1 /* src/prism2/driver/hfa384x_usb.c
3 * Functions that talk to the USB variantof the Intersil hfa384x MAC
5 * Copyright (C) 1999 AbsoluteValue Systems, Inc. All Rights Reserved.
6 * --------------------------------------------------------------------
10 * The contents of this file are subject to the Mozilla Public
11 * License Version 1.1 (the "License"); you may not use this file
12 * except in compliance with the License. You may obtain a copy of
13 * the License at http://www.mozilla.org/MPL/
15 * Software distributed under the License is distributed on an "AS
16 * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
17 * implied. See the License for the specific language governing
18 * rights and limitations under the License.
20 * Alternatively, the contents of this file may be used under the
21 * terms of the GNU Public License version 2 (the "GPL"), in which
22 * case the provisions of the GPL are applicable instead of the
23 * above. If you wish to allow the use of your version of this file
24 * only under the terms of the GPL and not to allow others to use
25 * your version of this file under the MPL, indicate your decision
26 * by deleting the provisions above and replace them with the notice
27 * and other provisions required by the GPL. If you do not delete
28 * the provisions above, a recipient may use your version of this
29 * file under either the MPL or the GPL.
31 * --------------------------------------------------------------------
33 * Inquiries regarding the linux-wlan Open Source project can be
36 * AbsoluteValue Systems Inc.
38 * http://www.linux-wlan.com
40 * --------------------------------------------------------------------
42 * Portions of the development of this software were funded by
43 * Intersil Corporation as part of PRISM(R) chipset product development.
45 * --------------------------------------------------------------------
47 * This file implements functions that correspond to the prism2/hfa384x
48 * 802.11 MAC hardware and firmware host interface.
50 * The functions can be considered to represent several levels of
51 * abstraction. The lowest level functions are simply C-callable wrappers
52 * around the register accesses. The next higher level represents C-callable
53 * prism2 API functions that match the Intersil documentation as closely
54 * as is reasonable. The next higher layer implements common sequences
55 * of invocations of the API layer (e.g. write to bap, followed by cmd).
58 * hfa384x_drvr_xxx Highest level abstractions provided by the
59 * hfa384x code. They are driver defined wrappers
60 * for common sequences. These functions generally
61 * use the services of the lower levels.
63 * hfa384x_drvr_xxxconfig An example of the drvr level abstraction. These
64 * functions are wrappers for the RID get/set
65 * sequence. They call copy_[to|from]_bap() and
66 * cmd_access(). These functions operate on the
67 * RIDs and buffers without validation. The caller
68 * is responsible for that.
70 * API wrapper functions:
71 * hfa384x_cmd_xxx functions that provide access to the f/w commands.
72 * The function arguments correspond to each command
73 * argument, even command arguments that get packed
74 * into single registers. These functions _just_
75 * issue the command by setting the cmd/parm regs
76 * & reading the status/resp regs. Additional
77 * activities required to fully use a command
78 * (read/write from/to bap, get/set int status etc.)
79 * are implemented separately. Think of these as
80 * C-callable prism2 commands.
82 * Lowest Layer Functions:
83 * hfa384x_docmd_xxx These functions implement the sequence required
84 * to issue any prism2 command. Primarily used by the
85 * hfa384x_cmd_xxx functions.
87 * hfa384x_bap_xxx BAP read/write access functions.
88 * Note: we usually use BAP0 for non-interrupt context
89 * and BAP1 for interrupt context.
91 * hfa384x_dl_xxx download related functions.
93 * Driver State Issues:
94 * Note that there are two pairs of functions that manage the
95 * 'initialized' and 'running' states of the hw/MAC combo. The four
96 * functions are create(), destroy(), start(), and stop(). create()
97 * sets up the data structures required to support the hfa384x_*
98 * functions and destroy() cleans them up. The start() function gets
99 * the actual hardware running and enables the interrupts. The stop()
100 * function shuts the hardware down. The sequence should be:
104 * . Do interesting things w/ the hardware
109 * Note that destroy() can be called without calling stop() first.
110 * --------------------------------------------------------------------
113 #include <linux/module.h>
114 #include <linux/kernel.h>
115 #include <linux/sched.h>
116 #include <linux/types.h>
117 #include <linux/slab.h>
118 #include <linux/wireless.h>
119 #include <linux/netdevice.h>
120 #include <linux/timer.h>
121 #include <linux/io.h>
122 #include <linux/delay.h>
123 #include <asm/byteorder.h>
124 #include <linux/bitops.h>
125 #include <linux/list.h>
126 #include <linux/usb.h>
127 #include <linux/byteorder/generic.h>
129 #include "p80211types.h"
130 #include "p80211hdr.h"
131 #include "p80211mgmt.h"
132 #include "p80211conv.h"
133 #include "p80211msg.h"
134 #include "p80211netdev.h"
135 #include "p80211req.h"
136 #include "p80211metadef.h"
137 #include "p80211metastruct.h"
139 #include "prism2mgmt.h"
146 #define THROTTLE_JIFFIES (HZ / 8)
147 #define URB_ASYNC_UNLINK 0
148 #define USB_QUEUE_BULK 0
150 #define ROUNDUP64(a) (((a) + 63) & ~63)
153 static void dbprint_urb(struct urb
*urb
);
156 static void hfa384x_int_rxmonitor(struct wlandevice
*wlandev
,
157 struct hfa384x_usb_rxfrm
*rxfrm
);
159 static void hfa384x_usb_defer(struct work_struct
*data
);
161 static int submit_rx_urb(struct hfa384x
*hw
, gfp_t flags
);
163 static int submit_tx_urb(struct hfa384x
*hw
, struct urb
*tx_urb
, gfp_t flags
);
165 /*---------------------------------------------------*/
167 static void hfa384x_usbout_callback(struct urb
*urb
);
168 static void hfa384x_ctlxout_callback(struct urb
*urb
);
169 static void hfa384x_usbin_callback(struct urb
*urb
);
172 hfa384x_usbin_txcompl(struct wlandevice
*wlandev
, union hfa384x_usbin
*usbin
);
174 static void hfa384x_usbin_rx(struct wlandevice
*wlandev
, struct sk_buff
*skb
);
176 static void hfa384x_usbin_info(struct wlandevice
*wlandev
,
177 union hfa384x_usbin
*usbin
);
179 static void hfa384x_usbin_ctlx(struct hfa384x
*hw
, union hfa384x_usbin
*usbin
,
182 /*---------------------------------------------------*/
183 /* Functions to support the prism2 usb command queue */
185 static void hfa384x_usbctlxq_run(struct hfa384x
*hw
);
187 static void hfa384x_usbctlx_reqtimerfn(unsigned long data
);
189 static void hfa384x_usbctlx_resptimerfn(unsigned long data
);
191 static void hfa384x_usb_throttlefn(unsigned long data
);
193 static void hfa384x_usbctlx_completion_task(unsigned long data
);
195 static void hfa384x_usbctlx_reaper_task(unsigned long data
);
197 static int hfa384x_usbctlx_submit(struct hfa384x
*hw
,
198 struct hfa384x_usbctlx
*ctlx
);
200 static void unlocked_usbctlx_complete(struct hfa384x
*hw
,
201 struct hfa384x_usbctlx
*ctlx
);
203 struct usbctlx_completor
{
204 int (*complete
)(struct usbctlx_completor
*);
208 hfa384x_usbctlx_complete_sync(struct hfa384x
*hw
,
209 struct hfa384x_usbctlx
*ctlx
,
210 struct usbctlx_completor
*completor
);
213 unlocked_usbctlx_cancel_async(struct hfa384x
*hw
, struct hfa384x_usbctlx
*ctlx
);
215 static void hfa384x_cb_status(struct hfa384x
*hw
,
216 const struct hfa384x_usbctlx
*ctlx
);
219 usbctlx_get_status(const struct hfa384x_usb_statusresp
*cmdresp
,
220 struct hfa384x_cmdresult
*result
);
223 usbctlx_get_rridresult(const struct hfa384x_usb_rridresp
*rridresp
,
224 struct hfa384x_rridresult
*result
);
226 /*---------------------------------------------------*/
227 /* Low level req/resp CTLX formatters and submitters */
229 hfa384x_docmd(struct hfa384x
*hw
,
231 struct hfa384x_metacmd
*cmd
,
232 ctlx_cmdcb_t cmdcb
, ctlx_usercb_t usercb
, void *usercb_data
);
235 hfa384x_dorrid(struct hfa384x
*hw
,
239 unsigned int riddatalen
,
240 ctlx_cmdcb_t cmdcb
, ctlx_usercb_t usercb
, void *usercb_data
);
243 hfa384x_dowrid(struct hfa384x
*hw
,
247 unsigned int riddatalen
,
248 ctlx_cmdcb_t cmdcb
, ctlx_usercb_t usercb
, void *usercb_data
);
251 hfa384x_dormem(struct hfa384x
*hw
,
257 ctlx_cmdcb_t cmdcb
, ctlx_usercb_t usercb
, void *usercb_data
);
260 hfa384x_dowmem(struct hfa384x
*hw
,
266 ctlx_cmdcb_t cmdcb
, ctlx_usercb_t usercb
, void *usercb_data
);
268 static int hfa384x_isgood_pdrcode(u16 pdrcode
);
270 static inline const char *ctlxstr(enum ctlx_state s
)
272 static const char * const ctlx_str
[] = {
277 "Request packet submitted",
278 "Request packet completed",
279 "Response packet completed"
285 static inline struct hfa384x_usbctlx
*get_active_ctlx(struct hfa384x
*hw
)
287 return list_entry(hw
->ctlxq
.active
.next
, struct hfa384x_usbctlx
, list
);
291 void dbprint_urb(struct urb
*urb
)
293 pr_debug("urb->pipe=0x%08x\n", urb
->pipe
);
294 pr_debug("urb->status=0x%08x\n", urb
->status
);
295 pr_debug("urb->transfer_flags=0x%08x\n", urb
->transfer_flags
);
296 pr_debug("urb->transfer_buffer=0x%08x\n",
297 (unsigned int)urb
->transfer_buffer
);
298 pr_debug("urb->transfer_buffer_length=0x%08x\n",
299 urb
->transfer_buffer_length
);
300 pr_debug("urb->actual_length=0x%08x\n", urb
->actual_length
);
301 pr_debug("urb->bandwidth=0x%08x\n", urb
->bandwidth
);
302 pr_debug("urb->setup_packet(ctl)=0x%08x\n",
303 (unsigned int)urb
->setup_packet
);
304 pr_debug("urb->start_frame(iso/irq)=0x%08x\n", urb
->start_frame
);
305 pr_debug("urb->interval(irq)=0x%08x\n", urb
->interval
);
306 pr_debug("urb->error_count(iso)=0x%08x\n", urb
->error_count
);
307 pr_debug("urb->timeout=0x%08x\n", urb
->timeout
);
308 pr_debug("urb->context=0x%08x\n", (unsigned int)urb
->context
);
309 pr_debug("urb->complete=0x%08x\n", (unsigned int)urb
->complete
);
313 /*----------------------------------------------------------------
316 * Listen for input data on the BULK-IN pipe. If the pipe has
317 * stalled then schedule it to be reset.
321 * memflags memory allocation flags
324 * error code from submission
328 *----------------------------------------------------------------
330 static int submit_rx_urb(struct hfa384x
*hw
, gfp_t memflags
)
335 skb
= dev_alloc_skb(sizeof(union hfa384x_usbin
));
341 /* Post the IN urb */
342 usb_fill_bulk_urb(&hw
->rx_urb
, hw
->usb
,
344 skb
->data
, sizeof(union hfa384x_usbin
),
345 hfa384x_usbin_callback
, hw
->wlandev
);
347 hw
->rx_urb_skb
= skb
;
350 if (!hw
->wlandev
->hwremoved
&&
351 !test_bit(WORK_RX_HALT
, &hw
->usb_flags
)) {
352 result
= usb_submit_urb(&hw
->rx_urb
, memflags
);
354 /* Check whether we need to reset the RX pipe */
355 if (result
== -EPIPE
) {
356 netdev_warn(hw
->wlandev
->netdev
,
357 "%s rx pipe stalled: requesting reset\n",
358 hw
->wlandev
->netdev
->name
);
359 if (!test_and_set_bit(WORK_RX_HALT
, &hw
->usb_flags
))
360 schedule_work(&hw
->usb_work
);
364 /* Don't leak memory if anything should go wrong */
367 hw
->rx_urb_skb
= NULL
;
374 /*----------------------------------------------------------------
377 * Prepares and submits the URB of transmitted data. If the
378 * submission fails then it will schedule the output pipe to
383 * tx_urb URB of data for transmission
384 * memflags memory allocation flags
387 * error code from submission
391 *----------------------------------------------------------------
393 static int submit_tx_urb(struct hfa384x
*hw
, struct urb
*tx_urb
, gfp_t memflags
)
395 struct net_device
*netdev
= hw
->wlandev
->netdev
;
399 if (netif_running(netdev
)) {
400 if (!hw
->wlandev
->hwremoved
&&
401 !test_bit(WORK_TX_HALT
, &hw
->usb_flags
)) {
402 result
= usb_submit_urb(tx_urb
, memflags
);
404 /* Test whether we need to reset the TX pipe */
405 if (result
== -EPIPE
) {
406 netdev_warn(hw
->wlandev
->netdev
,
407 "%s tx pipe stalled: requesting reset\n",
409 set_bit(WORK_TX_HALT
, &hw
->usb_flags
);
410 schedule_work(&hw
->usb_work
);
411 } else if (result
== 0) {
412 netif_stop_queue(netdev
);
420 /*----------------------------------------------------------------
423 * There are some things that the USB stack cannot do while
424 * in interrupt context, so we arrange this function to run
425 * in process context.
428 * hw device structure
434 * process (by design)
435 *----------------------------------------------------------------
437 static void hfa384x_usb_defer(struct work_struct
*data
)
439 struct hfa384x
*hw
= container_of(data
, struct hfa384x
, usb_work
);
440 struct net_device
*netdev
= hw
->wlandev
->netdev
;
442 /* Don't bother trying to reset anything if the plug
443 * has been pulled ...
445 if (hw
->wlandev
->hwremoved
)
448 /* Reception has stopped: try to reset the input pipe */
449 if (test_bit(WORK_RX_HALT
, &hw
->usb_flags
)) {
452 usb_kill_urb(&hw
->rx_urb
); /* Cannot be holding spinlock! */
454 ret
= usb_clear_halt(hw
->usb
, hw
->endp_in
);
456 netdev_err(hw
->wlandev
->netdev
,
457 "Failed to clear rx pipe for %s: err=%d\n",
460 netdev_info(hw
->wlandev
->netdev
, "%s rx pipe reset complete.\n",
462 clear_bit(WORK_RX_HALT
, &hw
->usb_flags
);
463 set_bit(WORK_RX_RESUME
, &hw
->usb_flags
);
467 /* Resume receiving data back from the device. */
468 if (test_bit(WORK_RX_RESUME
, &hw
->usb_flags
)) {
471 ret
= submit_rx_urb(hw
, GFP_KERNEL
);
473 netdev_err(hw
->wlandev
->netdev
,
474 "Failed to resume %s rx pipe.\n",
477 clear_bit(WORK_RX_RESUME
, &hw
->usb_flags
);
481 /* Transmission has stopped: try to reset the output pipe */
482 if (test_bit(WORK_TX_HALT
, &hw
->usb_flags
)) {
485 usb_kill_urb(&hw
->tx_urb
);
486 ret
= usb_clear_halt(hw
->usb
, hw
->endp_out
);
488 netdev_err(hw
->wlandev
->netdev
,
489 "Failed to clear tx pipe for %s: err=%d\n",
492 netdev_info(hw
->wlandev
->netdev
, "%s tx pipe reset complete.\n",
494 clear_bit(WORK_TX_HALT
, &hw
->usb_flags
);
495 set_bit(WORK_TX_RESUME
, &hw
->usb_flags
);
497 /* Stopping the BULK-OUT pipe also blocked
498 * us from sending any more CTLX URBs, so
499 * we need to re-run our queue ...
