1 // SPDX-License-Identifier: (GPL-2.0 OR MPL-1.1) 2 /* 3 * 4 * Functions that talk to the USB variant of the Intersil hfa384x MAC 5 * 6 * Copyright (C) 1999 AbsoluteValue Systems, Inc. All Rights Reserved. 7 * -------------------------------------------------------------------- 8 * 9 * linux-wlan 10 * 11 * -------------------------------------------------------------------- 12 * 13 * Inquiries regarding the linux-wlan Open Source project can be 14 * made directly to: 15 * 16 * AbsoluteValue Systems Inc. 17 * info@linux-wlan.com 18 * http://www.linux-wlan.com 19 * 20 * -------------------------------------------------------------------- 21 * 22 * Portions of the development of this software were funded by 23 * Intersil Corporation as part of PRISM(R) chipset product development. 24 * 25 * -------------------------------------------------------------------- 26 * 27 * This file implements functions that correspond to the prism2/hfa384x 28 * 802.11 MAC hardware and firmware host interface. 29 * 30 * The functions can be considered to represent several levels of 31 * abstraction. The lowest level functions are simply C-callable wrappers 32 * around the register accesses. The next higher level represents C-callable 33 * prism2 API functions that match the Intersil documentation as closely 34 * as is reasonable. The next higher layer implements common sequences 35 * of invocations of the API layer (e.g. write to bap, followed by cmd). 36 * 37 * Common sequences: 38 * hfa384x_drvr_xxx Highest level abstractions provided by the 39 * hfa384x code. They are driver defined wrappers 40 * for common sequences. These functions generally 41 * use the services of the lower levels. 42 * 43 * hfa384x_drvr_xxxconfig An example of the drvr level abstraction. These 44 * functions are wrappers for the RID get/set 45 * sequence. They call copy_[to|from]_bap() and 46 * cmd_access(). These functions operate on the 47 * RIDs and buffers without validation. The caller 48 * is responsible for that. 49 * 50 * API wrapper functions: 51 * hfa384x_cmd_xxx functions that provide access to the f/w commands. 52 * The function arguments correspond to each command 53 * argument, even command arguments that get packed 54 * into single registers. These functions _just_ 55 * issue the command by setting the cmd/parm regs 56 * & reading the status/resp regs. Additional 57 * activities required to fully use a command 58 * (read/write from/to bap, get/set int status etc.) 59 * are implemented separately. Think of these as 60 * C-callable prism2 commands. 61 * 62 * Lowest Layer Functions: 63 * hfa384x_docmd_xxx These functions implement the sequence required 64 * to issue any prism2 command. Primarily used by the 65 * hfa384x_cmd_xxx functions. 66 * 67 * hfa384x_bap_xxx BAP read/write access functions. 68 * Note: we usually use BAP0 for non-interrupt context 69 * and BAP1 for interrupt context. 70 * 71 * hfa384x_dl_xxx download related functions. 72 * 73 * Driver State Issues: 74 * Note that there are two pairs of functions that manage the 75 * 'initialized' and 'running' states of the hw/MAC combo. The four 76 * functions are create(), destroy(), start(), and stop(). create() 77 * sets up the data structures required to support the hfa384x_* 78 * functions and destroy() cleans them up. The start() function gets 79 * the actual hardware running and enables the interrupts. The stop() 80 * function shuts the hardware down. The sequence should be: 81 * create() 82 * start() 83 * . 84 * . Do interesting things w/ the hardware 85 * . 86 * stop() 87 * destroy() 88 * 89 * Note that destroy() can be called without calling stop() first. 90 * -------------------------------------------------------------------- 91 */ 92 93 #include <linux/module.h> 94 #include <linux/kernel.h> 95 #include <linux/sched.h> 96 #include <linux/types.h> 97 #include <linux/slab.h> 98 #include <linux/wireless.h> 99 #include <linux/netdevice.h> 100 #include <linux/timer.h> 101 #include <linux/io.h> 102 #include <linux/delay.h> 103 #include <asm/byteorder.h> 104 #include <linux/bitops.h> 105 #include <linux/list.h> 106 #include <linux/usb.h> 107 #include <linux/byteorder/generic.h> 108 109 #include "p80211types.h" 110 #include "p80211hdr.h" 111 #include "p80211mgmt.h" 112 #include "p80211conv.h" 113 #include "p80211msg.h" 114 #include "p80211netdev.h" 115 #include "p80211req.h" 116 #include "p80211metadef.h" 117 #include "p80211metastruct.h" 118 #include "hfa384x.h" 119 #include "prism2mgmt.h" 120 121 enum cmd_mode { 122 DOWAIT = 0, 123 DOASYNC 124 }; 125 126 #define THROTTLE_JIFFIES (HZ / 8) 127 #define URB_ASYNC_UNLINK 0 128 #define USB_QUEUE_BULK 0 129 130 #define ROUNDUP64(a) (((a) + 63) & ~63) 131 132 #ifdef DEBUG_USB 133 static void dbprint_urb(struct urb *urb); 134 #endif 135 136 static void hfa384x_int_rxmonitor(struct wlandevice *wlandev, 137 struct hfa384x_usb_rxfrm *rxfrm); 138 139 static void hfa384x_usb_defer(struct work_struct *data); 140 141 static int submit_rx_urb(struct hfa384x *hw, gfp_t flags); 142 143 static int submit_tx_urb(struct hfa384x *hw, struct urb *tx_urb, gfp_t flags); 144 145 /*---------------------------------------------------*/ 146 /* Callbacks */ 147 static void hfa384x_usbout_callback(struct urb *urb); 148 static void hfa384x_ctlxout_callback(struct urb *urb); 149 static void hfa384x_usbin_callback(struct urb *urb); 150 151 static void 152 hfa384x_usbin_txcompl(struct wlandevice *wlandev, union hfa384x_usbin *usbin); 153 154 static void hfa384x_usbin_rx(struct wlandevice *wlandev, struct sk_buff *skb); 155 156 static void hfa384x_usbin_info(struct wlandevice *wlandev, 157 union hfa384x_usbin *usbin); 158 159 static void hfa384x_usbin_ctlx(struct hfa384x *hw, union hfa384x_usbin *usbin, 160 int urb_status); 161 162 /*---------------------------------------------------*/ 163 /* Functions to support the prism2 usb command queue */ 164 165 static void hfa384x_usbctlxq_run(struct hfa384x *hw); 166 167 static void hfa384x_usbctlx_reqtimerfn(struct timer_list *t); 168 169 static void hfa384x_usbctlx_resptimerfn(struct timer_list *t); 170 171 static void hfa384x_usb_throttlefn(struct timer_list *t); 172 173 static void hfa384x_usbctlx_completion_task(struct work_struct *work); 174 175 static void hfa384x_usbctlx_reaper_task(struct work_struct *work); 176 177 static int hfa384x_usbctlx_submit(struct hfa384x *hw, 178 struct hfa384x_usbctlx *ctlx); 179 180 static void unlocked_usbctlx_complete(struct hfa384x *hw, 181 struct hfa384x_usbctlx *ctlx); 182 183 struct usbctlx_completor { 184 int (*complete)(struct usbctlx_completor *completor); 185 }; 186 187 static int 188 hfa384x_usbctlx_complete_sync(struct hfa384x *hw, 189 struct hfa384x_usbctlx *ctlx, 190 struct usbctlx_completor *completor); 191 192 static int 193 unlocked_usbctlx_cancel_async(struct hfa384x *hw, struct hfa384x_usbctlx *ctlx); 194 195 static void hfa384x_cb_status(struct hfa384x *hw, 196 const struct hfa384x_usbctlx *ctlx); 197 198 static int 199 usbctlx_get_status(const struct hfa384x_usb_statusresp *cmdresp, 200 struct hfa384x_cmdresult *result); 201 202 static void 203 usbctlx_get_rridresult(const struct hfa384x_usb_rridresp *rridresp, 204 struct hfa384x_rridresult *result); 205 206 /*---------------------------------------------------*/ 207 /* Low level req/resp CTLX formatters and submitters */ 208 static inline int 209 hfa384x_docmd(struct hfa384x *hw, 210 struct hfa384x_metacmd *cmd); 211 212 static int 213 hfa384x_dorrid(struct hfa384x *hw, 214 enum cmd_mode mode, 215 u16 rid, 216 void *riddata, 217 unsigned int riddatalen, 218 ctlx_cmdcb_t cmdcb, ctlx_usercb_t usercb, void *usercb_data); 219 220 static int 221 hfa384x_dowrid(struct hfa384x *hw, 222 enum cmd_mode mode, 223 u16 rid, 224 void *riddata, 225 unsigned int riddatalen, 226 ctlx_cmdcb_t cmdcb, ctlx_usercb_t usercb, void *usercb_data); 227 228 static int 229 hfa384x_dormem(struct hfa384x *hw, 230 u16 page, 231 u16 offset, 232 void *data, 233 unsigned int len); 234 235 static int 236 hfa384x_dowmem(struct hfa384x *hw, 237 u16 page, 238 u16 offset, 239 void *data, 240 unsigned int len); 241 242 static int hfa384x_isgood_pdrcode(u16 pdrcode); 243 244 static inline const char *ctlxstr(enum ctlx_state s) 245 { 246 static const char * const ctlx_str[] = { 247 "Initial state", 248 "Complete", 249 "Request failed", 250 "Request pending", 251 "Request packet submitted", 252 "Request packet completed", 253 "Response packet completed" 254 }; 255 256 return ctlx_str[s]; 257 }; 258 259 static inline struct hfa384x_usbctlx *get_active_ctlx(struct hfa384x *hw) 260 { 261 return list_entry(hw->ctlxq.active.next, struct hfa384x_usbctlx, list); 262 } 263 264 #ifdef DEBUG_USB 265 void dbprint_urb(struct urb *urb) 266 { 267 pr_debug("urb->pipe=0x%08x\n", urb->pipe); 268 pr_debug("urb->status=0x%08x\n", urb->status); 269 pr_debug("urb->transfer_flags=0x%08x\n", urb->transfer_flags); 270 pr_debug("urb->transfer_buffer=0x%08x\n", 271 (unsigned int)urb->transfer_buffer); 272 pr_debug("urb->transfer_buffer_length=0x%08x\n", 273 urb->transfer_buffer_length); 274 pr_debug("urb->actual_length=0x%08x\n", urb->actual_length); 275 pr_debug("urb->setup_packet(ctl)=0x%08x\n", 276 (unsigned int)urb->setup_packet); 277 pr_debug("urb->start_frame(iso/irq)=0x%08x\n", urb->start_frame); 278 pr_debug("urb->interval(irq)=0x%08x\n", urb->interval); 279 pr_debug("urb->error_count(iso)=0x%08x\n", urb->error_count); 280 pr_debug("urb->context=0x%08x\n", (unsigned int)urb->context); 281 pr_debug("urb->complete=0x%08x\n", (unsigned int)urb->complete); 282 } 283 #endif 284 285 /*---------------------------------------------------------------- 286 * submit_rx_urb 287 * 288 * Listen for input data on the BULK-IN pipe. If the pipe has 289 * stalled then schedule it to be reset. 290 * 291 * Arguments: 292 * hw device struct 293 * memflags memory allocation flags 294 * 295 * Returns: 296 * error code from submission 297 * 298 * Call context: 299 * Any 300 *---------------------------------------------------------------- 301 */ 302 static int submit_rx_urb(struct hfa384x *hw, gfp_t memflags) 303 { 304 struct sk_buff *skb; 305 int result; 306 307 skb = dev_alloc_skb(sizeof(union hfa384x_usbin)); 308 if (!skb) { 309 result = -ENOMEM; 310 goto done; 311 } 312 313 /* Post the IN urb */ 314 usb_fill_bulk_urb(&hw->rx_urb, hw->usb, 315 hw->endp_in, 316 skb->data, sizeof(union hfa384x_usbin), 317 hfa384x_usbin_callback, hw->wlandev); 318 319 hw->rx_urb_skb = skb; 320 321 result = -ENOLINK; 322 if (!hw->wlandev->hwremoved && 323 !test_bit(WORK_RX_HALT, &hw->usb_flags)) { 324 result = usb_submit_urb(&hw->rx_urb, memflags); 325 326 /* Check whether we need to reset the RX pipe */ 327 if (result == -EPIPE) { 328 netdev_warn(hw->wlandev->netdev, 329 "%s rx pipe stalled: requesting reset\n", 330 hw->wlandev->netdev->name); 331 if (!test_and_set_bit(WORK_RX_HALT, &hw->usb_flags)) 332 schedule_work(&hw->usb_work); 333 } 334 } 335 336 /* Don't leak memory if anything should go wrong */ 337 if (result != 0) { 338 dev_kfree_skb(skb); 339 hw->rx_urb_skb = NULL; 340 } 341 342 done: 343 return result; 344 } 345 346 /*---------------------------------------------------------------- 347 * submit_tx_urb 348 * 349 * Prepares and submits the URB of transmitted data. If the 350 * submission fails then it will schedule the output pipe to 351 * be reset. 352 * 353 * Arguments: 354 * hw device struct 355 * tx_urb URB of data for transmission 356 * memflags memory allocation flags 357 * 358 * Returns: 359 * error code from submission 360 * 361 * Call context: 362 * Any 363 *---------------------------------------------------------------- 364 */ 365 static int submit_tx_urb(struct hfa384x *hw, struct urb *tx_urb, gfp_t memflags) 366 { 367 struct net_device *netdev = hw->wlandev->netdev; 368 int result; 369 370 result = -ENOLINK; 371 if (netif_running(netdev)) { 372 if (!hw->wlandev->hwremoved && 373 !test_bit(WORK_TX_HALT, &hw->usb_flags)) { 374 result = usb_submit_urb(tx_urb, memflags); 375 376 /* Test whether we need to reset the TX pipe */ 377 if (result == -EPIPE) { 378 netdev_warn(hw->wlandev->netdev, 379 "%s tx pipe stalled: requesting reset\n", 380 netdev->name); 381 set_bit(WORK_TX_HALT, &hw->usb_flags); 382 schedule_work(&hw->usb_work); 383 } else if (result == 0) { 384 netif_stop_queue(netdev); 385 } 386 } 387 } 388 389 return result; 390 } 391 392 /*---------------------------------------------------------------- 393 * hfa394x_usb_defer 394 * 395 * There are some things that the USB stack cannot do while 396 * in interrupt context, so we arrange this function to run 397 * in process context. 398 * 399 * Arguments: 400 * hw device structure 401 * 402 * Returns: 403 * nothing 404 * 405 * Call context: 406 * process (by design) 407 *---------------------------------------------------------------- 408 */ 409 static void hfa384x_usb_defer(struct work_struct *data) 410 { 411 struct hfa384x *hw = container_of(data, struct hfa384x, usb_work); 412 struct net_device *netdev = hw->wlandev->netdev; 413 414 /* Don't bother trying to reset anything if the plug 415 * has been pulled ... 416 */ 417 if (hw->wlandev->hwremoved) 418 return; 419 420 /* Reception has stopped: try to reset the input pipe */ 421 if (test_bit(WORK_RX_HALT, &hw->usb_flags)) { 422 int ret; 423 424 usb_kill_urb(&hw->rx_urb); /* Cannot be holding spinlock! */ 425 426 ret = usb_clear_halt(hw->usb, hw->endp_in); 427 if (ret != 0) { 428 netdev_err(hw->wlandev->netdev, 429 "Failed to clear rx pipe for %s: err=%d\n", 430 netdev->name, ret); 431 } else { 432 netdev_info(hw->wlandev->netdev, "%s rx pipe reset complete.\n", 433 netdev->name); 434 clear_bit(WORK_RX_HALT, &hw->usb_flags); 435 set_bit(WORK_RX_RESUME, &hw->usb_flags); 436 } 437 } 438 439 /* Resume receiving data back from the device. */ 440 if (test_bit(WORK_RX_RESUME, &hw->usb_flags)) { 441 int ret; 442 443 ret = submit_rx_urb(hw, GFP_KERNEL); 444 if (ret != 0) { 445 netdev_err(hw->wlandev->netdev, 446 "Failed to resume %s rx pipe.\n", 447 netdev->name); 448 } else { 449 clear_bit(WORK_RX_RESUME, &hw->usb_flags); 450 } 451 } 452 453 /* Transmission has stopped: try to reset the output pipe */ 454 if (test_bit(WORK_TX_HALT, &hw->usb_flags)) { 455 int ret; 456 457 usb_kill_urb(&hw->tx_urb); 458 ret = usb_clear_halt(hw->usb, hw->endp_out); 459 if (ret != 0) { 460 netdev_err(hw->wlandev->netdev, 461 "Failed to clear tx pipe for %s: err=%d\n", 462 netdev->name, ret); 463 } else { 464 netdev_info(hw->wlandev->netdev, "%s tx pipe reset complete.