1 // SPDX-License-Identifier: GPL-2.0-only
2 /*
3  * NXP Wireless LAN device driver: HW/FW Initialization
4  *
5  * Copyright 2011-2020 NXP
6  */
7 
8 #include "decl.h"
9 #include "ioctl.h"
10 #include "util.h"
11 #include "fw.h"
12 #include "main.h"
13 #include "wmm.h"
14 #include "11n.h"
15 
16 /*
17  * This function adds a BSS priority table to the table list.
18  *
19  * The function allocates a new BSS priority table node and adds it to
20  * the end of BSS priority table list, kept in driver memory.
21  */
22 static int mwifiex_add_bss_prio_tbl(struct mwifiex_private *priv)
23 {
24 	struct mwifiex_adapter *adapter = priv->adapter;
25 	struct mwifiex_bss_prio_node *bss_prio;
26 	struct mwifiex_bss_prio_tbl *tbl = adapter->bss_prio_tbl;
27 
28 	bss_prio = kzalloc(sizeof(struct mwifiex_bss_prio_node), GFP_KERNEL);
29 	if (!bss_prio)
30 		return -ENOMEM;
31 
32 	bss_prio->priv = priv;
33 	INIT_LIST_HEAD(&bss_prio->list);
34 
35 	spin_lock_bh(&tbl[priv->bss_priority].bss_prio_lock);
36 	list_add_tail(&bss_prio->list, &tbl[priv->bss_priority].bss_prio_head);
37 	spin_unlock_bh(&tbl[priv->bss_priority].bss_prio_lock);
38 
39 	return 0;
40 }
41 
42 static void wakeup_timer_fn(struct timer_list *t)
43 {
44 	struct mwifiex_adapter *adapter = from_timer(adapter, t, wakeup_timer);
45 
46 	mwifiex_dbg(adapter, ERROR, "Firmware wakeup failed\n");
47 	adapter->hw_status = MWIFIEX_HW_STATUS_RESET;
48 	mwifiex_cancel_all_pending_cmd(adapter);
49 
50 	if (adapter->if_ops.card_reset)
51 		adapter->if_ops.card_reset(adapter);
52 }
53 
54 static void fw_dump_work(struct work_struct *work)
55 {
56 	struct mwifiex_adapter *adapter =
57 		container_of(work, struct mwifiex_adapter, devdump_work.work);
58 
59 	mwifiex_upload_device_dump(adapter);
60 }
61 
62 /*
63  * This function initializes the private structure and sets default
64  * values to the members.
65  *
66  * Additionally, it also initializes all the locks and sets up all the
67  * lists.
68  */
69 int mwifiex_init_priv(struct mwifiex_private *priv)
70 {
71 	u32 i;
72 
73 	priv->media_connected = false;
74 	eth_broadcast_addr(priv->curr_addr);
75 	priv->port_open = false;
76 	priv->usb_port = MWIFIEX_USB_EP_DATA;
77 	priv->pkt_tx_ctrl = 0;
78 	priv->bss_mode = NL80211_IFTYPE_UNSPECIFIED;
79 	priv->data_rate = 0;	/* Initially indicate the rate as auto */
80 	priv->is_data_rate_auto = true;
81 	priv->bcn_avg_factor = DEFAULT_BCN_AVG_FACTOR;
82 	priv->data_avg_factor = DEFAULT_DATA_AVG_FACTOR;
83 
84 	priv->sec_info.wep_enabled = 0;
85 	priv->sec_info.authentication_mode = NL80211_AUTHTYPE_OPEN_SYSTEM;
86 	priv->sec_info.encryption_mode = 0;
87 	for (i = 0; i < ARRAY_SIZE(priv->wep_key); i++)
