1 /* src/prism2/driver/hfa384x_usb.c
3 * Functions that talk to the USB variantof the Intersil hfa384x MAC
5 * Copyright (C) 1999 AbsoluteValue Systems, Inc. All Rights Reserved.
6 * --------------------------------------------------------------------
10 * The contents of this file are subject to the Mozilla Public
11 * License Version 1.1 (the "License"); you may not use this file
12 * except in compliance with the License. You may obtain a copy of
13 * the License at http://www.mozilla.org/MPL/
15 * Software distributed under the License is distributed on an "AS
16 * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
17 * implied. See the License for the specific language governing
18 * rights and limitations under the License.
20 * Alternatively, the contents of this file may be used under the
21 * terms of the GNU Public License version 2 (the "GPL"), in which
22 * case the provisions of the GPL are applicable instead of the
23 * above. If you wish to allow the use of your version of this file
24 * only under the terms of the GPL and not to allow others to use
25 * your version of this file under the MPL, indicate your decision
26 * by deleting the provisions above and replace them with the notice
27 * and other provisions required by the GPL. If you do not delete
28 * the provisions above, a recipient may use your version of this
29 * file under either the MPL or the GPL.
31 * --------------------------------------------------------------------
33 * Inquiries regarding the linux-wlan Open Source project can be
36 * AbsoluteValue Systems Inc.
38 * http://www.linux-wlan.com
40 * --------------------------------------------------------------------
42 * Portions of the development of this software were funded by
43 * Intersil Corporation as part of PRISM(R) chipset product development.
45 * --------------------------------------------------------------------
47 * This file implements functions that correspond to the prism2/hfa384x
48 * 802.11 MAC hardware and firmware host interface.
50 * The functions can be considered to represent several levels of
51 * abstraction. The lowest level functions are simply C-callable wrappers
52 * around the register accesses. The next higher level represents C-callable
53 * prism2 API functions that match the Intersil documentation as closely
54 * as is reasonable. The next higher layer implements common sequences
55 * of invokations of the API layer (e.g. write to bap, followed by cmd).
58 * hfa384x_drvr_xxx Highest level abstractions provided by the
59 * hfa384x code. They are driver defined wrappers
60 * for common sequences. These functions generally
61 * use the services of the lower levels.
63 * hfa384x_drvr_xxxconfig An example of the drvr level abstraction. These
64 * functions are wrappers for the RID get/set
65 * sequence. They call copy_[to|from]_bap() and
66 * cmd_access(). These functions operate on the
67 * RIDs and buffers without validation. The caller
68 * is responsible for that.
70 * API wrapper functions:
71 * hfa384x_cmd_xxx functions that provide access to the f/w commands.
72 * The function arguments correspond to each command
73 * argument, even command arguments that get packed
74 * into single registers. These functions _just_
75 * issue the command by setting the cmd/parm regs
76 * & reading the status/resp regs. Additional
77 * activities required to fully use a command
78 * (read/write from/to bap, get/set int status etc.)
79 * are implemented separately. Think of these as
80 * C-callable prism2 commands.
82 * Lowest Layer Functions:
83 * hfa384x_docmd_xxx These functions implement the sequence required
84 * to issue any prism2 command. Primarily used by the
85 * hfa384x_cmd_xxx functions.
87 * hfa384x_bap_xxx BAP read/write access functions.
88 * Note: we usually use BAP0 for non-interrupt context
89 * and BAP1 for interrupt context.
91 * hfa384x_dl_xxx download related functions.
93 * Driver State Issues:
94 * Note that there are two pairs of functions that manage the
95 * 'initialized' and 'running' states of the hw/MAC combo. The four
96 * functions are create(), destroy(), start(), and stop(). create()
97 * sets up the data structures required to support the hfa384x_*
98 * functions and destroy() cleans them up. The start() function gets
99 * the actual hardware running and enables the interrupts. The stop()
100 * function shuts the hardware down. The sequence should be:
104 * . Do interesting things w/ the hardware
109 * Note that destroy() can be called without calling stop() first.
110 * --------------------------------------------------------------------
114 #include <linux/module.h>
115 #include <linux/kernel.h>
116 #include <linux/sched.h>
117 #include <linux/types.h>
118 #include <linux/slab.h>
119 #include <linux/wireless.h>
120 #include <linux/netdevice.h>
121 #include <linux/timer.h>
123 #include <linux/delay.h>
124 #include <asm/byteorder.h>
125 #include <asm/bitops.h>
126 #include <linux/list.h>
127 #include <linux/usb.h>
128 #include <linux/byteorder/generic.h>
130 #define SUBMIT_URB(u,f) usb_submit_urb(u,f)
132 /*================================================================*/
133 /* Project Includes */
135 #include "p80211types.h"
136 #include "p80211hdr.h"
137 #include "p80211mgmt.h"
138 #include "p80211conv.h"
139 #include "p80211msg.h"
140 #include "p80211netdev.h"
141 #include "p80211req.h"
142 #include "p80211metadef.h"
143 #include "p80211metastruct.h"
145 #include "prism2mgmt.h"
151 typedef enum cmd_mode CMD_MODE;
153 #define THROTTLE_JIFFIES (HZ/8)
154 #define URB_ASYNC_UNLINK 0
155 #define USB_QUEUE_BULK 0
157 #define ROUNDUP64(a) (((a)+63)&~63)
160 static void dbprint_urb(struct urb *urb);
164 hfa384x_int_rxmonitor(wlandevice_t *wlandev, hfa384x_usb_rxfrm_t *rxfrm);
166 static void hfa384x_usb_defer(struct work_struct *data);
168 static int submit_rx_urb(hfa384x_t *hw, gfp_t flags);
170 static int submit_tx_urb(hfa384x_t *hw, struct urb *tx_urb, gfp_t flags);
172 /*---------------------------------------------------*/
174 static void hfa384x_usbout_callback(struct urb *urb);
175 static void hfa384x_ctlxout_callback(struct urb *urb);
176 static void hfa384x_usbin_callback(struct urb *urb);
179 hfa384x_usbin_txcompl(wlandevice_t *wlandev, hfa384x_usbin_t *usbin);
181 static void hfa384x_usbin_rx(wlandevice_t *wlandev, struct sk_buff *skb);
183 static void hfa384x_usbin_info(wlandevice_t *wlandev, hfa384x_usbin_t *usbin);
186 hfa384x_usbout_tx(wlandevice_t *wlandev, hfa384x_usbout_t *usbout);
188 static void hfa384x_usbin_ctlx(hfa384x_t *hw, hfa384x_usbin_t *usbin,
191 /*---------------------------------------------------*/
192 /* Functions to support the prism2 usb command queue */
194 static void hfa384x_usbctlxq_run(hfa384x_t *hw);
196 static void hfa384x_usbctlx_reqtimerfn(unsigned long data);
198 static void hfa384x_usbctlx_resptimerfn(unsigned long data);
200 static void hfa384x_usb_throttlefn(unsigned long data);
202 static void hfa384x_usbctlx_completion_task(unsigned long data);
204 static void hfa384x_usbctlx_reaper_task(unsigned long data);
206 static int hfa384x_usbctlx_submit(hfa384x_t *hw, hfa384x_usbctlx_t *ctlx);
208 static void unlocked_usbctlx_complete(hfa384x_t *hw, hfa384x_usbctlx_t *ctlx);
210 struct usbctlx_completor {
211 int (*complete) (struct usbctlx_completor *);
213 typedef struct usbctlx_completor usbctlx_completor_t;
216 hfa384x_usbctlx_complete_sync(hfa384x_t *hw,
217 hfa384x_usbctlx_t *ctlx,
218 usbctlx_completor_t *completor);
221 unlocked_usbctlx_cancel_async(hfa384x_t *hw, hfa384x_usbctlx_t *ctlx);
223 static void hfa384x_cb_status(hfa384x_t *hw, const hfa384x_usbctlx_t *ctlx);
225 static void hfa384x_cb_rrid(hfa384x_t *hw, const hfa384x_usbctlx_t *ctlx);
228 usbctlx_get_status(const hfa384x_usb_cmdresp_t *cmdresp,
229 hfa384x_cmdresult_t *result);
232 usbctlx_get_rridresult(const hfa384x_usb_rridresp_t *rridresp,
233 hfa384x_rridresult_t *result);
235 /*---------------------------------------------------*/
236 /* Low level req/resp CTLX formatters and submitters */
238 hfa384x_docmd(hfa384x_t *hw,
240 hfa384x_metacmd_t *cmd,
241 ctlx_cmdcb_t cmdcb, ctlx_usercb_t usercb, void *usercb_data);
244 hfa384x_dorrid(hfa384x_t *hw,
248 unsigned int riddatalen,
249 ctlx_cmdcb_t cmdcb, ctlx_usercb_t usercb, void *usercb_data);
252 hfa384x_dowrid(hfa384x_t *hw,
256 unsigned int riddatalen,
257 ctlx_cmdcb_t cmdcb, ctlx_usercb_t usercb, void *usercb_data);
260 hfa384x_dormem(hfa384x_t *hw,
266 ctlx_cmdcb_t cmdcb, ctlx_usercb_t usercb, void *usercb_data);
269 hfa384x_dowmem(hfa384x_t *hw,
275 ctlx_cmdcb_t cmdcb, ctlx_usercb_t usercb, void *usercb_data);
277 static int hfa384x_isgood_pdrcode(u16 pdrcode);
279 static inline const char *ctlxstr(CTLX_STATE s)
281 static const char *ctlx_str[] = {
286 "Request packet submitted",
287 "Request packet completed",
288 "Response packet completed"
294 static inline hfa384x_usbctlx_t *get_active_ctlx(hfa384x_t *hw)
296 return list_entry(hw->ctlxq.active.next, hfa384x_usbctlx_t, list);
300 void dbprint_urb(struct urb *urb)
302 pr_debug("urb->pipe=0x%08x\n", urb->pipe);
303 pr_debug("urb->status=0x%08x\n", urb->status);
304 pr_debug("urb->transfer_flags=0x%08x\n", urb->transfer_flags);
305 pr_debug("urb->transfer_buffer=0x%08x\n",
306 (unsigned int)urb->transfer_buffer);
307 pr_debug("urb->transfer_buffer_length=0x%08x\n",
308 urb->transfer_buffer_length);
309 pr_debug("urb->actual_length=0x%08x\n", urb->actual_length);
310 pr_debug("urb->bandwidth=0x%08x\n", urb->bandwidth);
311 pr_debug("urb->setup_packet(ctl)=0x%08x\n",
312 (unsigned int)urb->setup_packet);
313 pr_debug("urb->start_frame(iso/irq)=0x%08x\n",
315 pr_debug("urb->interval(irq)=0x%08x\n", urb->interval);
316 pr_debug("urb->error_count(iso)=0x%08x\n", urb->error_count);
317 pr_debug("urb->timeout=0x%08x\n", urb->timeout);
318 pr_debug("urb->context=0x%08x\n", (unsigned int)urb->context);
319 pr_debug("urb->complete=0x%08x\n",
320 (unsigned int)urb->complete);
324 /*----------------------------------------------------------------
327 * Listen for input data on the BULK-IN pipe. If the pipe has
328 * stalled then schedule it to be reset.
332 * memflags memory allocation flags
335 * error code from submission
339 ----------------------------------------------------------------*/
340 static int submit_rx_urb(hfa384x_t *hw, gfp_t memflags)
345 skb = dev_alloc_skb(sizeof(hfa384x_usbin_t));
351 /* Post the IN urb */
352 usb_fill_bulk_urb(&hw->rx_urb, hw->usb,
354 skb->data, sizeof(hfa384x_usbin_t),
355 hfa384x_usbin_callback, hw->wlandev);
357 hw->rx_urb_skb = skb;
360 if (!hw->wlandev->hwremoved && !test_bit(WORK_RX_HALT, &hw->usb_flags)) {
361 result = SUBMIT_URB(&hw->rx_urb, memflags);
363 /* Check whether we need to reset the RX pipe */
364 if (result == -EPIPE) {
366 "%s rx pipe stalled: requesting reset\n",
367 hw->wlandev->netdev->name);
368 if (!test_and_set_bit(WORK_RX_HALT, &hw->usb_flags))
369 schedule_work(&hw->usb_work);
373 /* Don't leak memory if anything should go wrong */
376 hw->rx_urb_skb = NULL;
383 /*----------------------------------------------------------------
386 * Prepares and submits the URB of transmitted data. If the
387 * submission fails then it will schedule the output pipe to
392 * tx_urb URB of data for tranmission
393 * memflags memory allocation flags
396 * error code from submission
400 ----------------------------------------------------------------*/
401 static int submit_tx_urb(hfa384x_t *hw, struct urb *tx_urb, gfp_t memflags)
403 struct net_device *netdev = hw->wlandev->netdev;
407 if (netif_running(netdev)) {
409 if (!hw->wlandev->hwremoved
410 && !test_bit(WORK_TX_HALT, &hw->usb_flags)) {
411 result = SUBMIT_URB(tx_urb, memflags);
413 /* Test whether we need to reset the TX pipe */
414 if (result == -EPIPE) {
416 "%s tx pipe stalled: requesting reset\n",
418 set_bit(WORK_TX_HALT, &hw->usb_flags);
419 schedule_work(&hw->usb_work);
420 } else if (result == 0) {
421 netif_stop_queue(netdev);
429 /*----------------------------------------------------------------
432 * There are some things that the USB stack cannot do while
433 * in interrupt context, so we arrange this function to run
434 * in process context.
437 * hw device structure
443 * process (by design)
444 ----------------------------------------------------------------*/
445 static void hfa384x_usb_defer(struct work_struct *data)
447 hfa384x_t *hw = container_of(data, struct hfa384x, usb_work);
448 struct net_device *netdev = hw->wlandev->netdev;
450 /* Don't bother trying to reset anything if the plug
451 * has been pulled ...
453 if (hw->wlandev->hwremoved)
456 /* Reception has stopped: try to reset the input pipe */
457 if (test_bit(WORK_RX_HALT, &hw->usb_flags)) {
460 usb_kill_urb(&hw->rx_urb); /* Cannot be holding spinlock! */
462 ret = usb_clear_halt(hw->usb, hw->endp_in);
465 "Failed to clear rx pipe for %s: err=%d\n",
468 printk(KERN_INFO "%s rx pipe reset complete.\n",
470 clear_bit(WORK_RX_HALT, &hw->usb_flags);
471 set_bit(WORK_RX_RESUME, &hw->usb_flags);
475 /* Resume receiving data back from the device. */
476 if (test_bit(WORK_RX_RESUME, &hw->usb_flags)) {
479 ret = submit_rx_urb(hw, GFP_KERNEL);
482 "Failed to resume %s rx pipe.\n", netdev->name);
484 clear_bit(WORK_RX_RESUME, &hw->usb_flags);
488 /* Transmission has stopped: try to reset the output pipe */
489 if (test_bit(WORK_TX_HALT, &hw->usb_flags)) {
492 usb_kill_urb(&hw->tx_urb);
493 ret = usb_clear_halt(hw->usb, hw->endp_out);
496 "Failed to clear tx pipe for %s: err=%d\n",
499 printk(KERN_INFO "%s tx pipe reset complete.\n",
501 clear_bit(WORK_TX_HALT, &hw->usb_flags);
502 set_bit(WORK_TX_RESUME, &hw->usb_flags);
504 /* Stopping the BULK-OUT pipe also blocked
505 * us from sending any more CTLX URBs, so
506 * we need to re-run our queue ...
