]> git.proxmox.com Git - mirror_ubuntu-artful-kernel.git/blob - drivers/staging/wlan-ng/hfa384x_usb.c
projects / mirror_ubuntu-artful-kernel.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Merge branch 'master' of git://git.kernel.org/pub/scm/linux/kernel/git/klassert/ipsec
[mirror_ubuntu-artful-kernel.git] / drivers / staging / wlan-ng / hfa384x_usb.c
1 /* src/prism2/driver/hfa384x_usb.c
2 *
3 * Functions that talk to the USB variantof the Intersil hfa384x MAC
4 *
5 * Copyright (C) 1999 AbsoluteValue Systems, Inc. All Rights Reserved.
6 * --------------------------------------------------------------------
7 *
8 * linux-wlan
9 *
10 * The contents of this file are subject to the Mozilla Public
11 * License Version 1.1 (the "License"); you may not use this file
12 * except in compliance with the License. You may obtain a copy of
13 * the License at http://www.mozilla.org/MPL/
14 *
15 * Software distributed under the License is distributed on an "AS
16 * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
17 * implied. See the License for the specific language governing
18 * rights and limitations under the License.
19 *
20 * Alternatively, the contents of this file may be used under the
21 * terms of the GNU Public License version 2 (the "GPL"), in which
22 * case the provisions of the GPL are applicable instead of the
23 * above. If you wish to allow the use of your version of this file
24 * only under the terms of the GPL and not to allow others to use
25 * your version of this file under the MPL, indicate your decision
26 * by deleting the provisions above and replace them with the notice
27 * and other provisions required by the GPL. If you do not delete
28 * the provisions above, a recipient may use your version of this
29 * file under either the MPL or the GPL.
30 *
31 * --------------------------------------------------------------------
32 *
33 * Inquiries regarding the linux-wlan Open Source project can be
34 * made directly to:
35 *
36 * AbsoluteValue Systems Inc.
37 * info@linux-wlan.com
38 * http://www.linux-wlan.com
39 *
40 * --------------------------------------------------------------------
41 *
42 * Portions of the development of this software were funded by
43 * Intersil Corporation as part of PRISM(R) chipset product development.
44 *
45 * --------------------------------------------------------------------
46 *
47 * This file implements functions that correspond to the prism2/hfa384x
48 * 802.11 MAC hardware and firmware host interface.
49 *
50 * The functions can be considered to represent several levels of
51 * abstraction. The lowest level functions are simply C-callable wrappers
52 * around the register accesses. The next higher level represents C-callable
53 * prism2 API functions that match the Intersil documentation as closely
54 * as is reasonable. The next higher layer implements common sequences
55 * of invocations of the API layer (e.g. write to bap, followed by cmd).
56 *
57 * Common sequences:
58 * hfa384x_drvr_xxx Highest level abstractions provided by the
59 * hfa384x code. They are driver defined wrappers
60 * for common sequences. These functions generally
61 * use the services of the lower levels.
62 *
63 * hfa384x_drvr_xxxconfig An example of the drvr level abstraction. These
64 * functions are wrappers for the RID get/set
65 * sequence. They call copy_[to|from]_bap() and
66 * cmd_access(). These functions operate on the
67 * RIDs and buffers without validation. The caller
68 * is responsible for that.
69 *
70 * API wrapper functions:
71 * hfa384x_cmd_xxx functions that provide access to the f/w commands.
72 * The function arguments correspond to each command
73 * argument, even command arguments that get packed
74 * into single registers. These functions _just_
75 * issue the command by setting the cmd/parm regs
76 * & reading the status/resp regs. Additional
77 * activities required to fully use a command
78 * (read/write from/to bap, get/set int status etc.)
79 * are implemented separately. Think of these as
80 * C-callable prism2 commands.
81 *
82 * Lowest Layer Functions:
83 * hfa384x_docmd_xxx These functions implement the sequence required
84 * to issue any prism2 command. Primarily used by the
85 * hfa384x_cmd_xxx functions.
86 *
87 * hfa384x_bap_xxx BAP read/write access functions.
88 * Note: we usually use BAP0 for non-interrupt context
89 * and BAP1 for interrupt context.
90 *
91 * hfa384x_dl_xxx download related functions.
92 *
93 * Driver State Issues:
94 * Note that there are two pairs of functions that manage the
95 * 'initialized' and 'running' states of the hw/MAC combo. The four
96 * functions are create(), destroy(), start(), and stop(). create()
97 * sets up the data structures required to support the hfa384x_*
98 * functions and destroy() cleans them up. The start() function gets
99 * the actual hardware running and enables the interrupts. The stop()
100 * function shuts the hardware down. The sequence should be:
101 * create()
102 * start()
103 * .
104 * . Do interesting things w/ the hardware
105 * .
106 * stop()
107 * destroy()
108 *
109 * Note that destroy() can be called without calling stop() first.
110 * --------------------------------------------------------------------
111 */
112
113 #include <linux/module.h>
114 #include <linux/kernel.h>
115 #include <linux/sched.h>
116 #include <linux/types.h>
117 #include <linux/slab.h>
118 #include <linux/wireless.h>
119 #include <linux/netdevice.h>
120 #include <linux/timer.h>
121 #include <linux/io.h>
122 #include <linux/delay.h>
123 #include <asm/byteorder.h>
124 #include <linux/bitops.h>
125 #include <linux/list.h>
126 #include <linux/usb.h>
127 #include <linux/byteorder/generic.h>
128
129 #include "p80211types.h"
130 #include "p80211hdr.h"
131 #include "p80211mgmt.h"
132 #include "p80211conv.h"
133 #include "p80211msg.h"
134 #include "p80211netdev.h"
135 #include "p80211req.h"
136 #include "p80211metadef.h"
137 #include "p80211metastruct.h"
138 #include "hfa384x.h"
139 #include "prism2mgmt.h"
140
141 enum cmd_mode {
142 DOWAIT = 0,
143 DOASYNC
144 };
145
146 #define THROTTLE_JIFFIES (HZ / 8)
147 #define URB_ASYNC_UNLINK 0
148 #define USB_QUEUE_BULK 0
149
150 #define ROUNDUP64(a) (((a) + 63) & ~63)
151
152 #ifdef DEBUG_USB
153 static void dbprint_urb(struct urb *urb);
154 #endif
155
156 static void hfa384x_int_rxmonitor(struct wlandevice *wlandev,
157 struct hfa384x_usb_rxfrm *rxfrm);
158
159 static void hfa384x_usb_defer(struct work_struct *data);
160
161 static int submit_rx_urb(struct hfa384x *hw, gfp_t flags);
162
163 static int submit_tx_urb(struct hfa384x *hw, struct urb *tx_urb, gfp_t flags);
164
165 /*---------------------------------------------------*/
166 /* Callbacks */
167 static void hfa384x_usbout_callback(struct urb *urb);
168 static void hfa384x_ctlxout_callback(struct urb *urb);
169 static void hfa384x_usbin_callback(struct urb *urb);
170
171 static void
172 hfa384x_usbin_txcompl(struct wlandevice *wlandev, union hfa384x_usbin *usbin);
173
174 static void hfa384x_usbin_rx(struct wlandevice *wlandev, struct sk_buff *skb);
175
176 static void hfa384x_usbin_info(struct wlandevice *wlandev,
177 union hfa384x_usbin *usbin);
178
179 static void hfa384x_usbin_ctlx(struct hfa384x *hw, union hfa384x_usbin *usbin,
180 int urb_status);
181
182 /*---------------------------------------------------*/
183 /* Functions to support the prism2 usb command queue */
184
185 static void hfa384x_usbctlxq_run(struct hfa384x *hw);
186
187 static void hfa384x_usbctlx_reqtimerfn(unsigned long data);
188
189 static void hfa384x_usbctlx_resptimerfn(unsigned long data);
190
191 static void hfa384x_usb_throttlefn(unsigned long data);
192
193 static void hfa384x_usbctlx_completion_task(unsigned long data);
194
195 static void hfa384x_usbctlx_reaper_task(unsigned long data);
196
197 static int hfa384x_usbctlx_submit(struct hfa384x *hw,
198 struct hfa384x_usbctlx *ctlx);
199
200 static void unlocked_usbctlx_complete(struct hfa384x *hw,
201 struct hfa384x_usbctlx *ctlx);
202
203 struct usbctlx_completor {
204 int (*complete)(struct usbctlx_completor *);
205 };
206
207 static int
208 hfa384x_usbctlx_complete_sync(struct hfa384x *hw,
209 struct hfa384x_usbctlx *ctlx,
210 struct usbctlx_completor *completor);
211
212 static int
213 unlocked_usbctlx_cancel_async(struct hfa384x *hw, struct hfa384x_usbctlx *ctlx);
214
215 static void hfa384x_cb_status(struct hfa384x *hw,
216 const struct hfa384x_usbctlx *ctlx);
217
218 static int
219 usbctlx_get_status(const struct hfa384x_usb_statusresp *cmdresp,
220 struct hfa384x_cmdresult *result);
221
222 static void
223 usbctlx_get_rridresult(const struct hfa384x_usb_rridresp *rridresp,
224 struct hfa384x_rridresult *result);
225
226 /*---------------------------------------------------*/
227 /* Low level req/resp CTLX formatters and submitters */
228 static int
229 hfa384x_docmd(struct hfa384x *hw,
230 enum cmd_mode mode,
231 struct hfa384x_metacmd *cmd,
232 ctlx_cmdcb_t cmdcb, ctlx_usercb_t usercb, void *usercb_data);
233
234 static int
235 hfa384x_dorrid(struct hfa384x *hw,
236 enum cmd_mode mode,
237 u16 rid,
238 void *riddata,
239 unsigned int riddatalen,
240 ctlx_cmdcb_t cmdcb, ctlx_usercb_t usercb, void *usercb_data);
241
242 static int
243 hfa384x_dowrid(struct hfa384x *hw,
244 enum cmd_mode mode,
245 u16 rid,
246 void *riddata,
247 unsigned int riddatalen,
248 ctlx_cmdcb_t cmdcb, ctlx_usercb_t usercb, void *usercb_data);
249
250 static int
251 hfa384x_dormem(struct hfa384x *hw,
252 enum cmd_mode mode,
253 u16 page,
254 u16 offset,
255 void *data,
256 unsigned int len,
257 ctlx_cmdcb_t cmdcb, ctlx_usercb_t usercb, void *usercb_data);
258
259 static int
260 hfa384x_dowmem(struct hfa384x *hw,
261 enum cmd_mode mode,
262 u16 page,
263 u16 offset,
264 void *data,
265 unsigned int len,
266 ctlx_cmdcb_t cmdcb, ctlx_usercb_t usercb, void *usercb_data);
267
268 static int hfa384x_isgood_pdrcode(u16 pdrcode);
269
270 static inline const char *ctlxstr(enum ctlx_state s)
271 {
272 static const char * const ctlx_str[] = {
273 "Initial state",
274 "Complete",
275 "Request failed",
276 "Request pending",
277 "Request packet submitted",
278 "Request packet completed",
279 "Response packet completed"
280 };
281
282 return ctlx_str[s];
283 };
284
285 static inline struct hfa384x_usbctlx *get_active_ctlx(struct hfa384x *hw)
286 {
287 return list_entry(hw->ctlxq.active.next, struct hfa384x_usbctlx, list);
288 }
289
290 #ifdef DEBUG_USB
291 void dbprint_urb(struct urb *urb)
292 {
293 pr_debug("urb->pipe=0x%08x\n", urb->pipe);
294 pr_debug("urb->status=0x%08x\n", urb->status);
295 pr_debug("urb->transfer_flags=0x%08x\n", urb->transfer_flags);
296 pr_debug("urb->transfer_buffer=0x%08x\n",
297 (unsigned int)urb->transfer_buffer);
298 pr_debug("urb->transfer_buffer_length=0x%08x\n",
299 urb->transfer_buffer_length);
300 pr_debug("urb->actual_length=0x%08x\n", urb->actual_length);
301 pr_debug("urb->bandwidth=0x%08x\n", urb->bandwidth);
302 pr_debug("urb->setup_packet(ctl)=0x%08x\n",
303 (unsigned int)urb->setup_packet);
304 pr_debug("urb->start_frame(iso/irq)=0x%08x\n", urb->start_frame);
305 pr_debug("urb->interval(irq)=0x%08x\n", urb->interval);
306 pr_debug("urb->error_count(iso)=0x%08x\n", urb->error_count);
307 pr_debug("urb->timeout=0x%08x\n", urb->timeout);
308 pr_debug("urb->context=0x%08x\n", (unsigned int)urb->context);
309 pr_debug("urb->complete=0x%08x\n", (unsigned int)urb->complete);
310 }
311 #endif
312
313 /*----------------------------------------------------------------
314 * submit_rx_urb
315 *
316 * Listen for input data on the BULK-IN pipe. If the pipe has
317 * stalled then schedule it to be reset.
318 *
319 * Arguments:
320 * hw device struct
321 * memflags memory allocation flags
322 *
323 * Returns:
324 * error code from submission
325 *
326 * Call context:
327 * Any
328 *----------------------------------------------------------------
329 */
330 static int submit_rx_urb(struct hfa384x *hw, gfp_t memflags)
331 {
332 struct sk_buff *skb;
333 int result;
334
335 skb = dev_alloc_skb(sizeof(union hfa384x_usbin));
336 if (!skb) {
337 result = -ENOMEM;
338 goto done;
339 }
340
341 /* Post the IN urb */
342 usb_fill_bulk_urb(&hw->rx_urb, hw->usb,
343 hw->endp_in,
344 skb->data, sizeof(union hfa384x_usbin),
345 hfa384x_usbin_callback, hw->wlandev);
346
347 hw->rx_urb_skb = skb;
348
349 result = -ENOLINK;
350 if (!hw->wlandev->hwremoved &&
351 !test_bit(WORK_RX_HALT, &hw->usb_flags)) {
352 result = usb_submit_urb(&hw->rx_urb, memflags);
353
354 /* Check whether we need to reset the RX pipe */
355 if (result == -EPIPE) {
356 netdev_warn(hw->wlandev->netdev,
357 "%s rx pipe stalled: requesting reset\n",
358 hw->wlandev->netdev->name);
359 if (!test_and_set_bit(WORK_RX_HALT, &hw->usb_flags))
360 schedule_work(&hw->usb_work);
361 }
362 }
363
364 /* Don't leak memory if anything should go wrong */
365 if (result != 0) {
366 dev_kfree_skb(skb);
367 hw->rx_urb_skb = NULL;
368 }
369
370 done:
371 return result;
372 }
373
374 /*----------------------------------------------------------------
375 * submit_tx_urb
376 *
377 * Prepares and submits the URB of transmitted data. If the
378 * submission fails then it will schedule the output pipe to
379 * be reset.
380 *
381 * Arguments:
382 * hw device struct
383 * tx_urb URB of data for transmission
384 * memflags memory allocation flags
385 *
386 * Returns:
387 * error code from submission
388 *
389 * Call context:
390 * Any
391 *----------------------------------------------------------------
392 */
393 static int submit_tx_urb(struct hfa384x *hw, struct urb *tx_urb, gfp_t memflags)
394 {
395 struct net_device *netdev = hw->wlandev->netdev;
396 int result;
397
398 result = -ENOLINK;
399 if (netif_running(netdev)) {
400 if (!hw->wlandev->hwremoved &&
401 !test_bit(WORK_TX_HALT, &hw->usb_flags)) {
402 result = usb_submit_urb(tx_urb, memflags);
403
404 /* Test whether we need to reset the TX pipe */
405 if (result == -EPIPE) {
406 netdev_warn(hw->wlandev->netdev,
407 "%s tx pipe stalled: requesting reset\n",
408 netdev->name);
409 set_bit(WORK_TX_HALT, &hw->usb_flags);
410 schedule_work(&hw->usb_work);
411 } else if (result == 0) {
412 netif_stop_queue(netdev);
413 }
414 }
415 }
416
417 return result;
418 }
419
420 /*----------------------------------------------------------------
421 * hfa394x_usb_defer
422 *
423 * There are some things that the USB stack cannot do while
424 * in interrupt context, so we arrange this function to run
425 * in process context.
426 *
427 * Arguments:
428 * hw device structure
429 *
430 * Returns:
431 * nothing
432 *
433 * Call context:
434 * process (by design)
435 *----------------------------------------------------------------
436 */
437 static void hfa384x_usb_defer(struct work_struct *data)
438 {
439 struct hfa384x *hw = container_of(data, struct hfa384x, usb_work);
440 struct net_device *netdev = hw->wlandev->netdev;
441
442 /* Don't bother trying to reset anything if the plug
443 * has been pulled ...
444 */
445 if (hw->wlandev->hwremoved)
446 return;
447
448 /* Reception has stopped: try to reset the input pipe */
449 if (test_bit(WORK_RX_HALT, &hw->usb_flags)) {
450 int ret;
451
452 usb_kill_urb(&hw->rx_urb); /* Cannot be holding spinlock! */
453
454 ret = usb_clear_halt(hw->usb, hw->endp_in);
455 if (ret != 0) {
456 netdev_err(hw->wlandev->netdev,
457 "Failed to clear rx pipe for %s: err=%d\n",
458 netdev->name, ret);
459 } else {
460 netdev_info(hw->wlandev->netdev, "%s rx pipe reset complete.\n",
461 netdev->name);
462 clear_bit(WORK_RX_HALT, &hw->usb_flags);
463 set_bit(WORK_RX_RESUME, &hw->usb_flags);
464 }
465 }
466
467 /* Resume receiving data back from the device. */
468 if (test_bit(WORK_RX_RESUME, &hw->usb_flags)) {
469 int ret;
470
471 ret = submit_rx_urb(hw, GFP_KERNEL);
472 if (ret != 0) {
473 netdev_err(hw->wlandev->netdev,
474 "Failed to resume %s rx pipe.\n",
475 netdev->name);
476 } else {
477 clear_bit(WORK_RX_RESUME, &hw->usb_flags);
478 }
479 }
480
481 /* Transmission has stopped: try to reset the output pipe */
482 if (test_bit(WORK_TX_HALT, &hw->usb_flags)) {
483 int ret;
484
485 usb_kill_urb(&hw->tx_urb);
486 ret = usb_clear_halt(hw->usb, hw->endp_out);
487 if (ret != 0) {
488 netdev_err(hw->wlandev->netdev,
489 "Failed to clear tx pipe for %s: err=%d\n",
490 netdev->name, ret);
491 } else {
492 netdev_info(hw->wlandev->netdev, "%s tx pipe reset complete.\n",
493 netdev->name);
494 clear_bit(WORK_TX_HALT, &hw->usb_flags);
495 set_bit(WORK_TX_RESUME, &hw->usb_flags);
496
497 /* Stopping the BULK-OUT pipe also blocked
498 * us from sending any more CTLX URBs, so
499 * we need to re-run our queue ...
