1 /* src/prism2/driver/hfa384x_usb.c
3 * Functions that talk to the USB variantof the Intersil hfa384x MAC
5 * Copyright (C) 1999 AbsoluteValue Systems, Inc. All Rights Reserved.
6 * --------------------------------------------------------------------
10 * The contents of this file are subject to the Mozilla Public
11 * License Version 1.1 (the "License"); you may not use this file
12 * except in compliance with the License. You may obtain a copy of
13 * the License at http://www.mozilla.org/MPL/
15 * Software distributed under the License is distributed on an "AS
16 * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
17 * implied. See the License for the specific language governing
18 * rights and limitations under the License.
20 * Alternatively, the contents of this file may be used under the
21 * terms of the GNU Public License version 2 (the "GPL"), in which
22 * case the provisions of the GPL are applicable instead of the
23 * above. If you wish to allow the use of your version of this file
24 * only under the terms of the GPL and not to allow others to use
25 * your version of this file under the MPL, indicate your decision
26 * by deleting the provisions above and replace them with the notice
27 * and other provisions required by the GPL. If you do not delete
28 * the provisions above, a recipient may use your version of this
29 * file under either the MPL or the GPL.
31 * --------------------------------------------------------------------
33 * Inquiries regarding the linux-wlan Open Source project can be
36 * AbsoluteValue Systems Inc.
38 * http://www.linux-wlan.com
40 * --------------------------------------------------------------------
42 * Portions of the development of this software were funded by
43 * Intersil Corporation as part of PRISM(R) chipset product development.
45 * --------------------------------------------------------------------
47 * This file implements functions that correspond to the prism2/hfa384x
48 * 802.11 MAC hardware and firmware host interface.
50 * The functions can be considered to represent several levels of
51 * abstraction. The lowest level functions are simply C-callable wrappers
52 * around the register accesses. The next higher level represents C-callable
53 * prism2 API functions that match the Intersil documentation as closely
54 * as is reasonable. The next higher layer implements common sequences
55 * of invokations of the API layer (e.g. write to bap, followed by cmd).
58 * hfa384x_drvr_xxx Highest level abstractions provided by the
59 * hfa384x code. They are driver defined wrappers
60 * for common sequences. These functions generally
61 * use the services of the lower levels.
63 * hfa384x_drvr_xxxconfig An example of the drvr level abstraction. These
64 * functions are wrappers for the RID get/set
65 * sequence. They call copy_[to|from]_bap() and
66 * cmd_access(). These functions operate on the
67 * RIDs and buffers without validation. The caller
68 * is responsible for that.
70 * API wrapper functions:
71 * hfa384x_cmd_xxx functions that provide access to the f/w commands.
72 * The function arguments correspond to each command
73 * argument, even command arguments that get packed
74 * into single registers. These functions _just_
75 * issue the command by setting the cmd/parm regs
76 * & reading the status/resp regs. Additional
77 * activities required to fully use a command
78 * (read/write from/to bap, get/set int status etc.)
79 * are implemented separately. Think of these as
80 * C-callable prism2 commands.
82 * Lowest Layer Functions:
83 * hfa384x_docmd_xxx These functions implement the sequence required
84 * to issue any prism2 command. Primarily used by the
85 * hfa384x_cmd_xxx functions.
87 * hfa384x_bap_xxx BAP read/write access functions.
88 * Note: we usually use BAP0 for non-interrupt context
89 * and BAP1 for interrupt context.
91 * hfa384x_dl_xxx download related functions.
93 * Driver State Issues:
94 * Note that there are two pairs of functions that manage the
95 * 'initialized' and 'running' states of the hw/MAC combo. The four
96 * functions are create(), destroy(), start(), and stop(). create()
97 * sets up the data structures required to support the hfa384x_*
98 * functions and destroy() cleans them up. The start() function gets
99 * the actual hardware running and enables the interrupts. The stop()
100 * function shuts the hardware down. The sequence should be:
104 * . Do interesting things w/ the hardware
109 * Note that destroy() can be called without calling stop() first.
110 * --------------------------------------------------------------------
113 /*================================================================*/
114 /* System Includes */
115 #define WLAN_DBVAR prism2_debug
117 #include <linux/version.h>
119 #include <linux/module.h>
120 #include <linux/kernel.h>
121 #include <linux/sched.h>
122 #include <linux/types.h>
123 #include <linux/slab.h>
124 #include <linux/wireless.h>
125 #include <linux/netdevice.h>
126 #include <linux/timer.h>
128 #include <linux/delay.h>
129 #include <asm/byteorder.h>
130 #include <asm/bitops.h>
131 #include <linux/list.h>
132 #include <linux/usb.h>
134 #include "wlan_compat.h"
136 #define SUBMIT_URB(u,f) usb_submit_urb(u,f)
138 /*================================================================*/
139 /* Project Includes */
141 #include "p80211types.h"
142 #include "p80211hdr.h"
143 #include "p80211mgmt.h"
144 #include "p80211conv.h"
145 #include "p80211msg.h"
146 #include "p80211netdev.h"
147 #include "p80211req.h"
148 #include "p80211metadef.h"
149 #include "p80211metastruct.h"
151 #include "prism2mgmt.h"
153 /*================================================================*/
154 /* Local Constants */
161 typedef enum cmd_mode CMD_MODE;
163 #define THROTTLE_JIFFIES (HZ/8)
165 /*================================================================*/
168 #define ROUNDUP64(a) (((a)+63)&~63)
170 /*================================================================*/
173 /*================================================================*/
174 /* Local Static Definitions */
175 extern int prism2_debug;
177 /*================================================================*/
178 /* Local Function Declarations */
182 dbprint_urb(struct urb* urb);
186 hfa384x_int_rxmonitor(
187 wlandevice_t *wlandev,
188 hfa384x_usb_rxfrm_t *rxfrm);
191 hfa384x_usb_defer(struct work_struct *data);
194 submit_rx_urb(hfa384x_t *hw, gfp_t flags);
197 submit_tx_urb(hfa384x_t *hw, struct urb *tx_urb, gfp_t flags);
199 /*---------------------------------------------------*/
201 #ifdef URB_ONLY_CALLBACK
203 hfa384x_usbout_callback(struct urb *urb);
205 hfa384x_ctlxout_callback(struct urb *urb);
207 hfa384x_usbin_callback(struct urb *urb);
210 hfa384x_usbout_callback(struct urb *urb, struct pt_regs *regs);
212 hfa384x_ctlxout_callback(struct urb *urb, struct pt_regs *regs);
214 hfa384x_usbin_callback(struct urb *urb, struct pt_regs *regs);
218 hfa384x_usbin_txcompl(wlandevice_t *wlandev, hfa384x_usbin_t *usbin);
221 hfa384x_usbin_rx(wlandevice_t *wlandev, struct sk_buff *skb);
224 hfa384x_usbin_info(wlandevice_t *wlandev, hfa384x_usbin_t *usbin);
227 hfa384x_usbout_tx(wlandevice_t *wlandev, hfa384x_usbout_t *usbout);
229 static void hfa384x_usbin_ctlx(hfa384x_t *hw, hfa384x_usbin_t *usbin,
232 /*---------------------------------------------------*/
233 /* Functions to support the prism2 usb command queue */
236 hfa384x_usbctlxq_run(hfa384x_t *hw);
239 hfa384x_usbctlx_reqtimerfn(unsigned long data);
242 hfa384x_usbctlx_resptimerfn(unsigned long data);
245 hfa384x_usb_throttlefn(unsigned long data);
248 hfa384x_usbctlx_completion_task(unsigned long data);
251 hfa384x_usbctlx_reaper_task(unsigned long data);
254 hfa384x_usbctlx_submit(hfa384x_t *hw, hfa384x_usbctlx_t *ctlx);
257 unlocked_usbctlx_complete(hfa384x_t *hw, hfa384x_usbctlx_t *ctlx);
259 struct usbctlx_completor
261 int (*complete)(struct usbctlx_completor*);
263 typedef struct usbctlx_completor usbctlx_completor_t;
266 hfa384x_usbctlx_complete_sync(hfa384x_t *hw,
267 hfa384x_usbctlx_t *ctlx,
268 usbctlx_completor_t *completor);
271 unlocked_usbctlx_cancel_async(hfa384x_t *hw, hfa384x_usbctlx_t *ctlx);
274 hfa384x_cb_status(hfa384x_t *hw, const hfa384x_usbctlx_t *ctlx);
277 hfa384x_cb_rrid(hfa384x_t *hw, const hfa384x_usbctlx_t *ctlx);
280 usbctlx_get_status(const hfa384x_usb_cmdresp_t *cmdresp,
281 hfa384x_cmdresult_t *result);
284 usbctlx_get_rridresult(const hfa384x_usb_rridresp_t *rridresp,
285 hfa384x_rridresult_t *result);
287 /*---------------------------------------------------*/
288 /* Low level req/resp CTLX formatters and submitters */
293 hfa384x_metacmd_t *cmd,
295 ctlx_usercb_t usercb,
304 unsigned int riddatalen,
306 ctlx_usercb_t usercb,
315 unsigned int riddatalen,
317 ctlx_usercb_t usercb,
329 ctlx_usercb_t usercb,
341 ctlx_usercb_t usercb,
345 hfa384x_isgood_pdrcode(u16 pdrcode);
347 /*================================================================*/
348 /* Function Definitions */
349 static inline const char* ctlxstr(CTLX_STATE s)
351 static const char* ctlx_str[] = {
356 "Request packet submitted",
357 "Request packet completed",
358 "Response packet completed"
365 static inline hfa384x_usbctlx_t*
366 get_active_ctlx(hfa384x_t *hw)
368 return list_entry(hw->ctlxq.active.next, hfa384x_usbctlx_t, list);
374 dbprint_urb(struct urb* urb)
376 WLAN_LOG_DEBUG(3,"urb->pipe=0x%08x\n", urb->pipe);
377 WLAN_LOG_DEBUG(3,"urb->status=0x%08x\n", urb->status);
378 WLAN_LOG_DEBUG(3,"urb->transfer_flags=0x%08x\n", urb->transfer_flags);
379 WLAN_LOG_DEBUG(3,"urb->transfer_buffer=0x%08x\n", (unsigned int)urb->transfer_buffer);
380 WLAN_LOG_DEBUG(3,"urb->transfer_buffer_length=0x%08x\n", urb->transfer_buffer_length);
381 WLAN_LOG_DEBUG(3,"urb->actual_length=0x%08x\n", urb->actual_length);
382 WLAN_LOG_DEBUG(3,"urb->bandwidth=0x%08x\n", urb->bandwidth);
383 WLAN_LOG_DEBUG(3,"urb->setup_packet(ctl)=0x%08x\n", (unsigned int)urb->setup_packet);
384 WLAN_LOG_DEBUG(3,"urb->start_frame(iso/irq)=0x%08x\n", urb->start_frame);
385 WLAN_LOG_DEBUG(3,"urb->interval(irq)=0x%08x\n", urb->interval);
386 WLAN_LOG_DEBUG(3,"urb->error_count(iso)=0x%08x\n", urb->error_count);
387 WLAN_LOG_DEBUG(3,"urb->timeout=0x%08x\n", urb->timeout);
388 WLAN_LOG_DEBUG(3,"urb->context=0x%08x\n", (unsigned int)urb->context);
389 WLAN_LOG_DEBUG(3,"urb->complete=0x%08x\n", (unsigned int)urb->complete);
394 /*----------------------------------------------------------------
397 * Listen for input data on the BULK-IN pipe. If the pipe has
398 * stalled then schedule it to be reset.
402 * memflags memory allocation flags
405 * error code from submission
409 ----------------------------------------------------------------*/
411 submit_rx_urb(hfa384x_t *hw, gfp_t memflags)
418 skb = dev_alloc_skb(sizeof(hfa384x_usbin_t));
424 /* Post the IN urb */
425 usb_fill_bulk_urb(&hw->rx_urb, hw->usb,
427 skb->data, sizeof(hfa384x_usbin_t),
428 hfa384x_usbin_callback, hw->wlandev);
430 hw->rx_urb_skb = skb;
433 if ( !hw->wlandev->hwremoved && !test_bit(WORK_RX_HALT, &hw->usb_flags)) {
434 result = SUBMIT_URB(&hw->rx_urb, memflags);
436 /* Check whether we need to reset the RX pipe */
437 if (result == -EPIPE) {
438 WLAN_LOG_WARNING("%s rx pipe stalled: requesting reset\n",
439 hw->wlandev->netdev->name);
440 if ( !test_and_set_bit(WORK_RX_HALT, &hw->usb_flags) )
441 schedule_work(&hw->usb_work);
445 /* Don't leak memory if anything should go wrong */
448 hw->rx_urb_skb = NULL;
457 /*----------------------------------------------------------------
460 * Prepares and submits the URB of transmitted data. If the
461 * submission fails then it will schedule the output pipe to
466 * tx_urb URB of data for tranmission
467 * memflags memory allocation flags
470 * error code from submission
474 ----------------------------------------------------------------*/
476 submit_tx_urb(hfa384x_t *hw, struct urb *tx_urb, gfp_t memflags)
478 struct net_device *netdev = hw->wlandev->netdev;
484 if ( netif_running(netdev) ) {
486 if ( !hw->wlandev->hwremoved && !test_bit(WORK_TX_HALT, &hw->usb_flags) ) {
487 result = SUBMIT_URB(tx_urb, memflags);
489 /* Test whether we need to reset the TX pipe */
490 if (result == -EPIPE) {
491 WLAN_LOG_WARNING("%s tx pipe stalled: requesting reset\n",
493 set_bit(WORK_TX_HALT, &hw->usb_flags);
494 schedule_work(&hw->usb_work);
495 } else if (result == 0) {
496 netif_stop_queue(netdev);
506 /*----------------------------------------------------------------
509 * There are some things that the USB stack cannot do while
510 * in interrupt context, so we arrange this function to run
511 * in process context.
514 * hw device structure
520 * process (by design)
521 ----------------------------------------------------------------*/
523 hfa384x_usb_defer(struct work_struct *data)
525 hfa384x_t *hw = container_of(data, struct hfa384x, usb_work);
526 struct net_device *netdev = hw->wlandev->netdev;
530 /* Don't bother trying to reset anything if the plug
531 * has been pulled ...
533 if ( hw->wlandev->hwremoved ) {
538 /* Reception has stopped: try to reset the input pipe */
539 if (test_bit(WORK_RX_HALT, &hw->usb_flags)) {
542 usb_kill_urb(&hw->rx_urb); /* Cannot be holding spinlock! */
544 ret = usb_clear_halt(hw->usb, hw->endp_in);
547 "Failed to clear rx pipe for %s: err=%d\n",
550 printk(KERN_INFO "%s rx pipe reset complete.\n",
552 clear_bit(WORK_RX_HALT, &hw->usb_flags);
553 set_bit(WORK_RX_RESUME, &hw->usb_flags);
557 /* Resume receiving data back from the device. */
558 if ( test_bit(WORK_RX_RESUME, &hw->usb_flags) ) {
561 ret = submit_rx_urb(hw, GFP_KERNEL);
564 "Failed to resume %s rx pipe.\n", netdev->name);
566 clear_bit(WORK_RX_RESUME, &hw->usb_flags);
570 /* Transmission has stopped: try to reset the output pipe */
571 if (test_bit(WORK_TX_HALT, &hw->usb_flags)) {
574 usb_kill_urb(&hw->tx_urb);
575 ret = usb_clear_halt(hw->usb, hw->endp_out);
578 "Failed to clear tx pipe for %s: err=%d\n",
581 printk(KERN_INFO "%s tx pipe reset complete.\n",
583 clear_bit(WORK_TX_HALT, &hw->usb_flags);
584 set_bit(WORK_TX_RESUME, &hw->usb_flags);
586 /* Stopping the BULK-OUT pipe also blocked
587 * us from sending any more CTLX URBs, so
588 * we need to re-run our queue ...
