1 /*
2 * Copyright (c) 2010-2011 Atheros Communications Inc.
3 *
4 * Permission to use, copy, modify, and/or distribute this software for any
5 * purpose with or without fee is hereby granted, provided that the above
6 * copyright notice and this permission notice appear in all copies.
7 *
8 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
9 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
10 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
11 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
12 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
13 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
14 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
15 */
16
17 #define pr_fmt(fmt) KBUILD_MODNAME ": " fmt
18
19 #include "htc.h"
20
htc_issue_send(struct htc_target * target,struct sk_buff * skb,u16 len,u8 flags,u8 epid)21 static int htc_issue_send(struct htc_target *target, struct sk_buff* skb,
22 u16 len, u8 flags, u8 epid)
23
24 {
25 struct htc_frame_hdr *hdr;
26 struct htc_endpoint *endpoint = &target->endpoint[epid];
27 int status;
28
29 hdr = skb_push(skb, sizeof(struct htc_frame_hdr));
30 hdr->endpoint_id = epid;
31 hdr->flags = flags;
32 hdr->payload_len = cpu_to_be16(len);
33 memset(hdr->control, 0, sizeof(hdr->control));
34
35 status = target->hif->send(target->hif_dev, endpoint->ul_pipeid, skb);
36
37 return status;
38 }
39
get_next_avail_ep(struct htc_endpoint * endpoint)40 static struct htc_endpoint *get_next_avail_ep(struct htc_endpoint *endpoint)
41 {
42 enum htc_endpoint_id avail_epid;
43
44 for (avail_epid = (ENDPOINT_MAX - 1); avail_epid > ENDPOINT0; avail_epid--)
45 if (endpoint[avail_epid].service_id == 0)
46 return &endpoint[avail_epid];
47 return NULL;
48 }
49
service_to_ulpipe(u16 service_id)50 static u8 service_to_ulpipe(u16 service_id)
51 {
52 switch (service_id) {
53 case WMI_CONTROL_SVC:
54 return 4;
55 case WMI_BEACON_SVC:
56 case WMI_CAB_SVC:
57 case WMI_UAPSD_SVC:
58 case WMI_MGMT_SVC:
59 case WMI_DATA_VO_SVC:
60 case WMI_DATA_VI_SVC:
61 case WMI_DATA_BE_SVC:
62 case WMI_DATA_BK_SVC:
63 return 1;
64 default:
65 return 0;
66 }
67 }
68
service_to_dlpipe(u16 service_id)69 static u8 service_to_dlpipe(u16 service_id)
70 {
71 switch (service_id) {
72 case WMI_CONTROL_SVC:
73 return 3;
74 case WMI_BEACON_SVC:
75 case WMI_CAB_SVC:
76 case WMI_UAPSD_SVC:
77 case WMI_MGMT_SVC:
78 case WMI_DATA_VO_SVC:
79 case WMI_DATA_VI_SVC:
80 case WMI_DATA_BE_SVC:
81 case WMI_DATA_BK_SVC:
82 return 2;
83 default:
84 return 0;
85 }
86 }
87
htc_process_target_rdy(struct htc_target * target,void * buf)88 static void htc_process_target_rdy(struct htc_target *target,
89 void *buf)
90 {
91 struct htc_endpoint *endpoint;
92 struct htc_ready_msg *htc_ready_msg = (struct htc_ready_msg *) buf;
93
94 target->credit_size = be16_to_cpu(htc_ready_msg->credit_size);
95
96 endpoint = &target->endpoint[ENDPOINT0];
97 endpoint->service_id = HTC_CTRL_RSVD_SVC;
98 endpoint->max_msglen = HTC_MAX_CONTROL_MESSAGE_LENGTH;
99 atomic_inc(&target->tgt_ready);
100 complete(&target->target_wait);
101 }
102
htc_process_conn_rsp(struct htc_target * target,struct htc_frame_hdr * htc_hdr)103 static void htc_process_conn_rsp(struct htc_target *target,
104 struct htc_frame_hdr *htc_hdr)
105 {
106 struct htc_conn_svc_rspmsg *svc_rspmsg;
107 struct htc_endpoint *endpoint, *tmp_endpoint = NULL;
108 u16 service_id;
109 u16 max_msglen;
110 enum htc_endpoint_id epid, tepid;
111
112 svc_rspmsg = (struct htc_conn_svc_rspmsg *)
113 ((void *) htc_hdr + sizeof(struct htc_frame_hdr));
114
115 if (svc_rspmsg->status == HTC_SERVICE_SUCCESS) {
116 epid = svc_rspmsg->endpoint_id;
117
118 /* Check that the received epid for the endpoint to attach
119 * a new service is valid. ENDPOINT0 can't be used here as it
120 * is already reserved for HTC_CTRL_RSVD_SVC service and thus
121 * should not be modified.
