1 /** 2 * Copyright (c) 2014 Redpine Signals Inc. 3 * 4 * Permission to use, copy, modify, and/or distribute this software for any 5 * purpose with or without fee is hereby granted, provided that the above 6 * copyright notice and this permission notice appear in all copies. 7 * 8 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 9 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 10 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 11 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 12 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 13 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 14 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 15 */ 16 17 #include <linux/firmware.h> 18 #include <net/bluetooth/bluetooth.h> 19 #include "rsi_mgmt.h" 20 #include "rsi_hal.h" 21 #include "rsi_sdio.h" 22 #include "rsi_common.h" 23 24 /* FLASH Firmware */ 25 static struct ta_metadata metadata_flash_content[] = { 26 {"flash_content", 0x00010000}, 27 {"rsi/rs9113_wlan_qspi.rps", 0x00010000}, 28 {"rsi/rs9113_wlan_bt_dual_mode.rps", 0x00010000}, 29 {"flash_content", 0x00010000}, 30 {"rsi/rs9113_ap_bt_dual_mode.rps", 0x00010000}, 31 32 }; 33 34 int rsi_send_pkt_to_bus(struct rsi_common *common, struct sk_buff *skb) 35 { 36 struct rsi_hw *adapter = common->priv; 37 int status; 38 39 if (common->coex_mode > 1) 40 mutex_lock(&common->tx_bus_mutex); 41 42 status = adapter->host_intf_ops->write_pkt(common->priv, 43 skb->data, skb->len); 44 45 if (common->coex_mode > 1) 46 mutex_unlock(&common->tx_bus_mutex); 47 48 return status; 49 } 50 51 int rsi_prepare_mgmt_desc(struct rsi_common *common, struct sk_buff *skb) 52 { 53 struct rsi_hw *adapter = common->priv; 54 struct ieee80211_hdr *wh = NULL; 55 struct ieee80211_tx_info *info; 56 struct ieee80211_conf *conf = &adapter->hw->conf; 57 struct ieee80211_vif *vif; 58 struct rsi_mgmt_desc *mgmt_desc; 59 struct skb_info *tx_params; 60 struct rsi_xtended_desc *xtend_desc = NULL; 61 u8 header_size; 62 u32 dword_align_bytes = 0; 63 64 if (skb->len > MAX_MGMT_PKT_SIZE) { 65 rsi_dbg(INFO_ZONE, "%s: Dropping mgmt pkt > 512\n", __func__); 66 return -EINVAL; 67 } 68 69 info = IEEE80211_SKB_CB(skb); 70 tx_params = (struct skb_info *)info->driver_data; 71 vif = tx_params->vif; 72 73 /* Update header size */ 74 header_size = FRAME_DESC_SZ + sizeof(struct rsi_xtended_desc); 75 if (header_size > skb_headroom(skb)) { 76 rsi_dbg(ERR_ZONE, 77 "%s: Failed to add extended descriptor\n", 78 __func__); 79 return -ENOSPC; 80 } 81 skb_push(skb, header_size); 82 dword_align_bytes = ((unsigned long)skb->data & 0x3f); 83 if (dword_align_bytes > skb_headroom(skb)) { 84 rsi_dbg(ERR_ZONE, 85 "%s: Failed to add dword align\n", __func__); 86 return -ENOSPC; 87 } 88 skb_push(skb, dword_align_bytes); 89 header_size += dword_align_bytes; 90 91 tx_params->internal_hdr_size = header_size; 92 memset(&skb->data[0], 0, header_size); 93 wh = (struct ieee80211_hdr *)&skb->data[header_size]; 94 95 mgmt_desc = (struct rsi_mgmt_desc *)skb->data; 96 xtend_desc = (struct rsi_xtended_desc *)&skb->data[FRAME_DESC_SZ]; 97 98 rsi_set_len_qno(&mgmt_desc->len_qno, (skb->len - FRAME_DESC_SZ), 99 RSI_WIFI_MGMT_Q); 100 mgmt_desc->frame_type = TX_DOT11_MGMT; 101 mgmt_desc->header_len = MIN_802_11_HDR_LEN; 102 mgmt_desc->xtend_desc_size = header_size - FRAME_DESC_SZ; 103 mgmt_desc->frame_info |= cpu_to_le16(RATE_INFO_ENABLE); 104 if (is_broadcast_ether_addr(wh->addr1)) 105 mgmt_desc->frame_info |= cpu_to_le16(RSI_BROADCAST_PKT); 106 107 mgmt_desc->seq_ctrl = 108 cpu_to_le16(IEEE80211_SEQ_TO_SN(le16_to_cpu(wh->seq_ctrl))); 109 if ((common->band == NL80211_BAND_2GHZ) && !common->p2p_enabled) 110 mgmt_desc->rate_info = cpu_to_le16(RSI_RATE_1); 111 else 