1 /** 2 * Copyright (c) 2014 Redpine Signals Inc. 3 * 4 * Permission to use, copy, modify, and/or distribute this software for any 5 * purpose with or without fee is hereby granted, provided that the above 6 * copyright notice and this permission notice appear in all copies. 7 * 8 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 9 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 10 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 11 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 12 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 13 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 14 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 15 */ 16 17 #include <linux/firmware.h> 18 #include "rsi_mgmt.h" 19 #include "rsi_hal.h" 20 #include "rsi_sdio.h" 21 #include "rsi_common.h" 22 23 /* FLASH Firmware */ 24 static struct ta_metadata metadata_flash_content[] = { 25 {"flash_content", 0x00010000}, 26 {"rsi/rs9113_wlan_qspi.rps", 0x00010000}, 27 }; 28 29 int rsi_send_pkt_to_bus(struct rsi_common *common, struct sk_buff *skb) 30 { 31 struct rsi_hw *adapter = common->priv; 32 int status; 33 34 status = adapter->host_intf_ops->write_pkt(common->priv, 35 skb->data, skb->len); 36 return status; 37 } 38 39 static int rsi_prepare_mgmt_desc(struct rsi_common *common, struct sk_buff *skb) 40 { 41 struct rsi_hw *adapter = common->priv; 42 struct ieee80211_hdr *wh = NULL; 43 struct ieee80211_tx_info *info; 44 struct ieee80211_conf *conf = &adapter->hw->conf; 45 struct ieee80211_vif *vif = adapter->vifs[0]; 46 struct rsi_mgmt_desc *mgmt_desc; 47 struct skb_info *tx_params; 48 struct ieee80211_bss_conf *bss = NULL; 49 struct xtended_desc *xtend_desc = NULL; 50 u8 header_size; 51 u32 dword_align_bytes = 0; 52 53 if (skb->len > MAX_MGMT_PKT_SIZE) { 54 rsi_dbg(INFO_ZONE, "%s: Dropping mgmt pkt > 512\n", __func__); 55 return -EINVAL; 56 } 57 58 info = IEEE80211_SKB_CB(skb); 59 tx_params = (struct skb_info *)info->driver_data; 60 61 /* Update header size */ 62 header_size = FRAME_DESC_SZ + sizeof(struct xtended_desc); 63 if (header_size > skb_headroom(skb)) { 64 rsi_dbg(ERR_ZONE, 65 "%s: Failed to add extended descriptor\n", 66 __func__); 67 return -ENOSPC; 68 } 69 skb_push(skb, header_size); 70 dword_align_bytes = ((unsigned long)skb->data & 0x3f); 71 if (dword_align_bytes > skb_headroom(skb)) { 72 rsi_dbg(ERR_ZONE, 73 "%s: Failed to add dword align\n", __func__); 74 return -ENOSPC; 75 } 76 skb_push(skb, dword_align_bytes); 77 header_size += dword_align_bytes; 78 79 tx_params->internal_hdr_size = header_size; 80 memset(&skb->data[0], 0, header_size); 81 bss = &info->control.vif->bss_conf; 82 wh = (struct ieee80211_hdr *)&skb->data[header_size]; 83 84 mgmt_desc = (struct rsi_mgmt_desc *)skb->data; 85 xtend_desc = (struct xtended_desc *)&skb->data[FRAME_DESC_SZ]; 86 87 rsi_set_len_qno(&mgmt_desc->len_qno, (skb->len - FRAME_DESC_SZ), 88 RSI_WIFI_MGMT_Q); 89 mgmt_desc->frame_type = TX_DOT11_MGMT; 90 mgmt_desc->header_len = MIN_802_11_HDR_LEN; 91 mgmt_desc->xtend_desc_size = header_size - FRAME_DESC_SZ; 92 mgmt_desc->frame_info |= cpu_to_le16(RATE_INFO_ENABLE); 93 if (is_broadcast_ether_addr(wh->addr1)) 94 mgmt_desc->frame_info |= cpu_to_le16(RSI_BROADCAST_PKT); 95 96 mgmt_desc->seq_ctrl = 97 cpu_to_le16(IEEE80211_SEQ_TO_SN(le16_to_cpu(wh->seq_ctrl))); 98 if (common->band == NL80211_BAND_2GHZ) 99 mgmt_desc->rate_info = RSI_RATE_1; 