drivers/net/wireless/ath/carl9170/main.c

   1 /*
   2  * Atheros CARL9170 driver
   3  *
   4  * mac80211 interaction code
   5  *
   6  * Copyright 2008, Johannes Berg <johannes@sipsolutions.net>
   7  * Copyright 2009, 2010, Christian Lamparter <chunkeey@googlemail.com>
   8  *
   9  * This program is free software; you can redistribute it and/or modify
  10  * it under the terms of the GNU General Public License as published by
  11  * the Free Software Foundation; either version 2 of the License, or
  12  * (at your option) any later version.
  13  *
  14  * This program is distributed in the hope that it will be useful,
  15  * but WITHOUT ANY WARRANTY; without even the implied warranty of
  16  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  17  * GNU General Public License for more details.
  18  *
  19  * You should have received a copy of the GNU General Public License
  20  * along with this program; see the file COPYING.  If not, see
  21  * http://www.gnu.org/licenses/.
  22  *
  23  * This file incorporates work covered by the following copyright and
  24  * permission notice:
  25  *    Copyright (c) 2007-2008 Atheros Communications, Inc.
  26  *
  27  *    Permission to use, copy, modify, and/or distribute this software for any
  28  *    purpose with or without fee is hereby granted, provided that the above
  29  *    copyright notice and this permission notice appear in all copies.
  30  *
  31  *    THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
  32  *    WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
  33  *    MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
  34  *    ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
  35  *    WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
  36  *    ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
  37  *    OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
  38  */
  39
  40 #include <linux/init.h>
  41 #include <linux/slab.h>
  42 #include <linux/module.h>
  43 #include <linux/etherdevice.h>
  44 #include <linux/random.h>
  45 #include <net/mac80211.h>
  46 #include <net/cfg80211.h>
  47 #include "hw.h"
  48 #include "carl9170.h"
  49 #include "cmd.h"
  50
  51 static int modparam_nohwcrypt;
  52 module_param_named(nohwcrypt, modparam_nohwcrypt, bool, S_IRUGO);
  53 MODULE_PARM_DESC(nohwcrypt, "Disable hardware crypto offload.");
  54
  55 int modparam_noht;
  56 module_param_named(noht, modparam_noht, int, S_IRUGO);
  57 MODULE_PARM_DESC(noht, "Disable MPDU aggregation.");
  58
  59 #define RATE(_bitrate, _hw_rate, _txpidx, _flags) {     \
  60         .bitrate        = (_bitrate),                   \
  61         .flags          = (_flags),                     \
  62         .hw_value       = (_hw_rate) | (_txpidx) << 4,  \
  63 }
  64
  65 struct ieee80211_rate __carl9170_ratetable[] = {
  66         RATE(10, 0, 0, 0),
  67         RATE(20, 1, 1, IEEE80211_RATE_SHORT_PREAMBLE),
  68         RATE(55, 2, 2, IEEE80211_RATE_SHORT_PREAMBLE),
  69         RATE(110, 3, 3, IEEE80211_RATE_SHORT_PREAMBLE),
  70         RATE(60, 0xb, 0, 0),
  71         RATE(90, 0xf, 0, 0),
  72         RATE(120, 0xa, 0, 0),
  73         RATE(180, 0xe, 0, 0),
  74         RATE(240, 0x9, 0, 0),
  75         RATE(360, 0xd, 1, 0),
  76         RATE(480, 0x8, 2, 0),
  77         RATE(540, 0xc, 3, 0),
  78 };
  79 #undef RATE
  80
  81 #define carl9170_g_ratetable    (__carl9170_ratetable + 0)
  82 #define carl9170_g_ratetable_size       12
  83 #define carl9170_a_ratetable    (__carl9170_ratetable + 4)
  84 #define carl9170_a_ratetable_size       8
  85
  86 /*
  87  * NB: The hw_value is used as an index into the carl9170_phy_freq_params
  88  *     array in phy.c so that we don't have to do frequency lookups!
  89  */
  90 #define CHAN(_freq, _idx) {             \
  91         .center_freq    = (_freq),      \
  92         .hw_value       = (_idx),       \
  93         .max_power      = 18, /* XXX */ \
  94 }
  95
  96 static struct ieee80211_channel carl9170_2ghz_chantable[] = {
  97         CHAN(2412,  0),
  98         CHAN(2417,  1),
  99         CHAN(2422,  2),
 100         CHAN(2427,  3),
 101         CHAN(2432,  4),
 102         CHAN(2437,  5),
 103         CHAN(2442,  6),
 104         CHAN(2447,  7),
 105         CHAN(2452,  8),
 106         CHAN(2457,  9),
 107         CHAN(2462, 10),
 108         CHAN(2467, 11),
 109         CHAN(2472, 12),
 110         CHAN(2484, 13),
 111 };
 112
 113 static struct ieee80211_channel carl9170_5ghz_chantable[] = {
 114         CHAN(4920, 14),
 115         CHAN(4940, 15),
 116         CHAN(4960, 16),
 117         CHAN(4980, 17),
 118         CHAN(5040, 18),
 119         CHAN(5060, 19),
 120         CHAN(5080, 20),
 121         CHAN(5180, 21),
 122         CHAN(5200, 22),
 123         CHAN(5220, 23),
 124         CHAN(5240, 24),
 125         CHAN(5260, 25),
 126         CHAN(5280, 26),
 127         CHAN(5300, 27),
 128         CHAN(5320, 28),
 129         CHAN(5500, 29),
 130         CHAN(5520, 30),
 131         CHAN(5540, 31),
 132         CHAN(5560, 32),
 133         CHAN(5580, 33),
 134         CHAN(5600, 34),
 135         CHAN(5620, 35),
 136         CHAN(5640, 36),
 137         CHAN(5660, 37),
 138         CHAN(5680, 38),
 139         CHAN(5700, 39),
 140         CHAN(5745, 40),
 141         CHAN(5765, 41),
 142         CHAN(5785, 42),
 143         CHAN(5805, 43),
 144         CHAN(5825, 44),
 145         CHAN(5170, 45),
 146         CHAN(5190, 46),
 147         CHAN(5210, 47),
 148         CHAN(5230, 48),
 149 };
 150 #undef CHAN
 151
 152 #define CARL9170_HT_CAP                                                 \
 153 {                                                                       \
 154         .ht_supported   = true,                                         \
 155         .cap            = IEEE80211_HT_CAP_MAX_AMSDU |                  \
 156                           IEEE80211_HT_CAP_SUP_WIDTH_20_40 |            \
 157                           IEEE80211_HT_CAP_SGI_40 |                     \
 158                           IEEE80211_HT_CAP_DSSSCCK40 |                  \
 159                           IEEE80211_HT_CAP_SM_PS,                       \
 160         .ampdu_factor   = IEEE80211_HT_MAX_AMPDU_64K,                   \
 161         .ampdu_density  = IEEE80211_HT_MPDU_DENSITY_8,                  \
 162         .mcs            = {                                             \
 163                 .rx_mask = { 0xff, 0xff, 0, 0, 0x1, 0, 0, 0, 0, 0, },   \
 164                 .rx_highest = cpu_to_le16(300),                         \
 165                 .tx_params = IEEE80211_HT_MCS_TX_DEFINED,               \
 166         },                                                              \
 167 }
 168
 169 static struct ieee80211_supported_band carl9170_band_2GHz = {
 170         .channels       = carl9170_2ghz_chantable,
 171         .n_channels     = ARRAY_SIZE(carl9170_2ghz_chantable),
 172         .bitrates       = carl9170_g_ratetable,
 173         .n_bitrates     = carl9170_g_ratetable_size,
 174         .ht_cap         = CARL9170_HT_CAP,
 175 };
 176
 177 static struct ieee80211_supported_band carl9170_band_5GHz = {
 178         .channels       = carl9170_5ghz_chantable,
 179         .n_channels     = ARRAY_SIZE(carl9170_5ghz_chantable),
 180         .bitrates       = carl9170_a_ratetable,
 181         .n_bitrates     = carl9170_a_ratetable_size,
 182         .ht_cap         = CARL9170_HT_CAP,
 183 };
 184
 185 static void carl9170_ampdu_gc(struct ar9170 *ar)
 186 {
 187         struct carl9170_sta_tid *tid_info;
 188         LIST_HEAD(tid_gc);
 189
 190         rcu_read_lock();
 191         list_for_each_entry_rcu(tid_info, &ar->tx_ampdu_list, list) {
 192                 spin_lock_bh(&ar->tx_ampdu_list_lock);
 193                 if (tid_info->state == CARL9170_TID_STATE_SHUTDOWN) {
 194                         tid_info->state = CARL9170_TID_STATE_KILLED;
 195                         list_del_rcu(&tid_info->list);
 196                         ar->tx_ampdu_list_len--;
 197                         list_add_tail(&tid_info->tmp_list, &tid_gc);
 198                 }
 199                 spin_unlock_bh(&ar->tx_ampdu_list_lock);
 200
 201         }
 202         rcu_assign_pointer(ar->tx_ampdu_iter, tid_info);
 203         rcu_read_unlock();
 204
 205         synchronize_rcu();
 206
 207         while (!list_empty(&tid_gc)) {
 208                 struct sk_buff *skb;
 209                 tid_info = list_first_entry(&tid_gc, struct carl9170_sta_tid,
 210                                             tmp_list);
 211
 212                 while ((skb = __skb_dequeue(&tid_info->queue)))
 213                         carl9170_tx_status(ar, skb, false);
 214
 215                 list_del_init(&tid_info->tmp_list);
 216                 kfree(tid_info);
 217         }
 218 }
 219
 220 static void carl9170_flush(struct ar9170 *ar, bool drop_queued)
 221 {
 222         if (drop_queued) {
 223                 int i;
 224
 225                 /*
 226                  * We can only drop frames which have not been uploaded
 227                  * to the device yet.
