = dev->priv;
+
+ mutex_lock(&priv->conf_mutex);
+ if (changed & BSS_CHANGED_BSSID) {
+ memcpy(priv->bssid, info->bssid, ETH_ALEN);
+ p54_setup_mac(priv);
+ }
+
+ if (changed & BSS_CHANGED_BEACON) {
+ p54_scan(priv, P54_SCAN_EXIT, 0);
+ p54_setup_mac(priv);
+ p54_beacon_update(priv, vif);
+ p54_set_edcf(priv);
+ }
+
+ if (changed & (BSS_CHANGED_ERP_SLOT | BSS_CHANGED_BEACON)) {
+ priv->use_short_slot = info->use_short_slot;
+ p54_set_edcf(priv);
+ }
+ if (changed & BSS_CHANGED_BASIC_RATES) {
+ if (dev->conf.chandef.chan->band == NL80211_BAND_5GHZ)
+ priv->basic_rate_mask = (info->basic_rates << 4);
+ else
+ priv->basic_rate_mask = info->basic_rates;
+ p54_setup_mac(priv);
+ if (priv->fw_var >= 0x500)
+ p54_scan(priv, P54_SCAN_EXIT, 0);
+ }
+ if (changed & BSS_CHANGED_ASSOC) {
+ if (vif->cfg.assoc) {
+ priv->aid = vif->cfg.aid;
+ priv->wakeup_timer = info->beacon_int *
+ info->dtim_period * 5;
+ p54_setup_mac(priv);
+ } else {
+ priv->wakeup_timer = 500;
+ priv->aid = 0;
+ }
+ }
+
+ mutex_unlock(&priv->conf_mutex);
+}
+
+static int p54_set_key(struct ieee80211_hw *dev, enum set_key_cmd cmd,
+ struct ieee80211_vif *vif, struct ieee80211_sta *sta,
+ struct ieee80211_key_conf *key)
+{
+ struct p54_common *priv = dev->priv;
+ int slot, ret = 0;
+ u8 algo = 0;
+ u8 *addr = NULL;
+
+ if (modparam_nohwcrypt)
+ return -EOPNOTSUPP;
+
+ if (key->flags & IEEE80211_KEY_FLAG_RX_MGMT) {
+ /*
+ * Unfortunately most/all firmwares are trying to decrypt
+ * incoming management frames if a suitable key can be found.
+ * However, in doing so the data in these frames gets
+ * corrupted. So, we can't have firmware supported crypto
+ * offload in this case.
+ */
+ return -EOPNOTSUPP;
+ }
+
+ mutex_lock(&priv->conf_mutex);
+ if (cmd == SET_KEY) {
+ switch (key->cipher) {
+ case WLAN_CIPHER_SUITE_TKIP:
+ if (!(priv->privacy_caps & (BR_DESC_PRIV_CAP_MICHAEL |
+ BR_DESC_PRIV_CAP_TKIP))) {
+ ret = -EOPNOTSUPP;
+ goto out_unlock;
+ }
+ key->flags |= IEEE80211_KEY_FLAG_GENERATE_IV;
+ algo = P54_CRYPTO_TKIPMICHAEL;
+ break;
+ case WLAN_CIPHER_SUITE_WEP40:
+ case WLAN_CIPHER_SUITE_WEP104:
+ if (!(priv->privacy_caps & BR_DESC_PRIV_CAP_WEP)) {
+ ret = -EOPNOTSUPP;
+ goto out_unlock;
+ }
+ key->flags |= IEEE80211_KEY_FLAG_GENERATE_IV;
+ algo = P54_CRYPTO_WEP;
+ break;
+ case WLAN_CIPHER_SUITE_CCMP:
+ if (!(priv->privacy_caps & BR_DESC_PRIV_CAP_AESCCMP)) {
+ ret = -EOPNOTSUPP;
+ goto out_unlock;
+ }
+ key->flags |= IEEE80211_KEY_FLAG_GENERATE_IV;
+ algo = P54_CRYPTO_AESCCMP;
+ break;
+ default:
+ ret = -EOPNOTSUPP;
+ goto out_unlock;
+ }
+ slot = bitmap_find_free_region(priv->used_rxkeys,
+ priv->rx_keycache_size, 0);
+
+ if (slot < 0) {
+ /*
+ * The device supports the chosen algorithm, but the
+ * firmware does not provide enough key slots to store
+ * all of them.
+ * But encryption offload for outgoing frames is always
+ * possible, so we just pretend that the upload was
+ * successful and do the decryption in software.
+ */
+
+ /* mark the key as invalid. */
+ key->hw_key_idx = 0xff;
+ goto out_unlock;
+ }
+
+ key->flags |= IEEE80211_KEY_FLAG_RESERVE_TAILROOM;
+ } else {
+ slot = key->hw_key_idx;
+
+ if (slot == 0xff) {
+ /* This key was not uploaded into the rx key cache. */
+
+ goto out_unlock;
+ }
+
+ bitmap_release_region(priv->used_rxkeys, slot, 0);
+ algo = 0;
+ }
+
+ if (sta)
+ addr = sta->addr;
+
+ ret = p54_upload_key(priv, algo, slot, key->keyidx,
+ key->keylen, addr, key->key);
+ if (ret) {
+ bitmap_release_region(priv->used_rxkeys, slot, 0);
+ ret = -EOPNOTSUPP;
+ goto out_unlock;
+ }
+
+ key->hw_key_idx = slot;
+
+out_unlock:
+ mutex_unlock(&priv->conf_mutex);
+ return ret;
+}
+
+static int p54_get_survey(struct ieee80211_hw *dev, int idx,
+ struct survey_info *survey)
+{
+ struct p54_common *priv = dev->priv;
+ struct ieee80211_channel *chan;
+ int err, tries;
+ bool in_use = false;
+
+ if (idx >= priv->chan_num)
+ return -ENOENT;
+
+#define MAX_TRIES 1
+ for (tries = 0; tries < MAX_TRIES; tries++) {
+ chan = priv->curchan;
+ if (chan && chan->hw_value == idx) {
+ mutex_lock(&priv->conf_mutex);
+ err = p54_wait_for_stats(dev);
+ mutex_unlock(&priv->conf_mutex);
+ if (err)
+ return err;
+
+ in_use = true;
+ }
+
+ memcpy(survey, &priv->survey[idx], sizeof(*survey));
+
+ if (in_use) {
+ /* test if the reported statistics are valid. */
+ if (survey->time != 0) {
+ survey->filled |= SURVEY_INFO_IN_USE;
+ } else {
+ /*
+ * hw/fw has not accumulated enough sample sets.
+ * Wait for 100ms, this ought to be enough to
+ * get at least one non-null set of channel
+ * usage statistics.
+ */
+ msleep(100);
+ continue;
+ }
+ }
+ return 0;
+ }
+ return -ETIMEDOUT;
+#undef MAX_TRIES
+}
+
+static unsigned int p54_flush_count(struct p54_common *priv)
+{
+ unsigned int total = 0, i;
+
+ BUILD_BUG_ON(P54_QUEUE_NUM > ARRAY_SIZE(priv->tx_stats));
+
+ /*
+ * Because the firmware has the sole control over any frames
+ * in the P54_QUEUE_BEACON or P54_QUEUE_SCAN queues, they
+ * don't really count as pending or active.
+ */
+ for (i = P54_QUEUE_MGMT; i < P54_QUEUE_NUM; i++)
+ total += priv->tx_stats[i].len;
+ return total;
+}
+
+static void p54_flush(struct ieee80211_hw *dev, struct ieee80211_vif *vif,
+ u32 queues, bool drop)
+{
+ struct p54_common *priv = dev->priv;
+ unsigned int total, i;
+
+ /*
+ * Currently, it wouldn't really matter if we wait for one second
+ * or 15 minutes. But once someone gets around and completes the
+ * TODOs [ancel stuck frames / reset device] in p54_work, it will
+ * suddenly make sense to wait that long.
+ */
+ i = P54_STATISTICS_UPDATE * 2 / 20;
+
+ /*
+ * In this case no locking is required because as we speak the
+ * queues have already been stopped and no new frames can sneak
+ * up from behind.
+ */
+ while ((total = p54_flush_count(priv)) && i--) {
+ /* waste time */
+ msleep(20);
+ }
+
+ WARN(total, "tx flush timeout, unresponsive firmware");
+}
+
+static void p54_set_coverage_class(struct ieee80211_hw *dev,
+ s16 coverage_class)
+{
+ struct p54_common *priv = dev->priv;
+
+ mutex_lock(&priv->conf_mutex);
+ /* support all coverage class values as in 802.11-2007 Table 7-27 */
+ priv->coverage_class = clamp_t(u8, coverage_class, 0, 31);
+ p54_set_edcf(priv);
+ mutex_unlock(&priv->conf_mutex);
+}
+
+static const struct ieee80211_ops p54_ops = {
+ .tx = p54_tx_80211,
+ .start = p54_start,
+ .stop = p54_stop,
+ .add_interface = p54_add_interface,
+ .remove_interface = p54_remove_interface,
+ .set_tim = p54_set_tim,
+ .sta_notify = p54_sta_notify,
+ .sta_add = p54_sta_add_remove,
+ .sta_remove = p54_sta_add_remove,
+ .set_key = p54_set_key,
+ .config = p54_config,
+ .flush = p54_flush,
+ .bss_info_changed = p54_bss_info_changed,
+ .prepare_multicast = p54_prepare_multicast,
+ .configure_filter = p54_configure_filter,
+ .conf_tx = p54_conf_tx,
+ .get_stats = p54_get_stats,
+ .get_survey = p54_get_survey,
+ .set_coverage_class = p54_set_coverage_class,
+};
+
+struct ieee80211_hw *p54_init_common(size_t priv_data_len)
+{
+ struct ieee80211_hw *dev;
+ struct p54_common *priv;
+
+ dev = ieee80211_alloc_hw(priv_data_len, &p54_ops);
+ if (!dev)
+ return NULL;
+
+ priv = dev->priv;
+ priv->hw = dev;
+ priv->mode = NL80211_IFTYPE_UNSPECIFIED;
+ priv->basic_rate_mask = 0x15f;
+ spin_lock_init(&priv->tx_stats_lock);
+ skb_queue_head_init(&priv->tx_queue);
+ skb_queue_head_init(&priv->tx_pending);
+ ieee80211_hw_set(dev, REPORTS_TX_ACK_STATUS);
+ ieee80211_hw_set(dev, MFP_CAPABLE);
+ ieee80211_hw_set(dev, PS_NULLFUNC_STACK);
+ ieee80211_hw_set(dev, SUPPORTS_PS);
+ ieee80211_hw_set(dev, RX_INCLUDES_FCS);
+ ieee80211_hw_set(dev, SIGNAL_DBM);
+
+ dev->wiphy->interface_modes = BIT(NL80211_IFTYPE_STATION) |
+ BIT(NL80211_IFTYPE_ADHOC) |
+ BIT(NL80211_IFTYPE_AP) |
+ BIT(NL80211_IFTYPE_MESH_POINT);
+
+ priv->beacon_req_id = cpu_to_le32(0);
+ priv->tx_stats[P54_QUEUE_BEACON].limit = 1;
+ priv->tx_stats[P54_QUEUE_FWSCAN].limit = 1;
+ priv->tx_stats[P54_QUEUE_MGMT].limit = 3;
+ priv->tx_stats[P54_QUEUE_CAB].limit = 3;
+ priv->tx_stats[P54_QUEUE_DATA].limit = 5;
+ dev->queues = 1;
+ priv->noise = -94;
+ /*
+ * We support at most 8 tries no matter which rate they're at,
+ * we cannot support max_rates * max_rate_tries as we set it
+ * here, but setting it correctly to 4/2 or so would limit us
+ * artificially if the RC algorithm wants just two rates, so
+ * let's say 4/7, we'll redistribute it at TX time, see the
+ * comments there.
+ */
+ dev->max_rates = 4;
+ dev->max_rate_tries = 7;
+ dev->extra_tx_headroom = sizeof(struct p54_hdr) + 4 +
+ sizeof(struct p54_tx_data);
+
+ /*
+ * For now, disable PS by default because it affects
+ * link stability significantly.
+ */
+ dev->wiphy->flags &= ~WIPHY_FLAG_PS_ON_BY_DEFAULT;
+
+ mutex_init(&priv->conf_mutex);
+ mutex_init(&priv->eeprom_mutex);
+ init_completion(&priv->stat_comp);
+ init_completion(&priv->eeprom_comp);
+ init_completion(&priv->beacon_comp);
+ INIT_DELAYED_WORK(&priv->work, p54_work);
+
+ eth_broadcast_addr(priv->mc_maclist[0]);
+ priv->curchan = NULL;
+ p54_reset_stats(priv);
+ return dev;
+}
+EXPORT_SYMBOL_GPL(p54_init_common);
+
+int p54_register_common(struct ieee80211_hw *dev, struct device *pdev)
+{
+ struct p54_common __maybe_unused *priv = dev->priv;
+ int err;
+
+ err = ieee80211_register_hw(dev);
+ if (err) {
+ dev_err(pdev, "Cannot register device (%d).\n", err);
+ return err;
+ }
+ priv->registered = true;
+
+#ifdef CONFIG_P54_LEDS
+ err = p54_init_leds(priv);
+ if (err) {
+ p54_unregister_common(dev);
+ return err;
+ }
+#endif /* CONFIG_P54_LEDS */
+
+ dev_info(pdev, "is registered as '%s'\n", wiphy_name(dev->wiphy));
+ return 0;
+}
+EXPORT_SYMBOL_GPL(p54_register_common);
+
+void p54_free_common(struct ieee80211_hw *dev)
+{
+ struct p54_common *priv = dev->priv;
+ unsigned int i;
+
+ for (i = 0; i < NUM_NL80211_BANDS; i++)
+ kfree(priv->band_table[i]);
+
+ kfree(priv->iq_autocal);
+ kfree(priv->output_limit);
+ kfree(priv->curve_data);
+ kfree(priv->rssi_db);
+ bitmap_free(priv->used_rxkeys);
+ kfree(priv->survey);
+ priv->iq_autocal = NULL;
+ priv->output_limit = NULL;
+ priv->curve_data = NULL;
+ priv->rssi_db = NULL;
+ priv->used_rxkeys = NULL;
+ priv->survey = NULL;
+ ieee80211_free_hw(dev);
+}
+EXPORT_SYMBOL_GPL(p54_free_common);
+
+void p54_unregister_common(struct ieee80211_hw *dev)
+{
+ struct p54_common *priv = dev->priv;
+
+ if (priv->registered) {
+ priv->registered = false;
+#ifdef CONFIG_P54_LEDS
+ p54_unregister_leds(priv);
+#endif /* CONFIG_P54_LEDS */
+ ieee80211_unregister_hw(dev);
+ }
+
+ mutex_destroy(&priv->conf_mutex);
+ mutex_destroy(&priv->eeprom_mutex);
+}
+EXPORT_SYMBOL_GPL(p54_unregister_common);
diff --git a/drivers/net/wireless/intersil/p54/p54.h b/drivers/net/wireless/intersil/p54/p54.h
new file mode 100644
index 000000000..3356ea708
--- /dev/null
+++ b/drivers/net/wireless/intersil/p54/p54.h
@@ -0,0 +1,278 @@
+/* SPDX-License-Identifier: GPL-2.0-only */
+/*
+ * Shared defines for all mac80211 Prism54 code
+ *
+ * Copyright (c) 2006, Michael Wu <flamingice@sourmilk.net>
+ *
+ * Based on the islsm (softmac prism54) driver, which is:
+ * Copyright 2004-2006 Jean-Baptiste Note <jbnote@gmail.com>, et al.
+ */
+
+#ifndef P54_H
+#define P54_H
+
+#ifdef CONFIG_P54_LEDS
+#include <linux/leds.h>
+#endif /* CONFIG_P54_LEDS */
+
+#define ISL38XX_DEV_FIRMWARE_ADDR 0x20000
+
+#define BR_CODE_MIN 0x80000000
+#define BR_CODE_COMPONENT_ID 0x80000001
+#define BR_CODE_COMPONENT_VERSION 0x80000002
+#define BR_CODE_DEPENDENT_IF 0x80000003
+#define BR_CODE_EXPOSED_IF 0x80000004
+#define BR_CODE_DESCR 0x80000101
+#define BR_CODE_MAX 0x8FFFFFFF
+#define BR_CODE_END_OF_BRA 0xFF0000FF
+#define LEGACY_BR_CODE_END_OF_BRA 0xFFFFFFFF
+
+struct bootrec {
+ __le32 code;
+ __le32 len;
+ u32 data[10];
+} __packed;
+
+/* Interface role definitions */
+#define BR_INTERFACE_ROLE_SERVER 0x0000
+#define BR_INTERFACE_ROLE_CLIENT 0x8000
+
+#define BR_DESC_PRIV_CAP_WEP BIT(0)
+#define BR_DESC_PRIV_CAP_TKIP BIT(1)
+#define BR_DESC_PRIV_CAP_MICHAEL BIT(2)
+#define BR_DESC_PRIV_CAP_CCX_CP BIT(3)
+#define BR_DESC_PRIV_CAP_CCX_MIC BIT(4)
+#define BR_DESC_PRIV_CAP_AESCCMP BIT(5)
+
+struct bootrec_desc {
+ __le16 modes;
+ __le16 flags;
+ __le32 rx_start;
+ __le32 rx_end;
+ u8 headroom;
+ u8 tailroom;
+ u8 tx_queues;
+ u8 tx_depth;
+ u8 privacy_caps;
+ u8 rx_keycache_size;
+ u8 time_size;
+ u8 padding;
+ u8 rates[16];
+ u8 padding2[4];
+ __le16 rx_mtu;
+} __packed;
+
+#define FW_FMAC 0x464d4143
+#define FW_LM86 0x4c4d3836
+#define FW_LM87 0x4c4d3837
+#define FW_LM20 0x4c4d3230
+
+struct bootrec_comp_id {
+ __le32 fw_variant;
+} __packed;
+
+struct bootrec_comp_ver {
+ char fw_version[24];
+} __packed;
+
+struct bootrec_end {
+ __le16 crc;
+ u8 padding[2];
+ u8 md5[16];
+} __packed;
+
+/* provide 16 bytes for the transport back-end */
+#define P54_TX_INFO_DATA_SIZE 16
+
+/* stored in ieee80211_tx_info's rate_driver_data */
+struct p54_tx_info {
+ u32 start_addr;
+ u32 end_addr;
+ union {
+ void *data[P54_TX_INFO_DATA_SIZE / sizeof(void *)];
+ struct {
+ u32 extra_len;
+ };
+ };
+};
+
+#define P54_MAX_CTRL_FRAME_LEN 0x1000
+
+#define P54_SET_QUEUE(queue, ai_fs, cw_min, cw_max, _txop) \
+do { \
+ queue.aifs = cpu_to_le16(ai_fs); \
+ queue.cwmin = cpu_to_le16(cw_min); \
+ queue.cwmax = cpu_to_le16(cw_max); \
+ queue.txop = cpu_to_le16(_txop); \
+} while (0)
+
+struct p54_edcf_queue_param {
+ __le16 aifs;
+ __le16 cwmin;
+ __le16 cwmax;
+ __le16 txop;
+} __packed;
+
+struct p54_rssi_db_entry {
+ u16 freq;
+ s16 mul;
+ s16 add;
+ s16 longbow_unkn;
+ s16 longbow_unk2;
+};
+
+struct p54_cal_database {
+ size_t entries;
+ size_t entry_size;
+ size_t offset;
+ size_t len;
+ u8 data[];
+};
+
+#define EEPROM_READBACK_LEN 0x3fc
+
+enum fw_state {
+ FW_STATE_OFF,
+ FW_STATE_BOOTING,
+ FW_STATE_READY,
+ FW_STATE_RESET,
+ FW_STATE_RESETTING,
+};
+
+#ifdef CONFIG_P54_LEDS
+
+#define P54_LED_MAX_NAME_LEN 31
+
+struct p54_led_dev {
+ struct ieee80211_hw *hw_dev;
+ struct led_classdev led_dev;
+ char name[P54_LED_MAX_NAME_LEN + 1];
+
+ unsigned int toggled;
+ unsigned int index;
+ unsigned int registered;
+};
+
+#endif /* CONFIG_P54_LEDS */
+
+struct p54_tx_queue_stats {
+ unsigned int len;
+ unsigned int limit;
+ unsigned int count;
+};
+
+struct p54_common {
+ struct ieee80211_hw *hw;
+ struct ieee80211_vif *vif;
+ void (*tx)(struct ieee80211_hw *dev, struct sk_buff *skb);
+ int (*open)(struct ieee80211_hw *dev);
+ void (*stop)(struct ieee80211_hw *dev);
+ struct sk_buff_head tx_pending;
+ struct sk_buff_head tx_queue;
+ struct mutex conf_mutex;
+ bool registered;
+
+ /* memory management (as seen by the firmware) */
+ u32 rx_start;
+ u32 rx_end;
+ u16 rx_mtu;
+ u8 headroom;
+ u8 tailroom;
+
+ /* firmware/hardware info */
+ unsigned int tx_hdr_len;
+ unsigned int fw_var;
+ unsigned int fw_interface;
+ u8 version;
+
+ /* (e)DCF / QOS state */
+ bool use_short_slot;
+ spinlock_t tx_stats_lock;
+ struct p54_tx_queue_stats tx_stats[8];
+ struct p54_edcf_queue_param qos_params[8];
+
+ /* Radio data */
+ u16 rxhw;
+ u8 rx_diversity_mask;
+ u8 tx_diversity_mask;
+ unsigned int output_power;
+ struct p54_rssi_db_entry *cur_rssi;
+ struct ieee80211_channel *curchan;
+ struct survey_info *survey;
+ unsigned int chan_num;
+ struct completion stat_comp;
+ bool update_stats;
+ struct {
+ unsigned int timestamp;
+ unsigned int cached_cca;
+ unsigned int cached_tx;
+ unsigned int cached_rssi;
+ u64 active;
+ u64 cca;
+ u64 tx;
+ u64 rssi;
+ } survey_raw;
+
+ int noise;
+ /* calibration, output power limit and rssi<->dBm conversation data */
+ struct pda_iq_autocal_entry *iq_autocal;
+ unsigned int iq_autocal_len;
+ struct p54_cal_database *curve_data;
+ struct p54_cal_database *output_limit;
+ struct p54_cal_database *rssi_db;
+ struct ieee80211_supported_band *band_table[NUM_NL80211_BANDS];
+
+ /* BBP/MAC state */
+ u8 mac_addr[ETH_ALEN];
+ u8 bssid[ETH_ALEN];
+ u8 mc_maclist[4][ETH_ALEN];
+ u16 wakeup_timer;
+ unsigned int filter_flags;
+ int mc_maclist_num;
+ int mode;
+ u32 tsf_low32, tsf_high32;
+ u32 basic_rate_mask;
+ u16 aid;
+ u8 coverage_class;
+ bool phy_idle;
+ bool phy_ps;
+ bool powersave_override;
+ __le32 beacon_req_id;
+ struct completion beacon_comp;
+
+ /* cryptographic engine information */
+ u8 privacy_caps;
+ u8 rx_keycache_size;
+ unsigned long *used_rxkeys;
+
+ /* LED management */
+#ifdef CONFIG_P54_LEDS
+ struct p54_led_dev leds[4];
+ struct delayed_work led_work;
+#endif /* CONFIG_P54_LEDS */
+ u16 softled_state; /* bit field of glowing LEDs */
+
+ /* statistics */
+ struct ieee80211_low_level_stats stats;
+ struct delayed_work work;
+
+ /* eeprom handling */
+ void *eeprom;
+ struct completion eeprom_comp;
+ struct mutex eeprom_mutex;
+};
+
+/* interfaces for the drivers */
+int p54_rx(struct ieee80211_hw *dev, struct sk_buff *skb);
+void p54_free_skb(struct ieee80211_hw *dev, struct sk_buff *skb);
+int p54_parse_firmware(struct ieee80211_hw *dev, const struct firmware *fw);
+int p54_parse_eeprom(struct ieee80211_hw *dev, void *eeprom, int len);
+int p54_read_eeprom(struct ieee80211_hw *dev);
+
+struct ieee80211_hw *p54_init_common(size_t priv_data_len);
+int p54_register_common(struct ieee80211_hw *dev, struct device *pdev);
+void p54_free_common(struct ieee80211_hw *dev);
+
+void p54_unregister_common(struct ieee80211_hw *dev);
+
+#endif /* P54_H */
diff --git a/drivers/net/wireless/intersil/p54/p54pci.c b/drivers/net/wireless/intersil/p54/p54pci.c
new file mode 100644
index 000000000..e97ee547b
--- /dev/null
+++ b/drivers/net/wireless/intersil/p54/p54pci.c
@@ -0,0 +1,708 @@
+// SPDX-License-Identifier: GPL-2.0-only
+
+/*
+ * Linux device driver for PCI based Prism54
+ *
+ * Copyright (c) 2006, Michael Wu <flamingice@sourmilk.net>
+ * Copyright (c) 2008, Christian Lamparter <chunkeey@web.de>
+ *
+ * Based on the islsm (softmac prism54) driver, which is:
+ * Copyright 2004-2006 Jean-Baptiste Note <jean-baptiste.note@m4x.org>, et al.
