projects / openwrt / staging / blogic.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
netdev: pass the stuck queue to the timeout handler
[openwrt/staging/blogic.git] / drivers / net / wireless / intersil / orinoco / main.c
1 /* main.c - (formerly known as dldwd_cs.c, orinoco_cs.c and orinoco.c)
2 *
3 * A driver for Hermes or Prism 2 chipset based PCMCIA wireless
4 * adaptors, with Lucent/Agere, Intersil or Symbol firmware.
5 *
6 * Current maintainers (as of 29 September 2003) are:
7 * Pavel Roskin <proski AT gnu.org>
8 * and David Gibson <hermes AT gibson.dropbear.id.au>
9 *
10 * (C) Copyright David Gibson, IBM Corporation 2001-2003.
11 * Copyright (C) 2000 David Gibson, Linuxcare Australia.
12 * With some help from :
13 * Copyright (C) 2001 Jean Tourrilhes, HP Labs
14 * Copyright (C) 2001 Benjamin Herrenschmidt
15 *
16 * Based on dummy_cs.c 1.27 2000/06/12 21:27:25
17 *
18 * Portions based on wvlan_cs.c 1.0.6, Copyright Andreas Neuhaus <andy
19 * AT fasta.fh-dortmund.de>
20 * http://www.stud.fh-dortmund.de/~andy/wvlan/
21 *
22 * The contents of this file are subject to the Mozilla Public License
23 * Version 1.1 (the "License"); you may not use this file except in
24 * compliance with the License. You may obtain a copy of the License
25 * at http://www.mozilla.org/MPL/
26 *
27 * Software distributed under the License is distributed on an "AS IS"
28 * basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See
29 * the License for the specific language governing rights and
30 * limitations under the License.
31 *
32 * The initial developer of the original code is David A. Hinds
33 * <dahinds AT users.sourceforge.net>. Portions created by David
34 * A. Hinds are Copyright (C) 1999 David A. Hinds. All Rights
35 * Reserved.
36 *
37 * Alternatively, the contents of this file may be used under the
38 * terms of the GNU General Public License version 2 (the "GPL"), in
39 * which case the provisions of the GPL are applicable instead of the
40 * above. If you wish to allow the use of your version of this file
41 * only under the terms of the GPL and not to allow others to use your
42 * version of this file under the MPL, indicate your decision by
43 * deleting the provisions above and replace them with the notice and
44 * other provisions required by the GPL. If you do not delete the
45 * provisions above, a recipient may use your version of this file
46 * under either the MPL or the GPL. */
47
48 /*
49 * TODO
50 * o Handle de-encapsulation within network layer, provide 802.11
51 * headers (patch from Thomas 'Dent' Mirlacher)
52 * o Fix possible races in SPY handling.
53 * o Disconnect wireless extensions from fundamental configuration.
54 * o (maybe) Software WEP support (patch from Stano Meduna).
55 * o (maybe) Use multiple Tx buffers - driver handling queue
56 * rather than firmware.
57 */
58
59 /* Locking and synchronization:
60 *
61 * The basic principle is that everything is serialized through a
62 * single spinlock, priv->lock. The lock is used in user, bh and irq
63 * context, so when taken outside hardirq context it should always be
64 * taken with interrupts disabled. The lock protects both the
65 * hardware and the struct orinoco_private.
66 *
67 * Another flag, priv->hw_unavailable indicates that the hardware is
68 * unavailable for an extended period of time (e.g. suspended, or in
69 * the middle of a hard reset). This flag is protected by the
70 * spinlock. All code which touches the hardware should check the
71 * flag after taking the lock, and if it is set, give up on whatever
72 * they are doing and drop the lock again. The orinoco_lock()
73 * function handles this (it unlocks and returns -EBUSY if
74 * hw_unavailable is non-zero).
75 */
76
77 #define DRIVER_NAME "orinoco"
78
79 #include <linux/module.h>
80 #include <linux/kernel.h>
81 #include <linux/slab.h>
82 #include <linux/init.h>
83 #include <linux/delay.h>
84 #include <linux/device.h>
85 #include <linux/netdevice.h>
86 #include <linux/etherdevice.h>
87 #include <linux/suspend.h>
88 #include <linux/if_arp.h>
89 #include <linux/wireless.h>
90 #include <linux/ieee80211.h>
91 #include <net/iw_handler.h>
92 #include <net/cfg80211.h>
93
94 #include "hermes_rid.h"
95 #include "hermes_dld.h"
96 #include "hw.h"
97 #include "scan.h"
98 #include "mic.h"
99 #include "fw.h"
100 #include "wext.h"
101 #include "cfg.h"
102 #include "main.h"
103
104 #include "orinoco.h"
105
106 /********************************************************************/
107 /* Module information */
108 /********************************************************************/
109
110 MODULE_AUTHOR("Pavel Roskin <proski@gnu.org> & "
111 "David Gibson <hermes@gibson.dropbear.id.au>");
112 MODULE_DESCRIPTION("Driver for Lucent Orinoco, Prism II based "
113 "and similar wireless cards");
114 MODULE_LICENSE("Dual MPL/GPL");
115
116 /* Level of debugging. Used in the macros in orinoco.h */
117 #ifdef ORINOCO_DEBUG
118 int orinoco_debug = ORINOCO_DEBUG;
119 EXPORT_SYMBOL(orinoco_debug);
120 module_param(orinoco_debug, int, 0644);
121 MODULE_PARM_DESC(orinoco_debug, "Debug level");
122 #endif
123
124 static bool suppress_linkstatus; /* = 0 */
125 module_param(suppress_linkstatus, bool, 0644);
126 MODULE_PARM_DESC(suppress_linkstatus, "Don't log link status changes");
127
128 static int ignore_disconnect; /* = 0 */
129 module_param(ignore_disconnect, int, 0644);
130 MODULE_PARM_DESC(ignore_disconnect,
131 "Don't report lost link to the network layer");
132
133 int force_monitor; /* = 0 */
134 module_param(force_monitor, int, 0644);
135 MODULE_PARM_DESC(force_monitor, "Allow monitor mode for all firmware versions");
136
137 /********************************************************************/
138 /* Internal constants */
139 /********************************************************************/
140
141 /* 802.2 LLC/SNAP header used for Ethernet encapsulation over 802.11 */
142 static const u8 encaps_hdr[] = {0xaa, 0xaa, 0x03, 0x00, 0x00, 0x00};
143 #define ENCAPS_OVERHEAD (sizeof(encaps_hdr) + 2)
144
145 #define ORINOCO_MIN_MTU 256
146 #define ORINOCO_MAX_MTU (IEEE80211_MAX_DATA_LEN - ENCAPS_OVERHEAD)
147
148 #define MAX_IRQLOOPS_PER_IRQ 10
149 #define MAX_IRQLOOPS_PER_JIFFY (20000 / HZ) /* Based on a guestimate of
150 * how many events the
151 * device could
152 * legitimately generate */
153
154 #define DUMMY_FID 0xFFFF
155
156 /*#define MAX_MULTICAST(priv) (priv->firmware_type == FIRMWARE_TYPE_AGERE ? \
157 HERMES_MAX_MULTICAST : 0)*/
158 #define MAX_MULTICAST(priv) (HERMES_MAX_MULTICAST)
159
160 #define ORINOCO_INTEN (HERMES_EV_RX | HERMES_EV_ALLOC \
161 | HERMES_EV_TX | HERMES_EV_TXEXC \
162 | HERMES_EV_WTERR | HERMES_EV_INFO \
163 | HERMES_EV_INFDROP)
164
165 /********************************************************************/
166 /* Data types */
167 /********************************************************************/
168
169 /* Beginning of the Tx descriptor, used in TxExc handling */
170 struct hermes_txexc_data {
171 struct hermes_tx_descriptor desc;
172 __le16 frame_ctl;
173 __le16 duration_id;
174 u8 addr1[ETH_ALEN];
175 } __packed;
176
177 /* Rx frame header except compatibility 802.3 header */
178 struct hermes_rx_descriptor {
179 /* Control */
180 __le16 status;
181 __le32 time;
182 u8 silence;
183 u8 signal;
184 u8 rate;
185 u8 rxflow;
186 __le32 reserved;
187
188 /* 802.11 header */
189 __le16 frame_ctl;
190 __le16 duration_id;
191 u8 addr1[ETH_ALEN];
192 u8 addr2[ETH_ALEN];
193 u8 addr3[ETH_ALEN];
194 __le16 seq_ctl;
195 u8 addr4[ETH_ALEN];
196
197 /* Data length */
198 __le16 data_len;
199 } __packed;
200
201 struct orinoco_rx_data {
202 struct hermes_rx_descriptor *desc;
203 struct sk_buff *skb;
204 struct list_head list;
205 };
206
207 struct orinoco_scan_data {
208 void *buf;
209 size_t len;
210 int type;
211 struct list_head list;
212 };
213
214 /********************************************************************/
215 /* Function prototypes */
216 /********************************************************************/
217
218 static int __orinoco_set_multicast_list(struct net_device *dev);
219 static int __orinoco_up(struct orinoco_private *priv);
220 static int __orinoco_down(struct orinoco_private *priv);
221 static int __orinoco_commit(struct orinoco_private *priv);
222
223 /********************************************************************/
224 /* Internal helper functions */
225 /********************************************************************/
226
227 void set_port_type(struct orinoco_private *priv)
228 {
229 switch (priv->iw_mode) {
230 case NL80211_IFTYPE_STATION:
231 priv->port_type = 1;
232 priv->createibss = 0;
233 break;
234 case NL80211_IFTYPE_ADHOC:
235 if (priv->prefer_port3) {
236 priv->port_type = 3;
237 priv->createibss = 0;
238 } else {
239 priv->port_type = priv->ibss_port;
240 priv->createibss = 1;
241 }
242 break;
243 case NL80211_IFTYPE_MONITOR:
244 priv->port_type = 3;
245 priv->createibss = 0;
246 break;
247 default:
248 printk(KERN_ERR "%s: Invalid priv->iw_mode in set_port_type()\n",
249 priv->ndev->name);
250 }
251 }
252
253 /********************************************************************/
254 /* Device methods */
255 /********************************************************************/
256
257 int orinoco_open(struct net_device *dev)
258 {
259 struct orinoco_private *priv = ndev_priv(dev);
260 unsigned long flags;
261 int err;
262
263 if (orinoco_lock(priv, &flags) != 0)
264 return -EBUSY;
265
266 err = __orinoco_up(priv);
267
268 if (!err)
269 priv->open = 1;
270
271 orinoco_unlock(priv, &flags);
272
273 return err;
274 }
275 EXPORT_SYMBOL(orinoco_open);
276
277 int orinoco_stop(struct net_device *dev)
278 {
279 struct orinoco_private *priv = ndev_priv(dev);
280 int err = 0;
281
282 /* We mustn't use orinoco_lock() here, because we need to be
283 able to close the interface even if hw_unavailable is set
284 (e.g. as we're released after a PC Card removal) */
285 orinoco_lock_irq(priv);
286
287 priv->open = 0;
288
289 err = __orinoco_down(priv);
290
291 orinoco_unlock_irq(priv);
292
293 return err;
294 }
295 EXPORT_SYMBOL(orinoco_stop);
296
297 void orinoco_set_multicast_list(struct net_device *dev)
298 {
299 struct orinoco_private *priv = ndev_priv(dev);
300 unsigned long flags;
301
302 if (orinoco_lock(priv, &flags) != 0) {
303 printk(KERN_DEBUG "%s: orinoco_set_multicast_list() "
304 "called when hw_unavailable\n", dev->name);
305 return;
306 }
307
308 __orinoco_set_multicast_list(dev);
309 orinoco_unlock(priv, &flags);
310 }
311 EXPORT_SYMBOL(orinoco_set_multicast_list);
312
313 int orinoco_change_mtu(struct net_device *dev, int new_mtu)
314 {
315 struct orinoco_private *priv = ndev_priv(dev);
316
317 /* MTU + encapsulation + header length */
318 if ((new_mtu + ENCAPS_OVERHEAD + sizeof(struct ieee80211_hdr)) >
319 (priv->nicbuf_size - ETH_HLEN))
320 return -EINVAL;
321
322 dev->mtu = new_mtu;
323
324 return 0;
325 }
326 EXPORT_SYMBOL(orinoco_change_mtu);
327
328 /********************************************************************/
329 /* Tx path */
330 /********************************************************************/
331
332 /* Add encapsulation and MIC to the existing SKB.
