1 /**
2  * Copyright (c) 2014 Redpine Signals Inc.
3  *
4  * Permission to use, copy, modify, and/or distribute this software for any
5  * purpose with or without fee is hereby granted, provided that the above
6  * copyright notice and this permission notice appear in all copies.
7  *
8  * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
9  * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
10  * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
11  * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
12  * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
13  * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
14  * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
15  */
16 
17 #include <linux/firmware.h>
18 #include "rsi_mgmt.h"
19 #include "rsi_hal.h"
20 #include "rsi_sdio.h"
21 
22 /* FLASH Firmware */
23 static struct ta_metadata metadata_flash_content[] = {
24 	{"flash_content", 0x00010000},
25 	{"rsi/rs9113_wlan_qspi.rps", 0x00010000},
26 };
27 
28 /**
29  * rsi_send_data_pkt() - This function sends the recieved data packet from
30  *			 driver to device.
31  * @common: Pointer to the driver private structure.
32  * @skb: Pointer to the socket buffer structure.
33  *
34  * Return: status: 0 on success, -1 on failure.
35  */
36 int rsi_send_data_pkt(struct rsi_common *common, struct sk_buff *skb)
37 {
38 	struct rsi_hw *adapter = common->priv;
39 	struct ieee80211_hdr *tmp_hdr;
40 	struct ieee80211_tx_info *info;
41 	struct skb_info *tx_params;
42 	struct ieee80211_bss_conf *bss;
43 	int status;
44 	u8 ieee80211_size = MIN_802_11_HDR_LEN;
45 	u8 extnd_size;
46 	__le16 *frame_desc;
47 	u16 seq_num;
48 
49 	info = IEEE80211_SKB_CB(skb);
50 	bss = &info->control.vif->bss_conf;
51 	tx_params = (struct skb_info *)info->driver_data;
52 
53 	if (!bss->assoc) {
54 		status = -EINVAL;
55 		goto err;
56 	}
57 
58 	tmp_hdr = (struct ieee80211_hdr *)&skb->data[0];
59 	seq_num = (le16_to_cpu(tmp_hdr->seq_ctrl) >> 4);
60 
61 	extnd_size = ((uintptr_t)skb->data & 0x3);
62 
63 	if ((FRAME_DESC_SZ + extnd_size) > skb_headroom(skb)) {
64 		rsi_dbg(ERR_ZONE, "%s: Unable to send pkt\n", __func__);
65 		status = -ENOSPC;
66 		goto err;
67 	}
68 
69 	skb_push(skb, (FRAME_DESC_SZ + extnd_size));
70 	frame_desc = (__le16 *)&skb->data[0];
71 	memset((u8 *)frame_desc, 0, FRAME_DESC_SZ);
72 
73 	if (ieee80211_is_data_qos(tmp_hdr->frame_control)) {
74 		ieee80211_size += 2;
75 		frame_desc[6] |= cpu_to_le16(BIT(12));
76 	}
77 
78 	if ((!(info->flags & IEEE80211_TX_INTFL_DONT_ENCRYPT)) &&
79 	    (common->secinfo.security_enable)) {
80 		if (rsi_is_cipher_wep(common))
81 			ieee80211_size += 4;
82 		else
83 			ieee80211_size += 8;
84 		frame_desc[6] |= cpu_to_le16(BIT(15));
85 	}
86 
87 	frame_desc[0] = cpu_to_le16((skb->len - FRAME_DESC_SZ) |
88 				    (RSI_WIFI_DATA_Q << 12));
89 	frame_desc[2] = cpu_to_le16((extnd_size) | (ieee80211_size) << 8);
90 
91 	if (common->min_rate != 0xffff) {
92 		/* Send fixed rate */
93 		frame_desc[3] = cpu_to_le16(RATE_INFO_ENABLE);
94 		frame_desc[4] = cpu_to_le16(common->min_rate);
95 
96 		if (conf_is_ht40(&common->priv->hw->conf))
97 			frame_desc[5] = cpu_to_le16(FULL40M_ENABLE);
98 
99 		if (common->vif_info[0].sgi) {
100 			if (common->min_rate & 0x100) /* Only MCS rates */
101 				frame_desc[4] |=
102 					cpu_to_le16(ENABLE_SHORTGI_RATE);
103 		}
104 
105 	}
106 
107 	frame_desc[6] |= cpu_to_le16(seq_num & 0xfff);
108 	frame_desc[7] = cpu_to_le16(((tx_params->tid & 0xf) << 4) |
109 				    (skb->priority & 0xf) |
110 				    (tx_params->sta_id << 8));
111 
112 	status = adapter->host_intf_ops->write_pkt(common->priv, skb->data,
113 						   skb->len);
114 	if (status)
115 		rsi_dbg(ERR_ZONE, "%s: Failed to write pkt\n",
116 			__func__);
117 
118 err:
119 	++common->tx_stats.total_tx_pkt_freed[skb->priority];
120 	rsi_indicate_tx_status(common->priv, skb, status);
121 	return status;
122 }
123 
124 /**
125  * rsi_send_mgmt_pkt() - This functions sends the received management packet
126  *			 from driver to device.
