drivers/net/wireless/intersil/prism54/islpci_mgt.c

   1 /*
   2  *  Copyright (C) 2002 Intersil Americas Inc.
   3  *  Copyright 2004 Jens Maurer <Jens.Maurer@gmx.net>
   4  *
   5  *  This program is free software; you can redistribute it and/or modify
   6  *  it under the terms of the GNU General Public License as published by
   7  *  the Free Software Foundation; either version 2 of the License
   8  *
   9  *  This program is distributed in the hope that it will be useful,
  10  *  but WITHOUT ANY WARRANTY; without even the implied warranty of
  11  *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  12  *  GNU General Public License for more details.
  13  *
  14  *  You should have received a copy of the GNU General Public License
  15  *  along with this program; if not, see <http://www.gnu.org/licenses/>.
  16  *
  17  */
  18
  19 #include <linux/netdevice.h>
  20 #include <linux/module.h>
  21 #include <linux/pci.h>
  22 #include <linux/sched.h>
  23 #include <linux/slab.h>
  24
  25 #include <asm/io.h>
  26 #include <linux/if_arp.h>
  27
  28 #include "prismcompat.h"
  29 #include "isl_38xx.h"
  30 #include "islpci_mgt.h"
  31 #include "isl_oid.h"            /* additional types and defs for isl38xx fw */
  32 #include "isl_ioctl.h"
  33
  34 #include <net/iw_handler.h>
  35
  36 /******************************************************************************
  37         Global variable definition section
  38 ******************************************************************************/
  39 int pc_debug = VERBOSE;
  40 module_param(pc_debug, int, 0);
  41
  42 /******************************************************************************
  43     Driver general functions
  44 ******************************************************************************/
  45 #if VERBOSE > SHOW_ERROR_MESSAGES
  46 void
  47 display_buffer(char *buffer, int length)
  48 {
  49         if ((pc_debug & SHOW_BUFFER_CONTENTS) == 0)
  50                 return;
  51
  52         while (length > 0) {
  53                 printk("[%02x]", *buffer & 255);
  54                 length--;
  55                 buffer++;
  56         }
  57
  58         printk("\n");
  59 }
  60 #endif
  61
  62 /*****************************************************************************
  63     Queue handling for management frames
  64 ******************************************************************************/
  65
  66 /*
  67  * Helper function to create a PIMFOR management frame header.
  68  */
  69 static void
  70 pimfor_encode_header(int operation, u32 oid, u32 length, pimfor_header_t *h)
  71 {
  72         h->version = PIMFOR_VERSION;
  73         h->operation = operation;
  74         h->device_id = PIMFOR_DEV_ID_MHLI_MIB;
  75         h->flags = 0;
  76         h->oid = cpu_to_be32(oid);
  77         h->length = cpu_to_be32(length);
  78 }
  79
  80 /*
  81  * Helper function to analyze a PIMFOR management frame header.
  82  */
  83 static pimfor_header_t *
  84 pimfor_decode_header(void *data, int len)
  85 {
  86         pimfor_header_t *h = data;
  87
  88         while ((void *) h < data + len) {
  89                 if (h->flags & PIMFOR_FLAG_LITTLE_ENDIAN) {
  90                         le32_to_cpus(&h->oid);
  91                         le32_to_cpus(&h->length);
  92                 } else {
  93                         be32_to_cpus(&h->oid);
  94                         be32_to_cpus(&h->length);
  95                 }
  96                 if (h->oid != OID_INL_TUNNEL)
  97                         return h;
  98                 h++;
  99         }
 100         return NULL;
 101 }
 102
 103 /*
 104  * Fill the receive queue for management frames with fresh buffers.
