1 /* src/prism2/driver/hfa384x_usb.c
 
   3 * Functions that talk to the USB variantof the Intersil hfa384x MAC
 
   5 * Copyright (C) 1999 AbsoluteValue Systems, Inc.  All Rights Reserved.
 
   6 * --------------------------------------------------------------------
 
  10 *   The contents of this file are subject to the Mozilla Public
 
  11 *   License Version 1.1 (the "License"); you may not use this file
 
  12 *   except in compliance with the License. You may obtain a copy of
 
  13 *   the License at http://www.mozilla.org/MPL/
 
  15 *   Software distributed under the License is distributed on an "AS
 
  16 *   IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
 
  17 *   implied. See the License for the specific language governing
 
  18 *   rights and limitations under the License.
 
  20 *   Alternatively, the contents of this file may be used under the
 
  21 *   terms of the GNU Public License version 2 (the "GPL"), in which
 
  22 *   case the provisions of the GPL are applicable instead of the
 
  23 *   above.  If you wish to allow the use of your version of this file
 
  24 *   only under the terms of the GPL and not to allow others to use
 
  25 *   your version of this file under the MPL, indicate your decision
 
  26 *   by deleting the provisions above and replace them with the notice
 
  27 *   and other provisions required by the GPL.  If you do not delete
 
  28 *   the provisions above, a recipient may use your version of this
 
  29 *   file under either the MPL or the GPL.
 
  31 * --------------------------------------------------------------------
 
  33 * Inquiries regarding the linux-wlan Open Source project can be
 
  36 * AbsoluteValue Systems Inc.
 
  38 * http://www.linux-wlan.com
 
  40 * --------------------------------------------------------------------
 
  42 * Portions of the development of this software were funded by
 
  43 * Intersil Corporation as part of PRISM(R) chipset product development.
 
  45 * --------------------------------------------------------------------
 
  47 * This file implements functions that correspond to the prism2/hfa384x
 
  48 * 802.11 MAC hardware and firmware host interface.
 
  50 * The functions can be considered to represent several levels of
 
  51 * abstraction.  The lowest level functions are simply C-callable wrappers
 
  52 * around the register accesses.  The next higher level represents C-callable
 
  53 * prism2 API functions that match the Intersil documentation as closely
 
  54 * as is reasonable.  The next higher layer implements common sequences
 
  55 * of invokations of the API layer (e.g. write to bap, followed by cmd).
 
  58 * hfa384x_drvr_xxx      Highest level abstractions provided by the
 
  59 *                       hfa384x code.  They are driver defined wrappers
 
  60 *                       for common sequences.  These functions generally
 
  61 *                       use the services of the lower levels.
 
  63 * hfa384x_drvr_xxxconfig  An example of the drvr level abstraction. These
 
  64 *                       functions are wrappers for the RID get/set
 
  65 *                       sequence. They  call copy_[to|from]_bap() and
 
  66 *                       cmd_access().   These functions operate on the
 
  67 *                       RIDs and buffers without validation.  The caller
 
  68 *                       is responsible for that.
 
  70 * API wrapper functions:
 
  71 * hfa384x_cmd_xxx       functions that provide access to the f/w commands.
 
  72 *                       The function arguments correspond to each command
 
  73 *                       argument, even command arguments that get packed
 
  74 *                       into single registers.  These functions _just_
 
  75 *                       issue the command by setting the cmd/parm regs
 
  76 *                       & reading the status/resp regs.  Additional
 
  77 *                       activities required to fully use a command
 
  78 *                       (read/write from/to bap, get/set int status etc.)
 
  79 *                       are implemented separately.  Think of these as
 
  80 *                       C-callable prism2 commands.
 
  82 * Lowest Layer Functions:
 
  83 * hfa384x_docmd_xxx     These functions implement the sequence required
 
  84 *                       to issue any prism2 command.  Primarily used by the
 
  85 *                       hfa384x_cmd_xxx functions.
 
  87 * hfa384x_bap_xxx       BAP read/write access functions.
 
  88 *                       Note: we usually use BAP0 for non-interrupt context
 
  89 *                        and BAP1 for interrupt context.
 
  91 * hfa384x_dl_xxx        download related functions.
 
  93 * Driver State Issues:
 
  94 * Note that there are two pairs of functions that manage the
 
  95 * 'initialized' and 'running' states of the hw/MAC combo.  The four
 
  96 * functions are create(), destroy(), start(), and stop().  create()
 
  97 * sets up the data structures required to support the hfa384x_*
 
  98 * functions and destroy() cleans them up.  The start() function gets
 
  99 * the actual hardware running and enables the interrupts.  The stop()
 
 100 * function shuts the hardware down.  The sequence should be:
 
 104 *  .  Do interesting things w/ the hardware
 
 109 * Note that destroy() can be called without calling stop() first.
 
 110 * --------------------------------------------------------------------
 
 113 /*================================================================*/
 
 114 /* System Includes */
 
 115 #define WLAN_DBVAR      prism2_debug
 
 117 #include <linux/version.h>
 
 119 #include <linux/module.h>
 
 120 #include <linux/kernel.h>
 
 121 #include <linux/sched.h>
 
 122 #include <linux/types.h>
 
 123 #include <linux/slab.h>
 
 124 #include <linux/wireless.h>
 
 125 #include <linux/netdevice.h>
 
 126 #include <linux/timer.h>
 
 128 #include <linux/delay.h>
 
 129 #include <asm/byteorder.h>
 
 130 #include <asm/bitops.h>
 
 131 #include <linux/list.h>
 
 132 #include <linux/usb.h>
 
 134 #include "wlan_compat.h"
 
 136 #define SUBMIT_URB(u,f)  usb_submit_urb(u,f)
 
 138 /*================================================================*/
 
 139 /* Project Includes */
 
 141 #include "p80211types.h"
 
 142 #include "p80211hdr.h"
 
 143 #include "p80211mgmt.h"
 
 144 #include "p80211conv.h"
 
 145 #include "p80211msg.h"
 
 146 #include "p80211netdev.h"
 
 147 #include "p80211req.h"
 
 148 #include "p80211metadef.h"
 
 149 #include "p80211metastruct.h"
 
 151 #include "prism2mgmt.h"
 
 153 /*================================================================*/
 
 154 /* Local Constants */
 
 161 typedef enum cmd_mode CMD_MODE;
 
 163 #define THROTTLE_JIFFIES        (HZ/8)
 
 165 /*================================================================*/
 
 168 #define ROUNDUP64(a) (((a)+63)&~63)
 
 170 /*================================================================*/
 
 173 /*================================================================*/
 
 174 /* Local Static Definitions */
 
 175 extern int prism2_debug;
 
 177 /*================================================================*/
 
 178 /* Local Function Declarations */
 
 182 dbprint_urb(struct urb* urb);
 
 186 hfa384x_int_rxmonitor(
 
 187         wlandevice_t *wlandev,
 
 188         hfa384x_usb_rxfrm_t *rxfrm);
 
 191 hfa384x_usb_defer(struct work_struct *data);
 
 194 submit_rx_urb(hfa384x_t *hw, gfp_t flags);
 
 197 submit_tx_urb(hfa384x_t *hw, struct urb *tx_urb, gfp_t flags);
 
 199 /*---------------------------------------------------*/
 
 202 hfa384x_usbout_callback(struct urb *urb);
 
 204 hfa384x_ctlxout_callback(struct urb *urb);
 
 206 hfa384x_usbin_callback(struct urb *urb);
 
 209 hfa384x_usbin_txcompl(wlandevice_t *wlandev, hfa384x_usbin_t *usbin);
 
 212 hfa384x_usbin_rx(wlandevice_t *wlandev, struct sk_buff *skb);
 
 215 hfa384x_usbin_info(wlandevice_t *wlandev, hfa384x_usbin_t *usbin);
 
 218 hfa384x_usbout_tx(wlandevice_t *wlandev, hfa384x_usbout_t *usbout);
 
 220 static void hfa384x_usbin_ctlx(hfa384x_t *hw, hfa384x_usbin_t *usbin,
 
 223 /*---------------------------------------------------*/
 
 224 /* Functions to support the prism2 usb command queue */
 
 227 hfa384x_usbctlxq_run(hfa384x_t *hw);
 
 230 hfa384x_usbctlx_reqtimerfn(unsigned long data);
 
 233 hfa384x_usbctlx_resptimerfn(unsigned long data);
 
 236 hfa384x_usb_throttlefn(unsigned long data);
 
 239 hfa384x_usbctlx_completion_task(unsigned long data);
 
 242 hfa384x_usbctlx_reaper_task(unsigned long data);
 
 245 hfa384x_usbctlx_submit(hfa384x_t *hw, hfa384x_usbctlx_t *ctlx);
 
 248 unlocked_usbctlx_complete(hfa384x_t *hw, hfa384x_usbctlx_t *ctlx);
 
 250 struct usbctlx_completor
 
 252         int (*complete)(struct usbctlx_completor*);
 
 254 typedef struct usbctlx_completor usbctlx_completor_t;
 
 257 hfa384x_usbctlx_complete_sync(hfa384x_t *hw,
 
 258                               hfa384x_usbctlx_t *ctlx,
 
 259                               usbctlx_completor_t *completor);
 
 262 unlocked_usbctlx_cancel_async(hfa384x_t *hw, hfa384x_usbctlx_t *ctlx);
 
 265 hfa384x_cb_status(hfa384x_t *hw, const hfa384x_usbctlx_t *ctlx);
 
 268 hfa384x_cb_rrid(hfa384x_t *hw, const hfa384x_usbctlx_t *ctlx);
 
 271 usbctlx_get_status(const hfa384x_usb_cmdresp_t *cmdresp,
 
 272                    hfa384x_cmdresult_t *result);
 
 275 usbctlx_get_rridresult(const hfa384x_usb_rridresp_t *rridresp,
 
 276                        hfa384x_rridresult_t *result);
 
 278 /*---------------------------------------------------*/
 
 279 /* Low level req/resp CTLX formatters and submitters */
 
 284         hfa384x_metacmd_t *cmd,
 
 286         ctlx_usercb_t usercb,
 
 295         unsigned int    riddatalen,
 
 297         ctlx_usercb_t usercb,
 
 306         unsigned int    riddatalen,
 
 308         ctlx_usercb_t usercb,
 
 320         ctlx_usercb_t usercb,
 
 332         ctlx_usercb_t usercb,
 
 336 hfa384x_isgood_pdrcode(u16 pdrcode);
 
 338 /*================================================================*/
 
 339 /* Function Definitions */
 
 340 static inline const char* ctlxstr(CTLX_STATE s)
 
 342         static const char* ctlx_str[] = {
 
 347                 "Request packet submitted",
 
 348                 "Request packet completed",
 
 349                 "Response packet completed"
 
 356 static inline hfa384x_usbctlx_t*
 
 357 get_active_ctlx(hfa384x_t *hw)
 
 359         return list_entry(hw->ctlxq.active.next, hfa384x_usbctlx_t, list);
 
 365 dbprint_urb(struct urb* urb)
 
 367         WLAN_LOG_DEBUG(3,"urb->pipe=0x%08x\n", urb->pipe);
 
 368         WLAN_LOG_DEBUG(3,"urb->status=0x%08x\n", urb->status);
 
 369         WLAN_LOG_DEBUG(3,"urb->transfer_flags=0x%08x\n", urb->transfer_flags);
 
 370         WLAN_LOG_DEBUG(3,"urb->transfer_buffer=0x%08x\n", (unsigned int)urb->transfer_buffer);
 
 371         WLAN_LOG_DEBUG(3,"urb->transfer_buffer_length=0x%08x\n", urb->transfer_buffer_length);
 
 372         WLAN_LOG_DEBUG(3,"urb->actual_length=0x%08x\n", urb->actual_length);
 
 373         WLAN_LOG_DEBUG(3,"urb->bandwidth=0x%08x\n", urb->bandwidth);
 
 374         WLAN_LOG_DEBUG(3,"urb->setup_packet(ctl)=0x%08x\n", (unsigned int)urb->setup_packet);
 
 375         WLAN_LOG_DEBUG(3,"urb->start_frame(iso/irq)=0x%08x\n", urb->start_frame);
 
 376         WLAN_LOG_DEBUG(3,"urb->interval(irq)=0x%08x\n", urb->interval);
 
 377         WLAN_LOG_DEBUG(3,"urb->error_count(iso)=0x%08x\n", urb->error_count);
 
 378         WLAN_LOG_DEBUG(3,"urb->timeout=0x%08x\n", urb->timeout);
 
 379         WLAN_LOG_DEBUG(3,"urb->context=0x%08x\n", (unsigned int)urb->context);
 
 380         WLAN_LOG_DEBUG(3,"urb->complete=0x%08x\n", (unsigned int)urb->complete);
 
 385 /*----------------------------------------------------------------
 
 388 * Listen for input data on the BULK-IN pipe. If the pipe has
 
 389 * stalled then schedule it to be reset.
 
 393 *       memflags        memory allocation flags
 
 396 *       error code from submission
 
 400 ----------------------------------------------------------------*/
 
 402 submit_rx_urb(hfa384x_t *hw, gfp_t memflags)
 
 409         skb = dev_alloc_skb(sizeof(hfa384x_usbin_t));
 
 415         /* Post the IN urb */
 
 416         usb_fill_bulk_urb(&hw->rx_urb, hw->usb,
 
 418                       skb->data, sizeof(hfa384x_usbin_t),
 
 419                       hfa384x_usbin_callback, hw->wlandev);
 
 421         hw->rx_urb_skb = skb;
 
 424         if ( !hw->wlandev->hwremoved && !test_bit(WORK_RX_HALT, &hw->usb_flags)) {
 
 425                 result = SUBMIT_URB(&hw->rx_urb, memflags);
 
 427                 /* Check whether we need to reset the RX pipe */
 
 428                 if (result == -EPIPE) {
 
 429                         WLAN_LOG_WARNING("%s rx pipe stalled: requesting reset\n",
 
 430                                          hw->wlandev->netdev->name);
 
 431                         if ( !test_and_set_bit(WORK_RX_HALT, &hw->usb_flags) )
 
 432                                 schedule_work(&hw->usb_work);
 
 436         /* Don't leak memory if anything should go wrong */
 
 439                 hw->rx_urb_skb = NULL;
 
 448 /*----------------------------------------------------------------
 
 451 * Prepares and submits the URB of transmitted data. If the
 
 452 * submission fails then it will schedule the output pipe to
 
 457 *       tx_urb          URB of data for tranmission
 
 458 *       memflags        memory allocation flags
 
 461 *       error code from submission
 
 465 ----------------------------------------------------------------*/
 
 467 submit_tx_urb(hfa384x_t *hw, struct urb *tx_urb, gfp_t memflags)
 
 469         struct net_device *netdev = hw->wlandev->netdev;
 
 475         if ( netif_running(netdev) ) {
 
 477                 if ( !hw->wlandev->hwremoved && !test_bit(WORK_TX_HALT, &hw->usb_flags) ) {
 
 478                         result = SUBMIT_URB(tx_urb, memflags);
 
 480                         /* Test whether we need to reset the TX pipe */
 
 481                         if (result == -EPIPE) {
 
 482                                 WLAN_LOG_WARNING("%s tx pipe stalled: requesting reset\n",
 
 484                                 set_bit(WORK_TX_HALT, &hw->usb_flags);
 
 485                                 schedule_work(&hw->usb_work);
 
 486                         } else if (result == 0) {
 
 487                                 netif_stop_queue(netdev);
 
 497 /*----------------------------------------------------------------
 
 500 * There are some things that the USB stack cannot do while
 
 501 * in interrupt context, so we arrange this function to run
 
 502 * in process context.
 
 505 *       hw      device structure
 
 511 *       process (by design)
 
 512 ----------------------------------------------------------------*/
 
 514 hfa384x_usb_defer(struct work_struct *data)
 
 516         hfa384x_t *hw = container_of(data, struct hfa384x, usb_work);
 
 517         struct net_device *netdev = hw->wlandev->netdev;
 
 521         /* Don't bother trying to reset anything if the plug
 
 522          * has been pulled ...
 
 524         if ( hw->wlandev->hwremoved ) {
 
 529         /* Reception has stopped: try to reset the input pipe */
 
 530         if (test_bit(WORK_RX_HALT, &hw->usb_flags)) {
 
 533                 usb_kill_urb(&hw->rx_urb);  /* Cannot be holding spinlock! */
 
 535                 ret = usb_clear_halt(hw->usb, hw->endp_in);
 
 538                                "Failed to clear rx pipe for %s: err=%d\n",
 
 541                         printk(KERN_INFO "%s rx pipe reset complete.\n",
 
 543                         clear_bit(WORK_RX_HALT, &hw->usb_flags);
 
 544                         set_bit(WORK_RX_RESUME, &hw->usb_flags);
 
 548         /* Resume receiving data back from the device. */
 
 549         if ( test_bit(WORK_RX_RESUME, &hw->usb_flags) ) {
 
 552                 ret = submit_rx_urb(hw, GFP_KERNEL);
 
 555                                "Failed to resume %s rx pipe.\n", netdev->name);
 
 557                         clear_bit(WORK_RX_RESUME, &hw->usb_flags);
 
 561         /* Transmission has stopped: try to reset the output pipe */
 
 562         if (test_bit(WORK_TX_HALT, &hw->usb_flags)) {
 
 565                 usb_kill_urb(&hw->tx_urb);
 
 566                 ret = usb_clear_halt(hw->usb, hw->endp_out);
 
 569                                "Failed to clear tx pipe for %s: err=%d\n",
 
 572                         printk(KERN_INFO "%s tx pipe reset complete.\n",
 
 574                         clear_bit(WORK_TX_HALT, &hw->usb_flags);
 
 575                         set_bit(WORK_TX_RESUME, &hw->usb_flags);
 
 577                         /* Stopping the BULK-OUT pipe also blocked
 
 578                          * us from sending any more CTLX URBs, so
 
 579                          * we need to re-run our queue ...
 
