1 /** 2 * Copyright (c) 2014 Redpine Signals Inc. 3 * 4 * Permission to use, copy, modify, and/or distribute this software for any 5 * purpose with or without fee is hereby granted, provided that the above 6 * copyright notice and this permission notice appear in all copies. 7 * 8 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 9 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 10 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 11 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 12 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 13 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 14 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 15 */ 16 17 #include <linux/firmware.h> 18 #include <net/bluetooth/bluetooth.h> 19 #include "rsi_mgmt.h" 20 #include "rsi_hal.h" 21 #include "rsi_sdio.h" 22 #include "rsi_common.h" 23 24 /* FLASH Firmware */ 25 static struct ta_metadata metadata_flash_content[] = { 26 {"flash_content", 0x00010000}, 27 {"rsi/rs9113_wlan_qspi.rps", 0x00010000}, 28 {"rsi/rs9113_wlan_bt_dual_mode.rps", 0x00010000}, 29 {"flash_content", 0x00010000}, 30 {"rsi/rs9113_ap_bt_dual_mode.rps", 0x00010000}, 31 32 }; 33 34 int rsi_send_pkt_to_bus(struct rsi_common *common, struct sk_buff *skb) 35 { 36 struct rsi_hw *adapter = common->priv; 37 int status; 38 39 if (common->coex_mode > 1) 40 mutex_lock(&common->tx_bus_mutex); 41 42 status = adapter->host_intf_ops->write_pkt(common->priv, 43 skb->data, skb->len); 44 45 if (common->coex_mode > 1) 46 mutex_unlock(&common->tx_bus_mutex); 47 48 return status; 49 } 50 51 int rsi_prepare_mgmt_desc(struct rsi_common *common, struct sk_buff *skb) 52 { 53 struct rsi_hw *adapter = common->priv; 54 struct ieee80211_hdr *wh = NULL; 55 struct ieee80211_tx_info *info; 56 struct ieee80211_conf *conf = &adapter->hw->conf; 57 struct ieee80211_vif *vif; 58 struct rsi_mgmt_desc *mgmt_desc; 59 struct skb_info *tx_params; 60 struct rsi_xtended_desc *xtend_desc = NULL; 61 u8 header_size; 62 u32 dword_align_bytes = 0; 63 64 if (skb->len > MAX_MGMT_PKT_SIZE) { 65 rsi_dbg(INFO_ZONE, "%s: Dropping mgmt pkt > 512\n", __func__); 66 return -EINVAL; 67 } 68 69 info = IEEE80211_SKB_CB(skb); 70 tx_params = (struct skb_info *)info->driver_data; 71 vif = tx_params->vif; 72 73 /* Update header size */ 74 header_size = FRAME_DESC_SZ + sizeof(struct rsi_xtended_desc); 75 if (header_size > skb_headroom(skb)) { 76 rsi_dbg(ERR_ZONE, 77 "%s: Failed to add extended descriptor\n", 78 __func__); 79 return -ENOSPC; 80 } 81 skb_push(skb, header_size); 82 dword_align_bytes = ((unsigned long)skb->data & 0x3f); 83 if (dword_align_bytes > skb_headroom(skb)) { 84 rsi_dbg(ERR_ZONE, 85 "%s: Failed to add dword align\n", __func__); 86 return -ENOSPC; 87 } 88 skb_push(skb, dword_align_bytes); 89 header_size += dword_align_bytes; 90 91 tx_params->internal_hdr_size = header_size; 92 memset(&skb->data[0], 0, header_size); 93 wh = (struct ieee80211_hdr *)&skb->data[header_size]; 94 95 mgmt_desc = (struct rsi_mgmt_desc *)skb->data; 96 xtend_desc = (struct rsi_xtended_desc *)&skb->data[FRAME_DESC_SZ]; 97 98 rsi_set_len_qno(&mgmt_desc->len_qno, (skb->len - FRAME_DESC_SZ), 99 RSI_WIFI_MGMT_Q); 100 mgmt_desc->frame_type = TX_DOT11_MGMT; 101 mgmt_desc->header_len = MIN_802_11_HDR_LEN; 102 mgmt_desc->xtend_desc_size = header_size - FRAME_DESC_SZ; 103 mgmt_desc->frame_info |= cpu_to_le16(RATE_INFO_ENABLE); 104 if (is_broadcast_ether_addr(wh->addr1)) 105 mgmt_desc->frame_info |= cpu_to_le16(RSI_BROADCAST_PKT); 106 107 mgmt_desc->seq_ctrl = 108 cpu_to_le16(IEEE80211_SEQ_TO_SN(le16_to_cpu(wh->seq_ctrl))); 109 if ((common->band == NL80211_BAND_2GHZ) && !common->p2p_enabled) 110 mgmt_desc->rate_info = cpu_to_le16(RSI_RATE_1); 