+ */
+
+#include <linux/pci.h>
+#include <linux/slab.h>
+#include <linux/firmware.h>
+#include <linux/etherdevice.h>
+#include <linux/delay.h>
+#include <linux/completion.h>
+#include <linux/module.h>
+#include <net/mac80211.h>
+
+#include "p54.h"
+#include "lmac.h"
+#include "p54pci.h"
+
+MODULE_AUTHOR("Michael Wu <flamingice@sourmilk.net>");
+MODULE_DESCRIPTION("Prism54 PCI wireless driver");
+MODULE_LICENSE("GPL");
+MODULE_ALIAS("prism54pci");
+MODULE_FIRMWARE("isl3886pci");
+
+static const struct pci_device_id p54p_table[] = {
+ /* Intersil PRISM Duette/Prism GT Wireless LAN adapter */
+ { PCI_DEVICE(0x1260, 0x3890) },
+ /* 3COM 3CRWE154G72 Wireless LAN adapter */
+ { PCI_DEVICE(0x10b7, 0x6001) },
+ /* Intersil PRISM Indigo Wireless LAN adapter */
+ { PCI_DEVICE(0x1260, 0x3877) },
+ /* Intersil PRISM Javelin/Xbow Wireless LAN adapter */
+ { PCI_DEVICE(0x1260, 0x3886) },
+ /* Intersil PRISM Xbow Wireless LAN adapter (Symbol AP-300) */
+ { PCI_DEVICE(0x1260, 0xffff) },
+ { },
+};
+
+MODULE_DEVICE_TABLE(pci, p54p_table);
+
+static int p54p_upload_firmware(struct ieee80211_hw *dev)
+{
+ struct p54p_priv *priv = dev->priv;
+ __le32 reg;
+ int err;
+ __le32 *data;
+ u32 remains, left, device_addr;
+
+ P54P_WRITE(int_enable, cpu_to_le32(0));
+ P54P_READ(int_enable);
+ udelay(10);
+
+ reg = P54P_READ(ctrl_stat);
+ reg &= cpu_to_le32(~ISL38XX_CTRL_STAT_RESET);
+ reg &= cpu_to_le32(~ISL38XX_CTRL_STAT_RAMBOOT);
+ P54P_WRITE(ctrl_stat, reg);
+ P54P_READ(ctrl_stat);
+ udelay(10);
+
+ reg |= cpu_to_le32(ISL38XX_CTRL_STAT_RESET);
+ P54P_WRITE(ctrl_stat, reg);
+ wmb();
+ udelay(10);
+
+ reg &= cpu_to_le32(~ISL38XX_CTRL_STAT_RESET);
+ P54P_WRITE(ctrl_stat, reg);
+ wmb();
+
+ /* wait for the firmware to reset properly */
+ mdelay(10);
+
+ err = p54_parse_firmware(dev, priv->firmware);
+ if (err)
+ return err;
+
+ if (priv->common.fw_interface != FW_LM86) {
+ dev_err(&priv->pdev->dev, "wrong firmware, "
+ "please get a LM86(PCI) firmware a try again.\n");
+ return -EINVAL;
+ }
+
+ data = (__le32 *) priv->firmware->data;
+ remains = priv->firmware->size;
+ device_addr = ISL38XX_DEV_FIRMWARE_ADDR;
+ while (remains) {
+ u32 i = 0;
+ left = min((u32)0x1000, remains);
+ P54P_WRITE(direct_mem_base, cpu_to_le32(device_addr));
+ P54P_READ(int_enable);
+
+ device_addr += 0x1000;
+ while (i < left) {
+ P54P_WRITE(direct_mem_win[i], *data++);
+ i += sizeof(u32);
+ }
+
+ remains -= left;
+ P54P_READ(int_enable);
+ }
+
+ reg = P54P_READ(ctrl_stat);
+ reg &= cpu_to_le32(~ISL38XX_CTRL_STAT_CLKRUN);
+ reg &= cpu_to_le32(~ISL38XX_CTRL_STAT_RESET);
+ reg |= cpu_to_le32(ISL38XX_CTRL_STAT_RAMBOOT);
+ P54P_WRITE(ctrl_stat, reg);
+ P54P_READ(ctrl_stat);
+ udelay(10);
+
+ reg |= cpu_to_le32(ISL38XX_CTRL_STAT_RESET);
+ P54P_WRITE(ctrl_stat, reg);
+ wmb();
+ udelay(10);
+
+ reg &= cpu_to_le32(~ISL38XX_CTRL_STAT_RESET);
+ P54P_WRITE(ctrl_stat, reg);
+ wmb();
+ udelay(10);
+
+ /* wait for the firmware to boot properly */
+ mdelay(100);
+
+ return 0;
+}
+
+static void p54p_refill_rx_ring(struct ieee80211_hw *dev,
+ int ring_index, struct p54p_desc *ring, u32 ring_limit,
+ struct sk_buff **rx_buf, u32 index)
+{
+ struct p54p_priv *priv = dev->priv;
+ struct p54p_ring_control *ring_control = priv->ring_control;
+ u32 limit, idx, i;
+
+ idx = le32_to_cpu(ring_control->host_idx[ring_index]);
+ limit = idx;
+ limit -= index;
+ limit = ring_limit - limit;
+
+ i = idx % ring_limit;
+ while (limit-- > 1) {
+ struct p54p_desc *desc = &ring[i];
+
+ if (!desc->host_addr) {
+ struct sk_buff *skb;
+ dma_addr_t mapping;
+ skb = dev_alloc_skb(priv->common.rx_mtu + 32);
+ if (!skb)
+ break;
+
+ mapping = dma_map_single(&priv->pdev->dev,
+ skb_tail_pointer(skb),
+ priv->common.rx_mtu + 32,
+ DMA_FROM_DEVICE);
+
+ if (dma_mapping_error(&priv->pdev->dev, mapping)) {
+ dev_kfree_skb_any(skb);
+ dev_err(&priv->pdev->dev,
+ "RX DMA Mapping error\n");
+ break;
+ }
+
+ desc->host_addr = cpu_to_le32(mapping);
+ desc->device_addr = 0; // FIXME: necessary?
+ desc->len = cpu_to_le16(priv->common.rx_mtu + 32);
+ desc->flags = 0;
+ rx_buf[i] = skb;
+ }
+
+ i++;
+ idx++;
+ i %= ring_limit;
+ }
+
+ wmb();
+ ring_control->host_idx[ring_index] = cpu_to_le32(idx);
+}
+
+static void p54p_check_rx_ring(struct ieee80211_hw *dev, u32 *index,
+ int ring_index, struct p54p_desc *ring, u32 ring_limit,
+ struct sk_buff **rx_buf)
+{
+ struct p54p_priv *priv = dev->priv;
+ struct p54p_ring_control *ring_control = priv->ring_control;
+ struct p54p_desc *desc;
+ u32 idx, i;
+
+ i = (*index) % ring_limit;
+ (*index) = idx = le32_to_cpu(ring_control->device_idx[ring_index]);
+ idx %= ring_limit;
+ while (i != idx) {
+ u16 len;
+ struct sk_buff *skb;
+ dma_addr_t dma_addr;
+ desc = &ring[i];
+ len = le16_to_cpu(desc->len);
+ skb = rx_buf[i];
+
+ if (!skb) {
+ i++;
+ i %= ring_limit;
+ continue;
+ }
+
+ if (unlikely(len > priv->common.rx_mtu)) {
+ if (net_ratelimit())
+ dev_err(&priv->pdev->dev, "rx'd frame size "
+ "exceeds length threshold.\n");
+
+ len = priv->common.rx_mtu;
+ }
+ dma_addr = le32_to_cpu(desc->host_addr);
+ dma_sync_single_for_cpu(&priv->pdev->dev, dma_addr,
+ priv->common.rx_mtu + 32,
+ DMA_FROM_DEVICE);
+ skb_put(skb, len);
+
+ if (p54_rx(dev, skb)) {
+ dma_unmap_single(&priv->pdev->dev, dma_addr,
+ priv->common.rx_mtu + 32,
+ DMA_FROM_DEVICE);
+ rx_buf[i] = NULL;
+ desc->host_addr = cpu_to_le32(0);
+ } else {
+ skb_trim(skb, 0);
+ dma_sync_single_for_device(&priv->pdev->dev, dma_addr,
+ priv->common.rx_mtu + 32,
+ DMA_FROM_DEVICE);
+ desc->len = cpu_to_le16(priv->common.rx_mtu + 32);
+ }
+
+ i++;
+ i %= ring_limit;
+ }
+
+ p54p_refill_rx_ring(dev, ring_index, ring, ring_limit, rx_buf, *index);
+}
+
+static void p54p_check_tx_ring(struct ieee80211_hw *dev, u32 *index,
+ int ring_index, struct p54p_desc *ring, u32 ring_limit,
+ struct sk_buff **tx_buf)
+{
+ struct p54p_priv *priv = dev->priv;
+ struct p54p_ring_control *ring_control = priv->ring_control;
+ struct p54p_desc *desc;
+ struct sk_buff *skb;
+ u32 idx, i;
+
+ i = (*index) % ring_limit;
+ (*index) = idx = le32_to_cpu(ring_control->device_idx[ring_index]);
+ idx %= ring_limit;
+
+ while (i != idx) {
+ desc = &ring[i];
+
+ skb = tx_buf[i];
+ tx_buf[i] = NULL;
+
+ dma_unmap_single(&priv->pdev->dev,
+ le32_to_cpu(desc->host_addr),
+ le16_to_cpu(desc->len), DMA_TO_DEVICE);
+
+ desc->host_addr = 0;
+ desc->device_addr = 0;
+ desc->len = 0;
+ desc->flags = 0;
+
+ if (skb && FREE_AFTER_TX(skb))
+ p54_free_skb(dev, skb);
+
+ i++;
+ i %= ring_limit;
+ }
+}
+
+static void p54p_tasklet(struct tasklet_struct *t)
+{
+ struct p54p_priv *priv = from_tasklet(priv, t, tasklet);
+ struct ieee80211_hw *dev = pci_get_drvdata(priv->pdev);
+ struct p54p_ring_control *ring_control = priv->ring_control;
+
+ p54p_check_tx_ring(dev, &priv->tx_idx_mgmt, 3, ring_control->tx_mgmt,
+ ARRAY_SIZE(ring_control->tx_mgmt),
+ priv->tx_buf_mgmt);
+
+ p54p_check_tx_ring(dev, &priv->tx_idx_data, 1, ring_control->tx_data,
+ ARRAY_SIZE(ring_control->tx_data),
+ priv->tx_buf_data);
+
+ p54p_check_rx_ring(dev, &priv->rx_idx_mgmt, 2, ring_control->rx_mgmt,
+ ARRAY_SIZE(ring_control->rx_mgmt), priv->rx_buf_mgmt);
+
+ p54p_check_rx_ring(dev, &priv->rx_idx_data, 0, ring_control->rx_data,
+ ARRAY_SIZE(ring_control->rx_data), priv->rx_buf_data);
+
+ wmb();
+ P54P_WRITE(dev_int, cpu_to_le32(ISL38XX_DEV_INT_UPDATE));
+}
+
+static irqreturn_t p54p_interrupt(int irq, void *dev_id)
+{
+ struct ieee80211_hw *dev = dev_id;
+ struct p54p_priv *priv = dev->priv;
+ __le32 reg;
+
+ reg = P54P_READ(int_ident);
+ if (unlikely(reg == cpu_to_le32(0xFFFFFFFF))) {
+ goto out;
+ }
+ P54P_WRITE(int_ack, reg);
+
+ reg &= P54P_READ(int_enable);
+
+ if (reg & cpu_to_le32(ISL38XX_INT_IDENT_UPDATE))
+ tasklet_schedule(&priv->tasklet);
+ else if (reg & cpu_to_le32(ISL38XX_INT_IDENT_INIT))
+ complete(&priv->boot_comp);
+
+out:
+ return reg ? IRQ_HANDLED : IRQ_NONE;
+}
+
+static void p54p_tx(struct ieee80211_hw *dev, struct sk_buff *skb)
+{
+ unsigned long flags;
+ struct p54p_priv *priv = dev->priv;
+ struct p54p_ring_control *ring_control = priv->ring_control;
+ struct p54p_desc *desc;
+ dma_addr_t mapping;
+ u32 idx, i;
+ __le32 device_addr;
+
+ spin_lock_irqsave(&priv->lock, flags);
+ idx = le32_to_cpu(ring_control->host_idx[1]);
+ i = idx % ARRAY_SIZE(ring_control->tx_data);
+ device_addr = ((struct p54_hdr *)skb->data)->req_id;
+
+ mapping = dma_map_single(&priv->pdev->dev, skb->data, skb->len,
+ DMA_TO_DEVICE);
+ if (dma_mapping_error(&priv->pdev->dev, mapping)) {
+ spin_unlock_irqrestore(&priv->lock, flags);
+ p54_free_skb(dev, skb);
+ dev_err(&priv->pdev->dev, "TX DMA mapping error\n");
+ return ;
+ }
+ priv->tx_buf_data[i] = skb;
+
+ desc = &ring_control->tx_data[i];
+ desc->host_addr = cpu_to_le32(mapping);
+ desc->device_addr = device_addr;
+ desc->len = cpu_to_le16(skb->len);
+ desc->flags = 0;
+
+ wmb();
+ ring_control->host_idx[1] = cpu_to_le32(idx + 1);
+ spin_unlock_irqrestore(&priv->lock, flags);
+
+ P54P_WRITE(dev_int, cpu_to_le32(ISL38XX_DEV_INT_UPDATE));
+ P54P_READ(dev_int);
+}
+
+static void p54p_stop(struct ieee80211_hw *dev)
+{
+ struct p54p_priv *priv = dev->priv;
+ struct p54p_ring_control *ring_control = priv->ring_control;
+ unsigned int i;
+ struct p54p_desc *desc;
+
+ P54P_WRITE(int_enable, cpu_to_le32(0));
+ P54P_READ(int_enable);
+ udelay(10);
+
+ free_irq(priv->pdev->irq, dev);
+
+ tasklet_kill(&priv->tasklet);
+
+ P54P_WRITE(dev_int, cpu_to_le32(ISL38XX_DEV_INT_RESET));
+
+ for (i = 0; i < ARRAY_SIZE(priv->rx_buf_data); i++) {
+ desc = &ring_control->rx_data[i];
+ if (desc->host_addr)
+ dma_unmap_single(&priv->pdev->dev,
+ le32_to_cpu(desc->host_addr),
+ priv->common.rx_mtu + 32,
+ DMA_FROM_DEVICE);
+ kfree_skb(priv->rx_buf_data[i]);
+ priv->rx_buf_data[i] = NULL;
+ }
+
+ for (i = 0; i < ARRAY_SIZE(priv->rx_buf_mgmt); i++) {
+ desc = &ring_control->rx_mgmt[i];
+ if (desc->host_addr)
+ dma_unmap_single(&priv->pdev->dev,
+ le32_to_cpu(desc->host_addr),
+ priv->common.rx_mtu + 32,
+ DMA_FROM_DEVICE);
+ kfree_skb(priv->rx_buf_mgmt[i]);
+ priv->rx_buf_mgmt[i] = NULL;
+ }
+
+ for (i = 0; i < ARRAY_SIZE(priv->tx_buf_data); i++) {
+ desc = &ring_control->tx_data[i];
+ if (desc->host_addr)
+ dma_unmap_single(&priv->pdev->dev,
+ le32_to_cpu(desc->host_addr),
+ le16_to_cpu(desc->len),
+ DMA_TO_DEVICE);
+
+ p54_free_skb(dev, priv->tx_buf_data[i]);
+ priv->tx_buf_data[i] = NULL;
+ }
+
+ for (i = 0; i < ARRAY_SIZE(priv->tx_buf_mgmt); i++) {
+ desc = &ring_control->tx_mgmt[i];
+ if (desc->host_addr)
+ dma_unmap_single(&priv->pdev->dev,
+ le32_to_cpu(desc->host_addr),
+ le16_to_cpu(desc->len),
+ DMA_TO_DEVICE);
+
+ p54_free_skb(dev, priv->tx_buf_mgmt[i]);
+ priv->tx_buf_mgmt[i] = NULL;
+ }
+
+ memset(ring_control, 0, sizeof(*ring_control));
+}
+
+static int p54p_open(struct ieee80211_hw *dev)
+{
+ struct p54p_priv *priv = dev->priv;
+ int err;
+ long timeout;
+
+ init_completion(&priv->boot_comp);
+ err = request_irq(priv->pdev->irq, p54p_interrupt,
+ IRQF_SHARED, "p54pci", dev);
+ if (err) {
+ dev_err(&priv->pdev->dev, "failed to register IRQ handler\n");
+ return err;
+ }
+
+ memset(priv->ring_control, 0, sizeof(*priv->ring_control));
+ err = p54p_upload_firmware(dev);
+ if (err) {
+ free_irq(priv->pdev->irq, dev);
+ return err;
+ }
+ priv->rx_idx_data = priv->tx_idx_data = 0;
+ priv->rx_idx_mgmt = priv->tx_idx_mgmt = 0;
+
+ p54p_refill_rx_ring(dev, 0, priv->ring_control->rx_data,
+ ARRAY_SIZE(priv->ring_control->rx_data), priv->rx_buf_data, 0);
+
+ p54p_refill_rx_ring(dev, 2, priv->ring_control->rx_mgmt,
+ ARRAY_SIZE(priv->ring_control->rx_mgmt), priv->rx_buf_mgmt, 0);
+
+ P54P_WRITE(ring_control_base, cpu_to_le32(priv->ring_control_dma));
+ P54P_READ(ring_control_base);
+ wmb();
+ udelay(10);
+
+ P54P_WRITE(int_enable, cpu_to_le32(ISL38XX_INT_IDENT_INIT));
+ P54P_READ(int_enable);
+ wmb();
+ udelay(10);
+
+ P54P_WRITE(dev_int, cpu_to_le32(ISL38XX_DEV_INT_RESET));
+ P54P_READ(dev_int);
+
+ timeout = wait_for_completion_interruptible_timeout(
+ &priv->boot_comp, HZ);
+ if (timeout <= 0) {
+ wiphy_err(dev->wiphy, "Cannot boot firmware!\n");
+ p54p_stop(dev);
+ return timeout ? -ERESTARTSYS : -ETIMEDOUT;
+ }
+
+ P54P_WRITE(int_enable, cpu_to_le32(ISL38XX_INT_IDENT_UPDATE));
+ P54P_READ(int_enable);
+ wmb();
+ udelay(10);
+
+ P54P_WRITE(dev_int, cpu_to_le32(ISL38XX_DEV_INT_UPDATE));
+ P54P_READ(dev_int);
+ wmb();
+ udelay(10);
+
+ return 0;
+}
+
+static void p54p_firmware_step2(const struct firmware *fw,
+ void *context)
+{
+ struct p54p_priv *priv = context;
+ struct ieee80211_hw *dev = priv->common.hw;
+ struct pci_dev *pdev = priv->pdev;
+ int err;
+
+ if (!fw) {
+ dev_err(&pdev->dev, "Cannot find firmware (isl3886pci)\n");
+ err = -ENOENT;
+ goto out;
+ }
+
+ priv->firmware = fw;
+
+ err = p54p_open(dev);
+ if (err)
+ goto out;
+ err = p54_read_eeprom(dev);
+ p54p_stop(dev);
+ if (err)
+ goto out;
+
+ err = p54_register_common(dev, &pdev->dev);
+ if (err)
+ goto out;
+
+out:
+
+ complete(&priv->fw_loaded);
+
+ if (err) {
+ struct device *parent = pdev->dev.parent;
+
+ if (parent)
+ device_lock(parent);
+
+ /*
+ * This will indirectly result in a call to p54p_remove.
+ * Hence, we don't need to bother with freeing any
+ * allocated ressources at all.
+ */
+ device_release_driver(&pdev->dev);
+
+ if (parent)
+ device_unlock(parent);
+ }
+
+ pci_dev_put(pdev);
+}
+
+static int p54p_probe(struct pci_dev *pdev,
+ const struct pci_device_id *id)
+{
+ struct p54p_priv *priv;
+ struct ieee80211_hw *dev;
+ unsigned long mem_addr, mem_len;
+ int err;
+
+ pci_dev_get(pdev);
+ err = pci_enable_device(pdev);
+ if (err) {
+ dev_err(&pdev->dev, "Cannot enable new PCI device\n");
+ goto err_put;
+ }
+
+ mem_addr = pci_resource_start(pdev, 0);
+ mem_len = pci_resource_len(pdev, 0);
+ if (mem_len < sizeof(struct p54p_csr)) {
+ dev_err(&pdev->dev, "Too short PCI resources\n");
+ err = -ENODEV;
+ goto err_disable_dev;
+ }
+
+ err = pci_request_regions(pdev, "p54pci");
+ if (err) {
+ dev_err(&pdev->dev, "Cannot obtain PCI resources\n");
+ goto err_disable_dev;
+ }
+
+ err = dma_set_mask(&pdev->dev, DMA_BIT_MASK(32));
+ if (!err)
+ err = dma_set_coherent_mask(&pdev->dev, DMA_BIT_MASK(32));
+ if (err) {
+ dev_err(&pdev->dev, "No suitable DMA available\n");
+ goto err_free_reg;
+ }
+
+ pci_set_master(pdev);
+ pci_try_set_mwi(pdev);
+
+ pci_write_config_byte(pdev, 0x40, 0);
+ pci_write_config_byte(pdev, 0x41, 0);
+
+ dev = p54_init_common(sizeof(*priv));
+ if (!dev) {
+ dev_err(&pdev->dev, "ieee80211 alloc failed\n");
+ err = -ENOMEM;
+ goto err_free_reg;
+ }
+
+ priv = dev->priv;
+ priv->pdev = pdev;
+
+ init_completion(&priv->fw_loaded);
+ SET_IEEE80211_DEV(dev, &pdev->dev);
+ pci_set_drvdata(pdev, dev);
+
+ priv->map = ioremap(mem_addr, mem_len);
+ if (!priv->map) {
+ dev_err(&pdev->dev, "Cannot map device memory\n");
+ err = -ENOMEM;
+ goto err_free_dev;
+ }
+
+ priv->ring_control = dma_alloc_coherent(&pdev->dev,
+ sizeof(*priv->ring_control),
+ &priv->ring_control_dma, GFP_KERNEL);
+ if (!priv->ring_control) {
+ dev_err(&pdev->dev, "Cannot allocate rings\n");
+ err = -ENOMEM;
+ goto err_iounmap;
+ }
+ priv->common.open = p54p_open;
+ priv->common.stop = p54p_stop;
+ priv->common.tx = p54p_tx;
+
+ spin_lock_init(&priv->lock);
+ tasklet_setup(&priv->tasklet, p54p_tasklet);
+
+ err = request_firmware_nowait(THIS_MODULE, 1, "isl3886pci",
+ &priv->pdev->dev, GFP_KERNEL,
+ priv, p54p_firmware_step2);
+ if (!err)
+ return 0;
+
+ dma_free_coherent(&pdev->dev, sizeof(*priv->ring_control),
+ priv->ring_control, priv->ring_control_dma);
+
+ err_iounmap:
+ iounmap(priv->map);
+
+ err_free_dev:
+ p54_free_common(dev);
+
+ err_free_reg:
+ pci_release_regions(pdev);
+ err_disable_dev:
+ pci_disable_device(pdev);
+err_put:
+ pci_dev_put(pdev);
+ return err;
+}
+
+static void p54p_remove(struct pci_dev *pdev)
+{
+ struct ieee80211_hw *dev = pci_get_drvdata(pdev);
+ struct p54p_priv *priv;
+
+ if (!dev)
+ return;
+
+ priv = dev->priv;
+ wait_for_completion(&priv->fw_loaded);
+ p54_unregister_common(dev);
+ release_firmware(priv->firmware);
+ dma_free_coherent(&pdev->dev, sizeof(*priv->ring_control),
+ priv->ring_control, priv->ring_control_dma);
+ iounmap(priv->map);
+ pci_release_regions(pdev);
+ pci_disable_device(pdev);
+ p54_free_common(dev);
+}
+
+#ifdef CONFIG_PM_SLEEP
+static int p54p_suspend(struct device *device)
+{
+ struct pci_dev *pdev = to_pci_dev(device);
+
+ pci_save_state(pdev);
+ pci_set_power_state(pdev, PCI_D3hot);
+ pci_disable_device(pdev);
+ return 0;
+}
+
+static int p54p_resume(struct device *device)
+{
+ struct pci_dev *pdev = to_pci_dev(device);
+ int err;
+
+ err = pci_reenable_device(pdev);
+ if (err)
+ return err;
+ return pci_set_power_state(pdev, PCI_D0);
+}
+
+static SIMPLE_DEV_PM_OPS(p54pci_pm_ops, p54p_suspend, p54p_resume);
+
+#define P54P_PM_OPS (&p54pci_pm_ops)
+#else
+#define P54P_PM_OPS (NULL)
+#endif /* CONFIG_PM_SLEEP */
+
+static struct pci_driver p54p_driver = {
+ .name = "p54pci",
+ .id_table = p54p_table,
+ .probe = p54p_probe,
+ .remove = p54p_remove,
+ .driver.pm = P54P_PM_OPS,
+};
+
+module_pci_driver(p54p_driver);
diff --git a/drivers/net/wireless/intersil/p54/p54pci.h b/drivers/net/wireless/intersil/p54/p54pci.h
new file mode 100644
index 000000000..3867e5935
--- /dev/null
+++ b/drivers/net/wireless/intersil/p54/p54pci.h
@@ -0,0 +1,109 @@
+/* SPDX-License-Identifier: GPL-2.0-only */
+#ifndef P54PCI_H
+#define P54PCI_H
+#include <linux/interrupt.h>
+
+/*
+ * Defines for PCI based mac80211 Prism54 driver
+ *
+ * Copyright (c) 2006, Michael Wu <flamingice@sourmilk.net>
+ *
+ * Based on the islsm (softmac prism54) driver, which is:
+ * Copyright 2004-2006 Jean-Baptiste Note <jbnote@gmail.com>, et al.
+ */
+
+/* Device Interrupt register bits */
+#define ISL38XX_DEV_INT_RESET 0x0001
+#define ISL38XX_DEV_INT_UPDATE 0x0002
+#define ISL38XX_DEV_INT_WAKEUP 0x0008
+#define ISL38XX_DEV_INT_SLEEP 0x0010
+#define ISL38XX_DEV_INT_ABORT 0x0020
+/* these two only used in USB */
+#define ISL38XX_DEV_INT_DATA 0x0040
+#define ISL38XX_DEV_INT_MGMT 0x0080
+
+#define ISL38XX_DEV_INT_PCIUART_CTS 0x4000
+#define ISL38XX_DEV_INT_PCIUART_DR 0x8000
+
+/* Interrupt Identification/Acknowledge/Enable register bits */
+#define ISL38XX_INT_IDENT_UPDATE 0x0002
+#define ISL38XX_INT_IDENT_INIT 0x0004
+#define ISL38XX_INT_IDENT_WAKEUP 0x0008
+#define ISL38XX_INT_IDENT_SLEEP 0x0010
+#define ISL38XX_INT_IDENT_PCIUART_CTS 0x4000
+#define ISL38XX_INT_IDENT_PCIUART_DR 0x8000
+
+/* Control/Status register bits */
+#define ISL38XX_CTRL_STAT_SLEEPMODE 0x00000200
+#define ISL38XX_CTRL_STAT_CLKRUN 0x00800000
+#define ISL38XX_CTRL_STAT_RESET 0x10000000
+#define ISL38XX_CTRL_STAT_RAMBOOT 0x20000000
+#define ISL38XX_CTRL_STAT_STARTHALTED 0x40000000
+#define ISL38XX_CTRL_STAT_HOST_OVERRIDE 0x80000000
+
+struct p54p_csr {
+ __le32 dev_int;
+ u8 unused_1[12];
+ __le32 int_ident;
+ __le32 int_ack;
+ __le32 int_enable;
+ u8 unused_2[4];
+ union {
+ __le32 ring_control_base;
+ __le32 gen_purp_com[2];
+ };
+ u8 unused_3[8];
+ __le32 direct_mem_base;
+ u8 unused_4[44];
+ __le32 dma_addr;
+ __le32 dma_len;
+ __le32 dma_ctrl;
+ u8 unused_5[12];
+ __le32 ctrl_stat;
+ u8 unused_6[1924];
+ u8 cardbus_cis[0x800];
+ u8 direct_mem_win[0x1000];
+} __packed;
+
+/* usb backend only needs the register defines above */
+#ifndef P54USB_H
+struct p54p_desc {
+ __le32 host_addr;
+ __le32 device_addr;
+ __le16 len;
+ __le16 flags;
+} __packed;
+
+struct p54p_ring_control {
+ __le32 host_idx[4];
+ __le32 device_idx[4];
+ struct p54p_desc rx_data[8];
+ struct p54p_desc tx_data[32];
+ struct p54p_desc rx_mgmt[4];
+ struct p54p_desc tx_mgmt[4];
+} __packed;
+
+#define P54P_READ(r) (__force __le32)__raw_readl(&priv->map->r)
+#define P54P_WRITE(r, val) __raw_writel((__force u32)(__le32)(val), &priv->map->r)
+
+struct p54p_priv {
+ struct p54_common common;
+ struct pci_dev *pdev;
+ struct p54p_csr __iomem *map;
+ struct tasklet_struct tasklet;
+ const struct firmware *firmware;
+ spinlock_t lock;
+ struct p54p_ring_control *ring_control;
+ dma_addr_t ring_control_dma;
+ u32 rx_idx_data, tx_idx_data;
+ u32 rx_idx_mgmt, tx_idx_mgmt;
+ struct sk_buff *rx_buf_data[8];
+ struct sk_buff *rx_buf_mgmt[4];
+ struct sk_buff *tx_buf_data[32];
+ struct sk_buff *tx_buf_mgmt[4];
+ struct completion boot_comp;
+ struct completion fw_loaded;
+};
+
+#endif /* P54USB_H */
+#endif /* P54PCI_H */
diff --git a/drivers/net/wireless/intersil/p54/p54spi.c b/drivers/net/wireless/intersil/p54/p54spi.c
new file mode 100644
index 000000000..19152fd44
--- /dev/null
+++ b/drivers/net/wireless/intersil/p54/p54spi.c
@@ -0,0 +1,706 @@
+// SPDX-License-Identifier: GPL-2.0-only
+/*
+ * Copyright (C) 2008 Christian Lamparter <chunkeey@web.de>
+ * Copyright 2008 Johannes Berg <johannes@sipsolutions.net>
+ *
+ * This driver is a port from stlc45xx:
+ * Copyright (C) 2008 Nokia Corporation and/or its subsidiary(-ies).
