2 * Intel Wireless WiMAX Connection 2400m
3 * Miscellaneous control functions for managing the device
6 * Copyright (C) 2007-2008 Intel Corporation. All rights reserved.
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions
12 * * Redistributions of source code must retain the above copyright
13 * notice, this list of conditions and the following disclaimer.
14 * * Redistributions in binary form must reproduce the above copyright
15 * notice, this list of conditions and the following disclaimer in
16 * the documentation and/or other materials provided with the
18 * * Neither the name of Intel Corporation nor the names of its
19 * contributors may be used to endorse or promote products derived
20 * from this software without specific prior written permission.
22 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
23 * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
24 * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
25 * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
26 * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
27 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
28 * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
29 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
30 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
31 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
32 * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
35 * Intel Corporation <linux-wimax@intel.com>
36 * Inaky Perez-Gonzalez <inaky.perez-gonzalez@intel.com>
37 * - Initial implementation
39 * This is a collection of functions used to control the device (plus
42 * There are utilities for handling TLV buffers, hooks on the device's
43 * reports to act on device changes of state [i2400m_report_hook()],
44 * on acks to commands [i2400m_msg_ack_hook()], a helper for sending
45 * commands to the device and blocking until a reply arrives
46 * [i2400m_msg_to_dev()], a few high level commands for manipulating
47 * the device state, powersving mode and configuration plus the
48 * routines to setup the device once communication is stablished with
49 * it [i2400m_dev_initialize()].
53 * i2400m_dev_initalize() Called by i2400m_dev_start()
54 * i2400m_set_init_config()
55 * i2400m_cmd_get_state()
56 * i2400m_dev_shutdown() Called by i2400m_dev_stop()
59 * i2400m_{cmd,get,set}_*()
61 * i2400m_msg_check_status()
63 * i2400m_report_hook() Called on reception of an event
64 * i2400m_report_state_hook()
65 * i2400m_tlv_buffer_walk()
67 * i2400m_report_tlv_system_state()
68 * i2400m_report_tlv_rf_switches_status()
69 * i2400m_report_tlv_media_status()
70 * i2400m_cmd_enter_powersave()
72 * i2400m_msg_ack_hook() Called on reception of a reply to a
78 #include <linux/kernel.h>
79 #include <linux/wimax/i2400m.h>
82 #define D_SUBMODULE control
83 #include "debug-levels.h"
85 int i2400m_passive_mode; /* 0 (passive mode disabled) by default */
86 module_param_named(passive_mode, i2400m_passive_mode, int, 0644);
87 MODULE_PARM_DESC(passive_mode,
88 "If true, the driver will not do any device setup "
89 "and leave it up to user space, who must be properly "
94 * Return if a TLV is of a give type and size
96 * @tlv_hdr: pointer to the TLV
97 * @tlv_type: type of the TLV we are looking for
98 * @tlv_size: expected size of the TLV we are looking for (if -1,
99 * don't check the size). This includes the header
100 * Returns: 0 if the TLV matches
101 * < 0 if it doesn't match at all
102 * > 0 total TLV + payload size, if the type matches, but not
106 ssize_t i2400m_tlv_match(const struct i2400m_tlv_hdr *tlv,
107 enum i2400m_tlv tlv_type, ssize_t tlv_size)
109 if (le16_to_cpu(tlv->type) != tlv_type) /* Not our type? skip */
112 && le16_to_cpu(tlv->length) + sizeof(*tlv) != tlv_size) {
113 size_t size = le16_to_cpu(tlv->length) + sizeof(*tlv);
114 printk(KERN_WARNING "W: tlv type 0x%x mismatched because of "
115 "size (got %zu vs %zu expected)\n",
116 tlv_type, size, tlv_size);
124 * Given a buffer of TLVs, iterate over them
126 * @i2400m: device instance
127 * @tlv_buf: pointer to the beginning of the TLV buffer
128 * @buf_size: buffer size in bytes
129 * @tlv_pos: seek position; this is assumed to be a pointer returned
130 * by i2400m_tlv_buffer_walk() [and thus, validated]. The
131 * TLV returned will be the one following this one.
136 * while (tlv_itr = i2400m_tlv_buffer_walk(i2400m, buf, size, tlv_itr)) {
138 * // Do stuff with tlv_itr, DON'T MODIFY IT
143 const struct i2400m_tlv_hdr *i2400m_tlv_buffer_walk(
144 struct i2400m *i2400m,
145 const void *tlv_buf, size_t buf_size,
146 const struct i2400m_tlv_hdr *tlv_pos)
148 struct device *dev = i2400m_dev(i2400m);
149 const struct i2400m_tlv_hdr *tlv_top = tlv_buf + buf_size;
150 size_t offset, length, avail_size;
153 if (tlv_pos == NULL) /* Take the first one? */
155 else /* Nope, the next one */
156 tlv_pos = (void *) tlv_pos
157 + le16_to_cpu(tlv_pos->length) + sizeof(*tlv_pos);
158 if (tlv_pos == tlv_top) { /* buffer done */
160 goto error_beyond_end;
162 if (tlv_pos > tlv_top) {
165 goto error_beyond_end;
167 offset = (void *) tlv_pos - (void *) tlv_buf;
168 avail_size = buf_size - offset;
169 if (avail_size < sizeof(*tlv_pos)) {
170 dev_err(dev, "HW BUG? tlv_buf %p [%zu bytes], tlv @%zu: "
171 "short header\n", tlv_buf, buf_size, offset);
172 goto error_short_header;
174 type = le16_to_cpu(tlv_pos->type);
175 length = le16_to_cpu(tlv_pos->length);
176 if (avail_size < sizeof(*tlv_pos) + length) {
177 dev_err(dev, "HW BUG? tlv_buf %p [%zu bytes], "
178 "tlv type 0x%04x @%zu: "
179 "short data (%zu bytes vs %zu needed)\n",
180 tlv_buf, buf_size, type, offset, avail_size,
181 sizeof(*tlv_pos) + length);
182 goto error_short_header;
191 * Find a TLV in a buffer of sequential TLVs
193 * @i2400m: device descriptor
194 * @tlv_hdr: pointer to the first TLV in the sequence
195 * @size: size of the buffer in bytes; all TLVs are assumed to fit
196 * fully in the buffer (otherwise we'll complain).