501 hfa384x_usbctlxq_run(hw
);
505 /* Resume transmitting. */
506 if (test_and_clear_bit(WORK_TX_RESUME
, &hw
->usb_flags
))
507 netif_wake_queue(hw
->wlandev
->netdev
);
510 /*----------------------------------------------------------------
513 * Sets up the struct hfa384x data structure for use. Note this
514 * does _not_ initialize the actual hardware, just the data structures
515 * we use to keep track of its state.
518 * hw device structure
519 * irq device irq number
520 * iobase i/o base address for register access
521 * membase memory base address for register access
530 *----------------------------------------------------------------
532 void hfa384x_create(struct hfa384x
*hw
, struct usb_device
*usb
)
534 memset(hw
, 0, sizeof(*hw
));
537 /* set up the endpoints */
538 hw
->endp_in
= usb_rcvbulkpipe(usb
, 1);
539 hw
->endp_out
= usb_sndbulkpipe(usb
, 2);
541 /* Set up the waitq */
542 init_waitqueue_head(&hw
->cmdq
);
544 /* Initialize the command queue */
545 spin_lock_init(&hw
->ctlxq
.lock
);
546 INIT_LIST_HEAD(&hw
->ctlxq
.pending
);
547 INIT_LIST_HEAD(&hw
->ctlxq
.active
);
548 INIT_LIST_HEAD(&hw
->ctlxq
.completing
);
549 INIT_LIST_HEAD(&hw
->ctlxq
.reapable
);
551 /* Initialize the authentication queue */
552 skb_queue_head_init(&hw
->authq
);
554 tasklet_init(&hw
->reaper_bh
,
555 hfa384x_usbctlx_reaper_task
, (unsigned long)hw
);
556 tasklet_init(&hw
->completion_bh
,
557 hfa384x_usbctlx_completion_task
, (unsigned long)hw
);
558 INIT_WORK(&hw
->link_bh
, prism2sta_processing_defer
);
559 INIT_WORK(&hw
->usb_work
, hfa384x_usb_defer
);
561 setup_timer(&hw
->throttle
, hfa384x_usb_throttlefn
, (unsigned long)hw
);
563 setup_timer(&hw
->resptimer
, hfa384x_usbctlx_resptimerfn
,
566 setup_timer(&hw
->reqtimer
, hfa384x_usbctlx_reqtimerfn
,
569 usb_init_urb(&hw
->rx_urb
);
570 usb_init_urb(&hw
->tx_urb
);
571 usb_init_urb(&hw
->ctlx_urb
);
573 hw
->link_status
= HFA384x_LINK_NOTCONNECTED
;
574 hw
->state
= HFA384x_STATE_INIT
;
576 INIT_WORK(&hw
->commsqual_bh
, prism2sta_commsqual_defer
);
577 setup_timer(&hw
->commsqual_timer
, prism2sta_commsqual_timer
,
581 /*----------------------------------------------------------------
584 * Partner to hfa384x_create(). This function cleans up the hw
585 * structure so that it can be freed by the caller using a simple
586 * kfree. Currently, this function is just a placeholder. If, at some
587 * point in the future, an hw in the 'shutdown' state requires a 'deep'
588 * kfree, this is where it should be done. Note that if this function
589 * is called on a _running_ hw structure, the drvr_stop() function is
593 * hw device structure
596 * nothing, this function is not allowed to fail.
602 *----------------------------------------------------------------
604 void hfa384x_destroy(struct hfa384x
*hw
)
608 if (hw
->state
== HFA384x_STATE_RUNNING
)
609 hfa384x_drvr_stop(hw
);
610 hw
->state
= HFA384x_STATE_PREINIT
;
612 kfree(hw
->scanresults
);
613 hw
->scanresults
= NULL
;
615 /* Now to clean out the auth queue */
616 while ((skb
= skb_dequeue(&hw
->authq
)))
620 static struct hfa384x_usbctlx
*usbctlx_alloc(void)
622 struct hfa384x_usbctlx
*ctlx
;
624 ctlx
= kzalloc(sizeof(*ctlx
),
625 in_interrupt() ? GFP_ATOMIC
: GFP_KERNEL
);
627 init_completion(&ctlx
->done
);
633 usbctlx_get_status(const struct hfa384x_usb_statusresp
*cmdresp
,
634 struct hfa384x_cmdresult
*result
)
636 result
->status
= le16_to_cpu(cmdresp
->status
);
637 result
->resp0
= le16_to_cpu(cmdresp
->resp0
);
638 result
->resp1
= le16_to_cpu(cmdresp
->resp1
);
639 result
->resp2
= le16_to_cpu(cmdresp
->resp2
);
641 pr_debug("cmdresult:status=0x%04x resp0=0x%04x resp1=0x%04x resp2=0x%04x\n",
642 result
->status
, result
->resp0
, result
->resp1
, result
->resp2
);
644 return result
->status
& HFA384x_STATUS_RESULT
;
648 usbctlx_get_rridresult(const struct hfa384x_usb_rridresp
*rridresp
,
649 struct hfa384x_rridresult
*result
)
651 result
->rid
= le16_to_cpu(rridresp
->rid
);
652 result
->riddata
= rridresp
->data
;
653 result
->riddata_len
= ((le16_to_cpu(rridresp
->frmlen
) - 1) * 2);
656 /*----------------------------------------------------------------
658 * This completor must be passed to hfa384x_usbctlx_complete_sync()
659 * when processing a CTLX that returns a struct hfa384x_cmdresult structure.
660 *----------------------------------------------------------------
662 struct usbctlx_cmd_completor
{
663 struct usbctlx_completor head
;
665 const struct hfa384x_usb_statusresp
*cmdresp
;
666 struct hfa384x_cmdresult
*result
;
669 static inline int usbctlx_cmd_completor_fn(struct usbctlx_completor
*head
)
671 struct usbctlx_cmd_completor
*complete
;
673 complete
= (struct usbctlx_cmd_completor
*)head
;
674 return usbctlx_get_status(complete
->cmdresp
, complete
->result
);
677 static inline struct usbctlx_completor
*
678 init_cmd_completor(struct usbctlx_cmd_completor
*completor
,
679 const struct hfa384x_usb_statusresp
*cmdresp
,
680 struct hfa384x_cmdresult
*result
)
682 completor
->head
.complete
= usbctlx_cmd_completor_fn
;
683 completor
->cmdresp
= cmdresp
;
684 completor
->result
= result
;
685 return &completor
->head
;
688 /*----------------------------------------------------------------
690 * This completor must be passed to hfa384x_usbctlx_complete_sync()
691 * when processing a CTLX that reads a RID.
692 *----------------------------------------------------------------
694 struct usbctlx_rrid_completor
{
695 struct usbctlx_completor head
;
697 const struct hfa384x_usb_rridresp
*rridresp
;
699 unsigned int riddatalen
;
702 static int usbctlx_rrid_completor_fn(struct usbctlx_completor
*head
)
704 struct usbctlx_rrid_completor
*complete
;
705 struct hfa384x_rridresult rridresult
;
707 complete
= (struct usbctlx_rrid_completor
*)head
;
708 usbctlx_get_rridresult(complete
->rridresp
, &rridresult
);
710 /* Validate the length, note body len calculation in bytes */
711 if (rridresult
.riddata_len
!= complete
->riddatalen
) {
712 pr_warn("RID len mismatch, rid=0x%04x hlen=%d fwlen=%d\n",
714 complete
->riddatalen
, rridresult
.riddata_len
);
718 memcpy(complete
->riddata
, rridresult
.riddata
, complete
->riddatalen
);
722 static inline struct usbctlx_completor
*
723 init_rrid_completor(struct usbctlx_rrid_completor
*completor
,
724 const struct hfa384x_usb_rridresp
*rridresp
,
726 unsigned int riddatalen
)
728 completor
->head
.complete
= usbctlx_rrid_completor_fn
;
729 completor
->rridresp
= rridresp
;
730 completor
->riddata
= riddata
;
731 completor
->riddatalen
= riddatalen
;
732 return &completor
->head
;
735 /*----------------------------------------------------------------
737 * Interprets the results of a synchronous RID-write
738 *----------------------------------------------------------------
740 #define init_wrid_completor init_cmd_completor
742 /*----------------------------------------------------------------
744 * Interprets the results of a synchronous memory-write
745 *----------------------------------------------------------------
747 #define init_wmem_completor init_cmd_completor
749 /*----------------------------------------------------------------
751 * Interprets the results of a synchronous memory-read
752 *----------------------------------------------------------------
754 struct usbctlx_rmem_completor
{
755 struct usbctlx_completor head
;
757 const struct hfa384x_usb_rmemresp
*rmemresp
;
762 static int usbctlx_rmem_completor_fn(struct usbctlx_completor
*head
)
764 struct usbctlx_rmem_completor
*complete
=
765 (struct usbctlx_rmem_completor
*)head
;
767 pr_debug("rmemresp:len=%d\n", complete
->rmemresp
->frmlen
);
768 memcpy(complete
->data
, complete
->rmemresp
->data
, complete
->len
);
772 static inline struct usbctlx_completor
*
773 init_rmem_completor(struct usbctlx_rmem_completor
*completor
,
774 struct hfa384x_usb_rmemresp
*rmemresp
,
778 completor
->head
.complete
= usbctlx_rmem_completor_fn
;
779 completor
->rmemresp
= rmemresp
;
780 completor
->data
= data
;
781 completor
->len
= len
;
782 return &completor
->head
;
785 /*----------------------------------------------------------------
788 * Ctlx_complete handler for async CMD type control exchanges.
789 * mark the hw struct as such.
791 * Note: If the handling is changed here, it should probably be
792 * changed in docmd as well.
796 * ctlx completed CTLX
805 *----------------------------------------------------------------
807 static void hfa384x_cb_status(struct hfa384x
*hw
,
808 const struct hfa384x_usbctlx
*ctlx
)
811 struct hfa384x_cmdresult cmdresult
;
813 if (ctlx
->state
!= CTLX_COMPLETE
) {
814 memset(&cmdresult
, 0, sizeof(cmdresult
));
816 HFA384x_STATUS_RESULT_SET(HFA384x_CMD_ERR
);
818 usbctlx_get_status(&ctlx
->inbuf
.cmdresp
, &cmdresult
);
821 ctlx
->usercb(hw
, &cmdresult
, ctlx
->usercb_data
);
825 static inline int hfa384x_docmd_wait(struct hfa384x
*hw
,
826 struct hfa384x_metacmd
*cmd
)
828 return hfa384x_docmd(hw
, DOWAIT
, cmd
, NULL
, NULL
, NULL
);
832 hfa384x_docmd_async(struct hfa384x
*hw
,
833 struct hfa384x_metacmd
*cmd
,
834 ctlx_cmdcb_t cmdcb
, ctlx_usercb_t usercb
, void *usercb_data
)
836 return hfa384x_docmd(hw
, DOASYNC
, cmd
, cmdcb
, usercb
, usercb_data
);
840 hfa384x_dorrid_wait(struct hfa384x
*hw
, u16 rid
, void *riddata
,
841 unsigned int riddatalen
)
843 return hfa384x_dorrid(hw
, DOWAIT
,
844 rid
, riddata
, riddatalen
, NULL
, NULL
, NULL
);
848 hfa384x_dorrid_async(struct hfa384x
*hw
,
849 u16 rid
, void *riddata
, unsigned int riddatalen
,
851 ctlx_usercb_t usercb
, void *usercb_data
)
853 return hfa384x_dorrid(hw
, DOASYNC
,
854 rid
, riddata
, riddatalen
,
855 cmdcb
, usercb
, usercb_data
);
859 hfa384x_dowrid_wait(struct hfa384x
*hw
, u16 rid
, void *riddata
,
860 unsigned int riddatalen
)
862 return hfa384x_dowrid(hw
, DOWAIT
,
863 rid
, riddata
, riddatalen
, NULL
, NULL
, NULL
);
867 hfa384x_dowrid_async(struct hfa384x
*hw
,
868 u16 rid
, void *riddata
, unsigned int riddatalen
,
870 ctlx_usercb_t usercb
, void *usercb_data
)
872 return hfa384x_dowrid(hw
, DOASYNC
,
873 rid
, riddata
, riddatalen
,
874 cmdcb
, usercb
, usercb_data
);
878 hfa384x_dormem_wait(struct hfa384x
*hw
,
879 u16 page
, u16 offset
, void *data
, unsigned int len
)
881 return hfa384x_dormem(hw
, DOWAIT
,
882 page
, offset
, data
, len
, NULL
, NULL
, NULL
);
886 hfa384x_dormem_async(struct hfa384x
*hw
,
887 u16 page
, u16 offset
, void *data
, unsigned int len
,
889 ctlx_usercb_t usercb
, void *usercb_data
)
891 return hfa384x_dormem(hw
, DOASYNC
,
892 page
, offset
, data
, len
,
893 cmdcb
, usercb
, usercb_data
);
897 hfa384x_dowmem_wait(struct hfa384x
*hw
,
898 u16 page
, u16 offset
, void *data
, unsigned int len
)
900 return hfa384x_dowmem(hw
, DOWAIT
,
901 page
, offset
, data
, len
, NULL
, NULL
, NULL
);
905 hfa384x_dowmem_async(struct hfa384x
*hw
,
911 ctlx_usercb_t usercb
, void *usercb_data
)
913 return hfa384x_dowmem(hw
, DOASYNC
,
914 page
, offset
, data
, len
,
915 cmdcb
, usercb
, usercb_data
);
918 /*----------------------------------------------------------------
919 * hfa384x_cmd_initialize
921 * Issues the initialize command and sets the hw->state based
925 * hw device structure
929 * >0 f/w reported error - f/w status code
930 * <0 driver reported error
936 *----------------------------------------------------------------
938 int hfa384x_cmd_initialize(struct hfa384x
*hw
)
942 struct hfa384x_metacmd cmd
;
944 cmd
.cmd
= HFA384x_CMDCODE_INIT
;
949 result
= hfa384x_docmd_wait(hw
, &cmd
);
951 pr_debug("cmdresp.init: status=0x%04x, resp0=0x%04x, resp1=0x%04x, resp2=0x%04x\n",
953 cmd
.result
.resp0
, cmd
.result
.resp1
, cmd
.result
.resp2
);
955 for (i
= 0; i
< HFA384x_NUMPORTS_MAX
; i
++)
956 hw
->port_enabled
[i
] = 0;
959 hw
->link_status
= HFA384x_LINK_NOTCONNECTED
;
964 /*----------------------------------------------------------------
965 * hfa384x_cmd_disable
967 * Issues the disable command to stop communications on one of
971 * hw device structure
972 * macport MAC port number (host order)
976 * >0 f/w reported failure - f/w status code
977 * <0 driver reported error (timeout|bad arg)
983 *----------------------------------------------------------------
985 int hfa384x_cmd_disable(struct hfa384x
*hw
, u16 macport
)
987 struct hfa384x_metacmd cmd
;
989 cmd
.cmd
= HFA384x_CMD_CMDCODE_SET(HFA384x_CMDCODE_DISABLE
) |
990 HFA384x_CMD_MACPORT_SET(macport
);
995 return hfa384x_docmd_wait(hw
, &cmd
);
998 /*----------------------------------------------------------------
1001 * Issues the enable command to enable communications on one of
1005 * hw device structure
1006 * macport MAC port number
1010 * >0 f/w reported failure - f/w status code
1011 * <0 driver reported error (timeout|bad arg)
1017 *----------------------------------------------------------------
1019 int hfa384x_cmd_enable(struct hfa384x
*hw
, u16 macport
)
1021 struct hfa384x_metacmd cmd
;
1023 cmd
.cmd
= HFA384x_CMD_CMDCODE_SET(HFA384x_CMDCODE_ENABLE
) |
1024 HFA384x_CMD_MACPORT_SET(macport
);
1029 return hfa384x_docmd_wait(hw
, &cmd
);
1032 /*----------------------------------------------------------------
1033 * hfa384x_cmd_monitor
1035 * Enables the 'monitor mode' of the MAC. Here's the description of
1036 * monitor mode that I've received thus far:
1038 * "The "monitor mode" of operation is that the MAC passes all
1039 * frames for which the PLCP checks are correct. All received
1040 * MPDUs are passed to the host with MAC Port = 7, with a
1041 * receive status of good, FCS error, or undecryptable. Passing
1042 * certain MPDUs is a violation of the 802.11 standard, but useful
1043 * for a debugging tool." Normal communication is not possible
1044 * while monitor mode is enabled.