111 else 112 mgmt_desc->rate_info = cpu_to_le16(RSI_RATE_6); 113 114 if (conf_is_ht40(conf)) 115 mgmt_desc->bbp_info = cpu_to_le16(FULL40M_ENABLE); 116 117 if (ieee80211_is_probe_resp(wh->frame_control)) { 118 mgmt_desc->misc_flags |= (RSI_ADD_DELTA_TSF_VAP_ID | 119 RSI_FETCH_RETRY_CNT_FRM_HST); 120 #define PROBE_RESP_RETRY_CNT 3 121 xtend_desc->retry_cnt = PROBE_RESP_RETRY_CNT; 122 } 123 124 if (((vif->type == NL80211_IFTYPE_AP) || 125 (vif->type == NL80211_IFTYPE_P2P_GO)) && 126 (ieee80211_is_action(wh->frame_control))) { 127 struct rsi_sta *rsta = rsi_find_sta(common, wh->addr1); 128 129 if (rsta) 130 mgmt_desc->sta_id = tx_params->sta_id; 131 else 132 return -EINVAL; 133 } 134 mgmt_desc->rate_info |= 135 cpu_to_le16((tx_params->vap_id << RSI_DESC_VAP_ID_OFST) & 136 RSI_DESC_VAP_ID_MASK); 137 138 return 0; 139 } 140 141 /* This function prepares descriptor for given data packet */ 142 int rsi_prepare_data_desc(struct rsi_common *common, struct sk_buff *skb) 143 { 144 struct rsi_hw *adapter = common->priv; 145 struct ieee80211_vif *vif; 146 struct ieee80211_hdr *wh = NULL; 147 struct ieee80211_tx_info *info; 148 struct skb_info *tx_params; 149 struct rsi_data_desc *data_desc; 150 struct rsi_xtended_desc *xtend_desc; 151 u8 ieee80211_size = MIN_802_11_HDR_LEN; 152 u8 header_size; 153 u8 vap_id = 0; 154 u8 dword_align_bytes; 155 u16 seq_num; 156 157 info = IEEE80211_SKB_CB(skb); 158 vif = info->control.vif; 159 tx_params = (struct skb_info *)info->driver_data; 160 161 header_size = FRAME_DESC_SZ + sizeof(struct rsi_xtended_desc); 162 if (header_size > skb_headroom(skb)) { 163 rsi_dbg(ERR_ZONE, "%s: Unable to send pkt\n", __func__); 164 return -ENOSPC; 165 } 166 skb_push(skb, header_size); 167 dword_align_bytes = ((unsigned long)skb->data & 0x3f); 168 if (header_size > skb_headroom(skb)) { 169 rsi_dbg(ERR_ZONE, "%s: Not enough headroom\n", __func__); 170 return -ENOSPC; 171 } 172 skb_push(skb, dword_align_bytes); 173 header_size += dword_align_bytes; 174 175 tx_params->internal_hdr_size = header_size; 176 data_desc = (struct rsi_data_desc *)skb->data; 177 memset(data_desc, 0, header_size); 178 179 xtend_desc = (struct rsi_xtended_desc *)&skb->data[FRAME_DESC_SZ]; 180 wh = (struct ieee80211_hdr *)&skb->data[header_size]; 181 seq_num = IEEE80211_SEQ_TO_SN(le16_to_cpu(wh->seq_ctrl)); 182 183 data_desc->xtend_desc_size = header_size - FRAME_DESC_SZ; 184 185 if (ieee80211_is_data_qos(wh->frame_control)) { 186 ieee80211_size += 2; 187 data_desc->mac_flags |= cpu_to_le16(RSI_QOS_ENABLE); 188 } 189 190 if (((vif->type == NL80211_IFTYPE_STATION) || 191 (vif->type == NL80211_IFTYPE_P2P_CLIENT)) && 192 (adapter->ps_state == PS_ENABLED)) 193 wh->frame_control |= cpu_to_le16(RSI_SET_PS_ENABLE); 194 195 if ((!(info->flags & IEEE80211_TX_INTFL_DONT_ENCRYPT)) && 196 (common->secinfo.security_enable)) { 197 if (rsi_is_cipher_wep(common)) 198 ieee80211_size += 4; 199 else 200 ieee80211_size += 8; 201 data_desc->mac_flags |= cpu_to_le16(RSI_ENCRYPT_PKT); 202 } 203 rsi_set_len_qno(&data_desc->len_qno, (skb->len - FRAME_DESC_SZ), 204 RSI_WIFI_DATA_Q); 205 data_desc->header_len = ieee80211_size; 206 207 if (common->min_rate != RSI_RATE_AUTO) { 208 /* Send fixed rate */ 209 data_desc->frame_info = cpu_to_le16(RATE_INFO_ENABLE); 210 data_desc->rate_info = cpu_to_le16(common->min_rate); 211 212 if (conf_is_ht40(&common->priv->hw->conf)) 213 data_desc->bbp_info = cpu_to_le16(FULL40M_ENABLE); 214 215 if ((common->vif_info[0].sgi) && (common->min_rate & 0x100)) { 216 /* Only MCS rates */ 217 data_desc->rate_info |= 218 cpu_to_le16(ENABLE_SHORTGI_RATE); 219 } 220 } 221 222 if (skb->protocol == cpu_to_be16(ETH_P_PAE)) { 223 rsi_dbg(INFO_ZONE, "*** Tx