drivers/staging/ks7010/ks_hostif.c

   1 // SPDX-License-Identifier: GPL-2.0
   2 /*
   3  *   Driver for KeyStream wireless LAN cards.
   4  *
   5  *   Copyright (C) 2005-2008 KeyStream Corp.
   6  *   Copyright (C) 2009 Renesas Technology Corp.
   7  */
   8
   9 #include <crypto/hash.h>
  10 #include <linux/circ_buf.h>
  11 #include <linux/if_arp.h>
  12 #include <net/iw_handler.h>
  13 #include <uapi/linux/llc.h>
  14 #include "eap_packet.h"
  15 #include "ks_wlan.h"
  16 #include "ks_hostif.h"
  17
  18 #define MICHAEL_MIC_KEY_LEN 8
  19 #define MICHAEL_MIC_LEN     8
  20
  21 static inline void inc_smeqhead(struct ks_wlan_private *priv)
  22 {
  23         priv->sme_i.qhead = (priv->sme_i.qhead + 1) % SME_EVENT_BUFF_SIZE;
  24 }
  25
  26 static inline void inc_smeqtail(struct ks_wlan_private *priv)
  27 {
  28         priv->sme_i.qtail = (priv->sme_i.qtail + 1) % SME_EVENT_BUFF_SIZE;
  29 }
  30
  31 static inline unsigned int cnt_smeqbody(struct ks_wlan_private *priv)
  32 {
  33         return CIRC_CNT_TO_END(priv->sme_i.qhead, priv->sme_i.qtail,
  34                                SME_EVENT_BUFF_SIZE);
  35 }
  36
  37 static inline u8 get_byte(struct ks_wlan_private *priv)
  38 {
  39         u8 data;
  40
  41         data = *priv->rxp++;
  42         /* length check in advance ! */
  43         --(priv->rx_size);
  44         return data;
  45 }
  46
  47 static inline u16 get_word(struct ks_wlan_private *priv)
  48 {
  49         u16 data;
  50
  51         data = (get_byte(priv) & 0xff);
  52         data |= ((get_byte(priv) << 8) & 0xff00);
  53         return data;
  54 }
  55
  56 static inline u32 get_dword(struct ks_wlan_private *priv)
  57 {
  58         u32 data;
  59
  60         data = (get_byte(priv) & 0xff);
  61         data |= ((get_byte(priv) << 8) & 0x0000ff00);
  62         data |= ((get_byte(priv) << 16) & 0x00ff0000);
  63         data |= ((get_byte(priv) << 24) & 0xff000000);
  64         return data;
  65 }
  66
  67 static void ks_wlan_hw_wakeup_task(struct work_struct *work)
  68 {
  69         struct ks_wlan_private *priv;
  70         int ps_status;
  71         long time_left;
  72
  73         priv = container_of(work, struct ks_wlan_private, wakeup_work);
  74         ps_status = atomic_read(&priv->psstatus.status);
  75
  76         if (ps_status == PS_SNOOZE) {
  77                 ks_wlan_hw_wakeup_request(priv);
  78                 time_left = wait_for_completion_interruptible_timeout(
  79                                 &priv->psstatus.wakeup_wait,
  80                                 msecs_to_jiffies(20));
  81                 if (time_left <= 0) {
  82                         netdev_dbg(priv->net_dev, "wake up timeout or interrupted !!!\n");
  83                         schedule_work(&priv->wakeup_work);
  84                         return;
  85                 }
  86         }
  87
  88         /* power save */
  89         if (atomic_read(&priv->sme_task.count) > 0)
  90                 tasklet_enable(&priv->sme_task);
  91 }
  92
  93 static void ks_wlan_do_power_save(struct ks_wlan_private *priv)
  94 {
  95         if (is_connect_status(priv->connect_status))
  96                 hostif_sme_enqueue(priv, SME_POW_MNGMT_REQUEST);
  97         else
  98                 priv->dev_state = DEVICE_STATE_READY;
  99 }
 100
 101 static
 102 int get_current_ap(struct ks_wlan_private *priv, struct link_ap_info *ap_info)
 103 {
 104         struct local_ap *ap;
 105         union iwreq_data wrqu;
 106         struct net_device *netdev = priv->net_dev;
 107         u8 size;
 108
 109         ap = &priv->current_ap;
 110
 111         if (is_disconnect_status(priv->connect_status)) {
 112                 memset(ap, 0, sizeof(struct local_ap));
 113                 return -EPERM;
 114         }
 115
 116         ether_addr_copy(ap->bssid, ap_info->bssid);
 117         memcpy(ap->ssid.body, priv->reg.ssid.body,
 118                priv->reg.ssid.size);
 119         ap->ssid.size = priv->reg.ssid.size;
 120         memcpy(ap->rate_set.body, ap_info->rate_set.body,
 121                ap_info->rate_set.size);
 122         ap->rate_set.size = ap_info->rate_set.size;
 123         if (ap_info->ext_rate_set.size != 0) {
 124                 memcpy(&ap->rate_set.body[ap->rate_set.size],
 125                        ap_info->ext_rate_set.body,
 126                        ap_info->ext_rate_set.size);
 127                 ap->rate_set.size += ap_info->ext_rate_set.size;
 128         }
 129         ap->channel = ap_info->ds_parameter.channel;
 130         ap->rssi = ap_info->rssi;
 131         ap->sq = ap_info->sq;
 132         ap->noise = ap_info->noise;
 133         ap->capability = le16_to_cpu(ap_info->capability);
 134         size = (ap_info->rsn.size <= RSN_IE_BODY_MAX) ?
 135                 ap_info->rsn.size : RSN_IE_BODY_MAX;
 136         if ((ap_info->rsn_mode & RSN_MODE_WPA2) &&
 137             (priv->wpa.version == IW_AUTH_WPA_VERSION_WPA2)) {
 138                 ap->rsn_ie.id = RSN_INFO_ELEM_ID;
 139                 ap->rsn_ie.size = size;
 140                 memcpy(ap->rsn_ie.body, ap_info->rsn.body, size);
 141         } else if ((ap_info->rsn_mode & RSN_MODE_WPA) &&
 142                    (priv->wpa.version == IW_AUTH_WPA_VERSION_WPA)) {
 143                 ap->wpa_ie.id = WPA_INFO_ELEM_ID;
 144                 ap->wpa_ie.size = size;
 145                 memcpy(ap->wpa_ie.body, ap_info->rsn.body, size);
 146         } else {
 147                 ap->rsn_ie.id = 0;
 148                 ap->rsn_ie.size = 0;
 149                 ap->wpa_ie.id = 0;
 150                 ap->wpa_ie.size = 0;
 151         }
 152
 153         wrqu.data.length = 0;
 154         wrqu.data.flags = 0;
 155         wrqu.ap_addr.sa_family = ARPHRD_ETHER;
 156         if (is_connect_status(priv->connect_status)) {
 157                 ether_addr_copy(wrqu.ap_addr.sa_data, priv->current_ap.bssid);
 158                 netdev_dbg(priv->net_dev,
 159                            "IWEVENT: connect bssid=%pM\n",
 160                            wrqu.ap_addr.sa_data);
 161                 wireless_send_event(netdev, SIOCGIWAP, &wrqu, NULL);
 162         }
 163         netdev_dbg(priv->net_dev, "Link AP\n"
 164                    "- bssid=%pM\n"
 165                    "- essid=%s\n"
 166                    "- rate_set=%02X,%02X,%02X,%02X,%02X,%02X,%02X,%02X\n"
 167                    "- channel=%d\n"
 168                    "- rssi=%d\n"
 169                    "- sq=%d\n"
 170                    "- capability=%04X\n"
 171                    "- rsn.mode=%d\n"
 172                    "- rsn.size=%d\n"
 173                    "- ext_rate_set_size=%d\n"
 174                    "- rate_set_size=%d\n",
 175                    ap->bssid,
 176                    &ap->ssid.body[0],
 177                    ap->rate_set.body[0], ap->rate_set.body[1],
 178                    ap->rate_set.body[2], ap->rate_set.body[3],
 179                    ap->rate_set.body[4], ap->rate_set.body[5],
 180                    ap->rate_set.body[6], ap->rate_set.body[7],
 181                    ap->channel, ap->rssi, ap->sq, ap->capability,
 182                    ap_info->rsn_mode, ap_info->rsn.size,
 183                    ap_info->ext_rate_set.size, ap_info->rate_set.size);
 184
 185         return 0;
 186 }
 187
 188 static u8 read_ie(unsigned char *bp, u8 max, u8 *body)
 189 {
 190         u8 size = (*(bp + 1) <= max) ? *(bp + 1) : max;
 191
 192         memcpy(body, bp + 2, size);
 193         return size;
 194 }
 195
 196 static int
 197 michael_mic(u8 *key, u8 *data, unsigned int len, u8 priority, u8 *result)
 198 {
 199         u8 pad_data[4] = { priority, 0, 0, 0 };
 200         struct crypto_shash *tfm = NULL;
 201         struct shash_desc *desc = NULL;
 202         int ret;
 203
 204         tfm = crypto_alloc_shash("michael_mic", 0, 0);
 205         if (IS_ERR(tfm)) {
 206                 ret = PTR_ERR(tfm);
 207                 goto err;
 208         }
 209
 210         ret = crypto_shash_setkey(tfm, key, MICHAEL_MIC_KEY_LEN);
 211         if (ret < 0)
 212                 goto err_free_tfm;
 213
 214         desc = kmalloc(sizeof(*desc) + crypto_shash_descsize(tfm), GFP_KERNEL);
 215         if (!desc) {
 216                 ret = -ENOMEM;
 217                 goto err_free_tfm;
 218         }
 219
 220         desc->tfm = tfm;
 221
 222         ret = crypto_shash_init(desc);
 223         if (ret < 0)
 224                 goto err_free_desc;
 225
 226         // Compute the MIC value
 227         /*
 228          * IEEE802.11i  page 47
 229          * Figure 43g TKIP MIC processing format
 230          * +--+--+--------+--+----+--+--+--+--+--+--+--+--+
 231          * |6 |6 |1       |3 |M   |1 |1 |1 |1 |1 |1 |1 |1 | Octet
 232          * +--+--+--------+--+----+--+--+--+--+--+--+--+--+
 233          * |DA|SA|Priority|0 |Data|M0|M1|M2|M3|M4|M5|M6|M7|
 234          * +--+--+--------+--+----+--+--+--+--+--+--+--+--+
 235          */
 236
 237         ret = crypto_shash_update(desc, data, 12);
 238         if (ret < 0)
 239                 goto err_free_desc;
 240
 241         ret = crypto_shash_update(desc, pad_data, 4);
 242         if (ret < 0)
 243                 goto err_free_desc;
 244
 245         ret = crypto_shash_finup(desc, data + 12, len - 12, result);
 246
 247 err_free_desc:
 248         kfree_sensitive(desc);
 249
 250 err_free_tfm:
 251         crypto_free_shash(tfm);
 252
 253 err:
 254         return ret;
 255 }
 256
 257 static
 258 int get_ap_information(struct ks_wlan_private *priv, struct ap_info *ap_info,
 259                        struct local_ap *ap)
 260 {
 261         unsigned char *bp;
 262         int bsize, offset;
 263
 264         memset(ap, 0, sizeof(struct local_ap));
 265
 266         ether_addr_copy(ap->bssid, ap_info->bssid);
 267         ap->rssi = ap_info->rssi;
 268         ap->sq = ap_info->sq;
 269         ap->noise = ap_info->noise;
 270         ap->capability = le16_to_cpu(ap_info->capability);
 271         ap->channel = ap_info->ch_info;
 272
 273         bp = ap_info->body;
 274         bsize = le16_to_cpu(ap_info->body_size);
 275         offset = 0;
 276
 277         while (bsize > offset) {
 278                 switch (*bp) { /* Information Element ID */
 279                 case WLAN_EID_SSID:
 280                         ap->ssid.size = read_ie(bp, IEEE80211_MAX_SSID_LEN,
 281                                                 ap->ssid.body);
 282                         break;
 283                 case WLAN_EID_SUPP_RATES:
 284                 case WLAN_EID_EXT_SUPP_RATES:
 285                         if ((*(bp + 1) + ap->rate_set.size) <=
 286                             RATE_SET_MAX_SIZE) {
 287                                 memcpy(&ap->rate_set.body[ap->rate_set.size],
 288                                        bp + 2, *(bp + 1));
 289                                 ap->rate_set.size += *(bp + 1);
 290                         } else {
 291                                 memcpy(&ap->rate_set.body[ap->rate_set.size],
 292                                        bp + 2,
 293                                        RATE_SET_MAX_SIZE - ap->rate_set.size);
 294                                 ap->rate_set.size +=
 295                                     (RATE_SET_MAX_SIZE - ap->rate_set.size);
 296                         }
 297                         break;
 298                 case WLAN_EID_RSN:
 299                         ap->rsn_ie.id = *bp;
 300                         ap->rsn_ie.size = read_ie(bp, RSN_IE_BODY_MAX,
 301                                                   ap->rsn_ie.body);
 302                         break;
 303                 case WLAN_EID_VENDOR_SPECIFIC: /* WPA */
 304                         /* WPA OUI check */
 305                         if (memcmp(bp + 2, CIPHER_ID_WPA_WEP40, 4) == 0) {
 306                                 ap->wpa_ie.id = *bp;