 105  */
 106 int
 107 islpci_mgmt_rx_fill(struct net_device *ndev)
 108 {
 109         islpci_private *priv = netdev_priv(ndev);
 110         isl38xx_control_block *cb =     /* volatile not needed */
 111             (isl38xx_control_block *) priv->control_block;
 112         u32 curr = le32_to_cpu(cb->driver_curr_frag[ISL38XX_CB_RX_MGMTQ]);
 113
 114 #if VERBOSE > SHOW_ERROR_MESSAGES
 115         DEBUG(SHOW_FUNCTION_CALLS, "islpci_mgmt_rx_fill\n");
 116 #endif
 117
 118         while (curr - priv->index_mgmt_rx < ISL38XX_CB_MGMT_QSIZE) {
 119                 u32 index = curr % ISL38XX_CB_MGMT_QSIZE;
 120                 struct islpci_membuf *buf = &priv->mgmt_rx[index];
 121                 isl38xx_fragment *frag = &cb->rx_data_mgmt[index];
 122
 123                 if (buf->mem == NULL) {
 124                         buf->mem = kmalloc(MGMT_FRAME_SIZE, GFP_ATOMIC);
 125                         if (!buf->mem)
 126                                 return -ENOMEM;
 127                         buf->size = MGMT_FRAME_SIZE;
 128                 }
 129                 if (buf->pci_addr == 0) {
 130                         buf->pci_addr = pci_map_single(priv->pdev, buf->mem,
 131                                                        MGMT_FRAME_SIZE,
 132                                                        PCI_DMA_FROMDEVICE);
 133                         if (pci_dma_mapping_error(priv->pdev, buf->pci_addr)) {
 134                                 printk(KERN_WARNING
 135                                        "Failed to make memory DMA'able.\n");
 136                                 return -ENOMEM;
 137                         }
 138                 }
 139
 140                 /* be safe: always reset control block information */
 141                 frag->size = cpu_to_le16(MGMT_FRAME_SIZE);
 142                 frag->flags = 0;
 143                 frag->address = cpu_to_le32(buf->pci_addr);
 144                 curr++;
 145
 146                 /* The fragment address in the control block must have
 147                  * been written before announcing the frame buffer to
 148                  * device */
 149                 wmb();
 150                 cb->driver_curr_frag[ISL38XX_CB_RX_MGMTQ] = cpu_to_le32(curr);
 151         }
 152         return 0;
 153 }
 154
 155 /*
 156  * Create and transmit a management frame using "operation" and "oid",
 157  * with arguments data/length.
 158  * We either return an error and free the frame, or we return 0 and
 159  * islpci_mgt_cleanup_transmit() frees the frame in the tx-done
 160  * interrupt.
 161  */
 162 static int
 163 islpci_mgt_transmit(struct net_device *ndev, int operation, unsigned long oid,
 164                     void *data, int length)
 165 {
 166         islpci_private *priv = netdev_priv(ndev);
 167         isl38xx_control_block *cb =
 168             (isl38xx_control_block *) priv->control_block;
 169         void *p;
 170         int err = -EINVAL;
 171         unsigned long flags;
 172         isl38xx_fragment *frag;
 173         struct islpci_membuf buf;
 174         u32 curr_frag;
 175         int index;
 176         int frag_len = length + PIMFOR_HEADER_SIZE;
 177
 178 #if VERBOSE > SHOW_ERROR_MESSAGES
 179         DEBUG(SHOW_FUNCTION_CALLS, "islpci_mgt_transmit\n");
 180 #endif
 181
 182         if (frag_len > MGMT_FRAME_SIZE) {
 183                 printk(KERN_DEBUG "%s: mgmt frame too large %d\n",
 184                        ndev->name, frag_len);
 185                 goto error;
 186         }
 187
 188         err = -ENOMEM;
 189         p = buf.mem = kmalloc(frag_len, GFP_KERNEL);
 190         if (!buf.mem)
 191                 goto error;
 192
 193         buf.size = frag_len;
 194
 195         /* create the header directly in the fragment data area */
 196         pimfor_encode_header(operation, oid, length, (pimfor_header_t *) p);
 197         p += PIMFOR_HEADER_SIZE;
 198
 199         if (data)
 200                 memcpy(p, data, length);
 201         else
 202                 memset(p, 0, length);
 203
 204 #if VERBOSE > SHOW_ERROR_MESSAGES
 205         {
 206                 pimfor_header_t *h = buf.mem;
 207                 DEBUG(SHOW_PIMFOR_FRAMES,
 208                       "PIMFOR: op %i, oid 0x%08lx, device %i, flags 0x%x length 0x%x\n",
 209                       h->operation, oid, h->device_id, h->flags, length);
 210
 211                 /* display the buffer contents for debugging */
 212                 display_buffer((char *) h, sizeof (pimfor_header_t));
 213                 display_buffer(p, length);
 214         }
 215 #endif
 216
 217         err = -ENOMEM;
 218         buf.pci_addr = pci_map_single(priv->pdev, buf.mem, frag_len,
 219                                       PCI_DMA_TODEVICE);
 220         if (pci_dma_mapping_error(priv->pdev, buf.pci_addr)) {
 221                 printk(KERN_WARNING "%s: cannot map PCI memory for mgmt\n",