+ */
+
+#include <linux/module.h>
+#include <linux/platform_device.h>
+#include <linux/interrupt.h>
+#include <linux/firmware.h>
+#include <linux/delay.h>
+#include <linux/irq.h>
+#include <linux/spi/spi.h>
+#include <linux/etherdevice.h>
+#include <linux/gpio.h>
+#include <linux/slab.h>
+
+#include "p54spi.h"
+#include "p54.h"
+
+#include "lmac.h"
+
+#ifdef CONFIG_P54_SPI_DEFAULT_EEPROM
+#include "p54spi_eeprom.h"
+#endif /* CONFIG_P54_SPI_DEFAULT_EEPROM */
+
+MODULE_FIRMWARE("3826.arm");
+
+/* gpios should be handled in board files and provided via platform data,
+ * but because it's currently impossible for p54spi to have a header file
+ * in include/linux, let's use module paramaters for now
+ */
+
+static int p54spi_gpio_power = 97;
+module_param(p54spi_gpio_power, int, 0444);
+MODULE_PARM_DESC(p54spi_gpio_power, "gpio number for power line");
+
+static int p54spi_gpio_irq = 87;
+module_param(p54spi_gpio_irq, int, 0444);
+MODULE_PARM_DESC(p54spi_gpio_irq, "gpio number for irq line");
+
+static void p54spi_spi_read(struct p54s_priv *priv, u8 address,
+ void *buf, size_t len)
+{
+ struct spi_transfer t[2];
+ struct spi_message m;
+ __le16 addr;
+
+ /* We first push the address */
+ addr = cpu_to_le16(address << 8 | SPI_ADRS_READ_BIT_15);
+
+ spi_message_init(&m);
+ memset(t, 0, sizeof(t));
+
+ t[0].tx_buf = &addr;
+ t[0].len = sizeof(addr);
+ spi_message_add_tail(&t[0], &m);
+
+ t[1].rx_buf = buf;
+ t[1].len = len;
+ spi_message_add_tail(&t[1], &m);
+
+ spi_sync(priv->spi, &m);
+}
+
+
+static void p54spi_spi_write(struct p54s_priv *priv, u8 address,
+ const void *buf, size_t len)
+{
+ struct spi_transfer t[3];
+ struct spi_message m;
+ __le16 addr;
+
+ /* We first push the address */
+ addr = cpu_to_le16(address << 8);
+
+ spi_message_init(&m);
+ memset(t, 0, sizeof(t));
+
+ t[0].tx_buf = &addr;
+ t[0].len = sizeof(addr);
+ spi_message_add_tail(&t[0], &m);
+
+ t[1].tx_buf = buf;
+ t[1].len = len & ~1;
+ spi_message_add_tail(&t[1], &m);
+
+ if (len % 2) {
+ __le16 last_word;
+ last_word = cpu_to_le16(((u8 *)buf)[len - 1]);
+
+ t[2].tx_buf = &last_word;
+ t[2].len = sizeof(last_word);
+ spi_message_add_tail(&t[2], &m);
+ }
+
+ spi_sync(priv->spi, &m);
+}
+
+static u32 p54spi_read32(struct p54s_priv *priv, u8 addr)
+{
+ __le32 val;
+
+ p54spi_spi_read(priv, addr, &val, sizeof(val));
+
+ return le32_to_cpu(val);
+}
+
+static inline void p54spi_write16(struct p54s_priv *priv, u8 addr, __le16 val)
+{
+ p54spi_spi_write(priv, addr, &val, sizeof(val));
+}
+
+static inline void p54spi_write32(struct p54s_priv *priv, u8 addr, __le32 val)
+{
+ p54spi_spi_write(priv, addr, &val, sizeof(val));
+}
+
+static int p54spi_wait_bit(struct p54s_priv *priv, u16 reg, u32 bits)
+{
+ int i;
+
+ for (i = 0; i < 2000; i++) {
+ u32 buffer = p54spi_read32(priv, reg);
+ if ((buffer & bits) == bits)
+ return 1;
+ }
+ return 0;
+}
+
+static int p54spi_spi_write_dma(struct p54s_priv *priv, __le32 base,
+ const void *buf, size_t len)
+{
+ if (!p54spi_wait_bit(priv, SPI_ADRS_DMA_WRITE_CTRL, HOST_ALLOWED)) {
+ dev_err(&priv->spi->dev, "spi_write_dma not allowed "
+ "to DMA write.\n");
+ return -EAGAIN;
+ }
+
+ p54spi_write16(priv, SPI_ADRS_DMA_WRITE_CTRL,
+ cpu_to_le16(SPI_DMA_WRITE_CTRL_ENABLE));
+
+ p54spi_write16(priv, SPI_ADRS_DMA_WRITE_LEN, cpu_to_le16(len));
+ p54spi_write32(priv, SPI_ADRS_DMA_WRITE_BASE, base);
+ p54spi_spi_write(priv, SPI_ADRS_DMA_DATA, buf, len);
+ return 0;
+}
+
+static int p54spi_request_firmware(struct ieee80211_hw *dev)
+{
+ struct p54s_priv *priv = dev->priv;
+ int ret;
+
+ /* FIXME: should driver use it's own struct device? */
+ ret = request_firmware(&priv->firmware, "3826.arm", &priv->spi->dev);
+
+ if (ret < 0) {
+ dev_err(&priv->spi->dev, "request_firmware() failed: %d", ret);
+ return ret;
+ }
+
+ ret = p54_parse_firmware(dev, priv->firmware);
+ if (ret) {
+ /* the firmware is released by the caller */
+ return ret;
+ }
+
+ return 0;
+}
+
+static int p54spi_request_eeprom(struct ieee80211_hw *dev)
+{
+ struct p54s_priv *priv = dev->priv;
+ const struct firmware *eeprom;
+ int ret;
+
+ /* allow users to customize their eeprom.
+ */
+
+ ret = request_firmware_direct(&eeprom, "3826.eeprom", &priv->spi->dev);
+ if (ret < 0) {
+#ifdef CONFIG_P54_SPI_DEFAULT_EEPROM
+ dev_info(&priv->spi->dev, "loading default eeprom...\n");
+ ret = p54_parse_eeprom(dev, (void *) p54spi_eeprom,
+ sizeof(p54spi_eeprom));
+#else
+ dev_err(&priv->spi->dev, "Failed to request user eeprom\n");
+#endif /* CONFIG_P54_SPI_DEFAULT_EEPROM */
+ } else {
+ dev_info(&priv->spi->dev, "loading user eeprom...\n");
+ ret = p54_parse_eeprom(dev, (void *) eeprom->data,
+ (int)eeprom->size);
+ release_firmware(eeprom);
+ }
+ return ret;
+}
+
+static int p54spi_upload_firmware(struct ieee80211_hw *dev)
+{
+ struct p54s_priv *priv = dev->priv;
+ unsigned long fw_len, _fw_len;
+ unsigned int offset = 0;
+ int err = 0;
+ u8 *fw;
+
+ fw_len = priv->firmware->size;
+ fw = kmemdup(priv->firmware->data, fw_len, GFP_KERNEL);
+ if (!fw)
+ return -ENOMEM;
+
+ /* stop the device */
+ p54spi_write16(priv, SPI_ADRS_DEV_CTRL_STAT, cpu_to_le16(
+ SPI_CTRL_STAT_HOST_OVERRIDE | SPI_CTRL_STAT_HOST_RESET |
+ SPI_CTRL_STAT_START_HALTED));
+
+ msleep(TARGET_BOOT_SLEEP);
+
+ p54spi_write16(priv, SPI_ADRS_DEV_CTRL_STAT, cpu_to_le16(
+ SPI_CTRL_STAT_HOST_OVERRIDE |
+ SPI_CTRL_STAT_START_HALTED));
+
+ msleep(TARGET_BOOT_SLEEP);
+
+ while (fw_len > 0) {
+ _fw_len = min_t(long, fw_len, SPI_MAX_PACKET_SIZE);
+
+ err = p54spi_spi_write_dma(priv, cpu_to_le32(
+ ISL38XX_DEV_FIRMWARE_ADDR + offset),
+ (fw + offset), _fw_len);
+ if (err < 0)
+ goto out;
+
+ fw_len -= _fw_len;
+ offset += _fw_len;
+ }
+
+ BUG_ON(fw_len != 0);
+
+ /* enable host interrupts */
+ p54spi_write32(priv, SPI_ADRS_HOST_INT_EN,
+ cpu_to_le32(SPI_HOST_INTS_DEFAULT));
+
+ /* boot the device */
+ p54spi_write16(priv, SPI_ADRS_DEV_CTRL_STAT, cpu_to_le16(
+ SPI_CTRL_STAT_HOST_OVERRIDE | SPI_CTRL_STAT_HOST_RESET |
+ SPI_CTRL_STAT_RAM_BOOT));
+
+ msleep(TARGET_BOOT_SLEEP);
+
+ p54spi_write16(priv, SPI_ADRS_DEV_CTRL_STAT, cpu_to_le16(
+ SPI_CTRL_STAT_HOST_OVERRIDE | SPI_CTRL_STAT_RAM_BOOT));
+ msleep(TARGET_BOOT_SLEEP);
+
+out:
+ kfree(fw);
+ return err;
+}
+
+static void p54spi_power_off(struct p54s_priv *priv)
+{
+ disable_irq(gpio_to_irq(p54spi_gpio_irq));
+ gpio_set_value(p54spi_gpio_power, 0);
+}
+
+static void p54spi_power_on(struct p54s_priv *priv)
+{
+ gpio_set_value(p54spi_gpio_power, 1);
+ enable_irq(gpio_to_irq(p54spi_gpio_irq));
+
+ /* need to wait a while before device can be accessed, the length
+ * is just a guess
+ */
+ msleep(10);
+}
+
+static inline void p54spi_int_ack(struct p54s_priv *priv, u32 val)
+{
+ p54spi_write32(priv, SPI_ADRS_HOST_INT_ACK, cpu_to_le32(val));
+}
+
+static int p54spi_wakeup(struct p54s_priv *priv)
+{
+ /* wake the chip */
+ p54spi_write32(priv, SPI_ADRS_ARM_INTERRUPTS,
+ cpu_to_le32(SPI_TARGET_INT_WAKEUP));
+
+ /* And wait for the READY interrupt */
+ if (!p54spi_wait_bit(priv, SPI_ADRS_HOST_INTERRUPTS,
+ SPI_HOST_INT_READY)) {
+ dev_err(&priv->spi->dev, "INT_READY timeout\n");
+ return -EBUSY;
+ }
+
+ p54spi_int_ack(priv, SPI_HOST_INT_READY);
+ return 0;
+}
+
+static inline void p54spi_sleep(struct p54s_priv *priv)
+{
+ p54spi_write32(priv, SPI_ADRS_ARM_INTERRUPTS,
+ cpu_to_le32(SPI_TARGET_INT_SLEEP));
+}
+
+static void p54spi_int_ready(struct p54s_priv *priv)
+{
+ p54spi_write32(priv, SPI_ADRS_HOST_INT_EN, cpu_to_le32(
+ SPI_HOST_INT_UPDATE | SPI_HOST_INT_SW_UPDATE));
+
+ switch (priv->fw_state) {
+ case FW_STATE_BOOTING:
+ priv->fw_state = FW_STATE_READY;
+ complete(&priv->fw_comp);
+ break;
+ case FW_STATE_RESETTING:
+ priv->fw_state = FW_STATE_READY;
+ /* TODO: reinitialize state */
+ break;
+ default:
+ break;
+ }
+}
+
+static int p54spi_rx(struct p54s_priv *priv)
+{
+ struct sk_buff *skb;
+ u16 len;
+ u16 rx_head[2];
+#define READAHEAD_SZ (sizeof(rx_head)-sizeof(u16))
+
+ if (p54spi_wakeup(priv) < 0)
+ return -EBUSY;
+
+ /* Read data size and first data word in one SPI transaction
+ * This is workaround for firmware/DMA bug,
+ * when first data word gets lost under high load.
+ */
+ p54spi_spi_read(priv, SPI_ADRS_DMA_DATA, rx_head, sizeof(rx_head));
+ len = rx_head[0];
+
+ if (len == 0) {
+ p54spi_sleep(priv);
+ dev_err(&priv->spi->dev, "rx request of zero bytes\n");
+ return 0;
+ }
+
+ /* Firmware may insert up to 4 padding bytes after the lmac header,
+ * but it does not amend the size of SPI data transfer.
+ * Such packets has correct data size in header, thus referencing
+ * past the end of allocated skb. Reserve extra 4 bytes for this case
+ */
+ skb = dev_alloc_skb(len + 4);
+ if (!skb) {
+ p54spi_sleep(priv);
+ dev_err(&priv->spi->dev, "could not alloc skb");
+ return -ENOMEM;
+ }
+
+ if (len <= READAHEAD_SZ) {
+ skb_put_data(skb, rx_head + 1, len);
+ } else {
+ skb_put_data(skb, rx_head + 1, READAHEAD_SZ);
+ p54spi_spi_read(priv, SPI_ADRS_DMA_DATA,
+ skb_put(skb, len - READAHEAD_SZ),
+ len - READAHEAD_SZ);
+ }
+ p54spi_sleep(priv);
+ /* Put additional bytes to compensate for the possible
+ * alignment-caused truncation
+ */
+ skb_put(skb, 4);
+
+ if (p54_rx(priv->hw, skb) == 0)
+ dev_kfree_skb(skb);
+
+ return 0;
+}
+
+
+static irqreturn_t p54spi_interrupt(int irq, void *config)
+{
+ struct spi_device *spi = config;
+ struct p54s_priv *priv = spi_get_drvdata(spi);
+
+ ieee80211_queue_work(priv->hw, &priv->work);
+
+ return IRQ_HANDLED;
+}
+
+static int p54spi_tx_frame(struct p54s_priv *priv, struct sk_buff *skb)
+{
+ struct p54_hdr *hdr = (struct p54_hdr *) skb->data;
+ int ret = 0;
+
+ if (p54spi_wakeup(priv) < 0)
+ return -EBUSY;
+
+ ret = p54spi_spi_write_dma(priv, hdr->req_id, skb->data, skb->len);
+ if (ret < 0)
+ goto out;
+
+ if (!p54spi_wait_bit(priv, SPI_ADRS_HOST_INTERRUPTS,
+ SPI_HOST_INT_WR_READY)) {
+ dev_err(&priv->spi->dev, "WR_READY timeout\n");
+ ret = -EAGAIN;
+ goto out;
+ }
+
+ p54spi_int_ack(priv, SPI_HOST_INT_WR_READY);
+
+ if (FREE_AFTER_TX(skb))
+ p54_free_skb(priv->hw, skb);
+out:
+ p54spi_sleep(priv);
+ return ret;
+}
+
+static int p54spi_wq_tx(struct p54s_priv *priv)
+{
+ struct p54s_tx_info *entry;
+ struct sk_buff *skb;
+ struct ieee80211_tx_info *info;
+ struct p54_tx_info *minfo;
+ struct p54s_tx_info *dinfo;
+ unsigned long flags;
+ int ret = 0;
+
+ spin_lock_irqsave(&priv->tx_lock, flags);
+
+ while (!list_empty(&priv->tx_pending)) {
+ entry = list_entry(priv->tx_pending.next,
+ struct p54s_tx_info, tx_list);
+
+ list_del_init(&entry->tx_list);
+
+ spin_unlock_irqrestore(&priv->tx_lock, flags);
+
+ dinfo = container_of((void *) entry, struct p54s_tx_info,
+ tx_list);
+ minfo = container_of((void *) dinfo, struct p54_tx_info,
+ data);
+ info = container_of((void *) minfo, struct ieee80211_tx_info,
+ rate_driver_data);
+ skb = container_of((void *) info, struct sk_buff, cb);
+
+ ret = p54spi_tx_frame(priv, skb);
+
+ if (ret < 0) {
+ p54_free_skb(priv->hw, skb);
+ return ret;
+ }
+
+ spin_lock_irqsave(&priv->tx_lock, flags);
+ }
+ spin_unlock_irqrestore(&priv->tx_lock, flags);
+ return ret;
+}
+
+static void p54spi_op_tx(struct ieee80211_hw *dev, struct sk_buff *skb)
+{
+ struct p54s_priv *priv = dev->priv;
+ struct ieee80211_tx_info *info = IEEE80211_SKB_CB(skb);
+ struct p54_tx_info *mi = (struct p54_tx_info *) info->rate_driver_data;
+ struct p54s_tx_info *di = (struct p54s_tx_info *) mi->data;
+ unsigned long flags;
+
+ BUILD_BUG_ON(sizeof(*di) > sizeof((mi->data)));
+
+ spin_lock_irqsave(&priv->tx_lock, flags);
+ list_add_tail(&di->tx_list, &priv->tx_pending);
+ spin_unlock_irqrestore(&priv->tx_lock, flags);
+
+ ieee80211_queue_work(priv->hw, &priv->work);
+}
+
+static void p54spi_work(struct work_struct *work)
+{
+ struct p54s_priv *priv = container_of(work, struct p54s_priv, work);
+ u32 ints;
+ int ret;
+
+ mutex_lock(&priv->mutex);
+
+ if (priv->fw_state == FW_STATE_OFF)
+ goto out;
+
+ ints = p54spi_read32(priv, SPI_ADRS_HOST_INTERRUPTS);
+
+ if (ints & SPI_HOST_INT_READY) {
+ p54spi_int_ready(priv);
+ p54spi_int_ack(priv, SPI_HOST_INT_READY);
+ }
+
+ if (priv->fw_state != FW_STATE_READY)
+ goto out;
+
+ if (ints & SPI_HOST_INT_UPDATE) {
+ p54spi_int_ack(priv, SPI_HOST_INT_UPDATE);
+ ret = p54spi_rx(priv);
+ if (ret < 0)
+ goto out;
+ }
+ if (ints & SPI_HOST_INT_SW_UPDATE) {
+ p54spi_int_ack(priv, SPI_HOST_INT_SW_UPDATE);
+ ret = p54spi_rx(priv);
+ if (ret < 0)
+ goto out;
+ }
+
+ ret = p54spi_wq_tx(priv);
+out:
+ mutex_unlock(&priv->mutex);
+}
+
+static int p54spi_op_start(struct ieee80211_hw *dev)
+{
+ struct p54s_priv *priv = dev->priv;
+ unsigned long timeout;
+ int ret = 0;
+
+ if (mutex_lock_interruptible(&priv->mutex)) {
+ ret = -EINTR;
+ goto out;
+ }
+
+ priv->fw_state = FW_STATE_BOOTING;
+
+ p54spi_power_on(priv);
+
+ ret = p54spi_upload_firmware(dev);
+ if (ret < 0) {
+ p54spi_power_off(priv);
+ goto out_unlock;
+ }
+
+ mutex_unlock(&priv->mutex);
+
+ timeout = msecs_to_jiffies(2000);
+ timeout = wait_for_completion_interruptible_timeout(&priv->fw_comp,
+ timeout);
+ if (!timeout) {
+ dev_err(&priv->spi->dev, "firmware boot failed");
+ p54spi_power_off(priv);
+ ret = -1;
+ goto out;
+ }
+
+ if (mutex_lock_interruptible(&priv->mutex)) {
+ ret = -EINTR;
+ p54spi_power_off(priv);
+ goto out;
+ }
+
+ WARN_ON(priv->fw_state != FW_STATE_READY);
+
+out_unlock:
+ mutex_unlock(&priv->mutex);
+
+out:
+ return ret;
+}
+
+static void p54spi_op_stop(struct ieee80211_hw *dev)
+{
+ struct p54s_priv *priv = dev->priv;
+ unsigned long flags;
+
+ mutex_lock(&priv->mutex);
+ WARN_ON(priv->fw_state != FW_STATE_READY);
+
+ p54spi_power_off(priv);
+ spin_lock_irqsave(&priv->tx_lock, flags);
+ INIT_LIST_HEAD(&priv->tx_pending);
+ spin_unlock_irqrestore(&priv->tx_lock, flags);
+
+ priv->fw_state = FW_STATE_OFF;
+ mutex_unlock(&priv->mutex);
+
+ cancel_work_sync(&priv->work);
+}
+
+static int p54spi_probe(struct spi_device *spi)
+{
+ struct p54s_priv *priv = NULL;
+ struct ieee80211_hw *hw;
+ int ret = -EINVAL;
+
+ hw = p54_init_common(sizeof(*priv));
+ if (!hw) {
+ dev_err(&spi->dev, "could not alloc ieee80211_hw");
+ return -ENOMEM;
+ }
+
+ priv = hw->priv;
+ priv->hw = hw;
+ spi_set_drvdata(spi, priv);
+ priv->spi = spi;
+
+ spi->bits_per_word = 16;
+ spi->max_speed_hz = 24000000;
+
+ ret = spi_setup(spi);
+ if (ret < 0) {
+ dev_err(&priv->spi->dev, "spi_setup failed");
+ goto err_free;
+ }
+
+ ret = gpio_request(p54spi_gpio_power, "p54spi power");
+ if (ret < 0) {
+ dev_err(&priv->spi->dev, "power GPIO request failed: %d", ret);
+ goto err_free;
+ }
+
+ ret = gpio_request(p54spi_gpio_irq, "p54spi irq");
+ if (ret < 0) {
+ dev_err(&priv->spi->dev, "irq GPIO request failed: %d", ret);
+ goto err_free_gpio_power;
+ }
+
+ gpio_direction_output(p54spi_gpio_power, 0);
+ gpio_direction_input(p54spi_gpio_irq);
+
+ ret = request_irq(gpio_to_irq(p54spi_gpio_irq),
+ p54spi_interrupt, 0, "p54spi",
+ priv->spi);
+ if (ret < 0) {
+ dev_err(&priv->spi->dev, "request_irq() failed");
+ goto err_free_gpio_irq;
+ }
+
+ irq_set_irq_type(gpio_to_irq(p54spi_gpio_irq), IRQ_TYPE_EDGE_RISING);
+
+ disable_irq(gpio_to_irq(p54spi_gpio_irq));
+
+ INIT_WORK(&priv->work, p54spi_work);
+ init_completion(&priv->fw_comp);
+ INIT_LIST_HEAD(&priv->tx_pending);
+ mutex_init(&priv->mutex);
+ spin_lock_init(&priv->tx_lock);
+ SET_IEEE80211_DEV(hw, &spi->dev);
+ priv->common.open = p54spi_op_start;
+ priv->common.stop = p54spi_op_stop;
+ priv->common.tx = p54spi_op_tx;
+
+ ret = p54spi_request_firmware(hw);
+ if (ret < 0)
+ goto err_free_common;
+
+ ret = p54spi_request_eeprom(hw);
+ if (ret)
+ goto err_free_common;
+
+ ret = p54_register_common(hw, &priv->spi->dev);
+ if (ret)
+ goto err_free_common;
+
+ return 0;
+
+err_free_common:
+ release_firmware(priv->firmware);
+ free_irq(gpio_to_irq(p54spi_gpio_irq), spi);
+err_free_gpio_irq:
+ gpio_free(p54spi_gpio_irq);
+err_free_gpio_power:
+ gpio_free(p54spi_gpio_power);
+err_free:
+ p54_free_common(priv->hw);
+ return ret;
+}
+
+static void p54spi_remove(struct spi_device *spi)
+{
+ struct p54s_priv *priv = spi_get_drvdata(spi);
+
+ p54_unregister_common(priv->hw);
+
+ free_irq(gpio_to_irq(p54spi_gpio_irq), spi);
+
+ gpio_free(p54spi_gpio_power);
+ gpio_free(p54spi_gpio_irq);
+ release_firmware(priv->firmware);
+
+ mutex_destroy(&priv->mutex);
+
+ p54_free_common(priv->hw);
+}
+
+
+static struct spi_driver p54spi_driver = {
+ .driver = {
+ .name = "p54spi",
+ },
+
+ .probe = p54spi_probe,
+ .remove = p54spi_remove,
+};
+
+module_spi_driver(p54spi_driver);
+
+MODULE_LICENSE("GPL");
+MODULE_AUTHOR("Christian Lamparter <chunkeey@web.de>");
+MODULE_ALIAS("spi:cx3110x");
+MODULE_ALIAS("spi:p54spi");
+MODULE_ALIAS("spi:stlc45xx");
diff --git a/drivers/net/wireless/intersil/p54/p54spi.h b/drivers/net/wireless/intersil/p54/p54spi.h
new file mode 100644
index 000000000..e5619a13f
--- /dev/null
+++ b/drivers/net/wireless/intersil/p54/p54spi.h
@@ -0,0 +1,112 @@
+/* SPDX-License-Identifier: GPL-2.0-only */
+/*
+ * Copyright (C) 2008 Christian Lamparter <chunkeey@web.de>
+ *
+ * This driver is a port from stlc45xx:
+ * Copyright (C) 2008 Nokia Corporation and/or its subsidiary(-ies).
