1 /** 2 * Copyright (c) 2014 Redpine Signals Inc. 3 * 4 * Permission to use, copy, modify, and/or distribute this software for any 5 * purpose with or without fee is hereby granted, provided that the above 6 * copyright notice and this permission notice appear in all copies. 7 * 8 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 9 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 10 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 11 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 12 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 13 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 14 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 15 */ 16 17 #include <linux/firmware.h> 18 #include <net/bluetooth/bluetooth.h> 19 #include "rsi_mgmt.h" 20 #include "rsi_hal.h" 21 #include "rsi_sdio.h" 22 #include "rsi_common.h" 23 24 /* FLASH Firmware */ 25 static struct ta_metadata metadata_flash_content[] = { 26 {"flash_content", 0x00010000}, 27 {"rsi/rs9113_wlan_qspi.rps", 0x00010000}, 28 {"rsi/rs9113_wlan_bt_dual_mode.rps", 0x00010000}, 29 }; 30 31 int rsi_send_pkt_to_bus(struct rsi_common *common, struct sk_buff *skb) 32 { 33 struct rsi_hw *adapter = common->priv; 34 int status; 35 36 if (common->coex_mode > 1) 37 mutex_lock(&common->tx_bus_mutex); 38 39 status = adapter->host_intf_ops->write_pkt(common->priv, 40 skb->data, skb->len); 41 42 if (common->coex_mode > 1) 43 mutex_unlock(&common->tx_bus_mutex); 44 45 return status; 46 } 47 48 static int rsi_prepare_mgmt_desc(struct rsi_common *common, struct sk_buff *skb) 49 { 50 struct rsi_hw *adapter = common->priv; 51 struct ieee80211_hdr *wh = NULL; 52 struct ieee80211_tx_info *info; 53 struct ieee80211_conf *conf = &adapter->hw->conf; 54 struct ieee80211_vif *vif; 55 struct rsi_mgmt_desc *mgmt_desc; 56 struct skb_info *tx_params; 57 struct ieee80211_bss_conf *bss = NULL; 58 struct xtended_desc *xtend_desc = NULL; 59 u8 header_size; 60 u32 dword_align_bytes = 0; 61 62 if (skb->len > MAX_MGMT_PKT_SIZE) { 63 rsi_dbg(INFO_ZONE, "%s: Dropping mgmt pkt > 512\n", __func__); 64 return -EINVAL; 65 } 66 67 info = IEEE80211_SKB_CB(skb); 68 tx_params = (struct skb_info *)info->driver_data; 69 vif = tx_params->vif; 70 71 /* Update header size */ 72 header_size = FRAME_DESC_SZ + sizeof(struct xtended_desc); 73 if (header_size > skb_headroom(skb)) { 74 rsi_dbg(ERR_ZONE, 75 "%s: Failed to add extended descriptor\n", 76 __func__); 77 return -ENOSPC; 78 } 79 skb_push(skb, header_size); 80 dword_align_bytes = ((unsigned long)skb->data & 0x3f); 81 if (dword_align_bytes > skb_headroom(skb)) { 82 rsi_dbg(ERR_ZONE, 83 "%s: Failed to add dword align\n", __func__); 84 return -ENOSPC; 85 } 86 skb_push(skb, dword_align_bytes); 87 header_size += dword_align_bytes; 88 89 tx_params->internal_hdr_size = header_size; 90 memset(&skb->data[0], 0, header_size); 91 bss = &vif->bss_conf; 92 wh = (struct ieee80211_hdr *)&skb->data[header_size]; 93 94 mgmt_desc = (struct rsi_mgmt_desc *)skb->data; 95 xtend_desc = (struct xtended_desc *)&skb->data[FRAME_DESC_SZ]; 96 97 rsi_set_len_qno(&mgmt_desc->len_qno, (skb->len - FRAME_DESC_SZ), 98 RSI_WIFI_MGMT_Q); 99 mgmt_desc->frame_type = TX_DOT11_MGMT; 100 mgmt_desc->header_len = MIN_802_11_HDR_LEN; 101 mgmt_desc->xtend_desc_size = header_size - FRAME_DESC_SZ; 102 mgmt_desc->frame_info |= cpu_to_le16(RATE_INFO_ENABLE); 103 if (is_broadcast_ether_addr(wh->addr1)) 104 mgmt_desc->frame_info |= cpu_to_le16(RSI_BROADCAST_PKT); 105 106 mgmt_desc->seq_ctrl = 107 cpu_to_le16(IEEE80211_SEQ_TO_SN(le16_to_cpu(wh->seq_ctrl))); 108 if ((common->band == NL80211_BAND_2GHZ) && !common->p2p_enabled) 109 mgmt_desc->rate_info = cpu_to_le16(RSI_RATE_1); 110 else 111 mgmt_desc->rate_info = cpu_to_le16(RSI_RATE_6); 112 113 if (conf_is_ht40(conf)) 114 mgmt_desc->bbp_info = cpu_to_le16(FULL40M_ENABLE); 115 116 if (ieee80211_is_probe_req(wh->frame_control)) { 117 if (!bss->assoc) { 118 rsi_dbg(INFO_ZONE, 119 "%s: blocking mgmt queue\n", __func__); 120 mgmt_desc->misc_flags = RSI_DESC_REQUIRE_CFM_TO_HOST; 121 xtend_desc->confirm_frame_type = PROBEREQ_CONFIRM; 122 common->mgmt_q_block = true; 123 rsi_dbg(INFO_ZONE, "Mgmt queue blocked\n"); 124 } 125 } 126 127 if (ieee80211_is_probe_resp(wh->frame_control)) { 128 mgmt_desc->misc_flags |= (RSI_ADD_DELTA_TSF_VAP_ID | 129 RSI_FETCH_RETRY_CNT_FRM_HST); 130 #define PROBE_RESP_RETRY_CNT 3 131 xtend_desc->retry_cnt = PROBE_RESP_RETRY_CNT; 132 } 133 134 if (((vif->type == NL80211_IFTYPE_AP) || 135 (vif->type == NL80211_IFTYPE_P2P_GO)) && 136 (ieee80211_is_action(wh->frame_control))) { 137 struct rsi_sta *rsta = rsi_find_sta(common, wh->addr1); 138 139 if (rsta) 140 mgmt_desc->sta_id = tx_params->sta_id; 141 else 142 return -EINVAL; 143 } 144 mgmt_desc->rate_info |= 145 cpu_to_le16((tx_params->vap_id << RSI_DESC_VAP_ID_OFST) & 146 RSI_DESC_VAP_ID_MASK); 147 148 return 0; 149 } 150 151 /* This function prepares descriptor for given data packet */ 152 static int rsi_prepare_data_desc(struct rsi_common *common, struct sk_buff *skb) 153 { 154 struct rsi_hw *adapter = common->priv; 155 struct ieee80211_vif *vif; 156 struct ieee80211_hdr *wh = NULL; 157 struct ieee80211_tx_info *info; 158 struct skb_info *tx_params; 159 struct ieee80211_bss_conf *bss; 160 struct rsi_data_desc *data_desc; 161 struct xtended_desc *xtend_desc; 162 u8 ieee80211_size = MIN_802_11_HDR_LEN; 163 u8 header_size; 164 u8 vap_id = 0; 165 u8 dword_align_bytes; 166 u16 seq_num; 167 168 info = IEEE80211_SKB_CB(skb); 169 vif = info->control.vif; 170 bss = &vif->bss_conf; 171 tx_params = (struct skb_info *)info->driver_data; 172 173 header_size = FRAME_DESC_SZ + sizeof(struct xtended_desc); 174 if (header_size > skb_headroom(skb)) { 175 rsi_dbg(ERR_ZONE, "%s: Unable to send pkt\n", __func__); 176 return -ENOSPC; 177 } 178 skb_push(skb, header_size); 179 dword_align_bytes = ((unsigned long)skb->data & 0x3f); 180 if (header_size > skb_headroom(skb)) { 181 rsi_dbg(ERR_ZONE, "%s: Not enough headroom\n", __func__); 182 return -ENOSPC; 183 } 184 skb_push(skb, dword_align_bytes); 185 header_size += dword_align_bytes; 186 187 tx_params->internal_hdr_size = header_size; 188 data_desc = (struct rsi_data_desc *)skb->data; 189 memset(data_desc, 0, header_size); 190 191 xtend_desc = (struct xtended_desc *)&skb->data[FRAME_DESC_SZ]; 192 wh = (struct ieee80211_hdr *)&skb->data[header_size]; 193 seq_num = IEEE80211_SEQ_TO_SN(le16_to_cpu(wh->seq_ctrl)); 194 195 data_desc->xtend_desc_size = header_size - FRAME_DESC_SZ; 196 197 if (ieee80211_is_data_qos(wh->frame_control)) { 198 ieee80211_size += 2; 199 data_desc->mac_flags |= cpu_to_le16(RSI_QOS_ENABLE); 200 } 201 202 if (((vif->type == NL80211_IFTYPE_STATION) || 203 (vif->type == NL80211_IFTYPE_P2P_CLIENT)) && 204 (adapter->ps_state == PS_ENABLED)) 205 wh->frame_control |= cpu_to_le16(RSI_SET_PS_ENABLE); 206 207 if ((!