1 /* src/prism2/driver/hfa384x_usb.c
3 * Functions that talk to the USB variantof the Intersil hfa384x MAC
5 * Copyright (C) 1999 AbsoluteValue Systems, Inc. All Rights Reserved.
6 * --------------------------------------------------------------------
10 * The contents of this file are subject to the Mozilla Public
11 * License Version 1.1 (the "License"); you may not use this file
12 * except in compliance with the License. You may obtain a copy of
13 * the License at http://www.mozilla.org/MPL/
15 * Software distributed under the License is distributed on an "AS
16 * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
17 * implied. See the License for the specific language governing
18 * rights and limitations under the License.
20 * Alternatively, the contents of this file may be used under the
21 * terms of the GNU Public License version 2 (the "GPL"), in which
22 * case the provisions of the GPL are applicable instead of the
23 * above. If you wish to allow the use of your version of this file
24 * only under the terms of the GPL and not to allow others to use
25 * your version of this file under the MPL, indicate your decision
26 * by deleting the provisions above and replace them with the notice
27 * and other provisions required by the GPL. If you do not delete
28 * the provisions above, a recipient may use your version of this
29 * file under either the MPL or the GPL.
31 * --------------------------------------------------------------------
33 * Inquiries regarding the linux-wlan Open Source project can be
36 * AbsoluteValue Systems Inc.
38 * http://www.linux-wlan.com
40 * --------------------------------------------------------------------
42 * Portions of the development of this software were funded by
43 * Intersil Corporation as part of PRISM(R) chipset product development.
45 * --------------------------------------------------------------------
47 * This file implements functions that correspond to the prism2/hfa384x
48 * 802.11 MAC hardware and firmware host interface.
50 * The functions can be considered to represent several levels of
51 * abstraction. The lowest level functions are simply C-callable wrappers
52 * around the register accesses. The next higher level represents C-callable
53 * prism2 API functions that match the Intersil documentation as closely
54 * as is reasonable. The next higher layer implements common sequences
55 * of invocations of the API layer (e.g. write to bap, followed by cmd).
58 * hfa384x_drvr_xxx Highest level abstractions provided by the
59 * hfa384x code. They are driver defined wrappers
60 * for common sequences. These functions generally
61 * use the services of the lower levels.
63 * hfa384x_drvr_xxxconfig An example of the drvr level abstraction. These
64 * functions are wrappers for the RID get/set
65 * sequence. They call copy_[to|from]_bap() and
66 * cmd_access(). These functions operate on the
67 * RIDs and buffers without validation. The caller
68 * is responsible for that.
70 * API wrapper functions:
71 * hfa384x_cmd_xxx functions that provide access to the f/w commands.
72 * The function arguments correspond to each command
73 * argument, even command arguments that get packed
74 * into single registers. These functions _just_
75 * issue the command by setting the cmd/parm regs
76 * & reading the status/resp regs. Additional
77 * activities required to fully use a command
78 * (read/write from/to bap, get/set int status etc.)
79 * are implemented separately. Think of these as
80 * C-callable prism2 commands.
82 * Lowest Layer Functions:
83 * hfa384x_docmd_xxx These functions implement the sequence required
84 * to issue any prism2 command. Primarily used by the
85 * hfa384x_cmd_xxx functions.
87 * hfa384x_bap_xxx BAP read/write access functions.
88 * Note: we usually use BAP0 for non-interrupt context
89 * and BAP1 for interrupt context.
91 * hfa384x_dl_xxx download related functions.
93 * Driver State Issues:
94 * Note that there are two pairs of functions that manage the
95 * 'initialized' and 'running' states of the hw/MAC combo. The four
96 * functions are create(), destroy(), start(), and stop(). create()
97 * sets up the data structures required to support the hfa384x_*
98 * functions and destroy() cleans them up. The start() function gets
99 * the actual hardware running and enables the interrupts. The stop()
100 * function shuts the hardware down. The sequence should be:
104 * . Do interesting things w/ the hardware
109 * Note that destroy() can be called without calling stop() first.
110 * --------------------------------------------------------------------
113 #include <linux/module.h>
114 #include <linux/kernel.h>
115 #include <linux/sched.h>
116 #include <linux/types.h>
117 #include <linux/slab.h>
118 #include <linux/wireless.h>
119 #include <linux/netdevice.h>
120 #include <linux/timer.h>
121 #include <linux/io.h>
122 #include <linux/delay.h>
123 #include <asm/byteorder.h>
124 #include <linux/bitops.h>
125 #include <linux/list.h>
126 #include <linux/usb.h>
127 #include <linux/byteorder/generic.h>
129 #include "p80211types.h"
130 #include "p80211hdr.h"
131 #include "p80211mgmt.h"
132 #include "p80211conv.h"
133 #include "p80211msg.h"
134 #include "p80211netdev.h"
135 #include "p80211req.h"
136 #include "p80211metadef.h"
137 #include "p80211metastruct.h"
139 #include "prism2mgmt.h"
146 #define THROTTLE_JIFFIES (HZ / 8)
147 #define URB_ASYNC_UNLINK 0
148 #define USB_QUEUE_BULK 0
150 #define ROUNDUP64(a) (((a) + 63) & ~63)
153 static void dbprint_urb(struct urb
*urb
);
156 static void hfa384x_int_rxmonitor(struct wlandevice
*wlandev
,
157 struct hfa384x_usb_rxfrm
*rxfrm
);
159 static void hfa384x_usb_defer(struct work_struct
*data
);
161 static int submit_rx_urb(struct hfa384x
*hw
, gfp_t flags
);
163 static int submit_tx_urb(struct hfa384x
*hw
, struct urb
*tx_urb
, gfp_t flags
);
165 /*---------------------------------------------------*/
167 static void hfa384x_usbout_callback(struct urb
*urb
);
168 static void hfa384x_ctlxout_callback(struct urb
*urb
);
169 static void hfa384x_usbin_callback(struct urb
*urb
);
172 hfa384x_usbin_txcompl(struct wlandevice
*wlandev
, union hfa384x_usbin
*usbin
);
174 static void hfa384x_usbin_rx(struct wlandevice
*wlandev
, struct sk_buff
*skb
);
176 static void hfa384x_usbin_info(struct wlandevice
*wlandev
,
177 union hfa384x_usbin
*usbin
);
179 static void hfa384x_usbin_ctlx(struct hfa384x
*hw
, union hfa384x_usbin
*usbin
,
182 /*---------------------------------------------------*/
183 /* Functions to support the prism2 usb command queue */
185 static void hfa384x_usbctlxq_run(struct hfa384x
*hw
);
187 static void hfa384x_usbctlx_reqtimerfn(unsigned long data
);
189 static void hfa384x_usbctlx_resptimerfn(unsigned long data
);
191 static void hfa384x_usb_throttlefn(unsigned long data
);
193 static void hfa384x_usbctlx_completion_task(unsigned long data
);
195 static void hfa384x_usbctlx_reaper_task(unsigned long data
);
197 static int hfa384x_usbctlx_submit(struct hfa384x
*hw
,
198 struct hfa384x_usbctlx
*ctlx
);
200 static void unlocked_usbctlx_complete(struct hfa384x
*hw
,
201 struct hfa384x_usbctlx
*ctlx
);
203 struct usbctlx_completor
{
204 int (*complete
)(struct usbctlx_completor
*);
208 hfa384x_usbctlx_complete_sync(struct hfa384x
*hw
,
209 struct hfa384x_usbctlx
*ctlx
,
210 struct usbctlx_completor
*completor
);
213 unlocked_usbctlx_cancel_async(struct hfa384x
*hw
, struct hfa384x_usbctlx
*ctlx
);
215 static void hfa384x_cb_status(struct hfa384x
*hw
,
216 const struct hfa384x_usbctlx
*ctlx
);
219 usbctlx_get_status(const struct hfa384x_usb_statusresp
*cmdresp
,
220 struct hfa384x_cmdresult
*result
);
223 usbctlx_get_rridresult(const struct hfa384x_usb_rridresp
*rridresp
,
224 struct hfa384x_rridresult
*result
);
226 /*---------------------------------------------------*/
227 /* Low level req/resp CTLX formatters and submitters */
229 hfa384x_docmd(struct hfa384x
*hw
,
231 struct hfa384x_metacmd
*cmd
,
232 ctlx_cmdcb_t cmdcb
, ctlx_usercb_t usercb
, void *usercb_data
);
235 hfa384x_dorrid(struct hfa384x
*hw
,
239 unsigned int riddatalen
,
240 ctlx_cmdcb_t cmdcb
, ctlx_usercb_t usercb
, void *usercb_data
);
243 hfa384x_dowrid(struct hfa384x
*hw
,
247 unsigned int riddatalen
,
248 ctlx_cmdcb_t cmdcb
, ctlx_usercb_t usercb
, void *usercb_data
);
251 hfa384x_dormem(struct hfa384x
*hw
,
257 ctlx_cmdcb_t cmdcb
, ctlx_usercb_t usercb
, void *usercb_data
);
260 hfa384x_dowmem(struct hfa384x
*hw
,
266 ctlx_cmdcb_t cmdcb
, ctlx_usercb_t usercb
, void *usercb_data
);
268 static int hfa384x_isgood_pdrcode(u16 pdrcode
);
270 static inline const char *ctlxstr(enum ctlx_state s
)
272 static const char * const ctlx_str
[] = {
277 "Request packet submitted",
278 "Request packet completed",
279 "Response packet completed"
285 static inline struct hfa384x_usbctlx
*get_active_ctlx(struct hfa384x
*hw
)
287 return list_entry(hw
->ctlxq
.active
.next
, struct hfa384x_usbctlx
, list
);
291 void dbprint_urb(struct urb
*urb
)
293 pr_debug("urb->pipe=0x%08x\n", urb
->pipe
);
294 pr_debug("urb->status=0x%08x\n", urb
->status
);
295 pr_debug("urb->transfer_flags=0x%08x\n", urb
->transfer_flags
);
296 pr_debug("urb->transfer_buffer=0x%08x\n",
297 (unsigned int)urb
->transfer_buffer
);
298 pr_debug("urb->transfer_buffer_length=0x%08x\n",
299 urb
->transfer_buffer_length
);
300 pr_debug("urb->actual_length=0x%08x\n", urb
->actual_length
);
301 pr_debug("urb->bandwidth=0x%08x\n", urb
->bandwidth
);
302 pr_debug("urb->setup_packet(ctl)=0x%08x\n",
303 (unsigned int)urb
->setup_packet
);
304 pr_debug("urb->start_frame(iso/irq)=0x%08x\n", urb
->start_frame
);
305 pr_debug("urb->interval(irq)=0x%08x\n", urb
->interval
);
306 pr_debug("urb->error_count(iso)=0x%08x\n", urb
->error_count
);
307 pr_debug("urb->timeout=0x%08x\n", urb
->timeout
);
308 pr_debug("urb->context=0x%08x\n", (unsigned int)urb
->context
);
309 pr_debug("urb->complete=0x%08x\n", (unsigned int)urb
->complete
);
313 /*----------------------------------------------------------------
316 * Listen for input data on the BULK-IN pipe. If the pipe has
317 * stalled then schedule it to be reset.
321 * memflags memory allocation flags
324 * error code from submission
328 *----------------------------------------------------------------
330 static int submit_rx_urb(struct hfa384x
*hw
, gfp_t memflags
)
335 skb
= dev_alloc_skb(sizeof(union hfa384x_usbin
));
341 /* Post the IN urb */
342 usb_fill_bulk_urb(&hw
->rx_urb
, hw
->usb
,
344 skb
->data
, sizeof(union hfa384x_usbin
),
345 hfa384x_usbin_callback
, hw
->wlandev
);
347 hw
->rx_urb_skb
= skb
;
350 if (!hw
->wlandev
->hwremoved
&&
351 !test_bit(WORK_RX_HALT
, &hw
->usb_flags
)) {
352 result
= usb_submit_urb(&hw
->rx_urb
, memflags
);
354 /* Check whether we need to reset the RX pipe */
355 if (result
== -EPIPE
) {
356 netdev_warn(hw
->wlandev
->netdev
,
357 "%s rx pipe stalled: requesting reset\n",
358 hw
->wlandev
->netdev
->name
);
359 if (!test_and_set_bit(WORK_RX_HALT
, &hw
->usb_flags
))
360 schedule_work(&hw
->usb_work
);
364 /* Don't leak memory if anything should go wrong */
367 hw
->rx_urb_skb
= NULL
;
374 /*----------------------------------------------------------------
377 * Prepares and submits the URB of transmitted data. If the
378 * submission fails then it will schedule the output pipe to
383 * tx_urb URB of data for transmission
384 * memflags memory allocation flags
387 * error code from submission
391 *----------------------------------------------------------------
393 static int submit_tx_urb(struct hfa384x
*hw
, struct urb
*tx_urb
, gfp_t memflags
)
395 struct net_device
*netdev
= hw
->wlandev
->netdev
;
399 if (netif_running(netdev
)) {
400 if (!hw
->wlandev
->hwremoved
&&
401 !test_bit(WORK_TX_HALT
, &hw
->usb_flags
)) {
402 result
= usb_submit_urb(tx_urb
, memflags
);
404 /* Test whether we need to reset the TX pipe */
405 if (result
== -EPIPE
) {
406 netdev_warn(hw
->wlandev
->netdev
,
407 "%s tx pipe stalled: requesting reset\n",
409 set_bit(WORK_TX_HALT
, &hw
->usb_flags
);
410 schedule_work(&hw
->usb_work
);
411 } else if (result
== 0) {
412 netif_stop_queue(netdev
);
420 /*----------------------------------------------------------------
423 * There are some things that the USB stack cannot do while
424 * in interrupt context, so we arrange this function to run
425 * in process context.
428 * hw device structure
434 * process (by design)
435 *----------------------------------------------------------------
437 static void hfa384x_usb_defer(struct work_struct
*data
)
439 struct hfa384x
*hw
= container_of(data
, struct hfa384x
, usb_work
);
440 struct net_device
*netdev
= hw
->wlandev
->netdev
;
442 /* Don't bother trying to reset anything if the plug
443 * has been pulled ...
445 if (hw
->wlandev
->hwremoved
)
448 /* Reception has stopped: try to reset the input pipe */
449 if (test_bit(WORK_RX_HALT
, &hw
->usb_flags
)) {
452 usb_kill_urb(&hw
->rx_urb
); /* Cannot be holding spinlock! */
454 ret
= usb_clear_halt(hw
->usb
, hw
->endp_in
);
456 netdev_err(hw
->wlandev
->netdev
,
457 "Failed to clear rx pipe for %s: err=%d\n",
460 netdev_info(hw
->wlandev
->netdev
, "%s rx pipe reset complete.\n",
462 clear_bit(WORK_RX_HALT
, &hw
->usb_flags
);
463 set_bit(WORK_RX_RESUME
, &hw
->usb_flags
);
467 /* Resume receiving data back from the device. */
468 if (test_bit(WORK_RX_RESUME
, &hw
->usb_flags
)) {
471 ret
= submit_rx_urb(hw
, GFP_KERNEL
);
473 netdev_err(hw
->wlandev
->netdev
,
474 "Failed to resume %s rx pipe.\n",
477 clear_bit(WORK_RX_RESUME
, &hw
->usb_flags
);
481 /* Transmission has stopped: try to reset the output pipe */
482 if (test_bit(WORK_TX_HALT
, &hw
->usb_flags
)) {
485 usb_kill_urb(&hw
->tx_urb
);
486 ret
= usb_clear_halt(hw
->usb
, hw
->endp_out
);
488 netdev_err(hw
->wlandev
->netdev
,
489 "Failed to clear tx pipe for %s: err=%d\n",
492 netdev_info(hw
->wlandev
->netdev
, "%s tx pipe reset complete.\n",
494 clear_bit(WORK_TX_HALT
, &hw
->usb_flags
);
495 set_bit(WORK_TX_RESUME
, &hw
->usb_flags
);
497 /* Stopping the BULK-OUT pipe also blocked
498 * us from sending any more CTLX URBs, so
499 * we need to re-run our queue ...
