1 /** 2 * Copyright (c) 2014 Redpine Signals Inc. 3 * 4 * Permission to use, copy, modify, and/or distribute this software for any 5 * purpose with or without fee is hereby granted, provided that the above 6 * copyright notice and this permission notice appear in all copies. 7 * 8 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 9 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 10 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 11 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 12 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 13 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 14 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 15 */ 16 17 #include <linux/firmware.h> 18 #include "rsi_mgmt.h" 19 #include "rsi_hal.h" 20 #include "rsi_sdio.h" 21 #include "rsi_common.h" 22 23 /* FLASH Firmware */ 24 static struct ta_metadata metadata_flash_content[] = { 25 {"flash_content", 0x00010000}, 26 {"rsi/rs9113_wlan_qspi.rps", 0x00010000}, 27 }; 28 29 int rsi_send_pkt_to_bus(struct rsi_common *common, struct sk_buff *skb) 30 { 31 struct rsi_hw *adapter = common->priv; 32 int status; 33 34 status = adapter->host_intf_ops->write_pkt(common->priv, 35 skb->data, skb->len); 36 return status; 37 } 38 39 static int rsi_prepare_mgmt_desc(struct rsi_common *common, struct sk_buff *skb) 40 { 41 struct rsi_hw *adapter = common->priv; 42 struct ieee80211_hdr *wh = NULL; 43 struct ieee80211_tx_info *info; 44 struct ieee80211_conf *conf = &adapter->hw->conf; 45 struct ieee80211_vif *vif = adapter->vifs[0]; 46 struct rsi_mgmt_desc *mgmt_desc; 47 struct skb_info *tx_params; 48 struct ieee80211_bss_conf *bss = NULL; 49 struct xtended_desc *xtend_desc = NULL; 50 u8 header_size; 51 u32 dword_align_bytes = 0; 52 53 if (skb->len > MAX_MGMT_PKT_SIZE) { 54 rsi_dbg(INFO_ZONE, "%s: Dropping mgmt pkt > 512\n", __func__); 55 return -EINVAL; 56 } 57 58 info = IEEE80211_SKB_CB(skb); 59 tx_params = (struct skb_info *)info->driver_data; 60 61 /* Update header size */ 62 header_size = FRAME_DESC_SZ + sizeof(struct xtended_desc); 63 if (header_size > skb_headroom(skb)) { 64 rsi_dbg(ERR_ZONE, 65 "%s: Failed to add extended descriptor\n", 66 __func__); 67 return -ENOSPC; 68 } 69 skb_push(skb, header_size); 70 dword_align_bytes = ((unsigned long)skb->data & 0x3f); 71 if (dword_align_bytes > skb_headroom(skb)) { 72 rsi_dbg(ERR_ZONE, 73 "%s: Failed to add dword align\n", __func__); 74 return -ENOSPC; 75 } 76 skb_push(skb, dword_align_bytes); 77 header_size += dword_align_bytes; 78 79 tx_params->internal_hdr_size = header_size; 80 memset(&skb->data[0], 0, header_size); 81 bss = &info->control.vif->bss_conf; 82 wh = (struct ieee80211_hdr *)&skb->data[header_size]; 83 84 mgmt_desc = (struct rsi_mgmt_desc *)skb->data; 85 xtend_desc = (struct xtended_desc *)&skb->data[FRAME_DESC_SZ]; 86 87 rsi_set_len_qno(&mgmt_desc->len_qno, (skb->len - FRAME_DESC_SZ), 88 RSI_WIFI_MGMT_Q); 89 mgmt_desc->frame_type = TX_DOT11_MGMT; 90 mgmt_desc->header_len = MIN_802_11_HDR_LEN; 91 mgmt_desc->xtend_desc_size = header_size - FRAME_DESC_SZ; 92 mgmt_desc->frame_info |= cpu_to_le16(RATE_INFO_ENABLE); 93 if (is_broadcast_ether_addr(wh->addr1)) 94 mgmt_desc->frame_info |= cpu_to_le16(RSI_BROADCAST_PKT); 95 96 mgmt_desc->seq_ctrl = 97 cpu_to_le16(IEEE80211_SEQ_TO_SN(le16_to_cpu(wh->seq_ctrl))); 98 if (common->band == NL80211_BAND_2GHZ) 99 mgmt_desc->rate_info = RSI_RATE_1; 100 