(info->flags & IEEE80211_TX_INTFL_DONT_ENCRYPT)) && 208 (common->secinfo.security_enable)) { 209 if (rsi_is_cipher_wep(common)) 210 ieee80211_size += 4; 211 else 212 ieee80211_size += 8; 213 data_desc->mac_flags |= cpu_to_le16(RSI_ENCRYPT_PKT); 214 } 215 rsi_set_len_qno(&data_desc->len_qno, (skb->len - FRAME_DESC_SZ), 216 RSI_WIFI_DATA_Q); 217 data_desc->header_len = ieee80211_size; 218 219 if (common->min_rate != RSI_RATE_AUTO) { 220 /* Send fixed rate */ 221 data_desc->frame_info = cpu_to_le16(RATE_INFO_ENABLE); 222 data_desc->rate_info = cpu_to_le16(common->min_rate); 223 224 if (conf_is_ht40(&common->priv->hw->conf)) 225 data_desc->bbp_info = cpu_to_le16(FULL40M_ENABLE); 226 227 if ((common->vif_info[0].sgi) && (common->min_rate & 0x100)) { 228 /* Only MCS rates */ 229 data_desc->rate_info |= 230 cpu_to_le16(ENABLE_SHORTGI_RATE); 231 } 232 } 233 234 if (skb->protocol == cpu_to_be16(ETH_P_PAE)) { 235 rsi_dbg(INFO_ZONE, "*** Tx EAPOL ***\n"); 236 237 data_desc->frame_info = cpu_to_le16(RATE_INFO_ENABLE); 238 if (common->band == NL80211_BAND_5GHZ) 239 data_desc->rate_info = cpu_to_le16(RSI_RATE_6); 240 else 241 data_desc->rate_info = cpu_to_le16(RSI_RATE_1); 242 data_desc->mac_flags |= cpu_to_le16(RSI_REKEY_PURPOSE); 243 data_desc->misc_flags |= RSI_FETCH_RETRY_CNT_FRM_HST; 244 #define EAPOL_RETRY_CNT 15 245 xtend_desc->retry_cnt = EAPOL_RETRY_CNT; 246 } 247 248 data_desc->mac_flags = cpu_to_le16(seq_num & 0xfff); 249 data_desc->qid_tid = ((skb->priority & 0xf) | 250 ((tx_params->tid & 0xf) << 4)); 251 data_desc->sta_id = tx_params->sta_id; 252 253 if ((is_broadcast_ether_addr(wh->addr1)) || 254 (is_multicast_ether_addr(wh->addr1))) { 255 data_desc->frame_info = cpu_to_le16(RATE_INFO_ENABLE); 256 data_desc->frame_info |= cpu_to_le16(RSI_BROADCAST_PKT); 257 data_desc->sta_id = vap_id; 258 259 if ((vif->type == NL80211_IFTYPE_AP) || 260 (vif->type == NL80211_IFTYPE_P2P_GO)) { 261 if (common->band == NL80211_BAND_5GHZ) 262 data_desc->rate_info = cpu_to_le16(RSI_RATE_6); 263 else 264 data_desc->rate_info = cpu_to_le16(RSI_RATE_1); 265 } 266 } 267 if (((vif->type == NL80211_IFTYPE_AP) || 268 (vif->type == NL80211_IFTYPE_P2P_GO)) && 269 (ieee80211_has_moredata(wh->frame_control))) 270 data_desc->frame_info |= cpu_to_le16(MORE_DATA_PRESENT); 271 272 data_desc->rate_info |= 273 cpu_to_le16((tx_params->vap_id << RSI_DESC_VAP_ID_OFST) & 274 RSI_DESC_VAP_ID_MASK); 275 276 return 0; 277 } 278 279 /* This function sends received data packet from driver to device */ 280 int rsi_send_data_pkt(struct rsi_common *common, struct sk_buff *skb) 281 { 282 struct rsi_hw *adapter = common->priv; 283 struct ieee80211_vif *vif; 284 struct ieee80211_tx_info *info; 285 struct ieee80211_bss_conf *bss; 286 int status = -EINVAL; 287 288 if (!skb) 289 return 0; 290 if (common->iface_down) 291 goto err; 292 293 info = IEEE80211_SKB_CB(skb); 294 if (!info->control.vif) 295 goto err; 296 vif = info->control.vif; 297 bss = &vif->bss_conf; 298 299 if (((vif->type == NL80211_IFTYPE_STATION) || 300 (vif->type == NL80211_IFTYPE_P2P_CLIENT)) && 301 (!bss->assoc)) 302 goto err; 303 304 status = rsi_prepare_data_desc(common, skb); 305 if (status) 306 goto err; 307 308 status = rsi_send_pkt_to_bus(common, skb); 309 if (status) 310 rsi_dbg(ERR_ZONE, "%s: Failed to write pkt\n", __func__); 311 312 err: 313 ++common->tx_stats.total_tx_pkt_freed[skb->priority]; 314 rsi_indicate_tx_status(adapter, skb, status); 315 return status; 316 } 317 318 /** 319 * rsi_send_mgmt_pkt() - This functions sends the received management packet 320 * from driver to device. 321 * @common: Pointer to the driver private structure. 322 * @skb: Pointer to the socket buffer structure. 323 * 324 * Return: status: 0 on success, -1 on failure. 