EAPOL ***\n"); 224 225 data_desc->frame_info = cpu_to_le16(RATE_INFO_ENABLE); 226 if (common->band == NL80211_BAND_5GHZ) 227 data_desc->rate_info = cpu_to_le16(RSI_RATE_6); 228 else 229 data_desc->rate_info = cpu_to_le16(RSI_RATE_1); 230 data_desc->mac_flags |= cpu_to_le16(RSI_REKEY_PURPOSE); 231 data_desc->misc_flags |= RSI_FETCH_RETRY_CNT_FRM_HST; 232 #define EAPOL_RETRY_CNT 15 233 xtend_desc->retry_cnt = EAPOL_RETRY_CNT; 234 235 if (common->eapol4_confirm) 236 skb->priority = VO_Q; 237 else 238 rsi_set_len_qno(&data_desc->len_qno, 239 (skb->len - FRAME_DESC_SZ), 240 RSI_WIFI_MGMT_Q); 241 if ((skb->len - header_size) == EAPOL4_PACKET_LEN) { 242 data_desc->misc_flags |= 243 RSI_DESC_REQUIRE_CFM_TO_HOST; 244 xtend_desc->confirm_frame_type = EAPOL4_CONFIRM; 245 } 246 } 247 248 data_desc->mac_flags |= cpu_to_le16(seq_num & 0xfff); 249 data_desc->qid_tid = ((skb->priority & 0xf) | 250 ((tx_params->tid & 0xf) << 4)); 251 data_desc->sta_id = tx_params->sta_id; 252 253 if ((is_broadcast_ether_addr(wh->addr1)) || 254 (is_multicast_ether_addr(wh->addr1))) { 255 data_desc->frame_info = cpu_to_le16(RATE_INFO_ENABLE); 256 data_desc->frame_info |= cpu_to_le16(RSI_BROADCAST_PKT); 257 data_desc->sta_id = vap_id; 258 259 if ((vif->type == NL80211_IFTYPE_AP) || 260 (vif->type == NL80211_IFTYPE_P2P_GO)) { 261 if (common->band == NL80211_BAND_5GHZ) 262 data_desc->rate_info = cpu_to_le16(RSI_RATE_6); 263 else 264 data_desc->rate_info = cpu_to_le16(RSI_RATE_1); 265 } 266 } 267 if (((vif->type == NL80211_IFTYPE_AP) || 268 (vif->type == NL80211_IFTYPE_P2P_GO)) && 269 (ieee80211_has_moredata(wh->frame_control))) 270 data_desc->frame_info |= cpu_to_le16(MORE_DATA_PRESENT); 271 272 data_desc->rate_info |= 273 cpu_to_le16((tx_params->vap_id << RSI_DESC_VAP_ID_OFST) & 274 RSI_DESC_VAP_ID_MASK); 275 276 return 0; 277 } 278 279 /* This function sends received data packet from driver to device */ 280 int rsi_send_data_pkt(struct rsi_common *common, struct sk_buff *skb) 281 { 282 struct rsi_hw *adapter = common->priv; 283 struct ieee80211_vif *vif; 284 struct ieee80211_tx_info *info; 285 struct ieee80211_bss_conf *bss; 286 int status = -EINVAL; 287 288 if (!skb) 289 return 0; 290 if (common->iface_down) 291 goto err; 292 293 info = IEEE80211_SKB_CB(skb); 294 if (!info->control.vif) 295 goto err; 296 vif = info->control.vif; 297 bss = &vif->bss_conf; 298 299 if (((vif->type == NL80211_IFTYPE_STATION) || 300 (vif->type == NL80211_IFTYPE_P2P_CLIENT)) && 301 (!bss->assoc)) 302 goto err; 303 304 status = rsi_send_pkt_to_bus(common, skb); 305 if (status) 306 rsi_dbg(ERR_ZONE, "%s: Failed to write pkt\n", __func__); 307 308 err: 309 ++common->tx_stats.total_tx_pkt_freed[skb->priority]; 310 rsi_indicate_tx_status(adapter, skb, status); 311 return status; 312 } 313 314 /** 315 * rsi_send_mgmt_pkt() - This functions sends the received management packet 316 * from driver to device. 317 * @common: Pointer to the driver private structure. 318 * @skb: Pointer to the socket buffer structure. 319 * 320 * Return: status: 0 on success, -1 on failure. 321 */ 322 int rsi_send_mgmt_pkt(struct rsi_common *common, 323 struct sk_buff *skb) 324 { 325 struct rsi_hw *adapter = common->priv; 326 struct ieee80211_bss_conf *bss; 327 struct ieee80211_hdr *wh; 328 struct ieee80211_tx_info *info; 329 struct skb_info *tx_params; 330 struct rsi_mgmt_desc *mgmt_desc; 331 struct rsi_xtended_desc *xtend_desc; 332 int status = -E2BIG; 333 u8 header_size; 334 335 info = IEEE80211_SKB_CB(skb); 336 tx_params = (struct skb_info *)info->driver_data; 337 header_size = tx_params->internal_hdr_size; 338 339 if (tx_params->flags & INTERNAL_MGMT_PKT) { 340 status = adapter->host_intf_ops->write_pkt(common->priv, 