drivers/net/tokenring: fix sparse warning: cast truncates bits from const value
[linux-2.6] / drivers / staging / wlan-ng / hfa384x_usb.c
1 /* src/prism2/driver/hfa384x_usb.c
2 *
3 * Functions that talk to the USB variantof the Intersil hfa384x MAC
4 *
5 * Copyright (C) 1999 AbsoluteValue Systems, Inc.  All Rights Reserved.
6 * --------------------------------------------------------------------
7 *
8 * linux-wlan
9 *
10 *   The contents of this file are subject to the Mozilla Public
11 *   License Version 1.1 (the "License"); you may not use this file
12 *   except in compliance with the License. You may obtain a copy of
13 *   the License at http://www.mozilla.org/MPL/
14 *
15 *   Software distributed under the License is distributed on an "AS
16 *   IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
17 *   implied. See the License for the specific language governing
18 *   rights and limitations under the License.
19 *
20 *   Alternatively, the contents of this file may be used under the
21 *   terms of the GNU Public License version 2 (the "GPL"), in which
22 *   case the provisions of the GPL are applicable instead of the
23 *   above.  If you wish to allow the use of your version of this file
24 *   only under the terms of the GPL and not to allow others to use
25 *   your version of this file under the MPL, indicate your decision
26 *   by deleting the provisions above and replace them with the notice
27 *   and other provisions required by the GPL.  If you do not delete
28 *   the provisions above, a recipient may use your version of this
29 *   file under either the MPL or the GPL.
30 *
31 * --------------------------------------------------------------------
32 *
33 * Inquiries regarding the linux-wlan Open Source project can be
34 * made directly to:
35 *
36 * AbsoluteValue Systems Inc.
37 * info@linux-wlan.com
38 * http://www.linux-wlan.com
39 *
40 * --------------------------------------------------------------------
41 *
42 * Portions of the development of this software were funded by
43 * Intersil Corporation as part of PRISM(R) chipset product development.
44 *
45 * --------------------------------------------------------------------
46 *
47 * This file implements functions that correspond to the prism2/hfa384x
48 * 802.11 MAC hardware and firmware host interface.
49 *
50 * The functions can be considered to represent several levels of
51 * abstraction.  The lowest level functions are simply C-callable wrappers
52 * around the register accesses.  The next higher level represents C-callable
53 * prism2 API functions that match the Intersil documentation as closely
54 * as is reasonable.  The next higher layer implements common sequences
55 * of invokations of the API layer (e.g. write to bap, followed by cmd).
56 *
57 * Common sequences:
58 * hfa384x_drvr_xxx      Highest level abstractions provided by the
59 *                       hfa384x code.  They are driver defined wrappers
60 *                       for common sequences.  These functions generally
61 *                       use the services of the lower levels.
62 *
63 * hfa384x_drvr_xxxconfig  An example of the drvr level abstraction. These
64 *                       functions are wrappers for the RID get/set
65 *                       sequence. They  call copy_[to|from]_bap() and
66 *                       cmd_access().   These functions operate on the
67 *                       RIDs and buffers without validation.  The caller
68 *                       is responsible for that.
69 *
70 * API wrapper functions:
71 * hfa384x_cmd_xxx       functions that provide access to the f/w commands.
72 *                       The function arguments correspond to each command
73 *                       argument, even command arguments that get packed
74 *                       into single registers.  These functions _just_
75 *                       issue the command by setting the cmd/parm regs
76 *                       & reading the status/resp regs.  Additional
77 *                       activities required to fully use a command
78 *                       (read/write from/to bap, get/set int status etc.)
79 *                       are implemented separately.  Think of these as
80 *                       C-callable prism2 commands.
81 *
82 * Lowest Layer Functions:
83 * hfa384x_docmd_xxx     These functions implement the sequence required
84 *                       to issue any prism2 command.  Primarily used by the
85 *                       hfa384x_cmd_xxx functions.
86 *
87 * hfa384x_bap_xxx       BAP read/write access functions.
88 *                       Note: we usually use BAP0 for non-interrupt context
89 *                        and BAP1 for interrupt context.
90 *
91 * hfa384x_dl_xxx        download related functions.
92 *
93 * Driver State Issues:
94 * Note that there are two pairs of functions that manage the
95 * 'initialized' and 'running' states of the hw/MAC combo.  The four
96 * functions are create(), destroy(), start(), and stop().  create()
97 * sets up the data structures required to support the hfa384x_*
98 * functions and destroy() cleans them up.  The start() function gets
99 * the actual hardware running and enables the interrupts.  The stop()
100 * function shuts the hardware down.  The sequence should be:
101 * create()
102 * start()
103 *  .
104 *  .  Do interesting things w/ the hardware
105 *  .
106 * stop()
107 * destroy()
108 *
109 * Note that destroy() can be called without calling stop() first.
110 * --------------------------------------------------------------------
111 */
112
113 /*================================================================*/
114 /* System Includes */
115 #define WLAN_DBVAR      prism2_debug
116
117 #include <linux/version.h>
118
119 #include <linux/module.h>
120 #include <linux/kernel.h>
121 #include <linux/sched.h>
122 #include <linux/types.h>
123 #include <linux/slab.h>
124 #include <linux/wireless.h>
125 #include <linux/netdevice.h>
126 #include <linux/timer.h>
127 #include <asm/io.h>
128 #include <linux/delay.h>
129 #include <asm/byteorder.h>
130 #include <asm/bitops.h>
131 #include <linux/list.h>
132 #include <linux/usb.h>
133
134 #include "wlan_compat.h"
135
136 #define SUBMIT_URB(u,f)  usb_submit_urb(u,f)
137
138 /*================================================================*/
139 /* Project Includes */
140
141 #include "p80211types.h"
142 #include "p80211hdr.h"
143 #include "p80211mgmt.h"
144 #include "p80211conv.h"
145 #include "p80211msg.h"
146 #include "p80211netdev.h"
147 #include "p80211req.h"
148 #include "p80211metadef.h"
149 #include "p80211metastruct.h"
150 #include "hfa384x.h"
151 #include "prism2mgmt.h"
152
153 /*================================================================*/
154 /* Local Constants */
155
156 enum cmd_mode
157 {
158   DOWAIT = 0,
159   DOASYNC
160 };
161 typedef enum cmd_mode CMD_MODE;
162
163 #define THROTTLE_JIFFIES        (HZ/8)
164
165 /*================================================================*/
166 /* Local Macros */
167
168 #define ROUNDUP64(a) (((a)+63)&~63)
169
170 /*================================================================*/
171 /* Local Types */
172
173 /*================================================================*/
174 /* Local Static Definitions */
175 extern int prism2_debug;
176
177 /*================================================================*/
178 /* Local Function Declarations */
179
180 #ifdef DEBUG_USB
181 static void
182 dbprint_urb(struct urb* urb);
183 #endif
184
185 static void
186 hfa384x_int_rxmonitor(
187         wlandevice_t *wlandev,
188         hfa384x_usb_rxfrm_t *rxfrm);
189
190 static void
191 hfa384x_usb_defer(struct work_struct *data);
192
193 static int
194 submit_rx_urb(hfa384x_t *hw, gfp_t flags);
195
196 static int
197 submit_tx_urb(hfa384x_t *hw, struct urb *tx_urb, gfp_t flags);
198
199 /*---------------------------------------------------*/
200 /* Callbacks */
201 static void
202 hfa384x_usbout_callback(struct urb *urb);
203 static void
204 hfa384x_ctlxout_callback(struct urb *urb);
205 static void
206 hfa384x_usbin_callback(struct urb *urb);
207
208 static void
209 hfa384x_usbin_txcompl(wlandevice_t *wlandev, hfa384x_usbin_t *usbin);
210
211 static void
212 hfa384x_usbin_rx(wlandevice_t *wlandev, struct sk_buff *skb);
213
214 static void
215 hfa384x_usbin_info(wlandevice_t *wlandev, hfa384x_usbin_t *usbin);
216
217 static void
218 hfa384x_usbout_tx(wlandevice_t *wlandev, hfa384x_usbout_t *usbout);
219
220 static void hfa384x_usbin_ctlx(hfa384x_t *hw, hfa384x_usbin_t *usbin,
221                                int urb_status);
222
223 /*---------------------------------------------------*/
224 /* Functions to support the prism2 usb command queue */
225
226 static void
227 hfa384x_usbctlxq_run(hfa384x_t *hw);
228
229 static void
230 hfa384x_usbctlx_reqtimerfn(unsigned long data);
231
232 static void
233 hfa384x_usbctlx_resptimerfn(unsigned long data);
234
235 static void
236 hfa384x_usb_throttlefn(unsigned long data);
237
238 static void
239 hfa384x_usbctlx_completion_task(unsigned long data);
240
241 static void
242 hfa384x_usbctlx_reaper_task(unsigned long data);
243
244 static int
245 hfa384x_usbctlx_submit(hfa384x_t *hw, hfa384x_usbctlx_t *ctlx);
246
247 static void
248 unlocked_usbctlx_complete(hfa384x_t *hw, hfa384x_usbctlx_t *ctlx);
249
250 struct usbctlx_completor
251 {
252         int (*complete)(struct usbctlx_completor*);
253 };
254 typedef struct usbctlx_completor usbctlx_completor_t;
255
256 static int
257 hfa384x_usbctlx_complete_sync(hfa384x_t *hw,
258                               hfa384x_usbctlx_t *ctlx,
259                               usbctlx_completor_t *completor);
260
261 static int
262 unlocked_usbctlx_cancel_async(hfa384x_t *hw, hfa384x_usbctlx_t *ctlx);
263
264 static void
265 hfa384x_cb_status(hfa384x_t *hw, const hfa384x_usbctlx_t *ctlx);
266
267 static void
268 hfa384x_cb_rrid(hfa384x_t *hw, const hfa384x_usbctlx_t *ctlx);
269
270 static int
271 usbctlx_get_status(const hfa384x_usb_cmdresp_t *cmdresp,
272                    hfa384x_cmdresult_t *result);
273
274 static void
275 usbctlx_get_rridresult(const hfa384x_usb_rridresp_t *rridresp,
276                        hfa384x_rridresult_t *result);
277
278 /*---------------------------------------------------*/
279 /* Low level req/resp CTLX formatters and submitters */
280 static int
281 hfa384x_docmd(
282         hfa384x_t *hw,
283         CMD_MODE mode,
284         hfa384x_metacmd_t *cmd,
285         ctlx_cmdcb_t cmdcb,
286         ctlx_usercb_t usercb,
287         void    *usercb_data);
288
289 static int
290 hfa384x_dorrid(
291         hfa384x_t *hw,
292         CMD_MODE mode,
293         u16     rid,
294         void    *riddata,
295         unsigned int    riddatalen,
296         ctlx_cmdcb_t cmdcb,
297         ctlx_usercb_t usercb,
298         void    *usercb_data);
299
300 static int
301 hfa384x_dowrid(
302         hfa384x_t *hw,
303         CMD_MODE mode,
304         u16     rid,
305         void    *riddata,
306         unsigned int    riddatalen,
307         ctlx_cmdcb_t cmdcb,
308         ctlx_usercb_t usercb,
309         void    *usercb_data);
310
311 static int
312 hfa384x_dormem(
313         hfa384x_t *hw,
314         CMD_MODE mode,
315         u16     page,
316         u16     offset,
317         void    *data,
318         unsigned int    len,
319         ctlx_cmdcb_t cmdcb,
320         ctlx_usercb_t usercb,
321         void    *usercb_data);
322
323 static int
324 hfa384x_dowmem(
325         hfa384x_t *hw,
326         CMD_MODE mode,
327         u16     page,
328         u16     offset,
329         void    *data,
330         unsigned int    len,
331         ctlx_cmdcb_t cmdcb,
332         ctlx_usercb_t usercb,
333         void    *usercb_data);
334
335 static int
336 hfa384x_isgood_pdrcode(u16 pdrcode);
337
338 /*================================================================*/
339 /* Function Definitions */
340 static inline const char* ctlxstr(CTLX_STATE s)
341 {
342         static const char* ctlx_str[] = {
343                 "Initial state",
344                 "Complete",
345                 "Request failed",
346                 "Request pending",
347                 "Request packet submitted",
348                 "Request packet completed",
349                 "Response packet completed"
350         };
351
352         return ctlx_str[s];
353 };
354
355
356 static inline hfa384x_usbctlx_t*
357 get_active_ctlx(hfa384x_t *hw)
358 {
359         return list_entry(hw->ctlxq.active.next, hfa384x_usbctlx_t, list);
360 }
361
362
363 #ifdef DEBUG_USB
364 void
365 dbprint_urb(struct urb* urb)
366 {
367         WLAN_LOG_DEBUG(3,"urb->pipe=0x%08x\n", urb->pipe);
368         WLAN_LOG_DEBUG(3,"urb->status=0x%08x\n", urb->status);
369         WLAN_LOG_DEBUG(3,"urb->transfer_flags=0x%08x\n", urb->transfer_flags);
370         WLAN_LOG_DEBUG(3,"urb->transfer_buffer=0x%08x\n", (unsigned int)urb->transfer_buffer);
371         WLAN_LOG_DEBUG(3,"urb->transfer_buffer_length=0x%08x\n", urb->transfer_buffer_length);
372         WLAN_LOG_DEBUG(3,"urb->actual_length=0x%08x\n", urb->actual_length);
373         WLAN_LOG_DEBUG(3,"urb->bandwidth=0x%08x\n", urb->bandwidth);
374         WLAN_LOG_DEBUG(3,"urb->setup_packet(ctl)=0x%08x\n", (unsigned int)urb->setup_packet);
375         WLAN_LOG_DEBUG(3,"urb->start_frame(iso/irq)=0x%08x\n", urb->start_frame);
376         WLAN_LOG_DEBUG(3,"urb->interval(irq)=0x%08x\n", urb->interval);
377         WLAN_LOG_DEBUG(3,"urb->error_count(iso)=0x%08x\n", urb->error_count);
378         WLAN_LOG_DEBUG(3,"urb->timeout=0x%08x\n", urb->timeout);
379         WLAN_LOG_DEBUG(3,"urb->context=0x%08x\n", (unsigned int)urb->context);
380         WLAN_LOG_DEBUG(3,"urb->complete=0x%08x\n", (unsigned int)urb->complete);
381 }
382 #endif
383
384
385 /*----------------------------------------------------------------
386 * submit_rx_urb
387 *
388 * Listen for input data on the BULK-IN pipe. If the pipe has
389 * stalled then schedule it to be reset.
390 *
391 * Arguments:
392 *       hw              device struct
393 *       memflags        memory allocation flags
394 *
395 * Returns:
396 *       error code from submission
397 *
398 * Call context:
399 *       Any
400 ----------------------------------------------------------------*/
401 static int
402 submit_rx_urb(hfa384x_t *hw, gfp_t memflags)
403 {
404         struct sk_buff *skb;
405         int result;
406
407         DBFENTER;
408
409         skb = dev_alloc_skb(sizeof(hfa384x_usbin_t));
410         if (skb == NULL) {
411                 result = -ENOMEM;
412                 goto done;
413         }
414
415         /* Post the IN urb */
416         usb_fill_bulk_urb(&hw->rx_urb, hw->usb,
417                       hw->endp_in,
418                       skb->data, sizeof(hfa384x_usbin_t),
419                       hfa384x_usbin_callback, hw->wlandev);
420
421         hw->rx_urb_skb = skb;
422
423         result = -ENOLINK;
424         if ( !hw->wlandev->hwremoved && !test_bit(WORK_RX_HALT, &hw->usb_flags)) {
425                 result = SUBMIT_URB(&hw->rx_urb, memflags);
426
427                 /* Check whether we need to reset the RX pipe */
428                 if (result == -EPIPE) {
429                         WLAN_LOG_WARNING("%s rx pipe stalled: requesting reset\n",
430                                          hw->wlandev->netdev->name);
431                         if ( !test_and_set_bit(WORK_RX_HALT, &hw->usb_flags) )
432                                 schedule_work(&hw->usb_work);
433                 }
434         }
435
436         /* Don't leak memory if anything should go wrong */
437         if (result != 0) {
438                 dev_kfree_skb(skb);
439                 hw->rx_urb_skb = NULL;
440         }
441
442  done:
443
444         DBFEXIT;
445         return result;
446 }
447
448 /*----------------------------------------------------------------
449 * submit_tx_urb
450 *
451 * Prepares and submits the URB of transmitted data. If the
452 * submission fails then it will schedule the output pipe to
453 * be reset.
454 *
455 * Arguments:
456 *       hw              device struct
457 *       tx_urb          URB of data for tranmission
458 *       memflags        memory allocation flags
459 *
460 * Returns:
461 *       error code from submission
462 *
463 * Call context:
464 *       Any
465 ----------------------------------------------------------------*/
466 static int
467 submit_tx_urb(hfa384x_t *hw, struct urb *tx_urb, gfp_t memflags)
468 {
469         struct net_device *netdev = hw->wlandev->netdev;
470         int result;
471
472         DBFENTER;
473
474         result = -ENOLINK;
475         if ( netif_running(netdev) ) {
476
477                 if ( !hw->wlandev->hwremoved && !test_bit(WORK_TX_HALT, &hw->usb_flags) ) {
478                         result = SUBMIT_URB(tx_urb, memflags);
479
480                         /* Test whether we need to reset the TX pipe */
481                         if (result == -EPIPE) {
482                                 WLAN_LOG_WARNING("%s tx pipe stalled: requesting reset\n",
483                                                  netdev->name);
484                                 set_bit(WORK_TX_HALT, &hw->usb_flags);
485                                 schedule_work(&hw->usb_work);
486                         } else if (result == 0) {
487                                 netif_stop_queue(netdev);
488                         }
489                 }
490         }
491
492         DBFEXIT;
493
494         return result;
495 }
496
497 /*----------------------------------------------------------------
498 * hfa394x_usb_defer
499 *
500 * There are some things that the USB stack cannot do while
501 * in interrupt context, so we arrange this function to run
502 * in process context.
503 *
504 * Arguments:
505 *       hw      device structure
506 *
507 * Returns:
508 *       nothing
509 *
510 * Call context:
511 *       process (by design)
512 ----------------------------------------------------------------*/
513 static void
514 hfa384x_usb_defer(struct work_struct *data)
515 {
516         hfa384x_t *hw = container_of(data, struct hfa384x, usb_work);
517         struct net_device *netdev = hw->wlandev->netdev;
518
519         DBFENTER;
520
521         /* Don't bother trying to reset anything if the plug
522          * has been pulled ...
523          */
524         if ( hw->wlandev->hwremoved ) {
525                 DBFEXIT;
526                 return;
527         }
528
529         /* Reception has stopped: try to reset the input pipe */
530         if (test_bit(WORK_RX_HALT, &hw->usb_flags)) {
531                 int ret;
532
533                 usb_kill_urb(&hw->rx_urb);  /* Cannot be holding spinlock! */
534
535                 ret = usb_clear_halt(hw->usb, hw->endp_in);
536                 if (ret != 0) {
537                         printk(KERN_ERR
538                                "Failed to clear rx pipe for %s: err=%d\n",
539                                netdev->name, ret);
540                 } else {
541                         printk(KERN_INFO "%s rx pipe reset complete.\n",
542                                          netdev->name);
543                         clear_bit(WORK_RX_HALT, &hw->usb_flags);
544                         set_bit(WORK_RX_RESUME, &hw->usb_flags);
545                 }
546         }
547
548         /* Resume receiving data back from the device. */
549         if ( test_bit(WORK_RX_RESUME, &hw->usb_flags) ) {
550                 int ret;
551
552                 ret = submit_rx_urb(hw, GFP_KERNEL);
553                 if (ret != 0) {
554                         printk(KERN_ERR
555                                "Failed to resume %s rx pipe.\n", netdev->name);
556                 } else {
557                         clear_bit(WORK_RX_RESUME, &hw->usb_flags);
558                 }
559         }
560
561         /* Transmission has stopped: try to reset the output pipe */
562         if (test_bit(WORK_TX_HALT, &hw->usb_flags)) {
563                 int ret;
564
565                 usb_kill_urb(&hw->tx_urb);
566                 ret = usb_clear_halt(hw->usb, hw->endp_out);
567                 if (ret != 0) {
568                         printk(KERN_ERR
569                                "Failed to clear tx pipe for %s: err=%d\n",
570                                netdev->name, ret);
571                 } else {
572                         printk(KERN_INFO "%s tx pipe reset complete.\n",
573                                          netdev->name);
574                         clear_bit(WORK_TX_HALT, &hw->usb_flags);
575                         set_bit(WORK_TX_RESUME, &hw->usb_flags);
576
577                         /* Stopping the BULK-OUT pipe also blocked
578                          * us from sending any more CTLX URBs, so
579                          * we need to re-run our queue ...
580                          */
581                         hfa384x_usbctlxq_run(hw);
582                 }
583         }
584
585         /* Resume transmitting. */
586         if ( test_and_clear_bit(WORK_TX_RESUME, &hw->usb_flags) ) {
587                 netif_wake_queue(hw->wlandev->netdev);
588         }
589
590         DBFEXIT;
591 }
592
593
594 /*----------------------------------------------------------------
595 * hfa384x_create
596 *
597 * Sets up the hfa384x_t data structure for use.  Note this
598 * does _not_ intialize the actual hardware, just the data structures
599 * we use to keep track of its state.