127  * @common: Pointer to the driver private structure.
128  * @skb: Pointer to the socket buffer structure.
129  *
130  * Return: status: 0 on success, -1 on failure.
131  */
132 int rsi_send_mgmt_pkt(struct rsi_common *common,
133 		      struct sk_buff *skb)
134 {
135 	struct rsi_hw *adapter = common->priv;
136 	struct ieee80211_hdr *wh;
137 	struct ieee80211_tx_info *info;
138 	struct ieee80211_bss_conf *bss;
139 	struct ieee80211_hw *hw = adapter->hw;
140 	struct ieee80211_conf *conf = &hw->conf;
141 	struct skb_info *tx_params;
142 	int status = -E2BIG;
143 	__le16 *msg;
144 	u8 extnd_size;
145 	u8 vap_id = 0;
146 
147 	info = IEEE80211_SKB_CB(skb);
148 	tx_params = (struct skb_info *)info->driver_data;
149 	extnd_size = ((uintptr_t)skb->data & 0x3);
150 
151 	if (tx_params->flags & INTERNAL_MGMT_PKT) {
152 		if ((extnd_size) > skb_headroom(skb)) {
153 			rsi_dbg(ERR_ZONE, "%s: Unable to send pkt\n", __func__);
154 			dev_kfree_skb(skb);
155 			return -ENOSPC;
156 		}
157 		skb_push(skb, extnd_size);
158 		skb->data[extnd_size + 4] = extnd_size;
159 		status = adapter->host_intf_ops->write_pkt(common->priv,
160 							   (u8 *)skb->data,
161 							   skb->len);
162 		if (status) {
163 			rsi_dbg(ERR_ZONE,
164 				"%s: Failed to write the packet\n", __func__);
165 		}
166 		dev_kfree_skb(skb);
167 		return status;
168 	}
169 
170 	bss = &info->control.vif->bss_conf;
171 	wh = (struct ieee80211_hdr *)&skb->data[0];
172 
173 	if (FRAME_DESC_SZ > skb_headroom(skb))
174 		goto err;
175 
176 	skb_push(skb, FRAME_DESC_SZ);
177 	memset(skb->data, 0, FRAME_DESC_SZ);
178 	msg = (__le16 *)skb->data;
179 
180 	if (skb->len > MAX_MGMT_PKT_SIZE) {
181 		rsi_dbg(INFO_ZONE, "%s: Dropping mgmt pkt > 512\n", __func__);
182 		goto err;
183 	}
184 
185 	msg[0] = cpu_to_le16((skb->len - FRAME_DESC_SZ) |
186 			    (RSI_WIFI_MGMT_Q << 12));
187 	msg[1] = cpu_to_le16(TX_DOT11_MGMT);
188 	msg[2] = cpu_to_le16(MIN_802_11_HDR_LEN << 8);
189 	msg[3] = cpu_to_le16(RATE_INFO_ENABLE);
190 	msg[6] = cpu_to_le16(le16_to_cpu(wh->seq_ctrl) >> 4);
191 
192 	if (wh->addr1[0] & BIT(0))
193 		msg[3] |= cpu_to_le16(RSI_BROADCAST_PKT);
194 
195 	if (common->band == NL80211_BAND_2GHZ)
196 		msg[4] = cpu_to_le16(RSI_11B_MODE);
197 	else
198 		msg[4] = cpu_to_le16((RSI_RATE_6 & 0x0f) | RSI_11G_MODE);
199 
200 	if (conf_is_ht40(conf)) {
201 		msg[4] = cpu_to_le16(0xB | RSI_11G_MODE);
202 		msg[5] = cpu_to_le16(0x6);
203 	}
204 
205 	/* Indicate to firmware to give cfm */
206 	if ((skb->data[16] == IEEE80211_STYPE_PROBE_REQ) && (!bss->assoc)) {
207 		msg[1] |= cpu_to_le16(BIT(10));
208 		msg[7] = cpu_to_le16(PROBEREQ_CONFIRM);
209 		common->mgmt_q_block = true;
210 	}
211 
212 	msg[7] |= cpu_to_le16(vap_id << 8);
213 
214 	status = adapter->host_intf_ops->write_pkt(common->priv, (u8 *)msg,
215 						   skb->len);
216 	if (status)
217 		rsi_dbg(ERR_ZONE, "%s: Failed to write the packet\n", __func__);
218 
219 err:
220 	rsi_indicate_tx_status(common->priv, skb, status);
221 	return status;
222 }
223 