341 (u8 *)skb->data, 342 skb->len); 343 if (status) { 344 rsi_dbg(ERR_ZONE, 345 "%s: Failed to write the packet\n", __func__); 346 } 347 dev_kfree_skb(skb); 348 return status; 349 } 350 351 bss = &info->control.vif->bss_conf; 352 wh = (struct ieee80211_hdr *)&skb->data[header_size]; 353 mgmt_desc = (struct rsi_mgmt_desc *)skb->data; 354 xtend_desc = (struct rsi_xtended_desc *)&skb->data[FRAME_DESC_SZ]; 355 356 /* Indicate to firmware to give cfm for probe */ 357 if (ieee80211_is_probe_req(wh->frame_control) && !bss->assoc) { 358 rsi_dbg(INFO_ZONE, 359 "%s: blocking mgmt queue\n", __func__); 360 mgmt_desc->misc_flags = RSI_DESC_REQUIRE_CFM_TO_HOST; 361 xtend_desc->confirm_frame_type = PROBEREQ_CONFIRM; 362 common->mgmt_q_block = true; 363 rsi_dbg(INFO_ZONE, "Mgmt queue blocked\n"); 364 } 365 366 status = rsi_send_pkt_to_bus(common, skb); 367 if (status) 368 rsi_dbg(ERR_ZONE, "%s: Failed to write the packet\n", __func__); 369 370 rsi_indicate_tx_status(common->priv, skb, status); 371 return status; 372 } 373 374 int rsi_send_bt_pkt(struct rsi_common *common, struct sk_buff *skb) 375 { 376 int status = -EINVAL; 377 u8 header_size = 0; 378 struct rsi_bt_desc *bt_desc; 379 u8 queueno = ((skb->data[1] >> 4) & 0xf); 380 381 if (queueno == RSI_BT_MGMT_Q) { 382 status = rsi_send_pkt_to_bus(common, skb); 383 if (status) 384 rsi_dbg(ERR_ZONE, "%s: Failed to write bt mgmt pkt\n", 385 __func__); 386 goto out; 387 } 388 header_size = FRAME_DESC_SZ; 389 if (header_size > skb_headroom(skb)) { 390 rsi_dbg(ERR_ZONE, "%s: Not enough headroom\n", __func__); 391 status = -ENOSPC; 392 goto out; 393 } 394 skb_push(skb, header_size); 395 memset(skb->data, 0, header_size); 396 bt_desc = (struct rsi_bt_desc *)skb->data; 397 398 rsi_set_len_qno(&bt_desc->len_qno, (skb->len - FRAME_DESC_SZ), 399 RSI_BT_DATA_Q); 400 bt_desc->bt_pkt_type = cpu_to_le16(bt_cb(skb)->pkt_type); 401 402 status = rsi_send_pkt_to_bus(common, skb); 403 if (status) 404 rsi_dbg(ERR_ZONE, "%s: Failed to write bt pkt\n", __func__); 405 406 out: 407 dev_kfree_skb(skb); 408 return status; 409 } 410 411 int rsi_prepare_beacon(struct rsi_common *common, struct sk_buff *skb) 412 { 413 struct rsi_hw *adapter = (struct rsi_hw *)common->priv; 414 struct rsi_data_desc *bcn_frm; 415 struct ieee80211_hw *hw = common->priv->hw; 416 struct ieee80211_conf *conf = &hw->conf; 417 struct ieee80211_vif *vif; 418 struct sk_buff *mac_bcn; 419 u8 vap_id = 0, i; 420 u16 tim_offset = 0; 421 422 for (i = 0; i < RSI_MAX_VIFS; i++) { 423 vif = adapter->vifs[i]; 424 if (!vif) 425 continue; 426 if ((vif->type == NL80211_IFTYPE_AP) || 427 (vif->type == NL80211_IFTYPE_P2P_GO)) 428 break; 429 } 430 if (!vif) 431 return -EINVAL; 432 mac_bcn = ieee80211_beacon_get_tim(adapter->hw, 433 vif, 434 &tim_offset, NULL); 435 if (!mac_bcn) { 436 rsi_dbg(ERR_ZONE, "Failed to get beacon from mac80211\n"); 437 return -EINVAL; 438 } 439 440 common->beacon_cnt++; 441 bcn_frm = (struct rsi_data_desc *)skb->data; 442 rsi_set_len_qno(&bcn_frm->len_qno, mac_bcn->len, RSI_WIFI_DATA_Q); 443 bcn_frm->header_len = MIN_802_11_HDR_LEN; 444 bcn_frm->frame_info = cpu_to_le16(RSI_DATA_DESC_MAC_BBP_INFO | 445 RSI_DATA_DESC_NO_ACK_IND | 446 RSI_DATA_DESC_BEACON_FRAME | 447 RSI_DATA_DESC_INSERT_TSF | 448 RSI_DATA_DESC_INSERT_SEQ_NO | 449 RATE_INFO_ENABLE); 450 bcn_frm->rate_info = cpu_to_le16(vap_id << 14); 451 bcn_frm->qid_tid = BEACON_HW_Q; 452 453 if (conf_is_ht40_plus(conf)) { 454 bcn_frm->bbp_info = cpu_to_le16(LOWER_20_ENABLE); 455 bcn_frm->bbp_info |= cpu_to_le16(LOWER_20_ENABLE >> 12); 456 } else if (conf_is_ht40_minus(conf)) { 457 bcn_frm->bbp_info = cpu_to_le16(UPPER_20_ENABLE); 458 bcn_frm->bbp_info |= cpu_to_le16(UPPER_20_ENABLE >> 12); 459 } 460 461 if (common->band == NL80211_BAND_2GHZ) 462 bcn_frm->bbp_info |= cpu_to_le16(RSI_RATE_1); 463 else 464 bcn_frm->bbp_info |= cpu_to_le16(RSI_RATE_6); 465 466 if (mac_bcn->data[tim_offset + 2] == 0) 467 bcn_frm->frame_info |= cpu_to_le16(RSI_DATA_DESC_DTIM_BEACON); 468 469 memcpy(&skb->data[FRAME_DESC_SZ], mac_bcn->data, mac_bcn->len); 470 skb_put(skb, mac_bcn->len + FRAME_DESC_SZ); 471 472 dev_kfree_skb(mac_bcn); 473 474 return 0; 475 } 476 477 static void bl_cmd_timeout(struct timer_list *t) 478 { 479 struct rsi_hw *adapter = from_timer(adapter, t, bl_cmd_timer); 480 481 adapter->blcmd_timer_expired = true; 482 del_timer(&adapter->bl_cmd_timer); 483 } 484 485 static int bl_start_cmd_timer(struct rsi_hw *adapter, u32 timeout) 486 { 487 timer_setup(&adapter->bl_cmd_timer, bl_cmd_timeout, 0); 488 adapter->bl_cmd_timer.expires = (msecs_to_jiffies(timeout) + jiffies); 489 490 adapter->blcmd_timer_expired = false; 491 add_timer(&adapter->bl_cmd_timer); 492 493 return 0; 494 } 495 496 static int bl_stop_cmd_timer(struct rsi_hw *adapter) 497 { 498 adapter->blcmd_timer_expired = false; 499 if (timer_pending(&adapter->bl_cmd_timer)) 500 del_timer(&adapter->bl_cmd_timer); 501 502 return 0; 503 } 504 505 static int bl_write_cmd(struct rsi_hw *adapter, u8 cmd, u8 exp_resp, 506 u16 *cmd_resp) 507 { 508 struct rsi_host_intf_ops *hif_ops = adapter->host_intf_ops; 509 u32 regin_val = 0, regout_val = 0; 510 u32 regin_input = 0; 511 u8 output = 0; 512 int status; 513 514 regin_input = (REGIN_INPUT | adapter->priv->coex_mode); 515 516 while (!adapter->blcmd_timer_expired) { 517 regin_val = 0; 518 status = hif_ops->master_reg_read(adapter, SWBL_REGIN, 519 ®in_val, 2); 520 if (status < 0) { 521 rsi_dbg(ERR_ZONE, 522 "%s: Command %0x REGIN reading failed..\n", 523 __func__, cmd); 524 return status; 525 } 526 mdelay(1); 527 if ((regin_val >> 12) != REGIN_VALID) 528 break; 529 } 530 if (adapter->blcmd_timer_expired) { 531 rsi_dbg(ERR_ZONE, 532 "%s: Command %0x REGIN reading timed out..\n", 533 __func__, cmd); 534 return -ETIMEDOUT; 535 } 536 537 rsi_dbg(INFO_ZONE, 538 "Issuing write to Regin val:%0x sending cmd:%0x\n", 539 regin_val, (cmd | regin_input << 8)); 540 status = hif_ops->master_reg_write(adapter, SWBL_REGIN, 541 (cmd | regin_input << 8), 2); 542 if (status < 0) 543 return status; 544 mdelay(1); 545 546 if (cmd == LOAD_HOSTED_FW || cmd == JUMP_TO_ZERO_PC) { 547 /* JUMP_TO_ZERO_PC doesn't expect 548 * any response. So return from here 549 */ 550 return 0; 551 } 552 553 while (!adapter->blcmd_timer_expired) { 554 regout_val = 0; 555 status = hif_ops->master_reg_read(adapter, SWBL_REGOUT, 556 ®out_val, 2); 557 if (status < 0) { 558 rsi_dbg(ERR_ZONE, 559 "%s: Command %0x REGOUT reading failed..\n", 560 __func__, cmd); 561 return status; 562 } 563 mdelay(1); 564 if ((regout_val >> 8) == REGOUT_VALID) 565 break; 566 } 567 if (adapter->blcmd_timer_expired) { 568 rsi_dbg(ERR_ZONE, 569 "%s: Command %0x REGOUT reading timed out..\n", 570 __func__, cmd); 571 return status; 572 } 573 574 *cmd_resp = ((u16 *)®out_val)[0] & 0xffff; 575 576 output = ((u8 *)®out_val)[0] & 0xff; 577 578 status = hif_ops->master_reg_write(adapter, SWBL_REGOUT, 579 (cmd | REGOUT_INVALID << 8), 2); 580 if (status < 0) { 581 rsi_dbg(ERR_ZONE, 582 "%s: Command %0x REGOUT writing failed..