1047 * hw device structure
1048 * enable a code (0x0b|0x0f) that enables/disables
1049 * monitor mode. (host order)
1053 * >0 f/w reported failure - f/w status code
1054 * <0 driver reported error (timeout|bad arg)
1060 *----------------------------------------------------------------
1062 int hfa384x_cmd_monitor(struct hfa384x
*hw
, u16 enable
)
1064 struct hfa384x_metacmd cmd
;
1066 cmd
.cmd
= HFA384x_CMD_CMDCODE_SET(HFA384x_CMDCODE_MONITOR
) |
1067 HFA384x_CMD_AINFO_SET(enable
);
1072 return hfa384x_docmd_wait(hw
, &cmd
);
1075 /*----------------------------------------------------------------
1076 * hfa384x_cmd_download
1078 * Sets the controls for the MAC controller code/data download
1079 * process. The arguments set the mode and address associated
1080 * with a download. Note that the aux registers should be enabled
1081 * prior to setting one of the download enable modes.
1084 * hw device structure
1085 * mode 0 - Disable programming and begin code exec
1086 * 1 - Enable volatile mem programming
1087 * 2 - Enable non-volatile mem programming
1088 * 3 - Program non-volatile section from NV download
1092 * highaddr For mode 1, sets the high & low order bits of
1093 * the "destination address". This address will be
1094 * the execution start address when download is
1095 * subsequently disabled.
1096 * For mode 2, sets the high & low order bits of
1097 * the destination in NV ram.
1098 * For modes 0 & 3, should be zero. (host order)
1099 * NOTE: these are CMD format.
1100 * codelen Length of the data to write in mode 2,
1101 * zero otherwise. (host order)
1105 * >0 f/w reported failure - f/w status code
1106 * <0 driver reported error (timeout|bad arg)
1112 *----------------------------------------------------------------
1114 int hfa384x_cmd_download(struct hfa384x
*hw
, u16 mode
, u16 lowaddr
,
1115 u16 highaddr
, u16 codelen
)
1117 struct hfa384x_metacmd cmd
;
1119 pr_debug("mode=%d, lowaddr=0x%04x, highaddr=0x%04x, codelen=%d\n",
1120 mode
, lowaddr
, highaddr
, codelen
);
1122 cmd
.cmd
= (HFA384x_CMD_CMDCODE_SET(HFA384x_CMDCODE_DOWNLD
) |
1123 HFA384x_CMD_PROGMODE_SET(mode
));
1125 cmd
.parm0
= lowaddr
;
1126 cmd
.parm1
= highaddr
;
1127 cmd
.parm2
= codelen
;
1129 return hfa384x_docmd_wait(hw
, &cmd
);
1132 /*----------------------------------------------------------------
1135 * Perform a reset of the hfa38xx MAC core. We assume that the hw
1136 * structure is in its "created" state. That is, it is initialized
1137 * with proper values. Note that if a reset is done after the
1138 * device has been active for awhile, the caller might have to clean
1139 * up some leftover cruft in the hw structure.
1142 * hw device structure
1143 * holdtime how long (in ms) to hold the reset
1144 * settletime how long (in ms) to wait after releasing
1154 *----------------------------------------------------------------
1156 int hfa384x_corereset(struct hfa384x
*hw
, int holdtime
,
1157 int settletime
, int genesis
)
1161 result
= usb_reset_device(hw
->usb
);
1163 netdev_err(hw
->wlandev
->netdev
, "usb_reset_device() failed, result=%d.\n",
1170 /*----------------------------------------------------------------
1171 * hfa384x_usbctlx_complete_sync
1173 * Waits for a synchronous CTLX object to complete,
1174 * and then handles the response.
1177 * hw device structure
1179 * completor functor object to decide what to
1180 * do with the CTLX's result.
1184 * -ERESTARTSYS Interrupted by a signal
1186 * -ENODEV Adapter was unplugged
1187 * ??? Result from completor
1193 *----------------------------------------------------------------
1195 static int hfa384x_usbctlx_complete_sync(struct hfa384x
*hw
,
1196 struct hfa384x_usbctlx
*ctlx
,
1197 struct usbctlx_completor
*completor
)
1199 unsigned long flags
;
1202 result
= wait_for_completion_interruptible(&ctlx
->done
);
1204 spin_lock_irqsave(&hw
->ctlxq
.lock
, flags
);
1207 * We can only handle the CTLX if the USB disconnect
1208 * function has not run yet ...
1211 if (hw
->wlandev
->hwremoved
) {
1212 spin_unlock_irqrestore(&hw
->ctlxq
.lock
, flags
);
1214 } else if (result
!= 0) {
1218 * We were probably interrupted, so delete
1219 * this CTLX asynchronously, kill the timers
1220 * and the URB, and then start the next
1223 * NOTE: We can only delete the timers and
1224 * the URB if this CTLX is active.
1226 if (ctlx
== get_active_ctlx(hw
)) {
1227 spin_unlock_irqrestore(&hw
->ctlxq
.lock
, flags
);
1229 del_singleshot_timer_sync(&hw
->reqtimer
);
1230 del_singleshot_timer_sync(&hw
->resptimer
);
1231 hw
->req_timer_done
= 1;
1232 hw
->resp_timer_done
= 1;
1233 usb_kill_urb(&hw
->ctlx_urb
);
1235 spin_lock_irqsave(&hw
->ctlxq
.lock
, flags
);
1240 * This scenario is so unlikely that I'm
1241 * happy with a grubby "goto" solution ...
1243 if (hw
->wlandev
->hwremoved
)
1248 * The completion task will send this CTLX
1249 * to the reaper the next time it runs. We
1250 * are no longer in a hurry.
1253 ctlx
->state
= CTLX_REQ_FAILED
;
1254 list_move_tail(&ctlx
->list
, &hw
->ctlxq
.completing
);
1256 spin_unlock_irqrestore(&hw
->ctlxq
.lock
, flags
);
1259 hfa384x_usbctlxq_run(hw
);
1261 if (ctlx
->state
== CTLX_COMPLETE
) {
1262 result
= completor
->complete(completor
);
1264 netdev_warn(hw
->wlandev
->netdev
, "CTLX[%d] error: state(%s)\n",
1265 le16_to_cpu(ctlx
->outbuf
.type
),
1266 ctlxstr(ctlx
->state
));
1270 list_del(&ctlx
->list
);
1271 spin_unlock_irqrestore(&hw
->ctlxq
.lock
, flags
);
1278 /*----------------------------------------------------------------
1281 * Constructs a command CTLX and submits it.
1283 * NOTE: Any changes to the 'post-submit' code in this function
1284 * need to be carried over to hfa384x_cbcmd() since the handling
1285 * is virtually identical.
1288 * hw device structure
1289 * mode DOWAIT or DOASYNC
1290 * cmd cmd structure. Includes all arguments and result
1291 * data points. All in host order. in host order
1292 * cmdcb command-specific callback
1293 * usercb user callback for async calls, NULL for DOWAIT calls
1294 * usercb_data user supplied data pointer for async calls, NULL
1300 * -ERESTARTSYS Awakened on signal
1301 * >0 command indicated error, Status and Resp0-2 are
1309 *----------------------------------------------------------------
1312 hfa384x_docmd(struct hfa384x
*hw
,
1314 struct hfa384x_metacmd
*cmd
,
1315 ctlx_cmdcb_t cmdcb
, ctlx_usercb_t usercb
, void *usercb_data
)
1318 struct hfa384x_usbctlx
*ctlx
;
1320 ctlx
= usbctlx_alloc();
1326 /* Initialize the command */
1327 ctlx
->outbuf
.cmdreq
.type
= cpu_to_le16(HFA384x_USB_CMDREQ
);
1328 ctlx
->outbuf
.cmdreq
.cmd
= cpu_to_le16(cmd
->cmd
);
1329 ctlx
->outbuf
.cmdreq
.parm0
= cpu_to_le16(cmd
->parm0
);
1330 ctlx
->outbuf
.cmdreq
.parm1
= cpu_to_le16(cmd
->parm1
);
1331 ctlx
->outbuf
.cmdreq
.parm2
= cpu_to_le16(cmd
->parm2
);
1333 ctlx
->outbufsize
= sizeof(ctlx
->outbuf
.cmdreq
);
1335 pr_debug("cmdreq: cmd=0x%04x parm0=0x%04x parm1=0x%04x parm2=0x%04x\n",
1336 cmd
->cmd
, cmd
->parm0
, cmd
->parm1
, cmd
->parm2
);
1338 ctlx
->reapable
= mode
;
1339 ctlx
->cmdcb
= cmdcb
;
1340 ctlx
->usercb
= usercb
;
1341 ctlx
->usercb_data
= usercb_data
;
1343 result
= hfa384x_usbctlx_submit(hw
, ctlx
);
1346 } else if (mode
== DOWAIT
) {
1347 struct usbctlx_cmd_completor completor
;
1350 hfa384x_usbctlx_complete_sync(hw
, ctlx
,
1351 init_cmd_completor(&completor
,
1363 /*----------------------------------------------------------------
1366 * Constructs a read rid CTLX and issues it.
1368 * NOTE: Any changes to the 'post-submit' code in this function
1369 * need to be carried over to hfa384x_cbrrid() since the handling
1370 * is virtually identical.
1373 * hw device structure
1374 * mode DOWAIT or DOASYNC
1375 * rid Read RID number (host order)
1376 * riddata Caller supplied buffer that MAC formatted RID.data
1377 * record will be written to for DOWAIT calls. Should
1378 * be NULL for DOASYNC calls.
1379 * riddatalen Buffer length for DOWAIT calls. Zero for DOASYNC calls.
1380 * cmdcb command callback for async calls, NULL for DOWAIT calls
1381 * usercb user callback for async calls, NULL for DOWAIT calls
1382 * usercb_data user supplied data pointer for async calls, NULL
1388 * -ERESTARTSYS Awakened on signal
1389 * -ENODATA riddatalen != macdatalen
1390 * >0 command indicated error, Status and Resp0-2 are
1396 * interrupt (DOASYNC)
1397 * process (DOWAIT or DOASYNC)
1398 *----------------------------------------------------------------
1401 hfa384x_dorrid(struct hfa384x
*hw
,
1405 unsigned int riddatalen
,
1406 ctlx_cmdcb_t cmdcb
, ctlx_usercb_t usercb
, void *usercb_data
)
1409 struct hfa384x_usbctlx
*ctlx
;
1411 ctlx
= usbctlx_alloc();
1417 /* Initialize the command */
1418 ctlx
->outbuf
.rridreq
.type
= cpu_to_le16(HFA384x_USB_RRIDREQ
);
1419 ctlx
->outbuf
.rridreq
.frmlen
=
1420 cpu_to_le16(sizeof(ctlx
->outbuf
.rridreq
.rid
));
1421 ctlx
->outbuf
.rridreq
.rid
= cpu_to_le16(rid
);
1423 ctlx
->outbufsize
= sizeof(ctlx
->outbuf
.rridreq
);
1425 ctlx
->reapable
= mode
;
1426 ctlx
->cmdcb
= cmdcb
;
1427 ctlx
->usercb
= usercb
;
1428 ctlx
->usercb_data
= usercb_data
;
1430 /* Submit the CTLX */
1431 result
= hfa384x_usbctlx_submit(hw
, ctlx
);
1434 } else if (mode
== DOWAIT
) {
1435 struct usbctlx_rrid_completor completor
;
1438 hfa384x_usbctlx_complete_sync(hw
, ctlx
,
1441 &ctlx
->inbuf
.rridresp
,
1442 riddata
, riddatalen
));
1449 /*----------------------------------------------------------------
1452 * Constructs a write rid CTLX and issues it.
1454 * NOTE: Any changes to the 'post-submit' code in this function
1455 * need to be carried over to hfa384x_cbwrid() since the handling
1456 * is virtually identical.
1459 * hw device structure
1460 * enum cmd_mode DOWAIT or DOASYNC
1462 * riddata Data portion of RID formatted for MAC
1463 * riddatalen Length of the data portion in bytes
1464 * cmdcb command callback for async calls, NULL for DOWAIT calls
1465 * usercb user callback for async calls, NULL for DOWAIT calls
1466 * usercb_data user supplied data pointer for async calls
1470 * -ETIMEDOUT timed out waiting for register ready or
1471 * command completion
1472 * >0 command indicated error, Status and Resp0-2 are
1478 * interrupt (DOASYNC)
1479 * process (DOWAIT or DOASYNC)
1480 *----------------------------------------------------------------
1483 hfa384x_dowrid(struct hfa384x
*hw
,
1487 unsigned int riddatalen
,
1488 ctlx_cmdcb_t cmdcb
, ctlx_usercb_t usercb
, void *usercb_data
)
1491 struct hfa384x_usbctlx
*ctlx
;
1493 ctlx
= usbctlx_alloc();
1499 /* Initialize the command */
1500 ctlx
->outbuf
.wridreq
.type
= cpu_to_le16(HFA384x_USB_WRIDREQ
);
1501 ctlx
->outbuf
.wridreq
.frmlen
= cpu_to_le16((sizeof
1502 (ctlx
->outbuf
.wridreq
.rid
) +
1503 riddatalen
+ 1) / 2);
1504 ctlx
->outbuf
.wridreq
.rid
= cpu_to_le16(rid
);
1505 memcpy(ctlx
->outbuf
.wridreq
.data
, riddata
, riddatalen
);
1507 ctlx
->outbufsize
= sizeof(ctlx
->outbuf
.wridreq
.type
) +
1508 sizeof(ctlx
->outbuf
.wridreq
.frmlen
) +
1509 sizeof(ctlx
->outbuf
.wridreq
.rid
) + riddatalen
;
1511 ctlx
->reapable
= mode
;
1512 ctlx
->cmdcb
= cmdcb
;
1513 ctlx
->usercb
= usercb
;
1514 ctlx
->usercb_data
= usercb_data
;
1516 /* Submit the CTLX */
1517 result
= hfa384x_usbctlx_submit(hw
, ctlx
);
1520 } else if (mode
== DOWAIT
) {
1521 struct usbctlx_cmd_completor completor
;
1522 struct hfa384x_cmdresult wridresult
;
1524 result
= hfa384x_usbctlx_complete_sync(hw
,
1528 &ctlx
->inbuf
.wridresp
,
1536 /*----------------------------------------------------------------
1539 * Constructs a readmem CTLX and issues it.
