hfa384x_usb.c (104372B)
1// SPDX-License-Identifier: (GPL-2.0 OR MPL-1.1) 2/* 3 * 4 * Functions that talk to the USB variant of the Intersil hfa384x MAC 5 * 6 * Copyright (C) 1999 AbsoluteValue Systems, Inc. All Rights Reserved. 7 * -------------------------------------------------------------------- 8 * 9 * linux-wlan 10 * 11 * The contents of this file are subject to the Mozilla Public 12 * License Version 1.1 (the "License"); you may not use this file 13 * except in compliance with the License. You may obtain a copy of 14 * the License at http://www.mozilla.org/MPL/ 15 * 16 * Software distributed under the License is distributed on an "AS 17 * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or 18 * implied. See the License for the specific language governing 19 * rights and limitations under the License. 20 * 21 * Alternatively, the contents of this file may be used under the 22 * terms of the GNU Public License version 2 (the "GPL"), in which 23 * case the provisions of the GPL are applicable instead of the 24 * above. If you wish to allow the use of your version of this file 25 * only under the terms of the GPL and not to allow others to use 26 * your version of this file under the MPL, indicate your decision 27 * by deleting the provisions above and replace them with the notice 28 * and other provisions required by the GPL. If you do not delete 29 * the provisions above, a recipient may use your version of this 30 * file under either the MPL or the GPL. 31 * 32 * -------------------------------------------------------------------- 33 * 34 * Inquiries regarding the linux-wlan Open Source project can be 35 * made directly to: 36 * 37 * AbsoluteValue Systems Inc. 38 * info@linux-wlan.com 39 * http://www.linux-wlan.com 40 * 41 * -------------------------------------------------------------------- 42 * 43 * Portions of the development of this software were funded by 44 * Intersil Corporation as part of PRISM(R) chipset product development. 45 * 46 * -------------------------------------------------------------------- 47 * 48 * This file implements functions that correspond to the prism2/hfa384x 49 * 802.11 MAC hardware and firmware host interface. 50 * 51 * The functions can be considered to represent several levels of 52 * abstraction. The lowest level functions are simply C-callable wrappers 53 * around the register accesses. The next higher level represents C-callable 54 * prism2 API functions that match the Intersil documentation as closely 55 * as is reasonable. The next higher layer implements common sequences 56 * of invocations of the API layer (e.g. write to bap, followed by cmd). 57 * 58 * Common sequences: 59 * hfa384x_drvr_xxx Highest level abstractions provided by the 60 * hfa384x code. They are driver defined wrappers 61 * for common sequences. These functions generally 62 * use the services of the lower levels. 63 * 64 * hfa384x_drvr_xxxconfig An example of the drvr level abstraction. These 65 * functions are wrappers for the RID get/set 66 * sequence. They call copy_[to|from]_bap() and 67 * cmd_access(). These functions operate on the 68 * RIDs and buffers without validation. The caller 69 * is responsible for that. 70 * 71 * API wrapper functions: 72 * hfa384x_cmd_xxx functions that provide access to the f/w commands. 73 * The function arguments correspond to each command 74 * argument, even command arguments that get packed 75 * into single registers. These functions _just_ 76 * issue the command by setting the cmd/parm regs 77 * & reading the status/resp regs. Additional 78 * activities required to fully use a command 79 * (read/write from/to bap, get/set int status etc.) 80 * are implemented separately. Think of these as 81 * C-callable prism2 commands. 82 * 83 * Lowest Layer Functions: 84 * hfa384x_docmd_xxx These functions implement the sequence required 85 * to issue any prism2 command. Primarily used by the 86 * hfa384x_cmd_xxx functions. 87 * 88 * hfa384x_bap_xxx BAP read/write access functions. 89 * Note: we usually use BAP0 for non-interrupt context 90 * and BAP1 for interrupt context. 91 * 92 * hfa384x_dl_xxx download related functions. 93 * 94 * Driver State Issues: 95 * Note that there are two pairs of functions that manage the 96 * 'initialized' and 'running' states of the hw/MAC combo. The four 97 * functions are create(), destroy(), start(), and stop(). create() 98 * sets up the data structures required to support the hfa384x_* 99 * functions and destroy() cleans them up. The start() function gets 100 * the actual hardware running and enables the interrupts. The stop() 101 * function shuts the hardware down. The sequence should be: 102 * create() 103 * start() 104 * . 105 * . Do interesting things w/ the hardware 106 * . 107 * stop() 108 * destroy() 109 * 110 * Note that destroy() can be called without calling stop() first. 111 * -------------------------------------------------------------------- 112 */ 113 114#include <linux/module.h> 115#include <linux/kernel.h> 116#include <linux/sched.h> 117#include <linux/types.h> 118#include <linux/slab.h> 119#include <linux/wireless.h> 120#include <linux/netdevice.h> 121#include <linux/timer.h> 122#include <linux/io.h> 123#include <linux/delay.h> 124#include <asm/byteorder.h> 125#include <linux/bitops.h> 126#include <linux/list.h> 127#include <linux/usb.h> 128#include <linux/byteorder/generic.h> 129 130#include "p80211types.h" 131#include "p80211hdr.h" 132#include "p80211mgmt.h" 133#include "p80211conv.h" 134#include "p80211msg.h" 135#include "p80211netdev.h" 136#include "p80211req.h" 137#include "p80211metadef.h" 138#include "p80211metastruct.h" 139#include "hfa384x.h" 140#include "prism2mgmt.h" 141 142enum cmd_mode { 143 DOWAIT = 0, 144 DOASYNC 145}; 146 147#define THROTTLE_JIFFIES (HZ / 8) 148#define URB_ASYNC_UNLINK 0 149#define USB_QUEUE_BULK 0 150 151#define ROUNDUP64(a) (((a) + 63) & ~63) 152 153#ifdef DEBUG_USB 154static void dbprint_urb(struct urb *urb); 155#endif 156 157static void hfa384x_int_rxmonitor(struct wlandevice *wlandev, 158 struct hfa384x_usb_rxfrm *rxfrm); 159 160static void hfa384x_usb_defer(struct work_struct *data); 161 162static int submit_rx_urb(struct hfa384x *hw, gfp_t flags); 163 164static int submit_tx_urb(struct hfa384x *hw, struct urb *tx_urb, gfp_t flags); 165 166/*---------------------------------------------------*/ 167/* Callbacks */ 168static void hfa384x_usbout_callback(struct urb *urb); 169static void hfa384x_ctlxout_callback(struct urb *urb); 170static void hfa384x_usbin_callback(struct urb *urb); 171 172static void 173hfa384x_usbin_txcompl(struct wlandevice *wlandev, union hfa384x_usbin *usbin); 174 175static void hfa384x_usbin_rx(struct wlandevice *wlandev, struct sk_buff *skb); 176 177static void hfa384x_usbin_info(struct wlandevice *wlandev, 178 union hfa384x_usbin *usbin); 179 180static void hfa384x_usbin_ctlx(struct hfa384x *hw, union hfa384x_usbin *usbin, 181 int urb_status); 182 183/*---------------------------------------------------*/ 184/* Functions to support the prism2 usb command queue */ 185 186static void hfa384x_usbctlxq_run(struct hfa384x *hw); 187 188static void hfa384x_usbctlx_reqtimerfn(struct timer_list *t); 189 190static void hfa384x_usbctlx_resptimerfn(struct timer_list *t); 191 192static void hfa384x_usb_throttlefn(struct timer_list *t); 193 194static void hfa384x_usbctlx_completion_task(struct work_struct *work); 195 196static void hfa384x_usbctlx_reaper_task(struct work_struct *work); 197 198static int hfa384x_usbctlx_submit(struct hfa384x *hw, 199 struct hfa384x_usbctlx *ctlx); 200 201static void unlocked_usbctlx_complete(struct hfa384x *hw, 202 struct hfa384x_usbctlx *ctlx); 203 204struct usbctlx_completor { 205 int (*complete)(struct usbctlx_completor *completor); 206}; 207 208static int 209hfa384x_usbctlx_complete_sync(struct hfa384x *hw, 210 struct hfa384x_usbctlx *ctlx, 211 struct usbctlx_completor *completor); 212 213static int 214unlocked_usbctlx_cancel_async(struct hfa384x *hw, struct hfa384x_usbctlx *ctlx); 215 216static void hfa384x_cb_status(struct hfa384x *hw, 217 const struct hfa384x_usbctlx *ctlx); 218 219static int 220usbctlx_get_status(const struct hfa384x_usb_statusresp *cmdresp, 221 struct hfa384x_cmdresult *result); 222 223static void 224usbctlx_get_rridresult(const struct hfa384x_usb_rridresp *rridresp, 225 struct hfa384x_rridresult *result); 226 227/*---------------------------------------------------*/ 228/* Low level req/resp CTLX formatters and submitters */ 229static inline int 230hfa384x_docmd(struct hfa384x *hw, 231 struct hfa384x_metacmd *cmd); 232 233static int 234hfa384x_dorrid(struct hfa384x *hw, 235 enum cmd_mode mode, 236 u16 rid, 237 void *riddata, 238 unsigned int riddatalen, 239 ctlx_cmdcb_t cmdcb, ctlx_usercb_t usercb, void *usercb_data); 240 241static int 242hfa384x_dowrid(struct hfa384x *hw, 243 enum cmd_mode mode, 244 u16 rid, 245 void *riddata, 246 unsigned int riddatalen, 247 ctlx_cmdcb_t cmdcb, ctlx_usercb_t usercb, void *usercb_data); 248 249static int 250hfa384x_dormem(struct hfa384x *hw, 251 u16 page, 252 u16 offset, 253 void *data, 254 unsigned int len); 255 256static int 257hfa384x_dowmem(struct hfa384x *hw, 258 u16 page, 259 u16 offset, 260 void *data, 261 unsigned int len); 262 263static int hfa384x_isgood_pdrcode(u16 pdrcode); 264 265static inline const char *ctlxstr(enum ctlx_state s) 266{ 267 static const char * const ctlx_str[] = { 268 "Initial state", 269 "Complete", 270 "Request failed", 271 "Request pending", 272 "Request packet submitted", 273 "Request packet completed", 274 "Response packet completed" 275 }; 276 277 return ctlx_str[s]; 278}; 279 280static inline struct hfa384x_usbctlx *get_active_ctlx(struct hfa384x *hw) 281{ 282 return list_entry(hw->ctlxq.active.next, struct hfa384x_usbctlx, list); 283} 284 285#ifdef DEBUG_USB 286void dbprint_urb(struct urb *urb) 287{ 288 pr_debug("urb->pipe=0x%08x\n", urb->pipe); 289 pr_debug("urb->status=0x%08x\n", urb->status); 290 pr_debug("urb->transfer_flags=0x%08x\n", urb->transfer_flags); 291 pr_debug("urb->transfer_buffer=0x%08x\n", 292 (unsigned int)urb->transfer_buffer); 293 pr_debug("urb->transfer_buffer_length=0x%08x\n", 294 urb->transfer_buffer_length); 295 pr_debug("urb->actual_length=0x%08x\n", urb->actual_length); 296 pr_debug("urb->setup_packet(ctl)=0x%08x\n", 297 (unsigned int)urb->setup_packet); 298 pr_debug("urb->start_frame(iso/irq)=0x%08x\n", urb->start_frame); 299 pr_debug("urb->interval(irq)=0x%08x\n", urb->interval); 300 pr_debug("urb->error_count(iso)=0x%08x\n", urb->error_count); 301 pr_debug("urb->context=0x%08x\n", (unsigned int)urb->context); 302 pr_debug("urb->complete=0x%08x\n", (unsigned int)urb->complete); 303} 304#endif 305 306/*---------------------------------------------------------------- 307 * submit_rx_urb 308 * 309 * Listen for input data on the BULK-IN pipe. If the pipe has 310 * stalled then schedule it to be reset. 311 * 312 * Arguments: 313 * hw device struct 314 * memflags memory allocation flags 315 * 316 * Returns: 317 * error code from submission 318 * 319 * Call context: 320 * Any 321 *---------------------------------------------------------------- 322 */ 323static int submit_rx_urb(struct hfa384x *hw, gfp_t memflags) 324{ 325 struct sk_buff *skb; 326 int result; 327 328 skb = dev_alloc_skb(sizeof(union hfa384x_usbin)); 329 if (!skb) { 330 result = -ENOMEM; 331 goto done; 332 } 333 334 /* Post the IN urb */ 335 usb_fill_bulk_urb(&hw->rx_urb, hw->usb, 336 hw->endp_in, 337 skb->data, sizeof(union hfa384x_usbin), 338 hfa384x_usbin_callback, hw->wlandev); 339 340 hw->rx_urb_skb = skb; 341 342 result = -ENOLINK; 343 if (!hw->wlandev->hwremoved && 344 !test_bit(WORK_RX_HALT, &hw->usb_flags)) { 345 result = usb_submit_urb(&hw->rx_urb, memflags); 346 347 /* Check whether we need to reset the RX pipe */ 348 if (result == -EPIPE) { 349 netdev_warn(hw->wlandev->netdev, 350 "%s rx pipe stalled: requesting reset\n", 351 hw->wlandev->netdev->name); 352 if (!test_and_set_bit(WORK_RX_HALT, &hw->usb_flags)) 353 schedule_work(&hw->usb_work); 354 } 355 } 356 357 /* Don't leak memory if anything should go wrong */ 358 if (result != 0) { 359 dev_kfree_skb(skb); 360 hw->rx_urb_skb = NULL; 361 } 362 363done: 364 return result; 365} 366 367/*---------------------------------------------------------------- 368 * submit_tx_urb 369 * 370 * Prepares and submits the URB of transmitted data. If the 371 * submission fails then it will schedule the output pipe to 372 * be reset. 373 * 374 * Arguments: 375 * hw device struct 376 * tx_urb URB of data for transmission 377 * memflags memory allocation flags 378 * 379 * Returns: 380 * error code from submission 381 * 382 * Call context: 383 * Any 384 *---------------------------------------------------------------- 385 */ 386static int submit_tx_urb(struct hfa384x *hw, struct urb *tx_urb, gfp_t memflags) 387{ 388 struct net_device *netdev = hw->wlandev->netdev; 389 int result; 390 391 result = -ENOLINK; 392 if (netif_running(netdev)) { 393 if (!hw->wlandev->hwremoved && 394 !test_bit(WORK_TX_HALT, &hw->usb_flags)) { 395 result = usb_submit_urb(tx_urb, memflags); 396 397 /* Test whether we need to reset the TX pipe */ 398 if (result == -EPIPE) { 399 netdev_warn(hw->wlandev->netdev, 400 "%s tx pipe stalled: requesting reset\n", 401 netdev->name); 402 set_bit(WORK_TX_HALT, &hw->usb_flags); 403 schedule_work(&hw->usb_work); 404 } else if (result == 0) { 405 netif_stop_queue(netdev); 406 } 407 } 408 } 409 410 return result; 411} 412 413/*---------------------------------------------------------------- 414 * hfa394x_usb_defer 415 * 416 * There are some things that the USB stack cannot do while 417 * in interrupt context, so we arrange this function to run 418 * in process context. 419 * 420 * Arguments: 421 * hw device structure 422 * 423 * Returns: 424 * nothing 425 * 426 * Call context: 427 * process (by design) 428 *---------------------------------------------------------------- 429 */ 430static void hfa384x_usb_defer(struct work_struct *data) 431{ 432 struct hfa384x *hw = container_of(data, struct hfa384x, usb_work); 433 struct net_device *netdev = hw->wlandev->netdev; 434 435 /* Don't bother trying to reset anything if the plug 436 * has been pulled ... 