600 *
601 * Arguments:
602 *       hw              device structure
603 *       irq             device irq number
604 *       iobase          i/o base address for register access
605 *       membase         memory base address for register access
606 *
607 * Returns:
608 *       nothing
609 *
610 * Side effects:
611 *
612 * Call context:
613 *       process
614 ----------------------------------------------------------------*/
615 void
616 hfa384x_create( hfa384x_t *hw, struct usb_device *usb)
617 {
618         DBFENTER;
619
620         memset(hw, 0, sizeof(hfa384x_t));
621         hw->usb = usb;
622
623         /* set up the endpoints */
624         hw->endp_in = usb_rcvbulkpipe(usb, 1);
625         hw->endp_out = usb_sndbulkpipe(usb, 2);
626
627         /* Set up the waitq */
628         init_waitqueue_head(&hw->cmdq);
629
630         /* Initialize the command queue */
631         spin_lock_init(&hw->ctlxq.lock);
632         INIT_LIST_HEAD(&hw->ctlxq.pending);
633         INIT_LIST_HEAD(&hw->ctlxq.active);
634         INIT_LIST_HEAD(&hw->ctlxq.completing);
635         INIT_LIST_HEAD(&hw->ctlxq.reapable);
636
637         /* Initialize the authentication queue */
638         skb_queue_head_init(&hw->authq);
639
640         tasklet_init(&hw->reaper_bh,
641                      hfa384x_usbctlx_reaper_task,
642                      (unsigned long)hw);
643         tasklet_init(&hw->completion_bh,
644                      hfa384x_usbctlx_completion_task,
645                      (unsigned long)hw);
646         INIT_WORK(&hw->link_bh, prism2sta_processing_defer);
647         INIT_WORK(&hw->usb_work, hfa384x_usb_defer);
648
649         init_timer(&hw->throttle);
650         hw->throttle.function = hfa384x_usb_throttlefn;
651         hw->throttle.data = (unsigned long)hw;
652
653         init_timer(&hw->resptimer);
654         hw->resptimer.function = hfa384x_usbctlx_resptimerfn;
655         hw->resptimer.data = (unsigned long)hw;
656
657         init_timer(&hw->reqtimer);
658         hw->reqtimer.function = hfa384x_usbctlx_reqtimerfn;
659         hw->reqtimer.data = (unsigned long)hw;
660
661         usb_init_urb(&hw->rx_urb);
662         usb_init_urb(&hw->tx_urb);
663         usb_init_urb(&hw->ctlx_urb);
664
665         hw->link_status = HFA384x_LINK_NOTCONNECTED;
666         hw->state = HFA384x_STATE_INIT;
667
668         INIT_WORK(&hw->commsqual_bh, prism2sta_commsqual_defer);
669         init_timer(&hw->commsqual_timer);
670         hw->commsqual_timer.data = (unsigned long) hw;
671         hw->commsqual_timer.function = prism2sta_commsqual_timer;
672
673         DBFEXIT;
674 }
675
676
677 /*----------------------------------------------------------------
678 * hfa384x_destroy
679 *
680 * Partner to hfa384x_create().  This function cleans up the hw
681 * structure so that it can be freed by the caller using a simple
682 * kfree.  Currently, this function is just a placeholder.  If, at some
683 * point in the future, an hw in the 'shutdown' state requires a 'deep'
684 * kfree, this is where it should be done.  Note that if this function
685 * is called on a _running_ hw structure, the drvr_stop() function is
686 * called.
687 *
688 * Arguments:
689 *       hw              device structure
690 *
691 * Returns:
692 *       nothing, this function is not allowed to fail.
693 *
694 * Side effects:
695 *
696 * Call context:
697 *       process
698 ----------------------------------------------------------------*/
699 void
700 hfa384x_destroy( hfa384x_t *hw)
701 {
702         struct sk_buff *skb;
703
704         DBFENTER;
705
706         if ( hw->state == HFA384x_STATE_RUNNING ) {
707                 hfa384x_drvr_stop(hw);
708         }
709         hw->state = HFA384x_STATE_PREINIT;
710
711         if (hw->scanresults) {
712                 kfree(hw->scanresults);
713                 hw->scanresults = NULL;
714         }
715
716         /* Now to clean out the auth queue */
717         while ( (skb = skb_dequeue(&hw->authq)) ) {
718                 dev_kfree_skb(skb);
719         }
720
721         DBFEXIT;
722 }
723
724
725 /*----------------------------------------------------------------
726  */
727 static hfa384x_usbctlx_t* usbctlx_alloc(void)
728 {
729         hfa384x_usbctlx_t *ctlx;
730
731         ctlx = kmalloc(sizeof(*ctlx), in_interrupt() ? GFP_ATOMIC : GFP_KERNEL);
732         if (ctlx != NULL)
733         {
734                 memset(ctlx, 0, sizeof(*ctlx));
735                 init_completion(&ctlx->done);
736         }
737
738         return ctlx;
739 }
740
741
742 /*----------------------------------------------------------------
743  *
744 ----------------------------------------------------------------*/
745 static int
746 usbctlx_get_status(const hfa384x_usb_cmdresp_t *cmdresp,
747                    hfa384x_cmdresult_t *result)
748 {
749         DBFENTER;
750
751         result->status = hfa384x2host_16(cmdresp->status);
752         result->resp0 = hfa384x2host_16(cmdresp->resp0);
753         result->resp1 = hfa384x2host_16(cmdresp->resp1);
754         result->resp2 = hfa384x2host_16(cmdresp->resp2);
755
756         WLAN_LOG_DEBUG(4, "cmdresult:status=0x%04x "
757                           "resp0=0x%04x resp1=0x%04x resp2=0x%04x\n",
758                         result->status,
759                         result->resp0,
760                         result->resp1,
761                         result->resp2);
762
763         DBFEXIT;
764         return (result->status & HFA384x_STATUS_RESULT);
765 }
766
767 static void
768 usbctlx_get_rridresult(const hfa384x_usb_rridresp_t *rridresp,
769                        hfa384x_rridresult_t *result)
770 {
771         DBFENTER;
772
773         result->rid = hfa384x2host_16(rridresp->rid);
774         result->riddata = rridresp->data;
775         result->riddata_len = ((hfa384x2host_16(rridresp->frmlen) - 1) * 2);
776
777         DBFEXIT;
778 }
779
780
781 /*----------------------------------------------------------------
782 * Completor object:
783 * This completor must be passed to hfa384x_usbctlx_complete_sync()
784 * when processing a CTLX that returns a hfa384x_cmdresult_t structure.
785 ----------------------------------------------------------------*/
786 struct usbctlx_cmd_completor
787 {
788         usbctlx_completor_t     head;
789
790         const hfa384x_usb_cmdresp_t     *cmdresp;
791         hfa384x_cmdresult_t     *result;
792 };
793 typedef struct usbctlx_cmd_completor usbctlx_cmd_completor_t;
794
795 static int usbctlx_cmd_completor_fn(usbctlx_completor_t *head)
796 {
797         usbctlx_cmd_completor_t *complete = (usbctlx_cmd_completor_t*)head;
798         return usbctlx_get_status(complete->cmdresp, complete->result);
799 }
800
801 static inline usbctlx_completor_t*
802 init_cmd_completor(usbctlx_cmd_completor_t *completor,
803                    const hfa384x_usb_cmdresp_t *cmdresp,
804                    hfa384x_cmdresult_t *result)
805 {
806         completor->head.complete = usbctlx_cmd_completor_fn;
807         completor->cmdresp = cmdresp;
808         completor->result = result;
809         return &(completor->head);
810 }
811
812 /*----------------------------------------------------------------
813 * Completor object:
814 * This completor must be passed to hfa384x_usbctlx_complete_sync()
815 * when processing a CTLX that reads a RID.
816 ----------------------------------------------------------------*/
817 struct usbctlx_rrid_completor
818 {
819         usbctlx_completor_t     head;
820
821         const hfa384x_usb_rridresp_t    *rridresp;
822         void                    *riddata;
823         unsigned int                    riddatalen;
824 };
825 typedef struct usbctlx_rrid_completor usbctlx_rrid_completor_t;
826
827 static int usbctlx_rrid_completor_fn(usbctlx_completor_t *head)
828 {
829         usbctlx_rrid_completor_t *complete = (usbctlx_rrid_completor_t*)head;
830         hfa384x_rridresult_t rridresult;
831
832         usbctlx_get_rridresult(complete->rridresp, &rridresult);
833
834         /* Validate the length, note body len calculation in bytes */
835         if ( rridresult.riddata_len != complete->riddatalen ) {
836                 WLAN_LOG_WARNING(
837                         "RID len mismatch, rid=0x%04x hlen=%d fwlen=%d\n",
838                         rridresult.rid,
839                         complete->riddatalen,
840                         rridresult.riddata_len);
841                 return -ENODATA;
842         }
843
844         memcpy(complete->riddata,
845                rridresult.riddata,
846                complete->riddatalen);
847         return 0;
848 }
849
850 static inline usbctlx_completor_t*
851 init_rrid_completor(usbctlx_rrid_completor_t *completor,
852                     const hfa384x_usb_rridresp_t *rridresp,
853                     void *riddata,
854                     unsigned int riddatalen)
855 {
856         completor->head.complete = usbctlx_rrid_completor_fn;
857         completor->rridresp = rridresp;
858         completor->riddata = riddata;
859         completor->riddatalen = riddatalen;
860         return &(completor->head);
861 }
862
863 /*----------------------------------------------------------------
864 * Completor object:
865 * Interprets the results of a synchronous RID-write
866 ----------------------------------------------------------------*/
867 typedef usbctlx_cmd_completor_t usbctlx_wrid_completor_t;
868 #define init_wrid_completor  init_cmd_completor
869
870 /*----------------------------------------------------------------
871 * Completor object:
872 * Interprets the results of a synchronous memory-write
873 ----------------------------------------------------------------*/
874 typedef usbctlx_cmd_completor_t usbctlx_wmem_completor_t;
875 #define init_wmem_completor  init_cmd_completor
876
877 /*----------------------------------------------------------------
878 * Completor object:
879 * Interprets the results of a synchronous memory-read
880 ----------------------------------------------------------------*/
881 struct usbctlx_rmem_completor
882 {
883         usbctlx_completor_t           head;
884
885         const hfa384x_usb_rmemresp_t  *rmemresp;
886         void                          *data;
887         unsigned int                          len;
888 };
889 typedef struct usbctlx_rmem_completor usbctlx_rmem_completor_t;
890
891 static int usbctlx_rmem_completor_fn(usbctlx_completor_t *head)
892 {
893         usbctlx_rmem_completor_t *complete = (usbctlx_rmem_completor_t*)head;
894
895         WLAN_LOG_DEBUG(4,"rmemresp:len=%d\n", complete->rmemresp->frmlen);
896         memcpy(complete->data, complete->rmemresp->data, complete->len);
897         return 0;
898 }
899
900 static inline usbctlx_completor_t*
901 init_rmem_completor(usbctlx_rmem_completor_t *completor,
902                     hfa384x_usb_rmemresp_t *rmemresp,
903                     void *data,
904                     unsigned int len)
905 {
906         completor->head.complete = usbctlx_rmem_completor_fn;
907         completor->rmemresp = rmemresp;
908         completor->data = data;
909         completor->len = len;
910         return &(completor->head);
911 }
912
913 /*----------------------------------------------------------------
914 * hfa384x_cb_status
915 *
916 * Ctlx_complete handler for async CMD type control exchanges.
917 * mark the hw struct as such.
918 *
919 * Note: If the handling is changed here, it should probably be
920 *       changed in docmd as well.
921 *
922 * Arguments:
923 *       hw              hw struct
924 *       ctlx            completed CTLX
925 *
926 * Returns:
927 *       nothing
928 *
929 * Side effects:
930 *
931 * Call context:
932 *       interrupt
933 ----------------------------------------------------------------*/
934 static void
935 hfa384x_cb_status(hfa384x_t *hw, const hfa384x_usbctlx_t *ctlx)
936 {
937         DBFENTER;
938
939         if ( ctlx->usercb != NULL ) {
940                 hfa384x_cmdresult_t cmdresult;
941
942                 if (ctlx->state != CTLX_COMPLETE) {
943                         memset(&cmdresult, 0, sizeof(cmdresult));
944                         cmdresult.status = HFA384x_STATUS_RESULT_SET(HFA384x_CMD_ERR);
945                 } else {
946                         usbctlx_get_status(&ctlx->inbuf.cmdresp, &cmdresult);
947                 }
948
949                 ctlx->usercb(hw, &cmdresult, ctlx->usercb_data);
950         }
951
952         DBFEXIT;
953 }
954
955
956 /*----------------------------------------------------------------
957 * hfa384x_cb_rrid
958 *
959 * CTLX completion handler for async RRID type control exchanges.
960 *
961 * Note: If the handling is changed here, it should probably be
962 *       changed in dorrid as well.
963 *
964 * Arguments:
965 *       hw              hw struct
966 *       ctlx            completed CTLX
967 *
968 * Returns:
969 *       nothing
970 *
971 * Side effects:
972 *
973 * Call context:
974 *       interrupt
975 ----------------------------------------------------------------*/
976 static void
977 hfa384x_cb_rrid(hfa384x_t *hw, const hfa384x_usbctlx_t *ctlx)
978 {
979         DBFENTER;
980
981         if ( ctlx->usercb != NULL ) {
982                 hfa384x_rridresult_t rridresult;
983
984                 if (ctlx->state != CTLX_COMPLETE) {
985                         memset(&rridresult, 0, sizeof(rridresult));
986                         rridresult.rid = hfa384x2host_16(ctlx->outbuf.rridreq.rid);
987                 } else {
988                         usbctlx_get_rridresult(&ctlx->inbuf.rridresp, &rridresult);
989                 }
990
991                 ctlx->usercb(hw, &rridresult, ctlx->usercb_data);
992         }
993
994         DBFEXIT;
995 }
996
997 static inline int
998 hfa384x_docmd_wait(hfa384x_t *hw, hfa384x_metacmd_t *cmd)
999 {
1000         return hfa384x_docmd(hw, DOWAIT, cmd, NULL, NULL, NULL);
1001 }
1002
1003 static inline int
1004 hfa384x_docmd_async(hfa384x_t *hw,
1005                     hfa384x_metacmd_t *cmd,
1006                     ctlx_cmdcb_t cmdcb,
1007                     ctlx_usercb_t usercb,
1008                     void *usercb_data)
1009 {
1010         return hfa384x_docmd(hw, DOASYNC, cmd,
1011                                 cmdcb, usercb, usercb_data);
1012 }
1013
1014 static inline int
1015 hfa384x_dorrid_wait(hfa384x_t *hw, u16 rid, void *riddata, unsigned int riddatalen)
1016 {
1017         return hfa384x_dorrid(hw, DOWAIT,
1018                               rid, riddata, riddatalen,
1019                               NULL, NULL, NULL);
1020 }
1021
1022 static inline int
1023 hfa384x_dorrid_async(hfa384x_t *hw,
1024                      u16 rid, void *riddata, unsigned int riddatalen,
1025                      ctlx_cmdcb_t cmdcb,
1026                      ctlx_usercb_t usercb,
1027                      void *usercb_data)
1028 {
1029         return hfa384x_dorrid(hw, DOASYNC,
1030                               rid, riddata, riddatalen,
1031                               cmdcb, usercb, usercb_data);
1032 }
1033
1034 static inline int
1035 hfa384x_dowrid_wait(hfa384x_t *hw, u16 rid, void *riddata, unsigned int riddatalen)
1036 {
1037         return hfa384x_dowrid(hw, DOWAIT,
1038                               rid, riddata, riddatalen,
1039                               NULL, NULL, NULL);
1040 }
1041
1042 static inline int
1043 hfa384x_dowrid_async(hfa384x_t *hw,
1044                      u16 rid, void *riddata, unsigned int riddatalen,
1045                      ctlx_cmdcb_t cmdcb,
1046                      ctlx_usercb_t usercb,
1047                      void *usercb_data)
1048 {
1049         return hfa384x_dowrid(hw, DOASYNC,
1050                               rid, riddata, riddatalen,
1051                               cmdcb, usercb, usercb_data);
1052 }
1053
1054 static inline int
1055 hfa384x_dormem_wait(hfa384x_t *hw,
1056                     u16 page, u16 offset, void *data, unsigned int len)
1057 {
1058         return hfa384x_dormem(hw, DOWAIT,
1059                               page, offset, data, len,
1060                               NULL, NULL, NULL);
1061 }
1062
1063 static inline int
1064 hfa384x_dormem_async(hfa384x_t *hw,
1065                      u16 page, u16 offset, void *data, unsigned int len,
1066                      ctlx_cmdcb_t cmdcb,
1067                      ctlx_usercb_t usercb,
1068                      void *usercb_data)
1069 {
1070         return hfa384x_dormem(hw, DOASYNC,
1071                               page, offset, data, len,
1072                               cmdcb, usercb, usercb_data);
1073 }
1074
1075 static inline int
1076 hfa384x_dowmem_wait(
1077         hfa384x_t *hw,
1078         u16  page,
1079         u16  offset,
1080         void    *data,
1081         unsigned int    len)
1082 {
1083         return hfa384x_dowmem(hw, DOWAIT,
1084                                   page, offset, data, len,
1085                                   NULL, NULL, NULL);
1086 }
1087
1088 static inline int
1089 hfa384x_dowmem_async(
1090         hfa384x_t *hw,
1091         u16  page,
1092         u16  offset,
1093         void    *data,
1094         unsigned int    len,
1095         ctlx_cmdcb_t cmdcb,
1096         ctlx_usercb_t usercb,
1097         void    *usercb_data)
1098 {
1099         return hfa384x_dowmem(hw, DOASYNC,
1100                                   page, offset, data, len,
1101                                   cmdcb, usercb, usercb_data);
1102 }
1103
1104 /*----------------------------------------------------------------
1105 * hfa384x_cmd_initialize
1106 *
1107 * Issues the initialize command and sets the hw->state based
1108 * on the result.
1109 *
1110 * Arguments:
1111 *       hw              device structure
1112 *
1113 * Returns:
1114 *       0               success
1115 *       >0              f/w reported error - f/w status code
1116 *       <0              driver reported error
1117 *
1118 * Side effects:
1119 *
1120 * Call context:
1121 *       process
1122 ----------------------------------------------------------------*/
1123 int
1124 hfa384x_cmd_initialize(hfa384x_t *hw)
1125 {
1126         int     result = 0;
1127         int     i;
1128         hfa384x_metacmd_t cmd;
1129
1130         DBFENTER;
1131
1132
1133         cmd.cmd = HFA384x_CMDCODE_INIT;
1134         cmd.parm0 = 0;
1135         cmd.parm1 = 0;
1136         cmd.parm2 = 0;
1137
1138         result = hfa384x_docmd_wait(hw, &cmd);
1139
1140
1141         WLAN_LOG_DEBUG(3,"cmdresp.init: "
1142                 "status=0x%04x, resp0=0x%04x, "
1143                 "resp1=0x%04x, resp2=0x%04x\n",
1144                 cmd.result.status,
1145                 cmd.result.resp0,
1146                 cmd.result.resp1,
1147                 cmd.result.resp2);
1148         if ( result == 0 ) {
1149                 for ( i = 0; i < HFA384x_NUMPORTS_MAX; i++) {
1150                         hw->port_enabled[i] = 0;
1151                 }
1152         }
1153
1154         hw->link_status = HFA384x_LINK_NOTCONNECTED;
1155
1156         DBFEXIT;
1157         return result;
1158 }
1159
1160
1161 /*----------------------------------------------------------------
1162 * hfa384x_cmd_disable
1163 *
1164 * Issues the disable command to stop communications on one of
1165 * the MACs 'ports'.
1166 *
1167 * Arguments:
1168 *       hw              device structure
1169 *       macport         MAC port number (host order)
1170 *
1171 * Returns:
1172 *       0               success
1173 *       >0              f/w reported failure - f/w status code
1174 *       <0              driver reported error (timeout|bad arg)
1175 *
1176 * Side effects:
1177 *
1178 * Call context:
1179 *       process
1180 ----------------------------------------------------------------*/
1181 int hfa384x_cmd_disable(hfa384x_t *hw, u16 macport)
1182 {
1183         int     result = 0;
1184         hfa384x_metacmd_t cmd;
1185
1186         DBFENTER;
1187
1188         cmd.cmd = HFA384x_CMD_CMDCODE_SET(HFA384x_CMDCODE_DISABLE) |
1189                   HFA384x_CMD_MACPORT_SET(macport);
1190         cmd.parm0 = 0;
1191         cmd.parm1 = 0;
1192         cmd.parm2 = 0;
1193
1194         result = hfa384x_docmd_wait(hw, &cmd);
1195
1196         DBFEXIT;
1197         return result;
1198 }
1199
1200
1201 /*----------------------------------------------------------------
1202 * hfa384x_cmd_enable
1203 *
1204 * Issues the enable command to enable communications on one of
1205 * the MACs 'ports'.