 307                                 ap->wpa_ie.size = read_ie(bp, RSN_IE_BODY_MAX,
 308                                                           ap->wpa_ie.body);
 309                         }
 310                         break;
 311                 case WLAN_EID_DS_PARAMS:
 312                 case WLAN_EID_FH_PARAMS:
 313                 case WLAN_EID_CF_PARAMS:
 314                 case WLAN_EID_TIM:
 315                 case WLAN_EID_IBSS_PARAMS:
 316                 case WLAN_EID_COUNTRY:
 317                 case WLAN_EID_ERP_INFO:
 318                         break;
 319                 default:
 320                         netdev_err(priv->net_dev,
 321                                    "unknown Element ID=%d\n", *bp);
 322                         break;
 323                 }
 324
 325                 offset += 2;    /* id & size field */
 326                 offset += *(bp + 1);    /* +size offset */
 327                 bp += (*(bp + 1) + 2);  /* pointer update */
 328         }
 329
 330         return 0;
 331 }
 332
 333 static
 334 int hostif_data_indication_wpa(struct ks_wlan_private *priv,
 335                                unsigned short auth_type)
 336 {
 337         struct ether_hdr *eth_hdr;
 338         unsigned short eth_proto;
 339         unsigned char recv_mic[MICHAEL_MIC_LEN];
 340         char buf[128];
 341         unsigned long now;
 342         struct mic_failure *mic_failure;
 343         u8 mic[MICHAEL_MIC_LEN];
 344         union iwreq_data wrqu;
 345         unsigned int key_index = auth_type - 1;
 346         struct wpa_key *key = &priv->wpa.key[key_index];
 347
 348         eth_hdr = (struct ether_hdr *)(priv->rxp);
 349         eth_proto = ntohs(eth_hdr->h_proto);
 350
 351         if (eth_hdr->h_dest_snap != eth_hdr->h_source_snap) {
 352                 netdev_err(priv->net_dev, "invalid data format\n");
 353                 priv->nstats.rx_errors++;
 354                 return -EINVAL;
 355         }
 356         if (((auth_type == TYPE_PMK1 &&
 357               priv->wpa.pairwise_suite == IW_AUTH_CIPHER_TKIP) ||
 358              (auth_type == TYPE_GMK1 &&
 359               priv->wpa.group_suite == IW_AUTH_CIPHER_TKIP) ||
 360              (auth_type == TYPE_GMK2 &&
 361               priv->wpa.group_suite == IW_AUTH_CIPHER_TKIP)) &&
 362             key->key_len) {
 363                 int ret;
 364
 365                 netdev_dbg(priv->net_dev, "TKIP: protocol=%04X: size=%u\n",
 366                            eth_proto, priv->rx_size);
 367                 /* MIC save */
 368                 memcpy(&recv_mic[0],
 369                        (priv->rxp) + ((priv->rx_size) - sizeof(recv_mic)),
 370                        sizeof(recv_mic));
 371                 priv->rx_size = priv->rx_size - sizeof(recv_mic);
 372
 373                 ret = michael_mic(key->rx_mic_key, priv->rxp, priv->rx_size,
 374                                   0, mic);
 375                 if (ret < 0)
 376                         return ret;
 377                 if (memcmp(mic, recv_mic, sizeof(mic)) != 0) {
 378                         now = jiffies;
 379                         mic_failure = &priv->wpa.mic_failure;
 380                         /* MIC FAILURE */
 381                         if (mic_failure->last_failure_time &&
 382                             (now - mic_failure->last_failure_time) / HZ >= 60) {
 383                                 mic_failure->failure = 0;
 384                         }
 385                         netdev_err(priv->net_dev, "MIC FAILURE\n");
 386                         if (mic_failure->failure == 0) {
 387                                 mic_failure->failure = 1;
 388                                 mic_failure->counter = 0;
 389                         } else if (mic_failure->failure == 1) {
 390                                 mic_failure->failure = 2;
 391                                 mic_failure->counter =
 392                                         (u16)((now - mic_failure->last_failure_time) / HZ);
 393                                 /*  range 1-60 */
 394                                 if (!mic_failure->counter)
 395                                         mic_failure->counter = 1;
 396                         }
 397                         priv->wpa.mic_failure.last_failure_time = now;
 398
 399                         /*  needed parameters: count, keyid, key type, TSC */
 400                         sprintf(buf,
 401                                 "MLME-MICHAELMICFAILURE.indication(keyid=%d %scast addr=%pM)",
 402                                 key_index,
 403                                 eth_hdr->h_dest[0] & 0x01 ? "broad" : "uni",
 404                                 eth_hdr->h_source);
 405                         memset(&wrqu, 0, sizeof(wrqu));
 406                         wrqu.data.length = strlen(buf);
 407                         wireless_send_event(priv->net_dev, IWEVCUSTOM, &wrqu,
 408                                             buf);
 409                         return -EINVAL;
 410                 }
 411         }
 412         return 0;
 413 }
 414
 415 static
 416 void hostif_data_indication(struct ks_wlan_private *priv)
 417 {
 418         unsigned int rx_ind_size;       /* indicate data size */
 419         struct sk_buff *skb;
 420         u16 auth_type;
 421         unsigned char temp[256];
 422         struct ether_hdr *eth_hdr;
 423         struct ieee802_1x_hdr *aa1x_hdr;
 424         size_t size;
 425         int ret;
 426
 427         /* min length check */
 428         if (priv->rx_size <= ETH_HLEN) {
 429                 priv->nstats.rx_errors++;
 430                 return;
 431         }
 432
 433         auth_type = get_word(priv);     /* AuthType */
 434         get_word(priv); /* Reserve Area */
 435
 436         eth_hdr = (struct ether_hdr *)(priv->rxp);
 437
 438         /* source address check */
 439         if (ether_addr_equal(&priv->eth_addr[0], eth_hdr->h_source)) {
 440                 netdev_err(priv->net_dev, "invalid : source is own mac address !!\n");
 441                 netdev_err(priv->net_dev, "eth_hdrernet->h_dest=%pM\n", eth_hdr->h_source);
 442                 priv->nstats.rx_errors++;
 443                 return;
 444         }
 445
 446         /*  for WPA */
 447         if (auth_type != TYPE_DATA && priv->wpa.rsn_enabled) {
 448                 ret = hostif_data_indication_wpa(priv, auth_type);
 449                 if (ret)
 450                         return;
 451         }
 452
 453         if ((priv->connect_status & FORCE_DISCONNECT) ||
 454             priv->wpa.mic_failure.failure == 2) {
 455                 return;
 456         }
 457
 458         /* check 13th byte at rx data */
 459         switch (*(priv->rxp + 12)) {
 460         case LLC_SAP_SNAP:
 461                 rx_ind_size = priv->rx_size - 6;
 462                 skb = dev_alloc_skb(rx_ind_size);
 463                 if (!skb) {
 464                         priv->nstats.rx_dropped++;
 465                         return;
 466                 }
 467                 netdev_dbg(priv->net_dev, "SNAP, rx_ind_size = %d\n",
 468                            rx_ind_size);
 469
 470                 size = ETH_ALEN * 2;
 471                 skb_put_data(skb, priv->rxp, size);
 472
 473                 /* (SNAP+UI..) skip */
 474
 475                 size = rx_ind_size - (ETH_ALEN * 2);
 476                 skb_put_data(skb, &eth_hdr->h_proto, size);
 477
 478                 aa1x_hdr = (struct ieee802_1x_hdr *)(priv->rxp + ETHER_HDR_SIZE);
 479                 break;
 480         case LLC_SAP_NETBEUI:
 481                 rx_ind_size = (priv->rx_size + 2);
 482                 skb = dev_alloc_skb(rx_ind_size);
 483                 if (!skb) {
 484                         priv->nstats.rx_dropped++;
 485                         return;
 486                 }
 487                 netdev_dbg(priv->net_dev, "NETBEUI/NetBIOS rx_ind_size=%d\n",
 488                            rx_ind_size);
 489
 490                 /* 8802/FDDI MAC copy */
 491                 skb_put_data(skb, priv->rxp, 12);
 492
 493                 /* NETBEUI size add */
 494                 temp[0] = (((rx_ind_size - 12) >> 8) & 0xff);
 495                 temp[1] = ((rx_ind_size - 12) & 0xff);
 496                 skb_put_data(skb, temp, 2);
 497
 498                 /* copy after Type */
 499                 skb_put_data(skb, priv->rxp + 12, rx_ind_size - 14);
 500
 501                 aa1x_hdr = (struct ieee802_1x_hdr *)(priv->rxp + 14);
 502                 break;
 503         default:        /* other rx data */
 504                 netdev_err(priv->net_dev, "invalid data format\n");
 505                 priv->nstats.rx_errors++;
 506                 return;
 507         }
 508
 509         if (aa1x_hdr->type == IEEE802_1X_TYPE_EAPOL_KEY &&
 510             priv->wpa.rsn_enabled)
 511                 atomic_set(&priv->psstatus.snooze_guard, 1);
 512
 513         /* rx indication */
 514         skb->dev = priv->net_dev;
 515         skb->protocol = eth_type_trans(skb, skb->dev);
 516         priv->nstats.rx_packets++;
 517         priv->nstats.rx_bytes += rx_ind_size;
 518         netif_rx(skb);
 519 }
 520
 521 static
 522 void hostif_mib_get_confirm(struct ks_wlan_private *priv)
 523 {
 524         struct net_device *dev = priv->net_dev;
 525         u32 mib_status;
 526         u32 mib_attribute;
 527         u16 mib_val_size;
 528         u16 mib_val_type;
 529
 530         mib_status = get_dword(priv);
 531         mib_attribute = get_dword(priv);
 532         mib_val_size = get_word(priv);
 533         mib_val_type = get_word(priv);
 534
 535         if (mib_status) {
 536                 netdev_err(priv->net_dev, "attribute=%08X, status=%08X\n",
 537                            mib_attribute, mib_status);
 538                 return;
 539         }
 540
 541         switch (mib_attribute) {
 542         case DOT11_MAC_ADDRESS:
 543                 hostif_sme_enqueue(priv, SME_GET_MAC_ADDRESS);
 544                 ether_addr_copy(priv->eth_addr, priv->rxp);
 545                 priv->mac_address_valid = true;
 546                 ether_addr_copy(dev->dev_addr, priv->eth_addr);
 547                 netdev_info(dev, "MAC ADDRESS = %pM\n", priv->eth_addr);
 548                 break;
 549         case DOT11_PRODUCT_VERSION:
 550                 priv->version_size = priv->rx_size;
 551                 memcpy(priv->firmware_version, priv->rxp, priv->rx_size);
 552                 priv->firmware_version[priv->rx_size] = '\0';
 553                 netdev_info(dev, "firmware ver. = %s\n",
 554                             priv->firmware_version);
 555                 hostif_sme_enqueue(priv, SME_GET_PRODUCT_VERSION);
 556                 /* wake_up_interruptible_all(&priv->confirm_wait); */
 557                 complete(&priv->confirm_wait);
 558                 break;
 559         case LOCAL_GAIN:
 560                 memcpy(&priv->gain, priv->rxp, sizeof(priv->gain));
 561                 netdev_dbg(priv->net_dev, "tx_mode=%d, rx_mode=%d, tx_gain=%d, rx_gain=%d\n",
 562                            priv->gain.tx_mode, priv->gain.rx_mode,
 563                            priv->gain.tx_gain, priv->gain.rx_gain);
 564                 break;
 565         case LOCAL_EEPROM_SUM:
 566                 memcpy(&priv->eeprom_sum, priv->rxp, sizeof(priv->eeprom_sum));
 567                 if (priv->eeprom_sum.type != 0 &&
 568                     priv->eeprom_sum.type != 1) {
 569                         netdev_err(dev, "LOCAL_EEPROM_SUM error!\n");
 570                         return;
 571                 }
 572                 priv->eeprom_checksum = (priv->eeprom_sum.type == 0) ?
 573                                          EEPROM_CHECKSUM_NONE :
 574                                          (priv->eeprom_sum.result == 0) ?
