1 /* src/prism2/driver/hfa384x_usb.c
3 * Functions that talk to the USB variantof the Intersil hfa384x MAC
5 * Copyright (C) 1999 AbsoluteValue Systems, Inc. All Rights Reserved.
6 * --------------------------------------------------------------------
10 * The contents of this file are subject to the Mozilla Public
11 * License Version 1.1 (the "License"); you may not use this file
12 * except in compliance with the License. You may obtain a copy of
13 * the License at http://www.mozilla.org/MPL/
15 * Software distributed under the License is distributed on an "AS
16 * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
17 * implied. See the License for the specific language governing
18 * rights and limitations under the License.
20 * Alternatively, the contents of this file may be used under the
21 * terms of the GNU Public License version 2 (the "GPL"), in which
22 * case the provisions of the GPL are applicable instead of the
23 * above. If you wish to allow the use of your version of this file
24 * only under the terms of the GPL and not to allow others to use
25 * your version of this file under the MPL, indicate your decision
26 * by deleting the provisions above and replace them with the notice
27 * and other provisions required by the GPL. If you do not delete
28 * the provisions above, a recipient may use your version of this
29 * file under either the MPL or the GPL.
31 * --------------------------------------------------------------------
33 * Inquiries regarding the linux-wlan Open Source project can be
36 * AbsoluteValue Systems Inc.
38 * http://www.linux-wlan.com
40 * --------------------------------------------------------------------
42 * Portions of the development of this software were funded by
43 * Intersil Corporation as part of PRISM(R) chipset product development.
45 * --------------------------------------------------------------------
47 * This file implements functions that correspond to the prism2/hfa384x
48 * 802.11 MAC hardware and firmware host interface.
50 * The functions can be considered to represent several levels of
51 * abstraction. The lowest level functions are simply C-callable wrappers
52 * around the register accesses. The next higher level represents C-callable
53 * prism2 API functions that match the Intersil documentation as closely
54 * as is reasonable. The next higher layer implements common sequences
55 * of invocations of the API layer (e.g. write to bap, followed by cmd).
58 * hfa384x_drvr_xxx Highest level abstractions provided by the
59 * hfa384x code. They are driver defined wrappers
60 * for common sequences. These functions generally
61 * use the services of the lower levels.
63 * hfa384x_drvr_xxxconfig An example of the drvr level abstraction. These
64 * functions are wrappers for the RID get/set
65 * sequence. They call copy_[to|from]_bap() and
66 * cmd_access(). These functions operate on the
67 * RIDs and buffers without validation. The caller
68 * is responsible for that.
70 * API wrapper functions:
71 * hfa384x_cmd_xxx functions that provide access to the f/w commands.
72 * The function arguments correspond to each command
73 * argument, even command arguments that get packed
74 * into single registers. These functions _just_
75 * issue the command by setting the cmd/parm regs
76 * & reading the status/resp regs. Additional
77 * activities required to fully use a command
78 * (read/write from/to bap, get/set int status etc.)
79 * are implemented separately. Think of these as
80 * C-callable prism2 commands.
82 * Lowest Layer Functions:
83 * hfa384x_docmd_xxx These functions implement the sequence required
84 * to issue any prism2 command. Primarily used by the
85 * hfa384x_cmd_xxx functions.
87 * hfa384x_bap_xxx BAP read/write access functions.
88 * Note: we usually use BAP0 for non-interrupt context
89 * and BAP1 for interrupt context.
91 * hfa384x_dl_xxx download related functions.
93 * Driver State Issues:
94 * Note that there are two pairs of functions that manage the
95 * 'initialized' and 'running' states of the hw/MAC combo. The four
96 * functions are create(), destroy(), start(), and stop(). create()
97 * sets up the data structures required to support the hfa384x_*
98 * functions and destroy() cleans them up. The start() function gets
99 * the actual hardware running and enables the interrupts. The stop()
100 * function shuts the hardware down. The sequence should be:
104 * . Do interesting things w/ the hardware
109 * Note that destroy() can be called without calling stop() first.
110 * --------------------------------------------------------------------
113 #include <linux/module.h>
114 #include <linux/kernel.h>
115 #include <linux/sched.h>
116 #include <linux/types.h>
117 #include <linux/slab.h>
118 #include <linux/wireless.h>
119 #include <linux/netdevice.h>
120 #include <linux/timer.h>
121 #include <linux/io.h>
122 #include <linux/delay.h>
123 #include <asm/byteorder.h>
124 #include <linux/bitops.h>
125 #include <linux/list.h>
126 #include <linux/usb.h>
127 #include <linux/byteorder/generic.h>
129 #include "p80211types.h"
130 #include "p80211hdr.h"
131 #include "p80211mgmt.h"
132 #include "p80211conv.h"
133 #include "p80211msg.h"
134 #include "p80211netdev.h"
135 #include "p80211req.h"
136 #include "p80211metadef.h"
137 #include "p80211metastruct.h"
139 #include "prism2mgmt.h"
146 #define THROTTLE_JIFFIES (HZ / 8)
147 #define URB_ASYNC_UNLINK 0
148 #define USB_QUEUE_BULK 0
150 #define ROUNDUP64(a) (((a) + 63) & ~63)
153 static void dbprint_urb(struct urb *urb);
156 static void hfa384x_int_rxmonitor(struct wlandevice *wlandev,
157 struct hfa384x_usb_rxfrm *rxfrm);
159 static void hfa384x_usb_defer(struct work_struct *data);
161 static int submit_rx_urb(struct hfa384x *hw, gfp_t flags);
163 static int submit_tx_urb(struct hfa384x *hw, struct urb *tx_urb, gfp_t flags);
165 /*---------------------------------------------------*/
167 static void hfa384x_usbout_callback(struct urb *urb);
168 static void hfa384x_ctlxout_callback(struct urb *urb);
169 static void hfa384x_usbin_callback(struct urb *urb);
172 hfa384x_usbin_txcompl(struct wlandevice *wlandev, union hfa384x_usbin *usbin);
174 static void hfa384x_usbin_rx(struct wlandevice *wlandev, struct sk_buff *skb);
176 static void hfa384x_usbin_info(struct wlandevice *wlandev,
177 union hfa384x_usbin *usbin);
179 static void hfa384x_usbin_ctlx(struct hfa384x *hw, union hfa384x_usbin *usbin,
182 /*---------------------------------------------------*/
183 /* Functions to support the prism2 usb command queue */
185 static void hfa384x_usbctlxq_run(struct hfa384x *hw);
187 static void hfa384x_usbctlx_reqtimerfn(unsigned long data);
189 static void hfa384x_usbctlx_resptimerfn(unsigned long data);
191 static void hfa384x_usb_throttlefn(unsigned long data);
193 static void hfa384x_usbctlx_completion_task(unsigned long data);
195 static void hfa384x_usbctlx_reaper_task(unsigned long data);
197 static int hfa384x_usbctlx_submit(struct hfa384x *hw,
198 struct hfa384x_usbctlx *ctlx);
200 static void unlocked_usbctlx_complete(struct hfa384x *hw,
201 struct hfa384x_usbctlx *ctlx);
203 struct usbctlx_completor {
204 int (*complete)(struct usbctlx_completor *);
208 hfa384x_usbctlx_complete_sync(struct hfa384x *hw,
209 struct hfa384x_usbctlx *ctlx,
210 struct usbctlx_completor *completor);
213 unlocked_usbctlx_cancel_async(struct hfa384x *hw, struct hfa384x_usbctlx *ctlx);
215 static void hfa384x_cb_status(struct hfa384x *hw,
216 const struct hfa384x_usbctlx *ctlx);
219 usbctlx_get_status(const struct hfa384x_usb_statusresp *cmdresp,
220 struct hfa384x_cmdresult *result);
223 usbctlx_get_rridresult(const struct hfa384x_usb_rridresp *rridresp,
224 struct hfa384x_rridresult *result);
226 /*---------------------------------------------------*/
227 /* Low level req/resp CTLX formatters and submitters */
229 hfa384x_docmd(struct hfa384x *hw,
231 struct hfa384x_metacmd *cmd,
232 ctlx_cmdcb_t cmdcb, ctlx_usercb_t usercb, void *usercb_data);
235 hfa384x_dorrid(struct hfa384x *hw,
239 unsigned int riddatalen,
240 ctlx_cmdcb_t cmdcb, ctlx_usercb_t usercb, void *usercb_data);
243 hfa384x_dowrid(struct hfa384x *hw,
247 unsigned int riddatalen,
248 ctlx_cmdcb_t cmdcb, ctlx_usercb_t usercb, void *usercb_data);
251 hfa384x_dormem(struct hfa384x *hw,
257 ctlx_cmdcb_t cmdcb, ctlx_usercb_t usercb, void *usercb_data);
260 hfa384x_dowmem(struct hfa384x *hw,
266 ctlx_cmdcb_t cmdcb, ctlx_usercb_t usercb, void *usercb_data);
268 static int hfa384x_isgood_pdrcode(u16 pdrcode);
270 static inline const char *ctlxstr(enum ctlx_state s)
272 static const char * const ctlx_str[] = {
277 "Request packet submitted",
278 "Request packet completed",
279 "Response packet completed"
285 static inline struct hfa384x_usbctlx *get_active_ctlx(struct hfa384x *hw)
287 return list_entry(hw->ctlxq.active.next, struct hfa384x_usbctlx, list);
291 void dbprint_urb(struct urb *urb)
293 pr_debug("urb->pipe=0x%08x\n", urb->pipe);
294 pr_debug("urb->status=0x%08x\n", urb->status);
295 pr_debug("urb->transfer_flags=0x%08x\n", urb->transfer_flags);
296 pr_debug("urb->transfer_buffer=0x%08x\n",
297 (unsigned int)urb->transfer_buffer);
298 pr_debug("urb->transfer_buffer_length=0x%08x\n",
299 urb->transfer_buffer_length);
300 pr_debug("urb->actual_length=0x%08x\n", urb->actual_length);
301 pr_debug("urb->bandwidth=0x%08x\n", urb->bandwidth);
302 pr_debug("urb->setup_packet(ctl)=0x%08x\n",
303 (unsigned int)urb->setup_packet);
304 pr_debug("urb->start_frame(iso/irq)=0x%08x\n", urb->start_frame);
305 pr_debug("urb->interval(irq)=0x%08x\n", urb->interval);
306 pr_debug("urb->error_count(iso)=0x%08x\n", urb->error_count);
307 pr_debug("urb->timeout=0x%08x\n", urb->timeout);
308 pr_debug("urb->context=0x%08x\n", (unsigned int)urb->context);
309 pr_debug("urb->complete=0x%08x\n", (unsigned int)urb->complete);
313 /*----------------------------------------------------------------
316 * Listen for input data on the BULK-IN pipe. If the pipe has
317 * stalled then schedule it to be reset.
321 * memflags memory allocation flags
324 * error code from submission
328 *----------------------------------------------------------------
330 static int submit_rx_urb(struct hfa384x *hw, gfp_t memflags)
335 skb = dev_alloc_skb(sizeof(union hfa384x_usbin));
341 /* Post the IN urb */
342 usb_fill_bulk_urb(&hw->rx_urb, hw->usb,
344 skb->data, sizeof(union hfa384x_usbin),
345 hfa384x_usbin_callback, hw->wlandev);
347 hw->rx_urb_skb = skb;
350 if (!hw->wlandev->hwremoved &&
351 !test_bit(WORK_RX_HALT, &hw->usb_flags)) {
352 result = usb_submit_urb(&hw->rx_urb, memflags);
354 /* Check whether we need to reset the RX pipe */
355 if (result == -EPIPE) {
356 netdev_warn(hw->wlandev->netdev,
357 "%s rx pipe stalled: requesting reset\n",
358 hw->wlandev->netdev->name);
359 if (!test_and_set_bit(WORK_RX_HALT, &hw->usb_flags))
360 schedule_work(&hw->usb_work);
364 /* Don't leak memory if anything should go wrong */
367 hw->rx_urb_skb = NULL;
374 /*----------------------------------------------------------------
377 * Prepares and submits the URB of transmitted data. If the
378 * submission fails then it will schedule the output pipe to
383 * tx_urb URB of data for transmission
384 * memflags memory allocation flags
387 * error code from submission
391 *----------------------------------------------------------------
393 static int submit_tx_urb(struct hfa384x *hw, struct urb *tx_urb, gfp_t memflags)
395 struct net_device *netdev = hw->wlandev->netdev;
399 if (netif_running(netdev)) {
400 if (!hw->wlandev->hwremoved &&
401 !test_bit(WORK_TX_HALT, &hw->usb_flags)) {
402 result = usb_submit_urb(tx_urb, memflags);
404 /* Test whether we need to reset the TX pipe */
405 if (result == -EPIPE) {
406 netdev_warn(hw->wlandev->netdev,
407 "%s tx pipe stalled: requesting reset\n",
409 set_bit(WORK_TX_HALT, &hw->usb_flags);
410 schedule_work(&hw->usb_work);
411 } else if (result == 0) {
412 netif_stop_queue(netdev);
420 /*----------------------------------------------------------------
423 * There are some things that the USB stack cannot do while
424 * in interrupt context, so we arrange this function to run
425 * in process context.
428 * hw device structure
434 * process (by design)
435 *----------------------------------------------------------------
437 static void hfa384x_usb_defer(struct work_struct *data)
439 struct hfa384x *hw = container_of(data, struct hfa384x, usb_work);
440 struct net_device *netdev = hw->wlandev->netdev;
442 /* Don't bother trying to reset anything if the plug
443 * has been pulled ...
