1 // SPDX-License-Identifier: (GPL-2.0 OR MPL-1.1)
2 /* src/prism2/driver/hfa384x_usb.c
4 * Functions that talk to the USB variant of the Intersil hfa384x MAC
6 * Copyright (C) 1999 AbsoluteValue Systems, Inc. All Rights Reserved.
7 * --------------------------------------------------------------------
11 * The contents of this file are subject to the Mozilla Public
12 * License Version 1.1 (the "License"); you may not use this file
13 * except in compliance with the License. You may obtain a copy of
14 * the License at http://www.mozilla.org/MPL/
16 * Software distributed under the License is distributed on an "AS
17 * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
18 * implied. See the License for the specific language governing
19 * rights and limitations under the License.
21 * Alternatively, the contents of this file may be used under the
22 * terms of the GNU Public License version 2 (the "GPL"), in which
23 * case the provisions of the GPL are applicable instead of the
24 * above. If you wish to allow the use of your version of this file
25 * only under the terms of the GPL and not to allow others to use
26 * your version of this file under the MPL, indicate your decision
27 * by deleting the provisions above and replace them with the notice
28 * and other provisions required by the GPL. If you do not delete
29 * the provisions above, a recipient may use your version of this
30 * file under either the MPL or the GPL.
32 * --------------------------------------------------------------------
34 * Inquiries regarding the linux-wlan Open Source project can be
37 * AbsoluteValue Systems Inc.
39 * http://www.linux-wlan.com
41 * --------------------------------------------------------------------
43 * Portions of the development of this software were funded by
44 * Intersil Corporation as part of PRISM(R) chipset product development.
46 * --------------------------------------------------------------------
48 * This file implements functions that correspond to the prism2/hfa384x
49 * 802.11 MAC hardware and firmware host interface.
51 * The functions can be considered to represent several levels of
52 * abstraction. The lowest level functions are simply C-callable wrappers
53 * around the register accesses. The next higher level represents C-callable
54 * prism2 API functions that match the Intersil documentation as closely
55 * as is reasonable. The next higher layer implements common sequences
56 * of invocations of the API layer (e.g. write to bap, followed by cmd).
59 * hfa384x_drvr_xxx Highest level abstractions provided by the
60 * hfa384x code. They are driver defined wrappers
61 * for common sequences. These functions generally
62 * use the services of the lower levels.
64 * hfa384x_drvr_xxxconfig An example of the drvr level abstraction. These
65 * functions are wrappers for the RID get/set
66 * sequence. They call copy_[to|from]_bap() and
67 * cmd_access(). These functions operate on the
68 * RIDs and buffers without validation. The caller
69 * is responsible for that.
71 * API wrapper functions:
72 * hfa384x_cmd_xxx functions that provide access to the f/w commands.
73 * The function arguments correspond to each command
74 * argument, even command arguments that get packed
75 * into single registers. These functions _just_
76 * issue the command by setting the cmd/parm regs
77 * & reading the status/resp regs. Additional
78 * activities required to fully use a command
79 * (read/write from/to bap, get/set int status etc.)
80 * are implemented separately. Think of these as
81 * C-callable prism2 commands.
83 * Lowest Layer Functions:
84 * hfa384x_docmd_xxx These functions implement the sequence required
85 * to issue any prism2 command. Primarily used by the
86 * hfa384x_cmd_xxx functions.
88 * hfa384x_bap_xxx BAP read/write access functions.
89 * Note: we usually use BAP0 for non-interrupt context
90 * and BAP1 for interrupt context.
92 * hfa384x_dl_xxx download related functions.
94 * Driver State Issues:
95 * Note that there are two pairs of functions that manage the
96 * 'initialized' and 'running' states of the hw/MAC combo. The four
97 * functions are create(), destroy(), start(), and stop(). create()
98 * sets up the data structures required to support the hfa384x_*
99 * functions and destroy() cleans them up. The start() function gets
100 * the actual hardware running and enables the interrupts. The stop()
101 * function shuts the hardware down. The sequence should be:
105 * . Do interesting things w/ the hardware
110 * Note that destroy() can be called without calling stop() first.
111 * --------------------------------------------------------------------
114 #include <linux/module.h>
115 #include <linux/kernel.h>
116 #include <linux/sched.h>
117 #include <linux/types.h>
118 #include <linux/slab.h>
119 #include <linux/wireless.h>
120 #include <linux/netdevice.h>
121 #include <linux/timer.h>
122 #include <linux/io.h>
123 #include <linux/delay.h>
124 #include <asm/byteorder.h>
125 #include <linux/bitops.h>
126 #include <linux/list.h>
127 #include <linux/usb.h>
128 #include <linux/byteorder/generic.h>
130 #include "p80211types.h"
131 #include "p80211hdr.h"
132 #include "p80211mgmt.h"
133 #include "p80211conv.h"
134 #include "p80211msg.h"
135 #include "p80211netdev.h"
136 #include "p80211req.h"
137 #include "p80211metadef.h"
138 #include "p80211metastruct.h"
140 #include "prism2mgmt.h"
147 #define THROTTLE_JIFFIES (HZ / 8)
148 #define URB_ASYNC_UNLINK 0
149 #define USB_QUEUE_BULK 0
151 #define ROUNDUP64(a) (((a) + 63) & ~63)
154 static void dbprint_urb(struct urb *urb);
157 static void hfa384x_int_rxmonitor(struct wlandevice *wlandev,
158 struct hfa384x_usb_rxfrm *rxfrm);
160 static void hfa384x_usb_defer(struct work_struct *data);
162 static int submit_rx_urb(struct hfa384x *hw, gfp_t flags);
164 static int submit_tx_urb(struct hfa384x *hw, struct urb *tx_urb, gfp_t flags);
166 /*---------------------------------------------------*/
168 static void hfa384x_usbout_callback(struct urb *urb);
169 static void hfa384x_ctlxout_callback(struct urb *urb);
170 static void hfa384x_usbin_callback(struct urb *urb);
173 hfa384x_usbin_txcompl(struct wlandevice *wlandev, union hfa384x_usbin *usbin);
175 static void hfa384x_usbin_rx(struct wlandevice *wlandev, struct sk_buff *skb);
177 static void hfa384x_usbin_info(struct wlandevice *wlandev,
178 union hfa384x_usbin *usbin);
180 static void hfa384x_usbin_ctlx(struct hfa384x *hw, union hfa384x_usbin *usbin,
183 /*---------------------------------------------------*/
184 /* Functions to support the prism2 usb command queue */
186 static void hfa384x_usbctlxq_run(struct hfa384x *hw);
188 static void hfa384x_usbctlx_reqtimerfn(struct timer_list *t);
190 static void hfa384x_usbctlx_resptimerfn(struct timer_list *t);
192 static void hfa384x_usb_throttlefn(struct timer_list *t);
194 static void hfa384x_usbctlx_completion_task(unsigned long data);
196 static void hfa384x_usbctlx_reaper_task(unsigned long data);
198 static int hfa384x_usbctlx_submit(struct hfa384x *hw,
199 struct hfa384x_usbctlx *ctlx);
201 static void unlocked_usbctlx_complete(struct hfa384x *hw,
202 struct hfa384x_usbctlx *ctlx);
204 struct usbctlx_completor {
205 int (*complete)(struct usbctlx_completor *completor);
209 hfa384x_usbctlx_complete_sync(struct hfa384x *hw,
210 struct hfa384x_usbctlx *ctlx,
211 struct usbctlx_completor *completor);
214 unlocked_usbctlx_cancel_async(struct hfa384x *hw, struct hfa384x_usbctlx *ctlx);
216 static void hfa384x_cb_status(struct hfa384x *hw,
217 const struct hfa384x_usbctlx *ctlx);
220 usbctlx_get_status(const struct hfa384x_usb_statusresp *cmdresp,
221 struct hfa384x_cmdresult *result);
224 usbctlx_get_rridresult(const struct hfa384x_usb_rridresp *rridresp,
225 struct hfa384x_rridresult *result);
227 /*---------------------------------------------------*/
228 /* Low level req/resp CTLX formatters and submitters */
230 hfa384x_docmd(struct hfa384x *hw,
232 struct hfa384x_metacmd *cmd,
233 ctlx_cmdcb_t cmdcb, ctlx_usercb_t usercb, void *usercb_data);
236 hfa384x_dorrid(struct hfa384x *hw,
240 unsigned int riddatalen,
241 ctlx_cmdcb_t cmdcb, ctlx_usercb_t usercb, void *usercb_data);
244 hfa384x_dowrid(struct hfa384x *hw,
248 unsigned int riddatalen,
249 ctlx_cmdcb_t cmdcb, ctlx_usercb_t usercb, void *usercb_data);
252 hfa384x_dormem(struct hfa384x *hw,
258 ctlx_cmdcb_t cmdcb, ctlx_usercb_t usercb, void *usercb_data);
261 hfa384x_dowmem(struct hfa384x *hw,
267 ctlx_cmdcb_t cmdcb, ctlx_usercb_t usercb, void *usercb_data);
269 static int hfa384x_isgood_pdrcode(u16 pdrcode);
271 static inline const char *ctlxstr(enum ctlx_state s)
273 static const char * const ctlx_str[] = {
278 "Request packet submitted",
279 "Request packet completed",
280 "Response packet completed"
286 static inline struct hfa384x_usbctlx *get_active_ctlx(struct hfa384x *hw)
288 return list_entry(hw->ctlxq.active.next, struct hfa384x_usbctlx, list);
292 void dbprint_urb(struct urb *urb)
294 pr_debug("urb->pipe=0x%08x\n", urb->pipe);
295 pr_debug("urb->status=0x%08x\n", urb->status);
296 pr_debug("urb->transfer_flags=0x%08x\n", urb->transfer_flags);
297 pr_debug("urb->transfer_buffer=0x%08x\n",
298 (unsigned int)urb->transfer_buffer);
299 pr_debug("urb->transfer_buffer_length=0x%08x\n",
300 urb->transfer_buffer_length);
301 pr_debug("urb->actual_length=0x%08x\n", urb->actual_length);
302 pr_debug("urb->bandwidth=0x%08x\n", urb->bandwidth);
303 pr_debug("urb->setup_packet(ctl)=0x%08x\n",
304 (unsigned int)urb->setup_packet);
305 pr_debug("urb->start_frame(iso/irq)=0x%08x\n", urb->start_frame);
306 pr_debug("urb->interval(irq)=0x%08x\n", urb->interval);
307 pr_debug("urb->error_count(iso)=0x%08x\n", urb->error_count);
308 pr_debug("urb->timeout=0x%08x\n", urb->timeout);
309 pr_debug("urb->context=0x%08x\n", (unsigned int)urb->context);
310 pr_debug("urb->complete=0x%08x\n", (unsigned int)urb->complete);
314 /*----------------------------------------------------------------
317 * Listen for input data on the BULK-IN pipe. If the pipe has
318 * stalled then schedule it to be reset.
322 * memflags memory allocation flags
325 * error code from submission
329 *----------------------------------------------------------------
331 static int submit_rx_urb(struct hfa384x *hw, gfp_t memflags)
336 skb = dev_alloc_skb(sizeof(union hfa384x_usbin));
342 /* Post the IN urb */
343 usb_fill_bulk_urb(&hw->rx_urb, hw->usb,
345 skb->data, sizeof(union hfa384x_usbin),
346 hfa384x_usbin_callback, hw->wlandev);
348 hw->rx_urb_skb = skb;
351 if (!hw->wlandev->hwremoved &&
352 !test_bit(WORK_RX_HALT, &hw->usb_flags)) {
353 result = usb_submit_urb(&hw->rx_urb, memflags);
355 /* Check whether we need to reset the RX pipe */
356 if (result == -EPIPE) {
357 netdev_warn(hw->wlandev->netdev,
358 "%s rx pipe stalled: requesting reset\n",
359 hw->wlandev->netdev->name);
360 if (!test_and_set_bit(WORK_RX_HALT, &hw->usb_flags))
361 schedule_work(&hw->usb_work);
365 /* Don't leak memory if anything should go wrong */
368 hw->rx_urb_skb = NULL;
375 /*----------------------------------------------------------------
378 * Prepares and submits the URB of transmitted data. If the
379 * submission fails then it will schedule the output pipe to
384 * tx_urb URB of data for transmission
385 * memflags memory allocation flags
388 * error code from submission
392 *----------------------------------------------------------------
394 static int submit_tx_urb(struct hfa384x *hw, struct urb *tx_urb, gfp_t memflags)
396 struct net_device *netdev = hw->wlandev->netdev;
400 if (netif_running(netdev)) {
401 if (!hw->wlandev->hwremoved &&
402 !test_bit(WORK_TX_HALT, &hw->usb_flags)) {
403 result = usb_submit_urb(tx_urb, memflags);
405 /* Test whether we need to reset the TX pipe */
406 if (result == -EPIPE) {
407 netdev_warn(hw->wlandev->netdev,
408 "%s tx pipe stalled: requesting reset\n",
410 set_bit(WORK_TX_HALT, &hw->usb_flags);
411 schedule_work(&hw->usb_work);
412 } else if (result == 0) {
413 netif_stop_queue(netdev);
421 /*----------------------------------------------------------------
424 * There are some things that the USB stack cannot do while
425 * in interrupt context, so we arrange this function to run
426 * in process context.
429 * hw device structure
435 * process (by design)
436 *----------------------------------------------------------------
438 static void hfa384x_usb_defer(struct work_struct *data)
440 struct hfa384x *hw = container_of(data, struct hfa384x, usb_work);
441 struct net_device *netdev = hw->wlandev->netdev;
443 /* Don't bother trying to reset anything if the plug
444 * has been pulled ...