333 * The main xmit routine will then send the whole lot to the card.
334 * Need 8 bytes headroom
335 * Need 8 bytes tailroom
336 *
337 * With encapsulated ethernet II frame
338 * --------
339 * 803.3 header (14 bytes)
340 * dst[6]
341 * -------- src[6]
342 * 803.3 header (14 bytes) len[2]
343 * dst[6] 803.2 header (8 bytes)
344 * src[6] encaps[6]
345 * len[2] <- leave alone -> len[2]
346 * -------- -------- <-- 0
347 * Payload Payload
348 * ... ...
349 *
350 * -------- --------
351 * MIC (8 bytes)
352 * --------
353 *
354 * returns 0 on success, -ENOMEM on error.
355 */
356 int orinoco_process_xmit_skb(struct sk_buff *skb,
357 struct net_device *dev,
358 struct orinoco_private *priv,
359 int *tx_control,
360 u8 *mic_buf)
361 {
362 struct orinoco_tkip_key *key;
363 struct ethhdr *eh;
364 int do_mic;
365
366 key = (struct orinoco_tkip_key *) priv->keys[priv->tx_key].key;
367
368 do_mic = ((priv->encode_alg == ORINOCO_ALG_TKIP) &&
369 (key != NULL));
370
371 if (do_mic)
372 *tx_control |= (priv->tx_key << HERMES_MIC_KEY_ID_SHIFT) |
373 HERMES_TXCTRL_MIC;
374
375 eh = (struct ethhdr *)skb->data;
376
377 /* Encapsulate Ethernet-II frames */
378 if (ntohs(eh->h_proto) > ETH_DATA_LEN) { /* Ethernet-II frame */
379 struct header_struct {
380 struct ethhdr eth; /* 802.3 header */
381 u8 encap[6]; /* 802.2 header */
382 } __packed hdr;
383 int len = skb->len + sizeof(encaps_hdr) - (2 * ETH_ALEN);
384
385 if (skb_headroom(skb) < ENCAPS_OVERHEAD) {
386 if (net_ratelimit())
387 printk(KERN_ERR
388 "%s: Not enough headroom for 802.2 headers %d\n",
389 dev->name, skb_headroom(skb));
390 return -ENOMEM;
391 }
392
393 /* Fill in new header */
394 memcpy(&hdr.eth, eh, 2 * ETH_ALEN);
395 hdr.eth.h_proto = htons(len);
396 memcpy(hdr.encap, encaps_hdr, sizeof(encaps_hdr));
397
398 /* Make room for the new header, and copy it in */
399 eh = skb_push(skb, ENCAPS_OVERHEAD);
400 memcpy(eh, &hdr, sizeof(hdr));
401 }
402
403 /* Calculate Michael MIC */
404 if (do_mic) {
405 size_t len = skb->len - ETH_HLEN;
406 u8 *mic = &mic_buf[0];
407
408 /* Have to write to an even address, so copy the spare
409 * byte across */
410 if (skb->len % 2) {
411 *mic = skb->data[skb->len - 1];
412 mic++;
413 }
414
415 orinoco_mic(priv->tx_tfm_mic, key->tx_mic,
416 eh->h_dest, eh->h_source, 0 /* priority */,
417 skb->data + ETH_HLEN,
418 len, mic);
419 }
420
421 return 0;
422 }
423 EXPORT_SYMBOL(orinoco_process_xmit_skb);
424
425 static netdev_tx_t orinoco_xmit(struct sk_buff *skb, struct net_device *dev)
426 {
427 struct orinoco_private *priv = ndev_priv(dev);
428 struct net_device_stats *stats = &dev->stats;
429 struct hermes *hw = &priv->hw;
430 int err = 0;
431 u16 txfid = priv->txfid;
432 int tx_control;
433 unsigned long flags;
434 u8 mic_buf[MICHAEL_MIC_LEN + 1];
435
436 if (!netif_running(dev)) {
437 printk(KERN_ERR "%s: Tx on stopped device!\n",
438 dev->name);
439 return NETDEV_TX_BUSY;
440 }
441
442 if (netif_queue_stopped(dev)) {
443 printk(KERN_DEBUG "%s: Tx while transmitter busy!\n",
444 dev->name);
445 return NETDEV_TX_BUSY;
446 }
447
448 if (orinoco_lock(priv, &flags) != 0) {
449 printk(KERN_ERR "%s: orinoco_xmit() called while hw_unavailable\n",
450 dev->name);
451 return NETDEV_TX_BUSY;
452 }
453
454 if (!netif_carrier_ok(dev) ||
455 (priv->iw_mode == NL80211_IFTYPE_MONITOR)) {
456 /* Oops, the firmware hasn't established a connection,
457 silently drop the packet (this seems to be the
458 safest approach). */
459 goto drop;
460 }
461
462 /* Check packet length */
463 if (skb->len < ETH_HLEN)
464 goto drop;
465
466 tx_control = HERMES_TXCTRL_TX_OK | HERMES_TXCTRL_TX_EX;
467
468 err = orinoco_process_xmit_skb(skb, dev, priv, &tx_control,
469 &mic_buf[0]);
470 if (err)
471 goto drop;
472
473 if (priv->has_alt_txcntl) {
474 /* WPA enabled firmwares have tx_cntl at the end of
475 * the 802.11 header. So write zeroed descriptor and
476 * 802.11 header at the same time
477 */
478 char desc[HERMES_802_3_OFFSET];
479 __le16 *txcntl = (__le16 *) &desc[HERMES_TXCNTL2_OFFSET];
480
481 memset(&desc, 0, sizeof(desc));
482
483 *txcntl = cpu_to_le16(tx_control);
484 err = hw->ops->bap_pwrite(hw, USER_BAP, &desc, sizeof(desc),
485 txfid, 0);
486 if (err) {
487 if (net_ratelimit())
488 printk(KERN_ERR "%s: Error %d writing Tx "
489 "descriptor to BAP\n", dev->name, err);
490 goto busy;
491 }
492 } else {
493 struct hermes_tx_descriptor desc;
494
495 memset(&desc, 0, sizeof(desc));
496
497 desc.tx_control = cpu_to_le16(tx_control);
498 err = hw->ops->bap_pwrite(hw, USER_BAP, &desc, sizeof(desc),
499 txfid, 0);
500 if (err) {
501 if (net_ratelimit())
502 printk(KERN_ERR "%s: Error %d writing Tx "
503 "descriptor to BAP\n", dev->name, err);
504 goto busy;
505 }
506
507 /* Clear the 802.11 header and data length fields - some
508 * firmwares (e.g. Lucent/Agere 8.xx) appear to get confused
509 * if this isn't done. */
510 hermes_clear_words(hw, HERMES_DATA0,
511 HERMES_802_3_OFFSET - HERMES_802_11_OFFSET);
512 }
513
514 err = hw->ops->bap_pwrite(hw, USER_BAP, skb->data, skb->len,
515 txfid, HERMES_802_3_OFFSET);
516 if (err) {
517 printk(KERN_ERR "%s: Error %d writing packet to BAP\n",
518 dev->name, err);
519 goto busy;
520 }
521
522 if (tx_control & HERMES_TXCTRL_MIC) {
523 size_t offset = HERMES_802_3_OFFSET + skb->len;
524 size_t len = MICHAEL_MIC_LEN;
525
526 if (offset % 2) {
527 offset--;
528 len++;
529 }
530 err = hw->ops->bap_pwrite(hw, USER_BAP, &mic_buf[0], len,
531 txfid, offset);
532 if (err) {
533 printk(KERN_ERR "%s: Error %d writing MIC to BAP\n",
534 dev->name, err);
535 goto busy;
536 }
537 }
538
539 /* Finally, we actually initiate the send */
540 netif_stop_queue(dev);
541
542 err = hw->ops->cmd_wait(hw, HERMES_CMD_TX | HERMES_CMD_RECL,
543 txfid, NULL);
544 if (err) {
545 netif_start_queue(dev);
546 if (net_ratelimit())
547 printk(KERN_ERR "%s: Error %d transmitting packet\n",
548 dev->name, err);
549 goto busy;
550 }
551
552 stats->tx_bytes += HERMES_802_3_OFFSET + skb->len;
553 goto ok;
554
555 drop:
556 stats->tx_errors++;
557 stats->tx_dropped++;
558
559 ok:
560 orinoco_unlock(priv, &flags);
561 dev_kfree_skb(skb);
562 return NETDEV_TX_OK;
563
564 busy:
565 if (err == -EIO)
566 schedule_work(&priv->reset_work);
567 orinoco_unlock(priv, &flags);
568 return NETDEV_TX_BUSY;
569 }
570
571 static void __orinoco_ev_alloc(struct net_device *dev, struct hermes *hw)
572 {
573 struct orinoco_private *priv = ndev_priv(dev);
574 u16 fid = hermes_read_regn(hw, ALLOCFID);
575
576 if (fid != priv->txfid) {
577 if (fid != DUMMY_FID)
578 printk(KERN_WARNING "%s: Allocate event on unexpected fid (%04X)\n",
579 dev->name, fid);
580 return;
581 }
582
583 hermes_write_regn(hw, ALLOCFID, DUMMY_FID);
584 }
585
586 static void __orinoco_ev_tx(struct net_device *dev, struct hermes *hw)
587 {
588 dev->stats.tx_packets++;
589
590 netif_wake_queue(dev);
591
592 hermes_write_regn(hw, TXCOMPLFID, DUMMY_FID);
593 }
594
595 static void __orinoco_ev_txexc(struct net_device *dev, struct hermes *hw)
596 {
597 struct net_device_stats *stats = &dev->stats;
598 u16 fid = hermes_read_regn(hw, TXCOMPLFID);
599 u16 status;
600 struct hermes_txexc_data hdr;
601 int err = 0;
602
603 if (fid == DUMMY_FID)
604 return; /* Nothing's really happened */
605
606 /* Read part of the frame header - we need status and addr1 */
607 err = hw->ops->bap_pread(hw, IRQ_BAP, &hdr,
608 sizeof(struct hermes_txexc_data),
609 fid, 0);
610
611 hermes_write_regn(hw, TXCOMPLFID, DUMMY_FID);
612 stats->tx_errors++;
613
614 if (err) {
615 printk(KERN_WARNING "%s: Unable to read descriptor on Tx error "
616 "(FID=%04X error %d)\n",
617 dev->name, fid, err);
618 return;
619 }
620
621 DEBUG(1, "%s: Tx error, err %d (FID=%04X)\n", dev->name,
622 err, fid);
623
624 /* We produce a TXDROP event only for retry or lifetime
625 * exceeded, because that's the only status that really mean
626 * that this particular node went away.