501 hfa384x_usbctlxq_run(hw
);
505 /* Resume transmitting. */
506 if (test_and_clear_bit(WORK_TX_RESUME
, &hw
->usb_flags
))
507 netif_wake_queue(hw
->wlandev
->netdev
);
510 /*----------------------------------------------------------------
513 * Sets up the struct hfa384x data structure for use. Note this
514 * does _not_ initialize the actual hardware, just the data structures
515 * we use to keep track of its state.
518 * hw device structure
519 * irq device irq number
520 * iobase i/o base address for register access
521 * membase memory base address for register access
530 *----------------------------------------------------------------
532 void hfa384x_create(struct hfa384x
*hw
, struct usb_device
*usb
)
534 memset(hw
, 0, sizeof(*hw
));
537 /* set up the endpoints */
538 hw
->endp_in
= usb_rcvbulkpipe(usb
, 1);
539 hw
->endp_out
= usb_sndbulkpipe(usb
, 2);
541 /* Set up the waitq */
542 init_waitqueue_head(&hw
->cmdq
);
544 /* Initialize the command queue */
545 spin_lock_init(&hw
->ctlxq
.lock
);
546 INIT_LIST_HEAD(&hw
->ctlxq
.pending
);
547 INIT_LIST_HEAD(&hw
->ctlxq
.active
);
548 INIT_LIST_HEAD(&hw
->ctlxq
.completing
);
549 INIT_LIST_HEAD(&hw
->ctlxq
.reapable
);
551 /* Initialize the authentication queue */
552 skb_queue_head_init(&hw
->authq
);
554 tasklet_init(&hw
->reaper_bh
,
555 hfa384x_usbctlx_reaper_task
, (unsigned long)hw
);
556 tasklet_init(&hw
->completion_bh
,
557 hfa384x_usbctlx_completion_task
, (unsigned long)hw
);
558 INIT_WORK(&hw
->link_bh
, prism2sta_processing_defer
);
559 INIT_WORK(&hw
->usb_work
, hfa384x_usb_defer
);
561 setup_timer(&hw
->throttle
, hfa384x_usb_throttlefn
, (unsigned long)hw
);
563 setup_timer(&hw
->resptimer
, hfa384x_usbctlx_resptimerfn
,
566 setup_timer(&hw
->reqtimer
, hfa384x_usbctlx_reqtimerfn
,
569 usb_init_urb(&hw
->rx_urb
);
570 usb_init_urb(&hw
->tx_urb
);
571 usb_init_urb(&hw
->ctlx_urb
);
573 hw
->link_status
= HFA384x_LINK_NOTCONNECTED
;
574 hw
->state
= HFA384x_STATE_INIT
;
576 INIT_WORK(&hw
->commsqual_bh
, prism2sta_commsqual_defer
);
577 setup_timer(&hw
->commsqual_timer
, prism2sta_commsqual_timer
,
581 /*----------------------------------------------------------------
584 * Partner to hfa384x_create(). This function cleans up the hw
585 * structure so that it can be freed by the caller using a simple
586 * kfree. Currently, this function is just a placeholder. If, at some
587 * point in the future, an hw in the 'shutdown' state requires a 'deep'
588 * kfree, this is where it should be done. Note that if this function
589 * is called on a _running_ hw structure, the drvr_stop() function is
593 * hw device structure
596 * nothing, this function is not allowed to fail.
602 *----------------------------------------------------------------
604 void hfa384x_destroy(struct hfa384x
*hw
)
608 if (hw
->state
== HFA384x_STATE_RUNNING
)
609 hfa384x_drvr_stop(hw
);
610 hw
->state
= HFA384x_STATE_PREINIT
;
612 kfree(hw
->scanresults
);
613 hw
->scanresults
= NULL
;
615 /* Now to clean out the auth queue */
616 while ((skb
= skb_dequeue(&hw
->authq
)))
620 static struct hfa384x_usbctlx
*usbctlx_alloc(void)
622 struct hfa384x_usbctlx
*ctlx
;
624 ctlx
= kzalloc(sizeof(*ctlx
),
625 in_interrupt() ? GFP_ATOMIC
: GFP_KERNEL
);
627 init_completion(&ctlx
->done
);
633 usbctlx_get_status(const struct hfa384x_usb_statusresp
*cmdresp
,
634 struct hfa384x_cmdresult
*result
)
636 result
->status
= le16_to_cpu(cmdresp
->status
);
637 result
->resp0
= le16_to_cpu(cmdresp
->resp0
);
638 result
->resp1
= le16_to_cpu(cmdresp
->resp1
);
639 result
->resp2
= le16_to_cpu(cmdresp
->resp2
);
641 pr_debug("cmdresult:status=0x%04x resp0=0x%04x resp1=0x%04x resp2=0x%04x\n",
642 result
->status
, result
->resp0
, result
->resp1
, result
->resp2
);
644 return result
->status
& HFA384x_STATUS_RESULT
;
648 usbctlx_get_rridresult(const struct hfa384x_usb_rridresp
*rridresp
,
649 struct hfa384x_rridresult
*result
)
651 result
->rid
= le16_to_cpu(rridresp
->rid
);
652 result
->riddata
= rridresp
->data
;
653 result
->riddata_len
= ((le16_to_cpu(rridresp
->frmlen
) - 1) * 2);
656 /*----------------------------------------------------------------
658 * This completor must be passed to hfa384x_usbctlx_complete_sync()
659 * when processing a CTLX that returns a struct hfa384x_cmdresult structure.
660 *----------------------------------------------------------------
662 struct usbctlx_cmd_completor
{
663 struct usbctlx_completor head
;
665 const struct hfa384x_usb_statusresp
*cmdresp
;
666 struct hfa384x_cmdresult
*result
;
669 static inline int usbctlx_cmd_completor_fn(struct usbctlx_completor
*head
)
671 struct usbctlx_cmd_completor
*complete
;
673 complete
= (struct usbctlx_cmd_completor
*)head
;
674 return usbctlx_get_status(complete
->cmdresp
, complete
->result
);
677 static inline struct usbctlx_completor
*
678 init_cmd_completor(struct usbctlx_cmd_completor
*completor
,
679 const struct hfa384x_usb_statusresp
*cmdresp
,
680 struct hfa384x_cmdresult
*result
)
682 completor
->head
.complete
= usbctlx_cmd_completor_fn
;
683 completor
->cmdresp
= cmdresp
;
684 completor
->result
= result
;
685 return &completor
->head
;
688 /*----------------------------------------------------------------
690 * This completor must be passed to hfa384x_usbctlx_complete_sync()
691 * when processing a CTLX that reads a RID.
692 *----------------------------------------------------------------
694 struct usbctlx_rrid_completor
{
695 struct usbctlx_completor head
;
697 const struct hfa384x_usb_rridresp
*rridresp
;
699 unsigned int riddatalen
;
702 static int usbctlx_rrid_completor_fn(struct usbctlx_completor
*head
)
704 struct usbctlx_rrid_completor
*complete
;
705 struct hfa384x_rridresult rridresult
;
707 complete
= (struct usbctlx_rrid_completor
*)head
;
708 usbctlx_get_rridresult(complete
->rridresp
, &rridresult
);
710 /* Validate the length, note body len calculation in bytes */
711 if (rridresult
.riddata_len
!= complete
->riddatalen
) {
712 pr_warn("RID len mismatch, rid=0x%04x hlen=%d fwlen=%d\n",
714 complete
->riddatalen
, rridresult
.riddata_len
);
718 memcpy(complete
->riddata
, rridresult
.riddata
, complete
->riddatalen
);
722 static inline struct usbctlx_completor
*
723 init_rrid_completor(struct usbctlx_rrid_completor
*completor
,
724 const struct hfa384x_usb_rridresp
*rridresp
,
726 unsigned int riddatalen
)
728 completor
->head
.complete
= usbctlx_rrid_completor_fn
;
729 completor
->rridresp
= rridresp
;
730 completor
->riddata
= riddata
;
731 completor
->riddatalen
= riddatalen
;
732 return &completor
->head
;
735 /*----------------------------------------------------------------
737 * Interprets the results of a synchronous RID-write
738 *----------------------------------------------------------------
740 #define init_wrid_completor init_cmd_completor
742 /*----------------------------------------------------------------
744 * Interprets the results of a synchronous memory-write
745 *----------------------------------------------------------------
747 #define init_wmem_completor init_cmd_completor
749 /*----------------------------------------------------------------
751 * Interprets the results of a synchronous memory-read
752 *----------------------------------------------------------------
754 struct usbctlx_rmem_completor
{
755 struct usbctlx_completor head
;
757 const struct hfa384x_usb_rmemresp
*rmemresp
;
762 static int usbctlx_rmem_completor_fn(struct usbctlx_completor
*head
)
764 struct usbctlx_rmem_completor
*complete
=
765 (struct usbctlx_rmem_completor
*)head
;
767 pr_debug("rmemresp:len=%d\n", complete
->rmemresp
->frmlen
);
768 memcpy(complete
->data
, complete
->rmemresp
->data
, complete
->len
);
772 static inline struct usbctlx_completor
*
773 init_rmem_completor(struct usbctlx_rmem_completor
*completor
,
774 struct hfa384x_usb_rmemresp
*rmemresp
,
778 completor
->head
.complete
= usbctlx_rmem_completor_fn
;
779 completor
->rmemresp
= rmemresp
;
780 completor
->data
= data
;
781 completor
->len
= len
;
782 return &completor
->head
;
785 /*----------------------------------------------------------------
788 * Ctlx_complete handler for async CMD type control exchanges.
789 * mark the hw struct as such.
791 * Note: If the handling is changed here, it should probably be
792 * changed in docmd as well.
796 * ctlx completed CTLX
805 *----------------------------------------------------------------
807 static void hfa384x_cb_status(struct hfa384x
*hw
,
808 const struct hfa384x_usbctlx
*ctlx
)
811 struct hfa384x_cmdresult cmdresult
;
813 if (ctlx
->state
!= CTLX_COMPLETE
) {
814 memset(&cmdresult
, 0, sizeof(cmdresult
));
816 HFA384x_STATUS_RESULT_SET(HFA384x_CMD_ERR
);
818 usbctlx_get_status(&ctlx
->inbuf
.cmdresp
, &cmdresult
);
821 ctlx
->usercb(hw
, &cmdresult
, ctlx
->usercb_data
);
825 static inline int hfa384x_docmd_wait(struct hfa384x
*hw
,
826 struct hfa384x_metacmd
*cmd
)
828 return hfa384x_docmd(hw
, DOWAIT
, cmd
, NULL
, NULL
, NULL
);
832 hfa384x_docmd_async(struct hfa384x
*hw
,
833 struct hfa384x_metacmd
*cmd
,
834 ctlx_cmdcb_t cmdcb
, ctlx_usercb_t usercb
, void *usercb_data
)
836 return hfa384x_docmd(hw
, DOASYNC
, cmd
, cmdcb
, usercb
, usercb_data
);
840 hfa384x_dorrid_wait(struct hfa384x
*hw
, u16 rid
, void *riddata
,
841 unsigned int riddatalen
)
843 return hfa384x_dorrid(hw
, DOWAIT
,
844 rid
, riddata
, riddatalen
, NULL
, NULL
, NULL
);
848 hfa384x_dorrid_async(struct hfa384x
*hw
,
849 u16 rid
, void *riddata
, unsigned int riddatalen
,
851 ctlx_usercb_t usercb
, void *usercb_data
)
853 return hfa384x_dorrid(hw
, DOASYNC
,
854 rid
, riddata
, riddatalen
,
855 cmdcb
, usercb
, usercb_data
);
859 hfa384x_dowrid_wait(struct hfa384x
*hw
, u16 rid
, void *riddata
,
860 unsigned int riddatalen
)
862 return hfa384x_dowrid(hw
, DOWAIT
,
863 rid
, riddata
, riddatalen
, NULL
, NULL
, NULL
);
867 hfa384x_dowrid_async(struct hfa384x
*hw
,
868 u16 rid
, void *riddata
, unsigned int riddatalen
,
870 ctlx_usercb_t usercb
, void *usercb_data
)
872 return hfa384x_dowrid(hw
, DOASYNC
,
873 rid
, riddata
, riddatalen
,
874 cmdcb
, usercb
, usercb_data
);
878 hfa384x_dormem_wait(struct hfa384x
*hw
,
879 u16 page
, u16 offset
, void *data
, unsigned int len
)
881 return hfa384x_dormem(hw
, DOWAIT
,
882 page
, offset
, data
, len
, NULL
, NULL
, NULL
);
886 hfa384x_dormem_async(struct hfa384x
*hw
,
887 u16 page
, u16 offset
, void *data
, unsigned int len
,
889 ctlx_usercb_t usercb
, void *usercb_data
)
891 return hfa384x_dormem(hw
, DOASYNC
,
892 page
, offset
, data
, len
,
893 cmdcb
, usercb
, usercb_data
);
897 hfa384x_dowmem_wait(struct hfa384x
*hw
,
898 u16 page
, u16 offset
, void *data
, unsigned int len
)
900 return hfa384x_dowmem(hw
, DOWAIT
,
901 page
, offset
, data
, len
, NULL
, NULL
, NULL
);
905 hfa384x_dowmem_async(struct hfa384x
*hw
,
911 ctlx_usercb_t usercb
, void *usercb_data
)
913 return hfa384x_dowmem(hw
, DOASYNC
,
914 page
, offset
, data
, len
,
915 cmdcb
, usercb
, usercb_data
);
918 /*----------------------------------------------------------------
919 * hfa384x_cmd_initialize
921 * Issues the initialize command and sets the hw->state based
925 * hw device structure
929 * >0 f/w reported error - f/w status code
930 * <0 driver reported error
936 *----------------------------------------------------------------
938 int hfa384x_cmd_initialize(struct hfa384x
*hw
)
942 struct hfa384x_metacmd cmd
;
944 cmd
.cmd
= HFA384x_CMDCODE_INIT
;
949 result
= hfa384x_docmd_wait(hw
, &cmd
);
951 pr_debug("cmdresp.init: status=0x%04x, resp0=0x%04x, resp1=0x%04x, resp2=0x%04x\n",
953 cmd
.result
.resp0
, cmd
.result
.resp1
, cmd
.result
.resp2
);
955 for (i
= 0; i
< HFA384x_NUMPORTS_MAX
; i
++)
956 hw
->port_enabled
[i
] = 0;
959 hw
->link_status
= HFA384x_LINK_NOTCONNECTED
;
964 /*----------------------------------------------------------------
965 * hfa384x_cmd_disable
967 * Issues the disable command to stop communications on one of
971 * hw device structure
972 * macport MAC port number (host order)
976 * >0 f/w reported failure - f/w status code
977 * <0 driver reported error (timeout|bad arg)
983 *----------------------------------------------------------------
985 int hfa384x_cmd_disable(struct hfa384x
*hw
, u16 macport
)
987 struct hfa384x_metacmd cmd
;
989 cmd
.cmd
= HFA384x_CMD_CMDCODE_SET(HFA384x_CMDCODE_DISABLE
) |
990 HFA384x_CMD_MACPORT_SET(macport
);
995 return hfa384x_docmd_wait(hw
, &cmd
);
998 /*----------------------------------------------------------------
1001 * Issues the enable command to enable communications on one of
1005 * hw device structure
1006 * macport MAC port number
1010 * >0 f/w reported failure - f/w status code
1011 * <0 driver reported error (timeout|bad arg)
1017 *----------------------------------------------------------------
1019 int hfa384x_cmd_enable(struct hfa384x
*hw
, u16 macport
)
1021 struct hfa384x_metacmd cmd
;
1023 cmd
.cmd
= HFA384x_CMD_CMDCODE_SET(HFA384x_CMDCODE_ENABLE
) |
1024 HFA384x_CMD_MACPORT_SET(macport
);
1029 return hfa384x_docmd_wait(hw
, &cmd
);
1032 /*----------------------------------------------------------------
1033 * hfa384x_cmd_monitor
1035 * Enables the 'monitor mode' of the MAC. Here's the description of
1036 * monitor mode that I've received thus far:
1038 * "The "monitor mode" of operation is that the MAC passes all
1039 * frames for which the PLCP checks are correct. All received
1040 * MPDUs are passed to the host with MAC Port = 7, with a
1041 * receive status of good, FCS error, or undecryptable. Passing
1042 * certain MPDUs is a violation of the 802.11 standard, but useful
1043 * for a debugging tool." Normal communication is not possible
1044 * while monitor mode is enabled.