else 101 mgmt_desc->rate_info = RSI_RATE_6; 102 103 if (conf_is_ht40(conf)) 104 mgmt_desc->bbp_info = cpu_to_le16(FULL40M_ENABLE); 105 106 if (ieee80211_is_probe_req(wh->frame_control)) { 107 if (!bss->assoc) { 108 rsi_dbg(INFO_ZONE, 109 "%s: blocking mgmt queue\n", __func__); 110 mgmt_desc->misc_flags = RSI_DESC_REQUIRE_CFM_TO_HOST; 111 xtend_desc->confirm_frame_type = PROBEREQ_CONFIRM; 112 common->mgmt_q_block = true; 113 rsi_dbg(INFO_ZONE, "Mgmt queue blocked\n"); 114 } 115 } 116 117 if (ieee80211_is_probe_resp(wh->frame_control)) { 118 mgmt_desc->misc_flags |= (RSI_ADD_DELTA_TSF_VAP_ID | 119 RSI_FETCH_RETRY_CNT_FRM_HST); 120 #define PROBE_RESP_RETRY_CNT 3 121 xtend_desc->retry_cnt = PROBE_RESP_RETRY_CNT; 122 } 123 124 if ((vif->type == NL80211_IFTYPE_AP) && 125 (ieee80211_is_action(wh->frame_control))) { 126 struct rsi_sta *rsta = rsi_find_sta(common, wh->addr1); 127 128 if (rsta) 129 mgmt_desc->sta_id = tx_params->sta_id; 130 else 131 return -EINVAL; 132 } 133 return 0; 134 } 135 136 /* This function prepares descriptor for given data packet */ 137 static int rsi_prepare_data_desc(struct rsi_common *common, struct sk_buff *skb) 138 { 139 struct rsi_hw *adapter = common->priv; 140 struct ieee80211_vif *vif; 141 struct ieee80211_hdr *wh = NULL; 142 struct ieee80211_tx_info *info; 143 struct skb_info *tx_params; 144 struct ieee80211_bss_conf *bss; 145 struct rsi_data_desc *data_desc; 146 struct xtended_desc *xtend_desc; 147 u8 ieee80211_size = MIN_802_11_HDR_LEN; 148 u8 header_size; 149 u8 vap_id = 0; 150 u8 dword_align_bytes; 151 u16 seq_num; 152 153 info = IEEE80211_SKB_CB(skb); 154 bss = &info->control.vif->bss_conf; 155 tx_params = (struct skb_info *)info->driver_data; 156 157 header_size = FRAME_DESC_SZ + sizeof(struct xtended_desc); 158 if (header_size > skb_headroom(skb)) { 159 rsi_dbg(ERR_ZONE, "%s: Unable to send pkt\n", __func__); 160 return -ENOSPC; 161 } 162 skb_push(skb, header_size); 163 dword_align_bytes = ((unsigned long)skb->data & 0x3f); 164 if (header_size > skb_headroom(skb)) { 165 rsi_dbg(ERR_ZONE, "%s: Not enough headroom\n", __func__); 166 return -ENOSPC; 167 } 168 skb_push(skb, dword_align_bytes); 169 header_size += dword_align_bytes; 170 171 tx_params->internal_hdr_size = header_size; 172 data_desc = (struct rsi_data_desc *)skb->data; 173 memset(data_desc, 0, header_size); 174 175 xtend_desc = (struct xtended_desc *)&skb->data[FRAME_DESC_SZ]; 176 wh = (struct ieee80211_hdr *)&skb->data[header_size]; 177 seq_num = IEEE80211_SEQ_TO_SN(le16_to_cpu(wh->seq_ctrl)); 178 vif = adapter->vifs[0]; 179 180 data_desc->xtend_desc_size = header_size - FRAME_DESC_SZ; 181 182 if (ieee80211_is_data_qos(wh->frame_control)) { 183 ieee80211_size += 2; 184 data_desc->mac_flags |= cpu_to_le16(RSI_QOS_ENABLE); 185 } 186 187 if ((vif->type == NL80211_IFTYPE_STATION) && 188 (adapter->ps_state == PS_ENABLED)) 189 wh->frame_control |= cpu_to_le16(RSI_SET_PS_ENABLE); 190 191 if ((!