1 /* 2 * Copyright (c) 2014 Redpine Signals Inc. 3 * 4 * Permission to use, copy, modify, and/or distribute this software for any 5 * purpose with or without fee is hereby granted, provided that the above 6 * copyright notice and this permission notice appear in all copies. 7 * 8 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 9 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 10 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 11 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 12 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 13 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 14 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 15 */ 16 17 #include <linux/firmware.h> 18 #include <net/bluetooth/bluetooth.h> 19 #include "rsi_mgmt.h" 20 #include "rsi_hal.h" 21 #include "rsi_sdio.h" 22 #include "rsi_common.h" 23 24 /* FLASH Firmware */ 25 static struct ta_metadata metadata_flash_content[] = { 26 {"flash_content", 0x00010000}, 27 {"rsi/rs9113_wlan_qspi.rps", 0x00010000}, 28 {"rsi/rs9113_wlan_bt_dual_mode.rps", 0x00010000}, 29 {"flash_content", 0x00010000}, 30 {"rsi/rs9113_ap_bt_dual_mode.rps", 0x00010000}, 31 32 }; 33 34 static struct ta_metadata metadata[] = {{"pmemdata_dummy", 0x00000000}, 35 {"rsi/rs9116_wlan.rps", 0x00000000}, 36 {"rsi/rs9116_wlan_bt_classic.rps", 0x00000000}, 37 {"rsi/pmemdata_dummy", 0x00000000}, 38 {"rsi/rs9116_wlan_bt_classic.rps", 0x00000000} 39 }; 40 41 int rsi_send_pkt_to_bus(struct rsi_common *common, struct sk_buff *skb) 42 { 43 struct rsi_hw *adapter = common->priv; 44 int status; 45 46 if (common->coex_mode > 1) 47 mutex_lock(&common->tx_bus_mutex); 48 49 status = adapter->host_intf_ops->write_pkt(common->priv, 50 skb->data, skb->len); 51 52 if (common->coex_mode > 1) 53 mutex_unlock(&common->tx_bus_mutex); 54 55 return status; 56 } 57 58 int rsi_prepare_mgmt_desc(struct rsi_common *common, struct sk_buff *skb) 59 { 60 struct rsi_hw *adapter = common->priv; 61 struct ieee80211_hdr *wh = NULL; 62 struct ieee80211_tx_info *info; 63 struct ieee80211_conf *conf = &adapter->hw->conf; 64 struct ieee80211_vif *vif; 65 struct rsi_mgmt_desc *mgmt_desc; 66 struct skb_info *tx_params; 67 struct rsi_xtended_desc *xtend_desc = NULL; 68 u8 header_size; 69 u32 dword_align_bytes = 0; 70 71 if (skb->len > MAX_MGMT_PKT_SIZE) { 72 rsi_dbg(INFO_ZONE, "%s: Dropping mgmt pkt > 512\n", __func__); 73 return -EINVAL; 74 } 75 76 info = IEEE80211_SKB_CB(skb); 77 tx_params = (struct skb_info *)info->driver_data; 78 vif = tx_params->vif; 79 80 /* Update header size */ 81 header_size = FRAME_DESC_SZ + sizeof(struct rsi_xtended_desc); 82 if (header_size > skb_headroom(skb)) { 83 rsi_dbg(ERR_ZONE, 84 "%s: Failed to add extended descriptor\n", 85 __func__); 86 return -ENOSPC; 87 } 88 skb_push(skb, header_size); 89 dword_align_bytes = ((unsigned long)skb->data & 0x3f); 90 if (dword_align_bytes > skb_headroom(skb)) { 91 rsi_dbg(ERR_ZONE, 92 "%s: Failed to add dword align\n", __func__); 93 return -ENOSPC; 94 } 95 skb_push(skb, dword_align_bytes); 96 header_size += dword_align_bytes; 97 98 tx_params->internal_hdr_size = header_size; 99 memset(&skb->data[0], 0, header_size); 100 wh = (struct ieee80211_hdr *)&skb->data[header_size]; 101 102 mgmt_desc = (struct rsi_mgmt_desc *)skb->data; 103 xtend_desc = (struct rsi_xtended_desc *)&skb->data[FRAME_DESC_SZ]; 104 105 rsi_set_len_qno(&mgmt_desc->len_qno, (skb->len - FRAME_DESC_SZ), 106 RSI_WIFI_MGMT_Q); 107 mgmt_desc->frame_type = TX_DOT11_MGMT; 108 mgmt_desc->header_len = MIN_802_11_HDR_LEN; 109 mgmt_desc->xtend_desc_size = header_size - FRAME_DESC_SZ; 110 111 if (ieee80211_is_probe_req(wh->frame_control)) 112 mgmt_desc->frame_info = cpu_to_le16(RSI_INSERT_SEQ_IN_FW); 113 mgmt_desc->frame_info |= cpu_to_le16(RATE_INFO_ENABLE); 114 if (is_broadcast_ether_addr(wh->addr1)) 115 mgmt_desc->frame_info |= cpu_to_le16(RSI_BROADCAST_PKT); 116 117 mgmt_desc->seq_ctrl = 118 cpu_to_le16(IEEE80211_SEQ_TO_SN(le16_to_cpu(wh->seq_ctrl))); 119 if ((common->band == NL80211_BAND_2GHZ) && !common->p2p_enabled) 120 mgmt_desc->rate_info = cpu_to_le16(RSI_RATE_1); 121 else 122 mgmt_desc->rate_info = cpu_to_le16(RSI_RATE_6); 123 124 if (conf_is_ht40(conf)) 125 mgmt_desc->bbp_info = cpu_to_le16(FULL40M_ENABLE); 126 127 if (ieee80211_is_probe_resp(wh->frame_control)) { 128 mgmt_desc->misc_flags |= (RSI_ADD_DELTA_TSF_VAP_ID | 129 RSI_FETCH_RETRY_CNT_FRM_HST); 130 #define PROBE_RESP_RETRY_CNT 3 131 xtend_desc->retry_cnt = PROBE_RESP_RETRY_CNT; 132 } 133 134 if (((vif->type == NL80211_IFTYPE_AP) || 135 (vif->type == NL80211_IFTYPE_P2P_GO)) && 136 (ieee80211_is_action(wh->frame_control))) { 137 struct rsi_sta *rsta = rsi_find_sta(common, wh->addr1); 138 139 if (rsta) 140 mgmt_desc->sta_id = tx_params->sta_id; 141 else 142 return -EINVAL; 143 } 144 mgmt_desc->rate_info |= 145 cpu_to_le16((tx_params->vap_id << RSI_DESC_VAP_ID_OFST) & 146 RSI_DESC_VAP_ID_MASK); 147 148 return 0; 149 } 150 151 /* This function prepares descriptor for given data packet */ 152 int rsi_prepare_data_desc(struct rsi_common *common, struct sk_buff *skb) 153 { 154 struct rsi_hw *adapter = common->priv; 155 struct ieee80211_vif *vif; 156 struct ieee80211_hdr *wh = NULL; 157 struct ieee80211_tx_info *info; 158 struct skb_info *tx_params; 159 struct rsi_data_desc *data_desc; 160 struct rsi_xtended_desc *xtend_desc; 161 u8 ieee80211_size = MIN_802_11_HDR_LEN; 162 u8 header_size; 163 u8 vap_id = 0; 164 u8 dword_align_bytes; 165 bool tx_eapol; 166 u16 seq_num; 167 168 info = IEEE80211_SKB_CB(skb); 169 vif = info->control.vif; 170 tx_params = (struct skb_info *)info->driver_data; 171 172 tx_eapol = IEEE80211_SKB_CB(skb)->control.flags & 173 IEEE80211_TX_CTRL_PORT_CTRL_PROTO; 174 175 header_size = FRAME_DESC_SZ + sizeof(struct rsi_xtended_desc); 176 if (header_size > skb_headroom(skb)) { 177 rsi_dbg(ERR_ZONE, "%s: Unable to send pkt\n", __func__); 178 return -ENOSPC; 179 } 180 skb_push(skb, header_size); 181 dword_align_bytes = ((unsigned long)skb->data & 0x3f); 182 if (header_size > skb_headroom(skb)) { 183 rsi_dbg(ERR_ZONE, "%s: Not enough headroom\n", __func__); 184 return -ENOSPC; 185 } 186 skb_push(skb, dword_align_bytes); 187 header_size += dword_align_bytes; 188 189 tx_params->internal_hdr_size = header_size; 190 data_desc = (struct rsi_data_desc *)skb->data; 191 memset(data_desc, 0, header_size); 192 193 xtend_desc = (struct rsi_xtended_desc *)&skb->data[FRAME_DESC_SZ]; 194 wh = (struct ieee80211_hdr *)&skb->data[header_size]; 195 seq_num = IEEE80211_SEQ_TO_SN(le16_to_cpu(wh->seq_ctrl)); 196 197 data_desc->xtend_desc_size = header_size - FRAME_DESC_SZ; 198 199 if (ieee80211_is_data_qos(wh->frame_control)) { 200 ieee80211_size += 2; 201 data_desc->mac_flags |= cpu_to_le16(RSI_QOS_ENABLE); 202 } 203 204 if (((vif->type == NL80211_IFTYPE_STATION) || 205 (vif->type == NL80211_IFTYPE_P2P_CLIENT)) && 206 (adapter->ps_state == PS_ENABLED)) 207 wh->frame_control |= cpu_to_le16(RSI_SET_PS_ENABLE); 208 209 if ((!(info->flags & IEEE80211_TX_INTFL_DONT_ENCRYPT)) && 210 tx_params->have_key) { 211 if (rsi_is_cipher_wep(common)) 212 ieee80211_size += 4; 213 else 214 ieee80211_size += 8; 215 data_desc->mac_flags |= cpu_to_le16(RSI_ENCRYPT_PKT); 216 } 217 rsi_set_len_qno(&data_desc->len_qno, (skb->len - FRAME_DESC_SZ), 218 RSI_WIFI_DATA_Q); 219 data_desc->header_len = ieee80211_size; 220 221 if (common->rate_config[common->band].fixed_enabled) { 222 /* Send fixed rate */ 223 u16 fixed_rate = common->rate_config[common->band].fixed_hw_rate; 224 225 data_desc->frame_info = cpu_to_le16(RATE_INFO_ENABLE); 226 data_desc->rate_info = cpu_to_le16(fixed_rate); 227 228 if (conf_is_ht40(&common->priv->hw->conf)) 229 data_desc->bbp_info = cpu_to_le16(FULL40M_ENABLE); 230 231 if (common->vif_info[0].sgi && (fixed_rate & 0x100)) { 232 /* Only MCS rates */ 233 data_desc->rate_info |= 234 cpu_to_le16(ENABLE_SHORTGI_RATE); 235 } 236 } 237 238 if (tx_eapol) { 239 rsi_dbg(INFO_ZONE, "*** Tx EAPOL ***\n"); 240 241 data_desc->frame_info = cpu_to_le16(RATE_INFO_ENABLE); 242 if (common->band == NL80211_BAND_5GHZ) 243 data_desc->rate_info = cpu_to_le16(RSI_RATE_6); 244 else 245 data_desc->rate_info = cpu_to_le16(RSI_RATE_1); 246 data_desc->mac_flags |= cpu_to_le16(RSI_REKEY_PURPOSE); 247 data_desc->misc_flags |= RSI_FETCH_RETRY_CNT_FRM_HST; 248 #define EAPOL_RETRY_CNT 15 249 xtend_desc->retry_cnt = EAPOL_RETRY_CNT; 250 251 if (common->eapol4_confirm) 252 skb->priority = VO_Q; 253 else 254 rsi_set_len_qno(&data_desc->len_qno, 255 (skb->len - FRAME_DESC_SZ), 256 RSI_WIFI_MGMT_Q); 257 if (((skb->len - header_size) == EAPOL4_PACKET_LEN) || 258 ((skb->len - header_size) == EAPOL4_PACKET_LEN - 2)) { 259 data_desc->misc_flags |= 260 