590 hfa384x_usbctlxq_run(hw);
594 /* Resume transmitting. */
595 if ( test_and_clear_bit(WORK_TX_RESUME, &hw->usb_flags) ) {
596 p80211netdev_wake_queue(hw->wlandev);
603 /*----------------------------------------------------------------
606 * Sets up the hfa384x_t data structure for use. Note this
607 * does _not_ intialize the actual hardware, just the data structures
608 * we use to keep track of its state.
611 * hw device structure
612 * irq device irq number
613 * iobase i/o base address for register access
614 * membase memory base address for register access
623 ----------------------------------------------------------------*/
625 hfa384x_create( hfa384x_t *hw, struct usb_device *usb)
629 memset(hw, 0, sizeof(hfa384x_t));
632 /* set up the endpoints */
633 hw->endp_in = usb_rcvbulkpipe(usb, 1);
634 hw->endp_out = usb_sndbulkpipe(usb, 2);
636 /* Set up the waitq */
637 init_waitqueue_head(&hw->cmdq);
639 /* Initialize the command queue */
640 spin_lock_init(&hw->ctlxq.lock);
641 INIT_LIST_HEAD(&hw->ctlxq.pending);
642 INIT_LIST_HEAD(&hw->ctlxq.active);
643 INIT_LIST_HEAD(&hw->ctlxq.completing);
644 INIT_LIST_HEAD(&hw->ctlxq.reapable);
646 /* Initialize the authentication queue */
647 skb_queue_head_init(&hw->authq);
649 tasklet_init(&hw->reaper_bh,
650 hfa384x_usbctlx_reaper_task,
652 tasklet_init(&hw->completion_bh,
653 hfa384x_usbctlx_completion_task,
655 INIT_WORK2(&hw->link_bh, prism2sta_processing_defer);
656 INIT_WORK2(&hw->usb_work, hfa384x_usb_defer);
658 init_timer(&hw->throttle);
659 hw->throttle.function = hfa384x_usb_throttlefn;
660 hw->throttle.data = (unsigned long)hw;
662 init_timer(&hw->resptimer);
663 hw->resptimer.function = hfa384x_usbctlx_resptimerfn;
664 hw->resptimer.data = (unsigned long)hw;
666 init_timer(&hw->reqtimer);
667 hw->reqtimer.function = hfa384x_usbctlx_reqtimerfn;
668 hw->reqtimer.data = (unsigned long)hw;
670 usb_init_urb(&hw->rx_urb);
671 usb_init_urb(&hw->tx_urb);
672 usb_init_urb(&hw->ctlx_urb);
674 hw->link_status = HFA384x_LINK_NOTCONNECTED;
675 hw->state = HFA384x_STATE_INIT;
677 INIT_WORK2(&hw->commsqual_bh, prism2sta_commsqual_defer);
678 init_timer(&hw->commsqual_timer);
679 hw->commsqual_timer.data = (unsigned long) hw;
680 hw->commsqual_timer.function = prism2sta_commsqual_timer;
686 /*----------------------------------------------------------------
689 * Partner to hfa384x_create(). This function cleans up the hw
690 * structure so that it can be freed by the caller using a simple
691 * kfree. Currently, this function is just a placeholder. If, at some
692 * point in the future, an hw in the 'shutdown' state requires a 'deep'
693 * kfree, this is where it should be done. Note that if this function
694 * is called on a _running_ hw structure, the drvr_stop() function is
698 * hw device structure
701 * nothing, this function is not allowed to fail.
707 ----------------------------------------------------------------*/
709 hfa384x_destroy( hfa384x_t *hw)
715 if ( hw->state == HFA384x_STATE_RUNNING ) {
716 hfa384x_drvr_stop(hw);
718 hw->state = HFA384x_STATE_PREINIT;
720 if (hw->scanresults) {
721 kfree(hw->scanresults);
722 hw->scanresults = NULL;
725 /* Now to clean out the auth queue */
726 while ( (skb = skb_dequeue(&hw->authq)) ) {
734 /*----------------------------------------------------------------
736 static hfa384x_usbctlx_t* usbctlx_alloc(void)
738 hfa384x_usbctlx_t *ctlx;
740 ctlx = kmalloc(sizeof(*ctlx), in_interrupt() ? GFP_ATOMIC : GFP_KERNEL);
743 memset(ctlx, 0, sizeof(*ctlx));
744 init_completion(&ctlx->done);
751 /*----------------------------------------------------------------
753 ----------------------------------------------------------------*/
755 usbctlx_get_status(const hfa384x_usb_cmdresp_t *cmdresp,
756 hfa384x_cmdresult_t *result)
760 result->status = hfa384x2host_16(cmdresp->status);
761 result->resp0 = hfa384x2host_16(cmdresp->resp0);
762 result->resp1 = hfa384x2host_16(cmdresp->resp1);
763 result->resp2 = hfa384x2host_16(cmdresp->resp2);
765 WLAN_LOG_DEBUG(4, "cmdresult:status=0x%04x "
766 "resp0=0x%04x resp1=0x%04x resp2=0x%04x\n",
773 return (result->status & HFA384x_STATUS_RESULT);
777 usbctlx_get_rridresult(const hfa384x_usb_rridresp_t *rridresp,
778 hfa384x_rridresult_t *result)
782 result->rid = hfa384x2host_16(rridresp->rid);
783 result->riddata = rridresp->data;
784 result->riddata_len = ((hfa384x2host_16(rridresp->frmlen) - 1) * 2);
790 /*----------------------------------------------------------------
792 * This completor must be passed to hfa384x_usbctlx_complete_sync()
793 * when processing a CTLX that returns a hfa384x_cmdresult_t structure.
794 ----------------------------------------------------------------*/
795 struct usbctlx_cmd_completor
797 usbctlx_completor_t head;
799 const hfa384x_usb_cmdresp_t *cmdresp;
800 hfa384x_cmdresult_t *result;
802 typedef struct usbctlx_cmd_completor usbctlx_cmd_completor_t;
804 static int usbctlx_cmd_completor_fn(usbctlx_completor_t *head)
806 usbctlx_cmd_completor_t *complete = (usbctlx_cmd_completor_t*)head;
807 return usbctlx_get_status(complete->cmdresp, complete->result);
810 static inline usbctlx_completor_t*
811 init_cmd_completor(usbctlx_cmd_completor_t *completor,
812 const hfa384x_usb_cmdresp_t *cmdresp,
813 hfa384x_cmdresult_t *result)
815 completor->head.complete = usbctlx_cmd_completor_fn;
816 completor->cmdresp = cmdresp;
817 completor->result = result;
818 return &(completor->head);
821 /*----------------------------------------------------------------
823 * This completor must be passed to hfa384x_usbctlx_complete_sync()
824 * when processing a CTLX that reads a RID.
825 ----------------------------------------------------------------*/
826 struct usbctlx_rrid_completor
828 usbctlx_completor_t head;
830 const hfa384x_usb_rridresp_t *rridresp;
832 unsigned int riddatalen;
834 typedef struct usbctlx_rrid_completor usbctlx_rrid_completor_t;
836 static int usbctlx_rrid_completor_fn(usbctlx_completor_t *head)
838 usbctlx_rrid_completor_t *complete = (usbctlx_rrid_completor_t*)head;
839 hfa384x_rridresult_t rridresult;
841 usbctlx_get_rridresult(complete->rridresp, &rridresult);
843 /* Validate the length, note body len calculation in bytes */
844 if ( rridresult.riddata_len != complete->riddatalen ) {
846 "RID len mismatch, rid=0x%04x hlen=%d fwlen=%d\n",
848 complete->riddatalen,
849 rridresult.riddata_len);
853 memcpy(complete->riddata,
855 complete->riddatalen);
859 static inline usbctlx_completor_t*
860 init_rrid_completor(usbctlx_rrid_completor_t *completor,
861 const hfa384x_usb_rridresp_t *rridresp,
863 unsigned int riddatalen)
865 completor->head.complete = usbctlx_rrid_completor_fn;
866 completor->rridresp = rridresp;
867 completor->riddata = riddata;
868 completor->riddatalen = riddatalen;
869 return &(completor->head);
872 /*----------------------------------------------------------------
874 * Interprets the results of a synchronous RID-write
875 ----------------------------------------------------------------*/
876 typedef usbctlx_cmd_completor_t usbctlx_wrid_completor_t;
877 #define init_wrid_completor init_cmd_completor
879 /*----------------------------------------------------------------
881 * Interprets the results of a synchronous memory-write
882 ----------------------------------------------------------------*/
883 typedef usbctlx_cmd_completor_t usbctlx_wmem_completor_t;
884 #define init_wmem_completor init_cmd_completor
886 /*----------------------------------------------------------------
888 * Interprets the results of a synchronous memory-read
889 ----------------------------------------------------------------*/
890 struct usbctlx_rmem_completor
892 usbctlx_completor_t head;
894 const hfa384x_usb_rmemresp_t *rmemresp;
898 typedef struct usbctlx_rmem_completor usbctlx_rmem_completor_t;
900 static int usbctlx_rmem_completor_fn(usbctlx_completor_t *head)
902 usbctlx_rmem_completor_t *complete = (usbctlx_rmem_completor_t*)head;
904 WLAN_LOG_DEBUG(4,"rmemresp:len=%d\n", complete->rmemresp->frmlen);
905 memcpy(complete->data, complete->rmemresp->data, complete->len);
909 static inline usbctlx_completor_t*
910 init_rmem_completor(usbctlx_rmem_completor_t *completor,
911 hfa384x_usb_rmemresp_t *rmemresp,
915 completor->head.complete = usbctlx_rmem_completor_fn;
916 completor->rmemresp = rmemresp;
917 completor->data = data;
918 completor->len = len;
919 return &(completor->head);
922 /*----------------------------------------------------------------
925 * Ctlx_complete handler for async CMD type control exchanges.
926 * mark the hw struct as such.
928 * Note: If the handling is changed here, it should probably be
929 * changed in docmd as well.
933 * ctlx completed CTLX
942 ----------------------------------------------------------------*/
944 hfa384x_cb_status(hfa384x_t *hw, const hfa384x_usbctlx_t *ctlx)
948 if ( ctlx->usercb != NULL ) {
949 hfa384x_cmdresult_t cmdresult;
951 if (ctlx->state != CTLX_COMPLETE) {
952 memset(&cmdresult, 0, sizeof(cmdresult));
953 cmdresult.status = HFA384x_STATUS_RESULT_SET(HFA384x_CMD_ERR);
955 usbctlx_get_status(&ctlx->inbuf.cmdresp, &cmdresult);
958 ctlx->usercb(hw, &cmdresult, ctlx->usercb_data);
965 /*----------------------------------------------------------------
968 * CTLX completion handler for async RRID type control exchanges.
970 * Note: If the handling is changed here, it should probably be
971 * changed in dorrid as well.
975 * ctlx completed CTLX
984 ----------------------------------------------------------------*/
986 hfa384x_cb_rrid(hfa384x_t *hw, const hfa384x_usbctlx_t *ctlx)
990 if ( ctlx->usercb != NULL ) {
991 hfa384x_rridresult_t rridresult;
993 if (ctlx->state != CTLX_COMPLETE) {
994 memset(&rridresult, 0, sizeof(rridresult));
995 rridresult.rid = hfa384x2host_16(ctlx->outbuf.rridreq.rid);
997 usbctlx_get_rridresult(&ctlx->inbuf.rridresp, &rridresult);
1000 ctlx->usercb(hw, &rridresult, ctlx->usercb_data);
1007 hfa384x_docmd_wait(hfa384x_t *hw, hfa384x_metacmd_t *cmd)
1009 return hfa384x_docmd(hw, DOWAIT, cmd, NULL, NULL, NULL);
1013 hfa384x_docmd_async(hfa384x_t *hw,
1014 hfa384x_metacmd_t *cmd,
1016 ctlx_usercb_t usercb,
1019 return hfa384x_docmd(hw, DOASYNC, cmd,
1020 cmdcb, usercb, usercb_data);
1024 hfa384x_dorrid_wait(hfa384x_t *hw, u16 rid, void *riddata, unsigned int riddatalen)
1026 return hfa384x_dorrid(hw, DOWAIT,
1027 rid, riddata, riddatalen,
1032 hfa384x_dorrid_async(hfa384x_t *hw,
1033 u16 rid, void *riddata, unsigned int riddatalen,
1035 ctlx_usercb_t usercb,
1038 return hfa384x_dorrid(hw, DOASYNC,
1039 rid, riddata, riddatalen,
1040 cmdcb, usercb, usercb_data);
1044 hfa384x_dowrid_wait(hfa384x_t *hw, u16 rid, void *riddata, unsigned int riddatalen)
1046 return hfa384x_dowrid(hw, DOWAIT,
1047 rid, riddata, riddatalen,
1052 hfa384x_dowrid_async(hfa384x_t *hw,
1053 u16 rid, void *riddata, unsigned int riddatalen,
1055 ctlx_usercb_t usercb,
1058 return hfa384x_dowrid(hw, DOASYNC,
1059 rid, riddata, riddatalen,
1060 cmdcb, usercb, usercb_data);
1064 hfa384x_dormem_wait(hfa384x_t *hw,
1065 u16 page, u16 offset, void *data, unsigned int len)
1067 return hfa384x_dormem(hw, DOWAIT,
1068 page, offset, data, len,
1073 hfa384x_dormem_async(hfa384x_t *hw,
1074 u16 page, u16 offset, void *data, unsigned int len,
1076 ctlx_usercb_t usercb,
1079 return hfa384x_dormem(hw, DOASYNC,
1080 page, offset, data, len,
1081 cmdcb, usercb, usercb_data);
1085 hfa384x_dowmem_wait(
1092 return hfa384x_dowmem(hw, DOWAIT,
1093 page, offset, data, len,
1098 hfa384x_dowmem_async(
1105 ctlx_usercb_t usercb,
1108 return hfa384x_dowmem(hw, DOASYNC,
1109 page, offset, data, len,
1110 cmdcb, usercb, usercb_data);
1113 /*----------------------------------------------------------------
1114 * hfa384x_cmd_initialize
1116 * Issues the initialize command and sets the hw->state based
1120 * hw device structure
1124 * >0 f/w reported error - f/w status code
1125 * <0 driver reported error
1131 ----------------------------------------------------------------*/
1133 hfa384x_cmd_initialize(hfa384x_t *hw)
1137 hfa384x_metacmd_t cmd;
1142 cmd.cmd = HFA384x_CMDCODE_INIT;
1147 result = hfa384x_docmd_wait(hw, &cmd);
1150 WLAN_LOG_DEBUG(3,"cmdresp.init: "
1151 "status=0x%04x, resp0=0x%04x, "
1152 "resp1=0x%04x, resp2=0x%04x\n",
1157 if ( result == 0 ) {
1158 for ( i = 0; i < HFA384x_NUMPORTS_MAX; i++) {
1159 hw->port_enabled[i] = 0;
1163 hw->link_status = HFA384x_LINK_NOTCONNECTED;
1170 /*----------------------------------------------------------------
1171 * hfa384x_cmd_disable
1173 * Issues the disable command to stop communications on one of
1177 * hw device structure
1178 * macport MAC port number (host order)
1182 * >0 f/w reported failure - f/w status code
1183 * <0 driver reported error (timeout|bad arg)
1189 ----------------------------------------------------------------*/
1190 int hfa384x_cmd_disable(hfa384x_t *hw, u16 macport)
1193 hfa384x_metacmd_t cmd;
1197 cmd.cmd = HFA384x_CMD_CMDCODE_SET(HFA384x_CMDCODE_DISABLE) |
1198 HFA384x_CMD_MACPORT_SET(macport);
1203 result = hfa384x_docmd_wait(hw, &cmd);
1210 /*----------------------------------------------------------------
1211 * hfa384x_cmd_enable
1213 * Issues the enable command to enable communications on one of
1217 * hw device structure
1218 * macport MAC port number
1222 * >0 f/w reported failure - f/w status code
1223 * <0 driver reported error (timeout|bad arg)
1229 ----------------------------------------------------------------*/
1230 int hfa384x_cmd_enable(hfa384x_t *hw, u16 macport)
1233 hfa384x_metacmd_t cmd;
1237 cmd.cmd = HFA384x_CMD_CMDCODE_SET(HFA384x_CMDCODE_ENABLE) |
1238 HFA384x_CMD_MACPORT_SET(macport);
1243 result = hfa384x_docmd_wait(hw, &cmd);
1250 /*----------------------------------------------------------------
1251 * hfa384x_cmd_notify
1253 * Sends an info frame to the firmware to alter the behavior
1254 * of the f/w asynch processes. Can only be called when the MAC
1255 * is in the enabled state.