445 if (hw->wlandev->hwremoved)
448 /* Reception has stopped: try to reset the input pipe */
449 if (test_bit(WORK_RX_HALT, &hw->usb_flags)) {
452 usb_kill_urb(&hw->rx_urb); /* Cannot be holding spinlock! */
454 ret = usb_clear_halt(hw->usb, hw->endp_in);
456 netdev_err(hw->wlandev->netdev,
457 "Failed to clear rx pipe for %s: err=%d\n",
460 netdev_info(hw->wlandev->netdev, "%s rx pipe reset complete.\n",
462 clear_bit(WORK_RX_HALT, &hw->usb_flags);
463 set_bit(WORK_RX_RESUME, &hw->usb_flags);
467 /* Resume receiving data back from the device. */
468 if (test_bit(WORK_RX_RESUME, &hw->usb_flags)) {
471 ret = submit_rx_urb(hw, GFP_KERNEL);
473 netdev_err(hw->wlandev->netdev,
474 "Failed to resume %s rx pipe.\n",
477 clear_bit(WORK_RX_RESUME, &hw->usb_flags);
481 /* Transmission has stopped: try to reset the output pipe */
482 if (test_bit(WORK_TX_HALT, &hw->usb_flags)) {
485 usb_kill_urb(&hw->tx_urb);
486 ret = usb_clear_halt(hw->usb, hw->endp_out);
488 netdev_err(hw->wlandev->netdev,
489 "Failed to clear tx pipe for %s: err=%d\n",
492 netdev_info(hw->wlandev->netdev, "%s tx pipe reset complete.\n",
494 clear_bit(WORK_TX_HALT, &hw->usb_flags);
495 set_bit(WORK_TX_RESUME, &hw->usb_flags);
497 /* Stopping the BULK-OUT pipe also blocked
498 * us from sending any more CTLX URBs, so
499 * we need to re-run our queue ...
501 hfa384x_usbctlxq_run(hw);
505 /* Resume transmitting. */
506 if (test_and_clear_bit(WORK_TX_RESUME, &hw->usb_flags))
507 netif_wake_queue(hw->wlandev->netdev);
510 /*----------------------------------------------------------------
513 * Sets up the struct hfa384x data structure for use. Note this
514 * does _not_ initialize the actual hardware, just the data structures
515 * we use to keep track of its state.
518 * hw device structure
519 * irq device irq number
520 * iobase i/o base address for register access
521 * membase memory base address for register access
530 *----------------------------------------------------------------
532 void hfa384x_create(struct hfa384x *hw, struct usb_device *usb)
536 /* Set up the waitq */
537 init_waitqueue_head(&hw->cmdq);
539 /* Initialize the command queue */
540 spin_lock_init(&hw->ctlxq.lock);
541 INIT_LIST_HEAD(&hw->ctlxq.pending);
542 INIT_LIST_HEAD(&hw->ctlxq.active);
543 INIT_LIST_HEAD(&hw->ctlxq.completing);
544 INIT_LIST_HEAD(&hw->ctlxq.reapable);
546 /* Initialize the authentication queue */
547 skb_queue_head_init(&hw->authq);
549 tasklet_init(&hw->reaper_bh,
550 hfa384x_usbctlx_reaper_task, (unsigned long)hw);
551 tasklet_init(&hw->completion_bh,
552 hfa384x_usbctlx_completion_task, (unsigned long)hw);
553 INIT_WORK(&hw->link_bh, prism2sta_processing_defer);
554 INIT_WORK(&hw->usb_work, hfa384x_usb_defer);
556 setup_timer(&hw->throttle, hfa384x_usb_throttlefn, (unsigned long)hw);
558 setup_timer(&hw->resptimer, hfa384x_usbctlx_resptimerfn,
561 setup_timer(&hw->reqtimer, hfa384x_usbctlx_reqtimerfn,
564 usb_init_urb(&hw->rx_urb);
565 usb_init_urb(&hw->tx_urb);
566 usb_init_urb(&hw->ctlx_urb);
568 hw->link_status = HFA384x_LINK_NOTCONNECTED;
569 hw->state = HFA384x_STATE_INIT;
571 INIT_WORK(&hw->commsqual_bh, prism2sta_commsqual_defer);
572 setup_timer(&hw->commsqual_timer, prism2sta_commsqual_timer,
576 /*----------------------------------------------------------------
579 * Partner to hfa384x_create(). This function cleans up the hw
580 * structure so that it can be freed by the caller using a simple
581 * kfree. Currently, this function is just a placeholder. If, at some
582 * point in the future, an hw in the 'shutdown' state requires a 'deep'
583 * kfree, this is where it should be done. Note that if this function
584 * is called on a _running_ hw structure, the drvr_stop() function is
588 * hw device structure
591 * nothing, this function is not allowed to fail.
597 *----------------------------------------------------------------
599 void hfa384x_destroy(struct hfa384x *hw)
603 if (hw->state == HFA384x_STATE_RUNNING)
604 hfa384x_drvr_stop(hw);
605 hw->state = HFA384x_STATE_PREINIT;
607 kfree(hw->scanresults);
608 hw->scanresults = NULL;
610 /* Now to clean out the auth queue */
611 while ((skb = skb_dequeue(&hw->authq)))
615 static struct hfa384x_usbctlx *usbctlx_alloc(void)
617 struct hfa384x_usbctlx *ctlx;
619 ctlx = kzalloc(sizeof(*ctlx),
620 in_interrupt() ? GFP_ATOMIC : GFP_KERNEL);
622 init_completion(&ctlx->done);
628 usbctlx_get_status(const struct hfa384x_usb_statusresp *cmdresp,
629 struct hfa384x_cmdresult *result)
631 result->status = le16_to_cpu(cmdresp->status);
632 result->resp0 = le16_to_cpu(cmdresp->resp0);
633 result->resp1 = le16_to_cpu(cmdresp->resp1);
634 result->resp2 = le16_to_cpu(cmdresp->resp2);
636 pr_debug("cmdresult:status=0x%04x resp0=0x%04x resp1=0x%04x resp2=0x%04x\n",
637 result->status, result->resp0, result->resp1, result->resp2);
639 return result->status & HFA384x_STATUS_RESULT;
643 usbctlx_get_rridresult(const struct hfa384x_usb_rridresp *rridresp,
644 struct hfa384x_rridresult *result)
646 result->rid = le16_to_cpu(rridresp->rid);
647 result->riddata = rridresp->data;
648 result->riddata_len = ((le16_to_cpu(rridresp->frmlen) - 1) * 2);
651 /*----------------------------------------------------------------
653 * This completor must be passed to hfa384x_usbctlx_complete_sync()
654 * when processing a CTLX that returns a struct hfa384x_cmdresult structure.
655 *----------------------------------------------------------------
657 struct usbctlx_cmd_completor {
658 struct usbctlx_completor head;
660 const struct hfa384x_usb_statusresp *cmdresp;
661 struct hfa384x_cmdresult *result;
664 static inline int usbctlx_cmd_completor_fn(struct usbctlx_completor *head)
666 struct usbctlx_cmd_completor *complete;
668 complete = (struct usbctlx_cmd_completor *)head;
669 return usbctlx_get_status(complete->cmdresp, complete->result);
672 static inline struct usbctlx_completor *
673 init_cmd_completor(struct usbctlx_cmd_completor *completor,
674 const struct hfa384x_usb_statusresp *cmdresp,
675 struct hfa384x_cmdresult *result)
677 completor->head.complete = usbctlx_cmd_completor_fn;
678 completor->cmdresp = cmdresp;
679 completor->result = result;
680 return &completor->head;
683 /*----------------------------------------------------------------
685 * This completor must be passed to hfa384x_usbctlx_complete_sync()
686 * when processing a CTLX that reads a RID.
687 *----------------------------------------------------------------
689 struct usbctlx_rrid_completor {
690 struct usbctlx_completor head;
692 const struct hfa384x_usb_rridresp *rridresp;
694 unsigned int riddatalen;
697 static int usbctlx_rrid_completor_fn(struct usbctlx_completor *head)
699 struct usbctlx_rrid_completor *complete;
700 struct hfa384x_rridresult rridresult;
702 complete = (struct usbctlx_rrid_completor *)head;
703 usbctlx_get_rridresult(complete->rridresp, &rridresult);
705 /* Validate the length, note body len calculation in bytes */
706 if (rridresult.riddata_len != complete->riddatalen) {
707 pr_warn("RID len mismatch, rid=0x%04x hlen=%d fwlen=%d\n",
709 complete->riddatalen, rridresult.riddata_len);
713 memcpy(complete->riddata, rridresult.riddata, complete->riddatalen);
717 static inline struct usbctlx_completor *
718 init_rrid_completor(struct usbctlx_rrid_completor *completor,
719 const struct hfa384x_usb_rridresp *rridresp,
721 unsigned int riddatalen)
723 completor->head.complete = usbctlx_rrid_completor_fn;
724 completor->rridresp = rridresp;
725 completor->riddata = riddata;
726 completor->riddatalen = riddatalen;
727 return &completor->head;
730 /*----------------------------------------------------------------
732 * Interprets the results of a synchronous RID-write
733 *----------------------------------------------------------------
735 #define init_wrid_completor init_cmd_completor
737 /*----------------------------------------------------------------
739 * Interprets the results of a synchronous memory-write
740 *----------------------------------------------------------------
742 #define init_wmem_completor init_cmd_completor
744 /*----------------------------------------------------------------
746 * Interprets the results of a synchronous memory-read
747 *----------------------------------------------------------------
749 struct usbctlx_rmem_completor {
750 struct usbctlx_completor head;
752 const struct hfa384x_usb_rmemresp *rmemresp;
757 static int usbctlx_rmem_completor_fn(struct usbctlx_completor *head)
759 struct usbctlx_rmem_completor *complete =
760 (struct usbctlx_rmem_completor *)head;
762 pr_debug("rmemresp:len=%d\n", complete->rmemresp->frmlen);
763 memcpy(complete->data, complete->rmemresp->data, complete->len);
767 static inline struct usbctlx_completor *
768 init_rmem_completor(struct usbctlx_rmem_completor *completor,
769 struct hfa384x_usb_rmemresp *rmemresp,
773 completor->head.complete = usbctlx_rmem_completor_fn;
774 completor->rmemresp = rmemresp;
775 completor->data = data;
776 completor->len = len;
777 return &completor->head;
780 /*----------------------------------------------------------------
783 * Ctlx_complete handler for async CMD type control exchanges.
784 * mark the hw struct as such.
786 * Note: If the handling is changed here, it should probably be
787 * changed in docmd as well.
791 * ctlx completed CTLX
800 *----------------------------------------------------------------
802 static void hfa384x_cb_status(struct hfa384x *hw,
803 const struct hfa384x_usbctlx *ctlx)
806 struct hfa384x_cmdresult cmdresult;
808 if (ctlx->state != CTLX_COMPLETE) {
809 memset(&cmdresult, 0, sizeof(cmdresult));
811 HFA384x_STATUS_RESULT_SET(HFA384x_CMD_ERR);
813 usbctlx_get_status(&ctlx->inbuf.cmdresp, &cmdresult);
816 ctlx->usercb(hw, &cmdresult, ctlx->usercb_data);
820 static inline int hfa384x_docmd_wait(struct hfa384x *hw,
821 struct hfa384x_metacmd *cmd)
823 return hfa384x_docmd(hw, DOWAIT, cmd, NULL, NULL, NULL);
827 hfa384x_docmd_async(struct hfa384x *hw,
828 struct hfa384x_metacmd *cmd,
829 ctlx_cmdcb_t cmdcb, ctlx_usercb_t usercb, void *usercb_data)
831 return hfa384x_docmd(hw, DOASYNC, cmd, cmdcb, usercb, usercb_data);
835 hfa384x_dorrid_wait(struct hfa384x *hw, u16 rid, void *riddata,
836 unsigned int riddatalen)
838 return hfa384x_dorrid(hw, DOWAIT,
839 rid, riddata, riddatalen, NULL, NULL, NULL);
843 hfa384x_dorrid_async(struct hfa384x *hw,
844 u16 rid, void *riddata, unsigned int riddatalen,
846 ctlx_usercb_t usercb, void *usercb_data)
848 return hfa384x_dorrid(hw, DOASYNC,
849 rid, riddata, riddatalen,
850 cmdcb, usercb, usercb_data);
854 hfa384x_dowrid_wait(struct hfa384x *hw, u16 rid, void *riddata,
855 unsigned int riddatalen)
857 return hfa384x_dowrid(hw, DOWAIT,
858 rid, riddata, riddatalen, NULL, NULL, NULL);
862 hfa384x_dowrid_async(struct hfa384x *hw,
863 u16 rid, void *riddata, unsigned int riddatalen,
865 ctlx_usercb_t usercb, void *usercb_data)
867 return hfa384x_dowrid(hw, DOASYNC,
868 rid, riddata, riddatalen,
869 cmdcb, usercb, usercb_data);
873 hfa384x_dormem_wait(struct hfa384x *hw,
874 u16 page, u16 offset, void *data, unsigned int len)
876 return hfa384x_dormem(hw, DOWAIT,
877 page, offset, data, len, NULL, NULL, NULL);
881 hfa384x_dormem_async(struct hfa384x *hw,
882 u16 page, u16 offset, void *data, unsigned int len,
884 ctlx_usercb_t usercb, void *usercb_data)
886 return hfa384x_dormem(hw, DOASYNC,
887 page, offset, data, len,
888 cmdcb, usercb, usercb_data);
892 hfa384x_dowmem_wait(struct hfa384x *hw,
893 u16 page, u16 offset, void *data, unsigned int len)
895 return hfa384x_dowmem(hw, DOWAIT,
896 page, offset, data, len, NULL, NULL, NULL);
900 hfa384x_dowmem_async(struct hfa384x *hw,
906 ctlx_usercb_t usercb, void *usercb_data)
908 return hfa384x_dowmem(hw, DOASYNC,
909 page, offset, data, len,
910 cmdcb, usercb, usercb_data);
913 /*----------------------------------------------------------------
914 * hfa384x_cmd_initialize
916 * Issues the initialize command and sets the hw->state based
920 * hw device structure
924 * >0 f/w reported error - f/w status code
925 * <0 driver reported error
931 *----------------------------------------------------------------
933 int hfa384x_cmd_initialize(struct hfa384x *hw)
937 struct hfa384x_metacmd cmd;
939 cmd.cmd = HFA384x_CMDCODE_INIT;
944 result = hfa384x_docmd_wait(hw, &cmd);
946 pr_debug("cmdresp.init: status=0x%04x, resp0=0x%04x, resp1=0x%04x, resp2=0x%04x\n",
948 cmd.result.resp0, cmd.result.resp1, cmd.result.resp2);
950 for (i = 0; i < HFA384x_NUMPORTS_MAX; i++)
951 hw->port_enabled[i] = 0;
954 hw->link_status = HFA384x_LINK_NOTCONNECTED;
959 /*----------------------------------------------------------------
960 * hfa384x_cmd_disable
962 * Issues the disable command to stop communications on one of
966 * hw device structure
967 * macport MAC port number (host order)
971 * >0 f/w reported failure - f/w status code
972 * <0 driver reported error (timeout|bad arg)
978 *----------------------------------------------------------------
980 int hfa384x_cmd_disable(struct hfa384x *hw, u16 macport)
982 struct hfa384x_metacmd cmd;
984 cmd.cmd = HFA384x_CMD_CMDCODE_SET(HFA384x_CMDCODE_DISABLE) |
985 HFA384x_CMD_MACPORT_SET(macport);
990 return hfa384x_docmd_wait(hw, &cmd);
993 /*----------------------------------------------------------------
996 * Issues the enable command to enable communications on one of
1000 * hw device structure
1001 * macport MAC port number
1005 * >0 f/w reported failure - f/w status code
1006 * <0 driver reported error (timeout|bad arg)
1012 *----------------------------------------------------------------
1014 int hfa384x_cmd_enable(struct hfa384x *hw, u16 macport)
1016 struct hfa384x_metacmd cmd;
1018 cmd.cmd = HFA384x_CMD_CMDCODE_SET(HFA384x_CMDCODE_ENABLE) |
1019 HFA384x_CMD_MACPORT_SET(macport);
1024 return hfa384x_docmd_wait(hw, &cmd);
1027 /*----------------------------------------------------------------
1028 * hfa384x_cmd_monitor
1030 * Enables the 'monitor mode' of the MAC. Here's the description of
1031 * monitor mode that I've received thus far:
1033 * "The "monitor mode" of operation is that the MAC passes all
1034 * frames for which the PLCP checks are correct. All received
1035 * MPDUs are passed to the host with MAC Port = 7, with a
1036 * receive status of good, FCS error, or undecryptable. Passing
1037 * certain MPDUs is a violation of the 802.11 standard, but useful
1038 * for a debugging tool." Normal communication is not possible
1039 * while monitor mode is enabled.