RSI_DESC_REQUIRE_CFM_TO_HOST; 261 xtend_desc->confirm_frame_type = EAPOL4_CONFIRM; 262 } 263 } 264 265 data_desc->mac_flags |= cpu_to_le16(seq_num & 0xfff); 266 data_desc->qid_tid = ((skb->priority & 0xf) | 267 ((tx_params->tid & 0xf) << 4)); 268 data_desc->sta_id = tx_params->sta_id; 269 270 if ((is_broadcast_ether_addr(wh->addr1)) || 271 (is_multicast_ether_addr(wh->addr1))) { 272 data_desc->frame_info = cpu_to_le16(RATE_INFO_ENABLE); 273 data_desc->frame_info |= cpu_to_le16(RSI_BROADCAST_PKT); 274 data_desc->sta_id = vap_id; 275 276 if ((vif->type == NL80211_IFTYPE_AP) || 277 (vif->type == NL80211_IFTYPE_P2P_GO)) { 278 if (common->band == NL80211_BAND_5GHZ) 279 data_desc->rate_info = cpu_to_le16(RSI_RATE_6); 280 else 281 data_desc->rate_info = cpu_to_le16(RSI_RATE_1); 282 } 283 } 284 if (((vif->type == NL80211_IFTYPE_AP) || 285 (vif->type == NL80211_IFTYPE_P2P_GO)) && 286 (ieee80211_has_moredata(wh->frame_control))) 287 data_desc->frame_info |= cpu_to_le16(MORE_DATA_PRESENT); 288 289 data_desc->rate_info |= 290 cpu_to_le16((tx_params->vap_id << RSI_DESC_VAP_ID_OFST) & 291 RSI_DESC_VAP_ID_MASK); 292 293 return 0; 294 } 295 296 /* This function sends received data packet from driver to device */ 297 int rsi_send_data_pkt(struct rsi_common *common, struct sk_buff *skb) 298 { 299 struct rsi_hw *adapter = common->priv; 300 struct ieee80211_vif *vif; 301 struct ieee80211_tx_info *info; 302 int status = -EINVAL; 303 304 if (!skb) 305 return 0; 306 if (common->iface_down) 307 goto err; 308 309 info = IEEE80211_SKB_CB(skb); 310 if (!info->control.vif) 311 goto err; 312 vif = info->control.vif; 313 314 if (((vif->type == NL80211_IFTYPE_STATION) || 315 (vif->type == NL80211_IFTYPE_P2P_CLIENT)) && 316 (!vif->cfg.assoc)) 317 goto err; 318 319 status = rsi_send_pkt_to_bus(common, skb); 320 if (status) 321 rsi_dbg(ERR_ZONE, "%s: Failed to write pkt\n", __func__); 322 323 err: 324 ++common->tx_stats.total_tx_pkt_freed[skb->priority]; 325 rsi_indicate_tx_status(adapter, skb, status); 326 return status; 327 } 328 329 /** 330 * rsi_send_mgmt_pkt() - This functions sends the received management packet 331 * from driver to device. 332 * @common: Pointer to the driver private structure. 333 * @skb: Pointer to the socket buffer structure. 334 * 335 * Return: status: 0 on success, -1 on failure. 336 */ 337 int rsi_send_mgmt_pkt(struct rsi_common *common, 338 struct sk_buff *skb) 339 { 340 struct rsi_hw *adapter = common->priv; 341 struct ieee80211_hdr *wh; 342 struct ieee80211_tx_info *info; 343 struct skb_info *tx_params; 344 struct rsi_mgmt_desc *mgmt_desc; 345 struct rsi_xtended_desc *xtend_desc; 346 int status = -E2BIG; 347 u8 header_size; 348 349 info = IEEE80211_SKB_CB(skb); 350 tx_params = (struct skb_info *)info->driver_data; 351 header_size = tx_params->internal_hdr_size; 352 353 if (tx_params->flags & INTERNAL_MGMT_PKT) { 354 status = adapter->host_intf_ops->write_pkt(common->priv, 355 (u8 *)skb->data, 356 skb->len); 357 if (status) { 358 rsi_dbg(ERR_ZONE, 359 "%s: Failed to write the packet\n", __func__); 360 } 361 dev_kfree_skb(skb); 362 return status; 363 } 364 365 wh = (struct ieee80211_hdr *)&skb->data[header_size]; 366 mgmt_desc = (struct rsi_mgmt_desc *)skb->data; 367 xtend_desc = (struct rsi_xtended_desc *)&skb->data[FRAME_DESC_SZ]; 368 369 /* Indicate to firmware to give cfm for probe */ 370 if (ieee80211_is_probe_req(wh->frame_control) && 371 !info->control.vif->cfg.assoc) { 372 rsi_dbg(INFO_ZONE, 373 "%s: blocking mgmt queue\n", __func__); 374 mgmt_desc->misc_flags = RSI_DESC_REQUIRE_CFM_TO_HOST; 375 xtend_desc->confirm_frame_type = PROBEREQ_CONFIRM; 376 common->mgmt_q_block = true; 377 rsi_dbg(INFO_ZONE, "Mgmt queue blocked\n"); 378 } 379 380 status = rsi_send_pkt_to_bus(common, skb); 381 if (status) 382 rsi_dbg(ERR_ZONE, "%s: Failed to write the packet\n", __func__); 383 384 rsi_indicate_tx_status(common->priv, skb, status); 385 return status; 386 } 387 388 int rsi_send_bt_pkt(struct rsi_common *common, struct sk_buff *skb) 389 { 390 int status = -EINVAL; 391 u8 header_size = 0; 392 struct rsi_bt_desc *bt_desc; 393 u8 queueno = ((skb->data[1] >> 4) & 0xf); 394 395 if (queueno == RSI_BT_MGMT_Q) { 396 status = rsi_send_pkt_to_bus(common, skb); 397 if (status) 398 rsi_dbg(ERR_ZONE, "%s: Failed to write bt mgmt pkt\n", 399 __func__); 400 goto out; 401 } 402 header_size = FRAME_DESC_SZ; 403 if (header_size > skb_headroom(skb)) { 404 rsi_dbg(ERR_ZONE, "%s: Not enough headroom\n", __func__); 405 status = -ENOSPC; 406 goto out; 407 } 408 skb_push(skb, header_size); 409 memset(skb->data, 0, header_size); 410 bt_desc = (struct rsi_bt_desc *)skb->data; 411 412 rsi_set_len_qno(&bt_desc->len_qno, (skb->len - FRAME_DESC_SZ), 413 RSI_BT_DATA_Q); 414 bt_desc->bt_pkt_type = cpu_to_le16(bt_cb(skb)->pkt_type); 415 416 status = rsi_send_pkt_to_bus(common, skb); 417 if (status) 418 rsi_dbg(ERR_ZONE, "%s: Failed to write bt pkt\n", __func__); 419 420 out: 421 dev_kfree_skb(skb); 422 return status; 423 } 424 425 int rsi_prepare_beacon(struct rsi_common *common, struct sk_buff *skb) 426 { 427 struct rsi_hw *adapter = common->priv; 428 struct rsi_data_desc *bcn_frm; 429 struct ieee80211_hw *hw = common->priv->hw; 430 struct ieee80211_conf *conf = &hw->conf; 431 struct ieee80211_vif *vif; 432 struct sk_buff *mac_bcn; 433 u8 vap_id = 0, i; 434 u16 tim_offset = 0; 435 436 for (i = 0; i < RSI_MAX_VIFS; i++) { 437 vif = adapter->vifs[i]; 438 if (!vif) 439 continue; 440 if ((vif->type == NL80211_IFTYPE_AP) || 441 (vif->type == NL80211_IFTYPE_P2P_GO)) 442 break; 443 } 444 if (!vif) 445 return -EINVAL; 446 mac_bcn = ieee80211_beacon_get_tim(adapter->hw, 447 vif, 448 &tim_offset, NULL, 0); 449 if (!mac_bcn) { 450 rsi_dbg(ERR_ZONE, "Failed to get beacon from mac80211\n"); 451 return -EINVAL; 452 } 453 454 common->beacon_cnt++; 455 bcn_frm = (struct rsi_data_desc *)skb->data; 456 rsi_set_len_qno(&bcn_frm->len_qno, mac_bcn->len, RSI_WIFI_DATA_Q); 457 bcn_frm->header_len = MIN_802_11_HDR_LEN; 458 bcn_frm->frame_info = cpu_to_le16(RSI_DATA_DESC_MAC_BBP_INFO | 459 RSI_DATA_DESC_NO_ACK_IND | 460 RSI_DATA_DESC_BEACON_FRAME | 461 RSI_DATA_DESC_INSERT_TSF | 462 RSI_DATA_DESC_INSERT_SEQ_NO | 463 RATE_INFO_ENABLE); 464 bcn_frm->rate_info = cpu_to_le16(vap_id << 14); 465 bcn_frm->qid_tid = BEACON_HW_Q; 466 467 if (conf_is_ht40_plus(conf)) { 468 bcn_frm->bbp_info = cpu_to_le16(LOWER_20_ENABLE); 469 bcn_frm->bbp_info |= cpu_to_le16(LOWER_20_ENABLE >> 12); 470 } else if (conf_is_ht40_minus(conf)) { 471 bcn_frm->bbp_info = cpu_to_le16(UPPER_20_ENABLE); 472 bcn_frm->bbp_info |= cpu_to_le16(UPPER_20_ENABLE >> 12); 473 } 474 475 if (common->band == NL80211_BAND_2GHZ) 476 bcn_frm->rate_info |= cpu_to_le16(RSI_RATE_1); 477 else 478 bcn_frm->rate_info |= cpu_to_le16(RSI_RATE_6); 479 480 if (mac_bcn->data[tim_offset + 2] == 0) 481 bcn_frm->frame_info |= cpu_to_le16(RSI_DATA_DESC_DTIM_BEACON); 482 483 memcpy(&skb->data[FRAME_DESC_SZ], mac_bcn->data, mac_bcn->len); 484 skb_put(skb, mac_bcn->len + FRAME_DESC_SZ); 485 486 dev_kfree_skb(mac_bcn); 487 488 return 0; 489 } 490 491 static void bl_cmd_timeout(struct timer_list *t) 492 { 493 struct rsi_hw *adapter = from_timer(adapter, t, bl_cmd_timer); 494 495 adapter->blcmd_timer_expired = true; 496 del_timer(&adapter->bl_cmd_timer); 497 } 498 499 static int bl_start_cmd_timer(struct rsi_hw *adapter, u32 timeout) 500 { 501 timer_setup(&adapter->bl_cmd_timer, bl_cmd_timeout, 0); 502 adapter->bl_cmd_timer.expires = (msecs_to_jiffies(timeout) + jiffies); 503 504 adapter->blcmd_timer_expired = false; 505 add_timer(&adapter->bl_cmd_timer); 506 507 return 0; 508 } 509 510 static int bl_stop_cmd_timer(struct rsi_hw *adapter) 511 { 512 adapter->blcmd_timer_expired = false; 513 if (timer_pending(&adapter->bl_cmd_timer)) 514 del_timer(&adapter->bl_cmd_timer); 515 516 return 0; 517 } 518 519 static int bl_write_cmd(struct rsi_hw *adapter, u8 cmd, u8 exp_resp, 520 u16 *cmd_resp) 521 { 522 struct rsi_host_intf_ops *hif_ops = adapter->host_intf_ops; 523 u32 regin_val = 0, regout_val = 0; 524 u32 regin_input = 0; 525 u8 output = 0; 526 int status; 527 528 regin_input = (REGIN_INPUT | adapter->priv->coex_mode); 529 530 while (!adapter->blcmd_timer_expired) { 531 regin_val = 0; 532 status = hif_ops->master_reg_read(adapter, SWBL_REGIN, 533 ®in_val, 2); 534 if (status < 0) { 535 rsi_dbg(ERR_ZONE, 536 "%s: Command %0x REGIN reading failed..\n", 537 __func__, cmd); 538 return status; 539 } 540 mdelay(1); 541 if ((regin_val >> 12) != REGIN_VALID) 542 break; 543 } 544 if (adapter->blcmd_timer_expired) { 545 rsi_dbg(ERR_ZONE, 546 "%s: Command %0x REGIN reading timed out..