+ */
+
+#ifndef P54SPI_H
+#define P54SPI_H
+
+#include <linux/mutex.h>
+#include <linux/list.h>
+#include <net/mac80211.h>
+
+#include "p54.h"
+
+/* Bit 15 is read/write bit; ON = READ, OFF = WRITE */
+#define SPI_ADRS_READ_BIT_15 0x8000
+
+#define SPI_ADRS_ARM_INTERRUPTS 0x00
+#define SPI_ADRS_ARM_INT_EN 0x04
+
+#define SPI_ADRS_HOST_INTERRUPTS 0x08
+#define SPI_ADRS_HOST_INT_EN 0x0c
+#define SPI_ADRS_HOST_INT_ACK 0x10
+
+#define SPI_ADRS_GEN_PURP_1 0x14
+#define SPI_ADRS_GEN_PURP_2 0x18
+
+#define SPI_ADRS_DEV_CTRL_STAT 0x26 /* high word */
+
+#define SPI_ADRS_DMA_DATA 0x28
+
+#define SPI_ADRS_DMA_WRITE_CTRL 0x2c
+#define SPI_ADRS_DMA_WRITE_LEN 0x2e
+#define SPI_ADRS_DMA_WRITE_BASE 0x30
+
+#define SPI_ADRS_DMA_READ_CTRL 0x34
+#define SPI_ADRS_DMA_READ_LEN 0x36
+#define SPI_ADRS_DMA_READ_BASE 0x38
+
+#define SPI_CTRL_STAT_HOST_OVERRIDE 0x8000
+#define SPI_CTRL_STAT_START_HALTED 0x4000
+#define SPI_CTRL_STAT_RAM_BOOT 0x2000
+#define SPI_CTRL_STAT_HOST_RESET 0x1000
+#define SPI_CTRL_STAT_HOST_CPU_EN 0x0800
+
+#define SPI_DMA_WRITE_CTRL_ENABLE 0x0001
+#define SPI_DMA_READ_CTRL_ENABLE 0x0001
+#define HOST_ALLOWED (1 << 7)
+
+#define SPI_TIMEOUT 100 /* msec */
+
+#define SPI_MAX_TX_PACKETS 32
+
+#define SPI_MAX_PACKET_SIZE 32767
+
+#define SPI_TARGET_INT_WAKEUP 0x00000001
+#define SPI_TARGET_INT_SLEEP 0x00000002
+#define SPI_TARGET_INT_RDDONE 0x00000004
+
+#define SPI_TARGET_INT_CTS 0x00004000
+#define SPI_TARGET_INT_DR 0x00008000
+
+#define SPI_HOST_INT_READY 0x00000001
+#define SPI_HOST_INT_WR_READY 0x00000002
+#define SPI_HOST_INT_SW_UPDATE 0x00000004
+#define SPI_HOST_INT_UPDATE 0x10000000
+
+/* clear to send */
+#define SPI_HOST_INT_CR 0x00004000
+
+/* data ready */
+#define SPI_HOST_INT_DR 0x00008000
+
+#define SPI_HOST_INTS_DEFAULT \
+ (SPI_HOST_INT_READY | SPI_HOST_INT_UPDATE | SPI_HOST_INT_SW_UPDATE)
+
+#define TARGET_BOOT_SLEEP 50
+
+struct p54s_dma_regs {
+ __le16 cmd;
+ __le16 len;
+ __le32 addr;
+} __packed;
+
+struct p54s_tx_info {
+ struct list_head tx_list;
+};
+
+struct p54s_priv {
+ /* p54_common has to be the first entry */
+ struct p54_common common;
+ struct ieee80211_hw *hw;
+ struct spi_device *spi;
+
+ struct work_struct work;
+
+ struct mutex mutex;
+ struct completion fw_comp;
+
+ spinlock_t tx_lock;
+
+ /* protected by tx_lock */
+ struct list_head tx_pending;
+
+ enum fw_state fw_state;
+ const struct firmware *firmware;
+};
+
+#endif /* P54SPI_H */
diff --git a/drivers/net/wireless/intersil/p54/p54spi_eeprom.h b/drivers/net/wireless/intersil/p54/p54spi_eeprom.h
new file mode 100644
index 000000000..4b48b6590
--- /dev/null
+++ b/drivers/net/wireless/intersil/p54/p54spi_eeprom.h
@@ -0,0 +1,666 @@
+/* SPDX-License-Identifier: GPL-2.0-only */
+/*
+ * Copyright (C) 2003 Conexant Americas Inc. All Rights Reserved.
+ * Copyright (C) 2004, 2005, 2006 Nokia Corporation
+ * Copyright 2008 Johannes Berg <johannes@sipsolutions.net>
+ * Copyright 2008 Christian Lamparter <chunkeey@web.de>
+ *
+ * based on:
+ * - cx3110x's pda.h from Nokia
+ * - cx3110-transfer.log by Johannes Berg
+ */
+
+#ifndef P54SPI_EEPROM_H
+#define P54SPI_EEPROM_H
+
+static unsigned char p54spi_eeprom[] = {
+
+/* struct eeprom_pda_wrap */
+0x47, 0x4d, 0x55, 0xaa, /* magic */
+0x00, 0x00, /* pad */
+0x00, 0x00, /* eeprom_pda_data_wrap length */
+0x00, 0x00, 0x00, 0x00, /* arm opcode */
+
+/* bogus MAC address */
+0x04, 0x00, 0x01, 0x01, /* PDR_MAC_ADDRESS */
+ 0x00, 0x02, 0xee, 0xc0, 0xff, 0xee,
+
+/* struct bootrec_exp_if */
+0x06, 0x00, 0x01, 0x10, /* PDR_INTERFACE_LIST */
+ 0x00, 0x00, /* role */
+ 0x0f, 0x00, /* if_id */
+ 0x85, 0x00, /* variant = Longbow RF, 2GHz */
+ 0x01, 0x00, /* btm_compat */
+ 0x1f, 0x00, /* top_compat */
+
+0x03, 0x00, 0x02, 0x10, /* PDR_HARDWARE_PLATFORM_COMPONENT_ID */
+ 0x03, 0x20, 0x00, 0x43,
+
+/* struct pda_country[6] */
+0x0d, 0x00, 0x07, 0x10, /* PDR_COUNTRY_LIST */
+ 0x10, 0x00, 0x00, 0x00,
+ 0x20, 0x00, 0x00, 0x00,
+ 0x30, 0x00, 0x00, 0x00,
+ 0x31, 0x00, 0x00, 0x00,
+ 0x32, 0x00, 0x00, 0x00,
+ 0x40, 0x00, 0x00, 0x00,
+
+/* struct pda_country */
+0x03, 0x00, 0x08, 0x10, /* PDR_DEFAULT_COUNTRY */
+ 0x30, 0x00, 0x00, 0x00, /* ETSI */
+
+0x03, 0x00, 0x00, 0x11, /* PDR_ANTENNA_GAIN */
+ 0x08, 0x08, 0x08, 0x08,
+
+0x0a, 0x00, 0xff, 0xca, /* PDR_RSSI_LINEAR_APPROXIMATION_CUSTOMV2 */
+ 0x01, 0x00, 0x0a, 0x00,
+ 0x00, 0x00, 0x0a, 0x00,
+ 0x85, 0x09, 0x0a, 0x01, 0x72, 0xfe, 0x1a, 0x00, 0x00, 0x00,
+
+/* struct pda_custom_wrapper */
+0x10, 0x06, 0x5d, 0xb0, /* PDR_PRISM_PA_CAL_CURVE_DATA_CUSTOM */
+ 0x0d, 0x00, 0xee, 0x00, /* 13 entries, 238 bytes per entry */
+ 0x00, 0x00, 0x16, 0x0c, /* no offset, 3094 total len */
+ /* 2412 MHz */
+ 0x6c, 0x09,
+ 0x10, 0x01, 0x9a, 0x84,
+ 0xaa, 0x8a, 0xaa, 0x8a, 0xaa, 0x8a, 0xaa, 0x8a,
+ 0x3c, 0xb6, 0x3c, 0xb6, 0x3c, 0xb6, 0x3c, 0xb6,
+ 0x3c, 0xb6, 0x3c, 0xb6, 0x3c, 0xb6, 0x3c, 0xb6,
+ 0xf0, 0x00, 0x94, 0x6c,
+ 0x99, 0x82, 0x99, 0x82, 0x99, 0x82, 0x99, 0x82,
+ 0x2b, 0xae, 0x2b, 0xae, 0x2b, 0xae, 0x2b, 0xae,
+ 0x2b, 0xae, 0x2b, 0xae, 0x2b, 0xae, 0x2b, 0xae,
+ 0xd0, 0x00, 0xaa, 0x5a,
+ 0x88, 0x7a, 0x88, 0x7a, 0x88, 0x7a, 0x88, 0x7a,
+ 0x1a, 0xa6, 0x1a, 0xa6, 0x1a, 0xa6, 0x1a, 0xa6,
+ 0x1a, 0xa6, 0x1a, 0xa6, 0x1a, 0xa6, 0x1a, 0xa6,
+ 0xa0, 0x00, 0xf3, 0x47,
+ 0x6e, 0x6e, 0x6e, 0x6e, 0x6e, 0x6e, 0x6e, 0x6e,
+ 0x00, 0x9a, 0x00, 0x9a, 0x00, 0x9a, 0x00, 0x9a,
+ 0x00, 0x9a, 0x00, 0x9a, 0x00, 0x9a, 0x00, 0x9a,
+ 0x50, 0x00, 0x59, 0x36,
+ 0x43, 0x5a, 0x43, 0x5a, 0x43, 0x5a, 0x43, 0x5a,
+ 0xd5, 0x85, 0xd5, 0x85, 0xd5, 0x85, 0xd5, 0x85,
+ 0xd5, 0x85, 0xd5, 0x85, 0xd5, 0x85, 0xd5, 0x85,
+ 0x00, 0x00, 0xe4, 0x2d,
+ 0x18, 0x46, 0x18, 0x46, 0x18, 0x46, 0x18, 0x46,
+ 0xaa, 0x71, 0xaa, 0x71, 0xaa, 0x71, 0xaa, 0x71,
+ 0xaa, 0x71, 0xaa, 0x71, 0xaa, 0x71, 0xaa, 0x71,
+ 0x00, 0x80, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x80, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x06, 0x80, 0x80, 0x00,
+
+ /* 2417 MHz */
+ 0x71, 0x09,
+ 0x10, 0x01, 0xb9, 0x83,
+ 0x7d, 0x8a, 0x7d, 0x8a, 0x7d, 0x8a, 0x7d, 0x8a,
+ 0x0f, 0xb6, 0x0f, 0xb6, 0x0f, 0xb6, 0x0f, 0xb6,
+ 0x0f, 0xb6, 0x0f, 0xb6, 0x0f, 0xb6, 0x0f, 0xb6,
+ 0xf0, 0x00, 0x2e, 0x6c,
+ 0x68, 0x82, 0x68, 0x82, 0x68, 0x82, 0x68, 0x82,
+ 0xfa, 0xad, 0xfa, 0xad, 0xfa, 0xad, 0xfa, 0xad,
+ 0xfa, 0xad, 0xfa, 0xad, 0xfa, 0xad, 0xfa, 0xad,
+ 0xd0, 0x00, 0x8d, 0x5a,
+ 0x52, 0x7a, 0x52, 0x7a, 0x52, 0x7a, 0x52, 0x7a,
+ 0xe4, 0xa5, 0xe4, 0xa5, 0xe4, 0xa5, 0xe4, 0xa5,
+ 0xe4, 0xa5, 0xe4, 0xa5, 0xe4, 0xa5, 0xe4, 0xa5,
+ 0xa0, 0x00, 0x0a, 0x48,
+ 0x32, 0x6e, 0x32, 0x6e, 0x32, 0x6e, 0x32, 0x6e,
+ 0xc4, 0x99, 0xc4, 0x99, 0xc4, 0x99, 0xc4, 0x99,
+ 0xc4, 0x99, 0xc4, 0x99, 0xc4, 0x99, 0xc4, 0x99,
+ 0x50, 0x00, 0x7c, 0x36,
+ 0xfc, 0x59, 0xfc, 0x59, 0xfc, 0x59, 0xfc, 0x59,
+ 0x8e, 0x85, 0x8e, 0x85, 0x8e, 0x85, 0x8e, 0x85,
+ 0x8e, 0x85, 0x8e, 0x85, 0x8e, 0x85, 0x8e, 0x85,
+ 0x00, 0x00, 0xf5, 0x2d,
+ 0xc6, 0x45, 0xc6, 0x45, 0xc6, 0x45, 0xc6, 0x45,
+ 0x58, 0x71, 0x58, 0x71, 0x58, 0x71, 0x58, 0x71,
+ 0x58, 0x71, 0x58, 0x71, 0x58, 0x71, 0x58, 0x71,
+ 0x00, 0x80, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x80, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x06, 0x80, 0x80, 0x00,
+
+ /* 2422 MHz */
+ 0x76, 0x09,
+ 0x10, 0x01, 0xb9, 0x83,
+ 0x7d, 0x8a, 0x7d, 0x8a, 0x7d, 0x8a, 0x7d, 0x8a,
+ 0x0f, 0xb6, 0x0f, 0xb6, 0x0f, 0xb6, 0x0f, 0xb6,
+ 0x0f, 0xb6, 0x0f, 0xb6, 0x0f, 0xb6, 0x0f, 0xb6,
+ 0xf0, 0x00, 0x2e, 0x6c,
+ 0x68, 0x82, 0x68, 0x82, 0x68, 0x82, 0x68, 0x82,
+ 0xfa, 0xad, 0xfa, 0xad, 0xfa, 0xad, 0xfa, 0xad,
+ 0xfa, 0xad, 0xfa, 0xad, 0xfa, 0xad, 0xfa, 0xad,
+ 0xd0, 0x00, 0x8d, 0x5a,
+ 0x52, 0x7a, 0x52, 0x7a, 0x52, 0x7a, 0x52, 0x7a,
+ 0xe4, 0xa5, 0xe4, 0xa5, 0xe4, 0xa5, 0xe4, 0xa5,
+ 0xe4, 0xa5, 0xe4, 0xa5, 0xe4, 0xa5, 0xe4, 0xa5,
+ 0xa0, 0x00, 0x0a, 0x48,
+ 0x32, 0x6e, 0x32, 0x6e, 0x32, 0x6e, 0x32, 0x6e,
+ 0xc4, 0x99, 0xc4, 0x99, 0xc4, 0x99, 0xc4, 0x99,
+ 0xc4, 0x99, 0xc4, 0x99, 0xc4, 0x99, 0xc4, 0x99,
+ 0x50, 0x00, 0x7c, 0x36,
+ 0xfc, 0x59, 0xfc, 0x59, 0xfc, 0x59, 0xfc, 0x59,
+ 0x8e, 0x85, 0x8e, 0x85, 0x8e, 0x85, 0x8e, 0x85,
+ 0x8e, 0x85, 0x8e, 0x85, 0x8e, 0x85, 0x8e, 0x85,
+ 0x00, 0x00, 0xf5, 0x2d,
+ 0xc6, 0x45, 0xc6, 0x45, 0xc6, 0x45, 0xc6, 0x45,
+ 0x58, 0x71, 0x58, 0x71, 0x58, 0x71, 0x58, 0x71,
+ 0x58, 0x71, 0x58, 0x71, 0x58, 0x71, 0x58, 0x71,
+ 0x00, 0x80, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x80, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x06, 0x80, 0x80, 0x00,
+
+ /* 2427 MHz */
+ 0x7b, 0x09,
+ 0x10, 0x01, 0x48, 0x83,
+ 0x67, 0x8a, 0x67, 0x8a, 0x67, 0x8a, 0x67, 0x8a,
+ 0xf9, 0xb5, 0xf9, 0xb5, 0xf9, 0xb5, 0xf9, 0xb5,
+ 0xf9, 0xb5, 0xf9, 0xb5, 0xf9, 0xb5, 0xf9, 0xb5,
+ 0xf0, 0x00, 0xfb, 0x6b,
+ 0x50, 0x82, 0x50, 0x82, 0x50, 0x82, 0x50, 0x82,
+ 0xe2, 0xad, 0xe2, 0xad, 0xe2, 0xad, 0xe2, 0xad,
+ 0xe2, 0xad, 0xe2, 0xad, 0xe2, 0xad, 0xe2, 0xad,
+ 0xd0, 0x00, 0x7e, 0x5a,
+ 0x38, 0x7a, 0x38, 0x7a, 0x38, 0x7a, 0x38, 0x7a,
+ 0xca, 0xa5, 0xca, 0xa5, 0xca, 0xa5, 0xca, 0xa5,
+ 0xca, 0xa5, 0xca, 0xa5, 0xca, 0xa5, 0xca, 0xa5,
+ 0xa0, 0x00, 0x15, 0x48,
+ 0x14, 0x6e, 0x14, 0x6e, 0x14, 0x6e, 0x14, 0x6e,
+ 0xa6, 0x99, 0xa6, 0x99, 0xa6, 0x99, 0xa6, 0x99,
+ 0xa6, 0x99, 0xa6, 0x99, 0xa6, 0x99, 0xa6, 0x99,
+ 0x50, 0x00, 0x8e, 0x36,
+ 0xd9, 0x59, 0xd9, 0x59, 0xd9, 0x59, 0xd9, 0x59,
+ 0x6b, 0x85, 0x6b, 0x85, 0x6b, 0x85, 0x6b, 0x85,
+ 0x6b, 0x85, 0x6b, 0x85, 0x6b, 0x85, 0x6b, 0x85,
+ 0x00, 0x00, 0xfe, 0x2d,
+ 0x9d, 0x45, 0x9d, 0x45, 0x9d, 0x45, 0x9d, 0x45,
+ 0x2f, 0x71, 0x2f, 0x71, 0x2f, 0x71, 0x2f, 0x71,
+ 0x2f, 0x71, 0x2f, 0x71, 0x2f, 0x71, 0x2f, 0x71,
+ 0x00, 0x80, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x80, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x06, 0x80, 0x80, 0x00,
+
+ /* 2432 MHz */
+ 0x80, 0x09,
+ 0x10, 0x01, 0xd7, 0x82,
+ 0x51, 0x8a, 0x51, 0x8a, 0x51, 0x8a, 0x51, 0x8a,
+ 0xe3, 0xb5, 0xe3, 0xb5, 0xe3, 0xb5, 0xe3, 0xb5,
+ 0xe3, 0xb5, 0xe3, 0xb5, 0xe3, 0xb5, 0xe3, 0xb5,
+ 0xf0, 0x00, 0xc8, 0x6b,
+ 0x37, 0x82, 0x37, 0x82, 0x37, 0x82, 0x37, 0x82,
+ 0xc9, 0xad, 0xc9, 0xad, 0xc9, 0xad, 0xc9, 0xad,
+ 0xc9, 0xad, 0xc9, 0xad, 0xc9, 0xad, 0xc9, 0xad,
+ 0xd0, 0x00, 0x6f, 0x5a,
+ 0x1d, 0x7a, 0x1d, 0x7a, 0x1d, 0x7a, 0x1d, 0x7a,
+ 0xaf, 0xa5, 0xaf, 0xa5, 0xaf, 0xa5, 0xaf, 0xa5,
+ 0xaf, 0xa5, 0xaf, 0xa5, 0xaf, 0xa5, 0xaf, 0xa5,
+ 0xa0, 0x00, 0x20, 0x48,
+ 0xf6, 0x6d, 0xf6, 0x6d, 0xf6, 0x6d, 0xf6, 0x6d,
+ 0x88, 0x99, 0x88, 0x99, 0x88, 0x99, 0x88, 0x99,
+ 0x88, 0x99, 0x88, 0x99, 0x88, 0x99, 0x88, 0x99,
+ 0x50, 0x00, 0x9f, 0x36,
+ 0xb5, 0x59, 0xb5, 0x59, 0xb5, 0x59, 0xb5, 0x59,
+ 0x47, 0x85, 0x47, 0x85, 0x47, 0x85, 0x47, 0x85,
+ 0x47, 0x85, 0x47, 0x85, 0x47, 0x85, 0x47, 0x85,
+ 0x00, 0x00, 0x06, 0x2e,
+ 0x74, 0x45, 0x74, 0x45, 0x74, 0x45, 0x74, 0x45,
+ 0x06, 0x71, 0x06, 0x71, 0x06, 0x71, 0x06, 0x71,
+ 0x06, 0x71, 0x06, 0x71, 0x06, 0x71, 0x06, 0x71,
+ 0x00, 0x80, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x80, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x06, 0x80, 0x80, 0x00,
+
+ /* 2437 MHz */
+ 0x85, 0x09,
+ 0x10, 0x01, 0x67, 0x82,
+ 0x3a, 0x8a, 0x3a, 0x8a, 0x3a, 0x8a, 0x3a, 0x8a,
+ 0xcc, 0xb5, 0xcc, 0xb5, 0xcc, 0xb5, 0xcc, 0xb5,
+ 0xcc, 0xb5, 0xcc, 0xb5, 0xcc, 0xb5, 0xcc, 0xb5,
+ 0xf0, 0x00, 0x95, 0x6b,
+ 0x1f, 0x82, 0x1f, 0x82, 0x1f, 0x82, 0x1f, 0x82,
+ 0xb1, 0xad, 0xb1, 0xad, 0xb1, 0xad, 0xb1, 0xad,
+ 0xb1, 0xad, 0xb1, 0xad, 0xb1, 0xad, 0xb1, 0xad,
+ 0xd0, 0x00, 0x61, 0x5a,
+ 0x02, 0x7a, 0x02, 0x7a, 0x02, 0x7a, 0x02, 0x7a,
+ 0x94, 0xa5, 0x94, 0xa5, 0x94, 0xa5, 0x94, 0xa5,
+ 0x94, 0xa5, 0x94, 0xa5, 0x94, 0xa5, 0x94, 0xa5,
+ 0xa0, 0x00, 0x2c, 0x48,
+ 0xd8, 0x6d, 0xd8, 0x6d, 0xd8, 0x6d, 0xd8, 0x6d,
+ 0x6a, 0x99, 0x6a, 0x99, 0x6a, 0x99, 0x6a, 0x99,
+ 0x6a, 0x99, 0x6a, 0x99, 0x6a, 0x99, 0x6a, 0x99,
+ 0x50, 0x00, 0xb1, 0x36,
+ 0x92, 0x59, 0x92, 0x59, 0x92, 0x59, 0x92, 0x59,
+ 0x24, 0x85, 0x24, 0x85, 0x24, 0x85, 0x24, 0x85,
+ 0x24, 0x85, 0x24, 0x85, 0x24, 0x85, 0x24, 0x85,
+ 0x00, 0x00, 0x0f, 0x2e,
+ 0x4b, 0x45, 0x4b, 0x45, 0x4b, 0x45, 0x4b, 0x45,
+ 0xdd, 0x70, 0xdd, 0x70, 0xdd, 0x70, 0xdd, 0x70,
+ 0xdd, 0x70, 0xdd, 0x70, 0xdd, 0x70, 0xdd, 0x70,
+ 0x00, 0x80, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x80, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x06, 0x80, 0x80, 0x00,
+
+ /* 2442 MHz */
+ 0x8a, 0x09,
+ 0x10, 0x01, 0xf6, 0x81,
+ 0x24, 0x8a, 0x24, 0x8a, 0x24, 0x8a, 0x24, 0x8a,
+ 0xb6, 0xb5, 0xb6, 0xb5, 0xb6, 0xb5, 0xb6, 0xb5,
+ 0xb6, 0xb5, 0xb6, 0xb5, 0xb6, 0xb5, 0xb6, 0xb5,
+ 0xf0, 0x00, 0x62, 0x6b,
+ 0x06, 0x82, 0x06, 0x82, 0x06, 0x82, 0x06, 0x82,
+ 0x98, 0xad, 0x98, 0xad, 0x98, 0xad, 0x98, 0xad,
+ 0x98, 0xad, 0x98, 0xad, 0x98, 0xad, 0x98, 0xad,
+ 0xd0, 0x00, 0x52, 0x5a,
+ 0xe7, 0x79, 0xe7, 0x79, 0xe7, 0x79, 0xe7, 0x79,
+ 0x79, 0xa5, 0x79, 0xa5, 0x79, 0xa5, 0x79, 0xa5,
+ 0x79, 0xa5, 0x79, 0xa5, 0x79, 0xa5, 0x79, 0xa5,
+ 0xa0, 0x00, 0x37, 0x48,
+ 0xba, 0x6d, 0xba, 0x6d, 0xba, 0x6d, 0xba, 0x6d,
+ 0x4c, 0x99, 0x4c, 0x99, 0x4c, 0x99, 0x4c, 0x99,
+ 0x4c, 0x99, 0x4c, 0x99, 0x4c, 0x99, 0x4c, 0x99,
+ 0x50, 0x00, 0xc2, 0x36,
+ 0x6e, 0x59, 0x6e, 0x59, 0x6e, 0x59, 0x6e, 0x59,
+ 0x00, 0x85, 0x00, 0x85, 0x00, 0x85, 0x00, 0x85,
+ 0x00, 0x85, 0x00, 0x85, 0x00, 0x85, 0x00, 0x85,
+ 0x00, 0x00, 0x17, 0x2e,
+ 0x22, 0x45, 0x22, 0x45, 0x22, 0x45, 0x22, 0x45,
+ 0xb4, 0x70, 0xb4, 0x70, 0xb4, 0x70, 0xb4, 0x70,
+ 0xb4, 0x70, 0xb4, 0x70, 0xb4, 0x70, 0xb4, 0x70,
+ 0x00, 0x80, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x80, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x06, 0x80, 0x80, 0x00,
+
+ /* 2447 MHz */
+ 0x8f, 0x09,
+ 0x10, 0x01, 0x75, 0x83,
+ 0x61, 0x8a, 0x61, 0x8a, 0x61, 0x8a, 0x61, 0x8a,
+ 0xf3, 0xb5, 0xf3, 0xb5, 0xf3, 0xb5, 0xf3, 0xb5,
+ 0xf3, 0xb5, 0xf3, 0xb5, 0xf3, 0xb5, 0xf3, 0xb5,
+ 0xf0, 0x00, 0x4b, 0x6c,
+ 0x3f, 0x82, 0x3f, 0x82, 0x3f, 0x82, 0x3f, 0x82,
+ 0xd1, 0xad, 0xd1, 0xad, 0xd1, 0xad, 0xd1, 0xad,
+ 0xd1, 0xad, 0xd1, 0xad, 0xd1, 0xad, 0xd1, 0xad,
+ 0xd0, 0x00, 0xda, 0x5a,
+ 0x1c, 0x7a, 0x1c, 0x7a, 0x1c, 0x7a, 0x1c, 0x7a,
+ 0xae, 0xa5, 0xae, 0xa5, 0xae, 0xa5, 0xae, 0xa5,
+ 0xae, 0xa5, 0xae, 0xa5, 0xae, 0xa5, 0xae, 0xa5,
+ 0xa0, 0x00, 0x6d, 0x48,
+ 0xe9, 0x6d, 0xe9, 0x6d, 0xe9, 0x6d, 0xe9, 0x6d,
+ 0x7b, 0x99, 0x7b, 0x99, 0x7b, 0x99, 0x7b, 0x99,
+ 0x7b, 0x99, 0x7b, 0x99, 0x7b, 0x99, 0x7b, 0x99,
+ 0x50, 0x00, 0xc6, 0x36,
+ 0x92, 0x59, 0x92, 0x59, 0x92, 0x59, 0x92, 0x59,
+ 0x24, 0x85, 0x24, 0x85, 0x24, 0x85, 0x24, 0x85,
+ 0x24, 0x85, 0x24, 0x85, 0x24, 0x85, 0x24, 0x85,
+ 0x00, 0x00, 0x15, 0x2e,
+ 0x3c, 0x45, 0x3c, 0x45, 0x3c, 0x45, 0x3c, 0x45,
+ 0xce, 0x70, 0xce, 0x70, 0xce, 0x70, 0xce, 0x70,
+ 0xce, 0x70, 0xce, 0x70, 0xce, 0x70, 0xce, 0x70,
+ 0x00, 0x80, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x80, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x06, 0x80, 0x80, 0x00,
+
+ /* 2452 MHz */
+ 0x94, 0x09,
+ 0x10, 0x01, 0xf4, 0x84,
+ 0x9e, 0x8a, 0x9e, 0x8a, 0x9e, 0x8a, 0x9e, 0x8a,
+ 0x30, 0xb6, 0x30, 0xb6, 0x30, 0xb6, 0x30, 0xb6,
+ 0x30, 0xb6, 0x30, 0xb6, 0x30, 0xb6, 0x30, 0xb6,
+ 0xf0, 0x00, 0x34, 0x6d,
+ 0x77, 0x82, 0x77, 0x82, 0x77, 0x82, 0x77, 0x82,
+ 0x09, 0xae, 0x09, 0xae, 0x09, 0xae, 0x09, 0xae,
+ 0x09, 0xae, 0x09, 0xae, 0x09, 0xae, 0x09, 0xae,
+ 0xd0, 0x00, 0x62, 0x5b,
+ 0x50, 0x7a, 0x50, 0x7a, 0x50, 0x7a, 0x50, 0x7a,
+ 0xe2, 0xa5, 0xe2, 0xa5, 0xe2, 0xa5, 0xe2, 0xa5,
+ 0xe2, 0xa5, 0xe2, 0xa5, 0xe2, 0xa5, 0xe2, 0xa5,
+ 0xa0, 0x00, 0xa2, 0x48,
+ 0x17, 0x6e, 0x17, 0x6e, 0x17, 0x6e, 0x17, 0x6e,
+ 0xa9, 0x99, 0xa9, 0x99, 0xa9, 0x99, 0xa9, 0x99,
+ 0xa9, 0x99, 0xa9, 0x99, 0xa9, 0x99, 0xa9, 0x99,
+ 0x50, 0x00, 0xc9, 0x36,
+ 0xb7, 0x59, 0xb7, 0x59, 0xb7, 0x59, 0xb7, 0x59,
+ 0x49, 0x85, 0x49, 0x85, 0x49, 0x85, 0x49, 0x85,
+ 0x49, 0x85, 0x49, 0x85, 0x49, 0x85, 0x49, 0x85,
+ 0x00, 0x00, 0x12, 0x2e,
+ 0x57, 0x45, 0x57, 0x45, 0x57, 0x45, 0x57, 0x45,
+ 0xe9, 0x70, 0xe9, 0x70, 0xe9, 0x70, 0xe9, 0x70,
+ 0xe9, 0x70, 0xe9, 0x70, 0xe9, 0x70, 0xe9, 0x70,
+ 0x00, 0x80, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x80, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x06, 0x80, 0x80, 0x00,
+
+ /* 2452 MHz */
+ 0x99, 0x09,
+ 0x10, 0x01, 0x74, 0x86,
+ 0xdb, 0x8a, 0xdb, 0x8a, 0xdb, 0x8a, 0xdb, 0x8a,
+ 0x6d, 0xb6, 0x6d, 0xb6, 0x6d, 0xb6, 0x6d, 0xb6,
+ 0x6d, 0xb6, 0x6d, 0xb6, 0x6d, 0xb6, 0x6d, 0xb6,
+ 0xf0, 0x00, 0x1e, 0x6e,
+ 0xb0, 0x82, 0xb0, 0x82, 0xb0, 0x82, 0xb0, 0x82,
+ 0x42, 0xae, 0x42, 0xae, 0x42, 0xae, 0x42, 0xae,
+ 0x42, 0xae, 0x42, 0xae, 0x42, 0xae, 0x42, 0xae,
+ 0xd0, 0x00, 0xeb, 0x5b,
+ 0x85, 0x7a, 0x85, 0x7a, 0x85, 0x7a, 0x85, 0x7a,
+ 0x17, 0xa6, 0x17, 0xa6, 0x17, 0xa6, 0x17, 0xa6,
