1 /* 2 * Copyright (c) 2014 Redpine Signals Inc. 3 * 4 * Permission to use, copy, modify, and/or distribute this software for any 5 * purpose with or without fee is hereby granted, provided that the above 6 * copyright notice and this permission notice appear in all copies. 7 * 8 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 9 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 10 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 11 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 12 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 13 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 14 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 15 */ 16 17 #include <linux/firmware.h> 18 #include <net/bluetooth/bluetooth.h> 19 #include "rsi_mgmt.h" 20 #include "rsi_hal.h" 21 #include "rsi_sdio.h" 22 #include "rsi_common.h" 23 24 /* FLASH Firmware */ 25 static struct ta_metadata metadata_flash_content[] = { 26 {"flash_content", 0x00010000}, 27 {"rsi/rs9113_wlan_qspi.rps", 0x00010000}, 28 {"rsi/rs9113_wlan_bt_dual_mode.rps", 0x00010000}, 29 {"flash_content", 0x00010000}, 30 {"rsi/rs9113_ap_bt_dual_mode.rps", 0x00010000}, 31 32 }; 33 34 static struct ta_metadata metadata[] = {{"pmemdata_dummy", 0x00000000}, 35 {"rsi/rs9116_wlan.rps", 0x00000000}, 36 {"rsi/rs9116_wlan_bt_classic.rps", 0x00000000}, 37 {"rsi/pmemdata_dummy", 0x00000000}, 38 {"rsi/rs9116_wlan_bt_classic.rps", 0x00000000} 39 }; 40 41 int rsi_send_pkt_to_bus(struct rsi_common *common, struct sk_buff *skb) 42 { 43 struct rsi_hw *adapter = common->priv; 44 int status; 45 46 if (common->coex_mode > 1) 47 mutex_lock(&common->tx_bus_mutex); 48 49 status = adapter->host_intf_ops->write_pkt(common->priv, 50 skb->data, skb->len); 51 52 if (common->coex_mode > 1) 53 mutex_unlock(&common->tx_bus_mutex); 54 55 return status; 56 } 57 58 int rsi_prepare_mgmt_desc(struct rsi_common *common, struct sk_buff *skb) 59 { 60 struct rsi_hw *adapter = common->priv; 61 struct ieee80211_hdr *wh = NULL; 62 struct ieee80211_tx_info *info; 63 struct ieee80211_conf *conf = &adapter->hw->conf; 64 struct ieee80211_vif *vif; 65 struct rsi_mgmt_desc *mgmt_desc; 66 struct skb_info *tx_params; 67 struct rsi_xtended_desc *xtend_desc = NULL; 68 u8 header_size; 69 u32 dword_align_bytes = 0; 70 71 if (skb->len > MAX_MGMT_PKT_SIZE) { 72 rsi_dbg(INFO_ZONE, "%s: Dropping mgmt pkt > 512\n", __func__); 73 return -EINVAL; 74 } 75 76 info = IEEE80211_SKB_CB(skb); 77 tx_params = (struct skb_info *)info->driver_data; 78 vif = tx_params->vif; 79 80 /* Update header size */ 81 header_size = FRAME_DESC_SZ + sizeof(struct rsi_xtended_desc); 82 if (header_size > skb_headroom(skb)) { 83 rsi_dbg(ERR_ZONE, 84 "%s: Failed to add extended descriptor\n", 85 __func__); 86 return -ENOSPC; 87 } 88 skb_push(skb, header_size); 89 dword_align_bytes = ((unsigned long)skb->data & 0x3f); 90 if (dword_align_bytes > skb_headroom(skb)) { 91 rsi_dbg(ERR_ZONE, 92 "%s: Failed to add dword align\n", __func__); 93 return -ENOSPC; 94 } 95 skb_push(skb, dword_align_bytes); 96 header_size += dword_align_bytes; 97 98 tx_params->internal_hdr_size = header_size; 99 memset(&skb->data[0], 0, header_size); 100 wh = (struct ieee80211_hdr *)&skb->data[header_size]; 101 102 mgmt_desc = (struct rsi_mgmt_desc *)skb->data; 103 xtend_desc = (struct rsi_xtended_desc *)&skb->data[FRAME_DESC_SZ]; 104 105 rsi_set_len_qno(&mgmt_desc->len_qno, (skb->len - FRAME_DESC_SZ), 106 RSI_WIFI_MGMT_Q); 107 mgmt_desc->frame_type = TX_DOT11_MGMT; 108 mgmt_desc->header_len = MIN_802_11_HDR_LEN; 109 mgmt_desc->xtend_desc_size = header_size - FRAME_DESC_SZ; 110 111 if (ieee80211_is_probe_req(wh->frame_control)) 112 mgmt_desc->frame_info = cpu_to_le16(RSI_INSERT_SEQ_IN_FW); 113 mgmt_desc->frame_info |= cpu_to_le16(RATE_INFO_ENABLE); 114 if (is_broadcast_ether_addr(wh->addr1)) 115 mgmt_desc->frame_info |= cpu_to_le16(RSI_BROADCAST_PKT); 116 117 mgmt_desc->seq_ctrl = 118 cpu_to_le16(IEEE80211_SEQ_TO_SN(le16_to_cpu(wh->seq_ctrl))); 119 if ((common->band == NL80211_BAND_2GHZ) && !common->p2p_enabled) 120 mgmt_desc->rate_info = cpu_to_le16(RSI_RATE_1); 121 else 122 mgmt_desc->rate_info = cpu_to_le16(RSI_RATE_6); 123 124 if (conf_is_ht40(conf)) 125 mgmt_desc->bbp_info = cpu_to_le16(FULL40M_ENABLE); 126 127 if (ieee80211_is_probe_resp(wh->frame_control)) { 128 mgmt_desc->misc_flags |= (RSI_ADD_DELTA_TSF_VAP_ID | 129 RSI_FETCH_RETRY_CNT_FRM_HST); 130 #define PROBE_RESP_RETRY_CNT 3 131 xtend_desc->retry_cnt = PROBE_RESP_RETRY_CNT; 132 } 133 134 if (((vif->type == NL80211_IFTYPE_AP) || 135 (vif->type == NL80211_IFTYPE_P2P_GO)) && 136 (ieee80211_is_action(wh->frame_control))) { 137 struct rsi_sta *rsta = rsi_find_sta(common, wh->addr1); 138 139 if (rsta) 140 mgmt_desc->sta_id = tx_params->sta_id; 141 else 142 return -EINVAL; 143 } 144 mgmt_desc->rate_info |= 145 cpu_to_le16((tx_params->vap_id << RSI_DESC_VAP_ID_OFST) & 146 RSI_DESC_VAP_ID_MASK); 147 148 return 0; 149 } 150 151 /* This function prepares descriptor for given data packet */ 152 int rsi_prepare_data_desc(struct rsi_common *common, struct sk_buff *skb) 153 { 154 struct rsi_hw *adapter = common->priv; 155 struct ieee80211_vif *vif; 156 struct ieee80211_hdr *wh = NULL; 157 struct ieee80211_tx_info *info; 158 struct skb_info *tx_params; 159 struct rsi_data_desc *data_desc; 160 struct rsi_xtended_desc *xtend_desc; 161 u8 ieee80211_size = MIN_802_11_HDR_LEN; 162 u8 header_size; 163 u8 vap_id = 0; 164 u8 dword_align_bytes; 165 u16 seq_num; 166 167 info = IEEE80211_SKB_CB(skb); 168 vif = info->control.vif; 169 tx_params = (struct skb_info *)info->driver_data; 170 171 header_size = FRAME_DESC_SZ + sizeof(struct rsi_xtended_desc); 172 if (header_size > skb_headroom(skb)) { 173 rsi_dbg(ERR_ZONE, "%s: Unable to send pkt\n", __func__); 174 return -ENOSPC; 175 } 176 skb_push(skb, header_size); 177 dword_align_bytes = ((unsigned long)skb->data & 0x3f); 178 if (header_size > skb_headroom(skb)) { 179 rsi_dbg(ERR_ZONE, "%s: Not enough headroom\n", __func__); 180 return -ENOSPC; 181 } 182 skb_push(skb, dword_align_bytes); 183 header_size += dword_align_bytes; 184 185 tx_params->internal_hdr_size = header_size; 186 data_desc = (struct rsi_data_desc *)skb->data; 187 memset(data_desc, 0, header_size); 188 189 xtend_desc = (struct rsi_xtended_desc *)&skb->data[FRAME_DESC_SZ]; 190 wh = (struct ieee80211_hdr *)&skb->data[header_size]; 191 seq_num = IEEE80211_SEQ_TO_SN(le16_to_cpu(wh->seq_ctrl)); 192 193 data_desc->xtend_desc_size = header_size - FRAME_DESC_SZ; 194 195 if (ieee80211_is_data_qos(wh->frame_control)) { 196 ieee80211_size += 2; 197 data_desc->mac_flags |= cpu_to_le16(RSI_QOS_ENABLE); 198 } 199 200 if (((vif->type == NL80211_IFTYPE_STATION) || 201 (vif->type == NL80211_IFTYPE_P2P_CLIENT)) && 202 (adapter->ps_state == PS_ENABLED)) 203 wh->frame_control |= cpu_to_le16(RSI_SET_PS_ENABLE); 204 205 if ((!(info->flags & IEEE80211_TX_INTFL_DONT_ENCRYPT)) && 206 tx_params->have_key) { 207 if (rsi_is_cipher_wep(common)) 208 ieee80211_size += 4; 209 else 210 ieee80211_size += 8; 211 data_desc->mac_flags |= cpu_to_le16(RSI_ENCRYPT_PKT); 212 } 213 rsi_set_len_qno(&data_desc->len_qno, (skb->len - FRAME_DESC_SZ), 214 RSI_WIFI_DATA_Q); 215 data_desc->header_len = ieee80211_size; 216 217 if (common->rate_config[common->band].fixed_enabled) { 218 /* Send fixed rate */ 219 u16 fixed_rate = common->rate_config[common->band].fixed_hw_rate; 220 221 data_desc->frame_info = cpu_to_le16(RATE_INFO_ENABLE); 222 data_desc->rate_info = cpu_to_le16(fixed_rate); 223 224 if (conf_is_ht40(&common->priv->hw->conf)) 225 data_desc->bbp_info = cpu_to_le16(FULL40M_ENABLE); 226 227 if (common->vif_info[0].sgi && (fixed_rate & 0x100)) { 228 /* Only MCS rates */ 229 data_desc->rate_info |= 230 cpu_to_le16(ENABLE_SHORTGI_RATE); 231 } 232 } 233 234 if (skb->protocol == cpu_to_be16(ETH_P_PAE)) { 235 rsi_dbg(INFO_ZONE, "*** Tx EAPOL ***\n"); 236 237 data_desc->frame_info = cpu_to_le16(RATE_INFO_ENABLE); 238 if (common->band == NL80211_BAND_5GHZ) 239 data_desc->rate_info = cpu_to_le16(RSI_RATE_6); 240 else 241 data_desc->rate_info = cpu_to_le16(RSI_RATE_1); 242 data_desc->mac_flags |= cpu_to_le16(RSI_REKEY_PURPOSE); 243 data_desc->misc_flags |= RSI_FETCH_RETRY_CNT_FRM_HST; 244 #define EAPOL_RETRY_CNT 15 245 xtend_desc->retry_cnt = EAPOL_RETRY_CNT; 246 247 if (common->eapol4_confirm) 248 skb->priority = VO_Q; 249 else 250 rsi_set_len_qno(&data_desc->len_qno, 251 (skb->len - FRAME_DESC_SZ), 252 RSI_WIFI_MGMT_Q); 253 if (((skb->len - header_size) == EAPOL4_PACKET_LEN) || 254 ((skb->len - header_size) == EAPOL4_PACKET_LEN - 2)) { 255 data_desc->misc_flags |= 256 RSI_DESC_REQUIRE_CFM_TO_HOST; 257 xtend_desc->confirm_frame_type = EAPOL4_CONFIRM; 258 } 259 } 260 261 