1047 * hw device structure
1048 * enable a code (0x0b|0x0f) that enables/disables
1049 * monitor mode. (host order)
1053 * >0 f/w reported failure - f/w status code
1054 * <0 driver reported error (timeout|bad arg)
1060 *----------------------------------------------------------------
1062 int hfa384x_cmd_monitor(struct hfa384x
*hw
, u16 enable
)
1064 struct hfa384x_metacmd cmd
;
1066 cmd
.cmd
= HFA384x_CMD_CMDCODE_SET(HFA384x_CMDCODE_MONITOR
) |
1067 HFA384x_CMD_AINFO_SET(enable
);
1072 return hfa384x_docmd_wait(hw
, &cmd
);
1075 /*----------------------------------------------------------------
1076 * hfa384x_cmd_download
1078 * Sets the controls for the MAC controller code/data download
1079 * process. The arguments set the mode and address associated
1080 * with a download. Note that the aux registers should be enabled
1081 * prior to setting one of the download enable modes.
1084 * hw device structure
1085 * mode 0 - Disable programming and begin code exec
1086 * 1 - Enable volatile mem programming
1087 * 2 - Enable non-volatile mem programming
1088 * 3 - Program non-volatile section from NV download
1092 * highaddr For mode 1, sets the high & low order bits of
1093 * the "destination address". This address will be
1094 * the execution start address when download is
1095 * subsequently disabled.
1096 * For mode 2, sets the high & low order bits of
1097 * the destination in NV ram.
1098 * For modes 0 & 3, should be zero. (host order)
1099 * NOTE: these are CMD format.
1100 * codelen Length of the data to write in mode 2,
1101 * zero otherwise. (host order)
1105 * >0 f/w reported failure - f/w status code
1106 * <0 driver reported error (timeout|bad arg)
1112 *----------------------------------------------------------------
1114 int hfa384x_cmd_download(struct hfa384x
*hw
, u16 mode
, u16 lowaddr
,
1115 u16 highaddr
, u16 codelen
)
1117 struct hfa384x_metacmd cmd
;
1119 pr_debug("mode=%d, lowaddr=0x%04x, highaddr=0x%04x, codelen=%d\n",
1120 mode
, lowaddr
, highaddr
, codelen
);
1122 cmd
.cmd
= (HFA384x_CMD_CMDCODE_SET(HFA384x_CMDCODE_DOWNLD
) |
1123 HFA384x_CMD_PROGMODE_SET(mode
));
1125 cmd
.parm0
= lowaddr
;
1126 cmd
.parm1
= highaddr
;
1127 cmd
.parm2
= codelen
;
1129 return hfa384x_docmd_wait(hw
, &cmd
);
1132 /*----------------------------------------------------------------
1135 * Perform a reset of the hfa38xx MAC core. We assume that the hw
1136 * structure is in its "created" state. That is, it is initialized
1137 * with proper values. Note that if a reset is done after the
1138 * device has been active for awhile, the caller might have to clean
1139 * up some leftover cruft in the hw structure.
1142 * hw device structure
1143 * holdtime how long (in ms) to hold the reset
1144 * settletime how long (in ms) to wait after releasing
1154 *----------------------------------------------------------------
1156 int hfa384x_corereset(struct hfa384x
*hw
, int holdtime
,
1157 int settletime
, int genesis
)
1161 result
= usb_reset_device(hw
->usb
);
1163 netdev_err(hw
->wlandev
->netdev
, "usb_reset_device() failed, result=%d.\n",
1170 /*----------------------------------------------------------------
1171 * hfa384x_usbctlx_complete_sync
1173 * Waits for a synchronous CTLX object to complete,
1174 * and then handles the response.
1177 * hw device structure
1179 * completor functor object to decide what to
1180 * do with the CTLX's result.
1184 * -ERESTARTSYS Interrupted by a signal
1186 * -ENODEV Adapter was unplugged
1187 * ??? Result from completor
1193 *----------------------------------------------------------------
1195 static int hfa384x_usbctlx_complete_sync(struct hfa384x
*hw
,
1196 struct hfa384x_usbctlx
*ctlx
,
1197 struct usbctlx_completor
*completor
)
1199 unsigned long flags
;
1202 result
= wait_for_completion_interruptible(&ctlx
->done
);
1204 spin_lock_irqsave(&hw
->ctlxq
.lock
, flags
);
1207 * We can only handle the CTLX if the USB disconnect
1208 * function has not run yet ...
1211 if (hw
->wlandev
->hwremoved
) {
1212 spin_unlock_irqrestore(&hw
->ctlxq
.lock
, flags
);
1214 } else if (result
!= 0) {
1218 * We were probably interrupted, so delete
1219 * this CTLX asynchronously, kill the timers
1220 * and the URB, and then start the next
1223 * NOTE: We can only delete the timers and
1224 * the URB if this CTLX is active.
1226 if (ctlx
== get_active_ctlx(hw
)) {
1227 spin_unlock_irqrestore(&hw
->ctlxq
.lock
, flags
);
1229 del_singleshot_timer_sync(&hw
->reqtimer
);
1230 del_singleshot_timer_sync(&hw
->resptimer
);
1231 hw
->req_timer_done
= 1;
1232 hw
->resp_timer_done
= 1;
1233 usb_kill_urb(&hw
->ctlx_urb
);
1235 spin_lock_irqsave(&hw
->ctlxq
.lock
, flags
);
1240 * This scenario is so unlikely that I'm
1241 * happy with a grubby "goto" solution ...
1243 if (hw
->wlandev
->hwremoved
)
1248 * The completion task will send this CTLX
1249 * to the reaper the next time it runs. We
1250 * are no longer in a hurry.
1253 ctlx
->state
= CTLX_REQ_FAILED
;
1254 list_move_tail(&ctlx
->list
, &hw
->ctlxq
.completing
);
1256 spin_unlock_irqrestore(&hw
->ctlxq
.lock
, flags
);
1259 hfa384x_usbctlxq_run(hw
);
1261 if (ctlx
->state
== CTLX_COMPLETE
) {
1262 result
= completor
->complete(completor
);
1264 netdev_warn(hw
->wlandev
->netdev
, "CTLX[%d] error: state(%s)\n",
1265 le16_to_cpu(ctlx
->outbuf
.type
),
1266 ctlxstr(ctlx
->state
));
1270 list_del(&ctlx
->list
);
1271 spin_unlock_irqrestore(&hw
->ctlxq
.lock
, flags
);
1278 /*----------------------------------------------------------------
1281 * Constructs a command CTLX and submits it.
1283 * NOTE: Any changes to the 'post-submit' code in this function
1284 * need to be carried over to hfa384x_cbcmd() since the handling
1285 * is virtually identical.
1288 * hw device structure
1289 * mode DOWAIT or DOASYNC
1290 * cmd cmd structure. Includes all arguments and result
1291 * data points. All in host order. in host order
1292 * cmdcb command-specific callback
1293 * usercb user callback for async calls, NULL for DOWAIT calls
1294 * usercb_data user supplied data pointer for async calls, NULL
1300 * -ERESTARTSYS Awakened on signal
1301 * >0 command indicated error, Status and Resp0-2 are
1309 *----------------------------------------------------------------
1312 hfa384x_docmd(struct hfa384x
*hw
,
1314 struct hfa384x_metacmd
*cmd
,
1315 ctlx_cmdcb_t cmdcb
, ctlx_usercb_t usercb
, void *usercb_data
)
1318 struct hfa384x_usbctlx
*ctlx
;
1320 ctlx
= usbctlx_alloc();
1326 /* Initialize the command */
1327 ctlx
->outbuf
.cmdreq
.type
= cpu_to_le16(HFA384x_USB_CMDREQ
);
1328 ctlx
->outbuf
.cmdreq
.cmd
= cpu_to_le16(cmd
->cmd
);
1329 ctlx
->outbuf
.cmdreq
.parm0
= cpu_to_le16(cmd
->parm0
);
1330 ctlx
->outbuf
.cmdreq
.parm1
= cpu_to_le16(cmd
->parm1
);
1331 ctlx
->outbuf
.cmdreq
.parm2
= cpu_to_le16(cmd
->parm2
);
1333 ctlx
->outbufsize
= sizeof(ctlx
->outbuf
.cmdreq
);
1335 pr_debug("cmdreq: cmd=0x%04x parm0=0x%04x parm1=0x%04x parm2=0x%04x\n",
1336 cmd
->cmd
, cmd
->parm0
, cmd
->parm1
, cmd
->parm2
);
1338 ctlx
->reapable
= mode
;
1339 ctlx
->cmdcb
= cmdcb
;
1340 ctlx
->usercb
= usercb
;
1341 ctlx
->usercb_data
= usercb_data
;
1343 result
= hfa384x_usbctlx_submit(hw
, ctlx
);
1346 } else if (mode
== DOWAIT
) {
1347 struct usbctlx_cmd_completor cmd_completor
;
1348 struct usbctlx_completor
*completor
;
1350 completor
= init_cmd_completor(&cmd_completor
,
1351 &ctlx
->inbuf
.cmdresp
,
1354 result
= hfa384x_usbctlx_complete_sync(hw
, ctlx
, completor
);
1361 /*----------------------------------------------------------------
1364 * Constructs a read rid CTLX and issues it.
1366 * NOTE: Any changes to the 'post-submit' code in this function
1367 * need to be carried over to hfa384x_cbrrid() since the handling
1368 * is virtually identical.
1371 * hw device structure
1372 * mode DOWAIT or DOASYNC
1373 * rid Read RID number (host order)
1374 * riddata Caller supplied buffer that MAC formatted RID.data
1375 * record will be written to for DOWAIT calls. Should
1376 * be NULL for DOASYNC calls.
1377 * riddatalen Buffer length for DOWAIT calls. Zero for DOASYNC calls.
1378 * cmdcb command callback for async calls, NULL for DOWAIT calls
1379 * usercb user callback for async calls, NULL for DOWAIT calls
1380 * usercb_data user supplied data pointer for async calls, NULL
1386 * -ERESTARTSYS Awakened on signal
1387 * -ENODATA riddatalen != macdatalen
1388 * >0 command indicated error, Status and Resp0-2 are
1394 * interrupt (DOASYNC)
1395 * process (DOWAIT or DOASYNC)
1396 *----------------------------------------------------------------
1399 hfa384x_dorrid(struct hfa384x
*hw
,
1403 unsigned int riddatalen
,
1404 ctlx_cmdcb_t cmdcb
, ctlx_usercb_t usercb
, void *usercb_data
)
1407 struct hfa384x_usbctlx
*ctlx
;
1409 ctlx
= usbctlx_alloc();
1415 /* Initialize the command */
1416 ctlx
->outbuf
.rridreq
.type
= cpu_to_le16(HFA384x_USB_RRIDREQ
);
1417 ctlx
->outbuf
.rridreq
.frmlen
=
1418 cpu_to_le16(sizeof(ctlx
->outbuf
.rridreq
.rid
));
1419 ctlx
->outbuf
.rridreq
.rid
= cpu_to_le16(rid
);
1421 ctlx
->outbufsize
= sizeof(ctlx
->outbuf
.rridreq
);
1423 ctlx
->reapable
= mode
;
1424 ctlx
->cmdcb
= cmdcb
;
1425 ctlx
->usercb
= usercb
;
1426 ctlx
->usercb_data
= usercb_data
;
1428 /* Submit the CTLX */
1429 result
= hfa384x_usbctlx_submit(hw
, ctlx
);
1432 } else if (mode
== DOWAIT
) {
1433 struct usbctlx_rrid_completor completor
;
1436 hfa384x_usbctlx_complete_sync(hw
, ctlx
,
1439 &ctlx
->inbuf
.rridresp
,
1440 riddata
, riddatalen
));
1447 /*----------------------------------------------------------------
1450 * Constructs a write rid CTLX and issues it.
1452 * NOTE: Any changes to the 'post-submit' code in this function
1453 * need to be carried over to hfa384x_cbwrid() since the handling
1454 * is virtually identical.
1457 * hw device structure
1458 * enum cmd_mode DOWAIT or DOASYNC
1460 * riddata Data portion of RID formatted for MAC
1461 * riddatalen Length of the data portion in bytes
1462 * cmdcb command callback for async calls, NULL for DOWAIT calls
1463 * usercb user callback for async calls, NULL for DOWAIT calls
1464 * usercb_data user supplied data pointer for async calls
1468 * -ETIMEDOUT timed out waiting for register ready or
1469 * command completion
1470 * >0 command indicated error, Status and Resp0-2 are
1476 * interrupt (DOASYNC)
1477 * process (DOWAIT or DOASYNC)
1478 *----------------------------------------------------------------
1481 hfa384x_dowrid(struct hfa384x
*hw
,
1485 unsigned int riddatalen
,
1486 ctlx_cmdcb_t cmdcb
, ctlx_usercb_t usercb
, void *usercb_data
)
1489 struct hfa384x_usbctlx
*ctlx
;
1491 ctlx
= usbctlx_alloc();
1497 /* Initialize the command */
1498 ctlx
->outbuf
.wridreq
.type
= cpu_to_le16(HFA384x_USB_WRIDREQ
);
1499 ctlx
->outbuf
.wridreq
.frmlen
= cpu_to_le16((sizeof
1500 (ctlx
->outbuf
.wridreq
.rid
) +
1501 riddatalen
+ 1) / 2);
1502 ctlx
->outbuf
.wridreq
.rid
= cpu_to_le16(rid
);
1503 memcpy(ctlx
->outbuf
.wridreq
.data
, riddata
, riddatalen
);
1505 ctlx
->outbufsize
= sizeof(ctlx
->outbuf
.wridreq
.type
) +
1506 sizeof(ctlx
->outbuf
.wridreq
.frmlen
) +
1507 sizeof(ctlx
->outbuf
.wridreq
.rid
) + riddatalen
;
1509 ctlx
->reapable
= mode
;
1510 ctlx
->cmdcb
= cmdcb
;
1511 ctlx
->usercb
= usercb
;
1512 ctlx
->usercb_data
= usercb_data
;
1514 /* Submit the CTLX */
1515 result
= hfa384x_usbctlx_submit(hw
, ctlx
);
1518 } else if (mode
== DOWAIT
) {
1519 struct usbctlx_cmd_completor completor
;
1520 struct hfa384x_cmdresult wridresult
;
1522 result
= hfa384x_usbctlx_complete_sync(hw
,
1526 &ctlx
->inbuf
.wridresp
,
1534 /*----------------------------------------------------------------
1537 * Constructs a readmem CTLX and issues it.