+ 0x17, 0xa6, 0x17, 0xa6, 0x17, 0xa6, 0x17, 0xa6,
+ 0xa0, 0x00, 0xd8, 0x48,
+ 0x46, 0x6e, 0x46, 0x6e, 0x46, 0x6e, 0x46, 0x6e,
+ 0xd8, 0x99, 0xd8, 0x99, 0xd8, 0x99, 0xd8, 0x99,
+ 0xd8, 0x99, 0xd8, 0x99, 0xd8, 0x99, 0xd8, 0x99,
+ 0x50, 0x00, 0xcd, 0x36,
+ 0xdb, 0x59, 0xdb, 0x59, 0xdb, 0x59, 0xdb, 0x59,
+ 0x6d, 0x85, 0x6d, 0x85, 0x6d, 0x85, 0x6d, 0x85,
+ 0x6d, 0x85, 0x6d, 0x85, 0x6d, 0x85, 0x6d, 0x85,
+ 0x00, 0x00, 0x10, 0x2e,
+ 0x71, 0x45, 0x71, 0x45, 0x71, 0x45, 0x71, 0x45,
+ 0x03, 0x71, 0x03, 0x71, 0x03, 0x71, 0x03, 0x71,
+ 0x03, 0x71, 0x03, 0x71, 0x03, 0x71, 0x03, 0x71,
+ 0x00, 0x80, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x80, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x06, 0x80, 0x80, 0x00,
+
+ /* 2557 MHz */
+ 0x9e, 0x09,
+ 0x10, 0x01, 0xf3, 0x87,
+ 0x17, 0x8b, 0x17, 0x8b, 0x17, 0x8b, 0x17, 0x8b,
+ 0xa9, 0xb6, 0xa9, 0xb6, 0xa9, 0xb6, 0xa9, 0xb6,
+ 0xa9, 0xb6, 0xa9, 0xb6, 0xa9, 0xb6, 0xa9, 0xb6,
+ 0xf0, 0x00, 0x07, 0x6f,
+ 0xe9, 0x82, 0xe9, 0x82, 0xe9, 0x82, 0xe9, 0x82,
+ 0x7b, 0xae, 0x7b, 0xae, 0x7b, 0xae, 0x7b, 0xae,
+ 0x7b, 0xae, 0x7b, 0xae, 0x7b, 0xae, 0x7b, 0xae,
+ 0xd0, 0x00, 0x73, 0x5c,
+ 0xba, 0x7a, 0xba, 0x7a, 0xba, 0x7a, 0xba, 0x7a,
+ 0x4c, 0xa6, 0x4c, 0xa6, 0x4c, 0xa6, 0x4c, 0xa6,
+ 0x4c, 0xa6, 0x4c, 0xa6, 0x4c, 0xa6, 0x4c, 0xa6,
+ 0xa0, 0x00, 0x0d, 0x49,
+ 0x74, 0x6e, 0x74, 0x6e, 0x74, 0x6e, 0x74, 0x6e,
+ 0x06, 0x9a, 0x06, 0x9a, 0x06, 0x9a, 0x06, 0x9a,
+ 0x06, 0x9a, 0x06, 0x9a, 0x06, 0x9a, 0x06, 0x9a,
+ 0x50, 0x00, 0xd1, 0x36,
+ 0xff, 0x59, 0xff, 0x59, 0xff, 0x59, 0xff, 0x59,
+ 0x91, 0x85, 0x91, 0x85, 0x91, 0x85, 0x91, 0x85,
+ 0x91, 0x85, 0x91, 0x85, 0x91, 0x85, 0x91, 0x85,
+ 0x00, 0x00, 0x0e, 0x2e,
+ 0x8b, 0x45, 0x8b, 0x45, 0x8b, 0x45, 0x8b, 0x45,
+ 0x1d, 0x71, 0x1d, 0x71, 0x1d, 0x71, 0x1d, 0x71,
+ 0x1d, 0x71, 0x1d, 0x71, 0x1d, 0x71, 0x1d, 0x71,
+ 0x00, 0x80, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x80, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x06, 0x80, 0x80, 0x00,
+
+ /* 2562 MHz */
+ 0xa3, 0x09,
+ 0x10, 0x01, 0x72, 0x89,
+ 0x54, 0x8b, 0x54, 0x8b, 0x54, 0x8b, 0x54, 0x8b,
+ 0xe6, 0xb6, 0xe6, 0xb6, 0xe6, 0xb6, 0xe6, 0xb6,
+ 0xe6, 0xb6, 0xe6, 0xb6, 0xe6, 0xb6, 0xe6, 0xb6,
+ 0xf0, 0x00, 0xf0, 0x6f,
+ 0x21, 0x83, 0x21, 0x83, 0x21, 0x83, 0x21, 0x83,
+ 0xb3, 0xae, 0xb3, 0xae, 0xb3, 0xae, 0xb3, 0xae,
+ 0xb3, 0xae, 0xb3, 0xae, 0xb3, 0xae, 0xb3, 0xae,
+ 0xd0, 0x00, 0xfb, 0x5c,
+ 0xee, 0x7a, 0xee, 0x7a, 0xee, 0x7a, 0xee, 0x7a,
+ 0x80, 0xa6, 0x80, 0xa6, 0x80, 0xa6, 0x80, 0xa6,
+ 0x80, 0xa6, 0x80, 0xa6, 0x80, 0xa6, 0x80, 0xa6,
+ 0xa0, 0x00, 0x43, 0x49,
+ 0xa3, 0x6e, 0xa3, 0x6e, 0xa3, 0x6e, 0xa3, 0x6e,
+ 0x35, 0x9a, 0x35, 0x9a, 0x35, 0x9a, 0x35, 0x9a,
+ 0x35, 0x9a, 0x35, 0x9a, 0x35, 0x9a, 0x35, 0x9a,
+ 0x50, 0x00, 0xd4, 0x36,
+ 0x24, 0x5a, 0x24, 0x5a, 0x24, 0x5a, 0x24, 0x5a,
+ 0xb6, 0x85, 0xb6, 0x85, 0xb6, 0x85, 0xb6, 0x85,
+ 0xb6, 0x85, 0xb6, 0x85, 0xb6, 0x85, 0xb6, 0x85,
+ 0x00, 0x00, 0x0b, 0x2e,
+ 0xa6, 0x45, 0xa6, 0x45, 0xa6, 0x45, 0xa6, 0x45,
+ 0x38, 0x71, 0x38, 0x71, 0x38, 0x71, 0x38, 0x71,
+ 0x38, 0x71, 0x38, 0x71, 0x38, 0x71, 0x38, 0x71,
+ 0x00, 0x80, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x80, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x06, 0x80, 0x80, 0x00,
+
+ /* 2572 MHz */
+ 0xa8, 0x09,
+ 0x10, 0x01, 0xf1, 0x8a,
+ 0x91, 0x8b, 0x91, 0x8b, 0x91, 0x8b, 0x91, 0x8b,
+ 0x23, 0xb7, 0x23, 0xb7, 0x23, 0xb7, 0x23, 0xb7,
+ 0x23, 0xb7, 0x23, 0xb7, 0x23, 0xb7, 0x23, 0xb7,
+ 0xf0, 0x00, 0xd9, 0x70,
+ 0x5a, 0x83, 0x5a, 0x83, 0x5a, 0x83, 0x5a, 0x83,
+ 0xec, 0xae, 0xec, 0xae, 0xec, 0xae, 0xec, 0xae,
+ 0xec, 0xae, 0xec, 0xae, 0xec, 0xae, 0xec, 0xae,
+ 0xd0, 0x00, 0x83, 0x5d,
+ 0x23, 0x7b, 0x23, 0x7b, 0x23, 0x7b, 0x23, 0x7b,
+ 0xb5, 0xa6, 0xb5, 0xa6, 0xb5, 0xa6, 0xb5, 0xa6,
+ 0xb5, 0xa6, 0xb5, 0xa6, 0xb5, 0xa6, 0xb5, 0xa6,
+ 0xa0, 0x00, 0x78, 0x49,
+ 0xd1, 0x6e, 0xd1, 0x6e, 0xd1, 0x6e, 0xd1, 0x6e,
+ 0x63, 0x9a, 0x63, 0x9a, 0x63, 0x9a, 0x63, 0x9a,
+ 0x63, 0x9a, 0x63, 0x9a, 0x63, 0x9a, 0x63, 0x9a,
+ 0x50, 0x00, 0xd8, 0x36,
+ 0x48, 0x5a, 0x48, 0x5a, 0x48, 0x5a, 0x48, 0x5a,
+ 0xda, 0x85, 0xda, 0x85, 0xda, 0x85, 0xda, 0x85,
+ 0xda, 0x85, 0xda, 0x85, 0xda, 0x85, 0xda, 0x85,
+ 0x00, 0x00, 0x09, 0x2e,
+ 0xc0, 0x45, 0xc0, 0x45, 0xc0, 0x45, 0xc0, 0x45,
+ 0x52, 0x71, 0x52, 0x71, 0x52, 0x71, 0x52, 0x71,
+ 0x52, 0x71, 0x52, 0x71, 0x52, 0x71, 0x52, 0x71,
+ 0x00, 0x80, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x80, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x06, 0x80, 0x80, 0x00,
+
+/*
+ * Not really sure if this is actually the power_limit database,
+ * it looks a bit "related" to PDR_PRISM_ZIF_TX_IQ_CALIBRATION
+ */
+/* struct pda_custom_wrapper */
+0xae, 0x00, 0xef, 0xbe, /* PDR_PRISM_PA_CAL_OUTPUT_POWER_LIMITS_CUSTOM */
+ 0x0d, 0x00, 0x1a, 0x00, /* 13 entries, 26 bytes per entry */
+ 0x00, 0x00, 0x52, 0x01, /* no offset, 338 bytes total */
+
+ /* 2412 MHz */
+ 0x6c, 0x09,
+ 0x10, 0x01, 0x10, 0x01, 0x10, 0x01, 0x10, 0x01,
+ 0xe0, 0x00, 0xe0, 0x00, 0xe0, 0x00, 0xe0, 0x00,
+ 0xd0, 0x00, 0xd0, 0x00, 0xd0, 0x00, 0xd0, 0x00,
+
+ /* 2417 MHz */
+ 0x71, 0x09,
+ 0x10, 0x01, 0x10, 0x01, 0x10, 0x01, 0x10, 0x01,
+ 0xf0, 0x00, 0xf0, 0x00, 0xf0, 0x00, 0xf0, 0x00,
+ 0xd0, 0x00, 0xd0, 0x00, 0xd0, 0x00, 0xd0, 0x00,
+
+ /* 2422 MHz */
+ 0x76, 0x09,
+ 0x10, 0x01, 0x10, 0x01, 0x10, 0x01, 0x10, 0x01,
+ 0xf0, 0x00, 0xf0, 0x00, 0xf0, 0x00, 0xf0, 0x00,
+ 0xd0, 0x00, 0xd0, 0x00, 0xd0, 0x00, 0xd0, 0x00,
+
+ /* 2427 MHz */
+ 0x7b, 0x09,
+ 0x10, 0x01, 0x10, 0x01, 0x10, 0x01, 0x10, 0x01,
+ 0xf0, 0x00, 0xf0, 0x00, 0xf0, 0x00, 0xf0, 0x00,
+ 0xd0, 0x00, 0xd0, 0x00, 0xd0, 0x00, 0xd0, 0x00,
+
+ /* 2432 MHz */
+ 0x80, 0x09,
+ 0x10, 0x01, 0x10, 0x01, 0x10, 0x01, 0x10, 0x01,
+ 0xf0, 0x00, 0xf0, 0x00, 0xf0, 0x00, 0xf0, 0x00,
+ 0xd0, 0x00, 0xd0, 0x00, 0xd0, 0x00, 0xd0, 0x00,
+
+ /* 2437 MHz */
+ 0x85, 0x09,
+ 0x10, 0x01, 0x10, 0x01, 0x10, 0x01, 0x10, 0x01,
+ 0xf0, 0x00, 0xf0, 0x00, 0xf0, 0x00, 0xf0, 0x00,
+ 0xd0, 0x00, 0xd0, 0x00, 0xd0, 0x00, 0xd0, 0x00,
+
+ /* 2442 MHz */
+ 0x8a, 0x09,
+ 0x10, 0x01, 0x10, 0x01, 0x10, 0x01, 0x10, 0x01,
+ 0xf0, 0x00, 0xf0, 0x00, 0xf0, 0x00, 0xf0, 0x00,
+ 0xd0, 0x00, 0xd0, 0x00, 0xd0, 0x00, 0xd0, 0x00,
+
+ /* 2447 MHz */
+ 0x8f, 0x09,
+ 0x10, 0x01, 0x10, 0x01, 0x10, 0x01, 0x10, 0x01,
+ 0xf0, 0x00, 0xf0, 0x00, 0xf0, 0x00, 0xf0, 0x00,
+ 0xd0, 0x00, 0xd0, 0x00, 0xd0, 0x00, 0xd0, 0x00,
+
+ /* 2452 MHz */
+ 0x94, 0x09,
+ 0x10, 0x01, 0x10, 0x01, 0x10, 0x01, 0x10, 0x01,
+ 0xf0, 0x00, 0xf0, 0x00, 0xf0, 0x00, 0xf0, 0x00,
+ 0xd0, 0x00, 0xd0, 0x00, 0xd0, 0x00, 0xd0, 0x00,
+
+ /* 2457 MHz */
+ 0x99, 0x09,
+ 0x10, 0x01, 0x10, 0x01, 0x10, 0x01, 0x10, 0x01,
+ 0xf0, 0x00, 0xf0, 0x00, 0xf0, 0x00, 0xf0, 0x00,
+ 0xd0, 0x00, 0xd0, 0x00, 0xd0, 0x00, 0xd0, 0x00,
+
+ /* 2462 MHz */
+ 0x9e, 0x09,
+ 0x10, 0x01, 0x10, 0x01, 0x10, 0x01, 0x10, 0x01,
+ 0xf0, 0x00, 0xf0, 0x00, 0xf0, 0x00, 0xf0, 0x00,
+ 0xd0, 0x00, 0xd0, 0x00, 0xd0, 0x00, 0xd0, 0x00,
+
+ /* 2467 MHz */
+ 0xa3, 0x09,
+ 0x10, 0x01, 0x10, 0x01, 0x10, 0x01, 0x10, 0x01,
+ 0xf0, 0x00, 0xf0, 0x00, 0xf0, 0x00, 0xf0, 0x00,
+ 0xd0, 0x00, 0xd0, 0x00, 0xd0, 0x00, 0xd0, 0x00,
+
+ /* 2472 MHz */
+ 0xa8, 0x09,
+ 0x10, 0x01, 0x10, 0x01, 0x10, 0x01, 0x10, 0x01,
+ 0xf0, 0x00, 0xf0, 0x00, 0xf0, 0x00, 0xf0, 0x00,
+ 0xd0, 0x00, 0xd0, 0x00, 0xd0, 0x00, 0xd0, 0x00,
+
+/* struct pda_iq_autocal_entry[13] */
+0x42, 0x00, 0x06, 0x19, /* PDR_PRISM_ZIF_TX_IQ_CALIBRATION */
+ /* 2412 MHz */
+ 0x6c, 0x09, 0x26, 0x00, 0xf8, 0xff, 0xf7, 0xff, 0xff, 0x00,
+ /* 2417 MHz */
+ 0x71, 0x09, 0x26, 0x00, 0xf8, 0xff, 0xf7, 0xff, 0xff, 0x00,
+ /* 2422 MHz */
+ 0x76, 0x09, 0x26, 0x00, 0xf8, 0xff, 0xf7, 0xff, 0xff, 0x00,
+ /* 2427 MHz */
+ 0x7b, 0x09, 0x26, 0x00, 0xf8, 0xff, 0xf7, 0xff, 0xff, 0x00,
+ /* 2432 MHz */
+ 0x80, 0x09, 0x25, 0x00, 0xf7, 0xff, 0xf7, 0xff, 0xff, 0x00,
+ /* 2437 MHz */
+ 0x85, 0x09, 0x25, 0x00, 0xf7, 0xff, 0xf7, 0xff, 0xff, 0x00,
+ /* 2442 MHz */
+ 0x8a, 0x09, 0x25, 0x00, 0xf7, 0xff, 0xf7, 0xff, 0xff, 0x00,
+ /* 2447 MHz */
+ 0x8f, 0x09, 0x25, 0x00, 0xf7, 0xff, 0xf7, 0xff, 0xff, 0x00,
+ /* 2452 MHz */
+ 0x94, 0x09, 0x25, 0x00, 0xf7, 0xff, 0xf7, 0xff, 0xff, 0x00,
+ /* 2457 MHz */
+ 0x99, 0x09, 0x25, 0x00, 0xf5, 0xff, 0xf9, 0xff, 0x00, 0x01,
+ /* 2462 MHz */
+ 0x9e, 0x09, 0x25, 0x00, 0xf5, 0xff, 0xf9, 0xff, 0x00, 0x01,
+ /* 2467 MHz */
+ 0xa3, 0x09, 0x25, 0x00, 0xf5, 0xff, 0xf9, 0xff, 0x00, 0x01,
+ /* 2472 MHz */
+ 0xa8, 0x09, 0x25, 0x00, 0xf5, 0xff, 0xf9, 0xff, 0x00, 0x01,
+
+0x02, 0x00, 0x00, 0x00, /* PDR_END */
+ 0xb6, 0x04,
+};
+
+#endif /* P54SPI_EEPROM_H */
+
diff --git a/drivers/net/wireless/intersil/p54/p54usb.c b/drivers/net/wireless/intersil/p54/p54usb.c
new file mode 100644
index 000000000..cae47663b
--- /dev/null
+++ b/drivers/net/wireless/intersil/p54/p54usb.c
@@ -0,0 +1,1140 @@
+// SPDX-License-Identifier: GPL-2.0-only
+
+/*
+ * Linux device driver for USB based Prism54
+ *
+ * Copyright (c) 2006, Michael Wu <flamingice@sourmilk.net>
+ *
+ * Based on the islsm (softmac prism54) driver, which is:
+ * Copyright 2004-2006 Jean-Baptiste Note <jbnote@gmail.com>, et al.
+ */
+
+#include <linux/usb.h>
+#include <linux/pci.h>
+#include <linux/slab.h>
+#include <linux/firmware.h>
+#include <linux/etherdevice.h>
+#include <linux/delay.h>
+#include <linux/crc32.h>
+#include <linux/module.h>
+#include <net/mac80211.h>
+
+#include "p54.h"
+#include "lmac.h"
+#include "p54usb.h"
+
+MODULE_AUTHOR("Michael Wu <flamingice@sourmilk.net>");
+MODULE_DESCRIPTION("Prism54 USB wireless driver");
+MODULE_LICENSE("GPL");
+MODULE_ALIAS("prism54usb");
+MODULE_FIRMWARE("isl3886usb");
+MODULE_FIRMWARE("isl3887usb");
+
+static struct usb_driver p54u_driver;
+
+/*
+ * Note:
+ *
+ * Always update our wiki's device list (located at:
+ * http://wireless.wiki.kernel.org/en/users/Drivers/p54/devices ),
+ * whenever you add a new device.
+ */
+
+static const struct usb_device_id p54u_table[] = {
+ /* Version 1 devices (pci chip + net2280) */
+ {USB_DEVICE(0x0411, 0x0050)}, /* Buffalo WLI2-USB2-G54 */
+ {USB_DEVICE(0x045e, 0x00c2)}, /* Microsoft MN-710 */
+ {USB_DEVICE(0x0506, 0x0a11)}, /* 3COM 3CRWE254G72 */
+ {USB_DEVICE(0x0675, 0x0530)}, /* DrayTek Vigor 530 */
+ {USB_DEVICE(0x06b9, 0x0120)}, /* Thomson SpeedTouch 120g */
+ {USB_DEVICE(0x0707, 0xee06)}, /* SMC 2862W-G */
+ {USB_DEVICE(0x07aa, 0x001c)}, /* Corega CG-WLUSB2GT */
+ {USB_DEVICE(0x083a, 0x4501)}, /* Accton 802.11g WN4501 USB */
+ {USB_DEVICE(0x083a, 0x4502)}, /* Siemens Gigaset USB Adapter */
+ {USB_DEVICE(0x083a, 0x5501)}, /* Phillips CPWUA054 */
+ {USB_DEVICE(0x0846, 0x4200)}, /* Netgear WG121 */
+ {USB_DEVICE(0x0846, 0x4210)}, /* Netgear WG121 the second ? */
+ {USB_DEVICE(0x0846, 0x4220)}, /* Netgear WG111 */
+ {USB_DEVICE(0x09aa, 0x1000)}, /* Spinnaker Proto board */
+ {USB_DEVICE(0x0bf8, 0x1007)}, /* Fujitsu E-5400 USB */
+ {USB_DEVICE(0x0cde, 0x0006)}, /* Medion 40900, Roper Europe */
+ {USB_DEVICE(0x0db0, 0x6826)}, /* MSI UB54G (MS-6826) */
+ {USB_DEVICE(0x107b, 0x55f2)}, /* Gateway WGU-210 (Gemtek) */
+ {USB_DEVICE(0x124a, 0x4023)}, /* Shuttle PN15, Airvast WM168g, IOGear GWU513 */
+ {USB_DEVICE(0x124a, 0x4026)}, /* AirVasT USB wireless device */
+ {USB_DEVICE(0x1435, 0x0210)}, /* Inventel UR054G */
+ {USB_DEVICE(0x15a9, 0x0002)}, /* Gemtek WUBI-100GW 802.11g */
+ {USB_DEVICE(0x1630, 0x0005)}, /* 2Wire 802.11g USB (v1) / Z-Com */
+ {USB_DEVICE(0x182d, 0x096b)}, /* Sitecom WL-107 */
+ {USB_DEVICE(0x1915, 0x2234)}, /* Linksys WUSB54G OEM */
+ {USB_DEVICE(0x1915, 0x2235)}, /* Linksys WUSB54G Portable OEM */
+ {USB_DEVICE(0x2001, 0x3701)}, /* DLink DWL-G120 Spinnaker */
+ {USB_DEVICE(0x2001, 0x3703)}, /* DLink DWL-G122 */
+ {USB_DEVICE(0x2001, 0x3762)}, /* Conceptronic C54U */
+ {USB_DEVICE(0x5041, 0x2234)}, /* Linksys WUSB54G */
+ {USB_DEVICE(0x5041, 0x2235)}, /* Linksys WUSB54G Portable */
+
+ /* Version 2 devices (3887) */
+ {USB_DEVICE(0x0471, 0x1230)}, /* Philips CPWUA054/00 */
+ {USB_DEVICE(0x050d, 0x7050)}, /* Belkin F5D7050 ver 1000 */
+ {USB_DEVICE(0x0572, 0x2000)}, /* Cohiba Proto board */
+ {USB_DEVICE(0x0572, 0x2002)}, /* Cohiba Proto board */
+ {USB_DEVICE(0x06a9, 0x000e)}, /* Westell 802.11g USB (A90-211WG-01) */
+ {USB_DEVICE(0x06b9, 0x0121)}, /* Thomson SpeedTouch 121g */
+ {USB_DEVICE(0x0707, 0xee13)}, /* SMC 2862W-G version 2 */
+ {USB_DEVICE(0x07aa, 0x0020)}, /* Corega WLUSB2GTST USB */
+ {USB_DEVICE(0x0803, 0x4310)}, /* Zoom 4410a */
+ {USB_DEVICE(0x083a, 0x4521)}, /* Siemens Gigaset USB Adapter 54 version 2 */
+ {USB_DEVICE(0x083a, 0x4531)}, /* T-Com Sinus 154 data II */
+ {USB_DEVICE(0x083a, 0xc501)}, /* Zoom Wireless-G 4410 */
+ {USB_DEVICE(0x083a, 0xf503)}, /* Accton FD7050E ver 1010ec */
+ {USB_DEVICE(0x0846, 0x4240)}, /* Netgear WG111 (v2) */
+ {USB_DEVICE(0x0915, 0x2000)}, /* Cohiba Proto board */
+ {USB_DEVICE(0x0915, 0x2002)}, /* Cohiba Proto board */
+ {USB_DEVICE(0x0baf, 0x0118)}, /* U.S. Robotics U5 802.11g Adapter*/
+ {USB_DEVICE(0x0bf8, 0x1009)}, /* FUJITSU E-5400 USB D1700*/
+ /* {USB_DEVICE(0x0cde, 0x0006)}, * Medion MD40900 already listed above,
+ * just noting it here for clarity */
+ {USB_DEVICE(0x0cde, 0x0008)}, /* Sagem XG703A */
+ {USB_DEVICE(0x0cde, 0x0015)}, /* Zcomax XG-705A */
+ {USB_DEVICE(0x0d8e, 0x3762)}, /* DLink DWL-G120 Cohiba */
+ {USB_DEVICE(0x124a, 0x4025)}, /* IOGear GWU513 (GW3887IK chip) */
+ {USB_DEVICE(0x1260, 0xee22)}, /* SMC 2862W-G version 2 */
+ {USB_DEVICE(0x13b1, 0x000a)}, /* Linksys WUSB54G ver 2 */
+ {USB_DEVICE(0x13B1, 0x000C)}, /* Linksys WUSB54AG */
+ {USB_DEVICE(0x1413, 0x5400)}, /* Telsey 802.11g USB2.0 Adapter */
+ {USB_DEVICE(0x1435, 0x0427)}, /* Inventel UR054G */
+ /* {USB_DEVICE(0x15a9, 0x0002)}, * Also SparkLAN WL-682 with 3887 */
+ {USB_DEVICE(0x1668, 0x1050)}, /* Actiontec 802UIG-1 */
+ {USB_DEVICE(0x1740, 0x1000)}, /* Senao NUB-350 */
+ {USB_DEVICE(0x2001, 0x3704)}, /* DLink DWL-G122 rev A2 */
+ {USB_DEVICE(0x2001, 0x3705)}, /* D-Link DWL-G120 rev C1 */
+ {USB_DEVICE(0x413c, 0x5513)}, /* Dell WLA3310 USB Wireless Adapter */
+ {USB_DEVICE(0x413c, 0x8102)}, /* Spinnaker DUT */
+ {USB_DEVICE(0x413c, 0x8104)}, /* Cohiba Proto board */
+ {}
+};
+
+MODULE_DEVICE_TABLE(usb, p54u_table);
+
+static const struct {
+ u32 intf;
+ enum p54u_hw_type type;
+ const char *fw;
+ char hw[20];
+} p54u_fwlist[__NUM_P54U_HWTYPES] = {
+ {
+ .type = P54U_NET2280,
+ .intf = FW_LM86,
+ .fw = "isl3886usb",
+ .hw = "ISL3886 + net2280",
+ },
+ {
+ .type = P54U_3887,
+ .intf = FW_LM87,
+ .fw = "isl3887usb",
+ .hw = "ISL3887",
+ },
+};
+
+static void p54u_rx_cb(struct urb *urb)
+{
+ struct sk_buff *skb = (struct sk_buff *) urb->context;
+ struct p54u_rx_info *info = (struct p54u_rx_info *)skb->cb;
+ struct ieee80211_hw *dev = info->dev;
+ struct p54u_priv *priv = dev->priv;
+
+ skb_unlink(skb, &priv->rx_queue);
+
+ if (unlikely(urb->status)) {
+ dev_kfree_skb_irq(skb);
+ return;
+ }
+
+ skb_put(skb, urb->actual_length);
+
+ if (priv->hw_type == P54U_NET2280)
+ skb_pull(skb, priv->common.tx_hdr_len);
+ if (priv->common.fw_interface == FW_LM87) {
+ skb_pull(skb, 4);
+ skb_put(skb, 4);
+ }
+
+ if (p54_rx(dev, skb)) {
+ skb = dev_alloc_skb(priv->common.rx_mtu + 32);
+ if (unlikely(!skb)) {
+ /* TODO check rx queue length and refill *somewhere* */
+ return;
+ }
+
+ info = (struct p54u_rx_info *) skb->cb;
+ info->urb = urb;
+ info->dev = dev;
+ urb->transfer_buffer = skb_tail_pointer(skb);
+ urb->context = skb;
+ } else {
+ if (priv->hw_type == P54U_NET2280)
+ skb_push(skb, priv->common.tx_hdr_len);
+ if (priv->common.fw_interface == FW_LM87) {
+ skb_push(skb, 4);
+ skb_put(skb, 4);
+ }
+ skb_reset_tail_pointer(skb);
+ skb_trim(skb, 0);
+ urb->transfer_buffer = skb_tail_pointer(skb);
+ }
+ skb_queue_tail(&priv->rx_queue, skb);
+ usb_anchor_urb(urb, &priv->submitted);
+ if (usb_submit_urb(urb, GFP_ATOMIC)) {
+ skb_unlink(skb, &priv->rx_queue);
+ usb_unanchor_urb(urb);
+ dev_kfree_skb_irq(skb);
+ }
+}
+
+static void p54u_tx_cb(struct urb *urb)
+{
+ struct sk_buff *skb = urb->context;
+ struct ieee80211_hw *dev =
+ usb_get_intfdata(usb_ifnum_to_if(urb->dev, 0));
+
+ p54_free_skb(dev, skb);
+}
+
+static void p54u_tx_dummy_cb(struct urb *urb) { }
+
+static void p54u_free_urbs(struct ieee80211_hw *dev)
+{
+ struct p54u_priv *priv = dev->priv;
+ usb_kill_anchored_urbs(&priv->submitted);
+}
+
+static void p54u_stop(struct ieee80211_hw *dev)
+{
+ /*
+ * TODO: figure out how to reliably stop the 3887 and net2280 so
+ * the hardware is still usable next time we want to start it.