1541 * NOTE: Any changes to the 'post-submit' code in this function
1542 * need to be carried over to hfa384x_cbrmem() since the handling
1543 * is virtually identical.
1546 * hw device structure
1547 * mode DOWAIT or DOASYNC
1548 * page MAC address space page (CMD format)
1549 * offset MAC address space offset
1550 * data Ptr to data buffer to receive read
1551 * len Length of the data to read (max == 2048)
1552 * cmdcb command callback for async calls, NULL for DOWAIT calls
1553 * usercb user callback for async calls, NULL for DOWAIT calls
1554 * usercb_data user supplied data pointer for async calls
1558 * -ETIMEDOUT timed out waiting for register ready or
1559 * command completion
1560 * >0 command indicated error, Status and Resp0-2 are
1566 * interrupt (DOASYNC)
1567 * process (DOWAIT or DOASYNC)
1568 *----------------------------------------------------------------
1571 hfa384x_dormem(struct hfa384x
*hw
,
1577 ctlx_cmdcb_t cmdcb
, ctlx_usercb_t usercb
, void *usercb_data
)
1580 struct hfa384x_usbctlx
*ctlx
;
1582 ctlx
= usbctlx_alloc();
1588 /* Initialize the command */
1589 ctlx
->outbuf
.rmemreq
.type
= cpu_to_le16(HFA384x_USB_RMEMREQ
);
1590 ctlx
->outbuf
.rmemreq
.frmlen
=
1591 cpu_to_le16(sizeof(ctlx
->outbuf
.rmemreq
.offset
) +
1592 sizeof(ctlx
->outbuf
.rmemreq
.page
) + len
);
1593 ctlx
->outbuf
.rmemreq
.offset
= cpu_to_le16(offset
);
1594 ctlx
->outbuf
.rmemreq
.page
= cpu_to_le16(page
);
1596 ctlx
->outbufsize
= sizeof(ctlx
->outbuf
.rmemreq
);
1598 pr_debug("type=0x%04x frmlen=%d offset=0x%04x page=0x%04x\n",
1599 ctlx
->outbuf
.rmemreq
.type
,
1600 ctlx
->outbuf
.rmemreq
.frmlen
,
1601 ctlx
->outbuf
.rmemreq
.offset
, ctlx
->outbuf
.rmemreq
.page
);
1603 pr_debug("pktsize=%zd\n", ROUNDUP64(sizeof(ctlx
->outbuf
.rmemreq
)));
1605 ctlx
->reapable
= mode
;
1606 ctlx
->cmdcb
= cmdcb
;
1607 ctlx
->usercb
= usercb
;
1608 ctlx
->usercb_data
= usercb_data
;
1610 result
= hfa384x_usbctlx_submit(hw
, ctlx
);
1613 } else if (mode
== DOWAIT
) {
1614 struct usbctlx_rmem_completor completor
;
1617 hfa384x_usbctlx_complete_sync(hw
, ctlx
,
1620 &ctlx
->inbuf
.rmemresp
, data
,
1628 /*----------------------------------------------------------------
1631 * Constructs a writemem CTLX and issues it.
1633 * NOTE: Any changes to the 'post-submit' code in this function
1634 * need to be carried over to hfa384x_cbwmem() since the handling
1635 * is virtually identical.
1638 * hw device structure
1639 * mode DOWAIT or DOASYNC
1640 * page MAC address space page (CMD format)
1641 * offset MAC address space offset
1642 * data Ptr to data buffer containing write data
1643 * len Length of the data to read (max == 2048)
1644 * cmdcb command callback for async calls, NULL for DOWAIT calls
1645 * usercb user callback for async calls, NULL for DOWAIT calls
1646 * usercb_data user supplied data pointer for async calls.
1650 * -ETIMEDOUT timed out waiting for register ready or
1651 * command completion
1652 * >0 command indicated error, Status and Resp0-2 are
1658 * interrupt (DOWAIT)
1659 * process (DOWAIT or DOASYNC)
1660 *----------------------------------------------------------------
1663 hfa384x_dowmem(struct hfa384x
*hw
,
1669 ctlx_cmdcb_t cmdcb
, ctlx_usercb_t usercb
, void *usercb_data
)
1672 struct hfa384x_usbctlx
*ctlx
;
1674 pr_debug("page=0x%04x offset=0x%04x len=%d\n", page
, offset
, len
);
1676 ctlx
= usbctlx_alloc();
1682 /* Initialize the command */
1683 ctlx
->outbuf
.wmemreq
.type
= cpu_to_le16(HFA384x_USB_WMEMREQ
);
1684 ctlx
->outbuf
.wmemreq
.frmlen
=
1685 cpu_to_le16(sizeof(ctlx
->outbuf
.wmemreq
.offset
) +
1686 sizeof(ctlx
->outbuf
.wmemreq
.page
) + len
);
1687 ctlx
->outbuf
.wmemreq
.offset
= cpu_to_le16(offset
);
1688 ctlx
->outbuf
.wmemreq
.page
= cpu_to_le16(page
);
1689 memcpy(ctlx
->outbuf
.wmemreq
.data
, data
, len
);
1691 ctlx
->outbufsize
= sizeof(ctlx
->outbuf
.wmemreq
.type
) +
1692 sizeof(ctlx
->outbuf
.wmemreq
.frmlen
) +
1693 sizeof(ctlx
->outbuf
.wmemreq
.offset
) +
1694 sizeof(ctlx
->outbuf
.wmemreq
.page
) + len
;
1696 ctlx
->reapable
= mode
;
1697 ctlx
->cmdcb
= cmdcb
;
1698 ctlx
->usercb
= usercb
;
1699 ctlx
->usercb_data
= usercb_data
;
1701 result
= hfa384x_usbctlx_submit(hw
, ctlx
);
1704 } else if (mode
== DOWAIT
) {
1705 struct usbctlx_cmd_completor completor
;
1706 struct hfa384x_cmdresult wmemresult
;
1708 result
= hfa384x_usbctlx_complete_sync(hw
,
1712 &ctlx
->inbuf
.wmemresp
,
1720 /*----------------------------------------------------------------
1721 * hfa384x_drvr_disable
1723 * Issues the disable command to stop communications on one of
1724 * the MACs 'ports'. Only macport 0 is valid for stations.
1725 * APs may also disable macports 1-6. Only ports that have been
1726 * previously enabled may be disabled.
1729 * hw device structure
1730 * macport MAC port number (host order)
1734 * >0 f/w reported failure - f/w status code
1735 * <0 driver reported error (timeout|bad arg)
1741 *----------------------------------------------------------------
1743 int hfa384x_drvr_disable(struct hfa384x
*hw
, u16 macport
)
1747 if ((!hw
->isap
&& macport
!= 0) ||
1748 (hw
->isap
&& !(macport
<= HFA384x_PORTID_MAX
)) ||
1749 !(hw
->port_enabled
[macport
])) {
1752 result
= hfa384x_cmd_disable(hw
, macport
);
1754 hw
->port_enabled
[macport
] = 0;
1759 /*----------------------------------------------------------------
1760 * hfa384x_drvr_enable
1762 * Issues the enable command to enable communications on one of
1763 * the MACs 'ports'. Only macport 0 is valid for stations.
1764 * APs may also enable macports 1-6. Only ports that are currently
1765 * disabled may be enabled.
1768 * hw device structure
1769 * macport MAC port number
1773 * >0 f/w reported failure - f/w status code
1774 * <0 driver reported error (timeout|bad arg)
1780 *----------------------------------------------------------------
1782 int hfa384x_drvr_enable(struct hfa384x
*hw
, u16 macport
)
1786 if ((!hw
->isap
&& macport
!= 0) ||
1787 (hw
->isap
&& !(macport
<= HFA384x_PORTID_MAX
)) ||
1788 (hw
->port_enabled
[macport
])) {
1791 result
= hfa384x_cmd_enable(hw
, macport
);
1793 hw
->port_enabled
[macport
] = 1;
1798 /*----------------------------------------------------------------
1799 * hfa384x_drvr_flashdl_enable
1801 * Begins the flash download state. Checks to see that we're not
1802 * already in a download state and that a port isn't enabled.
1803 * Sets the download state and retrieves the flash download
1804 * buffer location, buffer size, and timeout length.
1807 * hw device structure
1811 * >0 f/w reported error - f/w status code
1812 * <0 driver reported error
1818 *----------------------------------------------------------------
1820 int hfa384x_drvr_flashdl_enable(struct hfa384x
*hw
)
1825 /* Check that a port isn't active */
1826 for (i
= 0; i
< HFA384x_PORTID_MAX
; i
++) {
1827 if (hw
->port_enabled
[i
]) {
1828 pr_debug("called when port enabled.\n");
1833 /* Check that we're not already in a download state */
1834 if (hw
->dlstate
!= HFA384x_DLSTATE_DISABLED
)
1837 /* Retrieve the buffer loc&size and timeout */
1838 result
= hfa384x_drvr_getconfig(hw
, HFA384x_RID_DOWNLOADBUFFER
,
1839 &hw
->bufinfo
, sizeof(hw
->bufinfo
));
1843 hw
->bufinfo
.page
= le16_to_cpu(hw
->bufinfo
.page
);
1844 hw
->bufinfo
.offset
= le16_to_cpu(hw
->bufinfo
.offset
);
1845 hw
->bufinfo
.len
= le16_to_cpu(hw
->bufinfo
.len
);
1846 result
= hfa384x_drvr_getconfig16(hw
, HFA384x_RID_MAXLOADTIME
,
1851 hw
->dltimeout
= le16_to_cpu(hw
->dltimeout
);
1853 pr_debug("flashdl_enable\n");
1855 hw
->dlstate
= HFA384x_DLSTATE_FLASHENABLED
;
1860 /*----------------------------------------------------------------
1861 * hfa384x_drvr_flashdl_disable
1863 * Ends the flash download state. Note that this will cause the MAC
1864 * firmware to restart.
1867 * hw device structure
1871 * >0 f/w reported error - f/w status code
1872 * <0 driver reported error
1878 *----------------------------------------------------------------
1880 int hfa384x_drvr_flashdl_disable(struct hfa384x
*hw
)
1882 /* Check that we're already in the download state */
1883 if (hw
->dlstate
!= HFA384x_DLSTATE_FLASHENABLED
)
1886 pr_debug("flashdl_enable\n");
1888 /* There isn't much we can do at this point, so I don't */
1889 /* bother w/ the return value */
1890 hfa384x_cmd_download(hw
, HFA384x_PROGMODE_DISABLE
, 0, 0, 0);
1891 hw
->dlstate
= HFA384x_DLSTATE_DISABLED
;
1896 /*----------------------------------------------------------------
1897 * hfa384x_drvr_flashdl_write
1899 * Performs a FLASH download of a chunk of data. First checks to see
1900 * that we're in the FLASH download state, then sets the download
1901 * mode, uses the aux functions to 1) copy the data to the flash
1902 * buffer, 2) sets the download 'write flash' mode, 3) readback and
1903 * compare. Lather rinse, repeat as many times an necessary to get
1904 * all the given data into flash.
1905 * When all data has been written using this function (possibly
1906 * repeatedly), call drvr_flashdl_disable() to end the download state
1907 * and restart the MAC.
1910 * hw device structure
1911 * daddr Card address to write to. (host order)
1912 * buf Ptr to data to write.
1913 * len Length of data (host order).
1917 * >0 f/w reported error - f/w status code
1918 * <0 driver reported error
1924 *----------------------------------------------------------------
1926 int hfa384x_drvr_flashdl_write(struct hfa384x
*hw
, u32 daddr
,
1944 pr_debug("daddr=0x%08x len=%d\n", daddr
, len
);
1946 /* Check that we're in the flash download state */
1947 if (hw
->dlstate
!= HFA384x_DLSTATE_FLASHENABLED
)
1950 netdev_info(hw
->wlandev
->netdev
,
1951 "Download %d bytes to flash @0x%06x\n", len
, daddr
);
1953 /* Convert to flat address for arithmetic */
1954 /* NOTE: dlbuffer RID stores the address in AUX format */
1956 HFA384x_ADDR_AUX_MKFLAT(hw
->bufinfo
.page
, hw
->bufinfo
.offset
);
1957 pr_debug("dlbuf.page=0x%04x dlbuf.offset=0x%04x dlbufaddr=0x%08x\n",
1958 hw
->bufinfo
.page
, hw
->bufinfo
.offset
, dlbufaddr
);
1959 /* Calculations to determine how many fills of the dlbuffer to do
1960 * and how many USB wmemreq's to do for each fill. At this point
1961 * in time, the dlbuffer size and the wmemreq size are the same.
1962 * Therefore, nwrites should always be 1. The extra complexity
1963 * here is a hedge against future changes.
1966 /* Figure out how many times to do the flash programming */
1967 nburns
= len
/ hw
->bufinfo
.len
;
1968 nburns
+= (len
% hw
->bufinfo
.len
) ? 1 : 0;
1970 /* For each flash program cycle, how many USB wmemreq's are needed? */
1971 nwrites
= hw
->bufinfo
.len
/ HFA384x_USB_RWMEM_MAXLEN
;
1972 nwrites
+= (hw
->bufinfo
.len
% HFA384x_USB_RWMEM_MAXLEN
) ? 1 : 0;
1975 for (i
= 0; i
< nburns
; i
++) {
1976 /* Get the dest address and len */
1977 burnlen
= (len
- (hw
->bufinfo
.len
* i
)) > hw
->bufinfo
.len
?
1978 hw
->bufinfo
.len
: (len
- (hw
->bufinfo
.len
* i
));
1979 burndaddr
= daddr
+ (hw
->bufinfo
.len
* i
);
1980 burnlo
= HFA384x_ADDR_CMD_MKOFF(burndaddr
);
1981 burnhi
= HFA384x_ADDR_CMD_MKPAGE(burndaddr
);
1983 netdev_info(hw
->wlandev
->netdev
, "Writing %d bytes to flash @0x%06x\n",
1984 burnlen
, burndaddr
);
1986 /* Set the download mode */
1987 result
= hfa384x_cmd_download(hw
, HFA384x_PROGMODE_NV
,
1988 burnlo
, burnhi
, burnlen
);
1990 netdev_err(hw
->wlandev
->netdev
,
1991 "download(NV,lo=%x,hi=%x,len=%x) cmd failed, result=%d. Aborting d/l\n",
1992 burnlo
, burnhi
, burnlen
, result
);
1996 /* copy the data to the flash download buffer */
1997 for (j
= 0; j
< nwrites
; j
++) {
1999 (i
* hw
->bufinfo
.len
) +
2000 (j
* HFA384x_USB_RWMEM_MAXLEN
);
2002 writepage
= HFA384x_ADDR_CMD_MKPAGE(dlbufaddr
+
2003 (j
* HFA384x_USB_RWMEM_MAXLEN
));
2004 writeoffset
= HFA384x_ADDR_CMD_MKOFF(dlbufaddr
+
2005 (j
* HFA384x_USB_RWMEM_MAXLEN
));
2007 writelen
= burnlen
- (j
* HFA384x_USB_RWMEM_MAXLEN
);
2008 writelen
= writelen
> HFA384x_USB_RWMEM_MAXLEN
?