197 * @tlv_type: type of the TLV we are looking for
198 * @tlv_size: expected size of the TLV we are looking for (if -1,
199 * don't check the size). This includes the header
201 * Returns: NULL if the TLV is not found, otherwise a pointer to
202 * it. If the sizes don't match, an error is printed and NULL
206 const struct i2400m_tlv_hdr *i2400m_tlv_find(
207 struct i2400m *i2400m,
208 const struct i2400m_tlv_hdr *tlv_hdr, size_t size,
209 enum i2400m_tlv tlv_type, ssize_t tlv_size)
212 struct device *dev = i2400m_dev(i2400m);
213 const struct i2400m_tlv_hdr *tlv = NULL;
214 while ((tlv = i2400m_tlv_buffer_walk(i2400m, tlv_hdr, size, tlv))) {
215 match = i2400m_tlv_match(tlv, tlv_type, tlv_size);
216 if (match == 0) /* found it :) */
219 dev_warn(dev, "TLV type 0x%04x found with size "
220 "mismatch (%zu vs %zu needed)\n",
221 tlv_type, match, tlv_size);
231 } ms_to_errno[I2400M_MS_MAX] = {
232 [I2400M_MS_DONE_OK] = { "", 0 },
233 [I2400M_MS_DONE_IN_PROGRESS] = { "", 0 },
234 [I2400M_MS_INVALID_OP] = { "invalid opcode", -ENOSYS },
235 [I2400M_MS_BAD_STATE] = { "invalid state", -EILSEQ },
236 [I2400M_MS_ILLEGAL_VALUE] = { "illegal value", -EINVAL },
237 [I2400M_MS_MISSING_PARAMS] = { "missing parameters", -ENOMSG },
238 [I2400M_MS_VERSION_ERROR] = { "bad version", -EIO },
239 [I2400M_MS_ACCESSIBILITY_ERROR] = { "accesibility error", -EIO },
240 [I2400M_MS_BUSY] = { "busy", -EBUSY },
241 [I2400M_MS_CORRUPTED_TLV] = { "corrupted TLV", -EILSEQ },
242 [I2400M_MS_UNINITIALIZED] = { "not unitialized", -EILSEQ },
243 [I2400M_MS_UNKNOWN_ERROR] = { "unknown error", -EIO },
244 [I2400M_MS_PRODUCTION_ERROR] = { "production error", -EIO },
245 [I2400M_MS_NO_RF] = { "no RF", -EIO },
246 [I2400M_MS_NOT_READY_FOR_POWERSAVE] =
247 { "not ready for powersave", -EACCES },
248 [I2400M_MS_THERMAL_CRITICAL] = { "thermal critical", -EL3HLT },
253 * i2400m_msg_check_status - translate a message's status code
255 * @i2400m: device descriptor
256 * @l3l4_hdr: message header
257 * @strbuf: buffer to place a formatted error message (unless NULL).
258 * @strbuf_size: max amount of available space; larger messages will
261 * Returns: errno code corresponding to the status code in @l3l4_hdr
262 * and a message in @strbuf describing the error.
264 int i2400m_msg_check_status(const struct i2400m_l3l4_hdr *l3l4_hdr,
265 char *strbuf, size_t strbuf_size)
268 enum i2400m_ms status = le16_to_cpu(l3l4_hdr->status);
273 if (status >= ARRAY_SIZE(ms_to_errno)) {
274 str = "unknown status code";
277 str = ms_to_errno[status].msg;
278 result = ms_to_errno[status].errno;
281 snprintf(strbuf, strbuf_size, "%s (%d)", str, status);
287 * Act on a TLV System State reported by the device
289 * @i2400m: device descriptor
290 * @ss: validated System State TLV
293 void i2400m_report_tlv_system_state(struct i2400m *i2400m,
294 const struct i2400m_tlv_system_state *ss)
296 struct device *dev = i2400m_dev(i2400m);
297 struct wimax_dev *wimax_dev = &i2400m->wimax_dev;
298 enum i2400m_system_state i2400m_state = le32_to_cpu(ss->state);
300 d_fnstart(3, dev, "(i2400m %p ss %p [%u])\n", i2400m, ss, i2400m_state);
302 if (i2400m->state != i2400m_state) {
303 i2400m->state = i2400m_state;
304 wake_up_all(&i2400m->state_wq);
306 switch (i2400m_state) {
307 case I2400M_SS_UNINITIALIZED:
309 case I2400M_SS_CONFIG:
310 case I2400M_SS_PRODUCTION:
311 wimax_state_change(wimax_dev, WIMAX_ST_UNINITIALIZED);
314 case I2400M_SS_RF_OFF:
315 case I2400M_SS_RF_SHUTDOWN:
316 wimax_state_change(wimax_dev, WIMAX_ST_RADIO_OFF);
319 case I2400M_SS_READY:
320 case I2400M_SS_STANDBY:
321 case I2400M_SS_SLEEPACTIVE:
322 wimax_state_change(wimax_dev, WIMAX_ST_READY);
325 case I2400M_SS_CONNECTING:
326 case I2400M_SS_WIMAX_CONNECTED:
327 wimax_state_change(wimax_dev, WIMAX_ST_READY);
331 case I2400M_SS_OUT_OF_ZONE:
332 wimax_state_change(wimax_dev, WIMAX_ST_SCANNING);
336 d_printf(1, dev, "entering BS-negotiated idle mode\n");
337 case I2400M_SS_DISCONNECTING:
338 case I2400M_SS_DATA_PATH_CONNECTED:
339 wimax_state_change(wimax_dev, WIMAX_ST_CONNECTED);
343 /* Huh? just in case, shut it down */
344 dev_err(dev, "HW BUG? unknown state %u: shutting down\n",
346 i2400m_reset(i2400m, I2400M_RT_WARM);
349 d_fnend(3, dev, "(i2400m %p ss %p [%u]) = void\n",
350 i2400m, ss, i2400m_state);
355 * Parse and act on a TLV Media Status sent by the device
357 * @i2400m: device descriptor
358 * @ms: validated Media Status TLV
360 * This will set the carrier up on down based on the device's link
361 * report. This is done asides of what the WiMAX stack does based on
362 * the device's state as sometimes we need to do a link-renew (the BS
363 * wants us to renew a DHCP lease, for example).