325 */ 326 int rsi_send_mgmt_pkt(struct rsi_common *common, 327 struct sk_buff *skb) 328 { 329 struct rsi_hw *adapter = common->priv; 330 struct ieee80211_tx_info *info; 331 struct skb_info *tx_params; 332 int status = -E2BIG; 333 334 info = IEEE80211_SKB_CB(skb); 335 tx_params = (struct skb_info *)info->driver_data; 336 337 if (tx_params->flags & INTERNAL_MGMT_PKT) { 338 status = adapter->host_intf_ops->write_pkt(common->priv, 339 (u8 *)skb->data, 340 skb->len); 341 if (status) { 342 rsi_dbg(ERR_ZONE, 343 "%s: Failed to write the packet\n", __func__); 344 } 345 dev_kfree_skb(skb); 346 return status; 347 } 348 349 if (FRAME_DESC_SZ > skb_headroom(skb)) 350 goto err; 351 352 rsi_prepare_mgmt_desc(common, skb); 353 status = rsi_send_pkt_to_bus(common, skb); 354 if (status) 355 rsi_dbg(ERR_ZONE, "%s: Failed to write the packet\n", __func__); 356 357 err: 358 rsi_indicate_tx_status(common->priv, skb, status); 359 return status; 360 } 361 362 int rsi_send_bt_pkt(struct rsi_common *common, struct sk_buff *skb) 363 { 364 int status = -EINVAL; 365 u8 header_size = 0; 366 struct rsi_bt_desc *bt_desc; 367 u8 queueno = ((skb->data[1] >> 4) & 0xf); 368 369 if (queueno == RSI_BT_MGMT_Q) { 370 status = rsi_send_pkt_to_bus(common, skb); 371 if (status) 372 rsi_dbg(ERR_ZONE, "%s: Failed to write bt mgmt pkt\n", 373 __func__); 374 goto out; 375 } 376 header_size = FRAME_DESC_SZ; 377 if (header_size > skb_headroom(skb)) { 378 rsi_dbg(ERR_ZONE, "%s: Not enough headroom\n", __func__); 379 status = -ENOSPC; 380 goto out; 381 } 382 skb_push(skb, header_size); 383 memset(skb->data, 0, header_size); 384 bt_desc = (struct rsi_bt_desc *)skb->data; 385 386 rsi_set_len_qno(&bt_desc->len_qno, (skb->len - FRAME_DESC_SZ), 387 RSI_BT_DATA_Q); 388 bt_desc->bt_pkt_type = cpu_to_le16(bt_cb(skb)->pkt_type); 389 390 status = rsi_send_pkt_to_bus(common, skb); 391 if (status) 392 rsi_dbg(ERR_ZONE, "%s: Failed to write bt pkt\n", __func__); 393 394 out: 395 dev_kfree_skb(skb); 396 return status; 397 } 398 399 int rsi_prepare_beacon(struct rsi_common *common, struct sk_buff *skb) 400 { 401 struct rsi_hw *adapter = (struct rsi_hw *)common->priv; 402 struct rsi_data_desc *bcn_frm; 403 struct ieee80211_hw *hw = common->priv->hw; 404 struct ieee80211_conf *conf = &hw->conf; 405 struct ieee80211_vif *vif; 406 struct sk_buff *mac_bcn; 407 u8 vap_id = 0, i; 408 u16 tim_offset = 0; 409 410 for (i = 0; i < RSI_MAX_VIFS; i++) { 411 vif = adapter->vifs[i]; 412 if (!vif) 413 continue; 414 if ((vif->type == NL80211_IFTYPE_AP) || 415 (vif->type == NL80211_IFTYPE_P2P_GO)) 416 break; 417 } 418 if (!vif) 419 return -EINVAL; 420 mac_bcn = ieee80211_beacon_get_tim(adapter->hw, 421 vif, 422 &tim_offset, NULL); 423 if (!mac_bcn) { 424 rsi_dbg(ERR_ZONE, "Failed to get beacon from mac80211\n"); 425 return -EINVAL; 426 } 427 428 common->beacon_cnt++; 429 bcn_frm = (struct rsi_data_desc *)skb->data; 430 rsi_set_len_qno(&bcn_frm->len_qno, mac_bcn->len, RSI_WIFI_DATA_Q); 431 bcn_frm->header_len = MIN_802_11_HDR_LEN; 432 bcn_frm->frame_info = cpu_to_le16(RSI_DATA_DESC_MAC_BBP_INFO | 433 RSI_DATA_DESC_NO_ACK_IND | 434 RSI_DATA_DESC_BEACON_FRAME | 435 RSI_DATA_DESC_INSERT_TSF | 436 RSI_DATA_DESC_INSERT_SEQ_NO | 437 RATE_INFO_ENABLE); 438 bcn_frm->rate_info = cpu_to_le16(vap_id << 14); 439 bcn_frm->qid_tid = BEACON_HW_Q; 440 441 if (conf_is_ht40_plus(conf)) { 442 bcn_frm->bbp_info = cpu_to_le16(LOWER_20_ENABLE); 443 bcn_frm->bbp_info |= cpu_to_le16(LOWER_20_ENABLE >> 12); 444 } else if (conf_is_ht40_minus(conf)) { 445 bcn_frm->bbp_info = cpu_to_le16(UPPER_20_ENABLE); 446 bcn_frm->bbp_info |= cpu_to_le16(UPPER_20_ENABLE >> 12); 447 } 448 449 if (common->band == NL80211_BAND_2GHZ) 450 bcn_frm->bbp_info |= cpu_to_le16(RSI_RATE_1); 451 else 452 bcn_frm->bbp_info |= cpu_to_le16(RSI_RATE_6); 453 454 if (mac_bcn->data[tim_offset + 2] == 0) 455 bcn_frm->frame_info |= cpu_to_le16(RSI_DATA_DESC_DTIM_BEACON); 456 457 memcpy(&skb->data[FRAME_DESC_SZ], mac_bcn->data, mac_bcn->len); 458 skb_put(skb, mac_bcn->len + FRAME_DESC_SZ); 459 460 dev_kfree_skb(mac_bcn); 461 462 return 0; 463 } 464 465 static void bl_cmd_timeout(struct timer_list *t) 466 { 467 struct rsi_hw *adapter = from_timer(adapter, t, bl_cmd_timer); 468 469 adapter->blcmd_timer_expired = true; 470 del_timer(&adapter->bl_cmd_timer); 471 } 472 473 static int bl_start_cmd_timer(struct rsi_hw *adapter, u32 timeout) 474 { 475 timer_setup(&adapter->bl_cmd_timer, bl_cmd_timeout, 0); 476 adapter->bl_cmd_timer.expires = (msecs_to_jiffies(timeout) + jiffies); 477 478 adapter->blcmd_timer_expired = false; 479 add_timer(&adapter->bl_cmd_timer); 480 481 return 0; 482 } 483 484 static int bl_stop_cmd_timer(struct rsi_hw *adapter) 485 { 486 adapter->blcmd_timer_expired = false; 487 if (timer_pending(&adapter->bl_cmd_timer)) 488 del_timer(&adapter->bl_cmd_timer); 489 490 return 0; 491 } 492 493 static int bl_write_cmd(struct rsi_hw *adapter, u8 cmd, u8 exp_resp, 494 u16 *cmd_resp) 495 { 496 struct rsi_host_intf_ops *hif_ops = adapter->host_intf_ops; 497 u32 regin_val = 0, regout_val = 0; 498 u32 regin_input = 0; 499 u8 output = 0; 500 int status; 501 502 regin_input = (REGIN_INPUT | adapter->priv->coex_mode); 503 504 while (!adapter->blcmd_timer_expired) { 505 regin_val = 0; 506 status = hif_ops->master_reg_read(adapter, SWBL_REGIN, 507 ®in_val, 2); 508 if (status < 0) { 509 rsi_dbg(ERR_ZONE, 510 "%s: Command %0x REGIN reading failed..\n", 511 __func__, cmd); 512 return status; 513 } 514 mdelay(1); 515 if ((regin_val >> 12) != REGIN_VALID) 516 break; 517 } 518 if (adapter->blcmd_timer_expired) { 519 rsi_dbg(ERR_ZONE, 520 "%s: Command %0x REGIN reading timed out..\n", 521 __func__, cmd); 522 return -ETIMEDOUT; 523 } 524 525 rsi_dbg(INFO_ZONE, 526 "Issuing write to Regin val:%0x sending cmd:%0x\n", 527 regin_val, (cmd | regin_input << 8)); 528 status = hif_ops->master_reg_write(adapter, SWBL_REGIN, 529 (cmd | regin_input << 8), 2); 530 if (status < 0) 531 return status; 532 mdelay(1); 533 534 if (cmd == LOAD_HOSTED_FW || cmd == JUMP_TO_ZERO_PC) { 535 /* JUMP_TO_ZERO_PC doesn't expect 536 * any response. So return from here 537 */ 538 return 0; 539 } 540 541 while (!adapter->blcmd_timer_expired) { 542 regout_val = 0; 543 status = hif_ops->master_reg_read(adapter, SWBL_REGOUT, 544 ®out_val, 2); 545 if (status < 0) { 546 rsi_dbg(ERR_ZONE, 547 "%s: Command %0x REGOUT reading failed..\n", 548 __func__, cmd); 549 return status; 550 } 551 mdelay(1); 552 if ((regout_val >> 8) == REGOUT_VALID) 553 break; 554 } 555 if (adapter->blcmd_timer_expired) { 556 rsi_dbg(ERR_ZONE, 557 "%s: Command %0x REGOUT reading timed out..\n", 558 __func__, cmd); 559 return status; 560 } 561 562 *cmd_resp = ((u16 *)®out_val)[0] & 0xffff; 563 564 output = ((u8 *)®out_val)[0] & 0xff; 565 566 status = hif_ops->master_reg_write(adapter, SWBL_REGOUT, 567 (cmd | REGOUT_INVALID << 8), 2); 568 if (status < 0) { 569 rsi_dbg(ERR_ZONE, 570 "%s: Command %0x REGOUT writing failed..\n", 571 __func__, cmd); 572 return status; 573 } 574 mdelay(1); 575 576 if (output != exp_resp) { 577 rsi_dbg(ERR_ZONE, 578 "%s: Recvd resp %x for cmd %0x\n", 579 __func__, output, cmd); 580 return -EINVAL; 581 } 582 rsi_dbg(INFO_ZONE, 583 "%s: Recvd Expected resp %x for cmd %0x\n", 584 __func__, output, cmd); 585 586 return 0; 587 } 588 589 static int bl_cmd(struct rsi_hw *adapter, u8 cmd, u8 exp_resp, char *str) 590 { 591 u16 regout_val = 0; 592 u32 timeout; 593 int status; 594 595 if ((cmd == EOF_REACHED) || (cmd == PING_VALID) || (cmd == PONG_VALID)) 596 timeout = BL_BURN_TIMEOUT; 597 else 598 timeout = BL_CMD_TIMEOUT; 599 600 bl_start_cmd_timer(adapter, timeout); 601 status = bl_write_cmd(adapter, cmd, exp_resp, ®out_val); 602 if (status < 0) { 603 rsi_dbg(ERR_ZONE, 604 "%s: Command %s (%0x) writing failed..