1 /* src/prism2/driver/hfa384x_usb.c
3 * Functions that talk to the USB variantof the Intersil hfa384x MAC
5 * Copyright (C) 1999 AbsoluteValue Systems, Inc. All Rights Reserved.
6 * --------------------------------------------------------------------
10 * The contents of this file are subject to the Mozilla Public
11 * License Version 1.1 (the "License"); you may not use this file
12 * except in compliance with the License. You may obtain a copy of
13 * the License at http://www.mozilla.org/MPL/
15 * Software distributed under the License is distributed on an "AS
16 * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
17 * implied. See the License for the specific language governing
18 * rights and limitations under the License.
20 * Alternatively, the contents of this file may be used under the
21 * terms of the GNU Public License version 2 (the "GPL"), in which
22 * case the provisions of the GPL are applicable instead of the
23 * above. If you wish to allow the use of your version of this file
24 * only under the terms of the GPL and not to allow others to use
25 * your version of this file under the MPL, indicate your decision
26 * by deleting the provisions above and replace them with the notice
27 * and other provisions required by the GPL. If you do not delete
28 * the provisions above, a recipient may use your version of this
29 * file under either the MPL or the GPL.
31 * --------------------------------------------------------------------
33 * Inquiries regarding the linux-wlan Open Source project can be
36 * AbsoluteValue Systems Inc.
38 * http://www.linux-wlan.com
40 * --------------------------------------------------------------------
42 * Portions of the development of this software were funded by
43 * Intersil Corporation as part of PRISM(R) chipset product development.
45 * --------------------------------------------------------------------
47 * This file implements functions that correspond to the prism2/hfa384x
48 * 802.11 MAC hardware and firmware host interface.
50 * The functions can be considered to represent several levels of
51 * abstraction. The lowest level functions are simply C-callable wrappers
52 * around the register accesses. The next higher level represents C-callable
53 * prism2 API functions that match the Intersil documentation as closely
54 * as is reasonable. The next higher layer implements common sequences
55 * of invocations of the API layer (e.g. write to bap, followed by cmd).
58 * hfa384x_drvr_xxx Highest level abstractions provided by the
59 * hfa384x code. They are driver defined wrappers
60 * for common sequences. These functions generally
61 * use the services of the lower levels.
63 * hfa384x_drvr_xxxconfig An example of the drvr level abstraction. These
64 * functions are wrappers for the RID get/set
65 * sequence. They call copy_[to|from]_bap() and
66 * cmd_access(). These functions operate on the
67 * RIDs and buffers without validation. The caller
68 * is responsible for that.
70 * API wrapper functions:
71 * hfa384x_cmd_xxx functions that provide access to the f/w commands.
72 * The function arguments correspond to each command
73 * argument, even command arguments that get packed
74 * into single registers. These functions _just_
75 * issue the command by setting the cmd/parm regs
76 * & reading the status/resp regs. Additional
77 * activities required to fully use a command
78 * (read/write from/to bap, get/set int status etc.)
79 * are implemented separately. Think of these as
80 * C-callable prism2 commands.
82 * Lowest Layer Functions:
83 * hfa384x_docmd_xxx These functions implement the sequence required
84 * to issue any prism2 command. Primarily used by the
85 * hfa384x_cmd_xxx functions.
87 * hfa384x_bap_xxx BAP read/write access functions.
88 * Note: we usually use BAP0 for non-interrupt context
89 * and BAP1 for interrupt context.
91 * hfa384x_dl_xxx download related functions.
93 * Driver State Issues:
94 * Note that there are two pairs of functions that manage the
95 * 'initialized' and 'running' states of the hw/MAC combo. The four
96 * functions are create(), destroy(), start(), and stop(). create()
97 * sets up the data structures required to support the hfa384x_*
98 * functions and destroy() cleans them up. The start() function gets
99 * the actual hardware running and enables the interrupts. The stop()
100 * function shuts the hardware down. The sequence should be:
104 * . Do interesting things w/ the hardware
109 * Note that destroy() can be called without calling stop() first.
110 * --------------------------------------------------------------------
113 #include <linux/module.h>
114 #include <linux/kernel.h>
115 #include <linux/sched.h>
116 #include <linux/types.h>
117 #include <linux/slab.h>
118 #include <linux/wireless.h>
119 #include <linux/netdevice.h>
120 #include <linux/timer.h>
121 #include <linux/io.h>
122 #include <linux/delay.h>
123 #include <asm/byteorder.h>
124 #include <linux/bitops.h>
125 #include <linux/list.h>
126 #include <linux/usb.h>
127 #include <linux/byteorder/generic.h>
129 #include "p80211types.h"
130 #include "p80211hdr.h"
131 #include "p80211mgmt.h"
132 #include "p80211conv.h"
133 #include "p80211msg.h"
134 #include "p80211netdev.h"
135 #include "p80211req.h"
136 #include "p80211metadef.h"
137 #include "p80211metastruct.h"
139 #include "prism2mgmt.h"
146 #define THROTTLE_JIFFIES (HZ / 8)
147 #define URB_ASYNC_UNLINK 0
148 #define USB_QUEUE_BULK 0
150 #define ROUNDUP64(a) (((a) + 63) & ~63)
153 static void dbprint_urb(struct urb
*urb
);
157 hfa384x_int_rxmonitor(wlandevice_t
*wlandev
, hfa384x_usb_rxfrm_t
*rxfrm
);
159 static void hfa384x_usb_defer(struct work_struct
*data
);
161 static int submit_rx_urb(hfa384x_t
*hw
, gfp_t flags
);
163 static int submit_tx_urb(hfa384x_t
*hw
, struct urb
*tx_urb
, gfp_t flags
);
165 /*---------------------------------------------------*/
167 static void hfa384x_usbout_callback(struct urb
*urb
);
168 static void hfa384x_ctlxout_callback(struct urb
*urb
);
169 static void hfa384x_usbin_callback(struct urb
*urb
);
172 hfa384x_usbin_txcompl(wlandevice_t
*wlandev
, hfa384x_usbin_t
*usbin
);
174 static void hfa384x_usbin_rx(wlandevice_t
*wlandev
, struct sk_buff
*skb
);
176 static void hfa384x_usbin_info(wlandevice_t
*wlandev
, hfa384x_usbin_t
*usbin
);
178 static void hfa384x_usbin_ctlx(hfa384x_t
*hw
, hfa384x_usbin_t
*usbin
,
181 /*---------------------------------------------------*/
182 /* Functions to support the prism2 usb command queue */
184 static void hfa384x_usbctlxq_run(hfa384x_t
*hw
);
186 static void hfa384x_usbctlx_reqtimerfn(unsigned long data
);
188 static void hfa384x_usbctlx_resptimerfn(unsigned long data
);
190 static void hfa384x_usb_throttlefn(unsigned long data
);
192 static void hfa384x_usbctlx_completion_task(unsigned long data
);
194 static void hfa384x_usbctlx_reaper_task(unsigned long data
);
196 static int hfa384x_usbctlx_submit(hfa384x_t
*hw
, hfa384x_usbctlx_t
*ctlx
);
198 static void unlocked_usbctlx_complete(hfa384x_t
*hw
, hfa384x_usbctlx_t
*ctlx
);
200 struct usbctlx_completor
{
201 int (*complete
)(struct usbctlx_completor
*);
205 hfa384x_usbctlx_complete_sync(hfa384x_t
*hw
,
206 hfa384x_usbctlx_t
*ctlx
,
207 struct usbctlx_completor
*completor
);
210 unlocked_usbctlx_cancel_async(hfa384x_t
*hw
, hfa384x_usbctlx_t
*ctlx
);
212 static void hfa384x_cb_status(hfa384x_t
*hw
, const hfa384x_usbctlx_t
*ctlx
);
215 usbctlx_get_status(const hfa384x_usb_cmdresp_t
*cmdresp
,
216 hfa384x_cmdresult_t
*result
);
219 usbctlx_get_rridresult(const hfa384x_usb_rridresp_t
*rridresp
,
220 hfa384x_rridresult_t
*result
);
222 /*---------------------------------------------------*/
223 /* Low level req/resp CTLX formatters and submitters */
225 hfa384x_docmd(hfa384x_t
*hw
,
227 hfa384x_metacmd_t
*cmd
,
228 ctlx_cmdcb_t cmdcb
, ctlx_usercb_t usercb
, void *usercb_data
);
231 hfa384x_dorrid(hfa384x_t
*hw
,
235 unsigned int riddatalen
,
236 ctlx_cmdcb_t cmdcb
, ctlx_usercb_t usercb
, void *usercb_data
);
239 hfa384x_dowrid(hfa384x_t
*hw
,
243 unsigned int riddatalen
,
244 ctlx_cmdcb_t cmdcb
, ctlx_usercb_t usercb
, void *usercb_data
);
247 hfa384x_dormem(hfa384x_t
*hw
,
253 ctlx_cmdcb_t cmdcb
, ctlx_usercb_t usercb
, void *usercb_data
);
256 hfa384x_dowmem(hfa384x_t
*hw
,
262 ctlx_cmdcb_t cmdcb
, ctlx_usercb_t usercb
, void *usercb_data
);
264 static int hfa384x_isgood_pdrcode(u16 pdrcode
);
266 static inline const char *ctlxstr(CTLX_STATE s
)
268 static const char * const ctlx_str
[] = {
273 "Request packet submitted",
274 "Request packet completed",
275 "Response packet completed"
281 static inline hfa384x_usbctlx_t
*get_active_ctlx(hfa384x_t
*hw
)
283 return list_entry(hw
->ctlxq
.active
.next
, hfa384x_usbctlx_t
, list
);
287 void dbprint_urb(struct urb
*urb
)
289 pr_debug("urb->pipe=0x%08x\n", urb
->pipe
);
290 pr_debug("urb->status=0x%08x\n", urb
->status
);
291 pr_debug("urb->transfer_flags=0x%08x\n", urb
->transfer_flags
);
292 pr_debug("urb->transfer_buffer=0x%08x\n",
293 (unsigned int)urb
->transfer_buffer
);
294 pr_debug("urb->transfer_buffer_length=0x%08x\n",
295 urb
->transfer_buffer_length
);
296 pr_debug("urb->actual_length=0x%08x\n", urb
->actual_length
);
297 pr_debug("urb->bandwidth=0x%08x\n", urb
->bandwidth
);
298 pr_debug("urb->setup_packet(ctl)=0x%08x\n",
299 (unsigned int)urb
->setup_packet
);
300 pr_debug("urb->start_frame(iso/irq)=0x%08x\n", urb
->start_frame
);
301 pr_debug("urb->interval(irq)=0x%08x\n", urb
->interval
);
302 pr_debug("urb->error_count(iso)=0x%08x\n", urb
->error_count
);
303 pr_debug("urb->timeout=0x%08x\n", urb
->timeout
);
304 pr_debug("urb->context=0x%08x\n", (unsigned int)urb
->context
);
305 pr_debug("urb->complete=0x%08x\n", (unsigned int)urb
->complete
);
309 /*----------------------------------------------------------------
312 * Listen for input data on the BULK-IN pipe. If the pipe has
313 * stalled then schedule it to be reset.
317 * memflags memory allocation flags
320 * error code from submission
324 ----------------------------------------------------------------*/
325 static int submit_rx_urb(hfa384x_t
*hw
, gfp_t memflags
)
330 skb
= dev_alloc_skb(sizeof(hfa384x_usbin_t
));
336 /* Post the IN urb */
337 usb_fill_bulk_urb(&hw
->rx_urb
, hw
->usb
,
339 skb
->data
, sizeof(hfa384x_usbin_t
),
340 hfa384x_usbin_callback
, hw
->wlandev
);
342 hw
->rx_urb_skb
= skb
;
345 if (!hw
->wlandev
->hwremoved
&&
346 !test_bit(WORK_RX_HALT
, &hw
->usb_flags
)) {
347 result
= usb_submit_urb(&hw
->rx_urb
, memflags
);
349 /* Check whether we need to reset the RX pipe */
350 if (result
== -EPIPE
) {
351 netdev_warn(hw
->wlandev
->netdev
,
352 "%s rx pipe stalled: requesting reset\n",
353 hw
->wlandev
->netdev
->name
);
354 if (!test_and_set_bit(WORK_RX_HALT
, &hw
->usb_flags
))
355 schedule_work(&hw
->usb_work
);
359 /* Don't leak memory if anything should go wrong */
362 hw
->rx_urb_skb
= NULL
;
369 /*----------------------------------------------------------------
372 * Prepares and submits the URB of transmitted data. If the
373 * submission fails then it will schedule the output pipe to
378 * tx_urb URB of data for transmission
379 * memflags memory allocation flags
382 * error code from submission
386 ----------------------------------------------------------------*/
387 static int submit_tx_urb(hfa384x_t
*hw
, struct urb
*tx_urb
, gfp_t memflags
)
389 struct net_device
*netdev
= hw
->wlandev
->netdev
;
393 if (netif_running(netdev
)) {
394 if (!hw
->wlandev
->hwremoved
&&
395 !test_bit(WORK_TX_HALT
, &hw
->usb_flags
)) {
396 result
= usb_submit_urb(tx_urb
, memflags
);
398 /* Test whether we need to reset the TX pipe */
399 if (result
== -EPIPE
) {
400 netdev_warn(hw
->wlandev
->netdev
,
401 "%s tx pipe stalled: requesting reset\n",
403 set_bit(WORK_TX_HALT
, &hw
->usb_flags
);
404 schedule_work(&hw
->usb_work
);
405 } else if (result
== 0) {
406 netif_stop_queue(netdev
);
414 /*----------------------------------------------------------------
417 * There are some things that the USB stack cannot do while
418 * in interrupt context, so we arrange this function to run
419 * in process context.
422 * hw device structure
428 * process (by design)
429 ----------------------------------------------------------------*/
430 static void hfa384x_usb_defer(struct work_struct
*data
)
432 hfa384x_t
*hw
= container_of(data
, struct hfa384x
, usb_work
);
433 struct net_device
*netdev
= hw
->wlandev
->netdev
;
435 /* Don't bother trying to reset anything if the plug
436 * has been pulled ...
438 if (hw
->wlandev
->hwremoved
)
441 /* Reception has stopped: try to reset the input pipe */
442 if (test_bit(WORK_RX_HALT
, &hw
->usb_flags
)) {
445 usb_kill_urb(&hw
->rx_urb
); /* Cannot be holding spinlock! */
447 ret
= usb_clear_halt(hw
->usb
, hw
->endp_in
);
449 netdev_err(hw
->wlandev
->netdev
,
450 "Failed to clear rx pipe for %s: err=%d\n",
453 netdev_info(hw
->wlandev
->netdev
, "%s rx pipe reset complete.\n",
455 clear_bit(WORK_RX_HALT
, &hw
->usb_flags
);
456 set_bit(WORK_RX_RESUME
, &hw
->usb_flags
);
460 /* Resume receiving data back from the device. */
461 if (test_bit(WORK_RX_RESUME
, &hw
->usb_flags
)) {
464 ret
= submit_rx_urb(hw
, GFP_KERNEL
);
466 netdev_err(hw
->wlandev
->netdev
,
467 "Failed to resume %s rx pipe.\n",
470 clear_bit(WORK_RX_RESUME
, &hw
->usb_flags
);
474 /* Transmission has stopped: try to reset the output pipe */
475 if (test_bit(WORK_TX_HALT
, &hw
->usb_flags
)) {
478 usb_kill_urb(&hw
->tx_urb
);
479 ret
= usb_clear_halt(hw
->usb
, hw
->endp_out
);
481 netdev_err(hw
->wlandev
->netdev
,
482 "Failed to clear tx pipe for %s: err=%d\n",
485 netdev_info(hw
->wlandev
->netdev
, "%s tx pipe reset complete.\n",
487 clear_bit(WORK_TX_HALT
, &hw
->usb_flags
);
488 set_bit(WORK_TX_RESUME
, &hw
->usb_flags
);
490 /* Stopping the BULK-OUT pipe also blocked
491 * us from sending any more CTLX URBs, so
492 * we need to re-run our queue ...