627 * Other errors means that *we* screwed up. - Jean II */
628 status = le16_to_cpu(hdr.desc.status);
629 if (status & (HERMES_TXSTAT_RETRYERR | HERMES_TXSTAT_AGEDERR)) {
630 union iwreq_data wrqu;
631
632 /* Copy 802.11 dest address.
633 * We use the 802.11 header because the frame may
634 * not be 802.3 or may be mangled...
635 * In Ad-Hoc mode, it will be the node address.
636 * In managed mode, it will be most likely the AP addr
637 * User space will figure out how to convert it to
638 * whatever it needs (IP address or else).
639 * - Jean II */
640 memcpy(wrqu.addr.sa_data, hdr.addr1, ETH_ALEN);
641 wrqu.addr.sa_family = ARPHRD_ETHER;
642
643 /* Send event to user space */
644 wireless_send_event(dev, IWEVTXDROP, &wrqu, NULL);
645 }
646
647 netif_wake_queue(dev);
648 }
649
650 void orinoco_tx_timeout(struct net_device *dev, unsigned int txqueue)
651 {
652 struct orinoco_private *priv = ndev_priv(dev);
653 struct net_device_stats *stats = &dev->stats;
654 struct hermes *hw = &priv->hw;
655
656 printk(KERN_WARNING "%s: Tx timeout! "
657 "ALLOCFID=%04x, TXCOMPLFID=%04x, EVSTAT=%04x\n",
658 dev->name, hermes_read_regn(hw, ALLOCFID),
659 hermes_read_regn(hw, TXCOMPLFID), hermes_read_regn(hw, EVSTAT));
660
661 stats->tx_errors++;
662
663 schedule_work(&priv->reset_work);
664 }
665 EXPORT_SYMBOL(orinoco_tx_timeout);
666
667 /********************************************************************/
668 /* Rx path (data frames) */
669 /********************************************************************/
670
671 /* Does the frame have a SNAP header indicating it should be
672 * de-encapsulated to Ethernet-II? */
673 static inline int is_ethersnap(void *_hdr)
674 {
675 u8 *hdr = _hdr;
676
677 /* We de-encapsulate all packets which, a) have SNAP headers
678 * (i.e. SSAP=DSAP=0xaa and CTRL=0x3 in the 802.2 LLC header
679 * and where b) the OUI of the SNAP header is 00:00:00 or
680 * 00:00:f8 - we need both because different APs appear to use
681 * different OUIs for some reason */
682 return (memcmp(hdr, &encaps_hdr, 5) == 0)
683 && ((hdr[5] == 0x00) || (hdr[5] == 0xf8));
684 }
685
686 static inline void orinoco_spy_gather(struct net_device *dev, u_char *mac,
687 int level, int noise)
688 {
689 struct iw_quality wstats;
690 wstats.level = level - 0x95;
691 wstats.noise = noise - 0x95;
692 wstats.qual = (level > noise) ? (level - noise) : 0;
693 wstats.updated = IW_QUAL_ALL_UPDATED | IW_QUAL_DBM;
694 /* Update spy records */
695 wireless_spy_update(dev, mac, &wstats);
696 }
697
698 static void orinoco_stat_gather(struct net_device *dev,
699 struct sk_buff *skb,
700 struct hermes_rx_descriptor *desc)
701 {
702 struct orinoco_private *priv = ndev_priv(dev);
703
704 /* Using spy support with lots of Rx packets, like in an
705 * infrastructure (AP), will really slow down everything, because
706 * the MAC address must be compared to each entry of the spy list.
707 * If the user really asks for it (set some address in the
708 * spy list), we do it, but he will pay the price.
709 * Note that to get here, you need both WIRELESS_SPY
710 * compiled in AND some addresses in the list !!!
711 */
712 /* Note : gcc will optimise the whole section away if
713 * WIRELESS_SPY is not defined... - Jean II */
714 if (SPY_NUMBER(priv)) {
715 orinoco_spy_gather(dev, skb_mac_header(skb) + ETH_ALEN,
716 desc->signal, desc->silence);
717 }
718 }
719
720 /*
721 * orinoco_rx_monitor - handle received monitor frames.
722 *
723 * Arguments:
724 * dev network device
725 * rxfid received FID
726 * desc rx descriptor of the frame
727 *
728 * Call context: interrupt
729 */
730 static void orinoco_rx_monitor(struct net_device *dev, u16 rxfid,
731 struct hermes_rx_descriptor *desc)
732 {
733 u32 hdrlen = 30; /* return full header by default */
734 u32 datalen = 0;
735 u16 fc;
736 int err;
737 int len;
738 struct sk_buff *skb;
739 struct orinoco_private *priv = ndev_priv(dev);
740 struct net_device_stats *stats = &dev->stats;
741 struct hermes *hw = &priv->hw;
742
743 len = le16_to_cpu(desc->data_len);
744
745 /* Determine the size of the header and the data */
746 fc = le16_to_cpu(desc->frame_ctl);
747 switch (fc & IEEE80211_FCTL_FTYPE) {
748 case IEEE80211_FTYPE_DATA:
749 if ((fc & IEEE80211_FCTL_TODS)
750 && (fc & IEEE80211_FCTL_FROMDS))
751 hdrlen = 30;
752 else
753 hdrlen = 24;
754 datalen = len;
755 break;
756 case IEEE80211_FTYPE_MGMT:
757 hdrlen = 24;
758 datalen = len;
759 break;
760 case IEEE80211_FTYPE_CTL:
761 switch (fc & IEEE80211_FCTL_STYPE) {
762 case IEEE80211_STYPE_PSPOLL:
763 case IEEE80211_STYPE_RTS:
764 case IEEE80211_STYPE_CFEND:
765 case IEEE80211_STYPE_CFENDACK:
766 hdrlen = 16;
767 break;
768 case IEEE80211_STYPE_CTS:
769 case IEEE80211_STYPE_ACK:
770 hdrlen = 10;
771 break;
772 }
773 break;
774 default:
775 /* Unknown frame type */
776 break;
777 }
778
779 /* sanity check the length */
780 if (datalen > IEEE80211_MAX_DATA_LEN + 12) {
781 printk(KERN_DEBUG "%s: oversized monitor frame, "
782 "data length = %d\n", dev->name, datalen);
783 stats->rx_length_errors++;
784 goto update_stats;
785 }
786
787 skb = dev_alloc_skb(hdrlen + datalen);
788 if (!skb) {
789 printk(KERN_WARNING "%s: Cannot allocate skb for monitor frame\n",
790 dev->name);
791 goto update_stats;
792 }
793
794 /* Copy the 802.11 header to the skb */
795 skb_put_data(skb, &(desc->frame_ctl), hdrlen);
796 skb_reset_mac_header(skb);
797
798 /* If any, copy the data from the card to the skb */
799 if (datalen > 0) {
800 err = hw->ops->bap_pread(hw, IRQ_BAP, skb_put(skb, datalen),
801 ALIGN(datalen, 2), rxfid,
802 HERMES_802_2_OFFSET);
803 if (err) {
804 printk(KERN_ERR "%s: error %d reading monitor frame\n",
805 dev->name, err);
806 goto drop;
807 }
808 }
809
810 skb->dev = dev;
811 skb->ip_summed = CHECKSUM_NONE;
812 skb->pkt_type = PACKET_OTHERHOST;
813 skb->protocol = cpu_to_be16(ETH_P_802_2);
814
815 stats->rx_packets++;
816 stats->rx_bytes += skb->len;
817
818 netif_rx(skb);
819 return;
820
821 drop:
822 dev_kfree_skb_irq(skb);
823 update_stats:
824 stats->rx_errors++;
825 stats->rx_dropped++;
826 }
827
828 void __orinoco_ev_rx(struct net_device *dev, struct hermes *hw)
829 {
830 struct orinoco_private *priv = ndev_priv(dev);
831 struct net_device_stats *stats = &dev->stats;
832 struct iw_statistics *wstats = &priv->wstats;
833 struct sk_buff *skb = NULL;
834 u16 rxfid, status;
835 int length;
836 struct hermes_rx_descriptor *desc;
837 struct orinoco_rx_data *rx_data;
838 int err;
839
840 desc = kmalloc(sizeof(*desc), GFP_ATOMIC);
841 if (!desc)
842 goto update_stats;
843
844 rxfid = hermes_read_regn(hw, RXFID);
845
846 err = hw->ops->bap_pread(hw, IRQ_BAP, desc, sizeof(*desc),
847 rxfid, 0);
848 if (err) {
849 printk(KERN_ERR "%s: error %d reading Rx descriptor. "
850 "Frame dropped.\n", dev->name, err);
851 goto update_stats;
852 }
853
854 status = le16_to_cpu(desc->status);
855
856 if (status & HERMES_RXSTAT_BADCRC) {
857 DEBUG(1, "%s: Bad CRC on Rx. Frame dropped.\n",
858 dev->name);
859 stats->rx_crc_errors++;
860 goto update_stats;
861 }
862
863 /* Handle frames in monitor mode */
864 if (priv->iw_mode == NL80211_IFTYPE_MONITOR) {
865 orinoco_rx_monitor(dev, rxfid, desc);
866 goto out;
867 }
868
869 if (status & HERMES_RXSTAT_UNDECRYPTABLE) {
870 DEBUG(1, "%s: Undecryptable frame on Rx. Frame dropped.\n",
871 dev->name);
872 wstats->discard.code++;
873 goto update_stats;
874 }
875
876 length = le16_to_cpu(desc->data_len);
877
878 /* Sanity checks */
879 if (length < 3) { /* No for even an 802.2 LLC header */
880 /* At least on Symbol firmware with PCF we get quite a
881 lot of these legitimately - Poll frames with no
882 data. */
883 goto out;
884 }
885 if (length > IEEE80211_MAX_DATA_LEN) {
886 printk(KERN_WARNING "%s: Oversized frame received (%d bytes)\n",
887 dev->name, length);
888 stats->rx_length_errors++;
889 goto update_stats;
890 }
891
892 /* Payload size does not include Michael MIC. Increase payload
893 * size to read it together with the data. */
894 if (status & HERMES_RXSTAT_MIC)
895 length += MICHAEL_MIC_LEN;
896
897 /* We need space for the packet data itself, plus an ethernet
898 header, plus 2 bytes so we can align the IP header on a
899 32bit boundary, plus 1 byte so we can read in odd length
900 packets from the card, which has an IO granularity of 16
901 bits */
902 skb = dev_alloc_skb(length + ETH_HLEN + 2 + 1);
903 if (!skb) {
904 printk(KERN_WARNING "%s: Can't allocate skb for Rx\n",
905 dev->name);
906 goto update_stats;
907 }
908
909 /* We'll prepend the header, so reserve space for it. The worst
910 case is no decapsulation, when 802.3 header is prepended and
911 nothing is removed. 2 is for aligning the IP header. */
912 skb_reserve(skb, ETH_HLEN + 2);
913
914 err = hw->ops->bap_pread(hw, IRQ_BAP, skb_put(skb, length),
915 ALIGN(length, 2), rxfid,
916 HERMES_802_2_OFFSET);
917 if (err) {
918 printk(KERN_ERR "%s: error %d reading frame. "
919 "Frame dropped.\n", dev->name, err);
920 goto drop;
921 }
922
923 /* Add desc and skb to rx queue */
924 rx_data = kzalloc(sizeof(*rx_data), GFP_ATOMIC);
925 if (!rx_data)
926 goto drop;
927
928 rx_data->desc = desc;
929 rx_data->skb = skb;
930 list_add_tail(&rx_data->list, &priv->rx_list);
931 tasklet_schedule(&priv->rx_tasklet);
932
933 return;
934
935 drop:
936 dev_kfree_skb_irq(skb);
937 update_stats:
938 stats->rx_errors++;
939 stats->rx_dropped++;
940 out:
941 kfree(desc);
942 }
943 EXPORT_SYMBOL(__orinoco_ev_rx);
944
945 static void orinoco_rx(struct net_device *dev,
946 struct hermes_rx_descriptor *desc,
947 struct sk_buff *skb)
948 {
949 struct orinoco_private *priv = ndev_priv(dev);
950 struct net_device_stats *stats = &dev->stats;
951 u16 status, fc;
952 int length;
953 struct ethhdr *hdr;
954
955 status = le16_to_cpu(desc->status);
956 length = le16_to_cpu(desc->data_len);
957 fc = le16_to_cpu(desc->frame_ctl);
958
959 /* Calculate and check MIC */
960 if (status & HERMES_RXSTAT_MIC) {
961 struct orinoco_tkip_key *key;
962 int key_id = ((status & HERMES_RXSTAT_MIC_KEY_ID) >>
963 HERMES_MIC_KEY_ID_SHIFT);
964 u8 mic[MICHAEL_MIC_LEN];
965 u8 *rxmic;
966 u8 *src = (fc & IEEE80211_FCTL_FROMDS) ?