1539 * NOTE: Any changes to the 'post-submit' code in this function
1540 * need to be carried over to hfa384x_cbrmem() since the handling
1541 * is virtually identical.
1544 * hw device structure
1545 * mode DOWAIT or DOASYNC
1546 * page MAC address space page (CMD format)
1547 * offset MAC address space offset
1548 * data Ptr to data buffer to receive read
1549 * len Length of the data to read (max == 2048)
1550 * cmdcb command callback for async calls, NULL for DOWAIT calls
1551 * usercb user callback for async calls, NULL for DOWAIT calls
1552 * usercb_data user supplied data pointer for async calls
1556 * -ETIMEDOUT timed out waiting for register ready or
1557 * command completion
1558 * >0 command indicated error, Status and Resp0-2 are
1564 * interrupt (DOASYNC)
1565 * process (DOWAIT or DOASYNC)
1566 *----------------------------------------------------------------
1569 hfa384x_dormem(struct hfa384x
*hw
,
1575 ctlx_cmdcb_t cmdcb
, ctlx_usercb_t usercb
, void *usercb_data
)
1578 struct hfa384x_usbctlx
*ctlx
;
1580 ctlx
= usbctlx_alloc();
1586 /* Initialize the command */
1587 ctlx
->outbuf
.rmemreq
.type
= cpu_to_le16(HFA384x_USB_RMEMREQ
);
1588 ctlx
->outbuf
.rmemreq
.frmlen
=
1589 cpu_to_le16(sizeof(ctlx
->outbuf
.rmemreq
.offset
) +
1590 sizeof(ctlx
->outbuf
.rmemreq
.page
) + len
);
1591 ctlx
->outbuf
.rmemreq
.offset
= cpu_to_le16(offset
);
1592 ctlx
->outbuf
.rmemreq
.page
= cpu_to_le16(page
);
1594 ctlx
->outbufsize
= sizeof(ctlx
->outbuf
.rmemreq
);
1596 pr_debug("type=0x%04x frmlen=%d offset=0x%04x page=0x%04x\n",
1597 ctlx
->outbuf
.rmemreq
.type
,
1598 ctlx
->outbuf
.rmemreq
.frmlen
,
1599 ctlx
->outbuf
.rmemreq
.offset
, ctlx
->outbuf
.rmemreq
.page
);
1601 pr_debug("pktsize=%zd\n", ROUNDUP64(sizeof(ctlx
->outbuf
.rmemreq
)));
1603 ctlx
->reapable
= mode
;
1604 ctlx
->cmdcb
= cmdcb
;
1605 ctlx
->usercb
= usercb
;
1606 ctlx
->usercb_data
= usercb_data
;
1608 result
= hfa384x_usbctlx_submit(hw
, ctlx
);
1611 } else if (mode
== DOWAIT
) {
1612 struct usbctlx_rmem_completor completor
;
1615 hfa384x_usbctlx_complete_sync(hw
, ctlx
,
1618 &ctlx
->inbuf
.rmemresp
, data
,
1626 /*----------------------------------------------------------------
1629 * Constructs a writemem CTLX and issues it.
1631 * NOTE: Any changes to the 'post-submit' code in this function
1632 * need to be carried over to hfa384x_cbwmem() since the handling
1633 * is virtually identical.
1636 * hw device structure
1637 * mode DOWAIT or DOASYNC
1638 * page MAC address space page (CMD format)
1639 * offset MAC address space offset
1640 * data Ptr to data buffer containing write data
1641 * len Length of the data to read (max == 2048)
1642 * cmdcb command callback for async calls, NULL for DOWAIT calls
1643 * usercb user callback for async calls, NULL for DOWAIT calls
1644 * usercb_data user supplied data pointer for async calls.
1648 * -ETIMEDOUT timed out waiting for register ready or
1649 * command completion
1650 * >0 command indicated error, Status and Resp0-2 are
1656 * interrupt (DOWAIT)
1657 * process (DOWAIT or DOASYNC)
1658 *----------------------------------------------------------------
1661 hfa384x_dowmem(struct hfa384x
*hw
,
1667 ctlx_cmdcb_t cmdcb
, ctlx_usercb_t usercb
, void *usercb_data
)
1670 struct hfa384x_usbctlx
*ctlx
;
1672 pr_debug("page=0x%04x offset=0x%04x len=%d\n", page
, offset
, len
);
1674 ctlx
= usbctlx_alloc();
1680 /* Initialize the command */
1681 ctlx
->outbuf
.wmemreq
.type
= cpu_to_le16(HFA384x_USB_WMEMREQ
);
1682 ctlx
->outbuf
.wmemreq
.frmlen
=
1683 cpu_to_le16(sizeof(ctlx
->outbuf
.wmemreq
.offset
) +
1684 sizeof(ctlx
->outbuf
.wmemreq
.page
) + len
);
1685 ctlx
->outbuf
.wmemreq
.offset
= cpu_to_le16(offset
);
1686 ctlx
->outbuf
.wmemreq
.page
= cpu_to_le16(page
);
1687 memcpy(ctlx
->outbuf
.wmemreq
.data
, data
, len
);
1689 ctlx
->outbufsize
= sizeof(ctlx
->outbuf
.wmemreq
.type
) +
1690 sizeof(ctlx
->outbuf
.wmemreq
.frmlen
) +
1691 sizeof(ctlx
->outbuf
.wmemreq
.offset
) +
1692 sizeof(ctlx
->outbuf
.wmemreq
.page
) + len
;
1694 ctlx
->reapable
= mode
;
1695 ctlx
->cmdcb
= cmdcb
;
1696 ctlx
->usercb
= usercb
;
1697 ctlx
->usercb_data
= usercb_data
;
1699 result
= hfa384x_usbctlx_submit(hw
, ctlx
);
1702 } else if (mode
== DOWAIT
) {
1703 struct usbctlx_cmd_completor completor
;
1704 struct hfa384x_cmdresult wmemresult
;
1706 result
= hfa384x_usbctlx_complete_sync(hw
,
1710 &ctlx
->inbuf
.wmemresp
,
1718 /*----------------------------------------------------------------
1719 * hfa384x_drvr_disable
1721 * Issues the disable command to stop communications on one of
1722 * the MACs 'ports'. Only macport 0 is valid for stations.
1723 * APs may also disable macports 1-6. Only ports that have been
1724 * previously enabled may be disabled.
1727 * hw device structure
1728 * macport MAC port number (host order)
1732 * >0 f/w reported failure - f/w status code
1733 * <0 driver reported error (timeout|bad arg)
1739 *----------------------------------------------------------------
1741 int hfa384x_drvr_disable(struct hfa384x
*hw
, u16 macport
)
1745 if ((!hw
->isap
&& macport
!= 0) ||
1746 (hw
->isap
&& !(macport
<= HFA384x_PORTID_MAX
)) ||
1747 !(hw
->port_enabled
[macport
])) {
1750 result
= hfa384x_cmd_disable(hw
, macport
);
1752 hw
->port_enabled
[macport
] = 0;
1757 /*----------------------------------------------------------------
1758 * hfa384x_drvr_enable
1760 * Issues the enable command to enable communications on one of
1761 * the MACs 'ports'. Only macport 0 is valid for stations.
1762 * APs may also enable macports 1-6. Only ports that are currently
1763 * disabled may be enabled.
1766 * hw device structure
1767 * macport MAC port number
1771 * >0 f/w reported failure - f/w status code
1772 * <0 driver reported error (timeout|bad arg)
1778 *----------------------------------------------------------------
1780 int hfa384x_drvr_enable(struct hfa384x
*hw
, u16 macport
)
1784 if ((!hw
->isap
&& macport
!= 0) ||
1785 (hw
->isap
&& !(macport
<= HFA384x_PORTID_MAX
)) ||
1786 (hw
->port_enabled
[macport
])) {
1789 result
= hfa384x_cmd_enable(hw
, macport
);
1791 hw
->port_enabled
[macport
] = 1;
1796 /*----------------------------------------------------------------
1797 * hfa384x_drvr_flashdl_enable
1799 * Begins the flash download state. Checks to see that we're not
1800 * already in a download state and that a port isn't enabled.
1801 * Sets the download state and retrieves the flash download
1802 * buffer location, buffer size, and timeout length.
1805 * hw device structure
1809 * >0 f/w reported error - f/w status code
1810 * <0 driver reported error
1816 *----------------------------------------------------------------
1818 int hfa384x_drvr_flashdl_enable(struct hfa384x
*hw
)
1823 /* Check that a port isn't active */
1824 for (i
= 0; i
< HFA384x_PORTID_MAX
; i
++) {
1825 if (hw
->port_enabled
[i
]) {
1826 pr_debug("called when port enabled.\n");
1831 /* Check that we're not already in a download state */
1832 if (hw
->dlstate
!= HFA384x_DLSTATE_DISABLED
)
1835 /* Retrieve the buffer loc&size and timeout */
1836 result
= hfa384x_drvr_getconfig(hw
, HFA384x_RID_DOWNLOADBUFFER
,
1837 &hw
->bufinfo
, sizeof(hw
->bufinfo
));
1841 le16_to_cpus(&hw
->bufinfo
.page
);
1842 le16_to_cpus(&hw
->bufinfo
.offset
);
1843 le16_to_cpus(&hw
->bufinfo
.len
);
1844 result
= hfa384x_drvr_getconfig16(hw
, HFA384x_RID_MAXLOADTIME
,
1849 le16_to_cpus(&hw
->dltimeout
);
1851 pr_debug("flashdl_enable\n");
1853 hw
->dlstate
= HFA384x_DLSTATE_FLASHENABLED
;
1858 /*----------------------------------------------------------------
1859 * hfa384x_drvr_flashdl_disable
1861 * Ends the flash download state. Note that this will cause the MAC
1862 * firmware to restart.
1865 * hw device structure
1869 * >0 f/w reported error - f/w status code
1870 * <0 driver reported error
1876 *----------------------------------------------------------------
1878 int hfa384x_drvr_flashdl_disable(struct hfa384x
*hw
)
1880 /* Check that we're already in the download state */
1881 if (hw
->dlstate
!= HFA384x_DLSTATE_FLASHENABLED
)
1884 pr_debug("flashdl_enable\n");
1886 /* There isn't much we can do at this point, so I don't */
1887 /* bother w/ the return value */
1888 hfa384x_cmd_download(hw
, HFA384x_PROGMODE_DISABLE
, 0, 0, 0);
1889 hw
->dlstate
= HFA384x_DLSTATE_DISABLED
;
1894 /*----------------------------------------------------------------
1895 * hfa384x_drvr_flashdl_write
1897 * Performs a FLASH download of a chunk of data. First checks to see
1898 * that we're in the FLASH download state, then sets the download
1899 * mode, uses the aux functions to 1) copy the data to the flash
1900 * buffer, 2) sets the download 'write flash' mode, 3) readback and
1901 * compare. Lather rinse, repeat as many times an necessary to get
1902 * all the given data into flash.
1903 * When all data has been written using this function (possibly
1904 * repeatedly), call drvr_flashdl_disable() to end the download state
1905 * and restart the MAC.
1908 * hw device structure
1909 * daddr Card address to write to. (host order)
1910 * buf Ptr to data to write.
1911 * len Length of data (host order).
1915 * >0 f/w reported error - f/w status code
1916 * <0 driver reported error
1922 *----------------------------------------------------------------
1924 int hfa384x_drvr_flashdl_write(struct hfa384x
*hw
, u32 daddr
,
1942 pr_debug("daddr=0x%08x len=%d\n", daddr
, len
);
1944 /* Check that we're in the flash download state */
1945 if (hw
->dlstate
!= HFA384x_DLSTATE_FLASHENABLED
)
1948 netdev_info(hw
->wlandev
->netdev
,
1949 "Download %d bytes to flash @0x%06x\n", len
, daddr
);
1951 /* Convert to flat address for arithmetic */
1952 /* NOTE: dlbuffer RID stores the address in AUX format */
1954 HFA384x_ADDR_AUX_MKFLAT(hw
->bufinfo
.page
, hw
->bufinfo
.offset
);
1955 pr_debug("dlbuf.page=0x%04x dlbuf.offset=0x%04x dlbufaddr=0x%08x\n",
1956 hw
->bufinfo
.page
, hw
->bufinfo
.offset
, dlbufaddr
);
1957 /* Calculations to determine how many fills of the dlbuffer to do
1958 * and how many USB wmemreq's to do for each fill. At this point
1959 * in time, the dlbuffer size and the wmemreq size are the same.
1960 * Therefore, nwrites should always be 1. The extra complexity
1961 * here is a hedge against future changes.
1964 /* Figure out how many times to do the flash programming */
1965 nburns
= len
/ hw
->bufinfo
.len
;
1966 nburns
+= (len
% hw
->bufinfo
.len
) ? 1 : 0;
1968 /* For each flash program cycle, how many USB wmemreq's are needed? */
1969 nwrites
= hw
->bufinfo
.len
/ HFA384x_USB_RWMEM_MAXLEN
;
1970 nwrites
+= (hw
->bufinfo
.len
% HFA384x_USB_RWMEM_MAXLEN
) ? 1 : 0;
1973 for (i
= 0; i
< nburns
; i
++) {
1974 /* Get the dest address and len */
1975 burnlen
= (len
- (hw
->bufinfo
.len
* i
)) > hw
->bufinfo
.len
?
1976 hw
->bufinfo
.len
: (len
- (hw
->bufinfo
.len
* i
));
1977 burndaddr
= daddr
+ (hw
->bufinfo
.len
* i
);
1978 burnlo
= HFA384x_ADDR_CMD_MKOFF(burndaddr
);
1979 burnhi
= HFA384x_ADDR_CMD_MKPAGE(burndaddr
);
1981 netdev_info(hw
->wlandev
->netdev
, "Writing %d bytes to flash @0x%06x\n",
1982 burnlen
, burndaddr
);
1984 /* Set the download mode */
1985 result
= hfa384x_cmd_download(hw
, HFA384x_PROGMODE_NV
,
1986 burnlo
, burnhi
, burnlen
);
1988 netdev_err(hw
->wlandev
->netdev
,
1989 "download(NV,lo=%x,hi=%x,len=%x) cmd failed, result=%d. Aborting d/l\n",
1990 burnlo
, burnhi
, burnlen
, result
);
1994 /* copy the data to the flash download buffer */
1995 for (j
= 0; j
< nwrites
; j
++) {
1997 (i
* hw
->bufinfo
.len
) +
1998 (j
* HFA384x_USB_RWMEM_MAXLEN
);
2000 writepage
= HFA384x_ADDR_CMD_MKPAGE(dlbufaddr
+
2001 (j
* HFA384x_USB_RWMEM_MAXLEN
));
2002 writeoffset
= HFA384x_ADDR_CMD_MKOFF(dlbufaddr
+
2003 (j
* HFA384x_USB_RWMEM_MAXLEN
));
2005 writelen
= burnlen
- (j
* HFA384x_USB_RWMEM_MAXLEN
);
2006 writelen
= writelen
> HFA384x_USB_RWMEM_MAXLEN
?