data_desc->mac_flags |= cpu_to_le16(seq_num & 0xfff); 262 data_desc->qid_tid = ((skb->priority & 0xf) | 263 ((tx_params->tid & 0xf) << 4)); 264 data_desc->sta_id = tx_params->sta_id; 265 266 if ((is_broadcast_ether_addr(wh->addr1)) || 267 (is_multicast_ether_addr(wh->addr1))) { 268 data_desc->frame_info = cpu_to_le16(RATE_INFO_ENABLE); 269 data_desc->frame_info |= cpu_to_le16(RSI_BROADCAST_PKT); 270 data_desc->sta_id = vap_id; 271 272 if ((vif->type == NL80211_IFTYPE_AP) || 273 (vif->type == NL80211_IFTYPE_P2P_GO)) { 274 if (common->band == NL80211_BAND_5GHZ) 275 data_desc->rate_info = cpu_to_le16(RSI_RATE_6); 276 else 277 data_desc->rate_info = cpu_to_le16(RSI_RATE_1); 278 } 279 } 280 if (((vif->type == NL80211_IFTYPE_AP) || 281 (vif->type == NL80211_IFTYPE_P2P_GO)) && 282 (ieee80211_has_moredata(wh->frame_control))) 283 data_desc->frame_info |= cpu_to_le16(MORE_DATA_PRESENT); 284 285 data_desc->rate_info |= 286 cpu_to_le16((tx_params->vap_id << RSI_DESC_VAP_ID_OFST) & 287 RSI_DESC_VAP_ID_MASK); 288 289 return 0; 290 } 291 292 /* This function sends received data packet from driver to device */ 293 int rsi_send_data_pkt(struct rsi_common *common, struct sk_buff *skb) 294 { 295 struct rsi_hw *adapter = common->priv; 296 struct ieee80211_vif *vif; 297 struct ieee80211_tx_info *info; 298 struct ieee80211_bss_conf *bss; 299 int status = -EINVAL; 300 301 if (!skb) 302 return 0; 303 if (common->iface_down) 304 goto err; 305 306 info = IEEE80211_SKB_CB(skb); 307 if (!info->control.vif) 308 goto err; 309 vif = info->control.vif; 310 bss = &vif->bss_conf; 311 312 if (((vif->type == NL80211_IFTYPE_STATION) || 313 (vif->type == NL80211_IFTYPE_P2P_CLIENT)) && 314 (!bss->assoc)) 315 goto err; 316 317 status = rsi_send_pkt_to_bus(common, skb); 318 if (status) 319 rsi_dbg(ERR_ZONE, "%s: Failed to write pkt\n", __func__); 320 321 err: 322 ++common->tx_stats.total_tx_pkt_freed[skb->priority]; 323 rsi_indicate_tx_status(adapter, skb, status); 324 return status; 325 } 326 327 /** 328 * rsi_send_mgmt_pkt() - This functions sends the received management packet 329 * from driver to device. 330 * @common: Pointer to the driver private structure. 331 * @skb: Pointer to the socket buffer structure. 332 * 333 * Return: status: 0 on success, -1 on failure. 334 */ 335 int rsi_send_mgmt_pkt(struct rsi_common *common, 336 struct sk_buff *skb) 337 { 338 struct rsi_hw *adapter = common->priv; 339 struct ieee80211_bss_conf *bss; 340 struct ieee80211_hdr *wh; 341 struct ieee80211_tx_info *info; 342 struct skb_info *tx_params; 343 struct rsi_mgmt_desc *mgmt_desc; 344 struct rsi_xtended_desc *xtend_desc; 345 int status = -E2BIG; 346 u8 header_size; 347 348 info = IEEE80211_SKB_CB(skb); 349 tx_params = (struct skb_info *)info->driver_data; 350 header_size = tx_params->internal_hdr_size; 351 352 if (tx_params->flags & INTERNAL_MGMT_PKT) { 353 status = adapter->host_intf_ops->write_pkt(common->priv, 354 (u8 *)skb->data, 355 skb->len); 356 if (status) { 357 rsi_dbg(ERR_ZONE, 358 "%s: Failed to write the packet\n", __func__); 359 } 360 dev_kfree_skb(skb); 361 return status; 362 } 363 364 bss = &info->control.vif->bss_conf; 365 wh = (struct ieee80211_hdr *)&skb->data[header_size]; 366 mgmt_desc = (struct rsi_mgmt_desc *)skb->data; 367 xtend_desc = (struct rsi_xtended_desc *)&skb->data[FRAME_DESC_SZ]; 368 369 /* Indicate to firmware to give cfm for probe */ 370 if (ieee80211_is_probe_req(wh->frame_control) && !bss->assoc) { 371 rsi_dbg(INFO_ZONE, 372 "%s: blocking mgmt queue\n", __func__); 373 mgmt_desc->misc_flags = RSI_DESC_REQUIRE_CFM_TO_HOST; 374 xtend_desc->confirm_frame_type = PROBEREQ_CONFIRM; 375 common->mgmt_q_block = true; 376 rsi_dbg(INFO_ZONE, "Mgmt queue blocked\n"); 377 } 378 379 status = rsi_send_pkt_to_bus(common, skb); 380 if (status) 381 rsi_dbg(ERR_ZONE, "%s: Failed to write the packet\n", __func__); 382 383 rsi_indicate_tx_status(common->priv, skb, status); 384 return status; 385 } 386 387 int rsi_send_bt_pkt(struct rsi_common *common, struct sk_buff *skb) 388 { 389 int status = -EINVAL; 390 u8 header_size = 0; 391 struct rsi_bt_desc *bt_desc; 392 u8 queueno = ((skb->data[1] >> 4) & 0xf); 393 394 if (queueno == RSI_BT_MGMT_Q) { 395 status = rsi_send_pkt_to_bus(common, skb); 396 if (status) 397 rsi_dbg(ERR_ZONE, "%s: Failed to write bt mgmt pkt\n", 398 __func__); 399 goto out; 400 } 401 