967 desc->addr3 : desc->addr2;
968
969 /* Extract Michael MIC from payload */
970 rxmic = skb->data + skb->len - MICHAEL_MIC_LEN;
971
972 skb_trim(skb, skb->len - MICHAEL_MIC_LEN);
973 length -= MICHAEL_MIC_LEN;
974
975 key = (struct orinoco_tkip_key *) priv->keys[key_id].key;
976
977 if (!key) {
978 printk(KERN_WARNING "%s: Received encrypted frame from "
979 "%pM using key %i, but key is not installed\n",
980 dev->name, src, key_id);
981 goto drop;
982 }
983
984 orinoco_mic(priv->rx_tfm_mic, key->rx_mic, desc->addr1, src,
985 0, /* priority or QoS? */
986 skb->data, skb->len, &mic[0]);
987
988 if (memcmp(mic, rxmic,
989 MICHAEL_MIC_LEN)) {
990 union iwreq_data wrqu;
991 struct iw_michaelmicfailure wxmic;
992
993 printk(KERN_WARNING "%s: "
994 "Invalid Michael MIC in data frame from %pM, "
995 "using key %i\n",
996 dev->name, src, key_id);
997
998 /* TODO: update stats */
999
1000 /* Notify userspace */
1001 memset(&wxmic, 0, sizeof(wxmic));
1002 wxmic.flags = key_id & IW_MICFAILURE_KEY_ID;
1003 wxmic.flags |= (desc->addr1[0] & 1) ?
1004 IW_MICFAILURE_GROUP : IW_MICFAILURE_PAIRWISE;
1005 wxmic.src_addr.sa_family = ARPHRD_ETHER;
1006 memcpy(wxmic.src_addr.sa_data, src, ETH_ALEN);
1007
1008 (void) orinoco_hw_get_tkip_iv(priv, key_id,
1009 &wxmic.tsc[0]);
1010
1011 memset(&wrqu, 0, sizeof(wrqu));
1012 wrqu.data.length = sizeof(wxmic);
1013 wireless_send_event(dev, IWEVMICHAELMICFAILURE, &wrqu,
1014 (char *) &wxmic);
1015
1016 goto drop;
1017 }
1018 }
1019
1020 /* Handle decapsulation
1021 * In most cases, the firmware tell us about SNAP frames.
1022 * For some reason, the SNAP frames sent by LinkSys APs
1023 * are not properly recognised by most firmwares.
1024 * So, check ourselves */
1025 if (length >= ENCAPS_OVERHEAD &&
1026 (((status & HERMES_RXSTAT_MSGTYPE) == HERMES_RXSTAT_1042) ||
1027 ((status & HERMES_RXSTAT_MSGTYPE) == HERMES_RXSTAT_TUNNEL) ||
1028 is_ethersnap(skb->data))) {
1029 /* These indicate a SNAP within 802.2 LLC within
1030 802.11 frame which we'll need to de-encapsulate to
1031 the original EthernetII frame. */
1032 hdr = skb_push(skb, ETH_HLEN - ENCAPS_OVERHEAD);
1033 } else {
1034 /* 802.3 frame - prepend 802.3 header as is */
1035 hdr = skb_push(skb, ETH_HLEN);
1036 hdr->h_proto = htons(length);
1037 }
1038 memcpy(hdr->h_dest, desc->addr1, ETH_ALEN);
1039 if (fc & IEEE80211_FCTL_FROMDS)
1040 memcpy(hdr->h_source, desc->addr3, ETH_ALEN);
1041 else
1042 memcpy(hdr->h_source, desc->addr2, ETH_ALEN);
1043
1044 skb->protocol = eth_type_trans(skb, dev);
1045 skb->ip_summed = CHECKSUM_NONE;
1046 if (fc & IEEE80211_FCTL_TODS)
1047 skb->pkt_type = PACKET_OTHERHOST;
1048
1049 /* Process the wireless stats if needed */
1050 orinoco_stat_gather(dev, skb, desc);
1051
1052 /* Pass the packet to the networking stack */
1053 netif_rx(skb);
1054 stats->rx_packets++;
1055 stats->rx_bytes += length;
1056
1057 return;
1058
1059 drop:
1060 dev_kfree_skb(skb);
1061 stats->rx_errors++;
1062 stats->rx_dropped++;
1063 }
1064
1065 static void orinoco_rx_isr_tasklet(unsigned long data)
1066 {
1067 struct orinoco_private *priv = (struct orinoco_private *) data;
1068 struct net_device *dev = priv->ndev;
1069 struct orinoco_rx_data *rx_data, *temp;
1070 struct hermes_rx_descriptor *desc;
1071 struct sk_buff *skb;
1072 unsigned long flags;
1073
1074 /* orinoco_rx requires the driver lock, and we also need to
1075 * protect priv->rx_list, so just hold the lock over the
1076 * lot.
1077 *
1078 * If orinoco_lock fails, we've unplugged the card. In this
1079 * case just abort. */
1080 if (orinoco_lock(priv, &flags) != 0)
1081 return;
1082
1083 /* extract desc and skb from queue */
1084 list_for_each_entry_safe(rx_data, temp, &priv->rx_list, list) {
1085 desc = rx_data->desc;
1086 skb = rx_data->skb;
1087 list_del(&rx_data->list);
1088 kfree(rx_data);
1089
1090 orinoco_rx(dev, desc, skb);
1091
1092 kfree(desc);
1093 }
1094
1095 orinoco_unlock(priv, &flags);
1096 }
1097
1098 /********************************************************************/
1099 /* Rx path (info frames) */
1100 /********************************************************************/
1101
1102 static void print_linkstatus(struct net_device *dev, u16 status)
1103 {
1104 char *s;
1105
1106 if (suppress_linkstatus)
1107 return;
1108
1109 switch (status) {
1110 case HERMES_LINKSTATUS_NOT_CONNECTED:
1111 s = "Not Connected";
1112 break;
1113 case HERMES_LINKSTATUS_CONNECTED:
1114 s = "Connected";
1115 break;
1116 case HERMES_LINKSTATUS_DISCONNECTED:
1117 s = "Disconnected";
1118 break;
1119 case HERMES_LINKSTATUS_AP_CHANGE:
1120 s = "AP Changed";
1121 break;
1122 case HERMES_LINKSTATUS_AP_OUT_OF_RANGE:
1123 s = "AP Out of Range";
1124 break;
1125 case HERMES_LINKSTATUS_AP_IN_RANGE:
1126 s = "AP In Range";
1127 break;
1128 case HERMES_LINKSTATUS_ASSOC_FAILED:
1129 s = "Association Failed";
1130 break;
1131 default:
1132 s = "UNKNOWN";
1133 }
1134
1135 printk(KERN_DEBUG "%s: New link status: %s (%04x)\n",
1136 dev->name, s, status);
1137 }
1138
1139 /* Search scan results for requested BSSID, join it if found */
1140 static void orinoco_join_ap(struct work_struct *work)
1141 {
1142 struct orinoco_private *priv =
1143 container_of(work, struct orinoco_private, join_work);
1144 struct net_device *dev = priv->ndev;
1145 struct hermes *hw = &priv->hw;
1146 int err;
1147 unsigned long flags;
1148 struct join_req {
1149 u8 bssid[ETH_ALEN];
1150 __le16 channel;
1151 } __packed req;
1152 const int atom_len = offsetof(struct prism2_scan_apinfo, atim);
1153 struct prism2_scan_apinfo *atom = NULL;
1154 int offset = 4;
1155 int found = 0;
1156 u8 *buf;
1157 u16 len;
1158
1159 /* Allocate buffer for scan results */
1160 buf = kmalloc(MAX_SCAN_LEN, GFP_KERNEL);
1161 if (!buf)
1162 return;
1163
1164 if (orinoco_lock(priv, &flags) != 0)
1165 goto fail_lock;
1166
1167 /* Sanity checks in case user changed something in the meantime */
1168 if (!priv->bssid_fixed)
1169 goto out;
1170
1171 if (strlen(priv->desired_essid) == 0)
1172 goto out;
1173
1174 /* Read scan results from the firmware */
1175 err = hw->ops->read_ltv(hw, USER_BAP,
1176 HERMES_RID_SCANRESULTSTABLE,
1177 MAX_SCAN_LEN, &len, buf);
1178 if (err) {
1179 printk(KERN_ERR "%s: Cannot read scan results\n",
1180 dev->name);
1181 goto out;
1182 }
1183
1184 len = HERMES_RECLEN_TO_BYTES(len);
1185
1186 /* Go through the scan results looking for the channel of the AP
1187 * we were requested to join */
1188 for (; offset + atom_len <= len; offset += atom_len) {
1189 atom = (struct prism2_scan_apinfo *) (buf + offset);
1190 if (memcmp(&atom->bssid, priv->desired_bssid, ETH_ALEN) == 0) {
1191 found = 1;
1192 break;
1193 }
1194 }
1195
1196 if (!found) {
1197 DEBUG(1, "%s: Requested AP not found in scan results\n",
1198 dev->name);
1199 goto out;
1200 }
1201
1202 memcpy(req.bssid, priv->desired_bssid, ETH_ALEN);
1203 req.channel = atom->channel; /* both are little-endian */
1204 err = HERMES_WRITE_RECORD(hw, USER_BAP, HERMES_RID_CNFJOINREQUEST,
1205 &req);
1206 if (err)
1207 printk(KERN_ERR "%s: Error issuing join request\n", dev->name);
1208
1209 out:
1210 orinoco_unlock(priv, &flags);
1211
1212 fail_lock:
1213 kfree(buf);
1214 }
1215
1216 /* Send new BSSID to userspace */
1217 static void orinoco_send_bssid_wevent(struct orinoco_private *priv)
1218 {
1219 struct net_device *dev = priv->ndev;
1220 struct hermes *hw = &priv->hw;
1221 union iwreq_data wrqu;
1222 int err;
1223
1224 err = hw->ops->read_ltv(hw, USER_BAP, HERMES_RID_CURRENTBSSID,
1225 ETH_ALEN, NULL, wrqu.ap_addr.sa_data);
1226 if (err != 0)
1227 return;
1228
1229 wrqu.ap_addr.sa_family = ARPHRD_ETHER;