437 */ 438 if (hw->wlandev->hwremoved) 439 return; 440 441 /* Reception has stopped: try to reset the input pipe */ 442 if (test_bit(WORK_RX_HALT, &hw->usb_flags)) { 443 int ret; 444 445 usb_kill_urb(&hw->rx_urb); /* Cannot be holding spinlock! */ 446 447 ret = usb_clear_halt(hw->usb, hw->endp_in); 448 if (ret != 0) { 449 netdev_err(hw->wlandev->netdev, 450 "Failed to clear rx pipe for %s: err=%d\n", 451 netdev->name, ret); 452 } else { 453 netdev_info(hw->wlandev->netdev, "%s rx pipe reset complete.\n", 454 netdev->name); 455 clear_bit(WORK_RX_HALT, &hw->usb_flags); 456 set_bit(WORK_RX_RESUME, &hw->usb_flags); 457 } 458 } 459 460 /* Resume receiving data back from the device. */ 461 if (test_bit(WORK_RX_RESUME, &hw->usb_flags)) { 462 int ret; 463 464 ret = submit_rx_urb(hw, GFP_KERNEL); 465 if (ret != 0) { 466 netdev_err(hw->wlandev->netdev, 467 "Failed to resume %s rx pipe.\n", 468 netdev->name); 469 } else { 470 clear_bit(WORK_RX_RESUME, &hw->usb_flags); 471 } 472 } 473 474 /* Transmission has stopped: try to reset the output pipe */ 475 if (test_bit(WORK_TX_HALT, &hw->usb_flags)) { 476 int ret; 477 478 usb_kill_urb(&hw->tx_urb); 479 ret = usb_clear_halt(hw->usb, hw->endp_out); 480 if (ret != 0) { 481 netdev_err(hw->wlandev->netdev, 482 "Failed to clear tx pipe for %s: err=%d\n", 483 netdev->name, ret); 484 } else { 485 netdev_info(hw->wlandev->netdev, "%s tx pipe reset complete.\n", 486 netdev->name); 487 clear_bit(WORK_TX_HALT, &hw->usb_flags); 488 set_bit(WORK_TX_RESUME, &hw->usb_flags); 489 490 /* Stopping the BULK-OUT pipe also blocked 491 * us from sending any more CTLX URBs, so 492 * we need to re-run our queue ... 493 */ 494 hfa384x_usbctlxq_run(hw); 495 } 496 } 497 498 /* Resume transmitting. */ 499 if (test_and_clear_bit(WORK_TX_RESUME, &hw->usb_flags)) 500 netif_wake_queue(hw->wlandev->netdev); 501} 502 503/*---------------------------------------------------------------- 504 * hfa384x_create 505 * 506 * Sets up the struct hfa384x data structure for use. Note this 507 * does _not_ initialize the actual hardware, just the data structures 508 * we use to keep track of its state. 509 * 510 * Arguments: 511 * hw device structure 512 * irq device irq number 513 * iobase i/o base address for register access 514 * membase memory base address for register access 515 * 516 * Returns: 517 * nothing 518 * 519 * Side effects: 520 * 521 * Call context: 522 * process 523 *---------------------------------------------------------------- 524 */ 525void hfa384x_create(struct hfa384x *hw, struct usb_device *usb) 526{ 527 hw->usb = usb; 528 529 /* Set up the waitq */ 530 init_waitqueue_head(&hw->cmdq); 531 532 /* Initialize the command queue */ 533 spin_lock_init(&hw->ctlxq.lock); 534 INIT_LIST_HEAD(&hw->ctlxq.pending); 535 INIT_LIST_HEAD(&hw->ctlxq.active); 536 INIT_LIST_HEAD(&hw->ctlxq.completing); 537 INIT_LIST_HEAD(&hw->ctlxq.reapable); 538 539 /* Initialize the authentication queue */ 540 skb_queue_head_init(&hw->authq); 541 542 INIT_WORK(&hw->reaper_bh, hfa384x_usbctlx_reaper_task); 543 INIT_WORK(&hw->completion_bh, hfa384x_usbctlx_completion_task); 544 INIT_WORK(&hw->link_bh, prism2sta_processing_defer); 545 INIT_WORK(&hw->usb_work, hfa384x_usb_defer); 546 547 timer_setup(&hw->throttle, hfa384x_usb_throttlefn, 0); 548 549 timer_setup(&hw->resptimer, hfa384x_usbctlx_resptimerfn, 0); 550 551 timer_setup(&hw->reqtimer, hfa384x_usbctlx_reqtimerfn, 0); 552 553 usb_init_urb(&hw->rx_urb); 554 usb_init_urb(&hw->tx_urb); 555 usb_init_urb(&hw->ctlx_urb); 556 557 hw->link_status = HFA384x_LINK_NOTCONNECTED; 558 hw->state = HFA384x_STATE_INIT; 559 560 INIT_WORK(&hw->commsqual_bh, prism2sta_commsqual_defer); 561 timer_setup(&hw->commsqual_timer, prism2sta_commsqual_timer, 0); 562} 563 564/*---------------------------------------------------------------- 565 * hfa384x_destroy 566 * 567 * Partner to hfa384x_create(). This function cleans up the hw 568 * structure so that it can be freed by the caller using a simple 569 * kfree. Currently, this function is just a placeholder. If, at some 570 * point in the future, an hw in the 'shutdown' state requires a 'deep' 571 * kfree, this is where it should be done. Note that if this function 572 * is called on a _running_ hw structure, the drvr_stop() function is 573 * called. 574 * 575 * Arguments: 576 * hw device structure 577 * 578 * Returns: 579 * nothing, this function is not allowed to fail. 580 * 581 * Side effects: 582 * 583 * Call context: 584 * process 585 *---------------------------------------------------------------- 586 */ 587void hfa384x_destroy(struct hfa384x *hw) 588{ 589 struct sk_buff *skb; 590 591 if (hw->state == HFA384x_STATE_RUNNING) 592 hfa384x_drvr_stop(hw); 593 hw->state = HFA384x_STATE_PREINIT; 594 595 kfree(hw->scanresults); 596 hw->scanresults = NULL; 597 598 /* Now to clean out the auth queue */ 599 while ((skb = skb_dequeue(&hw->authq))) 600 dev_kfree_skb(skb); 601} 602 603static struct hfa384x_usbctlx *usbctlx_alloc(void) 604{ 605 struct hfa384x_usbctlx *ctlx; 606 607 ctlx = kzalloc(sizeof(*ctlx), 608 in_interrupt() ? GFP_ATOMIC : GFP_KERNEL); 609 if (ctlx) 610 init_completion(&ctlx->done); 611 612 return ctlx; 613} 614 615static int 616usbctlx_get_status(const struct hfa384x_usb_statusresp *cmdresp, 617 struct hfa384x_cmdresult *result) 618{ 619 result->status = le16_to_cpu(cmdresp->status); 620 result->resp0 = le16_to_cpu(cmdresp->resp0); 621 result->resp1 = le16_to_cpu(cmdresp->resp1); 622 result->resp2 = le16_to_cpu(cmdresp->resp2); 623 624 pr_debug("cmdresult:status=0x%04x resp0=0x%04x resp1=0x%04x resp2=0x%04x\n", 625 result->status, result->resp0, result->resp1, result->resp2); 626 627 return result->status & HFA384x_STATUS_RESULT; 628} 629 630static void 631usbctlx_get_rridresult(const struct hfa384x_usb_rridresp *rridresp, 632 struct hfa384x_rridresult *result) 633{ 634 result->rid = le16_to_cpu(rridresp->rid); 635 result->riddata = rridresp->data; 636 result->riddata_len = ((le16_to_cpu(rridresp->frmlen) - 1) * 2); 637} 638 639/*---------------------------------------------------------------- 640 * Completor object: 641 * This completor must be passed to hfa384x_usbctlx_complete_sync() 642 * when processing a CTLX that returns a struct hfa384x_cmdresult structure. 643 *---------------------------------------------------------------- 644 */ 645struct usbctlx_cmd_completor { 646 struct usbctlx_completor head; 647 648 const struct hfa384x_usb_statusresp *cmdresp; 649 struct hfa384x_cmdresult *result; 650}; 651 652static inline int usbctlx_cmd_completor_fn(struct usbctlx_completor *head) 653{ 654 struct usbctlx_cmd_completor *complete; 655 656 complete = (struct usbctlx_cmd_completor *)head; 657 return usbctlx_get_status(complete->cmdresp, complete->result); 658} 659 660static inline struct usbctlx_completor * 661init_cmd_completor(struct usbctlx_cmd_completor *completor, 662 const struct hfa384x_usb_statusresp *cmdresp, 663 struct hfa384x_cmdresult *result) 664{ 665 completor->head.complete = usbctlx_cmd_completor_fn; 666 completor->cmdresp = cmdresp; 667 completor->result = result; 668 return &completor->head; 669} 670 671/*---------------------------------------------------------------- 672 * Completor object: 673 * This completor must be passed to hfa384x_usbctlx_complete_sync() 674 * when processing a CTLX that reads a RID. 675 *---------------------------------------------------------------- 676 */ 677struct usbctlx_rrid_completor { 678 struct usbctlx_completor head; 679 680 const struct hfa384x_usb_rridresp *rridresp; 681 void *riddata; 682 unsigned int riddatalen; 683}; 684 685static int usbctlx_rrid_completor_fn(struct usbctlx_completor *head) 686{ 687 struct usbctlx_rrid_completor *complete; 688 struct hfa384x_rridresult rridresult; 689 690 complete = (struct usbctlx_rrid_completor *)head; 691 usbctlx_get_rridresult(complete->rridresp, &rridresult); 692 693 /* Validate the length, note body len calculation in bytes */ 694 if (rridresult.riddata_len != complete->riddatalen) { 695 pr_warn("RID len mismatch, rid=0x%04x hlen=%d fwlen=%d\n", 696 rridresult.rid, 697 complete->riddatalen, rridresult.riddata_len); 698 return -ENODATA; 699 } 700 701 memcpy(complete->riddata, rridresult.riddata, complete->riddatalen); 702 return 0; 703} 704 705static inline struct usbctlx_completor * 706init_rrid_completor(struct usbctlx_rrid_completor *completor, 707 const struct hfa384x_usb_rridresp *rridresp, 708 void *riddata, 709 unsigned int riddatalen) 710{ 711 completor->head.complete = usbctlx_rrid_completor_fn; 712 completor->rridresp = rridresp; 713 completor->riddata = riddata; 714 completor->riddatalen = riddatalen; 715 return &completor->head; 716} 717 718/*---------------------------------------------------------------- 719 * Completor object: 720 * Interprets the results of a synchronous RID-write 721 *---------------------------------------------------------------- 722 */ 723#define init_wrid_completor init_cmd_completor 724 725/*---------------------------------------------------------------- 726 * Completor object: 727 * Interprets the results of a synchronous memory-write 728 *---------------------------------------------------------------- 729 */ 730#define init_wmem_completor init_cmd_completor 731 732/*---------------------------------------------------------------- 733 * Completor object: 734 * Interprets the results of a synchronous memory-read 735 *---------------------------------------------------------------- 736 */ 737struct usbctlx_rmem_completor { 738 struct usbctlx_completor head; 739 740 const struct hfa384x_usb_rmemresp *rmemresp; 741 void *data; 742 unsigned int len; 743}; 744 745static int usbctlx_rmem_completor_fn(struct usbctlx_completor *head) 746{ 747 struct usbctlx_rmem_completor *complete = 748 (struct usbctlx_rmem_completor *)head; 749 750 pr_debug("rmemresp:len=%d\n", complete->rmemresp->frmlen); 751 memcpy(complete->data, complete->rmemresp->data, complete->len); 752 return 0; 753} 754 755static inline struct usbctlx_completor * 756init_rmem_completor(struct usbctlx_rmem_completor *completor, 757 struct hfa384x_usb_rmemresp *rmemresp, 758 void *data, 759 unsigned int len) 760{ 761 completor->head.complete = usbctlx_rmem_completor_fn; 762 completor->rmemresp = rmemresp; 763 completor->data = data; 764 completor->len = len; 765 return &completor->head; 766} 767 768/*---------------------------------------------------------------- 769 * hfa384x_cb_status 770 * 771 * Ctlx_complete handler for async CMD type control exchanges. 772 * mark the hw struct as such. 773 * 774 * Note: If the handling is changed here, it should probably be 775 * changed in docmd as well. 776 * 777 * Arguments: 778 * hw hw struct 779 * ctlx completed CTLX 780 * 781 * Returns: 782 * nothing 783 * 784 * Side effects: 785 * 786 * Call context: 787 * interrupt 788 *---------------------------------------------------------------- 789 */ 790static void hfa384x_cb_status(struct hfa384x *hw, 791 const struct hfa384x_usbctlx *ctlx) 792{ 793 if (ctlx->usercb) { 794 struct hfa384x_cmdresult cmdresult; 795 796 if (ctlx->state != CTLX_COMPLETE) { 797 memset(&cmdresult, 0, sizeof(cmdresult)); 798 cmdresult.status = 799 HFA384x_STATUS_RESULT_SET(HFA384x_CMD_ERR); 800 } else { 801 usbctlx_get_status(&ctlx->inbuf.cmdresp, &cmdresult); 802 } 803 804 ctlx->usercb(hw, &cmdresult, ctlx->usercb_data); 805 } 806} 807 808/*---------------------------------------------------------------- 809 * hfa384x_cmd_initialize 810 * 811 * Issues the initialize command and sets the hw->state based 812 * on the result. 813 * 814 * Arguments: 815 * hw device structure 816 * 817 * Returns: 818 * 0 success 819 * >0 f/w reported error - f/w status code 820 * <0 driver reported error 821 * 822 * Side effects: 823 * 824 * Call context: 825 * process 826 *---------------------------------------------------------------- 827 */ 828int hfa384x_cmd_initialize(struct hfa384x *hw) 829{ 830 int result = 0; 831 int i; 832 struct hfa384x_metacmd cmd; 833 834 cmd.cmd = HFA384x_CMDCODE_INIT; 835 cmd.parm0 = 0; 836 cmd.parm1 = 0; 837 cmd.parm2 = 0; 838 839 result = hfa384x_docmd(hw, &cmd); 840 841 pr_debug("cmdresp.init: status=0x%04x, resp0=0x%04x, resp1=0x%04x, resp2=0x%04x\n", 842 cmd.result.status, 843 cmd.result.resp0, cmd.result.resp1, cmd.result.resp2); 844 if (result == 0) { 845 for (i = 0; i < HFA384x_NUMPORTS_MAX; i++) 846 hw->port_enabled[i] = 0; 847 } 848 849 hw->link_status = HFA384x_LINK_NOTCONNECTED; 850 851 return result; 852} 853 854/*---------------------------------------------------------------- 855 * hfa384x_cmd_disable 856 * 857 * Issues the disable command to stop communications on one of 858 * the MACs 'ports'. 859 * 860 * Arguments: 861 * hw device structure 862 * macport MAC port number (host order) 863 * 864 * Returns: 865 * 0 success 866 * >0 f/w reported failure - f/w status code 867 * <0 driver reported error (timeout|bad arg) 868 * 869 * Side effects: 870 * 871 * Call context: 872 * process 873 *---------------------------------------------------------------- 874 */ 875int hfa384x_cmd_disable(struct hfa384x *hw, u16 macport) 876{ 877 struct hfa384x_metacmd cmd; 878 879 cmd.cmd = HFA384x_CMD_CMDCODE_SET(HFA384x_CMDCODE_DISABLE) | 880 HFA384x_CMD_MACPORT_SET(macport); 881 cmd.parm0 = 0; 882 cmd.parm1 = 0; 883 cmd.parm2 = 0; 884 885 return hfa384x_docmd(hw, &cmd); 886} 887 888/*---------------------------------------------------------------- 889 * hfa384x_cmd_enable 890 * 891 * Issues the enable command to enable communications on one of 892 * the MACs 'ports'. 893 * 894 * Arguments: 895 * hw device structure 896 * macport MAC port number 897 * 898 * Returns: 899 * 0 success 900 * >0 f/w reported failure - f/w status code 901 * <0 driver reported error (timeout|bad arg) 902 * 903 * Side effects: 904 * 905 * Call context: 906 * process 907 *---------------------------------------------------------------- 908 */ 909int hfa384x_cmd_enable(struct hfa384x *hw, u16 macport) 910{ 911 struct hfa384x_metacmd cmd; 912 913 cmd.cmd = HFA384x_CMD_CMDCODE_SET(HFA384x_CMDCODE_ENABLE) | 914 HFA384x_CMD_MACPORT_SET(macport); 915 cmd.parm0 = 0; 916 cmd.parm1 = 0; 917 cmd.parm2 = 0; 918 919 return hfa384x_docmd(hw, &cmd); 920} 921 922/*---------------------------------------------------------------- 923 * hfa384x_cmd_monitor 924 * 925 * Enables the 'monitor mode' of the MAC. Here's the description of 926 * monitor mode that I've received thus far: 927 * 928 * "The "monitor mode" of operation is that the MAC passes all 929 * frames for which the PLCP checks are correct. All received 930 * MPDUs are passed to the host with MAC Port = 7, with a 931 * receive status of good, FCS error, or undecryptable. Passing 932 * certain MPDUs is a violation of the 802.11 standard, but useful 933 * for a debugging tool." Normal communication is not possible 934 * while monitor mode is enabled. 