\n", 465 netdev->name); 466 clear_bit(WORK_TX_HALT, &hw->usb_flags); 467 set_bit(WORK_TX_RESUME, &hw->usb_flags); 468 469 /* Stopping the BULK-OUT pipe also blocked 470 * us from sending any more CTLX URBs, so 471 * we need to re-run our queue ... 472 */ 473 hfa384x_usbctlxq_run(hw); 474 } 475 } 476 477 /* Resume transmitting. */ 478 if (test_and_clear_bit(WORK_TX_RESUME, &hw->usb_flags)) 479 netif_wake_queue(hw->wlandev->netdev); 480 } 481 482 /*---------------------------------------------------------------- 483 * hfa384x_create 484 * 485 * Sets up the struct hfa384x data structure for use. Note this 486 * does _not_ initialize the actual hardware, just the data structures 487 * we use to keep track of its state. 488 * 489 * Arguments: 490 * hw device structure 491 * irq device irq number 492 * iobase i/o base address for register access 493 * membase memory base address for register access 494 * 495 * Returns: 496 * nothing 497 * 498 * Side effects: 499 * 500 * Call context: 501 * process 502 *---------------------------------------------------------------- 503 */ 504 void hfa384x_create(struct hfa384x *hw, struct usb_device *usb) 505 { 506 hw->usb = usb; 507 508 /* Set up the waitq */ 509 init_waitqueue_head(&hw->cmdq); 510 511 /* Initialize the command queue */ 512 spin_lock_init(&hw->ctlxq.lock); 513 INIT_LIST_HEAD(&hw->ctlxq.pending); 514 INIT_LIST_HEAD(&hw->ctlxq.active); 515 INIT_LIST_HEAD(&hw->ctlxq.completing); 516 INIT_LIST_HEAD(&hw->ctlxq.reapable); 517 518 /* Initialize the authentication queue */ 519 skb_queue_head_init(&hw->authq); 520 521 INIT_WORK(&hw->reaper_bh, hfa384x_usbctlx_reaper_task); 522 INIT_WORK(&hw->completion_bh, hfa384x_usbctlx_completion_task); 523 INIT_WORK(&hw->link_bh, prism2sta_processing_defer); 524 INIT_WORK(&hw->usb_work, hfa384x_usb_defer); 525 526 timer_setup(&hw->throttle, hfa384x_usb_throttlefn, 0); 527 528 timer_setup(&hw->resptimer, hfa384x_usbctlx_resptimerfn, 0); 529 530 timer_setup(&hw->reqtimer, hfa384x_usbctlx_reqtimerfn, 0); 531 532 usb_init_urb(&hw->rx_urb); 533 usb_init_urb(&hw->tx_urb); 534 usb_init_urb(&hw->ctlx_urb); 535 536 hw->link_status = HFA384x_LINK_NOTCONNECTED; 537 hw->state = HFA384x_STATE_INIT; 538 539 INIT_WORK(&hw->commsqual_bh, prism2sta_commsqual_defer); 540 timer_setup(&hw->commsqual_timer, prism2sta_commsqual_timer, 0); 541 } 542 543 /*---------------------------------------------------------------- 544 * hfa384x_destroy 545 * 546 * Partner to hfa384x_create(). This function cleans up the hw 547 * structure so that it can be freed by the caller using a simple 548 * kfree. Currently, this function is just a placeholder. If, at some 549 * point in the future, an hw in the 'shutdown' state requires a 'deep' 550 * kfree, this is where it should be done. Note that if this function 551 * is called on a _running_ hw structure, the drvr_stop() function is 552 * called. 553 * 554 * Arguments: 555 * hw device structure 556 * 557 * Returns: 558 * nothing, this function is not allowed to fail. 559 * 560 * Side effects: 561 * 562 * Call context: 563 * process 564 *---------------------------------------------------------------- 565 */ 566 void hfa384x_destroy(struct hfa384x *hw) 567 { 568 struct sk_buff *skb; 569 570 if (hw->state == HFA384x_STATE_RUNNING) 571 hfa384x_drvr_stop(hw); 572 hw->state = HFA384x_STATE_PREINIT; 573 574 kfree(hw->scanresults); 575 hw->scanresults = NULL; 576 577 /* Now to clean out the auth queue */ 578 while ((skb = skb_dequeue(&hw->authq))) 579 dev_kfree_skb(skb); 580 } 581 582 static struct hfa384x_usbctlx *usbctlx_alloc(void) 583 { 584 struct hfa384x_usbctlx *ctlx; 585 586 ctlx = kzalloc(sizeof(*ctlx), 587 in_interrupt() ? GFP_ATOMIC : GFP_KERNEL); 588 if (ctlx) 589 init_completion(&ctlx->done); 590 591 return ctlx; 592 } 593 594 static int 595 usbctlx_get_status(const struct hfa384x_usb_statusresp *cmdresp, 596 struct hfa384x_cmdresult *result) 597 { 598 result->status = le16_to_cpu(cmdresp->status); 599 result->resp0 = le16_to_cpu(cmdresp->resp0); 600 result->resp1 = le16_to_cpu(cmdresp->resp1); 601 result->resp2 = le16_to_cpu(cmdresp->resp2); 602 603 pr_debug("cmdresult:status=0x%04x resp0=0x%04x resp1=0x%04x resp2=0x%04x\n", 604 result->status, result->resp0, result->resp1, result->resp2); 605 606 return result->status & HFA384x_STATUS_RESULT; 607 } 608 609 static void 610 usbctlx_get_rridresult(const struct hfa384x_usb_rridresp *rridresp, 611 struct hfa384x_rridresult *result) 612 { 613 result->rid = le16_to_cpu(rridresp->rid); 614 result->riddata = rridresp->data; 615 result->riddata_len = ((le16_to_cpu(rridresp->frmlen) - 1) * 2); 616 } 617 618 /*---------------------------------------------------------------- 619 * Completor object: 620 * This completor must be passed to hfa384x_usbctlx_complete_sync() 621 * when processing a CTLX that returns a struct hfa384x_cmdresult structure. 622 *---------------------------------------------------------------- 623 */ 624 struct usbctlx_cmd_completor { 625 struct usbctlx_completor head; 626 627 const struct hfa384x_usb_statusresp *cmdresp; 628 struct hfa384x_cmdresult *result; 629 }; 630 631 static inline int usbctlx_cmd_completor_fn(struct usbctlx_completor *head) 632 { 633 struct usbctlx_cmd_completor *complete; 634 635 complete = (struct usbctlx_cmd_completor *)head; 636 return usbctlx_get_status(complete->cmdresp, complete->result); 637 } 638 639 static inline struct usbctlx_completor * 640 init_cmd_completor(struct usbctlx_cmd_completor *completor, 641 const struct hfa384x_usb_statusresp *cmdresp, 642 struct hfa384x_cmdresult *result) 643 { 644 completor->head.complete = usbctlx_cmd_completor_fn; 645 completor->cmdresp = cmdresp; 646 completor->result = result; 647 return &completor->head; 648 } 649 650 /*---------------------------------------------------------------- 651 * Completor object: 652 * This completor must be passed to hfa384x_usbctlx_complete_sync() 653 * when processing a CTLX that reads a RID. 654 *---------------------------------------------------------------- 655 */ 656 struct usbctlx_rrid_completor { 657 struct usbctlx_completor head; 658 659 const struct hfa384x_usb_rridresp *rridresp; 660 void *riddata; 661 unsigned int riddatalen; 662 }; 663 664 static int usbctlx_rrid_completor_fn(struct usbctlx_completor *head) 665 { 666 struct usbctlx_rrid_completor *complete; 667 struct hfa384x_rridresult rridresult; 668 669 complete = (struct usbctlx_rrid_completor *)head; 670 usbctlx_get_rridresult(complete->rridresp, &rridresult); 671 672 /* Validate the length, note body len calculation in bytes */ 673 if (rridresult.riddata_len != complete->riddatalen) { 674 pr_warn("RID len mismatch, rid=0x%04x hlen=%d fwlen=%d\n", 675 rridresult.rid, 676 complete->riddatalen, rridresult.riddata_len); 677 return -ENODATA; 678 } 679 680 memcpy(complete->riddata, rridresult.riddata, complete->riddatalen); 681 return 0; 682 } 683 684 static inline struct usbctlx_completor * 685 init_rrid_completor(struct usbctlx_rrid_completor *completor, 686 const struct hfa384x_usb_rridresp *rridresp, 687 void *riddata, 688 unsigned int riddatalen) 689 { 690 completor->head.complete = usbctlx_rrid_completor_fn; 691 completor->rridresp = rridresp; 692 completor->riddata = riddata; 693 completor->riddatalen = riddatalen; 694 return &completor->head; 695 } 696 697 /*---------------------------------------------------------------- 698 * Completor object: 699 * Interprets the results of a synchronous RID-write 700 *---------------------------------------------------------------- 701 */ 702 #define init_wrid_completor init_cmd_completor 703 704 /*---------------------------------------------------------------- 705 * Completor object: 706 * Interprets the results of a synchronous memory-write 707 *---------------------------------------------------------------- 708 */ 709 #define init_wmem_completor init_cmd_completor 710 711 /*---------------------------------------------------------------- 712 * Completor object: 713 * Interprets the results of a synchronous memory-read 714 *---------------------------------------------------------------- 715 */ 716 struct usbctlx_rmem_completor { 717 struct usbctlx_completor head; 718 719 const struct hfa384x_usb_rmemresp *rmemresp; 720 void *data; 721 unsigned int len; 722 }; 723 724 static int usbctlx_rmem_completor_fn(struct usbctlx_completor *head) 725 { 726 struct usbctlx_rmem_completor *complete = 727 (struct usbctlx_rmem_completor *)head; 728 729 pr_debug("rmemresp:len=%d\n", complete->rmemresp->frmlen); 730 memcpy(complete->data, complete->rmemresp->data, complete->len); 731 return 0; 732 } 733 734 static inline struct usbctlx_completor * 735 init_rmem_completor(struct usbctlx_rmem_completor *completor, 736 struct hfa384x_usb_rmemresp *rmemresp, 737 void *data, 738 unsigned int len) 739 { 740 completor->head.complete = usbctlx_rmem_completor_fn; 741 completor->rmemresp = rmemresp; 742 completor->data = data; 743 completor->len = len; 744 return &completor->head; 745 } 746 747 /*---------------------------------------------------------------- 748 * hfa384x_cb_status 749 * 750 * Ctlx_complete handler for async CMD type control exchanges. 751 * mark the hw struct as such. 752 * 753 * Note: If the handling is changed here, it should probably be 754 * changed in docmd as well. 755 * 756 * Arguments: 757 * hw hw struct 758 * ctlx completed CTLX 759 * 760 * Returns: 761 * nothing 762 * 763 * Side effects: 764 * 765 * Call context: 766 * interrupt 767 *---------------------------------------------------------------- 768 */ 769 static void hfa384x_cb_status(struct hfa384x *hw, 770 const struct hfa384x_usbctlx *ctlx) 771 { 772 if (ctlx->usercb) { 773 struct hfa384x_cmdresult cmdresult; 774 775 if (ctlx->state != CTLX_COMPLETE) { 776 memset(&cmdresult, 0, sizeof(cmdresult)); 777 cmdresult.status = 778 HFA384x_STATUS_RESULT_SET(HFA384x_CMD_ERR); 779 } else { 780 usbctlx_get_status(&ctlx->inbuf.cmdresp, &cmdresult); 781 } 782 783 ctlx->usercb(hw, &cmdresult, ctlx->usercb_data); 784 } 785 } 786 787 /*---------------------------------------------------------------- 788 * hfa384x_cmd_initialize 789 * 790 * Issues the initialize command and sets the hw->state based 791 * on the result. 792 * 793 * Arguments: 794 * hw device structure 795 * 796 * Returns: 797 * 0 success 798 * >0 f/w reported error - f/w status code 799 * <0 driver reported error 800 * 801 * Side effects: 802 * 803 * Call context: 804 * process 805 *---------------------------------------------------------------- 806 */ 807 int hfa384x_cmd_initialize(struct hfa384x *hw) 808 { 809 int result = 0; 810 int i; 811 struct hfa384x_metacmd cmd; 812 813 cmd.cmd = HFA384x_CMDCODE_INIT; 814 cmd.parm0 = 0; 815 cmd.parm1 = 0; 816 cmd.parm2 = 0; 817 818 result = hfa384x_docmd(hw, &cmd); 819 820 pr_debug("cmdresp.init: status=0x%04x, resp0=0x%04x, resp1=0x%04x, resp2=0x%04x\n", 821 cmd.result.status, 822 cmd.result.resp0, cmd.result.resp1, cmd.result.resp2); 823 if (result == 0) { 824 for (i = 0; i < HFA384x_NUMPORTS_MAX; i++) 825 hw->port_enabled[i] = 0; 826 } 827 828 hw->link_status = HFA384x_LINK_NOTCONNECTED; 829 830 return result; 831 } 832 833 /*---------------------------------------------------------------- 834 * hfa384x_cmd_disable 835 * 836 * Issues the disable command to stop communications on one of 837 * the MACs 'ports'. 838 * 839 * Arguments: 840 * hw device structure 841 * macport MAC port number (host order) 842 * 843 * Returns: 844 * 0 success 845 * >0 f/w reported failure - f/w status code 846 * <0 driver reported error (timeout|bad arg) 847 * 848 * Side effects: 849 * 850 * Call context: 851 * process 852 *---------------------------------------------------------------- 853 */ 854 int hfa384x_cmd_disable(struct hfa384x *hw, u16 macport) 855 { 856 struct hfa384x_metacmd cmd; 857 858 cmd.cmd = HFA384x_CMD_CMDCODE_SET(HFA384x_CMDCODE_DISABLE) | 859 HFA384x_CMD_MACPORT_SET(macport); 860 cmd.parm0 = 0; 861 cmd.parm1 = 0; 862 cmd.parm2 = 0; 863 864 return hfa384x_docmd(hw, &cmd); 865 } 866 867 /*---------------------------------------------------------------- 868 * hfa384x_cmd_enable 869 * 870 * Issues the enable command to enable communications on one of 871 * the MACs 'ports'. 872 * 873 * Arguments: 874 * hw device structure 875 * macport MAC port number 876 * 877 * Returns: 878 * 0 success 879 * >0 f/w reported failure - f/w status code 880 * <0 driver reported error (timeout|bad arg) 881 * 882 * Side effects: 883 * 884 * Call context: 885 * process 886 *---------------------------------------------------------------- 887 */ 888 int hfa384x_cmd_enable(struct hfa384x *hw, u16 macport) 889 { 890 struct hfa384x_metacmd cmd; 891 892 cmd.cmd = HFA384x_CMD_CMDCODE_SET(HFA384x_CMDCODE_ENABLE) | 893 HFA384x_CMD_MACPORT_SET(macport); 894 cmd.parm0 = 0; 895 cmd.parm1 = 0; 896 cmd.parm2 = 0; 897 898 return hfa384x_docmd(hw, &cmd); 899 } 900 901 /*---------------------------------------------------------------- 902 * hfa384x_cmd_monitor 903 * 904 * Enables the 'monitor mode' of the MAC. Here's the description of 905 * monitor mode that I've received thus far: 906 * 907 * "The "monitor mode" of operation is that the MAC passes all 908 * frames for which the PLCP checks are correct. All received 909 * MPDUs are passed to the host with MAC Port = 7, with a 910 * receive status of good, FCS error, or undecryptable. Passing 911 * certain MPDUs is a violation of the 802.11 standard, but useful 912 * for a debugging tool." Normal communication is not possible 913 * while monitor mode is enabled. 914 * 915 * Arguments: 916 * hw device structure 917 * enable a code (0x0b|0x0f) that enables/disables 918 * monitor mode. (host order) 919 * 920 * Returns: 921 * 0 success 922 * >0 f/w reported failure - f/w status code 923 * <0 driver reported error (timeout|bad arg) 924 * 925 * Side effects: 926 * 927 * Call context: 928 * process 929 *---------------------------------------------------------------- 930 */ 931 int hfa384x_cmd_monitor(struct hfa384x *hw, u16 enable) 932 { 933 struct hfa384x_metacmd cmd; 934 935 cmd.cmd = HFA384x_CMD_CMDCODE_SET(HFA384x_CMDCODE_MONITOR) | 936 HFA384x_CMD_AINFO_SET(enable); 937 cmd.parm0 = 0; 938 cmd.parm1 = 0; 939 cmd.parm2 = 0; 940 941 return hfa384x_docmd(hw, &cmd); 942 } 943 944 /*---------------------------------------------------------------- 945 * hfa384x_cmd_download 946 * 947 * Sets the controls for the MAC controller code/data download 948 * process. The arguments set the mode and address associated 949 * with a download. Note that the aux registers should be enabled 950 * prior to setting one of the download enable modes. 