112 mgmt_desc->rate_info = cpu_to_le16(RSI_RATE_6); 113 114 if (conf_is_ht40(conf)) 115 mgmt_desc->bbp_info = cpu_to_le16(FULL40M_ENABLE); 116 117 if (ieee80211_is_probe_resp(wh->frame_control)) { 118 mgmt_desc->misc_flags |= (RSI_ADD_DELTA_TSF_VAP_ID | 119 RSI_FETCH_RETRY_CNT_FRM_HST); 120 #define PROBE_RESP_RETRY_CNT 3 121 xtend_desc->retry_cnt = PROBE_RESP_RETRY_CNT; 122 } 123 124 if (((vif->type == NL80211_IFTYPE_AP) || 125 (vif->type == NL80211_IFTYPE_P2P_GO)) && 126 (ieee80211_is_action(wh->frame_control))) { 127 struct rsi_sta *rsta = rsi_find_sta(common, wh->addr1); 128 129 if (rsta) 130 mgmt_desc->sta_id = tx_params->sta_id; 131 else 132 return -EINVAL; 133 } 134 mgmt_desc->rate_info |= 135 cpu_to_le16((tx_params->vap_id << RSI_DESC_VAP_ID_OFST) & 136 RSI_DESC_VAP_ID_MASK); 137 138 return 0; 139 } 140 141 /* This function prepares descriptor for given data packet */ 142 int rsi_prepare_data_desc(struct rsi_common *common, struct sk_buff *skb) 143 { 144 struct rsi_hw *adapter = common->priv; 145 struct ieee80211_vif *vif; 146 struct ieee80211_hdr *wh = NULL; 147 struct ieee80211_tx_info *info; 148 struct skb_info *tx_params; 149 struct rsi_data_desc *data_desc; 150 struct rsi_xtended_desc *xtend_desc; 151 u8 ieee80211_size = MIN_802_11_HDR_LEN; 152 u8 header_size; 153 u8 vap_id = 0; 154 u8 dword_align_bytes; 155 u16 seq_num; 156 157 info = IEEE80211_SKB_CB(skb); 158 vif = info->control.vif; 159 tx_params = (struct skb_info *)info->driver_data; 160 161 header_size = FRAME_DESC_SZ + sizeof(struct rsi_xtended_desc); 162 if (header_size > skb_headroom(skb)) { 163 rsi_dbg(ERR_ZONE, "%s: Unable to send pkt\n", __func__); 164 return -ENOSPC; 165 } 166 skb_push(skb, header_size); 167 dword_align_bytes = ((unsigned long)skb->data & 0x3f); 168 if (header_size > skb_headroom(skb)) { 169 rsi_dbg(ERR_ZONE, "%s: Not enough headroom\n", __func__); 170 return -ENOSPC; 171 } 172 skb_push(skb, dword_align_bytes); 173 header_size += dword_align_bytes; 174 175 tx_params->internal_hdr_size = header_size; 176 data_desc = (struct rsi_data_desc *)skb->data; 177 memset(data_desc, 0, header_size); 178 179 xtend_desc = (struct rsi_xtended_desc *)&skb->data[FRAME_DESC_SZ]; 180 wh = (struct ieee80211_hdr *)&skb->data[header_size]; 181 seq_num = IEEE80211_SEQ_TO_SN(le16_to_cpu(wh->seq_ctrl)); 182 183 data_desc->xtend_desc_size = header_size - FRAME_DESC_SZ; 184 185 if (ieee80211_is_data_qos(wh->frame_control)) { 186 ieee80211_size += 2; 187 data_desc->mac_flags |= cpu_to_le16(RSI_QOS_ENABLE); 188 } 189 190 if (((vif->type == NL80211_IFTYPE_STATION) || 191 (vif->type == NL80211_IFTYPE_P2P_CLIENT)) && 192 (adapter->ps_state == PS_ENABLED)) 193 wh->frame_control |= cpu_to_le16(RSI_SET_PS_ENABLE); 194 195 if ((!(info->flags & IEEE80211_TX_INTFL_DONT_ENCRYPT)) && 196 (common->secinfo.security_enable)) { 197 if (rsi_is_cipher_wep(common)) 198 ieee80211_size += 4; 199 else 200 ieee80211_size += 8; 201 data_desc->mac_flags |= cpu_to_le16(RSI_ENCRYPT_PKT); 202 } 203 rsi_set_len_qno(&data_desc->len_qno, (skb->len - FRAME_DESC_SZ), 204 RSI_WIFI_DATA_Q); 205 data_desc->header_len = ieee80211_size; 206 207 if (common->min_rate != RSI_RATE_AUTO) { 208 /* Send fixed rate */ 209 data_desc->frame_info = cpu_to_le16(RATE_INFO_ENABLE); 210 data_desc->rate_info = cpu_to_le16(common->min_rate); 211 212 if (conf_is_ht40(&common->priv->hw->conf)) 213 data_desc->bbp_info = cpu_to_le16(FULL40M_ENABLE); 214 215 if ((common->vif_info[0].sgi) && (common->min_rate & 0x100)) { 216 /* Only MCS rates */ 217 data_desc->rate_info |= 218 cpu_to_le16(ENABLE_SHORTGI_RATE); 219 } 220 } 221 222 if (skb->protocol == cpu_to_be16(ETH_P_PAE)) { 223 rsi_dbg(INFO_ZONE, "*** Tx EAPOL ***\n"); 224 225 