 228                  */
 229
 230                 for (i = 0; i < ar->hw->queues; i++) {
 231                         struct sk_buff *skb;
 232
 233                         while ((skb = skb_dequeue(&ar->tx_pending[i])))
 234                                 carl9170_tx_status(ar, skb, false);
 235                 }
 236         }
 237
 238         /* Wait for all other outstanding frames to timeout. */
 239         if (atomic_read(&ar->tx_total_queued))
 240                 WARN_ON(wait_for_completion_timeout(&ar->tx_flush, HZ) == 0);
 241 }
 242
 243 static void carl9170_flush_ba(struct ar9170 *ar)
 244 {
 245         struct sk_buff_head free;
 246         struct carl9170_sta_tid *tid_info;
 247         struct sk_buff *skb;
 248
 249         __skb_queue_head_init(&free);
 250
 251         rcu_read_lock();
 252         spin_lock_bh(&ar->tx_ampdu_list_lock);
 253         list_for_each_entry_rcu(tid_info, &ar->tx_ampdu_list, list) {
 254                 if (tid_info->state > CARL9170_TID_STATE_SUSPEND) {
 255                         tid_info->state = CARL9170_TID_STATE_SUSPEND;
 256
 257                         spin_lock(&tid_info->lock);
 258                         while ((skb = __skb_dequeue(&tid_info->queue)))
 259                                 __skb_queue_tail(&free, skb);
 260                         spin_unlock(&tid_info->lock);
 261                 }
 262         }
 263         spin_unlock_bh(&ar->tx_ampdu_list_lock);
 264         rcu_read_unlock();
 265
 266         while ((skb = __skb_dequeue(&free)))
 267                 carl9170_tx_status(ar, skb, false);
 268 }
 269
 270 static void carl9170_zap_queues(struct ar9170 *ar)
 271 {
 272         struct carl9170_vif_info *cvif;
 273         unsigned int i;
 274
 275         carl9170_ampdu_gc(ar);
 276
 277         carl9170_flush_ba(ar);
 278         carl9170_flush(ar, true);
 279
 280         for (i = 0; i < ar->hw->queues; i++) {
 281                 spin_lock_bh(&ar->tx_status[i].lock);
 282                 while (!skb_queue_empty(&ar->tx_status[i])) {
 283                         struct sk_buff *skb;
 284
 285                         skb = skb_peek(&ar->tx_status[i]);
 286                         carl9170_tx_get_skb(skb);
 287                         spin_unlock_bh(&ar->tx_status[i].lock);
 288                         carl9170_tx_drop(ar, skb);
 289                         spin_lock_bh(&ar->tx_status[i].lock);
 290                         carl9170_tx_put_skb(skb);
 291                 }
 292                 spin_unlock_bh(&ar->tx_status[i].lock);
 293         }
 294
 295         BUILD_BUG_ON(CARL9170_NUM_TX_LIMIT_SOFT < 1);
 296         BUILD_BUG_ON(CARL9170_NUM_TX_LIMIT_HARD < CARL9170_NUM_TX_LIMIT_SOFT);
 297         BUILD_BUG_ON(CARL9170_NUM_TX_LIMIT_HARD >= CARL9170_BAW_BITS);
 298
 299         /* reinitialize queues statistics */
 300         memset(&ar->tx_stats, 0, sizeof(ar->tx_stats));
 301         for (i = 0; i < ar->hw->queues; i++)
 302                 ar->tx_stats[i].limit = CARL9170_NUM_TX_LIMIT_HARD;
 303
 304         for (i = 0; i < DIV_ROUND_UP(ar->fw.mem_blocks, BITS_PER_LONG); i++)
 305                 ar->mem_bitmap[i] = 0;
 306
 307         rcu_read_lock();
 308         list_for_each_entry_rcu(cvif, &ar->vif_list, list) {
 309                 spin_lock_bh(&ar->beacon_lock);
 310                 dev_kfree_skb_any(cvif->beacon);
 311                 cvif->beacon = NULL;
 312                 spin_unlock_bh(&ar->beacon_lock);
 313         }
 314         rcu_read_unlock();
 315
 316         atomic_set(&ar->tx_ampdu_upload, 0);
 317         atomic_set(&ar->tx_ampdu_scheduler, 0);
 318         atomic_set(&ar->tx_total_pending, 0);
 319         atomic_set(&ar->tx_total_queued, 0);
 320         atomic_set(&ar->mem_free_blocks, ar->fw.mem_blocks);
 321 }
 322
 323 #define CARL9170_FILL_QUEUE(queue, ai_fs, cwmin, cwmax, _txop)          \
 324 do {                                                                    \
 325         queue.aifs = ai_fs;                                             \
 326         queue.cw_min = cwmin;                                           \
 327         queue.cw_max = cwmax;                                           \
 328         queue.txop = _txop;                                             \
 329 } while (0)
 330
 331 static int carl9170_op_start(struct ieee80211_hw *hw)
 332 {
 333         struct ar9170 *ar = hw->priv;
 334         int err, i;
 335
 336         mutex_lock(&ar->mutex);
 337
 338         carl9170_zap_queues(ar);
 339
 340         /* reset QoS defaults */
 341         CARL9170_FILL_QUEUE(ar->edcf[0], 3, 15, 1023,  0); /* BEST EFFORT */
 342         CARL9170_FILL_QUEUE(ar->edcf[1], 2, 7,    15, 94); /* VIDEO */
 343         CARL9170_FILL_QUEUE(ar->edcf[2], 2, 3,     7, 47); /* VOICE */
 344         CARL9170_FILL_QUEUE(ar->edcf[3], 7, 15, 1023,  0); /* BACKGROUND */
 345         CARL9170_FILL_QUEUE(ar->edcf[4], 2, 3,     7,  0); /* SPECIAL */
 346
 347         ar->current_factor = ar->current_density = -1;
 348         /* "The first key is unique." */
 349         ar->usedkeys = 1;
 350         ar->filter_state = 0;
 351         ar->ps.last_action = jiffies;
 352         ar->ps.last_slept = jiffies;
 353         ar->erp_mode = CARL9170_ERP_AUTO;
 354         ar->rx_software_decryption = false;
 355         ar->disable_offload = false;
 356
 357         for (i = 0; i < ar->hw->queues; i++) {
 358                 ar->queue_stop_timeout[i] = jiffies;
 359                 ar->max_queue_stop_timeout[i] = 0;
 360         }
 361
 362         atomic_set(&ar->mem_allocs, 0);
 363
 364         err = carl9170_usb_open(ar);
 365         if (err)
 366                 goto out;
 367
 368         err = carl9170_init_mac(ar);
 369         if (err)
 370                 goto out;
 371
 372         err = carl9170_set_qos(ar);
 373         if (err)
 374                 goto out;
 375
 376         err = carl9170_write_reg(ar, AR9170_MAC_REG_DMA_TRIGGER,
 377                                  AR9170_DMA_TRIGGER_RXQ);
 378         if (err)
 379                 goto out;
 380
 381         /* Clear key-cache */
 382         for (i = 0; i < AR9170_CAM_MAX_USER + 4; i++) {
 383                 err = carl9170_upload_key(ar, i, NULL, AR9170_ENC_ALG_NONE,
 384                                           0, NULL, 0);
 385                 if (err)
 386                         goto out;
 387
 388                 err = carl9170_upload_key(ar, i, NULL, AR9170_ENC_ALG_NONE,
 389                                           1, NULL, 0);
 390                 if (err)
 391                         goto out;
 392
 393                 if (i < AR9170_CAM_MAX_USER) {
 394                         err = carl9170_disable_key(ar, i);
 395                         if (err)
 396                                 goto out;
 397                 }
 398         }
 399
 400         carl9170_set_state_when(ar, CARL9170_IDLE, CARL9170_STARTED);
 401
 402         ieee80211_wake_queues(ar->hw);
 403         err = 0;
 404
 405 out:
 406         mutex_unlock(&ar->mutex);
 407         return err;
 408 }
 409
 410 static void carl9170_cancel_worker(struct ar9170 *ar)
 411 {
 412         cancel_delayed_work_sync(&ar->tx_janitor);
 413 #ifdef CONFIG_CARL9170_LEDS
 414         cancel_delayed_work_sync(&ar->led_work);
 415 #endif /* CONFIG_CARL9170_LEDS */
 416         cancel_work_sync(&ar->ps_work);
 417         cancel_work_sync(&ar->ampdu_work);
 418 }
 419
 420 static void carl9170_op_stop(struct ieee80211_hw *hw)
 421 {
 422         struct ar9170 *ar = hw->priv;
 423
 424         carl9170_set_state_when(ar, CARL9170_STARTED, CARL9170_IDLE);
 425
 426         ieee80211_stop_queues(ar->hw);
 427
 428         mutex_lock(&ar->mutex);
 429         if (IS_ACCEPTING_CMD(ar)) {
 430                 rcu_assign_pointer(ar->beacon_iter, NULL);
 431
 432                 carl9170_led_set_state(ar, 0);
 433
 434                 /* stop DMA */
 435                 carl9170_write_reg(ar, AR9170_MAC_REG_DMA_TRIGGER, 0);
 436                 carl9170_usb_stop(ar);
 437         }
 438
 439         carl9170_zap_queues(ar);
 440         mutex_unlock(&ar->mutex);
 441
 442         carl9170_cancel_worker(ar);
 443 }
 444
 445 static void carl9170_restart_work(struct work_struct *work)
 446 {
 447         struct ar9170 *ar = container_of(work, struct ar9170,
 448                                          restart_work);
 449         int err;
 450
 451         ar->usedkeys = 0;
 452         ar->filter_state = 0;
 453         carl9170_cancel_worker(ar);
 454
 455         mutex_lock(&ar->mutex);
 456         err = carl9170_usb_restart(ar);
 457         if (net_ratelimit()) {
 458                 if (err) {
 459                         dev_err(&ar->udev->dev, "Failed to restart device "
 460                                 " (%d).\n", err);
 461                  } else {
 462                         dev_info(&ar->udev->dev, "device restarted "
 463                                  "successfully.\n");
 464                 }
 465         }
 466
 467         carl9170_zap_queues(ar);
 468         mutex_unlock(&ar->mutex);
 469         if (!err) {
 470                 ar->restart_counter++;
 471                 atomic_set(&ar->pending_restarts, 0);
 472
 473                 ieee80211_restart_hw(ar->hw);
 474         } else {
 475                 /*
 476                  * The reset was unsuccessful and the device seems to
 477                  * be dead. But there's still one option: a low-level
 478                  * usb subsystem reset...