\n", 605 __func__, str, cmd); 606 return status; 607 } 608 bl_stop_cmd_timer(adapter); 609 return 0; 610 } 611 612 #define CHECK_SUM_OFFSET 20 613 #define LEN_OFFSET 8 614 #define ADDR_OFFSET 16 615 static int bl_write_header(struct rsi_hw *adapter, u8 *flash_content, 616 u32 content_size) 617 { 618 struct rsi_host_intf_ops *hif_ops = adapter->host_intf_ops; 619 struct bl_header bl_hdr; 620 u32 write_addr, write_len; 621 int status; 622 623 bl_hdr.flags = 0; 624 bl_hdr.image_no = cpu_to_le32(adapter->priv->coex_mode); 625 bl_hdr.check_sum = cpu_to_le32( 626 *(u32 *)&flash_content[CHECK_SUM_OFFSET]); 627 bl_hdr.flash_start_address = cpu_to_le32( 628 *(u32 *)&flash_content[ADDR_OFFSET]); 629 bl_hdr.flash_len = cpu_to_le32(*(u32 *)&flash_content[LEN_OFFSET]); 630 write_len = sizeof(struct bl_header); 631 632 if (adapter->rsi_host_intf == RSI_HOST_INTF_USB) { 633 write_addr = PING_BUFFER_ADDRESS; 634 status = hif_ops->write_reg_multiple(adapter, write_addr, 635 (u8 *)&bl_hdr, write_len); 636 if (status < 0) { 637 rsi_dbg(ERR_ZONE, 638 "%s: Failed to load Version/CRC structure\n", 639 __func__); 640 return status; 641 } 642 } else { 643 write_addr = PING_BUFFER_ADDRESS >> 16; 644 status = hif_ops->master_access_msword(adapter, write_addr); 645 if (status < 0) { 646 rsi_dbg(ERR_ZONE, 647 "%s: Unable to set ms word to common reg\n", 648 __func__); 649 return status; 650 } 651 write_addr = RSI_SD_REQUEST_MASTER | 652 (PING_BUFFER_ADDRESS & 0xFFFF); 653 status = hif_ops->write_reg_multiple(adapter, write_addr, 654 (u8 *)&bl_hdr, write_len); 655 if (status < 0) { 656 rsi_dbg(ERR_ZONE, 657 "%s: Failed to load Version/CRC structure\n", 658 __func__); 659 return status; 660 } 661 } 662 return 0; 663 } 664 665 static u32 read_flash_capacity(struct rsi_hw *adapter) 666 { 667 u32 flash_sz = 0; 668 669 if ((adapter->host_intf_ops->master_reg_read(adapter, FLASH_SIZE_ADDR, 670 &flash_sz, 2)) < 0) { 671 rsi_dbg(ERR_ZONE, 672 "%s: Flash size reading failed..\n", 673 __func__); 674 return 0; 675 } 676 rsi_dbg(INIT_ZONE, "Flash capacity: %d KiloBytes\n", flash_sz); 677 678 return (flash_sz * 1024); /* Return size in kbytes */ 679 } 680 681 static int ping_pong_write(struct rsi_hw *adapter, u8 cmd, u8 *addr, u32 size) 682 { 683 struct rsi_host_intf_ops *hif_ops = adapter->host_intf_ops; 684 u32 block_size = adapter->block_size; 685 u32 cmd_addr; 686 u16 cmd_resp, cmd_req; 687 u8 *str; 688 int status; 689 690 if (cmd == PING_WRITE) { 691 cmd_addr = PING_BUFFER_ADDRESS; 692 cmd_resp = PONG_AVAIL; 693 cmd_req = PING_VALID; 694 str = "PING_VALID"; 695 } else { 696 cmd_addr = PONG_BUFFER_ADDRESS; 697 cmd_resp = PING_AVAIL; 698 cmd_req = PONG_VALID; 699 str = "PONG_VALID"; 700 } 701 702 status = hif_ops->load_data_master_write(adapter, cmd_addr, size, 703 block_size, addr); 704 if (status) { 705 rsi_dbg(ERR_ZONE, "%s: Unable to write blk at addr %0x\n", 706 __func__, *addr); 707 return status; 708 } 709 710 status = bl_cmd(adapter, cmd_req, cmd_resp, str); 711 if (status) { 712 bl_stop_cmd_timer(adapter); 713 return status; 714 } 715 return 0; 716 } 717 718 static int auto_fw_upgrade(struct rsi_hw *adapter, u8 *flash_content, 719 u32 content_size) 720 { 721 u8 cmd, *temp_flash_content; 722 u32 temp_content_size, num_flash, index; 723 u32 flash_start_address; 724 int status; 725 726 temp_flash_content = flash_content; 727 728 if (content_size > MAX_FLASH_FILE_SIZE) { 729 rsi_dbg(ERR_ZONE, 730 "%s: Flash Content size is more than 400K %u\n", 731 __func__, MAX_FLASH_FILE_SIZE); 732 return -EINVAL; 733 } 734 735 flash_start_address = *(u32 *)&flash_content[FLASH_START_ADDRESS]; 736 rsi_dbg(INFO_ZONE, "flash start address: %08x\n", flash_start_address); 737 738 if (flash_start_address < FW_IMAGE_MIN_ADDRESS) { 739 rsi_dbg(ERR_ZONE, 740 "%s: Fw image Flash Start Address is less than 64K\n", 741 __func__); 742 return -EINVAL; 743 } 744 745 if (flash_start_address % FLASH_SECTOR_SIZE) { 746 rsi_dbg(ERR_ZONE, 747 "%s: Flash Start Address is not multiple of 4K\n", 748 __func__); 749 return -EINVAL; 750 } 751 752 if ((flash_start_address + content_size) > adapter->flash_capacity) { 753 rsi_dbg(ERR_ZONE, 754 "%s: Flash Content will cross max flash size\n", 755 __func__); 756 return -EINVAL; 757 } 758 759 temp_content_size = content_size; 760 num_flash = content_size / FLASH_WRITE_CHUNK_SIZE; 761 762 rsi_dbg(INFO_ZONE, "content_size: %d, num_flash: %d\n", 763 content_size, num_flash); 764 765 for (index = 0; index <= num_flash; index++) { 766 rsi_dbg(INFO_ZONE, "flash index: %d\n", index); 767 if (index != num_flash) { 768 content_size = FLASH_WRITE_CHUNK_SIZE; 769 rsi_dbg(INFO_ZONE, "QSPI content_size:%d\n", 770 content_size); 771 } else { 772 content_size = 773 temp_content_size % FLASH_WRITE_CHUNK_SIZE; 774 rsi_dbg(INFO_ZONE, 775 "Writing last sector content_size:%d\n", 776 content_size); 777 if (!content_size) { 778 rsi_dbg(INFO_ZONE, "instruction size zero\n"); 779 break; 780 } 781 } 782 783 if (index % 2) 784 cmd = PING_WRITE; 785 else 786 cmd = PONG_WRITE; 787 788 status = ping_pong_write(adapter, cmd, flash_content, 789 content_size); 790 if (status) { 791 rsi_dbg(ERR_ZONE, "%s: Unable to load %d block\n", 792 __func__, index); 793 return status; 794 } 795 796 rsi_dbg(INFO_ZONE, 797 "%s: Successfully loaded %d instructions\n", 798 __func__, index); 799 flash_content += content_size; 800 } 801 802 status = bl_cmd(adapter, EOF_REACHED, FW_LOADING_SUCCESSFUL, 803 "EOF_REACHED"); 804 if (status) { 805 bl_stop_cmd_timer(adapter); 806 return status; 807 } 808 rsi_dbg(INFO_ZONE, "FW loading is done and FW is running..\n"); 809 return 0; 810 } 811 812 static int rsi_load_firmware(struct rsi_hw *adapter) 813 { 814 struct rsi_common *common = adapter->priv; 815 struct rsi_host_intf_ops *hif_ops = adapter->host_intf_ops; 816 const struct firmware *fw_entry = NULL; 817 u32 regout_val = 0, content_size; 818 u16 tmp_regout_val = 0; 819 u8 *flash_content = NULL; 820 struct ta_metadata *metadata_p; 821 int status; 822 823 bl_start_cmd_timer(adapter, BL_CMD_TIMEOUT); 824 825 while (!adapter->blcmd_timer_expired) { 826 status = hif_ops->master_reg_read(adapter, SWBL_REGOUT, 827 ®out_val, 2); 828 if (status < 0) { 829 rsi_dbg(ERR_ZONE, 830 "%s: REGOUT read failed\n", __func__); 831 return status; 832 } 833 mdelay(1); 834 if ((regout_val >> 8) == REGOUT_VALID) 835 break; 836 } 837 if (adapter->blcmd_timer_expired) { 838 rsi_dbg(ERR_ZONE, "%s: REGOUT read timedout\n", __func__); 839 rsi_dbg(ERR_ZONE, 840 "%s: Soft boot loader not present\n", __func__); 841 return -ETIMEDOUT; 842 } 843 bl_stop_cmd_timer(adapter); 844 845 rsi_dbg(INFO_ZONE, "Received Board Version Number: %x\n", 846 (regout_val & 0xff)); 847 848 status = hif_ops->master_reg_write(adapter, SWBL_REGOUT, 849 (REGOUT_INVALID | REGOUT_INVALID << 8), 850 2); 851 if (status < 0) { 852 rsi_dbg(ERR_ZONE, "%s: REGOUT writing failed..