88 		memset(&priv->wep_key[i], 0, sizeof(struct mwifiex_wep_key));
89 	priv->wep_key_curr_index = 0;
90 	priv->curr_pkt_filter = HostCmd_ACT_MAC_DYNAMIC_BW_ENABLE |
91 				HostCmd_ACT_MAC_RX_ON | HostCmd_ACT_MAC_TX_ON |
92 				HostCmd_ACT_MAC_ETHERNETII_ENABLE;
93 
94 	priv->beacon_period = 100; /* beacon interval */
95 	priv->attempted_bss_desc = NULL;
96 	memset(&priv->curr_bss_params, 0, sizeof(priv->curr_bss_params));
97 	priv->listen_interval = MWIFIEX_DEFAULT_LISTEN_INTERVAL;
98 
99 	memset(&priv->prev_ssid, 0, sizeof(priv->prev_ssid));
100 	memset(&priv->prev_bssid, 0, sizeof(priv->prev_bssid));
101 	memset(&priv->assoc_rsp_buf, 0, sizeof(priv->assoc_rsp_buf));
102 	priv->assoc_rsp_size = 0;
103 	priv->adhoc_channel = DEFAULT_AD_HOC_CHANNEL;
104 	priv->atim_window = 0;
105 	priv->adhoc_state = ADHOC_IDLE;
106 	priv->tx_power_level = 0;
107 	priv->max_tx_power_level = 0;
108 	priv->min_tx_power_level = 0;
109 	priv->tx_ant = 0;
110 	priv->rx_ant = 0;
111 	priv->tx_rate = 0;
112 	priv->rxpd_htinfo = 0;
113 	priv->rxpd_rate = 0;
114 	priv->rate_bitmap = 0;
115 	priv->data_rssi_last = 0;
116 	priv->data_rssi_avg = 0;
117 	priv->data_nf_avg = 0;
118 	priv->data_nf_last = 0;
119 	priv->bcn_rssi_last = 0;
120 	priv->bcn_rssi_avg = 0;
121 	priv->bcn_nf_avg = 0;
122 	priv->bcn_nf_last = 0;
123 	memset(&priv->wpa_ie, 0, sizeof(priv->wpa_ie));
124 	memset(&priv->aes_key, 0, sizeof(priv->aes_key));
125 	priv->wpa_ie_len = 0;
126 	priv->wpa_is_gtk_set = false;
127 
128 	memset(&priv->assoc_tlv_buf, 0, sizeof(priv->assoc_tlv_buf));
129 	priv->assoc_tlv_buf_len = 0;
130 	memset(&priv->wps, 0, sizeof(priv->wps));
131 	memset(&priv->gen_ie_buf, 0, sizeof(priv->gen_ie_buf));
132 	priv->gen_ie_buf_len = 0;
133 	memset(priv->vs_ie, 0, sizeof(priv->vs_ie));
134 
135 	priv->wmm_required = true;
136 	priv->wmm_enabled = false;
137 	priv->wmm_qosinfo = 0;
138 	priv->curr_bcn_buf = NULL;
139 	priv->curr_bcn_size = 0;
140 	priv->wps_ie = NULL;
141 	priv->wps_ie_len = 0;
142 	priv->ap_11n_enabled = 0;
143 	memset(&priv->roc_cfg, 0, sizeof(priv->roc_cfg));
144 
145 	priv->scan_block = false;
146 
147 	priv->csa_chan = 0;
148 	priv->csa_expire_time = 0;
149 	priv->del_list_idx = 0;
150 	priv->hs2_enabled = false;
151 	priv->check_tdls_tx = false;
152 	memcpy(priv->tos_to_tid_inv, tos_to_tid_inv, MAX_NUM_TID);
153 
154 	mwifiex_init_11h_params(priv);
155 
156 	return mwifiex_add_bss_prio_tbl(priv);
157 }
158 
159 /*
160  * This function allocates buffers for members of the adapter
161  * structure.
162  *
163  * The memory allocated includes scan table, command buffers, and
164  * sleep confirm command buffer. In addition, the queues are
165  * also initialized.