446 if (hw->wlandev->hwremoved)
449 /* Reception has stopped: try to reset the input pipe */
450 if (test_bit(WORK_RX_HALT, &hw->usb_flags)) {
453 usb_kill_urb(&hw->rx_urb); /* Cannot be holding spinlock! */
455 ret = usb_clear_halt(hw->usb, hw->endp_in);
457 netdev_err(hw->wlandev->netdev,
458 "Failed to clear rx pipe for %s: err=%d\n",
461 netdev_info(hw->wlandev->netdev, "%s rx pipe reset complete.\n",
463 clear_bit(WORK_RX_HALT, &hw->usb_flags);
464 set_bit(WORK_RX_RESUME, &hw->usb_flags);
468 /* Resume receiving data back from the device. */
469 if (test_bit(WORK_RX_RESUME, &hw->usb_flags)) {
472 ret = submit_rx_urb(hw, GFP_KERNEL);
474 netdev_err(hw->wlandev->netdev,
475 "Failed to resume %s rx pipe.\n",
478 clear_bit(WORK_RX_RESUME, &hw->usb_flags);
482 /* Transmission has stopped: try to reset the output pipe */
483 if (test_bit(WORK_TX_HALT, &hw->usb_flags)) {
486 usb_kill_urb(&hw->tx_urb);
487 ret = usb_clear_halt(hw->usb, hw->endp_out);
489 netdev_err(hw->wlandev->netdev,
490 "Failed to clear tx pipe for %s: err=%d\n",
493 netdev_info(hw->wlandev->netdev, "%s tx pipe reset complete.\n",
495 clear_bit(WORK_TX_HALT, &hw->usb_flags);
496 set_bit(WORK_TX_RESUME, &hw->usb_flags);
498 /* Stopping the BULK-OUT pipe also blocked
499 * us from sending any more CTLX URBs, so
500 * we need to re-run our queue ...
502 hfa384x_usbctlxq_run(hw);
506 /* Resume transmitting. */
507 if (test_and_clear_bit(WORK_TX_RESUME, &hw->usb_flags))
508 netif_wake_queue(hw->wlandev->netdev);
511 /*----------------------------------------------------------------
514 * Sets up the struct hfa384x data structure for use. Note this
515 * does _not_ initialize the actual hardware, just the data structures
516 * we use to keep track of its state.
519 * hw device structure
520 * irq device irq number
521 * iobase i/o base address for register access
522 * membase memory base address for register access
531 *----------------------------------------------------------------
533 void hfa384x_create(struct hfa384x *hw, struct usb_device *usb)
535 memset(hw, 0, sizeof(*hw));
538 /* set up the endpoints */
539 hw->endp_in = usb_rcvbulkpipe(usb, 1);
540 hw->endp_out = usb_sndbulkpipe(usb, 2);
542 /* Set up the waitq */
543 init_waitqueue_head(&hw->cmdq);
545 /* Initialize the command queue */
546 spin_lock_init(&hw->ctlxq.lock);
547 INIT_LIST_HEAD(&hw->ctlxq.pending);
548 INIT_LIST_HEAD(&hw->ctlxq.active);
549 INIT_LIST_HEAD(&hw->ctlxq.completing);
550 INIT_LIST_HEAD(&hw->ctlxq.reapable);
552 /* Initialize the authentication queue */
553 skb_queue_head_init(&hw->authq);
555 tasklet_init(&hw->reaper_bh,
556 hfa384x_usbctlx_reaper_task, (unsigned long)hw);
557 tasklet_init(&hw->completion_bh,
558 hfa384x_usbctlx_completion_task, (unsigned long)hw);
559 INIT_WORK(&hw->link_bh, prism2sta_processing_defer);
560 INIT_WORK(&hw->usb_work, hfa384x_usb_defer);
562 timer_setup(&hw->throttle, hfa384x_usb_throttlefn, 0);
564 timer_setup(&hw->resptimer, hfa384x_usbctlx_resptimerfn, 0);
566 timer_setup(&hw->reqtimer, hfa384x_usbctlx_reqtimerfn, 0);
568 usb_init_urb(&hw->rx_urb);
569 usb_init_urb(&hw->tx_urb);
570 usb_init_urb(&hw->ctlx_urb);
572 hw->link_status = HFA384x_LINK_NOTCONNECTED;
573 hw->state = HFA384x_STATE_INIT;
575 INIT_WORK(&hw->commsqual_bh, prism2sta_commsqual_defer);
576 timer_setup(&hw->commsqual_timer, prism2sta_commsqual_timer, 0);
579 /*----------------------------------------------------------------
582 * Partner to hfa384x_create(). This function cleans up the hw
583 * structure so that it can be freed by the caller using a simple
584 * kfree. Currently, this function is just a placeholder. If, at some
585 * point in the future, an hw in the 'shutdown' state requires a 'deep'
586 * kfree, this is where it should be done. Note that if this function
587 * is called on a _running_ hw structure, the drvr_stop() function is
591 * hw device structure
594 * nothing, this function is not allowed to fail.
600 *----------------------------------------------------------------
602 void hfa384x_destroy(struct hfa384x *hw)
606 if (hw->state == HFA384x_STATE_RUNNING)
607 hfa384x_drvr_stop(hw);
608 hw->state = HFA384x_STATE_PREINIT;
610 kfree(hw->scanresults);
611 hw->scanresults = NULL;
613 /* Now to clean out the auth queue */
614 while ((skb = skb_dequeue(&hw->authq)))
618 static struct hfa384x_usbctlx *usbctlx_alloc(void)
620 struct hfa384x_usbctlx *ctlx;
622 ctlx = kzalloc(sizeof(*ctlx),
623 in_interrupt() ? GFP_ATOMIC : GFP_KERNEL);
625 init_completion(&ctlx->done);
631 usbctlx_get_status(const struct hfa384x_usb_statusresp *cmdresp,
632 struct hfa384x_cmdresult *result)
634 result->status = le16_to_cpu(cmdresp->status);
635 result->resp0 = le16_to_cpu(cmdresp->resp0);
636 result->resp1 = le16_to_cpu(cmdresp->resp1);
637 result->resp2 = le16_to_cpu(cmdresp->resp2);
639 pr_debug("cmdresult:status=0x%04x resp0=0x%04x resp1=0x%04x resp2=0x%04x\n",
640 result->status, result->resp0, result->resp1, result->resp2);
642 return result->status & HFA384x_STATUS_RESULT;
646 usbctlx_get_rridresult(const struct hfa384x_usb_rridresp *rridresp,
647 struct hfa384x_rridresult *result)
649 result->rid = le16_to_cpu(rridresp->rid);
650 result->riddata = rridresp->data;
651 result->riddata_len = ((le16_to_cpu(rridresp->frmlen) - 1) * 2);
654 /*----------------------------------------------------------------
656 * This completor must be passed to hfa384x_usbctlx_complete_sync()
657 * when processing a CTLX that returns a struct hfa384x_cmdresult structure.
658 *----------------------------------------------------------------
660 struct usbctlx_cmd_completor {
661 struct usbctlx_completor head;
663 const struct hfa384x_usb_statusresp *cmdresp;
664 struct hfa384x_cmdresult *result;
667 static inline int usbctlx_cmd_completor_fn(struct usbctlx_completor *head)
669 struct usbctlx_cmd_completor *complete;
671 complete = (struct usbctlx_cmd_completor *)head;
672 return usbctlx_get_status(complete->cmdresp, complete->result);
675 static inline struct usbctlx_completor *
676 init_cmd_completor(struct usbctlx_cmd_completor *completor,
677 const struct hfa384x_usb_statusresp *cmdresp,
678 struct hfa384x_cmdresult *result)
680 completor->head.complete = usbctlx_cmd_completor_fn;
681 completor->cmdresp = cmdresp;
682 completor->result = result;
683 return &completor->head;
686 /*----------------------------------------------------------------
688 * This completor must be passed to hfa384x_usbctlx_complete_sync()
689 * when processing a CTLX that reads a RID.
690 *----------------------------------------------------------------
692 struct usbctlx_rrid_completor {
693 struct usbctlx_completor head;
695 const struct hfa384x_usb_rridresp *rridresp;
697 unsigned int riddatalen;
700 static int usbctlx_rrid_completor_fn(struct usbctlx_completor *head)
702 struct usbctlx_rrid_completor *complete;
703 struct hfa384x_rridresult rridresult;
705 complete = (struct usbctlx_rrid_completor *)head;
706 usbctlx_get_rridresult(complete->rridresp, &rridresult);
708 /* Validate the length, note body len calculation in bytes */
709 if (rridresult.riddata_len != complete->riddatalen) {
710 pr_warn("RID len mismatch, rid=0x%04x hlen=%d fwlen=%d\n",
712 complete->riddatalen, rridresult.riddata_len);
716 memcpy(complete->riddata, rridresult.riddata, complete->riddatalen);
720 static inline struct usbctlx_completor *
721 init_rrid_completor(struct usbctlx_rrid_completor *completor,
722 const struct hfa384x_usb_rridresp *rridresp,
724 unsigned int riddatalen)
726 completor->head.complete = usbctlx_rrid_completor_fn;
727 completor->rridresp = rridresp;
728 completor->riddata = riddata;
729 completor->riddatalen = riddatalen;
730 return &completor->head;
733 /*----------------------------------------------------------------
735 * Interprets the results of a synchronous RID-write
736 *----------------------------------------------------------------
738 #define init_wrid_completor init_cmd_completor
740 /*----------------------------------------------------------------
742 * Interprets the results of a synchronous memory-write
743 *----------------------------------------------------------------
745 #define init_wmem_completor init_cmd_completor
747 /*----------------------------------------------------------------
749 * Interprets the results of a synchronous memory-read
750 *----------------------------------------------------------------
752 struct usbctlx_rmem_completor {
753 struct usbctlx_completor head;
755 const struct hfa384x_usb_rmemresp *rmemresp;
760 static int usbctlx_rmem_completor_fn(struct usbctlx_completor *head)
762 struct usbctlx_rmem_completor *complete =
763 (struct usbctlx_rmem_completor *)head;
765 pr_debug("rmemresp:len=%d\n", complete->rmemresp->frmlen);
766 memcpy(complete->data, complete->rmemresp->data, complete->len);
770 static inline struct usbctlx_completor *
771 init_rmem_completor(struct usbctlx_rmem_completor *completor,
772 struct hfa384x_usb_rmemresp *rmemresp,
776 completor->head.complete = usbctlx_rmem_completor_fn;
777 completor->rmemresp = rmemresp;
778 completor->data = data;
779 completor->len = len;
780 return &completor->head;
783 /*----------------------------------------------------------------
786 * Ctlx_complete handler for async CMD type control exchanges.
787 * mark the hw struct as such.
789 * Note: If the handling is changed here, it should probably be
790 * changed in docmd as well.
794 * ctlx completed CTLX
803 *----------------------------------------------------------------
805 static void hfa384x_cb_status(struct hfa384x *hw,
806 const struct hfa384x_usbctlx *ctlx)
809 struct hfa384x_cmdresult cmdresult;
811 if (ctlx->state != CTLX_COMPLETE) {
812 memset(&cmdresult, 0, sizeof(cmdresult));
814 HFA384x_STATUS_RESULT_SET(HFA384x_CMD_ERR);
816 usbctlx_get_status(&ctlx->inbuf.cmdresp, &cmdresult);
819 ctlx->usercb(hw, &cmdresult, ctlx->usercb_data);
823 static inline int hfa384x_docmd_wait(struct hfa384x *hw,
824 struct hfa384x_metacmd *cmd)
826 return hfa384x_docmd(hw, DOWAIT, cmd, NULL, NULL, NULL);
830 hfa384x_docmd_async(struct hfa384x *hw,
831 struct hfa384x_metacmd *cmd,
832 ctlx_cmdcb_t cmdcb, ctlx_usercb_t usercb, void *usercb_data)
834 return hfa384x_docmd(hw, DOASYNC, cmd, cmdcb, usercb, usercb_data);
838 hfa384x_dorrid_wait(struct hfa384x *hw, u16 rid, void *riddata,
839 unsigned int riddatalen)
841 return hfa384x_dorrid(hw, DOWAIT,
842 rid, riddata, riddatalen, NULL, NULL, NULL);
846 hfa384x_dorrid_async(struct hfa384x *hw,
847 u16 rid, void *riddata, unsigned int riddatalen,
849 ctlx_usercb_t usercb, void *usercb_data)
851 return hfa384x_dorrid(hw, DOASYNC,
852 rid, riddata, riddatalen,
853 cmdcb, usercb, usercb_data);
857 hfa384x_dowrid_wait(struct hfa384x *hw, u16 rid, void *riddata,
858 unsigned int riddatalen)
860 return hfa384x_dowrid(hw, DOWAIT,
861 rid, riddata, riddatalen, NULL, NULL, NULL);
865 hfa384x_dowrid_async(struct hfa384x *hw,
866 u16 rid, void *riddata, unsigned int riddatalen,
868 ctlx_usercb_t usercb, void *usercb_data)
870 return hfa384x_dowrid(hw, DOASYNC,
871 rid, riddata, riddatalen,
872 cmdcb, usercb, usercb_data);
876 hfa384x_dormem_wait(struct hfa384x *hw,
877 u16 page, u16 offset, void *data, unsigned int len)
879 return hfa384x_dormem(hw, DOWAIT,
880 page, offset, data, len, NULL, NULL, NULL);
884 hfa384x_dormem_async(struct hfa384x *hw,
885 u16 page, u16 offset, void *data, unsigned int len,
887 ctlx_usercb_t usercb, void *usercb_data)
889 return hfa384x_dormem(hw, DOASYNC,
890 page, offset, data, len,
891 cmdcb, usercb, usercb_data);
895 hfa384x_dowmem_wait(struct hfa384x *hw,
896 u16 page, u16 offset, void *data, unsigned int len)
898 return hfa384x_dowmem(hw, DOWAIT,
899 page, offset, data, len, NULL, NULL, NULL);
903 hfa384x_dowmem_async(struct hfa384x *hw,
909 ctlx_usercb_t usercb, void *usercb_data)
911 return hfa384x_dowmem(hw, DOASYNC,
912 page, offset, data, len,
913 cmdcb, usercb, usercb_data);
916 /*----------------------------------------------------------------
917 * hfa384x_cmd_initialize
919 * Issues the initialize command and sets the hw->state based
923 * hw device structure
927 * >0 f/w reported error - f/w status code
928 * <0 driver reported error
934 *----------------------------------------------------------------
936 int hfa384x_cmd_initialize(struct hfa384x *hw)
940 struct hfa384x_metacmd cmd;
942 cmd.cmd = HFA384x_CMDCODE_INIT;
947 result = hfa384x_docmd_wait(hw, &cmd);
949 pr_debug("cmdresp.init: status=0x%04x, resp0=0x%04x, resp1=0x%04x, resp2=0x%04x\n",
951 cmd.result.resp0, cmd.result.resp1, cmd.result.resp2);
953 for (i = 0; i < HFA384x_NUMPORTS_MAX; i++)
954 hw->port_enabled[i] = 0;
957 hw->link_status = HFA384x_LINK_NOTCONNECTED;
962 /*----------------------------------------------------------------
963 * hfa384x_cmd_disable
965 * Issues the disable command to stop communications on one of
969 * hw device structure
970 * macport MAC port number (host order)
974 * >0 f/w reported failure - f/w status code
975 * <0 driver reported error (timeout|bad arg)
981 *----------------------------------------------------------------
983 int hfa384x_cmd_disable(struct hfa384x *hw, u16 macport)
985 struct hfa384x_metacmd cmd;
987 cmd.cmd = HFA384x_CMD_CMDCODE_SET(HFA384x_CMDCODE_DISABLE) |
988 HFA384x_CMD_MACPORT_SET(macport);
993 return hfa384x_docmd_wait(hw, &cmd);
996 /*----------------------------------------------------------------
999 * Issues the enable command to enable communications on one of
1003 * hw device structure
1004 * macport MAC port number
1008 * >0 f/w reported failure - f/w status code
1009 * <0 driver reported error (timeout|bad arg)
1015 *----------------------------------------------------------------
1017 int hfa384x_cmd_enable(struct hfa384x *hw, u16 macport)
1019 struct hfa384x_metacmd cmd;
1021 cmd.cmd = HFA384x_CMD_CMDCODE_SET(HFA384x_CMDCODE_ENABLE) |
1022 HFA384x_CMD_MACPORT_SET(macport);
1027 return hfa384x_docmd_wait(hw, &cmd);
1030 /*----------------------------------------------------------------
1031 * hfa384x_cmd_monitor
1033 * Enables the 'monitor mode' of the MAC. Here's the description of
1034 * monitor mode that I've received thus far:
1036 * "The "monitor mode" of operation is that the MAC passes all
1037 * frames for which the PLCP checks are correct. All received
1038 * MPDUs are passed to the host with MAC Port = 7, with a
1039 * receive status of good, FCS error, or undecryptable. Passing
1040 * certain MPDUs is a violation of the 802.11 standard, but useful
1041 * for a debugging tool." Normal communication is not possible
1042 * while monitor mode is enabled.