365 * In fact, doc says that everytime we get a link-up, we should do a
366 * DHCP negotiation...
369 void i2400m_report_tlv_media_status(struct i2400m *i2400m,
370 const struct i2400m_tlv_media_status *ms)
372 struct device *dev = i2400m_dev(i2400m);
373 struct wimax_dev *wimax_dev = &i2400m->wimax_dev;
374 struct net_device *net_dev = wimax_dev->net_dev;
375 enum i2400m_media_status status = le32_to_cpu(ms->media_status);
377 d_fnstart(3, dev, "(i2400m %p ms %p [%u])\n", i2400m, ms, status);
380 case I2400M_MEDIA_STATUS_LINK_UP:
381 netif_carrier_on(net_dev);
383 case I2400M_MEDIA_STATUS_LINK_DOWN:
384 netif_carrier_off(net_dev);
387 * This is the network telling us we need to retrain the DHCP
388 * lease -- so far, we are trusting the WiMAX Network Service
389 * in user space to pick this up and poke the DHCP client.
391 case I2400M_MEDIA_STATUS_LINK_RENEW:
392 netif_carrier_on(net_dev);
395 dev_err(dev, "HW BUG? unknown media status %u\n",
398 d_fnend(3, dev, "(i2400m %p ms %p [%u]) = void\n",
404 * Process a TLV from a 'state report'
406 * @i2400m: device descriptor
407 * @tlv: pointer to the TLV header; it has been already validated for
409 * @tag: for error messages
411 * Act on the TLVs from a 'state report'.
414 void i2400m_report_state_parse_tlv(struct i2400m *i2400m,
415 const struct i2400m_tlv_hdr *tlv,
418 struct device *dev = i2400m_dev(i2400m);
419 const struct i2400m_tlv_media_status *ms;
420 const struct i2400m_tlv_system_state *ss;
421 const struct i2400m_tlv_rf_switches_status *rfss;
423 if (0 == i2400m_tlv_match(tlv, I2400M_TLV_SYSTEM_STATE, sizeof(*ss))) {
424 ss = container_of(tlv, typeof(*ss), hdr);
425 d_printf(2, dev, "%s: system state TLV "
426 "found (0x%04x), state 0x%08x\n",
427 tag, I2400M_TLV_SYSTEM_STATE,
428 le32_to_cpu(ss->state));
429 i2400m_report_tlv_system_state(i2400m, ss);
431 if (0 == i2400m_tlv_match(tlv, I2400M_TLV_RF_STATUS, sizeof(*rfss))) {
432 rfss = container_of(tlv, typeof(*rfss), hdr);
433 d_printf(2, dev, "%s: RF status TLV "
434 "found (0x%04x), sw 0x%02x hw 0x%02x\n",
435 tag, I2400M_TLV_RF_STATUS,
436 le32_to_cpu(rfss->sw_rf_switch),
437 le32_to_cpu(rfss->hw_rf_switch));
438 i2400m_report_tlv_rf_switches_status(i2400m, rfss);
440 if (0 == i2400m_tlv_match(tlv, I2400M_TLV_MEDIA_STATUS, sizeof(*ms))) {
441 ms = container_of(tlv, typeof(*ms), hdr);
442 d_printf(2, dev, "%s: Media Status TLV: %u\n",
443 tag, le32_to_cpu(ms->media_status));
444 i2400m_report_tlv_media_status(i2400m, ms);
450 * Parse a 'state report' and extract information
452 * @i2400m: device descriptor
453 * @l3l4_hdr: pointer to message; it has been already validated for
455 * @size: size of the message (header + payload). The header length
456 * declaration is assumed to be congruent with @size (as in
457 * sizeof(*l3l4_hdr) + l3l4_hdr->length == size)
459 * Walk over the TLVs in a report state and act on them.
462 void i2400m_report_state_hook(struct i2400m *i2400m,
463 const struct i2400m_l3l4_hdr *l3l4_hdr,
464 size_t size, const char *tag)
466 struct device *dev = i2400m_dev(i2400m);
467 const struct i2400m_tlv_hdr *tlv;
468 size_t tlv_size = le16_to_cpu(l3l4_hdr->length);
470 d_fnstart(4, dev, "(i2400m %p, l3l4_hdr %p, size %zu, %s)\n",
471 i2400m, l3l4_hdr, size, tag);
474 while ((tlv = i2400m_tlv_buffer_walk(i2400m, &l3l4_hdr->pl,
476 i2400m_report_state_parse_tlv(i2400m, tlv, tag);
477 d_fnend(4, dev, "(i2400m %p, l3l4_hdr %p, size %zu, %s) = void\n",
478 i2400m, l3l4_hdr, size, tag);
483 * i2400m_report_hook - (maybe) act on a report
485 * @i2400m: device descriptor
486 * @l3l4_hdr: pointer to message; it has been already validated for
488 * @size: size of the message (header + payload). The header length
489 * declaration is assumed to be congruent with @size (as in
490 * sizeof(*l3l4_hdr) + l3l4_hdr->length == size)
492 * Extract information we might need (like carrien on/off) from a
495 void i2400m_report_hook(struct i2400m *i2400m,
496 const struct i2400m_l3l4_hdr *l3l4_hdr, size_t size)
498 struct device *dev = i2400m_dev(i2400m);
501 d_fnstart(3, dev, "(i2400m %p l3l4_hdr %p size %zu)\n",
502 i2400m, l3l4_hdr, size);
503 /* Chew on the message, we might need some information from
505 msg_type = le16_to_cpu(l3l4_hdr->type);
507 case I2400M_MT_REPORT_STATE: /* carrier detection... */
508 i2400m_report_state_hook(i2400m,
509 l3l4_hdr, size, "REPORT STATE");
511 /* If the device is ready for power save, then ask it to do
513 case I2400M_MT_REPORT_POWERSAVE_READY: /* zzzzz */
514 if (l3l4_hdr->status == cpu_to_le16(I2400M_MS_DONE_OK)) {
515 if (i2400m_power_save_disabled)
516 d_printf(1, dev, "ready for powersave, "
517 "not requesting (disabled by module "
520 d_printf(1, dev, "ready for powersave, "
522 i2400m_cmd_enter_powersave(i2400m);
527 d_fnend(3, dev, "(i2400m %p l3l4_hdr %p size %zu) = void\n",
528 i2400m, l3l4_hdr, size);
533 * i2400m_msg_ack_hook - process cmd/set/get ack for internal status
535 * @i2400m: device descriptor
536 * @l3l4_hdr: pointer to message; it has been already validated for
538 * @size: size of the message
540 * Extract information we might need from acks to commands and act on
541 * it. This is akin to i2400m_report_hook(). Note most of this
542 * processing should be done in the function that calls the
543 * command. This is here for some cases where it can't happen...
