1 /** 2 * Copyright (c) 2014 Redpine Signals Inc. 3 * 4 * Permission to use, copy, modify, and/or distribute this software for any 5 * purpose with or without fee is hereby granted, provided that the above 6 * copyright notice and this permission notice appear in all copies. 7 * 8 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 9 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 10 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 11 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 12 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 13 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 14 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 15 */ 16 17 #include <linux/firmware.h> 18 #include <net/bluetooth/bluetooth.h> 19 #include "rsi_mgmt.h" 20 #include "rsi_hal.h" 21 #include "rsi_sdio.h" 22 #include "rsi_common.h" 23 24 /* FLASH Firmware */ 25 static struct ta_metadata metadata_flash_content[] = { 26 {"flash_content", 0x00010000}, 27 {"rsi/rs9113_wlan_qspi.rps", 0x00010000}, 28 {"rsi/rs9113_wlan_bt_dual_mode.rps", 0x00010000}, 29 }; 30 31 int rsi_send_pkt_to_bus(struct rsi_common *common, struct sk_buff *skb) 32 { 33 struct rsi_hw *adapter = common->priv; 34 int status; 35 36 if (common->coex_mode > 1) 37 mutex_lock(&common->tx_bus_mutex); 38 39 status = adapter->host_intf_ops->write_pkt(common->priv, 40 skb->data, skb->len); 41 42 if (common->coex_mode > 1) 43 mutex_unlock(&common->tx_bus_mutex); 44 45 return status; 46 } 47 48 int rsi_prepare_mgmt_desc(struct rsi_common *common, struct sk_buff *skb) 49 { 50 struct rsi_hw *adapter = common->priv; 51 struct ieee80211_hdr *wh = NULL; 52 struct ieee80211_tx_info *info; 53 struct ieee80211_conf *conf = &adapter->hw->conf; 54 struct ieee80211_vif *vif; 55 struct rsi_mgmt_desc *mgmt_desc; 56 struct skb_info *tx_params; 57 struct ieee80211_bss_conf *bss = NULL; 58 struct rsi_xtended_desc *xtend_desc = NULL; 59 u8 header_size; 60 u32 dword_align_bytes = 0; 61 62 if (skb->len > MAX_MGMT_PKT_SIZE) { 63 rsi_dbg(INFO_ZONE, "%s: Dropping mgmt pkt > 512\n", __func__); 64 return -EINVAL; 65 } 66 67 info = IEEE80211_SKB_CB(skb); 68 tx_params = (struct skb_info *)info->driver_data; 69 vif = tx_params->vif; 70 71 /* Update header size */ 72 header_size = FRAME_DESC_SZ + sizeof(struct rsi_xtended_desc); 73 if (header_size > skb_headroom(skb)) { 74 rsi_dbg(ERR_ZONE, 75 "%s: Failed to add extended descriptor\n", 76 __func__); 77 return -ENOSPC; 78 } 79 skb_push(skb, header_size); 80 dword_align_bytes = ((unsigned long)skb->data & 0x3f); 81 if (dword_align_bytes > skb_headroom(skb)) { 82 rsi_dbg(ERR_ZONE, 83 "%s: Failed to add dword align\n", __func__); 84 return -ENOSPC; 85 } 86 skb_push(skb, dword_align_bytes); 87 header_size += dword_align_bytes; 88 89 tx_params->internal_hdr_size = header_size; 90 memset(&skb->data[0], 0, header_size); 91 bss = &vif->bss_conf; 92 wh = (struct ieee80211_hdr *)&skb->data[header_size]; 93 94 mgmt_desc = (struct rsi_mgmt_desc *)skb->data; 95 xtend_desc = (struct rsi_xtended_desc *)&skb->data[FRAME_DESC_SZ]; 96 97 rsi_set_len_qno(&mgmt_desc->len_qno, (skb->len - FRAME_DESC_SZ), 98 RSI_WIFI_MGMT_Q); 99 mgmt_desc->frame_type = TX_DOT11_MGMT; 100 mgmt_desc->header_len = MIN_802_11_HDR_LEN; 101 mgmt_desc->xtend_desc_size = header_size - FRAME_DESC_SZ; 102 mgmt_desc->frame_info |= cpu_to_le16(RATE_INFO_ENABLE); 103 if (is_broadcast_ether_addr(wh->addr1)) 104 mgmt_desc->frame_info |= cpu_to_le16(RSI_BROADCAST_PKT); 105 106 mgmt_desc->seq_ctrl = 107 cpu_to_le16(IEEE80211_SEQ_TO_SN(le16_to_cpu(wh->seq_ctrl))); 108 if ((common->band == NL80211_BAND_2GHZ) && !common->p2p_enabled) 109 mgmt_desc->rate_info = cpu_to_le16(RSI_RATE_1); 110 else 111 mgmt_desc->rate_info = cpu_to_le16(RSI_RATE_6); 112 113 if (conf_is_ht40(conf)) 