1045 * hw device structure
1046 * enable a code (0x0b|0x0f) that enables/disables
1047 * monitor mode. (host order)
1051 * >0 f/w reported failure - f/w status code
1052 * <0 driver reported error (timeout|bad arg)
1058 *----------------------------------------------------------------
1060 int hfa384x_cmd_monitor(struct hfa384x *hw, u16 enable)
1062 struct hfa384x_metacmd cmd;
1064 cmd.cmd = HFA384x_CMD_CMDCODE_SET(HFA384x_CMDCODE_MONITOR) |
1065 HFA384x_CMD_AINFO_SET(enable);
1070 return hfa384x_docmd_wait(hw, &cmd);
1073 /*----------------------------------------------------------------
1074 * hfa384x_cmd_download
1076 * Sets the controls for the MAC controller code/data download
1077 * process. The arguments set the mode and address associated
1078 * with a download. Note that the aux registers should be enabled
1079 * prior to setting one of the download enable modes.
1082 * hw device structure
1083 * mode 0 - Disable programming and begin code exec
1084 * 1 - Enable volatile mem programming
1085 * 2 - Enable non-volatile mem programming
1086 * 3 - Program non-volatile section from NV download
1090 * highaddr For mode 1, sets the high & low order bits of
1091 * the "destination address". This address will be
1092 * the execution start address when download is
1093 * subsequently disabled.
1094 * For mode 2, sets the high & low order bits of
1095 * the destination in NV ram.
1096 * For modes 0 & 3, should be zero. (host order)
1097 * NOTE: these are CMD format.
1098 * codelen Length of the data to write in mode 2,
1099 * zero otherwise. (host order)
1103 * >0 f/w reported failure - f/w status code
1104 * <0 driver reported error (timeout|bad arg)
1110 *----------------------------------------------------------------
1112 int hfa384x_cmd_download(struct hfa384x *hw, u16 mode, u16 lowaddr,
1113 u16 highaddr, u16 codelen)
1115 struct hfa384x_metacmd cmd;
1117 pr_debug("mode=%d, lowaddr=0x%04x, highaddr=0x%04x, codelen=%d\n",
1118 mode, lowaddr, highaddr, codelen);
1120 cmd.cmd = (HFA384x_CMD_CMDCODE_SET(HFA384x_CMDCODE_DOWNLD) |
1121 HFA384x_CMD_PROGMODE_SET(mode));
1123 cmd.parm0 = lowaddr;
1124 cmd.parm1 = highaddr;
1125 cmd.parm2 = codelen;
1127 return hfa384x_docmd_wait(hw, &cmd);
1130 /*----------------------------------------------------------------
1133 * Perform a reset of the hfa38xx MAC core. We assume that the hw
1134 * structure is in its "created" state. That is, it is initialized
1135 * with proper values. Note that if a reset is done after the
1136 * device has been active for awhile, the caller might have to clean
1137 * up some leftover cruft in the hw structure.
1140 * hw device structure
1141 * holdtime how long (in ms) to hold the reset
1142 * settletime how long (in ms) to wait after releasing
1152 *----------------------------------------------------------------
1154 int hfa384x_corereset(struct hfa384x *hw, int holdtime,
1155 int settletime, int genesis)
1159 result = usb_reset_device(hw->usb);
1161 netdev_err(hw->wlandev->netdev, "usb_reset_device() failed, result=%d.\n",
1168 /*----------------------------------------------------------------
1169 * hfa384x_usbctlx_complete_sync
1171 * Waits for a synchronous CTLX object to complete,
1172 * and then handles the response.
1175 * hw device structure
1177 * completor functor object to decide what to
1178 * do with the CTLX's result.
1182 * -ERESTARTSYS Interrupted by a signal
1184 * -ENODEV Adapter was unplugged
1185 * ??? Result from completor
1191 *----------------------------------------------------------------
1193 static int hfa384x_usbctlx_complete_sync(struct hfa384x *hw,
1194 struct hfa384x_usbctlx *ctlx,
1195 struct usbctlx_completor *completor)
1197 unsigned long flags;
1200 result = wait_for_completion_interruptible(&ctlx->done);
1202 spin_lock_irqsave(&hw->ctlxq.lock, flags);
1205 * We can only handle the CTLX if the USB disconnect
1206 * function has not run yet ...
1209 if (hw->wlandev->hwremoved) {
1210 spin_unlock_irqrestore(&hw->ctlxq.lock, flags);
1212 } else if (result != 0) {
1216 * We were probably interrupted, so delete
1217 * this CTLX asynchronously, kill the timers
1218 * and the URB, and then start the next
1221 * NOTE: We can only delete the timers and
1222 * the URB if this CTLX is active.
1224 if (ctlx == get_active_ctlx(hw)) {
1225 spin_unlock_irqrestore(&hw->ctlxq.lock, flags);
1227 del_singleshot_timer_sync(&hw->reqtimer);
1228 del_singleshot_timer_sync(&hw->resptimer);
1229 hw->req_timer_done = 1;
1230 hw->resp_timer_done = 1;
1231 usb_kill_urb(&hw->ctlx_urb);
1233 spin_lock_irqsave(&hw->ctlxq.lock, flags);
1238 * This scenario is so unlikely that I'm
1239 * happy with a grubby "goto" solution ...
1241 if (hw->wlandev->hwremoved)
1246 * The completion task will send this CTLX
1247 * to the reaper the next time it runs. We
1248 * are no longer in a hurry.
1251 ctlx->state = CTLX_REQ_FAILED;
1252 list_move_tail(&ctlx->list, &hw->ctlxq.completing);
1254 spin_unlock_irqrestore(&hw->ctlxq.lock, flags);
1257 hfa384x_usbctlxq_run(hw);
1259 if (ctlx->state == CTLX_COMPLETE) {
1260 result = completor->complete(completor);
1262 netdev_warn(hw->wlandev->netdev, "CTLX[%d] error: state(%s)\n",
1263 le16_to_cpu(ctlx->outbuf.type),
1264 ctlxstr(ctlx->state));
1268 list_del(&ctlx->list);
1269 spin_unlock_irqrestore(&hw->ctlxq.lock, flags);
1276 /*----------------------------------------------------------------
1279 * Constructs a command CTLX and submits it.
1281 * NOTE: Any changes to the 'post-submit' code in this function
1282 * need to be carried over to hfa384x_cbcmd() since the handling
1283 * is virtually identical.
1286 * hw device structure
1287 * mode DOWAIT or DOASYNC
1288 * cmd cmd structure. Includes all arguments and result
1289 * data points. All in host order. in host order
1290 * cmdcb command-specific callback
1291 * usercb user callback for async calls, NULL for DOWAIT calls
1292 * usercb_data user supplied data pointer for async calls, NULL
1298 * -ERESTARTSYS Awakened on signal
1299 * >0 command indicated error, Status and Resp0-2 are
1307 *----------------------------------------------------------------
1310 hfa384x_docmd(struct hfa384x *hw,
1312 struct hfa384x_metacmd *cmd,
1313 ctlx_cmdcb_t cmdcb, ctlx_usercb_t usercb, void *usercb_data)
1316 struct hfa384x_usbctlx *ctlx;
1318 ctlx = usbctlx_alloc();
1324 /* Initialize the command */
1325 ctlx->outbuf.cmdreq.type = cpu_to_le16(HFA384x_USB_CMDREQ);
1326 ctlx->outbuf.cmdreq.cmd = cpu_to_le16(cmd->cmd);
1327 ctlx->outbuf.cmdreq.parm0 = cpu_to_le16(cmd->parm0);
1328 ctlx->outbuf.cmdreq.parm1 = cpu_to_le16(cmd->parm1);
1329 ctlx->outbuf.cmdreq.parm2 = cpu_to_le16(cmd->parm2);
1331 ctlx->outbufsize = sizeof(ctlx->outbuf.cmdreq);
1333 pr_debug("cmdreq: cmd=0x%04x parm0=0x%04x parm1=0x%04x parm2=0x%04x\n",
1334 cmd->cmd, cmd->parm0, cmd->parm1, cmd->parm2);
1336 ctlx->reapable = mode;
1337 ctlx->cmdcb = cmdcb;
1338 ctlx->usercb = usercb;
1339 ctlx->usercb_data = usercb_data;
1341 result = hfa384x_usbctlx_submit(hw, ctlx);
1344 } else if (mode == DOWAIT) {
1345 struct usbctlx_cmd_completor cmd_completor;
1346 struct usbctlx_completor *completor;
1348 completor = init_cmd_completor(&cmd_completor,
1349 &ctlx->inbuf.cmdresp,
1352 result = hfa384x_usbctlx_complete_sync(hw, ctlx, completor);
1359 /*----------------------------------------------------------------
1362 * Constructs a read rid CTLX and issues it.
1364 * NOTE: Any changes to the 'post-submit' code in this function
1365 * need to be carried over to hfa384x_cbrrid() since the handling
1366 * is virtually identical.
1369 * hw device structure
1370 * mode DOWAIT or DOASYNC
1371 * rid Read RID number (host order)
1372 * riddata Caller supplied buffer that MAC formatted RID.data
1373 * record will be written to for DOWAIT calls. Should
1374 * be NULL for DOASYNC calls.
1375 * riddatalen Buffer length for DOWAIT calls. Zero for DOASYNC calls.
1376 * cmdcb command callback for async calls, NULL for DOWAIT calls
1377 * usercb user callback for async calls, NULL for DOWAIT calls
1378 * usercb_data user supplied data pointer for async calls, NULL
1384 * -ERESTARTSYS Awakened on signal
1385 * -ENODATA riddatalen != macdatalen
1386 * >0 command indicated error, Status and Resp0-2 are
1392 * interrupt (DOASYNC)
1393 * process (DOWAIT or DOASYNC)
1394 *----------------------------------------------------------------
1397 hfa384x_dorrid(struct hfa384x *hw,
1401 unsigned int riddatalen,
1402 ctlx_cmdcb_t cmdcb, ctlx_usercb_t usercb, void *usercb_data)
1405 struct hfa384x_usbctlx *ctlx;
1407 ctlx = usbctlx_alloc();
1413 /* Initialize the command */
1414 ctlx->outbuf.rridreq.type = cpu_to_le16(HFA384x_USB_RRIDREQ);
1415 ctlx->outbuf.rridreq.frmlen =
1416 cpu_to_le16(sizeof(ctlx->outbuf.rridreq.rid));
1417 ctlx->outbuf.rridreq.rid = cpu_to_le16(rid);
1419 ctlx->outbufsize = sizeof(ctlx->outbuf.rridreq);
1421 ctlx->reapable = mode;
1422 ctlx->cmdcb = cmdcb;
1423 ctlx->usercb = usercb;
1424 ctlx->usercb_data = usercb_data;
1426 /* Submit the CTLX */
1427 result = hfa384x_usbctlx_submit(hw, ctlx);
1430 } else if (mode == DOWAIT) {
1431 struct usbctlx_rrid_completor completor;
1434 hfa384x_usbctlx_complete_sync(hw, ctlx,
1437 &ctlx->inbuf.rridresp,
1438 riddata, riddatalen));
1445 /*----------------------------------------------------------------
1448 * Constructs a write rid CTLX and issues it.
1450 * NOTE: Any changes to the 'post-submit' code in this function
1451 * need to be carried over to hfa384x_cbwrid() since the handling
1452 * is virtually identical.
1455 * hw device structure
1456 * enum cmd_mode DOWAIT or DOASYNC
1458 * riddata Data portion of RID formatted for MAC
1459 * riddatalen Length of the data portion in bytes
1460 * cmdcb command callback for async calls, NULL for DOWAIT calls
1461 * usercb user callback for async calls, NULL for DOWAIT calls
1462 * usercb_data user supplied data pointer for async calls
1466 * -ETIMEDOUT timed out waiting for register ready or
1467 * command completion
1468 * >0 command indicated error, Status and Resp0-2 are
1474 * interrupt (DOASYNC)
1475 * process (DOWAIT or DOASYNC)
1476 *----------------------------------------------------------------
1479 hfa384x_dowrid(struct hfa384x *hw,
1483 unsigned int riddatalen,
1484 ctlx_cmdcb_t cmdcb, ctlx_usercb_t usercb, void *usercb_data)
1487 struct hfa384x_usbctlx *ctlx;
1489 ctlx = usbctlx_alloc();
1495 /* Initialize the command */
1496 ctlx->outbuf.wridreq.type = cpu_to_le16(HFA384x_USB_WRIDREQ);
1497 ctlx->outbuf.wridreq.frmlen = cpu_to_le16((sizeof
1498 (ctlx->outbuf.wridreq.rid) +
1499 riddatalen + 1) / 2);
1500 ctlx->outbuf.wridreq.rid = cpu_to_le16(rid);
1501 memcpy(ctlx->outbuf.wridreq.data, riddata, riddatalen);
1503 ctlx->outbufsize = sizeof(ctlx->outbuf.wridreq.type) +
1504 sizeof(ctlx->outbuf.wridreq.frmlen) +
1505 sizeof(ctlx->outbuf.wridreq.rid) + riddatalen;
1507 ctlx->reapable = mode;
1508 ctlx->cmdcb = cmdcb;
1509 ctlx->usercb = usercb;
1510 ctlx->usercb_data = usercb_data;
1512 /* Submit the CTLX */
1513 result = hfa384x_usbctlx_submit(hw, ctlx);
1516 } else if (mode == DOWAIT) {
1517 struct usbctlx_cmd_completor completor;
1518 struct hfa384x_cmdresult wridresult;
1520 result = hfa384x_usbctlx_complete_sync(hw,
1524 &ctlx->inbuf.wridresp,
1532 /*----------------------------------------------------------------
1535 * Constructs a readmem CTLX and issues it.
