1 /** 2 * Copyright (c) 2014 Redpine Signals Inc. 3 * 4 * Permission to use, copy, modify, and/or distribute this software for any 5 * purpose with or without fee is hereby granted, provided that the above 6 * copyright notice and this permission notice appear in all copies. 7 * 8 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 9 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 10 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 11 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 12 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 13 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 14 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 15 */ 16 17 #include <linux/firmware.h> 18 #include <net/bluetooth/bluetooth.h> 19 #include "rsi_mgmt.h" 20 #include "rsi_hal.h" 21 #include "rsi_sdio.h" 22 #include "rsi_common.h" 23 24 /* FLASH Firmware */ 25 static struct ta_metadata metadata_flash_content[] = { 26 {"flash_content", 0x00010000}, 27 {"rsi/rs9113_wlan_qspi.rps", 0x00010000}, 28 {"rsi/rs9113_wlan_bt_dual_mode.rps", 0x00010000}, 29 {"flash_content", 0x00010000}, 30 {"rsi/rs9113_ap_bt_dual_mode.rps", 0x00010000}, 31 32 }; 33 34 int rsi_send_pkt_to_bus(struct rsi_common *common, struct sk_buff *skb) 35 { 36 struct rsi_hw *adapter = common->priv; 37 int status; 38 39 if (common->coex_mode > 1) 40 mutex_lock(&common->tx_bus_mutex); 41 42 status = adapter->host_intf_ops->write_pkt(common->priv, 43 skb->data, skb->len); 44 45 if (common->coex_mode > 1) 46 mutex_unlock(&common->tx_bus_mutex); 47 48 return status; 49 } 50 51 int rsi_prepare_mgmt_desc(struct rsi_common *common, struct sk_buff *skb) 52 { 53 struct rsi_hw *adapter = common->priv; 54 struct ieee80211_hdr *wh = NULL; 55 struct ieee80211_tx_info *info; 56 struct ieee80211_conf *conf = &adapter->hw->conf; 57 struct ieee80211_vif *vif; 58 struct rsi_mgmt_desc *mgmt_desc; 59 struct skb_info *tx_params; 60 struct rsi_xtended_desc *xtend_desc = NULL; 61 u8 header_size; 62 u32 dword_align_bytes = 0; 63 64 if (skb->len > MAX_MGMT_PKT_SIZE) { 65 rsi_dbg(INFO_ZONE, "%s: Dropping mgmt pkt > 512\n", __func__); 66 return -EINVAL; 67 } 68 69 info = IEEE80211_SKB_CB(skb); 70 tx_params = (struct skb_info *)info->driver_data; 71 vif = tx_params->vif; 72 73 /* Update header size */ 74 header_size = FRAME_DESC_SZ + sizeof(struct rsi_xtended_desc); 75 if (header_size > skb_headroom(skb)) { 76 rsi_dbg(ERR_ZONE, 77 "%s: Failed to add extended descriptor\n", 78 __func__); 79 return -ENOSPC; 80 } 81 skb_push(skb, header_size); 82 dword_align_bytes = ((unsigned long)skb->data & 0x3f); 83 if (dword_align_bytes > skb_headroom(skb)) { 84 rsi_dbg(ERR_ZONE, 85 "%s: Failed to add dword align\n", __func__); 86 return -ENOSPC; 87 } 88 skb_push(skb, dword_align_bytes); 89 header_size += dword_align_bytes; 90 91 tx_params->internal_hdr_size = header_size; 92 memset(&skb->data[0], 0, header_size); 93 wh = (struct ieee80211_hdr *)&skb->data[header_size]; 94 95 mgmt_desc = (struct rsi_mgmt_desc *)skb->data; 96 xtend_desc = (struct rsi_xtended_desc *)&skb->data[FRAME_DESC_SZ]; 97 98 rsi_set_len_qno(&mgmt_desc->len_qno, (skb->len - FRAME_DESC_SZ), 99 RSI_WIFI_MGMT_Q); 100 mgmt_desc->frame_type = TX_DOT11_MGMT; 101 mgmt_desc->header_len = MIN_802_11_HDR_LEN; 102 mgmt_desc->xtend_desc_size = header_size - FRAME_DESC_SZ; 103 104 if (ieee80211_is_probe_req(wh->frame_control)) 105 mgmt_desc->frame_info = cpu_to_le16(RSI_INSERT_SEQ_IN_FW); 106 mgmt_desc->frame_info |= cpu_to_le16(RATE_INFO_ENABLE); 107 if (is_broadcast_ether_addr(wh->addr1)) 108 mgmt_desc->frame_info |= cpu_to_le16(RSI_BROADCAST_PKT); 109 110 mgmt_desc->seq_ctrl = 111 cpu_to_le16(IEEE80211_SEQ_TO_SN(le16_to_cpu(wh->seq_ctrl))); 112 