1206 *
1207 * Arguments:
1208 *       hw              device structure
1209 *       macport         MAC port number
1210 *
1211 * Returns:
1212 *       0               success
1213 *       >0              f/w reported failure - f/w status code
1214 *       <0              driver reported error (timeout|bad arg)
1215 *
1216 * Side effects:
1217 *
1218 * Call context:
1219 *       process
1220 ----------------------------------------------------------------*/
1221 int hfa384x_cmd_enable(hfa384x_t *hw, u16 macport)
1222 {
1223         int     result = 0;
1224         hfa384x_metacmd_t cmd;
1225
1226         DBFENTER;
1227
1228         cmd.cmd = HFA384x_CMD_CMDCODE_SET(HFA384x_CMDCODE_ENABLE) |
1229                   HFA384x_CMD_MACPORT_SET(macport);
1230         cmd.parm0 = 0;
1231         cmd.parm1 = 0;
1232         cmd.parm2 = 0;
1233
1234         result = hfa384x_docmd_wait(hw, &cmd);
1235
1236         DBFEXIT;
1237         return result;
1238 }
1239
1240 /*----------------------------------------------------------------
1241 * hfa384x_cmd_monitor
1242 *
1243 * Enables the 'monitor mode' of the MAC.  Here's the description of
1244 * monitor mode that I've received thus far:
1245 *
1246 *  "The "monitor mode" of operation is that the MAC passes all
1247 *  frames for which the PLCP checks are correct. All received
1248 *  MPDUs are passed to the host with MAC Port = 7, with a
1249 *  receive status of good, FCS error, or undecryptable. Passing
1250 *  certain MPDUs is a violation of the 802.11 standard, but useful
1251 *  for a debugging tool."  Normal communication is not possible
1252 *  while monitor mode is enabled.
1253 *
1254 * Arguments:
1255 *       hw              device structure
1256 *       enable          a code (0x0b|0x0f) that enables/disables
1257 *                       monitor mode. (host order)
1258 *
1259 * Returns:
1260 *       0               success
1261 *       >0              f/w reported failure - f/w status code
1262 *       <0              driver reported error (timeout|bad arg)
1263 *
1264 * Side effects:
1265 *
1266 * Call context:
1267 *       process
1268 ----------------------------------------------------------------*/
1269 int hfa384x_cmd_monitor(hfa384x_t *hw, u16 enable)
1270 {
1271         int     result = 0;
1272         hfa384x_metacmd_t cmd;
1273
1274         DBFENTER;
1275
1276         cmd.cmd = HFA384x_CMD_CMDCODE_SET(HFA384x_CMDCODE_MONITOR) |
1277                 HFA384x_CMD_AINFO_SET(enable);
1278         cmd.parm0 = 0;
1279         cmd.parm1 = 0;
1280         cmd.parm2 = 0;
1281
1282         result = hfa384x_docmd_wait(hw, &cmd);
1283
1284         DBFEXIT;
1285         return result;
1286 }
1287
1288
1289 /*----------------------------------------------------------------
1290 * hfa384x_cmd_download
1291 *
1292 * Sets the controls for the MAC controller code/data download
1293 * process.  The arguments set the mode and address associated
1294 * with a download.  Note that the aux registers should be enabled
1295 * prior to setting one of the download enable modes.
1296 *
1297 * Arguments:
1298 *       hw              device structure
1299 *       mode            0 - Disable programming and begin code exec
1300 *                       1 - Enable volatile mem programming
1301 *                       2 - Enable non-volatile mem programming
1302 *                       3 - Program non-volatile section from NV download
1303 *                           buffer.
1304 *                       (host order)
1305 *       lowaddr
1306 *       highaddr        For mode 1, sets the high & low order bits of
1307 *                       the "destination address".  This address will be
1308 *                       the execution start address when download is
1309 *                       subsequently disabled.
1310 *                       For mode 2, sets the high & low order bits of
1311 *                       the destination in NV ram.
1312 *                       For modes 0 & 3, should be zero. (host order)
1313 *                       NOTE: these are CMD format.
1314 *       codelen         Length of the data to write in mode 2,
1315 *                       zero otherwise. (host order)
1316 *
1317 * Returns:
1318 *       0               success
1319 *       >0              f/w reported failure - f/w status code
1320 *       <0              driver reported error (timeout|bad arg)
1321 *
1322 * Side effects:
1323 *
1324 * Call context:
1325 *       process
1326 ----------------------------------------------------------------*/
1327 int hfa384x_cmd_download(hfa384x_t *hw, u16 mode, u16 lowaddr,
1328                                 u16 highaddr, u16 codelen)
1329 {
1330         int     result = 0;
1331         hfa384x_metacmd_t cmd;
1332
1333         DBFENTER;
1334         WLAN_LOG_DEBUG(5,
1335                 "mode=%d, lowaddr=0x%04x, highaddr=0x%04x, codelen=%d\n",
1336                 mode, lowaddr, highaddr, codelen);
1337
1338         cmd.cmd = (HFA384x_CMD_CMDCODE_SET(HFA384x_CMDCODE_DOWNLD) |
1339                    HFA384x_CMD_PROGMODE_SET(mode));
1340
1341         cmd.parm0 = lowaddr;
1342         cmd.parm1 = highaddr;
1343         cmd.parm2 = codelen;
1344
1345         result = hfa384x_docmd_wait(hw, &cmd);
1346
1347         DBFEXIT;
1348         return result;
1349 }
1350
1351
1352 /*----------------------------------------------------------------
1353 * hfa384x_copy_from_aux
1354 *
1355 * Copies a collection of bytes from the controller memory.  The
1356 * Auxiliary port MUST be enabled prior to calling this function.
1357 * We _might_ be in a download state.
1358 *
1359 * Arguments:
1360 *       hw              device structure
1361 *       cardaddr        address in hfa384x data space to read
1362 *       auxctl          address space select
1363 *       buf             ptr to destination host buffer
1364 *       len             length of data to transfer (in bytes)
1365 *
1366 * Returns:
1367 *       nothing
1368 *
1369 * Side effects:
1370 *       buf contains the data copied
1371 *
1372 * Call context:
1373 *       process
1374 *       interrupt
1375 ----------------------------------------------------------------*/
1376 void
1377 hfa384x_copy_from_aux(
1378         hfa384x_t *hw, u32 cardaddr, u32 auxctl, void *buf, unsigned int len)
1379 {
1380         DBFENTER;
1381         WLAN_LOG_ERROR("not used in USB.\n");
1382         DBFEXIT;
1383 }
1384
1385
1386 /*----------------------------------------------------------------
1387 * hfa384x_copy_to_aux
1388 *
1389 * Copies a collection of bytes to the controller memory.  The
1390 * Auxiliary port MUST be enabled prior to calling this function.
1391 * We _might_ be in a download state.
1392 *
1393 * Arguments:
1394 *       hw              device structure
1395 *       cardaddr        address in hfa384x data space to read
1396 *       auxctl          address space select
1397 *       buf             ptr to destination host buffer
1398 *       len             length of data to transfer (in bytes)
1399 *
1400 * Returns:
1401 *       nothing
1402 *
1403 * Side effects:
1404 *       Controller memory now contains a copy of buf
1405 *
1406 * Call context:
1407 *       process
1408 *       interrupt
1409 ----------------------------------------------------------------*/
1410 void
1411 hfa384x_copy_to_aux(
1412         hfa384x_t *hw, u32 cardaddr, u32 auxctl, void *buf, unsigned int len)
1413 {
1414         DBFENTER;
1415         WLAN_LOG_ERROR("not used in USB.\n");
1416         DBFEXIT;
1417 }
1418
1419
1420 /*----------------------------------------------------------------
1421 * hfa384x_corereset
1422 *
1423 * Perform a reset of the hfa38xx MAC core.  We assume that the hw
1424 * structure is in its "created" state.  That is, it is initialized
1425 * with proper values.  Note that if a reset is done after the
1426 * device has been active for awhile, the caller might have to clean
1427 * up some leftover cruft in the hw structure.
1428 *
1429 * Arguments:
1430 *       hw              device structure
1431 *       holdtime        how long (in ms) to hold the reset
1432 *       settletime      how long (in ms) to wait after releasing
1433 *                       the reset
1434 *
1435 * Returns:
1436 *       nothing
1437 *
1438 * Side effects:
1439 *
1440 * Call context:
1441 *       process
1442 ----------------------------------------------------------------*/
1443 int hfa384x_corereset(hfa384x_t *hw, int holdtime, int settletime, int genesis)
1444 {
1445         int                     result = 0;
1446
1447         DBFENTER;
1448
1449         result=usb_reset_device(hw->usb);
1450         if(result<0) {
1451                 WLAN_LOG_ERROR("usb_reset_device() failed, result=%d.\n",result);
1452         }
1453
1454         DBFEXIT;
1455         return result;
1456 }
1457
1458
1459 /*----------------------------------------------------------------
1460 * hfa384x_usbctlx_complete_sync
1461 *
1462 * Waits for a synchronous CTLX object to complete,
1463 * and then handles the response.
1464 *
1465 * Arguments:
1466 *       hw              device structure
1467 *       ctlx            CTLX ptr
1468 *       completor       functor object to decide what to
1469 *                       do with the CTLX's result.
1470 *
1471 * Returns:
1472 *       0               Success
1473 *       -ERESTARTSYS    Interrupted by a signal
1474 *       -EIO            CTLX failed
1475 *       -ENODEV         Adapter was unplugged
1476 *       ???             Result from completor
1477 *
1478 * Side effects:
1479 *
1480 * Call context:
1481 *       process
1482 ----------------------------------------------------------------*/
1483 static int hfa384x_usbctlx_complete_sync(hfa384x_t *hw,
1484                                          hfa384x_usbctlx_t *ctlx,
1485                                          usbctlx_completor_t *completor)
1486 {
1487         unsigned long flags;
1488         int result;
1489
1490         DBFENTER;
1491
1492         result = wait_for_completion_interruptible(&ctlx->done);
1493
1494         spin_lock_irqsave(&hw->ctlxq.lock, flags);
1495
1496         /*
1497          * We can only handle the CTLX if the USB disconnect
1498          * function has not run yet ...
1499          */
1500         cleanup:
1501         if ( hw->wlandev->hwremoved )
1502         {
1503                 spin_unlock_irqrestore(&hw->ctlxq.lock, flags);
1504                 result = -ENODEV;
1505         }
1506         else if ( result != 0 )
1507         {
1508                 int runqueue = 0;
1509
1510                 /*
1511                  * We were probably interrupted, so delete
1512                  * this CTLX asynchronously, kill the timers
1513                  * and the URB, and then start the next
1514                  * pending CTLX.
1515                  *
1516                  * NOTE: We can only delete the timers and
1517                  *       the URB if this CTLX is active.
1518                  */
1519                 if (ctlx == get_active_ctlx(hw))
1520                 {
1521                         spin_unlock_irqrestore(&hw->ctlxq.lock, flags);
1522
1523                         del_singleshot_timer_sync(&hw->reqtimer);
1524                         del_singleshot_timer_sync(&hw->resptimer);
1525                         hw->req_timer_done = 1;
1526                         hw->resp_timer_done = 1;
1527                         usb_kill_urb(&hw->ctlx_urb);
1528
1529                         spin_lock_irqsave(&hw->ctlxq.lock, flags);
1530
1531                         runqueue = 1;
1532
1533                         /*
1534                          * This scenario is so unlikely that I'm
1535                          * happy with a grubby "goto" solution ...
1536                          */
1537                         if ( hw->wlandev->hwremoved )
1538                                 goto cleanup;
1539                 }
1540
1541                 /*
1542                  * The completion task will send this CTLX
1543                  * to the reaper the next time it runs. We
1544                  * are no longer in a hurry.
1545                  */
1546                 ctlx->reapable = 1;
1547                 ctlx->state = CTLX_REQ_FAILED;
1548                 list_move_tail(&ctlx->list, &hw->ctlxq.completing);
1549
1550                 spin_unlock_irqrestore(&hw->ctlxq.lock, flags);
1551
1552                 if (runqueue)
1553                         hfa384x_usbctlxq_run(hw);
1554         } else {
1555                 if (ctlx->state == CTLX_COMPLETE) {
1556                         result = completor->complete(completor);
1557                 } else {
1558                         WLAN_LOG_WARNING("CTLX[%d] error: state(%s)\n",
1559                                          hfa384x2host_16(ctlx->outbuf.type),
1560                                          ctlxstr(ctlx->state));
1561                         result = -EIO;
1562                 }
1563
1564                 list_del(&ctlx->list);
1565                 spin_unlock_irqrestore(&hw->ctlxq.lock, flags);
1566                 kfree(ctlx);
1567         }
1568
1569         DBFEXIT;
1570         return result;
1571 }
1572
1573 /*----------------------------------------------------------------
1574 * hfa384x_docmd
1575 *
1576 * Constructs a command CTLX and submits it.
1577 *
1578 * NOTE: Any changes to the 'post-submit' code in this function
1579 *       need to be carried over to hfa384x_cbcmd() since the handling
1580 *       is virtually identical.
1581 *
1582 * Arguments:
1583 *       hw              device structure
1584 *       mode            DOWAIT or DOASYNC
1585 *       cmd             cmd structure.  Includes all arguments and result
1586 *                       data points.  All in host order. in host order
1587 *       cmdcb           command-specific callback
1588 *       usercb          user callback for async calls, NULL for DOWAIT calls
1589 *       usercb_data     user supplied data pointer for async calls, NULL
1590 *                       for DOASYNC calls
1591 *
1592 * Returns:
1593 *       0               success
1594 *       -EIO            CTLX failure
1595 *       -ERESTARTSYS    Awakened on signal
1596 *       >0              command indicated error, Status and Resp0-2 are
1597 *                       in hw structure.
1598 *
1599 * Side effects:
1600 *
1601 *
1602 * Call context:
1603 *       process
1604 ----------------------------------------------------------------*/
1605 static int
1606 hfa384x_docmd(
1607         hfa384x_t *hw,
1608         CMD_MODE mode,
1609         hfa384x_metacmd_t *cmd,
1610         ctlx_cmdcb_t    cmdcb,
1611         ctlx_usercb_t   usercb,
1612         void    *usercb_data)
1613 {
1614         int                     result;
1615         hfa384x_usbctlx_t       *ctlx;
1616
1617         DBFENTER;
1618         ctlx = usbctlx_alloc();
1619         if ( ctlx == NULL ) {
1620                 result = -ENOMEM;
1621                 goto done;
1622         }
1623
1624         /* Initialize the command */
1625         ctlx->outbuf.cmdreq.type =      host2hfa384x_16(HFA384x_USB_CMDREQ);
1626         ctlx->outbuf.cmdreq.cmd =       host2hfa384x_16(cmd->cmd);
1627         ctlx->outbuf.cmdreq.parm0 =     host2hfa384x_16(cmd->parm0);
1628         ctlx->outbuf.cmdreq.parm1 =     host2hfa384x_16(cmd->parm1);
1629         ctlx->outbuf.cmdreq.parm2 =     host2hfa384x_16(cmd->parm2);
1630
1631         ctlx->outbufsize = sizeof(ctlx->outbuf.cmdreq);
1632
1633         WLAN_LOG_DEBUG(4, "cmdreq: cmd=0x%04x "
1634                 "parm0=0x%04x parm1=0x%04x parm2=0x%04x\n",
1635                 cmd->cmd,
1636                 cmd->parm0,
1637                 cmd->parm1,
1638                 cmd->parm2);
1639
1640         ctlx->reapable = mode;
1641         ctlx->cmdcb = cmdcb;
1642         ctlx->usercb = usercb;
1643         ctlx->usercb_data = usercb_data;
1644
1645         result = hfa384x_usbctlx_submit(hw, ctlx);
1646         if (result != 0) {
1647                 kfree(ctlx);
1648         } else if (mode == DOWAIT) {
1649                 usbctlx_cmd_completor_t completor;
1650
1651                 result = hfa384x_usbctlx_complete_sync(
1652                              hw, ctlx, init_cmd_completor(&completor,
1653                                                           &ctlx->inbuf.cmdresp,
1654                                                           &cmd->result) );
1655         }
1656
1657 done:
1658         DBFEXIT;
1659         return result;
1660 }
1661
1662
1663 /*----------------------------------------------------------------
1664 * hfa384x_dorrid
1665 *
1666 * Constructs a read rid CTLX and issues it.
1667 *
1668 * NOTE: Any changes to the 'post-submit' code in this function
1669 *       need to be carried over to hfa384x_cbrrid() since the handling
1670 *       is virtually identical.
1671 *
1672 * Arguments:
1673 *       hw              device structure
1674 *       mode            DOWAIT or DOASYNC
1675 *       rid             Read RID number (host order)
1676 *       riddata         Caller supplied buffer that MAC formatted RID.data
1677 *                       record will be written to for DOWAIT calls. Should
1678 *                       be NULL for DOASYNC calls.
1679 *       riddatalen      Buffer length for DOWAIT calls. Zero for DOASYNC calls.
1680 *       cmdcb           command callback for async calls, NULL for DOWAIT calls
1681 *       usercb          user callback for async calls, NULL for DOWAIT calls
1682 *       usercb_data     user supplied data pointer for async calls, NULL
1683 *                       for DOWAIT calls
1684 *
1685 * Returns:
1686 *       0               success
1687 *       -EIO            CTLX failure
1688 *       -ERESTARTSYS    Awakened on signal
1689 *       -ENODATA        riddatalen != macdatalen
1690 *       >0              command indicated error, Status and Resp0-2 are
1691 *                       in hw structure.
1692 *
1693 * Side effects:
1694 *
1695 * Call context:
1696 *       interrupt (DOASYNC)
1697 *       process (DOWAIT or DOASYNC)
1698 ----------------------------------------------------------------*/
1699 static int
1700 hfa384x_dorrid(
1701         hfa384x_t *hw,
1702         CMD_MODE mode,
1703         u16     rid,
1704         void    *riddata,
1705         unsigned int    riddatalen,
1706         ctlx_cmdcb_t cmdcb,
1707         ctlx_usercb_t usercb,
1708         void    *usercb_data)
1709 {
1710         int                     result;
1711         hfa384x_usbctlx_t       *ctlx;
1712
1713         DBFENTER;
1714         ctlx = usbctlx_alloc();
1715         if ( ctlx == NULL ) {
1716                 result = -ENOMEM;
1717                 goto done;
1718         }
1719
1720         /* Initialize the command */
1721         ctlx->outbuf.rridreq.type =   host2hfa384x_16(HFA384x_USB_RRIDREQ);
1722         ctlx->outbuf.rridreq.frmlen =
1723                 host2hfa384x_16(sizeof(ctlx->outbuf.rridreq.rid));
1724         ctlx->outbuf.rridreq.rid =    host2hfa384x_16(rid);
1725
1726         ctlx->outbufsize = sizeof(ctlx->outbuf.rridreq);
1727
1728         ctlx->reapable = mode;
1729         ctlx->cmdcb = cmdcb;
1730         ctlx->usercb = usercb;
1731         ctlx->usercb_data = usercb_data;
1732
1733         /* Submit the CTLX */
1734         result = hfa384x_usbctlx_submit(hw, ctlx);
1735         if (result != 0) {
1736                 kfree(ctlx);
1737         } else if (mode == DOWAIT) {
1738                 usbctlx_rrid_completor_t completor;
1739
1740                 result = hfa384x_usbctlx_complete_sync(
1741                            hw, ctlx, init_rrid_completor(&completor,
1742                                                          &ctlx->inbuf.rridresp,
1743                                                          riddata,
1744                                                          riddatalen) );
1745         }
1746
1747 done:
1748         DBFEXIT;
1749         return result;
1750 }
1751
1752
1753 /*----------------------------------------------------------------
1754 * hfa384x_dowrid
1755 *
1756 * Constructs a write rid CTLX and issues it.
1757 *
1758 * NOTE: Any changes to the 'post-submit' code in this function
1759 *       need to be carried over to hfa384x_cbwrid() since the handling
1760 *       is virtually identical.
1761 *
1762 * Arguments:
1763 *       hw              device structure
1764 *       CMD_MODE        DOWAIT or DOASYNC
1765 *       rid             RID code
1766 *       riddata         Data portion of RID formatted for MAC
1767 *       riddatalen      Length of the data portion in bytes
1768 *       cmdcb           command callback for async calls, NULL for DOWAIT calls
1769 *       usercb          user callback for async calls, NULL for DOWAIT calls
1770 *       usercb_data     user supplied data pointer for async calls
1771 *
1772 * Returns:
1773 *       0               success
1774 *       -ETIMEDOUT      timed out waiting for register ready or
1775 *                       command completion
1776 *       >0              command indicated error, Status and Resp0-2 are
1777 *                       in hw structure.