114 mgmt_desc->bbp_info = cpu_to_le16(FULL40M_ENABLE); 115 116 if (ieee80211_is_probe_resp(wh->frame_control)) { 117 mgmt_desc->misc_flags |= (RSI_ADD_DELTA_TSF_VAP_ID | 118 RSI_FETCH_RETRY_CNT_FRM_HST); 119 #define PROBE_RESP_RETRY_CNT 3 120 xtend_desc->retry_cnt = PROBE_RESP_RETRY_CNT; 121 } 122 123 if (((vif->type == NL80211_IFTYPE_AP) || 124 (vif->type == NL80211_IFTYPE_P2P_GO)) && 125 (ieee80211_is_action(wh->frame_control))) { 126 struct rsi_sta *rsta = rsi_find_sta(common, wh->addr1); 127 128 if (rsta) 129 mgmt_desc->sta_id = tx_params->sta_id; 130 else 131 return -EINVAL; 132 } 133 mgmt_desc->rate_info |= 134 cpu_to_le16((tx_params->vap_id << RSI_DESC_VAP_ID_OFST) & 135 RSI_DESC_VAP_ID_MASK); 136 137 return 0; 138 } 139 140 /* This function prepares descriptor for given data packet */ 141 int rsi_prepare_data_desc(struct rsi_common *common, struct sk_buff *skb) 142 { 143 struct rsi_hw *adapter = common->priv; 144 struct ieee80211_vif *vif; 145 struct ieee80211_hdr *wh = NULL; 146 struct ieee80211_tx_info *info; 147 struct skb_info *tx_params; 148 struct ieee80211_bss_conf *bss; 149 struct rsi_data_desc *data_desc; 150 struct rsi_xtended_desc *xtend_desc; 151 u8 ieee80211_size = MIN_802_11_HDR_LEN; 152 u8 header_size; 153 u8 vap_id = 0; 154 u8 dword_align_bytes; 155 u16 seq_num; 156 157 info = IEEE80211_SKB_CB(skb); 158 vif = info->control.vif; 159 bss = &vif->bss_conf; 160 tx_params = (struct skb_info *)info->driver_data; 161 162 header_size = FRAME_DESC_SZ + sizeof(struct rsi_xtended_desc); 163 if (header_size > skb_headroom(skb)) { 164 rsi_dbg(ERR_ZONE, "%s: Unable to send pkt\n", __func__); 165 return -ENOSPC; 166 } 167 skb_push(skb, header_size); 168 dword_align_bytes = ((unsigned long)skb->data & 0x3f); 169 if (header_size > skb_headroom(skb)) { 170 rsi_dbg(ERR_ZONE, "%s: Not enough headroom\n", __func__); 171 return -ENOSPC; 172 } 173 skb_push(skb, dword_align_bytes); 174 header_size += dword_align_bytes; 175 176 tx_params->internal_hdr_size = header_size; 177 data_desc = (struct rsi_data_desc *)skb->data; 178 memset(data_desc, 0, header_size); 179 180 xtend_desc = (struct rsi_xtended_desc *)&skb->data[FRAME_DESC_SZ]; 181 wh = (struct ieee80211_hdr *)&skb->data[header_size]; 182 seq_num = IEEE80211_SEQ_TO_SN(le16_to_cpu(wh->seq_ctrl)); 183 184 data_desc->xtend_desc_size = header_size - FRAME_DESC_SZ; 185 186 if (ieee80211_is_data_qos(wh->frame_control)) { 187 ieee80211_size += 2; 188 data_desc->mac_flags |= cpu_to_le16(RSI_QOS_ENABLE); 189 } 190 191 if (((vif->type == NL80211_IFTYPE_STATION) || 192 (vif->type == NL80211_IFTYPE_P2P_CLIENT)) && 193 (adapter->ps_state == PS_ENABLED)) 194 wh->frame_control |= cpu_to_le16(RSI_SET_PS_ENABLE); 195 196 if ((!(info->flags & IEEE80211_TX_INTFL_DONT_ENCRYPT)) && 197 (common->secinfo.security_enable)) { 198 if (rsi_is_cipher_wep(common)) 199 ieee80211_size += 4; 200 else 201 ieee80211_size += 8; 202 data_desc->mac_flags |= cpu_to_le16(RSI_ENCRYPT_PKT); 203 } 204 rsi_set_len_qno(&data_desc->len_qno, (skb->len - FRAME_DESC_SZ), 205 RSI_WIFI_DATA_Q); 206 data_desc->header_len = ieee80211_size; 207 208 if (common->min_rate != RSI_RATE_AUTO) { 209 /* Send fixed rate */ 210 data_desc->frame_info = cpu_to_le16(RATE_INFO_ENABLE); 211 data_desc->rate_info = cpu_to_le16(common->min_rate); 212 213 if (conf_is_ht40(&common->priv->hw->conf)) 214 data_desc->bbp_info = cpu_to_le16(FULL40M_ENABLE); 215 216 if ((common->vif_info[0].sgi) && (common->min_rate & 0x100)) { 217 /* Only MCS rates */ 218 data_desc->rate_info |= 219 cpu_to_le16(ENABLE_SHORTGI_RATE); 220 } 221 } 222 223 if (skb->protocol == cpu_to_be16(ETH_P_PAE)) { 224 rsi_dbg(INFO_ZONE, "*** Tx EAPOL ***\n"); 225 226 data_desc->frame_info = cpu_to_le16(RATE_INFO_ENABLE); 227 if (common->band == NL80211_BAND_5GHZ) 228 data_desc->rate_info = cpu_to_le16(RSI_RATE_6); 229 else 230 data_desc->rate_info = cpu_to_le16(RSI_RATE_1); 231 data_desc->mac_flags |= cpu_to_le16(RSI_REKEY_PURPOSE); 232 data_desc->misc_flags |= RSI_FETCH_RETRY_CNT_FRM_HST; 233 #define EAPOL_RETRY_CNT 15 234 xtend_desc->retry_cnt = EAPOL_RETRY_CNT; 235 236 if (common->eapol4_confirm) 237 skb->priority = VO_Q; 238 else 239 rsi_set_len_qno(&data_desc->len_qno, 240 (skb->len - FRAME_DESC_SZ), 241 RSI_WIFI_MGMT_Q); 242 if ((skb->len - header_size) == EAPOL4_PACKET_LEN) { 243 data_desc->misc_flags |= 244 RSI_DESC_REQUIRE_CFM_TO_HOST; 245 xtend_desc->confirm_frame_type = EAPOL4_CONFIRM; 246 } 247 } 248 249 data_desc->mac_flags = cpu_to_le16(seq_num & 0xfff); 250 data_desc->qid_tid = ((skb->priority & 0xf) | 251 ((tx_params->tid & 0xf) << 4)); 252 data_desc->sta_id = tx_params->sta_id; 253 254 if ((is_broadcast_ether_addr(wh->addr1)) || 255 (is_multicast_ether_addr(wh->addr1))) { 256 data_desc->frame_info = cpu_to_le16(RATE_INFO_ENABLE); 257 data_desc->frame_info |= cpu_to_le16(RSI_BROADCAST_PKT); 258 data_desc->sta_id = vap_id; 259 260 if ((vif->type == NL80211_IFTYPE_AP) || 261 (vif->type == NL80211_IFTYPE_P2P_GO)) { 262 if (common->band == NL80211_BAND_5GHZ) 263 data_desc->rate_info = cpu_to_le16(RSI_RATE_6); 264 else 265 data_desc->rate_info = cpu_to_le16(RSI_RATE_1); 266 } 267 } 268 if (((vif->type == NL80211_IFTYPE_AP) || 269 (vif->type == NL80211_IFTYPE_P2P_GO)) && 270 (ieee80211_has_moredata(wh->frame_control))) 271 data_desc->frame_info |= cpu_to_le16(MORE_DATA_PRESENT); 272 273 data_desc->rate_info |= 274 cpu_to_le16((tx_params->vap_id << RSI_DESC_VAP_ID_OFST) & 275 RSI_DESC_VAP_ID_MASK); 276 277 return 0; 278 } 279 280 /* This function sends received data packet from driver to device */ 281 int rsi_send_data_pkt(struct rsi_common *common, struct sk_buff *skb) 282 { 283 struct rsi_hw *adapter = common->priv; 284 struct ieee80211_vif *vif; 285 struct ieee80211_tx_info *info; 286 struct skb_info *tx_params; 287 struct ieee80211_bss_conf *bss; 288 struct ieee80211_hdr *wh; 289 int status = -EINVAL; 290 u8 header_size; 291 292 if (!skb) 293 return 0; 294 if (common->iface_down) 295 goto err; 296 297 info = IEEE80211_SKB_CB(skb); 298 if (!info->control.vif) 299 goto err; 300 vif = info->control.vif; 301 bss = &vif->bss_conf; 302 tx_params = (struct skb_info *)info->driver_data; 303 header_size = tx_params->internal_hdr_size; 304 wh = (struct ieee80211_hdr *)&skb->data[header_size]; 305 306 if (((vif->type == NL80211_IFTYPE_STATION) || 307 (vif->type == NL80211_IFTYPE_P2P_CLIENT)) && 308 (!bss->assoc)) 309 goto err; 310 311 status = rsi_send_pkt_to_bus(common, skb); 312 if (status) 313 rsi_dbg(ERR_ZONE, "%s: Failed to write pkt\n", __func__); 314 315 err: 316 ++common->tx_stats.total_tx_pkt_freed[skb->priority]; 317 rsi_indicate_tx_status(adapter, skb, status); 318 return status; 319 } 320 321 /** 322 * rsi_send_mgmt_pkt() - This functions sends the received management packet 323 * from driver to device. 324 * @common: Pointer to the driver private structure. 325 * @skb: Pointer to the socket buffer structure. 326 * 327 * Return: status: 0 on success, -1 on failure. 328 */ 329 int rsi_send_mgmt_pkt(struct rsi_common *common, 330 struct sk_buff *skb) 331 { 332 struct rsi_hw *adapter = common->priv; 333 struct ieee80211_bss_conf *bss; 334 struct ieee80211_hdr *wh; 335 struct ieee80211_tx_info *info; 336 struct skb_info *tx_params; 337 struct rsi_mgmt_desc *mgmt_desc; 338 struct rsi_xtended_desc *xtend_desc; 339 int status = -E2BIG; 340 u8 header_size; 341 342 info = IEEE80211_SKB_CB(skb); 343 tx_params = (struct skb_info *)info->driver_data; 344 header_size = tx_params->internal_hdr_size; 345 346 if (tx_params->flags & INTERNAL_MGMT_PKT) { 