 222                        ndev->name);
 223                 goto error_free;
 224         }
 225
 226         /* Protect the control block modifications against interrupts. */
 227         spin_lock_irqsave(&priv->slock, flags);
 228         curr_frag = le32_to_cpu(cb->driver_curr_frag[ISL38XX_CB_TX_MGMTQ]);
 229         if (curr_frag - priv->index_mgmt_tx >= ISL38XX_CB_MGMT_QSIZE) {
 230                 printk(KERN_WARNING "%s: mgmt tx queue is still full\n",
 231                        ndev->name);
 232                 goto error_unlock;
 233         }
 234
 235         /* commit the frame to the tx device queue */
 236         index = curr_frag % ISL38XX_CB_MGMT_QSIZE;
 237         priv->mgmt_tx[index] = buf;
 238         frag = &cb->tx_data_mgmt[index];
 239         frag->size = cpu_to_le16(frag_len);
 240         frag->flags = 0;        /* for any other than the last fragment, set to 1 */
 241         frag->address = cpu_to_le32(buf.pci_addr);
 242
 243         /* The fragment address in the control block must have
 244          * been written before announcing the frame buffer to
 245          * device */
 246         wmb();
 247         cb->driver_curr_frag[ISL38XX_CB_TX_MGMTQ] = cpu_to_le32(curr_frag + 1);
 248         spin_unlock_irqrestore(&priv->slock, flags);
 249
 250         /* trigger the device */
 251         islpci_trigger(priv);
 252         return 0;
 253
 254       error_unlock:
 255         spin_unlock_irqrestore(&priv->slock, flags);
 256       error_free:
 257         kfree(buf.mem);
 258       error:
 259         return err;
 260 }
 261
 262 /*
 263  * Receive a management frame from the device.
 264  * This can be an arbitrary number of traps, and at most one response
 265  * frame for a previous request sent via islpci_mgt_transmit().
 266  */
 267 int
 268 islpci_mgt_receive(struct net_device *ndev)
 269 {
 270         islpci_private *priv = netdev_priv(ndev);
 271         isl38xx_control_block *cb =
 272             (isl38xx_control_block *) priv->control_block;
 273         u32 curr_frag;
 274
 275 #if VERBOSE > SHOW_ERROR_MESSAGES
 276         DEBUG(SHOW_FUNCTION_CALLS, "islpci_mgt_receive\n");
 277 #endif
 278
 279         /* Only once per interrupt, determine fragment range to
 280          * process.  This avoids an endless loop (i.e. lockup) if
 281          * frames come in faster than we can process them. */
 282         curr_frag = le32_to_cpu(cb->device_curr_frag[ISL38XX_CB_RX_MGMTQ]);
 283         barrier();
 284
 285         for (; priv->index_mgmt_rx < curr_frag; priv->index_mgmt_rx++) {
 286                 pimfor_header_t *header;
 287                 u32 index = priv->index_mgmt_rx % ISL38XX_CB_MGMT_QSIZE;
 288                 struct islpci_membuf *buf = &priv->mgmt_rx[index];
 289                 u16 frag_len;
 290                 int size;
 291                 struct islpci_mgmtframe *frame;
 292
 293                 /* I have no idea (and no documentation) if flags != 0
 294                  * is possible.  Drop the frame, reuse the buffer. */
 295                 if (le16_to_cpu(cb->rx_data_mgmt[index].flags) != 0) {
 296                         printk(KERN_WARNING "%s: unknown flags 0x%04x\n",
 297                                ndev->name,
 298                                le16_to_cpu(cb->rx_data_mgmt[index].flags));
 299                         continue;
 300                 }
 301
 302                 /* The device only returns the size of the header(s) here. */
 303                 frag_len = le16_to_cpu(cb->rx_data_mgmt[index].size);
 304
 305                 /*
 306                  * We appear to have no way to tell the device the
 307                  * size of a receive buffer.  Thus, if this check
 308                  * triggers, we likely have kernel heap corruption. */
 309                 if (frag_len > MGMT_FRAME_SIZE) {
 310                         printk(KERN_WARNING
 311                                 "%s: Bogus packet size of %d (%#x).\n",
 312                                 ndev->name, frag_len, frag_len);
 313                         frag_len = MGMT_FRAME_SIZE;
 314                 }
 315
 316                 /* Ensure the results of device DMA are visible to the CPU. */
 317                 pci_dma_sync_single_for_cpu(priv->pdev, buf->pci_addr,
 318                                             buf->size, PCI_DMA_FROMDEVICE);
 319
 320                 /* Perform endianess conversion for PIMFOR header in-place. */
 321                 header = pimfor_decode_header(buf->mem, frag_len);
 322                 if (!header) {
 323                         printk(KERN_WARNING "%s: no PIMFOR header found\n",
 324                                ndev->name);
 325                         continue;
 326                 }
 327
 328                 /* The device ID from the PIMFOR packet received from
 329                  * the MVC is always 0.  We forward a sensible device_id.