 575                                          EEPROM_NG : EEPROM_OK;
 576                 break;
 577         default:
 578                 netdev_err(priv->net_dev, "mib_attribute=%08x\n",
 579                            (unsigned int)mib_attribute);
 580                 break;
 581         }
 582 }
 583
 584 static
 585 void hostif_mib_set_confirm(struct ks_wlan_private *priv)
 586 {
 587         u32 mib_status;
 588         u32 mib_attribute;
 589
 590         mib_status = get_dword(priv);
 591         mib_attribute = get_dword(priv);
 592
 593         if (mib_status) {
 594                 /* in case of error */
 595                 netdev_err(priv->net_dev, "error :: attribute=%08X, status=%08X\n",
 596                            mib_attribute, mib_status);
 597         }
 598
 599         switch (mib_attribute) {
 600         case DOT11_RTS_THRESHOLD:
 601                 hostif_sme_enqueue(priv, SME_RTS_THRESHOLD_CONFIRM);
 602                 break;
 603         case DOT11_FRAGMENTATION_THRESHOLD:
 604                 hostif_sme_enqueue(priv, SME_FRAGMENTATION_THRESHOLD_CONFIRM);
 605                 break;
 606         case DOT11_WEP_DEFAULT_KEY_ID:
 607                 if (!priv->wpa.wpa_enabled)
 608                         hostif_sme_enqueue(priv, SME_WEP_INDEX_CONFIRM);
 609                 break;
 610         case DOT11_WEP_DEFAULT_KEY_VALUE1:
 611                 if (priv->wpa.rsn_enabled)
 612                         hostif_sme_enqueue(priv, SME_SET_PMK_TSC);
 613                 else
 614                         hostif_sme_enqueue(priv, SME_WEP_KEY1_CONFIRM);
 615                 break;
 616         case DOT11_WEP_DEFAULT_KEY_VALUE2:
 617                 if (priv->wpa.rsn_enabled)
 618                         hostif_sme_enqueue(priv, SME_SET_GMK1_TSC);
 619                 else
 620                         hostif_sme_enqueue(priv, SME_WEP_KEY2_CONFIRM);
 621                 break;
 622         case DOT11_WEP_DEFAULT_KEY_VALUE3:
 623                 if (priv->wpa.rsn_enabled)
 624                         hostif_sme_enqueue(priv, SME_SET_GMK2_TSC);
 625                 else
 626                         hostif_sme_enqueue(priv, SME_WEP_KEY3_CONFIRM);
 627                 break;
 628         case DOT11_WEP_DEFAULT_KEY_VALUE4:
 629                 if (!priv->wpa.rsn_enabled)
 630                         hostif_sme_enqueue(priv, SME_WEP_KEY4_CONFIRM);
 631                 break;
 632         case DOT11_PRIVACY_INVOKED:
 633                 if (!priv->wpa.rsn_enabled)
 634                         hostif_sme_enqueue(priv, SME_WEP_FLAG_CONFIRM);
 635                 break;
 636         case DOT11_RSN_ENABLED:
 637                 hostif_sme_enqueue(priv, SME_RSN_ENABLED_CONFIRM);
 638                 break;
 639         case LOCAL_RSN_MODE:
 640                 hostif_sme_enqueue(priv, SME_RSN_MODE_CONFIRM);
 641                 break;
 642         case LOCAL_MULTICAST_ADDRESS:
 643                 hostif_sme_enqueue(priv, SME_MULTICAST_REQUEST);
 644                 break;
 645         case LOCAL_MULTICAST_FILTER:
 646                 hostif_sme_enqueue(priv, SME_MULTICAST_CONFIRM);
 647                 break;
 648         case LOCAL_CURRENTADDRESS:
 649                 priv->mac_address_valid = true;
 650                 break;
 651         case DOT11_RSN_CONFIG_MULTICAST_CIPHER:
 652                 hostif_sme_enqueue(priv, SME_RSN_MCAST_CONFIRM);
 653                 break;
 654         case DOT11_RSN_CONFIG_UNICAST_CIPHER:
 655                 hostif_sme_enqueue(priv, SME_RSN_UCAST_CONFIRM);
 656                 break;
 657         case DOT11_RSN_CONFIG_AUTH_SUITE:
 658                 hostif_sme_enqueue(priv, SME_RSN_AUTH_CONFIRM);
 659                 break;
 660         case DOT11_GMK1_TSC:
 661                 if (atomic_read(&priv->psstatus.snooze_guard))
 662                         atomic_set(&priv->psstatus.snooze_guard, 0);
 663                 break;
 664         case DOT11_GMK2_TSC:
 665                 if (atomic_read(&priv->psstatus.snooze_guard))
 666                         atomic_set(&priv->psstatus.snooze_guard, 0);
 667                 break;
 668         case DOT11_PMK_TSC:
 669         case LOCAL_PMK:
 670         case LOCAL_GAIN:
 671         case LOCAL_WPS_ENABLE:
 672         case LOCAL_WPS_PROBE_REQ:
 673         case LOCAL_REGION:
 674         default:
 675                 break;
 676         }
 677 }
 678
 679 static
 680 void hostif_power_mgmt_confirm(struct ks_wlan_private *priv)
 681 {
 682         if (priv->reg.power_mgmt > POWER_MGMT_ACTIVE &&
 683             priv->reg.operation_mode == MODE_INFRASTRUCTURE) {
 684                 atomic_set(&priv->psstatus.confirm_wait, 0);
 685                 priv->dev_state = DEVICE_STATE_SLEEP;
 686                 ks_wlan_hw_power_save(priv);
 687         } else {
 688                 priv->dev_state = DEVICE_STATE_READY;
 689         }
 690 }
 691
 692 static
 693 void hostif_sleep_confirm(struct ks_wlan_private *priv)
 694 {
 695         atomic_set(&priv->sleepstatus.doze_request, 1);
 696         queue_delayed_work(priv->wq, &priv->rw_dwork, 1);
 697 }
 698
 699 static
 700 void hostif_start_confirm(struct ks_wlan_private *priv)
 701 {
 702         union iwreq_data wrqu;
 703
 704         wrqu.data.length = 0;
 705         wrqu.data.flags = 0;
 706         wrqu.ap_addr.sa_family = ARPHRD_ETHER;
 707         if (is_connect_status(priv->connect_status)) {
 708                 eth_zero_addr(wrqu.ap_addr.sa_data);
 709                 wireless_send_event(priv->net_dev, SIOCGIWAP, &wrqu, NULL);
 710         }
 711         netdev_dbg(priv->net_dev, " scan_ind_count=%d\n", priv->scan_ind_count);
 712         hostif_sme_enqueue(priv, SME_START_CONFIRM);
 713 }
 714
 715 static
 716 void hostif_connect_indication(struct ks_wlan_private *priv)
 717 {
 718         u16 connect_code;
 719         unsigned int tmp = 0;
 720         unsigned int old_status = priv->connect_status;
 721         struct net_device *netdev = priv->net_dev;
 722         union iwreq_data wrqu0;
 723
 724         connect_code = get_word(priv);
 725
 726         switch (connect_code) {
 727         case RESULT_CONNECT:
 728                 if (!(priv->connect_status & FORCE_DISCONNECT))
 729                         netif_carrier_on(netdev);
 730                 tmp = FORCE_DISCONNECT & priv->connect_status;
 731                 priv->connect_status = tmp + CONNECT_STATUS;
 732                 break;
 733         case RESULT_DISCONNECT:
 734                 netif_carrier_off(netdev);
 735                 tmp = FORCE_DISCONNECT & priv->connect_status;
 736                 priv->connect_status = tmp + DISCONNECT_STATUS;
 737                 break;
 738         default:
 739                 netdev_dbg(priv->net_dev, "unknown connect_code=%d :: scan_ind_count=%d\n",
 740                            connect_code, priv->scan_ind_count);
 741                 netif_carrier_off(netdev);
 742                 tmp = FORCE_DISCONNECT & priv->connect_status;
 743                 priv->connect_status = tmp + DISCONNECT_STATUS;
 744                 break;
 745         }
 746
 747         get_current_ap(priv, (struct link_ap_info *)priv->rxp);
 748         if (is_connect_status(priv->connect_status) &&
 749             is_disconnect_status(old_status)) {
 750                 /* for power save */
 751                 atomic_set(&priv->psstatus.snooze_guard, 0);
 752                 atomic_set(&priv->psstatus.confirm_wait, 0);
 753         }
 754         ks_wlan_do_power_save(priv);
 755
 756         wrqu0.data.length = 0;
 757         wrqu0.data.flags = 0;
 758         wrqu0.ap_addr.sa_family = ARPHRD_ETHER;
 759         if (is_disconnect_status(priv->connect_status) &&
 760             is_connect_status(old_status)) {
 761                 eth_zero_addr(wrqu0.ap_addr.sa_data);
 762                 netdev_dbg(priv->net_dev, "disconnect :: scan_ind_count=%d\n",
 763                            priv->scan_ind_count);
 764                 wireless_send_event(netdev, SIOCGIWAP, &wrqu0, NULL);
 765         }
 766         priv->scan_ind_count = 0;
 767 }
 768
 769 static
 770 void hostif_scan_indication(struct ks_wlan_private *priv)
 771 {
 772         int i;
 773         struct ap_info *ap_info;
 774
 775         netdev_dbg(priv->net_dev,
 776                    "scan_ind_count = %d\n", priv->scan_ind_count);
 777         ap_info = (struct ap_info *)(priv->rxp);
 778
 779         if (priv->scan_ind_count) {
 780                 /* bssid check */
 781                 for (i = 0; i < priv->aplist.size; i++) {
 782                         u8 *bssid = priv->aplist.ap[i].bssid;
 783
 784                         if (ether_addr_equal(ap_info->bssid, bssid))
 785                                 continue;
 786
 787                         if (ap_info->frame_type == IEEE80211_STYPE_PROBE_RESP)
 788                                 get_ap_information(priv, ap_info,
 789                                                    &priv->aplist.ap[i]);
 790                         return;
 791                 }
 792         }
 793         priv->scan_ind_count++;
 794         if (priv->scan_ind_count < LOCAL_APLIST_MAX + 1) {
 795                 netdev_dbg(priv->net_dev, " scan_ind_count=%d :: aplist.size=%d\n",
 796                            priv->scan_ind_count, priv->aplist.size);
 797                 get_ap_information(priv, (struct ap_info *)(priv->rxp),
 798                                    &priv->aplist.ap[priv->scan_ind_count - 1]);
 799                 priv->aplist.size = priv->scan_ind_count;
 800         } else {
 801                 netdev_dbg(priv->net_dev, " count over :: scan_ind_count=%d\n",
 802                            priv->scan_ind_count);
 803         }
 804 }
 805
 806 static
 807 void hostif_stop_confirm(struct ks_wlan_private *priv)
 808 {
 809         unsigned int tmp = 0;
 810         unsigned int old_status = priv->connect_status;
 811         struct net_device *netdev = priv->net_dev;
 812         union iwreq_data wrqu0;
 813
 814         if (priv->dev_state == DEVICE_STATE_SLEEP)
 815                 priv->dev_state = DEVICE_STATE_READY;
 816
 817         /* disconnect indication */
 818         if (is_connect_status(priv->connect_status)) {
 819                 netif_carrier_off(netdev);
 820                 tmp = FORCE_DISCONNECT & priv->connect_status;
 821                 priv->connect_status = tmp | DISCONNECT_STATUS;
 822                 netdev_info(netdev, "IWEVENT: disconnect\n");
 823
 824                 wrqu0.data.length = 0;
 825                 wrqu0.data.flags = 0;
 826                 wrqu0.ap_addr.sa_family = ARPHRD_ETHER;
 827                 if (is_disconnect_status(priv->connect_status) &&
 828                     is_connect_status(old_status)) {
 829                         eth_zero_addr(wrqu0.ap_addr.sa_data);
 830                         netdev_info(netdev, "IWEVENT: disconnect\n");
 831                         wireless_send_event(netdev, SIOCGIWAP, &wrqu0, NULL);
 832                 }
 833                 priv->scan_ind_count = 0;
 834         }
 835
 836         hostif_sme_enqueue(priv, SME_STOP_CONFIRM);
 837 }
 838
 839 static
 840 void hostif_ps_adhoc_set_confirm(struct ks_wlan_private *priv)
 841 {
 842         priv->infra_status = 0; /* infrastructure mode cancel */
 843         hostif_sme_enqueue(priv, SME_MODE_SET_CONFIRM);
 844 }
 845
 846 static
 847 void hostif_infrastructure_set_confirm(struct ks_wlan_private *priv)
 848 {
 849         u16 result_code;
 850
 851         result_code = get_word(priv);
 852         priv->infra_status = 1; /* infrastructure mode set */
 853         hostif_sme_enqueue(priv, SME_MODE_SET_CONFIRM);
 854 }
 855
 856 static
 857 void hostif_adhoc_set_confirm(struct ks_wlan_private *priv)
 858 {
 859         priv->infra_status = 1; /* infrastructure mode set */
 860         hostif_sme_enqueue(priv, SME_MODE_SET_CONFIRM);
 861 }
 862
 863 static
 864 void hostif_associate_indication(struct ks_wlan_private *priv)
 865 {