100 else 101 mgmt_desc->rate_info = RSI_RATE_6; 102 103 if (conf_is_ht40(conf)) 104 mgmt_desc->bbp_info = cpu_to_le16(FULL40M_ENABLE); 105 106 if (ieee80211_is_probe_req(wh->frame_control)) { 107 if (!bss->assoc) { 108 rsi_dbg(INFO_ZONE, 109 "%s: blocking mgmt queue\n", __func__); 110 mgmt_desc->misc_flags = RSI_DESC_REQUIRE_CFM_TO_HOST; 111 xtend_desc->confirm_frame_type = PROBEREQ_CONFIRM; 112 common->mgmt_q_block = true; 113 rsi_dbg(INFO_ZONE, "Mgmt queue blocked\n"); 114 } 115 } 116 117 if (ieee80211_is_probe_resp(wh->frame_control)) { 118 mgmt_desc->misc_flags |= (RSI_ADD_DELTA_TSF_VAP_ID | 119 RSI_FETCH_RETRY_CNT_FRM_HST); 120 #define PROBE_RESP_RETRY_CNT 3 121 xtend_desc->retry_cnt = PROBE_RESP_RETRY_CNT; 122 } 123 124 if ((vif->type == NL80211_IFTYPE_AP) && 125 (ieee80211_is_action(wh->frame_control))) { 126 struct rsi_sta *rsta = rsi_find_sta(common, wh->addr1); 127 128 if (rsta) 129 mgmt_desc->sta_id = tx_params->sta_id; 130 else 131 return -EINVAL; 132 } 133 return 0; 134 } 135 136 /* This function prepares descriptor for given data packet */ 137 static int rsi_prepare_data_desc(struct rsi_common *common, struct sk_buff *skb) 138 { 139 struct rsi_hw *adapter = common->priv; 140 struct ieee80211_vif *vif; 141 struct ieee80211_hdr *wh = NULL; 142 struct ieee80211_tx_info *info; 143 struct skb_info *tx_params; 144 struct ieee80211_bss_conf *bss; 145 struct rsi_data_desc *data_desc; 146 struct xtended_desc *xtend_desc; 147 u8 ieee80211_size = MIN_802_11_HDR_LEN; 148 u8 header_size; 149 u8 vap_id = 0; 150 u8 dword_align_bytes; 151 u16 seq_num; 152 153 info = IEEE80211_SKB_CB(skb); 154 bss = &info->control.vif->bss_conf; 155 tx_params = (struct skb_info *)info->driver_data; 156 157 header_size = FRAME_DESC_SZ + sizeof(struct xtended_desc); 158 if (header_size > skb_headroom(skb)) { 159 rsi_dbg(ERR_ZONE, "%s: Unable to send pkt\n", __func__); 160 return -ENOSPC; 161 } 162 skb_push(skb, header_size); 163 dword_align_bytes = ((unsigned long)skb->data & 0x3f); 164 if (header_size > skb_headroom(skb)) { 165 rsi_dbg(ERR_ZONE, "%s: Not enough headroom\n", __func__); 166 return -ENOSPC; 167 } 168 skb_push(skb, dword_align_bytes); 169 header_size += dword_align_bytes; 170 171 tx_params->internal_hdr_size = header_size; 172 data_desc = (struct rsi_data_desc *)skb->data; 173 memset(data_desc, 0, header_size); 174 175 xtend_desc = (struct xtended_desc *)&skb->data[FRAME_DESC_SZ]; 176 wh = (struct ieee80211_hdr *)&skb->data[header_size]; 177 seq_num = IEEE80211_SEQ_TO_SN(le16_to_cpu(wh->seq_ctrl)); 178 vif = adapter->vifs[0]; 179 180 data_desc->xtend_desc_size = header_size - FRAME_DESC_SZ; 181 182 if (ieee80211_is_data_qos(wh->frame_control)) { 183 ieee80211_size += 2; 184 data_desc->mac_flags |= cpu_to_le16(RSI_QOS_ENABLE); 185 } 186 187 if ((vif->type == NL80211_IFTYPE_STATION) && 188 (adapter->ps_state == PS_ENABLED)) 189 wh->frame_control |= cpu_to_le16(RSI_SET_PS_ENABLE); 190 191 if ((!