header_size = FRAME_DESC_SZ; 402 if (header_size > skb_headroom(skb)) { 403 rsi_dbg(ERR_ZONE, "%s: Not enough headroom\n", __func__); 404 status = -ENOSPC; 405 goto out; 406 } 407 skb_push(skb, header_size); 408 memset(skb->data, 0, header_size); 409 bt_desc = (struct rsi_bt_desc *)skb->data; 410 411 rsi_set_len_qno(&bt_desc->len_qno, (skb->len - FRAME_DESC_SZ), 412 RSI_BT_DATA_Q); 413 bt_desc->bt_pkt_type = cpu_to_le16(bt_cb(skb)->pkt_type); 414 415 status = rsi_send_pkt_to_bus(common, skb); 416 if (status) 417 rsi_dbg(ERR_ZONE, "%s: Failed to write bt pkt\n", __func__); 418 419 out: 420 dev_kfree_skb(skb); 421 return status; 422 } 423 424 int rsi_prepare_beacon(struct rsi_common *common, struct sk_buff *skb) 425 { 426 struct rsi_hw *adapter = (struct rsi_hw *)common->priv; 427 struct rsi_data_desc *bcn_frm; 428 struct ieee80211_hw *hw = common->priv->hw; 429 struct ieee80211_conf *conf = &hw->conf; 430 struct ieee80211_vif *vif; 431 struct sk_buff *mac_bcn; 432 u8 vap_id = 0, i; 433 u16 tim_offset = 0; 434 435 for (i = 0; i < RSI_MAX_VIFS; i++) { 436 vif = adapter->vifs[i]; 437 if (!vif) 438 continue; 439 if ((vif->type == NL80211_IFTYPE_AP) || 440 (vif->type == NL80211_IFTYPE_P2P_GO)) 441 break; 442 } 443 if (!vif) 444 return -EINVAL; 445 mac_bcn = ieee80211_beacon_get_tim(adapter->hw, 446 vif, 447 &tim_offset, NULL); 448 if (!mac_bcn) { 449 rsi_dbg(ERR_ZONE, "Failed to get beacon from mac80211\n"); 450 return -EINVAL; 451 } 452 453 common->beacon_cnt++; 454 bcn_frm = (struct rsi_data_desc *)skb->data; 455 rsi_set_len_qno(&bcn_frm->len_qno, mac_bcn->len, RSI_WIFI_DATA_Q); 456 bcn_frm->header_len = MIN_802_11_HDR_LEN; 457 bcn_frm->frame_info = cpu_to_le16(RSI_DATA_DESC_MAC_BBP_INFO | 458 RSI_DATA_DESC_NO_ACK_IND | 459 RSI_DATA_DESC_BEACON_FRAME | 460 RSI_DATA_DESC_INSERT_TSF | 461 RSI_DATA_DESC_INSERT_SEQ_NO | 462 RATE_INFO_ENABLE); 463 bcn_frm->rate_info = cpu_to_le16(vap_id << 14); 464 bcn_frm->qid_tid = BEACON_HW_Q; 465 466 if (conf_is_ht40_plus(conf)) { 467 bcn_frm->bbp_info = cpu_to_le16(LOWER_20_ENABLE); 468 bcn_frm->bbp_info |= cpu_to_le16(LOWER_20_ENABLE >> 12); 469 } else if (conf_is_ht40_minus(conf)) { 470 bcn_frm->bbp_info = cpu_to_le16(UPPER_20_ENABLE); 471 bcn_frm->bbp_info |= cpu_to_le16(UPPER_20_ENABLE >> 12); 472 } 473 474 if (common->band == NL80211_BAND_2GHZ) 475 bcn_frm->rate_info |= cpu_to_le16(RSI_RATE_1); 476 else 477 bcn_frm->rate_info |= cpu_to_le16(RSI_RATE_6); 478 479 if (mac_bcn->data[tim_offset + 2] == 0) 480 bcn_frm->frame_info |= cpu_to_le16(RSI_DATA_DESC_DTIM_BEACON); 481 482 memcpy(&skb->data[FRAME_DESC_SZ], mac_bcn->data, mac_bcn->len); 483 skb_put(skb, mac_bcn->len + FRAME_DESC_SZ); 484 485 dev_kfree_skb(mac_bcn); 486 487 return 0; 488 } 489 490 static void bl_cmd_timeout(struct timer_list *t) 491 { 492 struct rsi_hw *adapter = from_timer(adapter, t, bl_cmd_timer); 493 494 adapter->blcmd_timer_expired = true; 495 del_timer(&adapter->bl_cmd_timer); 496 } 497 498 static int bl_start_cmd_timer(struct rsi_hw *adapter, u32 timeout) 499 { 500 timer_setup(&adapter->bl_cmd_timer, bl_cmd_timeout, 0); 501 adapter->bl_cmd_timer.expires = (msecs_to_jiffies(timeout) + jiffies); 502 503 adapter->blcmd_timer_expired = false; 504 add_timer(&adapter->bl_cmd_timer); 505 506 return 0; 507 } 508 509 static int bl_stop_cmd_timer(struct rsi_hw *adapter) 510 { 511 adapter->blcmd_timer_expired = false; 512 if (timer_pending(&adapter->bl_cmd_timer)) 513 del_timer(&adapter->bl_cmd_timer); 514 515 return 0; 516 } 517 518 static int bl_write_cmd(struct rsi_hw *adapter, u8 cmd, u8 exp_resp, 519 u16 *cmd_resp) 520 { 521 struct rsi_host_intf_ops *hif_ops = adapter->host_intf_ops; 522 u32 regin_val = 0, regout_val = 0; 523 u32 regin_input = 0; 524 u8 output = 0; 525 int status; 526 527 regin_input = (REGIN_INPUT | adapter->priv->coex_mode); 528 529 while (!adapter->blcmd_timer_expired) { 530 regin_val = 0; 531 status = hif_ops->master_reg_read(adapter, SWBL_REGIN, 532 ®in_val, 2); 533 if (status < 0) { 534 rsi_dbg(ERR_ZONE, 535 "%s: Command %0x REGIN reading failed..\n", 536 __func__, cmd); 537 return status; 538 } 539 mdelay(1); 540 if ((regin_val >> 12) != REGIN_VALID) 541 break; 542 } 543 if (adapter->blcmd_timer_expired) { 544 rsi_dbg(ERR_ZONE, 545 "%s: Command %0x REGIN reading timed out..