347 status = adapter->host_intf_ops->write_pkt(common->priv, 348 (u8 *)skb->data, 349 skb->len); 350 if (status) { 351 rsi_dbg(ERR_ZONE, 352 "%s: Failed to write the packet\n", __func__); 353 } 354 dev_kfree_skb(skb); 355 return status; 356 } 357 358 bss = &info->control.vif->bss_conf; 359 wh = (struct ieee80211_hdr *)&skb->data[header_size]; 360 mgmt_desc = (struct rsi_mgmt_desc *)skb->data; 361 xtend_desc = (struct rsi_xtended_desc *)&skb->data[FRAME_DESC_SZ]; 362 363 /* Indicate to firmware to give cfm for probe */ 364 if (ieee80211_is_probe_req(wh->frame_control) && !bss->assoc) { 365 rsi_dbg(INFO_ZONE, 366 "%s: blocking mgmt queue\n", __func__); 367 mgmt_desc->misc_flags = RSI_DESC_REQUIRE_CFM_TO_HOST; 368 xtend_desc->confirm_frame_type = PROBEREQ_CONFIRM; 369 common->mgmt_q_block = true; 370 rsi_dbg(INFO_ZONE, "Mgmt queue blocked\n"); 371 } 372 373 status = rsi_send_pkt_to_bus(common, skb); 374 if (status) 375 rsi_dbg(ERR_ZONE, "%s: Failed to write the packet\n", __func__); 376 377 rsi_indicate_tx_status(common->priv, skb, status); 378 return status; 379 } 380 381 int rsi_send_bt_pkt(struct rsi_common *common, struct sk_buff *skb) 382 { 383 int status = -EINVAL; 384 u8 header_size = 0; 385 struct rsi_bt_desc *bt_desc; 386 u8 queueno = ((skb->data[1] >> 4) & 0xf); 387 388 if (queueno == RSI_BT_MGMT_Q) { 389 status = rsi_send_pkt_to_bus(common, skb); 390 if (status) 391 rsi_dbg(ERR_ZONE, "%s: Failed to write bt mgmt pkt\n", 392 __func__); 393 goto out; 394 } 395 header_size = FRAME_DESC_SZ; 396 if (header_size > skb_headroom(skb)) { 397 rsi_dbg(ERR_ZONE, "%s: Not enough headroom\n", __func__); 398 status = -ENOSPC; 399 goto out; 400 } 401 skb_push(skb, header_size); 402 memset(skb->data, 0, header_size); 403 bt_desc = (struct rsi_bt_desc *)skb->data; 404 405 rsi_set_len_qno(&bt_desc->len_qno, (skb->len - FRAME_DESC_SZ), 406 RSI_BT_DATA_Q); 407 bt_desc->bt_pkt_type = cpu_to_le16(bt_cb(skb)->pkt_type); 408 409 status = rsi_send_pkt_to_bus(common, skb); 410 if (status) 411 rsi_dbg(ERR_ZONE, "%s: Failed to write bt pkt\n", __func__); 412 413 out: 414 dev_kfree_skb(skb); 415 return status; 416 } 417 418 int rsi_prepare_beacon(struct rsi_common *common, struct sk_buff *skb) 419 { 420 struct rsi_hw *adapter = (struct rsi_hw *)common->priv; 421 struct rsi_data_desc *bcn_frm; 422 struct ieee80211_hw *hw = common->priv->hw; 423 struct ieee80211_conf *conf = &hw->conf; 424 struct ieee80211_vif *vif; 425 struct sk_buff *mac_bcn; 426 u8 vap_id = 0, i; 427 u16 tim_offset = 0; 428 429 for (i = 0; i < RSI_MAX_VIFS; i++) { 430 vif = adapter->vifs[i]; 431 if (!vif) 432 continue; 433 if ((vif->type == NL80211_IFTYPE_AP) || 434 (vif->type == NL80211_IFTYPE_P2P_GO)) 435 break; 436 } 437 if (!vif) 438 return -EINVAL; 439 mac_bcn = ieee80211_beacon_get_tim(adapter->hw, 440 vif, 441 &tim_offset, NULL); 442 if (!mac_bcn) { 443 rsi_dbg(ERR_ZONE, "Failed to get beacon from mac80211\n"); 444 return -EINVAL; 445 } 446 447 common->beacon_cnt++; 448 bcn_frm = (struct rsi_data_desc *)skb->data; 449 rsi_set_len_qno(&bcn_frm->len_qno, mac_bcn->len, RSI_WIFI_DATA_Q); 450 bcn_frm->header_len = MIN_802_11_HDR_LEN; 451 bcn_frm->frame_info = cpu_to_le16(RSI_DATA_DESC_MAC_BBP_INFO | 452 RSI_DATA_DESC_NO_ACK_IND | 453 RSI_DATA_DESC_BEACON_FRAME | 454 RSI_DATA_DESC_INSERT_TSF | 455 RSI_DATA_DESC_INSERT_SEQ_NO | 456 RATE_INFO_ENABLE); 457 bcn_frm->rate_info = cpu_to_le16(vap_id << 14); 458 bcn_frm->qid_tid = BEACON_HW_Q; 459 460 if (conf_is_ht40_plus(conf)) { 461 bcn_frm->bbp_info = cpu_to_le16(LOWER_20_ENABLE); 462 bcn_frm->bbp_info |= cpu_to_le16(LOWER_20_ENABLE >> 12); 463 } else if (conf_is_ht40_minus(conf)) { 464 bcn_frm->bbp_info = cpu_to_le16(UPPER_20_ENABLE); 465 bcn_frm->bbp_info |= cpu_to_le16(UPPER_20_ENABLE >> 12); 466 } 467 