935 * 936 * Arguments: 937 * hw device structure 938 * enable a code (0x0b|0x0f) that enables/disables 939 * monitor mode. (host order) 940 * 941 * Returns: 942 * 0 success 943 * >0 f/w reported failure - f/w status code 944 * <0 driver reported error (timeout|bad arg) 945 * 946 * Side effects: 947 * 948 * Call context: 949 * process 950 *---------------------------------------------------------------- 951 */ 952int hfa384x_cmd_monitor(struct hfa384x *hw, u16 enable) 953{ 954 struct hfa384x_metacmd cmd; 955 956 cmd.cmd = HFA384x_CMD_CMDCODE_SET(HFA384x_CMDCODE_MONITOR) | 957 HFA384x_CMD_AINFO_SET(enable); 958 cmd.parm0 = 0; 959 cmd.parm1 = 0; 960 cmd.parm2 = 0; 961 962 return hfa384x_docmd(hw, &cmd); 963} 964 965/*---------------------------------------------------------------- 966 * hfa384x_cmd_download 967 * 968 * Sets the controls for the MAC controller code/data download 969 * process. The arguments set the mode and address associated 970 * with a download. Note that the aux registers should be enabled 971 * prior to setting one of the download enable modes. 972 * 973 * Arguments: 974 * hw device structure 975 * mode 0 - Disable programming and begin code exec 976 * 1 - Enable volatile mem programming 977 * 2 - Enable non-volatile mem programming 978 * 3 - Program non-volatile section from NV download 979 * buffer. 980 * (host order) 981 * lowaddr 982 * highaddr For mode 1, sets the high & low order bits of 983 * the "destination address". This address will be 984 * the execution start address when download is 985 * subsequently disabled. 986 * For mode 2, sets the high & low order bits of 987 * the destination in NV ram. 988 * For modes 0 & 3, should be zero. (host order) 989 * NOTE: these are CMD format. 990 * codelen Length of the data to write in mode 2, 991 * zero otherwise. (host order) 992 * 993 * Returns: 994 * 0 success 995 * >0 f/w reported failure - f/w status code 996 * <0 driver reported error (timeout|bad arg) 997 * 998 * Side effects: 999 * 1000 * Call context: 1001 * process 1002 *---------------------------------------------------------------- 1003 */ 1004int hfa384x_cmd_download(struct hfa384x *hw, u16 mode, u16 lowaddr, 1005 u16 highaddr, u16 codelen) 1006{ 1007 struct hfa384x_metacmd cmd; 1008 1009 pr_debug("mode=%d, lowaddr=0x%04x, highaddr=0x%04x, codelen=%d\n", 1010 mode, lowaddr, highaddr, codelen); 1011 1012 cmd.cmd = (HFA384x_CMD_CMDCODE_SET(HFA384x_CMDCODE_DOWNLD) | 1013 HFA384x_CMD_PROGMODE_SET(mode)); 1014 1015 cmd.parm0 = lowaddr; 1016 cmd.parm1 = highaddr; 1017 cmd.parm2 = codelen; 1018 1019 return hfa384x_docmd(hw, &cmd); 1020} 1021 1022/*---------------------------------------------------------------- 1023 * hfa384x_corereset 1024 * 1025 * Perform a reset of the hfa38xx MAC core. We assume that the hw 1026 * structure is in its "created" state. That is, it is initialized 1027 * with proper values. Note that if a reset is done after the 1028 * device has been active for awhile, the caller might have to clean 1029 * up some leftover cruft in the hw structure. 1030 * 1031 * Arguments: 1032 * hw device structure 1033 * holdtime how long (in ms) to hold the reset 1034 * settletime how long (in ms) to wait after releasing 1035 * the reset 1036 * 1037 * Returns: 1038 * nothing 1039 * 1040 * Side effects: 1041 * 1042 * Call context: 1043 * process 1044 *---------------------------------------------------------------- 1045 */ 1046int hfa384x_corereset(struct hfa384x *hw, int holdtime, 1047 int settletime, int genesis) 1048{ 1049 int result; 1050 1051 result = usb_reset_device(hw->usb); 1052 if (result < 0) { 1053 netdev_err(hw->wlandev->netdev, "usb_reset_device() failed, result=%d.\n", 1054 result); 1055 } 1056 1057 return result; 1058} 1059 1060/*---------------------------------------------------------------- 1061 * hfa384x_usbctlx_complete_sync 1062 * 1063 * Waits for a synchronous CTLX object to complete, 1064 * and then handles the response. 1065 * 1066 * Arguments: 1067 * hw device structure 1068 * ctlx CTLX ptr 1069 * completor functor object to decide what to 1070 * do with the CTLX's result. 1071 * 1072 * Returns: 1073 * 0 Success 1074 * -ERESTARTSYS Interrupted by a signal 1075 * -EIO CTLX failed 1076 * -ENODEV Adapter was unplugged 1077 * ??? Result from completor 1078 * 1079 * Side effects: 1080 * 1081 * Call context: 1082 * process 1083 *---------------------------------------------------------------- 1084 */ 1085static int hfa384x_usbctlx_complete_sync(struct hfa384x *hw, 1086 struct hfa384x_usbctlx *ctlx, 1087 struct usbctlx_completor *completor) 1088{ 1089 unsigned long flags; 1090 int result; 1091 1092 result = wait_for_completion_interruptible(&ctlx->done); 1093 1094 spin_lock_irqsave(&hw->ctlxq.lock, flags); 1095 1096 /* 1097 * We can only handle the CTLX if the USB disconnect 1098 * function has not run yet ... 1099 */ 1100cleanup: 1101 if (hw->wlandev->hwremoved) { 1102 spin_unlock_irqrestore(&hw->ctlxq.lock, flags); 1103 result = -ENODEV; 1104 } else if (result != 0) { 1105 int runqueue = 0; 1106 1107 /* 1108 * We were probably interrupted, so delete 1109 * this CTLX asynchronously, kill the timers 1110 * and the URB, and then start the next 1111 * pending CTLX. 1112 * 1113 * NOTE: We can only delete the timers and 1114 * the URB if this CTLX is active. 1115 */ 1116 if (ctlx == get_active_ctlx(hw)) { 1117 spin_unlock_irqrestore(&hw->ctlxq.lock, flags); 1118 1119 del_singleshot_timer_sync(&hw->reqtimer); 1120 del_singleshot_timer_sync(&hw->resptimer); 1121 hw->req_timer_done = 1; 1122 hw->resp_timer_done = 1; 1123 usb_kill_urb(&hw->ctlx_urb); 1124 1125 spin_lock_irqsave(&hw->ctlxq.lock, flags); 1126 1127 runqueue = 1; 1128 1129 /* 1130 * This scenario is so unlikely that I'm 1131 * happy with a grubby "goto" solution ... 1132 */ 1133 if (hw->wlandev->hwremoved) 1134 goto cleanup; 1135 } 1136 1137 /* 1138 * The completion task will send this CTLX 1139 * to the reaper the next time it runs. We 1140 * are no longer in a hurry. 1141 */ 1142 ctlx->reapable = 1; 1143 ctlx->state = CTLX_REQ_FAILED; 1144 list_move_tail(&ctlx->list, &hw->ctlxq.completing); 1145 1146 spin_unlock_irqrestore(&hw->ctlxq.lock, flags); 1147 1148 if (runqueue) 1149 hfa384x_usbctlxq_run(hw); 1150 } else { 1151 if (ctlx->state == CTLX_COMPLETE) { 1152 result = completor->complete(completor); 1153 } else { 1154 netdev_warn(hw->wlandev->netdev, "CTLX[%d] error: state(%s)\n", 1155 le16_to_cpu(ctlx->outbuf.type), 1156 ctlxstr(ctlx->state)); 1157 result = -EIO; 1158 } 1159 1160 list_del(&ctlx->list); 1161 spin_unlock_irqrestore(&hw->ctlxq.lock, flags); 1162 kfree(ctlx); 1163 } 1164 1165 return result; 1166} 1167 1168/*---------------------------------------------------------------- 1169 * hfa384x_docmd 1170 * 1171 * Constructs a command CTLX and submits it. 1172 * 1173 * NOTE: Any changes to the 'post-submit' code in this function 1174 * need to be carried over to hfa384x_cbcmd() since the handling 1175 * is virtually identical. 1176 * 1177 * Arguments: 1178 * hw device structure 1179 * cmd cmd structure. Includes all arguments and result 1180 * data points. All in host order. in host order 1181 * 1182 * Returns: 1183 * 0 success 1184 * -EIO CTLX failure 1185 * -ERESTARTSYS Awakened on signal 1186 * >0 command indicated error, Status and Resp0-2 are 1187 * in hw structure. 1188 * 1189 * Side effects: 1190 * 1191 * 1192 * Call context: 1193 * process 1194 *---------------------------------------------------------------- 1195 */ 1196static inline int 1197hfa384x_docmd(struct hfa384x *hw, 1198 struct hfa384x_metacmd *cmd) 1199{ 1200 int result; 1201 struct hfa384x_usbctlx *ctlx; 1202 1203 ctlx = usbctlx_alloc(); 1204 if (!ctlx) { 1205 result = -ENOMEM; 1206 goto done; 1207 } 1208 1209 /* Initialize the command */ 1210 ctlx->outbuf.cmdreq.type = cpu_to_le16(HFA384x_USB_CMDREQ); 1211 ctlx->outbuf.cmdreq.cmd = cpu_to_le16(cmd->cmd); 1212 ctlx->outbuf.cmdreq.parm0 = cpu_to_le16(cmd->parm0); 1213 ctlx->outbuf.cmdreq.parm1 = cpu_to_le16(cmd->parm1); 1214 ctlx->outbuf.cmdreq.parm2 = cpu_to_le16(cmd->parm2); 1215 1216 ctlx->outbufsize = sizeof(ctlx->outbuf.cmdreq); 1217 1218 pr_debug("cmdreq: cmd=0x%04x parm0=0x%04x parm1=0x%04x parm2=0x%04x\n", 1219 cmd->cmd, cmd->parm0, cmd->parm1, cmd->parm2); 1220 1221 ctlx->reapable = DOWAIT; 1222 ctlx->cmdcb = NULL; 1223 ctlx->usercb = NULL; 1224 ctlx->usercb_data = NULL; 1225 1226 result = hfa384x_usbctlx_submit(hw, ctlx); 1227 if (result != 0) { 1228 kfree(ctlx); 1229 } else { 1230 struct usbctlx_cmd_completor cmd_completor; 1231 struct usbctlx_completor *completor; 1232 1233 completor = init_cmd_completor(&cmd_completor, 1234 &ctlx->inbuf.cmdresp, 1235 &cmd->result); 1236 1237 result = hfa384x_usbctlx_complete_sync(hw, ctlx, completor); 1238 } 1239 1240done: 1241 return result; 1242} 1243 1244/*---------------------------------------------------------------- 1245 * hfa384x_dorrid 1246 * 1247 * Constructs a read rid CTLX and issues it. 1248 * 1249 * NOTE: Any changes to the 'post-submit' code in this function 1250 * need to be carried over to hfa384x_cbrrid() since the handling 1251 * is virtually identical. 1252 * 1253 * Arguments: 1254 * hw device structure 1255 * mode DOWAIT or DOASYNC 1256 * rid Read RID number (host order) 1257 * riddata Caller supplied buffer that MAC formatted RID.data 1258 * record will be written to for DOWAIT calls. Should 1259 * be NULL for DOASYNC calls. 1260 * riddatalen Buffer length for DOWAIT calls. Zero for DOASYNC calls. 1261 * cmdcb command callback for async calls, NULL for DOWAIT calls 1262 * usercb user callback for async calls, NULL for DOWAIT calls 1263 * usercb_data user supplied data pointer for async calls, NULL 1264 * for DOWAIT calls 1265 * 1266 * Returns: 1267 * 0 success 1268 * -EIO CTLX failure 1269 * -ERESTARTSYS Awakened on signal 1270 * -ENODATA riddatalen != macdatalen 1271 * >0 command indicated error, Status and Resp0-2 are 1272 * in hw structure. 1273 * 1274 * Side effects: 1275 * 1276 * Call context: 1277 * interrupt (DOASYNC) 1278 * process (DOWAIT or DOASYNC) 1279 *---------------------------------------------------------------- 1280 */ 1281static int 1282hfa384x_dorrid(struct hfa384x *hw, 1283 enum cmd_mode mode, 1284 u16 rid, 1285 void *riddata, 1286 unsigned int riddatalen, 1287 ctlx_cmdcb_t cmdcb, ctlx_usercb_t usercb, void *usercb_data) 1288{ 1289 int result; 1290 struct hfa384x_usbctlx *ctlx; 1291 1292 ctlx = usbctlx_alloc(); 1293 if (!ctlx) { 1294 result = -ENOMEM; 1295 goto done; 1296 } 1297 1298 /* Initialize the command */ 1299 ctlx->outbuf.rridreq.type = cpu_to_le16(HFA384x_USB_RRIDREQ); 1300 ctlx->outbuf.rridreq.frmlen = 1301 cpu_to_le16(sizeof(ctlx->outbuf.rridreq.rid)); 1302 ctlx->outbuf.rridreq.rid = cpu_to_le16(rid); 1303 1304 ctlx->outbufsize = sizeof(ctlx->outbuf.rridreq); 1305 1306 ctlx->reapable = mode; 1307 ctlx->cmdcb = cmdcb; 1308 ctlx->usercb = usercb; 1309 ctlx->usercb_data = usercb_data; 1310 1311 /* Submit the CTLX */ 1312 result = hfa384x_usbctlx_submit(hw, ctlx); 1313 if (result != 0) { 1314 kfree(ctlx); 1315 } else if (mode == DOWAIT) { 1316 struct usbctlx_rrid_completor completor; 1317 1318 result = 1319 hfa384x_usbctlx_complete_sync(hw, ctlx, 1320 init_rrid_completor 1321 (&completor, 1322 &ctlx->inbuf.rridresp, 1323 riddata, riddatalen)); 1324 } 1325 1326done: 1327 return result; 1328} 1329 1330/*---------------------------------------------------------------- 1331 * hfa384x_dowrid 1332 * 1333 * Constructs a write rid CTLX and issues it. 1334 * 1335 * NOTE: Any changes to the 'post-submit' code in this function 1336 * need to be carried over to hfa384x_cbwrid() since the handling 1337 * is virtually identical. 1338 * 1339 * Arguments: 1340 * hw device structure 1341 * enum cmd_mode DOWAIT or DOASYNC 1342 * rid RID code 1343 * riddata Data portion of RID formatted for MAC 1344 * riddatalen Length of the data portion in bytes 1345 * cmdcb command callback for async calls, NULL for DOWAIT calls 1346 * usercb user callback for async calls, NULL for DOWAIT calls 1347 * usercb_data user supplied data pointer for async calls 1348 * 1349 * Returns: 1350 * 0 success 1351 * -ETIMEDOUT timed out waiting for register ready or 1352 * command completion 1353 * >0 command indicated error, Status and Resp0-2 are 1354 * in hw structure. 1355 * 1356 * Side effects: 1357 * 1358 * Call context: 1359 * interrupt (DOASYNC) 1360 * process (DOWAIT or DOASYNC) 1361 *---------------------------------------------------------------- 1362 */ 1363static int 1364hfa384x_dowrid(struct hfa384x *hw, 1365 enum cmd_mode mode, 1366 u16 rid, 1367 void *riddata, 1368 unsigned int riddatalen, 1369 ctlx_cmdcb_t cmdcb, ctlx_usercb_t usercb, void *usercb_data) 1370{ 1371 int result; 1372 struct hfa384x_usbctlx *ctlx; 1373 1374 ctlx = usbctlx_alloc(); 1375 if (!ctlx) { 1376 result = -ENOMEM; 1377 goto done; 1378 } 1379 1380 /* Initialize the command */ 1381 ctlx->outbuf.wridreq.type = cpu_to_le16(HFA384x_USB_WRIDREQ); 1382 ctlx->outbuf.wridreq.frmlen = cpu_to_le16((sizeof 1383 (ctlx->outbuf.wridreq.rid) + 1384 riddatalen + 1) / 2); 1385 ctlx->outbuf.wridreq.rid = cpu_to_le16(rid); 1386 memcpy(ctlx->outbuf.wridreq.data, riddata, riddatalen); 1387 1388 ctlx->outbufsize = sizeof(ctlx->outbuf.wridreq.type) + 1389 sizeof(ctlx->outbuf.wridreq.frmlen) + 1390 sizeof(ctlx->outbuf.wridreq.rid) + riddatalen; 1391 1392 ctlx->reapable = mode; 1393 ctlx->cmdcb = cmdcb; 1394 ctlx->usercb = usercb; 1395 ctlx->usercb_data = usercb_data; 1396 1397 /* Submit the CTLX */ 1398 result = hfa384x_usbctlx_submit(hw, ctlx); 1399 if (result != 0) { 1400 kfree(ctlx); 1401 } else if (mode == DOWAIT) { 1402 struct usbctlx_cmd_completor completor; 1403 struct hfa384x_cmdresult wridresult; 1404 1405 result = hfa384x_usbctlx_complete_sync(hw, 1406 ctlx, 1407 init_wrid_completor 1408 (&completor, 1409 &ctlx->inbuf.wridresp, 1410 &wridresult)); 1411 } 1412 1413done: 1414 return result; 1415} 1416 1417/*---------------------------------------------------------------- 1418 * hfa384x_dormem 1419 * 1420 * Constructs a readmem CTLX and issues it. 1421 * 1422 * NOTE: Any changes to the 'post-submit' code in this function 1423 * need to be carried over to hfa384x_cbrmem() since the handling 1424 * is virtually identical. 