951 * 952 * Arguments: 953 * hw device structure 954 * mode 0 - Disable programming and begin code exec 955 * 1 - Enable volatile mem programming 956 * 2 - Enable non-volatile mem programming 957 * 3 - Program non-volatile section from NV download 958 * buffer. 959 * (host order) 960 * lowaddr 961 * highaddr For mode 1, sets the high & low order bits of 962 * the "destination address". This address will be 963 * the execution start address when download is 964 * subsequently disabled. 965 * For mode 2, sets the high & low order bits of 966 * the destination in NV ram. 967 * For modes 0 & 3, should be zero. (host order) 968 * NOTE: these are CMD format. 969 * codelen Length of the data to write in mode 2, 970 * zero otherwise. (host order) 971 * 972 * Returns: 973 * 0 success 974 * >0 f/w reported failure - f/w status code 975 * <0 driver reported error (timeout|bad arg) 976 * 977 * Side effects: 978 * 979 * Call context: 980 * process 981 *---------------------------------------------------------------- 982 */ 983 int hfa384x_cmd_download(struct hfa384x *hw, u16 mode, u16 lowaddr, 984 u16 highaddr, u16 codelen) 985 { 986 struct hfa384x_metacmd cmd; 987 988 pr_debug("mode=%d, lowaddr=0x%04x, highaddr=0x%04x, codelen=%d\n", 989 mode, lowaddr, highaddr, codelen); 990 991 cmd.cmd = (HFA384x_CMD_CMDCODE_SET(HFA384x_CMDCODE_DOWNLD) | 992 HFA384x_CMD_PROGMODE_SET(mode)); 993 994 cmd.parm0 = lowaddr; 995 cmd.parm1 = highaddr; 996 cmd.parm2 = codelen; 997 998 return hfa384x_docmd(hw, &cmd); 999 } 1000 1001 /*---------------------------------------------------------------- 1002 * hfa384x_corereset 1003 * 1004 * Perform a reset of the hfa38xx MAC core. We assume that the hw 1005 * structure is in its "created" state. That is, it is initialized 1006 * with proper values. Note that if a reset is done after the 1007 * device has been active for awhile, the caller might have to clean 1008 * up some leftover cruft in the hw structure. 1009 * 1010 * Arguments: 1011 * hw device structure 1012 * holdtime how long (in ms) to hold the reset 1013 * settletime how long (in ms) to wait after releasing 1014 * the reset 1015 * 1016 * Returns: 1017 * nothing 1018 * 1019 * Side effects: 1020 * 1021 * Call context: 1022 * process 1023 *---------------------------------------------------------------- 1024 */ 1025 int hfa384x_corereset(struct hfa384x *hw, int holdtime, 1026 int settletime, int genesis) 1027 { 1028 int result; 1029 1030 result = usb_reset_device(hw->usb); 1031 if (result < 0) { 1032 netdev_err(hw->wlandev->netdev, "usb_reset_device() failed, result=%d.\n", 1033 result); 1034 } 1035 1036 return result; 1037 } 1038 1039 /*---------------------------------------------------------------- 1040 * hfa384x_usbctlx_complete_sync 1041 * 1042 * Waits for a synchronous CTLX object to complete, 1043 * and then handles the response. 1044 * 1045 * Arguments: 1046 * hw device structure 1047 * ctlx CTLX ptr 1048 * completor functor object to decide what to 1049 * do with the CTLX's result. 1050 * 1051 * Returns: 1052 * 0 Success 1053 * -ERESTARTSYS Interrupted by a signal 1054 * -EIO CTLX failed 1055 * -ENODEV Adapter was unplugged 1056 * ??? Result from completor 1057 * 1058 * Side effects: 1059 * 1060 * Call context: 1061 * process 1062 *---------------------------------------------------------------- 1063 */ 1064 static int hfa384x_usbctlx_complete_sync(struct hfa384x *hw, 1065 struct hfa384x_usbctlx *ctlx, 1066 struct usbctlx_completor *completor) 1067 { 1068 unsigned long flags; 1069 int result; 1070 1071 result = wait_for_completion_interruptible(&ctlx->done); 1072 1073 spin_lock_irqsave(&hw->ctlxq.lock, flags); 1074 1075 /* 1076 * We can only handle the CTLX if the USB disconnect 1077 * function has not run yet ... 1078 */ 1079 cleanup: 1080 if (hw->wlandev->hwremoved) { 1081 spin_unlock_irqrestore(&hw->ctlxq.lock, flags); 1082 result = -ENODEV; 1083 } else if (result != 0) { 1084 int runqueue = 0; 1085 1086 /* 1087 * We were probably interrupted, so delete 1088 * this CTLX asynchronously, kill the timers 1089 * and the URB, and then start the next 1090 * pending CTLX. 1091 * 1092 * NOTE: We can only delete the timers and 1093 * the URB if this CTLX is active. 1094 */ 1095 if (ctlx == get_active_ctlx(hw)) { 1096 spin_unlock_irqrestore(&hw->ctlxq.lock, flags); 1097 1098 del_timer_sync(&hw->reqtimer); 1099 del_timer_sync(&hw->resptimer); 1100 hw->req_timer_done = 1; 1101 hw->resp_timer_done = 1; 1102 usb_kill_urb(&hw->ctlx_urb); 1103 1104 spin_lock_irqsave(&hw->ctlxq.lock, flags); 1105 1106 runqueue = 1; 1107 1108 /* 1109 * This scenario is so unlikely that I'm 1110 * happy with a grubby "goto" solution ... 1111 */ 1112 if (hw->wlandev->hwremoved) 1113 goto cleanup; 1114 } 1115 1116 /* 1117 * The completion task will send this CTLX 1118 * to the reaper the next time it runs. We 1119 * are no longer in a hurry. 1120 */ 1121 ctlx->reapable = 1; 1122 ctlx->state = CTLX_REQ_FAILED; 1123 list_move_tail(&ctlx->list, &hw->ctlxq.completing); 1124 1125 spin_unlock_irqrestore(&hw->ctlxq.lock, flags); 1126 1127 if (runqueue) 1128 hfa384x_usbctlxq_run(hw); 1129 } else { 1130 if (ctlx->state == CTLX_COMPLETE) { 1131 result = completor->complete(completor); 1132 } else { 1133 netdev_warn(hw->wlandev->netdev, "CTLX[%d] error: state(%s)\n", 1134 le16_to_cpu(ctlx->outbuf.type), 1135 ctlxstr(ctlx->state)); 1136 result = -EIO; 1137 } 1138 1139 list_del(&ctlx->list); 1140 spin_unlock_irqrestore(&hw->ctlxq.lock, flags); 1141 kfree(ctlx); 1142 } 1143 1144 return result; 1145 } 1146 1147 /*---------------------------------------------------------------- 1148 * hfa384x_docmd 1149 * 1150 * Constructs a command CTLX and submits it. 1151 * 1152 * NOTE: Any changes to the 'post-submit' code in this function 1153 * need to be carried over to hfa384x_cbcmd() since the handling 1154 * is virtually identical. 1155 * 1156 * Arguments: 1157 * hw device structure 1158 * cmd cmd structure. Includes all arguments and result 1159 * data points. All in host order. in host order 1160 * 1161 * Returns: 1162 * 0 success 1163 * -EIO CTLX failure 1164 * -ERESTARTSYS Awakened on signal 1165 * >0 command indicated error, Status and Resp0-2 are 1166 * in hw structure. 1167 * 1168 * Side effects: 1169 * 1170 * 1171 * Call context: 1172 * process 1173 *---------------------------------------------------------------- 1174 */ 1175 static inline int 1176 hfa384x_docmd(struct hfa384x *hw, 1177 struct hfa384x_metacmd *cmd) 1178 { 1179 int result; 1180 struct hfa384x_usbctlx *ctlx; 1181 1182 ctlx = usbctlx_alloc(); 1183 if (!ctlx) { 1184 result = -ENOMEM; 1185 goto done; 1186 } 1187 1188 /* Initialize the command */ 1189 ctlx->outbuf.cmdreq.type = cpu_to_le16(HFA384x_USB_CMDREQ); 1190 ctlx->outbuf.cmdreq.cmd = cpu_to_le16(cmd->cmd); 1191 ctlx->outbuf.cmdreq.parm0 = cpu_to_le16(cmd->parm0); 1192 ctlx->outbuf.cmdreq.parm1 = cpu_to_le16(cmd->parm1); 1193 ctlx->outbuf.cmdreq.parm2 = cpu_to_le16(cmd->parm2); 1194 1195 ctlx->outbufsize = sizeof(ctlx->outbuf.cmdreq); 1196 1197 pr_debug("cmdreq: cmd=0x%04x parm0=0x%04x parm1=0x%04x parm2=0x%04x\n", 1198 cmd->cmd, cmd->parm0, cmd->parm1, cmd->parm2); 1199 1200 ctlx->reapable = DOWAIT; 1201 ctlx->cmdcb = NULL; 1202 ctlx->usercb = NULL; 1203 ctlx->usercb_data = NULL; 1204 1205 result = hfa384x_usbctlx_submit(hw, ctlx); 1206 if (result != 0) { 1207 kfree(ctlx); 1208 } else { 1209 struct usbctlx_cmd_completor cmd_completor; 1210 struct usbctlx_completor *completor; 1211 1212 completor = init_cmd_completor(&cmd_completor, 1213 &ctlx->inbuf.cmdresp, 1214 &cmd->result); 1215 1216 result = hfa384x_usbctlx_complete_sync(hw, ctlx, completor); 1217 } 1218 1219 done: 1220 return result; 1221 } 1222 1223 /*---------------------------------------------------------------- 1224 * hfa384x_dorrid 1225 * 1226 * Constructs a read rid CTLX and issues it. 1227 * 1228 * NOTE: Any changes to the 'post-submit' code in this function 1229 * need to be carried over to hfa384x_cbrrid() since the handling 1230 * is virtually identical. 1231 * 1232 * Arguments: 1233 * hw device structure 1234 * mode DOWAIT or DOASYNC 1235 * rid Read RID number (host order) 1236 * riddata Caller supplied buffer that MAC formatted RID.data 1237 * record will be written to for DOWAIT calls. Should 1238 * be NULL for DOASYNC calls. 1239 * riddatalen Buffer length for DOWAIT calls. Zero for DOASYNC calls. 1240 * cmdcb command callback for async calls, NULL for DOWAIT calls 1241 * usercb user callback for async calls, NULL for DOWAIT calls 1242 * usercb_data user supplied data pointer for async calls, NULL 1243 * for DOWAIT calls 1244 * 1245 * Returns: 1246 * 0 success 1247 * -EIO CTLX failure 1248 * -ERESTARTSYS Awakened on signal 1249 * -ENODATA riddatalen != macdatalen 1250 * >0 command indicated error, Status and Resp0-2 are 1251 * in hw structure. 1252 * 1253 * Side effects: 1254 * 1255 * Call context: 1256 * interrupt (DOASYNC) 1257 * process (DOWAIT or DOASYNC) 1258 *---------------------------------------------------------------- 1259 */ 1260 static int 1261 hfa384x_dorrid(struct hfa384x *hw, 1262 enum cmd_mode mode, 1263 u16 rid, 1264 void *riddata, 1265 unsigned int riddatalen, 1266 ctlx_cmdcb_t cmdcb, ctlx_usercb_t usercb, void *usercb_data) 1267 { 1268 int result; 1269 struct hfa384x_usbctlx *ctlx; 1270 1271 ctlx = usbctlx_alloc(); 1272 if (!ctlx) { 1273 result = -ENOMEM; 1274 goto done; 1275 } 1276 1277 /* Initialize the command */ 1278 ctlx->outbuf.rridreq.type = cpu_to_le16(HFA384x_USB_RRIDREQ); 1279 ctlx->outbuf.rridreq.frmlen = 1280 cpu_to_le16(sizeof(ctlx->outbuf.rridreq.rid)); 1281 ctlx->outbuf.rridreq.rid = cpu_to_le16(rid); 1282 1283 ctlx->outbufsize = sizeof(ctlx->outbuf.rridreq); 1284 1285 ctlx->reapable = mode; 1286 ctlx->cmdcb = cmdcb; 1287 ctlx->usercb = usercb; 1288 ctlx->usercb_data = usercb_data; 1289 1290 /* Submit the CTLX */ 1291 result = hfa384x_usbctlx_submit(hw, ctlx); 1292 if (result != 0) { 1293 kfree(ctlx); 1294 } else if (mode == DOWAIT) { 1295 struct usbctlx_rrid_completor completor; 1296 1297 result = 1298 hfa384x_usbctlx_complete_sync(hw, ctlx, 1299 init_rrid_completor 1300 (&completor, 1301 &ctlx->inbuf.rridresp, 1302 riddata, riddatalen)); 1303 } 1304 1305 done: 1306 return result; 1307 } 1308 1309 /*---------------------------------------------------------------- 1310 * hfa384x_dowrid 1311 * 1312 * Constructs a write rid CTLX and issues it. 1313 * 1314 * NOTE: Any changes to the 'post-submit' code in this function 1315 * need to be carried over to hfa384x_cbwrid() since the handling 1316 * is virtually identical. 1317 * 1318 * Arguments: 1319 * hw device structure 1320 * enum cmd_mode DOWAIT or DOASYNC 1321 * rid RID code 1322 * riddata Data portion of RID formatted for MAC 1323 * riddatalen Length of the data portion in bytes 1324 * cmdcb command callback for async calls, NULL for DOWAIT calls 1325 * usercb user callback for async calls, NULL for DOWAIT calls 1326 * usercb_data user supplied data pointer for async calls 1327 * 1328 * Returns: 1329 * 0 success 1330 * -ETIMEDOUT timed out waiting for register ready or 1331 * command completion 1332 * >0 command indicated error, Status and Resp0-2 are 1333 * in hw structure. 1334 * 1335 * Side effects: 1336 * 1337 * Call context: 1338 * interrupt (DOASYNC) 1339 * process (DOWAIT or DOASYNC) 1340 *---------------------------------------------------------------- 1341 */ 1342 static int 1343 hfa384x_dowrid(struct hfa384x *hw, 1344 enum cmd_mode mode, 1345 u16 rid, 1346 void *riddata, 1347 unsigned int riddatalen, 1348 ctlx_cmdcb_t cmdcb, ctlx_usercb_t usercb, void *usercb_data) 1349 { 1350 int result; 1351 struct hfa384x_usbctlx *ctlx; 1352 1353 ctlx = usbctlx_alloc(); 1354 if (!ctlx) { 1355 result = -ENOMEM; 1356 goto done; 1357 } 1358 1359 /* Initialize the command */ 1360 ctlx->outbuf.wridreq.type = cpu_to_le16(HFA384x_USB_WRIDREQ); 1361 ctlx->outbuf.wridreq.frmlen = cpu_to_le16((sizeof 1362 (ctlx->outbuf.wridreq.rid) + 1363 riddatalen + 1) / 2); 1364 ctlx->outbuf.wridreq.rid = cpu_to_le16(rid); 1365 memcpy(ctlx->outbuf.wridreq.data, riddata, riddatalen); 1366 1367 ctlx->outbufsize = sizeof(ctlx->outbuf.wridreq.type) + 1368 sizeof(ctlx->outbuf.wridreq.frmlen) + 1369 sizeof(ctlx->outbuf.wridreq.rid) + riddatalen; 1370 1371 ctlx->reapable = mode; 1372 ctlx->cmdcb = cmdcb; 1373 ctlx->usercb = usercb; 1374 ctlx->usercb_data = usercb_data; 1375 1376 /* Submit the CTLX */ 1377 result = hfa384x_usbctlx_submit(hw, ctlx); 1378 if (result != 0) { 1379 kfree(ctlx); 1380 } else if (mode == DOWAIT) { 1381 struct usbctlx_cmd_completor completor; 1382 struct hfa384x_cmdresult wridresult; 1383 1384 result = hfa384x_usbctlx_complete_sync(hw, 1385 ctlx, 1386 init_wrid_completor 1387 (&completor, 1388 &ctlx->inbuf.wridresp, 1389 &wridresult)); 1390 } 1391 1392 done: 1393 return result; 1394 } 1395 1396 /*---------------------------------------------------------------- 1397 * hfa384x_dormem 1398 * 1399 * Constructs a readmem CTLX and issues it. 1400 * 1401 * NOTE: Any changes to the 'post-submit' code in this function 1402 * need to be carried over to hfa384x_cbrmem() since the handling 1403 * is virtually identical. 1404 * 1405 * Arguments: 1406 * hw device structure 1407 * page MAC address space page (CMD format) 1408 * offset MAC address space offset 1409 * data Ptr to data buffer to receive read 1410 * len Length of the data to read (max == 2048) 1411 * 1412 * Returns: 1413 * 0 success 1414 * -ETIMEDOUT timed out waiting for register ready or 1415 * command completion 1416 * >0 command indicated error, Status and Resp0-2 are 1417 * in hw structure. 