508 hfa384x_usbctlxq_run(hw);
512 /* Resume transmitting. */
513 if (test_and_clear_bit(WORK_TX_RESUME, &hw->usb_flags))
514 netif_wake_queue(hw->wlandev->netdev);
517 /*----------------------------------------------------------------
520 * Sets up the hfa384x_t data structure for use. Note this
521 * does _not_ intialize the actual hardware, just the data structures
522 * we use to keep track of its state.
525 * hw device structure
526 * irq device irq number
527 * iobase i/o base address for register access
528 * membase memory base address for register access
537 ----------------------------------------------------------------*/
538 void hfa384x_create(hfa384x_t *hw, struct usb_device *usb)
540 memset(hw, 0, sizeof(hfa384x_t));
543 /* set up the endpoints */
544 hw->endp_in = usb_rcvbulkpipe(usb, 1);
545 hw->endp_out = usb_sndbulkpipe(usb, 2);
547 /* Set up the waitq */
548 init_waitqueue_head(&hw->cmdq);
550 /* Initialize the command queue */
551 spin_lock_init(&hw->ctlxq.lock);
552 INIT_LIST_HEAD(&hw->ctlxq.pending);
553 INIT_LIST_HEAD(&hw->ctlxq.active);
554 INIT_LIST_HEAD(&hw->ctlxq.completing);
555 INIT_LIST_HEAD(&hw->ctlxq.reapable);
557 /* Initialize the authentication queue */
558 skb_queue_head_init(&hw->authq);
560 tasklet_init(&hw->reaper_bh,
561 hfa384x_usbctlx_reaper_task, (unsigned long)hw);
562 tasklet_init(&hw->completion_bh,
563 hfa384x_usbctlx_completion_task, (unsigned long)hw);
564 INIT_WORK(&hw->link_bh, prism2sta_processing_defer);
565 INIT_WORK(&hw->usb_work, hfa384x_usb_defer);
567 init_timer(&hw->throttle);
568 hw->throttle.function = hfa384x_usb_throttlefn;
569 hw->throttle.data = (unsigned long)hw;
571 init_timer(&hw->resptimer);
572 hw->resptimer.function = hfa384x_usbctlx_resptimerfn;
573 hw->resptimer.data = (unsigned long)hw;
575 init_timer(&hw->reqtimer);
576 hw->reqtimer.function = hfa384x_usbctlx_reqtimerfn;
577 hw->reqtimer.data = (unsigned long)hw;
579 usb_init_urb(&hw->rx_urb);
580 usb_init_urb(&hw->tx_urb);
581 usb_init_urb(&hw->ctlx_urb);
583 hw->link_status = HFA384x_LINK_NOTCONNECTED;
584 hw->state = HFA384x_STATE_INIT;
586 INIT_WORK(&hw->commsqual_bh, prism2sta_commsqual_defer);
587 init_timer(&hw->commsqual_timer);
588 hw->commsqual_timer.data = (unsigned long)hw;
589 hw->commsqual_timer.function = prism2sta_commsqual_timer;
592 /*----------------------------------------------------------------
595 * Partner to hfa384x_create(). This function cleans up the hw
596 * structure so that it can be freed by the caller using a simple
597 * kfree. Currently, this function is just a placeholder. If, at some
598 * point in the future, an hw in the 'shutdown' state requires a 'deep'
599 * kfree, this is where it should be done. Note that if this function
600 * is called on a _running_ hw structure, the drvr_stop() function is
604 * hw device structure
607 * nothing, this function is not allowed to fail.
613 ----------------------------------------------------------------*/
614 void hfa384x_destroy(hfa384x_t *hw)
618 if (hw->state == HFA384x_STATE_RUNNING)
619 hfa384x_drvr_stop(hw);
620 hw->state = HFA384x_STATE_PREINIT;
622 if (hw->scanresults) {
623 kfree(hw->scanresults);
624 hw->scanresults = NULL;
627 /* Now to clean out the auth queue */
628 while ((skb = skb_dequeue(&hw->authq)))
632 static hfa384x_usbctlx_t *usbctlx_alloc(void)
634 hfa384x_usbctlx_t *ctlx;
636 ctlx = kmalloc(sizeof(*ctlx), in_interrupt() ? GFP_ATOMIC : GFP_KERNEL);
638 memset(ctlx, 0, sizeof(*ctlx));
639 init_completion(&ctlx->done);
646 usbctlx_get_status(const hfa384x_usb_cmdresp_t *cmdresp,
647 hfa384x_cmdresult_t *result)
649 result->status = le16_to_cpu(cmdresp->status);
650 result->resp0 = le16_to_cpu(cmdresp->resp0);
651 result->resp1 = le16_to_cpu(cmdresp->resp1);
652 result->resp2 = le16_to_cpu(cmdresp->resp2);
654 pr_debug("cmdresult:status=0x%04x "
655 "resp0=0x%04x resp1=0x%04x resp2=0x%04x\n",
656 result->status, result->resp0, result->resp1, result->resp2);
658 return result->status & HFA384x_STATUS_RESULT;
662 usbctlx_get_rridresult(const hfa384x_usb_rridresp_t *rridresp,
663 hfa384x_rridresult_t *result)
665 result->rid = le16_to_cpu(rridresp->rid);
666 result->riddata = rridresp->data;
667 result->riddata_len = ((le16_to_cpu(rridresp->frmlen) - 1) * 2);
671 /*----------------------------------------------------------------
673 * This completor must be passed to hfa384x_usbctlx_complete_sync()
674 * when processing a CTLX that returns a hfa384x_cmdresult_t structure.
675 ----------------------------------------------------------------*/
676 struct usbctlx_cmd_completor {
677 usbctlx_completor_t head;
679 const hfa384x_usb_cmdresp_t *cmdresp;
680 hfa384x_cmdresult_t *result;
682 typedef struct usbctlx_cmd_completor usbctlx_cmd_completor_t;
684 static int usbctlx_cmd_completor_fn(usbctlx_completor_t *head)
686 usbctlx_cmd_completor_t *complete = (usbctlx_cmd_completor_t *) head;
687 return usbctlx_get_status(complete->cmdresp, complete->result);
690 static inline usbctlx_completor_t *init_cmd_completor(usbctlx_cmd_completor_t *
693 hfa384x_usb_cmdresp_t *
695 hfa384x_cmdresult_t *
698 completor->head.complete = usbctlx_cmd_completor_fn;
699 completor->cmdresp = cmdresp;
700 completor->result = result;
701 return &(completor->head);
704 /*----------------------------------------------------------------
706 * This completor must be passed to hfa384x_usbctlx_complete_sync()
707 * when processing a CTLX that reads a RID.
708 ----------------------------------------------------------------*/
709 struct usbctlx_rrid_completor {
710 usbctlx_completor_t head;
712 const hfa384x_usb_rridresp_t *rridresp;
714 unsigned int riddatalen;
716 typedef struct usbctlx_rrid_completor usbctlx_rrid_completor_t;
718 static int usbctlx_rrid_completor_fn(usbctlx_completor_t *head)
720 usbctlx_rrid_completor_t *complete = (usbctlx_rrid_completor_t *) head;
721 hfa384x_rridresult_t rridresult;
723 usbctlx_get_rridresult(complete->rridresp, &rridresult);
725 /* Validate the length, note body len calculation in bytes */
726 if (rridresult.riddata_len != complete->riddatalen) {
728 "RID len mismatch, rid=0x%04x hlen=%d fwlen=%d\n",
730 complete->riddatalen, rridresult.riddata_len);
734 memcpy(complete->riddata, rridresult.riddata, complete->riddatalen);
738 static inline usbctlx_completor_t *init_rrid_completor(usbctlx_rrid_completor_t
741 hfa384x_usb_rridresp_t *
742 rridresp, void *riddata,
743 unsigned int riddatalen)
745 completor->head.complete = usbctlx_rrid_completor_fn;
746 completor->rridresp = rridresp;
747 completor->riddata = riddata;
748 completor->riddatalen = riddatalen;
749 return &(completor->head);
752 /*----------------------------------------------------------------
754 * Interprets the results of a synchronous RID-write
755 ----------------------------------------------------------------*/
756 typedef usbctlx_cmd_completor_t usbctlx_wrid_completor_t;
757 #define init_wrid_completor init_cmd_completor
759 /*----------------------------------------------------------------
761 * Interprets the results of a synchronous memory-write
762 ----------------------------------------------------------------*/
763 typedef usbctlx_cmd_completor_t usbctlx_wmem_completor_t;
764 #define init_wmem_completor init_cmd_completor
766 /*----------------------------------------------------------------
768 * Interprets the results of a synchronous memory-read
769 ----------------------------------------------------------------*/
770 struct usbctlx_rmem_completor {
771 usbctlx_completor_t head;
773 const hfa384x_usb_rmemresp_t *rmemresp;
777 typedef struct usbctlx_rmem_completor usbctlx_rmem_completor_t;
779 static int usbctlx_rmem_completor_fn(usbctlx_completor_t *head)
781 usbctlx_rmem_completor_t *complete = (usbctlx_rmem_completor_t *) head;
783 pr_debug("rmemresp:len=%d\n", complete->rmemresp->frmlen);
784 memcpy(complete->data, complete->rmemresp->data, complete->len);
788 static inline usbctlx_completor_t *init_rmem_completor(usbctlx_rmem_completor_t
790 hfa384x_usb_rmemresp_t
791 *rmemresp, void *data,
794 completor->head.complete = usbctlx_rmem_completor_fn;
795 completor->rmemresp = rmemresp;
796 completor->data = data;
797 completor->len = len;
798 return &(completor->head);
801 /*----------------------------------------------------------------
804 * Ctlx_complete handler for async CMD type control exchanges.
805 * mark the hw struct as such.
807 * Note: If the handling is changed here, it should probably be
808 * changed in docmd as well.
812 * ctlx completed CTLX
821 ----------------------------------------------------------------*/
822 static void hfa384x_cb_status(hfa384x_t *hw, const hfa384x_usbctlx_t *ctlx)
824 if (ctlx->usercb != NULL) {
825 hfa384x_cmdresult_t cmdresult;
827 if (ctlx->state != CTLX_COMPLETE) {
828 memset(&cmdresult, 0, sizeof(cmdresult));
830 HFA384x_STATUS_RESULT_SET(HFA384x_CMD_ERR);
832 usbctlx_get_status(&ctlx->inbuf.cmdresp, &cmdresult);
835 ctlx->usercb(hw, &cmdresult, ctlx->usercb_data);
839 /*----------------------------------------------------------------
842 * CTLX completion handler for async RRID type control exchanges.
844 * Note: If the handling is changed here, it should probably be
845 * changed in dorrid as well.
849 * ctlx completed CTLX
858 ----------------------------------------------------------------*/
859 static void hfa384x_cb_rrid(hfa384x_t *hw, const hfa384x_usbctlx_t *ctlx)
861 if (ctlx->usercb != NULL) {
862 hfa384x_rridresult_t rridresult;
864 if (ctlx->state != CTLX_COMPLETE) {
865 memset(&rridresult, 0, sizeof(rridresult));
867 le16_to_cpu(ctlx->outbuf.rridreq.rid);
869 usbctlx_get_rridresult(&ctlx->inbuf.rridresp,
873 ctlx->usercb(hw, &rridresult, ctlx->usercb_data);
877 static inline int hfa384x_docmd_wait(hfa384x_t *hw, hfa384x_metacmd_t *cmd)
879 return hfa384x_docmd(hw, DOWAIT, cmd, NULL, NULL, NULL);
883 hfa384x_docmd_async(hfa384x_t *hw,
884 hfa384x_metacmd_t *cmd,
885 ctlx_cmdcb_t cmdcb, ctlx_usercb_t usercb, void *usercb_data)
887 return hfa384x_docmd(hw, DOASYNC, cmd, cmdcb, usercb, usercb_data);
891 hfa384x_dorrid_wait(hfa384x_t *hw, u16 rid, void *riddata,
892 unsigned int riddatalen)
894 return hfa384x_dorrid(hw, DOWAIT,
895 rid, riddata, riddatalen, NULL, NULL, NULL);
899 hfa384x_dorrid_async(hfa384x_t *hw,
900 u16 rid, void *riddata, unsigned int riddatalen,
902 ctlx_usercb_t usercb, void *usercb_data)
904 return hfa384x_dorrid(hw, DOASYNC,
905 rid, riddata, riddatalen,
906 cmdcb, usercb, usercb_data);
910 hfa384x_dowrid_wait(hfa384x_t *hw, u16 rid, void *riddata,
911 unsigned int riddatalen)
913 return hfa384x_dowrid(hw, DOWAIT,
914 rid, riddata, riddatalen, NULL, NULL, NULL);
918 hfa384x_dowrid_async(hfa384x_t *hw,
919 u16 rid, void *riddata, unsigned int riddatalen,
921 ctlx_usercb_t usercb, void *usercb_data)
923 return hfa384x_dowrid(hw, DOASYNC,
924 rid, riddata, riddatalen,
925 cmdcb, usercb, usercb_data);
929 hfa384x_dormem_wait(hfa384x_t *hw,
930 u16 page, u16 offset, void *data, unsigned int len)
932 return hfa384x_dormem(hw, DOWAIT,
933 page, offset, data, len, NULL, NULL, NULL);
937 hfa384x_dormem_async(hfa384x_t *hw,
938 u16 page, u16 offset, void *data, unsigned int len,
940 ctlx_usercb_t usercb, void *usercb_data)
942 return hfa384x_dormem(hw, DOASYNC,
943 page, offset, data, len,
944 cmdcb, usercb, usercb_data);
948 hfa384x_dowmem_wait(hfa384x_t *hw,
949 u16 page, u16 offset, void *data, unsigned int len)
951 return hfa384x_dowmem(hw, DOWAIT,
952 page, offset, data, len, NULL, NULL, NULL);
956 hfa384x_dowmem_async(hfa384x_t *hw,
962 ctlx_usercb_t usercb, void *usercb_data)
964 return hfa384x_dowmem(hw, DOASYNC,
965 page, offset, data, len,
966 cmdcb, usercb, usercb_data);
969 /*----------------------------------------------------------------
970 * hfa384x_cmd_initialize
972 * Issues the initialize command and sets the hw->state based
976 * hw device structure
980 * >0 f/w reported error - f/w status code
981 * <0 driver reported error
987 ----------------------------------------------------------------*/
988 int hfa384x_cmd_initialize(hfa384x_t *hw)
992 hfa384x_metacmd_t cmd;
994 cmd.cmd = HFA384x_CMDCODE_INIT;
999 result = hfa384x_docmd_wait(hw, &cmd);
1001 pr_debug("cmdresp.init: "
1002 "status=0x%04x, resp0=0x%04x, "
1003 "resp1=0x%04x, resp2=0x%04x\n",
1005 cmd.result.resp0, cmd.result.resp1, cmd.result.resp2);
1007 for (i = 0; i < HFA384x_NUMPORTS_MAX; i++)
1008 hw->port_enabled[i] = 0;
1011 hw->link_status = HFA384x_LINK_NOTCONNECTED;
1016 /*----------------------------------------------------------------
1017 * hfa384x_cmd_disable
1019 * Issues the disable command to stop communications on one of
1023 * hw device structure
1024 * macport MAC port number (host order)
1028 * >0 f/w reported failure - f/w status code
1029 * <0 driver reported error (timeout|bad arg)
1035 ----------------------------------------------------------------*/
1036 int hfa384x_cmd_disable(hfa384x_t *hw, u16 macport)
1039 hfa384x_metacmd_t cmd;
1041 cmd.cmd = HFA384x_CMD_CMDCODE_SET(HFA384x_CMDCODE_DISABLE) |
1042 HFA384x_CMD_MACPORT_SET(macport);
1047 result = hfa384x_docmd_wait(hw, &cmd);
1052 /*----------------------------------------------------------------
1053 * hfa384x_cmd_enable
1055 * Issues the enable command to enable communications on one of
1059 * hw device structure
1060 * macport MAC port number
1064 * >0 f/w reported failure - f/w status code
1065 * <0 driver reported error (timeout|bad arg)
1071 ----------------------------------------------------------------*/
1072 int hfa384x_cmd_enable(hfa384x_t *hw, u16 macport)
1075 hfa384x_metacmd_t cmd;
1077 cmd.cmd = HFA384x_CMD_CMDCODE_SET(HFA384x_CMDCODE_ENABLE) |
1078 HFA384x_CMD_MACPORT_SET(macport);
1083 result = hfa384x_docmd_wait(hw, &cmd);
1088 /*----------------------------------------------------------------
1089 * hfa384x_cmd_monitor
1091 * Enables the 'monitor mode' of the MAC. Here's the description of
1092 * monitor mode that I've received thus far:
1094 * "The "monitor mode" of operation is that the MAC passes all
1095 * frames for which the PLCP checks are correct. All received
1096 * MPDUs are passed to the host with MAC Port = 7, with a
1097 * receive status of good, FCS error, or undecryptable. Passing
1098 * certain MPDUs is a violation of the 802.11 standard, but useful
1099 * for a debugging tool." Normal communication is not possible
1100 * while monitor mode is enabled.