494 hfa384x_usbctlxq_run(hw
);
498 /* Resume transmitting. */
499 if (test_and_clear_bit(WORK_TX_RESUME
, &hw
->usb_flags
))
500 netif_wake_queue(hw
->wlandev
->netdev
);
503 /*----------------------------------------------------------------
506 * Sets up the hfa384x_t data structure for use. Note this
507 * does _not_ initialize the actual hardware, just the data structures
508 * we use to keep track of its state.
511 * hw device structure
512 * irq device irq number
513 * iobase i/o base address for register access
514 * membase memory base address for register access
523 ----------------------------------------------------------------*/
524 void hfa384x_create(hfa384x_t
*hw
, struct usb_device
*usb
)
526 memset(hw
, 0, sizeof(hfa384x_t
));
529 /* set up the endpoints */
530 hw
->endp_in
= usb_rcvbulkpipe(usb
, 1);
531 hw
->endp_out
= usb_sndbulkpipe(usb
, 2);
533 /* Set up the waitq */
534 init_waitqueue_head(&hw
->cmdq
);
536 /* Initialize the command queue */
537 spin_lock_init(&hw
->ctlxq
.lock
);
538 INIT_LIST_HEAD(&hw
->ctlxq
.pending
);
539 INIT_LIST_HEAD(&hw
->ctlxq
.active
);
540 INIT_LIST_HEAD(&hw
->ctlxq
.completing
);
541 INIT_LIST_HEAD(&hw
->ctlxq
.reapable
);
543 /* Initialize the authentication queue */
544 skb_queue_head_init(&hw
->authq
);
546 tasklet_init(&hw
->reaper_bh
,
547 hfa384x_usbctlx_reaper_task
, (unsigned long)hw
);
548 tasklet_init(&hw
->completion_bh
,
549 hfa384x_usbctlx_completion_task
, (unsigned long)hw
);
550 INIT_WORK(&hw
->link_bh
, prism2sta_processing_defer
);
551 INIT_WORK(&hw
->usb_work
, hfa384x_usb_defer
);
553 setup_timer(&hw
->throttle
, hfa384x_usb_throttlefn
, (unsigned long)hw
);
555 setup_timer(&hw
->resptimer
, hfa384x_usbctlx_resptimerfn
,
558 setup_timer(&hw
->reqtimer
, hfa384x_usbctlx_reqtimerfn
,
561 usb_init_urb(&hw
->rx_urb
);
562 usb_init_urb(&hw
->tx_urb
);
563 usb_init_urb(&hw
->ctlx_urb
);
565 hw
->link_status
= HFA384x_LINK_NOTCONNECTED
;
566 hw
->state
= HFA384x_STATE_INIT
;
568 INIT_WORK(&hw
->commsqual_bh
, prism2sta_commsqual_defer
);
569 setup_timer(&hw
->commsqual_timer
, prism2sta_commsqual_timer
,
573 /*----------------------------------------------------------------
576 * Partner to hfa384x_create(). This function cleans up the hw
577 * structure so that it can be freed by the caller using a simple
578 * kfree. Currently, this function is just a placeholder. If, at some
579 * point in the future, an hw in the 'shutdown' state requires a 'deep'
580 * kfree, this is where it should be done. Note that if this function
581 * is called on a _running_ hw structure, the drvr_stop() function is
585 * hw device structure
588 * nothing, this function is not allowed to fail.
594 ----------------------------------------------------------------*/
595 void hfa384x_destroy(hfa384x_t
*hw
)
599 if (hw
->state
== HFA384x_STATE_RUNNING
)
600 hfa384x_drvr_stop(hw
);
601 hw
->state
= HFA384x_STATE_PREINIT
;
603 kfree(hw
->scanresults
);
604 hw
->scanresults
= NULL
;
606 /* Now to clean out the auth queue */
607 while ((skb
= skb_dequeue(&hw
->authq
)))
611 static hfa384x_usbctlx_t
*usbctlx_alloc(void)
613 hfa384x_usbctlx_t
*ctlx
;
615 ctlx
= kzalloc(sizeof(*ctlx
),
616 in_interrupt() ? GFP_ATOMIC
: GFP_KERNEL
);
618 init_completion(&ctlx
->done
);
624 usbctlx_get_status(const hfa384x_usb_cmdresp_t
*cmdresp
,
625 hfa384x_cmdresult_t
*result
)
627 result
->status
= le16_to_cpu(cmdresp
->status
);
628 result
->resp0
= le16_to_cpu(cmdresp
->resp0
);
629 result
->resp1
= le16_to_cpu(cmdresp
->resp1
);
630 result
->resp2
= le16_to_cpu(cmdresp
->resp2
);
632 pr_debug("cmdresult:status=0x%04x resp0=0x%04x resp1=0x%04x resp2=0x%04x\n",
633 result
->status
, result
->resp0
, result
->resp1
, result
->resp2
);
635 return result
->status
& HFA384x_STATUS_RESULT
;
639 usbctlx_get_rridresult(const hfa384x_usb_rridresp_t
*rridresp
,
640 hfa384x_rridresult_t
*result
)
642 result
->rid
= le16_to_cpu(rridresp
->rid
);
643 result
->riddata
= rridresp
->data
;
644 result
->riddata_len
= ((le16_to_cpu(rridresp
->frmlen
) - 1) * 2);
647 /*----------------------------------------------------------------
649 * This completor must be passed to hfa384x_usbctlx_complete_sync()
650 * when processing a CTLX that returns a hfa384x_cmdresult_t structure.
651 ----------------------------------------------------------------*/
652 struct usbctlx_cmd_completor
{
653 struct usbctlx_completor head
;
655 const hfa384x_usb_cmdresp_t
*cmdresp
;
656 hfa384x_cmdresult_t
*result
;
659 static inline int usbctlx_cmd_completor_fn(struct usbctlx_completor
*head
)
661 struct usbctlx_cmd_completor
*complete
;
663 complete
= (struct usbctlx_cmd_completor
*)head
;
664 return usbctlx_get_status(complete
->cmdresp
, complete
->result
);
667 static inline struct usbctlx_completor
*init_cmd_completor(
668 struct usbctlx_cmd_completor
670 const hfa384x_usb_cmdresp_t
672 hfa384x_cmdresult_t
*result
)
674 completor
->head
.complete
= usbctlx_cmd_completor_fn
;
675 completor
->cmdresp
= cmdresp
;
676 completor
->result
= result
;
677 return &(completor
->head
);
680 /*----------------------------------------------------------------
682 * This completor must be passed to hfa384x_usbctlx_complete_sync()
683 * when processing a CTLX that reads a RID.
684 ----------------------------------------------------------------*/
685 struct usbctlx_rrid_completor
{
686 struct usbctlx_completor head
;
688 const hfa384x_usb_rridresp_t
*rridresp
;
690 unsigned int riddatalen
;
693 static int usbctlx_rrid_completor_fn(struct usbctlx_completor
*head
)
695 struct usbctlx_rrid_completor
*complete
;
696 hfa384x_rridresult_t rridresult
;
698 complete
= (struct usbctlx_rrid_completor
*)head
;
699 usbctlx_get_rridresult(complete
->rridresp
, &rridresult
);
701 /* Validate the length, note body len calculation in bytes */
702 if (rridresult
.riddata_len
!= complete
->riddatalen
) {
703 pr_warn("RID len mismatch, rid=0x%04x hlen=%d fwlen=%d\n",
705 complete
->riddatalen
, rridresult
.riddata_len
);
709 memcpy(complete
->riddata
, rridresult
.riddata
, complete
->riddatalen
);
713 static inline struct usbctlx_completor
*init_rrid_completor(
714 struct usbctlx_rrid_completor
716 const hfa384x_usb_rridresp_t
719 unsigned int riddatalen
)
721 completor
->head
.complete
= usbctlx_rrid_completor_fn
;
722 completor
->rridresp
= rridresp
;
723 completor
->riddata
= riddata
;
724 completor
->riddatalen
= riddatalen
;
725 return &(completor
->head
);
728 /*----------------------------------------------------------------
730 * Interprets the results of a synchronous RID-write
731 ----------------------------------------------------------------*/
732 #define init_wrid_completor init_cmd_completor
734 /*----------------------------------------------------------------
736 * Interprets the results of a synchronous memory-write
737 ----------------------------------------------------------------*/
738 #define init_wmem_completor init_cmd_completor
740 /*----------------------------------------------------------------
742 * Interprets the results of a synchronous memory-read
743 ----------------------------------------------------------------*/
744 struct usbctlx_rmem_completor
{
745 struct usbctlx_completor head
;
747 const hfa384x_usb_rmemresp_t
*rmemresp
;
752 static int usbctlx_rmem_completor_fn(struct usbctlx_completor
*head
)
754 struct usbctlx_rmem_completor
*complete
=
755 (struct usbctlx_rmem_completor
*)head
;
757 pr_debug("rmemresp:len=%d\n", complete
->rmemresp
->frmlen
);
758 memcpy(complete
->data
, complete
->rmemresp
->data
, complete
->len
);
762 static inline struct usbctlx_completor
*init_rmem_completor(
763 struct usbctlx_rmem_completor
765 hfa384x_usb_rmemresp_t
770 completor
->head
.complete
= usbctlx_rmem_completor_fn
;
771 completor
->rmemresp
= rmemresp
;
772 completor
->data
= data
;
773 completor
->len
= len
;
774 return &(completor
->head
);
777 /*----------------------------------------------------------------
780 * Ctlx_complete handler for async CMD type control exchanges.
781 * mark the hw struct as such.
783 * Note: If the handling is changed here, it should probably be
784 * changed in docmd as well.
788 * ctlx completed CTLX
797 ----------------------------------------------------------------*/
798 static void hfa384x_cb_status(hfa384x_t
*hw
, const hfa384x_usbctlx_t
*ctlx
)
801 hfa384x_cmdresult_t cmdresult
;
803 if (ctlx
->state
!= CTLX_COMPLETE
) {
804 memset(&cmdresult
, 0, sizeof(cmdresult
));
806 HFA384x_STATUS_RESULT_SET(HFA384x_CMD_ERR
);
808 usbctlx_get_status(&ctlx
->inbuf
.cmdresp
, &cmdresult
);
811 ctlx
->usercb(hw
, &cmdresult
, ctlx
->usercb_data
);
815 static inline int hfa384x_docmd_wait(hfa384x_t
*hw
, hfa384x_metacmd_t
*cmd
)
817 return hfa384x_docmd(hw
, DOWAIT
, cmd
, NULL
, NULL
, NULL
);
821 hfa384x_docmd_async(hfa384x_t
*hw
,
822 hfa384x_metacmd_t
*cmd
,
823 ctlx_cmdcb_t cmdcb
, ctlx_usercb_t usercb
, void *usercb_data
)
825 return hfa384x_docmd(hw
, DOASYNC
, cmd
, cmdcb
, usercb
, usercb_data
);
829 hfa384x_dorrid_wait(hfa384x_t
*hw
, u16 rid
, void *riddata
,
830 unsigned int riddatalen
)
832 return hfa384x_dorrid(hw
, DOWAIT
,
833 rid
, riddata
, riddatalen
, NULL
, NULL
, NULL
);
837 hfa384x_dorrid_async(hfa384x_t
*hw
,
838 u16 rid
, void *riddata
, unsigned int riddatalen
,
840 ctlx_usercb_t usercb
, void *usercb_data
)
842 return hfa384x_dorrid(hw
, DOASYNC
,
843 rid
, riddata
, riddatalen
,
844 cmdcb
, usercb
, usercb_data
);
848 hfa384x_dowrid_wait(hfa384x_t
*hw
, u16 rid
, void *riddata
,
849 unsigned int riddatalen
)
851 return hfa384x_dowrid(hw
, DOWAIT
,
852 rid
, riddata
, riddatalen
, NULL
, NULL
, NULL
);
856 hfa384x_dowrid_async(hfa384x_t
*hw
,
857 u16 rid
, void *riddata
, unsigned int riddatalen
,
859 ctlx_usercb_t usercb
, void *usercb_data
)
861 return hfa384x_dowrid(hw
, DOASYNC
,
862 rid
, riddata
, riddatalen
,
863 cmdcb
, usercb
, usercb_data
);
867 hfa384x_dormem_wait(hfa384x_t
*hw
,
868 u16 page
, u16 offset
, void *data
, unsigned int len
)
870 return hfa384x_dormem(hw
, DOWAIT
,
871 page
, offset
, data
, len
, NULL
, NULL
, NULL
);
875 hfa384x_dormem_async(hfa384x_t
*hw
,
876 u16 page
, u16 offset
, void *data
, unsigned int len
,
878 ctlx_usercb_t usercb
, void *usercb_data
)
880 return hfa384x_dormem(hw
, DOASYNC
,
881 page
, offset
, data
, len
,
882 cmdcb
, usercb
, usercb_data
);
886 hfa384x_dowmem_wait(hfa384x_t
*hw
,
887 u16 page
, u16 offset
, void *data
, unsigned int len
)
889 return hfa384x_dowmem(hw
, DOWAIT
,
890 page
, offset
, data
, len
, NULL
, NULL
, NULL
);
894 hfa384x_dowmem_async(hfa384x_t
*hw
,
900 ctlx_usercb_t usercb
, void *usercb_data
)
902 return hfa384x_dowmem(hw
, DOASYNC
,
903 page
, offset
, data
, len
,
904 cmdcb
, usercb
, usercb_data
);
907 /*----------------------------------------------------------------
908 * hfa384x_cmd_initialize
910 * Issues the initialize command and sets the hw->state based
914 * hw device structure
918 * >0 f/w reported error - f/w status code
919 * <0 driver reported error
925 ----------------------------------------------------------------*/
926 int hfa384x_cmd_initialize(hfa384x_t
*hw
)
930 hfa384x_metacmd_t cmd
;
932 cmd
.cmd
= HFA384x_CMDCODE_INIT
;
937 result
= hfa384x_docmd_wait(hw
, &cmd
);
939 pr_debug("cmdresp.init: status=0x%04x, resp0=0x%04x, resp1=0x%04x, resp2=0x%04x\n",
941 cmd
.result
.resp0
, cmd
.result
.resp1
, cmd
.result
.resp2
);
943 for (i
= 0; i
< HFA384x_NUMPORTS_MAX
; i
++)
944 hw
->port_enabled
[i
] = 0;
947 hw
->link_status
= HFA384x_LINK_NOTCONNECTED
;
952 /*----------------------------------------------------------------
953 * hfa384x_cmd_disable
955 * Issues the disable command to stop communications on one of
959 * hw device structure
960 * macport MAC port number (host order)
964 * >0 f/w reported failure - f/w status code
965 * <0 driver reported error (timeout|bad arg)
971 ----------------------------------------------------------------*/
972 int hfa384x_cmd_disable(hfa384x_t
*hw
, u16 macport
)
974 hfa384x_metacmd_t cmd
;
976 cmd
.cmd
= HFA384x_CMD_CMDCODE_SET(HFA384x_CMDCODE_DISABLE
) |
977 HFA384x_CMD_MACPORT_SET(macport
);
982 return hfa384x_docmd_wait(hw
, &cmd
);
985 /*----------------------------------------------------------------
988 * Issues the enable command to enable communications on one of
992 * hw device structure
993 * macport MAC port number
997 * >0 f/w reported failure - f/w status code
998 * <0 driver reported error (timeout|bad arg)
1004 ----------------------------------------------------------------*/
1005 int hfa384x_cmd_enable(hfa384x_t
*hw
, u16 macport
)
1007 hfa384x_metacmd_t cmd
;
1009 cmd
.cmd
= HFA384x_CMD_CMDCODE_SET(HFA384x_CMDCODE_ENABLE
) |
1010 HFA384x_CMD_MACPORT_SET(macport
);
1015 return hfa384x_docmd_wait(hw
, &cmd
);
1018 /*----------------------------------------------------------------
1019 * hfa384x_cmd_monitor
1021 * Enables the 'monitor mode' of the MAC. Here's the description of
1022 * monitor mode that I've received thus far:
1024 * "The "monitor mode" of operation is that the MAC passes all
1025 * frames for which the PLCP checks are correct. All received
1026 * MPDUs are passed to the host with MAC Port = 7, with a
1027 * receive status of good, FCS error, or undecryptable. Passing
1028 * certain MPDUs is a violation of the 802.11 standard, but useful
1029 * for a debugging tool." Normal communication is not possible
1030 * while monitor mode is enabled.