1425 * 1426 * Arguments: 1427 * hw device structure 1428 * page MAC address space page (CMD format) 1429 * offset MAC address space offset 1430 * data Ptr to data buffer to receive read 1431 * len Length of the data to read (max == 2048) 1432 * 1433 * Returns: 1434 * 0 success 1435 * -ETIMEDOUT timed out waiting for register ready or 1436 * command completion 1437 * >0 command indicated error, Status and Resp0-2 are 1438 * in hw structure. 1439 * 1440 * Side effects: 1441 * 1442 * Call context: 1443 * process (DOWAIT) 1444 *---------------------------------------------------------------- 1445 */ 1446static int 1447hfa384x_dormem(struct hfa384x *hw, 1448 u16 page, 1449 u16 offset, 1450 void *data, 1451 unsigned int len) 1452{ 1453 int result; 1454 struct hfa384x_usbctlx *ctlx; 1455 1456 ctlx = usbctlx_alloc(); 1457 if (!ctlx) { 1458 result = -ENOMEM; 1459 goto done; 1460 } 1461 1462 /* Initialize the command */ 1463 ctlx->outbuf.rmemreq.type = cpu_to_le16(HFA384x_USB_RMEMREQ); 1464 ctlx->outbuf.rmemreq.frmlen = 1465 cpu_to_le16(sizeof(ctlx->outbuf.rmemreq.offset) + 1466 sizeof(ctlx->outbuf.rmemreq.page) + len); 1467 ctlx->outbuf.rmemreq.offset = cpu_to_le16(offset); 1468 ctlx->outbuf.rmemreq.page = cpu_to_le16(page); 1469 1470 ctlx->outbufsize = sizeof(ctlx->outbuf.rmemreq); 1471 1472 pr_debug("type=0x%04x frmlen=%d offset=0x%04x page=0x%04x\n", 1473 ctlx->outbuf.rmemreq.type, 1474 ctlx->outbuf.rmemreq.frmlen, 1475 ctlx->outbuf.rmemreq.offset, ctlx->outbuf.rmemreq.page); 1476 1477 pr_debug("pktsize=%zd\n", ROUNDUP64(sizeof(ctlx->outbuf.rmemreq))); 1478 1479 ctlx->reapable = DOWAIT; 1480 ctlx->cmdcb = NULL; 1481 ctlx->usercb = NULL; 1482 ctlx->usercb_data = NULL; 1483 1484 result = hfa384x_usbctlx_submit(hw, ctlx); 1485 if (result != 0) { 1486 kfree(ctlx); 1487 } else { 1488 struct usbctlx_rmem_completor completor; 1489 1490 result = 1491 hfa384x_usbctlx_complete_sync(hw, ctlx, 1492 init_rmem_completor 1493 (&completor, 1494 &ctlx->inbuf.rmemresp, data, 1495 len)); 1496 } 1497 1498done: 1499 return result; 1500} 1501 1502/*---------------------------------------------------------------- 1503 * hfa384x_dowmem 1504 * 1505 * Constructs a writemem CTLX and issues it. 1506 * 1507 * NOTE: Any changes to the 'post-submit' code in this function 1508 * need to be carried over to hfa384x_cbwmem() since the handling 1509 * is virtually identical. 1510 * 1511 * Arguments: 1512 * hw device structure 1513 * page MAC address space page (CMD format) 1514 * offset MAC address space offset 1515 * data Ptr to data buffer containing write data 1516 * len Length of the data to read (max == 2048) 1517 * 1518 * Returns: 1519 * 0 success 1520 * -ETIMEDOUT timed out waiting for register ready or 1521 * command completion 1522 * >0 command indicated error, Status and Resp0-2 are 1523 * in hw structure. 1524 * 1525 * Side effects: 1526 * 1527 * Call context: 1528 * interrupt (DOWAIT) 1529 * process (DOWAIT) 1530 *---------------------------------------------------------------- 1531 */ 1532static int 1533hfa384x_dowmem(struct hfa384x *hw, 1534 u16 page, 1535 u16 offset, 1536 void *data, 1537 unsigned int len) 1538{ 1539 int result; 1540 struct hfa384x_usbctlx *ctlx; 1541 1542 pr_debug("page=0x%04x offset=0x%04x len=%d\n", page, offset, len); 1543 1544 ctlx = usbctlx_alloc(); 1545 if (!ctlx) { 1546 result = -ENOMEM; 1547 goto done; 1548 } 1549 1550 /* Initialize the command */ 1551 ctlx->outbuf.wmemreq.type = cpu_to_le16(HFA384x_USB_WMEMREQ); 1552 ctlx->outbuf.wmemreq.frmlen = 1553 cpu_to_le16(sizeof(ctlx->outbuf.wmemreq.offset) + 1554 sizeof(ctlx->outbuf.wmemreq.page) + len); 1555 ctlx->outbuf.wmemreq.offset = cpu_to_le16(offset); 1556 ctlx->outbuf.wmemreq.page = cpu_to_le16(page); 1557 memcpy(ctlx->outbuf.wmemreq.data, data, len); 1558 1559 ctlx->outbufsize = sizeof(ctlx->outbuf.wmemreq.type) + 1560 sizeof(ctlx->outbuf.wmemreq.frmlen) + 1561 sizeof(ctlx->outbuf.wmemreq.offset) + 1562 sizeof(ctlx->outbuf.wmemreq.page) + len; 1563 1564 ctlx->reapable = DOWAIT; 1565 ctlx->cmdcb = NULL; 1566 ctlx->usercb = NULL; 1567 ctlx->usercb_data = NULL; 1568 1569 result = hfa384x_usbctlx_submit(hw, ctlx); 1570 if (result != 0) { 1571 kfree(ctlx); 1572 } else { 1573 struct usbctlx_cmd_completor completor; 1574 struct hfa384x_cmdresult wmemresult; 1575 1576 result = hfa384x_usbctlx_complete_sync(hw, 1577 ctlx, 1578 init_wmem_completor 1579 (&completor, 1580 &ctlx->inbuf.wmemresp, 1581 &wmemresult)); 1582 } 1583 1584done: 1585 return result; 1586} 1587 1588/*---------------------------------------------------------------- 1589 * hfa384x_drvr_disable 1590 * 1591 * Issues the disable command to stop communications on one of 1592 * the MACs 'ports'. Only macport 0 is valid for stations. 1593 * APs may also disable macports 1-6. Only ports that have been 1594 * previously enabled may be disabled. 1595 * 1596 * Arguments: 1597 * hw device structure 1598 * macport MAC port number (host order) 1599 * 1600 * Returns: 1601 * 0 success 1602 * >0 f/w reported failure - f/w status code 1603 * <0 driver reported error (timeout|bad arg) 1604 * 1605 * Side effects: 1606 * 1607 * Call context: 1608 * process 1609 *---------------------------------------------------------------- 1610 */ 1611int hfa384x_drvr_disable(struct hfa384x *hw, u16 macport) 1612{ 1613 int result = 0; 1614 1615 if ((!hw->isap && macport != 0) || 1616 (hw->isap && !(macport <= HFA384x_PORTID_MAX)) || 1617 !(hw->port_enabled[macport])) { 1618 result = -EINVAL; 1619 } else { 1620 result = hfa384x_cmd_disable(hw, macport); 1621 if (result == 0) 1622 hw->port_enabled[macport] = 0; 1623 } 1624 return result; 1625} 1626 1627/*---------------------------------------------------------------- 1628 * hfa384x_drvr_enable 1629 * 1630 * Issues the enable command to enable communications on one of 1631 * the MACs 'ports'. Only macport 0 is valid for stations. 1632 * APs may also enable macports 1-6. Only ports that are currently 1633 * disabled may be enabled. 1634 * 1635 * Arguments: 1636 * hw device structure 1637 * macport MAC port number 1638 * 1639 * Returns: 1640 * 0 success 1641 * >0 f/w reported failure - f/w status code 1642 * <0 driver reported error (timeout|bad arg) 1643 * 1644 * Side effects: 1645 * 1646 * Call context: 1647 * process 1648 *---------------------------------------------------------------- 1649 */ 1650int hfa384x_drvr_enable(struct hfa384x *hw, u16 macport) 1651{ 1652 int result = 0; 1653 1654 if ((!hw->isap && macport != 0) || 1655 (hw->isap && !(macport <= HFA384x_PORTID_MAX)) || 1656 (hw->port_enabled[macport])) { 1657 result = -EINVAL; 1658 } else { 1659 result = hfa384x_cmd_enable(hw, macport); 1660 if (result == 0) 1661 hw->port_enabled[macport] = 1; 1662 } 1663 return result; 1664} 1665 1666/*---------------------------------------------------------------- 1667 * hfa384x_drvr_flashdl_enable 1668 * 1669 * Begins the flash download state. Checks to see that we're not 1670 * already in a download state and that a port isn't enabled. 1671 * Sets the download state and retrieves the flash download 1672 * buffer location, buffer size, and timeout length. 1673 * 1674 * Arguments: 1675 * hw device structure 1676 * 1677 * Returns: 1678 * 0 success 1679 * >0 f/w reported error - f/w status code 1680 * <0 driver reported error 1681 * 1682 * Side effects: 1683 * 1684 * Call context: 1685 * process 1686 *---------------------------------------------------------------- 1687 */ 1688int hfa384x_drvr_flashdl_enable(struct hfa384x *hw) 1689{ 1690 int result = 0; 1691 int i; 1692 1693 /* Check that a port isn't active */ 1694 for (i = 0; i < HFA384x_PORTID_MAX; i++) { 1695 if (hw->port_enabled[i]) { 1696 pr_debug("called when port enabled.\n"); 1697 return -EINVAL; 1698 } 1699 } 1700 1701 /* Check that we're not already in a download state */ 1702 if (hw->dlstate != HFA384x_DLSTATE_DISABLED) 1703 return -EINVAL; 1704 1705 /* Retrieve the buffer loc&size and timeout */ 1706 result = hfa384x_drvr_getconfig(hw, HFA384x_RID_DOWNLOADBUFFER, 1707 &hw->bufinfo, sizeof(hw->bufinfo)); 1708 if (result) 1709 return result; 1710 1711 le16_to_cpus(&hw->bufinfo.page); 1712 le16_to_cpus(&hw->bufinfo.offset); 1713 le16_to_cpus(&hw->bufinfo.len); 1714 result = hfa384x_drvr_getconfig16(hw, HFA384x_RID_MAXLOADTIME, 1715 &hw->dltimeout); 1716 if (result) 1717 return result; 1718 1719 le16_to_cpus(&hw->dltimeout); 1720 1721 pr_debug("flashdl_enable\n"); 1722 1723 hw->dlstate = HFA384x_DLSTATE_FLASHENABLED; 1724 1725 return result; 1726} 1727 1728/*---------------------------------------------------------------- 1729 * hfa384x_drvr_flashdl_disable 1730 * 1731 * Ends the flash download state. Note that this will cause the MAC 1732 * firmware to restart. 1733 * 1734 * Arguments: 1735 * hw device structure 1736 * 1737 * Returns: 1738 * 0 success 1739 * >0 f/w reported error - f/w status code 1740 * <0 driver reported error 1741 * 1742 * Side effects: 1743 * 1744 * Call context: 1745 * process 1746 *---------------------------------------------------------------- 1747 */ 1748int hfa384x_drvr_flashdl_disable(struct hfa384x *hw) 1749{ 1750 /* Check that we're already in the download state */ 1751 if (hw->dlstate != HFA384x_DLSTATE_FLASHENABLED) 1752 return -EINVAL; 1753 1754 pr_debug("flashdl_enable\n"); 1755 1756 /* There isn't much we can do at this point, so I don't */ 1757 /* bother w/ the return value */ 1758 hfa384x_cmd_download(hw, HFA384x_PROGMODE_DISABLE, 0, 0, 0); 1759 hw->dlstate = HFA384x_DLSTATE_DISABLED; 1760 1761 return 0; 1762} 1763 1764/*---------------------------------------------------------------- 1765 * hfa384x_drvr_flashdl_write 1766 * 1767 * Performs a FLASH download of a chunk of data. First checks to see 1768 * that we're in the FLASH download state, then sets the download 1769 * mode, uses the aux functions to 1) copy the data to the flash 1770 * buffer, 2) sets the download 'write flash' mode, 3) readback and 1771 * compare. Lather rinse, repeat as many times an necessary to get 1772 * all the given data into flash. 1773 * When all data has been written using this function (possibly 1774 * repeatedly), call drvr_flashdl_disable() to end the download state 1775 * and restart the MAC. 1776 * 1777 * Arguments: 1778 * hw device structure 1779 * daddr Card address to write to. (host order) 1780 * buf Ptr to data to write. 1781 * len Length of data (host order). 1782 * 1783 * Returns: 1784 * 0 success 1785 * >0 f/w reported error - f/w status code 1786 * <0 driver reported error 1787 * 1788 * Side effects: 1789 * 1790 * Call context: 1791 * process 1792 *---------------------------------------------------------------- 1793 */ 1794int hfa384x_drvr_flashdl_write(struct hfa384x *hw, u32 daddr, 1795 void *buf, u32 len) 1796{ 1797 int result = 0; 1798 u32 dlbufaddr; 1799 int nburns; 1800 u32 burnlen; 1801 u32 burndaddr; 1802 u16 burnlo; 1803 u16 burnhi; 1804 int nwrites; 1805 u8 *writebuf; 1806 u16 writepage; 1807 u16 writeoffset; 1808 u32 writelen; 1809 int i; 1810 int j; 1811 1812 pr_debug("daddr=0x%08x len=%d\n", daddr, len); 1813 1814 /* Check that we're in the flash download state */ 1815 if (hw->dlstate != HFA384x_DLSTATE_FLASHENABLED) 1816 return -EINVAL; 1817 1818 netdev_info(hw->wlandev->netdev, 1819 "Download %d bytes to flash @0x%06x\n", len, daddr); 1820 1821 /* Convert to flat address for arithmetic */ 1822 /* NOTE: dlbuffer RID stores the address in AUX format */ 1823 dlbufaddr = 1824 HFA384x_ADDR_AUX_MKFLAT(hw->bufinfo.page, hw->bufinfo.offset); 1825 pr_debug("dlbuf.page=0x%04x dlbuf.offset=0x%04x dlbufaddr=0x%08x\n", 1826 hw->bufinfo.page, hw->bufinfo.offset, dlbufaddr); 1827 /* Calculations to determine how many fills of the dlbuffer to do 1828 * and how many USB wmemreq's to do for each fill. At this point 1829 * in time, the dlbuffer size and the wmemreq size are the same. 1830 * Therefore, nwrites should always be 1. The extra complexity 1831 * here is a hedge against future changes. 1832 */ 1833 1834 /* Figure out how many times to do the flash programming */ 1835 nburns = len / hw->bufinfo.len; 1836 nburns += (len % hw->bufinfo.len) ? 1 : 0; 1837 1838 /* For each flash program cycle, how many USB wmemreq's are needed? */ 1839 nwrites = hw->bufinfo.len / HFA384x_USB_RWMEM_MAXLEN; 1840 nwrites += (hw->bufinfo.len % HFA384x_USB_RWMEM_MAXLEN) ? 1 : 0; 1841 1842 /* For each burn */ 1843 for (i = 0; i < nburns; i++) { 1844 /* Get the dest address and len */ 1845 burnlen = (len - (hw->bufinfo.len * i)) > hw->bufinfo.len ? 1846 hw->bufinfo.len : (len - (hw->bufinfo.len * i)); 1847 burndaddr = daddr + (hw->bufinfo.len * i); 1848 burnlo = HFA384x_ADDR_CMD_MKOFF(burndaddr); 1849 burnhi = HFA384x_ADDR_CMD_MKPAGE(burndaddr); 1850 1851 netdev_info(hw->wlandev->netdev, "Writing %d bytes to flash @0x%06x\n", 1852 burnlen, burndaddr); 1853 1854 /* Set the download mode */ 1855 result = hfa384x_cmd_download(hw, HFA384x_PROGMODE_NV, 1856 burnlo, burnhi, burnlen); 1857 if (result) { 1858 netdev_err(hw->wlandev->netdev, 1859 "download(NV,lo=%x,hi=%x,len=%x) cmd failed, result=%d. Aborting d/l\n", 1860 burnlo, burnhi, burnlen, result); 1861 goto exit_proc; 1862 } 1863 1864 /* copy the data to the flash download buffer */ 1865 for (j = 0; j < nwrites; j++) { 1866 writebuf = buf + 1867 (i * hw->bufinfo.len) + 1868 (j * HFA384x_USB_RWMEM_MAXLEN); 1869 1870 writepage = HFA384x_ADDR_CMD_MKPAGE(dlbufaddr + 1871 (j * HFA384x_USB_RWMEM_MAXLEN)); 1872 writeoffset = HFA384x_ADDR_CMD_MKOFF(dlbufaddr + 1873 (j * HFA384x_USB_RWMEM_MAXLEN)); 1874 1875 writelen = burnlen - (j * HFA384x_USB_RWMEM_MAXLEN); 1876 writelen = writelen > HFA384x_USB_RWMEM_MAXLEN ? 1877 HFA384x_USB_RWMEM_MAXLEN : writelen; 1878 1879 result = hfa384x_dowmem(hw, 1880 writepage, 1881 writeoffset, 1882 writebuf, writelen); 1883 } 1884 1885 /* set the download 'write flash' mode */ 1886 result = hfa384x_cmd_download(hw, 1887 HFA384x_PROGMODE_NVWRITE, 1888 0, 0, 0); 1889 if (result) { 1890 netdev_err(hw->wlandev->netdev, 1891 "download(NVWRITE,lo=%x,hi=%x,len=%x) cmd failed, result=%d. Aborting d/l\n", 1892 burnlo, burnhi, burnlen, result); 1893 goto exit_proc; 1894 } 1895 1896 /* TODO: We really should do a readback and compare. */ 1897 } 1898 1899exit_proc: 1900 1901 /* Leave the firmware in the 'post-prog' mode. flashdl_disable will */ 1902 /* actually disable programming mode. Remember, that will cause the */ 1903 /* the firmware to effectively reset itself. */ 1904 1905 return result; 1906} 1907 1908/*---------------------------------------------------------------- 1909 * hfa384x_drvr_getconfig 1910 * 1911 * Performs the sequence necessary to read a config/info item. 1912 * 1913 * Arguments: 1914 * hw device structure 1915 * rid config/info record id (host order) 1916 * buf host side record buffer. Upon return it will 1917 * contain the body portion of the record (minus the 1918 * RID and len). 