1103 * hw device structure
1104 * enable a code (0x0b|0x0f) that enables/disables
1105 * monitor mode. (host order)
1109 * >0 f/w reported failure - f/w status code
1110 * <0 driver reported error (timeout|bad arg)
1116 ----------------------------------------------------------------*/
1117 int hfa384x_cmd_monitor(hfa384x_t *hw, u16 enable)
1120 hfa384x_metacmd_t cmd;
1122 cmd.cmd = HFA384x_CMD_CMDCODE_SET(HFA384x_CMDCODE_MONITOR) |
1123 HFA384x_CMD_AINFO_SET(enable);
1128 result = hfa384x_docmd_wait(hw, &cmd);
1133 /*----------------------------------------------------------------
1134 * hfa384x_cmd_download
1136 * Sets the controls for the MAC controller code/data download
1137 * process. The arguments set the mode and address associated
1138 * with a download. Note that the aux registers should be enabled
1139 * prior to setting one of the download enable modes.
1142 * hw device structure
1143 * mode 0 - Disable programming and begin code exec
1144 * 1 - Enable volatile mem programming
1145 * 2 - Enable non-volatile mem programming
1146 * 3 - Program non-volatile section from NV download
1150 * highaddr For mode 1, sets the high & low order bits of
1151 * the "destination address". This address will be
1152 * the execution start address when download is
1153 * subsequently disabled.
1154 * For mode 2, sets the high & low order bits of
1155 * the destination in NV ram.
1156 * For modes 0 & 3, should be zero. (host order)
1157 * NOTE: these are CMD format.
1158 * codelen Length of the data to write in mode 2,
1159 * zero otherwise. (host order)
1163 * >0 f/w reported failure - f/w status code
1164 * <0 driver reported error (timeout|bad arg)
1170 ----------------------------------------------------------------*/
1171 int hfa384x_cmd_download(hfa384x_t *hw, u16 mode, u16 lowaddr,
1172 u16 highaddr, u16 codelen)
1175 hfa384x_metacmd_t cmd;
1178 "mode=%d, lowaddr=0x%04x, highaddr=0x%04x, codelen=%d\n",
1179 mode, lowaddr, highaddr, codelen);
1181 cmd.cmd = (HFA384x_CMD_CMDCODE_SET(HFA384x_CMDCODE_DOWNLD) |
1182 HFA384x_CMD_PROGMODE_SET(mode));
1184 cmd.parm0 = lowaddr;
1185 cmd.parm1 = highaddr;
1186 cmd.parm2 = codelen;
1188 result = hfa384x_docmd_wait(hw, &cmd);
1193 /*----------------------------------------------------------------
1196 * Perform a reset of the hfa38xx MAC core. We assume that the hw
1197 * structure is in its "created" state. That is, it is initialized
1198 * with proper values. Note that if a reset is done after the
1199 * device has been active for awhile, the caller might have to clean
1200 * up some leftover cruft in the hw structure.
1203 * hw device structure
1204 * holdtime how long (in ms) to hold the reset
1205 * settletime how long (in ms) to wait after releasing
1215 ----------------------------------------------------------------*/
1216 int hfa384x_corereset(hfa384x_t *hw, int holdtime, int settletime, int genesis)
1220 result = usb_reset_device(hw->usb);
1222 printk(KERN_ERR "usb_reset_device() failed, result=%d.\n",
1229 /*----------------------------------------------------------------
1230 * hfa384x_usbctlx_complete_sync
1232 * Waits for a synchronous CTLX object to complete,
1233 * and then handles the response.
1236 * hw device structure
1238 * completor functor object to decide what to
1239 * do with the CTLX's result.
1243 * -ERESTARTSYS Interrupted by a signal
1245 * -ENODEV Adapter was unplugged
1246 * ??? Result from completor
1252 ----------------------------------------------------------------*/
1253 static int hfa384x_usbctlx_complete_sync(hfa384x_t *hw,
1254 hfa384x_usbctlx_t *ctlx,
1255 usbctlx_completor_t *completor)
1257 unsigned long flags;
1260 result = wait_for_completion_interruptible(&ctlx->done);
1262 spin_lock_irqsave(&hw->ctlxq.lock, flags);
1265 * We can only handle the CTLX if the USB disconnect
1266 * function has not run yet ...
1269 if (hw->wlandev->hwremoved) {
1270 spin_unlock_irqrestore(&hw->ctlxq.lock, flags);
1272 } else if (result != 0) {
1276 * We were probably interrupted, so delete
1277 * this CTLX asynchronously, kill the timers
1278 * and the URB, and then start the next
1281 * NOTE: We can only delete the timers and
1282 * the URB if this CTLX is active.
1284 if (ctlx == get_active_ctlx(hw)) {
1285 spin_unlock_irqrestore(&hw->ctlxq.lock, flags);
1287 del_singleshot_timer_sync(&hw->reqtimer);
1288 del_singleshot_timer_sync(&hw->resptimer);
1289 hw->req_timer_done = 1;
1290 hw->resp_timer_done = 1;
1291 usb_kill_urb(&hw->ctlx_urb);
1293 spin_lock_irqsave(&hw->ctlxq.lock, flags);
1298 * This scenario is so unlikely that I'm
1299 * happy with a grubby "goto" solution ...
1301 if (hw->wlandev->hwremoved)
1306 * The completion task will send this CTLX
1307 * to the reaper the next time it runs. We
1308 * are no longer in a hurry.
1311 ctlx->state = CTLX_REQ_FAILED;
1312 list_move_tail(&ctlx->list, &hw->ctlxq.completing);
1314 spin_unlock_irqrestore(&hw->ctlxq.lock, flags);
1317 hfa384x_usbctlxq_run(hw);
1319 if (ctlx->state == CTLX_COMPLETE) {
1320 result = completor->complete(completor);
1322 printk(KERN_WARNING "CTLX[%d] error: state(%s)\n",
1323 le16_to_cpu(ctlx->outbuf.type),
1324 ctlxstr(ctlx->state));
1328 list_del(&ctlx->list);
1329 spin_unlock_irqrestore(&hw->ctlxq.lock, flags);
1336 /*----------------------------------------------------------------
1339 * Constructs a command CTLX and submits it.
1341 * NOTE: Any changes to the 'post-submit' code in this function
1342 * need to be carried over to hfa384x_cbcmd() since the handling
1343 * is virtually identical.
1346 * hw device structure
1347 * mode DOWAIT or DOASYNC
1348 * cmd cmd structure. Includes all arguments and result
1349 * data points. All in host order. in host order
1350 * cmdcb command-specific callback
1351 * usercb user callback for async calls, NULL for DOWAIT calls
1352 * usercb_data user supplied data pointer for async calls, NULL
1358 * -ERESTARTSYS Awakened on signal
1359 * >0 command indicated error, Status and Resp0-2 are
1367 ----------------------------------------------------------------*/
1369 hfa384x_docmd(hfa384x_t *hw,
1371 hfa384x_metacmd_t *cmd,
1372 ctlx_cmdcb_t cmdcb, ctlx_usercb_t usercb, void *usercb_data)
1375 hfa384x_usbctlx_t *ctlx;
1377 ctlx = usbctlx_alloc();
1383 /* Initialize the command */
1384 ctlx->outbuf.cmdreq.type = cpu_to_le16(HFA384x_USB_CMDREQ);
1385 ctlx->outbuf.cmdreq.cmd = cpu_to_le16(cmd->cmd);
1386 ctlx->outbuf.cmdreq.parm0 = cpu_to_le16(cmd->parm0);
1387 ctlx->outbuf.cmdreq.parm1 = cpu_to_le16(cmd->parm1);
1388 ctlx->outbuf.cmdreq.parm2 = cpu_to_le16(cmd->parm2);
1390 ctlx->outbufsize = sizeof(ctlx->outbuf.cmdreq);
1392 pr_debug("cmdreq: cmd=0x%04x "
1393 "parm0=0x%04x parm1=0x%04x parm2=0x%04x\n",
1394 cmd->cmd, cmd->parm0, cmd->parm1, cmd->parm2);
1396 ctlx->reapable = mode;
1397 ctlx->cmdcb = cmdcb;
1398 ctlx->usercb = usercb;
1399 ctlx->usercb_data = usercb_data;
1401 result = hfa384x_usbctlx_submit(hw, ctlx);
1404 } else if (mode == DOWAIT) {
1405 usbctlx_cmd_completor_t completor;
1408 hfa384x_usbctlx_complete_sync(hw, ctlx,
1409 init_cmd_completor(&completor,
1421 /*----------------------------------------------------------------
1424 * Constructs a read rid CTLX and issues it.
1426 * NOTE: Any changes to the 'post-submit' code in this function
1427 * need to be carried over to hfa384x_cbrrid() since the handling
1428 * is virtually identical.
1431 * hw device structure
1432 * mode DOWAIT or DOASYNC
1433 * rid Read RID number (host order)
1434 * riddata Caller supplied buffer that MAC formatted RID.data
1435 * record will be written to for DOWAIT calls. Should
1436 * be NULL for DOASYNC calls.
1437 * riddatalen Buffer length for DOWAIT calls. Zero for DOASYNC calls.
1438 * cmdcb command callback for async calls, NULL for DOWAIT calls
1439 * usercb user callback for async calls, NULL for DOWAIT calls
1440 * usercb_data user supplied data pointer for async calls, NULL
1446 * -ERESTARTSYS Awakened on signal
1447 * -ENODATA riddatalen != macdatalen
1448 * >0 command indicated error, Status and Resp0-2 are
1454 * interrupt (DOASYNC)
1455 * process (DOWAIT or DOASYNC)
1456 ----------------------------------------------------------------*/
1458 hfa384x_dorrid(hfa384x_t *hw,
1462 unsigned int riddatalen,
1463 ctlx_cmdcb_t cmdcb, ctlx_usercb_t usercb, void *usercb_data)
1466 hfa384x_usbctlx_t *ctlx;
1468 ctlx = usbctlx_alloc();
1474 /* Initialize the command */
1475 ctlx->outbuf.rridreq.type = cpu_to_le16(HFA384x_USB_RRIDREQ);
1476 ctlx->outbuf.rridreq.frmlen =
1477 cpu_to_le16(sizeof(ctlx->outbuf.rridreq.rid));
1478 ctlx->outbuf.rridreq.rid = cpu_to_le16(rid);
1480 ctlx->outbufsize = sizeof(ctlx->outbuf.rridreq);
1482 ctlx->reapable = mode;
1483 ctlx->cmdcb = cmdcb;
1484 ctlx->usercb = usercb;
1485 ctlx->usercb_data = usercb_data;
1487 /* Submit the CTLX */
1488 result = hfa384x_usbctlx_submit(hw, ctlx);
1491 } else if (mode == DOWAIT) {
1492 usbctlx_rrid_completor_t completor;
1495 hfa384x_usbctlx_complete_sync(hw, ctlx,
1498 &ctlx->inbuf.rridresp,
1499 riddata, riddatalen));
1506 /*----------------------------------------------------------------
1509 * Constructs a write rid CTLX and issues it.
1511 * NOTE: Any changes to the 'post-submit' code in this function
1512 * need to be carried over to hfa384x_cbwrid() since the handling
1513 * is virtually identical.
1516 * hw device structure
1517 * CMD_MODE DOWAIT or DOASYNC
1519 * riddata Data portion of RID formatted for MAC
1520 * riddatalen Length of the data portion in bytes
1521 * cmdcb command callback for async calls, NULL for DOWAIT calls
1522 * usercb user callback for async calls, NULL for DOWAIT calls
1523 * usercb_data user supplied data pointer for async calls
1527 * -ETIMEDOUT timed out waiting for register ready or
1528 * command completion
1529 * >0 command indicated error, Status and Resp0-2 are
1535 * interrupt (DOASYNC)
1536 * process (DOWAIT or DOASYNC)
1537 ----------------------------------------------------------------*/
1539 hfa384x_dowrid(hfa384x_t *hw,
1543 unsigned int riddatalen,
1544 ctlx_cmdcb_t cmdcb, ctlx_usercb_t usercb, void *usercb_data)
1547 hfa384x_usbctlx_t *ctlx;
1549 ctlx = usbctlx_alloc();
1555 /* Initialize the command */
1556 ctlx->outbuf.wridreq.type = cpu_to_le16(HFA384x_USB_WRIDREQ);
1557 ctlx->outbuf.wridreq.frmlen = cpu_to_le16((sizeof
1558 (ctlx->outbuf.wridreq.