 479                  */
 480
 481                 carl9170_usb_reset(ar);
 482         }
 483 }
 484
 485 void carl9170_restart(struct ar9170 *ar, const enum carl9170_restart_reasons r)
 486 {
 487         carl9170_set_state_when(ar, CARL9170_STARTED, CARL9170_IDLE);
 488
 489         /*
 490          * Sometimes, an error can trigger several different reset events.
 491          * By ignoring these *surplus* reset events, the device won't be
 492          * killed again, right after it has recovered.
 493          */
 494         if (atomic_inc_return(&ar->pending_restarts) > 1) {
 495                 dev_dbg(&ar->udev->dev, "ignoring restart (%d)\n", r);
 496                 return;
 497         }
 498
 499         ieee80211_stop_queues(ar->hw);
 500
 501         dev_err(&ar->udev->dev, "restart device (%d)\n", r);
 502
 503         if (!WARN_ON(r == CARL9170_RR_NO_REASON) ||
 504             !WARN_ON(r >= __CARL9170_RR_LAST))
 505                 ar->last_reason = r;
 506
 507         if (!ar->registered)
 508                 return;
 509
 510         if (IS_ACCEPTING_CMD(ar) && !ar->needs_full_reset)
 511                 ieee80211_queue_work(ar->hw, &ar->restart_work);
 512         else
 513                 carl9170_usb_reset(ar);
 514
 515         /*
 516          * At this point, the device instance might have vanished/disabled.
 517          * So, don't put any code which access the ar9170 struct
 518          * without proper protection.
 519          */
 520 }
 521
 522 static int carl9170_init_interface(struct ar9170 *ar,
 523                                    struct ieee80211_vif *vif)
 524 {
 525         struct ath_common *common = &ar->common;
 526         int err;
 527
 528         if (!vif) {
 529                 WARN_ON_ONCE(IS_STARTED(ar));
 530                 return 0;
 531         }
 532
 533         memcpy(common->macaddr, vif->addr, ETH_ALEN);
 534
 535         if (modparam_nohwcrypt ||
 536             ((vif->type != NL80211_IFTYPE_STATION) &&
 537              (vif->type != NL80211_IFTYPE_AP))) {
 538                 ar->rx_software_decryption = true;
 539                 ar->disable_offload = true;
 540         }
 541
 542         err = carl9170_set_operating_mode(ar);
 543         return err;
 544 }
 545
 546 static int carl9170_op_add_interface(struct ieee80211_hw *hw,
 547                                      struct ieee80211_vif *vif)
 548 {
 549         struct carl9170_vif_info *vif_priv = (void *) vif->drv_priv;
 550         struct ieee80211_vif *main_vif;
 551         struct ar9170 *ar = hw->priv;
 552         int vif_id = -1, err = 0;
 553
 554         mutex_lock(&ar->mutex);
 555         rcu_read_lock();
 556         if (vif_priv->active) {
 557                 /*
 558                  * Skip the interface structure initialization,
 559                  * if the vif survived the _restart call.
 560                  */
 561                 vif_id = vif_priv->id;
 562                 vif_priv->enable_beacon = false;
 563
 564                 spin_lock_bh(&ar->beacon_lock);
 565                 dev_kfree_skb_any(vif_priv->beacon);
 566                 vif_priv->beacon = NULL;
 567                 spin_unlock_bh(&ar->beacon_lock);
 568
 569                 goto init;
 570         }
 571
 572         main_vif = carl9170_get_main_vif(ar);
 573
 574         if (main_vif) {
 575                 switch (main_vif->type) {
 576                 case NL80211_IFTYPE_STATION:
 577                         if (vif->type == NL80211_IFTYPE_STATION)
 578                                 break;
 579
 580                         err = -EBUSY;
 581                         rcu_read_unlock();
 582
 583                         goto unlock;
 584
 585                 case NL80211_IFTYPE_AP:
 586                         if ((vif->type == NL80211_IFTYPE_STATION) ||
 587                             (vif->type == NL80211_IFTYPE_WDS) ||
 588                             (vif->type == NL80211_IFTYPE_AP))
 589                                 break;
 590
 591                         err = -EBUSY;
 592                         rcu_read_unlock();
 593                         goto unlock;
 594
 595                 default:
 596                         rcu_read_unlock();
 597                         goto unlock;
 598                 }
 599         }
 600
 601         vif_id = bitmap_find_free_region(&ar->vif_bitmap, ar->fw.vif_num, 0);
 602
 603         if (vif_id < 0) {
 604                 rcu_read_unlock();
 605
 606                 err = -ENOSPC;
 607                 goto unlock;
 608         }
 609
 610         BUG_ON(ar->vif_priv[vif_id].id != vif_id);
 611
 612         vif_priv->active = true;
 613         vif_priv->id = vif_id;
 614         vif_priv->enable_beacon = false;
 615         ar->vifs++;
 616         list_add_tail_rcu(&vif_priv->list, &ar->vif_list);
 617         rcu_assign_pointer(ar->vif_priv[vif_id].vif, vif);
 618
 619 init:
 620         if (carl9170_get_main_vif(ar) == vif) {
 621                 rcu_assign_pointer(ar->beacon_iter, vif_priv);
 622                 rcu_read_unlock();
 623
 624                 err = carl9170_init_interface(ar, vif);
 625                 if (err)
 626                         goto unlock;
 627         } else {
 628                 err = carl9170_mod_virtual_mac(ar, vif_id, vif->addr);
 629                 rcu_read_unlock();
 630
 631                 if (err)
 632                         goto unlock;
 633         }
 634
 635 unlock:
 636         if (err && (vif_id != -1)) {
 637                 vif_priv->active = false;
 638                 bitmap_release_region(&ar->vif_bitmap, vif_id, 0);
 639                 ar->vifs--;
 640                 rcu_assign_pointer(ar->vif_priv[vif_id].vif, NULL);
 641                 list_del_rcu(&vif_priv->list);
 642                 mutex_unlock(&ar->mutex);
 643                 synchronize_rcu();
 644         } else {
 645                 if (ar->vifs > 1)
 646                         ar->ps.off_override |= PS_OFF_VIF;
 647
 648                 mutex_unlock(&ar->mutex);
 649         }
 650
 651         return err;
 652 }
 653
 654 static void carl9170_op_remove_interface(struct ieee80211_hw *hw,
 655                                          struct ieee80211_vif *vif)
 656 {
 657         struct carl9170_vif_info *vif_priv = (void *) vif->drv_priv;
 658         struct ieee80211_vif *main_vif;
 659         struct ar9170 *ar = hw->priv;
 660         unsigned int id;
 661
 662         mutex_lock(&ar->mutex);
 663
 664         if (WARN_ON_ONCE(!vif_priv->active))
 665                 goto unlock;
 666
 667         ar->vifs--;
 668
 669         rcu_read_lock();
 670         main_vif = carl9170_get_main_vif(ar);
 671
 672         id = vif_priv->id;
 673
 674         vif_priv->active = false;
 675         WARN_ON(vif_priv->enable_beacon);
 676         vif_priv->enable_beacon = false;
 677         list_del_rcu(&vif_priv->list);
 678         rcu_assign_pointer(ar->vif_priv[id].vif, NULL);
 679
 680         if (vif == main_vif) {
 681                 rcu_read_unlock();
 682
 683                 if (ar->vifs) {
 684                         WARN_ON(carl9170_init_interface(ar,
 685                                         carl9170_get_main_vif(ar)));
 686                 } else {
 687                         carl9170_set_operating_mode(ar);
 688                 }
 689         } else {
 690                 rcu_read_unlock();
 691
 692                 WARN_ON(carl9170_mod_virtual_mac(ar, id, NULL));
 693         }
 694