(info->flags & IEEE80211_TX_INTFL_DONT_ENCRYPT)) && 192 (common->secinfo.security_enable)) { 193 if (rsi_is_cipher_wep(common)) 194 ieee80211_size += 4; 195 else 196 ieee80211_size += 8; 197 data_desc->mac_flags |= cpu_to_le16(RSI_ENCRYPT_PKT); 198 } 199 rsi_set_len_qno(&data_desc->len_qno, (skb->len - FRAME_DESC_SZ), 200 RSI_WIFI_DATA_Q); 201 data_desc->header_len = ieee80211_size; 202 203 if (common->min_rate != RSI_RATE_AUTO) { 204 /* Send fixed rate */ 205 data_desc->frame_info = cpu_to_le16(RATE_INFO_ENABLE); 206 data_desc->rate_info = cpu_to_le16(common->min_rate); 207 208 if (conf_is_ht40(&common->priv->hw->conf)) 209 data_desc->bbp_info = cpu_to_le16(FULL40M_ENABLE); 210 211 if ((common->vif_info[0].sgi) && (common->min_rate & 0x100)) { 212 /* Only MCS rates */ 213 data_desc->rate_info |= 214 cpu_to_le16(ENABLE_SHORTGI_RATE); 215 } 216 } 217 218 if (skb->protocol == cpu_to_be16(ETH_P_PAE)) { 219 rsi_dbg(INFO_ZONE, "*** Tx EAPOL ***\n"); 220 221 data_desc->frame_info = cpu_to_le16(RATE_INFO_ENABLE); 222 if (common->band == NL80211_BAND_5GHZ) 223 data_desc->rate_info = cpu_to_le16(RSI_RATE_6); 224 else 225 data_desc->rate_info = cpu_to_le16(RSI_RATE_1); 226 data_desc->mac_flags |= cpu_to_le16(RSI_REKEY_PURPOSE); 227 data_desc->misc_flags |= RSI_FETCH_RETRY_CNT_FRM_HST; 228 #define EAPOL_RETRY_CNT 15 229 xtend_desc->retry_cnt = EAPOL_RETRY_CNT; 230 } 231 232 data_desc->mac_flags = cpu_to_le16(seq_num & 0xfff); 233 data_desc->qid_tid = ((skb->priority & 0xf) | 234 ((tx_params->tid & 0xf) << 4)); 235 data_desc->sta_id = tx_params->sta_id; 236 237 if ((is_broadcast_ether_addr(wh->addr1)) || 238 (is_multicast_ether_addr(wh->addr1))) { 239 data_desc->frame_info = cpu_to_le16(RATE_INFO_ENABLE); 240 data_desc->frame_info |= cpu_to_le16(RSI_BROADCAST_PKT); 241 data_desc->sta_id = vap_id; 242 243 if (vif->type == NL80211_IFTYPE_AP) { 244 if (common->band == NL80211_BAND_5GHZ) 245 data_desc->rate_info = cpu_to_le16(RSI_RATE_6); 246 else 247 data_desc->rate_info = cpu_to_le16(RSI_RATE_1); 248 } 249 } 250 if ((vif->type == NL80211_IFTYPE_AP) && 251 (ieee80211_has_moredata(wh->frame_control))) 252 data_desc->frame_info |= cpu_to_le16(MORE_DATA_PRESENT); 253 254 return 0; 255 } 256 257 /* This function sends received data packet from driver to device */ 258 int rsi_send_data_pkt(struct rsi_common *common, struct sk_buff *skb) 259 { 260 struct rsi_hw *adapter = common->priv; 261 struct ieee80211_vif *vif = adapter->vifs[0]; 262 struct ieee80211_tx_info *info; 263 struct ieee80211_bss_conf *bss; 264 int status = -EINVAL; 265 266 if (!skb) 267 return 0; 268 if (common->iface_down) 269 goto err; 270 271 info = IEEE80211_SKB_CB(skb); 272 if (!info->control.vif) 273 goto err; 274 bss = &info->control.vif->bss_conf; 275 276 if ((vif->type == NL80211_IFTYPE_STATION) && (!bss->assoc)) 277 goto err; 278 279 status = rsi_prepare_data_desc(common, skb); 280 if (status) 281 goto err; 282 283 status = adapter->host_intf_ops->write_pkt(common->priv, skb->data, 284 skb->len); 285 if (status) 286 rsi_dbg(ERR_ZONE, "%s: Failed to write pkt\n", __func__); 287 288 err: 289 ++common->tx_stats.total_tx_pkt_freed[skb->priority]; 290 rsi_indicate_tx_status(adapter, skb, status); 291 return status; 292 } 293 294 /** 295 * rsi_send_mgmt_pkt() - This functions sends the received management packet 296 * from driver to device. 297 * @common: Pointer to the driver private structure. 298 * @skb: Pointer to the socket buffer structure. 299 * 300 * Return: status: 0 on success, -1 on failure. 