1919 * len buffer length (in bytes, should match record length) 1920 * 1921 * Returns: 1922 * 0 success 1923 * >0 f/w reported error - f/w status code 1924 * <0 driver reported error 1925 * -ENODATA length mismatch between argument and retrieved 1926 * record. 1927 * 1928 * Side effects: 1929 * 1930 * Call context: 1931 * process 1932 *---------------------------------------------------------------- 1933 */ 1934int hfa384x_drvr_getconfig(struct hfa384x *hw, u16 rid, void *buf, u16 len) 1935{ 1936 return hfa384x_dorrid(hw, DOWAIT, rid, buf, len, NULL, NULL, NULL); 1937} 1938 1939/*---------------------------------------------------------------- 1940 * hfa384x_drvr_setconfig_async 1941 * 1942 * Performs the sequence necessary to write a config/info item. 1943 * 1944 * Arguments: 1945 * hw device structure 1946 * rid config/info record id (in host order) 1947 * buf host side record buffer 1948 * len buffer length (in bytes) 1949 * usercb completion callback 1950 * usercb_data completion callback argument 1951 * 1952 * Returns: 1953 * 0 success 1954 * >0 f/w reported error - f/w status code 1955 * <0 driver reported error 1956 * 1957 * Side effects: 1958 * 1959 * Call context: 1960 * process 1961 *---------------------------------------------------------------- 1962 */ 1963int 1964hfa384x_drvr_setconfig_async(struct hfa384x *hw, 1965 u16 rid, 1966 void *buf, 1967 u16 len, ctlx_usercb_t usercb, void *usercb_data) 1968{ 1969 return hfa384x_dowrid(hw, DOASYNC, rid, buf, len, hfa384x_cb_status, 1970 usercb, usercb_data); 1971} 1972 1973/*---------------------------------------------------------------- 1974 * hfa384x_drvr_ramdl_disable 1975 * 1976 * Ends the ram download state. 1977 * 1978 * Arguments: 1979 * hw device structure 1980 * 1981 * Returns: 1982 * 0 success 1983 * >0 f/w reported error - f/w status code 1984 * <0 driver reported error 1985 * 1986 * Side effects: 1987 * 1988 * Call context: 1989 * process 1990 *---------------------------------------------------------------- 1991 */ 1992int hfa384x_drvr_ramdl_disable(struct hfa384x *hw) 1993{ 1994 /* Check that we're already in the download state */ 1995 if (hw->dlstate != HFA384x_DLSTATE_RAMENABLED) 1996 return -EINVAL; 1997 1998 pr_debug("ramdl_disable()\n"); 1999 2000 /* There isn't much we can do at this point, so I don't */ 2001 /* bother w/ the return value */ 2002 hfa384x_cmd_download(hw, HFA384x_PROGMODE_DISABLE, 0, 0, 0); 2003 hw->dlstate = HFA384x_DLSTATE_DISABLED; 2004 2005 return 0; 2006} 2007 2008/*---------------------------------------------------------------- 2009 * hfa384x_drvr_ramdl_enable 2010 * 2011 * Begins the ram download state. Checks to see that we're not 2012 * already in a download state and that a port isn't enabled. 2013 * Sets the download state and calls cmd_download with the 2014 * ENABLE_VOLATILE subcommand and the exeaddr argument. 2015 * 2016 * Arguments: 2017 * hw device structure 2018 * exeaddr the card execution address that will be 2019 * jumped to when ramdl_disable() is called 2020 * (host order). 2021 * 2022 * Returns: 2023 * 0 success 2024 * >0 f/w reported error - f/w status code 2025 * <0 driver reported error 2026 * 2027 * Side effects: 2028 * 2029 * Call context: 2030 * process 2031 *---------------------------------------------------------------- 2032 */ 2033int hfa384x_drvr_ramdl_enable(struct hfa384x *hw, u32 exeaddr) 2034{ 2035 int result = 0; 2036 u16 lowaddr; 2037 u16 hiaddr; 2038 int i; 2039 2040 /* Check that a port isn't active */ 2041 for (i = 0; i < HFA384x_PORTID_MAX; i++) { 2042 if (hw->port_enabled[i]) { 2043 netdev_err(hw->wlandev->netdev, 2044 "Can't download with a macport enabled.\n"); 2045 return -EINVAL; 2046 } 2047 } 2048 2049 /* Check that we're not already in a download state */ 2050 if (hw->dlstate != HFA384x_DLSTATE_DISABLED) { 2051 netdev_err(hw->wlandev->netdev, 2052 "Download state not disabled.\n"); 2053 return -EINVAL; 2054 } 2055 2056 pr_debug("ramdl_enable, exeaddr=0x%08x\n", exeaddr); 2057 2058 /* Call the download(1,addr) function */ 2059 lowaddr = HFA384x_ADDR_CMD_MKOFF(exeaddr); 2060 hiaddr = HFA384x_ADDR_CMD_MKPAGE(exeaddr); 2061 2062 result = hfa384x_cmd_download(hw, HFA384x_PROGMODE_RAM, 2063 lowaddr, hiaddr, 0); 2064 2065 if (result == 0) { 2066 /* Set the download state */ 2067 hw->dlstate = HFA384x_DLSTATE_RAMENABLED; 2068 } else { 2069 pr_debug("cmd_download(0x%04x, 0x%04x) failed, result=%d.\n", 2070 lowaddr, hiaddr, result); 2071 } 2072 2073 return result; 2074} 2075 2076/*---------------------------------------------------------------- 2077 * hfa384x_drvr_ramdl_write 2078 * 2079 * Performs a RAM download of a chunk of data. First checks to see 2080 * that we're in the RAM download state, then uses the [read|write]mem USB 2081 * commands to 1) copy the data, 2) readback and compare. The download 2082 * state is unaffected. When all data has been written using 2083 * this function, call drvr_ramdl_disable() to end the download state 2084 * and restart the MAC. 2085 * 2086 * Arguments: 2087 * hw device structure 2088 * daddr Card address to write to. (host order) 2089 * buf Ptr to data to write. 2090 * len Length of data (host order). 2091 * 2092 * Returns: 2093 * 0 success 2094 * >0 f/w reported error - f/w status code 2095 * <0 driver reported error 2096 * 2097 * Side effects: 2098 * 2099 * Call context: 2100 * process 2101 *---------------------------------------------------------------- 2102 */ 2103int hfa384x_drvr_ramdl_write(struct hfa384x *hw, u32 daddr, void *buf, u32 len) 2104{ 2105 int result = 0; 2106 int nwrites; 2107 u8 *data = buf; 2108 int i; 2109 u32 curraddr; 2110 u16 currpage; 2111 u16 curroffset; 2112 u16 currlen; 2113 2114 /* Check that we're in the ram download state */ 2115 if (hw->dlstate != HFA384x_DLSTATE_RAMENABLED) 2116 return -EINVAL; 2117 2118 netdev_info(hw->wlandev->netdev, "Writing %d bytes to ram @0x%06x\n", 2119 len, daddr); 2120 2121 /* How many dowmem calls? */ 2122 nwrites = len / HFA384x_USB_RWMEM_MAXLEN; 2123 nwrites += len % HFA384x_USB_RWMEM_MAXLEN ? 1 : 0; 2124 2125 /* Do blocking wmem's */ 2126 for (i = 0; i < nwrites; i++) { 2127 /* make address args */ 2128 curraddr = daddr + (i * HFA384x_USB_RWMEM_MAXLEN); 2129 currpage = HFA384x_ADDR_CMD_MKPAGE(curraddr); 2130 curroffset = HFA384x_ADDR_CMD_MKOFF(curraddr); 2131 currlen = len - (i * HFA384x_USB_RWMEM_MAXLEN); 2132 if (currlen > HFA384x_USB_RWMEM_MAXLEN) 2133 currlen = HFA384x_USB_RWMEM_MAXLEN; 2134 2135 /* Do blocking ctlx */ 2136 result = hfa384x_dowmem(hw, 2137 currpage, 2138 curroffset, 2139 data + (i * HFA384x_USB_RWMEM_MAXLEN), 2140 currlen); 2141 2142 if (result) 2143 break; 2144 2145 /* TODO: We really should have a readback. */ 2146 } 2147 2148 return result; 2149} 2150 2151/*---------------------------------------------------------------- 2152 * hfa384x_drvr_readpda 2153 * 2154 * Performs the sequence to read the PDA space. Note there is no 2155 * drvr_writepda() function. Writing a PDA is 2156 * generally implemented by a calling component via calls to 2157 * cmd_download and writing to the flash download buffer via the 2158 * aux regs. 2159 * 2160 * Arguments: 2161 * hw device structure 2162 * buf buffer to store PDA in 2163 * len buffer length 2164 * 2165 * Returns: 2166 * 0 success 2167 * >0 f/w reported error - f/w status code 2168 * <0 driver reported error 2169 * -ETIMEDOUT timeout waiting for the cmd regs to become 2170 * available, or waiting for the control reg 2171 * to indicate the Aux port is enabled. 2172 * -ENODATA the buffer does NOT contain a valid PDA. 2173 * Either the card PDA is bad, or the auxdata 2174 * reads are giving us garbage. 2175 * 2176 * 2177 * Side effects: 2178 * 2179 * Call context: 2180 * process or non-card interrupt. 2181 *---------------------------------------------------------------- 2182 */ 2183int hfa384x_drvr_readpda(struct hfa384x *hw, void *buf, unsigned int len) 2184{ 2185 int result = 0; 2186 __le16 *pda = buf; 2187 int pdaok = 0; 2188 int morepdrs = 1; 2189 int currpdr = 0; /* word offset of the current pdr */ 2190 size_t i; 2191 u16 pdrlen; /* pdr length in bytes, host order */ 2192 u16 pdrcode; /* pdr code, host order */ 2193 u16 currpage; 2194 u16 curroffset; 2195 struct pdaloc { 2196 u32 cardaddr; 2197 u16 auxctl; 2198 } pdaloc[] = { 2199 { 2200 HFA3842_PDA_BASE, 0}, { 2201 HFA3841_PDA_BASE, 0}, { 2202 HFA3841_PDA_BOGUS_BASE, 0} 2203 }; 2204 2205 /* Read the pda from each known address. */ 2206 for (i = 0; i < ARRAY_SIZE(pdaloc); i++) { 2207 /* Make address */ 2208 currpage = HFA384x_ADDR_CMD_MKPAGE(pdaloc[i].cardaddr); 2209 curroffset = HFA384x_ADDR_CMD_MKOFF(pdaloc[i].cardaddr); 2210 2211 /* units of bytes */ 2212 result = hfa384x_dormem(hw, currpage, curroffset, buf, 2213 len); 2214 2215 if (result) { 2216 netdev_warn(hw->wlandev->netdev, 2217 "Read from index %zd failed, continuing\n", 2218 i); 2219 continue; 2220 } 2221 2222 /* Test for garbage */ 2223 pdaok = 1; /* initially assume good */ 2224 morepdrs = 1; 2225 while (pdaok && morepdrs) { 2226 pdrlen = le16_to_cpu(pda[currpdr]) * 2; 2227 pdrcode = le16_to_cpu(pda[currpdr + 1]); 2228 /* Test the record length */ 2229 if (pdrlen > HFA384x_PDR_LEN_MAX || pdrlen == 0) { 2230 netdev_err(hw->wlandev->netdev, 2231 "pdrlen invalid=%d\n", pdrlen); 2232 pdaok = 0; 2233 break; 2234 } 2235 /* Test the code */ 2236 if (!hfa384x_isgood_pdrcode(pdrcode)) { 2237 netdev_err(hw->wlandev->netdev, "pdrcode invalid=%d\n", 2238 pdrcode); 2239 pdaok = 0; 2240 break; 2241 } 2242 /* Test for completion */ 2243 if (pdrcode == HFA384x_PDR_END_OF_PDA) 2244 morepdrs = 0; 2245 2246 /* Move to the next pdr (if necessary) */ 2247 if (morepdrs) { 2248 /* note the access to pda[], need words here */ 2249 currpdr += le16_to_cpu(pda[currpdr]) + 1; 2250 } 2251 } 2252 if (pdaok) { 2253 netdev_info(hw->wlandev->netdev, 2254 "PDA Read from 0x%08x in %s space.\n", 2255 pdaloc[i].cardaddr, 2256 pdaloc[i].auxctl == 0 ? "EXTDS" : 2257 pdaloc[i].auxctl == 1 ? "NV" : 2258 pdaloc[i].auxctl == 2 ? "PHY" : 2259 pdaloc[i].auxctl == 3 ? "ICSRAM" : 2260 "<bogus auxctl>"); 2261 break; 2262 } 2263 } 2264 result = pdaok ? 0 : -ENODATA; 2265 2266 if (result) 2267 pr_debug("Failure: pda is not okay\n"); 2268 2269 return result; 2270} 2271 2272/*---------------------------------------------------------------- 2273 * hfa384x_drvr_setconfig 2274 * 2275 * Performs the sequence necessary to write a config/info item. 2276 * 2277 * Arguments: 2278 * hw device structure 2279 * rid config/info record id (in host order) 2280 * buf host side record buffer 2281 * len buffer length (in bytes) 2282 * 2283 * Returns: 2284 * 0 success 2285 * >0 f/w reported error - f/w status code 2286 * <0 driver reported error 2287 * 2288 * Side effects: 2289 * 2290 * Call context: 2291 * process 2292 *---------------------------------------------------------------- 2293 */ 2294int hfa384x_drvr_setconfig(struct hfa384x *hw, u16 rid, void *buf, u16 len) 2295{ 2296 return hfa384x_dowrid(hw, DOWAIT, rid, buf, len, NULL, NULL, NULL); 2297} 2298 2299/*---------------------------------------------------------------- 2300 * hfa384x_drvr_start 2301 * 2302 * Issues the MAC initialize command, sets up some data structures, 2303 * and enables the interrupts. After this function completes, the 2304 * low-level stuff should be ready for any/all commands. 2305 * 2306 * Arguments: 2307 * hw device structure 2308 * Returns: 2309 * 0 success 2310 * >0 f/w reported error - f/w status code 2311 * <0 driver reported error 2312 * 2313 * Side effects: 2314 * 2315 * Call context: 2316 * process 2317 *---------------------------------------------------------------- 2318 */ 2319int hfa384x_drvr_start(struct hfa384x *hw) 2320{ 2321 int result, result1, result2; 2322 u16 status; 2323 2324 might_sleep(); 2325 2326 /* Clear endpoint stalls - but only do this if the endpoint 2327 * is showing a stall status. Some prism2 cards seem to behave 2328 * badly if a clear_halt is called when the endpoint is already 2329 * ok 2330 */ 2331 result = 2332 usb_get_std_status(hw->usb, USB_RECIP_ENDPOINT, hw->endp_in, 2333 &status); 2334 if (result < 0) { 2335 netdev_err(hw->wlandev->netdev, "Cannot get bulk in endpoint status.\n"); 2336 goto done; 2337 } 2338 if ((status == 1) && usb_clear_halt(hw->usb, hw->endp_in)) 2339 netdev_err(hw->wlandev->netdev, "Failed to reset bulk in endpoint.\n"); 2340 2341 result = 2342 usb_get_std_status(hw->usb, USB_RECIP_ENDPOINT, hw->endp_out, 2343 &status); 2344 if (result < 0) { 2345 netdev_err(hw->wlandev->netdev, "Cannot get bulk out endpoint status.\n"); 2346 goto done; 2347 } 2348 if ((status == 1) && usb_clear_halt(hw->usb, hw->endp_out)) 2349 netdev_err(hw->wlandev->netdev, "Failed to reset bulk out endpoint.\n"); 2350 2351 /* Synchronous unlink, in case we're trying to restart the driver */ 2352 usb_kill_urb(&hw->rx_urb); 2353 2354 /* Post the IN urb */ 2355 result = submit_rx_urb(hw, GFP_KERNEL); 2356 if (result != 0) { 2357 netdev_err(hw->wlandev->netdev, 2358 "Fatal, failed to submit RX URB, result=%d\n", 2359 result); 2360 goto done; 2361 } 2362 2363 /* Call initialize twice, with a 1 second sleep in between. 