1 /* src/prism2/driver/hfa384x_usb.c 2 * 3 * Functions that talk to the USB variantof the Intersil hfa384x MAC 4 * 5 * Copyright (C) 1999 AbsoluteValue Systems, Inc. All Rights Reserved. 6 * -------------------------------------------------------------------- 7 * 8 * linux-wlan 9 * 10 * The contents of this file are subject to the Mozilla Public 11 * License Version 1.1 (the "License"); you may not use this file 12 * except in compliance with the License. You may obtain a copy of 13 * the License at http://www.mozilla.org/MPL/ 14 * 15 * Software distributed under the License is distributed on an "AS 16 * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or 17 * implied. See the License for the specific language governing 18 * rights and limitations under the License. 19 * 20 * Alternatively, the contents of this file may be used under the 21 * terms of the GNU Public License version 2 (the "GPL"), in which 22 * case the provisions of the GPL are applicable instead of the 23 * above. If you wish to allow the use of your version of this file 24 * only under the terms of the GPL and not to allow others to use 25 * your version of this file under the MPL, indicate your decision 26 * by deleting the provisions above and replace them with the notice 27 * and other provisions required by the GPL. If you do not delete 28 * the provisions above, a recipient may use your version of this 29 * file under either the MPL or the GPL. 30 * 31 * -------------------------------------------------------------------- 32 * 33 * Inquiries regarding the linux-wlan Open Source project can be 34 * made directly to: 35 * 36 * AbsoluteValue Systems Inc. 37 * info@linux-wlan.com 38 * http://www.linux-wlan.com 39 * 40 * -------------------------------------------------------------------- 41 * 42 * Portions of the development of this software were funded by 43 * Intersil Corporation as part of PRISM(R) chipset product development. 44 * 45 * -------------------------------------------------------------------- 46 * 47 * This file implements functions that correspond to the prism2/hfa384x 48 * 802.11 MAC hardware and firmware host interface. 49 * 50 * The functions can be considered to represent several levels of 51 * abstraction. The lowest level functions are simply C-callable wrappers 52 * around the register accesses. The next higher level represents C-callable 53 * prism2 API functions that match the Intersil documentation as closely 54 * as is reasonable. The next higher layer implements common sequences 55 * of invocations of the API layer (e.g. write to bap, followed by cmd). 56 * 57 * Common sequences: 58 * hfa384x_drvr_xxx Highest level abstractions provided by the 59 * hfa384x code. They are driver defined wrappers 60 * for common sequences. These functions generally 61 * use the services of the lower levels. 62 * 63 * hfa384x_drvr_xxxconfig An example of the drvr level abstraction. These 64 * functions are wrappers for the RID get/set 65 * sequence. They call copy_[to|from]_bap() and 66 * cmd_access(). These functions operate on the 67 * RIDs and buffers without validation. The caller 68 * is responsible for that. 69 * 70 * API wrapper functions: 71 * hfa384x_cmd_xxx functions that provide access to the f/w commands. 72 * The function arguments correspond to each command 73 * argument, even command arguments that get packed 74 * into single registers. These functions _just_ 75 * issue the command by setting the cmd/parm regs 76 * & reading the status/resp regs. Additional 77 * activities required to fully use a command 78 * (read/write from/to bap, get/set int status etc.) 79 * are implemented separately. Think of these as 80 * C-callable prism2 commands. 81 * 82 * Lowest Layer Functions: 83 * hfa384x_docmd_xxx These functions implement the sequence required 84 * to issue any prism2 command. Primarily used by the 85 * hfa384x_cmd_xxx functions. 86 * 87 * hfa384x_bap_xxx BAP read/write access functions. 88 * Note: we usually use BAP0 for non-interrupt context 89 * and BAP1 for interrupt context. 90 * 91 * hfa384x_dl_xxx download related functions. 92 * 93 * Driver State Issues: 94 * Note that there are two pairs of functions that manage the 95 * 'initialized' and 'running' states of the hw/MAC combo. The four 96 * functions are create(), destroy(), start(), and stop(). create() 97 * sets up the data structures required to support the hfa384x_* 98 * functions and destroy() cleans them up. The start() function gets 99 * the actual hardware running and enables the interrupts. The stop() 100 * function shuts the hardware down. The sequence should be: 101 * create() 102 * start() 103 * . 104 * . Do interesting things w/ the hardware 105 * . 106 * stop() 107 * destroy() 108 * 109 * Note that destroy() can be called without calling stop() first. 110 * -------------------------------------------------------------------- 111 */ 112 113 #include <linux/module.h> 114 #include <linux/kernel.h> 115 #include <linux/sched.h> 116 #include <linux/types.h> 117 #include <linux/slab.h> 118 #include <linux/wireless.h> 119 #include <linux/netdevice.h> 120 #include <linux/timer.h> 121 #include <linux/io.h> 122 #include <linux/delay.h> 123 #include <asm/byteorder.h> 124 #include <linux/bitops.h> 125 #include <linux/list.h> 126 #include <linux/usb.h> 127 #include <linux/byteorder/generic.h> 128 129 #include "p80211types.h" 130 #include "p80211hdr.h" 131 #include "p80211mgmt.h" 132 #include "p80211conv.h" 133 #include "p80211msg.h" 134 #include "p80211netdev.h" 135 #include "p80211req.h" 136 #include "p80211metadef.h" 137 #include "p80211metastruct.h" 138 #include "hfa384x.h" 139 #include "prism2mgmt.h" 140 141 enum cmd_mode { 142 DOWAIT = 0, 143 DOASYNC 144 }; 145 146 #define THROTTLE_JIFFIES (HZ / 8) 147 #define URB_ASYNC_UNLINK 0 148 #define USB_QUEUE_BULK 0 149 150 #define ROUNDUP64(a) (((a) + 63) & ~63) 151 152 #ifdef DEBUG_USB 153 static void dbprint_urb(struct urb *urb); 154 #endif 155 156 static void hfa384x_int_rxmonitor(struct wlandevice *wlandev, 157 struct hfa384x_usb_rxfrm *rxfrm); 158 159 static void hfa384x_usb_defer(struct work_struct *data); 160 161 static int submit_rx_urb(struct hfa384x *hw, gfp_t flags); 162 163 static int submit_tx_urb(struct hfa384x *hw, struct urb *tx_urb, gfp_t flags); 164 165 /*---------------------------------------------------*/ 166 /* Callbacks */ 167 static void hfa384x_usbout_callback(struct urb *urb); 168 static void hfa384x_ctlxout_callback(struct urb *urb); 169 static void hfa384x_usbin_callback(struct urb *urb); 170 171 static void 172 hfa384x_usbin_txcompl(struct wlandevice *wlandev, union hfa384x_usbin *usbin); 173 174 static void hfa384x_usbin_rx(struct wlandevice *wlandev, struct sk_buff *skb); 175 176 static void hfa384x_usbin_info(struct wlandevice *wlandev, 177 union hfa384x_usbin *usbin); 178 179 static void hfa384x_usbin_ctlx(struct hfa384x *hw, union hfa384x_usbin *usbin, 180 int urb_status); 181 182 /*---------------------------------------------------*/ 183 /* Functions to support the prism2 usb command queue */ 184 185 static void hfa384x_usbctlxq_run(struct hfa384x *hw); 186 187 static void hfa384x_usbctlx_reqtimerfn(unsigned long data); 188 189 static void hfa384x_usbctlx_resptimerfn(unsigned long data); 190 191 static void hfa384x_usb_throttlefn(unsigned long data); 192 193 static void hfa384x_usbctlx_completion_task(unsigned long data); 194 195 static void hfa384x_usbctlx_reaper_task(unsigned long data); 196 197 static int hfa384x_usbctlx_submit(struct hfa384x *hw, 198 struct hfa384x_usbctlx *ctlx); 199 200 static void unlocked_usbctlx_complete(struct hfa384x *hw, 201 struct hfa384x_usbctlx *ctlx); 202 203 struct usbctlx_completor { 204 int (*complete)(struct usbctlx_completor *); 205 }; 206 207 static int 208 hfa384x_usbctlx_complete_sync(struct hfa384x *hw, 209 struct hfa384x_usbctlx *ctlx, 210 struct usbctlx_completor *completor); 211 212 static int 213 unlocked_usbctlx_cancel_async(struct hfa384x *hw, struct hfa384x_usbctlx *ctlx); 214 215 static void hfa384x_cb_status(struct hfa384x *hw, 216 const struct hfa384x_usbctlx *ctlx); 217 218 static int 219 usbctlx_get_status(const struct hfa384x_usb_statusresp *cmdresp, 220 struct hfa384x_cmdresult *result); 221 222 static void 223 usbctlx_get_rridresult(const struct hfa384x_usb_rridresp *rridresp, 224 struct hfa384x_rridresult *result); 225 226 /*---------------------------------------------------*/ 227 /* Low level req/resp CTLX formatters and submitters */ 228 static int 229 hfa384x_docmd(struct hfa384x *hw, 230 enum cmd_mode mode, 231 struct hfa384x_metacmd *cmd, 232 ctlx_cmdcb_t cmdcb, ctlx_usercb_t usercb, void *usercb_data); 233 234 static int 235 hfa384x_dorrid(struct hfa384x *hw, 236 enum cmd_mode mode, 237 u16 rid, 238 void *riddata, 239 unsigned int riddatalen, 240 ctlx_cmdcb_t cmdcb, ctlx_usercb_t usercb, void *usercb_data); 241 242 static int 243 hfa384x_dowrid(struct hfa384x *hw, 244 enum cmd_mode mode, 245 u16 rid, 246 void *riddata, 247 unsigned int riddatalen, 248 ctlx_cmdcb_t cmdcb, ctlx_usercb_t usercb, void *usercb_data); 249 250 static int 251 hfa384x_dormem(struct hfa384x *hw, 252 enum cmd_mode mode, 253 u16 page, 254 u16 offset, 255 void *data, 256 unsigned int len, 257 ctlx_cmdcb_t cmdcb, ctlx_usercb_t usercb, void *usercb_data); 258 259 static int 260 hfa384x_dowmem(struct hfa384x *hw, 261 enum cmd_mode mode, 262 u16 page, 263 u16 offset, 264 void *data, 265 unsigned int len, 266 ctlx_cmdcb_t cmdcb, ctlx_usercb_t usercb, void *usercb_data); 267 268 static int hfa384x_isgood_pdrcode(u16 pdrcode); 269 270 static inline const char *ctlxstr(enum ctlx_state s) 271 { 272 static const char * const ctlx_str[] = { 273 "Initial state", 274 "Complete", 275 "Request failed", 276 "Request pending", 277 "Request packet submitted", 278 "Request packet completed", 279 "Response packet completed" 280 }; 281 282 return ctlx_str[s]; 283 }; 284 285 static inline struct hfa384x_usbctlx *get_active_ctlx(struct hfa384x *hw) 286 { 287 return list_entry(hw->ctlxq.active.next, struct hfa384x_usbctlx, list); 288 } 289 290 #ifdef DEBUG_USB 291 void dbprint_urb(struct urb *urb) 292 { 293 pr_debug("urb->pipe=0x%08x\n", urb->pipe); 294 pr_debug("urb->status=0x%08x\n", urb->status); 295 pr_debug("urb->transfer_flags=0x%08x\n", urb->transfer_flags); 296 pr_debug("urb->transfer_buffer=0x%08x\n", 297 (unsigned int)urb->transfer_buffer); 298 pr_debug("urb->transfer_buffer_length=0x%08x\n", 299 urb->transfer_buffer_length); 300 pr_debug("urb->actual_length=0x%08x\n", urb->actual_length); 301 pr_debug("urb->bandwidth=0x%08x\n", urb->bandwidth); 302 pr_debug("urb->setup_packet(ctl)=0x%08x\n", 303 (unsigned int)urb->setup_packet); 304 pr_debug("urb->start_frame(iso/irq)=0x%08x\n", urb->start_frame); 305 pr_debug("urb->interval(irq)=0x%08x\n", urb->interval); 306 pr_debug("urb->error_count(iso)=0x%08x\n", urb->error_count); 307 pr_debug("urb->timeout=0x%08x\n", urb->timeout); 308 pr_debug("urb->context=0x%08x\n", (unsigned int)urb->context); 309 pr_debug("urb->complete=0x%08x\n", (unsigned int)urb->complete); 310 } 311 #endif 312 313 /*---------------------------------------------------------------- 314 * submit_rx_urb 315 * 316 * Listen for input data on the BULK-IN pipe. If the pipe has 317 * stalled then schedule it to be reset. 318 * 319 * Arguments: 320 * hw device struct 321 * memflags memory allocation flags 322 * 323 * Returns: 324 * error code from submission 325 * 326 * Call context: 327 * Any 328 *---------------------------------------------------------------- 329 */ 330 static int submit_rx_urb(struct hfa384x *hw, gfp_t memflags) 331 { 332 struct sk_buff *skb; 333 int result; 334 335 skb = dev_alloc_skb(sizeof(union hfa384x_usbin)); 336 if (!skb) { 337 result = -ENOMEM; 338 goto done; 339 } 340 341 /* Post the IN urb */ 342 usb_fill_bulk_urb(&hw->rx_urb, hw->usb, 343 hw->endp_in, 344 skb->data, sizeof(union hfa384x_usbin), 345 hfa384x_usbin_callback, hw->wlandev); 346 347 hw->rx_urb_skb = skb; 348 349 result = -ENOLINK; 350 if (!hw->wlandev->hwremoved && 351 !test_bit(WORK_RX_HALT, &hw->usb_flags)) { 352 result = usb_submit_urb(&hw->rx_urb, memflags); 353 354 /* Check whether we need to reset the RX pipe */ 355 if (result == -EPIPE) { 356 netdev_warn(hw->wlandev->netdev, 357 "%s rx pipe stalled: requesting reset\n", 358 hw->wlandev->netdev->name); 359 if (!test_and_set_bit(WORK_RX_HALT, &hw->usb_flags)) 360 schedule_work(&hw->usb_work); 361 } 362 } 363 364 /* Don't leak memory if anything should go wrong */ 365 if (result != 0) { 366 dev_kfree_skb(skb); 367 hw->rx_urb_skb = NULL; 368 } 369 370 done: 371 return result; 372 } 373 374 /*---------------------------------------------------------------- 375 * submit_tx_urb 376 * 377 * Prepares and submits the URB of transmitted data. If the 378 * submission fails then it will schedule the output pipe to 379 * be reset. 380 * 381 * Arguments: 382 * hw device struct 383 * tx_urb URB of data for transmission 384 * memflags memory allocation flags 385 * 386 * Returns: 387 * error code from submission 388 * 389 * Call context: 390 * Any 391 *---------------------------------------------------------------- 392 */ 393 static int submit_tx_urb(struct hfa384x *hw, struct urb *tx_urb, gfp_t memflags) 394 { 395 struct net_device *netdev = hw->wlandev->netdev; 396 int result; 397 398 result = -ENOLINK; 399 if (netif_running(netdev)) { 400 if (!hw->wlandev->hwremoved && 401 !test_bit(WORK_TX_HALT, &hw->usb_flags)) { 402 result = usb_submit_urb(tx_urb, memflags); 403 404 /* Test whether we need to reset the TX pipe */ 405 if (result == -EPIPE) { 406 netdev_warn(hw->wlandev->netdev, 407 "%s tx pipe stalled: requesting reset\n", 408 netdev->name); 409 set_bit(WORK_TX_HALT, &hw->usb_flags); 410 schedule_work(&hw->usb_work); 411 } else if (result == 0) { 412 netif_stop_queue(netdev); 413 } 414 } 415 } 416 417 return result; 418 } 419 420 /*---------------------------------------------------------------- 421 * hfa394x_usb_defer 422 * 423 * There are some things that the USB stack cannot do while 424 * in interrupt context, so we arrange this function to run 425 * in process context. 426 * 427 * Arguments: 428 * hw device structure 429 * 430 * Returns: 431 * nothing 432 * 433 * Call context: 434 * process (by design) 435 *---------------------------------------------------------------- 436 */ 437 static void hfa384x_usb_defer(struct work_struct *data) 438 { 439 struct hfa384x *hw = container_of(data, struct hfa384x, usb_work); 440 struct net_device *netdev = hw->wlandev->netdev; 441 442 /* Don't bother trying to reset anything if the plug 443 * has been pulled ... 444 */ 445 if (hw->wlandev->hwremoved) 446 return; 447 448 /* Reception has stopped: try to reset the input pipe */ 449 if (test_bit(WORK_RX_HALT, &hw->usb_flags)) { 450 int ret; 451 452 usb_kill_urb(&hw->rx_urb); /* Cannot be holding spinlock! */ 453 454 ret = usb_clear_halt(hw->usb, hw->endp_in); 455 if (ret != 0) { 456 netdev_err(hw->wlandev->netdev, 457 "Failed to clear rx pipe for %s: err=%d\n", 458 netdev->name, ret); 459 } else { 460 netdev_info(hw->wlandev->netdev, "%s rx pipe reset complete.