data_desc->frame_info = cpu_to_le16(RATE_INFO_ENABLE); 226 if (common->band == NL80211_BAND_5GHZ) 227 data_desc->rate_info = cpu_to_le16(RSI_RATE_6); 228 else 229 data_desc->rate_info = cpu_to_le16(RSI_RATE_1); 230 data_desc->mac_flags |= cpu_to_le16(RSI_REKEY_PURPOSE); 231 data_desc->misc_flags |= RSI_FETCH_RETRY_CNT_FRM_HST; 232 #define EAPOL_RETRY_CNT 15 233 xtend_desc->retry_cnt = EAPOL_RETRY_CNT; 234 235 if (common->eapol4_confirm) 236 skb->priority = VO_Q; 237 else 238 rsi_set_len_qno(&data_desc->len_qno, 239 (skb->len - FRAME_DESC_SZ), 240 RSI_WIFI_MGMT_Q); 241 if ((skb->len - header_size) == EAPOL4_PACKET_LEN) { 242 data_desc->misc_flags |= 243 RSI_DESC_REQUIRE_CFM_TO_HOST; 244 xtend_desc->confirm_frame_type = EAPOL4_CONFIRM; 245 } 246 } 247 248 data_desc->mac_flags |= cpu_to_le16(seq_num & 0xfff); 249 data_desc->qid_tid = ((skb->priority & 0xf) | 250 ((tx_params->tid & 0xf) << 4)); 251 data_desc->sta_id = tx_params->sta_id; 252 253 if ((is_broadcast_ether_addr(wh->addr1)) || 254 (is_multicast_ether_addr(wh->addr1))) { 255 data_desc->frame_info = cpu_to_le16(RATE_INFO_ENABLE); 256 data_desc->frame_info |= cpu_to_le16(RSI_BROADCAST_PKT); 257 data_desc->sta_id = vap_id; 258 259 if ((vif->type == NL80211_IFTYPE_AP) || 260 (vif->type == NL80211_IFTYPE_P2P_GO)) { 261 if (common->band == NL80211_BAND_5GHZ) 262 data_desc->rate_info = cpu_to_le16(RSI_RATE_6); 263 else 264 data_desc->rate_info = cpu_to_le16(RSI_RATE_1); 265 } 266 } 267 if (((vif->type == NL80211_IFTYPE_AP) || 268 (vif->type == NL80211_IFTYPE_P2P_GO)) && 269 (ieee80211_has_moredata(wh->frame_control))) 270 data_desc->frame_info |= cpu_to_le16(MORE_DATA_PRESENT); 271 272 data_desc->rate_info |= 273 cpu_to_le16((tx_params->vap_id << RSI_DESC_VAP_ID_OFST) & 274 RSI_DESC_VAP_ID_MASK); 275 276 return 0; 277 } 278 279 /* This function sends received data packet from driver to device */ 280 int rsi_send_data_pkt(struct rsi_common *common, struct sk_buff *skb) 281 { 282 struct rsi_hw *adapter = common->priv; 283 struct ieee80211_vif *vif; 284 struct ieee80211_tx_info *info; 285 struct skb_info *tx_params; 286 struct ieee80211_bss_conf *bss; 287 int status = -EINVAL; 288 u8 header_size; 289 290 if (!skb) 291 return 0; 292 if (common->iface_down) 293 goto err; 294 295 info = IEEE80211_SKB_CB(skb); 296 if (!info->control.vif) 297 goto err; 298 vif = info->control.vif; 299 bss = &vif->bss_conf; 300 tx_params = (struct skb_info *)info->driver_data; 301 header_size = tx_params->internal_hdr_size; 302 303 if (((vif->type == NL80211_IFTYPE_STATION) || 304 (vif->type == NL80211_IFTYPE_P2P_CLIENT)) && 305 (!bss->assoc)) 306 goto err; 307 308 status = rsi_send_pkt_to_bus(common, skb); 309 if (status) 310 rsi_dbg(ERR_ZONE, "%s: Failed to write pkt\n", __func__); 311 312 err: 313 ++common->tx_stats.total_tx_pkt_freed[skb->priority]; 314 rsi_indicate_tx_status(adapter, skb, status); 315 return status; 316 } 317 318 /** 319 * rsi_send_mgmt_pkt() - This functions sends the received management packet 320 * from driver to device. 321 * @common: Pointer to the driver private structure. 322 * @skb: Pointer to the socket buffer structure. 323 * 324 * Return: status: 0 on success, -1 on failure. 