2009 HFA384x_USB_RWMEM_MAXLEN
: writelen
;
2011 result
= hfa384x_dowmem_wait(hw
,
2014 writebuf
, writelen
);
2017 /* set the download 'write flash' mode */
2018 result
= hfa384x_cmd_download(hw
,
2019 HFA384x_PROGMODE_NVWRITE
,
2022 netdev_err(hw
->wlandev
->netdev
,
2023 "download(NVWRITE,lo=%x,hi=%x,len=%x) cmd failed, result=%d. Aborting d/l\n",
2024 burnlo
, burnhi
, burnlen
, result
);
2028 /* TODO: We really should do a readback and compare. */
2033 /* Leave the firmware in the 'post-prog' mode. flashdl_disable will */
2034 /* actually disable programming mode. Remember, that will cause the */
2035 /* the firmware to effectively reset itself. */
2040 /*----------------------------------------------------------------
2041 * hfa384x_drvr_getconfig
2043 * Performs the sequence necessary to read a config/info item.
2046 * hw device structure
2047 * rid config/info record id (host order)
2048 * buf host side record buffer. Upon return it will
2049 * contain the body portion of the record (minus the
2051 * len buffer length (in bytes, should match record length)
2055 * >0 f/w reported error - f/w status code
2056 * <0 driver reported error
2057 * -ENODATA length mismatch between argument and retrieved
2064 *----------------------------------------------------------------
2066 int hfa384x_drvr_getconfig(struct hfa384x
*hw
, u16 rid
, void *buf
, u16 len
)
2068 return hfa384x_dorrid_wait(hw
, rid
, buf
, len
);
2071 /*----------------------------------------------------------------
2072 * hfa384x_drvr_setconfig_async
2074 * Performs the sequence necessary to write a config/info item.
2077 * hw device structure
2078 * rid config/info record id (in host order)
2079 * buf host side record buffer
2080 * len buffer length (in bytes)
2081 * usercb completion callback
2082 * usercb_data completion callback argument
2086 * >0 f/w reported error - f/w status code
2087 * <0 driver reported error
2093 *----------------------------------------------------------------
2096 hfa384x_drvr_setconfig_async(struct hfa384x
*hw
,
2099 u16 len
, ctlx_usercb_t usercb
, void *usercb_data
)
2101 return hfa384x_dowrid_async(hw
, rid
, buf
, len
,
2102 hfa384x_cb_status
, usercb
, usercb_data
);
2105 /*----------------------------------------------------------------
2106 * hfa384x_drvr_ramdl_disable
2108 * Ends the ram download state.
2111 * hw device structure
2115 * >0 f/w reported error - f/w status code
2116 * <0 driver reported error
2122 *----------------------------------------------------------------
2124 int hfa384x_drvr_ramdl_disable(struct hfa384x
*hw
)
2126 /* Check that we're already in the download state */
2127 if (hw
->dlstate
!= HFA384x_DLSTATE_RAMENABLED
)
2130 pr_debug("ramdl_disable()\n");
2132 /* There isn't much we can do at this point, so I don't */
2133 /* bother w/ the return value */
2134 hfa384x_cmd_download(hw
, HFA384x_PROGMODE_DISABLE
, 0, 0, 0);
2135 hw
->dlstate
= HFA384x_DLSTATE_DISABLED
;
2140 /*----------------------------------------------------------------
2141 * hfa384x_drvr_ramdl_enable
2143 * Begins the ram download state. Checks to see that we're not
2144 * already in a download state and that a port isn't enabled.
2145 * Sets the download state and calls cmd_download with the
2146 * ENABLE_VOLATILE subcommand and the exeaddr argument.
2149 * hw device structure
2150 * exeaddr the card execution address that will be
2151 * jumped to when ramdl_disable() is called
2156 * >0 f/w reported error - f/w status code
2157 * <0 driver reported error
2163 *----------------------------------------------------------------
2165 int hfa384x_drvr_ramdl_enable(struct hfa384x
*hw
, u32 exeaddr
)
2172 /* Check that a port isn't active */
2173 for (i
= 0; i
< HFA384x_PORTID_MAX
; i
++) {
2174 if (hw
->port_enabled
[i
]) {
2175 netdev_err(hw
->wlandev
->netdev
,
2176 "Can't download with a macport enabled.\n");
2181 /* Check that we're not already in a download state */
2182 if (hw
->dlstate
!= HFA384x_DLSTATE_DISABLED
) {
2183 netdev_err(hw
->wlandev
->netdev
,
2184 "Download state not disabled.\n");
2188 pr_debug("ramdl_enable, exeaddr=0x%08x\n", exeaddr
);
2190 /* Call the download(1,addr) function */
2191 lowaddr
= HFA384x_ADDR_CMD_MKOFF(exeaddr
);
2192 hiaddr
= HFA384x_ADDR_CMD_MKPAGE(exeaddr
);
2194 result
= hfa384x_cmd_download(hw
, HFA384x_PROGMODE_RAM
,
2195 lowaddr
, hiaddr
, 0);
2198 /* Set the download state */
2199 hw
->dlstate
= HFA384x_DLSTATE_RAMENABLED
;
2201 pr_debug("cmd_download(0x%04x, 0x%04x) failed, result=%d.\n",
2202 lowaddr
, hiaddr
, result
);
2208 /*----------------------------------------------------------------
2209 * hfa384x_drvr_ramdl_write
2211 * Performs a RAM download of a chunk of data. First checks to see
2212 * that we're in the RAM download state, then uses the [read|write]mem USB
2213 * commands to 1) copy the data, 2) readback and compare. The download
2214 * state is unaffected. When all data has been written using
2215 * this function, call drvr_ramdl_disable() to end the download state
2216 * and restart the MAC.
2219 * hw device structure
2220 * daddr Card address to write to. (host order)
2221 * buf Ptr to data to write.
2222 * len Length of data (host order).
2226 * >0 f/w reported error - f/w status code
2227 * <0 driver reported error
2233 *----------------------------------------------------------------
2235 int hfa384x_drvr_ramdl_write(struct hfa384x
*hw
, u32 daddr
, void *buf
, u32 len
)
2246 /* Check that we're in the ram download state */
2247 if (hw
->dlstate
!= HFA384x_DLSTATE_RAMENABLED
)
2250 netdev_info(hw
->wlandev
->netdev
, "Writing %d bytes to ram @0x%06x\n",
2253 /* How many dowmem calls? */
2254 nwrites
= len
/ HFA384x_USB_RWMEM_MAXLEN
;
2255 nwrites
+= len
% HFA384x_USB_RWMEM_MAXLEN
? 1 : 0;
2257 /* Do blocking wmem's */
2258 for (i
= 0; i
< nwrites
; i
++) {
2259 /* make address args */
2260 curraddr
= daddr
+ (i
* HFA384x_USB_RWMEM_MAXLEN
);
2261 currpage
= HFA384x_ADDR_CMD_MKPAGE(curraddr
);
2262 curroffset
= HFA384x_ADDR_CMD_MKOFF(curraddr
);
2263 currlen
= len
- (i
* HFA384x_USB_RWMEM_MAXLEN
);
2264 if (currlen
> HFA384x_USB_RWMEM_MAXLEN
)
2265 currlen
= HFA384x_USB_RWMEM_MAXLEN
;
2267 /* Do blocking ctlx */
2268 result
= hfa384x_dowmem_wait(hw
,
2272 (i
* HFA384x_USB_RWMEM_MAXLEN
),
2278 /* TODO: We really should have a readback. */
2284 /*----------------------------------------------------------------
2285 * hfa384x_drvr_readpda
2287 * Performs the sequence to read the PDA space. Note there is no
2288 * drvr_writepda() function. Writing a PDA is
2289 * generally implemented by a calling component via calls to
2290 * cmd_download and writing to the flash download buffer via the
2294 * hw device structure
2295 * buf buffer to store PDA in
2300 * >0 f/w reported error - f/w status code
2301 * <0 driver reported error
2302 * -ETIMEDOUT timeout waiting for the cmd regs to become
2303 * available, or waiting for the control reg
2304 * to indicate the Aux port is enabled.
2305 * -ENODATA the buffer does NOT contain a valid PDA.
2306 * Either the card PDA is bad, or the auxdata
2307 * reads are giving us garbage.
2313 * process or non-card interrupt.
2314 *----------------------------------------------------------------
2316 int hfa384x_drvr_readpda(struct hfa384x
*hw
, void *buf
, unsigned int len
)
2322 int currpdr
= 0; /* word offset of the current pdr */
2324 u16 pdrlen
; /* pdr length in bytes, host order */
2325 u16 pdrcode
; /* pdr code, host order */
2333 HFA3842_PDA_BASE
, 0}, {
2334 HFA3841_PDA_BASE
, 0}, {
2335 HFA3841_PDA_BOGUS_BASE
, 0}
2338 /* Read the pda from each known address. */
2339 for (i
= 0; i
< ARRAY_SIZE(pdaloc
); i
++) {
2341 currpage
= HFA384x_ADDR_CMD_MKPAGE(pdaloc
[i
].cardaddr
);
2342 curroffset
= HFA384x_ADDR_CMD_MKOFF(pdaloc
[i
].cardaddr
);
2344 /* units of bytes */
2345 result
= hfa384x_dormem_wait(hw
, currpage
, curroffset
, buf
,
2349 netdev_warn(hw
->wlandev
->netdev
,
2350 "Read from index %zd failed, continuing\n",
2355 /* Test for garbage */
2356 pdaok
= 1; /* initially assume good */
2358 while (pdaok
&& morepdrs
) {
2359 pdrlen
= le16_to_cpu(pda
[currpdr
]) * 2;
2360 pdrcode
= le16_to_cpu(pda
[currpdr
+ 1]);
2361 /* Test the record length */
2362 if (pdrlen
> HFA384x_PDR_LEN_MAX
|| pdrlen
== 0) {
2363 netdev_err(hw
->wlandev
->netdev
,
2364 "pdrlen invalid=%d\n", pdrlen
);
2369 if (!hfa384x_isgood_pdrcode(pdrcode
)) {
2370 netdev_err(hw
->wlandev
->netdev
, "pdrcode invalid=%d\n",
2375 /* Test for completion */
2376 if (pdrcode
== HFA384x_PDR_END_OF_PDA
)
2379 /* Move to the next pdr (if necessary) */
2381 /* note the access to pda[], need words here */
2382 currpdr
+= le16_to_cpu(pda
[currpdr
]) + 1;
2386 netdev_info(hw
->wlandev
->netdev
,
2387 "PDA Read from 0x%08x in %s space.\n",
2389 pdaloc
[i
].auxctl
== 0 ? "EXTDS" :
2390 pdaloc
[i
].auxctl
== 1 ? "NV" :
2391 pdaloc
[i
].auxctl
== 2 ? "PHY" :
2392 pdaloc
[i
].auxctl
== 3 ? "ICSRAM" :
2397 result
= pdaok
? 0 : -ENODATA
;
2400 pr_debug("Failure: pda is not okay\n");
2405 /*----------------------------------------------------------------
2406 * hfa384x_drvr_setconfig
2408 * Performs the sequence necessary to write a config/info item.
2411 * hw device structure
2412 * rid config/info record id (in host order)
2413 * buf host side record buffer
2414 * len buffer length (in bytes)
2418 * >0 f/w reported error - f/w status code
2419 * <0 driver reported error
2425 *----------------------------------------------------------------
2427 int hfa384x_drvr_setconfig(struct hfa384x
*hw
, u16 rid
, void *buf
, u16 len
)
2429 return hfa384x_dowrid_wait(hw
, rid
, buf
, len
);
2432 /*----------------------------------------------------------------
2433 * hfa384x_drvr_start
2435 * Issues the MAC initialize command, sets up some data structures,
2436 * and enables the interrupts. After this function completes, the
2437 * low-level stuff should be ready for any/all commands.
2440 * hw device structure
2443 * >0 f/w reported error - f/w status code
2444 * <0 driver reported error
2450 *----------------------------------------------------------------
2452 int hfa384x_drvr_start(struct hfa384x
*hw
)
2454 int result
, result1
, result2
;
2459 /* Clear endpoint stalls - but only do this if the endpoint
2460 * is showing a stall status. Some prism2 cards seem to behave
2461 * badly if a clear_halt is called when the endpoint is already
2465 usb_get_status(hw
->usb
, USB_RECIP_ENDPOINT
, hw
->endp_in
, &status
);
2467 netdev_err(hw
->wlandev
->netdev
, "Cannot get bulk in endpoint status.\n");
2470 if ((status
== 1) && usb_clear_halt(hw
->usb
, hw
->endp_in
))
2471 netdev_err(hw
->wlandev
->netdev
, "Failed to reset bulk in endpoint.\n");
2474 usb_get_status(hw
->usb
, USB_RECIP_ENDPOINT
, hw
->endp_out
, &status
);
2476 netdev_err(hw
->wlandev
->netdev
, "Cannot get bulk out endpoint status.\n");
2479 if ((status
== 1) && usb_clear_halt(hw
->usb
, hw
->endp_out
))
2480 netdev_err(hw
->wlandev
->netdev
, "Failed to reset bulk out endpoint.\n");
2482 /* Synchronous unlink, in case we're trying to restart the driver */
2483 usb_kill_urb(&hw
->rx_urb
);
2485 /* Post the IN urb */
2486 result
= submit_rx_urb(hw
, GFP_KERNEL
);
2488 netdev_err(hw
->wlandev
->netdev
,
2489 "Fatal, failed to submit RX URB, result=%d\n",
2494 /* Call initialize twice, with a 1 second sleep in between.
2495 * This is a nasty work-around since many prism2 cards seem to
2496 * need time to settle after an init from cold. The second
2497 * call to initialize in theory is not necessary - but we call
2498 * it anyway as a double insurance policy:
2499 * 1) If the first init should fail, the second may well succeed
2500 * and the card can still be used
2501 * 2) It helps ensures all is well with the card after the first
2502 * init and settle time.
2504 result1
= hfa384x_cmd_initialize(hw
);
2506 result
= hfa384x_cmd_initialize(hw
);
2510 netdev_err(hw
->wlandev
->netdev
,
2511 "cmd_initialize() failed on two attempts, results %d and %d\n",
2513 usb_kill_urb(&hw
->rx_urb
);
2516 pr_debug("First cmd_initialize() failed (result %d),\n",
2518 pr_debug("but second attempt succeeded. All should be ok\n");
2520 } else if (result2
!= 0) {
2521 netdev_warn(hw
->wlandev
->netdev
, "First cmd_initialize() succeeded, but second attempt failed (result=%d)\n",
2523 netdev_warn(hw
->wlandev
->netdev
,
2524 "Most likely the card will be functional\n");
2528 hw
->state
= HFA384x_STATE_RUNNING
;
2534 /*----------------------------------------------------------------
2537 * Shuts down the MAC to the point where it is safe to unload the
2538 * driver. Any subsystem that may be holding a data or function
2539 * ptr into the driver must be cleared/deinitialized.