(info->flags & IEEE80211_TX_INTFL_DONT_ENCRYPT)) && 192 (common->secinfo.security_enable)) { 193 if (rsi_is_cipher_wep(common)) 194 ieee80211_size += 4; 195 else 196 ieee80211_size += 8; 197 data_desc->mac_flags |= cpu_to_le16(RSI_ENCRYPT_PKT); 198 } 199 rsi_set_len_qno(&data_desc->len_qno, (skb->len - FRAME_DESC_SZ), 200 RSI_WIFI_DATA_Q); 201 data_desc->header_len = ieee80211_size; 202 203 if (common->min_rate != RSI_RATE_AUTO) { 204 /* Send fixed rate */ 205 data_desc->frame_info = cpu_to_le16(RATE_INFO_ENABLE); 206 data_desc->rate_info = cpu_to_le16(common->min_rate); 207 208 if (conf_is_ht40(&common->priv->hw->conf)) 209 data_desc->bbp_info = cpu_to_le16(FULL40M_ENABLE); 210 211 if ((common->vif_info[0].sgi) && (common->min_rate & 0x100)) { 212 /* Only MCS rates */ 213 data_desc->rate_info |= 214 cpu_to_le16(ENABLE_SHORTGI_RATE); 215 } 216 } 217 218 if (skb->protocol == cpu_to_be16(ETH_P_PAE)) { 219 rsi_dbg(INFO_ZONE, "*** Tx EAPOL ***\n"); 220 221 data_desc->frame_info = cpu_to_le16(RATE_INFO_ENABLE); 222 if (common->band == NL80211_BAND_5GHZ) 223 data_desc->rate_info = cpu_to_le16(RSI_RATE_6); 224 else 225 data_desc->rate_info = cpu_to_le16(RSI_RATE_1); 226 data_desc->mac_flags |= cpu_to_le16(RSI_REKEY_PURPOSE); 227 data_desc->misc_flags |= RSI_FETCH_RETRY_CNT_FRM_HST; 228 #define EAPOL_RETRY_CNT 15 229 xtend_desc->retry_cnt = EAPOL_RETRY_CNT; 230 } 231 232 data_desc->mac_flags = cpu_to_le16(seq_num & 0xfff); 233 data_desc->qid_tid = ((skb->priority & 0xf) | 234 ((tx_params->tid & 0xf) << 4)); 235 data_desc->sta_id = tx_params->sta_id; 236 237 if ((is_broadcast_ether_addr(wh->addr1)) || 238 (is_multicast_ether_addr(wh->addr1))) { 239 data_desc->frame_info = cpu_to_le16(RATE_INFO_ENABLE); 240 data_desc->frame_info |= cpu_to_le16(RSI_BROADCAST_PKT); 241 data_desc->sta_id = vap_id; 242 243 if (vif->type == NL80211_IFTYPE_AP) { 244 if (common->band == NL80211_BAND_5GHZ) 245 data_desc->rate_info = cpu_to_le16(RSI_RATE_6); 246 else 247 data_desc->rate_info = cpu_to_le16(RSI_RATE_1); 248 } 249 } 250 if ((vif->type == NL80211_IFTYPE_AP) && 251 (ieee80211_has_moredata(wh->frame_control))) 252 data_desc->frame_info |= cpu_to_le16(MORE_DATA_PRESENT); 253 254 return 0; 255 } 256 257 /* This function sends received data packet from driver to device */ 258 int rsi_send_data_pkt(struct rsi_common *common, struct sk_buff *skb) 259 { 260 struct rsi_hw *adapter = common->priv; 261 struct ieee80211_vif *vif = adapter->vifs[0]; 262 struct ieee80211_tx_info *info; 263 struct ieee80211_bss_conf *bss; 264 int status = -EINVAL; 265 266 if (!skb) 267 return 0; 268 if (common->iface_down) 269 goto err; 270 271 info = IEEE80211_SKB_CB(skb); 272 if (!info->control.vif) 273 goto err; 274 bss = &info->control.vif->bss_conf; 275 276 if ((vif->type == NL80211_IFTYPE_STATION) && (!bss->assoc)) 277 goto err; 278 279 status = rsi_prepare_data_desc(common, skb); 280 if (status) 281 goto err; 282 283 status = adapter->host_intf_ops->write_pkt(common->priv, skb->data, 284 skb->len); 285 if (status) 286 rsi_dbg(ERR_ZONE, "%s: Failed to write pkt\n", __func__); 287 288 err: 289 ++common->tx_stats.total_tx_pkt_freed[skb->priority]; 290 rsi_indicate_tx_status(adapter, skb, status); 291 return status; 292 } 293 294 /** 295 * rsi_send_mgmt_pkt() - This functions sends the received management packet 296 * from driver to device. 297 * @common: Pointer to the driver private structure. 298 * @skb: Pointer to the socket buffer structure. 299 * 300 * Return: status: 0 on success, -1 on failure. 