166  */
167 static int mwifiex_allocate_adapter(struct mwifiex_adapter *adapter)
168 {
169 	int ret;
170 
171 	/* Allocate command buffer */
172 	ret = mwifiex_alloc_cmd_buffer(adapter);
173 	if (ret) {
174 		mwifiex_dbg(adapter, ERROR,
175 			    "%s: failed to alloc cmd buffer\n",
176 			    __func__);
177 		return -1;
178 	}
179 
180 	adapter->sleep_cfm =
181 		dev_alloc_skb(sizeof(struct mwifiex_opt_sleep_confirm)
182 			      + INTF_HEADER_LEN);
183 
184 	if (!adapter->sleep_cfm) {
185 		mwifiex_dbg(adapter, ERROR,
186 			    "%s: failed to alloc sleep cfm\t"
187 			    " cmd buffer\n", __func__);
188 		return -1;
189 	}
190 	skb_reserve(adapter->sleep_cfm, INTF_HEADER_LEN);
191 
192 	return 0;
193 }
194 
195 /*
196  * This function initializes the adapter structure and sets default
197  * values to the members of adapter.
198  *
199  * This also initializes the WMM related parameters in the driver private
200  * structures.
201  */
202 static void mwifiex_init_adapter(struct mwifiex_adapter *adapter)
203 {
204 	struct mwifiex_opt_sleep_confirm *sleep_cfm_buf = NULL;
205 
206 	skb_put(adapter->sleep_cfm, sizeof(struct mwifiex_opt_sleep_confirm));
207 
208 	adapter->cmd_sent = false;
209 
210 	if (adapter->iface_type == MWIFIEX_SDIO)
211 		adapter->data_sent = true;
212 	else
213 		adapter->data_sent = false;
214 
215 	if (adapter->iface_type == MWIFIEX_USB)
216 		adapter->intf_hdr_len = 0;
217 	else
218 		adapter->intf_hdr_len = INTF_HEADER_LEN;
219 
220 	adapter->cmd_resp_received = false;
221 	adapter->event_received = false;
222 	adapter->data_received = false;
223 
224 	clear_bit(MWIFIEX_SURPRISE_REMOVED, &adapter->work_flags);
225 
226 	adapter->hw_status = MWIFIEX_HW_STATUS_INITIALIZING;
227 
228 	adapter->ps_mode = MWIFIEX_802_11_POWER_MODE_CAM;
229 	adapter->ps_state = PS_STATE_AWAKE;
230 	adapter->need_to_wakeup = false;
231 
232 	adapter->scan_mode = HostCmd_BSS_MODE_ANY;
233 	adapter->specific_scan_time = MWIFIEX_SPECIFIC_SCAN_CHAN_TIME;
234 	adapter->active_scan_time = MWIFIEX_ACTIVE_SCAN_CHAN_TIME;
235 	adapter->passive_scan_time = MWIFIEX_PASSIVE_SCAN_CHAN_TIME;
236 	adapter->scan_chan_gap_time = MWIFIEX_DEF_SCAN_CHAN_GAP_TIME;
237 
238 	adapter->scan_probes = 1;
239 
240 	adapter->multiple_dtim = 1;
241 
242 	adapter->local_listen_interval = 0;	/* default value in firmware
243 						   will be used */
244 
245 	adapter->is_deep_sleep = false;
246 
247 	adapter->delay_null_pkt = false;
248 	adapter->delay_to_ps = 1000;
249 	adapter->enhanced_ps_mode = PS_MODE_AUTO;
250 
251 	adapter->gen_null_pkt = false;	/* Disable NULL Pkg generation by
252 					   default */
253 	adapter->pps_uapsd_mode = false; /* Disable pps/uapsd mode by
254 					   default */
255 	adapter->pm_wakeup_card_req = false;
256 
257 	adapter->pm_wakeup_fw_try = false;
258 
259 	adapter->curr_tx_buf_size = MWIFIEX_TX_DATA_BUF_SIZE_2K;
260 
261 	clear_bit(MWIFIEX_IS_HS_CONFIGURED, &adapter->work_flags);
262 	adapter->hs_cfg.conditions = cpu_to_le32(HS_CFG_COND_DEF);
263 	adapter->hs_cfg.gpio = HS_CFG_GPIO_DEF;
264 	adapter->hs_cfg.gap = HS_CFG_GAP_DEF;