1042 * hw device structure
1043 * enable a code (0x0b|0x0f) that enables/disables
1044 * monitor mode. (host order)
1048 * >0 f/w reported failure - f/w status code
1049 * <0 driver reported error (timeout|bad arg)
1055 *----------------------------------------------------------------
1057 int hfa384x_cmd_monitor(struct hfa384x *hw, u16 enable)
1059 struct hfa384x_metacmd cmd;
1061 cmd.cmd = HFA384x_CMD_CMDCODE_SET(HFA384x_CMDCODE_MONITOR) |
1062 HFA384x_CMD_AINFO_SET(enable);
1067 return hfa384x_docmd_wait(hw, &cmd);
1070 /*----------------------------------------------------------------
1071 * hfa384x_cmd_download
1073 * Sets the controls for the MAC controller code/data download
1074 * process. The arguments set the mode and address associated
1075 * with a download. Note that the aux registers should be enabled
1076 * prior to setting one of the download enable modes.
1079 * hw device structure
1080 * mode 0 - Disable programming and begin code exec
1081 * 1 - Enable volatile mem programming
1082 * 2 - Enable non-volatile mem programming
1083 * 3 - Program non-volatile section from NV download
1087 * highaddr For mode 1, sets the high & low order bits of
1088 * the "destination address". This address will be
1089 * the execution start address when download is
1090 * subsequently disabled.
1091 * For mode 2, sets the high & low order bits of
1092 * the destination in NV ram.
1093 * For modes 0 & 3, should be zero. (host order)
1094 * NOTE: these are CMD format.
1095 * codelen Length of the data to write in mode 2,
1096 * zero otherwise. (host order)
1100 * >0 f/w reported failure - f/w status code
1101 * <0 driver reported error (timeout|bad arg)
1107 *----------------------------------------------------------------
1109 int hfa384x_cmd_download(struct hfa384x *hw, u16 mode, u16 lowaddr,
1110 u16 highaddr, u16 codelen)
1112 struct hfa384x_metacmd cmd;
1114 pr_debug("mode=%d, lowaddr=0x%04x, highaddr=0x%04x, codelen=%d\n",
1115 mode, lowaddr, highaddr, codelen);
1117 cmd.cmd = (HFA384x_CMD_CMDCODE_SET(HFA384x_CMDCODE_DOWNLD) |
1118 HFA384x_CMD_PROGMODE_SET(mode));
1120 cmd.parm0 = lowaddr;
1121 cmd.parm1 = highaddr;
1122 cmd.parm2 = codelen;
1124 return hfa384x_docmd_wait(hw, &cmd);
1127 /*----------------------------------------------------------------
1130 * Perform a reset of the hfa38xx MAC core. We assume that the hw
1131 * structure is in its "created" state. That is, it is initialized
1132 * with proper values. Note that if a reset is done after the
1133 * device has been active for awhile, the caller might have to clean
1134 * up some leftover cruft in the hw structure.
1137 * hw device structure
1138 * holdtime how long (in ms) to hold the reset
1139 * settletime how long (in ms) to wait after releasing
1149 *----------------------------------------------------------------
1151 int hfa384x_corereset(struct hfa384x *hw, int holdtime,
1152 int settletime, int genesis)
1156 result = usb_reset_device(hw->usb);
1158 netdev_err(hw->wlandev->netdev, "usb_reset_device() failed, result=%d.\n",
1165 /*----------------------------------------------------------------
1166 * hfa384x_usbctlx_complete_sync
1168 * Waits for a synchronous CTLX object to complete,
1169 * and then handles the response.
1172 * hw device structure
1174 * completor functor object to decide what to
1175 * do with the CTLX's result.
1179 * -ERESTARTSYS Interrupted by a signal
1181 * -ENODEV Adapter was unplugged
1182 * ??? Result from completor
1188 *----------------------------------------------------------------
1190 static int hfa384x_usbctlx_complete_sync(struct hfa384x *hw,
1191 struct hfa384x_usbctlx *ctlx,
1192 struct usbctlx_completor *completor)
1194 unsigned long flags;
1197 result = wait_for_completion_interruptible(&ctlx->done);
1199 spin_lock_irqsave(&hw->ctlxq.lock, flags);
1202 * We can only handle the CTLX if the USB disconnect
1203 * function has not run yet ...
1206 if (hw->wlandev->hwremoved) {
1207 spin_unlock_irqrestore(&hw->ctlxq.lock, flags);
1209 } else if (result != 0) {
1213 * We were probably interrupted, so delete
1214 * this CTLX asynchronously, kill the timers
1215 * and the URB, and then start the next
1218 * NOTE: We can only delete the timers and
1219 * the URB if this CTLX is active.
1221 if (ctlx == get_active_ctlx(hw)) {
1222 spin_unlock_irqrestore(&hw->ctlxq.lock, flags);
1224 del_singleshot_timer_sync(&hw->reqtimer);
1225 del_singleshot_timer_sync(&hw->resptimer);
1226 hw->req_timer_done = 1;
1227 hw->resp_timer_done = 1;
1228 usb_kill_urb(&hw->ctlx_urb);
1230 spin_lock_irqsave(&hw->ctlxq.lock, flags);
1235 * This scenario is so unlikely that I'm
1236 * happy with a grubby "goto" solution ...
1238 if (hw->wlandev->hwremoved)
1243 * The completion task will send this CTLX
1244 * to the reaper the next time it runs. We
1245 * are no longer in a hurry.
1248 ctlx->state = CTLX_REQ_FAILED;
1249 list_move_tail(&ctlx->list, &hw->ctlxq.completing);
1251 spin_unlock_irqrestore(&hw->ctlxq.lock, flags);
1254 hfa384x_usbctlxq_run(hw);
1256 if (ctlx->state == CTLX_COMPLETE) {
1257 result = completor->complete(completor);
1259 netdev_warn(hw->wlandev->netdev, "CTLX[%d] error: state(%s)\n",
1260 le16_to_cpu(ctlx->outbuf.type),
1261 ctlxstr(ctlx->state));
1265 list_del(&ctlx->list);
1266 spin_unlock_irqrestore(&hw->ctlxq.lock, flags);
1273 /*----------------------------------------------------------------
1276 * Constructs a command CTLX and submits it.
1278 * NOTE: Any changes to the 'post-submit' code in this function
1279 * need to be carried over to hfa384x_cbcmd() since the handling
1280 * is virtually identical.
1283 * hw device structure
1284 * mode DOWAIT or DOASYNC
1285 * cmd cmd structure. Includes all arguments and result
1286 * data points. All in host order. in host order
1287 * cmdcb command-specific callback
1288 * usercb user callback for async calls, NULL for DOWAIT calls
1289 * usercb_data user supplied data pointer for async calls, NULL
1295 * -ERESTARTSYS Awakened on signal
1296 * >0 command indicated error, Status and Resp0-2 are
1304 *----------------------------------------------------------------
1307 hfa384x_docmd(struct hfa384x *hw,
1309 struct hfa384x_metacmd *cmd,
1310 ctlx_cmdcb_t cmdcb, ctlx_usercb_t usercb, void *usercb_data)
1313 struct hfa384x_usbctlx *ctlx;
1315 ctlx = usbctlx_alloc();
1321 /* Initialize the command */
1322 ctlx->outbuf.cmdreq.type = cpu_to_le16(HFA384x_USB_CMDREQ);
1323 ctlx->outbuf.cmdreq.cmd = cpu_to_le16(cmd->cmd);
1324 ctlx->outbuf.cmdreq.parm0 = cpu_to_le16(cmd->parm0);
1325 ctlx->outbuf.cmdreq.parm1 = cpu_to_le16(cmd->parm1);
1326 ctlx->outbuf.cmdreq.parm2 = cpu_to_le16(cmd->parm2);
1328 ctlx->outbufsize = sizeof(ctlx->outbuf.cmdreq);
1330 pr_debug("cmdreq: cmd=0x%04x parm0=0x%04x parm1=0x%04x parm2=0x%04x\n",
1331 cmd->cmd, cmd->parm0, cmd->parm1, cmd->parm2);
1333 ctlx->reapable = mode;
1334 ctlx->cmdcb = cmdcb;
1335 ctlx->usercb = usercb;
1336 ctlx->usercb_data = usercb_data;
1338 result = hfa384x_usbctlx_submit(hw, ctlx);
1341 } else if (mode == DOWAIT) {
1342 struct usbctlx_cmd_completor cmd_completor;
1343 struct usbctlx_completor *completor;
1345 completor = init_cmd_completor(&cmd_completor,
1346 &ctlx->inbuf.cmdresp,
1349 result = hfa384x_usbctlx_complete_sync(hw, ctlx, completor);
1356 /*----------------------------------------------------------------
1359 * Constructs a read rid CTLX and issues it.
1361 * NOTE: Any changes to the 'post-submit' code in this function
1362 * need to be carried over to hfa384x_cbrrid() since the handling
1363 * is virtually identical.
1366 * hw device structure
1367 * mode DOWAIT or DOASYNC
1368 * rid Read RID number (host order)
1369 * riddata Caller supplied buffer that MAC formatted RID.data
1370 * record will be written to for DOWAIT calls. Should
1371 * be NULL for DOASYNC calls.
1372 * riddatalen Buffer length for DOWAIT calls. Zero for DOASYNC calls.
1373 * cmdcb command callback for async calls, NULL for DOWAIT calls
1374 * usercb user callback for async calls, NULL for DOWAIT calls
1375 * usercb_data user supplied data pointer for async calls, NULL
1381 * -ERESTARTSYS Awakened on signal
1382 * -ENODATA riddatalen != macdatalen
1383 * >0 command indicated error, Status and Resp0-2 are
1389 * interrupt (DOASYNC)
1390 * process (DOWAIT or DOASYNC)
1391 *----------------------------------------------------------------
1394 hfa384x_dorrid(struct hfa384x *hw,
1398 unsigned int riddatalen,
1399 ctlx_cmdcb_t cmdcb, ctlx_usercb_t usercb, void *usercb_data)
1402 struct hfa384x_usbctlx *ctlx;
1404 ctlx = usbctlx_alloc();
1410 /* Initialize the command */
1411 ctlx->outbuf.rridreq.type = cpu_to_le16(HFA384x_USB_RRIDREQ);
1412 ctlx->outbuf.rridreq.frmlen =
1413 cpu_to_le16(sizeof(ctlx->outbuf.rridreq.rid));
1414 ctlx->outbuf.rridreq.rid = cpu_to_le16(rid);
1416 ctlx->outbufsize = sizeof(ctlx->outbuf.rridreq);
1418 ctlx->reapable = mode;
1419 ctlx->cmdcb = cmdcb;
1420 ctlx->usercb = usercb;
1421 ctlx->usercb_data = usercb_data;
1423 /* Submit the CTLX */
1424 result = hfa384x_usbctlx_submit(hw, ctlx);
1427 } else if (mode == DOWAIT) {
1428 struct usbctlx_rrid_completor completor;
1431 hfa384x_usbctlx_complete_sync(hw, ctlx,
1434 &ctlx->inbuf.rridresp,
1435 riddata, riddatalen));
1442 /*----------------------------------------------------------------
1445 * Constructs a write rid CTLX and issues it.
1447 * NOTE: Any changes to the 'post-submit' code in this function
1448 * need to be carried over to hfa384x_cbwrid() since the handling
1449 * is virtually identical.
1452 * hw device structure
1453 * enum cmd_mode DOWAIT or DOASYNC
1455 * riddata Data portion of RID formatted for MAC
1456 * riddatalen Length of the data portion in bytes
1457 * cmdcb command callback for async calls, NULL for DOWAIT calls
1458 * usercb user callback for async calls, NULL for DOWAIT calls
1459 * usercb_data user supplied data pointer for async calls
1463 * -ETIMEDOUT timed out waiting for register ready or
1464 * command completion
1465 * >0 command indicated error, Status and Resp0-2 are
1471 * interrupt (DOASYNC)
1472 * process (DOWAIT or DOASYNC)
1473 *----------------------------------------------------------------
1476 hfa384x_dowrid(struct hfa384x *hw,
1480 unsigned int riddatalen,
1481 ctlx_cmdcb_t cmdcb, ctlx_usercb_t usercb, void *usercb_data)
1484 struct hfa384x_usbctlx *ctlx;
1486 ctlx = usbctlx_alloc();
1492 /* Initialize the command */
1493 ctlx->outbuf.wridreq.type = cpu_to_le16(HFA384x_USB_WRIDREQ);
1494 ctlx->outbuf.wridreq.frmlen = cpu_to_le16((sizeof
1495 (ctlx->outbuf.wridreq.rid) +
1496 riddatalen + 1) / 2);
1497 ctlx->outbuf.wridreq.rid = cpu_to_le16(rid);
1498 memcpy(ctlx->outbuf.wridreq.data, riddata, riddatalen);
1500 ctlx->outbufsize = sizeof(ctlx->outbuf.wridreq.type) +
1501 sizeof(ctlx->outbuf.wridreq.frmlen) +
1502 sizeof(ctlx->outbuf.wridreq.rid) + riddatalen;
1504 ctlx->reapable = mode;
1505 ctlx->cmdcb = cmdcb;
1506 ctlx->usercb = usercb;
1507 ctlx->usercb_data = usercb_data;
1509 /* Submit the CTLX */
1510 result = hfa384x_usbctlx_submit(hw, ctlx);
1513 } else if (mode == DOWAIT) {
1514 struct usbctlx_cmd_completor completor;
1515 struct hfa384x_cmdresult wridresult;
1517 result = hfa384x_usbctlx_complete_sync(hw,
1521 &ctlx->inbuf.wridresp,
1529 /*----------------------------------------------------------------
1532 * Constructs a readmem CTLX and issues it.