301 */ 302 int rsi_send_mgmt_pkt(struct rsi_common *common, 303 struct sk_buff *skb) 304 { 305 struct rsi_hw *adapter = common->priv; 306 struct ieee80211_tx_info *info; 307 struct skb_info *tx_params; 308 int status = -E2BIG; 309 u8 extnd_size; 310 311 info = IEEE80211_SKB_CB(skb); 312 tx_params = (struct skb_info *)info->driver_data; 313 extnd_size = ((uintptr_t)skb->data & 0x3); 314 315 if (tx_params->flags & INTERNAL_MGMT_PKT) { 316 skb->data[1] |= BIT(7); /* Immediate Wakeup bit*/ 317 if ((extnd_size) > skb_headroom(skb)) { 318 rsi_dbg(ERR_ZONE, "%s: Unable to send pkt\n", __func__); 319 dev_kfree_skb(skb); 320 return -ENOSPC; 321 } 322 skb_push(skb, extnd_size); 323 skb->data[extnd_size + 4] = extnd_size; 324 status = adapter->host_intf_ops->write_pkt(common->priv, 325 (u8 *)skb->data, 326 skb->len); 327 if (status) { 328 rsi_dbg(ERR_ZONE, 329 "%s: Failed to write the packet\n", __func__); 330 } 331 dev_kfree_skb(skb); 332 return status; 333 } 334 335 if (FRAME_DESC_SZ > skb_headroom(skb)) 336 goto err; 337 338 rsi_prepare_mgmt_desc(common, skb); 339 status = adapter->host_intf_ops->write_pkt(common->priv, 340 (u8 *)skb->data, skb->len); 341 if (status) 342 rsi_dbg(ERR_ZONE, "%s: Failed to write the packet\n", __func__); 343 344 err: 345 rsi_indicate_tx_status(common->priv, skb, status); 346 return status; 347 } 348 349 int rsi_prepare_beacon(struct rsi_common *common, struct sk_buff *skb) 350 { 351 struct rsi_hw *adapter = (struct rsi_hw *)common->priv; 352 struct rsi_data_desc *bcn_frm; 353 struct ieee80211_hw *hw = common->priv->hw; 354 struct ieee80211_conf *conf = &hw->conf; 355 struct sk_buff *mac_bcn; 356 u8 vap_id = 0; 357 u16 tim_offset; 358 359 mac_bcn = ieee80211_beacon_get_tim(adapter->hw, 360 adapter->vifs[adapter->sc_nvifs - 1], 361 &tim_offset, NULL); 362 if (!mac_bcn) { 363 rsi_dbg(ERR_ZONE, "Failed to get beacon from mac80211\n"); 364 return -EINVAL; 365 } 366 367 common->beacon_cnt++; 368 bcn_frm = (struct rsi_data_desc *)skb->data; 369 rsi_set_len_qno(&bcn_frm->len_qno, mac_bcn->len, RSI_WIFI_DATA_Q); 370 bcn_frm->header_len = MIN_802_11_HDR_LEN; 371 bcn_frm->frame_info = cpu_to_le16(RSI_DATA_DESC_MAC_BBP_INFO | 372 RSI_DATA_DESC_NO_ACK_IND | 373 RSI_DATA_DESC_BEACON_FRAME | 374 RSI_DATA_DESC_INSERT_TSF | 375 RSI_DATA_DESC_INSERT_SEQ_NO | 376 RATE_INFO_ENABLE); 377 bcn_frm->rate_info = cpu_to_le16(vap_id << 14); 378 bcn_frm->qid_tid = BEACON_HW_Q; 379 380 if (conf_is_ht40_plus(conf)) { 381 bcn_frm->bbp_info = cpu_to_le16(LOWER_20_ENABLE); 382 bcn_frm->bbp_info |= cpu_to_le16(LOWER_20_ENABLE >> 12); 383 } else if (conf_is_ht40_minus(conf)) { 384 bcn_frm->bbp_info = cpu_to_le16(UPPER_20_ENABLE); 385 bcn_frm->bbp_info |= cpu_to_le16(UPPER_20_ENABLE >> 12); 386 } 387 388 if (common->band == NL80211_BAND_2GHZ) 389 bcn_frm->bbp_info |= cpu_to_le16(RSI_RATE_1); 390 else 391 bcn_frm->bbp_info |= cpu_to_le16(RSI_RATE_6); 392 393 if (mac_bcn->data[tim_offset + 2] == 0) 394 bcn_frm->frame_info |= cpu_to_le16(RSI_DATA_DESC_DTIM_BEACON); 395 396 memcpy(&skb->data[FRAME_DESC_SZ], mac_bcn->data, mac_bcn->len); 397 skb_put(skb, mac_bcn->len + FRAME_DESC_SZ); 398 399 dev_kfree_skb(mac_bcn); 400 401 return 0; 402 } 403 404 static void bl_cmd_timeout(unsigned long priv) 405 { 406 struct rsi_hw *adapter = (struct rsi_hw *)priv; 407 408 adapter->blcmd_timer_expired = true; 409 del_timer(&adapter->bl_cmd_timer); 410 } 411 412 static int bl_start_cmd_timer(struct rsi_hw *adapter, u32 timeout) 413 { 414 setup_timer(&adapter->bl_cmd_timer, (void *)&bl_cmd_timeout, 415 (unsigned long)adapter); 416 adapter->bl_cmd_timer.expires = (msecs_to_jiffies(timeout) + jiffies); 417 418 adapter->blcmd_timer_expired = false; 419 add_timer(&adapter->bl_cmd_timer); 