265 	adapter->hs_activated = false;
266 
267 	memset(adapter->event_body, 0, sizeof(adapter->event_body));
268 	adapter->hw_dot_11n_dev_cap = 0;
269 	adapter->hw_dev_mcs_support = 0;
270 	adapter->sec_chan_offset = 0;
271 	adapter->adhoc_11n_enabled = false;
272 
273 	mwifiex_wmm_init(adapter);
274 	atomic_set(&adapter->tx_hw_pending, 0);
275 
276 	sleep_cfm_buf = (struct mwifiex_opt_sleep_confirm *)
277 					adapter->sleep_cfm->data;
278 	memset(sleep_cfm_buf, 0, adapter->sleep_cfm->len);
279 	sleep_cfm_buf->command = cpu_to_le16(HostCmd_CMD_802_11_PS_MODE_ENH);
280 	sleep_cfm_buf->size = cpu_to_le16(adapter->sleep_cfm->len);
281 	sleep_cfm_buf->result = 0;
282 	sleep_cfm_buf->action = cpu_to_le16(SLEEP_CONFIRM);
283 	sleep_cfm_buf->resp_ctrl = cpu_to_le16(RESP_NEEDED);
284 
285 	memset(&adapter->sleep_params, 0, sizeof(adapter->sleep_params));
286 	memset(&adapter->sleep_period, 0, sizeof(adapter->sleep_period));
287 	adapter->tx_lock_flag = false;
288 	adapter->null_pkt_interval = 0;
289 	adapter->fw_bands = 0;
290 	adapter->config_bands = 0;
291 	adapter->adhoc_start_band = 0;
292 	adapter->scan_channels = NULL;
293 	adapter->fw_release_number = 0;
294 	adapter->fw_cap_info = 0;
295 	memset(&adapter->upld_buf, 0, sizeof(adapter->upld_buf));
296 	adapter->event_cause = 0;
297 	adapter->region_code = 0;
298 	adapter->bcn_miss_time_out = DEFAULT_BCN_MISS_TIMEOUT;
299 	adapter->adhoc_awake_period = 0;
300 	memset(&adapter->arp_filter, 0, sizeof(adapter->arp_filter));
301 	adapter->arp_filter_size = 0;
302 	adapter->max_mgmt_ie_index = MAX_MGMT_IE_INDEX;
303 	adapter->mfg_mode = mfg_mode;
304 	adapter->key_api_major_ver = 0;
305 	adapter->key_api_minor_ver = 0;
306 	eth_broadcast_addr(adapter->perm_addr);
307 	adapter->iface_limit.sta_intf = MWIFIEX_MAX_STA_NUM;
308 	adapter->iface_limit.uap_intf = MWIFIEX_MAX_UAP_NUM;
309 	adapter->iface_limit.p2p_intf = MWIFIEX_MAX_P2P_NUM;
310 	adapter->active_scan_triggered = false;
311 	timer_setup(&adapter->wakeup_timer, wakeup_timer_fn, 0);
312 	adapter->devdump_len = 0;
313 	INIT_DELAYED_WORK(&adapter->devdump_work, fw_dump_work);
314 }
315 
316 /*
317  * This function sets trans_start per tx_queue
318  */
319 void mwifiex_set_trans_start(struct net_device *dev)
320 {
321 	int i;
322 
323 	for (i = 0; i < dev->num_tx_queues; i++)
324 		txq_trans_cond_update(netdev_get_tx_queue(dev, i));
325 
326 	netif_trans_update(dev);
327 }
328 
329 /*
330  * This function wakes up all queues in net_device
331  */
332 void mwifiex_wake_up_net_dev_queue(struct net_device *netdev,
333 					struct mwifiex_adapter *adapter)
334 {
335 	spin_lock_bh(&adapter->queue_lock);
336 	netif_tx_wake_all_queues(netdev);
337 	spin_unlock_bh(&adapter->queue_lock);
338 }
339 
340 /*
341  * This function stops all queues in net_device
342  */
343 void mwifiex_stop_net_dev_queue(struct net_device *netdev,
344 					struct mwifiex_adapter *adapter)
345 {
346 	spin_lock_bh(&adapter->queue_lock);
347 	netif_tx_stop_all_queues(netdev);
348 	spin_unlock_bh(&adapter->queue_lock);
349 }
350 
351 /*
352  * This function invalidates the list heads.