1230
1231 /* Send event to user space */
1232 wireless_send_event(dev, SIOCGIWAP, &wrqu, NULL);
1233 }
1234
1235 static void orinoco_send_assocreqie_wevent(struct orinoco_private *priv)
1236 {
1237 struct net_device *dev = priv->ndev;
1238 struct hermes *hw = &priv->hw;
1239 union iwreq_data wrqu;
1240 int err;
1241 u8 buf[88];
1242 u8 *ie;
1243
1244 if (!priv->has_wpa)
1245 return;
1246
1247 err = hw->ops->read_ltv(hw, USER_BAP, HERMES_RID_CURRENT_ASSOC_REQ_INFO,
1248 sizeof(buf), NULL, &buf);
1249 if (err != 0)
1250 return;
1251
1252 ie = orinoco_get_wpa_ie(buf, sizeof(buf));
1253 if (ie) {
1254 int rem = sizeof(buf) - (ie - &buf[0]);
1255 wrqu.data.length = ie[1] + 2;
1256 if (wrqu.data.length > rem)
1257 wrqu.data.length = rem;
1258
1259 if (wrqu.data.length)
1260 /* Send event to user space */
1261 wireless_send_event(dev, IWEVASSOCREQIE, &wrqu, ie);
1262 }
1263 }
1264
1265 static void orinoco_send_assocrespie_wevent(struct orinoco_private *priv)
1266 {
1267 struct net_device *dev = priv->ndev;
1268 struct hermes *hw = &priv->hw;
1269 union iwreq_data wrqu;
1270 int err;
1271 u8 buf[88]; /* TODO: verify max size or IW_GENERIC_IE_MAX */
1272 u8 *ie;
1273
1274 if (!priv->has_wpa)
1275 return;
1276
1277 err = hw->ops->read_ltv(hw, USER_BAP,
1278 HERMES_RID_CURRENT_ASSOC_RESP_INFO,
1279 sizeof(buf), NULL, &buf);
1280 if (err != 0)
1281 return;
1282
1283 ie = orinoco_get_wpa_ie(buf, sizeof(buf));
1284 if (ie) {
1285 int rem = sizeof(buf) - (ie - &buf[0]);
1286 wrqu.data.length = ie[1] + 2;
1287 if (wrqu.data.length > rem)
1288 wrqu.data.length = rem;
1289
1290 if (wrqu.data.length)
1291 /* Send event to user space */
1292 wireless_send_event(dev, IWEVASSOCRESPIE, &wrqu, ie);
1293 }
1294 }
1295
1296 static void orinoco_send_wevents(struct work_struct *work)
1297 {
1298 struct orinoco_private *priv =
1299 container_of(work, struct orinoco_private, wevent_work);
1300 unsigned long flags;
1301
1302 if (orinoco_lock(priv, &flags) != 0)
1303 return;
1304
1305 orinoco_send_assocreqie_wevent(priv);
1306 orinoco_send_assocrespie_wevent(priv);
1307 orinoco_send_bssid_wevent(priv);
1308
1309 orinoco_unlock(priv, &flags);
1310 }
1311
1312 static void qbuf_scan(struct orinoco_private *priv, void *buf,
1313 int len, int type)
1314 {
1315 struct orinoco_scan_data *sd;
1316 unsigned long flags;
1317
1318 sd = kmalloc(sizeof(*sd), GFP_ATOMIC);
1319 if (!sd)
1320 return;
1321
1322 sd->buf = buf;
1323 sd->len = len;
1324 sd->type = type;
1325
1326 spin_lock_irqsave(&priv->scan_lock, flags);
1327 list_add_tail(&sd->list, &priv->scan_list);
1328 spin_unlock_irqrestore(&priv->scan_lock, flags);
1329
1330 schedule_work(&priv->process_scan);
1331 }
1332
1333 static void qabort_scan(struct orinoco_private *priv)
1334 {
1335 struct orinoco_scan_data *sd;
1336 unsigned long flags;
1337
1338 sd = kmalloc(sizeof(*sd), GFP_ATOMIC);
1339 if (!sd)
1340 return;
1341
1342 sd->len = -1; /* Abort */
1343
1344 spin_lock_irqsave(&priv->scan_lock, flags);
1345 list_add_tail(&sd->list, &priv->scan_list);
1346 spin_unlock_irqrestore(&priv->scan_lock, flags);
1347
1348 schedule_work(&priv->process_scan);
1349 }
1350
1351 static void orinoco_process_scan_results(struct work_struct *work)
1352 {
1353 struct orinoco_private *priv =
1354 container_of(work, struct orinoco_private, process_scan);
1355 struct orinoco_scan_data *sd, *temp;
1356 unsigned long flags;
1357 void *buf;
1358 int len;
1359 int type;
1360
1361 spin_lock_irqsave(&priv->scan_lock, flags);
1362 list_for_each_entry_safe(sd, temp, &priv->scan_list, list) {
1363
1364 buf = sd->buf;
1365 len = sd->len;
1366 type = sd->type;
1367
1368 list_del(&sd->list);
1369 spin_unlock_irqrestore(&priv->scan_lock, flags);
1370 kfree(sd);
1371
1372 if (len > 0) {
1373 if (type == HERMES_INQ_CHANNELINFO)
1374 orinoco_add_extscan_result(priv, buf, len);
1375 else
1376 orinoco_add_hostscan_results(priv, buf, len);
1377
1378 kfree(buf);
1379 } else {
1380 /* Either abort or complete the scan */
1381 orinoco_scan_done(priv, (len < 0));
1382 }
1383
1384 spin_lock_irqsave(&priv->scan_lock, flags);
1385 }
1386 spin_unlock_irqrestore(&priv->scan_lock, flags);
1387 }
1388
1389 void __orinoco_ev_info(struct net_device *dev, struct hermes *hw)
1390 {
1391 struct orinoco_private *priv = ndev_priv(dev);
1392 u16 infofid;
1393 struct {
1394 __le16 len;
1395 __le16 type;
1396 } __packed info;
1397 int len, type;
1398 int err;
1399
1400 /* This is an answer to an INQUIRE command that we did earlier,
1401 * or an information "event" generated by the card
1402 * The controller return to us a pseudo frame containing
1403 * the information in question - Jean II */
1404 infofid = hermes_read_regn(hw, INFOFID);
1405
1406 /* Read the info frame header - don't try too hard */
1407 err = hw->ops->bap_pread(hw, IRQ_BAP, &info, sizeof(info),
1408 infofid, 0);
1409 if (err) {
1410 printk(KERN_ERR "%s: error %d reading info frame. "
1411 "Frame dropped.\n", dev->name, err);
1412 return;
1413 }
1414
1415 len = HERMES_RECLEN_TO_BYTES(le16_to_cpu(info.len));
1416 type = le16_to_cpu(info.type);
1417
1418 switch (type) {
1419 case HERMES_INQ_TALLIES: {
1420 struct hermes_tallies_frame tallies;
1421 struct iw_statistics *wstats = &priv->wstats;
1422
1423 if (len > sizeof(tallies)) {
1424 printk(KERN_WARNING "%s: Tallies frame too long (%d bytes)\n",
1425 dev->name, len);
1426 len = sizeof(tallies);
1427 }
1428
1429 err = hw->ops->bap_pread(hw, IRQ_BAP, &tallies, len,
1430 infofid, sizeof(info));
1431 if (err)
1432 break;
1433
1434 /* Increment our various counters */
1435 /* wstats->discard.nwid - no wrong BSSID stuff */
1436 wstats->discard.code +=
1437 le16_to_cpu(tallies.RxWEPUndecryptable);
1438 if (len == sizeof(tallies))
1439 wstats->discard.code +=
1440 le16_to_cpu(tallies.RxDiscards_WEPICVError) +
1441 le16_to_cpu(tallies.RxDiscards_WEPExcluded);
1442 wstats->discard.misc +=
1443 le16_to_cpu(tallies.TxDiscardsWrongSA);
1444 wstats->discard.fragment +=
1445 le16_to_cpu(tallies.RxMsgInBadMsgFragments);
1446 wstats->discard.retries +=
1447 le16_to_cpu(tallies.TxRetryLimitExceeded);
1448 /* wstats->miss.beacon - no match */
1449 }
1450 break;
1451 case HERMES_INQ_LINKSTATUS: {
1452 struct hermes_linkstatus linkstatus;
1453 u16 newstatus;
1454 int connected;
1455
1456 if (priv->iw_mode == NL80211_IFTYPE_MONITOR)
1457 break;
1458
1459 if (len != sizeof(linkstatus)) {
1460 printk(KERN_WARNING "%s: Unexpected size for linkstatus frame (%d bytes)\n",
1461 dev->name, len);
1462 break;
1463 }
1464
1465 err = hw->ops->bap_pread(hw, IRQ_BAP, &linkstatus, len,
1466 infofid, sizeof(info));
1467 if (err)
1468 break;
1469 newstatus = le16_to_cpu(linkstatus.linkstatus);
1470
1471 /* Symbol firmware uses "out of range" to signal that
1472 * the hostscan frame can be requested. */
1473 if (newstatus == HERMES_LINKSTATUS_AP_OUT_OF_RANGE &&
1474 priv->firmware_type == FIRMWARE_TYPE_SYMBOL &&
1475 priv->has_hostscan && priv->scan_request) {
1476 hermes_inquire(hw, HERMES_INQ_HOSTSCAN_SYMBOL);
1477 break;
1478 }
1479
1480 connected = (newstatus == HERMES_LINKSTATUS_CONNECTED)
1481 || (newstatus == HERMES_LINKSTATUS_AP_CHANGE)
1482 || (newstatus == HERMES_LINKSTATUS_AP_IN_RANGE);
1483
1484 if (connected)
1485 netif_carrier_on(dev);
1486 else if (!ignore_disconnect)
1487 netif_carrier_off(dev);
1488
1489 if (newstatus != priv->last_linkstatus) {
1490 priv->last_linkstatus = newstatus;
1491 print_linkstatus(dev, newstatus);
1492 /* The info frame contains only one word which is the
1493 * status (see hermes.h). The status is pretty boring
1494 * in itself, that's why we export the new BSSID...