1561 ctlx->outbuf.wridreq.rid = cpu_to_le16(rid);
1562 memcpy(ctlx->outbuf.wridreq.data, riddata, riddatalen);
1564 ctlx->outbufsize = sizeof(ctlx->outbuf.wridreq.type) +
1565 sizeof(ctlx->outbuf.wridreq.frmlen) +
1566 sizeof(ctlx->outbuf.wridreq.rid) + riddatalen;
1568 ctlx->reapable = mode;
1569 ctlx->cmdcb = cmdcb;
1570 ctlx->usercb = usercb;
1571 ctlx->usercb_data = usercb_data;
1573 /* Submit the CTLX */
1574 result = hfa384x_usbctlx_submit(hw, ctlx);
1577 } else if (mode == DOWAIT) {
1578 usbctlx_wrid_completor_t completor;
1579 hfa384x_cmdresult_t wridresult;
1581 result = hfa384x_usbctlx_complete_sync(hw,
1585 &ctlx->inbuf.wridresp,
1593 /*----------------------------------------------------------------
1596 * Constructs a readmem CTLX and issues it.
1598 * NOTE: Any changes to the 'post-submit' code in this function
1599 * need to be carried over to hfa384x_cbrmem() since the handling
1600 * is virtually identical.
1603 * hw device structure
1604 * mode DOWAIT or DOASYNC
1605 * page MAC address space page (CMD format)
1606 * offset MAC address space offset
1607 * data Ptr to data buffer to receive read
1608 * len Length of the data to read (max == 2048)
1609 * cmdcb command callback for async calls, NULL for DOWAIT calls
1610 * usercb user callback for async calls, NULL for DOWAIT calls
1611 * usercb_data user supplied data pointer for async calls
1615 * -ETIMEDOUT timed out waiting for register ready or
1616 * command completion
1617 * >0 command indicated error, Status and Resp0-2 are
1623 * interrupt (DOASYNC)
1624 * process (DOWAIT or DOASYNC)
1625 ----------------------------------------------------------------*/
1627 hfa384x_dormem(hfa384x_t *hw,
1633 ctlx_cmdcb_t cmdcb, ctlx_usercb_t usercb, void *usercb_data)
1636 hfa384x_usbctlx_t *ctlx;
1638 ctlx = usbctlx_alloc();
1644 /* Initialize the command */
1645 ctlx->outbuf.rmemreq.type = cpu_to_le16(HFA384x_USB_RMEMREQ);
1646 ctlx->outbuf.rmemreq.frmlen =
1647 cpu_to_le16(sizeof(ctlx->outbuf.rmemreq.offset) +
1648 sizeof(ctlx->outbuf.rmemreq.page) + len);
1649 ctlx->outbuf.rmemreq.offset = cpu_to_le16(offset);
1650 ctlx->outbuf.rmemreq.page = cpu_to_le16(page);
1652 ctlx->outbufsize = sizeof(ctlx->outbuf.rmemreq);
1655 "type=0x%04x frmlen=%d offset=0x%04x page=0x%04x\n",
1656 ctlx->outbuf.rmemreq.type,
1657 ctlx->outbuf.rmemreq.frmlen,
1658 ctlx->outbuf.rmemreq.offset, ctlx->outbuf.rmemreq.page);
1660 pr_debug("pktsize=%zd\n",
1661 ROUNDUP64(sizeof(ctlx->outbuf.rmemreq)));
1663 ctlx->reapable = mode;
1664 ctlx->cmdcb = cmdcb;
1665 ctlx->usercb = usercb;
1666 ctlx->usercb_data = usercb_data;
1668 result = hfa384x_usbctlx_submit(hw, ctlx);
1671 } else if (mode == DOWAIT) {
1672 usbctlx_rmem_completor_t completor;
1675 hfa384x_usbctlx_complete_sync(hw, ctlx,
1678 &ctlx->inbuf.rmemresp, data,
1686 /*----------------------------------------------------------------
1689 * Constructs a writemem CTLX and issues it.
1691 * NOTE: Any changes to the 'post-submit' code in this function
1692 * need to be carried over to hfa384x_cbwmem() since the handling
1693 * is virtually identical.
1696 * hw device structure
1697 * mode DOWAIT or DOASYNC
1698 * page MAC address space page (CMD format)
1699 * offset MAC address space offset
1700 * data Ptr to data buffer containing write data
1701 * len Length of the data to read (max == 2048)
1702 * cmdcb command callback for async calls, NULL for DOWAIT calls
1703 * usercb user callback for async calls, NULL for DOWAIT calls
1704 * usercb_data user supplied data pointer for async calls.
1708 * -ETIMEDOUT timed out waiting for register ready or
1709 * command completion
1710 * >0 command indicated error, Status and Resp0-2 are
1716 * interrupt (DOWAIT)
1717 * process (DOWAIT or DOASYNC)
1718 ----------------------------------------------------------------*/
1720 hfa384x_dowmem(hfa384x_t *hw,
1726 ctlx_cmdcb_t cmdcb, ctlx_usercb_t usercb, void *usercb_data)
1729 hfa384x_usbctlx_t *ctlx;
1731 pr_debug("page=0x%04x offset=0x%04x len=%d\n",
1734 ctlx = usbctlx_alloc();
1740 /* Initialize the command */
1741 ctlx->outbuf.wmemreq.type = cpu_to_le16(HFA384x_USB_WMEMREQ);
1742 ctlx->outbuf.wmemreq.frmlen =
1743 cpu_to_le16(sizeof(ctlx->outbuf.wmemreq.offset) +
1744 sizeof(ctlx->outbuf.wmemreq.page) + len);
1745 ctlx->outbuf.wmemreq.offset = cpu_to_le16(offset);
1746 ctlx->outbuf.wmemreq.page = cpu_to_le16(page);
1747 memcpy(ctlx->outbuf.wmemreq.data, data, len);
1749 ctlx->outbufsize = sizeof(ctlx->outbuf.wmemreq.type) +
1750 sizeof(ctlx->outbuf.wmemreq.frmlen) +
1751 sizeof(ctlx->outbuf.wmemreq.offset) +
1752 sizeof(ctlx->outbuf.wmemreq.page) + len;
1754 ctlx->reapable = mode;
1755 ctlx->cmdcb = cmdcb;
1756 ctlx->usercb = usercb;
1757 ctlx->usercb_data = usercb_data;
1759 result = hfa384x_usbctlx_submit(hw, ctlx);
1762 } else if (mode == DOWAIT) {
1763 usbctlx_wmem_completor_t completor;
1764 hfa384x_cmdresult_t wmemresult;
1766 result = hfa384x_usbctlx_complete_sync(hw,
1770 &ctlx->inbuf.wmemresp,
1778 /*----------------------------------------------------------------
1779 * hfa384x_drvr_commtallies
1781 * Send a commtallies inquiry to the MAC. Note that this is an async
1782 * call that will result in an info frame arriving sometime later.
1785 * hw device structure
1794 ----------------------------------------------------------------*/
1795 int hfa384x_drvr_commtallies(hfa384x_t *hw)
1797 hfa384x_metacmd_t cmd;
1799 cmd.cmd = HFA384x_CMDCODE_INQ;
1800 cmd.parm0 = HFA384x_IT_COMMTALLIES;
1804 hfa384x_docmd_async(hw, &cmd, NULL, NULL, NULL);
1809 /*----------------------------------------------------------------
1810 * hfa384x_drvr_disable
1812 * Issues the disable command to stop communications on one of
1813 * the MACs 'ports'. Only macport 0 is valid for stations.
1814 * APs may also disable macports 1-6. Only ports that have been
1815 * previously enabled may be disabled.
1818 * hw device structure
1819 * macport MAC port number (host order)
1823 * >0 f/w reported failure - f/w status code
1824 * <0 driver reported error (timeout|bad arg)
1830 ----------------------------------------------------------------*/
1831 int hfa384x_drvr_disable(hfa384x_t *hw, u16 macport)
1835 if ((!hw->isap && macport != 0) ||
1836 (hw->isap && !(macport <= HFA384x_PORTID_MAX)) ||
1837 !(hw->port_enabled[macport])) {
1840 result = hfa384x_cmd_disable(hw, macport);
1842 hw->port_enabled[macport] = 0;
1847 /*----------------------------------------------------------------
1848 * hfa384x_drvr_enable
1850 * Issues the enable command to enable communications on one of
1851 * the MACs 'ports'. Only macport 0 is valid for stations.
1852 * APs may also enable macports 1-6. Only ports that are currently
1853 * disabled may be enabled.
1856 * hw device structure
1857 * macport MAC port number
1861 * >0 f/w reported failure - f/w status code
1862 * <0 driver reported error (timeout|bad arg)
1868 ----------------------------------------------------------------*/
1869 int hfa384x_drvr_enable(hfa384x_t *hw, u16 macport)
1873 if ((!hw->isap && macport != 0) ||
1874 (hw->isap && !(macport <= HFA384x_PORTID_MAX)) ||
1875 (hw->port_enabled[macport])) {
1878 result = hfa384x_cmd_enable(hw, macport);
1880 hw->port_enabled[macport] = 1;
1885 /*----------------------------------------------------------------
1886 * hfa384x_drvr_flashdl_enable
1888 * Begins the flash download state. Checks to see that we're not
1889 * already in a download state and that a port isn't enabled.
1890 * Sets the download state and retrieves the flash download
1891 * buffer location, buffer size, and timeout length.
1894 * hw device structure
1898 * >0 f/w reported error - f/w status code
1899 * <0 driver reported error
1905 ----------------------------------------------------------------*/
1906 int hfa384x_drvr_flashdl_enable(hfa384x_t *hw)
1911 /* Check that a port isn't active */
1912 for (i = 0; i < HFA384x_PORTID_MAX; i++) {
1913 if (hw->port_enabled[i]) {
1914 pr_debug("called when port enabled.\n");
1919 /* Check that we're not already in a download state */
1920 if (hw->dlstate != HFA384x_DLSTATE_DISABLED)
1923 /* Retrieve the buffer loc&size and timeout */
1924 if ((result = hfa384x_drvr_getconfig(hw, HFA384x_RID_DOWNLOADBUFFER,
1926 sizeof(hw->bufinfo)))) {
1929 hw->bufinfo.page = le16_to_cpu(hw->bufinfo.page);
1930 hw->bufinfo.offset = le16_to_cpu(hw->bufinfo.offset);
1931 hw->bufinfo.len = le16_to_cpu(hw->bufinfo.len);
1932 if ((result = hfa384x_drvr_getconfig16(hw, HFA384x_RID_MAXLOADTIME,
1933 &(hw->dltimeout)))) {
1936 hw->dltimeout = le16_to_cpu(hw->dltimeout);
1938 pr_debug("flashdl_enable\n");
1940 hw->dlstate = HFA384x_DLSTATE_FLASHENABLED;
1945 /*----------------------------------------------------------------
1946 * hfa384x_drvr_flashdl_disable
1948 * Ends the flash download state. Note that this will cause the MAC
1949 * firmware to restart.
1952 * hw device structure
1956 * >0 f/w reported error - f/w status code
1957 * <0 driver reported error
1963 ----------------------------------------------------------------*/
1964 int hfa384x_drvr_flashdl_disable(hfa384x_t *hw)
1966 /* Check that we're already in the download state */
1967 if (hw->dlstate != HFA384x_DLSTATE_FLASHENABLED)
1970 pr_debug("flashdl_enable\n");
1972 /* There isn't much we can do at this point, so I don't */
1973 /* bother w/ the return value */
1974 hfa384x_cmd_download(hw, HFA384x_PROGMODE_DISABLE, 0, 0, 0);
1975 hw->dlstate = HFA384x_DLSTATE_DISABLED;
1980 /*----------------------------------------------------------------
1981 * hfa384x_drvr_flashdl_write
1983 * Performs a FLASH download of a chunk of data. First checks to see
1984 * that we're in the FLASH download state, then sets the download
1985 * mode, uses the aux functions to 1) copy the data to the flash
1986 * buffer, 2) sets the download 'write flash' mode, 3) readback and
1987 * compare. Lather rinse, repeat as many times an necessary to get
1988 * all the given data into flash.
1989 * When all data has been written using this function (possibly
1990 * repeatedly), call drvr_flashdl_disable() to end the download state
1991 * and restart the MAC.
1994 * hw device structure
1995 * daddr Card address to write to. (host order)
1996 * buf Ptr to data to write.
1997 * len Length of data (host order).
2001 * >0 f/w reported error - f/w status code
2002 * <0 driver reported error
2008 ----------------------------------------------------------------*/
2009 int hfa384x_drvr_flashdl_write(hfa384x_t *hw, u32 daddr, void *buf, u32 len)
2026 pr_debug("daddr=0x%08x len=%d\n", daddr, len);
2028 /* Check that we're in the flash download state */
2029 if (hw->dlstate != HFA384x_DLSTATE_FLASHENABLED)
2032 printk(KERN_INFO "Download %d bytes to flash @0x%06x\n", len, daddr);
2034 /* Convert to flat address for arithmetic */
2035 /* NOTE: dlbuffer RID stores the address in AUX format */
2037 HFA384x_ADDR_AUX_MKFLAT(hw->bufinfo.page, hw->bufinfo.offset);
2039 "dlbuf.page=0x%04x dlbuf.offset=0x%04x dlbufaddr=0x%08x\n",
2040 hw->bufinfo.page, hw->bufinfo.offset, dlbufaddr);
2043 printk(KERN_WARNING "dlbuf@0x%06lx len=%d to=%d\n", dlbufaddr,
2044 hw->bufinfo.len, hw->dltimeout);
2046 /* Calculations to determine how many fills of the dlbuffer to do
2047 * and how many USB wmemreq's to do for each fill. At this point
2048 * in time, the dlbuffer size and the wmemreq size are the same.
2049 * Therefore, nwrites should always be 1. The extra complexity
2050 * here is a hedge against future changes.
2053 /* Figure out how many times to do the flash programming */
2054 nburns = len / hw->bufinfo.len;
2055 nburns += (len % hw->bufinfo.len) ? 1 : 0;
2057 /* For each flash program cycle, how many USB wmemreq's are needed? */
2058 nwrites = hw->bufinfo.len / HFA384x_USB_RWMEM_MAXLEN;
2059 nwrites += (hw->bufinfo.len % HFA384x_USB_RWMEM_MAXLEN) ? 1 : 0;
2062 for (i = 0; i < nburns; i++) {
2063 /* Get the dest address and len */
2064 burnlen = (len - (hw->bufinfo.len * i)) > hw->bufinfo.len ?