2007 HFA384x_USB_RWMEM_MAXLEN
: writelen
;
2009 result
= hfa384x_dowmem_wait(hw
,
2012 writebuf
, writelen
);
2015 /* set the download 'write flash' mode */
2016 result
= hfa384x_cmd_download(hw
,
2017 HFA384x_PROGMODE_NVWRITE
,
2020 netdev_err(hw
->wlandev
->netdev
,
2021 "download(NVWRITE,lo=%x,hi=%x,len=%x) cmd failed, result=%d. Aborting d/l\n",
2022 burnlo
, burnhi
, burnlen
, result
);
2026 /* TODO: We really should do a readback and compare. */
2031 /* Leave the firmware in the 'post-prog' mode. flashdl_disable will */
2032 /* actually disable programming mode. Remember, that will cause the */
2033 /* the firmware to effectively reset itself. */
2038 /*----------------------------------------------------------------
2039 * hfa384x_drvr_getconfig
2041 * Performs the sequence necessary to read a config/info item.
2044 * hw device structure
2045 * rid config/info record id (host order)
2046 * buf host side record buffer. Upon return it will
2047 * contain the body portion of the record (minus the
2049 * len buffer length (in bytes, should match record length)
2053 * >0 f/w reported error - f/w status code
2054 * <0 driver reported error
2055 * -ENODATA length mismatch between argument and retrieved
2062 *----------------------------------------------------------------
2064 int hfa384x_drvr_getconfig(struct hfa384x
*hw
, u16 rid
, void *buf
, u16 len
)
2066 return hfa384x_dorrid_wait(hw
, rid
, buf
, len
);
2069 /*----------------------------------------------------------------
2070 * hfa384x_drvr_setconfig_async
2072 * Performs the sequence necessary to write a config/info item.
2075 * hw device structure
2076 * rid config/info record id (in host order)
2077 * buf host side record buffer
2078 * len buffer length (in bytes)
2079 * usercb completion callback
2080 * usercb_data completion callback argument
2084 * >0 f/w reported error - f/w status code
2085 * <0 driver reported error
2091 *----------------------------------------------------------------
2094 hfa384x_drvr_setconfig_async(struct hfa384x
*hw
,
2097 u16 len
, ctlx_usercb_t usercb
, void *usercb_data
)
2099 return hfa384x_dowrid_async(hw
, rid
, buf
, len
,
2100 hfa384x_cb_status
, usercb
, usercb_data
);
2103 /*----------------------------------------------------------------
2104 * hfa384x_drvr_ramdl_disable
2106 * Ends the ram download state.
2109 * hw device structure
2113 * >0 f/w reported error - f/w status code
2114 * <0 driver reported error
2120 *----------------------------------------------------------------
2122 int hfa384x_drvr_ramdl_disable(struct hfa384x
*hw
)
2124 /* Check that we're already in the download state */
2125 if (hw
->dlstate
!= HFA384x_DLSTATE_RAMENABLED
)
2128 pr_debug("ramdl_disable()\n");
2130 /* There isn't much we can do at this point, so I don't */
2131 /* bother w/ the return value */
2132 hfa384x_cmd_download(hw
, HFA384x_PROGMODE_DISABLE
, 0, 0, 0);
2133 hw
->dlstate
= HFA384x_DLSTATE_DISABLED
;
2138 /*----------------------------------------------------------------
2139 * hfa384x_drvr_ramdl_enable
2141 * Begins the ram download state. Checks to see that we're not
2142 * already in a download state and that a port isn't enabled.
2143 * Sets the download state and calls cmd_download with the
2144 * ENABLE_VOLATILE subcommand and the exeaddr argument.
2147 * hw device structure
2148 * exeaddr the card execution address that will be
2149 * jumped to when ramdl_disable() is called
2154 * >0 f/w reported error - f/w status code
2155 * <0 driver reported error
2161 *----------------------------------------------------------------
2163 int hfa384x_drvr_ramdl_enable(struct hfa384x
*hw
, u32 exeaddr
)
2170 /* Check that a port isn't active */
2171 for (i
= 0; i
< HFA384x_PORTID_MAX
; i
++) {
2172 if (hw
->port_enabled
[i
]) {
2173 netdev_err(hw
->wlandev
->netdev
,
2174 "Can't download with a macport enabled.\n");
2179 /* Check that we're not already in a download state */
2180 if (hw
->dlstate
!= HFA384x_DLSTATE_DISABLED
) {
2181 netdev_err(hw
->wlandev
->netdev
,
2182 "Download state not disabled.\n");
2186 pr_debug("ramdl_enable, exeaddr=0x%08x\n", exeaddr
);
2188 /* Call the download(1,addr) function */
2189 lowaddr
= HFA384x_ADDR_CMD_MKOFF(exeaddr
);
2190 hiaddr
= HFA384x_ADDR_CMD_MKPAGE(exeaddr
);
2192 result
= hfa384x_cmd_download(hw
, HFA384x_PROGMODE_RAM
,
2193 lowaddr
, hiaddr
, 0);
2196 /* Set the download state */
2197 hw
->dlstate
= HFA384x_DLSTATE_RAMENABLED
;
2199 pr_debug("cmd_download(0x%04x, 0x%04x) failed, result=%d.\n",
2200 lowaddr
, hiaddr
, result
);
2206 /*----------------------------------------------------------------
2207 * hfa384x_drvr_ramdl_write
2209 * Performs a RAM download of a chunk of data. First checks to see
2210 * that we're in the RAM download state, then uses the [read|write]mem USB
2211 * commands to 1) copy the data, 2) readback and compare. The download
2212 * state is unaffected. When all data has been written using
2213 * this function, call drvr_ramdl_disable() to end the download state
2214 * and restart the MAC.
2217 * hw device structure
2218 * daddr Card address to write to. (host order)
2219 * buf Ptr to data to write.
2220 * len Length of data (host order).
2224 * >0 f/w reported error - f/w status code
2225 * <0 driver reported error
2231 *----------------------------------------------------------------
2233 int hfa384x_drvr_ramdl_write(struct hfa384x
*hw
, u32 daddr
, void *buf
, u32 len
)
2244 /* Check that we're in the ram download state */
2245 if (hw
->dlstate
!= HFA384x_DLSTATE_RAMENABLED
)
2248 netdev_info(hw
->wlandev
->netdev
, "Writing %d bytes to ram @0x%06x\n",
2251 /* How many dowmem calls? */
2252 nwrites
= len
/ HFA384x_USB_RWMEM_MAXLEN
;
2253 nwrites
+= len
% HFA384x_USB_RWMEM_MAXLEN
? 1 : 0;
2255 /* Do blocking wmem's */
2256 for (i
= 0; i
< nwrites
; i
++) {
2257 /* make address args */
2258 curraddr
= daddr
+ (i
* HFA384x_USB_RWMEM_MAXLEN
);
2259 currpage
= HFA384x_ADDR_CMD_MKPAGE(curraddr
);
2260 curroffset
= HFA384x_ADDR_CMD_MKOFF(curraddr
);
2261 currlen
= len
- (i
* HFA384x_USB_RWMEM_MAXLEN
);
2262 if (currlen
> HFA384x_USB_RWMEM_MAXLEN
)
2263 currlen
= HFA384x_USB_RWMEM_MAXLEN
;
2265 /* Do blocking ctlx */
2266 result
= hfa384x_dowmem_wait(hw
,
2270 (i
* HFA384x_USB_RWMEM_MAXLEN
),
2276 /* TODO: We really should have a readback. */
2282 /*----------------------------------------------------------------
2283 * hfa384x_drvr_readpda
2285 * Performs the sequence to read the PDA space. Note there is no
2286 * drvr_writepda() function. Writing a PDA is
2287 * generally implemented by a calling component via calls to
2288 * cmd_download and writing to the flash download buffer via the
2292 * hw device structure
2293 * buf buffer to store PDA in
2298 * >0 f/w reported error - f/w status code
2299 * <0 driver reported error
2300 * -ETIMEDOUT timeout waiting for the cmd regs to become
2301 * available, or waiting for the control reg
2302 * to indicate the Aux port is enabled.
2303 * -ENODATA the buffer does NOT contain a valid PDA.
2304 * Either the card PDA is bad, or the auxdata
2305 * reads are giving us garbage.
2311 * process or non-card interrupt.
2312 *----------------------------------------------------------------
2314 int hfa384x_drvr_readpda(struct hfa384x
*hw
, void *buf
, unsigned int len
)
2320 int currpdr
= 0; /* word offset of the current pdr */
2322 u16 pdrlen
; /* pdr length in bytes, host order */
2323 u16 pdrcode
; /* pdr code, host order */
2331 HFA3842_PDA_BASE
, 0}, {
2332 HFA3841_PDA_BASE
, 0}, {
2333 HFA3841_PDA_BOGUS_BASE
, 0}
2336 /* Read the pda from each known address. */
2337 for (i
= 0; i
< ARRAY_SIZE(pdaloc
); i
++) {
2339 currpage
= HFA384x_ADDR_CMD_MKPAGE(pdaloc
[i
].cardaddr
);
2340 curroffset
= HFA384x_ADDR_CMD_MKOFF(pdaloc
[i
].cardaddr
);
2342 /* units of bytes */
2343 result
= hfa384x_dormem_wait(hw
, currpage
, curroffset
, buf
,
2347 netdev_warn(hw
->wlandev
->netdev
,
2348 "Read from index %zd failed, continuing\n",
2353 /* Test for garbage */
2354 pdaok
= 1; /* initially assume good */
2356 while (pdaok
&& morepdrs
) {
2357 pdrlen
= le16_to_cpu(pda
[currpdr
]) * 2;
2358 pdrcode
= le16_to_cpu(pda
[currpdr
+ 1]);
2359 /* Test the record length */
2360 if (pdrlen
> HFA384x_PDR_LEN_MAX
|| pdrlen
== 0) {
2361 netdev_err(hw
->wlandev
->netdev
,
2362 "pdrlen invalid=%d\n", pdrlen
);
2367 if (!hfa384x_isgood_pdrcode(pdrcode
)) {
2368 netdev_err(hw
->wlandev
->netdev
, "pdrcode invalid=%d\n",
2373 /* Test for completion */
2374 if (pdrcode
== HFA384x_PDR_END_OF_PDA
)
2377 /* Move to the next pdr (if necessary) */
2379 /* note the access to pda[], need words here */
2380 currpdr
+= le16_to_cpu(pda
[currpdr
]) + 1;
2384 netdev_info(hw
->wlandev
->netdev
,
2385 "PDA Read from 0x%08x in %s space.\n",
2387 pdaloc
[i
].auxctl
== 0 ? "EXTDS" :
2388 pdaloc
[i
].auxctl
== 1 ? "NV" :
2389 pdaloc
[i
].auxctl
== 2 ? "PHY" :
2390 pdaloc
[i
].auxctl
== 3 ? "ICSRAM" :
2395 result
= pdaok
? 0 : -ENODATA
;
2398 pr_debug("Failure: pda is not okay\n");
2403 /*----------------------------------------------------------------
2404 * hfa384x_drvr_setconfig
2406 * Performs the sequence necessary to write a config/info item.
2409 * hw device structure
2410 * rid config/info record id (in host order)
2411 * buf host side record buffer
2412 * len buffer length (in bytes)
2416 * >0 f/w reported error - f/w status code
2417 * <0 driver reported error
2423 *----------------------------------------------------------------
2425 int hfa384x_drvr_setconfig(struct hfa384x
*hw
, u16 rid
, void *buf
, u16 len
)
2427 return hfa384x_dowrid_wait(hw
, rid
, buf
, len
);
2430 /*----------------------------------------------------------------
2431 * hfa384x_drvr_start
2433 * Issues the MAC initialize command, sets up some data structures,
2434 * and enables the interrupts. After this function completes, the
2435 * low-level stuff should be ready for any/all commands.
2438 * hw device structure
2441 * >0 f/w reported error - f/w status code
2442 * <0 driver reported error
2448 *----------------------------------------------------------------
2450 int hfa384x_drvr_start(struct hfa384x
*hw
)
2452 int result
, result1
, result2
;
2457 /* Clear endpoint stalls - but only do this if the endpoint
2458 * is showing a stall status. Some prism2 cards seem to behave
2459 * badly if a clear_halt is called when the endpoint is already
2463 usb_get_status(hw
->usb
, USB_RECIP_ENDPOINT
, hw
->endp_in
, &status
);
2465 netdev_err(hw
->wlandev
->netdev
, "Cannot get bulk in endpoint status.\n");
2468 if ((status
== 1) && usb_clear_halt(hw
->usb
, hw
->endp_in
))
2469 netdev_err(hw
->wlandev
->netdev
, "Failed to reset bulk in endpoint.\n");
2472 usb_get_status(hw
->usb
, USB_RECIP_ENDPOINT
, hw
->endp_out
, &status
);
2474 netdev_err(hw
->wlandev
->netdev
, "Cannot get bulk out endpoint status.\n");
2477 if ((status
== 1) && usb_clear_halt(hw
->usb
, hw
->endp_out
))
2478 netdev_err(hw
->wlandev
->netdev
, "Failed to reset bulk out endpoint.\n");
2480 /* Synchronous unlink, in case we're trying to restart the driver */
2481 usb_kill_urb(&hw
->rx_urb
);
2483 /* Post the IN urb */
2484 result
= submit_rx_urb(hw
, GFP_KERNEL
);
2486 netdev_err(hw
->wlandev
->netdev
,
2487 "Fatal, failed to submit RX URB, result=%d\n",
2492 /* Call initialize twice, with a 1 second sleep in between.
2493 * This is a nasty work-around since many prism2 cards seem to
2494 * need time to settle after an init from cold. The second
2495 * call to initialize in theory is not necessary - but we call
2496 * it anyway as a double insurance policy:
2497 * 1) If the first init should fail, the second may well succeed
2498 * and the card can still be used
2499 * 2) It helps ensures all is well with the card after the first
2500 * init and settle time.
2502 result1
= hfa384x_cmd_initialize(hw
);
2504 result
= hfa384x_cmd_initialize(hw
);
2508 netdev_err(hw
->wlandev
->netdev
,
2509 "cmd_initialize() failed on two attempts, results %d and %d\n",
2511 usb_kill_urb(&hw
->rx_urb
);
2514 pr_debug("First cmd_initialize() failed (result %d),\n",
2516 pr_debug("but second attempt succeeded. All should be ok\n");
2518 } else if (result2
!= 0) {
2519 netdev_warn(hw
->wlandev
->netdev
, "First cmd_initialize() succeeded, but second attempt failed (result=%d)\n",
2521 netdev_warn(hw
->wlandev
->netdev
,
2522 "Most likely the card will be functional\n");
2526 hw
->state
= HFA384x_STATE_RUNNING
;
2532 /*----------------------------------------------------------------
2535 * Shuts down the MAC to the point where it is safe to unload the
2536 * driver. Any subsystem that may be holding a data or function
2537 * ptr into the driver must be cleared/deinitialized.