\n", 583 __func__, cmd); 584 return status; 585 } 586 mdelay(1); 587 588 if (output != exp_resp) { 589 rsi_dbg(ERR_ZONE, 590 "%s: Recvd resp %x for cmd %0x\n", 591 __func__, output, cmd); 592 return -EINVAL; 593 } 594 rsi_dbg(INFO_ZONE, 595 "%s: Recvd Expected resp %x for cmd %0x\n", 596 __func__, output, cmd); 597 598 return 0; 599 } 600 601 static int bl_cmd(struct rsi_hw *adapter, u8 cmd, u8 exp_resp, char *str) 602 { 603 u16 regout_val = 0; 604 u32 timeout; 605 int status; 606 607 if ((cmd == EOF_REACHED) || (cmd == PING_VALID) || (cmd == PONG_VALID)) 608 timeout = BL_BURN_TIMEOUT; 609 else 610 timeout = BL_CMD_TIMEOUT; 611 612 bl_start_cmd_timer(adapter, timeout); 613 status = bl_write_cmd(adapter, cmd, exp_resp, ®out_val); 614 if (status < 0) { 615 rsi_dbg(ERR_ZONE, 616 "%s: Command %s (%0x) writing failed..\n", 617 __func__, str, cmd); 618 return status; 619 } 620 bl_stop_cmd_timer(adapter); 621 return 0; 622 } 623 624 #define CHECK_SUM_OFFSET 20 625 #define LEN_OFFSET 8 626 #define ADDR_OFFSET 16 627 static int bl_write_header(struct rsi_hw *adapter, u8 *flash_content, 628 u32 content_size) 629 { 630 struct rsi_host_intf_ops *hif_ops = adapter->host_intf_ops; 631 struct bl_header *bl_hdr; 632 u32 write_addr, write_len; 633 int status; 634 635 bl_hdr = kzalloc(sizeof(*bl_hdr), GFP_KERNEL); 636 if (!bl_hdr) 637 return -ENOMEM; 638 639 bl_hdr->flags = 0; 640 bl_hdr->image_no = cpu_to_le32(adapter->priv->coex_mode); 641 bl_hdr->check_sum = 642 cpu_to_le32(*(u32 *)&flash_content[CHECK_SUM_OFFSET]); 643 bl_hdr->flash_start_address = 644 cpu_to_le32(*(u32 *)&flash_content[ADDR_OFFSET]); 645 bl_hdr->flash_len = cpu_to_le32(*(u32 *)&flash_content[LEN_OFFSET]); 646 write_len = sizeof(struct bl_header); 647 648 if (adapter->rsi_host_intf == RSI_HOST_INTF_USB) { 649 write_addr = PING_BUFFER_ADDRESS; 650 status = hif_ops->write_reg_multiple(adapter, write_addr, 651 (u8 *)bl_hdr, write_len); 652 if (status < 0) { 653 rsi_dbg(ERR_ZONE, 654 "%s: Failed to load Version/CRC structure\n", 655 __func__); 656 goto fail; 657 } 658 } else { 659 write_addr = PING_BUFFER_ADDRESS >> 16; 660 status = hif_ops->master_access_msword(adapter, write_addr); 661 if (status < 0) { 662 rsi_dbg(ERR_ZONE, 663 "%s: Unable to set ms word to common reg\n", 664 __func__); 665 goto fail; 666 } 667 write_addr = RSI_SD_REQUEST_MASTER | 668 (PING_BUFFER_ADDRESS & 0xFFFF); 669 status = hif_ops->write_reg_multiple(adapter, write_addr, 670 (u8 *)bl_hdr, write_len); 671 if (status < 0) { 672 rsi_dbg(ERR_ZONE, 673 "%s: Failed to load Version/CRC structure\n", 674 __func__); 675 goto fail; 676 } 677 } 678 status = 0; 679 fail: 680 kfree(bl_hdr); 681 return status; 682 } 683 684 static u32 read_flash_capacity(struct rsi_hw *adapter) 685 { 686 u32 flash_sz = 0; 687 688 if ((adapter->host_intf_ops->master_reg_read(adapter, FLASH_SIZE_ADDR, 689 &flash_sz, 2)) < 0) { 690 rsi_dbg(ERR_ZONE, 691 "%s: Flash size reading failed..\n", 692 __func__); 693 return 0; 694 } 695 rsi_dbg(INIT_ZONE, "Flash capacity: %d KiloBytes\n", flash_sz); 696 697 return (flash_sz * 1024); /* Return size in kbytes */ 698 } 699 700 static int ping_pong_write(struct rsi_hw *adapter, u8 cmd, u8 *addr, u32 size) 701 { 702 struct rsi_host_intf_ops *hif_ops = adapter->host_intf_ops; 703 u32 block_size = adapter->block_size; 704 u32 cmd_addr; 705 u16 cmd_resp, cmd_req; 706 u8 *str; 707 int status; 708 709 if (cmd == PING_WRITE) { 710 cmd_addr = PING_BUFFER_ADDRESS; 711 cmd_resp = PONG_AVAIL; 712 cmd_req = PING_VALID; 713 str = "PING_VALID"; 714 } else { 715 cmd_addr = PONG_BUFFER_ADDRESS; 716 cmd_resp = PING_AVAIL; 717 cmd_req = PONG_VALID; 718 str = "PONG_VALID"; 719 } 720 721 status = hif_ops->load_data_master_write(adapter, cmd_addr, size, 722 block_size, addr); 723 if (status) { 724 rsi_dbg(ERR_ZONE, "%s: Unable to write blk at addr %0x\n", 725 __func__, *addr); 726 return status; 727 } 728 729 status = bl_cmd(adapter, cmd_req, cmd_resp, str); 730 if (status) { 731 bl_stop_cmd_timer(adapter); 732 return status; 733 } 734 return 0; 735 } 736 737 static