 581                         hfa384x_usbctlxq_run(hw);
 
 585         /* Resume transmitting. */
 
 586         if ( test_and_clear_bit(WORK_TX_RESUME, &hw->usb_flags) ) {
 
 587                 netif_wake_queue(hw->wlandev->netdev);
 
 594 /*----------------------------------------------------------------
 
 597 * Sets up the hfa384x_t data structure for use.  Note this
 
 598 * does _not_ intialize the actual hardware, just the data structures
 
 599 * we use to keep track of its state.
 
 602 *       hw              device structure
 
 603 *       irq             device irq number
 
 604 *       iobase          i/o base address for register access
 
 605 *       membase         memory base address for register access
 
 614 ----------------------------------------------------------------*/
 
 616 hfa384x_create( hfa384x_t *hw, struct usb_device *usb)
 
 620         memset(hw, 0, sizeof(hfa384x_t));
 
 623         /* set up the endpoints */
 
 624         hw->endp_in = usb_rcvbulkpipe(usb, 1);
 
 625         hw->endp_out = usb_sndbulkpipe(usb, 2);
 
 627         /* Set up the waitq */
 
 628         init_waitqueue_head(&hw->cmdq);
 
 630         /* Initialize the command queue */
 
 631         spin_lock_init(&hw->ctlxq.lock);
 
 632         INIT_LIST_HEAD(&hw->ctlxq.pending);
 
 633         INIT_LIST_HEAD(&hw->ctlxq.active);
 
 634         INIT_LIST_HEAD(&hw->ctlxq.completing);
 
 635         INIT_LIST_HEAD(&hw->ctlxq.reapable);
 
 637         /* Initialize the authentication queue */
 
 638         skb_queue_head_init(&hw->authq);
 
 640         tasklet_init(&hw->reaper_bh,
 
 641                      hfa384x_usbctlx_reaper_task,
 
 643         tasklet_init(&hw->completion_bh,
 
 644                      hfa384x_usbctlx_completion_task,
 
 646         INIT_WORK(&hw->link_bh, prism2sta_processing_defer);
 
 647         INIT_WORK(&hw->usb_work, hfa384x_usb_defer);
 
 649         init_timer(&hw->throttle);
 
 650         hw->throttle.function = hfa384x_usb_throttlefn;
 
 651         hw->throttle.data = (unsigned long)hw;
 
 653         init_timer(&hw->resptimer);
 
 654         hw->resptimer.function = hfa384x_usbctlx_resptimerfn;
 
 655         hw->resptimer.data = (unsigned long)hw;
 
 657         init_timer(&hw->reqtimer);
 
 658         hw->reqtimer.function = hfa384x_usbctlx_reqtimerfn;
 
 659         hw->reqtimer.data = (unsigned long)hw;
 
 661         usb_init_urb(&hw->rx_urb);
 
 662         usb_init_urb(&hw->tx_urb);
 
 663         usb_init_urb(&hw->ctlx_urb);
 
 665         hw->link_status = HFA384x_LINK_NOTCONNECTED;
 
 666         hw->state = HFA384x_STATE_INIT;
 
 668         INIT_WORK(&hw->commsqual_bh, prism2sta_commsqual_defer);
 
 669         init_timer(&hw->commsqual_timer);
 
 670         hw->commsqual_timer.data = (unsigned long) hw;
 
 671         hw->commsqual_timer.function = prism2sta_commsqual_timer;
 
 677 /*----------------------------------------------------------------
 
 680 * Partner to hfa384x_create().  This function cleans up the hw
 
 681 * structure so that it can be freed by the caller using a simple
 
 682 * kfree.  Currently, this function is just a placeholder.  If, at some
 
 683 * point in the future, an hw in the 'shutdown' state requires a 'deep'
 
 684 * kfree, this is where it should be done.  Note that if this function
 
 685 * is called on a _running_ hw structure, the drvr_stop() function is
 
 689 *       hw              device structure
 
 692 *       nothing, this function is not allowed to fail.
 
 698 ----------------------------------------------------------------*/
 
 700 hfa384x_destroy( hfa384x_t *hw)
 
 706         if ( hw->state == HFA384x_STATE_RUNNING ) {
 
 707                 hfa384x_drvr_stop(hw);
 
 709         hw->state = HFA384x_STATE_PREINIT;
 
 711         if (hw->scanresults) {
 
 712                 kfree(hw->scanresults);
 
 713                 hw->scanresults = NULL;
 
 716         /* Now to clean out the auth queue */
 
 717         while ( (skb = skb_dequeue(&hw->authq)) ) {
 
 725 /*----------------------------------------------------------------
 
 727 static hfa384x_usbctlx_t* usbctlx_alloc(void)
 
 729         hfa384x_usbctlx_t *ctlx;
 
 731         ctlx = kmalloc(sizeof(*ctlx), in_interrupt() ? GFP_ATOMIC : GFP_KERNEL);
 
 734                 memset(ctlx, 0, sizeof(*ctlx));
 
 735                 init_completion(&ctlx->done);
 
 742 /*----------------------------------------------------------------
 
 744 ----------------------------------------------------------------*/
 
 746 usbctlx_get_status(const hfa384x_usb_cmdresp_t *cmdresp,
 
 747                    hfa384x_cmdresult_t *result)
 
 751         result->status = hfa384x2host_16(cmdresp->status);
 
 752         result->resp0 = hfa384x2host_16(cmdresp->resp0);
 
 753         result->resp1 = hfa384x2host_16(cmdresp->resp1);
 
 754         result->resp2 = hfa384x2host_16(cmdresp->resp2);
 
 756         WLAN_LOG_DEBUG(4, "cmdresult:status=0x%04x "
 
 757                           "resp0=0x%04x resp1=0x%04x resp2=0x%04x\n",
 
 764         return (result->status & HFA384x_STATUS_RESULT);
 
 768 usbctlx_get_rridresult(const hfa384x_usb_rridresp_t *rridresp,
 
 769                        hfa384x_rridresult_t *result)
 
 773         result->rid = hfa384x2host_16(rridresp->rid);
 
 774         result->riddata = rridresp->data;
 
 775         result->riddata_len = ((hfa384x2host_16(rridresp->frmlen) - 1) * 2);
 
 781 /*----------------------------------------------------------------
 
 783 * This completor must be passed to hfa384x_usbctlx_complete_sync()
 
 784 * when processing a CTLX that returns a hfa384x_cmdresult_t structure.
 
 785 ----------------------------------------------------------------*/
 
 786 struct usbctlx_cmd_completor
 
 788         usbctlx_completor_t     head;
 
 790         const hfa384x_usb_cmdresp_t     *cmdresp;
 
 791         hfa384x_cmdresult_t     *result;
 
 793 typedef struct usbctlx_cmd_completor usbctlx_cmd_completor_t;
 
 795 static int usbctlx_cmd_completor_fn(usbctlx_completor_t *head)
 
 797         usbctlx_cmd_completor_t *complete = (usbctlx_cmd_completor_t*)head;
 
 798         return usbctlx_get_status(complete->cmdresp, complete->result);
 
 801 static inline usbctlx_completor_t*
 
 802 init_cmd_completor(usbctlx_cmd_completor_t *completor,
 
 803                    const hfa384x_usb_cmdresp_t *cmdresp,
 
 804                    hfa384x_cmdresult_t *result)
 
 806         completor->head.complete = usbctlx_cmd_completor_fn;
 
 807         completor->cmdresp = cmdresp;
 
 808         completor->result = result;
 
 809         return &(completor->head);
 
 812 /*----------------------------------------------------------------
 
 814 * This completor must be passed to hfa384x_usbctlx_complete_sync()
 
 815 * when processing a CTLX that reads a RID.
 
 816 ----------------------------------------------------------------*/
 
 817 struct usbctlx_rrid_completor
 
 819         usbctlx_completor_t     head;
 
 821         const hfa384x_usb_rridresp_t    *rridresp;
 
 823         unsigned int                    riddatalen;
 
 825 typedef struct usbctlx_rrid_completor usbctlx_rrid_completor_t;
 
 827 static int usbctlx_rrid_completor_fn(usbctlx_completor_t *head)
 
 829         usbctlx_rrid_completor_t *complete = (usbctlx_rrid_completor_t*)head;
 
 830         hfa384x_rridresult_t rridresult;
 
 832         usbctlx_get_rridresult(complete->rridresp, &rridresult);
 
 834         /* Validate the length, note body len calculation in bytes */
 
 835         if ( rridresult.riddata_len != complete->riddatalen ) {
 
 837                         "RID len mismatch, rid=0x%04x hlen=%d fwlen=%d\n",
 
 839                         complete->riddatalen,
 
 840                         rridresult.riddata_len);
 
 844         memcpy(complete->riddata,
 
 846                complete->riddatalen);
 
 850 static inline usbctlx_completor_t*
 
 851 init_rrid_completor(usbctlx_rrid_completor_t *completor,
 
 852                     const hfa384x_usb_rridresp_t *rridresp,
 
 854                     unsigned int riddatalen)
 
 856         completor->head.complete = usbctlx_rrid_completor_fn;
 
 857         completor->rridresp = rridresp;
 
 858         completor->riddata = riddata;
 
 859         completor->riddatalen = riddatalen;
 
 860         return &(completor->head);
 
 863 /*----------------------------------------------------------------
 
 865 * Interprets the results of a synchronous RID-write
 
 866 ----------------------------------------------------------------*/
 
 867 typedef usbctlx_cmd_completor_t usbctlx_wrid_completor_t;
 
 868 #define init_wrid_completor  init_cmd_completor
 
 870 /*----------------------------------------------------------------
 
 872 * Interprets the results of a synchronous memory-write
 
 873 ----------------------------------------------------------------*/
 
 874 typedef usbctlx_cmd_completor_t usbctlx_wmem_completor_t;
 
 875 #define init_wmem_completor  init_cmd_completor
 
 877 /*----------------------------------------------------------------
 
 879 * Interprets the results of a synchronous memory-read
 
 880 ----------------------------------------------------------------*/
 
 881 struct usbctlx_rmem_completor
 
 883         usbctlx_completor_t           head;
 
 885         const hfa384x_usb_rmemresp_t  *rmemresp;
 
 889 typedef struct usbctlx_rmem_completor usbctlx_rmem_completor_t;
 
 891 static int usbctlx_rmem_completor_fn(usbctlx_completor_t *head)
 
 893         usbctlx_rmem_completor_t *complete = (usbctlx_rmem_completor_t*)head;
 
 895         WLAN_LOG_DEBUG(4,"rmemresp:len=%d\n", complete->rmemresp->frmlen);
 
 896         memcpy(complete->data, complete->rmemresp->data, complete->len);
 
 900 static inline usbctlx_completor_t*
 
 901 init_rmem_completor(usbctlx_rmem_completor_t *completor,
 
 902                     hfa384x_usb_rmemresp_t *rmemresp,
 
 906         completor->head.complete = usbctlx_rmem_completor_fn;
 
 907         completor->rmemresp = rmemresp;
 
 908         completor->data = data;
 
 909         completor->len = len;
 
 910         return &(completor->head);
 
 913 /*----------------------------------------------------------------
 
 916 * Ctlx_complete handler for async CMD type control exchanges.
 
 917 * mark the hw struct as such.
 
 919 * Note: If the handling is changed here, it should probably be
 
 920 *       changed in docmd as well.
 
 924 *       ctlx            completed CTLX
 
 933 ----------------------------------------------------------------*/
 
 935 hfa384x_cb_status(hfa384x_t *hw, const hfa384x_usbctlx_t *ctlx)
 
 939         if ( ctlx->usercb != NULL ) {
 
 940                 hfa384x_cmdresult_t cmdresult;
 
 942                 if (ctlx->state != CTLX_COMPLETE) {
 
 943                         memset(&cmdresult, 0, sizeof(cmdresult));
 
 944                         cmdresult.status = HFA384x_STATUS_RESULT_SET(HFA384x_CMD_ERR);
 
 946                         usbctlx_get_status(&ctlx->inbuf.cmdresp, &cmdresult);
 
 949                 ctlx->usercb(hw, &cmdresult, ctlx->usercb_data);
 
 956 /*----------------------------------------------------------------
 
 959 * CTLX completion handler for async RRID type control exchanges.
 
 961 * Note: If the handling is changed here, it should probably be
 
 962 *       changed in dorrid as well.
 
 966 *       ctlx            completed CTLX
 
 975 ----------------------------------------------------------------*/
 
 977 hfa384x_cb_rrid(hfa384x_t *hw, const hfa384x_usbctlx_t *ctlx)
 
 981         if ( ctlx->usercb != NULL ) {
 
 982                 hfa384x_rridresult_t rridresult;
 
 984                 if (ctlx->state != CTLX_COMPLETE) {
 
 985                         memset(&rridresult, 0, sizeof(rridresult));
 
 986                         rridresult.rid = hfa384x2host_16(ctlx->outbuf.rridreq.rid);
 
 988                         usbctlx_get_rridresult(&ctlx->inbuf.rridresp, &rridresult);
 
 991                 ctlx->usercb(hw, &rridresult, ctlx->usercb_data);
 
 998 hfa384x_docmd_wait(hfa384x_t *hw, hfa384x_metacmd_t *cmd)
 
1000         return hfa384x_docmd(hw, DOWAIT, cmd, NULL, NULL, NULL);
 
1004 hfa384x_docmd_async(hfa384x_t *hw,
 
1005                     hfa384x_metacmd_t *cmd,
 
1007                     ctlx_usercb_t usercb,
 
1010         return hfa384x_docmd(hw, DOASYNC, cmd,
 
1011                                 cmdcb, usercb, usercb_data);
 
1015 hfa384x_dorrid_wait(hfa384x_t *hw, u16 rid, void *riddata, unsigned int riddatalen)
 
1017         return hfa384x_dorrid(hw, DOWAIT,
 
1018                               rid, riddata, riddatalen,
 
1023 hfa384x_dorrid_async(hfa384x_t *hw,
 
1024                      u16 rid, void *riddata, unsigned int riddatalen,
 
1026                      ctlx_usercb_t usercb,
 
1029         return hfa384x_dorrid(hw, DOASYNC,
 
1030                               rid, riddata, riddatalen,
 
1031                               cmdcb, usercb, usercb_data);
 
1035 hfa384x_dowrid_wait(hfa384x_t *hw, u16 rid, void *riddata, unsigned int riddatalen)
 
1037         return hfa384x_dowrid(hw, DOWAIT,
 
1038                               rid, riddata, riddatalen,
 
1043 hfa384x_dowrid_async(hfa384x_t *hw,
 
1044                      u16 rid, void *riddata, unsigned int riddatalen,
 
1046                      ctlx_usercb_t usercb,
 
1049         return hfa384x_dowrid(hw, DOASYNC,
 
1050                               rid, riddata, riddatalen,
 
1051                               cmdcb, usercb, usercb_data);
 
1055 hfa384x_dormem_wait(hfa384x_t *hw,
 
1056                     u16 page, u16 offset, void *data, unsigned int len)
 
1058         return hfa384x_dormem(hw, DOWAIT,
 
1059                               page, offset, data, len,
 
1064 hfa384x_dormem_async(hfa384x_t *hw,
 
1065                      u16 page, u16 offset, void *data, unsigned int len,
 
1067                      ctlx_usercb_t usercb,
 
1070         return hfa384x_dormem(hw, DOASYNC,
 
1071                               page, offset, data, len,
 
1072                               cmdcb, usercb, usercb_data);
 
1076 hfa384x_dowmem_wait(
 
1083         return hfa384x_dowmem(hw, DOWAIT,
 
1084                                   page, offset, data, len,
 
1089 hfa384x_dowmem_async(
 
1096         ctlx_usercb_t usercb,
 
1099         return hfa384x_dowmem(hw, DOASYNC,
 
1100                                   page, offset, data, len,
 
1101                                   cmdcb, usercb, usercb_data);
 
1104 /*----------------------------------------------------------------
 
1105 * hfa384x_cmd_initialize
 
1107 * Issues the initialize command and sets the hw->state based
 
1111 *       hw              device structure
 
1115 *       >0              f/w reported error - f/w status code
 
1116 *       <0              driver reported error
 
1122 ----------------------------------------------------------------*/
 
1124 hfa384x_cmd_initialize(hfa384x_t *hw)
 
1128         hfa384x_metacmd_t cmd;
 
1133         cmd.cmd = HFA384x_CMDCODE_INIT;
 