1033 * hw device structure
1034 * enable a code (0x0b|0x0f) that enables/disables
1035 * monitor mode. (host order)
1039 * >0 f/w reported failure - f/w status code
1040 * <0 driver reported error (timeout|bad arg)
1046 ----------------------------------------------------------------*/
1047 int hfa384x_cmd_monitor(hfa384x_t
*hw
, u16 enable
)
1049 hfa384x_metacmd_t cmd
;
1051 cmd
.cmd
= HFA384x_CMD_CMDCODE_SET(HFA384x_CMDCODE_MONITOR
) |
1052 HFA384x_CMD_AINFO_SET(enable
);
1057 return hfa384x_docmd_wait(hw
, &cmd
);
1060 /*----------------------------------------------------------------
1061 * hfa384x_cmd_download
1063 * Sets the controls for the MAC controller code/data download
1064 * process. The arguments set the mode and address associated
1065 * with a download. Note that the aux registers should be enabled
1066 * prior to setting one of the download enable modes.
1069 * hw device structure
1070 * mode 0 - Disable programming and begin code exec
1071 * 1 - Enable volatile mem programming
1072 * 2 - Enable non-volatile mem programming
1073 * 3 - Program non-volatile section from NV download
1077 * highaddr For mode 1, sets the high & low order bits of
1078 * the "destination address". This address will be
1079 * the execution start address when download is
1080 * subsequently disabled.
1081 * For mode 2, sets the high & low order bits of
1082 * the destination in NV ram.
1083 * For modes 0 & 3, should be zero. (host order)
1084 * NOTE: these are CMD format.
1085 * codelen Length of the data to write in mode 2,
1086 * zero otherwise. (host order)
1090 * >0 f/w reported failure - f/w status code
1091 * <0 driver reported error (timeout|bad arg)
1097 ----------------------------------------------------------------*/
1098 int hfa384x_cmd_download(hfa384x_t
*hw
, u16 mode
, u16 lowaddr
,
1099 u16 highaddr
, u16 codelen
)
1101 hfa384x_metacmd_t cmd
;
1103 pr_debug("mode=%d, lowaddr=0x%04x, highaddr=0x%04x, codelen=%d\n",
1104 mode
, lowaddr
, highaddr
, codelen
);
1106 cmd
.cmd
= (HFA384x_CMD_CMDCODE_SET(HFA384x_CMDCODE_DOWNLD
) |
1107 HFA384x_CMD_PROGMODE_SET(mode
));
1109 cmd
.parm0
= lowaddr
;
1110 cmd
.parm1
= highaddr
;
1111 cmd
.parm2
= codelen
;
1113 return hfa384x_docmd_wait(hw
, &cmd
);
1116 /*----------------------------------------------------------------
1119 * Perform a reset of the hfa38xx MAC core. We assume that the hw
1120 * structure is in its "created" state. That is, it is initialized
1121 * with proper values. Note that if a reset is done after the
1122 * device has been active for awhile, the caller might have to clean
1123 * up some leftover cruft in the hw structure.
1126 * hw device structure
1127 * holdtime how long (in ms) to hold the reset
1128 * settletime how long (in ms) to wait after releasing
1138 ----------------------------------------------------------------*/
1139 int hfa384x_corereset(hfa384x_t
*hw
, int holdtime
, int settletime
, int genesis
)
1143 result
= usb_reset_device(hw
->usb
);
1145 netdev_err(hw
->wlandev
->netdev
, "usb_reset_device() failed, result=%d.\n",
1152 /*----------------------------------------------------------------
1153 * hfa384x_usbctlx_complete_sync
1155 * Waits for a synchronous CTLX object to complete,
1156 * and then handles the response.
1159 * hw device structure
1161 * completor functor object to decide what to
1162 * do with the CTLX's result.
1166 * -ERESTARTSYS Interrupted by a signal
1168 * -ENODEV Adapter was unplugged
1169 * ??? Result from completor
1175 ----------------------------------------------------------------*/
1176 static int hfa384x_usbctlx_complete_sync(hfa384x_t
*hw
,
1177 hfa384x_usbctlx_t
*ctlx
,
1178 struct usbctlx_completor
*completor
)
1180 unsigned long flags
;
1183 result
= wait_for_completion_interruptible(&ctlx
->done
);
1185 spin_lock_irqsave(&hw
->ctlxq
.lock
, flags
);
1188 * We can only handle the CTLX if the USB disconnect
1189 * function has not run yet ...
1192 if (hw
->wlandev
->hwremoved
) {
1193 spin_unlock_irqrestore(&hw
->ctlxq
.lock
, flags
);
1195 } else if (result
!= 0) {
1199 * We were probably interrupted, so delete
1200 * this CTLX asynchronously, kill the timers
1201 * and the URB, and then start the next
1204 * NOTE: We can only delete the timers and
1205 * the URB if this CTLX is active.
1207 if (ctlx
== get_active_ctlx(hw
)) {
1208 spin_unlock_irqrestore(&hw
->ctlxq
.lock
, flags
);
1210 del_singleshot_timer_sync(&hw
->reqtimer
);
1211 del_singleshot_timer_sync(&hw
->resptimer
);
1212 hw
->req_timer_done
= 1;
1213 hw
->resp_timer_done
= 1;
1214 usb_kill_urb(&hw
->ctlx_urb
);
1216 spin_lock_irqsave(&hw
->ctlxq
.lock
, flags
);
1221 * This scenario is so unlikely that I'm
1222 * happy with a grubby "goto" solution ...
1224 if (hw
->wlandev
->hwremoved
)
1229 * The completion task will send this CTLX
1230 * to the reaper the next time it runs. We
1231 * are no longer in a hurry.
1234 ctlx
->state
= CTLX_REQ_FAILED
;
1235 list_move_tail(&ctlx
->list
, &hw
->ctlxq
.completing
);
1237 spin_unlock_irqrestore(&hw
->ctlxq
.lock
, flags
);
1240 hfa384x_usbctlxq_run(hw
);
1242 if (ctlx
->state
== CTLX_COMPLETE
) {
1243 result
= completor
->complete(completor
);
1245 netdev_warn(hw
->wlandev
->netdev
, "CTLX[%d] error: state(%s)\n",
1246 le16_to_cpu(ctlx
->outbuf
.type
),
1247 ctlxstr(ctlx
->state
));
1251 list_del(&ctlx
->list
);
1252 spin_unlock_irqrestore(&hw
->ctlxq
.lock
, flags
);
1259 /*----------------------------------------------------------------
1262 * Constructs a command CTLX and submits it.
1264 * NOTE: Any changes to the 'post-submit' code in this function
1265 * need to be carried over to hfa384x_cbcmd() since the handling
1266 * is virtually identical.
1269 * hw device structure
1270 * mode DOWAIT or DOASYNC
1271 * cmd cmd structure. Includes all arguments and result
1272 * data points. All in host order. in host order
1273 * cmdcb command-specific callback
1274 * usercb user callback for async calls, NULL for DOWAIT calls
1275 * usercb_data user supplied data pointer for async calls, NULL
1281 * -ERESTARTSYS Awakened on signal
1282 * >0 command indicated error, Status and Resp0-2 are
1290 ----------------------------------------------------------------*/
1292 hfa384x_docmd(hfa384x_t
*hw
,
1294 hfa384x_metacmd_t
*cmd
,
1295 ctlx_cmdcb_t cmdcb
, ctlx_usercb_t usercb
, void *usercb_data
)
1298 hfa384x_usbctlx_t
*ctlx
;
1300 ctlx
= usbctlx_alloc();
1306 /* Initialize the command */
1307 ctlx
->outbuf
.cmdreq
.type
= cpu_to_le16(HFA384x_USB_CMDREQ
);
1308 ctlx
->outbuf
.cmdreq
.cmd
= cpu_to_le16(cmd
->cmd
);
1309 ctlx
->outbuf
.cmdreq
.parm0
= cpu_to_le16(cmd
->parm0
);
1310 ctlx
->outbuf
.cmdreq
.parm1
= cpu_to_le16(cmd
->parm1
);
1311 ctlx
->outbuf
.cmdreq
.parm2
= cpu_to_le16(cmd
->parm2
);
1313 ctlx
->outbufsize
= sizeof(ctlx
->outbuf
.cmdreq
);
1315 pr_debug("cmdreq: cmd=0x%04x parm0=0x%04x parm1=0x%04x parm2=0x%04x\n",
1316 cmd
->cmd
, cmd
->parm0
, cmd
->parm1
, cmd
->parm2
);
1318 ctlx
->reapable
= mode
;
1319 ctlx
->cmdcb
= cmdcb
;
1320 ctlx
->usercb
= usercb
;
1321 ctlx
->usercb_data
= usercb_data
;
1323 result
= hfa384x_usbctlx_submit(hw
, ctlx
);
1326 } else if (mode
== DOWAIT
) {
1327 struct usbctlx_cmd_completor completor
;
1330 hfa384x_usbctlx_complete_sync(hw
, ctlx
,
1331 init_cmd_completor(&completor
,
1343 /*----------------------------------------------------------------
1346 * Constructs a read rid CTLX and issues it.
1348 * NOTE: Any changes to the 'post-submit' code in this function
1349 * need to be carried over to hfa384x_cbrrid() since the handling
1350 * is virtually identical.
1353 * hw device structure
1354 * mode DOWAIT or DOASYNC
1355 * rid Read RID number (host order)
1356 * riddata Caller supplied buffer that MAC formatted RID.data
1357 * record will be written to for DOWAIT calls. Should
1358 * be NULL for DOASYNC calls.
1359 * riddatalen Buffer length for DOWAIT calls. Zero for DOASYNC calls.
1360 * cmdcb command callback for async calls, NULL for DOWAIT calls
1361 * usercb user callback for async calls, NULL for DOWAIT calls
1362 * usercb_data user supplied data pointer for async calls, NULL
1368 * -ERESTARTSYS Awakened on signal
1369 * -ENODATA riddatalen != macdatalen
1370 * >0 command indicated error, Status and Resp0-2 are
1376 * interrupt (DOASYNC)
1377 * process (DOWAIT or DOASYNC)
1378 ----------------------------------------------------------------*/
1380 hfa384x_dorrid(hfa384x_t
*hw
,
1384 unsigned int riddatalen
,
1385 ctlx_cmdcb_t cmdcb
, ctlx_usercb_t usercb
, void *usercb_data
)
1388 hfa384x_usbctlx_t
*ctlx
;
1390 ctlx
= usbctlx_alloc();
1396 /* Initialize the command */
1397 ctlx
->outbuf
.rridreq
.type
= cpu_to_le16(HFA384x_USB_RRIDREQ
);
1398 ctlx
->outbuf
.rridreq
.frmlen
=
1399 cpu_to_le16(sizeof(ctlx
->outbuf
.rridreq
.rid
));
1400 ctlx
->outbuf
.rridreq
.rid
= cpu_to_le16(rid
);
1402 ctlx
->outbufsize
= sizeof(ctlx
->outbuf
.rridreq
);
1404 ctlx
->reapable
= mode
;
1405 ctlx
->cmdcb
= cmdcb
;
1406 ctlx
->usercb
= usercb
;
1407 ctlx
->usercb_data
= usercb_data
;
1409 /* Submit the CTLX */
1410 result
= hfa384x_usbctlx_submit(hw
, ctlx
);
1413 } else if (mode
== DOWAIT
) {
1414 struct usbctlx_rrid_completor completor
;
1417 hfa384x_usbctlx_complete_sync(hw
, ctlx
,
1420 &ctlx
->inbuf
.rridresp
,
1421 riddata
, riddatalen
));
1428 /*----------------------------------------------------------------
1431 * Constructs a write rid CTLX and issues it.
1433 * NOTE: Any changes to the 'post-submit' code in this function
1434 * need to be carried over to hfa384x_cbwrid() since the handling
1435 * is virtually identical.
1438 * hw device structure
1439 * enum cmd_mode DOWAIT or DOASYNC
1441 * riddata Data portion of RID formatted for MAC
1442 * riddatalen Length of the data portion in bytes
1443 * cmdcb command callback for async calls, NULL for DOWAIT calls
1444 * usercb user callback for async calls, NULL for DOWAIT calls
1445 * usercb_data user supplied data pointer for async calls
1449 * -ETIMEDOUT timed out waiting for register ready or
1450 * command completion
1451 * >0 command indicated error, Status and Resp0-2 are
1457 * interrupt (DOASYNC)
1458 * process (DOWAIT or DOASYNC)
1459 ----------------------------------------------------------------*/
1461 hfa384x_dowrid(hfa384x_t
*hw
,
1465 unsigned int riddatalen
,
1466 ctlx_cmdcb_t cmdcb
, ctlx_usercb_t usercb
, void *usercb_data
)
1469 hfa384x_usbctlx_t
*ctlx
;
1471 ctlx
= usbctlx_alloc();
1477 /* Initialize the command */
1478 ctlx
->outbuf
.wridreq
.type
= cpu_to_le16(HFA384x_USB_WRIDREQ
);
1479 ctlx
->outbuf
.wridreq
.frmlen
= cpu_to_le16((sizeof
1480 (ctlx
->outbuf
.wridreq
.rid
) +
1481 riddatalen
+ 1) / 2);
1482 ctlx
->outbuf
.wridreq
.rid
= cpu_to_le16(rid
);
1483 memcpy(ctlx
->outbuf
.wridreq
.data
, riddata
, riddatalen
);
1485 ctlx
->outbufsize
= sizeof(ctlx
->outbuf
.wridreq
.type
) +
1486 sizeof(ctlx
->outbuf
.wridreq
.frmlen
) +
1487 sizeof(ctlx
->outbuf
.wridreq
.rid
) + riddatalen
;
1489 ctlx
->reapable
= mode
;
1490 ctlx
->cmdcb
= cmdcb
;
1491 ctlx
->usercb
= usercb
;
1492 ctlx
->usercb_data
= usercb_data
;
1494 /* Submit the CTLX */
1495 result
= hfa384x_usbctlx_submit(hw
, ctlx
);
1498 } else if (mode
== DOWAIT
) {
1499 struct usbctlx_cmd_completor completor
;
1500 hfa384x_cmdresult_t wridresult
;
1502 result
= hfa384x_usbctlx_complete_sync(hw
,
1506 &ctlx
->inbuf
.wridresp
,
1514 /*----------------------------------------------------------------
1517 * Constructs a readmem CTLX and issues it.