224 static void bl_cmd_timeout(unsigned long priv)
225 {
226 	struct rsi_hw *adapter = (struct rsi_hw *)priv;
227 
228 	adapter->blcmd_timer_expired = true;
229 	del_timer(&adapter->bl_cmd_timer);
230 }
231 
232 static int bl_start_cmd_timer(struct rsi_hw *adapter, u32 timeout)
233 {
234 	init_timer(&adapter->bl_cmd_timer);
235 	adapter->bl_cmd_timer.data = (unsigned long)adapter;
236 	adapter->bl_cmd_timer.function = (void *)&bl_cmd_timeout;
237 	adapter->bl_cmd_timer.expires = (msecs_to_jiffies(timeout) + jiffies);
238 
239 	adapter->blcmd_timer_expired = false;
240 	add_timer(&adapter->bl_cmd_timer);
241 
242 	return 0;
243 }
244 
245 static int bl_stop_cmd_timer(struct rsi_hw *adapter)
246 {
247 	adapter->blcmd_timer_expired = false;
248 	if (timer_pending(&adapter->bl_cmd_timer))
249 		del_timer(&adapter->bl_cmd_timer);
250 
251 	return 0;
252 }
253 
254 static int bl_write_cmd(struct rsi_hw *adapter, u8 cmd, u8 exp_resp,
255 			u16 *cmd_resp)
256 {
257 	struct rsi_host_intf_ops *hif_ops = adapter->host_intf_ops;
258 	u32 regin_val = 0, regout_val = 0;
259 	u32 regin_input = 0;
260 	u8 output = 0;
261 	int status;
262 
263 	regin_input = (REGIN_INPUT | adapter->priv->coex_mode);
264 
265 	while (!adapter->blcmd_timer_expired) {
266 		regin_val = 0;
267 		status = hif_ops->master_reg_read(adapter, SWBL_REGIN,
268 						  &regin_val, 2);
269 		if (status < 0) {
270 			rsi_dbg(ERR_ZONE,
271 				"%s: Command %0x REGIN reading failed..\n",
272 				__func__, cmd);
273 			return status;
274 		}
275 		mdelay(1);
276 		if ((regin_val >> 12) != REGIN_VALID)
277 			break;
278 	}
279 	if (adapter->blcmd_timer_expired) {
280 		rsi_dbg(ERR_ZONE,
281 			"%s: Command %0x REGIN reading timed out..\n",
282 			__func__, cmd);
283 		return -ETIMEDOUT;
284 	}
285 
286 	rsi_dbg(INFO_ZONE,
287 		"Issuing write to Regin val:%0x sending cmd:%0x\n",
288 		regin_val, (cmd | regin_input << 8));
289 	status = hif_ops->master_reg_write(adapter, SWBL_REGIN,
290 					   (cmd | regin_input << 8), 2);
291 	if (status < 0)
292 		return status;
293 	mdelay(1);
294 
295 	if (cmd == LOAD_HOSTED_FW || cmd == JUMP_TO_ZERO_PC) {
296 		/* JUMP_TO_ZERO_PC doesn't expect
297 		 * any response. So return from here
298 		 */
299 		return 0;
300 	}
301 
302 	while (!adapter->blcmd_timer_expired) {
303 		regout_val = 0;
304 		status = hif_ops->master_reg_read(adapter, SWBL_REGOUT,
305 					     &regout_val, 2);
306 		if (status < 0) {
307 			rsi_dbg(ERR_ZONE,
308 				"%s: Command %0x REGOUT reading failed..\n",
309 				__func__, cmd);
310 			return status;
311 		}
312 		mdelay(1);
313 		if ((regout_val >> 8) == REGOUT_VALID)
314 			break;
315 	}
316 	if (adapter->blcmd_timer_expired) {
317 		rsi_dbg(ERR_ZONE,
318 			"%s: Command %0x REGOUT reading timed out..\n",
319 			__func__, cmd);
320 		return status;
321 	}
322 
323 	*cmd_resp = ((u16 *)&regout_val)[0] & 0xffff;
324 
325 	output = ((u8 *)&regout_val)[0] & 0xff;
326 
327 	status = hif_ops->master_reg_write(adapter, SWBL_REGOUT,