1138         result = hfa384x_docmd_wait(hw, &cmd);
 
1141         WLAN_LOG_DEBUG(3,"cmdresp.init: "
 
1142                 "status=0x%04x, resp0=0x%04x, "
 
1143                 "resp1=0x%04x, resp2=0x%04x\n",
 
1148         if ( result == 0 ) {
 
1149                 for ( i = 0; i < HFA384x_NUMPORTS_MAX; i++) {
 
1150                         hw->port_enabled[i] = 0;
 
1154         hw->link_status = HFA384x_LINK_NOTCONNECTED;
 
1161 /*----------------------------------------------------------------
 
1162 * hfa384x_cmd_disable
 
1164 * Issues the disable command to stop communications on one of
 
1168 *       hw              device structure
 
1169 *       macport         MAC port number (host order)
 
1173 *       >0              f/w reported failure - f/w status code
 
1174 *       <0              driver reported error (timeout|bad arg)
 
1180 ----------------------------------------------------------------*/
 
1181 int hfa384x_cmd_disable(hfa384x_t *hw, u16 macport)
 
1184         hfa384x_metacmd_t cmd;
 
1188         cmd.cmd = HFA384x_CMD_CMDCODE_SET(HFA384x_CMDCODE_DISABLE) |
 
1189                   HFA384x_CMD_MACPORT_SET(macport);
 
1194         result = hfa384x_docmd_wait(hw, &cmd);
 
1201 /*----------------------------------------------------------------
 
1202 * hfa384x_cmd_enable
 
1204 * Issues the enable command to enable communications on one of
 
1208 *       hw              device structure
 
1209 *       macport         MAC port number
 
1213 *       >0              f/w reported failure - f/w status code
 
1214 *       <0              driver reported error (timeout|bad arg)
 
1220 ----------------------------------------------------------------*/
 
1221 int hfa384x_cmd_enable(hfa384x_t *hw, u16 macport)
 
1224         hfa384x_metacmd_t cmd;
 
1228         cmd.cmd = HFA384x_CMD_CMDCODE_SET(HFA384x_CMDCODE_ENABLE) |
 
1229                   HFA384x_CMD_MACPORT_SET(macport);
 
1234         result = hfa384x_docmd_wait(hw, &cmd);
 
1240 /*----------------------------------------------------------------
 
1241 * hfa384x_cmd_monitor
 
1243 * Enables the 'monitor mode' of the MAC.  Here's the description of
 
1244 * monitor mode that I've received thus far:
 
1246 *  "The "monitor mode" of operation is that the MAC passes all
 
1247 *  frames for which the PLCP checks are correct. All received
 
1248 *  MPDUs are passed to the host with MAC Port = 7, with a
 
1249 *  receive status of good, FCS error, or undecryptable. Passing
 
1250 *  certain MPDUs is a violation of the 802.11 standard, but useful
 
1251 *  for a debugging tool."  Normal communication is not possible
 
1252 *  while monitor mode is enabled.
 
1255 *       hw              device structure
 
1256 *       enable          a code (0x0b|0x0f) that enables/disables
 
1257 *                       monitor mode. (host order)
 
1261 *       >0              f/w reported failure - f/w status code
 
1262 *       <0              driver reported error (timeout|bad arg)
 
1268 ----------------------------------------------------------------*/
 
1269 int hfa384x_cmd_monitor(hfa384x_t *hw, u16 enable)
 
1272         hfa384x_metacmd_t cmd;
 
1276         cmd.cmd = HFA384x_CMD_CMDCODE_SET(HFA384x_CMDCODE_MONITOR) |
 
1277                 HFA384x_CMD_AINFO_SET(enable);
 
1282         result = hfa384x_docmd_wait(hw, &cmd);
 
1289 /*----------------------------------------------------------------
 
1290 * hfa384x_cmd_download
 
1292 * Sets the controls for the MAC controller code/data download
 
1293 * process.  The arguments set the mode and address associated
 
1294 * with a download.  Note that the aux registers should be enabled
 
1295 * prior to setting one of the download enable modes.
 
1298 *       hw              device structure
 
1299 *       mode            0 - Disable programming and begin code exec
 
1300 *                       1 - Enable volatile mem programming
 
1301 *                       2 - Enable non-volatile mem programming
 
1302 *                       3 - Program non-volatile section from NV download
 
1306 *       highaddr        For mode 1, sets the high & low order bits of
 
1307 *                       the "destination address".  This address will be
 
1308 *                       the execution start address when download is
 
1309 *                       subsequently disabled.
 
1310 *                       For mode 2, sets the high & low order bits of
 
1311 *                       the destination in NV ram.
 
1312 *                       For modes 0 & 3, should be zero. (host order)
 
1313 *                       NOTE: these are CMD format.
 
1314 *       codelen         Length of the data to write in mode 2,
 
1315 *                       zero otherwise. (host order)
 
1319 *       >0              f/w reported failure - f/w status code
 
1320 *       <0              driver reported error (timeout|bad arg)
 
1326 ----------------------------------------------------------------*/
 
1327 int hfa384x_cmd_download(hfa384x_t *hw, u16 mode, u16 lowaddr,
 
1328                                 u16 highaddr, u16 codelen)
 
1331         hfa384x_metacmd_t cmd;
 
1335                 "mode=%d, lowaddr=0x%04x, highaddr=0x%04x, codelen=%d\n",
 
1336                 mode, lowaddr, highaddr, codelen);
 
1338         cmd.cmd = (HFA384x_CMD_CMDCODE_SET(HFA384x_CMDCODE_DOWNLD) |
 
1339                    HFA384x_CMD_PROGMODE_SET(mode));
 
1341         cmd.parm0 = lowaddr;
 
1342         cmd.parm1 = highaddr;
 
1343         cmd.parm2 = codelen;
 
1345         result = hfa384x_docmd_wait(hw, &cmd);
 
1352 /*----------------------------------------------------------------
 
1353 * hfa384x_copy_from_aux
 
1355 * Copies a collection of bytes from the controller memory.  The
 
1356 * Auxiliary port MUST be enabled prior to calling this function.
 
1357 * We _might_ be in a download state.
 
1360 *       hw              device structure
 
1361 *       cardaddr        address in hfa384x data space to read
 
1362 *       auxctl          address space select
 
1363 *       buf             ptr to destination host buffer
 
1364 *       len             length of data to transfer (in bytes)
 
1370 *       buf contains the data copied
 
1375 ----------------------------------------------------------------*/
 
1377 hfa384x_copy_from_aux(
 
1378         hfa384x_t *hw, u32 cardaddr, u32 auxctl, void *buf, unsigned int len)
 
1381         WLAN_LOG_ERROR("not used in USB.\n");
 
1386 /*----------------------------------------------------------------
 
1387 * hfa384x_copy_to_aux
 
1389 * Copies a collection of bytes to the controller memory.  The
 
1390 * Auxiliary port MUST be enabled prior to calling this function.
 
1391 * We _might_ be in a download state.
 
1394 *       hw              device structure
 
1395 *       cardaddr        address in hfa384x data space to read
 
1396 *       auxctl          address space select
 
1397 *       buf             ptr to destination host buffer
 
1398 *       len             length of data to transfer (in bytes)
 
1404 *       Controller memory now contains a copy of buf
 
1409 ----------------------------------------------------------------*/
 
1411 hfa384x_copy_to_aux(
 
1412         hfa384x_t *hw, u32 cardaddr, u32 auxctl, void *buf, unsigned int len)
 
1415         WLAN_LOG_ERROR("not used in USB.\n");
 
1420 /*----------------------------------------------------------------
 
1423 * Perform a reset of the hfa38xx MAC core.  We assume that the hw
 
1424 * structure is in its "created" state.  That is, it is initialized
 
1425 * with proper values.  Note that if a reset is done after the
 
1426 * device has been active for awhile, the caller might have to clean
 
1427 * up some leftover cruft in the hw structure.
 
1430 *       hw              device structure
 
1431 *       holdtime        how long (in ms) to hold the reset
 
1432 *       settletime      how long (in ms) to wait after releasing
 
1442 ----------------------------------------------------------------*/
 
1443 int hfa384x_corereset(hfa384x_t *hw, int holdtime, int settletime, int genesis)
 
1449         result=usb_reset_device(hw->usb);
 
1451                 WLAN_LOG_ERROR("usb_reset_device() failed, result=%d.\n",result);
 
1459 /*----------------------------------------------------------------
 
1460 * hfa384x_usbctlx_complete_sync
 
1462 * Waits for a synchronous CTLX object to complete,
 
1463 * and then handles the response.
 
1466 *       hw              device structure
 
1468 *       completor       functor object to decide what to
 
1469 *                       do with the CTLX's result.
 
1473 *       -ERESTARTSYS    Interrupted by a signal
 
1475 *       -ENODEV         Adapter was unplugged
 
1476 *       ???             Result from completor
 
1482 ----------------------------------------------------------------*/
 
1483 static int hfa384x_usbctlx_complete_sync(hfa384x_t *hw,
 
1484                                          hfa384x_usbctlx_t *ctlx,
 
1485                                          usbctlx_completor_t *completor)
 
1487         unsigned long flags;
 
1492         result = wait_for_completion_interruptible(&ctlx->done);
 
1494         spin_lock_irqsave(&hw->ctlxq.lock, flags);
 
1497          * We can only handle the CTLX if the USB disconnect
 
1498          * function has not run yet ...
 
1501         if ( hw->wlandev->hwremoved )
 
1503                 spin_unlock_irqrestore(&hw->ctlxq.lock, flags);
 
1506         else if ( result != 0 )
 
1511                  * We were probably interrupted, so delete
 
1512                  * this CTLX asynchronously, kill the timers
 
1513                  * and the URB, and then start the next
 
1516                  * NOTE: We can only delete the timers and
 
1517                  *       the URB if this CTLX is active.
 
1519                 if (ctlx == get_active_ctlx(hw))
 
1521                         spin_unlock_irqrestore(&hw->ctlxq.lock, flags);
 
1523                         del_singleshot_timer_sync(&hw->reqtimer);
 
1524                         del_singleshot_timer_sync(&hw->resptimer);
 
1525                         hw->req_timer_done = 1;
 
1526                         hw->resp_timer_done = 1;
 
1527                         usb_kill_urb(&hw->ctlx_urb);
 
1529                         spin_lock_irqsave(&hw->ctlxq.lock, flags);
 
1534                          * This scenario is so unlikely that I'm
 
1535                          * happy with a grubby "goto" solution ...
 
1537                         if ( hw->wlandev->hwremoved )
 
1542                  * The completion task will send this CTLX
 
1543                  * to the reaper the next time it runs. We
 
1544                  * are no longer in a hurry.
 
1547                 ctlx->state = CTLX_REQ_FAILED;
 
1548                 list_move_tail(&ctlx->list, &hw->ctlxq.completing);
 
1550                 spin_unlock_irqrestore(&hw->ctlxq.lock, flags);
 
1553                         hfa384x_usbctlxq_run(hw);
 
1555                 if (ctlx->state == CTLX_COMPLETE) {
 
1556                         result = completor->complete(completor);
 
1558                         WLAN_LOG_WARNING("CTLX[%d] error: state(%s)\n",
 
1559                                          hfa384x2host_16(ctlx->outbuf.type),
 
1560                                          ctlxstr(ctlx->state));
 
1564                 list_del(&ctlx->list);
 
1565                 spin_unlock_irqrestore(&hw->ctlxq.lock, flags);
 
1573 /*----------------------------------------------------------------
 
1576 * Constructs a command CTLX and submits it.
 
1578 * NOTE: Any changes to the 'post-submit' code in this function
 
1579 *       need to be carried over to hfa384x_cbcmd() since the handling
 
1580 *       is virtually identical.
 
1583 *       hw              device structure
 
1584 *       mode            DOWAIT or DOASYNC
 
1585 *       cmd             cmd structure.  Includes all arguments and result
 
1586 *                       data points.  All in host order. in host order
 
1587 *       cmdcb           command-specific callback
 
1588 *       usercb          user callback for async calls, NULL for DOWAIT calls
 
1589 *       usercb_data     user supplied data pointer for async calls, NULL
 
1595 *       -ERESTARTSYS    Awakened on signal
 
1596 *       >0              command indicated error, Status and Resp0-2 are
 
1604 ----------------------------------------------------------------*/
 
1609         hfa384x_metacmd_t *cmd,
 
1611         ctlx_usercb_t   usercb,
 
1615         hfa384x_usbctlx_t       *ctlx;
 
1618         ctlx = usbctlx_alloc();
 
1619         if ( ctlx == NULL ) {
 
1624         /* Initialize the command */
 
1625         ctlx->outbuf.cmdreq.type =      host2hfa384x_16(HFA384x_USB_CMDREQ);
 
1626         ctlx->outbuf.cmdreq.cmd =       host2hfa384x_16(cmd->cmd);
 
1627         ctlx->outbuf.cmdreq.parm0 =     host2hfa384x_16(cmd->parm0);
 
1628         ctlx->outbuf.cmdreq.parm1 =     host2hfa384x_16(cmd->parm1);
 
1629         ctlx->outbuf.cmdreq.parm2 =     host2hfa384x_16(cmd->parm2);
 
1631         ctlx->outbufsize = sizeof(ctlx->outbuf.cmdreq);
 
1633         WLAN_LOG_DEBUG(4, "cmdreq: cmd=0x%04x "
 
1634                 "parm0=0x%04x parm1=0x%04x parm2=0x%04x\n",
 
1640         ctlx->reapable = mode;
 
1641         ctlx->cmdcb = cmdcb;
 
1642         ctlx->usercb = usercb;
 
1643         ctlx->usercb_data = usercb_data;
 
1645         result = hfa384x_usbctlx_submit(hw, ctlx);
 
1648         } else if (mode == DOWAIT) {
 
1649                 usbctlx_cmd_completor_t completor;
 
1651                 result = hfa384x_usbctlx_complete_sync(
 
1652                              hw, ctlx, init_cmd_completor(&completor,
 
1653                                                           &ctlx->inbuf.cmdresp,
 
1663 /*----------------------------------------------------------------
 
1666 * Constructs a read rid CTLX and issues it.
 
1668 * NOTE: Any changes to the 'post-submit' code in this function
 
1669 *       need to be carried over to hfa384x_cbrrid() since the handling
 
1670 *       is virtually identical.
 
1673 *       hw              device structure
 
1674 *       mode            DOWAIT or DOASYNC
 
1675 *       rid             Read RID number (host order)
 
1676 *       riddata         Caller supplied buffer that MAC formatted RID.data
 
1677 *                       record will be written to for DOWAIT calls. Should
 
1678 *                       be NULL for DOASYNC calls.
 
1679 *       riddatalen      Buffer length for DOWAIT calls. Zero for DOASYNC calls.
 
1680 *       cmdcb           command callback for async calls, NULL for DOWAIT calls
 
1681 *       usercb          user callback for async calls, NULL for DOWAIT calls
 
1682 *       usercb_data     user supplied data pointer for async calls, NULL
 
1688 *       -ERESTARTSYS    Awakened on signal
 
1689 *       -ENODATA        riddatalen != macdatalen
 
1690 *       >0              command indicated error, Status and Resp0-2 are
 
1696 *       interrupt (DOASYNC)
 
1697 *       process (DOWAIT or DOASYNC)
 
1698 ----------------------------------------------------------------*/
 
1705         unsigned int    riddatalen,
 
1707         ctlx_usercb_t usercb,
 
1711         hfa384x_usbctlx_t       *ctlx;
 
1714         ctlx = usbctlx_alloc();
 
1715         if ( ctlx == NULL ) {
 
1720         /* Initialize the command */
 
1721         ctlx->outbuf.rridreq.type =   host2hfa384x_16(HFA384x_USB_RRIDREQ);
 
1722         ctlx->outbuf.rridreq.frmlen =
 
1723                 host2hfa384x_16(sizeof(ctlx->outbuf.rridreq.rid));
 
1724         ctlx->outbuf.rridreq.rid =    host2hfa384x_16(rid);
 
1726         ctlx->outbufsize = sizeof(ctlx->outbuf.rridreq);
 
1728         ctlx->reapable = mode;
 
1729         ctlx->cmdcb = cmdcb;
 
1730         ctlx->usercb = usercb;
 
1731         ctlx->usercb_data = usercb_data;
 
1733         /* Submit the CTLX */
 
1734         result = hfa384x_usbctlx_submit(hw, ctlx);
 
1737         } else if (mode == DOWAIT) {
 
1738                 usbctlx_rrid_completor_t completor;
 
1740                 result = hfa384x_usbctlx_complete_sync(
 
1741                            hw, ctlx, init_rrid_completor(&completor,
 
1742                                                          &ctlx->inbuf.rridresp,
 
1753 /*----------------------------------------------------------------
 
1756 * Constructs a write rid CTLX and issues it.
 
1758 * NOTE: Any changes to the 'post-submit' code in this function
 
1759 *       need to be carried over to hfa384x_cbwrid() since the handling
 
1760 *       is virtually identical.
 