if ((common->band == NL80211_BAND_2GHZ) && !common->p2p_enabled) 113 mgmt_desc->rate_info = cpu_to_le16(RSI_RATE_1); 114 else 115 mgmt_desc->rate_info = cpu_to_le16(RSI_RATE_6); 116 117 if (conf_is_ht40(conf)) 118 mgmt_desc->bbp_info = cpu_to_le16(FULL40M_ENABLE); 119 120 if (ieee80211_is_probe_resp(wh->frame_control)) { 121 mgmt_desc->misc_flags |= (RSI_ADD_DELTA_TSF_VAP_ID | 122 RSI_FETCH_RETRY_CNT_FRM_HST); 123 #define PROBE_RESP_RETRY_CNT 3 124 xtend_desc->retry_cnt = PROBE_RESP_RETRY_CNT; 125 } 126 127 if (((vif->type == NL80211_IFTYPE_AP) || 128 (vif->type == NL80211_IFTYPE_P2P_GO)) && 129 (ieee80211_is_action(wh->frame_control))) { 130 struct rsi_sta *rsta = rsi_find_sta(common, wh->addr1); 131 132 if (rsta) 133 mgmt_desc->sta_id = tx_params->sta_id; 134 else 135 return -EINVAL; 136 } 137 mgmt_desc->rate_info |= 138 cpu_to_le16((tx_params->vap_id << RSI_DESC_VAP_ID_OFST) & 139 RSI_DESC_VAP_ID_MASK); 140 141 return 0; 142 } 143 144 /* This function prepares descriptor for given data packet */ 145 int rsi_prepare_data_desc(struct rsi_common *common, struct sk_buff *skb) 146 { 147 struct rsi_hw *adapter = common->priv; 148 struct ieee80211_vif *vif; 149 struct ieee80211_hdr *wh = NULL; 150 struct ieee80211_tx_info *info; 151 struct skb_info *tx_params; 152 struct rsi_data_desc *data_desc; 153 struct rsi_xtended_desc *xtend_desc; 154 u8 ieee80211_size = MIN_802_11_HDR_LEN; 155 u8 header_size; 156 u8 vap_id = 0; 157 u8 dword_align_bytes; 158 u16 seq_num; 159 160 info = IEEE80211_SKB_CB(skb); 161 vif = info->control.vif; 162 tx_params = (struct skb_info *)info->driver_data; 163 164 header_size = FRAME_DESC_SZ + sizeof(struct rsi_xtended_desc); 165 if (header_size > skb_headroom(skb)) { 166 rsi_dbg(ERR_ZONE, "%s: Unable to send pkt\n", __func__); 167 return -ENOSPC; 168 } 169 skb_push(skb, header_size); 170 dword_align_bytes = ((unsigned long)skb->data & 0x3f); 171 if (header_size > skb_headroom(skb)) { 172 rsi_dbg(ERR_ZONE, "%s: Not enough headroom\n", __func__); 173 return -ENOSPC; 174 } 175 skb_push(skb, dword_align_bytes); 176 header_size += dword_align_bytes; 177 178 tx_params->internal_hdr_size = header_size; 179 data_desc = (struct rsi_data_desc *)skb->data; 180 memset(data_desc, 0, header_size); 181 182 xtend_desc = (struct rsi_xtended_desc *)&skb->data[FRAME_DESC_SZ]; 183 wh = (struct ieee80211_hdr *)&skb->data[header_size]; 184 seq_num = IEEE80211_SEQ_TO_SN(le16_to_cpu(wh->seq_ctrl)); 185 186 data_desc->xtend_desc_size = header_size - FRAME_DESC_SZ; 187 188 if (ieee80211_is_data_qos(wh->frame_control)) { 189 ieee80211_size += 2; 190 data_desc->mac_flags |= cpu_to_le16(RSI_QOS_ENABLE); 191 } 192 193 if (((vif->type == NL80211_IFTYPE_STATION) || 194 (vif->type == NL80211_IFTYPE_P2P_CLIENT)) && 195 (adapter->ps_state == PS_ENABLED)) 196 wh->frame_control |= cpu_to_le16(RSI_SET_PS_ENABLE); 197 198 if ((!(info->flags & IEEE80211_TX_INTFL_DONT_ENCRYPT)) && 199 (common->secinfo.security_enable)) { 200 if (rsi_is_cipher_wep(common)) 201 ieee80211_size += 4; 202 else 203 ieee80211_size += 8; 204 data_desc->mac_flags |= cpu_to_le16(RSI_ENCRYPT_PKT); 205 } 206 rsi_set_len_qno(&data_desc->len_qno, (skb->len - FRAME_DESC_SZ), 207 RSI_WIFI_DATA_Q); 208 data_desc->header_len = ieee80211_size; 209 210 if (common->min_rate != RSI_RATE_AUTO) { 211 /* Send fixed rate */ 212 data_desc->frame_info = cpu_to_le16(RATE_INFO_ENABLE); 213 data_desc->rate_info = cpu_to_le16(common->min_rate); 214 215 if (conf_is_ht40(&common->priv->hw->conf)) 216 data_desc->bbp_info = cpu_to_le16(FULL40M_ENABLE); 217 218 if ((common->vif_info[0].sgi) && (common->min_rate & 0x100)) { 219 /* Only MCS rates */ 220 data_desc->rate_info |= 221 cpu_to_le16(ENABLE_SHORTGI_RATE); 