1258 * hw device structure
1259 * reclaim [0|1] indicates whether the given FID will
1260 * be handed back (via Alloc event) for reuse.
1262 * fid FID of buffer containing the frame that was
1263 * previously copied to MAC memory via the bap.
1268 * >0 f/w reported failure - f/w status code
1269 * <0 driver reported error (timeout|bad arg)
1272 * hw->resp0 will contain the FID being used by async notify
1273 * process. If reclaim==0, resp0 will be the same as the fid
1274 * argument. If reclaim==1, resp0 will be the different.
1278 ----------------------------------------------------------------*/
1279 int hfa384x_cmd_notify(hfa384x_t *hw, u16 reclaim, u16 fid,
1286 cmd = HFA384x_CMD_CMDCODE_SET(HFA384x_CMDCODE_NOTIFY) |
1287 HFA384x_CMD_RECL_SET(reclaim);
1288 result = hfa384x_docmd_wait(hw, cmd);
1298 /*----------------------------------------------------------------
1299 * hfa384x_cmd_inquiry
1301 * Requests an info frame from the firmware. The info frame will
1302 * be delivered asynchronously via the Info event.
1305 * hw device structure
1306 * fid FID of the info frame requested. (host order)
1310 * >0 f/w reported failure - f/w status code
1311 * <0 driver reported error (timeout|bad arg)
1317 ----------------------------------------------------------------*/
1318 int hfa384x_cmd_inquiry(hfa384x_t *hw, u16 fid)
1321 hfa384x_metacmd_t cmd;
1325 cmd.cmd = HFA384x_CMD_CMDCODE_SET(HFA384x_CMDCODE_INQ);
1330 result = hfa384x_docmd_wait(hw, &cmd);
1338 /*----------------------------------------------------------------
1339 * hfa384x_cmd_monitor
1341 * Enables the 'monitor mode' of the MAC. Here's the description of
1342 * monitor mode that I've received thus far:
1344 * "The "monitor mode" of operation is that the MAC passes all
1345 * frames for which the PLCP checks are correct. All received
1346 * MPDUs are passed to the host with MAC Port = 7, with a
1347 * receive status of good, FCS error, or undecryptable. Passing
1348 * certain MPDUs is a violation of the 802.11 standard, but useful
1349 * for a debugging tool." Normal communication is not possible
1350 * while monitor mode is enabled.
1353 * hw device structure
1354 * enable a code (0x0b|0x0f) that enables/disables
1355 * monitor mode. (host order)
1359 * >0 f/w reported failure - f/w status code
1360 * <0 driver reported error (timeout|bad arg)
1366 ----------------------------------------------------------------*/
1367 int hfa384x_cmd_monitor(hfa384x_t *hw, u16 enable)
1370 hfa384x_metacmd_t cmd;
1374 cmd.cmd = HFA384x_CMD_CMDCODE_SET(HFA384x_CMDCODE_MONITOR) |
1375 HFA384x_CMD_AINFO_SET(enable);
1380 result = hfa384x_docmd_wait(hw, &cmd);
1387 /*----------------------------------------------------------------
1388 * hfa384x_cmd_download
1390 * Sets the controls for the MAC controller code/data download
1391 * process. The arguments set the mode and address associated
1392 * with a download. Note that the aux registers should be enabled
1393 * prior to setting one of the download enable modes.
1396 * hw device structure
1397 * mode 0 - Disable programming and begin code exec
1398 * 1 - Enable volatile mem programming
1399 * 2 - Enable non-volatile mem programming
1400 * 3 - Program non-volatile section from NV download
1404 * highaddr For mode 1, sets the high & low order bits of
1405 * the "destination address". This address will be
1406 * the execution start address when download is
1407 * subsequently disabled.
1408 * For mode 2, sets the high & low order bits of
1409 * the destination in NV ram.
1410 * For modes 0 & 3, should be zero. (host order)
1411 * NOTE: these are CMD format.
1412 * codelen Length of the data to write in mode 2,
1413 * zero otherwise. (host order)
1417 * >0 f/w reported failure - f/w status code
1418 * <0 driver reported error (timeout|bad arg)
1424 ----------------------------------------------------------------*/
1425 int hfa384x_cmd_download(hfa384x_t *hw, u16 mode, u16 lowaddr,
1426 u16 highaddr, u16 codelen)
1429 hfa384x_metacmd_t cmd;
1433 "mode=%d, lowaddr=0x%04x, highaddr=0x%04x, codelen=%d\n",
1434 mode, lowaddr, highaddr, codelen);
1436 cmd.cmd = (HFA384x_CMD_CMDCODE_SET(HFA384x_CMDCODE_DOWNLD) |
1437 HFA384x_CMD_PROGMODE_SET(mode));
1439 cmd.parm0 = lowaddr;
1440 cmd.parm1 = highaddr;
1441 cmd.parm2 = codelen;
1443 result = hfa384x_docmd_wait(hw, &cmd);
1450 /*----------------------------------------------------------------
1451 * hfa384x_copy_from_aux
1453 * Copies a collection of bytes from the controller memory. The
1454 * Auxiliary port MUST be enabled prior to calling this function.
1455 * We _might_ be in a download state.
1458 * hw device structure
1459 * cardaddr address in hfa384x data space to read
1460 * auxctl address space select
1461 * buf ptr to destination host buffer
1462 * len length of data to transfer (in bytes)
1468 * buf contains the data copied
1473 ----------------------------------------------------------------*/
1475 hfa384x_copy_from_aux(
1476 hfa384x_t *hw, u32 cardaddr, u32 auxctl, void *buf, unsigned int len)
1479 WLAN_LOG_ERROR("not used in USB.\n");
1484 /*----------------------------------------------------------------
1485 * hfa384x_copy_to_aux
1487 * Copies a collection of bytes to the controller memory. The
1488 * Auxiliary port MUST be enabled prior to calling this function.
1489 * We _might_ be in a download state.
1492 * hw device structure
1493 * cardaddr address in hfa384x data space to read
1494 * auxctl address space select
1495 * buf ptr to destination host buffer
1496 * len length of data to transfer (in bytes)
1502 * Controller memory now contains a copy of buf
1507 ----------------------------------------------------------------*/
1509 hfa384x_copy_to_aux(
1510 hfa384x_t *hw, u32 cardaddr, u32 auxctl, void *buf, unsigned int len)
1513 WLAN_LOG_ERROR("not used in USB.\n");
1518 /*----------------------------------------------------------------
1521 * Perform a reset of the hfa38xx MAC core. We assume that the hw
1522 * structure is in its "created" state. That is, it is initialized
1523 * with proper values. Note that if a reset is done after the
1524 * device has been active for awhile, the caller might have to clean
1525 * up some leftover cruft in the hw structure.
1528 * hw device structure
1529 * holdtime how long (in ms) to hold the reset
1530 * settletime how long (in ms) to wait after releasing
1540 ----------------------------------------------------------------*/
1541 int hfa384x_corereset(hfa384x_t *hw, int holdtime, int settletime, int genesis)
1547 result=usb_reset_device(hw->usb);
1549 WLAN_LOG_ERROR("usb_reset_device() failed, result=%d.\n",result);
1557 /*----------------------------------------------------------------
1558 * hfa384x_usbctlx_complete_sync
1560 * Waits for a synchronous CTLX object to complete,
1561 * and then handles the response.
1564 * hw device structure
1566 * completor functor object to decide what to
1567 * do with the CTLX's result.
1571 * -ERESTARTSYS Interrupted by a signal
1573 * -ENODEV Adapter was unplugged
1574 * ??? Result from completor
1580 ----------------------------------------------------------------*/
1581 static int hfa384x_usbctlx_complete_sync(hfa384x_t *hw,
1582 hfa384x_usbctlx_t *ctlx,
1583 usbctlx_completor_t *completor)
1585 unsigned long flags;
1590 result = wait_for_completion_interruptible(&ctlx->done);
1592 spin_lock_irqsave(&hw->ctlxq.lock, flags);
1595 * We can only handle the CTLX if the USB disconnect
1596 * function has not run yet ...
1599 if ( hw->wlandev->hwremoved )
1601 spin_unlock_irqrestore(&hw->ctlxq.lock, flags);
1604 else if ( result != 0 )
1609 * We were probably interrupted, so delete
1610 * this CTLX asynchronously, kill the timers
1611 * and the URB, and then start the next
1614 * NOTE: We can only delete the timers and
1615 * the URB if this CTLX is active.
1617 if (ctlx == get_active_ctlx(hw))
1619 spin_unlock_irqrestore(&hw->ctlxq.lock, flags);
1621 del_singleshot_timer_sync(&hw->reqtimer);
1622 del_singleshot_timer_sync(&hw->resptimer);
1623 hw->req_timer_done = 1;
1624 hw->resp_timer_done = 1;
1625 usb_kill_urb(&hw->ctlx_urb);
1627 spin_lock_irqsave(&hw->ctlxq.lock, flags);
1632 * This scenario is so unlikely that I'm
1633 * happy with a grubby "goto" solution ...
1635 if ( hw->wlandev->hwremoved )
1640 * The completion task will send this CTLX
1641 * to the reaper the next time it runs. We
1642 * are no longer in a hurry.
1645 ctlx->state = CTLX_REQ_FAILED;
1646 list_move_tail(&ctlx->list, &hw->ctlxq.completing);
1648 spin_unlock_irqrestore(&hw->ctlxq.lock, flags);
1651 hfa384x_usbctlxq_run(hw);
1653 if (ctlx->state == CTLX_COMPLETE) {
1654 result = completor->complete(completor);
1656 WLAN_LOG_WARNING("CTLX[%d] error: state(%s)\n",
1657 hfa384x2host_16(ctlx->outbuf.type),
1658 ctlxstr(ctlx->state));
1662 list_del(&ctlx->list);
1663 spin_unlock_irqrestore(&hw->ctlxq.lock, flags);
1671 /*----------------------------------------------------------------
1674 * Constructs a command CTLX and submits it.
1676 * NOTE: Any changes to the 'post-submit' code in this function
1677 * need to be carried over to hfa384x_cbcmd() since the handling
1678 * is virtually identical.
1681 * hw device structure
1682 * mode DOWAIT or DOASYNC
1683 * cmd cmd structure. Includes all arguments and result
1684 * data points. All in host order. in host order
1685 * cmdcb command-specific callback
1686 * usercb user callback for async calls, NULL for DOWAIT calls
1687 * usercb_data user supplied data pointer for async calls, NULL
1693 * -ERESTARTSYS Awakened on signal
1694 * >0 command indicated error, Status and Resp0-2 are
1702 ----------------------------------------------------------------*/
1707 hfa384x_metacmd_t *cmd,
1709 ctlx_usercb_t usercb,
1713 hfa384x_usbctlx_t *ctlx;
1716 ctlx = usbctlx_alloc();
1717 if ( ctlx == NULL ) {
1722 /* Initialize the command */
1723 ctlx->outbuf.cmdreq.type = host2hfa384x_16(HFA384x_USB_CMDREQ);
1724 ctlx->outbuf.cmdreq.cmd = host2hfa384x_16(cmd->cmd);
1725 ctlx->outbuf.cmdreq.parm0 = host2hfa384x_16(cmd->parm0);
1726 ctlx->outbuf.cmdreq.parm1 = host2hfa384x_16(cmd->parm1);
1727 ctlx->outbuf.cmdreq.parm2 = host2hfa384x_16(cmd->parm2);
1729 ctlx->outbufsize = sizeof(ctlx->outbuf.cmdreq);
1731 WLAN_LOG_DEBUG(4, "cmdreq: cmd=0x%04x "
1732 "parm0=0x%04x parm1=0x%04x parm2=0x%04x\n",
1738 ctlx->reapable = mode;
1739 ctlx->cmdcb = cmdcb;
1740 ctlx->usercb = usercb;
1741 ctlx->usercb_data = usercb_data;
1743 result = hfa384x_usbctlx_submit(hw, ctlx);
1746 } else if (mode == DOWAIT) {
1747 usbctlx_cmd_completor_t completor;
1749 result = hfa384x_usbctlx_complete_sync(
1750 hw, ctlx, init_cmd_completor(&completor,
1751 &ctlx->inbuf.cmdresp,
1761 /*----------------------------------------------------------------
1764 * Constructs a read rid CTLX and issues it.
1766 * NOTE: Any changes to the 'post-submit' code in this function
1767 * need to be carried over to hfa384x_cbrrid() since the handling
1768 * is virtually identical.
1771 * hw device structure
1772 * mode DOWAIT or DOASYNC
1773 * rid Read RID number (host order)
1774 * riddata Caller supplied buffer that MAC formatted RID.data
1775 * record will be written to for DOWAIT calls. Should
1776 * be NULL for DOASYNC calls.
1777 * riddatalen Buffer length for DOWAIT calls. Zero for DOASYNC calls.
1778 * cmdcb command callback for async calls, NULL for DOWAIT calls
1779 * usercb user callback for async calls, NULL for DOWAIT calls
1780 * usercb_data user supplied data pointer for async calls, NULL
1786 * -ERESTARTSYS Awakened on signal
1787 * -ENODATA riddatalen != macdatalen
1788 * >0 command indicated error, Status and Resp0-2 are
1794 * interrupt (DOASYNC)
1795 * process (DOWAIT or DOASYNC)
1796 ----------------------------------------------------------------*/
1803 unsigned int riddatalen,
1805 ctlx_usercb_t usercb,
1809 hfa384x_usbctlx_t *ctlx;
1812 ctlx = usbctlx_alloc();
1813 if ( ctlx == NULL ) {
1818 /* Initialize the command */
1819 ctlx->outbuf.rridreq.type = host2hfa384x_16(HFA384x_USB_RRIDREQ);
1820 ctlx->outbuf.rridreq.frmlen =
1821 host2hfa384x_16(sizeof(ctlx->outbuf.rridreq.rid));
1822 ctlx->outbuf.rridreq.rid = host2hfa384x_16(rid);
1824 ctlx->outbufsize = sizeof(ctlx->outbuf.rridreq);
1826 ctlx->reapable = mode;
1827 ctlx->cmdcb = cmdcb;
1828 ctlx->usercb = usercb;
1829 ctlx->usercb_data = usercb_data;
1831 /* Submit the CTLX */
1832 result = hfa384x_usbctlx_submit(hw, ctlx);
1835 } else if (mode == DOWAIT) {
1836 usbctlx_rrid_completor_t completor;
1838 result = hfa384x_usbctlx_complete_sync(
1839 hw, ctlx, init_rrid_completor(&completor,
1840 &ctlx->inbuf.rridresp,
1851 /*----------------------------------------------------------------
1854 * Constructs a write rid CTLX and issues it.
1856 * NOTE: Any changes to the 'post-submit' code in this function
1857 * need to be carried over to hfa384x_cbwrid() since the handling
1858 * is virtually identical.