 866         struct association_request *assoc_req;
 867         struct association_response *assoc_resp;
 868         unsigned char *pb;
 869         union iwreq_data wrqu;
 870         char buf[IW_CUSTOM_MAX];
 871         char *pbuf = &buf[0];
 872         int i;
 873
 874         static const char associnfo_leader0[] = "ASSOCINFO(ReqIEs=";
 875         static const char associnfo_leader1[] = " RespIEs=";
 876
 877         assoc_req = (struct association_request *)(priv->rxp);
 878         assoc_resp = (struct association_response *)(assoc_req + 1);
 879         pb = (unsigned char *)(assoc_resp + 1);
 880
 881         memset(&wrqu, 0, sizeof(wrqu));
 882         memcpy(pbuf, associnfo_leader0, sizeof(associnfo_leader0) - 1);
 883         wrqu.data.length += sizeof(associnfo_leader0) - 1;
 884         pbuf += sizeof(associnfo_leader0) - 1;
 885
 886         for (i = 0; i < le16_to_cpu(assoc_req->req_ies_size); i++)
 887                 pbuf += sprintf(pbuf, "%02x", *(pb + i));
 888         wrqu.data.length += (le16_to_cpu(assoc_req->req_ies_size)) * 2;
 889
 890         memcpy(pbuf, associnfo_leader1, sizeof(associnfo_leader1) - 1);
 891         wrqu.data.length += sizeof(associnfo_leader1) - 1;
 892         pbuf += sizeof(associnfo_leader1) - 1;
 893
 894         pb += le16_to_cpu(assoc_req->req_ies_size);
 895         for (i = 0; i < le16_to_cpu(assoc_resp->resp_ies_size); i++)
 896                 pbuf += sprintf(pbuf, "%02x", *(pb + i));
 897         wrqu.data.length += (le16_to_cpu(assoc_resp->resp_ies_size)) * 2;
 898
 899         pbuf += sprintf(pbuf, ")");
 900         wrqu.data.length += 1;
 901
 902         wireless_send_event(priv->net_dev, IWEVCUSTOM, &wrqu, buf);
 903 }
 904
 905 static
 906 void hostif_bss_scan_confirm(struct ks_wlan_private *priv)
 907 {
 908         u32 result_code;
 909         struct net_device *dev = priv->net_dev;
 910         union iwreq_data wrqu;
 911
 912         result_code = get_dword(priv);
 913         netdev_dbg(priv->net_dev, "result=%d :: scan_ind_count=%d\n",
 914                    result_code, priv->scan_ind_count);
 915
 916         priv->sme_i.sme_flag &= ~SME_AP_SCAN;
 917         hostif_sme_enqueue(priv, SME_BSS_SCAN_CONFIRM);
 918
 919         wrqu.data.length = 0;
 920         wrqu.data.flags = 0;
 921         wireless_send_event(dev, SIOCGIWSCAN, &wrqu, NULL);
 922         priv->scan_ind_count = 0;
 923 }
 924
 925 static
 926 void hostif_phy_information_confirm(struct ks_wlan_private *priv)
 927 {
 928         struct iw_statistics *wstats = &priv->wstats;
 929         u8 rssi, signal, noise;
 930         u8 link_speed;
 931         u32 transmitted_frame_count, received_fragment_count;
 932         u32 failed_count, fcs_error_count;
 933
 934         rssi = get_byte(priv);
 935         signal = get_byte(priv);
 936         noise = get_byte(priv);
 937         link_speed = get_byte(priv);
 938         transmitted_frame_count = get_dword(priv);
 939         received_fragment_count = get_dword(priv);
 940         failed_count = get_dword(priv);
 941         fcs_error_count = get_dword(priv);
 942
 943         netdev_dbg(priv->net_dev, "phyinfo confirm rssi=%d signal=%d\n",
 944                    rssi, signal);
 945         priv->current_rate = (link_speed & RATE_MASK);
 946         wstats->qual.qual = signal;
 947         wstats->qual.level = 256 - rssi;
 948         wstats->qual.noise = 0; /* invalid noise value */
 949         wstats->qual.updated = IW_QUAL_ALL_UPDATED | IW_QUAL_DBM;
 950
 951         netdev_dbg(priv->net_dev, "\n    rssi=%u\n"
 952                    "    signal=%u\n"
 953                    "    link_speed=%ux500Kbps\n"
 954                    "    transmitted_frame_count=%u\n"
 955                    "    received_fragment_count=%u\n"
 956                    "    failed_count=%u\n"
 957                    "    fcs_error_count=%u\n",
 958                    rssi, signal, link_speed, transmitted_frame_count,
 959                    received_fragment_count, failed_count, fcs_error_count);
 960         /* wake_up_interruptible_all(&priv->confirm_wait); */
 961         complete(&priv->confirm_wait);
 962 }
 963
 964 static
 965 void hostif_mic_failure_confirm(struct ks_wlan_private *priv)
 966 {
 967         netdev_dbg(priv->net_dev, "mic_failure=%u\n",
 968                    priv->wpa.mic_failure.failure);
 969         hostif_sme_enqueue(priv, SME_MIC_FAILURE_CONFIRM);
 970 }
 971
 972 static
 973 void hostif_event_check(struct ks_wlan_private *priv)
 974 {
 975         u16 event;
 976
 977         event = get_word(priv);
 978         switch (event) {
 979         case HIF_DATA_IND:
 980                 hostif_data_indication(priv);
 981                 break;
 982         case HIF_MIB_GET_CONF:
 983                 hostif_mib_get_confirm(priv);
 984                 break;
 985         case HIF_MIB_SET_CONF:
 986                 hostif_mib_set_confirm(priv);
 987                 break;
 988         case HIF_POWER_MGMT_CONF:
 989                 hostif_power_mgmt_confirm(priv);
 990                 break;
 991         case HIF_SLEEP_CONF:
 992                 hostif_sleep_confirm(priv);
 993                 break;
 994         case HIF_START_CONF:
 995                 hostif_start_confirm(priv);
 996                 break;
 997         case HIF_CONNECT_IND:
 998                 hostif_connect_indication(priv);
 999                 break;
1000         case HIF_STOP_CONF:
1001                 hostif_stop_confirm(priv);
1002                 break;
1003         case HIF_PS_ADH_SET_CONF:
1004                 hostif_ps_adhoc_set_confirm(priv);
1005                 break;
1006         case HIF_INFRA_SET_CONF:
1007         case HIF_INFRA_SET2_CONF:
1008                 hostif_infrastructure_set_confirm(priv);
1009                 break;
1010         case HIF_ADH_SET_CONF:
1011         case HIF_ADH_SET2_CONF:
1012                 hostif_adhoc_set_confirm(priv);
1013                 break;
1014         case HIF_ASSOC_INFO_IND:
1015                 hostif_associate_indication(priv);
1016                 break;
1017         case HIF_MIC_FAILURE_CONF:
1018                 hostif_mic_failure_confirm(priv);
1019                 break;
1020         case HIF_SCAN_CONF:
1021                 hostif_bss_scan_confirm(priv);
1022                 break;
1023         case HIF_PHY_INFO_CONF:
1024         case HIF_PHY_INFO_IND:
1025                 hostif_phy_information_confirm(priv);
1026                 break;
1027         case HIF_SCAN_IND:
1028                 hostif_scan_indication(priv);
1029                 break;
1030         case HIF_AP_SET_CONF:
1031         default:
1032                 netdev_err(priv->net_dev, "undefined event[%04X]\n", event);
1033                 /* wake_up_all(&priv->confirm_wait); */
1034                 complete(&priv->confirm_wait);
1035                 break;
1036         }
1037
1038         /* add event to hostt buffer */
1039         priv->hostt.buff[priv->hostt.qtail] = event;
1040         priv->hostt.qtail = (priv->hostt.qtail + 1) % SME_EVENT_BUFF_SIZE;
1041 }
1042
1043 /* allocate size bytes, set header size and event */
1044 static void *hostif_generic_request(size_t size, int event)
1045 {
1046         struct hostif_hdr *p;
1047
1048         p = kzalloc(hif_align_size(size), GFP_ATOMIC);
1049         if (!p)
1050                 return NULL;
1051
1052         p->size = cpu_to_le16(size - sizeof(p->size));
1053         p->event = cpu_to_le16(event);
1054
1055         return p;
1056 }
1057
1058 int hostif_data_request(struct ks_wlan_private *priv, struct sk_buff *skb)
1059 {
1060         unsigned int skb_len = 0;
1061         unsigned char *buffer = NULL;
1062         unsigned int length = 0;
1063         struct hostif_data_request *pp;
1064         unsigned char *p;
1065         unsigned short eth_proto;
1066         struct ether_hdr *eth_hdr;
1067         unsigned short keyinfo = 0;
1068         struct ieee802_1x_hdr *aa1x_hdr;
1069         struct wpa_eapol_key *eap_key;
1070         struct ethhdr *eth;
1071         size_t size;
1072         int ret;
1073
1074         skb_len = skb->len;
1075         if (skb_len > ETH_FRAME_LEN) {
1076                 netdev_err(priv->net_dev, "bad length skb_len=%d\n", skb_len);
1077                 ret = -EOVERFLOW;
1078                 goto err_kfree_skb;
1079         }
1080
1081         if (is_disconnect_status(priv->connect_status) ||
1082             (priv->connect_status & FORCE_DISCONNECT) ||
1083             priv->wpa.mic_failure.stop) {
1084                 if (netif_queue_stopped(priv->net_dev))
1085                         netif_wake_queue(priv->net_dev);
1086
1087                 dev_kfree_skb(skb);
1088
1089                 return 0;
1090         }
1091
1092         /* power save wakeup */
1093         if (atomic_read(&priv->psstatus.status) == PS_SNOOZE) {
1094                 if (!netif_queue_stopped(priv->net_dev))
1095                         netif_stop_queue(priv->net_dev);
1096         }
1097
1098         size = sizeof(*pp) + 6 + skb_len + 8;
1099         pp = kmalloc(hif_align_size(size), GFP_ATOMIC);
1100         if (!pp) {
1101                 ret = -ENOMEM;
1102                 goto err_kfree_skb;
1103         }
1104
1105         p = (unsigned char *)pp->data;
1106
1107         buffer = skb->data;
1108         length = skb->len;
1109
1110         /* skb check */
1111         eth = (struct ethhdr *)skb->data;
1112         if (!ether_addr_equal(&priv->eth_addr[0], eth->h_source)) {
1113                 netdev_err(priv->net_dev,
1114                            "Invalid mac address: ethernet->h_source=%pM\n",
1115                            eth->h_source);
1116                 ret = -ENXIO;
1117                 goto err_kfree;
1118         }
1119
1120         /* dest and src MAC address copy */
1121         size = ETH_ALEN * 2;
1122         memcpy(p, buffer, size);
1123         p += size;
1124         buffer += size;
1125         length -= size;
1126
1127         /* EtherType/Length check */
1128         if (*(buffer + 1) + (*buffer << 8) > 1500) {
1129                 /* ProtocolEAP = *(buffer+1) + (*buffer << 8); */
1130                 /* SAP/CTL/OUI(6 byte) add */
1131                 *p++ = 0xAA;    /* DSAP */
1132                 *p++ = 0xAA;    /* SSAP */
1133                 *p++ = 0x03;    /* CTL */
1134                 *p++ = 0x00;    /* OUI ("000000") */
1135                 *p++ = 0x00;    /* OUI ("000000") */
1136                 *p++ = 0x00;    /* OUI ("000000") */
1137                 skb_len += 6;
1138         } else {
1139                 /* Length(2 byte) delete */
1140                 buffer += 2;
1141                 length -= 2;
1142                 skb_len -= 2;
1143         }
1144
1145         /* pp->data copy */
1146         memcpy(p, buffer, length);
1147
1148         p += length;
1149
1150         /* for WPA */
1151         eth_hdr = (struct ether_hdr *)&pp->data[0];
1152         eth_proto = ntohs(eth_hdr->h_proto);
1153
1154         /* for MIC FAILURE REPORT check */
1155         if (eth_proto == ETH_P_PAE &&
1156             priv->wpa.mic_failure.failure > 0) {
1157                 aa1x_hdr = (struct ieee802_1x_hdr *)(eth_hdr + 1);
1158                 if (aa1x_hdr->type == IEEE802_1X_TYPE_EAPOL_KEY) {
1159                         eap_key = (struct wpa_eapol_key *)(aa1x_hdr + 1);
1160                         keyinfo = ntohs(eap_key->key_info);
1161                 }
1162         }
1163
1164         if (priv->wpa.rsn_enabled && priv->wpa.key[0].key_len) {
1165                 /* no encryption */
1166                 if (eth_proto == ETH_P_PAE &&
1167                     priv->wpa.key[1].key_len == 0 &&
1168                     priv->wpa.key[2].key_len == 0 &&
1169                     priv->wpa.key[3].key_len == 0) {
1170                         pp->auth_type = cpu_to_le16(TYPE_AUTH);
1171                 } else {
1172                         if (priv->wpa.pairwise_suite == IW_AUTH_CIPHER_TKIP) {
1173                                 u8 mic[MICHAEL_MIC_LEN];