353  */
354 static void mwifiex_invalidate_lists(struct mwifiex_adapter *adapter)
355 {
356 	struct mwifiex_private *priv;
357 	s32 i, j;
358 
359 	list_del(&adapter->cmd_free_q);
360 	list_del(&adapter->cmd_pending_q);
361 	list_del(&adapter->scan_pending_q);
362 
363 	for (i = 0; i < adapter->priv_num; i++)
364 		list_del(&adapter->bss_prio_tbl[i].bss_prio_head);
365 
366 	for (i = 0; i < adapter->priv_num; i++) {
367 		if (adapter->priv[i]) {
368 			priv = adapter->priv[i];
369 			for (j = 0; j < MAX_NUM_TID; ++j)
370 				list_del(&priv->wmm.tid_tbl_ptr[j].ra_list);
371 			list_del(&priv->tx_ba_stream_tbl_ptr);
372 			list_del(&priv->rx_reorder_tbl_ptr);
373 			list_del(&priv->sta_list);
374 			list_del(&priv->auto_tdls_list);
375 		}
376 	}
377 }
378 
379 /*
380  * This function performs cleanup for adapter structure.
381  *
382  * The cleanup is done recursively, by canceling all pending
383  * commands, freeing the member buffers previously allocated
384  * (command buffers, scan table buffer, sleep confirm command
385  * buffer), stopping the timers and calling the cleanup routines
386  * for every interface.
387  */
388 static void
389 mwifiex_adapter_cleanup(struct mwifiex_adapter *adapter)
390 {
391 	del_timer(&adapter->wakeup_timer);
392 	cancel_delayed_work_sync(&adapter->devdump_work);
393 	mwifiex_cancel_all_pending_cmd(adapter);
394 	wake_up_interruptible(&adapter->cmd_wait_q.wait);
395 	wake_up_interruptible(&adapter->hs_activate_wait_q);
396 }
397 
398 void mwifiex_free_cmd_buffers(struct mwifiex_adapter *adapter)
399 {
400 	mwifiex_invalidate_lists(adapter);
401 
402 	/* Free command buffer */
403 	mwifiex_dbg(adapter, INFO, "info: free cmd buffer\n");
404 	mwifiex_free_cmd_buffer(adapter);
405 
406 	if (adapter->sleep_cfm)
407 		dev_kfree_skb_any(adapter->sleep_cfm);
408 }
409 
410 /*
411  *  This function intializes the lock variables and
412  *  the list heads.