1763 *       hw              device structure
 
1764 *       CMD_MODE        DOWAIT or DOASYNC
 
1766 *       riddata         Data portion of RID formatted for MAC
 
1767 *       riddatalen      Length of the data portion in bytes
 
1768 *       cmdcb           command callback for async calls, NULL for DOWAIT calls
 
1769 *       usercb          user callback for async calls, NULL for DOWAIT calls
 
1770 *       usercb_data     user supplied data pointer for async calls
 
1774 *       -ETIMEDOUT      timed out waiting for register ready or
 
1775 *                       command completion
 
1776 *       >0              command indicated error, Status and Resp0-2 are
 
1782 *       interrupt (DOASYNC)
 
1783 *       process (DOWAIT or DOASYNC)
 
1784 ----------------------------------------------------------------*/
 
1791         unsigned int    riddatalen,
 
1793         ctlx_usercb_t usercb,
 
1797         hfa384x_usbctlx_t       *ctlx;
 
1800         ctlx = usbctlx_alloc();
 
1801         if ( ctlx == NULL ) {
 
1806         /* Initialize the command */
 
1807         ctlx->outbuf.wridreq.type =   host2hfa384x_16(HFA384x_USB_WRIDREQ);
 
1808         ctlx->outbuf.wridreq.frmlen = host2hfa384x_16(
 
1809                                         (sizeof(ctlx->outbuf.wridreq.rid) +
 
1810                                         riddatalen + 1) / 2);
 
1811         ctlx->outbuf.wridreq.rid =    host2hfa384x_16(rid);
 
1812         memcpy(ctlx->outbuf.wridreq.data, riddata, riddatalen);
 
1814         ctlx->outbufsize = sizeof(ctlx->outbuf.wridreq.type) +
 
1815                            sizeof(ctlx->outbuf.wridreq.frmlen) +
 
1816                            sizeof(ctlx->outbuf.wridreq.rid) +
 
1819         ctlx->reapable = mode;
 
1820         ctlx->cmdcb = cmdcb;
 
1821         ctlx->usercb = usercb;
 
1822         ctlx->usercb_data = usercb_data;
 
1824         /* Submit the CTLX */
 
1825         result = hfa384x_usbctlx_submit(hw, ctlx);
 
1828         } else if (mode == DOWAIT) {
 
1829                 usbctlx_wrid_completor_t completor;
 
1830                 hfa384x_cmdresult_t wridresult;
 
1832                 result = hfa384x_usbctlx_complete_sync(
 
1835                                init_wrid_completor(&completor,
 
1836                                                    &ctlx->inbuf.wridresp,
 
1845 /*----------------------------------------------------------------
 
1848 * Constructs a readmem CTLX and issues it.
 
1850 * NOTE: Any changes to the 'post-submit' code in this function
 
1851 *       need to be carried over to hfa384x_cbrmem() since the handling
 
1852 *       is virtually identical.
 
1855 *       hw              device structure
 
1856 *       mode            DOWAIT or DOASYNC
 
1857 *       page            MAC address space page (CMD format)
 
1858 *       offset          MAC address space offset
 
1859 *       data            Ptr to data buffer to receive read
 
1860 *       len             Length of the data to read (max == 2048)
 
1861 *       cmdcb           command callback for async calls, NULL for DOWAIT calls
 
1862 *       usercb          user callback for async calls, NULL for DOWAIT calls
 
1863 *       usercb_data     user supplied data pointer for async calls
 
1867 *       -ETIMEDOUT      timed out waiting for register ready or
 
1868 *                       command completion
 
1869 *       >0              command indicated error, Status and Resp0-2 are
 
1875 *       interrupt (DOASYNC)
 
1876 *       process (DOWAIT or DOASYNC)
 
1877 ----------------------------------------------------------------*/
 
1887         ctlx_usercb_t usercb,
 
1891         hfa384x_usbctlx_t       *ctlx;
 
1894         ctlx = usbctlx_alloc();
 
1895         if ( ctlx == NULL ) {
 
1900         /* Initialize the command */
 
1901         ctlx->outbuf.rmemreq.type =    host2hfa384x_16(HFA384x_USB_RMEMREQ);
 
1902         ctlx->outbuf.rmemreq.frmlen =  host2hfa384x_16(
 
1903                                         sizeof(ctlx->outbuf.rmemreq.offset) +
 
1904                                         sizeof(ctlx->outbuf.rmemreq.page) +
 
1906         ctlx->outbuf.rmemreq.offset =   host2hfa384x_16(offset);
 
1907         ctlx->outbuf.rmemreq.page =     host2hfa384x_16(page);
 
1909         ctlx->outbufsize = sizeof(ctlx->outbuf.rmemreq);
 
1912                 "type=0x%04x frmlen=%d offset=0x%04x page=0x%04x\n",
 
1913                 ctlx->outbuf.rmemreq.type,
 
1914                 ctlx->outbuf.rmemreq.frmlen,
 
1915                 ctlx->outbuf.rmemreq.offset,
 
1916                 ctlx->outbuf.rmemreq.page);
 
1918         WLAN_LOG_DEBUG(4,"pktsize=%zd\n",
 
1919                 ROUNDUP64(sizeof(ctlx->outbuf.rmemreq)));
 
1921         ctlx->reapable = mode;
 
1922         ctlx->cmdcb = cmdcb;
 
1923         ctlx->usercb = usercb;
 
1924         ctlx->usercb_data = usercb_data;
 
1926         result = hfa384x_usbctlx_submit(hw, ctlx);
 
1929         } else if ( mode == DOWAIT ) {
 
1930                 usbctlx_rmem_completor_t completor;
 
1932                 result = hfa384x_usbctlx_complete_sync(
 
1933                            hw, ctlx, init_rmem_completor(&completor,
 
1934                                                          &ctlx->inbuf.rmemresp,
 
1946 /*----------------------------------------------------------------
 
1949 * Constructs a writemem CTLX and issues it.
 
1951 * NOTE: Any changes to the 'post-submit' code in this function
 
1952 *       need to be carried over to hfa384x_cbwmem() since the handling
 
1953 *       is virtually identical.
 
1956 *       hw              device structure
 
1957 *       mode            DOWAIT or DOASYNC
 
1958 *       page            MAC address space page (CMD format)
 
1959 *       offset          MAC address space offset
 
1960 *       data            Ptr to data buffer containing write data
 
1961 *       len             Length of the data to read (max == 2048)
 
1962 *       cmdcb           command callback for async calls, NULL for DOWAIT calls
 
1963 *       usercb          user callback for async calls, NULL for DOWAIT calls
 
1964 *       usercb_data     user supplied data pointer for async calls.
 
1968 *       -ETIMEDOUT      timed out waiting for register ready or
 
1969 *                       command completion
 
1970 *       >0              command indicated error, Status and Resp0-2 are
 
1976 *       interrupt (DOWAIT)
 
1977 *       process (DOWAIT or DOASYNC)
 
1978 ----------------------------------------------------------------*/
 
1988         ctlx_usercb_t usercb,
 
1992         hfa384x_usbctlx_t       *ctlx;
 
1995         WLAN_LOG_DEBUG(5, "page=0x%04x offset=0x%04x len=%d\n",
 
1998         ctlx = usbctlx_alloc();
 
1999         if ( ctlx == NULL ) {
 
2004         /* Initialize the command */
 
2005         ctlx->outbuf.wmemreq.type =   host2hfa384x_16(HFA384x_USB_WMEMREQ);
 
2006         ctlx->outbuf.wmemreq.frmlen = host2hfa384x_16(
 
2007                                         sizeof(ctlx->outbuf.wmemreq.offset) +
 
2008                                         sizeof(ctlx->outbuf.wmemreq.page) +
 
2010         ctlx->outbuf.wmemreq.offset = host2hfa384x_16(offset);
 
2011         ctlx->outbuf.wmemreq.page =   host2hfa384x_16(page);
 
2012         memcpy(ctlx->outbuf.wmemreq.data, data, len);
 
2014         ctlx->outbufsize = sizeof(ctlx->outbuf.wmemreq.type) +
 
2015                            sizeof(ctlx->outbuf.wmemreq.frmlen) +
 
2016                            sizeof(ctlx->outbuf.wmemreq.offset) +
 
2017                            sizeof(ctlx->outbuf.wmemreq.page) +
 
2020         ctlx->reapable = mode;
 
2021         ctlx->cmdcb = cmdcb;
 
2022         ctlx->usercb = usercb;
 
2023         ctlx->usercb_data = usercb_data;
 
2025         result = hfa384x_usbctlx_submit(hw, ctlx);
 
2028         } else if ( mode == DOWAIT ) {
 
2029                 usbctlx_wmem_completor_t completor;
 
2030                 hfa384x_cmdresult_t wmemresult;
 
2032                 result = hfa384x_usbctlx_complete_sync(
 
2035                                init_wmem_completor(&completor,
 
2036                                                    &ctlx->inbuf.wmemresp,
 
2046 /*----------------------------------------------------------------
 
2047 * hfa384x_drvr_commtallies
 
2049 * Send a commtallies inquiry to the MAC.  Note that this is an async
 
2050 * call that will result in an info frame arriving sometime later.
 
2053 *       hw              device structure
 
2062 ----------------------------------------------------------------*/
 
2063 int hfa384x_drvr_commtallies( hfa384x_t *hw )
 
2065         hfa384x_metacmd_t cmd;
 
2069         cmd.cmd = HFA384x_CMDCODE_INQ;
 
2070         cmd.parm0 = HFA384x_IT_COMMTALLIES;
 
2074         hfa384x_docmd_async(hw, &cmd, NULL, NULL, NULL);
 
2081 /*----------------------------------------------------------------
 
2082 * hfa384x_drvr_disable
 
2084 * Issues the disable command to stop communications on one of
 
2085 * the MACs 'ports'.  Only macport 0 is valid  for stations.
 
2086 * APs may also disable macports 1-6.  Only ports that have been
 
2087 * previously enabled may be disabled.
 
2090 *       hw              device structure
 
2091 *       macport         MAC port number (host order)
 
2095 *       >0              f/w reported failure - f/w status code
 
2096 *       <0              driver reported error (timeout|bad arg)
 
2102 ----------------------------------------------------------------*/
 
2103 int hfa384x_drvr_disable(hfa384x_t *hw, u16 macport)
 
2108         if ((!hw->isap && macport != 0) ||
 
2109             (hw->isap && !(macport <= HFA384x_PORTID_MAX)) ||
 
2110             !(hw->port_enabled[macport]) ){
 
2113                 result = hfa384x_cmd_disable(hw, macport);
 
2114                 if ( result == 0 ) {
 
2115                         hw->port_enabled[macport] = 0;
 
2123 /*----------------------------------------------------------------
 
2124 * hfa384x_drvr_enable
 
2126 * Issues the enable command to enable communications on one of
 
2127 * the MACs 'ports'.  Only macport 0 is valid  for stations.
 
2128 * APs may also enable macports 1-6.  Only ports that are currently
 
2129 * disabled may be enabled.
 
2132 *       hw              device structure
 
2133 *       macport         MAC port number
 
2137 *       >0              f/w reported failure - f/w status code
 
2138 *       <0              driver reported error (timeout|bad arg)
 
2144 ----------------------------------------------------------------*/
 
2145 int hfa384x_drvr_enable(hfa384x_t *hw, u16 macport)
 
2150         if ((!hw->isap && macport != 0) ||
 
2151             (hw->isap && !(macport <= HFA384x_PORTID_MAX)) ||
 
2152             (hw->port_enabled[macport]) ){
 
2155                 result = hfa384x_cmd_enable(hw, macport);
 
2156                 if ( result == 0 ) {
 
2157                         hw->port_enabled[macport] = 1;
 
2165 /*----------------------------------------------------------------
 
2166 * hfa384x_drvr_flashdl_enable
 
2168 * Begins the flash download state.  Checks to see that we're not
 
2169 * already in a download state and that a port isn't enabled.
 
2170 * Sets the download state and retrieves the flash download
 
2171 * buffer location, buffer size, and timeout length.
 
2174 *       hw              device structure
 
2178 *       >0              f/w reported error - f/w status code
 
2179 *       <0              driver reported error
 
2185 ----------------------------------------------------------------*/
 
2186 int hfa384x_drvr_flashdl_enable(hfa384x_t *hw)
 
2192         /* Check that a port isn't active */
 
2193         for ( i = 0; i < HFA384x_PORTID_MAX; i++) {
 
2194                 if ( hw->port_enabled[i] ) {
 
2195                         WLAN_LOG_DEBUG(1,"called when port enabled.\n");
 
2200         /* Check that we're not already in a download state */
 
2201         if ( hw->dlstate != HFA384x_DLSTATE_DISABLED ) {
 
2205         /* Retrieve the buffer loc&size and timeout */
 
2206         if ( (result = hfa384x_drvr_getconfig(hw, HFA384x_RID_DOWNLOADBUFFER,
 
2207                                 &(hw->bufinfo), sizeof(hw->bufinfo))) ) {
 
2210         hw->bufinfo.page = hfa384x2host_16(hw->bufinfo.page);
 
2211         hw->bufinfo.offset = hfa384x2host_16(hw->bufinfo.offset);
 
2212         hw->bufinfo.len = hfa384x2host_16(hw->bufinfo.len);
 
2213         if ( (result = hfa384x_drvr_getconfig16(hw, HFA384x_RID_MAXLOADTIME,
 
2214                                 &(hw->dltimeout))) ) {
 
2217         hw->dltimeout = hfa384x2host_16(hw->dltimeout);
 
2219         WLAN_LOG_DEBUG(1,"flashdl_enable\n");
 
2221         hw->dlstate = HFA384x_DLSTATE_FLASHENABLED;
 
2227 /*----------------------------------------------------------------
 
2228 * hfa384x_drvr_flashdl_disable
 
2230 * Ends the flash download state.  Note that this will cause the MAC
 
2231 * firmware to restart.
 
2234 *       hw              device structure
 
2238 *       >0              f/w reported error - f/w status code
 
2239 *       <0              driver reported error
 
2245 ----------------------------------------------------------------*/
 
2246 int hfa384x_drvr_flashdl_disable(hfa384x_t *hw)
 
2249         /* Check that we're already in the download state */
 
2250         if ( hw->dlstate != HFA384x_DLSTATE_FLASHENABLED ) {
 
2254         WLAN_LOG_DEBUG(1,"flashdl_enable\n");
 
2256         /* There isn't much we can do at this point, so I don't */
 
2257         /*  bother  w/ the return value */
 
2258         hfa384x_cmd_download(hw, HFA384x_PROGMODE_DISABLE, 0, 0 , 0);
 
2259         hw->dlstate = HFA384x_DLSTATE_DISABLED;
 
2266 /*----------------------------------------------------------------
 
2267 * hfa384x_drvr_flashdl_write
 
2269 * Performs a FLASH download of a chunk of data. First checks to see
 
2270 * that we're in the FLASH download state, then sets the download
 
2271 * mode, uses the aux functions to 1) copy the data to the flash
 
2272 * buffer, 2) sets the download 'write flash' mode, 3) readback and
 
2273 * compare.  Lather rinse, repeat as many times an necessary to get
 
2274 * all the given data into flash.
 
2275 * When all data has been written using this function (possibly
 
2276 * repeatedly), call drvr_flashdl_disable() to end the download state
 
2277 * and restart the MAC.
 
2280 *       hw              device structure
 
2281 *       daddr           Card address to write to. (host order)
 
2282 *       buf             Ptr to data to write.
 
2283 *       len             Length of data (host order).
 
2287 *       >0              f/w reported error - f/w status code
 
2288 *       <0              driver reported error
 
2294 ----------------------------------------------------------------*/
 
2296 hfa384x_drvr_flashdl_write(
 
2318         WLAN_LOG_DEBUG(5,"daddr=0x%08x len=%d\n", daddr, len);
 
2320         /* Check that we're in the flash download state */
 
2321         if ( hw->dlstate != HFA384x_DLSTATE_FLASHENABLED ) {
 
2325         WLAN_LOG_INFO("Download %d bytes to flash @0x%06x\n", len, daddr);
 
2327         /* Convert to flat address for arithmetic */
 
2328         /* NOTE: dlbuffer RID stores the address in AUX format */
 
2329         dlbufaddr = HFA384x_ADDR_AUX_MKFLAT(
 
2330                         hw->bufinfo.page, hw->bufinfo.offset);
 
2332                 "dlbuf.page=0x%04x dlbuf.offset=0x%04x dlbufaddr=0x%08x\n",
 
2333                 hw->bufinfo.page, hw->bufinfo.offset, dlbufaddr);
 
2336 WLAN_LOG_WARNING("dlbuf@0x%06lx len=%d to=%d\n", dlbufaddr, hw->bufinfo.len, hw->dltimeout);
 
2338         /* Calculations to determine how many fills of the dlbuffer to do
 
2339          * and how many USB wmemreq's to do for each fill.  At this point
 
2340          * in time, the dlbuffer size and the wmemreq size are the same.
 
2341          * Therefore, nwrites should always be 1.  The extra complexity
 
2342          * here is a hedge against future changes.
 