1534 * NOTE: Any changes to the 'post-submit' code in this function
1535 * need to be carried over to hfa384x_cbrmem() since the handling
1536 * is virtually identical.
1539 * hw device structure
1540 * mode DOWAIT or DOASYNC
1541 * page MAC address space page (CMD format)
1542 * offset MAC address space offset
1543 * data Ptr to data buffer to receive read
1544 * len Length of the data to read (max == 2048)
1545 * cmdcb command callback for async calls, NULL for DOWAIT calls
1546 * usercb user callback for async calls, NULL for DOWAIT calls
1547 * usercb_data user supplied data pointer for async calls
1551 * -ETIMEDOUT timed out waiting for register ready or
1552 * command completion
1553 * >0 command indicated error, Status and Resp0-2 are
1559 * interrupt (DOASYNC)
1560 * process (DOWAIT or DOASYNC)
1561 *----------------------------------------------------------------
1564 hfa384x_dormem(struct hfa384x *hw,
1570 ctlx_cmdcb_t cmdcb, ctlx_usercb_t usercb, void *usercb_data)
1573 struct hfa384x_usbctlx *ctlx;
1575 ctlx = usbctlx_alloc();
1581 /* Initialize the command */
1582 ctlx->outbuf.rmemreq.type = cpu_to_le16(HFA384x_USB_RMEMREQ);
1583 ctlx->outbuf.rmemreq.frmlen =
1584 cpu_to_le16(sizeof(ctlx->outbuf.rmemreq.offset) +
1585 sizeof(ctlx->outbuf.rmemreq.page) + len);
1586 ctlx->outbuf.rmemreq.offset = cpu_to_le16(offset);
1587 ctlx->outbuf.rmemreq.page = cpu_to_le16(page);
1589 ctlx->outbufsize = sizeof(ctlx->outbuf.rmemreq);
1591 pr_debug("type=0x%04x frmlen=%d offset=0x%04x page=0x%04x\n",
1592 ctlx->outbuf.rmemreq.type,
1593 ctlx->outbuf.rmemreq.frmlen,
1594 ctlx->outbuf.rmemreq.offset, ctlx->outbuf.rmemreq.page);
1596 pr_debug("pktsize=%zd\n", ROUNDUP64(sizeof(ctlx->outbuf.rmemreq)));
1598 ctlx->reapable = mode;
1599 ctlx->cmdcb = cmdcb;
1600 ctlx->usercb = usercb;
1601 ctlx->usercb_data = usercb_data;
1603 result = hfa384x_usbctlx_submit(hw, ctlx);
1606 } else if (mode == DOWAIT) {
1607 struct usbctlx_rmem_completor completor;
1610 hfa384x_usbctlx_complete_sync(hw, ctlx,
1613 &ctlx->inbuf.rmemresp, data,
1621 /*----------------------------------------------------------------
1624 * Constructs a writemem CTLX and issues it.
1626 * NOTE: Any changes to the 'post-submit' code in this function
1627 * need to be carried over to hfa384x_cbwmem() since the handling
1628 * is virtually identical.
1631 * hw device structure
1632 * mode DOWAIT or DOASYNC
1633 * page MAC address space page (CMD format)
1634 * offset MAC address space offset
1635 * data Ptr to data buffer containing write data
1636 * len Length of the data to read (max == 2048)
1637 * cmdcb command callback for async calls, NULL for DOWAIT calls
1638 * usercb user callback for async calls, NULL for DOWAIT calls
1639 * usercb_data user supplied data pointer for async calls.
1643 * -ETIMEDOUT timed out waiting for register ready or
1644 * command completion
1645 * >0 command indicated error, Status and Resp0-2 are
1651 * interrupt (DOWAIT)
1652 * process (DOWAIT or DOASYNC)
1653 *----------------------------------------------------------------
1656 hfa384x_dowmem(struct hfa384x *hw,
1662 ctlx_cmdcb_t cmdcb, ctlx_usercb_t usercb, void *usercb_data)
1665 struct hfa384x_usbctlx *ctlx;
1667 pr_debug("page=0x%04x offset=0x%04x len=%d\n", page, offset, len);
1669 ctlx = usbctlx_alloc();
1675 /* Initialize the command */
1676 ctlx->outbuf.wmemreq.type = cpu_to_le16(HFA384x_USB_WMEMREQ);
1677 ctlx->outbuf.wmemreq.frmlen =
1678 cpu_to_le16(sizeof(ctlx->outbuf.wmemreq.offset) +
1679 sizeof(ctlx->outbuf.wmemreq.page) + len);
1680 ctlx->outbuf.wmemreq.offset = cpu_to_le16(offset);
1681 ctlx->outbuf.wmemreq.page = cpu_to_le16(page);
1682 memcpy(ctlx->outbuf.wmemreq.data, data, len);
1684 ctlx->outbufsize = sizeof(ctlx->outbuf.wmemreq.type) +
1685 sizeof(ctlx->outbuf.wmemreq.frmlen) +
1686 sizeof(ctlx->outbuf.wmemreq.offset) +
1687 sizeof(ctlx->outbuf.wmemreq.page) + len;
1689 ctlx->reapable = mode;
1690 ctlx->cmdcb = cmdcb;
1691 ctlx->usercb = usercb;
1692 ctlx->usercb_data = usercb_data;
1694 result = hfa384x_usbctlx_submit(hw, ctlx);
1697 } else if (mode == DOWAIT) {
1698 struct usbctlx_cmd_completor completor;
1699 struct hfa384x_cmdresult wmemresult;
1701 result = hfa384x_usbctlx_complete_sync(hw,
1705 &ctlx->inbuf.wmemresp,
1713 /*----------------------------------------------------------------
1714 * hfa384x_drvr_disable
1716 * Issues the disable command to stop communications on one of
1717 * the MACs 'ports'. Only macport 0 is valid for stations.
1718 * APs may also disable macports 1-6. Only ports that have been
1719 * previously enabled may be disabled.
1722 * hw device structure
1723 * macport MAC port number (host order)
1727 * >0 f/w reported failure - f/w status code
1728 * <0 driver reported error (timeout|bad arg)
1734 *----------------------------------------------------------------
1736 int hfa384x_drvr_disable(struct hfa384x *hw, u16 macport)
1740 if ((!hw->isap && macport != 0) ||
1741 (hw->isap && !(macport <= HFA384x_PORTID_MAX)) ||
1742 !(hw->port_enabled[macport])) {
1745 result = hfa384x_cmd_disable(hw, macport);
1747 hw->port_enabled[macport] = 0;
1752 /*----------------------------------------------------------------
1753 * hfa384x_drvr_enable
1755 * Issues the enable command to enable communications on one of
1756 * the MACs 'ports'. Only macport 0 is valid for stations.
1757 * APs may also enable macports 1-6. Only ports that are currently
1758 * disabled may be enabled.
1761 * hw device structure
1762 * macport MAC port number
1766 * >0 f/w reported failure - f/w status code
1767 * <0 driver reported error (timeout|bad arg)
1773 *----------------------------------------------------------------
1775 int hfa384x_drvr_enable(struct hfa384x *hw, u16 macport)
1779 if ((!hw->isap && macport != 0) ||
1780 (hw->isap && !(macport <= HFA384x_PORTID_MAX)) ||
1781 (hw->port_enabled[macport])) {
1784 result = hfa384x_cmd_enable(hw, macport);
1786 hw->port_enabled[macport] = 1;
1791 /*----------------------------------------------------------------
1792 * hfa384x_drvr_flashdl_enable
1794 * Begins the flash download state. Checks to see that we're not
1795 * already in a download state and that a port isn't enabled.
1796 * Sets the download state and retrieves the flash download
1797 * buffer location, buffer size, and timeout length.
1800 * hw device structure
1804 * >0 f/w reported error - f/w status code
1805 * <0 driver reported error
1811 *----------------------------------------------------------------
1813 int hfa384x_drvr_flashdl_enable(struct hfa384x *hw)
1818 /* Check that a port isn't active */
1819 for (i = 0; i < HFA384x_PORTID_MAX; i++) {
1820 if (hw->port_enabled[i]) {
1821 pr_debug("called when port enabled.\n");
1826 /* Check that we're not already in a download state */
1827 if (hw->dlstate != HFA384x_DLSTATE_DISABLED)
1830 /* Retrieve the buffer loc&size and timeout */
1831 result = hfa384x_drvr_getconfig(hw, HFA384x_RID_DOWNLOADBUFFER,
1832 &hw->bufinfo, sizeof(hw->bufinfo));
1836 le16_to_cpus(&hw->bufinfo.page);
1837 le16_to_cpus(&hw->bufinfo.offset);
1838 le16_to_cpus(&hw->bufinfo.len);
1839 result = hfa384x_drvr_getconfig16(hw, HFA384x_RID_MAXLOADTIME,
1844 le16_to_cpus(&hw->dltimeout);
1846 pr_debug("flashdl_enable\n");
1848 hw->dlstate = HFA384x_DLSTATE_FLASHENABLED;
1853 /*----------------------------------------------------------------
1854 * hfa384x_drvr_flashdl_disable
1856 * Ends the flash download state. Note that this will cause the MAC
1857 * firmware to restart.
1860 * hw device structure
1864 * >0 f/w reported error - f/w status code
1865 * <0 driver reported error
1871 *----------------------------------------------------------------
1873 int hfa384x_drvr_flashdl_disable(struct hfa384x *hw)
1875 /* Check that we're already in the download state */
1876 if (hw->dlstate != HFA384x_DLSTATE_FLASHENABLED)
1879 pr_debug("flashdl_enable\n");
1881 /* There isn't much we can do at this point, so I don't */
1882 /* bother w/ the return value */
1883 hfa384x_cmd_download(hw, HFA384x_PROGMODE_DISABLE, 0, 0, 0);
1884 hw->dlstate = HFA384x_DLSTATE_DISABLED;
1889 /*----------------------------------------------------------------
1890 * hfa384x_drvr_flashdl_write
1892 * Performs a FLASH download of a chunk of data. First checks to see
1893 * that we're in the FLASH download state, then sets the download
1894 * mode, uses the aux functions to 1) copy the data to the flash
1895 * buffer, 2) sets the download 'write flash' mode, 3) readback and
1896 * compare. Lather rinse, repeat as many times an necessary to get
1897 * all the given data into flash.
1898 * When all data has been written using this function (possibly
1899 * repeatedly), call drvr_flashdl_disable() to end the download state
1900 * and restart the MAC.
1903 * hw device structure
1904 * daddr Card address to write to. (host order)
1905 * buf Ptr to data to write.
1906 * len Length of data (host order).
1910 * >0 f/w reported error - f/w status code
1911 * <0 driver reported error
1917 *----------------------------------------------------------------
1919 int hfa384x_drvr_flashdl_write(struct hfa384x *hw, u32 daddr,
1937 pr_debug("daddr=0x%08x len=%d\n", daddr, len);
1939 /* Check that we're in the flash download state */
1940 if (hw->dlstate != HFA384x_DLSTATE_FLASHENABLED)
1943 netdev_info(hw->wlandev->netdev,
1944 "Download %d bytes to flash @0x%06x\n", len, daddr);
1946 /* Convert to flat address for arithmetic */
1947 /* NOTE: dlbuffer RID stores the address in AUX format */
1949 HFA384x_ADDR_AUX_MKFLAT(hw->bufinfo.page, hw->bufinfo.offset);
1950 pr_debug("dlbuf.page=0x%04x dlbuf.offset=0x%04x dlbufaddr=0x%08x\n",
1951 hw->bufinfo.page, hw->bufinfo.offset, dlbufaddr);
1952 /* Calculations to determine how many fills of the dlbuffer to do
1953 * and how many USB wmemreq's to do for each fill. At this point
1954 * in time, the dlbuffer size and the wmemreq size are the same.
1955 * Therefore, nwrites should always be 1. The extra complexity
1956 * here is a hedge against future changes.
1959 /* Figure out how many times to do the flash programming */
1960 nburns = len / hw->bufinfo.len;
1961 nburns += (len % hw->bufinfo.len) ? 1 : 0;
1963 /* For each flash program cycle, how many USB wmemreq's are needed? */
1964 nwrites = hw->bufinfo.len / HFA384x_USB_RWMEM_MAXLEN;
1965 nwrites += (hw->bufinfo.len % HFA384x_USB_RWMEM_MAXLEN) ? 1 : 0;
1968 for (i = 0; i < nburns; i++) {
1969 /* Get the dest address and len */
1970 burnlen = (len - (hw->bufinfo.len * i)) > hw->bufinfo.len ?
1971 hw->bufinfo.len : (len - (hw->bufinfo.len * i));
1972 burndaddr = daddr + (hw->bufinfo.len * i);
1973 burnlo = HFA384x_ADDR_CMD_MKOFF(burndaddr);
1974 burnhi = HFA384x_ADDR_CMD_MKPAGE(burndaddr);
1976 netdev_info(hw->wlandev->netdev, "Writing %d bytes to flash @0x%06x\n",
1977 burnlen, burndaddr);
1979 /* Set the download mode */
1980 result = hfa384x_cmd_download(hw, HFA384x_PROGMODE_NV,
1981 burnlo, burnhi, burnlen);
1983 netdev_err(hw->wlandev->netdev,
1984 "download(NV,lo=%x,hi=%x,len=%x) cmd failed, result=%d. Aborting d/l\n",
1985 burnlo, burnhi, burnlen, result);
1989 /* copy the data to the flash download buffer */
1990 for (j = 0; j < nwrites; j++) {
1992 (i * hw->bufinfo.len) +
1993 (j * HFA384x_USB_RWMEM_MAXLEN);
1995 writepage = HFA384x_ADDR_CMD_MKPAGE(dlbufaddr +
1996 (j * HFA384x_USB_RWMEM_MAXLEN));
1997 writeoffset = HFA384x_ADDR_CMD_MKOFF(dlbufaddr +
1998 (j * HFA384x_USB_RWMEM_MAXLEN));
2000 writelen = burnlen - (j * HFA384x_USB_RWMEM_MAXLEN);
2001 writelen = writelen > HFA384x_USB_RWMEM_MAXLEN ?