1418 * 1419 * Side effects: 1420 * 1421 * Call context: 1422 * process (DOWAIT) 1423 *---------------------------------------------------------------- 1424 */ 1425 static int 1426 hfa384x_dormem(struct hfa384x *hw, 1427 u16 page, 1428 u16 offset, 1429 void *data, 1430 unsigned int len) 1431 { 1432 int result; 1433 struct hfa384x_usbctlx *ctlx; 1434 1435 ctlx = usbctlx_alloc(); 1436 if (!ctlx) { 1437 result = -ENOMEM; 1438 goto done; 1439 } 1440 1441 /* Initialize the command */ 1442 ctlx->outbuf.rmemreq.type = cpu_to_le16(HFA384x_USB_RMEMREQ); 1443 ctlx->outbuf.rmemreq.frmlen = 1444 cpu_to_le16(sizeof(ctlx->outbuf.rmemreq.offset) + 1445 sizeof(ctlx->outbuf.rmemreq.page) + len); 1446 ctlx->outbuf.rmemreq.offset = cpu_to_le16(offset); 1447 ctlx->outbuf.rmemreq.page = cpu_to_le16(page); 1448 1449 ctlx->outbufsize = sizeof(ctlx->outbuf.rmemreq); 1450 1451 pr_debug("type=0x%04x frmlen=%d offset=0x%04x page=0x%04x\n", 1452 ctlx->outbuf.rmemreq.type, 1453 ctlx->outbuf.rmemreq.frmlen, 1454 ctlx->outbuf.rmemreq.offset, ctlx->outbuf.rmemreq.page); 1455 1456 pr_debug("pktsize=%zd\n", ROUNDUP64(sizeof(ctlx->outbuf.rmemreq))); 1457 1458 ctlx->reapable = DOWAIT; 1459 ctlx->cmdcb = NULL; 1460 ctlx->usercb = NULL; 1461 ctlx->usercb_data = NULL; 1462 1463 result = hfa384x_usbctlx_submit(hw, ctlx); 1464 if (result != 0) { 1465 kfree(ctlx); 1466 } else { 1467 struct usbctlx_rmem_completor completor; 1468 1469 result = 1470 hfa384x_usbctlx_complete_sync(hw, ctlx, 1471 init_rmem_completor 1472 (&completor, 1473 &ctlx->inbuf.rmemresp, data, 1474 len)); 1475 } 1476 1477 done: 1478 return result; 1479 } 1480 1481 /*---------------------------------------------------------------- 1482 * hfa384x_dowmem 1483 * 1484 * Constructs a writemem CTLX and issues it. 1485 * 1486 * NOTE: Any changes to the 'post-submit' code in this function 1487 * need to be carried over to hfa384x_cbwmem() since the handling 1488 * is virtually identical. 1489 * 1490 * Arguments: 1491 * hw device structure 1492 * page MAC address space page (CMD format) 1493 * offset MAC address space offset 1494 * data Ptr to data buffer containing write data 1495 * len Length of the data to read (max == 2048) 1496 * 1497 * Returns: 1498 * 0 success 1499 * -ETIMEDOUT timed out waiting for register ready or 1500 * command completion 1501 * >0 command indicated error, Status and Resp0-2 are 1502 * in hw structure. 1503 * 1504 * Side effects: 1505 * 1506 * Call context: 1507 * interrupt (DOWAIT) 1508 * process (DOWAIT) 1509 *---------------------------------------------------------------- 1510 */ 1511 static int 1512 hfa384x_dowmem(struct hfa384x *hw, 1513 u16 page, 1514 u16 offset, 1515 void *data, 1516 unsigned int len) 1517 { 1518 int result; 1519 struct hfa384x_usbctlx *ctlx; 1520 1521 pr_debug("page=0x%04x offset=0x%04x len=%d\n", page, offset, len); 1522 1523 ctlx = usbctlx_alloc(); 1524 if (!ctlx) { 1525 result = -ENOMEM; 1526 goto done; 1527 } 1528 1529 /* Initialize the command */ 1530 ctlx->outbuf.wmemreq.type = cpu_to_le16(HFA384x_USB_WMEMREQ); 1531 ctlx->outbuf.wmemreq.frmlen = 1532 cpu_to_le16(sizeof(ctlx->outbuf.wmemreq.offset) + 1533 sizeof(ctlx->outbuf.wmemreq.page) + len); 1534 ctlx->outbuf.wmemreq.offset = cpu_to_le16(offset); 1535 ctlx->outbuf.wmemreq.page = cpu_to_le16(page); 1536 memcpy(ctlx->outbuf.wmemreq.data, data, len); 1537 1538 ctlx->outbufsize = sizeof(ctlx->outbuf.wmemreq.type) + 1539 sizeof(ctlx->outbuf.wmemreq.frmlen) + 1540 sizeof(ctlx->outbuf.wmemreq.offset) + 1541 sizeof(ctlx->outbuf.wmemreq.page) + len; 1542 1543 ctlx->reapable = DOWAIT; 1544 ctlx->cmdcb = NULL; 1545 ctlx->usercb = NULL; 1546 ctlx->usercb_data = NULL; 1547 1548 result = hfa384x_usbctlx_submit(hw, ctlx); 1549 if (result != 0) { 1550 kfree(ctlx); 1551 } else { 1552 struct usbctlx_cmd_completor completor; 1553 struct hfa384x_cmdresult wmemresult; 1554 1555 result = hfa384x_usbctlx_complete_sync(hw, 1556 ctlx, 1557 init_wmem_completor 1558 (&completor, 1559 &ctlx->inbuf.wmemresp, 1560 &wmemresult)); 1561 } 1562 1563 done: 1564 return result; 1565 } 1566 1567 /*---------------------------------------------------------------- 1568 * hfa384x_drvr_disable 1569 * 1570 * Issues the disable command to stop communications on one of 1571 * the MACs 'ports'. Only macport 0 is valid for stations. 1572 * APs may also disable macports 1-6. Only ports that have been 1573 * previously enabled may be disabled. 1574 * 1575 * Arguments: 1576 * hw device structure 1577 * macport MAC port number (host order) 1578 * 1579 * Returns: 1580 * 0 success 1581 * >0 f/w reported failure - f/w status code 1582 * <0 driver reported error (timeout|bad arg) 1583 * 1584 * Side effects: 1585 * 1586 * Call context: 1587 * process 1588 *---------------------------------------------------------------- 1589 */ 1590 int hfa384x_drvr_disable(struct hfa384x *hw, u16 macport) 1591 { 1592 int result = 0; 1593 1594 if ((!hw->isap && macport != 0) || 1595 (hw->isap && !(macport <= HFA384x_PORTID_MAX)) || 1596 !(hw->port_enabled[macport])) { 1597 result = -EINVAL; 1598 } else { 1599 result = hfa384x_cmd_disable(hw, macport); 1600 if (result == 0) 1601 hw->port_enabled[macport] = 0; 1602 } 1603 return result; 1604 } 1605 1606 /*---------------------------------------------------------------- 1607 * hfa384x_drvr_enable 1608 * 1609 * Issues the enable command to enable communications on one of 1610 * the MACs 'ports'. Only macport 0 is valid for stations. 1611 * APs may also enable macports 1-6. Only ports that are currently 1612 * disabled may be enabled. 1613 * 1614 * Arguments: 1615 * hw device structure 1616 * macport MAC port number 1617 * 1618 * Returns: 1619 * 0 success 1620 * >0 f/w reported failure - f/w status code 1621 * <0 driver reported error (timeout|bad arg) 1622 * 1623 * Side effects: 1624 * 1625 * Call context: 1626 * process 1627 *---------------------------------------------------------------- 1628 */ 1629 int hfa384x_drvr_enable(struct hfa384x *hw, u16 macport) 1630 { 1631 int result = 0; 1632 1633 if ((!hw->isap && macport != 0) || 1634 (hw->isap && !(macport <= HFA384x_PORTID_MAX)) || 1635 (hw->port_enabled[macport])) { 1636 result = -EINVAL; 1637 } else { 1638 result = hfa384x_cmd_enable(hw, macport); 1639 if (result == 0) 1640 hw->port_enabled[macport] = 1; 1641 } 1642 return result; 1643 } 1644 1645 /*---------------------------------------------------------------- 1646 * hfa384x_drvr_flashdl_enable 1647 * 1648 * Begins the flash download state. Checks to see that we're not 1649 * already in a download state and that a port isn't enabled. 1650 * Sets the download state and retrieves the flash download 1651 * buffer location, buffer size, and timeout length. 1652 * 1653 * Arguments: 1654 * hw device structure 1655 * 1656 * Returns: 1657 * 0 success 1658 * >0 f/w reported error - f/w status code 1659 * <0 driver reported error 1660 * 1661 * Side effects: 1662 * 1663 * Call context: 1664 * process 1665 *---------------------------------------------------------------- 1666 */ 1667 int hfa384x_drvr_flashdl_enable(struct hfa384x *hw) 1668 { 1669 int result = 0; 1670 int i; 1671 1672 /* Check that a port isn't active */ 1673 for (i = 0; i < HFA384x_PORTID_MAX; i++) { 1674 if (hw->port_enabled[i]) { 1675 pr_debug("called when port enabled.\n"); 1676 return -EINVAL; 1677 } 1678 } 1679 1680 /* Check that we're not already in a download state */ 1681 if (hw->dlstate != HFA384x_DLSTATE_DISABLED) 1682 return -EINVAL; 1683 1684 /* Retrieve the buffer loc&size and timeout */ 1685 result = hfa384x_drvr_getconfig(hw, HFA384x_RID_DOWNLOADBUFFER, 1686 &hw->bufinfo, sizeof(hw->bufinfo)); 1687 if (result) 1688 return result; 1689 1690 le16_to_cpus(&hw->bufinfo.page); 1691 le16_to_cpus(&hw->bufinfo.offset); 1692 le16_to_cpus(&hw->bufinfo.len); 1693 result = hfa384x_drvr_getconfig16(hw, HFA384x_RID_MAXLOADTIME, 1694 &hw->dltimeout); 1695 if (result) 1696 return result; 1697 1698 le16_to_cpus(&hw->dltimeout); 1699 1700 pr_debug("flashdl_enable\n"); 1701 1702 hw->dlstate = HFA384x_DLSTATE_FLASHENABLED; 1703 1704 return result; 1705 } 1706 1707 /*---------------------------------------------------------------- 1708 * hfa384x_drvr_flashdl_disable 1709 * 1710 * Ends the flash download state. Note that this will cause the MAC 1711 * firmware to restart. 1712 * 1713 * Arguments: 1714 * hw device structure 1715 * 1716 * Returns: 1717 * 0 success 1718 * >0 f/w reported error - f/w status code 1719 * <0 driver reported error 1720 * 1721 * Side effects: 1722 * 1723 * Call context: 1724 * process 1725 *---------------------------------------------------------------- 1726 */ 1727 int hfa384x_drvr_flashdl_disable(struct hfa384x *hw) 1728 { 1729 /* Check that we're already in the download state */ 1730 if (hw->dlstate != HFA384x_DLSTATE_FLASHENABLED) 1731 return -EINVAL; 1732 1733 pr_debug("flashdl_enable\n"); 1734 1735 /* There isn't much we can do at this point, so I don't */ 1736 /* bother w/ the return value */ 1737 hfa384x_cmd_download(hw, HFA384x_PROGMODE_DISABLE, 0, 0, 0); 1738 hw->dlstate = HFA384x_DLSTATE_DISABLED; 1739 1740 return 0; 1741 } 1742 1743 /*---------------------------------------------------------------- 1744 * hfa384x_drvr_flashdl_write 1745 * 1746 * Performs a FLASH download of a chunk of data. First checks to see 1747 * that we're in the FLASH download state, then sets the download 1748 * mode, uses the aux functions to 1) copy the data to the flash 1749 * buffer, 2) sets the download 'write flash' mode, 3) readback and 1750 * compare. Lather rinse, repeat as many times an necessary to get 1751 * all the given data into flash. 1752 * When all data has been written using this function (possibly 1753 * repeatedly), call drvr_flashdl_disable() to end the download state 1754 * and restart the MAC. 1755 * 1756 * Arguments: 1757 * hw device structure 1758 * daddr Card address to write to. (host order) 1759 * buf Ptr to data to write. 1760 * len Length of data (host order). 1761 * 1762 * Returns: 1763 * 0 success 1764 * >0 f/w reported error - f/w status code 1765 * <0 driver reported error 1766 * 1767 * Side effects: 1768 * 1769 * Call context: 1770 * process 1771 *---------------------------------------------------------------- 1772 */ 1773 int hfa384x_drvr_flashdl_write(struct hfa384x *hw, u32 daddr, 1774 void *buf, u32 len) 1775 { 1776 int result = 0; 1777 u32 dlbufaddr; 1778 int nburns; 1779 u32 burnlen; 1780 u32 burndaddr; 1781 u16 burnlo; 1782 u16 burnhi; 1783 int nwrites; 1784 u8 *writebuf; 1785 u16 writepage; 1786 u16 writeoffset; 1787 u32 writelen; 1788 int i; 1789 int j; 1790 1791 pr_debug("daddr=0x%08x len=%d\n", daddr, len); 1792 1793 /* Check that we're in the flash download state */ 1794 if (hw->dlstate != HFA384x_DLSTATE_FLASHENABLED) 1795 return -EINVAL; 1796 1797 netdev_info(hw->wlandev->netdev, 1798 "Download %d bytes to flash @0x%06x\n", len, daddr); 1799 1800 /* Convert to flat address for arithmetic */ 1801 /* NOTE: dlbuffer RID stores the address in AUX format */ 1802 dlbufaddr = 1803 HFA384x_ADDR_AUX_MKFLAT(hw->bufinfo.page, hw->bufinfo.offset); 1804 pr_debug("dlbuf.page=0x%04x dlbuf.offset=0x%04x dlbufaddr=0x%08x\n", 1805 hw->bufinfo.page, hw->bufinfo.offset, dlbufaddr); 1806 /* Calculations to determine how many fills of the dlbuffer to do 1807 * and how many USB wmemreq's to do for each fill. At this point 1808 * in time, the dlbuffer size and the wmemreq size are the same. 1809 * Therefore, nwrites should always be 1. The extra complexity 1810 * here is a hedge against future changes. 1811 */ 1812 1813 /* Figure out how many times to do the flash programming */ 1814 nburns = len / hw->bufinfo.len; 1815 nburns += (len % hw->bufinfo.len) ? 1 : 0; 1816 1817 /* For each flash program cycle, how many USB wmemreq's are needed? */ 1818 nwrites = hw->bufinfo.len / HFA384x_USB_RWMEM_MAXLEN; 1819 nwrites += (hw->bufinfo.len % HFA384x_USB_RWMEM_MAXLEN) ? 1 : 0; 1820 1821 /* For each burn */ 1822 for (i = 0; i < nburns; i++) { 1823 /* Get the dest address and len */ 1824 burnlen = (len - (hw->bufinfo.len * i)) > hw->bufinfo.len ? 1825 hw->bufinfo.len : (len - (hw->bufinfo.len * i)); 1826 burndaddr = daddr + (hw->bufinfo.len * i); 1827 burnlo = HFA384x_ADDR_CMD_MKOFF(burndaddr); 1828 burnhi = HFA384x_ADDR_CMD_MKPAGE(burndaddr); 1829 1830 netdev_info(hw->wlandev->netdev, "Writing %d bytes to flash @0x%06x\n", 1831 burnlen, burndaddr); 1832 1833 /* Set the download mode */ 1834 result = hfa384x_cmd_download(hw, HFA384x_PROGMODE_NV, 1835 burnlo, burnhi, burnlen); 1836 if (result) { 1837 netdev_err(hw->wlandev->netdev, 1838 "download(NV,lo=%x,hi=%x,len=%x) cmd failed, result=%d. Aborting d/l\n", 1839 burnlo, burnhi, burnlen, result); 1840 goto exit_proc; 1841 } 1842 1843 /* copy the data to the flash download buffer */ 1844 for (j = 0; j < nwrites; j++) { 1845 writebuf = buf + 1846 (i * hw->bufinfo.len) + 1847 (j * HFA384x_USB_RWMEM_MAXLEN); 1848 1849 writepage = HFA384x_ADDR_CMD_MKPAGE(dlbufaddr + 1850 (j * HFA384x_USB_RWMEM_MAXLEN)); 1851 writeoffset = HFA384x_ADDR_CMD_MKOFF(dlbufaddr + 1852 (j * HFA384x_USB_RWMEM_MAXLEN)); 1853 1854 writelen = burnlen - (j * HFA384x_USB_RWMEM_MAXLEN); 1855 writelen = writelen > HFA384x_USB_RWMEM_MAXLEN ? 1856 HFA384x_USB_RWMEM_MAXLEN : writelen; 1857 1858 result = hfa384x_dowmem(hw, 1859 writepage, 1860 writeoffset, 1861 writebuf, writelen); 1862 } 1863 1864 /* set the download 'write flash' mode */ 1865 result = hfa384x_cmd_download(hw, 1866 HFA384x_PROGMODE_NVWRITE, 1867 0, 0, 0); 1868 if (result) { 1869 netdev_err(hw->wlandev->netdev, 1870 "download(NVWRITE,lo=%x,hi=%x,len=%x) cmd failed, result=%d. Aborting d/l\n", 1871 burnlo, burnhi, burnlen, result); 1872 goto exit_proc; 1873 } 1874 1875 /* TODO: We really should do a readback and compare. */ 1876 } 1877 1878 exit_proc: 1879 1880 /* Leave the firmware in the 'post-prog' mode. flashdl_disable will */ 1881 /* actually disable programming mode. Remember, that will cause the */ 1882 /* the firmware to effectively reset itself. */ 1883 1884 return result; 1885 } 1886 1887 /*---------------------------------------------------------------- 1888 * hfa384x_drvr_getconfig 1889 * 1890 * Performs the sequence necessary to read a config/info item. 1891 * 1892 * Arguments: 1893 * hw device structure 1894 * rid config/info record id (host order) 1895 * buf host side record buffer. Upon return it will 1896 * contain the body portion of the record (minus the 1897 * RID and len). 