2345         /* Figure out how many times to do the flash programming */
 
2346         nburns = len / hw->bufinfo.len;
 
2347         nburns += (len % hw->bufinfo.len) ? 1 : 0;
 
2349         /* For each flash program cycle, how many USB wmemreq's are needed? */
 
2350         nwrites = hw->bufinfo.len / HFA384x_USB_RWMEM_MAXLEN;
 
2351         nwrites += (hw->bufinfo.len % HFA384x_USB_RWMEM_MAXLEN) ? 1 : 0;
 
2354         for ( i = 0; i < nburns; i++) {
 
2355                 /* Get the dest address and len */
 
2356                 burnlen = (len - (hw->bufinfo.len * i)) > hw->bufinfo.len ?
 
2358                                 (len - (hw->bufinfo.len * i));
 
2359                 burndaddr = daddr + (hw->bufinfo.len * i);
 
2360                 burnlo = HFA384x_ADDR_CMD_MKOFF(burndaddr);
 
2361                 burnhi = HFA384x_ADDR_CMD_MKPAGE(burndaddr);
 
2363                 WLAN_LOG_INFO("Writing %d bytes to flash @0x%06x\n",
 
2364                         burnlen, burndaddr);
 
2366                 /* Set the download mode */
 
2367                 result = hfa384x_cmd_download(hw, HFA384x_PROGMODE_NV,
 
2368                                 burnlo, burnhi, burnlen);
 
2370                         WLAN_LOG_ERROR("download(NV,lo=%x,hi=%x,len=%x) "
 
2371                                 "cmd failed, result=%d. Aborting d/l\n",
 
2372                                 burnlo, burnhi, burnlen, result);
 
2376                 /* copy the data to the flash download buffer */
 
2377                 for ( j=0; j < nwrites; j++) {
 
2379                                 (i*hw->bufinfo.len) +
 
2380                                 (j*HFA384x_USB_RWMEM_MAXLEN);
 
2382                         writepage = HFA384x_ADDR_CMD_MKPAGE(
 
2384                                         (j*HFA384x_USB_RWMEM_MAXLEN));
 
2385                         writeoffset = HFA384x_ADDR_CMD_MKOFF(
 
2387                                         (j*HFA384x_USB_RWMEM_MAXLEN));
 
2389                         writelen = burnlen-(j*HFA384x_USB_RWMEM_MAXLEN);
 
2390                         writelen = writelen  > HFA384x_USB_RWMEM_MAXLEN ?
 
2391                                         HFA384x_USB_RWMEM_MAXLEN :
 
2394                         result = hfa384x_dowmem_wait( hw,
 
2401 Comment out for debugging, assume the write was successful.
 
2404                                         "Write to dl buffer failed, "
 
2405                                         "result=0x%04x. Aborting.\n",
 
2413                 /* set the download 'write flash' mode */
 
2414                 result = hfa384x_cmd_download(hw,
 
2415                                 HFA384x_PROGMODE_NVWRITE,
 
2419                                 "download(NVWRITE,lo=%x,hi=%x,len=%x) "
 
2420                                 "cmd failed, result=%d. Aborting d/l\n",
 
2421                                 burnlo, burnhi, burnlen, result);
 
2425                 /* TODO: We really should do a readback and compare. */
 
2430         /* Leave the firmware in the 'post-prog' mode.  flashdl_disable will */
 
2431         /*  actually disable programming mode.  Remember, that will cause the */
 
2432         /*  the firmware to effectively reset itself. */
 
2439 /*----------------------------------------------------------------
 
2440 * hfa384x_drvr_getconfig
 
2442 * Performs the sequence necessary to read a config/info item.
 
2445 *       hw              device structure
 
2446 *       rid             config/info record id (host order)
 
2447 *       buf             host side record buffer.  Upon return it will
 
2448 *                       contain the body portion of the record (minus the
 
2450 *       len             buffer length (in bytes, should match record length)
 
2454 *       >0              f/w reported error - f/w status code
 
2455 *       <0              driver reported error
 
2456 *       -ENODATA        length mismatch between argument and retrieved
 
2463 ----------------------------------------------------------------*/
 
2464 int hfa384x_drvr_getconfig(hfa384x_t *hw, u16 rid, void *buf, u16 len)
 
2469         result = hfa384x_dorrid_wait(hw, rid, buf, len);
 
2475 /*----------------------------------------------------------------
 
2476  * hfa384x_drvr_getconfig_async
 
2478  * Performs the sequence necessary to perform an async read of
 
2479  * of a config/info item.
 
2482  *       hw              device structure
 
2483  *       rid             config/info record id (host order)
 
2484  *       buf             host side record buffer.  Upon return it will
 
2485  *                       contain the body portion of the record (minus the
 
2487  *       len             buffer length (in bytes, should match record length)
 
2488  *       cbfn            caller supplied callback, called when the command
 
2489  *                       is done (successful or not).
 
2490  *       cbfndata        pointer to some caller supplied data that will be
 
2491  *                       passed in as an argument to the cbfn.
 
2494  *       nothing         the cbfn gets a status argument identifying if
 
2497  *       Queues an hfa384x_usbcmd_t for subsequent execution.
 
2501  ----------------------------------------------------------------*/
 
2503 hfa384x_drvr_getconfig_async(
 
2506          ctlx_usercb_t           usercb,
 
2509          return hfa384x_dorrid_async(hw, rid, NULL, 0,
 
2510                                      hfa384x_cb_rrid, usercb, usercb_data);
 
2513 /*----------------------------------------------------------------
 
2514  * hfa384x_drvr_setconfig_async
 
2516  * Performs the sequence necessary to write a config/info item.
 
2519  *       hw              device structure
 
2520  *       rid             config/info record id (in host order)
 
2521  *       buf             host side record buffer
 
2522  *       len             buffer length (in bytes)
 
2523  *       usercb          completion callback
 
2524  *       usercb_data     completion callback argument
 
2528  *       >0              f/w reported error - f/w status code
 
2529  *       <0              driver reported error
 
2535  ----------------------------------------------------------------*/
 
2537 hfa384x_drvr_setconfig_async(
 
2542          ctlx_usercb_t   usercb,
 
2545         return hfa384x_dowrid_async(hw, rid, buf, len,
 
2546                                     hfa384x_cb_status, usercb, usercb_data);
 
2549 /*----------------------------------------------------------------
 
2550 * hfa384x_drvr_handover
 
2552 * Sends a handover notification to the MAC.
 
2555 *       hw              device structure
 
2556 *       addr            address of station that's left
 
2560 *       -ERESTARTSYS    received signal while waiting for semaphore.
 
2561 *       -EIO            failed to write to bap, or failed in cmd.
 
2567 ----------------------------------------------------------------*/
 
2568 int hfa384x_drvr_handover( hfa384x_t *hw, u8 *addr)
 
2571         WLAN_LOG_ERROR("Not currently supported in USB!\n");
 
2576 /*----------------------------------------------------------------
 
2577 * hfa384x_drvr_low_level
 
2579 * Write test commands to the card.  Some test commands don't make
 
2580 * sense without prior set-up.  For example, continous TX isn't very
 
2581 * useful until you set the channel.  That functionality should be
 
2587 * -----------------------------------------------------------------*/
 
2588 int hfa384x_drvr_low_level(hfa384x_t *hw, hfa384x_metacmd_t *cmd)
 
2593         /* Do i need a host2hfa... conversion ? */
 
2595         result = hfa384x_docmd_wait(hw, cmd);
 
2601 /*----------------------------------------------------------------
 
2602 * hfa384x_drvr_ramdl_disable
 
2604 * Ends the ram download state.
 
2607 *       hw              device structure
 
2611 *       >0              f/w reported error - f/w status code
 
2612 *       <0              driver reported error
 
2618 ----------------------------------------------------------------*/
 
2620 hfa384x_drvr_ramdl_disable(hfa384x_t *hw)
 
2623         /* Check that we're already in the download state */
 
2624         if ( hw->dlstate != HFA384x_DLSTATE_RAMENABLED ) {
 
2628         WLAN_LOG_DEBUG(3,"ramdl_disable()\n");
 
2630         /* There isn't much we can do at this point, so I don't */
 
2631         /*  bother  w/ the return value */
 
2632         hfa384x_cmd_download(hw, HFA384x_PROGMODE_DISABLE, 0, 0 , 0);
 
2633         hw->dlstate = HFA384x_DLSTATE_DISABLED;
 
2640 /*----------------------------------------------------------------
 
2641 * hfa384x_drvr_ramdl_enable
 
2643 * Begins the ram download state.  Checks to see that we're not
 
2644 * already in a download state and that a port isn't enabled.
 
2645 * Sets the download state and calls cmd_download with the
 
2646 * ENABLE_VOLATILE subcommand and the exeaddr argument.
 
2649 *       hw              device structure
 
2650 *       exeaddr         the card execution address that will be
 
2651 *                       jumped to when ramdl_disable() is called
 
2656 *       >0              f/w reported error - f/w status code
 
2657 *       <0              driver reported error
 
2663 ----------------------------------------------------------------*/
 
2665 hfa384x_drvr_ramdl_enable(hfa384x_t *hw, u32 exeaddr)
 
2672         /* Check that a port isn't active */
 
2673         for ( i = 0; i < HFA384x_PORTID_MAX; i++) {
 
2674                 if ( hw->port_enabled[i] ) {
 
2676                                 "Can't download with a macport enabled.\n");
 
2681         /* Check that we're not already in a download state */
 
2682         if ( hw->dlstate != HFA384x_DLSTATE_DISABLED ) {
 
2684                         "Download state not disabled.\n");
 
2688         WLAN_LOG_DEBUG(3,"ramdl_enable, exeaddr=0x%08x\n", exeaddr);
 
2690         /* Call the download(1,addr) function */
 
2691         lowaddr = HFA384x_ADDR_CMD_MKOFF(exeaddr);
 
2692         hiaddr =  HFA384x_ADDR_CMD_MKPAGE(exeaddr);
 
2694         result = hfa384x_cmd_download(hw, HFA384x_PROGMODE_RAM,
 
2695                         lowaddr, hiaddr, 0);
 
2698                 /* Set the download state */
 
2699                 hw->dlstate = HFA384x_DLSTATE_RAMENABLED;
 
2702                         "cmd_download(0x%04x, 0x%04x) failed, result=%d.\n",
 
2713 /*----------------------------------------------------------------
 
2714 * hfa384x_drvr_ramdl_write
 
2716 * Performs a RAM download of a chunk of data. First checks to see
 
2717 * that we're in the RAM download state, then uses the [read|write]mem USB
 
2718 * commands to 1) copy the data, 2) readback and compare.  The download
 
2719 * state is unaffected.  When all data has been written using
 
2720 * this function, call drvr_ramdl_disable() to end the download state
 
2721 * and restart the MAC.
 
2724 *       hw              device structure
 
2725 *       daddr           Card address to write to. (host order)
 
2726 *       buf             Ptr to data to write.
 
2727 *       len             Length of data (host order).
 
2731 *       >0              f/w reported error - f/w status code
 
2732 *       <0              driver reported error
 
2738 ----------------------------------------------------------------*/
 
2740 hfa384x_drvr_ramdl_write(hfa384x_t *hw, u32 daddr, void* buf, u32 len)
 
2751         /* Check that we're in the ram download state */
 
2752         if ( hw->dlstate != HFA384x_DLSTATE_RAMENABLED ) {
 
2756         WLAN_LOG_INFO("Writing %d bytes to ram @0x%06x\n", len, daddr);
 
2758         /* How many dowmem calls?  */
 
2759         nwrites = len / HFA384x_USB_RWMEM_MAXLEN;
 
2760         nwrites += len % HFA384x_USB_RWMEM_MAXLEN ? 1 : 0;
 
2762         /* Do blocking wmem's */
 
2763         for(i=0; i < nwrites; i++) {
 
2764                 /* make address args */
 
2765                 curraddr = daddr + (i * HFA384x_USB_RWMEM_MAXLEN);
 
2766                 currpage = HFA384x_ADDR_CMD_MKPAGE(curraddr);
 
2767                 curroffset = HFA384x_ADDR_CMD_MKOFF(curraddr);
 
2768                 currlen = len - (i * HFA384x_USB_RWMEM_MAXLEN);
 
2769                 if ( currlen > HFA384x_USB_RWMEM_MAXLEN) {
 
2770                         currlen = HFA384x_USB_RWMEM_MAXLEN;
 
2773                 /* Do blocking ctlx */
 
2774                 result = hfa384x_dowmem_wait( hw,
 
2777                                 data + (i*HFA384x_USB_RWMEM_MAXLEN),
 
2782                 /* TODO: We really should have a readback. */
 
2790 /*----------------------------------------------------------------
 
2791 * hfa384x_drvr_readpda
 
2793 * Performs the sequence to read the PDA space.  Note there is no
 
2794 * drvr_writepda() function.  Writing a PDA is
 
2795 * generally implemented by a calling component via calls to
 
2796 * cmd_download and writing to the flash download buffer via the
 
2800 *       hw              device structure
 
2801 *       buf             buffer to store PDA in
 
2806 *       >0              f/w reported error - f/w status code
 
2807 *       <0              driver reported error
 
2808 *       -ETIMEOUT       timout waiting for the cmd regs to become
 
2809 *                       available, or waiting for the control reg
 
2810 *                       to indicate the Aux port is enabled.
 
2811 *       -ENODATA        the buffer does NOT contain a valid PDA.
 
2812 *                       Either the card PDA is bad, or the auxdata
 
2813 *                       reads are giving us garbage.
 
2819 *       process or non-card interrupt.
 
2820 ----------------------------------------------------------------*/
 
2821 int hfa384x_drvr_readpda(hfa384x_t *hw, void *buf, unsigned int len)
 
2827         int             currpdr = 0;    /* word offset of the current pdr */
 
2829         u16             pdrlen;         /* pdr length in bytes, host order */
 
2830         u16             pdrcode;        /* pdr code, host order */
 
2838                 { HFA3842_PDA_BASE,             0},
 
2839                 { HFA3841_PDA_BASE,             0},
 
2840                 { HFA3841_PDA_BOGUS_BASE,       0}
 
2845         /* Read the pda from each known address.  */
 
2846         for ( i = 0; i < ARRAY_SIZE(pdaloc); i++) {
 
2848                 currpage = HFA384x_ADDR_CMD_MKPAGE(pdaloc[i].cardaddr);
 
2849                 curroffset = HFA384x_ADDR_CMD_MKOFF(pdaloc[i].cardaddr);
 
2851                 result = hfa384x_dormem_wait(hw,
 
2855                         len);           /* units of bytes */
 
2859                                           "Read from index %zd failed, continuing\n",
 
2864                 /* Test for garbage */
 
2865                 pdaok = 1;      /* initially assume good */
 
2867                 while ( pdaok && morepdrs ) {
 
2868                         pdrlen = hfa384x2host_16(pda[currpdr]) * 2;
 
2869                         pdrcode = hfa384x2host_16(pda[currpdr+1]);
 
2870                         /* Test the record length */
 
2871                         if ( pdrlen > HFA384x_PDR_LEN_MAX || pdrlen == 0) {
 
2872                                 WLAN_LOG_ERROR("pdrlen invalid=%d\n",
 
2878                         if ( !hfa384x_isgood_pdrcode(pdrcode) ) {
 
2879                                 WLAN_LOG_ERROR("pdrcode invalid=%d\n",
 
2884                         /* Test for completion */
 
2885                         if ( pdrcode == HFA384x_PDR_END_OF_PDA) {
 
2889                         /* Move to the next pdr (if necessary) */
 
2891                                 /* note the access to pda[], need words here */
 
2892                                 currpdr += hfa384x2host_16(pda[currpdr]) + 1;
 
2897                                 "PDA Read from 0x%08x in %s space.\n",
 
2899                                 pdaloc[i].auxctl == 0 ? "EXTDS" :
 
2900                                 pdaloc[i].auxctl == 1 ? "NV" :
 
2901                                 pdaloc[i].auxctl == 2 ? "PHY" :
 
2902                                 pdaloc[i].auxctl == 3 ? "ICSRAM" :
 
2907         result = pdaok ? 0 : -ENODATA;
 
2910                 WLAN_LOG_DEBUG(3,"Failure: pda is not okay\n");
 
2918 /*----------------------------------------------------------------
 
2919 * hfa384x_drvr_setconfig
 
2921 * Performs the sequence necessary to write a config/info item.
 
2924 *       hw              device structure
 
2925 *       rid             config/info record id (in host order)
 
2926 *       buf             host side record buffer
 
2927 *       len             buffer length (in bytes)
 
2931 *       >0              f/w reported error - f/w status code
 
2932 *       <0              driver reported error
 
2938 ----------------------------------------------------------------*/
 
2939 int hfa384x_drvr_setconfig(hfa384x_t *hw, u16 rid, void *buf, u16 len)
 
2941         return hfa384x_dowrid_wait(hw, rid, buf, len);
 
2944 /*----------------------------------------------------------------
 
2945 * hfa384x_drvr_start
 
2947 * Issues the MAC initialize command, sets up some data structures,
 
2948 * and enables the interrupts.  After this function completes, the
 
2949 * low-level stuff should be ready for any/all commands.
 