1861 * hw device structure
1862 * CMD_MODE DOWAIT or DOASYNC
1864 * riddata Data portion of RID formatted for MAC
1865 * riddatalen Length of the data portion in bytes
1866 * cmdcb command callback for async calls, NULL for DOWAIT calls
1867 * usercb user callback for async calls, NULL for DOWAIT calls
1868 * usercb_data user supplied data pointer for async calls
1872 * -ETIMEDOUT timed out waiting for register ready or
1873 * command completion
1874 * >0 command indicated error, Status and Resp0-2 are
1880 * interrupt (DOASYNC)
1881 * process (DOWAIT or DOASYNC)
1882 ----------------------------------------------------------------*/
1889 unsigned int riddatalen,
1891 ctlx_usercb_t usercb,
1895 hfa384x_usbctlx_t *ctlx;
1898 ctlx = usbctlx_alloc();
1899 if ( ctlx == NULL ) {
1904 /* Initialize the command */
1905 ctlx->outbuf.wridreq.type = host2hfa384x_16(HFA384x_USB_WRIDREQ);
1906 ctlx->outbuf.wridreq.frmlen = host2hfa384x_16(
1907 (sizeof(ctlx->outbuf.wridreq.rid) +
1908 riddatalen + 1) / 2);
1909 ctlx->outbuf.wridreq.rid = host2hfa384x_16(rid);
1910 memcpy(ctlx->outbuf.wridreq.data, riddata, riddatalen);
1912 ctlx->outbufsize = sizeof(ctlx->outbuf.wridreq.type) +
1913 sizeof(ctlx->outbuf.wridreq.frmlen) +
1914 sizeof(ctlx->outbuf.wridreq.rid) +
1917 ctlx->reapable = mode;
1918 ctlx->cmdcb = cmdcb;
1919 ctlx->usercb = usercb;
1920 ctlx->usercb_data = usercb_data;
1922 /* Submit the CTLX */
1923 result = hfa384x_usbctlx_submit(hw, ctlx);
1926 } else if (mode == DOWAIT) {
1927 usbctlx_wrid_completor_t completor;
1928 hfa384x_cmdresult_t wridresult;
1930 result = hfa384x_usbctlx_complete_sync(
1933 init_wrid_completor(&completor,
1934 &ctlx->inbuf.wridresp,
1943 /*----------------------------------------------------------------
1946 * Constructs a readmem CTLX and issues it.
1948 * NOTE: Any changes to the 'post-submit' code in this function
1949 * need to be carried over to hfa384x_cbrmem() since the handling
1950 * is virtually identical.
1953 * hw device structure
1954 * mode DOWAIT or DOASYNC
1955 * page MAC address space page (CMD format)
1956 * offset MAC address space offset
1957 * data Ptr to data buffer to receive read
1958 * len Length of the data to read (max == 2048)
1959 * cmdcb command callback for async calls, NULL for DOWAIT calls
1960 * usercb user callback for async calls, NULL for DOWAIT calls
1961 * usercb_data user supplied data pointer for async calls
1965 * -ETIMEDOUT timed out waiting for register ready or
1966 * command completion
1967 * >0 command indicated error, Status and Resp0-2 are
1973 * interrupt (DOASYNC)
1974 * process (DOWAIT or DOASYNC)
1975 ----------------------------------------------------------------*/
1985 ctlx_usercb_t usercb,
1989 hfa384x_usbctlx_t *ctlx;
1992 ctlx = usbctlx_alloc();
1993 if ( ctlx == NULL ) {
1998 /* Initialize the command */
1999 ctlx->outbuf.rmemreq.type = host2hfa384x_16(HFA384x_USB_RMEMREQ);
2000 ctlx->outbuf.rmemreq.frmlen = host2hfa384x_16(
2001 sizeof(ctlx->outbuf.rmemreq.offset) +
2002 sizeof(ctlx->outbuf.rmemreq.page) +
2004 ctlx->outbuf.rmemreq.offset = host2hfa384x_16(offset);
2005 ctlx->outbuf.rmemreq.page = host2hfa384x_16(page);
2007 ctlx->outbufsize = sizeof(ctlx->outbuf.rmemreq);
2010 "type=0x%04x frmlen=%d offset=0x%04x page=0x%04x\n",
2011 ctlx->outbuf.rmemreq.type,
2012 ctlx->outbuf.rmemreq.frmlen,
2013 ctlx->outbuf.rmemreq.offset,
2014 ctlx->outbuf.rmemreq.page);
2016 WLAN_LOG_DEBUG(4,"pktsize=%zd\n",
2017 ROUNDUP64(sizeof(ctlx->outbuf.rmemreq)));
2019 ctlx->reapable = mode;
2020 ctlx->cmdcb = cmdcb;
2021 ctlx->usercb = usercb;
2022 ctlx->usercb_data = usercb_data;
2024 result = hfa384x_usbctlx_submit(hw, ctlx);
2027 } else if ( mode == DOWAIT ) {
2028 usbctlx_rmem_completor_t completor;
2030 result = hfa384x_usbctlx_complete_sync(
2031 hw, ctlx, init_rmem_completor(&completor,
2032 &ctlx->inbuf.rmemresp,
2044 /*----------------------------------------------------------------
2047 * Constructs a writemem CTLX and issues it.
2049 * NOTE: Any changes to the 'post-submit' code in this function
2050 * need to be carried over to hfa384x_cbwmem() since the handling
2051 * is virtually identical.
2054 * hw device structure
2055 * mode DOWAIT or DOASYNC
2056 * page MAC address space page (CMD format)
2057 * offset MAC address space offset
2058 * data Ptr to data buffer containing write data
2059 * len Length of the data to read (max == 2048)
2060 * cmdcb command callback for async calls, NULL for DOWAIT calls
2061 * usercb user callback for async calls, NULL for DOWAIT calls
2062 * usercb_data user supplied data pointer for async calls.
2066 * -ETIMEDOUT timed out waiting for register ready or
2067 * command completion
2068 * >0 command indicated error, Status and Resp0-2 are
2074 * interrupt (DOWAIT)
2075 * process (DOWAIT or DOASYNC)
2076 ----------------------------------------------------------------*/
2086 ctlx_usercb_t usercb,
2090 hfa384x_usbctlx_t *ctlx;
2093 WLAN_LOG_DEBUG(5, "page=0x%04x offset=0x%04x len=%d\n",
2096 ctlx = usbctlx_alloc();
2097 if ( ctlx == NULL ) {
2102 /* Initialize the command */
2103 ctlx->outbuf.wmemreq.type = host2hfa384x_16(HFA384x_USB_WMEMREQ);
2104 ctlx->outbuf.wmemreq.frmlen = host2hfa384x_16(
2105 sizeof(ctlx->outbuf.wmemreq.offset) +
2106 sizeof(ctlx->outbuf.wmemreq.page) +
2108 ctlx->outbuf.wmemreq.offset = host2hfa384x_16(offset);
2109 ctlx->outbuf.wmemreq.page = host2hfa384x_16(page);
2110 memcpy(ctlx->outbuf.wmemreq.data, data, len);
2112 ctlx->outbufsize = sizeof(ctlx->outbuf.wmemreq.type) +
2113 sizeof(ctlx->outbuf.wmemreq.frmlen) +
2114 sizeof(ctlx->outbuf.wmemreq.offset) +
2115 sizeof(ctlx->outbuf.wmemreq.page) +
2118 ctlx->reapable = mode;
2119 ctlx->cmdcb = cmdcb;
2120 ctlx->usercb = usercb;
2121 ctlx->usercb_data = usercb_data;
2123 result = hfa384x_usbctlx_submit(hw, ctlx);
2126 } else if ( mode == DOWAIT ) {
2127 usbctlx_wmem_completor_t completor;
2128 hfa384x_cmdresult_t wmemresult;
2130 result = hfa384x_usbctlx_complete_sync(
2133 init_wmem_completor(&completor,
2134 &ctlx->inbuf.wmemresp,
2144 /*----------------------------------------------------------------
2145 * hfa384x_drvr_commtallies
2147 * Send a commtallies inquiry to the MAC. Note that this is an async
2148 * call that will result in an info frame arriving sometime later.
2151 * hw device structure
2160 ----------------------------------------------------------------*/
2161 int hfa384x_drvr_commtallies( hfa384x_t *hw )
2163 hfa384x_metacmd_t cmd;
2167 cmd.cmd = HFA384x_CMDCODE_INQ;
2168 cmd.parm0 = HFA384x_IT_COMMTALLIES;
2172 hfa384x_docmd_async(hw, &cmd, NULL, NULL, NULL);
2179 /*----------------------------------------------------------------
2180 * hfa384x_drvr_disable
2182 * Issues the disable command to stop communications on one of
2183 * the MACs 'ports'. Only macport 0 is valid for stations.
2184 * APs may also disable macports 1-6. Only ports that have been
2185 * previously enabled may be disabled.
2188 * hw device structure
2189 * macport MAC port number (host order)
2193 * >0 f/w reported failure - f/w status code
2194 * <0 driver reported error (timeout|bad arg)
2200 ----------------------------------------------------------------*/
2201 int hfa384x_drvr_disable(hfa384x_t *hw, u16 macport)
2206 if ((!hw->isap && macport != 0) ||
2207 (hw->isap && !(macport <= HFA384x_PORTID_MAX)) ||
2208 !(hw->port_enabled[macport]) ){
2211 result = hfa384x_cmd_disable(hw, macport);
2212 if ( result == 0 ) {
2213 hw->port_enabled[macport] = 0;
2221 /*----------------------------------------------------------------
2222 * hfa384x_drvr_enable
2224 * Issues the enable command to enable communications on one of
2225 * the MACs 'ports'. Only macport 0 is valid for stations.
2226 * APs may also enable macports 1-6. Only ports that are currently
2227 * disabled may be enabled.
2230 * hw device structure
2231 * macport MAC port number
2235 * >0 f/w reported failure - f/w status code
2236 * <0 driver reported error (timeout|bad arg)
2242 ----------------------------------------------------------------*/
2243 int hfa384x_drvr_enable(hfa384x_t *hw, u16 macport)
2248 if ((!hw->isap && macport != 0) ||
2249 (hw->isap && !(macport <= HFA384x_PORTID_MAX)) ||
2250 (hw->port_enabled[macport]) ){
2253 result = hfa384x_cmd_enable(hw, macport);
2254 if ( result == 0 ) {
2255 hw->port_enabled[macport] = 1;
2263 /*----------------------------------------------------------------
2264 * hfa384x_drvr_flashdl_enable
2266 * Begins the flash download state. Checks to see that we're not
2267 * already in a download state and that a port isn't enabled.
2268 * Sets the download state and retrieves the flash download
2269 * buffer location, buffer size, and timeout length.
2272 * hw device structure
2276 * >0 f/w reported error - f/w status code
2277 * <0 driver reported error
2283 ----------------------------------------------------------------*/
2284 int hfa384x_drvr_flashdl_enable(hfa384x_t *hw)
2290 /* Check that a port isn't active */
2291 for ( i = 0; i < HFA384x_PORTID_MAX; i++) {
2292 if ( hw->port_enabled[i] ) {
2293 WLAN_LOG_DEBUG(1,"called when port enabled.\n");
2298 /* Check that we're not already in a download state */
2299 if ( hw->dlstate != HFA384x_DLSTATE_DISABLED ) {
2303 /* Retrieve the buffer loc&size and timeout */
2304 if ( (result = hfa384x_drvr_getconfig(hw, HFA384x_RID_DOWNLOADBUFFER,
2305 &(hw->bufinfo), sizeof(hw->bufinfo))) ) {
2308 hw->bufinfo.page = hfa384x2host_16(hw->bufinfo.page);
2309 hw->bufinfo.offset = hfa384x2host_16(hw->bufinfo.offset);
2310 hw->bufinfo.len = hfa384x2host_16(hw->bufinfo.len);
2311 if ( (result = hfa384x_drvr_getconfig16(hw, HFA384x_RID_MAXLOADTIME,
2312 &(hw->dltimeout))) ) {
2315 hw->dltimeout = hfa384x2host_16(hw->dltimeout);
2317 WLAN_LOG_DEBUG(1,"flashdl_enable\n");
2319 hw->dlstate = HFA384x_DLSTATE_FLASHENABLED;
2325 /*----------------------------------------------------------------
2326 * hfa384x_drvr_flashdl_disable
2328 * Ends the flash download state. Note that this will cause the MAC
2329 * firmware to restart.
2332 * hw device structure
2336 * >0 f/w reported error - f/w status code
2337 * <0 driver reported error
2343 ----------------------------------------------------------------*/
2344 int hfa384x_drvr_flashdl_disable(hfa384x_t *hw)
2347 /* Check that we're already in the download state */
2348 if ( hw->dlstate != HFA384x_DLSTATE_FLASHENABLED ) {
2352 WLAN_LOG_DEBUG(1,"flashdl_enable\n");
2354 /* There isn't much we can do at this point, so I don't */
2355 /* bother w/ the return value */
2356 hfa384x_cmd_download(hw, HFA384x_PROGMODE_DISABLE, 0, 0 , 0);
2357 hw->dlstate = HFA384x_DLSTATE_DISABLED;
2364 /*----------------------------------------------------------------
2365 * hfa384x_drvr_flashdl_write
2367 * Performs a FLASH download of a chunk of data. First checks to see
2368 * that we're in the FLASH download state, then sets the download
2369 * mode, uses the aux functions to 1) copy the data to the flash
2370 * buffer, 2) sets the download 'write flash' mode, 3) readback and
2371 * compare. Lather rinse, repeat as many times an necessary to get
2372 * all the given data into flash.
2373 * When all data has been written using this function (possibly
2374 * repeatedly), call drvr_flashdl_disable() to end the download state
2375 * and restart the MAC.
2378 * hw device structure
2379 * daddr Card address to write to. (host order)
2380 * buf Ptr to data to write.
2381 * len Length of data (host order).
2385 * >0 f/w reported error - f/w status code
2386 * <0 driver reported error
2392 ----------------------------------------------------------------*/
2394 hfa384x_drvr_flashdl_write(
2416 WLAN_LOG_DEBUG(5,"daddr=0x%08x len=%d\n", daddr, len);
2418 /* Check that we're in the flash download state */
2419 if ( hw->dlstate != HFA384x_DLSTATE_FLASHENABLED ) {
2423 WLAN_LOG_INFO("Download %d bytes to flash @0x%06x\n", len, daddr);
2425 /* Convert to flat address for arithmetic */
2426 /* NOTE: dlbuffer RID stores the address in AUX format */
2427 dlbufaddr = HFA384x_ADDR_AUX_MKFLAT(
2428 hw->bufinfo.page, hw->bufinfo.offset);
2430 "dlbuf.page=0x%04x dlbuf.offset=0x%04x dlbufaddr=0x%08x\n",
2431 hw->bufinfo.page, hw->bufinfo.offset, dlbufaddr);
2434 WLAN_LOG_WARNING("dlbuf@0x%06lx len=%d to=%d\n", dlbufaddr, hw->bufinfo.len, hw->dltimeout);
2436 /* Calculations to determine how many fills of the dlbuffer to do
2437 * and how many USB wmemreq's to do for each fill. At this point
2438 * in time, the dlbuffer size and the wmemreq size are the same.
2439 * Therefore, nwrites should always be 1. The extra complexity
2440 * here is a hedge against future changes.
2443 /* Figure out how many times to do the flash programming */
2444 nburns = len / hw->bufinfo.len;
2445 nburns += (len % hw->bufinfo.len) ? 1 : 0;
2447 /* For each flash program cycle, how many USB wmemreq's are needed? */
2448 nwrites = hw->bufinfo.len / HFA384x_USB_RWMEM_MAXLEN;
2449 nwrites += (hw->bufinfo.len % HFA384x_USB_RWMEM_MAXLEN) ? 1 : 0;
2452 for ( i = 0; i < nburns; i++) {
2453 /* Get the dest address and len */
2454 burnlen = (len - (hw->bufinfo.len * i)) > hw->bufinfo.len ?
2456 (len - (hw->bufinfo.len * i));
2457 burndaddr = daddr + (hw->bufinfo.len * i);
2458 burnlo = HFA384x_ADDR_CMD_MKOFF(burndaddr);
2459 burnhi = HFA384x_ADDR_CMD_MKPAGE(burndaddr);
2461 WLAN_LOG_INFO("Writing %d bytes to flash @0x%06x\n",
2462 burnlen, burndaddr);
2464 /* Set the download mode */
2465 result = hfa384x_cmd_download(hw, HFA384x_PROGMODE_NV,
2466 burnlo, burnhi, burnlen);
2468 WLAN_LOG_ERROR("download(NV,lo=%x,hi=%x,len=%x) "
2469 "cmd failed, result=%d. Aborting d/l\n",
2470 burnlo, burnhi, burnlen, result);
2474 /* copy the data to the flash download buffer */
2475 for ( j=0; j < nwrites; j++) {
2477 (i*hw->bufinfo.len) +
2478 (j*HFA384x_USB_RWMEM_MAXLEN);
2480 writepage = HFA384x_ADDR_CMD_MKPAGE(
2482 (j*HFA384x_USB_RWMEM_MAXLEN));
2483 writeoffset = HFA384x_ADDR_CMD_MKOFF(
2485 (j*HFA384x_USB_RWMEM_MAXLEN));
2487 writelen = burnlen-(j*HFA384x_USB_RWMEM_MAXLEN);
2488 writelen = writelen > HFA384x_USB_RWMEM_MAXLEN ?