1537 * NOTE: Any changes to the 'post-submit' code in this function
1538 * need to be carried over to hfa384x_cbrmem() since the handling
1539 * is virtually identical.
1542 * hw device structure
1543 * mode DOWAIT or DOASYNC
1544 * page MAC address space page (CMD format)
1545 * offset MAC address space offset
1546 * data Ptr to data buffer to receive read
1547 * len Length of the data to read (max == 2048)
1548 * cmdcb command callback for async calls, NULL for DOWAIT calls
1549 * usercb user callback for async calls, NULL for DOWAIT calls
1550 * usercb_data user supplied data pointer for async calls
1554 * -ETIMEDOUT timed out waiting for register ready or
1555 * command completion
1556 * >0 command indicated error, Status and Resp0-2 are
1562 * interrupt (DOASYNC)
1563 * process (DOWAIT or DOASYNC)
1564 *----------------------------------------------------------------
1567 hfa384x_dormem(struct hfa384x *hw,
1573 ctlx_cmdcb_t cmdcb, ctlx_usercb_t usercb, void *usercb_data)
1576 struct hfa384x_usbctlx *ctlx;
1578 ctlx = usbctlx_alloc();
1584 /* Initialize the command */
1585 ctlx->outbuf.rmemreq.type = cpu_to_le16(HFA384x_USB_RMEMREQ);
1586 ctlx->outbuf.rmemreq.frmlen =
1587 cpu_to_le16(sizeof(ctlx->outbuf.rmemreq.offset) +
1588 sizeof(ctlx->outbuf.rmemreq.page) + len);
1589 ctlx->outbuf.rmemreq.offset = cpu_to_le16(offset);
1590 ctlx->outbuf.rmemreq.page = cpu_to_le16(page);
1592 ctlx->outbufsize = sizeof(ctlx->outbuf.rmemreq);
1594 pr_debug("type=0x%04x frmlen=%d offset=0x%04x page=0x%04x\n",
1595 ctlx->outbuf.rmemreq.type,
1596 ctlx->outbuf.rmemreq.frmlen,
1597 ctlx->outbuf.rmemreq.offset, ctlx->outbuf.rmemreq.page);
1599 pr_debug("pktsize=%zd\n", ROUNDUP64(sizeof(ctlx->outbuf.rmemreq)));
1601 ctlx->reapable = mode;
1602 ctlx->cmdcb = cmdcb;
1603 ctlx->usercb = usercb;
1604 ctlx->usercb_data = usercb_data;
1606 result = hfa384x_usbctlx_submit(hw, ctlx);
1609 } else if (mode == DOWAIT) {
1610 struct usbctlx_rmem_completor completor;
1613 hfa384x_usbctlx_complete_sync(hw, ctlx,
1616 &ctlx->inbuf.rmemresp, data,
1624 /*----------------------------------------------------------------
1627 * Constructs a writemem CTLX and issues it.
1629 * NOTE: Any changes to the 'post-submit' code in this function
1630 * need to be carried over to hfa384x_cbwmem() since the handling
1631 * is virtually identical.
1634 * hw device structure
1635 * mode DOWAIT or DOASYNC
1636 * page MAC address space page (CMD format)
1637 * offset MAC address space offset
1638 * data Ptr to data buffer containing write data
1639 * len Length of the data to read (max == 2048)
1640 * cmdcb command callback for async calls, NULL for DOWAIT calls
1641 * usercb user callback for async calls, NULL for DOWAIT calls
1642 * usercb_data user supplied data pointer for async calls.
1646 * -ETIMEDOUT timed out waiting for register ready or
1647 * command completion
1648 * >0 command indicated error, Status and Resp0-2 are
1654 * interrupt (DOWAIT)
1655 * process (DOWAIT or DOASYNC)
1656 *----------------------------------------------------------------
1659 hfa384x_dowmem(struct hfa384x *hw,
1665 ctlx_cmdcb_t cmdcb, ctlx_usercb_t usercb, void *usercb_data)
1668 struct hfa384x_usbctlx *ctlx;
1670 pr_debug("page=0x%04x offset=0x%04x len=%d\n", page, offset, len);
1672 ctlx = usbctlx_alloc();
1678 /* Initialize the command */
1679 ctlx->outbuf.wmemreq.type = cpu_to_le16(HFA384x_USB_WMEMREQ);
1680 ctlx->outbuf.wmemreq.frmlen =
1681 cpu_to_le16(sizeof(ctlx->outbuf.wmemreq.offset) +
1682 sizeof(ctlx->outbuf.wmemreq.page) + len);
1683 ctlx->outbuf.wmemreq.offset = cpu_to_le16(offset);
1684 ctlx->outbuf.wmemreq.page = cpu_to_le16(page);
1685 memcpy(ctlx->outbuf.wmemreq.data, data, len);
1687 ctlx->outbufsize = sizeof(ctlx->outbuf.wmemreq.type) +
1688 sizeof(ctlx->outbuf.wmemreq.frmlen) +
1689 sizeof(ctlx->outbuf.wmemreq.offset) +
1690 sizeof(ctlx->outbuf.wmemreq.page) + len;
1692 ctlx->reapable = mode;
1693 ctlx->cmdcb = cmdcb;
1694 ctlx->usercb = usercb;
1695 ctlx->usercb_data = usercb_data;
1697 result = hfa384x_usbctlx_submit(hw, ctlx);
1700 } else if (mode == DOWAIT) {
1701 struct usbctlx_cmd_completor completor;
1702 struct hfa384x_cmdresult wmemresult;
1704 result = hfa384x_usbctlx_complete_sync(hw,
1708 &ctlx->inbuf.wmemresp,
1716 /*----------------------------------------------------------------
1717 * hfa384x_drvr_disable
1719 * Issues the disable command to stop communications on one of
1720 * the MACs 'ports'. Only macport 0 is valid for stations.
1721 * APs may also disable macports 1-6. Only ports that have been
1722 * previously enabled may be disabled.
1725 * hw device structure
1726 * macport MAC port number (host order)
1730 * >0 f/w reported failure - f/w status code
1731 * <0 driver reported error (timeout|bad arg)
1737 *----------------------------------------------------------------
1739 int hfa384x_drvr_disable(struct hfa384x *hw, u16 macport)
1743 if ((!hw->isap && macport != 0) ||
1744 (hw->isap && !(macport <= HFA384x_PORTID_MAX)) ||
1745 !(hw->port_enabled[macport])) {
1748 result = hfa384x_cmd_disable(hw, macport);
1750 hw->port_enabled[macport] = 0;
1755 /*----------------------------------------------------------------
1756 * hfa384x_drvr_enable
1758 * Issues the enable command to enable communications on one of
1759 * the MACs 'ports'. Only macport 0 is valid for stations.
1760 * APs may also enable macports 1-6. Only ports that are currently
1761 * disabled may be enabled.
1764 * hw device structure
1765 * macport MAC port number
1769 * >0 f/w reported failure - f/w status code
1770 * <0 driver reported error (timeout|bad arg)
1776 *----------------------------------------------------------------
1778 int hfa384x_drvr_enable(struct hfa384x *hw, u16 macport)
1782 if ((!hw->isap && macport != 0) ||
1783 (hw->isap && !(macport <= HFA384x_PORTID_MAX)) ||
1784 (hw->port_enabled[macport])) {
1787 result = hfa384x_cmd_enable(hw, macport);
1789 hw->port_enabled[macport] = 1;
1794 /*----------------------------------------------------------------
1795 * hfa384x_drvr_flashdl_enable
1797 * Begins the flash download state. Checks to see that we're not
1798 * already in a download state and that a port isn't enabled.
1799 * Sets the download state and retrieves the flash download
1800 * buffer location, buffer size, and timeout length.
1803 * hw device structure
1807 * >0 f/w reported error - f/w status code
1808 * <0 driver reported error
1814 *----------------------------------------------------------------
1816 int hfa384x_drvr_flashdl_enable(struct hfa384x *hw)
1821 /* Check that a port isn't active */
1822 for (i = 0; i < HFA384x_PORTID_MAX; i++) {
1823 if (hw->port_enabled[i]) {
1824 pr_debug("called when port enabled.\n");
1829 /* Check that we're not already in a download state */
1830 if (hw->dlstate != HFA384x_DLSTATE_DISABLED)
1833 /* Retrieve the buffer loc&size and timeout */
1834 result = hfa384x_drvr_getconfig(hw, HFA384x_RID_DOWNLOADBUFFER,
1835 &hw->bufinfo, sizeof(hw->bufinfo));
1839 le16_to_cpus(&hw->bufinfo.page);
1840 le16_to_cpus(&hw->bufinfo.offset);
1841 le16_to_cpus(&hw->bufinfo.len);
1842 result = hfa384x_drvr_getconfig16(hw, HFA384x_RID_MAXLOADTIME,
1847 le16_to_cpus(&hw->dltimeout);
1849 pr_debug("flashdl_enable\n");
1851 hw->dlstate = HFA384x_DLSTATE_FLASHENABLED;
1856 /*----------------------------------------------------------------
1857 * hfa384x_drvr_flashdl_disable
1859 * Ends the flash download state. Note that this will cause the MAC
1860 * firmware to restart.
1863 * hw device structure
1867 * >0 f/w reported error - f/w status code
1868 * <0 driver reported error
1874 *----------------------------------------------------------------
1876 int hfa384x_drvr_flashdl_disable(struct hfa384x *hw)
1878 /* Check that we're already in the download state */
1879 if (hw->dlstate != HFA384x_DLSTATE_FLASHENABLED)
1882 pr_debug("flashdl_enable\n");
1884 /* There isn't much we can do at this point, so I don't */
1885 /* bother w/ the return value */
1886 hfa384x_cmd_download(hw, HFA384x_PROGMODE_DISABLE, 0, 0, 0);
1887 hw->dlstate = HFA384x_DLSTATE_DISABLED;
1892 /*----------------------------------------------------------------
1893 * hfa384x_drvr_flashdl_write
1895 * Performs a FLASH download of a chunk of data. First checks to see
1896 * that we're in the FLASH download state, then sets the download
1897 * mode, uses the aux functions to 1) copy the data to the flash
1898 * buffer, 2) sets the download 'write flash' mode, 3) readback and
1899 * compare. Lather rinse, repeat as many times an necessary to get
1900 * all the given data into flash.
1901 * When all data has been written using this function (possibly
1902 * repeatedly), call drvr_flashdl_disable() to end the download state
1903 * and restart the MAC.
1906 * hw device structure
1907 * daddr Card address to write to. (host order)
1908 * buf Ptr to data to write.
1909 * len Length of data (host order).
1913 * >0 f/w reported error - f/w status code
1914 * <0 driver reported error
1920 *----------------------------------------------------------------
1922 int hfa384x_drvr_flashdl_write(struct hfa384x *hw, u32 daddr,
1940 pr_debug("daddr=0x%08x len=%d\n", daddr, len);
1942 /* Check that we're in the flash download state */
1943 if (hw->dlstate != HFA384x_DLSTATE_FLASHENABLED)
1946 netdev_info(hw->wlandev->netdev,
1947 "Download %d bytes to flash @0x%06x\n", len, daddr);
1949 /* Convert to flat address for arithmetic */
1950 /* NOTE: dlbuffer RID stores the address in AUX format */
1952 HFA384x_ADDR_AUX_MKFLAT(hw->bufinfo.page, hw->bufinfo.offset);
1953 pr_debug("dlbuf.page=0x%04x dlbuf.offset=0x%04x dlbufaddr=0x%08x\n",
1954 hw->bufinfo.page, hw->bufinfo.offset, dlbufaddr);
1955 /* Calculations to determine how many fills of the dlbuffer to do
1956 * and how many USB wmemreq's to do for each fill. At this point
1957 * in time, the dlbuffer size and the wmemreq size are the same.
1958 * Therefore, nwrites should always be 1. The extra complexity
1959 * here is a hedge against future changes.
1962 /* Figure out how many times to do the flash programming */
1963 nburns = len / hw->bufinfo.len;
1964 nburns += (len % hw->bufinfo.len) ? 1 : 0;
1966 /* For each flash program cycle, how many USB wmemreq's are needed? */
1967 nwrites = hw->bufinfo.len / HFA384x_USB_RWMEM_MAXLEN;
1968 nwrites += (hw->bufinfo.len % HFA384x_USB_RWMEM_MAXLEN) ? 1 : 0;
1971 for (i = 0; i < nburns; i++) {
1972 /* Get the dest address and len */
1973 burnlen = (len - (hw->bufinfo.len * i)) > hw->bufinfo.len ?