\n", 461 netdev->name); 462 clear_bit(WORK_RX_HALT, &hw->usb_flags); 463 set_bit(WORK_RX_RESUME, &hw->usb_flags); 464 } 465 } 466 467 /* Resume receiving data back from the device. */ 468 if (test_bit(WORK_RX_RESUME, &hw->usb_flags)) { 469 int ret; 470 471 ret = submit_rx_urb(hw, GFP_KERNEL); 472 if (ret != 0) { 473 netdev_err(hw->wlandev->netdev, 474 "Failed to resume %s rx pipe.\n", 475 netdev->name); 476 } else { 477 clear_bit(WORK_RX_RESUME, &hw->usb_flags); 478 } 479 } 480 481 /* Transmission has stopped: try to reset the output pipe */ 482 if (test_bit(WORK_TX_HALT, &hw->usb_flags)) { 483 int ret; 484 485 usb_kill_urb(&hw->tx_urb); 486 ret = usb_clear_halt(hw->usb, hw->endp_out); 487 if (ret != 0) { 488 netdev_err(hw->wlandev->netdev, 489 "Failed to clear tx pipe for %s: err=%d\n", 490 netdev->name, ret); 491 } else { 492 netdev_info(hw->wlandev->netdev, "%s tx pipe reset complete.\n", 493 netdev->name); 494 clear_bit(WORK_TX_HALT, &hw->usb_flags); 495 set_bit(WORK_TX_RESUME, &hw->usb_flags); 496 497 /* Stopping the BULK-OUT pipe also blocked 498 * us from sending any more CTLX URBs, so 499 * we need to re-run our queue ... 500 */ 501 hfa384x_usbctlxq_run(hw); 502 } 503 } 504 505 /* Resume transmitting. */ 506 if (test_and_clear_bit(WORK_TX_RESUME, &hw->usb_flags)) 507 netif_wake_queue(hw->wlandev->netdev); 508 } 509 510 /*---------------------------------------------------------------- 511 * hfa384x_create 512 * 513 * Sets up the struct hfa384x data structure for use. Note this 514 * does _not_ initialize the actual hardware, just the data structures 515 * we use to keep track of its state. 516 * 517 * Arguments: 518 * hw device structure 519 * irq device irq number 520 * iobase i/o base address for register access 521 * membase memory base address for register access 522 * 523 * Returns: 524 * nothing 525 * 526 * Side effects: 527 * 528 * Call context: 529 * process 530 *---------------------------------------------------------------- 531 */ 532 void hfa384x_create(struct hfa384x *hw, struct usb_device *usb) 533 { 534 memset(hw, 0, sizeof(*hw)); 535 hw->usb = usb; 536 537 /* set up the endpoints */ 538 hw->endp_in = usb_rcvbulkpipe(usb, 1); 539 hw->endp_out = usb_sndbulkpipe(usb, 2); 540 541 /* Set up the waitq */ 542 init_waitqueue_head(&hw->cmdq); 543 544 /* Initialize the command queue */ 545 spin_lock_init(&hw->ctlxq.lock); 546 INIT_LIST_HEAD(&hw->ctlxq.pending); 547 INIT_LIST_HEAD(&hw->ctlxq.active); 548 INIT_LIST_HEAD(&hw->ctlxq.completing); 549 INIT_LIST_HEAD(&hw->ctlxq.reapable); 550 551 /* Initialize the authentication queue */ 552 skb_queue_head_init(&hw->authq); 553 554 tasklet_init(&hw->reaper_bh, 555 hfa384x_usbctlx_reaper_task, (unsigned long)hw); 556 tasklet_init(&hw->completion_bh, 557 hfa384x_usbctlx_completion_task, (unsigned long)hw); 558 INIT_WORK(&hw->link_bh, prism2sta_processing_defer); 559 INIT_WORK(&hw->usb_work, hfa384x_usb_defer); 560 561 setup_timer(&hw->throttle, hfa384x_usb_throttlefn, (unsigned long)hw); 562 563 setup_timer(&hw->resptimer, hfa384x_usbctlx_resptimerfn, 564 (unsigned long)hw); 565 566 setup_timer(&hw->reqtimer, hfa384x_usbctlx_reqtimerfn, 567 (unsigned long)hw); 568 569 usb_init_urb(&hw->rx_urb); 570 usb_init_urb(&hw->tx_urb); 571 usb_init_urb(&hw->ctlx_urb); 572 573 hw->link_status = HFA384x_LINK_NOTCONNECTED; 574 hw->state = HFA384x_STATE_INIT; 575 576 INIT_WORK(&hw->commsqual_bh, prism2sta_commsqual_defer); 577 setup_timer(&hw->commsqual_timer, prism2sta_commsqual_timer, 578 (unsigned long)hw); 579 } 580 581 /*---------------------------------------------------------------- 582 * hfa384x_destroy 583 * 584 * Partner to hfa384x_create(). This function cleans up the hw 585 * structure so that it can be freed by the caller using a simple 586 * kfree. Currently, this function is just a placeholder. If, at some 587 * point in the future, an hw in the 'shutdown' state requires a 'deep' 588 * kfree, this is where it should be done. Note that if this function 589 * is called on a _running_ hw structure, the drvr_stop() function is 590 * called. 591 * 592 * Arguments: 593 * hw device structure 594 * 595 * Returns: 596 * nothing, this function is not allowed to fail. 597 * 598 * Side effects: 599 * 600 * Call context: 601 * process 602 *---------------------------------------------------------------- 603 */ 604 void hfa384x_destroy(struct hfa384x *hw) 605 { 606 struct sk_buff *skb; 607 608 if (hw->state == HFA384x_STATE_RUNNING) 609 hfa384x_drvr_stop(hw); 610 hw->state = HFA384x_STATE_PREINIT; 611 612 kfree(hw->scanresults); 613 hw->scanresults = NULL; 614 615 /* Now to clean out the auth queue */ 616 while ((skb = skb_dequeue(&hw->authq))) 617 dev_kfree_skb(skb); 618 } 619 620 static struct hfa384x_usbctlx *usbctlx_alloc(void) 621 { 622 struct hfa384x_usbctlx *ctlx; 623 624 ctlx = kzalloc(sizeof(*ctlx), 625 in_interrupt() ? GFP_ATOMIC : GFP_KERNEL); 626 if (ctlx) 627 init_completion(&ctlx->done); 628 629 return ctlx; 630 } 631 632 static int 633 usbctlx_get_status(const struct hfa384x_usb_statusresp *cmdresp, 634 struct hfa384x_cmdresult *result) 635 { 636 result->status = le16_to_cpu(cmdresp->status); 637 result->resp0 = le16_to_cpu(cmdresp->resp0); 638 result->resp1 = le16_to_cpu(cmdresp->resp1); 639 result->resp2 = le16_to_cpu(cmdresp->resp2); 640 641 pr_debug("cmdresult:status=0x%04x resp0=0x%04x resp1=0x%04x resp2=0x%04x\n", 642 result->status, result->resp0, result->resp1, result->resp2); 643 644 return result->status & HFA384x_STATUS_RESULT; 645 } 646 647 static void 648 usbctlx_get_rridresult(const struct hfa384x_usb_rridresp *rridresp, 649 struct hfa384x_rridresult *result) 650 { 651 result->rid = le16_to_cpu(rridresp->rid); 652 result->riddata = rridresp->data; 653 result->riddata_len = ((le16_to_cpu(rridresp->frmlen) - 1) * 2); 654 } 655 656 /*---------------------------------------------------------------- 657 * Completor object: 658 * This completor must be passed to hfa384x_usbctlx_complete_sync() 659 * when processing a CTLX that returns a struct hfa384x_cmdresult structure. 660 *---------------------------------------------------------------- 661 */ 662 struct usbctlx_cmd_completor { 663 struct usbctlx_completor head; 664 665 const struct hfa384x_usb_statusresp *cmdresp; 666 struct hfa384x_cmdresult *result; 667 }; 668 669 static inline int usbctlx_cmd_completor_fn(struct usbctlx_completor *head) 670 { 671 struct usbctlx_cmd_completor *complete; 672 673 complete = (struct usbctlx_cmd_completor *)head; 674 return usbctlx_get_status(complete->cmdresp, complete->result); 675 } 676 677 static inline struct usbctlx_completor * 678 init_cmd_completor(struct usbctlx_cmd_completor *completor, 679 const struct hfa384x_usb_statusresp *cmdresp, 680 struct hfa384x_cmdresult *result) 681 { 682 completor->head.complete = usbctlx_cmd_completor_fn; 683 completor->cmdresp = cmdresp; 684 completor->result = result; 685 return &completor->head; 686 } 687 688 /*---------------------------------------------------------------- 689 * Completor object: 690 * This completor must be passed to hfa384x_usbctlx_complete_sync() 691 * when processing a CTLX that reads a RID. 692 *---------------------------------------------------------------- 693 */ 694 struct usbctlx_rrid_completor { 695 struct usbctlx_completor head; 696 697 const struct hfa384x_usb_rridresp *rridresp; 698 void *riddata; 699 unsigned int riddatalen; 700 }; 701 702 static int usbctlx_rrid_completor_fn(struct usbctlx_completor *head) 703 { 704 struct usbctlx_rrid_completor *complete; 705 struct hfa384x_rridresult rridresult; 706 707 complete = (struct usbctlx_rrid_completor *)head; 708 usbctlx_get_rridresult(complete->rridresp, &rridresult); 709 710 /* Validate the length, note body len calculation in bytes */ 711 if (rridresult.riddata_len != complete->riddatalen) { 712 pr_warn("RID len mismatch, rid=0x%04x hlen=%d fwlen=%d\n", 713 rridresult.rid, 714 complete->riddatalen, rridresult.riddata_len); 715 return -ENODATA; 716 } 717 718 memcpy(complete->riddata, rridresult.riddata, complete->riddatalen); 719 return 0; 720 } 721 722 static inline struct usbctlx_completor * 723 init_rrid_completor(struct usbctlx_rrid_completor *completor, 724 const struct hfa384x_usb_rridresp *rridresp, 725 void *riddata, 726 unsigned int riddatalen) 727 { 728 completor->head.complete = usbctlx_rrid_completor_fn; 729 completor->rridresp = rridresp; 730 completor->riddata = riddata; 731 completor->riddatalen = riddatalen; 732 return &completor->head; 733 } 734 735 /*---------------------------------------------------------------- 736 * Completor object: 737 * Interprets the results of a synchronous RID-write 738 *---------------------------------------------------------------- 739 */ 740 #define init_wrid_completor init_cmd_completor 741 742 /*---------------------------------------------------------------- 743 * Completor object: 744 * Interprets the results of a synchronous memory-write 745 *---------------------------------------------------------------- 746 */ 747 #define init_wmem_completor init_cmd_completor 748 749 /*---------------------------------------------------------------- 750 * Completor object: 751 * Interprets the results of a synchronous memory-read 752 *---------------------------------------------------------------- 753 */ 754 struct usbctlx_rmem_completor { 755 struct usbctlx_completor head; 756 757 const struct hfa384x_usb_rmemresp *rmemresp; 758 void *data; 759 unsigned int len; 760 }; 761 762 static int usbctlx_rmem_completor_fn(struct usbctlx_completor *head) 763 { 764 struct usbctlx_rmem_completor *complete = 765 (struct usbctlx_rmem_completor *)head; 766 767 pr_debug("rmemresp:len=%d\n", complete->rmemresp->frmlen); 768 memcpy(complete->data, complete->rmemresp->data, complete->len); 769 return 0; 770 } 771 772 static inline struct usbctlx_completor * 773 init_rmem_completor(struct usbctlx_rmem_completor *completor, 774 struct hfa384x_usb_rmemresp *rmemresp, 775 void *data, 776 unsigned int len) 777 { 778 completor->head.complete = usbctlx_rmem_completor_fn; 779 completor->rmemresp = rmemresp; 780 completor->data = data; 781 completor->len = len; 782 return &completor->head; 783 } 784 785 /*---------------------------------------------------------------- 786 * hfa384x_cb_status 787 * 788 * Ctlx_complete handler for async CMD type control exchanges. 789 * mark the hw struct as such. 790 * 791 * Note: If the handling is changed here, it should probably be 792 * changed in docmd as well. 793 * 794 * Arguments: 795 * hw hw struct 796 * ctlx completed CTLX 797 * 798 * Returns: 799 * nothing 800 * 801 * Side effects: 802 * 803 * Call context: 804 * interrupt 805 *---------------------------------------------------------------- 806 */ 807 static void hfa384x_cb_status(struct hfa384x *hw, 808 const struct hfa384x_usbctlx *ctlx) 809 { 810 if (ctlx->usercb) { 811 struct hfa384x_cmdresult cmdresult; 812 813 if (ctlx->state != CTLX_COMPLETE) { 814 memset(&cmdresult, 0, sizeof(cmdresult)); 815 cmdresult.status = 816 HFA384x_STATUS_RESULT_SET(HFA384x_CMD_ERR); 817 } else { 818 usbctlx_get_status(&ctlx->inbuf.cmdresp, &cmdresult); 819 } 820 821 ctlx->usercb(hw, &cmdresult, ctlx->usercb_data); 822 } 823 } 824 825 static inline int hfa384x_docmd_wait(struct hfa384x *hw, 826 struct hfa384x_metacmd *cmd) 827 { 828 return hfa384x_docmd(hw, DOWAIT, cmd, NULL, NULL, NULL); 829 } 830 831 static inline int 832 hfa384x_docmd_async(struct hfa384x *hw, 833 struct hfa384x_metacmd *cmd, 834 ctlx_cmdcb_t cmdcb, ctlx_usercb_t usercb, void *usercb_data) 835 { 836 return hfa384x_docmd(hw, DOASYNC, cmd, cmdcb, usercb, usercb_data); 837 } 838 839 static inline int 840 hfa384x_dorrid_wait(struct hfa384x *hw, u16 rid, void *riddata, 841 unsigned int riddatalen) 842 { 843 return hfa384x_dorrid(hw, DOWAIT, 844 rid, riddata, riddatalen, NULL, NULL, NULL); 845 } 846 847 static inline int 848 hfa384x_dorrid_async(struct hfa384x *hw, 849 u16 rid, void *riddata, unsigned int riddatalen, 850 ctlx_cmdcb_t cmdcb, 851 ctlx_usercb_t usercb, void *usercb_data) 852 { 853 return hfa384x_dorrid(hw, DOASYNC, 854 rid, riddata, riddatalen, 855 cmdcb, usercb, usercb_data); 856 } 857 858 static inline int 859 hfa384x_dowrid_wait(struct hfa384x *hw, u16 rid, void *riddata, 860 unsigned int riddatalen) 861 { 862 return hfa384x_dowrid(hw, DOWAIT, 863 rid, riddata, riddatalen, NULL, NULL, NULL); 864 } 865 866 static inline int 867 hfa384x_dowrid_async(struct hfa384x *hw, 868 u16 rid, void *riddata, unsigned int riddatalen, 869 ctlx_cmdcb_t cmdcb, 870 ctlx_usercb_t usercb, void *usercb_data) 871 { 872 return hfa384x_dowrid(hw, DOASYNC, 873 rid, riddata, riddatalen, 874 cmdcb, usercb, usercb_data); 875 } 876 877 static inline int 878 hfa384x_dormem_wait(struct hfa384x *hw, 879 u16 page, u16 offset, void *data, unsigned int len) 880 { 881 return hfa384x_dormem(hw, DOWAIT, 882 page, offset, data, len, NULL, NULL, NULL); 883 } 884 885 static inline int 886 hfa384x_dormem_async(struct hfa384x *hw, 887 u16 page, u16 offset, void *data, unsigned int len, 888 ctlx_cmdcb_t cmdcb, 889 ctlx_usercb_t usercb, void *usercb_data) 890 { 891 return hfa384x_dormem(hw, DOASYNC, 892 page, offset, data, len, 893 cmdcb, usercb, usercb_data); 894 } 895 896 static inline int 897 hfa384x_dowmem_wait(struct hfa384x *hw, 898 u16 page, u16 offset, void *data, unsigned int len) 899 { 900 return hfa384x_dowmem(hw, DOWAIT, 901 page, offset, data, len, NULL, NULL, NULL); 902 } 903 904 static inline int 905 hfa384x_dowmem_async(struct hfa384x *hw, 906 u16 page, 907 u16 offset, 908 void *data, 909 unsigned int len, 910 ctlx_cmdcb_t cmdcb, 911 ctlx_usercb_t usercb, void *usercb_data) 912 { 913 return hfa384x_dowmem(hw, DOASYNC, 914 page, offset, data, len, 915 cmdcb, usercb, usercb_data); 916 } 917 918 /*---------------------------------------------------------------- 919 * hfa384x_cmd_initialize 920 * 921 * Issues the initialize command and sets the hw->state based 922 * on the result. 923 * 924 * Arguments: 925 * hw device structure 926 * 927 * Returns: 928 * 0 success 929 * >0 f/w reported error - f/w status code 930 * <0 driver reported error 931 * 932 * Side effects: 933 * 934 * Call context: 935 * process 936 *---------------------------------------------------------------- 937 */ 938 int hfa384x_cmd_initialize(struct hfa384x *hw) 939 { 940 int result = 0; 941 int i; 942 struct hfa384x_metacmd cmd; 943 944 cmd.cmd = HFA384x_CMDCODE_INIT; 945 cmd.parm0 = 0; 946 cmd.parm1 = 0; 947 cmd.parm2 = 0; 948 949 result = hfa384x_docmd_wait(hw, &cmd); 950 951 pr_debug("cmdresp.init: status=0x%04x, resp0=0x%04x, resp1=0x%04x, resp2=0x%04x\n", 952 cmd.result.status, 953 cmd.result.resp0, cmd.result.resp1, cmd.result.resp2); 954 if (result == 0) { 955 for (i = 0; i < HFA384x_NUMPORTS_MAX; i++) 956 hw->port_enabled[i] = 0; 957 } 958 959 hw->link_status = HFA384x_LINK_NOTCONNECTED; 960 961 return result; 962 } 963 964 /*---------------------------------------------------------------- 965 * hfa384x_cmd_disable 966 * 967 * Issues the disable command to stop communications on one of 968 * the MACs 'ports'. 