2489 HFA384x_USB_RWMEM_MAXLEN :
2492 result = hfa384x_dowmem_wait( hw,
2499 Comment out for debugging, assume the write was successful.
2502 "Write to dl buffer failed, "
2503 "result=0x%04x. Aborting.\n",
2511 /* set the download 'write flash' mode */
2512 result = hfa384x_cmd_download(hw,
2513 HFA384x_PROGMODE_NVWRITE,
2517 "download(NVWRITE,lo=%x,hi=%x,len=%x) "
2518 "cmd failed, result=%d. Aborting d/l\n",
2519 burnlo, burnhi, burnlen, result);
2523 /* TODO: We really should do a readback and compare. */
2528 /* Leave the firmware in the 'post-prog' mode. flashdl_disable will */
2529 /* actually disable programming mode. Remember, that will cause the */
2530 /* the firmware to effectively reset itself. */
2537 /*----------------------------------------------------------------
2538 * hfa384x_drvr_getconfig
2540 * Performs the sequence necessary to read a config/info item.
2543 * hw device structure
2544 * rid config/info record id (host order)
2545 * buf host side record buffer. Upon return it will
2546 * contain the body portion of the record (minus the
2548 * len buffer length (in bytes, should match record length)
2552 * >0 f/w reported error - f/w status code
2553 * <0 driver reported error
2554 * -ENODATA length mismatch between argument and retrieved
2561 ----------------------------------------------------------------*/
2562 int hfa384x_drvr_getconfig(hfa384x_t *hw, u16 rid, void *buf, u16 len)
2567 result = hfa384x_dorrid_wait(hw, rid, buf, len);
2573 /*----------------------------------------------------------------
2574 * hfa384x_drvr_getconfig_async
2576 * Performs the sequence necessary to perform an async read of
2577 * of a config/info item.
2580 * hw device structure
2581 * rid config/info record id (host order)
2582 * buf host side record buffer. Upon return it will
2583 * contain the body portion of the record (minus the
2585 * len buffer length (in bytes, should match record length)
2586 * cbfn caller supplied callback, called when the command
2587 * is done (successful or not).
2588 * cbfndata pointer to some caller supplied data that will be
2589 * passed in as an argument to the cbfn.
2592 * nothing the cbfn gets a status argument identifying if
2595 * Queues an hfa384x_usbcmd_t for subsequent execution.
2599 ----------------------------------------------------------------*/
2601 hfa384x_drvr_getconfig_async(
2604 ctlx_usercb_t usercb,
2607 return hfa384x_dorrid_async(hw, rid, NULL, 0,
2608 hfa384x_cb_rrid, usercb, usercb_data);
2611 /*----------------------------------------------------------------
2612 * hfa384x_drvr_setconfig_async
2614 * Performs the sequence necessary to write a config/info item.
2617 * hw device structure
2618 * rid config/info record id (in host order)
2619 * buf host side record buffer
2620 * len buffer length (in bytes)
2621 * usercb completion callback
2622 * usercb_data completion callback argument
2626 * >0 f/w reported error - f/w status code
2627 * <0 driver reported error
2633 ----------------------------------------------------------------*/
2635 hfa384x_drvr_setconfig_async(
2640 ctlx_usercb_t usercb,
2643 return hfa384x_dowrid_async(hw, rid, buf, len,
2644 hfa384x_cb_status, usercb, usercb_data);
2647 /*----------------------------------------------------------------
2648 * hfa384x_drvr_handover
2650 * Sends a handover notification to the MAC.
2653 * hw device structure
2654 * addr address of station that's left
2658 * -ERESTARTSYS received signal while waiting for semaphore.
2659 * -EIO failed to write to bap, or failed in cmd.
2665 ----------------------------------------------------------------*/
2666 int hfa384x_drvr_handover( hfa384x_t *hw, u8 *addr)
2669 WLAN_LOG_ERROR("Not currently supported in USB!\n");
2674 /*----------------------------------------------------------------
2675 * hfa384x_drvr_low_level
2677 * Write test commands to the card. Some test commands don't make
2678 * sense without prior set-up. For example, continous TX isn't very
2679 * useful until you set the channel. That functionality should be
2685 * -----------------------------------------------------------------*/
2686 int hfa384x_drvr_low_level(hfa384x_t *hw, hfa384x_metacmd_t *cmd)
2691 /* Do i need a host2hfa... conversion ? */
2693 result = hfa384x_docmd_wait(hw, cmd);
2699 /*----------------------------------------------------------------
2700 * hfa384x_drvr_mmi_read
2702 * Read mmi registers. mmi is intersil-speak for the baseband
2703 * processor registers.
2706 * hw device structure
2707 * register The test register to be accessed (must be even #).
2711 * >0 f/w reported error - f/w status code
2712 * <0 driver reported error
2718 ----------------------------------------------------------------*/
2719 int hfa384x_drvr_mmi_read(hfa384x_t *hw, u32 addr, u32 *resp)
2723 u16 cmd_code = (u16) 0x30;
2724 u16 param = (u16) addr;
2727 /* Do i need a host2hfa... conversion ? */
2728 result = hfa384x_docmd_wait(hw, cmd_code);
2736 /*----------------------------------------------------------------
2737 * hfa384x_drvr_mmi_write
2739 * Read mmi registers. mmi is intersil-speak for the baseband
2740 * processor registers.
2743 * hw device structure
2744 * addr The test register to be accessed (must be even #).
2745 * data The data value to write to the register.
2749 * >0 f/w reported error - f/w status code
2750 * <0 driver reported error
2756 ----------------------------------------------------------------*/
2759 hfa384x_drvr_mmi_write(hfa384x_t *hw, u32 addr, u32 data)
2763 u16 cmd_code = (u16) 0x31;
2764 u16 param0 = (u16) addr;
2765 u16 param1 = (u16) data;
2768 WLAN_LOG_DEBUG(1,"mmi write : addr = 0x%08lx\n", addr);
2769 WLAN_LOG_DEBUG(1,"mmi write : data = 0x%08lx\n", data);
2771 /* Do i need a host2hfa... conversion ? */
2772 result = hfa384x_docmd_wait(hw, cmd_code);
2781 /*----------------------------------------------------------------
2782 * hfa384x_drvr_ramdl_disable
2784 * Ends the ram download state.
2787 * hw device structure
2791 * >0 f/w reported error - f/w status code
2792 * <0 driver reported error
2798 ----------------------------------------------------------------*/
2800 hfa384x_drvr_ramdl_disable(hfa384x_t *hw)
2803 /* Check that we're already in the download state */
2804 if ( hw->dlstate != HFA384x_DLSTATE_RAMENABLED ) {
2808 WLAN_LOG_DEBUG(3,"ramdl_disable()\n");
2810 /* There isn't much we can do at this point, so I don't */
2811 /* bother w/ the return value */
2812 hfa384x_cmd_download(hw, HFA384x_PROGMODE_DISABLE, 0, 0 , 0);
2813 hw->dlstate = HFA384x_DLSTATE_DISABLED;
2820 /*----------------------------------------------------------------
2821 * hfa384x_drvr_ramdl_enable
2823 * Begins the ram download state. Checks to see that we're not
2824 * already in a download state and that a port isn't enabled.
2825 * Sets the download state and calls cmd_download with the
2826 * ENABLE_VOLATILE subcommand and the exeaddr argument.
2829 * hw device structure
2830 * exeaddr the card execution address that will be
2831 * jumped to when ramdl_disable() is called
2836 * >0 f/w reported error - f/w status code
2837 * <0 driver reported error
2843 ----------------------------------------------------------------*/
2845 hfa384x_drvr_ramdl_enable(hfa384x_t *hw, u32 exeaddr)
2852 /* Check that a port isn't active */
2853 for ( i = 0; i < HFA384x_PORTID_MAX; i++) {
2854 if ( hw->port_enabled[i] ) {
2856 "Can't download with a macport enabled.\n");
2861 /* Check that we're not already in a download state */
2862 if ( hw->dlstate != HFA384x_DLSTATE_DISABLED ) {
2864 "Download state not disabled.\n");
2868 WLAN_LOG_DEBUG(3,"ramdl_enable, exeaddr=0x%08x\n", exeaddr);
2870 /* Call the download(1,addr) function */
2871 lowaddr = HFA384x_ADDR_CMD_MKOFF(exeaddr);
2872 hiaddr = HFA384x_ADDR_CMD_MKPAGE(exeaddr);
2874 result = hfa384x_cmd_download(hw, HFA384x_PROGMODE_RAM,
2875 lowaddr, hiaddr, 0);
2878 /* Set the download state */
2879 hw->dlstate = HFA384x_DLSTATE_RAMENABLED;
2882 "cmd_download(0x%04x, 0x%04x) failed, result=%d.\n",
2893 /*----------------------------------------------------------------
2894 * hfa384x_drvr_ramdl_write
2896 * Performs a RAM download of a chunk of data. First checks to see
2897 * that we're in the RAM download state, then uses the [read|write]mem USB
2898 * commands to 1) copy the data, 2) readback and compare. The download
2899 * state is unaffected. When all data has been written using
2900 * this function, call drvr_ramdl_disable() to end the download state
2901 * and restart the MAC.
2904 * hw device structure
2905 * daddr Card address to write to. (host order)
2906 * buf Ptr to data to write.
2907 * len Length of data (host order).
2911 * >0 f/w reported error - f/w status code
2912 * <0 driver reported error
2918 ----------------------------------------------------------------*/
2920 hfa384x_drvr_ramdl_write(hfa384x_t *hw, u32 daddr, void* buf, u32 len)
2931 /* Check that we're in the ram download state */
2932 if ( hw->dlstate != HFA384x_DLSTATE_RAMENABLED ) {
2936 WLAN_LOG_INFO("Writing %d bytes to ram @0x%06x\n", len, daddr);
2938 /* How many dowmem calls? */
2939 nwrites = len / HFA384x_USB_RWMEM_MAXLEN;
2940 nwrites += len % HFA384x_USB_RWMEM_MAXLEN ? 1 : 0;
2942 /* Do blocking wmem's */
2943 for(i=0; i < nwrites; i++) {
2944 /* make address args */
2945 curraddr = daddr + (i * HFA384x_USB_RWMEM_MAXLEN);
2946 currpage = HFA384x_ADDR_CMD_MKPAGE(curraddr);
2947 curroffset = HFA384x_ADDR_CMD_MKOFF(curraddr);
2948 currlen = len - (i * HFA384x_USB_RWMEM_MAXLEN);
2949 if ( currlen > HFA384x_USB_RWMEM_MAXLEN) {
2950 currlen = HFA384x_USB_RWMEM_MAXLEN;
2953 /* Do blocking ctlx */
2954 result = hfa384x_dowmem_wait( hw,
2957 data + (i*HFA384x_USB_RWMEM_MAXLEN),
2962 /* TODO: We really should have a readback. */
2970 /*----------------------------------------------------------------
2971 * hfa384x_drvr_readpda
2973 * Performs the sequence to read the PDA space. Note there is no
2974 * drvr_writepda() function. Writing a PDA is
2975 * generally implemented by a calling component via calls to
2976 * cmd_download and writing to the flash download buffer via the
2980 * hw device structure
2981 * buf buffer to store PDA in
2986 * >0 f/w reported error - f/w status code
2987 * <0 driver reported error
2988 * -ETIMEOUT timout waiting for the cmd regs to become
2989 * available, or waiting for the control reg
2990 * to indicate the Aux port is enabled.
2991 * -ENODATA the buffer does NOT contain a valid PDA.
2992 * Either the card PDA is bad, or the auxdata
2993 * reads are giving us garbage.
2999 * process or non-card interrupt.
3000 ----------------------------------------------------------------*/
3001 int hfa384x_drvr_readpda(hfa384x_t *hw, void *buf, unsigned int len)
3007 int currpdr = 0; /* word offset of the current pdr */
3009 u16 pdrlen; /* pdr length in bytes, host order */
3010 u16 pdrcode; /* pdr code, host order */
3018 { HFA3842_PDA_BASE, 0},
3019 { HFA3841_PDA_BASE, 0},
3020 { HFA3841_PDA_BOGUS_BASE, 0}
3025 /* Read the pda from each known address. */
3026 for ( i = 0; i < ARRAY_SIZE(pdaloc); i++) {
3028 currpage = HFA384x_ADDR_CMD_MKPAGE(pdaloc[i].cardaddr);
3029 curroffset = HFA384x_ADDR_CMD_MKOFF(pdaloc[i].cardaddr);
3031 result = hfa384x_dormem_wait(hw,
3035 len); /* units of bytes */
3039 "Read from index %zd failed, continuing\n",
3044 /* Test for garbage */
3045 pdaok = 1; /* initially assume good */
3047 while ( pdaok && morepdrs ) {
3048 pdrlen = hfa384x2host_16(pda[currpdr]) * 2;
3049 pdrcode = hfa384x2host_16(pda[currpdr+1]);
3050 /* Test the record length */
3051 if ( pdrlen > HFA384x_PDR_LEN_MAX || pdrlen == 0) {
3052 WLAN_LOG_ERROR("pdrlen invalid=%d\n",
3058 if ( !hfa384x_isgood_pdrcode(pdrcode) ) {
3059 WLAN_LOG_ERROR("pdrcode invalid=%d\n",
3064 /* Test for completion */
3065 if ( pdrcode == HFA384x_PDR_END_OF_PDA) {
3069 /* Move to the next pdr (if necessary) */
3071 /* note the access to pda[], need words here */
3072 currpdr += hfa384x2host_16(pda[currpdr]) + 1;
3077 "PDA Read from 0x%08x in %s space.\n",
3079 pdaloc[i].auxctl == 0 ? "EXTDS" :
3080 pdaloc[i].auxctl == 1 ? "NV" :
3081 pdaloc[i].auxctl == 2 ? "PHY" :
3082 pdaloc[i].auxctl == 3 ? "ICSRAM" :
3087 result = pdaok ? 0 : -ENODATA;
3090 WLAN_LOG_DEBUG(3,"Failure: pda is not okay\n");
3098 /*----------------------------------------------------------------
3099 * hfa384x_drvr_setconfig
3101 * Performs the sequence necessary to write a config/info item.
3104 * hw device structure
3105 * rid config/info record id (in host order)
3106 * buf host side record buffer
3107 * len buffer length (in bytes)
3111 * >0 f/w reported error - f/w status code
3112 * <0 driver reported error
3118 ----------------------------------------------------------------*/
3119 int hfa384x_drvr_setconfig(hfa384x_t *hw, u16 rid, void *buf, u16 len)
3121 return hfa384x_dowrid_wait(hw, rid, buf, len);
3124 /*----------------------------------------------------------------
3125 * hfa384x_drvr_start
3127 * Issues the MAC initialize command, sets up some data structures,
3128 * and enables the interrupts. After this function completes, the
3129 * low-level stuff should be ready for any/all commands.