1778 *
1779 * Side effects:
1780 *
1781 * Call context:
1782 *       interrupt (DOASYNC)
1783 *       process (DOWAIT or DOASYNC)
1784 ----------------------------------------------------------------*/
1785 static int
1786 hfa384x_dowrid(
1787         hfa384x_t *hw,
1788         CMD_MODE mode,
1789         u16     rid,
1790         void    *riddata,
1791         unsigned int    riddatalen,
1792         ctlx_cmdcb_t cmdcb,
1793         ctlx_usercb_t usercb,
1794         void    *usercb_data)
1795 {
1796         int                     result;
1797         hfa384x_usbctlx_t       *ctlx;
1798
1799         DBFENTER;
1800         ctlx = usbctlx_alloc();
1801         if ( ctlx == NULL ) {
1802                 result = -ENOMEM;
1803                 goto done;
1804         }
1805
1806         /* Initialize the command */
1807         ctlx->outbuf.wridreq.type =   host2hfa384x_16(HFA384x_USB_WRIDREQ);
1808         ctlx->outbuf.wridreq.frmlen = host2hfa384x_16(
1809                                         (sizeof(ctlx->outbuf.wridreq.rid) +
1810                                         riddatalen + 1) / 2);
1811         ctlx->outbuf.wridreq.rid =    host2hfa384x_16(rid);
1812         memcpy(ctlx->outbuf.wridreq.data, riddata, riddatalen);
1813
1814         ctlx->outbufsize = sizeof(ctlx->outbuf.wridreq.type) +
1815                            sizeof(ctlx->outbuf.wridreq.frmlen) +
1816                            sizeof(ctlx->outbuf.wridreq.rid) +
1817                            riddatalen;
1818
1819         ctlx->reapable = mode;
1820         ctlx->cmdcb = cmdcb;
1821         ctlx->usercb = usercb;
1822         ctlx->usercb_data = usercb_data;
1823
1824         /* Submit the CTLX */
1825         result = hfa384x_usbctlx_submit(hw, ctlx);
1826         if (result != 0) {
1827                 kfree(ctlx);
1828         } else if (mode == DOWAIT) {
1829                 usbctlx_wrid_completor_t completor;
1830                 hfa384x_cmdresult_t wridresult;
1831
1832                 result = hfa384x_usbctlx_complete_sync(
1833                                hw,
1834                                ctlx,
1835                                init_wrid_completor(&completor,
1836                                                    &ctlx->inbuf.wridresp,
1837                                                    &wridresult) );
1838         }
1839
1840 done:
1841         DBFEXIT;
1842         return result;
1843 }
1844
1845 /*----------------------------------------------------------------
1846 * hfa384x_dormem
1847 *
1848 * Constructs a readmem CTLX and issues it.
1849 *
1850 * NOTE: Any changes to the 'post-submit' code in this function
1851 *       need to be carried over to hfa384x_cbrmem() since the handling
1852 *       is virtually identical.
1853 *
1854 * Arguments:
1855 *       hw              device structure
1856 *       mode            DOWAIT or DOASYNC
1857 *       page            MAC address space page (CMD format)
1858 *       offset          MAC address space offset
1859 *       data            Ptr to data buffer to receive read
1860 *       len             Length of the data to read (max == 2048)
1861 *       cmdcb           command callback for async calls, NULL for DOWAIT calls
1862 *       usercb          user callback for async calls, NULL for DOWAIT calls
1863 *       usercb_data     user supplied data pointer for async calls
1864 *
1865 * Returns:
1866 *       0               success
1867 *       -ETIMEDOUT      timed out waiting for register ready or
1868 *                       command completion
1869 *       >0              command indicated error, Status and Resp0-2 are
1870 *                       in hw structure.
1871 *
1872 * Side effects:
1873 *
1874 * Call context:
1875 *       interrupt (DOASYNC)
1876 *       process (DOWAIT or DOASYNC)
1877 ----------------------------------------------------------------*/
1878 static int
1879 hfa384x_dormem(
1880         hfa384x_t *hw,
1881         CMD_MODE mode,
1882         u16     page,
1883         u16     offset,
1884         void    *data,
1885         unsigned int    len,
1886         ctlx_cmdcb_t cmdcb,
1887         ctlx_usercb_t usercb,
1888         void    *usercb_data)
1889 {
1890         int                     result;
1891         hfa384x_usbctlx_t       *ctlx;
1892
1893         DBFENTER;
1894         ctlx = usbctlx_alloc();
1895         if ( ctlx == NULL ) {
1896                 result = -ENOMEM;
1897                 goto done;
1898         }
1899
1900         /* Initialize the command */
1901         ctlx->outbuf.rmemreq.type =    host2hfa384x_16(HFA384x_USB_RMEMREQ);
1902         ctlx->outbuf.rmemreq.frmlen =  host2hfa384x_16(
1903                                         sizeof(ctlx->outbuf.rmemreq.offset) +
1904                                         sizeof(ctlx->outbuf.rmemreq.page) +
1905                                         len);
1906         ctlx->outbuf.rmemreq.offset =   host2hfa384x_16(offset);
1907         ctlx->outbuf.rmemreq.page =     host2hfa384x_16(page);
1908
1909         ctlx->outbufsize = sizeof(ctlx->outbuf.rmemreq);
1910
1911         WLAN_LOG_DEBUG(4,
1912                 "type=0x%04x frmlen=%d offset=0x%04x page=0x%04x\n",
1913                 ctlx->outbuf.rmemreq.type,
1914                 ctlx->outbuf.rmemreq.frmlen,
1915                 ctlx->outbuf.rmemreq.offset,
1916                 ctlx->outbuf.rmemreq.page);
1917
1918         WLAN_LOG_DEBUG(4,"pktsize=%zd\n",
1919                 ROUNDUP64(sizeof(ctlx->outbuf.rmemreq)));
1920
1921         ctlx->reapable = mode;
1922         ctlx->cmdcb = cmdcb;
1923         ctlx->usercb = usercb;
1924         ctlx->usercb_data = usercb_data;
1925
1926         result = hfa384x_usbctlx_submit(hw, ctlx);
1927         if (result != 0) {
1928                 kfree(ctlx);
1929         } else if ( mode == DOWAIT ) {
1930                 usbctlx_rmem_completor_t completor;
1931
1932                 result = hfa384x_usbctlx_complete_sync(
1933                            hw, ctlx, init_rmem_completor(&completor,
1934                                                          &ctlx->inbuf.rmemresp,
1935                                                          data,
1936                                                          len) );
1937         }
1938
1939 done:
1940         DBFEXIT;
1941         return result;
1942 }
1943
1944
1945
1946 /*----------------------------------------------------------------
1947 * hfa384x_dowmem
1948 *
1949 * Constructs a writemem CTLX and issues it.
1950 *
1951 * NOTE: Any changes to the 'post-submit' code in this function
1952 *       need to be carried over to hfa384x_cbwmem() since the handling
1953 *       is virtually identical.
1954 *
1955 * Arguments:
1956 *       hw              device structure
1957 *       mode            DOWAIT or DOASYNC
1958 *       page            MAC address space page (CMD format)
1959 *       offset          MAC address space offset
1960 *       data            Ptr to data buffer containing write data
1961 *       len             Length of the data to read (max == 2048)
1962 *       cmdcb           command callback for async calls, NULL for DOWAIT calls
1963 *       usercb          user callback for async calls, NULL for DOWAIT calls
1964 *       usercb_data     user supplied data pointer for async calls.
1965 *
1966 * Returns:
1967 *       0               success
1968 *       -ETIMEDOUT      timed out waiting for register ready or
1969 *                       command completion
1970 *       >0              command indicated error, Status and Resp0-2 are
1971 *                       in hw structure.
1972 *
1973 * Side effects:
1974 *
1975 * Call context:
1976 *       interrupt (DOWAIT)
1977 *       process (DOWAIT or DOASYNC)
1978 ----------------------------------------------------------------*/
1979 static int
1980 hfa384x_dowmem(
1981         hfa384x_t *hw,
1982         CMD_MODE mode,
1983         u16     page,
1984         u16     offset,
1985         void    *data,
1986         unsigned int    len,
1987         ctlx_cmdcb_t cmdcb,
1988         ctlx_usercb_t usercb,
1989         void    *usercb_data)
1990 {
1991         int                     result;
1992         hfa384x_usbctlx_t       *ctlx;
1993
1994         DBFENTER;
1995         WLAN_LOG_DEBUG(5, "page=0x%04x offset=0x%04x len=%d\n",
1996                 page,offset,len);
1997
1998         ctlx = usbctlx_alloc();
1999         if ( ctlx == NULL ) {
2000                 result = -ENOMEM;
2001                 goto done;
2002         }
2003
2004         /* Initialize the command */
2005         ctlx->outbuf.wmemreq.type =   host2hfa384x_16(HFA384x_USB_WMEMREQ);
2006         ctlx->outbuf.wmemreq.frmlen = host2hfa384x_16(
2007                                         sizeof(ctlx->outbuf.wmemreq.offset) +
2008                                         sizeof(ctlx->outbuf.wmemreq.page) +
2009                                         len);
2010         ctlx->outbuf.wmemreq.offset = host2hfa384x_16(offset);
2011         ctlx->outbuf.wmemreq.page =   host2hfa384x_16(page);
2012         memcpy(ctlx->outbuf.wmemreq.data, data, len);
2013
2014         ctlx->outbufsize = sizeof(ctlx->outbuf.wmemreq.type) +
2015                            sizeof(ctlx->outbuf.wmemreq.frmlen) +
2016                            sizeof(ctlx->outbuf.wmemreq.offset) +
2017                            sizeof(ctlx->outbuf.wmemreq.page) +
2018                            len;
2019
2020         ctlx->reapable = mode;
2021         ctlx->cmdcb = cmdcb;
2022         ctlx->usercb = usercb;
2023         ctlx->usercb_data = usercb_data;
2024
2025         result = hfa384x_usbctlx_submit(hw, ctlx);
2026         if (result != 0) {
2027                 kfree(ctlx);
2028         } else if ( mode == DOWAIT ) {
2029                 usbctlx_wmem_completor_t completor;
2030                 hfa384x_cmdresult_t wmemresult;
2031
2032                 result = hfa384x_usbctlx_complete_sync(
2033                                hw,
2034                                ctlx,
2035                                init_wmem_completor(&completor,
2036                                                    &ctlx->inbuf.wmemresp,
2037                                                    &wmemresult) );
2038         }
2039
2040 done:
2041         DBFEXIT;
2042         return result;
2043 }
2044
2045
2046 /*----------------------------------------------------------------
2047 * hfa384x_drvr_commtallies
2048 *
2049 * Send a commtallies inquiry to the MAC.  Note that this is an async
2050 * call that will result in an info frame arriving sometime later.
2051 *
2052 * Arguments:
2053 *       hw              device structure
2054 *
2055 * Returns:
2056 *       zero            success.
2057 *
2058 * Side effects:
2059 *
2060 * Call context:
2061 *       process
2062 ----------------------------------------------------------------*/
2063 int hfa384x_drvr_commtallies( hfa384x_t *hw )
2064 {
2065         hfa384x_metacmd_t cmd;
2066
2067         DBFENTER;
2068
2069         cmd.cmd = HFA384x_CMDCODE_INQ;
2070         cmd.parm0 = HFA384x_IT_COMMTALLIES;
2071         cmd.parm1 = 0;
2072         cmd.parm2 = 0;
2073
2074         hfa384x_docmd_async(hw, &cmd, NULL, NULL, NULL);
2075
2076         DBFEXIT;
2077         return 0;
2078 }
2079
2080
2081 /*----------------------------------------------------------------
2082 * hfa384x_drvr_disable
2083 *
2084 * Issues the disable command to stop communications on one of
2085 * the MACs 'ports'.  Only macport 0 is valid  for stations.
2086 * APs may also disable macports 1-6.  Only ports that have been
2087 * previously enabled may be disabled.
2088 *
2089 * Arguments:
2090 *       hw              device structure
2091 *       macport         MAC port number (host order)
2092 *
2093 * Returns:
2094 *       0               success
2095 *       >0              f/w reported failure - f/w status code
2096 *       <0              driver reported error (timeout|bad arg)
2097 *
2098 * Side effects:
2099 *
2100 * Call context:
2101 *       process
2102 ----------------------------------------------------------------*/
2103 int hfa384x_drvr_disable(hfa384x_t *hw, u16 macport)
2104 {
2105         int     result = 0;
2106
2107         DBFENTER;
2108         if ((!hw->isap && macport != 0) ||
2109             (hw->isap && !(macport <= HFA384x_PORTID_MAX)) ||
2110             !(hw->port_enabled[macport]) ){
2111                 result = -EINVAL;
2112         } else {
2113                 result = hfa384x_cmd_disable(hw, macport);
2114                 if ( result == 0 ) {
2115                         hw->port_enabled[macport] = 0;
2116                 }
2117         }
2118         DBFEXIT;
2119         return result;
2120 }
2121
2122
2123 /*----------------------------------------------------------------
2124 * hfa384x_drvr_enable
2125 *
2126 * Issues the enable command to enable communications on one of
2127 * the MACs 'ports'.  Only macport 0 is valid  for stations.
2128 * APs may also enable macports 1-6.  Only ports that are currently
2129 * disabled may be enabled.
2130 *
2131 * Arguments:
2132 *       hw              device structure
2133 *       macport         MAC port number
2134 *
2135 * Returns:
2136 *       0               success
2137 *       >0              f/w reported failure - f/w status code
2138 *       <0              driver reported error (timeout|bad arg)
2139 *
2140 * Side effects:
2141 *
2142 * Call context:
2143 *       process
2144 ----------------------------------------------------------------*/
2145 int hfa384x_drvr_enable(hfa384x_t *hw, u16 macport)
2146 {
2147         int     result = 0;
2148
2149         DBFENTER;
2150         if ((!hw->isap && macport != 0) ||
2151             (hw->isap && !(macport <= HFA384x_PORTID_MAX)) ||
2152             (hw->port_enabled[macport]) ){
2153                 result = -EINVAL;
2154         } else {
2155                 result = hfa384x_cmd_enable(hw, macport);
2156                 if ( result == 0 ) {
2157                         hw->port_enabled[macport] = 1;
2158                 }
2159         }
2160         DBFEXIT;
2161         return result;
2162 }
2163
2164
2165 /*----------------------------------------------------------------
2166 * hfa384x_drvr_flashdl_enable
2167 *
2168 * Begins the flash download state.  Checks to see that we're not
2169 * already in a download state and that a port isn't enabled.
2170 * Sets the download state and retrieves the flash download
2171 * buffer location, buffer size, and timeout length.
2172 *
2173 * Arguments:
2174 *       hw              device structure
2175 *
2176 * Returns:
2177 *       0               success
2178 *       >0              f/w reported error - f/w status code
2179 *       <0              driver reported error
2180 *
2181 * Side effects:
2182 *
2183 * Call context:
2184 *       process
2185 ----------------------------------------------------------------*/
2186 int hfa384x_drvr_flashdl_enable(hfa384x_t *hw)
2187 {
2188         int             result = 0;
2189         int             i;
2190
2191         DBFENTER;
2192         /* Check that a port isn't active */
2193         for ( i = 0; i < HFA384x_PORTID_MAX; i++) {
2194                 if ( hw->port_enabled[i] ) {
2195                         WLAN_LOG_DEBUG(1,"called when port enabled.\n");
2196                         return -EINVAL;
2197                 }
2198         }
2199
2200         /* Check that we're not already in a download state */
2201         if ( hw->dlstate != HFA384x_DLSTATE_DISABLED ) {
2202                 return -EINVAL;
2203         }
2204
2205         /* Retrieve the buffer loc&size and timeout */
2206         if ( (result = hfa384x_drvr_getconfig(hw, HFA384x_RID_DOWNLOADBUFFER,
2207                                 &(hw->bufinfo), sizeof(hw->bufinfo))) ) {
2208                 return result;
2209         }
2210         hw->bufinfo.page = hfa384x2host_16(hw->bufinfo.page);
2211         hw->bufinfo.offset = hfa384x2host_16(hw->bufinfo.offset);
2212         hw->bufinfo.len = hfa384x2host_16(hw->bufinfo.len);
2213         if ( (result = hfa384x_drvr_getconfig16(hw, HFA384x_RID_MAXLOADTIME,
2214                                 &(hw->dltimeout))) ) {
2215                 return result;
2216         }
2217         hw->dltimeout = hfa384x2host_16(hw->dltimeout);
2218
2219         WLAN_LOG_DEBUG(1,"flashdl_enable\n");
2220
2221         hw->dlstate = HFA384x_DLSTATE_FLASHENABLED;
2222         DBFEXIT;
2223         return result;
2224 }
2225
2226
2227 /*----------------------------------------------------------------
2228 * hfa384x_drvr_flashdl_disable
2229 *
2230 * Ends the flash download state.  Note that this will cause the MAC
2231 * firmware to restart.
2232 *
2233 * Arguments:
2234 *       hw              device structure
2235 *
2236 * Returns:
2237 *       0               success
2238 *       >0              f/w reported error - f/w status code
2239 *       <0              driver reported error
2240 *
2241 * Side effects:
2242 *
2243 * Call context:
2244 *       process
2245 ----------------------------------------------------------------*/
2246 int hfa384x_drvr_flashdl_disable(hfa384x_t *hw)
2247 {
2248         DBFENTER;
2249         /* Check that we're already in the download state */
2250         if ( hw->dlstate != HFA384x_DLSTATE_FLASHENABLED ) {
2251                 return -EINVAL;
2252         }
2253
2254         WLAN_LOG_DEBUG(1,"flashdl_enable\n");
2255
2256         /* There isn't much we can do at this point, so I don't */
2257         /*  bother  w/ the return value */
2258         hfa384x_cmd_download(hw, HFA384x_PROGMODE_DISABLE, 0, 0 , 0);
2259         hw->dlstate = HFA384x_DLSTATE_DISABLED;
2260
2261         DBFEXIT;
2262         return 0;
2263 }
2264
2265
2266 /*----------------------------------------------------------------
2267 * hfa384x_drvr_flashdl_write
2268 *
2269 * Performs a FLASH download of a chunk of data. First checks to see
2270 * that we're in the FLASH download state, then sets the download
2271 * mode, uses the aux functions to 1) copy the data to the flash
2272 * buffer, 2) sets the download 'write flash' mode, 3) readback and
2273 * compare.  Lather rinse, repeat as many times an necessary to get
2274 * all the given data into flash.
2275 * When all data has been written using this function (possibly
2276 * repeatedly), call drvr_flashdl_disable() to end the download state
2277 * and restart the MAC.
2278 *
2279 * Arguments:
2280 *       hw              device structure
2281 *       daddr           Card address to write to. (host order)
2282 *       buf             Ptr to data to write.
2283 *       len             Length of data (host order).
2284 *
2285 * Returns:
2286 *       0               success
2287 *       >0              f/w reported error - f/w status code
2288 *       <0              driver reported error
2289 *
2290 * Side effects:
2291 *
2292 * Call context:
2293 *       process
2294 ----------------------------------------------------------------*/
2295 int
2296 hfa384x_drvr_flashdl_write(
2297         hfa384x_t       *hw,
2298         u32             daddr,
2299         void            *buf,
2300         u32             len)
2301 {
2302         int             result = 0;
2303         u32             dlbufaddr;
2304         int             nburns;
2305         u32             burnlen;
2306         u32             burndaddr;
2307         u16             burnlo;
2308         u16             burnhi;
2309         int             nwrites;
2310         u8              *writebuf;
2311         u16             writepage;
2312         u16             writeoffset;
2313         u32             writelen;
2314         int             i;
2315         int             j;
2316
2317         DBFENTER;
2318         WLAN_LOG_DEBUG(5,"daddr=0x%08x len=%d\n", daddr, len);
2319
2320         /* Check that we're in the flash download state */
2321         if ( hw->dlstate != HFA384x_DLSTATE_FLASHENABLED ) {
2322                 return -EINVAL;
2323         }
2324
2325         WLAN_LOG_INFO("Download %d bytes to flash @0x%06x\n", len, daddr);
2326
2327         /* Convert to flat address for arithmetic */
2328         /* NOTE: dlbuffer RID stores the address in AUX format */
2329         dlbufaddr = HFA384x_ADDR_AUX_MKFLAT(
2330                         hw->bufinfo.page, hw->bufinfo.offset);
2331         WLAN_LOG_DEBUG(5,
2332                 "dlbuf.page=0x%04x dlbuf.offset=0x%04x dlbufaddr=0x%08x\n",
2333                 hw->bufinfo.page, hw->bufinfo.offset, dlbufaddr);
2334
2335 #if 0
2336 WLAN_LOG_WARNING("dlbuf@0x%06lx len=%d to=%d\n", dlbufaddr, hw->bufinfo.len, hw->dltimeout);
2337 #endif
2338         /* Calculations to determine how many fills of the dlbuffer to do
2339          * and how many USB wmemreq's to do for each fill.  At this point
2340          * in time, the dlbuffer size and the wmemreq size are the same.
2341          * Therefore, nwrites should always be 1.  The extra complexity
2342          * here is a hedge against future changes.
2343          */
2344
2345         /* Figure out how many times to do the flash programming */
2346         nburns = len / hw->bufinfo.len;
2347         nburns += (len % hw->bufinfo.len) ? 1 : 0;
2348
2349         /* For each flash program cycle, how many USB wmemreq's are needed? */
2350         nwrites = hw->bufinfo.len / HFA384x_USB_RWMEM_MAXLEN;
2351         nwrites += (hw->bufinfo.len % HFA384x_USB_RWMEM_MAXLEN) ? 1 : 0;
2352
2353         /* For each burn */
2354         for ( i = 0; i < nburns; i++) {
2355                 /* Get the dest address and len */
2356                 burnlen = (len - (hw->bufinfo.len * i)) > hw->bufinfo.len ?