969 * 970 * Arguments: 971 * hw device structure 972 * macport MAC port number (host order) 973 * 974 * Returns: 975 * 0 success 976 * >0 f/w reported failure - f/w status code 977 * <0 driver reported error (timeout|bad arg) 978 * 979 * Side effects: 980 * 981 * Call context: 982 * process 983 *---------------------------------------------------------------- 984 */ 985 int hfa384x_cmd_disable(struct hfa384x *hw, u16 macport) 986 { 987 struct hfa384x_metacmd cmd; 988 989 cmd.cmd = HFA384x_CMD_CMDCODE_SET(HFA384x_CMDCODE_DISABLE) | 990 HFA384x_CMD_MACPORT_SET(macport); 991 cmd.parm0 = 0; 992 cmd.parm1 = 0; 993 cmd.parm2 = 0; 994 995 return hfa384x_docmd_wait(hw, &cmd); 996 } 997 998 /*---------------------------------------------------------------- 999 * hfa384x_cmd_enable 1000 * 1001 * Issues the enable command to enable communications on one of 1002 * the MACs 'ports'. 1003 * 1004 * Arguments: 1005 * hw device structure 1006 * macport MAC port number 1007 * 1008 * Returns: 1009 * 0 success 1010 * >0 f/w reported failure - f/w status code 1011 * <0 driver reported error (timeout|bad arg) 1012 * 1013 * Side effects: 1014 * 1015 * Call context: 1016 * process 1017 *---------------------------------------------------------------- 1018 */ 1019 int hfa384x_cmd_enable(struct hfa384x *hw, u16 macport) 1020 { 1021 struct hfa384x_metacmd cmd; 1022 1023 cmd.cmd = HFA384x_CMD_CMDCODE_SET(HFA384x_CMDCODE_ENABLE) | 1024 HFA384x_CMD_MACPORT_SET(macport); 1025 cmd.parm0 = 0; 1026 cmd.parm1 = 0; 1027 cmd.parm2 = 0; 1028 1029 return hfa384x_docmd_wait(hw, &cmd); 1030 } 1031 1032 /*---------------------------------------------------------------- 1033 * hfa384x_cmd_monitor 1034 * 1035 * Enables the 'monitor mode' of the MAC. Here's the description of 1036 * monitor mode that I've received thus far: 1037 * 1038 * "The "monitor mode" of operation is that the MAC passes all 1039 * frames for which the PLCP checks are correct. All received 1040 * MPDUs are passed to the host with MAC Port = 7, with a 1041 * receive status of good, FCS error, or undecryptable. Passing 1042 * certain MPDUs is a violation of the 802.11 standard, but useful 1043 * for a debugging tool." Normal communication is not possible 1044 * while monitor mode is enabled. 1045 * 1046 * Arguments: 1047 * hw device structure 1048 * enable a code (0x0b|0x0f) that enables/disables 1049 * monitor mode. (host order) 1050 * 1051 * Returns: 1052 * 0 success 1053 * >0 f/w reported failure - f/w status code 1054 * <0 driver reported error (timeout|bad arg) 1055 * 1056 * Side effects: 1057 * 1058 * Call context: 1059 * process 1060 *---------------------------------------------------------------- 1061 */ 1062 int hfa384x_cmd_monitor(struct hfa384x *hw, u16 enable) 1063 { 1064 struct hfa384x_metacmd cmd; 1065 1066 cmd.cmd = HFA384x_CMD_CMDCODE_SET(HFA384x_CMDCODE_MONITOR) | 1067 HFA384x_CMD_AINFO_SET(enable); 1068 cmd.parm0 = 0; 1069 cmd.parm1 = 0; 1070 cmd.parm2 = 0; 1071 1072 return hfa384x_docmd_wait(hw, &cmd); 1073 } 1074 1075 /*---------------------------------------------------------------- 1076 * hfa384x_cmd_download 1077 * 1078 * Sets the controls for the MAC controller code/data download 1079 * process. The arguments set the mode and address associated 1080 * with a download. Note that the aux registers should be enabled 1081 * prior to setting one of the download enable modes. 1082 * 1083 * Arguments: 1084 * hw device structure 1085 * mode 0 - Disable programming and begin code exec 1086 * 1 - Enable volatile mem programming 1087 * 2 - Enable non-volatile mem programming 1088 * 3 - Program non-volatile section from NV download 1089 * buffer. 1090 * (host order) 1091 * lowaddr 1092 * highaddr For mode 1, sets the high & low order bits of 1093 * the "destination address". This address will be 1094 * the execution start address when download is 1095 * subsequently disabled. 1096 * For mode 2, sets the high & low order bits of 1097 * the destination in NV ram. 1098 * For modes 0 & 3, should be zero. (host order) 1099 * NOTE: these are CMD format. 1100 * codelen Length of the data to write in mode 2, 1101 * zero otherwise. (host order) 1102 * 1103 * Returns: 1104 * 0 success 1105 * >0 f/w reported failure - f/w status code 1106 * <0 driver reported error (timeout|bad arg) 1107 * 1108 * Side effects: 1109 * 1110 * Call context: 1111 * process 1112 *---------------------------------------------------------------- 1113 */ 1114 int hfa384x_cmd_download(struct hfa384x *hw, u16 mode, u16 lowaddr, 1115 u16 highaddr, u16 codelen) 1116 { 1117 struct hfa384x_metacmd cmd; 1118 1119 pr_debug("mode=%d, lowaddr=0x%04x, highaddr=0x%04x, codelen=%d\n", 1120 mode, lowaddr, highaddr, codelen); 1121 1122 cmd.cmd = (HFA384x_CMD_CMDCODE_SET(HFA384x_CMDCODE_DOWNLD) | 1123 HFA384x_CMD_PROGMODE_SET(mode)); 1124 1125 cmd.parm0 = lowaddr; 1126 cmd.parm1 = highaddr; 1127 cmd.parm2 = codelen; 1128 1129 return hfa384x_docmd_wait(hw, &cmd); 1130 } 1131 1132 /*---------------------------------------------------------------- 1133 * hfa384x_corereset 1134 * 1135 * Perform a reset of the hfa38xx MAC core. We assume that the hw 1136 * structure is in its "created" state. That is, it is initialized 1137 * with proper values. Note that if a reset is done after the 1138 * device has been active for awhile, the caller might have to clean 1139 * up some leftover cruft in the hw structure. 1140 * 1141 * Arguments: 1142 * hw device structure 1143 * holdtime how long (in ms) to hold the reset 1144 * settletime how long (in ms) to wait after releasing 1145 * the reset 1146 * 1147 * Returns: 1148 * nothing 1149 * 1150 * Side effects: 1151 * 1152 * Call context: 1153 * process 1154 *---------------------------------------------------------------- 1155 */ 1156 int hfa384x_corereset(struct hfa384x *hw, int holdtime, 1157 int settletime, int genesis) 1158 { 1159 int result; 1160 1161 result = usb_reset_device(hw->usb); 1162 if (result < 0) { 1163 netdev_err(hw->wlandev->netdev, "usb_reset_device() failed, result=%d.\n", 1164 result); 1165 } 1166 1167 return result; 1168 } 1169 1170 /*---------------------------------------------------------------- 1171 * hfa384x_usbctlx_complete_sync 1172 * 1173 * Waits for a synchronous CTLX object to complete, 1174 * and then handles the response. 1175 * 1176 * Arguments: 1177 * hw device structure 1178 * ctlx CTLX ptr 1179 * completor functor object to decide what to 1180 * do with the CTLX's result. 1181 * 1182 * Returns: 1183 * 0 Success 1184 * -ERESTARTSYS Interrupted by a signal 1185 * -EIO CTLX failed 1186 * -ENODEV Adapter was unplugged 1187 * ??? Result from completor 1188 * 1189 * Side effects: 1190 * 1191 * Call context: 1192 * process 1193 *---------------------------------------------------------------- 1194 */ 1195 static int hfa384x_usbctlx_complete_sync(struct hfa384x *hw, 1196 struct hfa384x_usbctlx *ctlx, 1197 struct usbctlx_completor *completor) 1198 { 1199 unsigned long flags; 1200 int result; 1201 1202 result = wait_for_completion_interruptible(&ctlx->done); 1203 1204 spin_lock_irqsave(&hw->ctlxq.lock, flags); 1205 1206 /* 1207 * We can only handle the CTLX if the USB disconnect 1208 * function has not run yet ... 1209 */ 1210 cleanup: 1211 if (hw->wlandev->hwremoved) { 1212 spin_unlock_irqrestore(&hw->ctlxq.lock, flags); 1213 result = -ENODEV; 1214 } else if (result != 0) { 1215 int runqueue = 0; 1216 1217 /* 1218 * We were probably interrupted, so delete 1219 * this CTLX asynchronously, kill the timers 1220 * and the URB, and then start the next 1221 * pending CTLX. 1222 * 1223 * NOTE: We can only delete the timers and 1224 * the URB if this CTLX is active. 1225 */ 1226 if (ctlx == get_active_ctlx(hw)) { 1227 spin_unlock_irqrestore(&hw->ctlxq.lock, flags); 1228 1229 del_singleshot_timer_sync(&hw->reqtimer); 1230 del_singleshot_timer_sync(&hw->resptimer); 1231 hw->req_timer_done = 1; 1232 hw->resp_timer_done = 1; 1233 usb_kill_urb(&hw->ctlx_urb); 1234 1235 spin_lock_irqsave(&hw->ctlxq.lock, flags); 1236 1237 runqueue = 1; 1238 1239 /* 1240 * This scenario is so unlikely that I'm 1241 * happy with a grubby "goto" solution ... 1242 */ 1243 if (hw->wlandev->hwremoved) 1244 goto cleanup; 1245 } 1246 1247 /* 1248 * The completion task will send this CTLX 1249 * to the reaper the next time it runs. We 1250 * are no longer in a hurry. 1251 */ 1252 ctlx->reapable = 1; 1253 ctlx->state = CTLX_REQ_FAILED; 1254 list_move_tail(&ctlx->list, &hw->ctlxq.completing); 1255 1256 spin_unlock_irqrestore(&hw->ctlxq.lock, flags); 1257 1258 if (runqueue) 1259 hfa384x_usbctlxq_run(hw); 1260 } else { 1261 if (ctlx->state == CTLX_COMPLETE) { 1262 result = completor->complete(completor); 1263 } else { 1264 netdev_warn(hw->wlandev->netdev, "CTLX[%d] error: state(%s)\n", 1265 le16_to_cpu(ctlx->outbuf.type), 1266 ctlxstr(ctlx->state)); 1267 result = -EIO; 1268 } 1269 1270 list_del(&ctlx->list); 1271 spin_unlock_irqrestore(&hw->ctlxq.lock, flags); 1272 kfree(ctlx); 1273 } 1274 1275 return result; 1276 } 1277 1278 /*---------------------------------------------------------------- 1279 * hfa384x_docmd 1280 * 1281 * Constructs a command CTLX and submits it. 1282 * 1283 * NOTE: Any changes to the 'post-submit' code in this function 1284 * need to be carried over to hfa384x_cbcmd() since the handling 1285 * is virtually identical. 1286 * 1287 * Arguments: 1288 * hw device structure 1289 * mode DOWAIT or DOASYNC 1290 * cmd cmd structure. Includes all arguments and result 1291 * data points. All in host order. in host order 1292 * cmdcb command-specific callback 1293 * usercb user callback for async calls, NULL for DOWAIT calls 1294 * usercb_data user supplied data pointer for async calls, NULL 1295 * for DOASYNC calls 1296 * 1297 * Returns: 1298 * 0 success 1299 * -EIO CTLX failure 1300 * -ERESTARTSYS Awakened on signal 1301 * >0 command indicated error, Status and Resp0-2 are 1302 * in hw structure. 1303 * 1304 * Side effects: 1305 * 1306 * 1307 * Call context: 1308 * process 1309 *---------------------------------------------------------------- 1310 */ 1311 static int 1312 hfa384x_docmd(struct hfa384x *hw, 1313 enum cmd_mode mode, 1314 struct hfa384x_metacmd *cmd, 1315 ctlx_cmdcb_t cmdcb, ctlx_usercb_t usercb, void *usercb_data) 1316 { 1317 int result; 1318 struct hfa384x_usbctlx *ctlx; 1319 1320 ctlx = usbctlx_alloc(); 1321 if (!ctlx) { 1322 result = -ENOMEM; 1323 goto done; 1324 } 1325 1326 /* Initialize the command */ 1327 ctlx->outbuf.cmdreq.type = cpu_to_le16(HFA384x_USB_CMDREQ); 1328 ctlx->outbuf.cmdreq.cmd = cpu_to_le16(cmd->cmd); 1329 ctlx->outbuf.cmdreq.parm0 = cpu_to_le16(cmd->parm0); 1330 ctlx->outbuf.cmdreq.parm1 = cpu_to_le16(cmd->parm1); 1331 ctlx->outbuf.cmdreq.parm2 = cpu_to_le16(cmd->parm2); 1332 1333 ctlx->outbufsize = sizeof(ctlx->outbuf.cmdreq); 1334 1335 pr_debug("cmdreq: cmd=0x%04x parm0=0x%04x parm1=0x%04x parm2=0x%04x\n", 1336 cmd->cmd, cmd->parm0, cmd->parm1, cmd->parm2); 1337 1338 ctlx->reapable = mode; 1339 ctlx->cmdcb = cmdcb; 1340 ctlx->usercb = usercb; 1341 ctlx->usercb_data = usercb_data; 1342 1343 result = hfa384x_usbctlx_submit(hw, ctlx); 1344 if (result != 0) { 1345 kfree(ctlx); 1346 } else if (mode == DOWAIT) { 1347 struct usbctlx_cmd_completor completor; 1348 1349 result = 1350 hfa384x_usbctlx_complete_sync(hw, ctlx, 1351 init_cmd_completor(&completor, 1352 &ctlx-> 1353 inbuf. 1354 cmdresp, 1355 &cmd-> 1356 result)); 1357 } 1358 1359 done: 1360 return result; 1361 } 1362 1363 /*---------------------------------------------------------------- 1364 * hfa384x_dorrid 1365 * 1366 * Constructs a read rid CTLX and issues it. 1367 * 1368 * NOTE: Any changes to the 'post-submit' code in this function 1369 * need to be carried over to hfa384x_cbrrid() since the handling 1370 * is virtually identical. 1371 * 1372 * Arguments: 1373 * hw device structure 1374 * mode DOWAIT or DOASYNC 1375 * rid Read RID number (host order) 1376 * riddata Caller supplied buffer that MAC formatted RID.data 1377 * record will be written to for DOWAIT calls. Should 1378 * be NULL for DOASYNC calls. 1379 * riddatalen Buffer length for DOWAIT calls. Zero for DOASYNC calls. 1380 * cmdcb command callback for async calls, NULL for DOWAIT calls 1381 * usercb user callback for async calls, NULL for DOWAIT calls 1382 * usercb_data user supplied data pointer for async calls, NULL 1383 * for DOWAIT calls 1384 * 1385 * Returns: 1386 * 0 success 1387 * -EIO CTLX failure 1388 * -ERESTARTSYS Awakened on signal 1389 * -ENODATA riddatalen != macdatalen 1390 * >0 command indicated error, Status and Resp0-2 are 1391 * in hw structure. 1392 * 1393 * Side effects: 1394 * 1395 * Call context: 1396 * interrupt (DOASYNC) 1397 * process (DOWAIT or DOASYNC) 1398 *---------------------------------------------------------------- 1399 */ 1400 static int 1401 hfa384x_dorrid(struct hfa384x *hw, 1402 enum cmd_mode mode, 1403 u16 rid, 1404 void *riddata, 1405 unsigned int riddatalen, 1406 ctlx_cmdcb_t cmdcb, ctlx_usercb_t usercb, void *usercb_data) 1407 { 1408 int result; 1409 struct hfa384x_usbctlx *ctlx; 1410 1411 ctlx = usbctlx_alloc(); 1412 if (!ctlx) { 1413 result = -ENOMEM; 1414 goto done; 1415 } 1416 1417 /* Initialize the command */ 1418 ctlx->outbuf.rridreq.type = cpu_to_le16(HFA384x_USB_RRIDREQ); 1419 ctlx->outbuf.rridreq.frmlen = 1420 cpu_to_le16(sizeof(ctlx->outbuf.rridreq.rid)); 1421 ctlx->outbuf.rridreq.rid = cpu_to_le16(rid); 1422 1423 ctlx->outbufsize = sizeof(ctlx->outbuf.rridreq); 1424 1425 ctlx->reapable = mode; 1426 ctlx->cmdcb = cmdcb; 1427 ctlx->usercb = usercb; 1428 ctlx->usercb_data = usercb_data; 1429 1430 /* Submit the CTLX */ 1431 result = hfa384x_usbctlx_submit(hw, ctlx); 1432 if (result != 0) { 1433 kfree(ctlx); 1434 } else if (mode == DOWAIT) { 1435 struct usbctlx_rrid_completor completor; 1436 1437 result = 1438 hfa384x_usbctlx_complete_sync(hw, ctlx, 1439 init_rrid_completor 1440 (&completor, 1441 &ctlx->inbuf.rridresp, 1442 riddata, riddatalen)); 1443 } 1444 1445 done: 1446 return result; 1447 } 1448 1449 /*---------------------------------------------------------------- 1450 * hfa384x_dowrid 1451 * 1452 * Constructs a write rid CTLX and issues it. 1453 * 1454 * NOTE: Any changes to the 'post-submit' code in this function 1455 * need to be carried over to hfa384x_cbwrid() since the handling 1456 * is virtually identical. 1457 * 1458 * Arguments: 1459 * hw device structure 1460 * enum cmd_mode DOWAIT or DOASYNC 1461 * rid RID code 1462 * riddata Data portion of RID formatted for MAC 1463 * riddatalen Length of the data portion in bytes 1464 * cmdcb command callback for async calls, NULL for DOWAIT calls 1465 * usercb user callback for async calls, NULL for DOWAIT calls 1466 * usercb_data user supplied data pointer for async calls 1467 * 1468 * Returns: 1469 * 0 success 1470 * -ETIMEDOUT timed out waiting for register ready or 1471 * command completion 1472 * >0 command indicated error, Status and Resp0-2 are 1473 * in hw structure. 