413  */
414 int mwifiex_init_lock_list(struct mwifiex_adapter *adapter)
415 {
416 	struct mwifiex_private *priv;
417 	s32 i, j;
418 
419 	spin_lock_init(&adapter->int_lock);
420 	spin_lock_init(&adapter->main_proc_lock);
421 	spin_lock_init(&adapter->mwifiex_cmd_lock);
422 	spin_lock_init(&adapter->queue_lock);
423 	for (i = 0; i < adapter->priv_num; i++) {
424 		if (adapter->priv[i]) {
425 			priv = adapter->priv[i];
426 			spin_lock_init(&priv->wmm.ra_list_spinlock);
427 			spin_lock_init(&priv->curr_bcn_buf_lock);
428 			spin_lock_init(&priv->sta_list_spinlock);
429 			spin_lock_init(&priv->auto_tdls_lock);
430 		}
431 	}
432 
433 	/* Initialize cmd_free_q */
434 	INIT_LIST_HEAD(&adapter->cmd_free_q);
435 	/* Initialize cmd_pending_q */
436 	INIT_LIST_HEAD(&adapter->cmd_pending_q);
437 	/* Initialize scan_pending_q */
438 	INIT_LIST_HEAD(&adapter->scan_pending_q);
439 
440 	spin_lock_init(&adapter->cmd_free_q_lock);
441 	spin_lock_init(&adapter->cmd_pending_q_lock);
442 	spin_lock_init(&adapter->scan_pending_q_lock);
443 	spin_lock_init(&adapter->rx_proc_lock);
444 
445 	skb_queue_head_init(&adapter->rx_data_q);
446 	skb_queue_head_init(&adapter->tx_data_q);
447 
448 	for (i = 0; i < adapter->priv_num; ++i) {
449 		INIT_LIST_HEAD(&adapter->bss_prio_tbl[i].bss_prio_head);
450 		spin_lock_init(&adapter->bss_prio_tbl[i].bss_prio_lock);
451 	}
452 
453 	for (i = 0; i < adapter->priv_num; i++) {
454 		if (!adapter->priv[i])
455 			continue;
456 		priv = adapter->priv[i];
457 		for (j = 0; j < MAX_NUM_TID; ++j)
458 			INIT_LIST_HEAD(&priv->wmm.tid_tbl_ptr[j].ra_list);
459 		INIT_LIST_HEAD(&priv->tx_ba_stream_tbl_ptr);
460 		INIT_LIST_HEAD(&priv->rx_reorder_tbl_ptr);
461 		INIT_LIST_HEAD(&priv->sta_list);
462 		INIT_LIST_HEAD(&priv->auto_tdls_list);
463 		skb_queue_head_init(&priv->tdls_txq);
464 		skb_queue_head_init(&priv->bypass_txq);
465 
466 		spin_lock_init(&priv->tx_ba_stream_tbl_lock);
467 		spin_lock_init(&priv->rx_reorder_tbl_lock);
468 
469 		spin_lock_init(&priv->ack_status_lock);
470 		idr_init(&priv->ack_status_frames);
471 	}
472 
473 	return 0;
474 }
475 
476 /*
477  * This function initializes the firmware.
478  *
479  * The following operations are performed sequentially -
480  *      - Allocate adapter structure
481  *      - Initialize the adapter structure
482  *      - Initialize the private structure
483  *      - Add BSS priority tables to the adapter structure
484  *      - For each interface, send the init commands to firmware
485  *      - Send the first command in command pending queue, if available
486  */
487 int mwifiex_init_fw(struct mwifiex_adapter *adapter)
488 {
489 	int ret;
490 	struct mwifiex_private *priv;
491 	u8 i, first_sta = true;
492 	int is_cmd_pend_q_empty;
493 
494 	adapter->hw_status = MWIFIEX_HW_STATUS_INITIALIZING;
495 
496 	/* Allocate memory for member of adapter structure */
497 	ret = mwifiex_allocate_adapter(adapter);
498 	if (ret)
499 		return -1;
500 
501 	/* Initialize adapter structure */
502 	mwifiex_init_adapter(adapter);
503 
504 	for (i = 0; i < adapter->priv_num; i++) {
505 		if (adapter->priv[i]) {
506 			priv = adapter->priv[i];
507 
508 			/* Initialize private structure */
509 			ret = mwifiex_init_priv(priv);
510 			if (ret)
511 				return -1;
512 		}
513 	}
514 	if (adapter->mfg_mode) {
515 		adapter->hw_status = MWIFIEX_HW_STATUS_READY;
516 		ret = -EINPROGRESS;
517 	} else {
518 		for (i = 0; i < adapter->priv_num; i++) {
519 			if (adapter->priv[i]) {
520 				ret = mwifiex_sta_init_cmd(adapter->priv[i],
521 							   first_sta, true);
522 				if (ret == -1)
523 					return -1;
524 
525 				first_sta = false;
526 			}
527 
528 
529 
530 		}
531 	}
532 
533 	spin_lock_bh(&adapter->cmd_pending_q_lock);
534 	is_cmd_pend_q_empty = list_empty(&adapter->cmd_pending_q);
535 	spin_unlock_bh(&adapter->cmd_pending_q_lock);
536 	if (!is_cmd_pend_q_empty) {
537 		/* Send the first command in queue and return */
538 		if (mwifiex_main_process(adapter) != -1)
539 			ret = -EINPROGRESS;
540 	} else {
541 		adapter->hw_status = MWIFIEX_HW_STATUS_READY;
542 	}
543 
544 	return ret;
545 }
546 
547 /*
548  * This function deletes the BSS priority tables.