500 */
501 hfa384x_usbctlxq_run(hw);
502 }
503 }
504
505 /* Resume transmitting. */
506 if (test_and_clear_bit(WORK_TX_RESUME, &hw->usb_flags))
507 netif_wake_queue(hw->wlandev->netdev);
508 }
509
510 /*----------------------------------------------------------------
511 * hfa384x_create
512 *
513 * Sets up the struct hfa384x data structure for use. Note this
514 * does _not_ initialize the actual hardware, just the data structures
515 * we use to keep track of its state.
516 *
517 * Arguments:
518 * hw device structure
519 * irq device irq number
520 * iobase i/o base address for register access
521 * membase memory base address for register access
522 *
523 * Returns:
524 * nothing
525 *
526 * Side effects:
527 *
528 * Call context:
529 * process
530 *----------------------------------------------------------------
531 */
532 void hfa384x_create(struct hfa384x *hw, struct usb_device *usb)
533 {
534 memset(hw, 0, sizeof(*hw));
535 hw->usb = usb;
536
537 /* set up the endpoints */
538 hw->endp_in = usb_rcvbulkpipe(usb, 1);
539 hw->endp_out = usb_sndbulkpipe(usb, 2);
540
541 /* Set up the waitq */
542 init_waitqueue_head(&hw->cmdq);
543
544 /* Initialize the command queue */
545 spin_lock_init(&hw->ctlxq.lock);
546 INIT_LIST_HEAD(&hw->ctlxq.pending);
547 INIT_LIST_HEAD(&hw->ctlxq.active);
548 INIT_LIST_HEAD(&hw->ctlxq.completing);
549 INIT_LIST_HEAD(&hw->ctlxq.reapable);
550
551 /* Initialize the authentication queue */
552 skb_queue_head_init(&hw->authq);
553
554 tasklet_init(&hw->reaper_bh,
555 hfa384x_usbctlx_reaper_task, (unsigned long)hw);
556 tasklet_init(&hw->completion_bh,
557 hfa384x_usbctlx_completion_task, (unsigned long)hw);
558 INIT_WORK(&hw->link_bh, prism2sta_processing_defer);
559 INIT_WORK(&hw->usb_work, hfa384x_usb_defer);
560
561 setup_timer(&hw->throttle, hfa384x_usb_throttlefn, (unsigned long)hw);
562
563 setup_timer(&hw->resptimer, hfa384x_usbctlx_resptimerfn,
564 (unsigned long)hw);
565
566 setup_timer(&hw->reqtimer, hfa384x_usbctlx_reqtimerfn,
567 (unsigned long)hw);
568
569 usb_init_urb(&hw->rx_urb);
570 usb_init_urb(&hw->tx_urb);
571 usb_init_urb(&hw->ctlx_urb);
572
573 hw->link_status = HFA384x_LINK_NOTCONNECTED;
574 hw->state = HFA384x_STATE_INIT;
575
576 INIT_WORK(&hw->commsqual_bh, prism2sta_commsqual_defer);
577 setup_timer(&hw->commsqual_timer, prism2sta_commsqual_timer,
578 (unsigned long)hw);
579 }
580
581 /*----------------------------------------------------------------
582 * hfa384x_destroy
583 *
584 * Partner to hfa384x_create(). This function cleans up the hw
585 * structure so that it can be freed by the caller using a simple
586 * kfree. Currently, this function is just a placeholder. If, at some
587 * point in the future, an hw in the 'shutdown' state requires a 'deep'
588 * kfree, this is where it should be done. Note that if this function
589 * is called on a _running_ hw structure, the drvr_stop() function is
590 * called.
591 *
592 * Arguments:
593 * hw device structure
594 *
595 * Returns:
596 * nothing, this function is not allowed to fail.
597 *
598 * Side effects:
599 *
600 * Call context:
601 * process
602 *----------------------------------------------------------------
603 */
604 void hfa384x_destroy(struct hfa384x *hw)
605 {
606 struct sk_buff *skb;
607
608 if (hw->state == HFA384x_STATE_RUNNING)
609 hfa384x_drvr_stop(hw);
610 hw->state = HFA384x_STATE_PREINIT;
611
612 kfree(hw->scanresults);
613 hw->scanresults = NULL;
614
615 /* Now to clean out the auth queue */
616 while ((skb = skb_dequeue(&hw->authq)))
617 dev_kfree_skb(skb);
618 }
619
620 static struct hfa384x_usbctlx *usbctlx_alloc(void)
621 {
622 struct hfa384x_usbctlx *ctlx;
623
624 ctlx = kzalloc(sizeof(*ctlx),
625 in_interrupt() ? GFP_ATOMIC : GFP_KERNEL);
626 if (ctlx)
627 init_completion(&ctlx->done);
628
629 return ctlx;
630 }
631
632 static int
633 usbctlx_get_status(const struct hfa384x_usb_statusresp *cmdresp,
634 struct hfa384x_cmdresult *result)
635 {
636 result->status = le16_to_cpu(cmdresp->status);
637 result->resp0 = le16_to_cpu(cmdresp->resp0);
638 result->resp1 = le16_to_cpu(cmdresp->resp1);
639 result->resp2 = le16_to_cpu(cmdresp->resp2);
640
641 pr_debug("cmdresult:status=0x%04x resp0=0x%04x resp1=0x%04x resp2=0x%04x\n",
642 result->status, result->resp0, result->resp1, result->resp2);
643
644 return result->status & HFA384x_STATUS_RESULT;
645 }
646
647 static void
648 usbctlx_get_rridresult(const struct hfa384x_usb_rridresp *rridresp,
649 struct hfa384x_rridresult *result)
650 {
651 result->rid = le16_to_cpu(rridresp->rid);
652 result->riddata = rridresp->data;
653 result->riddata_len = ((le16_to_cpu(rridresp->frmlen) - 1) * 2);
654 }
655
656 /*----------------------------------------------------------------
657 * Completor object:
658 * This completor must be passed to hfa384x_usbctlx_complete_sync()
659 * when processing a CTLX that returns a struct hfa384x_cmdresult structure.
660 *----------------------------------------------------------------
661 */
662 struct usbctlx_cmd_completor {
663 struct usbctlx_completor head;
664
665 const struct hfa384x_usb_statusresp *cmdresp;
666 struct hfa384x_cmdresult *result;
667 };
668
669 static inline int usbctlx_cmd_completor_fn(struct usbctlx_completor *head)
670 {
671 struct usbctlx_cmd_completor *complete;
672
673 complete = (struct usbctlx_cmd_completor *)head;
674 return usbctlx_get_status(complete->cmdresp, complete->result);
675 }
676
677 static inline struct usbctlx_completor *
678 init_cmd_completor(struct usbctlx_cmd_completor *completor,
679 const struct hfa384x_usb_statusresp *cmdresp,
680 struct hfa384x_cmdresult *result)
681 {
682 completor->head.complete = usbctlx_cmd_completor_fn;
683 completor->cmdresp = cmdresp;
684 completor->result = result;
685 return &completor->head;
686 }
687
688 /*----------------------------------------------------------------
689 * Completor object:
690 * This completor must be passed to hfa384x_usbctlx_complete_sync()
691 * when processing a CTLX that reads a RID.
692 *----------------------------------------------------------------
693 */
694 struct usbctlx_rrid_completor {
695 struct usbctlx_completor head;
696
697 const struct hfa384x_usb_rridresp *rridresp;
698 void *riddata;
699 unsigned int riddatalen;
700 };
701
702 static int usbctlx_rrid_completor_fn(struct usbctlx_completor *head)
703 {
704 struct usbctlx_rrid_completor *complete;
705 struct hfa384x_rridresult rridresult;
706
707 complete = (struct usbctlx_rrid_completor *)head;
708 usbctlx_get_rridresult(complete->rridresp, &rridresult);
709
710 /* Validate the length, note body len calculation in bytes */
711 if (rridresult.riddata_len != complete->riddatalen) {
712 pr_warn("RID len mismatch, rid=0x%04x hlen=%d fwlen=%d\n",
713 rridresult.rid,
714 complete->riddatalen, rridresult.riddata_len);
715 return -ENODATA;
716 }
717
718 memcpy(complete->riddata, rridresult.riddata, complete->riddatalen);
719 return 0;
720 }
721
722 static inline struct usbctlx_completor *
723 init_rrid_completor(struct usbctlx_rrid_completor *completor,
724 const struct hfa384x_usb_rridresp *rridresp,
725 void *riddata,
726 unsigned int riddatalen)
727 {
728 completor->head.complete = usbctlx_rrid_completor_fn;
729 completor->rridresp = rridresp;
730 completor->riddata = riddata;
731 completor->riddatalen = riddatalen;
732 return &completor->head;
733 }
734
735 /*----------------------------------------------------------------
736 * Completor object:
737 * Interprets the results of a synchronous RID-write
738 *----------------------------------------------------------------
739 */
740 #define init_wrid_completor init_cmd_completor
741
742 /*----------------------------------------------------------------
743 * Completor object:
744 * Interprets the results of a synchronous memory-write
745 *----------------------------------------------------------------
746 */
747 #define init_wmem_completor init_cmd_completor
748
749 /*----------------------------------------------------------------
750 * Completor object:
751 * Interprets the results of a synchronous memory-read
752 *----------------------------------------------------------------
753 */
754 struct usbctlx_rmem_completor {
755 struct usbctlx_completor head;
756
757 const struct hfa384x_usb_rmemresp *rmemresp;
758 void *data;
759 unsigned int len;
760 };
761
762 static int usbctlx_rmem_completor_fn(struct usbctlx_completor *head)
763 {
764 struct usbctlx_rmem_completor *complete =
765 (struct usbctlx_rmem_completor *)head;
766
767 pr_debug("rmemresp:len=%d\n", complete->rmemresp->frmlen);
768 memcpy(complete->data, complete->rmemresp->data, complete->len);
769 return 0;
770 }
771
772 static inline struct usbctlx_completor *
773 init_rmem_completor(struct usbctlx_rmem_completor *completor,
774 struct hfa384x_usb_rmemresp *rmemresp,
775 void *data,
776 unsigned int len)
777 {
778 completor->head.complete = usbctlx_rmem_completor_fn;
779 completor->rmemresp = rmemresp;
780 completor->data = data;
781 completor->len = len;
782 return &completor->head;
783 }
784
785 /*----------------------------------------------------------------
786 * hfa384x_cb_status
787 *
788 * Ctlx_complete handler for async CMD type control exchanges.
789 * mark the hw struct as such.
790 *
791 * Note: If the handling is changed here, it should probably be
792 * changed in docmd as well.
793 *
794 * Arguments:
795 * hw hw struct
796 * ctlx completed CTLX
797 *
798 * Returns:
799 * nothing
800 *
801 * Side effects:
802 *
803 * Call context:
804 * interrupt
805 *----------------------------------------------------------------
806 */
807 static void hfa384x_cb_status(struct hfa384x *hw,
808 const struct hfa384x_usbctlx *ctlx)
809 {
810 if (ctlx->usercb) {
811 struct hfa384x_cmdresult cmdresult;
812
813 if (ctlx->state != CTLX_COMPLETE) {
814 memset(&cmdresult, 0, sizeof(cmdresult));
815 cmdresult.status =
816 HFA384x_STATUS_RESULT_SET(HFA384x_CMD_ERR);
817 } else {
818 usbctlx_get_status(&ctlx->inbuf.cmdresp, &cmdresult);
819 }
820
821 ctlx->usercb(hw, &cmdresult, ctlx->usercb_data);
822 }
823 }
824
825 static inline int hfa384x_docmd_wait(struct hfa384x *hw,
826 struct hfa384x_metacmd *cmd)
827 {
828 return hfa384x_docmd(hw, DOWAIT, cmd, NULL, NULL, NULL);
829 }
830
831 static inline int
832 hfa384x_docmd_async(struct hfa384x *hw,
833 struct hfa384x_metacmd *cmd,
834 ctlx_cmdcb_t cmdcb, ctlx_usercb_t usercb, void *usercb_data)
835 {
836 return hfa384x_docmd(hw, DOASYNC, cmd, cmdcb, usercb, usercb_data);
837 }
838
839 static inline int
840 hfa384x_dorrid_wait(struct hfa384x *hw, u16 rid, void *riddata,
841 unsigned int riddatalen)
842 {
843 return hfa384x_dorrid(hw, DOWAIT,
844 rid, riddata, riddatalen, NULL, NULL, NULL);
845 }
846
847 static inline int
848 hfa384x_dorrid_async(struct hfa384x *hw,
849 u16 rid, void *riddata, unsigned int riddatalen,
850 ctlx_cmdcb_t cmdcb,
851 ctlx_usercb_t usercb, void *usercb_data)
852 {
853 return hfa384x_dorrid(hw, DOASYNC,
854 rid, riddata, riddatalen,
855 cmdcb, usercb, usercb_data);
856 }
857
858 static inline int
859 hfa384x_dowrid_wait(struct hfa384x *hw, u16 rid, void *riddata,
860 unsigned int riddatalen)
861 {
862 return hfa384x_dowrid(hw, DOWAIT,
863 rid, riddata, riddatalen, NULL, NULL, NULL);
864 }
865
866 static inline int
867 hfa384x_dowrid_async(struct hfa384x *hw,
868 u16 rid, void *riddata, unsigned int riddatalen,
869 ctlx_cmdcb_t cmdcb,
870 ctlx_usercb_t usercb, void *usercb_data)
871 {
872 return hfa384x_dowrid(hw, DOASYNC,
873 rid, riddata, riddatalen,
874 cmdcb, usercb, usercb_data);
875 }
876
877 static inline int
878 hfa384x_dormem_wait(struct hfa384x *hw,
879 u16 page, u16 offset, void *data, unsigned int len)
880 {
881 return hfa384x_dormem(hw, DOWAIT,
882 page, offset, data, len, NULL, NULL, NULL);
883 }
884
885 static inline int
886 hfa384x_dormem_async(struct hfa384x *hw,
887 u16 page, u16 offset, void *data, unsigned int len,
888 ctlx_cmdcb_t cmdcb,
889 ctlx_usercb_t usercb, void *usercb_data)
890 {
891 return hfa384x_dormem(hw, DOASYNC,
892 page, offset, data, len,
893 cmdcb, usercb, usercb_data);
894 }
895
896 static inline int
897 hfa384x_dowmem_wait(struct hfa384x *hw,
898 u16 page, u16 offset, void *data, unsigned int len)
899 {
900 return hfa384x_dowmem(hw, DOWAIT,
901 page, offset, data, len, NULL, NULL, NULL);
902 }
903
904 static inline int
905 hfa384x_dowmem_async(struct hfa384x *hw,
906 u16 page,
907 u16 offset,
908 void *data,
909 unsigned int len,
910 ctlx_cmdcb_t cmdcb,
911 ctlx_usercb_t usercb, void *usercb_data)
912 {
913 return hfa384x_dowmem(hw, DOASYNC,
914 page, offset, data, len,
915 cmdcb, usercb, usercb_data);
916 }
917
918 /*----------------------------------------------------------------
919 * hfa384x_cmd_initialize
920 *
921 * Issues the initialize command and sets the hw->state based
922 * on the result.
923 *
924 * Arguments:
925 * hw device structure
926 *
927 * Returns:
928 * 0 success
929 * >0 f/w reported error - f/w status code
930 * <0 driver reported error
931 *
932 * Side effects:
933 *
934 * Call context:
935 * process
936 *----------------------------------------------------------------
937 */
938 int hfa384x_cmd_initialize(struct hfa384x *hw)
939 {
940 int result = 0;
941 int i;
942 struct hfa384x_metacmd cmd;
943
944 cmd.cmd = HFA384x_CMDCODE_INIT;
945 cmd.parm0 = 0;
946 cmd.parm1 = 0;
947 cmd.parm2 = 0;
948
949 result = hfa384x_docmd_wait(hw, &cmd);
950
951 pr_debug("cmdresp.init: status=0x%04x, resp0=0x%04x, resp1=0x%04x, resp2=0x%04x\n",
952 cmd.result.status,
953 cmd.result.resp0, cmd.result.resp1, cmd.result.resp2);
954 if (result == 0) {
955 for (i = 0; i < HFA384x_NUMPORTS_MAX; i++)
956 hw->port_enabled[i] = 0;
957 }
958
959 hw->link_status = HFA384x_LINK_NOTCONNECTED;
960
961 return result;
962 }
963
964 /*----------------------------------------------------------------
965 * hfa384x_cmd_disable
966 *
967 * Issues the disable command to stop communications on one of
968 * the MACs 'ports'.
969 *
970 * Arguments:
971 * hw device structure
972 * macport MAC port number (host order)
973 *
974 * Returns:
975 * 0 success
976 * >0 f/w reported failure - f/w status code
977 * <0 driver reported error (timeout|bad arg)
978 *
979 * Side effects:
980 *
981 * Call context:
982 * process
983 *----------------------------------------------------------------
984 */
985 int hfa384x_cmd_disable(struct hfa384x *hw, u16 macport)
986 {
987 struct hfa384x_metacmd cmd;
988
989 cmd.cmd = HFA384x_CMD_CMDCODE_SET(HFA384x_CMDCODE_DISABLE) |
990 HFA384x_CMD_MACPORT_SET(macport);
991 cmd.parm0 = 0;
992 cmd.parm1 = 0;
993 cmd.parm2 = 0;
994
995 return hfa384x_docmd_wait(hw, &cmd);
996 }
997
998 /*----------------------------------------------------------------
999 * hfa384x_cmd_enable
1000 *
1001 * Issues the enable command to enable communications on one of
1002 * the MACs 'ports'.