122 */
123 if (epid <= ENDPOINT0 || epid >= ENDPOINT_MAX)
124 return;
125
126 service_id = be16_to_cpu(svc_rspmsg->service_id);
127 max_msglen = be16_to_cpu(svc_rspmsg->max_msg_len);
128 endpoint = &target->endpoint[epid];
129
130 for (tepid = (ENDPOINT_MAX - 1); tepid > ENDPOINT0; tepid--) {
131 tmp_endpoint = &target->endpoint[tepid];
132 if (tmp_endpoint->service_id == service_id) {
133 tmp_endpoint->service_id = 0;
134 break;
135 }
136 }
137
138 if (tepid == ENDPOINT0)
139 return;
140
141 endpoint->service_id = service_id;
142 endpoint->max_txqdepth = tmp_endpoint->max_txqdepth;
143 endpoint->ep_callbacks = tmp_endpoint->ep_callbacks;
144 endpoint->ul_pipeid = tmp_endpoint->ul_pipeid;
145 endpoint->dl_pipeid = tmp_endpoint->dl_pipeid;
146 endpoint->max_msglen = max_msglen;
147 target->conn_rsp_epid = epid;
148 complete(&target->cmd_wait);
149 } else {
150 target->conn_rsp_epid = ENDPOINT_UNUSED;
151 }
152 }
153
htc_config_pipe_credits(struct htc_target * target)154 static int htc_config_pipe_credits(struct htc_target *target)
155 {
156 struct sk_buff *skb;
157 struct htc_config_pipe_msg *cp_msg;
158 int ret;
159 unsigned long time_left;
160
161 skb = alloc_skb(50 + sizeof(struct htc_frame_hdr), GFP_ATOMIC);
162 if (!skb) {
163 dev_err(target->dev, "failed to allocate send buffer\n");
164 return -ENOMEM;
165 }
166 skb_reserve(skb, sizeof(struct htc_frame_hdr));
167
168 cp_msg = skb_put(skb, sizeof(struct htc_config_pipe_msg));
169
170 cp_msg->message_id = cpu_to_be16(HTC_MSG_CONFIG_PIPE_ID);
171 cp_msg->pipe_id = USB_WLAN_TX_PIPE;
172 cp_msg->credits = target->credits;
173
174 target->htc_flags |= HTC_OP_CONFIG_PIPE_CREDITS;
175
176 ret = htc_issue_send(target, skb, skb->len, 0, ENDPOINT0);
177 if (ret)
178 goto err;
179
180 time_left = wait_for_completion_timeout(&target->cmd_wait, HZ);
181 if (!time_left) {
182 dev_err(target->dev, "HTC credit config timeout\n");
183 return -ETIMEDOUT;
184 }
185
186 return 0;
187 err:
188 kfree_skb(skb);
189 return -EINVAL;
190 }
191
htc_setup_complete(struct htc_target * target)192 static int htc_setup_complete(struct htc_target *target)
193 {
194 struct sk_buff *skb;
195 struct htc_comp_msg *comp_msg;
196 int ret = 0;
197 unsigned long time_left;
198
199 skb = alloc_skb(50 + sizeof(struct htc_frame_hdr), GFP_ATOMIC);
200 if (!skb) {
201 dev_err(target->dev, "failed to allocate send buffer\n");
202 return -ENOMEM;
203 }
204 skb_reserve(skb, sizeof(struct htc_frame_hdr));
205
206 comp_msg = skb_put(skb, sizeof(struct htc_comp_msg));
207 comp_msg->msg_id = cpu_to_be16(HTC_MSG_SETUP_COMPLETE_ID);
208
209 target->htc_flags |= HTC_OP_START_WAIT;
210
211 ret = htc_issue_send(target, skb, skb->len, 0, ENDPOINT0);
212 if (ret)
213 goto err;
214
215 time_left = wait_for_completion_timeout(&target->cmd_wait, HZ);
216 if (!time_left) {
217 dev_err(target->dev, "HTC start timeout\n");
218 return -ETIMEDOUT;
219 }
220
221 return 0;
222
223 err:
224 kfree_skb(skb);
225 return -EINVAL;
226 }
227
228 /* HTC APIs */
229
htc_init(struct htc_target * target)230 int htc_init(struct htc_target *target)