2364 * This is a nasty work-around since many prism2 cards seem to 2365 * need time to settle after an init from cold. The second 2366 * call to initialize in theory is not necessary - but we call 2367 * it anyway as a double insurance policy: 2368 * 1) If the first init should fail, the second may well succeed 2369 * and the card can still be used 2370 * 2) It helps ensures all is well with the card after the first 2371 * init and settle time. 2372 */ 2373 result1 = hfa384x_cmd_initialize(hw); 2374 msleep(1000); 2375 result = hfa384x_cmd_initialize(hw); 2376 result2 = result; 2377 if (result1 != 0) { 2378 if (result2 != 0) { 2379 netdev_err(hw->wlandev->netdev, 2380 "cmd_initialize() failed on two attempts, results %d and %d\n", 2381 result1, result2); 2382 usb_kill_urb(&hw->rx_urb); 2383 goto done; 2384 } else { 2385 pr_debug("First cmd_initialize() failed (result %d),\n", 2386 result1); 2387 pr_debug("but second attempt succeeded. All should be ok\n"); 2388 } 2389 } else if (result2 != 0) { 2390 netdev_warn(hw->wlandev->netdev, "First cmd_initialize() succeeded, but second attempt failed (result=%d)\n", 2391 result2); 2392 netdev_warn(hw->wlandev->netdev, 2393 "Most likely the card will be functional\n"); 2394 goto done; 2395 } 2396 2397 hw->state = HFA384x_STATE_RUNNING; 2398 2399done: 2400 return result; 2401} 2402 2403/*---------------------------------------------------------------- 2404 * hfa384x_drvr_stop 2405 * 2406 * Shuts down the MAC to the point where it is safe to unload the 2407 * driver. Any subsystem that may be holding a data or function 2408 * ptr into the driver must be cleared/deinitialized. 2409 * 2410 * Arguments: 2411 * hw device structure 2412 * Returns: 2413 * 0 success 2414 * >0 f/w reported error - f/w status code 2415 * <0 driver reported error 2416 * 2417 * Side effects: 2418 * 2419 * Call context: 2420 * process 2421 *---------------------------------------------------------------- 2422 */ 2423int hfa384x_drvr_stop(struct hfa384x *hw) 2424{ 2425 int i; 2426 2427 might_sleep(); 2428 2429 /* There's no need for spinlocks here. The USB "disconnect" 2430 * function sets this "removed" flag and then calls us. 2431 */ 2432 if (!hw->wlandev->hwremoved) { 2433 /* Call initialize to leave the MAC in its 'reset' state */ 2434 hfa384x_cmd_initialize(hw); 2435 2436 /* Cancel the rxurb */ 2437 usb_kill_urb(&hw->rx_urb); 2438 } 2439 2440 hw->link_status = HFA384x_LINK_NOTCONNECTED; 2441 hw->state = HFA384x_STATE_INIT; 2442 2443 del_timer_sync(&hw->commsqual_timer); 2444 2445 /* Clear all the port status */ 2446 for (i = 0; i < HFA384x_NUMPORTS_MAX; i++) 2447 hw->port_enabled[i] = 0; 2448 2449 return 0; 2450} 2451 2452/*---------------------------------------------------------------- 2453 * hfa384x_drvr_txframe 2454 * 2455 * Takes a frame from prism2sta and queues it for transmission. 2456 * 2457 * Arguments: 2458 * hw device structure 2459 * skb packet buffer struct. Contains an 802.11 2460 * data frame. 2461 * p80211_hdr points to the 802.11 header for the packet. 2462 * Returns: 2463 * 0 Success and more buffs available 2464 * 1 Success but no more buffs 2465 * 2 Allocation failure 2466 * 4 Buffer full or queue busy 2467 * 2468 * Side effects: 2469 * 2470 * Call context: 2471 * interrupt 2472 *---------------------------------------------------------------- 2473 */ 2474int hfa384x_drvr_txframe(struct hfa384x *hw, struct sk_buff *skb, 2475 struct p80211_hdr *p80211_hdr, 2476 struct p80211_metawep *p80211_wep) 2477{ 2478 int usbpktlen = sizeof(struct hfa384x_tx_frame); 2479 int result; 2480 int ret; 2481 char *ptr; 2482 2483 if (hw->tx_urb.status == -EINPROGRESS) { 2484 netdev_warn(hw->wlandev->netdev, "TX URB already in use\n"); 2485 result = 3; 2486 goto exit; 2487 } 2488 2489 /* Build Tx frame structure */ 2490 /* Set up the control field */ 2491 memset(&hw->txbuff.txfrm.desc, 0, sizeof(hw->txbuff.txfrm.desc)); 2492 2493 /* Setup the usb type field */ 2494 hw->txbuff.type = cpu_to_le16(HFA384x_USB_TXFRM); 2495 2496 /* Set up the sw_support field to identify this frame */ 2497 hw->txbuff.txfrm.desc.sw_support = 0x0123; 2498 2499/* Tx complete and Tx exception disable per dleach. Might be causing 2500 * buf depletion 2501 */ 2502/* #define DOEXC SLP -- doboth breaks horribly under load, doexc less so. */ 2503#if defined(DOBOTH) 2504 hw->txbuff.txfrm.desc.tx_control = 2505 HFA384x_TX_MACPORT_SET(0) | HFA384x_TX_STRUCTYPE_SET(1) | 2506 HFA384x_TX_TXEX_SET(1) | HFA384x_TX_TXOK_SET(1); 2507#elif defined(DOEXC) 2508 hw->txbuff.txfrm.desc.tx_control = 2509 HFA384x_TX_MACPORT_SET(0) | HFA384x_TX_STRUCTYPE_SET(1) | 2510 HFA384x_TX_TXEX_SET(1) | HFA384x_TX_TXOK_SET(0); 2511#else 2512 hw->txbuff.txfrm.desc.tx_control = 2513 HFA384x_TX_MACPORT_SET(0) | HFA384x_TX_STRUCTYPE_SET(1) | 2514 HFA384x_TX_TXEX_SET(0) | HFA384x_TX_TXOK_SET(0); 2515#endif 2516 cpu_to_le16s(&hw->txbuff.txfrm.desc.tx_control); 2517 2518 /* copy the header over to the txdesc */ 2519 hw->txbuff.txfrm.desc.hdr = *p80211_hdr; 2520 2521 /* if we're using host WEP, increase size by IV+ICV */ 2522 if (p80211_wep->data) { 2523 hw->txbuff.txfrm.desc.data_len = cpu_to_le16(skb->len + 8); 2524 usbpktlen += 8; 2525 } else { 2526 hw->txbuff.txfrm.desc.data_len = cpu_to_le16(skb->len); 2527 } 2528 2529 usbpktlen += skb->len; 2530 2531 /* copy over the WEP IV if we are using host WEP */ 2532 ptr = hw->txbuff.txfrm.data; 2533 if (p80211_wep->data) { 2534 memcpy(ptr, p80211_wep->iv, sizeof(p80211_wep->iv)); 2535 ptr += sizeof(p80211_wep->iv); 2536 memcpy(ptr, p80211_wep->data, skb->len); 2537 } else { 2538 memcpy(ptr, skb->data, skb->len); 2539 } 2540 /* copy over the packet data */ 2541 ptr += skb->len; 2542 2543 /* copy over the WEP ICV if we are using host WEP */ 2544 if (p80211_wep->data) 2545 memcpy(ptr, p80211_wep->icv, sizeof(p80211_wep->icv)); 2546 2547 /* Send the USB packet */ 2548 usb_fill_bulk_urb(&hw->tx_urb, hw->usb, 2549 hw->endp_out, 2550 &hw->txbuff, ROUNDUP64(usbpktlen), 2551 hfa384x_usbout_callback, hw->wlandev); 2552 hw->tx_urb.transfer_flags |= USB_QUEUE_BULK; 2553 2554 result = 1; 2555 ret = submit_tx_urb(hw, &hw->tx_urb, GFP_ATOMIC); 2556 if (ret != 0) { 2557 netdev_err(hw->wlandev->netdev, 2558 "submit_tx_urb() failed, error=%d\n", ret); 2559 result = 3; 2560 } 2561 2562exit: 2563 return result; 2564} 2565 2566void hfa384x_tx_timeout(struct wlandevice *wlandev) 2567{ 2568 struct hfa384x *hw = wlandev->priv; 2569 unsigned long flags; 2570 2571 spin_lock_irqsave(&hw->ctlxq.lock, flags); 2572 2573 if (!hw->wlandev->hwremoved) { 2574 int sched; 2575 2576 sched = !test_and_set_bit(WORK_TX_HALT, &hw->usb_flags); 2577 sched |= !test_and_set_bit(WORK_RX_HALT, &hw->usb_flags); 2578 if (sched) 2579 schedule_work(&hw->usb_work); 2580 } 2581 2582 spin_unlock_irqrestore(&hw->ctlxq.lock, flags); 2583} 2584 2585/*---------------------------------------------------------------- 2586 * hfa384x_usbctlx_reaper_task 2587 * 2588 * Deferred work callback to delete dead CTLX objects 2589 * 2590 * Arguments: 2591 * work contains ptr to a struct hfa384x 2592 * 2593 * Returns: 2594 * 2595 * Call context: 2596 * Task 2597 *---------------------------------------------------------------- 2598 */ 2599static void hfa384x_usbctlx_reaper_task(struct work_struct *work) 2600{ 2601 struct hfa384x *hw = container_of(work, struct hfa384x, reaper_bh); 2602 struct hfa384x_usbctlx *ctlx, *temp; 2603 unsigned long flags; 2604 2605 spin_lock_irqsave(&hw->ctlxq.lock, flags); 2606 2607 /* This list is guaranteed to be empty if someone 2608 * has unplugged the adapter. 2609 */ 2610 list_for_each_entry_safe(ctlx, temp, &hw->ctlxq.reapable, list) { 2611 list_del(&ctlx->list); 2612 kfree(ctlx); 2613 } 2614 2615 spin_unlock_irqrestore(&hw->ctlxq.lock, flags); 2616} 2617 2618/*---------------------------------------------------------------- 2619 * hfa384x_usbctlx_completion_task 2620 * 2621 * Deferred work callback to call completion handlers for returned CTLXs 2622 * 2623 * Arguments: 2624 * work contains ptr to a struct hfa384x 2625 * 2626 * Returns: 2627 * Nothing 2628 * 2629 * Call context: 2630 * Task 2631 *---------------------------------------------------------------- 2632 */ 2633static void hfa384x_usbctlx_completion_task(struct work_struct *work) 2634{ 2635 struct hfa384x *hw = container_of(work, struct hfa384x, completion_bh); 2636 struct hfa384x_usbctlx *ctlx, *temp; 2637 unsigned long flags; 2638 2639 int reap = 0; 2640 2641 spin_lock_irqsave(&hw->ctlxq.lock, flags); 2642 2643 /* This list is guaranteed to be empty if someone 2644 * has unplugged the adapter ... 2645 */ 2646 list_for_each_entry_safe(ctlx, temp, &hw->ctlxq.completing, list) { 2647 /* Call the completion function that this 2648 * command was assigned, assuming it has one. 2649 */ 2650 if (ctlx->cmdcb) { 2651 spin_unlock_irqrestore(&hw->ctlxq.lock, flags); 2652 ctlx->cmdcb(hw, ctlx); 2653 spin_lock_irqsave(&hw->ctlxq.lock, flags); 2654 2655 /* Make sure we don't try and complete 2656 * this CTLX more than once! 2657 */ 2658 ctlx->cmdcb = NULL; 2659 2660 /* Did someone yank the adapter out 2661 * while our list was (briefly) unlocked? 2662 */ 2663 if (hw->wlandev->hwremoved) { 2664 reap = 0; 2665 break; 2666 } 2667 } 2668 2669 /* 2670 * "Reapable" CTLXs are ones which don't have any 2671 * threads waiting for them to die. Hence they must 2672 * be delivered to The Reaper! 2673 */ 2674 if (ctlx->reapable) { 2675 /* Move the CTLX off the "completing" list (hopefully) 2676 * on to the "reapable" list where the reaper task 2677 * can find it. And "reapable" means that this CTLX 2678 * isn't sitting on a wait-queue somewhere. 2679 */ 2680 list_move_tail(&ctlx->list, &hw->ctlxq.reapable); 2681 reap = 1; 2682 } 2683 2684 complete(&ctlx->done); 2685 } 2686 spin_unlock_irqrestore(&hw->ctlxq.lock, flags); 2687 2688 if (reap) 2689 schedule_work(&hw->reaper_bh); 2690} 2691 2692/*---------------------------------------------------------------- 2693 * unlocked_usbctlx_cancel_async 2694 * 2695 * Mark the CTLX dead asynchronously, and ensure that the 2696 * next command on the queue is run afterwards. 2697 * 2698 * Arguments: 2699 * hw ptr to the struct hfa384x structure 2700 * ctlx ptr to a CTLX structure 2701 * 2702 * Returns: 2703 * 0 the CTLX's URB is inactive 2704 * -EINPROGRESS the URB is currently being unlinked 2705 * 2706 * Call context: 2707 * Either process or interrupt, but presumably interrupt 2708 *---------------------------------------------------------------- 2709 */ 2710static int unlocked_usbctlx_cancel_async(struct hfa384x *hw, 2711 struct hfa384x_usbctlx *ctlx) 2712{ 2713 int ret; 2714 2715 /* 2716 * Try to delete the URB containing our request packet. 2717 * If we succeed, then its completion handler will be 2718 * called with a status of -ECONNRESET. 2719 */ 2720 hw->ctlx_urb.transfer_flags |= URB_ASYNC_UNLINK; 2721 ret = usb_unlink_urb(&hw->ctlx_urb); 2722 2723 if (ret != -EINPROGRESS) { 2724 /* 2725 * The OUT URB had either already completed 2726 * or was still in the pending queue, so the 2727 * URB's completion function will not be called. 2728 * We will have to complete the CTLX ourselves. 2729 */ 2730 ctlx->state = CTLX_REQ_FAILED; 2731 unlocked_usbctlx_complete(hw, ctlx); 2732 ret = 0; 2733 } 2734 2735 return ret; 2736} 2737 2738/*---------------------------------------------------------------- 2739 * unlocked_usbctlx_complete 2740 * 2741 * A CTLX has completed. It may have been successful, it may not 2742 * have been. At this point, the CTLX should be quiescent. The URBs 2743 * aren't active and the timers should have been stopped. 2744 * 2745 * The CTLX is migrated to the "completing" queue, and the completing 2746 * work is scheduled. 2747 * 2748 * Arguments: 2749 * hw ptr to a struct hfa384x structure 2750 * ctlx ptr to a ctlx structure 2751 * 2752 * Returns: 2753 * nothing 2754 * 2755 * Side effects: 2756 * 2757 * Call context: 2758 * Either, assume interrupt 2759 *---------------------------------------------------------------- 2760 */ 2761static void unlocked_usbctlx_complete(struct hfa384x *hw, 2762 struct hfa384x_usbctlx *ctlx) 2763{ 2764 /* Timers have been stopped, and ctlx should be in 2765 * a terminal state. Retire it from the "active" 2766 * queue. 2767 */ 2768 list_move_tail(&ctlx->list, &hw->ctlxq.completing); 2769 schedule_work(&hw->completion_bh); 2770 2771 switch (ctlx->state) { 2772 case CTLX_COMPLETE: 2773 case CTLX_REQ_FAILED: 2774 /* This are the correct terminating states. */ 2775 break; 2776 2777 default: 2778 netdev_err(hw->wlandev->netdev, "CTLX[%d] not in a terminating state(%s)\n", 2779 le16_to_cpu(ctlx->outbuf.type), 2780 ctlxstr(ctlx->state)); 2781 break; 2782 } /* switch */ 2783} 2784 2785/*---------------------------------------------------------------- 2786 * hfa384x_usbctlxq_run 2787 * 2788 * Checks to see if the head item is running. If not, starts it. 2789 * 2790 * Arguments: 2791 * hw ptr to struct hfa384x 2792 * 2793 * Returns: 2794 * nothing 2795 * 2796 * Side effects: 2797 * 2798 * Call context: 2799 * any 2800 *---------------------------------------------------------------- 2801 */ 2802static void hfa384x_usbctlxq_run(struct hfa384x *hw) 2803{ 2804 unsigned long flags; 2805 2806 /* acquire lock */ 2807 spin_lock_irqsave(&hw->ctlxq.lock, flags); 2808 2809 /* Only one active CTLX at any one time, because there's no 2810 * other (reliable) way to match the response URB to the 2811 * correct CTLX. 2812 * 2813 * Don't touch any of these CTLXs if the hardware 2814 * has been removed or the USB subsystem is stalled. 2815 */ 2816 if (!list_empty(&hw->ctlxq.active) || 2817 test_bit(WORK_TX_HALT, &hw->usb_flags) || hw->wlandev->hwremoved) 2818 goto unlock; 2819 2820 while (!list_empty(&hw->ctlxq.pending)) { 2821 struct hfa384x_usbctlx *head; 2822 int result; 2823 2824 /* This is the first pending command */ 2825 head = list_entry(hw->ctlxq.pending.next, 2826 struct hfa384x_usbctlx, list); 2827 2828 /* We need to split this off to avoid a race condition */ 2829 list_move_tail(&head->list, &hw->ctlxq.active); 2830 2831 /* Fill the out packet */ 2832 usb_fill_bulk_urb(&hw->ctlx_urb, hw->usb, 2833 hw->endp_out, 2834 &head->outbuf, ROUNDUP64(head->outbufsize), 2835 hfa384x_ctlxout_callback, hw); 2836 hw->ctlx_urb.transfer_flags |= USB_QUEUE_BULK; 2837 2838 /* Now submit the URB and update the CTLX's state */ 2839 result = usb_submit_urb(&hw->ctlx_urb, GFP_ATOMIC); 2840 if (result == 0) { 2841 /* This CTLX is now running on the active queue */ 2842 head->state = CTLX_REQ_SUBMITTED; 2843 2844 /* Start the OUT wait timer */ 2845 hw->req_timer_done = 0; 2846 hw->reqtimer.expires = jiffies + HZ; 2847 add_timer(&hw->reqtimer); 2848 2849 /* Start the IN wait timer */ 2850 hw->resp_timer_done = 0; 2851 hw->resptimer.expires = jiffies + 2 * HZ; 2852 add_timer(&hw->resptimer); 2853 2854 break; 2855 } 2856 2857 if (result == -EPIPE) { 2858 /* The OUT pipe needs resetting, so put 2859 * this CTLX back in the "pending" queue 2860 * and schedule a reset ... 2861 */ 2862 netdev_warn(hw->wlandev->netdev, 2863 "%s tx pipe stalled: requesting reset\n", 2864 hw->wlandev->netdev->name); 2865 list_move(&head->list, &hw->ctlxq.pending); 2866 set_bit(WORK_TX_HALT, &hw->usb_flags); 2867 schedule_work(&hw->usb_work); 2868 break; 2869 } 2870 2871 if (result == -ESHUTDOWN) { 2872 netdev_warn(hw->wlandev->netdev, "%s urb shutdown!