\n", 547 __func__, cmd); 548 return -ETIMEDOUT; 549 } 550 551 rsi_dbg(INFO_ZONE, 552 "Issuing write to Regin val:%0x sending cmd:%0x\n", 553 regin_val, (cmd | regin_input << 8)); 554 status = hif_ops->master_reg_write(adapter, SWBL_REGIN, 555 (cmd | regin_input << 8), 2); 556 if (status < 0) 557 return status; 558 mdelay(1); 559 560 if (cmd == LOAD_HOSTED_FW || cmd == JUMP_TO_ZERO_PC) { 561 /* JUMP_TO_ZERO_PC doesn't expect 562 * any response. So return from here 563 */ 564 return 0; 565 } 566 567 while (!adapter->blcmd_timer_expired) { 568 regout_val = 0; 569 status = hif_ops->master_reg_read(adapter, SWBL_REGOUT, 570 ®out_val, 2); 571 if (status < 0) { 572 rsi_dbg(ERR_ZONE, 573 "%s: Command %0x REGOUT reading failed..\n", 574 __func__, cmd); 575 return status; 576 } 577 mdelay(1); 578 if ((regout_val >> 8) == REGOUT_VALID) 579 break; 580 } 581 if (adapter->blcmd_timer_expired) { 582 rsi_dbg(ERR_ZONE, 583 "%s: Command %0x REGOUT reading timed out..\n", 584 __func__, cmd); 585 return status; 586 } 587 588 *cmd_resp = ((u16 *)®out_val)[0] & 0xffff; 589 590 output = ((u8 *)®out_val)[0] & 0xff; 591 592 status = hif_ops->master_reg_write(adapter, SWBL_REGOUT, 593 (cmd | REGOUT_INVALID << 8), 2); 594 if (status < 0) { 595 rsi_dbg(ERR_ZONE, 596 "%s: Command %0x REGOUT writing failed..\n", 597 __func__, cmd); 598 return status; 599 } 600 mdelay(1); 601 602 if (output != exp_resp) { 603 rsi_dbg(ERR_ZONE, 604 "%s: Recvd resp %x for cmd %0x\n", 605 __func__, output, cmd); 606 return -EINVAL; 607 } 608 rsi_dbg(INFO_ZONE, 609 "%s: Recvd Expected resp %x for cmd %0x\n", 610 __func__, output, cmd); 611 612 return 0; 613 } 614 615 static int bl_cmd(struct rsi_hw *adapter, u8 cmd, u8 exp_resp, char *str) 616 { 617 u16 regout_val = 0; 618 u32 timeout; 619 int status; 620 621 if ((cmd == EOF_REACHED) || (cmd == PING_VALID) || (cmd == PONG_VALID)) 622 timeout = BL_BURN_TIMEOUT; 623 else 624 timeout = BL_CMD_TIMEOUT; 625 626 bl_start_cmd_timer(adapter, timeout); 627 status = bl_write_cmd(adapter, cmd, exp_resp, ®out_val); 628 if (status < 0) { 629 bl_stop_cmd_timer(adapter); 630 rsi_dbg(ERR_ZONE, 631 "%s: Command %s (%0x) writing failed..\n", 632 __func__, str, cmd); 633 return status; 634 } 635 bl_stop_cmd_timer(adapter); 636 return 0; 637 } 638 639 #define CHECK_SUM_OFFSET 20 640 #define LEN_OFFSET 8 641 #define ADDR_OFFSET 16 642 static int bl_write_header(struct rsi_hw *adapter, u8 *flash_content, 643 u32 content_size) 644 { 645 struct rsi_host_intf_ops *hif_ops = adapter->host_intf_ops; 646 struct bl_header *bl_hdr; 647 u32 write_addr, write_len; 648 int status; 649 650 bl_hdr = kzalloc(sizeof(*bl_hdr), GFP_KERNEL); 651 if (!bl_hdr) 652 return -ENOMEM; 653 654 bl_hdr->flags = 0; 655 bl_hdr->image_no = cpu_to_le32(adapter->priv->coex_mode); 656 bl_hdr->check_sum = 657 cpu_to_le32(*(u32 *)&flash_content[CHECK_SUM_OFFSET]); 658 bl_hdr->flash_start_address = 659 cpu_to_le32(*(u32 *)&flash_content[ADDR_OFFSET]); 660 bl_hdr->flash_len = cpu_to_le32(*(u32 *)&flash_content[LEN_OFFSET]); 661 write_len = sizeof(struct bl_header); 662 663 if (adapter->rsi_host_intf == RSI_HOST_INTF_USB) { 664 write_addr = PING_BUFFER_ADDRESS; 665 status = hif_ops->write_reg_multiple(adapter, write_addr, 666 (u8 *)bl_hdr, write_len); 667 if (status < 0) { 668 rsi_dbg(ERR_ZONE, 669 "%s: Failed to load Version/CRC structure\n", 670 __func__); 671 goto fail; 672 } 673 } else { 674 write_addr = PING_BUFFER_ADDRESS >> 16; 675 status = hif_ops->master_access_msword(adapter, write_addr); 676 if (status < 0) { 677 rsi_dbg(ERR_ZONE, 678 "%s: Unable to set ms word to common reg\n", 679 __func__); 680 goto fail; 681 } 682 write_addr = RSI_SD_REQUEST_MASTER | 683 (PING_BUFFER_ADDRESS & 0xFFFF); 684 status = hif_ops->write_reg_multiple(adapter, write_addr, 685 (u8 *)bl_hdr, write_len); 686 if (status < 0) { 687 rsi_dbg(ERR_ZONE, 688 "%s: Failed to load Version/CRC structure\n", 689 __func__); 690 goto fail; 691 } 692 } 693 status = 0; 694 fail: 695 kfree(bl_hdr); 696 return status; 697 } 698 699 static u32 read_flash_capacity(struct rsi_hw *adapter) 700 { 701 u32 flash_sz = 0; 702 703 if ((adapter->host_intf_ops->master_reg_read(adapter, FLASH_SIZE_ADDR, 704 &flash_sz, 2)) < 0) { 705 rsi_dbg(ERR_ZONE, 706 "%s: Flash size reading failed..