2357                                 hw->bufinfo.len :
2358                                 (len - (hw->bufinfo.len * i));
2359                 burndaddr = daddr + (hw->bufinfo.len * i);
2360                 burnlo = HFA384x_ADDR_CMD_MKOFF(burndaddr);
2361                 burnhi = HFA384x_ADDR_CMD_MKPAGE(burndaddr);
2362
2363                 WLAN_LOG_INFO("Writing %d bytes to flash @0x%06x\n",
2364                         burnlen, burndaddr);
2365
2366                 /* Set the download mode */
2367                 result = hfa384x_cmd_download(hw, HFA384x_PROGMODE_NV,
2368                                 burnlo, burnhi, burnlen);
2369                 if ( result ) {
2370                         WLAN_LOG_ERROR("download(NV,lo=%x,hi=%x,len=%x) "
2371                                 "cmd failed, result=%d. Aborting d/l\n",
2372                                 burnlo, burnhi, burnlen, result);
2373                         goto exit_proc;
2374                 }
2375
2376                 /* copy the data to the flash download buffer */
2377                 for ( j=0; j < nwrites; j++) {
2378                         writebuf = buf +
2379                                 (i*hw->bufinfo.len) +
2380                                 (j*HFA384x_USB_RWMEM_MAXLEN);
2381
2382                         writepage = HFA384x_ADDR_CMD_MKPAGE(
2383                                         dlbufaddr +
2384                                         (j*HFA384x_USB_RWMEM_MAXLEN));
2385                         writeoffset = HFA384x_ADDR_CMD_MKOFF(
2386                                         dlbufaddr +
2387                                         (j*HFA384x_USB_RWMEM_MAXLEN));
2388
2389                         writelen = burnlen-(j*HFA384x_USB_RWMEM_MAXLEN);
2390                         writelen = writelen  > HFA384x_USB_RWMEM_MAXLEN ?
2391                                         HFA384x_USB_RWMEM_MAXLEN :
2392                                         writelen;
2393
2394                         result = hfa384x_dowmem_wait( hw,
2395                                         writepage,
2396                                         writeoffset,
2397                                         writebuf,
2398                                         writelen );
2399 #if 0
2400
2401 Comment out for debugging, assume the write was successful.
2402                         if (result) {
2403                                 WLAN_LOG_ERROR(
2404                                         "Write to dl buffer failed, "
2405                                         "result=0x%04x. Aborting.\n",
2406                                         result);
2407                                 goto exit_proc;
2408                         }
2409 #endif
2410
2411                 }
2412
2413                 /* set the download 'write flash' mode */
2414                 result = hfa384x_cmd_download(hw,
2415                                 HFA384x_PROGMODE_NVWRITE,
2416                                 0,0,0);
2417                 if ( result ) {
2418                         WLAN_LOG_ERROR(
2419                                 "download(NVWRITE,lo=%x,hi=%x,len=%x) "
2420                                 "cmd failed, result=%d. Aborting d/l\n",
2421                                 burnlo, burnhi, burnlen, result);
2422                         goto exit_proc;
2423                 }
2424
2425                 /* TODO: We really should do a readback and compare. */
2426         }
2427
2428 exit_proc:
2429
2430         /* Leave the firmware in the 'post-prog' mode.  flashdl_disable will */
2431         /*  actually disable programming mode.  Remember, that will cause the */
2432         /*  the firmware to effectively reset itself. */
2433
2434         DBFEXIT;
2435         return result;
2436 }
2437
2438
2439 /*----------------------------------------------------------------
2440 * hfa384x_drvr_getconfig
2441 *
2442 * Performs the sequence necessary to read a config/info item.
2443 *
2444 * Arguments:
2445 *       hw              device structure
2446 *       rid             config/info record id (host order)
2447 *       buf             host side record buffer.  Upon return it will
2448 *                       contain the body portion of the record (minus the
2449 *                       RID and len).
2450 *       len             buffer length (in bytes, should match record length)
2451 *
2452 * Returns:
2453 *       0               success
2454 *       >0              f/w reported error - f/w status code
2455 *       <0              driver reported error
2456 *       -ENODATA        length mismatch between argument and retrieved
2457 *                       record.
2458 *
2459 * Side effects:
2460 *
2461 * Call context:
2462 *       process
2463 ----------------------------------------------------------------*/
2464 int hfa384x_drvr_getconfig(hfa384x_t *hw, u16 rid, void *buf, u16 len)
2465 {
2466         int                     result;
2467         DBFENTER;
2468
2469         result = hfa384x_dorrid_wait(hw, rid, buf, len);
2470
2471         DBFEXIT;
2472         return result;
2473 }
2474
2475 /*----------------------------------------------------------------
2476  * hfa384x_drvr_getconfig_async
2477  *
2478  * Performs the sequence necessary to perform an async read of
2479  * of a config/info item.
2480  *
2481  * Arguments:
2482  *       hw              device structure
2483  *       rid             config/info record id (host order)
2484  *       buf             host side record buffer.  Upon return it will
2485  *                       contain the body portion of the record (minus the
2486  *                       RID and len).
2487  *       len             buffer length (in bytes, should match record length)
2488  *       cbfn            caller supplied callback, called when the command
2489  *                       is done (successful or not).
2490  *       cbfndata        pointer to some caller supplied data that will be
2491  *                       passed in as an argument to the cbfn.
2492  *
2493  * Returns:
2494  *       nothing         the cbfn gets a status argument identifying if
2495  *                       any errors occur.
2496  * Side effects:
2497  *       Queues an hfa384x_usbcmd_t for subsequent execution.
2498  *
2499  * Call context:
2500  *       Any
2501  ----------------------------------------------------------------*/
2502 int
2503 hfa384x_drvr_getconfig_async(
2504          hfa384x_t               *hw,
2505          u16                  rid,
2506          ctlx_usercb_t           usercb,
2507          void                    *usercb_data)
2508 {
2509          return hfa384x_dorrid_async(hw, rid, NULL, 0,
2510                                      hfa384x_cb_rrid, usercb, usercb_data);
2511 }
2512
2513 /*----------------------------------------------------------------
2514  * hfa384x_drvr_setconfig_async
2515  *
2516  * Performs the sequence necessary to write a config/info item.
2517  *
2518  * Arguments:
2519  *       hw              device structure
2520  *       rid             config/info record id (in host order)
2521  *       buf             host side record buffer
2522  *       len             buffer length (in bytes)
2523  *       usercb          completion callback
2524  *       usercb_data     completion callback argument
2525  *
2526  * Returns:
2527  *       0               success
2528  *       >0              f/w reported error - f/w status code
2529  *       <0              driver reported error
2530  *
2531  * Side effects:
2532  *
2533  * Call context:
2534  *       process
2535  ----------------------------------------------------------------*/
2536 int
2537 hfa384x_drvr_setconfig_async(
2538          hfa384x_t       *hw,
2539          u16          rid,
2540          void            *buf,
2541          u16          len,
2542          ctlx_usercb_t   usercb,
2543          void            *usercb_data)
2544 {
2545         return hfa384x_dowrid_async(hw, rid, buf, len,
2546                                     hfa384x_cb_status, usercb, usercb_data);
2547 }
2548
2549 /*----------------------------------------------------------------
2550 * hfa384x_drvr_handover
2551 *
2552 * Sends a handover notification to the MAC.
2553 *
2554 * Arguments:
2555 *       hw              device structure
2556 *       addr            address of station that's left
2557 *
2558 * Returns:
2559 *       zero            success.
2560 *       -ERESTARTSYS    received signal while waiting for semaphore.
2561 *       -EIO            failed to write to bap, or failed in cmd.
2562 *
2563 * Side effects:
2564 *
2565 * Call context:
2566 *       process
2567 ----------------------------------------------------------------*/
2568 int hfa384x_drvr_handover( hfa384x_t *hw, u8 *addr)
2569 {
2570         DBFENTER;
2571         WLAN_LOG_ERROR("Not currently supported in USB!\n");
2572         DBFEXIT;
2573         return -EIO;
2574 }
2575
2576 /*----------------------------------------------------------------
2577 * hfa384x_drvr_low_level
2578 *
2579 * Write test commands to the card.  Some test commands don't make
2580 * sense without prior set-up.  For example, continous TX isn't very
2581 * useful until you set the channel.  That functionality should be
2582 *
2583 * Side effects:
2584 *
2585 * Call context:
2586 *      process thread
2587 * -----------------------------------------------------------------*/
2588 int hfa384x_drvr_low_level(hfa384x_t *hw, hfa384x_metacmd_t *cmd)
2589 {
2590         int             result;
2591         DBFENTER;
2592
2593         /* Do i need a host2hfa... conversion ? */
2594
2595         result = hfa384x_docmd_wait(hw, cmd);
2596
2597         DBFEXIT;
2598         return result;
2599 }
2600
2601 /*----------------------------------------------------------------
2602 * hfa384x_drvr_ramdl_disable
2603 *
2604 * Ends the ram download state.
2605 *
2606 * Arguments:
2607 *       hw              device structure
2608 *
2609 * Returns:
2610 *       0               success
2611 *       >0              f/w reported error - f/w status code
2612 *       <0              driver reported error
2613 *
2614 * Side effects:
2615 *
2616 * Call context:
2617 *       process
2618 ----------------------------------------------------------------*/
2619 int
2620 hfa384x_drvr_ramdl_disable(hfa384x_t *hw)
2621 {
2622         DBFENTER;
2623         /* Check that we're already in the download state */
2624         if ( hw->dlstate != HFA384x_DLSTATE_RAMENABLED ) {
2625                 return -EINVAL;
2626         }
2627
2628         WLAN_LOG_DEBUG(3,"ramdl_disable()\n");
2629
2630         /* There isn't much we can do at this point, so I don't */
2631         /*  bother  w/ the return value */
2632         hfa384x_cmd_download(hw, HFA384x_PROGMODE_DISABLE, 0, 0 , 0);
2633         hw->dlstate = HFA384x_DLSTATE_DISABLED;
2634
2635         DBFEXIT;
2636         return 0;
2637 }
2638
2639
2640 /*----------------------------------------------------------------
2641 * hfa384x_drvr_ramdl_enable
2642 *
2643 * Begins the ram download state.  Checks to see that we're not
2644 * already in a download state and that a port isn't enabled.
2645 * Sets the download state and calls cmd_download with the
2646 * ENABLE_VOLATILE subcommand and the exeaddr argument.
2647 *
2648 * Arguments:
2649 *       hw              device structure
2650 *       exeaddr         the card execution address that will be
2651 *                       jumped to when ramdl_disable() is called
2652 *                       (host order).
2653 *
2654 * Returns:
2655 *       0               success
2656 *       >0              f/w reported error - f/w status code
2657 *       <0              driver reported error
2658 *
2659 * Side effects:
2660 *
2661 * Call context:
2662 *       process
2663 ----------------------------------------------------------------*/
2664 int
2665 hfa384x_drvr_ramdl_enable(hfa384x_t *hw, u32 exeaddr)
2666 {
2667         int             result = 0;
2668         u16             lowaddr;
2669         u16             hiaddr;
2670         int             i;
2671         DBFENTER;
2672         /* Check that a port isn't active */
2673         for ( i = 0; i < HFA384x_PORTID_MAX; i++) {
2674                 if ( hw->port_enabled[i] ) {
2675                         WLAN_LOG_ERROR(
2676                                 "Can't download with a macport enabled.\n");
2677                         return -EINVAL;
2678                 }
2679         }
2680
2681         /* Check that we're not already in a download state */
2682         if ( hw->dlstate != HFA384x_DLSTATE_DISABLED ) {
2683                 WLAN_LOG_ERROR(
2684                         "Download state not disabled.\n");
2685                 return -EINVAL;
2686         }
2687
2688         WLAN_LOG_DEBUG(3,"ramdl_enable, exeaddr=0x%08x\n", exeaddr);
2689
2690         /* Call the download(1,addr) function */
2691         lowaddr = HFA384x_ADDR_CMD_MKOFF(exeaddr);
2692         hiaddr =  HFA384x_ADDR_CMD_MKPAGE(exeaddr);
2693
2694         result = hfa384x_cmd_download(hw, HFA384x_PROGMODE_RAM,
2695                         lowaddr, hiaddr, 0);
2696
2697         if ( result == 0) {
2698                 /* Set the download state */
2699                 hw->dlstate = HFA384x_DLSTATE_RAMENABLED;
2700         } else {
2701                 WLAN_LOG_DEBUG(1,
2702                         "cmd_download(0x%04x, 0x%04x) failed, result=%d.\n",
2703                         lowaddr,
2704                         hiaddr,
2705                         result);
2706         }
2707
2708         DBFEXIT;
2709         return result;
2710 }
2711
2712
2713 /*----------------------------------------------------------------
2714 * hfa384x_drvr_ramdl_write
2715 *
2716 * Performs a RAM download of a chunk of data. First checks to see
2717 * that we're in the RAM download state, then uses the [read|write]mem USB
2718 * commands to 1) copy the data, 2) readback and compare.  The download
2719 * state is unaffected.  When all data has been written using
2720 * this function, call drvr_ramdl_disable() to end the download state
2721 * and restart the MAC.
2722 *
2723 * Arguments:
2724 *       hw              device structure
2725 *       daddr           Card address to write to. (host order)
2726 *       buf             Ptr to data to write.
2727 *       len             Length of data (host order).
2728 *
2729 * Returns:
2730 *       0               success
2731 *       >0              f/w reported error - f/w status code
2732 *       <0              driver reported error
2733 *
2734 * Side effects:
2735 *
2736 * Call context:
2737 *       process
2738 ----------------------------------------------------------------*/
2739 int
2740 hfa384x_drvr_ramdl_write(hfa384x_t *hw, u32 daddr, void* buf, u32 len)
2741 {
2742         int             result = 0;
2743         int             nwrites;
2744         u8              *data = buf;
2745         int             i;
2746         u32             curraddr;
2747         u16             currpage;
2748         u16             curroffset;
2749         u16             currlen;
2750         DBFENTER;
2751         /* Check that we're in the ram download state */
2752         if ( hw->dlstate != HFA384x_DLSTATE_RAMENABLED ) {
2753                 return -EINVAL;
2754         }
2755
2756         WLAN_LOG_INFO("Writing %d bytes to ram @0x%06x\n", len, daddr);
2757
2758         /* How many dowmem calls?  */
2759         nwrites = len / HFA384x_USB_RWMEM_MAXLEN;
2760         nwrites += len % HFA384x_USB_RWMEM_MAXLEN ? 1 : 0;
2761
2762         /* Do blocking wmem's */
2763         for(i=0; i < nwrites; i++) {
2764                 /* make address args */
2765                 curraddr = daddr + (i * HFA384x_USB_RWMEM_MAXLEN);
2766                 currpage = HFA384x_ADDR_CMD_MKPAGE(curraddr);
2767                 curroffset = HFA384x_ADDR_CMD_MKOFF(curraddr);
2768                 currlen = len - (i * HFA384x_USB_RWMEM_MAXLEN);
2769                 if ( currlen > HFA384x_USB_RWMEM_MAXLEN) {
2770                         currlen = HFA384x_USB_RWMEM_MAXLEN;
2771                 }
2772
2773                 /* Do blocking ctlx */
2774                 result = hfa384x_dowmem_wait( hw,
2775                                 currpage,
2776                                 curroffset,
2777                                 data + (i*HFA384x_USB_RWMEM_MAXLEN),
2778                                 currlen );
2779
2780                 if (result) break;
2781
2782                 /* TODO: We really should have a readback. */
2783         }
2784
2785         DBFEXIT;
2786         return result;
2787 }
2788
2789
2790 /*----------------------------------------------------------------
2791 * hfa384x_drvr_readpda
2792 *
2793 * Performs the sequence to read the PDA space.  Note there is no
2794 * drvr_writepda() function.  Writing a PDA is
2795 * generally implemented by a calling component via calls to
2796 * cmd_download and writing to the flash download buffer via the
2797 * aux regs.
2798 *
2799 * Arguments:
2800 *       hw              device structure
2801 *       buf             buffer to store PDA in
2802 *       len             buffer length
2803 *
2804 * Returns:
2805 *       0               success
2806 *       >0              f/w reported error - f/w status code
2807 *       <0              driver reported error
2808 *       -ETIMEOUT       timout waiting for the cmd regs to become
2809 *                       available, or waiting for the control reg
2810 *                       to indicate the Aux port is enabled.
2811 *       -ENODATA        the buffer does NOT contain a valid PDA.
2812 *                       Either the card PDA is bad, or the auxdata
2813 *                       reads are giving us garbage.
2814
2815 *
2816 * Side effects:
2817 *
2818 * Call context:
2819 *       process or non-card interrupt.
2820 ----------------------------------------------------------------*/
2821 int hfa384x_drvr_readpda(hfa384x_t *hw, void *buf, unsigned int len)
2822 {
2823         int             result = 0;
2824         u16             *pda = buf;
2825         int             pdaok = 0;
2826         int             morepdrs = 1;
2827         int             currpdr = 0;    /* word offset of the current pdr */
2828         size_t          i;
2829         u16             pdrlen;         /* pdr length in bytes, host order */
2830         u16             pdrcode;        /* pdr code, host order */
2831         u16             currpage;
2832         u16             curroffset;
2833         struct pdaloc {
2834                 u32     cardaddr;
2835                 u16     auxctl;
2836         } pdaloc[] =
2837         {
2838                 { HFA3842_PDA_BASE,             0},
2839                 { HFA3841_PDA_BASE,             0},
2840                 { HFA3841_PDA_BOGUS_BASE,       0}
2841         };
2842
2843         DBFENTER;
2844
2845         /* Read the pda from each known address.  */
2846         for ( i = 0; i < ARRAY_SIZE(pdaloc); i++) {
2847                 /* Make address */
2848                 currpage = HFA384x_ADDR_CMD_MKPAGE(pdaloc[i].cardaddr);
2849                 curroffset = HFA384x_ADDR_CMD_MKOFF(pdaloc[i].cardaddr);
2850
2851                 result = hfa384x_dormem_wait(hw,
2852                         currpage,
2853                         curroffset,
2854                         buf,
2855                         len);           /* units of bytes */
2856
2857                 if (result) {
2858                         WLAN_LOG_WARNING(
2859                                           "Read from index %zd failed, continuing\n",
2860                                 i );
2861                         continue;
2862                 }
2863
2864                 /* Test for garbage */
2865                 pdaok = 1;      /* initially assume good */
2866                 morepdrs = 1;
2867                 while ( pdaok && morepdrs ) {
2868                         pdrlen = hfa384x2host_16(pda[currpdr]) * 2;
2869                         pdrcode = hfa384x2host_16(pda[currpdr+1]);
2870                         /* Test the record length */
2871                         if ( pdrlen > HFA384x_PDR_LEN_MAX || pdrlen == 0) {
2872                                 WLAN_LOG_ERROR("pdrlen invalid=%d\n",
2873                                         pdrlen);
2874                                 pdaok = 0;
2875                                 break;
2876                         }
2877                         /* Test the code */
2878                         if ( !hfa384x_isgood_pdrcode(pdrcode) ) {
2879                                 WLAN_LOG_ERROR("pdrcode invalid=%d\n",
2880                                         pdrcode);
2881                                 pdaok = 0;
2882                                 break;
2883                         }
2884                         /* Test for completion */
2885                         if ( pdrcode == HFA384x_PDR_END_OF_PDA) {
2886                                 morepdrs = 0;
2887                         }
2888
2889                         /* Move to the next pdr (if necessary) */
2890                         if ( morepdrs ) {
2891                                 /* note the access to pda[], need words here */
2892                                 currpdr += hfa384x2host_16(pda[currpdr]) + 1;
2893                         }
2894                 }
2895                 if ( pdaok ) {
2896                         WLAN_LOG_INFO(
2897                                 "PDA Read from 0x%08x in %s space.\n",
2898                                 pdaloc[i].cardaddr,
2899                                 pdaloc[i].auxctl == 0 ? "EXTDS" :
2900                                 pdaloc[i].auxctl == 1 ? "NV" :
2901                                 pdaloc[i].auxctl == 2 ? "PHY" :
2902                                 pdaloc[i].auxctl == 3 ? "ICSRAM" :
2903                                 "<bogus auxctl>");
2904                         break;
2905                 }
2906         }
2907         result = pdaok ? 0 : -ENODATA;
2908
2909         if ( result ) {
2910                 WLAN_LOG_DEBUG(3,"Failure: pda is not okay\n");
2911         }
2912
2913         DBFEXIT;
2914         return result;
2915 }
2916
2917
2918 /*----------------------------------------------------------------
2919 * hfa384x_drvr_setconfig
2920 *
2921 * Performs the sequence necessary to write a config/info item.
2922 *
2923 * Arguments:
2924 *       hw              device structure
2925 *       rid             config/info record id (in host order)
2926 *       buf             host side record buffer
2927 *       len             buffer length (in bytes)
2928 *
2929 * Returns:
2930 *       0               success
2931 *       >0              f/w reported error - f/w status code
2932 *       <0              driver reported error
2933 *
2934 * Side effects:
2935 *
2936 * Call context:
2937 *       process
2938 ----------------------------------------------------------------*/
2939 int hfa384x_drvr_setconfig(hfa384x_t *hw, u16 rid, void *buf, u16 len)
2940 {
2941         return hfa384x_dowrid_wait(hw, rid, buf, len);
2942 }
2943
2944 /*----------------------------------------------------------------
2945 * hfa384x_drvr_start
2946 *
2947 * Issues the MAC initialize command, sets up some data structures,
2948 * and enables the interrupts.  After this function completes, the
2949 * low-level stuff should be ready for any/all commands.