301 */ 302 int rsi_send_mgmt_pkt(struct rsi_common *common, 303 struct sk_buff *skb) 304 { 305 struct rsi_hw *adapter = common->priv; 306 struct ieee80211_tx_info *info; 307 struct skb_info *tx_params; 308 int status = -E2BIG; 309 u8 extnd_size; 310 311 info = IEEE80211_SKB_CB(skb); 312 tx_params = (struct skb_info *)info->driver_data; 313 extnd_size = ((uintptr_t)skb->data & 0x3); 314 315 if (tx_params->flags & INTERNAL_MGMT_PKT) { 316 skb->data[1] |= BIT(7); /* Immediate Wakeup bit*/ 317 if ((extnd_size) > skb_headroom(skb)) { 318 rsi_dbg(ERR_ZONE, "%s: Unable to send pkt\n", __func__); 319 dev_kfree_skb(skb); 320 return -ENOSPC; 321 } 322 skb_push(skb, extnd_size); 323 skb->data[extnd_size + 4] = extnd_size; 324 status = adapter->host_intf_ops->write_pkt(common->priv, 325 (u8 *)skb->data, 326 skb->len); 327 if (status) { 328 rsi_dbg(ERR_ZONE, 329 "%s: Failed to write the packet\n", __func__); 330 } 331 dev_kfree_skb(skb); 332 return status; 333 } 334 335 if (FRAME_DESC_SZ > skb_headroom(skb)) 336 goto err; 337 338 rsi_prepare_mgmt_desc(common, skb); 339 status = adapter->host_intf_ops->write_pkt(common->priv, 340 (u8 *)skb->data, skb->len); 341 if (status) 342 rsi_dbg(ERR_ZONE, "%s: Failed to write the packet\n", __func__); 343 344 err: 345 rsi_indicate_tx_status(common->priv, skb, status); 346 return status; 347 } 348 349 int rsi_prepare_beacon(struct rsi_common *common, struct sk_buff *skb) 350 { 351 struct rsi_hw *adapter = (struct rsi_hw *)common->priv; 352 struct rsi_data_desc *bcn_frm; 353 struct ieee80211_hw *hw = common->priv->hw; 354 struct ieee80211_conf *conf = &hw->conf; 355 struct sk_buff *mac_bcn; 356 u8 vap_id = 0; 357 u16 tim_offset; 358 359 mac_bcn = ieee80211_beacon_get_tim(adapter->hw, 360 adapter->vifs[adapter->sc_nvifs - 1], 361 &tim_offset, NULL); 362 if (!mac_bcn) { 363 rsi_dbg(ERR_ZONE, "Failed to get beacon from mac80211\n"); 364 return -EINVAL; 365 } 366 367 common->beacon_cnt++; 368 bcn_frm = (struct rsi_data_desc *)skb->data; 369 rsi_set_len_qno(&bcn_frm->len_qno, mac_bcn->len, RSI_WIFI_DATA_Q); 370 bcn_frm->header_len = MIN_802_11_HDR_LEN; 371 bcn_frm->frame_info = cpu_to_le16(RSI_DATA_DESC_MAC_BBP_INFO | 372 RSI_DATA_DESC_NO_ACK_IND | 373 RSI_DATA_DESC_BEACON_FRAME | 374 RSI_DATA_DESC_INSERT_TSF | 375 RSI_DATA_DESC_INSERT_SEQ_NO | 376 RATE_INFO_ENABLE); 377 bcn_frm->rate_info = cpu_to_le16(vap_id << 14); 378 bcn_frm->qid_tid = BEACON_HW_Q; 379 380 if (conf_is_ht40_plus(conf)) { 381 bcn_frm->bbp_info = cpu_to_le16(LOWER_20_ENABLE); 382 bcn_frm->bbp_info |= cpu_to_le16(LOWER_20_ENABLE >> 12); 383 } else if (conf_is_ht40_minus(conf)) { 384 bcn_frm->bbp_info = cpu_to_le16(UPPER_20_ENABLE); 385 bcn_frm->bbp_info |= cpu_to_le16(UPPER_20_ENABLE >> 12); 386 } 387 388 if (common->band == NL80211_BAND_2GHZ) 389 bcn_frm->bbp_info |= cpu_to_le16(RSI_RATE_1); 390 else 391 bcn_frm->bbp_info |= cpu_to_le16(RSI_RATE_6); 392 393 if (mac_bcn->data[tim_offset + 2] == 0) 394 bcn_frm->frame_info |= cpu_to_le16(RSI_DATA_DESC_DTIM_BEACON); 395 396 memcpy(&skb->data[FRAME_DESC_SZ], mac_bcn->data, mac_bcn->len); 397 skb_put(skb, mac_bcn->len + FRAME_DESC_SZ); 398 399 dev_kfree_skb(mac_bcn); 400 401 return 0; 402 } 403 404 static void bl_cmd_timeout(unsigned long priv) 405 { 406 struct rsi_hw *adapter = (struct rsi_hw *)priv; 407 408 adapter->blcmd_timer_expired = true; 409 del_timer(&adapter->bl_cmd_timer); 410 } 411 412 static int bl_start_cmd_timer(struct rsi_hw *adapter, u32 timeout) 413 { 414 init_timer(&adapter->bl_cmd_timer); 415 adapter->bl_cmd_timer.data = (unsigned long)adapter; 416 adapter->bl_cmd_timer.function = (void *)&bl_cmd_timeout; 417 adapter->bl_cmd_timer.expires = (msecs_to_jiffies(timeout) + jiffies); 418 419 adapter->blcmd_timer_expired = false; 420 