2065 hw->bufinfo.len : (len - (hw->bufinfo.len * i));
2066 burndaddr = daddr + (hw->bufinfo.len * i);
2067 burnlo = HFA384x_ADDR_CMD_MKOFF(burndaddr);
2068 burnhi = HFA384x_ADDR_CMD_MKPAGE(burndaddr);
2070 printk(KERN_INFO "Writing %d bytes to flash @0x%06x\n",
2071 burnlen, burndaddr);
2073 /* Set the download mode */
2074 result = hfa384x_cmd_download(hw, HFA384x_PROGMODE_NV,
2075 burnlo, burnhi, burnlen);
2077 printk(KERN_ERR "download(NV,lo=%x,hi=%x,len=%x) "
2078 "cmd failed, result=%d. Aborting d/l\n",
2079 burnlo, burnhi, burnlen, result);
2083 /* copy the data to the flash download buffer */
2084 for (j = 0; j < nwrites; j++) {
2086 (i * hw->bufinfo.len) +
2087 (j * HFA384x_USB_RWMEM_MAXLEN);
2089 writepage = HFA384x_ADDR_CMD_MKPAGE(dlbufaddr +
2091 HFA384x_USB_RWMEM_MAXLEN));
2093 HFA384x_ADDR_CMD_MKOFF(dlbufaddr +
2095 HFA384x_USB_RWMEM_MAXLEN));
2097 writelen = burnlen - (j * HFA384x_USB_RWMEM_MAXLEN);
2098 writelen = writelen > HFA384x_USB_RWMEM_MAXLEN ?
2099 HFA384x_USB_RWMEM_MAXLEN : writelen;
2101 result = hfa384x_dowmem_wait(hw,
2104 writebuf, writelen);
2107 /* set the download 'write flash' mode */
2108 result = hfa384x_cmd_download(hw,
2109 HFA384x_PROGMODE_NVWRITE,
2113 "download(NVWRITE,lo=%x,hi=%x,len=%x) "
2114 "cmd failed, result=%d. Aborting d/l\n",
2115 burnlo, burnhi, burnlen, result);
2119 /* TODO: We really should do a readback and compare. */
2124 /* Leave the firmware in the 'post-prog' mode. flashdl_disable will */
2125 /* actually disable programming mode. Remember, that will cause the */
2126 /* the firmware to effectively reset itself. */
2131 /*----------------------------------------------------------------
2132 * hfa384x_drvr_getconfig
2134 * Performs the sequence necessary to read a config/info item.
2137 * hw device structure
2138 * rid config/info record id (host order)
2139 * buf host side record buffer. Upon return it will
2140 * contain the body portion of the record (minus the
2142 * len buffer length (in bytes, should match record length)
2146 * >0 f/w reported error - f/w status code
2147 * <0 driver reported error
2148 * -ENODATA length mismatch between argument and retrieved
2155 ----------------------------------------------------------------*/
2156 int hfa384x_drvr_getconfig(hfa384x_t *hw, u16 rid, void *buf, u16 len)
2160 result = hfa384x_dorrid_wait(hw, rid, buf, len);
2165 /*----------------------------------------------------------------
2166 * hfa384x_drvr_getconfig_async
2168 * Performs the sequence necessary to perform an async read of
2169 * of a config/info item.
2172 * hw device structure
2173 * rid config/info record id (host order)
2174 * buf host side record buffer. Upon return it will
2175 * contain the body portion of the record (minus the
2177 * len buffer length (in bytes, should match record length)
2178 * cbfn caller supplied callback, called when the command
2179 * is done (successful or not).
2180 * cbfndata pointer to some caller supplied data that will be
2181 * passed in as an argument to the cbfn.
2184 * nothing the cbfn gets a status argument identifying if
2187 * Queues an hfa384x_usbcmd_t for subsequent execution.
2191 ----------------------------------------------------------------*/
2193 hfa384x_drvr_getconfig_async(hfa384x_t *hw,
2194 u16 rid, ctlx_usercb_t usercb, void *usercb_data)
2196 return hfa384x_dorrid_async(hw, rid, NULL, 0,
2197 hfa384x_cb_rrid, usercb, usercb_data);
2200 /*----------------------------------------------------------------
2201 * hfa384x_drvr_setconfig_async
2203 * Performs the sequence necessary to write a config/info item.
2206 * hw device structure
2207 * rid config/info record id (in host order)
2208 * buf host side record buffer
2209 * len buffer length (in bytes)
2210 * usercb completion callback
2211 * usercb_data completion callback argument
2215 * >0 f/w reported error - f/w status code
2216 * <0 driver reported error
2222 ----------------------------------------------------------------*/
2224 hfa384x_drvr_setconfig_async(hfa384x_t *hw,
2227 u16 len, ctlx_usercb_t usercb, void *usercb_data)
2229 return hfa384x_dowrid_async(hw, rid, buf, len,
2230 hfa384x_cb_status, usercb, usercb_data);
2233 /*----------------------------------------------------------------
2234 * hfa384x_drvr_ramdl_disable
2236 * Ends the ram download state.
2239 * hw device structure
2243 * >0 f/w reported error - f/w status code
2244 * <0 driver reported error
2250 ----------------------------------------------------------------*/
2251 int hfa384x_drvr_ramdl_disable(hfa384x_t *hw)
2253 /* Check that we're already in the download state */
2254 if (hw->dlstate != HFA384x_DLSTATE_RAMENABLED)
2257 pr_debug("ramdl_disable()\n");
2259 /* There isn't much we can do at this point, so I don't */
2260 /* bother w/ the return value */
2261 hfa384x_cmd_download(hw, HFA384x_PROGMODE_DISABLE, 0, 0, 0);
2262 hw->dlstate = HFA384x_DLSTATE_DISABLED;
2267 /*----------------------------------------------------------------
2268 * hfa384x_drvr_ramdl_enable
2270 * Begins the ram download state. Checks to see that we're not
2271 * already in a download state and that a port isn't enabled.
2272 * Sets the download state and calls cmd_download with the
2273 * ENABLE_VOLATILE subcommand and the exeaddr argument.
2276 * hw device structure
2277 * exeaddr the card execution address that will be
2278 * jumped to when ramdl_disable() is called
2283 * >0 f/w reported error - f/w status code
2284 * <0 driver reported error
2290 ----------------------------------------------------------------*/
2291 int hfa384x_drvr_ramdl_enable(hfa384x_t *hw, u32 exeaddr)
2298 /* Check that a port isn't active */
2299 for (i = 0; i < HFA384x_PORTID_MAX; i++) {
2300 if (hw->port_enabled[i]) {
2302 "Can't download with a macport enabled.\n");
2307 /* Check that we're not already in a download state */
2308 if (hw->dlstate != HFA384x_DLSTATE_DISABLED) {
2309 printk(KERN_ERR "Download state not disabled.\n");
2313 pr_debug("ramdl_enable, exeaddr=0x%08x\n", exeaddr);
2315 /* Call the download(1,addr) function */
2316 lowaddr = HFA384x_ADDR_CMD_MKOFF(exeaddr);
2317 hiaddr = HFA384x_ADDR_CMD_MKPAGE(exeaddr);
2319 result = hfa384x_cmd_download(hw, HFA384x_PROGMODE_RAM,
2320 lowaddr, hiaddr, 0);
2323 /* Set the download state */
2324 hw->dlstate = HFA384x_DLSTATE_RAMENABLED;
2327 "cmd_download(0x%04x, 0x%04x) failed, result=%d.\n",
2328 lowaddr, hiaddr, result);
2334 /*----------------------------------------------------------------
2335 * hfa384x_drvr_ramdl_write
2337 * Performs a RAM download of a chunk of data. First checks to see
2338 * that we're in the RAM download state, then uses the [read|write]mem USB
2339 * commands to 1) copy the data, 2) readback and compare. The download
2340 * state is unaffected. When all data has been written using
2341 * this function, call drvr_ramdl_disable() to end the download state
2342 * and restart the MAC.
2345 * hw device structure
2346 * daddr Card address to write to. (host order)
2347 * buf Ptr to data to write.
2348 * len Length of data (host order).
2352 * >0 f/w reported error - f/w status code
2353 * <0 driver reported error
2359 ----------------------------------------------------------------*/
2360 int hfa384x_drvr_ramdl_write(hfa384x_t *hw, u32 daddr, void *buf, u32 len)
2371 /* Check that we're in the ram download state */
2372 if (hw->dlstate != HFA384x_DLSTATE_RAMENABLED)
2375 printk(KERN_INFO "Writing %d bytes to ram @0x%06x\n", len, daddr);
2377 /* How many dowmem calls? */
2378 nwrites = len / HFA384x_USB_RWMEM_MAXLEN;
2379 nwrites += len % HFA384x_USB_RWMEM_MAXLEN ? 1 : 0;
2381 /* Do blocking wmem's */
2382 for (i = 0; i < nwrites; i++) {
2383 /* make address args */
2384 curraddr = daddr + (i * HFA384x_USB_RWMEM_MAXLEN);
2385 currpage = HFA384x_ADDR_CMD_MKPAGE(curraddr);
2386 curroffset = HFA384x_ADDR_CMD_MKOFF(curraddr);
2387 currlen = len - (i * HFA384x_USB_RWMEM_MAXLEN);
2388 if (currlen > HFA384x_USB_RWMEM_MAXLEN)
2389 currlen = HFA384x_USB_RWMEM_MAXLEN;
2391 /* Do blocking ctlx */
2392 result = hfa384x_dowmem_wait(hw,
2396 (i * HFA384x_USB_RWMEM_MAXLEN),
2402 /* TODO: We really should have a readback. */
2408 /*----------------------------------------------------------------
2409 * hfa384x_drvr_readpda
2411 * Performs the sequence to read the PDA space. Note there is no
2412 * drvr_writepda() function. Writing a PDA is
2413 * generally implemented by a calling component via calls to
2414 * cmd_download and writing to the flash download buffer via the
2418 * hw device structure
2419 * buf buffer to store PDA in
2424 * >0 f/w reported error - f/w status code
2425 * <0 driver reported error
2426 * -ETIMEDOUT timout waiting for the cmd regs to become
2427 * available, or waiting for the control reg
2428 * to indicate the Aux port is enabled.
2429 * -ENODATA the buffer does NOT contain a valid PDA.
2430 * Either the card PDA is bad, or the auxdata
2431 * reads are giving us garbage.
2437 * process or non-card interrupt.
2438 ----------------------------------------------------------------*/
2439 int hfa384x_drvr_readpda(hfa384x_t *hw, void *buf, unsigned int len)
2445 int currpdr = 0; /* word offset of the current pdr */
2447 u16 pdrlen; /* pdr length in bytes, host order */
2448 u16 pdrcode; /* pdr code, host order */
2456 HFA3842_PDA_BASE, 0}, {
2457 HFA3841_PDA_BASE, 0}, {
2458 HFA3841_PDA_BOGUS_BASE, 0}
2461 /* Read the pda from each known address. */
2462 for (i = 0; i < ARRAY_SIZE(pdaloc); i++) {
2464 currpage = HFA384x_ADDR_CMD_MKPAGE(pdaloc[i].cardaddr);
2465 curroffset = HFA384x_ADDR_CMD_MKOFF(pdaloc[i].cardaddr);
2467 result = hfa384x_dormem_wait(hw, currpage, curroffset, buf, len); /* units of bytes */
2471 "Read from index %zd failed, continuing\n", i);
2475 /* Test for garbage */
2476 pdaok = 1; /* initially assume good */
2478 while (pdaok && morepdrs) {
2479 pdrlen = le16_to_cpu(pda[currpdr]) * 2;
2480 pdrcode = le16_to_cpu(pda[currpdr + 1]);
2481 /* Test the record length */
2482 if (pdrlen > HFA384x_PDR_LEN_MAX || pdrlen == 0) {
2483 printk(KERN_ERR "pdrlen invalid=%d\n", pdrlen);
2488 if (!hfa384x_isgood_pdrcode(pdrcode)) {
2489 printk(KERN_ERR "pdrcode invalid=%d\n",
2494 /* Test for completion */
2495 if (pdrcode == HFA384x_PDR_END_OF_PDA)
2498 /* Move to the next pdr (if necessary) */
2500 /* note the access to pda[], need words here */
2501 currpdr += le16_to_cpu(pda[currpdr]) + 1;
2506 "PDA Read from 0x%08x in %s space.\n",
2508 pdaloc[i].auxctl == 0 ? "EXTDS" :
2509 pdaloc[i].auxctl == 1 ? "NV" :
2510 pdaloc[i].auxctl == 2 ? "PHY" :
2511 pdaloc[i].auxctl == 3 ? "ICSRAM" :
2516 result = pdaok ? 0 : -ENODATA;
2519 pr_debug("Failure: pda is not okay\n");
2524 /*----------------------------------------------------------------
2525 * hfa384x_drvr_setconfig
2527 * Performs the sequence necessary to write a config/info item.
2530 * hw device structure
2531 * rid config/info record id (in host order)
2532 * buf host side record buffer
2533 * len buffer length (in bytes)
2537 * >0 f/w reported error - f/w status code
2538 * <0 driver reported error
2544 ----------------------------------------------------------------*/
2545 int hfa384x_drvr_setconfig(hfa384x_t *hw, u16 rid, void *buf, u16 len)
2547 return hfa384x_dowrid_wait(hw, rid, buf, len);
2550 /*----------------------------------------------------------------
2551 * hfa384x_drvr_start
2553 * Issues the MAC initialize command, sets up some data structures,
2554 * and enables the interrupts. After this function completes, the
2555 * low-level stuff should be ready for any/all commands.
2558 * hw device structure
2561 * >0 f/w reported error - f/w status code
2562 * <0 driver reported error
2568 ----------------------------------------------------------------*/
2570 int hfa384x_drvr_start(hfa384x_t *hw)
2572 int result, result1, result2;
2577 /* Clear endpoint stalls - but only do this if the endpoint
2578 * is showing a stall status. Some prism2 cards seem to behave
2579 * badly if a clear_halt is called when the endpoint is already
2583 usb_get_status(hw->usb, USB_RECIP_ENDPOINT, hw->endp_in, &status);
2585 printk(KERN_ERR "Cannot get bulk in endpoint status.\n");
2588 if ((status == 1) && usb_clear_halt(hw->usb, hw->endp_in))
2589 printk(KERN_ERR "Failed to reset bulk in endpoint.\n");
2592 usb_get_status(hw->usb, USB_RECIP_ENDPOINT, hw->endp_out, &status);
2594 printk(KERN_ERR "Cannot get bulk out endpoint status.\n");
2597 if ((status == 1) && usb_clear_halt(hw->usb, hw->endp_out))
2598 printk(KERN_ERR "Failed to reset bulk out endpoint.\n");
2600 /* Synchronous unlink, in case we're trying to restart the driver */
2601 usb_kill_urb(&hw->rx_urb);
2603 /* Post the IN urb */
2604 result = submit_rx_urb(hw, GFP_KERNEL);
2607 "Fatal, failed to submit RX URB, result=%d\n", result);
2611 /* Call initialize twice, with a 1 second sleep in between.