325 */ 326 int rsi_send_mgmt_pkt(struct rsi_common *common, 327 struct sk_buff *skb) 328 { 329 struct rsi_hw *adapter = common->priv; 330 struct ieee80211_bss_conf *bss; 331 struct ieee80211_hdr *wh; 332 struct ieee80211_tx_info *info; 333 struct skb_info *tx_params; 334 struct rsi_mgmt_desc *mgmt_desc; 335 struct rsi_xtended_desc *xtend_desc; 336 int status = -E2BIG; 337 u8 header_size; 338 339 info = IEEE80211_SKB_CB(skb); 340 tx_params = (struct skb_info *)info->driver_data; 341 header_size = tx_params->internal_hdr_size; 342 343 if (tx_params->flags & INTERNAL_MGMT_PKT) { 344 status = adapter->host_intf_ops->write_pkt(common->priv, 345 (u8 *)skb->data, 346 skb->len); 347 if (status) { 348 rsi_dbg(ERR_ZONE, 349 "%s: Failed to write the packet\n", __func__); 350 } 351 dev_kfree_skb(skb); 352 return status; 353 } 354 355 bss = &info->control.vif->bss_conf; 356 wh = (struct ieee80211_hdr *)&skb->data[header_size]; 357 mgmt_desc = (struct rsi_mgmt_desc *)skb->data; 358 xtend_desc = (struct rsi_xtended_desc *)&skb->data[FRAME_DESC_SZ]; 359 360 /* Indicate to firmware to give cfm for probe */ 361 if (ieee80211_is_probe_req(wh->frame_control) && !bss->assoc) { 362 rsi_dbg(INFO_ZONE, 363 "%s: blocking mgmt queue\n", __func__); 364 mgmt_desc->misc_flags = RSI_DESC_REQUIRE_CFM_TO_HOST; 365 xtend_desc->confirm_frame_type = PROBEREQ_CONFIRM; 366 common->mgmt_q_block = true; 367 rsi_dbg(INFO_ZONE, "Mgmt queue blocked\n"); 368 } 369 370 status = rsi_send_pkt_to_bus(common, skb); 371 if (status) 372 rsi_dbg(ERR_ZONE, "%s: Failed to write the packet\n", __func__); 373 374 rsi_indicate_tx_status(common->priv, skb, status); 375 return status; 376 } 377 378 int rsi_send_bt_pkt(struct rsi_common *common, struct sk_buff *skb) 379 { 380 int status = -EINVAL; 381 u8 header_size = 0; 382 struct rsi_bt_desc *bt_desc; 383 u8 queueno = ((skb->data[1] >> 4) & 0xf); 384 385 if (queueno == RSI_BT_MGMT_Q) { 386 status = rsi_send_pkt_to_bus(common, skb); 387 if (status) 388 rsi_dbg(ERR_ZONE, "%s: Failed to write bt mgmt pkt\n", 389 __func__); 390 goto out; 391 } 392 header_size = FRAME_DESC_SZ; 393 if (header_size > skb_headroom(skb)) { 394 rsi_dbg(ERR_ZONE, "%s: Not enough headroom\n", __func__); 395 status = -ENOSPC; 396 goto out; 397 } 398 skb_push(skb, header_size); 399 memset(skb->data, 0, header_size); 400 bt_desc = (struct rsi_bt_desc *)skb->data; 401 402 rsi_set_len_qno(&bt_desc->len_qno, (skb->len - FRAME_DESC_SZ), 403 RSI_BT_DATA_Q); 404 bt_desc->bt_pkt_type = cpu_to_le16(bt_cb(skb)->pkt_type); 405 406 status = rsi_send_pkt_to_bus(common, skb); 407 if (status) 408 rsi_dbg(ERR_ZONE, "%s: Failed to write bt pkt\n", __func__); 409 410 out: 411 dev_kfree_skb(skb); 412 return status; 413 } 414 415 int rsi_prepare_beacon(struct rsi_common *common, struct sk_buff *skb) 416 { 417 struct rsi_hw *adapter = (struct rsi_hw *)common->priv; 418 struct rsi_data_desc *bcn_frm; 419 struct ieee80211_hw *hw = common->priv->hw; 420 struct ieee80211_conf *conf = &hw->conf; 421 struct ieee80211_vif *vif; 422 struct sk_buff *mac_bcn; 423 u8 vap_id = 0, i; 424 u16 tim_offset = 0; 425 426 for (i = 0; i < RSI_MAX_VIFS; i++) { 427 vif = adapter->vifs[i]; 428 if (!vif) 429 continue; 430 if ((vif->type == NL80211_IFTYPE_AP) || 431 (vif->type == NL80211_IFTYPE_P2P_GO)) 432 break; 433 } 434 if (!vif) 435 return -EINVAL; 436 mac_bcn = ieee80211_beacon_get_tim(adapter->hw, 437 vif, 438 &tim_offset, NULL); 439 if (!mac_bcn) { 440 rsi_dbg(ERR_ZONE, "Failed to get beacon from mac80211\n"); 441 return -EINVAL; 442 } 443 444 common->beacon_cnt++; 445 bcn_frm = (struct rsi_data_desc *)skb->data; 446 rsi_set_len_qno(&bcn_frm->len_qno, mac_bcn->len, RSI_WIFI_DATA_Q); 447 bcn_frm->header_len = MIN_802_11_HDR_LEN; 448 bcn_frm->frame_info = cpu_to_le16(RSI_DATA_DESC_MAC_BBP_INFO | 449 RSI_DATA_DESC_NO_ACK_IND | 450 RSI_DATA_DESC_BEACON_FRAME | 451 RSI_DATA_DESC_INSERT_TSF | 452 RSI_DATA_DESC_INSERT_SEQ_NO | 453 RATE_INFO_ENABLE); 454 bcn_frm->rate_info = cpu_to_le16(vap_id << 14); 455 bcn_frm->qid_tid = BEACON_HW_Q; 456 457 if (conf_is_ht40_plus(conf)) { 458 bcn_frm->bbp_info = cpu_to_le16(LOWER_20_ENABLE); 459 bcn_frm->bbp_info |= cpu_to_le16(LOWER_20_ENABLE >> 12); 460 } else if (conf_is_ht40_minus(conf)) { 461 bcn_frm->bbp_info = cpu_to_le16(UPPER_20_ENABLE); 462 bcn_frm->bbp_info |= cpu_to_le16(UPPER_20_ENABLE >> 12); 463 } 464 465 if (common->band == NL80211_BAND_2GHZ) 466 bcn_frm->bbp_info |= cpu_to_le16(RSI_RATE_1); 467 else 468 bcn_frm->bbp_info |= cpu_to_le16(RSI_RATE_6); 469 470 if (mac_bcn->data[tim_offset + 2] == 0) 471 bcn_frm->frame_info |= cpu_to_le16(RSI_DATA_DESC_DTIM_BEACON); 472 473 memcpy(&skb->data[FRAME_DESC_SZ], mac_bcn->data, mac_bcn->len); 474 skb_put(skb, mac_bcn->len + FRAME_DESC_SZ); 475 476 dev_kfree_skb(mac_bcn); 477 478 return 0; 479 } 480 481 static void bl_cmd_timeout(struct timer_list *t) 482 { 483 struct rsi_hw *adapter = from_timer(adapter, t, bl_cmd_timer); 484 485 adapter->blcmd_timer_expired = true; 486 del_timer(&adapter->bl_cmd_timer); 487 } 488 489 static int bl_start_cmd_timer(struct rsi_hw *adapter, u32 timeout) 490 { 491 timer_setup(&adapter->bl_cmd_timer, bl_cmd_timeout, 0); 492 adapter->bl_cmd_timer.expires = (msecs_to_jiffies(timeout) + jiffies); 493 494 adapter->blcmd_timer_expired = false; 495 add_timer(&adapter->bl_cmd_timer); 496 497 return 0; 498 } 499 500 static int bl_stop_cmd_timer(struct rsi_hw *adapter) 501 { 502 adapter->blcmd_timer_expired = false; 503 if (timer_pending(&adapter->bl_cmd_timer)) 504 del_timer(&adapter->bl_cmd_timer); 505 506 return 0; 507 } 508 509 static int bl_write_cmd(struct rsi_hw *adapter, u8 cmd, u8 exp_resp, 510 u16 *cmd_resp) 511 { 512 struct rsi_host_intf_ops *hif_ops = adapter->host_intf_ops; 513 u32 regin_val = 0, regout_val = 0; 514 u32 regin_input = 0; 515 u8 output = 0; 516 int status; 517 518 regin_input = (REGIN_INPUT | adapter->priv->coex_mode); 519 520 while (!adapter->blcmd_timer_expired) { 521 regin_val = 0; 522 status = hif_ops->master_reg_read(adapter, SWBL_REGIN, 523 ®in_val, 2); 524 if (status < 0) { 525 rsi_dbg(ERR_ZONE, 526 "%s: Command %0x REGIN reading failed..\n", 527 __func__, cmd); 528 return status; 529 } 530 mdelay(1); 531 if ((regin_val >> 12) != REGIN_VALID) 532 break; 533 } 534 if (adapter->blcmd_timer_expired) { 535 rsi_dbg(ERR_ZONE, 536 "%s: Command %0x REGIN reading timed out..\n", 537 __func__, cmd); 538 return -ETIMEDOUT; 539 } 540 541 rsi_dbg(INFO_ZONE, 542 "Issuing write to Regin val:%0x sending cmd:%0x\n", 543 regin_val, (cmd | regin_input << 8)); 544 status = hif_ops->master_reg_write(adapter, SWBL_REGIN, 545 (cmd | regin_input << 8), 2); 546 if (status < 0) 547 return status; 548 mdelay(1); 549 550 if (cmd == LOAD_HOSTED_FW || cmd == JUMP_TO_ZERO_PC) { 551 /* JUMP_TO_ZERO_PC doesn't expect 552 * any response. So return from here 553 */ 554 return 0; 555 } 556 557 while (!adapter->blcmd_timer_expired) { 558 regout_val = 0; 559 status = hif_ops->master_reg_read(adapter, SWBL_REGOUT, 560 ®out_val, 2); 561 if (status < 0) { 562 rsi_dbg(ERR_ZONE, 563 "%s: Command %0x REGOUT reading failed..\n", 564 __func__, cmd); 565 return status; 566 } 567 mdelay(1); 568 if ((regout_val >> 8) == REGOUT_VALID) 569 break; 570 } 571 if (adapter->blcmd_timer_expired) { 572 rsi_dbg(ERR_ZONE, 573 "%s: Command %0x REGOUT reading timed out..\n", 574 __func__, cmd); 575 return status; 576 } 577 578 *cmd_resp = ((u16 *)®out_val)[0] & 0xffff; 579 580 output = ((u8 *)®out_val)[0] & 0xff; 581 582 status = hif_ops->master_reg_write(adapter, SWBL_REGOUT, 583 (cmd | REGOUT_INVALID << 8), 2); 584 if (status < 0) { 585 rsi_dbg(ERR_ZONE, 586 "%s: Command %0x REGOUT writing failed..