add_timer(&adapter->bl_cmd_timer); 421 422 return 0; 423 } 424 425 static int bl_stop_cmd_timer(struct rsi_hw *adapter) 426 { 427 adapter->blcmd_timer_expired = false; 428 if (timer_pending(&adapter->bl_cmd_timer)) 429 del_timer(&adapter->bl_cmd_timer); 430 431 return 0; 432 } 433 434 static int bl_write_cmd(struct rsi_hw *adapter, u8 cmd, u8 exp_resp, 435 u16 *cmd_resp) 436 { 437 struct rsi_host_intf_ops *hif_ops = adapter->host_intf_ops; 438 u32 regin_val = 0, regout_val = 0; 439 u32 regin_input = 0; 440 u8 output = 0; 441 int status; 442 443 regin_input = (REGIN_INPUT | adapter->priv->coex_mode); 444 445 while (!adapter->blcmd_timer_expired) { 446 regin_val = 0; 447 status = hif_ops->master_reg_read(adapter, SWBL_REGIN, 448 ®in_val, 2); 449 if (status < 0) { 450 rsi_dbg(ERR_ZONE, 451 "%s: Command %0x REGIN reading failed..\n", 452 __func__, cmd); 453 return status; 454 } 455 mdelay(1); 456 if ((regin_val >> 12) != REGIN_VALID) 457 break; 458 } 459 if (adapter->blcmd_timer_expired) { 460 rsi_dbg(ERR_ZONE, 461 "%s: Command %0x REGIN reading timed out..\n", 462 __func__, cmd); 463 return -ETIMEDOUT; 464 } 465 466 rsi_dbg(INFO_ZONE, 467 "Issuing write to Regin val:%0x sending cmd:%0x\n", 468 regin_val, (cmd | regin_input << 8)); 469 status = hif_ops->master_reg_write(adapter, SWBL_REGIN, 470 (cmd | regin_input << 8), 2); 471 if (status < 0) 472 return status; 473 mdelay(1); 474 475 if (cmd == LOAD_HOSTED_FW || cmd == JUMP_TO_ZERO_PC) { 476 /* JUMP_TO_ZERO_PC doesn't expect 477 * any response. So return from here 478 */ 479 return 0; 480 } 481 482 while (!adapter->blcmd_timer_expired) { 483 regout_val = 0; 484 status = hif_ops->master_reg_read(adapter, SWBL_REGOUT, 485 ®out_val, 2); 486 if (status < 0) { 487 rsi_dbg(ERR_ZONE, 488 "%s: Command %0x REGOUT reading failed..\n", 489 __func__, cmd); 490 return status; 491 } 492 mdelay(1); 493 if ((regout_val >> 8) == REGOUT_VALID) 494 break; 495 } 496 if (adapter->blcmd_timer_expired) { 497 rsi_dbg(ERR_ZONE, 498 "%s: Command %0x REGOUT reading timed out..\n", 499 __func__, cmd); 500 return status; 501 } 502 503 *cmd_resp = ((u16 *)®out_val)[0] & 0xffff; 504 505 output = ((u8 *)®out_val)[0] & 0xff; 506 507 status = hif_ops->master_reg_write(adapter, SWBL_REGOUT, 508 (cmd | REGOUT_INVALID << 8), 2); 509 if (status < 0) { 510 rsi_dbg(ERR_ZONE, 511 "%s: Command %0x REGOUT writing failed..\n", 512 __func__, cmd); 513 return status; 514 } 515 mdelay(1); 516 517 if (output != exp_resp) { 518 rsi_dbg(ERR_ZONE, 519 "%s: Recvd resp %x for cmd %0x\n", 520 __func__, output, cmd); 521 return -EINVAL; 522 } 523 rsi_dbg(INFO_ZONE, 524 "%s: Recvd Expected resp %x for cmd %0x\n", 525 __func__, output, cmd); 526 527 return 0; 528 } 529 530 static int bl_cmd(struct rsi_hw *adapter, u8 cmd, u8 exp_resp, char *str) 531 { 532 u16 regout_val = 0; 533 u32 timeout; 534 int status; 535 536 if ((cmd == EOF_REACHED) || (cmd == PING_VALID) || (cmd == PONG_VALID)) 537 timeout = BL_BURN_TIMEOUT; 538 else 539 timeout = BL_CMD_TIMEOUT; 540 541 bl_start_cmd_timer(adapter, timeout); 542 status = bl_write_cmd(adapter, cmd, exp_resp, ®out_val); 543 if (status < 0) { 544 rsi_dbg(ERR_ZONE, 545 "%s: Command %s (%0x) writing failed..