1898 * len buffer length (in bytes, should match record length) 1899 * 1900 * Returns: 1901 * 0 success 1902 * >0 f/w reported error - f/w status code 1903 * <0 driver reported error 1904 * -ENODATA length mismatch between argument and retrieved 1905 * record. 1906 * 1907 * Side effects: 1908 * 1909 * Call context: 1910 * process 1911 *---------------------------------------------------------------- 1912 */ 1913 int hfa384x_drvr_getconfig(struct hfa384x *hw, u16 rid, void *buf, u16 len) 1914 { 1915 return hfa384x_dorrid(hw, DOWAIT, rid, buf, len, NULL, NULL, NULL); 1916 } 1917 1918 /*---------------------------------------------------------------- 1919 * hfa384x_drvr_setconfig_async 1920 * 1921 * Performs the sequence necessary to write a config/info item. 1922 * 1923 * Arguments: 1924 * hw device structure 1925 * rid config/info record id (in host order) 1926 * buf host side record buffer 1927 * len buffer length (in bytes) 1928 * usercb completion callback 1929 * usercb_data completion callback argument 1930 * 1931 * Returns: 1932 * 0 success 1933 * >0 f/w reported error - f/w status code 1934 * <0 driver reported error 1935 * 1936 * Side effects: 1937 * 1938 * Call context: 1939 * process 1940 *---------------------------------------------------------------- 1941 */ 1942 int 1943 hfa384x_drvr_setconfig_async(struct hfa384x *hw, 1944 u16 rid, 1945 void *buf, 1946 u16 len, ctlx_usercb_t usercb, void *usercb_data) 1947 { 1948 return hfa384x_dowrid(hw, DOASYNC, rid, buf, len, hfa384x_cb_status, 1949 usercb, usercb_data); 1950 } 1951 1952 /*---------------------------------------------------------------- 1953 * hfa384x_drvr_ramdl_disable 1954 * 1955 * Ends the ram download state. 1956 * 1957 * Arguments: 1958 * hw device structure 1959 * 1960 * Returns: 1961 * 0 success 1962 * >0 f/w reported error - f/w status code 1963 * <0 driver reported error 1964 * 1965 * Side effects: 1966 * 1967 * Call context: 1968 * process 1969 *---------------------------------------------------------------- 1970 */ 1971 int hfa384x_drvr_ramdl_disable(struct hfa384x *hw) 1972 { 1973 /* Check that we're already in the download state */ 1974 if (hw->dlstate != HFA384x_DLSTATE_RAMENABLED) 1975 return -EINVAL; 1976 1977 pr_debug("ramdl_disable()\n"); 1978 1979 /* There isn't much we can do at this point, so I don't */ 1980 /* bother w/ the return value */ 1981 hfa384x_cmd_download(hw, HFA384x_PROGMODE_DISABLE, 0, 0, 0); 1982 hw->dlstate = HFA384x_DLSTATE_DISABLED; 1983 1984 return 0; 1985 } 1986 1987 /*---------------------------------------------------------------- 1988 * hfa384x_drvr_ramdl_enable 1989 * 1990 * Begins the ram download state. Checks to see that we're not 1991 * already in a download state and that a port isn't enabled. 1992 * Sets the download state and calls cmd_download with the 1993 * ENABLE_VOLATILE subcommand and the exeaddr argument. 1994 * 1995 * Arguments: 1996 * hw device structure 1997 * exeaddr the card execution address that will be 1998 * jumped to when ramdl_disable() is called 1999 * (host order). 2000 * 2001 * Returns: 2002 * 0 success 2003 * >0 f/w reported error - f/w status code 2004 * <0 driver reported error 2005 * 2006 * Side effects: 2007 * 2008 * Call context: 2009 * process 2010 *---------------------------------------------------------------- 2011 */ 2012 int hfa384x_drvr_ramdl_enable(struct hfa384x *hw, u32 exeaddr) 2013 { 2014 int result = 0; 2015 u16 lowaddr; 2016 u16 hiaddr; 2017 int i; 2018 2019 /* Check that a port isn't active */ 2020 for (i = 0; i < HFA384x_PORTID_MAX; i++) { 2021 if (hw->port_enabled[i]) { 2022 netdev_err(hw->wlandev->netdev, 2023 "Can't download with a macport enabled.\n"); 2024 return -EINVAL; 2025 } 2026 } 2027 2028 /* Check that we're not already in a download state */ 2029 if (hw->dlstate != HFA384x_DLSTATE_DISABLED) { 2030 netdev_err(hw->wlandev->netdev, 2031 "Download state not disabled.\n"); 2032 return -EINVAL; 2033 } 2034 2035 pr_debug("ramdl_enable, exeaddr=0x%08x\n", exeaddr); 2036 2037 /* Call the download(1,addr) function */ 2038 lowaddr = HFA384x_ADDR_CMD_MKOFF(exeaddr); 2039 hiaddr = HFA384x_ADDR_CMD_MKPAGE(exeaddr); 2040 2041 result = hfa384x_cmd_download(hw, HFA384x_PROGMODE_RAM, 2042 lowaddr, hiaddr, 0); 2043 2044 if (result == 0) { 2045 /* Set the download state */ 2046 hw->dlstate = HFA384x_DLSTATE_RAMENABLED; 2047 } else { 2048 pr_debug("cmd_download(0x%04x, 0x%04x) failed, result=%d.\n", 2049 lowaddr, hiaddr, result); 2050 } 2051 2052 return result; 2053 } 2054 2055 /*---------------------------------------------------------------- 2056 * hfa384x_drvr_ramdl_write 2057 * 2058 * Performs a RAM download of a chunk of data. First checks to see 2059 * that we're in the RAM download state, then uses the [read|write]mem USB 2060 * commands to 1) copy the data, 2) readback and compare. The download 2061 * state is unaffected. When all data has been written using 2062 * this function, call drvr_ramdl_disable() to end the download state 2063 * and restart the MAC. 2064 * 2065 * Arguments: 2066 * hw device structure 2067 * daddr Card address to write to. (host order) 2068 * buf Ptr to data to write. 2069 * len Length of data (host order). 2070 * 2071 * Returns: 2072 * 0 success 2073 * >0 f/w reported error - f/w status code 2074 * <0 driver reported error 2075 * 2076 * Side effects: 2077 * 2078 * Call context: 2079 * process 2080 *---------------------------------------------------------------- 2081 */ 2082 int hfa384x_drvr_ramdl_write(struct hfa384x *hw, u32 daddr, void *buf, u32 len) 2083 { 2084 int result = 0; 2085 int nwrites; 2086 u8 *data = buf; 2087 int i; 2088 u32 curraddr; 2089 u16 currpage; 2090 u16 curroffset; 2091 u16 currlen; 2092 2093 /* Check that we're in the ram download state */ 2094 if (hw->dlstate != HFA384x_DLSTATE_RAMENABLED) 2095 return -EINVAL; 2096 2097 netdev_info(hw->wlandev->netdev, "Writing %d bytes to ram @0x%06x\n", 2098 len, daddr); 2099 2100 /* How many dowmem calls? */ 2101 nwrites = len / HFA384x_USB_RWMEM_MAXLEN; 2102 nwrites += len % HFA384x_USB_RWMEM_MAXLEN ? 1 : 0; 2103 2104 /* Do blocking wmem's */ 2105 for (i = 0; i < nwrites; i++) { 2106 /* make address args */ 2107 curraddr = daddr + (i * HFA384x_USB_RWMEM_MAXLEN); 2108 currpage = HFA384x_ADDR_CMD_MKPAGE(curraddr); 2109 curroffset = HFA384x_ADDR_CMD_MKOFF(curraddr); 2110 currlen = len - (i * HFA384x_USB_RWMEM_MAXLEN); 2111 if (currlen > HFA384x_USB_RWMEM_MAXLEN) 2112 currlen = HFA384x_USB_RWMEM_MAXLEN; 2113 2114 /* Do blocking ctlx */ 2115 result = hfa384x_dowmem(hw, 2116 currpage, 2117 curroffset, 2118 data + (i * HFA384x_USB_RWMEM_MAXLEN), 2119 currlen); 2120 2121 if (result) 2122 break; 2123 2124 /* TODO: We really should have a readback. */ 2125 } 2126 2127 return result; 2128 } 2129 2130 /*---------------------------------------------------------------- 2131 * hfa384x_drvr_readpda 2132 * 2133 * Performs the sequence to read the PDA space. Note there is no 2134 * drvr_writepda() function. Writing a PDA is 2135 * generally implemented by a calling component via calls to 2136 * cmd_download and writing to the flash download buffer via the 2137 * aux regs. 2138 * 2139 * Arguments: 2140 * hw device structure 2141 * buf buffer to store PDA in 2142 * len buffer length 2143 * 2144 * Returns: 2145 * 0 success 2146 * >0 f/w reported error - f/w status code 2147 * <0 driver reported error 2148 * -ETIMEDOUT timeout waiting for the cmd regs to become 2149 * available, or waiting for the control reg 2150 * to indicate the Aux port is enabled. 2151 * -ENODATA the buffer does NOT contain a valid PDA. 2152 * Either the card PDA is bad, or the auxdata 2153 * reads are giving us garbage. 2154 * 2155 * 2156 * Side effects: 2157 * 2158 * Call context: 2159 * process or non-card interrupt. 2160 *---------------------------------------------------------------- 2161 */ 2162 int hfa384x_drvr_readpda(struct hfa384x *hw, void *buf, unsigned int len) 2163 { 2164 int result = 0; 2165 __le16 *pda = buf; 2166 int pdaok = 0; 2167 int morepdrs = 1; 2168 int currpdr = 0; /* word offset of the current pdr */ 2169 size_t i; 2170 u16 pdrlen; /* pdr length in bytes, host order */ 2171 u16 pdrcode; /* pdr code, host order */ 2172 u16 currpage; 2173 u16 curroffset; 2174 struct pdaloc { 2175 u32 cardaddr; 2176 u16 auxctl; 2177 } pdaloc[] = { 2178 { 2179 HFA3842_PDA_BASE, 0}, { 2180 HFA3841_PDA_BASE, 0}, { 2181 HFA3841_PDA_BOGUS_BASE, 0} 2182 }; 2183 2184 /* Read the pda from each known address. */ 2185 for (i = 0; i < ARRAY_SIZE(pdaloc); i++) { 2186 /* Make address */ 2187 currpage = HFA384x_ADDR_CMD_MKPAGE(pdaloc[i].cardaddr); 2188 curroffset = HFA384x_ADDR_CMD_MKOFF(pdaloc[i].cardaddr); 2189 2190 /* units of bytes */ 2191 result = hfa384x_dormem(hw, currpage, curroffset, buf, 2192 len); 2193 2194 if (result) { 2195 netdev_warn(hw->wlandev->netdev, 2196 "Read from index %zd failed, continuing\n", 2197 i); 2198 continue; 2199 } 2200 2201 /* Test for garbage */ 2202 pdaok = 1; /* initially assume good */ 2203 morepdrs = 1; 2204 while (pdaok && morepdrs) { 2205 pdrlen = le16_to_cpu(pda[currpdr]) * 2; 2206 pdrcode = le16_to_cpu(pda[currpdr + 1]); 2207 /* Test the record length */ 2208 if (pdrlen > HFA384x_PDR_LEN_MAX || pdrlen == 0) { 2209 netdev_err(hw->wlandev->netdev, 2210 "pdrlen invalid=%d\n", pdrlen); 2211 pdaok = 0; 2212 break; 2213 } 2214 /* Test the code */ 2215 if (!hfa384x_isgood_pdrcode(pdrcode)) { 2216 netdev_err(hw->wlandev->netdev, "pdrcode invalid=%d\n", 2217 pdrcode); 2218 pdaok = 0; 2219 break; 2220 } 2221 /* Test for completion */ 2222 if (pdrcode == HFA384x_PDR_END_OF_PDA) 2223 morepdrs = 0; 2224 2225 /* Move to the next pdr (if necessary) */ 2226 if (morepdrs) { 2227 /* note the access to pda[], need words here */ 2228 currpdr += le16_to_cpu(pda[currpdr]) + 1; 2229 } 2230 } 2231 if (pdaok) { 2232 netdev_info(hw->wlandev->netdev, 2233 "PDA Read from 0x%08x in %s space.\n", 2234 pdaloc[i].cardaddr, 2235 pdaloc[i].auxctl == 0 ? "EXTDS" : 2236 pdaloc[i].auxctl == 1 ? "NV" : 2237 pdaloc[i].auxctl == 2 ? "PHY" : 2238 pdaloc[i].auxctl == 3 ? "ICSRAM" : 2239 "<bogus auxctl>"); 2240 break; 2241 } 2242 } 2243 result = pdaok ? 0 : -ENODATA; 2244 2245 if (result) 2246 pr_debug("Failure: pda is not okay\n"); 2247 2248 return result; 2249 } 2250 2251 /*---------------------------------------------------------------- 2252 * hfa384x_drvr_setconfig 2253 * 2254 * Performs the sequence necessary to write a config/info item. 2255 * 2256 * Arguments: 2257 * hw device structure 2258 * rid config/info record id (in host order) 2259 * buf host side record buffer 2260 * len buffer length (in bytes) 2261 * 2262 * Returns: 2263 * 0 success 2264 * >0 f/w reported error - f/w status code 2265 * <0 driver reported error 2266 * 2267 * Side effects: 2268 * 2269 * Call context: 2270 * process 2271 *---------------------------------------------------------------- 2272 */ 2273 int hfa384x_drvr_setconfig(struct hfa384x *hw, u16 rid, void *buf, u16 len) 2274 { 2275 return hfa384x_dowrid(hw, DOWAIT, rid, buf, len, NULL, NULL, NULL); 2276 } 2277 2278 /*---------------------------------------------------------------- 2279 * hfa384x_drvr_start 2280 * 2281 * Issues the MAC initialize command, sets up some data structures, 2282 * and enables the interrupts. After this function completes, the 2283 * low-level stuff should be ready for any/all commands. 2284 * 2285 * Arguments: 2286 * hw device structure 2287 * Returns: 2288 * 0 success 2289 * >0 f/w reported error - f/w status code 2290 * <0 driver reported error 2291 * 2292 * Side effects: 2293 * 2294 * Call context: 2295 * process 2296 *---------------------------------------------------------------- 2297 */ 2298 int hfa384x_drvr_start(struct hfa384x *hw) 2299 { 2300 int result, result1, result2; 2301 u16 status; 2302 2303 might_sleep(); 2304 2305 /* Clear endpoint stalls - but only do this if the endpoint 2306 * is showing a stall status. Some prism2 cards seem to behave 2307 * badly if a clear_halt is called when the endpoint is already 2308 * ok 2309 */ 2310 result = 2311 usb_get_std_status(hw->usb, USB_RECIP_ENDPOINT, hw->endp_in, 2312 &status); 2313 if (result < 0) { 2314 netdev_err(hw->wlandev->netdev, "Cannot get bulk in endpoint status.\n"); 2315 goto done; 2316 } 2317 if ((status == 1) && usb_clear_halt(hw->usb, hw->endp_in)) 2318 netdev_err(hw->wlandev->netdev, "Failed to reset bulk in endpoint.\n"); 2319 2320 result = 2321 usb_get_std_status(hw->usb, USB_RECIP_ENDPOINT, hw->endp_out, 2322 &status); 2323 if (result < 0) { 2324 netdev_err(hw->wlandev->netdev, "Cannot get bulk out endpoint status.\n"); 2325 goto done; 2326 } 2327 if ((status == 1) && usb_clear_halt(hw->usb, hw->endp_out)) 2328 netdev_err(hw->wlandev->netdev, "Failed to reset bulk out endpoint.\n"); 2329 2330 /* Synchronous unlink, in case we're trying to restart the driver */ 2331 usb_kill_urb(&hw->rx_urb); 2332 2333 /* Post the IN urb */ 2334 result = submit_rx_urb(hw, GFP_KERNEL); 2335 if (result != 0) { 2336 netdev_err(hw->wlandev->netdev, 2337 "Fatal, failed to submit RX URB, result=%d\n", 2338 result); 2339 goto done; 2340 } 2341 2342 /* Call initialize twice, with a 1 second sleep in between. 2343 * This is a nasty work-around since many prism2 cards seem to 2344 * need time to settle after an init from cold. The second 2345 * call to initialize in theory is not necessary - but we call 2346 * it anyway as a double insurance policy: 2347 * 1) If the first init should fail, the second may well succeed 2348 * and the card can still be used 2349 * 2) It helps ensures all is well with the card after the first 2350 * init and settle time. 2351 */ 2352 result1 = hfa384x_cmd_initialize(hw); 2353 msleep(1000); 2354 result = hfa384x_cmd_initialize(hw); 2355 result2 = result; 2356 if (result1 != 0) { 2357 if (result2 != 0) { 2358 netdev_err(hw->wlandev->netdev, 2359 "cmd_initialize() failed on two attempts, results %d and %d\n", 2360 result1, result2); 2361 usb_kill_urb(&hw->rx_urb); 2362 goto done; 2363 } else { 2364 pr_debug("First cmd_initialize() failed (result %d),\n", 2365 result1); 2366 pr_debug("but second attempt succeeded. All should be ok\n"); 2367 } 2368 } else if (result2 != 0) { 2369 netdev_warn(hw->wlandev->netdev, "First cmd_initialize() succeeded, but second attempt failed (result=%d)\n", 2370 result2); 2371 netdev_warn(hw->wlandev->netdev, 2372 "Most likely the card will be functional\n"); 2373 goto done; 2374 } 2375 2376 hw->state = HFA384x_STATE_RUNNING; 2377 2378 done: 2379 return result; 2380 } 2381 2382 /*---------------------------------------------------------------- 2383 * hfa384x_drvr_stop 2384 * 2385 * Shuts down the MAC to the point where it is safe to unload the 2386 * driver. Any subsystem that may be holding a data or function 2387 * ptr into the driver must be cleared/deinitialized. 