1495 * Jean II */
1496 schedule_work(&priv->wevent_work);
1497 }
1498 }
1499 break;
1500 case HERMES_INQ_SCAN:
1501 if (!priv->scan_request && priv->bssid_fixed &&
1502 priv->firmware_type == FIRMWARE_TYPE_INTERSIL) {
1503 schedule_work(&priv->join_work);
1504 break;
1505 }
1506 /* fall through */
1507 case HERMES_INQ_HOSTSCAN:
1508 case HERMES_INQ_HOSTSCAN_SYMBOL: {
1509 /* Result of a scanning. Contains information about
1510 * cells in the vicinity - Jean II */
1511 unsigned char *buf;
1512
1513 /* Sanity check */
1514 if (len > 4096) {
1515 printk(KERN_WARNING "%s: Scan results too large (%d bytes)\n",
1516 dev->name, len);
1517 qabort_scan(priv);
1518 break;
1519 }
1520
1521 /* Allocate buffer for results */
1522 buf = kmalloc(len, GFP_ATOMIC);
1523 if (buf == NULL) {
1524 /* No memory, so can't printk()... */
1525 qabort_scan(priv);
1526 break;
1527 }
1528
1529 /* Read scan data */
1530 err = hw->ops->bap_pread(hw, IRQ_BAP, (void *) buf, len,
1531 infofid, sizeof(info));
1532 if (err) {
1533 kfree(buf);
1534 qabort_scan(priv);
1535 break;
1536 }
1537
1538 #ifdef ORINOCO_DEBUG
1539 {
1540 int i;
1541 printk(KERN_DEBUG "Scan result [%02X", buf[0]);
1542 for (i = 1; i < (len * 2); i++)
1543 printk(":%02X", buf[i]);
1544 printk("]\n");
1545 }
1546 #endif /* ORINOCO_DEBUG */
1547
1548 qbuf_scan(priv, buf, len, type);
1549 }
1550 break;
1551 case HERMES_INQ_CHANNELINFO:
1552 {
1553 struct agere_ext_scan_info *bss;
1554
1555 if (!priv->scan_request) {
1556 printk(KERN_DEBUG "%s: Got chaninfo without scan, "
1557 "len=%d\n", dev->name, len);
1558 break;
1559 }
1560
1561 /* An empty result indicates that the scan is complete */
1562 if (len == 0) {
1563 qbuf_scan(priv, NULL, len, type);
1564 break;
1565 }
1566
1567 /* Sanity check */
1568 else if (len < (offsetof(struct agere_ext_scan_info,
1569 data) + 2)) {
1570 /* Drop this result now so we don't have to
1571 * keep checking later */
1572 printk(KERN_WARNING
1573 "%s: Ext scan results too short (%d bytes)\n",
1574 dev->name, len);
1575 break;
1576 }
1577
1578 bss = kmalloc(len, GFP_ATOMIC);
1579 if (bss == NULL)
1580 break;
1581
1582 /* Read scan data */
1583 err = hw->ops->bap_pread(hw, IRQ_BAP, (void *) bss, len,
1584 infofid, sizeof(info));
1585 if (err)
1586 kfree(bss);
1587 else
1588 qbuf_scan(priv, bss, len, type);
1589
1590 break;
1591 }
1592 case HERMES_INQ_SEC_STAT_AGERE:
1593 /* Security status (Agere specific) */
1594 /* Ignore this frame for now */
1595 if (priv->firmware_type == FIRMWARE_TYPE_AGERE)
1596 break;
1597 /* fall through */
1598 default:
1599 printk(KERN_DEBUG "%s: Unknown information frame received: "
1600 "type 0x%04x, length %d\n", dev->name, type, len);
1601 /* We don't actually do anything about it */
1602 break;
1603 }
1604 }
1605 EXPORT_SYMBOL(__orinoco_ev_info);
1606
1607 static void __orinoco_ev_infdrop(struct net_device *dev, struct hermes *hw)
1608 {
1609 if (net_ratelimit())
1610 printk(KERN_DEBUG "%s: Information frame lost.\n", dev->name);
1611 }
1612
1613 /********************************************************************/
1614 /* Internal hardware control routines */
1615 /********************************************************************/
1616
1617 static int __orinoco_up(struct orinoco_private *priv)
1618 {
1619 struct net_device *dev = priv->ndev;
1620 struct hermes *hw = &priv->hw;
1621 int err;
1622
1623 netif_carrier_off(dev); /* just to make sure */
1624
1625 err = __orinoco_commit(priv);
1626 if (err) {
1627 printk(KERN_ERR "%s: Error %d configuring card\n",
1628 dev->name, err);
1629 return err;
1630 }
1631
1632 /* Fire things up again */
1633 hermes_set_irqmask(hw, ORINOCO_INTEN);
1634 err = hermes_enable_port(hw, 0);
1635 if (err) {
1636 printk(KERN_ERR "%s: Error %d enabling MAC port\n",
1637 dev->name, err);
1638 return err;
1639 }
1640
1641 netif_start_queue(dev);
1642
1643 return 0;
1644 }
1645
1646 static int __orinoco_down(struct orinoco_private *priv)
1647 {
1648 struct net_device *dev = priv->ndev;
1649 struct hermes *hw = &priv->hw;
1650 int err;
1651
1652 netif_stop_queue(dev);
1653
1654 if (!priv->hw_unavailable) {
1655 if (!priv->broken_disableport) {
1656 err = hermes_disable_port(hw, 0);
1657 if (err) {
1658 /* Some firmwares (e.g. Intersil 1.3.x) seem
1659 * to have problems disabling the port, oh
1660 * well, too bad. */
1661 printk(KERN_WARNING "%s: Error %d disabling MAC port\n",
1662 dev->name, err);
1663 priv->broken_disableport = 1;
1664 }
1665 }
1666 hermes_set_irqmask(hw, 0);
1667 hermes_write_regn(hw, EVACK, 0xffff);
1668 }
1669
1670 orinoco_scan_done(priv, true);
1671
1672 /* firmware will have to reassociate */
1673 netif_carrier_off(dev);
1674 priv->last_linkstatus = 0xffff;
1675
1676 return 0;
1677 }
1678
1679 static int orinoco_reinit_firmware(struct orinoco_private *priv)
1680 {
1681 struct hermes *hw = &priv->hw;
1682 int err;
1683
1684 err = hw->ops->init(hw);
1685 if (priv->do_fw_download && !err) {
1686 err = orinoco_download(priv);
1687 if (err)
1688 priv->do_fw_download = 0;
1689 }
1690 if (!err)
1691 err = orinoco_hw_allocate_fid(priv);
1692
1693 return err;
1694 }
1695
1696 static int
1697 __orinoco_set_multicast_list(struct net_device *dev)
1698 {
1699 struct orinoco_private *priv = ndev_priv(dev);
1700 int err = 0;
1701 int promisc, mc_count;
1702
1703 /* The Hermes doesn't seem to have an allmulti mode, so we go
1704 * into promiscuous mode and let the upper levels deal. */
1705 if ((dev->flags & IFF_PROMISC) || (dev->flags & IFF_ALLMULTI) ||
1706 (netdev_mc_count(dev) > MAX_MULTICAST(priv))) {
1707 promisc = 1;
1708 mc_count = 0;
1709 } else {
1710 promisc = 0;
1711 mc_count = netdev_mc_count(dev);
1712 }
1713
1714 err = __orinoco_hw_set_multicast_list(priv, dev, mc_count, promisc);
1715
1716 return err;
1717 }
1718
1719 /* This must be called from user context, without locks held - use
1720 * schedule_work() */
1721 void orinoco_reset(struct work_struct *work)
1722 {
1723 struct orinoco_private *priv =
1724 container_of(work, struct orinoco_private, reset_work);
1725 struct net_device *dev = priv->ndev;
1726 struct hermes *hw = &priv->hw;
1727 int err;
1728 unsigned long flags;
1729
1730 if (orinoco_lock(priv, &flags) != 0)
1731 /* When the hardware becomes available again, whatever
1732 * detects that is responsible for re-initializing
1733 * it. So no need for anything further */
1734 return;
1735
1736 netif_stop_queue(dev);
1737
1738 /* Shut off interrupts. Depending on what state the hardware
1739 * is in, this might not work, but we'll try anyway */
1740 hermes_set_irqmask(hw, 0);
1741 hermes_write_regn(hw, EVACK, 0xffff);
1742
1743 priv->hw_unavailable++;
1744 priv->last_linkstatus = 0xffff; /* firmware will have to reassociate */
1745 netif_carrier_off(dev);
1746
1747 orinoco_unlock(priv, &flags);
1748
1749 /* Scanning support: Notify scan cancellation */
1750 orinoco_scan_done(priv, true);
1751
1752 if (priv->hard_reset) {
1753 err = (*priv->hard_reset)(priv);
1754 if (err) {
1755 printk(KERN_ERR "%s: orinoco_reset: Error %d "
1756 "performing hard reset\n", dev->name, err);
1757 goto disable;
1758 }
1759 }
1760
1761 err = orinoco_reinit_firmware(priv);
1762 if (err) {
1763 printk(KERN_ERR "%s: orinoco_reset: Error %d re-initializing firmware\n",
1764 dev->name, err);
1765 goto disable;
1766 }
1767
1768 /* This has to be called from user context */
1769 orinoco_lock_irq(priv);
1770
1771 priv->hw_unavailable--;
1772
1773 /* priv->open or priv->hw_unavailable might have changed while
1774 * we dropped the lock */
1775 if (priv->open && (!priv->hw_unavailable)) {
1776 err = __orinoco_up(priv);
1777 if (err) {
1778 printk(KERN_ERR "%s: orinoco_reset: Error %d reenabling card\n",
1779 dev->name, err);
1780 } else
1781 netif_trans_update(dev);
1782 }
1783
1784 orinoco_unlock_irq(priv);
1785
1786 return;
1787 disable:
1788 hermes_set_irqmask(hw, 0);
1789 netif_device_detach(dev);
1790 printk(KERN_ERR "%s: Device has been disabled!\n", dev->name);
1791 }
1792
1793 static int __orinoco_commit(struct orinoco_private *priv)
1794 {
1795 struct net_device *dev = priv->ndev;
1796 int err = 0;
1797
1798 /* If we've called commit, we are reconfiguring or bringing the
1799 * interface up. Maintaining countermeasures across this would
1800 * be confusing, so note that we've disabled them. The port will
1801 * be enabled later in orinoco_commit or __orinoco_up. */
1802 priv->tkip_cm_active = 0;
1803
1804 err = orinoco_hw_program_rids(priv);
1805
1806 /* FIXME: what about netif_tx_lock */
1807 (void) __orinoco_set_multicast_list(dev);
1808
1809 return err;
1810 }
1811
1812 /* Ensures configuration changes are applied. May result in a reset.