2612 * This is a nasty work-around since many prism2 cards seem to
2613 * need time to settle after an init from cold. The second
2614 * call to initialize in theory is not necessary - but we call
2615 * it anyway as a double insurance policy:
2616 * 1) If the first init should fail, the second may well succeed
2617 * and the card can still be used
2618 * 2) It helps ensures all is well with the card after the first
2619 * init and settle time.
2621 result1 = hfa384x_cmd_initialize(hw);
2623 result = result2 = hfa384x_cmd_initialize(hw);
2627 "cmd_initialize() failed on two attempts, results %d and %d\n",
2629 usb_kill_urb(&hw->rx_urb);
2633 "First cmd_initialize() failed (result %d),\n",
2636 "but second attempt succeeded. All should be ok\n");
2638 } else if (result2 != 0) {
2640 "First cmd_initialize() succeeded, but second attempt failed (result=%d)\n",
2643 "Most likely the card will be functional\n");
2647 hw->state = HFA384x_STATE_RUNNING;
2653 /*----------------------------------------------------------------
2656 * Shuts down the MAC to the point where it is safe to unload the
2657 * driver. Any subsystem that may be holding a data or function
2658 * ptr into the driver must be cleared/deinitialized.
2661 * hw device structure
2664 * >0 f/w reported error - f/w status code
2665 * <0 driver reported error
2671 ----------------------------------------------------------------*/
2672 int hfa384x_drvr_stop(hfa384x_t *hw)
2679 /* There's no need for spinlocks here. The USB "disconnect"
2680 * function sets this "removed" flag and then calls us.
2682 if (!hw->wlandev->hwremoved) {
2683 /* Call initialize to leave the MAC in its 'reset' state */
2684 hfa384x_cmd_initialize(hw);
2686 /* Cancel the rxurb */
2687 usb_kill_urb(&hw->rx_urb);
2690 hw->link_status = HFA384x_LINK_NOTCONNECTED;
2691 hw->state = HFA384x_STATE_INIT;
2693 del_timer_sync(&hw->commsqual_timer);
2695 /* Clear all the port status */
2696 for (i = 0; i < HFA384x_NUMPORTS_MAX; i++)
2697 hw->port_enabled[i] = 0;
2702 /*----------------------------------------------------------------
2703 * hfa384x_drvr_txframe
2705 * Takes a frame from prism2sta and queues it for transmission.
2708 * hw device structure
2709 * skb packet buffer struct. Contains an 802.11
2711 * p80211_hdr points to the 802.11 header for the packet.
2713 * 0 Success and more buffs available
2714 * 1 Success but no more buffs
2715 * 2 Allocation failure
2716 * 4 Buffer full or queue busy
2722 ----------------------------------------------------------------*/
2723 int hfa384x_drvr_txframe(hfa384x_t *hw, struct sk_buff *skb,
2724 p80211_hdr_t *p80211_hdr,
2725 p80211_metawep_t *p80211_wep)
2727 int usbpktlen = sizeof(hfa384x_tx_frame_t);
2732 if (hw->tx_urb.status == -EINPROGRESS) {
2733 printk(KERN_WARNING "TX URB already in use\n");
2738 /* Build Tx frame structure */
2739 /* Set up the control field */
2740 memset(&hw->txbuff.txfrm.desc, 0, sizeof(hw->txbuff.txfrm.desc));
2742 /* Setup the usb type field */
2743 hw->txbuff.type = cpu_to_le16(HFA384x_USB_TXFRM);
2745 /* Set up the sw_support field to identify this frame */
2746 hw->txbuff.txfrm.desc.sw_support = 0x0123;
2748 /* Tx complete and Tx exception disable per dleach. Might be causing
2751 /* #define DOEXC SLP -- doboth breaks horribly under load, doexc less so. */
2753 hw->txbuff.txfrm.desc.tx_control =
2754 HFA384x_TX_MACPORT_SET(0) | HFA384x_TX_STRUCTYPE_SET(1) |
2755 HFA384x_TX_TXEX_SET(1) | HFA384x_TX_TXOK_SET(1);
2756 #elif defined(DOEXC)
2757 hw->txbuff.txfrm.desc.tx_control =
2758 HFA384x_TX_MACPORT_SET(0) | HFA384x_TX_STRUCTYPE_SET(1) |
2759 HFA384x_TX_TXEX_SET(1) | HFA384x_TX_TXOK_SET(0);
2761 hw->txbuff.txfrm.desc.tx_control =
2762 HFA384x_TX_MACPORT_SET(0) | HFA384x_TX_STRUCTYPE_SET(1) |
2763 HFA384x_TX_TXEX_SET(0) | HFA384x_TX_TXOK_SET(0);
2765 hw->txbuff.txfrm.desc.tx_control =
2766 cpu_to_le16(hw->txbuff.txfrm.desc.tx_control);
2768 /* copy the header over to the txdesc */
2769 memcpy(&(hw->txbuff.txfrm.desc.frame_control), p80211_hdr,
2770 sizeof(p80211_hdr_t));
2772 /* if we're using host WEP, increase size by IV+ICV */
2773 if (p80211_wep->data) {
2774 hw->txbuff.txfrm.desc.data_len = cpu_to_le16(skb->len + 8);
2777 hw->txbuff.txfrm.desc.data_len = cpu_to_le16(skb->len);
2780 usbpktlen += skb->len;
2782 /* copy over the WEP IV if we are using host WEP */
2783 ptr = hw->txbuff.txfrm.data;
2784 if (p80211_wep->data) {
2785 memcpy(ptr, p80211_wep->iv, sizeof(p80211_wep->iv));
2786 ptr += sizeof(p80211_wep->iv);
2787 memcpy(ptr, p80211_wep->data, skb->len);
2789 memcpy(ptr, skb->data, skb->len);
2791 /* copy over the packet data */
2794 /* copy over the WEP ICV if we are using host WEP */
2795 if (p80211_wep->data)
2796 memcpy(ptr, p80211_wep->icv, sizeof(p80211_wep->icv));
2798 /* Send the USB packet */
2799 usb_fill_bulk_urb(&(hw->tx_urb), hw->usb,
2801 &(hw->txbuff), ROUNDUP64(usbpktlen),
2802 hfa384x_usbout_callback, hw->wlandev);
2803 hw->tx_urb.transfer_flags |= USB_QUEUE_BULK;
2806 ret = submit_tx_urb(hw, &hw->tx_urb, GFP_ATOMIC);
2808 printk(KERN_ERR "submit_tx_urb() failed, error=%d\n", ret);
2816 void hfa384x_tx_timeout(wlandevice_t *wlandev)
2818 hfa384x_t *hw = wlandev->priv;
2819 unsigned long flags;
2821 spin_lock_irqsave(&hw->ctlxq.lock, flags);
2823 if (!hw->wlandev->hwremoved &&
2824 /* Note the bitwise OR, not the logical OR. */
2825 (!test_and_set_bit(WORK_TX_HALT, &hw->usb_flags) |
2826 !test_and_set_bit(WORK_RX_HALT, &hw->usb_flags))) {
2827 schedule_work(&hw->usb_work);
2830 spin_unlock_irqrestore(&hw->ctlxq.lock, flags);
2833 /*----------------------------------------------------------------
2834 * hfa384x_usbctlx_reaper_task
2836 * Tasklet to delete dead CTLX objects
2839 * data ptr to a hfa384x_t
2845 ----------------------------------------------------------------*/
2846 static void hfa384x_usbctlx_reaper_task(unsigned long data)
2848 hfa384x_t *hw = (hfa384x_t *) data;
2849 struct list_head *entry;
2850 struct list_head *temp;
2851 unsigned long flags;
2853 spin_lock_irqsave(&hw->ctlxq.lock, flags);
2855 /* This list is guaranteed to be empty if someone
2856 * has unplugged the adapter.
2858 list_for_each_safe(entry, temp, &hw->ctlxq.reapable) {
2859 hfa384x_usbctlx_t *ctlx;
2861 ctlx = list_entry(entry, hfa384x_usbctlx_t, list);
2862 list_del(&ctlx->list);
2866 spin_unlock_irqrestore(&hw->ctlxq.lock, flags);
2870 /*----------------------------------------------------------------
2871 * hfa384x_usbctlx_completion_task
2873 * Tasklet to call completion handlers for returned CTLXs
2876 * data ptr to hfa384x_t
2883 ----------------------------------------------------------------*/
2884 static void hfa384x_usbctlx_completion_task(unsigned long data)
2886 hfa384x_t *hw = (hfa384x_t *) data;
2887 struct list_head *entry;
2888 struct list_head *temp;
2889 unsigned long flags;
2893 spin_lock_irqsave(&hw->ctlxq.lock, flags);
2895 /* This list is guaranteed to be empty if someone
2896 * has unplugged the adapter ...
2898 list_for_each_safe(entry, temp, &hw->ctlxq.completing) {
2899 hfa384x_usbctlx_t *ctlx;
2901 ctlx = list_entry(entry, hfa384x_usbctlx_t, list);
2903 /* Call the completion function that this
2904 * command was assigned, assuming it has one.
2906 if (ctlx->cmdcb != NULL) {
2907 spin_unlock_irqrestore(&hw->ctlxq.lock, flags);
2908 ctlx->cmdcb(hw, ctlx);
2909 spin_lock_irqsave(&hw->ctlxq.lock, flags);
2911 /* Make sure we don't try and complete
2912 * this CTLX more than once!
2916 /* Did someone yank the adapter out
2917 * while our list was (briefly) unlocked?
2919 if (hw->wlandev->hwremoved) {
2926 * "Reapable" CTLXs are ones which don't have any
2927 * threads waiting for them to die. Hence they must
2928 * be delivered to The Reaper!
2930 if (ctlx->reapable) {
2931 /* Move the CTLX off the "completing" list (hopefully)
2932 * on to the "reapable" list where the reaper task
2933 * can find it. And "reapable" means that this CTLX
2934 * isn't sitting on a wait-queue somewhere.
2936 list_move_tail(&ctlx->list, &hw->ctlxq.reapable);
2940 complete(&ctlx->done);
2942 spin_unlock_irqrestore(&hw->ctlxq.lock, flags);
2945 tasklet_schedule(&hw->reaper_bh);
2948 /*----------------------------------------------------------------
2949 * unlocked_usbctlx_cancel_async
2951 * Mark the CTLX dead asynchronously, and ensure that the
2952 * next command on the queue is run afterwards.
2955 * hw ptr to the hfa384x_t structure
2956 * ctlx ptr to a CTLX structure
2959 * 0 the CTLX's URB is inactive
2960 * -EINPROGRESS the URB is currently being unlinked
2963 * Either process or interrupt, but presumably interrupt
2964 ----------------------------------------------------------------*/
2965 static int unlocked_usbctlx_cancel_async(hfa384x_t *hw,
2966 hfa384x_usbctlx_t *ctlx)
2971 * Try to delete the URB containing our request packet.
2972 * If we succeed, then its completion handler will be
2973 * called with a status of -ECONNRESET.
2975 hw->ctlx_urb.transfer_flags |= URB_ASYNC_UNLINK;
2976 ret = usb_unlink_urb(&hw->ctlx_urb);
2978 if (ret != -EINPROGRESS) {
2980 * The OUT URB had either already completed
2981 * or was still in the pending queue, so the
2982 * URB's completion function will not be called.
2983 * We will have to complete the CTLX ourselves.
2985 ctlx->state = CTLX_REQ_FAILED;
2986 unlocked_usbctlx_complete(hw, ctlx);
2993 /*----------------------------------------------------------------
2994 * unlocked_usbctlx_complete
2996 * A CTLX has completed. It may have been successful, it may not
2997 * have been. At this point, the CTLX should be quiescent. The URBs
2998 * aren't active and the timers should have been stopped.
3000 * The CTLX is migrated to the "completing" queue, and the completing
3001 * tasklet is scheduled.
3004 * hw ptr to a hfa384x_t structure
3005 * ctlx ptr to a ctlx structure
3013 * Either, assume interrupt
3014 ----------------------------------------------------------------*/
3015 static void unlocked_usbctlx_complete(hfa384x_t *hw, hfa384x_usbctlx_t *ctlx)
3017 /* Timers have been stopped, and ctlx should be in
3018 * a terminal state. Retire it from the "active"
3021 list_move_tail(&ctlx->list, &hw->ctlxq.completing);
3022 tasklet_schedule(&hw->completion_bh);
3024 switch (ctlx->state) {
3026 case CTLX_REQ_FAILED:
3027 /* This are the correct terminating states. */
3031 printk(KERN_ERR "CTLX[%d] not in a terminating state(%s)\n",
3032 le16_to_cpu(ctlx->outbuf.type),
3033 ctlxstr(ctlx->state));
3038 /*----------------------------------------------------------------
3039 * hfa384x_usbctlxq_run
3041 * Checks to see if the head item is running. If not, starts it.
3044 * hw ptr to hfa384x_t
3053 ----------------------------------------------------------------*/
3054 static void hfa384x_usbctlxq_run(hfa384x_t *hw)
3056 unsigned long flags;
3059 spin_lock_irqsave(&hw->ctlxq.lock, flags);
3061 /* Only one active CTLX at any one time, because there's no
3062 * other (reliable) way to match the response URB to the
3065 * Don't touch any of these CTLXs if the hardware
3066 * has been removed or the USB subsystem is stalled.
3068 if (!list_empty(&hw->ctlxq.active) ||
3069 test_bit(WORK_TX_HALT, &hw->usb_flags) || hw->wlandev->hwremoved)
3072 while (!list_empty(&hw->ctlxq.pending)) {
3073 hfa384x_usbctlx_t *head;
3076 /* This is the first pending command */
3077 head = list_entry(hw->ctlxq.pending.next,
3078 hfa384x_usbctlx_t, list);
3080 /* We need to split this off to avoid a race condition */
3081 list_move_tail(&head->list, &hw->ctlxq.active);
3083 /* Fill the out packet */
3084 usb_fill_bulk_urb(&(hw->ctlx_urb), hw->usb,
3086 &(head->outbuf), ROUNDUP64(head->outbufsize),
3087 hfa384x_ctlxout_callback, hw);
3088 hw->ctlx_urb.transfer_flags |= USB_QUEUE_BULK;
3090 /* Now submit the URB and update the CTLX's state
3092 if ((result = SUBMIT_URB(&hw->ctlx_urb, GFP_ATOMIC)) == 0) {
3093 /* This CTLX is now running on the active queue */
3094 head->state = CTLX_REQ_SUBMITTED;
3096 /* Start the OUT wait timer */
3097 hw->req_timer_done = 0;
3098 hw->reqtimer.expires = jiffies + HZ;
3099 add_timer(&hw->reqtimer);
3101 /* Start the IN wait timer */
3102 hw->resp_timer_done = 0;
3103 hw->resptimer.expires = jiffies + 2 * HZ;
3104 add_timer(&hw->resptimer);
3109 if (result == -EPIPE) {
3110 /* The OUT pipe needs resetting, so put
3111 * this CTLX back in the "pending" queue
3112 * and schedule a reset ...