222 } 223 } 224 225 if (skb->protocol == cpu_to_be16(ETH_P_PAE)) { 226 rsi_dbg(INFO_ZONE, "*** Tx EAPOL ***\n"); 227 228 data_desc->frame_info = cpu_to_le16(RATE_INFO_ENABLE); 229 if (common->band == NL80211_BAND_5GHZ) 230 data_desc->rate_info = cpu_to_le16(RSI_RATE_6); 231 else 232 data_desc->rate_info = cpu_to_le16(RSI_RATE_1); 233 data_desc->mac_flags |= cpu_to_le16(RSI_REKEY_PURPOSE); 234 data_desc->misc_flags |= RSI_FETCH_RETRY_CNT_FRM_HST; 235 #define EAPOL_RETRY_CNT 15 236 xtend_desc->retry_cnt = EAPOL_RETRY_CNT; 237 238 if (common->eapol4_confirm) 239 skb->priority = VO_Q; 240 else 241 rsi_set_len_qno(&data_desc->len_qno, 242 (skb->len - FRAME_DESC_SZ), 243 RSI_WIFI_MGMT_Q); 244 if ((skb->len - header_size) == EAPOL4_PACKET_LEN) { 245 data_desc->misc_flags |= 246 RSI_DESC_REQUIRE_CFM_TO_HOST; 247 xtend_desc->confirm_frame_type = EAPOL4_CONFIRM; 248 } 249 } 250 251 data_desc->mac_flags |= cpu_to_le16(seq_num & 0xfff); 252 data_desc->qid_tid = ((skb->priority & 0xf) | 253 ((tx_params->tid & 0xf) << 4)); 254 data_desc->sta_id = tx_params->sta_id; 255 256 if ((is_broadcast_ether_addr(wh->addr1)) || 257 (is_multicast_ether_addr(wh->addr1))) { 258 data_desc->frame_info = cpu_to_le16(RATE_INFO_ENABLE); 259 data_desc->frame_info |= cpu_to_le16(RSI_BROADCAST_PKT); 260 data_desc->sta_id = vap_id; 261 262 if ((vif->type == NL80211_IFTYPE_AP) || 263 (vif->type == NL80211_IFTYPE_P2P_GO)) { 264 if (common->band == NL80211_BAND_5GHZ) 265 data_desc->rate_info = cpu_to_le16(RSI_RATE_6); 266 else 267 data_desc->rate_info = cpu_to_le16(RSI_RATE_1); 268 } 269 } 270 if (((vif->type == NL80211_IFTYPE_AP) || 271 (vif->type == NL80211_IFTYPE_P2P_GO)) && 272 (ieee80211_has_moredata(wh->frame_control))) 273 data_desc->frame_info |= cpu_to_le16(MORE_DATA_PRESENT); 274 275 data_desc->rate_info |= 276 cpu_to_le16((tx_params->vap_id << RSI_DESC_VAP_ID_OFST) & 277 RSI_DESC_VAP_ID_MASK); 278 279 return 0; 280 } 281 282 /* This function sends received data packet from driver to device */ 283 int rsi_send_data_pkt(struct rsi_common *common, struct sk_buff *skb) 284 { 285 struct rsi_hw *adapter = common->priv; 286 struct ieee80211_vif *vif; 287 struct ieee80211_tx_info *info; 288 struct ieee80211_bss_conf *bss; 289 int status = -EINVAL; 290 291 if (!skb) 292 return 0; 293 if (common->iface_down) 294 goto err; 295 296 info = IEEE80211_SKB_CB(skb); 297 if (!info->control.vif) 298 goto err; 299 vif = info->control.vif; 300 bss = &vif->bss_conf; 301 302 if (((vif->type == NL80211_IFTYPE_STATION) || 303 (vif->type == NL80211_IFTYPE_P2P_CLIENT)) && 304 (!bss->assoc)) 305 goto err; 306 307 status = rsi_send_pkt_to_bus(common, skb); 308 if (status) 309 rsi_dbg(ERR_ZONE, "%s: Failed to write pkt\n", __func__); 310 311 err: 312 ++common->tx_stats.total_tx_pkt_freed[skb->priority]; 313 rsi_indicate_tx_status(adapter, skb, status); 314 return status; 315 } 316 317 /** 318 * rsi_send_mgmt_pkt() - This functions sends the received management packet 319 * from driver to device. 320 * @common: Pointer to the driver private structure. 321 * @skb: Pointer to the socket buffer structure. 322 * 323 * Return: status: 0 on success, -1 on failure. 