231 {
232 int ret;
233
234 ret = htc_config_pipe_credits(target);
235 if (ret)
236 return ret;
237
238 return htc_setup_complete(target);
239 }
240
htc_connect_service(struct htc_target * target,struct htc_service_connreq * service_connreq,enum htc_endpoint_id * conn_rsp_epid)241 int htc_connect_service(struct htc_target *target,
242 struct htc_service_connreq *service_connreq,
243 enum htc_endpoint_id *conn_rsp_epid)
244 {
245 struct sk_buff *skb;
246 struct htc_endpoint *endpoint;
247 struct htc_conn_svc_msg *conn_msg;
248 int ret;
249 unsigned long time_left;
250
251 /* Find an available endpoint */
252 endpoint = get_next_avail_ep(target->endpoint);
253 if (!endpoint) {
254 dev_err(target->dev, "Endpoint is not available for service %d\n",
255 service_connreq->service_id);
256 return -EINVAL;
257 }
258
259 endpoint->service_id = service_connreq->service_id;
260 endpoint->max_txqdepth = service_connreq->max_send_qdepth;
261 endpoint->ul_pipeid = service_to_ulpipe(service_connreq->service_id);
262 endpoint->dl_pipeid = service_to_dlpipe(service_connreq->service_id);
263 endpoint->ep_callbacks = service_connreq->ep_callbacks;
264
265 skb = alloc_skb(sizeof(struct htc_conn_svc_msg) +
266 sizeof(struct htc_frame_hdr), GFP_ATOMIC);
267 if (!skb) {
268 dev_err(target->dev, "Failed to allocate buf to send"
269 "service connect req\n");
270 return -ENOMEM;
271 }
272
273 skb_reserve(skb, sizeof(struct htc_frame_hdr));
274
275 conn_msg = skb_put(skb, sizeof(struct htc_conn_svc_msg));
276 conn_msg->service_id = cpu_to_be16(service_connreq->service_id);
277 conn_msg->msg_id = cpu_to_be16(HTC_MSG_CONNECT_SERVICE_ID);
278 conn_msg->con_flags = cpu_to_be16(service_connreq->con_flags);
279 conn_msg->dl_pipeid = endpoint->dl_pipeid;
280 conn_msg->ul_pipeid = endpoint->ul_pipeid;
281
282 /* To prevent infoleak */
283 conn_msg->svc_meta_len = 0;
284 conn_msg->pad = 0;
285
286 ret = htc_issue_send(target, skb, skb->len, 0, ENDPOINT0);
287 if (ret)
288 goto err;
289
290 time_left = wait_for_completion_timeout(&target->cmd_wait, HZ);
291 if (!time_left) {
292 dev_err(target->dev, "Service connection timeout for: %d\n",
293 service_connreq->service_id);
294 return -ETIMEDOUT;
295 }
296
297 if (target->conn_rsp_epid < 0 || target->conn_rsp_epid >= ENDPOINT_MAX)
298 return -EINVAL;
299
300 *conn_rsp_epid = target->conn_rsp_epid;
301 return 0;
302 err:
303 kfree_skb(skb);
304 return ret;
305 }
306
htc_send(struct htc_target * target,struct sk_buff * skb)307 int htc_send(struct htc_target *target, struct sk_buff *skb)
308 {
309 struct ath9k_htc_tx_ctl *tx_ctl;
310
311 tx_ctl = HTC_SKB_CB(skb);
312 return htc_issue_send(target, skb, skb->len, 0, tx_ctl->epid);
313 }
314
htc_send_epid(struct htc_target * target,struct sk_buff * skb,enum htc_endpoint_id epid)315 int htc_send_epid(struct htc_target *target, struct sk_buff *skb,
316 enum htc_endpoint_id epid)
317 {
318 return htc_issue_send(target, skb, skb->len, 0, epid);
319 }
320
htc_stop(struct htc_target * target)321 void htc_stop(struct htc_target *target)
322 {