2542 * hw device structure
2545 * >0 f/w reported error - f/w status code
2546 * <0 driver reported error
2552 *----------------------------------------------------------------
2554 int hfa384x_drvr_stop(struct hfa384x
*hw
)
2560 /* There's no need for spinlocks here. The USB "disconnect"
2561 * function sets this "removed" flag and then calls us.
2563 if (!hw
->wlandev
->hwremoved
) {
2564 /* Call initialize to leave the MAC in its 'reset' state */
2565 hfa384x_cmd_initialize(hw
);
2567 /* Cancel the rxurb */
2568 usb_kill_urb(&hw
->rx_urb
);
2571 hw
->link_status
= HFA384x_LINK_NOTCONNECTED
;
2572 hw
->state
= HFA384x_STATE_INIT
;
2574 del_timer_sync(&hw
->commsqual_timer
);
2576 /* Clear all the port status */
2577 for (i
= 0; i
< HFA384x_NUMPORTS_MAX
; i
++)
2578 hw
->port_enabled
[i
] = 0;
2583 /*----------------------------------------------------------------
2584 * hfa384x_drvr_txframe
2586 * Takes a frame from prism2sta and queues it for transmission.
2589 * hw device structure
2590 * skb packet buffer struct. Contains an 802.11
2592 * p80211_hdr points to the 802.11 header for the packet.
2594 * 0 Success and more buffs available
2595 * 1 Success but no more buffs
2596 * 2 Allocation failure
2597 * 4 Buffer full or queue busy
2603 *----------------------------------------------------------------
2605 int hfa384x_drvr_txframe(struct hfa384x
*hw
, struct sk_buff
*skb
,
2606 union p80211_hdr
*p80211_hdr
,
2607 struct p80211_metawep
*p80211_wep
)
2609 int usbpktlen
= sizeof(struct hfa384x_tx_frame
);
2614 if (hw
->tx_urb
.status
== -EINPROGRESS
) {
2615 netdev_warn(hw
->wlandev
->netdev
, "TX URB already in use\n");
2620 /* Build Tx frame structure */
2621 /* Set up the control field */
2622 memset(&hw
->txbuff
.txfrm
.desc
, 0, sizeof(hw
->txbuff
.txfrm
.desc
));
2624 /* Setup the usb type field */
2625 hw
->txbuff
.type
= cpu_to_le16(HFA384x_USB_TXFRM
);
2627 /* Set up the sw_support field to identify this frame */
2628 hw
->txbuff
.txfrm
.desc
.sw_support
= 0x0123;
2630 /* Tx complete and Tx exception disable per dleach. Might be causing
2633 /* #define DOEXC SLP -- doboth breaks horribly under load, doexc less so. */
2635 hw
->txbuff
.txfrm
.desc
.tx_control
=
2636 HFA384x_TX_MACPORT_SET(0) | HFA384x_TX_STRUCTYPE_SET(1) |
2637 HFA384x_TX_TXEX_SET(1) | HFA384x_TX_TXOK_SET(1);
2638 #elif defined(DOEXC)
2639 hw
->txbuff
.txfrm
.desc
.tx_control
=
2640 HFA384x_TX_MACPORT_SET(0) | HFA384x_TX_STRUCTYPE_SET(1) |
2641 HFA384x_TX_TXEX_SET(1) | HFA384x_TX_TXOK_SET(0);
2643 hw
->txbuff
.txfrm
.desc
.tx_control
=
2644 HFA384x_TX_MACPORT_SET(0) | HFA384x_TX_STRUCTYPE_SET(1) |
2645 HFA384x_TX_TXEX_SET(0) | HFA384x_TX_TXOK_SET(0);
2647 hw
->txbuff
.txfrm
.desc
.tx_control
=
2648 cpu_to_le16(hw
->txbuff
.txfrm
.desc
.tx_control
);
2650 /* copy the header over to the txdesc */
2651 memcpy(&hw
->txbuff
.txfrm
.desc
.frame_control
, p80211_hdr
,
2652 sizeof(union p80211_hdr
));
2654 /* if we're using host WEP, increase size by IV+ICV */
2655 if (p80211_wep
->data
) {
2656 hw
->txbuff
.txfrm
.desc
.data_len
= cpu_to_le16(skb
->len
+ 8);
2659 hw
->txbuff
.txfrm
.desc
.data_len
= cpu_to_le16(skb
->len
);
2662 usbpktlen
+= skb
->len
;
2664 /* copy over the WEP IV if we are using host WEP */
2665 ptr
= hw
->txbuff
.txfrm
.data
;
2666 if (p80211_wep
->data
) {
2667 memcpy(ptr
, p80211_wep
->iv
, sizeof(p80211_wep
->iv
));
2668 ptr
+= sizeof(p80211_wep
->iv
);
2669 memcpy(ptr
, p80211_wep
->data
, skb
->len
);
2671 memcpy(ptr
, skb
->data
, skb
->len
);
2673 /* copy over the packet data */
2676 /* copy over the WEP ICV if we are using host WEP */
2677 if (p80211_wep
->data
)
2678 memcpy(ptr
, p80211_wep
->icv
, sizeof(p80211_wep
->icv
));
2680 /* Send the USB packet */
2681 usb_fill_bulk_urb(&hw
->tx_urb
, hw
->usb
,
2683 &hw
->txbuff
, ROUNDUP64(usbpktlen
),
2684 hfa384x_usbout_callback
, hw
->wlandev
);
2685 hw
->tx_urb
.transfer_flags
|= USB_QUEUE_BULK
;
2688 ret
= submit_tx_urb(hw
, &hw
->tx_urb
, GFP_ATOMIC
);
2690 netdev_err(hw
->wlandev
->netdev
,
2691 "submit_tx_urb() failed, error=%d\n", ret
);
2699 void hfa384x_tx_timeout(struct wlandevice
*wlandev
)
2701 struct hfa384x
*hw
= wlandev
->priv
;
2702 unsigned long flags
;
2704 spin_lock_irqsave(&hw
->ctlxq
.lock
, flags
);
2706 if (!hw
->wlandev
->hwremoved
) {
2709 sched
= !test_and_set_bit(WORK_TX_HALT
, &hw
->usb_flags
);
2710 sched
|= !test_and_set_bit(WORK_RX_HALT
, &hw
->usb_flags
);
2712 schedule_work(&hw
->usb_work
);
2715 spin_unlock_irqrestore(&hw
->ctlxq
.lock
, flags
);
2718 /*----------------------------------------------------------------
2719 * hfa384x_usbctlx_reaper_task
2721 * Tasklet to delete dead CTLX objects
2724 * data ptr to a struct hfa384x
2730 *----------------------------------------------------------------
2732 static void hfa384x_usbctlx_reaper_task(unsigned long data
)
2734 struct hfa384x
*hw
= (struct hfa384x
*)data
;
2735 struct hfa384x_usbctlx
*ctlx
, *temp
;
2736 unsigned long flags
;
2738 spin_lock_irqsave(&hw
->ctlxq
.lock
, flags
);
2740 /* This list is guaranteed to be empty if someone
2741 * has unplugged the adapter.
2743 list_for_each_entry_safe(ctlx
, temp
, &hw
->ctlxq
.reapable
, list
) {
2744 list_del(&ctlx
->list
);
2748 spin_unlock_irqrestore(&hw
->ctlxq
.lock
, flags
);
2751 /*----------------------------------------------------------------
2752 * hfa384x_usbctlx_completion_task
2754 * Tasklet to call completion handlers for returned CTLXs
2757 * data ptr to struct hfa384x
2764 *----------------------------------------------------------------
2766 static void hfa384x_usbctlx_completion_task(unsigned long data
)
2768 struct hfa384x
*hw
= (struct hfa384x
*)data
;
2769 struct hfa384x_usbctlx
*ctlx
, *temp
;
2770 unsigned long flags
;
2774 spin_lock_irqsave(&hw
->ctlxq
.lock
, flags
);
2776 /* This list is guaranteed to be empty if someone
2777 * has unplugged the adapter ...
2779 list_for_each_entry_safe(ctlx
, temp
, &hw
->ctlxq
.completing
, list
) {
2780 /* Call the completion function that this
2781 * command was assigned, assuming it has one.
2784 spin_unlock_irqrestore(&hw
->ctlxq
.lock
, flags
);
2785 ctlx
->cmdcb(hw
, ctlx
);
2786 spin_lock_irqsave(&hw
->ctlxq
.lock
, flags
);
2788 /* Make sure we don't try and complete
2789 * this CTLX more than once!
2793 /* Did someone yank the adapter out
2794 * while our list was (briefly) unlocked?
2796 if (hw
->wlandev
->hwremoved
) {
2803 * "Reapable" CTLXs are ones which don't have any
2804 * threads waiting for them to die. Hence they must
2805 * be delivered to The Reaper!
2807 if (ctlx
->reapable
) {
2808 /* Move the CTLX off the "completing" list (hopefully)
2809 * on to the "reapable" list where the reaper task
2810 * can find it. And "reapable" means that this CTLX
2811 * isn't sitting on a wait-queue somewhere.
2813 list_move_tail(&ctlx
->list
, &hw
->ctlxq
.reapable
);
2817 complete(&ctlx
->done
);
2819 spin_unlock_irqrestore(&hw
->ctlxq
.lock
, flags
);
2822 tasklet_schedule(&hw
->reaper_bh
);
2825 /*----------------------------------------------------------------
2826 * unlocked_usbctlx_cancel_async
2828 * Mark the CTLX dead asynchronously, and ensure that the
2829 * next command on the queue is run afterwards.
2832 * hw ptr to the struct hfa384x structure
2833 * ctlx ptr to a CTLX structure
2836 * 0 the CTLX's URB is inactive
2837 * -EINPROGRESS the URB is currently being unlinked
2840 * Either process or interrupt, but presumably interrupt
2841 *----------------------------------------------------------------
2843 static int unlocked_usbctlx_cancel_async(struct hfa384x
*hw
,
2844 struct hfa384x_usbctlx
*ctlx
)
2849 * Try to delete the URB containing our request packet.
2850 * If we succeed, then its completion handler will be
2851 * called with a status of -ECONNRESET.
2853 hw
->ctlx_urb
.transfer_flags
|= URB_ASYNC_UNLINK
;
2854 ret
= usb_unlink_urb(&hw
->ctlx_urb
);
2856 if (ret
!= -EINPROGRESS
) {
2858 * The OUT URB had either already completed
2859 * or was still in the pending queue, so the
2860 * URB's completion function will not be called.
2861 * We will have to complete the CTLX ourselves.
2863 ctlx
->state
= CTLX_REQ_FAILED
;
2864 unlocked_usbctlx_complete(hw
, ctlx
);
2871 /*----------------------------------------------------------------
2872 * unlocked_usbctlx_complete
2874 * A CTLX has completed. It may have been successful, it may not
2875 * have been. At this point, the CTLX should be quiescent. The URBs
2876 * aren't active and the timers should have been stopped.
2878 * The CTLX is migrated to the "completing" queue, and the completing
2879 * tasklet is scheduled.
2882 * hw ptr to a struct hfa384x structure
2883 * ctlx ptr to a ctlx structure
2891 * Either, assume interrupt
2892 *----------------------------------------------------------------
2894 static void unlocked_usbctlx_complete(struct hfa384x
*hw
,
2895 struct hfa384x_usbctlx
*ctlx
)
2897 /* Timers have been stopped, and ctlx should be in
2898 * a terminal state. Retire it from the "active"
2901 list_move_tail(&ctlx
->list
, &hw
->ctlxq
.completing
);
2902 tasklet_schedule(&hw
->completion_bh
);
2904 switch (ctlx
->state
) {
2906 case CTLX_REQ_FAILED
:
2907 /* This are the correct terminating states. */
2911 netdev_err(hw
->wlandev
->netdev
, "CTLX[%d] not in a terminating state(%s)\n",
2912 le16_to_cpu(ctlx
->outbuf
.type
),
2913 ctlxstr(ctlx
->state
));
2918 /*----------------------------------------------------------------
2919 * hfa384x_usbctlxq_run
2921 * Checks to see if the head item is running. If not, starts it.
2924 * hw ptr to struct hfa384x
2933 *----------------------------------------------------------------
2935 static void hfa384x_usbctlxq_run(struct hfa384x
*hw
)
2937 unsigned long flags
;
2940 spin_lock_irqsave(&hw
->ctlxq
.lock
, flags
);
2942 /* Only one active CTLX at any one time, because there's no
2943 * other (reliable) way to match the response URB to the
2946 * Don't touch any of these CTLXs if the hardware
2947 * has been removed or the USB subsystem is stalled.
2949 if (!list_empty(&hw
->ctlxq
.active
) ||
2950 test_bit(WORK_TX_HALT
, &hw
->usb_flags
) || hw
->wlandev
->hwremoved
)
2953 while (!list_empty(&hw
->ctlxq
.pending
)) {
2954 struct hfa384x_usbctlx
*head
;
2957 /* This is the first pending command */
2958 head
= list_entry(hw
->ctlxq
.pending
.next
,
2959 struct hfa384x_usbctlx
, list
);
2961 /* We need to split this off to avoid a race condition */
2962 list_move_tail(&head
->list
, &hw
->ctlxq
.active
);
2964 /* Fill the out packet */
2965 usb_fill_bulk_urb(&hw
->ctlx_urb
, hw
->usb
,
2967 &head
->outbuf
, ROUNDUP64(head
->outbufsize
),
2968 hfa384x_ctlxout_callback
, hw
);
2969 hw
->ctlx_urb
.transfer_flags
|= USB_QUEUE_BULK
;
2971 /* Now submit the URB and update the CTLX's state */
2972 result
= usb_submit_urb(&hw
->ctlx_urb
, GFP_ATOMIC
);
2974 /* This CTLX is now running on the active queue */
2975 head
->state
= CTLX_REQ_SUBMITTED
;
2977 /* Start the OUT wait timer */
2978 hw
->req_timer_done
= 0;
2979 hw
->reqtimer
.expires
= jiffies
+ HZ
;
2980 add_timer(&hw
->reqtimer
);
2982 /* Start the IN wait timer */
2983 hw
->resp_timer_done
= 0;
2984 hw
->resptimer
.expires
= jiffies
+ 2 * HZ
;
2985 add_timer(&hw
->resptimer
);
2990 if (result
== -EPIPE
) {
2991 /* The OUT pipe needs resetting, so put
2992 * this CTLX back in the "pending" queue
2993 * and schedule a reset ...
2995 netdev_warn(hw
->wlandev
->netdev
,
2996 "%s tx pipe stalled: requesting reset\n",
2997 hw
->wlandev
->netdev
->name
);
2998 list_move(&head
->list
, &hw
->ctlxq
.pending
);
2999 set_bit(WORK_TX_HALT
, &hw
->usb_flags
);
3000 schedule_work(&hw
->usb_work
);
3004 if (result
== -ESHUTDOWN
) {
3005 netdev_warn(hw
->wlandev
->netdev
, "%s urb shutdown!\n",
3006 hw
->wlandev
->netdev
->name
);
3010 netdev_err(hw
->wlandev
->netdev
, "Failed to submit CTLX[%d]: error=%d\n",
3011 le16_to_cpu(head
->outbuf
.type
), result
);
3012 unlocked_usbctlx_complete(hw
, head
);
3016 spin_unlock_irqrestore(&hw
->ctlxq
.lock
, flags
);
3019 /*----------------------------------------------------------------
3020 * hfa384x_usbin_callback
3022 * Callback for URBs on the BULKIN endpoint.