\n", 587 __func__, cmd); 588 return status; 589 } 590 mdelay(1); 591 592 if (output != exp_resp) { 593 rsi_dbg(ERR_ZONE, 594 "%s: Recvd resp %x for cmd %0x\n", 595 __func__, output, cmd); 596 return -EINVAL; 597 } 598 rsi_dbg(INFO_ZONE, 599 "%s: Recvd Expected resp %x for cmd %0x\n", 600 __func__, output, cmd); 601 602 return 0; 603 } 604 605 static int bl_cmd(struct rsi_hw *adapter, u8 cmd, u8 exp_resp, char *str) 606 { 607 u16 regout_val = 0; 608 u32 timeout; 609 int status; 610 611 if ((cmd == EOF_REACHED) || (cmd == PING_VALID) || (cmd == PONG_VALID)) 612 timeout = BL_BURN_TIMEOUT; 613 else 614 timeout = BL_CMD_TIMEOUT; 615 616 bl_start_cmd_timer(adapter, timeout); 617 status = bl_write_cmd(adapter, cmd, exp_resp, ®out_val); 618 if (status < 0) { 619 rsi_dbg(ERR_ZONE, 620 "%s: Command %s (%0x) writing failed..\n", 621 __func__, str, cmd); 622 return status; 623 } 624 bl_stop_cmd_timer(adapter); 625 return 0; 626 } 627 628 #define CHECK_SUM_OFFSET 20 629 #define LEN_OFFSET 8 630 #define ADDR_OFFSET 16 631 static int bl_write_header(struct rsi_hw *adapter, u8 *flash_content, 632 u32 content_size) 633 { 634 struct rsi_host_intf_ops *hif_ops = adapter->host_intf_ops; 635 struct bl_header *bl_hdr; 636 u32 write_addr, write_len; 637 int status; 638 639 bl_hdr = kzalloc(sizeof(*bl_hdr), GFP_KERNEL); 640 if (!bl_hdr) 641 return -ENOMEM; 642 643 bl_hdr->flags = 0; 644 bl_hdr->image_no = cpu_to_le32(adapter->priv->coex_mode); 645 bl_hdr->check_sum = 646 cpu_to_le32(*(u32 *)&flash_content[CHECK_SUM_OFFSET]); 647 bl_hdr->flash_start_address = 648 cpu_to_le32(*(u32 *)&flash_content[ADDR_OFFSET]); 649 bl_hdr->flash_len = cpu_to_le32(*(u32 *)&flash_content[LEN_OFFSET]); 650 write_len = sizeof(struct bl_header); 651 652 if (adapter->rsi_host_intf == RSI_HOST_INTF_USB) { 653 write_addr = PING_BUFFER_ADDRESS; 654 status = hif_ops->write_reg_multiple(adapter, write_addr, 655 (u8 *)bl_hdr, write_len); 656 if (status < 0) { 657 rsi_dbg(ERR_ZONE, 658 "%s: Failed to load Version/CRC structure\n", 659 __func__); 660 goto fail; 661 } 662 } else { 663 write_addr = PING_BUFFER_ADDRESS >> 16; 664 status = hif_ops->master_access_msword(adapter, write_addr); 665 if (status < 0) { 666 rsi_dbg(ERR_ZONE, 667 "%s: Unable to set ms word to common reg\n", 668 __func__); 669 goto fail; 670 } 671 write_addr = RSI_SD_REQUEST_MASTER | 672 (PING_BUFFER_ADDRESS & 0xFFFF); 673 status = hif_ops->write_reg_multiple(adapter, write_addr, 674 (u8 *)bl_hdr, write_len); 675 if (status < 0) { 676 rsi_dbg(ERR_ZONE, 677 "%s: Failed to load Version/CRC structure\n", 678 __func__); 679 goto fail; 680 } 681 } 682 status = 0; 683 fail: 684 kfree(bl_hdr); 685 return status; 686 } 687 688 static u32 read_flash_capacity(struct rsi_hw *adapter) 689 { 690 u32 flash_sz = 0; 691 692 if ((adapter->host_intf_ops->master_reg_read(adapter, FLASH_SIZE_ADDR, 693 &flash_sz, 2)) < 0) { 694 rsi_dbg(ERR_ZONE, 695 "%s: Flash size reading failed..\n", 696 __func__); 697 return 0; 698 } 699 rsi_dbg(INIT_ZONE, "Flash capacity: %d KiloBytes\n", flash_sz); 700 701 return (flash_sz * 1024); /* Return size in kbytes */ 702 } 703 704 static int ping_pong_write(struct rsi_hw *adapter, u8 cmd, u8 *addr, u32 size) 705 { 706 struct rsi_host_intf_ops *hif_ops = adapter->host_intf_ops; 707 u32 block_size = adapter->block_size; 708 u32 cmd_addr; 709 u16 cmd_resp, cmd_req; 710 u8 *str; 711 int status; 712 713 if (cmd == PING_WRITE) { 714 cmd_addr = PING_BUFFER_ADDRESS; 715 cmd_resp = PONG_AVAIL; 716 cmd_req = PING_VALID; 717 str = "PING_VALID"; 718 } else { 719 cmd_addr = PONG_BUFFER_ADDRESS; 720 cmd_resp = PING_AVAIL; 721 cmd_req = PONG_VALID; 722 str = "PONG_VALID"; 723 } 724 725 status = hif_ops->load_data_master_write(adapter, cmd_addr, size, 726 block_size, addr); 727 if (status) { 728 rsi_dbg(ERR_ZONE, "%s: Unable to write blk at addr %0x\n", 729 __func__, *addr); 730 return status; 731 } 732 733 status = bl_cmd(adapter, cmd_req, cmd_resp, str); 734 if (status) { 735 bl_stop_cmd_timer(adapter); 736 return status; 737 } 