1474 * 1475 * Side effects: 1476 * 1477 * Call context: 1478 * interrupt (DOASYNC) 1479 * process (DOWAIT or DOASYNC) 1480 *---------------------------------------------------------------- 1481 */ 1482 static int 1483 hfa384x_dowrid(struct hfa384x *hw, 1484 enum cmd_mode mode, 1485 u16 rid, 1486 void *riddata, 1487 unsigned int riddatalen, 1488 ctlx_cmdcb_t cmdcb, ctlx_usercb_t usercb, void *usercb_data) 1489 { 1490 int result; 1491 struct hfa384x_usbctlx *ctlx; 1492 1493 ctlx = usbctlx_alloc(); 1494 if (!ctlx) { 1495 result = -ENOMEM; 1496 goto done; 1497 } 1498 1499 /* Initialize the command */ 1500 ctlx->outbuf.wridreq.type = cpu_to_le16(HFA384x_USB_WRIDREQ); 1501 ctlx->outbuf.wridreq.frmlen = cpu_to_le16((sizeof 1502 (ctlx->outbuf.wridreq.rid) + 1503 riddatalen + 1) / 2); 1504 ctlx->outbuf.wridreq.rid = cpu_to_le16(rid); 1505 memcpy(ctlx->outbuf.wridreq.data, riddata, riddatalen); 1506 1507 ctlx->outbufsize = sizeof(ctlx->outbuf.wridreq.type) + 1508 sizeof(ctlx->outbuf.wridreq.frmlen) + 1509 sizeof(ctlx->outbuf.wridreq.rid) + riddatalen; 1510 1511 ctlx->reapable = mode; 1512 ctlx->cmdcb = cmdcb; 1513 ctlx->usercb = usercb; 1514 ctlx->usercb_data = usercb_data; 1515 1516 /* Submit the CTLX */ 1517 result = hfa384x_usbctlx_submit(hw, ctlx); 1518 if (result != 0) { 1519 kfree(ctlx); 1520 } else if (mode == DOWAIT) { 1521 struct usbctlx_cmd_completor completor; 1522 struct hfa384x_cmdresult wridresult; 1523 1524 result = hfa384x_usbctlx_complete_sync(hw, 1525 ctlx, 1526 init_wrid_completor 1527 (&completor, 1528 &ctlx->inbuf.wridresp, 1529 &wridresult)); 1530 } 1531 1532 done: 1533 return result; 1534 } 1535 1536 /*---------------------------------------------------------------- 1537 * hfa384x_dormem 1538 * 1539 * Constructs a readmem CTLX and issues it. 1540 * 1541 * NOTE: Any changes to the 'post-submit' code in this function 1542 * need to be carried over to hfa384x_cbrmem() since the handling 1543 * is virtually identical. 1544 * 1545 * Arguments: 1546 * hw device structure 1547 * mode DOWAIT or DOASYNC 1548 * page MAC address space page (CMD format) 1549 * offset MAC address space offset 1550 * data Ptr to data buffer to receive read 1551 * len Length of the data to read (max == 2048) 1552 * cmdcb command callback for async calls, NULL for DOWAIT calls 1553 * usercb user callback for async calls, NULL for DOWAIT calls 1554 * usercb_data user supplied data pointer for async calls 1555 * 1556 * Returns: 1557 * 0 success 1558 * -ETIMEDOUT timed out waiting for register ready or 1559 * command completion 1560 * >0 command indicated error, Status and Resp0-2 are 1561 * in hw structure. 1562 * 1563 * Side effects: 1564 * 1565 * Call context: 1566 * interrupt (DOASYNC) 1567 * process (DOWAIT or DOASYNC) 1568 *---------------------------------------------------------------- 1569 */ 1570 static int 1571 hfa384x_dormem(struct hfa384x *hw, 1572 enum cmd_mode mode, 1573 u16 page, 1574 u16 offset, 1575 void *data, 1576 unsigned int len, 1577 ctlx_cmdcb_t cmdcb, ctlx_usercb_t usercb, void *usercb_data) 1578 { 1579 int result; 1580 struct hfa384x_usbctlx *ctlx; 1581 1582 ctlx = usbctlx_alloc(); 1583 if (!ctlx) { 1584 result = -ENOMEM; 1585 goto done; 1586 } 1587 1588 /* Initialize the command */ 1589 ctlx->outbuf.rmemreq.type = cpu_to_le16(HFA384x_USB_RMEMREQ); 1590 ctlx->outbuf.rmemreq.frmlen = 1591 cpu_to_le16(sizeof(ctlx->outbuf.rmemreq.offset) + 1592 sizeof(ctlx->outbuf.rmemreq.page) + len); 1593 ctlx->outbuf.rmemreq.offset = cpu_to_le16(offset); 1594 ctlx->outbuf.rmemreq.page = cpu_to_le16(page); 1595 1596 ctlx->outbufsize = sizeof(ctlx->outbuf.rmemreq); 1597 1598 pr_debug("type=0x%04x frmlen=%d offset=0x%04x page=0x%04x\n", 1599 ctlx->outbuf.rmemreq.type, 1600 ctlx->outbuf.rmemreq.frmlen, 1601 ctlx->outbuf.rmemreq.offset, ctlx->outbuf.rmemreq.page); 1602 1603 pr_debug("pktsize=%zd\n", ROUNDUP64(sizeof(ctlx->outbuf.rmemreq))); 1604 1605 ctlx->reapable = mode; 1606 ctlx->cmdcb = cmdcb; 1607 ctlx->usercb = usercb; 1608 ctlx->usercb_data = usercb_data; 1609 1610 result = hfa384x_usbctlx_submit(hw, ctlx); 1611 if (result != 0) { 1612 kfree(ctlx); 1613 } else if (mode == DOWAIT) { 1614 struct usbctlx_rmem_completor completor; 1615 1616 result = 1617 hfa384x_usbctlx_complete_sync(hw, ctlx, 1618 init_rmem_completor 1619 (&completor, 1620 &ctlx->inbuf.rmemresp, data, 1621 len)); 1622 } 1623 1624 done: 1625 return result; 1626 } 1627 1628 /*---------------------------------------------------------------- 1629 * hfa384x_dowmem 1630 * 1631 * Constructs a writemem CTLX and issues it. 1632 * 1633 * NOTE: Any changes to the 'post-submit' code in this function 1634 * need to be carried over to hfa384x_cbwmem() since the handling 1635 * is virtually identical. 1636 * 1637 * Arguments: 1638 * hw device structure 1639 * mode DOWAIT or DOASYNC 1640 * page MAC address space page (CMD format) 1641 * offset MAC address space offset 1642 * data Ptr to data buffer containing write data 1643 * len Length of the data to read (max == 2048) 1644 * cmdcb command callback for async calls, NULL for DOWAIT calls 1645 * usercb user callback for async calls, NULL for DOWAIT calls 1646 * usercb_data user supplied data pointer for async calls. 1647 * 1648 * Returns: 1649 * 0 success 1650 * -ETIMEDOUT timed out waiting for register ready or 1651 * command completion 1652 * >0 command indicated error, Status and Resp0-2 are 1653 * in hw structure. 1654 * 1655 * Side effects: 1656 * 1657 * Call context: 1658 * interrupt (DOWAIT) 1659 * process (DOWAIT or DOASYNC) 1660 *---------------------------------------------------------------- 1661 */ 1662 static int 1663 hfa384x_dowmem(struct hfa384x *hw, 1664 enum cmd_mode mode, 1665 u16 page, 1666 u16 offset, 1667 void *data, 1668 unsigned int len, 1669 ctlx_cmdcb_t cmdcb, ctlx_usercb_t usercb, void *usercb_data) 1670 { 1671 int result; 1672 struct hfa384x_usbctlx *ctlx; 1673 1674 pr_debug("page=0x%04x offset=0x%04x len=%d\n", page, offset, len); 1675 1676 ctlx = usbctlx_alloc(); 1677 if (!ctlx) { 1678 result = -ENOMEM; 1679 goto done; 1680 } 1681 1682 /* Initialize the command */ 1683 ctlx->outbuf.wmemreq.type = cpu_to_le16(HFA384x_USB_WMEMREQ); 1684 ctlx->outbuf.wmemreq.frmlen = 1685 cpu_to_le16(sizeof(ctlx->outbuf.wmemreq.offset) + 1686 sizeof(ctlx->outbuf.wmemreq.page) + len); 1687 ctlx->outbuf.wmemreq.offset = cpu_to_le16(offset); 1688 ctlx->outbuf.wmemreq.page = cpu_to_le16(page); 1689 memcpy(ctlx->outbuf.wmemreq.data, data, len); 1690 1691 ctlx->outbufsize = sizeof(ctlx->outbuf.wmemreq.type) + 1692 sizeof(ctlx->outbuf.wmemreq.frmlen) + 1693 sizeof(ctlx->outbuf.wmemreq.offset) + 1694 sizeof(ctlx->outbuf.wmemreq.page) + len; 1695 1696 ctlx->reapable = mode; 1697 ctlx->cmdcb = cmdcb; 1698 ctlx->usercb = usercb; 1699 ctlx->usercb_data = usercb_data; 1700 1701 result = hfa384x_usbctlx_submit(hw, ctlx); 1702 if (result != 0) { 1703 kfree(ctlx); 1704 } else if (mode == DOWAIT) { 1705 struct usbctlx_cmd_completor completor; 1706 struct hfa384x_cmdresult wmemresult; 1707 1708 result = hfa384x_usbctlx_complete_sync(hw, 1709 ctlx, 1710 init_wmem_completor 1711 (&completor, 1712 &ctlx->inbuf.wmemresp, 1713 &wmemresult)); 1714 } 1715 1716 done: 1717 return result; 1718 } 1719 1720 /*---------------------------------------------------------------- 1721 * hfa384x_drvr_disable 1722 * 1723 * Issues the disable command to stop communications on one of 1724 * the MACs 'ports'. Only macport 0 is valid for stations. 1725 * APs may also disable macports 1-6. Only ports that have been 1726 * previously enabled may be disabled. 1727 * 1728 * Arguments: 1729 * hw device structure 1730 * macport MAC port number (host order) 1731 * 1732 * Returns: 1733 * 0 success 1734 * >0 f/w reported failure - f/w status code 1735 * <0 driver reported error (timeout|bad arg) 1736 * 1737 * Side effects: 1738 * 1739 * Call context: 1740 * process 1741 *---------------------------------------------------------------- 1742 */ 1743 int hfa384x_drvr_disable(struct hfa384x *hw, u16 macport) 1744 { 1745 int result = 0; 1746 1747 if ((!hw->isap && macport != 0) || 1748 (hw->isap && !(macport <= HFA384x_PORTID_MAX)) || 1749 !(hw->port_enabled[macport])) { 1750 result = -EINVAL; 1751 } else { 1752 result = hfa384x_cmd_disable(hw, macport); 1753 if (result == 0) 1754 hw->port_enabled[macport] = 0; 1755 } 1756 return result; 1757 } 1758 1759 /*---------------------------------------------------------------- 1760 * hfa384x_drvr_enable 1761 * 1762 * Issues the enable command to enable communications on one of 1763 * the MACs 'ports'. Only macport 0 is valid for stations. 1764 * APs may also enable macports 1-6. Only ports that are currently 1765 * disabled may be enabled. 1766 * 1767 * Arguments: 1768 * hw device structure 1769 * macport MAC port number 1770 * 1771 * Returns: 1772 * 0 success 1773 * >0 f/w reported failure - f/w status code 1774 * <0 driver reported error (timeout|bad arg) 1775 * 1776 * Side effects: 1777 * 1778 * Call context: 1779 * process 1780 *---------------------------------------------------------------- 1781 */ 1782 int hfa384x_drvr_enable(struct hfa384x *hw, u16 macport) 1783 { 1784 int result = 0; 1785 1786 if ((!hw->isap && macport != 0) || 1787 (hw->isap && !(macport <= HFA384x_PORTID_MAX)) || 1788 (hw->port_enabled[macport])) { 1789 result = -EINVAL; 1790 } else { 1791 result = hfa384x_cmd_enable(hw, macport); 1792 if (result == 0) 1793 hw->port_enabled[macport] = 1; 1794 } 1795 return result; 1796 } 1797 1798 /*---------------------------------------------------------------- 1799 * hfa384x_drvr_flashdl_enable 1800 * 1801 * Begins the flash download state. Checks to see that we're not 1802 * already in a download state and that a port isn't enabled. 1803 * Sets the download state and retrieves the flash download 1804 * buffer location, buffer size, and timeout length. 1805 * 1806 * Arguments: 1807 * hw device structure 1808 * 1809 * Returns: 1810 * 0 success 1811 * >0 f/w reported error - f/w status code 1812 * <0 driver reported error 1813 * 1814 * Side effects: 1815 * 1816 * Call context: 1817 * process 1818 *---------------------------------------------------------------- 1819 */ 1820 int hfa384x_drvr_flashdl_enable(struct hfa384x *hw) 1821 { 1822 int result = 0; 1823 int i; 1824 1825 /* Check that a port isn't active */ 1826 for (i = 0; i < HFA384x_PORTID_MAX; i++) { 1827 if (hw->port_enabled[i]) { 1828 pr_debug("called when port enabled.\n"); 1829 return -EINVAL; 1830 } 1831 } 1832 1833 /* Check that we're not already in a download state */ 1834 if (hw->dlstate != HFA384x_DLSTATE_DISABLED) 1835 return -EINVAL; 1836 1837 /* Retrieve the buffer loc&size and timeout */ 1838 result = hfa384x_drvr_getconfig(hw, HFA384x_RID_DOWNLOADBUFFER, 1839 &hw->bufinfo, sizeof(hw->bufinfo)); 1840 if (result) 1841 return result; 1842 1843 hw->bufinfo.page = le16_to_cpu(hw->bufinfo.page); 1844 hw->bufinfo.offset = le16_to_cpu(hw->bufinfo.offset); 1845 hw->bufinfo.len = le16_to_cpu(hw->bufinfo.len); 1846 result = hfa384x_drvr_getconfig16(hw, HFA384x_RID_MAXLOADTIME, 1847 &hw->dltimeout); 1848 if (result) 1849 return result; 1850 1851 hw->dltimeout = le16_to_cpu(hw->dltimeout); 1852 1853 pr_debug("flashdl_enable\n"); 1854 1855 hw->dlstate = HFA384x_DLSTATE_FLASHENABLED; 1856 1857 return result; 1858 } 1859 1860 /*---------------------------------------------------------------- 1861 * hfa384x_drvr_flashdl_disable 1862 * 1863 * Ends the flash download state. Note that this will cause the MAC 1864 * firmware to restart. 1865 * 1866 * Arguments: 1867 * hw device structure 1868 * 1869 * Returns: 1870 * 0 success 1871 * >0 f/w reported error - f/w status code 1872 * <0 driver reported error 1873 * 1874 * Side effects: 1875 * 1876 * Call context: 1877 * process 1878 *---------------------------------------------------------------- 1879 */ 1880 int hfa384x_drvr_flashdl_disable(struct hfa384x *hw) 1881 { 1882 /* Check that we're already in the download state */ 1883 if (hw->dlstate != HFA384x_DLSTATE_FLASHENABLED) 1884 return -EINVAL; 1885 1886 pr_debug("flashdl_enable\n"); 1887 1888 /* There isn't much we can do at this point, so I don't */ 1889 /* bother w/ the return value */ 1890 hfa384x_cmd_download(hw, HFA384x_PROGMODE_DISABLE, 0, 0, 0); 1891 hw->dlstate = HFA384x_DLSTATE_DISABLED; 1892 1893 return 0; 1894 } 1895 1896 /*---------------------------------------------------------------- 1897 * hfa384x_drvr_flashdl_write 1898 * 1899 * Performs a FLASH download of a chunk of data. First checks to see 1900 * that we're in the FLASH download state, then sets the download 1901 * mode, uses the aux functions to 1) copy the data to the flash 1902 * buffer, 2) sets the download 'write flash' mode, 3) readback and 1903 * compare. Lather rinse, repeat as many times an necessary to get 1904 * all the given data into flash. 1905 * When all data has been written using this function (possibly 1906 * repeatedly), call drvr_flashdl_disable() to end the download state 1907 * and restart the MAC. 1908 * 1909 * Arguments: 1910 * hw device structure 1911 * daddr Card address to write to. (host order) 1912 * buf Ptr to data to write. 1913 * len Length of data (host order). 1914 * 1915 * Returns: 1916 * 0 success 1917 * >0 f/w reported error - f/w status code 1918 * <0 driver reported error 1919 * 1920 * Side effects: 1921 * 1922 * Call context: 1923 * process 1924 *---------------------------------------------------------------- 1925 */ 1926 int hfa384x_drvr_flashdl_write(struct hfa384x *hw, u32 daddr, 1927 void *buf, u32 len) 1928 { 1929 int result = 0; 1930 u32 dlbufaddr; 1931 int nburns; 1932 u32 burnlen; 1933 u32 burndaddr; 1934 u16 burnlo; 1935 u16 burnhi; 1936 int nwrites; 1937 u8 *writebuf; 1938 u16 writepage; 1939 u16 writeoffset; 1940 u32 writelen; 1941 int i; 1942 int j; 1943 1944 pr_debug("daddr=0x%08x len=%d\n", daddr, len); 1945 1946 /* Check that we're in the flash download state */ 1947 if (hw->dlstate != HFA384x_DLSTATE_FLASHENABLED) 1948 return -EINVAL; 1949 1950 netdev_info(hw->wlandev->netdev, 1951 "Download %d bytes to flash @0x%06x\n", len, daddr); 1952 1953 /* Convert to flat address for arithmetic */ 1954 /* NOTE: dlbuffer RID stores the address in AUX format */ 1955 dlbufaddr = 1956 HFA384x_ADDR_AUX_MKFLAT(hw->bufinfo.page, hw->bufinfo.offset); 1957 pr_debug("dlbuf.page=0x%04x dlbuf.offset=0x%04x dlbufaddr=0x%08x\n", 1958 hw->bufinfo.page, hw->bufinfo.offset, dlbufaddr); 1959 /* Calculations to determine how many fills of the dlbuffer to do 1960 * and how many USB wmemreq's to do for each fill. At this point 1961 * in time, the dlbuffer size and the wmemreq size are the same. 1962 * Therefore, nwrites should always be 1. The extra complexity 1963 * here is a hedge against future changes. 1964 */ 1965 1966 /* Figure out how many times to do the flash programming */ 1967 nburns = len / hw->bufinfo.len; 1968 nburns += (len % hw->bufinfo.len) ? 