\n", 2873 hw->wlandev->netdev->name); 2874 break; 2875 } 2876 2877 netdev_err(hw->wlandev->netdev, "Failed to submit CTLX[%d]: error=%d\n", 2878 le16_to_cpu(head->outbuf.type), result); 2879 unlocked_usbctlx_complete(hw, head); 2880 } /* while */ 2881 2882unlock: 2883 spin_unlock_irqrestore(&hw->ctlxq.lock, flags); 2884} 2885 2886/*---------------------------------------------------------------- 2887 * hfa384x_usbin_callback 2888 * 2889 * Callback for URBs on the BULKIN endpoint. 2890 * 2891 * Arguments: 2892 * urb ptr to the completed urb 2893 * 2894 * Returns: 2895 * nothing 2896 * 2897 * Side effects: 2898 * 2899 * Call context: 2900 * interrupt 2901 *---------------------------------------------------------------- 2902 */ 2903static void hfa384x_usbin_callback(struct urb *urb) 2904{ 2905 struct wlandevice *wlandev = urb->context; 2906 struct hfa384x *hw; 2907 union hfa384x_usbin *usbin; 2908 struct sk_buff *skb = NULL; 2909 int result; 2910 int urb_status; 2911 u16 type; 2912 2913 enum USBIN_ACTION { 2914 HANDLE, 2915 RESUBMIT, 2916 ABORT 2917 } action; 2918 2919 if (!wlandev || !wlandev->netdev || wlandev->hwremoved) 2920 goto exit; 2921 2922 hw = wlandev->priv; 2923 if (!hw) 2924 goto exit; 2925 2926 skb = hw->rx_urb_skb; 2927 if (!skb || (skb->data != urb->transfer_buffer)) { 2928 WARN_ON(1); 2929 return; 2930 } 2931 2932 hw->rx_urb_skb = NULL; 2933 2934 /* Check for error conditions within the URB */ 2935 switch (urb->status) { 2936 case 0: 2937 action = HANDLE; 2938 2939 /* Check for short packet */ 2940 if (urb->actual_length == 0) { 2941 wlandev->netdev->stats.rx_errors++; 2942 wlandev->netdev->stats.rx_length_errors++; 2943 action = RESUBMIT; 2944 } 2945 break; 2946 2947 case -EPIPE: 2948 netdev_warn(hw->wlandev->netdev, "%s rx pipe stalled: requesting reset\n", 2949 wlandev->netdev->name); 2950 if (!test_and_set_bit(WORK_RX_HALT, &hw->usb_flags)) 2951 schedule_work(&hw->usb_work); 2952 wlandev->netdev->stats.rx_errors++; 2953 action = ABORT; 2954 break; 2955 2956 case -EILSEQ: 2957 case -ETIMEDOUT: 2958 case -EPROTO: 2959 if (!test_and_set_bit(THROTTLE_RX, &hw->usb_flags) && 2960 !timer_pending(&hw->throttle)) { 2961 mod_timer(&hw->throttle, jiffies + THROTTLE_JIFFIES); 2962 } 2963 wlandev->netdev->stats.rx_errors++; 2964 action = ABORT; 2965 break; 2966 2967 case -EOVERFLOW: 2968 wlandev->netdev->stats.rx_over_errors++; 2969 action = RESUBMIT; 2970 break; 2971 2972 case -ENODEV: 2973 case -ESHUTDOWN: 2974 pr_debug("status=%d, device removed.\n", urb->status); 2975 action = ABORT; 2976 break; 2977 2978 case -ENOENT: 2979 case -ECONNRESET: 2980 pr_debug("status=%d, urb explicitly unlinked.\n", urb->status); 2981 action = ABORT; 2982 break; 2983 2984 default: 2985 pr_debug("urb status=%d, transfer flags=0x%x\n", 2986 urb->status, urb->transfer_flags); 2987 wlandev->netdev->stats.rx_errors++; 2988 action = RESUBMIT; 2989 break; 2990 } 2991 2992 /* Save values from the RX URB before reposting overwrites it. */ 2993 urb_status = urb->status; 2994 usbin = (union hfa384x_usbin *)urb->transfer_buffer; 2995 2996 if (action != ABORT) { 2997 /* Repost the RX URB */ 2998 result = submit_rx_urb(hw, GFP_ATOMIC); 2999 3000 if (result != 0) { 3001 netdev_err(hw->wlandev->netdev, 3002 "Fatal, failed to resubmit rx_urb. error=%d\n", 3003 result); 3004 } 3005 } 3006 3007 /* Handle any USB-IN packet */ 3008 /* Note: the check of the sw_support field, the type field doesn't 3009 * have bit 12 set like the docs suggest. 3010 */ 3011 type = le16_to_cpu(usbin->type); 3012 if (HFA384x_USB_ISRXFRM(type)) { 3013 if (action == HANDLE) { 3014 if (usbin->txfrm.desc.sw_support == 0x0123) { 3015 hfa384x_usbin_txcompl(wlandev, usbin); 3016 } else { 3017 skb_put(skb, sizeof(*usbin)); 3018 hfa384x_usbin_rx(wlandev, skb); 3019 skb = NULL; 3020 } 3021 } 3022 goto exit; 3023 } 3024 if (HFA384x_USB_ISTXFRM(type)) { 3025 if (action == HANDLE) 3026 hfa384x_usbin_txcompl(wlandev, usbin); 3027 goto exit; 3028 } 3029 switch (type) { 3030 case HFA384x_USB_INFOFRM: 3031 if (action == ABORT) 3032 goto exit; 3033 if (action == HANDLE) 3034 hfa384x_usbin_info(wlandev, usbin); 3035 break; 3036 3037 case HFA384x_USB_CMDRESP: 3038 case HFA384x_USB_WRIDRESP: 3039 case HFA384x_USB_RRIDRESP: 3040 case HFA384x_USB_WMEMRESP: 3041 case HFA384x_USB_RMEMRESP: 3042 /* ALWAYS, ALWAYS, ALWAYS handle this CTLX!!!! */ 3043 hfa384x_usbin_ctlx(hw, usbin, urb_status); 3044 break; 3045 3046 case HFA384x_USB_BUFAVAIL: 3047 pr_debug("Received BUFAVAIL packet, frmlen=%d\n", 3048 usbin->bufavail.frmlen); 3049 break; 3050 3051 case HFA384x_USB_ERROR: 3052 pr_debug("Received USB_ERROR packet, errortype=%d\n", 3053 usbin->usberror.errortype); 3054 break; 3055 3056 default: 3057 pr_debug("Unrecognized USBIN packet, type=%x, status=%d\n", 3058 usbin->type, urb_status); 3059 break; 3060 } /* switch */ 3061 3062exit: 3063 3064 if (skb) 3065 dev_kfree_skb(skb); 3066} 3067 3068/*---------------------------------------------------------------- 3069 * hfa384x_usbin_ctlx 3070 * 3071 * We've received a URB containing a Prism2 "response" message. 3072 * This message needs to be matched up with a CTLX on the active 3073 * queue and our state updated accordingly. 3074 * 3075 * Arguments: 3076 * hw ptr to struct hfa384x 3077 * usbin ptr to USB IN packet 3078 * urb_status status of this Bulk-In URB 3079 * 3080 * Returns: 3081 * nothing 3082 * 3083 * Side effects: 3084 * 3085 * Call context: 3086 * interrupt 3087 *---------------------------------------------------------------- 3088 */ 3089static void hfa384x_usbin_ctlx(struct hfa384x *hw, union hfa384x_usbin *usbin, 3090 int urb_status) 3091{ 3092 struct hfa384x_usbctlx *ctlx; 3093 int run_queue = 0; 3094 unsigned long flags; 3095 3096retry: 3097 spin_lock_irqsave(&hw->ctlxq.lock, flags); 3098 3099 /* There can be only one CTLX on the active queue 3100 * at any one time, and this is the CTLX that the 3101 * timers are waiting for. 3102 */ 3103 if (list_empty(&hw->ctlxq.active)) 3104 goto unlock; 3105 3106 /* Remove the "response timeout". It's possible that 3107 * we are already too late, and that the timeout is 3108 * already running. And that's just too bad for us, 3109 * because we could lose our CTLX from the active 3110 * queue here ... 3111 */ 3112 if (del_timer(&hw->resptimer) == 0) { 3113 if (hw->resp_timer_done == 0) { 3114 spin_unlock_irqrestore(&hw->ctlxq.lock, flags); 3115 goto retry; 3116 } 3117 } else { 3118 hw->resp_timer_done = 1; 3119 } 3120 3121 ctlx = get_active_ctlx(hw); 3122 3123 if (urb_status != 0) { 3124 /* 3125 * Bad CTLX, so get rid of it. But we only 3126 * remove it from the active queue if we're no 3127 * longer expecting the OUT URB to complete. 3128 */ 3129 if (unlocked_usbctlx_cancel_async(hw, ctlx) == 0) 3130 run_queue = 1; 3131 } else { 3132 const __le16 intype = (usbin->type & ~cpu_to_le16(0x8000)); 3133 3134 /* 3135 * Check that our message is what we're expecting ... 3136 */ 3137 if (ctlx->outbuf.type != intype) { 3138 netdev_warn(hw->wlandev->netdev, 3139 "Expected IN[%d], received IN[%d] - ignored.\n", 3140 le16_to_cpu(ctlx->outbuf.type), 3141 le16_to_cpu(intype)); 3142 goto unlock; 3143 } 3144 3145 /* This URB has succeeded, so grab the data ... */ 3146 memcpy(&ctlx->inbuf, usbin, sizeof(ctlx->inbuf)); 3147 3148 switch (ctlx->state) { 3149 case CTLX_REQ_SUBMITTED: 3150 /* 3151 * We have received our response URB before 3152 * our request has been acknowledged. Odd, 3153 * but our OUT URB is still alive... 3154 */ 3155 pr_debug("Causality violation: please reboot Universe\n"); 3156 ctlx->state = CTLX_RESP_COMPLETE; 3157 break; 3158 3159 case CTLX_REQ_COMPLETE: 3160 /* 3161 * This is the usual path: our request 3162 * has already been acknowledged, and 3163 * now we have received the reply too. 3164 */ 3165 ctlx->state = CTLX_COMPLETE; 3166 unlocked_usbctlx_complete(hw, ctlx); 3167 run_queue = 1; 3168 break; 3169 3170 default: 3171 /* 3172 * Throw this CTLX away ... 3173 */ 3174 netdev_err(hw->wlandev->netdev, 3175 "Matched IN URB, CTLX[%d] in invalid state(%s). Discarded.\n", 3176 le16_to_cpu(ctlx->outbuf.type), 3177 ctlxstr(ctlx->state)); 3178 if (unlocked_usbctlx_cancel_async(hw, ctlx) == 0) 3179 run_queue = 1; 3180 break; 3181 } /* switch */ 3182 } 3183 3184unlock: 3185 spin_unlock_irqrestore(&hw->ctlxq.lock, flags); 3186 3187 if (run_queue) 3188 hfa384x_usbctlxq_run(hw); 3189} 3190 3191/*---------------------------------------------------------------- 3192 * hfa384x_usbin_txcompl 3193 * 3194 * At this point we have the results of a previous transmit. 3195 * 3196 * Arguments: 3197 * wlandev wlan device 3198 * usbin ptr to the usb transfer buffer 3199 * 3200 * Returns: 3201 * nothing 3202 * 3203 * Side effects: 3204 * 3205 * Call context: 3206 * interrupt 3207 *---------------------------------------------------------------- 3208 */ 3209static void hfa384x_usbin_txcompl(struct wlandevice *wlandev, 3210 union hfa384x_usbin *usbin) 3211{ 3212 u16 status; 3213 3214 status = le16_to_cpu(usbin->type); /* yeah I know it says type... */ 3215 3216 /* Was there an error? */ 3217 if (HFA384x_TXSTATUS_ISERROR(status)) 3218 prism2sta_ev_txexc(wlandev, status); 3219 else 3220 prism2sta_ev_tx(wlandev, status); 3221} 3222 3223/*---------------------------------------------------------------- 3224 * hfa384x_usbin_rx 3225 * 3226 * At this point we have a successful received a rx frame packet. 3227 * 3228 * Arguments: 3229 * wlandev wlan device 3230 * usbin ptr to the usb transfer buffer 3231 * 3232 * Returns: 3233 * nothing 3234 * 3235 * Side effects: 3236 * 3237 * Call context: 3238 * interrupt 3239 *---------------------------------------------------------------- 3240 */ 3241static void hfa384x_usbin_rx(struct wlandevice *wlandev, struct sk_buff *skb) 3242{ 3243 union hfa384x_usbin *usbin = (union hfa384x_usbin *)skb->data; 3244 struct hfa384x *hw = wlandev->priv; 3245 int hdrlen; 3246 struct p80211_rxmeta *rxmeta; 3247 u16 data_len; 3248 u16 fc; 3249 u16 status; 3250 3251 /* Byte order convert once up front. */ 3252 le16_to_cpus(&usbin->rxfrm.desc.status); 3253 le32_to_cpus(&usbin->rxfrm.desc.time); 3254 3255 /* Now handle frame based on port# */ 3256 status = HFA384x_RXSTATUS_MACPORT_GET(usbin->rxfrm.desc.status); 3257 3258 switch (status) { 3259 case 0: 3260 fc = le16_to_cpu(usbin->rxfrm.desc.hdr.frame_control); 3261 3262 /* If exclude and we receive an unencrypted, drop it */ 3263 if ((wlandev->hostwep & HOSTWEP_EXCLUDEUNENCRYPTED) && 3264 !WLAN_GET_FC_ISWEP(fc)) { 3265 break; 3266 } 3267 3268 data_len = le16_to_cpu(usbin->rxfrm.desc.data_len); 3269 3270 /* How much header data do we have? */ 3271 hdrlen = p80211_headerlen(fc); 3272 3273 /* Pull off the descriptor */ 3274 skb_pull(skb, sizeof(struct hfa384x_rx_frame)); 3275 3276 /* Now shunt the header block up against the data block 3277 * with an "overlapping" copy 3278 */ 3279 memmove(skb_push(skb, hdrlen), 3280 &usbin->rxfrm.desc.hdr, hdrlen); 3281 3282 skb->dev = wlandev->netdev; 3283 3284 /* And set the frame length properly */ 3285 skb_trim(skb, data_len + hdrlen); 3286 3287 /* The prism2 series does not return the CRC */ 3288 memset(skb_put(skb, WLAN_CRC_LEN), 0xff, WLAN_CRC_LEN); 3289 3290 skb_reset_mac_header(skb); 3291 3292 /* Attach the rxmeta, set some stuff */ 3293 p80211skb_rxmeta_attach(wlandev, skb); 3294 rxmeta = p80211skb_rxmeta(skb); 3295 rxmeta->mactime = usbin->rxfrm.desc.time; 3296 rxmeta->rxrate = usbin->rxfrm.desc.rate; 3297 rxmeta->signal = usbin->rxfrm.desc.signal - hw->dbmadjust; 3298 rxmeta->noise = usbin->rxfrm.desc.silence - hw->dbmadjust; 3299 3300 p80211netdev_rx(wlandev, skb); 3301 3302 break; 3303 3304 case 7: 3305 if (!HFA384x_RXSTATUS_ISFCSERR(usbin->rxfrm.desc.status)) { 3306 /* Copy to wlansnif skb */ 3307 hfa384x_int_rxmonitor(wlandev, &usbin->rxfrm); 3308 dev_kfree_skb(skb); 3309 } else { 3310 pr_debug("Received monitor frame: FCSerr set\n"); 3311 } 3312 break; 3313 3314 default: 3315 netdev_warn(hw->wlandev->netdev, 3316 "Received frame on unsupported port=%d\n", 3317 status); 3318 break; 3319 } 3320} 3321 3322/*---------------------------------------------------------------- 3323 * hfa384x_int_rxmonitor 3324 * 3325 * Helper function for int_rx. Handles monitor frames. 3326 * Note that this function allocates space for the FCS and sets it 3327 * to 0xffffffff. The hfa384x doesn't give us the FCS value but the 3328 * higher layers expect it. 0xffffffff is used as a flag to indicate 3329 * the FCS is bogus. 3330 * 3331 * Arguments: 3332 * wlandev wlan device structure 3333 * rxfrm rx descriptor read from card in int_rx 3334 * 3335 * Returns: 3336 * nothing 3337 * 3338 * Side effects: 3339 * Allocates an skb and passes it up via the PF_PACKET interface. 3340 * Call context: 3341 * interrupt 3342 *---------------------------------------------------------------- 3343 */ 3344static void hfa384x_int_rxmonitor(struct wlandevice *wlandev, 3345 struct hfa384x_usb_rxfrm *rxfrm) 3346{ 3347 struct hfa384x_rx_frame *rxdesc = &rxfrm->desc; 3348 unsigned int hdrlen = 0; 3349 unsigned int datalen = 0; 3350 unsigned int skblen = 0; 3351 u8 *datap; 3352 u16 fc; 3353 struct sk_buff *skb; 3354 struct hfa384x *hw = wlandev->priv; 3355 3356 /* Remember the status, time, and data_len fields are in host order */ 3357 /* Figure out how big the frame is */ 3358 fc = le16_to_cpu(rxdesc->hdr.frame_control); 3359 hdrlen = p80211_headerlen(fc); 3360 datalen = le16_to_cpu(rxdesc->data_len); 3361 3362 /* Allocate an ind message+framesize skb */ 3363 skblen = sizeof(struct p80211_caphdr) + hdrlen + datalen + WLAN_CRC_LEN; 3364 3365 /* sanity check the length */ 3366 if (skblen > 3367 (sizeof(struct p80211_caphdr) + 3368 WLAN_HDR_A4_LEN + WLAN_DATA_MAXLEN + WLAN_CRC_LEN)) { 3369 pr_debug("overlen frm: len=%zd\n", 3370 skblen - sizeof(struct p80211_caphdr)); 3371 3372 return; 3373 } 3374 3375 skb = dev_alloc_skb(skblen); 3376 if (!skb) 3377 return; 3378 3379 /* only prepend the prism header if in the right mode */ 3380 if ((wlandev->netdev->type == ARPHRD_IEEE80211_PRISM) && 3381 (hw->sniffhdr != 0)) { 3382 struct p80211_caphdr *caphdr; 3383 /* The NEW header format! */ 3384 datap = skb_put(skb, sizeof(struct p80211_caphdr)); 3385 caphdr = (struct p80211_caphdr *)datap; 3386 3387 caphdr->version = htonl(P80211CAPTURE_VERSION); 3388 caphdr->length = htonl(sizeof(struct p80211_caphdr)); 3389 caphdr->mactime = __cpu_to_be64(rxdesc->time * 1000); 3390 caphdr->hosttime = __cpu_to_be64(jiffies); 3391 caphdr->phytype = htonl(4); /* dss_dot11_b */ 3392 caphdr->channel = htonl(hw->sniff_channel); 3393 caphdr->datarate = htonl(rxdesc->rate); 3394 caphdr->antenna = htonl(0); /* unknown */ 3395 caphdr->priority = htonl(0); /* unknown */ 3396 caphdr->ssi_type = htonl(3); /* rssi_raw */ 3397 caphdr->ssi_signal = htonl(rxdesc->signal); 3398 caphdr->ssi_noise = htonl(rxdesc->silence); 3399 caphdr->preamble = htonl(0); /* unknown */ 3400 caphdr->encoding = htonl(1); /* cck */ 3401 } 3402 3403 /* Copy the 802.11 header to the skb 3404 * (ctl frames may be less than a full header) 3405 */ 3406 skb_put_data(skb, &rxdesc->hdr.frame_control, hdrlen); 3407 3408 /* If any, copy the data from the card to the skb */ 3409 if (datalen > 0) { 3410 datap = skb_put_data(skb, rxfrm->data, datalen); 3411 3412 /* check for unencrypted stuff if WEP bit set. */ 3413 if (*(datap - hdrlen + 1) & 0x40) /* wep set */ 3414 if ((*(datap) == 0xaa) && (*(datap + 1) == 0xaa)) 3415 /* clear wep; it's the 802.2 header! */ 3416 *(datap - hdrlen + 1) &= 0xbf; 3417 } 3418 3419 if (hw->sniff_fcs) { 3420 /* Set the FCS */ 3421 datap = skb_put(skb, WLAN_CRC_LEN); 3422 memset(datap, 0xff, WLAN_CRC_LEN); 3423 } 3424 3425 /* pass it back up */ 3426 p80211netdev_rx(wlandev, skb); 3427} 3428 3429/*---------------------------------------------------------------- 3430 * hfa384x_usbin_info 3431 * 3432 * At this point we have a successful received a Prism2 info frame. 