1003 *
1004 * Arguments:
1005 * hw device structure
1006 * macport MAC port number
1007 *
1008 * Returns:
1009 * 0 success
1010 * >0 f/w reported failure - f/w status code
1011 * <0 driver reported error (timeout|bad arg)
1012 *
1013 * Side effects:
1014 *
1015 * Call context:
1016 * process
1017 *----------------------------------------------------------------
1018 */
1019 int hfa384x_cmd_enable(struct hfa384x *hw, u16 macport)
1020 {
1021 struct hfa384x_metacmd cmd;
1022
1023 cmd.cmd = HFA384x_CMD_CMDCODE_SET(HFA384x_CMDCODE_ENABLE) |
1024 HFA384x_CMD_MACPORT_SET(macport);
1025 cmd.parm0 = 0;
1026 cmd.parm1 = 0;
1027 cmd.parm2 = 0;
1028
1029 return hfa384x_docmd_wait(hw, &cmd);
1030 }
1031
1032 /*----------------------------------------------------------------
1033 * hfa384x_cmd_monitor
1034 *
1035 * Enables the 'monitor mode' of the MAC. Here's the description of
1036 * monitor mode that I've received thus far:
1037 *
1038 * "The "monitor mode" of operation is that the MAC passes all
1039 * frames for which the PLCP checks are correct. All received
1040 * MPDUs are passed to the host with MAC Port = 7, with a
1041 * receive status of good, FCS error, or undecryptable. Passing
1042 * certain MPDUs is a violation of the 802.11 standard, but useful
1043 * for a debugging tool." Normal communication is not possible
1044 * while monitor mode is enabled.
1045 *
1046 * Arguments:
1047 * hw device structure
1048 * enable a code (0x0b|0x0f) that enables/disables
1049 * monitor mode. (host order)
1050 *
1051 * Returns:
1052 * 0 success
1053 * >0 f/w reported failure - f/w status code
1054 * <0 driver reported error (timeout|bad arg)
1055 *
1056 * Side effects:
1057 *
1058 * Call context:
1059 * process
1060 *----------------------------------------------------------------
1061 */
1062 int hfa384x_cmd_monitor(struct hfa384x *hw, u16 enable)
1063 {
1064 struct hfa384x_metacmd cmd;
1065
1066 cmd.cmd = HFA384x_CMD_CMDCODE_SET(HFA384x_CMDCODE_MONITOR) |
1067 HFA384x_CMD_AINFO_SET(enable);
1068 cmd.parm0 = 0;
1069 cmd.parm1 = 0;
1070 cmd.parm2 = 0;
1071
1072 return hfa384x_docmd_wait(hw, &cmd);
1073 }
1074
1075 /*----------------------------------------------------------------
1076 * hfa384x_cmd_download
1077 *
1078 * Sets the controls for the MAC controller code/data download
1079 * process. The arguments set the mode and address associated
1080 * with a download. Note that the aux registers should be enabled
1081 * prior to setting one of the download enable modes.
1082 *
1083 * Arguments:
1084 * hw device structure
1085 * mode 0 - Disable programming and begin code exec
1086 * 1 - Enable volatile mem programming
1087 * 2 - Enable non-volatile mem programming
1088 * 3 - Program non-volatile section from NV download
1089 * buffer.
1090 * (host order)
1091 * lowaddr
1092 * highaddr For mode 1, sets the high & low order bits of
1093 * the "destination address". This address will be
1094 * the execution start address when download is
1095 * subsequently disabled.
1096 * For mode 2, sets the high & low order bits of
1097 * the destination in NV ram.
1098 * For modes 0 & 3, should be zero. (host order)
1099 * NOTE: these are CMD format.
1100 * codelen Length of the data to write in mode 2,
1101 * zero otherwise. (host order)
1102 *
1103 * Returns:
1104 * 0 success
1105 * >0 f/w reported failure - f/w status code
1106 * <0 driver reported error (timeout|bad arg)
1107 *
1108 * Side effects:
1109 *
1110 * Call context:
1111 * process
1112 *----------------------------------------------------------------
1113 */
1114 int hfa384x_cmd_download(struct hfa384x *hw, u16 mode, u16 lowaddr,
1115 u16 highaddr, u16 codelen)
1116 {
1117 struct hfa384x_metacmd cmd;
1118
1119 pr_debug("mode=%d, lowaddr=0x%04x, highaddr=0x%04x, codelen=%d\n",
1120 mode, lowaddr, highaddr, codelen);
1121
1122 cmd.cmd = (HFA384x_CMD_CMDCODE_SET(HFA384x_CMDCODE_DOWNLD) |
1123 HFA384x_CMD_PROGMODE_SET(mode));
1124
1125 cmd.parm0 = lowaddr;
1126 cmd.parm1 = highaddr;
1127 cmd.parm2 = codelen;
1128
1129 return hfa384x_docmd_wait(hw, &cmd);
1130 }
1131
1132 /*----------------------------------------------------------------
1133 * hfa384x_corereset
1134 *
1135 * Perform a reset of the hfa38xx MAC core. We assume that the hw
1136 * structure is in its "created" state. That is, it is initialized
1137 * with proper values. Note that if a reset is done after the
1138 * device has been active for awhile, the caller might have to clean
1139 * up some leftover cruft in the hw structure.
1140 *
1141 * Arguments:
1142 * hw device structure
1143 * holdtime how long (in ms) to hold the reset
1144 * settletime how long (in ms) to wait after releasing
1145 * the reset
1146 *
1147 * Returns:
1148 * nothing
1149 *
1150 * Side effects:
1151 *
1152 * Call context:
1153 * process
1154 *----------------------------------------------------------------
1155 */
1156 int hfa384x_corereset(struct hfa384x *hw, int holdtime,
1157 int settletime, int genesis)
1158 {
1159 int result;
1160
1161 result = usb_reset_device(hw->usb);
1162 if (result < 0) {
1163 netdev_err(hw->wlandev->netdev, "usb_reset_device() failed, result=%d.\n",
1164 result);
1165 }
1166
1167 return result;
1168 }
1169
1170 /*----------------------------------------------------------------
1171 * hfa384x_usbctlx_complete_sync
1172 *
1173 * Waits for a synchronous CTLX object to complete,
1174 * and then handles the response.
1175 *
1176 * Arguments:
1177 * hw device structure
1178 * ctlx CTLX ptr
1179 * completor functor object to decide what to
1180 * do with the CTLX's result.
1181 *
1182 * Returns:
1183 * 0 Success
1184 * -ERESTARTSYS Interrupted by a signal
1185 * -EIO CTLX failed
1186 * -ENODEV Adapter was unplugged
1187 * ??? Result from completor
1188 *
1189 * Side effects:
1190 *
1191 * Call context:
1192 * process
1193 *----------------------------------------------------------------
1194 */
1195 static int hfa384x_usbctlx_complete_sync(struct hfa384x *hw,
1196 struct hfa384x_usbctlx *ctlx,
1197 struct usbctlx_completor *completor)
1198 {
1199 unsigned long flags;
1200 int result;
1201
1202 result = wait_for_completion_interruptible(&ctlx->done);
1203
1204 spin_lock_irqsave(&hw->ctlxq.lock, flags);
1205
1206 /*
1207 * We can only handle the CTLX if the USB disconnect
1208 * function has not run yet ...
1209 */
1210 cleanup:
1211 if (hw->wlandev->hwremoved) {
1212 spin_unlock_irqrestore(&hw->ctlxq.lock, flags);
1213 result = -ENODEV;
1214 } else if (result != 0) {
1215 int runqueue = 0;
1216
1217 /*
1218 * We were probably interrupted, so delete
1219 * this CTLX asynchronously, kill the timers
1220 * and the URB, and then start the next
1221 * pending CTLX.
1222 *
1223 * NOTE: We can only delete the timers and
1224 * the URB if this CTLX is active.
1225 */
1226 if (ctlx == get_active_ctlx(hw)) {
1227 spin_unlock_irqrestore(&hw->ctlxq.lock, flags);
1228
1229 del_singleshot_timer_sync(&hw->reqtimer);
1230 del_singleshot_timer_sync(&hw->resptimer);
1231 hw->req_timer_done = 1;
1232 hw->resp_timer_done = 1;
1233 usb_kill_urb(&hw->ctlx_urb);
1234
1235 spin_lock_irqsave(&hw->ctlxq.lock, flags);
1236
1237 runqueue = 1;
1238
1239 /*
1240 * This scenario is so unlikely that I'm
1241 * happy with a grubby "goto" solution ...
1242 */
1243 if (hw->wlandev->hwremoved)
1244 goto cleanup;
1245 }
1246
1247 /*
1248 * The completion task will send this CTLX
1249 * to the reaper the next time it runs. We
1250 * are no longer in a hurry.
1251 */
1252 ctlx->reapable = 1;
1253 ctlx->state = CTLX_REQ_FAILED;
1254 list_move_tail(&ctlx->list, &hw->ctlxq.completing);
1255
1256 spin_unlock_irqrestore(&hw->ctlxq.lock, flags);
1257
1258 if (runqueue)
1259 hfa384x_usbctlxq_run(hw);
1260 } else {
1261 if (ctlx->state == CTLX_COMPLETE) {
1262 result = completor->complete(completor);
1263 } else {
1264 netdev_warn(hw->wlandev->netdev, "CTLX[%d] error: state(%s)\n",
1265 le16_to_cpu(ctlx->outbuf.type),
1266 ctlxstr(ctlx->state));
1267 result = -EIO;
1268 }
1269
1270 list_del(&ctlx->list);
1271 spin_unlock_irqrestore(&hw->ctlxq.lock, flags);
1272 kfree(ctlx);
1273 }
1274
1275 return result;
1276 }
1277
1278 /*----------------------------------------------------------------
1279 * hfa384x_docmd
1280 *
1281 * Constructs a command CTLX and submits it.
1282 *
1283 * NOTE: Any changes to the 'post-submit' code in this function
1284 * need to be carried over to hfa384x_cbcmd() since the handling
1285 * is virtually identical.
1286 *
1287 * Arguments:
1288 * hw device structure
1289 * mode DOWAIT or DOASYNC
1290 * cmd cmd structure. Includes all arguments and result
1291 * data points. All in host order. in host order
1292 * cmdcb command-specific callback
1293 * usercb user callback for async calls, NULL for DOWAIT calls
1294 * usercb_data user supplied data pointer for async calls, NULL
1295 * for DOASYNC calls
1296 *
1297 * Returns:
1298 * 0 success
1299 * -EIO CTLX failure
1300 * -ERESTARTSYS Awakened on signal
1301 * >0 command indicated error, Status and Resp0-2 are
1302 * in hw structure.
1303 *
1304 * Side effects:
1305 *
1306 *
1307 * Call context:
1308 * process
1309 *----------------------------------------------------------------
1310 */
1311 static int
1312 hfa384x_docmd(struct hfa384x *hw,
1313 enum cmd_mode mode,
1314 struct hfa384x_metacmd *cmd,
1315 ctlx_cmdcb_t cmdcb, ctlx_usercb_t usercb, void *usercb_data)
1316 {
1317 int result;
1318 struct hfa384x_usbctlx *ctlx;
1319
1320 ctlx = usbctlx_alloc();
1321 if (!ctlx) {
1322 result = -ENOMEM;
1323 goto done;
1324 }
1325
1326 /* Initialize the command */
1327 ctlx->outbuf.cmdreq.type = cpu_to_le16(HFA384x_USB_CMDREQ);
1328 ctlx->outbuf.cmdreq.cmd = cpu_to_le16(cmd->cmd);
1329 ctlx->outbuf.cmdreq.parm0 = cpu_to_le16(cmd->parm0);
1330 ctlx->outbuf.cmdreq.parm1 = cpu_to_le16(cmd->parm1);
1331 ctlx->outbuf.cmdreq.parm2 = cpu_to_le16(cmd->parm2);
1332
1333 ctlx->outbufsize = sizeof(ctlx->outbuf.cmdreq);
1334
1335 pr_debug("cmdreq: cmd=0x%04x parm0=0x%04x parm1=0x%04x parm2=0x%04x\n",
1336 cmd->cmd, cmd->parm0, cmd->parm1, cmd->parm2);
1337
1338 ctlx->reapable = mode;
1339 ctlx->cmdcb = cmdcb;
1340 ctlx->usercb = usercb;
1341 ctlx->usercb_data = usercb_data;
1342
1343 result = hfa384x_usbctlx_submit(hw, ctlx);
1344 if (result != 0) {
1345 kfree(ctlx);
1346 } else if (mode == DOWAIT) {
1347 struct usbctlx_cmd_completor completor;
1348
1349 result =
1350 hfa384x_usbctlx_complete_sync(hw, ctlx,
1351 init_cmd_completor(&completor,
1352 &ctlx->
1353 inbuf.
1354 cmdresp,
1355 &cmd->
1356 result));
1357 }
1358
1359 done:
1360 return result;
1361 }
1362
1363 /*----------------------------------------------------------------
1364 * hfa384x_dorrid
1365 *
1366 * Constructs a read rid CTLX and issues it.
1367 *
1368 * NOTE: Any changes to the 'post-submit' code in this function
1369 * need to be carried over to hfa384x_cbrrid() since the handling
1370 * is virtually identical.
1371 *
1372 * Arguments:
1373 * hw device structure
1374 * mode DOWAIT or DOASYNC
1375 * rid Read RID number (host order)
1376 * riddata Caller supplied buffer that MAC formatted RID.data
1377 * record will be written to for DOWAIT calls. Should
1378 * be NULL for DOASYNC calls.
1379 * riddatalen Buffer length for DOWAIT calls. Zero for DOASYNC calls.
1380 * cmdcb command callback for async calls, NULL for DOWAIT calls
1381 * usercb user callback for async calls, NULL for DOWAIT calls
1382 * usercb_data user supplied data pointer for async calls, NULL
1383 * for DOWAIT calls
1384 *
1385 * Returns:
1386 * 0 success
1387 * -EIO CTLX failure
1388 * -ERESTARTSYS Awakened on signal
1389 * -ENODATA riddatalen != macdatalen
1390 * >0 command indicated error, Status and Resp0-2 are
1391 * in hw structure.
1392 *
1393 * Side effects:
1394 *
1395 * Call context:
1396 * interrupt (DOASYNC)
1397 * process (DOWAIT or DOASYNC)
1398 *----------------------------------------------------------------
1399 */
1400 static int
1401 hfa384x_dorrid(struct hfa384x *hw,
1402 enum cmd_mode mode,
1403 u16 rid,
1404 void *riddata,
1405 unsigned int riddatalen,
1406 ctlx_cmdcb_t cmdcb, ctlx_usercb_t usercb, void *usercb_data)
1407 {
1408 int result;
1409 struct hfa384x_usbctlx *ctlx;
1410
1411 ctlx = usbctlx_alloc();
1412 if (!ctlx) {
1413 result = -ENOMEM;
1414 goto done;
1415 }
1416
1417 /* Initialize the command */
1418 ctlx->outbuf.rridreq.type = cpu_to_le16(HFA384x_USB_RRIDREQ);
1419 ctlx->outbuf.rridreq.frmlen =
1420 cpu_to_le16(sizeof(ctlx->outbuf.rridreq.rid));
1421 ctlx->outbuf.rridreq.rid = cpu_to_le16(rid);
1422
1423 ctlx->outbufsize = sizeof(ctlx->outbuf.rridreq);
1424
1425 ctlx->reapable = mode;
1426 ctlx->cmdcb = cmdcb;
1427 ctlx->usercb = usercb;
1428 ctlx->usercb_data = usercb_data;
1429
1430 /* Submit the CTLX */
1431 result = hfa384x_usbctlx_submit(hw, ctlx);
1432 if (result != 0) {
1433 kfree(ctlx);
1434 } else if (mode == DOWAIT) {
1435 struct usbctlx_rrid_completor completor;
1436
1437 result =
1438 hfa384x_usbctlx_complete_sync(hw, ctlx,
1439 init_rrid_completor
1440 (&completor,
1441 &ctlx->inbuf.rridresp,
1442 riddata, riddatalen));
1443 }
1444
1445 done:
1446 return result;
1447 }
1448
1449 /*----------------------------------------------------------------
1450 * hfa384x_dowrid
1451 *
1452 * Constructs a write rid CTLX and issues it.
1453 *
1454 * NOTE: Any changes to the 'post-submit' code in this function
1455 * need to be carried over to hfa384x_cbwrid() since the handling
1456 * is virtually identical.
1457 *
1458 * Arguments:
1459 * hw device structure
1460 * enum cmd_mode DOWAIT or DOASYNC
1461 * rid RID code
1462 * riddata Data portion of RID formatted for MAC
1463 * riddatalen Length of the data portion in bytes
1464 * cmdcb command callback for async calls, NULL for DOWAIT calls
1465 * usercb user callback for async calls, NULL for DOWAIT calls
1466 * usercb_data user supplied data pointer for async calls
1467 *
1468 * Returns:
1469 * 0 success
1470 * -ETIMEDOUT timed out waiting for register ready or
1471 * command completion
1472 * >0 command indicated error, Status and Resp0-2 are
1473 * in hw structure.
1474 *
1475 * Side effects:
1476 *
1477 * Call context:
1478 * interrupt (DOASYNC)
1479 * process (DOWAIT or DOASYNC)
1480 *----------------------------------------------------------------
1481 */
1482 static int
1483 hfa384x_dowrid(struct hfa384x *hw,
1484 enum cmd_mode mode,
1485 u16 rid,
1486 void *riddata,
1487 unsigned int riddatalen,
1488 ctlx_cmdcb_t cmdcb, ctlx_usercb_t usercb, void *usercb_data)
1489 {
1490 int result;
1491 struct hfa384x_usbctlx *ctlx;
1492
1493 ctlx = usbctlx_alloc();
1494 if (!ctlx) {
1495 result = -ENOMEM;
1496 goto done;
1497 }
1498
1499 /* Initialize the command */
1500 ctlx->outbuf.wridreq.type = cpu_to_le16(HFA384x_USB_WRIDREQ);
1501 ctlx->outbuf.wridreq.frmlen = cpu_to_le16((sizeof
1502 (ctlx->outbuf.wridreq.rid) +
1503 riddatalen + 1) / 2);
1504 ctlx->outbuf.wridreq.rid = cpu_to_le16(rid);
1505 memcpy(ctlx->outbuf.wridreq.data, riddata, riddatalen);
1506
1507 ctlx->outbufsize = sizeof(ctlx->outbuf.wridreq.type) +
1508 sizeof(ctlx->outbuf.wridreq.frmlen) +
1509 sizeof(ctlx->outbuf.wridreq.rid) + riddatalen;
1510
1511 ctlx->reapable = mode;
1512 ctlx->cmdcb = cmdcb;
1513 ctlx->usercb = usercb;
1514 ctlx->usercb_data = usercb_data;
1515
1516 /* Submit the CTLX */
1517 result = hfa384x_usbctlx_submit(hw, ctlx);
1518 if (result != 0) {
1519 kfree(ctlx);
1520 } else if (mode == DOWAIT) {
1521 struct usbctlx_cmd_completor completor;
1522 struct hfa384x_cmdresult wridresult;
1523
1524 result = hfa384x_usbctlx_complete_sync(hw,
1525 ctlx,
1526 init_wrid_completor
1527 (&completor,
1528 &ctlx->inbuf.wridresp,
1529 &wridresult));
1530 }
1531
1532 done:
1533 return result;
1534 }
1535
1536 /*----------------------------------------------------------------
1537 * hfa384x_dormem
1538 *
1539 * Constructs a readmem CTLX and issues it.