2002 HFA384x_USB_RWMEM_MAXLEN : writelen;
2004 result = hfa384x_dowmem_wait(hw,
2007 writebuf, writelen);
2010 /* set the download 'write flash' mode */
2011 result = hfa384x_cmd_download(hw,
2012 HFA384x_PROGMODE_NVWRITE,
2015 netdev_err(hw->wlandev->netdev,
2016 "download(NVWRITE,lo=%x,hi=%x,len=%x) cmd failed, result=%d. Aborting d/l\n",
2017 burnlo, burnhi, burnlen, result);
2021 /* TODO: We really should do a readback and compare. */
2026 /* Leave the firmware in the 'post-prog' mode. flashdl_disable will */
2027 /* actually disable programming mode. Remember, that will cause the */
2028 /* the firmware to effectively reset itself. */
2033 /*----------------------------------------------------------------
2034 * hfa384x_drvr_getconfig
2036 * Performs the sequence necessary to read a config/info item.
2039 * hw device structure
2040 * rid config/info record id (host order)
2041 * buf host side record buffer. Upon return it will
2042 * contain the body portion of the record (minus the
2044 * len buffer length (in bytes, should match record length)
2048 * >0 f/w reported error - f/w status code
2049 * <0 driver reported error
2050 * -ENODATA length mismatch between argument and retrieved
2057 *----------------------------------------------------------------
2059 int hfa384x_drvr_getconfig(struct hfa384x *hw, u16 rid, void *buf, u16 len)
2061 return hfa384x_dorrid_wait(hw, rid, buf, len);
2064 /*----------------------------------------------------------------
2065 * hfa384x_drvr_setconfig_async
2067 * Performs the sequence necessary to write a config/info item.
2070 * hw device structure
2071 * rid config/info record id (in host order)
2072 * buf host side record buffer
2073 * len buffer length (in bytes)
2074 * usercb completion callback
2075 * usercb_data completion callback argument
2079 * >0 f/w reported error - f/w status code
2080 * <0 driver reported error
2086 *----------------------------------------------------------------
2089 hfa384x_drvr_setconfig_async(struct hfa384x *hw,
2092 u16 len, ctlx_usercb_t usercb, void *usercb_data)
2094 return hfa384x_dowrid_async(hw, rid, buf, len,
2095 hfa384x_cb_status, usercb, usercb_data);
2098 /*----------------------------------------------------------------
2099 * hfa384x_drvr_ramdl_disable
2101 * Ends the ram download state.
2104 * hw device structure
2108 * >0 f/w reported error - f/w status code
2109 * <0 driver reported error
2115 *----------------------------------------------------------------
2117 int hfa384x_drvr_ramdl_disable(struct hfa384x *hw)
2119 /* Check that we're already in the download state */
2120 if (hw->dlstate != HFA384x_DLSTATE_RAMENABLED)
2123 pr_debug("ramdl_disable()\n");
2125 /* There isn't much we can do at this point, so I don't */
2126 /* bother w/ the return value */
2127 hfa384x_cmd_download(hw, HFA384x_PROGMODE_DISABLE, 0, 0, 0);
2128 hw->dlstate = HFA384x_DLSTATE_DISABLED;
2133 /*----------------------------------------------------------------
2134 * hfa384x_drvr_ramdl_enable
2136 * Begins the ram download state. Checks to see that we're not
2137 * already in a download state and that a port isn't enabled.
2138 * Sets the download state and calls cmd_download with the
2139 * ENABLE_VOLATILE subcommand and the exeaddr argument.
2142 * hw device structure
2143 * exeaddr the card execution address that will be
2144 * jumped to when ramdl_disable() is called
2149 * >0 f/w reported error - f/w status code
2150 * <0 driver reported error
2156 *----------------------------------------------------------------
2158 int hfa384x_drvr_ramdl_enable(struct hfa384x *hw, u32 exeaddr)
2165 /* Check that a port isn't active */
2166 for (i = 0; i < HFA384x_PORTID_MAX; i++) {
2167 if (hw->port_enabled[i]) {
2168 netdev_err(hw->wlandev->netdev,
2169 "Can't download with a macport enabled.\n");
2174 /* Check that we're not already in a download state */
2175 if (hw->dlstate != HFA384x_DLSTATE_DISABLED) {
2176 netdev_err(hw->wlandev->netdev,
2177 "Download state not disabled.\n");
2181 pr_debug("ramdl_enable, exeaddr=0x%08x\n", exeaddr);
2183 /* Call the download(1,addr) function */
2184 lowaddr = HFA384x_ADDR_CMD_MKOFF(exeaddr);
2185 hiaddr = HFA384x_ADDR_CMD_MKPAGE(exeaddr);
2187 result = hfa384x_cmd_download(hw, HFA384x_PROGMODE_RAM,
2188 lowaddr, hiaddr, 0);
2191 /* Set the download state */
2192 hw->dlstate = HFA384x_DLSTATE_RAMENABLED;
2194 pr_debug("cmd_download(0x%04x, 0x%04x) failed, result=%d.\n",
2195 lowaddr, hiaddr, result);
2201 /*----------------------------------------------------------------
2202 * hfa384x_drvr_ramdl_write
2204 * Performs a RAM download of a chunk of data. First checks to see
2205 * that we're in the RAM download state, then uses the [read|write]mem USB
2206 * commands to 1) copy the data, 2) readback and compare. The download
2207 * state is unaffected. When all data has been written using
2208 * this function, call drvr_ramdl_disable() to end the download state
2209 * and restart the MAC.
2212 * hw device structure
2213 * daddr Card address to write to. (host order)
2214 * buf Ptr to data to write.
2215 * len Length of data (host order).
2219 * >0 f/w reported error - f/w status code
2220 * <0 driver reported error
2226 *----------------------------------------------------------------
2228 int hfa384x_drvr_ramdl_write(struct hfa384x *hw, u32 daddr, void *buf, u32 len)
2239 /* Check that we're in the ram download state */
2240 if (hw->dlstate != HFA384x_DLSTATE_RAMENABLED)
2243 netdev_info(hw->wlandev->netdev, "Writing %d bytes to ram @0x%06x\n",
2246 /* How many dowmem calls? */
2247 nwrites = len / HFA384x_USB_RWMEM_MAXLEN;
2248 nwrites += len % HFA384x_USB_RWMEM_MAXLEN ? 1 : 0;
2250 /* Do blocking wmem's */
2251 for (i = 0; i < nwrites; i++) {
2252 /* make address args */
2253 curraddr = daddr + (i * HFA384x_USB_RWMEM_MAXLEN);
2254 currpage = HFA384x_ADDR_CMD_MKPAGE(curraddr);
2255 curroffset = HFA384x_ADDR_CMD_MKOFF(curraddr);
2256 currlen = len - (i * HFA384x_USB_RWMEM_MAXLEN);
2257 if (currlen > HFA384x_USB_RWMEM_MAXLEN)
2258 currlen = HFA384x_USB_RWMEM_MAXLEN;
2260 /* Do blocking ctlx */
2261 result = hfa384x_dowmem_wait(hw,
2265 (i * HFA384x_USB_RWMEM_MAXLEN),
2271 /* TODO: We really should have a readback. */
2277 /*----------------------------------------------------------------
2278 * hfa384x_drvr_readpda
2280 * Performs the sequence to read the PDA space. Note there is no
2281 * drvr_writepda() function. Writing a PDA is
2282 * generally implemented by a calling component via calls to
2283 * cmd_download and writing to the flash download buffer via the
2287 * hw device structure
2288 * buf buffer to store PDA in
2293 * >0 f/w reported error - f/w status code
2294 * <0 driver reported error
2295 * -ETIMEDOUT timeout waiting for the cmd regs to become
2296 * available, or waiting for the control reg
2297 * to indicate the Aux port is enabled.
2298 * -ENODATA the buffer does NOT contain a valid PDA.
2299 * Either the card PDA is bad, or the auxdata
2300 * reads are giving us garbage.
2306 * process or non-card interrupt.
2307 *----------------------------------------------------------------
2309 int hfa384x_drvr_readpda(struct hfa384x *hw, void *buf, unsigned int len)
2315 int currpdr = 0; /* word offset of the current pdr */
2317 u16 pdrlen; /* pdr length in bytes, host order */
2318 u16 pdrcode; /* pdr code, host order */
2326 HFA3842_PDA_BASE, 0}, {
2327 HFA3841_PDA_BASE, 0}, {
2328 HFA3841_PDA_BOGUS_BASE, 0}
2331 /* Read the pda from each known address. */
2332 for (i = 0; i < ARRAY_SIZE(pdaloc); i++) {
2334 currpage = HFA384x_ADDR_CMD_MKPAGE(pdaloc[i].cardaddr);
2335 curroffset = HFA384x_ADDR_CMD_MKOFF(pdaloc[i].cardaddr);
2337 /* units of bytes */
2338 result = hfa384x_dormem_wait(hw, currpage, curroffset, buf,
2342 netdev_warn(hw->wlandev->netdev,
2343 "Read from index %zd failed, continuing\n",
2348 /* Test for garbage */
2349 pdaok = 1; /* initially assume good */
2351 while (pdaok && morepdrs) {
2352 pdrlen = le16_to_cpu(pda[currpdr]) * 2;
2353 pdrcode = le16_to_cpu(pda[currpdr + 1]);
2354 /* Test the record length */
2355 if (pdrlen > HFA384x_PDR_LEN_MAX || pdrlen == 0) {
2356 netdev_err(hw->wlandev->netdev,
2357 "pdrlen invalid=%d\n", pdrlen);
2362 if (!hfa384x_isgood_pdrcode(pdrcode)) {
2363 netdev_err(hw->wlandev->netdev, "pdrcode invalid=%d\n",
2368 /* Test for completion */
2369 if (pdrcode == HFA384x_PDR_END_OF_PDA)
2372 /* Move to the next pdr (if necessary) */
2374 /* note the access to pda[], need words here */
2375 currpdr += le16_to_cpu(pda[currpdr]) + 1;
2379 netdev_info(hw->wlandev->netdev,
2380 "PDA Read from 0x%08x in %s space.\n",
2382 pdaloc[i].auxctl == 0 ? "EXTDS" :
2383 pdaloc[i].auxctl == 1 ? "NV" :
2384 pdaloc[i].auxctl == 2 ? "PHY" :
2385 pdaloc[i].auxctl == 3 ? "ICSRAM" :
2390 result = pdaok ? 0 : -ENODATA;
2393 pr_debug("Failure: pda is not okay\n");
2398 /*----------------------------------------------------------------
2399 * hfa384x_drvr_setconfig
2401 * Performs the sequence necessary to write a config/info item.
2404 * hw device structure
2405 * rid config/info record id (in host order)
2406 * buf host side record buffer
2407 * len buffer length (in bytes)
2411 * >0 f/w reported error - f/w status code
2412 * <0 driver reported error
2418 *----------------------------------------------------------------
2420 int hfa384x_drvr_setconfig(struct hfa384x *hw, u16 rid, void *buf, u16 len)
2422 return hfa384x_dowrid_wait(hw, rid, buf, len);
2425 /*----------------------------------------------------------------
2426 * hfa384x_drvr_start
2428 * Issues the MAC initialize command, sets up some data structures,
2429 * and enables the interrupts. After this function completes, the
2430 * low-level stuff should be ready for any/all commands.
2433 * hw device structure
2436 * >0 f/w reported error - f/w status code
2437 * <0 driver reported error
2443 *----------------------------------------------------------------
2445 int hfa384x_drvr_start(struct hfa384x *hw)
2447 int result, result1, result2;
2452 /* Clear endpoint stalls - but only do this if the endpoint
2453 * is showing a stall status. Some prism2 cards seem to behave
2454 * badly if a clear_halt is called when the endpoint is already
2458 usb_get_status(hw->usb, USB_RECIP_ENDPOINT, hw->endp_in, &status);
2460 netdev_err(hw->wlandev->netdev, "Cannot get bulk in endpoint status.\n");
2463 if ((status == 1) && usb_clear_halt(hw->usb, hw->endp_in))
2464 netdev_err(hw->wlandev->netdev, "Failed to reset bulk in endpoint.\n");
2467 usb_get_status(hw->usb, USB_RECIP_ENDPOINT, hw->endp_out, &status);
2469 netdev_err(hw->wlandev->netdev, "Cannot get bulk out endpoint status.\n");
2472 if ((status == 1) && usb_clear_halt(hw->usb, hw->endp_out))
2473 netdev_err(hw->wlandev->netdev, "Failed to reset bulk out endpoint.\n");
2475 /* Synchronous unlink, in case we're trying to restart the driver */
2476 usb_kill_urb(&hw->rx_urb);
2478 /* Post the IN urb */
2479 result = submit_rx_urb(hw, GFP_KERNEL);
2481 netdev_err(hw->wlandev->netdev,
2482 "Fatal, failed to submit RX URB, result=%d\n",
2487 /* Call initialize twice, with a 1 second sleep in between.
2488 * This is a nasty work-around since many prism2 cards seem to
2489 * need time to settle after an init from cold. The second
2490 * call to initialize in theory is not necessary - but we call
2491 * it anyway as a double insurance policy:
2492 * 1) If the first init should fail, the second may well succeed
2493 * and the card can still be used
2494 * 2) It helps ensures all is well with the card after the first
2495 * init and settle time.