 695         carl9170_update_beacon(ar, false);
 696         carl9170_flush_cab(ar, id);
 697
 698         spin_lock_bh(&ar->beacon_lock);
 699         dev_kfree_skb_any(vif_priv->beacon);
 700         vif_priv->beacon = NULL;
 701         spin_unlock_bh(&ar->beacon_lock);
 702
 703         bitmap_release_region(&ar->vif_bitmap, id, 0);
 704
 705         carl9170_set_beacon_timers(ar);
 706
 707         if (ar->vifs == 1)
 708                 ar->ps.off_override &= ~PS_OFF_VIF;
 709
 710 unlock:
 711         mutex_unlock(&ar->mutex);
 712
 713         synchronize_rcu();
 714 }
 715
 716 void carl9170_ps_check(struct ar9170 *ar)
 717 {
 718         ieee80211_queue_work(ar->hw, &ar->ps_work);
 719 }
 720
 721 /* caller must hold ar->mutex */
 722 static int carl9170_ps_update(struct ar9170 *ar)
 723 {
 724         bool ps = false;
 725         int err = 0;
 726
 727         if (!ar->ps.off_override)
 728                 ps = (ar->hw->conf.flags & IEEE80211_CONF_PS);
 729
 730         if (ps != ar->ps.state) {
 731                 err = carl9170_powersave(ar, ps);
 732                 if (err)
 733                         return err;
 734
 735                 if (ar->ps.state && !ps) {
 736                         ar->ps.sleep_ms = jiffies_to_msecs(jiffies -
 737                                 ar->ps.last_action);
 738                 }
 739
 740                 if (ps)
 741                         ar->ps.last_slept = jiffies;
 742
 743                 ar->ps.last_action = jiffies;
 744                 ar->ps.state = ps;
 745         }
 746
 747         return 0;
 748 }
 749
 750 static void carl9170_ps_work(struct work_struct *work)
 751 {
 752         struct ar9170 *ar = container_of(work, struct ar9170,
 753                                          ps_work);
 754         mutex_lock(&ar->mutex);
 755         if (IS_STARTED(ar))
 756                 WARN_ON_ONCE(carl9170_ps_update(ar) != 0);
 757         mutex_unlock(&ar->mutex);
 758 }
 759
 760
 761 static int carl9170_op_config(struct ieee80211_hw *hw, u32 changed)
 762 {
 763         struct ar9170 *ar = hw->priv;
 764         int err = 0;
 765
 766         mutex_lock(&ar->mutex);
 767         if (changed & IEEE80211_CONF_CHANGE_LISTEN_INTERVAL) {
 768                 /* TODO */
 769                 err = 0;
 770         }
 771
 772         if (changed & IEEE80211_CONF_CHANGE_PS) {
 773                 err = carl9170_ps_update(ar);
 774                 if (err)
 775                         goto out;
 776         }
 777
 778         if (changed & IEEE80211_CONF_CHANGE_POWER) {
 779                 /* TODO */
 780                 err = 0;
 781         }
 782
 783         if (changed & IEEE80211_CONF_CHANGE_SMPS) {
 784                 /* TODO */
 785                 err = 0;
 786         }
 787
 788         if (changed & IEEE80211_CONF_CHANGE_CHANNEL) {
 789                 /* adjust slot time for 5 GHz */
 790                 err = carl9170_set_slot_time(ar);
 791                 if (err)
 792                         goto out;
 793
 794                 err = carl9170_set_channel(ar, hw->conf.channel,
 795                         hw->conf.channel_type, CARL9170_RFI_NONE);
 796                 if (err)
 797                         goto out;
 798
 799                 err = carl9170_set_dyn_sifs_ack(ar);
 800                 if (err)
 801                         goto out;
 802
 803                 err = carl9170_set_rts_cts_rate(ar);
 804                 if (err)
 805                         goto out;
 806         }
 807
 808 out:
 809         mutex_unlock(&ar->mutex);
 810         return err;
 811 }
 812
 813 static u64 carl9170_op_prepare_multicast(struct ieee80211_hw *hw,
 814                                          struct netdev_hw_addr_list *mc_list)
 815 {
 816         struct netdev_hw_addr *ha;
 817         u64 mchash;
 818
 819         /* always get broadcast frames */
 820         mchash = 1ULL << (0xff >> 2);
 821
 822         netdev_hw_addr_list_for_each(ha, mc_list)
 823                 mchash |= 1ULL << (ha->addr[5] >> 2);
 824
 825         return mchash;
 826 }
 827
 828 static void carl9170_op_configure_filter(struct ieee80211_hw *hw,
 829                                          unsigned int changed_flags,
 830                                          unsigned int *new_flags,
 831                                          u64 multicast)
 832 {
 833         struct ar9170 *ar = hw->priv;
 834
 835         /* mask supported flags */
 836         *new_flags &= FIF_ALLMULTI | FIF_FCSFAIL | FIF_PLCPFAIL |
 837                       FIF_OTHER_BSS | FIF_PROMISC_IN_BSS;
 838
 839         if (!IS_ACCEPTING_CMD(ar))
 840                 return;
 841
 842         mutex_lock(&ar->mutex);
 843
 844         ar->filter_state = *new_flags;
 845         /*
 846          * We can support more by setting the sniffer bit and
 847          * then checking the error flags, later.
 848          */
 849
 850         if (changed_flags & FIF_ALLMULTI && *new_flags & FIF_ALLMULTI)
 851                 multicast = ~0ULL;
 852
 853         if (multicast != ar->cur_mc_hash)
 854                 WARN_ON(carl9170_update_multicast(ar, multicast));
 855
 856         if (changed_flags & (FIF_OTHER_BSS | FIF_PROMISC_IN_BSS)) {
 857                 ar->sniffer_enabled = !!(*new_flags &
 858                         (FIF_OTHER_BSS | FIF_PROMISC_IN_BSS));
 859
 860                 WARN_ON(carl9170_set_operating_mode(ar));
 861         }
 862
 863         mutex_unlock(&ar->mutex);
 864 }
 865
 866
 867 static void carl9170_op_bss_info_changed(struct ieee80211_hw *hw,
 868                                          struct ieee80211_vif *vif,
 869                                          struct ieee80211_bss_conf *bss_conf,
 870                                          u32 changed)
 871 {
 872         struct ar9170 *ar = hw->priv;
 873         struct ath_common *common = &ar->common;
 874         int err = 0;
 875         struct carl9170_vif_info *vif_priv;
 876         struct ieee80211_vif *main_vif;
 877
 878         mutex_lock(&ar->mutex);
 879         vif_priv = (void *) vif->drv_priv;
 880         main_vif = carl9170_get_main_vif(ar);
 881         if (WARN_ON(!main_vif))
 882                 goto out;
 883
 884         if (changed & BSS_CHANGED_BEACON_ENABLED) {
 885                 struct carl9170_vif_info *iter;
 886                 int i = 0;
 887
 888                 vif_priv->enable_beacon = bss_conf->enable_beacon;
 889                 rcu_read_lock();
 890                 list_for_each_entry_rcu(iter, &ar->vif_list, list) {
 891                         if (iter->active && iter->enable_beacon)
 892                                 i++;
 893
 894                 }
 895                 rcu_read_unlock();
 896
 897                 ar->beacon_enabled = i;
 898         }
 899
 900         if (changed & BSS_CHANGED_BEACON) {
 901                 err = carl9170_update_beacon(ar, false);
 902                 if (err)
 903                         goto out;
 904         }
 905
 906         if (changed & (BSS_CHANGED_BEACON_ENABLED | BSS_CHANGED_BEACON |
 907                        BSS_CHANGED_BEACON_INT)) {
 908
 909                 if (main_vif != vif) {
 910                         bss_conf->beacon_int = main_vif->bss_conf.beacon_int;
 911                         bss_conf->dtim_period = main_vif->bss_conf.dtim_period;
 912                 }
 913
 914                 /*
 915                  * Therefore a hard limit for the broadcast traffic should
 916                  * prevent false alarms.