324 */ 325 int rsi_send_mgmt_pkt(struct rsi_common *common, 326 struct sk_buff *skb) 327 { 328 struct rsi_hw *adapter = common->priv; 329 struct ieee80211_bss_conf *bss; 330 struct ieee80211_hdr *wh; 331 struct ieee80211_tx_info *info; 332 struct skb_info *tx_params; 333 struct rsi_mgmt_desc *mgmt_desc; 334 struct rsi_xtended_desc *xtend_desc; 335 int status = -E2BIG; 336 u8 header_size; 337 338 info = IEEE80211_SKB_CB(skb); 339 tx_params = (struct skb_info *)info->driver_data; 340 header_size = tx_params->internal_hdr_size; 341 342 if (tx_params->flags & INTERNAL_MGMT_PKT) { 343 status = adapter->host_intf_ops->write_pkt(common->priv, 344 (u8 *)skb->data, 345 skb->len); 346 if (status) { 347 rsi_dbg(ERR_ZONE, 348 "%s: Failed to write the packet\n", __func__); 349 } 350 dev_kfree_skb(skb); 351 return status; 352 } 353 354 bss = &info->control.vif->bss_conf; 355 wh = (struct ieee80211_hdr *)&skb->data[header_size]; 356 mgmt_desc = (struct rsi_mgmt_desc *)skb->data; 357 xtend_desc = (struct rsi_xtended_desc *)&skb->data[FRAME_DESC_SZ]; 358 359 /* Indicate to firmware to give cfm for probe */ 360 if (ieee80211_is_probe_req(wh->frame_control) && !bss->assoc) { 361 rsi_dbg(INFO_ZONE, 362 "%s: blocking mgmt queue\n", __func__); 363 mgmt_desc->misc_flags = RSI_DESC_REQUIRE_CFM_TO_HOST; 364 xtend_desc->confirm_frame_type = PROBEREQ_CONFIRM; 365 common->mgmt_q_block = true; 366 rsi_dbg(INFO_ZONE, "Mgmt queue blocked\n"); 367 } 368 369 status = rsi_send_pkt_to_bus(common, skb); 370 if (status) 371 rsi_dbg(ERR_ZONE, "%s: Failed to write the packet\n", __func__); 372 373 rsi_indicate_tx_status(common->priv, skb, status); 374 return status; 375 } 376 377 int rsi_send_bt_pkt(struct rsi_common *common, struct sk_buff *skb) 378 { 379 int status = -EINVAL; 380 u8 header_size = 0; 381 struct rsi_bt_desc *bt_desc; 382 u8 queueno = ((skb->data[1] >> 4) & 0xf); 383 384 if (queueno == RSI_BT_MGMT_Q) { 385 status = rsi_send_pkt_to_bus(common, skb); 386 if (status) 387 rsi_dbg(ERR_ZONE, "%s: Failed to write bt mgmt pkt\n", 388 __func__); 389 goto out; 390 } 391 header_size = FRAME_DESC_SZ; 392 if (header_size > skb_headroom(skb)) { 393 rsi_dbg(ERR_ZONE, "%s: Not enough headroom\n", __func__); 394 status = -ENOSPC; 395 goto out; 396 } 397 skb_push(skb, header_size); 398 memset(skb->data, 0, header_size); 399 bt_desc = (struct rsi_bt_desc *)skb->data; 400 401 rsi_set_len_qno(&bt_desc->len_qno, (skb->len - FRAME_DESC_SZ), 402 RSI_BT_DATA_Q); 403 bt_desc->bt_pkt_type = cpu_to_le16(bt_cb(skb)->pkt_type); 404 405 status = rsi_send_pkt_to_bus(common, skb); 406 if (status) 407 rsi_dbg(ERR_ZONE, "%s: Failed to write bt pkt\n", __func__); 408 409 out: 410 dev_kfree_skb(skb); 411 return status; 412 } 413 414 int rsi_prepare_beacon(struct rsi_common *common, struct sk_buff *skb) 415 { 416 struct rsi_hw *adapter = (struct rsi_hw *)common->priv; 417 struct rsi_data_desc *bcn_frm; 418 struct ieee80211_hw *hw = common->priv->hw; 419 struct ieee80211_conf *conf = &hw->conf; 420 struct ieee80211_vif *vif; 421 struct sk_buff *mac_bcn; 422 u8 vap_id = 0, i; 423 u16 tim_offset = 0; 424 425 for (i = 0; i < RSI_MAX_VIFS; i++) { 426 vif = adapter->vifs[i]; 427 if (!vif) 428 continue; 429 if ((vif->type == NL80211_IFTYPE_AP) || 430 (vif->type == NL80211_IFTYPE_P2P_GO)) 431 break; 432 } 433 if (!vif) 434 return -EINVAL; 435 mac_bcn = ieee80211_beacon_get_tim(adapter->hw, 436 vif, 437 &tim_offset, NULL); 438 if (!mac_bcn) { 439 rsi_dbg(ERR_ZONE, "Failed to get beacon from mac80211\n"); 440 return -EINVAL; 441 } 442 443 common->beacon_cnt++; 444 bcn_frm = (struct rsi_data_desc *)skb->data; 445 rsi_set_len_qno(&bcn_frm->len_qno, mac_bcn->len, RSI_WIFI_DATA_Q); 446 bcn_frm->header_len = MIN_802_11_HDR_LEN; 447 bcn_frm->frame_info = cpu_to_le16(RSI_DATA_DESC_MAC_BBP_INFO | 448 RSI_DATA_DESC_NO_ACK_IND | 449 RSI_DATA_DESC_BEACON_FRAME | 450 RSI_DATA_DESC_INSERT_TSF | 451 RSI_DATA_DESC_INSERT_SEQ_NO | 452 RATE_INFO_ENABLE); 453 bcn_frm->rate_info = cpu_to_le16(vap_id << 14); 454 bcn_frm->qid_tid = BEACON_HW_Q; 455 456 if (conf_is_ht40_plus(conf)) { 457 bcn_frm->bbp_info = cpu_to_le16(LOWER_20_ENABLE); 458 bcn_frm->bbp_info |= cpu_to_le16(LOWER_20_ENABLE >> 12); 459 } else if (conf_is_ht40_minus(conf)) { 460 bcn_frm->bbp_info = cpu_to_le16(UPPER_20_ENABLE); 461 bcn_frm->bbp_info |= cpu_to_le16(UPPER_20_ENABLE >> 12); 462 } 463 464 if (common->band == NL80211_BAND_2GHZ) 465 bcn_frm->bbp_info |= cpu_to_le16(RSI_RATE_1); 466 else 467 bcn_frm->bbp_info |= cpu_to_le16(RSI_RATE_6); 468 469 if (mac_bcn->data[tim_offset + 2] == 0) 470 bcn_frm->frame_info |= cpu_to_le16(RSI_DATA_DESC_DTIM_BEACON); 471 472 memcpy(&skb->data[FRAME_DESC_SZ], mac_bcn->data, mac_bcn->len); 473 skb_put(skb, mac_bcn->len + FRAME_DESC_SZ); 474 475 dev_kfree_skb(mac_bcn); 476 477 return 0; 478 } 479 480 static void bl_cmd_timeout(struct timer_list *t) 481 { 482 struct rsi_hw *adapter = from_timer(adapter, t, bl_cmd_timer); 483 484 adapter->blcmd_timer_expired = true; 485 del_timer(&adapter->bl_cmd_timer); 486 } 487 488 static int bl_start_cmd_timer(struct rsi_hw *adapter, u32 timeout) 489 { 490 timer_setup(&adapter->bl_cmd_timer, bl_cmd_timeout, 0); 491 adapter->bl_cmd_timer.expires = (msecs_to_jiffies(timeout) + jiffies); 492 493 adapter->blcmd_timer_expired = false; 494 add_timer(&adapter->bl_cmd_timer); 495 496 return 0; 497 } 498 499 static int bl_stop_cmd_timer(struct rsi_hw *adapter) 500 { 501 adapter->blcmd_timer_expired = false; 502 if (timer_pending(&adapter->bl_cmd_timer)) 503 del_timer(&adapter->bl_cmd_timer); 504 505 return 0; 506 } 507 508 static int bl_write_cmd(struct rsi_hw *adapter, u8 cmd, u8 exp_resp, 509 u16 *cmd_resp) 510 { 511 struct rsi_host_intf_ops *hif_ops = adapter->host_intf_ops; 512 u32 regin_val = 0, regout_val = 0; 513 u32 regin_input = 0; 514 u8 output = 0; 515 int status; 516 517 regin_input = (REGIN_INPUT | adapter->priv->coex_mode); 518 519 while (!adapter->blcmd_timer_expired) { 520 regin_val = 0; 521 status = hif_ops->master_reg_read(adapter, SWBL_REGIN, 522 ®in_val, 2); 523 if (status < 0) { 524 rsi_dbg(ERR_ZONE, 525 "%s: Command %0x REGIN reading failed..\n", 526 __func__, cmd); 527 return status; 528 } 529 mdelay(1); 530 if ((regin_val >> 12) != REGIN_VALID) 531 break; 532 } 533 if (adapter->blcmd_timer_expired) { 534 rsi_dbg(ERR_ZONE, 535 "%s: Command %0x REGIN reading timed out..\n", 536 __func__, cmd); 537 return -ETIMEDOUT; 538 } 539 540 rsi_dbg(INFO_ZONE, 541 "Issuing write to Regin val:%0x sending cmd:%0x\n", 542 regin_val, (cmd | regin_input << 8)); 543 status = hif_ops->master_reg_write(adapter, SWBL_REGIN, 544 (cmd | regin_input << 8), 2); 545 if (status < 0) 546 return status; 547 mdelay(1); 548 549 if (cmd == LOAD_HOSTED_FW || cmd == JUMP_TO_ZERO_PC) { 550 /* JUMP_TO_ZERO_PC doesn't expect 551 * any response. So return from here 552 */ 553 return 0; 554 } 555 556 while (!adapter->blcmd_timer_expired) { 557 regout_val = 0; 558 status = hif_ops->master_reg_read(adapter, SWBL_REGOUT, 559 ®out_val, 2); 560 if (status < 0) { 561 rsi_dbg(ERR_ZONE, 562 "%s: Command %0x REGOUT reading failed..\n", 563 __func__, cmd); 564 return status; 565 } 566 mdelay(1); 567 if ((regout_val >> 8) == REGOUT_VALID) 568 break; 569 } 570 if (adapter->blcmd_timer_expired) { 571 rsi_dbg(ERR_ZONE, 572 "%s: Command %0x REGOUT reading timed out..\n", 573 __func__, cmd); 574 return status; 575 } 576 577 *cmd_resp = ((u16 *)®out_val)[0] & 0xffff; 578 579 output = ((u8 *)®out_val)[0] & 0xff; 580 581 status = hif_ops->master_reg_write(adapter, SWBL_REGOUT, 582 (cmd | REGOUT_INVALID << 8), 2); 583 if (status < 0) { 584 rsi_dbg(ERR_ZONE, 585 "%s: Command %0x REGOUT writing failed..