1540 *
1541 * NOTE: Any changes to the 'post-submit' code in this function
1542 * need to be carried over to hfa384x_cbrmem() since the handling
1543 * is virtually identical.
1544 *
1545 * Arguments:
1546 * hw device structure
1547 * mode DOWAIT or DOASYNC
1548 * page MAC address space page (CMD format)
1549 * offset MAC address space offset
1550 * data Ptr to data buffer to receive read
1551 * len Length of the data to read (max == 2048)
1552 * cmdcb command callback for async calls, NULL for DOWAIT calls
1553 * usercb user callback for async calls, NULL for DOWAIT calls
1554 * usercb_data user supplied data pointer for async calls
1555 *
1556 * Returns:
1557 * 0 success
1558 * -ETIMEDOUT timed out waiting for register ready or
1559 * command completion
1560 * >0 command indicated error, Status and Resp0-2 are
1561 * in hw structure.
1562 *
1563 * Side effects:
1564 *
1565 * Call context:
1566 * interrupt (DOASYNC)
1567 * process (DOWAIT or DOASYNC)
1568 *----------------------------------------------------------------
1569 */
1570 static int
1571 hfa384x_dormem(struct hfa384x *hw,
1572 enum cmd_mode mode,
1573 u16 page,
1574 u16 offset,
1575 void *data,
1576 unsigned int len,
1577 ctlx_cmdcb_t cmdcb, ctlx_usercb_t usercb, void *usercb_data)
1578 {
1579 int result;
1580 struct hfa384x_usbctlx *ctlx;
1581
1582 ctlx = usbctlx_alloc();
1583 if (!ctlx) {
1584 result = -ENOMEM;
1585 goto done;
1586 }
1587
1588 /* Initialize the command */
1589 ctlx->outbuf.rmemreq.type = cpu_to_le16(HFA384x_USB_RMEMREQ);
1590 ctlx->outbuf.rmemreq.frmlen =
1591 cpu_to_le16(sizeof(ctlx->outbuf.rmemreq.offset) +
1592 sizeof(ctlx->outbuf.rmemreq.page) + len);
1593 ctlx->outbuf.rmemreq.offset = cpu_to_le16(offset);
1594 ctlx->outbuf.rmemreq.page = cpu_to_le16(page);
1595
1596 ctlx->outbufsize = sizeof(ctlx->outbuf.rmemreq);
1597
1598 pr_debug("type=0x%04x frmlen=%d offset=0x%04x page=0x%04x\n",
1599 ctlx->outbuf.rmemreq.type,
1600 ctlx->outbuf.rmemreq.frmlen,
1601 ctlx->outbuf.rmemreq.offset, ctlx->outbuf.rmemreq.page);
1602
1603 pr_debug("pktsize=%zd\n", ROUNDUP64(sizeof(ctlx->outbuf.rmemreq)));
1604
1605 ctlx->reapable = mode;
1606 ctlx->cmdcb = cmdcb;
1607 ctlx->usercb = usercb;
1608 ctlx->usercb_data = usercb_data;
1609
1610 result = hfa384x_usbctlx_submit(hw, ctlx);
1611 if (result != 0) {
1612 kfree(ctlx);
1613 } else if (mode == DOWAIT) {
1614 struct usbctlx_rmem_completor completor;
1615
1616 result =
1617 hfa384x_usbctlx_complete_sync(hw, ctlx,
1618 init_rmem_completor
1619 (&completor,
1620 &ctlx->inbuf.rmemresp, data,
1621 len));
1622 }
1623
1624 done:
1625 return result;
1626 }
1627
1628 /*----------------------------------------------------------------
1629 * hfa384x_dowmem
1630 *
1631 * Constructs a writemem CTLX and issues it.
1632 *
1633 * NOTE: Any changes to the 'post-submit' code in this function
1634 * need to be carried over to hfa384x_cbwmem() since the handling
1635 * is virtually identical.
1636 *
1637 * Arguments:
1638 * hw device structure
1639 * mode DOWAIT or DOASYNC
1640 * page MAC address space page (CMD format)
1641 * offset MAC address space offset
1642 * data Ptr to data buffer containing write data
1643 * len Length of the data to read (max == 2048)
1644 * cmdcb command callback for async calls, NULL for DOWAIT calls
1645 * usercb user callback for async calls, NULL for DOWAIT calls
1646 * usercb_data user supplied data pointer for async calls.
1647 *
1648 * Returns:
1649 * 0 success
1650 * -ETIMEDOUT timed out waiting for register ready or
1651 * command completion
1652 * >0 command indicated error, Status and Resp0-2 are
1653 * in hw structure.
1654 *
1655 * Side effects:
1656 *
1657 * Call context:
1658 * interrupt (DOWAIT)
1659 * process (DOWAIT or DOASYNC)
1660 *----------------------------------------------------------------
1661 */
1662 static int
1663 hfa384x_dowmem(struct hfa384x *hw,
1664 enum cmd_mode mode,
1665 u16 page,
1666 u16 offset,
1667 void *data,
1668 unsigned int len,
1669 ctlx_cmdcb_t cmdcb, ctlx_usercb_t usercb, void *usercb_data)
1670 {
1671 int result;
1672 struct hfa384x_usbctlx *ctlx;
1673
1674 pr_debug("page=0x%04x offset=0x%04x len=%d\n", page, offset, len);
1675
1676 ctlx = usbctlx_alloc();
1677 if (!ctlx) {
1678 result = -ENOMEM;
1679 goto done;
1680 }
1681
1682 /* Initialize the command */
1683 ctlx->outbuf.wmemreq.type = cpu_to_le16(HFA384x_USB_WMEMREQ);
1684 ctlx->outbuf.wmemreq.frmlen =
1685 cpu_to_le16(sizeof(ctlx->outbuf.wmemreq.offset) +
1686 sizeof(ctlx->outbuf.wmemreq.page) + len);
1687 ctlx->outbuf.wmemreq.offset = cpu_to_le16(offset);
1688 ctlx->outbuf.wmemreq.page = cpu_to_le16(page);
1689 memcpy(ctlx->outbuf.wmemreq.data, data, len);
1690
1691 ctlx->outbufsize = sizeof(ctlx->outbuf.wmemreq.type) +
1692 sizeof(ctlx->outbuf.wmemreq.frmlen) +
1693 sizeof(ctlx->outbuf.wmemreq.offset) +
1694 sizeof(ctlx->outbuf.wmemreq.page) + len;
1695
1696 ctlx->reapable = mode;
1697 ctlx->cmdcb = cmdcb;
1698 ctlx->usercb = usercb;
1699 ctlx->usercb_data = usercb_data;
1700
1701 result = hfa384x_usbctlx_submit(hw, ctlx);
1702 if (result != 0) {
1703 kfree(ctlx);
1704 } else if (mode == DOWAIT) {
1705 struct usbctlx_cmd_completor completor;
1706 struct hfa384x_cmdresult wmemresult;
1707
1708 result = hfa384x_usbctlx_complete_sync(hw,
1709 ctlx,
1710 init_wmem_completor
1711 (&completor,
1712 &ctlx->inbuf.wmemresp,
1713 &wmemresult));
1714 }
1715
1716 done:
1717 return result;
1718 }
1719
1720 /*----------------------------------------------------------------
1721 * hfa384x_drvr_disable
1722 *
1723 * Issues the disable command to stop communications on one of
1724 * the MACs 'ports'. Only macport 0 is valid for stations.
1725 * APs may also disable macports 1-6. Only ports that have been
1726 * previously enabled may be disabled.
1727 *
1728 * Arguments:
1729 * hw device structure
1730 * macport MAC port number (host order)
1731 *
1732 * Returns:
1733 * 0 success
1734 * >0 f/w reported failure - f/w status code
1735 * <0 driver reported error (timeout|bad arg)
1736 *
1737 * Side effects:
1738 *
1739 * Call context:
1740 * process
1741 *----------------------------------------------------------------
1742 */
1743 int hfa384x_drvr_disable(struct hfa384x *hw, u16 macport)
1744 {
1745 int result = 0;
1746
1747 if ((!hw->isap && macport != 0) ||
1748 (hw->isap && !(macport <= HFA384x_PORTID_MAX)) ||
1749 !(hw->port_enabled[macport])) {
1750 result = -EINVAL;
1751 } else {
1752 result = hfa384x_cmd_disable(hw, macport);
1753 if (result == 0)
1754 hw->port_enabled[macport] = 0;
1755 }
1756 return result;
1757 }
1758
1759 /*----------------------------------------------------------------
1760 * hfa384x_drvr_enable
1761 *
1762 * Issues the enable command to enable communications on one of
1763 * the MACs 'ports'. Only macport 0 is valid for stations.
1764 * APs may also enable macports 1-6. Only ports that are currently
1765 * disabled may be enabled.
1766 *
1767 * Arguments:
1768 * hw device structure
1769 * macport MAC port number
1770 *
1771 * Returns:
1772 * 0 success
1773 * >0 f/w reported failure - f/w status code
1774 * <0 driver reported error (timeout|bad arg)
1775 *
1776 * Side effects:
1777 *
1778 * Call context:
1779 * process
1780 *----------------------------------------------------------------
1781 */
1782 int hfa384x_drvr_enable(struct hfa384x *hw, u16 macport)
1783 {
1784 int result = 0;
1785
1786 if ((!hw->isap && macport != 0) ||
1787 (hw->isap && !(macport <= HFA384x_PORTID_MAX)) ||
1788 (hw->port_enabled[macport])) {
1789 result = -EINVAL;
1790 } else {
1791 result = hfa384x_cmd_enable(hw, macport);
1792 if (result == 0)
1793 hw->port_enabled[macport] = 1;
1794 }
1795 return result;
1796 }
1797
1798 /*----------------------------------------------------------------
1799 * hfa384x_drvr_flashdl_enable
1800 *
1801 * Begins the flash download state. Checks to see that we're not
1802 * already in a download state and that a port isn't enabled.
1803 * Sets the download state and retrieves the flash download
1804 * buffer location, buffer size, and timeout length.
1805 *
1806 * Arguments:
1807 * hw device structure
1808 *
1809 * Returns:
1810 * 0 success
1811 * >0 f/w reported error - f/w status code
1812 * <0 driver reported error
1813 *
1814 * Side effects:
1815 *
1816 * Call context:
1817 * process
1818 *----------------------------------------------------------------
1819 */
1820 int hfa384x_drvr_flashdl_enable(struct hfa384x *hw)
1821 {
1822 int result = 0;
1823 int i;
1824
1825 /* Check that a port isn't active */
1826 for (i = 0; i < HFA384x_PORTID_MAX; i++) {
1827 if (hw->port_enabled[i]) {
1828 pr_debug("called when port enabled.\n");
1829 return -EINVAL;
1830 }
1831 }
1832
1833 /* Check that we're not already in a download state */
1834 if (hw->dlstate != HFA384x_DLSTATE_DISABLED)
1835 return -EINVAL;
1836
1837 /* Retrieve the buffer loc&size and timeout */
1838 result = hfa384x_drvr_getconfig(hw, HFA384x_RID_DOWNLOADBUFFER,
1839 &hw->bufinfo, sizeof(hw->bufinfo));
1840 if (result)
1841 return result;
1842
1843 hw->bufinfo.page = le16_to_cpu(hw->bufinfo.page);
1844 hw->bufinfo.offset = le16_to_cpu(hw->bufinfo.offset);
1845 hw->bufinfo.len = le16_to_cpu(hw->bufinfo.len);
1846 result = hfa384x_drvr_getconfig16(hw, HFA384x_RID_MAXLOADTIME,
1847 &hw->dltimeout);
1848 if (result)
1849 return result;
1850
1851 hw->dltimeout = le16_to_cpu(hw->dltimeout);
1852
1853 pr_debug("flashdl_enable\n");
1854
1855 hw->dlstate = HFA384x_DLSTATE_FLASHENABLED;
1856
1857 return result;
1858 }
1859
1860 /*----------------------------------------------------------------
1861 * hfa384x_drvr_flashdl_disable
1862 *
1863 * Ends the flash download state. Note that this will cause the MAC
1864 * firmware to restart.
1865 *
1866 * Arguments:
1867 * hw device structure
1868 *
1869 * Returns:
1870 * 0 success
1871 * >0 f/w reported error - f/w status code
1872 * <0 driver reported error
1873 *
1874 * Side effects:
1875 *
1876 * Call context:
1877 * process
1878 *----------------------------------------------------------------
1879 */
1880 int hfa384x_drvr_flashdl_disable(struct hfa384x *hw)
1881 {
1882 /* Check that we're already in the download state */
1883 if (hw->dlstate != HFA384x_DLSTATE_FLASHENABLED)
1884 return -EINVAL;
1885
1886 pr_debug("flashdl_enable\n");
1887
1888 /* There isn't much we can do at this point, so I don't */
1889 /* bother w/ the return value */
1890 hfa384x_cmd_download(hw, HFA384x_PROGMODE_DISABLE, 0, 0, 0);
1891 hw->dlstate = HFA384x_DLSTATE_DISABLED;
1892
1893 return 0;
1894 }
1895
1896 /*----------------------------------------------------------------
1897 * hfa384x_drvr_flashdl_write
1898 *
1899 * Performs a FLASH download of a chunk of data. First checks to see
1900 * that we're in the FLASH download state, then sets the download
1901 * mode, uses the aux functions to 1) copy the data to the flash
1902 * buffer, 2) sets the download 'write flash' mode, 3) readback and
1903 * compare. Lather rinse, repeat as many times an necessary to get
1904 * all the given data into flash.
1905 * When all data has been written using this function (possibly
1906 * repeatedly), call drvr_flashdl_disable() to end the download state
1907 * and restart the MAC.
1908 *
1909 * Arguments:
1910 * hw device structure
1911 * daddr Card address to write to. (host order)
1912 * buf Ptr to data to write.
1913 * len Length of data (host order).
1914 *
1915 * Returns:
1916 * 0 success
1917 * >0 f/w reported error - f/w status code
1918 * <0 driver reported error
1919 *
1920 * Side effects:
1921 *
1922 * Call context:
1923 * process
1924 *----------------------------------------------------------------
1925 */
1926 int hfa384x_drvr_flashdl_write(struct hfa384x *hw, u32 daddr,
1927 void *buf, u32 len)
1928 {
1929 int result = 0;
1930 u32 dlbufaddr;
1931 int nburns;
1932 u32 burnlen;
1933 u32 burndaddr;
1934 u16 burnlo;
1935 u16 burnhi;
1936 int nwrites;
1937 u8 *writebuf;
1938 u16 writepage;
1939 u16 writeoffset;
1940 u32 writelen;
1941 int i;
1942 int j;
1943
1944 pr_debug("daddr=0x%08x len=%d\n", daddr, len);
1945
1946 /* Check that we're in the flash download state */
1947 if (hw->dlstate != HFA384x_DLSTATE_FLASHENABLED)
1948 return -EINVAL;
1949
1950 netdev_info(hw->wlandev->netdev,
1951 "Download %d bytes to flash @0x%06x\n", len, daddr);
1952
1953 /* Convert to flat address for arithmetic */
1954 /* NOTE: dlbuffer RID stores the address in AUX format */
1955 dlbufaddr =
1956 HFA384x_ADDR_AUX_MKFLAT(hw->bufinfo.page, hw->bufinfo.offset);
1957 pr_debug("dlbuf.page=0x%04x dlbuf.offset=0x%04x dlbufaddr=0x%08x\n",
1958 hw->bufinfo.page, hw->bufinfo.offset, dlbufaddr);
1959 /* Calculations to determine how many fills of the dlbuffer to do
1960 * and how many USB wmemreq's to do for each fill. At this point
1961 * in time, the dlbuffer size and the wmemreq size are the same.
1962 * Therefore, nwrites should always be 1. The extra complexity
1963 * here is a hedge against future changes.
1964 */
1965
1966 /* Figure out how many times to do the flash programming */
1967 nburns = len / hw->bufinfo.len;
1968 nburns += (len % hw->bufinfo.len) ? 1 : 0;
1969
1970 /* For each flash program cycle, how many USB wmemreq's are needed? */
1971 nwrites = hw->bufinfo.len / HFA384x_USB_RWMEM_MAXLEN;
1972 nwrites += (hw->bufinfo.len % HFA384x_USB_RWMEM_MAXLEN) ? 1 : 0;
1973
1974 /* For each burn */
1975 for (i = 0; i < nburns; i++) {
1976 /* Get the dest address and len */
1977 burnlen = (len - (hw->bufinfo.len * i)) > hw->bufinfo.len ?
1978 hw->bufinfo.len : (len - (hw->bufinfo.len * i));
1979 burndaddr = daddr + (hw->bufinfo.len * i);
1980 burnlo = HFA384x_ADDR_CMD_MKOFF(burndaddr);
1981 burnhi = HFA384x_ADDR_CMD_MKPAGE(burndaddr);
1982
1983 netdev_info(hw->wlandev->netdev, "Writing %d bytes to flash @0x%06x\n",
1984 burnlen, burndaddr);
1985
1986 /* Set the download mode */
1987 result = hfa384x_cmd_download(hw, HFA384x_PROGMODE_NV,
1988 burnlo, burnhi, burnlen);
1989 if (result) {
1990 netdev_err(hw->wlandev->netdev,
1991 "download(NV,lo=%x,hi=%x,len=%x) cmd failed, result=%d. Aborting d/l\n",
1992 burnlo, burnhi, burnlen, result);
1993 goto exit_proc;
1994 }
1995
1996 /* copy the data to the flash download buffer */
1997 for (j = 0; j < nwrites; j++) {
1998 writebuf = buf +
1999 (i * hw->bufinfo.len) +
2000 (j * HFA384x_USB_RWMEM_MAXLEN);
2001
2002 writepage = HFA384x_ADDR_CMD_MKPAGE(dlbufaddr +
2003 (j * HFA384x_USB_RWMEM_MAXLEN));
2004 writeoffset = HFA384x_ADDR_CMD_MKOFF(dlbufaddr +
2005 (j * HFA384x_USB_RWMEM_MAXLEN));
2006
2007 writelen = burnlen - (j * HFA384x_USB_RWMEM_MAXLEN);
2008 writelen = writelen > HFA384x_USB_RWMEM_MAXLEN ?