420 421 return 0; 422 } 423 424 static int bl_stop_cmd_timer(struct rsi_hw *adapter) 425 { 426 adapter->blcmd_timer_expired = false; 427 if (timer_pending(&adapter->bl_cmd_timer)) 428 del_timer(&adapter->bl_cmd_timer); 429 430 return 0; 431 } 432 433 static int bl_write_cmd(struct rsi_hw *adapter, u8 cmd, u8 exp_resp, 434 u16 *cmd_resp) 435 { 436 struct rsi_host_intf_ops *hif_ops = adapter->host_intf_ops; 437 u32 regin_val = 0, regout_val = 0; 438 u32 regin_input = 0; 439 u8 output = 0; 440 int status; 441 442 regin_input = (REGIN_INPUT | adapter->priv->coex_mode); 443 444 while (!adapter->blcmd_timer_expired) { 445 regin_val = 0; 446 status = hif_ops->master_reg_read(adapter, SWBL_REGIN, 447 ®in_val, 2); 448 if (status < 0) { 449 rsi_dbg(ERR_ZONE, 450 "%s: Command %0x REGIN reading failed..\n", 451 __func__, cmd); 452 return status; 453 } 454 mdelay(1); 455 if ((regin_val >> 12) != REGIN_VALID) 456 break; 457 } 458 if (adapter->blcmd_timer_expired) { 459 rsi_dbg(ERR_ZONE, 460 "%s: Command %0x REGIN reading timed out..\n", 461 __func__, cmd); 462 return -ETIMEDOUT; 463 } 464 465 rsi_dbg(INFO_ZONE, 466 "Issuing write to Regin val:%0x sending cmd:%0x\n", 467 regin_val, (cmd | regin_input << 8)); 468 status = hif_ops->master_reg_write(adapter, SWBL_REGIN, 469 (cmd | regin_input << 8), 2); 470 if (status < 0) 471 return status; 472 mdelay(1); 473 474 if (cmd == LOAD_HOSTED_FW || cmd == JUMP_TO_ZERO_PC) { 475 /* JUMP_TO_ZERO_PC doesn't expect 476 * any response. So return from here 477 */ 478 return 0; 479 } 480 481 while (!adapter->blcmd_timer_expired) { 482 regout_val = 0; 483 status = hif_ops->master_reg_read(adapter, SWBL_REGOUT, 484 ®out_val, 2); 485 if (status < 0) { 486 rsi_dbg(ERR_ZONE, 487 "%s: Command %0x REGOUT reading failed..\n", 488 __func__, cmd); 489 return status; 490 } 491 mdelay(1); 492 if ((regout_val >> 8) == REGOUT_VALID) 493 break; 494 } 495 if (adapter->blcmd_timer_expired) { 496 rsi_dbg(ERR_ZONE, 497 "%s: Command %0x REGOUT reading timed out..\n", 498 __func__, cmd); 499 return status; 500 } 501 502 *cmd_resp = ((u16 *)®out_val)[0] & 0xffff; 503 504 output = ((u8 *)®out_val)[0] & 0xff; 505 506 status = hif_ops->master_reg_write(adapter, SWBL_REGOUT, 507 (cmd | REGOUT_INVALID << 8), 2); 508 if (status < 0) { 509 rsi_dbg(ERR_ZONE, 510 "%s: Command %0x REGOUT writing failed..\n", 511 __func__, cmd); 512 return status; 513 } 514 mdelay(1); 515 516 if (output != exp_resp) { 517 rsi_dbg(ERR_ZONE, 518 "%s: Recvd resp %x for cmd %0x\n", 519 __func__, output, cmd); 520 return -EINVAL; 521 } 522 rsi_dbg(INFO_ZONE, 523 "%s: Recvd Expected resp %x for cmd %0x\n", 524 __func__, output, cmd); 525 526 return 0; 527 } 528 529 static int bl_cmd(struct rsi_hw *adapter, u8 cmd, u8 exp_resp, char *str) 530 { 531 u16 regout_val = 0; 532 u32 timeout; 533 int status; 534 535 if ((cmd == EOF_REACHED) || (cmd == PING_VALID) || (cmd == PONG_VALID)) 536 timeout = BL_BURN_TIMEOUT; 537 else 538 timeout = BL_CMD_TIMEOUT; 539 540 bl_start_cmd_timer(adapter, timeout); 541 status = bl_write_cmd(adapter, cmd, exp_resp, ®out_val); 542 if (status < 0) { 543 rsi_dbg(ERR_ZONE, 544 "%s: Command %s (%0x) writing failed..