1 : 0; 1969 1970 /* For each flash program cycle, how many USB wmemreq's are needed? */ 1971 nwrites = hw->bufinfo.len / HFA384x_USB_RWMEM_MAXLEN; 1972 nwrites += (hw->bufinfo.len % HFA384x_USB_RWMEM_MAXLEN) ? 1 : 0; 1973 1974 /* For each burn */ 1975 for (i = 0; i < nburns; i++) { 1976 /* Get the dest address and len */ 1977 burnlen = (len - (hw->bufinfo.len * i)) > hw->bufinfo.len ? 1978 hw->bufinfo.len : (len - (hw->bufinfo.len * i)); 1979 burndaddr = daddr + (hw->bufinfo.len * i); 1980 burnlo = HFA384x_ADDR_CMD_MKOFF(burndaddr); 1981 burnhi = HFA384x_ADDR_CMD_MKPAGE(burndaddr); 1982 1983 netdev_info(hw->wlandev->netdev, "Writing %d bytes to flash @0x%06x\n", 1984 burnlen, burndaddr); 1985 1986 /* Set the download mode */ 1987 result = hfa384x_cmd_download(hw, HFA384x_PROGMODE_NV, 1988 burnlo, burnhi, burnlen); 1989 if (result) { 1990 netdev_err(hw->wlandev->netdev, 1991 "download(NV,lo=%x,hi=%x,len=%x) cmd failed, result=%d. Aborting d/l\n", 1992 burnlo, burnhi, burnlen, result); 1993 goto exit_proc; 1994 } 1995 1996 /* copy the data to the flash download buffer */ 1997 for (j = 0; j < nwrites; j++) { 1998 writebuf = buf + 1999 (i * hw->bufinfo.len) + 2000 (j * HFA384x_USB_RWMEM_MAXLEN); 2001 2002 writepage = HFA384x_ADDR_CMD_MKPAGE(dlbufaddr + 2003 (j * HFA384x_USB_RWMEM_MAXLEN)); 2004 writeoffset = HFA384x_ADDR_CMD_MKOFF(dlbufaddr + 2005 (j * HFA384x_USB_RWMEM_MAXLEN)); 2006 2007 writelen = burnlen - (j * HFA384x_USB_RWMEM_MAXLEN); 2008 writelen = writelen > HFA384x_USB_RWMEM_MAXLEN ? 2009 HFA384x_USB_RWMEM_MAXLEN : writelen; 2010 2011 result = hfa384x_dowmem_wait(hw, 2012 writepage, 2013 writeoffset, 2014 writebuf, writelen); 2015 } 2016 2017 /* set the download 'write flash' mode */ 2018 result = hfa384x_cmd_download(hw, 2019 HFA384x_PROGMODE_NVWRITE, 2020 0, 0, 0); 2021 if (result) { 2022 netdev_err(hw->wlandev->netdev, 2023 "download(NVWRITE,lo=%x,hi=%x,len=%x) cmd failed, result=%d. Aborting d/l\n", 2024 burnlo, burnhi, burnlen, result); 2025 goto exit_proc; 2026 } 2027 2028 /* TODO: We really should do a readback and compare. */ 2029 } 2030 2031 exit_proc: 2032 2033 /* Leave the firmware in the 'post-prog' mode. flashdl_disable will */ 2034 /* actually disable programming mode. Remember, that will cause the */ 2035 /* the firmware to effectively reset itself. */ 2036 2037 return result; 2038 } 2039 2040 /*---------------------------------------------------------------- 2041 * hfa384x_drvr_getconfig 2042 * 2043 * Performs the sequence necessary to read a config/info item. 2044 * 2045 * Arguments: 2046 * hw device structure 2047 * rid config/info record id (host order) 2048 * buf host side record buffer. Upon return it will 2049 * contain the body portion of the record (minus the 2050 * RID and len). 2051 * len buffer length (in bytes, should match record length) 2052 * 2053 * Returns: 2054 * 0 success 2055 * >0 f/w reported error - f/w status code 2056 * <0 driver reported error 2057 * -ENODATA length mismatch between argument and retrieved 2058 * record. 2059 * 2060 * Side effects: 2061 * 2062 * Call context: 2063 * process 2064 *---------------------------------------------------------------- 2065 */ 2066 int hfa384x_drvr_getconfig(struct hfa384x *hw, u16 rid, void *buf, u16 len) 2067 { 2068 return hfa384x_dorrid_wait(hw, rid, buf, len); 2069 } 2070 2071 /*---------------------------------------------------------------- 2072 * hfa384x_drvr_setconfig_async 2073 * 2074 * Performs the sequence necessary to write a config/info item. 2075 * 2076 * Arguments: 2077 * hw device structure 2078 * rid config/info record id (in host order) 2079 * buf host side record buffer 2080 * len buffer length (in bytes) 2081 * usercb completion callback 2082 * usercb_data completion callback argument 2083 * 2084 * Returns: 2085 * 0 success 2086 * >0 f/w reported error - f/w status code 2087 * <0 driver reported error 2088 * 2089 * Side effects: 2090 * 2091 * Call context: 2092 * process 2093 *---------------------------------------------------------------- 2094 */ 2095 int 2096 hfa384x_drvr_setconfig_async(struct hfa384x *hw, 2097 u16 rid, 2098 void *buf, 2099 u16 len, ctlx_usercb_t usercb, void *usercb_data) 2100 { 2101 return hfa384x_dowrid_async(hw, rid, buf, len, 2102 hfa384x_cb_status, usercb, usercb_data); 2103 } 2104 2105 /*---------------------------------------------------------------- 2106 * hfa384x_drvr_ramdl_disable 2107 * 2108 * Ends the ram download state. 2109 * 2110 * Arguments: 2111 * hw device structure 2112 * 2113 * Returns: 2114 * 0 success 2115 * >0 f/w reported error - f/w status code 2116 * <0 driver reported error 2117 * 2118 * Side effects: 2119 * 2120 * Call context: 2121 * process 2122 *---------------------------------------------------------------- 2123 */ 2124 int hfa384x_drvr_ramdl_disable(struct hfa384x *hw) 2125 { 2126 /* Check that we're already in the download state */ 2127 if (hw->dlstate != HFA384x_DLSTATE_RAMENABLED) 2128 return -EINVAL; 2129 2130 pr_debug("ramdl_disable()\n"); 2131 2132 /* There isn't much we can do at this point, so I don't */ 2133 /* bother w/ the return value */ 2134 hfa384x_cmd_download(hw, HFA384x_PROGMODE_DISABLE, 0, 0, 0); 2135 hw->dlstate = HFA384x_DLSTATE_DISABLED; 2136 2137 return 0; 2138 } 2139 2140 /*---------------------------------------------------------------- 2141 * hfa384x_drvr_ramdl_enable 2142 * 2143 * Begins the ram download state. Checks to see that we're not 2144 * already in a download state and that a port isn't enabled. 2145 * Sets the download state and calls cmd_download with the 2146 * ENABLE_VOLATILE subcommand and the exeaddr argument. 2147 * 2148 * Arguments: 2149 * hw device structure 2150 * exeaddr the card execution address that will be 2151 * jumped to when ramdl_disable() is called 2152 * (host order). 2153 * 2154 * Returns: 2155 * 0 success 2156 * >0 f/w reported error - f/w status code 2157 * <0 driver reported error 2158 * 2159 * Side effects: 2160 * 2161 * Call context: 2162 * process 2163 *---------------------------------------------------------------- 2164 */ 2165 int hfa384x_drvr_ramdl_enable(struct hfa384x *hw, u32 exeaddr) 2166 { 2167 int result = 0; 2168 u16 lowaddr; 2169 u16 hiaddr; 2170 int i; 2171 2172 /* Check that a port isn't active */ 2173 for (i = 0; i < HFA384x_PORTID_MAX; i++) { 2174 if (hw->port_enabled[i]) { 2175 netdev_err(hw->wlandev->netdev, 2176 "Can't download with a macport enabled.\n"); 2177 return -EINVAL; 2178 } 2179 } 2180 2181 /* Check that we're not already in a download state */ 2182 if (hw->dlstate != HFA384x_DLSTATE_DISABLED) { 2183 netdev_err(hw->wlandev->netdev, 2184 "Download state not disabled.\n"); 2185 return -EINVAL; 2186 } 2187 2188 pr_debug("ramdl_enable, exeaddr=0x%08x\n", exeaddr); 2189 2190 /* Call the download(1,addr) function */ 2191 lowaddr = HFA384x_ADDR_CMD_MKOFF(exeaddr); 2192 hiaddr = HFA384x_ADDR_CMD_MKPAGE(exeaddr); 2193 2194 result = hfa384x_cmd_download(hw, HFA384x_PROGMODE_RAM, 2195 lowaddr, hiaddr, 0); 2196 2197 if (result == 0) { 2198 /* Set the download state */ 2199 hw->dlstate = HFA384x_DLSTATE_RAMENABLED; 2200 } else { 2201 pr_debug("cmd_download(0x%04x, 0x%04x) failed, result=%d.\n", 2202 lowaddr, hiaddr, result); 2203 } 2204 2205 return result; 2206 } 2207 2208 /*---------------------------------------------------------------- 2209 * hfa384x_drvr_ramdl_write 2210 * 2211 * Performs a RAM download of a chunk of data. First checks to see 2212 * that we're in the RAM download state, then uses the [read|write]mem USB 2213 * commands to 1) copy the data, 2) readback and compare. The download 2214 * state is unaffected. When all data has been written using 2215 * this function, call drvr_ramdl_disable() to end the download state 2216 * and restart the MAC. 2217 * 2218 * Arguments: 2219 * hw device structure 2220 * daddr Card address to write to. (host order) 2221 * buf Ptr to data to write. 2222 * len Length of data (host order). 2223 * 2224 * Returns: 2225 * 0 success 2226 * >0 f/w reported error - f/w status code 2227 * <0 driver reported error 2228 * 2229 * Side effects: 2230 * 2231 * Call context: 2232 * process 2233 *---------------------------------------------------------------- 2234 */ 2235 int hfa384x_drvr_ramdl_write(struct hfa384x *hw, u32 daddr, void *buf, u32 len) 2236 { 2237 int result = 0; 2238 int nwrites; 2239 u8 *data = buf; 2240 int i; 2241 u32 curraddr; 2242 u16 currpage; 2243 u16 curroffset; 2244 u16 currlen; 2245 2246 /* Check that we're in the ram download state */ 2247 if (hw->dlstate != HFA384x_DLSTATE_RAMENABLED) 2248 return -EINVAL; 2249 2250 netdev_info(hw->wlandev->netdev, "Writing %d bytes to ram @0x%06x\n", 2251 len, daddr); 2252 2253 /* How many dowmem calls? */ 2254 nwrites = len / HFA384x_USB_RWMEM_MAXLEN; 2255 nwrites += len % HFA384x_USB_RWMEM_MAXLEN ? 1 : 0; 2256 2257 /* Do blocking wmem's */ 2258 for (i = 0; i < nwrites; i++) { 2259 /* make address args */ 2260 curraddr = daddr + (i * HFA384x_USB_RWMEM_MAXLEN); 2261 currpage = HFA384x_ADDR_CMD_MKPAGE(curraddr); 2262 curroffset = HFA384x_ADDR_CMD_MKOFF(curraddr); 2263 currlen = len - (i * HFA384x_USB_RWMEM_MAXLEN); 2264 if (currlen > HFA384x_USB_RWMEM_MAXLEN) 2265 currlen = HFA384x_USB_RWMEM_MAXLEN; 2266 2267 /* Do blocking ctlx */ 2268 result = hfa384x_dowmem_wait(hw, 2269 currpage, 2270 curroffset, 2271 data + 2272 (i * HFA384x_USB_RWMEM_MAXLEN), 2273 currlen); 2274 2275 if (result) 2276 break; 2277 2278 /* TODO: We really should have a readback. */ 2279 } 2280 2281 return result; 2282 } 2283 2284 /*---------------------------------------------------------------- 2285 * hfa384x_drvr_readpda 2286 * 2287 * Performs the sequence to read the PDA space. Note there is no 2288 * drvr_writepda() function. Writing a PDA is 2289 * generally implemented by a calling component via calls to 2290 * cmd_download and writing to the flash download buffer via the 2291 * aux regs. 2292 * 2293 * Arguments: 2294 * hw device structure 2295 * buf buffer to store PDA in 2296 * len buffer length 2297 * 2298 * Returns: 2299 * 0 success 2300 * >0 f/w reported error - f/w status code 2301 * <0 driver reported error 2302 * -ETIMEDOUT timeout waiting for the cmd regs to become 2303 * available, or waiting for the control reg 2304 * to indicate the Aux port is enabled. 2305 * -ENODATA the buffer does NOT contain a valid PDA. 2306 * Either the card PDA is bad, or the auxdata 2307 * reads are giving us garbage. 2308 * 2309 * 2310 * Side effects: 2311 * 2312 * Call context: 2313 * process or non-card interrupt. 2314 *---------------------------------------------------------------- 2315 */ 2316 int hfa384x_drvr_readpda(struct hfa384x *hw, void *buf, unsigned int len) 2317 { 2318 int result = 0; 2319 u16 *pda = buf; 2320 int pdaok = 0; 2321 int morepdrs = 1; 2322 int currpdr = 0; /* word offset of the current pdr */ 2323 size_t i; 2324 u16 pdrlen; /* pdr length in bytes, host order */ 2325 u16 pdrcode; /* pdr code, host order */ 2326 u16 currpage; 2327 u16 curroffset; 2328 struct pdaloc { 2329 u32 cardaddr; 2330 u16 auxctl; 2331 } pdaloc[] = { 2332 { 2333 HFA3842_PDA_BASE, 0}, { 2334 HFA3841_PDA_BASE, 0}, { 2335 HFA3841_PDA_BOGUS_BASE, 0} 2336 }; 2337 2338 /* Read the pda from each known address. */ 2339 for (i = 0; i < ARRAY_SIZE(pdaloc); i++) { 2340 /* Make address */ 2341 currpage = HFA384x_ADDR_CMD_MKPAGE(pdaloc[i].cardaddr); 2342 curroffset = HFA384x_ADDR_CMD_MKOFF(pdaloc[i].cardaddr); 2343 2344 /* units of bytes */ 2345 result = hfa384x_dormem_wait(hw, currpage, curroffset, buf, 2346 len); 2347 2348 if (result) { 2349 netdev_warn(hw->wlandev->netdev, 2350 "Read from index %zd failed, continuing\n", 2351 i); 2352 continue; 2353 } 2354 2355 /* Test for garbage */ 2356 pdaok = 1; /* initially assume good */ 2357 morepdrs = 1; 2358 while (pdaok && morepdrs) { 2359 pdrlen = le16_to_cpu(pda[currpdr]) * 2; 2360 pdrcode = le16_to_cpu(pda[currpdr + 1]); 2361 /* Test the record length */ 2362 if (pdrlen > HFA384x_PDR_LEN_MAX || pdrlen == 0) { 2363 netdev_err(hw->wlandev->netdev, 2364 "pdrlen invalid=%d\n", pdrlen); 2365 pdaok = 0; 2366 break; 2367 } 2368 /* Test the code */ 2369 if (!hfa384x_isgood_pdrcode(pdrcode)) { 2370 netdev_err(hw->wlandev->netdev, "pdrcode invalid=%d\n", 2371 pdrcode); 2372 pdaok = 0; 2373 break; 2374 } 2375 /* Test for completion */ 2376 if (pdrcode == HFA384x_PDR_END_OF_PDA) 2377 morepdrs = 0; 2378 2379 /* Move to the next pdr (if necessary) */ 2380 if (morepdrs) { 2381 /* note the access to pda[], need words here */ 2382 currpdr += le16_to_cpu(pda[currpdr]) + 1; 2383 } 2384 } 2385 if (pdaok) { 2386 netdev_info(hw->wlandev->netdev, 2387 "PDA Read from 0x%08x in %s space.\n", 2388 pdaloc[i].cardaddr, 2389 pdaloc[i].auxctl == 0 ? "EXTDS" : 2390 pdaloc[i].auxctl == 1 ? "NV" : 2391 pdaloc[i].auxctl == 2 ? "PHY" : 2392 pdaloc[i].auxctl == 3 ? "ICSRAM" : 2393 "<bogus auxctl>"); 2394 break; 2395 } 2396 } 2397 result = pdaok ? 0 : -ENODATA; 2398 2399 if (result) 2400 pr_debug("Failure: pda is not okay\n"); 2401 2402 return result; 2403 } 2404 2405 /*---------------------------------------------------------------- 2406 * hfa384x_drvr_setconfig 2407 * 2408 * Performs the sequence necessary to write a config/info item. 2409 * 2410 * Arguments: 2411 * hw device structure 2412 * rid config/info record id (in host order) 2413 * buf host side record buffer 2414 * len buffer length (in bytes) 2415 * 2416 * Returns: 2417 * 0 success 2418 * >0 f/w reported error - f/w status code 2419 * <0 driver reported error 2420 * 2421 * Side effects: 2422 * 2423 * Call context: 2424 * process 2425 *---------------------------------------------------------------- 2426 */ 2427 int hfa384x_drvr_setconfig(struct hfa384x *hw, u16 rid, void *buf, u16 len) 2428 { 2429 return hfa384x_dowrid_wait(hw, rid, buf, len); 2430 } 2431 2432 /*---------------------------------------------------------------- 2433 * hfa384x_drvr_start 2434 * 2435 * Issues the MAC initialize command, sets up some data structures, 2436 * and enables the interrupts. After this function completes, the 2437 * low-level stuff should be ready for any/all commands. 2438 * 2439 * Arguments: 2440 * hw device structure 2441 * Returns: 2442 * 0 success 2443 * >0 f/w reported error - f/w status code 2444 * <0 driver reported error 2445 * 2446 * Side effects: 2447 * 2448 * Call context: 2449 * process 2450 *---------------------------------------------------------------- 2451 */ 2452 int hfa384x_drvr_start(struct hfa384x *hw) 2453 { 2454 int result, result1, result2; 2455 u16 status; 2456 2457 might_sleep(); 2458 2459 /* Clear endpoint stalls - but only do this if the endpoint 2460 * is showing a stall status. Some prism2 cards seem to behave 2461 * badly if a clear_halt is called when the endpoint is already 2462 * ok 2463 */ 2464 result = 2465 usb_get_status(hw->usb, USB_RECIP_ENDPOINT, hw->endp_in, &status); 2466 if (result < 0) { 2467 netdev_err(hw->wlandev->netdev, "Cannot get bulk in endpoint status.