2540 * hw device structure
2543 * >0 f/w reported error - f/w status code
2544 * <0 driver reported error
2550 *----------------------------------------------------------------
2552 int hfa384x_drvr_stop(struct hfa384x
*hw
)
2558 /* There's no need for spinlocks here. The USB "disconnect"
2559 * function sets this "removed" flag and then calls us.
2561 if (!hw
->wlandev
->hwremoved
) {
2562 /* Call initialize to leave the MAC in its 'reset' state */
2563 hfa384x_cmd_initialize(hw
);
2565 /* Cancel the rxurb */
2566 usb_kill_urb(&hw
->rx_urb
);
2569 hw
->link_status
= HFA384x_LINK_NOTCONNECTED
;
2570 hw
->state
= HFA384x_STATE_INIT
;
2572 del_timer_sync(&hw
->commsqual_timer
);
2574 /* Clear all the port status */
2575 for (i
= 0; i
< HFA384x_NUMPORTS_MAX
; i
++)
2576 hw
->port_enabled
[i
] = 0;
2581 /*----------------------------------------------------------------
2582 * hfa384x_drvr_txframe
2584 * Takes a frame from prism2sta and queues it for transmission.
2587 * hw device structure
2588 * skb packet buffer struct. Contains an 802.11
2590 * p80211_hdr points to the 802.11 header for the packet.
2592 * 0 Success and more buffs available
2593 * 1 Success but no more buffs
2594 * 2 Allocation failure
2595 * 4 Buffer full or queue busy
2601 *----------------------------------------------------------------
2603 int hfa384x_drvr_txframe(struct hfa384x
*hw
, struct sk_buff
*skb
,
2604 union p80211_hdr
*p80211_hdr
,
2605 struct p80211_metawep
*p80211_wep
)
2607 int usbpktlen
= sizeof(struct hfa384x_tx_frame
);
2612 if (hw
->tx_urb
.status
== -EINPROGRESS
) {
2613 netdev_warn(hw
->wlandev
->netdev
, "TX URB already in use\n");
2618 /* Build Tx frame structure */
2619 /* Set up the control field */
2620 memset(&hw
->txbuff
.txfrm
.desc
, 0, sizeof(hw
->txbuff
.txfrm
.desc
));
2622 /* Setup the usb type field */
2623 hw
->txbuff
.type
= cpu_to_le16(HFA384x_USB_TXFRM
);
2625 /* Set up the sw_support field to identify this frame */
2626 hw
->txbuff
.txfrm
.desc
.sw_support
= 0x0123;
2628 /* Tx complete and Tx exception disable per dleach. Might be causing
2631 /* #define DOEXC SLP -- doboth breaks horribly under load, doexc less so. */
2633 hw
->txbuff
.txfrm
.desc
.tx_control
=
2634 HFA384x_TX_MACPORT_SET(0) | HFA384x_TX_STRUCTYPE_SET(1) |
2635 HFA384x_TX_TXEX_SET(1) | HFA384x_TX_TXOK_SET(1);
2636 #elif defined(DOEXC)
2637 hw
->txbuff
.txfrm
.desc
.tx_control
=
2638 HFA384x_TX_MACPORT_SET(0) | HFA384x_TX_STRUCTYPE_SET(1) |
2639 HFA384x_TX_TXEX_SET(1) | HFA384x_TX_TXOK_SET(0);
2641 hw
->txbuff
.txfrm
.desc
.tx_control
=
2642 HFA384x_TX_MACPORT_SET(0) | HFA384x_TX_STRUCTYPE_SET(1) |
2643 HFA384x_TX_TXEX_SET(0) | HFA384x_TX_TXOK_SET(0);
2645 cpu_to_le16s(&hw
->txbuff
.txfrm
.desc
.tx_control
);
2647 /* copy the header over to the txdesc */
2648 memcpy(&hw
->txbuff
.txfrm
.desc
.frame_control
, p80211_hdr
,
2649 sizeof(union p80211_hdr
));
2651 /* if we're using host WEP, increase size by IV+ICV */
2652 if (p80211_wep
->data
) {
2653 hw
->txbuff
.txfrm
.desc
.data_len
= cpu_to_le16(skb
->len
+ 8);
2656 hw
->txbuff
.txfrm
.desc
.data_len
= cpu_to_le16(skb
->len
);
2659 usbpktlen
+= skb
->len
;
2661 /* copy over the WEP IV if we are using host WEP */
2662 ptr
= hw
->txbuff
.txfrm
.data
;
2663 if (p80211_wep
->data
) {
2664 memcpy(ptr
, p80211_wep
->iv
, sizeof(p80211_wep
->iv
));
2665 ptr
+= sizeof(p80211_wep
->iv
);
2666 memcpy(ptr
, p80211_wep
->data
, skb
->len
);
2668 memcpy(ptr
, skb
->data
, skb
->len
);
2670 /* copy over the packet data */
2673 /* copy over the WEP ICV if we are using host WEP */
2674 if (p80211_wep
->data
)
2675 memcpy(ptr
, p80211_wep
->icv
, sizeof(p80211_wep
->icv
));
2677 /* Send the USB packet */
2678 usb_fill_bulk_urb(&hw
->tx_urb
, hw
->usb
,
2680 &hw
->txbuff
, ROUNDUP64(usbpktlen
),
2681 hfa384x_usbout_callback
, hw
->wlandev
);
2682 hw
->tx_urb
.transfer_flags
|= USB_QUEUE_BULK
;
2685 ret
= submit_tx_urb(hw
, &hw
->tx_urb
, GFP_ATOMIC
);
2687 netdev_err(hw
->wlandev
->netdev
,
2688 "submit_tx_urb() failed, error=%d\n", ret
);
2696 void hfa384x_tx_timeout(struct wlandevice
*wlandev
)
2698 struct hfa384x
*hw
= wlandev
->priv
;
2699 unsigned long flags
;
2701 spin_lock_irqsave(&hw
->ctlxq
.lock
, flags
);
2703 if (!hw
->wlandev
->hwremoved
) {
2706 sched
= !test_and_set_bit(WORK_TX_HALT
, &hw
->usb_flags
);
2707 sched
|= !test_and_set_bit(WORK_RX_HALT
, &hw
->usb_flags
);
2709 schedule_work(&hw
->usb_work
);
2712 spin_unlock_irqrestore(&hw
->ctlxq
.lock
, flags
);
2715 /*----------------------------------------------------------------
2716 * hfa384x_usbctlx_reaper_task
2718 * Tasklet to delete dead CTLX objects
2721 * data ptr to a struct hfa384x
2727 *----------------------------------------------------------------
2729 static void hfa384x_usbctlx_reaper_task(unsigned long data
)
2731 struct hfa384x
*hw
= (struct hfa384x
*)data
;
2732 struct hfa384x_usbctlx
*ctlx
, *temp
;
2733 unsigned long flags
;
2735 spin_lock_irqsave(&hw
->ctlxq
.lock
, flags
);
2737 /* This list is guaranteed to be empty if someone
2738 * has unplugged the adapter.
2740 list_for_each_entry_safe(ctlx
, temp
, &hw
->ctlxq
.reapable
, list
) {
2741 list_del(&ctlx
->list
);
2745 spin_unlock_irqrestore(&hw
->ctlxq
.lock
, flags
);
2748 /*----------------------------------------------------------------
2749 * hfa384x_usbctlx_completion_task
2751 * Tasklet to call completion handlers for returned CTLXs
2754 * data ptr to struct hfa384x
2761 *----------------------------------------------------------------
2763 static void hfa384x_usbctlx_completion_task(unsigned long data
)
2765 struct hfa384x
*hw
= (struct hfa384x
*)data
;
2766 struct hfa384x_usbctlx
*ctlx
, *temp
;
2767 unsigned long flags
;
2771 spin_lock_irqsave(&hw
->ctlxq
.lock
, flags
);
2773 /* This list is guaranteed to be empty if someone
2774 * has unplugged the adapter ...
2776 list_for_each_entry_safe(ctlx
, temp
, &hw
->ctlxq
.completing
, list
) {
2777 /* Call the completion function that this
2778 * command was assigned, assuming it has one.
2781 spin_unlock_irqrestore(&hw
->ctlxq
.lock
, flags
);
2782 ctlx
->cmdcb(hw
, ctlx
);
2783 spin_lock_irqsave(&hw
->ctlxq
.lock
, flags
);
2785 /* Make sure we don't try and complete
2786 * this CTLX more than once!
2790 /* Did someone yank the adapter out
2791 * while our list was (briefly) unlocked?
2793 if (hw
->wlandev
->hwremoved
) {
2800 * "Reapable" CTLXs are ones which don't have any
2801 * threads waiting for them to die. Hence they must
2802 * be delivered to The Reaper!
2804 if (ctlx
->reapable
) {
2805 /* Move the CTLX off the "completing" list (hopefully)
2806 * on to the "reapable" list where the reaper task
2807 * can find it. And "reapable" means that this CTLX
2808 * isn't sitting on a wait-queue somewhere.
2810 list_move_tail(&ctlx
->list
, &hw
->ctlxq
.reapable
);
2814 complete(&ctlx
->done
);
2816 spin_unlock_irqrestore(&hw
->ctlxq
.lock
, flags
);
2819 tasklet_schedule(&hw
->reaper_bh
);
2822 /*----------------------------------------------------------------
2823 * unlocked_usbctlx_cancel_async
2825 * Mark the CTLX dead asynchronously, and ensure that the
2826 * next command on the queue is run afterwards.
2829 * hw ptr to the struct hfa384x structure
2830 * ctlx ptr to a CTLX structure
2833 * 0 the CTLX's URB is inactive
2834 * -EINPROGRESS the URB is currently being unlinked
2837 * Either process or interrupt, but presumably interrupt
2838 *----------------------------------------------------------------
2840 static int unlocked_usbctlx_cancel_async(struct hfa384x
*hw
,
2841 struct hfa384x_usbctlx
*ctlx
)
2846 * Try to delete the URB containing our request packet.
2847 * If we succeed, then its completion handler will be
2848 * called with a status of -ECONNRESET.
2850 hw
->ctlx_urb
.transfer_flags
|= URB_ASYNC_UNLINK
;
2851 ret
= usb_unlink_urb(&hw
->ctlx_urb
);
2853 if (ret
!= -EINPROGRESS
) {
2855 * The OUT URB had either already completed
2856 * or was still in the pending queue, so the
2857 * URB's completion function will not be called.
2858 * We will have to complete the CTLX ourselves.
2860 ctlx
->state
= CTLX_REQ_FAILED
;
2861 unlocked_usbctlx_complete(hw
, ctlx
);
2868 /*----------------------------------------------------------------
2869 * unlocked_usbctlx_complete
2871 * A CTLX has completed. It may have been successful, it may not
2872 * have been. At this point, the CTLX should be quiescent. The URBs
2873 * aren't active and the timers should have been stopped.
2875 * The CTLX is migrated to the "completing" queue, and the completing
2876 * tasklet is scheduled.
2879 * hw ptr to a struct hfa384x structure
2880 * ctlx ptr to a ctlx structure
2888 * Either, assume interrupt
2889 *----------------------------------------------------------------
2891 static void unlocked_usbctlx_complete(struct hfa384x
*hw
,
2892 struct hfa384x_usbctlx
*ctlx
)
2894 /* Timers have been stopped, and ctlx should be in
2895 * a terminal state. Retire it from the "active"
2898 list_move_tail(&ctlx
->list
, &hw
->ctlxq
.completing
);
2899 tasklet_schedule(&hw
->completion_bh
);
2901 switch (ctlx
->state
) {
2903 case CTLX_REQ_FAILED
:
2904 /* This are the correct terminating states. */
2908 netdev_err(hw
->wlandev
->netdev
, "CTLX[%d] not in a terminating state(%s)\n",
2909 le16_to_cpu(ctlx
->outbuf
.type
),
2910 ctlxstr(ctlx
->state
));
2915 /*----------------------------------------------------------------
2916 * hfa384x_usbctlxq_run
2918 * Checks to see if the head item is running. If not, starts it.
2921 * hw ptr to struct hfa384x
2930 *----------------------------------------------------------------
2932 static void hfa384x_usbctlxq_run(struct hfa384x
*hw
)
2934 unsigned long flags
;
2937 spin_lock_irqsave(&hw
->ctlxq
.lock
, flags
);
2939 /* Only one active CTLX at any one time, because there's no
2940 * other (reliable) way to match the response URB to the
2943 * Don't touch any of these CTLXs if the hardware
2944 * has been removed or the USB subsystem is stalled.
2946 if (!list_empty(&hw
->ctlxq
.active
) ||
2947 test_bit(WORK_TX_HALT
, &hw
->usb_flags
) || hw
->wlandev
->hwremoved
)
2950 while (!list_empty(&hw
->ctlxq
.pending
)) {
2951 struct hfa384x_usbctlx
*head
;
2954 /* This is the first pending command */
2955 head
= list_entry(hw
->ctlxq
.pending
.next
,
2956 struct hfa384x_usbctlx
, list
);
2958 /* We need to split this off to avoid a race condition */
2959 list_move_tail(&head
->list
, &hw
->ctlxq
.active
);
2961 /* Fill the out packet */
2962 usb_fill_bulk_urb(&hw
->ctlx_urb
, hw
->usb
,
2964 &head
->outbuf
, ROUNDUP64(head
->outbufsize
),
2965 hfa384x_ctlxout_callback
, hw
);
2966 hw
->ctlx_urb
.transfer_flags
|= USB_QUEUE_BULK
;
2968 /* Now submit the URB and update the CTLX's state */
2969 result
= usb_submit_urb(&hw
->ctlx_urb
, GFP_ATOMIC
);
2971 /* This CTLX is now running on the active queue */
2972 head
->state
= CTLX_REQ_SUBMITTED
;
2974 /* Start the OUT wait timer */
2975 hw
->req_timer_done
= 0;
2976 hw
->reqtimer
.expires
= jiffies
+ HZ
;
2977 add_timer(&hw
->reqtimer
);
2979 /* Start the IN wait timer */
2980 hw
->resp_timer_done
= 0;
2981 hw
->resptimer
.expires
= jiffies
+ 2 * HZ
;
2982 add_timer(&hw
->resptimer
);
2987 if (result
== -EPIPE
) {
2988 /* The OUT pipe needs resetting, so put
2989 * this CTLX back in the "pending" queue
2990 * and schedule a reset ...
2992 netdev_warn(hw
->wlandev
->netdev
,
2993 "%s tx pipe stalled: requesting reset\n",
2994 hw
->wlandev
->netdev
->name
);
2995 list_move(&head
->list
, &hw
->ctlxq
.pending
);
2996 set_bit(WORK_TX_HALT
, &hw
->usb_flags
);
2997 schedule_work(&hw
->usb_work
);
3001 if (result
== -ESHUTDOWN
) {
3002 netdev_warn(hw
->wlandev
->netdev
, "%s urb shutdown!\n",
3003 hw
->wlandev
->netdev
->name
);
3007 netdev_err(hw
->wlandev
->netdev
, "Failed to submit CTLX[%d]: error=%d\n",
3008 le16_to_cpu(head
->outbuf
.type
), result
);
3009 unlocked_usbctlx_complete(hw
, head
);
3013 spin_unlock_irqrestore(&hw
->ctlxq
.lock
, flags
);
3016 /*----------------------------------------------------------------
3017 * hfa384x_usbin_callback
3019 * Callback for URBs on the BULKIN endpoint.