328 					   (cmd | REGOUT_INVALID << 8), 2);
329 	if (status < 0) {
330 		rsi_dbg(ERR_ZONE,
331 			"%s: Command %0x REGOUT writing failed..\n",
332 			__func__, cmd);
333 		return status;
334 	}
335 	mdelay(1);
336 
337 	if (output != exp_resp) {
338 		rsi_dbg(ERR_ZONE,
339 			"%s: Recvd resp %x for cmd %0x\n",
340 			__func__, output, cmd);
341 		return -EINVAL;
342 	}
343 	rsi_dbg(INFO_ZONE,
344 		"%s: Recvd Expected resp %x for cmd %0x\n",
345 		__func__, output, cmd);
346 
347 	return 0;
348 }
349 
350 static int bl_cmd(struct rsi_hw *adapter, u8 cmd, u8 exp_resp, char *str)
351 {
352 	u16 regout_val = 0;
353 	u32 timeout;
354 	int status;
355 
356 	if ((cmd == EOF_REACHED) || (cmd == PING_VALID) || (cmd == PONG_VALID))
357 		timeout = BL_BURN_TIMEOUT;
358 	else
359 		timeout = BL_CMD_TIMEOUT;
360 
361 	bl_start_cmd_timer(adapter, timeout);
362 	status = bl_write_cmd(adapter, cmd, exp_resp, &regout_val);
363 	if (status < 0) {
364 		rsi_dbg(ERR_ZONE,
365 			"%s: Command %s (%0x) writing failed..\n",
366 			__func__, str, cmd);
367 		return status;
368 	}
369 	bl_stop_cmd_timer(adapter);
370 	return 0;
371 }
372 
373 #define CHECK_SUM_OFFSET 20
374 #define LEN_OFFSET 8
375 #define ADDR_OFFSET 16
376 static int bl_write_header(struct rsi_hw *adapter, u8 *flash_content,
377 			   u32 content_size)
378 {
379 	struct rsi_host_intf_ops *hif_ops = adapter->host_intf_ops;
380 	struct bl_header bl_hdr;
381 	u32 write_addr, write_len;
382 	int status;
383 
384 	bl_hdr.flags = 0;
385 	bl_hdr.image_no = cpu_to_le32(adapter->priv->coex_mode);
386 	bl_hdr.check_sum = cpu_to_le32(
387 				*(u32 *)&flash_content[CHECK_SUM_OFFSET]);
388 	bl_hdr.flash_start_address = cpu_to_le32(
389 					*(u32 *)&flash_content[ADDR_OFFSET]);
390 	bl_hdr.flash_len = cpu_to_le32(*(u32 *)&flash_content[LEN_OFFSET]);
391 	write_len = sizeof(struct bl_header);
392 
393 	if (adapter->rsi_host_intf == RSI_HOST_INTF_USB) {
394 		write_addr = PING_BUFFER_ADDRESS;
395 		status = hif_ops->write_reg_multiple(adapter, write_addr,
396 						 (u8 *)&bl_hdr, write_len);
397 		if (status < 0) {
398 			rsi_dbg(ERR_ZONE,
399 				"%s: Failed to load Version/CRC structure\n",
400 				__func__);
401 			return status;
402 		}
403 	} else {
404 		write_addr = PING_BUFFER_ADDRESS >> 16;
405 		status = hif_ops->master_access_msword(adapter, write_addr);
406 		if (status < 0) {
407 			rsi_dbg(ERR_ZONE,
408 				"%s: Unable to set ms word to common reg\n",
409 				__func__);
410 			return status;
411 		}
412 		write_addr = RSI_SD_REQUEST_MASTER |
413 			     (PING_BUFFER_ADDRESS & 0xFFFF);
414 		status = hif_ops->write_reg_multiple(adapter, write_addr,
415 						 (u8 *)&bl_hdr, write_len);
416 		if (status < 0) {
417 			rsi_dbg(ERR_ZONE,
418 				"%s: Failed to load Version/CRC structure\n",
419 				__func__);
420 			return status;
421 		}
422 	}
423 	return 0;
424 }
425 
426 static u32 read_flash_capacity(struct rsi_hw *adapter)
427 {
428 	u32 flash_sz = 0;
429 
430 	if ((adapter->host_intf_ops->master_reg_read(adapter, FLASH_SIZE_ADDR,