2950 *
2951 * Arguments:
2952 *       hw              device structure
2953 * Returns:
2954 *       0               success
2955 *       >0              f/w reported error - f/w status code
2956 *       <0              driver reported error
2957 *
2958 * Side effects:
2959 *
2960 * Call context:
2961 *       process
2962 ----------------------------------------------------------------*/
2963
2964 int hfa384x_drvr_start(hfa384x_t *hw)
2965 {
2966         int             result, result1, result2;
2967         u16             status;
2968         DBFENTER;
2969
2970         might_sleep();
2971
2972         /* Clear endpoint stalls - but only do this if the endpoint
2973          * is showing a stall status. Some prism2 cards seem to behave
2974          * badly if a clear_halt is called when the endpoint is already
2975          * ok
2976          */
2977         result = usb_get_status(hw->usb, USB_RECIP_ENDPOINT, hw->endp_in, &status);
2978         if (result < 0) {
2979                 WLAN_LOG_ERROR(
2980                         "Cannot get bulk in endpoint status.\n");
2981                 goto done;
2982         }
2983         if ((status == 1) && usb_clear_halt(hw->usb, hw->endp_in)) {
2984                 WLAN_LOG_ERROR(
2985                         "Failed to reset bulk in endpoint.\n");
2986         }
2987
2988         result = usb_get_status(hw->usb, USB_RECIP_ENDPOINT, hw->endp_out, &status);
2989         if (result < 0) {
2990                 WLAN_LOG_ERROR(
2991                         "Cannot get bulk out endpoint status.\n");
2992                 goto done;
2993         }
2994         if ((status == 1) && usb_clear_halt(hw->usb, hw->endp_out)) {
2995                 WLAN_LOG_ERROR(
2996                         "Failed to reset bulk out endpoint.\n");
2997         }
2998
2999         /* Synchronous unlink, in case we're trying to restart the driver */
3000         usb_kill_urb(&hw->rx_urb);
3001
3002         /* Post the IN urb */
3003         result = submit_rx_urb(hw, GFP_KERNEL);
3004         if (result != 0) {
3005                 WLAN_LOG_ERROR(
3006                         "Fatal, failed to submit RX URB, result=%d\n",
3007                         result);
3008                 goto done;
3009         }
3010
3011         /* Call initialize twice, with a 1 second sleep in between.
3012          * This is a nasty work-around since many prism2 cards seem to
3013          * need time to settle after an init from cold. The second
3014          * call to initialize in theory is not necessary - but we call
3015          * it anyway as a double insurance policy:
3016          * 1) If the first init should fail, the second may well succeed
3017          *    and the card can still be used
3018          * 2) It helps ensures all is well with the card after the first
3019          *    init and settle time.
3020          */
3021         result1 = hfa384x_cmd_initialize(hw);
3022         msleep(1000);
3023         result = result2 = hfa384x_cmd_initialize(hw);
3024         if (result1 != 0) {
3025                 if (result2 != 0) {
3026                         WLAN_LOG_ERROR(
3027                                 "cmd_initialize() failed on two attempts, results %d and %d\n",
3028                                 result1, result2);
3029                         usb_kill_urb(&hw->rx_urb);
3030                         goto done;
3031                 } else {
3032                         WLAN_LOG_DEBUG(0, "First cmd_initialize() failed (result %d),\n",
3033                                 result1);
3034                         WLAN_LOG_DEBUG(0, "but second attempt succeeded. All should be ok\n");
3035                 }
3036         } else if (result2 != 0) {
3037                 WLAN_LOG_WARNING(
3038                         "First cmd_initialize() succeeded, but second attempt failed (result=%d)\n",
3039                         result2);
3040                 WLAN_LOG_WARNING("Most likely the card will be functional\n");
3041                         goto done;
3042         }
3043
3044         hw->state = HFA384x_STATE_RUNNING;
3045
3046 done:
3047         DBFEXIT;
3048         return result;
3049 }
3050
3051
3052 /*----------------------------------------------------------------
3053 * hfa384x_drvr_stop
3054 *
3055 * Shuts down the MAC to the point where it is safe to unload the
3056 * driver.  Any subsystem that may be holding a data or function
3057 * ptr into the driver must be cleared/deinitialized.
3058 *
3059 * Arguments:
3060 *       hw              device structure
3061 * Returns:
3062 *       0               success
3063 *       >0              f/w reported error - f/w status code
3064 *       <0              driver reported error
3065 *
3066 * Side effects:
3067 *
3068 * Call context:
3069 *       process
3070 ----------------------------------------------------------------*/
3071 int
3072 hfa384x_drvr_stop(hfa384x_t *hw)
3073 {
3074         int     result = 0;
3075         int     i;
3076         DBFENTER;
3077
3078         might_sleep();
3079
3080         /* There's no need for spinlocks here. The USB "disconnect"
3081          * function sets this "removed" flag and then calls us.
3082          */
3083         if ( !hw->wlandev->hwremoved ) {
3084                 /* Call initialize to leave the MAC in its 'reset' state */
3085                 hfa384x_cmd_initialize(hw);
3086
3087                 /* Cancel the rxurb */
3088                 usb_kill_urb(&hw->rx_urb);
3089         }
3090
3091         hw->link_status = HFA384x_LINK_NOTCONNECTED;
3092         hw->state = HFA384x_STATE_INIT;
3093
3094         del_timer_sync(&hw->commsqual_timer);
3095
3096         /* Clear all the port status */
3097         for ( i = 0; i < HFA384x_NUMPORTS_MAX; i++) {
3098                 hw->port_enabled[i] = 0;
3099         }
3100
3101         DBFEXIT;
3102         return result;
3103 }
3104
3105 /*----------------------------------------------------------------
3106 * hfa384x_drvr_txframe
3107 *
3108 * Takes a frame from prism2sta and queues it for transmission.
3109 *
3110 * Arguments:
3111 *       hw              device structure
3112 *       skb             packet buffer struct.  Contains an 802.11
3113 *                       data frame.
3114 *       p80211_hdr      points to the 802.11 header for the packet.
3115 * Returns:
3116 *       0               Success and more buffs available
3117 *       1               Success but no more buffs
3118 *       2               Allocation failure
3119 *       4               Buffer full or queue busy
3120 *
3121 * Side effects:
3122 *
3123 * Call context:
3124 *       interrupt
3125 ----------------------------------------------------------------*/
3126 int hfa384x_drvr_txframe(hfa384x_t *hw, struct sk_buff *skb, p80211_hdr_t *p80211_hdr, p80211_metawep_t *p80211_wep)
3127
3128 {
3129         int             usbpktlen = sizeof(hfa384x_tx_frame_t);
3130         int             result;
3131         int             ret;
3132         char            *ptr;
3133
3134         DBFENTER;
3135
3136         if (hw->tx_urb.status == -EINPROGRESS) {
3137                 WLAN_LOG_WARNING("TX URB already in use\n");
3138                 result = 3;
3139                 goto exit;
3140         }
3141
3142         /* Build Tx frame structure */
3143         /* Set up the control field */
3144         memset(&hw->txbuff.txfrm.desc, 0, sizeof(hw->txbuff.txfrm.desc));
3145
3146         /* Setup the usb type field */
3147         hw->txbuff.type = host2hfa384x_16(HFA384x_USB_TXFRM);
3148
3149         /* Set up the sw_support field to identify this frame */
3150         hw->txbuff.txfrm.desc.sw_support = 0x0123;
3151
3152 /* Tx complete and Tx exception disable per dleach.  Might be causing
3153  * buf depletion
3154  */
3155 //#define DOEXC  SLP -- doboth breaks horribly under load, doexc less so.
3156 #if defined(DOBOTH)
3157         hw->txbuff.txfrm.desc.tx_control =
3158                 HFA384x_TX_MACPORT_SET(0) | HFA384x_TX_STRUCTYPE_SET(1) |
3159                 HFA384x_TX_TXEX_SET(1) | HFA384x_TX_TXOK_SET(1);
3160 #elif defined(DOEXC)
3161         hw->txbuff.txfrm.desc.tx_control =
3162                 HFA384x_TX_MACPORT_SET(0) | HFA384x_TX_STRUCTYPE_SET(1) |
3163                 HFA384x_TX_TXEX_SET(1) | HFA384x_TX_TXOK_SET(0);
3164 #else
3165         hw->txbuff.txfrm.desc.tx_control =
3166                 HFA384x_TX_MACPORT_SET(0) | HFA384x_TX_STRUCTYPE_SET(1) |
3167                 HFA384x_TX_TXEX_SET(0) | HFA384x_TX_TXOK_SET(0);
3168 #endif
3169         hw->txbuff.txfrm.desc.tx_control =
3170                 host2hfa384x_16(hw->txbuff.txfrm.desc.tx_control);
3171
3172         /* copy the header over to the txdesc */
3173         memcpy(&(hw->txbuff.txfrm.desc.frame_control), p80211_hdr, sizeof(p80211_hdr_t));
3174
3175         /* if we're using host WEP, increase size by IV+ICV */
3176         if (p80211_wep->data) {
3177                 hw->txbuff.txfrm.desc.data_len = host2hfa384x_16(skb->len+8);
3178                 // hw->txbuff.txfrm.desc.tx_control |= HFA384x_TX_NOENCRYPT_SET(1);
3179                 usbpktlen+=8;
3180         } else {
3181                 hw->txbuff.txfrm.desc.data_len = host2hfa384x_16(skb->len);
3182         }
3183
3184         usbpktlen += skb->len;
3185
3186         /* copy over the WEP IV if we are using host WEP */
3187         ptr = hw->txbuff.txfrm.data;
3188         if (p80211_wep->data) {
3189                 memcpy(ptr, p80211_wep->iv, sizeof(p80211_wep->iv));
3190                 ptr+= sizeof(p80211_wep->iv);
3191                 memcpy(ptr, p80211_wep->data, skb->len);
3192         } else {
3193                 memcpy(ptr, skb->data, skb->len);
3194         }
3195         /* copy over the packet data */
3196         ptr+= skb->len;
3197
3198         /* copy over the WEP ICV if we are using host WEP */
3199         if (p80211_wep->data) {
3200                 memcpy(ptr, p80211_wep->icv, sizeof(p80211_wep->icv));
3201         }
3202
3203         /* Send the USB packet */
3204         usb_fill_bulk_urb( &(hw->tx_urb), hw->usb,
3205                        hw->endp_out,
3206                        &(hw->txbuff), ROUNDUP64(usbpktlen),
3207                        hfa384x_usbout_callback, hw->wlandev );
3208         hw->tx_urb.transfer_flags |= USB_QUEUE_BULK;
3209
3210         result = 1;
3211         ret = submit_tx_urb(hw, &hw->tx_urb, GFP_ATOMIC);
3212         if ( ret != 0 ) {
3213                 WLAN_LOG_ERROR(
3214                         "submit_tx_urb() failed, error=%d\n", ret);
3215                 result = 3;
3216         }
3217
3218  exit:
3219         DBFEXIT;
3220         return result;
3221 }
3222
3223 void hfa384x_tx_timeout(wlandevice_t *wlandev)
3224 {
3225         hfa384x_t       *hw = wlandev->priv;
3226         unsigned long flags;
3227
3228         DBFENTER;
3229
3230         spin_lock_irqsave(&hw->ctlxq.lock, flags);
3231
3232         if ( !hw->wlandev->hwremoved &&
3233              /* Note the bitwise OR, not the logical OR. */
3234              ( !test_and_set_bit(WORK_TX_HALT, &hw->usb_flags) |
3235                !test_and_set_bit(WORK_RX_HALT, &hw->usb_flags) ) )
3236         {
3237                 schedule_work(&hw->usb_work);
3238         }
3239
3240         spin_unlock_irqrestore(&hw->ctlxq.lock, flags);
3241
3242         DBFEXIT;
3243 }
3244
3245 /*----------------------------------------------------------------
3246 * hfa384x_usbctlx_reaper_task
3247 *
3248 * Tasklet to delete dead CTLX objects
3249 *
3250 * Arguments:
3251 *       data    ptr to a hfa384x_t
3252 *
3253 * Returns:
3254 *
3255 * Call context:
3256 *       Interrupt
3257 ----------------------------------------------------------------*/
3258 static void hfa384x_usbctlx_reaper_task(unsigned long data)
3259 {
3260         hfa384x_t       *hw = (hfa384x_t*)data;
3261         struct list_head *entry;
3262         struct list_head *temp;
3263         unsigned long   flags;
3264
3265         DBFENTER;
3266
3267         spin_lock_irqsave(&hw->ctlxq.lock, flags);
3268
3269         /* This list is guaranteed to be empty if someone
3270          * has unplugged the adapter.
3271          */
3272         list_for_each_safe(entry, temp, &hw->ctlxq.reapable) {
3273                 hfa384x_usbctlx_t       *ctlx;
3274
3275                 ctlx = list_entry(entry, hfa384x_usbctlx_t, list);
3276                 list_del(&ctlx->list);
3277                 kfree(ctlx);
3278         }
3279
3280         spin_unlock_irqrestore(&hw->ctlxq.lock, flags);
3281
3282         DBFEXIT;
3283 }
3284
3285 /*----------------------------------------------------------------
3286 * hfa384x_usbctlx_completion_task
3287 *
3288 * Tasklet to call completion handlers for returned CTLXs
3289 *
3290 * Arguments:
3291 *       data    ptr to hfa384x_t
3292 *
3293 * Returns:
3294 *       Nothing
3295 *
3296 * Call context:
3297 *       Interrupt
3298 ----------------------------------------------------------------*/
3299 static void hfa384x_usbctlx_completion_task(unsigned long data)
3300 {
3301         hfa384x_t *hw = (hfa384x_t*)data;
3302         struct list_head *entry;
3303         struct list_head *temp;
3304         unsigned long flags;
3305
3306         int reap = 0;
3307
3308         DBFENTER;
3309
3310         spin_lock_irqsave(&hw->ctlxq.lock, flags);
3311
3312         /* This list is guaranteed to be empty if someone
3313          * has unplugged the adapter ...
3314          */
3315         list_for_each_safe(entry, temp, &hw->ctlxq.completing) {
3316                 hfa384x_usbctlx_t *ctlx;
3317
3318                 ctlx = list_entry(entry, hfa384x_usbctlx_t, list);
3319
3320                 /* Call the completion function that this
3321                  * command was assigned, assuming it has one.
3322                  */
3323                 if ( ctlx->cmdcb != NULL ) {
3324                         spin_unlock_irqrestore(&hw->ctlxq.lock, flags);
3325                         ctlx->cmdcb(hw, ctlx);
3326                         spin_lock_irqsave(&hw->ctlxq.lock, flags);
3327
3328                         /* Make sure we don't try and complete
3329                          * this CTLX more than once!
3330                          */
3331                         ctlx->cmdcb = NULL;
3332
3333                         /* Did someone yank the adapter out
3334                          * while our list was (briefly) unlocked?
3335                          */
3336                         if ( hw->wlandev->hwremoved )
3337                         {
3338                                 reap = 0;
3339                                 break;
3340                         }
3341                 }
3342
3343                 /*
3344                  * "Reapable" CTLXs are ones which don't have any
3345                  * threads waiting for them to die. Hence they must
3346                  * be delivered to The Reaper!
3347                  */
3348                 if ( ctlx->reapable ) {
3349                         /* Move the CTLX off the "completing" list (hopefully)
3350                          * on to the "reapable" list where the reaper task
3351                          * can find it. And "reapable" means that this CTLX
3352                          * isn't sitting on a wait-queue somewhere.
3353                          */
3354                         list_move_tail(&ctlx->list, &hw->ctlxq.reapable);
3355                         reap = 1;
3356                 }
3357
3358                 complete(&ctlx->done);
3359         }
3360         spin_unlock_irqrestore(&hw->ctlxq.lock, flags);
3361
3362         if (reap)
3363                 tasklet_schedule(&hw->reaper_bh);
3364
3365         DBFEXIT;
3366 }
3367
3368 /*----------------------------------------------------------------
3369 * unlocked_usbctlx_cancel_async
3370 *
3371 * Mark the CTLX dead asynchronously, and ensure that the
3372 * next command on the queue is run afterwards.
3373 *
3374 * Arguments:
3375 *       hw      ptr to the hfa384x_t structure
3376 *       ctlx    ptr to a CTLX structure
3377 *
3378 * Returns:
3379 *       0       the CTLX's URB is inactive
3380 * -EINPROGRESS  the URB is currently being unlinked
3381 *
3382 * Call context:
3383 *       Either process or interrupt, but presumably interrupt
3384 ----------------------------------------------------------------*/
3385 static int unlocked_usbctlx_cancel_async(hfa384x_t *hw, hfa384x_usbctlx_t *ctlx)
3386 {
3387         int ret;
3388
3389         DBFENTER;
3390
3391         /*
3392          * Try to delete the URB containing our request packet.
3393          * If we succeed, then its completion handler will be
3394          * called with a status of -ECONNRESET.
3395          */
3396         hw->ctlx_urb.transfer_flags |= URB_ASYNC_UNLINK;
3397         ret = usb_unlink_urb(&hw->ctlx_urb);
3398
3399         if (ret != -EINPROGRESS) {
3400                 /*
3401                  * The OUT URB had either already completed
3402                  * or was still in the pending queue, so the
3403                  * URB's completion function will not be called.
3404                  * We will have to complete the CTLX ourselves.
3405                  */
3406                 ctlx->state = CTLX_REQ_FAILED;
3407                 unlocked_usbctlx_complete(hw, ctlx);
3408                 ret = 0;
3409         }
3410
3411         DBFEXIT;
3412
3413         return ret;
3414 }
3415
3416 /*----------------------------------------------------------------
3417 * unlocked_usbctlx_complete
3418 *
3419 * A CTLX has completed.  It may have been successful, it may not
3420 * have been. At this point, the CTLX should be quiescent.  The URBs
3421 * aren't active and the timers should have been stopped.
3422 *
3423 * The CTLX is migrated to the "completing" queue, and the completing
3424 * tasklet is scheduled.
3425 *
3426 * Arguments:
3427 *       hw              ptr to a hfa384x_t structure
3428 *       ctlx            ptr to a ctlx structure
3429 *
3430 * Returns:
3431 *       nothing
3432 *
3433 * Side effects:
3434 *
3435 * Call context:
3436 *       Either, assume interrupt
3437 ----------------------------------------------------------------*/
3438 static void unlocked_usbctlx_complete(hfa384x_t *hw, hfa384x_usbctlx_t *ctlx)
3439 {
3440         DBFENTER;
3441
3442         /* Timers have been stopped, and ctlx should be in
3443          * a terminal state. Retire it from the "active"
3444          * queue.
3445          */
3446         list_move_tail(&ctlx->list, &hw->ctlxq.completing);
3447         tasklet_schedule(&hw->completion_bh);
3448
3449         switch (ctlx->state) {
3450         case CTLX_COMPLETE:
3451         case CTLX_REQ_FAILED:
3452                 /* This are the correct terminating states. */
3453                 break;
3454
3455         default:
3456                 WLAN_LOG_ERROR("CTLX[%d] not in a terminating state(%s)\n",
3457                                hfa384x2host_16(ctlx->outbuf.type),
3458                                ctlxstr(ctlx->state));
3459                 break;
3460         } /* switch */
3461
3462         DBFEXIT;
3463 }
3464
3465 /*----------------------------------------------------------------
3466 * hfa384x_usbctlxq_run
3467 *
3468 * Checks to see if the head item is running.  If not, starts it.
3469 *
3470 * Arguments:
3471 *       hw      ptr to hfa384x_t
3472 *
3473 * Returns:
3474 *       nothing
3475 *
3476 * Side effects:
3477 *
3478 * Call context:
3479 *       any
3480 ----------------------------------------------------------------*/
3481 static void
3482 hfa384x_usbctlxq_run(hfa384x_t  *hw)
3483 {
3484         unsigned long           flags;
3485         DBFENTER;
3486
3487         /* acquire lock */
3488         spin_lock_irqsave(&hw->ctlxq.lock, flags);
3489
3490         /* Only one active CTLX at any one time, because there's no
3491          * other (reliable) way to match the response URB to the
3492          * correct CTLX.
3493          *
3494          * Don't touch any of these CTLXs if the hardware
3495          * has been removed or the USB subsystem is stalled.
3496          */
3497         if ( !list_empty(&hw->ctlxq.active) ||
3498              test_bit(WORK_TX_HALT, &hw->usb_flags) ||
3499              hw->wlandev->hwremoved )
3500                 goto unlock;
3501
3502         while ( !list_empty(&hw->ctlxq.pending) ) {
3503                 hfa384x_usbctlx_t       *head;
3504                 int                     result;
3505
3506                 /* This is the first pending command */
3507                 head = list_entry(hw->ctlxq.pending.next,
3508                                   hfa384x_usbctlx_t,
3509                                   list);
3510
3511                 /* We need to split this off to avoid a race condition */
3512                 list_move_tail(&head->list, &hw->ctlxq.active);
3513
3514                 /* Fill the out packet */
3515                 usb_fill_bulk_urb( &(hw->ctlx_urb), hw->usb,
3516                                    hw->endp_out,
3517                                    &(head->outbuf), ROUNDUP64(head->outbufsize),
3518                                    hfa384x_ctlxout_callback, hw);
3519                 hw->ctlx_urb.transfer_flags |= USB_QUEUE_BULK;
3520
3521                 /* Now submit the URB and update the CTLX's state
3522                  */
3523                 if ((result = SUBMIT_URB(&hw->ctlx_urb, GFP_ATOMIC)) == 0) {
3524                         /* This CTLX is now running on the active queue */
3525                         head->state = CTLX_REQ_SUBMITTED;
3526
3527                         /* Start the OUT wait timer */
3528                         hw->req_timer_done = 0;
3529                         hw->reqtimer.expires = jiffies + HZ;
3530                         add_timer(&hw->reqtimer);
3531
3532                         /* Start the IN wait timer */
3533                         hw->resp_timer_done = 0;
3534                         hw->resptimer.expires = jiffies + 2*HZ;
3535                         add_timer(&hw->resptimer);
3536
3537                         break;
3538                 }
3539
3540                 if (result == -EPIPE) {
3541                         /* The OUT pipe needs resetting, so put
3542                          * this CTLX back in the "pending" queue
3543                          * and schedule a reset ...