3022 * urb ptr to the completed urb
3031 *----------------------------------------------------------------
3033 static void hfa384x_usbin_callback(struct urb
*urb
)
3035 struct wlandevice
*wlandev
= urb
->context
;
3037 union hfa384x_usbin
*usbin
;
3038 struct sk_buff
*skb
= NULL
;
3049 if (!wlandev
|| !wlandev
->netdev
|| wlandev
->hwremoved
)
3056 skb
= hw
->rx_urb_skb
;
3057 if (!skb
|| (skb
->data
!= urb
->transfer_buffer
)) {
3062 hw
->rx_urb_skb
= NULL
;
3064 /* Check for error conditions within the URB */
3065 switch (urb
->status
) {
3069 /* Check for short packet */
3070 if (urb
->actual_length
== 0) {
3071 wlandev
->netdev
->stats
.rx_errors
++;
3072 wlandev
->netdev
->stats
.rx_length_errors
++;
3078 netdev_warn(hw
->wlandev
->netdev
, "%s rx pipe stalled: requesting reset\n",
3079 wlandev
->netdev
->name
);
3080 if (!test_and_set_bit(WORK_RX_HALT
, &hw
->usb_flags
))
3081 schedule_work(&hw
->usb_work
);
3082 wlandev
->netdev
->stats
.rx_errors
++;
3089 if (!test_and_set_bit(THROTTLE_RX
, &hw
->usb_flags
) &&
3090 !timer_pending(&hw
->throttle
)) {
3091 mod_timer(&hw
->throttle
, jiffies
+ THROTTLE_JIFFIES
);
3093 wlandev
->netdev
->stats
.rx_errors
++;
3098 wlandev
->netdev
->stats
.rx_over_errors
++;
3104 pr_debug("status=%d, device removed.\n", urb
->status
);
3110 pr_debug("status=%d, urb explicitly unlinked.\n", urb
->status
);
3115 pr_debug("urb status=%d, transfer flags=0x%x\n",
3116 urb
->status
, urb
->transfer_flags
);
3117 wlandev
->netdev
->stats
.rx_errors
++;
3122 /* Save values from the RX URB before reposting overwrites it. */
3123 urb_status
= urb
->status
;
3124 usbin
= (union hfa384x_usbin
*)urb
->transfer_buffer
;
3126 if (action
!= ABORT
) {
3127 /* Repost the RX URB */
3128 result
= submit_rx_urb(hw
, GFP_ATOMIC
);
3131 netdev_err(hw
->wlandev
->netdev
,
3132 "Fatal, failed to resubmit rx_urb. error=%d\n",
3137 /* Handle any USB-IN packet */
3138 /* Note: the check of the sw_support field, the type field doesn't
3139 * have bit 12 set like the docs suggest.
3141 type
= le16_to_cpu(usbin
->type
);
3142 if (HFA384x_USB_ISRXFRM(type
)) {
3143 if (action
== HANDLE
) {
3144 if (usbin
->txfrm
.desc
.sw_support
== 0x0123) {
3145 hfa384x_usbin_txcompl(wlandev
, usbin
);
3147 skb_put(skb
, sizeof(*usbin
));
3148 hfa384x_usbin_rx(wlandev
, skb
);
3154 if (HFA384x_USB_ISTXFRM(type
)) {
3155 if (action
== HANDLE
)
3156 hfa384x_usbin_txcompl(wlandev
, usbin
);
3160 case HFA384x_USB_INFOFRM
:
3161 if (action
== ABORT
)
3163 if (action
== HANDLE
)
3164 hfa384x_usbin_info(wlandev
, usbin
);
3167 case HFA384x_USB_CMDRESP
:
3168 case HFA384x_USB_WRIDRESP
:
3169 case HFA384x_USB_RRIDRESP
:
3170 case HFA384x_USB_WMEMRESP
:
3171 case HFA384x_USB_RMEMRESP
:
3172 /* ALWAYS, ALWAYS, ALWAYS handle this CTLX!!!! */
3173 hfa384x_usbin_ctlx(hw
, usbin
, urb_status
);
3176 case HFA384x_USB_BUFAVAIL
:
3177 pr_debug("Received BUFAVAIL packet, frmlen=%d\n",
3178 usbin
->bufavail
.frmlen
);
3181 case HFA384x_USB_ERROR
:
3182 pr_debug("Received USB_ERROR packet, errortype=%d\n",
3183 usbin
->usberror
.errortype
);
3187 pr_debug("Unrecognized USBIN packet, type=%x, status=%d\n",
3188 usbin
->type
, urb_status
);
3198 /*----------------------------------------------------------------
3199 * hfa384x_usbin_ctlx
3201 * We've received a URB containing a Prism2 "response" message.
3202 * This message needs to be matched up with a CTLX on the active
3203 * queue and our state updated accordingly.
3206 * hw ptr to struct hfa384x
3207 * usbin ptr to USB IN packet
3208 * urb_status status of this Bulk-In URB
3217 *----------------------------------------------------------------
3219 static void hfa384x_usbin_ctlx(struct hfa384x
*hw
, union hfa384x_usbin
*usbin
,
3222 struct hfa384x_usbctlx
*ctlx
;
3224 unsigned long flags
;
3227 spin_lock_irqsave(&hw
->ctlxq
.lock
, flags
);
3229 /* There can be only one CTLX on the active queue
3230 * at any one time, and this is the CTLX that the
3231 * timers are waiting for.
3233 if (list_empty(&hw
->ctlxq
.active
))
3236 /* Remove the "response timeout". It's possible that
3237 * we are already too late, and that the timeout is
3238 * already running. And that's just too bad for us,
3239 * because we could lose our CTLX from the active
3242 if (del_timer(&hw
->resptimer
) == 0) {
3243 if (hw
->resp_timer_done
== 0) {
3244 spin_unlock_irqrestore(&hw
->ctlxq
.lock
, flags
);
3248 hw
->resp_timer_done
= 1;
3251 ctlx
= get_active_ctlx(hw
);
3253 if (urb_status
!= 0) {
3255 * Bad CTLX, so get rid of it. But we only
3256 * remove it from the active queue if we're no
3257 * longer expecting the OUT URB to complete.
3259 if (unlocked_usbctlx_cancel_async(hw
, ctlx
) == 0)
3262 const __le16 intype
= (usbin
->type
& ~cpu_to_le16(0x8000));
3265 * Check that our message is what we're expecting ...
3267 if (ctlx
->outbuf
.type
!= intype
) {
3268 netdev_warn(hw
->wlandev
->netdev
,
3269 "Expected IN[%d], received IN[%d] - ignored.\n",
3270 le16_to_cpu(ctlx
->outbuf
.type
),
3271 le16_to_cpu(intype
));
3275 /* This URB has succeeded, so grab the data ... */
3276 memcpy(&ctlx
->inbuf
, usbin
, sizeof(ctlx
->inbuf
));
3278 switch (ctlx
->state
) {
3279 case CTLX_REQ_SUBMITTED
:
3281 * We have received our response URB before
3282 * our request has been acknowledged. Odd,
3283 * but our OUT URB is still alive...
3285 pr_debug("Causality violation: please reboot Universe\n");
3286 ctlx
->state
= CTLX_RESP_COMPLETE
;
3289 case CTLX_REQ_COMPLETE
:
3291 * This is the usual path: our request
3292 * has already been acknowledged, and
3293 * now we have received the reply too.
3295 ctlx
->state
= CTLX_COMPLETE
;
3296 unlocked_usbctlx_complete(hw
, ctlx
);
3302 * Throw this CTLX away ...
3304 netdev_err(hw
->wlandev
->netdev
,
3305 "Matched IN URB, CTLX[%d] in invalid state(%s). Discarded.\n",
3306 le16_to_cpu(ctlx
->outbuf
.type
),
3307 ctlxstr(ctlx
->state
));
3308 if (unlocked_usbctlx_cancel_async(hw
, ctlx
) == 0)
3315 spin_unlock_irqrestore(&hw
->ctlxq
.lock
, flags
);
3318 hfa384x_usbctlxq_run(hw
);
3321 /*----------------------------------------------------------------
3322 * hfa384x_usbin_txcompl
3324 * At this point we have the results of a previous transmit.
3327 * wlandev wlan device
3328 * usbin ptr to the usb transfer buffer
3337 *----------------------------------------------------------------
3339 static void hfa384x_usbin_txcompl(struct wlandevice
*wlandev
,
3340 union hfa384x_usbin
*usbin
)
3344 status
= le16_to_cpu(usbin
->type
); /* yeah I know it says type... */
3346 /* Was there an error? */
3347 if (HFA384x_TXSTATUS_ISERROR(status
))
3348 prism2sta_ev_txexc(wlandev
, status
);
3350 prism2sta_ev_tx(wlandev
, status
);
3353 /*----------------------------------------------------------------
3356 * At this point we have a successful received a rx frame packet.
3359 * wlandev wlan device
3360 * usbin ptr to the usb transfer buffer
3369 *----------------------------------------------------------------
3371 static void hfa384x_usbin_rx(struct wlandevice
*wlandev
, struct sk_buff
*skb
)
3373 union hfa384x_usbin
*usbin
= (union hfa384x_usbin
*)skb
->data
;
3374 struct hfa384x
*hw
= wlandev
->priv
;
3376 struct p80211_rxmeta
*rxmeta
;
3380 /* Byte order convert once up front. */
3381 le16_to_cpus(&usbin
->rxfrm
.desc
.status
);
3382 le32_to_cpus(&usbin
->rxfrm
.desc
.time
);
3384 /* Now handle frame based on port# */
3385 switch (HFA384x_RXSTATUS_MACPORT_GET(usbin
->rxfrm
.desc
.status
)) {
3387 fc
= le16_to_cpu(usbin
->rxfrm
.desc
.frame_control
);
3389 /* If exclude and we receive an unencrypted, drop it */
3390 if ((wlandev
->hostwep
& HOSTWEP_EXCLUDEUNENCRYPTED
) &&
3391 !WLAN_GET_FC_ISWEP(fc
)) {
3395 data_len
= le16_to_cpu(usbin
->rxfrm
.desc
.data_len
);
3397 /* How much header data do we have? */
3398 hdrlen
= p80211_headerlen(fc
);
3400 /* Pull off the descriptor */
3401 skb_pull(skb
, sizeof(struct hfa384x_rx_frame
));
3403 /* Now shunt the header block up against the data block
3404 * with an "overlapping" copy
3406 memmove(skb_push(skb
, hdrlen
),
3407 &usbin
->rxfrm
.desc
.frame_control
, hdrlen
);
3409 skb
->dev
= wlandev
->netdev
;
3411 /* And set the frame length properly */
3412 skb_trim(skb
, data_len
+ hdrlen
);
3414 /* The prism2 series does not return the CRC */
3415 memset(skb_put(skb
, WLAN_CRC_LEN
), 0xff, WLAN_CRC_LEN
);
3417 skb_reset_mac_header(skb
);
3419 /* Attach the rxmeta, set some stuff */
3420 p80211skb_rxmeta_attach(wlandev
, skb
);
3421 rxmeta
= P80211SKB_RXMETA(skb
);
3422 rxmeta
->mactime
= usbin
->rxfrm
.desc
.time
;
3423 rxmeta
->rxrate
= usbin
->rxfrm
.desc
.rate
;
3424 rxmeta
->signal
= usbin
->rxfrm
.desc
.signal
- hw
->dbmadjust
;
3425 rxmeta
->noise
= usbin
->rxfrm
.desc
.silence
- hw
->dbmadjust
;
3427 p80211netdev_rx(wlandev
, skb
);
3432 if (!HFA384x_RXSTATUS_ISFCSERR(usbin
->rxfrm
.desc
.status
)) {
3433 /* Copy to wlansnif skb */
3434 hfa384x_int_rxmonitor(wlandev
, &usbin
->rxfrm
);
3437 pr_debug("Received monitor frame: FCSerr set\n");
3442 netdev_warn(hw
->wlandev
->netdev
, "Received frame on unsupported port=%d\n",
3443 HFA384x_RXSTATUS_MACPORT_GET(
3444 usbin
->rxfrm
.desc
.status
));
3449 /*----------------------------------------------------------------
3450 * hfa384x_int_rxmonitor
3452 * Helper function for int_rx. Handles monitor frames.
3453 * Note that this function allocates space for the FCS and sets it
3454 * to 0xffffffff. The hfa384x doesn't give us the FCS value but the
3455 * higher layers expect it. 0xffffffff is used as a flag to indicate
3459 * wlandev wlan device structure
3460 * rxfrm rx descriptor read from card in int_rx
3466 * Allocates an skb and passes it up via the PF_PACKET interface.
3469 *----------------------------------------------------------------
3471 static void hfa384x_int_rxmonitor(struct wlandevice
*wlandev
,
3472 struct hfa384x_usb_rxfrm
*rxfrm
)
3474 struct hfa384x_rx_frame
*rxdesc
= &rxfrm
->desc
;
3475 unsigned int hdrlen
= 0;
3476 unsigned int datalen
= 0;
3477 unsigned int skblen
= 0;
3480 struct sk_buff
*skb
;
3481 struct hfa384x
*hw
= wlandev
->priv
;
3483 /* Remember the status, time, and data_len fields are in host order */
3484 /* Figure out how big the frame is */
3485 fc
= le16_to_cpu(rxdesc
->frame_control
);
3486 hdrlen
= p80211_headerlen(fc
);
3487 datalen
= le16_to_cpu(rxdesc
->data_len
);
3489 /* Allocate an ind message+framesize skb */
3490 skblen
= sizeof(struct p80211_caphdr
) + hdrlen
+ datalen
+ WLAN_CRC_LEN
;
3492 /* sanity check the length */
3494 (sizeof(struct p80211_caphdr
) +
3495 WLAN_HDR_A4_LEN
+ WLAN_DATA_MAXLEN
+ WLAN_CRC_LEN
)) {
3496 pr_debug("overlen frm: len=%zd\n",
3497 skblen
- sizeof(struct p80211_caphdr
));
3502 skb
= dev_alloc_skb(skblen
);
3506 /* only prepend the prism header if in the right mode */
3507 if ((wlandev
->netdev
->type
== ARPHRD_IEEE80211_PRISM
) &&
3508 (hw
->sniffhdr
!= 0)) {
3509 struct p80211_caphdr
*caphdr
;
3510 /* The NEW header format! */
3511 datap
= skb_put(skb
, sizeof(struct p80211_caphdr
));
3512 caphdr
= (struct p80211_caphdr
*)datap
;
3514 caphdr
->version
= htonl(P80211CAPTURE_VERSION
);
3515 caphdr
->length
= htonl(sizeof(struct p80211_caphdr
));
3516 caphdr
->mactime
= __cpu_to_be64(rxdesc
->time
* 1000);
3517 caphdr
->hosttime
= __cpu_to_be64(jiffies
);
3518 caphdr
->phytype
= htonl(4); /* dss_dot11_b */
3519 caphdr
->channel
= htonl(hw
->sniff_channel
);
3520 caphdr
->datarate
= htonl(rxdesc
->rate
);
3521 caphdr
->antenna
= htonl(0); /* unknown */
3522 caphdr
->priority
= htonl(0); /* unknown */
3523 caphdr
->ssi_type
= htonl(3); /* rssi_raw */
3524 caphdr
->ssi_signal
= htonl(rxdesc
->signal
);
3525 caphdr
->ssi_noise
= htonl(rxdesc
->silence
);
3526 caphdr
->preamble
= htonl(0); /* unknown */
3527 caphdr
->encoding
= htonl(1); /* cck */
3530 /* Copy the 802.11 header to the skb
3531 * (ctl frames may be less than a full header)
3533 skb_put_data(skb
, &rxdesc
->frame_control
, hdrlen
);
3535 /* If any, copy the data from the card to the skb */
3537 datap
= skb_put_data(skb
, rxfrm
->data
, datalen
);
3539 /* check for unencrypted stuff if WEP bit set. */
3540 if (*(datap
- hdrlen
+ 1) & 0x40) /* wep set */
3541 if ((*(datap
) == 0xaa) && (*(datap
+ 1) == 0xaa))
3542 /* clear wep; it's the 802.2 header! */
3543 *(datap
- hdrlen
+ 1) &= 0xbf;
3546 if (hw
->sniff_fcs
) {
3548 datap
= skb_put(skb
, WLAN_CRC_LEN
);
3549 memset(datap
, 0xff, WLAN_CRC_LEN
);
3552 /* pass it back up */
3553 p80211netdev_rx(wlandev
, skb
);
3556 /*----------------------------------------------------------------
3557 * hfa384x_usbin_info
3559 * At this point we have a successful received a Prism2 info frame.