\n", 546 __func__, cmd); 547 return -ETIMEDOUT; 548 } 549 550 rsi_dbg(INFO_ZONE, 551 "Issuing write to Regin val:%0x sending cmd:%0x\n", 552 regin_val, (cmd | regin_input << 8)); 553 status = hif_ops->master_reg_write(adapter, SWBL_REGIN, 554 (cmd | regin_input << 8), 2); 555 if (status < 0) 556 return status; 557 mdelay(1); 558 559 if (cmd == LOAD_HOSTED_FW || cmd == JUMP_TO_ZERO_PC) { 560 /* JUMP_TO_ZERO_PC doesn't expect 561 * any response. So return from here 562 */ 563 return 0; 564 } 565 566 while (!adapter->blcmd_timer_expired) { 567 regout_val = 0; 568 status = hif_ops->master_reg_read(adapter, SWBL_REGOUT, 569 ®out_val, 2); 570 if (status < 0) { 571 rsi_dbg(ERR_ZONE, 572 "%s: Command %0x REGOUT reading failed..\n", 573 __func__, cmd); 574 return status; 575 } 576 mdelay(1); 577 if ((regout_val >> 8) == REGOUT_VALID) 578 break; 579 } 580 if (adapter->blcmd_timer_expired) { 581 rsi_dbg(ERR_ZONE, 582 "%s: Command %0x REGOUT reading timed out..\n", 583 __func__, cmd); 584 return status; 585 } 586 587 *cmd_resp = ((u16 *)®out_val)[0] & 0xffff; 588 589 output = ((u8 *)®out_val)[0] & 0xff; 590 591 status = hif_ops->master_reg_write(adapter, SWBL_REGOUT, 592 (cmd | REGOUT_INVALID << 8), 2); 593 if (status < 0) { 594 rsi_dbg(ERR_ZONE, 595 "%s: Command %0x REGOUT writing failed..\n", 596 __func__, cmd); 597 return status; 598 } 599 mdelay(1); 600 601 if (output != exp_resp) { 602 rsi_dbg(ERR_ZONE, 603 "%s: Recvd resp %x for cmd %0x\n", 604 __func__, output, cmd); 605 return -EINVAL; 606 } 607 rsi_dbg(INFO_ZONE, 608 "%s: Recvd Expected resp %x for cmd %0x\n", 609 __func__, output, cmd); 610 611 return 0; 612 } 613 614 static int bl_cmd(struct rsi_hw *adapter, u8 cmd, u8 exp_resp, char *str) 615 { 616 u16 regout_val = 0; 617 u32 timeout; 618 int status; 619 620 if ((cmd == EOF_REACHED) || (cmd == PING_VALID) || (cmd == PONG_VALID)) 621 timeout = BL_BURN_TIMEOUT; 622 else 623 timeout = BL_CMD_TIMEOUT; 624 625 bl_start_cmd_timer(adapter, timeout); 626 status = bl_write_cmd(adapter, cmd, exp_resp, ®out_val); 627 if (status < 0) { 628 bl_stop_cmd_timer(adapter); 629 rsi_dbg(ERR_ZONE, 630 "%s: Command %s (%0x) writing failed..\n", 631 __func__, str, cmd); 632 return status; 633 } 634 bl_stop_cmd_timer(adapter); 635 return 0; 636 } 637 638 #define CHECK_SUM_OFFSET 20 639 #define LEN_OFFSET 8 640 #define ADDR_OFFSET 16 641 static int bl_write_header(struct rsi_hw *adapter, u8 *flash_content, 642 u32 content_size) 643 { 644 struct rsi_host_intf_ops *hif_ops = adapter->host_intf_ops; 645 struct bl_header *bl_hdr; 646 u32 write_addr, write_len; 647 int status; 648 649 bl_hdr = kzalloc(sizeof(*bl_hdr), GFP_KERNEL); 650 if (!bl_hdr) 651 return -ENOMEM; 652 653 bl_hdr->flags = 0; 654 bl_hdr->image_no = cpu_to_le32(adapter->priv->coex_mode); 655 bl_hdr->check_sum = 656 cpu_to_le32(*(u32 *)&flash_content[CHECK_SUM_OFFSET]); 657 bl_hdr->flash_start_address = 658 cpu_to_le32(*(u32 *)&flash_content[ADDR_OFFSET]); 659 bl_hdr->flash_len = cpu_to_le32(*(u32 *)&flash_content[LEN_OFFSET]); 660 write_len = sizeof(struct bl_header); 661 662 if (adapter->rsi_host_intf == RSI_HOST_INTF_USB) { 663 write_addr = PING_BUFFER_ADDRESS; 664 status = hif_ops->write_reg_multiple(adapter, write_addr, 665 (u8 *)bl_hdr, write_len); 666 if (status < 0) { 667 rsi_dbg(ERR_ZONE, 668 "%s: Failed to load Version/CRC structure\n", 669 __func__); 670 goto fail; 671 } 672 } else { 673 write_addr = PING_BUFFER_ADDRESS >> 16; 674 status = hif_ops->master_access_msword(adapter, write_addr); 675 if (status < 0) { 676 rsi_dbg(ERR_ZONE, 677 "%s: Unable to set ms word to common reg\n", 678 __func__); 679 goto fail; 680 } 681 write_addr = RSI_SD_REQUEST_MASTER | 682 (PING_BUFFER_ADDRESS & 0xFFFF); 683 status = hif_ops->write_reg_multiple(adapter, write_addr, 684 (u8 *)bl_hdr, write_len); 685 if (status < 0) { 686 rsi_dbg(ERR_ZONE, 687 "%s: Failed to load Version/CRC structure\n", 688 __func__); 689 goto fail; 690 } 691 } 692 status = 0; 693 fail: 694 kfree(bl_hdr); 695 return status; 696 } 697 698 static u32 read_flash_capacity(struct rsi_hw *adapter) 699 { 700 u32 flash_sz = 0; 701 702 if ((adapter->host_intf_ops->master_reg_read(adapter, FLASH_SIZE_ADDR, 703 &flash_sz, 2)) < 0) { 704 rsi_dbg(ERR_ZONE, 705 "%s: Flash size reading failed..