1174
1175                                 ret = michael_mic(priv->wpa.key[0].tx_mic_key,
1176                                                   &pp->data[0], skb_len,
1177                                                   0, mic);
1178                                 if (ret < 0)
1179                                         goto err_kfree;
1180
1181                                 memcpy(p, mic, sizeof(mic));
1182                                 length += sizeof(mic);
1183                                 skb_len += sizeof(mic);
1184                                 p += sizeof(mic);
1185                                 pp->auth_type =
1186                                     cpu_to_le16(TYPE_DATA);
1187                         } else if (priv->wpa.pairwise_suite ==
1188                                    IW_AUTH_CIPHER_CCMP) {
1189                                 pp->auth_type =
1190                                     cpu_to_le16(TYPE_DATA);
1191                         }
1192                 }
1193         } else {
1194                 if (eth_proto == ETH_P_PAE)
1195                         pp->auth_type = cpu_to_le16(TYPE_AUTH);
1196                 else
1197                         pp->auth_type = cpu_to_le16(TYPE_DATA);
1198         }
1199
1200         /* header value set */
1201         pp->header.size =
1202             cpu_to_le16((sizeof(*pp) - sizeof(pp->header.size) + skb_len));
1203         pp->header.event = cpu_to_le16(HIF_DATA_REQ);
1204
1205         /* tx request */
1206         ret = ks_wlan_hw_tx(priv, pp, hif_align_size(sizeof(*pp) + skb_len),
1207                             send_packet_complete, skb);
1208
1209         /* MIC FAILURE REPORT check */
1210         if (eth_proto == ETH_P_PAE &&
1211             priv->wpa.mic_failure.failure > 0) {
1212                 if (keyinfo & WPA_KEY_INFO_ERROR &&
1213                     keyinfo & WPA_KEY_INFO_REQUEST) {
1214                         netdev_err(priv->net_dev,
1215                                    "MIC ERROR Report SET : %04X\n", keyinfo);
1216                         hostif_sme_enqueue(priv, SME_MIC_FAILURE_REQUEST);
1217                 }
1218                 if (priv->wpa.mic_failure.failure == 2)
1219                         priv->wpa.mic_failure.stop = 1;
1220         }
1221
1222         return ret;
1223
1224 err_kfree:
1225         kfree(pp);
1226 err_kfree_skb:
1227         dev_kfree_skb(skb);
1228
1229         return ret;
1230 }
1231
1232 static inline void ps_confirm_wait_inc(struct ks_wlan_private *priv)
1233 {
1234         if (atomic_read(&priv->psstatus.status) > PS_ACTIVE_SET)
1235                 atomic_inc(&priv->psstatus.confirm_wait);
1236 }
1237
1238 static inline void send_request_to_device(struct ks_wlan_private *priv,
1239                                           void *data, size_t size)
1240 {
1241         ps_confirm_wait_inc(priv);
1242         ks_wlan_hw_tx(priv, data, size, NULL, NULL);
1243 }
1244
1245 static void hostif_mib_get_request(struct ks_wlan_private *priv,
1246                                    u32 mib_attribute)
1247 {
1248         struct hostif_mib_get_request *pp;
1249
1250         pp = hostif_generic_request(sizeof(*pp), HIF_MIB_GET_REQ);
1251         if (!pp)
1252                 return;
1253
1254         pp->mib_attribute = cpu_to_le32(mib_attribute);
1255
1256         send_request_to_device(priv, pp, hif_align_size(sizeof(*pp)));
1257 }
1258
1259 static void hostif_mib_set_request(struct ks_wlan_private *priv,
1260                                    enum mib_attribute attr,
1261                                    enum mib_data_type type,
1262                                    void *data, size_t size)
1263 {
1264         struct hostif_mib_set_request_t *pp;
1265
1266         if (priv->dev_state < DEVICE_STATE_BOOT)
1267                 return;
1268
1269         pp = hostif_generic_request(sizeof(*pp), HIF_MIB_SET_REQ);
1270         if (!pp)
1271                 return;
1272
1273         pp->mib_attribute = cpu_to_le32(attr);
1274         pp->mib_value.size = cpu_to_le16(size);
1275         pp->mib_value.type = cpu_to_le16(type);
1276         memcpy(&pp->mib_value.body, data, size);
1277
1278         send_request_to_device(priv, pp, hif_align_size(sizeof(*pp) + size));
1279 }
1280
1281 static inline void hostif_mib_set_request_int(struct ks_wlan_private *priv,
1282                                               enum mib_attribute attr, int val)
1283 {
1284         __le32 v = cpu_to_le32(val);
1285         size_t size = sizeof(v);
1286
1287         hostif_mib_set_request(priv, attr, MIB_VALUE_TYPE_INT, &v, size);
1288 }
1289
1290 static inline void hostif_mib_set_request_bool(struct ks_wlan_private *priv,
1291                                                enum mib_attribute attr,
1292                                                bool val)
1293 {
1294         __le32 v = cpu_to_le32(val);
1295         size_t size = sizeof(v);
1296
1297         hostif_mib_set_request(priv, attr, MIB_VALUE_TYPE_BOOL, &v, size);
1298 }
1299
1300 static inline void hostif_mib_set_request_ostring(struct ks_wlan_private *priv,
1301                                                   enum mib_attribute attr,
1302                                                   void *data, size_t size)
1303 {
1304         hostif_mib_set_request(priv, attr, MIB_VALUE_TYPE_OSTRING, data, size);
1305 }
1306
1307 static
1308 void hostif_start_request(struct ks_wlan_private *priv, unsigned char mode)
1309 {
1310         struct hostif_start_request *pp;
1311
1312         pp = hostif_generic_request(sizeof(*pp), HIF_START_REQ);
1313         if (!pp)
1314                 return;
1315
1316         pp->mode = cpu_to_le16(mode);
1317
1318         send_request_to_device(priv, pp, hif_align_size(sizeof(*pp)));
1319
1320         priv->aplist.size = 0;
1321         priv->scan_ind_count = 0;
1322 }
1323
1324 static __le16 ks_wlan_cap(struct ks_wlan_private *priv)
1325 {
1326         u16 capability = 0x0000;
1327
1328         if (priv->reg.preamble == SHORT_PREAMBLE)
1329                 capability |= WLAN_CAPABILITY_SHORT_PREAMBLE;
1330
1331         capability &= ~(WLAN_CAPABILITY_PBCC);  /* pbcc not support */
1332
1333         if (priv->reg.phy_type != D_11B_ONLY_MODE) {
1334                 capability |= WLAN_CAPABILITY_SHORT_SLOT_TIME;
1335                 capability &= ~(WLAN_CAPABILITY_DSSS_OFDM);
1336         }
1337
1338         return cpu_to_le16(capability);
1339 }
1340
1341 static void init_request(struct ks_wlan_private *priv,
1342                          struct hostif_request *req)
1343 {
1344         req->phy_type = cpu_to_le16(priv->reg.phy_type);
1345         req->cts_mode = cpu_to_le16(priv->reg.cts_mode);
1346         req->scan_type = cpu_to_le16(priv->reg.scan_type);
1347         req->rate_set.size = priv->reg.rate_set.size;
1348         req->capability = ks_wlan_cap(priv);
1349         memcpy(&req->rate_set.body[0], &priv->reg.rate_set.body[0],
1350                priv->reg.rate_set.size);
1351 }
1352
1353 static
1354 void hostif_ps_adhoc_set_request(struct ks_wlan_private *priv)
1355 {
1356         struct hostif_ps_adhoc_set_request *pp;
1357
1358         pp = hostif_generic_request(sizeof(*pp), HIF_PS_ADH_SET_REQ);
1359         if (!pp)
1360                 return;
1361
1362         init_request(priv, &pp->request);
1363         pp->channel = cpu_to_le16(priv->reg.channel);
1364
1365         send_request_to_device(priv, pp, hif_align_size(sizeof(*pp)));
1366 }
1367
1368 static
1369 void hostif_infrastructure_set_request(struct ks_wlan_private *priv, int event)
1370 {
1371         struct hostif_infrastructure_set_request *pp;
1372
1373         pp = hostif_generic_request(sizeof(*pp), event);
1374         if (!pp)
1375                 return;
1376
1377         init_request(priv, &pp->request);
1378         pp->ssid.size = priv->reg.ssid.size;
1379         memcpy(&pp->ssid.body[0], &priv->reg.ssid.body[0], priv->reg.ssid.size);
1380         pp->beacon_lost_count =
1381             cpu_to_le16(priv->reg.beacon_lost_count);
1382         pp->auth_type = cpu_to_le16(priv->reg.authenticate_type);
1383
1384         pp->channel_list.body[0] = 1;
1385         pp->channel_list.body[1] = 8;
1386         pp->channel_list.body[2] = 2;
1387         pp->channel_list.body[3] = 9;
1388         pp->channel_list.body[4] = 3;
1389         pp->channel_list.body[5] = 10;
1390         pp->channel_list.body[6] = 4;
1391         pp->channel_list.body[7] = 11;
1392         pp->channel_list.body[8] = 5;
1393         pp->channel_list.body[9] = 12;
1394         pp->channel_list.body[10] = 6;
1395         pp->channel_list.body[11] = 13;
1396         pp->channel_list.body[12] = 7;
1397         if (priv->reg.phy_type == D_11G_ONLY_MODE) {
1398                 pp->channel_list.size = 13;
1399         } else {
1400                 pp->channel_list.body[13] = 14;
1401                 pp->channel_list.size = 14;
1402         }
1403
1404         send_request_to_device(priv, pp, hif_align_size(sizeof(*pp)));
1405 }
1406
1407 static
1408 void hostif_adhoc_set_request(struct ks_wlan_private *priv)
1409 {
1410         struct hostif_adhoc_set_request *pp;
1411
1412         pp = hostif_generic_request(sizeof(*pp), HIF_ADH_SET_REQ);
1413         if (!pp)
1414                 return;
1415
1416         init_request(priv, &pp->request);
1417         pp->channel = cpu_to_le16(priv->reg.channel);
1418         pp->ssid.size = priv->reg.ssid.size;
1419         memcpy(&pp->ssid.body[0], &priv->reg.ssid.body[0], priv->reg.ssid.size);
1420
1421         send_request_to_device(priv, pp, hif_align_size(sizeof(*pp)));
1422 }
1423
1424 static
1425 void hostif_adhoc_set2_request(struct ks_wlan_private *priv)
1426 {
1427         struct hostif_adhoc_set2_request *pp;
1428
1429         pp = hostif_generic_request(sizeof(*pp), HIF_ADH_SET_REQ);
1430         if (!pp)
1431                 return;
1432
1433         init_request(priv, &pp->request);
1434         pp->ssid.size = priv->reg.ssid.size;
1435         memcpy(&pp->ssid.body[0], &priv->reg.ssid.body[0], priv->reg.ssid.size);
1436
1437         pp->channel_list.body[0] = priv->reg.channel;
1438         pp->channel_list.size = 1;
1439         memcpy(pp->bssid, priv->reg.bssid, ETH_ALEN);
1440
1441         send_request_to_device(priv, pp, hif_align_size(sizeof(*pp)));
1442 }
1443
1444 static
1445 void hostif_stop_request(struct ks_wlan_private *priv)
1446 {
1447         struct hostif_stop_request *pp;
1448
1449         pp = hostif_generic_request(sizeof(*pp), HIF_STOP_REQ);
1450         if (!pp)
1451                 return;
1452
1453         send_request_to_device(priv, pp, hif_align_size(sizeof(*pp)));
1454 }
1455
1456 static
1457 void hostif_phy_information_request(struct ks_wlan_private *priv)
1458 {
1459         struct hostif_phy_information_request *pp;
1460
1461         pp = hostif_generic_request(sizeof(*pp), HIF_PHY_INFO_REQ);
1462         if (!pp)
1463                 return;
1464
1465         if (priv->reg.phy_info_timer) {
1466                 pp->type = cpu_to_le16(TIME_TYPE);
1467                 pp->time = cpu_to_le16(priv->reg.phy_info_timer);
1468         } else {
1469                 pp->type = cpu_to_le16(NORMAL_TYPE);
1470                 pp->time = cpu_to_le16(0);
1471         }
1472
1473         send_request_to_device(priv, pp, hif_align_size(sizeof(*pp)));
1474 }
1475
1476 static
1477 void hostif_power_mgmt_request(struct ks_wlan_private *priv,
1478                                u32 mode, u32 wake_up, u32 receive_dtims)
1479 {
1480         struct hostif_power_mgmt_request *pp;
1481
1482         pp = hostif_generic_request(sizeof(*pp), HIF_POWER_MGMT_REQ);
1483         if (!pp)
1484                 return;
1485
1486         pp->mode = cpu_to_le32(mode);
1487         pp->wake_up = cpu_to_le32(wake_up);
1488         pp->receive_dtims = cpu_to_le32(receive_dtims);
1489
1490         send_request_to_device(priv, pp, hif_align_size(sizeof(*pp)));
1491 }
1492
1493 static
1494 void hostif_sleep_request(struct ks_wlan_private *priv,