2952 *       hw              device structure
 
2955 *       >0              f/w reported error - f/w status code
 
2956 *       <0              driver reported error
 
2962 ----------------------------------------------------------------*/
 
2964 int hfa384x_drvr_start(hfa384x_t *hw)
 
2966         int             result, result1, result2;
 
2972         /* Clear endpoint stalls - but only do this if the endpoint
 
2973          * is showing a stall status. Some prism2 cards seem to behave
 
2974          * badly if a clear_halt is called when the endpoint is already
 
2977         result = usb_get_status(hw->usb, USB_RECIP_ENDPOINT, hw->endp_in, &status);
 
2980                         "Cannot get bulk in endpoint status.\n");
 
2983         if ((status == 1) && usb_clear_halt(hw->usb, hw->endp_in)) {
 
2985                         "Failed to reset bulk in endpoint.\n");
 
2988         result = usb_get_status(hw->usb, USB_RECIP_ENDPOINT, hw->endp_out, &status);
 
2991                         "Cannot get bulk out endpoint status.\n");
 
2994         if ((status == 1) && usb_clear_halt(hw->usb, hw->endp_out)) {
 
2996                         "Failed to reset bulk out endpoint.\n");
 
2999         /* Synchronous unlink, in case we're trying to restart the driver */
 
3000         usb_kill_urb(&hw->rx_urb);
 
3002         /* Post the IN urb */
 
3003         result = submit_rx_urb(hw, GFP_KERNEL);
 
3006                         "Fatal, failed to submit RX URB, result=%d\n",
 
3011         /* Call initialize twice, with a 1 second sleep in between.
 
3012          * This is a nasty work-around since many prism2 cards seem to
 
3013          * need time to settle after an init from cold. The second
 
3014          * call to initialize in theory is not necessary - but we call
 
3015          * it anyway as a double insurance policy:
 
3016          * 1) If the first init should fail, the second may well succeed
 
3017          *    and the card can still be used
 
3018          * 2) It helps ensures all is well with the card after the first
 
3019          *    init and settle time.
 
3021         result1 = hfa384x_cmd_initialize(hw);
 
3023         result = result2 = hfa384x_cmd_initialize(hw);
 
3027                                 "cmd_initialize() failed on two attempts, results %d and %d\n",
 
3029                         usb_kill_urb(&hw->rx_urb);
 
3032                         WLAN_LOG_DEBUG(0, "First cmd_initialize() failed (result %d),\n",
 
3034                         WLAN_LOG_DEBUG(0, "but second attempt succeeded. All should be ok\n");
 
3036         } else if (result2 != 0) {
 
3038                         "First cmd_initialize() succeeded, but second attempt failed (result=%d)\n",
 
3040                 WLAN_LOG_WARNING("Most likely the card will be functional\n");
 
3044         hw->state = HFA384x_STATE_RUNNING;
 
3052 /*----------------------------------------------------------------
 
3055 * Shuts down the MAC to the point where it is safe to unload the
 
3056 * driver.  Any subsystem that may be holding a data or function
 
3057 * ptr into the driver must be cleared/deinitialized.
 
3060 *       hw              device structure
 
3063 *       >0              f/w reported error - f/w status code
 
3064 *       <0              driver reported error
 
3070 ----------------------------------------------------------------*/
 
3072 hfa384x_drvr_stop(hfa384x_t *hw)
 
3080         /* There's no need for spinlocks here. The USB "disconnect"
 
3081          * function sets this "removed" flag and then calls us.
 
3083         if ( !hw->wlandev->hwremoved ) {
 
3084                 /* Call initialize to leave the MAC in its 'reset' state */
 
3085                 hfa384x_cmd_initialize(hw);
 
3087                 /* Cancel the rxurb */
 
3088                 usb_kill_urb(&hw->rx_urb);
 
3091         hw->link_status = HFA384x_LINK_NOTCONNECTED;
 
3092         hw->state = HFA384x_STATE_INIT;
 
3094         del_timer_sync(&hw->commsqual_timer);
 
3096         /* Clear all the port status */
 
3097         for ( i = 0; i < HFA384x_NUMPORTS_MAX; i++) {
 
3098                 hw->port_enabled[i] = 0;
 
3105 /*----------------------------------------------------------------
 
3106 * hfa384x_drvr_txframe
 
3108 * Takes a frame from prism2sta and queues it for transmission.
 
3111 *       hw              device structure
 
3112 *       skb             packet buffer struct.  Contains an 802.11
 
3114 *       p80211_hdr      points to the 802.11 header for the packet.
 
3116 *       0               Success and more buffs available
 
3117 *       1               Success but no more buffs
 
3118 *       2               Allocation failure
 
3119 *       4               Buffer full or queue busy
 
3125 ----------------------------------------------------------------*/
 
3126 int hfa384x_drvr_txframe(hfa384x_t *hw, struct sk_buff *skb, p80211_hdr_t *p80211_hdr, p80211_metawep_t *p80211_wep)
 
3129         int             usbpktlen = sizeof(hfa384x_tx_frame_t);
 
3136         if (hw->tx_urb.status == -EINPROGRESS) {
 
3137                 WLAN_LOG_WARNING("TX URB already in use\n");
 
3142         /* Build Tx frame structure */
 
3143         /* Set up the control field */
 
3144         memset(&hw->txbuff.txfrm.desc, 0, sizeof(hw->txbuff.txfrm.desc));
 
3146         /* Setup the usb type field */
 
3147         hw->txbuff.type = host2hfa384x_16(HFA384x_USB_TXFRM);
 
3149         /* Set up the sw_support field to identify this frame */
 
3150         hw->txbuff.txfrm.desc.sw_support = 0x0123;
 
3152 /* Tx complete and Tx exception disable per dleach.  Might be causing
 
3155 //#define DOEXC  SLP -- doboth breaks horribly under load, doexc less so.
 
3157         hw->txbuff.txfrm.desc.tx_control =
 
3158                 HFA384x_TX_MACPORT_SET(0) | HFA384x_TX_STRUCTYPE_SET(1) |
 
3159                 HFA384x_TX_TXEX_SET(1) | HFA384x_TX_TXOK_SET(1);
 
3160 #elif defined(DOEXC)
 
3161         hw->txbuff.txfrm.desc.tx_control =
 
3162                 HFA384x_TX_MACPORT_SET(0) | HFA384x_TX_STRUCTYPE_SET(1) |
 
3163                 HFA384x_TX_TXEX_SET(1) | HFA384x_TX_TXOK_SET(0);
 
3165         hw->txbuff.txfrm.desc.tx_control =
 
3166                 HFA384x_TX_MACPORT_SET(0) | HFA384x_TX_STRUCTYPE_SET(1) |
 
3167                 HFA384x_TX_TXEX_SET(0) | HFA384x_TX_TXOK_SET(0);
 
3169         hw->txbuff.txfrm.desc.tx_control =
 
3170                 host2hfa384x_16(hw->txbuff.txfrm.desc.tx_control);
 
3172         /* copy the header over to the txdesc */
 
3173         memcpy(&(hw->txbuff.txfrm.desc.frame_control), p80211_hdr, sizeof(p80211_hdr_t));
 
3175         /* if we're using host WEP, increase size by IV+ICV */
 
3176         if (p80211_wep->data) {
 
3177                 hw->txbuff.txfrm.desc.data_len = host2hfa384x_16(skb->len+8);
 
3178                 // hw->txbuff.txfrm.desc.tx_control |= HFA384x_TX_NOENCRYPT_SET(1);
 
3181                 hw->txbuff.txfrm.desc.data_len = host2hfa384x_16(skb->len);
 
3184         usbpktlen += skb->len;
 
3186         /* copy over the WEP IV if we are using host WEP */
 
3187         ptr = hw->txbuff.txfrm.data;
 
3188         if (p80211_wep->data) {
 
3189                 memcpy(ptr, p80211_wep->iv, sizeof(p80211_wep->iv));
 
3190                 ptr+= sizeof(p80211_wep->iv);
 
3191                 memcpy(ptr, p80211_wep->data, skb->len);
 
3193                 memcpy(ptr, skb->data, skb->len);
 
3195         /* copy over the packet data */
 
3198         /* copy over the WEP ICV if we are using host WEP */
 
3199         if (p80211_wep->data) {
 
3200                 memcpy(ptr, p80211_wep->icv, sizeof(p80211_wep->icv));
 
3203         /* Send the USB packet */
 
3204         usb_fill_bulk_urb( &(hw->tx_urb), hw->usb,
 
3206                        &(hw->txbuff), ROUNDUP64(usbpktlen),
 
3207                        hfa384x_usbout_callback, hw->wlandev );
 
3208         hw->tx_urb.transfer_flags |= USB_QUEUE_BULK;
 
3211         ret = submit_tx_urb(hw, &hw->tx_urb, GFP_ATOMIC);
 
3214                         "submit_tx_urb() failed, error=%d\n", ret);
 
3223 void hfa384x_tx_timeout(wlandevice_t *wlandev)
 
3225         hfa384x_t       *hw = wlandev->priv;
 
3226         unsigned long flags;
 
3230         spin_lock_irqsave(&hw->ctlxq.lock, flags);
 
3232         if ( !hw->wlandev->hwremoved &&
 
3233              /* Note the bitwise OR, not the logical OR. */
 
3234              ( !test_and_set_bit(WORK_TX_HALT, &hw->usb_flags) |
 
3235                !test_and_set_bit(WORK_RX_HALT, &hw->usb_flags) ) )
 
3237                 schedule_work(&hw->usb_work);
 
3240         spin_unlock_irqrestore(&hw->ctlxq.lock, flags);
 
3245 /*----------------------------------------------------------------
 
3246 * hfa384x_usbctlx_reaper_task
 
3248 * Tasklet to delete dead CTLX objects
 
3251 *       data    ptr to a hfa384x_t
 
3257 ----------------------------------------------------------------*/
 
3258 static void hfa384x_usbctlx_reaper_task(unsigned long data)
 
3260         hfa384x_t       *hw = (hfa384x_t*)data;
 
3261         struct list_head *entry;
 
3262         struct list_head *temp;
 
3263         unsigned long   flags;
 
3267         spin_lock_irqsave(&hw->ctlxq.lock, flags);
 
3269         /* This list is guaranteed to be empty if someone
 
3270          * has unplugged the adapter.
 
3272         list_for_each_safe(entry, temp, &hw->ctlxq.reapable) {
 
3273                 hfa384x_usbctlx_t       *ctlx;
 
3275                 ctlx = list_entry(entry, hfa384x_usbctlx_t, list);
 
3276                 list_del(&ctlx->list);
 
3280         spin_unlock_irqrestore(&hw->ctlxq.lock, flags);
 
3285 /*----------------------------------------------------------------
 
3286 * hfa384x_usbctlx_completion_task
 
3288 * Tasklet to call completion handlers for returned CTLXs
 
3291 *       data    ptr to hfa384x_t
 
3298 ----------------------------------------------------------------*/
 
3299 static void hfa384x_usbctlx_completion_task(unsigned long data)
 
3301         hfa384x_t *hw = (hfa384x_t*)data;
 
3302         struct list_head *entry;
 
3303         struct list_head *temp;
 
3304         unsigned long flags;
 
3310         spin_lock_irqsave(&hw->ctlxq.lock, flags);
 
3312         /* This list is guaranteed to be empty if someone
 
3313          * has unplugged the adapter ...
 
3315         list_for_each_safe(entry, temp, &hw->ctlxq.completing) {
 
3316                 hfa384x_usbctlx_t *ctlx;
 
3318                 ctlx = list_entry(entry, hfa384x_usbctlx_t, list);
 
3320                 /* Call the completion function that this
 
3321                  * command was assigned, assuming it has one.
 
3323                 if ( ctlx->cmdcb != NULL ) {
 
3324                         spin_unlock_irqrestore(&hw->ctlxq.lock, flags);
 
3325                         ctlx->cmdcb(hw, ctlx);
 
3326                         spin_lock_irqsave(&hw->ctlxq.lock, flags);
 
3328                         /* Make sure we don't try and complete
 
3329                          * this CTLX more than once!
 
3333                         /* Did someone yank the adapter out
 
3334                          * while our list was (briefly) unlocked?
 
3336                         if ( hw->wlandev->hwremoved )
 
3344                  * "Reapable" CTLXs are ones which don't have any
 
3345                  * threads waiting for them to die. Hence they must
 
3346                  * be delivered to The Reaper!
 
3348                 if ( ctlx->reapable ) {
 
3349                         /* Move the CTLX off the "completing" list (hopefully)
 
3350                          * on to the "reapable" list where the reaper task
 
3351                          * can find it. And "reapable" means that this CTLX
 
3352                          * isn't sitting on a wait-queue somewhere.
 
3354                         list_move_tail(&ctlx->list, &hw->ctlxq.reapable);
 
3358                 complete(&ctlx->done);
 
3360         spin_unlock_irqrestore(&hw->ctlxq.lock, flags);
 
3363                 tasklet_schedule(&hw->reaper_bh);
 
3368 /*----------------------------------------------------------------
 
3369 * unlocked_usbctlx_cancel_async
 
3371 * Mark the CTLX dead asynchronously, and ensure that the
 
3372 * next command on the queue is run afterwards.
 
3375 *       hw      ptr to the hfa384x_t structure
 
3376 *       ctlx    ptr to a CTLX structure
 
3379 *       0       the CTLX's URB is inactive
 
3380 * -EINPROGRESS  the URB is currently being unlinked
 
3383 *       Either process or interrupt, but presumably interrupt
 
3384 ----------------------------------------------------------------*/
 
3385 static int unlocked_usbctlx_cancel_async(hfa384x_t *hw, hfa384x_usbctlx_t *ctlx)
 
3392          * Try to delete the URB containing our request packet.
 
3393          * If we succeed, then its completion handler will be
 
3394          * called with a status of -ECONNRESET.
 
3396         hw->ctlx_urb.transfer_flags |= URB_ASYNC_UNLINK;
 
3397         ret = usb_unlink_urb(&hw->ctlx_urb);
 
3399         if (ret != -EINPROGRESS) {
 
3401                  * The OUT URB had either already completed
 
3402                  * or was still in the pending queue, so the
 
3403                  * URB's completion function will not be called.
 
3404                  * We will have to complete the CTLX ourselves.
 
3406                 ctlx->state = CTLX_REQ_FAILED;
 
3407                 unlocked_usbctlx_complete(hw, ctlx);
 
3416 /*----------------------------------------------------------------
 
3417 * unlocked_usbctlx_complete
 
3419 * A CTLX has completed.  It may have been successful, it may not
 
3420 * have been. At this point, the CTLX should be quiescent.  The URBs
 
3421 * aren't active and the timers should have been stopped.
 
3423 * The CTLX is migrated to the "completing" queue, and the completing
 
3424 * tasklet is scheduled.
 
3427 *       hw              ptr to a hfa384x_t structure
 
3428 *       ctlx            ptr to a ctlx structure
 
3436 *       Either, assume interrupt
 
3437 ----------------------------------------------------------------*/
 
3438 static void unlocked_usbctlx_complete(hfa384x_t *hw, hfa384x_usbctlx_t *ctlx)
 
3442         /* Timers have been stopped, and ctlx should be in
 
3443          * a terminal state. Retire it from the "active"
 
3446         list_move_tail(&ctlx->list, &hw->ctlxq.completing);
 
3447         tasklet_schedule(&hw->completion_bh);
 
3449         switch (ctlx->state) {
 
3451         case CTLX_REQ_FAILED:
 
3452                 /* This are the correct terminating states. */
 
3456                 WLAN_LOG_ERROR("CTLX[%d] not in a terminating state(%s)\n",
 
3457                                hfa384x2host_16(ctlx->outbuf.type),
 
3458                                ctlxstr(ctlx->state));
 
3465 /*----------------------------------------------------------------
 
3466 * hfa384x_usbctlxq_run
 
3468 * Checks to see if the head item is running.  If not, starts it.
 
3471 *       hw      ptr to hfa384x_t
 
3480 ----------------------------------------------------------------*/
 
3482 hfa384x_usbctlxq_run(hfa384x_t  *hw)
 
3484         unsigned long           flags;
 
3488         spin_lock_irqsave(&hw->ctlxq.lock, flags);
 
3490         /* Only one active CTLX at any one time, because there's no
 
3491          * other (reliable) way to match the response URB to the
 
3494          * Don't touch any of these CTLXs if the hardware
 
3495          * has been removed or the USB subsystem is stalled.
 
3497         if ( !list_empty(&hw->ctlxq.active) ||
 
3498              test_bit(WORK_TX_HALT, &hw->usb_flags) ||
 
3499              hw->wlandev->hwremoved )
 
3502         while ( !list_empty(&hw->ctlxq.pending) ) {
 
3503                 hfa384x_usbctlx_t       *head;
 
3506                 /* This is the first pending command */
 
3507                 head = list_entry(hw->ctlxq.pending.next,
 
3511                 /* We need to split this off to avoid a race condition */
 
3512                 list_move_tail(&head->list, &hw->ctlxq.active);
 
3514                 /* Fill the out packet */
 
3515                 usb_fill_bulk_urb( &(hw->ctlx_urb), hw->usb,
 
3517                                    &(head->outbuf), ROUNDUP64(head->outbufsize),
 
3518                                    hfa384x_ctlxout_callback, hw);
 
3519                 hw->ctlx_urb.transfer_flags |= USB_QUEUE_BULK;
 
3521                 /* Now submit the URB and update the CTLX's state
 
3523                 if ((result = SUBMIT_URB(&hw->ctlx_urb, GFP_ATOMIC)) == 0) {
 
3524                         /* This CTLX is now running on the active queue */
 
3525                         head->state = CTLX_REQ_SUBMITTED;
 
3527                         /* Start the OUT wait timer */
 
3528                         hw->req_timer_done = 0;
 
3529                         hw->reqtimer.expires = jiffies + HZ;
 
3530                         add_timer(&hw->reqtimer);
 
3532                         /* Start the IN wait timer */
 
3533                         hw->resp_timer_done = 0;
 
3534                         hw->resptimer.expires = jiffies + 2*HZ;
 
3535                         add_timer(&hw->resptimer);
 
3540                 if (result == -EPIPE) {
 
3541                         /* The OUT pipe needs resetting, so put
 
3542                          * this CTLX back in the "pending" queue
 
3543                          * and schedule a reset ...
 