\n", 706 __func__); 707 return 0; 708 } 709 rsi_dbg(INIT_ZONE, "Flash capacity: %d KiloBytes\n", flash_sz); 710 711 return (flash_sz * 1024); /* Return size in kbytes */ 712 } 713 714 static int ping_pong_write(struct rsi_hw *adapter, u8 cmd, u8 *addr, u32 size) 715 { 716 struct rsi_host_intf_ops *hif_ops = adapter->host_intf_ops; 717 u32 block_size = adapter->block_size; 718 u32 cmd_addr; 719 u16 cmd_resp, cmd_req; 720 u8 *str; 721 int status; 722 723 if (cmd == PING_WRITE) { 724 cmd_addr = PING_BUFFER_ADDRESS; 725 cmd_resp = PONG_AVAIL; 726 cmd_req = PING_VALID; 727 str = "PING_VALID"; 728 } else { 729 cmd_addr = PONG_BUFFER_ADDRESS; 730 cmd_resp = PING_AVAIL; 731 cmd_req = PONG_VALID; 732 str = "PONG_VALID"; 733 } 734 735 status = hif_ops->load_data_master_write(adapter, cmd_addr, size, 736 block_size, addr); 737 if (status) { 738 rsi_dbg(ERR_ZONE, "%s: Unable to write blk at addr %0x\n", 739 __func__, *addr); 740 return status; 741 } 742 743 status = bl_cmd(adapter, cmd_req, cmd_resp, str); 744 if (status) 745 return status; 746 747 return 0; 748 } 749 750 static int auto_fw_upgrade(struct rsi_hw *adapter, u8 *flash_content, 751 u32 content_size) 752 { 753 u8 cmd; 754 u32 temp_content_size, num_flash, index; 755 u32 flash_start_address; 756 int status; 757 758 if (content_size > MAX_FLASH_FILE_SIZE) { 759 rsi_dbg(ERR_ZONE, 760 "%s: Flash Content size is more than 400K %u\n", 761 __func__, MAX_FLASH_FILE_SIZE); 762 return -EINVAL; 763 } 764 765 flash_start_address = *(u32 *)&flash_content[FLASH_START_ADDRESS]; 766 rsi_dbg(INFO_ZONE, "flash start address: %08x\n", flash_start_address); 767 768 if (flash_start_address < FW_IMAGE_MIN_ADDRESS) { 769 rsi_dbg(ERR_ZONE, 770 "%s: Fw image Flash Start Address is less than 64K\n", 771 __func__); 772 return -EINVAL; 773 } 774 775 if (flash_start_address % FLASH_SECTOR_SIZE) { 776 rsi_dbg(ERR_ZONE, 777 "%s: Flash Start Address is not multiple of 4K\n", 778 __func__); 779 return -EINVAL; 780 } 781 782 if ((flash_start_address + content_size) > adapter->flash_capacity) { 783 rsi_dbg(ERR_ZONE, 784 "%s: Flash Content will cross max flash size\n", 785 __func__); 786 return -EINVAL; 787 } 788 789 temp_content_size = content_size; 790 num_flash = content_size / FLASH_WRITE_CHUNK_SIZE; 791 792 rsi_dbg(INFO_ZONE, "content_size: %d, num_flash: %d\n", 793 content_size, num_flash); 794 795 for (index = 0; index <= num_flash; index++) { 796 rsi_dbg(INFO_ZONE, "flash index: %d\n", index); 797 if (index != num_flash) { 798 content_size = FLASH_WRITE_CHUNK_SIZE; 799 rsi_dbg(INFO_ZONE, "QSPI content_size:%d\n", 800 content_size); 801 } else { 802 content_size = 803 temp_content_size % FLASH_WRITE_CHUNK_SIZE; 804 rsi_dbg(INFO_ZONE, 805 "Writing last sector content_size:%d\n", 806 content_size); 807 if (!content_size) { 808 rsi_dbg(INFO_ZONE, "instruction size zero\n"); 809 break; 810 } 811 } 812 813 if (index % 2) 814 cmd = PING_WRITE; 815 else 816 cmd = PONG_WRITE; 817 818 status = ping_pong_write(adapter, cmd, flash_content, 819 content_size); 820 if (status) { 821 rsi_dbg(ERR_ZONE, "%s: Unable to load %d block\n", 822 __func__, index); 823 return status; 824 } 825 826 rsi_dbg(INFO_ZONE, 827 "%s: Successfully loaded %d instructions\n", 828 __func__, index); 829 flash_content += content_size; 830 } 831 832 status = bl_cmd(adapter, EOF_REACHED, FW_LOADING_SUCCESSFUL, 833 "EOF_REACHED"); 834 if (status) 835 return status; 836 837 rsi_dbg(INFO_ZONE, "FW loading is done and FW is running..\n"); 838 return 0; 839 } 840 841 static int rsi_hal_prepare_fwload(struct rsi_hw *adapter) 842 { 843 struct rsi_host_intf_ops *hif_ops = adapter->host_intf_ops; 844 u32 regout_val = 0; 845 int status; 846 847 bl_start_cmd_timer(adapter, BL_CMD_TIMEOUT); 848 849 while (!adapter->blcmd_timer_expired) { 850 status = hif_ops->master_reg_read(adapter, SWBL_REGOUT, 851 ®out_val, 852 RSI_COMMON_REG_SIZE); 853 if (status < 0) { 854 bl_stop_cmd_timer(adapter); 855 rsi_dbg(ERR_ZONE, 856 "%s: REGOUT read failed\n", __func__); 857 return status; 858 } 859 mdelay(1); 860 if ((regout_val >> 8) == REGOUT_VALID) 861 break; 862 } 863 if (adapter->blcmd_timer_expired) { 864 rsi_dbg(ERR_ZONE, "%s: REGOUT read timedout\n", __func__); 865 rsi_dbg(ERR_ZONE, 866 "%s: Soft boot loader not present\n", __func__); 867 return -ETIMEDOUT; 868 } 869 bl_stop_cmd_timer(adapter); 870 871 rsi_dbg(INFO_ZONE, "Received Board Version Number: %x\n", 872 (regout_val & 0xff)); 873 874 status = hif_ops->master_reg_write(adapter, SWBL_REGOUT, 875 (REGOUT_INVALID | 876 REGOUT_INVALID << 8), 877 RSI_COMMON_REG_SIZE); 878 if (status < 0) 879 rsi_dbg(ERR_ZONE, "%s: REGOUT writing failed..