738 return 0; 739 } 740 741 static int auto_fw_upgrade(struct rsi_hw *adapter, u8 *flash_content, 742 u32 content_size) 743 { 744 u8 cmd; 745 u32 temp_content_size, num_flash, index; 746 u32 flash_start_address; 747 int status; 748 749 if (content_size > MAX_FLASH_FILE_SIZE) { 750 rsi_dbg(ERR_ZONE, 751 "%s: Flash Content size is more than 400K %u\n", 752 __func__, MAX_FLASH_FILE_SIZE); 753 return -EINVAL; 754 } 755 756 flash_start_address = *(u32 *)&flash_content[FLASH_START_ADDRESS]; 757 rsi_dbg(INFO_ZONE, "flash start address: %08x\n", flash_start_address); 758 759 if (flash_start_address < FW_IMAGE_MIN_ADDRESS) { 760 rsi_dbg(ERR_ZONE, 761 "%s: Fw image Flash Start Address is less than 64K\n", 762 __func__); 763 return -EINVAL; 764 } 765 766 if (flash_start_address % FLASH_SECTOR_SIZE) { 767 rsi_dbg(ERR_ZONE, 768 "%s: Flash Start Address is not multiple of 4K\n", 769 __func__); 770 return -EINVAL; 771 } 772 773 if ((flash_start_address + content_size) > adapter->flash_capacity) { 774 rsi_dbg(ERR_ZONE, 775 "%s: Flash Content will cross max flash size\n", 776 __func__); 777 return -EINVAL; 778 } 779 780 temp_content_size = content_size; 781 num_flash = content_size / FLASH_WRITE_CHUNK_SIZE; 782 783 rsi_dbg(INFO_ZONE, "content_size: %d, num_flash: %d\n", 784 content_size, num_flash); 785 786 for (index = 0; index <= num_flash; index++) { 787 rsi_dbg(INFO_ZONE, "flash index: %d\n", index); 788 if (index != num_flash) { 789 content_size = FLASH_WRITE_CHUNK_SIZE; 790 rsi_dbg(INFO_ZONE, "QSPI content_size:%d\n", 791 content_size); 792 } else { 793 content_size = 794 temp_content_size % FLASH_WRITE_CHUNK_SIZE; 795 rsi_dbg(INFO_ZONE, 796 "Writing last sector content_size:%d\n", 797 content_size); 798 if (!content_size) { 799 rsi_dbg(INFO_ZONE, "instruction size zero\n"); 800 break; 801 } 802 } 803 804 if (index % 2) 805 cmd = PING_WRITE; 806 else 807 cmd = PONG_WRITE; 808 809 status = ping_pong_write(adapter, cmd, flash_content, 810 content_size); 811 if (status) { 812 rsi_dbg(ERR_ZONE, "%s: Unable to load %d block\n", 813 __func__, index); 814 return status; 815 } 816 817 rsi_dbg(INFO_ZONE, 818 "%s: Successfully loaded %d instructions\n", 819 __func__, index); 820 flash_content += content_size; 821 } 822 823 status = bl_cmd(adapter, EOF_REACHED, FW_LOADING_SUCCESSFUL, 824 "EOF_REACHED"); 825 if (status) { 826 bl_stop_cmd_timer(adapter); 827 return status; 828 } 829 rsi_dbg(INFO_ZONE, "FW loading is done and FW is running..\n"); 830 return 0; 831 } 832 833 static int rsi_load_firmware(struct rsi_hw *adapter) 834 { 835 struct rsi_common *common = adapter->priv; 836 struct rsi_host_intf_ops *hif_ops = adapter->host_intf_ops; 837 const struct firmware *fw_entry = NULL; 838 u32 regout_val = 0, content_size; 839 u16 tmp_regout_val = 0; 840 struct ta_metadata *metadata_p; 841 int status; 842 843 bl_start_cmd_timer(adapter, BL_CMD_TIMEOUT); 844 845 while (!adapter->blcmd_timer_expired) { 846 status = hif_ops->master_reg_read(adapter, SWBL_REGOUT, 847 ®out_val, 2); 848 if (status < 0) { 849 rsi_dbg(ERR_ZONE, 850 "%s: REGOUT read failed\n", __func__); 851 return status; 852 } 853 mdelay(1); 854 if ((regout_val >> 8) == REGOUT_VALID) 855 break; 856 } 857 if (adapter->blcmd_timer_expired) { 858 rsi_dbg(ERR_ZONE, "%s: REGOUT read timedout\n", __func__); 859 rsi_dbg(ERR_ZONE, 860 "%s: Soft boot loader not present\n", __func__); 861 return -ETIMEDOUT; 862 } 863 bl_stop_cmd_timer(adapter); 864 865 rsi_dbg(INFO_ZONE, "Received Board Version Number: %x\n", 866 (regout_val & 0xff)); 867 868 status = hif_ops->master_reg_write(adapter, SWBL_REGOUT, 869 (REGOUT_INVALID | REGOUT_INVALID << 8), 870 2); 871 if (status < 0) { 872 rsi_dbg(ERR_ZONE, "%s: REGOUT writing failed..