2009 HFA384x_USB_RWMEM_MAXLEN : writelen;
2010
2011 result = hfa384x_dowmem_wait(hw,
2012 writepage,
2013 writeoffset,
2014 writebuf, writelen);
2015 }
2016
2017 /* set the download 'write flash' mode */
2018 result = hfa384x_cmd_download(hw,
2019 HFA384x_PROGMODE_NVWRITE,
2020 0, 0, 0);
2021 if (result) {
2022 netdev_err(hw->wlandev->netdev,
2023 "download(NVWRITE,lo=%x,hi=%x,len=%x) cmd failed, result=%d. Aborting d/l\n",
2024 burnlo, burnhi, burnlen, result);
2025 goto exit_proc;
2026 }
2027
2028 /* TODO: We really should do a readback and compare. */
2029 }
2030
2031 exit_proc:
2032
2033 /* Leave the firmware in the 'post-prog' mode. flashdl_disable will */
2034 /* actually disable programming mode. Remember, that will cause the */
2035 /* the firmware to effectively reset itself. */
2036
2037 return result;
2038 }
2039
2040 /*----------------------------------------------------------------
2041 * hfa384x_drvr_getconfig
2042 *
2043 * Performs the sequence necessary to read a config/info item.
2044 *
2045 * Arguments:
2046 * hw device structure
2047 * rid config/info record id (host order)
2048 * buf host side record buffer. Upon return it will
2049 * contain the body portion of the record (minus the
2050 * RID and len).
2051 * len buffer length (in bytes, should match record length)
2052 *
2053 * Returns:
2054 * 0 success
2055 * >0 f/w reported error - f/w status code
2056 * <0 driver reported error
2057 * -ENODATA length mismatch between argument and retrieved
2058 * record.
2059 *
2060 * Side effects:
2061 *
2062 * Call context:
2063 * process
2064 *----------------------------------------------------------------
2065 */
2066 int hfa384x_drvr_getconfig(struct hfa384x *hw, u16 rid, void *buf, u16 len)
2067 {
2068 return hfa384x_dorrid_wait(hw, rid, buf, len);
2069 }
2070
2071 /*----------------------------------------------------------------
2072 * hfa384x_drvr_setconfig_async
2073 *
2074 * Performs the sequence necessary to write a config/info item.
2075 *
2076 * Arguments:
2077 * hw device structure
2078 * rid config/info record id (in host order)
2079 * buf host side record buffer
2080 * len buffer length (in bytes)
2081 * usercb completion callback
2082 * usercb_data completion callback argument
2083 *
2084 * Returns:
2085 * 0 success
2086 * >0 f/w reported error - f/w status code
2087 * <0 driver reported error
2088 *
2089 * Side effects:
2090 *
2091 * Call context:
2092 * process
2093 *----------------------------------------------------------------
2094 */
2095 int
2096 hfa384x_drvr_setconfig_async(struct hfa384x *hw,
2097 u16 rid,
2098 void *buf,
2099 u16 len, ctlx_usercb_t usercb, void *usercb_data)
2100 {
2101 return hfa384x_dowrid_async(hw, rid, buf, len,
2102 hfa384x_cb_status, usercb, usercb_data);
2103 }
2104
2105 /*----------------------------------------------------------------
2106 * hfa384x_drvr_ramdl_disable
2107 *
2108 * Ends the ram download state.
2109 *
2110 * Arguments:
2111 * hw device structure
2112 *
2113 * Returns:
2114 * 0 success
2115 * >0 f/w reported error - f/w status code
2116 * <0 driver reported error
2117 *
2118 * Side effects:
2119 *
2120 * Call context:
2121 * process
2122 *----------------------------------------------------------------
2123 */
2124 int hfa384x_drvr_ramdl_disable(struct hfa384x *hw)
2125 {
2126 /* Check that we're already in the download state */
2127 if (hw->dlstate != HFA384x_DLSTATE_RAMENABLED)
2128 return -EINVAL;
2129
2130 pr_debug("ramdl_disable()\n");
2131
2132 /* There isn't much we can do at this point, so I don't */
2133 /* bother w/ the return value */
2134 hfa384x_cmd_download(hw, HFA384x_PROGMODE_DISABLE, 0, 0, 0);
2135 hw->dlstate = HFA384x_DLSTATE_DISABLED;
2136
2137 return 0;
2138 }
2139
2140 /*----------------------------------------------------------------
2141 * hfa384x_drvr_ramdl_enable
2142 *
2143 * Begins the ram download state. Checks to see that we're not
2144 * already in a download state and that a port isn't enabled.
2145 * Sets the download state and calls cmd_download with the
2146 * ENABLE_VOLATILE subcommand and the exeaddr argument.
2147 *
2148 * Arguments:
2149 * hw device structure
2150 * exeaddr the card execution address that will be
2151 * jumped to when ramdl_disable() is called
2152 * (host order).
2153 *
2154 * Returns:
2155 * 0 success
2156 * >0 f/w reported error - f/w status code
2157 * <0 driver reported error
2158 *
2159 * Side effects:
2160 *
2161 * Call context:
2162 * process
2163 *----------------------------------------------------------------
2164 */
2165 int hfa384x_drvr_ramdl_enable(struct hfa384x *hw, u32 exeaddr)
2166 {
2167 int result = 0;
2168 u16 lowaddr;
2169 u16 hiaddr;
2170 int i;
2171
2172 /* Check that a port isn't active */
2173 for (i = 0; i < HFA384x_PORTID_MAX; i++) {
2174 if (hw->port_enabled[i]) {
2175 netdev_err(hw->wlandev->netdev,
2176 "Can't download with a macport enabled.\n");
2177 return -EINVAL;
2178 }
2179 }
2180
2181 /* Check that we're not already in a download state */
2182 if (hw->dlstate != HFA384x_DLSTATE_DISABLED) {
2183 netdev_err(hw->wlandev->netdev,
2184 "Download state not disabled.\n");
2185 return -EINVAL;
2186 }
2187
2188 pr_debug("ramdl_enable, exeaddr=0x%08x\n", exeaddr);
2189
2190 /* Call the download(1,addr) function */
2191 lowaddr = HFA384x_ADDR_CMD_MKOFF(exeaddr);
2192 hiaddr = HFA384x_ADDR_CMD_MKPAGE(exeaddr);
2193
2194 result = hfa384x_cmd_download(hw, HFA384x_PROGMODE_RAM,
2195 lowaddr, hiaddr, 0);
2196
2197 if (result == 0) {
2198 /* Set the download state */
2199 hw->dlstate = HFA384x_DLSTATE_RAMENABLED;
2200 } else {
2201 pr_debug("cmd_download(0x%04x, 0x%04x) failed, result=%d.\n",
2202 lowaddr, hiaddr, result);
2203 }
2204
2205 return result;
2206 }
2207
2208 /*----------------------------------------------------------------
2209 * hfa384x_drvr_ramdl_write
2210 *
2211 * Performs a RAM download of a chunk of data. First checks to see
2212 * that we're in the RAM download state, then uses the [read|write]mem USB
2213 * commands to 1) copy the data, 2) readback and compare. The download
2214 * state is unaffected. When all data has been written using
2215 * this function, call drvr_ramdl_disable() to end the download state
2216 * and restart the MAC.
2217 *
2218 * Arguments:
2219 * hw device structure
2220 * daddr Card address to write to. (host order)
2221 * buf Ptr to data to write.
2222 * len Length of data (host order).
2223 *
2224 * Returns:
2225 * 0 success
2226 * >0 f/w reported error - f/w status code
2227 * <0 driver reported error
2228 *
2229 * Side effects:
2230 *
2231 * Call context:
2232 * process
2233 *----------------------------------------------------------------
2234 */
2235 int hfa384x_drvr_ramdl_write(struct hfa384x *hw, u32 daddr, void *buf, u32 len)
2236 {
2237 int result = 0;
2238 int nwrites;
2239 u8 *data = buf;
2240 int i;
2241 u32 curraddr;
2242 u16 currpage;
2243 u16 curroffset;
2244 u16 currlen;
2245
2246 /* Check that we're in the ram download state */
2247 if (hw->dlstate != HFA384x_DLSTATE_RAMENABLED)
2248 return -EINVAL;
2249
2250 netdev_info(hw->wlandev->netdev, "Writing %d bytes to ram @0x%06x\n",
2251 len, daddr);
2252
2253 /* How many dowmem calls? */
2254 nwrites = len / HFA384x_USB_RWMEM_MAXLEN;
2255 nwrites += len % HFA384x_USB_RWMEM_MAXLEN ? 1 : 0;
2256
2257 /* Do blocking wmem's */
2258 for (i = 0; i < nwrites; i++) {
2259 /* make address args */
2260 curraddr = daddr + (i * HFA384x_USB_RWMEM_MAXLEN);
2261 currpage = HFA384x_ADDR_CMD_MKPAGE(curraddr);
2262 curroffset = HFA384x_ADDR_CMD_MKOFF(curraddr);
2263 currlen = len - (i * HFA384x_USB_RWMEM_MAXLEN);
2264 if (currlen > HFA384x_USB_RWMEM_MAXLEN)
2265 currlen = HFA384x_USB_RWMEM_MAXLEN;
2266
2267 /* Do blocking ctlx */
2268 result = hfa384x_dowmem_wait(hw,
2269 currpage,
2270 curroffset,
2271 data +
2272 (i * HFA384x_USB_RWMEM_MAXLEN),
2273 currlen);
2274
2275 if (result)
2276 break;
2277
2278 /* TODO: We really should have a readback. */
2279 }
2280
2281 return result;
2282 }
2283
2284 /*----------------------------------------------------------------
2285 * hfa384x_drvr_readpda
2286 *
2287 * Performs the sequence to read the PDA space. Note there is no
2288 * drvr_writepda() function. Writing a PDA is
2289 * generally implemented by a calling component via calls to
2290 * cmd_download and writing to the flash download buffer via the
2291 * aux regs.
2292 *
2293 * Arguments:
2294 * hw device structure
2295 * buf buffer to store PDA in
2296 * len buffer length
2297 *
2298 * Returns:
2299 * 0 success
2300 * >0 f/w reported error - f/w status code
2301 * <0 driver reported error
2302 * -ETIMEDOUT timeout waiting for the cmd regs to become
2303 * available, or waiting for the control reg
2304 * to indicate the Aux port is enabled.
2305 * -ENODATA the buffer does NOT contain a valid PDA.
2306 * Either the card PDA is bad, or the auxdata
2307 * reads are giving us garbage.
2308 *
2309 *
2310 * Side effects:
2311 *
2312 * Call context:
2313 * process or non-card interrupt.
2314 *----------------------------------------------------------------
2315 */
2316 int hfa384x_drvr_readpda(struct hfa384x *hw, void *buf, unsigned int len)
2317 {
2318 int result = 0;
2319 u16 *pda = buf;
2320 int pdaok = 0;
2321 int morepdrs = 1;
2322 int currpdr = 0; /* word offset of the current pdr */
2323 size_t i;
2324 u16 pdrlen; /* pdr length in bytes, host order */
2325 u16 pdrcode; /* pdr code, host order */
2326 u16 currpage;
2327 u16 curroffset;
2328 struct pdaloc {
2329 u32 cardaddr;
2330 u16 auxctl;
2331 } pdaloc[] = {
2332 {
2333 HFA3842_PDA_BASE, 0}, {
2334 HFA3841_PDA_BASE, 0}, {
2335 HFA3841_PDA_BOGUS_BASE, 0}
2336 };
2337
2338 /* Read the pda from each known address. */
2339 for (i = 0; i < ARRAY_SIZE(pdaloc); i++) {
2340 /* Make address */
2341 currpage = HFA384x_ADDR_CMD_MKPAGE(pdaloc[i].cardaddr);
2342 curroffset = HFA384x_ADDR_CMD_MKOFF(pdaloc[i].cardaddr);
2343
2344 /* units of bytes */
2345 result = hfa384x_dormem_wait(hw, currpage, curroffset, buf,
2346 len);
2347
2348 if (result) {
2349 netdev_warn(hw->wlandev->netdev,
2350 "Read from index %zd failed, continuing\n",
2351 i);
2352 continue;
2353 }
2354
2355 /* Test for garbage */
2356 pdaok = 1; /* initially assume good */
2357 morepdrs = 1;
2358 while (pdaok && morepdrs) {
2359 pdrlen = le16_to_cpu(pda[currpdr]) * 2;
2360 pdrcode = le16_to_cpu(pda[currpdr + 1]);
2361 /* Test the record length */
2362 if (pdrlen > HFA384x_PDR_LEN_MAX || pdrlen == 0) {
2363 netdev_err(hw->wlandev->netdev,
2364 "pdrlen invalid=%d\n", pdrlen);
2365 pdaok = 0;
2366 break;
2367 }
2368 /* Test the code */
2369 if (!hfa384x_isgood_pdrcode(pdrcode)) {
2370 netdev_err(hw->wlandev->netdev, "pdrcode invalid=%d\n",
2371 pdrcode);
2372 pdaok = 0;
2373 break;
2374 }
2375 /* Test for completion */
2376 if (pdrcode == HFA384x_PDR_END_OF_PDA)
2377 morepdrs = 0;
2378
2379 /* Move to the next pdr (if necessary) */
2380 if (morepdrs) {
2381 /* note the access to pda[], need words here */
2382 currpdr += le16_to_cpu(pda[currpdr]) + 1;
2383 }
2384 }
2385 if (pdaok) {
2386 netdev_info(hw->wlandev->netdev,
2387 "PDA Read from 0x%08x in %s space.\n",
2388 pdaloc[i].cardaddr,
2389 pdaloc[i].auxctl == 0 ? "EXTDS" :
2390 pdaloc[i].auxctl == 1 ? "NV" :
2391 pdaloc[i].auxctl == 2 ? "PHY" :
2392 pdaloc[i].auxctl == 3 ? "ICSRAM" :
2393 "<bogus auxctl>");
2394 break;
2395 }
2396 }
2397 result = pdaok ? 0 : -ENODATA;
2398
2399 if (result)
2400 pr_debug("Failure: pda is not okay\n");
2401
2402 return result;
2403 }
2404
2405 /*----------------------------------------------------------------
2406 * hfa384x_drvr_setconfig
2407 *
2408 * Performs the sequence necessary to write a config/info item.
2409 *
2410 * Arguments:
2411 * hw device structure
2412 * rid config/info record id (in host order)
2413 * buf host side record buffer
2414 * len buffer length (in bytes)
2415 *
2416 * Returns:
2417 * 0 success
2418 * >0 f/w reported error - f/w status code
2419 * <0 driver reported error
2420 *
2421 * Side effects:
2422 *
2423 * Call context:
2424 * process
2425 *----------------------------------------------------------------
2426 */
2427 int hfa384x_drvr_setconfig(struct hfa384x *hw, u16 rid, void *buf, u16 len)
2428 {
2429 return hfa384x_dowrid_wait(hw, rid, buf, len);
2430 }
2431
2432 /*----------------------------------------------------------------
2433 * hfa384x_drvr_start
2434 *
2435 * Issues the MAC initialize command, sets up some data structures,
2436 * and enables the interrupts. After this function completes, the
2437 * low-level stuff should be ready for any/all commands.
2438 *
2439 * Arguments:
2440 * hw device structure
2441 * Returns:
2442 * 0 success
2443 * >0 f/w reported error - f/w status code
2444 * <0 driver reported error
2445 *
2446 * Side effects:
2447 *
2448 * Call context:
2449 * process
2450 *----------------------------------------------------------------
2451 */
2452 int hfa384x_drvr_start(struct hfa384x *hw)
2453 {
2454 int result, result1, result2;
2455 u16 status;
2456
2457 might_sleep();
2458
2459 /* Clear endpoint stalls - but only do this if the endpoint
2460 * is showing a stall status. Some prism2 cards seem to behave
2461 * badly if a clear_halt is called when the endpoint is already
2462 * ok
2463 */
2464 result =
2465 usb_get_status(hw->usb, USB_RECIP_ENDPOINT, hw->endp_in, &status);
2466 if (result < 0) {
2467 netdev_err(hw->wlandev->netdev, "Cannot get bulk in endpoint status.\n");
2468 goto done;
2469 }
2470 if ((status == 1) && usb_clear_halt(hw->usb, hw->endp_in))
2471 netdev_err(hw->wlandev->netdev, "Failed to reset bulk in endpoint.\n");
2472
2473 result =
2474 usb_get_status(hw->usb, USB_RECIP_ENDPOINT, hw->endp_out, &status);
2475 if (result < 0) {
2476 netdev_err(hw->wlandev->netdev, "Cannot get bulk out endpoint status.\n");
2477 goto done;
2478 }
2479 if ((status == 1) && usb_clear_halt(hw->usb, hw->endp_out))
2480 netdev_err(hw->wlandev->netdev, "Failed to reset bulk out endpoint.\n");
2481
2482 /* Synchronous unlink, in case we're trying to restart the driver */
2483 usb_kill_urb(&hw->rx_urb);
2484
2485 /* Post the IN urb */
2486 result = submit_rx_urb(hw, GFP_KERNEL);
2487 if (result != 0) {
2488 netdev_err(hw->wlandev->netdev,
2489 "Fatal, failed to submit RX URB, result=%d\n",
2490 result);
2491 goto done;
2492 }
2493
2494 /* Call initialize twice, with a 1 second sleep in between.
2495 * This is a nasty work-around since many prism2 cards seem to
2496 * need time to settle after an init from cold. The second
2497 * call to initialize in theory is not necessary - but we call
2498 * it anyway as a double insurance policy:
2499 * 1) If the first init should fail, the second may well succeed
2500 * and the card can still be used
2501 * 2) It helps ensures all is well with the card after the first
2502 * init and settle time.