\n", 546 __func__, str, cmd); 547 return status; 548 } 549 bl_stop_cmd_timer(adapter); 550 return 0; 551 } 552 553 #define CHECK_SUM_OFFSET 20 554 #define LEN_OFFSET 8 555 #define ADDR_OFFSET 16 556 static int bl_write_header(struct rsi_hw *adapter, u8 *flash_content, 557 u32 content_size) 558 { 559 struct rsi_host_intf_ops *hif_ops = adapter->host_intf_ops; 560 struct bl_header bl_hdr; 561 u32 write_addr, write_len; 562 int status; 563 564 bl_hdr.flags = 0; 565 bl_hdr.image_no = cpu_to_le32(adapter->priv->coex_mode); 566 bl_hdr.check_sum = cpu_to_le32( 567 *(u32 *)&flash_content[CHECK_SUM_OFFSET]); 568 bl_hdr.flash_start_address = cpu_to_le32( 569 *(u32 *)&flash_content[ADDR_OFFSET]); 570 bl_hdr.flash_len = cpu_to_le32(*(u32 *)&flash_content[LEN_OFFSET]); 571 write_len = sizeof(struct bl_header); 572 573 if (adapter->rsi_host_intf == RSI_HOST_INTF_USB) { 574 write_addr = PING_BUFFER_ADDRESS; 575 status = hif_ops->write_reg_multiple(adapter, write_addr, 576 (u8 *)&bl_hdr, write_len); 577 if (status < 0) { 578 rsi_dbg(ERR_ZONE, 579 "%s: Failed to load Version/CRC structure\n", 580 __func__); 581 return status; 582 } 583 } else { 584 write_addr = PING_BUFFER_ADDRESS >> 16; 585 status = hif_ops->master_access_msword(adapter, write_addr); 586 if (status < 0) { 587 rsi_dbg(ERR_ZONE, 588 "%s: Unable to set ms word to common reg\n", 589 __func__); 590 return status; 591 } 592 write_addr = RSI_SD_REQUEST_MASTER | 593 (PING_BUFFER_ADDRESS & 0xFFFF); 594 status = hif_ops->write_reg_multiple(adapter, write_addr, 595 (u8 *)&bl_hdr, write_len); 596 if (status < 0) { 597 rsi_dbg(ERR_ZONE, 598 "%s: Failed to load Version/CRC structure\n", 599 __func__); 600 return status; 601 } 602 } 603 return 0; 604 } 605 606 static u32 read_flash_capacity(struct rsi_hw *adapter) 607 { 608 u32 flash_sz = 0; 609 610 if ((adapter->host_intf_ops->master_reg_read(adapter, FLASH_SIZE_ADDR, 611 &flash_sz, 2)) < 0) { 612 rsi_dbg(ERR_ZONE, 613 "%s: Flash size reading failed..\n", 614 __func__); 615 return 0; 616 } 617 rsi_dbg(INIT_ZONE, "Flash capacity: %d KiloBytes\n", flash_sz); 618 619 return (flash_sz * 1024); /* Return size in kbytes */ 620 } 621 622 static int ping_pong_write(struct rsi_hw *adapter, u8 cmd, u8 *addr, u32 size) 623 { 624 struct rsi_host_intf_ops *hif_ops = adapter->host_intf_ops; 625 u32 block_size = adapter->block_size; 626 u32 cmd_addr; 627 u16 cmd_resp, cmd_req; 628 u8 *str; 629 int status; 630 631 if (cmd == PING_WRITE) { 632 cmd_addr = PING_BUFFER_ADDRESS; 633 cmd_resp = PONG_AVAIL; 634 cmd_req = PING_VALID; 635 str = "PING_VALID"; 636 } else { 637 cmd_addr = PONG_BUFFER_ADDRESS; 638 cmd_resp = PING_AVAIL; 639 cmd_req = PONG_VALID; 640 str = "PONG_VALID"; 641 } 642 643 status = hif_ops->load_data_master_write(adapter, cmd_addr, size, 644 block_size, addr); 645 if (status) { 646 rsi_dbg(ERR_ZONE, "%s: Unable to write blk at addr %0x\n", 647 __func__, *addr); 648 return status; 649 } 650 651 status = bl_cmd(adapter, cmd_req, cmd_resp, str); 652 if (status) { 653 bl_stop_cmd_timer(adapter); 654 return status; 655 } 656 return 0; 657 } 658 659 static int auto_fw_upgrade(struct rsi_hw *adapter, u8 *flash_content, 660 u32 content_size) 661 { 662 u8 cmd, *temp_flash_content; 663 u32 temp_content_size, num_flash, index; 664 u32 flash_start_address; 665 int status; 666 667 temp_flash_content = flash_content; 668 669 if (content_size > MAX_FLASH_FILE_SIZE) { 670 rsi_dbg(ERR_ZONE, 671 "%s: Flash Content size is more than 400K %u\n", 672 __func__, MAX_FLASH_FILE_SIZE); 673 return -EINVAL; 674 } 675 676 flash_start_address = *(u32 *)&flash_content[FLASH_START_ADDRESS]; 