1519 * NOTE: Any changes to the 'post-submit' code in this function
1520 * need to be carried over to hfa384x_cbrmem() since the handling
1521 * is virtually identical.
1524 * hw device structure
1525 * mode DOWAIT or DOASYNC
1526 * page MAC address space page (CMD format)
1527 * offset MAC address space offset
1528 * data Ptr to data buffer to receive read
1529 * len Length of the data to read (max == 2048)
1530 * cmdcb command callback for async calls, NULL for DOWAIT calls
1531 * usercb user callback for async calls, NULL for DOWAIT calls
1532 * usercb_data user supplied data pointer for async calls
1536 * -ETIMEDOUT timed out waiting for register ready or
1537 * command completion
1538 * >0 command indicated error, Status and Resp0-2 are
1544 * interrupt (DOASYNC)
1545 * process (DOWAIT or DOASYNC)
1546 ----------------------------------------------------------------*/
1548 hfa384x_dormem(hfa384x_t
*hw
,
1554 ctlx_cmdcb_t cmdcb
, ctlx_usercb_t usercb
, void *usercb_data
)
1557 hfa384x_usbctlx_t
*ctlx
;
1559 ctlx
= usbctlx_alloc();
1565 /* Initialize the command */
1566 ctlx
->outbuf
.rmemreq
.type
= cpu_to_le16(HFA384x_USB_RMEMREQ
);
1567 ctlx
->outbuf
.rmemreq
.frmlen
=
1568 cpu_to_le16(sizeof(ctlx
->outbuf
.rmemreq
.offset
) +
1569 sizeof(ctlx
->outbuf
.rmemreq
.page
) + len
);
1570 ctlx
->outbuf
.rmemreq
.offset
= cpu_to_le16(offset
);
1571 ctlx
->outbuf
.rmemreq
.page
= cpu_to_le16(page
);
1573 ctlx
->outbufsize
= sizeof(ctlx
->outbuf
.rmemreq
);
1575 pr_debug("type=0x%04x frmlen=%d offset=0x%04x page=0x%04x\n",
1576 ctlx
->outbuf
.rmemreq
.type
,
1577 ctlx
->outbuf
.rmemreq
.frmlen
,
1578 ctlx
->outbuf
.rmemreq
.offset
, ctlx
->outbuf
.rmemreq
.page
);
1580 pr_debug("pktsize=%zd\n", ROUNDUP64(sizeof(ctlx
->outbuf
.rmemreq
)));
1582 ctlx
->reapable
= mode
;
1583 ctlx
->cmdcb
= cmdcb
;
1584 ctlx
->usercb
= usercb
;
1585 ctlx
->usercb_data
= usercb_data
;
1587 result
= hfa384x_usbctlx_submit(hw
, ctlx
);
1590 } else if (mode
== DOWAIT
) {
1591 struct usbctlx_rmem_completor completor
;
1594 hfa384x_usbctlx_complete_sync(hw
, ctlx
,
1597 &ctlx
->inbuf
.rmemresp
, data
,
1605 /*----------------------------------------------------------------
1608 * Constructs a writemem CTLX and issues it.
1610 * NOTE: Any changes to the 'post-submit' code in this function
1611 * need to be carried over to hfa384x_cbwmem() since the handling
1612 * is virtually identical.
1615 * hw device structure
1616 * mode DOWAIT or DOASYNC
1617 * page MAC address space page (CMD format)
1618 * offset MAC address space offset
1619 * data Ptr to data buffer containing write data
1620 * len Length of the data to read (max == 2048)
1621 * cmdcb command callback for async calls, NULL for DOWAIT calls
1622 * usercb user callback for async calls, NULL for DOWAIT calls
1623 * usercb_data user supplied data pointer for async calls.
1627 * -ETIMEDOUT timed out waiting for register ready or
1628 * command completion
1629 * >0 command indicated error, Status and Resp0-2 are
1635 * interrupt (DOWAIT)
1636 * process (DOWAIT or DOASYNC)
1637 ----------------------------------------------------------------*/
1639 hfa384x_dowmem(hfa384x_t
*hw
,
1645 ctlx_cmdcb_t cmdcb
, ctlx_usercb_t usercb
, void *usercb_data
)
1648 hfa384x_usbctlx_t
*ctlx
;
1650 pr_debug("page=0x%04x offset=0x%04x len=%d\n", page
, offset
, len
);
1652 ctlx
= usbctlx_alloc();
1658 /* Initialize the command */
1659 ctlx
->outbuf
.wmemreq
.type
= cpu_to_le16(HFA384x_USB_WMEMREQ
);
1660 ctlx
->outbuf
.wmemreq
.frmlen
=
1661 cpu_to_le16(sizeof(ctlx
->outbuf
.wmemreq
.offset
) +
1662 sizeof(ctlx
->outbuf
.wmemreq
.page
) + len
);
1663 ctlx
->outbuf
.wmemreq
.offset
= cpu_to_le16(offset
);
1664 ctlx
->outbuf
.wmemreq
.page
= cpu_to_le16(page
);
1665 memcpy(ctlx
->outbuf
.wmemreq
.data
, data
, len
);
1667 ctlx
->outbufsize
= sizeof(ctlx
->outbuf
.wmemreq
.type
) +
1668 sizeof(ctlx
->outbuf
.wmemreq
.frmlen
) +
1669 sizeof(ctlx
->outbuf
.wmemreq
.offset
) +
1670 sizeof(ctlx
->outbuf
.wmemreq
.page
) + len
;
1672 ctlx
->reapable
= mode
;
1673 ctlx
->cmdcb
= cmdcb
;
1674 ctlx
->usercb
= usercb
;
1675 ctlx
->usercb_data
= usercb_data
;
1677 result
= hfa384x_usbctlx_submit(hw
, ctlx
);
1680 } else if (mode
== DOWAIT
) {
1681 struct usbctlx_cmd_completor completor
;
1682 hfa384x_cmdresult_t wmemresult
;
1684 result
= hfa384x_usbctlx_complete_sync(hw
,
1688 &ctlx
->inbuf
.wmemresp
,
1696 /*----------------------------------------------------------------
1697 * hfa384x_drvr_disable
1699 * Issues the disable command to stop communications on one of
1700 * the MACs 'ports'. Only macport 0 is valid for stations.
1701 * APs may also disable macports 1-6. Only ports that have been
1702 * previously enabled may be disabled.
1705 * hw device structure
1706 * macport MAC port number (host order)
1710 * >0 f/w reported failure - f/w status code
1711 * <0 driver reported error (timeout|bad arg)
1717 ----------------------------------------------------------------*/
1718 int hfa384x_drvr_disable(hfa384x_t
*hw
, u16 macport
)
1722 if ((!hw
->isap
&& macport
!= 0) ||
1723 (hw
->isap
&& !(macport
<= HFA384x_PORTID_MAX
)) ||
1724 !(hw
->port_enabled
[macport
])) {
1727 result
= hfa384x_cmd_disable(hw
, macport
);
1729 hw
->port_enabled
[macport
] = 0;
1734 /*----------------------------------------------------------------
1735 * hfa384x_drvr_enable
1737 * Issues the enable command to enable communications on one of
1738 * the MACs 'ports'. Only macport 0 is valid for stations.
1739 * APs may also enable macports 1-6. Only ports that are currently
1740 * disabled may be enabled.
1743 * hw device structure
1744 * macport MAC port number
1748 * >0 f/w reported failure - f/w status code
1749 * <0 driver reported error (timeout|bad arg)
1755 ----------------------------------------------------------------*/
1756 int hfa384x_drvr_enable(hfa384x_t
*hw
, u16 macport
)
1760 if ((!hw
->isap
&& macport
!= 0) ||
1761 (hw
->isap
&& !(macport
<= HFA384x_PORTID_MAX
)) ||
1762 (hw
->port_enabled
[macport
])) {
1765 result
= hfa384x_cmd_enable(hw
, macport
);
1767 hw
->port_enabled
[macport
] = 1;
1772 /*----------------------------------------------------------------
1773 * hfa384x_drvr_flashdl_enable
1775 * Begins the flash download state. Checks to see that we're not
1776 * already in a download state and that a port isn't enabled.
1777 * Sets the download state and retrieves the flash download
1778 * buffer location, buffer size, and timeout length.
1781 * hw device structure
1785 * >0 f/w reported error - f/w status code
1786 * <0 driver reported error
1792 ----------------------------------------------------------------*/
1793 int hfa384x_drvr_flashdl_enable(hfa384x_t
*hw
)
1798 /* Check that a port isn't active */
1799 for (i
= 0; i
< HFA384x_PORTID_MAX
; i
++) {
1800 if (hw
->port_enabled
[i
]) {
1801 pr_debug("called when port enabled.\n");
1806 /* Check that we're not already in a download state */
1807 if (hw
->dlstate
!= HFA384x_DLSTATE_DISABLED
)
1810 /* Retrieve the buffer loc&size and timeout */
1811 result
= hfa384x_drvr_getconfig(hw
, HFA384x_RID_DOWNLOADBUFFER
,
1812 &(hw
->bufinfo
), sizeof(hw
->bufinfo
));
1816 hw
->bufinfo
.page
= le16_to_cpu(hw
->bufinfo
.page
);
1817 hw
->bufinfo
.offset
= le16_to_cpu(hw
->bufinfo
.offset
);
1818 hw
->bufinfo
.len
= le16_to_cpu(hw
->bufinfo
.len
);
1819 result
= hfa384x_drvr_getconfig16(hw
, HFA384x_RID_MAXLOADTIME
,
1824 hw
->dltimeout
= le16_to_cpu(hw
->dltimeout
);
1826 pr_debug("flashdl_enable\n");
1828 hw
->dlstate
= HFA384x_DLSTATE_FLASHENABLED
;
1833 /*----------------------------------------------------------------
1834 * hfa384x_drvr_flashdl_disable
1836 * Ends the flash download state. Note that this will cause the MAC
1837 * firmware to restart.
1840 * hw device structure
1844 * >0 f/w reported error - f/w status code
1845 * <0 driver reported error
1851 ----------------------------------------------------------------*/
1852 int hfa384x_drvr_flashdl_disable(hfa384x_t
*hw
)
1854 /* Check that we're already in the download state */
1855 if (hw
->dlstate
!= HFA384x_DLSTATE_FLASHENABLED
)
1858 pr_debug("flashdl_enable\n");
1860 /* There isn't much we can do at this point, so I don't */
1861 /* bother w/ the return value */
1862 hfa384x_cmd_download(hw
, HFA384x_PROGMODE_DISABLE
, 0, 0, 0);
1863 hw
->dlstate
= HFA384x_DLSTATE_DISABLED
;
1868 /*----------------------------------------------------------------
1869 * hfa384x_drvr_flashdl_write
1871 * Performs a FLASH download of a chunk of data. First checks to see
1872 * that we're in the FLASH download state, then sets the download
1873 * mode, uses the aux functions to 1) copy the data to the flash
1874 * buffer, 2) sets the download 'write flash' mode, 3) readback and
1875 * compare. Lather rinse, repeat as many times an necessary to get
1876 * all the given data into flash.
1877 * When all data has been written using this function (possibly
1878 * repeatedly), call drvr_flashdl_disable() to end the download state
1879 * and restart the MAC.
1882 * hw device structure
1883 * daddr Card address to write to. (host order)
1884 * buf Ptr to data to write.
1885 * len Length of data (host order).
1889 * >0 f/w reported error - f/w status code
1890 * <0 driver reported error
1896 ----------------------------------------------------------------*/
1897 int hfa384x_drvr_flashdl_write(hfa384x_t
*hw
, u32 daddr
, void *buf
, u32 len
)
1914 pr_debug("daddr=0x%08x len=%d\n", daddr
, len
);
1916 /* Check that we're in the flash download state */
1917 if (hw
->dlstate
!= HFA384x_DLSTATE_FLASHENABLED
)
1920 netdev_info(hw
->wlandev
->netdev
,
1921 "Download %d bytes to flash @0x%06x\n", len
, daddr
);
1923 /* Convert to flat address for arithmetic */
1924 /* NOTE: dlbuffer RID stores the address in AUX format */
1926 HFA384x_ADDR_AUX_MKFLAT(hw
->bufinfo
.page
, hw
->bufinfo
.offset
);
1927 pr_debug("dlbuf.page=0x%04x dlbuf.offset=0x%04x dlbufaddr=0x%08x\n",
1928 hw
->bufinfo
.page
, hw
->bufinfo
.offset
, dlbufaddr
);
1929 /* Calculations to determine how many fills of the dlbuffer to do
1930 * and how many USB wmemreq's to do for each fill. At this point
1931 * in time, the dlbuffer size and the wmemreq size are the same.
1932 * Therefore, nwrites should always be 1. The extra complexity
1933 * here is a hedge against future changes.
1936 /* Figure out how many times to do the flash programming */
1937 nburns
= len
/ hw
->bufinfo
.len
;
1938 nburns
+= (len
% hw
->bufinfo
.len
) ? 1 : 0;
1940 /* For each flash program cycle, how many USB wmemreq's are needed? */
1941 nwrites
= hw
->bufinfo
.len
/ HFA384x_USB_RWMEM_MAXLEN
;
1942 nwrites
+= (hw
->bufinfo
.len
% HFA384x_USB_RWMEM_MAXLEN
) ? 1 : 0;
1945 for (i
= 0; i
< nburns
; i
++) {
1946 /* Get the dest address and len */
1947 burnlen
= (len
- (hw
->bufinfo
.len
* i
)) > hw
->bufinfo
.len
?
1948 hw
->bufinfo
.len
: (len
- (hw
->bufinfo
.len
* i
));
1949 burndaddr
= daddr
+ (hw
->bufinfo
.len
* i
);
1950 burnlo
= HFA384x_ADDR_CMD_MKOFF(burndaddr
);
1951 burnhi
= HFA384x_ADDR_CMD_MKPAGE(burndaddr
);
1953 netdev_info(hw
->wlandev
->netdev
, "Writing %d bytes to flash @0x%06x\n",
1954 burnlen
, burndaddr
);
1956 /* Set the download mode */
1957 result
= hfa384x_cmd_download(hw
, HFA384x_PROGMODE_NV
,
1958 burnlo
, burnhi
, burnlen
);
1960 netdev_err(hw
->wlandev
->netdev
,
1961 "download(NV,lo=%x,hi=%x,len=%x) cmd failed, result=%d. Aborting d/l\n",
1962 burnlo
, burnhi
, burnlen
, result
);
1966 /* copy the data to the flash download buffer */
1967 for (j
= 0; j
< nwrites
; j
++) {
1969 (i
* hw
->bufinfo
.len
) +
1970 (j
* HFA384x_USB_RWMEM_MAXLEN
);
1972 writepage
= HFA384x_ADDR_CMD_MKPAGE(dlbufaddr
+
1973 (j
* HFA384x_USB_RWMEM_MAXLEN
));
1974 writeoffset
= HFA384x_ADDR_CMD_MKOFF(dlbufaddr
+
1975 (j
* HFA384x_USB_RWMEM_MAXLEN
));
1977 writelen
= burnlen
- (j
* HFA384x_USB_RWMEM_MAXLEN
);
1978 writelen
= writelen
> HFA384x_USB_RWMEM_MAXLEN
?