3545                         WLAN_LOG_WARNING("%s tx pipe stalled: requesting reset\n",
 
3546                                          hw->wlandev->netdev->name);
 
3547                         list_move(&head->list, &hw->ctlxq.pending);
 
3548                         set_bit(WORK_TX_HALT, &hw->usb_flags);
 
3549                         schedule_work(&hw->usb_work);
 
3553                 if (result == -ESHUTDOWN) {
 
3554                         WLAN_LOG_WARNING("%s urb shutdown!\n",
 
3555                                          hw->wlandev->netdev->name);
 
3559                 WLAN_LOG_ERROR("Failed to submit CTLX[%d]: error=%d\n",
 
3560                                hfa384x2host_16(head->outbuf.type), result);
 
3561                 unlocked_usbctlx_complete(hw, head);
 
3565         spin_unlock_irqrestore(&hw->ctlxq.lock, flags);
 
3571 /*----------------------------------------------------------------
 
3572 * hfa384x_usbin_callback
 
3574 * Callback for URBs on the BULKIN endpoint.
 
3577 *       urb             ptr to the completed urb
 
3586 ----------------------------------------------------------------*/
 
3587 static void hfa384x_usbin_callback(struct urb *urb)
 
3589         wlandevice_t            *wlandev = urb->context;
 
3591         hfa384x_usbin_t         *usbin = (hfa384x_usbin_t *) urb->transfer_buffer;
 
3592         struct sk_buff          *skb = NULL;
 
3607              wlandev->hwremoved )
 
3614         skb = hw->rx_urb_skb;
 
3615         if (!skb || (skb->data != urb->transfer_buffer)) {
 
3618         hw->rx_urb_skb = NULL;
 
3620         /* Check for error conditions within the URB */
 
3621         switch (urb->status) {
 
3625                 /* Check for short packet */
 
3626                 if ( urb->actual_length == 0 ) {
 
3627                         ++(wlandev->linux_stats.rx_errors);
 
3628                         ++(wlandev->linux_stats.rx_length_errors);
 
3634                 WLAN_LOG_WARNING("%s rx pipe stalled: requesting reset\n",
 
3635                                  wlandev->netdev->name);
 
3636                 if ( !test_and_set_bit(WORK_RX_HALT, &hw->usb_flags) )
 
3637                         schedule_work(&hw->usb_work);
 
3638                 ++(wlandev->linux_stats.rx_errors);
 
3645                 if ( !test_and_set_bit(THROTTLE_RX, &hw->usb_flags) &&
 
3646                      !timer_pending(&hw->throttle) ) {
 
3647                         mod_timer(&hw->throttle, jiffies + THROTTLE_JIFFIES);
 
3649                 ++(wlandev->linux_stats.rx_errors);
 
3654                 ++(wlandev->linux_stats.rx_over_errors);
 
3660                 WLAN_LOG_DEBUG(3,"status=%d, device removed.\n", urb->status);
 
3666                 WLAN_LOG_DEBUG(3,"status=%d, urb explicitly unlinked.\n", urb->status);
 
3671                 WLAN_LOG_DEBUG(3,"urb status=%d, transfer flags=0x%x\n",
 
3672                                  urb->status, urb->transfer_flags);
 
3673                 ++(wlandev->linux_stats.rx_errors);
 
3678         urb_status = urb->status;
 
3680         if (action != ABORT) {
 
3681                 /* Repost the RX URB */
 
3682                 result = submit_rx_urb(hw, GFP_ATOMIC);
 
3686                                 "Fatal, failed to resubmit rx_urb. error=%d\n",
 
3691         /* Handle any USB-IN packet */
 
3692         /* Note: the check of the sw_support field, the type field doesn't
 
3693          *       have bit 12 set like the docs suggest.
 
3695         type = hfa384x2host_16(usbin->type);
 
3696         if (HFA384x_USB_ISRXFRM(type)) {
 
3697                 if (action == HANDLE) {
 
3698                         if (usbin->txfrm.desc.sw_support == 0x0123) {
 
3699                                 hfa384x_usbin_txcompl(wlandev, usbin);
 
3701                                 skb_put(skb, sizeof(*usbin));
 
3702                                 hfa384x_usbin_rx(wlandev, skb);
 
3708         if (HFA384x_USB_ISTXFRM(type)) {
 
3709                 if (action == HANDLE)
 
3710                         hfa384x_usbin_txcompl(wlandev, usbin);
 
3714         case HFA384x_USB_INFOFRM:
 
3715                 if (action == ABORT)
 
3717                 if (action == HANDLE)
 
3718                         hfa384x_usbin_info(wlandev, usbin);
 
3721         case HFA384x_USB_CMDRESP:
 
3722         case HFA384x_USB_WRIDRESP:
 
3723         case HFA384x_USB_RRIDRESP:
 
3724         case HFA384x_USB_WMEMRESP:
 
3725         case HFA384x_USB_RMEMRESP:
 
3726                 /* ALWAYS, ALWAYS, ALWAYS handle this CTLX!!!! */
 
3727                 hfa384x_usbin_ctlx(hw, usbin, urb_status);
 
3730         case HFA384x_USB_BUFAVAIL:
 
3731                 WLAN_LOG_DEBUG(3,"Received BUFAVAIL packet, frmlen=%d\n",
 
3732                         usbin->bufavail.frmlen);
 
3735         case HFA384x_USB_ERROR:
 
3736                 WLAN_LOG_DEBUG(3,"Received USB_ERROR packet, errortype=%d\n",
 
3737                         usbin->usberror.errortype);
 
3741                 WLAN_LOG_DEBUG(3,"Unrecognized USBIN packet, type=%x, status=%d\n",
 
3742                         usbin->type, urb_status);
 
3755 /*----------------------------------------------------------------
 
3756 * hfa384x_usbin_ctlx
 
3758 * We've received a URB containing a Prism2 "response" message.
 
3759 * This message needs to be matched up with a CTLX on the active
 
3760 * queue and our state updated accordingly.
 
3763 *       hw              ptr to hfa384x_t
 
3764 *       usbin           ptr to USB IN packet
 
3765 *       urb_status      status of this Bulk-In URB
 
3774 ----------------------------------------------------------------*/
 
3775 static void hfa384x_usbin_ctlx(hfa384x_t *hw, hfa384x_usbin_t *usbin,
 
3778         hfa384x_usbctlx_t       *ctlx;
 
3780         unsigned long           flags;
 
3785         spin_lock_irqsave(&hw->ctlxq.lock, flags);
 
3787         /* There can be only one CTLX on the active queue
 
3788          * at any one time, and this is the CTLX that the
 
3789          * timers are waiting for.
 
3791         if ( list_empty(&hw->ctlxq.active) ) {
 
3795         /* Remove the "response timeout". It's possible that
 
3796          * we are already too late, and that the timeout is
 
3797          * already running. And that's just too bad for us,
 
3798          * because we could lose our CTLX from the active
 
3801         if (del_timer(&hw->resptimer) == 0) {
 
3802                 if (hw->resp_timer_done == 0) {
 
3803                         spin_unlock_irqrestore(&hw->ctlxq.lock, flags);
 
3808                 hw->resp_timer_done = 1;
 
3811         ctlx = get_active_ctlx(hw);
 
3813         if (urb_status != 0) {
 
3815                  * Bad CTLX, so get rid of it. But we only
 
3816                  * remove it from the active queue if we're no
 
3817                  * longer expecting the OUT URB to complete.
 
3819                 if (unlocked_usbctlx_cancel_async(hw, ctlx) == 0)
 
3822                 const u16 intype = (usbin->type&~host2hfa384x_16(0x8000));
 
3825                  * Check that our message is what we're expecting ...
 
3827                 if (ctlx->outbuf.type != intype) {
 
3828                         WLAN_LOG_WARNING("Expected IN[%d], received IN[%d] - ignored.\n",
 
3829                                          hfa384x2host_16(ctlx->outbuf.type),
 
3830                                          hfa384x2host_16(intype));
 
3834                 /* This URB has succeeded, so grab the data ... */
 
3835                 memcpy(&ctlx->inbuf, usbin, sizeof(ctlx->inbuf));
 
3837                 switch (ctlx->state) {
 
3838                 case CTLX_REQ_SUBMITTED:
 
3840                          * We have received our response URB before
 
3841                          * our request has been acknowledged. Odd,
 
3842                          * but our OUT URB is still alive...
 
3844                         WLAN_LOG_DEBUG(0, "Causality violation: please reboot Universe, or email linux-wlan-devel@lists.linux-wlan.com\n");
 
3845                         ctlx->state = CTLX_RESP_COMPLETE;
 
3848                 case CTLX_REQ_COMPLETE:
 
3850                          * This is the usual path: our request
 
3851                          * has already been acknowledged, and
 
3852                          * now we have received the reply too.
 
3854                         ctlx->state = CTLX_COMPLETE;
 
3855                         unlocked_usbctlx_complete(hw, ctlx);
 
3861                          * Throw this CTLX away ...
 
3863                         WLAN_LOG_ERROR("Matched IN URB, CTLX[%d] in invalid state(%s)."
 
3865                                        hfa384x2host_16(ctlx->outbuf.type),
 
3866                                        ctlxstr(ctlx->state));
 
3867                         if (unlocked_usbctlx_cancel_async(hw, ctlx) == 0)
 
3874         spin_unlock_irqrestore(&hw->ctlxq.lock, flags);
 
3877                 hfa384x_usbctlxq_run(hw);
 
3883 /*----------------------------------------------------------------
 
3884 * hfa384x_usbin_txcompl
 
3886 * At this point we have the results of a previous transmit.
 
3889 *       wlandev         wlan device
 
3890 *       usbin           ptr to the usb transfer buffer
 
3899 ----------------------------------------------------------------*/
 
3900 static void hfa384x_usbin_txcompl(wlandevice_t *wlandev, hfa384x_usbin_t *usbin)
 
3905         status = hfa384x2host_16(usbin->type); /* yeah I know it says type...*/
 
3907         /* Was there an error? */
 
3908         if (HFA384x_TXSTATUS_ISERROR(status)) {
 
3909                 prism2sta_ev_txexc(wlandev, status);
 
3911                 prism2sta_ev_tx(wlandev, status);
 
3913         // prism2sta_ev_alloc(wlandev);
 
3919 /*----------------------------------------------------------------
 
3922 * At this point we have a successful received a rx frame packet.
 
3925 *       wlandev         wlan device
 
3926 *       usbin           ptr to the usb transfer buffer
 
3935 ----------------------------------------------------------------*/
 
3936 static void hfa384x_usbin_rx(wlandevice_t *wlandev, struct sk_buff *skb)
 
3938         hfa384x_usbin_t         *usbin = (hfa384x_usbin_t *) skb->data;
 
3939         hfa384x_t               *hw = wlandev->priv;
 
3941         p80211_rxmeta_t         *rxmeta;
 
3947         /* Byte order convert once up front. */
 
3948         usbin->rxfrm.desc.status =
 
3949                 hfa384x2host_16(usbin->rxfrm.desc.status);
 
3950         usbin->rxfrm.desc.time =
 
3951                 hfa384x2host_32(usbin->rxfrm.desc.time);
 
3953         /* Now handle frame based on port# */
 
3954         switch( HFA384x_RXSTATUS_MACPORT_GET(usbin->rxfrm.desc.status) )
 
3957                 fc = ieee2host16(usbin->rxfrm.desc.frame_control);
 
3959                 /* If exclude and we receive an unencrypted, drop it */
 
3960                 if ( (wlandev->hostwep & HOSTWEP_EXCLUDEUNENCRYPTED) &&
 
3961                      !WLAN_GET_FC_ISWEP(fc)){
 
3965                 data_len = hfa384x2host_16(usbin->rxfrm.desc.data_len);
 
3967                 /* How much header data do we have? */
 
3968                 hdrlen = p80211_headerlen(fc);
 
3970                 /* Pull off the descriptor */
 
3971                 skb_pull(skb, sizeof(hfa384x_rx_frame_t));
 
3973                 /* Now shunt the header block up against the data block
 
3974                  * with an "overlapping" copy
 
3976                 memmove(skb_push(skb, hdrlen),
 
3977                         &usbin->rxfrm.desc.frame_control,
 
3980                 skb->dev = wlandev->netdev;
 
3981                 skb->dev->last_rx = jiffies;
 
3983                 /* And set the frame length properly */
 
3984                 skb_trim(skb, data_len + hdrlen);
 
3986                 /* The prism2 series does not return the CRC */
 
3987                 memset(skb_put(skb, WLAN_CRC_LEN), 0xff, WLAN_CRC_LEN);
 
3989                 skb_reset_mac_header(skb);
 
3991                 /* Attach the rxmeta, set some stuff */
 
3992                 p80211skb_rxmeta_attach(wlandev, skb);
 
3993                 rxmeta = P80211SKB_RXMETA(skb);
 
3994                 rxmeta->mactime = usbin->rxfrm.desc.time;
 
3995                 rxmeta->rxrate = usbin->rxfrm.desc.rate;
 
3996                 rxmeta->signal = usbin->rxfrm.desc.signal - hw->dbmadjust;
 
3997                 rxmeta->noise = usbin->rxfrm.desc.silence - hw->dbmadjust;
 
3999                 prism2sta_ev_rx(wlandev, skb);
 
4004                 if ( ! HFA384x_RXSTATUS_ISFCSERR(usbin->rxfrm.desc.status) ) {
 
4005                         /* Copy to wlansnif skb */
 
4006                         hfa384x_int_rxmonitor( wlandev, &usbin->rxfrm);
 
4009                         WLAN_LOG_DEBUG(3,"Received monitor frame: FCSerr set\n");
 
4014                 WLAN_LOG_WARNING("Received frame on unsupported port=%d\n",
 
4015                         HFA384x_RXSTATUS_MACPORT_GET(usbin->rxfrm.desc.status) );
 
4025 /*----------------------------------------------------------------
 
4026 * hfa384x_int_rxmonitor
 
4028 * Helper function for int_rx.  Handles monitor frames.
 
4029 * Note that this function allocates space for the FCS and sets it
 
4030 * to 0xffffffff.  The hfa384x doesn't give us the FCS value but the
 
4031 * higher layers expect it.  0xffffffff is used as a flag to indicate
 
4035 *       wlandev         wlan device structure
 
4036 *       rxfrm           rx descriptor read from card in int_rx
 
4042 *       Allocates an skb and passes it up via the PF_PACKET interface.
 