1974 hw->bufinfo.len : (len - (hw->bufinfo.len * i));
1975 burndaddr = daddr + (hw->bufinfo.len * i);
1976 burnlo = HFA384x_ADDR_CMD_MKOFF(burndaddr);
1977 burnhi = HFA384x_ADDR_CMD_MKPAGE(burndaddr);
1979 netdev_info(hw->wlandev->netdev, "Writing %d bytes to flash @0x%06x\n",
1980 burnlen, burndaddr);
1982 /* Set the download mode */
1983 result = hfa384x_cmd_download(hw, HFA384x_PROGMODE_NV,
1984 burnlo, burnhi, burnlen);
1986 netdev_err(hw->wlandev->netdev,
1987 "download(NV,lo=%x,hi=%x,len=%x) cmd failed, result=%d. Aborting d/l\n",
1988 burnlo, burnhi, burnlen, result);
1992 /* copy the data to the flash download buffer */
1993 for (j = 0; j < nwrites; j++) {
1995 (i * hw->bufinfo.len) +
1996 (j * HFA384x_USB_RWMEM_MAXLEN);
1998 writepage = HFA384x_ADDR_CMD_MKPAGE(dlbufaddr +
1999 (j * HFA384x_USB_RWMEM_MAXLEN));
2000 writeoffset = HFA384x_ADDR_CMD_MKOFF(dlbufaddr +
2001 (j * HFA384x_USB_RWMEM_MAXLEN));
2003 writelen = burnlen - (j * HFA384x_USB_RWMEM_MAXLEN);
2004 writelen = writelen > HFA384x_USB_RWMEM_MAXLEN ?
2005 HFA384x_USB_RWMEM_MAXLEN : writelen;
2007 result = hfa384x_dowmem_wait(hw,
2010 writebuf, writelen);
2013 /* set the download 'write flash' mode */
2014 result = hfa384x_cmd_download(hw,
2015 HFA384x_PROGMODE_NVWRITE,
2018 netdev_err(hw->wlandev->netdev,
2019 "download(NVWRITE,lo=%x,hi=%x,len=%x) cmd failed, result=%d. Aborting d/l\n",
2020 burnlo, burnhi, burnlen, result);
2024 /* TODO: We really should do a readback and compare. */
2029 /* Leave the firmware in the 'post-prog' mode. flashdl_disable will */
2030 /* actually disable programming mode. Remember, that will cause the */
2031 /* the firmware to effectively reset itself. */
2036 /*----------------------------------------------------------------
2037 * hfa384x_drvr_getconfig
2039 * Performs the sequence necessary to read a config/info item.
2042 * hw device structure
2043 * rid config/info record id (host order)
2044 * buf host side record buffer. Upon return it will
2045 * contain the body portion of the record (minus the
2047 * len buffer length (in bytes, should match record length)
2051 * >0 f/w reported error - f/w status code
2052 * <0 driver reported error
2053 * -ENODATA length mismatch between argument and retrieved
2060 *----------------------------------------------------------------
2062 int hfa384x_drvr_getconfig(struct hfa384x *hw, u16 rid, void *buf, u16 len)
2064 return hfa384x_dorrid_wait(hw, rid, buf, len);
2067 /*----------------------------------------------------------------
2068 * hfa384x_drvr_setconfig_async
2070 * Performs the sequence necessary to write a config/info item.
2073 * hw device structure
2074 * rid config/info record id (in host order)
2075 * buf host side record buffer
2076 * len buffer length (in bytes)
2077 * usercb completion callback
2078 * usercb_data completion callback argument
2082 * >0 f/w reported error - f/w status code
2083 * <0 driver reported error
2089 *----------------------------------------------------------------
2092 hfa384x_drvr_setconfig_async(struct hfa384x *hw,
2095 u16 len, ctlx_usercb_t usercb, void *usercb_data)
2097 return hfa384x_dowrid_async(hw, rid, buf, len,
2098 hfa384x_cb_status, usercb, usercb_data);
2101 /*----------------------------------------------------------------
2102 * hfa384x_drvr_ramdl_disable
2104 * Ends the ram download state.
2107 * hw device structure
2111 * >0 f/w reported error - f/w status code
2112 * <0 driver reported error
2118 *----------------------------------------------------------------
2120 int hfa384x_drvr_ramdl_disable(struct hfa384x *hw)
2122 /* Check that we're already in the download state */
2123 if (hw->dlstate != HFA384x_DLSTATE_RAMENABLED)
2126 pr_debug("ramdl_disable()\n");
2128 /* There isn't much we can do at this point, so I don't */
2129 /* bother w/ the return value */
2130 hfa384x_cmd_download(hw, HFA384x_PROGMODE_DISABLE, 0, 0, 0);
2131 hw->dlstate = HFA384x_DLSTATE_DISABLED;
2136 /*----------------------------------------------------------------
2137 * hfa384x_drvr_ramdl_enable
2139 * Begins the ram download state. Checks to see that we're not
2140 * already in a download state and that a port isn't enabled.
2141 * Sets the download state and calls cmd_download with the
2142 * ENABLE_VOLATILE subcommand and the exeaddr argument.
2145 * hw device structure
2146 * exeaddr the card execution address that will be
2147 * jumped to when ramdl_disable() is called
2152 * >0 f/w reported error - f/w status code
2153 * <0 driver reported error
2159 *----------------------------------------------------------------
2161 int hfa384x_drvr_ramdl_enable(struct hfa384x *hw, u32 exeaddr)
2168 /* Check that a port isn't active */
2169 for (i = 0; i < HFA384x_PORTID_MAX; i++) {
2170 if (hw->port_enabled[i]) {
2171 netdev_err(hw->wlandev->netdev,
2172 "Can't download with a macport enabled.\n");
2177 /* Check that we're not already in a download state */
2178 if (hw->dlstate != HFA384x_DLSTATE_DISABLED) {
2179 netdev_err(hw->wlandev->netdev,
2180 "Download state not disabled.\n");
2184 pr_debug("ramdl_enable, exeaddr=0x%08x\n", exeaddr);
2186 /* Call the download(1,addr) function */
2187 lowaddr = HFA384x_ADDR_CMD_MKOFF(exeaddr);
2188 hiaddr = HFA384x_ADDR_CMD_MKPAGE(exeaddr);
2190 result = hfa384x_cmd_download(hw, HFA384x_PROGMODE_RAM,
2191 lowaddr, hiaddr, 0);
2194 /* Set the download state */
2195 hw->dlstate = HFA384x_DLSTATE_RAMENABLED;
2197 pr_debug("cmd_download(0x%04x, 0x%04x) failed, result=%d.\n",
2198 lowaddr, hiaddr, result);
2204 /*----------------------------------------------------------------
2205 * hfa384x_drvr_ramdl_write
2207 * Performs a RAM download of a chunk of data. First checks to see
2208 * that we're in the RAM download state, then uses the [read|write]mem USB
2209 * commands to 1) copy the data, 2) readback and compare. The download
2210 * state is unaffected. When all data has been written using
2211 * this function, call drvr_ramdl_disable() to end the download state
2212 * and restart the MAC.
2215 * hw device structure
2216 * daddr Card address to write to. (host order)
2217 * buf Ptr to data to write.
2218 * len Length of data (host order).
2222 * >0 f/w reported error - f/w status code
2223 * <0 driver reported error
2229 *----------------------------------------------------------------
2231 int hfa384x_drvr_ramdl_write(struct hfa384x *hw, u32 daddr, void *buf, u32 len)
2242 /* Check that we're in the ram download state */
2243 if (hw->dlstate != HFA384x_DLSTATE_RAMENABLED)
2246 netdev_info(hw->wlandev->netdev, "Writing %d bytes to ram @0x%06x\n",
2249 /* How many dowmem calls? */
2250 nwrites = len / HFA384x_USB_RWMEM_MAXLEN;
2251 nwrites += len % HFA384x_USB_RWMEM_MAXLEN ? 1 : 0;
2253 /* Do blocking wmem's */
2254 for (i = 0; i < nwrites; i++) {
2255 /* make address args */
2256 curraddr = daddr + (i * HFA384x_USB_RWMEM_MAXLEN);
2257 currpage = HFA384x_ADDR_CMD_MKPAGE(curraddr);
2258 curroffset = HFA384x_ADDR_CMD_MKOFF(curraddr);
2259 currlen = len - (i * HFA384x_USB_RWMEM_MAXLEN);
2260 if (currlen > HFA384x_USB_RWMEM_MAXLEN)
2261 currlen = HFA384x_USB_RWMEM_MAXLEN;
2263 /* Do blocking ctlx */
2264 result = hfa384x_dowmem_wait(hw,
2268 (i * HFA384x_USB_RWMEM_MAXLEN),
2274 /* TODO: We really should have a readback. */
2280 /*----------------------------------------------------------------
2281 * hfa384x_drvr_readpda
2283 * Performs the sequence to read the PDA space. Note there is no
2284 * drvr_writepda() function. Writing a PDA is
2285 * generally implemented by a calling component via calls to
2286 * cmd_download and writing to the flash download buffer via the
2290 * hw device structure
2291 * buf buffer to store PDA in
2296 * >0 f/w reported error - f/w status code
2297 * <0 driver reported error
2298 * -ETIMEDOUT timeout waiting for the cmd regs to become
2299 * available, or waiting for the control reg
2300 * to indicate the Aux port is enabled.
2301 * -ENODATA the buffer does NOT contain a valid PDA.
2302 * Either the card PDA is bad, or the auxdata
2303 * reads are giving us garbage.
2309 * process or non-card interrupt.
2310 *----------------------------------------------------------------
2312 int hfa384x_drvr_readpda(struct hfa384x *hw, void *buf, unsigned int len)
2318 int currpdr = 0; /* word offset of the current pdr */
2320 u16 pdrlen; /* pdr length in bytes, host order */
2321 u16 pdrcode; /* pdr code, host order */
2329 HFA3842_PDA_BASE, 0}, {
2330 HFA3841_PDA_BASE, 0}, {
2331 HFA3841_PDA_BOGUS_BASE, 0}
2334 /* Read the pda from each known address. */
2335 for (i = 0; i < ARRAY_SIZE(pdaloc); i++) {
2337 currpage = HFA384x_ADDR_CMD_MKPAGE(pdaloc[i].cardaddr);
2338 curroffset = HFA384x_ADDR_CMD_MKOFF(pdaloc[i].cardaddr);
2340 /* units of bytes */
2341 result = hfa384x_dormem_wait(hw, currpage, curroffset, buf,
2345 netdev_warn(hw->wlandev->netdev,
2346 "Read from index %zd failed, continuing\n",
2351 /* Test for garbage */
2352 pdaok = 1; /* initially assume good */
2354 while (pdaok && morepdrs) {
2355 pdrlen = le16_to_cpu(pda[currpdr]) * 2;
2356 pdrcode = le16_to_cpu(pda[currpdr + 1]);
2357 /* Test the record length */
2358 if (pdrlen > HFA384x_PDR_LEN_MAX || pdrlen == 0) {
2359 netdev_err(hw->wlandev->netdev,
2360 "pdrlen invalid=%d\n", pdrlen);
2365 if (!hfa384x_isgood_pdrcode(pdrcode)) {
2366 netdev_err(hw->wlandev->netdev, "pdrcode invalid=%d\n",
2371 /* Test for completion */
2372 if (pdrcode == HFA384x_PDR_END_OF_PDA)
2375 /* Move to the next pdr (if necessary) */
2377 /* note the access to pda[], need words here */
2378 currpdr += le16_to_cpu(pda[currpdr]) + 1;
2382 netdev_info(hw->wlandev->netdev,
2383 "PDA Read from 0x%08x in %s space.\n",
2385 pdaloc[i].auxctl == 0 ? "EXTDS" :
2386 pdaloc[i].auxctl == 1 ? "NV" :
2387 pdaloc[i].auxctl == 2 ? "PHY" :
2388 pdaloc[i].auxctl == 3 ? "ICSRAM" :
2393 result = pdaok ? 0 : -ENODATA;
2396 pr_debug("Failure: pda is not okay\n");
2401 /*----------------------------------------------------------------
2402 * hfa384x_drvr_setconfig
2404 * Performs the sequence necessary to write a config/info item.
2407 * hw device structure
2408 * rid config/info record id (in host order)
2409 * buf host side record buffer
2410 * len buffer length (in bytes)
2414 * >0 f/w reported error - f/w status code
2415 * <0 driver reported error
2421 *----------------------------------------------------------------
2423 int hfa384x_drvr_setconfig(struct hfa384x *hw, u16 rid, void *buf, u16 len)
2425 return hfa384x_dowrid_wait(hw, rid, buf, len);
2428 /*----------------------------------------------------------------
2429 * hfa384x_drvr_start
2431 * Issues the MAC initialize command, sets up some data structures,
2432 * and enables the interrupts. After this function completes, the
2433 * low-level stuff should be ready for any/all commands.
2436 * hw device structure
2439 * >0 f/w reported error - f/w status code
2440 * <0 driver reported error
2446 *----------------------------------------------------------------
2448 int hfa384x_drvr_start(struct hfa384x *hw)
2450 int result, result1, result2;
2455 /* Clear endpoint stalls - but only do this if the endpoint
2456 * is showing a stall status. Some prism2 cards seem to behave
2457 * badly if a clear_halt is called when the endpoint is already
2461 usb_get_std_status(hw->usb, USB_RECIP_ENDPOINT, hw->endp_in,
2464 netdev_err(hw->wlandev->netdev, "Cannot get bulk in endpoint status.\n");
2467 if ((status == 1) && usb_clear_halt(hw->usb, hw->endp_in))
2468 netdev_err(hw->wlandev->netdev, "Failed to reset bulk in endpoint.\n");
2471 usb_get_std_status(hw->usb, USB_RECIP_ENDPOINT, hw->endp_out,
2474 netdev_err(hw->wlandev->netdev, "Cannot get bulk out endpoint status.\n");
2477 if ((status == 1) && usb_clear_halt(hw->usb, hw->endp_out))
2478 netdev_err(hw->wlandev->netdev, "Failed to reset bulk out endpoint.\n");
2480 /* Synchronous unlink, in case we're trying to restart the driver */
2481 usb_kill_urb(&hw->rx_urb);
2483 /* Post the IN urb */
2484 result = submit_rx_urb(hw, GFP_KERNEL);
2486 netdev_err(hw->wlandev->netdev,
2487 "Fatal, failed to submit RX URB, result=%d\n",
2492 /* Call initialize twice, with a 1 second sleep in between.
2493 * This is a nasty work-around since many prism2 cards seem to
2494 * need time to settle after an init from cold. The second
2495 * call to initialize in theory is not necessary - but we call
2496 * it anyway as a double insurance policy:
2497 * 1) If the first init should fail, the second may well succeed
2498 * and the card can still be used
2499 * 2) It helps ensures all is well with the card after the first
2500 * init and settle time.