545 void i2400m_msg_ack_hook(struct i2400m *i2400m,
546 const struct i2400m_l3l4_hdr *l3l4_hdr, size_t size)
549 struct device *dev = i2400m_dev(i2400m);
550 unsigned ack_type, ack_status;
553 /* Chew on the message, we might need some information from
555 ack_type = le16_to_cpu(l3l4_hdr->type);
556 ack_status = le16_to_cpu(l3l4_hdr->status);
558 case I2400M_MT_CMD_ENTER_POWERSAVE:
559 /* This is just left here for the sake of example, as
560 * the processing is done somewhere else. */
562 result = i2400m_msg_check_status(
563 l3l4_hdr, strerr, sizeof(strerr));
565 d_printf(1, dev, "ready for power save: %zd\n",
575 * i2400m_msg_size_check() - verify message size and header are congruent
577 * It is ok if the total message size is larger than the expected
578 * size, as there can be padding.
580 int i2400m_msg_size_check(struct i2400m *i2400m,
581 const struct i2400m_l3l4_hdr *l3l4_hdr,
585 struct device *dev = i2400m_dev(i2400m);
586 size_t expected_size;
587 d_fnstart(4, dev, "(i2400m %p l3l4_hdr %p msg_size %zu)\n",
588 i2400m, l3l4_hdr, msg_size);
589 if (msg_size < sizeof(*l3l4_hdr)) {
590 dev_err(dev, "bad size for message header "
591 "(expected at least %zu, got %zu)\n",
592 (size_t) sizeof(*l3l4_hdr), msg_size);
596 expected_size = le16_to_cpu(l3l4_hdr->length) + sizeof(*l3l4_hdr);
597 if (msg_size < expected_size) {
598 dev_err(dev, "bad size for message code 0x%04x (expected %zu, "
599 "got %zu)\n", le16_to_cpu(l3l4_hdr->type),
600 expected_size, msg_size);
606 "(i2400m %p l3l4_hdr %p msg_size %zu) = %d\n",
607 i2400m, l3l4_hdr, msg_size, result);
614 * Cancel a wait for a command ACK
616 * @i2400m: device descriptor
617 * @code: [negative] errno code to cancel with (don't use
620 * If there is an ack already filled out, free it.
622 void i2400m_msg_to_dev_cancel_wait(struct i2400m *i2400m, int code)
624 struct sk_buff *ack_skb;
627 spin_lock_irqsave(&i2400m->rx_lock, flags);
628 ack_skb = i2400m->ack_skb;
629 if (ack_skb && !IS_ERR(ack_skb))
631 i2400m->ack_skb = ERR_PTR(code);
632 spin_unlock_irqrestore(&i2400m->rx_lock, flags);
637 * i2400m_msg_to_dev - Send a control message to the device and get a response
639 * @i2400m: device descriptor
643 * @buf: pointer to the buffer containing the message to be sent; it
644 * has to start with a &struct i2400M_l3l4_hdr and then
645 * followed by the payload. Once this function returns, the
646 * buffer can be reused.
648 * @buf_len: buffer size
652 * Pointer to skb containing the ack message. You need to check the
653 * pointer with IS_ERR(), as it might be an error code. Error codes
654 * could happen because:
656 * - the message wasn't formatted correctly
657 * - couldn't send the message
658 * - failed waiting for a response
659 * - the ack message wasn't formatted correctly
661 * The returned skb has been allocated with wimax_msg_to_user_alloc(),
662 * it contains the reponse in a netlink attribute and is ready to be
663 * passed up to user space with wimax_msg_to_user_send(). To access
664 * the payload and its length, use wimax_msg_{data,len}() on the skb.
666 * The skb has to be freed with kfree_skb() once done.
670 * This function delivers a message/command to the device and waits
671 * for an ack to be received. The format is described in
672 * linux/wimax/i2400m.h. In summary, a command/get/set is followed by an
675 * This function will not check the ack status, that's left up to the
676 * caller. Once done with the ack skb, it has to be kfree_skb()ed.
678 * The i2400m handles only one message at the same time, thus we need
679 * the mutex to exclude other players.
681 * We write the message and then wait for an answer to come back. The
682 * RX path intercepts control messages and handles them in
683 * i2400m_rx_ctl(). Reports (notifications) are (maybe) processed
684 * locally and then forwarded (as needed) to user space on the WiMAX
685 * stack message pipe. Acks are saved and passed back to us through an
686 * skb in i2400m->ack_skb which is ready to be given to generic
687 * netlink if need be.