431 						     &flash_sz, 2)) < 0) {
432 		rsi_dbg(ERR_ZONE,
433 			"%s: Flash size reading failed..\n",
434 			__func__);
435 		return 0;
436 	}
437 	rsi_dbg(INIT_ZONE, "Flash capacity: %d KiloBytes\n", flash_sz);
438 
439 	return (flash_sz * 1024); /* Return size in kbytes */
440 }
441 
442 static int ping_pong_write(struct rsi_hw *adapter, u8 cmd, u8 *addr, u32 size)
443 {
444 	struct rsi_host_intf_ops *hif_ops = adapter->host_intf_ops;
445 	u32 block_size = adapter->block_size;
446 	u32 cmd_addr;
447 	u16 cmd_resp, cmd_req;
448 	u8 *str;
449 	int status;
450 
451 	if (cmd == PING_WRITE) {
452 		cmd_addr = PING_BUFFER_ADDRESS;
453 		cmd_resp = PONG_AVAIL;
454 		cmd_req = PING_VALID;
455 		str = "PING_VALID";
456 	} else {
457 		cmd_addr = PONG_BUFFER_ADDRESS;
458 		cmd_resp = PING_AVAIL;
459 		cmd_req = PONG_VALID;
460 		str = "PONG_VALID";
461 	}
462 
463 	status = hif_ops->load_data_master_write(adapter, cmd_addr, size,
464 					    block_size, addr);
465 	if (status) {
466 		rsi_dbg(ERR_ZONE, "%s: Unable to write blk at addr %0x\n",
467 			__func__, *addr);
468 		return status;
469 	}
470 
471 	status = bl_cmd(adapter, cmd_req, cmd_resp, str);
472 	if (status) {
473 		bl_stop_cmd_timer(adapter);
474 		return status;
475 	}
476 	return 0;
477 }
478 
479 static int auto_fw_upgrade(struct rsi_hw *adapter, u8 *flash_content,
480 			   u32 content_size)
481 {
482 	u8 cmd, *temp_flash_content;
483 	u32 temp_content_size, num_flash, index;
484 	u32 flash_start_address;
485 	int status;
486 
487 	temp_flash_content = flash_content;
488 
489 	if (content_size > MAX_FLASH_FILE_SIZE) {
490 		rsi_dbg(ERR_ZONE,
491 			"%s: Flash Content size is more than 400K %u\n",
492 			__func__, MAX_FLASH_FILE_SIZE);
493 		return -EINVAL;
494 	}
495 
496 	flash_start_address = *(u32 *)&flash_content[FLASH_START_ADDRESS];
497 	rsi_dbg(INFO_ZONE, "flash start address: %08x\n", flash_start_address);
498 
499 	if (flash_start_address < FW_IMAGE_MIN_ADDRESS) {
500 		rsi_dbg(ERR_ZONE,
501 			"%s: Fw image Flash Start Address is less than 64K\n",
502 			__func__);
503 		return -EINVAL;
504 	}
505 
506 	if (flash_start_address % FLASH_SECTOR_SIZE) {
507 		rsi_dbg(ERR_ZONE,
508 			"%s: Flash Start Address is not multiple of 4K\n",
509 			__func__);
510 		return -EINVAL;
511 	}
512 
513 	if ((flash_start_address + content_size) > adapter->flash_capacity) {
514 		rsi_dbg(ERR_ZONE,
515 			"%s: Flash Content will cross max flash size\n",
516 			__func__);
517 		return -EINVAL;
518 	}
519 
520 	temp_content_size  = content_size;
521 	num_flash = content_size / FLASH_WRITE_CHUNK_SIZE;
522 
523 	rsi_dbg(INFO_ZONE, "content_size: %d, num_flash: %d\n",
524 		content_size, num_flash);
525 
526 	for (index = 0; index <= num_flash; index++) {
527 		rsi_dbg(INFO_ZONE, "flash index: %d\n", index);
528 		if (index != num_flash) {
529 			content_size = FLASH_WRITE_CHUNK_SIZE;
530 			rsi_dbg(INFO_ZONE, "QSPI content_size:%d\n",
531 				content_size);
532 		} else {
533 			content_size =