4045 ----------------------------------------------------------------*/
 
4046 static void hfa384x_int_rxmonitor( wlandevice_t *wlandev, hfa384x_usb_rxfrm_t *rxfrm)
 
4048         hfa384x_rx_frame_t              *rxdesc = &(rxfrm->desc);
 
4049         unsigned int                            hdrlen = 0;
 
4050         unsigned int                            datalen = 0;
 
4051         unsigned int                            skblen = 0;
 
4054         struct sk_buff                  *skb;
 
4055         hfa384x_t                       *hw = wlandev->priv;
 
4059         /* Don't forget the status, time, and data_len fields are in host order */
 
4060         /* Figure out how big the frame is */
 
4061         fc = ieee2host16(rxdesc->frame_control);
 
4062         hdrlen = p80211_headerlen(fc);
 
4063         datalen = hfa384x2host_16(rxdesc->data_len);
 
4065         /* Allocate an ind message+framesize skb */
 
4066         skblen = sizeof(p80211_caphdr_t) +
 
4067                 hdrlen + datalen + WLAN_CRC_LEN;
 
4069         /* sanity check the length */
 
4071              (sizeof(p80211_caphdr_t) +
 
4072               WLAN_HDR_A4_LEN + WLAN_DATA_MAXLEN + WLAN_CRC_LEN) ) {
 
4073                 WLAN_LOG_DEBUG(1, "overlen frm: len=%zd\n",
 
4074                                skblen - sizeof(p80211_caphdr_t));
 
4077         if ( (skb = dev_alloc_skb(skblen)) == NULL ) {
 
4078                 WLAN_LOG_ERROR("alloc_skb failed trying to allocate %d bytes\n", skblen);
 
4082         /* only prepend the prism header if in the right mode */
 
4083         if ((wlandev->netdev->type == ARPHRD_IEEE80211_PRISM) &&
 
4084             (hw->sniffhdr != 0)) {
 
4085                 p80211_caphdr_t         *caphdr;
 
4086                 /* The NEW header format! */
 
4087                 datap = skb_put(skb, sizeof(p80211_caphdr_t));
 
4088                 caphdr = (p80211_caphdr_t*) datap;
 
4090                 caphdr->version =       htonl(P80211CAPTURE_VERSION);
 
4091                 caphdr->length =        htonl(sizeof(p80211_caphdr_t));
 
4092                 caphdr->mactime =       __cpu_to_be64(rxdesc->time) * 1000;
 
4093                 caphdr->hosttime =      __cpu_to_be64(jiffies);
 
4094                 caphdr->phytype =       htonl(4); /* dss_dot11_b */
 
4095                 caphdr->channel =       htonl(hw->sniff_channel);
 
4096                 caphdr->datarate =      htonl(rxdesc->rate);
 
4097                 caphdr->antenna =       htonl(0); /* unknown */
 
4098                 caphdr->priority =      htonl(0); /* unknown */
 
4099                 caphdr->ssi_type =      htonl(3); /* rssi_raw */
 
4100                 caphdr->ssi_signal =    htonl(rxdesc->signal);
 
4101                 caphdr->ssi_noise =     htonl(rxdesc->silence);
 
4102                 caphdr->preamble =      htonl(0); /* unknown */
 
4103                 caphdr->encoding =      htonl(1); /* cck */
 
4106         /* Copy the 802.11 header to the skb (ctl frames may be less than a full header) */
 
4107         datap = skb_put(skb, hdrlen);
 
4108         memcpy( datap, &(rxdesc->frame_control), hdrlen);
 
4110         /* If any, copy the data from the card to the skb */
 
4113                 datap = skb_put(skb, datalen);
 
4114                 memcpy(datap, rxfrm->data, datalen);
 
4116                 /* check for unencrypted stuff if WEP bit set. */
 
4117                 if (*(datap - hdrlen + 1) & 0x40) // wep set
 
4118                   if ((*(datap) == 0xaa) && (*(datap+1) == 0xaa))
 
4119                     *(datap - hdrlen + 1) &= 0xbf; // clear wep; it's the 802.2 header!
 
4122         if (hw->sniff_fcs) {
 
4124                 datap = skb_put(skb, WLAN_CRC_LEN);
 
4125                 memset( datap, 0xff, WLAN_CRC_LEN);
 
4128         /* pass it back up */
 
4129         prism2sta_ev_rx(wlandev, skb);
 
4137 /*----------------------------------------------------------------
 
4138 * hfa384x_usbin_info
 
4140 * At this point we have a successful received a Prism2 info frame.
 
4143 *       wlandev         wlan device
 
4144 *       usbin           ptr to the usb transfer buffer
 
4153 ----------------------------------------------------------------*/
 
4154 static void hfa384x_usbin_info(wlandevice_t *wlandev, hfa384x_usbin_t *usbin)
 
4158         usbin->infofrm.info.framelen = hfa384x2host_16(usbin->infofrm.info.framelen);
 
4159         prism2sta_ev_info(wlandev, &usbin->infofrm.info);
 
4166 /*----------------------------------------------------------------
 
4167 * hfa384x_usbout_callback
 
4169 * Callback for URBs on the BULKOUT endpoint.
 
4172 *       urb             ptr to the completed urb
 
4181 ----------------------------------------------------------------*/
 
4182 static void hfa384x_usbout_callback(struct urb *urb)
 
4184         wlandevice_t            *wlandev = urb->context;
 
4185         hfa384x_usbout_t        *usbout = urb->transfer_buffer;
 
4195                 switch(urb->status) {
 
4197                         hfa384x_usbout_tx(wlandev, usbout);
 
4202                         hfa384x_t *hw = wlandev->priv;
 
4203                         WLAN_LOG_WARNING("%s tx pipe stalled: requesting reset\n",
 
4204                                          wlandev->netdev->name);
 
4205                         if ( !test_and_set_bit(WORK_TX_HALT, &hw->usb_flags) )
 
4206                                 schedule_work(&hw->usb_work);
 
4207                         ++(wlandev->linux_stats.tx_errors);
 
4215                         hfa384x_t *hw = wlandev->priv;
 
4217                         if ( !test_and_set_bit(THROTTLE_TX, &hw->usb_flags)
 
4218                              && !timer_pending(&hw->throttle) ) {
 
4219                                 mod_timer(&hw->throttle,
 
4220                                           jiffies + THROTTLE_JIFFIES);
 
4222                         ++(wlandev->linux_stats.tx_errors);
 
4223                         netif_stop_queue(wlandev->netdev);
 
4229                         /* Ignorable errors */
 
4233                         WLAN_LOG_INFO("unknown urb->status=%d\n", urb->status);
 
4234                         ++(wlandev->linux_stats.tx_errors);
 
4243 /*----------------------------------------------------------------
 
4244 * hfa384x_ctlxout_callback
 
4246 * Callback for control data on the BULKOUT endpoint.
 
4249 *       urb             ptr to the completed urb
 
4258 ----------------------------------------------------------------*/
 
4259 static void hfa384x_ctlxout_callback(struct urb *urb)
 
4261         hfa384x_t       *hw = urb->context;
 
4262         int             delete_resptimer = 0;
 
4265         hfa384x_usbctlx_t       *ctlx;
 
4266         unsigned long   flags;
 
4270         WLAN_LOG_DEBUG(3,"urb->status=%d\n", urb->status);
 
4274         if ( (urb->status == -ESHUTDOWN) ||
 
4275              (urb->status == -ENODEV) ||
 
4280         spin_lock_irqsave(&hw->ctlxq.lock, flags);
 
4283          * Only one CTLX at a time on the "active" list, and
 
4284          * none at all if we are unplugged. However, we can
 
4285          * rely on the disconnect function to clean everything
 
4286          * up if someone unplugged the adapter.
 
4288         if ( list_empty(&hw->ctlxq.active) ) {
 
4289                 spin_unlock_irqrestore(&hw->ctlxq.lock, flags);
 
4294          * Having something on the "active" queue means
 
4295          * that we have timers to worry about ...
 
4297         if (del_timer(&hw->reqtimer) == 0) {
 
4298                 if (hw->req_timer_done == 0) {
 
4300                          * This timer was actually running while we
 
4301                          * were trying to delete it. Let it terminate
 
4302                          * gracefully instead.
 
4304                         spin_unlock_irqrestore(&hw->ctlxq.lock, flags);
 
4309                 hw->req_timer_done = 1;
 
4312         ctlx = get_active_ctlx(hw);
 
4314         if ( urb->status == 0 ) {
 
4315                 /* Request portion of a CTLX is successful */
 
4316                 switch ( ctlx->state ) {
 
4317                 case CTLX_REQ_SUBMITTED:
 
4318                         /* This OUT-ACK received before IN */
 
4319                         ctlx->state = CTLX_REQ_COMPLETE;
 
4322                 case CTLX_RESP_COMPLETE:
 
4323                         /* IN already received before this OUT-ACK,
 
4324                          * so this command must now be complete.
 
4326                         ctlx->state = CTLX_COMPLETE;
 
4327                         unlocked_usbctlx_complete(hw, ctlx);
 
4332                         /* This is NOT a valid CTLX "success" state! */
 
4334                             "Illegal CTLX[%d] success state(%s, %d) in OUT URB\n",
 
4335                             hfa384x2host_16(ctlx->outbuf.type),
 
4336                             ctlxstr(ctlx->state), urb->status);
 
4340                 /* If the pipe has stalled then we need to reset it */
 
4341                 if ( (urb->status == -EPIPE) &&
 
4342                       !test_and_set_bit(WORK_TX_HALT, &hw->usb_flags) ) {
 
4343                         WLAN_LOG_WARNING("%s tx pipe stalled: requesting reset\n",
 
4344                                          hw->wlandev->netdev->name);
 
4345                         schedule_work(&hw->usb_work);
 
4348                 /* If someone cancels the OUT URB then its status
 
4349                  * should be either -ECONNRESET or -ENOENT.
 
4351                 ctlx->state = CTLX_REQ_FAILED;
 
4352                 unlocked_usbctlx_complete(hw, ctlx);
 
4353                 delete_resptimer = 1;
 
4358         if (delete_resptimer) {
 
4359                 if ((timer_ok = del_timer(&hw->resptimer)) != 0) {
 
4360                         hw->resp_timer_done = 1;
 
4364         spin_unlock_irqrestore(&hw->ctlxq.lock, flags);
 
4366         if ( !timer_ok && (hw->resp_timer_done == 0) ) {
 
4367                 spin_lock_irqsave(&hw->ctlxq.lock, flags);
 
4372                 hfa384x_usbctlxq_run(hw);
 
4379 /*----------------------------------------------------------------
 
4380 * hfa384x_usbctlx_reqtimerfn
 
4382 * Timer response function for CTLX request timeouts.  If this
 
4383 * function is called, it means that the callback for the OUT
 
4384 * URB containing a Prism2.x XXX_Request was never called.
 
4387 *       data            a ptr to the hfa384x_t
 
4396 ----------------------------------------------------------------*/
 
4398 hfa384x_usbctlx_reqtimerfn(unsigned long data)
 
4400         hfa384x_t       *hw = (hfa384x_t*)data;
 
4401         unsigned long   flags;
 
4404         spin_lock_irqsave(&hw->ctlxq.lock, flags);
 
4406         hw->req_timer_done = 1;
 
4408         /* Removing the hardware automatically empties
 
4409          * the active list ...
 
4411         if ( !list_empty(&hw->ctlxq.active) )
 
4414                  * We must ensure that our URB is removed from
 
4415                  * the system, if it hasn't already expired.
 
4417                 hw->ctlx_urb.transfer_flags |= URB_ASYNC_UNLINK;
 
4418                 if (usb_unlink_urb(&hw->ctlx_urb) == -EINPROGRESS)
 
4420                         hfa384x_usbctlx_t *ctlx = get_active_ctlx(hw);
 
4422                         ctlx->state = CTLX_REQ_FAILED;
 
4424                         /* This URB was active, but has now been
 
4425                          * cancelled. It will now have a status of
 
4426                          * -ECONNRESET in the callback function.
 
4428                          * We are cancelling this CTLX, so we're
 
4429                          * not going to need to wait for a response.
 
4430                          * The URB's callback function will check
 
4431                          * that this timer is truly dead.
 
4433                         if (del_timer(&hw->resptimer) != 0)
 
4434                                 hw->resp_timer_done = 1;
 
4438         spin_unlock_irqrestore(&hw->ctlxq.lock, flags);
 
4444 /*----------------------------------------------------------------
 
4445 * hfa384x_usbctlx_resptimerfn
 
4447 * Timer response function for CTLX response timeouts.  If this
 
4448 * function is called, it means that the callback for the IN
 
4449 * URB containing a Prism2.x XXX_Response was never called.
 
4452 *       data            a ptr to the hfa384x_t
 
4461 ----------------------------------------------------------------*/
 
4463 hfa384x_usbctlx_resptimerfn(unsigned long data)
 
4465         hfa384x_t *hw = (hfa384x_t*)data;
 
4466         unsigned long   flags;
 
4470         spin_lock_irqsave(&hw->ctlxq.lock, flags);
 
4472         hw->resp_timer_done = 1;
 
4474         /* The active list will be empty if the
 
4475          * adapter has been unplugged ...
 
4477         if ( !list_empty(&hw->ctlxq.active) )
 
4479                 hfa384x_usbctlx_t *ctlx = get_active_ctlx(hw);
 
4481                 if ( unlocked_usbctlx_cancel_async(hw, ctlx) == 0 )
 
4483                         spin_unlock_irqrestore(&hw->ctlxq.lock, flags);
 
4484                         hfa384x_usbctlxq_run(hw);
 
4489         spin_unlock_irqrestore(&hw->ctlxq.lock, flags);
 
4495 /*----------------------------------------------------------------
 
4496 * hfa384x_usb_throttlefn
 
4509 ----------------------------------------------------------------*/
 
4511 hfa384x_usb_throttlefn(unsigned long data)
 
4513         hfa384x_t *hw = (hfa384x_t*)data;
 
4514         unsigned long   flags;
 
4518         spin_lock_irqsave(&hw->ctlxq.lock, flags);
 
4521          * We need to check BOTH the RX and the TX throttle controls,
 
4522          * so we use the bitwise OR instead of the logical OR.
 
4524         WLAN_LOG_DEBUG(3, "flags=0x%lx\n", hw->usb_flags);
 
4525         if ( !hw->wlandev->hwremoved &&
 
4527                (test_and_clear_bit(THROTTLE_RX, &hw->usb_flags) &&
 
4528                !test_and_set_bit(WORK_RX_RESUME, &hw->usb_flags))
 
4530                (test_and_clear_bit(THROTTLE_TX, &hw->usb_flags) &&
 
4531                 !test_and_set_bit(WORK_TX_RESUME, &hw->usb_flags))
 
4534                 schedule_work(&hw->usb_work);
 
4537         spin_unlock_irqrestore(&hw->ctlxq.lock, flags);
 
4543 /*----------------------------------------------------------------
 
4544 * hfa384x_usbctlx_submit
 
4546 * Called from the doxxx functions to submit a CTLX to the queue
 
4549 *       hw              ptr to the hw struct
 
4550 *       ctlx            ctlx structure to enqueue
 
4553 *       -ENODEV if the adapter is unplugged
 
4559 *       process or interrupt
 
4560 ----------------------------------------------------------------*/
 
4562 hfa384x_usbctlx_submit(
 
4564         hfa384x_usbctlx_t       *ctlx)
 
4566         unsigned long flags;
 
4571         spin_lock_irqsave(&hw->ctlxq.lock, flags);
 
4573         if (hw->wlandev->hwremoved) {
 
4574                 spin_unlock_irqrestore(&hw->ctlxq.lock, flags);
 
4577                 ctlx->state = CTLX_PENDING;
 
4578                 list_add_tail(&ctlx->list, &hw->ctlxq.pending);
 
4580                 spin_unlock_irqrestore(&hw->ctlxq.lock, flags);
 
4581                 hfa384x_usbctlxq_run(hw);
 
4590 /*----------------------------------------------------------------
 
4593 * At this point we have finished a send of a frame.  Mark the URB
 
4594 * as available and call ev_alloc to notify higher layers we're
 
4598 *       wlandev         wlan device
 
4599 *       usbout          ptr to the usb transfer buffer
 
4608 ----------------------------------------------------------------*/
 
4609 static void hfa384x_usbout_tx(wlandevice_t *wlandev, hfa384x_usbout_t *usbout)
 
4613         prism2sta_ev_alloc(wlandev);
 
4618 /*----------------------------------------------------------------
 
4619 * hfa384x_isgood_pdrcore
 
4621 * Quick check of PDR codes.
 
4624 *       pdrcode         PDR code number (host order)
 
4633 ----------------------------------------------------------------*/
 
4635 hfa384x_isgood_pdrcode(u16 pdrcode)
 
4638         case HFA384x_PDR_END_OF_PDA:
 
4639         case HFA384x_PDR_PCB_PARTNUM:
 
4640         case HFA384x_PDR_PDAVER:
 
4641         case HFA384x_PDR_NIC_SERIAL:
 
4642         case HFA384x_PDR_MKK_MEASUREMENTS:
 
4643         case HFA384x_PDR_NIC_RAMSIZE:
 
4644         case HFA384x_PDR_MFISUPRANGE:
 
4645         case HFA384x_PDR_CFISUPRANGE:
 
4646         case HFA384x_PDR_NICID:
 
4647         case HFA384x_PDR_MAC_ADDRESS:
 
4648         case HFA384x_PDR_REGDOMAIN:
 
4649         case HFA384x_PDR_ALLOWED_CHANNEL:
 
4650         case HFA384x_PDR_DEFAULT_CHANNEL:
 
4651         case HFA384x_PDR_TEMPTYPE:
 
4652         case HFA384x_PDR_IFR_SETTING:
 
4653         case HFA384x_PDR_RFR_SETTING:
 
4654         case HFA384x_PDR_HFA3861_BASELINE:
 
4655         case HFA384x_PDR_HFA3861_SHADOW:
 
4656         case HFA384x_PDR_HFA3861_IFRF:
 
4657         case HFA384x_PDR_HFA3861_CHCALSP:
 
4658         case HFA384x_PDR_HFA3861_CHCALI:
 
4659         case HFA384x_PDR_3842_NIC_CONFIG:
 
4660         case HFA384x_PDR_USB_ID:
 
4661         case HFA384x_PDR_PCI_ID:
 
4662         case HFA384x_PDR_PCI_IFCONF:
 
4663         case HFA384x_PDR_PCI_PMCONF:
 
4664         case HFA384x_PDR_RFENRGY:
 
4665         case HFA384x_PDR_HFA3861_MANF_TESTSP:
 
4666         case HFA384x_PDR_HFA3861_MANF_TESTI:
 
4671                 if ( pdrcode < 0x1000 ) {
 
4672                         /* code is OK, but we don't know exactly what it is */
 
4674                                 "Encountered unknown PDR#=0x%04x, "
 
4675                                 "assuming it's ok.\n",
 
4681                                 "Encountered unknown PDR#=0x%04x, "
 
4682                                 "(>=0x1000), assuming it's bad.\n",
 
4688         return 0; /* avoid compiler warnings */