\n", 707 __func__); 708 return 0; 709 } 710 rsi_dbg(INIT_ZONE, "Flash capacity: %d KiloBytes\n", flash_sz); 711 712 return (flash_sz * 1024); /* Return size in kbytes */ 713 } 714 715 static int ping_pong_write(struct rsi_hw *adapter, u8 cmd, u8 *addr, u32 size) 716 { 717 struct rsi_host_intf_ops *hif_ops = adapter->host_intf_ops; 718 u32 block_size = adapter->block_size; 719 u32 cmd_addr; 720 u16 cmd_resp, cmd_req; 721 u8 *str; 722 int status; 723 724 if (cmd == PING_WRITE) { 725 cmd_addr = PING_BUFFER_ADDRESS; 726 cmd_resp = PONG_AVAIL; 727 cmd_req = PING_VALID; 728 str = "PING_VALID"; 729 } else { 730 cmd_addr = PONG_BUFFER_ADDRESS; 731 cmd_resp = PING_AVAIL; 732 cmd_req = PONG_VALID; 733 str = "PONG_VALID"; 734 } 735 736 status = hif_ops->load_data_master_write(adapter, cmd_addr, size, 737 block_size, addr); 738 if (status) { 739 rsi_dbg(ERR_ZONE, "%s: Unable to write blk at addr %0x\n", 740 __func__, *addr); 741 return status; 742 } 743 744 status = bl_cmd(adapter, cmd_req, cmd_resp, str); 745 if (status) 746 return status; 747 748 return 0; 749 } 750 751 static int auto_fw_upgrade(struct rsi_hw *adapter, u8 *flash_content, 752 u32 content_size) 753 { 754 u8 cmd; 755 u32 temp_content_size, num_flash, index; 756 u32 flash_start_address; 757 int status; 758 759 if (content_size > MAX_FLASH_FILE_SIZE) { 760 rsi_dbg(ERR_ZONE, 761 "%s: Flash Content size is more than 400K %u\n", 762 __func__, MAX_FLASH_FILE_SIZE); 763 return -EINVAL; 764 } 765 766 flash_start_address = *(u32 *)&flash_content[FLASH_START_ADDRESS]; 767 rsi_dbg(INFO_ZONE, "flash start address: %08x\n", flash_start_address); 768 769 if (flash_start_address < FW_IMAGE_MIN_ADDRESS) { 770 rsi_dbg(ERR_ZONE, 771 "%s: Fw image Flash Start Address is less than 64K\n", 772 __func__); 773 return -EINVAL; 774 } 775 776 if (flash_start_address % FLASH_SECTOR_SIZE) { 777 rsi_dbg(ERR_ZONE, 778 "%s: Flash Start Address is not multiple of 4K\n", 779 __func__); 780 return -EINVAL; 781 } 782 783 if ((flash_start_address + content_size) > adapter->flash_capacity) { 784 rsi_dbg(ERR_ZONE, 785 "%s: Flash Content will cross max flash size\n", 786 __func__); 787 return -EINVAL; 788 } 789 790 temp_content_size = content_size; 791 num_flash = content_size / FLASH_WRITE_CHUNK_SIZE; 792 793 rsi_dbg(INFO_ZONE, "content_size: %d, num_flash: %d\n", 794 content_size, num_flash); 795 796 for (index = 0; index <= num_flash; index++) { 797 rsi_dbg(INFO_ZONE, "flash index: %d\n", index); 798 if (index != num_flash) { 799 content_size = FLASH_WRITE_CHUNK_SIZE; 800 rsi_dbg(INFO_ZONE, "QSPI content_size:%d\n", 801 content_size); 802 } else { 803 content_size = 804 temp_content_size % FLASH_WRITE_CHUNK_SIZE; 805 rsi_dbg(INFO_ZONE, 806 "Writing last sector content_size:%d\n", 807 content_size); 808 if (!content_size) { 809 rsi_dbg(INFO_ZONE, "instruction size zero\n"); 810 break; 811 } 812 } 813 814 if (index % 2) 815 cmd = PING_WRITE; 816 else 817 cmd = PONG_WRITE; 818 819 status = ping_pong_write(adapter, cmd, flash_content, 820 content_size); 821 if (status) { 822 rsi_dbg(ERR_ZONE, "%s: Unable to load %d block\n", 823 __func__, index); 824 return status; 825 } 826 827 rsi_dbg(INFO_ZONE, 828 "%s: Successfully loaded %d instructions\n", 829 __func__, index); 830 flash_content += content_size; 831 } 832 833 status = bl_cmd(adapter, EOF_REACHED, FW_LOADING_SUCCESSFUL, 834 "EOF_REACHED"); 835 if (status) 836 return status; 837 838 rsi_dbg(INFO_ZONE, "FW loading is done and FW is running..\n"); 839 return 0; 840 } 841 842 static int rsi_hal_prepare_fwload(struct rsi_hw *adapter) 843 { 844 struct rsi_host_intf_ops *hif_ops = adapter->host_intf_ops; 845 u32 regout_val = 0; 846 int status; 847 848 bl_start_cmd_timer(adapter, BL_CMD_TIMEOUT); 849 850 while (!adapter->blcmd_timer_expired) { 851 status = hif_ops->master_reg_read(adapter, SWBL_REGOUT, 852 ®out_val, 853 RSI_COMMON_REG_SIZE); 854 if (status < 0) { 855 bl_stop_cmd_timer(adapter); 856 rsi_dbg(ERR_ZONE, 857 "%s: REGOUT read failed\n", __func__); 858 return status; 859 } 860 mdelay(1); 861 if ((regout_val >> 8) == REGOUT_VALID) 862 break; 863 } 864 if (adapter->blcmd_timer_expired) { 865 rsi_dbg(ERR_ZONE, "%s: REGOUT read timedout\n", __func__); 866 rsi_dbg(ERR_ZONE, 867 "%s: Soft boot loader not present\n", __func__); 868 return -ETIMEDOUT; 869 } 870 bl_stop_cmd_timer(adapter); 871 872 rsi_dbg(INFO_ZONE, "Received Board Version Number: %x\n", 873 (regout_val & 0xff)); 874 875 status = hif_ops->master_reg_write(adapter, SWBL_REGOUT, 876 (REGOUT_INVALID | 877 REGOUT_INVALID << 8), 878 RSI_COMMON_REG_SIZE); 879 if (status < 0) 880 rsi_dbg(ERR_ZONE, "%s: REGOUT writing failed..