2388 * 2389 * Arguments: 2390 * hw device structure 2391 * Returns: 2392 * 0 success 2393 * >0 f/w reported error - f/w status code 2394 * <0 driver reported error 2395 * 2396 * Side effects: 2397 * 2398 * Call context: 2399 * process 2400 *---------------------------------------------------------------- 2401 */ 2402 int hfa384x_drvr_stop(struct hfa384x *hw) 2403 { 2404 int i; 2405 2406 might_sleep(); 2407 2408 /* There's no need for spinlocks here. The USB "disconnect" 2409 * function sets this "removed" flag and then calls us. 2410 */ 2411 if (!hw->wlandev->hwremoved) { 2412 /* Call initialize to leave the MAC in its 'reset' state */ 2413 hfa384x_cmd_initialize(hw); 2414 2415 /* Cancel the rxurb */ 2416 usb_kill_urb(&hw->rx_urb); 2417 } 2418 2419 hw->link_status = HFA384x_LINK_NOTCONNECTED; 2420 hw->state = HFA384x_STATE_INIT; 2421 2422 del_timer_sync(&hw->commsqual_timer); 2423 2424 /* Clear all the port status */ 2425 for (i = 0; i < HFA384x_NUMPORTS_MAX; i++) 2426 hw->port_enabled[i] = 0; 2427 2428 return 0; 2429 } 2430 2431 /*---------------------------------------------------------------- 2432 * hfa384x_drvr_txframe 2433 * 2434 * Takes a frame from prism2sta and queues it for transmission. 2435 * 2436 * Arguments: 2437 * hw device structure 2438 * skb packet buffer struct. Contains an 802.11 2439 * data frame. 2440 * p80211_hdr points to the 802.11 header for the packet. 2441 * Returns: 2442 * 0 Success and more buffs available 2443 * 1 Success but no more buffs 2444 * 2 Allocation failure 2445 * 4 Buffer full or queue busy 2446 * 2447 * Side effects: 2448 * 2449 * Call context: 2450 * interrupt 2451 *---------------------------------------------------------------- 2452 */ 2453 int hfa384x_drvr_txframe(struct hfa384x *hw, struct sk_buff *skb, 2454 struct p80211_hdr *p80211_hdr, 2455 struct p80211_metawep *p80211_wep) 2456 { 2457 int usbpktlen = sizeof(struct hfa384x_tx_frame); 2458 int result; 2459 int ret; 2460 char *ptr; 2461 2462 if (hw->tx_urb.status == -EINPROGRESS) { 2463 netdev_warn(hw->wlandev->netdev, "TX URB already in use\n"); 2464 result = 3; 2465 goto exit; 2466 } 2467 2468 /* Build Tx frame structure */ 2469 /* Set up the control field */ 2470 memset(&hw->txbuff.txfrm.desc, 0, sizeof(hw->txbuff.txfrm.desc)); 2471 2472 /* Setup the usb type field */ 2473 hw->txbuff.type = cpu_to_le16(HFA384x_USB_TXFRM); 2474 2475 /* Set up the sw_support field to identify this frame */ 2476 hw->txbuff.txfrm.desc.sw_support = 0x0123; 2477 2478 /* Tx complete and Tx exception disable per dleach. Might be causing 2479 * buf depletion 2480 */ 2481 /* #define DOEXC SLP -- doboth breaks horribly under load, doexc less so. */ 2482 #if defined(DOBOTH) 2483 hw->txbuff.txfrm.desc.tx_control = 2484 HFA384x_TX_MACPORT_SET(0) | HFA384x_TX_STRUCTYPE_SET(1) | 2485 HFA384x_TX_TXEX_SET(1) | HFA384x_TX_TXOK_SET(1); 2486 #elif defined(DOEXC) 2487 hw->txbuff.txfrm.desc.tx_control = 2488 HFA384x_TX_MACPORT_SET(0) | HFA384x_TX_STRUCTYPE_SET(1) | 2489 HFA384x_TX_TXEX_SET(1) | HFA384x_TX_TXOK_SET(0); 2490 #else 2491 hw->txbuff.txfrm.desc.tx_control = 2492 HFA384x_TX_MACPORT_SET(0) | HFA384x_TX_STRUCTYPE_SET(1) | 2493 HFA384x_TX_TXEX_SET(0) | HFA384x_TX_TXOK_SET(0); 2494 #endif 2495 cpu_to_le16s(&hw->txbuff.txfrm.desc.tx_control); 2496 2497 /* copy the header over to the txdesc */ 2498 hw->txbuff.txfrm.desc.hdr = *p80211_hdr; 2499 2500 /* if we're using host WEP, increase size by IV+ICV */ 2501 if (p80211_wep->data) { 2502 hw->txbuff.txfrm.desc.data_len = cpu_to_le16(skb->len + 8); 2503 usbpktlen += 8; 2504 } else { 2505 hw->txbuff.txfrm.desc.data_len = cpu_to_le16(skb->len); 2506 } 2507 2508 usbpktlen += skb->len; 2509 2510 /* copy over the WEP IV if we are using host WEP */ 2511 ptr = hw->txbuff.txfrm.data; 2512 if (p80211_wep->data) { 2513 memcpy(ptr, p80211_wep->iv, sizeof(p80211_wep->iv)); 2514 ptr += sizeof(p80211_wep->iv); 2515 memcpy(ptr, p80211_wep->data, skb->len); 2516 } else { 2517 memcpy(ptr, skb->data, skb->len); 2518 } 2519 /* copy over the packet data */ 2520 ptr += skb->len; 2521 2522 /* copy over the WEP ICV if we are using host WEP */ 2523 if (p80211_wep->data) 2524 memcpy(ptr, p80211_wep->icv, sizeof(p80211_wep->icv)); 2525 2526 /* Send the USB packet */ 2527 usb_fill_bulk_urb(&hw->tx_urb, hw->usb, 2528 hw->endp_out, 2529 &hw->txbuff, ROUNDUP64(usbpktlen), 2530 hfa384x_usbout_callback, hw->wlandev); 2531 hw->tx_urb.transfer_flags |= USB_QUEUE_BULK; 2532 2533 result = 1; 2534 ret = submit_tx_urb(hw, &hw->tx_urb, GFP_ATOMIC); 2535 if (ret != 0) { 2536 netdev_err(hw->wlandev->netdev, 2537 "submit_tx_urb() failed, error=%d\n", ret); 2538 result = 3; 2539 } 2540 2541 exit: 2542 return result; 2543 } 2544 2545 void hfa384x_tx_timeout(struct wlandevice *wlandev) 2546 { 2547 struct hfa384x *hw = wlandev->priv; 2548 unsigned long flags; 2549 2550 spin_lock_irqsave(&hw->ctlxq.lock, flags); 2551 2552 if (!hw->wlandev->hwremoved) { 2553 int sched; 2554 2555 sched = !test_and_set_bit(WORK_TX_HALT, &hw->usb_flags); 2556 sched |= !test_and_set_bit(WORK_RX_HALT, &hw->usb_flags); 2557 if (sched) 2558 schedule_work(&hw->usb_work); 2559 } 2560 2561 spin_unlock_irqrestore(&hw->ctlxq.lock, flags); 2562 } 2563 2564 /*---------------------------------------------------------------- 2565 * hfa384x_usbctlx_reaper_task 2566 * 2567 * Deferred work callback to delete dead CTLX objects 2568 * 2569 * Arguments: 2570 * work contains ptr to a struct hfa384x 2571 * 2572 * Returns: 2573 * 2574 * Call context: 2575 * Task 2576 *---------------------------------------------------------------- 2577 */ 2578 static void hfa384x_usbctlx_reaper_task(struct work_struct *work) 2579 { 2580 struct hfa384x *hw = container_of(work, struct hfa384x, reaper_bh); 2581 struct hfa384x_usbctlx *ctlx, *temp; 2582 unsigned long flags; 2583 2584 spin_lock_irqsave(&hw->ctlxq.lock, flags); 2585 2586 /* This list is guaranteed to be empty if someone 2587 * has unplugged the adapter. 2588 */ 2589 list_for_each_entry_safe(ctlx, temp, &hw->ctlxq.reapable, list) { 2590 list_del(&ctlx->list); 2591 kfree(ctlx); 2592 } 2593 2594 spin_unlock_irqrestore(&hw->ctlxq.lock, flags); 2595 } 2596 2597 /*---------------------------------------------------------------- 2598 * hfa384x_usbctlx_completion_task 2599 * 2600 * Deferred work callback to call completion handlers for returned CTLXs 2601 * 2602 * Arguments: 2603 * work contains ptr to a struct hfa384x 2604 * 2605 * Returns: 2606 * Nothing 2607 * 2608 * Call context: 2609 * Task 2610 *---------------------------------------------------------------- 2611 */ 2612 static void hfa384x_usbctlx_completion_task(struct work_struct *work) 2613 { 2614 struct hfa384x *hw = container_of(work, struct hfa384x, completion_bh); 2615 struct hfa384x_usbctlx *ctlx, *temp; 2616 unsigned long flags; 2617 2618 int reap = 0; 2619 2620 spin_lock_irqsave(&hw->ctlxq.lock, flags); 2621 2622 /* This list is guaranteed to be empty if someone 2623 * has unplugged the adapter ... 2624 */ 2625 list_for_each_entry_safe(ctlx, temp, &hw->ctlxq.completing, list) { 2626 /* Call the completion function that this 2627 * command was assigned, assuming it has one. 2628 */ 2629 if (ctlx->cmdcb) { 2630 spin_unlock_irqrestore(&hw->ctlxq.lock, flags); 2631 ctlx->cmdcb(hw, ctlx); 2632 spin_lock_irqsave(&hw->ctlxq.lock, flags); 2633 2634 /* Make sure we don't try and complete 2635 * this CTLX more than once! 2636 */ 2637 ctlx->cmdcb = NULL; 2638 2639 /* Did someone yank the adapter out 2640 * while our list was (briefly) unlocked? 2641 */ 2642 if (hw->wlandev->hwremoved) { 2643 reap = 0; 2644 break; 2645 } 2646 } 2647 2648 /* 2649 * "Reapable" CTLXs are ones which don't have any 2650 * threads waiting for them to die. Hence they must 2651 * be delivered to The Reaper! 2652 */ 2653 if (ctlx->reapable) { 2654 /* Move the CTLX off the "completing" list (hopefully) 2655 * on to the "reapable" list where the reaper task 2656 * can find it. And "reapable" means that this CTLX 2657 * isn't sitting on a wait-queue somewhere. 2658 */ 2659 list_move_tail(&ctlx->list, &hw->ctlxq.reapable); 2660 reap = 1; 2661 } 2662 2663 complete(&ctlx->done); 2664 } 2665 spin_unlock_irqrestore(&hw->ctlxq.lock, flags); 2666 2667 if (reap) 2668 schedule_work(&hw->reaper_bh); 2669 } 2670 2671 /*---------------------------------------------------------------- 2672 * unlocked_usbctlx_cancel_async 2673 * 2674 * Mark the CTLX dead asynchronously, and ensure that the 2675 * next command on the queue is run afterwards. 2676 * 2677 * Arguments: 2678 * hw ptr to the struct hfa384x structure 2679 * ctlx ptr to a CTLX structure 2680 * 2681 * Returns: 2682 * 0 the CTLX's URB is inactive 2683 * -EINPROGRESS the URB is currently being unlinked 2684 * 2685 * Call context: 2686 * Either process or interrupt, but presumably interrupt 2687 *---------------------------------------------------------------- 2688 */ 2689 static int unlocked_usbctlx_cancel_async(struct hfa384x *hw, 2690 struct hfa384x_usbctlx *ctlx) 2691 { 2692 int ret; 2693 2694 /* 2695 * Try to delete the URB containing our request packet. 2696 * If we succeed, then its completion handler will be 2697 * called with a status of -ECONNRESET. 2698 */ 2699 hw->ctlx_urb.transfer_flags |= URB_ASYNC_UNLINK; 2700 ret = usb_unlink_urb(&hw->ctlx_urb); 2701 2702 if (ret != -EINPROGRESS) { 2703 /* 2704 * The OUT URB had either already completed 2705 * or was still in the pending queue, so the 2706 * URB's completion function will not be called. 2707 * We will have to complete the CTLX ourselves. 2708 */ 2709 ctlx->state = CTLX_REQ_FAILED; 2710 unlocked_usbctlx_complete(hw, ctlx); 2711 ret = 0; 2712 } 2713 2714 return ret; 2715 } 2716 2717 /*---------------------------------------------------------------- 2718 * unlocked_usbctlx_complete 2719 * 2720 * A CTLX has completed. It may have been successful, it may not 2721 * have been. At this point, the CTLX should be quiescent. The URBs 2722 * aren't active and the timers should have been stopped. 2723 * 2724 * The CTLX is migrated to the "completing" queue, and the completing 2725 * work is scheduled. 2726 * 2727 * Arguments: 2728 * hw ptr to a struct hfa384x structure 2729 * ctlx ptr to a ctlx structure 2730 * 2731 * Returns: 2732 * nothing 2733 * 2734 * Side effects: 2735 * 2736 * Call context: 2737 * Either, assume interrupt 2738 *---------------------------------------------------------------- 2739 */ 2740 static void unlocked_usbctlx_complete(struct hfa384x *hw, 2741 struct hfa384x_usbctlx *ctlx) 2742 { 2743 /* Timers have been stopped, and ctlx should be in 2744 * a terminal state. Retire it from the "active" 2745 * queue. 2746 */ 2747 list_move_tail(&ctlx->list, &hw->ctlxq.completing); 2748 schedule_work(&hw->completion_bh); 2749 2750 switch (ctlx->state) { 2751 case CTLX_COMPLETE: 2752 case CTLX_REQ_FAILED: 2753 /* This are the correct terminating states. */ 2754 break; 2755 2756 default: 2757 netdev_err(hw->wlandev->netdev, "CTLX[%d] not in a terminating state(%s)\n", 2758 le16_to_cpu(ctlx->outbuf.type), 2759 ctlxstr(ctlx->state)); 2760 break; 2761 } /* switch */ 2762 } 2763 2764 /*---------------------------------------------------------------- 2765 * hfa384x_usbctlxq_run 2766 * 2767 * Checks to see if the head item is running. If not, starts it. 2768 * 2769 * Arguments: 2770 * hw ptr to struct hfa384x 2771 * 2772 * Returns: 2773 * nothing 2774 * 2775 * Side effects: 2776 * 2777 * Call context: 2778 * any 2779 *---------------------------------------------------------------- 2780 */ 2781 static void hfa384x_usbctlxq_run(struct hfa384x *hw) 2782 { 2783 unsigned long flags; 2784 2785 /* acquire lock */ 2786 spin_lock_irqsave(&hw->ctlxq.lock, flags); 2787 2788 /* Only one active CTLX at any one time, because there's no 2789 * other (reliable) way to match the response URB to the 2790 * correct CTLX. 2791 * 2792 * Don't touch any of these CTLXs if the hardware 2793 * has been removed or the USB subsystem is stalled. 2794 */ 2795 if (!list_empty(&hw->ctlxq.active) || 2796 test_bit(WORK_TX_HALT, &hw->usb_flags) || hw->wlandev->hwremoved) 2797 goto unlock; 2798 2799 while (!list_empty(&hw->ctlxq.pending)) { 2800 struct hfa384x_usbctlx *head; 2801 int result; 2802 2803 /* This is the first pending command */ 2804 head = list_entry(hw->ctlxq.pending.next, 2805 struct hfa384x_usbctlx, list); 2806 2807 /* We need to split this off to avoid a race condition */ 2808 list_move_tail(&head->list, &hw->ctlxq.active); 2809 2810 /* Fill the out packet */ 2811 usb_fill_bulk_urb(&hw->ctlx_urb, hw->usb, 2812 hw->endp_out, 2813 &head->outbuf, ROUNDUP64(head->outbufsize), 2814 hfa384x_ctlxout_callback, hw); 2815 hw->ctlx_urb.transfer_flags |= USB_QUEUE_BULK; 2816 2817 /* Now submit the URB and update the CTLX's state */ 2818 result = usb_submit_urb(&hw->ctlx_urb, GFP_ATOMIC); 2819 if (result == 0) { 2820 /* This CTLX is now running on the active queue */ 2821 head->state = CTLX_REQ_SUBMITTED; 2822 2823 /* Start the OUT wait timer */ 2824 hw->req_timer_done = 0; 2825 hw->reqtimer.expires = jiffies + HZ; 2826 add_timer(&hw->reqtimer); 2827 2828 /* Start the IN wait timer */ 2829 hw->resp_timer_done = 0; 2830 hw->resptimer.expires = jiffies + 2 * HZ; 2831 add_timer(&hw->resptimer); 2832 2833 break; 2834 } 2835 2836 if (result == -EPIPE) { 2837 /* The OUT pipe needs resetting, so put 2838 * this CTLX back in the "pending" queue 2839 * and schedule a reset ... 2840 */ 2841 netdev_warn(hw->wlandev->netdev, 2842 "%s tx pipe stalled: requesting reset\n", 2843 hw->wlandev->netdev->name); 2844 list_move(&head->list, &hw->ctlxq.pending); 2845 set_bit(WORK_TX_HALT, &hw->usb_flags); 2846 schedule_work(&hw->usb_work); 2847 break; 2848 } 2849 2850 if (result == -ESHUTDOWN) { 2851 netdev_warn(hw->wlandev->netdev, "%s urb shutdown!