1979 HFA384x_USB_RWMEM_MAXLEN
: writelen
;
1981 result
= hfa384x_dowmem_wait(hw
,
1984 writebuf
, writelen
);
1987 /* set the download 'write flash' mode */
1988 result
= hfa384x_cmd_download(hw
,
1989 HFA384x_PROGMODE_NVWRITE
,
1992 netdev_err(hw
->wlandev
->netdev
,
1993 "download(NVWRITE,lo=%x,hi=%x,len=%x) cmd failed, result=%d. Aborting d/l\n",
1994 burnlo
, burnhi
, burnlen
, result
);
1998 /* TODO: We really should do a readback and compare. */
2003 /* Leave the firmware in the 'post-prog' mode. flashdl_disable will */
2004 /* actually disable programming mode. Remember, that will cause the */
2005 /* the firmware to effectively reset itself. */
2010 /*----------------------------------------------------------------
2011 * hfa384x_drvr_getconfig
2013 * Performs the sequence necessary to read a config/info item.
2016 * hw device structure
2017 * rid config/info record id (host order)
2018 * buf host side record buffer. Upon return it will
2019 * contain the body portion of the record (minus the
2021 * len buffer length (in bytes, should match record length)
2025 * >0 f/w reported error - f/w status code
2026 * <0 driver reported error
2027 * -ENODATA length mismatch between argument and retrieved
2034 ----------------------------------------------------------------*/
2035 int hfa384x_drvr_getconfig(hfa384x_t
*hw
, u16 rid
, void *buf
, u16 len
)
2037 return hfa384x_dorrid_wait(hw
, rid
, buf
, len
);
2040 /*----------------------------------------------------------------
2041 * hfa384x_drvr_setconfig_async
2043 * Performs the sequence necessary to write a config/info item.
2046 * hw device structure
2047 * rid config/info record id (in host order)
2048 * buf host side record buffer
2049 * len buffer length (in bytes)
2050 * usercb completion callback
2051 * usercb_data completion callback argument
2055 * >0 f/w reported error - f/w status code
2056 * <0 driver reported error
2062 ----------------------------------------------------------------*/
2064 hfa384x_drvr_setconfig_async(hfa384x_t
*hw
,
2067 u16 len
, ctlx_usercb_t usercb
, void *usercb_data
)
2069 return hfa384x_dowrid_async(hw
, rid
, buf
, len
,
2070 hfa384x_cb_status
, usercb
, usercb_data
);
2073 /*----------------------------------------------------------------
2074 * hfa384x_drvr_ramdl_disable
2076 * Ends the ram download state.
2079 * hw device structure
2083 * >0 f/w reported error - f/w status code
2084 * <0 driver reported error
2090 ----------------------------------------------------------------*/
2091 int hfa384x_drvr_ramdl_disable(hfa384x_t
*hw
)
2093 /* Check that we're already in the download state */
2094 if (hw
->dlstate
!= HFA384x_DLSTATE_RAMENABLED
)
2097 pr_debug("ramdl_disable()\n");
2099 /* There isn't much we can do at this point, so I don't */
2100 /* bother w/ the return value */
2101 hfa384x_cmd_download(hw
, HFA384x_PROGMODE_DISABLE
, 0, 0, 0);
2102 hw
->dlstate
= HFA384x_DLSTATE_DISABLED
;
2107 /*----------------------------------------------------------------
2108 * hfa384x_drvr_ramdl_enable
2110 * Begins the ram download state. Checks to see that we're not
2111 * already in a download state and that a port isn't enabled.
2112 * Sets the download state and calls cmd_download with the
2113 * ENABLE_VOLATILE subcommand and the exeaddr argument.
2116 * hw device structure
2117 * exeaddr the card execution address that will be
2118 * jumped to when ramdl_disable() is called
2123 * >0 f/w reported error - f/w status code
2124 * <0 driver reported error
2130 ----------------------------------------------------------------*/
2131 int hfa384x_drvr_ramdl_enable(hfa384x_t
*hw
, u32 exeaddr
)
2138 /* Check that a port isn't active */
2139 for (i
= 0; i
< HFA384x_PORTID_MAX
; i
++) {
2140 if (hw
->port_enabled
[i
]) {
2141 netdev_err(hw
->wlandev
->netdev
,
2142 "Can't download with a macport enabled.\n");
2147 /* Check that we're not already in a download state */
2148 if (hw
->dlstate
!= HFA384x_DLSTATE_DISABLED
) {
2149 netdev_err(hw
->wlandev
->netdev
, "Download state not disabled.\n");
2153 pr_debug("ramdl_enable, exeaddr=0x%08x\n", exeaddr
);
2155 /* Call the download(1,addr) function */
2156 lowaddr
= HFA384x_ADDR_CMD_MKOFF(exeaddr
);
2157 hiaddr
= HFA384x_ADDR_CMD_MKPAGE(exeaddr
);
2159 result
= hfa384x_cmd_download(hw
, HFA384x_PROGMODE_RAM
,
2160 lowaddr
, hiaddr
, 0);
2163 /* Set the download state */
2164 hw
->dlstate
= HFA384x_DLSTATE_RAMENABLED
;
2166 pr_debug("cmd_download(0x%04x, 0x%04x) failed, result=%d.\n",
2167 lowaddr
, hiaddr
, result
);
2173 /*----------------------------------------------------------------
2174 * hfa384x_drvr_ramdl_write
2176 * Performs a RAM download of a chunk of data. First checks to see
2177 * that we're in the RAM download state, then uses the [read|write]mem USB
2178 * commands to 1) copy the data, 2) readback and compare. The download
2179 * state is unaffected. When all data has been written using
2180 * this function, call drvr_ramdl_disable() to end the download state
2181 * and restart the MAC.
2184 * hw device structure
2185 * daddr Card address to write to. (host order)
2186 * buf Ptr to data to write.
2187 * len Length of data (host order).
2191 * >0 f/w reported error - f/w status code
2192 * <0 driver reported error
2198 ----------------------------------------------------------------*/
2199 int hfa384x_drvr_ramdl_write(hfa384x_t
*hw
, u32 daddr
, void *buf
, u32 len
)
2210 /* Check that we're in the ram download state */
2211 if (hw
->dlstate
!= HFA384x_DLSTATE_RAMENABLED
)
2214 netdev_info(hw
->wlandev
->netdev
, "Writing %d bytes to ram @0x%06x\n",
2217 /* How many dowmem calls? */
2218 nwrites
= len
/ HFA384x_USB_RWMEM_MAXLEN
;
2219 nwrites
+= len
% HFA384x_USB_RWMEM_MAXLEN
? 1 : 0;
2221 /* Do blocking wmem's */
2222 for (i
= 0; i
< nwrites
; i
++) {
2223 /* make address args */
2224 curraddr
= daddr
+ (i
* HFA384x_USB_RWMEM_MAXLEN
);
2225 currpage
= HFA384x_ADDR_CMD_MKPAGE(curraddr
);
2226 curroffset
= HFA384x_ADDR_CMD_MKOFF(curraddr
);
2227 currlen
= len
- (i
* HFA384x_USB_RWMEM_MAXLEN
);
2228 if (currlen
> HFA384x_USB_RWMEM_MAXLEN
)
2229 currlen
= HFA384x_USB_RWMEM_MAXLEN
;
2231 /* Do blocking ctlx */
2232 result
= hfa384x_dowmem_wait(hw
,
2236 (i
* HFA384x_USB_RWMEM_MAXLEN
),
2242 /* TODO: We really should have a readback. */
2248 /*----------------------------------------------------------------
2249 * hfa384x_drvr_readpda
2251 * Performs the sequence to read the PDA space. Note there is no
2252 * drvr_writepda() function. Writing a PDA is
2253 * generally implemented by a calling component via calls to
2254 * cmd_download and writing to the flash download buffer via the
2258 * hw device structure
2259 * buf buffer to store PDA in
2264 * >0 f/w reported error - f/w status code
2265 * <0 driver reported error
2266 * -ETIMEDOUT timeout waiting for the cmd regs to become
2267 * available, or waiting for the control reg
2268 * to indicate the Aux port is enabled.
2269 * -ENODATA the buffer does NOT contain a valid PDA.
2270 * Either the card PDA is bad, or the auxdata
2271 * reads are giving us garbage.
2277 * process or non-card interrupt.
2278 ----------------------------------------------------------------*/
2279 int hfa384x_drvr_readpda(hfa384x_t
*hw
, void *buf
, unsigned int len
)
2285 int currpdr
= 0; /* word offset of the current pdr */
2287 u16 pdrlen
; /* pdr length in bytes, host order */
2288 u16 pdrcode
; /* pdr code, host order */
2296 HFA3842_PDA_BASE
, 0}, {
2297 HFA3841_PDA_BASE
, 0}, {
2298 HFA3841_PDA_BOGUS_BASE
, 0}
2301 /* Read the pda from each known address. */
2302 for (i
= 0; i
< ARRAY_SIZE(pdaloc
); i
++) {
2304 currpage
= HFA384x_ADDR_CMD_MKPAGE(pdaloc
[i
].cardaddr
);
2305 curroffset
= HFA384x_ADDR_CMD_MKOFF(pdaloc
[i
].cardaddr
);
2307 /* units of bytes */
2308 result
= hfa384x_dormem_wait(hw
, currpage
, curroffset
, buf
,
2312 netdev_warn(hw
->wlandev
->netdev
,
2313 "Read from index %zd failed, continuing\n",
2318 /* Test for garbage */
2319 pdaok
= 1; /* initially assume good */
2321 while (pdaok
&& morepdrs
) {
2322 pdrlen
= le16_to_cpu(pda
[currpdr
]) * 2;
2323 pdrcode
= le16_to_cpu(pda
[currpdr
+ 1]);
2324 /* Test the record length */
2325 if (pdrlen
> HFA384x_PDR_LEN_MAX
|| pdrlen
== 0) {
2326 netdev_err(hw
->wlandev
->netdev
,
2327 "pdrlen invalid=%d\n", pdrlen
);
2332 if (!hfa384x_isgood_pdrcode(pdrcode
)) {
2333 netdev_err(hw
->wlandev
->netdev
, "pdrcode invalid=%d\n",
2338 /* Test for completion */
2339 if (pdrcode
== HFA384x_PDR_END_OF_PDA
)
2342 /* Move to the next pdr (if necessary) */
2344 /* note the access to pda[], need words here */
2345 currpdr
+= le16_to_cpu(pda
[currpdr
]) + 1;
2349 netdev_info(hw
->wlandev
->netdev
,
2350 "PDA Read from 0x%08x in %s space.\n",
2352 pdaloc
[i
].auxctl
== 0 ? "EXTDS" :
2353 pdaloc
[i
].auxctl
== 1 ? "NV" :
2354 pdaloc
[i
].auxctl
== 2 ? "PHY" :
2355 pdaloc
[i
].auxctl
== 3 ? "ICSRAM" :
2360 result
= pdaok
? 0 : -ENODATA
;
2363 pr_debug("Failure: pda is not okay\n");
2368 /*----------------------------------------------------------------
2369 * hfa384x_drvr_setconfig
2371 * Performs the sequence necessary to write a config/info item.
2374 * hw device structure
2375 * rid config/info record id (in host order)
2376 * buf host side record buffer
2377 * len buffer length (in bytes)
2381 * >0 f/w reported error - f/w status code
2382 * <0 driver reported error
2388 ----------------------------------------------------------------*/
2389 int hfa384x_drvr_setconfig(hfa384x_t
*hw
, u16 rid
, void *buf
, u16 len
)
2391 return hfa384x_dowrid_wait(hw
, rid
, buf
, len
);
2394 /*----------------------------------------------------------------
2395 * hfa384x_drvr_start
2397 * Issues the MAC initialize command, sets up some data structures,
2398 * and enables the interrupts. After this function completes, the
2399 * low-level stuff should be ready for any/all commands.
2402 * hw device structure
2405 * >0 f/w reported error - f/w status code
2406 * <0 driver reported error
2412 ----------------------------------------------------------------*/
2414 int hfa384x_drvr_start(hfa384x_t
*hw
)
2416 int result
, result1
, result2
;
2421 /* Clear endpoint stalls - but only do this if the endpoint
2422 * is showing a stall status. Some prism2 cards seem to behave
2423 * badly if a clear_halt is called when the endpoint is already
2427 usb_get_status(hw
->usb
, USB_RECIP_ENDPOINT
, hw
->endp_in
, &status
);
2429 netdev_err(hw
->wlandev
->netdev
, "Cannot get bulk in endpoint status.\n");
2432 if ((status
== 1) && usb_clear_halt(hw
->usb
, hw
->endp_in
))
2433 netdev_err(hw
->wlandev
->netdev
, "Failed to reset bulk in endpoint.\n");
2436 usb_get_status(hw
->usb
, USB_RECIP_ENDPOINT
, hw
->endp_out
, &status
);
2438 netdev_err(hw
->wlandev
->netdev
, "Cannot get bulk out endpoint status.\n");
2441 if ((status
== 1) && usb_clear_halt(hw
->usb
, hw
->endp_out
))
2442 netdev_err(hw
->wlandev
->netdev
, "Failed to reset bulk out endpoint.\n");
2444 /* Synchronous unlink, in case we're trying to restart the driver */
2445 usb_kill_urb(&hw
->rx_urb
);
2447 /* Post the IN urb */
2448 result
= submit_rx_urb(hw
, GFP_KERNEL
);
2450 netdev_err(hw
->wlandev
->netdev
,
2451 "Fatal, failed to submit RX URB, result=%d\n",
2456 /* Call initialize twice, with a 1 second sleep in between.
2457 * This is a nasty work-around since many prism2 cards seem to
2458 * need time to settle after an init from cold. The second
2459 * call to initialize in theory is not necessary - but we call
2460 * it anyway as a double insurance policy:
2461 * 1) If the first init should fail, the second may well succeed
2462 * and the card can still be used
2463 * 2) It helps ensures all is well with the card after the first
2464 * init and settle time.
2466 result1
= hfa384x_cmd_initialize(hw
);
2468 result
= hfa384x_cmd_initialize(hw
);
2472 netdev_err(hw
->wlandev
->netdev
,
2473 "cmd_initialize() failed on two attempts, results %d and %d\n",
2475 usb_kill_urb(&hw
->rx_urb
);
2478 pr_debug("First cmd_initialize() failed (result %d),\n",
2480 pr_debug("but second attempt succeeded. All should be ok\n");
2482 } else if (result2
!= 0) {
2483 netdev_warn(hw
->wlandev
->netdev
, "First cmd_initialize() succeeded, but second attempt failed (result=%d)\n",
2485 netdev_warn(hw
->wlandev
->netdev
,
2486 "Most likely the card will be functional\n");
2490 hw
->state
= HFA384x_STATE_RUNNING
;
2496 /*----------------------------------------------------------------
2499 * Shuts down the MAC to the point where it is safe to unload the
2500 * driver. Any subsystem that may be holding a data or function
2501 * ptr into the driver must be cleared/deinitialized.