\n", 545 __func__, str, cmd); 546 return status; 547 } 548 bl_stop_cmd_timer(adapter); 549 return 0; 550 } 551 552 #define CHECK_SUM_OFFSET 20 553 #define LEN_OFFSET 8 554 #define ADDR_OFFSET 16 555 static int bl_write_header(struct rsi_hw *adapter, u8 *flash_content, 556 u32 content_size) 557 { 558 struct rsi_host_intf_ops *hif_ops = adapter->host_intf_ops; 559 struct bl_header bl_hdr; 560 u32 write_addr, write_len; 561 int status; 562 563 bl_hdr.flags = 0; 564 bl_hdr.image_no = cpu_to_le32(adapter->priv->coex_mode); 565 bl_hdr.check_sum = cpu_to_le32( 566 *(u32 *)&flash_content[CHECK_SUM_OFFSET]); 567 bl_hdr.flash_start_address = cpu_to_le32( 568 *(u32 *)&flash_content[ADDR_OFFSET]); 569 bl_hdr.flash_len = cpu_to_le32(*(u32 *)&flash_content[LEN_OFFSET]); 570 write_len = sizeof(struct bl_header); 571 572 if (adapter->rsi_host_intf == RSI_HOST_INTF_USB) { 573 write_addr = PING_BUFFER_ADDRESS; 574 status = hif_ops->write_reg_multiple(adapter, write_addr, 575 (u8 *)&bl_hdr, write_len); 576 if (status < 0) { 577 rsi_dbg(ERR_ZONE, 578 "%s: Failed to load Version/CRC structure\n", 579 __func__); 580 return status; 581 } 582 } else { 583 write_addr = PING_BUFFER_ADDRESS >> 16; 584 status = hif_ops->master_access_msword(adapter, write_addr); 585 if (status < 0) { 586 rsi_dbg(ERR_ZONE, 587 "%s: Unable to set ms word to common reg\n", 588 __func__); 589 return status; 590 } 591 write_addr = RSI_SD_REQUEST_MASTER | 592 (PING_BUFFER_ADDRESS & 0xFFFF); 593 status = hif_ops->write_reg_multiple(adapter, write_addr, 594 (u8 *)&bl_hdr, write_len); 595 if (status < 0) { 596 rsi_dbg(ERR_ZONE, 597 "%s: Failed to load Version/CRC structure\n", 598 __func__); 599 return status; 600 } 601 } 602 return 0; 603 } 604 605 static u32 read_flash_capacity(struct rsi_hw *adapter) 606 { 607 u32 flash_sz = 0; 608 609 if ((adapter->host_intf_ops->master_reg_read(adapter, FLASH_SIZE_ADDR, 610 &flash_sz, 2)) < 0) { 611 rsi_dbg(ERR_ZONE, 612 "%s: Flash size reading failed..\n", 613 __func__); 614 return 0; 615 } 616 rsi_dbg(INIT_ZONE, "Flash capacity: %d KiloBytes\n", flash_sz); 617 618 return (flash_sz * 1024); /* Return size in kbytes */ 619 } 620 621 static int ping_pong_write(struct rsi_hw *adapter, u8 cmd, u8 *addr, u32 size) 622 { 623 struct rsi_host_intf_ops *hif_ops = adapter->host_intf_ops; 624 u32 block_size = adapter->block_size; 625 u32 cmd_addr; 626 u16 cmd_resp, cmd_req; 627 u8 *str; 628 int status; 629 630 if (cmd == PING_WRITE) { 631 cmd_addr = PING_BUFFER_ADDRESS; 632 cmd_resp = PONG_AVAIL; 633 cmd_req = PING_VALID; 634 str = "PING_VALID"; 635 } else { 636 cmd_addr = PONG_BUFFER_ADDRESS; 637 cmd_resp = PING_AVAIL; 638 cmd_req = PONG_VALID; 639 str = "PONG_VALID"; 640 } 641 642 status = hif_ops->load_data_master_write(adapter, cmd_addr, size, 643 block_size, addr); 644 if (status) { 645 rsi_dbg(ERR_ZONE, "%s: Unable to write blk at addr %0x\n", 646 __func__, *addr); 647 return status; 648 } 649 650 status = bl_cmd(adapter, cmd_req, cmd_resp, str); 651 if (status) { 652 bl_stop_cmd_timer(adapter); 653 return status; 654 } 655 return 0; 656 } 657 658 static int auto_fw_upgrade(struct rsi_hw *adapter, u8 *flash_content, 659 u32 content_size) 660 { 661 u8 cmd, *temp_flash_content; 662 u32 temp_content_size, num_flash, index; 663 u32 flash_start_address; 664 int status; 665 666 temp_flash_content = flash_content; 667 668 if (content_size > MAX_FLASH_FILE_SIZE) { 669 rsi_dbg(ERR_ZONE, 670 "%s: Flash Content size is more than 400K %u\n", 671 __func__, MAX_FLASH_FILE_SIZE); 672 return -EINVAL; 673 } 674 675 flash_start_address = *(u32 *)&flash_content[FLASH_START_ADDRESS]; 676 