1495                           enum sleep_mode_type mode)
1496 {
1497         struct hostif_sleep_request *pp;
1498
1499         if (mode == SLP_SLEEP) {
1500                 pp = hostif_generic_request(sizeof(*pp), HIF_SLEEP_REQ);
1501                 if (!pp)
1502                         return;
1503
1504                 send_request_to_device(priv, pp, hif_align_size(sizeof(*pp)));
1505         } else if (mode == SLP_ACTIVE) {
1506                 atomic_set(&priv->sleepstatus.wakeup_request, 1);
1507                 queue_delayed_work(priv->wq, &priv->rw_dwork, 1);
1508         } else {
1509                 netdev_err(priv->net_dev, "invalid mode %ld\n", (long)mode);
1510                 return;
1511         }
1512 }
1513
1514 static
1515 void hostif_bss_scan_request(struct ks_wlan_private *priv,
1516                              unsigned long scan_type, u8 *scan_ssid,
1517                              u8 scan_ssid_len)
1518 {
1519         struct hostif_bss_scan_request *pp;
1520
1521         pp = hostif_generic_request(sizeof(*pp), HIF_SCAN_REQ);
1522         if (!pp)
1523                 return;
1524
1525         pp->scan_type = scan_type;
1526
1527         pp->ch_time_min = cpu_to_le32(110);     /* default value */
1528         pp->ch_time_max = cpu_to_le32(130);     /* default value */
1529         pp->channel_list.body[0] = 1;
1530         pp->channel_list.body[1] = 8;
1531         pp->channel_list.body[2] = 2;
1532         pp->channel_list.body[3] = 9;
1533         pp->channel_list.body[4] = 3;
1534         pp->channel_list.body[5] = 10;
1535         pp->channel_list.body[6] = 4;
1536         pp->channel_list.body[7] = 11;
1537         pp->channel_list.body[8] = 5;
1538         pp->channel_list.body[9] = 12;
1539         pp->channel_list.body[10] = 6;
1540         pp->channel_list.body[11] = 13;
1541         pp->channel_list.body[12] = 7;
1542         if (priv->reg.phy_type == D_11G_ONLY_MODE) {
1543                 pp->channel_list.size = 13;
1544         } else {
1545                 pp->channel_list.body[13] = 14;
1546                 pp->channel_list.size = 14;
1547         }
1548         pp->ssid.size = 0;
1549
1550         /* specified SSID SCAN */
1551         if (scan_ssid_len > 0 && scan_ssid_len <= 32) {
1552                 pp->ssid.size = scan_ssid_len;
1553                 memcpy(&pp->ssid.body[0], scan_ssid, scan_ssid_len);
1554         }
1555
1556         send_request_to_device(priv, pp, hif_align_size(sizeof(*pp)));
1557
1558         priv->aplist.size = 0;
1559         priv->scan_ind_count = 0;
1560 }
1561
1562 static
1563 void hostif_mic_failure_request(struct ks_wlan_private *priv,
1564                                 u16 failure_count, u16 timer)
1565 {
1566         struct hostif_mic_failure_request *pp;
1567
1568         pp = hostif_generic_request(sizeof(*pp), HIF_MIC_FAILURE_REQ);
1569         if (!pp)
1570                 return;
1571
1572         pp->failure_count = cpu_to_le16(failure_count);
1573         pp->timer = cpu_to_le16(timer);
1574
1575         send_request_to_device(priv, pp, hif_align_size(sizeof(*pp)));
1576 }
1577
1578 /* Device I/O Receive indicate */
1579 static void devio_rec_ind(struct ks_wlan_private *priv, unsigned char *p,
1580                           unsigned int size)
1581 {
1582         if (!priv->is_device_open)
1583                 return;
1584
1585         spin_lock(&priv->dev_read_lock);
1586         priv->dev_data[atomic_read(&priv->rec_count)] = p;
1587         priv->dev_size[atomic_read(&priv->rec_count)] = size;
1588
1589         if (atomic_read(&priv->event_count) != DEVICE_STOCK_COUNT) {
1590                 /* rx event count inc */
1591                 atomic_inc(&priv->event_count);
1592         }
1593         atomic_inc(&priv->rec_count);
1594         if (atomic_read(&priv->rec_count) == DEVICE_STOCK_COUNT)
1595                 atomic_set(&priv->rec_count, 0);
1596
1597         wake_up_interruptible_all(&priv->devread_wait);
1598
1599         spin_unlock(&priv->dev_read_lock);
1600 }
1601
1602 void hostif_receive(struct ks_wlan_private *priv, unsigned char *p,
1603                     unsigned int size)
1604 {
1605         devio_rec_ind(priv, p, size);
1606
1607         priv->rxp = p;
1608         priv->rx_size = size;
1609
1610         if (get_word(priv) == priv->rx_size)
1611                 hostif_event_check(priv);
1612 }
1613
1614 static void hostif_sme_set_wep(struct ks_wlan_private *priv, int type)
1615 {
1616         switch (type) {
1617         case SME_WEP_INDEX_REQUEST:
1618                 hostif_mib_set_request_int(priv, DOT11_WEP_DEFAULT_KEY_ID,
1619                                            priv->reg.wep_index);
1620                 break;
1621         case SME_WEP_KEY1_REQUEST:
1622                 if (priv->wpa.wpa_enabled)
1623                         return;
1624                 hostif_mib_set_request_ostring(priv,
1625                                                DOT11_WEP_DEFAULT_KEY_VALUE1,
1626                                                &priv->reg.wep_key[0].val[0],
1627                                                priv->reg.wep_key[0].size);
1628                 break;
1629         case SME_WEP_KEY2_REQUEST:
1630                 if (priv->wpa.wpa_enabled)
1631                         return;
1632                 hostif_mib_set_request_ostring(priv,
1633                                                DOT11_WEP_DEFAULT_KEY_VALUE2,
1634                                                &priv->reg.wep_key[1].val[0],
1635                                                priv->reg.wep_key[1].size);
1636                 break;
1637         case SME_WEP_KEY3_REQUEST:
1638                 if (priv->wpa.wpa_enabled)
1639                         return;
1640                 hostif_mib_set_request_ostring(priv,
1641                                                DOT11_WEP_DEFAULT_KEY_VALUE3,
1642                                                &priv->reg.wep_key[2].val[0],
1643                                                priv->reg.wep_key[2].size);
1644                 break;
1645         case SME_WEP_KEY4_REQUEST:
1646                 if (priv->wpa.wpa_enabled)
1647                         return;
1648                 hostif_mib_set_request_ostring(priv,
1649                                                DOT11_WEP_DEFAULT_KEY_VALUE4,
1650                                                &priv->reg.wep_key[3].val[0],
1651                                                priv->reg.wep_key[3].size);
1652                 break;
1653         case SME_WEP_FLAG_REQUEST:
1654                 hostif_mib_set_request_bool(priv, DOT11_PRIVACY_INVOKED,
1655                                             priv->reg.privacy_invoked);
1656                 break;
1657         }
1658 }
1659
1660 struct wpa_suite {
1661         __le16 size;
1662         unsigned char suite[4][CIPHER_ID_LEN];
1663 } __packed;
1664
1665 struct rsn_mode {
1666         __le32 rsn_mode;
1667         __le16 rsn_capability;
1668 } __packed;
1669
1670 static void hostif_sme_set_rsn(struct ks_wlan_private *priv, int type)
1671 {
1672         struct wpa_suite wpa_suite;
1673         struct rsn_mode rsn_mode;
1674         size_t size;
1675         u32 mode;
1676         const u8 *buf = NULL;
1677
1678         memset(&wpa_suite, 0, sizeof(wpa_suite));
1679
1680         switch (type) {
1681         case SME_RSN_UCAST_REQUEST:
1682                 wpa_suite.size = cpu_to_le16(1);
1683                 switch (priv->wpa.pairwise_suite) {
1684                 case IW_AUTH_CIPHER_NONE:
1685                         buf = (priv->wpa.version == IW_AUTH_WPA_VERSION_WPA2) ?
1686                                 CIPHER_ID_WPA2_NONE : CIPHER_ID_WPA_NONE;
1687                         break;
1688                 case IW_AUTH_CIPHER_WEP40:
1689                         buf = (priv->wpa.version == IW_AUTH_WPA_VERSION_WPA2) ?
1690                                 CIPHER_ID_WPA2_WEP40 : CIPHER_ID_WPA_WEP40;
1691                         break;
1692                 case IW_AUTH_CIPHER_TKIP:
1693                         buf = (priv->wpa.version == IW_AUTH_WPA_VERSION_WPA2) ?
1694                                 CIPHER_ID_WPA2_TKIP : CIPHER_ID_WPA_TKIP;
1695                         break;
1696                 case IW_AUTH_CIPHER_CCMP:
1697                         buf = (priv->wpa.version == IW_AUTH_WPA_VERSION_WPA2) ?
1698                                 CIPHER_ID_WPA2_CCMP : CIPHER_ID_WPA_CCMP;
1699                         break;
1700                 case IW_AUTH_CIPHER_WEP104:
1701                         buf = (priv->wpa.version == IW_AUTH_WPA_VERSION_WPA2) ?
1702                                 CIPHER_ID_WPA2_WEP104 : CIPHER_ID_WPA_WEP104;
1703                         break;
1704                 }
1705
1706                 if (buf)
1707                         memcpy(&wpa_suite.suite[0][0], buf, CIPHER_ID_LEN);
1708                 size = sizeof(wpa_suite.size) +
1709                        (CIPHER_ID_LEN * le16_to_cpu(wpa_suite.size));
1710                 hostif_mib_set_request_ostring(priv,
1711                                                DOT11_RSN_CONFIG_UNICAST_CIPHER,
1712                                                &wpa_suite, size);
1713                 break;
1714         case SME_RSN_MCAST_REQUEST:
1715                 switch (priv->wpa.group_suite) {
1716                 case IW_AUTH_CIPHER_NONE:
1717                         buf = (priv->wpa.version == IW_AUTH_WPA_VERSION_WPA2) ?
1718                                 CIPHER_ID_WPA2_NONE : CIPHER_ID_WPA_NONE;
1719                         break;
1720                 case IW_AUTH_CIPHER_WEP40:
1721                         buf = (priv->wpa.version == IW_AUTH_WPA_VERSION_WPA2) ?
1722                                 CIPHER_ID_WPA2_WEP40 : CIPHER_ID_WPA_WEP40;
1723                         break;
1724                 case IW_AUTH_CIPHER_TKIP:
1725                         buf = (priv->wpa.version == IW_AUTH_WPA_VERSION_WPA2) ?
1726                                 CIPHER_ID_WPA2_TKIP : CIPHER_ID_WPA_TKIP;
1727                         break;
1728                 case IW_AUTH_CIPHER_CCMP:
1729                         buf = (priv->wpa.version == IW_AUTH_WPA_VERSION_WPA2) ?
1730                                 CIPHER_ID_WPA2_CCMP : CIPHER_ID_WPA_CCMP;
1731                         break;
1732                 case IW_AUTH_CIPHER_WEP104:
1733                         buf = (priv->wpa.version == IW_AUTH_WPA_VERSION_WPA2) ?
1734                                 CIPHER_ID_WPA2_WEP104 : CIPHER_ID_WPA_WEP104;
1735                         break;
1736                 }
1737                 if (buf)
1738                         memcpy(&wpa_suite.suite[0][0], buf, CIPHER_ID_LEN);
1739                 hostif_mib_set_request_ostring(priv,
1740                                                DOT11_RSN_CONFIG_MULTICAST_CIPHER,
1741                                                &wpa_suite.suite[0][0],
1742                                                CIPHER_ID_LEN);
1743                 break;
1744         case SME_RSN_AUTH_REQUEST:
1745                 wpa_suite.size = cpu_to_le16(1);
1746                 switch (priv->wpa.key_mgmt_suite) {
1747                 case IW_AUTH_KEY_MGMT_802_1X:
1748                         buf = (priv->wpa.version == IW_AUTH_WPA_VERSION_WPA2) ?
1749                                 KEY_MGMT_ID_WPA2_1X : KEY_MGMT_ID_WPA_1X;
1750                         break;
1751                 case IW_AUTH_KEY_MGMT_PSK:
1752                         buf = (priv->wpa.version == IW_AUTH_WPA_VERSION_WPA2) ?
1753                                 KEY_MGMT_ID_WPA2_PSK : KEY_MGMT_ID_WPA_PSK;
1754                         break;
1755                 case 0:
1756                         buf = (priv->wpa.version == IW_AUTH_WPA_VERSION_WPA2) ?
1757                                 KEY_MGMT_ID_WPA2_NONE : KEY_MGMT_ID_WPA_NONE;
1758                         break;
1759                 case 4:
1760                         buf = (priv->wpa.version == IW_AUTH_WPA_VERSION_WPA2) ?