549  *
550  * The function traverses through all the allocated BSS priority nodes
551  * in every BSS priority table and frees them.
552  */
553 static void mwifiex_delete_bss_prio_tbl(struct mwifiex_private *priv)
554 {
555 	int i;
556 	struct mwifiex_adapter *adapter = priv->adapter;
557 	struct mwifiex_bss_prio_node *bssprio_node, *tmp_node;
558 	struct list_head *head;
559 	spinlock_t *lock; /* bss priority lock */
560 
561 	for (i = 0; i < adapter->priv_num; ++i) {
562 		head = &adapter->bss_prio_tbl[i].bss_prio_head;
563 		lock = &adapter->bss_prio_tbl[i].bss_prio_lock;
564 		mwifiex_dbg(adapter, INFO,
565 			    "info: delete BSS priority table,\t"
566 			    "bss_type = %d, bss_num = %d, i = %d,\t"
567 			    "head = %p\n",
568 			    priv->bss_type, priv->bss_num, i, head);
569 
570 		{
571 			spin_lock_bh(lock);
572 			list_for_each_entry_safe(bssprio_node, tmp_node, head,
573 						 list) {
574 				if (bssprio_node->priv == priv) {
575 					mwifiex_dbg(adapter, INFO,
576 						    "info: Delete\t"
577 						    "node %p, next = %p\n",
578 						    bssprio_node, tmp_node);
579 					list_del(&bssprio_node->list);
580 					kfree(bssprio_node);
581 				}
582 			}
583 			spin_unlock_bh(lock);
584 		}
585 	}
586 }
587 
588 /*
589  * This function frees the private structure, including cleans
590  * up the TX and RX queues and frees the BSS priority tables.
591  */
592 void mwifiex_free_priv(struct mwifiex_private *priv)
593 {
594 	mwifiex_clean_txrx(priv);
595 	mwifiex_delete_bss_prio_tbl(priv);
596 	mwifiex_free_curr_bcn(priv);
597 }
598 
599 /*
600  * This function is used to shutdown the driver.