2503 */
2504 result1 = hfa384x_cmd_initialize(hw);
2505 msleep(1000);
2506 result = hfa384x_cmd_initialize(hw);
2507 result2 = result;
2508 if (result1 != 0) {
2509 if (result2 != 0) {
2510 netdev_err(hw->wlandev->netdev,
2511 "cmd_initialize() failed on two attempts, results %d and %d\n",
2512 result1, result2);
2513 usb_kill_urb(&hw->rx_urb);
2514 goto done;
2515 } else {
2516 pr_debug("First cmd_initialize() failed (result %d),\n",
2517 result1);
2518 pr_debug("but second attempt succeeded. All should be ok\n");
2519 }
2520 } else if (result2 != 0) {
2521 netdev_warn(hw->wlandev->netdev, "First cmd_initialize() succeeded, but second attempt failed (result=%d)\n",
2522 result2);
2523 netdev_warn(hw->wlandev->netdev,
2524 "Most likely the card will be functional\n");
2525 goto done;
2526 }
2527
2528 hw->state = HFA384x_STATE_RUNNING;
2529
2530 done:
2531 return result;
2532 }
2533
2534 /*----------------------------------------------------------------
2535 * hfa384x_drvr_stop
2536 *
2537 * Shuts down the MAC to the point where it is safe to unload the
2538 * driver. Any subsystem that may be holding a data or function
2539 * ptr into the driver must be cleared/deinitialized.
2540 *
2541 * Arguments:
2542 * hw device structure
2543 * Returns:
2544 * 0 success
2545 * >0 f/w reported error - f/w status code
2546 * <0 driver reported error
2547 *
2548 * Side effects:
2549 *
2550 * Call context:
2551 * process
2552 *----------------------------------------------------------------
2553 */
2554 int hfa384x_drvr_stop(struct hfa384x *hw)
2555 {
2556 int i;
2557
2558 might_sleep();
2559
2560 /* There's no need for spinlocks here. The USB "disconnect"
2561 * function sets this "removed" flag and then calls us.
2562 */
2563 if (!hw->wlandev->hwremoved) {
2564 /* Call initialize to leave the MAC in its 'reset' state */
2565 hfa384x_cmd_initialize(hw);
2566
2567 /* Cancel the rxurb */
2568 usb_kill_urb(&hw->rx_urb);
2569 }
2570
2571 hw->link_status = HFA384x_LINK_NOTCONNECTED;
2572 hw->state = HFA384x_STATE_INIT;
2573
2574 del_timer_sync(&hw->commsqual_timer);
2575
2576 /* Clear all the port status */
2577 for (i = 0; i < HFA384x_NUMPORTS_MAX; i++)
2578 hw->port_enabled[i] = 0;
2579
2580 return 0;
2581 }
2582
2583 /*----------------------------------------------------------------
2584 * hfa384x_drvr_txframe
2585 *
2586 * Takes a frame from prism2sta and queues it for transmission.
2587 *
2588 * Arguments:
2589 * hw device structure
2590 * skb packet buffer struct. Contains an 802.11
2591 * data frame.
2592 * p80211_hdr points to the 802.11 header for the packet.
2593 * Returns:
2594 * 0 Success and more buffs available
2595 * 1 Success but no more buffs
2596 * 2 Allocation failure
2597 * 4 Buffer full or queue busy
2598 *
2599 * Side effects:
2600 *
2601 * Call context:
2602 * interrupt
2603 *----------------------------------------------------------------
2604 */
2605 int hfa384x_drvr_txframe(struct hfa384x *hw, struct sk_buff *skb,
2606 union p80211_hdr *p80211_hdr,
2607 struct p80211_metawep *p80211_wep)
2608 {
2609 int usbpktlen = sizeof(struct hfa384x_tx_frame);
2610 int result;
2611 int ret;
2612 char *ptr;
2613
2614 if (hw->tx_urb.status == -EINPROGRESS) {
2615 netdev_warn(hw->wlandev->netdev, "TX URB already in use\n");
2616 result = 3;
2617 goto exit;
2618 }
2619
2620 /* Build Tx frame structure */
2621 /* Set up the control field */
2622 memset(&hw->txbuff.txfrm.desc, 0, sizeof(hw->txbuff.txfrm.desc));
2623
2624 /* Setup the usb type field */
2625 hw->txbuff.type = cpu_to_le16(HFA384x_USB_TXFRM);
2626
2627 /* Set up the sw_support field to identify this frame */
2628 hw->txbuff.txfrm.desc.sw_support = 0x0123;
2629
2630 /* Tx complete and Tx exception disable per dleach. Might be causing
2631 * buf depletion
2632 */
2633 /* #define DOEXC SLP -- doboth breaks horribly under load, doexc less so. */
2634 #if defined(DOBOTH)
2635 hw->txbuff.txfrm.desc.tx_control =
2636 HFA384x_TX_MACPORT_SET(0) | HFA384x_TX_STRUCTYPE_SET(1) |
2637 HFA384x_TX_TXEX_SET(1) | HFA384x_TX_TXOK_SET(1);
2638 #elif defined(DOEXC)
2639 hw->txbuff.txfrm.desc.tx_control =
2640 HFA384x_TX_MACPORT_SET(0) | HFA384x_TX_STRUCTYPE_SET(1) |
2641 HFA384x_TX_TXEX_SET(1) | HFA384x_TX_TXOK_SET(0);
2642 #else
2643 hw->txbuff.txfrm.desc.tx_control =
2644 HFA384x_TX_MACPORT_SET(0) | HFA384x_TX_STRUCTYPE_SET(1) |
2645 HFA384x_TX_TXEX_SET(0) | HFA384x_TX_TXOK_SET(0);
2646 #endif
2647 hw->txbuff.txfrm.desc.tx_control =
2648 cpu_to_le16(hw->txbuff.txfrm.desc.tx_control);
2649
2650 /* copy the header over to the txdesc */
2651 memcpy(&hw->txbuff.txfrm.desc.frame_control, p80211_hdr,
2652 sizeof(union p80211_hdr));
2653
2654 /* if we're using host WEP, increase size by IV+ICV */
2655 if (p80211_wep->data) {
2656 hw->txbuff.txfrm.desc.data_len = cpu_to_le16(skb->len + 8);
2657 usbpktlen += 8;
2658 } else {
2659 hw->txbuff.txfrm.desc.data_len = cpu_to_le16(skb->len);
2660 }
2661
2662 usbpktlen += skb->len;
2663
2664 /* copy over the WEP IV if we are using host WEP */
2665 ptr = hw->txbuff.txfrm.data;
2666 if (p80211_wep->data) {
2667 memcpy(ptr, p80211_wep->iv, sizeof(p80211_wep->iv));
2668 ptr += sizeof(p80211_wep->iv);
2669 memcpy(ptr, p80211_wep->data, skb->len);
2670 } else {
2671 memcpy(ptr, skb->data, skb->len);
2672 }
2673 /* copy over the packet data */
2674 ptr += skb->len;
2675
2676 /* copy over the WEP ICV if we are using host WEP */
2677 if (p80211_wep->data)
2678 memcpy(ptr, p80211_wep->icv, sizeof(p80211_wep->icv));
2679
2680 /* Send the USB packet */
2681 usb_fill_bulk_urb(&hw->tx_urb, hw->usb,
2682 hw->endp_out,
2683 &hw->txbuff, ROUNDUP64(usbpktlen),
2684 hfa384x_usbout_callback, hw->wlandev);
2685 hw->tx_urb.transfer_flags |= USB_QUEUE_BULK;
2686
2687 result = 1;
2688 ret = submit_tx_urb(hw, &hw->tx_urb, GFP_ATOMIC);
2689 if (ret != 0) {
2690 netdev_err(hw->wlandev->netdev,
2691 "submit_tx_urb() failed, error=%d\n", ret);
2692 result = 3;
2693 }
2694
2695 exit:
2696 return result;
2697 }
2698
2699 void hfa384x_tx_timeout(struct wlandevice *wlandev)
2700 {
2701 struct hfa384x *hw = wlandev->priv;
2702 unsigned long flags;
2703
2704 spin_lock_irqsave(&hw->ctlxq.lock, flags);
2705
2706 if (!hw->wlandev->hwremoved) {
2707 int sched;
2708
2709 sched = !test_and_set_bit(WORK_TX_HALT, &hw->usb_flags);
2710 sched |= !test_and_set_bit(WORK_RX_HALT, &hw->usb_flags);
2711 if (sched)
2712 schedule_work(&hw->usb_work);
2713 }
2714
2715 spin_unlock_irqrestore(&hw->ctlxq.lock, flags);
2716 }
2717
2718 /*----------------------------------------------------------------
2719 * hfa384x_usbctlx_reaper_task
2720 *
2721 * Tasklet to delete dead CTLX objects
2722 *
2723 * Arguments:
2724 * data ptr to a struct hfa384x
2725 *
2726 * Returns:
2727 *
2728 * Call context:
2729 * Interrupt
2730 *----------------------------------------------------------------
2731 */
2732 static void hfa384x_usbctlx_reaper_task(unsigned long data)
2733 {
2734 struct hfa384x *hw = (struct hfa384x *)data;
2735 struct hfa384x_usbctlx *ctlx, *temp;
2736 unsigned long flags;
2737
2738 spin_lock_irqsave(&hw->ctlxq.lock, flags);
2739
2740 /* This list is guaranteed to be empty if someone
2741 * has unplugged the adapter.
2742 */
2743 list_for_each_entry_safe(ctlx, temp, &hw->ctlxq.reapable, list) {
2744 list_del(&ctlx->list);
2745 kfree(ctlx);
2746 }
2747
2748 spin_unlock_irqrestore(&hw->ctlxq.lock, flags);
2749 }
2750
2751 /*----------------------------------------------------------------
2752 * hfa384x_usbctlx_completion_task
2753 *
2754 * Tasklet to call completion handlers for returned CTLXs
2755 *
2756 * Arguments:
2757 * data ptr to struct hfa384x
2758 *
2759 * Returns:
2760 * Nothing
2761 *
2762 * Call context:
2763 * Interrupt
2764 *----------------------------------------------------------------
2765 */
2766 static void hfa384x_usbctlx_completion_task(unsigned long data)
2767 {
2768 struct hfa384x *hw = (struct hfa384x *)data;
2769 struct hfa384x_usbctlx *ctlx, *temp;
2770 unsigned long flags;
2771
2772 int reap = 0;
2773
2774 spin_lock_irqsave(&hw->ctlxq.lock, flags);
2775
2776 /* This list is guaranteed to be empty if someone
2777 * has unplugged the adapter ...
2778 */
2779 list_for_each_entry_safe(ctlx, temp, &hw->ctlxq.completing, list) {
2780 /* Call the completion function that this
2781 * command was assigned, assuming it has one.
2782 */
2783 if (ctlx->cmdcb) {
2784 spin_unlock_irqrestore(&hw->ctlxq.lock, flags);
2785 ctlx->cmdcb(hw, ctlx);
2786 spin_lock_irqsave(&hw->ctlxq.lock, flags);
2787
2788 /* Make sure we don't try and complete
2789 * this CTLX more than once!
2790 */
2791 ctlx->cmdcb = NULL;
2792
2793 /* Did someone yank the adapter out
2794 * while our list was (briefly) unlocked?
2795 */
2796 if (hw->wlandev->hwremoved) {
2797 reap = 0;
2798 break;
2799 }
2800 }
2801
2802 /*
2803 * "Reapable" CTLXs are ones which don't have any
2804 * threads waiting for them to die. Hence they must
2805 * be delivered to The Reaper!
2806 */
2807 if (ctlx->reapable) {
2808 /* Move the CTLX off the "completing" list (hopefully)
2809 * on to the "reapable" list where the reaper task
2810 * can find it. And "reapable" means that this CTLX
2811 * isn't sitting on a wait-queue somewhere.
2812 */
2813 list_move_tail(&ctlx->list, &hw->ctlxq.reapable);
2814 reap = 1;
2815 }
2816
2817 complete(&ctlx->done);
2818 }
2819 spin_unlock_irqrestore(&hw->ctlxq.lock, flags);
2820
2821 if (reap)
2822 tasklet_schedule(&hw->reaper_bh);
2823 }
2824
2825 /*----------------------------------------------------------------
2826 * unlocked_usbctlx_cancel_async
2827 *
2828 * Mark the CTLX dead asynchronously, and ensure that the
2829 * next command on the queue is run afterwards.
2830 *
2831 * Arguments:
2832 * hw ptr to the struct hfa384x structure
2833 * ctlx ptr to a CTLX structure
2834 *
2835 * Returns:
2836 * 0 the CTLX's URB is inactive
2837 * -EINPROGRESS the URB is currently being unlinked
2838 *
2839 * Call context:
2840 * Either process or interrupt, but presumably interrupt
2841 *----------------------------------------------------------------
2842 */
2843 static int unlocked_usbctlx_cancel_async(struct hfa384x *hw,
2844 struct hfa384x_usbctlx *ctlx)
2845 {
2846 int ret;
2847
2848 /*
2849 * Try to delete the URB containing our request packet.
2850 * If we succeed, then its completion handler will be
2851 * called with a status of -ECONNRESET.
2852 */
2853 hw->ctlx_urb.transfer_flags |= URB_ASYNC_UNLINK;
2854 ret = usb_unlink_urb(&hw->ctlx_urb);
2855
2856 if (ret != -EINPROGRESS) {
2857 /*
2858 * The OUT URB had either already completed
2859 * or was still in the pending queue, so the
2860 * URB's completion function will not be called.
2861 * We will have to complete the CTLX ourselves.
2862 */
2863 ctlx->state = CTLX_REQ_FAILED;
2864 unlocked_usbctlx_complete(hw, ctlx);
2865 ret = 0;
2866 }
2867
2868 return ret;
2869 }
2870
2871 /*----------------------------------------------------------------
2872 * unlocked_usbctlx_complete
2873 *
2874 * A CTLX has completed. It may have been successful, it may not
2875 * have been. At this point, the CTLX should be quiescent. The URBs
2876 * aren't active and the timers should have been stopped.
2877 *
2878 * The CTLX is migrated to the "completing" queue, and the completing
2879 * tasklet is scheduled.
2880 *
2881 * Arguments:
2882 * hw ptr to a struct hfa384x structure
2883 * ctlx ptr to a ctlx structure
2884 *
2885 * Returns:
2886 * nothing
2887 *
2888 * Side effects:
2889 *
2890 * Call context:
2891 * Either, assume interrupt
2892 *----------------------------------------------------------------
2893 */
2894 static void unlocked_usbctlx_complete(struct hfa384x *hw,
2895 struct hfa384x_usbctlx *ctlx)
2896 {
2897 /* Timers have been stopped, and ctlx should be in
2898 * a terminal state. Retire it from the "active"
2899 * queue.
2900 */
2901 list_move_tail(&ctlx->list, &hw->ctlxq.completing);
2902 tasklet_schedule(&hw->completion_bh);
2903
2904 switch (ctlx->state) {
2905 case CTLX_COMPLETE:
2906 case CTLX_REQ_FAILED:
2907 /* This are the correct terminating states. */
2908 break;
2909
2910 default:
2911 netdev_err(hw->wlandev->netdev, "CTLX[%d] not in a terminating state(%s)\n",
2912 le16_to_cpu(ctlx->outbuf.type),
2913 ctlxstr(ctlx->state));
2914 break;
2915 } /* switch */
2916 }
2917
2918 /*----------------------------------------------------------------
2919 * hfa384x_usbctlxq_run
2920 *
2921 * Checks to see if the head item is running. If not, starts it.
2922 *
2923 * Arguments:
2924 * hw ptr to struct hfa384x
2925 *
2926 * Returns:
2927 * nothing
2928 *
2929 * Side effects:
2930 *
2931 * Call context:
2932 * any
2933 *----------------------------------------------------------------
2934 */
2935 static void hfa384x_usbctlxq_run(struct hfa384x *hw)
2936 {
2937 unsigned long flags;
2938
2939 /* acquire lock */
2940 spin_lock_irqsave(&hw->ctlxq.lock, flags);
2941
2942 /* Only one active CTLX at any one time, because there's no
2943 * other (reliable) way to match the response URB to the
2944 * correct CTLX.
2945 *
2946 * Don't touch any of these CTLXs if the hardware
2947 * has been removed or the USB subsystem is stalled.
2948 */
2949 if (!list_empty(&hw->ctlxq.active) ||
2950 test_bit(WORK_TX_HALT, &hw->usb_flags) || hw->wlandev->hwremoved)
2951 goto unlock;
2952
2953 while (!list_empty(&hw->ctlxq.pending)) {
2954 struct hfa384x_usbctlx *head;
2955 int result;
2956
2957 /* This is the first pending command */
2958 head = list_entry(hw->ctlxq.pending.next,
2959 struct hfa384x_usbctlx, list);
2960
2961 /* We need to split this off to avoid a race condition */
2962 list_move_tail(&head->list, &hw->ctlxq.active);
2963
2964 /* Fill the out packet */
2965 usb_fill_bulk_urb(&hw->ctlx_urb, hw->usb,
2966 hw->endp_out,
2967 &head->outbuf, ROUNDUP64(head->outbufsize),
2968 hfa384x_ctlxout_callback, hw);
2969 hw->ctlx_urb.transfer_flags |= USB_QUEUE_BULK;
2970
2971 /* Now submit the URB and update the CTLX's state */
2972 result = usb_submit_urb(&hw->ctlx_urb, GFP_ATOMIC);
2973 if (result == 0) {
2974 /* This CTLX is now running on the active queue */
2975 head->state = CTLX_REQ_SUBMITTED;
2976
2977 /* Start the OUT wait timer */
2978 hw->req_timer_done = 0;
2979 hw->reqtimer.expires = jiffies + HZ;
2980 add_timer(&hw->reqtimer);
2981
2982 /* Start the IN wait timer */
2983 hw->resp_timer_done = 0;
2984 hw->resptimer.expires = jiffies + 2 * HZ;
2985 add_timer(&hw->resptimer);
2986
2987 break;
2988 }
2989
2990 if (result == -EPIPE) {
2991 /* The OUT pipe needs resetting, so put
2992 * this CTLX back in the "pending" queue
2993 * and schedule a reset ...
2994 */
2995 netdev_warn(hw->wlandev->netdev,
2996 "%s tx pipe stalled: requesting reset\n",
2997 hw->wlandev->netdev->name);
2998 list_move(&head->list, &hw->ctlxq.pending);
2999 set_bit(WORK_TX_HALT, &hw->usb_flags);
3000 schedule_work(&hw->usb_work);
3001 break;
3002 }
3003
3004 if (result == -ESHUTDOWN) {
3005 netdev_warn(hw->wlandev->netdev, "%s urb shutdown!\n",
3006 hw->wlandev->netdev->name);
3007 break;
3008 }
3009
3010 netdev_err(hw->wlandev->netdev, "Failed to submit CTLX[%d]: error=%d\n",
3011 le16_to_cpu(head->outbuf.type), result);
3012 unlocked_usbctlx_complete(hw, head);
3013 } /* while */
3014
3015 unlock:
3016 spin_unlock_irqrestore(&hw->ctlxq.lock, flags);
3017 }
3018
3019 /*----------------------------------------------------------------
3020 * hfa384x_usbin_callback
3021 *
3022 * Callback for URBs on the BULKIN endpoint.