3025 * urb ptr to the completed urb
3034 *----------------------------------------------------------------
3036 static void hfa384x_usbin_callback(struct urb
*urb
)
3038 struct wlandevice
*wlandev
= urb
->context
;
3040 union hfa384x_usbin
*usbin
;
3041 struct sk_buff
*skb
= NULL
;
3052 if (!wlandev
|| !wlandev
->netdev
|| wlandev
->hwremoved
)
3059 skb
= hw
->rx_urb_skb
;
3060 if (!skb
|| (skb
->data
!= urb
->transfer_buffer
)) {
3065 hw
->rx_urb_skb
= NULL
;
3067 /* Check for error conditions within the URB */
3068 switch (urb
->status
) {
3072 /* Check for short packet */
3073 if (urb
->actual_length
== 0) {
3074 wlandev
->netdev
->stats
.rx_errors
++;
3075 wlandev
->netdev
->stats
.rx_length_errors
++;
3081 netdev_warn(hw
->wlandev
->netdev
, "%s rx pipe stalled: requesting reset\n",
3082 wlandev
->netdev
->name
);
3083 if (!test_and_set_bit(WORK_RX_HALT
, &hw
->usb_flags
))
3084 schedule_work(&hw
->usb_work
);
3085 wlandev
->netdev
->stats
.rx_errors
++;
3092 if (!test_and_set_bit(THROTTLE_RX
, &hw
->usb_flags
) &&
3093 !timer_pending(&hw
->throttle
)) {
3094 mod_timer(&hw
->throttle
, jiffies
+ THROTTLE_JIFFIES
);
3096 wlandev
->netdev
->stats
.rx_errors
++;
3101 wlandev
->netdev
->stats
.rx_over_errors
++;
3107 pr_debug("status=%d, device removed.\n", urb
->status
);
3113 pr_debug("status=%d, urb explicitly unlinked.\n", urb
->status
);
3118 pr_debug("urb status=%d, transfer flags=0x%x\n",
3119 urb
->status
, urb
->transfer_flags
);
3120 wlandev
->netdev
->stats
.rx_errors
++;
3125 urb_status
= urb
->status
;
3127 if (action
!= ABORT
) {
3128 /* Repost the RX URB */
3129 result
= submit_rx_urb(hw
, GFP_ATOMIC
);
3132 netdev_err(hw
->wlandev
->netdev
,
3133 "Fatal, failed to resubmit rx_urb. error=%d\n",
3138 /* Handle any USB-IN packet */
3139 /* Note: the check of the sw_support field, the type field doesn't
3140 * have bit 12 set like the docs suggest.
3142 usbin
= (union hfa384x_usbin
*)urb
->transfer_buffer
;
3143 type
= le16_to_cpu(usbin
->type
);
3144 if (HFA384x_USB_ISRXFRM(type
)) {
3145 if (action
== HANDLE
) {
3146 if (usbin
->txfrm
.desc
.sw_support
== 0x0123) {
3147 hfa384x_usbin_txcompl(wlandev
, usbin
);
3149 skb_put(skb
, sizeof(*usbin
));
3150 hfa384x_usbin_rx(wlandev
, skb
);
3156 if (HFA384x_USB_ISTXFRM(type
)) {
3157 if (action
== HANDLE
)
3158 hfa384x_usbin_txcompl(wlandev
, usbin
);
3162 case HFA384x_USB_INFOFRM
:
3163 if (action
== ABORT
)
3165 if (action
== HANDLE
)
3166 hfa384x_usbin_info(wlandev
, usbin
);
3169 case HFA384x_USB_CMDRESP
:
3170 case HFA384x_USB_WRIDRESP
:
3171 case HFA384x_USB_RRIDRESP
:
3172 case HFA384x_USB_WMEMRESP
:
3173 case HFA384x_USB_RMEMRESP
:
3174 /* ALWAYS, ALWAYS, ALWAYS handle this CTLX!!!! */
3175 hfa384x_usbin_ctlx(hw
, usbin
, urb_status
);
3178 case HFA384x_USB_BUFAVAIL
:
3179 pr_debug("Received BUFAVAIL packet, frmlen=%d\n",
3180 usbin
->bufavail
.frmlen
);
3183 case HFA384x_USB_ERROR
:
3184 pr_debug("Received USB_ERROR packet, errortype=%d\n",
3185 usbin
->usberror
.errortype
);
3189 pr_debug("Unrecognized USBIN packet, type=%x, status=%d\n",
3190 usbin
->type
, urb_status
);
3200 /*----------------------------------------------------------------
3201 * hfa384x_usbin_ctlx
3203 * We've received a URB containing a Prism2 "response" message.
3204 * This message needs to be matched up with a CTLX on the active
3205 * queue and our state updated accordingly.
3208 * hw ptr to struct hfa384x
3209 * usbin ptr to USB IN packet
3210 * urb_status status of this Bulk-In URB
3219 *----------------------------------------------------------------
3221 static void hfa384x_usbin_ctlx(struct hfa384x
*hw
, union hfa384x_usbin
*usbin
,
3224 struct hfa384x_usbctlx
*ctlx
;
3226 unsigned long flags
;
3229 spin_lock_irqsave(&hw
->ctlxq
.lock
, flags
);
3231 /* There can be only one CTLX on the active queue
3232 * at any one time, and this is the CTLX that the
3233 * timers are waiting for.
3235 if (list_empty(&hw
->ctlxq
.active
))
3238 /* Remove the "response timeout". It's possible that
3239 * we are already too late, and that the timeout is
3240 * already running. And that's just too bad for us,
3241 * because we could lose our CTLX from the active
3244 if (del_timer(&hw
->resptimer
) == 0) {
3245 if (hw
->resp_timer_done
== 0) {
3246 spin_unlock_irqrestore(&hw
->ctlxq
.lock
, flags
);
3250 hw
->resp_timer_done
= 1;
3253 ctlx
= get_active_ctlx(hw
);
3255 if (urb_status
!= 0) {
3257 * Bad CTLX, so get rid of it. But we only
3258 * remove it from the active queue if we're no
3259 * longer expecting the OUT URB to complete.
3261 if (unlocked_usbctlx_cancel_async(hw
, ctlx
) == 0)
3264 const __le16 intype
= (usbin
->type
& ~cpu_to_le16(0x8000));
3267 * Check that our message is what we're expecting ...
3269 if (ctlx
->outbuf
.type
!= intype
) {
3270 netdev_warn(hw
->wlandev
->netdev
,
3271 "Expected IN[%d], received IN[%d] - ignored.\n",
3272 le16_to_cpu(ctlx
->outbuf
.type
),
3273 le16_to_cpu(intype
));
3277 /* This URB has succeeded, so grab the data ... */
3278 memcpy(&ctlx
->inbuf
, usbin
, sizeof(ctlx
->inbuf
));
3280 switch (ctlx
->state
) {
3281 case CTLX_REQ_SUBMITTED
:
3283 * We have received our response URB before
3284 * our request has been acknowledged. Odd,
3285 * but our OUT URB is still alive...
3287 pr_debug("Causality violation: please reboot Universe\n");
3288 ctlx
->state
= CTLX_RESP_COMPLETE
;
3291 case CTLX_REQ_COMPLETE
:
3293 * This is the usual path: our request
3294 * has already been acknowledged, and
3295 * now we have received the reply too.
3297 ctlx
->state
= CTLX_COMPLETE
;
3298 unlocked_usbctlx_complete(hw
, ctlx
);
3304 * Throw this CTLX away ...
3306 netdev_err(hw
->wlandev
->netdev
,
3307 "Matched IN URB, CTLX[%d] in invalid state(%s). Discarded.\n",
3308 le16_to_cpu(ctlx
->outbuf
.type
),
3309 ctlxstr(ctlx
->state
));
3310 if (unlocked_usbctlx_cancel_async(hw
, ctlx
) == 0)
3317 spin_unlock_irqrestore(&hw
->ctlxq
.lock
, flags
);
3320 hfa384x_usbctlxq_run(hw
);
3323 /*----------------------------------------------------------------
3324 * hfa384x_usbin_txcompl
3326 * At this point we have the results of a previous transmit.
3329 * wlandev wlan device
3330 * usbin ptr to the usb transfer buffer
3339 *----------------------------------------------------------------
3341 static void hfa384x_usbin_txcompl(struct wlandevice
*wlandev
,
3342 union hfa384x_usbin
*usbin
)
3346 status
= le16_to_cpu(usbin
->type
); /* yeah I know it says type... */
3348 /* Was there an error? */
3349 if (HFA384x_TXSTATUS_ISERROR(status
))
3350 prism2sta_ev_txexc(wlandev
, status
);
3352 prism2sta_ev_tx(wlandev
, status
);
3355 /*----------------------------------------------------------------
3358 * At this point we have a successful received a rx frame packet.
3361 * wlandev wlan device
3362 * usbin ptr to the usb transfer buffer
3371 *----------------------------------------------------------------
3373 static void hfa384x_usbin_rx(struct wlandevice
*wlandev
, struct sk_buff
*skb
)
3375 union hfa384x_usbin
*usbin
= (union hfa384x_usbin
*)skb
->data
;
3376 struct hfa384x
*hw
= wlandev
->priv
;
3378 struct p80211_rxmeta
*rxmeta
;
3382 /* Byte order convert once up front. */
3383 usbin
->rxfrm
.desc
.status
= le16_to_cpu(usbin
->rxfrm
.desc
.status
);
3384 usbin
->rxfrm
.desc
.time
= le32_to_cpu(usbin
->rxfrm
.desc
.time
);
3386 /* Now handle frame based on port# */
3387 switch (HFA384x_RXSTATUS_MACPORT_GET(usbin
->rxfrm
.desc
.status
)) {
3389 fc
= le16_to_cpu(usbin
->rxfrm
.desc
.frame_control
);
3391 /* If exclude and we receive an unencrypted, drop it */
3392 if ((wlandev
->hostwep
& HOSTWEP_EXCLUDEUNENCRYPTED
) &&
3393 !WLAN_GET_FC_ISWEP(fc
)) {
3397 data_len
= le16_to_cpu(usbin
->rxfrm
.desc
.data_len
);
3399 /* How much header data do we have? */
3400 hdrlen
= p80211_headerlen(fc
);
3402 /* Pull off the descriptor */
3403 skb_pull(skb
, sizeof(struct hfa384x_rx_frame
));
3405 /* Now shunt the header block up against the data block
3406 * with an "overlapping" copy
3408 memmove(skb_push(skb
, hdrlen
),
3409 &usbin
->rxfrm
.desc
.frame_control
, hdrlen
);
3411 skb
->dev
= wlandev
->netdev
;
3413 /* And set the frame length properly */
3414 skb_trim(skb
, data_len
+ hdrlen
);
3416 /* The prism2 series does not return the CRC */
3417 memset(skb_put(skb
, WLAN_CRC_LEN
), 0xff, WLAN_CRC_LEN
);
3419 skb_reset_mac_header(skb
);
3421 /* Attach the rxmeta, set some stuff */
3422 p80211skb_rxmeta_attach(wlandev
, skb
);
3423 rxmeta
= P80211SKB_RXMETA(skb
);
3424 rxmeta
->mactime
= usbin
->rxfrm
.desc
.time
;
3425 rxmeta
->rxrate
= usbin
->rxfrm
.desc
.rate
;
3426 rxmeta
->signal
= usbin
->rxfrm
.desc
.signal
- hw
->dbmadjust
;
3427 rxmeta
->noise
= usbin
->rxfrm
.desc
.silence
- hw
->dbmadjust
;
3429 p80211netdev_rx(wlandev
, skb
);
3434 if (!HFA384x_RXSTATUS_ISFCSERR(usbin
->rxfrm
.desc
.status
)) {
3435 /* Copy to wlansnif skb */
3436 hfa384x_int_rxmonitor(wlandev
, &usbin
->rxfrm
);
3439 pr_debug("Received monitor frame: FCSerr set\n");
3444 netdev_warn(hw
->wlandev
->netdev
, "Received frame on unsupported port=%d\n",
3445 HFA384x_RXSTATUS_MACPORT_GET(
3446 usbin
->rxfrm
.desc
.status
));
3451 /*----------------------------------------------------------------
3452 * hfa384x_int_rxmonitor
3454 * Helper function for int_rx. Handles monitor frames.
3455 * Note that this function allocates space for the FCS and sets it
3456 * to 0xffffffff. The hfa384x doesn't give us the FCS value but the
3457 * higher layers expect it. 0xffffffff is used as a flag to indicate
3461 * wlandev wlan device structure
3462 * rxfrm rx descriptor read from card in int_rx
3468 * Allocates an skb and passes it up via the PF_PACKET interface.
3471 *----------------------------------------------------------------
3473 static void hfa384x_int_rxmonitor(struct wlandevice
*wlandev
,
3474 struct hfa384x_usb_rxfrm
*rxfrm
)
3476 struct hfa384x_rx_frame
*rxdesc
= &rxfrm
->desc
;
3477 unsigned int hdrlen
= 0;
3478 unsigned int datalen
= 0;
3479 unsigned int skblen
= 0;
3482 struct sk_buff
*skb
;
3483 struct hfa384x
*hw
= wlandev
->priv
;
3485 /* Remember the status, time, and data_len fields are in host order */
3486 /* Figure out how big the frame is */
3487 fc
= le16_to_cpu(rxdesc
->frame_control
);
3488 hdrlen
= p80211_headerlen(fc
);
3489 datalen
= le16_to_cpu(rxdesc
->data_len
);
3491 /* Allocate an ind message+framesize skb */
3492 skblen
= sizeof(struct p80211_caphdr
) + hdrlen
+ datalen
+ WLAN_CRC_LEN
;
3494 /* sanity check the length */
3496 (sizeof(struct p80211_caphdr
) +
3497 WLAN_HDR_A4_LEN
+ WLAN_DATA_MAXLEN
+ WLAN_CRC_LEN
)) {
3498 pr_debug("overlen frm: len=%zd\n",
3499 skblen
- sizeof(struct p80211_caphdr
));
3502 skb
= dev_alloc_skb(skblen
);
3506 /* only prepend the prism header if in the right mode */
3507 if ((wlandev
->netdev
->type
== ARPHRD_IEEE80211_PRISM
) &&
3508 (hw
->sniffhdr
!= 0)) {
3509 struct p80211_caphdr
*caphdr
;
3510 /* The NEW header format! */
3511 datap
= skb_put(skb
, sizeof(struct p80211_caphdr
));
3512 caphdr
= (struct p80211_caphdr
*)datap
;
3514 caphdr
->version
= htonl(P80211CAPTURE_VERSION
);
3515 caphdr
->length
= htonl(sizeof(struct p80211_caphdr
));
3516 caphdr
->mactime
= __cpu_to_be64(rxdesc
->time
) * 1000;
3517 caphdr
->hosttime
= __cpu_to_be64(jiffies
);
3518 caphdr
->phytype
= htonl(4); /* dss_dot11_b */
3519 caphdr
->channel
= htonl(hw
->sniff_channel
);
3520 caphdr
->datarate
= htonl(rxdesc
->rate
);
3521 caphdr
->antenna
= htonl(0); /* unknown */
3522 caphdr
->priority
= htonl(0); /* unknown */
3523 caphdr
->ssi_type
= htonl(3); /* rssi_raw */
3524 caphdr
->ssi_signal
= htonl(rxdesc
->signal
);
3525 caphdr
->ssi_noise
= htonl(rxdesc
->silence
);
3526 caphdr
->preamble
= htonl(0); /* unknown */
3527 caphdr
->encoding
= htonl(1); /* cck */
3530 /* Copy the 802.11 header to the skb
3531 * (ctl frames may be less than a full header)
3533 datap
= skb_put(skb
, hdrlen
);
3534 memcpy(datap
, &rxdesc
->frame_control
, hdrlen
);
3536 /* If any, copy the data from the card to the skb */
3538 datap
= skb_put(skb
, datalen
);
3539 memcpy(datap
, rxfrm
->data
, datalen
);
3541 /* check for unencrypted stuff if WEP bit set. */
3542 if (*(datap
- hdrlen
+ 1) & 0x40) /* wep set */
3543 if ((*(datap
) == 0xaa) && (*(datap
+ 1) == 0xaa))
3544 /* clear wep; it's the 802.2 header! */
3545 *(datap
- hdrlen
+ 1) &= 0xbf;
3548 if (hw
->sniff_fcs
) {
3550 datap
= skb_put(skb
, WLAN_CRC_LEN
);
3551 memset(datap
, 0xff, WLAN_CRC_LEN
);
3554 /* pass it back up */
3555 p80211netdev_rx(wlandev
, skb
);
3558 /*----------------------------------------------------------------
3559 * hfa384x_usbin_info
3561 * At this point we have a successful received a Prism2 info frame.