 917                  */
 918                 if (vif->type != NL80211_IFTYPE_STATION &&
 919                     (bss_conf->beacon_int * bss_conf->dtim_period >=
 920                      (CARL9170_QUEUE_STUCK_TIMEOUT / 2))) {
 921                         err = -EINVAL;
 922                         goto out;
 923                 }
 924
 925                 err = carl9170_set_beacon_timers(ar);
 926                 if (err)
 927                         goto out;
 928         }
 929
 930         if (changed & BSS_CHANGED_HT) {
 931                 /* TODO */
 932                 err = 0;
 933                 if (err)
 934                         goto out;
 935         }
 936
 937         if (main_vif != vif)
 938                 goto out;
 939
 940         /*
 941          * The following settings can only be changed by the
 942          * master interface.
 943          */
 944
 945         if (changed & BSS_CHANGED_BSSID) {
 946                 memcpy(common->curbssid, bss_conf->bssid, ETH_ALEN);
 947                 err = carl9170_set_operating_mode(ar);
 948                 if (err)
 949                         goto out;
 950         }
 951
 952         if (changed & BSS_CHANGED_ASSOC) {
 953                 ar->common.curaid = bss_conf->aid;
 954                 err = carl9170_set_beacon_timers(ar);
 955                 if (err)
 956                         goto out;
 957         }
 958
 959         if (changed & BSS_CHANGED_ERP_SLOT) {
 960                 err = carl9170_set_slot_time(ar);
 961                 if (err)
 962                         goto out;
 963         }
 964
 965         if (changed & BSS_CHANGED_BASIC_RATES) {
 966                 err = carl9170_set_mac_rates(ar);
 967                 if (err)
 968                         goto out;
 969         }
 970
 971 out:
 972         WARN_ON_ONCE(err && IS_STARTED(ar));
 973         mutex_unlock(&ar->mutex);
 974 }
 975
 976 static u64 carl9170_op_get_tsf(struct ieee80211_hw *hw)
 977 {
 978         struct ar9170 *ar = hw->priv;
 979         struct carl9170_tsf_rsp tsf;
 980         int err;
 981
 982         mutex_lock(&ar->mutex);
 983         err = carl9170_exec_cmd(ar, CARL9170_CMD_READ_TSF,
 984                                 0, NULL, sizeof(tsf), &tsf);
 985         mutex_unlock(&ar->mutex);
 986         if (WARN_ON(err))
 987                 return 0;
 988
 989         return le64_to_cpu(tsf.tsf_64);
 990 }
 991
 992 static int carl9170_op_set_key(struct ieee80211_hw *hw, enum set_key_cmd cmd,
 993                                struct ieee80211_vif *vif,
 994                                struct ieee80211_sta *sta,
 995                                struct ieee80211_key_conf *key)
 996 {
 997         struct ar9170 *ar = hw->priv;
 998         int err = 0, i;
 999         u8 ktype;
1000
1001         if (ar->disable_offload || !vif)
1002                 return -EOPNOTSUPP;
1003
1004         /*
1005          * We have to fall back to software encryption, whenever
1006          * the user choose to participates in an IBSS or is connected
1007          * to more than one network.
1008          *
1009          * This is very unfortunate, because some machines cannot handle
1010          * the high througput speed in 802.11n networks.
1011          */
1012
1013         if (!is_main_vif(ar, vif))
1014                 goto err_softw;
1015
1016         /*
1017          * While the hardware supports *catch-all* key, for offloading
1018          * group-key en-/de-cryption. The way of how the hardware
1019          * decides which keyId maps to which key, remains a mystery...
1020          */
1021         if ((vif->type != NL80211_IFTYPE_STATION &&
1022              vif->type != NL80211_IFTYPE_ADHOC) &&
1023             !(key->flags & IEEE80211_KEY_FLAG_PAIRWISE))
1024                 return -EOPNOTSUPP;
1025
1026         switch (key->cipher) {
1027         case WLAN_CIPHER_SUITE_WEP40:
1028                 ktype = AR9170_ENC_ALG_WEP64;
1029                 break;
1030         case WLAN_CIPHER_SUITE_WEP104:
1031                 ktype = AR9170_ENC_ALG_WEP128;
1032                 break;
1033         case WLAN_CIPHER_SUITE_TKIP:
1034                 ktype = AR9170_ENC_ALG_TKIP;
1035                 break;
1036         case WLAN_CIPHER_SUITE_CCMP:
1037                 ktype = AR9170_ENC_ALG_AESCCMP;
1038                 break;
1039         default:
1040                 return -EOPNOTSUPP;
1041         }
1042
1043         mutex_lock(&ar->mutex);
1044         if (cmd == SET_KEY) {
1045                 if (!IS_STARTED(ar)) {
1046                         err = -EOPNOTSUPP;
1047                         goto out;
1048                 }
1049
1050                 if (!(key->flags & IEEE80211_KEY_FLAG_PAIRWISE)) {
1051                         sta = NULL;
1052
1053                         i = 64 + key->keyidx;
1054                 } else {
1055                         for (i = 0; i < 64; i++)
1056                                 if (!(ar->usedkeys & BIT(i)))
1057                                         break;
1058                         if (i == 64)
1059                                 goto err_softw;
1060                 }
1061
1062                 key->hw_key_idx = i;
1063
1064                 err = carl9170_upload_key(ar, i, sta ? sta->addr : NULL,
1065                                           ktype, 0, key->key,
1066                                           min_t(u8, 16, key->keylen));
1067                 if (err)
1068                         goto out;
1069
1070                 if (key->cipher == WLAN_CIPHER_SUITE_TKIP) {
1071                         err = carl9170_upload_key(ar, i, sta ? sta->addr :
1072                                                   NULL, ktype, 1,
1073                                                   key->key + 16, 16);
1074                         if (err)
1075                                 goto out;
1076
1077                         /*
1078                          * hardware is not capable generating MMIC
1079                          * of fragmented frames!
1080                          */
1081                         key->flags |= IEEE80211_KEY_FLAG_GENERATE_MMIC;
1082                 }
1083
1084                 if (i < 64)
1085                         ar->usedkeys |= BIT(i);
1086
1087                 key->flags |= IEEE80211_KEY_FLAG_GENERATE_IV;
1088         } else {
1089                 if (!IS_STARTED(ar)) {
1090                         /* The device is gone... together with the key ;-) */
1091                         err = 0;
1092                         goto out;
1093                 }
1094
1095                 if (key->hw_key_idx < 64) {
1096                         ar->usedkeys &= ~BIT(key->hw_key_idx);
1097                 } else {
1098                         err = carl9170_upload_key(ar, key->hw_key_idx, NULL,
1099                                                   AR9170_ENC_ALG_NONE, 0,
1100                                                   NULL, 0);
1101                         if (err)
1102                                 goto out;
1103
1104                         if (key->cipher == WLAN_CIPHER_SUITE_TKIP) {
1105                                 err = carl9170_upload_key(ar, key->hw_key_idx,
1106                                                           NULL,
1107                                                           AR9170_ENC_ALG_NONE,
1108                                                           1, NULL, 0);
1109                                 if (err)
1110                                         goto out;
1111                         }
1112
1113                 }
1114
1115                 err = carl9170_disable_key(ar, key->hw_key_idx);
1116                 if (err)
1117                         goto out;
1118         }
1119
1120 out:
1121         mutex_unlock(&ar->mutex);
1122         return err;
1123
1124 err_softw:
1125         if (!ar->rx_software_decryption) {
1126                 ar->rx_software_decryption = true;
1127                 carl9170_set_operating_mode(ar);
1128         }
1129         mutex_unlock(&ar->mutex);
1130         return -ENOSPC;
1131 }
1132
1133 static int carl9170_op_sta_add(struct ieee80211_hw *hw,
1134                                struct ieee80211_vif *vif,
1135                                struct ieee80211_sta *sta)
1136 {
1137         struct carl9170_sta_info *sta_info = (void *) sta->drv_priv;
1138         unsigned int i;
1139
1140         if (sta->ht_cap.ht_supported) {
1141                 if (sta->ht_cap.ampdu_density > 6) {
1142                         /*
1143                          * HW does support 16us AMPDU density.
1144                          * No HT-Xmit for station.