rsi_dbg(INFO_ZONE, "flash start address: %08x\n", flash_start_address); 677 678 if (flash_start_address < FW_IMAGE_MIN_ADDRESS) { 679 rsi_dbg(ERR_ZONE, 680 "%s: Fw image Flash Start Address is less than 64K\n", 681 __func__); 682 return -EINVAL; 683 } 684 685 if (flash_start_address % FLASH_SECTOR_SIZE) { 686 rsi_dbg(ERR_ZONE, 687 "%s: Flash Start Address is not multiple of 4K\n", 688 __func__); 689 return -EINVAL; 690 } 691 692 if ((flash_start_address + content_size) > adapter->flash_capacity) { 693 rsi_dbg(ERR_ZONE, 694 "%s: Flash Content will cross max flash size\n", 695 __func__); 696 return -EINVAL; 697 } 698 699 temp_content_size = content_size; 700 num_flash = content_size / FLASH_WRITE_CHUNK_SIZE; 701 702 rsi_dbg(INFO_ZONE, "content_size: %d, num_flash: %d\n", 703 content_size, num_flash); 704 705 for (index = 0; index <= num_flash; index++) { 706 rsi_dbg(INFO_ZONE, "flash index: %d\n", index); 707 if (index != num_flash) { 708 content_size = FLASH_WRITE_CHUNK_SIZE; 709 rsi_dbg(INFO_ZONE, "QSPI content_size:%d\n", 710 content_size); 711 } else { 712 content_size = 713 temp_content_size % FLASH_WRITE_CHUNK_SIZE; 714 rsi_dbg(INFO_ZONE, 715 "Writing last sector content_size:%d\n", 716 content_size); 717 if (!content_size) { 718 rsi_dbg(INFO_ZONE, "instruction size zero\n"); 719 break; 720 } 721 } 722 723 if (index % 2) 724 cmd = PING_WRITE; 725 else 726 cmd = PONG_WRITE; 727 728 status = ping_pong_write(adapter, cmd, flash_content, 729 content_size); 730 if (status) { 731 rsi_dbg(ERR_ZONE, "%s: Unable to load %d block\n", 732 __func__, index); 733 return status; 734 } 735 736 rsi_dbg(INFO_ZONE, 737 "%s: Successfully loaded %d instructions\n", 738 __func__, index); 739 flash_content += content_size; 740 } 741 742 status = bl_cmd(adapter, EOF_REACHED, FW_LOADING_SUCCESSFUL, 743 "EOF_REACHED"); 744 if (status) { 745 bl_stop_cmd_timer(adapter); 746 return status; 747 } 748 rsi_dbg(INFO_ZONE, "FW loading is done and FW is running..\n"); 749 return 0; 750 } 751 752 static int rsi_load_firmware(struct rsi_hw *adapter) 753 { 754 struct rsi_host_intf_ops *hif_ops = adapter->host_intf_ops; 755 const struct firmware *fw_entry = NULL; 756 u32 regout_val = 0, content_size; 757 u16 tmp_regout_val = 0; 758 u8 *flash_content = NULL; 759 struct ta_metadata *metadata_p; 760 int status; 761 762 bl_start_cmd_timer(adapter, BL_CMD_TIMEOUT); 763 764 while (!adapter->blcmd_timer_expired) { 765 status = hif_ops->master_reg_read(adapter, SWBL_REGOUT, 766 ®out_val, 2); 767 if (status < 0) { 768 rsi_dbg(ERR_ZONE, 769 "%s: REGOUT read failed\n", __func__); 770 return status; 771 } 772 mdelay(1); 773 if ((regout_val >> 8) == REGOUT_VALID) 774 break; 775 } 776 if (adapter->blcmd_timer_expired) { 777 rsi_dbg(ERR_ZONE, "%s: REGOUT read timedout\n", __func__); 778 rsi_dbg(ERR_ZONE, 779 "%s: Soft boot loader not present\n", __func__); 780 return -ETIMEDOUT; 781 } 782 bl_stop_cmd_timer(adapter); 783 784 rsi_dbg(INFO_ZONE, "Received Board Version Number: %x\n", 785 (regout_val & 0xff)); 786 787 status = hif_ops->master_reg_write(adapter, SWBL_REGOUT, 788 (REGOUT_INVALID | REGOUT_INVALID << 8), 789 2); 790 if (status < 0) { 791 rsi_dbg(ERR_ZONE, "%s: REGOUT writing failed..