1813 * The caller should hold priv->lock
1814 */
1815 int orinoco_commit(struct orinoco_private *priv)
1816 {
1817 struct net_device *dev = priv->ndev;
1818 struct hermes *hw = &priv->hw;
1819 int err;
1820
1821 if (priv->broken_disableport) {
1822 schedule_work(&priv->reset_work);
1823 return 0;
1824 }
1825
1826 err = hermes_disable_port(hw, 0);
1827 if (err) {
1828 printk(KERN_WARNING "%s: Unable to disable port "
1829 "while reconfiguring card\n", dev->name);
1830 priv->broken_disableport = 1;
1831 goto out;
1832 }
1833
1834 err = __orinoco_commit(priv);
1835 if (err) {
1836 printk(KERN_WARNING "%s: Unable to reconfigure card\n",
1837 dev->name);
1838 goto out;
1839 }
1840
1841 err = hermes_enable_port(hw, 0);
1842 if (err) {
1843 printk(KERN_WARNING "%s: Unable to enable port while reconfiguring card\n",
1844 dev->name);
1845 goto out;
1846 }
1847
1848 out:
1849 if (err) {
1850 printk(KERN_WARNING "%s: Resetting instead...\n", dev->name);
1851 schedule_work(&priv->reset_work);
1852 err = 0;
1853 }
1854 return err;
1855 }
1856
1857 /********************************************************************/
1858 /* Interrupt handler */
1859 /********************************************************************/
1860
1861 static void __orinoco_ev_tick(struct net_device *dev, struct hermes *hw)
1862 {
1863 printk(KERN_DEBUG "%s: TICK\n", dev->name);
1864 }
1865
1866 static void __orinoco_ev_wterr(struct net_device *dev, struct hermes *hw)
1867 {
1868 /* This seems to happen a fair bit under load, but ignoring it
1869 seems to work fine...*/
1870 printk(KERN_DEBUG "%s: MAC controller error (WTERR). Ignoring.\n",
1871 dev->name);
1872 }
1873
1874 irqreturn_t orinoco_interrupt(int irq, void *dev_id)
1875 {
1876 struct orinoco_private *priv = dev_id;
1877 struct net_device *dev = priv->ndev;
1878 struct hermes *hw = &priv->hw;
1879 int count = MAX_IRQLOOPS_PER_IRQ;
1880 u16 evstat, events;
1881 /* These are used to detect a runaway interrupt situation.
1882 *
1883 * If we get more than MAX_IRQLOOPS_PER_JIFFY iterations in a jiffy,
1884 * we panic and shut down the hardware
1885 */
1886 /* jiffies value the last time we were called */
1887 static int last_irq_jiffy; /* = 0 */
1888 static int loops_this_jiffy; /* = 0 */
1889 unsigned long flags;
1890
1891 if (orinoco_lock(priv, &flags) != 0) {
1892 /* If hw is unavailable - we don't know if the irq was
1893 * for us or not */
1894 return IRQ_HANDLED;
1895 }
1896
1897 evstat = hermes_read_regn(hw, EVSTAT);
1898 events = evstat & hw->inten;
1899 if (!events) {
1900 orinoco_unlock(priv, &flags);
1901 return IRQ_NONE;
1902 }
1903
1904 if (jiffies != last_irq_jiffy)
1905 loops_this_jiffy = 0;
1906 last_irq_jiffy = jiffies;
1907
1908 while (events && count--) {
1909 if (++loops_this_jiffy > MAX_IRQLOOPS_PER_JIFFY) {
1910 printk(KERN_WARNING "%s: IRQ handler is looping too "
1911 "much! Resetting.\n", dev->name);
1912 /* Disable interrupts for now */
1913 hermes_set_irqmask(hw, 0);
1914 schedule_work(&priv->reset_work);
1915 break;
1916 }
1917
1918 /* Check the card hasn't been removed */
1919 if (!hermes_present(hw)) {
1920 DEBUG(0, "orinoco_interrupt(): card removed\n");
1921 break;
1922 }
1923
1924 if (events & HERMES_EV_TICK)
1925 __orinoco_ev_tick(dev, hw);
1926 if (events & HERMES_EV_WTERR)
1927 __orinoco_ev_wterr(dev, hw);
1928 if (events & HERMES_EV_INFDROP)
1929 __orinoco_ev_infdrop(dev, hw);
1930 if (events & HERMES_EV_INFO)
1931 __orinoco_ev_info(dev, hw);
1932 if (events & HERMES_EV_RX)
1933 __orinoco_ev_rx(dev, hw);
1934 if (events & HERMES_EV_TXEXC)
1935 __orinoco_ev_txexc(dev, hw);
1936 if (events & HERMES_EV_TX)
1937 __orinoco_ev_tx(dev, hw);
1938 if (events & HERMES_EV_ALLOC)
1939 __orinoco_ev_alloc(dev, hw);
1940
1941 hermes_write_regn(hw, EVACK, evstat);
1942
1943 evstat = hermes_read_regn(hw, EVSTAT);
1944 events = evstat & hw->inten;
1945 }
1946
1947 orinoco_unlock(priv, &flags);
1948 return IRQ_HANDLED;
1949 }
1950 EXPORT_SYMBOL(orinoco_interrupt);
1951
1952 /********************************************************************/
1953 /* Power management */
1954 /********************************************************************/
1955 #if defined(CONFIG_PM_SLEEP) && !defined(CONFIG_HERMES_CACHE_FW_ON_INIT)
1956 static int orinoco_pm_notifier(struct notifier_block *notifier,
1957 unsigned long pm_event,
1958 void *unused)
1959 {
1960 struct orinoco_private *priv = container_of(notifier,
1961 struct orinoco_private,
1962 pm_notifier);
1963
1964 /* All we need to do is cache the firmware before suspend, and
1965 * release it when we come out.
1966 *
1967 * Only need to do this if we're downloading firmware. */
1968 if (!priv->do_fw_download)
1969 return NOTIFY_DONE;
1970
1971 switch (pm_event) {
1972 case PM_HIBERNATION_PREPARE:
1973 case PM_SUSPEND_PREPARE:
1974 orinoco_cache_fw(priv, 0);
1975 break;
1976
1977 case PM_POST_RESTORE:
1978 /* Restore from hibernation failed. We need to clean
1979 * up in exactly the same way, so fall through. */
1980 case PM_POST_HIBERNATION:
1981 case PM_POST_SUSPEND:
1982 orinoco_uncache_fw(priv);
1983 break;
1984
1985 case PM_RESTORE_PREPARE:
1986 default:
1987 break;
1988 }
1989
1990 return NOTIFY_DONE;
1991 }
1992
1993 static void orinoco_register_pm_notifier(struct orinoco_private *priv)
1994 {
1995 priv->pm_notifier.notifier_call = orinoco_pm_notifier;
1996 register_pm_notifier(&priv->pm_notifier);
1997 }
1998
1999 static void orinoco_unregister_pm_notifier(struct orinoco_private *priv)
2000 {
2001 unregister_pm_notifier(&priv->pm_notifier);
2002 }
2003 #else /* !PM_SLEEP || HERMES_CACHE_FW_ON_INIT */
2004 #define orinoco_register_pm_notifier(priv) do { } while (0)
2005 #define orinoco_unregister_pm_notifier(priv) do { } while (0)
2006 #endif
2007
2008 /********************************************************************/
2009 /* Initialization */
2010 /********************************************************************/
2011
2012 int orinoco_init(struct orinoco_private *priv)
2013 {
2014 struct device *dev = priv->dev;
2015 struct wiphy *wiphy = priv_to_wiphy(priv);
2016 struct hermes *hw = &priv->hw;
2017 int err = 0;
2018
2019 /* No need to lock, the hw_unavailable flag is already set in
2020 * alloc_orinocodev() */
2021 priv->nicbuf_size = IEEE80211_MAX_FRAME_LEN + ETH_HLEN;
2022
2023 /* Initialize the firmware */
2024 err = hw->ops->init(hw);
2025 if (err != 0) {
2026 dev_err(dev, "Failed to initialize firmware (err = %d)\n",
2027 err);
2028 goto out;
2029 }
2030
2031 err = determine_fw_capabilities(priv, wiphy->fw_version,
2032 sizeof(wiphy->fw_version),
2033 &wiphy->hw_version);
2034 if (err != 0) {
2035 dev_err(dev, "Incompatible firmware, aborting\n");
2036 goto out;
2037 }
2038
2039 if (priv->do_fw_download) {
2040 #ifdef CONFIG_HERMES_CACHE_FW_ON_INIT
2041 orinoco_cache_fw(priv, 0);
2042 #endif
2043
2044 err = orinoco_download(priv);
2045 if (err)
2046 priv->do_fw_download = 0;
2047
2048 /* Check firmware version again */
2049 err = determine_fw_capabilities(priv, wiphy->fw_version,
2050 sizeof(wiphy->fw_version),
2051 &wiphy->hw_version);
2052 if (err != 0) {
2053 dev_err(dev, "Incompatible firmware, aborting\n");
2054 goto out;
2055 }
2056 }
2057
2058 if (priv->has_port3)
2059 dev_info(dev, "Ad-hoc demo mode supported\n");
2060 if (priv->has_ibss)
2061 dev_info(dev, "IEEE standard IBSS ad-hoc mode supported\n");
2062 if (priv->has_wep)
2063 dev_info(dev, "WEP supported, %s-bit key\n",
2064 priv->has_big_wep ? "104" : "40");
2065 if (priv->has_wpa) {
2066 dev_info(dev, "WPA-PSK supported\n");
2067 if (orinoco_mic_init(priv)) {
2068 dev_err(dev, "Failed to setup MIC crypto algorithm. "
2069 "Disabling WPA support\n");
2070 priv->has_wpa = 0;
2071 }
2072 }
2073
2074 err = orinoco_hw_read_card_settings(priv, wiphy->perm_addr);
2075 if (err)
2076 goto out;
2077
2078 err = orinoco_hw_allocate_fid(priv);
2079 if (err) {
2080 dev_err(dev, "Failed to allocate NIC buffer!\n");
2081 goto out;
2082 }
2083
2084 /* Set up the default configuration */
2085 priv->iw_mode = NL80211_IFTYPE_STATION;
2086 /* By default use IEEE/IBSS ad-hoc mode if we have it */
2087 priv->prefer_port3 = priv->has_port3 && (!priv->has_ibss);
2088 set_port_type(priv);
2089 priv->channel = 0; /* use firmware default */
2090
2091 priv->promiscuous = 0;
2092 priv->encode_alg = ORINOCO_ALG_NONE;
2093 priv->tx_key = 0;
2094 priv->wpa_enabled = 0;
2095 priv->tkip_cm_active = 0;
2096 priv->key_mgmt = 0;
2097 priv->wpa_ie_len = 0;
2098 priv->wpa_ie = NULL;
2099
2100 if (orinoco_wiphy_register(wiphy)) {
2101 err = -ENODEV;
2102 goto out;
2103 }
2104
2105 /* Make the hardware available, as long as it hasn't been
2106 * removed elsewhere (e.g. by PCMCIA hot unplug) */
2107 orinoco_lock_irq(priv);
2108 priv->hw_unavailable--;
2109 orinoco_unlock_irq(priv);
2110
2111 dev_dbg(dev, "Ready\n");
2112
2113 out:
2114 return err;
2115 }
2116 EXPORT_SYMBOL(orinoco_init);
2117
2118 static const struct net_device_ops orinoco_netdev_ops = {
2119 .ndo_open = orinoco_open,
2120 .ndo_stop = orinoco_stop,
2121 .ndo_start_xmit = orinoco_xmit,
2122 .ndo_set_rx_mode = orinoco_set_multicast_list,
2123 .ndo_change_mtu = orinoco_change_mtu,
2124 .ndo_set_mac_address = eth_mac_addr,
2125 .ndo_validate_addr = eth_validate_addr,
2126 .ndo_tx_timeout = orinoco_tx_timeout,
2127 };
2128
2129 /* Allocate private data.