689 struct sk_buff *i2400m_msg_to_dev(struct i2400m *i2400m,
690 const void *buf, size_t buf_len)
693 struct device *dev = i2400m_dev(i2400m);
694 const struct i2400m_l3l4_hdr *msg_l3l4_hdr;
695 struct sk_buff *ack_skb;
696 const struct i2400m_l3l4_hdr *ack_l3l4_hdr;
702 d_fnstart(3, dev, "(i2400m %p buf %p len %zu)\n",
703 i2400m, buf, buf_len);
705 rmb(); /* Make sure we see what i2400m_dev_reset_handle() */
706 if (i2400m->boot_mode)
707 return ERR_PTR(-EL3RST);
710 /* Check msg & payload consistency */
711 result = i2400m_msg_size_check(i2400m, msg_l3l4_hdr, buf_len);
714 msg_type = le16_to_cpu(msg_l3l4_hdr->type);
715 d_printf(1, dev, "CMD/GET/SET 0x%04x %zu bytes\n",
717 d_dump(2, dev, buf, buf_len);
719 /* Setup the completion, ack_skb ("we are waiting") and send
720 * the message to the device */
721 mutex_lock(&i2400m->msg_mutex);
722 spin_lock_irqsave(&i2400m->rx_lock, flags);
723 i2400m->ack_skb = ERR_PTR(-EINPROGRESS);
724 spin_unlock_irqrestore(&i2400m->rx_lock, flags);
725 init_completion(&i2400m->msg_completion);
726 result = i2400m_tx(i2400m, buf, buf_len, I2400M_PT_CTRL);
728 dev_err(dev, "can't send message 0x%04x: %d\n",
729 le16_to_cpu(msg_l3l4_hdr->type), result);
733 /* Some commands take longer to execute because of crypto ops,
734 * so we give them some more leeway on timeout */
736 case I2400M_MT_GET_TLS_OPERATION_RESULT:
737 case I2400M_MT_CMD_SEND_EAP_RESPONSE:
738 ack_timeout = 5 * HZ;
744 if (unlikely(i2400m->trace_msg_from_user))
745 wimax_msg(&i2400m->wimax_dev, "echo", buf, buf_len, GFP_KERNEL);
746 /* The RX path in rx.c will put any response for this message
747 * in i2400m->ack_skb and wake us up. If we cancel the wait,
748 * we need to change the value of i2400m->ack_skb to something
749 * not -EINPROGRESS so RX knows there is no one waiting. */
750 result = wait_for_completion_interruptible_timeout(
751 &i2400m->msg_completion, ack_timeout);
753 dev_err(dev, "timeout waiting for reply to message 0x%04x\n",
756 i2400m_msg_to_dev_cancel_wait(i2400m, result);
757 goto error_wait_for_completion;
758 } else if (result < 0) {
759 dev_err(dev, "error waiting for reply to message 0x%04x: %d\n",
761 i2400m_msg_to_dev_cancel_wait(i2400m, result);
762 goto error_wait_for_completion;
765 /* Pull out the ack data from i2400m->ack_skb -- see if it is
766 * an error and act accordingly */
767 spin_lock_irqsave(&i2400m->rx_lock, flags);
768 ack_skb = i2400m->ack_skb;
770 result = PTR_ERR(ack_skb);
773 i2400m->ack_skb = NULL;
774 spin_unlock_irqrestore(&i2400m->rx_lock, flags);
776 goto error_ack_status;
777 ack_l3l4_hdr = wimax_msg_data_len(ack_skb, &ack_len);
779 /* Check the ack and deliver it if it is ok */
780 if (unlikely(i2400m->trace_msg_from_user))
781 wimax_msg(&i2400m->wimax_dev, "echo",
782 ack_l3l4_hdr, ack_len, GFP_KERNEL);
783 result = i2400m_msg_size_check(i2400m, ack_l3l4_hdr, ack_len);
785 dev_err(dev, "HW BUG? reply to message 0x%04x: %d\n",
787 goto error_bad_ack_len;
789 if (msg_type != le16_to_cpu(ack_l3l4_hdr->type)) {
790 dev_err(dev, "HW BUG? bad reply 0x%04x to message 0x%04x\n",
791 le16_to_cpu(ack_l3l4_hdr->type), msg_type);
793 goto error_bad_ack_type;
795 i2400m_msg_ack_hook(i2400m, ack_l3l4_hdr, ack_len);
796 mutex_unlock(&i2400m->msg_mutex);
797 d_fnend(3, dev, "(i2400m %p buf %p len %zu) = %p\n",
798 i2400m, buf, buf_len, ack_skb);
805 error_wait_for_completion:
807 mutex_unlock(&i2400m->msg_mutex);
809 d_fnend(3, dev, "(i2400m %p buf %p len %zu) = %d\n",
810 i2400m, buf, buf_len, result);
811 return ERR_PTR(result);
816 * Definitions for the Enter Power Save command
818 * The Enter Power Save command requests the device to go into power
819 * saving mode. The device will ack or nak the command depending on it
820 * being ready for it. If it acks, we tell the USB subsystem to
822 * As well, the device might request to go into power saving mode by
823 * sending a report (REPORT_POWERSAVE_READY), in which case, we issue
824 * this command. The hookups in the RX coder allow
827 I2400M_WAKEUP_ENABLED = 0x01,
828 I2400M_WAKEUP_DISABLED = 0x02,
829 I2400M_TLV_TYPE_WAKEUP_MODE = 144,
832 struct i2400m_cmd_enter_power_save {
833 struct i2400m_l3l4_hdr hdr;
834 struct i2400m_tlv_hdr tlv;
836 } __attribute__((packed));
840 * Request entering power save
842 * This command is (mainly) executed when the device indicates that it
843 * is ready to go into powersave mode via a REPORT_POWERSAVE_READY.
845 int i2400m_cmd_enter_powersave(struct i2400m *i2400m)
848 struct device *dev = i2400m_dev(i2400m);
849 struct sk_buff *ack_skb;
850 struct i2400m_cmd_enter_power_save *cmd;
854 cmd = kzalloc(sizeof(*cmd), GFP_KERNEL);
857 cmd->hdr.type = cpu_to_le16(I2400M_MT_CMD_ENTER_POWERSAVE);
858 cmd->hdr.length = cpu_to_le16(sizeof(*cmd) - sizeof(cmd->hdr));
859 cmd->hdr.version = cpu_to_le16(I2400M_L3L4_VERSION);
860 cmd->tlv.type = cpu_to_le16(I2400M_TLV_TYPE_WAKEUP_MODE);
861 cmd->tlv.length = cpu_to_le16(sizeof(cmd->val));
862 cmd->val = cpu_to_le32(I2400M_WAKEUP_ENABLED);
864 ack_skb = i2400m_msg_to_dev(i2400m, cmd, sizeof(*cmd));
865 result = PTR_ERR(ack_skb);
866 if (IS_ERR(ack_skb)) {
867 dev_err(dev, "Failed to issue 'Enter power save' command: %d\n",
869 goto error_msg_to_dev;
871 result = i2400m_msg_check_status(wimax_msg_data(ack_skb),
872 strerr, sizeof(strerr));
873 if (result == -EACCES)
874 d_printf(1, dev, "Cannot enter power save mode\n");
876 dev_err(dev, "'Enter power save' (0x%04x) command failed: "
877 "%d - %s\n", I2400M_MT_CMD_ENTER_POWERSAVE,
880 d_printf(1, dev, "device ready to power save\n");
887 EXPORT_SYMBOL_GPL(i2400m_cmd_enter_powersave);
891 * Definitions for getting device information
894 I2400M_TLV_DETAILED_DEVICE_INFO = 140
898 * i2400m_get_device_info - Query the device for detailed device information
900 * @i2400m: device descriptor
902 * Returns: an skb whose skb->data points to a 'struct
903 * i2400m_tlv_detailed_device_info'. When done, kfree_skb() it. The
904 * skb is *guaranteed* to contain the whole TLV data structure.