3564 * wlandev wlan device
3565 * usbin ptr to the usb transfer buffer
3574 *----------------------------------------------------------------
3576 static void hfa384x_usbin_info(struct wlandevice
*wlandev
,
3577 union hfa384x_usbin
*usbin
)
3579 usbin
->infofrm
.info
.framelen
=
3580 le16_to_cpu(usbin
->infofrm
.info
.framelen
);
3581 prism2sta_ev_info(wlandev
, &usbin
->infofrm
.info
);
3584 /*----------------------------------------------------------------
3585 * hfa384x_usbout_callback
3587 * Callback for URBs on the BULKOUT endpoint.
3590 * urb ptr to the completed urb
3599 *----------------------------------------------------------------
3601 static void hfa384x_usbout_callback(struct urb
*urb
)
3603 struct wlandevice
*wlandev
= urb
->context
;
3609 if (wlandev
&& wlandev
->netdev
) {
3610 switch (urb
->status
) {
3612 prism2sta_ev_alloc(wlandev
);
3617 struct hfa384x
*hw
= wlandev
->priv
;
3619 netdev_warn(hw
->wlandev
->netdev
,
3620 "%s tx pipe stalled: requesting reset\n",
3621 wlandev
->netdev
->name
);
3622 if (!test_and_set_bit
3623 (WORK_TX_HALT
, &hw
->usb_flags
))
3624 schedule_work(&hw
->usb_work
);
3625 wlandev
->netdev
->stats
.tx_errors
++;
3633 struct hfa384x
*hw
= wlandev
->priv
;
3635 if (!test_and_set_bit
3636 (THROTTLE_TX
, &hw
->usb_flags
) &&
3637 !timer_pending(&hw
->throttle
)) {
3638 mod_timer(&hw
->throttle
,
3639 jiffies
+ THROTTLE_JIFFIES
);
3641 wlandev
->netdev
->stats
.tx_errors
++;
3642 netif_stop_queue(wlandev
->netdev
);
3648 /* Ignorable errors */
3652 netdev_info(wlandev
->netdev
, "unknown urb->status=%d\n",
3654 wlandev
->netdev
->stats
.tx_errors
++;
3660 /*----------------------------------------------------------------
3661 * hfa384x_ctlxout_callback
3663 * Callback for control data on the BULKOUT endpoint.
3666 * urb ptr to the completed urb
3675 *----------------------------------------------------------------
3677 static void hfa384x_ctlxout_callback(struct urb
*urb
)
3679 struct hfa384x
*hw
= urb
->context
;
3680 int delete_resptimer
= 0;
3683 struct hfa384x_usbctlx
*ctlx
;
3684 unsigned long flags
;
3686 pr_debug("urb->status=%d\n", urb
->status
);
3690 if ((urb
->status
== -ESHUTDOWN
) ||
3691 (urb
->status
== -ENODEV
) || !hw
)
3695 spin_lock_irqsave(&hw
->ctlxq
.lock
, flags
);
3698 * Only one CTLX at a time on the "active" list, and
3699 * none at all if we are unplugged. However, we can
3700 * rely on the disconnect function to clean everything
3701 * up if someone unplugged the adapter.
3703 if (list_empty(&hw
->ctlxq
.active
)) {
3704 spin_unlock_irqrestore(&hw
->ctlxq
.lock
, flags
);
3709 * Having something on the "active" queue means
3710 * that we have timers to worry about ...
3712 if (del_timer(&hw
->reqtimer
) == 0) {
3713 if (hw
->req_timer_done
== 0) {
3715 * This timer was actually running while we
3716 * were trying to delete it. Let it terminate
3717 * gracefully instead.
3719 spin_unlock_irqrestore(&hw
->ctlxq
.lock
, flags
);
3723 hw
->req_timer_done
= 1;
3726 ctlx
= get_active_ctlx(hw
);
3728 if (urb
->status
== 0) {
3729 /* Request portion of a CTLX is successful */
3730 switch (ctlx
->state
) {
3731 case CTLX_REQ_SUBMITTED
:
3732 /* This OUT-ACK received before IN */
3733 ctlx
->state
= CTLX_REQ_COMPLETE
;
3736 case CTLX_RESP_COMPLETE
:
3737 /* IN already received before this OUT-ACK,
3738 * so this command must now be complete.
3740 ctlx
->state
= CTLX_COMPLETE
;
3741 unlocked_usbctlx_complete(hw
, ctlx
);
3746 /* This is NOT a valid CTLX "success" state! */
3747 netdev_err(hw
->wlandev
->netdev
,
3748 "Illegal CTLX[%d] success state(%s, %d) in OUT URB\n",
3749 le16_to_cpu(ctlx
->outbuf
.type
),
3750 ctlxstr(ctlx
->state
), urb
->status
);
3754 /* If the pipe has stalled then we need to reset it */
3755 if ((urb
->status
== -EPIPE
) &&
3756 !test_and_set_bit(WORK_TX_HALT
, &hw
->usb_flags
)) {
3757 netdev_warn(hw
->wlandev
->netdev
,
3758 "%s tx pipe stalled: requesting reset\n",
3759 hw
->wlandev
->netdev
->name
);
3760 schedule_work(&hw
->usb_work
);
3763 /* If someone cancels the OUT URB then its status
3764 * should be either -ECONNRESET or -ENOENT.
3766 ctlx
->state
= CTLX_REQ_FAILED
;
3767 unlocked_usbctlx_complete(hw
, ctlx
);
3768 delete_resptimer
= 1;
3773 if (delete_resptimer
) {
3774 timer_ok
= del_timer(&hw
->resptimer
);
3776 hw
->resp_timer_done
= 1;
3779 spin_unlock_irqrestore(&hw
->ctlxq
.lock
, flags
);
3781 if (!timer_ok
&& (hw
->resp_timer_done
== 0)) {
3782 spin_lock_irqsave(&hw
->ctlxq
.lock
, flags
);
3787 hfa384x_usbctlxq_run(hw
);
3790 /*----------------------------------------------------------------
3791 * hfa384x_usbctlx_reqtimerfn
3793 * Timer response function for CTLX request timeouts. If this
3794 * function is called, it means that the callback for the OUT
3795 * URB containing a Prism2.x XXX_Request was never called.
3798 * data a ptr to the struct hfa384x
3807 *----------------------------------------------------------------
3809 static void hfa384x_usbctlx_reqtimerfn(unsigned long data
)
3811 struct hfa384x
*hw
= (struct hfa384x
*)data
;
3812 unsigned long flags
;
3814 spin_lock_irqsave(&hw
->ctlxq
.lock
, flags
);
3816 hw
->req_timer_done
= 1;
3818 /* Removing the hardware automatically empties
3819 * the active list ...
3821 if (!list_empty(&hw
->ctlxq
.active
)) {
3823 * We must ensure that our URB is removed from
3824 * the system, if it hasn't already expired.
3826 hw
->ctlx_urb
.transfer_flags
|= URB_ASYNC_UNLINK
;
3827 if (usb_unlink_urb(&hw
->ctlx_urb
) == -EINPROGRESS
) {
3828 struct hfa384x_usbctlx
*ctlx
= get_active_ctlx(hw
);
3830 ctlx
->state
= CTLX_REQ_FAILED
;
3832 /* This URB was active, but has now been
3833 * cancelled. It will now have a status of
3834 * -ECONNRESET in the callback function.
3836 * We are cancelling this CTLX, so we're
3837 * not going to need to wait for a response.
3838 * The URB's callback function will check
3839 * that this timer is truly dead.
3841 if (del_timer(&hw
->resptimer
) != 0)
3842 hw
->resp_timer_done
= 1;
3846 spin_unlock_irqrestore(&hw
->ctlxq
.lock
, flags
);
3849 /*----------------------------------------------------------------
3850 * hfa384x_usbctlx_resptimerfn
3852 * Timer response function for CTLX response timeouts. If this
3853 * function is called, it means that the callback for the IN
3854 * URB containing a Prism2.x XXX_Response was never called.
3857 * data a ptr to the struct hfa384x
3866 *----------------------------------------------------------------
3868 static void hfa384x_usbctlx_resptimerfn(unsigned long data
)
3870 struct hfa384x
*hw
= (struct hfa384x
*)data
;
3871 unsigned long flags
;
3873 spin_lock_irqsave(&hw
->ctlxq
.lock
, flags
);
3875 hw
->resp_timer_done
= 1;
3877 /* The active list will be empty if the
3878 * adapter has been unplugged ...
3880 if (!list_empty(&hw
->ctlxq
.active
)) {
3881 struct hfa384x_usbctlx
*ctlx
= get_active_ctlx(hw
);
3883 if (unlocked_usbctlx_cancel_async(hw
, ctlx
) == 0) {
3884 spin_unlock_irqrestore(&hw
->ctlxq
.lock
, flags
);
3885 hfa384x_usbctlxq_run(hw
);
3889 spin_unlock_irqrestore(&hw
->ctlxq
.lock
, flags
);
3892 /*----------------------------------------------------------------
3893 * hfa384x_usb_throttlefn
3906 *----------------------------------------------------------------
3908 static void hfa384x_usb_throttlefn(unsigned long data
)
3910 struct hfa384x
*hw
= (struct hfa384x
*)data
;
3911 unsigned long flags
;
3913 spin_lock_irqsave(&hw
->ctlxq
.lock
, flags
);
3916 * We need to check BOTH the RX and the TX throttle controls,
3917 * so we use the bitwise OR instead of the logical OR.
3919 pr_debug("flags=0x%lx\n", hw
->usb_flags
);
3920 if (!hw
->wlandev
->hwremoved
&&
3921 ((test_and_clear_bit(THROTTLE_RX
, &hw
->usb_flags
) &&
3922 !test_and_set_bit(WORK_RX_RESUME
, &hw
->usb_flags
)) |
3923 (test_and_clear_bit(THROTTLE_TX
, &hw
->usb_flags
) &&
3924 !test_and_set_bit(WORK_TX_RESUME
, &hw
->usb_flags
))
3926 schedule_work(&hw
->usb_work
);
3929 spin_unlock_irqrestore(&hw
->ctlxq
.lock
, flags
);
3932 /*----------------------------------------------------------------
3933 * hfa384x_usbctlx_submit
3935 * Called from the doxxx functions to submit a CTLX to the queue
3938 * hw ptr to the hw struct
3939 * ctlx ctlx structure to enqueue
3942 * -ENODEV if the adapter is unplugged
3948 * process or interrupt
3949 *----------------------------------------------------------------
3951 static int hfa384x_usbctlx_submit(struct hfa384x
*hw
,
3952 struct hfa384x_usbctlx
*ctlx
)
3954 unsigned long flags
;
3956 spin_lock_irqsave(&hw
->ctlxq
.lock
, flags
);
3958 if (hw
->wlandev
->hwremoved
) {
3959 spin_unlock_irqrestore(&hw
->ctlxq
.lock
, flags
);
3963 ctlx
->state
= CTLX_PENDING
;
3964 list_add_tail(&ctlx
->list
, &hw
->ctlxq
.pending
);
3965 spin_unlock_irqrestore(&hw
->ctlxq
.lock
, flags
);
3966 hfa384x_usbctlxq_run(hw
);
3971 /*----------------------------------------------------------------
3972 * hfa384x_isgood_pdrcore
3974 * Quick check of PDR codes.
3977 * pdrcode PDR code number (host order)
3986 *----------------------------------------------------------------
3988 static int hfa384x_isgood_pdrcode(u16 pdrcode
)
3991 case HFA384x_PDR_END_OF_PDA
:
3992 case HFA384x_PDR_PCB_PARTNUM
:
3993 case HFA384x_PDR_PDAVER
:
3994 case HFA384x_PDR_NIC_SERIAL
:
3995 case HFA384x_PDR_MKK_MEASUREMENTS
:
3996 case HFA384x_PDR_NIC_RAMSIZE
:
3997 case HFA384x_PDR_MFISUPRANGE
:
3998 case HFA384x_PDR_CFISUPRANGE
:
3999 case HFA384x_PDR_NICID
:
4000 case HFA384x_PDR_MAC_ADDRESS
:
4001 case HFA384x_PDR_REGDOMAIN
:
4002 case HFA384x_PDR_ALLOWED_CHANNEL
:
4003 case HFA384x_PDR_DEFAULT_CHANNEL
:
4004 case HFA384x_PDR_TEMPTYPE
:
4005 case HFA384x_PDR_IFR_SETTING
:
4006 case HFA384x_PDR_RFR_SETTING
:
4007 case HFA384x_PDR_HFA3861_BASELINE
:
4008 case HFA384x_PDR_HFA3861_SHADOW
:
4009 case HFA384x_PDR_HFA3861_IFRF
:
4010 case HFA384x_PDR_HFA3861_CHCALSP
:
4011 case HFA384x_PDR_HFA3861_CHCALI
:
4012 case HFA384x_PDR_3842_NIC_CONFIG
:
4013 case HFA384x_PDR_USB_ID
:
4014 case HFA384x_PDR_PCI_ID
:
4015 case HFA384x_PDR_PCI_IFCONF
:
4016 case HFA384x_PDR_PCI_PMCONF
:
4017 case HFA384x_PDR_RFENRGY
:
4018 case HFA384x_PDR_HFA3861_MANF_TESTSP
:
4019 case HFA384x_PDR_HFA3861_MANF_TESTI
:
4023 if (pdrcode
< 0x1000) {
4024 /* code is OK, but we don't know exactly what it is */
4025 pr_debug("Encountered unknown PDR#=0x%04x, assuming it's ok.\n",
4032 pr_debug("Encountered unknown PDR#=0x%04x, (>=0x1000), assuming it's bad.\n",