\n"); 2468 goto done; 2469 } 2470 if ((status == 1) && usb_clear_halt(hw->usb, hw->endp_in)) 2471 netdev_err(hw->wlandev->netdev, "Failed to reset bulk in endpoint.\n"); 2472 2473 result = 2474 usb_get_status(hw->usb, USB_RECIP_ENDPOINT, hw->endp_out, &status); 2475 if (result < 0) { 2476 netdev_err(hw->wlandev->netdev, "Cannot get bulk out endpoint status.\n"); 2477 goto done; 2478 } 2479 if ((status == 1) && usb_clear_halt(hw->usb, hw->endp_out)) 2480 netdev_err(hw->wlandev->netdev, "Failed to reset bulk out endpoint.\n"); 2481 2482 /* Synchronous unlink, in case we're trying to restart the driver */ 2483 usb_kill_urb(&hw->rx_urb); 2484 2485 /* Post the IN urb */ 2486 result = submit_rx_urb(hw, GFP_KERNEL); 2487 if (result != 0) { 2488 netdev_err(hw->wlandev->netdev, 2489 "Fatal, failed to submit RX URB, result=%d\n", 2490 result); 2491 goto done; 2492 } 2493 2494 /* Call initialize twice, with a 1 second sleep in between. 2495 * This is a nasty work-around since many prism2 cards seem to 2496 * need time to settle after an init from cold. The second 2497 * call to initialize in theory is not necessary - but we call 2498 * it anyway as a double insurance policy: 2499 * 1) If the first init should fail, the second may well succeed 2500 * and the card can still be used 2501 * 2) It helps ensures all is well with the card after the first 2502 * init and settle time. 2503 */ 2504 result1 = hfa384x_cmd_initialize(hw); 2505 msleep(1000); 2506 result = hfa384x_cmd_initialize(hw); 2507 result2 = result; 2508 if (result1 != 0) { 2509 if (result2 != 0) { 2510 netdev_err(hw->wlandev->netdev, 2511 "cmd_initialize() failed on two attempts, results %d and %d\n", 2512 result1, result2); 2513 usb_kill_urb(&hw->rx_urb); 2514 goto done; 2515 } else { 2516 pr_debug("First cmd_initialize() failed (result %d),\n", 2517 result1); 2518 pr_debug("but second attempt succeeded. All should be ok\n"); 2519 } 2520 } else if (result2 != 0) { 2521 netdev_warn(hw->wlandev->netdev, "First cmd_initialize() succeeded, but second attempt failed (result=%d)\n", 2522 result2); 2523 netdev_warn(hw->wlandev->netdev, 2524 "Most likely the card will be functional\n"); 2525 goto done; 2526 } 2527 2528 hw->state = HFA384x_STATE_RUNNING; 2529 2530 done: 2531 return result; 2532 } 2533 2534 /*---------------------------------------------------------------- 2535 * hfa384x_drvr_stop 2536 * 2537 * Shuts down the MAC to the point where it is safe to unload the 2538 * driver. Any subsystem that may be holding a data or function 2539 * ptr into the driver must be cleared/deinitialized. 2540 * 2541 * Arguments: 2542 * hw device structure 2543 * Returns: 2544 * 0 success 2545 * >0 f/w reported error - f/w status code 2546 * <0 driver reported error 2547 * 2548 * Side effects: 2549 * 2550 * Call context: 2551 * process 2552 *---------------------------------------------------------------- 2553 */ 2554 int hfa384x_drvr_stop(struct hfa384x *hw) 2555 { 2556 int i; 2557 2558 might_sleep(); 2559 2560 /* There's no need for spinlocks here. The USB "disconnect" 2561 * function sets this "removed" flag and then calls us. 2562 */ 2563 if (!hw->wlandev->hwremoved) { 2564 /* Call initialize to leave the MAC in its 'reset' state */ 2565 hfa384x_cmd_initialize(hw); 2566 2567 /* Cancel the rxurb */ 2568 usb_kill_urb(&hw->rx_urb); 2569 } 2570 2571 hw->link_status = HFA384x_LINK_NOTCONNECTED; 2572 hw->state = HFA384x_STATE_INIT; 2573 2574 del_timer_sync(&hw->commsqual_timer); 2575 2576 /* Clear all the port status */ 2577 for (i = 0; i < HFA384x_NUMPORTS_MAX; i++) 2578 hw->port_enabled[i] = 0; 2579 2580 return 0; 2581 } 2582 2583 /*---------------------------------------------------------------- 2584 * hfa384x_drvr_txframe 2585 * 2586 * Takes a frame from prism2sta and queues it for transmission. 2587 * 2588 * Arguments: 2589 * hw device structure 2590 * skb packet buffer struct. Contains an 802.11 2591 * data frame. 2592 * p80211_hdr points to the 802.11 header for the packet. 2593 * Returns: 2594 * 0 Success and more buffs available 2595 * 1 Success but no more buffs 2596 * 2 Allocation failure 2597 * 4 Buffer full or queue busy 2598 * 2599 * Side effects: 2600 * 2601 * Call context: 2602 * interrupt 2603 *---------------------------------------------------------------- 2604 */ 2605 int hfa384x_drvr_txframe(struct hfa384x *hw, struct sk_buff *skb, 2606 union p80211_hdr *p80211_hdr, 2607 struct p80211_metawep *p80211_wep) 2608 { 2609 int usbpktlen = sizeof(struct hfa384x_tx_frame); 2610 int result; 2611 int ret; 2612 char *ptr; 2613 2614 if (hw->tx_urb.status == -EINPROGRESS) { 2615 netdev_warn(hw->wlandev->netdev, "TX URB already in use\n"); 2616 result = 3; 2617 goto exit; 2618 } 2619 2620 /* Build Tx frame structure */ 2621 /* Set up the control field */ 2622 memset(&hw->txbuff.txfrm.desc, 0, sizeof(hw->txbuff.txfrm.desc)); 2623 2624 /* Setup the usb type field */ 2625 hw->txbuff.type = cpu_to_le16(HFA384x_USB_TXFRM); 2626 2627 /* Set up the sw_support field to identify this frame */ 2628 hw->txbuff.txfrm.desc.sw_support = 0x0123; 2629 2630 /* Tx complete and Tx exception disable per dleach. Might be causing 2631 * buf depletion 2632 */ 2633 /* #define DOEXC SLP -- doboth breaks horribly under load, doexc less so. */ 2634 #if defined(DOBOTH) 2635 hw->txbuff.txfrm.desc.tx_control = 2636 HFA384x_TX_MACPORT_SET(0) | HFA384x_TX_STRUCTYPE_SET(1) | 2637 HFA384x_TX_TXEX_SET(1) | HFA384x_TX_TXOK_SET(1); 2638 #elif defined(DOEXC) 2639 hw->txbuff.txfrm.desc.tx_control = 2640 HFA384x_TX_MACPORT_SET(0) | HFA384x_TX_STRUCTYPE_SET(1) | 2641 HFA384x_TX_TXEX_SET(1) | HFA384x_TX_TXOK_SET(0); 2642 #else 2643 hw->txbuff.txfrm.desc.tx_control = 2644 HFA384x_TX_MACPORT_SET(0) | HFA384x_TX_STRUCTYPE_SET(1) | 2645 HFA384x_TX_TXEX_SET(0) | HFA384x_TX_TXOK_SET(0); 2646 #endif 2647 hw->txbuff.txfrm.desc.tx_control = 2648 cpu_to_le16(hw->txbuff.txfrm.desc.tx_control); 2649 2650 /* copy the header over to the txdesc */ 2651 memcpy(&hw->txbuff.txfrm.desc.frame_control, p80211_hdr, 2652 sizeof(union p80211_hdr)); 2653 2654 /* if we're using host WEP, increase size by IV+ICV */ 2655 if (p80211_wep->data) { 2656 hw->txbuff.txfrm.desc.data_len = cpu_to_le16(skb->len + 8); 2657 usbpktlen += 8; 2658 } else { 2659 hw->txbuff.txfrm.desc.data_len = cpu_to_le16(skb->len); 2660 } 2661 2662 usbpktlen += skb->len; 2663 2664 /* copy over the WEP IV if we are using host WEP */ 2665 ptr = hw->txbuff.txfrm.data; 2666 if (p80211_wep->data) { 2667 memcpy(ptr, p80211_wep->iv, sizeof(p80211_wep->iv)); 2668 ptr += sizeof(p80211_wep->iv); 2669 memcpy(ptr, p80211_wep->data, skb->len); 2670 } else { 2671 memcpy(ptr, skb->data, skb->len); 2672 } 2673 /* copy over the packet data */ 2674 ptr += skb->len; 2675 2676 /* copy over the WEP ICV if we are using host WEP */ 2677 if (p80211_wep->data) 2678 memcpy(ptr, p80211_wep->icv, sizeof(p80211_wep->icv)); 2679 2680 /* Send the USB packet */ 2681 usb_fill_bulk_urb(&hw->tx_urb, hw->usb, 2682 hw->endp_out, 2683 &hw->txbuff, ROUNDUP64(usbpktlen), 2684 hfa384x_usbout_callback, hw->wlandev); 2685 hw->tx_urb.transfer_flags |= USB_QUEUE_BULK; 2686 2687 result = 1; 2688 ret = submit_tx_urb(hw, &hw->tx_urb, GFP_ATOMIC); 2689 if (ret != 0) { 2690 netdev_err(hw->wlandev->netdev, 2691 "submit_tx_urb() failed, error=%d\n", ret); 2692 result = 3; 2693 } 2694 2695 exit: 2696 return result; 2697 } 2698 2699 void hfa384x_tx_timeout(struct wlandevice *wlandev) 2700 { 2701 struct hfa384x *hw = wlandev->priv; 2702 unsigned long flags; 2703 2704 spin_lock_irqsave(&hw->ctlxq.lock, flags); 2705 2706 if (!hw->wlandev->hwremoved) { 2707 int sched; 2708 2709 sched = !test_and_set_bit(WORK_TX_HALT, &hw->usb_flags); 2710 sched |= !test_and_set_bit(WORK_RX_HALT, &hw->usb_flags); 2711 if (sched) 2712 schedule_work(&hw->usb_work); 2713 } 2714 2715 spin_unlock_irqrestore(&hw->ctlxq.lock, flags); 2716 } 2717 2718 /*---------------------------------------------------------------- 2719 * hfa384x_usbctlx_reaper_task 2720 * 2721 * Tasklet to delete dead CTLX objects 2722 * 2723 * Arguments: 2724 * data ptr to a struct hfa384x 2725 * 2726 * Returns: 2727 * 2728 * Call context: 2729 * Interrupt 2730 *---------------------------------------------------------------- 2731 */ 2732 static void hfa384x_usbctlx_reaper_task(unsigned long data) 2733 { 2734 struct hfa384x *hw = (struct hfa384x *)data; 2735 struct hfa384x_usbctlx *ctlx, *temp; 2736 unsigned long flags; 2737 2738 spin_lock_irqsave(&hw->ctlxq.lock, flags); 2739 2740 /* This list is guaranteed to be empty if someone 2741 * has unplugged the adapter. 2742 */ 2743 list_for_each_entry_safe(ctlx, temp, &hw->ctlxq.reapable, list) { 2744 list_del(&ctlx->list); 2745 kfree(ctlx); 2746 } 2747 2748 spin_unlock_irqrestore(&hw->ctlxq.lock, flags); 2749 } 2750 2751 /*---------------------------------------------------------------- 2752 * hfa384x_usbctlx_completion_task 2753 * 2754 * Tasklet to call completion handlers for returned CTLXs 2755 * 2756 * Arguments: 2757 * data ptr to struct hfa384x 2758 * 2759 * Returns: 2760 * Nothing 2761 * 2762 * Call context: 2763 * Interrupt 2764 *---------------------------------------------------------------- 2765 */ 2766 static void hfa384x_usbctlx_completion_task(unsigned long data) 2767 { 2768 struct hfa384x *hw = (struct hfa384x *)data; 2769 struct hfa384x_usbctlx *ctlx, *temp; 2770 unsigned long flags; 2771 2772 int reap = 0; 2773 2774 spin_lock_irqsave(&hw->ctlxq.lock, flags); 2775 2776 /* This list is guaranteed to be empty if someone 2777 * has unplugged the adapter ... 2778 */ 2779 list_for_each_entry_safe(ctlx, temp, &hw->ctlxq.completing, list) { 2780 /* Call the completion function that this 2781 * command was assigned, assuming it has one. 2782 */ 2783 if (ctlx->cmdcb) { 2784 spin_unlock_irqrestore(&hw->ctlxq.lock, flags); 2785 ctlx->cmdcb(hw, ctlx); 2786 spin_lock_irqsave(&hw->ctlxq.lock, flags); 2787 2788 /* Make sure we don't try and complete 2789 * this CTLX more than once! 2790 */ 2791 ctlx->cmdcb = NULL; 2792 2793 /* Did someone yank the adapter out 2794 * while our list was (briefly) unlocked? 2795 */ 2796 if (hw->wlandev->hwremoved) { 2797 reap = 0; 2798 break; 2799 } 2800 } 2801 2802 /* 2803 * "Reapable" CTLXs are ones which don't have any 2804 * threads waiting for them to die. Hence they must 2805 * be delivered to The Reaper! 2806 */ 2807 if (ctlx->reapable) { 2808 /* Move the CTLX off the "completing" list (hopefully) 2809 * on to the "reapable" list where the reaper task 2810 * can find it. And "reapable" means that this CTLX 2811 * isn't sitting on a wait-queue somewhere. 2812 */ 2813 list_move_tail(&ctlx->list, &hw->ctlxq.reapable); 2814 reap = 1; 2815 } 2816 2817 complete(&ctlx->done); 2818 } 2819 spin_unlock_irqrestore(&hw->ctlxq.lock, flags); 2820 2821 if (reap) 2822 tasklet_schedule(&hw->reaper_bh); 2823 } 2824 2825 /*---------------------------------------------------------------- 2826 * unlocked_usbctlx_cancel_async 2827 * 2828 * Mark the CTLX dead asynchronously, and ensure that the 2829 * next command on the queue is run afterwards. 2830 * 2831 * Arguments: 2832 * hw ptr to the struct hfa384x structure 2833 * ctlx ptr to a CTLX structure 2834 * 2835 * Returns: 2836 * 0 the CTLX's URB is inactive 2837 * -EINPROGRESS the URB is currently being unlinked 2838 * 2839 * Call context: 2840 * Either process or interrupt, but presumably interrupt 2841 *---------------------------------------------------------------- 2842 */ 2843 static int unlocked_usbctlx_cancel_async(struct hfa384x *hw, 2844 struct hfa384x_usbctlx *ctlx) 2845 { 2846 int ret; 2847 2848 /* 2849 * Try to delete the URB containing our request packet. 2850 * If we succeed, then its completion handler will be 2851 * called with a status of -ECONNRESET. 2852 */ 2853 hw->ctlx_urb.transfer_flags |= URB_ASYNC_UNLINK; 2854 ret = usb_unlink_urb(&hw->ctlx_urb); 2855 2856 if (ret != -EINPROGRESS) { 2857 /* 2858 * The OUT URB had either already completed 2859 * or was still in the pending queue, so the 2860 * URB's completion function will not be called. 2861 * We will have to complete the CTLX ourselves. 2862 */ 2863 ctlx->state = CTLX_REQ_FAILED; 2864 unlocked_usbctlx_complete(hw, ctlx); 2865 ret = 0; 2866 } 2867 2868 return ret; 2869 } 2870 2871 /*---------------------------------------------------------------- 2872 * unlocked_usbctlx_complete 2873 * 2874 * A CTLX has completed. It may have been successful, it may not 2875 * have been. At this point, the CTLX should be quiescent. The URBs 2876 * aren't active and the timers should have been stopped. 2877 * 2878 * The CTLX is migrated to the "completing" queue, and the completing 2879 * tasklet is scheduled. 2880 * 2881 * Arguments: 2882 * hw ptr to a struct hfa384x structure 2883 * ctlx ptr to a ctlx structure 2884 * 2885 * Returns: 2886 * nothing 2887 * 2888 * Side effects: 2889 * 2890 * Call context: 2891 * Either, assume interrupt 2892 *---------------------------------------------------------------- 2893 */ 2894 static void unlocked_usbctlx_complete(struct hfa384x *hw, 2895 struct hfa384x_usbctlx *ctlx) 2896 { 2897 /* Timers have been stopped, and ctlx should be in 2898 * a terminal state. Retire it from the "active" 2899 * queue. 2900 */ 2901 list_move_tail(&ctlx->list, &hw->ctlxq.completing); 2902 tasklet_schedule(&hw->completion_bh); 2903 2904 switch (ctlx->state) { 2905 case CTLX_COMPLETE: 2906 case CTLX_REQ_FAILED: 2907 /* This are the correct terminating states. */ 2908 break; 2909 2910 default: 2911 netdev_err(hw->wlandev->netdev, "CTLX[%d] not in a terminating state(%s)\n", 2912 le16_to_cpu(ctlx->outbuf.type), 2913 ctlxstr(ctlx->state)); 2914 break; 2915 } /* switch */ 2916 } 2917 2918 /*---------------------------------------------------------------- 2919 * hfa384x_usbctlxq_run 2920 * 2921 * Checks to see if the head item is running. If not, starts it. 2922 * 2923 * Arguments: 2924 * hw ptr to struct hfa384x 2925 * 2926 * Returns: 2927 * nothing 2928 * 2929 * Side effects: 2930 * 2931 * Call context: 2932 * any 2933 *---------------------------------------------------------------- 2934 */ 2935 static void hfa384x_usbctlxq_run(struct hfa384x *hw) 2936 { 2937 unsigned long flags; 2938 2939 /* acquire lock */ 2940 spin_lock_irqsave(&hw->ctlxq.lock, flags); 2941 2942 /* Only one active CTLX at any one time, because there's no 2943 * other (reliable) way to match the response URB to the 2944 * correct CTLX. 2945 * 2946 * Don't touch any of these CTLXs if the hardware 2947 * has been removed or the USB subsystem is stalled. 