323 target->hif->stop(target->hif_dev);
324 }
325
htc_start(struct htc_target * target)326 void htc_start(struct htc_target *target)
327 {
328 target->hif->start(target->hif_dev);
329 }
330
htc_sta_drain(struct htc_target * target,u8 idx)331 void htc_sta_drain(struct htc_target *target, u8 idx)
332 {
333 target->hif->sta_drain(target->hif_dev, idx);
334 }
335
ath9k_htc_txcompletion_cb(struct htc_target * htc_handle,struct sk_buff * skb,bool txok)336 void ath9k_htc_txcompletion_cb(struct htc_target *htc_handle,
337 struct sk_buff *skb, bool txok)
338 {
339 struct htc_endpoint *endpoint;
340 struct htc_frame_hdr *htc_hdr = NULL;
341
342 if (htc_handle->htc_flags & HTC_OP_CONFIG_PIPE_CREDITS) {
343 complete(&htc_handle->cmd_wait);
344 htc_handle->htc_flags &= ~HTC_OP_CONFIG_PIPE_CREDITS;
345 goto ret;
346 }
347
348 if (htc_handle->htc_flags & HTC_OP_START_WAIT) {
349 complete(&htc_handle->cmd_wait);
350 htc_handle->htc_flags &= ~HTC_OP_START_WAIT;
351 goto ret;
352 }
353
354 if (skb) {
355 htc_hdr = (struct htc_frame_hdr *) skb->data;
356 if (htc_hdr->endpoint_id >= ARRAY_SIZE(htc_handle->endpoint))
357 goto ret;
358 endpoint = &htc_handle->endpoint[htc_hdr->endpoint_id];
359 skb_pull(skb, sizeof(struct htc_frame_hdr));
360
361 if (endpoint->ep_callbacks.tx) {
362 endpoint->ep_callbacks.tx(endpoint->ep_callbacks.priv,
363 skb, htc_hdr->endpoint_id,
364 txok);
365 } else {
366 kfree_skb(skb);
367 }
368 }
369
370 return;
371 ret:
372 kfree_skb(skb);
373 }
374
ath9k_htc_fw_panic_report(struct htc_target * htc_handle,struct sk_buff * skb,u32 len)375 static void ath9k_htc_fw_panic_report(struct htc_target *htc_handle,
376 struct sk_buff *skb, u32 len)
377 {
378 uint32_t *pattern = (uint32_t *)skb->data;
379
380 if (*pattern == 0x33221199 && len >= sizeof(struct htc_panic_bad_vaddr)) {
381 struct htc_panic_bad_vaddr *htc_panic;
382 htc_panic = (struct htc_panic_bad_vaddr *) skb->data;
383 dev_err(htc_handle->dev, "ath: firmware panic! "
384 "exccause: 0x%08x; pc: 0x%08x; badvaddr: 0x%08x.\n",
385 htc_panic->exccause, htc_panic->pc,
386 htc_panic->badvaddr);
387 return;
388 }
389 if (*pattern == 0x33221299) {
390 struct htc_panic_bad_epid *htc_panic;
391 htc_panic = (struct htc_panic_bad_epid *) skb->data;
392 dev_err(htc_handle->dev, "ath: firmware panic! "
393 "bad epid: 0x%08x\n", htc_panic->epid);
394 return;
395 }
396 dev_err(htc_handle->dev, "ath: unknown panic pattern!\n");
397 }
398
399 /*
400 * HTC Messages are handled directly here and the obtained SKB
401 * is freed.
402 *
403 * Service messages (Data, WMI) are passed to the corresponding
404 * endpoint RX handlers, which have to free the SKB.
405 */
ath9k_htc_rx_msg(struct htc_target * htc_handle,struct sk_buff * skb,u32 len,u8 pipe_id)406 void ath9k_htc_rx_msg(struct htc_target *htc_handle,
407 struct sk_buff *skb, u32 len, u8 pipe_id)
408 {
409 struct htc_frame_hdr *htc_hdr;
410 enum htc_endpoint_id epid;
411 struct htc_endpoint *endpoint;
412 __be16 *msg_id;
413
414 if (!htc_handle || !skb)
415 return;
416
417 /* A valid message requires len >= 8.