468 if (common->band == NL80211_BAND_2GHZ) 469 bcn_frm->bbp_info |= cpu_to_le16(RSI_RATE_1); 470 else 471 bcn_frm->bbp_info |= cpu_to_le16(RSI_RATE_6); 472 473 if (mac_bcn->data[tim_offset + 2] == 0) 474 bcn_frm->frame_info |= cpu_to_le16(RSI_DATA_DESC_DTIM_BEACON); 475 476 memcpy(&skb->data[FRAME_DESC_SZ], mac_bcn->data, mac_bcn->len); 477 skb_put(skb, mac_bcn->len + FRAME_DESC_SZ); 478 479 dev_kfree_skb(mac_bcn); 480 481 return 0; 482 } 483 484 static void bl_cmd_timeout(struct timer_list *t) 485 { 486 struct rsi_hw *adapter = from_timer(adapter, t, bl_cmd_timer); 487 488 adapter->blcmd_timer_expired = true; 489 del_timer(&adapter->bl_cmd_timer); 490 } 491 492 static int bl_start_cmd_timer(struct rsi_hw *adapter, u32 timeout) 493 { 494 timer_setup(&adapter->bl_cmd_timer, bl_cmd_timeout, 0); 495 adapter->bl_cmd_timer.expires = (msecs_to_jiffies(timeout) + jiffies); 496 497 adapter->blcmd_timer_expired = false; 498 add_timer(&adapter->bl_cmd_timer); 499 500 return 0; 501 } 502 503 static int bl_stop_cmd_timer(struct rsi_hw *adapter) 504 { 505 adapter->blcmd_timer_expired = false; 506 if (timer_pending(&adapter->bl_cmd_timer)) 507 del_timer(&adapter->bl_cmd_timer); 508 509 return 0; 510 } 511 512 static int bl_write_cmd(struct rsi_hw *adapter, u8 cmd, u8 exp_resp, 513 u16 *cmd_resp) 514 { 515 struct rsi_host_intf_ops *hif_ops = adapter->host_intf_ops; 516 u32 regin_val = 0, regout_val = 0; 517 u32 regin_input = 0; 518 u8 output = 0; 519 int status; 520 521 regin_input = (REGIN_INPUT | adapter->priv->coex_mode); 522 523 while (!adapter->blcmd_timer_expired) { 524 regin_val = 0; 525 status = hif_ops->master_reg_read(adapter, SWBL_REGIN, 526 ®in_val, 2); 527 if (status < 0) { 528 rsi_dbg(ERR_ZONE, 529 "%s: Command %0x REGIN reading failed..\n", 530 __func__, cmd); 531 return status; 532 } 533 mdelay(1); 534 if ((regin_val >> 12) != REGIN_VALID) 535 break; 536 } 537 if (adapter->blcmd_timer_expired) { 538 rsi_dbg(ERR_ZONE, 539 "%s: Command %0x REGIN reading timed out..\n", 540 __func__, cmd); 541 return -ETIMEDOUT; 542 } 543 544 rsi_dbg(INFO_ZONE, 545 "Issuing write to Regin val:%0x sending cmd:%0x\n", 546 regin_val, (cmd | regin_input << 8)); 547 status = hif_ops->master_reg_write(adapter, SWBL_REGIN, 548 (cmd | regin_input << 8), 2); 549 if (status < 0) 550 return status; 551 mdelay(1); 552 553 if (cmd == LOAD_HOSTED_FW || cmd == JUMP_TO_ZERO_PC) { 554 /* JUMP_TO_ZERO_PC doesn't expect 555 * any response. So return from here 556 */ 557 return 0; 558 } 559 560 while (!adapter->blcmd_timer_expired) { 561 regout_val = 0; 562 status = hif_ops->master_reg_read(adapter, SWBL_REGOUT, 563 ®out_val, 2); 564 if (status < 0) { 565 rsi_dbg(ERR_ZONE, 566 "%s: Command %0x REGOUT reading failed..\n", 567 __func__, cmd); 568 return status; 569 } 570 mdelay(1); 571 if ((regout_val >> 8) == REGOUT_VALID) 572 break; 573 } 574 if (adapter->blcmd_timer_expired) { 575 rsi_dbg(ERR_ZONE, 576 "%s: Command %0x REGOUT reading timed out..\n", 577 __func__, cmd); 578 return status; 579 } 580 581 *cmd_resp = ((u16 *)®out_val)[0] & 0xffff; 582 583 output = ((u8 *)®out_val)[0] & 0xff; 584 585 status = hif_ops->master_reg_write(adapter, SWBL_REGOUT, 586 (cmd | REGOUT_INVALID << 8), 2); 587 if (status < 0) { 588 rsi_dbg(ERR_ZONE, 589 "%s: Command %0x REGOUT writing failed..\n", 590 __func__, cmd); 591 return status; 592 } 593 mdelay(1); 594 595 if (output != exp_resp) { 596 rsi_dbg(ERR_ZONE, 597 "%s: Recvd resp %x for cmd %0x\n", 598 __func__, output, cmd); 599 return -EINVAL; 600 } 601 rsi_dbg(INFO_ZONE, 602 "%s: Recvd Expected resp %x for cmd %0x\n", 603 __func__, output, cmd); 604 605 return 0; 606 } 607 608 static int bl_cmd(struct rsi_hw *adapter, u8 cmd, u8 exp_resp, char *str) 609 { 610 u16 regout_val = 0; 611 u32 timeout; 612 int status; 613 614 if ((cmd == EOF_REACHED) || (cmd == PING_VALID) || (cmd == PONG_VALID)) 615 timeout = BL_BURN_TIMEOUT; 616 else 617 timeout = BL_CMD_TIMEOUT; 618 619 bl_start_cmd_timer(adapter, timeout); 620 status = bl_write_cmd(adapter, cmd, exp_resp, ®out_val); 621 if (status < 0) { 622 rsi_dbg(ERR_ZONE, 623 "%s: Command %s (%0x) writing failed..