1145                          */
1146
1147                         return 0;
1148                 }
1149
1150                 for (i = 0; i < CARL9170_NUM_TID; i++)
1151                         rcu_assign_pointer(sta_info->agg[i], NULL);
1152
1153                 sta_info->ampdu_max_len = 1 << (3 + sta->ht_cap.ampdu_factor);
1154                 sta_info->ht_sta = true;
1155         }
1156
1157         return 0;
1158 }
1159
1160 static int carl9170_op_sta_remove(struct ieee80211_hw *hw,
1161                                 struct ieee80211_vif *vif,
1162                                 struct ieee80211_sta *sta)
1163 {
1164         struct ar9170 *ar = hw->priv;
1165         struct carl9170_sta_info *sta_info = (void *) sta->drv_priv;
1166         unsigned int i;
1167         bool cleanup = false;
1168
1169         if (sta->ht_cap.ht_supported) {
1170
1171                 sta_info->ht_sta = false;
1172
1173                 rcu_read_lock();
1174                 for (i = 0; i < CARL9170_NUM_TID; i++) {
1175                         struct carl9170_sta_tid *tid_info;
1176
1177                         tid_info = rcu_dereference(sta_info->agg[i]);
1178                         rcu_assign_pointer(sta_info->agg[i], NULL);
1179
1180                         if (!tid_info)
1181                                 continue;
1182
1183                         spin_lock_bh(&ar->tx_ampdu_list_lock);
1184                         if (tid_info->state > CARL9170_TID_STATE_SHUTDOWN)
1185                                 tid_info->state = CARL9170_TID_STATE_SHUTDOWN;
1186                         spin_unlock_bh(&ar->tx_ampdu_list_lock);
1187                         cleanup = true;
1188                 }
1189                 rcu_read_unlock();
1190
1191                 if (cleanup)
1192                         carl9170_ampdu_gc(ar);
1193         }
1194
1195         return 0;
1196 }
1197
1198 static int carl9170_op_conf_tx(struct ieee80211_hw *hw, u16 queue,
1199                                const struct ieee80211_tx_queue_params *param)
1200 {
1201         struct ar9170 *ar = hw->priv;
1202         int ret;
1203
1204         mutex_lock(&ar->mutex);
1205         if (queue < ar->hw->queues) {
1206                 memcpy(&ar->edcf[ar9170_qmap[queue]], param, sizeof(*param));
1207                 ret = carl9170_set_qos(ar);
1208         } else {
1209                 ret = -EINVAL;
1210         }
1211
1212         mutex_unlock(&ar->mutex);
1213         return ret;
1214 }
1215
1216 static void carl9170_ampdu_work(struct work_struct *work)
1217 {
1218         struct ar9170 *ar = container_of(work, struct ar9170,
1219                                          ampdu_work);
1220
1221         if (!IS_STARTED(ar))
1222                 return;
1223
1224         mutex_lock(&ar->mutex);
1225         carl9170_ampdu_gc(ar);
1226         mutex_unlock(&ar->mutex);
1227 }
1228
1229 static int carl9170_op_ampdu_action(struct ieee80211_hw *hw,
1230                                     struct ieee80211_vif *vif,
1231                                     enum ieee80211_ampdu_mlme_action action,
1232                                     struct ieee80211_sta *sta,
1233                                     u16 tid, u16 *ssn)
1234 {
1235         struct ar9170 *ar = hw->priv;
1236         struct carl9170_sta_info *sta_info = (void *) sta->drv_priv;
1237         struct carl9170_sta_tid *tid_info;
1238
1239         if (modparam_noht)
1240                 return -EOPNOTSUPP;
1241
1242         switch (action) {
1243         case IEEE80211_AMPDU_TX_START:
1244                 if (WARN_ON_ONCE(!sta_info->ht_sta))
1245                         return -EOPNOTSUPP;
1246
1247                 rcu_read_lock();
1248                 if (rcu_dereference(sta_info->agg[tid])) {
1249                         rcu_read_unlock();
1250                         return -EBUSY;
1251                 }
1252
1253                 tid_info = kzalloc(sizeof(struct carl9170_sta_tid),
1254                                    GFP_ATOMIC);
1255                 if (!tid_info) {
1256                         rcu_read_unlock();
1257                         return -ENOMEM;
1258                 }
1259
1260                 tid_info->hsn = tid_info->bsn = tid_info->snx = (*ssn);
1261                 tid_info->state = CARL9170_TID_STATE_PROGRESS;
1262                 tid_info->tid = tid;
1263                 tid_info->max = sta_info->ampdu_max_len;
1264
1265                 INIT_LIST_HEAD(&tid_info->list);
1266                 INIT_LIST_HEAD(&tid_info->tmp_list);
1267                 skb_queue_head_init(&tid_info->queue);
1268                 spin_lock_init(&tid_info->lock);
1269
1270                 spin_lock_bh(&ar->tx_ampdu_list_lock);
1271                 ar->tx_ampdu_list_len++;
1272                 list_add_tail_rcu(&tid_info->list, &ar->tx_ampdu_list);
1273                 rcu_assign_pointer(sta_info->agg[tid], tid_info);
1274                 spin_unlock_bh(&ar->tx_ampdu_list_lock);
1275                 rcu_read_unlock();
1276
1277                 ieee80211_start_tx_ba_cb_irqsafe(vif, sta->addr, tid);
1278                 break;
1279
1280         case IEEE80211_AMPDU_TX_STOP:
1281                 rcu_read_lock();
1282                 tid_info = rcu_dereference(sta_info->agg[tid]);
1283                 if (tid_info) {
1284                         spin_lock_bh(&ar->tx_ampdu_list_lock);
1285                         if (tid_info->state > CARL9170_TID_STATE_SHUTDOWN)
1286                                 tid_info->state = CARL9170_TID_STATE_SHUTDOWN;
1287                         spin_unlock_bh(&ar->tx_ampdu_list_lock);
1288                 }
1289
1290                 rcu_assign_pointer(sta_info->agg[tid], NULL);
1291                 rcu_read_unlock();
1292
1293                 ieee80211_stop_tx_ba_cb_irqsafe(vif, sta->addr, tid);
1294                 ieee80211_queue_work(ar->hw, &ar->ampdu_work);
1295                 break;
1296
1297         case IEEE80211_AMPDU_TX_OPERATIONAL:
1298                 rcu_read_lock();
1299                 tid_info = rcu_dereference(sta_info->agg[tid]);
1300
1301                 sta_info->stats[tid].clear = true;
1302
1303                 if (tid_info) {
1304                         bitmap_zero(tid_info->bitmap, CARL9170_BAW_SIZE);
1305                         tid_info->state = CARL9170_TID_STATE_IDLE;
1306                 }
1307                 rcu_read_unlock();
1308
1309                 if (WARN_ON_ONCE(!tid_info))
1310                         return -EFAULT;
1311
1312                 break;
1313
1314         case IEEE80211_AMPDU_RX_START:
1315         case IEEE80211_AMPDU_RX_STOP:
1316                 /* Handled by hardware */
1317                 break;
1318
1319         default:
1320                 return -EOPNOTSUPP;
1321         }
1322
1323         return 0;
1324 }
1325
1326 #ifdef CONFIG_CARL9170_WPC
1327 static int carl9170_register_wps_button(struct ar9170 *ar)
1328 {
1329         struct input_dev *input;
1330         int err;
1331
1332         if (!(ar->features & CARL9170_WPS_BUTTON))
1333                 return 0;
1334
1335         input = input_allocate_device();
1336         if (!input)
1337                 return -ENOMEM;
1338
1339         snprintf(ar->wps.name, sizeof(ar->wps.name), "%s WPS Button",
1340                  wiphy_name(ar->hw->wiphy));
1341
1342         snprintf(ar->wps.phys, sizeof(ar->wps.phys),
1343                  "ieee80211/%s/input0", wiphy_name(ar->hw->wiphy));
1344
1345         input->name = ar->wps.name;
1346         input->phys = ar->wps.phys;
1347         input->id.bustype = BUS_USB;
1348         input->dev.parent = &ar->hw->wiphy->dev;
1349
1350         input_set_capability(input, EV_KEY, KEY_WPS_BUTTON);
1351
1352         err = input_register_device(input);
1353         if (err) {
1354                 input_free_device(input);
1355                 return err;
1356         }
1357
1358         ar->wps.pbc = input;
1359         return 0;
1360 }
1361 #endif /* CONFIG_CARL9170_WPC */
1362
1363 static int carl9170_op_get_survey(struct ieee80211_hw *hw, int idx,
1364                                 struct survey_info *survey)
1365 {
1366         struct ar9170 *ar = hw->priv;
1367         int err;
1368
1369         if (idx != 0)
1370                 return -ENOENT;
1371
1372         mutex_lock(&ar->mutex);
1373         err = carl9170_get_noisefloor(ar);
1374         mutex_unlock(&ar->mutex);
1375         if (err)
1376                 return err;
1377
1378         survey->channel = ar->channel;
1379         survey->filled = SURVEY_INFO_NOISE_DBM;
1380         survey->noise = ar->noise[0];
1381         return 0;
1382 }
1383
1384 static void carl9170_op_flush(struct ieee80211_hw *hw, bool drop)
1385 {
1386         struct ar9170 *ar = hw->priv;
1387         unsigned int vid;
1388
1389         mutex_lock(&ar->mutex);
1390         for_each_set_bit(vid, &ar->vif_bitmap, ar->fw.vif_num)
1391                 carl9170_flush_cab(ar, vid);
1392
1393         carl9170_flush(ar, drop);
1394         mutex_unlock(&ar->mutex);
1395 }
1396
1397 static int carl9170_op_get_stats(struct ieee80211_hw *hw,
1398                                  struct ieee80211_low_level_stats *stats)
1399 {
1400         struct ar9170 *ar = hw->priv;
1401
1402         memset(stats, 0, sizeof(*stats));
1403         stats->dot11ACKFailureCount = ar->tx_ack_failures;
1404         stats->dot11FCSErrorCount = ar->tx_fcs_errors;
1405         return 0;
1406 }
1407
1408 static void carl9170_op_sta_notify(struct ieee80211_hw *hw,
1409                                    struct ieee80211_vif *vif,
1410                                    enum sta_notify_cmd cmd,
1411                                    struct ieee80211_sta *sta)
1412 {
1413         struct ar9170 *ar = hw->priv;
1414         struct carl9170_sta_info *sta_info = (void *) sta->drv_priv;
1415         struct sk_buff *skb;
1416         struct sk_buff_head free;
1417         int i;
1418
1419         switch (cmd) {
1420         case STA_NOTIFY_SLEEP:
1421                 /*
1422                  * Since the peer is no longer listening, we have to return
1423                  * as many SKBs as possible back to the mac80211 stack.