3544                          */
3545                         WLAN_LOG_WARNING("%s tx pipe stalled: requesting reset\n",
3546                                          hw->wlandev->netdev->name);
3547                         list_move(&head->list, &hw->ctlxq.pending);
3548                         set_bit(WORK_TX_HALT, &hw->usb_flags);
3549                         schedule_work(&hw->usb_work);
3550                         break;
3551                 }
3552
3553                 if (result == -ESHUTDOWN) {
3554                         WLAN_LOG_WARNING("%s urb shutdown!\n",
3555                                          hw->wlandev->netdev->name);
3556                         break;
3557                 }
3558
3559                 WLAN_LOG_ERROR("Failed to submit CTLX[%d]: error=%d\n",
3560                                hfa384x2host_16(head->outbuf.type), result);
3561                 unlocked_usbctlx_complete(hw, head);
3562         } /* while */
3563
3564         unlock:
3565         spin_unlock_irqrestore(&hw->ctlxq.lock, flags);
3566
3567         DBFEXIT;
3568 }
3569
3570
3571 /*----------------------------------------------------------------
3572 * hfa384x_usbin_callback
3573 *
3574 * Callback for URBs on the BULKIN endpoint.
3575 *
3576 * Arguments:
3577 *       urb             ptr to the completed urb
3578 *
3579 * Returns:
3580 *       nothing
3581 *
3582 * Side effects:
3583 *
3584 * Call context:
3585 *       interrupt
3586 ----------------------------------------------------------------*/
3587 static void hfa384x_usbin_callback(struct urb *urb)
3588 {
3589         wlandevice_t            *wlandev = urb->context;
3590         hfa384x_t               *hw;
3591         hfa384x_usbin_t         *usbin = (hfa384x_usbin_t *) urb->transfer_buffer;
3592         struct sk_buff          *skb = NULL;
3593         int                     result;
3594         int                     urb_status;
3595         u16                     type;
3596
3597         enum USBIN_ACTION {
3598                 HANDLE,
3599                 RESUBMIT,
3600                 ABORT
3601         } action;
3602
3603         DBFENTER;
3604
3605         if ( !wlandev ||
3606              !wlandev->netdev ||
3607              wlandev->hwremoved )
3608                 goto exit;
3609
3610         hw = wlandev->priv;
3611         if (!hw)
3612                 goto exit;
3613
3614         skb = hw->rx_urb_skb;
3615         if (!skb || (skb->data != urb->transfer_buffer)) {
3616                 BUG();
3617         }
3618         hw->rx_urb_skb = NULL;
3619
3620         /* Check for error conditions within the URB */
3621         switch (urb->status) {
3622         case 0:
3623                 action = HANDLE;
3624
3625                 /* Check for short packet */
3626                 if ( urb->actual_length == 0 ) {
3627                         ++(wlandev->linux_stats.rx_errors);
3628                         ++(wlandev->linux_stats.rx_length_errors);
3629                         action = RESUBMIT;
3630                 }
3631                 break;
3632
3633         case -EPIPE:
3634                 WLAN_LOG_WARNING("%s rx pipe stalled: requesting reset\n",
3635                                  wlandev->netdev->name);
3636                 if ( !test_and_set_bit(WORK_RX_HALT, &hw->usb_flags) )
3637                         schedule_work(&hw->usb_work);
3638                 ++(wlandev->linux_stats.rx_errors);
3639                 action = ABORT;
3640                 break;
3641
3642         case -EILSEQ:
3643         case -ETIMEDOUT:
3644         case -EPROTO:
3645                 if ( !test_and_set_bit(THROTTLE_RX, &hw->usb_flags) &&
3646                      !timer_pending(&hw->throttle) ) {
3647                         mod_timer(&hw->throttle, jiffies + THROTTLE_JIFFIES);
3648                 }
3649                 ++(wlandev->linux_stats.rx_errors);
3650                 action = ABORT;
3651                 break;
3652
3653         case -EOVERFLOW:
3654                 ++(wlandev->linux_stats.rx_over_errors);
3655                 action = RESUBMIT;
3656                 break;
3657
3658         case -ENODEV:
3659         case -ESHUTDOWN:
3660                 WLAN_LOG_DEBUG(3,"status=%d, device removed.\n", urb->status);
3661                 action = ABORT;
3662                 break;
3663
3664         case -ENOENT:
3665         case -ECONNRESET:
3666                 WLAN_LOG_DEBUG(3,"status=%d, urb explicitly unlinked.\n", urb->status);
3667                 action = ABORT;
3668                 break;
3669
3670         default:
3671                 WLAN_LOG_DEBUG(3,"urb status=%d, transfer flags=0x%x\n",
3672                                  urb->status, urb->transfer_flags);
3673                 ++(wlandev->linux_stats.rx_errors);
3674                 action = RESUBMIT;
3675                 break;
3676         }
3677
3678         urb_status = urb->status;
3679
3680         if (action != ABORT) {
3681                 /* Repost the RX URB */
3682                 result = submit_rx_urb(hw, GFP_ATOMIC);
3683
3684                 if (result != 0) {
3685                         WLAN_LOG_ERROR(
3686                                 "Fatal, failed to resubmit rx_urb. error=%d\n",
3687                                 result);
3688                 }
3689         }
3690
3691         /* Handle any USB-IN packet */
3692         /* Note: the check of the sw_support field, the type field doesn't
3693          *       have bit 12 set like the docs suggest.
3694          */
3695         type = hfa384x2host_16(usbin->type);
3696         if (HFA384x_USB_ISRXFRM(type)) {
3697                 if (action == HANDLE) {
3698                         if (usbin->txfrm.desc.sw_support == 0x0123) {
3699                                 hfa384x_usbin_txcompl(wlandev, usbin);
3700                         } else {
3701                                 skb_put(skb, sizeof(*usbin));
3702                                 hfa384x_usbin_rx(wlandev, skb);
3703                                 skb = NULL;
3704                         }
3705                 }
3706                 goto exit;
3707         }
3708         if (HFA384x_USB_ISTXFRM(type)) {
3709                 if (action == HANDLE)
3710                         hfa384x_usbin_txcompl(wlandev, usbin);
3711                 goto exit;
3712         }
3713         switch (type) {
3714         case HFA384x_USB_INFOFRM:
3715                 if (action == ABORT)
3716                         goto exit;
3717                 if (action == HANDLE)
3718                         hfa384x_usbin_info(wlandev, usbin);
3719                 break;
3720
3721         case HFA384x_USB_CMDRESP:
3722         case HFA384x_USB_WRIDRESP:
3723         case HFA384x_USB_RRIDRESP:
3724         case HFA384x_USB_WMEMRESP:
3725         case HFA384x_USB_RMEMRESP:
3726                 /* ALWAYS, ALWAYS, ALWAYS handle this CTLX!!!! */
3727                 hfa384x_usbin_ctlx(hw, usbin, urb_status);
3728                 break;
3729
3730         case HFA384x_USB_BUFAVAIL:
3731                 WLAN_LOG_DEBUG(3,"Received BUFAVAIL packet, frmlen=%d\n",
3732                         usbin->bufavail.frmlen);
3733                 break;
3734
3735         case HFA384x_USB_ERROR:
3736                 WLAN_LOG_DEBUG(3,"Received USB_ERROR packet, errortype=%d\n",
3737                         usbin->usberror.errortype);
3738                 break;
3739
3740         default:
3741                 WLAN_LOG_DEBUG(3,"Unrecognized USBIN packet, type=%x, status=%d\n",
3742                         usbin->type, urb_status);
3743                 break;
3744         } /* switch */
3745
3746 exit:
3747
3748         if (skb)
3749                 dev_kfree_skb(skb);
3750
3751         DBFEXIT;
3752 }
3753
3754
3755 /*----------------------------------------------------------------
3756 * hfa384x_usbin_ctlx
3757 *
3758 * We've received a URB containing a Prism2 "response" message.
3759 * This message needs to be matched up with a CTLX on the active
3760 * queue and our state updated accordingly.
3761 *
3762 * Arguments:
3763 *       hw              ptr to hfa384x_t
3764 *       usbin           ptr to USB IN packet
3765 *       urb_status      status of this Bulk-In URB
3766 *
3767 * Returns:
3768 *       nothing
3769 *
3770 * Side effects:
3771 *
3772 * Call context:
3773 *       interrupt
3774 ----------------------------------------------------------------*/
3775 static void hfa384x_usbin_ctlx(hfa384x_t *hw, hfa384x_usbin_t *usbin,
3776                                int urb_status)
3777 {
3778         hfa384x_usbctlx_t       *ctlx;
3779         int                     run_queue = 0;
3780         unsigned long           flags;
3781
3782         DBFENTER;
3783
3784 retry:
3785         spin_lock_irqsave(&hw->ctlxq.lock, flags);
3786
3787         /* There can be only one CTLX on the active queue
3788          * at any one time, and this is the CTLX that the
3789          * timers are waiting for.
3790          */
3791         if ( list_empty(&hw->ctlxq.active) ) {
3792                 goto unlock;
3793         }
3794
3795         /* Remove the "response timeout". It's possible that
3796          * we are already too late, and that the timeout is
3797          * already running. And that's just too bad for us,
3798          * because we could lose our CTLX from the active
3799          * queue here ...
3800          */
3801         if (del_timer(&hw->resptimer) == 0) {
3802                 if (hw->resp_timer_done == 0) {
3803                         spin_unlock_irqrestore(&hw->ctlxq.lock, flags);
3804                         goto retry;
3805                 }
3806         }
3807         else {
3808                 hw->resp_timer_done = 1;
3809         }
3810
3811         ctlx = get_active_ctlx(hw);
3812
3813         if (urb_status != 0) {
3814                 /*
3815                  * Bad CTLX, so get rid of it. But we only
3816                  * remove it from the active queue if we're no
3817                  * longer expecting the OUT URB to complete.
3818                  */
3819                 if (unlocked_usbctlx_cancel_async(hw, ctlx) == 0)
3820                         run_queue = 1;
3821         } else {
3822                 const u16 intype = (usbin->type&~host2hfa384x_16(0x8000));
3823
3824                 /*
3825                  * Check that our message is what we're expecting ...
3826                  */
3827                 if (ctlx->outbuf.type != intype) {
3828                         WLAN_LOG_WARNING("Expected IN[%d], received IN[%d] - ignored.\n",
3829                                          hfa384x2host_16(ctlx->outbuf.type),
3830                                          hfa384x2host_16(intype));
3831                         goto unlock;
3832                 }
3833
3834                 /* This URB has succeeded, so grab the data ... */
3835                 memcpy(&ctlx->inbuf, usbin, sizeof(ctlx->inbuf));
3836
3837                 switch (ctlx->state) {
3838                 case CTLX_REQ_SUBMITTED:
3839                         /*
3840                          * We have received our response URB before
3841                          * our request has been acknowledged. Odd,
3842                          * but our OUT URB is still alive...
3843                          */
3844                         WLAN_LOG_DEBUG(0, "Causality violation: please reboot Universe, or email linux-wlan-devel@lists.linux-wlan.com\n");
3845                         ctlx->state = CTLX_RESP_COMPLETE;
3846                         break;
3847
3848                 case CTLX_REQ_COMPLETE:
3849                         /*
3850                          * This is the usual path: our request
3851                          * has already been acknowledged, and
3852                          * now we have received the reply too.
3853                          */
3854                         ctlx->state = CTLX_COMPLETE;
3855                         unlocked_usbctlx_complete(hw, ctlx);
3856                         run_queue = 1;
3857                         break;
3858
3859                 default:
3860                         /*
3861                          * Throw this CTLX away ...
3862                          */
3863                         WLAN_LOG_ERROR("Matched IN URB, CTLX[%d] in invalid state(%s)."
3864                                        " Discarded.\n",
3865                                        hfa384x2host_16(ctlx->outbuf.type),
3866                                        ctlxstr(ctlx->state));
3867                         if (unlocked_usbctlx_cancel_async(hw, ctlx) == 0)
3868                                 run_queue = 1;
3869                         break;
3870                 } /* switch */
3871         }
3872
3873 unlock:
3874         spin_unlock_irqrestore(&hw->ctlxq.lock, flags);
3875
3876         if (run_queue)
3877                 hfa384x_usbctlxq_run(hw);
3878
3879         DBFEXIT;
3880 }
3881
3882
3883 /*----------------------------------------------------------------
3884 * hfa384x_usbin_txcompl
3885 *
3886 * At this point we have the results of a previous transmit.
3887 *
3888 * Arguments:
3889 *       wlandev         wlan device
3890 *       usbin           ptr to the usb transfer buffer
3891 *
3892 * Returns:
3893 *       nothing
3894 *
3895 * Side effects:
3896 *
3897 * Call context:
3898 *       interrupt
3899 ----------------------------------------------------------------*/
3900 static void hfa384x_usbin_txcompl(wlandevice_t *wlandev, hfa384x_usbin_t *usbin)
3901 {
3902         u16                     status;
3903         DBFENTER;
3904
3905         status = hfa384x2host_16(usbin->type); /* yeah I know it says type...*/
3906
3907         /* Was there an error? */
3908         if (HFA384x_TXSTATUS_ISERROR(status)) {
3909                 prism2sta_ev_txexc(wlandev, status);
3910         } else {
3911                 prism2sta_ev_tx(wlandev, status);
3912         }
3913         // prism2sta_ev_alloc(wlandev);
3914
3915         DBFEXIT;
3916 }
3917
3918
3919 /*----------------------------------------------------------------
3920 * hfa384x_usbin_rx
3921 *
3922 * At this point we have a successful received a rx frame packet.
3923 *
3924 * Arguments:
3925 *       wlandev         wlan device
3926 *       usbin           ptr to the usb transfer buffer
3927 *
3928 * Returns:
3929 *       nothing
3930 *
3931 * Side effects:
3932 *
3933 * Call context:
3934 *       interrupt
3935 ----------------------------------------------------------------*/
3936 static void hfa384x_usbin_rx(wlandevice_t *wlandev, struct sk_buff *skb)
3937 {
3938         hfa384x_usbin_t         *usbin = (hfa384x_usbin_t *) skb->data;
3939         hfa384x_t               *hw = wlandev->priv;
3940         int                     hdrlen;
3941         p80211_rxmeta_t         *rxmeta;
3942         u16                  data_len;
3943         u16                  fc;
3944
3945         DBFENTER;
3946
3947         /* Byte order convert once up front. */
3948         usbin->rxfrm.desc.status =
3949                 hfa384x2host_16(usbin->rxfrm.desc.status);
3950         usbin->rxfrm.desc.time =
3951                 hfa384x2host_32(usbin->rxfrm.desc.time);
3952
3953         /* Now handle frame based on port# */
3954         switch( HFA384x_RXSTATUS_MACPORT_GET(usbin->rxfrm.desc.status) )
3955         {
3956         case 0:
3957                 fc = ieee2host16(usbin->rxfrm.desc.frame_control);
3958
3959                 /* If exclude and we receive an unencrypted, drop it */
3960                 if ( (wlandev->hostwep & HOSTWEP_EXCLUDEUNENCRYPTED) &&
3961                      !WLAN_GET_FC_ISWEP(fc)){
3962                         goto done;
3963                 }
3964
3965                 data_len = hfa384x2host_16(usbin->rxfrm.desc.data_len);
3966
3967                 /* How much header data do we have? */
3968                 hdrlen = p80211_headerlen(fc);
3969
3970                 /* Pull off the descriptor */
3971                 skb_pull(skb, sizeof(hfa384x_rx_frame_t));
3972
3973                 /* Now shunt the header block up against the data block
3974                  * with an "overlapping" copy
3975                  */
3976                 memmove(skb_push(skb, hdrlen),
3977                         &usbin->rxfrm.desc.frame_control,
3978                         hdrlen);
3979
3980                 skb->dev = wlandev->netdev;
3981                 skb->dev->last_rx = jiffies;
3982
3983                 /* And set the frame length properly */
3984                 skb_trim(skb, data_len + hdrlen);
3985
3986                 /* The prism2 series does not return the CRC */
3987                 memset(skb_put(skb, WLAN_CRC_LEN), 0xff, WLAN_CRC_LEN);
3988
3989                 skb_reset_mac_header(skb);
3990
3991                 /* Attach the rxmeta, set some stuff */
3992                 p80211skb_rxmeta_attach(wlandev, skb);
3993                 rxmeta = P80211SKB_RXMETA(skb);
3994                 rxmeta->mactime = usbin->rxfrm.desc.time;
3995                 rxmeta->rxrate = usbin->rxfrm.desc.rate;
3996                 rxmeta->signal = usbin->rxfrm.desc.signal - hw->dbmadjust;
3997                 rxmeta->noise = usbin->rxfrm.desc.silence - hw->dbmadjust;
3998
3999                 prism2sta_ev_rx(wlandev, skb);
4000
4001                 break;
4002
4003         case 7:
4004                 if ( ! HFA384x_RXSTATUS_ISFCSERR(usbin->rxfrm.desc.status) ) {
4005                         /* Copy to wlansnif skb */
4006                         hfa384x_int_rxmonitor( wlandev, &usbin->rxfrm);
4007                         dev_kfree_skb(skb);
4008                 } else {
4009                         WLAN_LOG_DEBUG(3,"Received monitor frame: FCSerr set\n");
4010                 }
4011                 break;
4012
4013         default:
4014                 WLAN_LOG_WARNING("Received frame on unsupported port=%d\n",
4015                         HFA384x_RXSTATUS_MACPORT_GET(usbin->rxfrm.desc.status) );
4016                 goto done;
4017                 break;
4018         }
4019
4020 done:
4021         DBFEXIT;
4022         return;
4023 }
4024
4025 /*----------------------------------------------------------------
4026 * hfa384x_int_rxmonitor
4027 *
4028 * Helper function for int_rx.  Handles monitor frames.
4029 * Note that this function allocates space for the FCS and sets it
4030 * to 0xffffffff.  The hfa384x doesn't give us the FCS value but the
4031 * higher layers expect it.  0xffffffff is used as a flag to indicate
4032 * the FCS is bogus.
4033 *
4034 * Arguments:
4035 *       wlandev         wlan device structure
4036 *       rxfrm           rx descriptor read from card in int_rx
4037 *
4038 * Returns:
4039 *       nothing
4040 *
4041 * Side effects:
4042 *       Allocates an skb and passes it up via the PF_PACKET interface.
4043 * Call context:
4044 *       interrupt
4045 ----------------------------------------------------------------*/
4046 static void hfa384x_int_rxmonitor( wlandevice_t *wlandev, hfa384x_usb_rxfrm_t *rxfrm)
4047 {
4048         hfa384x_rx_frame_t              *rxdesc = &(rxfrm->desc);
4049         unsigned int                            hdrlen = 0;
4050         unsigned int                            datalen = 0;
4051         unsigned int                            skblen = 0;
4052         u8                              *datap;
4053         u16                             fc;
4054         struct sk_buff                  *skb;
4055         hfa384x_t                       *hw = wlandev->priv;
4056
4057
4058         DBFENTER;
4059         /* Don't forget the status, time, and data_len fields are in host order */
4060         /* Figure out how big the frame is */
4061         fc = ieee2host16(rxdesc->frame_control);
4062         hdrlen = p80211_headerlen(fc);
4063         datalen = hfa384x2host_16(rxdesc->data_len);
4064
4065         /* Allocate an ind message+framesize skb */
4066         skblen = sizeof(p80211_caphdr_t) +
4067                 hdrlen + datalen + WLAN_CRC_LEN;
4068
4069         /* sanity check the length */
4070         if ( skblen >
4071              (sizeof(p80211_caphdr_t) +
4072               WLAN_HDR_A4_LEN + WLAN_DATA_MAXLEN + WLAN_CRC_LEN) ) {
4073                 WLAN_LOG_DEBUG(1, "overlen frm: len=%zd\n",
4074                                skblen - sizeof(p80211_caphdr_t));
4075         }
4076
4077         if ( (skb = dev_alloc_skb(skblen)) == NULL ) {
4078                 WLAN_LOG_ERROR("alloc_skb failed trying to allocate %d bytes\n", skblen);
4079                 return;
4080         }
4081
4082         /* only prepend the prism header if in the right mode */
4083         if ((wlandev->netdev->type == ARPHRD_IEEE80211_PRISM) &&
4084             (hw->sniffhdr != 0)) {
4085                 p80211_caphdr_t         *caphdr;
4086                 /* The NEW header format! */
4087                 datap = skb_put(skb, sizeof(p80211_caphdr_t));
4088                 caphdr = (p80211_caphdr_t*) datap;
4089
4090                 caphdr->version =       htonl(P80211CAPTURE_VERSION);
4091                 caphdr->length =        htonl(sizeof(p80211_caphdr_t));
4092                 caphdr->mactime =       __cpu_to_be64(rxdesc->time) * 1000;
4093                 caphdr->hosttime =      __cpu_to_be64(jiffies);
4094                 caphdr->phytype =       htonl(4); /* dss_dot11_b */
4095                 caphdr->channel =       htonl(hw->sniff_channel);
4096                 caphdr->datarate =      htonl(rxdesc->rate);
4097                 caphdr->antenna =       htonl(0); /* unknown */
4098                 caphdr->priority =      htonl(0); /* unknown */
4099                 caphdr->ssi_type =      htonl(3); /* rssi_raw */
4100                 caphdr->ssi_signal =    htonl(rxdesc->signal);
4101                 caphdr->ssi_noise =     htonl(rxdesc->silence);
4102                 caphdr->preamble =      htonl(0); /* unknown */
4103                 caphdr->encoding =      htonl(1); /* cck */
4104         }
4105
4106         /* Copy the 802.11 header to the skb (ctl frames may be less than a full header) */
4107         datap = skb_put(skb, hdrlen);
4108         memcpy( datap, &(rxdesc->frame_control), hdrlen);
4109
4110         /* If any, copy the data from the card to the skb */
4111         if ( datalen > 0 )
4112         {
4113                 datap = skb_put(skb, datalen);
4114                 memcpy(datap, rxfrm->data, datalen);
4115
4116                 /* check for unencrypted stuff if WEP bit set. */
4117                 if (*(datap - hdrlen + 1) & 0x40) // wep set
4118                   if ((*(datap) == 0xaa) && (*(datap+1) == 0xaa))
4119                     *(datap - hdrlen + 1) &= 0xbf; // clear wep; it's the 802.2 header!