\n", 624 __func__, str, cmd); 625 return status; 626 } 627 bl_stop_cmd_timer(adapter); 628 return 0; 629 } 630 631 #define CHECK_SUM_OFFSET 20 632 #define LEN_OFFSET 8 633 #define ADDR_OFFSET 16 634 static int bl_write_header(struct rsi_hw *adapter, u8 *flash_content, 635 u32 content_size) 636 { 637 struct rsi_host_intf_ops *hif_ops = adapter->host_intf_ops; 638 struct bl_header *bl_hdr; 639 u32 write_addr, write_len; 640 int status; 641 642 bl_hdr = kzalloc(sizeof(*bl_hdr), GFP_KERNEL); 643 if (!bl_hdr) 644 return -ENOMEM; 645 646 bl_hdr->flags = 0; 647 bl_hdr->image_no = cpu_to_le32(adapter->priv->coex_mode); 648 bl_hdr->check_sum = 649 cpu_to_le32(*(u32 *)&flash_content[CHECK_SUM_OFFSET]); 650 bl_hdr->flash_start_address = 651 cpu_to_le32(*(u32 *)&flash_content[ADDR_OFFSET]); 652 bl_hdr->flash_len = cpu_to_le32(*(u32 *)&flash_content[LEN_OFFSET]); 653 write_len = sizeof(struct bl_header); 654 655 if (adapter->rsi_host_intf == RSI_HOST_INTF_USB) { 656 write_addr = PING_BUFFER_ADDRESS; 657 status = hif_ops->write_reg_multiple(adapter, write_addr, 658 (u8 *)bl_hdr, write_len); 659 if (status < 0) { 660 rsi_dbg(ERR_ZONE, 661 "%s: Failed to load Version/CRC structure\n", 662 __func__); 663 goto fail; 664 } 665 } else { 666 write_addr = PING_BUFFER_ADDRESS >> 16; 667 status = hif_ops->master_access_msword(adapter, write_addr); 668 if (status < 0) { 669 rsi_dbg(ERR_ZONE, 670 "%s: Unable to set ms word to common reg\n", 671 __func__); 672 goto fail; 673 } 674 write_addr = RSI_SD_REQUEST_MASTER | 675 (PING_BUFFER_ADDRESS & 0xFFFF); 676 status = hif_ops->write_reg_multiple(adapter, write_addr, 677 (u8 *)bl_hdr, write_len); 678 if (status < 0) { 679 rsi_dbg(ERR_ZONE, 680 "%s: Failed to load Version/CRC structure\n", 681 __func__); 682 goto fail; 683 } 684 } 685 status = 0; 686 fail: 687 kfree(bl_hdr); 688 return status; 689 } 690 691 static u32 read_flash_capacity(struct rsi_hw *adapter) 692 { 693 u32 flash_sz = 0; 694 695 if ((adapter->host_intf_ops->master_reg_read(adapter, FLASH_SIZE_ADDR, 696 &flash_sz, 2)) < 0) { 697 rsi_dbg(ERR_ZONE, 698 "%s: Flash size reading failed..\n", 699 __func__); 700 return 0; 701 } 702 rsi_dbg(INIT_ZONE, "Flash capacity: %d KiloBytes\n", flash_sz); 703 704 return (flash_sz * 1024); /* Return size in kbytes */ 705 } 706 707 static int ping_pong_write(struct rsi_hw *adapter, u8 cmd, u8 *addr, u32 size) 708 { 709 struct rsi_host_intf_ops *hif_ops = adapter->host_intf_ops; 710 u32 block_size = adapter->block_size; 711 u32 cmd_addr; 712 u16 cmd_resp, cmd_req; 713 u8 *str; 714 int status; 715 716 if (cmd == PING_WRITE) { 717 cmd_addr = PING_BUFFER_ADDRESS; 718 cmd_resp = PONG_AVAIL; 719 cmd_req = PING_VALID; 720 str = "PING_VALID"; 721 } else { 722 cmd_addr = PONG_BUFFER_ADDRESS; 723 cmd_resp = PING_AVAIL; 724 cmd_req = PONG_VALID; 725 str = "PONG_VALID"; 726 } 727 728 status = hif_ops->load_data_master_write(adapter, cmd_addr, size, 729 block_size, addr); 730 if (status) { 731 rsi_dbg(ERR_ZONE, "%s: Unable to write blk at addr %0x\n", 732 __func__, *addr); 733 return status; 734 } 735 736 status = bl_cmd(adapter, cmd_req, cmd_resp, str); 737 if (status) { 738 bl_stop_cmd_timer(adapter); 739 return status; 740 } 741 return 0; 742 } 743 744 static int auto_fw_upgrade(struct rsi_hw *adapter, u8 *flash_content, 745 u32 content_size) 746 { 747 u8 cmd, *temp_flash_content; 748 u32 temp_content_size, num_flash, index; 749 u32 flash_start_address; 