677 rsi_dbg(INFO_ZONE, "flash start address: %08x\n", flash_start_address); 678 679 if (flash_start_address < FW_IMAGE_MIN_ADDRESS) { 680 rsi_dbg(ERR_ZONE, 681 "%s: Fw image Flash Start Address is less than 64K\n", 682 __func__); 683 return -EINVAL; 684 } 685 686 if (flash_start_address % FLASH_SECTOR_SIZE) { 687 rsi_dbg(ERR_ZONE, 688 "%s: Flash Start Address is not multiple of 4K\n", 689 __func__); 690 return -EINVAL; 691 } 692 693 if ((flash_start_address + content_size) > adapter->flash_capacity) { 694 rsi_dbg(ERR_ZONE, 695 "%s: Flash Content will cross max flash size\n", 696 __func__); 697 return -EINVAL; 698 } 699 700 temp_content_size = content_size; 701 num_flash = content_size / FLASH_WRITE_CHUNK_SIZE; 702 703 rsi_dbg(INFO_ZONE, "content_size: %d, num_flash: %d\n", 704 content_size, num_flash); 705 706 for (index = 0; index <= num_flash; index++) { 707 rsi_dbg(INFO_ZONE, "flash index: %d\n", index); 708 if (index != num_flash) { 709 content_size = FLASH_WRITE_CHUNK_SIZE; 710 rsi_dbg(INFO_ZONE, "QSPI content_size:%d\n", 711 content_size); 712 } else { 713 content_size = 714 temp_content_size % FLASH_WRITE_CHUNK_SIZE; 715 rsi_dbg(INFO_ZONE, 716 "Writing last sector content_size:%d\n", 717 content_size); 718 if (!content_size) { 719 rsi_dbg(INFO_ZONE, "instruction size zero\n"); 720 break; 721 } 722 } 723 724 if (index % 2) 725 cmd = PING_WRITE; 726 else 727 cmd = PONG_WRITE; 728 729 status = ping_pong_write(adapter, cmd, flash_content, 730 content_size); 731 if (status) { 732 rsi_dbg(ERR_ZONE, "%s: Unable to load %d block\n", 733 __func__, index); 734 return status; 735 } 736 737 rsi_dbg(INFO_ZONE, 738 "%s: Successfully loaded %d instructions\n", 739 __func__, index); 740 flash_content += content_size; 741 } 742 743 status = bl_cmd(adapter, EOF_REACHED, FW_LOADING_SUCCESSFUL, 744 "EOF_REACHED"); 745 if (status) { 746 bl_stop_cmd_timer(adapter); 747 return status; 748 } 749 rsi_dbg(INFO_ZONE, "FW loading is done and FW is running..\n"); 750 return 0; 751 } 752 753 static int rsi_load_firmware(struct rsi_hw *adapter) 754 { 755 struct rsi_host_intf_ops *hif_ops = adapter->host_intf_ops; 756 const struct firmware *fw_entry = NULL; 757 u32 regout_val = 0, content_size; 758 u16 tmp_regout_val = 0; 759 u8 *flash_content = NULL; 760 struct ta_metadata *metadata_p; 761 int status; 762 763 bl_start_cmd_timer(adapter, BL_CMD_TIMEOUT); 764 765 while (!adapter->blcmd_timer_expired) { 766 status = hif_ops->master_reg_read(adapter, SWBL_REGOUT, 767 ®out_val, 2); 768 if (status < 0) { 769 rsi_dbg(ERR_ZONE, 770 "%s: REGOUT read failed\n", __func__); 771 return status; 772 } 773 mdelay(1); 774 if ((regout_val >> 8) == REGOUT_VALID) 775 break; 776 } 777 if (adapter->blcmd_timer_expired) { 778 rsi_dbg(ERR_ZONE, "%s: REGOUT read timedout\n", __func__); 779 rsi_dbg(ERR_ZONE, 780 "%s: Soft boot loader not present\n", __func__); 781 return -ETIMEDOUT; 782 } 783 bl_stop_cmd_timer(adapter); 784 785 rsi_dbg(INFO_ZONE, "Received Board Version Number: %x\n", 786 (regout_val & 0xff)); 787 788 status = hif_ops->master_reg_write(adapter, SWBL_REGOUT, 789 (REGOUT_INVALID | REGOUT_INVALID << 8), 790 2); 791 if (status < 0) { 792 rsi_dbg(ERR_ZONE, "%s: REGOUT writing failed..