906 * On error, IS_ERR(skb) is true and ERR_PTR(skb) is the error
909 struct sk_buff *i2400m_get_device_info(struct i2400m *i2400m)
912 struct device *dev = i2400m_dev(i2400m);
913 struct sk_buff *ack_skb;
914 struct i2400m_l3l4_hdr *cmd;
915 const struct i2400m_l3l4_hdr *ack;
917 const struct i2400m_tlv_hdr *tlv;
918 const struct i2400m_tlv_detailed_device_info *ddi;
921 ack_skb = ERR_PTR(-ENOMEM);
922 cmd = kzalloc(sizeof(*cmd), GFP_KERNEL);
925 cmd->type = cpu_to_le16(I2400M_MT_GET_DEVICE_INFO);
927 cmd->version = cpu_to_le16(I2400M_L3L4_VERSION);
929 ack_skb = i2400m_msg_to_dev(i2400m, cmd, sizeof(*cmd));
930 if (IS_ERR(ack_skb)) {
931 dev_err(dev, "Failed to issue 'get device info' command: %ld\n",
933 goto error_msg_to_dev;
935 ack = wimax_msg_data_len(ack_skb, &ack_len);
936 result = i2400m_msg_check_status(ack, strerr, sizeof(strerr));
938 dev_err(dev, "'get device info' (0x%04x) command failed: "
939 "%d - %s\n", I2400M_MT_GET_DEVICE_INFO, result,
941 goto error_cmd_failed;
943 tlv = i2400m_tlv_find(i2400m, ack->pl, ack_len - sizeof(*ack),
944 I2400M_TLV_DETAILED_DEVICE_INFO, sizeof(*ddi));
946 dev_err(dev, "GET DEVICE INFO: "
947 "detailed device info TLV not found (0x%04x)\n",
948 I2400M_TLV_DETAILED_DEVICE_INFO);
952 skb_pull(ack_skb, (void *) tlv - (void *) ack_skb->data);
962 return ERR_PTR(result);
966 /* Firmware interface versions we support */
968 I2400M_HDIv_MAJOR = 9,
969 I2400M_HDIv_MINOR = 1,
970 I2400M_HDIv_MINOR_2 = 2,
975 * i2400m_firmware_check - check firmware versions are compatible with
978 * @i2400m: device descriptor
980 * Returns: 0 if ok, < 0 errno code an error and a message in the
983 * Long function, but quite simple; first chunk launches the command
984 * and double checks the reply for the right TLV. Then we process the
985 * TLV (where the meat is).
987 * Once we process the TLV that gives us the firmware's interface
988 * version, we encode it and save it in i2400m->fw_version for future
991 int i2400m_firmware_check(struct i2400m *i2400m)
994 struct device *dev = i2400m_dev(i2400m);
995 struct sk_buff *ack_skb;
996 struct i2400m_l3l4_hdr *cmd;
997 const struct i2400m_l3l4_hdr *ack;
999 const struct i2400m_tlv_hdr *tlv;
1000 const struct i2400m_tlv_l4_message_versions *l4mv;
1002 unsigned major, minor, branch;
1005 cmd = kzalloc(sizeof(*cmd), GFP_KERNEL);
1008 cmd->type = cpu_to_le16(I2400M_MT_GET_LM_VERSION);
1010 cmd->version = cpu_to_le16(I2400M_L3L4_VERSION);
1012 ack_skb = i2400m_msg_to_dev(i2400m, cmd, sizeof(*cmd));
1013 if (IS_ERR(ack_skb)) {
1014 result = PTR_ERR(ack_skb);
1015 dev_err(dev, "Failed to issue 'get lm version' command: %-d\n",
1017 goto error_msg_to_dev;
1019 ack = wimax_msg_data_len(ack_skb, &ack_len);
1020 result = i2400m_msg_check_status(ack, strerr, sizeof(strerr));
1022 dev_err(dev, "'get lm version' (0x%04x) command failed: "
1023 "%d - %s\n", I2400M_MT_GET_LM_VERSION, result,
1025 goto error_cmd_failed;
1027 tlv = i2400m_tlv_find(i2400m, ack->pl, ack_len - sizeof(*ack),
1028 I2400M_TLV_L4_MESSAGE_VERSIONS, sizeof(*l4mv));
1030 dev_err(dev, "get lm version: TLV not found (0x%04x)\n",
1031 I2400M_TLV_L4_MESSAGE_VERSIONS);
1035 l4mv = container_of(tlv, typeof(*l4mv), hdr);
1036 major = le16_to_cpu(l4mv->major);
1037 minor = le16_to_cpu(l4mv->minor);
1038 branch = le16_to_cpu(l4mv->branch);
1040 if (major != I2400M_HDIv_MAJOR) {
1041 dev_err(dev, "unsupported major fw version "
1042 "%u.%u.%u\n", major, minor, branch);
1043 goto error_bad_major;
1046 if (minor < I2400M_HDIv_MINOR_2 && minor > I2400M_HDIv_MINOR)
1047 dev_warn(dev, "untested minor fw version %u.%u.%u\n",
1048 major, minor, branch);
1049 /* Yes, we ignore the branch -- we don't have to track it */
1050 i2400m->fw_version = major << 16 | minor;
1051 dev_info(dev, "firmware interface version %u.%u.%u\n",
1052 major, minor, branch);
1065 * Send an DoExitIdle command to the device to ask it to go out of
1066 * basestation-idle mode.