1424                  * It will deal with the retry procedure, once the peer
1425                  * has become available again.
1426                  *
1427                  * NB: Ideally, the driver should return the all frames in
1428                  * the correct, ascending order. However, I think that this
1429                  * functionality should be implemented in the stack and not
1430                  * here...
1431                  */
1432
1433                 __skb_queue_head_init(&free);
1434
1435                 if (sta->ht_cap.ht_supported) {
1436                         rcu_read_lock();
1437                         for (i = 0; i < CARL9170_NUM_TID; i++) {
1438                                 struct carl9170_sta_tid *tid_info;
1439
1440                                 tid_info = rcu_dereference(sta_info->agg[i]);
1441
1442                                 if (!tid_info)
1443                                         continue;
1444
1445                                 spin_lock_bh(&ar->tx_ampdu_list_lock);
1446                                 if (tid_info->state >
1447                                     CARL9170_TID_STATE_SUSPEND)
1448                                         tid_info->state =
1449                                                 CARL9170_TID_STATE_SUSPEND;
1450                                 spin_unlock_bh(&ar->tx_ampdu_list_lock);
1451
1452                                 spin_lock_bh(&tid_info->lock);
1453                                 while ((skb = __skb_dequeue(&tid_info->queue)))
1454                                         __skb_queue_tail(&free, skb);
1455                                 spin_unlock_bh(&tid_info->lock);
1456
1457                                 ieee80211_stop_tx_ba_session(sta,
1458                                         tid_info->tid);
1459                         }
1460                         rcu_read_unlock();
1461                 }
1462
1463                 for (i = 0; i < ar->hw->queues; i++) {
1464                         spin_lock_bh(&ar->tx_pending[i].lock);
1465                         skb_queue_walk(&ar->tx_pending[i], skb) {
1466                                 struct _carl9170_tx_superframe *super;
1467                                 struct ieee80211_hdr *hdr;
1468
1469                                 super = (void *) skb->data;
1470                                 hdr = (void *) super->frame_data;
1471
1472                                 if (compare_ether_addr(hdr->addr1, sta->addr))
1473                                         continue;
1474
1475                                 __skb_unlink(skb, &ar->tx_pending[i]);
1476                                 carl9170_tx_status(ar, skb, false);
1477                         }
1478                         spin_unlock_bh(&ar->tx_pending[i].lock);
1479                 }
1480
1481                 while ((skb = __skb_dequeue(&free)))
1482                         carl9170_tx_status(ar, skb, false);
1483
1484                 break;
1485
1486         case STA_NOTIFY_AWAKE:
1487                 if (!sta->ht_cap.ht_supported)
1488                         return;
1489
1490                 rcu_read_lock();
1491                 for (i = 0; i < CARL9170_NUM_TID; i++) {
1492                         struct carl9170_sta_tid *tid_info;
1493
1494                         tid_info = rcu_dereference(sta_info->agg[i]);
1495
1496                         if (!tid_info)
1497                                 continue;
1498
1499                         if ((tid_info->state == CARL9170_TID_STATE_SUSPEND))
1500                                 tid_info->state = CARL9170_TID_STATE_IDLE;
1501                 }
1502                 rcu_read_unlock();
1503                 break;
1504         }
1505 }
1506
1507 static const struct ieee80211_ops carl9170_ops = {
1508         .start                  = carl9170_op_start,
1509         .stop                   = carl9170_op_stop,
1510         .tx                     = carl9170_op_tx,
1511         .flush                  = carl9170_op_flush,
1512         .add_interface          = carl9170_op_add_interface,
1513         .remove_interface       = carl9170_op_remove_interface,
1514         .config                 = carl9170_op_config,
1515         .prepare_multicast      = carl9170_op_prepare_multicast,
1516         .configure_filter       = carl9170_op_configure_filter,
1517         .conf_tx                = carl9170_op_conf_tx,
1518         .bss_info_changed       = carl9170_op_bss_info_changed,
1519         .get_tsf                = carl9170_op_get_tsf,
1520         .set_key                = carl9170_op_set_key,
1521         .sta_add                = carl9170_op_sta_add,
1522         .sta_remove             = carl9170_op_sta_remove,
1523         .sta_notify             = carl9170_op_sta_notify,
1524         .get_survey             = carl9170_op_get_survey,
1525         .get_stats              = carl9170_op_get_stats,
1526         .ampdu_action           = carl9170_op_ampdu_action,
1527 };
1528
1529 void *carl9170_alloc(size_t priv_size)
1530 {
1531         struct ieee80211_hw *hw;
1532         struct ar9170 *ar;
1533         struct sk_buff *skb;
1534         int i;
1535
1536         /*
1537          * this buffer is used for rx stream reconstruction.
1538          * Under heavy load this device (or the transport layer?)
1539          * tends to split the streams into separate rx descriptors.
1540          */
1541
1542         skb = __dev_alloc_skb(AR9170_RX_STREAM_MAX_SIZE, GFP_KERNEL);
1543         if (!skb)
1544                 goto err_nomem;
1545
1546         hw = ieee80211_alloc_hw(priv_size, &carl9170_ops);
1547         if (!hw)
1548                 goto err_nomem;
1549
1550         ar = hw->priv;
1551         ar->hw = hw;
1552         ar->rx_failover = skb;
1553
1554         memset(&ar->rx_plcp, 0, sizeof(struct ar9170_rx_head));
1555         ar->rx_has_plcp = false;
1556
1557         /*
1558          * Here's a hidden pitfall!
1559          *
1560          * All 4 AC queues work perfectly well under _legacy_ operation.
1561          * However as soon as aggregation is enabled, the traffic flow
1562          * gets very bumpy. Therefore we have to _switch_ to a
1563          * software AC with a single HW queue.
1564          */
1565         hw->queues = __AR9170_NUM_TXQ;
1566
1567         mutex_init(&ar->mutex);
1568         spin_lock_init(&ar->beacon_lock);
1569         spin_lock_init(&ar->cmd_lock);
1570         spin_lock_init(&ar->tx_stats_lock);
1571         spin_lock_init(&ar->tx_ampdu_list_lock);
1572         spin_lock_init(&ar->mem_lock);
1573         spin_lock_init(&ar->state_lock);
1574         atomic_set(&ar->pending_restarts, 0);
1575         ar->vifs = 0;
1576         for (i = 0; i < ar->hw->queues; i++) {
1577                 skb_queue_head_init(&ar->tx_status[i]);
1578                 skb_queue_head_init(&ar->tx_pending[i]);
1579         }
1580         INIT_WORK(&ar->ps_work, carl9170_ps_work);
1581         INIT_WORK(&ar->restart_work, carl9170_restart_work);
1582         INIT_WORK(&ar->ampdu_work, carl9170_ampdu_work);
1583         INIT_DELAYED_WORK(&ar->tx_janitor, carl9170_tx_janitor);
1584         INIT_LIST_HEAD(&ar->tx_ampdu_list);
1585         rcu_assign_pointer(ar->tx_ampdu_iter,
1586                            (struct carl9170_sta_tid *) &ar->tx_ampdu_list);
1587
1588         bitmap_zero(&ar->vif_bitmap, ar->fw.vif_num);
1589         INIT_LIST_HEAD(&ar->vif_list);
1590         init_completion(&ar->tx_flush);
1591
1592         /*
1593          * Note:
1594          * IBSS/ADHOC and AP mode are only enabled, if the firmware
1595          * supports these modes. The code which will add the
1596          * additional interface_modes is in fw.c.
1597          */
1598         hw->wiphy->interface_modes = BIT(NL80211_IFTYPE_STATION);
1599
1600         hw->flags |= IEEE80211_HW_RX_INCLUDES_FCS |
1601                      IEEE80211_HW_REPORTS_TX_ACK_STATUS |
1602                      IEEE80211_HW_SUPPORTS_PS |
1603                      IEEE80211_HW_PS_NULLFUNC_STACK |
1604                      IEEE80211_HW_SIGNAL_DBM;
1605
1606         if (!modparam_noht) {
1607                 /*
1608                  * see the comment above, why we allow the user
1609                  * to disable HT by a module parameter.