3132 * hw device structure
3135 * >0 f/w reported error - f/w status code
3136 * <0 driver reported error
3142 ----------------------------------------------------------------*/
3143 int hfa384x_drvr_start(hfa384x_t *hw)
3150 if (usb_clear_halt(hw->usb, hw->endp_in)) {
3152 "Failed to reset bulk in endpoint.\n");
3155 if (usb_clear_halt(hw->usb, hw->endp_out)) {
3157 "Failed to reset bulk out endpoint.\n");
3160 /* Synchronous unlink, in case we're trying to restart the driver */
3161 usb_kill_urb(&hw->rx_urb);
3163 /* Post the IN urb */
3164 result = submit_rx_urb(hw, GFP_KERNEL);
3167 "Fatal, failed to submit RX URB, result=%d\n",
3172 /* call initialize */
3173 result = hfa384x_cmd_initialize(hw);
3175 usb_kill_urb(&hw->rx_urb);
3177 "cmd_initialize() failed, result=%d\n",
3182 hw->state = HFA384x_STATE_RUNNING;
3190 /*----------------------------------------------------------------
3193 * Shuts down the MAC to the point where it is safe to unload the
3194 * driver. Any subsystem that may be holding a data or function
3195 * ptr into the driver must be cleared/deinitialized.
3198 * hw device structure
3201 * >0 f/w reported error - f/w status code
3202 * <0 driver reported error
3208 ----------------------------------------------------------------*/
3210 hfa384x_drvr_stop(hfa384x_t *hw)
3218 /* There's no need for spinlocks here. The USB "disconnect"
3219 * function sets this "removed" flag and then calls us.
3221 if ( !hw->wlandev->hwremoved ) {
3222 /* Call initialize to leave the MAC in its 'reset' state */
3223 hfa384x_cmd_initialize(hw);
3225 /* Cancel the rxurb */
3226 usb_kill_urb(&hw->rx_urb);
3229 hw->link_status = HFA384x_LINK_NOTCONNECTED;
3230 hw->state = HFA384x_STATE_INIT;
3232 del_timer_sync(&hw->commsqual_timer);
3234 /* Clear all the port status */
3235 for ( i = 0; i < HFA384x_NUMPORTS_MAX; i++) {
3236 hw->port_enabled[i] = 0;
3243 /*----------------------------------------------------------------
3244 * hfa384x_drvr_txframe
3246 * Takes a frame from prism2sta and queues it for transmission.
3249 * hw device structure
3250 * skb packet buffer struct. Contains an 802.11
3252 * p80211_hdr points to the 802.11 header for the packet.
3254 * 0 Success and more buffs available
3255 * 1 Success but no more buffs
3256 * 2 Allocation failure
3257 * 4 Buffer full or queue busy
3263 ----------------------------------------------------------------*/
3264 int hfa384x_drvr_txframe(hfa384x_t *hw, struct sk_buff *skb, p80211_hdr_t *p80211_hdr, p80211_metawep_t *p80211_wep)
3267 int usbpktlen = sizeof(hfa384x_tx_frame_t);
3274 if (hw->tx_urb.status == -EINPROGRESS) {
3275 WLAN_LOG_WARNING("TX URB already in use\n");
3280 /* Build Tx frame structure */
3281 /* Set up the control field */
3282 memset(&hw->txbuff.txfrm.desc, 0, sizeof(hw->txbuff.txfrm.desc));
3284 /* Setup the usb type field */
3285 hw->txbuff.type = host2hfa384x_16(HFA384x_USB_TXFRM);
3287 /* Set up the sw_support field to identify this frame */
3288 hw->txbuff.txfrm.desc.sw_support = 0x0123;
3290 /* Tx complete and Tx exception disable per dleach. Might be causing
3293 //#define DOEXC SLP -- doboth breaks horribly under load, doexc less so.
3295 hw->txbuff.txfrm.desc.tx_control =
3296 HFA384x_TX_MACPORT_SET(0) | HFA384x_TX_STRUCTYPE_SET(1) |
3297 HFA384x_TX_TXEX_SET(1) | HFA384x_TX_TXOK_SET(1);
3298 #elif defined(DOEXC)
3299 hw->txbuff.txfrm.desc.tx_control =
3300 HFA384x_TX_MACPORT_SET(0) | HFA384x_TX_STRUCTYPE_SET(1) |
3301 HFA384x_TX_TXEX_SET(1) | HFA384x_TX_TXOK_SET(0);
3303 hw->txbuff.txfrm.desc.tx_control =
3304 HFA384x_TX_MACPORT_SET(0) | HFA384x_TX_STRUCTYPE_SET(1) |
3305 HFA384x_TX_TXEX_SET(0) | HFA384x_TX_TXOK_SET(0);
3307 hw->txbuff.txfrm.desc.tx_control =
3308 host2hfa384x_16(hw->txbuff.txfrm.desc.tx_control);
3310 /* copy the header over to the txdesc */
3311 memcpy(&(hw->txbuff.txfrm.desc.frame_control), p80211_hdr, sizeof(p80211_hdr_t));
3313 /* if we're using host WEP, increase size by IV+ICV */
3314 if (p80211_wep->data) {
3315 hw->txbuff.txfrm.desc.data_len = host2hfa384x_16(skb->len+8);
3316 // hw->txbuff.txfrm.desc.tx_control |= HFA384x_TX_NOENCRYPT_SET(1);
3319 hw->txbuff.txfrm.desc.data_len = host2hfa384x_16(skb->len);
3322 usbpktlen += skb->len;
3324 /* copy over the WEP IV if we are using host WEP */
3325 ptr = hw->txbuff.txfrm.data;
3326 if (p80211_wep->data) {
3327 memcpy(ptr, p80211_wep->iv, sizeof(p80211_wep->iv));
3328 ptr+= sizeof(p80211_wep->iv);
3329 memcpy(ptr, p80211_wep->data, skb->len);
3331 memcpy(ptr, skb->data, skb->len);
3333 /* copy over the packet data */
3336 /* copy over the WEP ICV if we are using host WEP */
3337 if (p80211_wep->data) {
3338 memcpy(ptr, p80211_wep->icv, sizeof(p80211_wep->icv));
3341 /* Send the USB packet */
3342 usb_fill_bulk_urb( &(hw->tx_urb), hw->usb,
3344 &(hw->txbuff), ROUNDUP64(usbpktlen),
3345 hfa384x_usbout_callback, hw->wlandev );
3346 hw->tx_urb.transfer_flags |= USB_QUEUE_BULK;
3349 ret = submit_tx_urb(hw, &hw->tx_urb, GFP_ATOMIC);
3352 "submit_tx_urb() failed, error=%d\n", ret);
3361 void hfa384x_tx_timeout(wlandevice_t *wlandev)
3363 hfa384x_t *hw = wlandev->priv;
3364 unsigned long flags;
3368 spin_lock_irqsave(&hw->ctlxq.lock, flags);
3370 if ( !hw->wlandev->hwremoved &&
3371 /* Note the bitwise OR, not the logical OR. */
3372 ( !test_and_set_bit(WORK_TX_HALT, &hw->usb_flags) |
3373 !test_and_set_bit(WORK_RX_HALT, &hw->usb_flags) ) )
3375 schedule_work(&hw->usb_work);
3378 spin_unlock_irqrestore(&hw->ctlxq.lock, flags);
3383 /*----------------------------------------------------------------
3384 * hfa384x_usbctlx_reaper_task
3386 * Tasklet to delete dead CTLX objects
3389 * data ptr to a hfa384x_t
3395 ----------------------------------------------------------------*/
3396 static void hfa384x_usbctlx_reaper_task(unsigned long data)
3398 hfa384x_t *hw = (hfa384x_t*)data;
3399 struct list_head *entry;
3400 struct list_head *temp;
3401 unsigned long flags;
3405 spin_lock_irqsave(&hw->ctlxq.lock, flags);
3407 /* This list is guaranteed to be empty if someone
3408 * has unplugged the adapter.
3410 list_for_each_safe(entry, temp, &hw->ctlxq.reapable) {
3411 hfa384x_usbctlx_t *ctlx;
3413 ctlx = list_entry(entry, hfa384x_usbctlx_t, list);
3414 list_del(&ctlx->list);
3418 spin_unlock_irqrestore(&hw->ctlxq.lock, flags);
3423 /*----------------------------------------------------------------
3424 * hfa384x_usbctlx_completion_task
3426 * Tasklet to call completion handlers for returned CTLXs
3429 * data ptr to hfa384x_t
3436 ----------------------------------------------------------------*/
3437 static void hfa384x_usbctlx_completion_task(unsigned long data)
3439 hfa384x_t *hw = (hfa384x_t*)data;
3440 struct list_head *entry;
3441 struct list_head *temp;
3442 unsigned long flags;
3448 spin_lock_irqsave(&hw->ctlxq.lock, flags);
3450 /* This list is guaranteed to be empty if someone
3451 * has unplugged the adapter ...
3453 list_for_each_safe(entry, temp, &hw->ctlxq.completing) {
3454 hfa384x_usbctlx_t *ctlx;
3456 ctlx = list_entry(entry, hfa384x_usbctlx_t, list);
3458 /* Call the completion function that this
3459 * command was assigned, assuming it has one.
3461 if ( ctlx->cmdcb != NULL ) {
3462 spin_unlock_irqrestore(&hw->ctlxq.lock, flags);
3463 ctlx->cmdcb(hw, ctlx);
3464 spin_lock_irqsave(&hw->ctlxq.lock, flags);
3466 /* Make sure we don't try and complete
3467 * this CTLX more than once!
3471 /* Did someone yank the adapter out
3472 * while our list was (briefly) unlocked?
3474 if ( hw->wlandev->hwremoved )
3482 * "Reapable" CTLXs are ones which don't have any
3483 * threads waiting for them to die. Hence they must
3484 * be delivered to The Reaper!
3486 if ( ctlx->reapable ) {
3487 /* Move the CTLX off the "completing" list (hopefully)
3488 * on to the "reapable" list where the reaper task
3489 * can find it. And "reapable" means that this CTLX
3490 * isn't sitting on a wait-queue somewhere.
3492 list_move_tail(&ctlx->list, &hw->ctlxq.reapable);
3496 complete(&ctlx->done);
3498 spin_unlock_irqrestore(&hw->ctlxq.lock, flags);
3501 tasklet_schedule(&hw->reaper_bh);
3506 /*----------------------------------------------------------------
3507 * unlocked_usbctlx_cancel_async
3509 * Mark the CTLX dead asynchronously, and ensure that the
3510 * next command on the queue is run afterwards.
3513 * hw ptr to the hfa384x_t structure
3514 * ctlx ptr to a CTLX structure
3517 * 0 the CTLX's URB is inactive
3518 * -EINPROGRESS the URB is currently being unlinked
3521 * Either process or interrupt, but presumably interrupt
3522 ----------------------------------------------------------------*/
3523 static int unlocked_usbctlx_cancel_async(hfa384x_t *hw, hfa384x_usbctlx_t *ctlx)
3530 * Try to delete the URB containing our request packet.
3531 * If we succeed, then its completion handler will be
3532 * called with a status of -ECONNRESET.
3534 hw->ctlx_urb.transfer_flags |= URB_ASYNC_UNLINK;
3535 ret = usb_unlink_urb(&hw->ctlx_urb);
3537 if (ret != -EINPROGRESS) {
3539 * The OUT URB had either already completed
3540 * or was still in the pending queue, so the
3541 * URB's completion function will not be called.
3542 * We will have to complete the CTLX ourselves.
3544 ctlx->state = CTLX_REQ_FAILED;
3545 unlocked_usbctlx_complete(hw, ctlx);
3554 /*----------------------------------------------------------------
3555 * unlocked_usbctlx_complete
3557 * A CTLX has completed. It may have been successful, it may not
3558 * have been. At this point, the CTLX should be quiescent. The URBs
3559 * aren't active and the timers should have been stopped.
3561 * The CTLX is migrated to the "completing" queue, and the completing
3562 * tasklet is scheduled.
3565 * hw ptr to a hfa384x_t structure
3566 * ctlx ptr to a ctlx structure
3574 * Either, assume interrupt
3575 ----------------------------------------------------------------*/
3576 static void unlocked_usbctlx_complete(hfa384x_t *hw, hfa384x_usbctlx_t *ctlx)
3580 /* Timers have been stopped, and ctlx should be in
3581 * a terminal state. Retire it from the "active"
3584 list_move_tail(&ctlx->list, &hw->ctlxq.completing);
3585 tasklet_schedule(&hw->completion_bh);
3587 switch (ctlx->state) {
3589 case CTLX_REQ_FAILED:
3590 /* This are the correct terminating states. */
3594 WLAN_LOG_ERROR("CTLX[%d] not in a terminating state(%s)\n",
3595 hfa384x2host_16(ctlx->outbuf.type),
3596 ctlxstr(ctlx->state));
3603 /*----------------------------------------------------------------
3604 * hfa384x_usbctlxq_run
3606 * Checks to see if the head item is running. If not, starts it.
3609 * hw ptr to hfa384x_t
3618 ----------------------------------------------------------------*/
3620 hfa384x_usbctlxq_run(hfa384x_t *hw)
3622 unsigned long flags;
3626 spin_lock_irqsave(&hw->ctlxq.lock, flags);
3628 /* Only one active CTLX at any one time, because there's no
3629 * other (reliable) way to match the response URB to the
3632 * Don't touch any of these CTLXs if the hardware
3633 * has been removed or the USB subsystem is stalled.
3635 if ( !list_empty(&hw->ctlxq.active) ||
3636 test_bit(WORK_TX_HALT, &hw->usb_flags) ||
3637 hw->wlandev->hwremoved )
3640 while ( !list_empty(&hw->ctlxq.pending) ) {
3641 hfa384x_usbctlx_t *head;
3644 /* This is the first pending command */
3645 head = list_entry(hw->ctlxq.pending.next,
3649 /* We need to split this off to avoid a race condition */
3650 list_move_tail(&head->list, &hw->ctlxq.active);
3652 /* Fill the out packet */
3653 usb_fill_bulk_urb( &(hw->ctlx_urb), hw->usb,
3655 &(head->outbuf), ROUNDUP64(head->outbufsize),
3656 hfa384x_ctlxout_callback, hw);
3657 hw->ctlx_urb.transfer_flags |= USB_QUEUE_BULK;
3659 /* Now submit the URB and update the CTLX's state
3661 if ((result = SUBMIT_URB(&hw->ctlx_urb, GFP_ATOMIC)) == 0) {
3662 /* This CTLX is now running on the active queue */
3663 head->state = CTLX_REQ_SUBMITTED;
3665 /* Start the OUT wait timer */
3666 hw->req_timer_done = 0;
3667 hw->reqtimer.expires = jiffies + HZ;
3668 add_timer(&hw->reqtimer);
3670 /* Start the IN wait timer */
3671 hw->resp_timer_done = 0;
3672 hw->resptimer.expires = jiffies + 2*HZ;
3673 add_timer(&hw->resptimer);
3678 if (result == -EPIPE) {
3679 /* The OUT pipe needs resetting, so put
3680 * this CTLX back in the "pending" queue
3681 * and schedule a reset ...
3683 WLAN_LOG_WARNING("%s tx pipe stalled: requesting reset\n",
3684 hw->wlandev->netdev->name);
3685 list_move(&head->list, &hw->ctlxq.pending);
3686 set_bit(WORK_TX_HALT, &hw->usb_flags);
3687 schedule_work(&hw->usb_work);
3691 if (result == -ESHUTDOWN) {
3692 WLAN_LOG_WARNING("%s urb shutdown!\n",
3693 hw->wlandev->netdev->name);
3697 WLAN_LOG_ERROR("Failed to submit CTLX[%d]: error=%d\n",
3698 hfa384x2host_16(head->outbuf.type), result);
3699 unlocked_usbctlx_complete(hw, head);
3703 spin_unlock_irqrestore(&hw->ctlxq.lock, flags);
3709 /*----------------------------------------------------------------
3710 * hfa384x_usbin_callback
3712 * Callback for URBs on the BULKIN endpoint.