+ * until then, we just stop listening to the hardware..
+ */
+ p54u_free_urbs(dev);
+}
+
+static int p54u_init_urbs(struct ieee80211_hw *dev)
+{
+ struct p54u_priv *priv = dev->priv;
+ struct urb *entry = NULL;
+ struct sk_buff *skb;
+ struct p54u_rx_info *info;
+ int ret = 0;
+
+ while (skb_queue_len(&priv->rx_queue) < 32) {
+ skb = __dev_alloc_skb(priv->common.rx_mtu + 32, GFP_KERNEL);
+ if (!skb) {
+ ret = -ENOMEM;
+ goto err;
+ }
+ entry = usb_alloc_urb(0, GFP_KERNEL);
+ if (!entry) {
+ ret = -ENOMEM;
+ goto err;
+ }
+
+ usb_fill_bulk_urb(entry, priv->udev,
+ usb_rcvbulkpipe(priv->udev, P54U_PIPE_DATA),
+ skb_tail_pointer(skb),
+ priv->common.rx_mtu + 32, p54u_rx_cb, skb);
+ info = (struct p54u_rx_info *) skb->cb;
+ info->urb = entry;
+ info->dev = dev;
+ skb_queue_tail(&priv->rx_queue, skb);
+
+ usb_anchor_urb(entry, &priv->submitted);
+ ret = usb_submit_urb(entry, GFP_KERNEL);
+ if (ret) {
+ skb_unlink(skb, &priv->rx_queue);
+ usb_unanchor_urb(entry);
+ goto err;
+ }
+ usb_free_urb(entry);
+ entry = NULL;
+ }
+
+ return 0;
+
+ err:
+ usb_free_urb(entry);
+ kfree_skb(skb);
+ p54u_free_urbs(dev);
+ return ret;
+}
+
+static int p54u_open(struct ieee80211_hw *dev)
+{
+ /*
+ * TODO: Because we don't know how to reliably stop the 3887 and
+ * the isl3886+net2280, other than brutally cut off all
+ * communications. We have to reinitialize the urbs on every start.
+ */
+ return p54u_init_urbs(dev);
+}
+
+static __le32 p54u_lm87_chksum(const __le32 *data, size_t length)
+{
+ u32 chk = 0;
+
+ length >>= 2;
+ while (length--) {
+ chk ^= le32_to_cpu(*data++);
+ chk = (chk >> 5) ^ (chk << 3);
+ }
+
+ return cpu_to_le32(chk);
+}
+
+static void p54u_tx_lm87(struct ieee80211_hw *dev, struct sk_buff *skb)
+{
+ struct p54u_priv *priv = dev->priv;
+ struct urb *data_urb;
+ struct lm87_tx_hdr *hdr = (void *)skb->data - sizeof(*hdr);
+
+ data_urb = usb_alloc_urb(0, GFP_ATOMIC);
+ if (!data_urb) {
+ p54_free_skb(dev, skb);
+ return;
+ }
+
+ hdr->chksum = p54u_lm87_chksum((__le32 *)skb->data, skb->len);
+ hdr->device_addr = ((struct p54_hdr *)skb->data)->req_id;
+
+ usb_fill_bulk_urb(data_urb, priv->udev,
+ usb_sndbulkpipe(priv->udev, P54U_PIPE_DATA),
+ hdr, skb->len + sizeof(*hdr), FREE_AFTER_TX(skb) ?
+ p54u_tx_cb : p54u_tx_dummy_cb, skb);
+ data_urb->transfer_flags |= URB_ZERO_PACKET;
+
+ usb_anchor_urb(data_urb, &priv->submitted);
+ if (usb_submit_urb(data_urb, GFP_ATOMIC)) {
+ usb_unanchor_urb(data_urb);
+ p54_free_skb(dev, skb);
+ }
+ usb_free_urb(data_urb);
+}
+
+static void p54u_tx_net2280(struct ieee80211_hw *dev, struct sk_buff *skb)
+{
+ struct p54u_priv *priv = dev->priv;
+ struct urb *int_urb = NULL, *data_urb = NULL;
+ struct net2280_tx_hdr *hdr = (void *)skb->data - sizeof(*hdr);
+ struct net2280_reg_write *reg = NULL;
+ int err = -ENOMEM;
+
+ reg = kmalloc(sizeof(*reg), GFP_ATOMIC);
+ if (!reg)
+ goto out;
+
+ int_urb = usb_alloc_urb(0, GFP_ATOMIC);
+ if (!int_urb)
+ goto out;
+
+ data_urb = usb_alloc_urb(0, GFP_ATOMIC);
+ if (!data_urb)
+ goto out;
+
+ reg->port = cpu_to_le16(NET2280_DEV_U32);
+ reg->addr = cpu_to_le32(P54U_DEV_BASE);
+ reg->val = cpu_to_le32(ISL38XX_DEV_INT_DATA);
+
+ memset(hdr, 0, sizeof(*hdr));
+ hdr->len = cpu_to_le16(skb->len);
+ hdr->device_addr = ((struct p54_hdr *) skb->data)->req_id;
+
+ usb_fill_bulk_urb(int_urb, priv->udev,
+ usb_sndbulkpipe(priv->udev, P54U_PIPE_DEV), reg, sizeof(*reg),
+ p54u_tx_dummy_cb, dev);
+
+ /*
+ * URB_FREE_BUFFER triggers a code path in the USB subsystem that will
+ * free what is inside the transfer_buffer after the last reference to
+ * the int_urb is dropped.
+ */
+ int_urb->transfer_flags |= URB_FREE_BUFFER | URB_ZERO_PACKET;
+ reg = NULL;
+
+ usb_fill_bulk_urb(data_urb, priv->udev,
+ usb_sndbulkpipe(priv->udev, P54U_PIPE_DATA),
+ hdr, skb->len + sizeof(*hdr), FREE_AFTER_TX(skb) ?
+ p54u_tx_cb : p54u_tx_dummy_cb, skb);
+ data_urb->transfer_flags |= URB_ZERO_PACKET;
+
+ usb_anchor_urb(int_urb, &priv->submitted);
+ err = usb_submit_urb(int_urb, GFP_ATOMIC);
+ if (err) {
+ usb_unanchor_urb(int_urb);
+ goto out;
+ }
+
+ usb_anchor_urb(data_urb, &priv->submitted);
+ err = usb_submit_urb(data_urb, GFP_ATOMIC);
+ if (err) {
+ usb_unanchor_urb(data_urb);
+ goto out;
+ }
+out:
+ usb_free_urb(int_urb);
+ usb_free_urb(data_urb);
+
+ if (err) {
+ kfree(reg);
+ p54_free_skb(dev, skb);
+ }
+}
+
+static int p54u_write(struct p54u_priv *priv,
+ struct net2280_reg_write *buf,
+ enum net2280_op_type type,
+ __le32 addr, __le32 val)
+{
+ unsigned int ep;
+ int alen;
+
+ if (type & 0x0800)
+ ep = usb_sndbulkpipe(priv->udev, P54U_PIPE_DEV);
+ else
+ ep = usb_sndbulkpipe(priv->udev, P54U_PIPE_BRG);
+
+ buf->port = cpu_to_le16(type);
+ buf->addr = addr;
+ buf->val = val;
+
+ return usb_bulk_msg(priv->udev, ep, buf, sizeof(*buf), &alen, 1000);
+}
+
+static int p54u_read(struct p54u_priv *priv, void *buf,
+ enum net2280_op_type type,
+ __le32 addr, __le32 *val)
+{
+ struct net2280_reg_read *read = buf;
+ __le32 *reg = buf;
+ unsigned int ep;
+ int alen, err;
+
+ if (type & 0x0800)
+ ep = P54U_PIPE_DEV;
+ else
+ ep = P54U_PIPE_BRG;
+
+ read->port = cpu_to_le16(type);
+ read->addr = addr;
+
+ err = usb_bulk_msg(priv->udev, usb_sndbulkpipe(priv->udev, ep),
+ read, sizeof(*read), &alen, 1000);
+ if (err)
+ return err;
+
+ err = usb_bulk_msg(priv->udev, usb_rcvbulkpipe(priv->udev, ep),
+ reg, sizeof(*reg), &alen, 1000);
+ if (err)
+ return err;
+
+ *val = *reg;
+ return 0;
+}
+
+static int p54u_bulk_msg(struct p54u_priv *priv, unsigned int ep,
+ void *data, size_t len)
+{
+ int alen;
+ return usb_bulk_msg(priv->udev, usb_sndbulkpipe(priv->udev, ep),
+ data, len, &alen, 2000);
+}
+
+static int p54u_device_reset(struct ieee80211_hw *dev)
+{
+ struct p54u_priv *priv = dev->priv;
+ int ret, lock = (priv->intf->condition != USB_INTERFACE_BINDING);
+
+ if (lock) {
+ ret = usb_lock_device_for_reset(priv->udev, priv->intf);
+ if (ret < 0) {
+ dev_err(&priv->udev->dev, "(p54usb) unable to lock "
+ "device for reset (%d)!\n", ret);
+ return ret;
+ }
+ }
+
+ ret = usb_reset_device(priv->udev);
+ if (lock)
+ usb_unlock_device(priv->udev);
+
+ if (ret)
+ dev_err(&priv->udev->dev, "(p54usb) unable to reset "
+ "device (%d)!\n", ret);
+
+ return ret;
+}
+
+static const char p54u_romboot_3887[] = "~~~~";
+static int p54u_firmware_reset_3887(struct ieee80211_hw *dev)
+{
+ struct p54u_priv *priv = dev->priv;
+ u8 *buf;
+ int ret;
+
+ buf = kmemdup(p54u_romboot_3887, 4, GFP_KERNEL);
+ if (!buf)
+ return -ENOMEM;
+ ret = p54u_bulk_msg(priv, P54U_PIPE_DATA,
+ buf, 4);
+ kfree(buf);
+ if (ret)
+ dev_err(&priv->udev->dev, "(p54usb) unable to jump to "
+ "boot ROM (%d)!\n", ret);
+
+ return ret;
+}
+
+static const char p54u_firmware_upload_3887[] = "<\r";
+static int p54u_upload_firmware_3887(struct ieee80211_hw *dev)
+{
+ struct p54u_priv *priv = dev->priv;
+ int err, alen;
+ u8 carry = 0;
+ u8 *buf, *tmp;
+ const u8 *data;
+ unsigned int left, remains, block_size;
+ struct x2_header *hdr;
+ unsigned long timeout;
+
+ err = p54u_firmware_reset_3887(dev);
+ if (err)
+ return err;
+
+ tmp = buf = kmalloc(P54U_FW_BLOCK, GFP_KERNEL);
+ if (!buf)
+ return -ENOMEM;
+
+ left = block_size = min_t(size_t, P54U_FW_BLOCK, priv->fw->size);
+ strcpy(buf, p54u_firmware_upload_3887);
+ left -= strlen(p54u_firmware_upload_3887);
+ tmp += strlen(p54u_firmware_upload_3887);
+
+ data = priv->fw->data;
+ remains = priv->fw->size;
+
+ hdr = (struct x2_header *)(buf + strlen(p54u_firmware_upload_3887));
+ memcpy(hdr->signature, X2_SIGNATURE, X2_SIGNATURE_SIZE);
+ hdr->fw_load_addr = cpu_to_le32(ISL38XX_DEV_FIRMWARE_ADDR);
+ hdr->fw_length = cpu_to_le32(priv->fw->size);
+ hdr->crc = cpu_to_le32(~crc32_le(~0, (void *)&hdr->fw_load_addr,
+ sizeof(u32)*2));
+ left -= sizeof(*hdr);
+ tmp += sizeof(*hdr);
+
+ while (remains) {
+ while (left--) {
+ if (carry) {
+ *tmp++ = carry;
+ carry = 0;
+ remains--;
+ continue;
+ }
+ switch (*data) {
+ case '~':
+ *tmp++ = '}';
+ carry = '^';
+ break;
+ case '}':
+ *tmp++ = '}';
+ carry = ']';
+ break;
+ default:
+ *tmp++ = *data;
+ remains--;
+ break;
+ }
+ data++;
+ }
+
+ err = p54u_bulk_msg(priv, P54U_PIPE_DATA, buf, block_size);
+ if (err) {
+ dev_err(&priv->udev->dev, "(p54usb) firmware "
+ "upload failed!\n");
+ goto err_upload_failed;
+ }
+
+ tmp = buf;
+ left = block_size = min((unsigned int)P54U_FW_BLOCK, remains);
+ }
+
+ *((__le32 *)buf) = cpu_to_le32(~crc32_le(~0, priv->fw->data,
+ priv->fw->size));
+ err = p54u_bulk_msg(priv, P54U_PIPE_DATA, buf, sizeof(u32));
+ if (err) {
+ dev_err(&priv->udev->dev, "(p54usb) firmware upload failed!\n");
+ goto err_upload_failed;
+ }
+ timeout = jiffies + msecs_to_jiffies(1000);
+ while (!(err = usb_bulk_msg(priv->udev,
+ usb_rcvbulkpipe(priv->udev, P54U_PIPE_DATA), buf, 128, &alen, 1000))) {
+ if (alen > 2 && !memcmp(buf, "OK", 2))
+ break;
+
+ if (alen > 5 && !memcmp(buf, "ERROR", 5)) {
+ err = -EINVAL;
+ break;
+ }
+
+ if (time_after(jiffies, timeout)) {
+ dev_err(&priv->udev->dev, "(p54usb) firmware boot "
+ "timed out!\n");
+ err = -ETIMEDOUT;
+ break;
+ }
+ }
+ if (err) {
+ dev_err(&priv->udev->dev, "(p54usb) firmware upload failed!\n");
+ goto err_upload_failed;
+ }
+
+ buf[0] = 'g';
+ buf[1] = '\r';
+ err = p54u_bulk_msg(priv, P54U_PIPE_DATA, buf, 2);
+ if (err) {
+ dev_err(&priv->udev->dev, "(p54usb) firmware boot failed!\n");
+ goto err_upload_failed;
+ }
+
+ timeout = jiffies + msecs_to_jiffies(1000);
+ while (!(err = usb_bulk_msg(priv->udev,
+ usb_rcvbulkpipe(priv->udev, P54U_PIPE_DATA), buf, 128, &alen, 1000))) {
+ if (alen > 0 && buf[0] == 'g')
+ break;
+
+ if (time_after(jiffies, timeout)) {
+ err = -ETIMEDOUT;
+ break;
+ }
+ }
+ if (err)
+ goto err_upload_failed;
+
+err_upload_failed:
+ kfree(buf);
+ return err;
+}
+
+static int p54u_upload_firmware_net2280(struct ieee80211_hw *dev)
+{
+ struct p54u_priv *priv = dev->priv;
+ const struct p54p_csr *devreg = (const struct p54p_csr *) P54U_DEV_BASE;
+ int err, alen;
+ void *buf;
+ __le32 reg;
+ unsigned int remains, offset;
+ const u8 *data;
+
+ buf = kmalloc(512, GFP_KERNEL);
+ if (!buf)
+ return -ENOMEM;
+
+#define P54U_WRITE(type, addr, data) \
+ do {\
+ err = p54u_write(priv, buf, type,\
+ cpu_to_le32((u32)(unsigned long)addr), data);\
+ if (err) \
+ goto fail;\
+ } while (0)
+
+#define P54U_READ(type, addr) \
+ do {\
+ err = p54u_read(priv, buf, type,\
+ cpu_to_le32((u32)(unsigned long)addr), &reg);\
+ if (err)\
+ goto fail;\
+ } while (0)
+
+ /* power down net2280 bridge */
+ P54U_READ(NET2280_BRG_U32, NET2280_GPIOCTL);
+ reg |= cpu_to_le32(P54U_BRG_POWER_DOWN);
+ reg &= cpu_to_le32(~P54U_BRG_POWER_UP);
+ P54U_WRITE(NET2280_BRG_U32, NET2280_GPIOCTL, reg);
+
+ mdelay(100);
+
+ /* power up bridge */
+ reg |= cpu_to_le32(P54U_BRG_POWER_UP);
+ reg &= cpu_to_le32(~P54U_BRG_POWER_DOWN);
+ P54U_WRITE(NET2280_BRG_U32, NET2280_GPIOCTL, reg);
+
+ mdelay(100);
+
+ P54U_WRITE(NET2280_BRG_U32, NET2280_DEVINIT,
+ cpu_to_le32(NET2280_CLK_30Mhz |
+ NET2280_PCI_ENABLE |
+ NET2280_PCI_SOFT_RESET));
+
+ mdelay(20);
+
+ P54U_WRITE(NET2280_BRG_CFG_U16, PCI_COMMAND,
+ cpu_to_le32(PCI_COMMAND_MEMORY |
+ PCI_COMMAND_MASTER));
+
+ P54U_WRITE(NET2280_BRG_CFG_U32, PCI_BASE_ADDRESS_0,
+ cpu_to_le32(NET2280_BASE));
+
+ P54U_READ(NET2280_BRG_CFG_U16, PCI_STATUS);
+ reg |= cpu_to_le32(PCI_STATUS_REC_MASTER_ABORT);
+ P54U_WRITE(NET2280_BRG_CFG_U16, PCI_STATUS, reg);
+
+ // TODO: we really need this?
+ P54U_READ(NET2280_BRG_U32, NET2280_RELNUM);
+
+ P54U_WRITE(NET2280_BRG_U32, NET2280_EPA_RSP,
+ cpu_to_le32(NET2280_CLEAR_NAK_OUT_PACKETS_MODE));
+ P54U_WRITE(NET2280_BRG_U32, NET2280_EPC_RSP,
+ cpu_to_le32(NET2280_CLEAR_NAK_OUT_PACKETS_MODE));
+
+ P54U_WRITE(NET2280_BRG_CFG_U32, PCI_BASE_ADDRESS_2,
+ cpu_to_le32(NET2280_BASE2));
+
+ /* finally done setting up the bridge */
+
+ P54U_WRITE(NET2280_DEV_CFG_U16, 0x10000 | PCI_COMMAND,
+ cpu_to_le32(PCI_COMMAND_MEMORY |
+ PCI_COMMAND_MASTER));
+
+ P54U_WRITE(NET2280_DEV_CFG_U16, 0x10000 | 0x40 /* TRDY timeout */, 0);
+ P54U_WRITE(NET2280_DEV_CFG_U32, 0x10000 | PCI_BASE_ADDRESS_0,
+ cpu_to_le32(P54U_DEV_BASE));
+
+ P54U_WRITE(NET2280_BRG_U32, NET2280_USBIRQENB1, 0);
+ P54U_WRITE(NET2280_BRG_U32, NET2280_IRQSTAT1,
+ cpu_to_le32(NET2280_PCI_INTA_INTERRUPT));
+
+ /* do romboot */
+ P54U_WRITE(NET2280_DEV_U32, &devreg->int_enable, 0);
+
+ P54U_READ(NET2280_DEV_U32, &devreg->ctrl_stat);
+ reg &= cpu_to_le32(~ISL38XX_CTRL_STAT_RESET);
+ reg &= cpu_to_le32(~ISL38XX_CTRL_STAT_RAMBOOT);
+ reg &= cpu_to_le32(~ISL38XX_CTRL_STAT_CLKRUN);
+ P54U_WRITE(NET2280_DEV_U32, &devreg->ctrl_stat, reg);
+
+ mdelay(20);
+
+ reg |= cpu_to_le32(ISL38XX_CTRL_STAT_RESET);
+ P54U_WRITE(NET2280_DEV_U32, &devreg->ctrl_stat, reg);
+
+ mdelay(20);
+
+ reg &= cpu_to_le32(~ISL38XX_CTRL_STAT_RESET);
+ P54U_WRITE(NET2280_DEV_U32, &devreg->ctrl_stat, reg);
+
+ mdelay(100);
+
+ P54U_READ(NET2280_DEV_U32, &devreg->int_ident);
+ P54U_WRITE(NET2280_DEV_U32, &devreg->int_ack, reg);
+
+ /* finally, we can upload firmware now! */
+ remains = priv->fw->size;
+ data = priv->fw->data;
+ offset = ISL38XX_DEV_FIRMWARE_ADDR;
+
+ while (remains) {
+ unsigned int block_len = min(remains, (unsigned int)512);
+ memcpy(buf, data, block_len);
+
+ err = p54u_bulk_msg(priv, P54U_PIPE_DATA, buf, block_len);
+ if (err) {
+ dev_err(&priv->udev->dev, "(p54usb) firmware block "
+ "upload failed\n");
+ goto fail;
+ }
+
+ P54U_WRITE(NET2280_DEV_U32, &devreg->direct_mem_base,
+ cpu_to_le32(0xc0000f00));
+
+ P54U_WRITE(NET2280_DEV_U32,
+ 0x0020 | (unsigned long)&devreg->direct_mem_win, 0);
+ P54U_WRITE(NET2280_DEV_U32,
+ 0x0020 | (unsigned long)&devreg->direct_mem_win,
+ cpu_to_le32(1));
+
+ P54U_WRITE(NET2280_DEV_U32,
+ 0x0024 | (unsigned long)&devreg->direct_mem_win,
+ cpu_to_le32(block_len));
+ P54U_WRITE(NET2280_DEV_U32,
+ 0x0028 | (unsigned long)&devreg->direct_mem_win,
+ cpu_to_le32(offset));
+
+ P54U_WRITE(NET2280_DEV_U32, &devreg->dma_addr,
+ cpu_to_le32(NET2280_EPA_FIFO_PCI_ADDR));
+ P54U_WRITE(NET2280_DEV_U32, &devreg->dma_len,
+ cpu_to_le32(block_len >> 2));
+ P54U_WRITE(NET2280_DEV_U32, &devreg->dma_ctrl,
+ cpu_to_le32(ISL38XX_DMA_MASTER_CONTROL_TRIGGER));
+
+ mdelay(10);
+
+ P54U_READ(NET2280_DEV_U32,
+ 0x002C | (unsigned long)&devreg->direct_mem_win);
+ if (!(reg & cpu_to_le32(ISL38XX_DMA_STATUS_DONE)) ||
+ !(reg & cpu_to_le32(ISL38XX_DMA_STATUS_READY))) {
+ dev_err(&priv->udev->dev, "(p54usb) firmware DMA "
+ "transfer failed\n");
+ goto fail;
+ }
+
+ P54U_WRITE(NET2280_BRG_U32, NET2280_EPA_STAT,
+ cpu_to_le32(NET2280_FIFO_FLUSH));
+
+ remains -= block_len;
+ data += block_len;
+ offset += block_len;
+ }
+
+ /* do ramboot */
+ P54U_READ(NET2280_DEV_U32, &devreg->ctrl_stat);
+ reg &= cpu_to_le32(~ISL38XX_CTRL_STAT_RESET);
+ reg &= cpu_to_le32(~ISL38XX_CTRL_STAT_CLKRUN);
+ reg |= cpu_to_le32(ISL38XX_CTRL_STAT_RAMBOOT);
+ P54U_WRITE(NET2280_DEV_U32, &devreg->ctrl_stat, reg);
+
+ mdelay(20);
+
+ reg |= cpu_to_le32(ISL38XX_CTRL_STAT_RESET);
+ P54U_WRITE(NET2280_DEV_U32, &devreg->ctrl_stat, reg);
+
+ reg &= cpu_to_le32(~ISL38XX_CTRL_STAT_RESET);
+ P54U_WRITE(NET2280_DEV_U32, &devreg->ctrl_stat, reg);
+
+ mdelay(100);
+
+ P54U_READ(NET2280_DEV_U32, &devreg->int_ident);
+ P54U_WRITE(NET2280_DEV_U32, &devreg->int_ack, reg);
+
+ /* start up the firmware */
+ P54U_WRITE(NET2280_DEV_U32, &devreg->int_enable,
+ cpu_to_le32(ISL38XX_INT_IDENT_INIT));
+
+ P54U_WRITE(NET2280_BRG_U32, NET2280_IRQSTAT1,
+ cpu_to_le32(NET2280_PCI_INTA_INTERRUPT));
+
+ P54U_WRITE(NET2280_BRG_U32, NET2280_USBIRQENB1,
+ cpu_to_le32(NET2280_PCI_INTA_INTERRUPT_ENABLE |
+ NET2280_USB_INTERRUPT_ENABLE));
+
+ P54U_WRITE(NET2280_DEV_U32, &devreg->dev_int,
+ cpu_to_le32(ISL38XX_DEV_INT_RESET));
+
+ err = usb_interrupt_msg(priv->udev,
+ usb_rcvbulkpipe(priv->udev, P54U_PIPE_INT),
+ buf, sizeof(__le32), &alen, 1000);
+ if (err || alen != sizeof(__le32))
+ goto fail;
+
+ P54U_READ(NET2280_DEV_U32, &devreg->int_ident);
+ P54U_WRITE(NET2280_DEV_U32, &devreg->int_ack, reg);
+
+ if (!(reg & cpu_to_le32(ISL38XX_INT_IDENT_INIT)))
+ err = -EINVAL;
+
+ P54U_WRITE(NET2280_BRG_U32, NET2280_USBIRQENB1, 0);
+ P54U_WRITE(NET2280_BRG_U32, NET2280_IRQSTAT1,
+ cpu_to_le32(NET2280_PCI_INTA_INTERRUPT));
+
+#undef P54U_WRITE
+#undef P54U_READ
+
+fail:
+ kfree(buf);
+ return err;
+}
+
+static int p54_find_type(struct p54u_priv *priv)
+{
+ int i;
+
+ for (i = 0; i < __NUM_P54U_HWTYPES; i++)
+ if (p54u_fwlist[i].type == priv->hw_type)
+ break;
+ if (i == __NUM_P54U_HWTYPES)
+ return -EOPNOTSUPP;
+
+ return i;
+}
+
+static int p54u_start_ops(struct p54u_priv *priv)
+{
+ struct ieee80211_hw *dev = priv->common.hw;
+ int ret;
+
+ ret = p54_parse_firmware(dev, priv->fw);
+ if (ret)
+ goto err_out;
+
+ ret = p54_find_type(priv);
+ if (ret < 0)
+ goto err_out;
+
+ if (priv->common.fw_interface != p54u_fwlist[ret].intf) {
+ dev_err(&priv->udev->dev, "wrong firmware, please get "
+ "a firmware for \"%s\" and try again.\n",
+ p54u_fwlist[ret].hw);
+ ret = -ENODEV;
+ goto err_out;
+ }
+
+ ret = priv->upload_fw(dev);
+ if (ret)
+ goto err_out;
+
+ ret = p54u_open(dev);
+ if (ret)
+ goto err_out;
+
+ ret = p54_read_eeprom(dev);
+ if (ret)
+ goto err_stop;
+
+ p54u_stop(dev);
+
+ ret = p54_register_common(dev, &priv->udev->dev);
+ if (ret)
+ goto err_stop;
+
+ return 0;
+
+err_stop:
+ p54u_stop(dev);
+
+err_out:
+ /*
+ * p54u_disconnect will do the rest of the
+ * cleanup
+ */
+ return ret;
+}
+
+static void p54u_load_firmware_cb(const struct firmware *firmware,
+ void *context)
+{
+ struct p54u_priv *priv = context;
+ struct usb_device *udev = priv->udev;
+ struct usb_interface *intf = priv->intf;
+ int err;
+
+ if (firmware) {
+ priv->fw = firmware;
+ err = p54u_start_ops(priv);
+ } else {
+ err = -ENOENT;
+ dev_err(&udev->dev, "Firmware not found.\n");
+ }
+
+ complete(&priv->fw_wait_load);
+ /*
+ * At this point p54u_disconnect may have already freed
+ * the "priv" context. Do not use it anymore!