2497 result1 = hfa384x_cmd_initialize(hw);
2499 result = hfa384x_cmd_initialize(hw);
2503 netdev_err(hw->wlandev->netdev,
2504 "cmd_initialize() failed on two attempts, results %d and %d\n",
2506 usb_kill_urb(&hw->rx_urb);
2509 pr_debug("First cmd_initialize() failed (result %d),\n",
2511 pr_debug("but second attempt succeeded. All should be ok\n");
2513 } else if (result2 != 0) {
2514 netdev_warn(hw->wlandev->netdev, "First cmd_initialize() succeeded, but second attempt failed (result=%d)\n",
2516 netdev_warn(hw->wlandev->netdev,
2517 "Most likely the card will be functional\n");
2521 hw->state = HFA384x_STATE_RUNNING;
2527 /*----------------------------------------------------------------
2530 * Shuts down the MAC to the point where it is safe to unload the
2531 * driver. Any subsystem that may be holding a data or function
2532 * ptr into the driver must be cleared/deinitialized.
2535 * hw device structure
2538 * >0 f/w reported error - f/w status code
2539 * <0 driver reported error
2545 *----------------------------------------------------------------
2547 int hfa384x_drvr_stop(struct hfa384x *hw)
2553 /* There's no need for spinlocks here. The USB "disconnect"
2554 * function sets this "removed" flag and then calls us.
2556 if (!hw->wlandev->hwremoved) {
2557 /* Call initialize to leave the MAC in its 'reset' state */
2558 hfa384x_cmd_initialize(hw);
2560 /* Cancel the rxurb */
2561 usb_kill_urb(&hw->rx_urb);
2564 hw->link_status = HFA384x_LINK_NOTCONNECTED;
2565 hw->state = HFA384x_STATE_INIT;
2567 del_timer_sync(&hw->commsqual_timer);
2569 /* Clear all the port status */
2570 for (i = 0; i < HFA384x_NUMPORTS_MAX; i++)
2571 hw->port_enabled[i] = 0;
2576 /*----------------------------------------------------------------
2577 * hfa384x_drvr_txframe
2579 * Takes a frame from prism2sta and queues it for transmission.
2582 * hw device structure
2583 * skb packet buffer struct. Contains an 802.11
2585 * p80211_hdr points to the 802.11 header for the packet.
2587 * 0 Success and more buffs available
2588 * 1 Success but no more buffs
2589 * 2 Allocation failure
2590 * 4 Buffer full or queue busy
2596 *----------------------------------------------------------------
2598 int hfa384x_drvr_txframe(struct hfa384x *hw, struct sk_buff *skb,
2599 union p80211_hdr *p80211_hdr,
2600 struct p80211_metawep *p80211_wep)
2602 int usbpktlen = sizeof(struct hfa384x_tx_frame);
2607 if (hw->tx_urb.status == -EINPROGRESS) {
2608 netdev_warn(hw->wlandev->netdev, "TX URB already in use\n");
2613 /* Build Tx frame structure */
2614 /* Set up the control field */
2615 memset(&hw->txbuff.txfrm.desc, 0, sizeof(hw->txbuff.txfrm.desc));
2617 /* Setup the usb type field */
2618 hw->txbuff.type = cpu_to_le16(HFA384x_USB_TXFRM);
2620 /* Set up the sw_support field to identify this frame */
2621 hw->txbuff.txfrm.desc.sw_support = 0x0123;
2623 /* Tx complete and Tx exception disable per dleach. Might be causing
2626 /* #define DOEXC SLP -- doboth breaks horribly under load, doexc less so. */
2628 hw->txbuff.txfrm.desc.tx_control =
2629 HFA384x_TX_MACPORT_SET(0) | HFA384x_TX_STRUCTYPE_SET(1) |
2630 HFA384x_TX_TXEX_SET(1) | HFA384x_TX_TXOK_SET(1);
2631 #elif defined(DOEXC)
2632 hw->txbuff.txfrm.desc.tx_control =
2633 HFA384x_TX_MACPORT_SET(0) | HFA384x_TX_STRUCTYPE_SET(1) |
2634 HFA384x_TX_TXEX_SET(1) | HFA384x_TX_TXOK_SET(0);
2636 hw->txbuff.txfrm.desc.tx_control =
2637 HFA384x_TX_MACPORT_SET(0) | HFA384x_TX_STRUCTYPE_SET(1) |
2638 HFA384x_TX_TXEX_SET(0) | HFA384x_TX_TXOK_SET(0);
2640 cpu_to_le16s(&hw->txbuff.txfrm.desc.tx_control);
2642 /* copy the header over to the txdesc */
2643 memcpy(&hw->txbuff.txfrm.desc.frame_control, p80211_hdr,
2644 sizeof(union p80211_hdr));
2646 /* if we're using host WEP, increase size by IV+ICV */
2647 if (p80211_wep->data) {
2648 hw->txbuff.txfrm.desc.data_len = cpu_to_le16(skb->len + 8);
2651 hw->txbuff.txfrm.desc.data_len = cpu_to_le16(skb->len);
2654 usbpktlen += skb->len;
2656 /* copy over the WEP IV if we are using host WEP */
2657 ptr = hw->txbuff.txfrm.data;
2658 if (p80211_wep->data) {
2659 memcpy(ptr, p80211_wep->iv, sizeof(p80211_wep->iv));
2660 ptr += sizeof(p80211_wep->iv);
2661 memcpy(ptr, p80211_wep->data, skb->len);
2663 memcpy(ptr, skb->data, skb->len);
2665 /* copy over the packet data */
2668 /* copy over the WEP ICV if we are using host WEP */
2669 if (p80211_wep->data)
2670 memcpy(ptr, p80211_wep->icv, sizeof(p80211_wep->icv));
2672 /* Send the USB packet */
2673 usb_fill_bulk_urb(&hw->tx_urb, hw->usb,
2675 &hw->txbuff, ROUNDUP64(usbpktlen),
2676 hfa384x_usbout_callback, hw->wlandev);
2677 hw->tx_urb.transfer_flags |= USB_QUEUE_BULK;
2680 ret = submit_tx_urb(hw, &hw->tx_urb, GFP_ATOMIC);
2682 netdev_err(hw->wlandev->netdev,
2683 "submit_tx_urb() failed, error=%d\n", ret);
2691 void hfa384x_tx_timeout(struct wlandevice *wlandev)
2693 struct hfa384x *hw = wlandev->priv;
2694 unsigned long flags;
2696 spin_lock_irqsave(&hw->ctlxq.lock, flags);
2698 if (!hw->wlandev->hwremoved) {
2701 sched = !test_and_set_bit(WORK_TX_HALT, &hw->usb_flags);
2702 sched |= !test_and_set_bit(WORK_RX_HALT, &hw->usb_flags);
2704 schedule_work(&hw->usb_work);
2707 spin_unlock_irqrestore(&hw->ctlxq.lock, flags);
2710 /*----------------------------------------------------------------
2711 * hfa384x_usbctlx_reaper_task
2713 * Tasklet to delete dead CTLX objects
2716 * data ptr to a struct hfa384x
2722 *----------------------------------------------------------------
2724 static void hfa384x_usbctlx_reaper_task(unsigned long data)
2726 struct hfa384x *hw = (struct hfa384x *)data;
2727 struct hfa384x_usbctlx *ctlx, *temp;
2728 unsigned long flags;
2730 spin_lock_irqsave(&hw->ctlxq.lock, flags);
2732 /* This list is guaranteed to be empty if someone
2733 * has unplugged the adapter.
2735 list_for_each_entry_safe(ctlx, temp, &hw->ctlxq.reapable, list) {
2736 list_del(&ctlx->list);
2740 spin_unlock_irqrestore(&hw->ctlxq.lock, flags);
2743 /*----------------------------------------------------------------
2744 * hfa384x_usbctlx_completion_task
2746 * Tasklet to call completion handlers for returned CTLXs
2749 * data ptr to struct hfa384x
2756 *----------------------------------------------------------------
2758 static void hfa384x_usbctlx_completion_task(unsigned long data)
2760 struct hfa384x *hw = (struct hfa384x *)data;
2761 struct hfa384x_usbctlx *ctlx, *temp;
2762 unsigned long flags;
2766 spin_lock_irqsave(&hw->ctlxq.lock, flags);
2768 /* This list is guaranteed to be empty if someone
2769 * has unplugged the adapter ...
2771 list_for_each_entry_safe(ctlx, temp, &hw->ctlxq.completing, list) {
2772 /* Call the completion function that this
2773 * command was assigned, assuming it has one.
2776 spin_unlock_irqrestore(&hw->ctlxq.lock, flags);
2777 ctlx->cmdcb(hw, ctlx);
2778 spin_lock_irqsave(&hw->ctlxq.lock, flags);
2780 /* Make sure we don't try and complete
2781 * this CTLX more than once!
2785 /* Did someone yank the adapter out
2786 * while our list was (briefly) unlocked?
2788 if (hw->wlandev->hwremoved) {
2795 * "Reapable" CTLXs are ones which don't have any
2796 * threads waiting for them to die. Hence they must
2797 * be delivered to The Reaper!
2799 if (ctlx->reapable) {
2800 /* Move the CTLX off the "completing" list (hopefully)
2801 * on to the "reapable" list where the reaper task
2802 * can find it. And "reapable" means that this CTLX
2803 * isn't sitting on a wait-queue somewhere.
2805 list_move_tail(&ctlx->list, &hw->ctlxq.reapable);
2809 complete(&ctlx->done);
2811 spin_unlock_irqrestore(&hw->ctlxq.lock, flags);
2814 tasklet_schedule(&hw->reaper_bh);
2817 /*----------------------------------------------------------------
2818 * unlocked_usbctlx_cancel_async
2820 * Mark the CTLX dead asynchronously, and ensure that the
2821 * next command on the queue is run afterwards.
2824 * hw ptr to the struct hfa384x structure
2825 * ctlx ptr to a CTLX structure
2828 * 0 the CTLX's URB is inactive
2829 * -EINPROGRESS the URB is currently being unlinked
2832 * Either process or interrupt, but presumably interrupt
2833 *----------------------------------------------------------------
2835 static int unlocked_usbctlx_cancel_async(struct hfa384x *hw,
2836 struct hfa384x_usbctlx *ctlx)
2841 * Try to delete the URB containing our request packet.
2842 * If we succeed, then its completion handler will be
2843 * called with a status of -ECONNRESET.
2845 hw->ctlx_urb.transfer_flags |= URB_ASYNC_UNLINK;
2846 ret = usb_unlink_urb(&hw->ctlx_urb);
2848 if (ret != -EINPROGRESS) {
2850 * The OUT URB had either already completed
2851 * or was still in the pending queue, so the
2852 * URB's completion function will not be called.
2853 * We will have to complete the CTLX ourselves.
2855 ctlx->state = CTLX_REQ_FAILED;
2856 unlocked_usbctlx_complete(hw, ctlx);
2863 /*----------------------------------------------------------------
2864 * unlocked_usbctlx_complete
2866 * A CTLX has completed. It may have been successful, it may not
2867 * have been. At this point, the CTLX should be quiescent. The URBs
2868 * aren't active and the timers should have been stopped.
2870 * The CTLX is migrated to the "completing" queue, and the completing
2871 * tasklet is scheduled.
2874 * hw ptr to a struct hfa384x structure
2875 * ctlx ptr to a ctlx structure
2883 * Either, assume interrupt
2884 *----------------------------------------------------------------
2886 static void unlocked_usbctlx_complete(struct hfa384x *hw,
2887 struct hfa384x_usbctlx *ctlx)
2889 /* Timers have been stopped, and ctlx should be in
2890 * a terminal state. Retire it from the "active"
2893 list_move_tail(&ctlx->list, &hw->ctlxq.completing);
2894 tasklet_schedule(&hw->completion_bh);
2896 switch (ctlx->state) {
2898 case CTLX_REQ_FAILED:
2899 /* This are the correct terminating states. */
2903 netdev_err(hw->wlandev->netdev, "CTLX[%d] not in a terminating state(%s)\n",
2904 le16_to_cpu(ctlx->outbuf.type),
2905 ctlxstr(ctlx->state));
2910 /*----------------------------------------------------------------
2911 * hfa384x_usbctlxq_run
2913 * Checks to see if the head item is running. If not, starts it.
2916 * hw ptr to struct hfa384x
2925 *----------------------------------------------------------------
2927 static void hfa384x_usbctlxq_run(struct hfa384x *hw)
2929 unsigned long flags;
2932 spin_lock_irqsave(&hw->ctlxq.lock, flags);
2934 /* Only one active CTLX at any one time, because there's no
2935 * other (reliable) way to match the response URB to the
2938 * Don't touch any of these CTLXs if the hardware
2939 * has been removed or the USB subsystem is stalled.
2941 if (!list_empty(&hw->ctlxq.active) ||
2942 test_bit(WORK_TX_HALT, &hw->usb_flags) || hw->wlandev->hwremoved)
2945 while (!list_empty(&hw->ctlxq.pending)) {
2946 struct hfa384x_usbctlx *head;
2949 /* This is the first pending command */
2950 head = list_entry(hw->ctlxq.pending.next,
2951 struct hfa384x_usbctlx, list);
2953 /* We need to split this off to avoid a race condition */
2954 list_move_tail(&head->list, &hw->ctlxq.active);
2956 /* Fill the out packet */
2957 usb_fill_bulk_urb(&hw->ctlx_urb, hw->usb,
2959 &head->outbuf, ROUNDUP64(head->outbufsize),
2960 hfa384x_ctlxout_callback, hw);
2961 hw->ctlx_urb.transfer_flags |= USB_QUEUE_BULK;
2963 /* Now submit the URB and update the CTLX's state */
2964 result = usb_submit_urb(&hw->ctlx_urb, GFP_ATOMIC);
2966 /* This CTLX is now running on the active queue */
2967 head->state = CTLX_REQ_SUBMITTED;
2969 /* Start the OUT wait timer */
2970 hw->req_timer_done = 0;
2971 hw->reqtimer.expires = jiffies + HZ;
2972 add_timer(&hw->reqtimer);
2974 /* Start the IN wait timer */
2975 hw->resp_timer_done = 0;
2976 hw->resptimer.expires = jiffies + 2 * HZ;
2977 add_timer(&hw->resptimer);
2982 if (result == -EPIPE) {
2983 /* The OUT pipe needs resetting, so put
2984 * this CTLX back in the "pending" queue
2985 * and schedule a reset ...