int auto_fw_upgrade(struct rsi_hw *adapter, u8 *flash_content, 738 u32 content_size) 739 { 740 u8 cmd; 741 u32 temp_content_size, num_flash, index; 742 u32 flash_start_address; 743 int status; 744 745 if (content_size > MAX_FLASH_FILE_SIZE) { 746 rsi_dbg(ERR_ZONE, 747 "%s: Flash Content size is more than 400K %u\n", 748 __func__, MAX_FLASH_FILE_SIZE); 749 return -EINVAL; 750 } 751 752 flash_start_address = *(u32 *)&flash_content[FLASH_START_ADDRESS]; 753 rsi_dbg(INFO_ZONE, "flash start address: %08x\n", flash_start_address); 754 755 if (flash_start_address < FW_IMAGE_MIN_ADDRESS) { 756 rsi_dbg(ERR_ZONE, 757 "%s: Fw image Flash Start Address is less than 64K\n", 758 __func__); 759 return -EINVAL; 760 } 761 762 if (flash_start_address % FLASH_SECTOR_SIZE) { 763 rsi_dbg(ERR_ZONE, 764 "%s: Flash Start Address is not multiple of 4K\n", 765 __func__); 766 return -EINVAL; 767 } 768 769 if ((flash_start_address + content_size) > adapter->flash_capacity) { 770 rsi_dbg(ERR_ZONE, 771 "%s: Flash Content will cross max flash size\n", 772 __func__); 773 return -EINVAL; 774 } 775 776 temp_content_size = content_size; 777 num_flash = content_size / FLASH_WRITE_CHUNK_SIZE; 778 779 rsi_dbg(INFO_ZONE, "content_size: %d, num_flash: %d\n", 780 content_size, num_flash); 781 782 for (index = 0; index <= num_flash; index++) { 783 rsi_dbg(INFO_ZONE, "flash index: %d\n", index); 784 if (index != num_flash) { 785 content_size = FLASH_WRITE_CHUNK_SIZE; 786 rsi_dbg(INFO_ZONE, "QSPI content_size:%d\n", 787 content_size); 788 } else { 789 content_size = 790 temp_content_size % FLASH_WRITE_CHUNK_SIZE; 791 rsi_dbg(INFO_ZONE, 792 "Writing last sector content_size:%d\n", 793 content_size); 794 if (!content_size) { 795 rsi_dbg(INFO_ZONE, "instruction size zero\n"); 796 break; 797 } 798 } 799 800 if (index % 2) 801 cmd = PING_WRITE; 802 else 803 cmd = PONG_WRITE; 804 805 status = ping_pong_write(adapter, cmd, flash_content, 806 content_size); 807 if (status) { 808 rsi_dbg(ERR_ZONE, "%s: Unable to load %d block\n", 809 __func__, index); 810 return status; 811 } 812 813 rsi_dbg(INFO_ZONE, 814 "%s: Successfully loaded %d instructions\n", 815 __func__, index); 816 flash_content += content_size; 817 } 818 819 status = bl_cmd(adapter, EOF_REACHED, FW_LOADING_SUCCESSFUL, 820 "EOF_REACHED"); 821 if (status) { 822 bl_stop_cmd_timer(adapter); 823 return status; 824 } 825 rsi_dbg(INFO_ZONE, "FW loading is done and FW is running..\n"); 826 return 0; 827 } 828 829 static int rsi_load_firmware(struct rsi_hw *adapter) 830 { 831 struct rsi_common *common = adapter->priv; 832 struct rsi_host_intf_ops *hif_ops = adapter->host_intf_ops; 833 const struct firmware *fw_entry = NULL; 834 u32 regout_val = 0, content_size; 835 u16 tmp_regout_val = 0; 836 struct ta_metadata *metadata_p; 837 int status; 838 839 bl_start_cmd_timer(adapter, BL_CMD_TIMEOUT); 840 841 while (!adapter->blcmd_timer_expired) { 842 status = hif_ops->master_reg_read(adapter, SWBL_REGOUT, 843 ®out_val, 2); 844 if (status < 0) { 845 rsi_dbg(ERR_ZONE, 846 "%s: REGOUT read failed\n", __func__); 847 return status; 848 } 849 mdelay(1); 850 if ((regout_val >> 8) == REGOUT_VALID) 851 break; 852 } 853 if (adapter->blcmd_timer_expired) { 854 rsi_dbg(ERR_ZONE, "%s: REGOUT read timedout\n", __func__); 855 rsi_dbg(ERR_ZONE, 856 "%s: Soft boot loader not present\n", __func__); 857 return -ETIMEDOUT; 858 } 859 bl_stop_cmd_timer(adapter); 860 861 rsi_dbg(INFO_ZONE, "Received Board Version Number: %x\n", 862 (regout_val & 0xff)); 863 864 status = hif_ops->master_reg_write(adapter, SWBL_REGOUT, 865 (REGOUT_INVALID | REGOUT_INVALID << 8), 866 2); 867 if (status < 0) { 868 rsi_dbg(ERR_ZONE, "%s: REGOUT writing failed..