\n", 586 __func__, cmd); 587 return status; 588 } 589 mdelay(1); 590 591 if (output != exp_resp) { 592 rsi_dbg(ERR_ZONE, 593 "%s: Recvd resp %x for cmd %0x\n", 594 __func__, output, cmd); 595 return -EINVAL; 596 } 597 rsi_dbg(INFO_ZONE, 598 "%s: Recvd Expected resp %x for cmd %0x\n", 599 __func__, output, cmd); 600 601 return 0; 602 } 603 604 static int bl_cmd(struct rsi_hw *adapter, u8 cmd, u8 exp_resp, char *str) 605 { 606 u16 regout_val = 0; 607 u32 timeout; 608 int status; 609 610 if ((cmd == EOF_REACHED) || (cmd == PING_VALID) || (cmd == PONG_VALID)) 611 timeout = BL_BURN_TIMEOUT; 612 else 613 timeout = BL_CMD_TIMEOUT; 614 615 bl_start_cmd_timer(adapter, timeout); 616 status = bl_write_cmd(adapter, cmd, exp_resp, ®out_val); 617 if (status < 0) { 618 rsi_dbg(ERR_ZONE, 619 "%s: Command %s (%0x) writing failed..\n", 620 __func__, str, cmd); 621 return status; 622 } 623 bl_stop_cmd_timer(adapter); 624 return 0; 625 } 626 627 #define CHECK_SUM_OFFSET 20 628 #define LEN_OFFSET 8 629 #define ADDR_OFFSET 16 630 static int bl_write_header(struct rsi_hw *adapter, u8 *flash_content, 631 u32 content_size) 632 { 633 struct rsi_host_intf_ops *hif_ops = adapter->host_intf_ops; 634 struct bl_header *bl_hdr; 635 u32 write_addr, write_len; 636 int status; 637 638 bl_hdr = kzalloc(sizeof(*bl_hdr), GFP_KERNEL); 639 if (!bl_hdr) 640 return -ENOMEM; 641 642 bl_hdr->flags = 0; 643 bl_hdr->image_no = cpu_to_le32(adapter->priv->coex_mode); 644 bl_hdr->check_sum = 645 cpu_to_le32(*(u32 *)&flash_content[CHECK_SUM_OFFSET]); 646 bl_hdr->flash_start_address = 647 cpu_to_le32(*(u32 *)&flash_content[ADDR_OFFSET]); 648 bl_hdr->flash_len = cpu_to_le32(*(u32 *)&flash_content[LEN_OFFSET]); 649 write_len = sizeof(struct bl_header); 650 651 if (adapter->rsi_host_intf == RSI_HOST_INTF_USB) { 652 write_addr = PING_BUFFER_ADDRESS; 653 status = hif_ops->write_reg_multiple(adapter, write_addr, 654 (u8 *)bl_hdr, write_len); 655 if (status < 0) { 656 rsi_dbg(ERR_ZONE, 657 "%s: Failed to load Version/CRC structure\n", 658 __func__); 659 goto fail; 660 } 661 } else { 662 write_addr = PING_BUFFER_ADDRESS >> 16; 663 status = hif_ops->master_access_msword(adapter, write_addr); 664 if (status < 0) { 665 rsi_dbg(ERR_ZONE, 666 "%s: Unable to set ms word to common reg\n", 667 __func__); 668 goto fail; 669 } 670 write_addr = RSI_SD_REQUEST_MASTER | 671 (PING_BUFFER_ADDRESS & 0xFFFF); 672 status = hif_ops->write_reg_multiple(adapter, write_addr, 673 (u8 *)bl_hdr, write_len); 674 if (status < 0) { 675 rsi_dbg(ERR_ZONE, 676 "%s: Failed to load Version/CRC structure\n", 677 __func__); 678 goto fail; 679 } 680 } 681 status = 0; 682 fail: 683 kfree(bl_hdr); 684 return status; 685 } 686 687 static u32 read_flash_capacity(struct rsi_hw *adapter) 688 { 689 u32 flash_sz = 0; 690 691 if ((adapter->host_intf_ops->master_reg_read(adapter, FLASH_SIZE_ADDR, 692 &flash_sz, 2)) < 0) { 693 rsi_dbg(ERR_ZONE, 694 "%s: Flash size reading failed..\n", 695 __func__); 696 return 0; 697 } 698 rsi_dbg(INIT_ZONE, "Flash capacity: %d KiloBytes\n", flash_sz); 699 700 return (flash_sz * 1024); /* Return size in kbytes */ 701 } 702 703 static int ping_pong_write(struct rsi_hw *adapter, u8 cmd, u8 *addr, u32 size) 704 { 705 struct rsi_host_intf_ops *hif_ops = adapter->host_intf_ops; 706 u32 block_size = adapter->block_size; 707 u32 cmd_addr; 708 u16 cmd_resp, cmd_req; 709 u8 *str; 710 int status; 711 712 if (cmd == PING_WRITE) { 713 cmd_addr = PING_BUFFER_ADDRESS; 714 cmd_resp = PONG_AVAIL; 715 cmd_req = PING_VALID; 716 str = "PING_VALID"; 717 } else { 718 cmd_addr = PONG_BUFFER_ADDRESS; 719 cmd_resp = PING_AVAIL; 720 cmd_req = PONG_VALID; 721 str = "PONG_VALID"; 722 } 723 724 status = hif_ops->load_data_master_write(adapter, cmd_addr, size, 725 block_size, addr); 726 if (status) { 727 rsi_dbg(ERR_ZONE, "%s: Unable to write blk at addr %0x\n", 728 __func__, *addr); 729 return status; 730 } 731 732 status = bl_cmd(adapter, cmd_req, cmd_resp, str); 733 if (status) { 734 bl_stop_cmd_timer(adapter); 735 return status; 736 } 737 