4120         }
4121
4122         if (hw->sniff_fcs) {
4123                 /* Set the FCS */
4124                 datap = skb_put(skb, WLAN_CRC_LEN);
4125                 memset( datap, 0xff, WLAN_CRC_LEN);
4126         }
4127
4128         /* pass it back up */
4129         prism2sta_ev_rx(wlandev, skb);
4130
4131         DBFEXIT;
4132         return;
4133 }
4134
4135
4136
4137 /*----------------------------------------------------------------
4138 * hfa384x_usbin_info
4139 *
4140 * At this point we have a successful received a Prism2 info frame.
4141 *
4142 * Arguments:
4143 *       wlandev         wlan device
4144 *       usbin           ptr to the usb transfer buffer
4145 *
4146 * Returns:
4147 *       nothing
4148 *
4149 * Side effects:
4150 *
4151 * Call context:
4152 *       interrupt
4153 ----------------------------------------------------------------*/
4154 static void hfa384x_usbin_info(wlandevice_t *wlandev, hfa384x_usbin_t *usbin)
4155 {
4156         DBFENTER;
4157
4158         usbin->infofrm.info.framelen = hfa384x2host_16(usbin->infofrm.info.framelen);
4159         prism2sta_ev_info(wlandev, &usbin->infofrm.info);
4160
4161         DBFEXIT;
4162 }
4163
4164
4165
4166 /*----------------------------------------------------------------
4167 * hfa384x_usbout_callback
4168 *
4169 * Callback for URBs on the BULKOUT endpoint.
4170 *
4171 * Arguments:
4172 *       urb             ptr to the completed urb
4173 *
4174 * Returns:
4175 *       nothing
4176 *
4177 * Side effects:
4178 *
4179 * Call context:
4180 *       interrupt
4181 ----------------------------------------------------------------*/
4182 static void hfa384x_usbout_callback(struct urb *urb)
4183 {
4184         wlandevice_t            *wlandev = urb->context;
4185         hfa384x_usbout_t        *usbout = urb->transfer_buffer;
4186         DBFENTER;
4187
4188 #ifdef DEBUG_USB
4189         dbprint_urb(urb);
4190 #endif
4191
4192         if ( wlandev &&
4193              wlandev->netdev ) {
4194
4195                 switch(urb->status) {
4196                 case 0:
4197                         hfa384x_usbout_tx(wlandev, usbout);
4198                         break;
4199
4200                 case -EPIPE:
4201                 {
4202                         hfa384x_t *hw = wlandev->priv;
4203                         WLAN_LOG_WARNING("%s tx pipe stalled: requesting reset\n",
4204                                          wlandev->netdev->name);
4205                         if ( !test_and_set_bit(WORK_TX_HALT, &hw->usb_flags) )
4206                                 schedule_work(&hw->usb_work);
4207                         ++(wlandev->linux_stats.tx_errors);
4208                         break;
4209                 }
4210
4211                 case -EPROTO:
4212                 case -ETIMEDOUT:
4213                 case -EILSEQ:
4214                 {
4215                         hfa384x_t *hw = wlandev->priv;
4216
4217                         if ( !test_and_set_bit(THROTTLE_TX, &hw->usb_flags)
4218                              && !timer_pending(&hw->throttle) ) {
4219                                 mod_timer(&hw->throttle,
4220                                           jiffies + THROTTLE_JIFFIES);
4221                         }
4222                         ++(wlandev->linux_stats.tx_errors);
4223                         netif_stop_queue(wlandev->netdev);
4224                         break;
4225                 }
4226
4227                 case -ENOENT:
4228                 case -ESHUTDOWN:
4229                         /* Ignorable errors */
4230                         break;
4231
4232                 default:
4233                         WLAN_LOG_INFO("unknown urb->status=%d\n", urb->status);
4234                         ++(wlandev->linux_stats.tx_errors);
4235                         break;
4236                 } /* switch */
4237         }
4238
4239         DBFEXIT;
4240 }
4241
4242
4243 /*----------------------------------------------------------------
4244 * hfa384x_ctlxout_callback
4245 *
4246 * Callback for control data on the BULKOUT endpoint.
4247 *
4248 * Arguments:
4249 *       urb             ptr to the completed urb
4250 *
4251 * Returns:
4252 * nothing
4253 *
4254 * Side effects:
4255 *
4256 * Call context:
4257 * interrupt
4258 ----------------------------------------------------------------*/
4259 static void hfa384x_ctlxout_callback(struct urb *urb)
4260 {
4261         hfa384x_t       *hw = urb->context;
4262         int             delete_resptimer = 0;
4263         int             timer_ok = 1;
4264         int             run_queue = 0;
4265         hfa384x_usbctlx_t       *ctlx;
4266         unsigned long   flags;
4267
4268         DBFENTER;
4269
4270         WLAN_LOG_DEBUG(3,"urb->status=%d\n", urb->status);
4271 #ifdef DEBUG_USB
4272         dbprint_urb(urb);
4273 #endif
4274         if ( (urb->status == -ESHUTDOWN) ||
4275              (urb->status == -ENODEV) ||
4276              (hw == NULL) )
4277                 goto done;
4278
4279 retry:
4280         spin_lock_irqsave(&hw->ctlxq.lock, flags);
4281
4282         /*
4283          * Only one CTLX at a time on the "active" list, and
4284          * none at all if we are unplugged. However, we can
4285          * rely on the disconnect function to clean everything
4286          * up if someone unplugged the adapter.
4287          */
4288         if ( list_empty(&hw->ctlxq.active) ) {
4289                 spin_unlock_irqrestore(&hw->ctlxq.lock, flags);
4290                 goto done;
4291         }
4292
4293         /*
4294          * Having something on the "active" queue means
4295          * that we have timers to worry about ...
4296          */
4297         if (del_timer(&hw->reqtimer) == 0) {
4298                 if (hw->req_timer_done == 0) {
4299                         /*
4300                          * This timer was actually running while we
4301                          * were trying to delete it. Let it terminate
4302                          * gracefully instead.
4303                          */
4304                         spin_unlock_irqrestore(&hw->ctlxq.lock, flags);
4305                         goto retry;
4306                 }
4307         }
4308         else {
4309                 hw->req_timer_done = 1;
4310         }
4311
4312         ctlx = get_active_ctlx(hw);
4313
4314         if ( urb->status == 0 ) {
4315                 /* Request portion of a CTLX is successful */
4316                 switch ( ctlx->state ) {
4317                 case CTLX_REQ_SUBMITTED:
4318                         /* This OUT-ACK received before IN */
4319                         ctlx->state = CTLX_REQ_COMPLETE;
4320                         break;
4321
4322                 case CTLX_RESP_COMPLETE:
4323                         /* IN already received before this OUT-ACK,
4324                          * so this command must now be complete.
4325                          */
4326                         ctlx->state = CTLX_COMPLETE;
4327                         unlocked_usbctlx_complete(hw, ctlx);
4328                         run_queue = 1;
4329                         break;
4330
4331                 default:
4332                         /* This is NOT a valid CTLX "success" state! */
4333                         WLAN_LOG_ERROR(
4334                             "Illegal CTLX[%d] success state(%s, %d) in OUT URB\n",
4335                             hfa384x2host_16(ctlx->outbuf.type),
4336                             ctlxstr(ctlx->state), urb->status);
4337                         break;
4338                 } /* switch */
4339         } else {
4340                 /* If the pipe has stalled then we need to reset it */
4341                 if ( (urb->status == -EPIPE) &&
4342                       !test_and_set_bit(WORK_TX_HALT, &hw->usb_flags) ) {
4343                         WLAN_LOG_WARNING("%s tx pipe stalled: requesting reset\n",
4344                                          hw->wlandev->netdev->name);
4345                         schedule_work(&hw->usb_work);
4346                 }
4347
4348                 /* If someone cancels the OUT URB then its status
4349                  * should be either -ECONNRESET or -ENOENT.
4350                  */
4351                 ctlx->state = CTLX_REQ_FAILED;
4352                 unlocked_usbctlx_complete(hw, ctlx);
4353                 delete_resptimer = 1;
4354                 run_queue = 1;
4355         }
4356
4357  delresp:
4358         if (delete_resptimer) {
4359                 if ((timer_ok = del_timer(&hw->resptimer)) != 0) {
4360                         hw->resp_timer_done = 1;
4361                 }
4362         }
4363
4364         spin_unlock_irqrestore(&hw->ctlxq.lock, flags);
4365
4366         if ( !timer_ok && (hw->resp_timer_done == 0) ) {
4367                 spin_lock_irqsave(&hw->ctlxq.lock, flags);
4368                 goto delresp;
4369         }
4370
4371         if (run_queue)
4372                 hfa384x_usbctlxq_run(hw);
4373
4374  done:
4375         DBFEXIT;
4376 }
4377
4378
4379 /*----------------------------------------------------------------
4380 * hfa384x_usbctlx_reqtimerfn
4381 *
4382 * Timer response function for CTLX request timeouts.  If this
4383 * function is called, it means that the callback for the OUT
4384 * URB containing a Prism2.x XXX_Request was never called.
4385 *
4386 * Arguments:
4387 *       data            a ptr to the hfa384x_t
4388 *
4389 * Returns:
4390 *       nothing
4391 *
4392 * Side effects:
4393 *
4394 * Call context:
4395 *       interrupt
4396 ----------------------------------------------------------------*/
4397 static void
4398 hfa384x_usbctlx_reqtimerfn(unsigned long data)
4399 {
4400         hfa384x_t       *hw = (hfa384x_t*)data;
4401         unsigned long   flags;
4402         DBFENTER;
4403
4404         spin_lock_irqsave(&hw->ctlxq.lock, flags);
4405
4406         hw->req_timer_done = 1;
4407
4408         /* Removing the hardware automatically empties
4409          * the active list ...
4410          */
4411         if ( !list_empty(&hw->ctlxq.active) )
4412         {
4413                 /*
4414                  * We must ensure that our URB is removed from
4415                  * the system, if it hasn't already expired.
4416                  */
4417                 hw->ctlx_urb.transfer_flags |= URB_ASYNC_UNLINK;
4418                 if (usb_unlink_urb(&hw->ctlx_urb) == -EINPROGRESS)
4419                 {
4420                         hfa384x_usbctlx_t *ctlx = get_active_ctlx(hw);
4421
4422                         ctlx->state = CTLX_REQ_FAILED;
4423
4424                         /* This URB was active, but has now been
4425                          * cancelled. It will now have a status of
4426                          * -ECONNRESET in the callback function.
4427                          *
4428                          * We are cancelling this CTLX, so we're
4429                          * not going to need to wait for a response.
4430                          * The URB's callback function will check
4431                          * that this timer is truly dead.
4432                          */
4433                         if (del_timer(&hw->resptimer) != 0)
4434                                 hw->resp_timer_done = 1;
4435                 }
4436         }
4437
4438         spin_unlock_irqrestore(&hw->ctlxq.lock, flags);
4439
4440         DBFEXIT;
4441 }
4442
4443
4444 /*----------------------------------------------------------------
4445 * hfa384x_usbctlx_resptimerfn
4446 *
4447 * Timer response function for CTLX response timeouts.  If this
4448 * function is called, it means that the callback for the IN
4449 * URB containing a Prism2.x XXX_Response was never called.
4450 *
4451 * Arguments:
4452 *       data            a ptr to the hfa384x_t
4453 *
4454 * Returns:
4455 *       nothing
4456 *
4457 * Side effects:
4458 *
4459 * Call context:
4460 *       interrupt
4461 ----------------------------------------------------------------*/
4462 static void
4463 hfa384x_usbctlx_resptimerfn(unsigned long data)
4464 {
4465         hfa384x_t *hw = (hfa384x_t*)data;
4466         unsigned long   flags;
4467
4468         DBFENTER;
4469
4470         spin_lock_irqsave(&hw->ctlxq.lock, flags);
4471
4472         hw->resp_timer_done = 1;
4473
4474         /* The active list will be empty if the
4475          * adapter has been unplugged ...
4476          */
4477         if ( !list_empty(&hw->ctlxq.active) )
4478         {
4479                 hfa384x_usbctlx_t *ctlx = get_active_ctlx(hw);
4480
4481                 if ( unlocked_usbctlx_cancel_async(hw, ctlx) == 0 )
4482                 {
4483                         spin_unlock_irqrestore(&hw->ctlxq.lock, flags);
4484                         hfa384x_usbctlxq_run(hw);
4485                         goto done;
4486                 }
4487         }
4488
4489         spin_unlock_irqrestore(&hw->ctlxq.lock, flags);
4490
4491  done:
4492         DBFEXIT;
4493 }
4494
4495 /*----------------------------------------------------------------
4496 * hfa384x_usb_throttlefn
4497 *
4498 *
4499 * Arguments:
4500 *       data    ptr to hw
4501 *
4502 * Returns:
4503 *       Nothing
4504 *
4505 * Side effects:
4506 *
4507 * Call context:
4508 *       Interrupt
4509 ----------------------------------------------------------------*/
4510 static void
4511 hfa384x_usb_throttlefn(unsigned long data)
4512 {
4513         hfa384x_t *hw = (hfa384x_t*)data;
4514         unsigned long   flags;
4515
4516         DBFENTER;
4517
4518         spin_lock_irqsave(&hw->ctlxq.lock, flags);
4519
4520         /*
4521          * We need to check BOTH the RX and the TX throttle controls,
4522          * so we use the bitwise OR instead of the logical OR.
4523          */
4524         WLAN_LOG_DEBUG(3, "flags=0x%lx\n", hw->usb_flags);
4525         if ( !hw->wlandev->hwremoved &&
4526              (
4527                (test_and_clear_bit(THROTTLE_RX, &hw->usb_flags) &&
4528                !test_and_set_bit(WORK_RX_RESUME, &hw->usb_flags))
4529                |
4530                (test_and_clear_bit(THROTTLE_TX, &hw->usb_flags) &&
4531                 !test_and_set_bit(WORK_TX_RESUME, &hw->usb_flags))
4532              ) )
4533         {
4534                 schedule_work(&hw->usb_work);
4535         }
4536
4537         spin_unlock_irqrestore(&hw->ctlxq.lock, flags);
4538
4539         DBFEXIT;
4540 }
4541
4542
4543 /*----------------------------------------------------------------
4544 * hfa384x_usbctlx_submit
4545 *
4546 * Called from the doxxx functions to submit a CTLX to the queue
4547 *
4548 * Arguments:
4549 *       hw              ptr to the hw struct
4550 *       ctlx            ctlx structure to enqueue
4551 *
4552 * Returns:
4553 *       -ENODEV if the adapter is unplugged
4554 *       0
4555 *
4556 * Side effects:
4557 *
4558 * Call context:
4559 *       process or interrupt
4560 ----------------------------------------------------------------*/
4561 static int
4562 hfa384x_usbctlx_submit(
4563         hfa384x_t               *hw,
4564         hfa384x_usbctlx_t       *ctlx)
4565 {
4566         unsigned long flags;
4567         int ret;
4568
4569         DBFENTER;
4570
4571         spin_lock_irqsave(&hw->ctlxq.lock, flags);
4572
4573         if (hw->wlandev->hwremoved) {
4574                 spin_unlock_irqrestore(&hw->ctlxq.lock, flags);
4575                 ret = -ENODEV;
4576         } else {
4577                 ctlx->state = CTLX_PENDING;
4578                 list_add_tail(&ctlx->list, &hw->ctlxq.pending);
4579
4580                 spin_unlock_irqrestore(&hw->ctlxq.lock, flags);
4581                 hfa384x_usbctlxq_run(hw);
4582                 ret = 0;
4583         }
4584
4585         DBFEXIT;
4586         return ret;
4587 }
4588
4589
4590 /*----------------------------------------------------------------
4591 * hfa384x_usbout_tx
4592 *
4593 * At this point we have finished a send of a frame.  Mark the URB
4594 * as available and call ev_alloc to notify higher layers we're
4595 * ready for more.
4596 *
4597 * Arguments:
4598 *       wlandev         wlan device
4599 *       usbout          ptr to the usb transfer buffer
4600 *
4601 * Returns:
4602 *       nothing
4603 *
4604 * Side effects:
4605 *
4606 * Call context:
4607 *       interrupt
4608 ----------------------------------------------------------------*/
4609 static void hfa384x_usbout_tx(wlandevice_t *wlandev, hfa384x_usbout_t *usbout)
4610 {
4611         DBFENTER;
4612
4613         prism2sta_ev_alloc(wlandev);
4614
4615         DBFEXIT;
4616 }
4617
4618 /*----------------------------------------------------------------
4619 * hfa384x_isgood_pdrcore
4620 *
4621 * Quick check of PDR codes.
4622 *
4623 * Arguments:
4624 *       pdrcode         PDR code number (host order)
4625 *
4626 * Returns:
4627 *       zero            not good.
4628 *       one             is good.
4629 *
4630 * Side effects:
4631 *
4632 * Call context:
4633 ----------------------------------------------------------------*/
4634 static int
4635 hfa384x_isgood_pdrcode(u16 pdrcode)
4636 {
4637         switch(pdrcode) {
4638         case HFA384x_PDR_END_OF_PDA:
4639         case HFA384x_PDR_PCB_PARTNUM:
4640         case HFA384x_PDR_PDAVER:
4641         case HFA384x_PDR_NIC_SERIAL:
4642         case HFA384x_PDR_MKK_MEASUREMENTS:
4643         case HFA384x_PDR_NIC_RAMSIZE:
4644         case HFA384x_PDR_MFISUPRANGE:
4645         case HFA384x_PDR_CFISUPRANGE:
4646         case HFA384x_PDR_NICID:
4647         case HFA384x_PDR_MAC_ADDRESS:
4648         case HFA384x_PDR_REGDOMAIN:
4649         case HFA384x_PDR_ALLOWED_CHANNEL:
4650         case HFA384x_PDR_DEFAULT_CHANNEL:
4651         case HFA384x_PDR_TEMPTYPE:
4652         case HFA384x_PDR_IFR_SETTING:
4653         case HFA384x_PDR_RFR_SETTING:
4654         case HFA384x_PDR_HFA3861_BASELINE:
4655         case HFA384x_PDR_HFA3861_SHADOW:
4656         case HFA384x_PDR_HFA3861_IFRF:
4657         case HFA384x_PDR_HFA3861_CHCALSP:
4658         case HFA384x_PDR_HFA3861_CHCALI:
4659         case HFA384x_PDR_3842_NIC_CONFIG:
4660         case HFA384x_PDR_USB_ID:
4661         case HFA384x_PDR_PCI_ID:
4662         case HFA384x_PDR_PCI_IFCONF:
4663         case HFA384x_PDR_PCI_PMCONF:
4664         case HFA384x_PDR_RFENRGY:
4665         case HFA384x_PDR_HFA3861_MANF_TESTSP:
4666         case HFA384x_PDR_HFA3861_MANF_TESTI:
4667                 /* code is OK */
4668                 return 1;
4669                 break;
4670         default:
4671                 if ( pdrcode < 0x1000 ) {
4672                         /* code is OK, but we don't know exactly what it is */
4673                         WLAN_LOG_DEBUG(3,
4674                                 "Encountered unknown PDR#=0x%04x, "
4675                                 "assuming it's ok.\n",
4676                                 pdrcode);
4677                         return 1;
4678                 } else {
4679                         /* bad code */
4680                         WLAN_LOG_DEBUG(3,
4681                                 "Encountered unknown PDR#=0x%04x, "
4682                                 "(>=0x1000), assuming it's bad.\n",
4683                                 pdrcode);
4684                         return 0;
4685                 }
4686                 break;
4687         }
4688         return 0; /* avoid compiler warnings */
4689 }
4690