2948 */ 2949 if (!list_empty(&hw->ctlxq.active) || 2950 test_bit(WORK_TX_HALT, &hw->usb_flags) || hw->wlandev->hwremoved) 2951 goto unlock; 2952 2953 while (!list_empty(&hw->ctlxq.pending)) { 2954 struct hfa384x_usbctlx *head; 2955 int result; 2956 2957 /* This is the first pending command */ 2958 head = list_entry(hw->ctlxq.pending.next, 2959 struct hfa384x_usbctlx, list); 2960 2961 /* We need to split this off to avoid a race condition */ 2962 list_move_tail(&head->list, &hw->ctlxq.active); 2963 2964 /* Fill the out packet */ 2965 usb_fill_bulk_urb(&hw->ctlx_urb, hw->usb, 2966 hw->endp_out, 2967 &head->outbuf, ROUNDUP64(head->outbufsize), 2968 hfa384x_ctlxout_callback, hw); 2969 hw->ctlx_urb.transfer_flags |= USB_QUEUE_BULK; 2970 2971 /* Now submit the URB and update the CTLX's state */ 2972 result = usb_submit_urb(&hw->ctlx_urb, GFP_ATOMIC); 2973 if (result == 0) { 2974 /* This CTLX is now running on the active queue */ 2975 head->state = CTLX_REQ_SUBMITTED; 2976 2977 /* Start the OUT wait timer */ 2978 hw->req_timer_done = 0; 2979 hw->reqtimer.expires = jiffies + HZ; 2980 add_timer(&hw->reqtimer); 2981 2982 /* Start the IN wait timer */ 2983 hw->resp_timer_done = 0; 2984 hw->resptimer.expires = jiffies + 2 * HZ; 2985 add_timer(&hw->resptimer); 2986 2987 break; 2988 } 2989 2990 if (result == -EPIPE) { 2991 /* The OUT pipe needs resetting, so put 2992 * this CTLX back in the "pending" queue 2993 * and schedule a reset ... 2994 */ 2995 netdev_warn(hw->wlandev->netdev, 2996 "%s tx pipe stalled: requesting reset\n", 2997 hw->wlandev->netdev->name); 2998 list_move(&head->list, &hw->ctlxq.pending); 2999 set_bit(WORK_TX_HALT, &hw->usb_flags); 3000 schedule_work(&hw->usb_work); 3001 break; 3002 } 3003 3004 if (result == -ESHUTDOWN) { 3005 netdev_warn(hw->wlandev->netdev, "%s urb shutdown!\n", 3006 hw->wlandev->netdev->name); 3007 break; 3008 } 3009 3010 netdev_err(hw->wlandev->netdev, "Failed to submit CTLX[%d]: error=%d\n", 3011 le16_to_cpu(head->outbuf.type), result); 3012 unlocked_usbctlx_complete(hw, head); 3013 } /* while */ 3014 3015 unlock: 3016 spin_unlock_irqrestore(&hw->ctlxq.lock, flags); 3017 } 3018 3019 /*---------------------------------------------------------------- 3020 * hfa384x_usbin_callback 3021 * 3022 * Callback for URBs on the BULKIN endpoint. 3023 * 3024 * Arguments: 3025 * urb ptr to the completed urb 3026 * 3027 * Returns: 3028 * nothing 3029 * 3030 * Side effects: 3031 * 3032 * Call context: 3033 * interrupt 3034 *---------------------------------------------------------------- 3035 */ 3036 static void hfa384x_usbin_callback(struct urb *urb) 3037 { 3038 struct wlandevice *wlandev = urb->context; 3039 struct hfa384x *hw; 3040 union hfa384x_usbin *usbin; 3041 struct sk_buff *skb = NULL; 3042 int result; 3043 int urb_status; 3044 u16 type; 3045 3046 enum USBIN_ACTION { 3047 HANDLE, 3048 RESUBMIT, 3049 ABORT 3050 } action; 3051 3052 if (!wlandev || !wlandev->netdev || wlandev->hwremoved) 3053 goto exit; 3054 3055 hw = wlandev->priv; 3056 if (!hw) 3057 goto exit; 3058 3059 skb = hw->rx_urb_skb; 3060 if (!skb || (skb->data != urb->transfer_buffer)) { 3061 WARN_ON(1); 3062 return; 3063 } 3064 3065 hw->rx_urb_skb = NULL; 3066 3067 /* Check for error conditions within the URB */ 3068 switch (urb->status) { 3069 case 0: 3070 action = HANDLE; 3071 3072 /* Check for short packet */ 3073 if (urb->actual_length == 0) { 3074 wlandev->netdev->stats.rx_errors++; 3075 wlandev->netdev->stats.rx_length_errors++; 3076 action = RESUBMIT; 3077 } 3078 break; 3079 3080 case -EPIPE: 3081 netdev_warn(hw->wlandev->netdev, "%s rx pipe stalled: requesting reset\n", 3082 wlandev->netdev->name); 3083 if (!test_and_set_bit(WORK_RX_HALT, &hw->usb_flags)) 3084 schedule_work(&hw->usb_work); 3085 wlandev->netdev->stats.rx_errors++; 3086 action = ABORT; 3087 break; 3088 3089 case -EILSEQ: 3090 case -ETIMEDOUT: 3091 case -EPROTO: 3092 if (!test_and_set_bit(THROTTLE_RX, &hw->usb_flags) && 3093 !timer_pending(&hw->throttle)) { 3094 mod_timer(&hw->throttle, jiffies + THROTTLE_JIFFIES); 3095 } 3096 wlandev->netdev->stats.rx_errors++; 3097 action = ABORT; 3098 break; 3099 3100 case -EOVERFLOW: 3101 wlandev->netdev->stats.rx_over_errors++; 3102 action = RESUBMIT; 3103 break; 3104 3105 case -ENODEV: 3106 case -ESHUTDOWN: 3107 pr_debug("status=%d, device removed.\n", urb->status); 3108 action = ABORT; 3109 break; 3110 3111 case -ENOENT: 3112 case -ECONNRESET: 3113 pr_debug("status=%d, urb explicitly unlinked.\n", urb->status); 3114 action = ABORT; 3115 break; 3116 3117 default: 3118 pr_debug("urb status=%d, transfer flags=0x%x\n", 3119 urb->status, urb->transfer_flags); 3120 wlandev->netdev->stats.rx_errors++; 3121 action = RESUBMIT; 3122 break; 3123 } 3124 3125 urb_status = urb->status; 3126 3127 if (action != ABORT) { 3128 /* Repost the RX URB */ 3129 result = submit_rx_urb(hw, GFP_ATOMIC); 3130 3131 if (result != 0) { 3132 netdev_err(hw->wlandev->netdev, 3133 "Fatal, failed to resubmit rx_urb. error=%d\n", 3134 result); 3135 } 3136 } 3137 3138 /* Handle any USB-IN packet */ 3139 /* Note: the check of the sw_support field, the type field doesn't 3140 * have bit 12 set like the docs suggest. 3141 */ 3142 usbin = (union hfa384x_usbin *)urb->transfer_buffer; 3143 type = le16_to_cpu(usbin->type); 3144 if (HFA384x_USB_ISRXFRM(type)) { 3145 if (action == HANDLE) { 3146 if (usbin->txfrm.desc.sw_support == 0x0123) { 3147 hfa384x_usbin_txcompl(wlandev, usbin); 3148 } else { 3149 skb_put(skb, sizeof(*usbin)); 3150 hfa384x_usbin_rx(wlandev, skb); 3151 skb = NULL; 3152 } 3153 } 3154 goto exit; 3155 } 3156 if (HFA384x_USB_ISTXFRM(type)) { 3157 if (action == HANDLE) 3158 hfa384x_usbin_txcompl(wlandev, usbin); 3159 goto exit; 3160 } 3161 switch (type) { 3162 case HFA384x_USB_INFOFRM: 3163 if (action == ABORT) 3164 goto exit; 3165 if (action == HANDLE) 3166 hfa384x_usbin_info(wlandev, usbin); 3167 break; 3168 3169 case HFA384x_USB_CMDRESP: 3170 case HFA384x_USB_WRIDRESP: 3171 case HFA384x_USB_RRIDRESP: 3172 case HFA384x_USB_WMEMRESP: 3173 case HFA384x_USB_RMEMRESP: 3174 /* ALWAYS, ALWAYS, ALWAYS handle this CTLX!!!! */ 3175 hfa384x_usbin_ctlx(hw, usbin, urb_status); 3176 break; 3177 3178 case HFA384x_USB_BUFAVAIL: 3179 pr_debug("Received BUFAVAIL packet, frmlen=%d\n", 3180 usbin->bufavail.frmlen); 3181 break; 3182 3183 case HFA384x_USB_ERROR: 3184 pr_debug("Received USB_ERROR packet, errortype=%d\n", 3185 usbin->usberror.errortype); 3186 break; 3187 3188 default: 3189 pr_debug("Unrecognized USBIN packet, type=%x, status=%d\n", 3190 usbin->type, urb_status); 3191 break; 3192 } /* switch */ 3193 3194 exit: 3195 3196 if (skb) 3197 dev_kfree_skb(skb); 3198 } 3199 3200 /*---------------------------------------------------------------- 3201 * hfa384x_usbin_ctlx 3202 * 3203 * We've received a URB containing a Prism2 "response" message. 3204 * This message needs to be matched up with a CTLX on the active 3205 * queue and our state updated accordingly. 3206 * 3207 * Arguments: 3208 * hw ptr to struct hfa384x 3209 * usbin ptr to USB IN packet 3210 * urb_status status of this Bulk-In URB 3211 * 3212 * Returns: 3213 * nothing 3214 * 3215 * Side effects: 3216 * 3217 * Call context: 3218 * interrupt 3219 *---------------------------------------------------------------- 3220 */ 3221 static void hfa384x_usbin_ctlx(struct hfa384x *hw, union hfa384x_usbin *usbin, 3222 int urb_status) 3223 { 3224 struct hfa384x_usbctlx *ctlx; 3225 int run_queue = 0; 3226 unsigned long flags; 3227 3228 retry: 3229 spin_lock_irqsave(&hw->ctlxq.lock, flags); 3230 3231 /* There can be only one CTLX on the active queue 3232 * at any one time, and this is the CTLX that the 3233 * timers are waiting for. 3234 */ 3235 if (list_empty(&hw->ctlxq.active)) 3236 goto unlock; 3237 3238 /* Remove the "response timeout". It's possible that 3239 * we are already too late, and that the timeout is 3240 * already running. And that's just too bad for us, 3241 * because we could lose our CTLX from the active 3242 * queue here ... 3243 */ 3244 if (del_timer(&hw->resptimer) == 0) { 3245 if (hw->resp_timer_done == 0) { 3246 spin_unlock_irqrestore(&hw->ctlxq.lock, flags); 3247 goto retry; 3248 } 3249 } else { 3250 hw->resp_timer_done = 1; 3251 } 3252 3253 ctlx = get_active_ctlx(hw); 3254 3255 if (urb_status != 0) { 3256 /* 3257 * Bad CTLX, so get rid of it. But we only 3258 * remove it from the active queue if we're no 3259 * longer expecting the OUT URB to complete. 3260 */ 3261 if (unlocked_usbctlx_cancel_async(hw, ctlx) == 0) 3262 run_queue = 1; 3263 } else { 3264 const __le16 intype = (usbin->type & ~cpu_to_le16(0x8000)); 3265 3266 /* 3267 * Check that our message is what we're expecting ... 3268 */ 3269 if (ctlx->outbuf.type != intype) { 3270 netdev_warn(hw->wlandev->netdev, 3271 "Expected IN[%d], received IN[%d] - ignored.\n", 3272 le16_to_cpu(ctlx->outbuf.type), 3273 le16_to_cpu(intype)); 3274 goto unlock; 3275 } 3276 3277 /* This URB has succeeded, so grab the data ... */ 3278 memcpy(&ctlx->inbuf, usbin, sizeof(ctlx->inbuf)); 3279 3280 switch (ctlx->state) { 3281 case CTLX_REQ_SUBMITTED: 3282 /* 3283 * We have received our response URB before 3284 * our request has been acknowledged. Odd, 3285 * but our OUT URB is still alive... 3286 */ 3287 pr_debug("Causality violation: please reboot Universe\n"); 3288 ctlx->state = CTLX_RESP_COMPLETE; 3289 break; 3290 3291 case CTLX_REQ_COMPLETE: 3292 /* 3293 * This is the usual path: our request 3294 * has already been acknowledged, and 3295 * now we have received the reply too. 3296 */ 3297 ctlx->state = CTLX_COMPLETE; 3298 unlocked_usbctlx_complete(hw, ctlx); 3299 run_queue = 1; 3300 break; 3301 3302 default: 3303 /* 3304 * Throw this CTLX away ... 3305 */ 3306 netdev_err(hw->wlandev->netdev, 3307 "Matched IN URB, CTLX[%d] in invalid state(%s). Discarded.\n", 3308 le16_to_cpu(ctlx->outbuf.type), 3309 ctlxstr(ctlx->state)); 3310 if (unlocked_usbctlx_cancel_async(hw, ctlx) == 0) 3311 run_queue = 1; 3312 break; 3313 } /* switch */ 3314 } 3315 3316 unlock: 3317 spin_unlock_irqrestore(&hw->ctlxq.lock, flags); 3318 3319 if (run_queue) 3320 hfa384x_usbctlxq_run(hw); 3321 } 3322 3323 /*---------------------------------------------------------------- 3324 * hfa384x_usbin_txcompl 3325 * 3326 * At this point we have the results of a previous transmit. 3327 * 3328 * Arguments: 3329 * wlandev wlan device 3330 * usbin ptr to the usb transfer buffer 3331 * 3332 * Returns: 3333 * nothing 3334 * 3335 * Side effects: 3336 * 3337 * Call context: 3338 * interrupt 3339 *---------------------------------------------------------------- 3340 */ 3341 static void hfa384x_usbin_txcompl(struct wlandevice *wlandev, 3342 union hfa384x_usbin *usbin) 3343 { 3344 u16 status; 3345 3346 status = le16_to_cpu(usbin->type); /* yeah I know it says type... */ 3347 3348 /* Was there an error? */ 3349 if (HFA384x_TXSTATUS_ISERROR(status)) 3350 prism2sta_ev_txexc(wlandev, status); 3351 else 3352 prism2sta_ev_tx(wlandev, status); 3353 } 3354 3355 /*---------------------------------------------------------------- 3356 * hfa384x_usbin_rx 3357 * 3358 * At this point we have a successful received a rx frame packet. 3359 * 3360 * Arguments: 3361 * wlandev wlan device 3362 * usbin ptr to the usb transfer buffer 3363 * 3364 * Returns: 3365 * nothing 3366 * 3367 * Side effects: 3368 * 3369 * Call context: 3370 * interrupt 3371 *---------------------------------------------------------------- 3372 */ 3373 static void hfa384x_usbin_rx(struct wlandevice *wlandev, struct sk_buff *skb) 3374 { 3375 union hfa384x_usbin *usbin = (union hfa384x_usbin *)skb->data; 3376 struct hfa384x *hw = wlandev->priv; 3377 int hdrlen; 3378 struct p80211_rxmeta *rxmeta; 3379 u16 data_len; 3380 u16 fc; 3381 3382 /* Byte order convert once up front. */ 3383 usbin->rxfrm.desc.status = le16_to_cpu(usbin->rxfrm.desc.status); 3384 usbin->rxfrm.desc.time = le32_to_cpu(usbin->rxfrm.desc.time); 3385 3386 /* Now handle frame based on port# */ 3387 switch (HFA384x_RXSTATUS_MACPORT_GET(usbin->rxfrm.desc.status)) { 3388 case 0: 3389 fc = le16_to_cpu(usbin->rxfrm.desc.frame_control); 3390 3391 /* If exclude and we receive an unencrypted, drop it */ 3392 if ((wlandev->hostwep & HOSTWEP_EXCLUDEUNENCRYPTED) && 3393 !WLAN_GET_FC_ISWEP(fc)) { 3394 break; 3395 } 3396 3397 data_len = le16_to_cpu(usbin->rxfrm.desc.data_len); 3398 3399 /* How much header data do we have? */ 3400 hdrlen = p80211_headerlen(fc); 3401 3402 /* Pull off the descriptor */ 3403 skb_pull(skb, sizeof(struct hfa384x_rx_frame)); 3404 3405 /* Now shunt the header block up against the data block 3406 * with an "overlapping" copy 3407 */ 3408 memmove(skb_push(skb, hdrlen), 3409 &usbin->rxfrm.desc.frame_control, hdrlen); 3410 3411 skb->dev = wlandev->netdev; 3412 3413 /* And set the frame length properly */ 3414 skb_trim(skb, data_len + hdrlen); 3415 3416 /* The prism2 series does not return the CRC */ 3417 memset(skb_put(skb, WLAN_CRC_LEN), 0xff, WLAN_CRC_LEN); 3418 3419 skb_reset_mac_header(skb); 3420 3421 /* Attach the rxmeta, set some stuff */ 3422 p80211skb_rxmeta_attach(wlandev, skb); 3423 rxmeta = P80211SKB_RXMETA(skb); 3424 rxmeta->mactime = usbin->rxfrm.desc.time; 3425 rxmeta->rxrate = usbin->rxfrm.desc.rate; 3426 rxmeta->signal = usbin->rxfrm.desc.signal - hw->dbmadjust; 3427 rxmeta->noise = usbin->rxfrm.desc.silence - hw->dbmadjust; 3428 3429 p80211netdev_rx(wlandev, skb); 3430 3431 break; 3432 3433 case 7: 3434 if (!HFA384x_RXSTATUS_ISFCSERR(usbin->rxfrm.desc.status)) { 3435 /* Copy to wlansnif skb */ 3436 hfa384x_int_rxmonitor(wlandev, &usbin->rxfrm); 3437 dev_kfree_skb(skb); 3438 } else { 3439 pr_debug("Received monitor frame: FCSerr set\n"); 3440 } 3441 break; 3442 3443 default: 3444 netdev_warn(hw->wlandev->netdev, "Received frame on unsupported port=%d\n", 3445 HFA384x_RXSTATUS_MACPORT_GET( 3446 usbin->rxfrm.desc.status)); 3447 break; 3448 } 3449 } 3450 3451 /*---------------------------------------------------------------- 3452 * hfa384x_int_rxmonitor 3453 * 3454 * Helper function for int_rx. Handles monitor frames. 3455 * Note that this function allocates space for the FCS and sets it 3456 * to 0xffffffff. The hfa384x doesn't give us the FCS value but the 3457 * higher layers expect it. 0xffffffff is used as a flag to indicate 3458 * the FCS is bogus. 3459 * 3460 * Arguments: 3461 * wlandev wlan device structure 3462 * rxfrm rx descriptor read from card in int_rx 3463 * 3464 * Returns: 3465 * nothing 3466 * 3467 * Side effects: 3468 * Allocates an skb and passes it up via the PF_PACKET interface. 