2987 netdev_warn(hw->wlandev->netdev,
2988 "%s tx pipe stalled: requesting reset\n",
2989 hw->wlandev->netdev->name);
2990 list_move(&head->list, &hw->ctlxq.pending);
2991 set_bit(WORK_TX_HALT, &hw->usb_flags);
2992 schedule_work(&hw->usb_work);
2996 if (result == -ESHUTDOWN) {
2997 netdev_warn(hw->wlandev->netdev, "%s urb shutdown!\n",
2998 hw->wlandev->netdev->name);
3002 netdev_err(hw->wlandev->netdev, "Failed to submit CTLX[%d]: error=%d\n",
3003 le16_to_cpu(head->outbuf.type), result);
3004 unlocked_usbctlx_complete(hw, head);
3008 spin_unlock_irqrestore(&hw->ctlxq.lock, flags);
3011 /*----------------------------------------------------------------
3012 * hfa384x_usbin_callback
3014 * Callback for URBs on the BULKIN endpoint.
3017 * urb ptr to the completed urb
3026 *----------------------------------------------------------------
3028 static void hfa384x_usbin_callback(struct urb *urb)
3030 struct wlandevice *wlandev = urb->context;
3032 union hfa384x_usbin *usbin;
3033 struct sk_buff *skb = NULL;
3044 if (!wlandev || !wlandev->netdev || wlandev->hwremoved)
3051 skb = hw->rx_urb_skb;
3052 if (!skb || (skb->data != urb->transfer_buffer)) {
3057 hw->rx_urb_skb = NULL;
3059 /* Check for error conditions within the URB */
3060 switch (urb->status) {
3064 /* Check for short packet */
3065 if (urb->actual_length == 0) {
3066 wlandev->netdev->stats.rx_errors++;
3067 wlandev->netdev->stats.rx_length_errors++;
3073 netdev_warn(hw->wlandev->netdev, "%s rx pipe stalled: requesting reset\n",
3074 wlandev->netdev->name);
3075 if (!test_and_set_bit(WORK_RX_HALT, &hw->usb_flags))
3076 schedule_work(&hw->usb_work);
3077 wlandev->netdev->stats.rx_errors++;
3084 if (!test_and_set_bit(THROTTLE_RX, &hw->usb_flags) &&
3085 !timer_pending(&hw->throttle)) {
3086 mod_timer(&hw->throttle, jiffies + THROTTLE_JIFFIES);
3088 wlandev->netdev->stats.rx_errors++;
3093 wlandev->netdev->stats.rx_over_errors++;
3099 pr_debug("status=%d, device removed.\n", urb->status);
3105 pr_debug("status=%d, urb explicitly unlinked.\n", urb->status);
3110 pr_debug("urb status=%d, transfer flags=0x%x\n",
3111 urb->status, urb->transfer_flags);
3112 wlandev->netdev->stats.rx_errors++;
3117 /* Save values from the RX URB before reposting overwrites it. */
3118 urb_status = urb->status;
3119 usbin = (union hfa384x_usbin *)urb->transfer_buffer;
3121 if (action != ABORT) {
3122 /* Repost the RX URB */
3123 result = submit_rx_urb(hw, GFP_ATOMIC);
3126 netdev_err(hw->wlandev->netdev,
3127 "Fatal, failed to resubmit rx_urb. error=%d\n",
3132 /* Handle any USB-IN packet */
3133 /* Note: the check of the sw_support field, the type field doesn't
3134 * have bit 12 set like the docs suggest.
3136 type = le16_to_cpu(usbin->type);
3137 if (HFA384x_USB_ISRXFRM(type)) {
3138 if (action == HANDLE) {
3139 if (usbin->txfrm.desc.sw_support == 0x0123) {
3140 hfa384x_usbin_txcompl(wlandev, usbin);
3142 skb_put(skb, sizeof(*usbin));
3143 hfa384x_usbin_rx(wlandev, skb);
3149 if (HFA384x_USB_ISTXFRM(type)) {
3150 if (action == HANDLE)
3151 hfa384x_usbin_txcompl(wlandev, usbin);
3155 case HFA384x_USB_INFOFRM:
3156 if (action == ABORT)
3158 if (action == HANDLE)
3159 hfa384x_usbin_info(wlandev, usbin);
3162 case HFA384x_USB_CMDRESP:
3163 case HFA384x_USB_WRIDRESP:
3164 case HFA384x_USB_RRIDRESP:
3165 case HFA384x_USB_WMEMRESP:
3166 case HFA384x_USB_RMEMRESP:
3167 /* ALWAYS, ALWAYS, ALWAYS handle this CTLX!!!! */
3168 hfa384x_usbin_ctlx(hw, usbin, urb_status);
3171 case HFA384x_USB_BUFAVAIL:
3172 pr_debug("Received BUFAVAIL packet, frmlen=%d\n",
3173 usbin->bufavail.frmlen);
3176 case HFA384x_USB_ERROR:
3177 pr_debug("Received USB_ERROR packet, errortype=%d\n",
3178 usbin->usberror.errortype);
3182 pr_debug("Unrecognized USBIN packet, type=%x, status=%d\n",
3183 usbin->type, urb_status);
3193 /*----------------------------------------------------------------
3194 * hfa384x_usbin_ctlx
3196 * We've received a URB containing a Prism2 "response" message.
3197 * This message needs to be matched up with a CTLX on the active
3198 * queue and our state updated accordingly.
3201 * hw ptr to struct hfa384x
3202 * usbin ptr to USB IN packet
3203 * urb_status status of this Bulk-In URB
3212 *----------------------------------------------------------------
3214 static void hfa384x_usbin_ctlx(struct hfa384x *hw, union hfa384x_usbin *usbin,
3217 struct hfa384x_usbctlx *ctlx;
3219 unsigned long flags;
3222 spin_lock_irqsave(&hw->ctlxq.lock, flags);
3224 /* There can be only one CTLX on the active queue
3225 * at any one time, and this is the CTLX that the
3226 * timers are waiting for.
3228 if (list_empty(&hw->ctlxq.active))
3231 /* Remove the "response timeout". It's possible that
3232 * we are already too late, and that the timeout is
3233 * already running. And that's just too bad for us,
3234 * because we could lose our CTLX from the active
3237 if (del_timer(&hw->resptimer) == 0) {
3238 if (hw->resp_timer_done == 0) {
3239 spin_unlock_irqrestore(&hw->ctlxq.lock, flags);
3243 hw->resp_timer_done = 1;
3246 ctlx = get_active_ctlx(hw);
3248 if (urb_status != 0) {
3250 * Bad CTLX, so get rid of it. But we only
3251 * remove it from the active queue if we're no
3252 * longer expecting the OUT URB to complete.
3254 if (unlocked_usbctlx_cancel_async(hw, ctlx) == 0)
3257 const __le16 intype = (usbin->type & ~cpu_to_le16(0x8000));
3260 * Check that our message is what we're expecting ...
3262 if (ctlx->outbuf.type != intype) {
3263 netdev_warn(hw->wlandev->netdev,
3264 "Expected IN[%d], received IN[%d] - ignored.\n",
3265 le16_to_cpu(ctlx->outbuf.type),
3266 le16_to_cpu(intype));
3270 /* This URB has succeeded, so grab the data ... */
3271 memcpy(&ctlx->inbuf, usbin, sizeof(ctlx->inbuf));
3273 switch (ctlx->state) {
3274 case CTLX_REQ_SUBMITTED:
3276 * We have received our response URB before
3277 * our request has been acknowledged. Odd,
3278 * but our OUT URB is still alive...
3280 pr_debug("Causality violation: please reboot Universe\n");
3281 ctlx->state = CTLX_RESP_COMPLETE;
3284 case CTLX_REQ_COMPLETE:
3286 * This is the usual path: our request
3287 * has already been acknowledged, and
3288 * now we have received the reply too.
3290 ctlx->state = CTLX_COMPLETE;
3291 unlocked_usbctlx_complete(hw, ctlx);
3297 * Throw this CTLX away ...
3299 netdev_err(hw->wlandev->netdev,
3300 "Matched IN URB, CTLX[%d] in invalid state(%s). Discarded.\n",
3301 le16_to_cpu(ctlx->outbuf.type),
3302 ctlxstr(ctlx->state));
3303 if (unlocked_usbctlx_cancel_async(hw, ctlx) == 0)
3310 spin_unlock_irqrestore(&hw->ctlxq.lock, flags);
3313 hfa384x_usbctlxq_run(hw);
3316 /*----------------------------------------------------------------
3317 * hfa384x_usbin_txcompl
3319 * At this point we have the results of a previous transmit.
3322 * wlandev wlan device
3323 * usbin ptr to the usb transfer buffer
3332 *----------------------------------------------------------------
3334 static void hfa384x_usbin_txcompl(struct wlandevice *wlandev,
3335 union hfa384x_usbin *usbin)
3339 status = le16_to_cpu(usbin->type); /* yeah I know it says type... */
3341 /* Was there an error? */
3342 if (HFA384x_TXSTATUS_ISERROR(status))
3343 prism2sta_ev_txexc(wlandev, status);
3345 prism2sta_ev_tx(wlandev, status);
3348 /*----------------------------------------------------------------
3351 * At this point we have a successful received a rx frame packet.
3354 * wlandev wlan device
3355 * usbin ptr to the usb transfer buffer
3364 *----------------------------------------------------------------
3366 static void hfa384x_usbin_rx(struct wlandevice *wlandev, struct sk_buff *skb)
3368 union hfa384x_usbin *usbin = (union hfa384x_usbin *)skb->data;
3369 struct hfa384x *hw = wlandev->priv;
3371 struct p80211_rxmeta *rxmeta;
3375 /* Byte order convert once up front. */
3376 le16_to_cpus(&usbin->rxfrm.desc.status);
3377 le32_to_cpus(&usbin->rxfrm.desc.time);
3379 /* Now handle frame based on port# */
3380 switch (HFA384x_RXSTATUS_MACPORT_GET(usbin->rxfrm.desc.status)) {
3382 fc = le16_to_cpu(usbin->rxfrm.desc.frame_control);
3384 /* If exclude and we receive an unencrypted, drop it */
3385 if ((wlandev->hostwep & HOSTWEP_EXCLUDEUNENCRYPTED) &&
3386 !WLAN_GET_FC_ISWEP(fc)) {
3390 data_len = le16_to_cpu(usbin->rxfrm.desc.data_len);
3392 /* How much header data do we have? */
3393 hdrlen = p80211_headerlen(fc);
3395 /* Pull off the descriptor */
3396 skb_pull(skb, sizeof(struct hfa384x_rx_frame));
3398 /* Now shunt the header block up against the data block
3399 * with an "overlapping" copy
3401 memmove(skb_push(skb, hdrlen),
3402 &usbin->rxfrm.desc.frame_control, hdrlen);
3404 skb->dev = wlandev->netdev;
3406 /* And set the frame length properly */
3407 skb_trim(skb, data_len + hdrlen);
3409 /* The prism2 series does not return the CRC */
3410 memset(skb_put(skb, WLAN_CRC_LEN), 0xff, WLAN_CRC_LEN);
3412 skb_reset_mac_header(skb);
3414 /* Attach the rxmeta, set some stuff */
3415 p80211skb_rxmeta_attach(wlandev, skb);
3416 rxmeta = P80211SKB_RXMETA(skb);
3417 rxmeta->mactime = usbin->rxfrm.desc.time;
3418 rxmeta->rxrate = usbin->rxfrm.desc.rate;
3419 rxmeta->signal = usbin->rxfrm.desc.signal - hw->dbmadjust;
3420 rxmeta->noise = usbin->rxfrm.desc.silence - hw->dbmadjust;
3422 p80211netdev_rx(wlandev, skb);
3427 if (!HFA384x_RXSTATUS_ISFCSERR(usbin->rxfrm.desc.status)) {
3428 /* Copy to wlansnif skb */
3429 hfa384x_int_rxmonitor(wlandev, &usbin->rxfrm);
3432 pr_debug("Received monitor frame: FCSerr set\n");
3437 netdev_warn(hw->wlandev->netdev, "Received frame on unsupported port=%d\n",
3438 HFA384x_RXSTATUS_MACPORT_GET(
3439 usbin->rxfrm.desc.status));
3444 /*----------------------------------------------------------------
3445 * hfa384x_int_rxmonitor
3447 * Helper function for int_rx. Handles monitor frames.
3448 * Note that this function allocates space for the FCS and sets it
3449 * to 0xffffffff. The hfa384x doesn't give us the FCS value but the
3450 * higher layers expect it. 0xffffffff is used as a flag to indicate
3454 * wlandev wlan device structure
3455 * rxfrm rx descriptor read from card in int_rx
3461 * Allocates an skb and passes it up via the PF_PACKET interface.
3464 *----------------------------------------------------------------
3466 static void hfa384x_int_rxmonitor(struct wlandevice *wlandev,
3467 struct hfa384x_usb_rxfrm *rxfrm)
3469 struct hfa384x_rx_frame *rxdesc = &rxfrm->desc;
3470 unsigned int hdrlen = 0;
3471 unsigned int datalen = 0;
3472 unsigned int skblen = 0;
3475 struct sk_buff *skb;
3476 struct hfa384x *hw = wlandev->priv;
3478 /* Remember the status, time, and data_len fields are in host order */
3479 /* Figure out how big the frame is */
3480 fc = le16_to_cpu(rxdesc->frame_control);
3481 hdrlen = p80211_headerlen(fc);
3482 datalen = le16_to_cpu(rxdesc->data_len);
3484 /* Allocate an ind message+framesize skb */
3485 skblen = sizeof(struct p80211_caphdr) + hdrlen + datalen + WLAN_CRC_LEN;
3487 /* sanity check the length */
3489 (sizeof(struct p80211_caphdr) +
3490 WLAN_HDR_A4_LEN + WLAN_DATA_MAXLEN + WLAN_CRC_LEN)) {
3491 pr_debug("overlen frm: len=%zd\n",
3492 skblen - sizeof(struct p80211_caphdr));
3497 skb = dev_alloc_skb(skblen);
3501 /* only prepend the prism header if in the right mode */
3502 if ((wlandev->netdev->type == ARPHRD_IEEE80211_PRISM) &&
3503 (hw->sniffhdr != 0)) {
3504 struct p80211_caphdr *caphdr;
3505 /* The NEW header format! */
3506 datap = skb_put(skb, sizeof(struct p80211_caphdr));
3507 caphdr = (struct p80211_caphdr *)datap;
3509 caphdr->version = htonl(P80211CAPTURE_VERSION);
3510 caphdr->length = htonl(sizeof(struct p80211_caphdr));
3511 caphdr->mactime = __cpu_to_be64(rxdesc->time * 1000);
3512 caphdr->hosttime = __cpu_to_be64(jiffies);
3513 caphdr->phytype = htonl(4); /* dss_dot11_b */
3514 caphdr->channel = htonl(hw->sniff_channel);
3515 caphdr->datarate = htonl(rxdesc->rate);
3516 caphdr->antenna = htonl(0); /* unknown */
3517 caphdr->priority = htonl(0); /* unknown */
3518 caphdr->ssi_type = htonl(3); /* rssi_raw */
3519 caphdr->ssi_signal = htonl(rxdesc->signal);
3520 caphdr->ssi_noise = htonl(rxdesc->silence);
3521 caphdr->preamble = htonl(0); /* unknown */
3522 caphdr->encoding = htonl(1); /* cck */
3525 /* Copy the 802.11 header to the skb
3526 * (ctl frames may be less than a full header)
3528 skb_put_data(skb, &rxdesc->frame_control, hdrlen);
3530 /* If any, copy the data from the card to the skb */
3532 datap = skb_put_data(skb, rxfrm->data, datalen);
3534 /* check for unencrypted stuff if WEP bit set. */
3535 if (*(datap - hdrlen + 1) & 0x40) /* wep set */
3536 if ((*(datap) == 0xaa) && (*(datap + 1) == 0xaa))
3537 /* clear wep; it's the 802.2 header! */
3538 *(datap - hdrlen + 1) &= 0xbf;
3541 if (hw->sniff_fcs) {
3543 datap = skb_put(skb, WLAN_CRC_LEN);
3544 memset(datap, 0xff, WLAN_CRC_LEN);
3547 /* pass it back up */
3548 p80211netdev_rx(wlandev, skb);
3551 /*----------------------------------------------------------------
3552 * hfa384x_usbin_info
3554 * At this point we have a successful received a Prism2 info frame.