2504 * hw device structure
2507 * >0 f/w reported error - f/w status code
2508 * <0 driver reported error
2514 ----------------------------------------------------------------*/
2515 int hfa384x_drvr_stop(hfa384x_t
*hw
)
2521 /* There's no need for spinlocks here. The USB "disconnect"
2522 * function sets this "removed" flag and then calls us.
2524 if (!hw
->wlandev
->hwremoved
) {
2525 /* Call initialize to leave the MAC in its 'reset' state */
2526 hfa384x_cmd_initialize(hw
);
2528 /* Cancel the rxurb */
2529 usb_kill_urb(&hw
->rx_urb
);
2532 hw
->link_status
= HFA384x_LINK_NOTCONNECTED
;
2533 hw
->state
= HFA384x_STATE_INIT
;
2535 del_timer_sync(&hw
->commsqual_timer
);
2537 /* Clear all the port status */
2538 for (i
= 0; i
< HFA384x_NUMPORTS_MAX
; i
++)
2539 hw
->port_enabled
[i
] = 0;
2544 /*----------------------------------------------------------------
2545 * hfa384x_drvr_txframe
2547 * Takes a frame from prism2sta and queues it for transmission.
2550 * hw device structure
2551 * skb packet buffer struct. Contains an 802.11
2553 * p80211_hdr points to the 802.11 header for the packet.
2555 * 0 Success and more buffs available
2556 * 1 Success but no more buffs
2557 * 2 Allocation failure
2558 * 4 Buffer full or queue busy
2564 ----------------------------------------------------------------*/
2565 int hfa384x_drvr_txframe(hfa384x_t
*hw
, struct sk_buff
*skb
,
2566 union p80211_hdr
*p80211_hdr
,
2567 struct p80211_metawep
*p80211_wep
)
2569 int usbpktlen
= sizeof(hfa384x_tx_frame_t
);
2574 if (hw
->tx_urb
.status
== -EINPROGRESS
) {
2575 netdev_warn(hw
->wlandev
->netdev
, "TX URB already in use\n");
2580 /* Build Tx frame structure */
2581 /* Set up the control field */
2582 memset(&hw
->txbuff
.txfrm
.desc
, 0, sizeof(hw
->txbuff
.txfrm
.desc
));
2584 /* Setup the usb type field */
2585 hw
->txbuff
.type
= cpu_to_le16(HFA384x_USB_TXFRM
);
2587 /* Set up the sw_support field to identify this frame */
2588 hw
->txbuff
.txfrm
.desc
.sw_support
= 0x0123;
2590 /* Tx complete and Tx exception disable per dleach. Might be causing
2593 /* #define DOEXC SLP -- doboth breaks horribly under load, doexc less so. */
2595 hw
->txbuff
.txfrm
.desc
.tx_control
=
2596 HFA384x_TX_MACPORT_SET(0) | HFA384x_TX_STRUCTYPE_SET(1) |
2597 HFA384x_TX_TXEX_SET(1) | HFA384x_TX_TXOK_SET(1);
2598 #elif defined(DOEXC)
2599 hw
->txbuff
.txfrm
.desc
.tx_control
=
2600 HFA384x_TX_MACPORT_SET(0) | HFA384x_TX_STRUCTYPE_SET(1) |
2601 HFA384x_TX_TXEX_SET(1) | HFA384x_TX_TXOK_SET(0);
2603 hw
->txbuff
.txfrm
.desc
.tx_control
=
2604 HFA384x_TX_MACPORT_SET(0) | HFA384x_TX_STRUCTYPE_SET(1) |
2605 HFA384x_TX_TXEX_SET(0) | HFA384x_TX_TXOK_SET(0);
2607 hw
->txbuff
.txfrm
.desc
.tx_control
=
2608 cpu_to_le16(hw
->txbuff
.txfrm
.desc
.tx_control
);
2610 /* copy the header over to the txdesc */
2611 memcpy(&(hw
->txbuff
.txfrm
.desc
.frame_control
), p80211_hdr
,
2612 sizeof(union p80211_hdr
));
2614 /* if we're using host WEP, increase size by IV+ICV */
2615 if (p80211_wep
->data
) {
2616 hw
->txbuff
.txfrm
.desc
.data_len
= cpu_to_le16(skb
->len
+ 8);
2619 hw
->txbuff
.txfrm
.desc
.data_len
= cpu_to_le16(skb
->len
);
2622 usbpktlen
+= skb
->len
;
2624 /* copy over the WEP IV if we are using host WEP */
2625 ptr
= hw
->txbuff
.txfrm
.data
;
2626 if (p80211_wep
->data
) {
2627 memcpy(ptr
, p80211_wep
->iv
, sizeof(p80211_wep
->iv
));
2628 ptr
+= sizeof(p80211_wep
->iv
);
2629 memcpy(ptr
, p80211_wep
->data
, skb
->len
);
2631 memcpy(ptr
, skb
->data
, skb
->len
);
2633 /* copy over the packet data */
2636 /* copy over the WEP ICV if we are using host WEP */
2637 if (p80211_wep
->data
)
2638 memcpy(ptr
, p80211_wep
->icv
, sizeof(p80211_wep
->icv
));
2640 /* Send the USB packet */
2641 usb_fill_bulk_urb(&(hw
->tx_urb
), hw
->usb
,
2643 &(hw
->txbuff
), ROUNDUP64(usbpktlen
),
2644 hfa384x_usbout_callback
, hw
->wlandev
);
2645 hw
->tx_urb
.transfer_flags
|= USB_QUEUE_BULK
;
2648 ret
= submit_tx_urb(hw
, &hw
->tx_urb
, GFP_ATOMIC
);
2650 netdev_err(hw
->wlandev
->netdev
,
2651 "submit_tx_urb() failed, error=%d\n", ret
);
2659 void hfa384x_tx_timeout(wlandevice_t
*wlandev
)
2661 hfa384x_t
*hw
= wlandev
->priv
;
2662 unsigned long flags
;
2664 spin_lock_irqsave(&hw
->ctlxq
.lock
, flags
);
2666 if (!hw
->wlandev
->hwremoved
) {
2669 sched
= !test_and_set_bit(WORK_TX_HALT
, &hw
->usb_flags
);
2670 sched
|= !test_and_set_bit(WORK_RX_HALT
, &hw
->usb_flags
);
2672 schedule_work(&hw
->usb_work
);
2675 spin_unlock_irqrestore(&hw
->ctlxq
.lock
, flags
);
2678 /*----------------------------------------------------------------
2679 * hfa384x_usbctlx_reaper_task
2681 * Tasklet to delete dead CTLX objects
2684 * data ptr to a hfa384x_t
2690 ----------------------------------------------------------------*/
2691 static void hfa384x_usbctlx_reaper_task(unsigned long data
)
2693 hfa384x_t
*hw
= (hfa384x_t
*)data
;
2694 hfa384x_usbctlx_t
*ctlx
, *temp
;
2695 unsigned long flags
;
2697 spin_lock_irqsave(&hw
->ctlxq
.lock
, flags
);
2699 /* This list is guaranteed to be empty if someone
2700 * has unplugged the adapter.
2702 list_for_each_entry_safe(ctlx
, temp
, &hw
->ctlxq
.reapable
, list
) {
2703 list_del(&ctlx
->list
);
2707 spin_unlock_irqrestore(&hw
->ctlxq
.lock
, flags
);
2710 /*----------------------------------------------------------------
2711 * hfa384x_usbctlx_completion_task
2713 * Tasklet to call completion handlers for returned CTLXs
2716 * data ptr to hfa384x_t
2723 ----------------------------------------------------------------*/
2724 static void hfa384x_usbctlx_completion_task(unsigned long data
)
2726 hfa384x_t
*hw
= (hfa384x_t
*)data
;
2727 hfa384x_usbctlx_t
*ctlx
, *temp
;
2728 unsigned long flags
;
2732 spin_lock_irqsave(&hw
->ctlxq
.lock
, flags
);
2734 /* This list is guaranteed to be empty if someone
2735 * has unplugged the adapter ...
2737 list_for_each_entry_safe(ctlx
, temp
, &hw
->ctlxq
.completing
, list
) {
2738 /* Call the completion function that this
2739 * command was assigned, assuming it has one.
2742 spin_unlock_irqrestore(&hw
->ctlxq
.lock
, flags
);
2743 ctlx
->cmdcb(hw
, ctlx
);
2744 spin_lock_irqsave(&hw
->ctlxq
.lock
, flags
);
2746 /* Make sure we don't try and complete
2747 * this CTLX more than once!
2751 /* Did someone yank the adapter out
2752 * while our list was (briefly) unlocked?
2754 if (hw
->wlandev
->hwremoved
) {
2761 * "Reapable" CTLXs are ones which don't have any
2762 * threads waiting for them to die. Hence they must
2763 * be delivered to The Reaper!
2765 if (ctlx
->reapable
) {
2766 /* Move the CTLX off the "completing" list (hopefully)
2767 * on to the "reapable" list where the reaper task
2768 * can find it. And "reapable" means that this CTLX
2769 * isn't sitting on a wait-queue somewhere.
2771 list_move_tail(&ctlx
->list
, &hw
->ctlxq
.reapable
);
2775 complete(&ctlx
->done
);
2777 spin_unlock_irqrestore(&hw
->ctlxq
.lock
, flags
);
2780 tasklet_schedule(&hw
->reaper_bh
);
2783 /*----------------------------------------------------------------
2784 * unlocked_usbctlx_cancel_async
2786 * Mark the CTLX dead asynchronously, and ensure that the
2787 * next command on the queue is run afterwards.
2790 * hw ptr to the hfa384x_t structure
2791 * ctlx ptr to a CTLX structure
2794 * 0 the CTLX's URB is inactive
2795 * -EINPROGRESS the URB is currently being unlinked
2798 * Either process or interrupt, but presumably interrupt
2799 ----------------------------------------------------------------*/
2800 static int unlocked_usbctlx_cancel_async(hfa384x_t
*hw
,
2801 hfa384x_usbctlx_t
*ctlx
)
2806 * Try to delete the URB containing our request packet.
2807 * If we succeed, then its completion handler will be
2808 * called with a status of -ECONNRESET.
2810 hw
->ctlx_urb
.transfer_flags
|= URB_ASYNC_UNLINK
;
2811 ret
= usb_unlink_urb(&hw
->ctlx_urb
);
2813 if (ret
!= -EINPROGRESS
) {
2815 * The OUT URB had either already completed
2816 * or was still in the pending queue, so the
2817 * URB's completion function will not be called.
2818 * We will have to complete the CTLX ourselves.
2820 ctlx
->state
= CTLX_REQ_FAILED
;
2821 unlocked_usbctlx_complete(hw
, ctlx
);
2828 /*----------------------------------------------------------------
2829 * unlocked_usbctlx_complete
2831 * A CTLX has completed. It may have been successful, it may not
2832 * have been. At this point, the CTLX should be quiescent. The URBs
2833 * aren't active and the timers should have been stopped.
2835 * The CTLX is migrated to the "completing" queue, and the completing
2836 * tasklet is scheduled.
2839 * hw ptr to a hfa384x_t structure
2840 * ctlx ptr to a ctlx structure
2848 * Either, assume interrupt
2849 ----------------------------------------------------------------*/
2850 static void unlocked_usbctlx_complete(hfa384x_t
*hw
, hfa384x_usbctlx_t
*ctlx
)
2852 /* Timers have been stopped, and ctlx should be in
2853 * a terminal state. Retire it from the "active"
2856 list_move_tail(&ctlx
->list
, &hw
->ctlxq
.completing
);
2857 tasklet_schedule(&hw
->completion_bh
);
2859 switch (ctlx
->state
) {
2861 case CTLX_REQ_FAILED
:
2862 /* This are the correct terminating states. */
2866 netdev_err(hw
->wlandev
->netdev
, "CTLX[%d] not in a terminating state(%s)\n",
2867 le16_to_cpu(ctlx
->outbuf
.type
),
2868 ctlxstr(ctlx
->state
));
2873 /*----------------------------------------------------------------
2874 * hfa384x_usbctlxq_run
2876 * Checks to see if the head item is running. If not, starts it.
2879 * hw ptr to hfa384x_t
2888 ----------------------------------------------------------------*/
2889 static void hfa384x_usbctlxq_run(hfa384x_t
*hw
)
2891 unsigned long flags
;
2894 spin_lock_irqsave(&hw
->ctlxq
.lock
, flags
);
2896 /* Only one active CTLX at any one time, because there's no
2897 * other (reliable) way to match the response URB to the
2900 * Don't touch any of these CTLXs if the hardware
2901 * has been removed or the USB subsystem is stalled.
2903 if (!list_empty(&hw
->ctlxq
.active
) ||
2904 test_bit(WORK_TX_HALT
, &hw
->usb_flags
) || hw
->wlandev
->hwremoved
)
2907 while (!list_empty(&hw
->ctlxq
.pending
)) {
2908 hfa384x_usbctlx_t
*head
;
2911 /* This is the first pending command */
2912 head
= list_entry(hw
->ctlxq
.pending
.next
,
2913 hfa384x_usbctlx_t
, list
);
2915 /* We need to split this off to avoid a race condition */
2916 list_move_tail(&head
->list
, &hw
->ctlxq
.active
);
2918 /* Fill the out packet */
2919 usb_fill_bulk_urb(&(hw
->ctlx_urb
), hw
->usb
,
2921 &(head
->outbuf
), ROUNDUP64(head
->outbufsize
),
2922 hfa384x_ctlxout_callback
, hw
);
2923 hw
->ctlx_urb
.transfer_flags
|= USB_QUEUE_BULK
;
2925 /* Now submit the URB and update the CTLX's state */
2926 result
= usb_submit_urb(&hw
->ctlx_urb
, GFP_ATOMIC
);
2928 /* This CTLX is now running on the active queue */
2929 head
->state
= CTLX_REQ_SUBMITTED
;
2931 /* Start the OUT wait timer */
2932 hw
->req_timer_done
= 0;
2933 hw
->reqtimer
.expires
= jiffies
+ HZ
;
2934 add_timer(&hw
->reqtimer
);
2936 /* Start the IN wait timer */
2937 hw
->resp_timer_done
= 0;
2938 hw
->resptimer
.expires
= jiffies
+ 2 * HZ
;
2939 add_timer(&hw
->resptimer
);
2944 if (result
== -EPIPE
) {
2945 /* The OUT pipe needs resetting, so put
2946 * this CTLX back in the "pending" queue
2947 * and schedule a reset ...
2949 netdev_warn(hw
->wlandev
->netdev
,
2950 "%s tx pipe stalled: requesting reset\n",
2951 hw
->wlandev
->netdev
->name
);
2952 list_move(&head
->list
, &hw
->ctlxq
.pending
);
2953 set_bit(WORK_TX_HALT
, &hw
->usb_flags
);
2954 schedule_work(&hw
->usb_work
);
2958 if (result
== -ESHUTDOWN
) {
2959 netdev_warn(hw
->wlandev
->netdev
, "%s urb shutdown!\n",
2960 hw
->wlandev
->netdev
->name
);
2964 netdev_err(hw
->wlandev
->netdev
, "Failed to submit CTLX[%d]: error=%d\n",
2965 le16_to_cpu(head
->outbuf
.type
), result
);
2966 unlocked_usbctlx_complete(hw
, head
);
2970 spin_unlock_irqrestore(&hw
->ctlxq
.lock
, flags
);
2973 /*----------------------------------------------------------------
2974 * hfa384x_usbin_callback
2976 * Callback for URBs on the BULKIN endpoint.