750 int status; 751 752 temp_flash_content = flash_content; 753 754 if (content_size > MAX_FLASH_FILE_SIZE) { 755 rsi_dbg(ERR_ZONE, 756 "%s: Flash Content size is more than 400K %u\n", 757 __func__, MAX_FLASH_FILE_SIZE); 758 return -EINVAL; 759 } 760 761 flash_start_address = *(u32 *)&flash_content[FLASH_START_ADDRESS]; 762 rsi_dbg(INFO_ZONE, "flash start address: %08x\n", flash_start_address); 763 764 if (flash_start_address < FW_IMAGE_MIN_ADDRESS) { 765 rsi_dbg(ERR_ZONE, 766 "%s: Fw image Flash Start Address is less than 64K\n", 767 __func__); 768 return -EINVAL; 769 } 770 771 if (flash_start_address % FLASH_SECTOR_SIZE) { 772 rsi_dbg(ERR_ZONE, 773 "%s: Flash Start Address is not multiple of 4K\n", 774 __func__); 775 return -EINVAL; 776 } 777 778 if ((flash_start_address + content_size) > adapter->flash_capacity) { 779 rsi_dbg(ERR_ZONE, 780 "%s: Flash Content will cross max flash size\n", 781 __func__); 782 return -EINVAL; 783 } 784 785 temp_content_size = content_size; 786 num_flash = content_size / FLASH_WRITE_CHUNK_SIZE; 787 788 rsi_dbg(INFO_ZONE, "content_size: %d, num_flash: %d\n", 789 content_size, num_flash); 790 791 for (index = 0; index <= num_flash; index++) { 792 rsi_dbg(INFO_ZONE, "flash index: %d\n", index); 793 if (index != num_flash) { 794 content_size = FLASH_WRITE_CHUNK_SIZE; 795 rsi_dbg(INFO_ZONE, "QSPI content_size:%d\n", 796 content_size); 797 } else { 798 content_size = 799 temp_content_size % FLASH_WRITE_CHUNK_SIZE; 800 rsi_dbg(INFO_ZONE, 801 "Writing last sector content_size:%d\n", 802 content_size); 803 if (!content_size) { 804 rsi_dbg(INFO_ZONE, "instruction size zero\n"); 805 break; 806 } 807 } 808 809 if (index % 2) 810 cmd = PING_WRITE; 811 else 812 cmd = PONG_WRITE; 813 814 status = ping_pong_write(adapter, cmd, flash_content, 815 content_size); 816 if (status) { 817 rsi_dbg(ERR_ZONE, "%s: Unable to load %d block\n", 818 __func__, index); 819 return status; 820 } 821 822 rsi_dbg(INFO_ZONE, 823 "%s: Successfully loaded %d instructions\n", 824 __func__, index); 825 flash_content += content_size; 826 } 827 828 status = bl_cmd(adapter, EOF_REACHED, FW_LOADING_SUCCESSFUL, 829 "EOF_REACHED"); 830 if (status) { 831 bl_stop_cmd_timer(adapter); 832 return status; 833 } 834 rsi_dbg(INFO_ZONE, "FW loading is done and FW is running..\n"); 835 return 0; 836 } 837 838 static int rsi_load_firmware(struct rsi_hw *adapter) 839 { 840 struct rsi_common *common = adapter->priv; 841 struct rsi_host_intf_ops *hif_ops = adapter->host_intf_ops; 842 const struct firmware *fw_entry = NULL; 843 u32 regout_val = 0, content_size; 844 u16 tmp_regout_val = 0; 845 u8 *flash_content = NULL; 846 struct ta_metadata *metadata_p; 847 int status; 848 849 bl_start_cmd_timer(adapter, BL_CMD_TIMEOUT); 850 851 while (!adapter->blcmd_timer_expired) { 852 status = hif_ops->master_reg_read(adapter, SWBL_REGOUT, 853 ®out_val, 2); 854 if (status < 0) { 855 rsi_dbg(ERR_ZONE, 856 "%s: REGOUT read failed\n", __func__); 857 return status; 858 } 859 mdelay(1); 860 if ((regout_val >> 8) == REGOUT_VALID) 861 break; 862 } 863 if (adapter->blcmd_timer_expired) { 864 rsi_dbg(ERR_ZONE, "%s: REGOUT read timedout\n", __func__); 865 rsi_dbg(ERR_ZONE, 866 "%s: Soft boot loader not present\n", __func__); 867 return -ETIMEDOUT; 868 } 869 bl_stop_cmd_timer(adapter); 870 871 rsi_dbg(INFO_ZONE, "Received Board Version Number: %x\n", 872 (regout_val & 0xff)); 873 874 status = hif_ops->master_reg_write(adapter, SWBL_REGOUT, 875 (REGOUT_INVALID | REGOUT_INVALID << 8), 876 2); 877 if (status < 0) { 878 rsi_dbg(ERR_ZONE, "%s: REGOUT writing failed..