3023 *
3024 * Arguments:
3025 * urb ptr to the completed urb
3026 *
3027 * Returns:
3028 * nothing
3029 *
3030 * Side effects:
3031 *
3032 * Call context:
3033 * interrupt
3034 *----------------------------------------------------------------
3035 */
3036 static void hfa384x_usbin_callback(struct urb *urb)
3037 {
3038 struct wlandevice *wlandev = urb->context;
3039 struct hfa384x *hw;
3040 union hfa384x_usbin *usbin;
3041 struct sk_buff *skb = NULL;
3042 int result;
3043 int urb_status;
3044 u16 type;
3045
3046 enum USBIN_ACTION {
3047 HANDLE,
3048 RESUBMIT,
3049 ABORT
3050 } action;
3051
3052 if (!wlandev || !wlandev->netdev || wlandev->hwremoved)
3053 goto exit;
3054
3055 hw = wlandev->priv;
3056 if (!hw)
3057 goto exit;
3058
3059 skb = hw->rx_urb_skb;
3060 if (!skb || (skb->data != urb->transfer_buffer)) {
3061 WARN_ON(1);
3062 return;
3063 }
3064
3065 hw->rx_urb_skb = NULL;
3066
3067 /* Check for error conditions within the URB */
3068 switch (urb->status) {
3069 case 0:
3070 action = HANDLE;
3071
3072 /* Check for short packet */
3073 if (urb->actual_length == 0) {
3074 wlandev->netdev->stats.rx_errors++;
3075 wlandev->netdev->stats.rx_length_errors++;
3076 action = RESUBMIT;
3077 }
3078 break;
3079
3080 case -EPIPE:
3081 netdev_warn(hw->wlandev->netdev, "%s rx pipe stalled: requesting reset\n",
3082 wlandev->netdev->name);
3083 if (!test_and_set_bit(WORK_RX_HALT, &hw->usb_flags))
3084 schedule_work(&hw->usb_work);
3085 wlandev->netdev->stats.rx_errors++;
3086 action = ABORT;
3087 break;
3088
3089 case -EILSEQ:
3090 case -ETIMEDOUT:
3091 case -EPROTO:
3092 if (!test_and_set_bit(THROTTLE_RX, &hw->usb_flags) &&
3093 !timer_pending(&hw->throttle)) {
3094 mod_timer(&hw->throttle, jiffies + THROTTLE_JIFFIES);
3095 }
3096 wlandev->netdev->stats.rx_errors++;
3097 action = ABORT;
3098 break;
3099
3100 case -EOVERFLOW:
3101 wlandev->netdev->stats.rx_over_errors++;
3102 action = RESUBMIT;
3103 break;
3104
3105 case -ENODEV:
3106 case -ESHUTDOWN:
3107 pr_debug("status=%d, device removed.\n", urb->status);
3108 action = ABORT;
3109 break;
3110
3111 case -ENOENT:
3112 case -ECONNRESET:
3113 pr_debug("status=%d, urb explicitly unlinked.\n", urb->status);
3114 action = ABORT;
3115 break;
3116
3117 default:
3118 pr_debug("urb status=%d, transfer flags=0x%x\n",
3119 urb->status, urb->transfer_flags);
3120 wlandev->netdev->stats.rx_errors++;
3121 action = RESUBMIT;
3122 break;
3123 }
3124
3125 urb_status = urb->status;
3126
3127 if (action != ABORT) {
3128 /* Repost the RX URB */
3129 result = submit_rx_urb(hw, GFP_ATOMIC);
3130
3131 if (result != 0) {
3132 netdev_err(hw->wlandev->netdev,
3133 "Fatal, failed to resubmit rx_urb. error=%d\n",
3134 result);
3135 }
3136 }
3137
3138 /* Handle any USB-IN packet */
3139 /* Note: the check of the sw_support field, the type field doesn't
3140 * have bit 12 set like the docs suggest.
3141 */
3142 usbin = (union hfa384x_usbin *)urb->transfer_buffer;
3143 type = le16_to_cpu(usbin->type);
3144 if (HFA384x_USB_ISRXFRM(type)) {
3145 if (action == HANDLE) {
3146 if (usbin->txfrm.desc.sw_support == 0x0123) {
3147 hfa384x_usbin_txcompl(wlandev, usbin);
3148 } else {
3149 skb_put(skb, sizeof(*usbin));
3150 hfa384x_usbin_rx(wlandev, skb);
3151 skb = NULL;
3152 }
3153 }
3154 goto exit;
3155 }
3156 if (HFA384x_USB_ISTXFRM(type)) {
3157 if (action == HANDLE)
3158 hfa384x_usbin_txcompl(wlandev, usbin);
3159 goto exit;
3160 }
3161 switch (type) {
3162 case HFA384x_USB_INFOFRM:
3163 if (action == ABORT)
3164 goto exit;
3165 if (action == HANDLE)
3166 hfa384x_usbin_info(wlandev, usbin);
3167 break;
3168
3169 case HFA384x_USB_CMDRESP:
3170 case HFA384x_USB_WRIDRESP:
3171 case HFA384x_USB_RRIDRESP:
3172 case HFA384x_USB_WMEMRESP:
3173 case HFA384x_USB_RMEMRESP:
3174 /* ALWAYS, ALWAYS, ALWAYS handle this CTLX!!!! */
3175 hfa384x_usbin_ctlx(hw, usbin, urb_status);
3176 break;
3177
3178 case HFA384x_USB_BUFAVAIL:
3179 pr_debug("Received BUFAVAIL packet, frmlen=%d\n",
3180 usbin->bufavail.frmlen);
3181 break;
3182
3183 case HFA384x_USB_ERROR:
3184 pr_debug("Received USB_ERROR packet, errortype=%d\n",
3185 usbin->usberror.errortype);
3186 break;
3187
3188 default:
3189 pr_debug("Unrecognized USBIN packet, type=%x, status=%d\n",
3190 usbin->type, urb_status);
3191 break;
3192 } /* switch */
3193
3194 exit:
3195
3196 if (skb)
3197 dev_kfree_skb(skb);
3198 }
3199
3200 /*----------------------------------------------------------------
3201 * hfa384x_usbin_ctlx
3202 *
3203 * We've received a URB containing a Prism2 "response" message.
3204 * This message needs to be matched up with a CTLX on the active
3205 * queue and our state updated accordingly.
3206 *
3207 * Arguments:
3208 * hw ptr to struct hfa384x
3209 * usbin ptr to USB IN packet
3210 * urb_status status of this Bulk-In URB
3211 *
3212 * Returns:
3213 * nothing
3214 *
3215 * Side effects:
3216 *
3217 * Call context:
3218 * interrupt
3219 *----------------------------------------------------------------
3220 */
3221 static void hfa384x_usbin_ctlx(struct hfa384x *hw, union hfa384x_usbin *usbin,
3222 int urb_status)
3223 {
3224 struct hfa384x_usbctlx *ctlx;
3225 int run_queue = 0;
3226 unsigned long flags;
3227
3228 retry:
3229 spin_lock_irqsave(&hw->ctlxq.lock, flags);
3230
3231 /* There can be only one CTLX on the active queue
3232 * at any one time, and this is the CTLX that the
3233 * timers are waiting for.
3234 */
3235 if (list_empty(&hw->ctlxq.active))
3236 goto unlock;
3237
3238 /* Remove the "response timeout". It's possible that
3239 * we are already too late, and that the timeout is
3240 * already running. And that's just too bad for us,
3241 * because we could lose our CTLX from the active
3242 * queue here ...
3243 */
3244 if (del_timer(&hw->resptimer) == 0) {
3245 if (hw->resp_timer_done == 0) {
3246 spin_unlock_irqrestore(&hw->ctlxq.lock, flags);
3247 goto retry;
3248 }
3249 } else {
3250 hw->resp_timer_done = 1;
3251 }
3252
3253 ctlx = get_active_ctlx(hw);
3254
3255 if (urb_status != 0) {
3256 /*
3257 * Bad CTLX, so get rid of it. But we only
3258 * remove it from the active queue if we're no
3259 * longer expecting the OUT URB to complete.
3260 */
3261 if (unlocked_usbctlx_cancel_async(hw, ctlx) == 0)
3262 run_queue = 1;
3263 } else {
3264 const __le16 intype = (usbin->type & ~cpu_to_le16(0x8000));
3265
3266 /*
3267 * Check that our message is what we're expecting ...
3268 */
3269 if (ctlx->outbuf.type != intype) {
3270 netdev_warn(hw->wlandev->netdev,
3271 "Expected IN[%d], received IN[%d] - ignored.\n",
3272 le16_to_cpu(ctlx->outbuf.type),
3273 le16_to_cpu(intype));
3274 goto unlock;
3275 }
3276
3277 /* This URB has succeeded, so grab the data ... */
3278 memcpy(&ctlx->inbuf, usbin, sizeof(ctlx->inbuf));
3279
3280 switch (ctlx->state) {
3281 case CTLX_REQ_SUBMITTED:
3282 /*
3283 * We have received our response URB before
3284 * our request has been acknowledged. Odd,
3285 * but our OUT URB is still alive...
3286 */
3287 pr_debug("Causality violation: please reboot Universe\n");
3288 ctlx->state = CTLX_RESP_COMPLETE;
3289 break;
3290
3291 case CTLX_REQ_COMPLETE:
3292 /*
3293 * This is the usual path: our request
3294 * has already been acknowledged, and
3295 * now we have received the reply too.
3296 */
3297 ctlx->state = CTLX_COMPLETE;
3298 unlocked_usbctlx_complete(hw, ctlx);
3299 run_queue = 1;
3300 break;
3301
3302 default:
3303 /*
3304 * Throw this CTLX away ...
3305 */
3306 netdev_err(hw->wlandev->netdev,
3307 "Matched IN URB, CTLX[%d] in invalid state(%s). Discarded.\n",
3308 le16_to_cpu(ctlx->outbuf.type),
3309 ctlxstr(ctlx->state));
3310 if (unlocked_usbctlx_cancel_async(hw, ctlx) == 0)
3311 run_queue = 1;
3312 break;
3313 } /* switch */
3314 }
3315
3316 unlock:
3317 spin_unlock_irqrestore(&hw->ctlxq.lock, flags);
3318
3319 if (run_queue)
3320 hfa384x_usbctlxq_run(hw);
3321 }
3322
3323 /*----------------------------------------------------------------
3324 * hfa384x_usbin_txcompl
3325 *
3326 * At this point we have the results of a previous transmit.
3327 *
3328 * Arguments:
3329 * wlandev wlan device
3330 * usbin ptr to the usb transfer buffer
3331 *
3332 * Returns:
3333 * nothing
3334 *
3335 * Side effects:
3336 *
3337 * Call context:
3338 * interrupt
3339 *----------------------------------------------------------------
3340 */
3341 static void hfa384x_usbin_txcompl(struct wlandevice *wlandev,
3342 union hfa384x_usbin *usbin)
3343 {
3344 u16 status;
3345
3346 status = le16_to_cpu(usbin->type); /* yeah I know it says type... */
3347
3348 /* Was there an error? */
3349 if (HFA384x_TXSTATUS_ISERROR(status))
3350 prism2sta_ev_txexc(wlandev, status);
3351 else
3352 prism2sta_ev_tx(wlandev, status);
3353 }
3354
3355 /*----------------------------------------------------------------
3356 * hfa384x_usbin_rx
3357 *
3358 * At this point we have a successful received a rx frame packet.
3359 *
3360 * Arguments:
3361 * wlandev wlan device
3362 * usbin ptr to the usb transfer buffer
3363 *
3364 * Returns:
3365 * nothing
3366 *
3367 * Side effects:
3368 *
3369 * Call context:
3370 * interrupt
3371 *----------------------------------------------------------------
3372 */
3373 static void hfa384x_usbin_rx(struct wlandevice *wlandev, struct sk_buff *skb)
3374 {
3375 union hfa384x_usbin *usbin = (union hfa384x_usbin *)skb->data;
3376 struct hfa384x *hw = wlandev->priv;
3377 int hdrlen;
3378 struct p80211_rxmeta *rxmeta;
3379 u16 data_len;
3380 u16 fc;
3381
3382 /* Byte order convert once up front. */
3383 usbin->rxfrm.desc.status = le16_to_cpu(usbin->rxfrm.desc.status);
3384 usbin->rxfrm.desc.time = le32_to_cpu(usbin->rxfrm.desc.time);
3385
3386 /* Now handle frame based on port# */
3387 switch (HFA384x_RXSTATUS_MACPORT_GET(usbin->rxfrm.desc.status)) {
3388 case 0:
3389 fc = le16_to_cpu(usbin->rxfrm.desc.frame_control);
3390
3391 /* If exclude and we receive an unencrypted, drop it */
3392 if ((wlandev->hostwep & HOSTWEP_EXCLUDEUNENCRYPTED) &&
3393 !WLAN_GET_FC_ISWEP(fc)) {
3394 break;
3395 }
3396
3397 data_len = le16_to_cpu(usbin->rxfrm.desc.data_len);
3398
3399 /* How much header data do we have? */
3400 hdrlen = p80211_headerlen(fc);
3401
3402 /* Pull off the descriptor */
3403 skb_pull(skb, sizeof(struct hfa384x_rx_frame));
3404
3405 /* Now shunt the header block up against the data block
3406 * with an "overlapping" copy
3407 */
3408 memmove(skb_push(skb, hdrlen),
3409 &usbin->rxfrm.desc.frame_control, hdrlen);
3410
3411 skb->dev = wlandev->netdev;
3412
3413 /* And set the frame length properly */
3414 skb_trim(skb, data_len + hdrlen);
3415
3416 /* The prism2 series does not return the CRC */
3417 memset(skb_put(skb, WLAN_CRC_LEN), 0xff, WLAN_CRC_LEN);
3418
3419 skb_reset_mac_header(skb);
3420
3421 /* Attach the rxmeta, set some stuff */
3422 p80211skb_rxmeta_attach(wlandev, skb);
3423 rxmeta = P80211SKB_RXMETA(skb);
3424 rxmeta->mactime = usbin->rxfrm.desc.time;
3425 rxmeta->rxrate = usbin->rxfrm.desc.rate;
3426 rxmeta->signal = usbin->rxfrm.desc.signal - hw->dbmadjust;
3427 rxmeta->noise = usbin->rxfrm.desc.silence - hw->dbmadjust;
3428
3429 p80211netdev_rx(wlandev, skb);
3430
3431 break;
3432
3433 case 7:
3434 if (!HFA384x_RXSTATUS_ISFCSERR(usbin->rxfrm.desc.status)) {
3435 /* Copy to wlansnif skb */
3436 hfa384x_int_rxmonitor(wlandev, &usbin->rxfrm);
3437 dev_kfree_skb(skb);
3438 } else {
3439 pr_debug("Received monitor frame: FCSerr set\n");
3440 }
3441 break;
3442
3443 default:
3444 netdev_warn(hw->wlandev->netdev, "Received frame on unsupported port=%d\n",
3445 HFA384x_RXSTATUS_MACPORT_GET(
3446 usbin->rxfrm.desc.status));
3447 break;
3448 }
3449 }
3450
3451 /*----------------------------------------------------------------
3452 * hfa384x_int_rxmonitor
3453 *
3454 * Helper function for int_rx. Handles monitor frames.
3455 * Note that this function allocates space for the FCS and sets it
3456 * to 0xffffffff. The hfa384x doesn't give us the FCS value but the
3457 * higher layers expect it. 0xffffffff is used as a flag to indicate
3458 * the FCS is bogus.
3459 *
3460 * Arguments:
3461 * wlandev wlan device structure
3462 * rxfrm rx descriptor read from card in int_rx
3463 *
3464 * Returns:
3465 * nothing
3466 *
3467 * Side effects:
3468 * Allocates an skb and passes it up via the PF_PACKET interface.
3469 * Call context:
3470 * interrupt
3471 *----------------------------------------------------------------
3472 */
3473 static void hfa384x_int_rxmonitor(struct wlandevice *wlandev,
3474 struct hfa384x_usb_rxfrm *rxfrm)
3475 {
3476 struct hfa384x_rx_frame *rxdesc = &rxfrm->desc;
3477 unsigned int hdrlen = 0;
3478 unsigned int datalen = 0;
3479 unsigned int skblen = 0;
3480 u8 *datap;
3481 u16 fc;
3482 struct sk_buff *skb;
3483 struct hfa384x *hw = wlandev->priv;
3484
3485 /* Remember the status, time, and data_len fields are in host order */
3486 /* Figure out how big the frame is */
3487 fc = le16_to_cpu(rxdesc->frame_control);
3488 hdrlen = p80211_headerlen(fc);
3489 datalen = le16_to_cpu(rxdesc->data_len);
3490
3491 /* Allocate an ind message+framesize skb */
3492 skblen = sizeof(struct p80211_caphdr) + hdrlen + datalen + WLAN_CRC_LEN;
3493
3494 /* sanity check the length */
3495 if (skblen >
3496 (sizeof(struct p80211_caphdr) +
3497 WLAN_HDR_A4_LEN + WLAN_DATA_MAXLEN + WLAN_CRC_LEN)) {
3498 pr_debug("overlen frm: len=%zd\n",
3499 skblen - sizeof(struct p80211_caphdr));
3500 }
3501
3502 skb = dev_alloc_skb(skblen);
3503 if (!skb)
3504 return;
3505
3506 /* only prepend the prism header if in the right mode */
3507 if ((wlandev->netdev->type == ARPHRD_IEEE80211_PRISM) &&
3508 (hw->sniffhdr != 0)) {
3509 struct p80211_caphdr *caphdr;
3510 /* The NEW header format! */
3511 datap = skb_put(skb, sizeof(struct p80211_caphdr));
3512 caphdr = (struct p80211_caphdr *)datap;
3513
3514 caphdr->version = htonl(P80211CAPTURE_VERSION);
3515 caphdr->length = htonl(sizeof(struct p80211_caphdr));
3516 caphdr->mactime = __cpu_to_be64(rxdesc->time) * 1000;
3517 caphdr->hosttime = __cpu_to_be64(jiffies);
3518 caphdr->phytype = htonl(4); /* dss_dot11_b */
3519 caphdr->channel = htonl(hw->sniff_channel);
3520 caphdr->datarate = htonl(rxdesc->rate);
3521 caphdr->antenna = htonl(0); /* unknown */
3522 caphdr->priority = htonl(0); /* unknown */
3523 caphdr->ssi_type = htonl(3); /* rssi_raw */
3524 caphdr->ssi_signal = htonl(rxdesc->signal);
3525 caphdr->ssi_noise = htonl(rxdesc->silence);
3526 caphdr->preamble = htonl(0); /* unknown */
3527 caphdr->encoding = htonl(1); /* cck */
3528 }
3529
3530 /* Copy the 802.11 header to the skb
3531 * (ctl frames may be less than a full header)
3532 */
3533 datap = skb_put(skb, hdrlen);
3534 memcpy(datap, &rxdesc->frame_control, hdrlen);
3535
3536 /* If any, copy the data from the card to the skb */
3537 if (datalen > 0) {
3538 datap = skb_put(skb, datalen);
3539 memcpy(datap, rxfrm->data, datalen);
3540
3541 /* check for unencrypted stuff if WEP bit set. */
3542 if (*(datap - hdrlen + 1) & 0x40) /* wep set */
3543 if ((*(datap) == 0xaa) && (*(datap + 1) == 0xaa))
3544 /* clear wep; it's the 802.2 header! */
3545 *(datap - hdrlen + 1) &= 0xbf;
3546 }
3547
3548 if (hw->sniff_fcs) {
3549 /* Set the FCS */
3550 datap = skb_put(skb, WLAN_CRC_LEN);
3551 memset(datap, 0xff, WLAN_CRC_LEN);
3552 }
3553
3554 /* pass it back up */
3555 p80211netdev_rx(wlandev, skb);
3556 }
3557
3558 /*----------------------------------------------------------------
3559 * hfa384x_usbin_info
3560 *
3561 * At this point we have a successful received a Prism2 info frame.