2502 result1 = hfa384x_cmd_initialize(hw);
2504 result = hfa384x_cmd_initialize(hw);
2508 netdev_err(hw->wlandev->netdev,
2509 "cmd_initialize() failed on two attempts, results %d and %d\n",
2511 usb_kill_urb(&hw->rx_urb);
2514 pr_debug("First cmd_initialize() failed (result %d),\n",
2516 pr_debug("but second attempt succeeded. All should be ok\n");
2518 } else if (result2 != 0) {
2519 netdev_warn(hw->wlandev->netdev, "First cmd_initialize() succeeded, but second attempt failed (result=%d)\n",
2521 netdev_warn(hw->wlandev->netdev,
2522 "Most likely the card will be functional\n");
2526 hw->state = HFA384x_STATE_RUNNING;
2532 /*----------------------------------------------------------------
2535 * Shuts down the MAC to the point where it is safe to unload the
2536 * driver. Any subsystem that may be holding a data or function
2537 * ptr into the driver must be cleared/deinitialized.
2540 * hw device structure
2543 * >0 f/w reported error - f/w status code
2544 * <0 driver reported error
2550 *----------------------------------------------------------------
2552 int hfa384x_drvr_stop(struct hfa384x *hw)
2558 /* There's no need for spinlocks here. The USB "disconnect"
2559 * function sets this "removed" flag and then calls us.
2561 if (!hw->wlandev->hwremoved) {
2562 /* Call initialize to leave the MAC in its 'reset' state */
2563 hfa384x_cmd_initialize(hw);
2565 /* Cancel the rxurb */
2566 usb_kill_urb(&hw->rx_urb);
2569 hw->link_status = HFA384x_LINK_NOTCONNECTED;
2570 hw->state = HFA384x_STATE_INIT;
2572 del_timer_sync(&hw->commsqual_timer);
2574 /* Clear all the port status */
2575 for (i = 0; i < HFA384x_NUMPORTS_MAX; i++)
2576 hw->port_enabled[i] = 0;
2581 /*----------------------------------------------------------------
2582 * hfa384x_drvr_txframe
2584 * Takes a frame from prism2sta and queues it for transmission.
2587 * hw device structure
2588 * skb packet buffer struct. Contains an 802.11
2590 * p80211_hdr points to the 802.11 header for the packet.
2592 * 0 Success and more buffs available
2593 * 1 Success but no more buffs
2594 * 2 Allocation failure
2595 * 4 Buffer full or queue busy
2601 *----------------------------------------------------------------
2603 int hfa384x_drvr_txframe(struct hfa384x *hw, struct sk_buff *skb,
2604 union p80211_hdr *p80211_hdr,
2605 struct p80211_metawep *p80211_wep)
2607 int usbpktlen = sizeof(struct hfa384x_tx_frame);
2612 if (hw->tx_urb.status == -EINPROGRESS) {
2613 netdev_warn(hw->wlandev->netdev, "TX URB already in use\n");
2618 /* Build Tx frame structure */
2619 /* Set up the control field */
2620 memset(&hw->txbuff.txfrm.desc, 0, sizeof(hw->txbuff.txfrm.desc));
2622 /* Setup the usb type field */
2623 hw->txbuff.type = cpu_to_le16(HFA384x_USB_TXFRM);
2625 /* Set up the sw_support field to identify this frame */
2626 hw->txbuff.txfrm.desc.sw_support = 0x0123;
2628 /* Tx complete and Tx exception disable per dleach. Might be causing
2631 /* #define DOEXC SLP -- doboth breaks horribly under load, doexc less so. */
2633 hw->txbuff.txfrm.desc.tx_control =
2634 HFA384x_TX_MACPORT_SET(0) | HFA384x_TX_STRUCTYPE_SET(1) |
2635 HFA384x_TX_TXEX_SET(1) | HFA384x_TX_TXOK_SET(1);
2636 #elif defined(DOEXC)
2637 hw->txbuff.txfrm.desc.tx_control =
2638 HFA384x_TX_MACPORT_SET(0) | HFA384x_TX_STRUCTYPE_SET(1) |
2639 HFA384x_TX_TXEX_SET(1) | HFA384x_TX_TXOK_SET(0);
2641 hw->txbuff.txfrm.desc.tx_control =
2642 HFA384x_TX_MACPORT_SET(0) | HFA384x_TX_STRUCTYPE_SET(1) |
2643 HFA384x_TX_TXEX_SET(0) | HFA384x_TX_TXOK_SET(0);
2645 cpu_to_le16s(&hw->txbuff.txfrm.desc.tx_control);
2647 /* copy the header over to the txdesc */
2648 memcpy(&hw->txbuff.txfrm.desc.frame_control, p80211_hdr,
2649 sizeof(union p80211_hdr));
2651 /* if we're using host WEP, increase size by IV+ICV */
2652 if (p80211_wep->data) {
2653 hw->txbuff.txfrm.desc.data_len = cpu_to_le16(skb->len + 8);
2656 hw->txbuff.txfrm.desc.data_len = cpu_to_le16(skb->len);
2659 usbpktlen += skb->len;
2661 /* copy over the WEP IV if we are using host WEP */
2662 ptr = hw->txbuff.txfrm.data;
2663 if (p80211_wep->data) {
2664 memcpy(ptr, p80211_wep->iv, sizeof(p80211_wep->iv));
2665 ptr += sizeof(p80211_wep->iv);
2666 memcpy(ptr, p80211_wep->data, skb->len);
2668 memcpy(ptr, skb->data, skb->len);
2670 /* copy over the packet data */
2673 /* copy over the WEP ICV if we are using host WEP */
2674 if (p80211_wep->data)
2675 memcpy(ptr, p80211_wep->icv, sizeof(p80211_wep->icv));
2677 /* Send the USB packet */
2678 usb_fill_bulk_urb(&hw->tx_urb, hw->usb,
2680 &hw->txbuff, ROUNDUP64(usbpktlen),
2681 hfa384x_usbout_callback, hw->wlandev);
2682 hw->tx_urb.transfer_flags |= USB_QUEUE_BULK;
2685 ret = submit_tx_urb(hw, &hw->tx_urb, GFP_ATOMIC);
2687 netdev_err(hw->wlandev->netdev,
2688 "submit_tx_urb() failed, error=%d\n", ret);
2696 void hfa384x_tx_timeout(struct wlandevice *wlandev)
2698 struct hfa384x *hw = wlandev->priv;
2699 unsigned long flags;
2701 spin_lock_irqsave(&hw->ctlxq.lock, flags);
2703 if (!hw->wlandev->hwremoved) {
2706 sched = !test_and_set_bit(WORK_TX_HALT, &hw->usb_flags);
2707 sched |= !test_and_set_bit(WORK_RX_HALT, &hw->usb_flags);
2709 schedule_work(&hw->usb_work);
2712 spin_unlock_irqrestore(&hw->ctlxq.lock, flags);
2715 /*----------------------------------------------------------------
2716 * hfa384x_usbctlx_reaper_task
2718 * Tasklet to delete dead CTLX objects
2721 * data ptr to a struct hfa384x
2727 *----------------------------------------------------------------
2729 static void hfa384x_usbctlx_reaper_task(unsigned long data)
2731 struct hfa384x *hw = (struct hfa384x *)data;
2732 struct hfa384x_usbctlx *ctlx, *temp;
2733 unsigned long flags;
2735 spin_lock_irqsave(&hw->ctlxq.lock, flags);
2737 /* This list is guaranteed to be empty if someone
2738 * has unplugged the adapter.
2740 list_for_each_entry_safe(ctlx, temp, &hw->ctlxq.reapable, list) {
2741 list_del(&ctlx->list);
2745 spin_unlock_irqrestore(&hw->ctlxq.lock, flags);
2748 /*----------------------------------------------------------------
2749 * hfa384x_usbctlx_completion_task
2751 * Tasklet to call completion handlers for returned CTLXs
2754 * data ptr to struct hfa384x
2761 *----------------------------------------------------------------
2763 static void hfa384x_usbctlx_completion_task(unsigned long data)
2765 struct hfa384x *hw = (struct hfa384x *)data;
2766 struct hfa384x_usbctlx *ctlx, *temp;
2767 unsigned long flags;
2771 spin_lock_irqsave(&hw->ctlxq.lock, flags);
2773 /* This list is guaranteed to be empty if someone
2774 * has unplugged the adapter ...
2776 list_for_each_entry_safe(ctlx, temp, &hw->ctlxq.completing, list) {
2777 /* Call the completion function that this
2778 * command was assigned, assuming it has one.
2781 spin_unlock_irqrestore(&hw->ctlxq.lock, flags);
2782 ctlx->cmdcb(hw, ctlx);
2783 spin_lock_irqsave(&hw->ctlxq.lock, flags);
2785 /* Make sure we don't try and complete
2786 * this CTLX more than once!
2790 /* Did someone yank the adapter out
2791 * while our list was (briefly) unlocked?
2793 if (hw->wlandev->hwremoved) {
2800 * "Reapable" CTLXs are ones which don't have any
2801 * threads waiting for them to die. Hence they must
2802 * be delivered to The Reaper!
2804 if (ctlx->reapable) {
2805 /* Move the CTLX off the "completing" list (hopefully)
2806 * on to the "reapable" list where the reaper task
2807 * can find it. And "reapable" means that this CTLX
2808 * isn't sitting on a wait-queue somewhere.
2810 list_move_tail(&ctlx->list, &hw->ctlxq.reapable);
2814 complete(&ctlx->done);
2816 spin_unlock_irqrestore(&hw->ctlxq.lock, flags);
2819 tasklet_schedule(&hw->reaper_bh);
2822 /*----------------------------------------------------------------
2823 * unlocked_usbctlx_cancel_async
2825 * Mark the CTLX dead asynchronously, and ensure that the
2826 * next command on the queue is run afterwards.
2829 * hw ptr to the struct hfa384x structure
2830 * ctlx ptr to a CTLX structure
2833 * 0 the CTLX's URB is inactive
2834 * -EINPROGRESS the URB is currently being unlinked
2837 * Either process or interrupt, but presumably interrupt
2838 *----------------------------------------------------------------
2840 static int unlocked_usbctlx_cancel_async(struct hfa384x *hw,
2841 struct hfa384x_usbctlx *ctlx)
2846 * Try to delete the URB containing our request packet.
2847 * If we succeed, then its completion handler will be
2848 * called with a status of -ECONNRESET.
2850 hw->ctlx_urb.transfer_flags |= URB_ASYNC_UNLINK;
2851 ret = usb_unlink_urb(&hw->ctlx_urb);
2853 if (ret != -EINPROGRESS) {
2855 * The OUT URB had either already completed
2856 * or was still in the pending queue, so the
2857 * URB's completion function will not be called.
2858 * We will have to complete the CTLX ourselves.
2860 ctlx->state = CTLX_REQ_FAILED;
2861 unlocked_usbctlx_complete(hw, ctlx);
2868 /*----------------------------------------------------------------
2869 * unlocked_usbctlx_complete
2871 * A CTLX has completed. It may have been successful, it may not
2872 * have been. At this point, the CTLX should be quiescent. The URBs
2873 * aren't active and the timers should have been stopped.
2875 * The CTLX is migrated to the "completing" queue, and the completing
2876 * tasklet is scheduled.
2879 * hw ptr to a struct hfa384x structure
2880 * ctlx ptr to a ctlx structure
2888 * Either, assume interrupt
2889 *----------------------------------------------------------------
2891 static void unlocked_usbctlx_complete(struct hfa384x *hw,
2892 struct hfa384x_usbctlx *ctlx)
2894 /* Timers have been stopped, and ctlx should be in
2895 * a terminal state. Retire it from the "active"
2898 list_move_tail(&ctlx->list, &hw->ctlxq.completing);
2899 tasklet_schedule(&hw->completion_bh);
2901 switch (ctlx->state) {
2903 case CTLX_REQ_FAILED:
2904 /* This are the correct terminating states. */
2908 netdev_err(hw->wlandev->netdev, "CTLX[%d] not in a terminating state(%s)\n",
2909 le16_to_cpu(ctlx->outbuf.type),
2910 ctlxstr(ctlx->state));
2915 /*----------------------------------------------------------------
2916 * hfa384x_usbctlxq_run
2918 * Checks to see if the head item is running. If not, starts it.
2921 * hw ptr to struct hfa384x
2930 *----------------------------------------------------------------
2932 static void hfa384x_usbctlxq_run(struct hfa384x *hw)
2934 unsigned long flags;
2937 spin_lock_irqsave(&hw->ctlxq.lock, flags);
2939 /* Only one active CTLX at any one time, because there's no
2940 * other (reliable) way to match the response URB to the
2943 * Don't touch any of these CTLXs if the hardware
2944 * has been removed or the USB subsystem is stalled.
2946 if (!list_empty(&hw->ctlxq.active) ||
2947 test_bit(WORK_TX_HALT, &hw->usb_flags) || hw->wlandev->hwremoved)
2950 while (!list_empty(&hw->ctlxq.pending)) {
2951 struct hfa384x_usbctlx *head;
2954 /* This is the first pending command */
2955 head = list_entry(hw->ctlxq.pending.next,
2956 struct hfa384x_usbctlx, list);
2958 /* We need to split this off to avoid a race condition */
2959 list_move_tail(&head->list, &hw->ctlxq.active);
2961 /* Fill the out packet */
2962 usb_fill_bulk_urb(&hw->ctlx_urb, hw->usb,
2964 &head->outbuf, ROUNDUP64(head->outbufsize),
2965 hfa384x_ctlxout_callback, hw);
2966 hw->ctlx_urb.transfer_flags |= USB_QUEUE_BULK;
2968 /* Now submit the URB and update the CTLX's state */
2969 result = usb_submit_urb(&hw->ctlx_urb, GFP_ATOMIC);
2971 /* This CTLX is now running on the active queue */
2972 head->state = CTLX_REQ_SUBMITTED;
2974 /* Start the OUT wait timer */
2975 hw->req_timer_done = 0;
2976 hw->reqtimer.expires = jiffies + HZ;
2977 add_timer(&hw->reqtimer);
2979 /* Start the IN wait timer */
2980 hw->resp_timer_done = 0;
2981 hw->resptimer.expires = jiffies + 2 * HZ;
2982 add_timer(&hw->resptimer);
2987 if (result == -EPIPE) {
2988 /* The OUT pipe needs resetting, so put
2989 * this CTLX back in the "pending" queue
2990 * and schedule a reset ...