3433 * 3434 * Arguments: 3435 * wlandev wlan device 3436 * usbin ptr to the usb transfer buffer 3437 * 3438 * Returns: 3439 * nothing 3440 * 3441 * Side effects: 3442 * 3443 * Call context: 3444 * interrupt 3445 *---------------------------------------------------------------- 3446 */ 3447static void hfa384x_usbin_info(struct wlandevice *wlandev, 3448 union hfa384x_usbin *usbin) 3449{ 3450 le16_to_cpus(&usbin->infofrm.info.framelen); 3451 prism2sta_ev_info(wlandev, &usbin->infofrm.info); 3452} 3453 3454/*---------------------------------------------------------------- 3455 * hfa384x_usbout_callback 3456 * 3457 * Callback for URBs on the BULKOUT endpoint. 3458 * 3459 * Arguments: 3460 * urb ptr to the completed urb 3461 * 3462 * Returns: 3463 * nothing 3464 * 3465 * Side effects: 3466 * 3467 * Call context: 3468 * interrupt 3469 *---------------------------------------------------------------- 3470 */ 3471static void hfa384x_usbout_callback(struct urb *urb) 3472{ 3473 struct wlandevice *wlandev = urb->context; 3474 3475#ifdef DEBUG_USB 3476 dbprint_urb(urb); 3477#endif 3478 3479 if (wlandev && wlandev->netdev) { 3480 switch (urb->status) { 3481 case 0: 3482 prism2sta_ev_alloc(wlandev); 3483 break; 3484 3485 case -EPIPE: { 3486 struct hfa384x *hw = wlandev->priv; 3487 3488 netdev_warn(hw->wlandev->netdev, 3489 "%s tx pipe stalled: requesting reset\n", 3490 wlandev->netdev->name); 3491 if (!test_and_set_bit(WORK_TX_HALT, &hw->usb_flags)) 3492 schedule_work(&hw->usb_work); 3493 wlandev->netdev->stats.tx_errors++; 3494 break; 3495 } 3496 3497 case -EPROTO: 3498 case -ETIMEDOUT: 3499 case -EILSEQ: { 3500 struct hfa384x *hw = wlandev->priv; 3501 3502 if (!test_and_set_bit(THROTTLE_TX, &hw->usb_flags) && 3503 !timer_pending(&hw->throttle)) { 3504 mod_timer(&hw->throttle, 3505 jiffies + THROTTLE_JIFFIES); 3506 } 3507 wlandev->netdev->stats.tx_errors++; 3508 netif_stop_queue(wlandev->netdev); 3509 break; 3510 } 3511 3512 case -ENOENT: 3513 case -ESHUTDOWN: 3514 /* Ignorable errors */ 3515 break; 3516 3517 default: 3518 netdev_info(wlandev->netdev, "unknown urb->status=%d\n", 3519 urb->status); 3520 wlandev->netdev->stats.tx_errors++; 3521 break; 3522 } /* switch */ 3523 } 3524} 3525 3526/*---------------------------------------------------------------- 3527 * hfa384x_ctlxout_callback 3528 * 3529 * Callback for control data on the BULKOUT endpoint. 3530 * 3531 * Arguments: 3532 * urb ptr to the completed urb 3533 * 3534 * Returns: 3535 * nothing 3536 * 3537 * Side effects: 3538 * 3539 * Call context: 3540 * interrupt 3541 *---------------------------------------------------------------- 3542 */ 3543static void hfa384x_ctlxout_callback(struct urb *urb) 3544{ 3545 struct hfa384x *hw = urb->context; 3546 int delete_resptimer = 0; 3547 int timer_ok = 1; 3548 int run_queue = 0; 3549 struct hfa384x_usbctlx *ctlx; 3550 unsigned long flags; 3551 3552 pr_debug("urb->status=%d\n", urb->status); 3553#ifdef DEBUG_USB 3554 dbprint_urb(urb); 3555#endif 3556 if ((urb->status == -ESHUTDOWN) || 3557 (urb->status == -ENODEV) || !hw) 3558 return; 3559 3560retry: 3561 spin_lock_irqsave(&hw->ctlxq.lock, flags); 3562 3563 /* 3564 * Only one CTLX at a time on the "active" list, and 3565 * none at all if we are unplugged. However, we can 3566 * rely on the disconnect function to clean everything 3567 * up if someone unplugged the adapter. 3568 */ 3569 if (list_empty(&hw->ctlxq.active)) { 3570 spin_unlock_irqrestore(&hw->ctlxq.lock, flags); 3571 return; 3572 } 3573 3574 /* 3575 * Having something on the "active" queue means 3576 * that we have timers to worry about ... 3577 */ 3578 if (del_timer(&hw->reqtimer) == 0) { 3579 if (hw->req_timer_done == 0) { 3580 /* 3581 * This timer was actually running while we 3582 * were trying to delete it. Let it terminate 3583 * gracefully instead. 3584 */ 3585 spin_unlock_irqrestore(&hw->ctlxq.lock, flags); 3586 goto retry; 3587 } 3588 } else { 3589 hw->req_timer_done = 1; 3590 } 3591 3592 ctlx = get_active_ctlx(hw); 3593 3594 if (urb->status == 0) { 3595 /* Request portion of a CTLX is successful */ 3596 switch (ctlx->state) { 3597 case CTLX_REQ_SUBMITTED: 3598 /* This OUT-ACK received before IN */ 3599 ctlx->state = CTLX_REQ_COMPLETE; 3600 break; 3601 3602 case CTLX_RESP_COMPLETE: 3603 /* IN already received before this OUT-ACK, 3604 * so this command must now be complete. 3605 */ 3606 ctlx->state = CTLX_COMPLETE; 3607 unlocked_usbctlx_complete(hw, ctlx); 3608 run_queue = 1; 3609 break; 3610 3611 default: 3612 /* This is NOT a valid CTLX "success" state! */ 3613 netdev_err(hw->wlandev->netdev, 3614 "Illegal CTLX[%d] success state(%s, %d) in OUT URB\n", 3615 le16_to_cpu(ctlx->outbuf.type), 3616 ctlxstr(ctlx->state), urb->status); 3617 break; 3618 } /* switch */ 3619 } else { 3620 /* If the pipe has stalled then we need to reset it */ 3621 if ((urb->status == -EPIPE) && 3622 !test_and_set_bit(WORK_TX_HALT, &hw->usb_flags)) { 3623 netdev_warn(hw->wlandev->netdev, 3624 "%s tx pipe stalled: requesting reset\n", 3625 hw->wlandev->netdev->name); 3626 schedule_work(&hw->usb_work); 3627 } 3628 3629 /* If someone cancels the OUT URB then its status 3630 * should be either -ECONNRESET or -ENOENT. 3631 */ 3632 ctlx->state = CTLX_REQ_FAILED; 3633 unlocked_usbctlx_complete(hw, ctlx); 3634 delete_resptimer = 1; 3635 run_queue = 1; 3636 } 3637 3638delresp: 3639 if (delete_resptimer) { 3640 timer_ok = del_timer(&hw->resptimer); 3641 if (timer_ok != 0) 3642 hw->resp_timer_done = 1; 3643 } 3644 3645 spin_unlock_irqrestore(&hw->ctlxq.lock, flags); 3646 3647 if (!timer_ok && (hw->resp_timer_done == 0)) { 3648 spin_lock_irqsave(&hw->ctlxq.lock, flags); 3649 goto delresp; 3650 } 3651 3652 if (run_queue) 3653 hfa384x_usbctlxq_run(hw); 3654} 3655 3656/*---------------------------------------------------------------- 3657 * hfa384x_usbctlx_reqtimerfn 3658 * 3659 * Timer response function for CTLX request timeouts. If this 3660 * function is called, it means that the callback for the OUT 3661 * URB containing a Prism2.x XXX_Request was never called. 3662 * 3663 * Arguments: 3664 * data a ptr to the struct hfa384x 3665 * 3666 * Returns: 3667 * nothing 3668 * 3669 * Side effects: 3670 * 3671 * Call context: 3672 * interrupt 3673 *---------------------------------------------------------------- 3674 */ 3675static void hfa384x_usbctlx_reqtimerfn(struct timer_list *t) 3676{ 3677 struct hfa384x *hw = from_timer(hw, t, reqtimer); 3678 unsigned long flags; 3679 3680 spin_lock_irqsave(&hw->ctlxq.lock, flags); 3681 3682 hw->req_timer_done = 1; 3683 3684 /* Removing the hardware automatically empties 3685 * the active list ... 3686 */ 3687 if (!list_empty(&hw->ctlxq.active)) { 3688 /* 3689 * We must ensure that our URB is removed from 3690 * the system, if it hasn't already expired. 3691 */ 3692 hw->ctlx_urb.transfer_flags |= URB_ASYNC_UNLINK; 3693 if (usb_unlink_urb(&hw->ctlx_urb) == -EINPROGRESS) { 3694 struct hfa384x_usbctlx *ctlx = get_active_ctlx(hw); 3695 3696 ctlx->state = CTLX_REQ_FAILED; 3697 3698 /* This URB was active, but has now been 3699 * cancelled. It will now have a status of 3700 * -ECONNRESET in the callback function. 3701 * 3702 * We are cancelling this CTLX, so we're 3703 * not going to need to wait for a response. 3704 * The URB's callback function will check 3705 * that this timer is truly dead. 3706 */ 3707 if (del_timer(&hw->resptimer) != 0) 3708 hw->resp_timer_done = 1; 3709 } 3710 } 3711 3712 spin_unlock_irqrestore(&hw->ctlxq.lock, flags); 3713} 3714 3715/*---------------------------------------------------------------- 3716 * hfa384x_usbctlx_resptimerfn 3717 * 3718 * Timer response function for CTLX response timeouts. If this 3719 * function is called, it means that the callback for the IN 3720 * URB containing a Prism2.x XXX_Response was never called. 3721 * 3722 * Arguments: 3723 * data a ptr to the struct hfa384x 3724 * 3725 * Returns: 3726 * nothing 3727 * 3728 * Side effects: 3729 * 3730 * Call context: 3731 * interrupt 3732 *---------------------------------------------------------------- 3733 */ 3734static void hfa384x_usbctlx_resptimerfn(struct timer_list *t) 3735{ 3736 struct hfa384x *hw = from_timer(hw, t, resptimer); 3737 unsigned long flags; 3738 3739 spin_lock_irqsave(&hw->ctlxq.lock, flags); 3740 3741 hw->resp_timer_done = 1; 3742 3743 /* The active list will be empty if the 3744 * adapter has been unplugged ... 3745 */ 3746 if (!list_empty(&hw->ctlxq.active)) { 3747 struct hfa384x_usbctlx *ctlx = get_active_ctlx(hw); 3748 3749 if (unlocked_usbctlx_cancel_async(hw, ctlx) == 0) { 3750 spin_unlock_irqrestore(&hw->ctlxq.lock, flags); 3751 hfa384x_usbctlxq_run(hw); 3752 return; 3753 } 3754 } 3755 spin_unlock_irqrestore(&hw->ctlxq.lock, flags); 3756} 3757 3758/*---------------------------------------------------------------- 3759 * hfa384x_usb_throttlefn 3760 * 3761 * 3762 * Arguments: 3763 * data ptr to hw 3764 * 3765 * Returns: 3766 * Nothing 3767 * 3768 * Side effects: 3769 * 3770 * Call context: 3771 * Interrupt 3772 *---------------------------------------------------------------- 3773 */ 3774static void hfa384x_usb_throttlefn(struct timer_list *t) 3775{ 3776 struct hfa384x *hw = from_timer(hw, t, throttle); 3777 unsigned long flags; 3778 3779 spin_lock_irqsave(&hw->ctlxq.lock, flags); 3780 3781 pr_debug("flags=0x%lx\n", hw->usb_flags); 3782 if (!hw->wlandev->hwremoved) { 3783 bool rx_throttle = test_and_clear_bit(THROTTLE_RX, &hw->usb_flags) && 3784 !test_and_set_bit(WORK_RX_RESUME, &hw->usb_flags); 3785 bool tx_throttle = test_and_clear_bit(THROTTLE_TX, &hw->usb_flags) && 3786 !test_and_set_bit(WORK_TX_RESUME, &hw->usb_flags); 3787 /* 3788 * We need to check BOTH the RX and the TX throttle controls, 3789 * so we use the bitwise OR instead of the logical OR. 3790 */ 3791 if (rx_throttle | tx_throttle) 3792 schedule_work(&hw->usb_work); 3793 } 3794 3795 spin_unlock_irqrestore(&hw->ctlxq.lock, flags); 3796} 3797 3798/*---------------------------------------------------------------- 3799 * hfa384x_usbctlx_submit 3800 * 3801 * Called from the doxxx functions to submit a CTLX to the queue 3802 * 3803 * Arguments: 3804 * hw ptr to the hw struct 3805 * ctlx ctlx structure to enqueue 3806 * 3807 * Returns: 3808 * -ENODEV if the adapter is unplugged 3809 * 0 3810 * 3811 * Side effects: 3812 * 3813 * Call context: 3814 * process or interrupt 3815 *---------------------------------------------------------------- 3816 */ 3817static int hfa384x_usbctlx_submit(struct hfa384x *hw, 3818 struct hfa384x_usbctlx *ctlx) 3819{ 3820 unsigned long flags; 3821 3822 spin_lock_irqsave(&hw->ctlxq.lock, flags); 3823 3824 if (hw->wlandev->hwremoved) { 3825 spin_unlock_irqrestore(&hw->ctlxq.lock, flags); 3826 return -ENODEV; 3827 } 3828 3829 ctlx->state = CTLX_PENDING; 3830 list_add_tail(&ctlx->list, &hw->ctlxq.pending); 3831 spin_unlock_irqrestore(&hw->ctlxq.lock, flags); 3832 hfa384x_usbctlxq_run(hw); 3833 3834 return 0; 3835} 3836 3837/*---------------------------------------------------------------- 3838 * hfa384x_isgood_pdrcore 3839 * 3840 * Quick check of PDR codes. 3841 * 3842 * Arguments: 3843 * pdrcode PDR code number (host order) 3844 * 3845 * Returns: 3846 * zero not good. 3847 * one is good. 3848 * 3849 * Side effects: 3850 * 3851 * Call context: 3852 *---------------------------------------------------------------- 3853 */ 3854static int hfa384x_isgood_pdrcode(u16 pdrcode) 3855{ 3856 switch (pdrcode) { 3857 case HFA384x_PDR_END_OF_PDA: 3858 case HFA384x_PDR_PCB_PARTNUM: 3859 case HFA384x_PDR_PDAVER: 3860 case HFA384x_PDR_NIC_SERIAL: 3861 case HFA384x_PDR_MKK_MEASUREMENTS: 3862 case HFA384x_PDR_NIC_RAMSIZE: 3863 case HFA384x_PDR_MFISUPRANGE: 3864 case HFA384x_PDR_CFISUPRANGE: 3865 case HFA384x_PDR_NICID: 3866 case HFA384x_PDR_MAC_ADDRESS: 3867 case HFA384x_PDR_REGDOMAIN: 3868 case HFA384x_PDR_ALLOWED_CHANNEL: 3869 case HFA384x_PDR_DEFAULT_CHANNEL: 3870 case HFA384x_PDR_TEMPTYPE: 3871 case HFA384x_PDR_IFR_SETTING: 3872 case HFA384x_PDR_RFR_SETTING: 3873 case HFA384x_PDR_HFA3861_BASELINE: 3874 case HFA384x_PDR_HFA3861_SHADOW: 3875 case HFA384x_PDR_HFA3861_IFRF: 3876 case HFA384x_PDR_HFA3861_CHCALSP: 3877 case HFA384x_PDR_HFA3861_CHCALI: 3878 case HFA384x_PDR_3842_NIC_CONFIG: 3879 case HFA384x_PDR_USB_ID: 3880 case HFA384x_PDR_PCI_ID: 3881 case HFA384x_PDR_PCI_IFCONF: 3882 case HFA384x_PDR_PCI_PMCONF: 3883 case HFA384x_PDR_RFENRGY: 3884 case HFA384x_PDR_HFA3861_MANF_TESTSP: 3885 case HFA384x_PDR_HFA3861_MANF_TESTI: 3886 /* code is OK */ 3887 return 1; 3888 default: 3889 if (pdrcode < 0x1000) { 3890 /* code is OK, but we don't know exactly what it is */ 3891 pr_debug("Encountered unknown PDR#=0x%04x, assuming it's ok.\n", 3892 pdrcode); 3893 return 1; 3894 } 3895 break; 3896 } 3897 /* bad code */ 3898 pr_debug("Encountered unknown PDR#=0x%04x, (>=0x1000), assuming it's bad.\n", 3899 pdrcode); 3900 return 0; 3901}