2979 * urb ptr to the completed urb
2988 ----------------------------------------------------------------*/
2989 static void hfa384x_usbin_callback(struct urb
*urb
)
2991 wlandevice_t
*wlandev
= urb
->context
;
2993 hfa384x_usbin_t
*usbin
= (hfa384x_usbin_t
*)urb
->transfer_buffer
;
2994 struct sk_buff
*skb
= NULL
;
3005 if (!wlandev
|| !wlandev
->netdev
|| wlandev
->hwremoved
)
3012 skb
= hw
->rx_urb_skb
;
3013 BUG_ON(!skb
|| (skb
->data
!= urb
->transfer_buffer
));
3015 hw
->rx_urb_skb
= NULL
;
3017 /* Check for error conditions within the URB */
3018 switch (urb
->status
) {
3022 /* Check for short packet */
3023 if (urb
->actual_length
== 0) {
3024 wlandev
->netdev
->stats
.rx_errors
++;
3025 wlandev
->netdev
->stats
.rx_length_errors
++;
3031 netdev_warn(hw
->wlandev
->netdev
, "%s rx pipe stalled: requesting reset\n",
3032 wlandev
->netdev
->name
);
3033 if (!test_and_set_bit(WORK_RX_HALT
, &hw
->usb_flags
))
3034 schedule_work(&hw
->usb_work
);
3035 wlandev
->netdev
->stats
.rx_errors
++;
3042 if (!test_and_set_bit(THROTTLE_RX
, &hw
->usb_flags
) &&
3043 !timer_pending(&hw
->throttle
)) {
3044 mod_timer(&hw
->throttle
, jiffies
+ THROTTLE_JIFFIES
);
3046 wlandev
->netdev
->stats
.rx_errors
++;
3051 wlandev
->netdev
->stats
.rx_over_errors
++;
3057 pr_debug("status=%d, device removed.\n", urb
->status
);
3063 pr_debug("status=%d, urb explicitly unlinked.\n", urb
->status
);
3068 pr_debug("urb status=%d, transfer flags=0x%x\n",
3069 urb
->status
, urb
->transfer_flags
);
3070 wlandev
->netdev
->stats
.rx_errors
++;
3075 urb_status
= urb
->status
;
3077 if (action
!= ABORT
) {
3078 /* Repost the RX URB */
3079 result
= submit_rx_urb(hw
, GFP_ATOMIC
);
3082 netdev_err(hw
->wlandev
->netdev
,
3083 "Fatal, failed to resubmit rx_urb. error=%d\n",
3088 /* Handle any USB-IN packet */
3089 /* Note: the check of the sw_support field, the type field doesn't
3090 * have bit 12 set like the docs suggest.
3092 type
= le16_to_cpu(usbin
->type
);
3093 if (HFA384x_USB_ISRXFRM(type
)) {
3094 if (action
== HANDLE
) {
3095 if (usbin
->txfrm
.desc
.sw_support
== 0x0123) {
3096 hfa384x_usbin_txcompl(wlandev
, usbin
);
3098 skb_put(skb
, sizeof(*usbin
));
3099 hfa384x_usbin_rx(wlandev
, skb
);
3105 if (HFA384x_USB_ISTXFRM(type
)) {
3106 if (action
== HANDLE
)
3107 hfa384x_usbin_txcompl(wlandev
, usbin
);
3111 case HFA384x_USB_INFOFRM
:
3112 if (action
== ABORT
)
3114 if (action
== HANDLE
)
3115 hfa384x_usbin_info(wlandev
, usbin
);
3118 case HFA384x_USB_CMDRESP
:
3119 case HFA384x_USB_WRIDRESP
:
3120 case HFA384x_USB_RRIDRESP
:
3121 case HFA384x_USB_WMEMRESP
:
3122 case HFA384x_USB_RMEMRESP
:
3123 /* ALWAYS, ALWAYS, ALWAYS handle this CTLX!!!! */
3124 hfa384x_usbin_ctlx(hw
, usbin
, urb_status
);
3127 case HFA384x_USB_BUFAVAIL
:
3128 pr_debug("Received BUFAVAIL packet, frmlen=%d\n",
3129 usbin
->bufavail
.frmlen
);
3132 case HFA384x_USB_ERROR
:
3133 pr_debug("Received USB_ERROR packet, errortype=%d\n",
3134 usbin
->usberror
.errortype
);
3138 pr_debug("Unrecognized USBIN packet, type=%x, status=%d\n",
3139 usbin
->type
, urb_status
);
3149 /*----------------------------------------------------------------
3150 * hfa384x_usbin_ctlx
3152 * We've received a URB containing a Prism2 "response" message.
3153 * This message needs to be matched up with a CTLX on the active
3154 * queue and our state updated accordingly.
3157 * hw ptr to hfa384x_t
3158 * usbin ptr to USB IN packet
3159 * urb_status status of this Bulk-In URB
3168 ----------------------------------------------------------------*/
3169 static void hfa384x_usbin_ctlx(hfa384x_t
*hw
, hfa384x_usbin_t
*usbin
,
3172 hfa384x_usbctlx_t
*ctlx
;
3174 unsigned long flags
;
3177 spin_lock_irqsave(&hw
->ctlxq
.lock
, flags
);
3179 /* There can be only one CTLX on the active queue
3180 * at any one time, and this is the CTLX that the
3181 * timers are waiting for.
3183 if (list_empty(&hw
->ctlxq
.active
))
3186 /* Remove the "response timeout". It's possible that
3187 * we are already too late, and that the timeout is
3188 * already running. And that's just too bad for us,
3189 * because we could lose our CTLX from the active
3192 if (del_timer(&hw
->resptimer
) == 0) {
3193 if (hw
->resp_timer_done
== 0) {
3194 spin_unlock_irqrestore(&hw
->ctlxq
.lock
, flags
);
3198 hw
->resp_timer_done
= 1;
3201 ctlx
= get_active_ctlx(hw
);
3203 if (urb_status
!= 0) {
3205 * Bad CTLX, so get rid of it. But we only
3206 * remove it from the active queue if we're no
3207 * longer expecting the OUT URB to complete.
3209 if (unlocked_usbctlx_cancel_async(hw
, ctlx
) == 0)
3212 const __le16 intype
= (usbin
->type
& ~cpu_to_le16(0x8000));
3215 * Check that our message is what we're expecting ...
3217 if (ctlx
->outbuf
.type
!= intype
) {
3218 netdev_warn(hw
->wlandev
->netdev
,
3219 "Expected IN[%d], received IN[%d] - ignored.\n",
3220 le16_to_cpu(ctlx
->outbuf
.type
),
3221 le16_to_cpu(intype
));
3225 /* This URB has succeeded, so grab the data ... */
3226 memcpy(&ctlx
->inbuf
, usbin
, sizeof(ctlx
->inbuf
));
3228 switch (ctlx
->state
) {
3229 case CTLX_REQ_SUBMITTED
:
3231 * We have received our response URB before
3232 * our request has been acknowledged. Odd,
3233 * but our OUT URB is still alive...
3235 pr_debug("Causality violation: please reboot Universe\n");
3236 ctlx
->state
= CTLX_RESP_COMPLETE
;
3239 case CTLX_REQ_COMPLETE
:
3241 * This is the usual path: our request
3242 * has already been acknowledged, and
3243 * now we have received the reply too.
3245 ctlx
->state
= CTLX_COMPLETE
;
3246 unlocked_usbctlx_complete(hw
, ctlx
);
3252 * Throw this CTLX away ...
3254 netdev_err(hw
->wlandev
->netdev
,
3255 "Matched IN URB, CTLX[%d] in invalid state(%s). Discarded.\n",
3256 le16_to_cpu(ctlx
->outbuf
.type
),
3257 ctlxstr(ctlx
->state
));
3258 if (unlocked_usbctlx_cancel_async(hw
, ctlx
) == 0)
3265 spin_unlock_irqrestore(&hw
->ctlxq
.lock
, flags
);
3268 hfa384x_usbctlxq_run(hw
);
3271 /*----------------------------------------------------------------
3272 * hfa384x_usbin_txcompl
3274 * At this point we have the results of a previous transmit.
3277 * wlandev wlan device
3278 * usbin ptr to the usb transfer buffer
3287 ----------------------------------------------------------------*/
3288 static void hfa384x_usbin_txcompl(wlandevice_t
*wlandev
,
3289 hfa384x_usbin_t
*usbin
)
3293 status
= le16_to_cpu(usbin
->type
); /* yeah I know it says type... */
3295 /* Was there an error? */
3296 if (HFA384x_TXSTATUS_ISERROR(status
))
3297 prism2sta_ev_txexc(wlandev
, status
);
3299 prism2sta_ev_tx(wlandev
, status
);
3302 /*----------------------------------------------------------------
3305 * At this point we have a successful received a rx frame packet.
3308 * wlandev wlan device
3309 * usbin ptr to the usb transfer buffer
3318 ----------------------------------------------------------------*/
3319 static void hfa384x_usbin_rx(wlandevice_t
*wlandev
, struct sk_buff
*skb
)
3321 hfa384x_usbin_t
*usbin
= (hfa384x_usbin_t
*)skb
->data
;
3322 hfa384x_t
*hw
= wlandev
->priv
;
3324 struct p80211_rxmeta
*rxmeta
;
3328 /* Byte order convert once up front. */
3329 usbin
->rxfrm
.desc
.status
= le16_to_cpu(usbin
->rxfrm
.desc
.status
);
3330 usbin
->rxfrm
.desc
.time
= le32_to_cpu(usbin
->rxfrm
.desc
.time
);
3332 /* Now handle frame based on port# */
3333 switch (HFA384x_RXSTATUS_MACPORT_GET(usbin
->rxfrm
.desc
.status
)) {
3335 fc
= le16_to_cpu(usbin
->rxfrm
.desc
.frame_control
);
3337 /* If exclude and we receive an unencrypted, drop it */
3338 if ((wlandev
->hostwep
& HOSTWEP_EXCLUDEUNENCRYPTED
) &&
3339 !WLAN_GET_FC_ISWEP(fc
)) {
3343 data_len
= le16_to_cpu(usbin
->rxfrm
.desc
.data_len
);
3345 /* How much header data do we have? */
3346 hdrlen
= p80211_headerlen(fc
);
3348 /* Pull off the descriptor */
3349 skb_pull(skb
, sizeof(hfa384x_rx_frame_t
));
3351 /* Now shunt the header block up against the data block
3352 * with an "overlapping" copy
3354 memmove(skb_push(skb
, hdrlen
),
3355 &usbin
->rxfrm
.desc
.frame_control
, hdrlen
);
3357 skb
->dev
= wlandev
->netdev
;
3358 skb
->dev
->last_rx
= jiffies
;
3360 /* And set the frame length properly */
3361 skb_trim(skb
, data_len
+ hdrlen
);
3363 /* The prism2 series does not return the CRC */
3364 memset(skb_put(skb
, WLAN_CRC_LEN
), 0xff, WLAN_CRC_LEN
);
3366 skb_reset_mac_header(skb
);
3368 /* Attach the rxmeta, set some stuff */
3369 p80211skb_rxmeta_attach(wlandev
, skb
);
3370 rxmeta
= P80211SKB_RXMETA(skb
);
3371 rxmeta
->mactime
= usbin
->rxfrm
.desc
.time
;
3372 rxmeta
->rxrate
= usbin
->rxfrm
.desc
.rate
;
3373 rxmeta
->signal
= usbin
->rxfrm
.desc
.signal
- hw
->dbmadjust
;
3374 rxmeta
->noise
= usbin
->rxfrm
.desc
.silence
- hw
->dbmadjust
;
3376 p80211netdev_rx(wlandev
, skb
);
3381 if (!HFA384x_RXSTATUS_ISFCSERR(usbin
->rxfrm
.desc
.status
)) {
3382 /* Copy to wlansnif skb */
3383 hfa384x_int_rxmonitor(wlandev
, &usbin
->rxfrm
);
3386 pr_debug("Received monitor frame: FCSerr set\n");
3391 netdev_warn(hw
->wlandev
->netdev
, "Received frame on unsupported port=%d\n",
3392 HFA384x_RXSTATUS_MACPORT_GET(
3393 usbin
->rxfrm
.desc
.status
));
3398 /*----------------------------------------------------------------
3399 * hfa384x_int_rxmonitor
3401 * Helper function for int_rx. Handles monitor frames.
3402 * Note that this function allocates space for the FCS and sets it
3403 * to 0xffffffff. The hfa384x doesn't give us the FCS value but the
3404 * higher layers expect it. 0xffffffff is used as a flag to indicate
3408 * wlandev wlan device structure
3409 * rxfrm rx descriptor read from card in int_rx
3415 * Allocates an skb and passes it up via the PF_PACKET interface.
3418 ----------------------------------------------------------------*/
3419 static void hfa384x_int_rxmonitor(wlandevice_t
*wlandev
,
3420 hfa384x_usb_rxfrm_t
*rxfrm
)
3422 hfa384x_rx_frame_t
*rxdesc
= &(rxfrm
->desc
);
3423 unsigned int hdrlen
= 0;
3424 unsigned int datalen
= 0;
3425 unsigned int skblen
= 0;
3428 struct sk_buff
*skb
;
3429 hfa384x_t
*hw
= wlandev
->priv
;
3431 /* Remember the status, time, and data_len fields are in host order */
3432 /* Figure out how big the frame is */
3433 fc
= le16_to_cpu(rxdesc
->frame_control
);
3434 hdrlen
= p80211_headerlen(fc
);
3435 datalen
= le16_to_cpu(rxdesc
->data_len
);
3437 /* Allocate an ind message+framesize skb */
3438 skblen
= sizeof(struct p80211_caphdr
) + hdrlen
+ datalen
+ WLAN_CRC_LEN
;
3440 /* sanity check the length */
3442 (sizeof(struct p80211_caphdr
) +
3443 WLAN_HDR_A4_LEN
+ WLAN_DATA_MAXLEN
+ WLAN_CRC_LEN
)) {
3444 pr_debug("overlen frm: len=%zd\n",
3445 skblen
- sizeof(struct p80211_caphdr
));
3448 skb
= dev_alloc_skb(skblen
);
3452 /* only prepend the prism header if in the right mode */
3453 if ((wlandev
->netdev
->type
== ARPHRD_IEEE80211_PRISM
) &&
3454 (hw
->sniffhdr
!= 0)) {
3455 struct p80211_caphdr
*caphdr
;
3456 /* The NEW header format! */
3457 datap
= skb_put(skb
, sizeof(struct p80211_caphdr
));
3458 caphdr
= (struct p80211_caphdr
*)datap
;
3460 caphdr
->version
= htonl(P80211CAPTURE_VERSION
);
3461 caphdr
->length
= htonl(sizeof(struct p80211_caphdr
));
3462 caphdr
->mactime
= __cpu_to_be64(rxdesc
->time
) * 1000;
3463 caphdr
->hosttime
= __cpu_to_be64(jiffies
);
3464 caphdr
->phytype
= htonl(4); /* dss_dot11_b */
3465 caphdr
->channel
= htonl(hw
->sniff_channel
);
3466 caphdr
->datarate
= htonl(rxdesc
->rate
);
3467 caphdr
->antenna
= htonl(0); /* unknown */
3468 caphdr
->priority
= htonl(0); /* unknown */
3469 caphdr
->ssi_type
= htonl(3); /* rssi_raw */
3470 caphdr
->ssi_signal
= htonl(rxdesc
->signal
);
3471 caphdr
->ssi_noise
= htonl(rxdesc
->silence
);
3472 caphdr
->preamble
= htonl(0); /* unknown */
3473 caphdr
->encoding
= htonl(1); /* cck */
3476 /* Copy the 802.11 header to the skb
3477 (ctl frames may be less than a full header) */
3478 datap
= skb_put(skb
, hdrlen
);
3479 memcpy(datap
, &(rxdesc
->frame_control
), hdrlen
);
3481 /* If any, copy the data from the card to the skb */
3483 datap
= skb_put(skb
, datalen
);
3484 memcpy(datap
, rxfrm
->data
, datalen
);
3486 /* check for unencrypted stuff if WEP bit set. */
3487 if (*(datap
- hdrlen
+ 1) & 0x40) /* wep set */
3488 if ((*(datap
) == 0xaa) && (*(datap
+ 1) == 0xaa))
3489 /* clear wep; it's the 802.2 header! */
3490 *(datap
- hdrlen
+ 1) &= 0xbf;
3493 if (hw
->sniff_fcs
) {
3495 datap
= skb_put(skb
, WLAN_CRC_LEN
);
3496 memset(datap
, 0xff, WLAN_CRC_LEN
);
3499 /* pass it back up */
3500 p80211netdev_rx(wlandev
, skb
);
3503 /*----------------------------------------------------------------
3504 * hfa384x_usbin_info
3506 * At this point we have a successful received a Prism2 info frame.