\n", __func__); 880 else 881 rsi_dbg(INFO_ZONE, 882 "===> Device is ready to load firmware <===\n"); 883 884 return status; 885 } 886 887 static int rsi_load_9113_firmware(struct rsi_hw *adapter) 888 { 889 struct rsi_common *common = adapter->priv; 890 const struct firmware *fw_entry = NULL; 891 u32 content_size; 892 u16 tmp_regout_val = 0; 893 struct ta_metadata *metadata_p; 894 int status; 895 896 status = bl_cmd(adapter, CONFIG_AUTO_READ_MODE, CMD_PASS, 897 "AUTO_READ_CMD"); 898 if (status < 0) 899 return status; 900 901 adapter->flash_capacity = read_flash_capacity(adapter); 902 if (adapter->flash_capacity <= 0) { 903 rsi_dbg(ERR_ZONE, 904 "%s: Unable to read flash size from EEPROM\n", 905 __func__); 906 return -EINVAL; 907 } 908 909 metadata_p = &metadata_flash_content[adapter->priv->coex_mode]; 910 911 rsi_dbg(INIT_ZONE, "%s: Loading file %s\n", __func__, metadata_p->name); 912 adapter->fw_file_name = metadata_p->name; 913 914 status = request_firmware(&fw_entry, metadata_p->name, adapter->device); 915 if (status < 0) { 916 rsi_dbg(ERR_ZONE, "%s: Failed to open file %s\n", 917 __func__, metadata_p->name); 918 return status; 919 } 920 content_size = fw_entry->size; 921 rsi_dbg(INFO_ZONE, "FW Length = %d bytes\n", content_size); 922 923 /* Get the firmware version */ 924 common->lmac_ver.ver.info.fw_ver[0] = 925 fw_entry->data[LMAC_VER_OFFSET_9113] & 0xFF; 926 common->lmac_ver.ver.info.fw_ver[1] = 927 fw_entry->data[LMAC_VER_OFFSET_9113 + 1] & 0xFF; 928 common->lmac_ver.major = 929 fw_entry->data[LMAC_VER_OFFSET_9113 + 2] & 0xFF; 930 common->lmac_ver.release_num = 931 fw_entry->data[LMAC_VER_OFFSET_9113 + 3] & 0xFF; 932 common->lmac_ver.minor = 933 fw_entry->data[LMAC_VER_OFFSET_9113 + 4] & 0xFF; 934 common->lmac_ver.patch_num = 0; 935 rsi_print_version(common); 936 937 status = bl_write_header(adapter, (u8 *)fw_entry->data, content_size); 938 if (status) { 939 rsi_dbg(ERR_ZONE, 940 "%s: RPS Image header loading failed\n", 941 __func__); 942 goto fail; 943 } 944 945 bl_start_cmd_timer(adapter, BL_CMD_TIMEOUT); 946 status = bl_write_cmd(adapter, CHECK_CRC, CMD_PASS, &tmp_regout_val); 947 if (status) { 948 bl_stop_cmd_timer(adapter); 949 rsi_dbg(ERR_ZONE, 950 "%s: CHECK_CRC Command writing failed..\n", 951 __func__); 952 if ((tmp_regout_val & 0xff) == CMD_FAIL) { 953 rsi_dbg(ERR_ZONE, 954 "CRC Fail.. Proceeding to Upgrade mode\n"); 955 goto fw_upgrade; 956 } 957 } 958 bl_stop_cmd_timer(adapter); 959 960 status = bl_cmd(adapter, POLLING_MODE, CMD_PASS, "POLLING_MODE"); 961 if (status) 962 goto fail; 963 964 load_image_cmd: 965 status = bl_cmd(adapter, LOAD_HOSTED_FW, LOADING_INITIATED, 966 "LOAD_HOSTED_FW"); 967 if (status) 968 goto fail; 969 rsi_dbg(INFO_ZONE, "Load Image command passed..\n"); 970 goto success; 971 972 fw_upgrade: 973 status = bl_cmd(adapter, BURN_HOSTED_FW, SEND_RPS_FILE, "FW_UPGRADE"); 974 if (status) 975 goto fail; 976 977 rsi_dbg(INFO_ZONE, "Burn Command Pass.. Upgrading the firmware\n"); 978 979 status = auto_fw_upgrade(adapter, (u8 *)fw_entry->data, content_size); 980 if (status == 0) { 981 rsi_dbg(ERR_ZONE, "Firmware upgradation Done\n"); 982 goto load_image_cmd; 983 } 984 rsi_dbg(ERR_ZONE, "Firmware upgrade failed\n"); 985 986 status = bl_cmd(adapter, CONFIG_AUTO_READ_MODE, CMD_PASS, 987 "AUTO_READ_MODE"); 988 if (status) 989 goto fail; 990 991 success: 992 rsi_dbg(ERR_ZONE, "***** Firmware Loading successful *****\n"); 993 release_firmware(fw_entry); 994 return 0; 995 996 fail: 997 rsi_dbg(ERR_ZONE, "##### Firmware loading failed #####\n"); 998 release_firmware(fw_entry); 999 return status; 1000 } 1001 1002 static int rsi_load_9116_firmware(struct rsi_hw *adapter) 1003 { 1004 struct rsi_common *common = adapter->priv; 1005 struct rsi_host_intf_ops *hif_ops = adapter->host_intf_ops; 1006 const struct firmware *fw_entry; 1007 struct ta_metadata *metadata_p; 1008 u8 *ta_firmware, *fw_p; 1009 struct bootload_ds bootload_ds; 1010 u32 instructions_sz, base_address; 1011 u16 block_size = adapter->block_size; 1012 u32 dest, len; 1013 int status, cnt; 1014 1015 rsi_dbg(INIT_ZONE, "***** Load 9116 TA Instructions *****\n"); 1016 1017 if (adapter->rsi_host_intf == RSI_HOST_INTF_USB) { 1018 status = bl_cmd(adapter, POLLING_MODE, CMD_PASS, 