\n", __func__); 881 else 882 rsi_dbg(INFO_ZONE, 883 "===> Device is ready to load firmware <===\n"); 884 885 return status; 886 } 887 888 static int rsi_load_9113_firmware(struct rsi_hw *adapter) 889 { 890 struct rsi_common *common = adapter->priv; 891 const struct firmware *fw_entry = NULL; 892 u32 content_size; 893 u16 tmp_regout_val = 0; 894 struct ta_metadata *metadata_p; 895 int status; 896 897 status = bl_cmd(adapter, AUTO_READ_MODE, CMD_PASS, 898 "AUTO_READ_CMD"); 899 if (status < 0) 900 return status; 901 902 adapter->flash_capacity = read_flash_capacity(adapter); 903 if (adapter->flash_capacity <= 0) { 904 rsi_dbg(ERR_ZONE, 905 "%s: Unable to read flash size from EEPROM\n", 906 __func__); 907 return -EINVAL; 908 } 909 910 metadata_p = &metadata_flash_content[adapter->priv->coex_mode]; 911 912 rsi_dbg(INIT_ZONE, "%s: Loading file %s\n", __func__, metadata_p->name); 913 adapter->fw_file_name = metadata_p->name; 914 915 status = request_firmware(&fw_entry, metadata_p->name, adapter->device); 916 if (status < 0) { 917 rsi_dbg(ERR_ZONE, "%s: Failed to open file %s\n", 918 __func__, metadata_p->name); 919 return status; 920 } 921 content_size = fw_entry->size; 922 rsi_dbg(INFO_ZONE, "FW Length = %d bytes\n", content_size); 923 924 /* Get the firmware version */ 925 common->lmac_ver.ver.info.fw_ver[0] = 926 fw_entry->data[LMAC_VER_OFFSET_9113] & 0xFF; 927 common->lmac_ver.ver.info.fw_ver[1] = 928 fw_entry->data[LMAC_VER_OFFSET_9113 + 1] & 0xFF; 929 common->lmac_ver.major = 930 fw_entry->data[LMAC_VER_OFFSET_9113 + 2] & 0xFF; 931 common->lmac_ver.release_num = 932 fw_entry->data[LMAC_VER_OFFSET_9113 + 3] & 0xFF; 933 common->lmac_ver.minor = 934 fw_entry->data[LMAC_VER_OFFSET_9113 + 4] & 0xFF; 935 common->lmac_ver.patch_num = 0; 936 rsi_print_version(common); 937 938 status = bl_write_header(adapter, (u8 *)fw_entry->data, content_size); 939 if (status) { 940 rsi_dbg(ERR_ZONE, 941 "%s: RPS Image header loading failed\n", 942 __func__); 943 goto fail; 944 } 945 946 bl_start_cmd_timer(adapter, BL_CMD_TIMEOUT); 947 status = bl_write_cmd(adapter, CHECK_CRC, CMD_PASS, &tmp_regout_val); 948 if (status) { 949 bl_stop_cmd_timer(adapter); 950 rsi_dbg(ERR_ZONE, 951 "%s: CHECK_CRC Command writing failed..\n", 952 __func__); 953 if ((tmp_regout_val & 0xff) == CMD_FAIL) { 954 rsi_dbg(ERR_ZONE, 955 "CRC Fail.. Proceeding to Upgrade mode\n"); 956 goto fw_upgrade; 957 } 958 } 959 bl_stop_cmd_timer(adapter); 960 961 status = bl_cmd(adapter, POLLING_MODE, CMD_PASS, "POLLING_MODE"); 962 if (status) 963 goto fail; 964 965 load_image_cmd: 966 status = bl_cmd(adapter, LOAD_HOSTED_FW, LOADING_INITIATED, 967 "LOAD_HOSTED_FW"); 968 if (status) 969 goto fail; 970 rsi_dbg(INFO_ZONE, "Load Image command passed..\n"); 971 goto success; 972 973 fw_upgrade: 974 status = bl_cmd(adapter, BURN_HOSTED_FW, SEND_RPS_FILE, "FW_UPGRADE"); 975 if (status) 976 goto fail; 977 978 rsi_dbg(INFO_ZONE, "Burn Command Pass.. Upgrading the firmware\n"); 979 980 status = auto_fw_upgrade(adapter, (u8 *)fw_entry->data, content_size); 981 if (status == 0) { 982 rsi_dbg(ERR_ZONE, "Firmware upgradation Done\n"); 983 goto load_image_cmd; 984 } 985 rsi_dbg(ERR_ZONE, "Firmware upgrade failed\n"); 986 987 status = bl_cmd(adapter, AUTO_READ_MODE, CMD_PASS, 988 "AUTO_READ_MODE"); 989 if (status) 990 goto fail; 991 992 success: 993 rsi_dbg(ERR_ZONE, "***** Firmware Loading successful *****\n"); 994 release_firmware(fw_entry); 995 return 0; 996 997 fail: 998 rsi_dbg(ERR_ZONE, "##### Firmware loading failed #####\n"); 999 release_firmware(fw_entry); 1000 return status; 1001 } 1002 1003 static int rsi_load_9116_firmware(struct rsi_hw *adapter) 1004 { 1005 struct rsi_common *common = adapter->priv; 1006 struct rsi_host_intf_ops *hif_ops = adapter->host_intf_ops; 1007 const struct firmware *fw_entry; 1008 struct ta_metadata *metadata_p; 1009 u8 *ta_firmware, *fw_p; 1010 struct bootload_ds bootload_ds; 1011 u32 instructions_sz, base_address; 1012 u16 block_size = adapter->block_size; 1013 u32 dest, len; 1014 int status, cnt; 1015 1016 rsi_dbg(INIT_ZONE, "***** Load 9116 TA Instructions *****\n"); 1017 1018 if (adapter->rsi_host_intf == RSI_HOST_INTF_USB) { 1019 status = bl_cmd(adapter, POLLING_MODE, CMD_PASS, 