1068 * @i2400m: device descriptor
1070 * This starts a renegotiation with the basestation that might involve
1071 * another crypto handshake with user space.
1073 * Returns: 0 if ok, < 0 errno code on error.
1075 int i2400m_cmd_exit_idle(struct i2400m *i2400m)
1078 struct device *dev = i2400m_dev(i2400m);
1079 struct sk_buff *ack_skb;
1080 struct i2400m_l3l4_hdr *cmd;
1084 cmd = kzalloc(sizeof(*cmd), GFP_KERNEL);
1087 cmd->type = cpu_to_le16(I2400M_MT_CMD_EXIT_IDLE);
1089 cmd->version = cpu_to_le16(I2400M_L3L4_VERSION);
1091 ack_skb = i2400m_msg_to_dev(i2400m, cmd, sizeof(*cmd));
1092 result = PTR_ERR(ack_skb);
1093 if (IS_ERR(ack_skb)) {
1094 dev_err(dev, "Failed to issue 'exit idle' command: %d\n",
1096 goto error_msg_to_dev;
1098 result = i2400m_msg_check_status(wimax_msg_data(ack_skb),
1099 strerr, sizeof(strerr));
1110 * Query the device for its state, update the WiMAX stack's idea of it
1112 * @i2400m: device descriptor
1114 * Returns: 0 if ok, < 0 errno code on error.
1116 * Executes a 'Get State' command and parses the returned
1119 * Because this is almost identical to a 'Report State', we use
1120 * i2400m_report_state_hook() to parse the answer. This will set the
1121 * carrier state, as well as the RF Kill switches state.
1123 int i2400m_cmd_get_state(struct i2400m *i2400m)
1126 struct device *dev = i2400m_dev(i2400m);
1127 struct sk_buff *ack_skb;
1128 struct i2400m_l3l4_hdr *cmd;
1129 const struct i2400m_l3l4_hdr *ack;
1134 cmd = kzalloc(sizeof(*cmd), GFP_KERNEL);
1137 cmd->type = cpu_to_le16(I2400M_MT_GET_STATE);
1139 cmd->version = cpu_to_le16(I2400M_L3L4_VERSION);
1141 ack_skb = i2400m_msg_to_dev(i2400m, cmd, sizeof(*cmd));
1142 if (IS_ERR(ack_skb)) {
1143 dev_err(dev, "Failed to issue 'get state' command: %ld\n",
1145 result = PTR_ERR(ack_skb);
1146 goto error_msg_to_dev;
1148 ack = wimax_msg_data_len(ack_skb, &ack_len);
1149 result = i2400m_msg_check_status(ack, strerr, sizeof(strerr));
1151 dev_err(dev, "'get state' (0x%04x) command failed: "
1152 "%d - %s\n", I2400M_MT_GET_STATE, result, strerr);
1153 goto error_cmd_failed;
1155 i2400m_report_state_hook(i2400m, ack, ack_len - sizeof(*ack),
1165 EXPORT_SYMBOL_GPL(i2400m_cmd_get_state);
1169 * Set basic configuration settings
1171 * @i2400m: device descriptor
1172 * @args: array of pointers to the TLV headers to send for
1173 * configuration (each followed by its payload).
1174 * TLV headers and payloads must be properly initialized, with the
1175 * right endianess (LE).
1176 * @arg_size: number of pointers in the @args array
1178 int i2400m_set_init_config(struct i2400m *i2400m,
1179 const struct i2400m_tlv_hdr **arg, size_t args)
1182 struct device *dev = i2400m_dev(i2400m);
1183 struct sk_buff *ack_skb;
1184 struct i2400m_l3l4_hdr *cmd;
1186 unsigned argc, argsize, tlv_size;
1187 const struct i2400m_tlv_hdr *tlv_hdr;
1190 d_fnstart(3, dev, "(i2400m %p arg %p args %zu)\n", i2400m, arg, args);
1194 /* Compute the size of all the TLVs, so we can alloc a
1195 * contiguous command block to copy them. */
1197 for (argc = 0; argc < args; argc++) {
1198 tlv_hdr = arg[argc];
1199 argsize += sizeof(*tlv_hdr) + le16_to_cpu(tlv_hdr->length);
1201 WARN_ON(argc >= 9); /* As per hw spec */
1203 /* Alloc the space for the command and TLVs*/
1205 buf = kzalloc(sizeof(*cmd) + argsize, GFP_KERNEL);
1209 cmd->type = cpu_to_le16(I2400M_MT_SET_INIT_CONFIG);
1210 cmd->length = cpu_to_le16(argsize);
1211 cmd->version = cpu_to_le16(I2400M_L3L4_VERSION);
1214 itr = buf + sizeof(*cmd);
1215 for (argc = 0; argc < args; argc++) {
1216 tlv_hdr = arg[argc];
1217 tlv_size = sizeof(*tlv_hdr) + le16_to_cpu(tlv_hdr->length);
1218 memcpy(itr, tlv_hdr, tlv_size);
1222 /* Send the message! */
1223 ack_skb = i2400m_msg_to_dev(i2400m, buf, sizeof(*cmd) + argsize);
1224 result = PTR_ERR(ack_skb);
1225 if (IS_ERR(ack_skb)) {
1226 dev_err(dev, "Failed to issue 'init config' command: %d\n",
1229 goto error_msg_to_dev;
1231 result = i2400m_msg_check_status(wimax_msg_data(ack_skb),
1232 strerr, sizeof(strerr));
1234 dev_err(dev, "'init config' (0x%04x) command failed: %d - %s\n",
1235 I2400M_MT_SET_INIT_CONFIG, result, strerr);
1241 d_fnend(3, dev, "(i2400m %p arg %p args %zu) = %d\n",
1242 i2400m, arg, args, result);
1246 EXPORT_SYMBOL_GPL(i2400m_set_init_config);
1250 * i2400m_set_idle_timeout - Set the device's idle mode timeout
1252 * @i2400m: i2400m device descriptor
1254 * @msecs: milliseconds for the timeout to enter idle mode. Between
1255 * 100 to 300000 (5m); 0 to disable. In increments of 100.