return 0; 738 } 739 740 static int auto_fw_upgrade(struct rsi_hw *adapter, u8 *flash_content, 741 u32 content_size) 742 { 743 u8 cmd; 744 u32 temp_content_size, num_flash, index; 745 u32 flash_start_address; 746 int status; 747 748 if (content_size > MAX_FLASH_FILE_SIZE) { 749 rsi_dbg(ERR_ZONE, 750 "%s: Flash Content size is more than 400K %u\n", 751 __func__, MAX_FLASH_FILE_SIZE); 752 return -EINVAL; 753 } 754 755 flash_start_address = *(u32 *)&flash_content[FLASH_START_ADDRESS]; 756 rsi_dbg(INFO_ZONE, "flash start address: %08x\n", flash_start_address); 757 758 if (flash_start_address < FW_IMAGE_MIN_ADDRESS) { 759 rsi_dbg(ERR_ZONE, 760 "%s: Fw image Flash Start Address is less than 64K\n", 761 __func__); 762 return -EINVAL; 763 } 764 765 if (flash_start_address % FLASH_SECTOR_SIZE) { 766 rsi_dbg(ERR_ZONE, 767 "%s: Flash Start Address is not multiple of 4K\n", 768 __func__); 769 return -EINVAL; 770 } 771 772 if ((flash_start_address + content_size) > adapter->flash_capacity) { 773 rsi_dbg(ERR_ZONE, 774 "%s: Flash Content will cross max flash size\n", 775 __func__); 776 return -EINVAL; 777 } 778 779 temp_content_size = content_size; 780 num_flash = content_size / FLASH_WRITE_CHUNK_SIZE; 781 782 rsi_dbg(INFO_ZONE, "content_size: %d, num_flash: %d\n", 783 content_size, num_flash); 784 785 for (index = 0; index <= num_flash; index++) { 786 rsi_dbg(INFO_ZONE, "flash index: %d\n", index); 787 if (index != num_flash) { 788 content_size = FLASH_WRITE_CHUNK_SIZE; 789 rsi_dbg(INFO_ZONE, "QSPI content_size:%d\n", 790 content_size); 791 } else { 792 content_size = 793 temp_content_size % FLASH_WRITE_CHUNK_SIZE; 794 rsi_dbg(INFO_ZONE, 795 "Writing last sector content_size:%d\n", 796 content_size); 797 if (!content_size) { 798 rsi_dbg(INFO_ZONE, "instruction size zero\n"); 799 break; 800 } 801 } 802 803 if (index % 2) 804 cmd = PING_WRITE; 805 else 806 cmd = PONG_WRITE; 807 808 status = ping_pong_write(adapter, cmd, flash_content, 809 content_size); 810 if (status) { 811 rsi_dbg(ERR_ZONE, "%s: Unable to load %d block\n", 812 __func__, index); 813 return status; 814 } 815 816 rsi_dbg(INFO_ZONE, 817 "%s: Successfully loaded %d instructions\n", 818 __func__, index); 819 flash_content += content_size; 820 } 821 822 status = bl_cmd(adapter, EOF_REACHED, FW_LOADING_SUCCESSFUL, 823 "EOF_REACHED"); 824 if (status) { 825 bl_stop_cmd_timer(adapter); 826 return status; 827 } 828 rsi_dbg(INFO_ZONE, "FW loading is done and FW is running..\n"); 829 return 0; 830 } 831 832 static int rsi_load_firmware(struct rsi_hw *adapter) 833 { 834 struct rsi_common *common = adapter->priv; 835 struct rsi_host_intf_ops *hif_ops = adapter->host_intf_ops; 836 const struct firmware *fw_entry = NULL; 837 u32 regout_val = 0, content_size; 838 u16 tmp_regout_val = 0; 839 struct ta_metadata *metadata_p; 840 int status; 841 842 bl_start_cmd_timer(adapter, BL_CMD_TIMEOUT); 843 844 while (!adapter->blcmd_timer_expired) { 845 status = hif_ops->master_reg_read(adapter, SWBL_REGOUT, 846 ®out_val, 2); 847 if (status < 0) { 848 rsi_dbg(ERR_ZONE, 849 "%s: REGOUT read failed\n", __func__); 850 return status; 851 } 852 mdelay(1); 853 if ((regout_val >> 8) == REGOUT_VALID) 854 break; 855 } 856 if (adapter->blcmd_timer_expired) { 857 rsi_dbg(ERR_ZONE, "%s: REGOUT read timedout\n", __func__); 858 rsi_dbg(ERR_ZONE, 859 "%s: Soft boot loader not present\n", __func__); 860 return -ETIMEDOUT; 861 } 862 bl_stop_cmd_timer(adapter); 863 864 rsi_dbg(INFO_ZONE, "Received Board Version Number: %x\n", 865 (regout_val & 0xff)); 866 867 status = hif_ops->master_reg_write(adapter, SWBL_REGOUT, 868 (REGOUT_INVALID | REGOUT_INVALID << 8), 869 2); 870 if (status < 0) { 871 rsi_dbg(ERR_ZONE, "%s: REGOUT writing failed..