\n", 2852 hw->wlandev->netdev->name); 2853 break; 2854 } 2855 2856 netdev_err(hw->wlandev->netdev, "Failed to submit CTLX[%d]: error=%d\n", 2857 le16_to_cpu(head->outbuf.type), result); 2858 unlocked_usbctlx_complete(hw, head); 2859 } /* while */ 2860 2861 unlock: 2862 spin_unlock_irqrestore(&hw->ctlxq.lock, flags); 2863 } 2864 2865 /*---------------------------------------------------------------- 2866 * hfa384x_usbin_callback 2867 * 2868 * Callback for URBs on the BULKIN endpoint. 2869 * 2870 * Arguments: 2871 * urb ptr to the completed urb 2872 * 2873 * Returns: 2874 * nothing 2875 * 2876 * Side effects: 2877 * 2878 * Call context: 2879 * interrupt 2880 *---------------------------------------------------------------- 2881 */ 2882 static void hfa384x_usbin_callback(struct urb *urb) 2883 { 2884 struct wlandevice *wlandev = urb->context; 2885 struct hfa384x *hw; 2886 union hfa384x_usbin *usbin; 2887 struct sk_buff *skb = NULL; 2888 int result; 2889 int urb_status; 2890 u16 type; 2891 2892 enum USBIN_ACTION { 2893 HANDLE, 2894 RESUBMIT, 2895 ABORT 2896 } action; 2897 2898 if (!wlandev || !wlandev->netdev || wlandev->hwremoved) 2899 goto exit; 2900 2901 hw = wlandev->priv; 2902 if (!hw) 2903 goto exit; 2904 2905 skb = hw->rx_urb_skb; 2906 if (!skb || (skb->data != urb->transfer_buffer)) { 2907 WARN_ON(1); 2908 return; 2909 } 2910 2911 hw->rx_urb_skb = NULL; 2912 2913 /* Check for error conditions within the URB */ 2914 switch (urb->status) { 2915 case 0: 2916 action = HANDLE; 2917 2918 /* Check for short packet */ 2919 if (urb->actual_length == 0) { 2920 wlandev->netdev->stats.rx_errors++; 2921 wlandev->netdev->stats.rx_length_errors++; 2922 action = RESUBMIT; 2923 } 2924 break; 2925 2926 case -EPIPE: 2927 netdev_warn(hw->wlandev->netdev, "%s rx pipe stalled: requesting reset\n", 2928 wlandev->netdev->name); 2929 if (!test_and_set_bit(WORK_RX_HALT, &hw->usb_flags)) 2930 schedule_work(&hw->usb_work); 2931 wlandev->netdev->stats.rx_errors++; 2932 action = ABORT; 2933 break; 2934 2935 case -EILSEQ: 2936 case -ETIMEDOUT: 2937 case -EPROTO: 2938 if (!test_and_set_bit(THROTTLE_RX, &hw->usb_flags) && 2939 !timer_pending(&hw->throttle)) { 2940 mod_timer(&hw->throttle, jiffies + THROTTLE_JIFFIES); 2941 } 2942 wlandev->netdev->stats.rx_errors++; 2943 action = ABORT; 2944 break; 2945 2946 case -EOVERFLOW: 2947 wlandev->netdev->stats.rx_over_errors++; 2948 action = RESUBMIT; 2949 break; 2950 2951 case -ENODEV: 2952 case -ESHUTDOWN: 2953 pr_debug("status=%d, device removed.\n", urb->status); 2954 action = ABORT; 2955 break; 2956 2957 case -ENOENT: 2958 case -ECONNRESET: 2959 pr_debug("status=%d, urb explicitly unlinked.\n", urb->status); 2960 action = ABORT; 2961 break; 2962 2963 default: 2964 pr_debug("urb status=%d, transfer flags=0x%x\n", 2965 urb->status, urb->transfer_flags); 2966 wlandev->netdev->stats.rx_errors++; 2967 action = RESUBMIT; 2968 break; 2969 } 2970 2971 /* Save values from the RX URB before reposting overwrites it. */ 2972 urb_status = urb->status; 2973 usbin = (union hfa384x_usbin *)urb->transfer_buffer; 2974 2975 if (action != ABORT) { 2976 /* Repost the RX URB */ 2977 result = submit_rx_urb(hw, GFP_ATOMIC); 2978 2979 if (result != 0) { 2980 netdev_err(hw->wlandev->netdev, 2981 "Fatal, failed to resubmit rx_urb. error=%d\n", 2982 result); 2983 } 2984 } 2985 2986 /* Handle any USB-IN packet */ 2987 /* Note: the check of the sw_support field, the type field doesn't 2988 * have bit 12 set like the docs suggest. 2989 */ 2990 type = le16_to_cpu(usbin->type); 2991 if (HFA384x_USB_ISRXFRM(type)) { 2992 if (action == HANDLE) { 2993 if (usbin->txfrm.desc.sw_support == 0x0123) { 2994 hfa384x_usbin_txcompl(wlandev, usbin); 2995 } else { 2996 skb_put(skb, sizeof(*usbin)); 2997 hfa384x_usbin_rx(wlandev, skb); 2998 skb = NULL; 2999 } 3000 } 3001 goto exit; 3002 } 3003 if (HFA384x_USB_ISTXFRM(type)) { 3004 if (action == HANDLE) 3005 hfa384x_usbin_txcompl(wlandev, usbin); 3006 goto exit; 3007 } 3008 switch (type) { 3009 case HFA384x_USB_INFOFRM: 3010 if (action == ABORT) 3011 goto exit; 3012 if (action == HANDLE) 3013 hfa384x_usbin_info(wlandev, usbin); 3014 break; 3015 3016 case HFA384x_USB_CMDRESP: 3017 case HFA384x_USB_WRIDRESP: 3018 case HFA384x_USB_RRIDRESP: 3019 case HFA384x_USB_WMEMRESP: 3020 case HFA384x_USB_RMEMRESP: 3021 /* ALWAYS, ALWAYS, ALWAYS handle this CTLX!!!! */ 3022 hfa384x_usbin_ctlx(hw, usbin, urb_status); 3023 break; 3024 3025 case HFA384x_USB_BUFAVAIL: 3026 pr_debug("Received BUFAVAIL packet, frmlen=%d\n", 3027 usbin->bufavail.frmlen); 3028 break; 3029 3030 case HFA384x_USB_ERROR: 3031 pr_debug("Received USB_ERROR packet, errortype=%d\n", 3032 usbin->usberror.errortype); 3033 break; 3034 3035 default: 3036 pr_debug("Unrecognized USBIN packet, type=%x, status=%d\n", 3037 usbin->type, urb_status); 3038 break; 3039 } /* switch */ 3040 3041 exit: 3042 3043 if (skb) 3044 dev_kfree_skb(skb); 3045 } 3046 3047 /*---------------------------------------------------------------- 3048 * hfa384x_usbin_ctlx 3049 * 3050 * We've received a URB containing a Prism2 "response" message. 3051 * This message needs to be matched up with a CTLX on the active 3052 * queue and our state updated accordingly. 3053 * 3054 * Arguments: 3055 * hw ptr to struct hfa384x 3056 * usbin ptr to USB IN packet 3057 * urb_status status of this Bulk-In URB 3058 * 3059 * Returns: 3060 * nothing 3061 * 3062 * Side effects: 3063 * 3064 * Call context: 3065 * interrupt 3066 *---------------------------------------------------------------- 3067 */ 3068 static void hfa384x_usbin_ctlx(struct hfa384x *hw, union hfa384x_usbin *usbin, 3069 int urb_status) 3070 { 3071 struct hfa384x_usbctlx *ctlx; 3072 int run_queue = 0; 3073 unsigned long flags; 3074 3075 retry: 3076 spin_lock_irqsave(&hw->ctlxq.lock, flags); 3077 3078 /* There can be only one CTLX on the active queue 3079 * at any one time, and this is the CTLX that the 3080 * timers are waiting for. 3081 */ 3082 if (list_empty(&hw->ctlxq.active)) 3083 goto unlock; 3084 3085 /* Remove the "response timeout". It's possible that 3086 * we are already too late, and that the timeout is 3087 * already running. And that's just too bad for us, 3088 * because we could lose our CTLX from the active 3089 * queue here ... 3090 */ 3091 if (del_timer(&hw->resptimer) == 0) { 3092 if (hw->resp_timer_done == 0) { 3093 spin_unlock_irqrestore(&hw->ctlxq.lock, flags); 3094 goto retry; 3095 } 3096 } else { 3097 hw->resp_timer_done = 1; 3098 } 3099 3100 ctlx = get_active_ctlx(hw); 3101 3102 if (urb_status != 0) { 3103 /* 3104 * Bad CTLX, so get rid of it. But we only 3105 * remove it from the active queue if we're no 3106 * longer expecting the OUT URB to complete. 3107 */ 3108 if (unlocked_usbctlx_cancel_async(hw, ctlx) == 0) 3109 run_queue = 1; 3110 } else { 3111 const __le16 intype = (usbin->type & ~cpu_to_le16(0x8000)); 3112 3113 /* 3114 * Check that our message is what we're expecting ... 3115 */ 3116 if (ctlx->outbuf.type != intype) { 3117 netdev_warn(hw->wlandev->netdev, 3118 "Expected IN[%d], received IN[%d] - ignored.\n", 3119 le16_to_cpu(ctlx->outbuf.type), 3120 le16_to_cpu(intype)); 3121 goto unlock; 3122 } 3123 3124 /* This URB has succeeded, so grab the data ... */ 3125 memcpy(&ctlx->inbuf, usbin, sizeof(ctlx->inbuf)); 3126 3127 switch (ctlx->state) { 3128 case CTLX_REQ_SUBMITTED: 3129 /* 3130 * We have received our response URB before 3131 * our request has been acknowledged. Odd, 3132 * but our OUT URB is still alive... 3133 */ 3134 pr_debug("Causality violation: please reboot Universe\n"); 3135 ctlx->state = CTLX_RESP_COMPLETE; 3136 break; 3137 3138 case CTLX_REQ_COMPLETE: 3139 /* 3140 * This is the usual path: our request 3141 * has already been acknowledged, and 3142 * now we have received the reply too. 3143 */ 3144 ctlx->state = CTLX_COMPLETE; 3145 unlocked_usbctlx_complete(hw, ctlx); 3146 run_queue = 1; 3147 break; 3148 3149 default: 3150 /* 3151 * Throw this CTLX away ... 3152 */ 3153 netdev_err(hw->wlandev->netdev, 3154 "Matched IN URB, CTLX[%d] in invalid state(%s). Discarded.\n", 3155 le16_to_cpu(ctlx->outbuf.type), 3156 ctlxstr(ctlx->state)); 3157 if (unlocked_usbctlx_cancel_async(hw, ctlx) == 0) 3158 run_queue = 1; 3159 break; 3160 } /* switch */ 3161 } 3162 3163 unlock: 3164 spin_unlock_irqrestore(&hw->ctlxq.lock, flags); 3165 3166 if (run_queue) 3167 hfa384x_usbctlxq_run(hw); 3168 } 3169 3170 /*---------------------------------------------------------------- 3171 * hfa384x_usbin_txcompl 3172 * 3173 * At this point we have the results of a previous transmit. 3174 * 3175 * Arguments: 3176 * wlandev wlan device 3177 * usbin ptr to the usb transfer buffer 3178 * 3179 * Returns: 3180 * nothing 3181 * 3182 * Side effects: 3183 * 3184 * Call context: 3185 * interrupt 3186 *---------------------------------------------------------------- 3187 */ 3188 static void hfa384x_usbin_txcompl(struct wlandevice *wlandev, 3189 union hfa384x_usbin *usbin) 3190 { 3191 u16 status; 3192 3193 status = le16_to_cpu(usbin->type); /* yeah I know it says type... */ 3194 3195 /* Was there an error? */ 3196 if (HFA384x_TXSTATUS_ISERROR(status)) 3197 prism2sta_ev_txexc(wlandev, status); 3198 else 3199 prism2sta_ev_tx(wlandev, status); 3200 } 3201 3202 /*---------------------------------------------------------------- 3203 * hfa384x_usbin_rx 3204 * 3205 * At this point we have a successful received a rx frame packet. 3206 * 3207 * Arguments: 3208 * wlandev wlan device 3209 * usbin ptr to the usb transfer buffer 3210 * 3211 * Returns: 3212 * nothing 3213 * 3214 * Side effects: 3215 * 3216 * Call context: 3217 * interrupt 3218 *---------------------------------------------------------------- 3219 */ 3220 static void hfa384x_usbin_rx(struct wlandevice *wlandev, struct sk_buff *skb) 3221 { 3222 union hfa384x_usbin *usbin = (union hfa384x_usbin *)skb->data; 3223 struct hfa384x *hw = wlandev->priv; 3224 int hdrlen; 3225 struct p80211_rxmeta *rxmeta; 3226 u16 data_len; 3227 u16 fc; 3228 u16 status; 3229 3230 /* Byte order convert once up front. */ 3231 le16_to_cpus(&usbin->rxfrm.desc.status); 3232 le32_to_cpus(&usbin->rxfrm.desc.time); 3233 3234 /* Now handle frame based on port# */ 3235 status = HFA384x_RXSTATUS_MACPORT_GET(usbin->rxfrm.desc.status); 3236 3237 switch (status) { 3238 case 0: 3239 fc = le16_to_cpu(usbin->rxfrm.desc.hdr.frame_control); 3240 3241 /* If exclude and we receive an unencrypted, drop it */ 3242 if ((wlandev->hostwep & HOSTWEP_EXCLUDEUNENCRYPTED) && 3243 !WLAN_GET_FC_ISWEP(fc)) { 3244 break; 3245 } 3246 3247 data_len = le16_to_cpu(usbin->rxfrm.desc.data_len); 3248 3249 /* How much header data do we have? */ 3250 hdrlen = p80211_headerlen(fc); 3251 3252 /* Pull off the descriptor */ 3253 skb_pull(skb, sizeof(struct hfa384x_rx_frame)); 3254 3255 /* Now shunt the header block up against the data block 3256 * with an "overlapping" copy 3257 */ 3258 memmove(skb_push(skb, hdrlen), 3259 &usbin->rxfrm.desc.hdr, hdrlen); 3260 3261 skb->dev = wlandev->netdev; 3262 3263 /* And set the frame length properly */ 3264 skb_trim(skb, data_len + hdrlen); 3265 3266 /* The prism2 series does not return the CRC */ 3267 memset(skb_put(skb, WLAN_CRC_LEN), 0xff, WLAN_CRC_LEN); 3268 3269 skb_reset_mac_header(skb); 3270 3271 /* Attach the rxmeta, set some stuff */ 3272 p80211skb_rxmeta_attach(wlandev, skb); 3273 rxmeta = p80211skb_rxmeta(skb); 3274 rxmeta->mactime = usbin->rxfrm.desc.time; 3275 rxmeta->rxrate = usbin->rxfrm.desc.rate; 3276 rxmeta->signal = usbin->rxfrm.desc.signal - hw->dbmadjust; 3277 rxmeta->noise = usbin->rxfrm.desc.silence - hw->dbmadjust; 3278 3279 p80211netdev_rx(wlandev, skb); 3280 3281 break; 3282 3283 case 7: 3284 if (!HFA384x_RXSTATUS_ISFCSERR(usbin->rxfrm.desc.status)) { 3285 /* Copy to wlansnif skb */ 3286 hfa384x_int_rxmonitor(wlandev, &usbin->rxfrm); 3287 dev_kfree_skb(skb); 3288 } else { 3289 pr_debug("Received monitor frame: FCSerr set\n"); 3290 } 3291 break; 3292 3293 default: 3294 netdev_warn(hw->wlandev->netdev, 3295 "Received frame on unsupported port=%d\n", 3296 status); 3297 break; 3298 } 3299 } 3300 3301 /*---------------------------------------------------------------- 3302 * hfa384x_int_rxmonitor 3303 * 3304 * Helper function for int_rx. Handles monitor frames. 3305 * Note that this function allocates space for the FCS and sets it 3306 * to 0xffffffff. The hfa384x doesn't give us the FCS value but the 3307 * higher layers expect it. 0xffffffff is used as a flag to indicate 3308 * the FCS is bogus. 3309 * 3310 * Arguments: 3311 * wlandev wlan device structure 3312 * rxfrm rx descriptor read from card in int_rx 3313 * 3314 * Returns: 3315 * nothing 3316 * 3317 * Side effects: 3318 * Allocates an skb and passes it up via the PF_PACKET interface. 3319 * Call context: 3320 * interrupt 3321 *---------------------------------------------------------------- 3322 */ 3323 static void hfa384x_int_rxmonitor(struct wlandevice *wlandev, 3324 struct hfa384x_usb_rxfrm *rxfrm) 3325 { 3326 struct hfa384x_rx_frame *rxdesc = &rxfrm->desc; 3327 unsigned int hdrlen = 0; 3328 unsigned int datalen = 0; 3329 unsigned int skblen = 0; 3330 u8 *datap; 3331 u16 fc; 3332 struct sk_buff *skb; 3333 struct hfa384x *hw = wlandev->priv; 3334 3335 /* Remember the status, time, and data_len fields are in host order */ 3336 /* Figure out how big the frame is */ 3337 fc = le16_to_cpu(rxdesc->hdr.frame_control); 3338 hdrlen = p80211_headerlen(fc); 3339 datalen = le16_to_cpu(rxdesc->data_len); 3340 3341 /* Allocate an ind message+framesize skb */ 3342 skblen = sizeof(struct p80211_caphdr) + hdrlen + datalen + WLAN_CRC_LEN; 3343 3344 /* sanity check the length */ 3345 if (skblen > 3346 (sizeof(struct p80211_caphdr) + 3347 WLAN_HDR_A4_LEN + WLAN_DATA_MAXLEN + WLAN_CRC_LEN)) { 3348 pr_debug("overlen frm: len=%zd\n", 3349 skblen - sizeof(struct p80211_caphdr)); 3350 3351 return; 3352 } 3353 3354 skb = dev_alloc_skb(skblen); 3355 if (!skb) 3356 return; 3357 3358 /* only prepend the prism header if in the right mode */ 3359 if ((wlandev->netdev->type == ARPHRD_IEEE80211_PRISM) && 3360 (hw->sniffhdr != 0)) { 3361 struct p80211_caphdr *caphdr; 3362 /* The NEW header format! */ 3363 datap = skb_put(skb, sizeof(struct p80211_caphdr)); 3364 caphdr = (struct p80211_caphdr *)datap; 3365 3366 caphdr->version = htonl(P80211CAPTURE_VERSION); 3367 caphdr->length = htonl(sizeof(struct p80211_caphdr)); 3368 caphdr->mactime = __cpu_to_be64(rxdesc->time * 1000); 3369 caphdr->hosttime = __cpu_to_be64(jiffies); 3370 caphdr->phytype = htonl(4); /* dss_dot11_b */ 3371 caphdr->channel = htonl(hw->sniff_channel); 3372 caphdr->datarate = htonl(rxdesc->rate); 3373 caphdr->antenna = htonl(0); /* unknown */ 3374 caphdr->priority = htonl(0); /* unknown */ 3375 caphdr->ssi_type = htonl(3); /* rssi_raw */ 3376 caphdr->ssi_signal = htonl(rxdesc->signal); 3377 caphdr->ssi_noise = htonl(rxdesc->silence); 3378 caphdr->preamble = htonl(0); /* unknown */ 3379 caphdr->encoding = htonl(1); /* cck */ 3380 } 3381 3382 /* Copy the 802.11 header to the skb 3383 * (ctl frames may be less than a full header) 3384 */ 3385 skb_put_data(skb, &rxdesc->hdr.frame_control, hdrlen); 3386 3387 /* If any, copy the data from the card to the skb */ 3388 if (datalen > 0) { 3389 datap = skb_put_data(skb, rxfrm->data, datalen); 3390 3391 /* check for unencrypted stuff if WEP bit set. */ 3392 if (*(datap - hdrlen + 1) & 0x40) /* wep set */ 3393 if ((*(datap) == 0xaa) && (*(datap + 1) == 0xaa)) 3394 /* clear wep; it's the 802.2 header! */ 3395 *(datap - hdrlen + 1) &= 0xbf; 3396 } 3397 3398 if (hw->sniff_fcs) { 3399 /* Set the FCS */ 3400 datap = skb_put(skb, WLAN_CRC_LEN); 3401 memset(datap, 0xff, WLAN_CRC_LEN); 3402 } 3403 3404 /* pass it back up */ 3405 p80211netdev_rx(wlandev, skb); 3406 } 3407 3408 /*---------------------------------------------------------------- 3409 * hfa384x_usbin_info 3410 * 3411 * At this point we have a successful received a Prism2 info frame. 