1257 * After this @msecs of the link being idle (no data being sent or
1258 * received), the device will negotiate with the basestation entering
1259 * idle mode for saving power. The connection is maintained, but
1260 * getting out of it (done in tx.c) will require some negotiation,
1261 * possible crypto re-handshake and a possible DHCP re-lease.
1263 * Only available if fw_version >= 0x00090002.
1265 * Returns: 0 if ok, < 0 errno code on error.
1267 int i2400m_set_idle_timeout(struct i2400m *i2400m, unsigned msecs)
1270 struct device *dev = i2400m_dev(i2400m);
1271 struct sk_buff *ack_skb;
1273 struct i2400m_l3l4_hdr hdr;
1274 struct i2400m_tlv_config_idle_timeout cit;
1276 const struct i2400m_l3l4_hdr *ack;
1281 if (i2400m_le_v1_3(i2400m))
1284 cmd = kzalloc(sizeof(*cmd), GFP_KERNEL);
1287 cmd->hdr.type = cpu_to_le16(I2400M_MT_GET_STATE);
1288 cmd->hdr.length = cpu_to_le16(sizeof(*cmd) - sizeof(cmd->hdr));
1289 cmd->hdr.version = cpu_to_le16(I2400M_L3L4_VERSION);
1292 cpu_to_le16(I2400M_TLV_CONFIG_IDLE_TIMEOUT);
1293 cmd->cit.hdr.length = cpu_to_le16(sizeof(cmd->cit.timeout));
1294 cmd->cit.timeout = cpu_to_le32(msecs);
1296 ack_skb = i2400m_msg_to_dev(i2400m, cmd, sizeof(*cmd));
1297 if (IS_ERR(ack_skb)) {
1298 dev_err(dev, "Failed to issue 'set idle timeout' command: "
1299 "%ld\n", PTR_ERR(ack_skb));
1300 result = PTR_ERR(ack_skb);
1301 goto error_msg_to_dev;
1303 ack = wimax_msg_data_len(ack_skb, &ack_len);
1304 result = i2400m_msg_check_status(ack, strerr, sizeof(strerr));
1306 dev_err(dev, "'set idle timeout' (0x%04x) command failed: "
1307 "%d - %s\n", I2400M_MT_GET_STATE, result, strerr);
1308 goto error_cmd_failed;
1321 * i2400m_dev_initialize - Initialize the device once communications are ready
1323 * @i2400m: device descriptor
1325 * Returns: 0 if ok, < 0 errno code on error.
1327 * Configures the device to work the way we like it.
1329 * At the point of this call, the device is registered with the WiMAX
1330 * and netdev stacks, firmware is uploaded and we can talk to the
1333 int i2400m_dev_initialize(struct i2400m *i2400m)
1336 struct device *dev = i2400m_dev(i2400m);
1337 struct i2400m_tlv_config_idle_parameters idle_params;
1338 struct i2400m_tlv_config_idle_timeout idle_timeout;
1339 struct i2400m_tlv_config_d2h_data_format df;
1340 struct i2400m_tlv_config_dl_host_reorder dlhr;
1341 const struct i2400m_tlv_hdr *args[9];
1344 d_fnstart(3, dev, "(i2400m %p)\n", i2400m);
1345 if (i2400m_passive_mode)
1347 /* Disable idle mode? (enabled by default) */
1348 if (i2400m_idle_mode_disabled) {
1349 if (i2400m_le_v1_3(i2400m)) {
1350 idle_params.hdr.type =
1351 cpu_to_le16(I2400M_TLV_CONFIG_IDLE_PARAMETERS);
1352 idle_params.hdr.length = cpu_to_le16(
1353 sizeof(idle_params) - sizeof(idle_params.hdr));
1354 idle_params.idle_timeout = 0;
1355 idle_params.idle_paging_interval = 0;
1356 args[argc++] = &idle_params.hdr;
1358 idle_timeout.hdr.type =
1359 cpu_to_le16(I2400M_TLV_CONFIG_IDLE_TIMEOUT);
1360 idle_timeout.hdr.length = cpu_to_le16(
1361 sizeof(idle_timeout) - sizeof(idle_timeout.hdr));
1362 idle_timeout.timeout = 0;
1363 args[argc++] = &idle_timeout.hdr;
1366 if (i2400m_ge_v1_4(i2400m)) {
1367 /* Enable extended RX data format? */
1369 cpu_to_le16(I2400M_TLV_CONFIG_D2H_DATA_FORMAT);
1370 df.hdr.length = cpu_to_le16(
1371 sizeof(df) - sizeof(df.hdr));
1373 args[argc++] = &df.hdr;
1375 /* Enable RX data reordering?
1376 * (switch flipped in rx.c:i2400m_rx_setup() after fw upload) */
1377 if (i2400m->rx_reorder) {
1379 cpu_to_le16(I2400M_TLV_CONFIG_DL_HOST_REORDER);
1380 dlhr.hdr.length = cpu_to_le16(
1381 sizeof(dlhr) - sizeof(dlhr.hdr));
1383 args[argc++] = &dlhr.hdr;
1386 result = i2400m_set_init_config(i2400m, args, argc);
1391 * Update state: Here it just calls a get state; parsing the
1392 * result (System State TLV and RF Status TLV [done in the rx
1393 * path hooks]) will set the hardware and software RF-Kill
1396 result = i2400m_cmd_get_state(i2400m);
1399 dev_err(dev, "failed to initialize the device: %d\n", result);
1400 d_fnend(3, dev, "(i2400m %p) = %d\n", i2400m, result);
1406 * i2400m_dev_shutdown - Shutdown a running device
1408 * @i2400m: device descriptor
1410 * Release resources acquired during the running of the device; in
1411 * theory, should also tell the device to go to sleep, switch off the
1412 * radio, all that, but at this point, in most cases (driver
1413 * disconnection, reset handling) we can't even talk to the device.
1415 void i2400m_dev_shutdown(struct i2400m *i2400m)
1417 struct device *dev = i2400m_dev(i2400m);
1419 d_fnstart(3, dev, "(i2400m %p)\n", i2400m);
1420 d_fnend(3, dev, "(i2400m %p) = void\n", i2400m);