3562 *
3563 * Arguments:
3564 * wlandev wlan device
3565 * usbin ptr to the usb transfer buffer
3566 *
3567 * Returns:
3568 * nothing
3569 *
3570 * Side effects:
3571 *
3572 * Call context:
3573 * interrupt
3574 *----------------------------------------------------------------
3575 */
3576 static void hfa384x_usbin_info(struct wlandevice *wlandev,
3577 union hfa384x_usbin *usbin)
3578 {
3579 usbin->infofrm.info.framelen =
3580 le16_to_cpu(usbin->infofrm.info.framelen);
3581 prism2sta_ev_info(wlandev, &usbin->infofrm.info);
3582 }
3583
3584 /*----------------------------------------------------------------
3585 * hfa384x_usbout_callback
3586 *
3587 * Callback for URBs on the BULKOUT endpoint.
3588 *
3589 * Arguments:
3590 * urb ptr to the completed urb
3591 *
3592 * Returns:
3593 * nothing
3594 *
3595 * Side effects:
3596 *
3597 * Call context:
3598 * interrupt
3599 *----------------------------------------------------------------
3600 */
3601 static void hfa384x_usbout_callback(struct urb *urb)
3602 {
3603 struct wlandevice *wlandev = urb->context;
3604
3605 #ifdef DEBUG_USB
3606 dbprint_urb(urb);
3607 #endif
3608
3609 if (wlandev && wlandev->netdev) {
3610 switch (urb->status) {
3611 case 0:
3612 prism2sta_ev_alloc(wlandev);
3613 break;
3614
3615 case -EPIPE:
3616 {
3617 struct hfa384x *hw = wlandev->priv;
3618
3619 netdev_warn(hw->wlandev->netdev,
3620 "%s tx pipe stalled: requesting reset\n",
3621 wlandev->netdev->name);
3622 if (!test_and_set_bit
3623 (WORK_TX_HALT, &hw->usb_flags))
3624 schedule_work(&hw->usb_work);
3625 wlandev->netdev->stats.tx_errors++;
3626 break;
3627 }
3628
3629 case -EPROTO:
3630 case -ETIMEDOUT:
3631 case -EILSEQ:
3632 {
3633 struct hfa384x *hw = wlandev->priv;
3634
3635 if (!test_and_set_bit
3636 (THROTTLE_TX, &hw->usb_flags) &&
3637 !timer_pending(&hw->throttle)) {
3638 mod_timer(&hw->throttle,
3639 jiffies + THROTTLE_JIFFIES);
3640 }
3641 wlandev->netdev->stats.tx_errors++;
3642 netif_stop_queue(wlandev->netdev);
3643 break;
3644 }
3645
3646 case -ENOENT:
3647 case -ESHUTDOWN:
3648 /* Ignorable errors */
3649 break;
3650
3651 default:
3652 netdev_info(wlandev->netdev, "unknown urb->status=%d\n",
3653 urb->status);
3654 wlandev->netdev->stats.tx_errors++;
3655 break;
3656 } /* switch */
3657 }
3658 }
3659
3660 /*----------------------------------------------------------------
3661 * hfa384x_ctlxout_callback
3662 *
3663 * Callback for control data on the BULKOUT endpoint.
3664 *
3665 * Arguments:
3666 * urb ptr to the completed urb
3667 *
3668 * Returns:
3669 * nothing
3670 *
3671 * Side effects:
3672 *
3673 * Call context:
3674 * interrupt
3675 *----------------------------------------------------------------
3676 */
3677 static void hfa384x_ctlxout_callback(struct urb *urb)
3678 {
3679 struct hfa384x *hw = urb->context;
3680 int delete_resptimer = 0;
3681 int timer_ok = 1;
3682 int run_queue = 0;
3683 struct hfa384x_usbctlx *ctlx;
3684 unsigned long flags;
3685
3686 pr_debug("urb->status=%d\n", urb->status);
3687 #ifdef DEBUG_USB
3688 dbprint_urb(urb);
3689 #endif
3690 if ((urb->status == -ESHUTDOWN) ||
3691 (urb->status == -ENODEV) || !hw)
3692 return;
3693
3694 retry:
3695 spin_lock_irqsave(&hw->ctlxq.lock, flags);
3696
3697 /*
3698 * Only one CTLX at a time on the "active" list, and
3699 * none at all if we are unplugged. However, we can
3700 * rely on the disconnect function to clean everything
3701 * up if someone unplugged the adapter.
3702 */
3703 if (list_empty(&hw->ctlxq.active)) {
3704 spin_unlock_irqrestore(&hw->ctlxq.lock, flags);
3705 return;
3706 }
3707
3708 /*
3709 * Having something on the "active" queue means
3710 * that we have timers to worry about ...
3711 */
3712 if (del_timer(&hw->reqtimer) == 0) {
3713 if (hw->req_timer_done == 0) {
3714 /*
3715 * This timer was actually running while we
3716 * were trying to delete it. Let it terminate
3717 * gracefully instead.
3718 */
3719 spin_unlock_irqrestore(&hw->ctlxq.lock, flags);
3720 goto retry;
3721 }
3722 } else {
3723 hw->req_timer_done = 1;
3724 }
3725
3726 ctlx = get_active_ctlx(hw);
3727
3728 if (urb->status == 0) {
3729 /* Request portion of a CTLX is successful */
3730 switch (ctlx->state) {
3731 case CTLX_REQ_SUBMITTED:
3732 /* This OUT-ACK received before IN */
3733 ctlx->state = CTLX_REQ_COMPLETE;
3734 break;
3735
3736 case CTLX_RESP_COMPLETE:
3737 /* IN already received before this OUT-ACK,
3738 * so this command must now be complete.
3739 */
3740 ctlx->state = CTLX_COMPLETE;
3741 unlocked_usbctlx_complete(hw, ctlx);
3742 run_queue = 1;
3743 break;
3744
3745 default:
3746 /* This is NOT a valid CTLX "success" state! */
3747 netdev_err(hw->wlandev->netdev,
3748 "Illegal CTLX[%d] success state(%s, %d) in OUT URB\n",
3749 le16_to_cpu(ctlx->outbuf.type),
3750 ctlxstr(ctlx->state), urb->status);
3751 break;
3752 } /* switch */
3753 } else {
3754 /* If the pipe has stalled then we need to reset it */
3755 if ((urb->status == -EPIPE) &&
3756 !test_and_set_bit(WORK_TX_HALT, &hw->usb_flags)) {
3757 netdev_warn(hw->wlandev->netdev,
3758 "%s tx pipe stalled: requesting reset\n",
3759 hw->wlandev->netdev->name);
3760 schedule_work(&hw->usb_work);
3761 }
3762
3763 /* If someone cancels the OUT URB then its status
3764 * should be either -ECONNRESET or -ENOENT.
3765 */
3766 ctlx->state = CTLX_REQ_FAILED;
3767 unlocked_usbctlx_complete(hw, ctlx);
3768 delete_resptimer = 1;
3769 run_queue = 1;
3770 }
3771
3772 delresp:
3773 if (delete_resptimer) {
3774 timer_ok = del_timer(&hw->resptimer);
3775 if (timer_ok != 0)
3776 hw->resp_timer_done = 1;
3777 }
3778
3779 spin_unlock_irqrestore(&hw->ctlxq.lock, flags);
3780
3781 if (!timer_ok && (hw->resp_timer_done == 0)) {
3782 spin_lock_irqsave(&hw->ctlxq.lock, flags);
3783 goto delresp;
3784 }
3785
3786 if (run_queue)
3787 hfa384x_usbctlxq_run(hw);
3788 }
3789
3790 /*----------------------------------------------------------------
3791 * hfa384x_usbctlx_reqtimerfn
3792 *
3793 * Timer response function for CTLX request timeouts. If this
3794 * function is called, it means that the callback for the OUT
3795 * URB containing a Prism2.x XXX_Request was never called.
3796 *
3797 * Arguments:
3798 * data a ptr to the struct hfa384x
3799 *
3800 * Returns:
3801 * nothing
3802 *
3803 * Side effects:
3804 *
3805 * Call context:
3806 * interrupt
3807 *----------------------------------------------------------------
3808 */
3809 static void hfa384x_usbctlx_reqtimerfn(unsigned long data)
3810 {
3811 struct hfa384x *hw = (struct hfa384x *)data;
3812 unsigned long flags;
3813
3814 spin_lock_irqsave(&hw->ctlxq.lock, flags);
3815
3816 hw->req_timer_done = 1;
3817
3818 /* Removing the hardware automatically empties
3819 * the active list ...
3820 */
3821 if (!list_empty(&hw->ctlxq.active)) {
3822 /*
3823 * We must ensure that our URB is removed from
3824 * the system, if it hasn't already expired.
3825 */
3826 hw->ctlx_urb.transfer_flags |= URB_ASYNC_UNLINK;
3827 if (usb_unlink_urb(&hw->ctlx_urb) == -EINPROGRESS) {
3828 struct hfa384x_usbctlx *ctlx = get_active_ctlx(hw);
3829
3830 ctlx->state = CTLX_REQ_FAILED;
3831
3832 /* This URB was active, but has now been
3833 * cancelled. It will now have a status of
3834 * -ECONNRESET in the callback function.
3835 *
3836 * We are cancelling this CTLX, so we're
3837 * not going to need to wait for a response.
3838 * The URB's callback function will check
3839 * that this timer is truly dead.
3840 */
3841 if (del_timer(&hw->resptimer) != 0)
3842 hw->resp_timer_done = 1;
3843 }
3844 }
3845
3846 spin_unlock_irqrestore(&hw->ctlxq.lock, flags);
3847 }
3848
3849 /*----------------------------------------------------------------
3850 * hfa384x_usbctlx_resptimerfn
3851 *
3852 * Timer response function for CTLX response timeouts. If this
3853 * function is called, it means that the callback for the IN
3854 * URB containing a Prism2.x XXX_Response was never called.
3855 *
3856 * Arguments:
3857 * data a ptr to the struct hfa384x
3858 *
3859 * Returns:
3860 * nothing
3861 *
3862 * Side effects:
3863 *
3864 * Call context:
3865 * interrupt
3866 *----------------------------------------------------------------
3867 */
3868 static void hfa384x_usbctlx_resptimerfn(unsigned long data)
3869 {
3870 struct hfa384x *hw = (struct hfa384x *)data;
3871 unsigned long flags;
3872
3873 spin_lock_irqsave(&hw->ctlxq.lock, flags);
3874
3875 hw->resp_timer_done = 1;
3876
3877 /* The active list will be empty if the
3878 * adapter has been unplugged ...
3879 */
3880 if (!list_empty(&hw->ctlxq.active)) {
3881 struct hfa384x_usbctlx *ctlx = get_active_ctlx(hw);
3882
3883 if (unlocked_usbctlx_cancel_async(hw, ctlx) == 0) {
3884 spin_unlock_irqrestore(&hw->ctlxq.lock, flags);
3885 hfa384x_usbctlxq_run(hw);
3886 return;
3887 }
3888 }
3889 spin_unlock_irqrestore(&hw->ctlxq.lock, flags);
3890 }
3891
3892 /*----------------------------------------------------------------
3893 * hfa384x_usb_throttlefn
3894 *
3895 *
3896 * Arguments:
3897 * data ptr to hw
3898 *
3899 * Returns:
3900 * Nothing
3901 *
3902 * Side effects:
3903 *
3904 * Call context:
3905 * Interrupt
3906 *----------------------------------------------------------------
3907 */
3908 static void hfa384x_usb_throttlefn(unsigned long data)
3909 {
3910 struct hfa384x *hw = (struct hfa384x *)data;
3911 unsigned long flags;
3912
3913 spin_lock_irqsave(&hw->ctlxq.lock, flags);
3914
3915 /*
3916 * We need to check BOTH the RX and the TX throttle controls,
3917 * so we use the bitwise OR instead of the logical OR.
3918 */
3919 pr_debug("flags=0x%lx\n", hw->usb_flags);
3920 if (!hw->wlandev->hwremoved &&
3921 ((test_and_clear_bit(THROTTLE_RX, &hw->usb_flags) &&
3922 !test_and_set_bit(WORK_RX_RESUME, &hw->usb_flags)) |
3923 (test_and_clear_bit(THROTTLE_TX, &hw->usb_flags) &&
3924 !test_and_set_bit(WORK_TX_RESUME, &hw->usb_flags))
3925 )) {
3926 schedule_work(&hw->usb_work);
3927 }
3928
3929 spin_unlock_irqrestore(&hw->ctlxq.lock, flags);
3930 }
3931
3932 /*----------------------------------------------------------------
3933 * hfa384x_usbctlx_submit
3934 *
3935 * Called from the doxxx functions to submit a CTLX to the queue
3936 *
3937 * Arguments:
3938 * hw ptr to the hw struct
3939 * ctlx ctlx structure to enqueue
3940 *
3941 * Returns:
3942 * -ENODEV if the adapter is unplugged
3943 * 0
3944 *
3945 * Side effects:
3946 *
3947 * Call context:
3948 * process or interrupt
3949 *----------------------------------------------------------------
3950 */
3951 static int hfa384x_usbctlx_submit(struct hfa384x *hw,
3952 struct hfa384x_usbctlx *ctlx)
3953 {
3954 unsigned long flags;
3955
3956 spin_lock_irqsave(&hw->ctlxq.lock, flags);
3957
3958 if (hw->wlandev->hwremoved) {
3959 spin_unlock_irqrestore(&hw->ctlxq.lock, flags);
3960 return -ENODEV;
3961 }
3962
3963 ctlx->state = CTLX_PENDING;
3964 list_add_tail(&ctlx->list, &hw->ctlxq.pending);
3965 spin_unlock_irqrestore(&hw->ctlxq.lock, flags);
3966 hfa384x_usbctlxq_run(hw);
3967
3968 return 0;
3969 }
3970
3971 /*----------------------------------------------------------------
3972 * hfa384x_isgood_pdrcore
3973 *
3974 * Quick check of PDR codes.
3975 *
3976 * Arguments:
3977 * pdrcode PDR code number (host order)
3978 *
3979 * Returns:
3980 * zero not good.
3981 * one is good.
3982 *
3983 * Side effects:
3984 *
3985 * Call context:
3986 *----------------------------------------------------------------
3987 */
3988 static int hfa384x_isgood_pdrcode(u16 pdrcode)
3989 {
3990 switch (pdrcode) {
3991 case HFA384x_PDR_END_OF_PDA:
3992 case HFA384x_PDR_PCB_PARTNUM:
3993 case HFA384x_PDR_PDAVER:
3994 case HFA384x_PDR_NIC_SERIAL:
3995 case HFA384x_PDR_MKK_MEASUREMENTS:
3996 case HFA384x_PDR_NIC_RAMSIZE:
3997 case HFA384x_PDR_MFISUPRANGE:
3998 case HFA384x_PDR_CFISUPRANGE:
3999 case HFA384x_PDR_NICID:
4000 case HFA384x_PDR_MAC_ADDRESS:
4001 case HFA384x_PDR_REGDOMAIN:
4002 case HFA384x_PDR_ALLOWED_CHANNEL:
4003 case HFA384x_PDR_DEFAULT_CHANNEL:
4004 case HFA384x_PDR_TEMPTYPE:
4005 case HFA384x_PDR_IFR_SETTING:
4006 case HFA384x_PDR_RFR_SETTING:
4007 case HFA384x_PDR_HFA3861_BASELINE:
4008 case HFA384x_PDR_HFA3861_SHADOW:
4009 case HFA384x_PDR_HFA3861_IFRF:
4010 case HFA384x_PDR_HFA3861_CHCALSP:
4011 case HFA384x_PDR_HFA3861_CHCALI:
4012 case HFA384x_PDR_3842_NIC_CONFIG:
4013 case HFA384x_PDR_USB_ID:
4014 case HFA384x_PDR_PCI_ID:
4015 case HFA384x_PDR_PCI_IFCONF:
4016 case HFA384x_PDR_PCI_PMCONF:
4017 case HFA384x_PDR_RFENRGY:
4018 case HFA384x_PDR_HFA3861_MANF_TESTSP:
4019 case HFA384x_PDR_HFA3861_MANF_TESTI:
4020 /* code is OK */
4021 return 1;
4022 default:
4023 if (pdrcode < 0x1000) {
4024 /* code is OK, but we don't know exactly what it is */
4025 pr_debug("Encountered unknown PDR#=0x%04x, assuming it's ok.\n",
4026 pdrcode);
4027 return 1;
4028 }
4029 break;
4030 }
4031 /* bad code */
4032 pr_debug("Encountered unknown PDR#=0x%04x, (>=0x1000), assuming it's bad.\n",
4033 pdrcode);
4034 return 0;
4035 }
Ubuntu Artful kernel mirror