2130 *
2131 * This driver has a number of structures associated with it
2132 * netdev - Net device structure for each network interface
2133 * wiphy - structure associated with wireless phy
2134 * wireless_dev (wdev) - structure for each wireless interface
2135 * hw - structure for hermes chip info
2136 * card - card specific structure for use by the card driver
2137 * (airport, orinoco_cs)
2138 * priv - orinoco private data
2139 * device - generic linux device structure
2140 *
2141 * +---------+ +---------+
2142 * | wiphy | | netdev |
2143 * | +-------+ | +-------+
2144 * | | priv | | | wdev |
2145 * | | +-----+ +-+-------+
2146 * | | | hw |
2147 * | +-+-----+
2148 * | | card |
2149 * +-+-------+
2150 *
2151 * priv has a link to netdev and device
2152 * wdev has a link to wiphy
2153 */
2154 struct orinoco_private
2155 *alloc_orinocodev(int sizeof_card,
2156 struct device *device,
2157 int (*hard_reset)(struct orinoco_private *),
2158 int (*stop_fw)(struct orinoco_private *, int))
2159 {
2160 struct orinoco_private *priv;
2161 struct wiphy *wiphy;
2162
2163 /* allocate wiphy
2164 * NOTE: We only support a single virtual interface
2165 * but this may change when monitor mode is added
2166 */
2167 wiphy = wiphy_new(&orinoco_cfg_ops,
2168 sizeof(struct orinoco_private) + sizeof_card);
2169 if (!wiphy)
2170 return NULL;
2171
2172 priv = wiphy_priv(wiphy);
2173 priv->dev = device;
2174
2175 if (sizeof_card)
2176 priv->card = (void *)((unsigned long)priv
2177 + sizeof(struct orinoco_private));
2178 else
2179 priv->card = NULL;
2180
2181 orinoco_wiphy_init(wiphy);
2182
2183 #ifdef WIRELESS_SPY
2184 priv->wireless_data.spy_data = &priv->spy_data;
2185 #endif
2186
2187 /* Set up default callbacks */
2188 priv->hard_reset = hard_reset;
2189 priv->stop_fw = stop_fw;
2190
2191 spin_lock_init(&priv->lock);
2192 priv->open = 0;
2193 priv->hw_unavailable = 1; /* orinoco_init() must clear this
2194 * before anything else touches the
2195 * hardware */
2196 INIT_WORK(&priv->reset_work, orinoco_reset);
2197 INIT_WORK(&priv->join_work, orinoco_join_ap);
2198 INIT_WORK(&priv->wevent_work, orinoco_send_wevents);
2199
2200 INIT_LIST_HEAD(&priv->rx_list);
2201 tasklet_init(&priv->rx_tasklet, orinoco_rx_isr_tasklet,
2202 (unsigned long) priv);
2203
2204 spin_lock_init(&priv->scan_lock);
2205 INIT_LIST_HEAD(&priv->scan_list);
2206 INIT_WORK(&priv->process_scan, orinoco_process_scan_results);
2207
2208 priv->last_linkstatus = 0xffff;
2209
2210 #if defined(CONFIG_HERMES_CACHE_FW_ON_INIT) || defined(CONFIG_PM_SLEEP)
2211 priv->cached_pri_fw = NULL;
2212 priv->cached_fw = NULL;
2213 #endif
2214
2215 /* Register PM notifiers */
2216 orinoco_register_pm_notifier(priv);
2217
2218 return priv;
2219 }
2220 EXPORT_SYMBOL(alloc_orinocodev);
2221
2222 /* We can only support a single interface. We provide a separate
2223 * function to set it up to distinguish between hardware
2224 * initialisation and interface setup.
2225 *
2226 * The base_addr and irq parameters are passed on to netdev for use
2227 * with SIOCGIFMAP.
2228 */
2229 int orinoco_if_add(struct orinoco_private *priv,
2230 unsigned long base_addr,
2231 unsigned int irq,
2232 const struct net_device_ops *ops)
2233 {
2234 struct wiphy *wiphy = priv_to_wiphy(priv);
2235 struct wireless_dev *wdev;
2236 struct net_device *dev;
2237 int ret;
2238
2239 dev = alloc_etherdev(sizeof(struct wireless_dev));
2240
2241 if (!dev)
2242 return -ENOMEM;
2243
2244 /* Initialise wireless_dev */
2245 wdev = netdev_priv(dev);
2246 wdev->wiphy = wiphy;
2247 wdev->iftype = NL80211_IFTYPE_STATION;
2248
2249 /* Setup / override net_device fields */
2250 dev->ieee80211_ptr = wdev;
2251 dev->watchdog_timeo = HZ; /* 1 second timeout */
2252 dev->wireless_handlers = &orinoco_handler_def;
2253 #ifdef WIRELESS_SPY
2254 dev->wireless_data = &priv->wireless_data;
2255 #endif
2256 /* Default to standard ops if not set */
2257 if (ops)
2258 dev->netdev_ops = ops;
2259 else
2260 dev->netdev_ops = &orinoco_netdev_ops;
2261
2262 /* we use the default eth_mac_addr for setting the MAC addr */
2263
2264 /* Reserve space in skb for the SNAP header */
2265 dev->needed_headroom = ENCAPS_OVERHEAD;
2266
2267 netif_carrier_off(dev);
2268
2269 memcpy(dev->dev_addr, wiphy->perm_addr, ETH_ALEN);
2270
2271 dev->base_addr = base_addr;
2272 dev->irq = irq;
2273
2274 dev->min_mtu = ORINOCO_MIN_MTU;
2275 dev->max_mtu = ORINOCO_MAX_MTU;
2276
2277 SET_NETDEV_DEV(dev, priv->dev);
2278 ret = register_netdev(dev);
2279 if (ret)
2280 goto fail;
2281
2282 priv->ndev = dev;
2283
2284 /* Report what we've done */
2285 dev_dbg(priv->dev, "Registered interface %s.\n", dev->name);
2286
2287 return 0;
2288
2289 fail:
2290 free_netdev(dev);
2291 return ret;
2292 }
2293 EXPORT_SYMBOL(orinoco_if_add);
2294
2295 void orinoco_if_del(struct orinoco_private *priv)
2296 {
2297 struct net_device *dev = priv->ndev;
2298
2299 unregister_netdev(dev);
2300 free_netdev(dev);
2301 }
2302 EXPORT_SYMBOL(orinoco_if_del);
2303
2304 void free_orinocodev(struct orinoco_private *priv)
2305 {
2306 struct wiphy *wiphy = priv_to_wiphy(priv);
2307 struct orinoco_rx_data *rx_data, *temp;
2308 struct orinoco_scan_data *sd, *sdtemp;
2309
2310 /* If the tasklet is scheduled when we call tasklet_kill it
2311 * will run one final time. However the tasklet will only
2312 * drain priv->rx_list if the hw is still available. */
2313 tasklet_kill(&priv->rx_tasklet);
2314
2315 /* Explicitly drain priv->rx_list */
2316 list_for_each_entry_safe(rx_data, temp, &priv->rx_list, list) {
2317 list_del(&rx_data->list);
2318
2319 dev_kfree_skb(rx_data->skb);
2320 kfree(rx_data->desc);
2321 kfree(rx_data);
2322 }
2323
2324 cancel_work_sync(&priv->process_scan);
2325 /* Explicitly drain priv->scan_list */
2326 list_for_each_entry_safe(sd, sdtemp, &priv->scan_list, list) {
2327 list_del(&sd->list);
2328
2329 if (sd->len > 0)
2330 kfree(sd->buf);
2331 kfree(sd);
2332 }
2333
2334 orinoco_unregister_pm_notifier(priv);
2335 orinoco_uncache_fw(priv);
2336
2337 priv->wpa_ie_len = 0;
2338 kfree(priv->wpa_ie);
2339 orinoco_mic_free(priv);
2340 wiphy_free(wiphy);
2341 }
2342 EXPORT_SYMBOL(free_orinocodev);
2343
2344 int orinoco_up(struct orinoco_private *priv)
2345 {
2346 struct net_device *dev = priv->ndev;
2347 unsigned long flags;
2348 int err;
2349
2350 priv->hw.ops->lock_irqsave(&priv->lock, &flags);
2351
2352 err = orinoco_reinit_firmware(priv);
2353 if (err) {
2354 printk(KERN_ERR "%s: Error %d re-initializing firmware\n",
2355 dev->name, err);
2356 goto exit;
2357 }
2358
2359 netif_device_attach(dev);
2360 priv->hw_unavailable--;
2361
2362 if (priv->open && !priv->hw_unavailable) {
2363 err = __orinoco_up(priv);
2364 if (err)
2365 printk(KERN_ERR "%s: Error %d restarting card\n",
2366 dev->name, err);
2367 }
2368
2369 exit:
2370 priv->hw.ops->unlock_irqrestore(&priv->lock, &flags);
2371
2372 return 0;
2373 }
2374 EXPORT_SYMBOL(orinoco_up);
2375
2376 void orinoco_down(struct orinoco_private *priv)
2377 {
2378 struct net_device *dev = priv->ndev;
2379 unsigned long flags;
2380 int err;
2381
2382 priv->hw.ops->lock_irqsave(&priv->lock, &flags);
2383 err = __orinoco_down(priv);
2384 if (err)
2385 printk(KERN_WARNING "%s: Error %d downing interface\n",
2386 dev->name, err);
2387
2388 netif_device_detach(dev);
2389 priv->hw_unavailable++;
2390 priv->hw.ops->unlock_irqrestore(&priv->lock, &flags);
2391 }
2392 EXPORT_SYMBOL(orinoco_down);
2393
2394 /********************************************************************/
2395 /* Module initialization */
2396 /********************************************************************/
2397
2398 /* Can't be declared "const" or the whole __initdata section will
2399 * become const */
2400 static char version[] __initdata = DRIVER_NAME " " DRIVER_VERSION
2401 " (David Gibson <hermes@gibson.dropbear.id.au>, "
2402 "Pavel Roskin <proski@gnu.org>, et al)";
2403
2404 static int __init init_orinoco(void)
2405 {
2406 printk(KERN_DEBUG "%s\n", version);
2407 return 0;
2408 }
2409
2410 static void __exit exit_orinoco(void)
2411 {
2412 }
2413
2414 module_init(init_orinoco);
2415 module_exit(exit_orinoco);
John Crispins staging tree