3557 * wlandev wlan device
3558 * usbin ptr to the usb transfer buffer
3567 *----------------------------------------------------------------
3569 static void hfa384x_usbin_info(struct wlandevice *wlandev,
3570 union hfa384x_usbin *usbin)
3572 le16_to_cpus(&usbin->infofrm.info.framelen);
3573 prism2sta_ev_info(wlandev, &usbin->infofrm.info);
3576 /*----------------------------------------------------------------
3577 * hfa384x_usbout_callback
3579 * Callback for URBs on the BULKOUT endpoint.
3582 * urb ptr to the completed urb
3591 *----------------------------------------------------------------
3593 static void hfa384x_usbout_callback(struct urb *urb)
3595 struct wlandevice *wlandev = urb->context;
3601 if (wlandev && wlandev->netdev) {
3602 switch (urb->status) {
3604 prism2sta_ev_alloc(wlandev);
3609 struct hfa384x *hw = wlandev->priv;
3611 netdev_warn(hw->wlandev->netdev,
3612 "%s tx pipe stalled: requesting reset\n",
3613 wlandev->netdev->name);
3614 if (!test_and_set_bit
3615 (WORK_TX_HALT, &hw->usb_flags))
3616 schedule_work(&hw->usb_work);
3617 wlandev->netdev->stats.tx_errors++;
3625 struct hfa384x *hw = wlandev->priv;
3627 if (!test_and_set_bit
3628 (THROTTLE_TX, &hw->usb_flags) &&
3629 !timer_pending(&hw->throttle)) {
3630 mod_timer(&hw->throttle,
3631 jiffies + THROTTLE_JIFFIES);
3633 wlandev->netdev->stats.tx_errors++;
3634 netif_stop_queue(wlandev->netdev);
3640 /* Ignorable errors */
3644 netdev_info(wlandev->netdev, "unknown urb->status=%d\n",
3646 wlandev->netdev->stats.tx_errors++;
3652 /*----------------------------------------------------------------
3653 * hfa384x_ctlxout_callback
3655 * Callback for control data on the BULKOUT endpoint.
3658 * urb ptr to the completed urb
3667 *----------------------------------------------------------------
3669 static void hfa384x_ctlxout_callback(struct urb *urb)
3671 struct hfa384x *hw = urb->context;
3672 int delete_resptimer = 0;
3675 struct hfa384x_usbctlx *ctlx;
3676 unsigned long flags;
3678 pr_debug("urb->status=%d\n", urb->status);
3682 if ((urb->status == -ESHUTDOWN) ||
3683 (urb->status == -ENODEV) || !hw)
3687 spin_lock_irqsave(&hw->ctlxq.lock, flags);
3690 * Only one CTLX at a time on the "active" list, and
3691 * none at all if we are unplugged. However, we can
3692 * rely on the disconnect function to clean everything
3693 * up if someone unplugged the adapter.
3695 if (list_empty(&hw->ctlxq.active)) {
3696 spin_unlock_irqrestore(&hw->ctlxq.lock, flags);
3701 * Having something on the "active" queue means
3702 * that we have timers to worry about ...
3704 if (del_timer(&hw->reqtimer) == 0) {
3705 if (hw->req_timer_done == 0) {
3707 * This timer was actually running while we
3708 * were trying to delete it. Let it terminate
3709 * gracefully instead.
3711 spin_unlock_irqrestore(&hw->ctlxq.lock, flags);
3715 hw->req_timer_done = 1;
3718 ctlx = get_active_ctlx(hw);
3720 if (urb->status == 0) {
3721 /* Request portion of a CTLX is successful */
3722 switch (ctlx->state) {
3723 case CTLX_REQ_SUBMITTED:
3724 /* This OUT-ACK received before IN */
3725 ctlx->state = CTLX_REQ_COMPLETE;
3728 case CTLX_RESP_COMPLETE:
3729 /* IN already received before this OUT-ACK,
3730 * so this command must now be complete.
3732 ctlx->state = CTLX_COMPLETE;
3733 unlocked_usbctlx_complete(hw, ctlx);
3738 /* This is NOT a valid CTLX "success" state! */
3739 netdev_err(hw->wlandev->netdev,
3740 "Illegal CTLX[%d] success state(%s, %d) in OUT URB\n",
3741 le16_to_cpu(ctlx->outbuf.type),
3742 ctlxstr(ctlx->state), urb->status);
3746 /* If the pipe has stalled then we need to reset it */
3747 if ((urb->status == -EPIPE) &&
3748 !test_and_set_bit(WORK_TX_HALT, &hw->usb_flags)) {
3749 netdev_warn(hw->wlandev->netdev,
3750 "%s tx pipe stalled: requesting reset\n",
3751 hw->wlandev->netdev->name);
3752 schedule_work(&hw->usb_work);
3755 /* If someone cancels the OUT URB then its status
3756 * should be either -ECONNRESET or -ENOENT.
3758 ctlx->state = CTLX_REQ_FAILED;
3759 unlocked_usbctlx_complete(hw, ctlx);
3760 delete_resptimer = 1;
3765 if (delete_resptimer) {
3766 timer_ok = del_timer(&hw->resptimer);
3768 hw->resp_timer_done = 1;
3771 spin_unlock_irqrestore(&hw->ctlxq.lock, flags);
3773 if (!timer_ok && (hw->resp_timer_done == 0)) {
3774 spin_lock_irqsave(&hw->ctlxq.lock, flags);
3779 hfa384x_usbctlxq_run(hw);
3782 /*----------------------------------------------------------------
3783 * hfa384x_usbctlx_reqtimerfn
3785 * Timer response function for CTLX request timeouts. If this
3786 * function is called, it means that the callback for the OUT
3787 * URB containing a Prism2.x XXX_Request was never called.
3790 * data a ptr to the struct hfa384x
3799 *----------------------------------------------------------------
3801 static void hfa384x_usbctlx_reqtimerfn(unsigned long data)
3803 struct hfa384x *hw = (struct hfa384x *)data;
3804 unsigned long flags;
3806 spin_lock_irqsave(&hw->ctlxq.lock, flags);
3808 hw->req_timer_done = 1;
3810 /* Removing the hardware automatically empties
3811 * the active list ...
3813 if (!list_empty(&hw->ctlxq.active)) {
3815 * We must ensure that our URB is removed from
3816 * the system, if it hasn't already expired.
3818 hw->ctlx_urb.transfer_flags |= URB_ASYNC_UNLINK;
3819 if (usb_unlink_urb(&hw->ctlx_urb) == -EINPROGRESS) {
3820 struct hfa384x_usbctlx *ctlx = get_active_ctlx(hw);
3822 ctlx->state = CTLX_REQ_FAILED;
3824 /* This URB was active, but has now been
3825 * cancelled. It will now have a status of
3826 * -ECONNRESET in the callback function.
3828 * We are cancelling this CTLX, so we're
3829 * not going to need to wait for a response.
3830 * The URB's callback function will check
3831 * that this timer is truly dead.
3833 if (del_timer(&hw->resptimer) != 0)
3834 hw->resp_timer_done = 1;
3838 spin_unlock_irqrestore(&hw->ctlxq.lock, flags);
3841 /*----------------------------------------------------------------
3842 * hfa384x_usbctlx_resptimerfn
3844 * Timer response function for CTLX response timeouts. If this
3845 * function is called, it means that the callback for the IN
3846 * URB containing a Prism2.x XXX_Response was never called.
3849 * data a ptr to the struct hfa384x
3858 *----------------------------------------------------------------
3860 static void hfa384x_usbctlx_resptimerfn(unsigned long data)
3862 struct hfa384x *hw = (struct hfa384x *)data;
3863 unsigned long flags;
3865 spin_lock_irqsave(&hw->ctlxq.lock, flags);
3867 hw->resp_timer_done = 1;
3869 /* The active list will be empty if the
3870 * adapter has been unplugged ...
3872 if (!list_empty(&hw->ctlxq.active)) {
3873 struct hfa384x_usbctlx *ctlx = get_active_ctlx(hw);
3875 if (unlocked_usbctlx_cancel_async(hw, ctlx) == 0) {
3876 spin_unlock_irqrestore(&hw->ctlxq.lock, flags);
3877 hfa384x_usbctlxq_run(hw);
3881 spin_unlock_irqrestore(&hw->ctlxq.lock, flags);
3884 /*----------------------------------------------------------------
3885 * hfa384x_usb_throttlefn
3898 *----------------------------------------------------------------
3900 static void hfa384x_usb_throttlefn(unsigned long data)
3902 struct hfa384x *hw = (struct hfa384x *)data;
3903 unsigned long flags;
3905 spin_lock_irqsave(&hw->ctlxq.lock, flags);
3908 * We need to check BOTH the RX and the TX throttle controls,
3909 * so we use the bitwise OR instead of the logical OR.
3911 pr_debug("flags=0x%lx\n", hw->usb_flags);
3912 if (!hw->wlandev->hwremoved &&
3913 ((test_and_clear_bit(THROTTLE_RX, &hw->usb_flags) &&
3914 !test_and_set_bit(WORK_RX_RESUME, &hw->usb_flags)) |
3915 (test_and_clear_bit(THROTTLE_TX, &hw->usb_flags) &&
3916 !test_and_set_bit(WORK_TX_RESUME, &hw->usb_flags))
3918 schedule_work(&hw->usb_work);
3921 spin_unlock_irqrestore(&hw->ctlxq.lock, flags);
3924 /*----------------------------------------------------------------
3925 * hfa384x_usbctlx_submit
3927 * Called from the doxxx functions to submit a CTLX to the queue
3930 * hw ptr to the hw struct
3931 * ctlx ctlx structure to enqueue
3934 * -ENODEV if the adapter is unplugged
3940 * process or interrupt
3941 *----------------------------------------------------------------
3943 static int hfa384x_usbctlx_submit(struct hfa384x *hw,
3944 struct hfa384x_usbctlx *ctlx)
3946 unsigned long flags;
3948 spin_lock_irqsave(&hw->ctlxq.lock, flags);
3950 if (hw->wlandev->hwremoved) {
3951 spin_unlock_irqrestore(&hw->ctlxq.lock, flags);
3955 ctlx->state = CTLX_PENDING;
3956 list_add_tail(&ctlx->list, &hw->ctlxq.pending);
3957 spin_unlock_irqrestore(&hw->ctlxq.lock, flags);
3958 hfa384x_usbctlxq_run(hw);
3963 /*----------------------------------------------------------------
3964 * hfa384x_isgood_pdrcore
3966 * Quick check of PDR codes.
3969 * pdrcode PDR code number (host order)
3978 *----------------------------------------------------------------
3980 static int hfa384x_isgood_pdrcode(u16 pdrcode)
3983 case HFA384x_PDR_END_OF_PDA:
3984 case HFA384x_PDR_PCB_PARTNUM:
3985 case HFA384x_PDR_PDAVER:
3986 case HFA384x_PDR_NIC_SERIAL:
3987 case HFA384x_PDR_MKK_MEASUREMENTS:
3988 case HFA384x_PDR_NIC_RAMSIZE:
3989 case HFA384x_PDR_MFISUPRANGE:
3990 case HFA384x_PDR_CFISUPRANGE:
3991 case HFA384x_PDR_NICID:
3992 case HFA384x_PDR_MAC_ADDRESS:
3993 case HFA384x_PDR_REGDOMAIN:
3994 case HFA384x_PDR_ALLOWED_CHANNEL:
3995 case HFA384x_PDR_DEFAULT_CHANNEL:
3996 case HFA384x_PDR_TEMPTYPE:
3997 case HFA384x_PDR_IFR_SETTING:
3998 case HFA384x_PDR_RFR_SETTING:
3999 case HFA384x_PDR_HFA3861_BASELINE:
4000 case HFA384x_PDR_HFA3861_SHADOW:
4001 case HFA384x_PDR_HFA3861_IFRF:
4002 case HFA384x_PDR_HFA3861_CHCALSP:
4003 case HFA384x_PDR_HFA3861_CHCALI:
4004 case HFA384x_PDR_3842_NIC_CONFIG:
4005 case HFA384x_PDR_USB_ID:
4006 case HFA384x_PDR_PCI_ID:
4007 case HFA384x_PDR_PCI_IFCONF:
4008 case HFA384x_PDR_PCI_PMCONF:
4009 case HFA384x_PDR_RFENRGY:
4010 case HFA384x_PDR_HFA3861_MANF_TESTSP:
4011 case HFA384x_PDR_HFA3861_MANF_TESTI:
4015 if (pdrcode < 0x1000) {
4016 /* code is OK, but we don't know exactly what it is */
4017 pr_debug("Encountered unknown PDR#=0x%04x, assuming it's ok.\n",
4024 pr_debug("Encountered unknown PDR#=0x%04x, (>=0x1000), assuming it's bad.\n",
projects / releases.git / blob