\n", __func__); 869 return status; 870 } 871 mdelay(1); 872 873 status = bl_cmd(adapter, CONFIG_AUTO_READ_MODE, CMD_PASS, 874 "AUTO_READ_CMD"); 875 if (status < 0) 876 return status; 877 878 adapter->flash_capacity = read_flash_capacity(adapter); 879 if (adapter->flash_capacity <= 0) { 880 rsi_dbg(ERR_ZONE, 881 "%s: Unable to read flash size from EEPROM\n", 882 __func__); 883 return -EINVAL; 884 } 885 886 metadata_p = &metadata_flash_content[adapter->priv->coex_mode]; 887 888 rsi_dbg(INIT_ZONE, "%s: Loading file %s\n", __func__, metadata_p->name); 889 adapter->fw_file_name = metadata_p->name; 890 891 status = request_firmware(&fw_entry, metadata_p->name, adapter->device); 892 if (status < 0) { 893 rsi_dbg(ERR_ZONE, "%s: Failed to open file %s\n", 894 __func__, metadata_p->name); 895 return status; 896 } 897 content_size = fw_entry->size; 898 rsi_dbg(INFO_ZONE, "FW Length = %d bytes\n", content_size); 899 900 /* Get the firmware version */ 901 common->lmac_ver.ver.info.fw_ver[0] = 902 fw_entry->data[LMAC_VER_OFFSET] & 0xFF; 903 common->lmac_ver.ver.info.fw_ver[1] = 904 fw_entry->data[LMAC_VER_OFFSET + 1] & 0xFF; 905 common->lmac_ver.major = fw_entry->data[LMAC_VER_OFFSET + 2] & 0xFF; 906 common->lmac_ver.release_num = 907 fw_entry->data[LMAC_VER_OFFSET + 3] & 0xFF; 908 common->lmac_ver.minor = fw_entry->data[LMAC_VER_OFFSET + 4] & 0xFF; 909 common->lmac_ver.patch_num = 0; 910 rsi_print_version(common); 911 912 status = bl_write_header(adapter, (u8 *)fw_entry->data, content_size); 913 if (status) { 914 rsi_dbg(ERR_ZONE, 915 "%s: RPS Image header loading failed\n", 916 __func__); 917 goto fail; 918 } 919 920 bl_start_cmd_timer(adapter, BL_CMD_TIMEOUT); 921 status = bl_write_cmd(adapter, CHECK_CRC, CMD_PASS, &tmp_regout_val); 922 if (status) { 923 bl_stop_cmd_timer(adapter); 924 rsi_dbg(ERR_ZONE, 925 "%s: CHECK_CRC Command writing failed..\n", 926 __func__); 927 if ((tmp_regout_val & 0xff) == CMD_FAIL) { 928 rsi_dbg(ERR_ZONE, 929 "CRC Fail.. Proceeding to Upgrade mode\n"); 930 goto fw_upgrade; 931 } 932 } 933 bl_stop_cmd_timer(adapter); 934 935 status = bl_cmd(adapter, POLLING_MODE, CMD_PASS, "POLLING_MODE"); 936 if (status) 937 goto fail; 938 939 load_image_cmd: 940 status = bl_cmd(adapter, LOAD_HOSTED_FW, LOADING_INITIATED, 941 "LOAD_HOSTED_FW"); 942 if (status) 943 goto fail; 944 rsi_dbg(INFO_ZONE, "Load Image command passed..\n"); 945 goto success; 946 947 fw_upgrade: 948 status = bl_cmd(adapter, BURN_HOSTED_FW, SEND_RPS_FILE, "FW_UPGRADE"); 949 if (status) 950 goto fail; 951 952 rsi_dbg(INFO_ZONE, "Burn Command Pass.. Upgrading the firmware\n"); 953 954 status = auto_fw_upgrade(adapter, (u8 *)fw_entry->data, content_size); 955 if (status == 0) { 956 rsi_dbg(ERR_ZONE, "Firmware upgradation Done\n"); 957 goto load_image_cmd; 958 } 959 rsi_dbg(ERR_ZONE, "Firmware upgrade failed\n"); 960 961 status = bl_cmd(adapter, CONFIG_AUTO_READ_MODE, CMD_PASS, 962 "AUTO_READ_MODE"); 963 if (status) 964 goto fail; 965 966 success: 967 rsi_dbg(ERR_ZONE, "***** Firmware Loading successful *****\n"); 968 release_firmware(fw_entry); 969 return 0; 970 971 fail: 972 rsi_dbg(ERR_ZONE, "##### Firmware loading failed #####\n"); 973 release_firmware(fw_entry); 974 return status; 975 } 976 977 int rsi_hal_device_init(struct rsi_hw *adapter) 978 { 979 struct rsi_common *common = adapter->priv; 980 981 switch (adapter->device_model) { 982 case RSI_DEV_9113: 983 if (rsi_load_firmware(adapter)) { 984 rsi_dbg(ERR_ZONE, 985 "%s: Failed to load TA instructions\n", 986 __func__); 987 return -EINVAL; 988 } 989 break; 990 default: 991 return -EINVAL; 992 } 993 common->fsm_state = FSM_CARD_NOT_READY; 994 995 return 0; 996 } 997 EXPORT_SYMBOL_GPL(rsi_hal_device_init); 998 999