 330                  * Not that anyone upstream would care... */
 331                 header->device_id = priv->ndev->ifindex;
 332
 333 #if VERBOSE > SHOW_ERROR_MESSAGES
 334                 DEBUG(SHOW_PIMFOR_FRAMES,
 335                       "PIMFOR: op %i, oid 0x%08x, device %i, flags 0x%x length 0x%x\n",
 336                       header->operation, header->oid, header->device_id,
 337                       header->flags, header->length);
 338
 339                 /* display the buffer contents for debugging */
 340                 display_buffer((char *) header, PIMFOR_HEADER_SIZE);
 341                 display_buffer((char *) header + PIMFOR_HEADER_SIZE,
 342                                header->length);
 343 #endif
 344
 345                 /* nobody sends these */
 346                 if (header->flags & PIMFOR_FLAG_APPLIC_ORIGIN) {
 347                         printk(KERN_DEBUG
 348                                "%s: errant PIMFOR application frame\n",
 349                                ndev->name);
 350                         continue;
 351                 }
 352
 353                 /* Determine frame size, skipping OID_INL_TUNNEL headers. */
 354                 size = PIMFOR_HEADER_SIZE + header->length;
 355                 frame = kmalloc(sizeof(struct islpci_mgmtframe) + size,
 356                                 GFP_ATOMIC);
 357                 if (!frame)
 358                         continue;
 359
 360                 frame->ndev = ndev;
 361                 memcpy(&frame->buf, header, size);
 362                 frame->header = (pimfor_header_t *) frame->buf;
 363                 frame->data = frame->buf + PIMFOR_HEADER_SIZE;
 364
 365 #if VERBOSE > SHOW_ERROR_MESSAGES
 366                 DEBUG(SHOW_PIMFOR_FRAMES,
 367                       "frame: header: %p, data: %p, size: %d\n",
 368                       frame->header, frame->data, size);
 369 #endif
 370
 371                 if (header->operation == PIMFOR_OP_TRAP) {
 372 #if VERBOSE > SHOW_ERROR_MESSAGES
 373                         printk(KERN_DEBUG
 374                                "TRAP: oid 0x%x, device %i, flags 0x%x length %i\n",
 375                                header->oid, header->device_id, header->flags,
 376                                header->length);
 377 #endif
 378
 379                         /* Create work to handle trap out of interrupt
 380                          * context. */
 381                         INIT_WORK(&frame->ws, prism54_process_trap);
 382                         schedule_work(&frame->ws);
 383
 384                 } else {
 385                         /* Signal the one waiting process that a response
 386                          * has been received. */
 387                         if ((frame = xchg(&priv->mgmt_received, frame)) != NULL) {
 388                                 printk(KERN_WARNING
 389                                        "%s: mgmt response not collected\n",
 390                                        ndev->name);
 391                                 kfree(frame);
 392                         }
 393 #if VERBOSE > SHOW_ERROR_MESSAGES
 394                         DEBUG(SHOW_TRACING, "Wake up Mgmt Queue\n");
 395 #endif
 396                         wake_up(&priv->mgmt_wqueue);
 397                 }
 398
 399         }
 400
 401         return 0;
 402 }
 403
 404 /*
 405  * Cleanup the transmit queue by freeing all frames handled by the device.