+ */
+ priv = NULL;
+
+ if (err) {
+ dev_err(&intf->dev, "failed to initialize device (%d)\n", err);
+
+ usb_lock_device(udev);
+ usb_driver_release_interface(&p54u_driver, intf);
+ usb_unlock_device(udev);
+ }
+
+ usb_put_intf(intf);
+}
+
+static int p54u_load_firmware(struct ieee80211_hw *dev,
+ struct usb_interface *intf)
+{
+ struct usb_device *udev = interface_to_usbdev(intf);
+ struct p54u_priv *priv = dev->priv;
+ struct device *device = &udev->dev;
+ int err, i;
+
+ BUILD_BUG_ON(ARRAY_SIZE(p54u_fwlist) != __NUM_P54U_HWTYPES);
+
+ init_completion(&priv->fw_wait_load);
+ i = p54_find_type(priv);
+ if (i < 0)
+ return i;
+
+ dev_info(&priv->udev->dev, "Loading firmware file %s\n",
+ p54u_fwlist[i].fw);
+
+ usb_get_intf(intf);
+ err = request_firmware_nowait(THIS_MODULE, 1, p54u_fwlist[i].fw,
+ device, GFP_KERNEL, priv,
+ p54u_load_firmware_cb);
+ if (err) {
+ dev_err(&priv->udev->dev, "(p54usb) cannot load firmware %s "
+ "(%d)!\n", p54u_fwlist[i].fw, err);
+ usb_put_intf(intf);
+ }
+
+ return err;
+}
+
+static int p54u_probe(struct usb_interface *intf,
+ const struct usb_device_id *id)
+{
+ struct usb_device *udev = interface_to_usbdev(intf);
+ struct ieee80211_hw *dev;
+ struct p54u_priv *priv;
+ int err;
+ unsigned int i, recognized_pipes;
+
+ dev = p54_init_common(sizeof(*priv));
+
+ if (!dev) {
+ dev_err(&udev->dev, "(p54usb) ieee80211 alloc failed\n");
+ return -ENOMEM;
+ }
+
+ priv = dev->priv;
+ priv->hw_type = P54U_INVALID_HW;
+
+ SET_IEEE80211_DEV(dev, &intf->dev);
+ usb_set_intfdata(intf, dev);
+ priv->udev = udev;
+ priv->intf = intf;
+ skb_queue_head_init(&priv->rx_queue);
+ init_usb_anchor(&priv->submitted);
+
+ /* really lazy and simple way of figuring out if we're a 3887 */
+ /* TODO: should just stick the identification in the device table */
+ i = intf->altsetting->desc.bNumEndpoints;
+ recognized_pipes = 0;
+ while (i--) {
+ switch (intf->altsetting->endpoint[i].desc.bEndpointAddress) {
+ case P54U_PIPE_DATA:
+ case P54U_PIPE_MGMT:
+ case P54U_PIPE_BRG:
+ case P54U_PIPE_DEV:
+ case P54U_PIPE_DATA | USB_DIR_IN:
+ case P54U_PIPE_MGMT | USB_DIR_IN:
+ case P54U_PIPE_BRG | USB_DIR_IN:
+ case P54U_PIPE_DEV | USB_DIR_IN:
+ case P54U_PIPE_INT | USB_DIR_IN:
+ recognized_pipes++;
+ }
+ }
+ priv->common.open = p54u_open;
+ priv->common.stop = p54u_stop;
+ if (recognized_pipes < P54U_PIPE_NUMBER) {
+#ifdef CONFIG_PM
+ /* ISL3887 needs a full reset on resume */
+ udev->reset_resume = 1;
+#endif /* CONFIG_PM */
+ err = p54u_device_reset(dev);
+
+ priv->hw_type = P54U_3887;
+ dev->extra_tx_headroom += sizeof(struct lm87_tx_hdr);
+ priv->common.tx_hdr_len = sizeof(struct lm87_tx_hdr);
+ priv->common.tx = p54u_tx_lm87;
+ priv->upload_fw = p54u_upload_firmware_3887;
+ } else {
+ priv->hw_type = P54U_NET2280;
+ dev->extra_tx_headroom += sizeof(struct net2280_tx_hdr);
+ priv->common.tx_hdr_len = sizeof(struct net2280_tx_hdr);
+ priv->common.tx = p54u_tx_net2280;
+ priv->upload_fw = p54u_upload_firmware_net2280;
+ }
+ err = p54u_load_firmware(dev, intf);
+ if (err)
+ p54_free_common(dev);
+ return err;
+}
+
+static void p54u_disconnect(struct usb_interface *intf)
+{
+ struct ieee80211_hw *dev = usb_get_intfdata(intf);
+ struct p54u_priv *priv;
+
+ if (!dev)
+ return;
+
+ priv = dev->priv;
+ wait_for_completion(&priv->fw_wait_load);
+ p54_unregister_common(dev);
+
+ release_firmware(priv->fw);
+ p54_free_common(dev);
+}
+
+static int p54u_pre_reset(struct usb_interface *intf)
+{
+ struct ieee80211_hw *dev = usb_get_intfdata(intf);
+
+ if (!dev)
+ return -ENODEV;
+
+ p54u_stop(dev);
+ return 0;
+}
+
+static int p54u_resume(struct usb_interface *intf)
+{
+ struct ieee80211_hw *dev = usb_get_intfdata(intf);
+ struct p54u_priv *priv;
+
+ if (!dev)
+ return -ENODEV;
+
+ priv = dev->priv;
+ if (unlikely(!(priv->upload_fw && priv->fw)))
+ return 0;
+
+ return priv->upload_fw(dev);
+}
+
+static int p54u_post_reset(struct usb_interface *intf)
+{
+ struct ieee80211_hw *dev = usb_get_intfdata(intf);
+ struct p54u_priv *priv;
+ int err;
+
+ err = p54u_resume(intf);
+ if (err)
+ return err;
+
+ /* reinitialize old device state */
+ priv = dev->priv;
+ if (priv->common.mode != NL80211_IFTYPE_UNSPECIFIED)
+ ieee80211_restart_hw(dev);
+
+ return 0;
+}
+
+#ifdef CONFIG_PM
+
+static int p54u_suspend(struct usb_interface *intf, pm_message_t message)
+{
+ return p54u_pre_reset(intf);
+}
+
+#endif /* CONFIG_PM */
+
+static struct usb_driver p54u_driver = {
+ .name = "p54usb",
+ .id_table = p54u_table,
+ .probe = p54u_probe,
+ .disconnect = p54u_disconnect,
+ .pre_reset = p54u_pre_reset,
+ .post_reset = p54u_post_reset,
+#ifdef CONFIG_PM
+ .suspend = p54u_suspend,
+ .resume = p54u_resume,
+ .reset_resume = p54u_resume,
+#endif /* CONFIG_PM */
+ .soft_unbind = 1,
+ .disable_hub_initiated_lpm = 1,
+};
+
+module_usb_driver(p54u_driver);
diff --git a/drivers/net/wireless/intersil/p54/p54usb.h b/drivers/net/wireless/intersil/p54/p54usb.h
new file mode 100644
index 000000000..b2d1bce1b
--- /dev/null
+++ b/drivers/net/wireless/intersil/p54/p54usb.h
@@ -0,0 +1,159 @@
+/* SPDX-License-Identifier: GPL-2.0-only */
+#ifndef P54USB_H
+#define P54USB_H
+
+/*
+ * Defines for USB based mac80211 Prism54 driver
+ *
+ * Copyright (c) 2006, Michael Wu <flamingice@sourmilk.net>
+ *
+ * Based on the islsm (softmac prism54) driver, which is:
+ * Copyright 2004-2006 Jean-Baptiste Note <jbnote@gmail.com>, et al.
+ */
+
+/* for isl3886 register definitions used on ver 1 devices */
+#include "p54pci.h"
+#include <linux/usb/net2280.h>
+
+/* pci */
+#define NET2280_BASE 0x10000000
+#define NET2280_BASE2 0x20000000
+
+/* gpio */
+#define P54U_BRG_POWER_UP (1 << GPIO0_DATA)
+#define P54U_BRG_POWER_DOWN (1 << GPIO1_DATA)
+
+/* devinit */
+#define NET2280_CLK_4Mhz (15 << LOCAL_CLOCK_FREQUENCY)
+#define NET2280_CLK_30Mhz (2 << LOCAL_CLOCK_FREQUENCY)
+#define NET2280_CLK_60Mhz (1 << LOCAL_CLOCK_FREQUENCY)
+#define NET2280_CLK_STOP (0 << LOCAL_CLOCK_FREQUENCY)
+#define NET2280_PCI_ENABLE (1 << PCI_ENABLE)
+#define NET2280_PCI_SOFT_RESET (1 << PCI_SOFT_RESET)
+
+/* endpoints */
+#define NET2280_CLEAR_NAK_OUT_PACKETS_MODE (1 << CLEAR_NAK_OUT_PACKETS_MODE)
+#define NET2280_FIFO_FLUSH (1 << FIFO_FLUSH)
+
+/* irq */
+#define NET2280_USB_INTERRUPT_ENABLE (1 << USB_INTERRUPT_ENABLE)
+#define NET2280_PCI_INTA_INTERRUPT (1 << PCI_INTA_INTERRUPT)
+#define NET2280_PCI_INTA_INTERRUPT_ENABLE (1 << PCI_INTA_INTERRUPT_ENABLE)
+
+/* registers */
+#define NET2280_DEVINIT 0x00
+#define NET2280_USBIRQENB1 0x24
+#define NET2280_IRQSTAT1 0x2c
+#define NET2280_FIFOCTL 0x38
+#define NET2280_GPIOCTL 0x50
+#define NET2280_RELNUM 0x88
+#define NET2280_EPA_RSP 0x324
+#define NET2280_EPA_STAT 0x32c
+#define NET2280_EPB_STAT 0x34c
+#define NET2280_EPC_RSP 0x364
+#define NET2280_EPC_STAT 0x36c
+#define NET2280_EPD_STAT 0x38c
+
+#define NET2280_EPA_CFG 0x320
+#define NET2280_EPB_CFG 0x340
+#define NET2280_EPC_CFG 0x360
+#define NET2280_EPD_CFG 0x380
+#define NET2280_EPE_CFG 0x3A0
+#define NET2280_EPF_CFG 0x3C0
+#define P54U_DEV_BASE 0x40000000
+
+struct net2280_tx_hdr {
+ __le32 device_addr;
+ __le16 len;
+ __le16 follower; /* ? */
+ u8 padding[8];
+} __packed;
+
+struct lm87_tx_hdr {
+ __le32 device_addr;
+ __le32 chksum;
+} __packed;
+
+/* Some flags for the isl hardware registers controlling DMA inside the
+ * chip */
+#define ISL38XX_DMA_STATUS_DONE 0x00000001
+#define ISL38XX_DMA_STATUS_READY 0x00000002
+#define NET2280_EPA_FIFO_PCI_ADDR 0x20000000
+#define ISL38XX_DMA_MASTER_CONTROL_TRIGGER 0x00000004
+
+enum net2280_op_type {
+ NET2280_BRG_U32 = 0x001F,
+ NET2280_BRG_CFG_U32 = 0x000F,
+ NET2280_BRG_CFG_U16 = 0x0003,
+ NET2280_DEV_U32 = 0x080F,
+ NET2280_DEV_CFG_U32 = 0x088F,
+ NET2280_DEV_CFG_U16 = 0x0883
+};
+
+struct net2280_reg_write {
+ __le16 port;
+ __le32 addr;
+ __le32 val;
+} __packed;
+
+struct net2280_reg_read {
+ __le16 port;
+ __le32 addr;
+} __packed;
+
+#define P54U_FW_BLOCK 2048
+
+#define X2_SIGNATURE "x2 "
+#define X2_SIGNATURE_SIZE 4
+
+struct x2_header {
+ u8 signature[X2_SIGNATURE_SIZE];
+ __le32 fw_load_addr;
+ __le32 fw_length;
+ __le32 crc;
+} __packed;
+
+/* pipes 3 and 4 are not used by the driver */
+#define P54U_PIPE_NUMBER 9
+
+enum p54u_pipe_addr {
+ P54U_PIPE_DATA = 0x01,
+ P54U_PIPE_MGMT = 0x02,
+ P54U_PIPE_3 = 0x03,
+ P54U_PIPE_4 = 0x04,
+ P54U_PIPE_BRG = 0x0d,
+ P54U_PIPE_DEV = 0x0e,
+ P54U_PIPE_INT = 0x0f
+};
+
+struct p54u_rx_info {
+ struct urb *urb;
+ struct ieee80211_hw *dev;
+};
+
+enum p54u_hw_type {
+ P54U_INVALID_HW,
+ P54U_NET2280,
+ P54U_3887,
+
+ /* keep last */
+ __NUM_P54U_HWTYPES,
+};
+
+struct p54u_priv {
+ struct p54_common common;
+ struct usb_device *udev;
+ struct usb_interface *intf;
+ int (*upload_fw)(struct ieee80211_hw *dev);
+
+ enum p54u_hw_type hw_type;
+ spinlock_t lock;
+ struct sk_buff_head rx_queue;
+ struct usb_anchor submitted;
+ const struct firmware *fw;
+
+ /* asynchronous firmware callback */
+ struct completion fw_wait_load;
+};
+
+#endif /* P54USB_H */
diff --git a/drivers/net/wireless/intersil/p54/txrx.c b/drivers/net/wireless/intersil/p54/txrx.c
new file mode 100644
index 000000000..8414aa208
--- /dev/null
+++ b/drivers/net/wireless/intersil/p54/txrx.c
@@ -0,0 +1,942 @@
+// SPDX-License-Identifier: GPL-2.0-only
+/*
+ * Common code for mac80211 Prism54 drivers
+ *
+ * Copyright (c) 2006, Michael Wu <flamingice@sourmilk.net>
+ * Copyright (c) 2007-2009, Christian Lamparter <chunkeey@web.de>
+ * Copyright 2008, Johannes Berg <johannes@sipsolutions.net>
+ *
+ * Based on:
+ * - the islsm (softmac prism54) driver, which is:
+ * Copyright 2004-2006 Jean-Baptiste Note <jbnote@gmail.com>, et al.
+ * - stlc45xx driver
+ * Copyright (C) 2008 Nokia Corporation and/or its subsidiary(-ies).
+ */
+
+#include <linux/export.h>
+#include <linux/firmware.h>
+#include <linux/etherdevice.h>
+#include <asm/div64.h>
+
+#include <net/mac80211.h>
+
+#include "p54.h"
+#include "lmac.h"
+
+#ifdef P54_MM_DEBUG
+static void p54_dump_tx_queue(struct p54_common *priv)
+{
+ unsigned long flags;
+ struct ieee80211_tx_info *info;
+ struct p54_tx_info *range;
+ struct sk_buff *skb;
+ struct p54_hdr *hdr;
+ unsigned int i = 0;
+ u32 prev_addr;
+ u32 largest_hole = 0, free;
+
+ spin_lock_irqsave(&priv->tx_queue.lock, flags);
+ wiphy_debug(priv->hw->wiphy, "/ --- tx queue dump (%d entries) ---\n",
+ skb_queue_len(&priv->tx_queue));
+
+ prev_addr = priv->rx_start;
+ skb_queue_walk(&priv->tx_queue, skb) {
+ info = IEEE80211_SKB_CB(skb);
+ range = (void *) info->rate_driver_data;
+ hdr = (void *) skb->data;
+
+ free = range->start_addr - prev_addr;
+ wiphy_debug(priv->hw->wiphy,
+ "| [%02d] => [skb:%p skb_len:0x%04x "
+ "hdr:{flags:%02x len:%04x req_id:%04x type:%02x} "
+ "mem:{start:%04x end:%04x, free:%d}]\n",
+ i++, skb, skb->len,
+ le16_to_cpu(hdr->flags), le16_to_cpu(hdr->len),
+ le32_to_cpu(hdr->req_id), le16_to_cpu(hdr->type),
+ range->start_addr, range->end_addr, free);
+
+ prev_addr = range->end_addr;
+ largest_hole = max(largest_hole, free);
+ }
+ free = priv->rx_end - prev_addr;
+ largest_hole = max(largest_hole, free);
+ wiphy_debug(priv->hw->wiphy,
+ "\\ --- [free: %d], largest free block: %d ---\n",
+ free, largest_hole);
+ spin_unlock_irqrestore(&priv->tx_queue.lock, flags);
+}
+#endif /* P54_MM_DEBUG */
+
+/*
+ * So, the firmware is somewhat stupid and doesn't know what places in its
+ * memory incoming data should go to. By poking around in the firmware, we
+ * can find some unused memory to upload our packets to. However, data that we
+ * want the card to TX needs to stay intact until the card has told us that
+ * it is done with it. This function finds empty places we can upload to and
+ * marks allocated areas as reserved if necessary. p54_find_and_unlink_skb or
+ * p54_free_skb frees allocated areas.
+ */
+static int p54_assign_address(struct p54_common *priv, struct sk_buff *skb)
+{
+ struct sk_buff *entry, *target_skb = NULL;
+ struct ieee80211_tx_info *info;
+ struct p54_tx_info *range;
+ struct p54_hdr *data = (void *) skb->data;
+ unsigned long flags;
+ u32 last_addr = priv->rx_start;
+ u32 target_addr = priv->rx_start;
+ u16 len = priv->headroom + skb->len + priv->tailroom + 3;
+
+ info = IEEE80211_SKB_CB(skb);
+ range = (void *) info->rate_driver_data;
+ len = (range->extra_len + len) & ~0x3;
+
+ spin_lock_irqsave(&priv->tx_queue.lock, flags);
+ if (unlikely(skb_queue_len(&priv->tx_queue) == 32)) {
+ /*
+ * The tx_queue is now really full.
+ *
+ * TODO: check if the device has crashed and reset it.
+ */
+ spin_unlock_irqrestore(&priv->tx_queue.lock, flags);
+ return -EBUSY;
+ }
+
+ skb_queue_walk(&priv->tx_queue, entry) {
+ u32 hole_size;
+ info = IEEE80211_SKB_CB(entry);
+ range = (void *) info->rate_driver_data;
+ hole_size = range->start_addr - last_addr;
+
+ if (!target_skb && hole_size >= len) {
+ target_skb = entry->prev;
+ hole_size -= len;
+ target_addr = last_addr;
+ break;
+ }
+ last_addr = range->end_addr;
+ }
+ if (unlikely(!target_skb)) {
+ if (priv->rx_end - last_addr >= len) {
+ target_skb = skb_peek_tail(&priv->tx_queue);
+ if (target_skb) {
+ info = IEEE80211_SKB_CB(target_skb);
+ range = (void *)info->rate_driver_data;
+ target_addr = range->end_addr;
+ }
+ } else {
+ spin_unlock_irqrestore(&priv->tx_queue.lock, flags);
+ return -ENOSPC;
+ }
+ }
+
+ info = IEEE80211_SKB_CB(skb);
+ range = (void *) info->rate_driver_data;
+ range->start_addr = target_addr;
+ range->end_addr = target_addr + len;
+ data->req_id = cpu_to_le32(target_addr + priv->headroom);
+ if (IS_DATA_FRAME(skb) &&
+ unlikely(GET_HW_QUEUE(skb) == P54_QUEUE_BEACON))
+ priv->beacon_req_id = data->req_id;
+
+ if (target_skb)
+ __skb_queue_after(&priv->tx_queue, target_skb, skb);
+ else
+ __skb_queue_head(&priv->tx_queue, skb);
+ spin_unlock_irqrestore(&priv->tx_queue.lock, flags);
+ return 0;
+}
+
+static void p54_tx_pending(struct p54_common *priv)
+{
+ struct sk_buff *skb;
+ int ret;
+
+ skb = skb_dequeue(&priv->tx_pending);
+ if (unlikely(!skb))
+ return ;
+
+ ret = p54_assign_address(priv, skb);
+ if (unlikely(ret))
+ skb_queue_head(&priv->tx_pending, skb);
+ else
+ priv->tx(priv->hw, skb);
+}
+
+static void p54_wake_queues(struct p54_common *priv)
+{
+ unsigned long flags;
+ unsigned int i;
+
+ if (unlikely(priv->mode == NL80211_IFTYPE_UNSPECIFIED))
+ return ;
+
+ p54_tx_pending(priv);
+
+ spin_lock_irqsave(&priv->tx_stats_lock, flags);
+ for (i = 0; i < priv->hw->queues; i++) {
+ if (priv->tx_stats[i + P54_QUEUE_DATA].len <
+ priv->tx_stats[i + P54_QUEUE_DATA].limit)
+ ieee80211_wake_queue(priv->hw, i);
+ }
+ spin_unlock_irqrestore(&priv->tx_stats_lock, flags);
+}
+
+static int p54_tx_qos_accounting_alloc(struct p54_common *priv,
+ struct sk_buff *skb,
+ const u16 p54_queue)
+{
+ struct p54_tx_queue_stats *queue;
+ unsigned long flags;
+
+ if (WARN_ON(p54_queue >= P54_QUEUE_NUM))
+ return -EINVAL;
+
+ queue = &priv->tx_stats[p54_queue];
+
+ spin_lock_irqsave(&priv->tx_stats_lock, flags);
+ if (unlikely(queue->len >= queue->limit && IS_QOS_QUEUE(p54_queue))) {
+ spin_unlock_irqrestore(&priv->tx_stats_lock, flags);
+ return -ENOSPC;
+ }
+
+ queue->len++;
+ queue->count++;
+
+ if (unlikely(queue->len == queue->limit && IS_QOS_QUEUE(p54_queue))) {
+ u16 ac_queue = p54_queue - P54_QUEUE_DATA;
+ ieee80211_stop_queue(priv->hw, ac_queue);
+ }
+
+ spin_unlock_irqrestore(&priv->tx_stats_lock, flags);
+ return 0;
+}
+
+static void p54_tx_qos_accounting_free(struct p54_common *priv,
+ struct sk_buff *skb)
+{
+ if (IS_DATA_FRAME(skb)) {
+ unsigned long flags;
+
+ spin_lock_irqsave(&priv->tx_stats_lock, flags);
+ priv->tx_stats[GET_HW_QUEUE(skb)].len--;
+ spin_unlock_irqrestore(&priv->tx_stats_lock, flags);
+
+ if (unlikely(GET_HW_QUEUE(skb) == P54_QUEUE_BEACON)) {
+ if (priv->beacon_req_id == GET_REQ_ID(skb)) {
+ /* this is the active beacon set anymore */
+ priv->beacon_req_id = 0;
+ }
+ complete(&priv->beacon_comp);
+ }
+ }
+ p54_wake_queues(priv);
+}
+
+void p54_free_skb(struct ieee80211_hw *dev, struct sk_buff *skb)
+{
+ struct p54_common *priv = dev->priv;
+ if (unlikely(!skb))
+ return ;
+
+ skb_unlink(skb, &priv->tx_queue);
+ p54_tx_qos_accounting_free(priv, skb);
+ ieee80211_free_txskb(dev, skb);
+}
+EXPORT_SYMBOL_GPL(p54_free_skb);
+
+static struct sk_buff *p54_find_and_unlink_skb(struct p54_common *priv,
+ const __le32 req_id)
+{
+ struct sk_buff *entry;
+ unsigned long flags;
+
+ spin_lock_irqsave(&priv->tx_queue.lock, flags);
+ skb_queue_walk(&priv->tx_queue, entry) {
+ struct p54_hdr *hdr = (struct p54_hdr *) entry->data;
+
+ if (hdr->req_id == req_id) {
+ __skb_unlink(entry, &priv->tx_queue);
+ spin_unlock_irqrestore(&priv->tx_queue.lock, flags);
+ p54_tx_qos_accounting_free(priv, entry);
+ return entry;
+ }
+ }
+ spin_unlock_irqrestore(&priv->tx_queue.lock, flags);
+ return NULL;
+}
+
+void p54_tx(struct p54_common *priv, struct sk_buff *skb)
+{
+ skb_queue_tail(&priv->tx_pending, skb);
+ p54_tx_pending(priv);
+}
+
+static int p54_rssi_to_dbm(struct p54_common *priv, int rssi)
+{
+ if (priv->rxhw != 5) {
+ return ((rssi * priv->cur_rssi->mul) / 64 +
+ priv->cur_rssi->add) / 4;
+ } else {
+ /*
+ * TODO: find the correct formula
+ */
+ return rssi / 2 - 110;
+ }
+}
+
+/*
+ * Even if the firmware is capable of dealing with incoming traffic,
+ * while dozing, we have to prepared in case mac80211 uses PS-POLL
+ * to retrieve outstanding frames from our AP.