1019 "POLLING_MODE"); 1020 if (status < 0) 1021 return status; 1022 } 1023 1024 status = hif_ops->master_reg_write(adapter, MEM_ACCESS_CTRL_FROM_HOST, 1025 RAM_384K_ACCESS_FROM_TA, 1026 RSI_9116_REG_SIZE); 1027 if (status < 0) { 1028 rsi_dbg(ERR_ZONE, "%s: Unable to access full RAM memory\n", 1029 __func__); 1030 return status; 1031 } 1032 1033 metadata_p = &metadata[adapter->priv->coex_mode]; 1034 rsi_dbg(INIT_ZONE, "%s: loading file %s\n", __func__, metadata_p->name); 1035 status = request_firmware(&fw_entry, metadata_p->name, adapter->device); 1036 if (status < 0) { 1037 rsi_dbg(ERR_ZONE, "%s: Failed to open file %s\n", 1038 __func__, metadata_p->name); 1039 return status; 1040 } 1041 1042 ta_firmware = kmemdup(fw_entry->data, fw_entry->size, GFP_KERNEL); 1043 if (!ta_firmware) { 1044 status = -ENOMEM; 1045 goto fail_release_fw; 1046 } 1047 fw_p = ta_firmware; 1048 instructions_sz = fw_entry->size; 1049 rsi_dbg(INFO_ZONE, "FW Length = %d bytes\n", instructions_sz); 1050 1051 common->lmac_ver.major = ta_firmware[LMAC_VER_OFFSET_9116]; 1052 common->lmac_ver.minor = ta_firmware[LMAC_VER_OFFSET_9116 + 1]; 1053 common->lmac_ver.release_num = ta_firmware[LMAC_VER_OFFSET_9116 + 2]; 1054 common->lmac_ver.patch_num = ta_firmware[LMAC_VER_OFFSET_9116 + 3]; 1055 common->lmac_ver.ver.info.fw_ver[0] = 1056 ta_firmware[LMAC_VER_OFFSET_9116 + 4]; 1057 1058 if (instructions_sz % FW_ALIGN_SIZE) 1059 instructions_sz += 1060 (FW_ALIGN_SIZE - (instructions_sz % FW_ALIGN_SIZE)); 1061 rsi_dbg(INFO_ZONE, "instructions_sz : %d\n", instructions_sz); 1062 1063 if (*(u16 *)fw_p == RSI_9116_FW_MAGIC_WORD) { 1064 memcpy(&bootload_ds, fw_p, sizeof(struct bootload_ds)); 1065 fw_p += le16_to_cpu(bootload_ds.offset); 1066 rsi_dbg(INFO_ZONE, "FW start = %x\n", *(u32 *)fw_p); 1067 1068 cnt = 0; 1069 do { 1070 rsi_dbg(ERR_ZONE, "%s: Loading chunk %d\n", 1071 __func__, cnt); 1072 1073 dest = le32_to_cpu(bootload_ds.bl_entry[cnt].dst_addr); 1074 len = le32_to_cpu(bootload_ds.bl_entry[cnt].control) & 1075 RSI_BL_CTRL_LEN_MASK; 1076 rsi_dbg(INFO_ZONE, "length %d destination %x\n", 1077 len, dest); 1078 1079 status = hif_ops->load_data_master_write(adapter, dest, 1080 len, 1081 block_size, 1082 fw_p); 1083 if (status < 0) { 1084 rsi_dbg(ERR_ZONE, 1085 "Failed to load chunk %d\n", cnt); 1086 break; 1087 } 1088 fw_p += len; 1089 if (le32_to_cpu(bootload_ds.bl_entry[cnt].control) & 1090 RSI_BL_CTRL_LAST_ENTRY) 1091 break; 1092 cnt++; 1093 } while (1); 1094 } else { 1095 base_address = metadata_p->address; 1096 status = hif_ops->load_data_master_write(adapter, 1097 base_address, 1098 instructions_sz, 1099 block_size, 1100 ta_firmware); 1101 } 1102 if (status) { 1103 rsi_dbg(ERR_ZONE, 1104 "%s: Unable to load %s blk\n", 1105 __func__, metadata_p->name); 1106 goto fail_free_fw; 1107 } 1108 1109 rsi_dbg(INIT_ZONE, "%s: Successfully loaded %s instructions\n", 1110 __func__, metadata_p->name); 1111 1112 if (adapter->rsi_host_intf == RSI_HOST_INTF_SDIO) { 1113 if (hif_ops->ta_reset(adapter)) 1114 rsi_dbg(ERR_ZONE, "Unable to put ta in reset\n"); 1115 } else { 1116 if (bl_cmd(adapter, JUMP_TO_ZERO_PC, 1117 CMD_PASS, "JUMP_TO_ZERO") < 0) 1118 rsi_dbg(INFO_ZONE, "Jump to zero command failed\n"); 1119 else 1120 rsi_dbg(INFO_ZONE, "Jump to zero command successful\n"); 1121 } 1122 1123 fail_free_fw: 1124 kfree(ta_firmware); 1125 fail_release_fw: 1126 release_firmware(fw_entry); 1127 1128 return status; 1129 } 1130 1131 int rsi_hal_device_init(struct rsi_hw *adapter) 1132 { 1133 struct rsi_common *common = adapter->priv; 1134 int status; 1135 1136 switch (adapter->device_model) { 1137 case RSI_DEV_9113: 1138 status = rsi_hal_prepare_fwload(adapter); 1139 if (status < 0) 1140 return status; 1141 if (rsi_load_9113_firmware(adapter)) { 1142 rsi_dbg(ERR_ZONE, 1143 "%s: Failed to load TA instructions\n", 1144 __func__); 1145 return -EINVAL; 1146 } 1147 break; 1148 case RSI_DEV_9116: 1149 status = rsi_hal_prepare_fwload(adapter); 1150 if (status < 0) 1151 return status; 1152 if (rsi_load_9116_firmware(adapter)) { 1153 rsi_dbg(ERR_ZONE, 1154 "%s: Failed to load firmware to 9116 device\n", 1155 __func__); 1156 return -EINVAL; 1157 } 1158 break; 1159 default: 1160 return -EINVAL; 1161 } 1162 common->fsm_state = FSM_CARD_NOT_READY; 1163 1164 return 0; 1165 } 1166 EXPORT_SYMBOL_GPL(rsi_hal_device_init); 1167 1168