\n", __func__); 793 return status; 794 } 795 mdelay(1); 796 797 status = bl_cmd(adapter, CONFIG_AUTO_READ_MODE, CMD_PASS, 798 "AUTO_READ_CMD"); 799 if (status < 0) 800 return status; 801 802 adapter->flash_capacity = read_flash_capacity(adapter); 803 if (adapter->flash_capacity <= 0) { 804 rsi_dbg(ERR_ZONE, 805 "%s: Unable to read flash size from EEPROM\n", 806 __func__); 807 return -EINVAL; 808 } 809 810 metadata_p = &metadata_flash_content[adapter->priv->coex_mode]; 811 812 rsi_dbg(INIT_ZONE, "%s: Loading file %s\n", __func__, metadata_p->name); 813 adapter->fw_file_name = metadata_p->name; 814 815 status = request_firmware(&fw_entry, metadata_p->name, adapter->device); 816 if (status < 0) { 817 rsi_dbg(ERR_ZONE, "%s: Failed to open file %s\n", 818 __func__, metadata_p->name); 819 return status; 820 } 821 flash_content = kmemdup(fw_entry->data, fw_entry->size, GFP_KERNEL); 822 if (!flash_content) { 823 rsi_dbg(ERR_ZONE, "%s: Failed to copy firmware\n", __func__); 824 status = -EIO; 825 goto fail; 826 } 827 content_size = fw_entry->size; 828 rsi_dbg(INFO_ZONE, "FW Length = %d bytes\n", content_size); 829 830 status = bl_write_header(adapter, flash_content, content_size); 831 if (status) { 832 rsi_dbg(ERR_ZONE, 833 "%s: RPS Image header loading failed\n", 834 __func__); 835 goto fail; 836 } 837 838 bl_start_cmd_timer(adapter, BL_CMD_TIMEOUT); 839 status = bl_write_cmd(adapter, CHECK_CRC, CMD_PASS, &tmp_regout_val); 840 if (status) { 841 bl_stop_cmd_timer(adapter); 842 rsi_dbg(ERR_ZONE, 843 "%s: CHECK_CRC Command writing failed..\n", 844 __func__); 845 if ((tmp_regout_val & 0xff) == CMD_FAIL) { 846 rsi_dbg(ERR_ZONE, 847 "CRC Fail.. Proceeding to Upgrade mode\n"); 848 goto fw_upgrade; 849 } 850 } 851 bl_stop_cmd_timer(adapter); 852 853 status = bl_cmd(adapter, POLLING_MODE, CMD_PASS, "POLLING_MODE"); 854 if (status) 855 goto fail; 856 857 load_image_cmd: 858 status = bl_cmd(adapter, LOAD_HOSTED_FW, LOADING_INITIATED, 859 "LOAD_HOSTED_FW"); 860 if (status) 861 goto fail; 862 rsi_dbg(INFO_ZONE, "Load Image command passed..\n"); 863 goto success; 864 865 fw_upgrade: 866 status = bl_cmd(adapter, BURN_HOSTED_FW, SEND_RPS_FILE, "FW_UPGRADE"); 867 if (status) 868 goto fail; 869 870 rsi_dbg(INFO_ZONE, "Burn Command Pass.. Upgrading the firmware\n"); 871 872 status = auto_fw_upgrade(adapter, flash_content, content_size); 873 if (status == 0) { 874 rsi_dbg(ERR_ZONE, "Firmware upgradation Done\n"); 875 goto load_image_cmd; 876 } 877 rsi_dbg(ERR_ZONE, "Firmware upgrade failed\n"); 878 879 status = bl_cmd(adapter, CONFIG_AUTO_READ_MODE, CMD_PASS, 880 "AUTO_READ_MODE"); 881 if (status) 882 goto fail; 883 884 success: 885 rsi_dbg(ERR_ZONE, "***** Firmware Loading successful *****\n"); 886 kfree(flash_content); 887 release_firmware(fw_entry); 888 return 0; 889 890 fail: 891 rsi_dbg(ERR_ZONE, "##### Firmware loading failed #####\n"); 892 kfree(flash_content); 893 release_firmware(fw_entry); 894 return status; 895 } 896 897 int rsi_hal_device_init(struct rsi_hw *adapter) 898 { 899 struct rsi_common *common = adapter->priv; 900 901 common->coex_mode = RSI_DEV_COEX_MODE_WIFI_ALONE; 902 common->oper_mode = RSI_DEV_OPMODE_WIFI_ALONE; 903 adapter->device_model = RSI_DEV_9113; 904 905 switch (adapter->device_model) { 906 case RSI_DEV_9113: 907 if (rsi_load_firmware(adapter)) { 908 rsi_dbg(ERR_ZONE, 909 "%s: Failed to load TA instructions\n", 910 __func__); 911 return -EINVAL; 912 } 913 break; 914 default: 915 return -EINVAL; 916 } 917 common->fsm_state = FSM_CARD_NOT_READY; 918 919 return 0; 920 } 921 EXPORT_SYMBOL_GPL(rsi_hal_device_init); 922 923