1610                  */
1611                 hw->flags |= IEEE80211_HW_AMPDU_AGGREGATION;
1612         }
1613
1614         hw->extra_tx_headroom = sizeof(struct _carl9170_tx_superframe);
1615         hw->sta_data_size = sizeof(struct carl9170_sta_info);
1616         hw->vif_data_size = sizeof(struct carl9170_vif_info);
1617
1618         hw->max_rates = CARL9170_TX_MAX_RATES;
1619         hw->max_rate_tries = CARL9170_TX_USER_RATE_TRIES;
1620
1621         for (i = 0; i < ARRAY_SIZE(ar->noise); i++)
1622                 ar->noise[i] = -95; /* ATH_DEFAULT_NOISE_FLOOR */
1623
1624         hw->wiphy->flags &= ~WIPHY_FLAG_PS_ON_BY_DEFAULT;
1625         return ar;
1626
1627 err_nomem:
1628         kfree_skb(skb);
1629         return ERR_PTR(-ENOMEM);
1630 }
1631
1632 static int carl9170_read_eeprom(struct ar9170 *ar)
1633 {
1634 #define RW      8       /* number of words to read at once */
1635 #define RB      (sizeof(u32) * RW)
1636         u8 *eeprom = (void *)&ar->eeprom;
1637         __le32 offsets[RW];
1638         int i, j, err;
1639
1640         BUILD_BUG_ON(sizeof(ar->eeprom) & 3);
1641
1642         BUILD_BUG_ON(RB > CARL9170_MAX_CMD_LEN - 4);
1643 #ifndef __CHECKER__
1644         /* don't want to handle trailing remains */
1645         BUILD_BUG_ON(sizeof(ar->eeprom) % RB);
1646 #endif
1647
1648         for (i = 0; i < sizeof(ar->eeprom)/RB; i++) {
1649                 for (j = 0; j < RW; j++)
1650                         offsets[j] = cpu_to_le32(AR9170_EEPROM_START +
1651                                                  RB * i + 4 * j);
1652
1653                 err = carl9170_exec_cmd(ar, CARL9170_CMD_RREG,
1654                                         RB, (u8 *) &offsets,
1655                                         RB, eeprom + RB * i);
1656                 if (err)
1657                         return err;
1658         }
1659
1660 #undef RW
1661 #undef RB
1662         return 0;
1663 }
1664
1665 static int carl9170_parse_eeprom(struct ar9170 *ar)
1666 {
1667         struct ath_regulatory *regulatory = &ar->common.regulatory;
1668         unsigned int rx_streams, tx_streams, tx_params = 0;
1669         int bands = 0;
1670
1671         if (ar->eeprom.length == cpu_to_le16(0xffff))
1672                 return -ENODATA;
1673
1674         rx_streams = hweight8(ar->eeprom.rx_mask);
1675         tx_streams = hweight8(ar->eeprom.tx_mask);
1676
1677         if (rx_streams != tx_streams) {
1678                 tx_params = IEEE80211_HT_MCS_TX_RX_DIFF;
1679
1680                 WARN_ON(!(tx_streams >= 1 && tx_streams <=
1681                         IEEE80211_HT_MCS_TX_MAX_STREAMS));
1682
1683                 tx_params = (tx_streams - 1) <<
1684                             IEEE80211_HT_MCS_TX_MAX_STREAMS_SHIFT;
1685
1686                 carl9170_band_2GHz.ht_cap.mcs.tx_params |= tx_params;
1687                 carl9170_band_5GHz.ht_cap.mcs.tx_params |= tx_params;
1688         }
1689
1690         if (ar->eeprom.operating_flags & AR9170_OPFLAG_2GHZ) {
1691                 ar->hw->wiphy->bands[IEEE80211_BAND_2GHZ] =
1692                         &carl9170_band_2GHz;
1693                 bands++;
1694         }
1695         if (ar->eeprom.operating_flags & AR9170_OPFLAG_5GHZ) {
1696                 ar->hw->wiphy->bands[IEEE80211_BAND_5GHZ] =
1697                         &carl9170_band_5GHz;
1698                 bands++;
1699         }
1700
1701         /*
1702          * I measured this, a bandswitch takes roughly
1703          * 135 ms and a frequency switch about 80.
1704          *
1705          * FIXME: measure these values again once EEPROM settings
1706          *        are used, that will influence them!
1707          */
1708         if (bands == 2)
1709                 ar->hw->channel_change_time = 135 * 1000;
1710         else
1711                 ar->hw->channel_change_time = 80 * 1000;
1712
1713         regulatory->current_rd = le16_to_cpu(ar->eeprom.reg_domain[0]);
1714         regulatory->current_rd_ext = le16_to_cpu(ar->eeprom.reg_domain[1]);
1715
1716         /* second part of wiphy init */
1717         SET_IEEE80211_PERM_ADDR(ar->hw, ar->eeprom.mac_address);
1718
1719         return bands ? 0 : -EINVAL;
1720 }
1721
1722 static int carl9170_reg_notifier(struct wiphy *wiphy,
1723                                  struct regulatory_request *request)
1724 {
1725         struct ieee80211_hw *hw = wiphy_to_ieee80211_hw(wiphy);
1726         struct ar9170 *ar = hw->priv;
1727
1728         return ath_reg_notifier_apply(wiphy, request, &ar->common.regulatory);
1729 }
1730
1731 int carl9170_register(struct ar9170 *ar)
1732 {
1733         struct ath_regulatory *regulatory = &ar->common.regulatory;
1734         int err = 0, i;
1735
1736         if (WARN_ON(ar->mem_bitmap))
1737                 return -EINVAL;
1738
1739         ar->mem_bitmap = kzalloc(roundup(ar->fw.mem_blocks, BITS_PER_LONG) *
1740                                  sizeof(unsigned long), GFP_KERNEL);
1741
1742         if (!ar->mem_bitmap)
1743                 return -ENOMEM;
1744
1745         /* try to read EEPROM, init MAC addr */
1746         err = carl9170_read_eeprom(ar);
1747         if (err)
1748                 return err;
1749
1750         err = carl9170_fw_fix_eeprom(ar);
1751         if (err)
1752                 return err;
1753
1754         err = carl9170_parse_eeprom(ar);
1755         if (err)
1756                 return err;
1757
1758         err = ath_regd_init(regulatory, ar->hw->wiphy,
1759                             carl9170_reg_notifier);
1760         if (err)
1761                 return err;
1762
1763         if (modparam_noht) {
1764                 carl9170_band_2GHz.ht_cap.ht_supported = false;
1765                 carl9170_band_5GHz.ht_cap.ht_supported = false;
1766         }
1767
1768         for (i = 0; i < ar->fw.vif_num; i++) {
1769                 ar->vif_priv[i].id = i;
1770                 ar->vif_priv[i].vif = NULL;
1771         }
1772
1773         err = ieee80211_register_hw(ar->hw);
1774         if (err)
1775                 return err;
1776
1777         /* mac80211 interface is now registered */
1778         ar->registered = true;
1779
1780         if (!ath_is_world_regd(regulatory))
1781                 regulatory_hint(ar->hw->wiphy, regulatory->alpha2);
1782
1783 #ifdef CONFIG_CARL9170_DEBUGFS
1784         carl9170_debugfs_register(ar);
1785 #endif /* CONFIG_CARL9170_DEBUGFS */
1786
1787         err = carl9170_led_init(ar);
1788         if (err)
1789                 goto err_unreg;
1790
1791 #ifdef CONFIG_CARL9170_LEDS
1792         err = carl9170_led_register(ar);
1793         if (err)
1794                 goto err_unreg;
1795 #endif /* CONFIG_CAR9L170_LEDS */
1796
1797 #ifdef CONFIG_CARL9170_WPC
1798         err = carl9170_register_wps_button(ar);
1799         if (err)
1800                 goto err_unreg;
1801 #endif /* CONFIG_CARL9170_WPC */
1802
1803         dev_info(&ar->udev->dev, "Atheros AR9170 is registered as '%s'\n",
1804                  wiphy_name(ar->hw->wiphy));
1805
1806         return 0;
1807
1808 err_unreg:
1809         carl9170_unregister(ar);
1810         return err;
1811 }
1812
1813 void carl9170_unregister(struct ar9170 *ar)
1814 {
1815         if (!ar->registered)
1816                 return;
1817
1818         ar->registered = false;
1819
1820 #ifdef CONFIG_CARL9170_LEDS
1821         carl9170_led_unregister(ar);
1822 #endif /* CONFIG_CARL9170_LEDS */
1823
1824 #ifdef CONFIG_CARL9170_DEBUGFS
1825         carl9170_debugfs_unregister(ar);
1826 #endif /* CONFIG_CARL9170_DEBUGFS */
1827
1828 #ifdef CONFIG_CARL9170_WPC
1829         if (ar->wps.pbc) {
1830                 input_unregister_device(ar->wps.pbc);
1831                 ar->wps.pbc = NULL;
1832         }
1833 #endif /* CONFIG_CARL9170_WPC */
1834
1835         carl9170_cancel_worker(ar);
1836         cancel_work_sync(&ar->restart_work);
1837
1838         ieee80211_unregister_hw(ar->hw);
1839 }
1840
1841 void carl9170_free(struct ar9170 *ar)
1842 {
1843         WARN_ON(ar->registered);
1844         WARN_ON(IS_INITIALIZED(ar));
1845
1846         kfree_skb(ar->rx_failover);
1847         ar->rx_failover = NULL;
1848
1849         kfree(ar->mem_bitmap);
1850         ar->mem_bitmap = NULL;
1851
1852         mutex_destroy(&ar->mutex);
1853
1854         ieee80211_free_hw(ar->hw);
1855 }