1761                                 KEY_MGMT_ID_WPA2_WPANONE :
1762                                 KEY_MGMT_ID_WPA_WPANONE;
1763                         break;
1764                 }
1765
1766                 if (buf)
1767                         memcpy(&wpa_suite.suite[0][0], buf, KEY_MGMT_ID_LEN);
1768                 size = sizeof(wpa_suite.size) +
1769                        (KEY_MGMT_ID_LEN * le16_to_cpu(wpa_suite.size));
1770                 hostif_mib_set_request_ostring(priv,
1771                                                DOT11_RSN_CONFIG_AUTH_SUITE,
1772                                                &wpa_suite, size);
1773                 break;
1774         case SME_RSN_ENABLED_REQUEST:
1775                 hostif_mib_set_request_bool(priv, DOT11_RSN_ENABLED,
1776                                             priv->wpa.rsn_enabled);
1777                 break;
1778         case SME_RSN_MODE_REQUEST:
1779                 mode = (priv->wpa.version == IW_AUTH_WPA_VERSION_WPA2) ?
1780                         RSN_MODE_WPA2 :
1781                         (priv->wpa.version == IW_AUTH_WPA_VERSION_WPA) ?
1782                          RSN_MODE_WPA : RSN_MODE_NONE;
1783                 rsn_mode.rsn_mode = cpu_to_le32(mode);
1784                 rsn_mode.rsn_capability = cpu_to_le16(0);
1785                 hostif_mib_set_request_ostring(priv, LOCAL_RSN_MODE,
1786                                                &rsn_mode, sizeof(rsn_mode));
1787                 break;
1788         }
1789 }
1790
1791 static
1792 void hostif_sme_mode_setup(struct ks_wlan_private *priv)
1793 {
1794         unsigned char rate_size;
1795         unsigned char rate_octet[RATE_SET_MAX_SIZE];
1796         int i = 0;
1797
1798         /* rate setting if rate segging is auto for changing phy_type (#94) */
1799         if (priv->reg.tx_rate == TX_RATE_FULL_AUTO) {
1800                 if (priv->reg.phy_type == D_11B_ONLY_MODE) {
1801                         priv->reg.rate_set.body[3] = TX_RATE_11M;
1802                         priv->reg.rate_set.body[2] = TX_RATE_5M;
1803                         priv->reg.rate_set.body[1] = TX_RATE_2M | BASIC_RATE;
1804                         priv->reg.rate_set.body[0] = TX_RATE_1M | BASIC_RATE;
1805                         priv->reg.rate_set.size = 4;
1806                 } else {        /* D_11G_ONLY_MODE or D_11BG_COMPATIBLE_MODE */
1807                         priv->reg.rate_set.body[11] = TX_RATE_54M;
1808                         priv->reg.rate_set.body[10] = TX_RATE_48M;
1809                         priv->reg.rate_set.body[9] = TX_RATE_36M;
1810                         priv->reg.rate_set.body[8] = TX_RATE_18M;
1811                         priv->reg.rate_set.body[7] = TX_RATE_9M;
1812                         priv->reg.rate_set.body[6] = TX_RATE_24M | BASIC_RATE;
1813                         priv->reg.rate_set.body[5] = TX_RATE_12M | BASIC_RATE;
1814                         priv->reg.rate_set.body[4] = TX_RATE_6M | BASIC_RATE;
1815                         priv->reg.rate_set.body[3] = TX_RATE_11M | BASIC_RATE;
1816                         priv->reg.rate_set.body[2] = TX_RATE_5M | BASIC_RATE;
1817                         priv->reg.rate_set.body[1] = TX_RATE_2M | BASIC_RATE;
1818                         priv->reg.rate_set.body[0] = TX_RATE_1M | BASIC_RATE;
1819                         priv->reg.rate_set.size = 12;
1820                 }
1821         }
1822
1823         /* rate mask by phy setting */
1824         if (priv->reg.phy_type == D_11B_ONLY_MODE) {
1825                 for (i = 0; i < priv->reg.rate_set.size; i++) {
1826                         if (!is_11b_rate(priv->reg.rate_set.body[i]))
1827                                 break;
1828
1829                         if ((priv->reg.rate_set.body[i] & RATE_MASK) >= TX_RATE_5M) {
1830                                 rate_octet[i] = priv->reg.rate_set.body[i] &
1831                                                 RATE_MASK;
1832                         } else {
1833                                 rate_octet[i] = priv->reg.rate_set.body[i];
1834                         }
1835                 }
1836
1837         } else {        /* D_11G_ONLY_MODE or D_11BG_COMPATIBLE_MODE */
1838                 for (i = 0; i < priv->reg.rate_set.size; i++) {
1839                         if (!is_11bg_rate(priv->reg.rate_set.body[i]))
1840                                 break;
1841
1842                         if (is_ofdm_ext_rate(priv->reg.rate_set.body[i])) {
1843                                 rate_octet[i] = priv->reg.rate_set.body[i] &
1844                                                 RATE_MASK;
1845                         } else {
1846                                 rate_octet[i] = priv->reg.rate_set.body[i];
1847                         }
1848                 }
1849         }
1850         rate_size = i;
1851         if (rate_size == 0) {
1852                 if (priv->reg.phy_type == D_11G_ONLY_MODE)
1853                         rate_octet[0] = TX_RATE_6M | BASIC_RATE;
1854                 else
1855                         rate_octet[0] = TX_RATE_2M | BASIC_RATE;
1856                 rate_size = 1;
1857         }
1858
1859         /* rate set update */
1860         priv->reg.rate_set.size = rate_size;
1861         memcpy(&priv->reg.rate_set.body[0], &rate_octet[0], rate_size);
1862
1863         switch (priv->reg.operation_mode) {
1864         case MODE_PSEUDO_ADHOC:
1865                 hostif_ps_adhoc_set_request(priv);
1866                 break;
1867         case MODE_INFRASTRUCTURE:
1868                 if (!is_valid_ether_addr((u8 *)priv->reg.bssid)) {
1869                         hostif_infrastructure_set_request(priv,
1870                                                           HIF_INFRA_SET_REQ);
1871                 } else {
1872                         hostif_infrastructure_set_request(priv,
1873                                                           HIF_INFRA_SET2_REQ);
1874                         netdev_dbg(priv->net_dev,
1875                                    "Infra bssid = %pM\n", priv->reg.bssid);
1876                 }
1877                 break;
1878         case MODE_ADHOC:
1879                 if (!is_valid_ether_addr((u8 *)priv->reg.bssid)) {
1880                         hostif_adhoc_set_request(priv);
1881                 } else {
1882                         hostif_adhoc_set2_request(priv);
1883                         netdev_dbg(priv->net_dev,
1884                                    "Adhoc bssid = %pM\n", priv->reg.bssid);
1885                 }
1886                 break;
1887         default:
1888                 break;
1889         }
1890 }
1891
1892 static
1893 void hostif_sme_multicast_set(struct ks_wlan_private *priv)
1894 {
1895         struct net_device *dev = priv->net_dev;
1896         int mc_count;
1897         struct netdev_hw_addr *ha;
1898         char set_address[NIC_MAX_MCAST_LIST * ETH_ALEN];
1899         int i = 0;
1900
1901         spin_lock(&priv->multicast_spin);
1902
1903         memset(set_address, 0, NIC_MAX_MCAST_LIST * ETH_ALEN);
1904
1905         if (dev->flags & IFF_PROMISC) {
1906                 hostif_mib_set_request_int(priv, LOCAL_MULTICAST_FILTER,
1907                                            MCAST_FILTER_PROMISC);
1908                 goto spin_unlock;
1909         }
1910
1911         if ((netdev_mc_count(dev) > NIC_MAX_MCAST_LIST) ||
1912             (dev->flags & IFF_ALLMULTI)) {
1913                 hostif_mib_set_request_int(priv, LOCAL_MULTICAST_FILTER,
1914                                            MCAST_FILTER_MCASTALL);
1915                 goto spin_unlock;
1916         }
1917
1918         if (priv->sme_i.sme_flag & SME_MULTICAST) {
1919                 mc_count = netdev_mc_count(dev);
1920                 netdev_for_each_mc_addr(ha, dev) {
1921                         ether_addr_copy(&set_address[i * ETH_ALEN], ha->addr);
1922                         i++;
1923                 }
1924                 priv->sme_i.sme_flag &= ~SME_MULTICAST;
1925                 hostif_mib_set_request_ostring(priv, LOCAL_MULTICAST_ADDRESS,
1926                                                &set_address[0],
1927                                                ETH_ALEN * mc_count);
1928         } else {
1929                 priv->sme_i.sme_flag |= SME_MULTICAST;
1930                 hostif_mib_set_request_int(priv, LOCAL_MULTICAST_FILTER,
1931                                            MCAST_FILTER_MCAST);
1932         }
1933
1934 spin_unlock:
1935         spin_unlock(&priv->multicast_spin);
1936 }
1937
1938 static void hostif_sme_power_mgmt_set(struct ks_wlan_private *priv)
1939 {
1940         u32 mode, wake_up, receive_dtims;
1941
1942         if (priv->reg.power_mgmt != POWER_MGMT_SAVE1 &&
1943             priv->reg.power_mgmt != POWER_MGMT_SAVE2) {
1944                 mode = POWER_ACTIVE;
1945                 wake_up = 0;
1946                 receive_dtims = 0;
1947         } else {
1948                 mode = (priv->reg.operation_mode == MODE_INFRASTRUCTURE) ?
1949                         POWER_SAVE : POWER_ACTIVE;
1950                 wake_up = 0;
1951                 receive_dtims = (priv->reg.operation_mode == MODE_INFRASTRUCTURE &&
1952                                  priv->reg.power_mgmt == POWER_MGMT_SAVE2);
1953         }
1954
1955         hostif_power_mgmt_request(priv, mode, wake_up, receive_dtims);
1956 }
1957
1958 static void hostif_sme_sleep_set(struct ks_wlan_private *priv)
1959 {
1960         if (priv->sleep_mode != SLP_SLEEP &&
1961             priv->sleep_mode != SLP_ACTIVE)
1962                 return;
1963
1964         hostif_sleep_request(priv, priv->sleep_mode);
1965 }
1966
1967 static
1968 void hostif_sme_set_key(struct ks_wlan_private *priv, int type)
1969 {
1970         switch (type) {
1971         case SME_SET_FLAG:
1972                 hostif_mib_set_request_bool(priv, DOT11_PRIVACY_INVOKED,
1973                                             priv->reg.privacy_invoked);
1974                 break;
1975         case SME_SET_TXKEY:
1976                 hostif_mib_set_request_int(priv, DOT11_WEP_DEFAULT_KEY_ID,
1977                                            priv->wpa.txkey);
1978                 break;
1979         case SME_SET_KEY1:
1980                 hostif_mib_set_request_ostring(priv,
1981                                                DOT11_WEP_DEFAULT_KEY_VALUE1,
1982                                                &priv->wpa.key[0].key_val[0],
1983                                                priv->wpa.key[0].key_len);
1984                 break;
1985         case SME_SET_KEY2:
1986                 hostif_mib_set_request_ostring(priv,
1987                                                DOT11_WEP_DEFAULT_KEY_VALUE2,
1988                                                &priv->wpa.key[1].key_val[0],
1989                                                priv->wpa.key[1].key_len);
1990                 break;
1991         case SME_SET_KEY3:
1992                 hostif_mib_set_request_ostring(priv,
1993                                                DOT11_WEP_DEFAULT_KEY_VALUE3,
1994                                                &priv->wpa.key[2].key_val[0],
1995                                                priv->wpa.key[2].key_len);
1996                 break;
1997         case SME_SET_KEY4:
1998                 hostif_mib_set_request_ostring(priv,
1999                                                DOT11_WEP_DEFAULT_KEY_VALUE4,
2000                                                &priv->wpa.key[3].key_val[0],
2001                                                priv->wpa.key[3].key_len);
2002                 break;
2003         case SME_SET_PMK_TSC:
2004                 hostif_mib_set_request_ostring(priv, DOT11_PMK_TSC,
2005                                                &priv->wpa.key[0].rx_seq[0],
2006                                                WPA_RX_SEQ_LEN);
2007                 break;
2008         case SME_SET_GMK1_TSC:
2009                 hostif_mib_set_request_ostring(priv, DOT11_GMK1_TSC,
2010                                                &priv->wpa.key[1].rx_seq[0],
2011                                                WPA_RX_SEQ_LEN);
2012                 break;
2013         case SME_SET_GMK2_TSC:
2014                 hostif_mib_set_request_ostring(priv, DOT11_GMK2_TSC,
2015                                                &priv->wpa.key[2].rx_seq[0],
2016                                                WPA_RX_SEQ_LEN);
2017                 break;
2018         }
2019 }
2020
2021 static
2022 void hostif_sme_set_pmksa(struct ks_wlan_private *priv)
2023 {
2024         struct pmk_cache {
2025                 __le16 size;
2026                 struct {
2027                         u8 bssid[ETH_ALEN];
2028                         u8 pmkid[IW_PMKID_LEN];
2029                 } __packed list[PMK_LIST_MAX];
2030         } __packed pmkcache;
2031         struct pmk *pmk;
2032         size_t size;
2033         int i = 0;
2034
2035         list_for_each_entry(pmk, &priv->pmklist.head, list) {
2036                 if (i >= PMK_LIST_MAX)
2037                         break;
2038                 ether_addr_copy(pmkcache.list[i].bssid, pmk->bssid);
2039                 memcpy(pmkcache.list[i].pmkid, pmk->pmkid, IW_PMKID_LEN);
2040                 i++;
2041         }
2042         pmkcache.size = cpu_to_le16(priv->pmklist.size);
2043         size = sizeof(priv->pmklist.size) +
2044                ((ETH_ALEN + IW_PMKID_LEN) * priv->pmklist.size);
2045         hostif_mib_set_request_ostring(priv, LOCAL_PMK, &pmkcache, size);
2046 }
2047
2048 /* execute sme */
2049 static void hostif_sme_execute(struct ks_wlan_private *priv, int event)
2050 {
2051         u16 failure;
2052
2053         switch (event) {
2054         case SME_START:
2055                 if (priv->dev_state == DEVICE_STATE_BOOT)
2056                         hostif_mib_get_request(priv, DOT11_MAC_ADDRESS);
2057                 break;
2058         case SME_MULTICAST_REQUEST:
2059                 hostif_sme_multicast_set(priv);
2060                 break;
2061         case SME_MACADDRESS_SET_REQUEST:
2062                 hostif_mib_set_request_ostring(priv, LOCAL_CURRENTADDRESS,
2063                                                &priv->eth_addr[0], ETH_ALEN);
2064                 break;
2065         case SME_BSS_SCAN_REQUEST:
2066                 hostif_bss_scan_request(priv, priv->reg.scan_type,
2067                                         priv->scan_ssid, priv->scan_ssid_len);
2068                 break;
2069         case SME_POW_MNGMT_REQUEST:
2070                 hostif_sme_power_mgmt_set(priv);
2071                 break;
2072         case SME_PHY_INFO_REQUEST:
2073                 hostif_phy_information_request(priv);
2074                 break;
2075         case SME_MIC_FAILURE_REQUEST:
2076                 failure = priv->wpa.mic_failure.failure;
2077                 if (failure != 1 && failure != 2) {
2078                         netdev_err(priv->net_dev,
2079                                    "SME_MIC_FAILURE_REQUEST: failure count=%u error?\n",
2080                                    failure);
2081                         return;
2082                 }
2083                 hostif_mic_failure_request(priv, failure - 1, (failure == 1) ?