3509 * wlandev wlan device
3510 * usbin ptr to the usb transfer buffer
3519 ----------------------------------------------------------------*/
3520 static void hfa384x_usbin_info(wlandevice_t
*wlandev
, hfa384x_usbin_t
*usbin
)
3522 usbin
->infofrm
.info
.framelen
=
3523 le16_to_cpu(usbin
->infofrm
.info
.framelen
);
3524 prism2sta_ev_info(wlandev
, &usbin
->infofrm
.info
);
3527 /*----------------------------------------------------------------
3528 * hfa384x_usbout_callback
3530 * Callback for URBs on the BULKOUT endpoint.
3533 * urb ptr to the completed urb
3542 ----------------------------------------------------------------*/
3543 static void hfa384x_usbout_callback(struct urb
*urb
)
3545 wlandevice_t
*wlandev
= urb
->context
;
3551 if (wlandev
&& wlandev
->netdev
) {
3552 switch (urb
->status
) {
3554 prism2sta_ev_alloc(wlandev
);
3559 hfa384x_t
*hw
= wlandev
->priv
;
3561 netdev_warn(hw
->wlandev
->netdev
,
3562 "%s tx pipe stalled: requesting reset\n",
3563 wlandev
->netdev
->name
);
3564 if (!test_and_set_bit
3565 (WORK_TX_HALT
, &hw
->usb_flags
))
3566 schedule_work(&hw
->usb_work
);
3567 wlandev
->netdev
->stats
.tx_errors
++;
3575 hfa384x_t
*hw
= wlandev
->priv
;
3577 if (!test_and_set_bit
3578 (THROTTLE_TX
, &hw
->usb_flags
) &&
3579 !timer_pending(&hw
->throttle
)) {
3580 mod_timer(&hw
->throttle
,
3581 jiffies
+ THROTTLE_JIFFIES
);
3583 wlandev
->netdev
->stats
.tx_errors
++;
3584 netif_stop_queue(wlandev
->netdev
);
3590 /* Ignorable errors */
3594 netdev_info(wlandev
->netdev
, "unknown urb->status=%d\n",
3596 wlandev
->netdev
->stats
.tx_errors
++;
3602 /*----------------------------------------------------------------
3603 * hfa384x_ctlxout_callback
3605 * Callback for control data on the BULKOUT endpoint.
3608 * urb ptr to the completed urb
3617 ----------------------------------------------------------------*/
3618 static void hfa384x_ctlxout_callback(struct urb
*urb
)
3620 hfa384x_t
*hw
= urb
->context
;
3621 int delete_resptimer
= 0;
3624 hfa384x_usbctlx_t
*ctlx
;
3625 unsigned long flags
;
3627 pr_debug("urb->status=%d\n", urb
->status
);
3631 if ((urb
->status
== -ESHUTDOWN
) ||
3632 (urb
->status
== -ENODEV
) || !hw
)
3636 spin_lock_irqsave(&hw
->ctlxq
.lock
, flags
);
3639 * Only one CTLX at a time on the "active" list, and
3640 * none at all if we are unplugged. However, we can
3641 * rely on the disconnect function to clean everything
3642 * up if someone unplugged the adapter.
3644 if (list_empty(&hw
->ctlxq
.active
)) {
3645 spin_unlock_irqrestore(&hw
->ctlxq
.lock
, flags
);
3650 * Having something on the "active" queue means
3651 * that we have timers to worry about ...
3653 if (del_timer(&hw
->reqtimer
) == 0) {
3654 if (hw
->req_timer_done
== 0) {
3656 * This timer was actually running while we
3657 * were trying to delete it. Let it terminate
3658 * gracefully instead.
3660 spin_unlock_irqrestore(&hw
->ctlxq
.lock
, flags
);
3664 hw
->req_timer_done
= 1;
3667 ctlx
= get_active_ctlx(hw
);
3669 if (urb
->status
== 0) {
3670 /* Request portion of a CTLX is successful */
3671 switch (ctlx
->state
) {
3672 case CTLX_REQ_SUBMITTED
:
3673 /* This OUT-ACK received before IN */
3674 ctlx
->state
= CTLX_REQ_COMPLETE
;
3677 case CTLX_RESP_COMPLETE
:
3678 /* IN already received before this OUT-ACK,
3679 * so this command must now be complete.
3681 ctlx
->state
= CTLX_COMPLETE
;
3682 unlocked_usbctlx_complete(hw
, ctlx
);
3687 /* This is NOT a valid CTLX "success" state! */
3688 netdev_err(hw
->wlandev
->netdev
,
3689 "Illegal CTLX[%d] success state(%s, %d) in OUT URB\n",
3690 le16_to_cpu(ctlx
->outbuf
.type
),
3691 ctlxstr(ctlx
->state
), urb
->status
);
3695 /* If the pipe has stalled then we need to reset it */
3696 if ((urb
->status
== -EPIPE
) &&
3697 !test_and_set_bit(WORK_TX_HALT
, &hw
->usb_flags
)) {
3698 netdev_warn(hw
->wlandev
->netdev
,
3699 "%s tx pipe stalled: requesting reset\n",
3700 hw
->wlandev
->netdev
->name
);
3701 schedule_work(&hw
->usb_work
);
3704 /* If someone cancels the OUT URB then its status
3705 * should be either -ECONNRESET or -ENOENT.
3707 ctlx
->state
= CTLX_REQ_FAILED
;
3708 unlocked_usbctlx_complete(hw
, ctlx
);
3709 delete_resptimer
= 1;
3714 if (delete_resptimer
) {
3715 timer_ok
= del_timer(&hw
->resptimer
);
3717 hw
->resp_timer_done
= 1;
3720 spin_unlock_irqrestore(&hw
->ctlxq
.lock
, flags
);
3722 if (!timer_ok
&& (hw
->resp_timer_done
== 0)) {
3723 spin_lock_irqsave(&hw
->ctlxq
.lock
, flags
);
3728 hfa384x_usbctlxq_run(hw
);
3731 /*----------------------------------------------------------------
3732 * hfa384x_usbctlx_reqtimerfn
3734 * Timer response function for CTLX request timeouts. If this
3735 * function is called, it means that the callback for the OUT
3736 * URB containing a Prism2.x XXX_Request was never called.
3739 * data a ptr to the hfa384x_t
3748 ----------------------------------------------------------------*/
3749 static void hfa384x_usbctlx_reqtimerfn(unsigned long data
)
3751 hfa384x_t
*hw
= (hfa384x_t
*)data
;
3752 unsigned long flags
;
3754 spin_lock_irqsave(&hw
->ctlxq
.lock
, flags
);
3756 hw
->req_timer_done
= 1;
3758 /* Removing the hardware automatically empties
3759 * the active list ...
3761 if (!list_empty(&hw
->ctlxq
.active
)) {
3763 * We must ensure that our URB is removed from
3764 * the system, if it hasn't already expired.
3766 hw
->ctlx_urb
.transfer_flags
|= URB_ASYNC_UNLINK
;
3767 if (usb_unlink_urb(&hw
->ctlx_urb
) == -EINPROGRESS
) {
3768 hfa384x_usbctlx_t
*ctlx
= get_active_ctlx(hw
);
3770 ctlx
->state
= CTLX_REQ_FAILED
;
3772 /* This URB was active, but has now been
3773 * cancelled. It will now have a status of
3774 * -ECONNRESET in the callback function.
3776 * We are cancelling this CTLX, so we're
3777 * not going to need to wait for a response.
3778 * The URB's callback function will check
3779 * that this timer is truly dead.
3781 if (del_timer(&hw
->resptimer
) != 0)
3782 hw
->resp_timer_done
= 1;
3786 spin_unlock_irqrestore(&hw
->ctlxq
.lock
, flags
);
3789 /*----------------------------------------------------------------
3790 * hfa384x_usbctlx_resptimerfn
3792 * Timer response function for CTLX response timeouts. If this
3793 * function is called, it means that the callback for the IN
3794 * URB containing a Prism2.x XXX_Response was never called.
3797 * data a ptr to the hfa384x_t
3806 ----------------------------------------------------------------*/
3807 static void hfa384x_usbctlx_resptimerfn(unsigned long data
)
3809 hfa384x_t
*hw
= (hfa384x_t
*)data
;
3810 unsigned long flags
;
3812 spin_lock_irqsave(&hw
->ctlxq
.lock
, flags
);
3814 hw
->resp_timer_done
= 1;
3816 /* The active list will be empty if the
3817 * adapter has been unplugged ...
3819 if (!list_empty(&hw
->ctlxq
.active
)) {
3820 hfa384x_usbctlx_t
*ctlx
= get_active_ctlx(hw
);
3822 if (unlocked_usbctlx_cancel_async(hw
, ctlx
) == 0) {
3823 spin_unlock_irqrestore(&hw
->ctlxq
.lock
, flags
);
3824 hfa384x_usbctlxq_run(hw
);
3828 spin_unlock_irqrestore(&hw
->ctlxq
.lock
, flags
);
3831 /*----------------------------------------------------------------
3832 * hfa384x_usb_throttlefn
3845 ----------------------------------------------------------------*/
3846 static void hfa384x_usb_throttlefn(unsigned long data
)
3848 hfa384x_t
*hw
= (hfa384x_t
*)data
;
3849 unsigned long flags
;
3851 spin_lock_irqsave(&hw
->ctlxq
.lock
, flags
);
3854 * We need to check BOTH the RX and the TX throttle controls,
3855 * so we use the bitwise OR instead of the logical OR.
3857 pr_debug("flags=0x%lx\n", hw
->usb_flags
);
3858 if (!hw
->wlandev
->hwremoved
&&
3859 ((test_and_clear_bit(THROTTLE_RX
, &hw
->usb_flags
) &&
3860 !test_and_set_bit(WORK_RX_RESUME
, &hw
->usb_flags
)) |
3861 (test_and_clear_bit(THROTTLE_TX
, &hw
->usb_flags
) &&
3862 !test_and_set_bit(WORK_TX_RESUME
, &hw
->usb_flags
))
3864 schedule_work(&hw
->usb_work
);
3867 spin_unlock_irqrestore(&hw
->ctlxq
.lock
, flags
);
3870 /*----------------------------------------------------------------
3871 * hfa384x_usbctlx_submit
3873 * Called from the doxxx functions to submit a CTLX to the queue
3876 * hw ptr to the hw struct
3877 * ctlx ctlx structure to enqueue
3880 * -ENODEV if the adapter is unplugged
3886 * process or interrupt
3887 ----------------------------------------------------------------*/
3888 static int hfa384x_usbctlx_submit(hfa384x_t
*hw
, hfa384x_usbctlx_t
*ctlx
)
3890 unsigned long flags
;
3892 spin_lock_irqsave(&hw
->ctlxq
.lock
, flags
);
3894 if (hw
->wlandev
->hwremoved
) {
3895 spin_unlock_irqrestore(&hw
->ctlxq
.lock
, flags
);
3899 ctlx
->state
= CTLX_PENDING
;
3900 list_add_tail(&ctlx
->list
, &hw
->ctlxq
.pending
);
3901 spin_unlock_irqrestore(&hw
->ctlxq
.lock
, flags
);
3902 hfa384x_usbctlxq_run(hw
);
3907 /*----------------------------------------------------------------
3908 * hfa384x_isgood_pdrcore
3910 * Quick check of PDR codes.
3913 * pdrcode PDR code number (host order)
3922 ----------------------------------------------------------------*/
3923 static int hfa384x_isgood_pdrcode(u16 pdrcode
)
3926 case HFA384x_PDR_END_OF_PDA
:
3927 case HFA384x_PDR_PCB_PARTNUM
:
3928 case HFA384x_PDR_PDAVER
:
3929 case HFA384x_PDR_NIC_SERIAL
:
3930 case HFA384x_PDR_MKK_MEASUREMENTS
:
3931 case HFA384x_PDR_NIC_RAMSIZE
:
3932 case HFA384x_PDR_MFISUPRANGE
:
3933 case HFA384x_PDR_CFISUPRANGE
:
3934 case HFA384x_PDR_NICID
:
3935 case HFA384x_PDR_MAC_ADDRESS
:
3936 case HFA384x_PDR_REGDOMAIN
:
3937 case HFA384x_PDR_ALLOWED_CHANNEL
:
3938 case HFA384x_PDR_DEFAULT_CHANNEL
:
3939 case HFA384x_PDR_TEMPTYPE
:
3940 case HFA384x_PDR_IFR_SETTING
:
3941 case HFA384x_PDR_RFR_SETTING
:
3942 case HFA384x_PDR_HFA3861_BASELINE
:
3943 case HFA384x_PDR_HFA3861_SHADOW
:
3944 case HFA384x_PDR_HFA3861_IFRF
:
3945 case HFA384x_PDR_HFA3861_CHCALSP
:
3946 case HFA384x_PDR_HFA3861_CHCALI
:
3947 case HFA384x_PDR_3842_NIC_CONFIG
:
3948 case HFA384x_PDR_USB_ID
:
3949 case HFA384x_PDR_PCI_ID
:
3950 case HFA384x_PDR_PCI_IFCONF
:
3951 case HFA384x_PDR_PCI_PMCONF
:
3952 case HFA384x_PDR_RFENRGY
:
3953 case HFA384x_PDR_HFA3861_MANF_TESTSP
:
3954 case HFA384x_PDR_HFA3861_MANF_TESTI
:
3958 if (pdrcode
< 0x1000) {
3959 /* code is OK, but we don't know exactly what it is */
3960 pr_debug("Encountered unknown PDR#=0x%04x, assuming it's ok.\n",
3967 pr_debug("Encountered unknown PDR#=0x%04x, (>=0x1000), assuming it's bad.\n",