2992 netdev_warn(hw->wlandev->netdev,
2993 "%s tx pipe stalled: requesting reset\n",
2994 hw->wlandev->netdev->name);
2995 list_move(&head->list, &hw->ctlxq.pending);
2996 set_bit(WORK_TX_HALT, &hw->usb_flags);
2997 schedule_work(&hw->usb_work);
3001 if (result == -ESHUTDOWN) {
3002 netdev_warn(hw->wlandev->netdev, "%s urb shutdown!\n",
3003 hw->wlandev->netdev->name);
3007 netdev_err(hw->wlandev->netdev, "Failed to submit CTLX[%d]: error=%d\n",
3008 le16_to_cpu(head->outbuf.type), result);
3009 unlocked_usbctlx_complete(hw, head);
3013 spin_unlock_irqrestore(&hw->ctlxq.lock, flags);
3016 /*----------------------------------------------------------------
3017 * hfa384x_usbin_callback
3019 * Callback for URBs on the BULKIN endpoint.
3022 * urb ptr to the completed urb
3031 *----------------------------------------------------------------
3033 static void hfa384x_usbin_callback(struct urb *urb)
3035 struct wlandevice *wlandev = urb->context;
3037 union hfa384x_usbin *usbin;
3038 struct sk_buff *skb = NULL;
3049 if (!wlandev || !wlandev->netdev || wlandev->hwremoved)
3056 skb = hw->rx_urb_skb;
3057 if (!skb || (skb->data != urb->transfer_buffer)) {
3062 hw->rx_urb_skb = NULL;
3064 /* Check for error conditions within the URB */
3065 switch (urb->status) {
3069 /* Check for short packet */
3070 if (urb->actual_length == 0) {
3071 wlandev->netdev->stats.rx_errors++;
3072 wlandev->netdev->stats.rx_length_errors++;
3078 netdev_warn(hw->wlandev->netdev, "%s rx pipe stalled: requesting reset\n",
3079 wlandev->netdev->name);
3080 if (!test_and_set_bit(WORK_RX_HALT, &hw->usb_flags))
3081 schedule_work(&hw->usb_work);
3082 wlandev->netdev->stats.rx_errors++;
3089 if (!test_and_set_bit(THROTTLE_RX, &hw->usb_flags) &&
3090 !timer_pending(&hw->throttle)) {
3091 mod_timer(&hw->throttle, jiffies + THROTTLE_JIFFIES);
3093 wlandev->netdev->stats.rx_errors++;
3098 wlandev->netdev->stats.rx_over_errors++;
3104 pr_debug("status=%d, device removed.\n", urb->status);
3110 pr_debug("status=%d, urb explicitly unlinked.\n", urb->status);
3115 pr_debug("urb status=%d, transfer flags=0x%x\n",
3116 urb->status, urb->transfer_flags);
3117 wlandev->netdev->stats.rx_errors++;
3122 /* Save values from the RX URB before reposting overwrites it. */
3123 urb_status = urb->status;
3124 usbin = (union hfa384x_usbin *)urb->transfer_buffer;
3126 if (action != ABORT) {
3127 /* Repost the RX URB */
3128 result = submit_rx_urb(hw, GFP_ATOMIC);
3131 netdev_err(hw->wlandev->netdev,
3132 "Fatal, failed to resubmit rx_urb. error=%d\n",
3137 /* Handle any USB-IN packet */
3138 /* Note: the check of the sw_support field, the type field doesn't
3139 * have bit 12 set like the docs suggest.
3141 type = le16_to_cpu(usbin->type);
3142 if (HFA384x_USB_ISRXFRM(type)) {
3143 if (action == HANDLE) {
3144 if (usbin->txfrm.desc.sw_support == 0x0123) {
3145 hfa384x_usbin_txcompl(wlandev, usbin);
3147 skb_put(skb, sizeof(*usbin));
3148 hfa384x_usbin_rx(wlandev, skb);
3154 if (HFA384x_USB_ISTXFRM(type)) {
3155 if (action == HANDLE)
3156 hfa384x_usbin_txcompl(wlandev, usbin);
3160 case HFA384x_USB_INFOFRM:
3161 if (action == ABORT)
3163 if (action == HANDLE)
3164 hfa384x_usbin_info(wlandev, usbin);
3167 case HFA384x_USB_CMDRESP:
3168 case HFA384x_USB_WRIDRESP:
3169 case HFA384x_USB_RRIDRESP:
3170 case HFA384x_USB_WMEMRESP:
3171 case HFA384x_USB_RMEMRESP:
3172 /* ALWAYS, ALWAYS, ALWAYS handle this CTLX!!!! */
3173 hfa384x_usbin_ctlx(hw, usbin, urb_status);
3176 case HFA384x_USB_BUFAVAIL:
3177 pr_debug("Received BUFAVAIL packet, frmlen=%d\n",
3178 usbin->bufavail.frmlen);
3181 case HFA384x_USB_ERROR:
3182 pr_debug("Received USB_ERROR packet, errortype=%d\n",
3183 usbin->usberror.errortype);
3187 pr_debug("Unrecognized USBIN packet, type=%x, status=%d\n",
3188 usbin->type, urb_status);
3198 /*----------------------------------------------------------------
3199 * hfa384x_usbin_ctlx
3201 * We've received a URB containing a Prism2 "response" message.
3202 * This message needs to be matched up with a CTLX on the active
3203 * queue and our state updated accordingly.
3206 * hw ptr to struct hfa384x
3207 * usbin ptr to USB IN packet
3208 * urb_status status of this Bulk-In URB
3217 *----------------------------------------------------------------
3219 static void hfa384x_usbin_ctlx(struct hfa384x *hw, union hfa384x_usbin *usbin,
3222 struct hfa384x_usbctlx *ctlx;
3224 unsigned long flags;
3227 spin_lock_irqsave(&hw->ctlxq.lock, flags);
3229 /* There can be only one CTLX on the active queue
3230 * at any one time, and this is the CTLX that the
3231 * timers are waiting for.
3233 if (list_empty(&hw->ctlxq.active))
3236 /* Remove the "response timeout". It's possible that
3237 * we are already too late, and that the timeout is
3238 * already running. And that's just too bad for us,
3239 * because we could lose our CTLX from the active
3242 if (del_timer(&hw->resptimer) == 0) {
3243 if (hw->resp_timer_done == 0) {
3244 spin_unlock_irqrestore(&hw->ctlxq.lock, flags);
3248 hw->resp_timer_done = 1;
3251 ctlx = get_active_ctlx(hw);
3253 if (urb_status != 0) {
3255 * Bad CTLX, so get rid of it. But we only
3256 * remove it from the active queue if we're no
3257 * longer expecting the OUT URB to complete.
3259 if (unlocked_usbctlx_cancel_async(hw, ctlx) == 0)
3262 const __le16 intype = (usbin->type & ~cpu_to_le16(0x8000));
3265 * Check that our message is what we're expecting ...
3267 if (ctlx->outbuf.type != intype) {
3268 netdev_warn(hw->wlandev->netdev,
3269 "Expected IN[%d], received IN[%d] - ignored.\n",
3270 le16_to_cpu(ctlx->outbuf.type),
3271 le16_to_cpu(intype));
3275 /* This URB has succeeded, so grab the data ... */
3276 memcpy(&ctlx->inbuf, usbin, sizeof(ctlx->inbuf));
3278 switch (ctlx->state) {
3279 case CTLX_REQ_SUBMITTED:
3281 * We have received our response URB before
3282 * our request has been acknowledged. Odd,
3283 * but our OUT URB is still alive...
3285 pr_debug("Causality violation: please reboot Universe\n");
3286 ctlx->state = CTLX_RESP_COMPLETE;
3289 case CTLX_REQ_COMPLETE:
3291 * This is the usual path: our request
3292 * has already been acknowledged, and
3293 * now we have received the reply too.
3295 ctlx->state = CTLX_COMPLETE;
3296 unlocked_usbctlx_complete(hw, ctlx);
3302 * Throw this CTLX away ...
3304 netdev_err(hw->wlandev->netdev,
3305 "Matched IN URB, CTLX[%d] in invalid state(%s). Discarded.\n",
3306 le16_to_cpu(ctlx->outbuf.type),
3307 ctlxstr(ctlx->state));
3308 if (unlocked_usbctlx_cancel_async(hw, ctlx) == 0)
3315 spin_unlock_irqrestore(&hw->ctlxq.lock, flags);
3318 hfa384x_usbctlxq_run(hw);
3321 /*----------------------------------------------------------------
3322 * hfa384x_usbin_txcompl
3324 * At this point we have the results of a previous transmit.
3327 * wlandev wlan device
3328 * usbin ptr to the usb transfer buffer
3337 *----------------------------------------------------------------
3339 static void hfa384x_usbin_txcompl(struct wlandevice *wlandev,
3340 union hfa384x_usbin *usbin)
3344 status = le16_to_cpu(usbin->type); /* yeah I know it says type... */
3346 /* Was there an error? */
3347 if (HFA384x_TXSTATUS_ISERROR(status))
3348 prism2sta_ev_txexc(wlandev, status);
3350 prism2sta_ev_tx(wlandev, status);
3353 /*----------------------------------------------------------------
3356 * At this point we have a successful received a rx frame packet.
3359 * wlandev wlan device
3360 * usbin ptr to the usb transfer buffer
3369 *----------------------------------------------------------------
3371 static void hfa384x_usbin_rx(struct wlandevice *wlandev, struct sk_buff *skb)
3373 union hfa384x_usbin *usbin = (union hfa384x_usbin *)skb->data;
3374 struct hfa384x *hw = wlandev->priv;
3376 struct p80211_rxmeta *rxmeta;
3380 /* Byte order convert once up front. */
3381 le16_to_cpus(&usbin->rxfrm.desc.status);
3382 le32_to_cpus(&usbin->rxfrm.desc.time);
3384 /* Now handle frame based on port# */
3385 switch (HFA384x_RXSTATUS_MACPORT_GET(usbin->rxfrm.desc.status)) {
3387 fc = le16_to_cpu(usbin->rxfrm.desc.frame_control);
3389 /* If exclude and we receive an unencrypted, drop it */
3390 if ((wlandev->hostwep & HOSTWEP_EXCLUDEUNENCRYPTED) &&
3391 !WLAN_GET_FC_ISWEP(fc)) {
3395 data_len = le16_to_cpu(usbin->rxfrm.desc.data_len);
3397 /* How much header data do we have? */
3398 hdrlen = p80211_headerlen(fc);
3400 /* Pull off the descriptor */
3401 skb_pull(skb, sizeof(struct hfa384x_rx_frame));
3403 /* Now shunt the header block up against the data block
3404 * with an "overlapping" copy
3406 memmove(skb_push(skb, hdrlen),
3407 &usbin->rxfrm.desc.frame_control, hdrlen);
3409 skb->dev = wlandev->netdev;
3411 /* And set the frame length properly */
3412 skb_trim(skb, data_len + hdrlen);
3414 /* The prism2 series does not return the CRC */
3415 memset(skb_put(skb, WLAN_CRC_LEN), 0xff, WLAN_CRC_LEN);
3417 skb_reset_mac_header(skb);
3419 /* Attach the rxmeta, set some stuff */
3420 p80211skb_rxmeta_attach(wlandev, skb);
3421 rxmeta = p80211skb_rxmeta(skb);
3422 rxmeta->mactime = usbin->rxfrm.desc.time;
3423 rxmeta->rxrate = usbin->rxfrm.desc.rate;
3424 rxmeta->signal = usbin->rxfrm.desc.signal - hw->dbmadjust;
3425 rxmeta->noise = usbin->rxfrm.desc.silence - hw->dbmadjust;
3427 p80211netdev_rx(wlandev, skb);
3432 if (!HFA384x_RXSTATUS_ISFCSERR(usbin->rxfrm.desc.status)) {
3433 /* Copy to wlansnif skb */
3434 hfa384x_int_rxmonitor(wlandev, &usbin->rxfrm);
3437 pr_debug("Received monitor frame: FCSerr set\n");
3442 netdev_warn(hw->wlandev->netdev, "Received frame on unsupported port=%d\n",
3443 HFA384x_RXSTATUS_MACPORT_GET(usbin->rxfrm.desc.status));
3448 /*----------------------------------------------------------------
3449 * hfa384x_int_rxmonitor
3451 * Helper function for int_rx. Handles monitor frames.
3452 * Note that this function allocates space for the FCS and sets it
3453 * to 0xffffffff. The hfa384x doesn't give us the FCS value but the
3454 * higher layers expect it. 0xffffffff is used as a flag to indicate
3458 * wlandev wlan device structure
3459 * rxfrm rx descriptor read from card in int_rx
3465 * Allocates an skb and passes it up via the PF_PACKET interface.
3468 *----------------------------------------------------------------
3470 static void hfa384x_int_rxmonitor(struct wlandevice *wlandev,
3471 struct hfa384x_usb_rxfrm *rxfrm)
3473 struct hfa384x_rx_frame *rxdesc = &rxfrm->desc;
3474 unsigned int hdrlen = 0;
3475 unsigned int datalen = 0;
3476 unsigned int skblen = 0;
3479 struct sk_buff *skb;
3480 struct hfa384x *hw = wlandev->priv;
3482 /* Remember the status, time, and data_len fields are in host order */
3483 /* Figure out how big the frame is */
3484 fc = le16_to_cpu(rxdesc->frame_control);
3485 hdrlen = p80211_headerlen(fc);
3486 datalen = le16_to_cpu(rxdesc->data_len);
3488 /* Allocate an ind message+framesize skb */
3489 skblen = sizeof(struct p80211_caphdr) + hdrlen + datalen + WLAN_CRC_LEN;
3491 /* sanity check the length */
3493 (sizeof(struct p80211_caphdr) +
3494 WLAN_HDR_A4_LEN + WLAN_DATA_MAXLEN + WLAN_CRC_LEN)) {
3495 pr_debug("overlen frm: len=%zd\n",
3496 skblen - sizeof(struct p80211_caphdr));
3499 skb = dev_alloc_skb(skblen);
3503 /* only prepend the prism header if in the right mode */
3504 if ((wlandev->netdev->type == ARPHRD_IEEE80211_PRISM) &&
3505 (hw->sniffhdr != 0)) {
3506 struct p80211_caphdr *caphdr;
3507 /* The NEW header format! */
3508 datap = skb_put(skb, sizeof(struct p80211_caphdr));
3509 caphdr = (struct p80211_caphdr *)datap;
3511 caphdr->version = htonl(P80211CAPTURE_VERSION);
3512 caphdr->length = htonl(sizeof(struct p80211_caphdr));
3513 caphdr->mactime = __cpu_to_be64(rxdesc->time * 1000);
3514 caphdr->hosttime = __cpu_to_be64(jiffies);
3515 caphdr->phytype = htonl(4); /* dss_dot11_b */
3516 caphdr->channel = htonl(hw->sniff_channel);
3517 caphdr->datarate = htonl(rxdesc->rate);
3518 caphdr->antenna = htonl(0); /* unknown */
3519 caphdr->priority = htonl(0); /* unknown */
3520 caphdr->ssi_type = htonl(3); /* rssi_raw */
3521 caphdr->ssi_signal = htonl(rxdesc->signal);
3522 caphdr->ssi_noise = htonl(rxdesc->silence);
3523 caphdr->preamble = htonl(0); /* unknown */
3524 caphdr->encoding = htonl(1); /* cck */
3527 /* Copy the 802.11 header to the skb
3528 * (ctl frames may be less than a full header)
3530 skb_put_data(skb, &rxdesc->frame_control, hdrlen);
3532 /* If any, copy the data from the card to the skb */
3534 datap = skb_put_data(skb, rxfrm->data, datalen);
3536 /* check for unencrypted stuff if WEP bit set. */
3537 if (*(datap - hdrlen + 1) & 0x40) /* wep set */
3538 if ((*(datap) == 0xaa) && (*(datap + 1) == 0xaa))
3539 /* clear wep; it's the 802.2 header! */
3540 *(datap - hdrlen + 1) &= 0xbf;
3543 if (hw->sniff_fcs) {
3545 datap = skb_put(skb, WLAN_CRC_LEN);
3546 memset(datap, 0xff, WLAN_CRC_LEN);
3549 /* pass it back up */
3550 p80211netdev_rx(wlandev, skb);
3553 /*----------------------------------------------------------------
3554 * hfa384x_usbin_info
3556 * At this point we have a successful received a Prism2 info frame.