\n", __func__); 873 return status; 874 } 875 mdelay(1); 876 877 status = bl_cmd(adapter, CONFIG_AUTO_READ_MODE, CMD_PASS, 878 "AUTO_READ_CMD"); 879 if (status < 0) 880 return status; 881 882 adapter->flash_capacity = read_flash_capacity(adapter); 883 if (adapter->flash_capacity <= 0) { 884 rsi_dbg(ERR_ZONE, 885 "%s: Unable to read flash size from EEPROM\n", 886 __func__); 887 return -EINVAL; 888 } 889 890 metadata_p = &metadata_flash_content[adapter->priv->coex_mode]; 891 892 rsi_dbg(INIT_ZONE, "%s: Loading file %s\n", __func__, metadata_p->name); 893 adapter->fw_file_name = metadata_p->name; 894 895 status = request_firmware(&fw_entry, metadata_p->name, adapter->device); 896 if (status < 0) { 897 rsi_dbg(ERR_ZONE, "%s: Failed to open file %s\n", 898 __func__, metadata_p->name); 899 return status; 900 } 901 content_size = fw_entry->size; 902 rsi_dbg(INFO_ZONE, "FW Length = %d bytes\n", content_size); 903 904 /* Get the firmware version */ 905 common->lmac_ver.ver.info.fw_ver[0] = 906 fw_entry->data[LMAC_VER_OFFSET] & 0xFF; 907 common->lmac_ver.ver.info.fw_ver[1] = 908 fw_entry->data[LMAC_VER_OFFSET + 1] & 0xFF; 909 common->lmac_ver.major = fw_entry->data[LMAC_VER_OFFSET + 2] & 0xFF; 910 common->lmac_ver.release_num = 911 fw_entry->data[LMAC_VER_OFFSET + 3] & 0xFF; 912 common->lmac_ver.minor = fw_entry->data[LMAC_VER_OFFSET + 4] & 0xFF; 913 common->lmac_ver.patch_num = 0; 914 rsi_print_version(common); 915 916 status = bl_write_header(adapter, (u8 *)fw_entry->data, content_size); 917 if (status) { 918 rsi_dbg(ERR_ZONE, 919 "%s: RPS Image header loading failed\n", 920 __func__); 921 goto fail; 922 } 923 924 bl_start_cmd_timer(adapter, BL_CMD_TIMEOUT); 925 status = bl_write_cmd(adapter, CHECK_CRC, CMD_PASS, &tmp_regout_val); 926 if (status) { 927 bl_stop_cmd_timer(adapter); 928 rsi_dbg(ERR_ZONE, 929 "%s: CHECK_CRC Command writing failed..\n", 930 __func__); 931 if ((tmp_regout_val & 0xff) == CMD_FAIL) { 932 rsi_dbg(ERR_ZONE, 933 "CRC Fail.. Proceeding to Upgrade mode\n"); 934 goto fw_upgrade; 935 } 936 } 937 bl_stop_cmd_timer(adapter); 938 939 status = bl_cmd(adapter, POLLING_MODE, CMD_PASS, "POLLING_MODE"); 940 if (status) 941 goto fail; 942 943 load_image_cmd: 944 status = bl_cmd(adapter, LOAD_HOSTED_FW, LOADING_INITIATED, 945 "LOAD_HOSTED_FW"); 946 if (status) 947 goto fail; 948 rsi_dbg(INFO_ZONE, "Load Image command passed..\n"); 949 goto success; 950 951 fw_upgrade: 952 status = bl_cmd(adapter, BURN_HOSTED_FW, SEND_RPS_FILE, "FW_UPGRADE"); 953 if (status) 954 goto fail; 955 956 rsi_dbg(INFO_ZONE, "Burn Command Pass.. Upgrading the firmware\n"); 957 958 status = auto_fw_upgrade(adapter, (u8 *)fw_entry->data, content_size); 959 if (status == 0) { 960 rsi_dbg(ERR_ZONE, "Firmware upgradation Done\n"); 961 goto load_image_cmd; 962 } 963 rsi_dbg(ERR_ZONE, "Firmware upgrade failed\n"); 964 965 status = bl_cmd(adapter, CONFIG_AUTO_READ_MODE, CMD_PASS, 966 "AUTO_READ_MODE"); 967 if (status) 968 goto fail; 969 970 success: 971 rsi_dbg(ERR_ZONE, "***** Firmware Loading successful *****\n"); 972 release_firmware(fw_entry); 973 return 0; 974 975 fail: 976 rsi_dbg(ERR_ZONE, "##### Firmware loading failed #####\n"); 977 release_firmware(fw_entry); 978 return status; 979 } 980 981 int rsi_hal_device_init(struct rsi_hw *adapter) 982 { 983 struct rsi_common *common = adapter->priv; 984 985 switch (adapter->device_model) { 986 case RSI_DEV_9113: 987 if (rsi_load_firmware(adapter)) { 988 rsi_dbg(ERR_ZONE, 989 "%s: Failed to load TA instructions\n", 990 __func__); 991 return -EINVAL; 992 } 993 break; 994 default: 995 return -EINVAL; 996 } 997 common->fsm_state = FSM_CARD_NOT_READY; 998 999 return 0; 1000 } 1001 EXPORT_SYMBOL_GPL(rsi_hal_device_init); 1002 1003