\n", __func__); 879 return status; 880 } 881 mdelay(1); 882 883 status = bl_cmd(adapter, CONFIG_AUTO_READ_MODE, CMD_PASS, 884 "AUTO_READ_CMD"); 885 if (status < 0) 886 return status; 887 888 adapter->flash_capacity = read_flash_capacity(adapter); 889 if (adapter->flash_capacity <= 0) { 890 rsi_dbg(ERR_ZONE, 891 "%s: Unable to read flash size from EEPROM\n", 892 __func__); 893 return -EINVAL; 894 } 895 896 metadata_p = &metadata_flash_content[adapter->priv->coex_mode]; 897 898 rsi_dbg(INIT_ZONE, "%s: Loading file %s\n", __func__, metadata_p->name); 899 adapter->fw_file_name = metadata_p->name; 900 901 status = request_firmware(&fw_entry, metadata_p->name, adapter->device); 902 if (status < 0) { 903 rsi_dbg(ERR_ZONE, "%s: Failed to open file %s\n", 904 __func__, metadata_p->name); 905 return status; 906 } 907 flash_content = kmemdup(fw_entry->data, fw_entry->size, GFP_KERNEL); 908 if (!flash_content) { 909 rsi_dbg(ERR_ZONE, "%s: Failed to copy firmware\n", __func__); 910 status = -EIO; 911 goto fail; 912 } 913 content_size = fw_entry->size; 914 rsi_dbg(INFO_ZONE, "FW Length = %d bytes\n", content_size); 915 916 /* Get the firmware version */ 917 common->lmac_ver.ver.info.fw_ver[0] = 918 flash_content[LMAC_VER_OFFSET] & 0xFF; 919 common->lmac_ver.ver.info.fw_ver[1] = 920 flash_content[LMAC_VER_OFFSET + 1] & 0xFF; 921 common->lmac_ver.major = flash_content[LMAC_VER_OFFSET + 2] & 0xFF; 922 common->lmac_ver.release_num = 923 flash_content[LMAC_VER_OFFSET + 3] & 0xFF; 924 common->lmac_ver.minor = flash_content[LMAC_VER_OFFSET + 4] & 0xFF; 925 common->lmac_ver.patch_num = 0; 926 rsi_print_version(common); 927 928 status = bl_write_header(adapter, flash_content, content_size); 929 if (status) { 930 rsi_dbg(ERR_ZONE, 931 "%s: RPS Image header loading failed\n", 932 __func__); 933 goto fail; 934 } 935 936 bl_start_cmd_timer(adapter, BL_CMD_TIMEOUT); 937 status = bl_write_cmd(adapter, CHECK_CRC, CMD_PASS, &tmp_regout_val); 938 if (status) { 939 bl_stop_cmd_timer(adapter); 940 rsi_dbg(ERR_ZONE, 941 "%s: CHECK_CRC Command writing failed..\n", 942 __func__); 943 if ((tmp_regout_val & 0xff) == CMD_FAIL) { 944 rsi_dbg(ERR_ZONE, 945 "CRC Fail.. Proceeding to Upgrade mode\n"); 946 goto fw_upgrade; 947 } 948 } 949 bl_stop_cmd_timer(adapter); 950 951 status = bl_cmd(adapter, POLLING_MODE, CMD_PASS, "POLLING_MODE"); 952 if (status) 953 goto fail; 954 955 load_image_cmd: 956 status = bl_cmd(adapter, LOAD_HOSTED_FW, LOADING_INITIATED, 957 "LOAD_HOSTED_FW"); 958 if (status) 959 goto fail; 960 rsi_dbg(INFO_ZONE, "Load Image command passed..\n"); 961 goto success; 962 963 fw_upgrade: 964 status = bl_cmd(adapter, BURN_HOSTED_FW, SEND_RPS_FILE, "FW_UPGRADE"); 965 if (status) 966 goto fail; 967 968 rsi_dbg(INFO_ZONE, "Burn Command Pass.. Upgrading the firmware\n"); 969 970 status = auto_fw_upgrade(adapter, flash_content, content_size); 971 if (status == 0) { 972 rsi_dbg(ERR_ZONE, "Firmware upgradation Done\n"); 973 goto load_image_cmd; 974 } 975 rsi_dbg(ERR_ZONE, "Firmware upgrade failed\n"); 976 977 status = bl_cmd(adapter, CONFIG_AUTO_READ_MODE, CMD_PASS, 978 "AUTO_READ_MODE"); 979 if (status) 980 goto fail; 981 982 success: 983 rsi_dbg(ERR_ZONE, "***** Firmware Loading successful *****\n"); 984 kfree(flash_content); 985 release_firmware(fw_entry); 986 return 0; 987 988 fail: 989 rsi_dbg(ERR_ZONE, "##### Firmware loading failed #####\n"); 990 kfree(flash_content); 991 release_firmware(fw_entry); 992 return status; 993 } 994 995 int rsi_hal_device_init(struct rsi_hw *adapter) 996 { 997 struct rsi_common *common = adapter->priv; 998 999 switch (adapter->device_model) { 1000 case RSI_DEV_9113: 1001 if (rsi_load_firmware(adapter)) { 1002 rsi_dbg(ERR_ZONE, 1003 "%s: Failed to load TA instructions\n", 1004 __func__); 1005 return -EINVAL; 1006 } 1007 break; 1008 default: 1009 return -EINVAL; 1010 } 1011 common->fsm_state = FSM_CARD_NOT_READY; 1012 1013 return 0; 1014 } 1015 EXPORT_SYMBOL_GPL(rsi_hal_device_init); 1016 1017