3715 * urb ptr to the completed urb
3724 ----------------------------------------------------------------*/
3725 #ifdef URB_ONLY_CALLBACK
3726 static void hfa384x_usbin_callback(struct urb *urb)
3728 static void hfa384x_usbin_callback(struct urb *urb, struct pt_regs *regs)
3731 wlandevice_t *wlandev = urb->context;
3733 hfa384x_usbin_t *usbin = (hfa384x_usbin_t *) urb->transfer_buffer;
3734 struct sk_buff *skb = NULL;
3749 !netif_device_present(wlandev->netdev) )
3756 skb = hw->rx_urb_skb;
3757 if (!skb || (skb->data != urb->transfer_buffer)) {
3760 hw->rx_urb_skb = NULL;
3762 /* Check for error conditions within the URB */
3763 switch (urb->status) {
3767 /* Check for short packet */
3768 if ( urb->actual_length == 0 ) {
3769 ++(wlandev->linux_stats.rx_errors);
3770 ++(wlandev->linux_stats.rx_length_errors);
3776 WLAN_LOG_WARNING("%s rx pipe stalled: requesting reset\n",
3777 wlandev->netdev->name);
3778 if ( !test_and_set_bit(WORK_RX_HALT, &hw->usb_flags) )
3779 schedule_work(&hw->usb_work);
3780 ++(wlandev->linux_stats.rx_errors);
3787 if ( !test_and_set_bit(THROTTLE_RX, &hw->usb_flags) &&
3788 !timer_pending(&hw->throttle) ) {
3789 mod_timer(&hw->throttle, jiffies + THROTTLE_JIFFIES);
3791 ++(wlandev->linux_stats.rx_errors);
3796 ++(wlandev->linux_stats.rx_over_errors);
3802 WLAN_LOG_DEBUG(3,"status=%d, device removed.\n", urb->status);
3808 WLAN_LOG_DEBUG(3,"status=%d, urb explicitly unlinked.\n", urb->status);
3813 WLAN_LOG_DEBUG(3,"urb status=%d, transfer flags=0x%x\n",
3814 urb->status, urb->transfer_flags);
3815 ++(wlandev->linux_stats.rx_errors);
3820 urb_status = urb->status;
3822 if (action != ABORT) {
3823 /* Repost the RX URB */
3824 result = submit_rx_urb(hw, GFP_ATOMIC);
3828 "Fatal, failed to resubmit rx_urb. error=%d\n",
3833 /* Handle any USB-IN packet */
3834 /* Note: the check of the sw_support field, the type field doesn't
3835 * have bit 12 set like the docs suggest.
3837 type = hfa384x2host_16(usbin->type);
3838 if (HFA384x_USB_ISRXFRM(type)) {
3839 if (action == HANDLE) {
3840 if (usbin->txfrm.desc.sw_support == 0x0123) {
3841 hfa384x_usbin_txcompl(wlandev, usbin);
3843 skb_put(skb, sizeof(*usbin));
3844 hfa384x_usbin_rx(wlandev, skb);
3850 if (HFA384x_USB_ISTXFRM(type)) {
3851 if (action == HANDLE)
3852 hfa384x_usbin_txcompl(wlandev, usbin);
3856 case HFA384x_USB_INFOFRM:
3857 if (action == ABORT)
3859 if (action == HANDLE)
3860 hfa384x_usbin_info(wlandev, usbin);
3863 case HFA384x_USB_CMDRESP:
3864 case HFA384x_USB_WRIDRESP:
3865 case HFA384x_USB_RRIDRESP:
3866 case HFA384x_USB_WMEMRESP:
3867 case HFA384x_USB_RMEMRESP:
3868 /* ALWAYS, ALWAYS, ALWAYS handle this CTLX!!!! */
3869 hfa384x_usbin_ctlx(hw, usbin, urb_status);
3872 case HFA384x_USB_BUFAVAIL:
3873 WLAN_LOG_DEBUG(3,"Received BUFAVAIL packet, frmlen=%d\n",
3874 usbin->bufavail.frmlen);
3877 case HFA384x_USB_ERROR:
3878 WLAN_LOG_DEBUG(3,"Received USB_ERROR packet, errortype=%d\n",
3879 usbin->usberror.errortype);
3883 WLAN_LOG_DEBUG(3,"Unrecognized USBIN packet, type=%x, status=%d\n",
3884 usbin->type, urb_status);
3897 /*----------------------------------------------------------------
3898 * hfa384x_usbin_ctlx
3900 * We've received a URB containing a Prism2 "response" message.
3901 * This message needs to be matched up with a CTLX on the active
3902 * queue and our state updated accordingly.
3905 * hw ptr to hfa384x_t
3906 * usbin ptr to USB IN packet
3907 * urb_status status of this Bulk-In URB
3916 ----------------------------------------------------------------*/
3917 static void hfa384x_usbin_ctlx(hfa384x_t *hw, hfa384x_usbin_t *usbin,
3920 hfa384x_usbctlx_t *ctlx;
3922 unsigned long flags;
3927 spin_lock_irqsave(&hw->ctlxq.lock, flags);
3929 /* There can be only one CTLX on the active queue
3930 * at any one time, and this is the CTLX that the
3931 * timers are waiting for.
3933 if ( list_empty(&hw->ctlxq.active) ) {
3937 /* Remove the "response timeout". It's possible that
3938 * we are already too late, and that the timeout is
3939 * already running. And that's just too bad for us,
3940 * because we could lose our CTLX from the active
3943 if (del_timer(&hw->resptimer) == 0) {
3944 if (hw->resp_timer_done == 0) {
3945 spin_unlock_irqrestore(&hw->ctlxq.lock, flags);
3950 hw->resp_timer_done = 1;
3953 ctlx = get_active_ctlx(hw);
3955 if (urb_status != 0) {
3957 * Bad CTLX, so get rid of it. But we only
3958 * remove it from the active queue if we're no
3959 * longer expecting the OUT URB to complete.
3961 if (unlocked_usbctlx_cancel_async(hw, ctlx) == 0)
3964 const u16 intype = (usbin->type&~host2hfa384x_16(0x8000));
3967 * Check that our message is what we're expecting ...
3969 if (ctlx->outbuf.type != intype) {
3970 WLAN_LOG_WARNING("Expected IN[%d], received IN[%d] - ignored.\n",
3971 hfa384x2host_16(ctlx->outbuf.type),
3972 hfa384x2host_16(intype));
3976 /* This URB has succeeded, so grab the data ... */
3977 memcpy(&ctlx->inbuf, usbin, sizeof(ctlx->inbuf));
3979 switch (ctlx->state) {
3980 case CTLX_REQ_SUBMITTED:
3982 * We have received our response URB before
3983 * our request has been acknowledged. Odd,
3984 * but our OUT URB is still alive...
3986 WLAN_LOG_DEBUG(0, "Causality violation: please reboot Universe, or email linux-wlan-devel@lists.linux-wlan.com\n");
3987 ctlx->state = CTLX_RESP_COMPLETE;
3990 case CTLX_REQ_COMPLETE:
3992 * This is the usual path: our request
3993 * has already been acknowledged, and
3994 * now we have received the reply too.
3996 ctlx->state = CTLX_COMPLETE;
3997 unlocked_usbctlx_complete(hw, ctlx);
4003 * Throw this CTLX away ...
4005 WLAN_LOG_ERROR("Matched IN URB, CTLX[%d] in invalid state(%s)."
4007 hfa384x2host_16(ctlx->outbuf.type),
4008 ctlxstr(ctlx->state));
4009 if (unlocked_usbctlx_cancel_async(hw, ctlx) == 0)
4016 spin_unlock_irqrestore(&hw->ctlxq.lock, flags);
4019 hfa384x_usbctlxq_run(hw);
4025 /*----------------------------------------------------------------
4026 * hfa384x_usbin_txcompl
4028 * At this point we have the results of a previous transmit.
4031 * wlandev wlan device
4032 * usbin ptr to the usb transfer buffer
4041 ----------------------------------------------------------------*/
4042 static void hfa384x_usbin_txcompl(wlandevice_t *wlandev, hfa384x_usbin_t *usbin)
4047 status = hfa384x2host_16(usbin->type); /* yeah I know it says type...*/
4049 /* Was there an error? */
4050 if (HFA384x_TXSTATUS_ISERROR(status)) {
4051 prism2sta_ev_txexc(wlandev, status);
4053 prism2sta_ev_tx(wlandev, status);
4055 // prism2sta_ev_alloc(wlandev);
4061 /*----------------------------------------------------------------
4064 * At this point we have a successful received a rx frame packet.
4067 * wlandev wlan device
4068 * usbin ptr to the usb transfer buffer
4077 ----------------------------------------------------------------*/
4078 static void hfa384x_usbin_rx(wlandevice_t *wlandev, struct sk_buff *skb)
4080 hfa384x_usbin_t *usbin = (hfa384x_usbin_t *) skb->data;
4081 hfa384x_t *hw = wlandev->priv;
4083 p80211_rxmeta_t *rxmeta;
4089 /* Byte order convert once up front. */
4090 usbin->rxfrm.desc.status =
4091 hfa384x2host_16(usbin->rxfrm.desc.status);
4092 usbin->rxfrm.desc.time =
4093 hfa384x2host_32(usbin->rxfrm.desc.time);
4095 /* Now handle frame based on port# */
4096 switch( HFA384x_RXSTATUS_MACPORT_GET(usbin->rxfrm.desc.status) )
4099 fc = ieee2host16(usbin->rxfrm.desc.frame_control);
4101 /* If exclude and we receive an unencrypted, drop it */
4102 if ( (wlandev->hostwep & HOSTWEP_EXCLUDEUNENCRYPTED) &&
4103 !WLAN_GET_FC_ISWEP(fc)){
4107 data_len = hfa384x2host_16(usbin->rxfrm.desc.data_len);
4109 /* How much header data do we have? */
4110 hdrlen = p80211_headerlen(fc);
4112 /* Pull off the descriptor */
4113 skb_pull(skb, sizeof(hfa384x_rx_frame_t));
4115 /* Now shunt the header block up against the data block
4116 * with an "overlapping" copy
4118 memmove(skb_push(skb, hdrlen),
4119 &usbin->rxfrm.desc.frame_control,
4122 skb->dev = wlandev->netdev;
4123 skb->dev->last_rx = jiffies;
4125 /* And set the frame length properly */
4126 skb_trim(skb, data_len + hdrlen);
4128 /* The prism2 series does not return the CRC */
4129 memset(skb_put(skb, WLAN_CRC_LEN), 0xff, WLAN_CRC_LEN);
4131 skb_reset_mac_header(skb);
4133 /* Attach the rxmeta, set some stuff */
4134 p80211skb_rxmeta_attach(wlandev, skb);
4135 rxmeta = P80211SKB_RXMETA(skb);
4136 rxmeta->mactime = usbin->rxfrm.desc.time;
4137 rxmeta->rxrate = usbin->rxfrm.desc.rate;
4138 rxmeta->signal = usbin->rxfrm.desc.signal - hw->dbmadjust;
4139 rxmeta->noise = usbin->rxfrm.desc.silence - hw->dbmadjust;
4141 prism2sta_ev_rx(wlandev, skb);
4146 if ( ! HFA384x_RXSTATUS_ISFCSERR(usbin->rxfrm.desc.status) ) {
4147 /* Copy to wlansnif skb */
4148 hfa384x_int_rxmonitor( wlandev, &usbin->rxfrm);
4151 WLAN_LOG_DEBUG(3,"Received monitor frame: FCSerr set\n");
4156 WLAN_LOG_WARNING("Received frame on unsupported port=%d\n",
4157 HFA384x_RXSTATUS_MACPORT_GET(usbin->rxfrm.desc.status) );
4167 /*----------------------------------------------------------------
4168 * hfa384x_int_rxmonitor
4170 * Helper function for int_rx. Handles monitor frames.
4171 * Note that this function allocates space for the FCS and sets it
4172 * to 0xffffffff. The hfa384x doesn't give us the FCS value but the
4173 * higher layers expect it. 0xffffffff is used as a flag to indicate
4177 * wlandev wlan device structure
4178 * rxfrm rx descriptor read from card in int_rx
4184 * Allocates an skb and passes it up via the PF_PACKET interface.
4187 ----------------------------------------------------------------*/
4188 static void hfa384x_int_rxmonitor( wlandevice_t *wlandev, hfa384x_usb_rxfrm_t *rxfrm)
4190 hfa384x_rx_frame_t *rxdesc = &(rxfrm->desc);
4191 unsigned int hdrlen = 0;
4192 unsigned int datalen = 0;
4193 unsigned int skblen = 0;
4194 p80211msg_lnxind_wlansniffrm_t *msg;
4197 struct sk_buff *skb;
4198 hfa384x_t *hw = wlandev->priv;
4202 /* Don't forget the status, time, and data_len fields are in host order */
4203 /* Figure out how big the frame is */
4204 fc = ieee2host16(rxdesc->frame_control);
4205 hdrlen = p80211_headerlen(fc);
4206 datalen = hfa384x2host_16(rxdesc->data_len);
4208 /* Allocate an ind message+framesize skb */
4209 skblen = sizeof(p80211msg_lnxind_wlansniffrm_t) +
4210 hdrlen + datalen + WLAN_CRC_LEN;
4212 /* sanity check the length */
4214 (sizeof(p80211msg_lnxind_wlansniffrm_t) +
4215 WLAN_HDR_A4_LEN + WLAN_DATA_MAXLEN + WLAN_CRC_LEN) ) {
4216 WLAN_LOG_DEBUG(1, "overlen frm: len=%zd\n",
4217 skblen - sizeof(p80211msg_lnxind_wlansniffrm_t));
4220 if ( (skb = dev_alloc_skb(skblen)) == NULL ) {
4221 WLAN_LOG_ERROR("alloc_skb failed trying to allocate %d bytes\n", skblen);
4225 /* only prepend the prism header if in the right mode */
4226 if ((wlandev->netdev->type == ARPHRD_IEEE80211_PRISM) &&
4227 (hw->sniffhdr == 0)) {
4228 datap = skb_put(skb, sizeof(p80211msg_lnxind_wlansniffrm_t));
4229 msg = (p80211msg_lnxind_wlansniffrm_t*) datap;
4231 /* Initialize the message members */
4232 msg->msgcode = DIDmsg_lnxind_wlansniffrm;
4233 msg->msglen = sizeof(p80211msg_lnxind_wlansniffrm_t);
4234 strcpy(msg->devname, wlandev->name);
4236 msg->hosttime.did = DIDmsg_lnxind_wlansniffrm_hosttime;
4237 msg->hosttime.status = 0;
4238 msg->hosttime.len = 4;
4239 msg->hosttime.data = jiffies;
4241 msg->mactime.did = DIDmsg_lnxind_wlansniffrm_mactime;
4242 msg->mactime.status = 0;
4243 msg->mactime.len = 4;
4244 msg->mactime.data = rxdesc->time;
4246 msg->channel.did = DIDmsg_lnxind_wlansniffrm_channel;
4247 msg->channel.status = 0;
4248 msg->channel.len = 4;
4249 msg->channel.data = hw->sniff_channel;
4251 msg->rssi.did = DIDmsg_lnxind_wlansniffrm_rssi;
4252 msg->rssi.status = P80211ENUM_msgitem_status_no_value;
4256 msg->sq.did = DIDmsg_lnxind_wlansniffrm_sq;
4257 msg->sq.status = P80211ENUM_msgitem_status_no_value;
4261 msg->signal.did = DIDmsg_lnxind_wlansniffrm_signal;
4262 msg->signal.status = 0;
4263 msg->signal.len = 4;
4264 msg->signal.data = rxdesc->signal;
4266 msg->noise.did = DIDmsg_lnxind_wlansniffrm_noise;
4267 msg->noise.status = 0;
4269 msg->noise.data = rxdesc->silence;
4271 msg->rate.did = DIDmsg_lnxind_wlansniffrm_rate;
4272 msg->rate.status = 0;
4274 msg->rate.data = rxdesc->rate / 5; /* set to 802.11 units */
4276 msg->istx.did = DIDmsg_lnxind_wlansniffrm_istx;
4277 msg->istx.status = 0;
4279 msg->istx.data = P80211ENUM_truth_false;
4281 msg->frmlen.did = DIDmsg_lnxind_wlansniffrm_frmlen;
4282 msg->frmlen.status = 0;
4283 msg->frmlen.len = 4;
4284 msg->frmlen.data = hdrlen + datalen + WLAN_CRC_LEN;
4285 } else if ((wlandev->netdev->type == ARPHRD_IEEE80211_PRISM) &&
4286 (hw->sniffhdr != 0)) {
4287 p80211_caphdr_t *caphdr;
4288 /* The NEW header format! */
4289 datap = skb_put(skb, sizeof(p80211_caphdr_t));
4290 caphdr = (p80211_caphdr_t*) datap;
4292 caphdr->version = htonl(P80211CAPTURE_VERSION);
4293 caphdr->length = htonl(sizeof(p80211_caphdr_t));
4294 caphdr->mactime = __cpu_to_be64(rxdesc->time) * 1000;
4295 caphdr->hosttime = __cpu_to_be64(jiffies);
4296 caphdr->phytype = htonl(4); /* dss_dot11_b */
4297 caphdr->channel = htonl(hw->sniff_channel);
4298 caphdr->datarate = htonl(rxdesc->rate);
4299 caphdr->antenna = htonl(0); /* unknown */
4300 caphdr->priority = htonl(0); /* unknown */
4301 caphdr->ssi_type = htonl(3); /* rssi_raw */
4302 caphdr->ssi_signal = htonl(rxdesc->signal);
4303 caphdr->ssi_noise = htonl(rxdesc->silence);
4304 caphdr->preamble = htonl(0); /* unknown */
4305 caphdr->encoding = htonl(1); /* cck */
4308 /* Copy the 802.11 header to the skb (ctl frames may be less than a full header) */
4309 datap = skb_put(skb, hdrlen);
4310 memcpy( datap, &(rxdesc->frame_control), hdrlen);
4312 /* If any, copy the data from the card to the skb */
4315 datap = skb_put(skb, datalen);
4316 memcpy(datap, rxfrm->data, datalen);
4318 /* check for unencrypted stuff if WEP bit set. */
4319 if (*(datap - hdrlen + 1) & 0x40) // wep set
4320 if ((*(datap) == 0xaa) && (*(datap+1) == 0xaa))
4321 *(datap - hdrlen + 1) &= 0xbf; // clear wep; it's the 802.2 header!