\n", __func__); 872 return status; 873 } 874 mdelay(1); 875 876 status = bl_cmd(adapter, CONFIG_AUTO_READ_MODE, CMD_PASS, 877 "AUTO_READ_CMD"); 878 if (status < 0) 879 return status; 880 881 adapter->flash_capacity = read_flash_capacity(adapter); 882 if (adapter->flash_capacity <= 0) { 883 rsi_dbg(ERR_ZONE, 884 "%s: Unable to read flash size from EEPROM\n", 885 __func__); 886 return -EINVAL; 887 } 888 889 metadata_p = &metadata_flash_content[adapter->priv->coex_mode]; 890 891 rsi_dbg(INIT_ZONE, "%s: Loading file %s\n", __func__, metadata_p->name); 892 adapter->fw_file_name = metadata_p->name; 893 894 status = request_firmware(&fw_entry, metadata_p->name, adapter->device); 895 if (status < 0) { 896 rsi_dbg(ERR_ZONE, "%s: Failed to open file %s\n", 897 __func__, metadata_p->name); 898 return status; 899 } 900 content_size = fw_entry->size; 901 rsi_dbg(INFO_ZONE, "FW Length = %d bytes\n", content_size); 902 903 /* Get the firmware version */ 904 common->lmac_ver.ver.info.fw_ver[0] = 905 fw_entry->data[LMAC_VER_OFFSET] & 0xFF; 906 common->lmac_ver.ver.info.fw_ver[1] = 907 fw_entry->data[LMAC_VER_OFFSET + 1] & 0xFF; 908 common->lmac_ver.major = fw_entry->data[LMAC_VER_OFFSET + 2] & 0xFF; 909 common->lmac_ver.release_num = 910 fw_entry->data[LMAC_VER_OFFSET + 3] & 0xFF; 911 common->lmac_ver.minor = fw_entry->data[LMAC_VER_OFFSET + 4] & 0xFF; 912 common->lmac_ver.patch_num = 0; 913 rsi_print_version(common); 914 915 status = bl_write_header(adapter, (u8 *)fw_entry->data, content_size); 916 if (status) { 917 rsi_dbg(ERR_ZONE, 918 "%s: RPS Image header loading failed\n", 919 __func__); 920 goto fail; 921 } 922 923 bl_start_cmd_timer(adapter, BL_CMD_TIMEOUT); 924 status = bl_write_cmd(adapter, CHECK_CRC, CMD_PASS, &tmp_regout_val); 925 if (status) { 926 bl_stop_cmd_timer(adapter); 927 rsi_dbg(ERR_ZONE, 928 "%s: CHECK_CRC Command writing failed..\n", 929 __func__); 930 if ((tmp_regout_val & 0xff) == CMD_FAIL) { 931 rsi_dbg(ERR_ZONE, 932 "CRC Fail.. Proceeding to Upgrade mode\n"); 933 goto fw_upgrade; 934 } 935 } 936 bl_stop_cmd_timer(adapter); 937 938 status = bl_cmd(adapter, POLLING_MODE, CMD_PASS, "POLLING_MODE"); 939 if (status) 940 goto fail; 941 942 load_image_cmd: 943 status = bl_cmd(adapter, LOAD_HOSTED_FW, LOADING_INITIATED, 944 "LOAD_HOSTED_FW"); 945 if (status) 946 goto fail; 947 rsi_dbg(INFO_ZONE, "Load Image command passed..\n"); 948 goto success; 949 950 fw_upgrade: 951 status = bl_cmd(adapter, BURN_HOSTED_FW, SEND_RPS_FILE, "FW_UPGRADE"); 952 if (status) 953 goto fail; 954 955 rsi_dbg(INFO_ZONE, "Burn Command Pass.. Upgrading the firmware\n"); 956 957 status = auto_fw_upgrade(adapter, (u8 *)fw_entry->data, content_size); 958 if (status == 0) { 959 rsi_dbg(ERR_ZONE, "Firmware upgradation Done\n"); 960 goto load_image_cmd; 961 } 962 rsi_dbg(ERR_ZONE, "Firmware upgrade failed\n"); 963 964 status = bl_cmd(adapter, CONFIG_AUTO_READ_MODE, CMD_PASS, 965 "AUTO_READ_MODE"); 966 if (status) 967 goto fail; 968 969 success: 970 rsi_dbg(ERR_ZONE, "***** Firmware Loading successful *****\n"); 971 release_firmware(fw_entry); 972 return 0; 973 974 fail: 975 rsi_dbg(ERR_ZONE, "##### Firmware loading failed #####\n"); 976 release_firmware(fw_entry); 977 return status; 978 } 979 980 int rsi_hal_device_init(struct rsi_hw *adapter) 981 { 982 struct rsi_common *common = adapter->priv; 983 984 switch (adapter->device_model) { 985 case RSI_DEV_9113: 986 if (rsi_load_firmware(adapter)) { 987 rsi_dbg(ERR_ZONE, 988 "%s: Failed to load TA instructions\n", 989 __func__); 990 return -EINVAL; 991 } 992 break; 993 default: 994 return -EINVAL; 995 } 996 common->fsm_state = FSM_CARD_NOT_READY; 997 998 return 0; 999 } 1000 EXPORT_SYMBOL_GPL(rsi_hal_device_init); 1001 1002