3115 "%s tx pipe stalled: requesting reset\n",
3116 hw->wlandev->netdev->name);
3117 list_move(&head->list, &hw->ctlxq.pending);
3118 set_bit(WORK_TX_HALT, &hw->usb_flags);
3119 schedule_work(&hw->usb_work);
3123 if (result == -ESHUTDOWN) {
3124 printk(KERN_WARNING "%s urb shutdown!\n",
3125 hw->wlandev->netdev->name);
3129 printk(KERN_ERR "Failed to submit CTLX[%d]: error=%d\n",
3130 le16_to_cpu(head->outbuf.type), result);
3131 unlocked_usbctlx_complete(hw, head);
3135 spin_unlock_irqrestore(&hw->ctlxq.lock, flags);
3138 /*----------------------------------------------------------------
3139 * hfa384x_usbin_callback
3141 * Callback for URBs on the BULKIN endpoint.
3144 * urb ptr to the completed urb
3153 ----------------------------------------------------------------*/
3154 static void hfa384x_usbin_callback(struct urb *urb)
3156 wlandevice_t *wlandev = urb->context;
3158 hfa384x_usbin_t *usbin = (hfa384x_usbin_t *) urb->transfer_buffer;
3159 struct sk_buff *skb = NULL;
3170 if (!wlandev || !wlandev->netdev || wlandev->hwremoved)
3177 skb = hw->rx_urb_skb;
3178 BUG_ON(!skb || (skb->data != urb->transfer_buffer));
3180 hw->rx_urb_skb = NULL;
3182 /* Check for error conditions within the URB */
3183 switch (urb->status) {
3187 /* Check for short packet */
3188 if (urb->actual_length == 0) {
3189 ++(wlandev->linux_stats.rx_errors);
3190 ++(wlandev->linux_stats.rx_length_errors);
3196 printk(KERN_WARNING "%s rx pipe stalled: requesting reset\n",
3197 wlandev->netdev->name);
3198 if (!test_and_set_bit(WORK_RX_HALT, &hw->usb_flags))
3199 schedule_work(&hw->usb_work);
3200 ++(wlandev->linux_stats.rx_errors);
3207 if (!test_and_set_bit(THROTTLE_RX, &hw->usb_flags) &&
3208 !timer_pending(&hw->throttle)) {
3209 mod_timer(&hw->throttle, jiffies + THROTTLE_JIFFIES);
3211 ++(wlandev->linux_stats.rx_errors);
3216 ++(wlandev->linux_stats.rx_over_errors);
3222 pr_debug("status=%d, device removed.\n", urb->status);
3228 pr_debug("status=%d, urb explicitly unlinked.\n",
3234 pr_debug("urb status=%d, transfer flags=0x%x\n",
3235 urb->status, urb->transfer_flags);
3236 ++(wlandev->linux_stats.rx_errors);
3241 urb_status = urb->status;
3243 if (action != ABORT) {
3244 /* Repost the RX URB */
3245 result = submit_rx_urb(hw, GFP_ATOMIC);
3249 "Fatal, failed to resubmit rx_urb. error=%d\n",
3254 /* Handle any USB-IN packet */
3255 /* Note: the check of the sw_support field, the type field doesn't
3256 * have bit 12 set like the docs suggest.
3258 type = le16_to_cpu(usbin->type);
3259 if (HFA384x_USB_ISRXFRM(type)) {
3260 if (action == HANDLE) {
3261 if (usbin->txfrm.desc.sw_support == 0x0123) {
3262 hfa384x_usbin_txcompl(wlandev, usbin);
3264 skb_put(skb, sizeof(*usbin));
3265 hfa384x_usbin_rx(wlandev, skb);
3271 if (HFA384x_USB_ISTXFRM(type)) {
3272 if (action == HANDLE)
3273 hfa384x_usbin_txcompl(wlandev, usbin);
3277 case HFA384x_USB_INFOFRM:
3278 if (action == ABORT)
3280 if (action == HANDLE)
3281 hfa384x_usbin_info(wlandev, usbin);
3284 case HFA384x_USB_CMDRESP:
3285 case HFA384x_USB_WRIDRESP:
3286 case HFA384x_USB_RRIDRESP:
3287 case HFA384x_USB_WMEMRESP:
3288 case HFA384x_USB_RMEMRESP:
3289 /* ALWAYS, ALWAYS, ALWAYS handle this CTLX!!!! */
3290 hfa384x_usbin_ctlx(hw, usbin, urb_status);
3293 case HFA384x_USB_BUFAVAIL:
3294 pr_debug("Received BUFAVAIL packet, frmlen=%d\n",
3295 usbin->bufavail.frmlen);
3298 case HFA384x_USB_ERROR:
3299 pr_debug("Received USB_ERROR packet, errortype=%d\n",
3300 usbin->usberror.errortype);
3305 "Unrecognized USBIN packet, type=%x, status=%d\n",
3306 usbin->type, urb_status);
3316 /*----------------------------------------------------------------
3317 * hfa384x_usbin_ctlx
3319 * We've received a URB containing a Prism2 "response" message.
3320 * This message needs to be matched up with a CTLX on the active
3321 * queue and our state updated accordingly.
3324 * hw ptr to hfa384x_t
3325 * usbin ptr to USB IN packet
3326 * urb_status status of this Bulk-In URB
3335 ----------------------------------------------------------------*/
3336 static void hfa384x_usbin_ctlx(hfa384x_t *hw, hfa384x_usbin_t *usbin,
3339 hfa384x_usbctlx_t *ctlx;
3341 unsigned long flags;
3344 spin_lock_irqsave(&hw->ctlxq.lock, flags);
3346 /* There can be only one CTLX on the active queue
3347 * at any one time, and this is the CTLX that the
3348 * timers are waiting for.
3350 if (list_empty(&hw->ctlxq.active))
3353 /* Remove the "response timeout". It's possible that
3354 * we are already too late, and that the timeout is
3355 * already running. And that's just too bad for us,
3356 * because we could lose our CTLX from the active
3359 if (del_timer(&hw->resptimer) == 0) {
3360 if (hw->resp_timer_done == 0) {
3361 spin_unlock_irqrestore(&hw->ctlxq.lock, flags);
3365 hw->resp_timer_done = 1;
3368 ctlx = get_active_ctlx(hw);
3370 if (urb_status != 0) {
3372 * Bad CTLX, so get rid of it. But we only
3373 * remove it from the active queue if we're no
3374 * longer expecting the OUT URB to complete.
3376 if (unlocked_usbctlx_cancel_async(hw, ctlx) == 0)
3379 const u16 intype = (usbin->type & ~cpu_to_le16(0x8000));
3382 * Check that our message is what we're expecting ...
3384 if (ctlx->outbuf.type != intype) {
3386 "Expected IN[%d], received IN[%d] - ignored.\n",
3387 le16_to_cpu(ctlx->outbuf.type),
3388 le16_to_cpu(intype));
3392 /* This URB has succeeded, so grab the data ... */
3393 memcpy(&ctlx->inbuf, usbin, sizeof(ctlx->inbuf));
3395 switch (ctlx->state) {
3396 case CTLX_REQ_SUBMITTED:
3398 * We have received our response URB before
3399 * our request has been acknowledged. Odd,
3400 * but our OUT URB is still alive...
3403 "Causality violation: please reboot Universe, or email linux-wlan-devel@lists.linux-wlan.com\n");
3404 ctlx->state = CTLX_RESP_COMPLETE;
3407 case CTLX_REQ_COMPLETE:
3409 * This is the usual path: our request
3410 * has already been acknowledged, and
3411 * now we have received the reply too.
3413 ctlx->state = CTLX_COMPLETE;
3414 unlocked_usbctlx_complete(hw, ctlx);
3420 * Throw this CTLX away ...
3423 "Matched IN URB, CTLX[%d] in invalid state(%s)."
3425 le16_to_cpu(ctlx->outbuf.type),
3426 ctlxstr(ctlx->state));
3427 if (unlocked_usbctlx_cancel_async(hw, ctlx) == 0)
3434 spin_unlock_irqrestore(&hw->ctlxq.lock, flags);
3437 hfa384x_usbctlxq_run(hw);
3440 /*----------------------------------------------------------------
3441 * hfa384x_usbin_txcompl
3443 * At this point we have the results of a previous transmit.
3446 * wlandev wlan device
3447 * usbin ptr to the usb transfer buffer
3456 ----------------------------------------------------------------*/
3457 static void hfa384x_usbin_txcompl(wlandevice_t *wlandev,
3458 hfa384x_usbin_t *usbin)
3462 status = le16_to_cpu(usbin->type); /* yeah I know it says type... */
3464 /* Was there an error? */
3465 if (HFA384x_TXSTATUS_ISERROR(status))
3466 prism2sta_ev_txexc(wlandev, status);
3468 prism2sta_ev_tx(wlandev, status);
3471 /*----------------------------------------------------------------
3474 * At this point we have a successful received a rx frame packet.
3477 * wlandev wlan device
3478 * usbin ptr to the usb transfer buffer
3487 ----------------------------------------------------------------*/
3488 static void hfa384x_usbin_rx(wlandevice_t *wlandev, struct sk_buff *skb)
3490 hfa384x_usbin_t *usbin = (hfa384x_usbin_t *) skb->data;
3491 hfa384x_t *hw = wlandev->priv;
3493 p80211_rxmeta_t *rxmeta;
3497 /* Byte order convert once up front. */
3498 usbin->rxfrm.desc.status = le16_to_cpu(usbin->rxfrm.desc.status);
3499 usbin->rxfrm.desc.time = le32_to_cpu(usbin->rxfrm.desc.time);
3501 /* Now handle frame based on port# */
3502 switch (HFA384x_RXSTATUS_MACPORT_GET(usbin->rxfrm.desc.status)) {
3504 fc = le16_to_cpu(usbin->rxfrm.desc.frame_control);
3506 /* If exclude and we receive an unencrypted, drop it */
3507 if ((wlandev->hostwep & HOSTWEP_EXCLUDEUNENCRYPTED) &&
3508 !WLAN_GET_FC_ISWEP(fc)) {
3512 data_len = le16_to_cpu(usbin->rxfrm.desc.data_len);
3514 /* How much header data do we have? */
3515 hdrlen = p80211_headerlen(fc);
3517 /* Pull off the descriptor */
3518 skb_pull(skb, sizeof(hfa384x_rx_frame_t));
3520 /* Now shunt the header block up against the data block
3521 * with an "overlapping" copy
3523 memmove(skb_push(skb, hdrlen),
3524 &usbin->rxfrm.desc.frame_control, hdrlen);
3526 skb->dev = wlandev->netdev;
3527 skb->dev->last_rx = jiffies;
3529 /* And set the frame length properly */
3530 skb_trim(skb, data_len + hdrlen);
3532 /* The prism2 series does not return the CRC */
3533 memset(skb_put(skb, WLAN_CRC_LEN), 0xff, WLAN_CRC_LEN);
3535 skb_reset_mac_header(skb);
3537 /* Attach the rxmeta, set some stuff */
3538 p80211skb_rxmeta_attach(wlandev, skb);
3539 rxmeta = P80211SKB_RXMETA(skb);
3540 rxmeta->mactime = usbin->rxfrm.desc.time;
3541 rxmeta->rxrate = usbin->rxfrm.desc.rate;
3542 rxmeta->signal = usbin->rxfrm.desc.signal - hw->dbmadjust;
3543 rxmeta->noise = usbin->rxfrm.desc.silence - hw->dbmadjust;
3545 prism2sta_ev_rx(wlandev, skb);
3550 if (!HFA384x_RXSTATUS_ISFCSERR(usbin->rxfrm.desc.status)) {
3551 /* Copy to wlansnif skb */
3552 hfa384x_int_rxmonitor(wlandev, &usbin->rxfrm);
3556 "Received monitor frame: FCSerr set\n");
3561 printk(KERN_WARNING "Received frame on unsupported port=%d\n",
3562 HFA384x_RXSTATUS_MACPORT_GET(usbin->rxfrm.desc.status));
3571 /*----------------------------------------------------------------
3572 * hfa384x_int_rxmonitor
3574 * Helper function for int_rx. Handles monitor frames.
3575 * Note that this function allocates space for the FCS and sets it
3576 * to 0xffffffff. The hfa384x doesn't give us the FCS value but the
3577 * higher layers expect it. 0xffffffff is used as a flag to indicate
3581 * wlandev wlan device structure
3582 * rxfrm rx descriptor read from card in int_rx
3588 * Allocates an skb and passes it up via the PF_PACKET interface.
3591 ----------------------------------------------------------------*/
3592 static void hfa384x_int_rxmonitor(wlandevice_t *wlandev,
3593 hfa384x_usb_rxfrm_t *rxfrm)
3595 hfa384x_rx_frame_t *rxdesc = &(rxfrm->desc);
3596 unsigned int hdrlen = 0;
3597 unsigned int datalen = 0;
3598 unsigned int skblen = 0;
3601 struct sk_buff *skb;
3602 hfa384x_t *hw = wlandev->priv;
3604 /* Don't forget the status, time, and data_len fields are in host order */
3605 /* Figure out how big the frame is */
3606 fc = le16_to_cpu(rxdesc->frame_control);
3607 hdrlen = p80211_headerlen(fc);
3608 datalen = le16_to_cpu(rxdesc->data_len);
3610 /* Allocate an ind message+framesize skb */
3611 skblen = sizeof(p80211_caphdr_t) + hdrlen + datalen + WLAN_CRC_LEN;
3613 /* sanity check the length */
3615 (sizeof(p80211_caphdr_t) +
3616 WLAN_HDR_A4_LEN + WLAN_DATA_MAXLEN + WLAN_CRC_LEN)) {
3617 pr_debug("overlen frm: len=%zd\n",
3618 skblen - sizeof(p80211_caphdr_t));
3621 if ((skb = dev_alloc_skb(skblen)) == NULL) {
3623 "alloc_skb failed trying to allocate %d bytes\n",
3628 /* only prepend the prism header if in the right mode */
3629 if ((wlandev->netdev->type == ARPHRD_IEEE80211_PRISM) &&
3630 (hw->sniffhdr != 0)) {
3631 p80211_caphdr_t *caphdr;
3632 /* The NEW header format! */
3633 datap = skb_put(skb, sizeof(p80211_caphdr_t));
3634 caphdr = (p80211_caphdr_t *) datap;
3636 caphdr->version = htonl(P80211CAPTURE_VERSION);
3637 caphdr->length = htonl(sizeof(p80211_caphdr_t));
3638 caphdr->mactime = __cpu_to_be64(rxdesc->time) * 1000;
3639 caphdr->hosttime = __cpu_to_be64(jiffies);
3640 caphdr->phytype = htonl(4); /* dss_dot11_b */
3641 caphdr->channel = htonl(hw->sniff_channel);
3642 caphdr->datarate = htonl(rxdesc->rate);
3643 caphdr->antenna = htonl(0); /* unknown */
3644 caphdr->priority = htonl(0); /* unknown */
3645 caphdr->ssi_type = htonl(3); /* rssi_raw */
3646 caphdr->ssi_signal = htonl(rxdesc->signal);
3647 caphdr->ssi_noise = htonl(rxdesc->silence);
3648 caphdr->preamble = htonl(0); /* unknown */
3649 caphdr->encoding = htonl(1); /* cck */
3652 /* Copy the 802.11 header to the skb (ctl frames may be less than a full header) */
3653 datap = skb_put(skb, hdrlen);
3654 memcpy(datap, &(rxdesc->frame_control), hdrlen);
3656 /* If any, copy the data from the card to the skb */
3658 datap = skb_put(skb, datalen);
3659 memcpy(datap, rxfrm->data, datalen);
3661 /* check for unencrypted stuff if WEP bit set. */
3662 if (*(datap - hdrlen + 1) & 0x40) /* wep set */
3663 if ((*(datap) == 0xaa) && (*(datap + 1) == 0xaa))
3664 *(datap - hdrlen + 1) &= 0xbf; // clear wep; it's the 802.2 header!