4324 if (hw->sniff_fcs) {
4326 datap = skb_put(skb, WLAN_CRC_LEN);
4327 memset( datap, 0xff, WLAN_CRC_LEN);
4330 /* pass it back up */
4331 prism2sta_ev_rx(wlandev, skb);
4339 /*----------------------------------------------------------------
4340 * hfa384x_usbin_info
4342 * At this point we have a successful received a Prism2 info frame.
4345 * wlandev wlan device
4346 * usbin ptr to the usb transfer buffer
4355 ----------------------------------------------------------------*/
4356 static void hfa384x_usbin_info(wlandevice_t *wlandev, hfa384x_usbin_t *usbin)
4360 usbin->infofrm.info.framelen = hfa384x2host_16(usbin->infofrm.info.framelen);
4361 prism2sta_ev_info(wlandev, &usbin->infofrm.info);
4368 /*----------------------------------------------------------------
4369 * hfa384x_usbout_callback
4371 * Callback for URBs on the BULKOUT endpoint.
4374 * urb ptr to the completed urb
4383 ----------------------------------------------------------------*/
4384 #ifdef URB_ONLY_CALLBACK
4385 static void hfa384x_usbout_callback(struct urb *urb)
4387 static void hfa384x_usbout_callback(struct urb *urb, struct pt_regs *regs)
4390 wlandevice_t *wlandev = urb->context;
4391 hfa384x_usbout_t *usbout = urb->transfer_buffer;
4401 switch(urb->status) {
4403 hfa384x_usbout_tx(wlandev, usbout);
4408 hfa384x_t *hw = wlandev->priv;
4409 WLAN_LOG_WARNING("%s tx pipe stalled: requesting reset\n",
4410 wlandev->netdev->name);
4411 if ( !test_and_set_bit(WORK_TX_HALT, &hw->usb_flags) )
4412 schedule_work(&hw->usb_work);
4413 ++(wlandev->linux_stats.tx_errors);
4421 hfa384x_t *hw = wlandev->priv;
4423 if ( !test_and_set_bit(THROTTLE_TX, &hw->usb_flags)
4424 && !timer_pending(&hw->throttle) ) {
4425 mod_timer(&hw->throttle,
4426 jiffies + THROTTLE_JIFFIES);
4428 ++(wlandev->linux_stats.tx_errors);
4429 netif_stop_queue(wlandev->netdev);
4435 /* Ignorable errors */
4439 WLAN_LOG_INFO("unknown urb->status=%d\n", urb->status);
4440 ++(wlandev->linux_stats.tx_errors);
4449 /*----------------------------------------------------------------
4450 * hfa384x_ctlxout_callback
4452 * Callback for control data on the BULKOUT endpoint.
4455 * urb ptr to the completed urb
4464 ----------------------------------------------------------------*/
4465 #ifdef URB_ONLY_CALLBACK
4466 static void hfa384x_ctlxout_callback(struct urb *urb)
4468 static void hfa384x_ctlxout_callback(struct urb *urb, struct pt_regs *regs)
4471 hfa384x_t *hw = urb->context;
4472 int delete_resptimer = 0;
4475 hfa384x_usbctlx_t *ctlx;
4476 unsigned long flags;
4480 WLAN_LOG_DEBUG(3,"urb->status=%d\n", urb->status);
4484 if ( (urb->status == -ESHUTDOWN) ||
4485 (urb->status == -ENODEV) ||
4490 spin_lock_irqsave(&hw->ctlxq.lock, flags);
4493 * Only one CTLX at a time on the "active" list, and
4494 * none at all if we are unplugged. However, we can
4495 * rely on the disconnect function to clean everything
4496 * up if someone unplugged the adapter.
4498 if ( list_empty(&hw->ctlxq.active) ) {
4499 spin_unlock_irqrestore(&hw->ctlxq.lock, flags);
4504 * Having something on the "active" queue means
4505 * that we have timers to worry about ...
4507 if (del_timer(&hw->reqtimer) == 0) {
4508 if (hw->req_timer_done == 0) {
4510 * This timer was actually running while we
4511 * were trying to delete it. Let it terminate
4512 * gracefully instead.
4514 spin_unlock_irqrestore(&hw->ctlxq.lock, flags);
4519 hw->req_timer_done = 1;
4522 ctlx = get_active_ctlx(hw);
4524 if ( urb->status == 0 ) {
4525 /* Request portion of a CTLX is successful */
4526 switch ( ctlx->state ) {
4527 case CTLX_REQ_SUBMITTED:
4528 /* This OUT-ACK received before IN */
4529 ctlx->state = CTLX_REQ_COMPLETE;
4532 case CTLX_RESP_COMPLETE:
4533 /* IN already received before this OUT-ACK,
4534 * so this command must now be complete.
4536 ctlx->state = CTLX_COMPLETE;
4537 unlocked_usbctlx_complete(hw, ctlx);
4542 /* This is NOT a valid CTLX "success" state! */
4544 "Illegal CTLX[%d] success state(%s, %d) in OUT URB\n",
4545 hfa384x2host_16(ctlx->outbuf.type),
4546 ctlxstr(ctlx->state), urb->status);
4550 /* If the pipe has stalled then we need to reset it */
4551 if ( (urb->status == -EPIPE) &&
4552 !test_and_set_bit(WORK_TX_HALT, &hw->usb_flags) ) {
4553 WLAN_LOG_WARNING("%s tx pipe stalled: requesting reset\n",
4554 hw->wlandev->netdev->name);
4555 schedule_work(&hw->usb_work);
4558 /* If someone cancels the OUT URB then its status
4559 * should be either -ECONNRESET or -ENOENT.
4561 ctlx->state = CTLX_REQ_FAILED;
4562 unlocked_usbctlx_complete(hw, ctlx);
4563 delete_resptimer = 1;
4568 if (delete_resptimer) {
4569 if ((timer_ok = del_timer(&hw->resptimer)) != 0) {
4570 hw->resp_timer_done = 1;
4574 spin_unlock_irqrestore(&hw->ctlxq.lock, flags);
4576 if ( !timer_ok && (hw->resp_timer_done == 0) ) {
4577 spin_lock_irqsave(&hw->ctlxq.lock, flags);
4582 hfa384x_usbctlxq_run(hw);
4589 /*----------------------------------------------------------------
4590 * hfa384x_usbctlx_reqtimerfn
4592 * Timer response function for CTLX request timeouts. If this
4593 * function is called, it means that the callback for the OUT
4594 * URB containing a Prism2.x XXX_Request was never called.
4597 * data a ptr to the hfa384x_t
4606 ----------------------------------------------------------------*/
4608 hfa384x_usbctlx_reqtimerfn(unsigned long data)
4610 hfa384x_t *hw = (hfa384x_t*)data;
4611 unsigned long flags;
4614 spin_lock_irqsave(&hw->ctlxq.lock, flags);
4616 hw->req_timer_done = 1;
4618 /* Removing the hardware automatically empties
4619 * the active list ...
4621 if ( !list_empty(&hw->ctlxq.active) )
4624 * We must ensure that our URB is removed from
4625 * the system, if it hasn't already expired.
4627 hw->ctlx_urb.transfer_flags |= URB_ASYNC_UNLINK;
4628 if (usb_unlink_urb(&hw->ctlx_urb) == -EINPROGRESS)
4630 hfa384x_usbctlx_t *ctlx = get_active_ctlx(hw);
4632 ctlx->state = CTLX_REQ_FAILED;
4634 /* This URB was active, but has now been
4635 * cancelled. It will now have a status of
4636 * -ECONNRESET in the callback function.
4638 * We are cancelling this CTLX, so we're
4639 * not going to need to wait for a response.
4640 * The URB's callback function will check
4641 * that this timer is truly dead.
4643 if (del_timer(&hw->resptimer) != 0)
4644 hw->resp_timer_done = 1;
4648 spin_unlock_irqrestore(&hw->ctlxq.lock, flags);
4654 /*----------------------------------------------------------------
4655 * hfa384x_usbctlx_resptimerfn
4657 * Timer response function for CTLX response timeouts. If this
4658 * function is called, it means that the callback for the IN
4659 * URB containing a Prism2.x XXX_Response was never called.
4662 * data a ptr to the hfa384x_t
4671 ----------------------------------------------------------------*/
4673 hfa384x_usbctlx_resptimerfn(unsigned long data)
4675 hfa384x_t *hw = (hfa384x_t*)data;
4676 unsigned long flags;
4680 spin_lock_irqsave(&hw->ctlxq.lock, flags);
4682 hw->resp_timer_done = 1;
4684 /* The active list will be empty if the
4685 * adapter has been unplugged ...
4687 if ( !list_empty(&hw->ctlxq.active) )
4689 hfa384x_usbctlx_t *ctlx = get_active_ctlx(hw);
4691 if ( unlocked_usbctlx_cancel_async(hw, ctlx) == 0 )
4693 spin_unlock_irqrestore(&hw->ctlxq.lock, flags);
4694 hfa384x_usbctlxq_run(hw);
4699 spin_unlock_irqrestore(&hw->ctlxq.lock, flags);
4705 /*----------------------------------------------------------------
4706 * hfa384x_usb_throttlefn
4719 ----------------------------------------------------------------*/
4721 hfa384x_usb_throttlefn(unsigned long data)
4723 hfa384x_t *hw = (hfa384x_t*)data;
4724 unsigned long flags;
4728 spin_lock_irqsave(&hw->ctlxq.lock, flags);
4731 * We need to check BOTH the RX and the TX throttle controls,
4732 * so we use the bitwise OR instead of the logical OR.
4734 WLAN_LOG_DEBUG(3, "flags=0x%lx\n", hw->usb_flags);
4735 if ( !hw->wlandev->hwremoved &&
4737 (test_and_clear_bit(THROTTLE_RX, &hw->usb_flags) &&
4738 !test_and_set_bit(WORK_RX_RESUME, &hw->usb_flags))
4740 (test_and_clear_bit(THROTTLE_TX, &hw->usb_flags) &&
4741 !test_and_set_bit(WORK_TX_RESUME, &hw->usb_flags))
4744 schedule_work(&hw->usb_work);
4747 spin_unlock_irqrestore(&hw->ctlxq.lock, flags);
4753 /*----------------------------------------------------------------
4754 * hfa384x_usbctlx_submit
4756 * Called from the doxxx functions to submit a CTLX to the queue
4759 * hw ptr to the hw struct
4760 * ctlx ctlx structure to enqueue
4763 * -ENODEV if the adapter is unplugged
4769 * process or interrupt
4770 ----------------------------------------------------------------*/
4772 hfa384x_usbctlx_submit(
4774 hfa384x_usbctlx_t *ctlx)
4776 unsigned long flags;
4781 spin_lock_irqsave(&hw->ctlxq.lock, flags);
4783 if (hw->wlandev->hwremoved) {
4784 spin_unlock_irqrestore(&hw->ctlxq.lock, flags);
4787 ctlx->state = CTLX_PENDING;
4788 list_add_tail(&ctlx->list, &hw->ctlxq.pending);
4790 spin_unlock_irqrestore(&hw->ctlxq.lock, flags);
4791 hfa384x_usbctlxq_run(hw);
4800 /*----------------------------------------------------------------
4803 * At this point we have finished a send of a frame. Mark the URB
4804 * as available and call ev_alloc to notify higher layers we're
4808 * wlandev wlan device
4809 * usbout ptr to the usb transfer buffer
4818 ----------------------------------------------------------------*/
4819 static void hfa384x_usbout_tx(wlandevice_t *wlandev, hfa384x_usbout_t *usbout)
4823 prism2sta_ev_alloc(wlandev);
4828 /*----------------------------------------------------------------
4829 * hfa384x_isgood_pdrcore
4831 * Quick check of PDR codes.
4834 * pdrcode PDR code number (host order)
4843 ----------------------------------------------------------------*/
4845 hfa384x_isgood_pdrcode(u16 pdrcode)
4848 case HFA384x_PDR_END_OF_PDA:
4849 case HFA384x_PDR_PCB_PARTNUM:
4850 case HFA384x_PDR_PDAVER:
4851 case HFA384x_PDR_NIC_SERIAL:
4852 case HFA384x_PDR_MKK_MEASUREMENTS:
4853 case HFA384x_PDR_NIC_RAMSIZE:
4854 case HFA384x_PDR_MFISUPRANGE:
4855 case HFA384x_PDR_CFISUPRANGE:
4856 case HFA384x_PDR_NICID:
4857 case HFA384x_PDR_MAC_ADDRESS:
4858 case HFA384x_PDR_REGDOMAIN:
4859 case HFA384x_PDR_ALLOWED_CHANNEL:
4860 case HFA384x_PDR_DEFAULT_CHANNEL:
4861 case HFA384x_PDR_TEMPTYPE:
4862 case HFA384x_PDR_IFR_SETTING:
4863 case HFA384x_PDR_RFR_SETTING:
4864 case HFA384x_PDR_HFA3861_BASELINE:
4865 case HFA384x_PDR_HFA3861_SHADOW:
4866 case HFA384x_PDR_HFA3861_IFRF:
4867 case HFA384x_PDR_HFA3861_CHCALSP:
4868 case HFA384x_PDR_HFA3861_CHCALI:
4869 case HFA384x_PDR_3842_NIC_CONFIG:
4870 case HFA384x_PDR_USB_ID:
4871 case HFA384x_PDR_PCI_ID:
4872 case HFA384x_PDR_PCI_IFCONF:
4873 case HFA384x_PDR_PCI_PMCONF:
4874 case HFA384x_PDR_RFENRGY:
4875 case HFA384x_PDR_HFA3861_MANF_TESTSP:
4876 case HFA384x_PDR_HFA3861_MANF_TESTI:
4881 if ( pdrcode < 0x1000 ) {
4882 /* code is OK, but we don't know exactly what it is */
4884 "Encountered unknown PDR#=0x%04x, "
4885 "assuming it's ok.\n",
4891 "Encountered unknown PDR#=0x%04x, "
4892 "(>=0x1000), assuming it's bad.\n",
4898 return 0; /* avoid compiler warnings */