601  *
602  * The following operations are performed sequentially -
603  *      - Check if already shut down
604  *      - Make sure the main process has stopped
605  *      - Clean up the Tx and Rx queues
606  *      - Delete BSS priority tables
607  *      - Free the adapter
608  *      - Notify completion
609  */
610 void
611 mwifiex_shutdown_drv(struct mwifiex_adapter *adapter)
612 {
613 	struct mwifiex_private *priv;
614 	s32 i;
615 	struct sk_buff *skb;
616 
617 	/* mwifiex already shutdown */
618 	if (adapter->hw_status == MWIFIEX_HW_STATUS_NOT_READY)
619 		return;
620 
621 	/* cancel current command */
622 	if (adapter->curr_cmd) {
623 		mwifiex_dbg(adapter, WARN,
624 			    "curr_cmd is still in processing\n");
625 		del_timer_sync(&adapter->cmd_timer);
626 		mwifiex_recycle_cmd_node(adapter, adapter->curr_cmd);
627 		adapter->curr_cmd = NULL;
628 	}
629 
630 	/* shut down mwifiex */
631 	mwifiex_dbg(adapter, MSG,
632 		    "info: shutdown mwifiex...\n");
633 
634 	/* Clean up Tx/Rx queues and delete BSS priority table */
635 	for (i = 0; i < adapter->priv_num; i++) {
636 		if (adapter->priv[i]) {
637 			priv = adapter->priv[i];
638 
639 			mwifiex_clean_auto_tdls(priv);
640 			mwifiex_abort_cac(priv);
641 			mwifiex_free_priv(priv);
642 		}
643 	}
644 
645 	atomic_set(&adapter->tx_queued, 0);
646 	while ((skb = skb_dequeue(&adapter->tx_data_q)))
647 		mwifiex_write_data_complete(adapter, skb, 0, 0);
648 
649 	spin_lock_bh(&adapter->rx_proc_lock);
650 
651 	while ((skb = skb_dequeue(&adapter->rx_data_q))) {
652 		struct mwifiex_rxinfo *rx_info = MWIFIEX_SKB_RXCB(skb);
653 
654 		atomic_dec(&adapter->rx_pending);
655 		priv = adapter->priv[rx_info->bss_num];
656 		if (priv)
657 			priv->stats.rx_dropped++;
658 
659 		dev_kfree_skb_any(skb);
660 	}
661 
662 	spin_unlock_bh(&adapter->rx_proc_lock);
663 
664 	mwifiex_adapter_cleanup(adapter);
665 
666 	adapter->hw_status = MWIFIEX_HW_STATUS_NOT_READY;
667 }
668 
669 /*
670  * This function downloads the firmware to the card.
671  *
672  * The actual download is preceded by two sanity checks -
673  *      - Check if firmware is already running
674  *      - Check if the interface is the winner to download the firmware
675  *
676  * ...and followed by another -
677  *      - Check if the firmware is downloaded successfully
678  *
679  * After download is successfully completed, the host interrupts are enabled.
680  */
681 int mwifiex_dnld_fw(struct mwifiex_adapter *adapter,
682 		    struct mwifiex_fw_image *pmfw)
683 {
684 	int ret;
685 	u32 poll_num = 1;
686 
687 	/* check if firmware is already running */
688 	ret = adapter->if_ops.check_fw_status(adapter, poll_num);
689 	if (!ret) {
690 		mwifiex_dbg(adapter, MSG,
691 			    "WLAN FW already running! Skip FW dnld\n");
692 		return 0;
693 	}
694 
695 	/* check if we are the winner for downloading FW */
696 	if (adapter->if_ops.check_winner_status) {
697 		adapter->winner = 0;
698 		ret = adapter->if_ops.check_winner_status(adapter);
699 
700 		poll_num = MAX_FIRMWARE_POLL_TRIES;
701 		if (ret) {
702 			mwifiex_dbg(adapter, MSG,
703 				    "WLAN read winner status failed!\n");
704 			return ret;
705 		}
706 
707 		if (!adapter->winner) {
708 			mwifiex_dbg(adapter, MSG,
709 				    "WLAN is not the winner! Skip FW dnld\n");
710 			goto poll_fw;
711 		}
712 	}
713 
714 	if (pmfw) {
715 		/* Download firmware with helper */
716 		ret = adapter->if_ops.prog_fw(adapter, pmfw);
717 		if (ret) {
718 			mwifiex_dbg(adapter, ERROR,
719 				    "prog_fw failed ret=%#x\n", ret);
720 			return ret;
721 		}
722 	}
723 
724 poll_fw:
725 	/* Check if the firmware is downloaded successfully or not */
726 	ret = adapter->if_ops.check_fw_status(adapter, poll_num);
727 	if (ret)
728 		mwifiex_dbg(adapter, ERROR,
729 			    "FW failed to be active in time\n");
730 
731 	return ret;
732 }
733 EXPORT_SYMBOL_GPL(mwifiex_dnld_fw);
734