418 *
419 * sizeof(struct htc_frame_hdr) == 8
420 * sizeof(struct htc_ready_msg) == 8
421 * sizeof(struct htc_panic_bad_vaddr) == 16
422 * sizeof(struct htc_panic_bad_epid) == 8
423 */
424 if (unlikely(len < sizeof(struct htc_frame_hdr)))
425 goto invalid;
426 htc_hdr = (struct htc_frame_hdr *) skb->data;
427 epid = htc_hdr->endpoint_id;
428
429 if (epid == 0x99) {
430 ath9k_htc_fw_panic_report(htc_handle, skb, len);
431 kfree_skb(skb);
432 return;
433 }
434
435 if (epid < 0 || epid >= ENDPOINT_MAX) {
436 invalid:
437 if (pipe_id != USB_REG_IN_PIPE)
438 dev_kfree_skb_any(skb);
439 else
440 kfree_skb(skb);
441 return;
442 }
443
444 if (epid == ENDPOINT0) {
445
446 /* Handle trailer */
447 if (htc_hdr->flags & HTC_FLAGS_RECV_TRAILER) {
448 if (be32_to_cpu(*(__be32 *) skb->data) == 0x00C60000) {
449 /* Move past the Watchdog pattern */
450 htc_hdr = (struct htc_frame_hdr *)(skb->data + 4);
451 len -= 4;
452 }
453 }
454
455 /* Get the message ID */
456 if (unlikely(len < sizeof(struct htc_frame_hdr) + sizeof(__be16)))
457 goto invalid;
458 msg_id = (__be16 *) ((void *) htc_hdr +
459 sizeof(struct htc_frame_hdr));
460
461 /* Now process HTC messages */
462 switch (be16_to_cpu(*msg_id)) {
463 case HTC_MSG_READY_ID:
464 if (unlikely(len < sizeof(struct htc_ready_msg)))
465 goto invalid;
466 htc_process_target_rdy(htc_handle, htc_hdr);
467 break;
468 case HTC_MSG_CONNECT_SERVICE_RESPONSE_ID:
469 if (unlikely(len < sizeof(struct htc_frame_hdr) +
470 sizeof(struct htc_conn_svc_rspmsg)))
471 goto invalid;
472 htc_process_conn_rsp(htc_handle, htc_hdr);
473 break;
474 default:
475 break;
476 }
477
478 kfree_skb(skb);
479
480 } else {
481 if (htc_hdr->flags & HTC_FLAGS_RECV_TRAILER)
482 skb_trim(skb, len - htc_hdr->control[0]);
483
484 skb_pull(skb, sizeof(struct htc_frame_hdr));
485
486 endpoint = &htc_handle->endpoint[epid];
487 if (endpoint->ep_callbacks.rx)
488 endpoint->ep_callbacks.rx(endpoint->ep_callbacks.priv,
489 skb, epid);
490 else
491 goto invalid;
492 }
493 }
494
ath9k_htc_hw_alloc(void * hif_handle,struct ath9k_htc_hif * hif,struct device * dev)495 struct htc_target *ath9k_htc_hw_alloc(void *hif_handle,
496 struct ath9k_htc_hif *hif,
497 struct device *dev)
498 {
499 struct htc_endpoint *endpoint;
500 struct htc_target *target;
501
502 target = kzalloc(sizeof(struct htc_target), GFP_KERNEL);
503 if (!target)
504 return NULL;
505
506 init_completion(&target->target_wait);
507 init_completion(&target->cmd_wait);
508
509 target->hif = hif;
510 target->hif_dev = hif_handle;
511 target->dev = dev;
512
513 /* Assign control endpoint pipe IDs */
514 endpoint = &target->endpoint[ENDPOINT0];
515 endpoint->ul_pipeid = hif->control_ul_pipe;
516 endpoint->dl_pipeid = hif->control_dl_pipe;
517
518 atomic_set(&target->tgt_ready, 0);
519
520 return target;
521 }
522
ath9k_htc_hw_free(struct htc_target * htc)523 void ath9k_htc_hw_free(struct htc_target *htc)
524 {
525 kfree(htc);
526 }
527
ath9k_htc_hw_init(struct htc_target * target,struct device * dev,u16 devid,char * product,u32 drv_info)528 int ath9k_htc_hw_init(struct htc_target *target,
529 struct device *dev, u16 devid,
530 char *product, u32 drv_info)
531 {
532 if (ath9k_htc_probe_device(target, dev, devid, product, drv_info)) {
533 pr_err("Failed to initialize the device\n");
534 return -ENODEV;
535 }
536
537 return 0;
538 }
539
ath9k_htc_hw_deinit(struct htc_target * target,bool hot_unplug)540 void ath9k_htc_hw_deinit(struct htc_target *target, bool hot_unplug)
541 {
542 if (target)
543 ath9k_htc_disconnect_device(target, hot_unplug);
544 }
545