3559 * wlandev wlan device
3560 * usbin ptr to the usb transfer buffer
3569 *----------------------------------------------------------------
3571 static void hfa384x_usbin_info(struct wlandevice *wlandev,
3572 union hfa384x_usbin *usbin)
3574 le16_to_cpus(&usbin->infofrm.info.framelen);
3575 prism2sta_ev_info(wlandev, &usbin->infofrm.info);
3578 /*----------------------------------------------------------------
3579 * hfa384x_usbout_callback
3581 * Callback for URBs on the BULKOUT endpoint.
3584 * urb ptr to the completed urb
3593 *----------------------------------------------------------------
3595 static void hfa384x_usbout_callback(struct urb *urb)
3597 struct wlandevice *wlandev = urb->context;
3603 if (wlandev && wlandev->netdev) {
3604 switch (urb->status) {
3606 prism2sta_ev_alloc(wlandev);
3610 struct hfa384x *hw = wlandev->priv;
3612 netdev_warn(hw->wlandev->netdev,
3613 "%s tx pipe stalled: requesting reset\n",
3614 wlandev->netdev->name);
3615 if (!test_and_set_bit(WORK_TX_HALT, &hw->usb_flags))
3616 schedule_work(&hw->usb_work);
3617 wlandev->netdev->stats.tx_errors++;
3624 struct hfa384x *hw = wlandev->priv;
3626 if (!test_and_set_bit(THROTTLE_TX, &hw->usb_flags) &&
3627 !timer_pending(&hw->throttle)) {
3628 mod_timer(&hw->throttle,
3629 jiffies + THROTTLE_JIFFIES);
3631 wlandev->netdev->stats.tx_errors++;
3632 netif_stop_queue(wlandev->netdev);
3638 /* Ignorable errors */
3642 netdev_info(wlandev->netdev, "unknown urb->status=%d\n",
3644 wlandev->netdev->stats.tx_errors++;
3650 /*----------------------------------------------------------------
3651 * hfa384x_ctlxout_callback
3653 * Callback for control data on the BULKOUT endpoint.
3656 * urb ptr to the completed urb
3665 *----------------------------------------------------------------
3667 static void hfa384x_ctlxout_callback(struct urb *urb)
3669 struct hfa384x *hw = urb->context;
3670 int delete_resptimer = 0;
3673 struct hfa384x_usbctlx *ctlx;
3674 unsigned long flags;
3676 pr_debug("urb->status=%d\n", urb->status);
3680 if ((urb->status == -ESHUTDOWN) ||
3681 (urb->status == -ENODEV) || !hw)
3685 spin_lock_irqsave(&hw->ctlxq.lock, flags);
3688 * Only one CTLX at a time on the "active" list, and
3689 * none at all if we are unplugged. However, we can
3690 * rely on the disconnect function to clean everything
3691 * up if someone unplugged the adapter.
3693 if (list_empty(&hw->ctlxq.active)) {
3694 spin_unlock_irqrestore(&hw->ctlxq.lock, flags);
3699 * Having something on the "active" queue means
3700 * that we have timers to worry about ...
3702 if (del_timer(&hw->reqtimer) == 0) {
3703 if (hw->req_timer_done == 0) {
3705 * This timer was actually running while we
3706 * were trying to delete it. Let it terminate
3707 * gracefully instead.
3709 spin_unlock_irqrestore(&hw->ctlxq.lock, flags);
3713 hw->req_timer_done = 1;
3716 ctlx = get_active_ctlx(hw);
3718 if (urb->status == 0) {
3719 /* Request portion of a CTLX is successful */
3720 switch (ctlx->state) {
3721 case CTLX_REQ_SUBMITTED:
3722 /* This OUT-ACK received before IN */
3723 ctlx->state = CTLX_REQ_COMPLETE;
3726 case CTLX_RESP_COMPLETE:
3727 /* IN already received before this OUT-ACK,
3728 * so this command must now be complete.
3730 ctlx->state = CTLX_COMPLETE;
3731 unlocked_usbctlx_complete(hw, ctlx);
3736 /* This is NOT a valid CTLX "success" state! */
3737 netdev_err(hw->wlandev->netdev,
3738 "Illegal CTLX[%d] success state(%s, %d) in OUT URB\n",
3739 le16_to_cpu(ctlx->outbuf.type),
3740 ctlxstr(ctlx->state), urb->status);
3744 /* If the pipe has stalled then we need to reset it */
3745 if ((urb->status == -EPIPE) &&
3746 !test_and_set_bit(WORK_TX_HALT, &hw->usb_flags)) {
3747 netdev_warn(hw->wlandev->netdev,
3748 "%s tx pipe stalled: requesting reset\n",
3749 hw->wlandev->netdev->name);
3750 schedule_work(&hw->usb_work);
3753 /* If someone cancels the OUT URB then its status
3754 * should be either -ECONNRESET or -ENOENT.
3756 ctlx->state = CTLX_REQ_FAILED;
3757 unlocked_usbctlx_complete(hw, ctlx);
3758 delete_resptimer = 1;
3763 if (delete_resptimer) {
3764 timer_ok = del_timer(&hw->resptimer);
3766 hw->resp_timer_done = 1;
3769 spin_unlock_irqrestore(&hw->ctlxq.lock, flags);
3771 if (!timer_ok && (hw->resp_timer_done == 0)) {
3772 spin_lock_irqsave(&hw->ctlxq.lock, flags);
3777 hfa384x_usbctlxq_run(hw);
3780 /*----------------------------------------------------------------
3781 * hfa384x_usbctlx_reqtimerfn
3783 * Timer response function for CTLX request timeouts. If this
3784 * function is called, it means that the callback for the OUT
3785 * URB containing a Prism2.x XXX_Request was never called.
3788 * data a ptr to the struct hfa384x
3797 *----------------------------------------------------------------
3799 static void hfa384x_usbctlx_reqtimerfn(struct timer_list *t)
3801 struct hfa384x *hw = from_timer(hw, t, reqtimer);
3802 unsigned long flags;
3804 spin_lock_irqsave(&hw->ctlxq.lock, flags);
3806 hw->req_timer_done = 1;
3808 /* Removing the hardware automatically empties
3809 * the active list ...
3811 if (!list_empty(&hw->ctlxq.active)) {
3813 * We must ensure that our URB is removed from
3814 * the system, if it hasn't already expired.
3816 hw->ctlx_urb.transfer_flags |= URB_ASYNC_UNLINK;
3817 if (usb_unlink_urb(&hw->ctlx_urb) == -EINPROGRESS) {
3818 struct hfa384x_usbctlx *ctlx = get_active_ctlx(hw);
3820 ctlx->state = CTLX_REQ_FAILED;
3822 /* This URB was active, but has now been
3823 * cancelled. It will now have a status of
3824 * -ECONNRESET in the callback function.
3826 * We are cancelling this CTLX, so we're
3827 * not going to need to wait for a response.
3828 * The URB's callback function will check
3829 * that this timer is truly dead.
3831 if (del_timer(&hw->resptimer) != 0)
3832 hw->resp_timer_done = 1;
3836 spin_unlock_irqrestore(&hw->ctlxq.lock, flags);
3839 /*----------------------------------------------------------------
3840 * hfa384x_usbctlx_resptimerfn
3842 * Timer response function for CTLX response timeouts. If this
3843 * function is called, it means that the callback for the IN
3844 * URB containing a Prism2.x XXX_Response was never called.
3847 * data a ptr to the struct hfa384x
3856 *----------------------------------------------------------------
3858 static void hfa384x_usbctlx_resptimerfn(struct timer_list *t)
3860 struct hfa384x *hw = from_timer(hw, t, resptimer);
3861 unsigned long flags;
3863 spin_lock_irqsave(&hw->ctlxq.lock, flags);
3865 hw->resp_timer_done = 1;
3867 /* The active list will be empty if the
3868 * adapter has been unplugged ...
3870 if (!list_empty(&hw->ctlxq.active)) {
3871 struct hfa384x_usbctlx *ctlx = get_active_ctlx(hw);
3873 if (unlocked_usbctlx_cancel_async(hw, ctlx) == 0) {
3874 spin_unlock_irqrestore(&hw->ctlxq.lock, flags);
3875 hfa384x_usbctlxq_run(hw);
3879 spin_unlock_irqrestore(&hw->ctlxq.lock, flags);
3882 /*----------------------------------------------------------------
3883 * hfa384x_usb_throttlefn
3896 *----------------------------------------------------------------
3898 static void hfa384x_usb_throttlefn(struct timer_list *t)
3900 struct hfa384x *hw = from_timer(hw, t, throttle);
3901 unsigned long flags;
3903 spin_lock_irqsave(&hw->ctlxq.lock, flags);
3906 * We need to check BOTH the RX and the TX throttle controls,
3907 * so we use the bitwise OR instead of the logical OR.
3909 pr_debug("flags=0x%lx\n", hw->usb_flags);
3910 if (!hw->wlandev->hwremoved &&
3911 ((test_and_clear_bit(THROTTLE_RX, &hw->usb_flags) &&
3912 !test_and_set_bit(WORK_RX_RESUME, &hw->usb_flags)) |
3913 (test_and_clear_bit(THROTTLE_TX, &hw->usb_flags) &&
3914 !test_and_set_bit(WORK_TX_RESUME, &hw->usb_flags))
3916 schedule_work(&hw->usb_work);
3919 spin_unlock_irqrestore(&hw->ctlxq.lock, flags);
3922 /*----------------------------------------------------------------
3923 * hfa384x_usbctlx_submit
3925 * Called from the doxxx functions to submit a CTLX to the queue
3928 * hw ptr to the hw struct
3929 * ctlx ctlx structure to enqueue
3932 * -ENODEV if the adapter is unplugged
3938 * process or interrupt
3939 *----------------------------------------------------------------
3941 static int hfa384x_usbctlx_submit(struct hfa384x *hw,
3942 struct hfa384x_usbctlx *ctlx)
3944 unsigned long flags;
3946 spin_lock_irqsave(&hw->ctlxq.lock, flags);
3948 if (hw->wlandev->hwremoved) {
3949 spin_unlock_irqrestore(&hw->ctlxq.lock, flags);
3953 ctlx->state = CTLX_PENDING;
3954 list_add_tail(&ctlx->list, &hw->ctlxq.pending);
3955 spin_unlock_irqrestore(&hw->ctlxq.lock, flags);
3956 hfa384x_usbctlxq_run(hw);
3961 /*----------------------------------------------------------------
3962 * hfa384x_isgood_pdrcore
3964 * Quick check of PDR codes.
3967 * pdrcode PDR code number (host order)
3976 *----------------------------------------------------------------
3978 static int hfa384x_isgood_pdrcode(u16 pdrcode)
3981 case HFA384x_PDR_END_OF_PDA:
3982 case HFA384x_PDR_PCB_PARTNUM:
3983 case HFA384x_PDR_PDAVER:
3984 case HFA384x_PDR_NIC_SERIAL:
3985 case HFA384x_PDR_MKK_MEASUREMENTS:
3986 case HFA384x_PDR_NIC_RAMSIZE:
3987 case HFA384x_PDR_MFISUPRANGE:
3988 case HFA384x_PDR_CFISUPRANGE:
3989 case HFA384x_PDR_NICID:
3990 case HFA384x_PDR_MAC_ADDRESS:
3991 case HFA384x_PDR_REGDOMAIN:
3992 case HFA384x_PDR_ALLOWED_CHANNEL:
3993 case HFA384x_PDR_DEFAULT_CHANNEL:
3994 case HFA384x_PDR_TEMPTYPE:
3995 case HFA384x_PDR_IFR_SETTING:
3996 case HFA384x_PDR_RFR_SETTING:
3997 case HFA384x_PDR_HFA3861_BASELINE:
3998 case HFA384x_PDR_HFA3861_SHADOW:
3999 case HFA384x_PDR_HFA3861_IFRF:
4000 case HFA384x_PDR_HFA3861_CHCALSP:
4001 case HFA384x_PDR_HFA3861_CHCALI:
4002 case HFA384x_PDR_3842_NIC_CONFIG:
4003 case HFA384x_PDR_USB_ID:
4004 case HFA384x_PDR_PCI_ID:
4005 case HFA384x_PDR_PCI_IFCONF:
4006 case HFA384x_PDR_PCI_PMCONF:
4007 case HFA384x_PDR_RFENRGY:
4008 case HFA384x_PDR_HFA3861_MANF_TESTSP:
4009 case HFA384x_PDR_HFA3861_MANF_TESTI:
4013 if (pdrcode < 0x1000) {
4014 /* code is OK, but we don't know exactly what it is */
4015 pr_debug("Encountered unknown PDR#=0x%04x, assuming it's ok.\n",
4022 pr_debug("Encountered unknown PDR#=0x%04x, (>=0x1000), assuming it's bad.\n",