\n", __func__); 853 return status; 854 } 855 mdelay(1); 856 857 status = bl_cmd(adapter, CONFIG_AUTO_READ_MODE, CMD_PASS, 858 "AUTO_READ_CMD"); 859 if (status < 0) 860 return status; 861 862 adapter->flash_capacity = read_flash_capacity(adapter); 863 if (adapter->flash_capacity <= 0) { 864 rsi_dbg(ERR_ZONE, 865 "%s: Unable to read flash size from EEPROM\n", 866 __func__); 867 return -EINVAL; 868 } 869 870 metadata_p = &metadata_flash_content[adapter->priv->coex_mode]; 871 872 rsi_dbg(INIT_ZONE, "%s: Loading file %s\n", __func__, metadata_p->name); 873 adapter->fw_file_name = metadata_p->name; 874 875 status = request_firmware(&fw_entry, metadata_p->name, adapter->device); 876 if (status < 0) { 877 rsi_dbg(ERR_ZONE, "%s: Failed to open file %s\n", 878 __func__, metadata_p->name); 879 return status; 880 } 881 flash_content = kmemdup(fw_entry->data, fw_entry->size, GFP_KERNEL); 882 if (!flash_content) { 883 rsi_dbg(ERR_ZONE, "%s: Failed to copy firmware\n", __func__); 884 status = -EIO; 885 goto fail; 886 } 887 content_size = fw_entry->size; 888 rsi_dbg(INFO_ZONE, "FW Length = %d bytes\n", content_size); 889 890 /* Get the firmware version */ 891 common->lmac_ver.ver.info.fw_ver[0] = 892 flash_content[LMAC_VER_OFFSET] & 0xFF; 893 common->lmac_ver.ver.info.fw_ver[1] = 894 flash_content[LMAC_VER_OFFSET + 1] & 0xFF; 895 common->lmac_ver.major = flash_content[LMAC_VER_OFFSET + 2] & 0xFF; 896 common->lmac_ver.release_num = 897 flash_content[LMAC_VER_OFFSET + 3] & 0xFF; 898 common->lmac_ver.minor = flash_content[LMAC_VER_OFFSET + 4] & 0xFF; 899 common->lmac_ver.patch_num = 0; 900 rsi_print_version(common); 901 902 status = bl_write_header(adapter, flash_content, content_size); 903 if (status) { 904 rsi_dbg(ERR_ZONE, 905 "%s: RPS Image header loading failed\n", 906 __func__); 907 goto fail; 908 } 909 910 bl_start_cmd_timer(adapter, BL_CMD_TIMEOUT); 911 status = bl_write_cmd(adapter, CHECK_CRC, CMD_PASS, &tmp_regout_val); 912 if (status) { 913 bl_stop_cmd_timer(adapter); 914 rsi_dbg(ERR_ZONE, 915 "%s: CHECK_CRC Command writing failed..\n", 916 __func__); 917 if ((tmp_regout_val & 0xff) == CMD_FAIL) { 918 rsi_dbg(ERR_ZONE, 919 "CRC Fail.. Proceeding to Upgrade mode\n"); 920 goto fw_upgrade; 921 } 922 } 923 bl_stop_cmd_timer(adapter); 924 925 status = bl_cmd(adapter, POLLING_MODE, CMD_PASS, "POLLING_MODE"); 926 if (status) 927 goto fail; 928 929 load_image_cmd: 930 status = bl_cmd(adapter, LOAD_HOSTED_FW, LOADING_INITIATED, 931 "LOAD_HOSTED_FW"); 932 if (status) 933 goto fail; 934 rsi_dbg(INFO_ZONE, "Load Image command passed..\n"); 935 goto success; 936 937 fw_upgrade: 938 status = bl_cmd(adapter, BURN_HOSTED_FW, SEND_RPS_FILE, "FW_UPGRADE"); 939 if (status) 940 goto fail; 941 942 rsi_dbg(INFO_ZONE, "Burn Command Pass.. Upgrading the firmware\n"); 943 944 status = auto_fw_upgrade(adapter, flash_content, content_size); 945 if (status == 0) { 946 rsi_dbg(ERR_ZONE, "Firmware upgradation Done\n"); 947 goto load_image_cmd; 948 } 949 rsi_dbg(ERR_ZONE, "Firmware upgrade failed\n"); 950 951 status = bl_cmd(adapter, CONFIG_AUTO_READ_MODE, CMD_PASS, 952 "AUTO_READ_MODE"); 953 if (status) 954 goto fail; 955 956 success: 957 rsi_dbg(ERR_ZONE, "***** Firmware Loading successful *****\n"); 958 kfree(flash_content); 959 release_firmware(fw_entry); 960 return 0; 961 962 fail: 963 rsi_dbg(ERR_ZONE, "##### Firmware loading failed #####\n"); 964 kfree(flash_content); 965 release_firmware(fw_entry); 966 return status; 967 } 968 969 int rsi_hal_device_init(struct rsi_hw *adapter) 970 { 971 struct rsi_common *common = adapter->priv; 972 973 switch (adapter->device_model) { 974 case RSI_DEV_9113: 975 if (rsi_load_firmware(adapter)) { 976 rsi_dbg(ERR_ZONE, 977 "%s: Failed to load TA instructions\n", 978 __func__); 979 return -EINVAL; 980 } 981 break; 982 default: 983 return -EINVAL; 984 } 985 common->fsm_state = FSM_CARD_NOT_READY; 986 987 return 0; 988 } 989 EXPORT_SYMBOL_GPL(rsi_hal_device_init); 990 991