3562 * wlandev wlan device
3563 * usbin ptr to the usb transfer buffer
3572 *----------------------------------------------------------------
3574 static void hfa384x_usbin_info(struct wlandevice
*wlandev
,
3575 union hfa384x_usbin
*usbin
)
3577 le16_to_cpus(&usbin
->infofrm
.info
.framelen
);
3578 prism2sta_ev_info(wlandev
, &usbin
->infofrm
.info
);
3581 /*----------------------------------------------------------------
3582 * hfa384x_usbout_callback
3584 * Callback for URBs on the BULKOUT endpoint.
3587 * urb ptr to the completed urb
3596 *----------------------------------------------------------------
3598 static void hfa384x_usbout_callback(struct urb
*urb
)
3600 struct wlandevice
*wlandev
= urb
->context
;
3606 if (wlandev
&& wlandev
->netdev
) {
3607 switch (urb
->status
) {
3609 prism2sta_ev_alloc(wlandev
);
3614 struct hfa384x
*hw
= wlandev
->priv
;
3616 netdev_warn(hw
->wlandev
->netdev
,
3617 "%s tx pipe stalled: requesting reset\n",
3618 wlandev
->netdev
->name
);
3619 if (!test_and_set_bit
3620 (WORK_TX_HALT
, &hw
->usb_flags
))
3621 schedule_work(&hw
->usb_work
);
3622 wlandev
->netdev
->stats
.tx_errors
++;
3630 struct hfa384x
*hw
= wlandev
->priv
;
3632 if (!test_and_set_bit
3633 (THROTTLE_TX
, &hw
->usb_flags
) &&
3634 !timer_pending(&hw
->throttle
)) {
3635 mod_timer(&hw
->throttle
,
3636 jiffies
+ THROTTLE_JIFFIES
);
3638 wlandev
->netdev
->stats
.tx_errors
++;
3639 netif_stop_queue(wlandev
->netdev
);
3645 /* Ignorable errors */
3649 netdev_info(wlandev
->netdev
, "unknown urb->status=%d\n",
3651 wlandev
->netdev
->stats
.tx_errors
++;
3657 /*----------------------------------------------------------------
3658 * hfa384x_ctlxout_callback
3660 * Callback for control data on the BULKOUT endpoint.
3663 * urb ptr to the completed urb
3672 *----------------------------------------------------------------
3674 static void hfa384x_ctlxout_callback(struct urb
*urb
)
3676 struct hfa384x
*hw
= urb
->context
;
3677 int delete_resptimer
= 0;
3680 struct hfa384x_usbctlx
*ctlx
;
3681 unsigned long flags
;
3683 pr_debug("urb->status=%d\n", urb
->status
);
3687 if ((urb
->status
== -ESHUTDOWN
) ||
3688 (urb
->status
== -ENODEV
) || !hw
)
3692 spin_lock_irqsave(&hw
->ctlxq
.lock
, flags
);
3695 * Only one CTLX at a time on the "active" list, and
3696 * none at all if we are unplugged. However, we can
3697 * rely on the disconnect function to clean everything
3698 * up if someone unplugged the adapter.
3700 if (list_empty(&hw
->ctlxq
.active
)) {
3701 spin_unlock_irqrestore(&hw
->ctlxq
.lock
, flags
);
3706 * Having something on the "active" queue means
3707 * that we have timers to worry about ...
3709 if (del_timer(&hw
->reqtimer
) == 0) {
3710 if (hw
->req_timer_done
== 0) {
3712 * This timer was actually running while we
3713 * were trying to delete it. Let it terminate
3714 * gracefully instead.
3716 spin_unlock_irqrestore(&hw
->ctlxq
.lock
, flags
);
3720 hw
->req_timer_done
= 1;
3723 ctlx
= get_active_ctlx(hw
);
3725 if (urb
->status
== 0) {
3726 /* Request portion of a CTLX is successful */
3727 switch (ctlx
->state
) {
3728 case CTLX_REQ_SUBMITTED
:
3729 /* This OUT-ACK received before IN */
3730 ctlx
->state
= CTLX_REQ_COMPLETE
;
3733 case CTLX_RESP_COMPLETE
:
3734 /* IN already received before this OUT-ACK,
3735 * so this command must now be complete.
3737 ctlx
->state
= CTLX_COMPLETE
;
3738 unlocked_usbctlx_complete(hw
, ctlx
);
3743 /* This is NOT a valid CTLX "success" state! */
3744 netdev_err(hw
->wlandev
->netdev
,
3745 "Illegal CTLX[%d] success state(%s, %d) in OUT URB\n",
3746 le16_to_cpu(ctlx
->outbuf
.type
),
3747 ctlxstr(ctlx
->state
), urb
->status
);
3751 /* If the pipe has stalled then we need to reset it */
3752 if ((urb
->status
== -EPIPE
) &&
3753 !test_and_set_bit(WORK_TX_HALT
, &hw
->usb_flags
)) {
3754 netdev_warn(hw
->wlandev
->netdev
,
3755 "%s tx pipe stalled: requesting reset\n",
3756 hw
->wlandev
->netdev
->name
);
3757 schedule_work(&hw
->usb_work
);
3760 /* If someone cancels the OUT URB then its status
3761 * should be either -ECONNRESET or -ENOENT.
3763 ctlx
->state
= CTLX_REQ_FAILED
;
3764 unlocked_usbctlx_complete(hw
, ctlx
);
3765 delete_resptimer
= 1;
3770 if (delete_resptimer
) {
3771 timer_ok
= del_timer(&hw
->resptimer
);
3773 hw
->resp_timer_done
= 1;
3776 spin_unlock_irqrestore(&hw
->ctlxq
.lock
, flags
);
3778 if (!timer_ok
&& (hw
->resp_timer_done
== 0)) {
3779 spin_lock_irqsave(&hw
->ctlxq
.lock
, flags
);
3784 hfa384x_usbctlxq_run(hw
);
3787 /*----------------------------------------------------------------
3788 * hfa384x_usbctlx_reqtimerfn
3790 * Timer response function for CTLX request timeouts. If this
3791 * function is called, it means that the callback for the OUT
3792 * URB containing a Prism2.x XXX_Request was never called.
3795 * data a ptr to the struct hfa384x
3804 *----------------------------------------------------------------
3806 static void hfa384x_usbctlx_reqtimerfn(unsigned long data
)
3808 struct hfa384x
*hw
= (struct hfa384x
*)data
;
3809 unsigned long flags
;
3811 spin_lock_irqsave(&hw
->ctlxq
.lock
, flags
);
3813 hw
->req_timer_done
= 1;
3815 /* Removing the hardware automatically empties
3816 * the active list ...
3818 if (!list_empty(&hw
->ctlxq
.active
)) {
3820 * We must ensure that our URB is removed from
3821 * the system, if it hasn't already expired.
3823 hw
->ctlx_urb
.transfer_flags
|= URB_ASYNC_UNLINK
;
3824 if (usb_unlink_urb(&hw
->ctlx_urb
) == -EINPROGRESS
) {
3825 struct hfa384x_usbctlx
*ctlx
= get_active_ctlx(hw
);
3827 ctlx
->state
= CTLX_REQ_FAILED
;
3829 /* This URB was active, but has now been
3830 * cancelled. It will now have a status of
3831 * -ECONNRESET in the callback function.
3833 * We are cancelling this CTLX, so we're
3834 * not going to need to wait for a response.
3835 * The URB's callback function will check
3836 * that this timer is truly dead.
3838 if (del_timer(&hw
->resptimer
) != 0)
3839 hw
->resp_timer_done
= 1;
3843 spin_unlock_irqrestore(&hw
->ctlxq
.lock
, flags
);
3846 /*----------------------------------------------------------------
3847 * hfa384x_usbctlx_resptimerfn
3849 * Timer response function for CTLX response timeouts. If this
3850 * function is called, it means that the callback for the IN
3851 * URB containing a Prism2.x XXX_Response was never called.
3854 * data a ptr to the struct hfa384x
3863 *----------------------------------------------------------------
3865 static void hfa384x_usbctlx_resptimerfn(unsigned long data
)
3867 struct hfa384x
*hw
= (struct hfa384x
*)data
;
3868 unsigned long flags
;
3870 spin_lock_irqsave(&hw
->ctlxq
.lock
, flags
);
3872 hw
->resp_timer_done
= 1;
3874 /* The active list will be empty if the
3875 * adapter has been unplugged ...
3877 if (!list_empty(&hw
->ctlxq
.active
)) {
3878 struct hfa384x_usbctlx
*ctlx
= get_active_ctlx(hw
);
3880 if (unlocked_usbctlx_cancel_async(hw
, ctlx
) == 0) {
3881 spin_unlock_irqrestore(&hw
->ctlxq
.lock
, flags
);
3882 hfa384x_usbctlxq_run(hw
);
3886 spin_unlock_irqrestore(&hw
->ctlxq
.lock
, flags
);
3889 /*----------------------------------------------------------------
3890 * hfa384x_usb_throttlefn
3903 *----------------------------------------------------------------
3905 static void hfa384x_usb_throttlefn(unsigned long data
)
3907 struct hfa384x
*hw
= (struct hfa384x
*)data
;
3908 unsigned long flags
;
3910 spin_lock_irqsave(&hw
->ctlxq
.lock
, flags
);
3913 * We need to check BOTH the RX and the TX throttle controls,
3914 * so we use the bitwise OR instead of the logical OR.
3916 pr_debug("flags=0x%lx\n", hw
->usb_flags
);
3917 if (!hw
->wlandev
->hwremoved
&&
3918 ((test_and_clear_bit(THROTTLE_RX
, &hw
->usb_flags
) &&
3919 !test_and_set_bit(WORK_RX_RESUME
, &hw
->usb_flags
)) |
3920 (test_and_clear_bit(THROTTLE_TX
, &hw
->usb_flags
) &&
3921 !test_and_set_bit(WORK_TX_RESUME
, &hw
->usb_flags
))
3923 schedule_work(&hw
->usb_work
);
3926 spin_unlock_irqrestore(&hw
->ctlxq
.lock
, flags
);
3929 /*----------------------------------------------------------------
3930 * hfa384x_usbctlx_submit
3932 * Called from the doxxx functions to submit a CTLX to the queue
3935 * hw ptr to the hw struct
3936 * ctlx ctlx structure to enqueue
3939 * -ENODEV if the adapter is unplugged
3945 * process or interrupt
3946 *----------------------------------------------------------------
3948 static int hfa384x_usbctlx_submit(struct hfa384x
*hw
,
3949 struct hfa384x_usbctlx
*ctlx
)
3951 unsigned long flags
;
3953 spin_lock_irqsave(&hw
->ctlxq
.lock
, flags
);
3955 if (hw
->wlandev
->hwremoved
) {
3956 spin_unlock_irqrestore(&hw
->ctlxq
.lock
, flags
);
3960 ctlx
->state
= CTLX_PENDING
;
3961 list_add_tail(&ctlx
->list
, &hw
->ctlxq
.pending
);
3962 spin_unlock_irqrestore(&hw
->ctlxq
.lock
, flags
);
3963 hfa384x_usbctlxq_run(hw
);
3968 /*----------------------------------------------------------------
3969 * hfa384x_isgood_pdrcore
3971 * Quick check of PDR codes.
3974 * pdrcode PDR code number (host order)
3983 *----------------------------------------------------------------
3985 static int hfa384x_isgood_pdrcode(u16 pdrcode
)
3988 case HFA384x_PDR_END_OF_PDA
:
3989 case HFA384x_PDR_PCB_PARTNUM
:
3990 case HFA384x_PDR_PDAVER
:
3991 case HFA384x_PDR_NIC_SERIAL
:
3992 case HFA384x_PDR_MKK_MEASUREMENTS
:
3993 case HFA384x_PDR_NIC_RAMSIZE
:
3994 case HFA384x_PDR_MFISUPRANGE
:
3995 case HFA384x_PDR_CFISUPRANGE
:
3996 case HFA384x_PDR_NICID
:
3997 case HFA384x_PDR_MAC_ADDRESS
:
3998 case HFA384x_PDR_REGDOMAIN
:
3999 case HFA384x_PDR_ALLOWED_CHANNEL
:
4000 case HFA384x_PDR_DEFAULT_CHANNEL
:
4001 case HFA384x_PDR_TEMPTYPE
:
4002 case HFA384x_PDR_IFR_SETTING
:
4003 case HFA384x_PDR_RFR_SETTING
:
4004 case HFA384x_PDR_HFA3861_BASELINE
:
4005 case HFA384x_PDR_HFA3861_SHADOW
:
4006 case HFA384x_PDR_HFA3861_IFRF
:
4007 case HFA384x_PDR_HFA3861_CHCALSP
:
4008 case HFA384x_PDR_HFA3861_CHCALI
:
4009 case HFA384x_PDR_3842_NIC_CONFIG
:
4010 case HFA384x_PDR_USB_ID
:
4011 case HFA384x_PDR_PCI_ID
:
4012 case HFA384x_PDR_PCI_IFCONF
:
4013 case HFA384x_PDR_PCI_PMCONF
:
4014 case HFA384x_PDR_RFENRGY
:
4015 case HFA384x_PDR_HFA3861_MANF_TESTSP
:
4016 case HFA384x_PDR_HFA3861_MANF_TESTI
:
4020 if (pdrcode
< 0x1000) {
4021 /* code is OK, but we don't know exactly what it is */
4022 pr_debug("Encountered unknown PDR#=0x%04x, assuming it's ok.\n",
4029 pr_debug("Encountered unknown PDR#=0x%04x, (>=0x1000), assuming it's bad.\n",