534 				temp_content_size % FLASH_WRITE_CHUNK_SIZE;
535 			rsi_dbg(INFO_ZONE,
536 				"Writing last sector content_size:%d\n",
537 				content_size);
538 			if (!content_size) {
539 				rsi_dbg(INFO_ZONE, "instruction size zero\n");
540 				break;
541 			}
542 		}
543 
544 		if (index % 2)
545 			cmd = PING_WRITE;
546 		else
547 			cmd = PONG_WRITE;
548 
549 		status = ping_pong_write(adapter, cmd, flash_content,
550 					 content_size);
551 		if (status) {
552 			rsi_dbg(ERR_ZONE, "%s: Unable to load %d block\n",
553 				__func__, index);
554 			return status;
555 		}
556 
557 		rsi_dbg(INFO_ZONE,
558 			"%s: Successfully loaded %d instructions\n",
559 			__func__, index);
560 		flash_content += content_size;
561 	}
562 
563 	status = bl_cmd(adapter, EOF_REACHED, FW_LOADING_SUCCESSFUL,
564 			"EOF_REACHED");
565 	if (status) {
566 		bl_stop_cmd_timer(adapter);
567 		return status;
568 	}
569 	rsi_dbg(INFO_ZONE, "FW loading is done and FW is running..\n");
570 	return 0;
571 }
572 
573 static int rsi_load_firmware(struct rsi_hw *adapter)
574 {
575 	struct rsi_host_intf_ops *hif_ops = adapter->host_intf_ops;
576 	const struct firmware *fw_entry = NULL;
577 	u32 regout_val = 0, content_size;
578 	u16 tmp_regout_val = 0;
579 	u8 *flash_content = NULL;
580 	struct ta_metadata *metadata_p;
581 	int status;
582 
583 	bl_start_cmd_timer(adapter, BL_CMD_TIMEOUT);
584 
585 	while (!adapter->blcmd_timer_expired) {
586 		status = hif_ops->master_reg_read(adapter, SWBL_REGOUT,
587 					      &regout_val, 2);
588 		if (status < 0) {
589 			rsi_dbg(ERR_ZONE,
590 				"%s: REGOUT read failed\n", __func__);
591 			return status;
592 		}
593 		mdelay(1);
594 		if ((regout_val >> 8) == REGOUT_VALID)
595 			break;
596 	}
597 	if (adapter->blcmd_timer_expired) {
598 		rsi_dbg(ERR_ZONE, "%s: REGOUT read timedout\n", __func__);
599 		rsi_dbg(ERR_ZONE,
600 			"%s: Soft boot loader not present\n", __func__);
601 		return -ETIMEDOUT;
602 	}
603 	bl_stop_cmd_timer(adapter);
604 
605 	rsi_dbg(INFO_ZONE, "Received Board Version Number: %x\n",
606 		(regout_val & 0xff));
607 
608 	status = hif_ops->master_reg_write(adapter, SWBL_REGOUT,
609 					(REGOUT_INVALID | REGOUT_INVALID << 8),
610 					2);
611 	if (status < 0) {
612 		rsi_dbg(ERR_ZONE, "%s: REGOUT writing failed..\n", __func__);
613 		return status;
614 	}
615 	mdelay(1);
616 
617 	status = bl_cmd(adapter, CONFIG_AUTO_READ_MODE, CMD_PASS,
618 			"AUTO_READ_CMD");
619 	if (status < 0)
620 		return status;
621 
622 	adapter->flash_capacity = read_flash_capacity(adapter);
623 	if (adapter->flash_capacity <= 0) {
624 		rsi_dbg(ERR_ZONE,
625 			"%s: Unable to read flash size from EEPROM\n",
626 			__func__);
627 		return -EINVAL;
628 	}
629 
630 	metadata_p = &metadata_flash_content[adapter->priv->coex_mode];
631 
632 	rsi_dbg(INIT_ZONE, "%s: Loading file %s\n", __func__, metadata_p->name);
633 	adapter->fw_file_name = metadata_p->name;
634 
635 	status = request_firmware(&fw_entry, metadata_p->name, adapter->device);
636 	if (status < 0) {