\n", __func__); 792 return status; 793 } 794 mdelay(1); 795 796 status = bl_cmd(adapter, CONFIG_AUTO_READ_MODE, CMD_PASS, 797 "AUTO_READ_CMD"); 798 if (status < 0) 799 return status; 800 801 adapter->flash_capacity = read_flash_capacity(adapter); 802 if (adapter->flash_capacity <= 0) { 803 rsi_dbg(ERR_ZONE, 804 "%s: Unable to read flash size from EEPROM\n", 805 __func__); 806 return -EINVAL; 807 } 808 809 metadata_p = &metadata_flash_content[adapter->priv->coex_mode]; 810 811 rsi_dbg(INIT_ZONE, "%s: Loading file %s\n", __func__, metadata_p->name); 812 adapter->fw_file_name = metadata_p->name; 813 814 status = request_firmware(&fw_entry, metadata_p->name, adapter->device); 815 if (status < 0) { 816 rsi_dbg(ERR_ZONE, "%s: Failed to open file %s\n", 817 __func__, metadata_p->name); 818 return status; 819 } 820 flash_content = kmemdup(fw_entry->data, fw_entry->size, GFP_KERNEL); 821 if (!flash_content) { 822 rsi_dbg(ERR_ZONE, "%s: Failed to copy firmware\n", __func__); 823 status = -EIO; 824 goto fail; 825 } 826 content_size = fw_entry->size; 827 rsi_dbg(INFO_ZONE, "FW Length = %d bytes\n", content_size); 828 829 status = bl_write_header(adapter, flash_content, content_size); 830 if (status) { 831 rsi_dbg(ERR_ZONE, 832 "%s: RPS Image header loading failed\n", 833 __func__); 834 goto fail; 835 } 836 837 bl_start_cmd_timer(adapter, BL_CMD_TIMEOUT); 838 status = bl_write_cmd(adapter, CHECK_CRC, CMD_PASS, &tmp_regout_val); 839 if (status) { 840 bl_stop_cmd_timer(adapter); 841 rsi_dbg(ERR_ZONE, 842 "%s: CHECK_CRC Command writing failed..\n", 843 __func__); 844 if ((tmp_regout_val & 0xff) == CMD_FAIL) { 845 rsi_dbg(ERR_ZONE, 846 "CRC Fail.. Proceeding to Upgrade mode\n"); 847 goto fw_upgrade; 848 } 849 } 850 bl_stop_cmd_timer(adapter); 851 852 status = bl_cmd(adapter, POLLING_MODE, CMD_PASS, "POLLING_MODE"); 853 if (status) 854 goto fail; 855 856 load_image_cmd: 857 status = bl_cmd(adapter, LOAD_HOSTED_FW, LOADING_INITIATED, 858 "LOAD_HOSTED_FW"); 859 if (status) 860 goto fail; 861 rsi_dbg(INFO_ZONE, "Load Image command passed..\n"); 862 goto success; 863 864 fw_upgrade: 865 status = bl_cmd(adapter, BURN_HOSTED_FW, SEND_RPS_FILE, "FW_UPGRADE"); 866 if (status) 867 goto fail; 868 869 rsi_dbg(INFO_ZONE, "Burn Command Pass.. Upgrading the firmware\n"); 870 871 status = auto_fw_upgrade(adapter, flash_content, content_size); 872 if (status == 0) { 873 rsi_dbg(ERR_ZONE, "Firmware upgradation Done\n"); 874 goto load_image_cmd; 875 } 876 rsi_dbg(ERR_ZONE, "Firmware upgrade failed\n"); 877 878 status = bl_cmd(adapter, CONFIG_AUTO_READ_MODE, CMD_PASS, 879 "AUTO_READ_MODE"); 880 if (status) 881 goto fail; 882 883 success: 884 rsi_dbg(ERR_ZONE, "***** Firmware Loading successful *****\n"); 885 kfree(flash_content); 886 release_firmware(fw_entry); 887 return 0; 888 889 fail: 890 rsi_dbg(ERR_ZONE, "##### Firmware loading failed #####\n"); 891 kfree(flash_content); 892 release_firmware(fw_entry); 893 return status; 894 } 895 896 int rsi_hal_device_init(struct rsi_hw *adapter) 897 { 898 struct rsi_common *common = adapter->priv; 899 900 common->coex_mode = RSI_DEV_COEX_MODE_WIFI_ALONE; 901 common->oper_mode = RSI_DEV_OPMODE_WIFI_ALONE; 902 adapter->device_model = RSI_DEV_9113; 903 904 switch (adapter->device_model) { 905 case RSI_DEV_9113: 906 if (rsi_load_firmware(adapter)) { 907 rsi_dbg(ERR_ZONE, 908 "%s: Failed to load TA instructions\n", 909 __func__); 910 return -EINVAL; 911 } 912 break; 913 default: 914 return -EINVAL; 915 } 916 common->fsm_state = FSM_CARD_NOT_READY; 917 918 return 0; 919 } 920 EXPORT_SYMBOL_GPL(rsi_hal_device_init); 921 922