3667 if (hw->sniff_fcs) {
3669 datap = skb_put(skb, WLAN_CRC_LEN);
3670 memset(datap, 0xff, WLAN_CRC_LEN);
3673 /* pass it back up */
3674 prism2sta_ev_rx(wlandev, skb);
3679 /*----------------------------------------------------------------
3680 * hfa384x_usbin_info
3682 * At this point we have a successful received a Prism2 info frame.
3685 * wlandev wlan device
3686 * usbin ptr to the usb transfer buffer
3695 ----------------------------------------------------------------*/
3696 static void hfa384x_usbin_info(wlandevice_t * wlandev, hfa384x_usbin_t * usbin)
3698 usbin->infofrm.info.framelen =
3699 le16_to_cpu(usbin->infofrm.info.framelen);
3700 prism2sta_ev_info(wlandev, &usbin->infofrm.info);
3703 /*----------------------------------------------------------------
3704 * hfa384x_usbout_callback
3706 * Callback for URBs on the BULKOUT endpoint.
3709 * urb ptr to the completed urb
3718 ----------------------------------------------------------------*/
3719 static void hfa384x_usbout_callback(struct urb *urb)
3721 wlandevice_t *wlandev = urb->context;
3722 hfa384x_usbout_t *usbout = urb->transfer_buffer;
3728 if (wlandev && wlandev->netdev) {
3730 switch (urb->status) {
3732 hfa384x_usbout_tx(wlandev, usbout);
3737 hfa384x_t *hw = wlandev->priv;
3739 "%s tx pipe stalled: requesting reset\n",
3740 wlandev->netdev->name);
3741 if (!test_and_set_bit
3742 (WORK_TX_HALT, &hw->usb_flags))
3743 schedule_work(&hw->usb_work);
3744 ++(wlandev->linux_stats.tx_errors);
3752 hfa384x_t *hw = wlandev->priv;
3754 if (!test_and_set_bit
3755 (THROTTLE_TX, &hw->usb_flags)
3756 && !timer_pending(&hw->throttle)) {
3757 mod_timer(&hw->throttle,
3758 jiffies + THROTTLE_JIFFIES);
3760 ++(wlandev->linux_stats.tx_errors);
3761 netif_stop_queue(wlandev->netdev);
3767 /* Ignorable errors */
3771 printk(KERN_INFO "unknown urb->status=%d\n",
3773 ++(wlandev->linux_stats.tx_errors);
3779 /*----------------------------------------------------------------
3780 * hfa384x_ctlxout_callback
3782 * Callback for control data on the BULKOUT endpoint.
3785 * urb ptr to the completed urb
3794 ----------------------------------------------------------------*/
3795 static void hfa384x_ctlxout_callback(struct urb *urb)
3797 hfa384x_t *hw = urb->context;
3798 int delete_resptimer = 0;
3801 hfa384x_usbctlx_t *ctlx;
3802 unsigned long flags;
3804 pr_debug("urb->status=%d\n", urb->status);
3808 if ((urb->status == -ESHUTDOWN) ||
3809 (urb->status == -ENODEV) || (hw == NULL))
3813 spin_lock_irqsave(&hw->ctlxq.lock, flags);
3816 * Only one CTLX at a time on the "active" list, and
3817 * none at all if we are unplugged. However, we can
3818 * rely on the disconnect function to clean everything
3819 * up if someone unplugged the adapter.
3821 if (list_empty(&hw->ctlxq.active)) {
3822 spin_unlock_irqrestore(&hw->ctlxq.lock, flags);
3827 * Having something on the "active" queue means
3828 * that we have timers to worry about ...
3830 if (del_timer(&hw->reqtimer) == 0) {
3831 if (hw->req_timer_done == 0) {
3833 * This timer was actually running while we
3834 * were trying to delete it. Let it terminate
3835 * gracefully instead.
3837 spin_unlock_irqrestore(&hw->ctlxq.lock, flags);
3841 hw->req_timer_done = 1;
3844 ctlx = get_active_ctlx(hw);
3846 if (urb->status == 0) {
3847 /* Request portion of a CTLX is successful */
3848 switch (ctlx->state) {
3849 case CTLX_REQ_SUBMITTED:
3850 /* This OUT-ACK received before IN */
3851 ctlx->state = CTLX_REQ_COMPLETE;
3854 case CTLX_RESP_COMPLETE:
3855 /* IN already received before this OUT-ACK,
3856 * so this command must now be complete.
3858 ctlx->state = CTLX_COMPLETE;
3859 unlocked_usbctlx_complete(hw, ctlx);
3864 /* This is NOT a valid CTLX "success" state! */
3866 "Illegal CTLX[%d] success state(%s, %d) in OUT URB\n",
3867 le16_to_cpu(ctlx->outbuf.type),
3868 ctlxstr(ctlx->state), urb->status);
3872 /* If the pipe has stalled then we need to reset it */
3873 if ((urb->status == -EPIPE) &&
3874 !test_and_set_bit(WORK_TX_HALT, &hw->usb_flags)) {
3876 "%s tx pipe stalled: requesting reset\n",
3877 hw->wlandev->netdev->name);
3878 schedule_work(&hw->usb_work);
3881 /* If someone cancels the OUT URB then its status
3882 * should be either -ECONNRESET or -ENOENT.
3884 ctlx->state = CTLX_REQ_FAILED;
3885 unlocked_usbctlx_complete(hw, ctlx);
3886 delete_resptimer = 1;
3891 if (delete_resptimer) {
3892 if ((timer_ok = del_timer(&hw->resptimer)) != 0) {
3893 hw->resp_timer_done = 1;
3897 spin_unlock_irqrestore(&hw->ctlxq.lock, flags);
3899 if (!timer_ok && (hw->resp_timer_done == 0)) {
3900 spin_lock_irqsave(&hw->ctlxq.lock, flags);
3905 hfa384x_usbctlxq_run(hw);
3911 /*----------------------------------------------------------------
3912 * hfa384x_usbctlx_reqtimerfn
3914 * Timer response function for CTLX request timeouts. If this
3915 * function is called, it means that the callback for the OUT
3916 * URB containing a Prism2.x XXX_Request was never called.
3919 * data a ptr to the hfa384x_t
3928 ----------------------------------------------------------------*/
3929 static void hfa384x_usbctlx_reqtimerfn(unsigned long data)
3931 hfa384x_t *hw = (hfa384x_t *) data;
3932 unsigned long flags;
3934 spin_lock_irqsave(&hw->ctlxq.lock, flags);
3936 hw->req_timer_done = 1;
3938 /* Removing the hardware automatically empties
3939 * the active list ...
3941 if (!list_empty(&hw->ctlxq.active)) {
3943 * We must ensure that our URB is removed from
3944 * the system, if it hasn't already expired.
3946 hw->ctlx_urb.transfer_flags |= URB_ASYNC_UNLINK;
3947 if (usb_unlink_urb(&hw->ctlx_urb) == -EINPROGRESS) {
3948 hfa384x_usbctlx_t *ctlx = get_active_ctlx(hw);
3950 ctlx->state = CTLX_REQ_FAILED;
3952 /* This URB was active, but has now been
3953 * cancelled. It will now have a status of
3954 * -ECONNRESET in the callback function.
3956 * We are cancelling this CTLX, so we're
3957 * not going to need to wait for a response.
3958 * The URB's callback function will check
3959 * that this timer is truly dead.
3961 if (del_timer(&hw->resptimer) != 0)
3962 hw->resp_timer_done = 1;
3966 spin_unlock_irqrestore(&hw->ctlxq.lock, flags);
3969 /*----------------------------------------------------------------
3970 * hfa384x_usbctlx_resptimerfn
3972 * Timer response function for CTLX response timeouts. If this
3973 * function is called, it means that the callback for the IN
3974 * URB containing a Prism2.x XXX_Response was never called.
3977 * data a ptr to the hfa384x_t
3986 ----------------------------------------------------------------*/
3987 static void hfa384x_usbctlx_resptimerfn(unsigned long data)
3989 hfa384x_t *hw = (hfa384x_t *) data;
3990 unsigned long flags;
3992 spin_lock_irqsave(&hw->ctlxq.lock, flags);
3994 hw->resp_timer_done = 1;
3996 /* The active list will be empty if the
3997 * adapter has been unplugged ...
3999 if (!list_empty(&hw->ctlxq.active)) {
4000 hfa384x_usbctlx_t *ctlx = get_active_ctlx(hw);
4002 if (unlocked_usbctlx_cancel_async(hw, ctlx) == 0) {
4003 spin_unlock_irqrestore(&hw->ctlxq.lock, flags);
4004 hfa384x_usbctlxq_run(hw);
4009 spin_unlock_irqrestore(&hw->ctlxq.lock, flags);
4016 /*----------------------------------------------------------------
4017 * hfa384x_usb_throttlefn
4030 ----------------------------------------------------------------*/
4031 static void hfa384x_usb_throttlefn(unsigned long data)
4033 hfa384x_t *hw = (hfa384x_t *) data;
4034 unsigned long flags;
4036 spin_lock_irqsave(&hw->ctlxq.lock, flags);
4039 * We need to check BOTH the RX and the TX throttle controls,
4040 * so we use the bitwise OR instead of the logical OR.
4042 pr_debug("flags=0x%lx\n", hw->usb_flags);
4043 if (!hw->wlandev->hwremoved &&
4044 ((test_and_clear_bit(THROTTLE_RX, &hw->usb_flags) &&
4045 !test_and_set_bit(WORK_RX_RESUME, &hw->usb_flags))
4047 (test_and_clear_bit(THROTTLE_TX, &hw->usb_flags) &&
4048 !test_and_set_bit(WORK_TX_RESUME, &hw->usb_flags))
4050 schedule_work(&hw->usb_work);
4053 spin_unlock_irqrestore(&hw->ctlxq.lock, flags);
4056 /*----------------------------------------------------------------
4057 * hfa384x_usbctlx_submit
4059 * Called from the doxxx functions to submit a CTLX to the queue
4062 * hw ptr to the hw struct
4063 * ctlx ctlx structure to enqueue
4066 * -ENODEV if the adapter is unplugged
4072 * process or interrupt
4073 ----------------------------------------------------------------*/
4074 static int hfa384x_usbctlx_submit(hfa384x_t *hw, hfa384x_usbctlx_t *ctlx)
4076 unsigned long flags;
4079 spin_lock_irqsave(&hw->ctlxq.lock, flags);
4081 if (hw->wlandev->hwremoved) {
4082 spin_unlock_irqrestore(&hw->ctlxq.lock, flags);
4085 ctlx->state = CTLX_PENDING;
4086 list_add_tail(&ctlx->list, &hw->ctlxq.pending);
4088 spin_unlock_irqrestore(&hw->ctlxq.lock, flags);
4089 hfa384x_usbctlxq_run(hw);
4096 /*----------------------------------------------------------------
4099 * At this point we have finished a send of a frame. Mark the URB
4100 * as available and call ev_alloc to notify higher layers we're
4104 * wlandev wlan device
4105 * usbout ptr to the usb transfer buffer
4114 ----------------------------------------------------------------*/
4115 static void hfa384x_usbout_tx(wlandevice_t *wlandev, hfa384x_usbout_t *usbout)
4117 prism2sta_ev_alloc(wlandev);
4120 /*----------------------------------------------------------------
4121 * hfa384x_isgood_pdrcore
4123 * Quick check of PDR codes.
4126 * pdrcode PDR code number (host order)
4135 ----------------------------------------------------------------*/
4136 static int hfa384x_isgood_pdrcode(u16 pdrcode)
4139 case HFA384x_PDR_END_OF_PDA:
4140 case HFA384x_PDR_PCB_PARTNUM:
4141 case HFA384x_PDR_PDAVER:
4142 case HFA384x_PDR_NIC_SERIAL:
4143 case HFA384x_PDR_MKK_MEASUREMENTS:
4144 case HFA384x_PDR_NIC_RAMSIZE:
4145 case HFA384x_PDR_MFISUPRANGE:
4146 case HFA384x_PDR_CFISUPRANGE:
4147 case HFA384x_PDR_NICID:
4148 case HFA384x_PDR_MAC_ADDRESS:
4149 case HFA384x_PDR_REGDOMAIN:
4150 case HFA384x_PDR_ALLOWED_CHANNEL:
4151 case HFA384x_PDR_DEFAULT_CHANNEL:
4152 case HFA384x_PDR_TEMPTYPE:
4153 case HFA384x_PDR_IFR_SETTING:
4154 case HFA384x_PDR_RFR_SETTING:
4155 case HFA384x_PDR_HFA3861_BASELINE:
4156 case HFA384x_PDR_HFA3861_SHADOW:
4157 case HFA384x_PDR_HFA3861_IFRF:
4158 case HFA384x_PDR_HFA3861_CHCALSP:
4159 case HFA384x_PDR_HFA3861_CHCALI:
4160 case HFA384x_PDR_3842_NIC_CONFIG:
4161 case HFA384x_PDR_USB_ID:
4162 case HFA384x_PDR_PCI_ID:
4163 case HFA384x_PDR_PCI_IFCONF:
4164 case HFA384x_PDR_PCI_PMCONF:
4165 case HFA384x_PDR_RFENRGY:
4166 case HFA384x_PDR_HFA3861_MANF_TESTSP:
4167 case HFA384x_PDR_HFA3861_MANF_TESTI:
4172 if (pdrcode < 0x1000) {
4173 /* code is OK, but we don't know exactly what it is */
4175 "Encountered unknown PDR#=0x%04x, "
4176 "assuming it's ok.\n", pdrcode);
4181 "Encountered unknown PDR#=0x%04x, "
4182 "(>=0x1000), assuming it's bad.\n", pdrcode);
4187 return 0; /* avoid compiler warnings */
projects / linux-2.6 / blob