3412 * 3413 * Arguments: 3414 * wlandev wlan device 3415 * usbin ptr to the usb transfer buffer 3416 * 3417 * Returns: 3418 * nothing 3419 * 3420 * Side effects: 3421 * 3422 * Call context: 3423 * interrupt 3424 *---------------------------------------------------------------- 3425 */ 3426 static void hfa384x_usbin_info(struct wlandevice *wlandev, 3427 union hfa384x_usbin *usbin) 3428 { 3429 le16_to_cpus(&usbin->infofrm.info.framelen); 3430 prism2sta_ev_info(wlandev, &usbin->infofrm.info); 3431 } 3432 3433 /*---------------------------------------------------------------- 3434 * hfa384x_usbout_callback 3435 * 3436 * Callback for URBs on the BULKOUT endpoint. 3437 * 3438 * Arguments: 3439 * urb ptr to the completed urb 3440 * 3441 * Returns: 3442 * nothing 3443 * 3444 * Side effects: 3445 * 3446 * Call context: 3447 * interrupt 3448 *---------------------------------------------------------------- 3449 */ 3450 static void hfa384x_usbout_callback(struct urb *urb) 3451 { 3452 struct wlandevice *wlandev = urb->context; 3453 3454 #ifdef DEBUG_USB 3455 dbprint_urb(urb); 3456 #endif 3457 3458 if (wlandev && wlandev->netdev) { 3459 switch (urb->status) { 3460 case 0: 3461 prism2sta_ev_alloc(wlandev); 3462 break; 3463 3464 case -EPIPE: { 3465 struct hfa384x *hw = wlandev->priv; 3466 3467 netdev_warn(hw->wlandev->netdev, 3468 "%s tx pipe stalled: requesting reset\n", 3469 wlandev->netdev->name); 3470 if (!test_and_set_bit(WORK_TX_HALT, &hw->usb_flags)) 3471 schedule_work(&hw->usb_work); 3472 wlandev->netdev->stats.tx_errors++; 3473 break; 3474 } 3475 3476 case -EPROTO: 3477 case -ETIMEDOUT: 3478 case -EILSEQ: { 3479 struct hfa384x *hw = wlandev->priv; 3480 3481 if (!test_and_set_bit(THROTTLE_TX, &hw->usb_flags) && 3482 !timer_pending(&hw->throttle)) { 3483 mod_timer(&hw->throttle, 3484 jiffies + THROTTLE_JIFFIES); 3485 } 3486 wlandev->netdev->stats.tx_errors++; 3487 netif_stop_queue(wlandev->netdev); 3488 break; 3489 } 3490 3491 case -ENOENT: 3492 case -ESHUTDOWN: 3493 /* Ignorable errors */ 3494 break; 3495 3496 default: 3497 netdev_info(wlandev->netdev, "unknown urb->status=%d\n", 3498 urb->status); 3499 wlandev->netdev->stats.tx_errors++; 3500 break; 3501 } /* switch */ 3502 } 3503 } 3504 3505 /*---------------------------------------------------------------- 3506 * hfa384x_ctlxout_callback 3507 * 3508 * Callback for control data on the BULKOUT endpoint. 3509 * 3510 * Arguments: 3511 * urb ptr to the completed urb 3512 * 3513 * Returns: 3514 * nothing 3515 * 3516 * Side effects: 3517 * 3518 * Call context: 3519 * interrupt 3520 *---------------------------------------------------------------- 3521 */ 3522 static void hfa384x_ctlxout_callback(struct urb *urb) 3523 { 3524 struct hfa384x *hw = urb->context; 3525 int delete_resptimer = 0; 3526 int timer_ok = 1; 3527 int run_queue = 0; 3528 struct hfa384x_usbctlx *ctlx; 3529 unsigned long flags; 3530 3531 pr_debug("urb->status=%d\n", urb->status); 3532 #ifdef DEBUG_USB 3533 dbprint_urb(urb); 3534 #endif 3535 if ((urb->status == -ESHUTDOWN) || 3536 (urb->status == -ENODEV) || !hw) 3537 return; 3538 3539 retry: 3540 spin_lock_irqsave(&hw->ctlxq.lock, flags); 3541 3542 /* 3543 * Only one CTLX at a time on the "active" list, and 3544 * none at all if we are unplugged. However, we can 3545 * rely on the disconnect function to clean everything 3546 * up if someone unplugged the adapter. 3547 */ 3548 if (list_empty(&hw->ctlxq.active)) { 3549 spin_unlock_irqrestore(&hw->ctlxq.lock, flags); 3550 return; 3551 } 3552 3553 /* 3554 * Having something on the "active" queue means 3555 * that we have timers to worry about ... 3556 */ 3557 if (del_timer(&hw->reqtimer) == 0) { 3558 if (hw->req_timer_done == 0) { 3559 /* 3560 * This timer was actually running while we 3561 * were trying to delete it. Let it terminate 3562 * gracefully instead. 3563 */ 3564 spin_unlock_irqrestore(&hw->ctlxq.lock, flags); 3565 goto retry; 3566 } 3567 } else { 3568 hw->req_timer_done = 1; 3569 } 3570 3571 ctlx = get_active_ctlx(hw); 3572 3573 if (urb->status == 0) { 3574 /* Request portion of a CTLX is successful */ 3575 switch (ctlx->state) { 3576 case CTLX_REQ_SUBMITTED: 3577 /* This OUT-ACK received before IN */ 3578 ctlx->state = CTLX_REQ_COMPLETE; 3579 break; 3580 3581 case CTLX_RESP_COMPLETE: 3582 /* IN already received before this OUT-ACK, 3583 * so this command must now be complete. 3584 */ 3585 ctlx->state = CTLX_COMPLETE; 3586 unlocked_usbctlx_complete(hw, ctlx); 3587 run_queue = 1; 3588 break; 3589 3590 default: 3591 /* This is NOT a valid CTLX "success" state! */ 3592 netdev_err(hw->wlandev->netdev, 3593 "Illegal CTLX[%d] success state(%s, %d) in OUT URB\n", 3594 le16_to_cpu(ctlx->outbuf.type), 3595 ctlxstr(ctlx->state), urb->status); 3596 break; 3597 } /* switch */ 3598 } else { 3599 /* If the pipe has stalled then we need to reset it */ 3600 if ((urb->status == -EPIPE) && 3601 !test_and_set_bit(WORK_TX_HALT, &hw->usb_flags)) { 3602 netdev_warn(hw->wlandev->netdev, 3603 "%s tx pipe stalled: requesting reset\n", 3604 hw->wlandev->netdev->name); 3605 schedule_work(&hw->usb_work); 3606 } 3607 3608 /* If someone cancels the OUT URB then its status 3609 * should be either -ECONNRESET or -ENOENT. 3610 */ 3611 ctlx->state = CTLX_REQ_FAILED; 3612 unlocked_usbctlx_complete(hw, ctlx); 3613 delete_resptimer = 1; 3614 run_queue = 1; 3615 } 3616 3617 delresp: 3618 if (delete_resptimer) { 3619 timer_ok = del_timer(&hw->resptimer); 3620 if (timer_ok != 0) 3621 hw->resp_timer_done = 1; 3622 } 3623 3624 spin_unlock_irqrestore(&hw->ctlxq.lock, flags); 3625 3626 if (!timer_ok && (hw->resp_timer_done == 0)) { 3627 spin_lock_irqsave(&hw->ctlxq.lock, flags); 3628 goto delresp; 3629 } 3630 3631 if (run_queue) 3632 hfa384x_usbctlxq_run(hw); 3633 } 3634 3635 /*---------------------------------------------------------------- 3636 * hfa384x_usbctlx_reqtimerfn 3637 * 3638 * Timer response function for CTLX request timeouts. If this 3639 * function is called, it means that the callback for the OUT 3640 * URB containing a Prism2.x XXX_Request was never called. 3641 * 3642 * Arguments: 3643 * data a ptr to the struct hfa384x 3644 * 3645 * Returns: 3646 * nothing 3647 * 3648 * Side effects: 3649 * 3650 * Call context: 3651 * interrupt 3652 *---------------------------------------------------------------- 3653 */ 3654 static void hfa384x_usbctlx_reqtimerfn(struct timer_list *t) 3655 { 3656 struct hfa384x *hw = from_timer(hw, t, reqtimer); 3657 unsigned long flags; 3658 3659 spin_lock_irqsave(&hw->ctlxq.lock, flags); 3660 3661 hw->req_timer_done = 1; 3662 3663 /* Removing the hardware automatically empties 3664 * the active list ... 3665 */ 3666 if (!list_empty(&hw->ctlxq.active)) { 3667 /* 3668 * We must ensure that our URB is removed from 3669 * the system, if it hasn't already expired. 3670 */ 3671 hw->ctlx_urb.transfer_flags |= URB_ASYNC_UNLINK; 3672 if (usb_unlink_urb(&hw->ctlx_urb) == -EINPROGRESS) { 3673 struct hfa384x_usbctlx *ctlx = get_active_ctlx(hw); 3674 3675 ctlx->state = CTLX_REQ_FAILED; 3676 3677 /* This URB was active, but has now been 3678 * cancelled. It will now have a status of 3679 * -ECONNRESET in the callback function. 3680 * 3681 * We are cancelling this CTLX, so we're 3682 * not going to need to wait for a response. 3683 * The URB's callback function will check 3684 * that this timer is truly dead. 3685 */ 3686 if (del_timer(&hw->resptimer) != 0) 3687 hw->resp_timer_done = 1; 3688 } 3689 } 3690 3691 spin_unlock_irqrestore(&hw->ctlxq.lock, flags); 3692 } 3693 3694 /*---------------------------------------------------------------- 3695 * hfa384x_usbctlx_resptimerfn 3696 * 3697 * Timer response function for CTLX response timeouts. If this 3698 * function is called, it means that the callback for the IN 3699 * URB containing a Prism2.x XXX_Response was never called. 3700 * 3701 * Arguments: 3702 * data a ptr to the struct hfa384x 3703 * 3704 * Returns: 3705 * nothing 3706 * 3707 * Side effects: 3708 * 3709 * Call context: 3710 * interrupt 3711 *---------------------------------------------------------------- 3712 */ 3713 static void hfa384x_usbctlx_resptimerfn(struct timer_list *t) 3714 { 3715 struct hfa384x *hw = from_timer(hw, t, resptimer); 3716 unsigned long flags; 3717 3718 spin_lock_irqsave(&hw->ctlxq.lock, flags); 3719 3720 hw->resp_timer_done = 1; 3721 3722 /* The active list will be empty if the 3723 * adapter has been unplugged ... 3724 */ 3725 if (!list_empty(&hw->ctlxq.active)) { 3726 struct hfa384x_usbctlx *ctlx = get_active_ctlx(hw); 3727 3728 if (unlocked_usbctlx_cancel_async(hw, ctlx) == 0) { 3729 spin_unlock_irqrestore(&hw->ctlxq.lock, flags); 3730 hfa384x_usbctlxq_run(hw); 3731 return; 3732 } 3733 } 3734 spin_unlock_irqrestore(&hw->ctlxq.lock, flags); 3735 } 3736 3737 /*---------------------------------------------------------------- 3738 * hfa384x_usb_throttlefn 3739 * 3740 * 3741 * Arguments: 3742 * data ptr to hw 3743 * 3744 * Returns: 3745 * Nothing 3746 * 3747 * Side effects: 3748 * 3749 * Call context: 3750 * Interrupt 3751 *---------------------------------------------------------------- 3752 */ 3753 static void hfa384x_usb_throttlefn(struct timer_list *t) 3754 { 3755 struct hfa384x *hw = from_timer(hw, t, throttle); 3756 unsigned long flags; 3757 3758 spin_lock_irqsave(&hw->ctlxq.lock, flags); 3759 3760 pr_debug("flags=0x%lx\n", hw->usb_flags); 3761 if (!hw->wlandev->hwremoved) { 3762 bool rx_throttle = test_and_clear_bit(THROTTLE_RX, &hw->usb_flags) && 3763 !test_and_set_bit(WORK_RX_RESUME, &hw->usb_flags); 3764 bool tx_throttle = test_and_clear_bit(THROTTLE_TX, &hw->usb_flags) && 3765 !test_and_set_bit(WORK_TX_RESUME, &hw->usb_flags); 3766 /* 3767 * We need to check BOTH the RX and the TX throttle controls, 3768 * so we use the bitwise OR instead of the logical OR. 3769 */ 3770 if (rx_throttle | tx_throttle) 3771 schedule_work(&hw->usb_work); 3772 } 3773 3774 spin_unlock_irqrestore(&hw->ctlxq.lock, flags); 3775 } 3776 3777 /*---------------------------------------------------------------- 3778 * hfa384x_usbctlx_submit 3779 * 3780 * Called from the doxxx functions to submit a CTLX to the queue 3781 * 3782 * Arguments: 3783 * hw ptr to the hw struct 3784 * ctlx ctlx structure to enqueue 3785 * 3786 * Returns: 3787 * -ENODEV if the adapter is unplugged 3788 * 0 3789 * 3790 * Side effects: 3791 * 3792 * Call context: 3793 * process or interrupt 3794 *---------------------------------------------------------------- 3795 */ 3796 static int hfa384x_usbctlx_submit(struct hfa384x *hw, 3797 struct hfa384x_usbctlx *ctlx) 3798 { 3799 unsigned long flags; 3800 3801 spin_lock_irqsave(&hw->ctlxq.lock, flags); 3802 3803 if (hw->wlandev->hwremoved) { 3804 spin_unlock_irqrestore(&hw->ctlxq.lock, flags); 3805 return -ENODEV; 3806 } 3807 3808 ctlx->state = CTLX_PENDING; 3809 list_add_tail(&ctlx->list, &hw->ctlxq.pending); 3810 spin_unlock_irqrestore(&hw->ctlxq.lock, flags); 3811 hfa384x_usbctlxq_run(hw); 3812 3813 return 0; 3814 } 3815 3816 /*---------------------------------------------------------------- 3817 * hfa384x_isgood_pdrcore 3818 * 3819 * Quick check of PDR codes. 3820 * 3821 * Arguments: 3822 * pdrcode PDR code number (host order) 3823 * 3824 * Returns: 3825 * zero not good. 3826 * one is good. 3827 * 3828 * Side effects: 3829 * 3830 * Call context: 3831 *---------------------------------------------------------------- 3832 */ 3833 static int hfa384x_isgood_pdrcode(u16 pdrcode) 3834 { 3835 switch (pdrcode) { 3836 case HFA384x_PDR_END_OF_PDA: 3837 case HFA384x_PDR_PCB_PARTNUM: 3838 case HFA384x_PDR_PDAVER: 3839 case HFA384x_PDR_NIC_SERIAL: 3840 case HFA384x_PDR_MKK_MEASUREMENTS: 3841 case HFA384x_PDR_NIC_RAMSIZE: 3842 case HFA384x_PDR_MFISUPRANGE: 3843 case HFA384x_PDR_CFISUPRANGE: 3844 case HFA384x_PDR_NICID: 3845 case HFA384x_PDR_MAC_ADDRESS: 3846 case HFA384x_PDR_REGDOMAIN: 3847 case HFA384x_PDR_ALLOWED_CHANNEL: 3848 case HFA384x_PDR_DEFAULT_CHANNEL: 3849 case HFA384x_PDR_TEMPTYPE: 3850 case HFA384x_PDR_IFR_SETTING: 3851 case HFA384x_PDR_RFR_SETTING: 3852 case HFA384x_PDR_HFA3861_BASELINE: 3853 case HFA384x_PDR_HFA3861_SHADOW: 3854 case HFA384x_PDR_HFA3861_IFRF: 3855 case HFA384x_PDR_HFA3861_CHCALSP: 3856 case HFA384x_PDR_HFA3861_CHCALI: 3857 case HFA384x_PDR_3842_NIC_CONFIG: 3858 case HFA384x_PDR_USB_ID: 3859 case HFA384x_PDR_PCI_ID: 3860 case HFA384x_PDR_PCI_IFCONF: 3861 case HFA384x_PDR_PCI_PMCONF: 3862 case HFA384x_PDR_RFENRGY: 3863 case HFA384x_PDR_HFA3861_MANF_TESTSP: 3864 case HFA384x_PDR_HFA3861_MANF_TESTI: 3865 /* code is OK */ 3866 return 1; 3867 default: 3868 if (pdrcode < 0x1000) { 3869 /* code is OK, but we don't know exactly what it is */ 3870 pr_debug("Encountered unknown PDR#=0x%04x, assuming it's ok.\n", 3871 pdrcode); 3872 return 1; 3873 } 3874 break; 3875 } 3876 /* bad code */ 3877 pr_debug("Encountered unknown PDR#=0x%04x, (>=0x1000), assuming it's bad.\n", 3878 pdrcode); 3879 return 0; 3880 } 3881