+ * (see comment in net/mac80211/mlme.c @ line 1993)
+ */
+static void p54_pspoll_workaround(struct p54_common *priv, struct sk_buff *skb)
+{
+ struct ieee80211_hdr *hdr = (void *) skb->data;
+ struct ieee80211_tim_ie *tim_ie;
+ u8 *tim;
+ u8 tim_len;
+ bool new_psm;
+
+ /* only beacons have a TIM IE */
+ if (!ieee80211_is_beacon(hdr->frame_control))
+ return;
+
+ if (!priv->aid)
+ return;
+
+ /* only consider beacons from the associated BSSID */
+ if (!ether_addr_equal_64bits(hdr->addr3, priv->bssid))
+ return;
+
+ tim = p54_find_ie(skb, WLAN_EID_TIM);
+ if (!tim)
+ return;
+
+ tim_len = tim[1];
+ tim_ie = (struct ieee80211_tim_ie *) &tim[2];
+
+ new_psm = ieee80211_check_tim(tim_ie, tim_len, priv->aid);
+ if (new_psm != priv->powersave_override) {
+ priv->powersave_override = new_psm;
+ p54_set_ps(priv);
+ }
+}
+
+static int p54_rx_data(struct p54_common *priv, struct sk_buff *skb)
+{
+ struct p54_rx_data *hdr = (struct p54_rx_data *) skb->data;
+ struct ieee80211_rx_status *rx_status = IEEE80211_SKB_RXCB(skb);
+ u16 freq = le16_to_cpu(hdr->freq);
+ size_t header_len = sizeof(*hdr);
+ u32 tsf32;
+ __le16 fc;
+ u8 rate = hdr->rate & 0xf;
+
+ /*
+ * If the device is in a unspecified state we have to
+ * ignore all data frames. Else we could end up with a
+ * nasty crash.
+ */
+ if (unlikely(priv->mode == NL80211_IFTYPE_UNSPECIFIED))
+ return 0;
+
+ if (!(hdr->flags & cpu_to_le16(P54_HDR_FLAG_DATA_IN_FCS_GOOD)))
+ return 0;
+
+ if (hdr->decrypt_status == P54_DECRYPT_OK)
+ rx_status->flag |= RX_FLAG_DECRYPTED;
+ if ((hdr->decrypt_status == P54_DECRYPT_FAIL_MICHAEL) ||
+ (hdr->decrypt_status == P54_DECRYPT_FAIL_TKIP))
+ rx_status->flag |= RX_FLAG_MMIC_ERROR;
+
+ rx_status->signal = p54_rssi_to_dbm(priv, hdr->rssi);
+ if (hdr->rate & 0x10)
+ rx_status->enc_flags |= RX_ENC_FLAG_SHORTPRE;
+ if (priv->hw->conf.chandef.chan->band == NL80211_BAND_5GHZ)
+ rx_status->rate_idx = (rate < 4) ? 0 : rate - 4;
+ else
+ rx_status->rate_idx = rate;
+
+ rx_status->freq = freq;
+ rx_status->band = priv->hw->conf.chandef.chan->band;
+ rx_status->antenna = hdr->antenna;
+
+ tsf32 = le32_to_cpu(hdr->tsf32);
+ if (tsf32 < priv->tsf_low32)
+ priv->tsf_high32++;
+ rx_status->mactime = ((u64)priv->tsf_high32) << 32 | tsf32;
+ priv->tsf_low32 = tsf32;
+
+ /* LMAC API Page 10/29 - s_lm_data_in - clock
+ * "usec accurate timestamp of hardware clock
+ * at end of frame (before OFDM SIFS EOF padding"
+ */
+ rx_status->flag |= RX_FLAG_MACTIME_END;
+
+ if (hdr->flags & cpu_to_le16(P54_HDR_FLAG_DATA_ALIGN))
+ header_len += hdr->align[0];
+
+ skb_pull(skb, header_len);
+ skb_trim(skb, le16_to_cpu(hdr->len));
+
+ fc = ((struct ieee80211_hdr *)skb->data)->frame_control;
+ if (ieee80211_is_probe_resp(fc) || ieee80211_is_beacon(fc))
+ rx_status->boottime_ns = ktime_get_boottime_ns();
+
+ if (unlikely(priv->hw->conf.flags & IEEE80211_CONF_PS))
+ p54_pspoll_workaround(priv, skb);
+
+ ieee80211_rx_irqsafe(priv->hw, skb);
+
+ ieee80211_queue_delayed_work(priv->hw, &priv->work,
+ msecs_to_jiffies(P54_STATISTICS_UPDATE));
+
+ return -1;
+}
+
+static void p54_rx_frame_sent(struct p54_common *priv, struct sk_buff *skb)
+{
+ struct p54_hdr *hdr = (struct p54_hdr *) skb->data;
+ struct p54_frame_sent *payload = (struct p54_frame_sent *) hdr->data;
+ struct ieee80211_tx_info *info;
+ struct p54_hdr *entry_hdr;
+ struct p54_tx_data *entry_data;
+ struct sk_buff *entry;
+ unsigned int pad = 0, frame_len;
+ int count, idx;
+
+ entry = p54_find_and_unlink_skb(priv, hdr->req_id);
+ if (unlikely(!entry))
+ return ;
+
+ frame_len = entry->len;
+ info = IEEE80211_SKB_CB(entry);
+ entry_hdr = (struct p54_hdr *) entry->data;
+ entry_data = (struct p54_tx_data *) entry_hdr->data;
+ priv->stats.dot11ACKFailureCount += payload->tries - 1;
+
+ /*
+ * Frames in P54_QUEUE_FWSCAN and P54_QUEUE_BEACON are
+ * generated by the driver. Therefore tx_status is bogus
+ * and we don't want to confuse the mac80211 stack.
+ */
+ if (unlikely(entry_data->hw_queue < P54_QUEUE_FWSCAN)) {
+ dev_kfree_skb_any(entry);
+ return ;
+ }
+
+ /*
+ * Clear manually, ieee80211_tx_info_clear_status would
+ * clear the counts too and we need them.
+ */
+ memset_after(&info->status, 0, rates);
+
+ if (entry_hdr->flags & cpu_to_le16(P54_HDR_FLAG_DATA_ALIGN))
+ pad = entry_data->align[0];
+
+ /* walk through the rates array and adjust the counts */
+ count = payload->tries;
+ for (idx = 0; idx < 4; idx++) {
+ if (count >= info->status.rates[idx].count) {
+ count -= info->status.rates[idx].count;
+ } else if (count > 0) {
+ info->status.rates[idx].count = count;
+ count = 0;
+ } else {
+ info->status.rates[idx].idx = -1;
+ info->status.rates[idx].count = 0;
+ }
+ }
+
+ if (!(info->flags & IEEE80211_TX_CTL_NO_ACK) &&
+ !(payload->status & P54_TX_FAILED))
+ info->flags |= IEEE80211_TX_STAT_ACK;
+ if (payload->status & P54_TX_PSM_CANCELLED)
+ info->flags |= IEEE80211_TX_STAT_TX_FILTERED;
+ info->status.ack_signal = p54_rssi_to_dbm(priv,
+ (int)payload->ack_rssi);
+
+ /* Undo all changes to the frame. */
+ switch (entry_data->key_type) {
+ case P54_CRYPTO_TKIPMICHAEL: {
+ u8 *iv = (u8 *)(entry_data->align + pad +
+ entry_data->crypt_offset);
+
+ /* Restore the original TKIP IV. */
+ iv[2] = iv[0];
+ iv[0] = iv[1];
+ iv[1] = (iv[0] | 0x20) & 0x7f; /* WEPSeed - 8.3.2.2 */
+
+ frame_len -= 12; /* remove TKIP_MMIC + TKIP_ICV */
+ break;
+ }
+ case P54_CRYPTO_AESCCMP:
+ frame_len -= 8; /* remove CCMP_MIC */
+ break;
+ case P54_CRYPTO_WEP:
+ frame_len -= 4; /* remove WEP_ICV */
+ break;
+ }
+
+ skb_trim(entry, frame_len);
+ skb_pull(entry, sizeof(*hdr) + pad + sizeof(*entry_data));
+ ieee80211_tx_status_irqsafe(priv->hw, entry);
+}
+
+static void p54_rx_eeprom_readback(struct p54_common *priv,
+ struct sk_buff *skb)
+{
+ struct p54_hdr *hdr = (struct p54_hdr *) skb->data;
+ struct p54_eeprom_lm86 *eeprom = (struct p54_eeprom_lm86 *) hdr->data;
+ struct sk_buff *tmp;
+
+ if (!priv->eeprom)
+ return ;
+
+ if (priv->fw_var >= 0x509) {
+ memcpy(priv->eeprom, eeprom->v2.data,
+ le16_to_cpu(eeprom->v2.len));
+ } else {
+ memcpy(priv->eeprom, eeprom->v1.data,
+ le16_to_cpu(eeprom->v1.len));
+ }
+
+ priv->eeprom = NULL;
+ tmp = p54_find_and_unlink_skb(priv, hdr->req_id);
+ dev_kfree_skb_any(tmp);
+ complete(&priv->eeprom_comp);
+}
+
+static void p54_rx_stats(struct p54_common *priv, struct sk_buff *skb)
+{
+ struct p54_hdr *hdr = (struct p54_hdr *) skb->data;
+ struct p54_statistics *stats = (struct p54_statistics *) hdr->data;
+ struct sk_buff *tmp;
+ struct ieee80211_channel *chan;
+ unsigned int i, rssi, tx, cca, dtime, dtotal, dcca, dtx, drssi, unit;
+ u32 tsf32;
+
+ if (unlikely(priv->mode == NL80211_IFTYPE_UNSPECIFIED))
+ return ;
+
+ tsf32 = le32_to_cpu(stats->tsf32);
+ if (tsf32 < priv->tsf_low32)
+ priv->tsf_high32++;
+ priv->tsf_low32 = tsf32;
+
+ priv->stats.dot11RTSFailureCount = le32_to_cpu(stats->rts_fail);
+ priv->stats.dot11RTSSuccessCount = le32_to_cpu(stats->rts_success);
+ priv->stats.dot11FCSErrorCount = le32_to_cpu(stats->rx_bad_fcs);
+
+ priv->noise = p54_rssi_to_dbm(priv, le32_to_cpu(stats->noise));
+
+ /*
+ * STSW450X LMAC API page 26 - 3.8 Statistics
+ * "The exact measurement period can be derived from the
+ * timestamp member".
+ */
+ dtime = tsf32 - priv->survey_raw.timestamp;
+
+ /*
+ * STSW450X LMAC API page 26 - 3.8.1 Noise histogram
+ * The LMAC samples RSSI, CCA and transmit state at regular
+ * periods (typically 8 times per 1k [as in 1024] usec).
+ */
+ cca = le32_to_cpu(stats->sample_cca);
+ tx = le32_to_cpu(stats->sample_tx);
+ rssi = 0;
+ for (i = 0; i < ARRAY_SIZE(stats->sample_noise); i++)
+ rssi += le32_to_cpu(stats->sample_noise[i]);
+
+ dcca = cca - priv->survey_raw.cached_cca;
+ drssi = rssi - priv->survey_raw.cached_rssi;
+ dtx = tx - priv->survey_raw.cached_tx;
+ dtotal = dcca + drssi + dtx;
+
+ /*
+ * update statistics when more than a second is over since the
+ * last call, or when a update is badly needed.
+ */
+ if (dtotal && (priv->update_stats || dtime >= USEC_PER_SEC) &&
+ dtime >= dtotal) {
+ priv->survey_raw.timestamp = tsf32;
+ priv->update_stats = false;
+ unit = dtime / dtotal;
+
+ if (dcca) {
+ priv->survey_raw.cca += dcca * unit;
+ priv->survey_raw.cached_cca = cca;
+ }
+ if (dtx) {
+ priv->survey_raw.tx += dtx * unit;
+ priv->survey_raw.cached_tx = tx;
+ }
+ if (drssi) {
+ priv->survey_raw.rssi += drssi * unit;
+ priv->survey_raw.cached_rssi = rssi;
+ }
+
+ /* 1024 usec / 8 times = 128 usec / time */
+ if (!(priv->phy_ps || priv->phy_idle))
+ priv->survey_raw.active += dtotal * unit;
+ else
+ priv->survey_raw.active += (dcca + dtx) * unit;
+ }
+
+ chan = priv->curchan;
+ if (chan) {
+ struct survey_info *survey = &priv->survey[chan->hw_value];
+ survey->noise = clamp(priv->noise, -128, 127);
+ survey->time = priv->survey_raw.active;
+ survey->time_tx = priv->survey_raw.tx;
+ survey->time_busy = priv->survey_raw.tx +
+ priv->survey_raw.cca;
+ do_div(survey->time, 1024);
+ do_div(survey->time_tx, 1024);
+ do_div(survey->time_busy, 1024);
+ }
+
+ tmp = p54_find_and_unlink_skb(priv, hdr->req_id);
+ dev_kfree_skb_any(tmp);
+ complete(&priv->stat_comp);
+}
+
+static void p54_rx_trap(struct p54_common *priv, struct sk_buff *skb)
+{
+ struct p54_hdr *hdr = (struct p54_hdr *) skb->data;
+ struct p54_trap *trap = (struct p54_trap *) hdr->data;
+ u16 event = le16_to_cpu(trap->event);
+ u16 freq = le16_to_cpu(trap->frequency);
+
+ switch (event) {
+ case P54_TRAP_BEACON_TX:
+ break;
+ case P54_TRAP_RADAR:
+ wiphy_info(priv->hw->wiphy, "radar (freq:%d MHz)\n", freq);
+ break;
+ case P54_TRAP_NO_BEACON:
+ if (priv->vif)
+ ieee80211_beacon_loss(priv->vif);
+ break;
+ case P54_TRAP_SCAN:
+ break;
+ case P54_TRAP_TBTT:
+ break;
+ case P54_TRAP_TIMER:
+ break;
+ case P54_TRAP_FAA_RADIO_OFF:
+ wiphy_rfkill_set_hw_state(priv->hw->wiphy, true);
+ break;
+ case P54_TRAP_FAA_RADIO_ON:
+ wiphy_rfkill_set_hw_state(priv->hw->wiphy, false);
+ break;
+ default:
+ wiphy_info(priv->hw->wiphy, "received event:%x freq:%d\n",
+ event, freq);
+ break;
+ }
+}
+
+static int p54_rx_control(struct p54_common *priv, struct sk_buff *skb)
+{
+ struct p54_hdr *hdr = (struct p54_hdr *) skb->data;
+
+ switch (le16_to_cpu(hdr->type)) {
+ case P54_CONTROL_TYPE_TXDONE:
+ p54_rx_frame_sent(priv, skb);
+ break;
+ case P54_CONTROL_TYPE_TRAP:
+ p54_rx_trap(priv, skb);
+ break;
+ case P54_CONTROL_TYPE_BBP:
+ break;
+ case P54_CONTROL_TYPE_STAT_READBACK:
+ p54_rx_stats(priv, skb);
+ break;
+ case P54_CONTROL_TYPE_EEPROM_READBACK:
+ p54_rx_eeprom_readback(priv, skb);
+ break;
+ default:
+ wiphy_debug(priv->hw->wiphy,
+ "not handling 0x%02x type control frame\n",
+ le16_to_cpu(hdr->type));
+ break;
+ }
+ return 0;
+}
+
+/* returns zero if skb can be reused */
+int p54_rx(struct ieee80211_hw *dev, struct sk_buff *skb)
+{
+ struct p54_common *priv = dev->priv;
+ u16 type = le16_to_cpu(*((__le16 *)skb->data));
+
+ if (type & P54_HDR_FLAG_CONTROL)
+ return p54_rx_control(priv, skb);
+ else
+ return p54_rx_data(priv, skb);
+}
+EXPORT_SYMBOL_GPL(p54_rx);
+
+static void p54_tx_80211_header(struct p54_common *priv, struct sk_buff *skb,
+ struct ieee80211_tx_info *info,
+ struct ieee80211_sta *sta,
+ u8 *queue, u32 *extra_len, u16 *flags, u16 *aid,
+ bool *burst_possible)
+{
+ struct ieee80211_hdr *hdr = (struct ieee80211_hdr *)skb->data;
+
+ if (ieee80211_is_data_qos(hdr->frame_control))
+ *burst_possible = true;
+ else
+ *burst_possible = false;
+
+ if (!(info->flags & IEEE80211_TX_CTL_ASSIGN_SEQ))
+ *flags |= P54_HDR_FLAG_DATA_OUT_SEQNR;
+
+ if (info->flags & IEEE80211_TX_CTL_NO_PS_BUFFER)
+ *flags |= P54_HDR_FLAG_DATA_OUT_NOCANCEL;
+
+ if (info->flags & IEEE80211_TX_CTL_CLEAR_PS_FILT)
+ *flags |= P54_HDR_FLAG_DATA_OUT_NOCANCEL;
+
+ *queue = skb_get_queue_mapping(skb) + P54_QUEUE_DATA;
+
+ switch (priv->mode) {
+ case NL80211_IFTYPE_MONITOR:
+ /*
+ * We have to set P54_HDR_FLAG_DATA_OUT_PROMISC for
+ * every frame in promiscuous/monitor mode.
+ * see STSW45x0C LMAC API - page 12.
+ */
+ *aid = 0;
+ *flags |= P54_HDR_FLAG_DATA_OUT_PROMISC;
+ break;
+ case NL80211_IFTYPE_STATION:
+ *aid = 1;
+ break;
+ case NL80211_IFTYPE_AP:
+ case NL80211_IFTYPE_ADHOC:
+ case NL80211_IFTYPE_MESH_POINT:
+ if (info->flags & IEEE80211_TX_CTL_SEND_AFTER_DTIM) {
+ *aid = 0;
+ *queue = P54_QUEUE_CAB;
+ return;
+ }
+
+ if (unlikely(ieee80211_is_mgmt(hdr->frame_control))) {
+ if (ieee80211_is_probe_resp(hdr->frame_control)) {
+ *aid = 0;
+ *flags |= P54_HDR_FLAG_DATA_OUT_TIMESTAMP |
+ P54_HDR_FLAG_DATA_OUT_NOCANCEL;
+ return;
+ } else if (ieee80211_is_beacon(hdr->frame_control)) {
+ *aid = 0;
+
+ if (info->flags & IEEE80211_TX_CTL_INJECTED) {
+ /*
+ * Injecting beacons on top of a AP is
+ * not a good idea... nevertheless,
+ * it should be doable.
+ */
+
+ return;
+ }
+
+ *flags |= P54_HDR_FLAG_DATA_OUT_TIMESTAMP;
+ *queue = P54_QUEUE_BEACON;
+ *extra_len = IEEE80211_MAX_TIM_LEN;
+ return;
+ }
+ }
+
+ if (sta)
+ *aid = sta->aid;
+ break;
+ }
+}
+
+static u8 p54_convert_algo(u32 cipher)
+{
+ switch (cipher) {
+ case WLAN_CIPHER_SUITE_WEP40:
+ case WLAN_CIPHER_SUITE_WEP104:
+ return P54_CRYPTO_WEP;
+ case WLAN_CIPHER_SUITE_TKIP:
+ return P54_CRYPTO_TKIPMICHAEL;
+ case WLAN_CIPHER_SUITE_CCMP:
+ return P54_CRYPTO_AESCCMP;
+ default:
+ return 0;
+ }
+}
+
+void p54_tx_80211(struct ieee80211_hw *dev,
+ struct ieee80211_tx_control *control,
+ struct sk_buff *skb)
+{
+ struct p54_common *priv = dev->priv;
+ struct ieee80211_tx_info *info = IEEE80211_SKB_CB(skb);
+ struct p54_tx_info *p54info;
+ struct p54_hdr *hdr;
+ struct p54_tx_data *txhdr;
+ unsigned int padding, len, extra_len = 0;
+ int i, j, ridx;
+ u16 hdr_flags = 0, aid = 0;
+ u8 rate, queue = 0, crypt_offset = 0;
+ u8 cts_rate = 0x20;
+ u8 rc_flags;
+ u8 calculated_tries[4];
+ u8 nrates = 0, nremaining = 8;
+ bool burst_allowed = false;
+
+ p54_tx_80211_header(priv, skb, info, control->sta, &queue, &extra_len,
+ &hdr_flags, &aid, &burst_allowed);
+
+ if (p54_tx_qos_accounting_alloc(priv, skb, queue)) {
+ ieee80211_free_txskb(dev, skb);
+ return;
+ }
+
+ padding = (unsigned long)(skb->data - (sizeof(*hdr) + sizeof(*txhdr))) & 3;
+ len = skb->len;
+
+ if (info->control.hw_key) {
+ crypt_offset = ieee80211_get_hdrlen_from_skb(skb);
+ if (info->control.hw_key->cipher == WLAN_CIPHER_SUITE_TKIP) {
+ u8 *iv = (u8 *)(skb->data + crypt_offset);
+ /*
+ * The firmware excepts that the IV has to have
+ * this special format
+ */
+ iv[1] = iv[0];
+ iv[0] = iv[2];
+ iv[2] = 0;
+ }
+ }
+
+ txhdr = skb_push(skb, sizeof(*txhdr) + padding);
+ hdr = skb_push(skb, sizeof(*hdr));
+
+ if (padding)
+ hdr_flags |= P54_HDR_FLAG_DATA_ALIGN;
+ hdr->type = cpu_to_le16(aid);
+ hdr->rts_tries = info->control.rates[0].count;
+
+ /*
+ * we register the rates in perfect order, and
+ * RTS/CTS won't happen on 5 GHz
+ */
+ cts_rate = info->control.rts_cts_rate_idx;
+
+ memset(&txhdr->rateset, 0, sizeof(txhdr->rateset));
+
+ /* see how many rates got used */
+ for (i = 0; i < dev->max_rates; i++) {
+ if (info->control.rates[i].idx < 0)
+ break;
+ nrates++;
+ }
+
+ /* limit tries to 8/nrates per rate */
+ for (i = 0; i < nrates; i++) {
+ /*
+ * The magic expression here is equivalent to 8/nrates for
+ * all values that matter, but avoids division and jumps.
+ * Note that nrates can only take the values 1 through 4.
+ */
+ calculated_tries[i] = min_t(int, ((15 >> nrates) | 1) + 1,
+ info->control.rates[i].count);
+ nremaining -= calculated_tries[i];
+ }
+
+ /* if there are tries left, distribute from back to front */
+ for (i = nrates - 1; nremaining > 0 && i >= 0; i--) {
+ int tmp = info->control.rates[i].count - calculated_tries[i];
+
+ if (tmp <= 0)
+ continue;
+ /* RC requested more tries at this rate */
+
+ tmp = min_t(int, tmp, nremaining);
+ calculated_tries[i] += tmp;
+ nremaining -= tmp;
+ }
+
+ ridx = 0;
+ for (i = 0; i < nrates && ridx < 8; i++) {
+ /* we register the rates in perfect order */
+ rate = info->control.rates[i].idx;
+ if (info->band == NL80211_BAND_5GHZ)
+ rate += 4;
+
+ /* store the count we actually calculated for TX status */
+ info->control.rates[i].count = calculated_tries[i];
+
+ rc_flags = info->control.rates[i].flags;
+ if (rc_flags & IEEE80211_TX_RC_USE_SHORT_PREAMBLE) {
+ rate |= 0x10;
+ cts_rate |= 0x10;
+ }
+ if (rc_flags & IEEE80211_TX_RC_USE_RTS_CTS) {
+ burst_allowed = false;
+ rate |= 0x40;
+ } else if (rc_flags & IEEE80211_TX_RC_USE_CTS_PROTECT) {
+ rate |= 0x20;
+ burst_allowed = false;
+ }
+ for (j = 0; j < calculated_tries[i] && ridx < 8; j++) {
+ txhdr->rateset[ridx] = rate;
+ ridx++;
+ }
+ }
+
+ if (burst_allowed)
+ hdr_flags |= P54_HDR_FLAG_DATA_OUT_BURST;
+
+ /* TODO: enable bursting */
+ hdr->flags = cpu_to_le16(hdr_flags);
+ hdr->tries = ridx;
+ txhdr->rts_rate_idx = 0;
+ if (info->control.hw_key) {
+ txhdr->key_type = p54_convert_algo(info->control.hw_key->cipher);
+ txhdr->key_len = min((u8)16, info->control.hw_key->keylen);
+ memcpy(txhdr->key, info->control.hw_key->key, txhdr->key_len);
+ if (info->control.hw_key->cipher == WLAN_CIPHER_SUITE_TKIP) {
+ /* reserve space for the MIC key */
+ len += 8;
+ skb_put_data(skb,
+ &(info->control.hw_key->key[NL80211_TKIP_DATA_OFFSET_TX_MIC_KEY]),
+ 8);
+ }
+ /* reserve some space for ICV */
+ len += info->control.hw_key->icv_len;
+ skb_put_zero(skb, info->control.hw_key->icv_len);
+ } else {
+ txhdr->key_type = 0;
+ txhdr->key_len = 0;
+ }
+ txhdr->crypt_offset = crypt_offset;
+ txhdr->hw_queue = queue;
+ txhdr->backlog = priv->tx_stats[queue].len - 1;
+ memset(txhdr->durations, 0, sizeof(txhdr->durations));
+ txhdr->tx_antenna = 2 & priv->tx_diversity_mask;
+ if (priv->rxhw == 5) {
+ txhdr->longbow.cts_rate = cts_rate;
+ txhdr->longbow.output_power = cpu_to_le16(priv->output_power);
+ } else {
+ txhdr->normal.output_power = priv->output_power;
+ txhdr->normal.cts_rate = cts_rate;
+ }
+ if (padding)
+ txhdr->align[0] = padding;
+
+ hdr->len = cpu_to_le16(len);
+ /* modifies skb->cb and with it info, so must be last! */
+ p54info = (void *) info->rate_driver_data;
+ p54info->extra_len = extra_len;
+
+ p54_tx(priv, skb);
+}