2084                                             0 : priv->wpa.mic_failure.counter);
2085                 break;
2086         case SME_MIC_FAILURE_CONFIRM:
2087                 if (priv->wpa.mic_failure.failure == 2) {
2088                         if (priv->wpa.mic_failure.stop)
2089                                 priv->wpa.mic_failure.stop = 0;
2090                         priv->wpa.mic_failure.failure = 0;
2091                         hostif_start_request(priv, priv->reg.operation_mode);
2092                 }
2093                 break;
2094         case SME_GET_MAC_ADDRESS:
2095                 if (priv->dev_state == DEVICE_STATE_BOOT)
2096                         hostif_mib_get_request(priv, DOT11_PRODUCT_VERSION);
2097                 break;
2098         case SME_GET_PRODUCT_VERSION:
2099                 if (priv->dev_state == DEVICE_STATE_BOOT)
2100                         priv->dev_state = DEVICE_STATE_PREINIT;
2101                 break;
2102         case SME_STOP_REQUEST:
2103                 hostif_stop_request(priv);
2104                 break;
2105         case SME_RTS_THRESHOLD_REQUEST:
2106                 hostif_mib_set_request_int(priv, DOT11_RTS_THRESHOLD,
2107                                            priv->reg.rts);
2108                 break;
2109         case SME_FRAGMENTATION_THRESHOLD_REQUEST:
2110                 hostif_mib_set_request_int(priv, DOT11_FRAGMENTATION_THRESHOLD,
2111                                            priv->reg.fragment);
2112                 break;
2113         case SME_WEP_INDEX_REQUEST:
2114         case SME_WEP_KEY1_REQUEST:
2115         case SME_WEP_KEY2_REQUEST:
2116         case SME_WEP_KEY3_REQUEST:
2117         case SME_WEP_KEY4_REQUEST:
2118         case SME_WEP_FLAG_REQUEST:
2119                 hostif_sme_set_wep(priv, event);
2120                 break;
2121         case SME_RSN_UCAST_REQUEST:
2122         case SME_RSN_MCAST_REQUEST:
2123         case SME_RSN_AUTH_REQUEST:
2124         case SME_RSN_ENABLED_REQUEST:
2125         case SME_RSN_MODE_REQUEST:
2126                 hostif_sme_set_rsn(priv, event);
2127                 break;
2128         case SME_SET_FLAG:
2129         case SME_SET_TXKEY:
2130         case SME_SET_KEY1:
2131         case SME_SET_KEY2:
2132         case SME_SET_KEY3:
2133         case SME_SET_KEY4:
2134         case SME_SET_PMK_TSC:
2135         case SME_SET_GMK1_TSC:
2136         case SME_SET_GMK2_TSC:
2137                 hostif_sme_set_key(priv, event);
2138                 break;
2139         case SME_SET_PMKSA:
2140                 hostif_sme_set_pmksa(priv);
2141                 break;
2142         case SME_WPS_ENABLE_REQUEST:
2143                 hostif_mib_set_request_int(priv, LOCAL_WPS_ENABLE,
2144                                            priv->wps.wps_enabled);
2145                 break;
2146         case SME_WPS_PROBE_REQUEST:
2147                 hostif_mib_set_request_ostring(priv, LOCAL_WPS_PROBE_REQ,
2148                                                priv->wps.ie, priv->wps.ielen);
2149                 break;
2150         case SME_MODE_SET_REQUEST:
2151                 hostif_sme_mode_setup(priv);
2152                 break;
2153         case SME_SET_GAIN:
2154                 hostif_mib_set_request_ostring(priv, LOCAL_GAIN,
2155                                                &priv->gain, sizeof(priv->gain));
2156                 break;
2157         case SME_GET_GAIN:
2158                 hostif_mib_get_request(priv, LOCAL_GAIN);
2159                 break;
2160         case SME_GET_EEPROM_CKSUM:
2161                 priv->eeprom_checksum = EEPROM_FW_NOT_SUPPORT;  /* initialize */
2162                 hostif_mib_get_request(priv, LOCAL_EEPROM_SUM);
2163                 break;
2164         case SME_START_REQUEST:
2165                 hostif_start_request(priv, priv->reg.operation_mode);
2166                 break;
2167         case SME_START_CONFIRM:
2168                 /* for power save */
2169                 atomic_set(&priv->psstatus.snooze_guard, 0);
2170                 atomic_set(&priv->psstatus.confirm_wait, 0);
2171                 if (priv->dev_state == DEVICE_STATE_PREINIT)
2172                         priv->dev_state = DEVICE_STATE_INIT;
2173                 /* wake_up_interruptible_all(&priv->confirm_wait); */
2174                 complete(&priv->confirm_wait);
2175                 break;
2176         case SME_SLEEP_REQUEST:
2177                 hostif_sme_sleep_set(priv);
2178                 break;
2179         case SME_SET_REGION:
2180                 hostif_mib_set_request_int(priv, LOCAL_REGION, priv->region);
2181                 break;
2182         case SME_MULTICAST_CONFIRM:
2183         case SME_BSS_SCAN_CONFIRM:
2184         case SME_POW_MNGMT_CONFIRM:
2185         case SME_PHY_INFO_CONFIRM:
2186         case SME_STOP_CONFIRM:
2187         case SME_RTS_THRESHOLD_CONFIRM:
2188         case SME_FRAGMENTATION_THRESHOLD_CONFIRM:
2189         case SME_WEP_INDEX_CONFIRM:
2190         case SME_WEP_KEY1_CONFIRM:
2191         case SME_WEP_KEY2_CONFIRM:
2192         case SME_WEP_KEY3_CONFIRM:
2193         case SME_WEP_KEY4_CONFIRM:
2194         case SME_WEP_FLAG_CONFIRM:
2195         case SME_RSN_UCAST_CONFIRM:
2196         case SME_RSN_MCAST_CONFIRM:
2197         case SME_RSN_AUTH_CONFIRM:
2198         case SME_RSN_ENABLED_CONFIRM:
2199         case SME_RSN_MODE_CONFIRM:
2200         case SME_MODE_SET_CONFIRM:
2201         case SME_TERMINATE:
2202         default:
2203                 break;
2204         }
2205 }
2206
2207 static
2208 void hostif_sme_task(struct tasklet_struct *t)
2209 {
2210         struct ks_wlan_private *priv = from_tasklet(priv, t, sme_task);
2211
2212         if (priv->dev_state < DEVICE_STATE_BOOT)
2213                 return;
2214
2215         if (cnt_smeqbody(priv) <= 0)
2216                 return;
2217
2218         hostif_sme_execute(priv, priv->sme_i.event_buff[priv->sme_i.qhead]);
2219         inc_smeqhead(priv);
2220         if (cnt_smeqbody(priv) > 0)
2221                 tasklet_schedule(&priv->sme_task);
2222 }
2223
2224 /* send to Station Management Entity module */
2225 void hostif_sme_enqueue(struct ks_wlan_private *priv, u16 event)
2226 {
2227         /* enqueue sme event */
2228         if (cnt_smeqbody(priv) < (SME_EVENT_BUFF_SIZE - 1)) {
2229                 priv->sme_i.event_buff[priv->sme_i.qtail] = event;
2230                 inc_smeqtail(priv);
2231         } else {
2232                 /* in case of buffer overflow */
2233                 netdev_err(priv->net_dev, "sme queue buffer overflow\n");
2234         }
2235
2236         tasklet_schedule(&priv->sme_task);
2237 }
2238
2239 static inline void hostif_aplist_init(struct ks_wlan_private *priv)
2240 {
2241         size_t size = LOCAL_APLIST_MAX * sizeof(struct local_ap);
2242
2243         priv->aplist.size = 0;
2244         memset(&priv->aplist.ap[0], 0, size);
2245 }
2246
2247 static inline void hostif_status_init(struct ks_wlan_private *priv)
2248 {
2249         priv->infra_status = 0;
2250         priv->current_rate = 4;
2251         priv->connect_status = DISCONNECT_STATUS;
2252 }
2253
2254 static inline void hostif_sme_init(struct ks_wlan_private *priv)
2255 {
2256         priv->sme_i.sme_status = SME_IDLE;
2257         priv->sme_i.qhead = 0;
2258         priv->sme_i.qtail = 0;
2259         spin_lock_init(&priv->sme_i.sme_spin);
2260         priv->sme_i.sme_flag = 0;
2261         tasklet_setup(&priv->sme_task, hostif_sme_task);
2262 }
2263
2264 static inline void hostif_wpa_init(struct ks_wlan_private *priv)
2265 {
2266         memset(&priv->wpa, 0, sizeof(priv->wpa));
2267         priv->wpa.rsn_enabled = false;
2268         priv->wpa.mic_failure.failure = 0;
2269         priv->wpa.mic_failure.last_failure_time = 0;
2270         priv->wpa.mic_failure.stop = 0;
2271 }
2272
2273 static inline void hostif_power_save_init(struct ks_wlan_private *priv)
2274 {
2275         atomic_set(&priv->psstatus.status, PS_NONE);
2276         atomic_set(&priv->psstatus.confirm_wait, 0);
2277         atomic_set(&priv->psstatus.snooze_guard, 0);
2278         init_completion(&priv->psstatus.wakeup_wait);
2279         INIT_WORK(&priv->wakeup_work, ks_wlan_hw_wakeup_task);
2280 }
2281
2282 static inline void hostif_pmklist_init(struct ks_wlan_private *priv)
2283 {
2284         int i;
2285
2286         memset(&priv->pmklist, 0, sizeof(priv->pmklist));
2287         INIT_LIST_HEAD(&priv->pmklist.head);
2288         for (i = 0; i < PMK_LIST_MAX; i++)
2289                 INIT_LIST_HEAD(&priv->pmklist.pmk[i].list);
2290 }
2291
2292 static inline void hostif_counters_init(struct ks_wlan_private *priv)
2293 {
2294         priv->dev_count = 0;
2295         atomic_set(&priv->event_count, 0);
2296         atomic_set(&priv->rec_count, 0);
2297 }
2298
2299 int hostif_init(struct ks_wlan_private *priv)
2300 {
2301         hostif_aplist_init(priv);
2302         hostif_status_init(priv);
2303
2304         spin_lock_init(&priv->multicast_spin);
2305         spin_lock_init(&priv->dev_read_lock);
2306         init_waitqueue_head(&priv->devread_wait);
2307
2308         hostif_counters_init(priv);
2309         hostif_power_save_init(priv);
2310         hostif_wpa_init(priv);
2311         hostif_pmklist_init(priv);
2312         hostif_sme_init(priv);
2313
2314         return 0;
2315 }
2316
2317 void hostif_exit(struct ks_wlan_private *priv)
2318 {
2319         tasklet_kill(&priv->sme_task);
2320 }