 406  */
 407 void
 408 islpci_mgt_cleanup_transmit(struct net_device *ndev)
 409 {
 410         islpci_private *priv = netdev_priv(ndev);
 411         isl38xx_control_block *cb =     /* volatile not needed */
 412             (isl38xx_control_block *) priv->control_block;
 413         u32 curr_frag;
 414
 415 #if VERBOSE > SHOW_ERROR_MESSAGES
 416         DEBUG(SHOW_FUNCTION_CALLS, "islpci_mgt_cleanup_transmit\n");
 417 #endif
 418
 419         /* Only once per cleanup, determine fragment range to
 420          * process.  This avoids an endless loop (i.e. lockup) if
 421          * the device became confused, incrementing device_curr_frag
 422          * rapidly. */
 423         curr_frag = le32_to_cpu(cb->device_curr_frag[ISL38XX_CB_TX_MGMTQ]);
 424         barrier();
 425
 426         for (; priv->index_mgmt_tx < curr_frag; priv->index_mgmt_tx++) {
 427                 int index = priv->index_mgmt_tx % ISL38XX_CB_MGMT_QSIZE;
 428                 struct islpci_membuf *buf = &priv->mgmt_tx[index];
 429                 pci_unmap_single(priv->pdev, buf->pci_addr, buf->size,
 430                                  PCI_DMA_TODEVICE);
 431                 buf->pci_addr = 0;
 432                 kfree(buf->mem);
 433                 buf->mem = NULL;
 434                 buf->size = 0;
 435         }
 436 }
 437
 438 /*
 439  * Perform one request-response transaction to the device.
 440  */
 441 int
 442 islpci_mgt_transaction(struct net_device *ndev,
 443                        int operation, unsigned long oid,
 444                        void *senddata, int sendlen,
 445                        struct islpci_mgmtframe **recvframe)
 446 {
 447         islpci_private *priv = netdev_priv(ndev);
 448         const long wait_cycle_jiffies = msecs_to_jiffies(ISL38XX_WAIT_CYCLE * 10);
 449         long timeout_left = ISL38XX_MAX_WAIT_CYCLES * wait_cycle_jiffies;
 450         int err;
 451         DEFINE_WAIT(wait);
 452
 453         *recvframe = NULL;
 454
 455         if (mutex_lock_interruptible(&priv->mgmt_lock))
 456                 return -ERESTARTSYS;
 457
 458         prepare_to_wait(&priv->mgmt_wqueue, &wait, TASK_UNINTERRUPTIBLE);
 459         err = islpci_mgt_transmit(ndev, operation, oid, senddata, sendlen);
 460         if (err)
 461                 goto out;
 462
 463         err = -ETIMEDOUT;
 464         while (timeout_left > 0) {
 465                 int timeleft;
 466                 struct islpci_mgmtframe *frame;
 467
 468                 timeleft = schedule_timeout_uninterruptible(wait_cycle_jiffies);
 469                 frame = xchg(&priv->mgmt_received, NULL);
 470                 if (frame) {
 471                         if (frame->header->oid == oid) {
 472                                 *recvframe = frame;
 473                                 err = 0;
 474                                 goto out;
 475                         } else {
 476                                 printk(KERN_DEBUG
 477                                        "%s: expecting oid 0x%x, received 0x%x.\n",
 478                                        ndev->name, (unsigned int) oid,
 479                                        frame->header->oid);
 480                                 kfree(frame);
 481                                 frame = NULL;
 482                         }
 483                 }
 484                 if (timeleft == 0) {
 485                         printk(KERN_DEBUG
 486                                 "%s: timeout waiting for mgmt response %lu, "
 487                                 "triggering device\n",
 488                                 ndev->name, timeout_left);
 489                         islpci_trigger(priv);
 490                 }
 491                 timeout_left += timeleft - wait_cycle_jiffies;
 492         }
 493         printk(KERN_WARNING "%s: timeout waiting for mgmt response\n",
 494                ndev->name);
 495
 496         /* TODO: we should reset the device here */
 497  out:
 498         finish_wait(&priv->mgmt_wqueue, &wait);
 499         mutex_unlock(&priv->mgmt_lock);
 500         return err;
 501 }
 502