1020 "POLLING_MODE"); 1021 if (status < 0) 1022 return status; 1023 } 1024 1025 status = hif_ops->master_reg_write(adapter, MEM_ACCESS_CTRL_FROM_HOST, 1026 RAM_384K_ACCESS_FROM_TA, 1027 RSI_9116_REG_SIZE); 1028 if (status < 0) { 1029 rsi_dbg(ERR_ZONE, "%s: Unable to access full RAM memory\n", 1030 __func__); 1031 return status; 1032 } 1033 1034 metadata_p = &metadata[adapter->priv->coex_mode]; 1035 rsi_dbg(INIT_ZONE, "%s: loading file %s\n", __func__, metadata_p->name); 1036 status = request_firmware(&fw_entry, metadata_p->name, adapter->device); 1037 if (status < 0) { 1038 rsi_dbg(ERR_ZONE, "%s: Failed to open file %s\n", 1039 __func__, metadata_p->name); 1040 return status; 1041 } 1042 1043 ta_firmware = kmemdup(fw_entry->data, fw_entry->size, GFP_KERNEL); 1044 if (!ta_firmware) { 1045 status = -ENOMEM; 1046 goto fail_release_fw; 1047 } 1048 fw_p = ta_firmware; 1049 instructions_sz = fw_entry->size; 1050 rsi_dbg(INFO_ZONE, "FW Length = %d bytes\n", instructions_sz); 1051 1052 common->lmac_ver.major = ta_firmware[LMAC_VER_OFFSET_9116]; 1053 common->lmac_ver.minor = ta_firmware[LMAC_VER_OFFSET_9116 + 1]; 1054 common->lmac_ver.release_num = ta_firmware[LMAC_VER_OFFSET_9116 + 2]; 1055 common->lmac_ver.patch_num = ta_firmware[LMAC_VER_OFFSET_9116 + 3]; 1056 common->lmac_ver.ver.info.fw_ver[0] = 1057 ta_firmware[LMAC_VER_OFFSET_9116 + 4]; 1058 1059 if (instructions_sz % FW_ALIGN_SIZE) 1060 instructions_sz += 1061 (FW_ALIGN_SIZE - (instructions_sz % FW_ALIGN_SIZE)); 1062 rsi_dbg(INFO_ZONE, "instructions_sz : %d\n", instructions_sz); 1063 1064 if (*(u16 *)fw_p == RSI_9116_FW_MAGIC_WORD) { 1065 memcpy(&bootload_ds, fw_p, sizeof(struct bootload_ds)); 1066 fw_p += le16_to_cpu(bootload_ds.offset); 1067 rsi_dbg(INFO_ZONE, "FW start = %x\n", *(u32 *)fw_p); 1068 1069 cnt = 0; 1070 do { 1071 rsi_dbg(ERR_ZONE, "%s: Loading chunk %d\n", 1072 __func__, cnt); 1073 1074 dest = le32_to_cpu(bootload_ds.bl_entry[cnt].dst_addr); 1075 len = le32_to_cpu(bootload_ds.bl_entry[cnt].control) & 1076 RSI_BL_CTRL_LEN_MASK; 1077 rsi_dbg(INFO_ZONE, "length %d destination %x\n", 1078 len, dest); 1079 1080 status = hif_ops->load_data_master_write(adapter, dest, 1081 len, 1082 block_size, 1083 fw_p); 1084 if (status < 0) { 1085 rsi_dbg(ERR_ZONE, 1086 "Failed to load chunk %d\n", cnt); 1087 break; 1088 } 1089 fw_p += len; 1090 if (le32_to_cpu(bootload_ds.bl_entry[cnt].control) & 1091 RSI_BL_CTRL_LAST_ENTRY) 1092 break; 1093 cnt++; 1094 } while (1); 1095 } else { 1096 base_address = metadata_p->address; 1097 status = hif_ops->load_data_master_write(adapter, 1098 base_address, 1099 instructions_sz, 1100 block_size, 1101 ta_firmware); 1102 } 1103 if (status) { 1104 rsi_dbg(ERR_ZONE, 1105 "%s: Unable to load %s blk\n", 1106 __func__, metadata_p->name); 1107 goto fail_free_fw; 1108 } 1109 1110 rsi_dbg(INIT_ZONE, "%s: Successfully loaded %s instructions\n", 1111 __func__, metadata_p->name); 1112 1113 if (adapter->rsi_host_intf == RSI_HOST_INTF_SDIO) { 1114 if (hif_ops->ta_reset(adapter)) 1115 rsi_dbg(ERR_ZONE, "Unable to put ta in reset\n"); 1116 } else { 1117 if (bl_cmd(adapter, JUMP_TO_ZERO_PC, 1118 CMD_PASS, "JUMP_TO_ZERO") < 0) 1119 rsi_dbg(INFO_ZONE, "Jump to zero command failed\n"); 1120 else 1121 rsi_dbg(INFO_ZONE, "Jump to zero command successful\n"); 1122 } 1123 1124 fail_free_fw: 1125 kfree(ta_firmware); 1126 fail_release_fw: 1127 release_firmware(fw_entry); 1128 1129 return status; 1130 } 1131 1132 int rsi_hal_device_init(struct rsi_hw *adapter) 1133 { 1134 struct rsi_common *common = adapter->priv; 1135 int status; 1136 1137 switch (adapter->device_model) { 1138 case RSI_DEV_9113: 1139 status = rsi_hal_prepare_fwload(adapter); 1140 if (status < 0) 1141 return status; 1142 if (rsi_load_9113_firmware(adapter)) { 1143 rsi_dbg(ERR_ZONE, 1144 "%s: Failed to load TA instructions\n", 1145 __func__); 1146 return -EINVAL; 1147 } 1148 break; 1149 case RSI_DEV_9116: 1150 status = rsi_hal_prepare_fwload(adapter); 1151 if (status < 0) 1152 return status; 1153 if (rsi_load_9116_firmware(adapter)) { 1154 rsi_dbg(ERR_ZONE, 1155 "%s: Failed to load firmware to 9116 device\n", 1156 __func__); 1157 return -EINVAL; 1158 } 1159 break; 1160 default: 1161 return -EINVAL; 1162 } 1163 common->fsm_state = FSM_CARD_NOT_READY; 1164 1165 return 0; 1166 } 1167 EXPORT_SYMBOL_GPL(rsi_hal_device_init); 1168 1169