3469 * Call context: 3470 * interrupt 3471 *---------------------------------------------------------------- 3472 */ 3473 static void hfa384x_int_rxmonitor(struct wlandevice *wlandev, 3474 struct hfa384x_usb_rxfrm *rxfrm) 3475 { 3476 struct hfa384x_rx_frame *rxdesc = &rxfrm->desc; 3477 unsigned int hdrlen = 0; 3478 unsigned int datalen = 0; 3479 unsigned int skblen = 0; 3480 u8 *datap; 3481 u16 fc; 3482 struct sk_buff *skb; 3483 struct hfa384x *hw = wlandev->priv; 3484 3485 /* Remember the status, time, and data_len fields are in host order */ 3486 /* Figure out how big the frame is */ 3487 fc = le16_to_cpu(rxdesc->frame_control); 3488 hdrlen = p80211_headerlen(fc); 3489 datalen = le16_to_cpu(rxdesc->data_len); 3490 3491 /* Allocate an ind message+framesize skb */ 3492 skblen = sizeof(struct p80211_caphdr) + hdrlen + datalen + WLAN_CRC_LEN; 3493 3494 /* sanity check the length */ 3495 if (skblen > 3496 (sizeof(struct p80211_caphdr) + 3497 WLAN_HDR_A4_LEN + WLAN_DATA_MAXLEN + WLAN_CRC_LEN)) { 3498 pr_debug("overlen frm: len=%zd\n", 3499 skblen - sizeof(struct p80211_caphdr)); 3500 } 3501 3502 skb = dev_alloc_skb(skblen); 3503 if (!skb) 3504 return; 3505 3506 /* only prepend the prism header if in the right mode */ 3507 if ((wlandev->netdev->type == ARPHRD_IEEE80211_PRISM) && 3508 (hw->sniffhdr != 0)) { 3509 struct p80211_caphdr *caphdr; 3510 /* The NEW header format! */ 3511 datap = skb_put(skb, sizeof(struct p80211_caphdr)); 3512 caphdr = (struct p80211_caphdr *)datap; 3513 3514 caphdr->version = htonl(P80211CAPTURE_VERSION); 3515 caphdr->length = htonl(sizeof(struct p80211_caphdr)); 3516 caphdr->mactime = __cpu_to_be64(rxdesc->time) * 1000; 3517 caphdr->hosttime = __cpu_to_be64(jiffies); 3518 caphdr->phytype = htonl(4); /* dss_dot11_b */ 3519 caphdr->channel = htonl(hw->sniff_channel); 3520 caphdr->datarate = htonl(rxdesc->rate); 3521 caphdr->antenna = htonl(0); /* unknown */ 3522 caphdr->priority = htonl(0); /* unknown */ 3523 caphdr->ssi_type = htonl(3); /* rssi_raw */ 3524 caphdr->ssi_signal = htonl(rxdesc->signal); 3525 caphdr->ssi_noise = htonl(rxdesc->silence); 3526 caphdr->preamble = htonl(0); /* unknown */ 3527 caphdr->encoding = htonl(1); /* cck */ 3528 } 3529 3530 /* Copy the 802.11 header to the skb 3531 * (ctl frames may be less than a full header) 3532 */ 3533 datap = skb_put(skb, hdrlen); 3534 memcpy(datap, &rxdesc->frame_control, hdrlen); 3535 3536 /* If any, copy the data from the card to the skb */ 3537 if (datalen > 0) { 3538 datap = skb_put(skb, datalen); 3539 memcpy(datap, rxfrm->data, datalen); 3540 3541 /* check for unencrypted stuff if WEP bit set. */ 3542 if (*(datap - hdrlen + 1) & 0x40) /* wep set */ 3543 if ((*(datap) == 0xaa) && (*(datap + 1) == 0xaa)) 3544 /* clear wep; it's the 802.2 header! */ 3545 *(datap - hdrlen + 1) &= 0xbf; 3546 } 3547 3548 if (hw->sniff_fcs) { 3549 /* Set the FCS */ 3550 datap = skb_put(skb, WLAN_CRC_LEN); 3551 memset(datap, 0xff, WLAN_CRC_LEN); 3552 } 3553 3554 /* pass it back up */ 3555 p80211netdev_rx(wlandev, skb); 3556 } 3557 3558 /*---------------------------------------------------------------- 3559 * hfa384x_usbin_info 3560 * 3561 * At this point we have a successful received a Prism2 info frame. 3562 * 3563 * Arguments: 3564 * wlandev wlan device 3565 * usbin ptr to the usb transfer buffer 3566 * 3567 * Returns: 3568 * nothing 3569 * 3570 * Side effects: 3571 * 3572 * Call context: 3573 * interrupt 3574 *---------------------------------------------------------------- 3575 */ 3576 static void hfa384x_usbin_info(struct wlandevice *wlandev, 3577 union hfa384x_usbin *usbin) 3578 { 3579 usbin->infofrm.info.framelen = 3580 le16_to_cpu(usbin->infofrm.info.framelen); 3581 prism2sta_ev_info(wlandev, &usbin->infofrm.info); 3582 } 3583 3584 /*---------------------------------------------------------------- 3585 * hfa384x_usbout_callback 3586 * 3587 * Callback for URBs on the BULKOUT endpoint. 3588 * 3589 * Arguments: 3590 * urb ptr to the completed urb 3591 * 3592 * Returns: 3593 * nothing 3594 * 3595 * Side effects: 3596 * 3597 * Call context: 3598 * interrupt 3599 *---------------------------------------------------------------- 3600 */ 3601 static void hfa384x_usbout_callback(struct urb *urb) 3602 { 3603 struct wlandevice *wlandev = urb->context; 3604 3605 #ifdef DEBUG_USB 3606 dbprint_urb(urb); 3607 #endif 3608 3609 if (wlandev && wlandev->netdev) { 3610 switch (urb->status) { 3611 case 0: 3612 prism2sta_ev_alloc(wlandev); 3613 break; 3614 3615 case -EPIPE: 3616 { 3617 struct hfa384x *hw = wlandev->priv; 3618 3619 netdev_warn(hw->wlandev->netdev, 3620 "%s tx pipe stalled: requesting reset\n", 3621 wlandev->netdev->name); 3622 if (!test_and_set_bit 3623 (WORK_TX_HALT, &hw->usb_flags)) 3624 schedule_work(&hw->usb_work); 3625 wlandev->netdev->stats.tx_errors++; 3626 break; 3627 } 3628 3629 case -EPROTO: 3630 case -ETIMEDOUT: 3631 case -EILSEQ: 3632 { 3633 struct hfa384x *hw = wlandev->priv; 3634 3635 if (!test_and_set_bit 3636 (THROTTLE_TX, &hw->usb_flags) && 3637 !timer_pending(&hw->throttle)) { 3638 mod_timer(&hw->throttle, 3639 jiffies + THROTTLE_JIFFIES); 3640 } 3641 wlandev->netdev->stats.tx_errors++; 3642 netif_stop_queue(wlandev->netdev); 3643 break; 3644 } 3645 3646 case -ENOENT: 3647 case -ESHUTDOWN: 3648 /* Ignorable errors */ 3649 break; 3650 3651 default: 3652 netdev_info(wlandev->netdev, "unknown urb->status=%d\n", 3653 urb->status); 3654 wlandev->netdev->stats.tx_errors++; 3655 break; 3656 } /* switch */ 3657 } 3658 } 3659 3660 /*---------------------------------------------------------------- 3661 * hfa384x_ctlxout_callback 3662 * 3663 * Callback for control data on the BULKOUT endpoint. 3664 * 3665 * Arguments: 3666 * urb ptr to the completed urb 3667 * 3668 * Returns: 3669 * nothing 3670 * 3671 * Side effects: 3672 * 3673 * Call context: 3674 * interrupt 3675 *---------------------------------------------------------------- 3676 */ 3677 static void hfa384x_ctlxout_callback(struct urb *urb) 3678 { 3679 struct hfa384x *hw = urb->context; 3680 int delete_resptimer = 0; 3681 int timer_ok = 1; 3682 int run_queue = 0; 3683 struct hfa384x_usbctlx *ctlx; 3684 unsigned long flags; 3685 3686 pr_debug("urb->status=%d\n", urb->status); 3687 #ifdef DEBUG_USB 3688 dbprint_urb(urb); 3689 #endif 3690 if ((urb->status == -ESHUTDOWN) || 3691 (urb->status == -ENODEV) || !hw) 3692 return; 3693 3694 retry: 3695 spin_lock_irqsave(&hw->ctlxq.lock, flags); 3696 3697 /* 3698 * Only one CTLX at a time on the "active" list, and 3699 * none at all if we are unplugged. However, we can 3700 * rely on the disconnect function to clean everything 3701 * up if someone unplugged the adapter. 3702 */ 3703 if (list_empty(&hw->ctlxq.active)) { 3704 spin_unlock_irqrestore(&hw->ctlxq.lock, flags); 3705 return; 3706 } 3707 3708 /* 3709 * Having something on the "active" queue means 3710 * that we have timers to worry about ... 3711 */ 3712 if (del_timer(&hw->reqtimer) == 0) { 3713 if (hw->req_timer_done == 0) { 3714 /* 3715 * This timer was actually running while we 3716 * were trying to delete it. Let it terminate 3717 * gracefully instead. 3718 */ 3719 spin_unlock_irqrestore(&hw->ctlxq.lock, flags); 3720 goto retry; 3721 } 3722 } else { 3723 hw->req_timer_done = 1; 3724 } 3725 3726 ctlx = get_active_ctlx(hw); 3727 3728 if (urb->status == 0) { 3729 /* Request portion of a CTLX is successful */ 3730 switch (ctlx->state) { 3731 case CTLX_REQ_SUBMITTED: 3732 /* This OUT-ACK received before IN */ 3733 ctlx->state = CTLX_REQ_COMPLETE; 3734 break; 3735 3736 case CTLX_RESP_COMPLETE: 3737 /* IN already received before this OUT-ACK, 3738 * so this command must now be complete. 3739 */ 3740 ctlx->state = CTLX_COMPLETE; 3741 unlocked_usbctlx_complete(hw, ctlx); 3742 run_queue = 1; 3743 break; 3744 3745 default: 3746 /* This is NOT a valid CTLX "success" state! */ 3747 netdev_err(hw->wlandev->netdev, 3748 "Illegal CTLX[%d] success state(%s, %d) in OUT URB\n", 3749 le16_to_cpu(ctlx->outbuf.type), 3750 ctlxstr(ctlx->state), urb->status); 3751 break; 3752 } /* switch */ 3753 } else { 3754 /* If the pipe has stalled then we need to reset it */ 3755 if ((urb->status == -EPIPE) && 3756 !test_and_set_bit(WORK_TX_HALT, &hw->usb_flags)) { 3757 netdev_warn(hw->wlandev->netdev, 3758 "%s tx pipe stalled: requesting reset\n", 3759 hw->wlandev->netdev->name); 3760 schedule_work(&hw->usb_work); 3761 } 3762 3763 /* If someone cancels the OUT URB then its status 3764 * should be either -ECONNRESET or -ENOENT. 3765 */ 3766 ctlx->state = CTLX_REQ_FAILED; 3767 unlocked_usbctlx_complete(hw, ctlx); 3768 delete_resptimer = 1; 3769 run_queue = 1; 3770 } 3771 3772 delresp: 3773 if (delete_resptimer) { 3774 timer_ok = del_timer(&hw->resptimer); 3775 if (timer_ok != 0) 3776 hw->resp_timer_done = 1; 3777 } 3778 3779 spin_unlock_irqrestore(&hw->ctlxq.lock, flags); 3780 3781 if (!timer_ok && (hw->resp_timer_done == 0)) { 3782 spin_lock_irqsave(&hw->ctlxq.lock, flags); 3783 goto delresp; 3784 } 3785 3786 if (run_queue) 3787 hfa384x_usbctlxq_run(hw); 3788 } 3789 3790 /*---------------------------------------------------------------- 3791 * hfa384x_usbctlx_reqtimerfn 3792 * 3793 * Timer response function for CTLX request timeouts. If this 3794 * function is called, it means that the callback for the OUT 3795 * URB containing a Prism2.x XXX_Request was never called. 3796 * 3797 * Arguments: 3798 * data a ptr to the struct hfa384x 3799 * 3800 * Returns: 3801 * nothing 3802 * 3803 * Side effects: 3804 * 3805 * Call context: 3806 * interrupt 3807 *---------------------------------------------------------------- 3808 */ 3809 static void hfa384x_usbctlx_reqtimerfn(unsigned long data) 3810 { 3811 struct hfa384x *hw = (struct hfa384x *)data; 3812 unsigned long flags; 3813 3814 spin_lock_irqsave(&hw->ctlxq.lock, flags); 3815 3816 hw->req_timer_done = 1; 3817 3818 /* Removing the hardware automatically empties 3819 * the active list ... 3820 */ 3821 if (!list_empty(&hw->ctlxq.active)) { 3822 /* 3823 * We must ensure that our URB is removed from 3824 * the system, if it hasn't already expired. 3825 */ 3826 hw->ctlx_urb.transfer_flags |= URB_ASYNC_UNLINK; 3827 if (usb_unlink_urb(&hw->ctlx_urb) == -EINPROGRESS) { 3828 struct hfa384x_usbctlx *ctlx = get_active_ctlx(hw); 3829 3830 ctlx->state = CTLX_REQ_FAILED; 3831 3832 /* This URB was active, but has now been 3833 * cancelled. It will now have a status of 3834 * -ECONNRESET in the callback function. 3835 * 3836 * We are cancelling this CTLX, so we're 3837 * not going to need to wait for a response. 3838 * The URB's callback function will check 3839 * that this timer is truly dead. 3840 */ 3841 if (del_timer(&hw->resptimer) != 0) 3842 hw->resp_timer_done = 1; 3843 } 3844 } 3845 3846 spin_unlock_irqrestore(&hw->ctlxq.lock, flags); 3847 } 3848 3849 /*---------------------------------------------------------------- 3850 * hfa384x_usbctlx_resptimerfn 3851 * 3852 * Timer response function for CTLX response timeouts. If this 3853 * function is called, it means that the callback for the IN 3854 * URB containing a Prism2.x XXX_Response was never called. 3855 * 3856 * Arguments: 3857 * data a ptr to the struct hfa384x 3858 * 3859 * Returns: 3860 * nothing 3861 * 3862 * Side effects: 3863 * 3864 * Call context: 3865 * interrupt 3866 *---------------------------------------------------------------- 3867 */ 3868 static void hfa384x_usbctlx_resptimerfn(unsigned long data) 3869 { 3870 struct hfa384x *hw = (struct hfa384x *)data; 3871 unsigned long flags; 3872 3873 spin_lock_irqsave(&hw->ctlxq.lock, flags); 3874 3875 hw->resp_timer_done = 1; 3876 3877 /* The active list will be empty if the 3878 * adapter has been unplugged ... 3879 */ 3880 if (!list_empty(&hw->ctlxq.active)) { 3881 struct hfa384x_usbctlx *ctlx = get_active_ctlx(hw); 3882 3883 if (unlocked_usbctlx_cancel_async(hw, ctlx) == 0) { 3884 spin_unlock_irqrestore(&hw->ctlxq.lock, flags); 3885 hfa384x_usbctlxq_run(hw); 3886 return; 3887 } 3888 } 3889 spin_unlock_irqrestore(&hw->ctlxq.lock, flags); 3890 } 3891 3892 /*---------------------------------------------------------------- 3893 * hfa384x_usb_throttlefn 3894 * 3895 * 3896 * Arguments: 3897 * data ptr to hw 3898 * 3899 * Returns: 3900 * Nothing 3901 * 3902 * Side effects: 3903 * 3904 * Call context: 3905 * Interrupt 3906 *---------------------------------------------------------------- 3907 */ 3908 static void hfa384x_usb_throttlefn(unsigned long data) 3909 { 3910 struct hfa384x *hw = (struct hfa384x *)data; 3911 unsigned long flags; 3912 3913 spin_lock_irqsave(&hw->ctlxq.lock, flags); 3914 3915 /* 3916 * We need to check BOTH the RX and the TX throttle controls, 3917 * so we use the bitwise OR instead of the logical OR. 3918 */ 3919 pr_debug("flags=0x%lx\n", hw->usb_flags); 3920 if (!hw->wlandev->hwremoved && 3921 ((test_and_clear_bit(THROTTLE_RX, &hw->usb_flags) && 3922 !test_and_set_bit(WORK_RX_RESUME, &hw->usb_flags)) | 3923 (test_and_clear_bit(THROTTLE_TX, &hw->usb_flags) && 3924 !test_and_set_bit(WORK_TX_RESUME, &hw->usb_flags)) 3925 )) { 3926 schedule_work(&hw->usb_work); 3927 } 3928 3929 spin_unlock_irqrestore(&hw->ctlxq.lock, flags); 3930 } 3931 3932 /*---------------------------------------------------------------- 3933 * hfa384x_usbctlx_submit 3934 * 3935 * Called from the doxxx functions to submit a CTLX to the queue 3936 * 3937 * Arguments: 3938 * hw ptr to the hw struct 3939 * ctlx ctlx structure to enqueue 3940 * 3941 * Returns: 3942 * -ENODEV if the adapter is unplugged 3943 * 0 3944 * 3945 * Side effects: 3946 * 3947 * Call context: 3948 * process or interrupt 3949 *---------------------------------------------------------------- 3950 */ 3951 static int hfa384x_usbctlx_submit(struct hfa384x *hw, 3952 struct hfa384x_usbctlx *ctlx) 3953 { 3954 unsigned long flags; 3955 3956 spin_lock_irqsave(&hw->ctlxq.lock, flags); 3957 3958 if (hw->wlandev->hwremoved) { 3959 spin_unlock_irqrestore(&hw->ctlxq.lock, flags); 3960 return -ENODEV; 3961 } 3962 3963 ctlx->state = CTLX_PENDING; 3964 list_add_tail(&ctlx->list, &hw->ctlxq.pending); 3965 spin_unlock_irqrestore(&hw->ctlxq.lock, flags); 3966 hfa384x_usbctlxq_run(hw); 3967 3968 return 0; 3969 } 3970 3971 /*---------------------------------------------------------------- 3972 * hfa384x_isgood_pdrcore 3973 * 3974 * Quick check of PDR codes. 3975 * 3976 * Arguments: 3977 * pdrcode PDR code number (host order) 3978 * 3979 * Returns: 3980 * zero not good. 3981 * one is good. 3982 * 3983 * Side effects: 3984 * 3985 * Call context: 3986 *---------------------------------------------------------------- 3987 */ 3988 static int hfa384x_isgood_pdrcode(u16 pdrcode) 3989 { 3990 switch (pdrcode) { 3991 case HFA384x_PDR_END_OF_PDA: 3992 case HFA384x_PDR_PCB_PARTNUM: 3993 case HFA384x_PDR_PDAVER: 3994 case HFA384x_PDR_NIC_SERIAL: 3995 case HFA384x_PDR_MKK_MEASUREMENTS: 3996 case HFA384x_PDR_NIC_RAMSIZE: 3997 case HFA384x_PDR_MFISUPRANGE: 3998 case HFA384x_PDR_CFISUPRANGE: 3999 case HFA384x_PDR_NICID: 4000 case HFA384x_PDR_MAC_ADDRESS: 4001 case HFA384x_PDR_REGDOMAIN: 4002 case HFA384x_PDR_ALLOWED_CHANNEL: 4003 case HFA384x_PDR_DEFAULT_CHANNEL: 4004 case HFA384x_PDR_TEMPTYPE: 4005 case HFA384x_PDR_IFR_SETTING: 4006 case HFA384x_PDR_RFR_SETTING: 4007 case HFA384x_PDR_HFA3861_BASELINE: 4008 case HFA384x_PDR_HFA3861_SHADOW: 4009 case HFA384x_PDR_HFA3861_IFRF: 4010 case HFA384x_PDR_HFA3861_CHCALSP: 4011 case HFA384x_PDR_HFA3861_CHCALI: 4012 case HFA384x_PDR_3842_NIC_CONFIG: 4013 case HFA384x_PDR_USB_ID: 4014 case HFA384x_PDR_PCI_ID: 4015 case HFA384x_PDR_PCI_IFCONF: 4016 case HFA384x_PDR_PCI_PMCONF: 4017 case HFA384x_PDR_RFENRGY: 4018 case HFA384x_PDR_HFA3861_MANF_TESTSP: 4019 case HFA384x_PDR_HFA3861_MANF_TESTI: 4020 /* code is OK */ 4021 return 1; 4022 default: 4023 if (pdrcode < 0x1000) { 4024 /* code is OK, but we don't know exactly what it is */ 4025 pr_debug("Encountered unknown PDR#=0x%04x, assuming it's ok.\n", 4026 pdrcode); 4027 return 1; 4028 } 4029 break; 4030 } 4031 /* bad code */ 4032 pr_debug("Encountered unknown PDR#=0x%04x, (>=0x1000), assuming it's bad.\n", 4033 pdrcode); 4034 return 0; 4035 } 4036