637 		rsi_dbg(ERR_ZONE, "%s: Failed to open file %s\n",
638 			__func__, metadata_p->name);
639 		return status;
640 	}
641 	flash_content = kmemdup(fw_entry->data, fw_entry->size, GFP_KERNEL);
642 	if (!flash_content) {
643 		rsi_dbg(ERR_ZONE, "%s: Failed to copy firmware\n", __func__);
644 		status = -EIO;
645 		goto fail;
646 	}
647 	content_size = fw_entry->size;
648 	rsi_dbg(INFO_ZONE, "FW Length = %d bytes\n", content_size);
649 
650 	status = bl_write_header(adapter, flash_content, content_size);
651 	if (status) {
652 		rsi_dbg(ERR_ZONE,
653 			"%s: RPS Image header loading failed\n",
654 			__func__);
655 		goto fail;
656 	}
657 
658 	bl_start_cmd_timer(adapter, BL_CMD_TIMEOUT);
659 	status = bl_write_cmd(adapter, CHECK_CRC, CMD_PASS, &tmp_regout_val);
660 	if (status) {
661 		bl_stop_cmd_timer(adapter);
662 		rsi_dbg(ERR_ZONE,
663 			"%s: CHECK_CRC Command writing failed..\n",
664 			__func__);
665 		if ((tmp_regout_val & 0xff) == CMD_FAIL) {
666 			rsi_dbg(ERR_ZONE,
667 				"CRC Fail.. Proceeding to Upgrade mode\n");
668 			goto fw_upgrade;
669 		}
670 	}
671 	bl_stop_cmd_timer(adapter);
672 
673 	status = bl_cmd(adapter, POLLING_MODE, CMD_PASS, "POLLING_MODE");
674 	if (status)
675 		goto fail;
676 
677 load_image_cmd:
678 	status = bl_cmd(adapter, LOAD_HOSTED_FW, LOADING_INITIATED,
679 			"LOAD_HOSTED_FW");
680 	if (status)
681 		goto fail;
682 	rsi_dbg(INFO_ZONE, "Load Image command passed..\n");
683 	goto success;
684 
685 fw_upgrade:
686 	status = bl_cmd(adapter, BURN_HOSTED_FW, SEND_RPS_FILE, "FW_UPGRADE");
687 	if (status)
688 		goto fail;
689 
690 	rsi_dbg(INFO_ZONE, "Burn Command Pass.. Upgrading the firmware\n");
691 
692 	status = auto_fw_upgrade(adapter, flash_content, content_size);
693 	if (status == 0) {
694 		rsi_dbg(ERR_ZONE, "Firmware upgradation Done\n");
695 		goto load_image_cmd;
696 	}
697 	rsi_dbg(ERR_ZONE, "Firmware upgrade failed\n");
698 
699 	status = bl_cmd(adapter, CONFIG_AUTO_READ_MODE, CMD_PASS,
700 			"AUTO_READ_MODE");
701 	if (status)
702 		goto fail;
703 
704 success:
705 	rsi_dbg(ERR_ZONE, "***** Firmware Loading successful *****\n");
706 	kfree(flash_content);
707 	release_firmware(fw_entry);
708 	return 0;
709 
710 fail:
711 	rsi_dbg(ERR_ZONE, "##### Firmware loading failed #####\n");
712 	kfree(flash_content);
713 	release_firmware(fw_entry);
714 	return status;
715 }
716 
717 int rsi_hal_device_init(struct rsi_hw *adapter)
718 {
719 	struct rsi_common *common = adapter->priv;
720 
721 	common->coex_mode = RSI_DEV_COEX_MODE_WIFI_ALONE;
722 	common->oper_mode = RSI_DEV_OPMODE_WIFI_ALONE;
723 	adapter->device_model = RSI_DEV_9113;
724 
725 	switch (adapter->device_model) {
726 	case RSI_DEV_9113:
727 		if (rsi_load_firmware(adapter)) {
728 			rsi_dbg(ERR_ZONE,
729 				"%s: Failed to load TA instructions\n",
730 				__func__);
731 			return -EINVAL;
732 		}
733 		break;
734 	default:
735 		return -EINVAL;
736 	}
737 	common->fsm_state = FSM_CARD_NOT_READY;
738 
739 	return 0;
740 }
741 EXPORT_SYMBOL_GPL(rsi_hal_device_init);
742 
743